Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
UD61dgs2rz.exe
|
initial sample
|
 |
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\UD61dgs2rz.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmpC22F.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\HODoCxSdp.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\HODoCxSdp.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\HODoCxSdp.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_05fyhmbz.5bq.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5f4u2fzh.ljg.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aolmdvef.h5l.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bmeaug3f.3vt.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hs0q00c4.s03.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m2y5hn5h.e5a.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sdfpmxpk.gjq.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xb4hpvfb.qjg.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpD46F.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
There are 7 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\UD61dgs2rz.exe
|
"C:\Users\user\Desktop\UD61dgs2rz.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\UD61dgs2rz.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HODoCxSdp.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HODoCxSdp" /XML "C:\Users\user\AppData\Local\Temp\tmpC22F.tmp"
|
|
|
|
C:\Users\user\Desktop\UD61dgs2rz.exe
|
"C:\Users\user\Desktop\UD61dgs2rz.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\HODoCxSdp.exe
|
C:\Users\user\AppData\Roaming\HODoCxSdp.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HODoCxSdp" /XML "C:\Users\user\AppData\Local\Temp\tmpD46F.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\HODoCxSdp.exe
|
"C:\Users\user\AppData\Roaming\HODoCxSdp.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 3 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
204.10.160.230
|
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
http://geoplugin.net/N
|
unknown
|
||
|
http://geoplugin.net/json.gp6
|
unknown
|
||
|
http://geoplugin.net/
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://www.chiark.greenend.org.uk/~sgtatham/putty/0
|
unknown
|
||
|
http://geoplugin.net/json.gp:
|
unknown
|
||
|
http://geoplugin.net/-6
|
unknown
|
||
|
http://geoplugin.net/json.gpSystem32
|
unknown
|
||
|
http://geoplugin.net/json.gp?
|
unknown
|
There are 2 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
171.39.242.20.in-addr.arpa
|
unknown
|
|
|
|
geoplugin.net
|
178.237.33.50
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
204.10.160.230
|
unknown
|
Canada
|
|
|
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-O7QOC3
|
exepath
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-O7QOC3
|
licence
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
14CB000
|
heap
|
page read and write
|
|
|
|
EF7000
|
heap
|
page read and write
|
|
|
|
3B4E000
|
trusted library allocation
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
354D000
|
trusted library allocation
|
page read and write
|
|
|
|
53E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BE7000
|
trusted library allocation
|
page read and write
|
||
|
2960000
|
heap
|
page read and write
|
||
|
6C0000
|
trusted library allocation
|
page read and write
|
||
|
A02E000
|
stack
|
page read and write
|
||
|
4CE4000
|
heap
|
page read and write
|
||
|
7A4000
|
heap
|
page read and write
|
||
|
F4D000
|
heap
|
page read and write
|
||
|
9DAD000
|
stack
|
page read and write
|
||
|
EE0000
|
trusted library allocation
|
page read and write
|
||
|
9DBE000
|
stack
|
page read and write
|
||
|
5370000
|
trusted library allocation
|
page execute and read and write
|
||
|
742000
|
heap
|
page read and write
|
||
|
32EE000
|
stack
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
50C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
F16000
|
trusted library allocation
|
page execute and read and write
|
||
|
3940000
|
heap
|
page read and write
|
||
|
2E1C000
|
trusted library allocation
|
page read and write
|
||
|
6D00000
|
trusted library section
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
14B7000
