Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Confirmation transfer Note AGS # 22-00379.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\forgrovelse\konstituerendes\Afhjemlingen\Confirmation transfer Note AGS # 22-00379.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\forgrovelse\konstituerendes\Afhjemlingen\Confirmation transfer Note AGS # 22-00379.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_wab.exe_15d6d0e0874d72d2fcd2c8c32686e616c5a2dc_9f72327e_a18ab8e7-2a27-4583-af50-06fda05251ea\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5987.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Jul 25 03:07:03 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5D13.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5D71.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qrj1pcie.3uc.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xrvjjpg0.p3w.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\forgrovelse\konstituerendes\Afhjemlingen\ondskabsfuldhedernes.txt
|
ASCII text, with very long lines (367), with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\forgrovelse\konstituerendes\Jordfyldens\lokalplanrammes.sus
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\forgrovelse\konstituerendes\Rotan.Bru
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\forgrovelse\konstituerendes\Ungilled.Cad
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\forgrovelse\konstituerendes\grensav.sjl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nshABD4.tmp
|
data
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 7 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Confirmation transfer Note AGS # 22-00379.exe
|
"C:\Users\user\Desktop\Confirmation transfer Note AGS # 22-00379.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"powershell.exe" -windowstyle hidden "$Scabriusculous=Get-Content 'C:\Users\user~1\AppData\Local\Temp\forgrovelse\konstituerendes\Rotan.Bru';$Uregelmssighedernes=$Scabriusculous.SubString(19994,3);.$Uregelmssighedernes($Scabriusculous)
"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7476 -s 2532
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://aborters.duckdns.org:8081
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://checkip.dyndns.org/
|
158.101.44.242
|
||
|
http://crl.micro
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://checkip.dyndns.comd
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://anotherarmy.dns.army:8081
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://checkip.dyndns.orgd
|
unknown
|
||
|
https://www.reap.skyestates.com.mt/
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://checkip.dyndns.org
|
unknown
|
||
|
http://checkip.dyndns.com
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://crl.microw
|
unknown
|
||
|
http://varders.kozow.com:8081
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.reap.skyestates.com.mt/wp-includes/NTivwvgavzbeiE97.bin
|
108.167.181.251
|
There are 14 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.reap.skyestates.com.mt
|
108.167.181.251
|
||
|
checkip.dyndns.com
|
158.101.44.242
|
||
|
checkip.dyndns.org
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
108.167.181.251
|
www.reap.skyestates.com.mt
|
United States
|
||
|
158.101.44.242
|
checkip.dyndns.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\fordjelsesbesvret\Uninstall\Spidsfindigeres22
|
luftrr
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
FileDirectory
|
||
|
\REGISTRY\A\{4e73c821-c622-840a-11b0-a3db27422728}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
ProgramId
|
||
|
\REGISTRY\A\{4e73c821-c622-840a-11b0-a3db27422728}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
FileId
|
||
|
\REGISTRY\A\{4e73c821-c622-840a-11b0-a3db27422728}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{4e73c821-c622-840a-11b0-a3db27422728}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
