Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
z1MB267382625AE.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\z1MB267382625AE.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmpCA64.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\pNgFqm.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\pNgFqm.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\pNgFqm.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0lids2i0.t1m.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4qt33czf.h1g.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5t3f3ljf.e33.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b3qkfkgz.2gb.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dbn0vzlk.3d4.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eo233raw.kx0.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ndvlinkz.2qm.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zowk15da.xvq.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpDFA2.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\z1MB267382625AE.exe
|
"C:\Users\user\Desktop\z1MB267382625AE.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\z1MB267382625AE.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\pNgFqm.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\pNgFqm" /XML "C:\Users\user\AppData\Local\Temp\tmpCA64.tmp"
|
|
|
|
C:\Users\user\Desktop\z1MB267382625AE.exe
|
"C:\Users\user\Desktop\z1MB267382625AE.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\pNgFqm.exe
|
C:\Users\user\AppData\Roaming\pNgFqm.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\pNgFqm" /XML "C:\Users\user\AppData\Local\Temp\tmpDFA2.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\pNgFqm.exe
|
"C:\Users\user\AppData\Roaming\pNgFqm.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 3 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://reallyfreegeoip.org
|
unknown
|
||
|
http://crl.microsoft.c
|
unknown
|
||
|
http://checkip.dyndns.org
|
unknown
|
||
|
http://checkip.dyndns.org/
|
132.226.247.73
|
||
|
http://checkip.dyndns.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/8.46.123.75
|
188.114.97.3
|
||
|
https://reallyfreegeoip.org/xml/8.46.123.75$
|
unknown
|
||
|
http://checkip.dyndns.org/q
|
unknown
|
||
|
http://reallyfreegeoip.org
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/
|
unknown
|
There are 1 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
reallyfreegeoip.org
|
188.114.97.3
|
||
|
checkip.dyndns.com
|
132.226.247.73
|
||
|
checkip.dyndns.org
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
188.114.97.3
|
reallyfreegeoip.org
|
European Union
|
||
|
132.226.247.73
|
checkip.dyndns.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z1MB267382625AE_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z1MB267382625AE_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z1MB267382625AE_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z1MB267382625AE_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z1MB267382625AE_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z1MB267382625AE_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z1MB267382625AE_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z1MB267382625AE_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z1MB267382625AE_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z1MB267382625AE_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z1MB267382625AE_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z1MB267382625AE_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z1MB267382625AE_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z1MB267382625AE_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\pNgFqm_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\pNgFqm_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\pNgFqm_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\pNgFqm_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\pNgFqm_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\pNgFqm_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\pNgFqm_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\pNgFqm_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\pNgFqm_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\pNgFqm_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\pNgFqm_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\pNgFqm_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\pNgFqm_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\pNgFqm_RASMANCS
|
FileDirectory
|
There are 19 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
