Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.W32.MSIL_Kryptik.KQK.gen.Eldorado.16672.23413.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\dfgh\logs.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.W32.MSIL_Kryptik.KQK.gen.Eldorado.16672.23413.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmp8E60.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\mXJeXQoaGktJCW.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\mXJeXQoaGktJCW.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\mXJeXQoaGktJCW.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2a1hhp54.sf2.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_azvyylrv.eyr.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b2fxaizp.45n.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cvlrsq3f.uly.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kibquxbx.i4p.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ktmibnjj.y2n.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vq30imnz.bzc.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ygqdi1e1.mt0.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\bhv4754.tmp
|
Extensible storage engine DataBase, version 0x620, checksum 0xb20b6b62, page size 32768, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp9E3E.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\vkwehamdpyfugcryqteiojtur
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
There are 10 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KQK.gen.Eldorado.16672.23413.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KQK.gen.Eldorado.16672.23413.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KQK.gen.Eldorado.16672.23413.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mXJeXQoaGktJCW.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mXJeXQoaGktJCW" /XML "C:\Users\user\AppData\Local\Temp\tmp8E60.tmp"
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KQK.gen.Eldorado.16672.23413.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KQK.gen.Eldorado.16672.23413.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\mXJeXQoaGktJCW.exe
|
C:\Users\user\AppData\Roaming\mXJeXQoaGktJCW.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mXJeXQoaGktJCW" /XML "C:\Users\user\AppData\Local\Temp\tmp9E3E.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\mXJeXQoaGktJCW.exe
|
"C:\Users\user\AppData\Roaming\mXJeXQoaGktJCW.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\mXJeXQoaGktJCW.exe
|
"C:\Users\user\AppData\Roaming\mXJeXQoaGktJCW.exe"
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KQK.gen.Eldorado.16672.23413.exe
|
C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KQK.gen.Eldorado.16672.23413.exe /stext "C:\Users\user\AppData\Local\Temp\vkwehamdpyfugcryqteiojtur"
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KQK.gen.Eldorado.16672.23413.exe
|
C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KQK.gen.Eldorado.16672.23413.exe /stext "C:\Users\user\AppData\Local\Temp\vkwehamdpyfugcryqteiojtur"
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KQK.gen.Eldorado.16672.23413.exe
|
C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KQK.gen.Eldorado.16672.23413.exe /stext "C:\Users\user\AppData\Local\Temp\xmcxhkxfdgxhrrnkzezbznfdacwy"
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KQK.gen.Eldorado.16672.23413.exe
|
C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KQK.gen.Eldorado.16672.23413.exe /stext "C:\Users\user\AppData\Local\Temp\xmcxhkxfdgxhrrnkzezbznfdacwy"
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KQK.gen.Eldorado.16672.23413.exe
|
C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.KQK.gen.Eldorado.16672.23413.exe /stext "C:\Users\user\AppData\Local\Temp\ighpidhzropmtxboqpldcaaujighwuh"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 9 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bubemoney7221.duckdns.org
|
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
https://www.google.com
|
unknown
|
||
|
http://www.imvu.comr
|
unknown
|
||
|
http://geoplugin.net/