LongPathHash
|
||
|
\REGISTRY\A\{4e73c821-c622-840a-11b0-a3db27422728}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
Name
|
||
|
\REGISTRY\A\{4e73c821-c622-840a-11b0-a3db27422728}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
OriginalFileName
|
||
|
\REGISTRY\A\{4e73c821-c622-840a-11b0-a3db27422728}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
Publisher
|
||
|
\REGISTRY\A\{4e73c821-c622-840a-11b0-a3db27422728}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
Version
|
||
|
\REGISTRY\A\{4e73c821-c622-840a-11b0-a3db27422728}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
BinFileVersion
|
||
|
\REGISTRY\A\{4e73c821-c622-840a-11b0-a3db27422728}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
BinaryType
|
||
|
\REGISTRY\A\{4e73c821-c622-840a-11b0-a3db27422728}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
ProductName
|
||
|
\REGISTRY\A\{4e73c821-c622-840a-11b0-a3db27422728}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
ProductVersion
|
||
|
\REGISTRY\A\{4e73c821-c622-840a-11b0-a3db27422728}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
LinkDate
|
||
|
\REGISTRY\A\{4e73c821-c622-840a-11b0-a3db27422728}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
BinProductVersion
|
||
|
\REGISTRY\A\{4e73c821-c622-840a-11b0-a3db27422728}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{4e73c821-c622-840a-11b0-a3db27422728}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{4e73c821-c622-840a-11b0-a3db27422728}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
Size
|
||
|
\REGISTRY\A\{4e73c821-c622-840a-11b0-a3db27422728}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
Language
|
||
|
\REGISTRY\A\{4e73c821-c622-840a-11b0-a3db27422728}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
IsOsComponent
|
||
|
\REGISTRY\A\{4e73c821-c622-840a-11b0-a3db27422728}\Root\InventoryApplicationFile\wab.exe|a27e0f9c88d3b3b0
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 28 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
21F71000
|
trusted library allocation
|
page read and write
|
|
|
|
A494000
|
direct allocation
|
page execute and read and write
|
|
|
|
669C000
|
heap
|
page read and write
|
||
|
4F44000
|
remote allocation
|
page execute and read and write
|
||
|
7490000
|
trusted library allocation
|
page read and write
|
||
|
73A000
|
heap
|
page read and write
|
||
|
2FDE000
|
stack
|
page read and write
|
||
|
244C0000
|
heap
|
page read and write
|
||
|
240CD000
|
stack
|
page read and write
|
||
|
769F000
|
stack
|
page read and write
|
||
|
729000
|
heap
|
page read and write
|
||
|
2EED000
|
trusted library allocation
|
page execute and read and write
|
||
|
6617000
|
heap
|
page read and write
|
||
|
24360000
|
heap
|
page execute and read and write
|
||
|
66DF000
|
stack
|
page read and write
|
||
|
77C0000
|
trusted library allocation
|
page read and write
|
||
|
65A8000
|
heap
|
page read and write
|
||
|
22033000
|
trusted library allocation
|
page read and write
|
||
|
2FA2000
|
trusted library allocation
|
page read and write
|
||
|
8360000
|
trusted library allocation
|
page read and write
|
||
|
533F000
|
trusted library allocation
|
page read and write
|
||
|
24070000
|
trusted library allocation
|
page read and write
|
||
|
5E09000
|
trusted library allocation
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
6F10000
|
direct allocation
|
page read and write
|
||
|
2DCE000
|
stack
|
page read and write
|
||
|
85E0000
|
heap
|
page read and write
|
||
|
21F40000
|
heap
|
page execute and read and write
|
||
|
24080000
|
trusted library allocation
|
page read and write
|
||
|
7770000
|
trusted library allocation
|
page read and write
|
||
|
21600000
|
direct allocation
|
page read and write
