Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
QT2Q1292300924.vbs
|
ASCII text, with very long lines (65478), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\temp_exec.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\temp_exec.exe.log
|
CSV text
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\QT2Q1292300924.vbs"
|
|
|
|
C:\Users\user\AppData\Local\Temp\temp_exec.exe
|
"C:\Users\user\AppData\Local\Temp\temp_exec.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://dl.zerotheme.ir/kokorila/cgl-bin/bina.exe
|
185.18.213.20
|
|
|
|
https://dl.zerotheme.ir
|
unknown
|
|
|
|
http://dl.zerotheme.ird
|
unknown
|
|
|
|
https://dl.zerotheme.ir/kokorila/cgl-bin/DLLL.dll
|
185.18.213.20
|
|
|
|
http://dl.zerotheme.ir
|
unknown
|
|
|
|
https://dl.zerotheme.ir/kokorila/cgl-bin/bina.exebhttps://dl.zerotheme.ir/kokorila/cgl-bin/DLLL.dll
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
|
dl.zerotheme.ir
|
185.18.213.20
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.18.213.20
|
dl.zerotheme.ir
|
Iran (ISLAMIC Republic Of)
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\temp_exec_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\temp_exec_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\temp_exec_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\temp_exec_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\temp_exec_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\temp_exec_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\temp_exec_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\temp_exec_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\temp_exec_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\temp_exec_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\temp_exec_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\temp_exec_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\temp_exec_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\temp_exec_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
E30000
|
direct allocation
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
1FB06351000
|
heap
|
page read and write
|
||
|
1170000
|
trusted library allocation
|
page read and write
|
||
|
1FB086CB000
|
heap
|
page read and write
|
||
|
1FB0824C000
|
heap
|
page read and write
|
||
|
1FB08735000
|
heap
|
page read and write
|
||
|
1FB08138000
|
heap
|
page read and write
|
||
|
1FB08238000
|
heap
|
page read and write
|
||
|
1FB08244000
|
heap
|
page read and write
|
||
|
1FB06364000
|
heap
|
page read and write
|
||
|
1FB086AF000
|
heap
|
page read and write
|
||
|
1FB086C0000
|
heap
|
page read and write
|
||
|
1FB08263000
|
heap
|
page read and write
|
||
|
608E000
|
stack
|
page read and write
|
||
|
1FB08746000
|
heap
|
page read and write
|
||
|
3EB9000
|
trusted library allocation
|
page read and write
|
||
|
1FB08FA0000
|
trusted library allocation
|
page read and write
|
||
|
1FB06270000
|
heap
|
page read and write
|
||
|
1FB0825A000
|
heap
|
page read and write
|
||
|
1FB0874B000
|
heap
|
page read and write
|
||
|
1FB062A6000
|
heap
|
page read and write
|
||
|
C90000
|
unkown
|
page readonly
|
||
|
1FB086CB000
|
heap
|
page read and write
|
||
|
1FB063C0000
|
heap
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
1FB08450000
|
heap
|
page read and write
|
||
|
1FB0825C000
|
heap
|
page read and write
|
||
|
1FB06349000
|
heap
|
page read and write
|
||
|
1FB08077000
|
heap
|
page read and write
|
||
|
1FB08247000
|
heap
|
page read and write
|
||
|
1FB0844C000
|
heap
|
page read and write
|
||
|
1FB0874A000
|
heap
|
page read and write
|
||
|
1FB0844D000
|
heap
|
page read and write
|
||
|
1FB08267000
|
heap
|
page read and write
|
||
|
1FB0826E000
|
heap
|
page read and write
|
||
|
1FB08423000
|
heap
|
page read and write
|
||
|
1FB08432000
|
heap
|
page read and write
|
||
|
2FD3000
|
trusted library allocation
|
page read and write
|
||
|
1FB0823E000
|
heap
|
page read and write
