Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
eO2bqORIJb.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.chk
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage user DataBase, version 0x620, checksum 0xc0a6814c, page size 16384, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\eO2bqORIJb.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b5y3gq2g.tpg.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fsl2fyhg.eij.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_huoa0ccf.3v3.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wovh3g2l.w0y.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\eO2bqORIJb.exe
|
"C:\Users\user\Desktop\eO2bqORIJb.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"Powershell.exe" ??????????-??????????E??????????x??????????e??????????c??????????u??????????t??????????i??????????o??????????n??????????P??????????o??????????l??????????i??????????c??????????y??????????
??????????B??????????y??????????p??????????a??????????s??????????s?????????? ??????????-??????????c??????????o??????????m??????????m??????????a??????????n??????????d
?????????C?????????o?????????p?????????y?????????-?????????I?????????t?????????e?????????m 'C:\Users\user\Desktop\eO2bqORIJb.exe'
'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\command-line.exe'
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
https://api.ipify.org/
|
104.26.12.205
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://aka.ms/winsvr-2022-pshelp
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://api.ipif8
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV21C:
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://api.ipify.org/p
|
unknown
|
||
|
http://www.microsoft.
|
unknown
|
||
|
https://api.ipify.org/t
|
unknown
|
||
|
https://github.com/sam210723/goesrecv-monitor/releases/latest
|
unknown
|
||
|
http://go.micros
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://api.ipify.org
|
unknown
|
||
|
https://api.ipify.org
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod1C:
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://vksdr.com/goesrecv-monitor
|
unknown
|
||
|
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://ip-api.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://api.ipify.org/Th
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
There are 20 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
api.ipify.org
|
104.26.12.205
|
||
|
ip-api.com
|
208.95.112.1
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
208.95.112.1
|
ip-api.com
|
United States
|
||
|
104.26.12.205
|
api.ipify.org
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
There are 6 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
3929000
|
trusted library allocation
|
page read and write
|
|
|
|
6282000
|
trusted library allocation
|
page read and write
|
||
|
1E3919D0000
|
trusted library allocation
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
1E3918A0000
|
trusted library allocation
|
page read and write
|
||
|
35561FB000
|
stack
|
page read and write
|
||
|
1E38C4A1000
|
heap
|
page read and write
|
||
|
1E391960000
|
trusted library allocation
|
page read and write
|
||
|
25E6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7575000
|
heap
|
page execute and read and write
|
||
|
7B10000
|
trusted library allocation
|
page read and write
|
||
|
6620000
|
trusted library allocation
|
page read and write
|
||
|
1E38C46C000
|
heap
|
page read and write
|
||
|
7EC0000
|
trusted library allocation
|
page read and write
|
||
|
7CA0000
|
trusted library allocation
|
page read and write
|
||
|
1E38C48D000
|
heap
|
page read and write
|
||
|
1E38C4FF000
|
heap
|
