Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Doc via Dhl.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\tmp1E38.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JORnjCnA.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Doc via Dhl.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\JORnjCnA.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2bitxifn.g3e.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ecb2ofno.zpd.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f5z0lehx.opo.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g4ogpiim.rlh.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jzqeco5c.vap.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kge4iziw.0nt.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uc5fwhmb.prb.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_v4etozyz.noo.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp2DD8.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\JORnjCnA.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Doc via Dhl.exe
|
"C:\Users\user\Desktop\Doc via Dhl.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Doc via
Dhl.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\JORnjCnA.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\JORnjCnA" /XML "C:\Users\user\AppData\Local\Temp\tmp1E38.tmp"
|
|
|
|
C:\Users\user\Desktop\Doc via Dhl.exe
|
"C:\Users\user\Desktop\Doc via Dhl.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\JORnjCnA.exe
|
C:\Users\user\AppData\Roaming\JORnjCnA.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\JORnjCnA" /XML "C:\Users\user\AppData\Local\Temp\tmp2DD8.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\JORnjCnA.exe
|
"C:\Users\user\AppData\Roaming\JORnjCnA.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\JORnjCnA.exe
|
"C:\Users\user\AppData\Roaming\JORnjCnA.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://ip-api.com/line/?fields=hostingAR9#
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://tempuri.org/DataSet1.xsd)Microsoft
|
unknown
|
||
|
http://us2.smtp.mailhostbox.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
||
|
http://ip-api.com
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
us2.smtp.mailhostbox.com
|
208.91.199.223
|
||
|
ip-api.com
|
208.95.112.1
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
208.91.198.143
|
unknown
|
United States
|
||
|
208.95.112.1
|
ip-api.com
|
United States
|
||
|
208.91.199.225
|
unknown
|
United States
|
||
|
208.91.199.223
|
us2.smtp.mailhostbox.com
|
United States
|
||
|
208.91.199.224
|
unknown
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Doc via Dhl_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Doc via Dhl_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Doc via Dhl_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Doc via Dhl_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Doc via Dhl_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Doc via Dhl_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Doc via Dhl_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Doc via Dhl_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Doc via Dhl_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Doc via Dhl_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Doc via Dhl_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Doc via Dhl_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Doc via Dhl_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Doc via Dhl_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JORnjCnA_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JORnjCnA_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JORnjCnA_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JORnjCnA_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JORnjCnA_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JORnjCnA_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JORnjCnA_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JORnjCnA_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JORnjCnA_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JORnjCnA_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JORnjCnA_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JORnjCnA_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JORnjCnA_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\JORnjCnA_RASMANCS
