Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
autorization Letter.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\autorization Letter.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmpF639.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\tIFjYTCo.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\tIFjYTCo.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\GUIVTme.exe.log
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\tIFjYTCo.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_11g0nfzk.wjm.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3vlyn5gt.xhc.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5cbcryey.s5i.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5cc2xxa3.4ha.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g5kk0dmj.pnk.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_idf5mf53.ilr.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_osp51fi5.hyv.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xbbwxrea.5tm.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp1162.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\GUIVTme\GUIVTme.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
modified
|
||
|
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 9 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\autorization Letter.exe
|
"C:\Users\user\Desktop\autorization Letter.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\autorization
Letter.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\tIFjYTCo.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\tIFjYTCo" /XML "C:\Users\user\AppData\Local\Temp\tmpF639.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\tIFjYTCo.exe
|
C:\Users\user\AppData\Roaming\tIFjYTCo.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\tIFjYTCo" /XML "C:\Users\user\AppData\Local\Temp\tmp1162.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\GUIVTme\GUIVTme.exe
|
"C:\Users\user\AppData\Roaming\GUIVTme\GUIVTme.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\GUIVTme\GUIVTme.exe
|
"C:\Users\user\AppData\Roaming\GUIVTme\GUIVTme.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 7 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://mail.unitechautomations.com
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://www.chiark.greenend.org.uk/~sgtatham/putty/0
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.unitechautomations.com
|
192.185.129.60
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.185.129.60
|
mail.unitechautomations.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
GUIVTme
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4429000
|
trusted library allocation
|
page read and write
|
|
|
|
2899000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
2831000
|
trusted library allocation
|
page read and write
|
|
|
|
282C000
|
trusted library allocation
|
page read and write
|
|
|
|
288A000
|
trusted library allocation
|
page read and write
|
|
|
|
2891000
|
trusted library allocation
|
page read and write
|
|
|
|
2882000
|
trusted library allocation
|
page read and write
|
|
|
|
910000
|
heap
|
page read and write
|
||
|
16CA000
|
heap
|
page read and write
|
||
|
11EC000
|
stack
|
page read and write
|
||
|
5DF0000
|
trusted library allocation
|
page read and write
|
||
|
26C0000
|
heap
|
page read and write
|
||
|
783000
|
trusted library allocation
|
page execute and read and write
|
||
|
6AA000
|
stack
|
page read and write
|
||
|
CEB000
|
trusted library allocation
|
page execute and read and write
|
||
|
34D0000
|
heap
|
page read and write
|
||
|
4F40000
|
heap
|
page read and write
|
||
|
784000
|
trusted library allocation
|
page read and write
|
||
|
1607000
|
trusted library allocation
|
page execute and read and write
|
||
|
5E77000
|
trusted library allocation
|
page read and write
|
||
|
15E0000
|
trusted library allocation
|
page read and write
|
||
|
5E80000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D1E000
|
trusted library allocation
|
page read and write
|
||
|
57B0000
|
trusted library section
|
page readonly
|
||
|
BFE000
|
stack
|
page read and write
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
5EDD000
|
stack
|
page read and write
|
||
|
610E000
|
stack
|
page read and write
|
||
|
7BB000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E00000
|
trusted library allocation
|
page read and write
|
||
|
A63E000
|
stack
|
page read and write
|
||
|
15D4000
|
trusted library allocation
|
page read and write
|
||
|
5A60000
|
