Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
LisectAVT_2403002A_2.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\LisectAVT_2403002A_2.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmpCF64.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\qHqJcuLw.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\qHqJcuLw.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\qHqJcuLw.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3uhuktwx.pnf.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fd0434iv.evp.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ghcx1pe0.htk.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hwjhha2j.vou.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nl52yuir.5ok.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qsaebg2q.oef.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vfi4kfp0.y3h.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xjiaefui.gd1.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpE378.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\LisectAVT_2403002A_2.exe
|
"C:\Users\user\Desktop\LisectAVT_2403002A_2.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\LisectAVT_2403002A_2.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\qHqJcuLw.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\qHqJcuLw" /XML "C:\Users\user\AppData\Local\Temp\tmpCF64.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\qHqJcuLw.exe
|
C:\Users\user\AppData\Roaming\qHqJcuLw.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\qHqJcuLw" /XML "C:\Users\user\AppData\Local\Temp\tmpE378.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.google.com
|
unknown
|
|
|
|
http://www.google.com)Uygun
|
unknown
|
|
|
|
https://api.ipify.org/
|
172.67.74.152
|
||
|
http://sg2plcpnl0128.prod.sin2.secureserver.net
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://api.ipify.org
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
https://api.ipify.org/t
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
sg2plcpnl0128.prod.sin2.secureserver.net
|
182.50.135.77
|
|
|
|
api.ipify.org
|
172.67.74.152
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
182.50.135.77
|
sg2plcpnl0128.prod.sin2.secureserver.net
|
Singapore
|
|
|
|
172.67.74.152
|
api.ipify.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
437E000
|
trusted library allocation
|
page read and write
|
|
|
|
4CA2000
|
trusted library allocation
|
page read and write
|
|
|
|
2A6C000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
2A9C000
|
trusted library allocation
|
page read and write
|
|
|
|
2A71000
|
trusted library allocation
|
page read and write
|
|
|
|
45DF000
|
trusted library allocation
|
page read and write
|
|
|
|
2A41000
|
trusted library allocation
|
page read and write
|
|
|
|
171E000
|
stack
|
page read and write
|
||
|
3244000
|
trusted library allocation
|
page read and write
|
||
|
C50000
|
heap
|
page read and write
|
||
|
4393000
|
trusted library allocation
|
page read and write
|
||
|
CA2000
|
heap
|
page read and write
|
||
|
2A2F000
|
trusted library allocation
|
page read and write
|
||
|
354D000
|
trusted library allocation
|
page read and write
|
||
|
1308000
|
heap
|
page read and write
|
||
|
4686000
|
trusted library allocation
|
page read and write
|
||
|
5540000
|
trusted library allocation
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
3030000
|
heap
|
page read and write
|
||
|
1592000
|
trusted library allocation
|
page read and write
|
||
|
2DBB000
|
heap
|
page read and write
|
||
|
1500000
|
trusted library allocation
|
page read and write
|
||
|
2A3D000
|
stack
|
page read and write
|
||
|
5A50000
|
heap
|
page read and write
|
||
|
1557000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FD5000
|
trusted library allocation
|
page read and write
|
||
|
55E0000
|
trusted library allocation
|
page read and write
|
||
|
1343000
|
heap
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
55DF000
|
stack
|
page read and write
|
||
|
C5A000
|
heap
|
page read and write
|
