Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Commande No 00007 de M.N.S. S.A. 24000127 MNS Distribution.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\salpetersyrefabrikkers\occupying\Nonsynoptic168\Ridderlige\Phrygian\Overmine\Commande No 00007
de M.N.S. S.A. 24000127 MNS Distribution.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\salpetersyrefabrikkers\occupying\Nonsynoptic168\unvolubly\Langtrkkendes\Pelletising.Art
|
ASCII text, with very long lines (57941), with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\mqerms.dat
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bad_module_info_dcd3242e9fa4189184df4216daa4e4c7cdf1959_85207d7d_0d37da72-e0a4-40d1-9506-4577add39946\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bad_module_info_dcd3242e9fa4189184df4216daa4e4c7cdf1959_85207d7d_4cbfa5f4-55bf-47c7-8a7f-d4e5763c5b61\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bad_module_info_dcd3242e9fa4189184df4216daa4e4c7cdf1959_85207d7d_562e0f79-c5ac-4f14-9bff-4ce0aa29541b\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bad_module_info_dcd3242e9fa4189184df4216daa4e4c7cdf1959_85207d7d_6c17f07a-b256-447d-a73e-2cf2d7528794\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bad_module_info_dcd3242e9fa4189184df4216daa4e4c7cdf1959_85207d7d_8044eedc-669d-4f88-8efd-c5d9d6b6de9d\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bad_module_info_dcd3242e9fa4189184df4216daa4e4c7cdf1959_85207d7d_9d8433ef-6188-4b00-b549-f230d2ca4528\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bad_module_info_dcd3242e9fa4189184df4216daa4e4c7cdf1959_85207d7d_cc31fde0-7bd0-477c-9450-f47db8308721\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER194A.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER19D8.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1A15.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1A25.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1A74.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1A75.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER45B.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER48B.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF008.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF017.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF037.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF0B4.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF0F4.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\WER92C.tmp.WERDataCollectionStatus.txt
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\WER98A.tmp.WERDataCollectionStatus.txt
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\WER9D8.tmp.WERDataCollectionStatus.txt
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\WERE018.tmp.WERDataCollectionStatus.txt
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\WERE028.tmp.WERDataCollectionStatus.txt
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\WERE047.tmp.WERDataCollectionStatus.txt
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\WERF47B.tmp.WERDataCollectionStatus.txt
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cw1bqf5m.igo.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dl5vznuf.nwt.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsi820F.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\salpetersyrefabrikkers\occupying\Nonsynoptic168\Ridderlige\Phrygian\Overmine\Commande No 00007
de M.N.S. S.A. 24000127 MNS Distribution.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\salpetersyrefabrikkers\occupying\Nonsynoptic168\Ridderlige\Phrygian\Overmine\lerret.txt
|
ASCII text, with very long lines (409), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\salpetersyrefabrikkers\occupying\Nonsynoptic168\Ridderlige\Phrygian\Overmine\underholdshjlp.sca
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\salpetersyrefabrikkers\occupying\Nonsynoptic168\registerforvaltningers\Bryllupsmarchens\befolkningstallets.tnd
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\salpetersyrefabrikkers\occupying\Nonsynoptic168\unvolubly\Langtrkkendes\Raciality.Fly
|
data
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 32 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Commande No 00007 de M.N.S. S.A. 24000127 MNS Distribution.exe
|