trusted library section
|
page read and write
|
||
|
8E8000
|
heap
|
page read and write
|
||
|
E4B000
|
trusted library allocation
|
page execute and read and write
|
||
|
A27000
|
heap
|
page read and write
|
||
|
537E000
|
stack
|
page read and write
|
||
|
58D3000
|
heap
|
page read and write
|
||
|
51EE000
|
stack
|
page read and write
|
||
|
522E000
|
stack
|
page read and write
|
||
|
CD2000
|
trusted library allocation
|
page read and write
|
||
|
1AA0000
|
heap
|
page read and write
|
||
|
946000
|
heap
|
page read and write
|
||
|
A9F000
|
stack
|
page read and write
|
||
|
527F000
|
stack
|
page read and write
|
||
|
34B0000
|
heap
|
page read and write
|
||
|
EAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
12F7000
|
stack
|
page read and write
|
||
|
4DFD000
|
trusted library allocation
|
page read and write
|
||
|
5E80000
|
trusted library allocation
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
5290000
|
trusted library allocation
|
page read and write
|
||
|
F10000
|
heap
|
page execute and read and write
|
||
|
4E1E000
|
stack
|
page read and write
|
||
|
4D21000
|
trusted library allocation
|
page read and write
|
||
|
3821000
|
trusted library allocation
|
page read and write
|
||
|
3891000
|
trusted library allocation
|
page read and write
|
||
|
5D10000
|
heap
|
page read and write
|
||
|
B08000
|
heap
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
31F0000
|
trusted library allocation
|
page read and write
|
||
|
970E000
|
stack
|
page read and write
|
||
|
4D00000
|
trusted library allocation
|
page read and write
|
||
|
28A6000
|
trusted library allocation
|
page read and write
|
||
|
CE2000
|
trusted library allocation
|
page read and write
|
||
|
10B0000
|
trusted library allocation
|
page read and write
|
||
|
C60000
|
heap
|
page read and write
|
||
|
7570000
|
trusted library allocation
|
page read and write
|
||
|
9BCD000
|
stack
|
page read and write
|
||
|
D4E000
|
stack
|
page read and write
|
||
|
50BE000
|
stack
|
page read and write
|
||
|
2821000
|
trusted library allocation
|
page read and write
|
||
|
A87E000
|
stack
|
page read and write
|
||
|
3421000
|
trusted library allocation
|
page read and write
|
||
|
5140000
|
heap
|
page read and write
|
||
|
4B10000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E80000
|
heap
|
page execute and read and write
|
||
|
9EA000
|
heap
|
page read and write
|
||
|
57F0000
|
heap
|
page read and write
|
||
|
15F0000
|
trusted library allocation
|
page read and write
|
||
|
5A80000
|
heap
|
page read and write
|
||
|
272A000
|
trusted library allocation
|
page read and write
|
||
|
A77D000
|
heap
|
page read and write
|
||
|
351C000
|
trusted library allocation
|
page read and write
|
||
|
3943000
|
trusted library allocation
|
page read and write
|
||
|
A97F000
|
stack
|
page read and write
|
||
|
79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
3568000
|
trusted library allocation
|
page read and write
|
||
|
335E000
|
stack
|
page read and write
|
||
|
5BA0000
|
heap
|
page read and write
|
||
|
4DD0000
|
trusted library allocation
|
page read and write
|
||
|
ECB000
|
trusted library allocation
|
page execute and read and write
|
||
|
10D0000
|
heap
|
page read and write
|
||
|
6570000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
3310000
|
heap
|
page read and write
|
||
|
4E20000
|
trusted library allocation
|
page read and write
|
||
|
9C8000
|
heap
|
page read and write
|
||
|
99C000
|
stack
|
page read and write
|
||
|
338F000
|
unkown
|
page read and write
|
||
|
4D00000
|
heap
|
page read and write
|
||
|
52BE000
|
stack
|
page read and write
|
||
|
A73E000
|
stack
|
page read and write
|
||
|
3CE000
|
stack
|
page read and write
|
||
|
10BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
B20C000
|
stack
|
page read and write
|
||
|
5CDE000
|
stack
|
page read and write
|
||
|
5A20000
|
trusted library allocation
|
page read and write
|
||
|
5E7C000
|
trusted library allocation
|
page read and write
|
||
|
4D0E000
|
trusted library allocation
|
page read and write
|
||
|
4DF6000
|
trusted library allocation
|
page read and write
|
||
|
5E60000
|
trusted library allocation
|
page read and write
|
||
|
980E000
|
stack
|
page read and write
|
||
|
90A000
|
unkown
|
page readonly
|
||
|
A70000
|
heap
|
page read and write
|
||
|
4F30000
|
heap
|
page execute and read and write
|
||
|
4DDE000
|
trusted library allocation
|
page read and write
|
||
|
1AA7000
|
heap
|
page read and write
|
||
|
5FC0000
|
