Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Payment Advice D 0024679526 3930.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Payment Advice D 0024679526 3930.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmp7D3C.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\OyXCaSLaAXfAKx.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\OyXCaSLaAXfAKx.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\OyXCaSLaAXfAKx.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5alykqpv.400.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_adwrnhbt.uv1.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gmz5baya.k3h.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ho1fhmnl.nwg.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m55eogfc.nfv.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_neppi3vh.drh.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_otgoey53.eai.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pqs1f13z.5kv.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp9633.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Payment Advice D 0024679526 3930.exe
|
"C:\Users\user\Desktop\Payment Advice D 0024679526 3930.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment
Advice D 0024679526 3930.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\OyXCaSLaAXfAKx.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\OyXCaSLaAXfAKx" /XML "C:\Users\user\AppData\Local\Temp\tmp7D3C.tmp"
|
|
|
|
C:\Users\user\Desktop\Payment Advice D 0024679526 3930.exe
|
"C:\Users\user\Desktop\Payment Advice D 0024679526 3930.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\OyXCaSLaAXfAKx.exe
|
C:\Users\user\AppData\Roaming\OyXCaSLaAXfAKx.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\OyXCaSLaAXfAKx" /XML "C:\Users\user\AppData\Local\Temp\tmp9633.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\OyXCaSLaAXfAKx.exe
|
"C:\Users\user\AppData\Roaming\OyXCaSLaAXfAKx.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 3 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://www.typography.netD
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
There are 16 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
14C0000
|
direct allocation
|
page read and write
|
|
|
|
56A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7C5E000
|
stack
|
page read and write
|
||
|
71C8000
|
heap
|
page read and write
|
||
|
1323000
|
trusted library allocation
|
page read and write
|
||
|
3040000
|
heap
|
page read and write
|
||
|
151F000
|
stack
|
page read and write
|
||
|
B25E000
|
stack
|
page read and write
|
||
|
2ED0000
|
trusted library allocation
|
page read and write
|
||
|
55E2000
|
trusted library allocation
|
page read and write
|
||
|
1382000
|
heap
|
page read and write
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
55B0000
|
trusted library allocation
|
page read and write
|
||
|
132D000
|
trusted library allocation
|
page execute and read and write
|
||
|
D42000
|
unkown
|
page readonly
|
||
|
58A0000
|
heap
|
page read and write
|
||
|
28DF000
|
stack
|
page read and write
|
||
|
11FF000
|
stack
|
page read and write
|
||
|
1310000
|
trusted library allocation
|
page read and write
|
||
|
A20D000
|
stack
|
page read and write
|
||
|
106E000
|
heap
|
page read and write
|
||
|
2F5B000
|
stack
|
page read and write
|
||
|
A69F000
|
stack
|
page read and write
|
||
|
2990000
|
heap
|
page read and write
|
||
|
4159000
|
trusted library allocation
|
page read and write
|
||
|
5640000
|
trusted library allocation
|
page read and write
|
||
|
13E1000
|
heap
|
page read and write
|
||
|
7170000
|
heap
|
page read and write
|
||
|
1360000
|
direct allocation
|
page execute and read and write
|
||
|
3256000
|
trusted library allocation
|
page read and write
|
||
|
1065000
|
heap
|
page read and write
|
||
|
302B000
|
trusted library allocation
|
page read and write
|
||
|
174E000
|
direct allocation
|
page execute and read and write
|
||
|
1374000
|
heap
|
page read and write
|
||
|
598E000
|
stack
|
page read and write
|
||
|
CFC000
|
stack
|
page read and write
|
||
|
12D5000
|
heap
|
page read and write
|
||
|
5310000
|
trusted library allocation
|
page read and write
|
||
|
1417000
|
heap
|
page read and write
|
||
|
5650000
|
