Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
r0FS3r7Ore.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\r0FS3r7Ore.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\yzbekt.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\yzbekt.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\r0FS3r7Ore.exe
|
"C:\Users\user\Desktop\r0FS3r7Ore.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\yzbekt.exe
|
"C:\Users\user\AppData\Roaming\yzbekt.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 5 & Del "C:\Users\user\Desktop\r0FS3r7Ore.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\yzbekt.exe
|
"C:\Users\user\AppData\Roaming\yzbekt.exe" ..
|
|
|
|
C:\Users\user\AppData\Roaming\yzbekt.exe
|
"C:\Users\user\AppData\Roaming\yzbekt.exe" ..
|
|
|
|
C:\Users\user\AppData\Roaming\yzbekt.exe
|
"C:\Users\user\AppData\Roaming\yzbekt.exe" ..
|
|
|
|
C:\Windows\SysWOW64\taskkill.exe
|
TASKKILL /F /IM wscript.exe
|
||
|
C:\Windows\SysWOW64\taskkill.exe
|
TASKKILL /F /IM cmd.exe
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\taskkill.exe
|
TASKKILL /F /IM wscript.exe
|
||
|
C:\Windows\SysWOW64\taskkill.exe
|
TASKKILL /F /IM cmd.exe
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\choice.exe
|
choice /C Y /N /D Y /T 5
|
||
|
C:\Windows\SysWOW64\taskkill.exe
|
TASKKILL /F /IM wscript.exe
|
||
|
C:\Windows\SysWOW64\taskkill.exe
|
TASKKILL /F /IM cmd.exe
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\taskkill.exe
|
TASKKILL /F /IM wscript.exe
|
||
|
C:\Windows\SysWOW64\taskkill.exe
|
TASKKILL /F /IM cmd.exe
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\taskkill.exe
|
TASKKILL /F /IM wscript.exe
|
||
|
C:\Windows\SysWOW64\taskkill.exe
|
TASKKILL /F /IM cmd.exe
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 18 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://pastebin.com/raw/EngADTbC=MicrosoftEdgeUpdateTaskMachine
|
unknown
|
||
|
https://pastebin.com/raw/EngADTbC
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
0.tcp.eu.ngrok.io
|
3.74.27.83
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
18.192.31.30
|
unknown
|
United States
|
|
|
|
3.71.225.231
|
unknown
|
United States
|
|
|
|
3.78.28.71
|
unknown
|
United States
|
|
|
|
3.74.27.83
|
0.tcp.eu.ngrok.io
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER
|
ghost
|
|
|
|
HKEY_CURRENT_USER\Environment
|
SEE_MASK_NOZONECHECKS
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
yzbekt.exe
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
|
yzbekt.exe
|
||
|
HKEY_CURRENT_USER\SOFTWARE\yzbekt.exe
|
[kl]
|
||
|
HKEY_CURRENT_USER\SOFTWARE\yzbekt.exe
|
[kl]
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7D2000
|
unkown
|
page readonly
|
|
|
|
2DF2000
|
trusted library allocation
|
page read and write
|
|
|
|
4A5F000
|
stack
|
page read and write
|
||
|
4F9E000
|
stack
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
28B6000
|
heap
|
page read and write
|
||
|
607000
|
trusted library allocation
|
page execute and read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
2BE7000
|
heap
|
page read and write
|
||
|
27B0000
|
heap
|
page read and write
|
||
|
47CE000
|
stack
|
page read and write
|
||
|
2ABE000
|
stack
|
page read and write
|
||
|
F11000
|
heap
|
page read and write
|
||
|
4940000
|
heap
|
page read and write
|
||
|
FC2000
|
trusted library allocation
|
page execute and read and write
|
||
|
67D000
|
heap
|
page read and write
|
||
|
D6A000
|
stack
|
page read and write
|
||
|
60CE000
|
stack
|
page read and write
|
||
|
2DD1000
|
trusted library allocation
|
page read and write
|
||
|
4B10000
|
heap
|
page read and write
|
||
|
14F2000
|
trusted library allocation
|
page execute and read and write
|
||
|
101E000
|
stack
|
page read and write
|
||
|
30FE000
|
heap
|
page read and write
|
||
|
2BE9000
|
heap
|
page read and write
|
||
|
4FB0000
|
heap
|
page read and write
|
||
|
E5A000
|
heap
|
page read and write
|
||
|
5A3E000
|
stack
|
page read and write
|
||
|
4A9E000
|
stack
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
E9E000
|
stack
|
page read and write
|
||
|
42E6000
|
trusted library allocation
|
page read and write
|
||
|
F02000
|
heap
|
page read and write
|
||
|
