Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
MV EAGLE EYE RFQ-92008882920-PDF.vbs
|
ASCII text, with very long lines (18194)
|
initial sample
|
 |
|
|
C:\ProgramData\sihem.vbe
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\wBdjaJtUBqsSWBB.vbs
|
ISO-8859 text
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_powershell.exe_b4b21b9272f0623778607a435112f88140f556cc_00000000_8105a337-0844-44e9-b495-4c29cd2622d4\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_powershell.exe_b4b21b9272f0623778607a435112f88140f556cc_00000000_a7f992eb-ea9c-473e-a87e-68ee5b3c4047\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF081.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF0B1.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF8E3.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF99F.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1jtff3wg.ke3.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cw3ks53g.vlt.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tmfpd43b.jre.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ttvbys5d.i3e.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF3ddf2c.TMP
(copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\EEK2B5V1HE1RID687TK1.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\MPCYQ4H21G0NUEUEBN10.temp
|
data
|
dropped
|
||
|
\Device\ConDrv
|
Non-ISO extended-ASCII text, with very long lines (875), with CRLF line terminators, with escape sequences
|
dropped
|
There are 11 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\MV EAGLE EYE RFQ-92008882920-PDF.vbs"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\ProgramData\sihem.vbe"
|
|
|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\AppData\Roaming\wBdjaJtUBqsSWBB.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wermgr.exe
|
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "6496" "2812" "1456" "2816" "0" "0" "2820" "0" "0" "0" "0" "0"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wermgr.exe
|
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "1196" "1640" "2180" "2884" "0" "0" "2888" "0" "0" "0" "0" "0"
|
There are 1 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://144.91.79.54/2210/rJ
|
unknown
|
||
|
http://144.91.79.54/2210/v5D44
|
unknown
|
||
|
http://144.91.79.54/2210/WGznFv2HOQZ7KUuJ2W9v.txt
|
unknown
|
||
|
http://144.91.79.54:80/2210/WGznFv2HOQZ7KUuJ2W9v.txt0032510063530010000000000110000000A26000EDA00000
|
unknown
|
||
|
http://144.91.79.54/2210/$
|
unknown
|
||
|
http://144.91.79.54/b
|
unknown
|
||
|
http://144.91.79.54:80/2210/file27A0000035820700001827B0600000D182070000D72720A0070000B5270000A00000
|
unknown
|
||
|
http://144.91.79.54/2210/v
|
unknown
|
||
|
http://144.91.79.54/210/rJ
|
unknown
|
||
|
http://144.91.79.54/2210/file
|
unknown
|
||
|
http://144.91.79.54/
|
unknown
|
||
|
http://144.91.79.54/e4
|
unknown
|
||
|
http://144.91.79.54/2210/filebvRlL6
|
unknown
|
||
|
http://144.91.79.54/210/r~
|
unknown
|
||
|
http://144.91.79.54/u
|
unknown
|
||
|
http://144.91.79.54:80/2210/vznFv2HOQZ7KUuJ2W9v.txt0032510063530010000000000110000000A26000EDA000009
|
unknown
|
||
|
http://144.91.79.54/2210/vs
|
unknown
|
||
|
http://144.91.79.54/IndexG
|
unknown
|
||
|
http://144.91.79.54/Z
|
unknown
|
||
|
http://144.91.79.54/z
|
unknown
|
There are 10 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
s-part-0032.t-0009.t-msedge.net
|
13.107.246.60
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
144.91.79.54
|
unknown
|
Germany
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB\donn
|
Part1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB\donn
|
Part2
