Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Priority_Quote_Request_Items_List.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\lftebevgelserne.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\lftebevgelserne.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1wugtjoj.5cr.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5wskqr5x.gfn.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bwlwksee.waz.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_linxwxne.1jp.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\bhv8781.tmp
|
Extensible storage engine DataBase, version 0x620, checksum 0x9cdd386c, page size 32768, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\lmkhnkgtxjjxcrnotizi
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\thrombopenia\Clothesbag25\abv.for
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\thrombopenia\Clothesbag25\biselgs.dis
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\thrombopenia\Clothesbag25\donates.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\thrombopenia\Clothesbag25\serigrafers.fla
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\thrombopenia\Udansk.man
|
ASCII text, with very long lines (4151), with CRLF, LF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\thrombopenia\prefabricate.Led
|
data
|
dropped
|
There are 7 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"powershell.exe" -windowstyle minimized "$Ketonizes=Get-Content -Raw 'C:\Users\user\AppData\Roaming\thrombopenia\Udansk.man';$Stomapod=$Ketonizes.SubString(11239,3);.$Stomapod($Ketonizes)"
|
|
|
|
C:\Users\user\AppData\Local\Temp\lftebevgelserne.exe
|
"C:\Users\user\AppData\Local\Temp\lftebevgelserne.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\lftebevgelserne.exe
|
C:\Users\user\AppData\Local\Temp\lftebevgelserne.exe /stext "C:\Users\user\AppData\Local\Temp\lmkhnkgtxjjxcrnotizi"
|
|
|
|
C:\Users\user\AppData\Local\Temp\lftebevgelserne.exe
|
C:\Users\user\AppData\Local\Temp\lftebevgelserne.exe /stext "C:\Users\user\AppData\Local\Temp\ngpzfdrvkrbkmxjsctukugj"
|
|
|
|
C:\Users\user\AppData\Local\Temp\lftebevgelserne.exe
|
C:\Users\user\AppData\Local\Temp\lftebevgelserne.exe /stext "C:\Users\user\AppData\Local\Temp\xivkgncoyztpolxwtdgdfsekyz"
|
|
|
|
C:\Users\user\Desktop\Priority_Quote_Request_Items_List.exe
|
"C:\Users\user\Desktop\Priority_Quote_Request_Items_List.exe"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Startup key" /t REG_EXPAND_SZ
/d "%Wende% -windowstyle 1 $Pertline=(gp -Path 'HKCU:\Software\Platanus\').Grundtankerne;%Wende% ($Pertline)"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\reg.exe
|
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Startup key" /t REG_EXPAND_SZ /d "%Wende% -windowstyle
1 $Pertline=(gp -Path 'HKCU:\Software\Platanus\').Grundtankerne;%Wende% ($Pertline)"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
https://www.google.com
|
unknown
|
||
|
http://geoplugin.net/json.gpC
|
unknown
|
||
|
http://www.imvu.comr
|
unknown
|
||
|
http://geoplugin.net/json.gpL
|
unknown
|
||
|
http://geoplugin.net/json.gpl
|
unknown
|
||
|
http://www.imvu.com
|
unknown
|
||
|
https://www.google.com/accounts/servicelogin
|
unknown
|
||
|
http://geoplugin.net/json.gpq
|
unknown
|
||
|
https://login.yahoo.com/config/login
|
unknown
|
||
|
http://geoplugin.net/json.gp8
|
unknown
|
||
|
http://www.nirsoft.net
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://geoplugin.net/json.gpU
|
unknown
|
||
|
http://www.nirsoft.net/
|
unknown
|
||
|
http://www.imvu.comata
|
unknown
|
||
|
http://103.72.57.120/diddyishere/YyHolEVWoHsYmSFIbeB57.bin
|
103.72.57.120
|
||
|
http://103.72.57.120/diddyishere/YyHolEVWoHsYmSFIbeB57.binl
|
unknown
|
||
|
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
|
unknown
|
||
|
http://www.ebuddy.com
|
unknown
|
There are 10 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
geoplugin.net
|
178.237.33.50
|
||
|
198.187.3.20.in-addr.arpa
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.150.191.117
|
unknown
|
United States
|
|
|
|
103.72.57.120
|
unknown
|
India
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-QGLBE0
|
exepath
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-QGLBE0
|
licence
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-QGLBE0
|
time
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Platanus
|
Grundtankerne
|
||
|
HKEY_CURRENT_USER\Environment
|
Wende
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Startup key
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
287A000
|
heap
|
page read and write
