Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
DHL_CBJ520818836689.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DHL_CBJ520818836689.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmpF480.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\NUIrgpbyGwup.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\NUIrgpbyGwup.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NUIrgpbyGwup.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\boqXv.exe.log
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1oqqzedb.fmq.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_glwj0bdw.hzh.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ivaa1yns.bqr.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_moyvxsmo.iwb.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nrksxopq.q21.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pkjoqh33.5zo.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yl1zogya.jfv.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ytrqmasb.0t4.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp578.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\boqXv\boqXv.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
modified
|
||
|
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 9 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\DHL_CBJ520818836689.exe
|
"C:\Users\user\Desktop\DHL_CBJ520818836689.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\DHL_CBJ520818836689.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\NUIrgpbyGwup.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\NUIrgpbyGwup" /XML "C:\Users\user\AppData\Local\Temp\tmpF480.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\NUIrgpbyGwup.exe
|
C:\Users\user\AppData\Roaming\NUIrgpbyGwup.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\NUIrgpbyGwup" /XML "C:\Users\user\AppData\Local\Temp\tmp578.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\boqXv\boqXv.exe
|
"C:\Users\user\AppData\Roaming\boqXv\boqXv.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\boqXv\boqXv.exe
|
"C:\Users\user\AppData\Roaming\boqXv\boqXv.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 8 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
http://mail.azmaplast.com
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
https://www.chiark.greenend.org.uk/~sgtatham/putty/0
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://www.typography.netD
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
There are 19 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.azmaplast.com
|
193.141.65.39
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
193.141.65.39
|
mail.azmaplast.com
|
Iran (ISLAMIC Republic Of)
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
boqXv
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2BE9000
|
trusted library allocation
|
page read and write
|
|
|
|
409B000
|
trusted library allocation
|
page read and write
|
|
|
|
2B7C000
|
trusted library allocation
|
page read and write
|
|
|
|
31D2000
|
trusted library allocation
|
page read and write
|
|
|
|
3181000
|
trusted library allocation
|
page read and write
|
|
|
|
2BE1000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
4461000
|
trusted library allocation
|
page read and write
|
|
|
|
112D000
|
trusted library allocation
|
page execute and read and write
|
||
|
8CC000
|
stack
|
page read and write
|
||
|
1240000
|
trusted library allocation
|
page read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
16BE000
|
stack
|
page read and write
|
||
|
676E000
|
stack
|
page read and write
|
||
|
8F2000
|
trusted library allocation
|
page read and write
|
||
|
6C6E000
|
stack
|
page read and write
|
||
|
696E000
|
stack
|
page read and write
|
||
|
5100000
|
trusted library allocation
|
page read and write
|
||
|
3130000
|
trusted library allocation
|
page read and write
|
||
|
2588000
|
trusted library allocation
|
page read and write
|
||
|
51DF000
|
stack
|
page read and write
|
||
|
51F4000
|
trusted library section
|
page readonly
|
||
|
A48000
|
heap
|
page read and write
|
||
|
34E9000
|
trusted library allocation
|
page read and write
|
||
|
17BF000
|
stack
|
page read and write
|
||
|
7880000
|
heap
|
page read and write
|
||
|
50DE000
|
stack
|
page read and write
|
||
|
5D5000
|
heap
|
page read and write
|
||
|
2DBA000
|
heap
|
page read and write
|
||
|
7500000
|
heap
|
page read and write
|
||
|
12000
|
unkown
|
