Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
PO-USC-22USC-KonchoCo.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\brosy\udrulnings\Depravingly238\Amphioxidae.Zin
|
ASCII text, with very long lines (57553), with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\brosy\udrulnings\Depravingly238\Schokker\Alkoholeksperter\styrtning\Tedeummernes\PO-USC-22USC-KonchoCo.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\fvberms.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aixlp5gq.pv0.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fligowqj.ueh.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nss8C29.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\brosy\udrulnings\Depravingly238\Racialist.Pat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\brosy\udrulnings\Depravingly238\Schokker\Alkoholeksperter\styrtning\Tedeummernes\PO-USC-22USC-KonchoCo.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\brosy\udrulnings\Depravingly238\Schokker\Alkoholeksperter\styrtning\Tedeummernes\refills.txt
|
ASCII text, with very long lines (306), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\brosy\udrulnings\Depravingly238\Schokker\Alkoholeksperter\styrtning\Tedeummernes\spejderlejrene.hum
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\brosy\udrulnings\Depravingly238\gatfinnernes.tel
|
DIY-Thermocam raw data (Lepton 2.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration:
offset 0.000000, slope 0.000122
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\brosy\udrulnings\Depravingly238\menja.lam
|
data
|
dropped
|
There are 5 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\PO-USC-22USC-KonchoCo.exe
|
"C:\Users\user\Desktop\PO-USC-22USC-KonchoCo.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"powershell.exe" -windowstyle hidden "$Moralioralist=Get-Content 'C:\Users\user\AppData\Roaming\brosy\udrulnings\Depravingly238\Amphioxidae.Zin';$Relaying=$Moralioralist.SubString(7931,3);.$Relaying($Moralioralist)"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" "/c set /A 1^^0"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Insecta" /t REG_EXPAND_SZ
/d "%Fumigatorium% -windowstyle minimized $Hysterogenic=(Get-ItemProperty -Path 'HKCU:\Stafetlbenes\').Indsbedes;%Fumigatorium%
($Hysterogenic)"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wyqilubvhsthredobavonduvmyumohspi"
|
|
|
|
C:\Windows\SysWOW64\reg.exe
|
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Insecta" /t REG_EXPAND_SZ /d "%Fumigatorium% -windowstyle
minimized $Hysterogenic=(Get-ItemProperty -Path 'HKCU:\Stafetlbenes\').Indsbedes;%Fumigatorium% ($Hysterogenic)"
|
There are 31 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
|
|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
learfo55ozj02.duckdns.org
|
|
||
|
http://geoplugin.net/json.gpD
|
unknown
|
||
|
http://geoplugin.net/json.gpd
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://geoplugin.net/json.gpg
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://geoplugin.net/json.gpq
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://geoplugin.net/json.gp:
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
There are 8 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
learfo55ozj02.duckdns.org
|
193.222.96.21
|
|
|
|
leirfo45ozj01.duckdns.org
|
unknown
|
|
|
|
enelltd.top
|
104.21.45.139
|
||
|
geoplugin.net
|
178.237.33.50
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
193.222.96.21
|
learfo55ozj02.duckdns.org
|
Germany
|
|
|
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
||
|
104.21.45.139
|
enelltd.top
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Stafetlbenes
|
Indsbedes
|
||
|
HKEY_CURRENT_USER\Environment
|
Fumigatorium
|
||
|
HKEY_CURRENT_USER\SOFTWARE\jmofvnb-6GMGJI
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\jmofvnb-6GMGJI
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\jmofvnb-6GMGJI
|
time
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Insecta
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
C710000
|
direct allocation
|
page execute and read and write
|
|
|
|
9B48000
|
heap
|
page read and write
|
|
|
|
9B5D000
|
heap
|
page read and write
|
|
|
|
9B5E000
|
heap
|
page read and write
|
|
|
|
25AF2000
|
heap
|
page read and write
|
||
|
6F00000
|
heap
|
page read and write
|
||
|
2D4B000
|
heap
|
page read and write
|
||
|
2BAD000
|
stack
|
page read and write
|
||
|
712E000