trusted library allocation
|
page read and write
|
||
|
1A60000
|
trusted library allocation
|
page read and write
|
||
|
5A10000
|
trusted library allocation
|
page execute and read and write
|
||
|
A3B000
|
heap
|
page read and write
|
||
|
A0CE000
|
stack
|
page read and write
|
||
|
790000
|
trusted library allocation
|
page read and write
|
||
|
16F4000
|
heap
|
page read and write
|
||
|
339F000
|
stack
|
page read and write
|
||
|
5E10000
|
trusted library allocation
|
page execute and read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
A7D000
|
heap
|
page read and write
|
||
|
146E000
|
stack
|
page read and write
|
||
|
330E000
|
unkown
|
page read and write
|
||
|
AF7E000
|
stack
|
page read and write
|
||
|
57C0000
|
heap
|
page read and write
|
||
|
780000
|
trusted library allocation
|
page read and write
|
||
|
4FBE000
|
stack
|
page read and write
|
||
|
9CCE000
|
stack
|
page read and write
|
||
|
C3E000
|
stack
|
page read and write
|
||
|
4CAE000
|
stack
|
page read and write
|
||
|
9DF000
|
heap
|
page read and write
|
||
|
CB3000
|
trusted library allocation
|
page execute and read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
E32000
|
trusted library allocation
|
page read and write
|
||
|
CFE000
|
stack
|
page read and write
|
||
|
4E40000
|
heap
|
page read and write
|
||
|
16E7000
|
heap
|
page read and write
|
||
|
5DE0000
|
trusted library allocation
|
page read and write
|
||
|
27F0000
|
trusted library allocation
|
page read and write
|
||
|
7930000
|
trusted library allocation
|
page execute and read and write
|
||
|
340F000
|
stack
|
page read and write
|
||
|
6580000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F6A000
|
stack
|
page read and write
|
||
|
3248000
|
trusted library allocation
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
C2E000
|
stack
|
page read and write
|
||
|
533E000
|
stack
|
page read and write
|
||
|
37D7000
|
trusted library allocation
|
page read and write
|
||
|
5E78000
|
trusted library allocation
|
page read and write
|
||
|
5770000
|
trusted library allocation
|
page execute and read and write
|
||
|
47CC000
|
stack
|
page read and write
|
||
|
16AC000
|
stack
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
288F000
|
trusted library allocation
|
page read and write
|
||
|
2818000
|
trusted library allocation
|
page read and write
|
||
|
8F8000
|
stack
|
page read and write
|
||
|
2860000
|
heap
|
page read and write
|
||
|
BFB000
|
heap
|
page read and write
|
||
|
5E90000
|
trusted library allocation
|
page execute and read and write
|
||
|
33CE000
|
stack
|
page read and write
|
||
|
34A0000
|
heap
|
page read and write
|
||
|
B24D000
|
stack
|
page read and write
|
||
|
EA0000
|
trusted library allocation
|
page read and write
|
||
|
15DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
E9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5030000
|
heap
|
page read and write
|
||
|
3839000
|
trusted library allocation
|
page read and write
|
||
|
492E000
|
stack
|
page read and write
|
||
|
2610000
|
trusted library allocation
|
page read and write
|
||
|
7F660000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E10000
|
trusted library allocation
|
page execute and read and write
|
||
|
9E4000
|
heap
|
page read and write
|
||
|
3811000
|
trusted library allocation
|
page read and write
|
||
|
18BF000
|
stack
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
AF7000
|
heap
|
page read and write
|
||
|
10B4000
|
trusted library allocation
|
page read and write
|
||
|
279C000
|
stack
|
page read and write
|
||
|
CF9000
|
stack
|
page read and write
|
||
|
5E6D000
|
stack
|
page read and write
|
||
|
2660000
|
heap
|
page read and write
|
||
|
B34E000
|
stack
|
page read and write
|
||
|
37A0000
|
heap
|
page read and write
|
||
|
E40000
|
unkown
|
page readonly
|
||
|
5B8D000
|
stack
|
page read and write
|
||
|
4B90000
|
trusted library section
|
page readonly
|
||
|
10E7000
|
trusted library allocation
|
page execute and read and write
|
||
|
5E70000
|
trusted library allocation
|
page read and write
|
||
|
998000
|
heap
|
page read and write
|
||
|
7AA000
|
trusted library allocation
|
page execute and read and write
|
||
|
95CE000
|
stack
|
page read and write
|
||
|
330E000
|
unkown
|
page read and write
|
||
|
3849000
|
trusted library allocation
|
page read and write
|
||
|
25F0000
|
trusted library allocation
|
page read and write
|
||
|
49BD000
|
stack
|
page read and write
|
||
|
770000
|
trusted library allocation
|
