Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
GoogleInstaller.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_511l3j2j.si2.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vxwq2z0d.deo.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\config
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\GoogleInstaller.exe
|
"C:\Users\user\Desktop\GoogleInstaller.exe"
|
|
|
|
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
|
"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
powershell -WindowStyle hidden -Command "if (-Not (Test-Path \"HKCU:\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\App\"))
{ Set-ItemProperty -Path \"HKCU:\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\" -Name \"App\" -Value \"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe\"
}"
|
|
|
|
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
|
"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://protobuf.dev/reference/go/faq#namespace-conflictduration
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://46.8.232.106/
|
46.8.232.106
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://46.8.232.106
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://www.microsoft.co
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://github.com/golang/protobuf/issues/1609):
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://46.8.236.61/
|
46.8.236.61
|
||
|
http://93.185.159.253
|
unknown
|
||
|
http://46.8.236.61
|
unknown
|
||
|
http://91.212.166.91User-Agent:
|
unknown
|
||
|
http://91.212.166.91http://46.8.232.106
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://91.212.166.91
|
unknown
|
There are 11 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
198.187.3.20.in-addr.arpa
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
94.103.90.9
|
unknown
|
Russian Federation
|
|
|
|
46.8.232.106
|
unknown
|
Russian Federation
|
||
|
46.8.236.61
|
unknown
|
Russian Federation
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
App
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
87D0000
|
heap
|
page read and write
|
||
|
1EDD000
|
unkown
|
page readonly
|
||
|
5B9000
|
heap
|
page read and write
|
||
|
BCAE000
|
direct allocation
|
page read and write
|
||
|
968000
|
direct allocation
|
page read and write
|
||
|
2420000
|
heap
|
page read and write
|
||
|
34F0000
|
heap
|
page read and write
|
||
|
BD4C000
|
direct allocation
|
page read and write
|
||
|
764B000
|
stack
|
page read and write
|
||
|
23D0000
|
direct allocation
|
page read and write
|
||
|
65E000
|
heap
|
page read and write
|
||
|
7000000
|
trusted library allocation
|
page read and write
|
||
|
354D000
|
trusted library allocation
|
page execute and read and write
|
||
|
407B000
|
stack
|
page read and write
|
||
|
BCFE000
|
direct allocation
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
2D20000
|
direct allocation
|
page read and write
|
||
|
22F99000
|
direct allocation
|
page read and write
|
||
|
4B72000
|
direct allocation
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
2C6C000
|
direct allocation
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
BC02000
|
direct allocation
|
page read and write
|
||
|
1F45000
|
heap
|
page read and write
|
||
|
1F01000
|
unkown
|
page readonly
|
||
|
BC10000
|
direct allocation
|
page read and write
|
||
|
2C45000
|
direct allocation
|
page read and write
|
||
|
1E1E000
|
unkown
|
page write copy
|
||
|
BCF8000
|
direct allocation
|
page read and write
|
||
|
87E0000
|
trusted library allocation
|
page read and write
|
||
|
2C72000
|
direct allocation
|
page read and write
|
||
|
2BDD000
|
stack
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
76CB000
|
stack
|
page read and write
|
||
|
2C5A000
|
direct allocation
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
