Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Setup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\ScribeSoft Systems\ScribeSync.js
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\ScribeSoft Systems\ScribeSync.pif
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\412421\Linux.pif
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ScribeSync.url
|
MS Windows 95 Internet shortcut text (URL=<"C:\Users\user\AppData\Local\ScribeSoft Systems\ScribeSync.js" >), ASCII text,
with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\ScribeSoft Systems\w
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\412421\M
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Biography
|
ASCII text, with very long lines (945), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Biography.cmd (copy)
|
ASCII text, with very long lines (945), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Corner
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Diagnostic
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Disposition
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Domestic
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Hollow
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Marie
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Mrs
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Options
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Participated
|
data
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /k move Biography Biography.cmd & Biography.cmd & exit
|
|
|
|
C:\Windows\SysWOW64\findstr.exe
|
findstr /I "wrsa.exe opssvc.exe"
|
|
|
|
C:\Windows\SysWOW64\findstr.exe
|
findstr /I "avastui.exe avgui.exe bdservicehost.exe ekrn.exe nswscsvc.exe sophoshealth.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd /c md 412421
|
|
|
|
C:\Windows\SysWOW64\findstr.exe
|
findstr /V "uncertaintycompetitionsadvertisingorganisation" Marie
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd /c copy /b ..\Participated + ..\Corner + ..\Domestic + ..\Disposition + ..\Diagnostic + ..\Options + ..\Mrs M
|
|
|
|
C:\Users\user\AppData\Local\Temp\412421\Linux.pif
|
Linux.pif M
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ScribeSync.url"
& echo URL="C:\Users\user\AppData\Local\ScribeSoft Systems\ScribeSync.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\ScribeSync.url" & exit
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\ScribeSoft Systems\ScribeSync.js"
|
|
|
|
C:\Users\user\AppData\Local\ScribeSoft Systems\ScribeSync.pif
|
"C:\Users\user\AppData\Local\ScribeSoft Systems\ScribeSync.pif" "C:\Users\user\AppData\Local\ScribeSoft Systems\w"
|
|
|
|
C:\Users\user\Desktop\Setup.exe
|
"C:\Users\user\Desktop\Setup.exe"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\tasklist.exe
|
tasklist
|
||
|
C:\Windows\SysWOW64\tasklist.exe
|
tasklist
|
||
|
C:\Windows\SysWOW64\choice.exe
|
choice /d y /t 5
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 6 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
|
unknown
|
||
|
http://www.autoitscript.com/autoit3/J
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
https://www.autoitscript.com/autoit3/
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
microsoft-10.ovslegodl.sched.ovscdns.com
|
43.152.28.43
|
||
|
BkByEfukMORgCb.BkByEfukMORgCb
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
|
JScriptSetScriptStateStarted
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2EA2000
|
heap
|
page read and write
|
||
|
489000
|
unkown
|
page readonly
|
||
|
469000
|
unkown
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
2FCB000
|
heap
|
page read and write
|
||
|
2A6528B9000
|
heap
|
page read and write
|
||
|
2E80000
|
heap
|
page read and write
|
||
|
2EAC000
|
heap
|
page read and write
|
||
|
28AE000
|
unkown
|
page read and write
|
||
|
3DC2000
|
heap
|
page read and write
|
||
|
11BF000
|
stack
|
page read and write
|
||
|
3DC1000
|
heap
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
27BF000
|
stack
|
page read and write
|
||
|
3DE0000
|
heap
|
page read and write
|
||
|
3DC1000
|
heap
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
2A6528F6000
|
heap
|
page read and write
|
||
|
2A652830000
|
heap
|
page read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
4E0F000
|
stack
|
page read and write
|
||
|
2A6528BF000
|
