IOC Report
kent.ps1

loading gif

Files

File Path
Type
Category
Malicious
kent.ps1
ASCII text, with very long lines (57417), with CRLF line terminators
initial sample
 malicious
C:\Users\user\AppData\Local\Temp\JXCJKXCJHKJHXCJHKXCXCJHK.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\JXCJKXCJHKJHXCJHKXCXCJHK.exe.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\TmpUserData\Crashpad\throttle_store.dat
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\TmpUserData\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\TmpUserData\Default\Secure Preferences
JSON data
dropped
C:\Users\user\AppData\Local\Temp\TmpUserData\Local State
JSON data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ctwee1hh.qvq.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d2y5vvtp.sbn.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\bhvB707.tmp
Extensible storage user DataBase, version 0x620, checksum 0x78526e4d, page size 32768, DirtyShutdown, Windows version 10.0
dropped
C:\Users\user\AppData\Local\Temp\gogzsxemgwpfijwqnpyiza
Unicode text, UTF-16, little-endian text, with no line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\G85X7YIT4U8UC9WYHRFP.temp
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms (copy)
data
dropped
There are 5 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\kent.ps1"
 malicious
C:\Users\user\AppData\Local\Temp\JXCJKXCJHKJHXCJHKXCXCJHK.exe
"C:\Users\user\AppData\Local\Temp\JXCJKXCJHKJHXCJHKXCXCJHK.exe"
malicious
C:\Users\user\AppData\Local\Temp\JXCJKXCJHKJHXCJHKXCXCJHK.exe
"C:\Users\user\AppData\Local\Temp\JXCJKXCJHKJHXCJHKXCXCJHK.exe"
 malicious
C:\Users\user\AppData\Local\Temp\JXCJKXCJHKJHXCJHKXCXCJHK.exe
"C:\Users\user\AppData\Local\Temp\JXCJKXCJHKJHXCJHKXCXCJHK.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
--user-data-dir=C:\Users\user\AppData\Local\Temp\TmpUserData --headless --remote-debugging-port=9222 --profile-directory="Default"
 malicious
C:\Windows\SysWOW64\recover.exe
C:\Windows\SysWOW64\recover.exe /stext "C:\Users\user\AppData\Local\Temp\gogzsxemgwpfijwqnpyiza"
 malicious
C:\Windows\SysWOW64\recover.exe
C:\Windows\SysWOW64\recover.exe /stext "C:\Users\user\AppData\Local\Temp\iqlksqofuehskykceakkkmhvt"
 malicious
C:\Windows\SysWOW64\recover.exe
C:\Windows\SysWOW64\recover.exe /stext "C:\Users\user\AppData\Local\Temp\tkrctizhimzxveggnlfdvrbmcaxfu"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\Chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --no-pre-read-main-dll --field-trial-handle=1924,i,6628952054718136810,6517183660532382401,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=2148 /prefetch:3
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Users\user\Desktop\kent.ps1"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
--user-data-dir=C:\Users\user\AppData\Local\Temp\TmpUserData --headless --remote-debugging-port=9222 --profile-directory="Default"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1940 --field-trial-handle=1492,i,17985677580738979378,15190004238409929913,262144 --disable-features=PaintHolding /prefetch:3
There are 3 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://nuget.org/NuGet.exe
unknown
http://www.imvu.comr
unknown
http://pesterbdd.com/images/Pester.png
unknown
http://www.apache.org/licenses/LICENSE-2.0.html
unknown
http://www.imvu.compData
unknown
http://geoplugin.net/json.gpp
unknown
https://contoso.com/License
unknown
http://176.65.144.3
unknown
http://www.imvu.com
unknown
https://contoso.com/Icon
unknown
http://176.65.144.3/dev/kent.exe
176.65.144.3
http://www.nirsoft.net
unknown
http://geoplugin.net/json.gpy
unknown
https://github.com/Pester/Pester
unknown
http://176.65.144.3/dev/kent.exeP
unknown
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
unknown
http://geoplugin.net/json.gp
178.237.33.50
https://www.google.com
unknown
http://crl.micro
unknown
http://geoplugin.net/json.gp/C
unknown
https://aka.ms/pscore6lB
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
https://www.google.com/accounts/servicelogin
unknown
https://login.yahoo.com/config/login
unknown
http://www.nirsoft.net/
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
http://www.ebuddy.com
unknown
There are 18 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
geoplugin.net
178.237.33.50
googlehosted.l.googleusercontent.com
216.58.206.33
clients2.googleusercontent.com
unknown

IPs

IP
Domain
Country
Malicious
196.251.69.63
unknown
Seychelles
malicious
192.168.2.6
unknown
unknown
malicious
176.65.144.3
unknown
Germany
216.58.206.33
googlehosted.l.googleusercontent.com
United States
178.237.33.50
geoplugin.net
Netherlands
127.0.0.1
unknown
unknown

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Rmc-U6XQL5
exepath
 malicious
HKEY_CURRENT_USER\SOFTWARE\Rmc-U6XQL5
licence
 malicious
HKEY_CURRENT_USER\SOFTWARE\Rmc-U6XQL5
time
 malicious
HKEY_CURRENT_USER\SOFTWARE\Rmc-U6XQL5
UID
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fWindowsOnlyEOL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fPasteOriginalEOL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fReverse