41A000
|
remote allocation
|
page execute and read and write
|
|
|
|
29D1000
|
trusted library allocation
|
page read and write
|
|
|
|
41B000
|
remote allocation
|
page execute and read and write
|
|
|
|
2B8D000
|
trusted library allocation
|
page read and write
|
|
|
|
2FE1000
|
trusted library allocation
|
page read and write
|
|
|
|
31A9000
|
trusted library allocation
|
page read and write
|
|
|
|
3759000
|
trusted library allocation
|
page read and write
|
|
|
|
700000
|
trusted library allocation
|
page read and write
|
||
|
3887000
|
trusted library allocation
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
3098000
|
trusted library allocation
|
page read and write
|
||
|
D6A000
|
heap
|
page read and write
|
||
|
3E5000
|
heap
|
page read and write
|
||
|
2AD0000
|
trusted library allocation
|
page read and write
|
||
|
3137000
|
trusted library allocation
|
page read and write
|
||
|
3215000
|
trusted library allocation
|
page read and write
|
||
|
37DE000
|
trusted library allocation
|
page read and write
|
||
|
6F3000
|
trusted library allocation
|
page read and write
|
||
|
696E000
|
stack
|
page read and write
|
||
|
4F48000
|
heap
|
page read and write
|
||
|
326D000
|
trusted library allocation
|
page read and write
|
||
|
73E000
|
heap
|
page read and write
|
||
|
5440000
|
heap
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
DBA000
|
heap
|
page read and write
|
||
|
D3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1284000
|
trusted library allocation
|
page read and write
|
||
|
67A0000
|
trusted library allocation
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
3263000
|
trusted library allocation
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
41C000
|
remote allocation
|
page execute and read and write
|
||
|
4F7000
|
stack
|
page read and write
|
||
|
3122000
|
trusted library allocation
|
page read and write
|
||
|
406B000
|
trusted library allocation
|
page read and write
|
||
|
89FE000
|
stack
|
page read and write
|
||
|
128D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5456000
|
trusted library allocation
|
page read and write
|
||
|
546A000
|
trusted library allocation
|
page read and write
|
||
|
6C5F000
|
trusted library allocation
|
page read and write
|
||
|
4D40000
|
trusted library allocation
|
page read and write
|
||
|
D48000
|
heap
|
page read and write
|
||
|
6C53000
|
trusted library allocation
|
page read and write
|
||
|
312F000
|
trusted library allocation
|
page read and write
|
||
|
311E000
|
trusted library allocation
|
page read and write
|
||
|
2591000
|
trusted library allocation
|
page read and write
|
||
|
30A2000
|
trusted library allocation
|
page read and write
|
||
|
5550000
|
trusted library allocation
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
5490000
|
trusted library allocation
|
page read and write
|
||
|
1070000
|
trusted library allocation
|
page read and write
|
||
|
30A4000
|
trusted library allocation
|
page read and write
|
||
|
70A000
|
trusted library allocation
|
page execute and read and write
|
||
|
DD9000
|
heap
|
page read and write
|
||
|
3751000
|
trusted library allocation
|
page read and write
|
||
|
25B6000
|
trusted library allocation
|
page read and write
|
||
|
D34000
|
trusted library allocation
|
page read and write
|
||
|
312A000
|
trusted library allocation
|
page read and write
|
||
|
4C90000
|
trusted library allocation
|
page execute and read and write
|
||
|
D76000
|
heap
|
page read and write
|
||
|
F50000
|
trusted library allocation
|
page read and write
|
||
|
100E000
|
stack
|
page read and write
|
||
|
315F000
|
trusted library allocation
|
page read and write
|
||
|
12B5000
|
heap
|
page read and write
|
||
|
1500000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FB0000
|
trusted library allocation
|
page read and write
|
||
|
6763000
|
trusted library allocation
|
page read and write
|
||
|
6D40000
|
trusted library allocation
|
page execute and read and write
|
||
|
835E000
|
stack
|
page read and write
|
||
|
88BF000
|
stack
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
50F2000
|
heap
|
page read and write
|
||
|
4047000
|
trusted library allocation
|
page read and write
|
||
|
4A90000
|
trusted library allocation
|
page read and write
|
||
|
644F000
|
stack
|
page read and write
|
||
|
F4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2627000
|
trusted library allocation
|
page read and write
|
||
|
B37000
|
stack
|
page read and write
|
||
|
52DD000
|
stack
|
