Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
datasheet.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\datasheet.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmp8D3A.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\EhzaIxEFbjyd.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\EhzaIxEFbjyd.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\EhzaIxEFbjyd.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_21a4lp4u.q25.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c25k4eac.ytn.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e32imc5u.jff.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hf4fykec.hqq.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nnlenskk.wxm.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qdlmq2ac.acp.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_raerh1ao.1qf.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w04wcsdq.p4i.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpA381.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\datasheet.exe
|
"C:\Users\user\Desktop\datasheet.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\datasheet.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\EhzaIxEFbjyd.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\EhzaIxEFbjyd" /XML "C:\Users\user\AppData\Local\Temp\tmp8D3A.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\EhzaIxEFbjyd.exe
|
C:\Users\user\AppData\Roaming\EhzaIxEFbjyd.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\EhzaIxEFbjyd" /XML "C:\Users\user\AppData\Local\Temp\tmpA381.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.ipify.org/
|
104.26.13.205
|
||
|
https://api.ipify.org
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
https://api.ipify.org/t
|
unknown
|
||
|
http://crl.gl
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://crl.globalsig
|
unknown
|
||
|
http://smtp.yandex.com
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
smtp.yandex.ru
|
77.88.21.158
|
||
|
api.ipify.org
|
104.26.13.205
|
||
|
smtp.yandex.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
77.88.21.158
|
smtp.yandex.ru
|
Russian Federation
|
||
|
104.26.13.205
|
api.ipify.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2D81000
|
trusted library allocation
|
page read and write
|
|
|
|
3D09000
|
trusted library allocation
|
page read and write
|
|
|
|
31C1000
|
trusted library allocation
|
page read and write
|
|
|
|
31EC000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
1164000
|
trusted library allocation
|
page read and write
|
||
|
5092000
|
trusted library allocation
|
page read and write
|
||
|
529E000
|
stack
|
page read and write
|
||
|
274E000
|
stack
|
page read and write
|
||
|
31BD000
|
trusted library allocation
|
page read and write
|
||
|
5E3E000
|
stack
|
page read and write
|
||
|
5F3E000
|
stack
|
page read and write
|
||
|
E38000
|
heap
|
page read and write
|
||
|
2BD0000
|
heap
|
page read and write
|
||
|
A59D000
|
stack
|
page read and write
|
||
|
3D69000
|
trusted library allocation
|
page read and write
|
||
|
316E000
|
trusted library allocation
|
page read and write
|
||
|
6015000
|
heap
|
page read and write
|
||
|
1462000
|
heap
|
page read and write
|
||
|
140C000
|
stack
|
page read and write
|
||
|
F48000
|
heap
|
page read and write
|
||
|
AA2E000
|
stack
|
page read and write
|
||
|
302A000
|
trusted library allocation
|
page read and write
|
||
|
2B2E000
|
stack
|
page read and write
|
||
|
3E12000
|
trusted library allocation
|
page read and write
|
||
|
F02000
|
trusted library allocation
|
page read and write
|
||
|
2E7E000
|
trusted library allocation
|
page read and write
|
||
|
776D000
|
stack
|
page read and write
|
||
|
59FE000
|
stack
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
2C10000
|
trusted library allocation
|
page read and write
|
||
|
1077000
|
heap
|
page read and write
|
||
|
5450000
|
heap
|
page execute and read and write
|
||
|
2A36000
|
trusted library allocation
|
page execute and read and write
|
||
|
3F80000
|
trusted library allocation
|
page read and write
|
||
|
6A80000
|
trusted library allocation
|
page execute and read and write
|
||
|
770000
|
unkown
|
page readonly
|
||
|
ED4000
|
trusted library allocation
|
page read and write
|
||
|
3136000
|
trusted library allocation
|
page read and write
|
||
|
68DF000
|
stack
|
page read and write
|
||
|
3EF2000
|
trusted library allocation
|
page read and write
|
||
|
72EB000
|
heap
|
page read and write
|
||
|
669D000
|
stack