heap
|
page read and write
|
||
|
141A000
|
heap
|
page read and write
|
||
|
390000
|
heap
|
page read and write
|
||
|
11DC000
|
heap
|
page read and write
|
||
|
3650000
|
trusted library allocation
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
2DC0000
|
heap
|
page read and write
|
||
|
3650000
|
trusted library allocation
|
page read and write
|
||
|
396000
|
unkown
|
page readonly
|
||
|
3C1000
|
unkown
|
page execute read
|
||
|
2EC8000
|
heap
|
page read and write
|
||
|
2BBC000
|
stack
|
page read and write
|
||
|
3650000
|
trusted library allocation
|
page read and write
|
||
|
141E000
|
heap
|
page read and write
|
||
|
2A6528CF000
|
heap
|
page read and write
|
||
|
1709000
|
heap
|
page read and write
|
||
|
2A6528E5000
|
heap
|
page read and write
|
||
|
E8E26FF000
|
stack
|
page read and write
|
||
|
ED4000
|
heap
|
page read and write
|
||
|
48FF000
|
stack
|
page read and write
|
||
|
1102000
|
heap
|
page read and write
|
||
|
19B0000
|
heap
|
page read and write
|
||
|
2A6528B0000
|
heap
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
3DC1000
|
heap
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
2FCB000
|
heap
|
page read and write
|
||
|
E8E23FF000
|
stack
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
2EC000
|
stack
|
page read and write
|
||
|
2ECD000
|
heap
|
page read and write
|
||
|
3650000
|
trusted library allocation
|
page read and write
|
||
|
2FDD000
|
heap
|
page read and write
|
||
|
4070000
|
trusted library allocation
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
3A9000
|
unkown
|
page readonly
|
||
|
1437000
|
heap
|
page read and write
|
||
|
45BF000
|
stack
|
page read and write
|
||
|
DFE000
|
stack
|
page read and write
|
||
|
4240000
|
trusted library allocation
|
page read and write
|
||
|
2A6528F9000
|
heap
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
2EBB000
|
heap
|
page read and write
|
||
|
2F98000
|
heap
|
page read and write
|
||
|
4D8F000
|
stack
|
page read and write
|
||
|
549000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
2860000
|
heap
|
page read and write
|
||
|
1104000
|
heap
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
2E76000
|
heap
|
page read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
7BE000
|
stack
|
page read and write
|
||
|
E1D000
|
stack
|
page read and write
|
||
|
A39000
|
stack
|
page read and write
|
||
|
2BFF000
|
unkown
|
page read and write
|
||
|
2EBE000
|
heap
|
page read and write
|
||
|
31EA000
|
heap
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
3967000
|
trusted library allocation
|
page read and write
|
||
|
3A9000
|
unkown
|
page readonly
|
||
|
40B0000
|
trusted library allocation
|
page read and write
|
||
|
2FBC000
|
heap
|
page read and write
|
||
|
ED4000
|
heap
|
page read and write
|
||
|
30A7000
|
heap
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
32C000
|
stack
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
3A0000
|
unkown
|
page write copy
|
||
|
2FB2000
|
heap
|
page read and write
|
||
|
9B6000
|
heap
|
page read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
489000
|
unkown
|
page readonly
|
||
|
1726000
|
heap
|
page read and write
|
||
|
70E000
|
stack
|
page read and write
|
||
|
3300000
|
heap
|
page read and write
|
||
|
2A6528CE000
|
heap
|
page read and write
|
||
|
2FCF000
|
heap
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
2A6528ED000
|
heap
|
page read and write
|
||
|
2A654410000
|
heap
|
page read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
221F000
|
stack
|
page read and write
|
||
|
450000
|
unkown
|
page readonly
|
||
|
7F8000
|
heap
|
page read and write
|
||
|
67E000
|
stack
|
page read and write
|
||
|
E8E29FF000
|
stack
|
page read and write
|
||
|
2E0000
|
unkown
|
page readonly
|
||
|
1CFA000
|
heap
|
page read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
2A6528F5000
|
heap
|
page read and write
|
||
|
3650000
|
trusted library allocation
|
page read and write
|
||
|
2E70000
|
heap
|
page read and write
|
||
|
370000
|
unkown
|
page readonly
|
||
|
99E000
|
stack
|
page read and write
|
||
|
1240000
|
heap
|
page read and write
|
||
|
B2F000
|
stack
|
page read and write
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
4ECE000
|
stack
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
13FB000
|
heap