44B0000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
3330000
|
heap
|
page read and write
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
4CC000
|
stack
|
page read and write
|
||
|
68F000
|
stack
|
page read and write
|
||
|
4BE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
54E000
|
stack
|
page read and write
|
||
|
30F6000
|
heap
|
page read and write
|
||
|
FA2000
|
trusted library allocation
|
page execute and read and write
|
||
|
CF6000
|
stack
|
page read and write
|
||
|
A7B000
|
stack
|
page read and write
|
||
|
30BC000
|
heap
|
page read and write
|
||
|
12C000
|
stack
|
page read and write
|
||
|
541E000
|
stack
|
page read and write
|
||
|
2BEB000
|
heap
|
page read and write
|
||
|
2880000
|
heap
|
page read and write
|
||
|
B17000
|
heap
|
page read and write
|
||
|
14BA000
|
trusted library allocation
|
page execute and read and write
|
||
|
50C000
|
stack
|
page read and write
|
||
|
5FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
2900000
|
heap
|
page read and write
|
||
|
2A60000
|
heap
|
page read and write
|
||
|
308F000
|
heap
|
page read and write
|
||
|
6270000
|
heap
|
page read and write
|
||
|
2BCC000
|
stack
|
page read and write
|
||
|
596E000
|
stack
|
page read and write
|
||
|
28CA000
|
heap
|
page read and write
|
||
|
555E000
|
stack
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
2BE8000
|
heap
|
page read and write
|
||
|
58E0000
|
unclassified section
|
page read and write
|
||
|
1550000
|
heap
|
page read and write
|
||
|
118E000
|
heap
|
page read and write
|
||
|
30AA000
|
heap
|
page read and write
|
||
|
4A9E000
|
stack
|
page read and write
|
||
|
572D000
|
stack
|
page read and write
|
||
|
2BBB000
|
heap
|
page read and write
|
||
|
308B000
|
heap
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
4D6F000
|
stack
|
page read and write
|
||
|
4F6000
|
stack
|
page read and write
|
||
|
67C000
|
stack
|
page read and write
|
||
|
540E000
|
stack
|
page read and write
|
||
|
532E000
|
stack
|
page read and write
|
||
|
2BBC000
|
heap
|
page read and write
|
||
|
5FCE000
|
stack
|
page read and write
|
||
|
6212000
|
heap
|
page read and write
|
||
|
2F5E000
|
stack
|
page read and write
|
||
|
67F000
|
stack
|
page read and write
|
||
|
2B7E000
|
stack
|
page read and write
|
||
|
447E000
|
stack
|
page read and write
|
||
|
43FE000
|
stack
|
page read and write
|
||
|
10DA000
|
heap
|
page read and write
|
||
|
1502000
|
trusted library allocation
|
page read and write
|
||
|
7F620000
|
trusted library allocation
|
page execute and read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
1090000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
4A5F000
|
stack
|
page read and write
|
||
|
4F50000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FE5000
|
heap
|
page read and write
|
||
|
185000
|
heap
|
page read and write
|
||
|
2D0F000
|
stack
|
page read and write
|
||
|
1137000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EC1000
|
trusted library allocation
|
page read and write
|
||
|
4E40000
|
trusted library allocation
|
page read and write
|
||
|
2F9F000
|
stack
|
page read and write
|
||
|
2F15000
|
heap
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
73E000
|
stack
|
page read and write
|
||
|
14CA000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BCF000
|
heap
|
page read and write
|
||
|
11CE000
|
stack
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
530E000
|
stack
|
page read and write
|
||
|
57C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
58C9000
|
stack
|
page read and write
|
||
|
F37000
|
heap
|
page read and write
|
||
|
AF6000
|
stack
|
page read and write
|
||
|
1DE000
|
unkown
|
page read and write
|
||
|
2B9D000
|
stack
|
page read and write
|
||
|
2BF8000
|
heap
|
page read and write
|
||
|
10EA000
|
trusted library allocation
|
page execute and read and write
|
||
|
4B5F000
|
stack
|
page read and write
|
||
|
5E2000
|
trusted library allocation
|
page execute and read and write
|
||
|
95D000
|
stack
|
page read and write
|
||
|
2CC7000
|
heap
|
page read and write
|
||
|
4B1E000
|
stack
|
page read and write
|
||
|
18B000
|
stack
|
page read and write
|
||
|
B0E000
|
stack
|
