Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
4yOuoT4GFy.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\4yOuoT4GFy.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmp1109.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\StcHfDkbCv.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSBuild.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\StcHfDkbCv.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ammdbpsj.b0f.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_h0qgkaht.0mg.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_inc1as5t.kyl.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jqkzcae0.ekn.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nknxhoy0.tfj.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pcmi03ya.qkz.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pxkclzjc.cqb.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uibbunsl.kxm.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp25D9.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\StcHfDkbCv.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 9 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\4yOuoT4GFy.exe
|
"C:\Users\user\Desktop\4yOuoT4GFy.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\4yOuoT4GFy.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\StcHfDkbCv.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\StcHfDkbCv" /XML "C:\Users\user\AppData\Local\Temp\tmp1109.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\StcHfDkbCv.exe
|
C:\Users\user\AppData\Roaming\StcHfDkbCv.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\StcHfDkbCv" /XML "C:\Users\user\AppData\Local\Temp\tmp25D9.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 3 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
skype.onthewifi.com
|
|
||
|
ronymahmoud.casacam.net
|
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://www.typography.netD
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
There are 18 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
skype.onthewifi.com
|
0.0.0.0
|
|
|
|
ronymahmoud.casacam.net
|
3.145.156.44
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
||
|
s-part-0035.t-0009.t-msedge.net
|
13.107.246.63
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
3.145.156.44
|
ronymahmoud.casacam.net
|
United States
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2A91000
|
trusted library allocation
|
page read and write
|
|
|
|
2612000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
2812000
|
trusted library allocation
|
page read and write
|
|
|
|
6EAD000
|
stack
|
page read and write
|
||
|
A0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7DE000
|
stack
|
page read and write
|
||
|
575E000
|
stack
|
page read and write
|
||
|
2750000
|
trusted library allocation
|
page read and write
|
||
|
6712000
|
trusted library allocation
|
page read and write
|
||
|
287A000
|
trusted library allocation
|
page read and write
|
||
|
4F30000
|
heap
|
page execute and read and write
|
||
|
CBF000
|
stack
|
page read and write
|
||
|
CDD000
|
trusted library allocation
|
page execute and read and write
|
||
|
5580000
|
heap
|
page execute and read and write
|
||
|
50F6000
|
heap
|
page read and write
|
||
|
597000
|
stack
|
page read and write
|
||
|
ECA000
|
heap
|
page read and write
|
||
|
6C16000
|
heap
|
page read and write
|
||
|
E8E000
|
stack
|
page read and write
|
||
|
1350000
|
trusted library allocation
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
9FFE000
|
stack
|
page read and write
|
||
|
1590000
|
trusted library allocation
|
page read and write
|
||
|
56F5000
|
trusted library allocation
|
page read and write
|
||
|
37F7000
|
trusted library allocation
|
page read and write
|
||
|
687000
|
heap
|
page read and write
|
||
|
49D0000
|
trusted library allocation
|
page read and write
|
||
|
4B00000
|
heap
|
page read and write
|
||
|
3578000
|
trusted library allocation
|
page read and write
|
||
|
4CF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D4F000
|
stack
|
page read and write
|
||
|
F60000
|
heap
|
page read and write
|
||
|
1377000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F6E000
|
stack
|
page read and write
|
||
|
1242000
|
trusted library allocation
|
page read and write
|
||
|
5080000