|
page read and write
|
||
|
ED0000
|
trusted library allocation
|
page read and write
|
||
|
31F4000
|
trusted library allocation
|
page read and write
|
||
|
2B40000
|
trusted library allocation
|
page read and write
|
||
|
7742000
|
trusted library allocation
|
page read and write
|
||
|
2D12000
|
trusted library allocation
|
page read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
5216000
|
trusted library allocation
|
page read and write
|
||
|
DB0000
|
trusted library allocation
|
page read and write
|
||
|
AE6E000
|
stack
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
2DD4000
|
trusted library allocation
|
page read and write
|
||
|
5182000
|
trusted library allocation
|
page read and write
|
||
|
563B000
|
heap
|
page read and write
|
||
|
6A9E000
|
stack
|
page read and write
|
||
|
1025000
|
heap
|
page read and write
|
||
|
2C00000
|
trusted library allocation
|
page read and write
|
||
|
1170000
|
heap
|
page read and write
|
||
|
13CB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1177000
|
heap
|
page read and write
|
||
|
7610000
|
trusted library allocation
|
page read and write
|
||
|
FEA000
|
heap
|
page read and write
|
||
|
175E000
|
stack
|
page read and write
|
||
|
2CBB000
|
stack
|
page read and write
|
||
|
75A4000
|
trusted library allocation
|
page read and write
|
||
|
FB2000
|
heap
|
page read and write
|
||
|
517E000
|
trusted library allocation
|
page read and write
|
||
|
11F0000
|
trusted library allocation
|
page read and write
|
||
|
310B000
|
trusted library allocation
|
page read and write
|
||
|
11C6000
|
trusted library allocation
|
page execute and read and write
|
||
|
5353000
|
heap
|
page read and write
|
||
|
55E0000
|
heap
|
page read and write
|
||
|
5F72000
|
heap
|
page read and write
|
||
|
302E000
|
trusted library allocation
|
page read and write
|
||
|
C3A000
|
stack
|
page read and write
|
||
|
41DA000
|
trusted library allocation
|
page read and write
|
||
|
A2CE000
|
stack
|
page read and write
|
||
|
14B4000
|
heap
|
page read and write
|
||
|
4001000
|
trusted library allocation
|
page read and write
|
||
|
1150000
|
trusted library allocation
|
page read and write
|
||
|
55D0000
|
heap
|
page read and write
|
||
|
566D000
|
heap
|
page read and write
|
||
|
2FEA000
|
trusted library allocation
|
page read and write
|
||
|
5AFE000
|
stack
|
page read and write
|
||
|
1300000
|
heap
|
page read and write
|
||
|
6573000
|
trusted library allocation
|
page read and write
|
||
|
3D61000
|
trusted library allocation
|
page read and write
|
||
|
5F40000
|
heap
|
page read and write
|
||
|
6578000
|
trusted library allocation
|
page read and write
|
||
|
ECF000
|
stack
|
page read and write
|
||
|
F53000
|
heap
|
page read and write
|
||
|
2E96000
|
trusted library allocation
|
page read and write
|
||
|
685D000
|
stack
|
page read and write
|
||
|
FC8000
|
heap
|
page read and write
|
||
|
56A4000
|
heap
|
page read and write
|
||
|
64F2000
|
heap
|
page read and write
|
||
|
7F360000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D31000
|
trusted library allocation
|
page read and write
|
||
|
179C000
|
stack
|
page read and write
|
||
|
2E34000
|
trusted library allocation
|
page read and write
|
||
|
FA4000
|
heap
|
page read and write
|
||
|
15F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
11D5000
|
trusted library allocation
|
page execute and read and write
|
||
|
74FE000
|
stack
|
page read and write
|
||
|
EED000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EA3000
|
trusted library allocation
|
page read and write
|
||
|
5BFD000
|
stack
|
page read and write
|
||
|
EDD000
|
trusted library allocation
|
page execute and read and write
|
||
|
5430000
|
heap
|
page read and write
|
||
|
7ACE000
|
stack
|
page read and write
|
||
|
51A2000
|
trusted library allocation
|
page read and write
|
||
|
519D000
|
trusted library allocation
|
page read and write
|
||
|
5040000
|
trusted library allocation
|
page read and write
|
||
|
3E52000
|
trusted library allocation
|
page read and write
|
||
|
3F32000
|
trusted library allocation
|
page read and write
|
||
|
1163000
|
trusted library allocation
|
page execute and read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
7C00000
|
trusted library allocation
|
page execute and read and write
|
||
|
5410000
|
heap
|
page read and write
|
||
|
31E8000
|
trusted library allocation
|
page read and write
|
||
|
6570000
|
trusted library allocation
|
page read and write
|
||
|