|
|
|
|
2858000
|
heap
|
page read and write
|
|
|
|
2867000
|
heap
|
page read and write
|
|
|
|
9A3000
|
heap
|
page read and write
|
||
|
2681000
|
heap
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
287F000
|
heap
|
page read and write
|
||
|
961000
|
heap
|
page read and write
|
||
|
99A000
|
heap
|
page read and write
|
||
|
665000
|
heap
|
page read and write
|
||
|
983000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
9F3000
|
heap
|
page read and write
|
||
|
97E000
|
heap
|
page read and write
|
||
|
961000
|
heap
|
page read and write
|
||
|
1F200000
|
unclassified section
|
page execute and read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
4D7000
|
heap
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
1EBE0000
|
heap
|
page read and write
|
||
|
1EFDB000
|
heap
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
9C2000
|
heap
|
page read and write
|
||
|
5EE000
|
stack
|
page read and write
|
||
|
2915000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
969000
|
heap
|
page read and write
|
||
|
96C000
|
heap
|
page read and write
|
||
|
2818000
|
heap
|
page read and write
|
||
|
45D000
|
system
|
page execute and read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
2730000
|
direct allocation
|
page read and write
|
||
|
2BB0000
|
trusted library allocation
|
page read and write
|
||
|
1F1E6000
|
unclassified section
|
page execute and read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
2681000
|
heap
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
961000
|
heap
|
page read and write
|
||
|
28FE000
|
stack
|
page read and write
|
||
|
9FC000
|
heap
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
1EBE1000
|
heap
|
page read and write
|
||
|
48A000
|
unkown
|
page readonly
|
||
|
480000
|
heap
|
page read and write
|
||
|
9C2000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
1ECD2000
|
heap
|
page read and write
|
||
|
97E000
|
heap
|
page read and write
|
||
|
6A9000
|
heap
|
page read and write
|
||
|
2891000
|
heap
|
page read and write
|
||
|
99F000
|
heap
|
page read and write
|
||
|
421000
|
unkown
|
page read and write
|
||
|
2D81000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
97E000
|
heap
|
page read and write
|
||
|
2158000
|
heap
|
page read and write
|
||
|
A4A000
|
heap
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
4B7F000
|
heap
|
page read and write
|
||
|
270F000
|
stack
|
page read and write
|
||
|
98A000
|
heap
|
page read and write
|
||
|
99B000
|
heap
|
page read and write
|
||
|
288F000
|
heap
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
961000
|
heap
|
page read and write
|
||
|
448000
|
unkown
|
page readonly
|
||
|
341E000
|
stack
|
page read and write
|
||
|
22F3000
|
remote allocation
|
page execute and read and write
|
||
|
288F000
|
heap
|
page read and write
|
||
|
97E000
|
heap
|
page read and write
|
||
|
177000
|
stack
|
page read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
2D9E000
|
heap
|
page read and write
|
||
|
1F1EC000
|
unclassified section
|
page execute and read and write
|
||
|
2BA0000
|
trusted library allocation
|
page read and write
|
||
|
4450000
|
heap
|
page read and write
|
||
|
7FF000
|
stack
|
page read and write
|
||
|
2681000
|
heap
|
page read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
99B000
|
heap
|
page read and write
|
||
|
444000
|
unkown
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
28E2000
|
heap
|
page read and write
|
||
|
62E000
|
stack
|
page read and write
|
||
|
260F000
|
stack
|
page read and write
|
||
|
98A000
|
heap
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
2810000
|
heap
|
page read and write
|
||
|
961000
|
heap
|
page read and write
|
||
|
2681000
|
heap
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
94F000
|
stack
|
page read and write
|
||
|
1E68F000
|
stack
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
68C000
|
heap
|
page read and write
|
||
|
21C0000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
2681000
|
heap
|
page read and write
|
||
|
2790000
|
direct allocation
|
page read and write
|
||
|
99F000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
269E000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2C9F000
|
stack
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
9CF000
|
heap
|
page read and write
|
||
|
4B8000
|
heap
|
page read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
983000
|
heap
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
97E000
|
heap
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
