Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Gulvmaattens.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\nso786B.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nso786B.tmp\nsExec.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\Falder99\Interelectrode\Overvejendes\Airplane_2.bmp
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=3], baseline, precision 8, 110x110, frames 3
|
dropped
|
||
|
C:\Users\user\Falder99\Interelectrode\Overvejendes\Dystomic.Bel
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\Falder99\Interelectrode\Overvejendes\Pleasurelessly\Anodiserende.opa
|
data
|
dropped
|
||
|
C:\Users\user\Falder99\Interelectrode\Overvejendes\english.txt
|
ASCII text
|
dropped
|
||
|
C:\Users\user\Falder99\Interelectrode\Overvejendes\sqmapi.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\Falder99\Interelectrode\Overvejendes\vfslog.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Gulvmaattens.exe
|
"C:\Users\user\Desktop\Gulvmaattens.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x78^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x76^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x61^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x7D^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x76^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x7F^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x00^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x01^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x09^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x09^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x70^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x41^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x56^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x52^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x47^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x56^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x75^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x5A^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x5F^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x56^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x72^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x1B^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x5E^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x13^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x41^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x07^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x13^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x1F^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x13^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x5A^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x13^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x03^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x4B^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x0B^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x03^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x03^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x03^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x03^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x03^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x03^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x03^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x1F^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x13^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x5A^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x13^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x03^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x1F^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x13^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x43^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x13^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x03^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x1F^