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB\donn
|
Part3
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB\donn
|
Part4
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB\donn
|
Part5
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB\donn
|
Part6
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB\donn
|
Part7
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB\donn
|
Part8
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB\donn
|
Part9
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB\donn
|
Part10
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB\donn
|
Part11
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB\donn
|
Part12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB\donn
|
Part13
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB\donn
|
Part14
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB\donn
|
Part15
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB\donn
|
Part16
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB\donn
|
Part17
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB\donn
|
Part18
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB\donn
|
Part19
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB\donn
|
Part20
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB\donn
|
Part21
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB\donn
|
Part22
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB\donn
|
Part23
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB\donn
|
Part24
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB\donn
|
Part25
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB\donn
|
Part26
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB\donn
|
Part27
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB\donn
|
Part28
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB\donn
|
Part29
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB\donn
|
Part30
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB
|
cn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB
|
i
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB
|
s
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB
|
r
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB
|
Path
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wBdjaJtUBqsSWBB
|
v
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
00188010E7D2DACC
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
There are 33 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1F023685000
|
heap
|
page read and write
|
||
|
222E137B000
|
heap
|
page read and write
|
||
|
222E13BC000
|
heap
|
page read and write
|
||
|
1A7E6A40000
|
heap
|
page read and write
|
||
|
222E34BE000
|
heap
|
page read and write
|
||
|
222E3858000
|
heap
|
page read and write
|
||
|
1A7E6B4B000
|
heap
|
page read and write
|
||
|
1A7E6AD0000
|
heap
|
page read and write
|
||
|
222E3462000
|
heap
|
page read and write
|
||
|
222E1397000
|
heap
|
page read and write
|
||
|
CD8000
|
heap
|
page read and write
|
||
|
222E3858000
|
heap
|
page read and write
|
||
|
222E3814000
|
heap
|
page read and write
|
||
|
222E3858000
|
heap
|
page read and write
|
||
|
222E3421000
|
heap
|
page read and write
|
||
|
222E34BA000
|
heap
|
page read and write
|
||
|
222E13D3000
|
heap
|
page read and write
|
||
|
1F02340C000
|
heap
|
page read and write
|
||
|
222E13BC000
|
heap
|
page read and write
|
||
|
1F023455000
|
heap
|
page read and write
|
||
|
1F02344A000
|
heap
|
page read and write
|
||
|
D97000
|
direct allocation
|
page execute and read and write
|
||
|
222E13C2000
|
heap
|
page read and write
|
||
|
222E3141000
|
heap
|
page read and write
