Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
z3bqnf1WvW.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
|
JSON data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmp1FB5.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp2067.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8,
version-valid-for 4
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp27CE.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8,
version-valid-for 4
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp2D2E.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp3A01.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp3A11.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8,
version-valid-for 4
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp3EEC.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp4328.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp660D.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp663F.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp6A44.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp7183.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8,
version-valid-for 4
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp7367.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8,
version-valid-for 4
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp7511.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp77A2.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp7BFF.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp8327.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8,
version-valid-for 4
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp8751.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp897D.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp8BAF.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp8F81.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp92E5.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp9F14.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpA08.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8,
version-valid-for 4
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpA147.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpA7A3.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8,
version-valid-for 4
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpAFC0.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpCEC2.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpD034.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpD08B.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpD87B.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpDF23.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpE069.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpEBD7.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpEBD8.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpEBE8.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpF31E.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8,
version-valid-for 4
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpF665.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8,
version-valid-for 4
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpFFDD.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpFFED.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\snofla\llg\background.js
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\snofla\llg\content.js
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\snofla\llg\icon.png
|
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\snofla\llg\jquery.js
|
ASCII text, with very long lines (32086)
|
dropped
|
||
|
C:\Users\user\AppData\Local\snofla\llg\manifest.json
|
JSON data
|
dropped
|
There are 37 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\z3bqnf1WvW.exe
|
"C:\Users\user\Desktop\z3bqnf1WvW.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://178.63.51.126:9000/wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F
|
178.63.51.126
|
|
|
|
https://duckduckgo.com/chrome_newtab
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
|
unknown
|
||
|
http://schemas.datacontract.org/2004/07/
|
unknown
|
||
|
https://chrome.google.com/webstore
|
unknown
|
||
|
https://drive-daily-2.corp.google.com/
|
unknown
|
||
|
https://drive-autopush.corp.google.com/
|
unknown
|
||
|
https://drive-daily-4.corp.google.com/
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
https://duckduckgo.com/chrome_newtabS
|
unknown
|
||
|
https://www.ecosia.org/newtab/
|
unknown
|
||
|
