Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Telco 32pcs New Purchase Order.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Telco 32pcs New Purchase Order.exe.log
|
ASCII text, with CRLF line terminators
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmp4878.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\zBzzGAdzqF.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\zBzzGAdzqF.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\zBzzGAdzqF.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_432uztg2.dii.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4qeyzlb4.2uh.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5xz2eenz.tcz.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mvm4nvtf.0f2.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q5sra2fq.eff.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s4k1gxl0.mbg.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_szz10lyr.bj1.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_udh5n3ix.poz.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp5C8D.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Telco 32pcs New Purchase Order.exe
|
"C:\Users\user\Desktop\Telco 32pcs New Purchase Order.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Telco 32pcs
New Purchase Order.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\zBzzGAdzqF.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\zBzzGAdzqF" /XML "C:\Users\user\AppData\Local\Temp\tmp4878.tmp"
|
|
|
|
C:\Users\user\Desktop\Telco 32pcs New Purchase Order.exe
|
"C:\Users\user\Desktop\Telco 32pcs New Purchase Order.exe"
|
|
|
|
C:\Users\user\Desktop\Telco 32pcs New Purchase Order.exe
|
"C:\Users\user\Desktop\Telco 32pcs New Purchase Order.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\zBzzGAdzqF.exe
|
C:\Users\user\AppData\Roaming\zBzzGAdzqF.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\zBzzGAdzqF" /XML "C:\Users\user\AppData\Local\Temp\tmp5C8D.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\zBzzGAdzqF.exe
|
"C:\Users\user\AppData\Roaming\zBzzGAdzqF.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.ipify.org/
|
104.26.12.205
|
||
|
https://api.ipify.org
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
https://api.ipify.org/t
|
unknown
|
||
|
https://static.wikia.nocookie.net/mitologa/images/a/a3/Imagen_por_defecto.png/revision/latest/thumbn
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.symauth.com/cps0(
|
unknown
|
||
|
http://www.symauth.com/rpa00
|
unknown
|
||
|
http://crl.mG
|
unknown
|
||
|
http://mail.iaa-airferight.com
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.iaa-airferight.com
|
46.175.148.58
|
|
|
|
api.ipify.org
|
104.26.12.205
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
46.175.148.58
|
mail.iaa-airferight.com
|
Ukraine
|
|
|
|
104.26.12.205
|
api.ipify.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Telco 32pcs New Purchase Order_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Telco 32pcs New Purchase Order_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Telco 32pcs New Purchase Order_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Telco 32pcs New Purchase Order_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Telco 32pcs New Purchase Order_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Telco 32pcs New Purchase Order_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Telco 32pcs New Purchase Order_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Telco 32pcs New Purchase Order_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Telco 32pcs New Purchase Order_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Telco 32pcs New Purchase Order_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Telco 32pcs New Purchase Order_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Telco 32pcs New Purchase Order_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Telco 32pcs New Purchase Order_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Telco 32pcs New Purchase Order_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\zBzzGAdzqF_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\zBzzGAdzqF_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\zBzzGAdzqF_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\zBzzGAdzqF_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\zBzzGAdzqF_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\zBzzGAdzqF_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\zBzzGAdzqF_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\zBzzGAdzqF_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\zBzzGAdzqF_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\zBzzGAdzqF_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\zBzzGAdzqF_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\zBzzGAdzqF_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\zBzzGAdzqF_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\zBzzGAdzqF_RASMANCS