||
|
29F0000
|
trusted library allocation
|
page read and write
|
||
|
13BF000
|
heap
|
page read and write
|
||
|
2EFE000
|
stack
|
page read and write
|
||
|
1384000
|
heap
|
page read and write
|
||
|
2C6B000
|
heap
|
page read and write
|
||
|
2986000
|
trusted library allocation
|
page read and write
|
||
|
42A9000
|
trusted library allocation
|
page read and write
|
||
|
61BE000
|
stack
|
page read and write
|
||
|
6330000
|
trusted library allocation
|
page read and write
|
||
|
2BBE000
|
unkown
|
page read and write
|
||
|
79CE000
|
stack
|
page read and write
|
||
|
CC6000
|
heap
|
page read and write
|
||
|
55D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6230000
|
trusted library allocation
|
page read and write
|
||
|
13C8000
|
heap
|
page read and write
|
||
|
B180000
|
trusted library allocation
|
page read and write
|
||
|
6380000
|
trusted library allocation
|
page read and write
|
||
|
15D7000
|
heap
|
page read and write
|
||
|
4F4B000
|
trusted library allocation
|
page read and write
|
||
|
5A35000
|
heap
|
page read and write
|
||
|
157D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5630000
|
heap
|
page read and write
|
||
|
2D9F000
|
stack
|
page read and write
|
||
|
4F0C000
|
stack
|
page read and write
|
||
|
28DE000
|
stack
|
page read and write
|
||
|
629D000
|
stack
|
page read and write
|
||
|
DF0000
|
trusted library allocation
|
page read and write
|
||
|
529C000
|
stack
|
page read and write
|
||
|
134E000
|
heap
|
page read and write
|
||
|
5090000
|
heap
|
page read and write
|
||
|
293E000
|
stack
|
page read and write
|
||
|
985E000
|
stack
|
page read and write
|
||
|
4041000
|
trusted library allocation
|
page read and write
|
||
|
7290000
|
heap
|
page read and write
|
||
|
3265000
|
trusted library allocation
|
page read and write
|
||
|
B02C000
|
stack
|
page read and write
|
||
|
39F1000
|
trusted library allocation
|
page read and write
|
||
|
D64000
|
trusted library allocation
|
page read and write
|
||
|
659E000
|
stack
|
page read and write
|
||
|
53BE000
|
stack
|
page read and write
|
||
|
549F000
|
stack
|
page read and write
|
||
|
8FAE000
|
stack
|
page read and write
|
||
|
5D00000
|
heap
|
page read and write
|
||
|
15A0000
|
trusted library allocation
|
page read and write
|
||
|
72C9000
|
heap
|
page read and write
|
||
|
29EE000
|
stack
|
page read and write
|
||
|
2A74000
|
trusted library allocation
|
page read and write
|
||
|
7190000
|
heap
|
page read and write
|
||
|
3250000
|
trusted library allocation
|
page read and write
|
||
|
2A98000
|
trusted library allocation
|
page read and write
|
||
|
57A0000
|
heap
|
page execute and read and write
|
||
|
4FCC000
|
stack
|
page read and write
|
||
|
1080000
|
trusted library allocation
|
page read and write
|
||
|
8DE6000
|
trusted library allocation
|
page read and write
|
||
|
13FC000
|
heap
|
page read and write
|
||
|
4F70000
|
heap
|
page read and write
|
||
|
6310000
|
trusted library allocation
|
page read and write
|
||
|
1070000
|
trusted library allocation
|
page read and write
|
||
|
155B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1195000
|
heap
|
page read and write
|
||
|
4505000
|
trusted library allocation
|
page read and write
|
||
|
1610000
|
heap
|
page read and write
|
||
|
51BC000
|
stack
|
page read and write
|
||
|
1090000
|
heap
|
page read and write
|
||
|
1336000
|
heap
|
page read and write
|
||
|
1523000
|
trusted library allocation
|
page execute and read and write
|
||
|
5640000
|
heap
|
page read and write
|
||
|
307D000
|
trusted library allocation
|
page read and write
|
||
|
1341000
|
heap
|
page read and write
|
||
|
ED1000
|
heap
|
page read and write
|
||
|
7EE000
|
stack
|
page read and write
|
||
|
1570000
|
trusted library allocation
|
page read and write
|
||
|
6490000
|
trusted library allocation
|
page read and write
|
||
|
C65000
|
heap
|
page read and write
|
||
|
12AE000
|
stack
|
page read and write
|
||
|
7CCE000
|
stack
|
page read and write
|
||
|
D82000
|
