Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
z2PaymentAdviceD00772795264733.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\z2PaymentAdviceD00772795264733.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmpB018.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\YDKFDa.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\YDKFDa.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_z2PaymentAdviceD_164c51a5d229aa518dd17c3de4a35bd70dfff2c_68d82f61_79e08b0e-ca07-4f91-a818-252224a5049e\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD37F.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Nov 21 06:02:26 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD3DD.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD40D.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\YDKFDa.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_10jtw2tl.eau.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3j4yt0gt.tnp.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5gsnvkha.2o3.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bj43j0zf.ymy.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ljsnq2wn.jtt.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qdv1ryt4.f03.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t45vent5.t15.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wxlrcx5r.fbs.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpCA38.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 11 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\z2PaymentAdviceD00772795264733.exe
|
"C:\Users\user\Desktop\z2PaymentAdviceD00772795264733.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\z2PaymentAdviceD00772795264733.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\YDKFDa.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\YDKFDa" /XML "C:\Users\user\AppData\Local\Temp\tmpB018.tmp"
|
|
|
|
C:\Users\user\Desktop\z2PaymentAdviceD00772795264733.exe
|
"C:\Users\user\Desktop\z2PaymentAdviceD00772795264733.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\YDKFDa.exe
|
C:\Users\user\AppData\Roaming\YDKFDa.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\YDKFDa" /XML "C:\Users\user\AppData\Local\Temp\tmpCA38.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\YDKFDa.exe
|
"C:\Users\user\AppData\Roaming\YDKFDa.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 196
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://tempuri.org/ianiDataSet2.xsdM
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://tempuri.org/ianiDataSet.xsd
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://www.typography.netD
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
http://tempuri.org/ianiDataSet1.xsd
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
There are 20 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{1ebbb459-a112-a2dc-1919-69e26dc4c92d}\Root\InventoryApplicationFile\z2paymentadviced|b93a06365e1f1933
|
ProgramId
|
||
|
\REGISTRY\A\{1ebbb459-a112-a2dc-1919-69e26dc4c92d}\Root\InventoryApplicationFile\z2paymentadviced|b93a06365e1f1933
|
FileId
|
||
|
\REGISTRY\A\{1ebbb459-a112-a2dc-1919-69e26dc4c92d}\Root\InventoryApplicationFile\z2paymentadviced|b93a06365e1f1933
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{1ebbb459-a112-a2dc-1919-69e26dc4c92d}\Root\InventoryApplicationFile\z2paymentadviced|b93a06365e1f1933
|
LongPathHash
|
||
|
\REGISTRY\A\{1ebbb459-a112-a2dc-1919-69e26dc4c92d}\Root\InventoryApplicationFile\z2paymentadviced|b93a06365e1f1933
|
Name
|
||
|
\REGISTRY\A\{1ebbb459-a112-a2dc-1919-69e26dc4c92d}\Root\InventoryApplicationFile\z2paymentadviced|b93a06365e1f1933
|
OriginalFileName
|
||
|
\REGISTRY\A\{1ebbb459-a112-a2dc-1919-69e26dc4c92d}\Root\InventoryApplicationFile\z2paymentadviced|b93a06365e1f1933
|
Publisher
|
||
|
\REGISTRY\A\{1ebbb459-a112-a2dc-1919-69e26dc4c92d}\Root\InventoryApplicationFile\z2paymentadviced|b93a06365e1f1933