A65E000
|
stack
|
page read and write
|
||
|
642E000
|
stack
|
page read and write
|
||
|
29D0000
|
heap
|
page read and write
|
||
|
51BE000
|
trusted library allocation
|
page read and write
|
||
|
E66000
|
heap
|
page read and write
|
||
|
5320000
|
heap
|
page read and write
|
||
|
291D000
|
stack
|
page read and write
|
||
|
2D75000
|
trusted library allocation
|
page read and write
|
||
|
78CE000
|
stack
|
page read and write
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
6AE7000
|
trusted library allocation
|
page read and write
|
||
|
6A40000
|
trusted library allocation
|
page read and write
|
||
|
278F000
|
stack
|
page read and write
|
||
|
2B68000
|
trusted library allocation
|
page read and write
|
||
|
7550000
|
trusted library allocation
|
page read and write
|
||
|
6DBE000
|
stack
|
page read and write
|
||
|
A7DD000
|
stack
|
page read and write
|
||
|
11D2000
|
trusted library allocation
|
page read and write
|
||
|
2CA2000
|
trusted library allocation
|
page read and write
|
||
|
2A32000
|
trusted library allocation
|
page read and write
|
||
|
3D59000
|
trusted library allocation
|
page read and write
|
||
|
1416000
|
heap
|
page read and write
|
||
|
3134000
|
trusted library allocation
|
page read and write
|
||
|
17C0000
|
trusted library allocation
|
page read and write
|
||
|
9A7000
|
stack
|
page read and write
|
||
|
13C5000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D50000
|
heap
|
page execute and read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
12A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C96000
|
trusted library allocation
|
page read and write
|
||
|
681E000
|
stack
|
page read and write
|
||
|
2C91000
|
trusted library allocation
|
page read and write
|
||
|
6DFE000
|
stack
|
page read and write
|
||
|
13C2000
|
trusted library allocation
|
page read and write
|
||
|
601B000
|
heap
|
page read and write
|
||
|
A65C000
|
stack
|
page read and write
|
||
|
66B0000
|
trusted library allocation
|
page read and write
|
||
|
30D0000
|
heap
|
page read and write
|
||
|
2CD0000
|
trusted library allocation
|
page read and write
|
||
|
6031000
|
heap
|
page read and write
|
||
|
2D79000
|
trusted library allocation
|
page read and write
|
||
|
11B0000
|
trusted library allocation
|
page read and write
|
||
|
3ED2000
|
trusted library allocation
|
page read and write
|
||
|
1216000
|
heap
|
page read and write
|
||
|
7DEE000
|
stack
|
page read and write
|
||
|
75A0000
|
trusted library allocation
|
page read and write
|
||
|
7CEE000
|
heap
|
page read and write
|
||
|
5F74000
|
heap
|
page read and write
|
||
|
7250000
|
trusted library allocation
|
page read and write
|
||
|
52D0000
|
heap
|
page read and write
|
||
|
F18000
|
heap
|
page read and write
|
||
|
7194000
|
heap
|
page read and write
|
||
|
5096000
|
trusted library allocation
|
page read and write
|
||
|
A41D000
|
stack
|
page read and write
|
||
|
3F1A000
|
trusted library allocation
|
page read and write
|
||
|
7BCD000
|
stack
|
page read and write
|
||
|
23CE000
|
unkown
|
page read and write
|
||
|
6DD0000
|
trusted library allocation
|
page read and write
|
||
|
5350000
|
heap
|
page execute and read and write
|
||
|
7CEE000
|
stack
|
page read and write
|
||
|
4E2D000
|
stack
|
page read and write
|
||
|
5380000
|
trusted library allocation
|
page execute and read and write
|
||
|
12B0000
|
trusted library allocation
|
page read and write
|
||
|
D7E000
|
stack
|
page read and write
|
||
|
5FF5000
|
heap
|
page read and write
|
||
|
31DB000
|
trusted library allocation
|
page read and write
|
||
|
13A0000
|
trusted library allocation
|
page read and write
|
||
|
5735000
|
heap
|
page read and write
|
||
|
3DF3000
|
trusted library allocation
|
page read and write
|
||
|
51D0000
|
heap
|
page read and write
|
||
|
F31000
|
heap
|
page read and write
|
||
|
704E000
|
heap
|
page read and write
|
||
|
3036000
|
trusted library allocation
|
page read and write
|
||
|
308E000
|
stack
|
page read and write
|
||
|
60D0000
|
heap
|
page read and write
|
||
|
5860000
|
trusted library allocation
|
page read and write
|
||
|
149F000
|
heap
|
page read and write
|
||
|
9ECC000
|
stack
|
page read and write
|
||
|
7240000
|
trusted library allocation
|
page execute and read and write
|
||
|
50D0000
|
trusted library allocation
|
page read and write
|
||
|
15E0000
|
trusted library allocation
|
page read and write
|
||
|
5665000
|
heap
|
page read and write
|
||
|
A420000
|
heap
|
page read and write