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x13^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x5A^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x13^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x07^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x1F^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x13^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x5A^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x13^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x03^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x4B^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x0B^51"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c set /a "0x03^51"
|
|
|
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\Conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 119 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://crl.certum.pl/ctnca2.crl0l
|
unknown
|
||
|
http://repository.certum.pl/ctnca2.cer09
|
unknown
|
||
|
http://crl.certum.pl/ctsca2021.crl0o
|
unknown
|
||
|
http://repository.certum.pl/ctnca.cer09
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://repository.certum.pl/ctsca2021.cer0
|
unknown
|
||
|
http://crl.certum.pl/ctnca.crl0k
|
unknown
|
||
|
http://subca.ocsp-certum.com05
|
unknown
|
||
|
http://www.certum.pl/CPS0
|
unknown
|
||
|
http://subca.ocsp-certum.com02
|
unknown
|
||
|
http://subca.ocsp-certum.com01
|
unknown
|
There are 1 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
760000
|
direct allocation
|
page execute and read and write
|
|
|
|
1D03D480000
|
heap
|
page read and write
|
||
|
2A802A7E000
|
heap
|
page read and write
|
||
|
3846BBB000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
5845FF7000
|
stack
|
page read and write
|
||
|
42C000
|
unkown
|
page read and write
|
||
|
1D03D170000
|
heap
|
page read and write
|
||
|
1D03D48B000
|
heap
|
page read and write
|
||
|
1D49B050000
|
heap
|
page read and write
|
||
|
1ECC1C23000
|
heap
|
page read and write
|
||
|
1ECBD530000
|
trusted library section
|
page readonly
|
||
|
2A80359E000
|
heap
|
page read and write
|
||
|
2A80359E000
|
heap
|
page read and write
|
||
|
584657F000
|
stack
|
page read and write
|
||
|
440000
|
unkown
|
page read and write
|
||
|
2A803A05000
|
heap
|
page read and write
|
||
|
2A802AEF000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2A80359E000
|
heap
|
page read and write
|
||
|
15B9622E000
|
heap
|
page read and write
|
||
|
CA986F9000
|
stack
|
page read and write
|
||
|
1ECBD510000
|
trusted library section
|
page readonly
|
||
|
1871E126000
|
heap
|
page read and write
|
||
|
2A803594000
|
heap
|
page read and write
|
||
|
472B7F7000
|
stack
|
page read and write
|
||
|
1ECBD540000
|
trusted library section
|
page readonly
|
||
|
1871E122000
|
heap
|
page read and write
|
||
|
2A802950000
|
heap
|
page read and write
|
||
|
1ECC1CE8000
|
heap
|
page read and write
|
||
|
2A80358C000
|
heap
|
page read and write
|
||
|
1D03D1A0000
|
heap
|
page read and write
|
||
|
277F000
|
stack
|
page read and write
|
||
|
2A803320000
|
remote allocation
|
page read and write
|
||
|
1D49B102000
|
heap
|
page read and write
|
||
|
15B96282000
|
heap
|
page read and write
|
||
|
2A803A04000
|
heap
|
page read and write
|
||
|
138F6CA000
|
stack
|
page read and write
|
||
|
1ECBD310000
|
trusted library allocation
|
page read and write
|
||
|
1ECC1CF2000
|
heap
|
page read and write
|
||
|
1ECBD500000
|
trusted library section
|
page readonly
|
||
|
2310000
|
trusted library allocation
|
page read and write
|
||
|
38470FB000
|
stack
|
page read and write
|
||
|
15B96261000
|
heap
|
page read and write
|
||
|
CA9837F000
|
stack
|
page read and write
|
||
|
1871E14E000
|
heap
|
page read and write
|
||
|
1ECBC380000
|
trusted library section
|
page read and write
|
||
|
2A803590000
|
heap
|
page read and write
|
||
|
38471F7000
|
stack
|
page read and write
|
||
|
1ECC1B70000
|
trusted library allocation
|
page read and write
|
||
|
15B96213000