"C:\Users\user\Desktop\Commande No 00007 de M.N.S. S.A. 24000127 MNS Distribution.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"powershell.exe" -windowstyle hidden "$Interlucent=Get-Content 'C:\Users\user\AppData\Local\salpetersyrefabrikkers\occupying\Nonsynoptic168\unvolubly\Langtrkkendes\Pelletising.Art';$Sciography=$Interlucent.SubString(57898,3);.$Sciography($Interlucent)"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" "/c set /A 1^^0"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Emraud" /t REG_EXPAND_SZ
/d "%Skraastillinger% -windowstyle minimized $Boplskommunens=(Get-ItemProperty -Path 'HKCU:\Somervillite\').Efs;%Skraastillinger%
($Boplskommunens)"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\iqylzxvzgukwqzib"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\lkdwaqoatccasgefpzj"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\vmqobizuhkvfdmsjykvozo"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\qtegxhlgdhz"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\awsyyzwhrprlrb"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\cqxrzshbfxjqbhhfak"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\hhytwjmog"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\sbdlxbwhukxba"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\uvjexuhjqspgcijx"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\zmkgulmo"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\jhpzvdxigfe"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\jhpzvdxigfe"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\mjdrowijunwwlk"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\reg.exe
|
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Emraud" /t REG_EXPAND_SZ /d "%Skraastillinger% -windowstyle
minimized $Boplskommunens=(Get-ItemProperty -Path 'HKCU:\Somervillite\').Efs;%Skraastillinger% ($Boplskommunens)"
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 12
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 12
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 12
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 12
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 12
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 12
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 12
|
There are 18 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
|
|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
learfo55ozj01.duckdns.org
|
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://ricohltd.top/aCqwFQDQz144.bin
|
172.67.191.112
|
||
|
http://nsis.sf.net/NSIS_Error
|
unknown
|
||
|
http://geoplugin.net/json.gpe
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://geoplugin.net/json.gprfo2
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://ricohltd.top/aCqwFQDQz144.bin-_
|
unknown
|
||
|
http://geoplugin.net/json.gpP
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://geoplugin.net/json.gpen
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://ricohltd.top/-
|
unknown
|
||
|
https://ricohltd.top/
|
unknown
|
There are 12 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
learfo55ozj01.duckdns.org
|
193.222.96.21
|
|
|
|
geoplugin.net
|
178.237.33.50
|
||
|
ricohltd.top
|
172.67.191.112
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
193.222.96.21
|
learfo55ozj01.duckdns.org
|
Germany
|
|
|
|
172.67.191.112
|
ricohltd.top
|
United States
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\svvebanernes\kvindelige
|
closecross
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Statsmagt180
|
smalfilmer
|
||
|
HKEY_CURRENT_USER\Somervillite
|
Efs
|
||
|
HKEY_CURRENT_USER\Environment
|
Skraastillinger
|
||
|
HKEY_CURRENT_USER\SOFTWARE\alpwovnb-G3F5OR
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\alpwovnb-G3F5OR
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\alpwovnb-G3F5OR
|
time
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Emraud
|
||
|
\REGISTRY\A\{c861866c-ad17-266f-448e-64ab34d3fd3a}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
ProgramId
|
||
|
\REGISTRY\A\{c861866c-ad17-266f-448e-64ab34d3fd3a}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
FileId
|
||
|
\REGISTRY\A\{c861866c-ad17-266f-448e-64ab34d3fd3a}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{c861866c-ad17-266f-448e-64ab34d3fd3a}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