https://drive-daily-1.corp.google.com/
|
unknown
|
||
|
http://178.63.51.126:9000/
|
unknown
|
||
|
https://drive-daily-5.corp.google.com/
|
unknown
|
||
|
https://docs.google.com/
|
unknown
|
||
|
http://purl.oen
|
unknown
|
||
|
https://ac.ecosia.org/autocomplete?q=
|
unknown
|
||
|
https://drive-staging.corp.google.com/
|
unknown
|
||
|
https://drive-daily-6.corp.google.com/
|
unknown
|
||
|
https://drive.google.com/
|
unknown
|
||
|
https://drive-daily-0.corp.google.com/
|
unknown
|
||
|
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
|
unknown
|
||
|
http://178.63.51.126:9000
|
unknown
|
||
|
https://drive-preprod.corp.google.com/
|
unknown
|
||
|
https://pastebin.com/raw/ZqQ3tKFz
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
|
unknown
|
||
|
https://www.google.com/
|
unknown
|
||
|
https://drive-daily-3.corp.google.com/
|
unknown
|
There are 21 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
178.63.51.126
|
unknown
|
Germany
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z3bqnf1WvW_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z3bqnf1WvW_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z3bqnf1WvW_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z3bqnf1WvW_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z3bqnf1WvW_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z3bqnf1WvW_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z3bqnf1WvW_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z3bqnf1WvW_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z3bqnf1WvW_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z3bqnf1WvW_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z3bqnf1WvW_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z3bqnf1WvW_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z3bqnf1WvW_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z3bqnf1WvW_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
642000
|
unkown
|
page readonly
|
|
|
|
FDD000
|
trusted library allocation
|
page execute and read and write
|
||
|
28C0000
|
heap
|
page read and write
|
||
|
3B42000
|
trusted library allocation
|
page read and write
|
||
|
530B000
|
trusted library allocation
|
page read and write
|
||
|
2C25000
|
trusted library allocation
|
page read and write
|
||
|
4EC0000
|
trusted library allocation
|
page read and write
|
||
|
B0A000
|
heap
|
page read and write
|
||
|
2C06000
|
trusted library allocation
|
page read and write
|
||
|
4EED000
|
trusted library allocation
|
page read and write
|
||
|
60D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C51000
|
trusted library allocation
|
page read and write
|
||
|
2C79000
|
trusted library allocation
|
page read and write
|
||
|
2AD6000
|
trusted library allocation
|
page read and write
|
||
|
5330000
|
trusted library allocation
|
page execute and read and write
|
||
|
60F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
39D1000
|
trusted library allocation
|
page read and write
|
||
|
2C32000
|
trusted library allocation
|
page read and write
|
||
|
2BBF000
|
trusted library allocation
|
page read and write
|
||
|
2BB7000
|
trusted library allocation
|
page read and write
|
||
|
5005000
|
trusted library allocation
|
page read and write
|
||
|
3B52000
|
trusted library allocation
|
page read and write
|
||
|
FC0000
|
trusted library allocation
|
page read and write
|
||
|
FE0000
|
trusted library allocation
|
page read and write
|
||
|
753D000
|
stack
|
page read and write
|
||
|
2CCF000
|
trusted library allocation
|
page read and write
|
||
|
7AB0000
|
heap
|
page read and write
|
||
|
80FD000
|
stack
|
page read and write
|
||
|
5F32000
|
trusted library allocation
|
page read and write
|
||
|
7E5000
|
heap
|
page read and write
|
||
|
767D000
|
stack
|
page read and write
|
||
|
62DE000
|
stack
|
page read and write
|
||
|
6C00000
|
trusted library allocation
|
page execute and read and write
|
||
|
61AE000
|
stack
|
page read and write
|
||
|
51F0000
|
heap
|
page execute and read and write
|
||
|
5F48000
|
trusted library allocation
|
page read and write
|
||
|
4F43000
|
trusted library allocation
|
page read and write
|
||
|
2DA5000
|
trusted library allocation
|
page read and write
|
||
|
4B6D000
|
stack
|
page read and write
|
||
|
5080000
|
heap
|
page read and write
|
||
|
51E4000
|
trusted library allocation
|
page read and write
|
||
|
FF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7199000
|
stack
|
page read and write
|
||
|
7AD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7A60000