|
heap
|
page read and write
|
||
|
1ECC2000000
|
heap
|
page read and write
|
||
|
2A80358A000
|
heap
|
page read and write
|
||
|
1D03D490000
|
trusted library allocation
|
page read and write
|
||
|
15B96313000
|
heap
|
page read and write
|
||
|
1ECC1A40000
|
trusted library allocation
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
2A802A4A000
|
heap
|
page read and write
|
||
|
38473FE000
|
stack
|
page read and write
|
||
|
1ECC1D00000
|
heap
|
page read and write
|
||
|
2A803A02000
|
heap
|
page read and write
|
||
|
1E47BC56000
|
heap
|
page read and write
|
||
|
CA983FF000
|
stack
|
page read and write
|
||
|
2A8035B4000
|
heap
|
page read and write
|
||
|
5846AFE000
|
stack
|
page read and write
|
||
|
1D03D1DE000
|
heap
|
page read and write
|
||
|
1ECC1A1E000
|
trusted library allocation
|
page read and write
|
||
|
2A80358E000
|
heap
|
page read and write
|
||
|
1D03D1D6000
|
heap
|
page read and write
|
||
|
138FAF9000
|
stack
|
page read and write
|
||
|
1B461513000
|
heap
|
page read and write
|
||
|
6B3000
|
heap
|
page read and write
|
||
|
1ECBC441000
|
heap
|
page read and write
|
||
|
2A803575000
|
heap
|
page read and write
|
||
|
1E47BB80000
|
heap
|
page read and write
|
||
|
1D03D485000
|
heap
|
page read and write
|
||
|
89E1CDB000
|
stack
|
page read and write
|
||
|
1ECC1CFB000
|
heap
|
page read and write
|
||
|
2A8029C0000
|
heap
|
page read and write
|
||
|
CA982FB000
|
stack
|
page read and write
|
||
|
6F6A1000
|
unkown
|
page execute read
|
||
|
1ECC1B50000
|
trusted library allocation
|
page read and write
|
||
|
2A803516000
|
heap
|
page read and write
|
||
|
1D49B086000
|
heap
|
page read and write
|
||
|
1871E13F000
|
heap
|
page read and write
|
||
|
1ECBC477000
|
heap
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
99000
|
stack
|
page read and write
|
||
|
1E47BC13000
|
heap
|
page read and write
|
||
|
1ECBC472000
|
heap
|
page read and write
|
||
|
8B0D8FF000
|
stack
|
page read and write
|
||
|
1ECC1C43000
|
heap
|
page read and write
|
||
|
1D49AF50000
|
heap
|
page read and write
|
||
|
1ECC18F0000
|
trusted library allocation
|
page read and write
|
||
|
2A803590000
|
heap
|
page read and write
|
||
|
2A8035A1000
|
heap
|
page read and write
|
||
|
2A802B08000
|
heap
|
page read and write
|
||
|
2A802B13000
|
heap
|
page read and write
|
||
|
138F7CF000
|
stack
|
page read and write
|
||
|
138F74F000
|
stack
|
page read and write
|
||
|
CA9877F000
|
stack
|
page read and write
|
||
|
2A8029F0000
|
trusted library allocation
|
page read and write
|
||
|
2A803A04000
|
heap
|
page read and write
|
||
|
8B0DAFF000
|
stack
|
page read and write
|
||
|
15B96A02000
|
trusted library allocation
|
page read and write
|
||
|
1871E131000
|
heap
|
page read and write
|
||
|
1ECC1CDB000
|
heap
|
page read and write
|
||
|
2A803590000
|
heap
|
page read and write
|
||
|
2200000
|
heap
|
page read and write
|
||
|
2940000
|
trusted library allocation
|
page read and write
|
||
|
8B0D57B000
|
stack
|
page read and write
|
||
|
1ECBC3E1000
|
trusted library allocation
|
page read and write
|
||
|
2A802960000
|
heap
|
page read and write
|
||
|
2A803A44000
|
heap
|
page read and write
|
||
|
1ECBC458000
|
heap
|
page read and write
|
||
|
2A80359E000
|
heap
|
page read and write
|
||
|
1E47BC7B000
|
heap
|
page read and write
|
||
|
1ECBC200000
|
heap
|
page read and write
|
||
|
1B461468000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
1ECBC400000
|
heap
|
page read and write
|
||
|
1ECBCC15000
|
heap
|
page read and write
|
||
|
2A802AF1000
|
heap
|
page read and write
|
||
|
2A8035C5000
|
heap
|
page read and write
|
||
|
8B0D12C000
|
stack
|
page read and write
|
||
|
1ECBCD18000
|
heap
|
page read and write
|
||
|
2A803594000
|
heap
|
page read and write
|
||
|
693000
|
heap
|
page read and write
|
||
|
CA98879000
|
stack
|
page read and write
|
||
|
1ECC1A18000
|
trusted library allocation
|
page read and write
|
||
|
1ECC1CB1000
|
heap
|