|
FileDirectory
|
There are 19 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3141000
|
trusted library allocation
|
page read and write
|
|
|
|
2BE1000
|
trusted library allocation
|
page read and write
|
|
|
|
2C0C000
|
trusted library allocation
|
page read and write
|
|
|
|
3165000
|
trusted library allocation
|
page read and write
|
|
|
|
435000
|
remote allocation
|
page execute and read and write
|
|
|
|
3B49000
|
trusted library allocation
|
page read and write
|
|
|
|
2D10000
|
heap
|
page execute and read and write
|
||
|
50F8000
|
trusted library allocation
|
page read and write
|
||
|
6D4E000
|
stack
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
40D000
|
remote allocation
|
page execute and read and write
|
||
|
6C4E000
|
stack
|
page read and write
|
||
|
5790000
|
heap
|
page read and write
|
||
|
7220000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E1F000
|
unkown
|
page read and write
|
||
|
402000
|
remote allocation
|
page execute and read and write
|
||
|
BACE000
|
stack
|
page read and write
|
||
|
5350000
|
trusted library section
|
page readonly
|
||
|
5360000
|
trusted library allocation
|
page read and write
|
||
|
FB5000
|
heap
|
page read and write
|
||
|
548D000
|
stack
|
page read and write
|
||
|
50E9000
|
trusted library allocation
|
page read and write
|
||
|
54A0000
|
trusted library allocation
|
page read and write
|
||
|
5650000
|
heap
|
page read and write
|
||
|
1790000
|
trusted library allocation
|
page execute and read and write
|
||
|
7EFA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
2B91000
|
trusted library allocation
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
59EB000
|
stack
|
page read and write
|
||
|
BBCE000
|
stack
|
page read and write
|
||
|
2BA1000
|
trusted library allocation
|
page read and write
|
||
|
10A7000
|
heap
|
page read and write
|
||
|
FF3000
|
heap
|
page read and write
|
||
|
55C0000
|
trusted library allocation
|
page read and write
|
||
|
50D0000
|
heap
|
page read and write
|
||
|
412D000
|
trusted library allocation
|
page read and write
|
||
|
1390000
|
trusted library allocation
|
page read and write
|
||
|
1154000
|
trusted library allocation
|
page read and write
|
||
|
1028000
|
heap
|
page read and write
|
||
|
56D0000
|
trusted library allocation
|
page read and write
|
||
|
3BB9000
|
trusted library allocation
|
page read and write
|
||
|
5704000
|
heap
|
page read and write
|
||
|
2520000
|
heap
|
page read and write
|
||
|
66BE000
|
stack
|
page read and write
|
||
|
71CC000
|
trusted library allocation
|
page read and write
|
||
|
1040000
|
trusted library allocation
|
page read and write
|
||
|
1176000
|
trusted library allocation
|
page execute and read and write
|
||
|
1244000
|
trusted library allocation
|
page read and write
|
||
|
28DA000
|
heap
|
page read and write
|
||
|
16F0000
|
trusted library allocation
|
page read and write
|
||
|
517B000
|
trusted library allocation
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
5860000
|
trusted library allocation
|
page read and write
|
||
|
2B1B000
|
stack
|
page read and write
|
||
|
640E000
|
stack
|
page read and write
|
||
|
52B0000
|
heap
|
page read and write
|
||
|
1132000
|
trusted library allocation
|
page read and write
|
||
|
1305000
|
heap
|
page read and write
|
||
|
B40E000
|
stack
|
page read and write
|
||
|
6A77000
|
trusted library allocation
|
page read and write
|
||
|
772000
|
unkown
|
page readonly
|
||
|
1187000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A60000
|
trusted library allocation
|
page read and write
|
||
|
6F1E000
|
stack
|
page read and write
|
||
|
5880000
|
trusted library allocation
|
page read and write
|
||
|
1060000
|
trusted library allocation
|
page read and write
|
||
|
5725000
|
trusted library allocation
|
page read and write
|
||
|
313D000
|
trusted library allocation
|
page read and write
|
||
|
6E90000
|
trusted library allocation
|
page read and write
|
||
|
5736000
|
trusted library allocation
|
page read and write
|
||
|
B60E000
|
stack
|
page read and write
|
||
|
71C0000
|
trusted library allocation
|
page read and write
|