2D12000
|
direct allocation
|
page read and write
|
||
|
BC0C000
|
direct allocation
|
page read and write
|
||
|
1EEF000
|
unkown
|
page readonly
|
||
|
7A21000
|
heap
|
page read and write
|
||
|
BCAA000
|
direct allocation
|
page read and write
|
||
|
77BE000
|
stack
|
page read and write
|
||
|
2C94000
|
direct allocation
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
BC12000
|
direct allocation
|
page read and write
|
||
|
2C92000
|
direct allocation
|
page read and write
|
||
|
2C4C000
|
direct allocation
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
BC47000
|
direct allocation
|
page read and write
|
||
|
BC98000
|
direct allocation
|
page read and write
|
||
|
BD0C000
|
direct allocation
|
page read and write
|
||
|
1E22000
|
unkown
|
page read and write
|
||
|
2CA4000
|
direct allocation
|
page read and write
|
||
|
950000
|
heap
|
page readonly
|
||
|
79F6000
|
heap
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
22FE000
|
stack
|
page read and write
|
||
|
536E000
|
stack
|
page read and write
|
||
|
4DE0000
|
trusted library allocation
|
page read and write
|
||
|
5ED8000
|
trusted library allocation
|
page read and write
|
||
|
777E000
|
stack
|
page read and write
|
||
|
4EF5000
|
heap
|
page execute and read and write
|
||
|
E80000
|
unkown
|
page readonly
|
||
|
2BF00000
|
direct allocation
|
page read and write
|
||
|
1F40000
|
heap
|
page read and write
|
||
|
2C5E000
|
direct allocation
|
page read and write
|
||
|
6F43000
|
direct allocation
|
page read and write
|
||
|
BD28000
|
direct allocation
|
page read and write
|
||
|
3540000
|
trusted library allocation
|
page read and write
|
||
|
2C80000
|
direct allocation
|
page read and write
|
||
|
7CFD000
|
stack
|
page read and write
|
||
|
7D40000
|
trusted library allocation
|
page read and write
|
||
|
53AE000
|
stack
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
BD2A000
|
direct allocation
|
page read and write
|
||
|
159000
|
stack
|
page read and write
|
||
|
88F0000
|
trusted library allocation
|
page read and write
|
||
|
2B1F000
|
stack
|
page read and write
|
||
|
BD4E000
|
direct allocation
|
page read and write
|
||
|
3EFD000
|
direct allocation
|
page read and write
|
||
|
BD52000
|
direct allocation
|
page read and write
|
||
|
1FBE000
|
stack
|
page read and write
|
||
|
768D000
|
stack
|
page read and write
|
||
|
2BE3E000
|
stack
|
page read and write
|
||
|
BD8C000
|
direct allocation
|
page read and write
|
||
|
2D80000
|
direct allocation
|
page read and write
|
||
|
2C7E000
|
direct allocation
|
page read and write
|
||
|
1E1F000
|
unkown
|
page read and write
|
||
|
1FF0000
|
direct allocation
|
page read and write
|
||
|
BC20000
|
direct allocation
|
page read and write
|
||
|
339E000
|
stack
|
page read and write
|
||
|
BD42000
|
direct allocation
|
page read and write
|
||
|
1C6B000
|
unkown
|
page readonly
|
||
|
7A91000
|
heap
|
page read and write
|
||
|
3D78000
|
direct allocation
|
page read and write
|
||
|
22CFE000
|
stack
|
page read and write
|
||
|
7C3E000
|
stack
|
page read and write
|
||
|
3575000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D30000
|
direct allocation
|
page read and write
|
||
|
BCE6000
|
direct allocation
|
page read and write
|
||
|
2C20000
|
direct allocation
|
page read and write
|
||
|
BD2E000
|
direct allocation
|
page read and write
|
||
|
2D6A000
|
direct allocation
|
page read and write
|
||
|
2BEC0000
|
direct allocation
|
page read and write
|
||
|
4E50000
|
trusted library allocation
|
page read and write
|
||
|
7D60000
|
trusted library allocation
|
page read and write
|
||
|
261F000
|
stack
|
page read and write
|
||
|
1EA0000
|
unkown
|
page read and write
|
||
|
77FE000
|
stack
|
page read and write
|
||
|
35DE000
|
stack
|
page read and write
|
||
|
BC8A000