page readonly
|
||
|
8AE000
|
stack
|
page read and write
|
||
|
6081000
|
heap
|
page read and write
|
||
|
4D10000
|
heap
|
page read and write
|
||
|
3B71000
|
trusted library allocation
|
page read and write
|
||
|
716E000
|
stack
|
page read and write
|
||
|
13F0000
|
trusted library allocation
|
page read and write
|
||
|
1050000
|
trusted library allocation
|
page read and write
|
||
|
E0D000
|
heap
|
page read and write
|
||
|
7180000
|
trusted library allocation
|
page execute and read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
4643000
|
trusted library allocation
|
page read and write
|
||
|
662C000
|
trusted library allocation
|
page read and write
|
||
|
D2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
8E6000
|
trusted library allocation
|
page execute and read and write
|
||
|
F03000
|
heap
|
page read and write
|
||
|
10E0000
|
heap
|
page read and write
|
||
|
1147000
|
trusted library allocation
|
page execute and read and write
|
||
|
5C8000
|
heap
|
page read and write
|
||
|
2D4E000
|
unkown
|
page read and write
|
||
|
5CAE000
|
stack
|
page read and write
|
||
|
57FE000
|
stack
|
page read and write
|
||
|
5BD0000
|
heap
|
page read and write
|
||
|
7AEE000
|
stack
|
page read and write
|
||
|
5200000
|
heap
|
page read and write
|
||
|
4BB0000
|
trusted library allocation
|
page read and write
|
||
|
2B21000
|
trusted library allocation
|
page read and write
|
||
|
51E0000
|
heap
|
page execute and read and write
|
||
|
C75000
|
heap
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
5110000
|
heap
|
page execute and read and write
|
||
|
2470000
|
trusted library allocation
|
page read and write
|
||
|
645E000
|
stack
|
page read and write
|
||
|
532E000
|
stack
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
31D0000
|
trusted library allocation
|
page read and write
|
||
|
11EE000
|
stack
|
page read and write
|
||
|
10C4000
|
trusted library allocation
|
page read and write
|
||
|
2D0E000
|
unkown
|
page read and write
|
||
|
2DB0000
|
heap
|
page read and write
|
||
|
62A0000
|
trusted library allocation
|
page read and write
|
||
|
DCC000
|
heap
|
page read and write
|
||
|
45DC000
|
stack
|
page read and write
|
||
|
148E000
|
stack
|
page read and write
|
||
|
2B81000
|
trusted library allocation
|
page read and write
|
||
|
A70000
|
heap
|
page execute and read and write
|
||
|
49D0000
|
trusted library section
|
page readonly
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
2B60000
|
heap
|
page execute and read and write
|
||
|
43E000
|
remote allocation
|
page execute and read and write
|
||
|
5220000
|
trusted library allocation
|
page execute and read and write
|
||
|
73FE000
|
stack
|
page read and write
|
||
|
86E000
|
stack
|
page read and write
|
||
|
4E3E000
|
stack
|
page read and write
|
||
|
50D0000
|
trusted library allocation
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
1230000
|
trusted library allocation
|
page read and write
|
||
|
4B90000
|
heap
|
page read and write
|
||
|
4F3E000
|
stack
|
page read and write
|
||
|
CBC0000
|
heap
|
page read and write
|
||
|
FC9000
|
stack
|
page read and write
|
||
|
3155000
|
trusted library allocation
|
page read and write
|
||
|
1160000
|
trusted library allocation
|
page read and write
|
||
|
2FDE000
|
stack
|
page read and write
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
4565000
|
trusted library allocation
|
page read and write
|
||
|
A52000
|
heap
|
page read and write
|
||
|
6640000
|
trusted library allocation
|
page execute and read and write
|
||
|
69A0000
|
trusted library allocation
|
page read and write
|
||
|
2AFE000
|
stack
|
page read and write
|
||
|
2D8F000
|
unkown
|
page read and write
|
||
|
6AAE000
|
stack
|
page read and write
|
||
|
2C6D000
|
trusted library allocation
|
page read and write
|
||
|
1190000
|
trusted library allocation
|
page read and write
|
||
|
C5D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FAF000
|
stack
|
page read and write
|
||
|
1090000
|
trusted library allocation
|
page read and write
|
||
|
244B000
|
trusted library allocation
|
page read and write
|
||
|
50C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
51FE000
|
stack
|
page read and write
|
||
|
555E000
|
stack
|
page read and write
|
||
|
EBE000
|
stack
|
page read and write
|
||
|
2B71000
|
trusted library allocation
|
page read and write
|
||
|
50E0000
|
trusted library allocation
|