||
|
2F7B000
|
heap
|
page read and write
|
||
|
6B18000
|
heap
|
page read and write
|
||
|
7870000
|
trusted library allocation
|
page read and write
|
||
|
53A0000
|
heap
|
page read and write
|
||
|
8FA000
|
stack
|
page read and write
|
||
|
637D000
|
stack
|
page read and write
|
||
|
8D20000
|
heap
|
page read and write
|
||
|
BC0C000
|
stack
|
page read and write
|
||
|
7270000
|
heap
|
page read and write
|
||
|
40F1000
|
trusted library allocation
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
BE0E000
|
stack
|
page read and write
|
||
|
562B000
|
stack
|
page read and write
|
||
|
2BC7000
|
trusted library allocation
|
page read and write
|
||
|
1475000
|
heap
|
page read and write
|
||
|
107A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1250000
|
heap
|
page read and write
|
||
|
5090000
|
trusted library allocation
|
page read and write
|
||
|
5133000
|
heap
|
page read and write
|
||
|
FDE000
|
heap
|
page read and write
|
||
|
2510000
|
heap
|
page read and write
|
||
|
434000
|
remote allocation
|
page execute and read and write
|
||
|
1232000
|
heap
|
page read and write
|
||
|
12C0000
|
heap
|
page read and write
|
||
|
10B8000
|
heap
|
page read and write
|
||
|
5070000
|
trusted library allocation
|
page read and write
|
||
|
3F6C000
|
trusted library allocation
|
page read and write
|
||
|
40F2000
|
trusted library allocation
|
page read and write
|
||
|
55B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
786E000
|
stack
|
page read and write
|
||
|
5870000
|
trusted library allocation
|
page execute and read and write
|
||
|
F75000
|
heap
|
page read and write
|
||
|
6480000
|
heap
|
page read and write
|
||
|
1087000
|
trusted library allocation
|
page execute and read and write
|
||
|
17B0000
|
heap
|
page read and write
|
||
|
5380000
|
heap
|
page execute and read and write
|
||
|
1050000
|
trusted library allocation
|
page read and write
|
||
|
10F0000
|
trusted library allocation
|
page read and write
|
||
|
571B000
|
trusted library allocation
|
page read and write
|
||
|
1225000
|
heap
|
page read and write
|
||
|
B44E000
|
stack
|
page read and write
|
||
|
13A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1082000
|
trusted library allocation
|
page read and write
|
||
|
2BA3000
|
trusted library allocation
|
page read and write
|
||
|
749E000
|
stack
|
page read and write
|
||
|
54DC000
|
stack
|
page read and write
|
||
|
1182000
|
trusted library allocation
|
page read and write
|
||
|
6A5E000
|
stack
|
page read and write
|
||
|
2CBC000
|
stack
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
108B000
|
trusted library allocation
|
page execute and read and write
|
||
|
5710000
|
trusted library allocation
|
page read and write
|
||
|
1172000
|
trusted library allocation
|
page read and write
|
||
|
1840000
|
heap
|
page read and write
|
||
|
2540000
|
heap
|
page read and write
|
||
|
B9CE000
|
stack
|
page read and write
|
||
|
78E2000
|
heap
|
page read and write
|
||
|
2EAF000
|
stack
|
page read and write
|
||
|
6A1E000
|
stack
|
page read and write
|
||
|
6B10000
|
heap
|
page read and write
|
||
|
65BE000
|
stack
|
page read and write
|
||
|
13C6000
|
trusted library allocation
|
page execute and read and write
|
||
|
5630000
|
trusted library section
|
page readonly
|
||
|
51A2000
|
trusted library allocation
|
page read and write
|
||
|
74D0000
|
heap
|
page read and write
|
||
|
FEF000
|
heap
|
page read and write
|
||
|
52E0000
|
heap
|
page read and write
|
||
|
683E000
|
stack
|
page read and write
|
||
|
17E4000
|
trusted library allocation
|
page read and write
|
||
|
6E00000
|
trusted library allocation
|
page execute and read and write
|
||
|
8D7A000
|
heap
|
page read and write
|
||
|
2D26000
|
trusted library allocation
|
page read and write
|
||
|
30EE000
|
stack
|
page read and write
|
||
|
2D30000
|
trusted library allocation
|
page read and write
|
||
|
12C7000
|
heap
|
page read and write
|
||
|
13C0000
|
trusted library allocation
|
page read and write
|
||
|
7FBB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
13B0000
|
trusted library allocation
|
page read and write
|
||
|
13DB000
|
trusted library allocation
|
page execute and read and write
|
||
|
7210000
|
trusted library allocation
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
674E000
|
stack
|
page read and write
|
||
|
B88B000
|
stack
|
page read and write
|
||
|
11A0000
|
heap
|
page read and write
|
||
|
2D40000
|
trusted library allocation
|
page read and write
|
||
|
2E81000
|
