Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
RFQ-SulselBarruII2-COALCOMMLDOC.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\RFQ-SulselBarruII2-COALCOMMLDOC.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\Unmeringued.Brd
|
ASCII text, with very long lines (61450), with no line terminators
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\ukases.lnk
|
MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun
Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nsjlhnjp.qwc.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qr5yvafi.dw1.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\Behandlingsmaal.sac
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\Kliniklokalernes.sun
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\Potatory.rea
|
FoxPro FPT, blocks size 16640, next free block index 173, field type 0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\RFQ-SulselBarruII2-COALCOMMLDOC.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\Reluktansernes.Ove71
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\teda.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\188E93\31437F.lck
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\bc49718863ee53e026d805ec372039e9_9e146be9-c76a-4720-bcdb-53011b87bd06
|
data
|
dropped
|
There are 5 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe
|
"C:\Users\user\Desktop\RFQ-SulselBarruII2-COALCOMMLDOC.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"powershell.exe" -windowstyle hidden "$Harish116=Get-Content 'C:\Users\user\AppData\Local\Ubarberet\Graustark\resultalet\Unmeringued.Brd';$Omkldningsrums=$Harish116.SubString(61425,3);.$Omkldningsrums($Harish116)"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "set /A 1^^0"
|
|
|
|
C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe
|
"C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe"
|
|
|
|
C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe
|
"C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe"
|
|
|
|
C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe
|
"C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe"
|
|
|
|
C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe
|
"C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
||
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
||
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
||
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
||
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
||
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
||
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
||
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
||
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
||
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
||
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
There are 9 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://ebnsina.top/project/five/fre.php
|
104.21.13.124
|
|
|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
https://www.google.com
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://crl.microsoft
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://drive.google.com/
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.usercontent.google.com/
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
There are 7 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ebnsina.top
|
104.21.13.124
|
|
|
|
drive.google.com
|
192.178.50.78
|
||
|
drive.usercontent.google.com
|
192.178.50.65
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.21.13.124
|
ebnsina.top
|
United States
|
|
|
|
192.178.50.78
|
drive.google.com
|
United States
|
||
|
192.178.50.65
|
drive.usercontent.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\goplernes\Uncavernously232
|
tchaikovsky
|
||
|
HKEY_CURRENT_USER\SOFTWARE\wegotism
|
afskedstaltes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\zachary
|
xoana
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3E01000
|
heap
|
page read and write
|
|
|
|
8EBA000
|
direct allocation
|
page execute and read and write
|
|
|
|
73E0000
|
trusted library allocation
|
page read and write
|
||
|
7540000
|
trusted library allocation