|
||
|
1FB08725000
|
heap
|
page read and write
|
||
|
CEE000
|
stack
|
page read and write
|
||
|
1FB08443000
|
heap
|
page read and write
|
||
|
1FB0875D000
|
heap
|
page read and write
|
||
|
3069000
|
trusted library allocation
|
page read and write
|
||
|
1FB08729000
|
heap
|
page read and write
|
||
|
1FB086FF000
|
heap
|
page read and write
|
||
|
14E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FB08754000
|
heap
|
page read and write
|
||
|
1FB08430000
|
heap
|
page read and write
|
||
|
1FB086CB000
|
heap
|
page read and write
|
||
|
1FB0825D000
|
heap
|
page read and write
|
||
|
1FB08457000
|
heap
|
page read and write
|
||
|
5A7E000
|
stack
|
page read and write
|
||
|
1FB08799000
|
heap
|
page read and write
|
||
|
1FB08422000
|
heap
|
page read and write
|
||
|
1FB086CB000
|
heap
|
page read and write
|
||
|
1FB08259000
|
heap
|
page read and write
|
||
|
1FB06470000
|
heap
|
page read and write
|
||
|
1FB08447000
|
heap
|
page read and write
|
||
|
1FB086C0000
|
heap
|
page read and write
|
||
|
1FB08271000
|
heap
|
page read and write
|
||
|
1FB08671000
|
heap
|
page read and write
|
||
|
3059000
|
trusted library allocation
|
page read and write
|
||
|
1FB086CD000
|
heap
|
page read and write
|
||
|
638E000
|
stack
|
page read and write
|
||
|
1FB08260000
|
heap
|
page read and write
|
||
|
1FB0825A000
|
heap
|
page read and write
|
||
|
1FB0826A000
|
heap
|
page read and write
|
||
|
1FB08466000
|
heap
|
page read and write
|
||
|
1FB08446000
|
heap
|
page read and write
|
||
|
1FB08467000
|
heap
|
page read and write
|
||
|
1FB08070000
|
heap
|
page read and write
|
||
|
11F5000
|
heap
|
page read and write
|
||
|
1FB0823F000
|
heap
|
page read and write
|
||
|
1FB08734000
|
heap
|
page read and write
|
||
|
5F40000
|
heap
|
page read and write
|
||
|
1FB08423000
|
heap
|
page read and write
|
||
|
1FB08446000
|
heap
|
page read and write
|
||
|
1FB08244000
|
heap
|
page read and write
|
||
|
119A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FB08751000
|
heap
|
page read and write
|
||
|
1FB0842F000
|
heap
|
page read and write
|
||
|
620E000
|
stack
|
page read and write
|
||
|
1FB0873D000
|
heap
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
117D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1160000
|
trusted library allocation
|
page read and write
|
||
|
1FB0875D000
|
heap
|
page read and write
|
||
|
1FB08071000
|
heap
|
page read and write
|
||
|
1FB08269000
|
heap
|
page read and write
|
||
|
1FB0867C000
|
heap
|
page read and write
|
||
|
1FB08745000
|
heap
|
page read and write
|
||
|
1FB08761000
|
heap
|
page read and write
|
||
|
15E6000
|
direct allocation
|
page execute and read and write
|
||
|
1FB08423000
|
heap
|
page read and write
|
||
|
1FB087A7000
|
heap
|
page read and write
|
||
|
D3C000
|
stack
|
page read and write
|
||
|
1FB0825D000
|
heap
|
page read and write
|
||
|
1FB08745000
|
heap
|
page read and write
|
||
|
1FB06361000
|
heap
|
page read and write
|
||
|
1FB0636E000
|
heap
|
page read and write
|
||
|
1FB08738000
|
heap
|
page read and write
|
||
|
1FB086EE000
|
heap
|
page read and write
|
||
|
1FB086C8000
|
heap
|
page read and write
|
||
|
1FB0834C000
|
heap
|
page read and write
|
||
|
15B0000
|
heap
|
page execute and read and write
|
||
|
1FB0873E000
|
heap
|
page read and write
|
||
|
1FB08465000
|
heap
|
page read and write
|
||
|
1FB08766000
|
heap
|
page read and write
|
||
|
1FB06358000
|
heap
|
page read and write
|
||
|
2E7E000
|
stack
|
page read and write
|
||
|
1FB08451000
|
heap
|
page read and write
|
||
|
1FB08447000
|
heap
|
page read and write
|
||
|
15D0000
|
heap
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
11AF000
|
stack
|
page read and write
|
||
|
1FB0875D000
|
heap
|
page read and write
|
||
|
1FB08745000
|
heap
|
page read and write
|
||
|
5E3E000
|
stack
|
page read and write
|
||
|
1FB0825B000
|
heap
|
page read and write
|
||
|
543E000
|
stack
|
