Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Sy3CL61n0uDC55M.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\tmp987A.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\dJlGycWPOpq.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Sy3CL61n0uDC55M.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\dJlGycWPOpq.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d5stq10v.fo4.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dhu2s35r.250.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dmffktij.i1y.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eodrkcbo.30h.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_j352prxp.l4l.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mbq2xsjz.hfx.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nx3cd1mw.j5a.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o2q5wflq.dhe.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpA9CF.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\dJlGycWPOpq.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Sy3CL61n0uDC55M.exe
|
"C:\Users\user\Desktop\Sy3CL61n0uDC55M.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Sy3CL61n0uDC55M.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\dJlGycWPOpq.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dJlGycWPOpq" /XML "C:\Users\user\AppData\Local\Temp\tmp987A.tmp"
|
|
|
|
C:\Users\user\Desktop\Sy3CL61n0uDC55M.exe
|
"C:\Users\user\Desktop\Sy3CL61n0uDC55M.exe"
|
|
|
|
C:\Users\user\Desktop\Sy3CL61n0uDC55M.exe
|
"C:\Users\user\Desktop\Sy3CL61n0uDC55M.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\dJlGycWPOpq.exe
|
C:\Users\user\AppData\Roaming\dJlGycWPOpq.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dJlGycWPOpq" /XML "C:\Users\user\AppData\Local\Temp\tmpA9CF.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\dJlGycWPOpq.exe
|
"C:\Users\user\AppData\Roaming\dJlGycWPOpq.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\dJlGycWPOpq.exe
|
"C:\Users\user\AppData\Roaming\dJlGycWPOpq.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 5 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
https://www.chiark.greenend.org.uk/~sgtatham/putty/0
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://www.typography.netD
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
http://x1.c.lencr.org/0
|
unknown
|
||
|
http://x1.i.lencr.org/0
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
http://r3.o.lencr.org0
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://zqamcx.com
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
||
|
http://r3.i.lencr.org/0#
|
unknown
|
There are 23 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
zqamcx.com
|
78.110.166.82
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
78.110.166.82
|
zqamcx.com
|
United Kingdom
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3D3E000
|
trusted library allocation
|
page read and write
|
|
|
|
2CB1000
|
trusted library allocation
|
page read and write
|
|
|
|
30D8000
|
trusted library allocation
|
page read and write
|
|
|
|
2D28000
|
trusted library allocation
|
page read and write
|
|
|
|
44BD000
|
trusted library allocation
|
page read and write
|
|
|
|
2CFE000
|
trusted library allocation
|
page read and write
|
|
|
|
30AE000
|
trusted library allocation
|
page read and write
|
|
|
|
3061000
|
trusted library allocation
|
page read and write
|
|
|
|
55D6000
|
trusted library allocation
|
page read and write
|
||
|
2D20000
|
trusted library allocation
|
page read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
2FE2000
|
trusted library allocation
|
page read and write
|
||
|
5300000
|
heap
|
page read and write
|
||
|
9B8D000
|
stack
|
page read and write
|
||
|
439000
|
remote allocation
|
page execute and read and write
|
||
|
A93D000
|
stack
|
page read and write
|
||
|
183B000
|
trusted library allocation
|
page execute and read and write
|
||
|
59CF000
|
stack
|
page read and write
|
||
|
51D0000
|
trusted library allocation
|
page read and write
|
||
|
A3A000
|
stack
|
page read and write
|
||
|
10D0000
|
trusted library allocation
|
page read and write
|
||
|
1830000
|
trusted library allocation
|
page read and write
|
||
|
434000
|
remote allocation
|
page execute and read and write
|
||
|
3BF3000
|
trusted library allocation
|
page read and write
|
||
|
66EF000
|
stack
|
page read and write
|
||
|
43B000
|
remote allocation
|
page execute and read and write
|
||
|
5EA000
|
stack
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