|
||
|
6DCD000
|
stack
|
page read and write
|
||
|
5900000
|
trusted library allocation
|
page execute and read and write
|
||
|
11D7000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C14000
|
trusted library allocation
|
page read and write
|
||
|
7F810000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D30000
|
trusted library allocation
|
page read and write
|
||
|
D58000
|
stack
|
page read and write
|
||
|
A75E000
|
stack
|
page read and write
|
||
|
59BF000
|
stack
|
page read and write
|
||
|
563C000
|
stack
|
page read and write
|
||
|
DA8000
|
heap
|
page read and write
|
||
|
50A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
74BF000
|
stack
|
page read and write
|
||
|
7500000
|
trusted library allocation
|
page execute and read and write
|
||
|
EF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DD5000
|
trusted library allocation
|
page read and write
|
||
|
5F50000
|
heap
|
page read and write
|
||
|
FA6000
|
heap
|
page read and write
|
||
|
125B000
|
unkown
|
page read and write
|
||
|
54CC000
|
stack
|
page read and write
|
||
|
64DD000
|
stack
|
page read and write
|
||
|
DD7000
|
heap
|
page read and write
|
||
|
F88000
|
heap
|
page read and write
|
||
|
EE0000
|
trusted library allocation
|
page read and write
|
||
|
A55C000
|
stack
|
page read and write
|
||
|
53DE000
|
stack
|
page read and write
|
||
|
106B000
|
stack
|
page read and write
|
||
|
6A70000
|
trusted library allocation
|
page read and write
|
||
|
5BBE000
|
stack
|
page read and write
|
||
|
540E000
|
stack
|
page read and write
|
||
|
13BA000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D01000
|
trusted library allocation
|
page read and write
|
||
|
5C20000
|
heap
|
page read and write
|
||
|
3D99000
|
trusted library allocation
|
page read and write
|
||
|
3D31000
|
trusted library allocation
|
page read and write
|
||
|
759E000
|
stack
|
page read and write
|
||
|
A79E000
|
stack
|
page read and write
|
||
|
55EC000
|
heap
|
page read and write
|
||
|
812000
|
unkown
|
page readonly
|
||
|
2B40000
|
trusted library allocation
|
page read and write
|
||
|
EB5000
|
heap
|
page read and write
|
||
|
5360000
|
trusted library allocation
|
page read and write
|
||
|
5653000
|
heap
|
page read and write
|
||
|
52D0000
|
trusted library allocation
|
page read and write
|
||
|
2E20000
|
trusted library allocation
|
page read and write
|
||
|
50B0000
|
trusted library allocation
|
page read and write
|
||
|
2C10000
|
heap
|
page read and write
|
||
|
5250000
|
heap
|
page execute and read and write
|
||
|
F6E000
|
stack
|
page read and write
|
||
|
83CC000
|
stack
|
page read and write
|
||
|
3136000
|
trusted library allocation
|
page read and write
|
||
|
2BAE000
|
stack
|
page read and write
|
||
|
3041000
|
trusted library allocation
|
page read and write
|
||
|
2D06000
|
trusted library allocation
|
page read and write
|
||
|
2CE0000
|
trusted library allocation
|
page read and write
|
||
|
2C1A000
|
heap
|
page read and write
|
||
|
3F7F000
|
trusted library allocation
|
page read and write
|
||
|
2A3A000
|
trusted library allocation
|
page execute and read and write
|
||
|
E1C000
|
heap
|
page read and write
|
||
|
C5A000
|
stack
|
page read and write
|
||
|
F7E000
|
heap
|
page read and write
|
||
|
5240000
|
heap
|
page read and write
|
||
|
65CE000
|
stack
|
page read and write
|
||
|
5220000
|
trusted library allocation
|
page execute and read and write
|
||
|
12FC000
|
stack
|
page read and write
|
||
|
55E5000
|
heap
|
page read and write
|
||
|
F0B000
|
trusted library allocation
|
page execute and read and write
|
||
|
5770000
|
trusted library allocation
|
page read and write
|
||
|
3171000
|
trusted library allocation
|
page read and write
|
||
|
2A47000
|
trusted library allocation
|
page execute and read and write
|
||
|
11A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
1070000
|
heap
|
page read and write
|
||
|
539E000
|
stack
|
page read and write
|
||
|
55DE000
|
stack
|
page read and write
|
||
|
11D0000
|
trusted library allocation
|
page read and write
|
||
|
58BE000
|
stack
|
page read and write
|
||
|
5420000
|
heap
|
page read and write
|
||
|
7CD0000
|
heap
|
page read and write
|
||
|
3D01000
|
trusted library allocation
|
page read and write
|
||
|
2D24000
|
trusted library allocation
|
page read and write
|
||
|
F1E000
|
heap
|
page read and write
|
||
|
3DD2000
|
trusted library allocation
|
page read and write
|
||
|
5651000
|
heap
|
page read and write
|
||
|