|
||
|
222E33D4000
|
heap
|
page read and write
|
||
|
222E345C000
|
heap
|
page read and write
|
||
|
1F023220000
|
heap
|
page read and write
|
||
|
222E3880000
|
heap
|
page read and write
|
||
|
222E137A000
|
heap
|
page read and write
|
||
|
222E1378000
|
heap
|
page read and write
|
||
|
222E13EE000
|
heap
|
page read and write
|
||
|
BF0000
|
direct allocation
|
page read and write
|
||
|
C20000
|
direct allocation
|
page read and write
|
||
|
1F023390000
|
heap
|
page read and write
|
||
|
222E136C000
|
heap
|
page read and write
|
||
|
1A7E6B47000
|
heap
|
page read and write
|
||
|
900000
|
remote allocation
|
page execute and read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
1F024D70000
|
heap
|
page read and write
|
||
|
222E3403000
|
heap
|
page read and write
|
||
|
222E1688000
|
heap
|
page read and write
|
||
|
1F023459000
|
heap
|
page read and write
|
||
|
1F023449000
|
heap
|
page read and write
|
||
|
222E373A000
|
heap
|
page read and write
|
||
|
1F023448000
|
heap
|
page read and write
|
||
|
1A7E6B22000
|
heap
|
page read and write
|
||
|
222E1393000
|
heap
|
page read and write
|
||
|
222E133C000
|
heap
|
page read and write
|
||
|
1F023459000
|
heap
|
page read and write
|
||
|
222E13FD000
|
heap
|
page read and write
|
||
|
252CB11000
|
stack
|
page read and write
|
||
|
222E136E000
|
heap
|
page read and write
|
||
|
1F023459000
|
heap
|
page read and write
|
||
|
222E3858000
|
heap
|
page read and write
|
||
|
1041000
|
direct allocation
|
page execute and read and write
|
||
|
1A7E6B16000
|
heap
|
page read and write
|
||
|
222E13FD000
|
heap
|
page read and write
|
||
|
1F023454000
|
heap
|
page read and write
|
||
|
1DD03FE000
|
stack
|
page read and write
|
||
|
222E135F000
|
heap
|
page read and write
|
||
|
1A7E6BB8000
|
heap
|
page read and write
|
||
|
1A7E88F7000
|
heap
|
page read and write
|
||
|
1F02344C000
|
heap
|
page read and write
|
||
|
1A7E6B45000
|
heap
|
page read and write
|
||
|
1F023407000
|
heap
|
page read and write
|
||
|
1DD06FE000
|
stack
|
page read and write
|
||
|
222E13D3000
|
heap
|
page read and write
|
||
|
1F023448000
|
heap
|
page read and write
|
||
|
F90000
|
direct allocation
|
page execute and read and write
|
||
|
ACE000
|
stack
|
page read and write
|
||
|
1DD00FE000
|
stack
|
page read and write
|
||
|
E16000
|
direct allocation
|
page execute and read and write
|
||
|
222E13E0000
|
heap
|
page read and write
|
||
|
222E33C1000
|
heap
|
page read and write
|
||
|
222E168B000
|
heap
|
page read and write
|
||
|
222E13FD000
|
heap
|
page read and write
|
||
|
222E13FD000
|
heap
|
page read and write
|
||
|
3CD000
|
stack
|
page read and write
|
||
|
222E13A6000
|
heap
|
page read and write
|
||
|
222E3462000
|
heap
|
page read and write
|
||
|
EB3000
|
direct allocation
|
page execute and read and write
|
||
|
222E137A000
|
heap
|
page read and write
|
||
|
1A7E6E35000
|
heap
|
page read and write
|
||
|
1F023444000
|
heap
|
page read and write
|
||
|
1F023459000
|
heap
|
page read and write
|
||
|
1A7E8B74000
|
heap
|
page read and write
|
||
|
1A7E6B49000
|
heap
|
page read and write
|
||
|
1F02345A000
|
heap
|
page read and write
|
||
|
1F02344C000
|
heap
|
page read and write
|
||
|
222E141B000
|
heap
|
page read and write
|
||
|
222E137D000
|
heap
|
page read and write
|
||
|
222E3845000
|
heap
|
page read and write
|
||
|
222E1391000
|
heap
|
page read and write
|
||
|
222E3715000
|
heap
|
page read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
1A7E8590000
|
heap
|
page read and write
|
||
|
222E13CE000
|
heap
|
page read and write
|
||
|
112E000
|