|
direct allocation
|
page read and write
|
||
|
BCEC000
|
direct allocation
|
page read and write
|
||
|
2FE6000
|
heap
|
page read and write
|
||
|
2BEBF000
|
stack
|
page read and write
|
||
|
2C1C000
|
direct allocation
|
page read and write
|
||
|
3544000
|
trusted library allocation
|
page read and write
|
||
|
2D0C000
|
direct allocation
|
page read and write
|
||
|
4E40000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C96000
|
direct allocation
|
page read and write
|
||
|
3572000
|
direct allocation
|
page read and write
|
||
|
54A3000
|
trusted library allocation
|
page read and write
|
||
|
BC9C000
|
direct allocation
|
page read and write
|
||
|
835000
|
heap
|
page read and write
|
||
|
BBEF000
|
stack
|
page read and write
|
||
|
6451000
|
trusted library allocation
|
page read and write
|
||
|
2C14000
|
direct allocation
|
page read and write
|
||
|
7DC0000
|
trusted library allocation
|
page read and write
|
||
|
7A02000
|
heap
|
page read and write
|
||
|
33DC000
|
heap
|
page read and write
|
||
|
2BEC8000
|
direct allocation
|
page read and write
|
||
|
BD80000
|
direct allocation
|
page read and write
|
||
|
79EE000
|
heap
|
page read and write
|
||
|
2A80000
|
remote allocation
|
page execute and read and write
|
||
|
33B0000
|
heap
|
page read and write
|
||
|
2BF02000
|
direct allocation
|
page read and write
|
||
|
7D80000
|
trusted library allocation
|
page read and write
|
||
|
7DA0000
|
trusted library allocation
|
page read and write
|
||
|
34EF000
|
stack
|
page read and write
|
||
|
2D10000
|
direct allocation
|
page read and write
|
||
|
126B000
|
unkown
|
page readonly
|
||
|
2CA8000
|
direct allocation
|
page read and write
|
||
|
BCF0000
|
direct allocation
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
55D000
|
stack
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
49CA000
|
direct allocation
|
page read and write
|
||
|
5C49000
|
trusted library allocation
|
page read and write
|
||
|
22FFD000
|
stack
|
page read and write
|
||
|
1E1B000
|
unkown
|
page read and write
|
||
|
7A06000
|
heap
|
page read and write
|
||
|
5B5000
|
heap
|
page read and write
|
||
|
34F4000
|
direct allocation
|
page read and write
|
||
|
74CB000
|
stack
|
page read and write
|
||
|
2F58000
|
stack
|
page read and write
|
||
|
1E23000
|
unkown
|
page write copy
|
||
|
2B5D000
|
stack
|
page read and write
|
||
|
2D57000
|
direct allocation
|
page read and write
|
||
|
326B000
|
remote allocation
|
page execute and read and write
|
||
|
3D7E000
|
direct allocation
|
page read and write
|
||
|
79FF000
|
heap
|
page read and write
|
||
|
BC0E000
|
direct allocation
|
page read and write
|
||
|
4DE8000
|
trusted library allocation
|
page read and write
|
||
|
44FB000
|
direct allocation
|
page read and write
|
||
|
89A0000
|
heap
|
page read and write
|
||
|
268D000
|
stack
|
page read and write
|
||
|
2D6E000
|
direct allocation
|
page read and write
|
||
|
2C56000
|
direct allocation
|
page read and write
|
||
|
2C12000
|
direct allocation
|
page read and write
|
||
|
BC26000
|
direct allocation
|
page read and write
|
||
|
2D18000
|
direct allocation
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
532E000
|
stack
|
page read and write
|
||
|
BCF4000
|
direct allocation
|
page read and write
|
||
|
7D70000
|
trusted library allocation
|
page read and write
|
||
|
75CA000
|
stack
|
page read and write
|
||
|
33B8000
|
heap
|
page read and write
|
||
|
5440000
|
heap
|
page execute and read and write
|
||
|
1E68000
|
unkown
|
page read and write
|
||
|
7A1D000
|
heap
|
page read and write
|
||
|
64B9000
|
trusted library allocation
|
page read and write
|
||
|
1EDD000
|
unkown
|
page readonly
|
||
|
BD32000
|
direct allocation
|
page read and write
|
||
|
3590000
|
trusted library allocation
|
