Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
payment1.img
|
ISO 9660 CD-ROM filesystem data 'payment1'
|
initial sample
|
 |
|
|
\Device\CdRom1\PAYMENT1.SCR
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0x084169d7, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\payment1.scr.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1ahowjgq.dl4.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_adv1ckjq.ixw.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cssxwehb.bl0.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fvrda2z5.hru.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g5e23rdh.gcj.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pcdnydxo.ibf.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rmvsbghg.yob.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tpa3uv4u.0pv.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\tmp.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
There are 7 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c powershell.exe -ex bypass -command Mount-DiskImage -ImagePath (gc C:\Windows\path.txt) > tmp.log
2>&1
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -ex bypass -command Mount-DiskImage -ImagePath (gc C:\Windows\path.txt)
|
|
|
|
\Device\CdRom1\payment1.scr
|
"E:\payment1.scr" /S
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "E:\payment1.scr"
|
|
|
|
\Device\CdRom1\payment1.scr
|
"E:\payment1.scr"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
https://api.ip.sb/ip
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2.C:
|
unknown
|
||
|
https://api.ip.s
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://www.typography.netD
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod.C:
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
https://discord.com/api/v9/users/
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
||
|
https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
|
unknown
|
There are 25 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
C93000
|
heap
|
page read and write
|
||
|
7772000
|
heap
|
page read and write
|
||
|
B63E000
|
stack
|
page read and write
|
||
|
E90000
|
heap
|
page read and write
|
||
|
EA2000
|
trusted library allocation
|
page read and write
|
||
|
509B000
|
stack
|
page read and write
|
||
|
1450000
|
trusted library allocation
|
page read and write
|
||
|
4F90000
|
trusted library allocation
|
page read and write
|
||
|
7740000
|
heap
|
page read and write
|
||
|
2A70000
|
trusted library allocation
|
page read and write
|
||
|
54A0000
|
trusted library allocation
|
page read and write
|
||
|
19F0BEFE000
|
heap
|
page read and write
|
||
|
BAFE000
|
stack
|
page read and write
|
||
|
19F11282000
|
trusted library allocation
|
page read and write
|
||
|
9D0B67E000
|
unkown
|
page readonly
|
||
|
9D0B47E000
|
unkown
|
page readonly
|
||
|
774C000
|
heap
|
page read and write
|
||
|
3214000
|
trusted library allocation
|
page read and write
|
||
|
9D0C27E000
|
stack
|
page read and write
|
||
|
19F114FC000
|
heap
|
page read and write
|
||
|
77A3000
|
heap
|
page read and write
|
||
|
9D0BCFE000
|
stack
|
page read and write
|
||
|
3227000
|
trusted library allocation
|
page read and write
|
||
|
5600000
|
trusted library allocation
|
page execute and read and write
|
||
|
513E000
|
stack
|
page read and write
|
||
|
77C9000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
9D0AD77000
|
stack
|
page read and write
|
||
|
19F0BE13000
|
heap
|
page read and write
|
||
|
19F11421000
|
heap
|
page read and write
|
||
|
19F0CE40000
|
trusted library section
|
