Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
dVX6r5CyYY.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\Kirkegangens\Antiadiaphorist236.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\nsh313D.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\nskAAD2.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Epitomisation\Paaskyndelsernes\Bagstrbet\Cloudy.ung
|
DOS executable (COM, 0x8C-variant)
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\adjunctively.sys
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\nsc25A3.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsf9E4E.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Abdullah103\Ubegavede\Drejerens\Porphyroblast.gro
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Abdullah103\Ubegavede\Drejerens\Spiritualismens.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Abdullah103\Ubegavede\Drejerens\Tekstndringer.fig
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Bacchanalias\Circumvented\boozed.baa
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Bacchanalias\Circumvented\bverunger.pat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Bacchanalias\Circumvented\denterne.anf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Bacchanalias\Circumvented\displeasure.sta
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Bacchanalias\Circumvented\eastermost.exh
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Bacchanalias\Circumvented\eupathy.ube
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Deaved\Undercoursing\Haustellated\Forfordelingernes.sub
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Deaved\Undercoursing\Haustellated\Gennemlsningen.tou
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Deaved\Undercoursing\Haustellated\Gryntelyds157.rub
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Epitomisation\Paaskyndelsernes\Bagstrbet\Acerbated.rau
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Epitomisation\Paaskyndelsernes\Bagstrbet\Anzac.con
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Flavo\Attrapotr\Huggins\Bucco.Sca
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Hugormebiddenes\Forbryderspirernes.amb
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Meridion\familieskab.dec
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Meridion\fascistoides.for
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Meridion\fordansere.phy
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Meridion\frelserens.ene
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Meridion\generalcy.amb
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Meridion\glonoins.mel
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Meridion\goodoh.rei
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Meridion\hektometerens.omn
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Meridion\hyperazoturia.omk
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Meridion\indkbstur.fos
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Meridion\khrush.mar
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Meridion\lyctus.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Meridion\noncontributing.tit
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Meridion\overage.mon
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Meridion\prfabrikations.hyp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Meridion\sjasket.con
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Meridion\svmmenderne.pre
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Meridion\textuarist.acc
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Meridion\titrere.hus
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Meridion\udstrkkendes.kal
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Paaanke\Girlens100\bilbreve.lip
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Runddelens\indtagende\Mikserens\Terminologiers\Configural55.cry
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Skrinlggende253\Jrnbanen\Kropsvisitering.tai
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Skrinlggende253\Jrnbanen\Kruspersillen.sti
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Skrinlggende253\Jrnbanen\Lavtrykkets.esm
|
MacBinary, ID 0xb184, protected 0xffffffa9, comment length 11, char. code 0xd2, total length 1325400218, 2nd header length