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
http://geoplugin.net/json.gpj
|
unknown
|
||
|
http://geoplugin.net/json.gpN
|
unknown
|
||
|
http://www.imvu.com
|
unknown
|
||
|
https://www.google.com/accounts/servicelogin
|
unknown
|
||
|
https://login.yahoo.com/config/login
|
unknown
|
||
|
http://www.nirsoft.net
|
unknown
|
||
|
http://www.nirsoft.net/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://www.chiark.greenend.org.uk/~sgtatham/putty/0
|
unknown
|
||
|
http://geoplugin.net/json.gpSystem32
|
unknown
|
||
|
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
|
unknown
|
||
|
http://www.ebuddy.com
|
unknown
|
There are 8 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bubemoney7221.duckdns.org
|
103.186.117.77
|
|
|
|
geoplugin.net
|
178.237.33.50
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
103.186.117.77
|
bubemoney7221.duckdns.org
|
unknown
|
|
|
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-7XAUXH
|
exepath
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-7XAUXH
|
licence
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-7XAUXH
|
time
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1130000
|
heap
|
page read and write
|
|
|
|
14D7000
|
heap
|
page read and write
|
|
|
|
34F9000
|
trusted library allocation
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
4BAA000
|
trusted library allocation
|
page read and write
|
||
|
30CF000
|
stack
|
page read and write
|
||
|
4CD0000
|
heap
|
page read and write
|
||
|
31D0000
|
heap
|
page execute and read and write
|
||
|
4AD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D0B000
|
heap
|
page read and write
|
||
|
9F0000
|
trusted library allocation
|
page read and write
|
||
|
4AB3000
|
heap
|
page read and write
|
||
|
79E000
|
stack
|
page read and write
|
||
|
365B000
|
trusted library allocation
|
page read and write
|
||
|
4F40000
|
heap
|
page read and write
|
||
|
537E000
|
stack
|
page read and write
|
||
|
314B000
|
trusted library allocation
|
page execute and read and write
|
||
|
5CB5000
|
heap
|
page read and write
|
||
|
1221000
|
heap
|
page read and write
|
||
|
10AF000
|
stack
|
page read and write
|
||
|
F48000
|
heap
|
page read and write
|
||
|
39BF000
|
stack
|
page read and write
|
||
|
5DC0000
|
heap
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
5862000
|
trusted library allocation
|
page read and write
|
||
|
5B90000
|
trusted library allocation
|
page read and write
|
||
|
58F0000
|
trusted library allocation
|
page read and write
|
||
|
68D0000
|
heap
|
page read and write
|
||
|
7C2E000
|
stack
|
page read and write
|
||
|
15C3000
|
heap
|
page read and write
|
||
|
7737000
|
heap
|
page read and write
|
||
|
10016000
|
direct allocation
|
page execute and read and write
|
||
|
1155000
|
heap
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
49FD000
|
trusted library allocation
|
page read and write
|
||
|
76C8000
|
heap
|
page read and write
|
||
|
14D0000
|
heap
|
page read and write
|
||
|
269F000
|
stack
|
page read and write
|
||
|
459000
|
system
|
page execute and read and write
|
||
|
5B60000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
4510000
|
trusted library allocation
|
page read and write
|
||
|
5834000
|
trusted library allocation
|
page read and write
|
||
|
4C90000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
161E000
|
stack
|
page read and write
|
||
|
49F6000
|
trusted library allocation
|
page read and write
|
||
|
4F20000
|
trusted library allocation
|
page read and write
|
||
|
B2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
152E000
|
heap
|
page read and write
|
||
|
A2BD000
|
stack
|
page read and write
|
||
|
5336000
|
trusted library allocation
|
page read and write
|
||
|
B06D000
|
stack
|
page read and write
|
||
|
770A000
|
heap
|
page read and write
|
||
|
30A1000
|
heap
|
page read and write
|
||
|
3ABF000
|
stack
|
page read and write
|
||
|
BCC000
|
stack
|
page read and write
|
||
|
2350000
|
heap
|
page execute and read and write
|
||
|
85F000
|
heap