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fWrapAround
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fMatchCase
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JXCJKXCJHKJHXCJHKXCXCJHK_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JXCJKXCJHKJHXCJHKXCXCJHK_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JXCJKXCJHKJHXCJHKXCXCJHK_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JXCJKXCJHKJHXCJHKXCXCJHK_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JXCJKXCJHKJHXCJHKXCXCJHK_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JXCJKXCJHKJHXCJHKXCXCJHK_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JXCJKXCJHKJHXCJHKXCXCJHK_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JXCJKXCJHKJHXCJHKXCXCJHK_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JXCJKXCJHKJHXCJHKXCXCJHK_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JXCJKXCJHKJHXCJHKXCXCJHK_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JXCJKXCJHKJHXCJHKXCXCJHK_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JXCJKXCJHKJHXCJHKXCXCJHK_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JXCJKXCJHKJHXCJHKXCXCJHK_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JXCJKXCJHKJHXCJHKXCXCJHK_RASMANCS
FileDirectory
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
dr
There are 19 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
400000
system
page execute and read and write
 malicious
1558000
heap
page read and write
 malicious
400000
remote allocation
page execute and read and write
 malicious
4839000
trusted library allocation
page read and write
 malicious
49C0000
unclassified section
page execute and read and write
 malicious
4759000
trusted library allocation
page read and write
 malicious
1F4C46A8000
heap
page read and write
1350000
heap
page read and write
28F5000
heap
page read and write
819C000
stack
page read and write
4FB1000
heap
page read and write
3F55000
trusted library allocation
page read and write
4FB1000
heap
page read and write
1F4C46AC000
heap
page read and write
4AE6000
heap
page read and write
5310000
trusted library allocation
page read and write
4B6A000
heap
page read and write
1F4C46C2000
heap
page read and write
1F4C46A8000
heap
page read and write
904000
heap
page read and write
1F4C46B5000
heap
page read and write
904000
heap
page read and write
1F4C46B3000
heap
page read and write
4AFA000
heap
page read and write
174F000
stack
page read and write
58E3000
trusted library allocation
page read and write
4B0F000
heap
page read and write
4AD1000
heap
page read and write
1F4C46AA000
heap
page read and write
2EF4000
heap
page read and write
1F4C46AA000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C46C2000
heap
page read and write
1F4C46A8000
heap
page read and write
4AD1000
heap
page read and write
12BD000
heap
page read and write
1002B000
direct allocation
page execute and read and write
3309000
heap
page read and write
2EF5000
heap
page read and write
1F4C46B7000
heap
page read and write
4AD1000
heap
page read and write
3309000
heap
page read and write
1F4C7D50000
trusted library allocation
page read and write
4AB0000
heap
page read and write
474E000
stack
page read and write
1F4C46B5000
heap
page read and write
1F4C46B5000
heap
page read and write
4B16000
heap
page read and write
1F4C46AC000
heap
page read and write
4AEE000
heap
page read and write
1F4C46AC000
heap
page read and write
4AEE000
heap
page read and write
1F4C46B5000
heap
page read and write
4AE1000
direct allocation
page execute and read and write
1F4C46B7000
heap
page read and write
1F4C46B5000
heap
page read and write
4AF1000
heap
page read and write
4AD0000
heap
page read and write
1F4C46B3000
heap
page read and write
900000
heap
page read and write
1F4C46B5000
heap
page read and write
4AEE000
heap
page read and write
1F4C46AC000
heap
page read and write
6DA0000
heap
page execute and read and write
1F4C46B3000
heap
page read and write
1F4C46B7000
heap
page read and write
1F4C46AC000
heap
page read and write
1F4C46B5000
heap
page read and write
13D0000
heap
page read and write
1F4C46AC000
heap
page read and write
1F4C46C2000
heap
page read and write
1F4C46A8000
heap
page read and write
4A89000
trusted library allocation
page read and write
3E6E000
stack
page read and write
1F4C46C2000
heap
page read and write
1F4C46B7000
heap
page read and write
4B0A000
heap
page read and write
2EF5000
heap
page read and write
1F4C46C2000
heap
page read and write
4B0A000
heap
page read and write
B40000
heap
page readonly
4AFA000
heap
page read and write
9D0000
heap
page read and write
1F4C46C2000
heap
page read and write
32BF000
stack
page read and write
4B0E000
heap
page read and write
1550000
heap
page read and write
145B000
trusted library allocation
page execute and read and write
28E6000
heap
page read and write
1F4C46AC000
heap
page read and write
1F4C46C2000
heap
page read and write
1F4C46B3000
heap
page read and write
4AE0000
heap
page read and write
1F4C46A8000
heap
page read and write
1F4C46C2000
heap
page read and write
4AE6000
heap
page read and write
4FB1000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C46AA000