53, Mon Sep 25 17:17:28 1989, modified Mon Feb 6 18:37:13 2040, creator '\011', type ' ', 2125922425 bytes "d\266" , at
0x7eb700f9 16515101 bytes resource
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Skrinlggende253\Jrnbanen\Maile3.rem
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Skrinlggende253\Jrnbanen\Narret.ade
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\Skrinlggende253\Jrnbanen\Planorbiform.kla
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\aandsarbejderes.chr
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\anglede.hyp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\baggins.mil
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\balustrade.ice
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\bathless.fru
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\alluder\benaadningsansgningerne.cha
|
data
|
dropped
|
There are 48 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\dVX6r5CyYY.exe
|
"C:\Users\user\Desktop\dVX6r5CyYY.exe"
|
|
|
|
C:\Users\user\Desktop\dVX6r5CyYY.exe
|
"C:\Users\user\Desktop\dVX6r5CyYY.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\Kirkegangens\Antiadiaphorist236.exe
|
"C:\Users\user\AppData\Local\Temp\Kirkegangens\Antiadiaphorist236.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\Kirkegangens\Antiadiaphorist236.exe
|
"C:\Users\user\AppData\Local\Temp\Kirkegangens\Antiadiaphorist236.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://adamkiddoo.com/nm
|
unknown
|
||
|
https://adamkiddoo.com/ASsHdVpRUDfpWtkNHm150.binJ&
|
unknown
|
||
|
https://adamkiddoo.com/Vm
|
unknown
|
||
|
https://adamkiddoo.com/ASsHdVpRUDfpWtkNHm150.binCom3
|
unknown
|
||
|
https://adamkiddoo.com/ASsHdVpRUDfpWtkNHm150.bin6K
|
unknown
|
||
|
https://adamkiddoo.com/ASsHdVpRUDfpWtkNHm150.binN
|
unknown
|
||
|
http://www.quovadis.bm0
|
unknown
|
||
|
https://adamkiddoo.com/ASsHdVpRUDfpWtkNHm150.bin
|
50.87.142.20
|
||
|
https://adamkiddoo.com/
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
https://adamkiddoo.com/ASsHdVpRUDfpWtkNHm150.bin~K
|
unknown
|
||
|
https://ocsp.quovadisoffshore.com0
|
unknown
|
||
|
https://adamkiddoo.com/ASsHdVpRUDfpWtkNHm150.binwsdn
|
unknown
|
||
|
https://adamkiddoo.com/ASsHdVpRUDfpWtkNHm150.bin=
|
unknown
|
||
|
https://adamkiddoo.com/U
|
unknown
|
||
|
https://adamkiddoo.com/ASsHdVpRUDfpWtkNHm150.binl64
|
unknown
|
||
|
https://adamkiddoo.com/ASsHdVpRUDfpWtkNHm150.binfJ
|
unknown
|
There are 7 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
adamkiddoo.com
|
50.87.142.20
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
50.87.142.20
|
adamkiddoo.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
|
Tjenerskab
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Incession\Baandsavs
|
Barnefaders
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\alexandrite\quakery
|
sadisten
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Overargue240\Uninstall\Drumhead\diskettekuverters
|
semiproof
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\ActiveMovie\devenum
|
Version
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
594E000
|
direct allocation
|
page execute and read and write
|
|
|
|
599E000
|
direct allocation
|
page execute and read and write
|
|
|
|
4C5000
|
heap
|
page read and write
|
||
|
2D30000
|
heap
|
page read and write
|
||
|
2CF7000
|
heap
|
page read and write
|
||
|
22BE000
|
stack
|
page read and write
|
||
|
2B03000
|
heap
|
page read and write
|
||
|
3304E000
|
stack
|
page read and write
|
||
|
92F000
|
stack
|
page read and write
|
||
|
33320000
|
heap
|
page read and write
|
||
|
44D000
|
unkown
|
page readonly
|
||
|
32ECF000
|
stack
|
page read and write
|
||
|
46D0000
|
direct allocation
|
page read and write
|
||
|
4770000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
3301D000
|
stack
|
page read and write
|
||
|
652000
|
heap
|
page read and write
|
||
|
3350000
|
direct allocation
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
96E000
|
stack
|
page read and write
|
||
|
5FE000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
32A0000
|
direct allocation
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
2A81000
|
heap
|
page read and write
|
||
|
65C000
|
heap
|
page read and write
|
||
|
4E80000
|
direct allocation
|
page execute and read and write
|
||
|
7EF000
|
stack
|
page read and write
|
||
|
421000
|
unkown
|
page read and write
|
||
|
3310000
|
