Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
TBYtld7aq2.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\confuse\chargeable.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bad_module_info_dcd3242e9fa4189184df4216daa4e4c7cdf1959_85207d7d_cfe88533-e54f-4c79-b308-dc554a6df94f\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bad_module_info_f5b4a6202a53ee73c263cc4c99e711b13cd935ac_85207d7d_6c377d9c-479c-4e30-ab2a-7ef078d7e84d\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDC84.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDCA4.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF3C.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF9B.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\TBYtld7aq2.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\chargeable.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\WERCCB4.tmp.WERDataCollectionStatus.txt
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\WERFF1E.tmp.WERDataCollectionStatus.txt
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\TBYtld7aq2.exe
|
"C:\Users\user\Desktop\TBYtld7aq2.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\confuse\chargeable.exe
|
"C:\Users\user\AppData\Roaming\confuse\chargeable.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\confuse\chargeable.exe
|
C:\Users\user\AppData\Roaming\confuse\chargeable.exe
|
|
|
|
C:\Users\user\AppData\Roaming\confuse\chargeable.exe
|
"C:\Users\user\AppData\Roaming\confuse\chargeable.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\confuse\chargeable.exe
|
C:\Users\user\AppData\Roaming\confuse\chargeable.exe
|
|
|
|
C:\Users\user\AppData\Roaming\confuse\chargeable.exe
|
C:\Users\user\AppData\Roaming\confuse\chargeable.exe
|
|
|
|
C:\Users\user\AppData\Roaming\confuse\chargeable.exe
|
C:\Users\user\AppData\Roaming\confuse\chargeable.exe
|
|
|
|
C:\Users\user\AppData\Roaming\confuse\chargeable.exe
|
C:\Users\user\AppData\Roaming\confuse\chargeable.exe
|
|
|
|
C:\Windows\SysWOW64\netsh.exe
|
netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\confuse\chargeable.exe" "chargeable.exe" ENABLE
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 80
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 12
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 72
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 20
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://go.microsoft.
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
http://go.microsoft.LinkId=42127
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://www.typography.netD
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
https://www.sysinternals.com0
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
doddyfire.linkpc.net
|
|||
|
http://www.sakkal.com
|
unknown
|
There are 19 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
doddyfire.linkpc.net
|
160.176.152.91
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
160.176.152.91
|
doddyfire.linkpc.net
|
Morocco
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
confuse
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
SysMain
|
|
|
|
HKEY_CURRENT_USER
|
di
|
|
|
|
HKEY_CURRENT_USER\Environment
|
SEE_MASK_NOZONECHECKS
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\e1a87040f2026369a233f9ae76301b7b
|
[kl]
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C00C6E52AD72
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
35A1000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
3081000
|
trusted library allocation
|
page read and write
|
|
|
|
B71000
|
heap
|
page read and write
|
||
|
BFD000
|
heap
|
page read and write
|
||
|
1470000
|
heap
|
page read and write
|
||
|
5007000
|
heap
|
page read and write
|
||
|
BDB000
|
heap
|
page read and write
|
||
|