page read and write
|
||
|
8B0D47D000
|
stack
|
page read and write
|
||
|
1D03D3B0000
|
trusted library allocation
|
page read and write
|
||
|
1B461428000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
606000
|
heap
|
page read and write
|
||
|
2A80358B000
|
heap
|
page read and write
|
||
|
1E47BC00000
|
heap
|
page read and write
|
||
|
1D49B048000
|
heap
|
page read and write
|
||
|
1ECC1C64000
|
heap
|
page read and write
|
||
|
472B9FD000
|
stack
|
page read and write
|
||
|
1871E14F000
|
heap
|
page read and write
|
||
|
15B9625C000
|
heap
|
page read and write
|
||
|
1ECBD520000
|
trusted library section
|
page readonly
|
||
|
230F000
|
stack
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
3846EFF000
|
stack
|
page read and write
|
||
|
1871E154000
|
heap
|
page read and write
|
||
|
2A8035B4000
|
heap
|
page read and write
|
||
|
1ECC1A54000
|
trusted library allocation
|
page read and write
|
||
|
2A80358C000
|
heap
|
page read and write
|
||
|
472B12B000
|
stack
|
page read and write
|
||
|
1B461456000
|
heap
|
page read and write
|
||
|
1871E135000
|
heap
|
page read and write
|
||
|
2A802A8A000
|
heap
|
page read and write
|
||
|
1871E136000
|
heap
|
page read and write
|
||
|
2A803500000
|
heap
|
page read and write
|
||
|
438000
|
unkown
|
page read and write
|
||
|
1ECC1C12000
|
heap
|
page read and write
|
||
|
15B95FE0000
|
heap
|
page read and write
|
||
|
15B96140000
|
trusted library allocation
|
page read and write
|
||
|
58463FB000
|
stack
|
page read and write
|
||
|
CF79EFE000
|
stack
|
page read and write
|
||
|
1ECC1A31000
|
trusted library allocation
|
page read and write
|
||
|
15B96302000
|
heap
|
page read and write
|
||
|
CF79FF8000
|
stack
|
page read and write
|
||
|
1ECBD300000
|
trusted library allocation
|
page read and write
|
||
|
15B96260000
|
heap
|
page read and write
|
||
|
15B95FD0000
|
heap
|
page read and write
|
||
|
2A8035A4000
|
heap
|
page read and write
|
||
|
CF7A1F7000
|
stack
|
page read and write
|
||
|
1E47BC88000
|
heap
|
page read and write
|
||
|
472BAFF000
|
stack
|
page read and write
|
||
|
8B0D5FF000
|
stack
|
page read and write
|
||
|
CF7A37F000
|
unkown
|
page read and write
|
||
|
58462FE000
|
stack
|
page read and write
|
||
|
1871E127000
|
heap
|
page read and write
|
||
|
1871E360000
|
heap
|
page read and write
|
||
|
1D03D190000
|
heap
|
page read and write
|
||
|
2A8035A4000
|
heap
|
page read and write
|
||
|
1E47BD13000
|
heap
|
page read and write
|
||
|
2A803A04000
|
heap
|
page read and write
|
||
|
1E47BC4A000
|
heap
|
page read and write
|
||
|
2A802A00000
|
heap
|
page read and write
|
||
|
590000
|
trusted library allocation
|
page read and write
|
||
|
2A803594000
|
heap
|
page read and write
|
||
|
1D03D489000
|
heap
|
page read and write
|
||
|
2A803A02000
|
heap
|
page read and write
|
||
|
2A803A04000
|
heap
|
page read and write
|
||
|
3846FFB000
|
stack
|
page read and write
|
||
|
1B461300000
|
heap
|
page read and write
|
||
|
1D49B07B000
|
heap
|
page read and write
|
||
|
2A803597000
|
heap
|
page read and write
|
||
|
3846E7E000
|
stack
|
page read and write
|
||
|
2A803A04000
|
heap
|
page read and write
|
||
|
2A802ADB000
|
heap
|
page read and write
|
||
|
6A3000
|
heap
|
page read and write
|
||
|
2334000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
89E24FE000
|
stack
|
page read and write
|
||
|
1871E110000
|
heap
|
page read and write
|
||
|
6AE000
|
heap
|
page read and write
|
||
|
697000
|
heap
|
page read and write
|
||
|
2A802AB5000
|
heap
|
page read and write
|
||
|
1871E130000
|
heap
|
page read and write
|
||
|
1ECBC4BD000
|
heap
|
page read and write
|
||
|
2A80358E000
|
heap
|
page read and write
|
||
|
58464FB000
|
stack
|
page read and write
|
||
|
1D49B029000
|
heap
|
page read and write
|
||
|
1D03D206000
|
heap
|
page read and write
|
||
|
1E47BC8C000
|
heap
|
page read and write
|
||
|
1ECC1CA9000
|
heap
|
page read and write
|
||
|
45F000
|
unkown
|
page readonly