|
page read and write
|
||
|
1F5CC000
|
stack
|
page read and write
|
||
|
578F000
|
stack
|
page read and write
|
||
|
5BE000
|
stack
|
page read and write
|
||
|
5680000
|
direct allocation
|
page read and write
|
||
|
462000
|
unkown
|
page readonly
|
||
|
5690000
|
direct allocation
|
page read and write
|
||
|
8475000
|
heap
|
page read and write
|
||
|
4FF4000
|
trusted library allocation
|
page read and write
|
||
|
752000
|
heap
|
page read and write
|
||
|
6D20000
|
direct allocation
|
page read and write
|
||
|
57F0000
|
heap
|
page read and write
|
||
|
775000
|
heap
|
page read and write
|
||
|
2D2F000
|
heap
|
page read and write
|
||
|
728000
|
heap
|
page read and write
|
||
|
752000
|
heap
|
page read and write
|
||
|
2F4000
|
unkown
|
page readonly
|
||
|
75B0000
|
trusted library allocation
|
page read and write
|
||
|
775000
|
heap
|
page read and write
|
||
|
2CC3000
|
heap
|
page read and write
|
||
|
2C88000
|
heap
|
page read and write
|
||
|
313F000
|
stack
|
page read and write
|
||
|
3E45000
|
heap
|
page read and write
|
||
|
2E7F000
|
stack
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
8100000
|
trusted library allocation
|
page read and write
|
||
|
2C50000
|
trusted library section
|
page read and write
|
||
|
277D000
|
stack
|
page read and write
|
||
|
2DA5000
|
trusted library allocation
|
page execute and read and write
|
||
|
3E06000
|
heap
|
page read and write
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
6D00000
|
direct allocation
|
page read and write
|
||
|
8630000
|
trusted library allocation
|
page read and write
|
||
|
232D0000
|
direct allocation
|
page read and write
|
||
|
77C000
|
heap
|
page read and write
|
||
|
3E4E000
|
heap
|
page read and write
|
||
|
3D98000
|
heap
|
page read and write
|
||
|
57CE000
|
stack
|
page read and write
|
||
|
3242000
|
heap
|
page read and write
|
||
|
2EA8000
|
heap
|
page read and write
|
||
|
1F2CD000
|
stack
|
page read and write
|
||
|
7221000
|
heap
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
3E47000
|
heap
|
page read and write
|
||
|
8120000
|
trusted library allocation
|
page read and write
|
||
|
7550000
|
trusted library allocation
|
page read and write
|
||
|
1F36E000
|
stack
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
1F4C0000
|
remote allocation
|
page read and write
|
||
|
7280000
|
heap
|
page execute and read and write
|
||
|
8410000
|
heap
|
page read and write
|
||
|
23E0000
|
heap
|
page read and write
|
||
|
8110000
|
trusted library allocation
|
page read and write
|
||
|
8180000
|
trusted library allocation
|
page execute and read and write
|
||
|
2837000
|
heap
|
page read and write
|
||
|
7290000
|
trusted library allocation
|
page read and write
|
||
|
2D89000
|
trusted library allocation
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
8690000
|
direct allocation
|
page read and write
|
||
|
6D40000
|
direct allocation
|
page read and write
|
||
|
768000
|
heap
|
page read and write
|
||
|
2D90000
|
trusted library allocation
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
6CE0000
|
direct allocation
|
page read and write
|
||
|
2838000
|
heap
|
page read and write
|
||
|
8620000
|
direct allocation
|
page execute and read and write
|
||
|
5A99000
|
trusted library allocation
|
page read and write
|
||
|
300A000
|
remote allocation
|
page execute and read and write
|
||
|
764000
|
heap
|
page read and write
|
||
|
8D90000
|
direct allocation
|
page execute and read and write
|
||
|
3DEF000
|
heap
|
page read and write
|
||
|
8680000
|
direct allocation
|
page read and write
|
||
|
6E9D000
|
stack
|
page read and write
|
||
|
1F660000
|
heap
|
page read and write
|
||
|
3E45000
|
heap
|
page read and write
|
||
|
7277000
|
trusted library allocation
|
page read and write
|
||
|
4A60000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
8480000
|
heap
|
page read and write
|
||
|
6B2E000
|
stack
|
page read and write
|
||
|
5640000
|
direct allocation
|
page read and write
|
||
|
2C20000
|
heap
|
page read and write
|
||
|
768000
|
heap
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
1F60E000
|
stack
|