|
heap
|
page read and write
|
||
|
3208000
|
heap
|
page read and write
|
||
|
4DB0000
|
heap
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
9DB0000
|
heap
|
page read and write
|
||
|
727E000
|
stack
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
5430000
|
heap
|
page read and write
|
||
|
86E000
|
stack
|
page read and write
|
||
|
31DE000
|
stack
|
page read and write
|
||
|
B11000
|
trusted library allocation
|
page read and write
|
||
|
69E000
|
stack
|
page read and write
|
||
|
29C0000
|
trusted library allocation
|
page read and write
|
||
|
9EED000
|
stack
|
page read and write
|
||
|
46E000
|
remote allocation
|
page execute and read and write
|
||
|
6F5E000
|
stack
|
page read and write
|
||
|
471000
|
remote allocation
|
page execute and read and write
|
||
|
C17000
|
heap
|
page read and write
|
||
|
2E0B000
|
trusted library allocation
|
page read and write
|
||
|
A2CC000
|
stack
|
page read and write
|
||
|
F22000
|
trusted library allocation
|
page read and write
|
||
|
28F0000
|
trusted library allocation
|
page read and write
|
||
|
758E000
|
stack
|
page read and write
|
||
|
E0D000
|
stack
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
475000
|
remote allocation
|
page execute and read and write
|
||
|
8AB000
|
stack
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
750F000
|
stack
|
page read and write
|
||
|
723E000
|
stack
|
page read and write
|
||
|
80B000
|
trusted library allocation
|
page execute and read and write
|
||
|
16AE000
|
stack
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
6BFE000
|
stack
|
page read and write
|
||
|
10EF000
|
stack
|
page read and write
|
||
|
585000
|
heap
|
page read and write
|
||
|
24BE000
|
stack
|
page read and write
|
||
|
820000
|
trusted library allocation
|
page read and write
|
||
|
740E000
|
stack
|
page read and write
|
||
|
405D000
|
trusted library allocation
|
page read and write
|
||
|
4FFD000
|
trusted library allocation
|
page read and write
|
||
|
F3D000
|
heap
|
page read and write
|
||
|
5339000
|
trusted library allocation
|
page read and write
|
||
|
73CE000
|
stack
|
page read and write
|
||
|
49B0000
|
heap
|
page read and write
|
||
|
7050000
|
heap
|
page read and write
|
||
|
F12000
|
trusted library allocation
|
page read and write
|
||
|
7150000
|
trusted library allocation
|
page read and write
|
||
|
29D0000
|
heap
|
page execute and read and write
|
||
|
B1D000
|
trusted library allocation
|
page read and write
|
||
|
4CB0000
|
heap
|
page read and write
|
||
|
B30000
|
trusted library allocation
|
page read and write
|
||
|
6D0000
|
trusted library allocation
|
page read and write
|
||
|
502B000
|
trusted library allocation
|
page read and write
|
||
|
79E000
|
heap
|
page read and write
|
||
|
533D000
|
trusted library allocation
|
page read and write
|
||
|
5140000
|
heap
|
page read and write
|
||
|
333F000
|
stack
|
page read and write
|
||
|
6F0F000
|
trusted library allocation
|
page read and write
|
||
|
9DC0000
|
heap
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
6E0000
|
trusted library allocation
|
page read and write
|
||
|
F60000
|
heap
|
page read and write
|
||
|
DC5000
|
heap
|
page read and write
|
||
|
B16000
|
trusted library allocation
|
page read and write
|
||
|
71FE000
|
stack
|
page read and write
|
||
|
5080000
|
trusted library allocation
|
page read and write
|
||
|
4FF1000
|
trusted library allocation
|
page read and write
|
||
|
EF3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BE9000
|
trusted library allocation
|
page read and write
|
||
|
6F1F000
|
heap
|
page read and write
|
||
|
AE0000
|
trusted library allocation
|
page read and write
|
||
|
F82000
|
heap
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
FA000
|
unkown
|
page readonly
|
||
|
18A000
|
stack
|
page read and write
|
||
|
7057000
|
heap
|
page read and write
|
||
|
B0E000
|
trusted library allocation
|
page read and write
|
||
|
6ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
5014000
|
trusted library allocation
|
page read and write
|
||
|
9DFD000
|
stack
|
page read and write
|
||
|
4FEE000
|
trusted library allocation
|
page read and write
|
||
|
F37000
|
heap