page read and write
|
||
|
FBA000
|
trusted library allocation
|
page execute and read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
2B20000
|
heap
|
page read and write
|
||
|
FDA000
|
trusted library allocation
|
page execute and read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
1295000
|
heap
|
page read and write
|
||
|
2A97000
|
heap
|
page read and write
|
||
|
640000
|
trusted library allocation
|
page read and write
|
||
|
FAC000
|
trusted library allocation
|
page execute and read and write
|
||
|
279E000
|
stack
|
page read and write
|
||
|
569E000
|
stack
|
page read and write
|
||
|
4FBF000
|
stack
|
page read and write
|
||
|
479E000
|
stack
|
page read and write
|
||
|
446E000
|
stack
|
page read and write
|
||
|
10B8000
|
heap
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
12C0000
|
trusted library allocation
|
page read and write
|
||
|
14DA000
|
trusted library allocation
|
page execute and read and write
|
||
|
9AE000
|
stack
|
page read and write
|
||
|
2888000
|
heap
|
page read and write
|
||
|
2BA8000
|
heap
|
page read and write
|
||
|
7A5000
|
heap
|
page read and write
|
||
|
170000
|
heap
|
page read and write
|
||
|
61BE000
|
stack
|
page read and write
|
||
|
4D1E000
|
stack
|
page read and write
|
||
|
30BA000
|
heap
|
page read and write
|
||
|
480F000
|
stack
|
page read and write
|
||
|
2CDD000
|
heap
|
page read and write
|
||
|
5BE000
|
unkown
|
page read and write
|
||
|
61E4000
|
heap
|
page read and write
|
||
|
29DC000
|
stack
|
page read and write
|
||
|
F9A000
|
trusted library allocation
|
page execute and read and write
|
||
|
10C0000
|
trusted library allocation
|
page read and write
|
||
|
58DE000
|
stack
|
page read and write
|
||
|
551E000
|
stack
|
page read and write
|
||
|
F8D000
|
stack
|
page read and write
|
||
|
2B90000
|
heap
|
page read and write
|
||
|
2A3A000
|
heap
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
545D000
|
stack
|
page read and write
|
||
|
F80000
|
trusted library allocation
|
page read and write
|
||
|
2C98000
|
heap
|
page read and write
|
||
|
5D00000
|
heap
|
page read and write
|
||
|
10D2000
|
trusted library allocation
|
page execute and read and write
|
||
|
2ECC000
|
stack
|
page read and write
|
||
|
52B000
|
heap
|
page read and write
|
||
|
1A5000
|
heap
|
page read and write
|
||
|
FCA000
|
trusted library allocation
|
page execute and read and write
|
||
|
306E000
|
stack
|
page read and write
|
||
|
44C0000
|
heap
|
page read and write
|
||
|
1095000
|
heap
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
2CAB000
|
heap
|
page read and write
|
||
|
4FAE000
|
stack
|
page read and write
|
||
|
62B000
|
trusted library allocation
|
page execute and read and write
|
||
|
3601000
|
trusted library allocation
|
page read and write
|
||
|
535000
|
heap
|
page read and write
|
||
|
4EDE000
|
stack
|
page read and write
|
||
|
5BEE000
|
stack
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
3626000
|
trusted library allocation
|
page read and write
|
||
|
6FF000
|
stack
|
page read and write
|
||
|
2B9F000
|
unkown
|
page read and write
|
||
|
54E000
|
stack
|
page read and write
|
||
|
E2E000
|
stack
|
page read and write
|
||
|
146E000
|
stack
|
page read and write
|
||
|
489F000
|
stack
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
48C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
FB2000
|
trusted library allocation
|
page execute and read and write
|
||
|
117E000
|
stack
|
page read and write
|
||
|
4F7E000
|
stack
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
305F000
|
unkown
|
page read and write
|
||
|
565F000
|
stack
|
page read and write
|
||
|
118A000
|
heap
|
page read and write
|
||
|
2A0F000
|
heap
|
page read and write
|
||
|
32C1000
|
trusted library allocation
|
page read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
5E70000
|
heap
|
page read and write
|
||
|
FA2000
|
trusted library allocation
|
page execute and read and write
|
||
|
484E000
|
stack
|
page read and write
|
||
|
2B6E000
|
stack
|
page read and write
|
||
|
2BE9000
|
heap
|
page read and write
|
||
|
547000
|
heap
|
page read and write
|
||
|
44BF000
|
stack
|
page read and write
|
||
|