|
Version
|
||
|
\REGISTRY\A\{1ebbb459-a112-a2dc-1919-69e26dc4c92d}\Root\InventoryApplicationFile\z2paymentadviced|b93a06365e1f1933
|
BinFileVersion
|
||
|
\REGISTRY\A\{1ebbb459-a112-a2dc-1919-69e26dc4c92d}\Root\InventoryApplicationFile\z2paymentadviced|b93a06365e1f1933
|
BinaryType
|
||
|
\REGISTRY\A\{1ebbb459-a112-a2dc-1919-69e26dc4c92d}\Root\InventoryApplicationFile\z2paymentadviced|b93a06365e1f1933
|
ProductName
|
||
|
\REGISTRY\A\{1ebbb459-a112-a2dc-1919-69e26dc4c92d}\Root\InventoryApplicationFile\z2paymentadviced|b93a06365e1f1933
|
ProductVersion
|
||
|
\REGISTRY\A\{1ebbb459-a112-a2dc-1919-69e26dc4c92d}\Root\InventoryApplicationFile\z2paymentadviced|b93a06365e1f1933
|
LinkDate
|
||
|
\REGISTRY\A\{1ebbb459-a112-a2dc-1919-69e26dc4c92d}\Root\InventoryApplicationFile\z2paymentadviced|b93a06365e1f1933
|
BinProductVersion
|
||
|
\REGISTRY\A\{1ebbb459-a112-a2dc-1919-69e26dc4c92d}\Root\InventoryApplicationFile\z2paymentadviced|b93a06365e1f1933
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{1ebbb459-a112-a2dc-1919-69e26dc4c92d}\Root\InventoryApplicationFile\z2paymentadviced|b93a06365e1f1933
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{1ebbb459-a112-a2dc-1919-69e26dc4c92d}\Root\InventoryApplicationFile\z2paymentadviced|b93a06365e1f1933
|
Size
|
||
|
\REGISTRY\A\{1ebbb459-a112-a2dc-1919-69e26dc4c92d}\Root\InventoryApplicationFile\z2paymentadviced|b93a06365e1f1933
|
Language
|
||
|
\REGISTRY\A\{1ebbb459-a112-a2dc-1919-69e26dc4c92d}\Root\InventoryApplicationFile\z2paymentadviced|b93a06365e1f1933
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 11 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
15B0000
|
direct allocation
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
CEE000
|
stack
|
page read and write
|
||
|
4E90000
|
trusted library allocation
|
page read and write
|
||
|
A1CD000
|
stack
|
page read and write
|
||
|
4EA0000
|
trusted library allocation
|
page read and write
|
||
|
9ECE000
|
stack
|
page read and write
|
||
|
6C20000
|
trusted library allocation
|
page read and write
|
||
|
AA2E000
|
stack
|
page read and write
|
||
|
5E7000
|
stack
|
page read and write
|
||
|
CA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
15AD000
|
direct allocation
|
page execute and read and write
|
||
|
1D4D000
|
direct allocation
|
page execute and read and write
|
||
|
13A2000
|
direct allocation
|
page execute and read and write
|
||
|
4D03000
|
heap
|
page read and write
|
||
|
4FC0000
|
heap
|
page read and write
|
||
|
6AEE000
|
stack
|
page read and write
|
||
|
10DD000
|
stack
|
page read and write
|
||
|
4F40000
|
trusted library section
|
page readonly
|
||
|
53A0000
|
trusted library section
|
page read and write
|
||
|
5970000
|
heap
|
page read and write
|
||
|
2A4B000
|
trusted library allocation
|
page read and write
|
||
|
A0FC000
|
stack
|
page read and write
|
||
|
943000
|
trusted library allocation
|
page read and write
|
||
|
BB0000
|
trusted library allocation
|
page read and write
|
||
|
285D000
|
trusted library allocation
|
page read and write
|
||
|
3779000
|
trusted library allocation
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
A64E000
|
stack
|
page read and write
|
||
|
95A000
|
trusted library allocation
|
page execute and read and write
|
||
|
5B40000
|
heap
|
page read and write
|
||
|
4CF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
A23E000
|
stack
|
page read and write
|
||
|
CFC000
|
stack
|
page read and write
|
||
|
A8EC000
|
stack
|
page read and write
|
||
|
329E000
|
stack
|
page read and write
|
||
|
263D000
|
trusted library allocation
|
page read and write
|
||
|
276F000
|
stack
|
page read and write
|
||
|
8AE000
|
stack
|
page read and write
|
||
|
933000
|
trusted library allocation
|
page execute and read and write