912000
|
trusted library allocation
|
page read and write
|
||
|
BA4000
|
heap
|
page read and write
|
||
|
53FF000
|
stack
|
page read and write
|
||
|
B36000
|
stack
|
page read and write
|
||
|
E89000
|
heap
|
page read and write
|
||
|
B71000
|
heap
|
page read and write
|
||
|
7E0000
|
trusted library allocation
|
page read and write
|
||
|
567E000
|
stack
|
page read and write
|
||
|
BCE000
|
stack
|
page read and write
|
||
|
10B2000
|
trusted library allocation
|
page execute and read and write
|
||
|
16FA000
|
trusted library allocation
|
page execute and read and write
|
||
|
81FE000
|
stack
|
page read and write
|
||
|
5F20000
|
heap
|
page read and write
|
||
|
BA9000
|
heap
|
page read and write
|
||
|
168F000
|
stack
|
page read and write
|
||
|
1307000
|
trusted library allocation
|
page execute and read and write
|
||
|
BA8000
|
heap
|
page read and write
|
||
|
837B000
|
stack
|
page read and write
|
||
|
E4E000
|
stack
|
page read and write
|
||
|
187B000
|
stack
|
page read and write
|
||
|
1917000
|
trusted library allocation
|
page execute and read and write
|
||
|
59D4000
|
trusted library section
|
page readonly
|
||
|
BFD000
|
heap
|
page read and write
|
||
|
130A000
|
trusted library allocation
|
page execute and read and write
|
||
|
202000
|
unkown
|
page readonly
|
||
|
6AEE000
|
stack
|
page read and write
|
||
|
BDB000
|
heap
|
page read and write
|
||
|
14C0000
|
heap
|
page read and write
|
||
|
1940000
|
heap
|
page read and write
|
||
|
1092000
|
trusted library allocation
|
page execute and read and write
|
||
|
16DA000
|
trusted library allocation
|
page execute and read and write
|
||
|
16E2000
|
trusted library allocation
|
page execute and read and write
|
||
|
1418000
|
heap
|
page read and write
|
||
|
B94000
|
heap
|
page read and write
|
||
|
5650000
|
heap
|
page read and write
|
||
|
161E000
|
stack
|
page read and write
|
||
|
11E0000
|
heap
|
page read and write
|
||
|
BBD000
|
heap
|
page read and write
|
||
|
57DE000
|
stack
|
page read and write
|
||
|
902000
|
trusted library allocation
|
page execute and read and write
|
||
|
6BCE000
|
stack
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
18D4000
|
heap
|
page read and write
|
||
|
1080000
|
heap
|
page execute and read and write
|
||
|
10CB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
4E00000
|
heap
|
page read and write
|
||
|
90C000
|
trusted library allocation
|
page execute and read and write
|
||
|
170A000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F4F000
|
trusted library allocation
|
page read and write
|
||
|
1289000
|
stack
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
5840000
|
trusted library allocation
|
page read and write
|
||
|
BCB000
|
heap
|
page read and write
|
||
|
3ED000
|
stack
|
page read and write
|
||
|
5610000
|
trusted library allocation
|
page execute and read and write
|
||
|
6180000
|
trusted library allocation
|
page execute and read and write
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
16EA000
|
trusted library allocation
|
page execute and read and write
|
||
|
B9F000
|
heap
|
page read and write
|
||
|
13B0000
|
trusted library allocation
|
page read and write
|
||
|
12F0000
|
trusted library allocation
|
page read and write
|
||
|
BEE000
|
stack
|
page read and write
|
||
|
13F0000
|
heap
|
page read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
131A000
|
trusted library allocation
|
page execute and read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
1900000
|
trusted library allocation
|
page read and write
|
||
|
D4E000
|
unkown
|
page read and write
|
||
|
BCB000
|
heap
|
page read and write
|
||
|
147A000
|
heap
|
page read and write
|
||
|
B61000
|
heap
|
page read and write
|
||
