Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
rNNA.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\tmp9DF8.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\wZnyuP.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rNNA.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\wZnyuP.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1ezau15k.i1s.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5na5kd2y.dae.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gdbwlku4.wyp.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ja5cq2ml.oyx.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpA9BF.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\wZnyuP.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\rNNA.exe
|
"C:\Users\user\Desktop\rNNA.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\wZnyuP.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\wZnyuP" /XML "C:\Users\user\AppData\Local\Temp\tmp9DF8.tmp"
|
|
|
|
C:\Users\user\Desktop\rNNA.exe
|
"C:\Users\user\Desktop\rNNA.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\wZnyuP.exe
|
C:\Users\user\AppData\Roaming\wZnyuP.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\wZnyuP" /XML "C:\Users\user\AppData\Local\Temp\tmpA9BF.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\wZnyuP.exe
|
"C:\Users\user\AppData\Roaming\wZnyuP.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\wZnyuP.exe
|
"C:\Users\user\AppData\Roaming\wZnyuP.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 2 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
http://mail.pbjv.net
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://pbjv.net
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://www.typography.netD
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
http://www.sakkal.coms
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
There are 21 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.pbjv.net
|
unknown
|
|
|
|
pbjv.net
|
203.175.171.5
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.211.108
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
203.175.171.5
|
pbjv.net
|
Singapore
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3269000
|
trusted library allocation
|
page read and write
|
|
|
|
2A11000
|
trusted library allocation
|
page read and write
|
|
|
|
2A5E000
|
trusted library allocation
|
page read and write
|
|
|
|
412E000
|
trusted library allocation
|
page read and write
|
|
|
|
2A89000
|
trusted library allocation
|
page read and write
|
|
|
|
323E000
|
trusted library allocation
|
page read and write
|
|
|
|
31F1000
|
trusted library allocation
|
page read and write
|
|
|
|
42C000
|
remote allocation
|
page execute and read and write
|
|
|
|
1196000
|
trusted library allocation
|
page read and write
|
||
|
5490000
|
trusted library allocation
|
page read and write
|
||
|
91A1000
|
heap
|
page read and write
|
||
|
59B0000
|
heap
|
page read and write
|
||
|
6B70000
|
heap
|
page read and write
|
||
|
7EAE000
|
stack
|
page read and write
|
||
|
7EEA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
C2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2900000
|
heap
|
page execute and read and write
|
||
|
59B9000
|
heap
|
page read and write
|
||
|
BC8000
|
heap
|
page read and write
|
||
|
2A85000
|
trusted library allocation
|
page read and write
|
||
|
BB6000
|
trusted library allocation
|
page execute and read and write
|
||
|
4B01000
|
trusted library allocation
|
page read and write
|
||
|
669C000
|
trusted library allocation
|
page read and write
|
||
|
3981000
|
trusted library allocation
|
page read and write
|
||
|
68E9000
|
trusted library allocation
|
page read and write
|
||
|
68E4000
|
trusted library allocation
|
page read and write
|
||
|
2882000
|
trusted library allocation
|
page read and write
|
||
|
774E000
|
stack
|
page read and write
|
||
|
2B0B000
|
trusted library allocation
|
page read and write
|
||
|
556F000
|
stack
|
page read and write
|
||
|
14A5000
|
trusted library allocation
|
page execute and read and write
|
||
|
1542000
|
heap
|
page read and write
|
||
|
51EE000
|
stack
|
page read and write
|
||
|
56E0000
|
trusted library allocation
|
page read and write
|
||
|
4FDE000
|
stack
|
page read and write
|
||
|
2B1D000
|
trusted library allocation
|
page read and write
|
||
|
536C000
|
stack
|
page read and write
|
||
|
13D1000
|
heap
|
page read and write
|
||
|
3186000
|
trusted library allocation
|
page read and write
|
||
|
3B01000
|
trusted library allocation
|
page read and write
|
||
|
155D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B23000
|
trusted library allocation
|
page read and write
|
||
|
133E000
|
stack
|
page read and write
|
||
|
640E000
|
stack
|
page read and write
|
||
|
C58000
|
heap
|
page read and write
|
||
|
2590000
|