|
page read and write
|
||
|
15B5000
|
heap
|
page read and write
|
||
|
2340000
|
trusted library allocation
|
page read and write
|
||
|
42B2000
|
heap
|
page read and write
|
||
|
5C8E000
|
stack
|
page read and write
|
||
|
6964000
|
heap
|
page read and write
|
||
|
41B000
|
system
|
page execute and read and write
|
||
|
18BD000
|
heap
|
page read and write
|
||
|
5BC0000
|
heap
|
page execute and read and write
|
||
|
6BBD000
|
stack
|
page read and write
|
||
|
15B7000
|
heap
|
page read and write
|
||
|
252A000
|
trusted library allocation
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
14E0000
|
heap
|
page read and write
|
||
|
407C000
|
heap
|
page read and write
|
||
|
B1AE000
|
stack
|
page read and write
|
||
|
3136000
|
trusted library allocation
|
page execute and read and write
|
||
|
7D8000
|
heap
|
page read and write
|
||
|
21FD000
|
stack
|
page read and write
|
||
|
4CC0000
|
trusted library allocation
|
page read and write
|
||
|
11AF000
|
heap
|
page read and write
|
||
|
5320000
|
trusted library allocation
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
2582000
|
trusted library allocation
|
page read and write
|
||
|
AE2C000
|
stack
|
page read and write
|
||
|
30A4000
|
heap
|
page read and write
|
||
|
2D4C000
|
stack
|
page read and write
|
||
|
7110000
|
heap
|
page read and write
|
||
|
3AAE000
|
stack
|
page read and write
|
||
|
5900000
|
trusted library allocation
|
page execute and read and write
|
||
|
AE30000
|
heap
|
page read and write
|
||
|
123F000
|
stack
|
page read and write
|
||
|
1548000
|
heap
|
page read and write
|
||
|
6A3E000
|
stack
|
page read and write
|
||
|
4AC2000
|
trusted library allocation
|
page read and write
|
||
|
ABFE000
|
stack
|
page read and write
|
||
|
14F7000
|
stack
|
page read and write
|
||
|
778B000
|
heap
|
page read and write
|
||
|
5B9B000
|
trusted library allocation
|
page read and write
|
||
|
4F00000
|
trusted library section
|
page read and write
|
||
|
96C000
|
stack
|
page read and write
|
||
|
5870000
|
trusted library allocation
|
page read and write
|
||
|
54EC000
|
stack
|
page read and write
|
||
|
A8CC000
|
stack
|
page read and write
|
||
|
5ECA000
|
trusted library allocation
|
page read and write
|
||
|
5040000
|
trusted library allocation
|
page read and write
|
||
|
9FBE000
|
stack
|
page read and write
|
||
|
14FE000
|
heap
|
page read and write
|
||
|
7A9D000
|
stack
|
page read and write
|
||
|
6935000
|
heap
|
page read and write
|
||
|
68F0000
|
heap
|
page read and write
|
||
|
313A000
|
trusted library allocation
|
page execute and read and write
|
||
|
A3FF000
|
stack
|
page read and write
|
||
|
1840000
|
heap
|
page read and write
|
||
|
34E0000
|
heap
|
page read and write
|
||
|
76DD000
|
heap
|
page read and write
|
||
|
133E000
|
stack
|
page read and write
|
||
|
7727000
|
heap
|
page read and write
|
||
|
26DA000
|
heap
|
page read and write
|
||
|
68E0000
|
heap
|
page read and write
|
||
|
2634000
|
trusted library allocation
|
page read and write
|
||
|
10001000
|
direct allocation
|
page execute and read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
58FF000
|
trusted library allocation
|
page read and write
|
||
|
32DE000
|
stack
|
page read and write
|
||
|
2C1E000
|
stack
|
page read and write
|
||
|
1176000
|
heap
|
page read and write
|
||
|
33A6000
|
trusted library allocation
|
page read and write
|
||
|
AD2B000
|
stack
|
page read and write
|
||
|
3140000
|
trusted library allocation
|
page read and write
|
||
|
3120000
|
trusted library allocation
|
page read and write
|
||
|
6925000
|
heap
|
page read and write
|
||
|
58A0000
|
trusted library allocation
|
page read and write
|
||
|
4500000
|
trusted library allocation
|
page read and write
|
||
|
B4B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
3160000
|
trusted library allocation
|
page read and write
|
||
|
25E4000
|
trusted library allocation
|
page read and write
|
||
|
B16F000
|
stack
|
page read and write
|
||
|
4479000
|
trusted library allocation