|
||
|
74CE000
|
stack
|
page read and write
|
||
|
6870000
|
heap
|
page read and write
|
||
|
967000
|
stack
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
C4E000
|
heap
|
page read and write
|
||
|
2656000
|
trusted library allocation
|
page read and write
|
||
|
1360000
|
direct allocation
|
page execute and read and write
|
||
|
9FFB000
|
stack
|
page read and write
|
||
|
2F0A000
|
stack
|
page read and write
|
||
|
2600000
|
trusted library allocation
|
page read and write
|
||
|
750D000
|
stack
|
page read and write
|
||
|
5290000
|
heap
|
page read and write
|
||
|
5960000
|
heap
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
2ACD000
|
trusted library allocation
|
page read and write
|
||
|
987F000
|
stack
|
page read and write
|
||
|
25F0000
|
trusted library allocation
|
page read and write
|
||
|
A1D0000
|
heap
|
page read and write
|
||
|
4ED0000
|
trusted library allocation
|
page read and write
|
||
|
8D5000
|
heap
|
page read and write
|
||
|
930000
|
trusted library allocation
|
page read and write
|
||
|
3ACC000
|
trusted library allocation
|
page read and write
|
||
|
2821000
|
trusted library allocation
|
page read and write
|
||
|
73AE000
|
stack
|
page read and write
|
||
|
4EB0000
|
heap
|
page execute and read and write
|
||
|
195E000
|
stack
|
page read and write
|
||
|
1366000
|
direct allocation
|
page execute and read and write
|
||
|
4E72000
|
trusted library allocation
|
page read and write
|
||
|
70B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
76AE000
|
stack
|
page read and write
|
||
|
262E000
|
trusted library allocation
|
page read and write
|
||
|
3C27000
|
trusted library allocation
|
page read and write
|
||
|
2771000
|
trusted library allocation
|
page read and write
|
||
|
A40E000
|
stack
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
C5F000
|
stack
|
page read and write
|
||
|
490B000
|
stack
|
page read and write
|
||
|
5170000
|
trusted library allocation
|
page execute and read and write
|
||
|
4EF5000
|
heap
|
page read and write
|
||
|
7050000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FD0000
|
heap
|
page read and write
|
||
|
2F2A000
|
stack
|
page read and write
|
||
|
4E0000
|
unkown
|
page readonly
|
||
|
6F50000
|
heap
|
page read and write
|
||
|
12E0000
|
direct allocation
|
page execute and read and write
|
||
|
29BF000
|
stack
|
page read and write
|
||
|
2FBE000
|
unkown
|
page read and write
|
||
|
599E000
|
heap
|
page read and write
|
||
|
C9E000
|
stack
|
page read and write
|
||
|
962000
|
trusted library allocation
|
page read and write
|
||
|
96B000
|
trusted library allocation
|
page execute and read and write
|
||
|
9AFD000
|
stack
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
6AA0000
|
trusted library allocation
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
EEE000
|
stack
|
page read and write
|
||
|
A380000
|
trusted library allocation
|
page read and write
|
||
|
28B0000
|
heap
|
page read and write
|
||
|
9FCE000
|
stack
|
page read and write
|
||
|
6C30000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FFE000
|
unkown
|
page read and write
|
||
|
1570000
|
heap
|
page read and write
|
||
|
5190000
|
heap
|
page read and write
|
||
|
5180000
|
heap
|
page read and write
|
||
|
70FE000
|
stack
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
6A90000
|
trusted library allocation
|
page execute and read and write
|
||
|
A0CE000
|
stack
|
page read and write
|
||
|
12E7000
|
direct allocation
|
page execute and read and write
|
||
|
98BE000
|
stack
|
page read and write
|
||
|
34E0000
|
heap
|
page read and write
|
||
|
4F3B000
|
stack
|
page read and write
|
||
|
C03000
|
heap
|
page read and write
|
||
|
8B7000
|
heap
|
page read and write
|
||
|
78BE000
|
stack
|
page read and write
|
||
|