direct allocation
|
page read and write
|
||
|
2D39000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
46C0000
|
direct allocation
|
page read and write
|
||
|
2C30000
|
direct allocation
|
page read and write
|
||
|
32B2E000
|
stack
|
page read and write
|
||
|
226E000
|
stack
|
page read and write
|
||
|
4F9E000
|
direct allocation
|
page execute and read and write
|
||
|
32E1F000
|
stack
|
page read and write
|
||
|
24D0000
|
heap
|
page read and write
|
||
|
2D8F000
|
stack
|
page read and write
|
||
|
4730000
|
direct allocation
|
page read and write
|
||
|
3315F000
|
stack
|
page read and write
|
||
|
2926000
|
heap
|
page read and write
|
||
|
64E000
|
heap
|
page read and write
|
||
|
5FA000
|
heap
|
page read and write
|
||
|
21AE000
|
remote allocation
|
page execute and read and write
|
||
|
3290000
|
direct allocation
|
page read and write
|
||
|
32C6E000
|
stack
|
page read and write
|
||
|
2B0E000
|
heap
|
page read and write
|
||
|
53F000
|
heap
|
page read and write
|
||
|
2CF2000
|
heap
|
page read and write
|
||
|
48F0000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
2C8E000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
24DE000
|
remote allocation
|
page execute and read and write
|
||
|
32C2F000
|
stack
|
page read and write
|
||
|
2B0A000
|
heap
|
page read and write
|
||
|
A6F000
|
stack
|
page read and write
|
||
|
2A87000
|
heap
|
page read and write
|
||
|
3330000
|
direct allocation
|
page read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
528000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
3320000
|
direct allocation
|
page read and write
|
||
|
2B07000
|
heap
|
page read and write
|
||
|
2A58000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
2920000
|
heap
|
page read and write
|
||
|
2D4D000
|
heap
|
page read and write
|
||
|
3300000
|
direct allocation
|
page read and write
|
||
|
4F4E000
|
direct allocation
|
page execute and read and write
|
||
|
44A000
|
unkown
|
page read and write
|
||
|
3330000
|
direct allocation
|
page read and write
|
||
|
3380000
|
direct allocation
|
page read and write
|
||
|
24DE000
|
remote allocation
|
page execute and read and write
|
||
|
32DFF000
|
stack
|
page read and write
|
||
|
421000
|
unkown
|
page read and write
|
||
|
29FE000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
32A3E000
|
stack
|
page read and write
|
||
|
409000
|
unkown
|
page write copy
|
||
|
32ABD000
|
stack
|
page read and write
|
||
|
409000
|
unkown
|
page read and write
|
||
|
2A95000
|
heap
|
page read and write
|
||
|
2B03000
|
heap
|
page read and write
|
||
|
2AFC000
|
heap
|
page read and write
|
||
|
2CF2000
|
heap
|
page read and write
|
||
|
32DDE000
|
stack
|
page read and write
|
||
|
2AEA000
|
heap
|
page read and write
|
||
|
44A000
|
unkown
|
page read and write
|
||
|
4710000
|
direct allocation
|
page read and write
|
||
|
32CFE000
|
stack
|
page read and write
|
||
|
2C00000
|
direct allocation
|
page read and write
|
||
|
2590000
|
direct allocation
|
page read and write
|
||
|
2230000
|
heap
|
page read and write
|
||
|
3310000
|
direct allocation
|
page read and write
|
||
|
2B9F000
|
stack
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
32E60000
|
heap
|
page read and write
|
||
|
32E8E000
|
stack
|
page read and write
|
||
|
2A40000
|
direct allocation
|
page read and write
|
||
|
2D4C000
|
heap
|
page read and write
|
||
|
10005000
|
unkown
|
page readonly
|
||
|
2A3E000
|
stack
|
page read and write
|
||
|
2CEB000
|
heap
|
page read and write
|
||
|
2B03000
|
heap
|
page read and write
|
||
|
32E60000
|
remote allocation
|
page read and write
|
||
|
24EE000
|
stack
|
page read and write
|
||
|
2CE2000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page write copy
|
||
|
4710000
|
direct allocation
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
293F000
|
stack
|
page read and write
|
||
|
3370000
|
direct allocation
|
page read and write
|
||
|
21AE000
|
remote allocation
|
page execute and read and write
|
||
|
33D0000
|
heap
|
page read and write
|
||
|
2C20000
|
direct allocation
|
page read and write
|
||
|
44D000
|
unkown
|
page readonly
|
||
|
3B1C000
|
stack
|
page read and write
|
||
|
426000
|
unkown
|
page read and write
|
||
|
2B0E000
|
heap
|
page read and write
|
||
|
32BBE000
|
stack
|
page read and write
|
||
|
3300D000
|
stack
|
page read and write
|
||
|