page read and write
|
||
|
A47E000
|
stack
|
page read and write
|
||
|
370000
|
heap
|
page read and write
|
||
|
EE2000
|
unkown
|
page readonly
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
614E000
|
stack
|
page read and write
|
||
|
A34000
|
heap
|
page read and write
|
||
|
58B0000
|
trusted library allocation
|
page read and write
|
||
|
4B20000
|
trusted library allocation
|
page read and write
|
||
|
379C000
|
trusted library allocation
|
page read and write
|
||
|
696E000
|
stack
|
page read and write
|
||
|
5F0E000
|
stack
|
page read and write
|
||
|
E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5050000
|
heap
|
page read and write
|
||
|
9F4C000
|
stack
|
page read and write
|
||
|
B38000
|
heap
|
page read and write
|
||
|
ABFE000
|
stack
|
page read and write
|
||
|
1602000
|
trusted library allocation
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
D85000
|
heap
|
page read and write
|
||
|
4DDB000
|
trusted library allocation
|
page read and write
|
||
|
4421000
|
trusted library allocation
|
page read and write
|
||
|
2710000
|
heap
|
page read and write
|
||
|
527E000
|
stack
|
page read and write
|
||
|
624E000
|
stack
|
page read and write
|
||
|
4BA0000
|
heap
|
page read and write
|
||
|
11F0000
|
trusted library allocation
|
page read and write
|
||
|
BEE000
|
stack
|
page read and write
|
||
|
4E20000
|
trusted library allocation
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
7F240000
|
trusted library allocation
|
page execute and read and write
|
||
|
25F6000
|
trusted library allocation
|
page read and write
|
||
|
503C000
|
stack
|
page read and write
|
||
|
15ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
2725000
|
trusted library allocation
|
page read and write
|
||
|
4E7C000
|
stack
|
page read and write
|
||
|
54C8000
|
trusted library allocation
|
page read and write
|
||
|
57E0000
|
heap
|
page read and write
|
||
|
285C000
|
stack
|
page read and write
|
||
|
E42000
|
trusted library allocation
|
page read and write
|
||
|
2880000
|
heap
|
page read and write
|
||
|
25B0000
|
trusted library allocation
|
page read and write
|
||
|
15CE000
|
stack
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
523F000
|
stack
|
page read and write
|
||
|
10A4000
|
trusted library allocation
|
page read and write
|
||
|
DDB000
|
heap
|
page read and write
|
||
|
6F7000
|
stack
|
page read and write
|
||
|
AC5000
|
heap
|
page read and write
|
||
|
31E0000
|
trusted library allocation
|
page read and write
|
||
|
36D9000
|
trusted library allocation
|
page read and write
|
||
|
2891000
|
trusted library allocation
|
page read and write
|
||
|
7A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
275E000
|
stack
|
page read and write
|
||
|
5040000
|
heap
|
page read and write
|
||
|
7A0000
|
trusted library allocation
|
page read and write
|
||
|
959000
|
stack
|
page read and write
|
||
|
5780000
|
trusted library allocation
|
page read and write
|
||
|
CC0000
|
trusted library allocation
|
page read and write
|
||
|
5BA0000
|
heap
|
page read and write
|
||
|
CB0000
|
trusted library allocation
|
page read and write
|
||
|
8C9000
|
heap
|
page read and write
|
||
|
A51000
|
heap
|
page read and write
|
||
|
791E000
|
stack
|
page read and write
|
||
|
5B9C000
|
stack
|
page read and write
|
||
|
4CD0000
|
heap
|
page read and write
|
||
|
E2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
10EB000
|
trusted library allocation
|
page execute and read and write
|
||
|
5E64000
|
trusted library allocation
|
page read and write
|
||
|
65B0000
|
heap
|
page read and write
|
||
|
DB8000
|
heap
|
page read and write
|
||
|
ADD000
|
heap
|
page read and write
|
||
|
EF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
10E0000
|
trusted library allocation
|
page read and write
|
||
|
27B0000
|
trusted library allocation
|
page read and write
|
||
|
2AAF000
|
stack
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
5E0C000
|
trusted library allocation
|
page read and write
|
||
|
D27000
|
heap
|
page read and write
|
||
|
34DB000
|
heap
|
page read and write
|
||
|
7A42000
|
trusted library allocation
|
page read and write
|
||
|
53BE000
|
stack
|
page read and write
|
||
|
25DD000
|
trusted library allocation
|
page read and write
|
||
|
E24000
|
heap
|
page read and write
|
||
|
177E000
|
heap
|
page read and write
|
||
|
A740000
|
heap
|
page read and write
|
||
|
A9BD000
|
stack
|
page read and write
|
||
|
43E000
|
remote allocation
|
page execute and read and write
|
||