trusted library allocation
|
page read and write
|
||
|
5A20000
|
trusted library allocation
|
page execute and read and write
|
||
|
130E000
|
heap
|
page read and write
|
||
|
6323000
|
trusted library allocation
|
page read and write
|
||
|
323C000
|
stack
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
5560000
|
trusted library allocation
|
page read and write
|
||
|
655E000
|
stack
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
66C0000
|
trusted library allocation
|
page read and write
|
||
|
CA2000
|
unkown
|
page readonly
|
||
|
1150000
|
heap
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
2A66000
|
trusted library allocation
|
page read and write
|
||
|
2B70000
|
heap
|
page read and write
|
||
|
A7CE000
|
stack
|
page read and write
|
||
|
2A6A000
|
trusted library allocation
|
page read and write
|
||
|
B38000
|
stack
|
page read and write
|
||
|
3050000
|
trusted library allocation
|
page read and write
|
||
|
7FC70000
|
trusted library allocation
|
page execute and read and write
|
||
|
507C000
|
stack
|
page read and write
|
||
|
59EE000
|
stack
|
page read and write
|
||
|
29AE000
|
unkown
|
page read and write
|
||
|
56A0000
|
heap
|
page read and write
|
||
|
763B000
|
trusted library allocation
|
page read and write
|
||
|
7620000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A40000
|
heap
|
page read and write
|
||
|
4F72000
|
trusted library allocation
|
page read and write
|
||
|
2A00000
|
trusted library allocation
|
page read and write
|
||
|
3A21000
|
trusted library allocation
|
page read and write
|
||
|
53FD000
|
stack
|
page read and write
|
||
|
7690000
|
trusted library allocation
|
page execute and read and write
|
||
|
5650000
|
trusted library allocation
|
page read and write
|
||
|
58C0000
|
trusted library section
|
page read and write
|
||
|
3040000
|
trusted library allocation
|
page read and write
|
||
|
1375000
|
heap
|
page read and write
|
||
|
5860000
|
trusted library allocation
|
page read and write
|
||
|
2975000
|
trusted library allocation
|
page read and write
|
||
|
C67000
|
heap
|
page read and write
|
||
|
2D0E000
|
stack
|
page read and write
|
||
|
D86000
|
trusted library allocation
|
page execute and read and write
|
||
|
54D0000
|
trusted library allocation
|
page read and write
|
||
|
5C97000
|
heap
|
page read and write
|
||
|
58CB000
|
stack
|
page read and write
|
||
|
2BFF000
|
unkown
|
page read and write
|
||
|
ED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5C93000
|
heap
|
page read and write
|
||
|
1190000
|
heap
|
page read and write
|
||
|
EC0000
|
trusted library allocation
|
page read and write
|
||
|
CF2000
|
heap
|
page read and write
|
||
|
306E000
|
trusted library allocation
|
page read and write
|
||
|
5790000
|
trusted library allocation
|
page execute and read and write
|
||
|
50AE000
|
stack
|
page read and write
|
||
|
5640000
|
trusted library allocation
|
page execute and read and write
|
||
|
3365000
|
trusted library allocation
|
page read and write
|
||
|
303C000
|
stack
|
page read and write
|
||
|
6238000
|
trusted library allocation
|
page read and write
|
||
|
1542000
|
trusted library allocation
|
page read and write
|
||
|
6390000
|
trusted library allocation
|
page execute and read and write
|
||
|
3290000
|
heap
|
page execute and read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
153D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3310000
|
trusted library allocation
|
page read and write
|
||
|
2960000
|
heap
|
page read and write
|
||
|
4A28000
|
trusted library allocation
|
page read and write
|
||
|
3082000
|
trusted library allocation
|
page read and write
|
||
|
7BCE000
|
stack
|
page read and write
|
||
|
639E000
|
stack
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
6700000
|
trusted library allocation
|
page execute and read and write
|
||
|
80A0000
|
trusted library section
|
page read and write
|
||
|
DE0000
|
trusted library allocation
|
page read and write
|
||
|
FEF000
|
stack
|
page read and write
|
||