page read and write
|
||
|
7D2C000
|
stack
|
page read and write
|
||
|
6150000
|
trusted library allocation
|
page read and write
|
||
|
1013000
|
trusted library allocation
|
page execute and read and write
|
||
|
D50000
|
heap
|
page read and write
|
||
|
137E000
|
stack
|
page read and write
|
||
|
23FF000
|
stack
|
page read and write
|
||
|
69B0000
|
trusted library allocation
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
6A10000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B0C000
|
stack
|
page read and write
|
||
|
104E000
|
stack
|
page read and write
|
||
|
65DD000
|
stack
|
page read and write
|
||
|
12CE000
|
stack
|
page read and write
|
||
|
61C7000
|
trusted library allocation
|
page read and write
|
||
|
6432000
|
heap
|
page read and write
|
||
|
7510000
|
heap
|
page read and write
|
||
|
1420000
|
trusted library allocation
|
page read and write
|
||
|
6CA0000
|
trusted library section
|
page read and write
|
||
|
D8A000
|
heap
|
page read and write
|
||
|
2B53000
|
heap
|
page read and write
|
||
|
5515000
|
heap
|
page read and write
|
||
|
127E000
|
stack
|
page read and write
|
||
|
DB5000
|
heap
|
page read and write
|
||
|
29CE000
|
stack
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
6038000
|
heap
|
page read and write
|
||
|
1416000
|
trusted library allocation
|
page execute and read and write
|
||
|
6790000
|
heap
|
page read and write
|
||
|
1124000
|
trusted library allocation
|
page read and write
|
||
|
4D0D000
|
stack
|
page read and write
|
||
|
1422000
|
trusted library allocation
|
page read and write
|
||
|
55CE000
|
stack
|
page read and write
|
||
|
A38000
|
heap
|
page read and write
|
||
|
15B6000
|
heap
|
page read and write
|
||
|
2C5D000
|
stack
|
page read and write
|
||
|
4BC000
|
stack
|
page read and write
|
||
|
F10000
|
trusted library allocation
|
page read and write
|
||
|
C7E000
|
stack
|
page read and write
|
||
|
C30000
|
trusted library allocation
|
page read and write
|
||
|
2B00000
|
trusted library allocation
|
page read and write
|
||
|
5188000
|
trusted library allocation
|
page read and write
|
||
|
2B1E000
|
trusted library allocation
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
245E000
|
trusted library allocation
|
page read and write
|
||
|
8CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
30E4000
|
trusted library allocation
|
page read and write
|
||
|
6030000
|
heap
|
page read and write
|
||
|
2B26000
|
trusted library allocation
|
page read and write
|
||
|
29E0000
|
heap
|
page read and write
|
||
|
1490000
|
trusted library allocation
|
page execute and read and write
|
||
|
272F000
|
trusted library allocation
|
page read and write
|
||
|
7C2B000
|
stack
|
page read and write
|
||
|
49E0000
|
heap
|
page read and write
|
||
|
2C9A000
|
stack
|
page read and write
|
||
|
B20000
|
trusted library allocation
|
page execute and read and write
|
||
|
49F0000
|
heap
|
page read and write
|
||
|
C7B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1045000
|
trusted library allocation
|
page execute and read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
7F260000
|
trusted library allocation
|
page execute and read and write
|
||
|
1380000
|
heap
|
page read and write
|
||
|
D1DE000
|
stack
|
page read and write
|
||
|
51F0000
|
trusted library section
|
page readonly
|
||
|
1060000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
8BA000
|
stack
|
page read and write
|
||
|
2B2E000
|
trusted library allocation
|
page read and write
|
||
|
63DB000
|
stack
|
page read and write
|
||
|
8FB000
|
trusted library allocation
|
page execute and read and write
|
||
|
D32000
|
trusted library allocation
|
page read and write
|
||
|
29FC000
|
stack
|
page read and write
|
||
|
1070000
|
trusted library allocation
|
page execute and read and write
|
||
|
1042000
|
trusted library allocation
|
page read and write
|
||
|
114B000
|
trusted library allocation
|
page execute and read and write
|
||
|
11A0000
|
heap
|
page read and write
|
||
|
D2DF000
|
stack
|
page read and write
|
||
|
D10000
|
trusted library allocation
|
page read and write
|
||
|
B57000
|
heap
|
page read and write
|
||
|
3B61000
|
trusted library allocation
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
34E1000
|
trusted library allocation
|
page read and write
|
||
|
2B0B000
|
trusted library allocation
|
page read and write
|
||
|
30C0000
|
heap
|
page read and write