page read and write
|
||
|
1E391B02000
|
heap
|
page read and write
|
||
|
29AE000
|
stack
|
page read and write
|
||
|
DCB000
|
trusted library allocation
|
page execute and read and write
|
||
|
B3B000
|
heap
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
DA0000
|
trusted library allocation
|
page read and write
|
||
|
1E3918C0000
|
trusted library allocation
|
page read and write
|
||
|
2800000
|
trusted library allocation
|
page read and write
|
||
|
1E391970000
|
trusted library allocation
|
page read and write
|
||
|
25DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E391B00000
|
heap
|
page read and write
|
||
|
25D3000
|
trusted library allocation
|
page read and write
|
||
|
2A3C000
|
trusted library allocation
|
page read and write
|
||
|
3652000
|
trusted library allocation
|
page read and write
|
||
|
35579FE000
|
unkown
|
page readonly
|
||
|
648E000
|
stack
|
page read and write
|
||
|
4D90000
|
trusted library allocation
|
page read and write
|
||
|
2921000
|
trusted library allocation
|
page read and write
|
||
|
D93000
|
trusted library allocation
|
page execute and read and write
|
||
|
D90000
|
trusted library allocation
|
page read and write
|
||
|
362D000
|
trusted library allocation
|
page execute and read and write
|
||
|
AA2000
|
heap
|
page read and write
|
||
|
1E3918DE000
|
trusted library allocation
|
page read and write
|
||
|
5220000
|
heap
|
page read and write
|
||
|
751D000
|
stack
|
page read and write
|
||
|
341E000
|
stack
|
page read and write
|
||
|
3300000
|
heap
|
page read and write
|
||
|
7EA0000
|
trusted library allocation
|
page read and write
|
||
|
8A40000
|
trusted library allocation
|
page read and write
|
||
|
25C0000
|
trusted library allocation
|
page read and write
|
||
|
2A8A000
|
trusted library allocation
|
page read and write
|
||
|
E10000
|
trusted library allocation
|
page read and write
|
||
|
1E391B0B000
|
heap
|
page read and write
|
||
|
6690000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E38C506000
|
heap
|
page read and write
|
||
|
39D9000
|
trusted library allocation
|
page read and write
|
||
|
1E391860000
|
trusted library allocation
|
page read and write
|
||
|
7570000
|
heap
|
page execute and read and write
|
||
|
276B000
|
stack
|
page read and write
|
||
|
1E38CD1A000
|
heap
|
page read and write
|
||
|
4F02000
|
trusted library allocation
|
page read and write
|
||
|
3670000
|
trusted library allocation
|
page read and write
|
||
|
4FF0000
|
heap
|
page read and write
|
||
|
713E000
|
stack
|
page read and write
|
||
|
5360000
|
trusted library allocation
|
page read and write
|
||
|
1E391A8E000
|
heap
|
page read and write
|
||
|
1E391E10000
|
trusted library allocation
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
612F000
|
stack
|
page read and write
|
||
|
355797E000
|
stack
|
page read and write
|
||
|
7E20000
|
trusted library allocation
|
page read and write
|
||
|
8A37000
|
trusted library allocation
|
page read and write
|
||
|
C5E000
|
stack
|
page read and write
|
||
|
4EF1000
|
trusted library allocation
|
page read and write
|
||
|
2610000
|
trusted library allocation
|
page read and write
|
||
|
7DF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
25D0000
|
trusted library allocation
|
page read and write
|
||
|
60F9000
|
trusted library allocation
|
page read and write
|
||
|
1E38C502000
|
heap
|
page read and write
|
||
|
4EF6000
|
trusted library allocation
|
page read and write
|
||
|
748F000
|
stack
|
page read and write
|
||
|
640D000
|
stack
|
page read and write
|
||
|
7BD4000
|
heap
|
page read and write
|
||
|
51BF000
|
stack
|
page read and write
|
||
|
3460000
|
heap
|
page read and write
