Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
datasheet.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\datasheet.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmp43D7.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\rjBdvmaV.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\rjBdvmaV.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rjBdvmaV.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0odxasgc.us5.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bvisiq4t.l2b.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dznmcvfj.0vw.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_h3px5hxy.gii.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jjauzphc.mdy.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tyhg0xp4.m2z.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vsfqmzec.tjr.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x1yz35e1.3vz.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp5B67.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\datasheet.exe
|
"C:\Users\user\Desktop\datasheet.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\datasheet.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\rjBdvmaV.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\rjBdvmaV" /XML "C:\Users\user\AppData\Local\Temp\tmp43D7.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\rjBdvmaV.exe
|
C:\Users\user\AppData\Roaming\rjBdvmaV.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\rjBdvmaV" /XML "C:\Users\user\AppData\Local\Temp\tmp5B67.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 3 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.ipify.org/
|
104.26.13.205
|
||
|
http://microsoft.co3f
|
unknown
|
||
|
https://api.ipify.org
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
https://api.ipify.org/t
|
unknown
|
||
|
http://crl.gl
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://smtp.yandex.com
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
smtp.yandex.ru
|
77.88.21.158
|
||
|
api.ipify.org
|
104.26.13.205
|
||
|
smtp.yandex.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
77.88.21.158
|
smtp.yandex.ru
|
Russian Federation
|
||
|
104.26.13.205
|
api.ipify.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3F89000
|
trusted library allocation
|
page read and write
|
|
|
|
22CC000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
22A1000
|
trusted library allocation
|
page read and write
|
|
|
|
2BDB000
|
trusted library allocation
|
page read and write
|
|
|
|
3C97000
|
trusted library allocation
|
page read and write
|
||
|
77C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
169D000
|
trusted library allocation
|
page execute and read and write
|
||
|
9EDD000
|
stack
|
page read and write
|
||
|
499D000
|
trusted library allocation
|
page read and write
|
||
|
301B000
|
trusted library allocation
|
page read and write
|
||
|
56D0000
|
heap
|
page read and write
|
||
|
608E000
|
stack
|
page read and write
|
||
|
50B6000
|
trusted library allocation
|
page read and write
|
||
|
2134000
|
trusted library allocation
|
page read and write
|
||
|
12A0000
|
heap
|
page read and write
|
||
|
51B4000
|
heap
|
page read and write
|
||
|
81FF000
|
stack
|
page read and write
|
||
|
224F000
|
stack
|
page read and write
|
||
|
5430000
|
trusted library allocation
|
page read and write
|
||
|
5090000
|
trusted library allocation
|
page read and write
|
||
|
1170000
|
heap
|
page execute and read and write
|
||
|
498E000
|
trusted library allocation
|
page read and write
|
||
|
7B62000
|
trusted library allocation
|
page read and write
|
||
|
62E0000
|
heap
|
page read and write
|
||
|
35D9000
|
trusted library allocation
|
page read and write
|
||
|
2DF0000
|
heap
|
page execute and read and write
|
||
|
1120000
|
heap
|
page read and write
|
||
|
2A5B000
|
heap
|
page read and write
|
||
|
359D000
|
trusted library allocation
|
page read and write
|
||
|
54D0000
|
heap
|
page read and write
|
||
|
7C96000
|
trusted library allocation
|
page read and write
|
||
|
31FF000
|
stack
|
page read and write
|
||
|
A97E000
|
stack
|
page read and write
|
||
|
AB7E000
|
stack
|
page read and write
|
||
|
255A000
|
stack
|
page read and write
|
||
|
3D26000
|
trusted library allocation
|
page read and write
|
||
|
7A0000
|
trusted library allocation
|
page read and write
|
||
|
5D6D000
|
trusted library allocation
|
page read and write
|
||
|
2BD7000
|
trusted library allocation
|