|
AF2C000
|
stack
|
page read and write
|
||
|
43E000
|
remote allocation
|
page execute and read and write
|
||
|
73CE000
|
stack
|
page read and write
|
||
|
3A86000
|
trusted library allocation
|
page read and write
|
||
|
153E000
|
stack
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
2A79000
|
stack
|
page read and write
|
||
|
2FFE000
|
stack
|
page read and write
|
||
|
B16E000
|
stack
|
page read and write
|
||
|
15D0000
|
heap
|
page read and write
|
||
|
30E5000
|
trusted library allocation
|
page read and write
|
||
|
15E0000
|
heap
|
page read and write
|
||
|
635E000
|
stack
|
page read and write
|
||
|
7CD0000
|
heap
|
page read and write
|
||
|
13DE000
|
heap
|
page read and write
|
||
|
E70000
|
trusted library allocation
|
page read and write
|
||
|
5FCE000
|
stack
|
page read and write
|
||
|
91AD000
|
stack
|
page read and write
|
||
|
741E000
|
stack
|
page read and write
|
||
|
102E000
|
stack
|
page read and write
|
||
|
621E000
|
stack
|
page read and write
|
||
|
2DB0000
|
heap
|
page read and write
|
||
|
578E000
|
stack
|
page read and write
|
||
|
2A21000
|
trusted library allocation
|
page read and write
|
||
|
55E0000
|
trusted library allocation
|
page read and write
|
||
|
4F4E000
|
trusted library allocation
|
page read and write
|
||
|
1320000
|
heap
|
page read and write
|
||
|
54FF000
|
stack
|
page read and write
|
||
|
5530000
|
trusted library allocation
|
page read and write
|
||
|
CA0000
|
unkown
|
page readonly
|
||
|
2FCE000
|
stack
|
page read and write
|
||
|
28E0000
|
heap
|
page read and write
|
||
|
D60000
|
trusted library allocation
|
page read and write
|
||
|
13AB000
|
heap
|
page read and write
|
||
|
60D0000
|
heap
|
page read and write
|
||
|
5A1E000
|
stack
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
798E000
|
stack
|
page read and write
|
||
|
3071000
|
trusted library allocation
|
page read and write
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
58B0000
|
trusted library section
|
page read and write
|
||
|
572B000
|
stack
|
page read and write
|
||
|
E7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1560000
|
trusted library allocation
|
page read and write
|
||
|
60BE000
|
stack
|
page read and write
|
||
|
DA7000
|
trusted library allocation
|
page execute and read and write
|
||
|
7630000
|
trusted library allocation
|
page read and write
|
||
|
15BE000
|
stack
|
page read and write
|
||
|
4F5A000
|
trusted library allocation
|
page read and write
|
||
|
5640000
|
heap
|
page read and write
|
||
|
E80000
|
trusted library allocation
|
page read and write
|
||
|
4B8E000
|
stack
|
page read and write
|
||
|
B06E000
|
stack
|
page read and write
|
||
|
5740000
|
trusted library allocation
|
page read and write
|
||
|
1157000
|
stack
|
page read and write
|
||
|
5C10000
|
heap
|
page read and write
|
||
|
4F40000
|
trusted library allocation
|
page read and write
|
||
|
2A61000
|
trusted library allocation
|
page read and write
|
||
|
637E000
|
stack
|
page read and write
|
||
|
7680000
|
trusted library allocation
|
page read and write
|
||
|
AF9000
|
stack
|
page read and write
|
||
|
5C3E000
|
stack
|
page read and write
|
||
|
1327000
|
heap
|
page read and write
|
||
|
421E000
|
trusted library allocation
|
page read and write
|
||
|
7D18000
|
heap
|
page read and write
|
||
|
5670000
|
trusted library allocation
|
page execute and read and write
|
||
|
29E0000
|
heap
|
page read and write
|
||
|
58D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
54DE000
|
trusted library allocation
|
page read and write
|
||
|
1590000
|
trusted library allocation
|
page read and write
|
||
|
EF4000
|
heap
|
page read and write
|
||
|
12EE000
|
stack
|
page read and write
|
||
|
5A40000
|
heap
|
page read and write
|
||
|
1530000
|
trusted library allocation
|
page read and write
|
||
|
5520000
|
trusted library allocation
|
page read and write
|
||
|
2F10000
|
heap
|
page read and write
|
||
|
3240000
|
trusted library allocation
|
page read and write
|
||
|
751F000