LongPathHash
|
||
|
\REGISTRY\A\{c861866c-ad17-266f-448e-64ab34d3fd3a}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
Name
|
||
|
\REGISTRY\A\{c861866c-ad17-266f-448e-64ab34d3fd3a}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
OriginalFileName
|
||
|
\REGISTRY\A\{c861866c-ad17-266f-448e-64ab34d3fd3a}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
Publisher
|
||
|
\REGISTRY\A\{c861866c-ad17-266f-448e-64ab34d3fd3a}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
Version
|
||
|
\REGISTRY\A\{c861866c-ad17-266f-448e-64ab34d3fd3a}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
BinFileVersion
|
||
|
\REGISTRY\A\{c861866c-ad17-266f-448e-64ab34d3fd3a}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
BinaryType
|
||
|
\REGISTRY\A\{c861866c-ad17-266f-448e-64ab34d3fd3a}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
ProductName
|
||
|
\REGISTRY\A\{c861866c-ad17-266f-448e-64ab34d3fd3a}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
ProductVersion
|
||
|
\REGISTRY\A\{c861866c-ad17-266f-448e-64ab34d3fd3a}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
LinkDate
|
||
|
\REGISTRY\A\{c861866c-ad17-266f-448e-64ab34d3fd3a}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
BinProductVersion
|
||
|
\REGISTRY\A\{c861866c-ad17-266f-448e-64ab34d3fd3a}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{c861866c-ad17-266f-448e-64ab34d3fd3a}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{c861866c-ad17-266f-448e-64ab34d3fd3a}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
Size
|
||
|
\REGISTRY\A\{c861866c-ad17-266f-448e-64ab34d3fd3a}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
Language
|
||
|
\REGISTRY\A\{c861866c-ad17-266f-448e-64ab34d3fd3a}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
IsOsComponent
|
||
|
\REGISTRY\A\{c861866c-ad17-266f-448e-64ab34d3fd3a}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDABBE6B3
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 24 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
9A7C000
|
heap
|
page read and write
|
|
|
|
9F92000
|
direct allocation
|
page execute and read and write
|
|
|
|
9A7C000
|
heap
|
page read and write
|
|
|
|
2581D000
|
stack
|
page read and write
|
||
|
97F5000
|
heap
|
page read and write
|
||
|
6F97000
|
heap
|
page read and write
|
||
|
45F000
|
system
|
page execute and read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
5712000
|
remote allocation
|
page execute and read and write
|
||
|
71E0000
|
trusted library allocation
|
page read and write
|
||
|
6D9E000
|
stack
|
page read and write
|
||
|
950000
|
trusted library allocation
|
page read and write
|
||
|
8043000
|
heap
|
page read and write
|
||
|
7230000
|
trusted library allocation
|
page read and write
|
||
|
7C27000
|
stack
|
page read and write
|
||
|
25B30000
|
heap
|
page read and write
|
||
|
2639F000
|
unclassified section
|
page execute and read and write
|
||
|
6B9000
|
heap
|
page read and write
|
||
|
8020000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
6890000
|
direct allocation
|
page read and write
|
||
|
7512000
|
remote allocation
|
page execute and read and write
|
||
|
45F000
|
system
|
page execute and read and write
|
||
|
2AEC000
|
stack
|
page read and write
|
||
|
31C000
|
stack
|
page read and write
|
||
|
26326000
|
unclassified section
|
page execute and read and write
|
||
|
26292000
|
unclassified section
|
page execute and read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
26D0000
|
heap
|
page read and write
|
||
|
9A56000
|
heap
|
page read and write
|
||
|
7220000
|
trusted library allocation
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
4E40000
|
trusted library allocation
|
page read and write
|
||
|
4660000
|
trusted library allocation
|
page read and write
|
||
|
26532000
|
unclassified section
|
page execute and read and write
|
||
|
9AD6000
|
heap
|
page read and write
|
||
|
2B3E000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
25EC000
|
stack
|
page read and write
|
||
|
9AC1000
|
heap
|
page read and write
|
||
|
806D000
|
heap
|
page read and write
|
||
|
2840000
|
heap
|
page read and write
|
||
|
25930000
|
heap
|
page read and write
|
||
|
9A77000
|
heap
|
page read and write
|
||
|