|
61D0000
|
trusted library allocation
|
page read and write
|
||
|
193B000
|
trusted library allocation
|
page execute and read and write
|
||
|
6790000
|
heap
|
page read and write
|
||
|
C4E000
|
heap
|
page read and write
|
||
|
11D2000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FF1000
|
heap
|
page read and write
|
||
|
2931000
|
trusted library allocation
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
BBB000
|
heap
|
page read and write
|
||
|
BBB000
|
heap
|
page read and write
|
||
|
B5B000
|
heap
|
page read and write
|
||
|
358F000
|
trusted library allocation
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
E85000
|
heap
|
page read and write
|
||
|
1394000
|
heap
|
page read and write
|
||
|
1780000
|
heap
|
page read and write
|
||
|
113E000
|
stack
|
page read and write
|
||
|
1720000
|
heap
|
page read and write
|
||
|
11DA000
|
trusted library allocation
|
page execute and read and write
|
||
|
917000
|
trusted library allocation
|
page execute and read and write
|
||
|
D86000
|
stack
|
page read and write
|
||
|
6FCE000
|
stack
|
page read and write
|
||
|
D89000
|
stack
|
page read and write
|
||
|
1702000
|
trusted library allocation
|
page execute and read and write
|
||
|
1380000
|
trusted library allocation
|
page read and write
|
||
|
176E000
|
stack
|
page read and write
|
||
|
1090000
|
trusted library allocation
|
page read and write
|
||
|
4F40000
|
trusted library allocation
|
page read and write
|
||
|
68A0000
|
heap
|
page read and write
|
||
|
115F000
|
stack
|
page read and write
|
||
|
5B7D000
|
stack
|
page read and write
|
||
|
3A9000
|
stack
|
page read and write
|
||
|
8FA000
|
trusted library allocation
|
page execute and read and write
|
||
|
BCB000
|
heap
|
page read and write
|
||
|
1922000
|
trusted library allocation
|
page execute and read and write
|
||
|
586C000
|
stack
|
page read and write
|
||
|
5544000
|
trusted library section
|
page readonly
|
||
|
58AB000
|
stack
|
page read and write
|
||
|
5570000
|
heap
|
page read and write
|
||
|
119E000
|
stack
|
page read and write
|
||
|
93B000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FF1000
|
heap
|
page read and write
|
||
|
8F3000
|
stack
|
page read and write
|
||
|
714E000
|
stack
|
page read and write
|
||
|
29C8000
|
trusted library allocation
|
page read and write
|
||
|
86C000
|
heap
|
page read and write
|
||
|
16F0000
|
heap
|
page read and write
|
||
|
B9B000
|
heap
|
page read and write
|
||
|
5BC5000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
BBA000
|
heap
|
page read and write
|
||
|
12F9000
|
stack
|
page read and write
|
||
|
4E13000
|
heap
|
page read and write
|
||
|
8FB000
|
stack
|
page read and write
|
||
|
EB2000
|
heap
|
page read and write
|
||
|
E4F000
|
heap
|
page read and write
|
||
|
ACF000
|
stack
|
page read and write
|
||
|
50F0000
|
heap
|
page read and write
|
||
|
BCC000
|
heap
|
page read and write
|
||
|
56B000
|
stack
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
1312000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DA1000
|
trusted library allocation
|
page read and write
|
||
|
16F2000
|
trusted library allocation
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
C1F000
|
heap
|
page read and write
|
||
|
B98000
|
heap
|
page read and write
|
||
|
4FFF000
|
heap
|
page read and write
|
||
|
868000
|
heap
|
page read and write
|
||
|
16EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
18CB000
|
stack
|
page read and write
|
||
|
3FD000
|
stack
|
page read and write
|
||
|
101F000
|
stack
|
page read and write
|
||
|
E83000
|
heap
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
900000
|
trusted library allocation
|
page read and write
|
||
|
4C7E000
|
stack
|
page read and write