page read and write
|
||
|
2BDFD000
|
stack
|
page read and write
|
||
|
2C02000
|
direct allocation
|
page read and write
|
||
|
BCF2000
|
direct allocation
|
page read and write
|
||
|
4020000
|
heap
|
page read and write
|
||
|
3D7A000
|
direct allocation
|
page read and write
|
||
|
BD46000
|
direct allocation
|
page read and write
|
||
|
88C0000
|
trusted library allocation
|
page read and write
|
||
|
2C9A000
|
direct allocation
|
page read and write
|
||
|
BCE0000
|
direct allocation
|
page read and write
|
||
|
72B4000
|
direct allocation
|
page read and write
|
||
|
BC4E000
|
direct allocation
|
page read and write
|
||
|
4E70000
|
heap
|
page read and write
|
||
|
2C62000
|
direct allocation
|
page read and write
|
||
|
5D64000
|
direct allocation
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
2BC7F000
|
stack
|
page read and write
|
||
|
637000
|
heap
|
page read and write
|
||
|
7D90000
|
trusted library allocation
|
page read and write
|
||
|
2C1E000
|
direct allocation
|
page read and write
|
||
|
7A70000
|
trusted library allocation
|
page read and write
|
||
|
2D6C000
|
direct allocation
|
page read and write
|
||
|
BC37000
|
direct allocation
|
page read and write
|
||
|
1EEF000
|
unkown
|
page readonly
|
||
|
BCC0000
|
direct allocation
|
page read and write
|
||
|
2D42000
|
direct allocation
|
page read and write
|
||
|
BC06000
|
direct allocation
|
page read and write
|
||
|
2C8C000
|
direct allocation
|
page read and write
|
||
|
7CBE000
|
stack
|
page read and write
|
||
|
2640000
|
heap
|
page read and write
|
||
|
BC16000
|
direct allocation
|
page read and write
|
||
|
BCA0000
|
direct allocation
|
page read and write
|
||
|
4803000
|
direct allocation
|
page read and write
|
||
|
4DDE000
|
stack
|
page read and write
|
||
|
327B000
|
remote allocation
|
page readonly
|
||
|
230FF000
|
stack
|
page read and write
|
||
|
2C78000
|
direct allocation
|
page read and write
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
2D40000
|
direct allocation
|
page read and write
|
||
|
BD56000
|
direct allocation
|
page read and write
|
||
|
400000
|
heap
|
page read and write
|
||
|
330E000
|
stack
|
page read and write
|
||
|
8965000
|
trusted library allocation
|
page read and write
|
||
|
7DF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
748D000
|
stack
|
page read and write
|
||
|
516F000
|
direct allocation
|
page read and write
|
||
|
BC04000
|
direct allocation
|
page read and write
|
||
|
BCEE000
|
direct allocation
|
page read and write
|
||
|
88B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
BC34000
|
direct allocation
|
page read and write
|
||
|
1E20000
|
unkown
|
page write copy
|
||
|
2D50000
|
direct allocation
|
page read and write
|
||
|
732C000
|
direct allocation
|
page read and write
|
||
|
6348000
|
direct allocation
|
page read and write
|
||
|
1C6B000
|
unkown
|
page readonly
|
||
|
6D48000
|
direct allocation
|
page read and write
|
||
|
23110000
|
direct allocation
|
page read and write
|
||
|
2D1E000
|
direct allocation
|
page read and write
|
||
|
9E0000
|
direct allocation
|
page read and write
|
||
|
2CB0000
|
direct allocation
|
page read and write
|
||
|
62D0000
|
direct allocation
|
page read and write
|
||
|
BCE4000
|
direct allocation
|
page read and write
|
||
|
79AA000
|
heap
|
page read and write
|
||
|
41A3000
|
heap
|
page read and write
|
||
|
4EF0000
|
heap
|
page execute and read and write
|
||
|
BD6E000
|
direct allocation
|
page read and write
|
||
|
34F9000
|
direct allocation
|
page read and write
|
||
|
2C00000
|
direct allocation
|
page read and write
|
||
|
7D00000
|
trusted library allocation
|
page read and write
|
||
|
4EBE000
|
stack
|
page read and write
|
||
|
3510000
|
direct allocation
|
page read and write
|
||
|
3274000
|
remote allocation