heap
page read and write
1F4C46AC000
heap
page read and write
4AE5000
heap
page read and write
512E000
stack
page read and write
167E000
stack
page read and write
1F4C46AC000
heap
page read and write
1F4C46B3000
heap
page read and write
1F4C46C2000
heap
page read and write
1F4C46B7000
heap
page read and write
810000
heap
page read and write
15F0000
heap
page execute and read and write
1F4C46C2000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C46C2000
heap
page read and write
C52000
unkown
page execute and read and write
1F4C46C2000
heap
page read and write
1F4C46B5000
heap
page read and write
4FB1000
heap
page read and write
4AD1000
heap
page read and write
4AF1000
heap
page read and write
4AED000
heap
page read and write
1F4C46A8000
heap
page read and write
7BEF000
stack
page read and write
1F4C46A8000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C46AE000
heap
page read and write
2FCC000
trusted library allocation
page read and write
4AD9000
heap
page read and write
2EF0000
heap
page read and write
1F4C46B3000
heap
page read and write
1F4C46C2000
heap
page read and write
5881000
trusted library allocation
page read and write
4AF1000
heap
page read and write
1F4C46AE000
heap
page read and write
9AE000
stack
page read and write
2CFD000
heap
page read and write
1F4C46C2000
heap
page read and write
B30000
heap
page read and write
1F4C46B5000
heap
page read and write
15D0000
trusted library allocation
page read and write
4461000
heap
page read and write
1F4C46B5000
heap
page read and write
4AEE000
heap
page read and write
1F4C46C2000
heap
page read and write
1F4C46C2000
heap
page read and write
58A9000
trusted library allocation
page read and write
2EF4000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C46AE000
heap
page read and write
1F4C46AC000
heap
page read and write
6E43000
heap
page read and write
4FB1000
heap
page read and write
4B0E000
heap
page read and write
4AF1000
heap
page read and write
2EF5000
heap
page read and write
1F4C46AC000
heap
page read and write
1F4C46B3000
heap
page read and write
1F4C46A8000
heap
page read and write
1F4C46A8000
heap
page read and write
2F9D000
heap
page read and write
1F4C46AC000
heap
page read and write
1F4C46B3000
heap
page read and write
1F4C46B5000
heap
page read and write
2BE0000
heap
page read and write
AAC000
stack
page read and write
1F4C46A8000
heap
page read and write
1F4C46A8000
heap
page read and write
1F4C46A8000
heap
page read and write
32EF000
stack
page read and write
1F4C46C2000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C46B7000
heap
page read and write
6D0F000
stack
page read and write
1F4C4500000
heap
page read and write
1F4C46AA000
heap
page read and write
45E000
system
page execute and read and write
7C16000
trusted library allocation
page read and write
1F4C46AC000
heap
page read and write
1F4C46B3000
heap
page read and write
2EF4000
heap
page read and write
2EF4000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C46AC000
heap
page read and write
2F5F000
trusted library allocation
page read and write
1F4C46A8000
heap
page read and write
2EF5000
heap
page read and write
4AD5000
heap
page read and write
1F4C46B5000
heap
page read and write
4B19000
heap
page read and write
1F4C46B5000
heap
page read and write
4B0C000
heap
page read and write
802E000
stack
page read and write
163D000
heap
page read and write
1F4C46C2000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C46AC000
heap
page read and write
1F4C46B7000
heap
page read and write
1F4C46B3000
heap
page read and write
1F4C46C2000
heap
page read and write
1F4C46AC000
heap
page read and write
15D7000
heap
page read and write
1F4C46B7000
heap
page read and write
4AF1000
heap
page read and write
324F000
stack
page read and write
4B4C000
heap
page read and write
1F4C46C2000
heap
page read and write
1F4C4638000
heap
page read and write
1F4C46C2000
heap
page read and write
1F4C46AA000
heap
page read and write
1F4C46A8000
heap
page read and write
1F4C46C2000
heap
page read and write
1F4C46AE000
heap
page read and write
1F4C46A8000
heap
page read and write
1F4C6040000
heap
page read and write
6E5B000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C46AE000
heap
page read and write
6EBB000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C46AC000
heap
page read and write
1F4C46C2000
heap
page read and write
4B13000
heap
page read and write
317E000
stack
page read and write
1F4C46B3000
heap
page read and write
7D10000
heap
page read and write
6EC7000
heap
page read and write
10000000
direct allocation
page read and write
45C0000
trusted library allocation
page read and write
2EF4000
heap
page read and write
1F4C46A8000
heap
page read and write
7EAF000
stack
page read and write
1F4C46A8000
heap
page read and write
16A0000
heap
page read and write
10032000
direct allocation
page execute and read and write
1F4C46B5000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C60B5000
heap
page read and write
1F4C46B3000
heap
page read and write
4AF1000
heap
page read and write
1F4C46B3000
heap
page read and write
7210000