|
||
|
12FA000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C3E000
|
stack
|
page read and write
|
||
|
5009000
|
heap
|
page read and write
|
||
|
10C7000
|
trusted library allocation
|
page execute and read and write
|
||
|
B9D000
|
heap
|
page read and write
|
||
|
4E10000
|
heap
|
page read and write
|
||
|
BA6000
|
heap
|
page read and write
|
||
|
142A000
|
heap
|
page read and write
|
||
|
C44000
|
heap
|
page read and write
|
||
|
BD8000
|
heap
|
page read and write
|
||
|
6E50000
|
trusted library allocation
|
page read and write
|
||
|
F96000
|
heap
|
page read and write
|
||
|
191A000
|
trusted library allocation
|
page execute and read and write
|
||
|
8F2000
|
trusted library allocation
|
page execute and read and write
|
||
|
581E000
|
stack
|
page read and write
|
||
|
6C2E000
|
stack
|
page read and write
|
||
|
BDC000
|
heap
|
page read and write
|
||
|
84CE000
|
stack
|
page read and write
|
||
|
BD8000
|
heap
|
page read and write
|
||
|
BD3000
|
heap
|
page read and write
|
||
|
BBF000
|
heap
|
page read and write
|
||
|
5653000
|
heap
|
page read and write
|
||
|
BBE000
|
heap
|
page read and write
|
||
|
823E000
|
stack
|
page read and write
|
||
|
82BF000
|
stack
|
page read and write
|
||
|
724E000
|
stack
|
page read and write
|
||
|
12FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
C48000
|
heap
|
page read and write
|
||
|
192A000
|
trusted library allocation
|
page execute and read and write
|
||
|
549F000
|
stack
|
page read and write
|
||
|
BA4000
|
heap
|
page read and write
|
||
|
1300000
|
heap
|
page read and write
|
||
|
4FFB000
|
heap
|
page read and write
|
||
|
699E000
|
stack
|
page read and write
|
||
|
2FF1000
|
trusted library allocation
|
page read and write
|
||
|
BDB000
|
heap
|
page read and write
|
||
|
5810000
|
trusted library allocation
|
page read and write
|
||
|
18FA000
|
trusted library allocation
|
page execute and read and write
|
||
|
BCB000
|
heap
|
page read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
1710000
|
trusted library allocation
|
page read and write
|
||
|
6860000
|
heap
|
page read and write
|
||
|
1320000
|
trusted library allocation
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
4E70000
|
trusted library section
|
page readonly
|
||
|
4DA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
A3B000
|
stack
|
page read and write
|
||
|
6D50000
|
heap
|
page read and write
|
||
|
5A7B000
|
stack
|
page read and write
|
||
|
2CAE000
|
stack
|
page read and write
|
||
|
5F10000
|
heap
|
page read and write
|
||
|
5BB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
B89000
|
heap
|
page read and write
|
||
|
5BA0000
|
heap
|
page read and write
|
||
|
144B000
|
heap
|
page read and write
|
||
|
142F000
|
heap
|
page read and write
|
||
|
35B3000
|
trusted library allocation
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
EA2000
|
heap
|
page read and write
|
||
|
1405000
|
heap
|
page read and write
|
||
|
61F2000
|
trusted library allocation
|
page read and write
|
||
|
55A8000
|
trusted library allocation
|
page read and write
|
||
|
4FD0000
|
trusted library allocation
|
page read and write
|
||
|
B9C000
|
heap
|
page read and write
|
||
|
BCD000
|
heap
|
page read and write
|
||
|
B9C000
|
heap
|
page read and write
|
||
|
59C0000
|
heap
|
page read and write
|
||
|
1072000
|
trusted library allocation
|
page execute and read and write
|
||
|
59D0000
|
trusted library section
|
page readonly
|
||
|
3DA1000
|
trusted library allocation
|
page read and write
|
||
|
4A2E000
|
stack
|
page read and write
|
||
|
BCE000
|
heap
|
page read and write
|
||
|
8AE000
|
heap
|
page read and write
|
||
|
132B000
|
trusted library allocation
|
page execute and read and write
|
||