|
||
|
701E000
|
stack
|
page read and write
|
||
|
10DF000
|
stack
|
page read and write
|
||
|
1250000
|
heap
|
page read and write
|
||
|
2490000
|
trusted library allocation
|
page read and write
|
||
|
6A00000
|
trusted library allocation
|
page read and write
|
||
|
4D60000
|
heap
|
page read and write
|
||
|
6AEE000
|
stack
|
page read and write
|
||
|
668E000
|
stack
|
page read and write
|
||
|
292D000
|
stack
|
page read and write
|
||
|
2A50000
|
heap
|
page execute and read and write
|
||
|
29B0000
|
heap
|
page execute and read and write
|
||
|
2D4E000
|
unkown
|
page read and write
|
||
|
159C000
|
heap
|
page read and write
|
||
|
13E0000
|
trusted library allocation
|
page read and write
|
||
|
717E000
|
stack
|
page read and write
|
||
|
57BC000
|
stack
|
page read and write
|
||
|
CE5000
|
heap
|
page read and write
|
||
|
CCFD000
|
stack
|
page read and write
|
||
|
13FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
6A6F000
|
stack
|
page read and write
|
||
|
D31C000
|
stack
|
page read and write
|
||
|
4B78000
|
trusted library allocation
|
page read and write
|
||
|
1036000
|
trusted library allocation
|
page execute and read and write
|
||
|
39C1000
|
trusted library allocation
|
page read and write
|
||
|
6D9E000
|
stack
|
page read and write
|
||
|
6140000
|
trusted library allocation
|
page read and write
|
||
|
2B70000
|
heap
|
page execute and read and write
|
||
|
74FE000
|
stack
|
page read and write
|
||
|
3134000
|
trusted library allocation
|
page read and write
|
||
|
1020000
|
trusted library allocation
|
page read and write
|
||
|
41A9000
|
trusted library allocation
|
page read and write
|
||
|
B8DD000
|
stack
|
page read and write
|
||
|
10B0000
|
trusted library allocation
|
page read and write
|
||
|
7D6E000
|
stack
|
page read and write
|
||
|
D41C000
|
stack
|
page read and write
|
||
|
2B10000
|
trusted library allocation
|
page read and write
|
||
|
2B31000
|
trusted library allocation
|
page read and write
|
||
|
3BA9000
|
trusted library allocation
|
page read and write
|
||
|
606E000
|
heap
|
page read and write
|
||
|
2466000
|
trusted library allocation
|
page read and write
|
||
|
BCDE000
|
stack
|
page read and write
|
||
|
6CC0000
|
heap
|
page read and write
|
||
|
C97E000
|
stack
|
page read and write
|
||
|
D70000
|
trusted library allocation
|
page execute and read and write
|
||
|
8E2000
|
trusted library allocation
|
page read and write
|
||
|
1140000
|
trusted library allocation
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
D2000
|
unkown
|
page readonly
|
||
|
24D0000
|
heap
|
page read and write
|
||
|
6048000
|
heap
|
page read and write
|
||
|
2BC4000
|
trusted library allocation
|
page read and write
|
||
|
2B36000
|
trusted library allocation
|
page read and write
|
||
|
F18000
|
heap
|
page read and write
|
||
|
629E000
|
stack
|
page read and write
|
||
|
D20000
|
trusted library allocation
|
page read and write
|
||
|
692E000
|
stack
|
page read and write
|
||
|
43DA000
|
trusted library allocation
|
page read and write
|
||
|
7884000
|
heap
|
page read and write
|
||
|
2B42000
|
trusted library allocation
|
page read and write
|
||
|
3B79000
|
trusted library allocation
|
page read and write
|
||
|
49F3000
|
heap
|
page read and write
|
||
|
14B0000
|
trusted library allocation
|
page read and write
|
||
|
7E6E000
|
stack
|
page read and write
|
||
|
6600000
|
trusted library allocation
|
page read and write
|
||
|
30E6000
|
trusted library allocation
|
page read and write
|
||
|
D75000
|
heap
|
page read and write
|
||
|
4D20000
|
heap
|
page read and write
|
||
|
5898000
|
trusted library allocation
|
page read and write
|
||
|
8F7000
|
trusted library allocation
|
page execute and read and write
|
||
|
63F000
|
heap
|
page read and write
|
||
|
D4B000
|
trusted library allocation
|
page execute and read and write
|
||
|
5D2E000
|
stack
|
page read and write
|
||
|
17FC000
|
stack
|
page read and write
|
||
|
546E000
|
stack
|
page read and write
|
||
|
587E000
|
stack
|
page read and write
|
||
|
1196000
|
trusted library allocation
|
page read and write
|
||
|
1400000
|
trusted library allocation
|
page read and write
|
||
|
D8E000
|
heap
|
page read and write
|
||
|
69FE000
|
stack
|
page read and write
|
||
|
727F000
|
stack
|
page read and write
|
||
|
D47000
|
trusted library allocation
|
page execute and read and write
|
||
|
1257000
|
heap
|