|
||
|
7E90000
|
trusted library allocation
|
page read and write
|
||
|
663A000
|
trusted library allocation
|
page read and write
|
||
|
88D0000
|
trusted library allocation
|
page read and write
|
||
|
A5D000
|
stack
|
page read and write
|
||
|
1E38CC00000
|
heap
|
page read and write
|
||
|
1E391C20000
|
remote allocation
|
page read and write
|
||
|
1E391880000
|
trusted library allocation
|
page read and write
|
||
|
8B7A000
|
heap
|
page read and write
|
||
|
E1F000
|
stack
|
page read and write
|
||
|
3680000
|
heap
|
page readonly
|
||
|
3555BF7000
|
stack
|
page read and write
|
||
|
3238000
|
stack
|
page read and write
|
||
|
6279000
|
trusted library allocation
|
page read and write
|
||
|
1E38C413000
|
heap
|
page read and write
|
||
|
8AE0000
|
heap
|
page read and write
|
||
|
7B80000
|
heap
|
page read and write
|
||
|
8B83000
|
heap
|
page read and write
|
||
|
2ADA000
|
trusted library allocation
|
page read and write
|
||
|
27E0000
|
trusted library allocation
|
page read and write
|
||
|
2710000
|
trusted library allocation
|
page read and write
|
||
|
4EC0000
|
trusted library allocation
|
page read and write
|
||
|
602D000
|
stack
|
page read and write
|
||
|
744E000
|
stack
|
page read and write
|
||
|
1E391AC0000
|
heap
|
page read and write
|
||
|
1E38C3A0000
|
heap
|
page read and write
|
||
|
89EE000
|
stack
|
page read and write
|
||
|
7EB0000
|
trusted library allocation
|
page read and write
|
||
|
4DF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2770000
|
trusted library allocation
|
page read and write
|
||
|
935000
|
heap
|
page read and write
|
||
|
B75000
|
heap
|
page read and write
|
||
|
1E38CD02000
|
heap
|
page read and write
|
||
|
6680000
|
heap
|
page read and write
|
||
|
D80000
|
trusted library allocation
|
page read and write
|
||
|
1E391A1F000
|
heap
|
page read and write
|
||
|
8A3A000
|
trusted library allocation
|
page read and write
|
||
|
27D0000
|
trusted library allocation
|
page read and write
|
||
|
2780000
|
trusted library allocation
|
page read and write
|
||
|
580D000
|
trusted library allocation
|
page read and write
|
||
|
6136000
|
trusted library allocation
|
page read and write
|
||
|
658D000
|
stack
|
page read and write
|
||
|
1E391AC8000
|
heap
|
page read and write
|
||
|
1E3918C4000
|
trusted library allocation
|
page read and write
|
||
|
26E0000
|
trusted library allocation
|
page read and write
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
51C0000
|
trusted library section
|
page read and write
|
||
|
1E38C4AD000
|
heap
|
page read and write
|
||
|
35562FE000
|
unkown
|
page readonly
|
||
|
74C2000
|
trusted library allocation
|
page read and write
|
||
|
1E3918B0000
|
trusted library allocation
|
page read and write
|
||
|
36A7000
|
heap
|
page read and write
|
||
|
B30000
|
heap
|
page read and write
|
||
|
1E391AFE000
|
heap
|
page read and write
|
||
|
4ED3000
|
heap
|
page read and write
|
||
|
1E3919E0000
|
trusted library allocation
|
page read and write
|
||
|
2A4B000
|
trusted library allocation
|
page read and write
|
||
|
3623000
|
trusted library allocation
|
page execute and read and write
|
||
|
4DD0000
|
trusted library allocation
|
page read and write
|
||
|
1E391B0A000
|
heap
|
page read and write
|
||
|
88C0000
|
trusted library allocation
|
page read and write
|
||
|
2AF2000
|
trusted library allocation
|
page read and write
|
||
|
35D0000
|
heap
|
page read and write
|
||
|
35573FE000
|
unkown
|
page readonly
|
||
|
1E391C20000
|
remote allocation
|
page read and write
|
||
|
4EE2000
|
trusted library allocation
|
page read and write
|
||
|
6627000
|
trusted library allocation
|
page read and write
|