|
page read and write
|
||
|
316F000
|
heap
|
page read and write
|
||
|
3C0000
|
unkown
|
page readonly
|
||
|
41E000
|
unkown
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
3C0000
|
unkown
|
page readonly
|
||
|
2110000
|
heap
|
page read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
2E6E000
|
stack
|
page read and write
|
||
|
2CFF000
|
stack
|
page read and write
|
||
|
143D000
|
heap
|
page read and write
|
||
|
2370000
|
heap
|
page read and write
|
||
|
3090000
|
heap
|
page read and write
|
||
|
417D000
|
trusted library allocation
|
page read and write
|
||
|
2A6528BF000
|
heap
|
page read and write
|
||
|
3DC0000
|
heap
|
page read and write
|
||
|
2CE0000
|
heap
|
page read and write
|
||
|
2D32000
|
heap
|
page read and write
|
||
|
ED4000
|
heap
|
page read and write
|
||
|
231E000
|
stack
|
page read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
ED4000
|
heap
|
page read and write
|
||
|
E0D000
|
stack
|
page read and write
|
||
|
28C0000
|
heap
|
page read and write
|
||
|
2FDD000
|
heap
|
page read and write
|
||
|
2A6542A0000
|
heap
|
page read and write
|
||
|
10A0000
|
heap
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
7080000
|
trusted library allocation
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
2A652AAC000
|
heap
|
page read and write
|
||
|
576000
|
heap
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
3650000
|
trusted library allocation
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
15CF000
|
heap
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
16D9000
|
heap
|
page read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
2EBF000
|
heap
|
page read and write
|
||
|
3650000
|
trusted library allocation
|
page read and write
|
||
|
ED4000
|
heap
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
136C000
|
heap
|
page read and write
|
||
|
2A6528AB000
|
heap
|
page read and write
|
||
|
31E0000
|
heap
|
page read and write
|
||
|
4E4E000
|
stack
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
48BE000
|
stack
|
page read and write
|
||
|
2A6528B0000
|
heap
|
page read and write
|
||
|
38E0000
|
heap
|
page read and write
|
||
|
2A6528F2000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
3DC1000
|
heap
|
page read and write
|
||
|
E8E1F4A000
|
stack
|
page read and write
|
||
|
3C1000
|
unkown
|
page execute read
|
||
|
2FDD000
|
heap
|
page read and write
|
||
|
2A6528F9000
|
heap
|
page read and write
|
||
|
3959000
|
trusted library allocation
|
page read and write
|
||
|
2FD8000
|
heap
|
page read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
2E1000
|
unkown
|
page execute read
|
||
|
456F000
|
stack
|
page read and write
|
||
|
210E000
|
stack
|
page read and write
|
||
|
4232000
|
trusted library allocation
|
page read and write
|
||
|
167A000
|
heap
|
page read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
13AB000
|
heap
|
page read and write
|
||
|
496E000
|
stack
|
page read and write
|
||
|
2E88000
|
heap
|
page read and write
|
||
|
2EBB000
|
heap
|
page read and write
|
||
|
ED4000
|
heap
|
page read and write
|
||
|
2A6E000
|
stack
|
page read and write
|
||
|
56E000
|
heap
|
page read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2A6528DE000
|
heap
|
page read and write
|
||
|
2DC6000
|
heap
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
2A6528F2000
|
heap
|
page read and write
|
||
|
2FCB000
|
heap
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
10C8000
|
heap
|
page read and write
|
||
|
E8E22FF000
|
stack
|
page read and write
|
||
|
3DC1000
|
heap
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
2A6528E3000
|
heap
|
page read and write
|
||
|
4F70000
|
heap
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
2D9F000
|
stack
|
page read and write
|
||
|
3DC1000
|
heap
|
page read and write
|
||
|
3DC1000
|
heap
|
page read and write
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
3304000
|
heap
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
3650000
|
trusted library allocation
|
page read and write
|
||
|
2A6528E3000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
2F8F000
|
stack
|
page read and write
|
||
|
1737000
|
heap
|
page read and write
|
||
|
480000
|
unkown
|
page write copy
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
2A6528E5000
|
heap
|
page read and write