trusted library allocation
|
page read and write
|
||
|
1070000
|
trusted library allocation
|
page read and write
|
||
|
BD0C000
|
stack
|
page read and write
|
||
|
7200000
|
trusted library allocation
|
page read and write
|
||
|
1100000
|
heap
|
page read and write
|
||
|
1480000
|
trusted library allocation
|
page execute and read and write
|
||
|
5B2E000
|
stack
|
page read and write
|
||
|
10FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B20000
|
trusted library allocation
|
page read and write
|
||
|
7270000
|
trusted library allocation
|
page read and write
|
||
|
7913000
|
heap
|
page read and write
|
||
|
6B0E000
|
stack
|
page read and write
|
||
|
623D000
|
stack
|
page read and write
|
||
|
B98C000
|
stack
|
page read and write
|
||
|
73F0000
|
trusted library allocation
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
693F000
|
stack
|
page read and write
|
||
|
B94E000
|
stack
|
page read and write
|
||
|
526E000
|
stack
|
page read and write
|
||
|
11B0000
|
trusted library allocation
|
page read and write
|
||
|
6C9E000
|
stack
|
page read and write
|
||
|
2BCD000
|
trusted library allocation
|
page read and write
|
||
|
2ECC000
|
trusted library allocation
|
page read and write
|
||
|
53E0000
|
trusted library allocation
|
page read and write
|
||
|
5A2E000
|
stack
|
page read and write
|
||
|
4B48000
|
trusted library allocation
|
page read and write
|
||
|
5041000
|
trusted library allocation
|
page read and write
|
||
|
71E0000
|
trusted library section
|
page read and write
|
||
|
145E000
|
stack
|
page read and write
|
||
|
6C5E000
|
stack
|
page read and write
|
||
|
4E88000
|
trusted library allocation
|
page read and write
|
||
|
403000
|
remote allocation
|
page execute and read and write
|
||
|
2D24000
|
trusted library allocation
|
page read and write
|
||
|
28D0000
|
heap
|
page read and write
|
||
|
118B000
|
trusted library allocation
|
page execute and read and write
|
||
|
50E0000
|
trusted library allocation
|
page read and write
|
||
|
5695000
|
heap
|
page read and write
|
||
|
502B000
|
trusted library allocation
|
page read and write
|
||
|
519D000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
2CC0000
|
trusted library allocation
|
page read and write
|
||
|
53D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5060000
|
trusted library allocation
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
53C9000
|
trusted library allocation
|
page read and write
|
||
|
571E000
|
stack
|
page read and write
|
||
|
1113000
|
trusted library allocation
|
page read and write
|
||
|
1169000
|
stack
|
page read and write
|
||
|
42A000
|
remote allocation
|
page execute and read and write
|
||
|
10B0000
|
heap
|
page read and write
|
||
|
117A000
|
trusted library allocation
|
page execute and read and write
|
||
|
6947000
|
trusted library allocation
|
page read and write
|
||
|
3B91000
|
trusted library allocation
|
page read and write
|
||
|
115D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E20000
|
heap
|
page read and write
|
||
|
7250000
|
trusted library allocation
|
page read and write
|
||
|
770000
|
unkown
|
page readonly
|
||
|
1230000
|
trusted library allocation
|
page read and write
|
||
|
556E000
|
stack
|
page read and write
|
||
|
42B000
|
remote allocation
|
page execute and read and write
|
||
|
EF5000
|
heap
|
page read and write
|
||
|
DCE000
|
stack
|
page read and write
|
||
|
46A000
|
stack
|
page read and write
|
||
|
111D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1409000
|
heap
|
page read and write
|
||
|
312F000
|
trusted library allocation
|
page read and write
|
||
|
EF7000
|
stack
|
page read and write
|
||
|
561E000
|
stack
|
page read and write
|
||
|
ECE000
|
stack
|
page read and write
|
||
|
17E6000
|
trusted library allocation
|
page read and write
|
||
|
3BFB000
|
trusted library allocation
|
page read and write
|
||
|
3EB2000
|
trusted library allocation
|
page read and write
|
||
|
2C08000
|
trusted library allocation
|
page read and write
|
||
|
BB0E000
|
stack
|
page read and write
|
||
|
1053000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C06000
|
trusted library allocation
|
page read and write
|
||
|
10F4000
|
trusted library allocation
|
page read and write
|
||
|
5D48000
|
trusted library allocation
|
page read and write
|
||
|
5046000
|
trusted library allocation
|
page read and write
|
||
|
5A5E000
|
stack
|
page read and write
|
||
|
2A7C000
|
stack
|
page read and write
|
||
|
52D0000
|
heap
|
page read and write
|
||
|
3B41000