||
|
5D72000
|
heap
|
page read and write
|
||
|
A6E000
|
heap
|
page read and write
|
||
|
69E0000
|
heap
|
page read and write
|
||
|
3555CFE000
|
unkown
|
page readonly
|
||
|
7D2E000
|
stack
|
page read and write
|
||
|
7F2B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
A6A000
|
heap
|
page read and write
|
||
|
3720000
|
heap
|
page read and write
|
||
|
27D5000
|
trusted library allocation
|
page read and write
|
||
|
4FEE000
|
stack
|
page read and write
|
||
|
3306000
|
heap
|
page read and write
|
||
|
5BA000
|
stack
|
page read and write
|
||
|
1E391E50000
|
trusted library allocation
|
page read and write
|
||
|
3639000
|
trusted library allocation
|
page read and write
|
||
|
B5B000
|
heap
|
page read and write
|
||
|
1E38C2A0000
|
heap
|
page read and write
|
||
|
1E38C491000
|
heap
|
page read and write
|
||
|
34C8000
|
heap
|
page read and write
|
||
|
1E391A00000
|
heap
|
page read and write
|
||
|
62CE000
|
stack
|
page read and write
|
||
|
6DC0000
|
heap
|
page read and write
|
||
|
2A74000
|
trusted library allocation
|
page read and write
|
||
|
5A40000
|
heap
|
page read and write
|
||
|
4ED0000
|
trusted library allocation
|
page read and write
|
||
|
1E38C517000
|
heap
|
page read and write
|
||
|
5CED000
|
heap
|
page read and write
|
||
|
1E38C4B8000
|
heap
|
page read and write
|
||
|
3620000
|
trusted library allocation
|
page read and write
|
||
|
1E391970000
|
trusted library allocation
|
page read and write
|
||
|
7DAE000
|
stack
|
page read and write
|
||
|
4DA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E3919D0000
|
trusted library allocation
|
page read and write
|
||
|
D9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7E00000
|
trusted library allocation
|
page read and write
|
||
|
557F000
|
trusted library allocation
|
page read and write
|
||
|
3921000
|
trusted library allocation
|
page read and write
|
||
|
34BC000
|
heap
|
page read and write
|
||
|
25F2000
|
trusted library allocation
|
page read and write
|
||
|
1E391800000
|
trusted library allocation
|
page read and write
|
||
|
2796000
|
trusted library allocation
|
page read and write
|
||
|
25F0000
|
trusted library allocation
|
page read and write
|
||
|
7B00000
|
trusted library allocation
|
page read and write
|
||
|
32B0000
|
heap
|
page read and write
|
||
|
25CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
6272000
|
trusted library allocation
|
page read and write
|
||
|
89AE000
|
stack
|
page read and write
|
||
|
5226000
|
trusted library allocation
|
page read and write
|
||
|
1E391A50000
|
heap
|
page read and write
|
||
|
2A9F000
|
trusted library allocation
|
page read and write
|
||
|
7C61000
|
heap
|
page read and write
|
||
|
8A2E000
|
stack
|
page read and write
|
||
|
8950000
|
trusted library allocation
|
page execute and read and write
|
||
|
6640000
|
trusted library allocation
|
page read and write
|
||
|
8B7D000
|
heap
|
page read and write
|
||
|
7C0D000
|
heap
|
page read and write
|
||
|
2AC8000
|
trusted library allocation
|
page read and write
|
||
|
88B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E38C513000
|
heap
|
page read and write
|
||
|
27C0000
|
trusted library allocation
|
page read and write
|
||
|
2810000
|
heap
|
page read and write
|
||
|
4EDB000
|
trusted library allocation
|
page read and write
|
||
|
BA9000
|
heap
|
page read and write
|
||
|
4F70000
|
heap
|
page read and write
|
||
|
6FFE000
|
stack
|
page read and write
|
||
|
4EB0000
|
trusted library section
|
page readonly
|
||
|
524C000
|
stack
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
2A01000
|
trusted library allocation
|
page read and write
|
||
|
C0E000
|
heap
|