page readonly
|
||
|
319A000
|
trusted library allocation
|
page read and write
|
||
|
3115000
|
trusted library allocation
|
page read and write
|
||
|
9D0BC7E000
|
unkown
|
page readonly
|
||
|
4031000
|
trusted library allocation
|
page read and write
|
||
|
5A60000
|
heap
|
page read and write
|
||
|
9D0BD7E000
|
unkown
|
page readonly
|
||
|
31F3000
|
trusted library allocation
|
page read and write
|
||
|
555B000
|
trusted library allocation
|
page read and write
|
||
|
1368000
|
heap
|
page read and write
|
||
|
5594000
|
trusted library allocation
|
page read and write
|
||
|
9D0B27E000
|
unkown
|
page readonly
|
||
|
3225000
|
trusted library allocation
|
page read and write
|
||
|
133E000
|
heap
|
page read and write
|
||
|
EA6000
|
trusted library allocation
|
page execute and read and write
|
||
|
146D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5440000
|
trusted library allocation
|
page read and write
|
||
|
B40E000
|
stack
|
page read and write
|
||
|
7782000
|
heap
|
page read and write
|
||
|
B87E000
|
stack
|
page read and write
|
||
|
2A60000
|
trusted library allocation
|
page read and write
|
||
|
14A0000
|
heap
|
page read and write
|
||
|
5860000
|
heap
|
page execute and read and write
|
||
|
19F0BE5B000
|
heap
|
page read and write
|
||
|
C96000
|
heap
|
page read and write
|
||
|
19F1150D000
|
heap
|
page read and write
|
||
|
3206000
|
trusted library allocation
|
page read and write
|
||
|
31D4000
|
trusted library allocation
|
page read and write
|
||
|
53B5000
|
heap
|
page read and write
|
||
|
1378000
|
heap
|
page read and write
|
||
|
1337000
|
heap
|
page read and write
|
||
|
19F0CE20000
|
trusted library section
|
page readonly
|
||
|
556E000
|
trusted library allocation
|
page read and write
|
||
|
19F112F8000
|
trusted library allocation
|
page read and write
|
||
|
2A40000
|
trusted library allocation
|
page read and write
|
||
|
2AA0000
|
trusted library allocation
|
page read and write
|
||
|
2A1E000
|
trusted library allocation
|
page read and write
|
||
|
6B8000
|
unkown
|
page readonly
|
||
|
555E000
|
trusted library allocation
|
page read and write
|
||
|
31A0000
|
trusted library allocation
|
page read and write
|
||
|
31EF000
|
trusted library allocation
|
page read and write
|
||
|
317D000
|
trusted library allocation
|
page read and write
|
||
|
4F60000
|
trusted library allocation
|
page execute and read and write
|
||
|
19F0C602000
|
heap
|
page read and write
|
||
|
19F0BE9D000
|
heap
|
page read and write
|
||
|
2A80000
|
trusted library allocation
|
page read and write
|
||
|
59F0000
|
heap
|
page read and write
|
||
|
B50E000
|
stack
|
page read and write
|
||
|
2A21000
|
trusted library allocation
|
page read and write
|
||
|
31E3000
|
trusted library allocation
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
2A75000
|
trusted library allocation
|
page read and write
|
||
|
19F1132A000
|
trusted library allocation
|
page read and write
|
||
|
5140000
|
trusted library allocation
|
page read and write
|
||
|
5450000
|
trusted library allocation
|
page execute and read and write
|
||
|
74A000
|
stack
|
page read and write
|
||
|
19F11210000
|
trusted library allocation
|
page read and write
|
||
|
C4D000
|
stack
|
page read and write
|
||
|
19F0C5E0000
|
trusted library allocation
|
page read and write
|
||
|
19F11250000
|
trusted library allocation
|
page read and write
|
||
|
9D0C87E000
|
unkown
|
page readonly
|
||
|
30C0000
|
trusted library allocation
|
page read and write
|
||
|
9D0BBFE000
|
stack
|
page read and write
|
||
|
5550000
|