|
stack
|
page read and write
|
||
|
132E000
|
stack
|
page read and write
|
||
|
503E000
|
stack
|
page read and write
|
||
|
9138000
|
trusted library allocation
|
page read and write
|
||
|
72EF000
|
heap
|
page read and write
|
||
|
6250000
|
trusted library allocation
|
page read and write
|
||
|
5730000
|
trusted library allocation
|
page read and write
|
||
|
788E000
|
stack
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
1300000
|
heap
|
page read and write
|
||
|
E74000
|
trusted library allocation
|
page read and write
|
||
|
58D0000
|
heap
|
page read and write
|
||
|
1290000
|
heap
|
page read and write
|
||
|
4F46000
|
trusted library allocation
|
page read and write
|
||
|
5502000
|
trusted library allocation
|
page read and write
|
||
|
3090000
|
heap
|
page read and write
|
||
|
2980000
|
trusted library allocation
|
page read and write
|
||
|
55A3000
|
heap
|
page read and write
|
||
|
EA5000
|
trusted library allocation
|
page execute and read and write
|
||
|
5535000
|
trusted library allocation
|
page read and write
|
||
|
DD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F6D000
|
trusted library allocation
|
page read and write
|
||
|
4581000
|
trusted library allocation
|
page read and write
|
||
|
7BD2000
|
trusted library allocation
|
page read and write
|
||
|
1596000
|
trusted library allocation
|
page execute and read and write
|
||
|
7640000
|
trusted library allocation
|
page read and write
|
||
|
301D000
|
stack
|
page read and write
|
||
|
6337000
|
trusted library allocation
|
page read and write
|
||
|
A9A0000
|
heap
|
page read and write
|
||
|
1550000
|
trusted library allocation
|
page read and write
|
||
|
1340000
|
heap
|
page read and write
|
||
|
5510000
|
trusted library allocation
|
page read and write
|
||
|
305B000
|
trusted library allocation
|
page read and write
|
||
|
1408000
|
heap
|
page read and write
|
||
|
3270000
|
trusted library allocation
|
page read and write
|
||
|
106C000
|
stack
|
page read and write
|
||
|
3076000
|
trusted library allocation
|
page read and write
|
||
|
539E000
|
stack
|
page read and write
|
||
|
4F4E000
|
stack
|
page read and write
|
||
|
50B0000
|
heap
|
page execute and read and write
|
||
|
159A000
|
trusted library allocation
|
page execute and read and write
|
||
|
722E000
|
heap
|
page read and write
|
||
|
55B0000
|
heap
|
page read and write
|
||
|
2A10000
|
heap
|
page execute and read and write
|
||
|
4F60000
|
heap
|
page read and write
|
||
|
29FB000
|
trusted library allocation
|
page read and write
|
||
|
59DE000
|
stack
|
page read and write
|
||
|
62FF000
|
stack
|
page read and write
|
||
|
A990000
|
heap
|
page read and write
|
||
|
58E0000
|
heap
|
page execute and read and write
|
||
|
2A6D000
|
trusted library allocation
|
page read and write
|
||
|
5B50000
|
trusted library allocation
|
page read and write
|
||
|
15A2000
|
trusted library allocation
|
page read and write
|
||
|
2F80000
|
heap
|
page execute and read and write
|
||
|
68A0000
|
heap
|
page read and write
|
||
|
5A81000
|
heap
|
page read and write
|
||
|
2C4E000
|
stack
|
page read and write
|
||
|
624D000
|
trusted library allocation
|
page read and write
|
||
|
1552000
|
trusted library allocation
|
page read and write
|
||
|
D70000
|
trusted library allocation
|
page read and write
|
||
|
5D92000
|
heap
|
page read and write
|
||
|
E92000
|
trusted library allocation
|
page read and write
|
||
|
2AAC000
|
trusted library allocation
|
page read and write
|
||
|
7B0E000
|
stack
|
page read and write
|
||
|
EAB000
|
trusted library allocation
|
page execute and read and write
|
||
|
5D2A000
|
heap
|
page read and write
|
||
|
29F1000
|
trusted library allocation
|
page read and write
|
||
|
65DE000
|
stack
|
page read and write
|
||
|
4097000
|
trusted library allocation
|
page read and write
|
||
|
2A26000
|
trusted library allocation
|
page read and write
|
||
|
13BC000
|
heap
|
page read and write
|
||
|
52BE000
|
stack
|
page read and write
|
||
|
EA7000
|