|
page read and write
|
||
|
AABE000
|
stack
|
page read and write
|
||
|
1384000
|
stack
|
page read and write
|
||
|
7930000
|
heap
|
page read and write
|
||
|
471000
|
remote allocation
|
page execute and read and write
|
||
|
186D000
|
stack
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
857000
|
heap
|
page read and write
|
||
|
72FE000
|
stack
|
page read and write
|
||
|
B1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4B50000
|
trusted library section
|
page readonly
|
||
|
17FE000
|
stack
|
page read and write
|
||
|
339C000
|
trusted library allocation
|
page read and write
|
||
|
27AD000
|
stack
|
page read and write
|
||
|
791E000
|
stack
|
page read and write
|
||
|
1848000
|
heap
|
page read and write
|
||
|
4F50000
|
heap
|
page read and write
|
||
|
4A02000
|
trusted library allocation
|
page read and write
|
||
|
3311000
|
trusted library allocation
|
page read and write
|
||
|
BD4D000
|
stack
|
page read and write
|
||
|
1367000
|
stack
|
page read and write
|
||
|
30BE000
|
heap
|
page read and write
|
||
|
3D8A000
|
trusted library allocation
|
page read and write
|
||
|
A53E000
|
stack
|
page read and write
|
||
|
58E0000
|
heap
|
page read and write
|
||
|
49D0000
|
trusted library allocation
|
page read and write
|
||
|
2F00000
|
heap
|
page read and write
|
||
|
7BB000
|
heap
|
page read and write
|
||
|
A67F000
|
stack
|
page read and write
|
||
|
5DBE000
|
stack
|
page read and write
|
||
|
1540000
|
heap
|
page read and write
|
||
|
261F000
|
unkown
|
page read and write
|
||
|
6BFE000
|
stack
|
page read and write
|
||
|
11C0000
|
heap
|
page read and write
|
||
|
455E000
|
stack
|
page read and write
|
||
|
37BE000
|
stack
|
page read and write
|
||
|
112B000
|
stack
|
page read and write
|
||
|
171F000
|
stack
|
page read and write
|
||
|
31D0000
|
heap
|
page read and write
|
||
|
756000
|
heap
|
page read and write
|
||
|
2E4F000
|
stack
|
page read and write
|
||
|
24EF000
|
stack
|
page read and write
|
||
|
77D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5330000
|
trusted library allocation
|
page read and write
|
||
|
67CE000
|
stack
|
page read and write
|
||
|
185D000
|
heap
|
page read and write
|
||
|
585D000
|
trusted library allocation
|
page read and write
|
||
|
772F000
|
heap
|
page read and write
|
||
|
CFA000
|
stack
|
page read and write
|
||
|
5B2B000
|
stack
|
page read and write
|
||
|
13F0000
|
heap
|
page read and write
|
||
|
A1BF000
|
stack
|
page read and write
|
||
|
4AA0000
|
heap
|
page execute and read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
478000
|
remote allocation
|
page execute and read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
6620000
|
heap
|
page read and write
|
||
|
4EDB000
|
trusted library allocation
|
page read and write
|
||
|
473000
|
system
|
page execute and read and write
|
||
|
6912000
|
heap
|
page read and write
|
||
|
74DD000
|
heap
|
page read and write
|
||
|
4B68000
|
trusted library allocation
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
468C000
|
stack
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
10EE000
|
stack
|
page read and write
|
||
|
6B7D000
|
stack
|
page read and write
|
||
|
4A30000
|
trusted library allocation
|
page read and write
|
||
|
23E0000
|
heap
|
page read and write
|
||
|
B13000
|
trusted library allocation
|
page execute and read and write
|
||
|
1528000
|
heap
|
page read and write
|
||
|
4F35000
|
heap
|
page read and write
|
||
|
7E6000
|
heap
|
page read and write
|
||
|
7A5D000
|
stack
|
page read and write
|
||
|
2E8E000
|
stack
|
page read and write
|
||
|
3113000
|
trusted library allocation
|
page execute and read and write
|
||
|
283D000
|
trusted library allocation
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
34F1000
|
trusted library allocation
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
1561000
|
heap
|
page read and write
|
||
|
D3E000
|
stack
|
page read and write
|
||
|
1150000
|
heap
|
page read and write
|
||
|
B60000
|
trusted library allocation