|
page read and write
|
||
|
4FC0000
|
trusted library allocation
|
page read and write
|
||
|
6E40000
|
trusted library section
|
page read and write
|
||
|
24E1000
|
trusted library allocation
|
page read and write
|
||
|
FBC000
|
stack
|
page read and write
|
||
|
BF0000
|
trusted library allocation
|
page read and write
|
||
|
3360000
|
heap
|
page read and write
|
||
|
5028000
|
trusted library allocation
|
page read and write
|
||
|
91C000
|
stack
|
page read and write
|
||
|
6AA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
49A0000
|
trusted library section
|
page readonly
|
||
|
7030000
|
trusted library allocation
|
page execute and read and write
|
||
|
5010000
|
trusted library allocation
|
page read and write
|
||
|
ECF000
|
stack
|
page read and write
|
||
|
FD9000
|
heap
|
page read and write
|
||
|
9CBE000
|
stack
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
EF0000
|
trusted library allocation
|
page read and write
|
||
|
53D7000
|
trusted library allocation
|
page read and write
|
||
|
734000
|
heap
|
page read and write
|
||
|
707E000
|
stack
|
page read and write
|
||
|
5020000
|
trusted library allocation
|
page read and write
|
||
|
A50E000
|
stack
|
page read and write
|
||
|
4920000
|
trusted library allocation
|
page read and write
|
||
|
5030000
|
trusted library allocation
|
page read and write
|
||
|
56FE000
|
stack
|
page read and write
|
||
|
70A000
|
heap
|
page read and write
|
||
|
53D2000
|
trusted library allocation
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
75CE000
|
stack
|
page read and write
|
||
|
6DB0000
|
heap
|
page read and write
|
||
|
70E000
|
heap
|
page read and write
|
||
|
332F000
|
stack
|
page read and write
|
||
|
B22000
|
trusted library allocation
|
page read and write
|
||
|
9B8000
|
stack
|
page read and write
|
||
|
5640000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C90000
|
trusted library allocation
|
page read and write
|
||
|
3AE1000
|
trusted library allocation
|
page read and write
|
||
|
7250000
|
trusted library allocation
|
page read and write
|
||
|
147E000
|
stack
|
page read and write
|
||
|
54E000
|
stack
|
page read and write
|
||
|
9EFE000
|
stack
|
page read and write
|
||
|
C00000
|
trusted library allocation
|
page read and write
|
||
|
5415000
|
heap
|
page read and write
|
||
|
3FA6000
|
trusted library allocation
|
page read and write
|
||
|
6DF0000
|
trusted library allocation
|
page read and write
|
||
|
AFB000
|
trusted library allocation
|
page read and write
|
||
|
F27000
|
trusted library allocation
|
page execute and read and write
|
||
|
2900000
|
heap
|
page read and write
|
||
|
7F6C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4AFD000
|
trusted library allocation
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
2B6F000
|
stack
|
page read and write
|
||
|
352F000
|
stack
|
page read and write
|
||
|
6DD0000
|
trusted library section
|
page read and write
|
||
|
987E000
|
stack
|
page read and write
|
||
|
754E000
|
stack
|
page read and write
|
||
|
6F0000
|
trusted library allocation
|
page read and write
|
||
|
A3CC000
|
stack
|
page read and write
|
||
|
32A0000
|
heap
|
page read and write
|
||
|
6FA000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F2000
|
trusted library allocation
|
page read and write
|
||
|
471000
|
remote allocation
|
page execute and read and write
|
||
|
A15E000
|
stack
|
page read and write
|
||
|
6F6000
|
trusted library allocation
|
page execute and read and write
|
||
|
802000
|
trusted library allocation
|
page read and write
|
||
|
5420000
|
heap
|
page read and write
|
||
|
6D3000
|
trusted library allocation
|
page execute and read and write
|
||
|
498B000
|
stack
|
page read and write
|
||
|
F6B000
|
heap
|
page read and write
|
||
|
3D80000
|
trusted library allocation
|
page read and write
|
||
|
DBE000
|
stack
|
page read and write
|
||
|
314E000
|
stack
|
page read and write
|
||
|
4C30000
|
heap
|
page read and write
|
||
|
34E1000
|
trusted library allocation
|
page read and write
|
||
|
1320000
|
heap
|
page read and write
|
||
|
518B000
|
stack
|
page read and write
|
||
|
7055000
|
heap
|
page read and write
|
||
|
3B09000