|
||
|
2A652898000
|
heap
|
page read and write
|
||
|
2FCB000
|
heap
|
page read and write
|
||
|
1373000
|
heap
|
page read and write
|
||
|
2E9F000
|
heap
|
page read and write
|
||
|
4DCE000
|
stack
|
page read and write
|
||
|
3DC1000
|
heap
|
page read and write
|
||
|
2EAD000
|
heap
|
page read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
10F2000
|
heap
|
page read and write
|
||
|
3DC4000
|
heap
|
page read and write
|
||
|
2D30000
|
heap
|
page read and write
|
||
|
2A6528F9000
|
heap
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
2FCE000
|
heap
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
2CAC000
|
stack
|
page read and write
|
||
|
2A6528E3000
|
heap
|
page read and write
|
||
|
480000
|
unkown
|
page read and write
|
||
|
E3C000
|
stack
|
page read and write
|
||
|
24FD000
|
stack
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
2B6F000
|
stack
|
page read and write
|
||
|
11AB000
|
heap
|
page read and write
|
||
|
3A0000
|
unkown
|
page read and write
|
||
|
2ECD000
|
heap
|
page read and write
|
||
|
2A6528E9000
|
heap
|
page read and write
|
||
|
15DC000
|
heap
|
page read and write
|
||
|
484000
|
unkown
|
page write copy
|
||
|
EA0000
|
heap
|
page read and write
|
||
|
2B7C000
|
stack
|
page read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
6BE000
|
stack
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
11DD000
|
stack
|
page read and write
|
||
|
3DC1000
|
heap
|
page read and write
|
||
|
2A652890000
|
heap
|
page read and write
|
||
|
14A1000
|
heap
|
page read and write
|
||
|
2E4E000
|
stack
|
page read and write
|
||
|
2ECD000
|
heap
|
page read and write
|
||
|
2A652730000
|
heap
|
page read and write
|
||
|
2A6528FE000
|
heap
|
page read and write
|
||
|
3260000
|
heap
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
3DC1000
|
heap
|
page read and write
|
||
|
B8A000
|
stack
|
page read and write
|
||
|
2A6528EF000
|
heap
|
page read and write
|
||
|
1102000
|
heap
|
page read and write
|
||
|
476000
|
unkown
|
page readonly
|
||
|
2EC7000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
2BAC000
|
stack
|
page read and write
|
||
|
2A652AA0000
|
heap
|
page read and write
|
||
|
1340000
|
trusted library allocation
|
page read and write
|
||
|
2A6528DD000
|
heap
|
page read and write
|
||
|
2FD9000
|
heap
|
page read and write
|
||
|
432000
|
unkown
|
page read and write
|
||
|
2DA0000
|
heap
|
page read and write
|
||
|
4F0F000
|
stack
|
page read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
169A000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
1741000
|
heap
|
page read and write
|
||
|
2A6528F9000
|
heap
|
page read and write
|
||
|
3DD0000
|
heap
|
page read and write
|
||
|
4FD000
|
unkown
|
page readonly
|
||
|
2A652AA5000
|
heap
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
1280000
|
heap
|
page read and write
|
||
|
2FD7000
|
heap
|
page read and write
|
||
|
3DC1000
|
heap
|
page read and write
|
||
|
3DC1000
|
heap
|
page read and write
|
||
|
41BF000
|
stack
|
page read and write
|
||
|
11FC000
|
stack
|
page read and write
|
||
|
74F000
|
stack
|
page read and write
|
||
|
1384000
|
heap
|
page read and write
|
||
|
2A6528E5000
|
heap
|
page read and write
|
||
|
E8E27FF000
|
stack
|
page read and write
|
||
|
2FBD000
|
heap
|
page read and write
|
||
|
53A000
|
heap
|
page read and write
|
||
|
E8E28FF000
|
stack
|
page read and write
|
||
|
25FE000
|
stack
|
page read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
29FE000
|
stack
|
page read and write
|
||
|
3650000
|
trusted library allocation
|
page read and write
|
||
|
2CAC000
|
stack
|
page read and write
|
||
|
4DCE000
|
stack
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
2A652810000
|
heap
|
page read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
1621000
|
heap
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
58E000
|
heap
|
page read and write
|
||
|
3650000
|
trusted library allocation
|
page read and write
|
||
|
396000
|
unkown
|
page readonly
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
2FDA000
|
heap
|
page read and write
|
||
|
3A4000
|
unkown
|
page write copy
|
||
|
2ECD000
|
heap
|
page read and write
|
||
|
1CDE000
|
stack
|
page read and write
|
||
|
3999000
|
heap
|
page read and write
|
||
|
2A6528F1000
|
heap