page read and write
|
||
|
67EB000
|
heap
|
page read and write
|
||
|
2700000
|
heap
|
page read and write
|
||
|
2980000
|
heap
|
page read and write
|
||
|
265E000
|
stack
|
page read and write
|
||
|
57D000
|
stack
|
page read and write
|
||
|
B06000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A78000
|
trusted library allocation
|
page read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
2930000
|
trusted library allocation
|
page read and write
|
||
|
62CE000
|
stack
|
page read and write
|
||
|
827F000
|
stack
|
page read and write
|
||
|
6C50000
|
trusted library allocation
|
page read and write
|
||
|
308C000
|
trusted library allocation
|
page read and write
|
||
|
3133000
|
trusted library allocation
|
page read and write
|
||
|
A3A000
|
stack
|
page read and write
|
||
|
321B000
|
trusted library allocation
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
5C0E000
|
stack
|
page read and write
|
||
|
6C38000
|
trusted library allocation
|
page read and write
|
||
|
83BE000
|
stack
|
page read and write
|
||
|
29B0000
|
trusted library allocation
|
page read and write
|
||
|
871B000
|
stack
|
page read and write
|
||
|
2FB8000
|
heap
|
page read and write
|
||
|
2DEA000
|
heap
|
page read and write
|
||
|
2C53000
|
trusted library allocation
|
page read and write
|
||
|
F65000
|
trusted library allocation
|
page execute and read and write
|
||
|
2951000
|
trusted library allocation
|
page read and write
|
||
|
12AA000
|
trusted library allocation
|
page execute and read and write
|
||
|
260000
|
unkown
|
page readonly
|
||
|
2B43000
|
trusted library allocation
|
page read and write
|
||
|
36F4000
|
trusted library allocation
|
page read and write
|
||
|
4F0F000
|
trusted library allocation
|
page read and write
|
||
|
25C0000
|
trusted library allocation
|
page read and write
|
||
|
6CF0000
|
trusted library allocation
|
page read and write
|
||
|
25CF000
|
trusted library allocation
|
page read and write
|
||
|
4EB0000
|
trusted library allocation
|
page read and write
|
||
|
12A2000
|
trusted library allocation
|
page read and write
|
||
|
3095000
|
trusted library allocation
|
page read and write
|
||
|
2970000
|
trusted library allocation
|
page read and write
|
||
|
92F000
|
stack
|
page read and write
|
||
|
1492000
|
trusted library allocation
|
page read and write
|
||
|
5482000
|
trusted library allocation
|
page read and write
|
||
|
87BE000
|
stack
|
page read and write
|
||
|
40F000
|
remote allocation
|
page execute and read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
AFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
8DA000
|
stack
|
page read and write
|
||
|
29CE000
|
unkown
|
page read and write
|
||
|
106E000
|
stack
|
page read and write
|
||
|
2596000
|
trusted library allocation
|
page read and write
|
||
|
5520000
|
trusted library allocation
|
page read and write
|
||
|
4BD0000
|
trusted library allocation
|
page read and write
|
||
|
294A000
|
trusted library allocation
|
page read and write
|
||
|
12A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
2980000
|
trusted library allocation
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
4C7E000
|
stack
|
page read and write
|
||
|
2976000
|
trusted library allocation
|
page read and write
|
||
|
849E000
|
stack
|
page read and write
|
||
|
658E000
|
stack
|
page read and write
|
||
|
11AA000
|
heap
|
page read and write
|
||
|
1187000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
5BDE000
|
stack
|
page read and write
|
||
|
2C02000
|
trusted library allocation
|
page read and write
|
||
|
3126000
|
trusted library allocation
|
page read and write
|
||
|
A5A000
|
heap
|
page read and write
|
||
|
B5E000
|
stack
|
page read and write
|
||
|
25D5000
|
trusted library allocation
|
page read and write
|
||
|
5420000
|
trusted library allocation
|
page read and write
|
||
|
648E000
|
stack
|
page read and write
|
||
|
322E000
|
trusted library allocation
|
page read and write
|
||
|
2B14000
|
trusted library allocation
|
page read and write
|
||
|
319B000
|
trusted library allocation
|
page read and write
|
||
|
4CFB000
|
stack
|
page read and write
|
||
|
30BC000
|
trusted library allocation
|
page read and write
|
||
|
B00000
|
trusted library allocation
|
page read and write
|
||
|
D22000
|
trusted library allocation
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
595E000
|
stack
|
page read and write
|
||
|
4F00000
|
heap
|
page read and write
|
||
|
F3F000
|
stack
|
page read and write
|
||
|
2B0C000
|
trusted library allocation
|