page read and write
|
||
|
7C15000
|
heap
|
page read and write
|
||
|
6261000
|
trusted library allocation
|
page read and write
|
||
|
7E80000
|
trusted library allocation
|
page read and write
|
||
|
8A70000
|
trusted library allocation
|
page read and write
|
||
|
8CE2000
|
trusted library allocation
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
7BF2000
|
heap
|
page read and write
|
||
|
1E38D3E0000
|
trusted library allocation
|
page read and write
|
||
|
A94000
|
heap
|
page read and write
|
||
|
502E000
|
stack
|
page read and write
|
||
|
4A0000
|
unkown
|
page readonly
|
||
|
50D1000
|
trusted library allocation
|
page read and write
|
||
|
1E391950000
|
trusted library allocation
|
page read and write
|
||
|
7C65000
|
heap
|
page read and write
|
||
|
60D9000
|
trusted library allocation
|
page read and write
|
||
|
4D80000
|
heap
|
page read and write
|
||
|
512B000
|
trusted library allocation
|
page read and write
|
||
|
1E38C4B8000
|
heap
|
page read and write
|
||
|
4F60000
|
heap
|
page read and write
|
||
|
2A90000
|
trusted library allocation
|
page read and write
|
||
|
794E000
|
stack
|
page read and write
|
||
|
4F8D000
|
stack
|
page read and write
|
||
|
2720000
|
heap
|
page execute and read and write
|
||
|
1E391A55000
|
heap
|
page read and write
|
||
|
39B1000
|
trusted library allocation
|
page read and write
|
||
|
790E000
|
stack
|
page read and write
|
||
|
DB6000
|
trusted library allocation
|
page execute and read and write
|
||
|
BCF000
|
heap
|
page read and write
|
||
|
DE0000
|
trusted library allocation
|
page read and write
|
||
|
4A2000
|
unkown
|
page readonly
|
||
|
703E000
|
stack
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
D94000
|
trusted library allocation
|
page read and write
|
||
|
32FD000
|
stack
|
page read and write
|
||
|
DC2000
|
trusted library allocation
|
page read and write
|
||
|
79CE000
|
stack
|
page read and write
|
||
|
1E391EE0000
|
trusted library allocation
|
page read and write
|
||
|
1E38C4AB000
|
heap
|
page read and write
|
||
|
1E391A43000
|
heap
|
page read and write
|
||
|
43E000
|
remote allocation
|
page execute and read and write
|
||
|
4A8C000
|
stack
|
page read and write
|
||
|
29E6000
|
trusted library allocation
|
page read and write
|
||
|
7E60000
|
trusted library allocation
|
page read and write
|
||
|
8B56000
|
heap
|
page read and write
|
||
|
7C63000
|
heap
|
page read and write
|
||
|
4FE0000
|
heap
|
page read and write
|
||
|
25C4000
|
trusted library allocation
|
page read and write
|
||
|
26F0000
|
heap
|
page execute and read and write
|
||
|
29F0000
|
trusted library allocation
|
page read and write
|
||
|
1E392000000
|
heap
|
page read and write
|
||
|
DF6000
|
heap
|
page read and write
|
||
|
8B9D000
|
heap
|
page read and write
|
||
|
60D1000
|
trusted library allocation
|
page read and write
|
||
|
5040000
|
heap
|
page execute and read and write
|
||
|
278E000
|
trusted library allocation
|
page read and write
|
||
|
279D000
|
trusted library allocation
|
page read and write
|
||
|
56E0000
|
heap
|
page read and write
|
||
|
6780000
|
trusted library allocation
|
page execute and read and write
|
||
|
6275000
|
trusted library allocation
|
page read and write
|
||
|
644F000
|
stack
|
page read and write
|
||
|
364A000
|
trusted library allocation
|
page execute and read and write
|
||
|
AF9000
|
stack
|
page read and write
|
||
|
50C0000
|
heap
|
page read and write
|
||
|
4FD0000
|
heap
|
page read and write
|
||
|
27A0000
|
heap
|
page read and write
|
||
|
273E000
|
stack
|
page read and write
|
||
|
D00000
|
trusted library allocation
|
page read and write
|
||
|
DB0000
|
trusted library allocation