trusted library allocation
page read and write
1F4C46C2000
heap
page read and write
1F4C46AC000
heap
page read and write
4FB1000
heap
page read and write
1480000
trusted library allocation
page execute and read and write
1F4C46B5000
heap
page read and write
1F4C5FA0000
trusted library allocation
page read and write
1F4C46B5000
heap
page read and write
1F4C46B5000
heap
page read and write
23E0000
heap
page read and write
ABF000
stack
page read and write
1F4C46B5000
heap
page read and write
1F4C46B3000
heap
page read and write
71D0000
trusted library allocation
page read and write
1F4C46B3000
heap
page read and write
2EF4000
heap
page read and write
1F4C46B3000
heap
page read and write
7CBE000
stack
page read and write
4ADC000
heap
page read and write
4AF3000
heap
page read and write
1F4C46A8000
heap
page read and write
4AE5000
heap
page read and write
1F4C46C2000
heap
page read and write
1F4C46B5000
heap
page read and write
4AE6000
heap
page read and write
1F4C46B3000
heap
page read and write
4A34000
unclassified section
page execute and read and write
1F4C46A8000
heap
page read and write
2F80000
heap
page read and write
1F4C46B3000
heap
page read and write
4FB0000
heap
page read and write
2E3D000
stack
page read and write
1F4C46AC000
heap
page read and write
1F4C46B3000
heap
page read and write
8AD0000
heap
page read and write
4AE5000
heap
page read and write
4B15000
heap
page read and write
1F4C46AE000
heap
page read and write
BC0000
heap
page readonly
441D000
heap
page read and write
1F4C46B3000
heap
page read and write
1F4C46AE000
heap
page read and write
1F4C46AE000
heap
page read and write
44A3000
heap
page read and write
1F4C46B3000
heap
page read and write
1F4C46C2000
heap
page read and write
4AE6000
heap
page read and write
A8C000
stack
page read and write
4ADC000
heap
page read and write
470C000
stack
page read and write
4AE5000
heap
page read and write
4A1E000
unclassified section
page execute and read and write
1F4C46B5000
heap
page read and write
49E1000
heap
page read and write
C52000
unkown
page readonly
4ADC000
heap
page read and write
1F4C46C2000
heap
page read and write
418E000
stack
page read and write
1423000
trusted library allocation
page execute and read and write
1F4C46B5000
heap
page read and write
1F4C46B3000
heap
page read and write
904000
heap
page read and write
4AF3000
heap
page read and write
71B0000
trusted library allocation
page read and write
1F4C46AE000
heap
page read and write
2EF4000
heap
page read and write
2EF4000
heap
page read and write
270E000
stack
page read and write
1F4C46C2000
heap
page read and write
1F4C46C2000
heap
page read and write
48DA000
trusted library allocation
page read and write
1F4C46C2000
heap
page read and write
3300000
heap
page read and write
2850000
heap
page read and write
1F4C46C2000
heap
page read and write
1F4C46C2000
heap
page read and write
6FD9F000
unkown
page readonly
7D00000
heap
page read and write
1F4C46A8000
heap
page read and write
4AFA000
heap
page read and write
1F4C46B7000
heap
page read and write
160F000
heap
page read and write
1F4C46C2000
heap
page read and write
816E000
stack
page read and write
1F4C46A8000
heap
page read and write
1490000
heap
page read and write
1F4C46C2000
heap
page read and write
1F4C46C2000
heap
page read and write
2954000
heap
page read and write
1F4C46B3000
heap
page read and write
1600000
trusted library allocation
page read and write
1F4C46B3000
heap
page read and write
12B3000
heap
page read and write
4AFA000
heap
page read and write
1F4C46AA000
heap
page read and write
4AEE000
heap
page read and write
1F4C46B3000
heap
page read and write
4AF1000
heap
page read and write
3F51000
trusted library allocation
page read and write
2961000
heap
page read and write
6ED5000
heap
page read and write
904000
heap
page read and write
904000
heap
page read and write
1F4C46B3000
heap
page read and write
33E0000
heap
page read and write
1F4C46AE000
heap
page read and write
4AD9000
heap
page read and write
1F4C4680000
heap
page read and write
1F4C5ED0000
heap
page read and write
1F4C46AC000
heap
page read and write
33E3000
heap
page read and write
4B26000
heap
page read and write
1F4C46AA000
heap
page read and write
4F2E000
stack
page read and write
14B0000
heap
page read and write
1F4C46B7000
heap
page read and write
6EB2000
heap
page read and write
1F4C46A8000
heap
page read and write
1F4C46AC000
heap
page read and write
1F4C46B7000
heap
page read and write
1F4C46C2000
heap
page read and write
1F4C46AC000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C46AC000
heap
page read and write
6E54000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C46B7000
heap
page read and write
4AB0000
unclassified section
page execute and read and write
1F4C46AC000
heap
page read and write
1F4C46C2000
heap
page read and write
4AE5000
heap
page read and write
2EF4000
heap
page read and write
10030000
direct allocation
page execute and read and write
1F4C46A8000
heap
page read and write
1F4C46AC000
heap
page read and write
1F4C46AC000
heap
page read and write
45E5000
trusted library allocation
page execute and read and write