|
heap
|
page read and write
|
||
|
5492000
|
heap
|
page read and write
|
||
|
2BAF000
|
unkown
|
page read and write
|
||
|
4C40000
|
heap
|
page read and write
|
||
|
292E000
|
stack
|
page read and write
|
||
|
B02000
|
heap
|
page read and write
|
||
|
A290000
|
trusted library allocation
|
page read and write
|
||
|
2540000
|
trusted library allocation
|
page read and write
|
||
|
CD3000
|
trusted library allocation
|
page read and write
|
||
|
ACA000
|
heap
|
page read and write
|
||
|
521E000
|
stack
|
page read and write
|
||
|
A6E000
|
stack
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
1BA000
|
stack
|
page read and write
|
||
|
D96000
|
trusted library allocation
|
page read and write
|
||
|
1354000
|
trusted library allocation
|
page read and write
|
||
|
98AE000
|
stack
|
page read and write
|
||
|
2970000
|
trusted library allocation
|
page read and write
|
||
|
1245000
|
heap
|
page read and write
|
||
|
D6D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5FCE000
|
stack
|
page read and write
|
||
|
9DDE000
|
stack
|
page read and write
|
||
|
B7F000
|
heap
|
page read and write
|
||
|
4B83000
|
heap
|
page read and write
|
||
|
5170000
|
heap
|
page read and write
|
||
|
6BF0000
|
heap
|
page read and write
|
||
|
24AB000
|
trusted library allocation
|
page read and write
|
||
|
DB5000
|
trusted library allocation
|
page read and write
|
||
|
56D4000
|
trusted library allocation
|
page read and write
|
||
|
5131000
|
heap
|
page read and write
|
||
|
1232000
|
trusted library allocation
|
page read and write
|
||
|
4D00000
|
trusted library allocation
|
page read and write
|
||
|
9A1E000
|
stack
|
page read and write
|
||
|
109D000
|
stack
|
page read and write
|
||
|
600E000
|
stack
|
page read and write
|
||
|
365B000
|
trusted library allocation
|
page read and write
|
||
|
5D0F000
|
stack
|
page read and write
|
||
|
51DE000
|
stack
|
page read and write
|
||
|
B31000
|
heap
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
277D000
|
stack
|
page read and write
|
||
|
24C6000
|
trusted library allocation
|
page read and write
|
||
|
2FAE000
|
stack
|
page read and write
|
||
|
6CED000
|
stack
|
page read and write
|
||
|
6C28000
|
heap
|
page read and write
|
||
|
CE6000
|
trusted library allocation
|
page execute and read and write
|
||
|
3A91000
|
trusted library allocation
|
page read and write
|
||
|
A37000
|
trusted library allocation
|
page execute and read and write
|
||
|
4B65000
|
heap
|
page read and write
|
||
|
517C000
|
heap
|
page read and write
|
||
|
6B2D000
|
stack
|
page read and write
|
||
|
D75000
|
heap
|
page read and write
|
||
|
227E000
|
stack
|
page read and write
|
||
|
9A5E000
|
stack
|
page read and write
|
||
|
15A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
57D0000
|
heap
|
page read and write
|
||
|
EA8000
|
heap
|
page read and write
|
||
|
6F9D000
|
stack
|
page read and write
|
||
|
6A00000
|
heap
|
page read and write
|
||
|
CEA000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F57000
|
heap
|
page read and write
|
||
|
1247000
|
trusted library allocation
|
page execute and read and write
|
||
|
A60000
|
trusted library allocation
|
page execute and read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
124B000
|
trusted library allocation
|
page execute and read and write
|
||
|
26DE000
|
trusted library allocation
|
page read and write
|
||
|
4D80000
|
heap
|
page read and write
|
||
|
9EFE000
|
stack
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
3A97000
|
trusted library allocation
|
page read and write
|
||
|
4C52000
|
trusted library allocation
|
page read and write
|
||
|
9CAE000
|
stack
|
page read and write
|
||
|
4A98000
|
trusted library allocation
|
page read and write
|
||
|
4C50000
|
trusted library allocation
|
page read and write
|
||
|
99AE000
|
stack
|
page read and write
|
||
|
4F39000
|
heap
|
page read and write
|
||
|
5010000
|
heap
|
page read and write
|
||
|
28EE000
|
stack
|
page read and write
|
||
|
5116000
|
trusted library allocation
|
page read and write
|
||
|
38EC000
|
trusted library allocation
|
page read and write
|
||
|
5431000
|
heap
|
page read and write
|
||
|
2A90000
|
heap
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
56C4000
|
trusted library allocation