121E000
|
stack
|
page read and write
|
||
|
2DBA000
|
trusted library allocation
|
page execute and read and write
|
||
|
10BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
E2E000
|
stack
|
page read and write
|
||
|
1350000
|
heap
|
page read and write
|
||
|
6670000
|
trusted library allocation
|
page read and write
|
||
|
1910000
|
trusted library allocation
|
page read and write
|
||
|
16F0000
|
trusted library allocation
|
page read and write
|
||
|
1700000
|
trusted library allocation
|
page read and write
|
||
|
3138000
|
trusted library allocation
|
page read and write
|
||
|
11D8000
|
heap
|
page read and write
|
||
|
53DE000
|
stack
|
page read and write
|
||
|
2D94000
|
trusted library allocation
|
page read and write
|
||
|
4F5E000
|
trusted library allocation
|
page read and write
|
||
|
5202000
|
trusted library allocation
|
page read and write
|
||
|
407000
|
remote allocation
|
page execute and read and write
|
||
|
31F9000
|
trusted library allocation
|
page read and write
|
||
|
10D6000
|
trusted library allocation
|
page execute and read and write
|
||
|
55D0000
|
trusted library allocation
|
page read and write
|
||
|
3568000
|
trusted library allocation
|
page read and write
|
||
|
10A0000
|
trusted library allocation
|
page read and write
|
||
|
29D4000
|
trusted library allocation
|
page read and write
|
||
|
52D0000
|
heap
|
page execute and read and write
|
||
|
57D0000
|
trusted library allocation
|
page read and write
|
||
|
2EA4000
|
trusted library allocation
|
page read and write
|
||
|
6D60000
|
trusted library allocation
|
page read and write
|
||
|
16EE000
|
stack
|
page read and write
|
||
|
51E2000
|
trusted library allocation
|
page read and write
|
||
|
31DB000
|
trusted library allocation
|
page read and write
|
||
|
2A90000
|
trusted library allocation
|
page read and write
|
||
|
1220000
|
heap
|
page read and write
|
||
|
9FD0000
|
trusted library allocation
|
page read and write
|
||
|
72F8000
|
heap
|
page read and write
|
||
|
2AFF000
|
stack
|
page read and write
|
||
|
714E000
|
stack
|
page read and write
|
||
|
5428000
|
trusted library allocation
|
page read and write
|
||
|
97F000
|
stack
|
page read and write
|
||
|
2D93000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F72000
|
trusted library allocation
|
page read and write
|
||
|
E6D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DC5000
|
trusted library allocation
|
page execute and read and write
|
||
|
55DC000
|
trusted library allocation
|
page read and write
|
||
|
CDE000
|
stack
|
page read and write
|
||
|
632E000
|
stack
|
page read and write
|
||
|
9BA0000
|
heap
|
page read and write
|
||
|
51D6000
|
trusted library allocation
|
page read and write
|
||
|
1164000
|
heap
|
page read and write
|
||
|
3E6D000
|
trusted library allocation
|
page read and write
|
||
|
2D80000
|
trusted library allocation
|
page read and write
|
||
|
55C8000
|
trusted library allocation
|
page read and write
|
||
|
435000
|
remote allocation
|
page execute and read and write
|
||
|
5250000
|
heap
|
page read and write
|
||
|
409000
|
remote allocation
|
page execute and read and write
|
||
|
72F5000
|
heap
|
page read and write
|
||
|
9B90000
|
heap
|
page read and write
|
||
|
4089000
|
trusted library allocation
|
page read and write
|
||
|
14D6000
|
heap
|
page read and write
|
||
|
51EA000
|
trusted library allocation
|
page read and write
|
||
|
4F80000
|
trusted library allocation
|
page read and write
|
||
|
4F4B000
|
trusted library allocation
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
E7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
138E000
|
stack
|
page read and write
|
||
|
3211000
|
trusted library allocation
|
page read and write
|
||
|
5460000
|
heap
|
page read and write
|
||
|
1096000
|
trusted library allocation
|
page execute and read and write
|
||
|
5123000
|
heap
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
5C5E000
|
stack
|
page read and write
|
||
|
10E5000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D24000
|
trusted library allocation
|
page read and write
|
||
|
3B01000
|
trusted library allocation
|
page read and write
|
||
|
7A97000
|
trusted library allocation
|
page read and write
|
||
|
6778000
|
heap
|
page read and write
|
||
|
40C9000
|
trusted library allocation
|
page read and write
|
||
|
2DCB000
|
trusted library allocation
|
page execute and read and write
|
||
|
57C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