1F4C46B5000
heap
page read and write
7200000
trusted library allocation
page read and write
1F4C46B3000
heap
page read and write
1F4C46AA000
heap
page read and write
BCF000
stack
page read and write
1F4C46AC000
heap
page read and write
4AD9000
heap
page read and write
1F4C46AE000
heap
page read and write
4FB8000
heap
page read and write
1F4C46B5000
heap
page read and write
10033000
direct allocation
page read and write
1F4C46B5000
heap
page read and write
AFC000
stack
page read and write
1F4C46B5000
heap
page read and write
274E000
stack
page read and write
1F4C46C2000
heap
page read and write
1F4C46C2000
heap
page read and write
4FB1000
heap
page read and write
1F4C46C2000
heap
page read and write
1F4C46B5000
heap
page read and write
4AFE000
heap
page read and write
4AD1000
heap
page read and write
7D20000
heap
page read and write
1F4C46B3000
heap
page read and write
1F4C46A8000
heap
page read and write
45B3000
trusted library allocation
page execute and read and write
1F4C46B5000
heap
page read and write
1F4C46C2000
heap
page read and write
94E000
stack
page read and write
122A000
heap
page read and write
904000
heap
page read and write
2CFD000
heap
page read and write
4AF1000
heap
page read and write
1060000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C46B5000
heap
page read and write
2FD5000
trusted library allocation
page read and write
4B04000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C46C2000
heap
page read and write
4AD1000
heap
page read and write
2368000
stack
page read and write
904000
heap
page read and write
1F4C46C2000
heap
page read and write
13B0000
heap
page read and write
2EF4000
heap
page read and write
1F4C46AC000
heap
page read and write
1F4C46B5000
heap
page read and write
4AFA000
heap
page read and write
89CE000
stack
page read and write
1F4C46A8000
heap
page read and write
5310000
trusted library allocation
page read and write
2C60000
heap
page read and write
884E000
stack
page read and write
4AFA000
heap
page read and write
1F4C46AA000
heap
page read and write
4B6A000
heap
page read and write
1615000
heap
page read and write
1F4C46B3000
heap
page read and write
1F4C46AC000
heap
page read and write
4AEE000
heap
page read and write
1F4C46C2000
heap
page read and write
1F4C46AA000
heap
page read and write
1F4C46A8000
heap
page read and write
4ACB000
unclassified section
page execute and read and write
1F4C46A8000
heap
page read and write
1F4C46AC000
heap
page read and write
4AF1000
heap
page read and write
4AD1000
heap
page read and write
1F4C46A8000
heap
page read and write
1F4C46AC000
heap
page read and write
1F4C46AC000
heap
page read and write
1F4C46C2000
heap
page read and write
1F4C46C2000
heap
page read and write
F9C000
stack
page read and write
DF9000
stack
page read and write
1F4C46AE000
heap
page read and write
1F4C46A8000
heap
page read and write
1F4C46AC000
heap
page read and write
4AFC000
heap
page read and write
1F4C46B5000
heap
page read and write
6E8B000
heap
page read and write
6C4E000
stack
page read and write
1F4C46B5000
heap
page read and write
1F4C46AC000
heap
page read and write
4AF4000
heap
page read and write
4AFA000
heap
page read and write
45A8000
heap
page read and write
1F4C46AA000
heap
page read and write
1F4C46AC000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C46C2000
heap
page read and write
2CF3000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C46AA000
heap
page read and write
474000
system
page execute and read and write
4AE8000
heap
page read and write
1F4C46AE000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C46AA000
heap
page read and write
4B0E000
heap
page read and write
1F4C46C2000
heap
page read and write
1F4C46B5000
heap
page read and write
7AEE000
stack
page read and write
312E000
stack
page read and write
4AE5000
heap
page read and write
314E000
stack
page read and write
7230000
trusted library allocation
page read and write
1F4C60BC000
heap
page read and write
2F20000
trusted library allocation
page read and write
950000
heap
page read and write
713D000
stack
page read and write
4AEE000
heap
page read and write
1F4C46AC000
heap
page read and write
7DAD000
stack
page read and write
4668000
trusted library allocation
page read and write
1F4C46B3000
heap
page read and write
1F4C46B3000
heap
page read and write
7FEE000
stack
page read and write
1F4C67A0000
heap
page read and write
1F4C46AC000
heap
page read and write
6A90000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C46C2000
heap
page read and write
4AEE000
heap
page read and write
4FB1000
heap
page read and write
1F4C46AC000
heap
page read and write
1F4C46B3000
heap
page read and write
5320000
trusted library allocation
page read and write
AA7000
stack
page read and write
4AE5000
heap
page read and write
2F4E000
stack
page read and write
12DA000
heap
page read and write
15B4000
heap
page read and write
4B2A000
heap
page read and write
1F4C46B5000
heap
page read and write
144A000
trusted library allocation
page execute and read and write
6CCE000
stack
page read and write
1F4C46AC000
heap
page read and write