93F000
|
stack
|
page read and write
|
||
|
68C000
|
heap
|
page read and write
|
||
|
26E0000
|
heap
|
page read and write
|
||
|
27E0000
|
direct allocation
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
2681000
|
heap
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
99F000
|
heap
|
page read and write
|
||
|
2820000
|
heap
|
page read and write
|
||
|
2C5E000
|
heap
|
page read and write
|
||
|
1EF63000
|
heap
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
434000
|
unkown
|
page read and write
|
||
|
4360000
|
direct allocation
|
page read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
2681000
|
heap
|
page read and write
|
||
|
2BA0000
|
trusted library allocation
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
8AD000
|
heap
|
page read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
4C07000
|
trusted library allocation
|
page read and write
|
||
|
1F04B000
|
heap
|
page read and write
|
||
|
193000
|
stack
|
page read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
969000
|
heap
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
1F169000
|
unclassified section
|
page execute and read and write
|
||
|
48A000
|
unkown
|
page readonly
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
2FD2000
|
heap
|
page read and write
|
||
|
1E520000
|
direct allocation
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
A49000
|
heap
|
page read and write
|
||
|
2681000
|
heap
|
page read and write
|
||
|
2750000
|
direct allocation
|
page read and write
|
||
|
2681000
|
heap
|
page read and write
|
||
|
27F8000
|
heap
|
page read and write
|
||
|
961000
|
heap
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
983000
|
heap
|
page read and write
|
||
|
2BA0000
|
trusted library allocation
|
page read and write
|
||
|
1EC5A000
|
heap
|
page read and write
|
||
|
1E99C000
|
stack
|
page read and write
|
||
|
2681000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
961000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
2C59000
|
heap
|
page read and write
|
||
|
97E000
|
heap
|
page read and write
|
||
|
96E000
|
heap
|
page read and write
|
||
|
4BE000
|
stack
|
page read and write
|
||
|
2681000
|
heap
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
2590000
|
heap
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
35E0000
|
heap
|
page read and write
|
||
|
68C000
|
heap
|
page read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
2710000
|
direct allocation
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
2250000
|
heap
|
page read and write
|
||
|
2E9D000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
2BB4000
|
heap
|
page read and write
|
||
|
48A000
|
unkown
|
page readonly
|
||
|
971000
|
heap
|
page read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
664000
|
heap
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
29C0000
|
heap
|
page read and write
|
||
|
2893000
|
heap
|
page read and write
|
||
|
1F110000
|
unclassified section
|
page execute and read and write
|
||
|
22C0000
|
trusted library allocation
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page write copy
|
||
|
1EFDB000
|
heap
|
page read and write
|
||
|
22C5000
|
heap
|
page read and write
|
||
|
3300000
|
heap
|
page read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
4380000
|
direct allocation
|
page read and write
|
||
|
2591000
|
heap
|
page read and write
|
||
|
969000
|
heap
|
page read and write
|
||
|
21FA000
|
heap
|
page read and write
|
||
|
9A3000
|
heap
|
page read and write
|
||
|
29D0000
|
heap
|
page read and write
|
||
|
2681000
|
heap
|
page read and write
|
||
|
1EE71000
|
heap
|
page read and write
|
||
|
1EC58000
|
heap
|
page read and write
|
||
|
2680000
|
heap
|
page read and write
|
||
|
1E3AF000
|
stack
|
page read and write
|
||
|
2BA0000
|
trusted library allocation
|
page read and write
|
||
|
984000
|
heap
|
page read and write
|
||
|
2650000
|
heap
|
page read and write
|
||
|
2B9F000
|
unkown
|
page read and write
|
||
|
456000
|
system
|
page execute and read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
81E000
|
stack
|
page read and write
|
||
|
2681000
|
heap
|
page read and write
|
||
|
28E2000
|
heap
|
page read and write
|
||
|
2591000
|
heap
|
page read and write
|
||
|
2D9E000
|
heap
|
page read and write
|
||
|
96C000
|
heap
|
page read and write
|
||
|
9B8000
|
heap
|
page read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
27A0000
|
direct allocation
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
99E000
|
heap
|
page read and write
|