6EDD000
|
heap
|
page read and write
|
||
|
8280000
|
direct allocation
|
page execute and read and write
|
||
|
677000
|
heap
|
page read and write
|
||
|
28FC000
|
stack
|
page read and write
|
||
|
800000
|
direct allocation
|
page read and write
|
||
|
71F0000
|
trusted library allocation
|
page read and write
|
||
|
2A90000
|
heap
|
page read and write
|
||
|
2565D000
|
stack
|
page read and write
|
||
|
267E000
|
stack
|
page read and write
|
||
|
26400000
|
unclassified section
|
page execute and read and write
|
||
|
2F7C000
|
stack
|
page read and write
|
||
|
9AC1000
|
heap
|
page read and write
|
||
|
9A76000
|
heap
|
page read and write
|
||
|
6A10000
|
heap
|
page execute and read and write
|
||
|
2571E000
|
stack
|
page read and write
|
||
|
26096000
|
unclassified section
|
page execute and read and write
|
||
|
BA07000
|
trusted library allocation
|
page read and write
|
||
|
711E000
|
stack
|
page read and write
|
||
|
25192000
|
unclassified section
|
page execute and read and write
|
||
|
60E000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
6F90000
|
heap
|
page read and write
|
||
|
9C80000
|
direct allocation
|
page read and write
|
||
|
6F82000
|
heap
|
page read and write
|
||
|
980000
|
trusted library allocation
|
page read and write
|
||
|
231D000
|
stack
|
page read and write
|
||
|
424000
|
unkown
|
page read and write
|
||
|
8057000
|
heap
|
page read and write
|
||
|
8220000
|
trusted library allocation
|
page execute and read and write
|
||
|
69C000
|
heap
|
page read and write
|
||
|
830000
|
direct allocation
|
page read and write
|
||
|
9312000
|
remote allocation
|
page execute and read and write
|
||
|
25380000
|
remote allocation
|
page read and write
|
||
|
263E2000
|
unclassified section
|
page execute and read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
45F000
|
system
|
page execute and read and write
|
||
|
676000
|
heap
|
page read and write
|
||
|
A40000
|
heap
|
page readonly
|
||
|
409000
|
unkown
|
page write copy
|
||
|
251F0000
|
direct allocation
|
page read and write
|
||
|
8049000
|
heap
|
page read and write
|
||
|
940000
|
trusted library allocation
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
2700000
|
heap
|
page read and write
|
||
|
9C90000
|
direct allocation
|
page read and write
|
||
|
8076000
|
heap
|
page read and write
|
||
|
927000
|
heap
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
25772000
|
unclassified section
|
page execute and read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
9A76000
|
heap
|
page read and write
|
||
|
994E000
|
stack
|
page read and write
|
||
|
278D000
|
heap
|
page read and write
|
||
|
7D0000
|
direct allocation
|
page read and write
|
||
|
9AC5000
|
heap
|
page read and write
|
||
|
62E000
|
heap
|
page read and write
|
||
|
7DA4000
|
trusted library allocation
|
page read and write
|
||
|
9A7D000
|
heap
|
page read and write
|
||
|
46BE000
|
stack
|
page read and write
|
||
|
24A30000
|
direct allocation
|
page read and write
|
||
|
9A19000
|
heap
|
page read and write
|
||
|
265B6000
|
unclassified section
|
page execute and read and write
|
||
|
71C0000
|
trusted library allocation
|
page read and write
|
||
|
24AA0000
|
direct allocation
|
page read and write
|
||
|
5869000
|
trusted library allocation
|
page read and write
|
||
|
28AC000
|
stack
|
page read and write
|
||
|
8037000
|
heap
|
page read and write
|
||
|
990E000
|
stack
|
page read and write
|
||
|
954000
|
trusted library allocation
|
page read and write
|
||
|
2D1B000
|
heap
|
page read and write
|
||
|
7C90000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
59E3000
|
trusted library allocation
|
page read and write
|
||
|
820000
|
direct allocation
|
page read and write
|
||
|
489E000
|
trusted library allocation
|
page read and write
|
||
|
26020000
|
unclassified section
|
page execute and read and write
|
||
|
2B1C000
|
stack
|
page read and write
|
||
|
2830000
|
heap
|
page read and write
|
||
|
9950000
|
heap
|
page readonly
|
||
|
608000
|
heap
|
page read and write
|
||
|
7C9D000
|
trusted library allocation
|
page read and write
|
||
|
9A86000
|
heap
|
page read and write
|
||
|
7180000
|
trusted library allocation
|
page execute and read and write
|
||
|
840000
|
direct allocation
|