|
BC8000
|
heap
|
page read and write
|
||
|
BCC000
|
heap
|
page read and write
|
||
|
4B30000
|
heap
|
page read and write
|
||
|
1390000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
4D7E000
|
stack
|
page read and write
|
||
|
16CE000
|
stack
|
page read and write
|
||
|
577E000
|
stack
|
page read and write
|
||
|
5000000
|
heap
|
page read and write
|
||
|
2AA000
|
stack
|
page read and write
|
||
|
134E000
|
stack
|
page read and write
|
||
|
12EE000
|
stack
|
page read and write
|
||
|
5949000
|
stack
|
page read and write
|
||
|
4FF2000
|
heap
|
page read and write
|
||
|
922000
|
trusted library allocation
|
page execute and read and write
|
||
|
19B0000
|
heap
|
page execute and read and write
|
||
|
F1E000
|
stack
|
page read and write
|
||
|
847C000
|
stack
|
page read and write
|
||
|
BBA000
|
heap
|
page read and write
|
||
|
DFE000
|
stack
|
page read and write
|
||
|
BA7000
|
heap
|
page read and write
|
||
|
18F2000
|
trusted library allocation
|
page execute and read and write
|
||
|
91A000
|
trusted library allocation
|
page execute and read and write
|
||
|
105E000
|
stack
|
page read and write
|
||
|
4EEB000
|
stack
|
page read and write
|
||
|
307E000
|
trusted library allocation
|
page read and write
|
||
|
7F8000
|
heap
|
page read and write
|
||
|
7FE000
|
heap
|
page read and write
|
||
|
C18000
|
heap
|
page read and write
|
||
|
69DE000
|
stack
|
page read and write
|
||
|
B71000
|
heap
|
page read and write
|
||
|
5005000
|
heap
|
page read and write
|
||
|
65DE000
|
heap
|
page read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
92A000
|
trusted library allocation
|
page execute and read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
61C0000
|
heap
|
page read and write
|
||
|
5035000
|
heap
|
page read and write
|
||
|
5007000
|
heap
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
1902000
|
trusted library allocation
|
page execute and read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
700E000
|
stack
|
page read and write
|
||
|
145A000
|
heap
|
page read and write
|
||
|
5001000
|
heap
|
page read and write
|
||
|
E8D000
|
heap
|
page read and write
|
||
|
144D000
|
heap
|
page read and write
|
||
|
5F80000
|
heap
|
page read and write
|
||
|
E1A000
|
heap
|
page read and write
|
||
|
725000
|
heap
|
page read and write
|
||
|
2FD000
|
stack
|
page read and write
|
||
|
BC3000
|
heap
|
page read and write
|
||
|
BA2000
|
heap
|
page read and write
|
||
|
4ECF000
|
stack
|
page read and write
|
||
|
198E000
|
stack
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
BD8000
|
heap
|
page read and write
|
||
|
16FB000
|
heap
|
page read and write
|
||
|
16F7000
|
trusted library allocation
|
page execute and read and write
|
||
|
200000
|
unkown
|
page readonly
|
||
|
1327000
|
trusted library allocation
|
page execute and read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
4FFF000
|
heap
|
page read and write
|
||
|
BA6000
|
heap
|
page read and write
|
||
|
58C0000
|
heap
|
page read and write
|
||
|
5011000
|
heap
|
page read and write
|
||
|
5540000
|
trusted library section
|
page readonly
|
||
|
B64000
|
heap
|
page read and write
|
||
|
C2E000
|
heap
|
page read and write
|
||
|
501E000
|
stack
|
page read and write
|
||
|
1060000
|
trusted library allocation
|
page read and write
|
||
|
F6E000
|
stack
|
page read and write
|
||
|
BCC000
|
heap
|
page read and write
|
||
|
18A0000
|
heap
|
page read and write
|
||
|
BD8000
|
heap
|
page read and write
|
||
|
BD8000
|
heap
|
page read and write
|
||
|
4FFF000
|
heap
|
page read and write
|
||
|
8EE000
|
stack
|
page read and write
|
||
|
5585000
|
heap
|
page read and write
|
||
|
107A000
|
trusted library allocation
|
page execute and read and write