||
|
BAF000
|
stack
|
page read and write
|
||
|
969000
|
heap
|
page read and write
|
||
|
961000
|
heap
|
page read and write
|
||
|
9B1000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page write copy
|
||
|
664000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
2770000
|
direct allocation
|
page read and write
|
||
|
886000
|
heap
|
page read and write
|
||
|
1EF63000
|
heap
|
page read and write
|
||
|
2681000
|
heap
|
page read and write
|
||
|
3428000
|
heap
|
page read and write
|
||
|
9A9000
|
heap
|
page read and write
|
||
|
971000
|
heap
|
page read and write
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
971000
|
heap
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
1F00B000
|
heap
|
page read and write
|
||
|
2BBF000
|
stack
|
page read and write
|
||
|
1F07D000
|
heap
|
page read and write
|
||
|
961000
|
heap
|
page read and write
|
||
|
2EBD000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
6A6000
|
heap
|
page read and write
|
||
|
98A000
|
heap
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
97E000
|
heap
|
page read and write
|
||
|
48A000
|
unkown
|
page readonly
|
||
|
608000
|
heap
|
page read and write
|
||
|
2A7E000
|
stack
|
page read and write
|
||
|
2100000
|
heap
|
page read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
1EE71000
|
heap
|
page read and write
|
||
|
280F000
|
stack
|
page read and write
|
||
|
35DF000
|
stack
|
page read and write
|
||
|
9A9000
|
heap
|
page read and write
|
||
|
1E540000
|
direct allocation
|
page read and write
|
||
|
43A0000
|
direct allocation
|
page read and write
|
||
|
97E000
|
heap
|
page read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
983000
|
heap
|
page read and write
|
||
|
97E000
|
heap
|
page read and write
|
||
|
32F0000
|
heap
|
page read and write
|
||
|
2330000
|
heap
|
page read and write
|
||
|
985000
|
heap
|
page read and write
|
||
|
8A3000
|
heap
|
page read and write
|
||
|
971000
|
heap
|
page read and write
|
||
|
289E000
|
heap
|
page read and write
|
||
|
47E000
|
stack
|
page read and write
|
||
|
43B0000
|
direct allocation
|
page read and write
|
||
|
2891000
|
heap
|
page read and write
|
||
|
291A000
|
heap
|
page read and write
|
||
|
28E2000
|
heap
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
97E000
|
heap
|
page read and write
|
||
|
98E000
|
heap
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
1EADE000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1EC58000
|
heap
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
970000
|
heap
|
page read and write
|
||
|
97E000
|
heap
|
page read and write
|
||
|
2BB7000
|
heap
|
page read and write
|
||
|
43D0000
|
heap
|
page read and write
|
||
|
448000
|
unkown
|
page readonly
|
||
|
2912000
|
heap
|
page read and write
|
||
|
1F231000
|
direct allocation
|
page execute and read and write
|
||
|
2FBD000
|
heap
|
page read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
665000
|
heap
|
page read and write
|
||
|
9A3000
|
heap
|
page read and write
|
||
|
2838000
|
heap
|
page read and write
|
||
|
1F05D000
|
heap
|
page read and write
|
||
|
48A000
|
unkown
|
page readonly
|
||
|
96C000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
288F000
|
heap
|
page read and write
|
||
|
84F000
|
stack
|
page read and write
|
||
|
7FF000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
289E000
|
heap
|
page read and write
|
||
|
2B7F000
|
stack
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
2681000
|
heap
|
page read and write
|
||
|
68C000
|
heap
|
page read and write
|
||
|
426000
|
unkown
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
63D000
|
stack
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
665000
|
heap
|
page read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
2681000
|
heap
|
page read and write
|
||
|
4DE000
|
stack
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
2260000
|
heap
|
page read and write
|
||
|
977000
|
heap
|
page read and write
|
||
|
99D000
|
heap
|
page read and write
|
||
|
665000
|
heap
|
page read and write
|
||
|
1E2AE000
|
stack
|
page read and write
|
||
|
325D000
|
stack
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
27BE000
|
stack
|
page read and write
|
||
|
2740000
|
direct allocation
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
665000
|
heap
|
page read and write
|
||
|
1F183000
|
unclassified section
|
page execute and read and write
|
||
|
289E000
|
heap
|
page read and write
|
||
|
994000
|
heap
|
page read and write
|
||
|
68C000
|
heap
|
page read and write
|
||
|
28BF000