heap
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
3A39000
|
trusted library allocation
|
page read and write
|
||
|
59DE000
|
heap
|
page read and write
|
||
|
B94000
|
trusted library allocation
|
page read and write
|
||
|
67F0000
|
trusted library allocation
|
page read and write
|
||
|
15E0000
|
heap
|
page read and write
|
||
|
67A0000
|
heap
|
page read and write
|
||
|
2A77000
|
trusted library allocation
|
page read and write
|
||
|
C60000
|
trusted library allocation
|
page read and write
|
||
|
4E90000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F00000
|
trusted library allocation
|
page execute and read and write
|
||
|
CAE000
|
stack
|
page read and write
|
||
|
1514000
|
heap
|
page read and write
|
||
|
4F8E000
|
stack
|
page read and write
|
||
|
CD4000
|
trusted library allocation
|
page read and write
|
||
|
33D3000
|
trusted library allocation
|
page read and write
|
||
|
5BEE000
|
stack
|
page read and write
|
||
|
522E000
|
stack
|
page read and write
|
||
|
33BD000
|
trusted library allocation
|
page read and write
|
||
|
1458000
|
heap
|
page read and write
|
||
|
33CB000
|
trusted library allocation
|
page read and write
|
||
|
68E0000
|
trusted library allocation
|
page read and write
|
||
|
142E000
|
stack
|
page read and write
|
||
|
4219000
|
trusted library allocation
|
page read and write
|
||
|
317D000
|
trusted library allocation
|
page read and write
|
||
|
709E000
|
stack
|
page read and write
|
||
|
1484000
|
heap
|
page read and write
|
||
|
5252000
|
trusted library allocation
|
page read and write
|
||
|
1477000
|
heap
|
page read and write
|
||
|
278E000
|
trusted library allocation
|
page read and write
|
||
|
54E3000
|
heap
|
page read and write
|
||
|
61F2000
|
heap
|
page read and write
|
||
|
CB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
570C000
|
stack
|
page read and write
|
||
|
69D0000
|
trusted library allocation
|
page read and write
|
||
|
3172000
|
trusted library allocation
|
page read and write
|
||
|
5030000
|
heap
|
page read and write
|
||
|
6F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
4DF0000
|
trusted library section
|
page readonly
|
||
|
AEE000
|
stack
|
page read and write
|
||
|
546F000
|
stack
|
page read and write
|
||
|
7670000
|
trusted library allocation
|
page read and write
|
||
|
27AE000
|
trusted library allocation
|
page read and write
|
||
|
33D9000
|
trusted library allocation
|
page read and write
|
||
|
4E40000
|
heap
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
5480000
|
trusted library allocation
|
page read and write
|
||
|
66B6000
|
trusted library allocation
|
page read and write
|
||
|
4BCF000
|
trusted library allocation
|
page read and write
|
||
|
7F9000
|
heap
|
page read and write
|
||
|
4C0D000
|
trusted library allocation
|
page read and write
|
||
|
BEE000
|
stack
|
page read and write
|
||
|
9725000
|
trusted library allocation
|
page read and write
|
||
|
67AE000
|
heap
|
page read and write
|
||
|
B93000
|
trusted library allocation
|
page execute and read and write
|
||
|
65AF000
|
stack
|
page read and write
|
||
|
5040000
|
heap
|
page read and write
|
||
|
6E9E000
|
stack
|
page read and write
|
||
|
2792000
|
trusted library allocation
|
page read and write
|
||
|
2896000
|
trusted library allocation
|
page read and write
|
||
|
34A0000
|
heap
|
page read and write
|
||
|
2B29000
|
trusted library allocation
|
page read and write
|
||
|
27A4000
|
trusted library allocation
|
page read and write
|
||
|
68C4000
|
trusted library allocation
|
page read and write
|
||
|
CC0000
|
trusted library allocation
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
5580000
|
heap
|
page read and write
|
||
|
5570000
|
trusted library section
|
page readonly
|
||
|
69BE000
|
stack
|
page read and write
|
||
|
C47000
|
trusted library allocation
|
page execute and read and write
|
||
|
92E4000
|
trusted library allocation
|
page read and write
|
||
|
73A000
|
heap
|
page read and write
|
||
|
6DEE000
|
stack
|
page read and write
|
||
|
9690000
|
trusted library allocation
|
page read and write
|
||
|
2A5C000
|
trusted library allocation
|
page read and write
|
||
|
5AAC000
|
stack
|
page read and write
|
||
|
789F000
|
stack
|
page read and write
|
||
|
135E000
|
heap
|
page read and write
|
||
|
2E50000
|
heap
|
page read and write
|
||
|
757000
|
heap
|
page read and write
|
||
|
A040000
|
heap
|
page read and write
|
||
|
15A0000
|
trusted library allocation
|
page read and write
|
||
|
57F4000
|
trusted library allocation
|
page read and write
|
||
|
412000
|
remote allocation
|
page execute and read and write
|
||
|
5FF7000
|
trusted library allocation
|
page read and write
|
||
|
6800000
|
trusted library allocation
|
page read and write
|
||
|
1470000
|
trusted library allocation