|
||
|
F45000
|
heap
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
524E000
|
stack
|
page read and write
|
||
|
50CC000
|
stack
|
page read and write
|
||
|
BA9000
|
heap
|
page read and write
|
||
|
3931000
|
trusted library allocation
|
page read and write
|
||
|
994000
|
heap
|
page read and write
|
||
|
1386000
|
stack
|
page read and write
|
||
|
3571000
|
trusted library allocation
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
3582000
|
trusted library allocation
|
page read and write
|
||
|
16F0000
|
trusted library allocation
|
page read and write
|
||
|
5290000
|
heap
|
page read and write
|
||
|
81B0000
|
heap
|
page read and write
|
||
|
EDF000
|
stack
|
page read and write
|
||
|
109C000
|
trusted library allocation
|
page execute and read and write
|
||
|
188F000
|
stack
|
page read and write
|
||
|
6ADE000
|
stack
|
page read and write
|
||
|
E3E000
|
stack
|
page read and write
|
||
|
BBF000
|
heap
|
page read and write
|
||
|
5000000
|
heap
|
page read and write
|
||
|
29C1000
|
trusted library allocation
|
page read and write
|
||
|
5820000
|
trusted library allocation
|
page read and write
|
||
|
6DBE000
|
stack
|
page read and write
|
||
|
56DE000
|
stack
|
page read and write
|
||
|
82F000
|
heap
|
page read and write
|
||
|
1302000
|
trusted library allocation
|
page read and write
|
||
|
C42000
|
heap
|
page read and write
|
||
|
B86000
|
heap
|
page read and write
|
||
|
575D000
|
stack
|
page read and write
|
||
|
C4E000
|
heap
|
page read and write
|
||
|
34E1000
|
trusted library allocation
|
page read and write
|
||
|
1580000
|
trusted library allocation
|
page read and write
|
||
|
80FF000
|
stack
|
page read and write
|
||
|
C41000
|
heap
|
page read and write
|
||
|
16D2000
|
trusted library allocation
|
page execute and read and write
|
||
|
14AF000
|
heap
|
page read and write
|
||
|
4FF0000
|
heap
|
page read and write
|
||
|
12F2000
|
trusted library allocation
|
page execute and read and write
|
||
|
BA4000
|
heap
|
page read and write
|
||
|
6970000
|
trusted library allocation
|
page read and write
|
||
|
2EC000
|
stack
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
C43000
|
heap
|
page read and write
|
||
|
29BE000
|
trusted library allocation
|
page read and write
|
||
|
4FFF000
|
heap
|
page read and write
|
||
|
539E000
|
stack
|
page read and write
|
||
|
BC7000
|
heap
|
page read and write
|
||
|
C1E000
|
heap
|
page read and write
|
||
|
4FF9000
|
heap
|
page read and write
|
||
|
689E000
|
stack
|
page read and write
|
||
|
6ECE000
|
stack
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
39D5000
|
trusted library allocation
|
page read and write
|
||
|
35EC000
|
trusted library allocation
|
page read and write
|
||
|
5580000
|
heap
|
page read and write
|
||
|
59E3000
|
heap
|
page read and write
|
||
|
BD4000
|
heap
|
page read and write
|
||
|
BCB000
|
heap
|
page read and write
|
||
|
BC9000
|
heap
|
page read and write
|
||
|
4B2F000
|
stack
|
page read and write
|
||
|
BA2000
|
heap
|
page read and write
|
||
|
BDA000
|
heap
|
page read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
12F6000
|
stack
|
page read and write
|
||
|
B95000
|
heap
|
page read and write
|
||
|
6C7E000
|
stack
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
BD5000
|
heap
|
page read and write
|
||
|
4F50000
|
trusted library allocation
|
page execute and read and write
|
||
|
59B0000
|
unclassified section
|
page read and write
|
||
|
142A000
|
heap
|
page read and write
|
||
|
1937000
|
trusted library allocation
|
page execute and read and write
|
||
|
6170000
|
heap
|
page read and write
|
||
|
1A80000
|
heap
|
page execute and read and write
|
||
|
3530000
|
trusted library allocation
|
page read and write
|
||