page read and write
|
||
|
69C0000
|
heap
|
page read and write
|
||
|
AE2C000
|
stack
|
page read and write
|
||
|
2C0F000
|
trusted library allocation
|
page read and write
|
||
|
6E54000
|
trusted library allocation
|
page read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
595000
|
heap
|
page read and write
|
||
|
2E50000
|
trusted library allocation
|
page read and write
|
||
|
2F2A000
|
heap
|
page read and write
|
||
|
243F000
|
stack
|
page read and write
|
||
|
126B000
|
unkown
|
page read and write
|
||
|
13EE000
|
stack
|
page read and write
|
||
|
6A60000
|
heap
|
page read and write
|
||
|
3C57000
|
trusted library allocation
|
page read and write
|
||
|
2BCF000
|
trusted library allocation
|
page read and write
|
||
|
7F7000
|
trusted library allocation
|
page execute and read and write
|
||
|
1010000
|
heap
|
page read and write
|
||
|
5540000
|
trusted library allocation
|
page read and write
|
||
|
567000
|
stack
|
page read and write
|
||
|
2C6F000
|
trusted library allocation
|
page read and write
|
||
|
3C1F000
|
trusted library allocation
|
page read and write
|
||
|
2CF4000
|
trusted library allocation
|
page read and write
|
||
|
5482000
|
trusted library allocation
|
page read and write
|
||
|
6490000
|
trusted library allocation
|
page execute and read and write
|
||
|
53C0000
|
trusted library allocation
|
page read and write
|
||
|
DE4000
|
trusted library allocation
|
page read and write
|
||
|
98BD000
|
stack
|
page read and write
|
||
|
AA7E000
|
stack
|
page read and write
|
||
|
9ABE000
|
stack
|
page read and write
|
||
|
A840000
|
heap
|
page read and write
|
||
|
76A0000
|
heap
|
page read and write
|
||
|
62DF000
|
stack
|
page read and write
|
||
|
49A2000
|
trusted library allocation
|
page read and write
|
||
|
54BE000
|
stack
|
page read and write
|
||
|
B12E000
|
stack
|
page read and write
|
||
|
3524000
|
trusted library allocation
|
page read and write
|
||
|
3257000
|
trusted library allocation
|
page read and write
|
||
|
209E000
|
stack
|
page read and write
|
||
|
4974000
|
trusted library allocation
|
page read and write
|
||
|
4A00000
|
heap
|
page read and write
|
||
|
305E000
|
unkown
|
page read and write
|
||
|
B19E000
|
trusted library allocation
|
page read and write
|
||
|
4D9E000
|
stack
|
page read and write
|
||
|
5E60000
|
heap
|
page read and write
|
||
|
DFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D1E000
|
stack
|
page read and write
|
||
|
D90000
|
trusted library allocation
|
page read and write
|
||
|
1130000
|
heap
|
page read and write
|
||
|
64AD000
|
trusted library allocation
|
page read and write
|
||
|
2E5A000
|
trusted library allocation
|
page read and write
|
||
|
2E5D000
|
stack
|
page read and write
|
||
|
A40000
|
heap
|
page execute and read and write
|
||
|
20C0000
|
trusted library allocation
|
page read and write
|
||
|
5E6A000
|
heap
|
page read and write
|
||
|
5810000
|
heap
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
5D48000
|
trusted library allocation
|
page read and write
|
||
|
5564000
|
heap
|
page read and write
|
||
|
E0A000
|
trusted library allocation
|
page execute and read and write
|
||
|
6E00000
|
trusted library allocation
|
page read and write
|
||
|
4C8B000
|
stack
|
page read and write
|
||
|
B6C0000
|
trusted library allocation
|
page read and write
|
||
|
29EF000
|
stack
|
page read and write
|
||
|
4C5E000
|
stack
|
page read and write
|
||
|
1098000
|
heap
|
page read and write
|
||
|
10B7000
|
heap
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
E02000
|
trusted library allocation
|
page read and write
|
||
|
604F000
|
stack
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
997000
|
heap
|
page read and write
|
||
|
5E6E000
|
heap
|
page read and write
|
||
|
50A2000
|
trusted library allocation
|
page read and write
|
||
|
76B5000
|
heap
|
page read and write
|
||
|
1690000
|
trusted library allocation
|
page read and write
|
||
|
30F8000
|
trusted library allocation
|
page read and write
|
||
|
7EF000
|
stack
|
page read and write
|
||
|
5E80000
|
heap
|
page read and write
|
||
|
576E000
|
stack
|
page read and write
|
||
|
2C99000
|
trusted library allocation
|
page read and write
|
||
|
4910000
|
heap
|
page execute and read and write
|
||
|
5A25000
|
heap
|
page read and write
|
||
|
16B0000
|
trusted library allocation
|
page read and write
|
||
|
581D000
|
heap
|
page read and write
|
||
|
25C0000
|
heap
|
page read and write