|
page read and write
|
||
|
2A7A000
|
trusted library allocation
|
page read and write
|
||
|
9F1E000
|
stack
|
page read and write
|
||
|
D70000
|
trusted library allocation
|
page read and write
|
||
|
54AE000
|
stack
|
page read and write
|
||
|
6A12000
|
heap
|
page read and write
|
||
|
4C30000
|
trusted library allocation
|
page read and write
|
||
|
28DE000
|
trusted library allocation
|
page read and write
|
||
|
4C40000
|
heap
|
page read and write
|
||
|
23A0000
|
trusted library allocation
|
page read and write
|
||
|
D94000
|
trusted library allocation
|
page read and write
|
||
|
5970000
|
heap
|
page read and write
|
||
|
40E000
|
remote allocation
|
page execute and read and write
|
||
|
2550000
|
trusted library allocation
|
page execute and read and write
|
||
|
523E000
|
heap
|
page read and write
|
||
|
2790000
|
heap
|
page read and write
|
||
|
276E000
|
stack
|
page read and write
|
||
|
2B23000
|
trusted library allocation
|
page read and write
|
||
|
123D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1240000
|
heap
|
page read and write
|
||
|
6D5000
|
heap
|
page read and write
|
||
|
4BD6000
|
trusted library allocation
|
page read and write
|
||
|
4F7000
|
stack
|
page read and write
|
||
|
385C000
|
trusted library allocation
|
page read and write
|
||
|
6E6E000
|
stack
|
page read and write
|
||
|
608C000
|
stack
|
page read and write
|
||
|
DCE000
|
stack
|
page read and write
|
||
|
137B000
|
trusted library allocation
|
page execute and read and write
|
||
|
618D000
|
stack
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
CE0000
|
trusted library allocation
|
page read and write
|
||
|
393C000
|
trusted library allocation
|
page read and write
|
||
|
5172000
|
heap
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
6B3E000
|
stack
|
page read and write
|
||
|
6D9E000
|
stack
|
page read and write
|
||
|
AF4000
|
heap
|
page read and write
|
||
|
96C000
|
stack
|
page read and write
|
||
|
466C000
|
stack
|
page read and write
|
||
|
A020000
|
trusted library allocation
|
page read and write
|
||
|
1380000
|
heap
|
page read and write
|
||
|
50F0000
|
trusted library allocation
|
page read and write
|
||
|
6A10000
|
heap
|
page read and write
|
||
|
4BCE000
|
trusted library allocation
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
A03C000
|
stack
|
page read and write
|
||
|
AA0000
|
trusted library allocation
|
page read and write
|
||
|
2A1A000
|
heap
|
page read and write
|
||
|
2395000
|
trusted library allocation
|
page read and write
|
||
|
9AB0000
|
heap
|
page read and write
|
||
|
5780000
|
trusted library allocation
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
1790000
|
heap
|
page read and write
|
||
|
1297000
|
heap
|
page read and write
|
||
|
50AD000
|
stack
|
page read and write
|
||
|
5196000
|
trusted library allocation
|
page read and write
|
||
|
ED6000
|
heap
|
page read and write
|
||
|
2760000
|
heap
|
page execute and read and write
|
||
|
272F000
|
unkown
|
page read and write
|
||
|
981D000
|
stack
|
page read and write
|
||
|
4BB0000
|
trusted library allocation
|
page read and write
|
||
|
965000
|
heap
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
F65000
|
heap
|
page read and write
|
||
|
F6F000
|
heap
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
1220000
|
trusted library allocation
|
page read and write
|
||
|
D1C000
|
stack
|
page read and write
|
||
|
2A8E000
|
stack
|
page read and write
|
||
|
5A09000
|
heap
|
page read and write
|
||
|
FF260000
|
trusted library allocation
|
page execute and read and write
|
||
|
A292000
|
trusted library allocation
|
page read and write
|
||
|
604E000
|
stack
|
page read and write
|
||
|
4D10000
|
heap
|
page execute and read and write
|
||
|
A26000
|
trusted library allocation
|
page execute and read and write
|
||
|
5E8E000
|
stack
|
page read and write
|
||
|
A03000
|
trusted library allocation
|
page execute and read and write
|
||
|
6A41000
|
heap
|
page read and write
|
||
|
6ED0000
|
trusted library section
|
page read and write
|
||
|
6A2C000
|
stack
|
page read and write
|
||
|
4B71000
|
trusted library allocation
|
page read and write
|
||
|
1230000
|
trusted library allocation
|
page read and write
|
||
|
4BB4000
|
trusted library allocation