page read and write
|
||
|
86DF000
|
stack
|
page read and write
|
||
|
4D50000
|
heap
|
page read and write
|
||
|
126C000
|
heap
|
page read and write
|
||
|
845F000
|
stack
|
page read and write
|
||
|
4D63000
|
heap
|
page read and write
|
||
|
2C0D000
|
trusted library allocation
|
page read and write
|
||
|
757000
|
heap
|
page read and write
|
||
|
381E000
|
trusted library allocation
|
page read and write
|
||
|
4009000
|
trusted library allocation
|
page read and write
|
||
|
8B40000
|
heap
|
page read and write
|
||
|
B30000
|
trusted library allocation
|
page read and write
|
||
|
6750000
|
trusted library allocation
|
page execute and read and write
|
||
|
262000
|
unkown
|
page readonly
|
||
|
506D000
|
stack
|
page read and write
|
||
|
88FE000
|
stack
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
4B90000
|
trusted library allocation
|
page read and write
|
||
|
2C55000
|
trusted library allocation
|
page read and write
|
||
|
50CF000
|
heap
|
page read and write
|
||
|
546E000
|
trusted library allocation
|
page read and write
|
||
|
3210000
|
trusted library allocation
|
page read and write
|
||
|
39F9000
|
trusted library allocation
|
page read and write
|
||
|
6C2E000
|
stack
|
page read and write
|
||
|
6C60000
|
trusted library allocation
|
page execute and read and write
|
||
|
4EAE000
|
stack
|
page read and write
|
||
|
2A80000
|
trusted library allocation
|
page read and write
|
||
|
6830000
|
heap
|
page read and write
|
||
|
2B20000
|
trusted library allocation
|
page read and write
|
||
|
2B10000
|
trusted library allocation
|
page read and write
|
||
|
4F31000
|
heap
|
page read and write
|
||
|
1495000
|
trusted library allocation
|
page execute and read and write
|
||
|
AF0000
|
trusted library allocation
|
page read and write
|
||
|
49B0000
|
trusted library allocation
|
page read and write
|
||
|
57FD000
|
heap
|
page read and write
|
||
|
4EEB000
|
stack
|
page read and write
|
||
|
F5A000
|
trusted library allocation
|
page execute and read and write
|
||
|
316D000
|
trusted library allocation
|
page read and write
|
||
|
633A000
|
heap
|
page read and write
|
||
|
6D0000
|
trusted library allocation
|
page read and write
|
||
|
2C59000
|
trusted library allocation
|
page read and write
|
||
|
2C90000
|
trusted library allocation
|
page read and write
|
||
|
2F0E000
|
stack
|
page read and write
|
||
|
2B51000
|
trusted library allocation
|
page read and write
|
||
|
113E000
|
stack
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
3619000
|
trusted library allocation
|
page read and write
|
||
|
3087000
|
trusted library allocation
|
page read and write
|
||
|
2AD4000
|
trusted library allocation
|
page read and write
|
||
|
2942000
|
trusted library allocation
|
page read and write
|
||
|
294E000
|
trusted library allocation
|
page read and write
|
||
|
3FE1000
|
trusted library allocation
|
page read and write
|
||
|
2769000
|
trusted library allocation
|
page read and write
|
||
|
3267000
|
trusted library allocation
|
page read and write
|
||
|
5556000
|
trusted library allocation
|
page read and write
|
||
|
3261000
|
trusted library allocation
|
page read and write
|
||
|
2C7E000
|
stack
|
page read and write
|
||
|
1490000
|
trusted library allocation
|
page read and write
|
||
|
886D000
|
stack
|
page read and write
|
||
|
6811000
|
heap
|
page read and write
|
||
|
E23000
|
heap
|
page read and write
|
||
|
AE4000
|
trusted library allocation
|
page read and write
|
||
|
4C6E000
|
stack
|
page read and write
|
||
|
25A2000
|
trusted library allocation
|
page read and write
|
||
|
859F000
|
stack
|
page read and write
|
||
|
257B000
|
trusted library allocation
|
page read and write
|
||
|
73A000
|
heap
|
page read and write
|
||
|
2FC0000
|
trusted library allocation
|
page read and write
|
||
|
6ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
155D000
|
stack
|
page read and write
|
||
|
1020000
|
heap
|
page execute and read and write
|
||
|
71B000
|
trusted library allocation
|
page execute and read and write
|
||
|
D1D000
|
trusted library allocation
|
page read and write
|
||
|
DBE000
|
stack
|
page read and write
|
||
|
3A38000
|
trusted library allocation
|
page read and write
|
||
|
2AAE000
|
trusted library allocation
|
page read and write
|
||
|
4D60000
|
heap
|
page read and write
|
||
|
58D0000
|
heap
|
page read and write
|
||
|
8B60000
|
trusted library allocation
|
page read and write
|
||
|
F56000
|
trusted library allocation
|
page execute and read and write
|
||
|
6D20000
|