32CB000
|
trusted library allocation
|
page read and write
|
||
|
ACBE000
|
stack
|
page read and write
|
||
|
30AC000
|
trusted library allocation
|
page read and write
|
||
|
4FB0000
|
trusted library allocation
|
page read and write
|
||
|
2BF3000
|
trusted library allocation
|
page read and write
|
||
|
13D0000
|
trusted library allocation
|
page read and write
|
||
|
51F6000
|
trusted library allocation
|
page read and write
|
||
|
13EE000
|
heap
|
page read and write
|
||
|
2B4B000
|
trusted library allocation
|
page read and write
|
||
|
E72000
|
unkown
|
page readonly
|
||
|
182A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1150000
|
heap
|
page read and write
|
||
|
5A9E000
|
stack
|
page read and write
|
||
|
7050000
|
heap
|
page read and write
|
||
|
674D000
|
heap
|
page read and write
|
||
|
2D15000
|
trusted library allocation
|
page read and write
|
||
|
6D5D000
|
stack
|
page read and write
|
||
|
5BDE000
|
stack
|
page read and write
|
||
|
682E000
|
stack
|
page read and write
|
||
|
66F0000
|
heap
|
page read and write
|
||
|
2DE0000
|
trusted library allocation
|
page read and write
|
||
|
E64000
|
trusted library allocation
|
page read and write
|
||
|
692F000
|
stack
|
page read and write
|
||
|
10B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
6A79000
|
trusted library allocation
|
page read and write
|
||
|
57B0000
|
trusted library allocation
|
page read and write
|
||
|
5910000
|
trusted library section
|
page readonly
|
||
|
30E9000
|
trusted library allocation
|
page read and write
|
||
|
30D4000
|
trusted library allocation
|
page read and write
|
||
|
7FDE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
40C000
|
remote allocation
|
page execute and read and write
|
||
|
3181000
|
trusted library allocation
|
page read and write
|
||
|
5B3E000
|
stack
|
page read and write
|
||
|
D93000
|
heap
|
page read and write
|
||
|
11A8000
|
heap
|
page read and write
|
||
|
6C5E000
|
stack
|
page read and write
|
||
|
1900000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A00000
|
heap
|
page execute and read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
115A000
|
heap
|
page read and write
|
||
|
59C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
110E000
|
stack
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
2950000
|
trusted library allocation
|
page read and write
|
||
|
9E90000
|
heap
|
page read and write
|
||
|
2DB6000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FF0000
|
heap
|
page read and write
|
||
|
A4BE000
|
stack
|
page read and write
|
||
|
2BFF000
|
trusted library allocation
|
page read and write
|
||
|
2BFD000
|
trusted library allocation
|
page read and write
|
||
|
2EA6000
|
trusted library allocation
|
page read and write
|
||
|
4CB8000
|
trusted library allocation
|
page read and write
|
||
|
9BA000
|
heap
|
page read and write
|
||
|
2DC0000
|
trusted library allocation
|
page read and write
|
||
|
79D0000
|
trusted library allocation
|
page read and write
|
||
|
5CB0000
|
heap
|
page read and write
|
||
|
52E0000
|
trusted library section
|
page readonly
|
||
|
2BF5000
|
trusted library allocation
|
page read and write
|
||
|
B8E000
|
unkown
|
page read and write
|
||
|
4061000
|
trusted library allocation
|
page read and write
|
||
|
31F4000
|
trusted library allocation
|
page read and write
|
||
|
C2E000
|
stack
|
page read and write
|
||
|
29D6000
|
trusted library allocation
|
page read and write
|
||
|
666E000
|
stack
|
page read and write
|
||
|
10DA000
|
trusted library allocation
|
page execute and read and write
|
||
|
6DA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
16AE000
|
stack
|
page read and write
|
||
|
AA7D000
|
stack
|
page read and write
|
||
|
1100000
|
heap
|
page read and write
|
||
|
2E58000
|
trusted library allocation
|
page read and write
|
||
|
ABBE000
|
stack
|
page read and write
|
||
|
2E90000
|
trusted library allocation
|
page read and write
|
||
|
1832000
|
trusted library allocation
|
page read and write
|
||
|
1167000
|
heap
|
page read and write
|
||
|
437000
|
remote allocation
|
page execute and read and write
|
||
|
5990000
|
heap
|
page read and write
|
||
|
5C70000
|
heap
|
page read and write
|
||
|
30E0000
|
trusted library allocation
|
page read and write
|
||
|
5340000
|
trusted library allocation
|
page read and write
|
||
|
6732000
|
heap
|
page read and write
|
||
|
181F000
|
stack
|
page read and write
|
||
|
52C6000
|