1F4C46AE000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C46AA000
heap
page read and write
4AEE000
heap
page read and write
47D5000
heap
page execute and read and write
4AE5000
heap
page read and write
1F4C46C2000
heap
page read and write
6C8F000
stack
page read and write
152E000
stack
page read and write
1F4C46C2000
heap
page read and write
1F4C46B3000
heap
page read and write
2FFA000
trusted library allocation
page read and write
1F4C46AE000
heap
page read and write
4A40000
unclassified section
page execute and read and write
4AE1000
heap
page read and write
7CFF000
stack
page read and write
15E0000
trusted library allocation
page read and write
1F4C46C2000
heap
page read and write
5310000
trusted library allocation
page read and write
1F4C46AC000
heap
page read and write
1587000
heap
page read and write
2856000
heap
page read and write
2EF5000
heap
page read and write
7021000
trusted library allocation
page read and write
1F4C46B7000
heap
page read and write
1F4C46B3000
heap
page read and write
1F4C46A8000
heap
page read and write
1F4C46B5000
heap
page read and write
2EF4000
heap
page read and write
4B2A000
heap
page read and write
4AF1000
heap
page read and write
1F4C46B7000
heap
page read and write
71E0000
trusted library allocation
page read and write
1F4C46B5000
heap
page read and write
1F4C46B3000
heap
page read and write
1F4C46C2000
heap
page read and write
1F4C46AC000
heap
page read and write
2EF4000
heap
page read and write
693E000
stack
page read and write
1F4C46B5000
heap
page read and write
1F4C46A8000
heap
page read and write
904000
heap
page read and write
4ADC000
heap
page read and write
1F4C46C2000
heap
page read and write
8F0000
heap
page readonly
79AE000
stack
page read and write
1F4C46A8000
heap
page read and write
1F4C46C2000
heap
page read and write
1F4C46A8000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C46C2000
heap
page read and write
1F4C46AC000
heap
page read and write
1F4C46AA000
heap
page read and write
1F4C46AC000
heap
page read and write
1F4C46A8000
heap
page read and write
4AD9000
heap
page read and write
6FD9D000
unkown
page read and write
1F4C46AA000
heap
page read and write
1F4C46AC000
heap
page read and write
1F4C46A8000
heap
page read and write
1450000
trusted library allocation
page read and write
2EF4000
heap
page read and write
4FB1000
heap
page read and write
1F4C46C2000
heap
page read and write
2EF5000
heap
page read and write
1F4C46C2000
heap
page read and write
4AD9000
heap
page read and write
1F4C46A8000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C46AC000
heap
page read and write
1F4C45E0000
heap
page read and write
27EF000
stack
page read and write
1F4C46A8000
heap
page read and write
904000
heap
page read and write
2E9B000
heap
page read and write
4B0A000
heap
page read and write
1F4C46A8000
heap
page read and write
1F4C46C2000
heap
page read and write
4EF4000
heap
page read and write
4AF1000
heap
page read and write
1F4C46C2000
heap
page read and write
1F4C46AC000
heap
page read and write
1F4C6043000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C46C2000
heap
page read and write
1F4C46B3000
heap
page read and write
1F4C4685000
heap
page read and write
1F4C46A8000
heap
page read and write
1F4C46C2000
heap
page read and write
4FB1000
heap
page read and write
1F4C46B5000
heap
page read and write
4AF1000
heap
page read and write
2E88000
heap
page read and write
1F4C46B3000
heap
page read and write
47BE000
stack
page read and write
1F4C46AE000
heap
page read and write
1F4C466F000
heap
page read and write
1F4C46B7000
heap
page read and write
4AEE000
heap
page read and write
1F4C46B5000
heap
page read and write
58E9000
trusted library allocation
page read and write
1F4C46AA000
heap
page read and write
1F4C46B3000
heap
page read and write
4AF1000
heap
page read and write
1F4C46A8000
heap
page read and write
4AD1000
heap
page read and write
1140000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C46B3000
heap
page read and write
2958000
heap
page read and write
1F4C46C2000
heap
page read and write
4AF1000
heap
page read and write
330A000
heap
page read and write
1F4C46AC000
heap
page read and write
7010000
trusted library allocation
page read and write
1F4C46B7000
heap
page read and write
1F4C46B5000
heap
page read and write
4425000
heap
page read and write
1F4C46B3000
heap
page read and write
4AF1000
heap
page read and write
4AE0000
heap
page read and write
1F4C46B5000
heap
page read and write
904000
heap
page read and write
4AF1000
heap
page read and write
4AD1000
heap
page read and write
1F4C46AC000
heap
page read and write
4ADC000
heap
page read and write
1F4C46C2000
heap
page read and write
4B20000
heap
page read and write
1F4C46AA000
heap
page read and write
1F4C46AC000
heap
page read and write
1F4C46B5000
heap
page read and write
5310000
heap
page read and write
1F4C46A8000
heap
page read and write
4AE6000
heap
page read and write
9F5000
heap
page read and write
33EF000
stack
page read and write
1F4C46AE000
heap
page read and write
1F4C46C2000
heap
page read and write
7C60000
trusted library allocation
page read and write