heap
|
page read and write
|
||
|
129D000
|
trusted library allocation
|
page execute and read and write
|
||
|
30DF000
|
trusted library allocation
|
page read and write
|
||
|
664E000
|
stack
|
page read and write
|
||
|
820E000
|
stack
|
page read and write
|
||
|
67B0000
|
heap
|
page read and write
|
||
|
4D00000
|
heap
|
page read and write
|
||
|
2A96000
|
trusted library allocation
|
page read and write
|
||
|
6C80000
|
trusted library allocation
|
page read and write
|
||
|
1510000
|
heap
|
page execute and read and write
|
||
|
149B000
|
trusted library allocation
|
page execute and read and write
|
||
|
4950000
|
heap
|
page execute and read and write
|
||
|
2C29000
|
trusted library allocation
|
page read and write
|
||
|
293E000
|
trusted library allocation
|
page read and write
|
||
|
640E000
|
stack
|
page read and write
|
||
|
D30000
|
trusted library allocation
|
page read and write
|
||
|
764000
|
heap
|
page read and write
|
||
|
6C40000
|
trusted library allocation
|
page execute and read and write
|
||
|
5850000
|
heap
|
page execute and read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
3686000
|
trusted library allocation
|
page read and write
|
||
|
4F00000
|
trusted library allocation
|
page read and write
|
||
|
1080000
|
heap
|
page read and write
|
||
|
311A000
|
trusted library allocation
|
page read and write
|
||
|
6770000
|
trusted library allocation
|
page execute and read and write
|
||
|
712000
|
trusted library allocation
|
page read and write
|
||
|
82D000
|
stack
|
page read and write
|
||
|
6850000
|
trusted library allocation
|
page execute and read and write
|
||
|
6C3B000
|
trusted library allocation
|
page read and write
|
||
|
D30000
|
trusted library allocation
|
page read and write
|
||
|
D70000
|
trusted library allocation
|
page read and write
|
||
|
2B28000
|
trusted library allocation
|
page read and write
|
||
|
2A7B000
|
trusted library allocation
|
page read and write
|
||
|
3084000
|
trusted library allocation
|
page read and write
|
||
|
CFB000
|
trusted library allocation
|
page read and write
|
||
|
B12000
|
trusted library allocation
|
page read and write
|
||
|
59F0000
|
trusted library allocation
|
page read and write
|
||
|
D20000
|
trusted library allocation
|
page read and write
|
||
|
49C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
8B70000
|
trusted library allocation
|
page read and write
|
||
|
4062000
|
trusted library allocation
|
page read and write
|
||
|
403000
|
remote allocation
|
page execute and read and write
|
||
|
302000
|
unkown
|
page readonly
|
||
|
F62000
|
trusted library allocation
|
page read and write
|
||
|
4960000
|
trusted library allocation
|
page read and write
|
||
|
86A000
|
stack
|
page read and write
|
||
|
D65000
|
trusted library allocation
|
page read and write
|
||
|
5558000
|
trusted library allocation
|
page read and write
|
||
|
4CA0000
|
trusted library allocation
|
page read and write
|
||
|
F6B000
|
trusted library allocation
|
page execute and read and write
|
||
|
3A69000
|
trusted library allocation
|
page read and write
|
||
|
3233000
|
trusted library allocation
|
page read and write
|
||
|
68ED000
|
stack
|
page read and write
|
||
|
5DBE000
|
stack
|
page read and write
|
||
|
D60000
|
trusted library allocation
|
page read and write
|
||
|
97E000
|
stack
|
page read and write
|
||
|
D11000
|
trusted library allocation
|
page read and write
|
||
|
AE3000
|
trusted library allocation
|
page execute and read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
B1B000
|
trusted library allocation
|
page execute and read and write
|
||
|
D0E000
|
trusted library allocation
|
page read and write
|
||
|
7AE000
|
stack
|
page read and write
|
||
|
14B0000
|
trusted library allocation
|
page read and write
|
||
|
542E000
|
stack
|
page read and write
|
||
|
2570000
|
trusted library allocation
|
page read and write
|
||
|
5790000
|
heap
|
page read and write
|
||
|
AE0000
|
trusted library allocation
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
3759000
|
trusted library allocation
|
page read and write
|
||
|
2C20000
|
trusted library allocation
|
page read and write
|
||
|
6C30000
|
trusted library allocation
|
page read and write
|
||
|
6760000
|
trusted library allocation
|
page read and write
|
||
|
853E000
|
stack
|
page read and write
|
||
|
896E000
|
stack
|
page read and write
|
||
|
3144000
|
trusted library allocation
|
page read and write
|
||
|
2AC3000
|
trusted library allocation
|
page read and write
|
||
|
632F000
|