|
||
|
138FA79000
|
stack
|
page read and write
|
||
|
15B96264000
|
heap
|
page read and write
|
||
|
58465FF000
|
stack
|
page read and write
|
||
|
1E47BC3C000
|
heap
|
page read and write
|
||
|
1D49B08A000
|
heap
|
page read and write
|
||
|
15B96278000
|
heap
|
page read and write
|
||
|
2A802A5C000
|
heap
|
page read and write
|
||
|
2A8035C8000
|
heap
|
page read and write
|
||
|
2A802A29000
|
heap
|
page read and write
|
||
|
1ECBC413000
|
heap
|
page read and write
|
||
|
1ECBD320000
|
trusted library allocation
|
page read and write
|
||
|
2A802AE4000
|
heap
|
page read and write
|
||
|
2A80358C000
|
heap
|
page read and write
|
||
|
1D03D198000
|
heap
|
page read and write
|
||
|
6AC000
|
heap
|
page read and write
|
||
|
2A803597000
|
heap
|
page read and write
|
||
|
1D49B04B000
|
heap
|
page read and write
|
||
|
2A803594000
|
heap
|
page read and write
|
||
|
1D49B04D000
|
heap
|
page read and write
|
||
|
1D03D150000
|
heap
|
page read and write
|
||
|
1871DED0000
|
heap
|
page read and write
|
||
|
1D49B04F000
|
heap
|
page read and write
|
||
|
2A8035AF000
|
heap
|
page read and write
|
||
|
1D03D0F0000
|
trusted library allocation
|
page read and write
|
||
|
2A8035A7000
|
heap
|
page read and write
|
||
|
2A802AAB000
|
heap
|
page read and write
|
||
|
584667F000
|
stack
|
page read and write
|
||
|
2A803519000
|
heap
|
page read and write
|
||
|
2A80358F000
|
heap
|
page read and write
|
||
|
1E47BC53000
|
heap
|
page read and write
|
||
|
CA98679000
|
stack
|
page read and write
|
||
|
1ECBCC02000
|
heap
|
page read and write
|
||
|
1ECC1CFB000
|
heap
|
page read and write
|
||
|
1ECC1A34000
|
trusted library allocation
|
page read and write
|
||
|
2A802B16000
|
heap
|
page read and write
|
||
|
2A802A49000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
1ECBD4F0000
|
trusted library section
|
page readonly
|
||
|
1ECC1B70000
|
remote allocation
|
page read and write
|
||
|
89E23FE000
|
stack
|
page read and write
|
||
|
1ECBD890000
|
trusted library allocation
|
page read and write
|
||
|
1ECC1C00000
|
heap
|
page read and write
|
||
|
2A803A04000
|
heap
|
page read and write
|
||
|
1B461402000
|
heap
|
page read and write
|
||
|
138FBFC000
|
stack
|
page read and write
|
||
|
1B46143C000
|
heap
|
page read and write
|
||
|
2A802AC9000
|
heap
|
page read and write
|
||
|
1871E137000
|
heap
|
page read and write
|
||
|
1D49BA02000
|
trusted library allocation
|
page read and write
|
||
|
1ECBCD02000
|
heap
|
page read and write
|
||
|
1E47BC4C000
|
heap
|
page read and write
|
||
|
1ECBCD00000
|
heap
|
page read and write
|
||
|
1ECBC429000
|
heap
|
page read and write
|
||
|
1ECBC490000
|
heap
|
page read and write
|
||
|
2A803320000
|
remote allocation
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
1ECC1A50000
|
trusted library allocation
|
page read and write
|
||
|
1B461470000
|
heap
|
page read and write
|
||
|
45B000
|
unkown
|
page read and write
|
||
|
1D03D460000
|
trusted library allocation
|
page read and write
|
||
|
1ECBC49F000
|
heap
|
page read and write
|
||
|
38472FF000
|
stack
|
page read and write
|
||
|
2A803586000
|
heap
|
page read and write
|
||
|
1871E000000
|
heap
|
page read and write
|
||
|
CF7A478000
|
stack
|
page read and write
|
||
|
1ECC1C30000
|
heap
|
page read and write
|
||
|
1D49B000000
|
heap
|
page read and write
|
||
|
1ECC1A30000
|
trusted library allocation
|
page read and write
|
||
|
8B0D7F7000
|
stack
|
page read and write
|
||
|
2A803402000
|
heap
|
page read and write
|
||
|
2FFE000
|
stack
|
page read and write
|
||
|
1D49B052000
|
heap
|
page read and write
|
||
|
2330000
|
heap
|
page read and write
|
||
|
2A8035CF000
|
heap
|
page read and write
|
||
|
1ECC1B20000
|
trusted library allocation
|
page read and write
|
||
|
6F6A4000
|
unkown
|
page readonly
|
||
|
15B9625D000
|
heap
|
page read and write
|
||
|
58467FF000
|
stack
|
page read and write
|
||
|
217E000
|
stack
|
page read and write
|
||
|
15B96229000