page read and write
|
||
|
253FF000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2B80000
|
heap
|
page read and write
|
||
|
9AC5000
|
heap
|
page read and write
|
||
|
7DB0000
|
trusted library allocation
|
page read and write
|
||
|
25380000
|
remote allocation
|
page read and write
|
||
|
71A0000
|
trusted library allocation
|
page read and write
|
||
|
6FA9000
|
heap
|
page read and write
|
||
|
25380000
|
remote allocation
|
page read and write
|
||
|
7030000
|
trusted library allocation
|
page read and write
|
||
|
95D000
|
trusted library allocation
|
page execute and read and write
|
||
|
24A40000
|
direct allocation
|
page read and write
|
||
|
880000
|
direct allocation
|
page read and write
|
||
|
985000
|
trusted library allocation
|
page execute and read and write
|
||
|
99C0000
|
direct allocation
|
page read and write
|
||
|
422000
|
unkown
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
25200000
|
direct allocation
|
page read and write
|
||
|
70DE000
|
stack
|
page read and write
|
||
|
D192000
|
direct allocation
|
page execute and read and write
|
||
|
9B0000
|
trusted library allocation
|
page read and write
|
||
|
AF0000
|
heap
|
page execute and read and write
|
||
|
6F49000
|
heap
|
page read and write
|
||
|
2624F000
|
unclassified section
|
page execute and read and write
|
||
|
26740000
|
unclassified section
|
page execute and read and write
|
||
|
480000
|
heap
|
page read and write
|
||
|
6AA0000
|
heap
|
page read and write
|
||
|
7170000
|
trusted library allocation
|
page read and write
|
||
|
477F000
|
stack
|
page read and write
|
||
|
47FE000
|
stack
|
page read and write
|
||
|
6EEE000
|
heap
|
page read and write
|
||
|
2C8C000
|
stack
|
page read and write
|
||
|
59E8000
|
trusted library allocation
|
page read and write
|
||
|
6F9B000
|
heap
|
page read and write
|
||
|
422000
|
system
|
page execute and read and write
|
||
|
6DC2000
|
heap
|
page read and write
|
||
|
9A6D000
|
heap
|
page read and write
|
||
|
2707000
|
heap
|
page read and write
|
||
|
26510000
|
unclassified section
|
page execute and read and write
|
||
|
2ECE000
|
stack
|
page read and write
|
||
|
2A60000
|
heap
|
page read and write
|
||
|
2780000
|
remote allocation
|
page read and write
|
||
|
7CA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2330000
|
heap
|
page read and write
|
||
|
7D40000
|
trusted library allocation
|
page read and write
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
7CB0000
|
heap
|
page read and write
|
||
|
3120000
|
heap
|
page read and write
|
||
|
C792000
|
direct allocation
|
page execute and read and write
|
||
|
251E0000
|
direct allocation
|
page read and write
|
||
|
8B92000
|
direct allocation
|
page execute and read and write
|
||
|
99F0000
|
heap
|
page read and write
|
||
|
4830000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
263E000
|
unkown
|
page read and write
|
||
|
30F0000
|
heap
|
page read and write
|
||
|
22E0000
|
heap
|
page read and write
|
||
|
254DE000
|
stack
|
page read and write
|
||
|
7CFD000
|
stack
|
page read and write
|
||
|
2710000
|
heap
|
page read and write
|
||
|
26490000
|
unclassified section
|
page execute and read and write
|
||
|
24A70000
|
direct allocation
|
page read and write
|
||
|
2513F000
|
stack
|
page read and write
|
||
|
422000
|
system
|
page execute and read and write
|
||
|
9970000
|
direct allocation
|
page read and write
|
||
|
250FE000
|
stack
|
page read and write
|
||
|
99BE000
|
stack
|
page read and write
|
||
|
969000
|
trusted library allocation
|
page read and write
|
||
|
8912000
|
remote allocation
|
page execute and read and write
|
||
|
71B0000
|
trusted library allocation
|
page read and write
|
||
|
265C0000
|
unclassified section
|
page execute and read and write
|
||
|
2145000
|
heap
|
page read and write
|
||
|
3680000
|
heap
|
page read and write
|
||
|
432000
|
unkown
|
page readonly
|
||
|
476000
|
system
|
page execute and read and write
|
||
|
4160000
|
remote allocation
|
page execute and read and write
|
||
|
97C0000
|
heap
|
page read and write
|
||
|
4D12000
|
remote allocation
|
page execute and read and write
|
||
|
5841000
|
trusted library allocation
|
page read and write
|
||
|
2E3C000
|
stack
|
page read and write
|
||
|
282E000
|
stack
|