31EF000
|
stack
|
page read and write
|
||
|
2AFF000
|
stack
|
page read and write
|
||
|
55AE000
|
stack
|
page read and write
|
||
|
D1E000
|
stack
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
FB7000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A1E000
|
stack
|
page read and write
|
||
|
2B8C000
|
stack
|
page read and write
|
||
|
11BF000
|
heap
|
page read and write
|
||
|
54B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7E0000
|
heap
|
page execute and read and write
|
||
|
14B2000
|
trusted library allocation
|
page execute and read and write
|
||
|
489F000
|
stack
|
page read and write
|
||
|
61D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3130000
|
heap
|
page read and write
|
||
|
5F7B000
|
stack
|
page read and write
|
||
|
30E8000
|
heap
|
page read and write
|
||
|
518000
|
heap
|
page read and write
|
||
|
279C000
|
stack
|
page read and write
|
||
|
2CCE000
|
stack
|
page read and write
|
||
|
5E8000
|
heap
|
page read and write
|
||
|
1120000
|
heap
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
27BC000
|
stack
|
page read and write
|
||
|
58D0000
|
trusted library allocation
|
page read and write
|
||
|
478F000
|
stack
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
5D2E000
|
stack
|
page read and write
|
||
|
43BF000
|
stack
|
page read and write
|
||
|
49DF000
|
stack
|
page read and write
|
||
|
F6F000
|
stack
|
page read and write
|
||
|
4FC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
B76000
|
stack
|
page read and write
|
||
|
7D0000
|
unkown
|
page readonly
|
||
|
175E000
|
stack
|
page read and write
|
||
|
74B000
|
stack
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
4C2E000
|
stack
|
page read and write
|
||
|
30E8000
|
heap
|
page read and write
|
||
|
170000
|
heap
|
page read and write
|
||
|
30F9000
|
heap
|
page read and write
|
||
|
2CD8000
|
heap
|
page read and write
|
||
|
14D0000
|
trusted library allocation
|
page read and write
|
||
|
28C8000
|
heap
|
page read and write
|
||
|
FB6000
|
trusted library allocation
|
page execute and read and write
|
||
|
B89000
|
heap
|
page read and write
|
||
|
1020000
|
trusted library allocation
|
page read and write
|
||
|
57DE000
|
stack
|
page read and write
|
||
|
11CE000
|
stack
|
page read and write
|
||
|
547000
|
heap
|
page read and write
|
||
|
668000
|
heap
|
page read and write
|
||
|
30F7000
|
heap
|
page read and write
|
||
|
4EAE000
|
stack
|
page read and write
|
||
|
2BE8000
|
heap
|
page read and write
|
||
|
5D6C000
|
stack
|
page read and write
|
||
|
2A3E000
|
stack
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
2C3C000
|
stack
|
page read and write
|
||
|
125F000
|
stack
|
page read and write
|
||
|
313C000
|
heap
|
page read and write
|
||
|
10E0000
|
trusted library allocation
|
page read and write
|
||
|
1100000
|
trusted library allocation
|
page read and write
|
||
|
4D2E000
|
stack
|
page read and write
|
||
|
1507000
|
trusted library allocation
|
page execute and read and write
|
||
|
55D000
|
heap
|
page read and write
|
||
|
5460000
|
trusted library allocation
|
page read and write
|
||
|
53F000
|
heap
|
page read and write
|
||
|
D50000
|
heap
|
page read and write
|
||
|
5D60000
|
heap
|
page read and write
|
||
|
59AE000
|
stack
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
28CB000
|
heap
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
5B5000
|
heap
|
page read and write
|
||
|
503F000
|
stack
|
page read and write
|
||
|
10F9000
|
stack
|
page read and write
|
||
|
1156000
|
heap
|
page read and write
|
||
|
2BFE000
|
heap
|
page read and write
|
||
|
61FE000
|
heap
|
page read and write
|
||
|
110A000
|
trusted library allocation
|
page execute and read and write
|
||
|
3EC1000
|
trusted library allocation
|
page read and write
|
||
|
150B000
|
trusted library allocation
|
page execute and read and write
|
||
|
FBA000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A37000
|
heap
|
page read and write
|
||
|
4E9F000
|
stack
|
page read and write
|
||
|
4FA0000
|
trusted library allocation
|
page read and write
|
||
|
2BE9000
|
heap
|
page read and write
|
||
|
5AEE000
|
stack
|
page read and write
|
||
|
1130000
|