|
trusted library allocation
|
page read and write
|
||
|
604F000
|
heap
|
page read and write
|
||
|
5CEE000
|
stack
|
page read and write
|
||
|
641E000
|
stack
|
page read and write
|
||
|
2D8C000
|
trusted library allocation
|
page read and write
|
||
|
100B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C3F000
|
trusted library allocation
|
page read and write
|
||
|
61D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7AC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7080000
|
heap
|
page read and write
|
||
|
72DC000
|
stack
|
page read and write
|
||
|
5F30000
|
trusted library allocation
|
page read and write
|
||
|
E6E000
|
stack
|
page read and write
|
||
|
D67000
|
heap
|
page read and write
|
||
|
287E000
|
stack
|
page read and write
|
||
|
1007000
|
trusted library allocation
|
page execute and read and write
|
||
|
53C0000
|
trusted library allocation
|
page read and write
|
||
|
3BE8000
|
trusted library allocation
|
page read and write
|
||
|
3B1A000
|
trusted library allocation
|
page read and write
|
||
|
2D1D000
|
trusted library allocation
|
page read and write
|
||
|
6E8B000
|
stack
|
page read and write
|
||
|
3AF9000
|
trusted library allocation
|
page read and write
|
||
|
3094000
|
trusted library allocation
|
page read and write
|
||
|
3B25000
|
trusted library allocation
|
page read and write
|
||
|
1060000
|
trusted library allocation
|
page execute and read and write
|
||
|
7090000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B94000
|
trusted library allocation
|
page read and write
|
||
|
1000000
|
trusted library allocation
|
page read and write
|
||
|
527D000
|
stack
|
page read and write
|
||
|
3BD8000
|
trusted library allocation
|
page read and write
|
||
|
7A8E000
|
trusted library section
|
page read and write
|
||
|
3B06000
|
trusted library allocation
|
page read and write
|
||
|
5070000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D93000
|
trusted library allocation
|
page read and write
|
||
|
3B32000
|
trusted library allocation
|
page read and write
|
||
|
FF0000
|
trusted library allocation
|
page read and write
|
||
|
3B71000
|
trusted library allocation
|
page read and write
|
||
|
52FD000
|
stack
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
5310000
|
trusted library allocation
|
page read and write
|
||
|
BB2000
|
heap
|
page read and write
|
||
|
3080000
|
trusted library allocation
|
page read and write
|
||
|
FFA000
|
trusted library allocation
|
page execute and read and write
|
||
|
AF8000
|
stack
|
page read and write
|
||
|
4FF0000
|
trusted library allocation
|
page read and write
|
||
|
6004000
|
heap
|
page read and write
|
||
|
4F40000
|
trusted library allocation
|
page read and write
|
||
|
743D000
|
stack
|
page read and write
|
||
|
3B77000
|
trusted library allocation
|
page read and write
|
||
|
5000000
|
trusted library allocation
|
page read and write
|
||
|
2D53000
|
trusted library allocation
|
page read and write
|
||
|
60C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
616E000
|
stack
|
page read and write
|
||
|
1097000
|
heap
|
page read and write
|
||
|
5F5A000
|
trusted library allocation
|
page read and write
|
||
|
28BC000
|
stack
|
page read and write
|
||
|
704A000
|
stack
|
page read and write
|
||
|
305F000
|
trusted library allocation
|
page read and write
|
||
|
4EDE000
|
trusted library allocation
|
page read and write
|
||
|
78FE000
|
stack
|
page read and write
|
||
|
2C46000
|
trusted library allocation
|
page read and write
|
||
|
603B000
|
heap
|
page read and write
|
||
|
2BD0000
|
trusted library allocation
|
page read and write
|
||
|
6BE0000
|
trusted library section
|
page read and write
|
||
|
4FFB000
|
trusted library allocation
|
page read and write
|
||
|
4F00000
|
trusted library allocation
|
page read and write
|
||
|
3B6E000
|
trusted library allocation
|
page read and write
|
||
|
FF2000
|
trusted library allocation
|
page read and write
|
||
|
7B10000
|
heap
|
page read and write
|
||
|
2AC8000
|
trusted library allocation
|
page read and write
|
||
|
6D61000
|
trusted library allocation
|
page read and write
|
||
|
7F310000
|
trusted library allocation
|
page execute and read and write
|
||
|
5F4F000
|
trusted library allocation
|
page read and write
|
||
|
2DBB000
|
trusted library allocation
|
page read and write
|
||
|
3B6C000
|
trusted library allocation
|
page read and write
|
||
|
5FB4000
|
heap
|
page read and write
|
||
|
7B22000
|
heap
|
page read and write
|
||
|