page read and write
|
||
|
49C5000
|
heap
|
page read and write
|
||
|
2B1E000
|
trusted library allocation
|
page read and write
|
||
|
59D000
|
stack
|
page read and write
|
||
|
116E000
|
stack
|
page read and write
|
||
|
3030000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
8C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
29D0000
|
heap
|
page read and write
|
||
|
F54000
|
heap
|
page read and write
|
||
|
3149000
|
trusted library allocation
|
page read and write
|
||
|
D1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
61C0000
|
trusted library allocation
|
page read and write
|
||
|
465F000
|
trusted library allocation
|
page read and write
|
||
|
787E000
|
stack
|
page read and write
|
||
|
122B000
|
stack
|
page read and write
|
||
|
50BF000
|
stack
|
page read and write
|
||
|
102D000
|
trusted library allocation
|
page execute and read and write
|
||
|
10C0000
|
trusted library allocation
|
page read and write
|
||
|
B30000
|
trusted library allocation
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
243C000
|
stack
|
page read and write
|
||
|
830000
|
unkown
|
page readonly
|
||
|
7190000
|
trusted library allocation
|
page read and write
|
||
|
86E000
|
stack
|
page read and write
|
||
|
3170000
|
heap
|
page read and write
|
||
|
3BDA000
|
trusted library allocation
|
page read and write
|
||
|
50E6000
|
trusted library allocation
|
page read and write
|
||
|
1194000
|
trusted library allocation
|
page read and write
|
||
|
141A000
|
trusted library allocation
|
page execute and read and write
|
||
|
5120000
|
heap
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
3B99000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
1180000
|
trusted library allocation
|
page read and write
|
||
|
6560000
|
trusted library allocation
|
page read and write
|
||
|
31DA000
|
trusted library allocation
|
page read and write
|
||
|
49A0000
|
heap
|
page read and write
|
||
|
73BE000
|
stack
|
page read and write
|
||
|
405B000
|
trusted library allocation
|
page read and write
|
||
|
6137000
|
trusted library allocation
|
page read and write
|
||
|
625F000
|
stack
|
page read and write
|
||
|
8C0000
|
trusted library allocation
|
page read and write
|
||
|
6960000
|
trusted library allocation
|
page execute and read and write
|
||
|
545E000
|
stack
|
page read and write
|
||
|
2B16000
|
trusted library allocation
|
page read and write
|
||
|
4187000
|
trusted library allocation
|
page read and write
|
||
|
3124000
|
trusted library allocation
|
page read and write
|
||
|
D36000
|
trusted library allocation
|
page execute and read and write
|
||
|
D0A0000
|
heap
|
page read and write
|
||
|
8DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
CBE000
|
stack
|
page read and write
|
||
|
2BDF000
|
trusted library allocation
|
page read and write
|
||
|
296A000
|
stack
|
page read and write
|
||
|
24C0000
|
trusted library allocation
|
page read and write
|
||
|
14F5000
|
heap
|
page read and write
|
||
|
2DCC000
|
heap
|
page read and write
|
||
|
62B0000
|
trusted library allocation
|
page read and write
|
||
|
3B81000
|
trusted library allocation
|
page read and write
|
||
|
4980000
|
trusted library allocation
|
page read and write
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
2B3D000
|
trusted library allocation
|
page read and write
|
||
|
E1B000
|
heap
|
page read and write
|
||
|
CABD000
|
stack
|
page read and write
|
||
|
D60000
|
trusted library allocation
|
page read and write
|
||
|
2440000
|
trusted library allocation
|
page read and write
|
||
|
4D0D000
|
stack
|
page read and write
|
||
|
A1F000
|
stack
|
page read and write
|
||
|
6770000
|
heap
|
page read and write
|
||
|
2782000
|
trusted library allocation
|
page read and write
|
||
|
4986000
|
trusted library allocation
|
page read and write
|
||
|
CE3E000
|
stack
|
page read and write
|
||
|
559E000
|
stack
|
page read and write
|
||
|
4CFD000
|
stack
|
page read and write
|
||
|
4D4E000
|
heap
|
page read and write
|
||
|
78B3000
|
heap
|
page read and write
|
||
|
4F70000
|
heap
|
page execute and read and write
|
||
|
D5A000
|
heap
|
page read and write
|
||
|
5BC0000
|
heap
|
page read and write
|
||
|
C0E000
|
stack
|
page read and write
|
||
|
301F000
|
stack
|
page read and write
|
||
|
D13000
|
trusted library allocation
|
page execute and read and write
|
||
|
E6D000
|
heap
|
page read and write
|
||
|
11A0000
|
heap
|