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
368E000
|
stack
|
page read and write
|
||
|
117B000
|
heap
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
4D4E000
|
stack
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
3B10000
|
heap
|
page read and write
|
||
|
16A6000
|
heap
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
450000
|
unkown
|
page readonly
|
||
|
2E0000
|
unkown
|
page readonly
|
||
|
ED4000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
ED4000
|
heap
|
page read and write
|
||
|
28CC000
|
heap
|
page read and write
|
||
|
10E3000
|
heap
|
page read and write
|
||
|
3DC1000
|
heap
|
page read and write
|
||
|
2FDD000
|
heap
|
page read and write
|
||
|
1208000
|
heap
|
page read and write
|
||
|
308E000
|
stack
|
page read and write
|
||
|
11CF000
|
stack
|
page read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
370000
|
unkown
|
page readonly
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
2A6528F2000
|
heap
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
38A4000
|
trusted library allocation
|
page read and write
|
||
|
4F40000
|
heap
|
page read and write
|
||
|
2A6528EC000
|
heap
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
4E0F000
|
stack
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
2D5E000
|
stack
|
page read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
2A6528B8000
|
heap
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
1102000
|
heap
|
page read and write
|
||
|
3DC1000
|
heap
|
page read and write
|
||
|
476000
|
unkown
|
page readonly
|
||
|
1CF5000
|
heap
|
page read and write
|
||
|
3650000
|
trusted library allocation
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
3650000
|
trusted library allocation
|
page read and write
|
||
|
36CE000
|
stack
|
page read and write
|
||
|
2A6528F9000
|
heap
|
page read and write
|
||
|
2A6528C5000
|
heap
|
page read and write
|
||
|
3984000
|
heap
|
page read and write
|
||
|
3DC1000
|
heap
|
page read and write
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
3650000
|
trusted library allocation
|
page read and write
|
||
|
4E60000
|
heap
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
2A6528BE000
|
heap
|
page read and write
|
||
|
2EBB000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2A6528F9000
|
heap
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
146B000
|
heap
|
page read and write
|
||
|
2FDD000
|
heap
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
2A20000
|
heap
|
page read and write
|
||
|
3DD4000
|
heap
|
page read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
140E000
|
heap
|
page read and write
|
||
|
2A6528F9000
|
heap
|
page read and write
|
||
|
2FAF000
|
heap
|
page read and write
|
||
|
2E20000
|
heap
|
page read and write
|
||
|
1358000
|
heap
|
page read and write
|
||
|
2A6528C4000
|
heap
|
page read and write
|
||
|
4C4000
|
unkown
|
page read and write
|
||
|
4D0F000
|
stack
|
page read and write
|
||
|
129C000
|
heap
|
page read and write
|
||
|
3650000
|
trusted library allocation
|
page read and write
|
||
|
2E1000
|
unkown
|
page execute read
|
||
|
3980000
|
heap
|
page read and write
|
||
|
1350000
|
heap
|
page read and write
|
||
|
1271000
|
heap
|
page read and write
|
||
|
20CF000
|
stack
|
page read and write
|
||
|
16BA000
|
heap
|
page read and write
|
||
|
2A6528C5000
|
heap
|
page read and write
|
||
|
10C0000
|
heap
|
page read and write
|
||
|
12ED000
|
heap
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
1CF0000
|
heap
|
page read and write
|
||
|
119A000
|
heap
|
page read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
28B0000
|
heap
|
page read and write
|
||
|
3268000
|
heap
|
page read and write
|
||
|
2C6C000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2FDD000
|
heap
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
4E8F000
|
stack
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
3650000
|
trusted library allocation
|
page read and write
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
4E30000
|
heap
|
page read and write
|
||
|
1300000
|
heap
|
page read and write
|
||
|
393E000
|
stack
|
page read and write
|
||
|
4FD000
|
unkown
|
page readonly
|
||
|
E8E25FE000
|
stack
|
page read and write
|
||
|
2E0E000
|
stack
|
page read and write
|
There are 445 hidden memdumps, click here to show them.