trusted library allocation
|
page execute and read and write
|
||
|
54F6000
|
trusted library allocation
|
page read and write
|
||
|
E73000
|
trusted library allocation
|
page execute and read and write
|
||
|
2984000
|
trusted library allocation
|
page read and write
|
||
|
D8A000
|
trusted library allocation
|
page execute and read and write
|
||
|
DA5000
|
trusted library allocation
|
page execute and read and write
|
||
|
158D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3260000
|
trusted library allocation
|
page read and write
|
||
|
3246000
|
trusted library allocation
|
page read and write
|
||
|
3041000
|
trusted library allocation
|
page read and write
|
||
|
6318000
|
trusted library allocation
|
page read and write
|
||
|
3A49000
|
trusted library allocation
|
page read and write
|
||
|
5880000
|
heap
|
page read and write
|
||
|
4F52000
|
trusted library allocation
|
page read and write
|
||
|
7ACE000
|
stack
|
page read and write
|
||
|
39F7000
|
trusted library allocation
|
page read and write
|
||
|
2969000
|
trusted library allocation
|
page read and write
|
||
|
14FE000
|
stack
|
page read and write
|
||
|
1580000
|
trusted library allocation
|
page read and write
|
||
|
2944000
|
trusted library allocation
|
page read and write
|
||
|
5A60000
|
heap
|
page read and write
|
||
|
1297000
|
heap
|
page read and write
|
||
|
4702000
|
trusted library allocation
|
page read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
507E000
|
stack
|
page read and write
|
||
|
54DE000
|
stack
|
page read and write
|
||
|
C38000
|
heap
|
page read and write
|
||
|
61FE000
|
stack
|
page read and write
|
||
|
1574000
|
trusted library allocation
|
page read and write
|
||
|
5C99000
|
heap
|
page read and write
|
||
|
28BD000
|
stack
|
page read and write
|
||
|
3093000
|
trusted library allocation
|
page read and write
|
||
|
4F61000
|
trusted library allocation
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
32F3000
|
trusted library allocation
|
page read and write
|
||
|
A3A000
|
stack
|
page read and write
|
||
|
4AFC000
|
stack
|
page read and write
|
||
|
4F02000
|
trusted library allocation
|
page read and write
|
||
|
7510000
|
trusted library allocation
|
page execute and read and write
|
||
|
D63000
|
trusted library allocation
|
page execute and read and write
|
||
|
AD8F000
|
stack
|
page read and write
|
||
|
1583000
|
trusted library allocation
|
page read and write
|
||
|
60CE000
|
stack
|
page read and write
|
||
|
D6D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1524000
|
trusted library allocation
|
page read and write
|
||
|
2AA4000
|
trusted library allocation
|
page read and write
|
||
|
66F0000
|
heap
|
page read and write
|
||
|
2950000
|
trusted library allocation
|
page read and write
|
||
|
D80000
|
trusted library allocation
|
page read and write
|
||
|
5C0C000
|
stack
|
page read and write
|
||
|
12EE000
|
stack
|
page read and write
|
||
|
1546000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FF0000
|
heap
|
page execute and read and write
|
||
|
761E000
|
stack
|
page read and write
|
||
|
3075000
|
trusted library allocation
|
page read and write
|
||
|
E60000
|
trusted library allocation
|
page read and write
|
||
|
DE9000
|
stack
|
page read and write
|
||
|
607E000
|
stack
|
page read and write
|
||
|
D50000
|
trusted library allocation
|
page read and write
|
||
|
105A000
|
stack
|
page read and write
|
||
|
5632000
|
trusted library allocation
|
page read and write
|
||
|
5DA4000
|
heap
|
page read and write
|
||
|
55A0000
|
heap
|
page read and write
|
||
|
ED8000
|
heap
|
page read and write
|
||
|
1540000
|
trusted library allocation
|
page read and write
|
||
|
2A57000
|
trusted library allocation
|
page read and write
|
||
|
6328000
|
trusted library allocation
|
page read and write
|
||
|
D7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
30DE000
|
stack
|
page read and write
|
||
|
2954000
|
trusted library allocation
|
page read and write
|
||
|