|
||
|
7810000
|
trusted library allocation
|
page read and write
|
||
|
285F000
|
stack
|
page read and write
|
||
|
21CF0000
|
remote allocation
|
page read and write
|
||
|
6550000
|
heap
|
page read and write
|
||
|
2FC0000
|
trusted library allocation
|
page read and write
|
||
|
42E000
|
unkown
|
page read and write
|
||
|
4460000
|
remote allocation
|
page execute and read and write
|
||
|
24070000
|
trusted library allocation
|
page read and write
|
||
|
77E0000
|
trusted library allocation
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
88A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
88B0000
|
direct allocation
|
page execute and read and write
|
||
|
705000
|
heap
|
page read and write
|
||
|
4A3E000
|
stack
|
page read and write
|
||
|
8390000
|
trusted library allocation
|
page read and write
|
||
|
3660000
|
trusted library allocation
|
page read and write
|
||
|
9A94000
|
direct allocation
|
page execute and read and write
|
||
|
2405B000
|
trusted library allocation
|
page read and write
|
||
|
8220000
|
trusted library allocation
|
page read and write
|
||
|
24070000
|
trusted library allocation
|
page read and write
|
||
|
24080000
|
trusted library allocation
|
page read and write
|
||
|
2F90000
|
trusted library allocation
|
page read and write
|
||
|
2988000
|
stack
|
page read and write
|
||
|
421000
|
unkown
|
page read and write
|
||
|
300E000
|
stack
|
page read and write
|
||
|
240D0000
|
trusted library allocation
|
page read and write
|
||
|
21610000
|
direct allocation
|
page read and write
|
||
|
49FE000
|
stack
|
page read and write
|
||
|
7610000
|
heap
|
page execute and read and write
|
||
|
22011000
|
trusted library allocation
|
page read and write
|
||
|
863F000
|
heap
|
page read and write
|
||
|
7740000
|
trusted library allocation
|
page read and write
|
||
|
8619000
|
heap
|
page read and write
|
||
|
6F40000
|
direct allocation
|
page read and write
|
||
|
864E000
|
heap
|
page read and write
|
||
|
8380000
|
trusted library allocation
|
page read and write
|
||
|
21640000
|
direct allocation
|
page read and write
|
||
|
244FF000
|
heap
|
page read and write
|
||
|
21DE0000
|
trusted library allocation
|
page read and write
|
||
|
2EF0000
|
trusted library allocation
|
page read and write
|
||
|
241C1000
|
heap
|
page read and write
|
||
|
2E80000
|
trusted library allocation
|
page read and write
|
||
|
24070000
|
trusted library allocation
|
page read and write
|
||
|
24045000
|
trusted library allocation
|
page read and write
|
||
|
7790000
|
trusted library allocation
|
page read and write
|
||
|
2E90000
|
heap
|
page read and write
|
||
|
2F0A000
|
trusted library allocation
|
page execute and read and write
|
||
|
7E90000
|
direct allocation
|
page read and write
|
||
|
2D1E000
|
stack
|
page read and write
|
||
|
241B0000
|
heap
|
page read and write
|
||
|
21EFE000
|
stack
|
page read and write
|
||
|
70A000
|
heap
|
page read and write
|
||
|
24070000
|
trusted library allocation
|
page read and write
|
||
|
22E0000
|
heap
|
page read and write
|
||
|
2EE3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
859E000
|
stack
|
page read and write
|
||
|
215B0000
|
direct allocation
|
page read and write
|
||
|
21C4E000
|
stack
|
page read and write
|
||
|
4AA0000
|
trusted library allocation
|
page read and write
|
||
|
409000
|
unkown
|
page write copy
|
||
|
2200000
|
heap
|
page read and write
|
||
|
21BF0000
|
heap
|
page read and write
|
||
|
7780000
|
trusted library allocation
|
page execute and read and write
|
||
|
5FAB000
|
trusted library allocation
|
page read and write
|
||
|
24080000
|
trusted library allocation
|
page read and write
|
||
|
8600000
|
heap
|
page read and write
|
||
|
2D8E000
|
stack
|
page read and write
|
||
|
24070000
|
trusted library allocation