trusted library section
|
page readonly
|
||
|
1020000
|
heap
|
page read and write
|
||
|
A6AF000
|
stack
|
page read and write
|
||
|
5790000
|
heap
|
page read and write
|
||
|
57E0000
|
heap
|
page read and write
|
||
|
131D000
|
trusted library allocation
|
page execute and read and write
|
||
|
12CF000
|
stack
|
page read and write
|
||
|
29D0000
|
heap
|
page read and write
|
||
|
AE9E000
|
stack
|
page read and write
|
||
|
13BE000
|
stack
|
page read and write
|
||
|
7890000
|
heap
|
page read and write
|
||
|
5940000
|
trusted library allocation
|
page read and write
|
||
|
55E0000
|
trusted library allocation
|
page read and write
|
||
|
125E000
|
stack
|
page read and write
|
||
|
4275000
|
trusted library allocation
|
page read and write
|
||
|
AAAE000
|
stack
|
page read and write
|
||
|
F07000
|
heap
|
page read and write
|
||
|
7000000
|
heap
|
page read and write
|
||
|
6160000
|
heap
|
page read and write
|
||
|
E0E000
|
stack
|
page read and write
|
||
|
5860000
|
trusted library allocation
|
page read and write
|
||
|
1260000
|
heap
|
page read and write
|
||
|
AC1F000
|
stack
|
page read and write
|
||
|
1390000
|
trusted library allocation
|
page read and write
|
||
|
139A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1330000
|
trusted library allocation
|
page read and write
|
||
|
1000000
|
heap
|
page read and write
|
||
|
291A000
|
stack
|
page read and write
|
||
|
2EBB000
|
trusted library allocation
|
page execute and read and write
|
||
|
5905000
|
heap
|
page read and write
|
||
|
14BF000
|
stack
|
page read and write
|
||
|
55DD000
|
trusted library allocation
|
page read and write
|
||
|
6120000
|
heap
|
page read and write
|
||
|
1386000
|
direct allocation
|
page execute and read and write
|
||
|
2F70000
|
heap
|
page execute and read and write
|
||
|
1396000
|
trusted library allocation
|
page execute and read and write
|
||
|
42E000
|
remote allocation
|
page execute and read and write
|
||
|
A86E000
|
stack
|
page read and write
|
||
|
2FC0000
|
heap
|
page execute and read and write
|
||
|
30D0000
|
trusted library allocation
|
page read and write
|
||
|
3FD1000
|
trusted library allocation
|
page read and write
|
||
|
2C5B000
|
heap
|
page read and write
|
||
|
2F60000
|
heap
|
page read and write
|
||
|
133A000
|
trusted library allocation
|
page execute and read and write
|
||
|
5412000
|
trusted library allocation
|
page read and write
|
||
|
100E000
|
heap
|
page read and write
|
||
|
A9DD000
|
stack
|
page read and write
|
||
|
2DBE000
|
stack
|
page read and write
|
||
|
73F0000
|
trusted library allocation
|
page read and write
|
||
|
700E000
|
heap
|
page read and write
|
||
|
7690000
|
heap
|
page read and write
|
||
|
5370000
|
trusted library allocation
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
2FD1000
|
trusted library allocation
|
page read and write
|
||
|
7892000
|
heap
|
page read and write
|
||
|
1367000
|
direct allocation
|
page execute and read and write
|
||
|
7990000
|
trusted library allocation
|
page read and write
|
||
|
134A000
|
heap
|
page read and write
|
||
|
370000
|
heap
|
page read and write
|
||
|
F37000
|
stack
|
page read and write
|
||
|
73E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F1E000
|
stack
|
page read and write
|
||
|
532B000
|
trusted library allocation
|
page read and write
|
||
|
B271000
|
trusted library allocation
|
page read and write
|
||
|
1035000
|
heap
|
page read and write
|
||
|
1336000
|
trusted library allocation
|
page execute and read and write
|
||
|
5B40000
|
trusted library allocation
|
page execute and read and write
|
||
|
5910000
|
trusted library allocation
|
page execute and read and write
|
||
|
5400000
|
heap
|
page read and write
|
||
|
543B000
|
trusted library allocation
|
page read and write
|
||
|
1332000
|
trusted library allocation
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
2F88000
|
trusted library allocation
|
page read and write
|
||
|
2DC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
592B000
|
stack
|
page read and write
|
||
|
A89F000
|
stack
|
page read and write
|
||
|
A44E000
|
stack
|
page read and write
|
||
|
55D1000
|
trusted library allocation
|
page read and write
|
||
|
5840000
|
trusted library allocation