|
page execute and read and write
|
||
|
7DB0000
|
trusted library allocation
|
page read and write
|
||
|
307E000
|
remote allocation
|
page readonly
|
||
|
79D2000
|
heap
|
page read and write
|
||
|
2C3F000
|
direct allocation
|
page read and write
|
||
|
E81000
|
unkown
|
page execute read
|
||
|
2BC3E000
|
stack
|
page read and write
|
||
|
4E3C000
|
stack
|
page read and write
|
||
|
2F1C000
|
stack
|
page read and write
|
||
|
5FF6000
|
direct allocation
|
page read and write
|
||
|
960000
|
direct allocation
|
page read and write
|
||
|
2C30000
|
direct allocation
|
page read and write
|
||
|
BCC6000
|
direct allocation
|
page read and write
|
||
|
BD66000
|
direct allocation
|
page read and write
|
||
|
3543000
|
trusted library allocation
|
page execute and read and write
|
||
|
33ED000
|
stack
|
page read and write
|
||
|
3559000
|
trusted library allocation
|
page read and write
|
||
|
BC80000
|
direct allocation
|
page read and write
|
||
|
64BF000
|
trusted library allocation
|
page read and write
|
||
|
BD60000
|
direct allocation
|
page read and write
|
||
|
52AE000
|
stack
|
page read and write
|
||
|
BD8A000
|
direct allocation
|
page read and write
|
||
|
2C86000
|
direct allocation
|
page read and write
|
||
|
2CA0000
|
direct allocation
|
page read and write
|
||
|
7989000
|
heap
|
page read and write
|
||
|
3483000
|
heap
|
page read and write
|
||
|
BC50000
|
direct allocation
|
page read and write
|
||
|
324B000
|
remote allocation
|
page execute and read and write
|
||
|
7840000
|
heap
|
page read and write
|
||
|
5451000
|
trusted library allocation
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
BC08000
|
direct allocation
|
page read and write
|
||
|
3D74000
|
direct allocation
|
page read and write
|
||
|
63F000
|
heap
|
page read and write
|
||
|
79EA000
|
heap
|
page read and write
|
||
|
BC28000
|
direct allocation
|
page read and write
|
||
|
7DD0000
|
trusted library allocation
|
page read and write
|
||
|
2A81000
|
remote allocation
|
page execute read
|
||
|
35F7000
|
heap
|
page read and write
|
||
|
BC0A000
|
direct allocation
|
page read and write
|
||
|
2C90000
|
direct allocation
|
page read and write
|
||
|
750E000
|
stack
|
page read and write
|
||
|
1E1B000
|
unkown
|
page write copy
|
||
|
2D72000
|
direct allocation
|
page read and write
|
||
|
2C5C000
|
direct allocation
|
page read and write
|
||
|
27CE000
|
stack
|
page read and write
|
||
|
647000
|
heap
|
page read and write
|
||
|
BC4A000
|
direct allocation
|
page read and write
|
||
|
2D2A000
|
direct allocation
|
page read and write
|
||
|
1EAB000
|
unkown
|
page readonly
|
||
|
22DFF000
|
stack
|
page read and write
|
||
|
2CB2000
|
direct allocation
|
page read and write
|
||
|
BD3C000
|
direct allocation
|
page read and write
|
||
|
760D000
|
stack
|
page read and write
|
||
|
2C34000
|
direct allocation
|
page read and write
|
||
|
E80000
|
unkown
|
page readonly
|
||
|
65C000
|
heap
|
page read and write
|
||
|
BD50000
|
direct allocation
|
page read and write
|
||
|
BCBE000
|
direct allocation
|
page read and write
|
||
|
2C3C000
|
direct allocation
|
page read and write
|
||
|
2D4A000
|
direct allocation
|
page read and write
|
||
|
23D8000
|
direct allocation
|
page read and write
|
||
|
2D32000
|
direct allocation
|
page read and write
|
||
|
885E000
|
stack
|
page read and write
|
||
|
22F82000
|
direct allocation
|
page read and write
|
||
|
1E51000
|
unkown
|
page read and write
|
||
|
7960000
|
heap
|
page execute and read and write
|
||
|
52EE000
|
stack
|
page read and write
|
||
|
BD34000
|
direct allocation
|
page read and write
|
||
|
34F1000
|
direct allocation
|
page read and write
|
||
|
33F0000
|
heap
|
page read and write
|
||
|
22F04000
|
direct allocation
|
page read and write
|
||
|
2C06000
|