|
trusted library allocation
|
page read and write
|
||
|
585E000
|
stack
|
page read and write
|
||
|
5700000
|
heap
|
page read and write
|
||
|
4119000
|
trusted library allocation
|
page read and write
|
||
|
2BDD000
|
trusted library allocation
|
page read and write
|
||
|
518E000
|
trusted library allocation
|
page read and write
|
||
|
678E000
|
stack
|
page read and write
|
||
|
13A4000
|
trusted library allocation
|
page read and write
|
||
|
149F000
|
heap
|
page read and write
|
||
|
D8E000
|
stack
|
page read and write
|
||
|
2B8C000
|
trusted library allocation
|
page read and write
|
||
|
70FE000
|
stack
|
page read and write
|
||
|
1163000
|
trusted library allocation
|
page read and write
|
||
|
5680000
|
trusted library allocation
|
page read and write
|
||
|
2DDE000
|
unkown
|
page read and write
|
||
|
6A70000
|
trusted library allocation
|
page read and write
|
||
|
3EE3000
|
trusted library allocation
|
page read and write
|
||
|
2CD0000
|
trusted library allocation
|
page read and write
|
||
|
5580000
|
heap
|
page read and write
|
||
|
2E6E000
|
stack
|
page read and write
|
||
|
105D000
|
trusted library allocation
|
page execute and read and write
|
||
|
647F000
|
stack
|
page read and write
|
||
|
572E000
|
trusted library allocation
|
page read and write
|
||
|
EF0000
|
heap
|
page read and write
|
||
|
6DE0000
|
trusted library allocation
|
page read and write
|
||
|
3E89000
|
trusted library allocation
|
page read and write
|
||
|
6A60000
|
heap
|
page read and write
|
||
|
4074000
|
trusted library allocation
|
page read and write
|
||
|
113B000
|
trusted library allocation
|
page execute and read and write
|
||
|
571E000
|
trusted library allocation
|
page read and write
|
||
|
F8D000
|
stack
|
page read and write
|
||
|
1150000
|
trusted library allocation
|
page read and write
|
||
|
1054000
|
trusted library allocation
|
page read and write
|
||
|
1072000
|
trusted library allocation
|
page read and write
|
||
|
1187000
|
heap
|
page read and write
|
||
|
739E000
|
stack
|
page read and write
|
||
|
78B0000
|
heap
|
page read and write
|
||
|
F0E000
|
stack
|
page read and write
|
||
|
6D50000
|
trusted library allocation
|
page read and write
|
||
|
52D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6D5D000
|
trusted library allocation
|
page read and write
|
||
|
6E97000
|
trusted library allocation
|
page read and write
|
||
|
4CDC000
|
stack
|
page read and write
|
||
|
13D2000
|
trusted library allocation
|
page read and write
|
||
|
579D000
|
stack
|
page read and write
|
||
|
71D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
BACF000
|
stack
|
page read and write
|
||
|
8D26000
|
heap
|
page read and write
|
||
|
517E000
|
trusted library allocation
|
page read and write
|
||
|
55E0000
|
heap
|
page read and write
|
||
|
578C000
|
stack
|
page read and write
|
||
|
3E81000
|
trusted library allocation
|
page read and write
|
||
|
71FE000
|
stack
|
page read and write
|
||
|
53C0000
|
trusted library allocation
|
page read and write
|
||
|
10E0000
|
trusted library allocation
|
page read and write
|
||
|
575E000
|
stack
|
page read and write
|
||
|
1126000
|
trusted library allocation
|
page execute and read and write
|
||
|
5020000
|
trusted library allocation
|
page read and write
|
||
|
2B30000
|
heap
|
page read and write
|
||
|
721B000
|
trusted library allocation
|
page read and write
|
||
|
66FE000
|
stack
|
page read and write
|
||
|
13D7000
|
trusted library allocation
|
page execute and read and write
|
||
|
B64D000
|
stack
|
page read and write
|
||
|
2BCF000
|
trusted library allocation
|
page read and write
|
||
|
78A4000
|
heap
|
page read and write
|
||
|
13C2000
|
trusted library allocation
|
page read and write
|
||
|
135E000
|
stack
|
page read and write
|
||
|
6E3E000
|
stack
|
page read and write
|
||
|
739E000
|
stack
|
page read and write
|
||
|
1300000
|
heap
|
page read and write
|
||
|
5D50000
|
trusted library allocation
|
page execute and read and write
|
||
|
5170000
|
trusted library allocation
|
page read and write
|
||
|
F3A000
|
heap
|
page read and write
|
||
|
8DCE000
|
stack
|
page read and write
|
||
|
52A0000
|
heap
|
page execute and read and write
|
||
|
2D45000
|
trusted library allocation
|
page read and write
|
||
|
BC0E000
|
stack
|
page read and write
|
||
|
4170000
|
trusted library allocation
|
page read and write
|
||
|
1170000
|
trusted library allocation
|
page read and write
|
||
|
112F000
|
stack
|
page read and write
|
||
|
1413000
|
heap
|