|
page read and write
|
||
|
7F360000
|
trusted library allocation
|
page execute and read and write
|
||
|
28BB000
|
trusted library allocation
|
page read and write
|
||
|
BA0000
|
trusted library allocation
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
5550000
|
trusted library allocation
|
page read and write
|
||
|
7FBC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5CEF000
|
stack
|
page read and write
|
||
|
C2D000
|
heap
|
page read and write
|
||
|
4E20000
|
trusted library allocation
|
page read and write
|
||
|
772000
|
heap
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
33C5000
|
trusted library allocation
|
page read and write
|
||
|
68D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6BC9000
|
heap
|
page read and write
|
||
|
9470000
|
trusted library allocation
|
page execute and read and write
|
||
|
3257000
|
trusted library allocation
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
57F0000
|
trusted library allocation
|
page read and write
|
||
|
3024000
|
trusted library allocation
|
page read and write
|
||
|
BBA000
|
trusted library allocation
|
page execute and read and write
|
||
|
317A000
|
trusted library allocation
|
page read and write
|
||
|
278C000
|
trusted library allocation
|
page read and write
|
||
|
2891000
|
trusted library allocation
|
page read and write
|
||
|
15E7000
|
heap
|
page read and write
|
||
|
158B000
|
trusted library allocation
|
page execute and read and write
|
||
|
C32000
|
trusted library allocation
|
page read and write
|
||
|
2B0D000
|
trusted library allocation
|
page read and write
|
||
|
3F59000
|
trusted library allocation
|
page read and write
|
||
|
4EF0000
|
heap
|
page read and write
|
||
|
6BB2000
|
heap
|
page read and write
|
||
|
12CE000
|
stack
|
page read and write
|
||
|
73E000
|
heap
|
page read and write
|
||
|
502D000
|
stack
|
page read and write
|
||
|
27A8000
|
trusted library allocation
|
page read and write
|
||
|
93EF000
|
stack
|
page read and write
|
||
|
7660000
|
trusted library allocation
|
page execute and read and write
|
||
|
66B0000
|
trusted library allocation
|
page read and write
|
||
|
2B19000
|
trusted library allocation
|
page read and write
|
||
|
1373000
|
heap
|
page read and write
|
||
|
256C000
|
stack
|
page read and write
|
||
|
7790000
|
trusted library allocation
|
page execute and read and write
|
||
|
6AF000
|
unkown
|
page read and write
|
||
|
14DF000
|
heap
|
page read and write
|
||
|
7750000
|
trusted library section
|
page read and write
|
||
|
538D000
|
stack
|
page read and write
|
||
|
BEA000
|
heap
|
page read and write
|
||
|
1DA000
|
stack
|
page read and write
|
||
|
24CE000
|
stack
|
page read and write
|
||
|
C36000
|
trusted library allocation
|
page execute and read and write
|
||
|
156D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6000000
|
trusted library allocation
|
page read and write
|
||
|
1510000
|
heap
|
page read and write
|
||
|
1554000
|
trusted library allocation
|
page read and write
|
||
|
27AA000
|
trusted library allocation
|
page read and write
|
||
|
5470000
|
trusted library allocation
|
page read and write
|
||
|
5540000
|
trusted library allocation
|
page execute and read and write
|
||
|
1369000
|
heap
|
page read and write
|
||
|
6F9E000
|
stack
|
page read and write
|
||
|
1450000
|
heap
|
page read and write
|
||
|
1340000
|
heap
|
page read and write
|
||
|
69D0000
|
heap
|
page read and write
|
||
|
2788000
|
trusted library allocation
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
5520000
|
trusted library allocation
|
page read and write
|
||
|
1480000
|
trusted library allocation
|
page read and write
|
||
|
C14000
|
trusted library allocation
|
page read and write
|
||
|
6D50000
|
trusted library allocation
|
page execute and read and write
|
||
|
3A85000
|
trusted library allocation
|
page read and write
|
||
|
555D000
|
trusted library allocation
|
page read and write
|
||
|
17D0000
|
heap
|
page read and write
|
||
|
C98000
|
heap
|
page read and write
|
||
|
59F0000
|
heap
|
page read and write
|
||
|
7B00000
|
trusted library section
|
page read and write
|
||
|
6720000
|
heap
|
page read and write
|
||
|
4BF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
69E0000
|
trusted library allocation
|
page read and write
|
||
|
31E0000
|
heap
|
page execute and read and write
|
||
|
7050000
|
trusted library allocation
|
page read and write
|
||
|
8380000
|
heap
|
page read and write
|
||
|
56D0000
|
heap
|
page read and write
|
||
|
3181000
|
trusted library allocation
|
page read and write
|
||
|
525C000
|
trusted library allocation
|
page read and write
|
||
|
9AAE000
|
stack
|
page read and write
|
||
|
6EF0000
|
trusted library allocation
|
page read and write
|
||
|
278A000
|
trusted library allocation
|