direct allocation
|
page read and write
|
||
|
1EAA000
|
unkown
|
page write copy
|
||
|
6479000
|
trusted library allocation
|
page read and write
|
||
|
3572000
|
trusted library allocation
|
page read and write
|
||
|
BD94000
|
direct allocation
|
page read and write
|
||
|
2CA6000
|
direct allocation
|
page read and write
|
||
|
33E8000
|
heap
|
page read and write
|
||
|
2CAA000
|
direct allocation
|
page read and write
|
||
|
2D44000
|
direct allocation
|
page read and write
|
||
|
E6C000
|
stack
|
page read and write
|
||
|
BD38000
|
direct allocation
|
page read and write
|
||
|
889E000
|
stack
|
page read and write
|
||
|
22EFF000
|
stack
|
page read and write
|
||
|
7D10000
|
trusted library allocation
|
page execute and read and write
|
||
|
3217000
|
remote allocation
|
page execute and read and write
|
||
|
2D34000
|
direct allocation
|
page read and write
|
||
|
87F0000
|
trusted library allocation
|
page read and write
|
||
|
2C04000
|
direct allocation
|
page read and write
|
||
|
2D68000
|
direct allocation
|
page read and write
|
||
|
BCA2000
|
direct allocation
|
page read and write
|
||
|
2D02000
|
direct allocation
|
page read and write
|
||
|
BD96000
|
direct allocation
|
page read and write
|
||
|
4160000
|
heap
|
page read and write
|
||
|
278F000
|
stack
|
page read and write
|
||
|
2C22000
|
direct allocation
|
page read and write
|
||
|
BD6A000
|
direct allocation
|
page read and write
|
||
|
1EAB000
|
unkown
|
page readonly
|
||
|
7D30000
|
trusted library allocation
|
page read and write
|
||
|
126B000
|
unkown
|
page readonly
|
||
|
783F000
|
stack
|
page read and write
|
||
|
2CAE000
|
direct allocation
|
page read and write
|
||
|
2F6B000
|
remote allocation
|
page readonly
|
||
|
BB6F000
|
stack
|
page read and write
|
||
|
4165000
|
heap
|
page read and write
|
||
|
617000
|
heap
|
page read and write
|
||
|
BCFA000
|
direct allocation
|
page read and write
|
||
|
BCD4000
|
direct allocation
|
page read and write
|
||
|
BCB4000
|
direct allocation
|
page read and write
|
||
|
35E0000
|
heap
|
page readonly
|
||
|
BCC2000
|
direct allocation
|
page read and write
|
||
|
7DE0000
|
trusted library allocation
|
page read and write
|
||
|
79D5000
|
heap
|
page read and write
|
||
|
2C1A000
|
direct allocation
|
page read and write
|
||
|
1F70000
|
heap
|
page read and write
|
||
|
BC82000
|
direct allocation
|
page read and write
|
||
|
27E0000
|
direct allocation
|
page read and write
|
||
|
BD3E000
|
direct allocation
|
page read and write
|
||
|
55A6000
|
trusted library allocation
|
page read and write
|
||
|
63C000
|
heap
|
page read and write
|
||
|
BC32000
|
direct allocation
|
page read and write
|
||
|
BCF6000
|
direct allocation
|
page read and write
|
||
|
4108000
|
stack
|
page read and write
|
||
|
646000
|
heap
|
page read and write
|
||
|
2C64000
|
direct allocation
|
page read and write
|
||
|
88E0000
|
trusted library allocation
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
54B4000
|
trusted library allocation
|
page read and write
|
||
|
2C0C000
|
direct allocation
|
page read and write
|
||
|
5F5F000
|
direct allocation
|
page read and write
|
||
|
40BE000
|
stack
|
page read and write
|
||
|
BC84000
|
direct allocation
|
page read and write
|
||
|
BD40000
|
direct allocation
|
page read and write
|
||
|
3530000
|
trusted library allocation
|
page read and write
|
||
|
2C08000
|
direct allocation
|
page read and write
|
||
|
1EA5000
|
unkown
|
page read and write
|
||
|
3250000
|
remote allocation
|
page execute and read and write
|
||
|
BD2C000
|
direct allocation
|
page read and write
|
||
|
2D0E000
|
direct allocation
|
page read and write
|
||
|
35F0000
|
heap
|
page read and write
|
||
|
2CA2000
|
direct allocation
|
page read and write
|
||
|
E81000
|
unkown
|
page execute read