trusted library allocation
|
page read and write
|
||
|
4BFC000
|
stack
|
page read and write
|
||
|
4373000
|
trusted library allocation
|
page read and write
|
||
|
1850000
|
trusted library allocation
|
page read and write
|
||
|
572E000
|
stack
|
page read and write
|
||
|
578E000
|
stack
|
page read and write
|
||
|
5120000
|
heap
|
page read and write
|
||
|
50C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DD1000
|
trusted library allocation
|
page read and write
|
||
|
AF4C000
|
stack
|
page read and write
|
||
|
681D000
|
stack
|
page read and write
|
||
|
6236000
|
trusted library allocation
|
page read and write
|
||
|
A7FD000
|
stack
|
page read and write
|
||
|
52E4000
|
trusted library section
|
page readonly
|
||
|
1370000
|
heap
|
page read and write
|
||
|
3240000
|
trusted library allocation
|
page read and write
|
||
|
5012000
|
trusted library allocation
|
page read and write
|
||
|
5CE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
A2CE000
|
stack
|
page read and write
|
||
|
2DA0000
|
trusted library allocation
|
page read and write
|
||
|
5430000
|
trusted library allocation
|
page read and write
|
||
|
1820000
|
trusted library allocation
|
page read and write
|
||
|
A800000
|
heap
|
page read and write
|
||
|
10E2000
|
trusted library allocation
|
page read and write
|
||
|
402000
|
remote allocation
|
page execute and read and write
|
||
|
108E000
|
stack
|
page read and write
|
||
|
320E000
|
trusted library allocation
|
page read and write
|
||
|
B08E000
|
stack
|
page read and write
|
||
|
2DB0000
|
trusted library allocation
|
page read and write
|
||
|
7C6E000
|
stack
|
page read and write
|
||
|
51DE000
|
trusted library allocation
|
page read and write
|
||
|
2E80000
|
trusted library allocation
|
page read and write
|
||
|
51EE000
|
trusted library allocation
|
page read and write
|
||
|
109E000
|
stack
|
page read and write
|
||
|
530E000
|
stack
|
page read and write
|
||
|
408000
|
remote allocation
|
page execute and read and write
|
||
|
2E6C000
|
stack
|
page read and write
|
||
|
E60000
|
trusted library allocation
|
page read and write
|
||
|
2DC2000
|
trusted library allocation
|
page read and write
|
||
|
4F85000
|
trusted library allocation
|
page read and write
|
||
|
1822000
|
trusted library allocation
|
page read and write
|
||
|
3204000
|
trusted library allocation
|
page read and write
|
||
|
419000
|
remote allocation
|
page execute and read and write
|
||
|
55E3000
|
heap
|
page read and write
|
||
|
BEF000
|
unkown
|
page read and write
|
||
|
D2B000
|
heap
|
page read and write
|
||
|
4F90000
|
trusted library allocation
|
page read and write
|
||
|
1920000
|
heap
|
page read and write
|
||
|
5350000
|
heap
|
page read and write
|
||
|
7CAE000
|
stack
|
page read and write
|
||
|
31EC000
|
trusted library allocation
|
page read and write
|
||
|
5420000
|
trusted library allocation
|
page read and write
|
||
|
3230000
|
trusted library allocation
|
page read and write
|
||
|
6704000
|
heap
|
page read and write
|
||
|
7EEA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
59B0000
|
heap
|
page read and write
|
||
|
31FC000
|
trusted library allocation
|
page read and write
|
||
|
7FB90000
|
trusted library allocation
|
page execute and read and write
|
||
|
5010000
|
trusted library allocation
|
page read and write
|
||
|
3F6A000
|
trusted library allocation
|
page read and write
|
||
|
652E000
|
stack
|
page read and write
|
||
|
31F0000
|
trusted library allocation
|
page read and write
|
||
|
109A000
|
trusted library allocation
|
page execute and read and write
|
||
|
F60000
|
heap
|
page read and write
|
||
|
2CFC000
|
trusted library allocation
|
page read and write
|
||
|
A3CF000
|
stack
|
page read and write
|
||
|
5440000
|
heap
|
page execute and read and write
|
||
|
2DED000
|
trusted library allocation
|
page read and write
|
||
|
5B9E000
|
stack
|
page read and write
|
||
|
6FFD000
|
stack
|
page read and write
|
||
|
695E000
|
stack
|
page read and write
|
||
|
436000
|
remote allocation
|
page execute and read and write
|
||
|
50D0000
|
trusted library allocation
|
page read and write
|
||
|
5DE0000
|
heap
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
599B000
|
stack
|
page read and write
|
||
|
5253000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
6D80000
|
trusted library allocation
|
page read and write
|
||
|
18DC000
|
stack
|
page read and write
|
||
|
628D000
|
stack
|
page read and write
|
||
|
51DB000
|