|
58A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
902000
|
unkown
|
page readonly
|
||
|
4E30000
|
heap
|
page read and write
|
||
|
B36000
|
heap
|
page read and write
|
||
|
2897000
|
trusted library allocation
|
page read and write
|
||
|
9A8D000
|
stack
|
page read and write
|
||
|
AAC0000
|
heap
|
page read and write
|
||
|
4EDE000
|
stack
|
page read and write
|
||
|
2615000
|
trusted library allocation
|
page read and write
|
||
|
698B000
|
heap
|
page read and write
|
||
|
B2B000
|
heap
|
page read and write
|
||
|
142E000
|
stack
|
page read and write
|
||
|
5A85000
|
heap
|
page read and write
|
||
|
53E0000
|
trusted library allocation
|
page read and write
|
||
|
25F4000
|
trusted library allocation
|
page read and write
|
||
|
4E70000
|
trusted library allocation
|
page read and write
|
||
|
2640000
|
trusted library allocation
|
page read and write
|
||
|
4DE2000
|
trusted library allocation
|
page read and write
|
||
|
25D6000
|
trusted library allocation
|
page read and write
|
||
|
915000
|
heap
|
page read and write
|
||
|
CB4000
|
trusted library allocation
|
page read and write
|
||
|
50FE000
|
stack
|
page read and write
|
||
|
3230000
|
heap
|
page read and write
|
||
|
4DEE000
|
trusted library allocation
|
page read and write
|
||
|
4B8B000
|
stack
|
page read and write
|
||
|
B10B000
|
stack
|
page read and write
|
||
|
31C0000
|
trusted library allocation
|
page read and write
|
||
|
E3F000
|
stack
|
page read and write
|
||
|
7FBA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
BDD000
|
heap
|
page read and write
|
||
|
BB0000
|
trusted library allocation
|
page read and write
|
||
|
52B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
793000
|
trusted library allocation
|
page read and write
|
||
|
AD3D000
|
stack
|
page read and write
|
||
|
5A70000
|
trusted library allocation
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
7B2000
|
trusted library allocation
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
4E50000
|
heap
|
page read and write
|
||
|
A1CE000
|
stack
|
page read and write
|
||
|
4DC0000
|
trusted library allocation
|
page read and write
|
||
|
AE7E000
|
stack
|
page read and write
|
||
|
7B7000
|
trusted library allocation
|
page execute and read and write
|
||
|
ACFE000
|
stack
|
page read and write
|
||
|
9B8E000
|
stack
|
page read and write
|
||
|
5E00000
|
trusted library allocation
|
page read and write
|
||
|
5E20000
|
trusted library allocation
|
page execute and read and write
|
||
|
16C0000
|
heap
|
page read and write
|
||
|
D4E000
|
stack
|
page read and write
|
||
|
3475000
|
trusted library allocation
|
page read and write
|
||
|
39DD000
|
trusted library allocation
|
page read and write
|
||
|
10AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D12000
|
trusted library allocation
|
page read and write
|
||
|
15FA000
|
trusted library allocation
|
page execute and read and write
|
||
|
7E5000
|
heap
|
page read and write
|
||
|
3859000
|
trusted library allocation
|
page read and write
|
||
|
994D000
|
stack
|
page read and write
|
||
|
14C0000
|
heap
|
page read and write
|
||
|
4E33000
|
heap
|
page read and write
|
||
|
54C0000
|
trusted library allocation
|
page read and write
|
||
|
BE1000
|
heap
|
page read and write
|
||
|
75BE000
|
stack
|
page read and write
|
||
|
2800000
|
trusted library allocation
|
page read and write
|
||
|
25CE000
|
trusted library allocation
|
page read and write
|
||
|
5F60000
|
trusted library allocation
|
page read and write
|
||
|
5DA000
|
stack
|
page read and write
|
||
|
17AA000
|
heap
|
page read and write
|
||
|
5DE7000
|
trusted library allocation
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
DD4000
|
heap
|
page read and write
|
||
|
3761000
|
trusted library allocation
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
2620000
|
trusted library allocation
|
page read and write
|
||
|
4E02000
|
trusted library allocation
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
1150000
|
trusted library allocation
|
page execute and read and write
|
||
|
2638000
|
trusted library allocation
|
page read and write
|
||
|
1620000
|
trusted library allocation
|
page read and write
|
||
|
E47000
|
trusted library allocation
|
page execute and read and write
|
||
|
D00000
|
trusted library allocation
|
page read and write
|
||
|
25D1000
|
trusted library allocation
|
page read and write
|
||
|
EA4000
|
trusted library allocation
|
page read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