page read and write
|
||
|
1FB08455000
|
heap
|
page read and write
|
||
|
1FB06349000
|
heap
|
page read and write
|
||
|
2F88000
|
trusted library allocation
|
page read and write
|
||
|
1FB08751000
|
heap
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
1FB08712000
|
heap
|
page read and write
|
||
|
1FB08440000
|
heap
|
page read and write
|
||
|
1FB086E8000
|
heap
|
page read and write
|
||
|
624E000
|
stack
|
page read and write
|
||
|
72E18FE000
|
stack
|
page read and write
|
||
|
1FB08240000
|
heap
|
page read and write
|
||
|
1FB086C5000
|
heap
|
page read and write
|
||
|
1FB08467000
|
heap
|
page read and write
|
||
|
1FB0842B000
|
heap
|
page read and write
|
||
|
1FB086C9000
|
heap
|
page read and write
|
||
|
1FB0826E000
|
heap
|
page read and write
|
||
|
1FB0826E000
|
heap
|
page read and write
|
||
|
1FB08450000
|
heap
|
page read and write
|
||
|
1FB08260000
|
heap
|
page read and write
|
||
|
1FB086FF000
|
heap
|
page read and write
|
||
|
EB8000
|
heap
|
page read and write
|
||
|
1FB080DB000
|
heap
|
page read and write
|
||
|
1FB08264000
|
heap
|
page read and write
|
||
|
63E0000
|
heap
|
page read and write
|
||
|
1174000
|
trusted library allocation
|
page read and write
|
||
|
1FB087A1000
|
heap
|
page read and write
|
||
|
1FB08072000
|
heap
|
page read and write
|
||
|
1FB08728000
|
heap
|
page read and write
|
||
|
1FB08267000
|
heap
|
page read and write
|
||
|
3051000
|
trusted library allocation
|
page read and write
|
||
|
1FB0845C000
|
heap
|
page read and write
|
||
|
1FB08768000
|
heap
|
page read and write
|
||
|
1FB0844F000
|
heap
|
page read and write
|
||
|
1FB08259000
|
heap
|
page read and write
|
||
|
1FB087AA000
|
heap
|
page read and write
|
||
|
1550000
|
heap
|
page execute and read and write
|
||
|
1FB0867D000
|
heap
|
page read and write
|
||
|
1FB0636E000
|
heap
|
page read and write
|
||
|
1FB08465000
|
heap
|
page read and write
|
||
|
1FB06353000
|
heap
|
page read and write
|
||
|
1FB08267000
|
heap
|
page read and write
|
||
|
1FB0873F000
|
heap
|
page read and write
|
||
|
144D000
|
direct allocation
|
page execute and read and write
|
||
|
1FB08671000
|
heap
|
page read and write
|
||
|
1FB086FF000
|
heap
|
page read and write
|
||
|
1FB0874E000
|
heap
|
page read and write
|
||
|
1201000
|
heap
|
page read and write
|
||
|
10F5000
|
stack
|
page read and write
|
||
|
1180000
|
trusted library allocation
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
1FB08451000
|
heap
|
page read and write
|
||
|
1FB08201000
|
heap
|
page read and write
|
||
|
1FB08733000
|
heap
|
page read and write
|
||
|
2F8B000
|
trusted library allocation
|
page read and write
|
||
|
1FB0824C000
|
heap
|
page read and write
|
||
|
72E12FE000
|
stack
|
page read and write
|
||
|
1FB08261000
|
heap
|
page read and write
|
||
|
1FB08252000
|
heap
|
page read and write
|
||
|
1FB08748000
|
heap
|
page read and write
|
||
|
1FB0845D000
|
heap
|
page read and write
|
||
|
304C000
|
trusted library allocation
|
page read and write
|
||
|
1FB0874E000
|
heap
|
page read and write
|
||
|
1FB08261000
|
heap
|
page read and write
|
||
|
1FB0825B000
|
heap
|
page read and write
|
||
|
1FB086CE000
|
heap
|
page read and write
|
||
|
1FB08459000
|
heap
|
page read and write
|
||
|
1173000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FB08446000
|
heap
|
page read and write
|
||
|
1FB0846B000
|
heap
|
page read and write
|
||
|
148E000
|
stack
|
page read and write
|
||
|
1FB08799000
|
heap
|
page read and write
|
||
|
1FB08724000
|
heap
|
page read and write
|
||
|
1FB08727000
|
heap
|
page read and write
|
||
|
2ECD000
|
trusted library allocation
|
page read and write
|
||
|
1FB08468000
|
heap
|
page read and write
|
||
|
1FB0875C000
|
heap
|
page read and write
|
||
|
1FB0846B000
|
heap
|
page read and write
|
||
|
1FB0846B000
|
heap
|
page read and write
|
||
|
3EB1000
|
trusted library allocation
|
page read and write
|
||
|
1FB08760000