page read and write
|
||
|
7199000
|
heap
|
page read and write
|
||
|
2A4E000
|
unkown
|
page read and write
|
||
|
2DE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
708E000
|
stack
|
page read and write
|
||
|
2EE0000
|
remote allocation
|
page execute and read and write
|
||
|
1F670000
|
heap
|
page read and write
|
||
|
6D30000
|
direct allocation
|
page read and write
|
||
|
83F2000
|
heap
|
page read and write
|
||
|
8010000
|
trusted library allocation
|
page read and write
|
||
|
3E41000
|
heap
|
page read and write
|
||
|
764000
|
heap
|
page read and write
|
||
|
7420000
|
trusted library allocation
|
page read and write
|
||
|
768000
|
heap
|
page read and write
|
||
|
710E000
|
stack
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
73D0000
|
trusted library allocation
|
page read and write
|
||
|
3D90000
|
heap
|
page read and write
|
||
|
2DC0000
|
trusted library allocation
|
page read and write
|
||
|
7160000
|
heap
|
page read and write
|
||
|
56B0000
|
direct allocation
|
page read and write
|
||
|
82AE000
|
stack
|
page read and write
|
||
|
7400000
|
trusted library allocation
|
page read and write
|
||
|
98E000
|
stack
|
page read and write
|
||
|
1F3AF000
|
stack
|
page read and write
|
||
|
2C17000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
269D000
|
stack
|
page read and write
|
||
|
7560000
|
trusted library allocation
|
page read and write
|
||
|
80F0000
|
trusted library allocation
|
page read and write
|
||
|
75E0000
|
trusted library allocation
|
page read and write
|
||
|
2DD0000
|
heap
|
page readonly
|
||
|
A34000
|
heap
|
page read and write
|
||
|
1F28E000
|
stack
|
page read and write
|
||
|
2B60000
|
heap
|
page read and write
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
8660000
|
direct allocation
|
page read and write
|
||
|
3C15000
|
heap
|
page read and write
|
||
|
71A9000
|
heap
|
page read and write
|
||
|
752000
|
heap
|
page read and write
|
||
|
2B0E000
|
stack
|
page read and write
|
||
|
3E4E000
|
heap
|
page read and write
|
||
|
7600000
|
trusted library allocation
|
page read and write
|
||
|
235F000
|
stack
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
764000
|
heap
|
page read and write
|
||
|
3A0A000
|
remote allocation
|
page execute and read and write
|
||
|
80D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
77B000
|
heap
|
page read and write
|
||
|
3E03000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
5650000
|
direct allocation
|
page read and write
|
||
|
1F41D000
|
stack
|
page read and write
|
||
|
7FF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D7E000
|
stack
|
page read and write
|
||
|
3E06000
|
heap
|
page read and write
|
||
|
2D9A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F30C000
|
stack
|
page read and write
|
||
|
56F0000
|
direct allocation
|
page read and write
|
||
|
2C7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2380000
|
heap
|
page read and write
|
||
|
4A0000
|
heap
|
page read and write
|
||
|
2CB9000
|
heap
|
page read and write
|
||
|
98000
|
stack
|
page read and write
|
||
|
85F0000
|
trusted library allocation
|
page read and write
|
||
|
753D000
|
stack
|
page read and write
|
||
|
80C0000
|
heap
|
page read and write
|
||
|
6F50000
|
heap
|
page read and write
|
||
|
768000
|
heap
|
page read and write
|
||
|
3E06000
|
heap
|
page read and write
|
||
|
70CE000
|
stack
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
6AEE000
|
stack
|
page read and write
|
||
|
2C70000
|
trusted library allocation
|
page read and write
|
||
|
3E41000
|
heap
|
page read and write
|
||
|
3C10000
|
heap
|
page read and write
|
||
|
1F45E000
|
stack
|
page read and write
|
||
|
7570000
|
trusted library allocation
|
page read and write
|
||
|
2830000
|
heap
|
page read and write
|
||
|
3240000
|
heap
|
page read and write
|
||
|
6CF0000
|
direct allocation
|
page read and write
|
||
|
2D07000
|
heap
|
page read and write
|
||
|
1F3C0000
|
heap
|
page read and write
|
||
|
2E7E000
|
stack
|
page read and write
|
||
|
5C1A000
|
trusted library allocation
|
page read and write
|
||
|
752000
|
heap
|
page read and write
|
||
|
6B40000
|
heap