page read and write
|
||
|
6D60000
|
trusted library allocation
|
page read and write
|
||
|
7260000
|
trusted library allocation
|
page execute and read and write
|
||
|
5182000
|
trusted library allocation
|
page read and write
|
||
|
1460000
|
heap
|
page read and write
|
||
|
1210000
|
trusted library allocation
|
page read and write
|
||
|
7F460000
|
trusted library allocation
|
page execute and read and write
|
||
|
6E40000
|
trusted library allocation
|
page execute and read and write
|
||
|
117E000
|
heap
|
page read and write
|
||
|
2CFD000
|
trusted library allocation
|
page read and write
|
||
|
317A000
|
trusted library allocation
|
page read and write
|
||
|
729E000
|
stack
|
page read and write
|
||
|
701E000
|
stack
|
page read and write
|
||
|
6CA0000
|
heap
|
page read and write
|
||
|
74DE000
|
stack
|
page read and write
|
||
|
D59000
|
stack
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
138E000
|
stack
|
page read and write
|
||
|
2C7A000
|
stack
|
page read and write
|
||
|
4167000
|
trusted library allocation
|
page read and write
|
||
|
503E000
|
trusted library allocation
|
page read and write
|
||
|
73E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
C59000
|
stack
|
page read and write
|
||
|
5052000
|
trusted library allocation
|
page read and write
|
||
|
68CD000
|
stack
|
page read and write
|
||
|
FFE000
|
stack
|
page read and write
|
||
|
2C0A000
|
trusted library allocation
|
page read and write
|
||
|
30F1000
|
trusted library allocation
|
page read and write
|
||
|
17A0000
|
trusted library allocation
|
page read and write
|
||
|
13A0000
|
trusted library allocation
|
page read and write
|
||
|
7946000
|
heap
|
page read and write
|
||
|
2D70000
|
heap
|
page read and write
|
||
|
B68E000
|
stack
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
41EE000
|
trusted library allocation
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
429000
|
remote allocation
|
page execute and read and write
|
||
|
FFD000
|
heap
|
page read and write
|
||
|
8FDF000
|
stack
|
page read and write
|
||
|
501B000
|
stack
|
page read and write
|
||
|
64FE000
|
heap
|
page read and write
|
||
|
25CF000
|
unkown
|
page read and write
|
||
|
2BD1000
|
trusted library allocation
|
page read and write
|
||
|
F3E000
|
heap
|
page read and write
|
||
|
5722000
|
trusted library allocation
|
page read and write
|
||
|
2CEE000
|
trusted library allocation
|
page read and write
|
||
|
5660000
|
trusted library allocation
|
page execute and read and write
|
||
|
51B0000
|
trusted library allocation
|
page read and write
|
||
|
5100000
|
trusted library allocation
|
page read and write
|
||
|
13E8000
|
heap
|
page read and write
|
||
|
1257000
|
heap
|
page read and write
|
||
|
2EDD000
|
trusted library allocation
|
page read and write
|
||
|
54AB000
|
trusted library allocation
|
page read and write
|
||
|
1140000
|
trusted library allocation
|
page read and write
|
||
|
6CDE000
|
stack
|
page read and write
|
||
|
743E000
|
stack
|
page read and write
|
||
|
17D0000
|
trusted library allocation
|
page read and write
|
||
|
6B52000
|
heap
|
page read and write
|
||
|
5590000
|
heap
|
page read and write
|
||
|
428000
|
remote allocation
|
page execute and read and write
|
||
|
6509000
|
heap
|
page read and write
|
||
|
13BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
134E000
|
stack
|
page read and write
|
||
|
2A10000
|
heap
|
page read and write
|
||
|
3FA6000
|
trusted library allocation
|
page read and write
|
||
|
1200000
|
trusted library allocation
|
page read and write
|
||
|
75DF000
|
stack
|
page read and write
|
||
|
3FF4000
|
trusted library allocation
|
page read and write
|
||
|
1800000
|
heap
|
page read and write
|
||
|
11F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6E80000
|
heap
|
page read and write
|
||
|
50F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
56E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
56C0000
|
trusted library allocation
|
page read and write
|
||
|
1122000
|
trusted library allocation
|
page read and write
|
||
|
55E0000
|
heap
|
page execute and read and write
|
||
|
1416000
|
heap
|
page read and write
|
||
|
4C98000
|
trusted library allocation
|
page read and write
|
||
|
55B1000
|
heap
|
page read and write
|
||
|
13D5000
|
trusted library allocation
|
page execute and read and write
|
||
|
6A0E000
|
stack
|
page read and write
|
||
|
5C6F000
|
stack
|
page read and write
|
||
|
2C24000
|
trusted library allocation
|
page read and write
|
||
|
1780000