trusted library allocation
|
page read and write
|
||
|
5310000
|
trusted library allocation
|
page execute and read and write
|
||
|
31E7000
|
trusted library allocation
|
page read and write
|
||
|
539C000
|
stack
|
page read and write
|
||
|
1090000
|
trusted library allocation
|
page read and write
|
||
|
31FB000
|
trusted library allocation
|
page read and write
|
||
|
A99000
|
stack
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
57B2000
|
trusted library allocation
|
page read and write
|
||
|
B090000
|
trusted library allocation
|
page read and write
|
||
|
661F000
|
stack
|
page read and write
|
||
|
2D30000
|
trusted library allocation
|
page read and write
|
||
|
AB7E000
|
stack
|
page read and write
|
||
|
10AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1240000
|
heap
|
page read and write
|
||
|
A5BF000
|
stack
|
page read and write
|
||
|
2E2E000
|
stack
|
page read and write
|
||
|
D8A000
|
stack
|
page read and write
|
||
|
1947000
|
heap
|
page read and write
|
||
|
3CC1000
|
trusted library allocation
|
page read and write
|
||
|
10F9000
|
stack
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
3EEC000
|
trusted library allocation
|
page read and write
|
||
|
2FF1000
|
trusted library allocation
|
page read and write
|
||
|
3CFE000
|
trusted library allocation
|
page read and write
|
||
|
2C01000
|
trusted library allocation
|
page read and write
|
||
|
10A0000
|
trusted library allocation
|
page read and write
|
||
|
30B6000
|
trusted library allocation
|
page read and write
|
||
|
10E0000
|
trusted library allocation
|
page read and write
|
||
|
447E000
|
trusted library allocation
|
page read and write
|
||
|
5260000
|
heap
|
page read and write
|
||
|
4D8C000
|
stack
|
page read and write
|
||
|
72CE000
|
stack
|
page read and write
|
||
|
418000
|
remote allocation
|
page execute and read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
A810000
|
heap
|
page read and write
|
||
|
F2E000
|
unkown
|
page readonly
|
||
|
7DCF000
|
stack
|
page read and write
|
||
|
5B50000
|
heap
|
page read and write
|
||
|
4289000
|
trusted library allocation
|
page read and write
|
||
|
6D9A000
|
trusted library allocation
|
page read and write
|
||
|
71CE000
|
stack
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
2E2F000
|
trusted library allocation
|
page read and write
|
||
|
4E8D000
|
stack
|
page read and write
|
||
|
DF5000
|
heap
|
page read and write
|
||
|
6895000
|
heap
|
page read and write
|
||
|
A6BF000
|
stack
|
page read and write
|
||
|
3185000
|
trusted library allocation
|
page read and write
|
||
|
7490000
|
trusted library allocation
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
1340000
|
heap
|
page read and write
|
||
|
1130000
|
heap
|
page read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
29D0000
|
trusted library allocation
|
page read and write
|
||
|
51FD000
|
stack
|
page read and write
|
||
|
2DB2000
|
trusted library allocation
|
page read and write
|
||
|
10B4000
|
trusted library allocation
|
page read and write
|
||
|
72FF000
|
heap
|
page read and write
|
||
|
2E49000
|
trusted library allocation
|
page read and write
|
||
|
B99000
|
stack
|
page read and write
|
||
|
1138000
|
heap
|
page read and write
|
||
|
1837000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D7B000
|
trusted library allocation
|
page read and write
|
||
|
541C000
|
stack
|
page read and write
|
||
|
5920000
|
heap
|
page read and write
|
||
|
10C0000
|
trusted library allocation
|
page read and write
|
||
|
10B0000
|
trusted library allocation
|
page read and write
|
||
|
1276000
|
heap
|
page read and write
|
||
|
1166000
|
heap
|
page read and write
|
||
|
6D95000
|
trusted library allocation
|
page read and write
|
||
|
DB7000
|
heap
|
page read and write
|
||
|
9A8E000
|
stack
|
page read and write
|
||
|
68A4000
|
heap
|
page read and write
|
||
|
2FEA000
|
trusted library allocation
|
page read and write
|
||
|
1273000
|
heap
|
page read and write
|
||
|
A3A000
|
stack
|
page read and write
|
||
|
59E0000
|
trusted library section
|
page read and write
|
||
|
E70000
|
trusted library allocation
|
page read and write
|
||
|
438000
|
remote allocation
|
page execute and read and write
|
||
|
55BE000
|
stack
|
page read and write
|
||
|
2DE8000
|
trusted library allocation
|
page read and write
|
||
|
3281000
|
trusted library allocation
|
page read and write
|
||
|
13A0000
|
heap
|
page read and write
|
||
|
40A000
|
remote allocation