|
heap
|
page read and write
|
||
|
2A802B02000
|
heap
|
page read and write
|
||
|
1ECBCF01000
|
trusted library allocation
|
page read and write
|
||
|
1D49B049000
|
heap
|
page read and write
|
||
|
1ECBCC00000
|
heap
|
page read and write
|
||
|
1D49B03C000
|
heap
|
page read and write
|
||
|
1B461413000
|
heap
|
page read and write
|
||
|
431000
|
unkown
|
page read and write
|
||
|
668000
|
heap
|
page read and write
|
||
|
1B461370000
|
heap
|
page read and write
|
||
|
1E47BB20000
|
heap
|
page read and write
|
||
|
1ECBD303000
|
trusted library allocation
|
page read and write
|
||
|
472B8FE000
|
stack
|
page read and write
|
||
|
1ECC1A10000
|
trusted library allocation
|
page read and write
|
||
|
472B57B000
|
stack
|
page read and write
|
||
|
CA987F9000
|
stack
|
page read and write
|
||
|
1ECC1B70000
|
remote allocation
|
page read and write
|
||
|
1D03D420000
|
trusted library allocation
|
page read and write
|
||
|
1ECBC270000
|
heap
|
page read and write
|
||
|
1D49B053000
|
heap
|
page read and write
|
||
|
2A8035A4000
|
heap
|
page read and write
|
||
|
2A803A22000
|
heap
|
page read and write
|
||
|
1ECC1A10000
|
trusted library allocation
|
page read and write
|
||
|
2A803553000
|
heap
|
page read and write
|
||
|
2A803320000
|
remote allocation
|
page read and write
|
||
|
15B96040000
|
heap
|
page read and write
|
||
|
4B5000
|
heap
|
page read and write
|
||
|
1ECBC210000
|
heap
|
page read and write
|
||
|
2A802A3C000
|
heap
|
page read and write
|
||
|
2A803588000
|
heap
|
page read and write
|
||
|
213E000
|
stack
|
page read and write
|
||
|
1E47BC51000
|
heap
|
page read and write
|
||
|
2A802AFC000
|
heap
|
page read and write
|
||
|
1B461478000
|
heap
|
page read and write
|
||
|
2A80351B000
|
heap
|
page read and write
|
||
|
89E21FB000
|
stack
|
page read and write
|
||
|
CF79CFE000
|
stack
|
page read and write
|
||
|
1E47BC4F000
|
heap
|
page read and write
|
||
|
CF79D7E000
|
stack
|
page read and write
|
||
|
472B47E000
|
stack
|
page read and write
|
||
|
1ECC1CF5000
|
heap
|
page read and write
|
||
|
58468FC000
|
stack
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
1E47BC26000
|
heap
|
page read and write
|
||
|
2A803591000
|
heap
|
page read and write
|
||
|
1D49B113000
|
heap
|
page read and write
|
||
|
1D49AF40000
|
heap
|
page read and write
|
||
|
1ECBC370000
|
trusted library allocation
|
page read and write
|
||
|
1ECC1A40000
|
trusted library allocation
|
page read and write
|
||
|
1ECC1B70000
|
remote allocation
|
page read and write
|
||
|
15B96200000
|
heap
|
page read and write
|
||
|
1ECBC4FF000
|
heap
|
page read and write
|
||
|
2A803A00000
|
heap
|
page read and write
|
||
|
1D03D0E0000
|
heap
|
page read and write
|
||
|
15B96308000
|
heap
|
page read and write
|
||
|
2A803A04000
|
heap
|
page read and write
|
||
|
1D03E1F0000
|
trusted library allocation
|
page read and write
|
||
|
1ECC1CE2000
|
heap
|
page read and write
|
||
|
2A80359E000
|
heap
|
page read and write
|
||
|
2A803596000
|
heap
|
page read and write
|
||
|
1ECC1B40000
|
trusted library allocation
|
page read and write
|
||
|
1E47BD08000
|
heap
|
page read and write
|
||
|
1D03DF80000
|
trusted library allocation
|
page read and write
|
||
|
2A80358C000
|
heap
|
page read and write
|
||
|
58460FA000
|
stack
|
page read and write
|
||
|
1E47BC29000
|
heap
|
page read and write
|
||
|
1B461E02000
|
trusted library allocation
|
page read and write
|
||
|
1E47BD02000
|
heap
|
page read and write
|
||
|
45F000
|
unkown
|
page readonly
|
||
|
1B461310000
|
heap
|
page read and write
|
||
|
1D49AFE0000
|
trusted library allocation
|
page read and write
|
||
|
2A80358E000
|
heap
|
page read and write
|
||
|
1E47BBB0000
|
trusted library allocation
|
page read and write
|
||
|
15B96300000
|
heap
|
page read and write
|
||
|
CF7A0F7000
|
stack
|
page read and write
|
||
|
8B0D9FF000
|
stack
|
page read and write
|
||
|
1ECBC48E000
|
heap
|
page read and write
|
||
|