page read and write
|
||
|
66C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1348000
|
heap
|
page read and write
|
||
|
15C0000
|
heap
|
page read and write
|
||
|
33D5000
|
trusted library allocation
|
page read and write
|
||
|
870F000
|
stack
|
page read and write
|
||
|
15B0000
|
heap
|
page read and write
|
||
|
59A0000
|
heap
|
page read and write
|
||
|
1518000
|
heap
|
page read and write
|
||
|
149A000
|
trusted library allocation
|
page execute and read and write
|
||
|
316B000
|
trusted library allocation
|
page read and write
|
||
|
2B2B000
|
trusted library allocation
|
page read and write
|
||
|
145E000
|
heap
|
page read and write
|
||
|
3A11000
|
trusted library allocation
|
page read and write
|
||
|
95BD000
|
stack
|
page read and write
|
||
|
2B11000
|
trusted library allocation
|
page read and write
|
||
|
9190000
|
heap
|
page read and write
|
||
|
1460000
|
trusted library allocation
|
page read and write
|
||
|
2BA0000
|
trusted library allocation
|
page read and write
|
||
|
1376000
|
heap
|
page read and write
|
||
|
AD8F000
|
stack
|
page read and write
|
||
|
1580000
|
trusted library allocation
|
page read and write
|
||
|
71A000
|
stack
|
page read and write
|
||
|
56CE000
|
stack
|
page read and write
|
||
|
287E000
|
trusted library allocation
|
page read and write
|
||
|
4F20000
|
trusted library allocation
|
page execute and read and write
|
||
|
387E000
|
trusted library allocation
|
page read and write
|
||
|
279E000
|
trusted library allocation
|
page read and write
|
||
|
7C7000
|
heap
|
page read and write
|
||
|
68F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
414000
|
remote allocation
|
page execute and read and write
|
||
|
F1A000
|
stack
|
page read and write
|
||
|
1576000
|
trusted library allocation
|
page execute and read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
1508000
|
heap
|
page read and write
|
||
|
31C0000
|
heap
|
page read and write
|
||
|
2DCE000
|
stack
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
33B9000
|
trusted library allocation
|
page read and write
|
||
|
28EA000
|
trusted library allocation
|
page read and write
|
||
|
545D000
|
trusted library allocation
|
page read and write
|
||
|
42A000
|
remote allocation
|
page execute and read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
C13000
|
trusted library allocation
|
page execute and read and write
|
||
|
14AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
DDE000
|
stack
|
page read and write
|
||
|
67AE000
|
stack
|
page read and write
|
||
|
9290000
|
trusted library allocation
|
page read and write
|
||
|
1890000
|
trusted library allocation
|
page read and write
|
||
|
5451000
|
trusted library allocation
|
page read and write
|
||
|
555F000
|
trusted library allocation
|
page read and write
|
||
|
3FA8000
|
trusted library allocation
|
page read and write
|
||
|
7640000
|
trusted library allocation
|
page read and write
|
||
|
83A9000
|
heap
|
page read and write
|
||
|
66E000
|
unkown
|
page read and write
|
||
|
4C00000
|
trusted library allocation
|
page read and write
|
||
|
3310000
|
heap
|
page read and write
|
||
|
51F8000
|
trusted library allocation
|
page read and write
|
||
|
C1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
DAA000
|
stack
|
page read and write
|
||
|
54E0000
|
heap
|
page read and write
|
||
|
6219000
|
heap
|
page read and write
|
||
|
38B8000
|
trusted library allocation
|
page read and write
|
||
|
3905000
|
trusted library allocation
|
page read and write
|
||
|
91AF000
|
heap
|
page read and write
|
||
|
1406000
|
heap
|
page read and write
|
||
|
544E000
|
trusted library allocation
|
page read and write
|
||
|
418000
|
remote allocation
|
page execute and read and write
|
||
|
2B09000
|
trusted library allocation
|
page read and write
|
||
|
4C5B000
|
stack
|
page read and write
|
||
|
14A7000
|
trusted library allocation
|
page execute and read and write
|
||
|
14C0000
|
trusted library allocation
|
page read and write
|
||
|
5F0D000
|
stack
|
page read and write
|
||
|
C30000
|
trusted library allocation
|
page read and write
|
||
|
148D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3265000
|
trusted library allocation
|
page read and write
|
||
|
68C0000
|
trusted library allocation
|
page read and write
|
||
|
4BA0000
|
heap
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
2FCF000
|
unkown
|
page read and write
|
||
|
1582000
|
trusted library allocation
|
page read and write
|
||
|
1492000
|
trusted library allocation
|
page read and write
|
||
|
2B25000
|
trusted library allocation
|
page read and write
|
||
|
C6B000
|
heap
|
page read and write
|
||
|
2F51000
|
trusted library allocation
|
page read and write
|
||
|
99E000
|
stack
|
page read and write
|
||
|
413000
|
remote allocation
|