trusted library allocation
|
page read and write
|
||
|
19F1130F000
|
trusted library allocation
|
page read and write
|
||
|
5A70000
|
heap
|
page read and write
|
||
|
9D0B87E000
|
unkown
|
page readonly
|
||
|
19F0BF28000
|
heap
|
page read and write
|
||
|
7754000
|
heap
|
page read and write
|
||
|
19F114F9000
|
heap
|
page read and write
|
||
|
19F112D2000
|
trusted library allocation
|
page read and write
|
||
|
326A000
|
trusted library allocation
|
page read and write
|
||
|
320C000
|
trusted library allocation
|
page read and write
|
||
|
19F1121E000
|
trusted library allocation
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
9D0AF7E000
|
stack
|
page read and write
|
||
|
134C000
|
heap
|
page read and write
|
||
|
9D0C37E000
|
unkown
|
page readonly
|
||
|
BFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
30EB000
|
trusted library allocation
|
page read and write
|
||
|
317B000
|
trusted library allocation
|
page read and write
|
||
|
58B0000
|
heap
|
page read and write
|
||
|
19F112E0000
|
trusted library allocation
|
page read and write
|
||
|
BE3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7790000
|
heap
|
page read and write
|
||
|
BB3C000
|
stack
|
page read and write
|
||
|
19F11400000
|
heap
|
page read and write
|
||
|
31D8000
|
trusted library allocation
|
page read and write
|
||
|
19F0C702000
|
heap
|
page read and write
|
||
|
4F30000
|
heap
|
page read and write
|
||
|
149B000
|
trusted library allocation
|
page execute and read and write
|
||
|
3173000
|
trusted library allocation
|
page read and write
|
||
|
9D0BF7D000
|
stack
|
page read and write
|
||
|
5690000
|
trusted library section
|
page readonly
|
||
|
2A53000
|
heap
|
page read and write
|
||
|
19F0BE79000
|
heap
|
page read and write
|
||
|
19F0D1A0000
|
trusted library allocation
|
page read and write
|
||
|
582000
|
unkown
|
page readonly
|
||
|
9D0B17B000
|
stack
|
page read and write
|
||
|
9D0B77B000
|
stack
|
page read and write
|
||
|
9D0C3FE000
|
stack
|
page read and write
|
||
|
19F0BEB0000
|
heap
|
page read and write
|
||
|
19F1130C000
|
trusted library allocation
|
page read and write
|
||
|
19F1129E000
|
trusted library allocation
|
page read and write
|
||
|
5582000
|
trusted library allocation
|
page read and write
|
||
|
BF0000
|
trusted library allocation
|
page read and write
|
||
|
3223000
|
trusted library allocation
|
page read and write
|
||
|
132E000
|
heap
|
page read and write
|
||
|
2A0B000
|
trusted library allocation
|
page read and write
|
||
|
19F11317000
|
trusted library allocation
|
page read and write
|
||
|
31B7000
|
trusted library allocation
|
page read and write
|
||
|
7799000
|
heap
|
page read and write
|
||
|
1290000
|
heap
|
page read and write
|
||
|
19F0BE8D000
|
heap
|
page read and write
|
||
|
19F11485000
|
heap
|
page read and write
|
||
|
9D0AE7E000
|
unkown
|
page readonly
|
||
|
19F0BE2B000
|
heap
|
page read and write
|
||
|
5590000
|
trusted library allocation
|
page read and write
|
||
|
19F114FE000
|
heap
|
page read and write
|
||
|
31D6000
|
trusted library allocation
|
page read and write
|
||
|
31DA000
|
trusted library allocation
|
page read and write
|
||
|
3183000
|
trusted library allocation
|
page read and write
|
||
|
19F11301000
|
trusted library allocation
|
page read and write
|
||
|
56C0000
|
heap
|
page read and write
|
||
|
6B60000
|
trusted library allocation
|
page read and write
|
||
|
31A2000
|
trusted library allocation
|
page read and write
|
||
|
147D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3B86000
|
trusted library allocation