|
page execute and read and write
|
||
|
55EE000
|
heap
|
page read and write
|
||
|
7980000
|
trusted library section
|
page read and write
|
||
|
3CD9000
|
trusted library allocation
|
page read and write
|
||
|
4F66000
|
trusted library allocation
|
page read and write
|
||
|
1703000
|
trusted library allocation
|
page read and write
|
||
|
7F6E000
|
stack
|
page read and write
|
||
|
41D000
|
remote allocation
|
page execute and read and write
|
||
|
F1E000
|
stack
|
page read and write
|
||
|
1426000
|
heap
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
59F0000
|
trusted library allocation
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
52CB000
|
stack
|
page read and write
|
||
|
2EC0000
|
heap
|
page read and write
|
||
|
2FEE000
|
trusted library allocation
|
page read and write
|
||
|
13A5000
|
heap
|
page read and write
|
||
|
3CB1000
|
trusted library allocation
|
page read and write
|
||
|
4F61000
|
trusted library allocation
|
page read and write
|
||
|
10A7000
|
trusted library allocation
|
page execute and read and write
|
||
|
5CDF000
|
stack
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
2BFB000
|
trusted library allocation
|
page read and write
|
||
|
4325000
|
trusted library allocation
|
page read and write
|
||
|
321D000
|
trusted library allocation
|
page read and write
|
||
|
7F80000
|
heap
|
page read and write
|
||
|
2D9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1120000
|
trusted library allocation
|
page execute and read and write
|
||
|
34FB000
|
trusted library allocation
|
page read and write
|
||
|
D32000
|
heap
|
page read and write
|
||
|
189E000
|
stack
|
page read and write
|
||
|
7CD000
|
stack
|
page read and write
|
||
|
89E000
|
unkown
|
page read and write
|
||
|
2DD5000
|
trusted library allocation
|
page read and write
|
||
|
30C5000
|
trusted library allocation
|
page read and write
|
||
|
1422000
|
heap
|
page read and write
|
||
|
557C000
|
stack
|
page read and write
|
||
|
16F4000
|
trusted library allocation
|
page read and write
|
||
|
4F44000
|
trusted library allocation
|
page read and write
|
||
|
59A0000
|
heap
|
page read and write
|
||
|
55E0000
|
heap
|
page read and write
|
||
|
10EB000
|
trusted library allocation
|
page execute and read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
2A6E000
|
stack
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
1826000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A70000
|
trusted library allocation
|
page read and write
|
||
|
6D69000
|
trusted library allocation
|
page read and write
|
||
|
2D88000
|
trusted library allocation
|
page read and write
|
||
|
51FD000
|
trusted library allocation
|
page read and write
|
||
|
294E000
|
stack
|
page read and write
|
||
|
2FD0000
|
trusted library allocation
|
page read and write
|
||
|
6D00000
|
trusted library allocation
|
page read and write
|
||
|
B37000
|
stack
|
page read and write
|
||
|
656E000
|
stack
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
7F9D000
|
heap
|
page read and write
|
||
|
6CC0000
|
trusted library allocation
|
page read and write
|
||
|
11B8000
|
heap
|
page read and write
|
||
|
988F000
|
stack
|
page read and write
|
||
|
6A70000
|
trusted library allocation
|
page read and write
|
||
|
16F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
29E0000
|
trusted library allocation
|
page read and write
|
||
|
6F7E000
|
stack
|
page read and write
|
||
|
29E0000
|
heap
|
page read and write
|
||
|
AA3E000
|
stack
|
page read and write
|
||
|
52C0000
|
trusted library allocation
|
page read and write
|
||
|
3D1A000
|
trusted library allocation
|
page read and write
|
||
|
55F0000
|
heap
|
page read and write
|
||
|
6230000
|
trusted library allocation
|
page read and write
|
||
|
114B000
|
stack
|
page read and write
|
||
|
2955000
|
trusted library allocation
|
page read and write
|
||
|
AE4B000
|
stack
|
page read and write
|
||
|
74B2000
|
trusted library allocation
|
page read and write
|
||
|
3050000
|
heap
|
page execute and read and write
|
||
|
6B1E000
|
stack
|
page read and write
|
||
|
41C000
|
remote allocation
|
page execute and read and write
|
||
|
10D2000
|
trusted library allocation
|
page read and write
|
||
|
7A60000
|
trusted library allocation
|
page read and write
|
||
|
5DEE000
|
heap
|
page read and write
|
||
|
2FDB000
|
trusted library allocation
|
page read and write
|
||
|
731A000
|
heap
|
page read and write
|
||
|
665E000
|
stack
|
page read and write