|
heap
|
page read and write
|
||
|
1FB08443000
|
heap
|
page read and write
|
||
|
1FB081DA000
|
heap
|
page read and write
|
||
|
1FB0873A000
|
heap
|
page read and write
|
||
|
1FB0842E000
|
heap
|
page read and write
|
||
|
10AF000
|
stack
|
page read and write
|
||
|
1FB0845A000
|
heap
|
page read and write
|
||
|
1FB08258000
|
heap
|
page read and write
|
||
|
72E17FE000
|
stack
|
page read and write
|
||
|
A3D000
|
stack
|
page read and write
|
||
|
1FB08446000
|
heap
|
page read and write
|
||
|
1FB0826C000
|
heap
|
page read and write
|
||
|
504D000
|
stack
|
page read and write
|
||
|
1FB086C8000
|
heap
|
page read and write
|
||
|
C92000
|
unkown
|
page readonly
|
||
|
593D000
|
stack
|
page read and write
|
||
|
1FB08454000
|
heap
|
page read and write
|
||
|
1FB0873E000
|
heap
|
page read and write
|
||
|
2FAC000
|
trusted library allocation
|
page read and write
|
||
|
1FB08736000
|
heap
|
page read and write
|
||
|
1FB0825F000
|
heap
|
page read and write
|
||
|
1FB0874E000
|
heap
|
page read and write
|
||
|
1FB08269000
|
heap
|
page read and write
|
||
|
1FB08430000
|
heap
|
page read and write
|
||
|
1FB08446000
|
heap
|
page read and write
|
||
|
1FB08758000
|
heap
|
page read and write
|
||
|
1FB087AA000
|
heap
|
page read and write
|
||
|
1449000
|
direct allocation
|
page execute and read and write
|
||
|
1FB06358000
|
heap
|
page read and write
|
||
|
1FB08454000
|
heap
|
page read and write
|
||
|
1FB0629E000
|
heap
|
page read and write
|
||
|
1FB086CB000
|
heap
|
page read and write
|
||
|
56BE000
|
stack
|
page read and write
|
||
|
1FB08455000
|
heap
|
page read and write
|
||
|
1FB0874F000
|
heap
|
page read and write
|
||
|
1FB08432000
|
heap
|
page read and write
|
||
|
1FB08437000
|
heap
|
page read and write
|
||
|
1299000
|
heap
|
page read and write
|
||
|
1FB0873C000
|
heap
|
page read and write
|
||
|
5A3E000
|
stack
|
page read and write
|
||
|
1FB0824C000
|
heap
|
page read and write
|
||
|
3F19000
|
trusted library allocation
|
page read and write
|
||
|
1FB0874A000
|
heap
|
page read and write
|
||
|
1FB08259000
|
heap
|
page read and write
|
||
|
B3D000
|
stack
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
1FB08253000
|
heap
|
page read and write
|
||
|
1FB0874F000
|
heap
|
page read and write
|
||
|
1FB08467000
|
heap
|
page read and write
|
||
|
61CD000
|
stack
|
page read and write
|
||
|
1FB08470000
|
heap
|
page read and write
|
||
|
1FB087AA000
|
heap
|
page read and write
|
||
|
1FB0825A000
|
heap
|
page read and write
|
||
|
1FB08760000
|
heap
|
page read and write
|
||
|
1FB0834D000
|
heap
|
page read and write
|
||
|
1FB0824E000
|
heap
|
page read and write
|
||
|
1FB08253000
|
heap
|
page read and write
|
||
|
1FB08259000
|
heap
|
page read and write
|
||
|
1FB087A7000
|
heap
|
page read and write
|
||
|
1FB0826E000
|
heap
|
page read and write
|
||
|
1FB08072000
|
heap
|
page read and write
|
||
|
1FB08140000
|
heap
|
page read and write
|
||
|
1FB086B2000
|
heap
|
page read and write
|
||
|
1FB08201000
|
heap
|
page read and write
|
||
|
11A2000
|
trusted library allocation
|
page read and write
|
||
|
1FB08421000
|
heap
|
page read and write
|
||
|
1FB086BC000
|
heap
|
page read and write
|
||
|
1FB0874B000
|
heap
|
page read and write
|
||
|
1FB0826E000
|
heap
|
page read and write
|
||
|
1FB08738000
|
heap
|
page read and write
|
||
|
15ED000
|
direct allocation
|
page execute and read and write
|
||
|
1FB08263000
|
heap
|
page read and write
|
||
|
1FB08A70000
|
heap
|
page read and write
|
||
|
1FB0843F000
|
heap
|
page read and write
|
||
|
1FB0869E000
|
heap
|
page read and write
|
||
|
1FB0875D000
|
heap
|
page read and write
|
||
|
1FB0875C000
|
heap
|
page read and write
|
||
|
1FB062AE000
|
heap
|
page read and write
|
||
|
1FB08114000
|
heap
|
page read and write
|
||
|
1FB08725000
|
heap
|
page read and write
|
||
|
1FB086AF000
|
heap
|
page read and write
|
||
|
1FB0873D000
|
heap
|