|
FileDirectory
|
There are 19 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3378000
|
trusted library allocation
|
page read and write
|
|
|
|
3391000
|
trusted library allocation
|
page read and write
|
|
|
|
33B7000
|
trusted library allocation
|
page read and write
|
|
|
|
3353000
|
trusted library allocation
|
page read and write
|
|
|
|
37D8000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
4AA9000
|
trusted library allocation
|
page read and write
|
|
|
|
17B0000
|
trusted library allocation
|
page read and write
|
||
|
5CCE000
|
stack
|
page read and write
|
||
|
6D9E000
|
stack
|
page read and write
|
||
|
162D000
|
heap
|
page read and write
|
||
|
2FBD000
|
stack
|
page read and write
|
||
|
5781000
|
trusted library allocation
|
page read and write
|
||
|
1578000
|
heap
|
page read and write
|
||
|
4CEB000
|
trusted library allocation
|
page read and write
|
||
|
C20000
|
heap
|
page execute and read and write
|
||
|
4C1B000
|
trusted library allocation
|
page read and write
|
||
|
3731000
|
trusted library allocation
|
page read and write
|
||
|
1783000
|
trusted library allocation
|
page execute and read and write
|
||
|
57A6000
|
trusted library allocation
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
78B0000
|
trusted library allocation
|
page read and write
|
||
|
88FD000
|
stack
|
page read and write
|
||
|
6B60000
|
heap
|
page read and write
|
||
|
6DF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A20000
|
trusted library allocation
|
page read and write
|
||
|
120F000
|
stack
|
page read and write
|
||
|
459A000
|
trusted library allocation
|
page read and write
|
||
|
83E3000
|
trusted library allocation
|
page read and write
|
||
|
2A13000
|
trusted library allocation
|
page read and write
|
||
|
3080000
|
trusted library allocation
|
page read and write
|
||
|
35AF000
|
stack
|
page read and write
|
||
|
52A0000
|
trusted library section
|
page read and write
|
||
|
537F000
|
stack
|
page read and write
|
||
|
50C6000
|
trusted library allocation
|
page read and write
|
||
|
B33000
|
heap
|
page read and write
|
||
|
5B48000
|
heap
|
page read and write
|
||
|
15A0000
|
trusted library allocation
|
page read and write
|
||
|
6CBE000
|
stack
|
page read and write
|
||
|
8320000
|
heap
|
page read and write
|
||
|
10C0000
|
trusted library allocation
|
page read and write
|
||
|
4C3D000
|
trusted library allocation
|
page read and write
|
||
|
3C29000
|
trusted library allocation
|
page read and write
|
||
|
5160000
|
trusted library allocation
|
page read and write
|
||
|
50E0000
|
trusted library allocation
|
page read and write
|
||
|
16B0000
|
trusted library allocation
|
page read and write
|
||
|
E4E000
|
stack
|
page read and write
|
||
|
17A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
717E000
|
stack
|
page read and write
|
||
|
50E5000
|
trusted library allocation
|
page read and write
|
||
|
6C9E000
|
stack
|
page read and write
|
||
|
81C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
A33000
|
trusted library allocation
|
page read and write
|
||
|
3210000
|
heap
|
page read and write
|
||
|
5800000
|
heap
|
page read and write
|
||
|
59FE000
|
stack
|
page read and write
|
||
|
6DED000
|
trusted library allocation
|
page read and write
|
||
|
52C0000
|
heap
|
page execute and read and write
|
||
|
16A5000
|
heap
|
page read and write
|
||
|
577E000
|
trusted library allocation
|
page read and write
|
||
|
3223000
|
heap
|
page read and write
|
||
|
31E0000
|
trusted library allocation
|
page read and write
|
||
|
308B000
|
trusted library allocation
|
page execute and read and write
|
||
|
5772000
|
trusted library allocation
|
page read and write
|
||
|
48CC000
|
stack
|
page read and write
|
||
|
356E000
|
stack
|
page read and write
|
||
|
5170000
|
trusted library allocation
|
page execute and read and write
|
||
|
3320000
|
heap
|
page read and write
|
||
|
31F0000
|
trusted library allocation
|
page read and write
|
||
|