heap
|
page read and write
|
||
|
660E000
|
stack
|
page read and write
|
||
|
74F000
|
heap
|
page read and write
|
||
|
6D60000
|
heap
|
page read and write
|
||
|
39D1000
|
trusted library allocation
|
page read and write
|
||
|
FCE000
|
stack
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
66AE000
|
stack
|
page read and write
|
||
|
692E000
|
stack
|
page read and write
|
||
|
318D000
|
trusted library allocation
|
page read and write
|
||
|
2865000
|
trusted library allocation
|
page read and write
|
||
|
399000
|
stack
|
page read and write
|
||
|
30DB000
|
trusted library allocation
|
page read and write
|
||
|
2974000
|
trusted library allocation
|
page read and write
|
||
|
59F4000
|
trusted library allocation
|
page read and write
|
||
|
3225000
|
trusted library allocation
|
page read and write
|
||
|
D50000
|
trusted library allocation
|
page read and write
|
||
|
2460000
|
heap
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
6780000
|
trusted library allocation
|
page execute and read and write
|
||
|
B80000
|
trusted library allocation
|
page execute and read and write
|
||
|
8A3C000
|
stack
|
page read and write
|
||
|
329E000
|
trusted library allocation
|
page read and write
|
||
|
CCE000
|
stack
|
page read and write
|
||
|
89D000
|
stack
|
page read and write
|
||
|
406000
|
remote allocation
|
page execute and read and write
|
||
|
55D0000
|
heap
|
page read and write
|
||
|
30E3000
|
trusted library allocation
|
page read and write
|
||
|
80CE000
|
stack
|
page read and write
|
||
|
1BA000
|
stack
|
page read and write
|
||
|
2CC0000
|
heap
|
page read and write
|
||
|
2B24000
|
trusted library allocation
|
page read and write
|
||
|
3091000
|
trusted library allocation
|
page read and write
|
||
|
7EE000
|
heap
|
page read and write
|
||
|
29AE000
|
unkown
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
4F10000
|
heap
|
page execute and read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
4E9E000
|
stack
|
page read and write
|
||
|
2962000
|
trusted library allocation
|
page read and write
|
||
|
8A8000
|
heap
|
page read and write
|
||
|
554E000
|
trusted library allocation
|
page read and write
|
||
|
2611000
|
trusted library allocation
|
page read and write
|
||
|
85D000
|
heap
|
page read and write
|
||
|
5000000
|
trusted library allocation
|
page execute and read and write
|
||
|
5450000
|
trusted library allocation
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
2730000
|
heap
|
page read and write
|
||
|
CF0000
|
trusted library allocation
|
page read and write
|
||
|
25B4000
|
trusted library allocation
|
page read and write
|
||
|
51C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
863F000
|
stack
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
50C0000
|
heap
|
page read and write
|
||
|
2F20000
|
heap
|
page read and write
|
||
|
1170000
|
trusted library allocation
|
page read and write
|
||
|
259D000
|
trusted library allocation
|
page read and write
|
||
|
674E000
|
stack
|
page read and write
|
||
|
547D000
|
trusted library allocation
|
page read and write
|
||
|
1290000
|
trusted library allocation
|
page read and write
|
||
|
256C000
|
stack
|
page read and write
|
||
|
484B000
|
stack
|
page read and write
|
||
|
4F10000
|
heap
|
page read and write
|
||
|
2440000
|
trusted library allocation
|
page execute and read and write
|
||
|
50EA000
|
heap
|
page read and write
|
||
|
772000
|
heap
|
page read and write
|
||
|
40E000
|
remote allocation
|
page execute and read and write
|
||
|
67AE000
|
stack
|
page read and write
|
||
|
2B1C000
|
trusted library allocation
|
page read and write
|
||
|
706000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C3F000
|
unkown
|
page read and write
|
||
|
8820000
|
heap
|
page read and write
|
||
|
4BB0000
|
trusted library allocation
|
page read and write
|
||
|
5F5000
|
heap
|
page read and write
|
||
|
B0A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2956000
|
trusted library allocation
|
page read and write
|
||
|
410000
|
remote allocation
|
page execute and read and write
|
||
|
2936000
|
trusted library allocation
|
page read and write
|
||
|
B65000
|
heap
|
page read and write
|
||
|
5530000
|
trusted library allocation
|
page execute and read and write
|
||
|
6C36000
|
trusted library allocation
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
3189000
|
trusted library allocation
|
page read and write
|
||
|
29C0000
|
heap
|
page read and write
|
||
|
325B000
|
trusted library allocation
|
page read and write
|