|
page read and write
|
||
|
140E000
|
stack
|
page read and write
|
||
|
5920000
|
trusted library allocation
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
18F8000
|
direct allocation
|
page execute and read and write
|
||
|
593A000
|
trusted library allocation
|
page read and write
|
||
|
2DE8000
|
trusted library allocation
|
page read and write
|
||
|
5690000
|
trusted library allocation
|
page read and write
|
||
|
13A0000
|
trusted library allocation
|
page read and write
|
||
|
78B8000
|
heap
|
page read and write
|
||
|
55F0000
|
trusted library allocation
|
page read and write
|
||
|
76DE000
|
stack
|
page read and write
|
||
|
55A0000
|
trusted library allocation
|
page read and write
|
||
|
43F5000
|
trusted library allocation
|
page read and write
|
||
|
40B4000
|
trusted library allocation
|
page read and write
|
||
|
1383000
|
trusted library allocation
|
page read and write
|
||
|
137F000
|
stack
|
page read and write
|
||
|
7290000
|
trusted library allocation
|
page read and write
|
||
|
6129000
|
heap
|
page read and write
|
||
|
42A2000
|
trusted library allocation
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
53A0000
|
trusted library allocation
|
page read and write
|
||
|
140F000
|
heap
|
page read and write
|
||
|
1876000
|
direct allocation
|
page execute and read and write
|
||
|
55D6000
|
trusted library allocation
|
page read and write
|
||
|
A96F000
|
stack
|
page read and write
|
||
|
1092000
|
heap
|
page read and write
|
||
|
16DD000
|
direct allocation
|
page execute and read and write
|
||
|
7180000
|
heap
|
page read and write
|
||
|
1370000
|
trusted library allocation
|
page read and write
|
||
|
2EB0000
|
trusted library allocation
|
page read and write
|
||
|
BBD000
|
stack
|
page read and write
|
||
|
5930000
|
trusted library allocation
|
page read and write
|
||
|
524C000
|
stack
|
page read and write
|
||
|
78BE000
|
stack
|
page read and write
|
||
|
B11C000
|
stack
|
page read and write
|
||
|
58C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EB2000
|
trusted library allocation
|
page read and write
|
||
|
5680000
|
heap
|
page read and write
|
||
|
FB5000
|
heap
|
page read and write
|
||
|
ECA000
|
direct allocation
|
page read and write
|
||
|
5341000
|
trusted library allocation
|
page read and write
|
||
|
1313000
|
trusted library allocation
|
page execute and read and write
|
||
|
B15E000
|
stack
|
page read and write
|
||
|
7199000
|
heap
|
page read and write
|
||
|
187D000
|
direct allocation
|
page execute and read and write
|
||
|
718C000
|
heap
|
page read and write
|
||
|
1380000
|
heap
|
page read and write
|
||
|
534D000
|
trusted library allocation
|
page read and write
|
||
|
58EE000
|
stack
|
page read and write
|
||
|
55CE000
|
trusted library allocation
|
page read and write
|
||
|
13A2000
|
trusted library allocation
|
page read and write
|
||
|
2980000
|
heap
|
page read and write
|
||
|
13E0000
|
direct allocation
|
page execute and read and write
|
||
|
53C0000
|
trusted library allocation
|
page read and write
|
||
|
40FA000
|
trusted library allocation
|
page read and write
|
||
|
A5AE000
|
stack
|
page read and write
|
||
|
7C1E000
|
stack
|
page read and write
|
||
|
30A000
|
stack
|
page read and write
|
||
|
5880000
|
trusted library section
|
page readonly
|
||
|
6110000
|
heap
|
page read and write
|
||
|
3151000
|
trusted library allocation
|
page read and write
|
||
|
13E6000
|
direct allocation
|
page execute and read and write
|
||
|
1416000
|
heap
|
page read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
170F000
|
stack
|
page read and write
|
||
|
2EB7000
|
trusted library allocation
|
page execute and read and write
|
||
|
1320000
|
heap
|
page read and write
|
||
|
5932000
|
trusted library allocation
|
page read and write
|
||
|
5360000
|
trusted library allocation
|
page read and write
|
||
|
5F00000
|
heap
|
page read and write
|
||
|
5B30000
|
trusted library section
|
page read and write
|
||
|
D40000
|
unkown
|
page readonly
|
||
|
73AE000
|
stack
|
page read and write
|
||
|
5366000
|
trusted library allocation
|
page read and write
|
||
|
15A0000
|
heap
|
page read and write
|
||
|
7899000
|
heap
|
page read and write
|
||
|
72AE000
|
stack
|
page read and write