|
||
|
64A0000
|
trusted library allocation
|
page read and write
|
||
|
509E000
|
trusted library allocation
|
page read and write
|
||
|
1684000
|
trusted library allocation
|
page read and write
|
||
|
247C000
|
stack
|
page read and write
|
||
|
109E000
|
heap
|
page read and write
|
||
|
1A8000
|
stack
|
page read and write
|
||
|
2480000
|
heap
|
page read and write
|
||
|
10D2000
|
heap
|
page read and write
|
||
|
44EE000
|
stack
|
page read and write
|
||
|
5486000
|
trusted library allocation
|
page read and write
|
||
|
56E0000
|
heap
|
page execute and read and write
|
||
|
1683000
|
trusted library allocation
|
page execute and read and write
|
||
|
6960000
|
trusted library allocation
|
page read and write
|
||
|
61DE000
|
stack
|
page read and write
|
||
|
4CC0000
|
heap
|
page read and write
|
||
|
7F2000
|
trusted library allocation
|
page read and write
|
||
|
11D0000
|
trusted library allocation
|
page read and write
|
||
|
4840000
|
trusted library allocation
|
page read and write
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
595E000
|
stack
|
page read and write
|
||
|
84BB000
|
stack
|
page read and write
|
||
|
2140000
|
heap
|
page read and write
|
||
|
5BFE000
|
stack
|
page read and write
|
||
|
842000
|
heap
|
page read and write
|
||
|
1FEA000
|
trusted library allocation
|
page execute and read and write
|
||
|
7B0000
|
trusted library allocation
|
page read and write
|
||
|
5D70000
|
trusted library allocation
|
page read and write
|
||
|
50AE000
|
trusted library allocation
|
page read and write
|
||
|
7A00000
|
trusted library allocation
|
page execute and read and write
|
||
|
65E0000
|
trusted library allocation
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
41C1000
|
trusted library allocation
|
page read and write
|
||
|
2010000
|
trusted library allocation
|
page read and write
|
||
|
5070000
|
heap
|
page read and write
|
||
|
112B000
|
heap
|
page read and write
|
||
|
3DD8000
|
trusted library allocation
|
page read and write
|
||
|
122B000
|
unkown
|
page read and write
|
||
|
106E000
|
stack
|
page read and write
|
||
|
636E000
|
stack
|
page read and write
|
||
|
6C50000
|
heap
|
page read and write
|
||
|
3B91000
|
trusted library allocation
|
page read and write
|
||
|
36D1000
|
trusted library allocation
|
page read and write
|
||
|
A30000
|
trusted library allocation
|
page read and write
|
||
|
57E000
|
stack
|
page read and write
|
||
|
4DDD000
|
stack
|
page read and write
|
||
|
5DBD000
|
stack
|
page read and write
|
||
|
5560000
|
trusted library allocation
|
page read and write
|
||
|
60E000
|
heap
|
page read and write
|
||
|
899000
|
heap
|
page read and write
|
||
|
7460000
|
heap
|
page read and write
|
||
|
2F05000
|
trusted library allocation
|
page read and write
|
||
|
3C77000
|
trusted library allocation
|
page read and write
|
||
|
76B1000
|
heap
|
page read and write
|
||
|
666000
|
heap
|
page read and write
|
||
|
53E6000
|
trusted library allocation
|
page read and write
|
||
|
229D000
|
trusted library allocation
|
page read and write
|
||
|
7D0000
|
trusted library allocation
|
page read and write
|
||
|
49D5000
|
trusted library allocation
|
page read and write
|
||
|
7C9E000
|
trusted library allocation
|
page read and write
|
||
|
4CB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
D86000
|
heap
|
page read and write
|
||
|
129E000
|
stack
|
page read and write
|
||
|
5C3E000
|
stack
|
page read and write
|
||
|
6BF7000
|
heap
|
page read and write
|
||
|
2505000
|
trusted library allocation
|
page read and write
|
||
|
3F81000
|
trusted library allocation
|
page read and write
|
||
|
60CE000
|
stack
|
page read and write
|
||
|
5410000
|
trusted library allocation
|
page read and write
|
||
|
56B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
E06000
|
trusted library allocation
|
page execute and read and write
|
||
|
7B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1020000
|
heap
|
page read and write
|
||
|
72E000
|
stack
|
page read and write
|
||
|
6D5E000
|
stack
|
page read and write
|
||
|
E28000
|
heap
|
page read and write
|
||
|
2F29000
|
trusted library allocation
|
page read and write
|
||
|
4A66000
|
trusted library allocation
|
page read and write
|
||
|
5D50000
|
trusted library allocation
|
page execute and read and write
|
||
|
64A8000
|
trusted library allocation
|
page read and write
|
||
|
3054000
|
trusted library allocation
|
page read and write