|
4FED000
|
stack
|
page read and write
|
||
|
B94000
|
heap
|
page read and write
|
||
|
190A000
|
trusted library allocation
|
page execute and read and write
|
||
|
B94000
|
heap
|
page read and write
|
||
|
6798000
|
heap
|
page read and write
|
||
|
BC2000
|
heap
|
page read and write
|
||
|
504F000
|
heap
|
page read and write
|
||
|
97E000
|
stack
|
page read and write
|
||
|
1570000
|
trusted library allocation
|
page execute and read and write
|
||
|
5770000
|
heap
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
BC6000
|
heap
|
page read and write
|
||
|
567C000
|
stack
|
page read and write
|
||
|
BA4000
|
heap
|
page read and write
|
||
|
7AE000
|
stack
|
page read and write
|
||
|
13F6000
|
heap
|
page read and write
|
||
|
BCD000
|
heap
|
page read and write
|
||
|
552B000
|
stack
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
EAD000
|
heap
|
page read and write
|
||
|
4FF5000
|
heap
|
page read and write
|
||
|
937000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A0E000
|
stack
|
page read and write
|
||
|
DBF000
|
stack
|
page read and write
|
||
|
50DF000
|
stack
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
4FFF000
|
heap
|
page read and write
|
||
|
B95000
|
heap
|
page read and write
|
||
|
CAB000
|
stack
|
page read and write
|
||
|
4EA5000
|
heap
|
page read and write
|
||
|
FAA000
|
stack
|
page read and write
|
||
|
57A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
5760000
|
heap
|
page read and write
|
||
|
1932000
|
trusted library allocation
|
page read and write
|
||
|
710E000
|
stack
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
169B000
|
stack
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
69EE000
|
stack
|
page read and write
|
||
|
2A5E000
|
stack
|
page read and write
|
||
|
BD6000
|
heap
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
1730000
|
heap
|
page read and write
|
||
|
BDB000
|
heap
|
page read and write
|
||
|
BBA000
|
heap
|
page read and write
|
||
|
90A000
|
trusted library allocation
|
page execute and read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
171B000
|
trusted library allocation
|
page execute and read and write
|
||
|
18D0000
|
heap
|
page read and write
|
||
|
C4B000
|
heap
|
page read and write
|
||
|
6B8E000
|
stack
|
page read and write
|
||
|
5BD0000
|
heap
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
59E0000
|
heap
|
page read and write
|
||
|
11C0000
|
trusted library allocation
|
page read and write
|
||
|
BBA000
|
heap
|
page read and write
|
||
|
3DA4000
|
trusted library allocation
|
page read and write
|
||
|
5680000
|
heap
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
B30000
|
heap
|
page read and write
|
||
|
520E000
|
stack
|
page read and write
|
||
|
51FE000
|
stack
|
page read and write
|
||
|
5DA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
BFD000
|
heap
|
page read and write
|
||
|
44E1000
|
trusted library allocation
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
5870000
|
heap
|
page read and write
|
||
|
66D0000
|
trusted library section
|
page read and write
|
||
|
9A5000
|
heap
|
page read and write
|
||
|
E1E000
|
heap
|
page read and write
|
||
|
5042000
|
heap
|
page read and write
|
||
|
1380000
|
heap
|
page read and write
|
||
|
4EA0000
|
heap
|
page read and write
|
||
|
B95000
|
heap
|
page read and write
|
||
|
58C3000
|
heap
|
page read and write
|
||
|
3FF1000
|
trusted library allocation
|
page read and write
|
||
|
BD4000
|
heap
|
page read and write
|
||
|
117E000
|
stack
|
page read and write
|
||
|
833E000
|
stack
|
page read and write
|
||
|
86D0000
|
heap
|
page read and write
|
||
|
1590000
|
heap
|
page read and write
|
||
|
590C000
|
stack
|
page read and write
|
||
|
1442000
|
heap