31F4000
|
trusted library allocation
|
page read and write
|
||
|
8B4E000
|
stack
|
page read and write
|
||
|
178D000
|
trusted library allocation
|
page execute and read and write
|
||
|
8900000
|
heap
|
page read and write
|
||
|
1770000
|
trusted library allocation
|
page read and write
|
||
|
B73000
|
heap
|
page read and write
|
||
|
5B09000
|
heap
|
page read and write
|
||
|
42F1000
|
trusted library allocation
|
page read and write
|
||
|
64FE000
|
stack
|
page read and write
|
||
|
68FE000
|
stack
|
page read and write
|
||
|
C1C000
|
stack
|
page read and write
|
||
|
8640000
|
trusted library allocation
|
page execute and read and write
|
||
|
50AB000
|
trusted library allocation
|
page read and write
|
||
|
C4DB000
|
stack
|
page read and write
|
||
|
3270000
|
heap
|
page read and write
|
||
|
10ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
181E000
|
stack
|
page read and write
|
||
|
3361000
|
trusted library allocation
|
page read and write
|
||
|
578D000
|
trusted library allocation
|
page read and write
|
||
|
13E5000
|
heap
|
page read and write
|
||
|
29D0000
|
trusted library allocation
|
page read and write
|
||
|
2C10000
|
heap
|
page execute and read and write
|
||
|
4ED0000
|
trusted library allocation
|
page read and write
|
||
|
6610000
|
heap
|
page read and write
|
||
|
1678000
|
heap
|
page read and write
|
||
|
2A1E000
|
stack
|
page read and write
|
||
|
8BE000
|
stack
|
page read and write
|
||
|
1830000
|
heap
|
page read and write
|
||
|
44D9000
|
trusted library allocation
|
page read and write
|
||
|
1490000
|
heap
|
page read and write
|
||
|
74B0000
|
heap
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
2AC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
57BA000
|
trusted library allocation
|
page read and write
|
||
|
5766000
|
trusted library allocation
|
page read and write
|
||
|
2731000
|
trusted library allocation
|
page read and write
|
||
|
17B5000
|
trusted library allocation
|
page execute and read and write
|
||
|
6A5E000
|
stack
|
page read and write
|
||
|
40AA000
|
trusted library allocation
|
page read and write
|
||
|
3321000
|
trusted library allocation
|
page read and write
|
||
|
4C65000
|
trusted library allocation
|
page read and write
|
||
|
4685000
|
trusted library allocation
|
page read and write
|
||
|
A24000
|
trusted library allocation
|
page read and write
|
||
|
5280000
|
heap
|
page read and write
|
||
|
57C6000
|
trusted library allocation
|
page read and write
|
||
|
1239000
|
stack
|
page read and write
|
||
|
6CD0000
|
heap
|
page read and write
|
||
|
C460000
|
heap
|
page read and write
|
||
|
3180000
|
heap
|
page read and write
|
||
|
3200000
|
trusted library allocation
|
page read and write
|
||
|
591C000
|
stack
|
page read and write
|
||
|
2761000
|
trusted library allocation
|
page read and write
|
||
|
7E0000
|
unkown
|
page readonly
|
||
|
577A000
|
trusted library allocation
|
page read and write
|
||
|
8650000
|
trusted library allocation
|
page read and write
|
||
|
179D000
|
trusted library allocation
|
page execute and read and write
|
||
|
72BE000
|
stack
|
page read and write
|
||
|
A52000
|
trusted library allocation
|
page read and write
|
||
|
5223000
|
heap
|
page read and write
|
||
|
A4A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C0F000
|
trusted library allocation
|
page read and write
|
||
|
2ABE000
|
stack
|
page read and write
|
||
|
5450000
|
trusted library section
|
page read and write
|
||
|
1075000
|
heap
|
page read and write
|
||
|
1837000
|
heap
|
page read and write
|
||
|
4361000
|
trusted library allocation
|
page read and write
|
||
|
3610000
|
heap
|
page read and write
|
||
|
1100000
|
heap
|
page read and write
|
||
|
17AA000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C5A000
|
trusted library allocation
|
page read and write
|
||
|
3054000
|
trusted library allocation
|
page read and write
|
||
|
1700000
|
trusted library allocation
|
page read and write
|
||
|
30EE000
|
stack
|
page read and write
|
||
|
10E0000
|
trusted library allocation
|
page read and write
|
||
|
10D4000
|
trusted library allocation
|
page read and write
|
||
|