|
||
|
53E1000
|
trusted library allocation
|
page read and write
|
||
|
DB0000
|
trusted library allocation
|
page read and write
|
||
|
2FF5000
|
trusted library allocation
|
page read and write
|
||
|
8D8000
|
heap
|
page read and write
|
||
|
6DCE000
|
stack
|
page read and write
|
||
|
5B2E000
|
stack
|
page read and write
|
||
|
1FF7000
|
trusted library allocation
|
page execute and read and write
|
||
|
2120000
|
trusted library allocation
|
page read and write
|
||
|
7AA5000
|
trusted library allocation
|
page read and write
|
||
|
79CE000
|
stack
|
page read and write
|
||
|
9FDE000
|
stack
|
page read and write
|
||
|
56C0000
|
heap
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
49B6000
|
trusted library allocation
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
56A0000
|
heap
|
page read and write
|
||
|
759E000
|
stack
|
page read and write
|
||
|
29AE000
|
stack
|
page read and write
|
||
|
1FB0000
|
trusted library allocation
|
page read and write
|
||
|
2E3B000
|
stack
|
page read and write
|
||
|
69B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
51AE000
|
stack
|
page read and write
|
||
|
567B000
|
stack
|
page read and write
|
||
|
2ED9000
|
trusted library allocation
|
page read and write
|
||
|
631D000
|
stack
|
page read and write
|
||
|
16BB000
|
trusted library allocation
|
page execute and read and write
|
||
|
A9BE000
|
stack
|
page read and write
|
||
|
65CE000
|
stack
|
page read and write
|
||
|
1FE0000
|
trusted library allocation
|
page read and write
|
||
|
1680000
|
trusted library allocation
|
page read and write
|
||
|
2DE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
51D0000
|
heap
|
page read and write
|
||
|
5E4E000
|
stack
|
page read and write
|
||
|
AB000
|
stack
|
page read and write
|
||
|
D50000
|
heap
|
page read and write
|
||
|
46A000
|
stack
|
page read and write
|
||
|
9D9C000
|
stack
|
page read and write
|
||
|
6CF000
|
heap
|
page read and write
|
||
|
AF2C000
|
stack
|
page read and write
|
||
|
4996000
|
trusted library allocation
|
page read and write
|
||
|
49A0000
|
trusted library allocation
|
page read and write
|
||
|
5120000
|
heap
|
page execute and read and write
|
||
|
56FC000
|
stack
|
page read and write
|
||
|
4865000
|
trusted library allocation
|
page read and write
|
||
|
5960000
|
heap
|
page read and write
|
||
|
4844000
|
trusted library allocation
|
page read and write
|
||
|
E55000
|
heap
|
page read and write
|
||
|
658F000
|
stack
|
page read and write
|
||
|
6E50000
|
trusted library allocation
|
page read and write
|
||
|
2B8E000
|
stack
|
page read and write
|
||
|
1FFB000
|
trusted library allocation
|
page execute and read and write
|
||
|
22C6000
|
trusted library allocation
|
page read and write
|
||
|
F03000
|
heap
|
page read and write
|
||
|
434F000
|
stack
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
1FD0000
|
trusted library allocation
|
page read and write
|
||
|
2B91000
|
trusted library allocation
|
page read and write
|
||
|
5D3E000
|
stack
|
page read and write
|
||
|
596E000
|
stack
|
page read and write
|
||
|
507C000
|
stack
|
page read and write
|
||
|
592D000
|
stack
|
page read and write
|
||
|
370F000
|
trusted library allocation
|
page read and write
|
||
|
2F81000
|
trusted library allocation
|
page read and write
|
||
|
6E4000
|
heap
|
page read and write
|
||
|
8070000
|
trusted library section
|
page read and write
|
||
|
D97000
|
stack
|
page read and write
|
||
|
49C0000
|
trusted library allocation
|
page read and write
|
||
|
50B1000
|
trusted library allocation
|
page read and write
|
||
|
769E000
|
stack
|
page read and write
|
||
|
80E000
|
heap
|
page read and write
|
||
|
7C7000
|
heap
|
page read and write
|
||
|
287F000
|
unkown
|
page read and write
|
||
|
309E000
|
trusted library allocation
|
page read and write
|
||
|
4FA0000
|
trusted library allocation
|
page read and write
|
||
|
251D000
|
stack
|
page read and write
|
||
|
7B4000
|
trusted library allocation
|
page read and write
|
||
|
A20000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C49000
|
trusted library allocation
|
page read and write
|
||
|
31BE000
|
stack
|
page read and write
|
||
|
6E4E000
|
stack
|
page read and write
|
||
|
16A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FAE000
|
trusted library allocation
|
page read and write
|
||
|
7865000
|
trusted library allocation
|
page read and write
|
||
|
4D60000
|
heap
|
page read and write