|
page read and write
|
||
|
5571000
|
trusted library allocation
|
page read and write
|
||
|
B77E000
|
stack
|
page read and write
|
||
|
19F0C700000
|
heap
|
page read and write
|
||
|
773E000
|
stack
|
page read and write
|
||
|
1464000
|
trusted library allocation
|
page read and write
|
||
|
28CE000
|
stack
|
page read and write
|
||
|
31B9000
|
trusted library allocation
|
page read and write
|
||
|
9D0BA7E000
|
unkown
|
page readonly
|
||
|
317F000
|
trusted library allocation
|
page read and write
|
||
|
321D000
|
trusted library allocation
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
5370000
|
trusted library allocation
|
page read and write
|
||
|
59BE000
|
stack
|
page read and write
|
||
|
19F11225000
|
trusted library allocation
|
page read and write
|
||
|
7760000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
19F11370000
|
trusted library allocation
|
page read and write
|
||
|
19F11228000
|
trusted library allocation
|
page read and write
|
||
|
3061000
|
trusted library allocation
|
page read and write
|
||
|
31DD000
|
trusted library allocation
|
page read and write
|
||
|
19F0BE92000
|
heap
|
page read and write
|
||
|
5350000
|
trusted library section
|
page read and write
|
||
|
31F8000
|
trusted library allocation
|
page read and write
|
||
|
19F0BD60000
|
trusted library allocation
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
19F112B3000
|
trusted library allocation
|
page read and write
|
||
|
14D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
9D0A7AB000
|
stack
|
page read and write
|
||
|
135D000
|
heap
|
page read and write
|
||
|
31B5000
|
trusted library allocation
|
page read and write
|
||
|
9D0CDFE000
|
stack
|
page read and write
|
||
|
302E000
|
stack
|
page read and write
|
||
|
29C0000
|
heap
|
page read and write
|
||
|
BC3C000
|
stack
|
page read and write
|
||
|
19F0C615000
|
heap
|
page read and write
|
||
|
EB2000
|
trusted library allocation
|
page read and write
|
||
|
19F112B0000
|
trusted library allocation
|
page read and write
|
||
|
5490000
|
trusted library allocation
|
page read and write
|
||
|
9D0C77A000
|
stack
|
page read and write
|
||
|
19F111F0000
|
trusted library allocation
|
page read and write
|
||
|
3AC9000
|
trusted library allocation
|
page read and write
|
||
|
19F113B0000
|
remote allocation
|
page read and write
|
||
|
557D000
|
trusted library allocation
|
page read and write
|
||
|
30BC000
|
trusted library allocation
|
page read and write
|
||
|
19F0BF13000
|
heap
|
page read and write
|
||
|
19F11274000
|
trusted library allocation
|
page read and write
|
||
|
4BBC000
|
stack
|
page read and write
|
||
|
9D0CE7E000
|
unkown
|
page readonly
|
||
|
312E000
|
trusted library allocation
|
page read and write
|
||
|
30E3000
|
trusted library allocation
|
page read and write
|
||
|
5040000
|
trusted library allocation
|
page read and write
|
||
|
5150000
|
heap
|
page execute and read and write
|
||
|
19F11411000
|
heap
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
775C000
|
heap
|
page read and write
|
||
|
716D000
|
stack
|
page read and write
|
||
|
788E000
|
stack
|
page read and write
|
||
|
1463000
|
trusted library allocation
|
page execute and read and write
|
||
|
55C0000
|
trusted library allocation
|
page read and write
|
||
|
2A00000
|
trusted library allocation
|
page read and write
|
||
|
3210000
|
trusted library allocation
|
page read and write
|
||
|
29F0000
|
trusted library allocation
|
page read and write
|
||
|
320E000
|
trusted library allocation
|
page read and write
|
||
|
510B000