31EC000
|
stack
|
page read and write
|
||
|
5A7C000
|
stack
|
page read and write
|
||
|
4C10000
|
trusted library allocation
|
page read and write
|
||
|
2EEB000
|
heap
|
page read and write
|
||
|
645E000
|
stack
|
page read and write
|
||
|
6DA0000
|
heap
|
page read and write
|
||
|
16F0000
|
heap
|
page read and write
|
||
|
3190000
|
trusted library allocation
|
page execute and read and write
|
||
|
AE2000
|
heap
|
page read and write
|
||
|
3799000
|
trusted library allocation
|
page read and write
|
||
|
1550000
|
heap
|
page read and write
|
||
|
5760000
|
trusted library allocation
|
page read and write
|
||
|
5CFE000
|
stack
|
page read and write
|
||
|
5B7C000
|
stack
|
page read and write
|
||
|
5B1B000
|
heap
|
page read and write
|
||
|
2AE0000
|
heap
|
page read and write
|
||
|
4DD3000
|
heap
|
page read and write
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
6DB7000
|
trusted library allocation
|
page read and write
|
||
|
3376000
|
trusted library allocation
|
page read and write
|
||
|
6018000
|
heap
|
page read and write
|
||
|
10F0000
|
trusted library allocation
|
page read and write
|
||
|
57A4000
|
trusted library allocation
|
page read and write
|
||
|
8FD000
|
stack
|
page read and write
|
||
|
6D04000
|
heap
|
page read and write
|
||
|
595E000
|
stack
|
page read and write
|
||
|
30A0000
|
trusted library allocation
|
page read and write
|
||
|
29B2000
|
trusted library allocation
|
page read and write
|
||
|
31D0000
|
heap
|
page read and write
|
||
|
30E8000
|
trusted library allocation
|
page read and write
|
||
|
15B8000
|
heap
|
page read and write
|
||
|
3085000
|
trusted library allocation
|
page execute and read and write
|
||
|
4388000
|
trusted library allocation
|
page read and write
|
||
|
617E000
|
stack
|
page read and write
|
||
|
3060000
|
trusted library allocation
|
page read and write
|
||
|
A90000
|
trusted library allocation
|
page execute and read and write
|
||
|
6A3E000
|
stack
|
page read and write
|
||
|
6A7E000
|
stack
|
page read and write
|
||
|
A20000
|
trusted library allocation
|
page read and write
|
||
|
842E000
|
stack
|
page read and write
|
||
|
50C1000
|
trusted library allocation
|
page read and write
|
||
|
4C90000
|
trusted library allocation
|
page read and write
|
||
|
2C00000
|
trusted library allocation
|
page read and write
|
||
|
2D00000
|
trusted library allocation
|
page read and write
|
||
|
655E000
|
stack
|
page read and write
|
||
|
7FD00000
|
trusted library allocation
|
page execute and read and write
|
||
|
9790000
|
trusted library allocation
|
page read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
E6E000
|
stack
|
page read and write
|
||
|
5162000
|
trusted library allocation
|
page read and write
|
||
|
9798000
|
trusted library allocation
|
page read and write
|
||
|
81D0000
|
trusted library allocation
|
page read and write
|
||
|
4C50000
|
trusted library allocation
|
page read and write
|
||
|
57E0000
|
heap
|
page execute and read and write
|
||
|
5DFE000
|
stack
|
page read and write
|
||
|
6E40000
|
heap
|
page read and write
|
||
|
523E000
|
stack
|
page read and write
|
||
|
125A000
|
stack
|
page read and write
|
||
|
6DE0000
|
trusted library allocation
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
E70000
|
trusted library allocation
|
page read and write
|
||
|
335F000
|
stack
|
page read and write
|
||
|
5B2D000
|
heap
|
page read and write
|
||
|
10DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
3327000
|
heap
|
page read and write
|
||
|
6B7D000
|
heap
|
page read and write
|
||
|
C720000
|
trusted library allocation
|
page read and write
|
||
|
77AE000
|
stack
|
page read and write
|
||
|
73BE000
|
stack
|
page read and write
|
||
|
10F2000
|
trusted library allocation
|
page read and write
|
||
|
5CB1000
|
trusted library allocation
|
page read and write
|
||
|
1760000
|
heap
|
page read and write
|
||
|
10D0000
|
trusted library allocation
|
page read and write
|
||
|
AAE000
|
heap
|
page read and write
|
||
|
5D0E000
|
stack
|
page read and write
|
||
|
4C2E000
|
trusted library allocation
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