page read and write
|
||
|
2DB8000
|
heap
|
page read and write
|
||
|
BCF000
|
stack
|
page read and write
|
||
|
5270000
|
heap
|
page execute and read and write
|
||
|
7EAE000
|
stack
|
page read and write
|
||
|
DC3000
|
heap
|
page read and write
|
||
|
1114000
|
trusted library allocation
|
page read and write
|
||
|
CA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
50A0000
|
heap
|
page read and write
|
||
|
12E5000
|
heap
|
page read and write
|
||
|
2461000
|
trusted library allocation
|
page read and write
|
||
|
9CA000
|
stack
|
page read and write
|
||
|
5510000
|
heap
|
page read and write
|
||
|
4FBE000
|
stack
|
page read and write
|
||
|
541E000
|
stack
|
page read and write
|
||
|
8D0000
|
trusted library allocation
|
page read and write
|
||
|
CBBD000
|
stack
|
page read and write
|
||
|
1810000
|
heap
|
page read and write
|
||
|
536E000
|
stack
|
page read and write
|
||
|
2B61000
|
trusted library allocation
|
page read and write
|
||
|
5AE000
|
heap
|
page read and write
|
||
|
D42000
|
trusted library allocation
|
page read and write
|
||
|
2B40000
|
trusted library allocation
|
page read and write
|
||
|
C54000
|
trusted library allocation
|
page read and write
|
||
|
531C000
|
stack
|
page read and write
|
||
|
A6E000
|
stack
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
1047000
|
trusted library allocation
|
page execute and read and write
|
||
|
29C1000
|
trusted library allocation
|
page read and write
|
||
|
6042000
|
heap
|
page read and write
|
||
|
5B9000
|
stack
|
page read and write
|
||
|
D55E000
|
stack
|
page read and write
|
||
|
8E0000
|
trusted library allocation
|
page read and write
|
||
|
2B2A000
|
trusted library allocation
|
page read and write
|
||
|
D64000
|
heap
|
page read and write
|
||
|
1060000
|
trusted library allocation
|
page read and write
|
||
|
4602000
|
trusted library allocation
|
page read and write
|
||
|
2DCD000
|
trusted library allocation
|
page read and write
|
||
|
D30000
|
trusted library allocation
|
page read and write
|
||
|
9EE000
|
heap
|
page read and write
|
||
|
4F7000
|
stack
|
page read and write
|
||
|
31E2000
|
trusted library allocation
|
page read and write
|
||
|
5060000
|
trusted library allocation
|
page read and write
|
||
|
E7F000
|
stack
|
page read and write
|
||
|
4E90000
|
heap
|
page read and write
|
||
|
D67000
|
heap
|
page read and write
|
||
|
522E000
|
stack
|
page read and write
|
||
|
10A0000
|
heap
|
page read and write
|
||
|
EE8000
|
heap
|
page read and write
|
||
|
1113000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A8000
|
heap
|
page read and write
|
||
|
6582000
|
trusted library allocation
|
page read and write
|
||
|
D00000
|
trusted library allocation
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
1032000
|
trusted library allocation
|
page read and write
|
||
|
13A0000
|
heap
|
page read and write
|
||
|
55F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D1C000
|
stack
|
page read and write
|
||
|
8D5000
|
heap
|
page read and write
|
||
|
C44000
|
trusted library allocation
|
page read and write
|
||
|
1170000
|
heap
|
page read and write
|
||
|
4970000
|
trusted library allocation
|
page read and write
|
||
|
672E000
|
stack
|
page read and write
|
||
|
5230000
|
trusted library allocation
|
page read and write
|
||
|
3B89000
|
trusted library allocation
|
page read and write
|
||
|
50FE000
|
stack
|
page read and write
|
||
|
4960000
|
trusted library allocation
|
page execute and read and write
|
||
|
CA7E000
|
stack
|
page read and write
|
||
|
41EB000
|
trusted library allocation
|
page read and write
|
||
|
2BF6000
|
trusted library allocation
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
1100000
|
trusted library allocation
|
page read and write
|
||
|
14C0000
|
heap
|
page read and write
|
||
|
546E000
|
stack
|
page read and write
|
||
|
4ABE000
|
stack
|
page read and write
|
||
|
7EE70000
|
trusted library allocation
|
page execute and read and write
|
||
|
CDFE000
|
stack
|
page read and write
|
||
|
A20000
|
trusted library allocation
|
page read and write
|
||
|
1080000
|
heap
|
page read and write
|
||
|
C50000
|
trusted library allocation
|
page read and write
|
||
|
67A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
104B000
|
trusted library allocation
|
page execute and read and write
|
||
|
8C4000
|
trusted library allocation
|
page read and write
|
||
|
5210000
|
heap