direct allocation
|
page execute and read and write
|
||
|
222E312E000
|
heap
|
page read and write
|
||
|
1F02345A000
|
heap
|
page read and write
|
||
|
1DD08FB000
|
stack
|
page read and write
|
||
|
222E343E000
|
heap
|
page read and write
|
||
|
1A7E6B5B000
|
heap
|
page read and write
|
||
|
222E1391000
|
heap
|
page read and write
|
||
|
4FF07FE000
|
stack
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
222E3126000
|
heap
|
page read and write
|
||
|
222E135E000
|
heap
|
page read and write
|
||
|
222E140E000
|
heap
|
page read and write
|
||
|
1F023450000
|
heap
|
page read and write
|
||
|
1F023448000
|
heap
|
page read and write
|
||
|
1F02345A000
|
heap
|
page read and write
|
||
|
222E13FD000
|
heap
|
page read and write
|
||
|
1F023449000
|
heap
|
page read and write
|
||
|
EB9000
|
direct allocation
|
page execute and read and write
|
||
|
222E1397000
|
heap
|
page read and write
|
||
|
222E13A6000
|
heap
|
page read and write
|
||
|
222E137D000
|
heap
|
page read and write
|
||
|
1F023442000
|
heap
|
page read and write
|
||
|
222E1689000
|
heap
|
page read and write
|
||
|
125D000
|
direct allocation
|
page execute and read and write
|
||
|
1A7E88E0000
|
heap
|
page read and write
|
||
|
222E13C2000
|
heap
|
page read and write
|
||
|
222E138E000
|
heap
|
page read and write
|
||
|
928000
|
heap
|
page read and write
|
||
|
1A7E6B3C000
|
heap
|
page read and write
|
||
|
1F023444000
|
heap
|
page read and write
|
||
|
222E3493000
|
heap
|
page read and write
|
||
|
222E13D3000
|
heap
|
page read and write
|
||
|
4FF0108000
|
stack
|
page read and write
|
||
|
222E13A6000
|
heap
|
page read and write
|
||
|
2CD000
|
stack
|
page read and write
|
||
|
1F023450000
|
heap
|
page read and write
|
||
|
1F023445000
|
heap
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
222E13BC000
|
heap
|
page read and write
|
||
|
222E138E000
|
heap
|
page read and write
|
||
|
222E3462000
|
heap
|
page read and write
|
||
|
222E3462000
|
heap
|
page read and write
|
||
|
222E13D3000
|
heap
|
page read and write
|
||
|
1A7E6B46000
|
heap
|
page read and write
|
||
|
222E13E6000
|
heap
|
page read and write
|
||
|
222E3120000
|
heap
|
page read and write
|
||
|
1A7E6E38000
|
heap
|
page read and write
|
||
|
1F023459000
|
heap
|
page read and write
|
||
|
222E33D3000
|
heap
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
1DD07FE000
|
stack
|
page read and write
|
||
|
222E136D000
|
heap
|
page read and write
|
||
|
222E13D3000
|
heap
|
page read and write
|
||
|
1F023459000
|
heap
|
page read and write
|
||
|
222E138E000
|
heap
|
page read and write
|
||
|
222E3463000
|
heap
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
1F023450000
|
heap
|
page read and write
|
||
|
1F023444000
|
heap
|
page read and write
|
||
|
222E141C000
|
heap
|
page read and write
|
||
|
5BD000
|
stack
|
page read and write
|
||
|
1A7E6B47000
|
heap
|
page read and write
|
||
|
DB6000
|
direct allocation
|
page execute and read and write
|
||
|
1A7E6E38000
|
heap
|
page read and write
|
||
|
222E13BC000
|
heap
|
page read and write
|
||
|
252CFFF000
|
stack
|
page read and write
|
||
|
222E345C000
|
heap
|
page read and write
|
||
|
252D1FF000
|
stack
|
page read and write
|
||
|
222E34B1000
|
heap
|
page read and write
|
||
|
B1F000
|
stack
|
page read and write
|
||
|
1F023444000
|
heap
|
page read and write
|
||
|
222E13D3000
|
heap
|
page read and write
|
||
|
C4B000
|
direct allocation
|
page read and write
|
||
|
222E13A6000
|
heap
|
page read and write
|
||
|
13DF000
|
stack
|
page read and write
|
||
|
12D8000
|
direct allocation
|
page execute and read and write