|
page read and write
|
||
|
55AE000
|
stack
|
page read and write
|
||
|
A01E000
|
stack
|
page read and write
|
||
|
503E000
|
stack
|
page read and write
|
||
|
DB0000
|
trusted library allocation
|
page read and write
|
||
|
69FF000
|
stack
|
page read and write
|
||
|
91E000
|
stack
|
page read and write
|
||
|
831000
|
heap
|
page read and write
|
||
|
4ECB000
|
stack
|
page read and write
|
||
|
67AC000
|
stack
|
page read and write
|
||
|
24F0000
|
trusted library allocation
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
1233000
|
trusted library allocation
|
page execute and read and write
|
||
|
A031000
|
trusted library allocation
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
6C00000
|
heap
|
page read and write
|
||
|
4B60000
|
heap
|
page read and write
|
||
|
24BE000
|
trusted library allocation
|
page read and write
|
||
|
D63000
|
trusted library allocation
|
page execute and read and write
|
||
|
F32000
|
heap
|
page read and write
|
||
|
5BE000
|
unkown
|
page read and write
|
||
|
6B7E000
|
stack
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
A32000
|
trusted library allocation
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
63E000
|
stack
|
page read and write
|
||
|
1236000
|
trusted library allocation
|
page execute and read and write
|
||
|
4EE5000
|
heap
|
page read and write
|
||
|
4C60000
|
trusted library allocation
|
page execute and read and write
|
||
|
3FB1000
|
trusted library allocation
|
page read and write
|
||
|
9AAD000
|
stack
|
page read and write
|
||
|
4BD1000
|
trusted library allocation
|
page read and write
|
||
|
389C000
|
trusted library allocation
|
page read and write
|
||
|
5140000
|
heap
|
page read and write
|
||
|
CC4000
|
trusted library allocation
|
page read and write
|
||
|
4D60000
|
trusted library section
|
page readonly
|
||
|
5508000
|
heap
|
page read and write
|
||
|
E90000
|
trusted library allocation
|
page read and write
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
A1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
CD0000
|
trusted library allocation
|
page read and write
|
||
|
5120000
|
heap
|
page read and write
|
||
|
4F20000
|
heap
|
page read and write
|
||
|
EA0000
|
heap
|
page read and write
|
||
|
A13000
|
trusted library allocation
|
page read and write
|
||
|
CF8000
|
stack
|
page read and write
|
||
|
6FDE000
|
stack
|
page read and write
|
||
|
F7F000
|
heap
|
page read and write
|
||
|
A280000
|
trusted library allocation
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
134F000
|
stack
|
page read and write
|
||
|
4D93000
|
heap
|
page read and write
|
||
|
237F000
|
stack
|
page read and write
|
||
|
A10000
|
trusted library allocation
|
page read and write
|
||
|
56E6000
|
trusted library allocation
|
page read and write
|
||
|
CF7000
|
trusted library allocation
|
page execute and read and write
|
||
|
DC7000
|
heap
|
page read and write
|
||
|
1290000
|
heap
|
page read and write
|
||
|
6C2B000
|
heap
|
page read and write
|
||
|
136A000
|
trusted library allocation
|
page execute and read and write
|
||
|
4B80000
|
heap
|
page read and write
|
||
|
2FB1000
|
trusted library allocation
|
page read and write
|
||
|
10F9000
|
stack
|
page read and write
|
||
|
5D4E000
|
stack
|
page read and write
|
||
|
A04000
|
trusted library allocation
|
page read and write
|
||
|
7FE000
|
heap
|
page read and write
|
||
|
37A2000
|
trusted library allocation
|
page read and write
|
||
|
178E000
|
stack
|
page read and write
|
||
|
CC3000
|
trusted library allocation
|
page execute and read and write
|
||
|
50C1000
|
trusted library allocation
|
page read and write
|
||
|
6BEF000
|
stack
|
page read and write
|
||
|
5410000
|
trusted library allocation
|
page read and write
|
||
|
F6C000
|
heap
|
page read and write
|
||
|
525E000
|
stack
|
page read and write
|
||
|
3817000
|
trusted library allocation
|
page read and write
|
||
|
F38000
|
heap
|
page read and write
|
||
|
120E000
|
stack
|
page read and write
|
||
|
F58000
|
heap
|
page read and write
|
||
|
9C9B000
|
stack
|
page read and write
|
||
|
11E000
|
unkown
|
page readonly
|
||
|
2B30000
|
heap
|
page read and write
|
||
|
2B20000
|
heap
|
page read and write
|
||
|
D10000
|
trusted library allocation
|
page read and write