|
page read and write
|
||
|
24E1000
|
trusted library allocation
|
page read and write
|
||
|
4F90000
|
trusted library allocation
|
page read and write
|
||
|
103A000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E9E000
|
heap
|
page read and write
|
||
|
ECF000
|
stack
|
page read and write
|
||
|
DFE000
|
heap
|
page read and write
|
||
|
832000
|
unkown
|
page readonly
|
||
|
5BAF000
|
stack
|
page read and write
|
||
|
6D5E000
|
stack
|
page read and write
|
||
|
7120000
|
trusted library allocation
|
page read and write
|
||
|
6130000
|
trusted library allocation
|
page read and write
|
||
|
69B5000
|
trusted library allocation
|
page read and write
|
||
|
CB0000
|
trusted library allocation
|
page read and write
|
||
|
D45D000
|
stack
|
page read and write
|
||
|
6160000
|
trusted library allocation
|
page execute and read and write
|
||
|
78A2000
|
heap
|
page read and write
|
||
|
6607000
|
trusted library allocation
|
page read and write
|
||
|
2B5F000
|
stack
|
page read and write
|
||
|
8EA000
|
trusted library allocation
|
page execute and read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
5CEE000
|
stack
|
page read and write
|
||
|
F0E000
|
stack
|
page read and write
|
||
|
4BBE000
|
stack
|
page read and write
|
||
|
6033000
|
heap
|
page read and write
|
||
|
1014000
|
trusted library allocation
|
page read and write
|
||
|
531E000
|
stack
|
page read and write
|
||
|
14A0000
|
heap
|
page read and write
|
||
|
DCF000
|
stack
|
page read and write
|
||
|
2D8E000
|
stack
|
page read and write
|
||
|
28EF000
|
stack
|
page read and write
|
||
|
3110000
|
heap
|
page execute and read and write
|
||
|
1190000
|
trusted library allocation
|
page read and write
|
||
|
583E000
|
stack
|
page read and write
|
||
|
5108000
|
trusted library allocation
|
page read and write
|
||
|
58A0000
|
heap
|
page execute and read and write
|
||
|
E72000
|
heap
|
page read and write
|
||
|
1427000
|
trusted library allocation
|
page execute and read and write
|
||
|
1412000
|
trusted library allocation
|
page read and write
|
||
|
1390000
|
trusted library allocation
|
page execute and read and write
|
||
|
B40000
|
trusted library allocation
|
page read and write
|
||
|
50B0000
|
heap
|
page read and write
|
||
|
24A0000
|
trusted library allocation
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
54F5000
|
trusted library allocation
|
page read and write
|
||
|
51EC000
|
stack
|
page read and write
|
||
|
777E000
|
stack
|
page read and write
|
||
|
2472000
|
trusted library allocation
|
page read and write
|
||
|
1280000
|
heap
|
page read and write
|
||
|
63E0000
|
heap
|
page read and write
|
||
|
49C0000
|
heap
|
page read and write
|
||
|
2EEF000
|
stack
|
page read and write
|
||
|
27CC000
|
stack
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
5890000
|
trusted library allocation
|
page read and write
|
||
|
D14000
|
trusted library allocation
|
page read and write
|
||
|
1800000
|
trusted library allocation
|
page read and write
|
||
|
1000000
|
trusted library allocation
|
page read and write
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
101D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1410000
|
trusted library allocation
|
page read and write
|
||
|
3D3A000
|
trusted library allocation
|
page read and write
|
||
|
1425000
|
trusted library allocation
|
page execute and read and write
|
||
|
A56000
|
heap
|
page read and write
|
||
|
9B9000
|
stack
|
page read and write
|
||
|
61BD000
|
stack
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
45E2000
|
trusted library allocation
|
page read and write
|
||
|
46DB000
|
trusted library allocation
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
CF3E000
|
stack
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
54F0000
|
trusted library allocation
|
page read and write
|
||
|
640B000
|
heap
|
page read and write
|
||
|
773E000
|
stack
|
page read and write
|
||
|
4C0B000
|
stack
|
page read and write
|
||
|
5CAF000
|
stack
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
1030000
|
trusted library allocation
|
page read and write
|
||
|
5660000
|
heap
|
page read and write
|
||
|
10D0000
|
trusted library allocation
|
page read and write
|
||
|
A05000
|
heap
|
page read and write
|
||
|
2DB0000
|
heap
|
page read and write
|
||
|
8AE000
|
stack
|
page read and write
|
||
|
4D64000
|
heap
|
page read and write
|
||
|