page read and write
|
||
|
CAE000
|
stack
|
page read and write
|
||
|
58FF000
|
stack
|
page read and write
|
||
|
15C0000
|
trusted library allocation
|
page read and write
|
||
|
72E11FE000
|
stack
|
page read and write
|
||
|
1FB0874B000
|
heap
|
page read and write
|
||
|
1FB06460000
|
heap
|
page read and write
|
||
|
5DFE000
|
stack
|
page read and write
|
||
|
1FB08253000
|
heap
|
page read and write
|
||
|
1FB08250000
|
heap
|
page read and write
|
||
|
1FB06490000
|
heap
|
page read and write
|
||
|
1FB08242000
|
heap
|
page read and write
|
||
|
1FB08469000
|
heap
|
page read and write
|
||
|
1FB08440000
|
heap
|
page read and write
|
||
|
1FB08739000
|
heap
|
page read and write
|
||
|
1FB08751000
|
heap
|
page read and write
|
||
|
1FB0824B000
|
heap
|
page read and write
|
||
|
1FB086FF000
|
heap
|
page read and write
|
||
|
1FB0825F000
|
heap
|
page read and write
|
||
|
1FB08140000
|
heap
|
page read and write
|
||
|
1FB0823A000
|
heap
|
page read and write
|
||
|
1FB08464000
|
heap
|
page read and write
|
||
|
1FB0873A000
|
heap
|
page read and write
|
||
|
1FB08426000
|
heap
|
page read and write
|
||
|
1FB0873E000
|
heap
|
page read and write
|
||
|
1FB08426000
|
heap
|
page read and write
|
||
|
1FB08725000
|
heap
|
page read and write
|
||
|
1FB0874D000
|
heap
|
page read and write
|
||
|
1FB08675000
|
heap
|
page read and write
|
||
|
1FB08171000
|
heap
|
page read and write
|
||
|
63CE000
|
stack
|
page read and write
|
||
|
1FB08465000
|
heap
|
page read and write
|
||
|
1FB08CA0000
|
heap
|
page read and write
|
||
|
1FB086E1000
|
heap
|
page read and write
|
||
|
1FB06495000
|
heap
|
page read and write
|
||
|
1FB0823C000
|
heap
|
page read and write
|
||
|
1FB08270000
|
heap
|
page read and write
|
||
|
1196000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FB08446000
|
heap
|
page read and write
|
||
|
1FB08451000
|
heap
|
page read and write
|
||
|
1FB06357000
|
heap
|
page read and write
|
||
|
1FB08758000
|
heap
|
page read and write
|
||
|
11CE000
|
heap
|
page read and write
|
||
|
1FB08748000
|
heap
|
page read and write
|
||
|
1FB08742000
|
heap
|
page read and write
|
||
|
1FB08467000
|
heap
|
page read and write
|
||
|
1FB08434000
|
heap
|
page read and write
|
||
|
11AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FB08251000
|
heap
|
page read and write
|
||
|
1FB08746000
|
heap
|
page read and write
|
||
|
1FB0845D000
|
heap
|
page read and write
|
||
|
1FB0844E000
|
heap
|
page read and write
|
||
|
2EE3000
|
trusted library allocation
|
page read and write
|
||
|
1540000
|
trusted library allocation
|
page read and write
|
||
|
1FB0844A000
|
heap
|
page read and write
|
||
|
1FB08456000
|
heap
|
page read and write
|
||
|
1FB087A7000
|
heap
|
page read and write
|
||
|
11A7000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FB087A7000
|
heap
|
page read and write
|
||
|
1291000
|
heap
|
page read and write
|
||
|
2F93000
|
trusted library allocation
|
page read and write
|
||
|
1590000
|
trusted library section
|
page read and write
|
||
|
1FB08252000
|
heap
|
page read and write
|
||
|
1FB0875B000
|
heap
|
page read and write
|
||
|
1FB08673000
|
heap
|
page read and write
|
||
|
72E14FF000
|
stack
|
page read and write
|
||
|
1FB08253000
|
heap
|
page read and write
|
||
|
1FB08446000
|
heap
|
page read and write
|
||
|
1FB08446000
|
heap
|
page read and write
|
||
|
1FB08460000
|
heap
|
page read and write
|
||
|
1FB0846B000
|
heap
|
page read and write
|
||
|
1FB063F0000
|
heap
|
page read and write
|
||
|
1FB0872C000
|
heap
|
page read and write
|
||
|
1FB086CB000
|
heap
|
page read and write
|
||
|
1FB0826E000
|
heap
|
page read and write
|
||
|
553F000
|
stack
|
page read and write
|
||
|
1FB08740000
|
heap
|
page read and write
|
||
|
5CBE000
|
stack
|
page read and write
|
||
|
1FB086E1000
|
heap
|
page read and write
|
||
|
2F9B000
|
trusted library allocation
|
page read and write
|
||
|
1FB08720000
|
heap
|