|
||
|
4E80000
|
heap
|
page read and write
|
||
|
25D0000
|
heap
|
page read and write
|
||
|
DE0000
|
trusted library allocation
|
page read and write
|
||
|
4498000
|
trusted library allocation
|
page read and write
|
||
|
5558000
|
heap
|
page read and write
|
||
|
A11F000
|
stack
|
page read and write
|
||
|
4920000
|
heap
|
page read and write
|
||
|
53C4000
|
trusted library allocation
|
page read and write
|
||
|
4E5E000
|
stack
|
page read and write
|
||
|
7E6000
|
trusted library allocation
|
page execute and read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
4870000
|
trusted library allocation
|
page read and write
|
||
|
2A30000
|
heap
|
page read and write
|
||
|
2B9C000
|
trusted library allocation
|
page read and write
|
||
|
83BC000
|
stack
|
page read and write
|
||
|
6DB0000
|
heap
|
page read and write
|
||
|
1100000
|
trusted library allocation
|
page read and write
|
||
|
16A0000
|
trusted library allocation
|
page read and write
|
||
|
70DE000
|
stack
|
page read and write
|
||
|
25AA000
|
trusted library allocation
|
page read and write
|
||
|
49E0000
|
trusted library allocation
|
page read and write
|
||
|
2BCB000
|
trusted library allocation
|
page read and write
|
||
|
2C51000
|
trusted library allocation
|
page read and write
|
||
|
2E2F000
|
trusted library allocation
|
page read and write
|
||
|
50EE000
|
trusted library allocation
|
page read and write
|
||
|
7DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
5780000
|
heap
|
page read and write
|
||
|
5AFE000
|
stack
|
page read and write
|
||
|
2F00000
|
heap
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
2D44000
|
trusted library allocation
|
page read and write
|
||
|
615000
|
heap
|
page read and write
|
||
|
3D77000
|
trusted library allocation
|
page read and write
|
||
|
5A20000
|
heap
|
page read and write
|
||
|
1125000
|
heap
|
page read and write
|
||
|
22D4000
|
trusted library allocation
|
page read and write
|
||
|
69A0000
|
trusted library allocation
|
page read and write
|
||
|
E58000
|
heap
|
page read and write
|
||
|
72BE000
|
stack
|
page read and write
|
||
|
77A0000
|
trusted library allocation
|
page read and write
|
||
|
7D3000
|
trusted library allocation
|
page read and write
|
||
|
1FC0000
|
trusted library allocation
|
page read and write
|
||
|
7EA000
|
trusted library allocation
|
page execute and read and write
|
||
|
7F9F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
51C0000
|
heap
|
page read and write
|
||
|
5F8000
|
heap
|
page read and write
|
||
|
228F000
|
trusted library allocation
|
page read and write
|
||
|
64B7000
|
trusted library allocation
|
page read and write
|
||
|
97A000
|
stack
|
page read and write
|
||
|
3630000
|
trusted library allocation
|
page read and write
|
||
|
16D0000
|
trusted library allocation
|
page read and write
|
||
|
61A000
|
heap
|
page read and write
|
||
|
E15000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A50000
|
heap
|
page read and write
|
||
|
566E000
|
stack
|
page read and write
|
||
|
54DE000
|
heap
|
page read and write
|
||
|
2C4D000
|
trusted library allocation
|
page read and write
|
||
|
4E9D000
|
stack
|
page read and write
|
||
|
36B1000
|
trusted library allocation
|
page read and write
|
||
|
4859000
|
trusted library allocation
|
page read and write
|
||
|
5740000
|
trusted library allocation
|
page read and write
|
||
|
1FF2000
|
trusted library allocation
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
B199000
|
trusted library allocation
|
page read and write
|
||
|
E00000
|
trusted library allocation
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
624000
|
heap
|
page read and write
|
||
|
D55000
|
heap
|
page read and write
|
||
|
585E000
|
stack
|
page read and write
|
||
|
A130000
|
trusted library allocation
|
page execute and read and write
|
||
|
9E9C000
|
stack
|
page read and write
|
||
|
11BC000
|
stack
|
page read and write
|
||
|
A83D000
|
stack
|
page read and write
|
||
|
C9A000
|
stack
|
page read and write
|
||
|
1270000
|
trusted library allocation
|
page read and write
|
||
|
53F0000
|
trusted library allocation
|
page read and write
|
||
|
80A000
|
heap
|
page read and write
|
||
|
98C0000
|
heap
|
page read and write
|
||
|
2E80000
|
trusted library allocation
|
page read and write
|
||
|
49D0000
|
trusted library allocation
|
page read and write
|
||
|
DE5000
|
heap
|
page read and write
|
||
|
211C000
|
stack
|
page read and write