|
stack
|
page read and write
|
||
|
698000
|
heap
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
7DA0000
|
trusted library allocation
|
page read and write
|
||
|
25A60000
|
heap
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
42BE000
|
stack
|
page read and write
|
||
|
648000
|
heap
|
page read and write
|
||
|
7010000
|
trusted library allocation
|
page read and write
|
||
|
98F0000
|
direct allocation
|
page read and write
|
||
|
8270000
|
trusted library allocation
|
page execute and read and write
|
||
|
25E70000
|
heap
|
page read and write
|
||
|
27A0000
|
heap
|
page read and write
|
||
|
870000
|
direct allocation
|
page read and write
|
||
|
4755000
|
heap
|
page execute and read and write
|
||
|
4340000
|
heap
|
page execute and read and write
|
||
|
2519F000
|
stack
|
page read and write
|
||
|
58A9000
|
trusted library allocation
|
page read and write
|
||
|
9920000
|
direct allocation
|
page read and write
|
||
|
9B65000
|
heap
|
page read and write
|
||
|
99D0000
|
heap
|
page read and write
|
||
|
4881000
|
trusted library allocation
|
page read and write
|
||
|
7260000
|
trusted library allocation
|
page read and write
|
||
|
8D0000
|
direct allocation
|
page read and write
|
||
|
4750000
|
heap
|
page execute and read and write
|
||
|
7CA0000
|
trusted library allocation
|
page read and write
|
||
|
69C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7D20000
|
heap
|
page read and write
|
||
|
6B6000
|
heap
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
8070000
|
heap
|
page read and write
|
||
|
6FBD000
|
heap
|
page read and write
|
||
|
9BA3000
|
heap
|
page read and write
|
||
|
25100000
|
direct allocation
|
page read and write
|
||
|
7080000
|
trusted library allocation
|
page read and write
|
||
|
49D6000
|
trusted library allocation
|
page read and write
|
||
|
8B0000
|
direct allocation
|
page read and write
|
||
|
9950000
|
direct allocation
|
page read and write
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
B0E000
|
stack
|
page read and write
|
||
|
98D0000
|
heap
|
page read and write
|
||
|
9A00000
|
direct allocation
|
page read and write
|
||
|
689000
|
heap
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
2C0E000
|
stack
|
page read and write
|
||
|
421000
|
unkown
|
page read and write
|
||
|
5F30000
|
remote allocation
|
page execute and read and write
|
||
|
273D000
|
stack
|
page read and write
|
||
|
7C80000
|
heap
|
page read and write
|
||
|
307F000
|
stack
|
page read and write
|
||
|
418000
|
unkown
|
page read and write
|
||
|
80F9000
|
heap
|
page read and write
|
||
|
24F10000
|
heap
|
page read and write
|
||
|
D110000
|
direct allocation
|
page execute and read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
25A61000
|
heap
|
page read and write
|
||
|
71F0000
|
trusted library allocation
|
page read and write
|
||
|
2551E000
|
stack
|
page read and write
|
||
|
7DC0000
|
trusted library allocation
|
page read and write
|
||
|
8086000
|
heap
|
page read and write
|
||
|
25280000
|
remote allocation
|
page read and write
|
||
|
9BB2000
|
heap
|
page read and write
|
||
|
4130000
|
remote allocation
|
page execute and read and write
|
||
|
2503F000
|
stack
|
page read and write
|
||
|
4D58000
|
trusted library allocation
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
427E000
|
stack
|
page read and write
|
||
|
60E000
|
stack
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
6F1D000
|
heap
|
page read and write
|
||
|
860000
|
direct allocation
|
page read and write
|
||
|
5A32000
|
trusted library allocation
|
page read and write
|
||
|
43B7000
|
heap
|
page read and write
|
||
|
9C2000
|
trusted library allocation
|
page read and write
|
||
|
B25000
|
heap
|
page read and write
|
||
|
7FEC000
|
stack
|
page read and write
|
||
|
253DE000
|
stack
|
page read and write
|
||
|
44E000
|
unkown
|
page readonly
|
||
|
80E0000
|
heap
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
434000
|
unkown
|
page read and write
|
||
|
45A000
|
unkown
|
page readonly
|
||
|
850000
|
direct allocation
|
page read and write
|
||
|
71AE000
|
stack
|
page read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
4B30000
|
remote allocation
|
page execute and read and write
|
||
|
65C000
|
heap
|
page read and write
|
||
|
2522D000
|
stack
|
page read and write
|
||
|
9AF9000
|
heap
|
page read and write
|
||
|
993000
|
trusted library allocation