|
page read and write
|
||
|
1E38C2C0000
|
heap
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
291E000
|
stack
|
page read and write
|
||
|
5CB0000
|
heap
|
page read and write
|
||
|
36B8000
|
trusted library allocation
|
page read and write
|
||
|
5C75000
|
heap
|
page read and write
|
||
|
5C50000
|
heap
|
page read and write
|
||
|
260E000
|
stack
|
page read and write
|
||
|
5C3D000
|
stack
|
page read and write
|
||
|
88CD000
|
trusted library allocation
|
page read and write
|
||
|
8D00000
|
trusted library allocation
|
page execute and read and write
|
||
|
5CD0000
|
heap
|
page read and write
|
||
|
264E000
|
stack
|
page read and write
|
||
|
527E000
|
heap
|
page read and write
|
||
|
371E000
|
stack
|
page read and write
|
||
|
3610000
|
trusted library allocation
|
page read and write
|
||
|
1E3919C0000
|
trusted library allocation
|
page read and write
|
||
|
2FFC000
|
stack
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
7B8A000
|
heap
|
page read and write
|
||
|
7C10000
|
heap
|
page read and write
|
||
|
63CE000
|
stack
|
page read and write
|
||
|
72BE000
|
stack
|
page read and write
|
||
|
1E38C496000
|
heap
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
25E0000
|
trusted library allocation
|
page read and write
|
||
|
35565FB000
|
stack
|
page read and write
|
||
|
25FB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E38C42B000
|
heap
|
page read and write
|
||
|
1E38C4B3000
|
heap
|
page read and write
|
||
|
8E70000
|
trusted library allocation
|
page read and write
|
||
|
8940000
|
heap
|
page read and write
|
||
|
25C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F4C000
|
stack
|
page read and write
|
||
|
4F4C000
|
stack
|
page read and write
|
||
|
773B000
|
stack
|
page read and write
|
||
|
8B22000
|
heap
|
page read and write
|
||
|
7AE0000
|
trusted library allocation
|
page read and write
|
||
|
3624000
|
trusted library allocation
|
page read and write
|
||
|
4F64000
|
heap
|
page read and write
|
||
|
4EFD000
|
trusted library allocation
|
page read and write
|
||
|
1E38C440000
|
heap
|
page read and write
|
||
|
77F0000
|
heap
|
page read and write
|
||
|
73BF000
|
stack
|
page read and write
|
||
|
DB2000
|
trusted library allocation
|
page read and write
|
||
|
36D0000
|
heap
|
page execute and read and write
|
||
|
1E3918C0000
|
trusted library allocation
|
page read and write
|
||
|
25EA000
|
trusted library allocation
|
page execute and read and write
|
||
|
26D0000
|
trusted library allocation
|
page read and write
|
||
|
3728000
|
heap
|
page read and write
|
||
|
7CED000
|
stack
|
page read and write
|
||
|
2A14000
|
trusted library allocation
|
page read and write
|
||
|
717E000
|
stack
|
page read and write
|
||
|
1E391AFA000
|
heap
|
page read and write
|
||
|
49B8000
|
trusted library allocation
|
page read and write
|
||
|
2700000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E3919B0000
|
trusted library allocation
|
page read and write
|
||
|
755B000
|
stack
|
page read and write
|
||
|
1E391AF2000
|
heap
|
page read and write
|
||
|
3555DFE000
|
stack
|
page read and write
|
||
|
727E000
|
stack
|
page read and write
|
||
|
5CBE000
|
heap
|
page read and write
|
||
|
7B60000
|
heap
|
page execute and read and write
|
||
|
4A1B000
|
stack
|
page read and write
|
||
|
1E38CBC1000
|
trusted library allocation
|
page read and write
|
||
|
1E38CC15000
|
heap
|
page read and write
|
||
|
CA7000
|
heap
|
page read and write
|
||
|
7EEA8000
|
trusted library allocation
|
page execute and read and write
|
||
|
6AEE000
|
stack
|
page read and write
|
||
|
1E391C20000
|
remote allocation
|
page read and write
|
||
|
4EDE000
|