page execute and read and write
|
||
|
9B2E000
|
stack
|
page read and write
|
||
|
5670000
|
heap
|
page read and write
|
||
|
33C9000
|
trusted library allocation
|
page read and write
|
||
|
92E0000
|
trusted library allocation
|
page read and write
|
||
|
BF5000
|
heap
|
page read and write
|
||
|
33DF000
|
trusted library allocation
|
page read and write
|
||
|
6D90000
|
trusted library allocation
|
page execute and read and write
|
||
|
3318000
|
heap
|
page read and write
|
||
|
61CC000
|
heap
|
page read and write
|
||
|
14F0000
|
heap
|
page read and write
|
||
|
36A1000
|
trusted library allocation
|
page read and write
|
||
|
BC2000
|
unkown
|
page readonly
|
||
|
5CF0000
|
trusted library allocation
|
page read and write
|
||
|
28CD000
|
trusted library allocation
|
page read and write
|
||
|
319A000
|
trusted library allocation
|
page read and write
|
||
|
2794000
|
trusted library allocation
|
page read and write
|
||
|
425B000
|
trusted library allocation
|
page read and write
|
||
|
3271000
|
trusted library allocation
|
page read and write
|
||
|
2786000
|
trusted library allocation
|
page read and write
|
||
|
ED0000
|
trusted library allocation
|
page read and write
|
||
|
33C3000
|
trusted library allocation
|
page read and write
|
||
|
6710000
|
trusted library allocation
|
page execute and read and write
|
||
|
C00000
|
trusted library allocation
|
page read and write
|
||
|
5880000
|
trusted library allocation
|
page execute and read and write
|
||
|
4EA0000
|
heap
|
page read and write
|
||
|
3A09000
|
trusted library allocation
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
2B15000
|
trusted library allocation
|
page read and write
|
||
|
1553000
|
trusted library allocation
|
page execute and read and write
|
||
|
C42000
|
trusted library allocation
|
page read and write
|
||
|
1550000
|
trusted library allocation
|
page read and write
|
||
|
1490000
|
heap
|
page read and write
|
||
|
66A0000
|
trusted library allocation
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
5990000
|
heap
|
page read and write
|
||
|
D1A000
|
stack
|
page read and write
|
||
|
4B0D000
|
trusted library allocation
|
page read and write
|
||
|
4E10000
|
heap
|
page read and write
|
||
|
4BD0000
|
trusted library allocation
|
page read and write
|
||
|
2F0C000
|
stack
|
page read and write
|
||
|
4F90000
|
trusted library allocation
|
page read and write
|
||
|
BC0000
|
unkown
|
page readonly
|
||
|
9F3C000
|
stack
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
72E000
|
stack
|
page read and write
|
||
|
4B06000
|
trusted library allocation
|
page read and write
|
||
|
1194000
|
trusted library allocation
|
page read and write
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
279C000
|
trusted library allocation
|
page read and write
|
||
|
31C3000
|
heap
|
page read and write
|
||
|
1572000
|
trusted library allocation
|
page read and write
|
||
|
33C7000
|
trusted library allocation
|
page read and write
|
||
|
84C0000
|
trusted library allocation
|
page read and write
|
||
|
54B0000
|
trusted library allocation
|
page read and write
|
||
|
2B27000
|
trusted library allocation
|
page read and write
|
||
|
5260000
|
heap
|
page execute and read and write
|
||
|
5810000
|
trusted library allocation
|
page execute and read and write
|
||
|
6730000
|
trusted library allocation
|
page execute and read and write
|
||
|
2798000
|
trusted library allocation
|
page read and write
|
||
|
3794000
|
trusted library allocation
|
page read and write
|
||
|
327E000
|
stack
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
398C000
|
trusted library allocation
|
page read and write
|
||
|
323C000
|
trusted library allocation
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
9CEE000
|
stack
|
page read and write
|
||
|
27A0000
|
trusted library allocation
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
CD6000
|
trusted library allocation
|
page read and write
|
||
|
5050000
|
trusted library allocation
|
page read and write
|
||
|
566C000
|
stack
|
page read and write
|
||
|
41A000
|
remote allocation
|
page execute and read and write
|
||
|
68E7000
|
trusted library allocation
|
page read and write
|
||
|
2B21000
|
trusted library allocation
|
page read and write
|
||
|
2B13000
|
trusted library allocation
|
page read and write
|
||
|
5256000
|
trusted library allocation
|
page read and write
|
||
|
3166000
|
trusted library allocation
|
page read and write
|
||
|
26A1000
|
trusted library allocation
|
page read and write
|
||
|
12E0000
|
heap
|
page read and write
|
||
|
43C000
|
remote allocation
|
page execute and read and write
|
||
|
4E8E000
|
stack
|
page read and write
|
||
|
6F20000
|
heap
|
page read and write
|
||
|
5680000
|
trusted library allocation
|
page read and write
|
||