trusted library allocation
|
page read and write
|
||
|
A0E000
|
unkown
|
page read and write
|
||
|
30E1000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
555000
|
heap
|
page read and write
|
||
|
2CDB000
|
heap
|
page read and write
|
||
|
ACE000
|
stack
|
page read and write
|
||
|
FAA000
|
trusted library allocation
|
page execute and read and write
|
||
|
48FF000
|
stack
|
page read and write
|
||
|
2970000
|
heap
|
page read and write
|
||
|
30FD000
|
heap
|
page read and write
|
||
|
4F70000
|
trusted library allocation
|
page read and write
|
||
|
3310000
|
heap
|
page read and write
|
||
|
5490000
|
heap
|
page read and write
|
||
|
10DA000
|
trusted library allocation
|
page execute and read and write
|
||
|
4ADF000
|
stack
|
page read and write
|
||
|
30CF000
|
heap
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
E8E000
|
heap
|
page read and write
|
||
|
4FB0000
|
heap
|
page read and write
|
||
|
F47000
|
heap
|
page read and write
|
||
|
546E000
|
stack
|
page read and write
|
||
|
4F50000
|
heap
|
page read and write
|
||
|
FEB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CC7000
|
heap
|
page read and write
|
||
|
3101000
|
heap
|
page read and write
|
||
|
BC000
|
stack
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
542E000
|
stack
|
page read and write
|
||
|
2BB5000
|
heap
|
page read and write
|
||
|
56AE000
|
stack
|
page read and write
|
||
|
129E000
|
stack
|
page read and write
|
||
|
296F000
|
stack
|
page read and write
|
||
|
31F0000
|
heap
|
page read and write
|
||
|
30B8000
|
heap
|
page read and write
|
||
|
3C66000
|
trusted library allocation
|
page read and write
|
||
|
2BF6000
|
heap
|
page read and write
|
||
|
4E6E000
|
stack
|
page read and write
|
||
|
623B000
|
heap
|
page read and write
|
||
|
4E1D000
|
stack
|
page read and write
|
||
|
2BB8000
|
heap
|
page read and write
|
||
|
10EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
5F0000
|
trusted library allocation
|
page read and write
|
||
|
EC1000
|
heap
|
page read and write
|
||
|
2F0F000
|
unkown
|
page read and write
|
||
|
4F9E000
|
stack
|
page read and write
|
||
|
5050000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
FB0000
|
trusted library allocation
|
page read and write
|
||
|
5FA000
|
trusted library allocation
|
page execute and read and write
|
||
|
10F6000
|
stack
|
page read and write
|
||
|
2C90000
|
heap
|
page read and write
|
||
|
5560000
|
trusted library allocation
|
page execute and read and write
|
||
|
3078000
|
heap
|
page read and write
|
||
|
28A0000
|
heap
|
page read and write
|
||
|
FC000
|
stack
|
page read and write
|
||
|
2950000
|
heap
|
page read and write
|
||
|
3099000
|
heap
|
page read and write
|
||
|
2B25000
|
heap
|
page read and write
|
||
|
308B000
|
heap
|
page read and write
|
||
|
6BE000
|
stack
|
page read and write
|
||
|
F92000
|
trusted library allocation
|
page execute and read and write
|
||
|
14FA000
|
trusted library allocation
|
page execute and read and write
|
||
|
ECE000
|
heap
|
page read and write
|
||
|
F9F000
|
stack
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
2A40000
|
heap
|
page read and write
|
||
|
301F000
|
stack
|
page read and write
|
||
|
96B000
|
stack
|
page read and write
|
||
|
2BFB000
|
heap
|
page read and write
|
||
|
5AAE000
|
stack
|
page read and write
|
||
|
4F1F000
|
stack
|
page read and write
|
||
|
582E000
|
stack
|
page read and write
|
||
|
5CB000
|
heap
|
page read and write
|
||
|
2BD6000
|
heap
|
page read and write
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
558000
|
heap
|
page read and write
|
||
|
2BF0000
|
heap
|
page read and write
|
||
|
5493000
|
heap
|
page read and write
|
||
|
2A25000
|
heap
|
page read and write
|
||
|
556F000
|
stack
|
page read and write
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
2AAE000
|
unkown
|
page read and write
|
||
|
2BBF000
|
heap
|
page read and write
|
||
|
5B8000
|
heap
|
page read and write
|
||
|
4FFE000
|
stack
|
page read and write
|
||
|
61F6000
|
heap
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
289B000
|
heap
|
page read and write
|
||
|
27FC000
|
stack
|
page read and write
|
||
|
627000
|
trusted library allocation