|
||
|
222E1689000
|
heap
|
page read and write
|
||
|
222E33F0000
|
heap
|
page read and write
|
||
|
222E373B000
|
heap
|
page read and write
|
||
|
222E3270000
|
remote allocation
|
page read and write
|
||
|
222E3129000
|
heap
|
page read and write
|
||
|
1F023442000
|
heap
|
page read and write
|
||
|
1A7E6B2B000
|
heap
|
page read and write
|
||
|
1F023459000
|
heap
|
page read and write
|
||
|
222E373A000
|
heap
|
page read and write
|
||
|
222E3141000
|
heap
|
page read and write
|
||
|
222E1397000
|
heap
|
page read and write
|
||
|
222E3121000
|
heap
|
page read and write
|
||
|
222E1397000
|
heap
|
page read and write
|
||
|
222E137A000
|
heap
|
page read and write
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
1F023459000
|
heap
|
page read and write
|
||
|
A8E000
|
stack
|
page read and write
|
||
|
222E13D3000
|
heap
|
page read and write
|
||
|
222E37E3000
|
heap
|
page read and write
|
||
|
1DCFB7A000
|
stack
|
page read and write
|
||
|
222E13E5000
|
heap
|
page read and write
|
||
|
1F02344A000
|
heap
|
page read and write
|
||
|
222E138E000
|
heap
|
page read and write
|
||
|
222E13E5000
|
heap
|
page read and write
|
||
|
1F023462000
|
heap
|
page read and write
|
||
|
1A7E8B72000
|
heap
|
page read and write
|
||
|
222E34B0000
|
heap
|
page read and write
|
||
|
1F02345A000
|
heap
|
page read and write
|
||
|
222E1377000
|
heap
|
page read and write
|
||
|
4FF0BFD000
|
stack
|
page read and write
|
||
|
C70000
|
direct allocation
|
page read and write
|
||
|
222E13BC000
|
heap
|
page read and write
|
||
|
222E141E000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
222E1413000
|
heap
|
page read and write
|
||
|
1F02344B000
|
heap
|
page read and write
|
||
|
222E1685000
|
heap
|
page read and write
|
||
|
1A7E8B70000
|
heap
|
page read and write
|
||
|
222E1397000
|
heap
|
page read and write
|
||
|
222E1280000
|
heap
|
page read and write
|
||
|
222E3720000
|
heap
|
page read and write
|
||
|
1A7E6B16000
|
heap
|
page read and write
|
||
|
222E13DC000
|
heap
|
page read and write
|
||
|
1F023400000
|
heap
|
page read and write
|
||
|
1F023398000
|
heap
|
page read and write
|
||
|
222E35E8000
|
heap
|
page read and write
|
||
|
222E1347000
|
heap
|
page read and write
|
||
|
1A7E6AFE000
|
heap
|
page read and write
|
||
|
1F02344F000
|
heap
|
page read and write
|
||
|
1F023450000
|
heap
|
page read and write
|
||
|
222E3727000
|
heap
|
page read and write
|
||
|
222E13FC000
|
heap
|
page read and write
|
||
|
222E13C1000
|
heap
|
page read and write
|
||
|
222E137D000
|
heap
|
page read and write
|
||
|
222E138E000
|
heap
|
page read and write
|
||
|
4FF09FE000
|
stack
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
C1F000
|
stack
|
page read and write
|
||
|
222E1400000
|
heap
|
page read and write
|
||
|
222E3121000
|
heap
|
page read and write
|
||
|
222E135A000
|
heap
|
page read and write
|
||
|
1F023440000
|
heap
|
page read and write
|
||
|
222E13EE000
|
heap
|
page read and write
|
||
|
1F023444000
|
heap
|
page read and write
|
||
|
222E3858000
|
heap
|
page read and write
|
||
|
222E3463000
|
heap
|
page read and write
|
||
|
222E136F000
|
heap
|
page read and write
|
||
|
222E312A000
|
heap
|
page read and write
|
||
|
1A7E6AFF000
|
heap
|
page read and write
|
||
|
222E141E000
|
heap
|
page read and write
|
||
|
222E387F000
|
heap
|
page read and write
|
||
|
1DCFFFE000
|
stack
|
page read and write
|
||
|
222E348A000
|
heap
|
page read and write
|
||
|
E10000
|
direct allocation
|
page execute and read and write
|
||
|
1F02344F000
|
heap
|
page read and write
|
||
|
222E1348000
|
heap
|
page read and write