|
heap
|
page execute and read and write
|
||
|
2C7E000
|
stack
|
page read and write
|
||
|
715E000
|
stack
|
page read and write
|
||
|
5065000
|
trusted library allocation
|
page read and write
|
||
|
6E30000
|
trusted library allocation
|
page read and write
|
||
|
2E7F000
|
stack
|
page read and write
|
||
|
1194000
|
heap
|
page read and write
|
||
|
512B000
|
trusted library allocation
|
page read and write
|
||
|
9F7000
|
stack
|
page read and write
|
||
|
121E000
|
stack
|
page read and write
|
||
|
10A0000
|
heap
|
page read and write
|
||
|
7260000
|
trusted library allocation
|
page read and write
|
||
|
419000
|
remote allocation
|
page execute and read and write
|
||
|
5731000
|
trusted library allocation
|
page read and write
|
||
|
698E000
|
stack
|
page read and write
|
||
|
1490000
|
heap
|
page read and write
|
||
|
5196000
|
trusted library allocation
|
page read and write
|
||
|
6DA0000
|
trusted library section
|
page read and write
|
||
|
1847000
|
heap
|
page read and write
|
||
|
116A000
|
heap
|
page read and write
|
||
|
55DE000
|
stack
|
page read and write
|
||
|
6DFB000
|
trusted library allocation
|
page read and write
|
||
|
2A5F000
|
stack
|
page read and write
|
||
|
52E0000
|
trusted library allocation
|
page read and write
|
||
|
1240000
|
trusted library allocation
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
78A0000
|
heap
|
page read and write
|
||
|
1150000
|
trusted library allocation
|
page read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
8C00000
|
trusted library allocation
|
page execute and read and write
|
||
|
177C000
|
stack
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
5130000
|
heap
|
page read and write
|
||
|
2EDF000
|
trusted library allocation
|
page read and write
|
||
|
41A000
|
remote allocation
|
page execute and read and write
|
||
|
51BE000
|
trusted library allocation
|
page read and write
|
||
|
6E7E000
|
stack
|
page read and write
|
||
|
688F000
|
stack
|
page read and write
|
||
|
2A0E000
|
stack
|
page read and write
|
||
|
2CF6000
|
trusted library allocation
|
page read and write
|
||
|
8CCE000
|
stack
|
page read and write
|
||
|
2B41000
|
trusted library allocation
|
page read and write
|
||
|
5370000
|
heap
|
page read and write
|
||
|
1080000
|
trusted library allocation
|
page read and write
|
||
|
711F000
|
stack
|
page read and write
|
||
|
112A000
|
trusted library allocation
|
page execute and read and write
|
||
|
415A000
|
trusted library allocation
|
page read and write
|
||
|
6D67000
|
trusted library allocation
|
page read and write
|
||
|
6E50000
|
heap
|
page read and write
|
||
|
5120000
|
trusted library allocation
|
page read and write
|
||
|
78BC000
|
heap
|
page read and write
|
||
|
76E2000
|
trusted library allocation
|
page read and write
|
||
|
2D20000
|
trusted library allocation
|
page read and write
|
||
|
55D0000
|
heap
|
page read and write
|
||
|
73DC000
|
trusted library allocation
|
page read and write
|
||
|
528E000
|
stack
|
page read and write
|
||
|
5D40000
|
trusted library allocation
|
page read and write
|
||
|
664D000
|
stack
|
page read and write
|
||
|
57A0000
|
heap
|
page read and write
|
||
|
5868000
|
trusted library allocation
|
page read and write
|
||
|
1220000
|
trusted library allocation
|
page read and write
|
||
|
116E000
|
heap
|
page read and write
|
||
|
B70E000
|
stack
|
page read and write
|
||
|
1000000
|
heap
|
page read and write
|
||
|
2ADE000
|
stack
|
page read and write
|
||
|
258E000
|
unkown
|
page read and write
|
||
|
534C000
|
stack
|
page read and write
|
||
|
6D53000
|
trusted library allocation
|
page read and write
|
||
|
2F0D000
|
trusted library allocation
|
page read and write
|
||
|
2CF1000
|
trusted library allocation
|
page read and write
|
||
|
13D0000
|
trusted library allocation
|
page read and write
|
||
|
13CA000
|
trusted library allocation
|
page execute and read and write
|
||
|
5360000
|
heap
|
page read and write
|
||
|
10F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
563F000
|
trusted library section
|
page readonly
|
||
|
106D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1085000
|
trusted library allocation
|
page execute and read and write
|
||
|
504D000
|
trusted library allocation
|
page read and write
|
||
|
5920000
|
heap
|
page read and write
|
||
|
11C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
53C2000
|
trusted library allocation
|
page read and write
|
||
|
C60000
|
heap
|
page read and write
|
||
|
520C000
|
stack
|