7FFF000
|
stack
|
page read and write
|
||
|
B0E000
|
heap
|
page read and write
|
||
|
5FA2000
|
heap
|
page read and write
|
||
|
605A000
|
heap
|
page read and write
|
||
|
FAE000
|
stack
|
page read and write
|
||
|
6D80000
|
trusted library allocation
|
page execute and read and write
|
||
|
49D0000
|
trusted library allocation
|
page read and write
|
||
|
EAE000
|
stack
|
page read and write
|
||
|
5083000
|
heap
|
page read and write
|
||
|
2C10000
|
trusted library allocation
|
page read and write
|
||
|
2F86000
|
trusted library allocation
|
page read and write
|
||
|
5FBC000
|
heap
|
page read and write
|
||
|
5300000
|
trusted library allocation
|
page read and write
|
||
|
5EEE000
|
stack
|
page read and write
|
||
|
6120000
|
trusted library allocation
|
page execute and read and write
|
||
|
7A5E000
|
stack
|
page read and write
|
||
|
6A8C000
|
stack
|
page read and write
|
||
|
FD4000
|
trusted library allocation
|
page read and write
|
||
|
6D1C000
|
stack
|
page read and write
|
||
|
6100000
|
trusted library allocation
|
page read and write
|
||
|
7070000
|
trusted library allocation
|
page read and write
|
||
|
7A81000
|
trusted library section
|
page read and write
|
||
|
1070000
|
trusted library allocation
|
page read and write
|
||
|
2C6E000
|
trusted library allocation
|
page read and write
|
||
|
2C18000
|
trusted library allocation
|
page read and write
|
||
|
29D1000
|
trusted library allocation
|
page read and write
|
||
|
3B5F000
|
trusted library allocation
|
page read and write
|
||
|
72E0000
|
heap
|
page read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
5F5F000
|
trusted library allocation
|
page read and write
|
||
|
5F55000
|
trusted library allocation
|
page read and write
|
||
|
4ECE000
|
trusted library allocation
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
4F09000
|
trusted library allocation
|
page read and write
|
||
|
2CAC000
|
trusted library allocation
|
page read and write
|
||
|
2B62000
|
trusted library allocation
|
page read and write
|
||
|
1030000
|
heap
|
page read and write
|
||
|
4F18000
|
trusted library allocation
|
page read and write
|
||
|
30A2000
|
trusted library allocation
|
page read and write
|
||
|
6A90000
|
trusted library allocation
|
page execute and read and write
|
||
|
3AD5000
|
trusted library allocation
|
page read and write
|
||
|
1005000
|
trusted library allocation
|
page execute and read and write
|
||
|
5320000
|
trusted library allocation
|
page read and write
|
||
|
4EDA000
|
trusted library allocation
|
page read and write
|
||
|
D3E000
|
stack
|
page read and write
|
||
|
4EB0000
|
trusted library allocation
|
page read and write
|
||
|
6ADB000
|
stack
|
page read and write
|
||
|
6C10000
|
trusted library allocation
|
page read and write
|
||
|
1050000
|
heap
|
page execute and read and write
|
||
|
51E0000
|
trusted library allocation
|
page read and write
|
||
|
FD3000
|
trusted library allocation
|
page execute and read and write
|
||
|
3B4C000
|
trusted library allocation
|
page read and write
|
||
|
308B000
|
trusted library allocation
|
page read and write
|
||
|
53C2000
|
trusted library allocation
|
page read and write
|
||
|
3B68000
|
trusted library allocation
|
page read and write
|
||
|
6430000
|
trusted library allocation
|
page read and write
|
||
|
4F20000
|
trusted library allocation
|
page read and write
|
||
|
1090000
|
heap
|
page read and write
|
||
|
FD0000
|
trusted library allocation
|
page read and write
|
||
|
306D000
|
trusted library allocation
|
page read and write
|
||
|
6BDD000
|
stack
|
page read and write
|
||
|
6070000
|
trusted library allocation
|
page read and write
|
||
|
6D70000
|
trusted library allocation
|
page read and write
|
||
|
60E1000
|
trusted library allocation
|
page read and write
|
||
|
55DD000
|
stack
|
page read and write
|
||
|
7DC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DAB000
|
trusted library allocation
|
page read and write
|
||
|
4F10000
|
trusted library allocation
|
page read and write
|
||
|
2D65000
|
trusted library allocation
|
page read and write
|
||
|
3AED000
|
trusted library allocation
|
page read and write
|
||
|
2DB0000
|
trusted library allocation
|
page read and write
|
||
|
7B00000
|
heap
|
page read and write
|
||
|
2D7F000
|
trusted library allocation
|
page read and write
|
||
|
51DE000
|
stack
|
page read and write
|
||
|
2DC6000
|
trusted library allocation
|
page read and write
|
||
|
640000
|
unkown
|
page readonly
|
||
|
2C58000
|