|
page read and write
|
||
|
733E000
|
stack
|
page read and write
|
||
|
2E89000
|
trusted library allocation
|
page read and write
|
||
|
2FA5000
|
trusted library allocation
|
page execute and read and write
|
||
|
4AB0000
|
heap
|
page read and write
|
||
|
24050000
|
trusted library allocation
|
page read and write
|
||
|
2E60000
|
trusted library allocation
|
page read and write
|
||
|
850C000
|
stack
|
page read and write
|
||
|
24070000
|
trusted library allocation
|
page read and write
|
||
|
64E000
|
stack
|
page read and write
|
||
|
21F60000
|
heap
|
page read and write
|
||
|
444000
|
unkown
|
page read and write
|
||
|
5E29000
|
trusted library allocation
|
page read and write
|
||
|
448000
|
unkown
|
page readonly
|
||
|
48D0000
|
heap
|
page execute and read and write
|
||
|
4A7E000
|
stack
|
page read and write
|
||
|
24080000
|
trusted library allocation
|
page read and write
|
||
|
40B000
|
unkown
|
page read and write
|
||
|
24070000
|
trusted library allocation
|
page read and write
|
||
|
881E000
|
stack
|
page read and write
|
||
|
215F0000
|
direct allocation
|
page read and write
|
||
|
6617000
|
heap
|
page read and write
|
||
|
21A3F000
|
stack
|
page read and write
|
||
|
2210000
|
heap
|
page read and write
|
||
|
21D90000
|
direct allocation
|
page read and write
|
||
|
65A0000
|
heap
|
page read and write
|
||
|
497F000
|
stack
|
page read and write
|
||
|
240D0000
|
trusted library allocation
|
page read and write
|
||
|
245EE000
|
stack
|
page read and write
|
||
|
3060000
|
heap
|
page readonly
|
||
|
2F00000
|
trusted library allocation
|
page read and write
|
||
|
869D000
|
heap
|
page read and write
|
||
|
24070000
|
trusted library allocation
|
page read and write
|
||
|
426000
|
unkown
|
page read and write
|
||
|
8880000
|
heap
|
page read and write
|
||
|
2310000
|
heap
|
page read and write
|
||
|
2F1B000
|
trusted library allocation
|
page execute and read and write
|
||
|
4544000
|
remote allocation
|
page execute and read and write
|
||
|
244B7000
|
heap
|
page read and write
|
||
|
86A1000
|
heap
|
page read and write
|
||
|
6CE000
|
stack
|
page read and write
|
||
|
5E66000
|
trusted library allocation
|
page read and write
|
||
|
862C000
|
heap
|
page read and write
|
||
|
2F9A000
|
trusted library allocation
|
page execute and read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
68E000
|
stack
|
page read and write
|
||
|
24086000
|
trusted library allocation
|
page read and write
|
||
|
7545000
|
heap
|
page read and write
|
||
|
2D46000
|
heap
|
page read and write
|
||
|
2433E000
|
stack
|
page read and write
|
||
|
24060000
|
trusted library allocation
|
page read and write
|
||
|
2ED0000
|
trusted library allocation
|
page read and write
|
||
|
21BEF000
|
stack
|
page read and write
|
||
|
2F10000
|
trusted library allocation
|
page read and write
|
||
|
5F92000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
4F56000
|
trusted library allocation
|
page read and write
|
||
|
2E40000
|
trusted library section
|
page read and write
|
||
|
3078000
|
trusted library allocation
|
page read and write
|
||
|
310E000
|
stack
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
2F12000
|
trusted library allocation
|
page read and write
|
||
|
8350000
|
trusted library allocation
|
page read and write
|
||
|
49B0000
|
heap
|
page execute and read and write
|
||
|
7800000
|
trusted library allocation
|
page read and write
|
||
|
77A0000
|
trusted library allocation
|
page read and write
|
||
|
2E50000
|
trusted library section
|
page read and write
|
||
|
294C000
|
stack
|
page read and write
|
||
|
6F30000
|
direct allocation
|
page read and write
|
||
|
2F4C000
|
heap
|
page read and write
|
||
|
48E0000
|
trusted library allocation
|
page read and write
|
||
|
723000
|
heap
|