|
||
|
41FF000
|
trusted library allocation
|
page read and write
|
||
|
16A2000
|
trusted library allocation
|
page read and write
|
||
|
4834000
|
trusted library allocation
|
page read and write
|
||
|
6DBA000
|
heap
|
page read and write
|
||
|
3251000
|
trusted library allocation
|
page read and write
|
||
|
B196000
|
trusted library allocation
|
page read and write
|
||
|
1110000
|
trusted library allocation
|
page execute and read and write
|
||
|
49B4000
|
trusted library allocation
|
page read and write
|
||
|
7E0000
|
trusted library allocation
|
page read and write
|
||
|
10EC000
|
stack
|
page read and write
|
||
|
77B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FE2000
|
trusted library allocation
|
page read and write
|
||
|
64B0000
|
trusted library allocation
|
page read and write
|
||
|
684C000
|
stack
|
page read and write
|
||
|
E1B000
|
trusted library allocation
|
page execute and read and write
|
||
|
3023000
|
trusted library allocation
|
page read and write
|
||
|
2491000
|
trusted library allocation
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
2D95000
|
trusted library allocation
|
page read and write
|
||
|
30A0000
|
trusted library allocation
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
5470000
|
heap
|
page read and write
|
||
|
DF0000
|
trusted library allocation
|
page read and write
|
||
|
827000
|
heap
|
page read and write
|
||
|
10CF000
|
heap
|
page read and write
|
||
|
5F12000
|
heap
|
page read and write
|
||
|
5730000
|
trusted library allocation
|
page execute and read and write
|
||
|
6DC0000
|
trusted library allocation
|
page read and write
|
||
|
53ED000
|
trusted library allocation
|
page read and write
|
||
|
B5E000
|
stack
|
page read and write
|
||
|
4FB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4B1C000
|
stack
|
page read and write
|
||
|
1FCD000
|
trusted library allocation
|
page execute and read and write
|
||
|
5750000
|
heap
|
page read and write
|
||
|
3D57000
|
trusted library allocation
|
page read and write
|
||
|
5970000
|
heap
|
page read and write
|
||
|
22C8000
|
trusted library allocation
|
page read and write
|
||
|
B62000
|
unkown
|
page readonly
|
||
|
7C99000
|
trusted library allocation
|
page read and write
|
||
|
3BF7000
|
trusted library allocation
|
page read and write
|
||
|
1FF0000
|
trusted library allocation
|
page read and write
|
||
|
4C9E000
|
stack
|
page read and write
|
||
|
1090000
|
heap
|
page read and write
|
||
|
3360000
|
heap
|
page read and write
|
||
|
7810000
|
trusted library allocation
|
page read and write
|
||
|
DED000
|
trusted library allocation
|
page execute and read and write
|
||
|
509B000
|
trusted library allocation
|
page read and write
|
||
|
DE3000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D5E000
|
stack
|
page read and write
|
||
|
3499000
|
trusted library allocation
|
page read and write
|
||
|
50E0000
|
trusted library allocation
|
page read and write
|
||
|
2F20000
|
heap
|
page read and write
|
||
|
48CC000
|
stack
|
page read and write
|
||
|
61DE000
|
stack
|
page read and write
|
||
|
4F8D000
|
stack
|
page read and write
|
||
|
E4A000
|
heap
|
page read and write
|
||
|
4991000
|
trusted library allocation
|
page read and write
|
||
|
1FC3000
|
trusted library allocation
|
page execute and read and write
|
||
|
5690000
|
trusted library section
|
page readonly
|
||
|
676000
|
heap
|
page read and write
|
||
|
2BC2000
|
trusted library allocation
|
page read and write
|
||
|
16E8000
|
heap
|
page read and write
|
||
|
5573000
|
heap
|
page read and write
|
||
|
2136000
|
trusted library allocation
|
page read and write
|
||
|
116E000
|
stack
|
page read and write
|
||
|
712D000
|
stack
|
page read and write
|
||
|
50D4000
|
trusted library allocation
|
page read and write
|
||
|
4358000
|
trusted library allocation
|
page read and write
|
||
|
ACBF000
|
stack
|
page read and write
|
||
|
3BB9000
|
trusted library allocation
|
page read and write
|
||
|
A01E000
|
stack
|
page read and write
|
||
|
678F000
|
stack
|
page read and write
|
||
|
4B5E000
|
stack
|
page read and write
|
||
|
572B000
|
stack
|
page read and write
|
||
|
7E2000
|
trusted library allocation
|
page read and write
|
||
|
6314000
|
heap
|
page read and write
|
||
|
B02E000
|
stack
|
page read and write
|
||
|
12E0000
|
heap
|
page read and write
|
||
|
6A6E000
|
heap
|
page read and write
|
||
|
573C000
|
stack
|
page read and write