3130000
|
trusted library allocation
|
page read and write
|
||
|
3EB2000
|
trusted library allocation
|
page read and write
|
||
|
5350000
|
heap
|
page read and write
|
||
|
EEE000
|
stack
|
page read and write
|
||
|
2A42000
|
trusted library allocation
|
page read and write
|
||
|
1178000
|
trusted library allocation
|
page read and write
|
||
|
1020000
|
trusted library allocation
|
page read and write
|
||
|
DC5000
|
heap
|
page read and write
|
||
|
11A4000
|
trusted library allocation
|
page read and write
|
||
|
71CE000
|
heap
|
page read and write
|
||
|
3E30000
|
trusted library allocation
|
page read and write
|
||
|
11A0000
|
trusted library allocation
|
page read and write
|
||
|
3E32000
|
trusted library allocation
|
page read and write
|
||
|
520C000
|
stack
|
page read and write
|
||
|
55CE000
|
stack
|
page read and write
|
||
|
685E000
|
stack
|
page read and write
|
||
|
7370000
|
trusted library allocation
|
page read and write
|
||
|
1335000
|
heap
|
page read and write
|
||
|
772000
|
unkown
|
page readonly
|
||
|
657D000
|
trusted library allocation
|
page read and write
|
||
|
2D20000
|
trusted library allocation
|
page read and write
|
||
|
17E0000
|
heap
|
page read and write
|
||
|
1418000
|
heap
|
page read and write
|
||
|
580E000
|
stack
|
page read and write
|
||
|
2D61000
|
trusted library allocation
|
page read and write
|
||
|
534C000
|
stack
|
page read and write
|
||
|
EF0000
|
trusted library allocation
|
page read and write
|
||
|
F55000
|
heap
|
page read and write
|
||
|
4082000
|
trusted library allocation
|
page read and write
|
||
|
2CB0000
|
trusted library allocation
|
page read and write
|
||
|
3FE0000
|
trusted library allocation
|
page read and write
|
||
|
3E92000
|
trusted library allocation
|
page read and write
|
||
|
FDE000
|
heap
|
page read and write
|
||
|
2E5F000
|
unkown
|
page read and write
|
||
|
29A0000
|
heap
|
page read and write
|
||
|
114E000
|
stack
|
page read and write
|
||
|
7510000
|
trusted library allocation
|
page read and write
|
||
|
64E0000
|
heap
|
page read and write
|
||
|
2EFD000
|
trusted library allocation
|
page read and write
|
||
|
4171000
|
trusted library allocation
|
page read and write
|
||
|
2E26000
|
trusted library allocation
|
page read and write
|
||
|
1010000
|
heap
|
page read and write
|
||
|
5780000
|
trusted library allocation
|
page execute and read and write
|
||
|
61ED000
|
stack
|
page read and write
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
F7B000
|
heap
|
page read and write
|
||
|
17A0000
|
heap
|
page read and write
|
||
|
4177000
|
trusted library allocation
|
page read and write
|
||
|
7040000
|
heap
|
page read and write
|
||
|
62DE000
|
stack
|
page read and write
|
||
|
6CC0000
|
heap
|
page read and write
|
||
|
6044000
|
heap
|
page read and write
|
||
|
73FE000
|
stack
|
page read and write
|
||
|
656F000
|
stack
|
page read and write
|
||
|
51A0000
|
trusted library allocation
|
page read and write
|
||
|
31E6000
|
trusted library allocation
|
page read and write
|
||
|
2A30000
|
trusted library allocation
|
page read and write
|
||
|
AC6C000
|
stack
|
page read and write
|
||
|
2A60000
|
trusted library allocation
|
page read and write
|
||
|
5870000
|
trusted library allocation
|
page execute and read and write
|
||
|
699E000
|
stack
|
page read and write
|
||
|
3206000
|
trusted library allocation
|
page read and write
|
||
|
6A90000
|
heap
|
page read and write
|
||
|
11DB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CD0000
|
trusted library allocation
|
page read and write
|
||
|
2C8E000
|
trusted library allocation
|
page read and write
|
||
|
6587000
|
trusted library allocation
|
page read and write
|
||
|
569C000
|
heap
|
page read and write
|
||
|
2C9D000
|
trusted library allocation
|
page read and write
|
||
|
137E000
|
stack
|
page read and write
|
||
|
56ED000
|
stack
|
page read and write
|
||
|
537F000
|
trusted library section
|
page readonly
|
||
|
51C0000
|
trusted library allocation
|
page read and write
|
||
|
A69E000
|
stack
|
page read and write
|
||
|
13B2000
|
trusted library allocation
|
page read and write
|
||
|
2BE8000
|
trusted library allocation
|
page read and write
|
||
|
584C000
|
stack
|
page read and write
|
||
|
72C0000
|
heap
|
page read and write
|
||
|
73BE000
|
stack
|
page read and write
|
||
|
7324000
|
heap
|
page read and write
|
||
|
3DC2000
|
trusted library allocation
|
page read and write
|
||
|
31A6000
|
trusted library allocation