B9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6A80000
|
trusted library allocation
|
page read and write
|
||
|
29C1000
|
trusted library allocation
|
page read and write
|
||
|
2880000
|
trusted library allocation
|
page read and write
|
||
|
52B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
980000
|
trusted library allocation
|
page read and write
|
||
|
4E9000
|
stack
|
page read and write
|
||
|
282D000
|
trusted library allocation
|
page read and write
|
||
|
99FD000
|
stack
|
page read and write
|
||
|
6B50000
|
trusted library allocation
|
page read and write
|
||
|
2856000
|
trusted library allocation
|
page read and write
|
||
|
1420000
|
heap
|
page read and write
|
||
|
A92E000
|
stack
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
3760000
|
heap
|
page read and write
|
||
|
93D000
|
trusted library allocation
|
page execute and read and write
|
||
|
11DD000
|
stack
|
page read and write
|
||
|
2610000
|
trusted library allocation
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
A54E000
|
stack
|
page read and write
|
||
|
FB7000
|
heap
|
page read and write
|
||
|
BA3000
|
trusted library allocation
|
page read and write
|
||
|
99BE000
|
stack
|
page read and write
|
||
|
A31000
|
heap
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
1BA9000
|
direct allocation
|
page execute and read and write
|
||
|
9C4000
|
heap
|
page read and write
|
||
|
9D3E000
|
stack
|
page read and write
|
||
|
3C69000
|
trusted library allocation
|
page read and write
|
||
|
BB6000
|
trusted library allocation
|
page execute and read and write
|
||
|
76B0000
|
heap
|
page read and write
|
||
|
4C70000
|
trusted library allocation
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
7400000
|
trusted library section
|
page read and write
|
||
|
3A42000
|
trusted library allocation
|
page read and write
|
||
|
39B7000
|
trusted library allocation
|
page read and write
|
||
|
7060000
|
trusted library allocation
|
page read and write
|
||
|
B3E000
|
stack
|
page read and write
|
||
|
9FBE000
|
stack
|
page read and write
|
||
|
BCE000
|
heap
|
page read and write
|
||
|
C5B000
|
heap
|
page read and write
|
||
|
BBA000
|
trusted library allocation
|
page execute and read and write
|
||
|
A4D000
|
heap
|
page read and write
|
||
|
4FD0000
|
heap
|
page read and write
|
||
|
15A0000
|
heap
|
page read and write
|
||
|
1D46000
|
direct allocation
|
page execute and read and write
|
||
|
C0B000
|
heap
|
page read and write
|
||
|
9C3E000
|
stack
|
page read and write
|
||
|
6BEE000
|
stack
|
page read and write
|
||
|
6C2A000
|
trusted library allocation
|
page read and write
|
||
|
4C60000
|
trusted library allocation
|
page read and write
|
||
|
4778000
|
trusted library allocation
|
page read and write
|
||
|
920000
|
trusted library allocation
|
page read and write
|
||
|
2768000
|
trusted library allocation
|
page read and write
|
||
|
4E60000
|
heap
|
page read and write
|
||
|
2ECD000
|
stack
|
page read and write
|
||
|
B94000
|
trusted library allocation
|
page read and write
|
||
|
2851000
|
trusted library allocation
|
page read and write
|
||
|
1DC8000
|
direct allocation
|
page execute and read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
4FB0000
|
trusted library section
|
page readonly
|
||
|
687E000
|
heap
|
page read and write
|
||
|
1A80000
|
direct allocation
|
page execute and read and write
|
||
|
BE8000
|
heap
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
F3E000
|
stack
|
page read and write
|
||
|
4CE2000
|
trusted library allocation
|
page read and write
|
||
|
1C1E000
|
direct allocation
|
page execute and read and write
|
||
|
532D000
|
stack
|
page read and write
|
||
|
287B000
|
trusted library allocation
|
page read and write
|
||
|
1D31000
|
direct allocation
|
page execute and read and write
|
||
|
5180000
|
heap
|