|
trusted library allocation
|
page read and write
|
||
|
F75000
|
heap
|
page read and write
|
||
|
A05E000
|
stack
|
page read and write
|
||
|
17EF000
|
stack
|
page read and write
|
||
|
9A7E000
|
stack
|
page read and write
|
||
|
6CFF000
|
stack
|
page read and write
|
||
|
807000
|
trusted library allocation
|
page execute and read and write
|
||
|
A31D000
|
stack
|
page read and write
|
||
|
296E000
|
stack
|
page read and write
|
||
|
6DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
9B80000
|
heap
|
page read and write
|
||
|
5120000
|
trusted library section
|
page readonly
|
||
|
D00000
|
heap
|
page read and write
|
||
|
7AE000
|
heap
|
page read and write
|
||
|
705D000
|
heap
|
page read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
4C70000
|
trusted library allocation
|
page read and write
|
||
|
A2DC000
|
stack
|
page read and write
|
||
|
4C1D000
|
stack
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
6D4000
|
trusted library allocation
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
EF4000
|
trusted library allocation
|
page read and write
|
||
|
E9E000
|
stack
|
page read and write
|
||
|
5330000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
unkown
|
page readonly
|
||
|
3EEF000
|
trusted library allocation
|
page read and write
|
||
|
4AE0000
|
heap
|
page read and write
|
||
|
25E9000
|
trusted library allocation
|
page read and write
|
||
|
F0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5220000
|
heap
|
page execute and read and write
|
||
|
5210000
|
heap
|
page read and write
|
||
|
704D000
|
heap
|
page read and write
|
||
|
ABE000
|
stack
|
page read and write
|
||
|
4C80000
|
heap
|
page read and write
|
||
|
5002000
|
trusted library allocation
|
page read and write
|
||
|
717E000
|
stack
|
page read and write
|
||
|
6F10000
|
heap
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
A54D000
|
stack
|
page read and write
|
||
|
3E38000
|
trusted library allocation
|
page read and write
|
||
|
7FB70000
|
trusted library allocation
|
page execute and read and write
|
||
|
3CBE000
|
trusted library allocation
|
page read and write
|
||
|
29B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
29AC000
|
stack
|
page read and write
|
||
|
F4E000
|
heap
|
page read and write
|
||
|
4F8000
|
stack
|
page read and write
|
||
|
7030000
|
heap
|
page read and write
|
||
|
532E000
|
stack
|
page read and write
|
||
|
53D0000
|
trusted library allocation
|
page read and write
|
||
|
4FD0000
|
trusted library allocation
|
page read and write
|
||
|
4FDB000
|
trusted library allocation
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
AF0000
|
trusted library allocation
|
page read and write
|
||
|
53A0000
|
trusted library allocation
|
page read and write
|
||
|
6E00000
|
trusted library allocation
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
6DE0000
|
trusted library section
|
page read and write
|
||
|
5410000
|
heap
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
4C7C000
|
stack
|
page read and write
|
||
|
4AF0000
|
trusted library allocation
|
page read and write
|
||
|
2ADE000
|
stack
|
page read and write
|
||
|
50A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F5A000
|
stack
|
page read and write
|
||
|
9BAF000
|
stack
|
page read and write
|
||
|
FE7000
|
heap
|
page read and write
|
||
|
342E000
|
stack
|
page read and write
|
||
|
71BE000
|
stack
|
page read and write
|
||
|
2F1D000
|
stack
|
page read and write
|
||
|
7140000
|
trusted library allocation
|
page read and write
|
||
|
5520000
|
heap
|
page read and write
|
||
|
997E000
|
stack
|
page read and write
|
||
|
24D0000
|
heap
|
page execute and read and write
|
||
|
F74000
|
heap
|
page read and write
|
||
|
9B7D000
|
stack
|
page read and write
|
||
|
725E000
|
trusted library allocation
|
page read and write
|
||
|
A1DB000
|
stack
|
page read and write
|
||
|
AC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
9FEE000
|
stack
|
page read and write
|
||
|
2CED000
|
stack
|
page read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
4FF6000
|
trusted library allocation
|
page read and write
|
||
|
14B0000
|
heap
|
page read and write
|
||
|
36BE000