5DDE000
|
stack
|
page read and write
|
||
|
296F000
|
trusted library allocation
|
page read and write
|
||
|
654E000
|
stack
|
page read and write
|
||
|
15D3000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D8E000
|
stack
|
page read and write
|
||
|
5F7E000
|
stack
|
page read and write
|
||
|
5FBE000
|
stack
|
page read and write
|
||
|
5100000
|
trusted library allocation
|
page execute and read and write
|
||
|
5BC4000
|
heap
|
page read and write
|
||
|
9F7000
|
heap
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
3C91000
|
trusted library allocation
|
page read and write
|
||
|
85C000
|
stack
|
page read and write
|
||
|
25E0000
|
trusted library allocation
|
page read and write
|
||
|
5F4E000
|
stack
|
page read and write
|
||
|
4CE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
F60000
|
trusted library allocation
|
page read and write
|
||
|
A36000
|
heap
|
page read and write
|
||
|
1A7E000
|
trusted library allocation
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
8AA000
|
heap
|
page read and write
|
||
|
E93000
|
trusted library allocation
|
page execute and read and write
|
||
|
1703000
|
heap
|
page read and write
|
||
|
4DF1000
|
trusted library allocation
|
page read and write
|
||
|
3903000
|
trusted library allocation
|
page read and write
|
||
|
1A50000
|
trusted library allocation
|
page read and write
|
||
|
D00000
|
trusted library allocation
|
page execute and read and write
|
||
|
1010000
|
heap
|
page read and write
|
||
|
1A92000
|
trusted library allocation
|
page read and write
|
||
|
6970000
|
heap
|
page read and write
|
||
|
6360000
|
heap
|
page read and write
|
||
|
8D6000
|
heap
|
page read and write
|
||
|
A753000
|
heap
|
page read and write
|
||
|
1A81000
|
trusted library allocation
|
page read and write
|
||
|
160B000
|
trusted library allocation
|
page execute and read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
24D8000
|
trusted library allocation
|
page read and write
|
||
|
15F2000
|
trusted library allocation
|
page read and write
|
||
|
4D03000
|
heap
|
page read and write
|
||
|
E3A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B50000
|
trusted library allocation
|
page read and write
|
||
|
513C000
|
stack
|
page read and write
|
||
|
78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
54BD000
|
stack
|
page read and write
|
||
|
4E10000
|
trusted library allocation
|
page read and write
|
||
|
15F6000
|
trusted library allocation
|
page execute and read and write
|
||
|
3831000
|
trusted library allocation
|
page read and write
|
||
|
1090000
|
trusted library allocation
|
page read and write
|
||
|
58C0000
|
trusted library allocation
|
page read and write
|
||
|
CE7000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D06000
|
trusted library allocation
|
page read and write
|
||
|
3829000
|
trusted library allocation
|
page read and write
|
||
|
F00000
|
trusted library allocation
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
9F8E000
|
stack
|
page read and write
|
||
|
27C0000
|
heap
|
page read and write
|
||
|
51FF000
|
stack
|
page read and write
|
||
|
4D90000
|
heap
|
page execute and read and write
|
||
|
9950000
|
heap
|
page read and write
|
||
|
547E000
|
stack
|
page read and write
|
||
|
5035000
|
heap
|
page read and write
|
||
|
E80000
|
trusted library allocation
|
page read and write
|
||
|
15E3000
|
trusted library allocation
|
page read and write
|
||
|
900000
|
unkown
|
page readonly
|
||
|
AC3000
|
heap
|
page read and write
|
||
|
B9E000
|
stack
|
page read and write
|
||
|
270C000
|
stack
|
page read and write
|
||
|
DE8000
|
heap
|
page read and write
|
||
|
9E4B000
|
stack
|
page read and write
|
||
|
B8C000
|
heap
|
page read and write
|
||
|
26B2000
|
trusted library allocation
|
page read and write
|
||
|
27E0000
|
heap
|
page execute and read and write
|
||
|
2C8F000
|
stack
|
page read and write
|
||
|
4A2E000
|
stack
|
page read and write
|
||
|
E36000
|
trusted library allocation
|
page execute and read and write
|
||
|
4DAF000
|
stack
|
page read and write
|
||
|
4E7B000
|
trusted library allocation
|
page read and write
|
||
|
4DEA000
|
trusted library allocation
|
page read and write
|
||
|
A2A000
|
heap
|
page read and write
|
||
|
2670000
|
heap
|
page execute and read and write
|
||
|
14B0000
|
trusted library allocation
|
page read and write
|
||
|
2F4A000
|
stack
|
page read and write
|
||
|
16B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
27A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6EDE000