154A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1368000
|
heap
|
page read and write
|
||
|
5A30000
|
trusted library allocation
|
page read and write
|
||
|
32D5000
|
trusted library allocation
|
page read and write
|
||
|
1533000
|
trusted library allocation
|
page read and write
|
||
|
40E5000
|
trusted library allocation
|
page read and write
|
||
|
95DC000
|
stack
|
page read and write
|
||
|
62C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
91B0000
|
heap
|
page read and write
|
||
|
5A50000
|
heap
|
page read and write
|
||
|
5E8E000
|
stack
|
page read and write
|
||
|
2FD0000
|
trusted library allocation
|
page read and write
|
||
|
5BFE000
|
stack
|
page read and write
|
||
|
134A000
|
heap
|
page read and write
|
||
|
29EF000
|
unkown
|
page read and write
|
||
|
54DB000
|
trusted library allocation
|
page read and write
|
||
|
4F5E000
|
trusted library allocation
|
page read and write
|
||
|
C55000
|
heap
|
page read and write
|
||
|
152D000
|
trusted library allocation
|
page execute and read and write
|
||
|
12A0000
|
heap
|
page read and write
|
||
|
E38000
|
heap
|
page read and write
|
||
|
AC8E000
|
stack
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
A98D000
|
stack
|
page read and write
|
||
|
7500000
|
trusted library allocation
|
page read and write
|
||
|
49F8000
|
trusted library allocation
|
page read and write
|
||
|
50A0000
|
heap
|
page read and write
|
||
|
6257000
|
trusted library allocation
|
page read and write
|
||
|
4341000
|
trusted library allocation
|
page read and write
|
||
|
5F7D000
|
stack
|
page read and write
|
||
|
EE3000
|
heap
|
page read and write
|
||
|
1370000
|
heap
|
page read and write
|
||
|
447E000
|
trusted library allocation
|
page read and write
|
||
|
55C0000
|
trusted library allocation
|
page read and write
|
||
|
5A2E000
|
stack
|
page read and write
|
||
|
5B0D000
|
stack
|
page read and write
|
||
|
2A9A000
|
trusted library allocation
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
5DC2000
|
heap
|
page read and write
|
||
|
D07000
|
heap
|
page read and write
|
||
|
2D8F000
|
stack
|
page read and write
|
||
|
5600000
|
trusted library allocation
|
page execute and read and write
|
||
|
5630000
|
trusted library allocation
|
page read and write
|
||
|
E9F000
|
heap
|
page read and write
|
||
|
10F7000
|
stack
|
page read and write
|
||
|
15B7000
|
heap
|
page read and write
|
||
|
E9A000
|
trusted library allocation
|
page execute and read and write
|
||
|
6320000
|
trusted library allocation
|
page read and write
|
||
|
E2E000
|
stack
|
page read and write
|
||
|
7CE5000
|
heap
|
page read and write
|
||
|
CCC000
|
heap
|
page read and write
|
||
|
5620000
|
heap
|
page read and write
|
||
|
632D000
|
trusted library allocation
|
page read and write
|
||
|
29F4000
|
trusted library allocation
|
page read and write
|
||
|
63A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
54F1000
|
trusted library allocation
|
page read and write
|
||
|
5A45000
|
heap
|
page read and write
|
||
|
1570000
|
trusted library allocation
|
page read and write
|
||
|
643F000
|
stack
|
page read and write
|
||
|
5620000
|
trusted library section
|
page readonly
|
||
|
2A5F000
|
trusted library allocation
|
page read and write
|
||
|
30E0000
|
trusted library allocation
|
page read and write
|
||
|
45A1000
|
trusted library allocation
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
EA2000
|
trusted library allocation
|
page read and write
|
||
|
54D4000
|
trusted library allocation
|
page read and write
|
||
|
15B0000
|
heap
|
page read and write
|
||
|
29A0000
|
trusted library allocation
|
page read and write
|
||
|
9960000
|
trusted library allocation
|
page read and write
|
||
|
15A7000
|
trusted library allocation
|
page execute and read and write
|
||
|
94AE000
|
stack
|
page read and write
|
||
|
93DF000
|
stack
|
page read and write
|
||
|
E08000
|
heap
|
page read and write
|
||
|
15D0000
|
trusted library allocation
|
page read and write
|
||
|
2A90000
|
heap
|
page read and write
|
||