|
||
|
3C17000
|
trusted library allocation
|
page read and write
|
||
|
3D17000
|
trusted library allocation
|
page read and write
|
||
|
557F000
|
stack
|
page read and write
|
||
|
834000
|
heap
|
page read and write
|
||
|
6BD0000
|
heap
|
page read and write
|
||
|
462B000
|
stack
|
page read and write
|
||
|
2D6F000
|
trusted library allocation
|
page read and write
|
||
|
2BD3000
|
trusted library allocation
|
page read and write
|
||
|
5490000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C90000
|
trusted library allocation
|
page read and write
|
||
|
50BD000
|
trusted library allocation
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
EEA000
|
heap
|
page read and write
|
||
|
4900000
|
heap
|
page read and write
|
||
|
4970000
|
trusted library allocation
|
page read and write
|
||
|
62F0000
|
heap
|
page read and write
|
||
|
2E8A000
|
trusted library allocation
|
page read and write
|
||
|
5755000
|
heap
|
page read and write
|
||
|
1FE6000
|
trusted library allocation
|
page execute and read and write
|
||
|
37B3000
|
trusted library allocation
|
page read and write
|
||
|
2130000
|
trusted library allocation
|
page read and write
|
||
|
14EF000
|
stack
|
page read and write
|
||
|
4AA0000
|
trusted library allocation
|
page read and write
|
||
|
6480000
|
trusted library allocation
|
page read and write
|
||
|
3C37000
|
trusted library allocation
|
page read and write
|
||
|
5ABF000
|
stack
|
page read and write
|
||
|
6CB000
|
heap
|
page read and write
|
||
|
3732000
|
trusted library allocation
|
page read and write
|
||
|
4CA0000
|
trusted library section
|
page readonly
|
||
|
22D6000
|
trusted library allocation
|
page read and write
|
||
|
572E000
|
stack
|
page read and write
|
||
|
5F0D000
|
heap
|
page read and write
|
||
|
233E000
|
stack
|
page read and write
|
||
|
64FE000
|
stack
|
page read and write
|
||
|
5E1D000
|
stack
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
51B0000
|
heap
|
page read and write
|
||
|
2E40000
|
trusted library allocation
|
page read and write
|
||
|
3DB8000
|
trusted library allocation
|
page read and write
|
||
|
11E0000
|
heap
|
page read and write
|
||
|
9FF000
|
stack
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
2D48000
|
trusted library allocation
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
516C000
|
stack
|
page read and write
|
||
|
3CD7000
|
trusted library allocation
|
page read and write
|
||
|
20D0000
|
heap
|
page execute and read and write
|
||
|
694C000
|
stack
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
12C0000
|
heap
|
page read and write
|
||
|
1FC4000
|
trusted library allocation
|
page read and write
|
||
|
53DE000
|
trusted library allocation
|
page read and write
|
||
|
3CF7000
|
trusted library allocation
|
page read and write
|
||
|
11C0000
|
trusted library allocation
|
page read and write
|
||
|
E17000
|
trusted library allocation
|
page execute and read and write
|
||
|
5D40000
|
trusted library allocation
|
page read and write
|
||
|
5400000
|
trusted library allocation
|
page read and write
|
||
|
2890000
|
heap
|
page read and write
|
||
|
2E6C000
|
trusted library allocation
|
page read and write
|
||
|
64A3000
|
trusted library allocation
|
page read and write
|
||
|
E12000
|
trusted library allocation
|
page read and write
|
||
|
2E88000
|
trusted library allocation
|
page read and write
|
||
|
5570000
|
heap
|
page read and write
|
||
|
7860000
|
trusted library allocation
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
C02000
|
unkown
|
page readonly
|
||
|
54C0000
|
heap
|
page read and write
|
||
|
DD0000
|
trusted library allocation
|
page read and write
|
||
|
59AE000
|
stack
|
page read and write
|
||
|
556A000
|
heap
|
page read and write
|
||
|
168D000
|
trusted library allocation
|
page execute and read and write
|
||
|
16AA000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A10000
|
trusted library allocation
|
page read and write
|
||
|
4A03000
|
heap
|
page read and write
|
||
|
16B7000
|
trusted library allocation
|
page execute and read and write
|
||
|
12BE000
|
stack
|
page read and write
|
||
|
1693000
|
trusted library allocation
|
page read and write
|
||
|
577D000
|
stack
|
page read and write
|
||
|
5D77000
|
trusted library allocation
|
page read and write
|
||
|
4A60000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
9AFD000
|
stack
|
page read and write
|
||
|
4D2D000
|
stack
|
page read and write