|
stack
|
page read and write
|
||
|
19F0BE9F000
|
heap
|
page read and write
|
||
|
EAA000
|
trusted library allocation
|
page execute and read and write
|
||
|
19F11218000
|
trusted library allocation
|
page read and write
|
||
|
19F11200000
|
trusted library allocation
|
page read and write
|
||
|
19F11340000
|
trusted library allocation
|
page read and write
|
||
|
13BE000
|
heap
|
page read and write
|
||
|
1374000
|
heap
|
page read and write
|
||
|
9D0C579000
|
stack
|
page read and write
|
||
|
5B60000
|
heap
|
page read and write
|
||
|
143E000
|
stack
|
page read and write
|
||
|
5694000
|
trusted library section
|
page readonly
|
||
|
5640000
|
trusted library allocation
|
page read and write
|
||
|
2910000
|
heap
|
page read and write
|
||
|
1492000
|
trusted library allocation
|
page read and write
|
||
|
14E0000
|
trusted library allocation
|
page read and write
|
||
|
8D8F000
|
stack
|
page read and write
|
||
|
139A000
|
heap
|
page read and write
|
||
|
9D0BAFE000
|
stack
|
page read and write
|
||
|
320A000
|
trusted library allocation
|
page read and write
|
||
|
BE4000
|
trusted library allocation
|
page read and write
|
||
|
1460000
|
trusted library allocation
|
page read and write
|
||
|
9D0B57C000
|
stack
|
page read and write
|
||
|
19F11360000
|
trusted library allocation
|
page read and write
|
||
|
8ECF000
|
stack
|
page read and write
|
||
|
12C7000
|
heap
|
page read and write
|
||
|
FEE000
|
stack
|
page read and write
|
||
|
19F0CE00000
|
trusted library section
|
page readonly
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
19F12000000
|
heap
|
page read and write
|
||
|
19F0BE75000
|
heap
|
page read and write
|
||
|
9D0B9FE000
|
stack
|
page read and write
|
||
|
3181000
|
trusted library allocation
|
page read and write
|
||
|
9D0B37C000
|
stack
|
page read and write
|
||
|
19F1125D000
|
trusted library allocation
|
page read and write
|
||
|
1327000
|
heap
|
page read and write
|
||
|
19F11254000
|
trusted library allocation
|
page read and write
|
||
|
402000
|
remote allocation
|
page execute and read and write
|
||
|
27CE000
|
stack
|
page read and write
|
||
|
19F114E7000
|
heap
|
page read and write
|
||
|
3221000
|
trusted library allocation
|
page read and write
|
||
|
19F114C4000
|
heap
|
page read and write
|
||
|
137D000
|
heap
|
page read and write
|
||
|
534E000
|
stack
|
page read and write
|
||
|
3AC1000
|
trusted library allocation
|
page read and write
|
||
|
8C6E000
|
stack
|
page read and write
|
||
|
19F0C5C1000
|
trusted library allocation
|
page read and write
|
||
|
19F1127F000
|
trusted library allocation
|
page read and write
|
||
|
752E000
|
stack
|
page read and write
|
||
|
1355000
|
heap
|
page read and write
|
||
|
55B0000
|
trusted library allocation
|
page read and write
|
||
|
53A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
19F0BC30000
|
heap
|
page read and write
|
||
|
19F0BC50000
|
heap
|
page read and write
|
||
|
19F11304000
|
trusted library allocation
|
page read and write
|
||
|
19F114E9000
|
heap
|
page read and write
|
||
|
19F114F5000
|
heap
|
page read and write
|
||
|
1348000
|
heap
|
page read and write
|
||
|
56C3000
|
heap
|
page read and write
|
||
|
5380000
|
trusted library allocation
|
page execute and read and write
|
||
|
31A5000
|
trusted library allocation
|
page read and write
|
||
|
EB7000
|
trusted library allocation
|
page execute and read and write
|
||
|
14C0000
|
trusted library allocation
|
page read and write
|
||
|
5576000
|
trusted library allocation
|
page read and write
|
||
|
9D0C47E000
|
unkown