page read and write
|
||
|
E05000
|
heap
|
page read and write
|
||
|
1180000
|
trusted library allocation
|
page read and write
|
||
|
418000
|
remote allocation
|
page execute and read and write
|
||
|
106A000
|
stack
|
page read and write
|
||
|
56BE000
|
stack
|
page read and write
|
||
|
1130000
|
trusted library allocation
|
page read and write
|
||
|
1160000
|
trusted library allocation
|
page read and write
|
||
|
5742000
|
trusted library allocation
|
page read and write
|
||
|
11EE000
|
stack
|
page read and write
|
||
|
71A0000
|
heap
|
page read and write
|
||
|
173E000
|
stack
|
page read and write
|
||
|
52F0000
|
heap
|
page read and write
|
||
|
1076000
|
trusted library allocation
|
page execute and read and write
|
||
|
1497000
|
heap
|
page read and write
|
||
|
10CE000
|
stack
|
page read and write
|
||
|
6DF0000
|
trusted library allocation
|
page read and write
|
||
|
2B8F000
|
stack
|
page read and write
|
||
|
1137000
|
trusted library allocation
|
page execute and read and write
|
||
|
F77000
|
heap
|
page read and write
|
||
|
69CE000
|
stack
|
page read and write
|
||
|
1220000
|
heap
|
page execute and read and write
|
||
|
57B0000
|
heap
|
page read and write
|
||
|
6DAD000
|
stack
|
page read and write
|
||
|
5570000
|
heap
|
page read and write
|
||
|
10E6000
|
heap
|
page read and write
|
||
|
13AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
17E0000
|
trusted library allocation
|
page read and write
|
||
|
725E000
|
stack
|
page read and write
|
||
|
5510000
|
trusted library allocation
|
page execute and read and write
|
||
|
5640000
|
heap
|
page read and write
|
||
|
3126000
|
trusted library allocation
|
page read and write
|
||
|
6EB0000
|
trusted library section
|
page read and write
|
||
|
8EDE000
|
stack
|
page read and write
|
||
|
1110000
|
trusted library allocation
|
page read and write
|
||
|
B750000
|
heap
|
page read and write
|
||
|
573D000
|
trusted library allocation
|
page read and write
|
||
|
11A2000
|
heap
|
page read and write
|
||
|
4E2E000
|
stack
|
page read and write
|
||
|
1237000
|
heap
|
page read and write
|
||
|
50E2000
|
trusted library allocation
|
page read and write
|
||
|
2C3D000
|
stack
|
page read and write
|
||
|
116D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5575000
|
heap
|
page read and write
|
||
|
52D4000
|
heap
|
page read and write
|
||
|
57A0000
|
heap
|
page execute and read and write
|
||
|
73D0000
|
trusted library allocation
|
page read and write
|
||
|
5520000
|
trusted library allocation
|
page read and write
|
||
|
6DDE000
|
stack
|
page read and write
|
||
|
2C14000
|
trusted library allocation
|
page read and write
|
||
|
10DA000
|
heap
|
page read and write
|
||
|
1120000
|
trusted library allocation
|
page read and write
|
||
|
42D000
|
stack
|
page read and write
|
||
|
11A0000
|
trusted library allocation
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
67FE000
|
stack
|
page read and write
|
||
|
703F000
|
stack
|
page read and write
|
||
|
6D58000
|
trusted library allocation
|
page read and write
|
||
|
10E4000
|
heap
|
page read and write
|
||
|
F66000
|
heap
|
page read and write
|
||
|
54B0000
|
heap
|
page read and write
|
||
|
17F0000
|
trusted library allocation
|
page read and write
|
||
|
588D000
|
trusted library allocation
|
page read and write
|
||
|
6940000
|
trusted library allocation
|
page read and write
|
||
|
2A80000
|
heap
|
page execute and read and write
|
||
|
5B6E000
|
stack
|
page read and write
|
||
|
427000
|
remote allocation
|
page execute and read and write
|
||
|
7440000
|
trusted library allocation
|
page execute and read and write
|
||
|
1153000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CB0000
|
heap
|
page read and write
|
||
|
5191000
|
trusted library allocation
|
page read and write
|
||
|
54B3000
|
heap
|
page read and write
|
||
|
2D50000
|
trusted library allocation
|
page read and write
|
||
|
5690000
|
heap
|
page read and write
|
||
|
5670000
|
trusted library allocation
|
page read and write
|
||
|
113B000
|
heap
|
page read and write
|
||
|
633F000
|
stack
|
page read and write
|
||
|
8D71000
|
heap
|
page read and write
|
||
|
BCA000
|
stack
|
page read and write
|
||
|
5CAE000
|
stack
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
40E000
|
remote allocation
|
page execute and read and write
|
||
|
53B0000
|
heap
|
page read and write
|
||
|
64C7000
|
heap
|
page read and write
|
||
|
6C1D000
|
stack
|
page read and write
|
There are 562 hidden memdumps, click here to show them.