|
page read and write
|
||
|
14E8000
|
heap
|
page read and write
|
||
|
311D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4392000
|
trusted library allocation
|
page read and write
|
||
|
34DE000
|
stack
|
page read and write
|
||
|
25C0000
|
heap
|
page read and write
|
||
|
1510000
|
trusted library allocation
|
page read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
584E000
|
trusted library allocation
|
page read and write
|
||
|
6953000
|
heap
|
page read and write
|
||
|
11C0000
|
heap
|
page read and write
|
||
|
5B80000
|
trusted library allocation
|
page read and write
|
||
|
160E000
|
stack
|
page read and write
|
||
|
31AE000
|
stack
|
page read and write
|
||
|
5B50000
|
heap
|
page read and write
|
||
|
A87D000
|
stack
|
page read and write
|
||
|
2B6E000
|
unkown
|
page read and write
|
||
|
73FD000
|
stack
|
page read and write
|
||
|
6B3E000
|
stack
|
page read and write
|
||
|
3130000
|
trusted library allocation
|
page read and write
|
||
|
164E000
|
stack
|
page read and write
|
||
|
2C5F000
|
stack
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
15E9000
|
heap
|
page read and write
|
||
|
A9BD000
|
stack
|
page read and write
|
||
|
128C000
|
stack
|
page read and write
|
||
|
53EC000
|
stack
|
page read and write
|
||
|
182E000
|
stack
|
page read and write
|
||
|
5ED0000
|
trusted library allocation
|
page read and write
|
||
|
2330000
|
trusted library allocation
|
page read and write
|
||
|
3300000
|
heap
|
page read and write
|
||
|
7E2F000
|
stack
|
page read and write
|
||
|
5880000
|
trusted library allocation
|
page read and write
|
||
|
AA0E000
|
stack
|
page read and write
|
||
|
5860000
|
trusted library allocation
|
page read and write
|
||
|
308C000
|
heap
|
page read and write
|
||
|
2BD0000
|
heap
|
page read and write
|
||
|
15BC000
|
heap
|
page read and write
|
||
|
5B30000
|
heap
|
page read and write
|
||
|
68CE000
|
stack
|
page read and write
|
||
|
196E000
|
stack
|
page read and write
|
||
|
4AE0000
|
trusted library allocation
|
page read and write
|
||
|
177D000
|
stack
|
page read and write
|
||
|
76BE000
|
stack
|
page read and write
|
||
|
9ED000
|
stack
|
page read and write
|
||
|
4F74000
|
heap
|
page read and write
|
||
|
4A20000
|
trusted library allocation
|
page read and write
|
||
|
140000
|
unkown
|
page readonly
|
||
|
10000000
|
direct allocation
|
page read and write
|
||
|
3349000
|
trusted library allocation
|
page read and write
|
||
|
B4B0000
|
trusted library section
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
3BBF000
|
stack
|
page read and write
|
||
|
31C0000
|
trusted library allocation
|
page read and write
|
||
|
B32000
|
trusted library allocation
|
page read and write
|
||
|
B47000
|
trusted library allocation
|
page execute and read and write
|
||
|
32F0000
|
trusted library allocation
|
page read and write
|
||
|
B20000
|
trusted library allocation
|
page read and write
|
||
|
142000
|
unkown
|
page readonly
|
||
|
184E000
|
stack
|
page read and write
|
||
|
7781000
|
heap
|
page read and write
|
||
|
A7CC000
|
stack
|
page read and write
|
||
|
F3E000
|
stack
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
3114000
|
trusted library allocation
|
page read and write
|
||
|
4048000
|
heap
|
page read and write
|
||
|
1670000
|
heap
|
page read and write
|
||
|
5EC0000
|
trusted library allocation
|
page read and write
|
||
|
14FC000
|
stack
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
68E4000
|
heap
|
page read and write
|
||
|
113F000
|
stack
|
page read and write
|
||
|
691A000
|
heap
|
page read and write
|
||
|
5910000
|
trusted library allocation
|
page read and write
|
||
|
3132000
|
trusted library allocation
|
page read and write
|
||
|
B879000
|
trusted library allocation
|
page read and write
|
||
|
A97D000
|
stack
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
364D000
|
trusted library allocation
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
24F1000
|
trusted library allocation
|
page read and write
|
||
|