1ECC1D02000
|
heap
|
page read and write
|
||
|
138FB7F000
|
stack
|
page read and write
|
||
|
1ECC1AE0000
|
trusted library allocation
|
page read and write
|
||
|
2A802A13000
|
heap
|
page read and write
|
||
|
1D49B108000
|
heap
|
page read and write
|
||
|
CF7A2FE000
|
stack
|
page read and write
|
||
|
15B96267000
|
heap
|
page read and write
|
||
|
1B461400000
|
heap
|
page read and write
|
||
|
1D03E1A0000
|
trusted library allocation
|
page read and write
|
||
|
1ECC1C9E000
|
heap
|
page read and write
|
||
|
2A803586000
|
heap
|
page read and write
|
||
|
1ECBC494000
|
heap
|
page read and write
|
||
|
1ECC1B60000
|
trusted library allocation
|
page read and write
|
||
|
1E47C602000
|
trusted library allocation
|
page read and write
|
||
|
1871E020000
|
heap
|
page read and write
|
||
|
1D03E190000
|
trusted library allocation
|
page read and write
|
||
|
5845BEB000
|
stack
|
page read and write
|
||
|
1E47BC70000
|
heap
|
page read and write
|
||
|
1E47BD00000
|
heap
|
page read and write
|
||
|
58461F9000
|
stack
|
page read and write
|
||
|
1871E13F000
|
heap
|
page read and write
|
||
|
58466FE000
|
stack
|
page read and write
|
||
|
1B4613A0000
|
trusted library allocation
|
page read and write
|
||
|
1ECBCD13000
|
heap
|
page read and write
|
||
|
6F6A6000
|
unkown
|
page readonly
|
||
|
1D49AFB0000
|
heap
|
page read and write
|
||
|
2A802AC2000
|
heap
|
page read and write
|
||
|
1D03D470000
|
heap
|
page readonly
|
||
|
2A802AAB000
|
heap
|
page read and write
|
||
|
1ECBC513000
|
heap
|
page read and write
|
||
|
1ECC1D02000
|
heap
|
page read and write
|
||
|
1B461502000
|
heap
|
page read and write
|
||
|
1D03D1DE000
|
heap
|
page read and write
|
||
|
1871E13F000
|
heap
|
page read and write
|
||
|
6AC000
|
heap
|
page read and write
|
||
|
1B461500000
|
heap
|
page read and write
|
||
|
1ECBC47A000
|
heap
|
page read and write
|
||
|
1871E365000
|
heap
|
page read and write
|
||
|
CF79C7B000
|
stack
|
page read and write
|
||
|
6F6A0000
|
unkown
|
page readonly
|
||
|
1ECBCD18000
|
heap
|
page read and write
|
||
|
1ECBD410000
|
trusted library allocation
|
page read and write
|
||
|
1D49B100000
|
heap
|
page read and write
|
||
|
1D03D3C0000
|
trusted library allocation
|
page read and write
|
||
|
1E47BB10000
|
heap
|
page read and write
|
||
|
1ECC1B30000
|
trusted library allocation
|
page read and write
|
||
|
472B67B000
|
stack
|
page read and write
|
||
|
8B0D6FB000
|
stack
|
page read and write
|
||
|
2A802AF2000
|
heap
|
page read and write
|
||
|
2A80358E000
|
heap
|
page read and write
|
||
|
15B9623C000
|
heap
|
page read and write
|
||
|
1D03D1DE000
|
heap
|
page read and write
|
||
|
2A8035D5000
|
heap
|
page read and write
|
||
|
2A8035A4000
|
heap
|
page read and write
|
||
|
2780000
|
heap
|
page read and write
|
||
|
2A802A5B000
|
heap
|
page read and write
|
||
|
1D49B04C000
|
heap
|
page read and write
|
||
|
8B0D1AE000
|
stack
|
page read and write
|
||
|
1ECBC502000
|
heap
|
page read and write
|
||
|
2EFD000
|
stack
|
page read and write
|
||
|
1871E11B000
|
heap
|
page read and write
|
||
|
1871E155000
|
heap
|
page read and write
|
||
|
1871E133000
|
heap
|
page read and write
|
||
|
1ECBC47C000
|
heap
|
page read and write
|
||
|
2A802A7E000
|
heap
|
page read and write
|
||
|
1ECC1C50000
|
heap
|
page read and write
|
||
|
1ECC1CFD000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
89E22FB000
|
stack
|
page read and write
|
||
|
6A9000
|
heap
|
page read and write
|
||
|
584677E000
|
stack
|
page read and write
|
||
|
1D49B070000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1ECC1900000
|
trusted library allocation
|
page read and write
|
||
|
21F0000
|
trusted library allocation
|
page read and write
|
||
|
1D49B013000
|
heap
|
page read and write
|
||
|
6AC000
|
heap
|
page read and write
|
||
|
472B6FE000
|
stack
|
page read and write
|
||
|
472B1AE000
|
stack
|
page read and write
|
There are 439 hidden memdumps, click here to show them.