|
page execute and read and write
|
||
|
586E000
|
stack
|
page read and write
|
||
|
2F9F000
|
unkown
|
page read and write
|
||
|
1107000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FBE000
|
unkown
|
page read and write
|
||
|
5030000
|
heap
|
page read and write
|
||
|
10F0000
|
heap
|
page execute and read and write
|
||
|
2A7B000
|
heap
|
page read and write
|
||
|
294E000
|
stack
|
page read and write
|
||
|
557000
|
heap
|
page read and write
|
||
|
44AF000
|
stack
|
page read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
2A40000
|
heap
|
page read and write
|
||
|
650000
|
heap
|
page execute and read and write
|
||
|
612000
|
trusted library allocation
|
page execute and read and write
|
||
|
1290000
|
heap
|
page read and write
|
||
|
6EE000
|
stack
|
page read and write
|
||
|
2CAC000
|
heap
|
page read and write
|
||
|
3C41000
|
trusted library allocation
|
page read and write
|
||
|
3099000
|
heap
|
page read and write
|
||
|
2B6E000
|
stack
|
page read and write
|
||
|
1112000
|
trusted library allocation
|
page execute and read and write
|
||
|
30CB000
|
heap
|
page read and write
|
||
|
4D2F000
|
stack
|
page read and write
|
||
|
2CAF000
|
heap
|
page read and write
|
||
|
2C41000
|
trusted library allocation
|
page read and write
|
||
|
FE7000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E70000
|
trusted library allocation
|
page read and write
|
||
|
52C8000
|
trusted library allocation
|
page read and write
|
||
|
3070000
|
heap
|
page read and write
|
||
|
107D000
|
heap
|
page read and write
|
||
|
96E000
|
stack
|
page read and write
|
||
|
85C000
|
stack
|
page read and write
|
||
|
14C2000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A3C000
|
heap
|
page read and write
|
||
|
14C0000
|
trusted library allocation
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
2A80000
|
heap
|
page read and write
|
||
|
F4A000
|
heap
|
page read and write
|
||
|
FA6000
|
trusted library allocation
|
page execute and read and write
|
||
|
6BC000
|
stack
|
page read and write
|
||
|
3153000
|
heap
|
page read and write
|
||
|
60A000
|
trusted library allocation
|
page execute and read and write
|
||
|
54A0000
|
trusted library allocation
|
page read and write
|
||
|
72F000
|
stack
|
page read and write
|
||
|
55E000
|
heap
|
page read and write
|
||
|
332F000
|
stack
|
page read and write
|
||
|
6256000
|
heap
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
1370000
|
heap
|
page read and write
|
||
|
92F000
|
stack
|
page read and write
|
||
|
2BCF000
|
heap
|
page read and write
|
||
|
509D000
|
stack
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
2CB0000
|
heap
|
page read and write
|
||
|
2978000
|
heap
|
page read and write
|
||
|
28C5000
|
heap
|
page read and write
|
||
|
FA0000
|
trusted library allocation
|
page read and write
|
||
|
5CD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
3DF6000
|
trusted library allocation
|
page read and write
|
||
|
488F000
|
stack
|
page read and write
|
||
|
30CC000
|
heap
|
page read and write
|
||
|
5BF000
|
stack
|
page read and write
|
||
|
2B9F000
|
stack
|
page read and write
|
||
|
2A0B000
|
heap
|
page read and write
|
||
|
302E000
|
stack
|
page read and write
|
||
|
30CB000
|
heap
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
111A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A0B000
|
heap
|
page read and write
|
||
|
27DF000
|
stack
|
page read and write
|
||
|
1060000
|
heap
|
page read and write
|
||
|
588C000
|
stack
|
page read and write
|
||
|
2EE2000
|
trusted library allocation
|
page read and write
|
||
|
4D6E000
|
stack
|
page read and write
|
||
|
1027000
|
trusted library allocation
|
page execute and read and write
|
||
|
3152000
|
heap
|
page read and write
|
||
|
4A1E000
|
stack
|
page read and write
|
||
|
D40000
|
trusted library allocation
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
2601000
|
trusted library allocation
|
page read and write
|
||
|
2AEF000
|
unkown
|
page read and write
|
||
|
2B20000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
D2E000
|
stack
|
page read and write
|
||
|
3EE6000
|
trusted library allocation
|
page read and write
|
||
|