|
||
|
97AF000
|
stack
|
page read and write
|
||
|
57CD000
|
stack
|
page read and write
|
||
|
1280000
|
trusted library allocation
|
page execute and read and write
|
||
|
5710000
|
trusted library allocation
|
page read and write
|
||
|
2571000
|
trusted library allocation
|
page read and write
|
||
|
D64000
|
trusted library allocation
|
page read and write
|
||
|
95E000
|
stack
|
page read and write
|
||
|
3778000
|
trusted library allocation
|
page read and write
|
||
|
269C000
|
trusted library allocation
|
page read and write
|
||
|
1360000
|
trusted library allocation
|
page read and write
|
||
|
961E000
|
stack
|
page read and write
|
||
|
2542000
|
trusted library allocation
|
page read and write
|
||
|
2530000
|
heap
|
page read and write
|
||
|
68AD000
|
stack
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
4D06000
|
trusted library allocation
|
page read and write
|
||
|
9B5E000
|
stack
|
page read and write
|
||
|
296C000
|
stack
|
page read and write
|
||
|
4A40000
|
trusted library section
|
page readonly
|
||
|
24C1000
|
trusted library allocation
|
page read and write
|
||
|
15B0000
|
heap
|
page read and write
|
||
|
9DAE000
|
stack
|
page read and write
|
||
|
4C2E000
|
stack
|
page read and write
|
||
|
27BA000
|
stack
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
6F5E000
|
stack
|
page read and write
|
||
|
4C10000
|
trusted library allocation
|
page read and write
|
||
|
5101000
|
heap
|
page read and write
|
||
|
2DEE000
|
stack
|
page read and write
|
||
|
4D64000
|
trusted library section
|
page readonly
|
||
|
A2A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EA0000
|
heap
|
page execute and read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
A27E000
|
stack
|
page read and write
|
||
|
1240000
|
trusted library allocation
|
page read and write
|
||
|
9820000
|
heap
|
page read and write
|
||
|
80000
|
unkown
|
page readonly
|
||
|
4D90000
|
heap
|
page read and write
|
||
|
56E9000
|
trusted library allocation
|
page read and write
|
||
|
2771000
|
trusted library allocation
|
page read and write
|
||
|
4EE0000
|
heap
|
page read and write
|
||
|
499000
|
stack
|
page read and write
|
||
|
5D8E000
|
stack
|
page read and write
|
||
|
A13C000
|
stack
|
page read and write
|
||
|
5110000
|
trusted library allocation
|
page read and write
|
||
|
A80000
|
trusted library allocation
|
page read and write
|
||
|
A17E000
|
stack
|
page read and write
|
||
|
2980000
|
heap
|
page read and write
|
||
|
57E0000
|
heap
|
page read and write
|
||
|
1260000
|
trusted library allocation
|
page read and write
|
||
|
50D0000
|
trusted library allocation
|
page read and write
|
||
|
274C000
|
stack
|
page read and write
|
||
|
6DDE000
|
stack
|
page read and write
|
||
|
4F0E000
|
stack
|
page read and write
|
||
|
5260000
|
heap
|
page execute and read and write
|
||
|
13B8000
|
heap
|
page read and write
|
||
|
1367000
|
trusted library allocation
|
page execute and read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
D5E000
|
stack
|
page read and write
|
||
|
5100000
|
trusted library allocation
|
page execute and read and write
|
||
|
CC0000
|
trusted library allocation
|
page read and write
|
||
|
23B0000
|
heap
|
page read and write
|
||
|
EBE000
|
heap
|
page read and write
|
||
|
ED4000
|
heap
|
page read and write
|
||
|
F96000
|
heap
|
page read and write
|
||
|
CCD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2848000
|
trusted library allocation
|
page read and write
|
||
|
5130000
|
heap
|
page read and write
|
||
|
398C000
|
trusted library allocation
|
page read and write
|
||
|
4D70000
|
heap
|
page read and write
|
||
|
4F10000
|
heap
|
page read and write
|
||
|
4CD000
|
stack
|
page read and write
|
||
|
13AA000
|
heap
|
page read and write
|
||
|
ACE000
|
heap
|
page read and write
|
||
|
D37000
|
heap
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
6A20000
|
heap
|
page read and write
|
||
|
9F0000
|
trusted library allocation
|
page read and write
|
||
|
2B3B000
|
heap
|
page read and write
|
||
|
66F0000
|
trusted library allocation
|
page read and write
|
||
|
D90000
|
trusted library allocation
|
page read and write
|
||
|
82000
|
unkown
|
page readonly
|
||
|
2B6E000
|
unkown
|
page read and write
|
||
|
6C56000