page read and write
|
||
|
4F50000
|
trusted library allocation
|
page read and write
|
||
|
967000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FAB000
|
stack
|
page read and write
|
||
|
940000
|
trusted library allocation
|
page read and write
|
||
|
5280000
|
heap
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
7703000
|
heap
|
page read and write
|
||
|
3853000
|
trusted library allocation
|
page read and write
|
||
|
2A7D000
|
trusted library allocation
|
page read and write
|
||
|
977F000
|
stack
|
page read and write
|
||
|
380D000
|
trusted library allocation
|
page read and write
|
||
|
2631000
|
trusted library allocation
|
page read and write
|
||
|
86A000
|
stack
|
page read and write
|
||
|
A7EB000
|
stack
|
page read and write
|
||
|
1450000
|
heap
|
page read and write
|
||
|
A27E000
|
stack
|
page read and write
|
||
|
2636000
|
trusted library allocation
|
page read and write
|
||
|
754E000
|
stack
|
page read and write
|
||
|
2650000
|
trusted library allocation
|
page read and write
|
||
|
1A5F000
|
stack
|
page read and write
|
||
|
9EBE000
|
stack
|
page read and write
|
||
|
A3CF000
|
stack
|
page read and write
|
||
|
9D2000
|
heap
|
page read and write
|
||
|
AF5000
|
heap
|
page read and write
|
||
|
392D000
|
trusted library allocation
|
page read and write
|
||
|
2EED000
|
stack
|
page read and write
|
||
|
4CD0000
|
heap
|
page read and write
|
||
|
C01000
|
heap
|
page read and write
|
||
|
5B45000
|
heap
|
page read and write
|
||
|
28A0000
|
trusted library allocation
|
page read and write
|
||
|
6E3E000
|
stack
|
page read and write
|
||
|
9B00000
|
heap
|
page read and write
|
||
|
4E2000
|
unkown
|
page readonly
|
||
|
3771000
|
trusted library allocation
|
page read and write
|
||
|
2800000
|
trusted library allocation
|
page read and write
|
||
|
34AF000
|
stack
|
page read and write
|
||
|
2810000
|
trusted library allocation
|
page read and write
|
||
|
4C50000
|
trusted library allocation
|
page read and write
|
||
|
2FFF000
|
unkown
|
page read and write
|
||
|
2820000
|
heap
|
page execute and read and write
|
||
|
2A1A000
|
trusted library allocation
|
page read and write
|
||
|
4E20000
|
trusted library allocation
|
page read and write
|
||
|
C68000
|
heap
|
page read and write
|
||
|
59B0000
|
heap
|
page read and write
|
||
|
2654000
|
trusted library allocation
|
page read and write
|
||
|
1306000
|
direct allocation
|
page execute and read and write
|
||
|
BAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2870000
|
trusted library allocation
|
page read and write
|
||
|
4F44000
|
trusted library section
|
page readonly
|
||
|
BA0000
|
trusted library allocation
|
page read and write
|
||
|
C8C000
|
heap
|
page read and write
|
||
|
1627000
|
heap
|
page read and write
|
||
|
71AE000
|
stack
|
page read and write
|
||
|
4FF0000
|
heap
|
page execute and read and write
|
||
|
EF0000
|
trusted library allocation
|
page read and write
|
||
|
AA40000
|
trusted library allocation
|
page read and write
|
||
|
A50E000
|
stack
|
page read and write
|
||
|
A13E000
|
stack
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
BF5000
|
heap
|
page read and write
|
||
|
2830000
|
trusted library allocation
|
page read and write
|
||
|
39D7000
|
trusted library allocation
|
page read and write
|
||
|
4EF0000
|
heap
|
page read and write
|
||
|
42E000
|
remote allocation
|
page execute and read and write
|
||
|
C5D000
|
heap
|
page read and write
|
||
|
283B000
|
trusted library allocation
|
page read and write
|
||
|
28A5000
|
trusted library allocation
|
page read and write
|
||
|
FA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4ABC000
|
stack
|
page read and write
|
||
|
1409000
|
direct allocation
|
page execute and read and write
|
||
|
1620000
|
heap
|
page read and write
|
||
|
2890000
|
heap
|