page read and write
|
||
|
6EC0000
|
direct allocation
|
page read and write
|
||
|
6EF30000
|
unkown
|
page readonly
|
||
|
215D0000
|
direct allocation
|
page read and write
|
||
|
2E0F000
|
stack
|
page read and write
|
||
|
21E7E000
|
stack
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
6EF4F000
|
unkown
|
page readonly
|
||
|
7500000
|
heap
|
page read and write
|
||
|
6EF0000
|
direct allocation
|
page read and write
|
||
|
24070000
|
trusted library allocation
|
page read and write
|
||
|
242FE000
|
stack
|
page read and write
|
||
|
854C000
|
stack
|
page read and write
|
||
|
6F50000
|
direct allocation
|
page read and write
|
||
|
434000
|
unkown
|
page read and write
|
||
|
21EBE000
|
stack
|
page read and write
|
||
|
42A000
|
unkown
|
page read and write
|
||
|
8890000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EE4000
|
trusted library allocation
|
page read and write
|
||
|
2EC9000
|
heap
|
page read and write
|
||
|
7760000
|
heap
|
page read and write
|
||
|
88C0000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
8667000
|
heap
|
page read and write
|
||
|
652E000
|
stack
|
page read and write
|
||
|
82CE000
|
stack
|
page read and write
|
||
|
98000
|
stack
|
page read and write
|
||
|
21AFD000
|
stack
|
page read and write
|
||
|
4E5F000
|
trusted library allocation
|
page read and write
|
||
|
6344000
|
remote allocation
|
page execute and read and write
|
||
|
2F1A000
|
heap
|
page read and write
|
||
|
2E70000
|
trusted library allocation
|
page read and write
|
||
|
8FB0000
|
direct allocation
|
page execute and read and write
|
||
|
24090000
|
trusted library allocation
|
page read and write
|
||
|
21B60000
|
trusted library allocation
|
page read and write
|
||
|
30CC000
|
stack
|
page read and write
|
||
|
75C2000
|
heap
|
page read and write
|
||
|
24080000
|
trusted library allocation
|
page read and write
|
||
|
6609000
|
heap
|
page read and write
|
||
|
2F51000
|
heap
|
page read and write
|
||
|
3110000
|
heap
|
page read and write
|
||
|
21ABE000
|
stack
|
page read and write
|
||
|
7515000
|
heap
|
page read and write
|
||
|
77F0000
|
trusted library allocation
|
page read and write
|
||
|
8200000
|
trusted library allocation
|
page execute and read and write
|
||
|
2862000
|
heap
|
page read and write
|
||
|
6540000
|
direct allocation
|
page read and write
|
||
|
6651000
|
heap
|
page read and write
|
||
|
8860000
|
trusted library allocation
|
page read and write
|
||
|
8370000
|
trusted library allocation
|
page read and write
|
||
|
9094000
|
direct allocation
|
page execute and read and write
|
||
|
24070000
|
trusted library allocation
|
page read and write
|
||
|
48D5000
|
heap
|
page execute and read and write
|
||
|
215C0000
|
direct allocation
|
page read and write
|
||
|
6EA0000
|
direct allocation
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
665E000
|
heap
|
page read and write
|
||
|
2201C000
|
trusted library allocation
|
page read and write
|
||
|
865C000
|
heap
|
page read and write
|
||
|
448000
|
unkown
|
page readonly
|
||
|
24070000
|
trusted library allocation
|
page read and write
|
||
|
6555000
|
heap
|
page read and write
|
||
|
65FF000
|
heap
|
page read and write
|
||
|
21F0000
|
heap
|
page read and write
|
||
|
48C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
24060000
|
trusted library allocation
|
page read and write
|
||
|
275E000
|
stack
|
page read and write
|
||
|
2EBC000
|
heap
|
page read and write
|
||
|
75B4000
|
heap
|
page read and write
|
||
|
83A0000
|
heap
|
page read and write
|
||
|
8210000
|
trusted library allocation
|
page read and write
|
||
|
21CF0000
|
remote allocation
|
page read and write
|
||
|
737F000
|
stack
|
page read and write
|
||
|
6ED0000
|
direct allocation
|
page read and write
|
||
|
7750000
|
trusted library allocation