page read and write
|
||
|
1FB08260000
|
heap
|
page read and write
|
||
|
1FB08433000
|
heap
|
page read and write
|
||
|
14BE000
|
direct allocation
|
page execute and read and write
|
||
|
1FB08258000
|
heap
|
page read and write
|
||
|
1FB08671000
|
heap
|
page read and write
|
||
|
1FB0846B000
|
heap
|
page read and write
|
||
|
1FB0826E000
|
heap
|
page read and write
|
||
|
14DE000
|
stack
|
page read and write
|
||
|
72E15FF000
|
stack
|
page read and write
|
||
|
1668000
|
direct allocation
|
page execute and read and write
|
||
|
1FB0874A000
|
heap
|
page read and write
|
||
|
1FB0823F000
|
heap
|
page read and write
|
||
|
2EB1000
|
trusted library allocation
|
page read and write
|
||
|
1FB08676000
|
heap
|
page read and write
|
||
|
1FB0875C000
|
heap
|
page read and write
|
||
|
1FB0846B000
|
heap
|
page read and write
|
||
|
1FB0875D000
|
heap
|
page read and write
|
||
|
1FB08444000
|
heap
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
1FB08748000
|
heap
|
page read and write
|
||
|
1FB0824F000
|
heap
|
page read and write
|
||
|
1FB08444000
|
heap
|
page read and write
|
||
|
618E000
|
stack
|
page read and write
|
||
|
1FB086BD000
|
heap
|
page read and write
|
||
|
1FB08467000
|
heap
|
page read and write
|
||
|
1FB0875A000
|
heap
|
page read and write
|
||
|
1FB08B80000
|
heap
|
page read and write
|
||
|
1FB08748000
|
heap
|
page read and write
|
||
|
1FB086CE000
|
heap
|
page read and write
|
||
|
1FB08446000
|
heap
|
page read and write
|
||
|
1FB08253000
|
heap
|
page read and write
|
||
|
11C0000
|
heap
|
page read and write
|
||
|
1FB086BD000
|
heap
|
page read and write
|
||
|
1FB06352000
|
heap
|
page read and write
|
||
|
1FB083F6000
|
heap
|
page read and write
|
||
|
1FB08751000
|
heap
|
page read and write
|
||
|
1FB08446000
|
heap
|
page read and write
|
||
|
1FB0636E000
|
heap
|
page read and write
|
||
|
1FB08244000
|
heap
|
page read and write
|
||
|
72E16FF000
|
stack
|
page read and write
|
||
|
1FB08267000
|
heap
|
page read and write
|
||
|
1FB0823F000
|
heap
|
page read and write
|
||
|
1FB06100000
|
heap
|
page read and write
|
||
|
1FB0844E000
|
heap
|
page read and write
|
||
|
1FB08263000
|
heap
|
page read and write
|
||
|
1FB061E0000
|
heap
|
page read and write
|
||
|
1FB0823E000
|
heap
|
page read and write
|
||
|
72E10F9000
|
stack
|
page read and write
|
||
|
1FB08446000
|
heap
|
page read and write
|
||
|
1FB08247000
|
heap
|
page read and write
|
||
|
1FB082DA000
|
heap
|
page read and write
|
||
|
C9E000
|
unkown
|
page readonly
|
||
|
1FB086FF000
|
heap
|
page read and write
|
||
|
1FB08451000
|
heap
|
page read and write
|
||
|
1FB08464000
|
heap
|
page read and write
|
||
|
1FB086CE000
|
heap
|
page read and write
|
||
|
1FB08465000
|
heap
|
page read and write
|
||
|
DA5000
|
heap
|
page read and write
|
||
|
1FB0845D000
|
heap
|
page read and write
|
||
|
1FB08449000
|
heap
|
page read and write
|
||
|
1FB0846B000
|
heap
|
page read and write
|
||
|
1FB08745000
|
heap
|
page read and write
|
||
|
1FB087AA000
|
heap
|
page read and write
|
||
|
1FB0842F000
|
heap
|
page read and write
|
||
|
1FB087AA000
|
heap
|
page read and write
|
||
|
1FB08736000
|
heap
|
page read and write
|
||
|
1FB0845F000
|
heap
|
page read and write
|
||
|
1FB08170000
|
heap
|
page read and write
|
||
|
1FB08426000
|
heap
|
page read and write
|
||
|
1FB08201000
|
heap
|
page read and write
|
||
|
1FB08725000
|
heap
|
page read and write
|
||
|
1FB0873E000
|
heap
|
page read and write
|
||
|
2FB2000
|
trusted library allocation
|
page read and write
|
||
|
1FB08096000
|
heap
|
page read and write
|
||
|
57BF000
|
stack
|
page read and write
|
||
|
300E000
|
trusted library allocation
|
page read and write
|
||
|
1FB08760000
|
heap
|
page read and write
|
||
|
1FB0874E000
|
heap
|
page read and write
|
||
|
1FB0846D000
|
heap
|
page read and write
|
||
|
1FB08462000
|
heap
|
page read and write
|
||
|
1FB08724000
|
heap
|