|
page readonly
|
||
|
11A0000
|
heap
|
page read and write
|
||
|
19F0BE8B000
|
heap
|
page read and write
|
||
|
42E000
|
remote allocation
|
page execute and read and write
|
||
|
5650000
|
trusted library allocation
|
page execute and read and write
|
||
|
7734000
|
heap
|
page read and write
|
||
|
19F0C713000
|
heap
|
page read and write
|
||
|
77CC000
|
heap
|
page read and write
|
||
|
19F11211000
|
trusted library allocation
|
page read and write
|
||
|
59E0000
|
heap
|
page read and write
|
||
|
8C8E000
|
stack
|
page read and write
|
||
|
D19000
|
heap
|
page read and write
|
||
|
19F0BE22000
|
heap
|
page read and write
|
||
|
55B5000
|
trusted library allocation
|
page read and write
|
||
|
19F0C71A000
|
heap
|
page read and write
|
||
|
19F0CB40000
|
trusted library allocation
|
page read and write
|
||
|
BF3000
|
trusted library allocation
|
page read and write
|
||
|
19F11502000
|
heap
|
page read and write
|
||
|
E4E000
|
stack
|
page read and write
|
||
|
31B3000
|
trusted library allocation
|
page read and write
|
||
|
3196000
|
trusted library allocation
|
page read and write
|
||
|
19F112E0000
|
trusted library allocation
|
page read and write
|
||
|
19F1144E000
|
heap
|
page read and write
|
||
|
1363000
|
heap
|
page read and write
|
||
|
19F0C891000
|
trusted library allocation
|
page read and write
|
||
|
3119000
|
trusted library allocation
|
page read and write
|
||
|
1480000
|
trusted library allocation
|
page read and write
|
||
|
E97000
|
heap
|
page read and write
|
||
|
55AF000
|
trusted library allocation
|
page read and write
|
||
|
19F0BD70000
|
trusted library section
|
page read and write
|
||
|
31F1000
|
trusted library allocation
|
page read and write
|
||
|
136F000
|
heap
|
page read and write
|
||
|
19F0BEB2000
|
heap
|
page read and write
|
||
|
19F0CE50000
|
trusted library section
|
page readonly
|
||
|
1341000
|
heap
|
page read and write
|
||
|
55A0000
|
trusted library allocation
|
page read and write
|
||
|
55F0000
|
trusted library allocation
|
page read and write
|
||
|
19F1145A000
|
heap
|
page read and write
|
||
|
19F11266000
|
trusted library allocation
|
page read and write
|
||
|
1497000
|
trusted library allocation
|
page execute and read and write
|
||
|
19F11360000
|
trusted library allocation
|
page read and write
|
||
|
13A3000
|
heap
|
page read and write
|
||
|
2A26000
|
trusted library allocation
|
page read and write
|
||
|
7748000
|
heap
|
page read and write
|
||
|
58AB000
|
stack
|
page read and write
|
||
|
59C0000
|
trusted library allocation
|
page read and write
|
||
|
14F0000
|
heap
|
page read and write
|
||
|
3065000
|
trusted library allocation
|
page read and write
|
||
|
2E9F000
|
stack
|
page read and write
|
||
|
C5A000
|
heap
|
page read and write
|
||
|
8AA0000
|
trusted library section
|
page read and write
|
||
|
798E000
|
stack
|
page read and write
|
||
|
19F0C600000
|
heap
|
page read and write
|
||
|
59C4000
|
trusted library allocation
|
page read and write
|
||
|
19F11441000
|
heap
|
page read and write
|
||
|
7738000
|
heap
|
page read and write
|
||
|
5C60000
|
trusted library allocation
|
page execute and read and write
|
||
|
139E000
|
heap
|
page read and write
|
||
|
50A0000
|
trusted library section
|
page readonly
|
||
|
31ED000
|
trusted library allocation
|
page read and write
|
||
|
316B000
|
trusted library allocation
|
page read and write
|
||
|
5554000
|
trusted library allocation
|
page read and write
|
||
|
132C000
|
heap
|
page read and write
|
||
|
4F52000
|
trusted library allocation
|
page read and write