page read and write
|
||
|
26142000
|
unclassified section
|
page execute and read and write
|
||
|
28FF000
|
unkown
|
page read and write
|
||
|
7F9C000
|
stack
|
page read and write
|
||
|
860000
|
direct allocation
|
page read and write
|
||
|
7C40000
|
trusted library allocation
|
page execute and read and write
|
||
|
661000
|
heap
|
page read and write
|
||
|
47BE000
|
stack
|
page read and write
|
||
|
7250000
|
trusted library allocation
|
page read and write
|
||
|
26540000
|
unclassified section
|
page execute and read and write
|
||
|
6EF7000
|
heap
|
page read and write
|
||
|
9AC1000
|
heap
|
page read and write
|
||
|
25B31000
|
heap
|
page read and write
|
||
|
232E000
|
stack
|
page read and write
|
||
|
71D0000
|
trusted library allocation
|
page read and write
|
||
|
97A000
|
trusted library allocation
|
page execute and read and write
|
||
|
26120000
|
unclassified section
|
page execute and read and write
|
||
|
2559E000
|
stack
|
page read and write
|
||
|
8071000
|
heap
|
page read and write
|
||
|
24A10000
|
direct allocation
|
page read and write
|
||
|
6A15000
|
heap
|
page execute and read and write
|
||
|
98000
|
stack
|
page read and write
|
||
|
62A000
|
heap
|
page read and write
|
||
|
9AD5000
|
heap
|
page read and write
|
||
|
2CEC000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2140000
|
heap
|
page read and write
|
||
|
29FF000
|
stack
|
page read and write
|
||
|
953000
|
trusted library allocation
|
page execute and read and write
|
||
|
26340000
|
unclassified section
|
page execute and read and write
|
||
|
8081000
|
heap
|
page read and write
|
||
|
80C6000
|
heap
|
page read and write
|
||
|
24A20000
|
direct allocation
|
page read and write
|
||
|
274C000
|
stack
|
page read and write
|
||
|
2661F000
|
unclassified section
|
page execute and read and write
|
||
|
7DD0000
|
trusted library allocation
|
page read and write
|
||
|
7C50000
|
trusted library allocation
|
page read and write
|
||
|
26476000
|
unclassified section
|
page execute and read and write
|
||
|
638000
|
heap
|
page read and write
|
||
|
25410000
|
heap
|
page read and write
|
||
|
432000
|
unkown
|
page readonly
|
||
|
25B18000
|
heap
|
page read and write
|
||
|
2B40000
|
heap
|
page read and write
|
||
|
264EF000
|
unclassified section
|
page execute and read and write
|
||
|
7D3F000
|
stack
|
page read and write
|
||
|
2848000
|
heap
|
page read and write
|
||
|
6ED9000
|
heap
|
page read and write
|
||
|
9ABE000
|
heap
|
page read and write
|
||
|
4839000
|
heap
|
page read and write
|
||
|
429000
|
unkown
|
page read and write
|
||
|
26EC000
|
stack
|
page read and write
|
||
|
24A50000
|
direct allocation
|
page read and write
|
||
|
255DC000
|
stack
|
page read and write
|
||
|
AEE000
|
stack
|
page read and write
|
||
|
62C000
|
heap
|
page read and write
|
||
|
357000
|
stack
|
page read and write
|
||
|
665000
|
heap
|
page read and write
|
||
|
7F0000
|
direct allocation
|
page read and write
|
||
|
22D0000
|
heap
|
page read and write
|
||
|
6B12000
|
remote allocation
|
page execute and read and write
|
||
|
277F000
|
stack
|
page read and write
|
||
|
7DA0000
|
trusted library allocation
|
page read and write
|
||
|
810000
|
direct allocation
|
page read and write
|
||
|
476000
|
system
|
page execute and read and write
|
||
|
473E000
|
stack
|
page read and write
|
||
|
998000
|
heap
|
page read and write
|
||
|
2525E000
|
stack
|
page read and write
|
||
|
8270000
|
trusted library allocation
|
page read and write
|
||
|
24A60000
|
direct allocation
|
page read and write
|
||
|
25BC2000
|
heap
|
page read and write
|
||
|
669000
|
heap
|
page read and write
|
||
|
11D000
|
stack
|
page read and write
|
||
|
6EC7000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
261F0000
|
unclassified section
|
page execute and read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
3100000
|
heap
|
page read and write
|
||
|
308F000
|
stack
|
page read and write
|
||
|
430000
|
unkown
|
page read and write
|
||
|
46FE000
|
stack
|
page read and write
|
||
|
2545C000
|
stack
|
page read and write
|
||
|
7F660000
|
trusted library allocation
|
page execute and read and write
|
||
|
7240000
|
trusted library allocation
|
page read and write
|
||
|
2532E000
|
stack
|
page read and write