3779000
|
trusted library allocation
|
page read and write
|
||
|
10E3000
|
trusted library allocation
|
page read and write
|
||
|
2CE0000
|
heap
|
page read and write
|
||
|
5FD0000
|
heap
|
page read and write
|
||
|
13B0000
|
heap
|
page read and write
|
||
|
A2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
67FD000
|
stack
|
page read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
4885000
|
trusted library allocation
|
page read and write
|
||
|
6DCD000
|
trusted library allocation
|
page read and write
|
||
|
331E000
|
stack
|
page read and write
|
||
|
5260000
|
trusted library allocation
|
page read and write
|
||
|
6DE0000
|
trusted library allocation
|
page read and write
|
||
|
3070000
|
trusted library allocation
|
page read and write
|
||
|
3260000
|
heap
|
page read and write
|
||
|
14E5000
|
heap
|
page read and write
|
||
|
3C21000
|
trusted library allocation
|
page read and write
|
||
|
337E000
|
trusted library allocation
|
page read and write
|
||
|
16A2000
|
heap
|
page read and write
|
||
|
4C5F000
|
trusted library allocation
|
page read and write
|
||
|
3C89000
|
trusted library allocation
|
page read and write
|
||
|
476D000
|
stack
|
page read and write
|
||
|
762C000
|
stack
|
page read and write
|
||
|
6DB0000
|
trusted library allocation
|
page read and write
|
||
|
55FE000
|
stack
|
page read and write
|
||
|
1690000
|
heap
|
page read and write
|
||
|
A23000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C14000
|
trusted library allocation
|
page read and write
|
||
|
57F3000
|
heap
|
page read and write
|
||
|
57D1000
|
trusted library allocation
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
29B7000
|
trusted library allocation
|
page execute and read and write
|
||
|
15F1000
|
heap
|
page read and write
|
||
|
33B5000
|
trusted library allocation
|
page read and write
|
||
|
16A0000
|
trusted library allocation
|
page read and write
|
||
|
5E8E000
|
stack
|
page read and write
|
||
|
513E000
|
stack
|
page read and write
|
||
|
C50000
|
trusted library allocation
|
page read and write
|
||
|
6B7F000
|
stack
|
page read and write
|
||
|
A40000
|
trusted library allocation
|
page read and write
|
||
|
27B2000
|
trusted library allocation
|
page read and write
|
||
|
A10000
|
trusted library allocation
|
page read and write
|
||
|
352F000
|
unkown
|
page read and write
|
||
|
C71E000
|
stack
|
page read and write
|
||
|
7F580000
|
trusted library allocation
|
page execute and read and write
|
||
|
B52000
|
heap
|
page read and write
|
||
|
57CD000
|
trusted library allocation
|
page read and write
|
||
|
57A0000
|
trusted library allocation
|
page read and write
|
||
|
5FFE000
|
heap
|
page read and write
|
||
|
8B70000
|
trusted library section
|
page read and write
|
||
|
2A29000
|
trusted library allocation
|
page read and write
|
||
|
43E000
|
remote allocation
|
page execute and read and write
|
||
|
50A4000
|
trusted library allocation
|
page read and write
|
||
|
1820000
|
trusted library allocation
|
page execute and read and write
|
||
|
693D000
|
stack
|
page read and write
|
||
|
17B7000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BEE000
|
stack
|
page read and write
|
||
|
A57000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F7F000
|
stack
|
page read and write
|
||
|
5B00000
|
heap
|
page read and write
|
||
|
6BAE000
|
heap
|
page read and write
|
||
|
4C70000
|
trusted library allocation
|
page read and write
|
||
|
33BD000
|
trusted library allocation
|
page read and write
|
||
|
1784000
|
trusted library allocation
|
page read and write
|
||
|
17A0000
|
trusted library allocation
|
page read and write
|
||
|
50D2000
|
trusted library allocation
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
4770000
|
trusted library allocation
|
page execute and read and write
|
||
|
4321000
|
trusted library allocation
|
page read and write
|
||
|
306D000
|
trusted library allocation
|
page execute and read and write
|
||
|
57BE000
|
trusted library allocation
|
page read and write
|
||
|
4F5E000
|
stack
|
page read and write
|
||
|
2C21000
|
trusted library allocation
|
page read and write
|
||
|
AD4000
|
heap
|