|
page read and write
|
||
|
24080000
|
trusted library allocation
|
page read and write
|
||
|
244F2000
|
heap
|
page read and write
|
||
|
885D000
|
stack
|
page read and write
|
||
|
21A7D000
|
stack
|
page read and write
|
||
|
76DE000
|
stack
|
page read and write
|
||
|
6E90000
|
direct allocation
|
page read and write
|
||
|
21F50000
|
trusted library allocation
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
5E01000
|
trusted library allocation
|
page read and write
|
||
|
786B000
|
stack
|
page read and write
|
||
|
240A0000
|
trusted library allocation
|
page read and write
|
||
|
2F06000
|
trusted library allocation
|
page execute and read and write
|
||
|
21CF0000
|
remote allocation
|
page read and write
|
||
|
21F56000
|
trusted library allocation
|
page read and write
|
||
|
8CF000
|
stack
|
page read and write
|
||
|
60E000
|
stack
|
page read and write
|
||
|
493E000
|
stack
|
page read and write
|
||
|
215E0000
|
direct allocation
|
page read and write
|
||
|
22F71000
|
trusted library allocation
|
page read and write
|
||
|
6DA000
|
heap
|
page read and write
|
||
|
8870000
|
trusted library allocation
|
page read and write
|
||
|
3059000
|
heap
|
page read and write
|
||
|
2F17000
|
trusted library allocation
|
page execute and read and write
|
||
|
24090000
|
trusted library allocation
|
page read and write
|
||
|
2E74000
|
trusted library allocation
|
page read and write
|
||
|
8681000
|
heap
|
page read and write
|
||
|
8649000
|
heap
|
page read and write
|
||
|
765E000
|
stack
|
page read and write
|
||
|
6870000
|
heap
|
page read and write
|
||
|
65E1000
|
heap
|
page read and write
|
||
|
21F3E000
|
stack
|
page read and write
|
||
|
21620000
|
direct allocation
|
page read and write
|
||
|
21DDB000
|
stack
|
page read and write
|
||
|
244F9000
|
heap
|
page read and write
|
||
|
2319000
|
heap
|
page read and write
|
||
|
8643000
|
heap
|
page read and write
|
||
|
22F99000
|
trusted library allocation
|
page read and write
|
||
|
81F7000
|
stack
|
page read and write
|
||
|
4AA7000
|
trusted library allocation
|
page read and write
|
||
|
7480000
|
trusted library allocation
|
page read and write
|
||
|
21B3C000
|
stack
|
page read and write
|
||
|
24070000
|
trusted library allocation
|
page read and write
|
||
|
2D20000
|
heap
|
page read and write
|
||
|
77D0000
|
trusted library allocation
|
page read and write
|
||
|
6646000
|
heap
|
page read and write
|
||
|
24070000
|
trusted library allocation
|
page read and write
|
||
|
6610000
|
heap
|
page read and write
|
||
|
659D000
|
stack
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
7730000
|
trusted library allocation
|
page read and write
|
||
|
7504000
|
heap
|
page read and write
|
||
|
6EF46000
|
unkown
|
page readonly
|
||
|
7090000
|
heap
|
page read and write
|
||
|
6F20000
|
direct allocation
|
page read and write
|
||
|
240D0000
|
trusted library allocation
|
page read and write
|
||
|
6EB0000
|
direct allocation
|
page read and write
|
||
|
7820000
|
trusted library allocation
|
page read and write
|
||
|
21D6F000
|
stack
|
page read and write
|
||
|
5FA5000
|
trusted library allocation
|
page read and write
|
||
|
4E01000
|
trusted library allocation
|
page read and write
|
||
|
3050000
|
heap
|
page read and write
|
||
|
9CF000
|
stack
|
page read and write
|
||
|
85EC000
|
heap
|
page read and write
|
||
|
6614000
|
heap
|
page read and write
|
||
|
24070000
|
trusted library allocation
|
page read and write
|
||
|
85DC000
|
stack
|
page read and write
|
||
|
6DE000
|
heap
|
page read and write
|
||
|
2E20000
|
heap
|
page read and write
|
||
|
7FCC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5944000
|
remote allocation
|
page execute and read and write
|
||
|
74A0000
|
trusted library allocation
|
page read and write