|
BB2000
|
trusted library allocation
|
page read and write
|
||
|
4C0F000
|
trusted library allocation
|
page read and write
|
||
|
33CF000
|
trusted library allocation
|
page read and write
|
||
|
943E000
|
stack
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
7650000
|
trusted library allocation
|
page read and write
|
||
|
18B0000
|
heap
|
page read and write
|
||
|
92D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
785000
|
heap
|
page read and write
|
||
|
4AE0000
|
trusted library allocation
|
page read and write
|
||
|
7200000
|
heap
|
page read and write
|
||
|
78A0000
|
trusted library section
|
page read and write
|
||
|
31AF000
|
trusted library allocation
|
page read and write
|
||
|
BF8000
|
heap
|
page read and write
|
||
|
1560000
|
trusted library allocation
|
page read and write
|
||
|
4B20000
|
trusted library allocation
|
page read and write
|
||
|
2B04000
|
trusted library allocation
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
2A66000
|
trusted library allocation
|
page read and write
|
||
|
7760000
|
trusted library allocation
|
page read and write
|
||
|
5F10000
|
trusted library allocation
|
page execute and read and write
|
||
|
8505000
|
trusted library allocation
|
page read and write
|
||
|
33DD000
|
trusted library allocation
|
page read and write
|
||
|
33BB000
|
trusted library allocation
|
page read and write
|
||
|
69EA000
|
trusted library allocation
|
page read and write
|
||
|
28EC000
|
stack
|
page read and write
|
||
|
3259000
|
trusted library allocation
|
page read and write
|
||
|
6690000
|
trusted library allocation
|
page read and write
|
||
|
132D000
|
stack
|
page read and write
|
||
|
289D000
|
trusted library allocation
|
page read and write
|
||
|
4B50000
|
trusted library allocation
|
page read and write
|
||
|
725000
|
heap
|
page read and write
|
||
|
33C1000
|
trusted library allocation
|
page read and write
|
||
|
AF8C000
|
stack
|
page read and write
|
||
|
397A000
|
trusted library allocation
|
page read and write
|
||
|
84BE000
|
stack
|
page read and write
|
||
|
68B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
7770000
|
trusted library allocation
|
page read and write
|
||
|
7B10000
|
trusted library section
|
page read and write
|
||
|
416000
|
remote allocation
|
page execute and read and write
|
||
|
1474000
|
trusted library allocation
|
page read and write
|
||
|
68A0000
|
trusted library allocation
|
page read and write
|
||
|
287B000
|
trusted library allocation
|
page read and write
|
||
|
9DEE000
|
stack
|
page read and write
|
||
|
33BF000
|
trusted library allocation
|
page read and write
|
||
|
7072000
|
trusted library allocation
|
page read and write
|
||
|
C5F000
|
heap
|
page read and write
|
||
|
24D0000
|
trusted library allocation
|
page read and write
|
||
|
8510000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
6B74000
|
heap
|
page read and write
|
||
|
323E000
|
stack
|
page read and write
|
||
|
6EEE000
|
stack
|
page read and write
|
||
|
2790000
|
trusted library allocation
|
page read and write
|
||
|
5CF8000
|
trusted library allocation
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
6EE000
|
stack
|
page read and write
|
||
|
4EEE000
|
stack
|
page read and write
|
||
|
2774000
|
trusted library allocation
|
page read and write
|
||
|
2B1B000
|
trusted library allocation
|
page read and write
|
||
|
4F10000
|
trusted library allocation
|
page read and write
|
||
|
3FF6000
|
trusted library allocation
|
page read and write
|
||
|
417000
|
remote allocation
|
page execute and read and write
|
||
|
1190000
|
trusted library allocation
|
page read and write
|
||
|
5456000
|
trusted library allocation
|
page read and write
|
||
|
8509000
|
trusted library allocation
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
33D7000
|
trusted library allocation
|
page read and write
|
||
|
33CD000
|
trusted library allocation
|
page read and write
|
||
|
7AF000
|
heap
|
page read and write
|
||
|
2B2D000
|
trusted library allocation
|
page read and write
|
||
|
598E000
|
stack
|
page read and write
|
||
|
4AFE000
|
trusted library allocation
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
316B000
|
trusted library allocation
|
page read and write
|
||
|
7FD000
|
heap
|
page read and write
|
||
|
14E0000
|
trusted library allocation
|
page read and write
|
||
|
E9B000
|
trusted library allocation
|
page execute and read and write
|
||
|
630E000
|
stack
|
page read and write
|
||
|
5430000
|
trusted library allocation
|
page read and write
|
||
|
27AC000
|
trusted library allocation
|
page read and write
|
||
|
2B2F000
|
trusted library allocation
|
page read and write
|
||
|
957E000
|
stack
|
page read and write
|
||
|
8500000
|
trusted library allocation
|
page read and write
|
||
|
288A000