898F000
stack
page read and write
4AF1000
heap
page read and write
1F4C46B3000
heap
page read and write
1F4C46AC000
heap
page read and write
2948000
heap
page read and write
2F5B000
trusted library allocation
page read and write
1F4C46AE000
heap
page read and write
1F4C46B5000
heap
page read and write
46CE000
stack
page read and write
7040000
trusted library allocation
page read and write
4B6E000
heap
page read and write
4B0F000
heap
page read and write
1F4C46AC000
heap
page read and write
1F4C46A8000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C46B7000
heap
page read and write
1F4C46AC000
heap
page read and write
4FB1000
heap
page read and write
1F4C46A8000
heap
page read and write
1F4C46AA000
heap
page read and write
CFC000
stack
page read and write
7142000
trusted library allocation
page read and write
1F4C46B5000
heap
page read and write
1F4C46AC000
heap
page read and write
7220000
trusted library allocation
page read and write
1F4C46AA000
heap
page read and write
15DA000
heap
page read and write
4AF1000
heap
page read and write
1F4C46A8000
heap
page read and write
444D000
heap
page read and write
1F4C46C2000
heap
page read and write
46A0000
heap
page read and write
69FA000
stack
page read and write
478000
remote allocation
page execute and read and write
1F4C46B7000
heap
page read and write
1F4C46A8000
heap
page read and write
1F4C46AA000
heap
page read and write
459F000
stack
page read and write
45B4000
trusted library allocation
page read and write
2765000
heap
page read and write
4AD0000
heap
page read and write
1F4C46B5000
heap
page read and write
28E9000
heap
page read and write
4AF3000
heap
page read and write
1F4C46C2000
heap
page read and write
6BCE000
stack
page read and write
4AF1000
heap
page read and write
1F4C46AC000
heap
page read and write
1F4C46AC000
heap
page read and write
4B6E000
heap
page read and write
2FC2000
trusted library allocation
page read and write
1F4C46A8000
heap
page read and write
452E000
stack
page read and write
7EED000
stack
page read and write
1F4C46A8000
heap
page read and write
1F4C46C2000
heap
page read and write
15BF000
heap
page read and write
4AE0000
heap
page read and write
1F4C46B7000
heap
page read and write
4FB1000
heap
page read and write
1F4C46A8000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C46AE000
heap
page read and write
1F4C46AC000
heap
page read and write
C50000
unkown
page readonly
4AF1000
heap
page read and write
1F4C46C2000
heap
page read and write
1F4C46B3000
heap
page read and write
1424000
trusted library allocation
page read and write
2EF4000
heap
page read and write
1F4C46B7000
heap
page read and write
6A4E000
stack
page read and write
4AEE000
heap
page read and write
4B50000
heap
page read and write
4FB1000
heap
page read and write
1F4C46C2000
heap
page read and write
1F4C46AC000
heap
page read and write
1F4C46AE000
heap
page read and write
6ECD000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C46B7000
heap
page read and write
2FAE000
trusted library allocation
page read and write
1F4C46AE000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C46AC000
heap
page read and write
904000
heap
page read and write
1F4C46B3000
heap
page read and write
1F4C46A8000
heap
page read and write
4AF1000
heap
page read and write
2EF4000
heap
page read and write
1F4C46B5000
heap
page read and write
45B0000
trusted library allocation
page read and write
1F4C46AE000
heap
page read and write
7000000
trusted library allocation
page read and write
1F4C46AA000
heap
page read and write
1F4C46B5000
heap
page read and write
1635000
heap
page read and write
1F4C46AC000
heap
page read and write
1F4C46B3000
heap
page read and write
1F4C46B3000
heap
page read and write
1F4C46AC000
heap
page read and write
1F4C46AC000
heap
page read and write
4AF1000
heap
page read and write
45C000
system
page execute and read and write
1F4C46AA000
heap
page read and write
32FE000
stack
page read and write
456E000
stack
page read and write
1F4C46C2000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C46AE000
heap
page read and write
1F4C46AE000
heap
page read and write
12FC000
stack
page read and write
11DE000
stack
page read and write
1F4C46B7000
heap
page read and write
1470000
trusted library allocation
page read and write
1F4C46C2000
heap
page read and write
4FB1000
heap
page read and write
6EDC000
heap
page read and write
1F4C46B3000
heap
page read and write
1F4C46C2000
heap
page read and write
55EE000
stack
page read and write
4A96000
unclassified section
page execute and read and write
1F4C46AC000
heap
page read and write
697F000
stack
page read and write
68FB000
stack
page read and write
1F4C46B5000
heap
page read and write
52AF000
stack
page read and write
1F4C46B3000
heap
page read and write
1F4C46AE000
heap
page read and write
2ED0000
heap
page read and write
23D0000
heap
page read and write
1F4C46AC000
heap
page read and write
1F4C46C2000
heap
page read and write
1F4C46C2000
heap
page read and write
142D000
trusted library allocation
page execute and read and write
70FE000
stack
page read and write
1F4C46B7000
heap