|
||
|
16B2000
|
trusted library allocation
|
page read and write
|
||
|
20B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
10C5000
|
heap
|
page read and write
|
||
|
7FB000
|
trusted library allocation
|
page execute and read and write
|
||
|
3CB7000
|
trusted library allocation
|
page read and write
|
||
|
DC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3D37000
|
trusted library allocation
|
page read and write
|
||
|
5780000
|
trusted library section
|
page read and write
|
||
|
283E000
|
unkown
|
page read and write
|
||
|
8BA000
|
heap
|
page read and write
|
||
|
5680000
|
trusted library allocation
|
page read and write
|
||
|
50D0000
|
trusted library allocation
|
page read and write
|
||
|
2E60000
|
trusted library allocation
|
page read and write
|
||
|
2E70000
|
heap
|
page read and write
|
||
|
317F000
|
unkown
|
page read and write
|
||
|
2E9A000
|
stack
|
page read and write
|
||
|
4CD0000
|
heap
|
page execute and read and write
|
||
|
626000
|
heap
|
page read and write
|
||
|
2286000
|
trusted library allocation
|
page read and write
|
||
|
5D60000
|
trusted library allocation
|
page read and write
|
||
|
4B98000
|
trusted library allocation
|
page read and write
|
||
|
76E000
|
stack
|
page read and write
|
||
|
11E7000
|
heap
|
page read and write
|
||
|
3279000
|
trusted library allocation
|
page read and write
|
||
|
6320000
|
heap
|
page read and write
|
||
|
5405000
|
trusted library allocation
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
76D7000
|
heap
|
page read and write
|
||
|
621E000
|
stack
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
16E0000
|
heap
|
page read and write
|
||
|
6950000
|
trusted library allocation
|
page execute and read and write
|
||
|
3560000
|
trusted library allocation
|
page read and write
|
||
|
5480000
|
trusted library allocation
|
page read and write
|
||
|
2CF2000
|
trusted library allocation
|
page read and write
|
||
|
2F03000
|
trusted library allocation
|
page read and write
|
||
|
2251000
|
trusted library allocation
|
page read and write
|
||
|
2F10000
|
heap
|
page read and write
|
||
|
9BFF000
|
stack
|
page read and write
|
||
|
77D0000
|
trusted library allocation
|
page read and write
|
||
|
53BC000
|
stack
|
page read and write
|
||
|
5E8E000
|
stack
|
page read and write
|
||
|
20A0000
|
heap
|
page read and write
|
||
|
4A80000
|
trusted library allocation
|
page read and write
|
||
|
53F2000
|
trusted library allocation
|
page read and write
|
||
|
646E000
|
stack
|
page read and write
|
||
|
7EF30000
|
trusted library allocation
|
page execute and read and write
|
||
|
205E000
|
stack
|
page read and write
|
||
|
2D3E000
|
stack
|
page read and write
|
||
|
7CD0000
|
heap
|
page read and write
|
||
|
3491000
|
trusted library allocation
|
page read and write
|
||
|
60DE000
|
stack
|
page read and write
|
||
|
1FF5000
|
trusted library allocation
|
page execute and read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
4E5E000
|
stack
|
page read and write
|
||
|
A10000
|
trusted library allocation
|
page read and write
|
||
|
D3C000
|
stack
|
page read and write
|
||
|
2F7F000
|
stack
|
page read and write
|
||
|
65D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
114B000
|
heap
|
page read and write
|
||
|
5E5F000
|
stack
|
page read and write
|
||
|
7CC0000
|
heap
|
page read and write
|
||
|
4A70000
|
trusted library allocation
|
page execute and read and write
|
||
|
32B8000
|
trusted library allocation
|
page read and write
|
||
|
7BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
89C000
|
heap
|
page read and write
|
||
|
6970000
|
trusted library allocation
|
page read and write
|
||
|
22CA000
|
trusted library allocation
|
page read and write
|
||
|
ABBE000
|
stack
|
page read and write
|
||
|
12D0000
|
trusted library allocation
|
page read and write
|
||
|
3D98000
|
trusted library allocation
|
page read and write
|
||
|
4E1E000
|
stack
|
page read and write
|
||
|
CF8000
|
stack
|
page read and write
|
||
|
6488000
|
trusted library allocation
|
page read and write
|
||
|
B60000
|
unkown
|
page readonly
|
||
|
49B0000
|
trusted library allocation
|
page read and write
|
||
|
4A62000
|
trusted library allocation
|
page read and write
|
||
|
6C17000
|
heap
|
page read and write
|
||
|
50C2000
|
trusted library allocation
|
page read and write
|
||
|
785E000
|
stack
|
page read and write
|
There are 604 hidden memdumps, click here to show them.