|
312D000
|
stack
|
page read and write
|
||
|
4133000
|
trusted library allocation
|
page read and write
|
||
|
E2B000
|
heap
|
page read and write
|
||
|
EF8000
|
heap
|
page read and write
|
||
|
28FA000
|
stack
|
page read and write
|
||
|
15C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5870000
|
trusted library allocation
|
page read and write
|
||
|
7F8A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C60000
|
heap
|
page read and write
|
||
|
C0E000
|
stack
|
page read and write
|
||
|
5C87000
|
heap
|
page read and write
|
||
|
2A2C000
|
trusted library allocation
|
page read and write
|
||
|
3A57000
|
trusted library allocation
|
page read and write
|
||
|
3A19000
|
trusted library allocation
|
page read and write
|
||
|
56B0000
|
heap
|
page read and write
|
||
|
7CF6000
|
heap
|
page read and write
|
||
|
6240000
|
trusted library allocation
|
page read and write
|
||
|
995E000
|
stack
|
page read and write
|
||
|
55C2000
|
trusted library allocation
|
page read and write
|
||
|
6480000
|
trusted library allocation
|
page read and write
|
||
|
4049000
|
trusted library allocation
|
page read and write
|
||
|
E35000
|
heap
|
page read and write
|
||
|
54C0000
|
trusted library allocation
|
page read and write
|
||
|
AB8E000
|
stack
|
page read and write
|
||
|
5A30000
|
heap
|
page read and write
|
||
|
971D000
|
stack
|
page read and write
|
||
|
7220000
|
heap
|
page read and write
|
||
|
42A1000
|
trusted library allocation
|
page read and write
|
||
|
1520000
|
trusted library allocation
|
page read and write
|
||
|
5690000
|
trusted library section
|
page readonly
|
||
|
5850000
|
heap
|
page read and write
|
||
|
4BFD000
|
stack
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
517C000
|
stack
|
page read and write
|
||
|
E90000
|
trusted library allocation
|
page read and write
|
||
|
6487000
|
trusted library allocation
|
page read and write
|
||
|
5093000
|
heap
|
page read and write
|
||
|
1510000
|
heap
|
page read and write
|
||
|
DA2000
|
trusted library allocation
|
page read and write
|
||
|
785000
|
heap
|
page read and write
|
||
|
56B3000
|
heap
|
page read and write
|
||
|
5F8F000
|
stack
|
page read and write
|
||
|
2A3D000
|
trusted library allocation
|
page read and write
|
||
|
54EE000
|
trusted library allocation
|
page read and write
|
||
|
72B000
|
stack
|
page read and write
|
||
|
A78D000
|
stack
|
page read and write
|
||
|
981E000
|
stack
|
page read and write
|
||
|
74CE000
|
stack
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
96DC000
|
stack
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
30EF000
|
trusted library allocation
|
page read and write
|
||
|
93AE000
|
stack
|
page read and write
|
||
|
1600000
|
trusted library allocation
|
page execute and read and write
|
||
|
72B4000
|
heap
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
569F000
|
trusted library section
|
page readonly
|
||
|
2F7E000
|
stack
|
page read and write
|
||
|
DC0000
|
trusted library allocation
|
page read and write
|
||
|
7D27000
|
heap
|
page read and write
|
||
|
16DE000
|
stack
|
page read and write
|
||
|
1096000
|
heap
|
page read and write
|
||
|
32A1000
|
trusted library allocation
|
page read and write
|
||
|
611E000
|
stack
|
page read and write
|
||
|
15AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2990000
|
heap
|
page execute and read and write
|
||
|
EDA000
|
heap
|
page read and write
|
||
|
54FD000
|
trusted library allocation
|
page read and write
|
||
|
1382000
|
heap
|
page read and write
|
||
|
4F66000
|
trusted library allocation
|
page read and write
|
||
|
755E000
|
stack
|
page read and write
|
||
|
AE90000
|
heap
|
page read and write
|
||
|
76EE000
|
stack
|
page read and write
|
||
|
1573000
|
trusted library allocation
|
page execute and read and write
|
||
|
E96000
|
trusted library allocation
|
page execute and read and write
|
||
|
DAB000
|
trusted library allocation
|
page execute and read and write
|
There are 542 hidden memdumps, click here to show them.