trusted library allocation
|
page read and write
|
||
|
2D9F000
|
trusted library allocation
|
page read and write
|
||
|
B95000
|
heap
|
page read and write
|
||
|
2CE5000
|
trusted library allocation
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
3BF5000
|
trusted library allocation
|
page read and write
|
||
|
3B13000
|
trusted library allocation
|
page read and write
|
||
|
3B2C000
|
trusted library allocation
|
page read and write
|
||
|
63DE000
|
stack
|
page read and write
|
||
|
7DF0000
|
heap
|
page read and write
|
||
|
8100000
|
trusted library allocation
|
page read and write
|
||
|
81BA000
|
heap
|
page read and write
|
||
|
2E97000
|
trusted library allocation
|
page read and write
|
||
|
30A0000
|
trusted library allocation
|
page read and write
|
||
|
B41000
|
heap
|
page read and write
|
||
|
4EE1000
|
trusted library allocation
|
page read and write
|
||
|
1080000
|
trusted library allocation
|
page read and write
|
||
|
2B1A000
|
trusted library allocation
|
page read and write
|
||
|
61C0000
|
trusted library allocation
|
page read and write
|
||
|
2D5D000
|
trusted library allocation
|
page read and write
|
||
|
3B37000
|
trusted library allocation
|
page read and write
|
||
|
7A68000
|
trusted library allocation
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
6025000
|
heap
|
page read and write
|
||
|
3BDC000
|
trusted library allocation
|
page read and write
|
||
|
6080000
|
trusted library allocation
|
page read and write
|
||
|
7AF0000
|
trusted library allocation
|
page read and write
|
||
|
81B0000
|
heap
|
page read and write
|
||
|
5F39000
|
trusted library allocation
|
page read and write
|
||
|
79B000
|
stack
|
page read and write
|
||
|
6090000
|
trusted library allocation
|
page read and write
|
||
|
3B59000
|
trusted library allocation
|
page read and write
|
||
|
7A8B000
|
trusted library section
|
page read and write
|
||
|
561C000
|
stack
|
page read and write
|
||
|
3078000
|
trusted library allocation
|
page read and write
|
||
|
81CC000
|
heap
|
page read and write
|
||
|
4F46000
|
trusted library allocation
|
page read and write
|
||
|
3B63000
|
trusted library allocation
|
page read and write
|
||
|
2B09000
|
trusted library allocation
|
page read and write
|
||
|
2AC4000
|
trusted library allocation
|
page read and write
|
||
|
2B6D000
|
trusted library allocation
|
page read and write
|
||
|
72F0000
|
trusted library allocation
|
page read and write
|
||
|
7DBD000
|
stack
|
page read and write
|
||
|
2C5E000
|
trusted library allocation
|
page read and write
|
||
|
7300000
|
heap
|
page read and write
|
||
|
FED000
|
trusted library allocation
|
page execute and read and write
|
||
|
4ECB000
|
trusted library allocation
|
page read and write
|
||
|
49D8000
|
trusted library allocation
|
page read and write
|
||
|
309D000
|
trusted library allocation
|
page read and write
|
||
|
29CE000
|
stack
|
page read and write
|
||
|
537E000
|
stack
|
page read and write
|
||
|
77FE000
|
stack
|
page read and write
|
||
|
6060000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CF1000
|
trusted library allocation
|
page read and write
|
||
|
3B7B000
|
trusted library allocation
|
page read and write
|
||
|
601F000
|
heap
|
page read and write
|
||
|
519E000
|
stack
|
page read and write
|
||
|
1002000
|
trusted library allocation
|
page read and write
|
||
|
1020000
|
trusted library allocation
|
page read and write
|
||
|
2C63000
|
trusted library allocation
|
page read and write
|
||
|
3054000
|
trusted library allocation
|
page read and write
|
||
|
506D000
|
stack
|
page read and write
|
||
|
5F78000
|
heap
|
page read and write
|
||
|
304A000
|
trusted library allocation
|
page read and write
|
||
|
4EE6000
|
trusted library allocation
|
page read and write
|
||
|
B34000
|
heap
|
page read and write
|
||
|
81BD000
|
heap
|
page read and write
|
||
|
795B000
|
stack
|
page read and write
|
||
|
7310000
|
heap
|
page read and write
|
||
|
757D000
|
stack
|
page read and write
|
||
|
71DD000
|
stack
|
page read and write
|
||
|
7A70000
|
trusted library allocation
|
page execute and read and write
|
||
|
5DED000
|
stack
|
page read and write
|
||
|
2D72000
|
trusted library allocation
|
page read and write
|
||
|
5F35000
|
trusted library allocation
|
page read and write
|
||
|
3ACD000
|
trusted library allocation
|
page read and write
|
||
|
5F60000
|
heap
|
page read and write
|
||
|
B9F000
|
heap
|
page read and write
|
There are 265 hidden memdumps, click here to show them.