page read and write
|
||
|
287D000
|
trusted library allocation
|
page read and write
|
||
|
2893000
|
heap
|
page read and write
|
||
|
1403000
|
direct allocation
|
page execute and read and write
|
||
|
4C90000
|
trusted library allocation
|
page read and write
|
||
|
77B0000
|
trusted library allocation
|
page read and write
|
||
|
39C1000
|
trusted library allocation
|
page read and write
|
||
|
6998000
|
heap
|
page read and write
|
||
|
1720000
|
heap
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
AA51000
|
trusted library allocation
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
6980000
|
heap
|
page read and write
|
||
|
156E000
|
stack
|
page read and write
|
||
|
DC7000
|
trusted library allocation
|
page execute and read and write
|
||
|
27CA000
|
trusted library allocation
|
page read and write
|
||
|
F7C000
|
stack
|
page read and write
|
||
|
98C000
|
stack
|
page read and write
|
||
|
956000
|
trusted library allocation
|
page execute and read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
25EF000
|
stack
|
page read and write
|
||
|
4E80000
|
trusted library allocation
|
page execute and read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
4CE0000
|
trusted library allocation
|
page read and write
|
||
|
32AA000
|
heap
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
75AE000
|
stack
|
page read and write
|
||
|
1591000
|
direct allocation
|
page execute and read and write
|
||
|
38DF000
|
trusted library allocation
|
page read and write
|
||
|
934000
|
trusted library allocation
|
page read and write
|
||
|
99E000
|
heap
|
page read and write
|
||
|
4C65000
|
trusted library allocation
|
page read and write
|
||
|
6DFE000
|
stack
|
page read and write
|
||
|
950000
|
trusted library allocation
|
page read and write
|
||
|
76C5000
|
heap
|
page read and write
|
||
|
323F000
|
unkown
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
4D00000
|
heap
|
page read and write
|
||
|
99A000
|
heap
|
page read and write
|
||
|
517D000
|
stack
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
DBE000
|
stack
|
page read and write
|
||
|
73EE000
|
stack
|
page read and write
|
||
|
261B000
|
trusted library allocation
|
page read and write
|
||
|
A37E000
|
stack
|
page read and write
|
||
|
1BAD000
|
direct allocation
|
page execute and read and write
|
||
|
2660000
|
heap
|
page execute and read and write
|
||
|
191F000
|
stack
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
3A1A000
|
trusted library allocation
|
page read and write
|
||
|
4E00000
|
trusted library allocation
|
page read and write
|
||
|
35E0000
|
heap
|
page read and write
|
||
|
94D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6C7E000
|
stack
|
page read and write
|
||
|
B93000
|
trusted library allocation
|
page execute and read and write
|
||
|
3350000
|
heap
|
page read and write
|
||
|
32A0000
|
heap
|
page read and write
|
||
|
15A6000
|
direct allocation
|
page execute and read and write
|
||
|
A391000
|
trusted library allocation
|
page read and write
|
||
|
6B72000
|
trusted library allocation
|
page read and write
|
||
|
B7E000
|
stack
|
page read and write
|
||
|
DC2000
|
trusted library allocation
|
page read and write
|
||
|
389A000
|
trusted library allocation
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
D2C000
|
stack
|
page read and write
|
||
|
4E70000
|
trusted library allocation
|
page read and write
|
||
|
284E000
|
trusted library allocation
|
page read and write
|
||
|
76DB000
|
heap
|
page read and write
|
||
|
39C9000
|
trusted library allocation
|
page read and write
|
||
|
70A0000
|
trusted library allocation
|
page read and write
|
||
|
34EB000
|
heap
|
page read and write
|
||
|
DCB000
|
trusted library allocation
|
page execute and read and write
|
There are 324 hidden memdumps, click here to show them.