|
||
|
13A7000
|
trusted library allocation
|
page execute and read and write
|
||
|
3118000
|
trusted library allocation
|
page read and write
|
||
|
27A0000
|
heap
|
page read and write
|
||
|
A72B000
|
stack
|
page read and write
|
||
|
418D000
|
trusted library allocation
|
page read and write
|
||
|
5692000
|
trusted library allocation
|
page read and write
|
||
|
7BDE000
|
stack
|
page read and write
|
||
|
5615000
|
trusted library allocation
|
page read and write
|
||
|
1267000
|
heap
|
page read and write
|
||
|
AD5E000
|
stack
|
page read and write
|
||
|
E39000
|
stack
|
page read and write
|
||
|
A34D000
|
stack
|
page read and write
|
||
|
7182000
|
heap
|
page read and write
|
||
|
5640000
|
heap
|
page execute and read and write
|
||
|
1042000
|
heap
|
page read and write
|
||
|
5654000
|
trusted library section
|
page readonly
|
||
|
1360000
|
trusted library allocation
|
page read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
72B2000
|
trusted library allocation
|
page read and write
|
||
|
26BE000
|
stack
|
page read and write
|
||
|
563B000
|
stack
|
page read and write
|
||
|
1422000
|
direct allocation
|
page execute and read and write
|
||
|
5B2D000
|
stack
|
page read and write
|
||
|
320A000
|
trusted library allocation
|
page read and write
|
||
|
5890000
|
heap
|
page read and write
|
||
|
808E000
|
stack
|
page read and write
|
||
|
29CE000
|
unkown
|
page read and write
|
||
|
7A4E000
|
stack
|
page read and write
|
||
|
406D000
|
trusted library allocation
|
page read and write
|
||
|
1367000
|
heap
|
page read and write
|
||
|
7F00000
|
trusted library section
|
page read and write
|
||
|
3FD9000
|
trusted library allocation
|
page read and write
|
||
|
5B55000
|
heap
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
27AB000
|
heap
|
page read and write
|
||
|
1483000
|
direct allocation
|
page execute and read and write
|
||
|
15B0000
|
direct allocation
|
page execute and read and write
|
||
|
135F000
|
heap
|
page read and write
|
||
|
A9E0000
|
heap
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
12D0000
|
heap
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
127E000
|
stack
|
page read and write
|
||
|
5420000
|
trusted library allocation
|
page execute and read and write
|
||
|
FFE000
|
stack
|
page read and write
|
||
|
7A00000
|
trusted library allocation
|
page read and write
|
||
|
4151000
|
trusted library allocation
|
page read and write
|
||
|
771E000
|
stack
|
page read and write
|
||
|
A8DD000
|
stack
|
page read and write
|
||
|
AD9E000
|
stack
|
page read and write
|
||
|
5410000
|
trusted library allocation
|
page read and write
|
||
|
134E000
|
heap
|
page read and write
|
||
|
1626000
|
direct allocation
|
page execute and read and write
|
||
|
A9AD000
|
stack
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
5F10000
|
heap
|
page read and write
|
||
|
12CD000
|
stack
|
page read and write
|
||
|
4237000
|
trusted library allocation
|
page read and write
|
||
|
79F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5346000
|
trusted library allocation
|
page read and write
|
||
|
2C50000
|
heap
|
page read and write
|
||
|
55BB000
|
trusted library allocation
|
page read and write
|
||
|
A79E000
|
stack
|
page read and write
|
||
|
5352000
|
trusted library allocation
|
page read and write
|
||
|
1000000
|
heap
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
109C000
|
heap
|
page read and write
|
||
|
5610000
|
trusted library allocation
|
page read and write
|
||
|
E04000
|
unkown
|
page readonly
|
||
|
5324000
|
trusted library allocation
|
page read and write
|
||
|
533E000
|
trusted library allocation
|
page read and write
|
||
|
1380000
|
trusted library allocation
|
page read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
58E0000
|
heap
|
page execute and read and write
|
||
|
1340000
|
heap
|
page read and write
|
||
|
26C0000
|
heap
|
page read and write
|
||
|
5385000
|
trusted library allocation
|
page read and write
|
||
|
57A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1611000
|
direct allocation
|
page execute and read and write
|
||
|
5390000
|
heap
|
page read and write
|
||
|
EA0000
|
direct allocation
|
page read and write
|
||
|
5430000
|
trusted library allocation