|
heap
|
page read and write
|
||
|
A00000
|
trusted library allocation
|
page read and write
|
||
|
2390000
|
trusted library allocation
|
page read and write
|
||
|
4D30000
|
trusted library allocation
|
page read and write
|
||
|
1388000
|
heap
|
page read and write
|
||
|
4B50000
|
trusted library section
|
page read and write
|
||
|
1270000
|
heap
|
page execute and read and write
|
||
|
56AF000
|
stack
|
page read and write
|
||
|
2380000
|
trusted library allocation
|
page read and write
|
||
|
71CE000
|
stack
|
page read and write
|
||
|
157E000
|
stack
|
page read and write
|
||
|
27DF000
|
stack
|
page read and write
|
||
|
264A000
|
trusted library allocation
|
page read and write
|
||
|
CFB000
|
trusted library allocation
|
page execute and read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
4F2E000
|
stack
|
page read and write
|
||
|
4D40000
|
trusted library allocation
|
page execute and read and write
|
||
|
67E000
|
stack
|
page read and write
|
||
|
2678000
|
trusted library allocation
|
page read and write
|
||
|
6C7E000
|
stack
|
page read and write
|
||
|
23C8000
|
trusted library allocation
|
page read and write
|
||
|
4B4E000
|
stack
|
page read and write
|
||
|
4D2E000
|
stack
|
page read and write
|
||
|
3617000
|
trusted library allocation
|
page read and write
|
||
|
A50000
|
trusted library allocation
|
page read and write
|
||
|
13B5000
|
heap
|
page read and write
|
||
|
570B000
|
trusted library allocation
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
A20000
|
trusted library allocation
|
page read and write
|
||
|
D60000
|
trusted library allocation
|
page read and write
|
||
|
249C000
|
stack
|
page read and write
|
||
|
266E000
|
stack
|
page read and write
|
||
|
8A8000
|
heap
|
page read and write
|
||
|
4BBB000
|
trusted library allocation
|
page read and write
|
||
|
5700000
|
trusted library allocation
|
page read and write
|
||
|
123A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CFE000
|
stack
|
page read and write
|
||
|
1370000
|
trusted library allocation
|
page read and write
|
||
|
53F0000
|
heap
|
page read and write
|
||
|
4C00000
|
trusted library allocation
|
page read and write
|
||
|
5A36000
|
heap
|
page read and write
|
||
|
1234000
|
trusted library allocation
|
page read and write
|
||
|
F48000
|
heap
|
page read and write
|
||
|
CF2000
|
trusted library allocation
|
page read and write
|
||
|
2560000
|
heap
|
page execute and read and write
|
||
|
6D6E000
|
stack
|
page read and write
|
||
|
486C000
|
stack
|
page read and write
|
||
|
951F000
|
stack
|
page read and write
|
||
|
9EDF000
|
stack
|
page read and write
|
||
|
4AF0000
|
heap
|
page read and write
|
||
|
DA0000
|
trusted library allocation
|
page read and write
|
||
|
3771000
|
trusted library allocation
|
page read and write
|
||
|
5298000
|
heap
|
page read and write
|
||
|
88A000
|
heap
|
page read and write
|
||
|
6A23000
|
heap
|
page read and write
|
||
|
9EF000
|
stack
|
page read and write
|
||
|
49E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
24A0000
|
trusted library allocation
|
page read and write
|
||
|
971E000
|
stack
|
page read and write
|
||
|
4A3C000
|
stack
|
page read and write
|
||
|
4BDD000
|
trusted library allocation
|
page read and write
|
||
|
5709000
|
trusted library allocation
|
page read and write
|
||
|
5190000
|
trusted library allocation
|
page read and write
|
||
|
50A000
|
stack
|
page read and write
|
||
|
ADF000
|
heap
|
page read and write
|
||
|
6D2E000
|
stack
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
3571000
|
trusted library allocation
|
page read and write
|
||
|
2A10000
|
heap
|
page read and write
|
||
|
7F8000
|
heap
|
page read and write
|
||
|
A3B000
|
trusted library allocation
|
page execute and read and write
|
||
|
5ECC000
|
stack
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
5230000
|
heap
|
page read and write
|
||
|
24CD000
|
trusted library allocation
|
page read and write
|
||
|
D60000
|
trusted library allocation
|
page execute and read and write
|
||
|
9D9C000
|
stack
|
page read and write
|
||
|
D50000
|
trusted library allocation
|
page read and write
|
||
|
A70000
|
trusted library allocation
|
page read and write
|
There are 437 hidden memdumps, click here to show them.