|
page read and write
|
||
|
183D000
|
stack
|
page read and write
|
||
|
6890000
|
heap
|
page read and write
|
||
|
97E000
|
stack
|
page read and write
|
||
|
C4A000
|
heap
|
page read and write
|
||
|
4ED0000
|
heap
|
page read and write
|
||
|
5850000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F3E000
|
stack
|
page read and write
|
||
|
BC8000
|
heap
|
page read and write
|
||
|
13C8000
|
heap
|
page read and write
|
||
|
93D000
|
unkown
|
page read and write
|
||
|
1920000
|
trusted library allocation
|
page read and write
|
||
|
6D7E000
|
stack
|
page read and write
|
||
|
BA8000
|
heap
|
page read and write
|
||
|
13F4000
|
heap
|
page read and write
|
||
|
5B0E000
|
stack
|
page read and write
|
||
|
16E0000
|
trusted library allocation
|
page read and write
|
||
|
BDB000
|
heap
|
page read and write
|
||
|
1720000
|
heap
|
page read and write
|
||
|
85CF000
|
stack
|
page read and write
|
||
|
4D90000
|
trusted library allocation
|
page read and write
|
||
|
65D0000
|
heap
|
page read and write
|
||
|
5790000
|
trusted library allocation
|
page read and write
|
||
|
13C0000
|
heap
|
page read and write
|
||
|
142E000
|
heap
|
page read and write
|
||
|
4FD0000
|
heap
|
page read and write
|
||
|
6D5E000
|
heap
|
page read and write
|
||
|
10C0000
|
trusted library allocation
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
5860000
|
trusted library allocation
|
page read and write
|
||
|
1930000
|
trusted library allocation
|
page read and write
|
||
|
5530000
|
heap
|
page read and write
|
||
|
1300000
|
trusted library allocation
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
4DB0000
|
trusted library allocation
|
page read and write
|
||
|
1717000
|
trusted library allocation
|
page execute and read and write
|
||
|
C4E000
|
heap
|
page read and write
|
||
|
1385000
|
heap
|
page read and write
|
||
|
509E000
|
stack
|
page read and write
|
||
|
325E000
|
stack
|
page read and write
|
||
|
76E000
|
stack
|
page read and write
|
||
|
1350000
|
heap
|
page read and write
|
||
|
CB0000
|
heap
|
page execute and read and write
|
||
|
B94000
|
heap
|
page read and write
|
||
|
BA6000
|
heap
|
page read and write
|
||
|
597F000
|
stack
|
page read and write
|
||
|
BC2000
|
heap
|
page read and write
|
||
|
18E0000
|
trusted library allocation
|
page read and write
|
||
|
47C000
|
stack
|
page read and write
|
||
|
7F160000
|
trusted library allocation
|
page execute and read and write
|
||
|
5BE1000
|
heap
|
page read and write
|
||
|
5C0F000
|
stack
|
page read and write
|
||
|
C1E000
|
heap
|
page read and write
|
||
|
6B2E000
|
stack
|
page read and write
|
||
|
932000
|
trusted library allocation
|
page read and write
|
||
|
BC3000
|
heap
|
page read and write
|
||
|
58B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
35F7000
|
trusted library allocation
|
page read and write
|
||
|
8FE000
|
stack
|
page read and write
|
||
|
5BC0000
|
heap
|
page read and write
|
||
|
1910000
|
trusted library allocation
|
page read and write
|
||
|
156E000
|
stack
|
page read and write
|
||
|
BD4000
|
heap
|
page read and write
|
||
|
C8A000
|
stack
|
page read and write
|
||
|
3A6000
|
stack
|
page read and write
|
||
|
45A1000
|
trusted library allocation
|
page read and write
|
||
|
BD3000
|
heap
|
page read and write
|
||
|
5D0D000
|
stack
|
page read and write
|
||
|
51CE000
|
stack
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
319F000
|
stack
|
page read and write
|
||
|
1350000
|
heap
|
page execute and read and write
|
||
|
505E000
|
stack
|
page read and write
|
||
|
1096000
|
trusted library allocation
|
page execute and read and write
|
||
|
52FE000
|
stack
|
page read and write
|
There are 539 hidden memdumps, click here to show them.