trusted library allocation
|
page read and write
|
||
|
2A70000
|
trusted library allocation
|
page read and write
|
||
|
355587B000
|
stack
|
page read and write
|
||
|
1E38C470000
|
heap
|
page read and write
|
||
|
3506000
|
heap
|
page read and write
|
||
|
1E38CD04000
|
heap
|
page read and write
|
||
|
75BE000
|
stack
|
page read and write
|
||
|
3555EFE000
|
unkown
|
page readonly
|
||
|
76FE000
|
stack
|
page read and write
|
||
|
53A0000
|
heap
|
page read and write
|
||
|
1E391A59000
|
heap
|
page read and write
|
||
|
265E000
|
stack
|
page read and write
|
||
|
1E391A62000
|
heap
|
page read and write
|
||
|
1E38C502000
|
heap
|
page read and write
|
||
|
2774000
|
trusted library allocation
|
page read and write
|
||
|
4ED0000
|
heap
|
page read and write
|
||
|
7BA7000
|
heap
|
page read and write
|
||
|
DC7000
|
trusted library allocation
|
page execute and read and write
|
||
|
7C7D000
|
heap
|
page read and write
|
||
|
1E391870000
|
trusted library allocation
|
page read and write
|
||
|
1E38C467000
|
heap
|
page read and write
|
||
|
893D000
|
stack
|
page read and write
|
||
|
B13000
|
heap
|
page read and write
|
||
|
8F7000
|
stack
|
page read and write
|
||
|
7E70000
|
trusted library allocation
|
page read and write
|
||
|
1E38CD1A000
|
heap
|
page read and write
|
||
|
1E3918B0000
|
trusted library allocation
|
page read and write
|
||
|
1E391950000
|
trusted library allocation
|
page read and write
|
||
|
76BB000
|
stack
|
page read and write
|
||
|
8A30000
|
trusted library allocation
|
page read and write
|
||
|
29FD000
|
trusted library allocation
|
page read and write
|
||
|
75FE000
|
stack
|
page read and write
|
||
|
8B73000
|
heap
|
page read and write
|
||
|
1E38CBF0000
|
trusted library allocation
|
page read and write
|
||
|
77A000
|
stack
|
page read and write
|
||
|
1E391880000
|
trusted library allocation
|
page read and write
|
||
|
66A0000
|
trusted library allocation
|
page read and write
|
||
|
1E38CC02000
|
heap
|
page read and write
|
||
|
1E38D800000
|
trusted library allocation
|
page read and write
|
||
|
7DED000
|
stack
|
page read and write
|
||
|
77C0000
|
heap
|
page read and write
|
||
|
1E38CD00000
|
heap
|
page read and write
|
||
|
7C80000
|
trusted library allocation
|
page read and write
|
||
|
2791000
|
trusted library allocation
|
page read and write
|
||
|
27CF000
|
trusted library allocation
|
page read and write
|
||
|
4DE0000
|
trusted library section
|
page read and write
|
||
|
4F90000
|
trusted library allocation
|
page read and write
|
||
|
29B1000
|
trusted library allocation
|
page read and write
|
||
|
8B5B000
|
heap
|
page read and write
|
||
|
1E391980000
|
trusted library allocation
|
page read and write
|
||
|
4EEE000
|
trusted library allocation
|
page read and write
|
||
|
C6E000
|
stack
|
page read and write
|
||
|
1E38C3D0000
|
trusted library allocation
|
page read and write
|
||
|
1E391A2C000
|
heap
|
page read and write
|
||
|
3650000
|
trusted library allocation
|
page read and write
|
||
|
535B000
|
stack
|
page read and write
|
||
|
1E391970000
|
trusted library allocation
|
page read and write
|
||
|
25F7000
|
trusted library allocation
|
page execute and read and write
|
||
|
8AE4000
|
heap
|
page read and write
|
||
|
53A5000
|
heap
|
page read and write
|
||
|
763D000
|
stack
|
page read and write
|
||
|
3490000
|
heap
|
page read and write
|
||
|
1E38CD13000
|
heap
|
page read and write
|
||
|
6610000
|
trusted library allocation
|
page read and write
|
||
|
2AEC000
|
trusted library allocation
|
page read and write
|
||
|
2ADE000
|
trusted library allocation
|
page read and write
|
||
|
1E391AA6000
|
heap
|
page read and write
|