page read and write
|
||
|
4C31000
|
trusted library allocation
|
page read and write
|
||
|
5DA0000
|
trusted library allocation
|
page read and write
|
||
|
5F7000
|
stack
|
page read and write
|
||
|
1582000
|
heap
|
page read and write
|
||
|
1530000
|
heap
|
page read and write
|
||
|
4D5C000
|
stack
|
page read and write
|
||
|
822B000
|
stack
|
page read and write
|
||
|
573E000
|
stack
|
page read and write
|
||
|
97A000
|
stack
|
page read and write
|
||
|
6DF0000
|
trusted library allocation
|
page read and write
|
||
|
32A0000
|
heap
|
page read and write
|
||
|
AAA000
|
heap
|
page read and write
|
||
|
1497000
|
heap
|
page read and write
|
||
|
6E15000
|
trusted library allocation
|
page read and write
|
||
|
541E000
|
stack
|
page read and write
|
||
|
1650000
|
trusted library allocation
|
page read and write
|
||
|
A30000
|
trusted library allocation
|
page read and write
|
||
|
5250000
|
trusted library allocation
|
page read and write
|
||
|
50CD000
|
trusted library allocation
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
1780000
|
trusted library allocation
|
page read and write
|
||
|
3072000
|
trusted library allocation
|
page read and write
|
||
|
17BB000
|
trusted library allocation
|
page execute and read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
1648000
|
heap
|
page read and write
|
||
|
5230000
|
trusted library allocation
|
page read and write
|
||
|
17A2000
|
trusted library allocation
|
page read and write
|
||
|
1558000
|
heap
|
page read and write
|
||
|
6D02000
|
heap
|
page read and write
|
||
|
5270000
|
trusted library allocation
|
page execute and read and write
|
||
|
63FE000
|
stack
|
page read and write
|
||
|
5980000
|
heap
|
page execute and read and write
|
||
|
57A6000
|
trusted library allocation
|
page read and write
|
||
|
10D3000
|
trusted library allocation
|
page execute and read and write
|
||
|
691E000
|
stack
|
page read and write
|
||
|
57AB000
|
trusted library allocation
|
page read and write
|
||
|
31A0000
|
heap
|
page execute and read and write
|
||
|
67DE000
|
stack
|
page read and write
|
||
|
C35E000
|
stack
|
page read and write
|
||
|
4ED6000
|
trusted library allocation
|
page read and write
|
||
|
5CCE000
|
stack
|
page read and write
|
||
|
3082000
|
trusted library allocation
|
page read and write
|
||
|
31F0000
|
trusted library allocation
|
page read and write
|
||
|
FE4000
|
heap
|
page read and write
|
||
|
3076000
|
trusted library allocation
|
page execute and read and write
|
||
|
3220000
|
heap
|
page read and write
|
||
|
4DD0000
|
heap
|
page read and write
|
||
|
8AFE000
|
stack
|
page read and write
|
||
|
15E7000
|
heap
|
page read and write
|
||
|
2BF0000
|
trusted library allocation
|
page read and write
|
||
|
6DD0000
|
trusted library allocation
|
page read and write
|
||
|
1750000
|
heap
|
page read and write
|
||
|
6B5E000
|
stack
|
page read and write
|
||
|
703D000
|
stack
|
page read and write
|
||
|
FEF000
|
heap
|
page read and write
|
||
|
2FFA000
|
stack
|
page read and write
|
||
|
6BBE000
|
stack
|
page read and write
|
||
|
50BE000
|
trusted library allocation
|
page read and write
|
||
|
4DA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1570000
|
heap
|
page read and write
|
||
|
6E00000
|
trusted library allocation
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
5D0E000
|
stack
|
page read and write
|
||
|
3250000
|
heap
|
page execute and read and write
|
||
|
301F000
|
stack
|
page read and write
|
||
|
17D0000
|
trusted library allocation
|
page read and write
|
||
|
10F6000
|
trusted library allocation
|
page execute and read and write
|
||
|
4349000
|
trusted library allocation
|
page read and write
|
||
|
5786000
|
trusted library allocation
|
page read and write
|
||
|
6DC0000
|
trusted library allocation
|
page read and write
|
||
|
87F0000
|
heap
|
page read and write
|
||
|
15E5000
|
heap
|
page read and write
|
||
|
2E5F000
|
unkown
|
page read and write
|
||
|
14C0000
|
heap
|
page read and write
|
||
|
1585000
|
heap
|
page read and write
|
||
|
102A000
|
heap
|
page read and write
|
||
|
4DB0000
|
trusted library allocation
|
page read and write