page read and write
|
||
|
1FB08256000
|
heap
|
page read and write
|
||
|
1FB08201000
|
heap
|
page read and write
|
||
|
1FB0873F000
|
heap
|
page read and write
|
||
|
1FB08734000
|
heap
|
page read and write
|
||
|
1FB0824F000
|
heap
|
page read and write
|
||
|
15D1000
|
direct allocation
|
page execute and read and write
|
||
|
1FB0826E000
|
heap
|
page read and write
|
||
|
1FB0636E000
|
heap
|
page read and write
|
||
|
1FB0633E000
|
heap
|
page read and write
|
||
|
2FC2000
|
trusted library allocation
|
page read and write
|
||
|
3072000
|
trusted library allocation
|
page read and write
|
||
|
1FB0873A000
|
heap
|
page read and write
|
||
|
153C000
|
stack
|
page read and write
|
||
|
1FB08745000
|
heap
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
1FB08269000
|
heap
|
page read and write
|
||
|
1FB0824C000
|
heap
|
page read and write
|
||
|
5F66000
|
heap
|
page read and write
|
||
|
1190000
|
trusted library allocation
|
page read and write
|
||
|
1FB08763000
|
heap
|
page read and write
|
||
|
1FB08754000
|
heap
|
page read and write
|
||
|
1FB08446000
|
heap
|
page read and write
|
||
|
2F91000
|
trusted library allocation
|
page read and write
|
||
|
1FB0843C000
|
heap
|
page read and write
|
||
|
1FB08744000
|
heap
|
page read and write
|
||
|
1860000
|
heap
|
page read and write
|
||
|
1FB08745000
|
heap
|
page read and write
|
||
|
1FB08459000
|
heap
|
page read and write
|
||
|
1FB08678000
|
heap
|
page read and write
|
||
|
118D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3067000
|
trusted library allocation
|
page read and write
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
1FB08734000
|
heap
|
page read and write
|
||
|
1FB08674000
|
heap
|
page read and write
|
||
|
1FB08266000
|
heap
|
page read and write
|
||
|
1FB0854A000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
1FB08454000
|
heap
|
page read and write
|
||
|
1FB08238000
|
heap
|
page read and write
|
||
|
11A0000
|
trusted library allocation
|
page read and write
|
||
|
1FB08427000
|
heap
|
page read and write
|
||
|
1FB08457000
|
heap
|
page read and write
|
||
|
1FB08447000
|
heap
|
page read and write
|
||
|
1FB08269000
|
heap
|
page read and write
|
||
|
634E000
|
stack
|
page read and write
|
||
|
1FB08760000
|
heap
|
page read and write
|
||
|
1FB08245000
|
heap
|
page read and write
|
||
|
1FB08711000
|
heap
|
page read and write
|
||
|
1FB08756000
|
heap
|
page read and write
|
||
|
1FB0636E000
|
heap
|
page read and write
|
||
|
1FB08799000
|
heap
|
page read and write
|
||
|
1FB0825B000
|
heap
|
page read and write
|
||
|
1FB08764000
|
heap
|
page read and write
|
||
|
1FB086CB000
|
heap
|
page read and write
|
||
|
1FB083FE000
|
heap
|
page read and write
|
||
|
1FB08258000
|
heap
|
page read and write
|
||
|
1FB0824D000
|
heap
|
page read and write
|
||
|
2FCF000
|
trusted library allocation
|
page read and write
|
||
|
113E000
|
stack
|
page read and write
|
||
|
1FB08422000
|
heap
|
page read and write
|
||
|
57FD000
|
stack
|
page read and write
|
||
|
1FB08264000
|
heap
|
page read and write
|
||
|
1FB08465000
|
heap
|
page read and write
|
||
|
14F0000
|
heap
|
page read and write
|
||
|
1FB0826E000
|
heap
|
page read and write
|
||
|
1569000
|
trusted library allocation
|
page read and write
|
||
|
5F3E000
|
stack
|
page read and write
|
||
|
1FB0834B000
|
heap
|
page read and write
|
||
|
1FB08738000
|
heap
|
page read and write
|
||
|
1FB08456000
|
heap
|
page read and write
|
||
|
1FB0844F000
|
heap
|
page read and write
|
||
|
1FB08748000
|
heap
|
page read and write
|
||
|
1FB08723000
|
heap
|
page read and write
|
||
|
1560000
|
trusted library allocation
|
page read and write
|
||
|
1FB08797000
|
heap
|
page read and write
|
||
|
1FB06349000
|
heap
|
page read and write
|
||
|
1FB08724000
|
heap
|
page read and write
|
||
|
1FB080F1000
|
heap
|
page read and write
|
||
|
1FB0825F000
|
heap
|
page read and write
|
||
|
5B7F000
|
stack
|