1196000
|
heap
|
page read and write
|
||
|
17CF000
|
stack
|
page read and write
|
||
|
759E000
|
stack
|
page read and write
|
||
|
2632000
|
trusted library allocation
|
page read and write
|
||
|
5CB0000
|
heap
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11B6000
|
heap
|
page read and write
|
||
|
44F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4319000
|
trusted library allocation
|
page read and write
|
||
|
5851000
|
trusted library allocation
|
page read and write
|
||
|
B10000
|
trusted library allocation
|
page read and write
|
||
|
3110000
|
trusted library allocation
|
page read and write
|
||
|
312D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A90000
|
heap
|
page read and write
|
||
|
1800000
|
heap
|
page read and write
|
||
|
B3A000
|
trusted library allocation
|
page execute and read and write
|
||
|
75DD000
|
stack
|
page read and write
|
||
|
E8E000
|
stack
|
page read and write
|
||
|
49D4000
|
trusted library allocation
|
page read and write
|
||
|
B0F000
|
stack
|
page read and write
|
||
|
7F3000
|
heap
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
4C80000
|
heap
|
page read and write
|
||
|
B30000
|
trusted library allocation
|
page read and write
|
||
|
3142000
|
trusted library allocation
|
page read and write
|
||
|
33B4000
|
trusted library allocation
|
page read and write
|
||
|
4AB0000
|
heap
|
page read and write
|
||
|
775C000
|
heap
|
page read and write
|
||
|
76C0000
|
heap
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
7F2E000
|
stack
|
page read and write
|
||
|
A43E000
|
stack
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
BE4D000
|
stack
|
page read and write
|
||
|
A57D000
|
stack
|
page read and write
|
||
|
440A000
|
trusted library allocation
|
page read and write
|
||
|
4ACF000
|
trusted library allocation
|
page read and write
|
||
|
32E0000
|
trusted library allocation
|
page read and write
|
||
|
11A0000
|
heap
|
page read and write
|
||
|
2E9000
|
stack
|
page read and write
|
||
|
B14000
|
trusted library allocation
|
page read and write
|
||
|
2320000
|
trusted library allocation
|
page execute and read and write
|
||
|
4ECE000
|
stack
|
page read and write
|
||
|
49F1000
|
trusted library allocation
|
page read and write
|
||
|
32E6000
|
trusted library allocation
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
7C6E000
|
stack
|
page read and write
|
||
|
3D48000
|
trusted library allocation
|
page read and write
|
||
|
1190000
|
heap
|
page read and write
|
||
|
16CE000
|
stack
|
page read and write
|
||
|
9AE000
|
stack
|
page read and write
|
||
|
74C0000
|
heap
|
page read and write
|
||
|
B77000
|
heap
|
page read and write
|
||
|
5830000
|
trusted library allocation
|
page read and write
|
||
|
1563000
|
heap
|
page read and write
|
||
|
26D0000
|
heap
|
page read and write
|
||
|
309A000
|
heap
|
page read and write
|
||
|
2C0E000
|
stack
|
page read and write
|
||
|
40D0000
|
heap
|
page read and write
|
||
|
137F000
|
stack
|
page read and write
|
||
|
49EE000
|
trusted library allocation
|
page read and write
|
||
|
4A10000
|
trusted library allocation
|
page read and write
|
||
|
7100000
|
heap
|
page read and write
|
||
|
3E7000
|
stack
|
page read and write
|
||
|
4516000
|
trusted library allocation
|
page read and write
|
||
|
307C000
|
heap
|
page read and write
|
||
|
6D22000
|
trusted library allocation
|
page read and write
|
||
|
2D0F000
|
stack
|
page read and write
|
||
|
5950000
|
heap
|
page read and write
|
||
|
7920000
|
heap
|
page read and write
|
||
|
A90D000
|
stack
|
page read and write
|
||
|
239E000
|
stack
|
page read and write
|
||
|
265E000
|
stack
|
page read and write
|
||
|
31B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
172E000
|
stack
|
page read and write
|
||
|
5920000
|
heap
|
page read and write
|
||
|
777D000
|
heap
|
page read and write
|
||
|
5875000
|
trusted library allocation
|
page read and write
|
||
|
17BE000
|
stack
|
page read and write
|
||
|
177F000
|
stack
|
page read and write
|
||
|