|
||
|
457B000
|
trusted library allocation
|
page read and write
|
||
|
E0E000
|
stack
|
page read and write
|
||
|
14A0000
|
heap
|
page read and write
|
||
|
A70000
|
trusted library allocation
|
page read and write
|
||
|
2805000
|
trusted library allocation
|
page read and write
|
||
|
1359000
|
stack
|
page read and write
|
||
|
6DC0000
|
heap
|
page read and write
|
||
|
57F0000
|
heap
|
page read and write
|
||
|
4C5B000
|
stack
|
page read and write
|
||
|
2C9A000
|
stack
|
page read and write
|
||
|
6014000
|
heap
|
page read and write
|
||
|
57B0000
|
trusted library allocation
|
page read and write
|
||
|
6DD7000
|
trusted library allocation
|
page read and write
|
||
|
CF7000
|
stack
|
page read and write
|
||
|
576B000
|
trusted library allocation
|
page read and write
|
||
|
6DD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
A3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4437000
|
trusted library allocation
|
page read and write
|
||
|
FBE000
|
heap
|
page read and write
|
||
|
FF1000
|
heap
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
A5B000
|
trusted library allocation
|
page execute and read and write
|
||
|
15BE000
|
heap
|
page read and write
|
||
|
2E1E000
|
unkown
|
page read and write
|
||
|
32ED000
|
unkown
|
page read and write
|
||
|
57AE000
|
trusted library allocation
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
2C5D000
|
stack
|
page read and write
|
||
|
5150000
|
heap
|
page read and write
|
||
|
627E000
|
stack
|
page read and write
|
||
|
1537000
|
heap
|
page read and write
|
||
|
E55000
|
heap
|
page read and write
|
||
|
87AE000
|
stack
|
page read and write
|
||
|
527E000
|
stack
|
page read and write
|
||
|
15E9000
|
heap
|
page read and write
|
||
|
68DE000
|
stack
|
page read and write
|
||
|
5ECE000
|
stack
|
page read and write
|
||
|
776F000
|
stack
|
page read and write
|
||
|
57C1000
|
trusted library allocation
|
page read and write
|
||
|
3053000
|
trusted library allocation
|
page execute and read and write
|
||
|
D6F000
|
stack
|
page read and write
|
||
|
2A6D000
|
stack
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
53FE000
|
stack
|
page read and write
|
||
|
31D0000
|
trusted library allocation
|
page read and write
|
||
|
14B7000
|
heap
|
page read and write
|
||
|
766E000
|
stack
|
page read and write
|
||
|
4F1E000
|
stack
|
page read and write
|
||
|
43C7000
|
trusted library allocation
|
page read and write
|
||
|
5970000
|
trusted library allocation
|
page read and write
|
||
|
5D4E000
|
stack
|
page read and write
|
||
|
935000
|
heap
|
page read and write
|
||
|
14E0000
|
heap
|
page read and write
|
||
|
6D0C000
|
heap
|
page read and write
|
||
|
545D000
|
stack
|
page read and write
|
||
|
5FCE000
|
stack
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
1339000
|
stack
|
page read and write
|
||
|
307A000
|
trusted library allocation
|
page execute and read and write
|
||
|
A46000
|
trusted library allocation
|
page execute and read and write
|
||
|
15FF000
|
heap
|
page read and write
|
||
|
6F9F000
|
stack
|
page read and write
|
||
|
34CE000
|
trusted library allocation
|
page read and write
|
||
|
305D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AD0000
|
trusted library allocation
|
page read and write
|
||
|
4C42000
|
trusted library allocation
|
page read and write
|
||
|
7E2000
|
unkown
|
page readonly
|
||
|
86AC000
|
stack
|
page read and write
|
||
|
F5E000
|
stack
|
page read and write
|
||
|
6E5D000
|
stack
|
page read and write
|
||
|
1390000
|
heap
|
page read and write
|
||
|
57C0000
|
trusted library section
|
page read and write
|
||
|
516B000
|
trusted library allocation
|
page read and write
|
||
|
10FA000
|
trusted library allocation
|
page execute and read and write
|
||
|
1790000
|
trusted library allocation
|
page read and write
|
||
|
4243000
|
trusted library allocation
|
page read and write
|
||
|
29BB000
|
trusted library allocation
|
page execute and read and write
|
||
|
16C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
272E000
|
stack
|
page read and write
|
||
|
6E10000
|
trusted library allocation
|
page read and write
|
||
|