page read and write
|
||
|
5CFE000
|
stack
|
page read and write
|
||
|
1FB08260000
|
heap
|
page read and write
|
||
|
1FB08201000
|
heap
|
page read and write
|
||
|
1FB087AA000
|
heap
|
page read and write
|
||
|
1FB0875E000
|
heap
|
page read and write
|
||
|
1FB08462000
|
heap
|
page read and write
|
||
|
1FB086CB000
|
heap
|
page read and write
|
||
|
1FB08670000
|
heap
|
page read and write
|
||
|
1FB08465000
|
heap
|
page read and write
|
||
|
1FB08422000
|
heap
|
page read and write
|
||
|
63D0000
|
trusted library section
|
page read and write
|
||
|
1FB08446000
|
heap
|
page read and write
|
||
|
1FB08E50000
|
heap
|
page read and write
|
||
|
1FB08752000
|
heap
|
page read and write
|
||
|
1FB08747000
|
heap
|
page read and write
|
||
|
1FB08753000
|
heap
|
page read and write
|
||
|
1490000
|
trusted library allocation
|
page read and write
|
||
|
1FB0826E000
|
heap
|
page read and write
|
||
|
1FB08446000
|
heap
|
page read and write
|
||
|
1FB06200000
|
heap
|
page read and write
|
||
|
1FB08465000
|
heap
|
page read and write
|
||
|
1FB0840F000
|
heap
|
page read and write
|
||
|
1FB08724000
|
heap
|
page read and write
|
||
|
1FB08738000
|
heap
|
page read and write
|
||
|
1FB08799000
|
heap
|
page read and write
|
||
|
1FB08468000
|
heap
|
page read and write
|
||
|
5BBE000
|
stack
|
page read and write
|
||
|
1FB0825E000
|
heap
|
page read and write
|
||
|
1FB0845D000
|
heap
|
page read and write
|
||
|
1FB0846D000
|
heap
|
page read and write
|
||
|
1FB08244000
|
heap
|
page read and write
|
||
|
1FB086C3000
|
heap
|
page read and write
|
||
|
1FB08720000
|
heap
|
page read and write
|
||
|
1FB086BD000
|
heap
|
page read and write
|
||
|
1FB08247000
|
heap
|
page read and write
|
||
|
1FB08269000
|
heap
|
page read and write
|
||
|
1FB08751000
|
heap
|
page read and write
|
||
|
1FB08252000
|
heap
|
page read and write
|
||
|
1FB08451000
|
heap
|
page read and write
|
||
|
1FB062A6000
|
heap
|
page read and write
|
||
|
1FB0867C000
|
heap
|
page read and write
|
||
|
1FB0875D000
|
heap
|
page read and write
|
||
|
1FB08724000
|
heap
|
page read and write
|
||
|
1570000
|
trusted library allocation
|
page execute and read and write
|
||
|
72E1AFC000
|
stack
|
page read and write
|
||
|
1FB08758000
|
heap
|
page read and write
|
||
|
1232000
|
heap
|
page read and write
|
||
|
1FB086B7000
|
heap
|
page read and write
|
||
|
1FB086CF000
|
heap
|
page read and write
|
||
|
1FB0875C000
|
heap
|
page read and write
|
||
|
1FB08394000
|
heap
|
page read and write
|
||
|
1320000
|
direct allocation
|
page execute and read and write
|
||
|
1FB0846A000
|
heap
|
page read and write
|
||
|
1FB08522000
|
heap
|
page read and write
|
||
|
1FB0825F000
|
heap
|
page read and write
|
||
|
1FB08201000
|
heap
|
page read and write
|
||
|
1FB0842E000
|
heap
|
page read and write
|
||
|
2FCB000
|
trusted library allocation
|
page read and write
|
||
|
1FB08463000
|
heap
|
page read and write
|
||
|
11C8000
|
heap
|
page read and write
|
||
|
1FB0846B000
|
heap
|
page read and write
|
||
|
1FB086D0000
|
heap
|
page read and write
|
||
|
1FB08423000
|
heap
|
page read and write
|
||
|
1FB0873D000
|
heap
|
page read and write
|
||
|
1FB08440000
|
heap
|
page read and write
|
||
|
1FB08471000
|
heap
|
page read and write
|
||
|
2FF5000
|
trusted library allocation
|
page read and write
|
||
|
1FB0633E000
|
heap
|
page read and write
|
||
|
1FB0825E000
|
heap
|
page read and write
|
||
|
1FB08797000
|
heap
|
page read and write
|
||
|
1FB080AE000
|
heap
|
page read and write
|
||
|
1FB080B9000
|
heap
|
page read and write
|
||
|
3074000
|
trusted library allocation
|
page read and write
|
||
|
1FB08423000
|
heap
|
page read and write
|
||
|
1FB0825E000
|
heap
|
page read and write
|
||
|
1FB0824F000
|
heap
|
page read and write
|
||
|
1FB08DC0000
|
heap
|
page read and write
|
||
|
1FB087A8000
|
heap
|
page read and write
|
There are 592 hidden memdumps, click here to show them.