|
page execute and read and write
|
||
|
25AD9000
|
heap
|
page read and write
|
||
|
83F000
|
stack
|
page read and write
|
||
|
2F3F000
|
unkown
|
page read and write
|
||
|
7CB0000
|
trusted library allocation
|
page read and write
|
||
|
25280000
|
heap
|
page read and write
|
||
|
810B000
|
heap
|
page read and write
|
||
|
9F10000
|
direct allocation
|
page execute and read and write
|
||
|
7330000
|
remote allocation
|
page execute and read and write
|
||
|
98E0000
|
direct allocation
|
page read and write
|
||
|
69D0000
|
direct allocation
|
page execute and read and write
|
||
|
48E2000
|
trusted library allocation
|
page read and write
|
||
|
5A2C000
|
trusted library allocation
|
page read and write
|
||
|
251EE000
|
stack
|
page read and write
|
||
|
9C5000
|
trusted library allocation
|
page execute and read and write
|
||
|
2541F000
|
stack
|
page read and write
|
||
|
6C7000
|
heap
|
page read and write
|
||
|
960000
|
trusted library section
|
page read and write
|
||
|
70A0000
|
trusted library allocation
|
page read and write
|
||
|
7BD000
|
stack
|
page read and write
|
||
|
25E60000
|
heap
|
page read and write
|
||
|
9A9D000
|
stack
|
page read and write
|
||
|
433E000
|
stack
|
page read and write
|
||
|
58ED000
|
trusted library allocation
|
page read and write
|
||
|
72A0000
|
trusted library allocation
|
page read and write
|
||
|
25860000
|
heap
|
page read and write
|
||
|
25760000
|
heap
|
page read and write
|
||
|
72EB000
|
stack
|
page read and write
|
||
|
5881000
|
trusted library allocation
|
page read and write
|
||
|
2559F000
|
stack
|
page read and write
|
||
|
7C77000
|
stack
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
80BB000
|
heap
|
page read and write
|
||
|
9130000
|
remote allocation
|
page execute and read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
2713000
|
heap
|
page read and write
|
||
|
2549E000
|
stack
|
page read and write
|
||
|
7220000
|
trusted library allocation
|
page read and write
|
||
|
840000
|
direct allocation
|
page read and write
|
||
|
7D9E000
|
stack
|
page read and write
|
||
|
45A000
|
unkown
|
page readonly
|
||
|
44E000
|
unkown
|
page readonly
|
||
|
685000
|
heap
|
page read and write
|
||
|
668000
|
heap
|
page read and write
|
||
|
6FE5000
|
heap
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
70D0000
|
trusted library allocation
|
page read and write
|
||
|
6F13000
|
heap
|
page read and write
|
||
|
9980000
|
direct allocation
|
page read and write
|
||
|
810000
|
direct allocation
|
page read and write
|
||
|
70C0000
|
trusted library allocation
|
page read and write
|
||
|
8730000
|
remote allocation
|
page execute and read and write
|
||
|
7210000
|
trusted library allocation
|
page read and write
|
||
|
8A0000
|
direct allocation
|
page read and write
|
||
|
638000
|
heap
|
page read and write
|
||
|
736000
|
heap
|
page read and write
|
||
|
42FC000
|
stack
|
page read and write
|
||
|
6F7A000
|
heap
|
page read and write
|
||
|
25B09000
|
heap
|
page read and write
|
||
|
DA8000
|
trusted library allocation
|
page read and write
|
||
|
3040000
|
heap
|
page read and write
|
||
|
7C90000
|
trusted library allocation
|
page execute and read and write
|
||
|
287D000
|
stack
|
page read and write
|
||
|
8E0000
|
direct allocation
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
9990000
|
direct allocation
|
page read and write
|
||
|
254DC000
|
stack
|
page read and write
|
||
|
8A40000
|
direct allocation
|
page execute and read and write
|
||
|
4060000
|
remote allocation
|
page execute and read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
2530F000
|
stack
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
3690000
|
heap
|
page read and write
|
||
|
4879000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
6FE7000
|
heap
|
page read and write
|
||
|
2A70000
|
heap
|
page read and write
|
||
|
2C70000
|
heap
|
page read and write
|
||
|
99B0000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2AEE000
|
stack
|
page read and write
|
||
|
98000
|
stack
|
page read and write
|
||
|
4870000
|
heap
|
page read and write
|
||
|
4360000
|
trusted library allocation
|
page read and write
|
||
|
5A3A000
|
trusted library allocation
|
page read and write
|
||
|
93F000
|
stack
|
page read and write
|
||
|
25280000
|
remote allocation
|
page read and write
|
||
|
7D40000
|
trusted library allocation
|
page read and write