|
||
|
55E0000
|
heap
|
page read and write
|
||
|
52BE000
|
stack
|
page read and write
|
||
|
3250000
|
trusted library allocation
|
page read and write
|
||
|
9D8E000
|
stack
|
page read and write
|
||
|
E70000
|
unkown
|
page readonly
|
||
|
59F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FCE000
|
stack
|
page read and write
|
||
|
2D06000
|
trusted library allocation
|
page read and write
|
||
|
14A1000
|
heap
|
page read and write
|
||
|
170D000
|
trusted library allocation
|
page execute and read and write
|
||
|
40B000
|
remote allocation
|
page execute and read and write
|
||
|
29B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E3C000
|
trusted library allocation
|
page read and write
|
||
|
31DF000
|
trusted library allocation
|
page read and write
|
||
|
417000
|
remote allocation
|
page execute and read and write
|
||
|
79E0000
|
trusted library section
|
page read and write
|
||
|
1940000
|
heap
|
page read and write
|
||
|
2D39000
|
trusted library allocation
|
page read and write
|
||
|
72D0000
|
heap
|
page read and write
|
||
|
93E000
|
stack
|
page read and write
|
||
|
29D0000
|
trusted library allocation
|
page read and write
|
||
|
2FD6000
|
trusted library allocation
|
page read and write
|
||
|
42D000
|
remote allocation
|
page execute and read and write
|
||
|
51F1000
|
trusted library allocation
|
page read and write
|
||
|
31EE000
|
stack
|
page read and write
|
||
|
7970000
|
trusted library section
|
page read and write
|
||
|
A28E000
|
stack
|
page read and write
|
||
|
4F40000
|
trusted library allocation
|
page read and write
|
||
|
F8E000
|
stack
|
page read and write
|
||
|
6830000
|
heap
|
page read and write
|
||
|
16FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
5923000
|
heap
|
page read and write
|
||
|
6D90000
|
trusted library allocation
|
page read and write
|
||
|
3B09000
|
trusted library allocation
|
page read and write
|
||
|
57A0000
|
heap
|
page read and write
|
||
|
696E000
|
stack
|
page read and write
|
||
|
2E2B000
|
trusted library allocation
|
page read and write
|
||
|
2BAE000
|
stack
|
page read and write
|
||
|
1710000
|
heap
|
page read and write
|
||
|
8DF000
|
unkown
|
page read and write
|
||
|
A14C000
|
stack
|
page read and write
|
||
|
543C000
|
trusted library allocation
|
page read and write
|
||
|
4F6D000
|
trusted library allocation
|
page read and write
|
||
|
2A80000
|
trusted library allocation
|
page read and write
|
||
|
F95000
|
heap
|
page read and write
|
||
|
6FBE000
|
stack
|
page read and write
|
||
|
2BF7000
|
trusted library allocation
|
page read and write
|
||
|
A18D000
|
stack
|
page read and write
|
||
|
2EA0000
|
trusted library allocation
|
page read and write
|
||
|
10CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E37000
|
trusted library allocation
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
5CF6000
|
trusted library allocation
|
page read and write
|
||
|
636E000
|
stack
|
page read and write
|
||
|
545D000
|
stack
|
page read and write
|
||
|
2FDE000
|
trusted library allocation
|
page read and write
|
||
|
7A6A000
|
trusted library allocation
|
page read and write
|
||
|
3216000
|
trusted library allocation
|
page read and write
|
||
|
5D00000
|
trusted library allocation
|
page execute and read and write
|
||
|
10A2000
|
trusted library allocation
|
page read and write
|
||
|
6DD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7990000
|
trusted library allocation
|
page read and write
|
||
|
A04B000
|
stack
|
page read and write
|
||
|
2CAF000
|
stack
|
page read and write
|
||
|
2A2E000
|
stack
|
page read and write
|
||
|
5000000
|
heap
|
page read and write
|
||
|
E63000
|
trusted library allocation
|
page execute and read and write
|
||
|
10C0000
|
trusted library allocation
|
page read and write
|
||
|
6240000
|
trusted library allocation
|
page execute and read and write
|
||
|
6380000
|
trusted library allocation
|
page read and write
|
||
|
2B01000
|
trusted library allocation
|
page read and write
|
||
|
6C1F000
|
stack
|
page read and write
|
||
|
5355000
|
heap
|
page read and write
|
||
|
55C0000
|
trusted library allocation
|
page read and write
|
||
|
2EB0000
|
trusted library allocation
|
page read and write
|
||
|
6AE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
13BE000
|
stack
|
page read and write
|
||
|
66AE000
|
stack
|
page read and write
|
||
|
676C000
|
heap
|
page read and write
|
||
|
5760000
|
trusted library allocation
|
page read and write