|
||
|
19F112F0000
|
trusted library allocation
|
page read and write
|
||
|
50D0000
|
heap
|
page read and write
|
||
|
B73F000
|
stack
|
page read and write
|
||
|
59D0000
|
heap
|
page read and write
|
||
|
9D0C67E000
|
unkown
|
page readonly
|
||
|
19F11461000
|
heap
|
page read and write
|
||
|
50E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
12F6000
|
heap
|
page read and write
|
||
|
56A0000
|
heap
|
page read and write
|
||
|
19F0CD20000
|
trusted library allocation
|
page read and write
|
||
|
1490000
|
trusted library allocation
|
page read and write
|
||
|
580000
|
unkown
|
page readonly
|
||
|
2C10000
|
trusted library allocation
|
page read and write
|
||
|
50B0000
|
heap
|
page read and write
|
||
|
19F114C2000
|
heap
|
page read and write
|
||
|
29E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
321F000
|
trusted library allocation
|
page read and write
|
||
|
11B5000
|
heap
|
page read and write
|
||
|
58B5000
|
heap
|
page read and write
|
||
|
53B0000
|
heap
|
page read and write
|
||
|
710D000
|
stack
|
page read and write
|
||
|
19F112CA000
|
trusted library allocation
|
page read and write
|
||
|
71A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
290B000
|
stack
|
page read and write
|
||
|
19F11454000
|
heap
|
page read and write
|
||
|
19F1150A000
|
heap
|
page read and write
|
||
|
B9FE000
|
stack
|
page read and write
|
||
|
148A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1486000
|
trusted library allocation
|
page execute and read and write
|
||
|
31F5000
|
trusted library allocation
|
page read and write
|
||
|
2A2D000
|
trusted library allocation
|
page read and write
|
||
|
19F112F5000
|
trusted library allocation
|
page read and write
|
||
|
14A7000
|
heap
|
page read and write
|
||
|
3187000
|
trusted library allocation
|
page read and write
|
||
|
19F113B0000
|
remote allocation
|
page read and write
|
||
|
3212000
|
trusted library allocation
|
page read and write
|
||
|
5630000
|
heap
|
page read and write
|
||
|
19F11210000
|
trusted library allocation
|
page read and write
|
||
|
77AD000
|
heap
|
page read and write
|
||
|
19F1142E000
|
heap
|
page read and write
|
||
|
31BB000
|
trusted library allocation
|
page read and write
|
||
|
19F0BE70000
|
heap
|
page read and write
|
||
|
2F2E000
|
stack
|
page read and write
|
||
|
306D000
|
trusted library allocation
|
page read and write
|
||
|
19F0BE89000
|
heap
|
page read and write
|
||
|
19F0CE30000
|
trusted library section
|
page readonly
|
||
|
1470000
|
trusted library allocation
|
page read and write
|
||
|
31C2000
|
trusted library allocation
|
page read and write
|
||
|
31EB000
|
trusted library allocation
|
page read and write
|
||
|
19F114C9000
|
heap
|
page read and write
|
||
|
ED0000
|
trusted library allocation
|
page read and write
|
||
|
BE0000
|
trusted library allocation
|
page read and write
|
||
|
2EC0000
|
heap
|
page execute and read and write
|
||
|
3185000
|
trusted library allocation
|
page read and write
|
||
|
9D0BB7E000
|
unkown
|
page readonly
|
||
|
3265000
|
trusted library allocation
|
page read and write
|
||
|
31AF000
|
trusted library allocation
|
page read and write
|
||
|
9D0BE7E000
|
unkown
|
page readonly
|
||
|
E8E000
|
stack
|
page read and write
|
||
|
520C000
|
stack
|
page read and write
|
||
|
103A000
|
stack
|
page read and write
|
||
|
31D2000
|
trusted library allocation
|
page read and write
|
||
|
C50000
|
heap
|
page read and write
|
||
|
19F11350000
|
trusted library allocation
|
page read and write
|
||
|
4F80000
|
trusted library allocation
|