2E78000
|
trusted library allocation
|
page read and write
|
||
|
30F8000
|
trusted library allocation
|
page read and write
|
||
|
4CE0000
|
trusted library allocation
|
page read and write
|
||
|
7F8F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
14B0000
|
heap
|
page read and write
|
||
|
E89000
|
heap
|
page read and write
|
||
|
275D000
|
trusted library allocation
|
page read and write
|
||
|
6BBB000
|
heap
|
page read and write
|
||
|
C21E000
|
stack
|
page read and write
|
||
|
1660000
|
trusted library allocation
|
page execute and read and write
|
||
|
29B0000
|
trusted library allocation
|
page read and write
|
||
|
E76000
|
trusted library allocation
|
page read and write
|
||
|
2ECE000
|
stack
|
page read and write
|
||
|
8E2000
|
unkown
|
page readonly
|
||
|
1109000
|
heap
|
page read and write
|
||
|
BDE000
|
stack
|
page read and write
|
||
|
5BCC000
|
stack
|
page read and write
|
||
|
78AE000
|
stack
|
page read and write
|
||
|
5BCE000
|
stack
|
page read and write
|
||
|
6D16000
|
heap
|
page read and write
|
||
|
5CB4000
|
trusted library allocation
|
page read and write
|
||
|
57A0000
|
trusted library allocation
|
page read and write
|
||
|
4C36000
|
trusted library allocation
|
page read and write
|
||
|
6E60000
|
heap
|
page read and write
|
||
|
4C60000
|
trusted library allocation
|
page read and write
|
||
|
7F410000
|
trusted library allocation
|
page execute and read and write
|
||
|
4CD0000
|
heap
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
543E000
|
stack
|
page read and write
|
||
|
4FA000
|
stack
|
page read and write
|
||
|
727E000
|
stack
|
page read and write
|
||
|
57B2000
|
trusted library allocation
|
page read and write
|
||
|
4389000
|
trusted library allocation
|
page read and write
|
||
|
6E3D000
|
stack
|
page read and write
|
||
|
4F90000
|
heap
|
page read and write
|
||
|
4CF0000
|
heap
|
page execute and read and write
|
||
|
B38000
|
heap
|
page read and write
|
||
|
4F70000
|
trusted library allocation
|
page execute and read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
5D4D000
|
stack
|
page read and write
|
||
|
4395000
|
trusted library allocation
|
page read and write
|
||
|
E74000
|
trusted library allocation
|
page read and write
|
||
|
752C000
|
stack
|
page read and write
|
||
|
6CC0000
|
heap
|
page read and write
|
||
|
57E0000
|
heap
|
page read and write
|
||
|
5220000
|
heap
|
page read and write
|
||
|
5110000
|
trusted library allocation
|
page read and write
|
||
|
3739000
|
trusted library allocation
|
page read and write
|
||
|
3087000
|
trusted library allocation
|
page execute and read and write
|
||
|
C25E000
|
stack
|
page read and write
|
||
|
C61D000
|
stack
|
page read and write
|
||
|
5AFE000
|
stack
|
page read and write
|
||
|
4F60000
|
trusted library allocation
|
page read and write
|
||
|
3050000
|
trusted library allocation
|
page read and write
|
||
|
C5DC000
|
stack
|
page read and write
|
||
|
ABF000
|
heap
|
page read and write
|
||
|
7F63000
|
trusted library allocation
|
page read and write
|
||
|
6DF5000
|
trusted library allocation
|
page read and write
|
||
|
56FE000
|
stack
|
page read and write
|
||
|
7040000
|
heap
|
page read and write
|
||
|
2A70000
|
trusted library allocation
|
page execute and read and write
|
||
|
50F0000
|
trusted library allocation
|
page read and write
|
||
|
50A0000
|
trusted library allocation
|
page read and write
|
||
|
3200000
|
trusted library allocation
|
page read and write
|
||
|
17B2000
|
trusted library allocation
|
page read and write
|
||
|
6A1E000
|
stack
|
page read and write
|
||
|
5FE3000
|
heap
|
page read and write
|
||
|
FCF000
|
heap
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
576E000
|
trusted library allocation
|
page read and write
|
||
|
4CE2000
|
trusted library allocation
|
page read and write
|
||
|
15B0000
|
heap
|
page read and write
|
||
|
4195000
|
trusted library allocation
|
page read and write
|
||
|
A42000
|
trusted library allocation
|
page read and write
|
||
|
31CC000
|
stack
|
page read and write
|
||
|
C60000
|
heap
|
page read and write
|
There are 518 hidden memdumps, click here to show them.