|
||
|
24FFE000
|
stack
|
page read and write
|
||
|
970000
|
trusted library section
|
page read and write
|
||
|
6D4E000
|
stack
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
2EFF000
|
stack
|
page read and write
|
||
|
36C000
|
stack
|
page read and write
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
2C0B000
|
heap
|
page read and write
|
||
|
9940000
|
direct allocation
|
page read and write
|
||
|
9B65000
|
heap
|
page read and write
|
||
|
24E7C000
|
stack
|
page read and write
|
||
|
6930000
|
remote allocation
|
page execute and read and write
|
||
|
2324000
|
heap
|
page read and write
|
||
|
258DA000
|
heap
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
3A8000
|
stack
|
page read and write
|
||
|
2515E000
|
stack
|
page read and write
|
||
|
7250000
|
trusted library allocation
|
page read and write
|
||
|
80F4000
|
heap
|
page read and write
|
||
|
9F0000
|
heap
|
page readonly
|
||
|
7290000
|
trusted library allocation
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
2F7F000
|
stack
|
page read and write
|
||
|
80AB000
|
heap
|
page read and write
|
||
|
2DAF000
|
stack
|
page read and write
|
||
|
9960000
|
direct allocation
|
page read and write
|
||
|
80CC000
|
heap
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
9A0000
|
trusted library allocation
|
page read and write
|
||
|
7D30000
|
remote allocation
|
page execute and read and write
|
||
|
9930000
|
direct allocation
|
page read and write
|
||
|
4350000
|
trusted library allocation
|
page execute and read and write
|
||
|
9910000
|
direct allocation
|
page read and write
|
||
|
BD10000
|
direct allocation
|
page execute and read and write
|
||
|
2A2E000
|
unkown
|
page read and write
|
||
|
7090000
|
trusted library allocation
|
page read and write
|
||
|
99D6000
|
heap
|
page read and write
|
||
|
8094000
|
heap
|
page read and write
|
||
|
67B000
|
heap
|
page read and write
|
||
|
71ED000
|
stack
|
page read and write
|
||
|
7050000
|
trusted library allocation
|
page read and write
|
||
|
830000
|
direct allocation
|
page read and write
|
||
|
2673000
|
heap
|
page read and write
|
||
|
9B9E000
|
heap
|
page read and write
|
||
|
7230000
|
trusted library allocation
|
page read and write
|
||
|
3180000
|
heap
|
page read and write
|
||
|
2D65000
|
heap
|
page read and write
|
||
|
8C0000
|
direct allocation
|
page read and write
|
||
|
6BE000
|
heap
|
page read and write
|
||
|
994000
|
trusted library allocation
|
page read and write
|
||
|
99C0000
|
direct allocation
|
page read and write
|
||
|
6B90000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
7280000
|
trusted library allocation
|
page read and write
|
||
|
6FFE000
|
heap
|
page read and write
|
||
|
7240000
|
trusted library allocation
|
page read and write
|
||
|
77D000
|
stack
|
page read and write
|
||
|
69E0000
|
trusted library allocation
|
page read and write
|
||
|
A6E000
|
stack
|
page read and write
|
||
|
25110000
|
direct allocation
|
page read and write
|
||
|
7D1D000
|
stack
|
page read and write
|
||
|
473E000
|
stack
|
page read and write
|
||
|
8B10000
|
direct allocation
|
page execute and read and write
|
||
|
8103000
|
heap
|
page read and write
|
||
|
6D8F000
|
stack
|
page read and write
|
||
|
6E12000
|
heap
|
page read and write
|
||
|
2A6E000
|
stack
|
page read and write
|
||
|
69B0000
|
trusted library allocation
|
page read and write
|
||
|
99F0000
|
direct allocation
|
page read and write
|
||
|
BA77000
|
trusted library allocation
|
page read and write
|
||
|
2D6E000
|
stack
|
page read and write
|
||
|
24DFE000
|
stack
|
page read and write
|
||
|
9970000
|
direct allocation
|
page read and write
|
||
|
2535C000
|
stack
|
page read and write
|
||
|
2539C000
|
stack
|
page read and write
|
||
|
9A9000
|
trusted library allocation
|
page read and write
|
||
|
6DD000
|
heap
|
page read and write
|
||
|
427000
|
unkown
|
page read and write
|
||
|
2320000
|
heap
|
page read and write
|
||
|
6990000
|
trusted library allocation
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
990000
|
trusted library allocation
|
page read and write
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
69E000
|
heap
|
page read and write
|
||
|
70B0000
|
trusted library allocation
|
page read and write
|
||
|
98C0000
|
heap
|
page readonly
|
||
|
9BA000
|
trusted library allocation
|
page execute and read and write
|
||
|
43B0000
|
heap
|