page read and write
1F4C46B5000
heap
page read and write
6C0E000
stack
page read and write
1F4C46A8000
heap
page read and write
1457000
trusted library allocation
page execute and read and write
4AFC000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C46C2000
heap
page read and write
4755000
trusted library allocation
page read and write
1F4C46C2000
heap
page read and write
1F4C46B3000
heap
page read and write
31E0000
heap
page read and write
1F4C46AC000
heap
page read and write
54EE000
stack
page read and write
1F4C46AC000
heap
page read and write
1F4C46AA000
heap
page read and write
1F4C46C2000
heap
page read and write
2EF4000
heap
page read and write
1F4C46AC000
heap
page read and write
904000
heap
page read and write
1F4C46A8000
heap
page read and write
1F4C46B3000
heap
page read and write
1F4C46B7000
heap
page read and write
7C25000
trusted library allocation
page read and write
9D8000
heap
page read and write
2BE0000
heap
page read and write
400000
system
page execute and read and write
4FAE000
stack
page read and write
4B6E000
heap
page read and write
1F4C46AA000
heap
page read and write
2F20000
heap
page read and write
2F51000
trusted library allocation
page read and write
1F4C46AC000
heap
page read and write
2830000
heap
page read and write
4AF5000
heap
page read and write
1F4C46C2000
heap
page read and write
1F4C46B7000
heap
page read and write
1F4C46C2000
heap
page read and write
1F4C46B5000
heap
page read and write
15C0000
trusted library allocation
page read and write
4B05000
heap
page read and write
1F4C46AC000
heap
page read and write
1255000
heap
page read and write
1F4C46AE000
heap
page read and write
1F4C46AC000
heap
page read and write
1F4C46A8000
heap
page read and write
4AF1000
heap
page read and write
4AE0000
heap
page read and write
1F4C46C2000
heap
page read and write
1F4C46B5000
heap
page read and write
139E000
stack
page read and write
1F4C46AA000
heap
page read and write
5889000
trusted library allocation
page read and write
1F4C46B5000
heap
page read and write
4FB1000
heap
page read and write
1F4C46B3000
heap
page read and write
4600000
trusted library allocation
page read and write
1F4C46B3000
heap
page read and write
2EF4000
heap
page read and write
41A0000
heap
page read and write
1F4C46C2000
heap
page read and write
1F4C46B7000
heap
page read and write
4AE8000
heap
page read and write
5AA000
stack
page read and write
1190000
heap
page read and write
2EF4000
heap
page read and write
1F4C46B3000
heap
page read and write
1F4C46B5000
heap
page read and write
4AD1000
heap
page read and write
1F4C46C2000
heap
page read and write
4B11000
heap
page read and write
45C9000
trusted library allocation
page read and write
1F4C46B5000
heap
page read and write
7C20000
trusted library allocation
page execute and read and write
1F4C46AA000
heap
page read and write
1430000
trusted library allocation
page read and write
1F4C46B5000
heap
page read and write
15E6000
trusted library allocation
page read and write
1F4C46B5000
heap
page read and write
2760000
heap
page read and write
1F4C46B7000
heap
page read and write
1F4C46AC000
heap
page read and write
1F4C46B3000
heap
page read and write
4AF3000
heap
page read and write
1F4C46A8000
heap
page read and write
1F4C46AE000
heap
page read and write
1F4C46B3000
heap
page read and write
327E000
stack
page read and write
1F4C46A8000
heap
page read and write
9F4000
heap
page read and write
904000
heap
page read and write
4AD0000
heap
page read and write
6E87000
heap
page read and write
1F4C46B5000
heap
page read and write
1F4C46B3000
heap
page read and write
1F4C5FC0000
heap
page read and write
1F4C46C2000
heap
page read and write
502E000
stack
page read and write
1F4C46A8000
heap
page read and write
1F4C46A8000
heap
page read and write
2890000
heap
page read and write
4AE6000
heap
page read and write
1F4C46B5000
heap
page read and write
7160000
trusted library allocation
page read and write
904000
heap
page read and write
4AE0000
heap
page read and write
1F4C46C2000
heap
page read and write
4FB1000
heap
page read and write
1F4C46AA000
heap
page read and write
1F4C46B3000
heap
page read and write
1F4C46B7000
heap
page read and write
4AEE000
heap
page read and write
4F58000
trusted library allocation
page read and write
6FD81000
unkown
page execute read
4B0A000
heap
page read and write
7C70000
trusted library allocation
page read and write
1F4C46A8000
heap
page read and write
5310000
trusted library allocation
page read and write
466A000
trusted library allocation
page read and write
1F4C60B0000
heap
page read and write
1F4C46B7000
heap
page read and write
7039000
trusted library allocation
page read and write
1F4C46B5000
heap
page read and write
1F4C46A8000
heap
page read and write
4AF1000
heap
page read and write
1F4C46A8000
heap
page read and write
1F4C46AC000
heap
page read and write
1F4C46B5000
heap
page read and write
464E000
stack
page read and write
7240000
trusted library allocation
page read and write
7BF4000
trusted library allocation
page read and write
4870000
heap
page execute and read and write
4B0E000
heap
page read and write