|
page read and write
|
||
|
2380000
|
heap
|
page read and write
|
||
|
11BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
270F000
|
unkown
|
page read and write
|
||
|
7C20000
|
trusted library section
|
page read and write
|
||
|
3E6C000
|
trusted library allocation
|
page read and write
|
||
|
13B0000
|
trusted library allocation
|
page read and write
|
||
|
2E98000
|
trusted library allocation
|
page read and write
|
||
|
7192000
|
heap
|
page read and write
|
||
|
52F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E9E000
|
stack
|
page read and write
|
||
|
2CFE000
|
trusted library allocation
|
page read and write
|
||
|
11C2000
|
trusted library allocation
|
page read and write
|
||
|
5196000
|
trusted library allocation
|
page read and write
|
||
|
2CE4000
|
trusted library allocation
|
page read and write
|
||
|
518E000
|
trusted library allocation
|
page read and write
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
295A000
|
stack
|
page read and write
|
||
|
A55D000
|
stack
|
page read and write
|
||
|
2E41000
|
trusted library allocation
|
page read and write
|
||
|
52F0000
|
trusted library allocation
|
page read and write
|
||
|
2D01000
|
trusted library allocation
|
page read and write
|
||
|
17E7000
|
heap
|
page read and write
|
||
|
6011000
|
heap
|
page read and write
|
||
|
1390000
|
trusted library allocation
|
page read and write
|
||
|
1413000
|
heap
|
page read and write
|
||
|
3026000
|
trusted library allocation
|
page read and write
|
||
|
F20000
|
trusted library allocation
|
page read and write
|
||
|
62EF000
|
stack
|
page read and write
|
||
|
5F6E000
|
stack
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
6AB8000
|
trusted library allocation
|
page read and write
|
||
|
51CB000
|
stack
|
page read and write
|
||
|
58FE000
|
trusted library allocation
|
page read and write
|
||
|
104E000
|
heap
|
page read and write
|
||
|
3022000
|
trusted library allocation
|
page read and write
|
||
|
22DD000
|
stack
|
page read and write
|
||
|
129B000
|
unkown
|
page read and write
|
||
|
3098000
|
trusted library allocation
|
page read and write
|
||
|
5340000
|
trusted library section
|
page read and write
|
||
|
646E000
|
stack
|
page read and write
|
||
|
A0D0000
|
heap
|
page read and write
|
||
|
2AFE000
|
stack
|
page read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
2F62000
|
trusted library allocation
|
page read and write
|
||
|
13C7000
|
trusted library allocation
|
page execute and read and write
|
||
|
58F0000
|
trusted library allocation
|
page read and write
|
||
|
101A000
|
heap
|
page read and write
|
||
|
110E000
|
stack
|
page read and write
|
||
|
3F12000
|
trusted library allocation
|
page read and write
|
||
|
5170000
|
trusted library allocation
|
page read and write
|
||
|
52C4000
|
heap
|
page read and write
|
||
|
2D3C000
|
trusted library allocation
|
page read and write
|
||
|
1190000
|
trusted library allocation
|
page read and write
|
||
|
2A40000
|
trusted library allocation
|
page read and write
|
||
|
116E000
|
stack
|
page read and write
|
||
|
2D26000
|
trusted library allocation
|
page read and write
|
||
|
5730000
|
heap
|
page read and write
|
||
|
1394000
|
trusted library allocation
|
page read and write
|
||
|
55C0000
|
trusted library allocation
|
page read and write
|
||
|
2E45000
|
trusted library allocation
|
page read and write
|
||
|
12EE000
|
stack
|
page read and write
|
||
|
13C0000
|
trusted library allocation
|
page read and write
|
||
|
2CC0000
|
trusted library allocation
|
page read and write
|
||
|
3EA8000
|
trusted library allocation
|
page read and write
|
||
|
2AAE000
|
stack
|
page read and write
|
||
|
EA0000
|
heap
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
5200000
|
heap
|
page read and write
|
||
|
A8DE000
|
stack
|
page read and write
|
||
|
2C20000
|
heap
|
page execute and read and write
|
||
|
D37000
|
stack
|
page read and write
|
||
|
6BBF000
|
stack
|
page read and write
|
||
|
3160000
|
heap
|
page read and write
|
||
|
1600000
|
heap
|
page read and write
|
||
|
AB6B000
|
stack
|
page read and write
|
||
|
1610000
|
heap
|
page read and write
|
||
|
A79E000
|
stack
|
page read and write
|
||
|
66A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5670000
|
heap
|
page execute and read and write
|
||
|
DBF000
|
heap
|
page read and write
|
||
|
51D3000
|
heap
|
page read and write
|
||
|
5080000
|
heap
|
page read and write
|
||
|
11C0000
|
trusted library allocation