|
page execute and read and write
|
||
|
3DDC000
|
heap
|
page read and write
|
||
|
2C74000
|
trusted library allocation
|
page read and write
|
||
|
2B66000
|
heap
|
page read and write
|
||
|
8000000
|
trusted library allocation
|
page read and write
|
||
|
605000
|
heap
|
page read and write
|
||
|
7207000
|
heap
|
page read and write
|
||
|
1F53F000
|
stack
|
page read and write
|
||
|
8610000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F64F000
|
stack
|
page read and write
|
||
|
4FFA000
|
trusted library allocation
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
6EDD000
|
stack
|
page read and write
|
||
|
2E88000
|
trusted library allocation
|
page read and write
|
||
|
5ADB000
|
trusted library allocation
|
page read and write
|
||
|
71C6000
|
heap
|
page read and write
|
||
|
2CBB000
|
heap
|
page read and write
|
||
|
768000
|
heap
|
page read and write
|
||
|
2390000
|
heap
|
page read and write
|
||
|
71C1000
|
heap
|
page read and write
|
||
|
7F590000
|
trusted library allocation
|
page execute and read and write
|
||
|
77E000
|
heap
|
page read and write
|
||
|
752000
|
heap
|
page read and write
|
||
|
752000
|
heap
|
page read and write
|
||
|
6B8E000
|
stack
|
page read and write
|
||
|
714F000
|
stack
|
page read and write
|
||
|
72A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
83F0000
|
heap
|
page read and write
|
||
|
2778000
|
stack
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
4A0E000
|
stack
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
2A7B000
|
heap
|
page read and write
|
||
|
775000
|
heap
|
page read and write
|
||
|
472000
|
unkown
|
page readonly
|
||
|
3E45000
|
heap
|
page read and write
|
||
|
2C10000
|
heap
|
page read and write
|
||
|
7270000
|
trusted library allocation
|
page read and write
|
||
|
3230000
|
heap
|
page read and write
|
||
|
7590000
|
trusted library allocation
|
page read and write
|
||
|
460000
|
unkown
|
page read and write
|
||
|
AAE000
|
stack
|
page read and write
|
||
|
3E01000
|
heap
|
page read and write
|
||
|
80BE000
|
stack
|
page read and write
|
||
|
7FE0000
|
heap
|
page read and write
|
||
|
3E45000
|
heap
|
page read and write
|
||
|
472000
|
unkown
|
page readonly
|
||
|
433000
|
unkown
|
page read and write
|
||
|
4A71000
|
trusted library allocation
|
page read and write
|
||
|
273C000
|
stack
|
page read and write
|
||
|
75C0000
|
trusted library allocation
|
page read and write
|
||
|
5630000
|
heap
|
page readonly
|
||
|
2839000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
775000
|
heap
|
page read and write
|
||
|
84CA000
|
heap
|
page read and write
|
||
|
764B000
|
stack
|
page read and write
|
||
|
7FD7000
|
stack
|
page read and write
|
||
|
2A00000
|
heap
|
page read and write
|
||
|
775000
|
heap
|
page read and write
|
||
|
2E35000
|
direct allocation
|
page read and write
|
||
|
2B4F000
|
stack
|
page read and write
|
||
|
764000
|
heap
|
page read and write
|
||
|
2A70000
|
heap
|
page read and write
|
||
|
80E0000
|
heap
|
page read and write
|
||
|
282F000
|
stack
|
page read and write
|
||
|
56A0000
|
direct allocation
|
page read and write
|
||
|
2DA0000
|
trusted library allocation
|
page read and write
|
||
|
279D000
|
stack
|
page read and write
|
||
|
75D0000
|
trusted library allocation
|
page read and write
|
||
|
83EC000
|
stack
|
page read and write
|
||
|
764000
|
heap
|
page read and write
|
||
|
718A000
|
heap
|
page read and write
|
||
|
3DD5000
|
heap
|
page read and write
|
||
|
56D0000
|
direct allocation
|
page read and write
|
||
|
5C20000
|
trusted library allocation
|
page read and write
|
||
|
764000
|
heap
|
page read and write
|
||
|
427000
|
unkown
|
page read and write
|
||
|
2C40000
|
trusted library section
|
page read and write
|
||
|
283A000
|
heap
|
page read and write
|
||
|
764000
|
heap
|
page read and write
|
||
|
768000
|
heap
|
page read and write
|
||
|
768000
|
heap
|
page read and write
|
||
|
2D50000
|
heap
|
page read and write
|
||
|
3BE0000
|
heap
|
page read and write
|
||
|
6C0E000
|
stack
|
page read and write
|
||
|
8170000
|
trusted library allocation
|
page read and write
|
||
|
2F0000
|
unkown