28C6000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
28B6000
|
heap
|
page read and write
|
||
|
4E5E000
|
stack
|
page read and write
|
||
|
FAA000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CAB000
|
heap
|
page read and write
|
||
|
32BE000
|
stack
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
584A000
|
stack
|
page read and write
|
||
|
E5F000
|
stack
|
page read and write
|
||
|
499E000
|
stack
|
page read and write
|
||
|
5F2000
|
trusted library allocation
|
page execute and read and write
|
||
|
1050000
|
trusted library allocation
|
page read and write
|
||
|
4E20000
|
heap
|
page read and write
|
||
|
27DF000
|
stack
|
page read and write
|
||
|
1030000
|
heap
|
page execute and read and write
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
30FB000
|
heap
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
5230000
|
heap
|
page read and write
|
||
|
113E000
|
stack
|
page read and write
|
||
|
113B000
|
trusted library allocation
|
page execute and read and write
|
||
|
17D0000
|
heap
|
page read and write
|
||
|
E65000
|
heap
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
4F6D000
|
stack
|
page read and write
|
||
|
50E000
|
unkown
|
page read and write
|
||
|
2A7F000
|
stack
|
page read and write
|
||
|
30B9000
|
heap
|
page read and write
|
||
|
308C000
|
heap
|
page read and write
|
||
|
B2D000
|
heap
|
page read and write
|
||
|
102B000
|
trusted library allocation
|
page execute and read and write
|
||
|
17CC000
|
stack
|
page read and write
|
||
|
2A68000
|
heap
|
page read and write
|
||
|
EC000
|
stack
|
page read and write
|
||
|
FD2000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A3E000
|
unkown
|
page read and write
|
||
|
1EE000
|
unkown
|
page read and write
|
||
|
30C1000
|
heap
|
page read and write
|
||
|
30E1000
|
heap
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
443F000
|
stack
|
page read and write
|
||
|
622B000
|
heap
|
page read and write
|
||
|
64E000
|
stack
|
page read and write
|
||
|
29BE000
|
stack
|
page read and write
|
||
|
30FD000
|
heap
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
6268000
|
heap
|
page read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
4346000
|
trusted library allocation
|
page read and write
|
||
|
50E000
|
unkown
|
page read and write
|
||
|
61E0000
|
heap
|
page read and write
|
||
|
48B0000
|
trusted library allocation
|
page read and write
|
||
|
5C2E000
|
stack
|
page read and write
|
||
|
286D000
|
unkown
|
page read and write
|
||
|
FBC000
|
trusted library allocation
|
page execute and read and write
|
||
|
4CAE000
|
stack
|
page read and write
|
||
|
48D0000
|
heap
|
page read and write
|
||
|
30FD000
|
heap
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
28CA000
|
heap
|
page read and write
|
||
|
14D7000
|
trusted library allocation
|
page execute and read and write
|
||
|
292E000
|
stack
|
page read and write
|
||
|
1150000
|
heap
|
page read and write
|
||
|
2F5E000
|
unkown
|
page read and write
|
||
|
2A0C000
|
heap
|
page read and write
|
||
|
554E000
|
stack
|
page read and write
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
28EE000
|
unkown
|
page read and write
|
||
|
B79000
|
stack
|
page read and write
|
||
|
10C000
|
stack
|
page read and write
|
||
|
2F10000
|
heap
|
page read and write
|
||
|
580C000
|
stack
|
page read and write
|
||
|
1250000
|
heap
|
page read and write
|
||
|
1760000
|
heap
|
page read and write
|
||
|
1CD000
|
unkown
|
page read and write
|
||
|
2C1F000
|
stack
|
page read and write
|
||
|
5520000
|
heap
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
B44000
|
heap
|
page read and write
|
||
|
52B000
|
heap
|
page read and write
|
||
|
6206000
|
heap
|
page read and write
|
||
|
4FA0000
|
heap
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
CC000
|
stack
|
page read and write
|
||
|
5D0000
|
trusted library allocation
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
154E000
|
stack
|
page read and write
|
||
|
2F7E000
|
unkown
|
page read and write
|
||
|
2BCC000
|
heap
|
page read and write
|
||
|
2622000
|
trusted library allocation
|
page read and write
|
||
|
5110000
|
heap
|
page read and write
|
||
|
2C62000