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
11CA000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EF9000
|
trusted library allocation
|
page read and write
|
||
|
4199000
|
trusted library allocation
|
page read and write
|
||
|
DD5000
|
heap
|
page read and write
|
||
|
605B000
|
heap
|
page read and write
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
601F000
|
heap
|
page read and write
|
||
|
5F2D000
|
stack
|
page read and write
|
||
|
5692000
|
heap
|
page read and write
|
||
|
5300000
|
heap
|
page read and write
|
||
|
E70000
|
heap
|
page read and write
|
||
|
6580000
|
trusted library allocation
|
page read and write
|
||
|
3F40000
|
trusted library allocation
|
page read and write
|
||
|
23D0000
|
heap
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
8AA000
|
stack
|
page read and write
|
||
|
6AE0000
|
trusted library allocation
|
page read and write
|
||
|
7CE0000
|
heap
|
page read and write
|
||
|
15DF000
|
stack
|
page read and write
|
||
|
3140000
|
trusted library allocation
|
page read and write
|
||
|
55E5000
|
trusted library allocation
|
page read and write
|
||
|
71C0000
|
heap
|
page read and write
|
||
|
5090000
|
trusted library allocation
|
page read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
5212000
|
trusted library allocation
|
page read and write
|
||
|
6ADD000
|
trusted library allocation
|
page read and write
|
||
|
60BE000
|
stack
|
page read and write
|
||
|
139D000
|
trusted library allocation
|
page execute and read and write
|
||
|
116D000
|
trusted library allocation
|
page execute and read and write
|
||
|
171F000
|
stack
|
page read and write
|
||
|
31AF000
|
trusted library allocation
|
page read and write
|
||
|
13B6000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
695E000
|
stack
|
page read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
2E38000
|
trusted library allocation
|
page read and write
|
||
|
EE3000
|
trusted library allocation
|
page read and write
|
||
|
2CC5000
|
trusted library allocation
|
page read and write
|
||
|
3294000
|
trusted library allocation
|
page read and write
|
||
|
2B50000
|
trusted library allocation
|
page read and write
|
||
|
6AB0000
|
trusted library allocation
|
page read and write
|
||
|
2CF0000
|
heap
|
page execute and read and write
|
||
|
6A30000
|
trusted library allocation
|
page read and write
|
||
|
5642000
|
heap
|
page read and write
|
||
|
2A4B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1459000
|
heap
|
page read and write
|
||
|
5F70000
|
heap
|
page read and write
|
||
|
6E3F000
|
stack
|
page read and write
|
||
|
17D0000
|
trusted library allocation
|
page read and write
|
||
|
2B3C000
|
stack
|
page read and write
|
||
|
32BD000
|
trusted library allocation
|
page read and write
|
||
|
2D45000
|
trusted library allocation
|
page read and write
|
||
|
FDB000
|
stack
|
page read and write
|
||
|
526E000
|
stack
|
page read and write
|
||
|
231A000
|
stack
|
page read and write
|
||
|
2EDF000
|
stack
|
page read and write
|
||
|
AD6E000
|
stack
|
page read and write
|
||
|
3EFF000
|
trusted library allocation
|
page read and write
|
||
|
665E000
|
stack
|
page read and write
|
||
|
AB2E000
|
stack
|
page read and write
|
||
|
2A20000
|
trusted library allocation
|
page read and write
|
||
|
1169000
|
stack
|
page read and write
|
||
|
3150000
|
heap
|
page execute and read and write
|
||
|
63DC000
|
stack
|
page read and write
|
||
|
A89E000
|
stack
|
page read and write
|
||
|
6A20000
|
trusted library allocation
|
page execute and read and write
|
||
|
5210000
|
trusted library allocation
|
page read and write
|
||
|
605E000
|
heap
|
page read and write
|
||
|
7140000
|
heap
|
page read and write
|
||
|
602B000
|
heap
|
page read and write
|
||
|
1200000
|
trusted library allocation
|
page execute and read and write
|
||
|
1380000
|
trusted library allocation
|
page read and write
|
||
|
5230000
|
trusted library allocation
|
page read and write
|
||
|
29BB000
|
heap
|
page read and write
|
||
|
DCB000
|
heap
|
page read and write
|
||
|
1393000
|
trusted library allocation
|
page execute and read and write
|
||
|
5191000
|
trusted library allocation
|
page read and write
|
||
|
6B2D000
|
stack
|
page read and write
|
||
|
716C000
|
heap
|
page read and write
|
||
|
53CE000
|
stack
|
page read and write
|
||
|
51B0000
|
trusted library allocation
|
page read and write
|
||
|
2B60000
|
heap
|
page read and write
|
||
|
5B3E000
|
stack
|
page read and write
|
||
|