|
page read and write
|
||
|
58B0000
|
heap
|
page read and write
|
||
|
1300000
|
trusted library allocation
|
page read and write
|
||
|
138D000
|
trusted library allocation
|
page execute and read and write
|
||
|
13C6000
|
heap
|
page read and write
|
||
|
71B1000
|
heap
|
page read and write
|
||
|
A10D000
|
stack
|
page read and write
|
||
|
16D9000
|
direct allocation
|
page execute and read and write
|
||
|
9F8F000
|
stack
|
page read and write
|
||
|
1373000
|
trusted library allocation
|
page execute and read and write
|
||
|
AC5E000
|
stack
|
page read and write
|
||
|
1861000
|
direct allocation
|
page execute and read and write
|
||
|
2FBB000
|
stack
|
page read and write
|
||
|
F00000
|
heap
|
page read and write
|
||
|
413F000
|
trusted library allocation
|
page read and write
|
||
|
12FF000
|
stack
|
page read and write
|
||
|
79A0000
|
trusted library allocation
|
page read and write
|
||
|
137D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1008000
|
heap
|
page read and write
|
||
|
EFC000
|
stack
|
page read and write
|
||
|
1320000
|
trusted library allocation
|
page read and write
|
||
|
F97000
|
stack
|
page read and write
|
||
|
55B4000
|
trusted library allocation
|
page read and write
|
||
|
5B50000
|
heap
|
page read and write
|
||
|
2EBB000
|
stack
|
page read and write
|
||
|
5620000
|
trusted library allocation
|
page read and write
|
||
|
162D000
|
direct allocation
|
page execute and read and write
|
||
|
1280000
|
heap
|
page read and write
|
||
|
2F63000
|
heap
|
page read and write
|
||
|
31AB000
|
trusted library allocation
|
page read and write
|
||
|
28DD000
|
stack
|
page read and write
|
||
|
267F000
|
unkown
|
page read and write
|
||
|
133E000
|
stack
|
page read and write
|
||
|
13AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C3F000
|
unkown
|
page read and write
|
||
|
13EE000
|
heap
|
page read and write
|
||
|
5590000
|
trusted library allocation
|
page execute and read and write
|
||
|
A210000
|
heap
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
314E000
|
stack
|
page read and write
|
||
|
614E000
|
heap
|
page read and write
|
||
|
A82C000
|
stack
|
page read and write
|
||
|
AB1E000
|
stack
|
page read and write
|
||
|
4217000
|
trusted library allocation
|
page read and write
|
||
|
13C0000
|
trusted library allocation
|
page read and write
|
||
|
1148000
|
heap
|
page read and write
|
||
|
5900000
|
heap
|
page read and write
|
||
|
1374000
|
trusted library allocation
|
page read and write
|
||
|
98D000
|
stack
|
page read and write
|
||
|
788E000
|
stack
|
page read and write
|
||
|
5380000
|
trusted library allocation
|
page read and write
|
||
|
743E000
|
stack
|
page read and write
|
||
|
1314000
|
trusted library allocation
|
page read and write
|
||
|
5393000
|
heap
|
page read and write
|
||
|
5364000
|
trusted library allocation
|
page read and write
|
||
|
A0CE000
|
stack
|
page read and write
|
||
|
B01B000
|
stack
|
page read and write
|
||
|
2CD000
|
stack
|
page read and write
|
||
|
E9A000
|
stack
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
9E8E000
|
stack
|
page read and write
|
||
|
160E000
|
stack
|
page read and write
|
||
|
E9E000
|
stack
|
page read and write
|
||
|
43B7000
|
trusted library allocation
|
page read and write
|
||
|
1489000
|
direct allocation
|
page execute and read and write
|
||
|
31FC000
|
trusted library allocation
|
page read and write
|
||
|
10C2000
|
heap
|
page read and write
|
||
|
AAB1000
|
trusted library allocation
|
page read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
3088000
|
trusted library allocation
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
263E000
|
unkown
|
page read and write
|
||
|
5320000
|
trusted library allocation
|
page read and write
|
||
|
1392000
|
trusted library allocation
|
page read and write
|
||
|
5600000
|
trusted library allocation
|
page read and write
|
||
|
9FCE000
|
stack
|
page read and write
|
||
|
79B0000
|
trusted library allocation
|
page read and write
|
||
|
3254000
|
trusted library allocation
|
page read and write
|
||
|
56E0000
|
heap
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
12D0000
|
heap
|
page read and write
|
There are 351 hidden memdumps, click here to show them.