|
||
|
222E13EC000
|
heap
|
page read and write
|
||
|
222E312A000
|
heap
|
page read and write
|
||
|
222E1375000
|
heap
|
page read and write
|
||
|
222E1320000
|
heap
|
page read and write
|
||
|
222E33E6000
|
heap
|
page read and write
|
||
|
252D4FD000
|
stack
|
page read and write
|
||
|
222E13BC000
|
heap
|
page read and write
|
||
|
615000
|
remote allocation
|
page execute and read and write
|
||
|
222E2DB0000
|
heap
|
page read and write
|
||
|
4FF06FD000
|
stack
|
page read and write
|
||
|
222E1680000
|
heap
|
page read and write
|
||
|
222E383C000
|
heap
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
1F023462000
|
heap
|
page read and write
|
||
|
1A7E6B5B000
|
heap
|
page read and write
|
||
|
222E345E000
|
heap
|
page read and write
|
||
|
79E000
|
stack
|
page read and write
|
||
|
222E3124000
|
heap
|
page read and write
|
||
|
1F02344D000
|
heap
|
page read and write
|
||
|
222E383B000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
222E3421000
|
heap
|
page read and write
|
||
|
1F023440000
|
heap
|
page read and write
|
||
|
1F02345A000
|
heap
|
page read and write
|
||
|
222E3721000
|
heap
|
page read and write
|
||
|
1F023459000
|
heap
|
page read and write
|
||
|
222E3270000
|
remote allocation
|
page read and write
|
||
|
222E37B2000
|
heap
|
page read and write
|
||
|
222E137D000
|
heap
|
page read and write
|
||
|
222E312D000
|
heap
|
page read and write
|
||
|
1F02340C000
|
heap
|
page read and write
|
||
|
222E13D9000
|
heap
|
page read and write
|
||
|
1F023440000
|
heap
|
page read and write
|
||
|
222E1391000
|
heap
|
page read and write
|
||
|
222E1375000
|
heap
|
page read and write
|
||
|
222E33C0000
|
heap
|
page read and write
|
||
|
222E387F000
|
heap
|
page read and write
|
||
|
1A7E6B3C000
|
heap
|
page read and write
|
||
|
1F023320000
|
heap
|
page read and write
|
||
|
222E13BC000
|
heap
|
page read and write
|
||
|
222E1290000
|
heap
|
page read and write
|
||
|
222E13D8000
|
heap
|
page read and write
|
||
|
1DD02FE000
|
stack
|
page read and write
|
||
|
222E3858000
|
heap
|
page read and write
|
||
|
D90000
|
direct allocation
|
page execute and read and write
|
||
|
222E1341000
|
heap
|
page read and write
|
||
|
222E13E2000
|
heap
|
page read and write
|
||
|
222E1397000
|
heap
|
page read and write
|
||
|
1F023400000
|
heap
|
page read and write
|
||
|
222E13D3000
|
heap
|
page read and write
|
||
|
1A7E6E30000
|
heap
|
page read and write
|
||
|
222E1397000
|
heap
|
page read and write
|
||
|
1F023680000
|
heap
|
page read and write
|
||
|
1256000
|
direct allocation
|
page execute and read and write
|
||
|
1A7E6B5B000
|
heap
|
page read and write
|
||
|
222E13BC000
|
heap
|
page read and write
|
||
|
252D5FD000
|
stack
|
page read and write
|
||
|
222E13DC000
|
heap
|
page read and write
|
||
|
222E13A6000
|
heap
|
page read and write
|
||
|
222E13D8000
|
heap
|
page read and write
|
||
|
1F023462000
|
heap
|
page read and write
|
||
|
222E1348000
|
heap
|
page read and write
|
||
|
222E3462000
|
heap
|
page read and write
|
||
|
222E3141000
|
heap
|
page read and write
|
||
|
252D6FD000
|
stack
|
page read and write
|
||
|
252D2FF000
|
stack
|
page read and write
|
||
|
1F02345A000
|
heap
|
page read and write
|
||
|
1F023462000
|
heap
|
page read and write
|
||
|
222E141E000
|
heap
|
page read and write
|
||
|
222E13A6000
|
heap
|
page read and write
|
||
|
222E1375000
|
heap
|
page read and write
|
||
|
222E13A6000
|
heap
|
page read and write
|
||
|
1F023459000
|
heap
|
page read and write
|
||
|
222E373A000
|
heap
|
page read and write
|
||
|
1F023444000
|
heap
|
page read and write
|
||