2F4A000
|
trusted library allocation
|
page read and write
|
||
|
2D7D000
|
trusted library allocation
|
page read and write
|
||
|
31EA000
|
trusted library allocation
|
page read and write
|
||
|
2D40000
|
trusted library allocation
|
page read and write
|
||
|
60C0000
|
heap
|
page read and write
|
||
|
F9F000
|
heap
|
page read and write
|
||
|
5FBE000
|
stack
|
page read and write
|
||
|
2C74000
|
trusted library allocation
|
page read and write
|
||
|
ED3000
|
trusted library allocation
|
page execute and read and write
|
||
|
29E0000
|
heap
|
page read and write
|
||
|
1019000
|
heap
|
page read and write
|
||
|
F07000
|
trusted library allocation
|
page execute and read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
11AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D67000
|
trusted library allocation
|
page read and write
|
||
|
771D000
|
stack
|
page read and write
|
||
|
127E000
|
stack
|
page read and write
|
||
|
2C70000
|
trusted library allocation
|
page read and write
|
||
|
2E3D000
|
trusted library allocation
|
page read and write
|
||
|
A3CE000
|
stack
|
page read and write
|
||
|
55B4000
|
trusted library allocation
|
page read and write
|
||
|
5868000
|
trusted library allocation
|
page read and write
|
||
|
2E80000
|
trusted library allocation
|
page read and write
|
||
|
FD6000
|
heap
|
page read and write
|
||
|
587C000
|
stack
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
583F000
|
stack
|
page read and write
|
||
|
3FA0000
|
trusted library allocation
|
page read and write
|
||
|
731E000
|
heap
|
page read and write
|
||
|
559D000
|
stack
|
page read and write
|
||
|
3E72000
|
trusted library allocation
|
page read and write
|
||
|
567B000
|
heap
|
page read and write
|
||
|
3282000
|
trusted library allocation
|
page read and write
|
||
|
1160000
|
trusted library allocation
|
page read and write
|
||
|
5B7E000
|
stack
|
page read and write
|
||
|
55C4000
|
trusted library allocation
|
page read and write
|
||
|
517B000
|
trusted library allocation
|
page read and write
|
||
|
EFA000
|
trusted library allocation
|
page execute and read and write
|
||
|
6046000
|
heap
|
page read and write
|
||
|
EF2000
|
trusted library allocation
|
page read and write
|
||
|
EA5000
|
heap
|
page read and write
|
||
|
2D75000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
2E28000
|
trusted library allocation
|
page read and write
|
||
|
27B0000
|
heap
|
page read and write
|
||
|
322A000
|
trusted library allocation
|
page read and write
|
||
|
6AD0000
|
trusted library allocation
|
page read and write
|
||
|
E90000
|
heap
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
2D0D000
|
trusted library allocation
|
page read and write
|
||
|
6BFE000
|
stack
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
5680000
|
heap
|
page read and write
|
||
|
77AE000
|
stack
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
FF0000
|
trusted library allocation
|
page read and write
|
||
|
689E000
|
stack
|
page read and write
|
||
|
52E0000
|
trusted library section
|
page readonly
|
||
|
2A23000
|
trusted library allocation
|
page read and write
|
||
|
56EE000
|
stack
|
page read and write
|
||
|
140A000
|
heap
|
page read and write
|
||
|
5685000
|
heap
|
page read and write
|
||
|
117C000
|
stack
|
page read and write
|
||
|
6035000
|
heap
|
page read and write
|
||
|
52C0000
|
heap
|
page read and write
|
||
|
2B30000
|
trusted library allocation
|
page execute and read and write
|
||
|
13E8000
|
heap
|
page read and write
|
||
|
2E1E000
|
unkown
|
page read and write
|
||
|
69DE000
|
stack
|
page read and write
|
||
|
632E000
|
stack
|
page read and write
|
||
|
A8F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6AC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
5310000
|
heap
|
page read and write
|
||
|
55D9000
|
trusted library allocation
|
page read and write
|
||
|
2A2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3DF2000
|
trusted library allocation
|
page read and write
|
||
|
2D2F000
|
stack
|
page read and write
|
||
|
2E00000
|
trusted library allocation
|
page read and write
|
||
|
572E000
|
stack
|
page read and write
|
||
|
5660000
|
heap
|
page read and write
|
||
|
4E5C000
|
stack
|
page read and write
|
||
|
D3E000
|
stack
|
page read and write
|
||
|
2C6C000
|
stack
|
page read and write
|
||
|
5370000
|
trusted library section
|
page readonly
|
||
|
A0CD000
|
stack
|
page read and write
|
There are 617 hidden memdumps, click here to show them.