|
stack
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
2720000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
985000
|
heap
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
538000
|
heap
|
page read and write
|
||
|
44F0000
|
heap
|
page read and write
|
||
|
448000
|
unkown
|
page readonly
|
||
|
680000
|
heap
|
page read and write
|
||
|
473000
|
system
|
page execute and read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
288F000
|
heap
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
96E000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
329D000
|
stack
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
1EBDF000
|
stack
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
459000
|
system
|
page execute and read and write
|
||
|
1EA9D000
|
stack
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
2681000
|
heap
|
page read and write
|
||
|
8AD000
|
heap
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
27D0000
|
direct allocation
|
page read and write
|
||
|
96E000
|
heap
|
page read and write
|
||
|
97E000
|
heap
|
page read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
2700000
|
direct allocation
|
page read and write
|
||
|
1710000
|
remote allocation
|
page execute and read and write
|
||
|
2154000
|
heap
|
page read and write
|
||
|
1F190000
|
unclassified section
|
page execute and read and write
|
||
|
1F01B000
|
heap
|
page read and write
|
||
|
2681000
|
heap
|
page read and write
|
||
|
976000
|
heap
|
page read and write
|
||
|
987000
|
heap
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
994000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page write copy
|
||
|
287F000
|
heap
|
page read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
1F246000
|
direct allocation
|
page execute and read and write
|
||
|
6A9000
|
heap
|
page read and write
|
||
|
4FE000
|
stack
|
page read and write
|
||
|
409000
|
unkown
|
page write copy
|
||
|
970000
|
heap
|
page read and write
|
||
|
4390000
|
direct allocation
|
page read and write
|
||
|
68C000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
97E000
|
heap
|
page read and write
|
||
|
565000
|
heap
|
page read and write
|
||
|
1ECD2000
|
heap
|
page read and write
|
||
|
448000
|
unkown
|
page readonly
|
||
|
9A3000
|
heap
|
page read and write
|
||
|
2BA0000
|
trusted library allocation
|
page read and write
|
||
|
9CE000
|
stack
|
page read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
665000
|
heap
|
page read and write
|
||
|
359E000
|
stack
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
2BA0000
|
trusted library allocation
|
page read and write
|
||
|
2681000
|
heap
|
page read and write
|
||
|
971000
|
heap
|
page read and write
|
||
|
97E000
|
heap
|
page read and write
|
||
|
448000
|
unkown
|
page readonly
|
||
|
99E000
|
heap
|
page read and write
|
||
|
97E000
|
heap
|
page read and write
|
||
|
665000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
355F000
|
stack
|
page read and write
|
||
|
2681000
|
heap
|
page read and write
|
||
|
9A2000
|
heap
|
page read and write
|
||
|
1EBE1000
|
heap
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
98000
|
stack
|
page read and write
|
||
|
98C000
|
heap
|
page read and write
|
||
|
969000
|
heap
|
page read and write
|
||
|
2CB0000
|
heap
|
page read and write
|
||
|
2681000
|
heap
|
page read and write
|
||
|
97E000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
2150000
|
heap
|
page read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
4E6000
|
heap
|
page read and write
|
||
|
2681000
|
heap
|
page read and write
|
||
|
99B000
|
heap
|
page read and write
|
||
|
2681000
|
heap
|
page read and write
|
||
|
2887000
|
heap
|
page read and write
|
||
|
1F21B000
|
unclassified section
|
page execute and read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
41B000
|
system
|
page execute and read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
219E000
|
stack
|
page read and write
|
||
|
97E000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
981000
|
heap
|
page read and write
|
||
|
20C0000
|
heap
|
page read and write
|
||
|
7CE000
|
unkown
|
page read and write
|
||
|
961000
|
heap
|
page read and write
|
||
|
2760000
|
direct allocation
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
1E58E000
|
stack
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
98A000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
287F000
|
heap
|
page read and write
|
||
|
448000
|
unkown
|
page readonly
|
||
|
2725000
|
heap
|
page read and write
|