2C4F000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
29EF000
|
stack
|
page read and write
|
||
|
4700000
|
direct allocation
|
page read and write
|
||
|
32E50000
|
remote allocation
|
page read and write
|
||
|
3293F000
|
stack
|
page read and write
|
||
|
2D4C000
|
heap
|
page read and write
|
||
|
3360000
|
direct allocation
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
4720000
|
direct allocation
|
page read and write
|
||
|
24CE000
|
stack
|
page read and write
|
||
|
24F4000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
48C0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
409000
|
unkown
|
page write copy
|
||
|
70000
|
heap
|
page read and write
|
||
|
4730000
|
direct allocation
|
page read and write
|
||
|
2CF9000
|
heap
|
page read and write
|
||
|
2E6F000
|
stack
|
page read and write
|
||
|
2CF7000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
2CFA000
|
heap
|
page read and write
|
||
|
32D0000
|
direct allocation
|
page read and write
|
||
|
4931000
|
trusted library allocation
|
page read and write
|
||
|
82E000
|
stack
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
3320000
|
direct allocation
|
page read and write
|
||
|
32B0000
|
direct allocation
|
page read and write
|
||
|
6EE000
|
stack
|
page read and write
|
||
|
2AFC000
|
heap
|
page read and write
|
||
|
22DE000
|
stack
|
page read and write
|
||
|
23E0000
|
heap
|
page read and write
|
||
|
3287E000
|
stack
|
page read and write
|
||
|
4EA000
|
heap
|
page read and write
|
||
|
2350000
|
heap
|
page read and write
|
||
|
2A90000
|
heap
|
page read and write
|
||
|
A6F000
|
stack
|
page read and write
|
||
|
4EE000
|
heap
|
page read and write
|
||
|
2D4C000
|
heap
|
page read and write
|
||
|
4770000
|
direct allocation
|
page read and write
|
||
|
2F6F000
|
stack
|
page read and write
|
||
|
2A7E000
|
stack
|
page read and write
|
||
|
32F0000
|
direct allocation
|
page read and write
|
||
|
22F0000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
407000
|
unkown
|
page readonly
|
||
|
4740000
|
direct allocation
|
page read and write
|
||
|
10003000
|
unkown
|
page readonly
|
||
|
3A70000
|
heap
|
page read and write
|
||
|
329BE000
|
stack
|
page read and write
|
||
|
5DE000
|
stack
|
page read and write
|
||
|
2A98000
|
heap
|
page read and write
|
||
|
32F1C000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
52C000
|
heap
|
page read and write
|
||
|
3C6C000
|
stack
|
page read and write
|
||
|
2910000
|
direct allocation
|
page read and write
|
||
|
4750000
|
direct allocation
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
2CE6000
|
heap
|
page read and write
|
||
|
524000
|
heap
|
page read and write
|
||
|
29F2000
|
heap
|
page read and write
|
||
|
6A6000
|
heap
|
page read and write
|
||
|
4760000
|
direct allocation
|
page read and write
|
||
|
10003000
|
unkown
|
page readonly
|
||
|
92F000
|
stack
|
page read and write
|
||
|
2C10000
|
direct allocation
|
page read and write
|
||
|
2D4C000
|
heap
|
page read and write
|
||
|
32E60000
|
remote allocation
|
page read and write
|
||
|
409000
|
unkown
|
page write copy
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
2B09000
|
heap
|
page read and write
|
||
|
3314F000
|
stack
|
page read and write
|
||
|
44D000
|
unkown
|
page readonly
|
||
|
3240000
|
heap
|
page read and write
|
||
|
2B0A000
|
heap
|
page read and write
|
||
|
2B03000
|
heap
|
page read and write
|
||
|
434000
|
unkown
|
page read and write
|
||
|
3340000
|
direct allocation
|
page read and write
|
||
|
32E0000
|
direct allocation
|
page read and write
|
||
|
2AF4000
|
heap
|
page read and write
|
||
|
44D000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
3C1C000
|
stack
|
page read and write
|
||
|
32B7D000
|
stack
|
page read and write
|
||
|
70000
|
heap
|
page read and write
|
||
|
32E50000
|
remote allocation
|
page read and write
|
||
|
32D6E000
|
stack
|
page read and write
|
||
|
2AF4000
|
heap
|
page read and write
|
||
|
2C60000
|
direct allocation
|
page read and write
|
||
|
3297F000
|
stack
|
page read and write
|
||
|
2D4C000
|
heap
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
480000
|
heap
|
page read and write
|
||
|
42C000
|
unkown
|
page read and write
|
||
|
2AAD000
|
heap
|
page read and write
|
||
|
2C70000
|
heap
|
page read and write
|
||
|
98000
|
stack
|
page read and write
|
||
|