|
||
|
24070000
|
trusted library allocation
|
page read and write
|
||
|
6EF31000
|
unkown
|
page execute read
|
||
|
8691000
|
heap
|
page read and write
|
||
|
24070000
|
trusted library allocation
|
page read and write
|
||
|
4A0000
|
heap
|
page read and write
|
||
|
4AB7000
|
heap
|
page read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
828D000
|
stack
|
page read and write
|
||
|
241C0000
|
heap
|
page read and write
|
||
|
82D0000
|
heap
|
page read and write
|
||
|
708000
|
heap
|
page read and write
|
||
|
2F8B000
|
heap
|
page read and write
|
||
|
71F000
|
heap
|
page read and write
|
||
|
750A000
|
heap
|
page read and write
|
||
|
74B0000
|
trusted library allocation
|
page read and write
|
||
|
6F60000
|
direct allocation
|
page read and write
|
||
|
219FE000
|
stack
|
page read and write
|
||
|
6F00000
|
direct allocation
|
page read and write
|
||
|
244B0000
|
heap
|
page read and write
|
||
|
24070000
|
trusted library allocation
|
page read and write
|
||
|
8625000
|
heap
|
page read and write
|
||
|
24080000
|
trusted library allocation
|
page read and write
|
||
|
82E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
6698000
|
heap
|
page read and write
|
||
|
77B0000
|
trusted library allocation
|
page read and write
|
||
|
21630000
|
direct allocation
|
page read and write
|
||
|
2FA0000
|
trusted library allocation
|
page read and write
|
||
|
24080000
|
trusted library allocation
|
page read and write
|
||
|
21BAE000
|
stack
|
page read and write
|
||
|
240D0000
|
trusted library allocation
|
page read and write
|
||
|
304E000
|
stack
|
page read and write
|
||
|
22043000
|
trusted library allocation
|
page read and write
|
||
|
22F75000
|
trusted library allocation
|
page read and write
|
||
|
240D0000
|
trusted library allocation
|
page read and write
|
||
|
22019000
|
trusted library allocation
|
page read and write
|
||
|
7391000
|
heap
|
page read and write
|
||
|
6557000
|
heap
|
page read and write
|
||
|
24070000
|
trusted library allocation
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
74F0000
|
trusted library allocation
|
page read and write
|
||
|
2F4F000
|
heap
|
page read and write
|
||
|
21DF0000
|
heap
|
page read and write
|
||
|
8325000
|
trusted library allocation
|
page read and write
|
||
|
6E3E000
|
stack
|
page read and write
|
||
|
6530000
|
heap
|
page readonly
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
71A000
|
heap
|
page read and write
|
||
|
24070000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
24080000
|
trusted library allocation
|
page read and write
|
||
|
21D80000
|
direct allocation
|
page read and write
|
||
|
2E98000
|
heap
|
page read and write
|
||
|
2315000
|
heap
|
page read and write
|
||
|
AE94000
|
direct allocation
|
page execute and read and write
|
||
|
2F20000
|
trusted library allocation
|
page execute and read and write
|
||
|
75C9000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page read and write
|
||
|
240D0000
|
trusted library allocation
|
page read and write
|
||
|
24080000
|
trusted library allocation
|
page read and write
|
||
|
6EE0000
|
direct allocation
|
page read and write
|
||
|
21C8F000
|
stack
|
page read and write
|
||
|
2F7B000
|
heap
|
page read and write
|
||
|
754A000
|
heap
|
page read and write
|
||
|
3117000
|
heap
|
page read and write
|
||
|
21E37000
|
stack
|
page read and write
|
||
|
21D2E000
|
stack
|
page read and write
|
||
|
75E1000
|
heap
|
page read and write
|
||
|
2E73000
|
trusted library allocation
|
page execute and read and write
|
||
|
22E4000
|
heap
|
page read and write
|
||
|
771D000
|
stack
|
page read and write
|
||
|
24080000
|
trusted library allocation
|
page read and write
|
||
|
6EF4D000
|
unkown
|
page read and write
|
There are 379 hidden memdumps, click here to show them.