5B40000
|
trusted library section
|
page readonly
|
||
|
583B000
|
trusted library allocation
|
page read and write
|
||
|
5060000
|
trusted library allocation
|
page execute and read and write
|
||
|
119C000
|
heap
|
page read and write
|
||
|
76E1000
|
heap
|
page read and write
|
||
|
781E000
|
stack
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
4AC0000
|
trusted library allocation
|
page read and write
|
||
|
13E5000
|
heap
|
page read and write
|
||
|
4311000
|
trusted library allocation
|
page read and write
|
||
|
7BE000
|
heap
|
page read and write
|
||
|
32E4000
|
trusted library allocation
|
page read and write
|
||
|
5953000
|
heap
|
page read and write
|
||
|
A2FD000
|
stack
|
page read and write
|
||
|
4A00000
|
trusted library allocation
|
page read and write
|
||
|
456000
|
system
|
page execute and read and write
|
||
|
474000
|
remote allocation
|
page execute and read and write
|
||
|
4461000
|
trusted library allocation
|
page read and write
|
||
|
4F30000
|
heap
|
page read and write
|
||
|
32DF000
|
stack
|
page read and write
|
||
|
14D0000
|
heap
|
page read and write
|
||
|
F5B000
|
heap
|
page read and write
|
||
|
474000
|
remote allocation
|
page execute and read and write
|
||
|
3030000
|
heap
|
page read and write
|
||
|
2BAE000
|
unkown
|
page read and write
|
||
|
4ED0000
|
trusted library allocation
|
page read and write
|
||
|
A770000
|
heap
|
page read and write
|
||
|
ACC000
|
stack
|
page read and write
|
||
|
1520000
|
heap
|
page read and write
|
||
|
25D0000
|
heap
|
page read and write
|
||
|
3FD0000
|
heap
|
page read and write
|
||
|
3580000
|
heap
|
page read and write
|
||
|
74CE000
|
heap
|
page read and write
|
||
|
4390000
|
heap
|
page read and write
|
||
|
2FCE000
|
stack
|
page read and write
|
||
|
802F000
|
stack
|
page read and write
|
||
|
F7C000
|
stack
|
page read and write
|
||
|
B2AE000
|
stack
|
page read and write
|
||
|
116C000
|
stack
|
page read and write
|
||
|
58F2000
|
trusted library allocation
|
page read and write
|
||
|
45C000
|
system
|
page execute and read and write
|
||
|
4B4B000
|
stack
|
page read and write
|
||
|
24A0000
|
heap
|
page read and write
|
||
|
1187000
|
heap
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
B36000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A25000
|
trusted library allocation
|
page read and write
|
||
|
5310000
|
trusted library allocation
|
page execute and read and write
|
||
|
1556000
|
heap
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
12FC000
|
stack
|
page read and write
|
||
|
150B000
|
heap
|
page read and write
|
||
|
3147000
|
trusted library allocation
|
page execute and read and write
|
||
|
49DB000
|
trusted library allocation
|
page read and write
|
||
|
147E000
|
stack
|
page read and write
|
||
|
27EA000
|
stack
|
page read and write
|
||
|
26C0000
|
heap
|
page read and write
|
||
|
11F0000
|
heap
|
page read and write
|
||
|
111A000
|
stack
|
page read and write
|
||
|
243A000
|
stack
|
page read and write
|
||
|
5B96000
|
trusted library allocation
|
page read and write
|
||
|
45D000
|
system
|
page execute and read and write
|
||
|
2F8F000
|
stack
|
page read and write
|
||
|
5DD0000
|
heap
|
page read and write
|
||
|
A0BE000
|
stack
|
page read and write
|
||
|
18B0000
|
heap
|
page read and write
|
||
|
136B000
|
stack
|
page read and write
|
||
|
23DB000
|
stack
|
page read and write
|
||
|
B42000
|
trusted library allocation
|
page read and write
|
||
|
5856000
|
trusted library allocation
|
page read and write
|
||
|
AAFE000
|
stack
|
page read and write
|
||
|
38BF000
|
stack
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
4CA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
25BE000
|
unkown
|
page read and write
|
||
|
3BAF000
|
stack
|
page read and write
|
||
|
AE5B000
|
trusted library allocation
|
page read and write
|
||
|
2B00000
|
heap
|
page read and write
|
||
|
4A50000
|
trusted library allocation
|
page read and write
|
There are 452 hidden memdumps, click here to show them.