page read and write
|
||
|
7E35000
|
trusted library allocation
|
page read and write
|
||
|
250F0000
|
direct allocation
|
page read and write
|
||
|
7030000
|
trusted library allocation
|
page read and write
|
||
|
DB10000
|
direct allocation
|
page execute and read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
7D50000
|
heap
|
page read and write
|
||
|
2D62000
|
heap
|
page read and write
|
||
|
890000
|
direct allocation
|
page read and write
|
||
|
29E0000
|
heap
|
page read and write
|
||
|
2D2F000
|
stack
|
page read and write
|
||
|
7FAC000
|
stack
|
page read and write
|
||
|
9B62000
|
heap
|
page read and write
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
21AE000
|
stack
|
page read and write
|
||
|
2545B000
|
stack
|
page read and write
|
||
|
7EEE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6FDF000
|
heap
|
page read and write
|
||
|
980000
|
trusted library allocation
|
page read and write
|
||
|
7D30000
|
trusted library allocation
|
page execute and read and write
|
||
|
250E0000
|
direct allocation
|
page read and write
|
||
|
69A0000
|
heap
|
page read and write
|
||
|
9BB4000
|
heap
|
page read and write
|
||
|
2555C000
|
stack
|
page read and write
|
||
|
6BA0000
|
heap
|
page read and write
|
||
|
9B5E000
|
heap
|
page read and write
|
||
|
9900000
|
direct allocation
|
page read and write
|
||
|
2571D000
|
stack
|
page read and write
|
||
|
7DB0000
|
trusted library allocation
|
page read and write
|
||
|
42A000
|
unkown
|
page read and write
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
252CE000
|
stack
|
page read and write
|
||
|
9A20000
|
heap
|
page read and write
|
||
|
9B14000
|
heap
|
page read and write
|
||
|
9BB4000
|
heap
|
page read and write
|
||
|
807A000
|
heap
|
page read and write
|
||
|
2DFF000
|
unkown
|
page read and write
|
||
|
B310000
|
direct allocation
|
page execute and read and write
|
||
|
7017000
|
trusted library allocation
|
page read and write
|
||
|
99D000
|
trusted library allocation
|
page execute and read and write
|
||
|
80FF000
|
heap
|
page read and write
|
||
|
9C0000
|
trusted library allocation
|
page read and write
|
||
|
4BE000
|
stack
|
page read and write
|
||
|
A910000
|
direct allocation
|
page execute and read and write
|
||
|
24E3D000
|
stack
|
page read and write
|
||
|
99A0000
|
direct allocation
|
page read and write
|
||
|
2AFD000
|
stack
|
page read and write
|
||
|
25B3B000
|
heap
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
21C0000
|
heap
|
page read and write
|
||
|
716E000
|
stack
|
page read and write
|
||
|
A98000
|
heap
|
page read and write
|
||
|
9AD8000
|
heap
|
page read and write
|
||
|
22CF000
|
stack
|
page read and write
|
||
|
297E000
|
stack
|
page read and write
|
||
|
479F000
|
stack
|
page read and write
|
||
|
230E000
|
stack
|
page read and write
|
||
|
44B000
|
unkown
|
page read and write
|
||
|
7040000
|
trusted library allocation
|
page execute and read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
9B57000
|
heap
|
page read and write
|
||
|
27EE000
|
unkown
|
page read and write
|
||
|
6F3B000
|
heap
|
page read and write
|
||
|
9510000
|
direct allocation
|
page execute and read and write
|
||
|
2575E000
|
stack
|
page read and write
|
||
|
6F2B000
|
heap
|
page read and write
|
||
|
A08000
|
heap
|
page read and write
|
||
|
880000
|
direct allocation
|
page read and write
|
||
|
98D5000
|
heap
|
page read and write
|
||
|
9AD0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2AAD000
|
stack
|
page read and write
|
||
|
6FD5000
|
heap
|
page read and write
|
||
|
7270000
|
trusted library allocation
|
page read and write
|
||
|
7200000
|
trusted library allocation
|
page read and write
|
||
|
6F6F000
|
heap
|
page read and write
|
||
|
5530000
|
remote allocation
|
page execute and read and write
|
||
|
9B36000
|
heap
|
page read and write
|
||
|
70E0000
|
heap
|
page execute and read and write
|
||
|
99E0000
|
direct allocation
|
page read and write
|
||
|
987D000
|
stack
|
page read and write
|
||
|
820000
|
direct allocation
|
page read and write
|
||
|
25280000
|
remote allocation
|
page read and write
|
||
|
303F000
|
stack
|
page read and write
|
||
|
9E0000
|
trusted library allocation
|
page read and write
|
||
|
6C2000
|
heap
|
page read and write
|
||
|
2DC0000
|
heap
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
There are 353 hidden memdumps, click here to show them.