|
trusted library allocation
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
FC7000
|
trusted library allocation
|
page execute and read and write
|
||
|
60E000
|
stack
|
page read and write
|
||
|
5E6C000
|
stack
|
page read and write
|
||
|
289C000
|
heap
|
page read and write
|
||
|
1280000
|
trusted library allocation
|
page read and write
|
||
|
29F8000
|
heap
|
page read and write
|
||
|
2BD6000
|
heap
|
page read and write
|
||
|
607A000
|
stack
|
page read and write
|
||
|
43A3000
|
trusted library allocation
|
page read and write
|
||
|
B2F000
|
heap
|
page read and write
|
||
|
2A36000
|
heap
|
page read and write
|
||
|
53F000
|
heap
|
page read and write
|
||
|
4B80000
|
heap
|
page read and write
|
||
|
2BDE000
|
stack
|
page read and write
|
||
|
2BCB000
|
heap
|
page read and write
|
||
|
2AF0000
|
heap
|
page read and write
|
||
|
52EE000
|
stack
|
page read and write
|
||
|
60BE000
|
stack
|
page read and write
|
||
|
28C2000
|
heap
|
page read and write
|
||
|
5210000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BCF000
|
heap
|
page read and write
|
||
|
50A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
2E8C000
|
stack
|
page read and write
|
||
|
6EE000
|
stack
|
page read and write
|
||
|
5F6000
|
trusted library allocation
|
page execute and read and write
|
||
|
4382000
|
trusted library allocation
|
page read and write
|
||
|
2A60000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
E5E000
|
heap
|
page read and write
|
||
|
2BBB000
|
heap
|
page read and write
|
||
|
32FF000
|
stack
|
page read and write
|
||
|
1500000
|
trusted library allocation
|
page read and write
|
||
|
2800000
|
heap
|
page read and write
|
||
|
579F000
|
stack
|
page read and write
|
||
|
2DCE000
|
unkown
|
page read and write
|
||
|
CE5000
|
heap
|
page read and write
|
||
|
28DC000
|
stack
|
page read and write
|
||
|
28CE000
|
heap
|
page read and write
|
||
|
4C6F000
|
stack
|
page read and write
|
||
|
289F000
|
heap
|
page read and write
|
||
|
30AA000
|
heap
|
page read and write
|
||
|
2BDE000
|
stack
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
28EE000
|
stack
|
page read and write
|
||
|
1068000
|
heap
|
page read and write
|
||
|
61A000
|
trusted library allocation
|
page execute and read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
544E000
|
stack
|
page read and write
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
28CA000
|
heap
|
page read and write
|
||
|
2A8E000
|
stack
|
page read and write
|
||
|
50F000
|
unkown
|
page read and write
|
||
|
279F000
|
stack
|
page read and write
|
||
|
4E80000
|
trusted library allocation
|
page execute and read and write
|
||
|
593E000
|
stack
|
page read and write
|
||
|
2A36000
|
heap
|
page read and write
|
||
|
12D0000
|
heap
|
page read and write
|
||
|
4C2E000
|
stack
|
page read and write
|
||
|
289B000
|
heap
|
page read and write
|
||
|
31AE000
|
stack
|
page read and write
|
||
|
279E000
|
stack
|
page read and write
|
||
|
10E2000
|
trusted library allocation
|
page execute and read and write
|
||
|
4ADF000
|
stack
|
page read and write
|
||
|
6C6000
|
heap
|
page read and write
|
||
|
2BE6000
|
heap
|
page read and write
|
||
|
3DD1000
|
trusted library allocation
|
page read and write
|
||
|
42C1000
|
trusted library allocation
|
page read and write
|
||
|
57E000
|
stack
|
page read and write
|
||
|
2FDE000
|
stack
|
page read and write
|
||
|
5DC0000
|
heap
|
page read and write
|
||
|
72C000
|
stack
|
page read and write
|
||
|
FCA000
|
trusted library allocation
|
page execute and read and write
|
||
|
E0E000
|
stack
|
page read and write
|
||
|
108E000
|
stack
|
page read and write
|
||
|
5EA000
|
trusted library allocation
|
page execute and read and write
|
||
|
4CEF000
|
stack
|
page read and write
|
||
|
2A25000
|
heap
|
page read and write
|
||
|
58F000
|
stack
|
page read and write
|
||
|
5FF000
|
unkown
|
page read and write
|
||
|
55B000
|
heap
|
page read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
28CA000
|
heap
|
page read and write
|
||
|
123C000
|
heap
|
page read and write
|
||
|
14E0000
|
heap
|
page execute and read and write
|
There are 648 hidden memdumps, click here to show them.