|
trusted library allocation
|
page read and write
|
||
|
5060000
|
heap
|
page read and write
|
||
|
2570000
|
trusted library allocation
|
page read and write
|
||
|
3F51000
|
trusted library allocation
|
page read and write
|
||
|
415000
|
remote allocation
|
page execute and read and write
|
||
|
5770000
|
heap
|
page read and write
|
||
|
42B000
|
heap
|
page read and write
|
||
|
1894000
|
trusted library allocation
|
page read and write
|
||
|
503E000
|
stack
|
page read and write
|
||
|
7B20000
|
trusted library allocation
|
page execute and read and write
|
||
|
1490000
|
trusted library allocation
|
page read and write
|
||
|
9AEE000
|
stack
|
page read and write
|
||
|
184E000
|
stack
|
page read and write
|
||
|
BAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
5806000
|
trusted library allocation
|
page read and write
|
||
|
28FF000
|
trusted library allocation
|
page read and write
|
||
|
10F7000
|
stack
|
page read and write
|
||
|
566E000
|
stack
|
page read and write
|
||
|
69AD000
|
stack
|
page read and write
|
||
|
BB0000
|
trusted library allocation
|
page read and write
|
||
|
4BAD000
|
stack
|
page read and write
|
||
|
83C1000
|
heap
|
page read and write
|
||
|
402000
|
remote allocation
|
page execute and read and write
|
||
|
7450000
|
heap
|
page read and write
|
||
|
14D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
288E000
|
trusted library allocation
|
page read and write
|
||
|
27A2000
|
trusted library allocation
|
page read and write
|
||
|
4DF4000
|
trusted library section
|
page readonly
|
||
|
3246000
|
trusted library allocation
|
page read and write
|
||
|
1570000
|
trusted library allocation
|
page read and write
|
||
|
5FF0000
|
trusted library allocation
|
page read and write
|
||
|
574E000
|
stack
|
page read and write
|
||
|
3B9000
|
stack
|
page read and write
|
||
|
2580000
|
heap
|
page execute and read and write
|
||
|
C3A000
|
trusted library allocation
|
page execute and read and write
|
||
|
479C000
|
stack
|
page read and write
|
||
|
5063000
|
heap
|
page read and write
|
||
|
7AFE000
|
stack
|
page read and write
|
||
|
4BB0000
|
heap
|
page read and write
|
||
|
1800000
|
heap
|
page read and write
|
||
|
1499000
|
heap
|
page read and write
|
||
|
5FED000
|
stack
|
page read and write
|
||
|
17F0000
|
trusted library allocation
|
page read and write
|
||
|
8428000
|
heap
|
page read and write
|
||
|
1473000
|
trusted library allocation
|
page execute and read and write
|
||
|
B9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
2796000
|
trusted library allocation
|
page read and write
|
||
|
2A91000
|
trusted library allocation
|
page read and write
|
||
|
4BC0000
|
trusted library allocation
|
page read and write
|
||
|
2A0F000
|
stack
|
page read and write
|
||
|
6A00000
|
trusted library allocation
|
page execute and read and write
|
||
|
42B000
|
remote allocation
|
page execute and read and write
|
||
|
5510000
|
trusted library allocation
|
page read and write
|
||
|
AF9000
|
stack
|
page read and write
|
||
|
96A0000
|
trusted library section
|
page read and write
|
||
|
CE7000
|
heap
|
page read and write
|
||
|
284C000
|
stack
|
page read and write
|
||
|
5760000
|
heap
|
page execute and read and write
|
||
|
67F7000
|
trusted library allocation
|
page read and write
|
||
|
A03C000
|
stack
|
page read and write
|
||
|
56F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
AC8E000
|
stack
|
page read and write
|
||
|
5BAF000
|
stack
|
page read and write
|
||
|
1587000
|
trusted library allocation
|
page execute and read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
3037000
|
trusted library allocation
|
page read and write
|
||
|
9213000
|
heap
|
page read and write
|
||
|
5700000
|
heap
|
page execute and read and write
|
||
|
41F1000
|
trusted library allocation
|
page read and write
|
||
|
EC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
315F000
|
stack
|
page read and write
|
||
|
968C000
|
stack
|
page read and write
|
||
|
66F0000
|
trusted library allocation
|
page read and write
|
||
|
C20000
|
trusted library allocation
|
page read and write
|
||
|
11A0000
|
trusted library allocation
|
page read and write
|
||
|
3940000
|
trusted library allocation
|
page read and write
|
||
|
1496000
|
trusted library allocation
|
page execute and read and write
|
||
|
7ED000
|
heap
|
page read and write
|
||
|
316E000
|
trusted library allocation
|
page read and write
|
||
|
2E70000
|
heap
|
page read and write
|
||
|
4E30000
|
trusted library allocation
|
page read and write
|
||
|
670D000
|
stack
|
page read and write
|
||
|
E92000
|
trusted library allocation
|
page read and write
|
||
|
CD0000
|
trusted library allocation
|
page read and write
|
||
|
1180000
|
trusted library allocation
|
page read and write
|
||
|