||
|
F40000
|
trusted library allocation
|
page read and write
|
||
|
5C10000
|
trusted library section
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
6A6E000
|
stack
|
page read and write
|
||
|
823000
|
heap
|
page read and write
|
||
|
2C17000
|
trusted library allocation
|
page read and write
|
||
|
8970000
|
trusted library allocation
|
page read and write
|
||
|
76E000
|
stack
|
page read and write
|
||
|
998000
|
trusted library allocation
|
page read and write
|
||
|
10F7000
|
stack
|
page read and write
|
||
|
49D8000
|
trusted library allocation
|
page read and write
|
||
|
25E0000
|
trusted library allocation
|
page read and write
|
||
|
810E000
|
stack
|
page read and write
|
||
|
AED000
|
trusted library allocation
|
page execute and read and write
|
||
|
25D0000
|
trusted library allocation
|
page read and write
|
||
|
7CA000
|
heap
|
page read and write
|
||
|
AF3000
|
trusted library allocation
|
page read and write
|
||
|
85DE000
|
stack
|
page read and write
|
||
|
6E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F7000
|
stack
|
page read and write
|
||
|
2CBF000
|
stack
|
page read and write
|
||
|
6C70000
|
trusted library allocation
|
page execute and read and write
|
||
|
1283000
|
trusted library allocation
|
page execute and read and write
|
||
|
6FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A83000
|
trusted library allocation
|
page read and write
|
||
|
8B3C000
|
stack
|
page read and write
|
||
|
DE5000
|
heap
|
page read and write
|
||
|
5BE000
|
stack
|
page read and write
|
||
|
4BA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
B17000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B7E000
|
trusted library allocation
|
page read and write
|
||
|
402000
|
remote allocation
|
page execute and read and write
|
||
|
1497000
|
trusted library allocation
|
page execute and read and write
|
||
|
881C000
|
stack
|
page read and write
|
||
|
6B2E000
|
stack
|
page read and write
|
||
|
50BE000
|
stack
|
page read and write
|
||
|
4B92000
|
trusted library allocation
|
page read and write
|
||
|
6E0000
|
trusted library allocation
|
page read and write
|
||
|
61CE000
|
stack
|
page read and write
|
||
|
258E000
|
trusted library allocation
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
29A3000
|
heap
|
page read and write
|
||
|
37BE000
|
trusted library allocation
|
page read and write
|
||
|
29A0000
|
heap
|
page read and write
|
||
|
5540000
|
trusted library allocation
|
page read and write
|
||
|
29D0000
|
heap
|
page read and write
|
||
|
14FE000
|
stack
|
page read and write
|
||
|
CAE000
|
stack
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
51D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
F52000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
4EF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4B23000
|
heap
|
page read and write
|
||
|
5040000
|
trusted library allocation
|
page read and write
|
||
|
2D0E000
|
stack
|
page read and write
|
||
|
6790000
|
trusted library allocation
|
page read and write
|
||
|
867E000
|
stack
|
page read and write
|
||
|
5B0E000
|
stack
|
page read and write
|
||
|
4C20000
|
trusted library allocation
|
page execute and read and write
|
||
|
555B000
|
trusted library allocation
|
page read and write
|
||
|
5CBE000
|
stack
|
page read and write
|
||
|
292F000
|
stack
|
page read and write
|
||
|
4F59000
|
heap
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
2B7A000
|
trusted library allocation
|
page read and write
|
||
|
91E000
|
unkown
|
page read and write
|
||
|
B7E000
|
stack
|
page read and write
|
||
|
6C90000
|
trusted library allocation
|
page read and write
|
||
|
50DE000
|
stack
|
page read and write
|
||
|
11B7000
|
heap
|
page read and write
|
||
|
2C25000
|
trusted library allocation
|
page read and write
|
||
|
5030000
|
heap
|
page execute and read and write
|
||
|
293B000
|
trusted library allocation
|
page read and write
|
||
|
67EE000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
3822000
|
trusted library allocation
|
page read and write
|
||
|
4B6E000
|
stack
|
page read and write
|
||
|
243C000
|
stack
|
page read and write
|
||
|
681C000
|
heap
|
page read and write
|
||
|
F67000
|
trusted library allocation
|
page execute and read and write
|
||
|
1280000
|
trusted library allocation
|
page read and write
|
||
|
6E4000
|
trusted library allocation
|
page read and write
|
||
|
2C4D000
|
trusted library allocation
|
page read and write
|
||
|
5476000
|
trusted library allocation