|
||
|
2E70000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D90000
|
trusted library allocation
|
page read and write
|
||
|
403000
|
remote allocation
|
page execute and read and write
|
||
|
7FA20000
|
trusted library allocation
|
page execute and read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
2A84000
|
trusted library allocation
|
page read and write
|
||
|
541E000
|
stack
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
D8A000
|
heap
|
page read and write
|
||
|
5068000
|
trusted library allocation
|
page read and write
|
||
|
7FAE000
|
heap
|
page read and write
|
||
|
70FE000
|
stack
|
page read and write
|
||
|
6A80000
|
trusted library allocation
|
page read and write
|
||
|
7A70000
|
trusted library allocation
|
page execute and read and write
|
||
|
E73000
|
trusted library allocation
|
page read and write
|
||
|
6820000
|
heap
|
page read and write
|
||
|
2AA0000
|
heap
|
page execute and read and write
|
||
|
6660000
|
trusted library allocation
|
page execute and read and write
|
||
|
6A5F000
|
stack
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
3270000
|
heap
|
page execute and read and write
|
||
|
299E000
|
stack
|
page read and write
|
||
|
42D7000
|
trusted library allocation
|
page read and write
|
||
|
6862000
|
heap
|
page read and write
|
||
|
1269000
|
heap
|
page read and write
|
||
|
5C9E000
|
heap
|
page read and write
|
||
|
43A000
|
remote allocation
|
page execute and read and write
|
||
|
E50000
|
trusted library allocation
|
page read and write
|
||
|
568C000
|
stack
|
page read and write
|
||
|
AF8D000
|
stack
|
page read and write
|
||
|
C6F000
|
stack
|
page read and write
|
||
|
55D2000
|
trusted library allocation
|
page read and write
|
||
|
5CF0000
|
trusted library allocation
|
page read and write
|
||
|
58CE000
|
stack
|
page read and write
|
||
|
CFE000
|
heap
|
page read and write
|
||
|
A6FE000
|
stack
|
page read and write
|
||
|
2FF6000
|
trusted library allocation
|
page read and write
|
||
|
6370000
|
trusted library allocation
|
page execute and read and write
|
||
|
6D70000
|
trusted library allocation
|
page read and write
|
||
|
319D000
|
trusted library allocation
|
page read and write
|
||
|
6DC6000
|
trusted library allocation
|
page read and write
|
||
|
6884000
|
heap
|
page read and write
|
||
|
6A90000
|
trusted library allocation
|
page read and write
|
||
|
6CA0000
|
heap
|
page read and write
|
||
|
5470000
|
heap
|
page read and write
|
||
|
998E000
|
stack
|
page read and write
|
||
|
6AC0000
|
heap
|
page read and write
|
||
|
CFA000
|
heap
|
page read and write
|
||
|
2FFD000
|
trusted library allocation
|
page read and write
|
||
|
5C60000
|
heap
|
page read and write
|
||
|
FCA000
|
stack
|
page read and write
|
||
|
12DD000
|
heap
|
page read and write
|
||
|
29F0000
|
heap
|
page execute and read and write
|
||
|
D24000
|
heap
|
page read and write
|
||
|
433000
|
remote allocation
|
page execute and read and write
|
||
|
588E000
|
stack
|
page read and write
|
||
|
598B000
|
stack
|
page read and write
|
||
|
6A6D000
|
stack
|
page read and write
|
||
|
2DC7000
|
trusted library allocation
|
page execute and read and write
|
||
|
29C0000
|
trusted library allocation
|
page read and write
|
||
|
1110000
|
trusted library allocation
|
page read and write
|
||
|
1420000
|
heap
|
page read and write
|
||
|
406000
|
remote allocation
|
page execute and read and write
|
||
|
718E000
|
stack
|
page read and write
|
||
|
3245000
|
trusted library allocation
|
page read and write
|
||
|
10E7000
|
trusted library allocation
|
page execute and read and write
|
||
|
657E000
|
stack
|
page read and write
|
||
|
12F7000
|
stack
|
page read and write
|
||
|
5AD000
|
stack
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
2BF9000
|
trusted library allocation
|
page read and write
|
||
|
1930000
|
trusted library allocation
|
page read and write
|
||
|
2DAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
4281000
|
trusted library allocation
|
page read and write
|
||
|
7FA2000
|
heap
|
page read and write
|
||
|
9E8F000
|
stack
|
page read and write
|
||
|
18E0000
|
heap
|
page read and write
|
||
|
52F0000
|
heap
|
page read and write
|
||
|
59B5000
|
heap
|
page read and write
|
||
|
6DB0000
|
heap
|
page read and write
|
||
|
5750000
|
heap
|
page execute and read and write
|
||
|
30D0000
|
trusted library allocation
|
page read and write
|
There are 588 hidden memdumps, click here to show them.