5800000
|
trusted library allocation
|
page read and write
|
||
|
67ED000
|
stack
|
page read and write
|
||
|
516E000
|
stack
|
page read and write
|
||
|
823000
|
heap
|
page read and write
|
||
|
3160000
|
trusted library allocation
|
page read and write
|
||
|
2F10000
|
trusted library allocation
|
page execute and read and write
|
||
|
A74E000
|
trusted library allocation
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
AA4E000
|
stack
|
page read and write
|
||
|
7DA000
|
heap
|
page read and write
|
||
|
95E000
|
stack
|
page read and write
|
||
|
7C6E000
|
stack
|
page read and write
|
||
|
2F20000
|
trusted library allocation
|
page read and write
|
||
|
7630000
|
trusted library allocation
|
page execute and read and write
|
||
|
419000
|
remote allocation
|
page execute and read and write
|
||
|
147D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F6000
|
stack
|
page read and write
|
||
|
157A000
|
trusted library allocation
|
page execute and read and write
|
||
|
50EC000
|
stack
|
page read and write
|
||
|
27A6000
|
trusted library allocation
|
page read and write
|
||
|
AD90000
|
heap
|
page read and write
|
||
|
12E5000
|
heap
|
page read and write
|
||
|
4BB3000
|
heap
|
page read and write
|
||
|
12F9000
|
stack
|
page read and write
|
||
|
1440000
|
trusted library allocation
|
page read and write
|
||
|
4A18000
|
trusted library allocation
|
page read and write
|
||
|
7680000
|
trusted library allocation
|
page execute and read and write
|
||
|
4044000
|
trusted library allocation
|
page read and write
|
||
|
318D000
|
trusted library allocation
|
page read and write
|
||
|
7C2E000
|
stack
|
page read and write
|
||
|
4E00000
|
heap
|
page read and write
|
||
|
2B17000
|
trusted library allocation
|
page read and write
|
||
|
7D6E000
|
stack
|
page read and write
|
||
|
5995000
|
heap
|
page read and write
|
||
|
2860000
|
heap
|
page read and write
|
||
|
317E000
|
trusted library allocation
|
page read and write
|
||
|
33D1000
|
trusted library allocation
|
page read and write
|
||
|
6B0F000
|
stack
|
page read and write
|
||
|
C4B000
|
trusted library allocation
|
page execute and read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
188C000
|
stack
|
page read and write
|
||
|
269F000
|
stack
|
page read and write
|
||
|
1493000
|
heap
|
page read and write
|
||
|
2B1F000
|
trusted library allocation
|
page read and write
|
||
|
61B0000
|
heap
|
page read and write
|
||
|
5FAE000
|
stack
|
page read and write
|
||
|
D6D000
|
stack
|
page read and write
|
||
|
2ECE000
|
stack
|
page read and write
|
||
|
28A2000
|
trusted library allocation
|
page read and write
|
||
|
7DAE000
|
stack
|
page read and write
|
||
|
14A0000
|
trusted library allocation
|
page read and write
|
||
|
C10000
|
trusted library allocation
|
page read and write
|
||
|
4B60000
|
heap
|
page execute and read and write
|
||
|
280E000
|
stack
|
page read and write
|
||
|
16CF000
|
stack
|
page read and write
|
||
|
2F30000
|
trusted library allocation
|
page read and write
|
||
|
14F5000
|
heap
|
page read and write
|
||
|
18A0000
|
trusted library allocation
|
page read and write
|
||
|
33DB000
|
trusted library allocation
|
page read and write
|
||
|
68CC000
|
trusted library allocation
|
page read and write
|
||
|
64AE000
|
stack
|
page read and write
|
||
|
61AD000
|
stack
|
page read and write
|
||
|
5250000
|
trusted library allocation
|
page read and write
|
||
|
E95000
|
trusted library allocation
|
page execute and read and write
|
||
|
548C000
|
trusted library allocation
|
page read and write
|
||
|
2F8E000
|
unkown
|
page read and write
|
||
|
2B0F000
|
trusted library allocation
|
page read and write
|
||
|
764000
|
heap
|
page read and write
|
||
|
3A7B000
|
trusted library allocation
|
page read and write
|
||
|
97CC000
|
trusted library allocation
|
page read and write
|
||
|
4B2C000
|
trusted library allocation
|
page read and write
|
||
|
4B30000
|
trusted library allocation
|
page read and write
|
||
|
9720000
|
trusted library allocation
|
page read and write
|
||
|
5058000
|
trusted library allocation
|
page read and write
|
||
|
EB0000
|
trusted library allocation
|
page read and write
|
||
|
7F8F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2870000
|
trusted library allocation
|
page read and write
|
||
|
4EA5000
|
heap
|
page read and write
|
||
|
2F40000
|
heap
|
page execute and read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
E97000
|
trusted library allocation
|
page execute and read and write
|
||
|
14A2000
|
trusted library allocation
|
page read and write
|
||
|
6214000
|
heap
|
page read and write
|
||
|
279A000
|
trusted library allocation
|
page read and write
|
||
|
5500000
|
heap
|
page read and write
|
There are 635 hidden memdumps, click here to show them.