|
page readonly
|
||
|
74BE000
|
stack
|
page read and write
|
||
|
42A000
|
unkown
|
page read and write
|
||
|
5670000
|
direct allocation
|
page read and write
|
||
|
5A71000
|
trusted library allocation
|
page read and write
|
||
|
73F0000
|
trusted library allocation
|
page read and write
|
||
|
8670000
|
direct allocation
|
page read and write
|
||
|
4A10000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
7580000
|
trusted library allocation
|
page read and write
|
||
|
82ED000
|
stack
|
page read and write
|
||
|
6AAE000
|
stack
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
AB5000
|
heap
|
page read and write
|
||
|
2D3F000
|
unkown
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
75E000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
1F4FE000
|
stack
|
page read and write
|
||
|
836C000
|
stack
|
page read and write
|
||
|
8600000
|
heap
|
page read and write
|
||
|
49CC000
|
stack
|
page read and write
|
||
|
2BEE000
|
stack
|
page read and write
|
||
|
2C60000
|
trusted library allocation
|
page read and write
|
||
|
6BCE000
|
stack
|
page read and write
|
||
|
5FE000
|
stack
|
page read and write
|
||
|
3B50000
|
heap
|
page read and write
|
||
|
2F1000
|
unkown
|
page execute read
|
||
|
75F0000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
5660000
|
direct allocation
|
page read and write
|
||
|
56C0000
|
direct allocation
|
page read and write
|
||
|
75A0000
|
trusted library allocation
|
page read and write
|
||
|
6D10000
|
direct allocation
|
page read and write
|
||
|
56E0000
|
direct allocation
|
page read and write
|
||
|
2E3E000
|
stack
|
page read and write
|
||
|
775000
|
heap
|
page read and write
|
||
|
83AE000
|
stack
|
page read and write
|
||
|
747E000
|
stack
|
page read and write
|
||
|
2E30000
|
direct allocation
|
page read and write
|
||
|
8477000
|
heap
|
page read and write
|
||
|
775000
|
heap
|
page read and write
|
||
|
1F58C000
|
stack
|
page read and write
|
||
|
2BAE000
|
stack
|
page read and write
|
||
|
4BC6000
|
trusted library allocation
|
page read and write
|
||
|
4FF2000
|
trusted library allocation
|
page read and write
|
||
|
8640000
|
direct allocation
|
page read and write
|
||
|
443000
|
unkown
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
807D000
|
stack
|
page read and write
|
||
|
7228000
|
heap
|
page read and write
|
||
|
1F4C0000
|
remote allocation
|
page read and write
|
||
|
98BA000
|
direct allocation
|
page execute and read and write
|
||
|
91F000
|
stack
|
page read and write
|
||
|
283D000
|
heap
|
page read and write
|
||
|
8265000
|
trusted library allocation
|
page read and write
|
||
|
462000
|
unkown
|
page readonly
|
||
|
7410000
|
trusted library allocation
|
page read and write
|
||
|
4A69000
|
heap
|
page read and write
|
||
|
72C2000
|
heap
|
page read and write
|
||
|
6B45000
|
heap
|
page execute and read and write
|
||
|
832C000
|
stack
|
page read and write
|
||
|
1F4C0000
|
remote allocation
|
page read and write
|
||
|
71D2000
|
heap
|
page read and write
|
||
|
5C07000
|
trusted library allocation
|
page read and write
|
||
|
2D4B000
|
heap
|
page read and write
|
||
|
283A000
|
heap
|
page read and write
|
||
|
9EE000
|
stack
|
page read and write
|
||
|
2A60000
|
heap
|
page read and write
|
||
|
2DF0000
|
heap
|
page execute and read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
77E000
|
heap
|
page read and write
|
||
|
2D64000
|
heap
|
page read and write
|
||
|
74FE000
|
stack
|
page read and write
|
||
|
2DA2000
|
trusted library allocation
|
page read and write
|
||
|
2D80000
|
trusted library allocation
|
page read and write
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
70F000
|
stack
|
page read and write
|
||
|
574E000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2E30000
|
direct allocation
|
page read and write
|
||
|
2C73000
|
trusted library allocation
|
page execute and read and write
|
||
|
4AD2000
|
trusted library allocation
|
page read and write
|
||
|
8650000
|
direct allocation
|
page read and write
|
||
|
6D50000
|
direct allocation
|
page read and write
|
There are 336 hidden memdumps, click here to show them.