|
stack
|
page read and write
|
||
|
617E000
|
stack
|
page read and write
|
||
|
514E000
|
heap
|
page read and write
|
||
|
3410000
|
heap
|
page execute and read and write
|
||
|
15D0000
|
trusted library allocation
|
page read and write
|
||
|
CD0000
|
trusted library allocation
|
page read and write
|
||
|
A792000
|
heap
|
page read and write
|
||
|
D13000
|
heap
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
3866000
|
trusted library allocation
|
page read and write
|
||
|
4D26000
|
trusted library allocation
|
page read and write
|
||
|
3210000
|
trusted library allocation
|
page read and write
|
||
|
557F000
|
stack
|
page read and write
|
||
|
166E000
|
stack
|
page read and write
|
||
|
4DB0000
|
trusted library allocation
|
page read and write
|
||
|
B7B000
|
heap
|
page read and write
|
||
|
8E6000
|
heap
|
page read and write
|
||
|
4D1A000
|
trusted library allocation
|
page read and write
|
||
|
517E000
|
stack
|
page read and write
|
||
|
4F6E000
|
stack
|
page read and write
|
||
|
100E000
|
stack
|
page read and write
|
||
|
5A7B000
|
trusted library allocation
|
page read and write
|
||
|
7FA40000
|
trusted library allocation
|
page execute and read and write
|
||
|
984D000
|
stack
|
page read and write
|
||
|
4E20000
|
trusted library allocation
|
page read and write
|
||
|
5AE0000
|
heap
|
page read and write
|
||
|
E00000
|
trusted library allocation
|
page read and write
|
||
|
2806000
|
trusted library allocation
|
page read and write
|
||
|
D10000
|
trusted library allocation
|
page read and write
|
||
|
5270000
|
heap
|
page execute and read and write
|
||
|
7F1E000
|
stack
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
6DDE000
|
stack
|
page read and write
|
||
|
10A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
5B90000
|
heap
|
page read and write
|
||
|
A08F000
|
stack
|
page read and write
|
||
|
25AC000
|
stack
|
page read and write
|
||
|
4E6E000
|
stack
|
page read and write
|
||
|
D50000
|
heap
|
page read and write
|
||
|
2880000
|
trusted library allocation
|
page read and write
|
||
|
B8E000
|
heap
|
page read and write
|
||
|
11AE000
|
stack
|
page read and write
|
||
|
BA6000
|
heap
|
page read and write
|
||
|
4693000
|
trusted library allocation
|
page read and write
|
||
|
4F8E000
|
stack
|
page read and write
|
||
|
2C91000
|
trusted library allocation
|
page read and write
|
||
|
E20000
|
trusted library allocation
|
page read and write
|
||
|
5762000
|
trusted library allocation
|
page read and write
|
||
|
31BE000
|
stack
|
page read and write
|
||
|
5FD0000
|
trusted library allocation
|
page read and write
|
||
|
26A0000
|
heap
|
page read and write
|
||
|
940E000
|
stack
|
page read and write
|
||
|
E42000
|
unkown
|
page readonly
|
||
|
4DDC000
|
stack
|
page read and write
|
||
|
3899000
|
trusted library allocation
|
page read and write
|
||
|
26B0000
|
trusted library allocation
|
page read and write
|
||
|
16CE000
|
heap
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
537E000
|
stack
|
page read and write
|
||
|
EC7000
|
trusted library allocation
|
page execute and read and write
|
||
|
5287000
|
trusted library allocation
|
page read and write
|
||
|
93CE000
|
stack
|
page read and write
|
||
|
AE3000
|
heap
|
page read and write
|
||
|
2820000
|
heap
|
page execute and read and write
|
||
|
2804000
|
trusted library allocation
|
page read and write
|
||
|
3400000
|
heap
|
page read and write
|
||
|
7A8000
|
stack
|
page read and write
|
||
|
14A0000
|
heap
|
page read and write
|
||
|
107F000
|
stack
|
page read and write
|
||
|
5EE0000
|
trusted library allocation
|
page read and write
|
||
|
31D0000
|
trusted library allocation
|
page read and write
|
||
|
25E2000
|
trusted library allocation
|
page read and write
|
||
|
114E000
|
stack
|
page read and write
|
||
|
57D0000
|
heap
|
page execute and read and write
|
||
|
7860000
|
trusted library section
|
page read and write
|
||
|
2610000
|
trusted library allocation
|
page read and write
|
||
|
33A0000
|
heap
|
page read and write
|
||
|
14C5000
|
heap
|
page read and write
|
||
|
38E3000
|
trusted library allocation
|
page read and write
|
||
|
2600000
|
trusted library allocation
|
page read and write
|
||
|
2B80000
|
heap
|
page execute and read and write
|
||
|
36D1000
|
trusted library allocation
|
page read and write
|
||
|
644E000
|
stack
|
page read and write
|
||
|
96CE000
|
stack
|
page read and write
|
||
|
34B8000
|
heap
|
page read and write
|
||
|
31E5000