||
|
68C000
|
heap
|
page read and write
|
||
|
1E010000
|
heap
|
page read and write
|
||
|
658000
|
heap
|
page read and write
|
||
|
2681000
|
heap
|
page read and write
|
||
|
53E000
|
stack
|
page read and write
|
||
|
97D000
|
heap
|
page read and write
|
||
|
1E510000
|
direct allocation
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
2681000
|
heap
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
961000
|
heap
|
page read and write
|
||
|
1EF62000
|
heap
|
page read and write
|
||
|
29FF000
|
stack
|
page read and write
|
||
|
99E000
|
heap
|
page read and write
|
||
|
22C0000
|
heap
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
631000
|
heap
|
page read and write
|
||
|
96E000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
9C000
|
stack
|
page read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
3420000
|
heap
|
page read and write
|
||
|
99E000
|
heap
|
page read and write
|
||
|
28E2000
|
heap
|
page read and write
|
||
|
665000
|
heap
|
page read and write
|
||
|
54D000
|
heap
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
17C000
|
stack
|
page read and write
|
||
|
291A000
|
heap
|
page read and write
|
||
|
18F000
|
stack
|
page read and write
|
||
|
86B000
|
heap
|
page read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
27C0000
|
direct allocation
|
page read and write
|
||
|
A49000
|
heap
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
961000
|
heap
|
page read and write
|
||
|
98E000
|
heap
|
page read and write
|
||
|
61A000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
665000
|
heap
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
1E530000
|
direct allocation
|
page read and write
|
||
|
2893000
|
heap
|
page read and write
|
||
|
19F000
|
stack
|
page read and write
|
||
|
220E000
|
stack
|
page read and write
|
||
|
4370000
|
direct allocation
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
978000
|
heap
|
page read and write
|
||
|
268F000
|
heap
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
2780000
|
direct allocation
|
page read and write
|
||
|
1EE50000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
288F000
|
heap
|
page read and write
|
||
|
2CC0000
|
heap
|
page read and write
|
||
|
2913000
|
heap
|
page read and write
|
||
|
480000
|
heap
|
page read and write
|
||
|
99B000
|
heap
|
page read and write
|
||
|
448000
|
unkown
|
page readonly
|
||
|
73D000
|
stack
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
2913000
|
heap
|
page read and write
|
||
|
1EEEA000
|
heap
|
page read and write
|
||
|
222E000
|
stack
|
page read and write
|
||
|
9E000
|
stack
|
page read and write
|
||
|
97E000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page write copy
|
||
|
690000
|
heap
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
665000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
987000
|
heap
|
page read and write
|
||
|
45C000
|
system
|
page execute and read and write
|
||
|
971000
|
heap
|
page read and write
|
||
|
984000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
18F3000
|
remote allocation
|
page execute and read and write
|
||
|
27B0000
|
direct allocation
|
page read and write
|
||
|
983000
|
heap
|
page read and write
|
||
|
9FC000
|
heap
|
page read and write
|
||
|
98A000
|
heap
|
page read and write
|
||
|
96D000
|
heap
|
page read and write
|
||
|
973000
|
heap
|
page read and write
|
||
|
97E000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
977000
|
heap
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
97E000
|
heap
|
page read and write
|
||
|
1EE70000
|
heap
|
page read and write
|
||
|
1F00C000
|
heap
|
page read and write
|
||
|
1F05D000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page write copy
|
||
|
2893000
|
heap
|
page read and write
|
||
|
988000
|
heap
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page read and write
|
||
|
965000
|
heap
|
page read and write
|
||
|
48A000
|
unkown
|
page readonly
|
||
|
99B000
|
heap
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
232F000
|
stack
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
1F230000
|
direct allocation
|
page read and write
|
||
|
983000
|
heap
|
page read and write
|
||
|
83F000
|
stack
|
page read and write
|
||
|
1F16D000
|
unclassified section
|
page execute and read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
37D0000
|
heap
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
882000
|
heap
|
page read and write
|
||
|
48A000
|
unkown
|
page readonly
|
There are 596 hidden memdumps, click here to show them.