|
trusted library allocation
|
page read and write
|
||
|
281C000
|
trusted library allocation
|
page read and write
|
||
|
3700000
|
heap
|
page read and write
|
||
|
310F000
|
unkown
|
page read and write
|
||
|
F1A000
|
trusted library allocation
|
page execute and read and write
|
||
|
AD0000
|
trusted library allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
4C40000
|
trusted library allocation
|
page execute and read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
D4E000
|
stack
|
page read and write
|
||
|
F67000
|
heap
|
page read and write
|
||
|
5130000
|
heap
|
page read and write
|
||
|
9CAE000
|
stack
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
45DC000
|
stack
|
page read and write
|
||
|
EF0000
|
heap
|
page read and write
|
||
|
5360000
|
heap
|
page read and write
|
||
|
72CE000
|
stack
|
page read and write
|
||
|
F00000
|
trusted library allocation
|
page read and write
|
||
|
9BE000
|
stack
|
page read and write
|
||
|
E55000
|
heap
|
page read and write
|
||
|
2920000
|
heap
|
page read and write
|
||
|
327F000
|
unkown
|
page read and write
|
||
|
5400000
|
trusted library allocation
|
page execute and read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
2D2A000
|
stack
|
page read and write
|
||
|
8BA000
|
stack
|
page read and write
|
||
|
7280000
|
trusted library allocation
|
page execute and read and write
|
||
|
5380000
|
trusted library allocation
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
3360000
|
heap
|
page read and write
|
||
|
A40E000
|
stack
|
page read and write
|
||
|
5050000
|
trusted library allocation
|
page read and write
|
||
|
F2B000
|
trusted library allocation
|
page execute and read and write
|
||
|
A12E000
|
stack
|
page read and write
|
||
|
53B0000
|
trusted library allocation
|
page read and write
|
||
|
2A6F000
|
stack
|
page read and write
|
||
|
F4A000
|
heap
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
5000000
|
trusted library allocation
|
page read and write
|
||
|
4AF9000
|
trusted library allocation
|
page read and write
|
||
|
4AE8000
|
trusted library allocation
|
page read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
5090000
|
trusted library allocation
|
page read and write
|
||
|
5016000
|
trusted library allocation
|
page read and write
|
||
|
6F00000
|
trusted library allocation
|
page read and write
|
||
|
4CC0000
|
heap
|
page read and write
|
||
|
319F000
|
stack
|
page read and write
|
||
|
BFB000
|
trusted library allocation
|
page read and write
|
||
|
A41E000
|
stack
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
53C0000
|
trusted library allocation
|
page read and write
|
||
|
2AE1000
|
trusted library allocation
|
page read and write
|
||
|
4995000
|
heap
|
page read and write
|
||
|
12000
|
unkown
|
page readonly
|
||
|
CFD000
|
stack
|
page read and write
|
||
|
12FC000
|
stack
|
page read and write
|
||
|
323E000
|
unkown
|
page read and write
|
||
|
5143000
|
heap
|
page read and write
|
||
|
4CA0000
|
heap
|
page execute and read and write
|
||
|
BF8000
|
trusted library allocation
|
page read and write
|
||
|
2DDE000
|
unkown
|
page read and write
|
||
|
100D000
|
heap
|
page read and write
|
||
|
A64E000
|
stack
|
page read and write
|
||
|
5092000
|
trusted library allocation
|
page read and write
|
||
|
336A000
|
heap
|
page read and write
|
||
|
3509000
|
trusted library allocation
|
page read and write
|
||
|
4C50000
|
trusted library allocation
|
page read and write
|
||
|
4990000
|
heap
|
page read and write
|
||
|
B58000
|
trusted library allocation
|
page read and write
|
||
|
4B13000
|
heap
|
page read and write
|
||
|
113F000
|
stack
|
page read and write
|
||
|
F10000
|
trusted library allocation
|
page read and write
|
||
|
9CE000
|
stack
|
page read and write
|
||
|
66A2000
|
trusted library allocation
|
page read and write
|
||
|
EFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7257000
|
trusted library allocation
|
page read and write
|
||
|
4FD4000
|
trusted library allocation
|
page read and write
|
||
|
16EE000
|
stack
|
page read and write
|
||
|
4B10000
|
heap
|
page read and write
|
There are 342 hidden memdumps, click here to show them.