|
trusted library allocation
|
page read and write
|
||
|
5280000
|
trusted library allocation
|
page read and write
|
||
|
F5E000
|
stack
|
page read and write
|
||
|
1300000
|
heap
|
page read and write
|
||
|
4CF0000
|
trusted library allocation
|
page read and write
|
||
|
547F000
|
stack
|
page read and write
|
||
|
E94000
|
trusted library allocation
|
page read and write
|
||
|
E45000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F1E000
|
stack
|
page read and write
|
||
|
E13000
|
trusted library allocation
|
page execute and read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
E30000
|
trusted library allocation
|
page read and write
|
||
|
CBD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A6B000
|
trusted library allocation
|
page read and write
|
||
|
26D1000
|
trusted library allocation
|
page read and write
|
||
|
E14000
|
trusted library allocation
|
page read and write
|
||
|
265E000
|
stack
|
page read and write
|
||
|
A1E000
|
heap
|
page read and write
|
||
|
E10000
|
trusted library allocation
|
page read and write
|
||
|
4E28000
|
trusted library allocation
|
page read and write
|
||
|
53E7000
|
trusted library allocation
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
309000
|
stack
|
page read and write
|
||
|
1600000
|
trusted library allocation
|
page read and write
|
||
|
4F70000
|
heap
|
page execute and read and write
|
||
|
281F000
|
stack
|
page read and write
|
||
|
D20000
|
trusted library allocation
|
page execute and read and write
|
||
|
63C0000
|
heap
|
page read and write
|
||
|
58D0000
|
heap
|
page read and write
|
||
|
7A2000
|
trusted library allocation
|
page read and write
|
||
|
51AE000
|
stack
|
page read and write
|
||
|
3960000
|
trusted library allocation
|
page read and write
|
||
|
76BF000
|
stack
|
page read and write
|
||
|
281F000
|
stack
|
page read and write
|
||
|
AE3E000
|
stack
|
page read and write
|
||
|
E4F000
|
stack
|
page read and write
|
||
|
4DA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FFE000
|
unkown
|
page read and write
|
||
|
4D40000
|
trusted library allocation
|
page read and write
|
||
|
CCD000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D32000
|
trusted library allocation
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
5E70000
|
trusted library allocation
|
page read and write
|
||
|
1A86000
|
trusted library allocation
|
page read and write
|
||
|
1A8D000
|
trusted library allocation
|
page read and write
|
||
|
AABD000
|
stack
|
page read and write
|
||
|
4E14000
|
trusted library allocation
|
page read and write
|
||
|
5760000
|
trusted library allocation
|
page read and write
|
||
|
4828000
|
trusted library allocation
|
page read and write
|
||
|
4DD6000
|
trusted library allocation
|
page read and write
|
||
|
5EE7000
|
trusted library allocation
|
page read and write
|
||
|
4653000
|
trusted library allocation
|
page read and write
|
||
|
A08000
|
heap
|
page read and write
|
||
|
CE5000
|
trusted library allocation
|
page execute and read and write
|
||
|
A43E000
|
stack
|
page read and write
|
||
|
73E000
|
stack
|
page read and write
|
||
|
33DC000
|
stack
|
page read and write
|
||
|
5A0B000
|
stack
|
page read and write
|
||
|
296D000
|
trusted library allocation
|
page read and write
|
||
|
3889000
|
trusted library allocation
|
page read and write
|
||
|
25BB000
|
trusted library allocation
|
page read and write
|
||
|
CDA000
|
trusted library allocation
|
page execute and read and write
|
||
|
CD6000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D2D000
|
trusted library allocation
|
page read and write
|
||
|
3340000
|
heap
|
page read and write
|
||
|
948000
|
heap
|
page read and write
|
||
|
2810000
|
heap
|
page read and write
|
||
|
CA0000
|
trusted library allocation
|
page read and write
|
||
|
8AE000
|
heap
|
page read and write
|
||
|
4D0B000
|
trusted library allocation
|
page read and write
|
||
|
513E000
|
stack
|
page read and write
|
||
|
F99000
|
stack
|
page read and write
|
||
|
2F0D000
|
stack
|
page read and write
|
||
|
5F50000
|
trusted library allocation
|
page read and write
|
||
|
1700000
|
heap
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
6370000
|
trusted library allocation
|
page execute and read and write
|
||
|
969000
|
heap
|
page read and write
|
||
|
2F2D000
|
stack
|
page read and write
|
||
|
7C5000
|
heap
|
page read and write
|
||
|
1100000
|
trusted library allocation
|
page read and write
|
There are 618 hidden memdumps, click here to show them.