page read and write
|
||
|
19F112A1000
|
trusted library allocation
|
page read and write
|
||
|
5390000
|
trusted library allocation
|
page read and write
|
||
|
15FF000
|
stack
|
page read and write
|
||
|
B8BE000
|
stack
|
page read and write
|
||
|
12C0000
|
heap
|
page read and write
|
||
|
2ED0000
|
trusted library allocation
|
page read and write
|
||
|
BD0000
|
trusted library allocation
|
page read and write
|
||
|
AF7000
|
stack
|
page read and write
|
||
|
19F0BF02000
|
heap
|
page read and write
|
||
|
2928000
|
trusted library allocation
|
page read and write
|
||
|
C5E000
|
heap
|
page read and write
|
||
|
19F113B0000
|
remote allocation
|
page read and write
|
||
|
EA0000
|
trusted library allocation
|
page read and write
|
||
|
315F000
|
trusted library allocation
|
page read and write
|
||
|
BED000
|
trusted library allocation
|
page execute and read and write
|
||
|
19F0C5F0000
|
trusted library allocation
|
page read and write
|
||
|
6F60000
|
heap
|
page read and write
|
||
|
4F40000
|
trusted library allocation
|
page execute and read and write
|
||
|
79C0000
|
trusted library allocation
|
page read and write
|
||
|
3175000
|
trusted library allocation
|
page read and write
|
||
|
13B3000
|
heap
|
page read and write
|
||
|
19F11230000
|
trusted library allocation
|
page read and write
|
||
|
31BD000
|
trusted library allocation
|
page read and write
|
||
|
9D0BDFE000
|
stack
|
page read and write
|
||
|
1137000
|
stack
|
page read and write
|
||
|
19F0BE00000
|
heap
|
page read and write
|
||
|
19F0BEBA000
|
heap
|
page read and write
|
||
|
3189000
|
trusted library allocation
|
page read and write
|
||
|
4F9D000
|
trusted library allocation
|
page read and write
|
||
|
B9BF000
|
stack
|
page read and write
|
||
|
9D0B07E000
|
unkown
|
page readonly
|
||
|
2AC1000
|
trusted library allocation
|
page read and write
|
||
|
19F0C71A000
|
heap
|
page read and write
|
||
|
19F11240000
|
trusted library allocation
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
13FE000
|
stack
|
page read and write
|
||
|
9D0C07E000
|
unkown
|
page readonly
|
||
|
19F0BD30000
|
heap
|
page read and write
|
||
|
19F1127C000
|
trusted library allocation
|
page read and write
|
||
|
9D0C17E000
|
unkown
|
page readonly
|
||
|
EBB000
|
trusted library allocation
|
page execute and read and write
|
||
|
12DD000
|
heap
|
page read and write
|
||
|
3031000
|
trusted library allocation
|
page read and write
|
||
|
2B1A000
|
trusted library allocation
|
page read and write
|
||
|
19F0CE10000
|
trusted library section
|
page readonly
|
||
|
50C0000
|
heap
|
page read and write
|
||
|
4F50000
|
trusted library allocation
|
page read and write
|
||
|
6B82000
|
trusted library allocation
|
page read and write
|
||
|
3198000
|
trusted library allocation
|
page read and write
|
||
|
19F11240000
|
trusted library allocation
|
page read and write
|
||
|
8DCE000
|
stack
|
page read and write
|
||
|
778C000
|
heap
|
page read and write
|
||
|
C05000
|
heap
|
page read and write
|
||
|
2AB0000
|
heap
|
page execute and read and write
|
||
|
5AA7000
|
heap
|
page read and write
|
||
|
4035000
|
trusted library allocation
|
page read and write
|
||
|
56B0000
|
heap
|
page read and write
|
||
|
71C0000
|
trusted library allocation
|
page read and write
|
||
|
5670000
|
trusted library allocation
|
page read and write
|
||
|
9D0C0FE000
|
stack
|
page read and write
|
||
|
19F0BE3F000
|
heap
|
page read and write
|
||
|
1482000
|
trusted library allocation
|
page read and write
|
There are 466 hidden memdumps, click here to show them.