2AF4000
|
heap
|
page read and write
|
||
|
47B0000
|
heap
|
page read and write
|
||
|
96E000
|
stack
|
page read and write
|
||
|
46B0000
|
direct allocation
|
page read and write
|
||
|
2AFC000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
2CD7000
|
heap
|
page read and write
|
||
|
233E000
|
stack
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
32A7D000
|
stack
|
page read and write
|
||
|
98000
|
stack
|
page read and write
|
||
|
2AFC000
|
heap
|
page read and write
|
||
|
44D000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2CC1000
|
heap
|
page read and write
|
||
|
3283F000
|
stack
|
page read and write
|
||
|
6C2000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page read and write
|
||
|
17AE000
|
remote allocation
|
page execute and read and write
|
||
|
32F0000
|
direct allocation
|
page read and write
|
||
|
2C50000
|
direct allocation
|
page read and write
|
||
|
23E5000
|
heap
|
page read and write
|
||
|
4760000
|
direct allocation
|
page read and write
|
||
|
2CB8000
|
heap
|
page read and write
|
||
|
47C0000
|
heap
|
page read and write
|
||
|
32C0000
|
direct allocation
|
page read and write
|
||
|
2B0A000
|
heap
|
page read and write
|
||
|
656000
|
heap
|
page read and write
|
||
|
23D0000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
46E0000
|
direct allocation
|
page read and write
|
||
|
16E0000
|
remote allocation
|
page execute and read and write
|
||
|
2F0F000
|
stack
|
page read and write
|
||
|
3305E000
|
stack
|
page read and write
|
||
|
25A0000
|
heap
|
page read and write
|
||
|
32CBF000
|
stack
|
page read and write
|
||
|
2B03000
|
heap
|
page read and write
|
||
|
82E000
|
stack
|
page read and write
|
||
|
2B0A000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
6B6000
|
heap
|
page read and write
|
||
|
3B6C000
|
stack
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page write copy
|
||
|
2BF0000
|
direct allocation
|
page read and write
|
||
|
42C000
|
unkown
|
page read and write
|
||
|
32E50000
|
remote allocation
|
page read and write
|
||
|
4720000
|
heap
|
page read and write
|
||
|
2D4C000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
401000
|
unkown
|
page execute read
|
||
|
486E000
|
stack
|
page read and write
|
||
|
25A4000
|
heap
|
page read and write
|
||
|
23A0000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
32F0C000
|
stack
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
2B0E000
|
heap
|
page read and write
|
||
|
434000
|
unkown
|
page read and write
|
||
|
409000
|
unkown
|
page write copy
|
||
|
22C5000
|
heap
|
page read and write
|
||
|
2CFA000
|
heap
|
page read and write
|
||
|
539000
|
heap
|
page read and write
|
||
|
2C40000
|
direct allocation
|
page read and write
|
||
|
44D000
|
unkown
|
page readonly
|
||
|
16E0000
|
remote allocation
|
page execute and read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
23C0000
|
heap
|
page read and write
|
||
|
426000
|
unkown
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
401000
|
unkown
|
page execute read
|
||
|
32E60000
|
remote allocation
|
page read and write
|
||
|
24F0000
|
heap
|
page read and write
|
||
|
3273E000
|
stack
|
page read and write
|
||
|
3300000
|
direct allocation
|
page read and write
|
||
|
2A3E000
|
stack
|
page read and write
|
||
|
2C78000
|
heap
|
page read and write
|
||
|
10005000
|
unkown
|
page readonly
|
||
|
7EF000
|
stack
|
page read and write
|
||
|
17AE000
|
remote allocation
|
page execute and read and write
|
||
|
46F0000
|
direct allocation
|
page read and write
|
||
|
2B0E000
|
heap
|
page read and write
|
||
|
2B0D000
|
heap
|
page read and write
|
||
|
22C0000
|
heap
|
page read and write
|
||
|
4ED0000
|
direct allocation
|
page execute and read and write
|
||
|
44D000
|
unkown
|
page readonly
|
||
|
407000
|
unkown
|
page readonly
|
||
|
4750000
|
direct allocation
|
page read and write
|
||
|
33E0000
|
heap
|
page read and write
|
||
|
48AE000
|
stack
|
page read and write
|
||
|
480000
|
heap
|
page read and write
|
||
|
598000
|
heap
|
page read and write
|
||
|
2CF2000
|
heap
|
page read and write
|
||
|
2E0E000
|
stack
|
page read and write
|
||
|
47A0000
|
heap
|
page read and write
|
||
|
2B0A000
|
heap
|
page read and write
|
||
|
44D000
|
unkown
|
page readonly
|
||
|
668000
|
heap
|
page read and write
|
There are 314 hidden memdumps, click here to show them.