|
||
|
6ED0000
|
heap
|
page read and write
|
||
|
7F12000
|
remote allocation
|
page execute and read and write
|
||
|
7C80000
|
heap
|
page read and write
|
||
|
709E000
|
stack
|
page read and write
|
||
|
7C30000
|
heap
|
page read and write
|
||
|
2723000
|
heap
|
page read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
422000
|
system
|
page execute and read and write
|
||
|
2F0F000
|
unkown
|
page read and write
|
||
|
6FA0000
|
heap
|
page read and write
|
||
|
263C0000
|
unclassified section
|
page execute and read and write
|
||
|
97F0000
|
heap
|
page read and write
|
||
|
4841000
|
trusted library allocation
|
page read and write
|
||
|
80CE000
|
heap
|
page read and write
|
||
|
24EFC000
|
stack
|
page read and write
|
||
|
8250000
|
trusted library allocation
|
page read and write
|
||
|
9CA6000
|
heap
|
page read and write
|
||
|
68A0000
|
direct allocation
|
page read and write
|
||
|
25C0B000
|
heap
|
page read and write
|
||
|
2549C000
|
stack
|
page read and write
|
||
|
26762000
|
unclassified section
|
page execute and read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
91F000
|
stack
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
25FB0000
|
unclassified section
|
page execute and read and write
|
||
|
7015000
|
trusted library allocation
|
page read and write
|
||
|
67C000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
297F000
|
stack
|
page read and write
|
||
|
24A80000
|
direct allocation
|
page read and write
|
||
|
2600F000
|
unclassified section
|
page execute and read and write
|
||
|
870000
|
direct allocation
|
page read and write
|
||
|
252EE000
|
stack
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
24EBD000
|
stack
|
page read and write
|
||
|
9A86000
|
heap
|
page read and write
|
||
|
29FF000
|
stack
|
page read and write
|
||
|
4650000
|
trusted library allocation
|
page execute and read and write
|
||
|
982000
|
trusted library allocation
|
page read and write
|
||
|
DB92000
|
direct allocation
|
page execute and read and write
|
||
|
7040000
|
trusted library allocation
|
page read and write
|
||
|
9AD5000
|
heap
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
AAC000
|
stack
|
page read and write
|
||
|
7020000
|
trusted library allocation
|
page read and write
|
||
|
99D0000
|
direct allocation
|
page read and write
|
||
|
274D000
|
stack
|
page read and write
|
||
|
6FC2000
|
heap
|
page read and write
|
||
|
930000
|
trusted library section
|
page read and write
|
||
|
805F000
|
heap
|
page read and write
|
||
|
20FE000
|
stack
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
960000
|
trusted library allocation
|
page read and write
|
||
|
7200000
|
trusted library allocation
|
page read and write
|
||
|
25750000
|
unclassified section
|
page execute and read and write
|
||
|
8029000
|
heap
|
page read and write
|
||
|
261D6000
|
unclassified section
|
page execute and read and write
|
||
|
260A0000
|
unclassified section
|
page execute and read and write
|
||
|
6FA3000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
9960000
|
direct allocation
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
B2FE000
|
stack
|
page read and write
|
||
|
910000
|
trusted library section
|
page read and write
|
||
|
729B000
|
stack
|
page read and write
|
||
|
260FF000
|
unclassified section
|
page execute and read and write
|
||
|
7050000
|
heap
|
page execute and read and write
|
||
|
269D000
|
stack
|
page read and write
|
||
|
6D5E000
|
stack
|
page read and write
|
||
|
45F000
|
system
|
page execute and read and write
|
||
|
300F000
|
stack
|
page read and write
|
||
|
26E0000
|
heap
|
page read and write
|
||
|
8260000
|
trusted library allocation
|
page execute and read and write
|
||
|
476000
|
system
|
page execute and read and write
|
||
|
409000
|
unkown
|
page read and write
|
||
|
B392000
|
direct allocation
|
page execute and read and write
|
||
|
6EC0000
|
trusted library allocation
|
page read and write
|
||
|
24AB0000
|
direct allocation
|
page read and write
|
||
|
2569F000
|
stack
|
page read and write
|
||
|
29BE000
|
stack
|
page read and write
|
||
|
7190000
|
trusted library allocation
|
page read and write
|
||
|
7210000
|
trusted library allocation
|
page read and write
|
||
|
22E4000
|
heap
|