|
||
|
4410000
|
heap
|
page read and write
|
||
|
2D06000
|
direct allocation
|
page read and write
|
||
|
BD44000
|
direct allocation
|
page read and write
|
||
|
BD92000
|
direct allocation
|
page read and write
|
||
|
BD4A000
|
direct allocation
|
page read and write
|
||
|
BD24000
|
direct allocation
|
page read and write
|
||
|
4F20000
|
heap
|
page read and write
|
||
|
79F1000
|
heap
|
page read and write
|
||
|
33F7000
|
heap
|
page read and write
|
||
|
2D14000
|
direct allocation
|
page read and write
|
||
|
22F80000
|
direct allocation
|
page read and write
|
||
|
1E5C000
|
unkown
|
page write copy
|
||
|
758E000
|
stack
|
page read and write
|
||
|
5364000
|
direct allocation
|
page read and write
|
||
|
2410000
|
direct allocation
|
page read and write
|
||
|
2D46000
|
direct allocation
|
page read and write
|
||
|
53EE000
|
stack
|
page read and write
|
||
|
2D0A000
|
direct allocation
|
page read and write
|
||
|
2D04000
|
direct allocation
|
page read and write
|
||
|
754E000
|
stack
|
page read and write
|
||
|
2C18000
|
direct allocation
|
page read and write
|
||
|
334F000
|
stack
|
page read and write
|
||
|
7D20000
|
trusted library allocation
|
page read and write
|
||
|
BC18000
|
direct allocation
|
page read and write
|
||
|
41A0000
|
heap
|
page read and write
|
||
|
BD48000
|
direct allocation
|
page read and write
|
||
|
242C000
|
heap
|
page read and write
|
||
|
BC1A000
|
direct allocation
|
page read and write
|
||
|
BCBC000
|
direct allocation
|
page read and write
|
||
|
BCD6000
|
direct allocation
|
page read and write
|
||
|
3E7D000
|
direct allocation
|
page read and write
|
||
|
BC86000
|
direct allocation
|
page read and write
|
||
|
2B9D000
|
stack
|
page read and write
|
||
|
BC58000
|
direct allocation
|
page read and write
|
||
|
BC3B000
|
direct allocation
|
page read and write
|
||
|
2C60000
|
direct allocation
|
page read and write
|
||
|
BBAD000
|
stack
|
page read and write
|
||
|
2C9C000
|
direct allocation
|
page read and write
|
||
|
7A24000
|
heap
|
page read and write
|
||
|
7970000
|
heap
|
page read and write
|
||
|
1EAA000
|
unkown
|
page write copy
|
||
|
BCC4000
|
direct allocation
|
page read and write
|
||
|
7C7F000
|
stack
|
page read and write
|
||
|
414D000
|
stack
|
page read and write
|
||
|
BCB8000
|
direct allocation
|
page read and write
|
||
|
1F01000
|
unkown
|
page readonly
|
||
|
88D0000
|
trusted library allocation
|
page read and write
|
||
|
7D50000
|
trusted library allocation
|
page read and write
|
||
|
1E5D000
|
unkown
|
page read and write
|
||
|
2C98000
|
direct allocation
|
page read and write
|
||
|
59E000
|
stack
|
page read and write
|
||
|
46F0000
|
direct allocation
|
page read and write
|
||
|
22F00000
|
direct allocation
|
page read and write
|
||
|
63F000
|
heap
|
page read and write
|
||
|
79CA000
|
heap
|
page read and write
|
||
|
3550000
|
trusted library allocation
|
page read and write
|
||
|
2BE7D000
|
stack
|
page read and write
|
||
|
5EDC000
|
trusted library allocation
|
page read and write
|
||
|
BC14000
|
direct allocation
|
page read and write
|
||
|
2D00000
|
direct allocation
|
page read and write
|
||
|
337D000
|
direct allocation
|
page read and write
|
||
|
2D24000
|
direct allocation
|
page read and write
|
||
|
2CB8000
|
direct allocation
|
page read and write
|
||
|
4170000
|
heap
|
page read and write
|
||
|
27D0000
|
heap
|
page read and write
|
||
|
BC2E000
|
direct allocation
|
page read and write
|
||
|
2C66000
|
direct allocation
|
page read and write
|
||
|
88A0000
|
heap
|
page read and write
|
||
|
4421000
|
heap
|
page read and write
|
||
|
3570000
|
trusted library allocation
|
page read and write
|
||
|
6FDA000
|
direct allocation
|
page read and write
|
There are 457 hidden memdumps, click here to show them.