|
222E136B000
|
heap
|
page read and write
|
||
|
222E13CF000
|
heap
|
page read and write
|
||
|
222E373E000
|
heap
|
page read and write
|
||
|
1A7E6B0E000
|
heap
|
page read and write
|
||
|
222E1341000
|
heap
|
page read and write
|
||
|
1F0233F5000
|
heap
|
page read and write
|
||
|
252D3FC000
|
stack
|
page read and write
|
||
|
222E13D3000
|
heap
|
page read and write
|
||
|
222E3452000
|
heap
|
page read and write
|
||
|
222E3781000
|
heap
|
page read and write
|
||
|
8EE000
|
stack
|
page read and write
|
||
|
222E3858000
|
heap
|
page read and write
|
||
|
1056000
|
direct allocation
|
page execute and read and write
|
||
|
222E3721000
|
heap
|
page read and write
|
||
|
1A7E6A20000
|
heap
|
page read and write
|
||
|
1F023450000
|
heap
|
page read and write
|
||
|
222E346C000
|
heap
|
page read and write
|
||
|
222E1375000
|
heap
|
page read and write
|
||
|
222E1397000
|
heap
|
page read and write
|
||
|
222E13A6000
|
heap
|
page read and write
|
||
|
1A7E6B84000
|
heap
|
page read and write
|
||
|
222E12B0000
|
heap
|
page read and write
|
||
|
222E386C000
|
heap
|
page read and write
|
||
|
1DCFEFE000
|
stack
|
page read and write
|
||
|
222E13A6000
|
heap
|
page read and write
|
||
|
222E35FA000
|
heap
|
page read and write
|
||
|
ECF000
|
stack
|
page read and write
|
||
|
222E135B000
|
heap
|
page read and write
|
||
|
222E1397000
|
heap
|
page read and write
|
||
|
1241000
|
direct allocation
|
page execute and read and write
|
||
|
10BD000
|
direct allocation
|
page execute and read and write
|
||
|
222E138E000
|
heap
|
page read and write
|
||
|
E52000
|
direct allocation
|
page execute and read and write
|
||
|
1A7E6A10000
|
heap
|
page read and write
|
||
|
1F023459000
|
heap
|
page read and write
|
||
|
1F023440000
|
heap
|
page read and write
|
||
|
222E141B000
|
heap
|
page read and write
|
||
|
10B9000
|
direct allocation
|
page execute and read and write
|
||
|
222E13D3000
|
heap
|
page read and write
|
||
|
222E141E000
|
heap
|
page read and write
|
||
|
1F023300000
|
heap
|
page read and write
|
||
|
8FD000
|
stack
|
page read and write
|
||
|
222E3141000
|
heap
|
page read and write
|
||
|
4FF0AFE000
|
stack
|
page read and write
|
||
|
222E3858000
|
heap
|
page read and write
|
||
|
222E312A000
|
heap
|
page read and write
|
||
|
618000
|
remote allocation
|
page execute and read and write
|
||
|
252CEFF000
|
stack
|
page read and write
|
||
|
1F02344D000
|
heap
|
page read and write
|
||
|
1F02344A000
|
heap
|
page read and write
|
||
|
222E3270000
|
remote allocation
|
page read and write
|
||
|
1DD05FD000
|
stack
|
page read and write
|
||
|
222E13DA000
|
heap
|
page read and write
|
||
|
222E1375000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
1F023459000
|
heap
|
page read and write
|
||
|
1A7E6B3D000
|
heap
|
page read and write
|
||
|
222E13E5000
|
heap
|
page read and write
|
||
|
1F023440000
|
heap
|
page read and write
|
||
|
222E13BC000
|
heap
|
page read and write
|
||
|
1A7E6B45000
|
heap
|
page read and write
|
||
|
222E1413000
|
heap
|
page read and write
|
||
|
105D000
|
direct allocation
|
page execute and read and write
|
||
|
222E13C2000
|
heap
|
page read and write
|
||
|
222E1348000
|
heap
|
page read and write
|
||
|
1F023407000
|
heap
|
page read and write
|
||
|
222E34CD000
|
heap
|
page read and write
|
||
|
222E3462000
|
heap
|
page read and write
|
||
|
1A7E8900000
|
heap
|
page read and write
|
||
|
1F0251B0000
|
heap
|
page read and write
|
||
|
1A7E88E1000
|
heap
|
page read and write
|
||
|
222E1400000
|
heap
|
page read and write
|
There are 386 hidden memdumps, click here to show them.