page read and write
|
||
|
422000
|
system
|
page execute and read and write
|
||
|
2555B000
|
stack
|
page read and write
|
||
|
24E10000
|
heap
|
page read and write
|
||
|
26630000
|
unclassified section
|
page execute and read and write
|
||
|
9CA0000
|
heap
|
page read and write
|
||
|
259AA000
|
heap
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
99F8000
|
heap
|
page read and write
|
||
|
99E0000
|
direct allocation
|
page read and write
|
||
|
2940000
|
remote allocation
|
page read and write
|
||
|
24A90000
|
direct allocation
|
page read and write
|
||
|
2507D000
|
stack
|
page read and write
|
||
|
80CA000
|
heap
|
page read and write
|
||
|
229E000
|
stack
|
page read and write
|
||
|
6112000
|
remote allocation
|
page execute and read and write
|
||
|
67F000
|
heap
|
page read and write
|
||
|
6F08000
|
heap
|
page read and write
|
||
|
2561E000
|
stack
|
page read and write
|
||
|
266C0000
|
unclassified section
|
page execute and read and write
|
||
|
2671F000
|
unclassified section
|
page execute and read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
89E0000
|
direct allocation
|
page execute and read and write
|
||
|
476000
|
system
|
page execute and read and write
|
||
|
9FE000
|
stack
|
page read and write
|
||
|
2AB0000
|
heap
|
page read and write
|
||
|
24E70000
|
heap
|
page read and write
|
||
|
59F0000
|
trusted library allocation
|
page read and write
|
||
|
25BD9000
|
heap
|
page read and write
|
||
|
9AC1000
|
heap
|
page read and write
|
||
|
256DC000
|
stack
|
page read and write
|
||
|
262B0000
|
unclassified section
|
page execute and read and write
|
||
|
A58000
|
trusted library allocation
|
page read and write
|
||
|
25899000
|
heap
|
page read and write
|
||
|
266A6000
|
unclassified section
|
page execute and read and write
|
||
|
A992000
|
direct allocation
|
page execute and read and write
|
||
|
4CE000
|
stack
|
page read and write
|
||
|
715D000
|
stack
|
page read and write
|
||
|
25820000
|
heap
|
page read and write
|
||
|
7E0000
|
direct allocation
|
page read and write
|
||
|
9592000
|
direct allocation
|
page execute and read and write
|
||
|
7E80000
|
trusted library allocation
|
page read and write
|
||
|
4312000
|
remote allocation
|
page execute and read and write
|
||
|
25210000
|
direct allocation
|
page read and write
|
||
|
224E000
|
stack
|
page read and write
|
||
|
3D6000
|
heap
|
page read and write
|
||
|
277C000
|
stack
|
page read and write
|
||
|
97D0000
|
heap
|
page read and write
|
||
|
58A4000
|
trusted library allocation
|
page read and write
|
||
|
25FA6000
|
unclassified section
|
page execute and read and write
|
||
|
7DC0000
|
trusted library allocation
|
page read and write
|
||
|
2529F000
|
stack
|
page read and write
|
||
|
253BE000
|
stack
|
page read and write
|
||
|
8240000
|
heap
|
page read and write
|
||
|
25F30000
|
unclassified section
|
page execute and read and write
|
||
|
27B0000
|
heap
|
page read and write
|
||
|
25BA9000
|
heap
|
page read and write
|
||
|
A3E000
|
stack
|
page read and write
|
||
|
25170000
|
unclassified section
|
page execute and read and write
|
||
|
5849000
|
trusted library allocation
|
page read and write
|
||
|
81F000
|
stack
|
page read and write
|
||
|
67F000
|
heap
|
page read and write
|
||
|
BD92000
|
direct allocation
|
page execute and read and write
|
||
|
8230000
|
trusted library allocation
|
page read and write
|
||
|
2AFD000
|
stack
|
page read and write
|
||
|
26270000
|
unclassified section
|
page execute and read and write
|
||
|
7ECC000
|
stack
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
250BD000
|
stack
|
page read and write
|
||
|
6FD0000
|
trusted library allocation
|
page read and write
|
||
|
2551F000
|
stack
|
page read and write
|
||
|
3FD000
|
stack
|
page read and write
|
||
|
2A80000
|
heap
|
page read and write
|
||
|
27FE000
|
unkown
|
page read and write
|
||
|
2E8D000
|
stack
|
page read and write
|
||
|
850000
|
direct allocation
|
page read and write
|
||
|
4996000
|
trusted library allocation
|
page read and write
|
||
|
26160000
|
unclassified section
|
page execute and read and write
|
||
|
8065000
|
heap
|
page read and write
|
||
|
257DC000
|
stack
|
page read and write
|
There are 446 hidden memdumps, click here to show them.