4BA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
50EE000
|
stack
|
page read and write
|
||
|
9B7000
|
stack
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
142B000
|
trusted library allocation
|
page execute and read and write
|
||
|
BADE000
|
stack
|
page read and write
|
||
|
13F4000
|
trusted library allocation
|
page read and write
|
||
|
6DEC000
|
trusted library allocation
|
page read and write
|
||
|
9D8000
|
heap
|
page read and write
|
||
|
4181000
|
trusted library allocation
|
page read and write
|
||
|
5770000
|
heap
|
page read and write
|
||
|
83A000
|
unkown
|
page readonly
|
||
|
6158000
|
trusted library allocation
|
page read and write
|
||
|
6071000
|
heap
|
page read and write
|
||
|
1040000
|
trusted library allocation
|
page read and write
|
||
|
30F0000
|
trusted library allocation
|
page read and write
|
||
|
C77000
|
trusted library allocation
|
page execute and read and write
|
||
|
9F3000
|
heap
|
page read and write
|
||
|
711F000
|
stack
|
page read and write
|
||
|
14EA000
|
heap
|
page read and write
|
||
|
508C000
|
stack
|
page read and write
|
||
|
155E000
|
heap
|
page read and write
|
||
|
1120000
|
trusted library allocation
|
page read and write
|
||
|
BDDD000
|
stack
|
page read and write
|
||
|
12E0000
|
heap
|
page read and write
|
||
|
5E2000
|
heap
|
page read and write
|
||
|
7BEE000
|
stack
|
page read and write
|
||
|
4BFE000
|
stack
|
page read and write
|
||
|
4BC0000
|
heap
|
page execute and read and write
|
||
|
27D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
246D000
|
trusted library allocation
|
page read and write
|
||
|
1440000
|
trusted library allocation
|
page read and write
|
||
|
D4E000
|
stack
|
page read and write
|
||
|
763E000
|
stack
|
page read and write
|
||
|
4950000
|
heap
|
page read and write
|
||
|
27E0000
|
heap
|
page read and write
|
||
|
6620000
|
trusted library allocation
|
page read and write
|
||
|
D38000
|
heap
|
page read and write
|
||
|
10000
|
unkown
|
page readonly
|
||
|
D0D9000
|
heap
|
page read and write
|
||
|
1010000
|
trusted library allocation
|
page read and write
|
||
|
BBDE000
|
stack
|
page read and write
|
||
|
7120000
|
trusted library section
|
page read and write
|
||
|
8B9000
|
stack
|
page read and write
|
||
|
111D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3BC1000
|
trusted library allocation
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
159A000
|
heap
|
page read and write
|
||
|
2480000
|
trusted library allocation
|
page read and write
|
||
|
A88000
|
trusted library allocation
|
page read and write
|
||
|
158C000
|
heap
|
page read and write
|
||
|
4189000
|
trusted library allocation
|
page read and write
|
||
|
5AAE000
|
stack
|
page read and write
|
||
|
C43000
|
trusted library allocation
|
page execute and read and write
|
||
|
14C8000
|
heap
|
page read and write
|
||
|
14F8000
|
heap
|
page read and write
|
||
|
1170000
|
trusted library allocation
|
page execute and read and write
|
||
|
30E0000
|
trusted library allocation
|
page read and write
|
||
|
D3A000
|
trusted library allocation
|
page execute and read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
59AC000
|
stack
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
ECB000
|
stack
|
page read and write
|
||
|
2B2D000
|
trusted library allocation
|
page read and write
|
||
|
2B22000
|
trusted library allocation
|
page read and write
|
||
|
6D6E000
|
stack
|
page read and write
|
||
|
EFE000
|
heap
|
page read and write
|
||
|
9F9000
|
heap
|
page read and write
|
||
|
30BF000
|
stack
|
page read and write
|
||
|
5600000
|
trusted library allocation
|
page read and write
|
||
|
D0A8000
|
heap
|
page read and write
|
||
|
1083000
|
heap
|
page read and write
|
||
|
C87E000
|
stack
|
page read and write
|
||
|
C4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B1B000
|
trusted library allocation
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
8B0000
|
trusted library allocation
|
page read and write
|
||
|
615C000
|
trusted library allocation
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
13F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
6170000
|
trusted library allocation
|
page execute and read and write
|
||
|
2ACE000
|
stack
|
page read and write
|
||
|
7125000
|
trusted library allocation
|
page read and write
|
||
|
D0BB000
|
heap
|
page read and write
|
There are 604 hidden memdumps, click here to show them.