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
1010000
|
trusted library allocation
|
page execute and read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
49A0000
|
heap
|
page read and write
|
||
|
82BE000
|
stack
|
page read and write
|
||
|
930000
|
trusted library allocation
|
page read and write
|
||
|
578E000
|
stack
|
page read and write
|
||
|
67E9000
|
heap
|
page read and write
|
||
|
1560000
|
heap
|
page read and write
|
||
|
500D000
|
stack
|
page read and write
|
||
|
AD0000
|
trusted library allocation
|
page read and write
|
||
|
65CE000
|
stack
|
page read and write
|
||
|
3A53000
|
trusted library allocation
|
page read and write
|
||
|
62D0000
|
heap
|
page read and write
|
||
|
6C5A000
|
trusted library allocation
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
59FE000
|
trusted library allocation
|
page read and write
|
||
|
4078000
|
trusted library allocation
|
page read and write
|
||
|
54FD000
|
stack
|
page read and write
|
||
|
717000
|
trusted library allocation
|
page execute and read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
4B20000
|
heap
|
page read and write
|
||
|
276B000
|
trusted library allocation
|
page read and write
|
||
|
59FA000
|
trusted library allocation
|
page read and write
|
||
|
407000
|
remote allocation
|
page execute and read and write
|
||
|
7EA000
|
heap
|
page read and write
|
||
|
676F000
|
trusted library allocation
|
page read and write
|
||
|
23FE000
|
stack
|
page read and write
|
||
|
6800000
|
trusted library allocation
|
page read and write
|
||
|
25B0000
|
trusted library allocation
|
page read and write
|
||
|
787000
|
heap
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
1237000
|
heap
|
page read and write
|
||
|
30E7000
|
trusted library allocation
|
page read and write
|
||
|
2C5F000
|
trusted library allocation
|
page read and write
|
||
|
2B18000
|
trusted library allocation
|
page read and write
|
||
|
D5F000
|
trusted library allocation
|
page read and write
|
||
|
3237000
|
trusted library allocation
|
page read and write
|
||
|
D33000
|
trusted library allocation
|
page execute and read and write
|
||
|
D16000
|
trusted library allocation
|
page read and write
|
||
|
29EE000
|
stack
|
page read and write
|
||
|
29A5000
|
trusted library allocation
|
page read and write
|
||
|
676A000
|
trusted library allocation
|
page read and write
|
||
|
37FF000
|
trusted library allocation
|
page read and write
|
||
|
5443000
|
heap
|
page read and write
|
||
|
2600000
|
heap
|
page execute and read and write
|
||
|
50B0000
|
heap
|
page read and write
|
||
|
D90000
|
trusted library allocation
|
page read and write
|
||
|
4C10000
|
trusted library section
|
page read and write
|
||
|
549F000
|
trusted library allocation
|
page read and write
|
||
|
5070000
|
trusted library allocation
|
page read and write
|
||
|
827000
|
heap
|
page read and write
|
||
|
545E000
|
trusted library allocation
|
page read and write
|
||
|
2C07000
|
trusted library allocation
|
page read and write
|
||
|
295D000
|
trusted library allocation
|
page read and write
|
||
|
D09000
|
stack
|
page read and write
|
||
|
2740000
|
heap
|
page execute and read and write
|
||
|
59E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
12A0000
|
trusted library allocation
|
page read and write
|
||
|
4F04000
|
heap
|
page read and write
|
||
|
2668000
|
trusted library allocation
|
page read and write
|
||
|
2450000
|
trusted library allocation
|
page read and write
|
||
|
2ACC000
|
trusted library allocation
|
page read and write
|
||
|
50F0000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
5471000
|
trusted library allocation
|
page read and write
|
||
|
CEB000
|
stack
|
page read and write
|
||
|
545B000
|
trusted library allocation
|
page read and write
|
||
|
2FC4000
|
trusted library allocation
|
page read and write
|
||
|
2751000
|
trusted library allocation
|
page read and write
|
||
|
877E000
|
stack
|
page read and write
|
||
|
3A5D000
|
trusted library allocation
|
page read and write
|
||
|
6F0000
|
trusted library allocation
|
page read and write
|
||
|
6D20000
|
heap
|
page read and write
|
||
|
49D0000
|
trusted library allocation
|
page read and write
|
||
|
3611000
|
trusted library allocation
|
page read and write
|
||
|
30D1000
|
trusted library allocation
|
page read and write
|
||
|
49B2000
|
trusted library allocation
|
page read and write
|
||
|
AAF000
|
stack
|
page read and write
|
||
|
4F19000
|
heap
|
page read and write
|
There are 561 hidden memdumps, click here to show them.