||
|
5230000
|
heap
|
page read and write
|
||
|
534F000
|
stack
|
page read and write
|
||
|
268E000
|
stack
|
page read and write
|
||
|
1E38C45B000
|
heap
|
page read and write
|
||
|
C85000
|
heap
|
page read and write
|
||
|
5D2D000
|
heap
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
4B8E000
|
stack
|
page read and write
|
||
|
6650000
|
trusted library allocation
|
page read and write
|
||
|
6EFD000
|
stack
|
page read and write
|
||
|
7AF1000
|
trusted library allocation
|
page read and write
|
||
|
798E000
|
stack
|
page read and write
|
||
|
503E000
|
stack
|
page read and write
|
||
|
1E38C400000
|
heap
|
page read and write
|
||
|
1E391AF8000
|
heap
|
page read and write
|
||
|
1E391B05000
|
heap
|
page read and write
|
||
|
5140000
|
heap
|
page execute and read and write
|
||
|
3655000
|
trusted library allocation
|
page execute and read and write
|
||
|
C9E000
|
stack
|
page read and write
|
||
|
7C0A000
|
heap
|
page read and write
|
||
|
6630000
|
trusted library allocation
|
page read and write
|
||
|
3690000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E391882000
|
trusted library allocation
|
page read and write
|
||
|
7E30000
|
trusted library allocation
|
page read and write
|
||
|
1E38C48F000
|
heap
|
page read and write
|
||
|
3573000
|
heap
|
page read and write
|
||
|
8960000
|
heap
|
page read and write
|
||
|
50AE000
|
stack
|
page read and write
|
||
|
79F2000
|
heap
|
page read and write
|
||
|
8B4F000
|
heap
|
page read and write
|
||
|
3630000
|
trusted library allocation
|
page read and write
|
||
|
7E40000
|
trusted library allocation
|
page read and write
|
||
|
26E4000
|
trusted library allocation
|
page read and write
|
||
|
35572F9000
|
stack
|
page read and write
|
||
|
1E391AE7000
|
heap
|
page read and write
|
||
|
8BA2000
|
heap
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
1E38CE90000
|
trusted library allocation
|
page read and write
|
||
|
3640000
|
trusted library allocation
|
page read and write
|
||
|
28AF000
|
stack
|
page read and write
|
||
|
36A0000
|
heap
|
page read and write
|
||
|
7E10000
|
trusted library allocation
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
DAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E391881000
|
trusted library allocation
|
page read and write
|
||
|
345E000
|
stack
|
page read and write
|
||
|
767A000
|
stack
|
page read and write
|
||
|
1E38C4B3000
|
heap
|
page read and write
|
||
|
690E000
|
stack
|
page read and write
|
||
|
277B000
|
trusted library allocation
|
page read and write
|
||
|
506E000
|
stack
|
page read and write
|
||
|
7C46000
|
heap
|
page read and write
|
||
|
1E38C4FF000
|
heap
|
page read and write
|
||
|
B72000
|
heap
|
page read and write
|
||
|
2AAD000
|
trusted library allocation
|
page read and write
|
||
|
6DCE000
|
heap
|
page read and write
|
||
|
27B0000
|
trusted library allocation
|
page read and write
|
||
|
7BF6000
|
heap
|
page read and write
|
||
|
5D07000
|
heap
|
page read and write
|
||
|
7D6E000
|
stack
|
page read and write
|
||
|
5C40000
|
heap
|
page read and write
|
||
|
A89000
|
heap
|
page read and write
|
||
|
8B8E000
|
heap
|
page read and write
|
||
|
4F0E000
|
stack
|
page read and write
|
||
|
1E38C529000
|
heap
|
page read and write
|
||
|
BFD000
|
heap
|
page read and write
|
||
|
7E50000
|
trusted library allocation
|
page read and write
|
||
|
8BA6000
|
heap
|
page read and write
|
||
|
35566FE000
|
unkown
|
page readonly
|
||
|
7EE90000
|
trusted library allocation
|
page execute and read and write
|
||
|
27A2000
|
trusted library allocation
|
page read and write
|
||
|
88A0000
|
heap
|
page read and write
|
||
|
5CB6000
|
heap
|
page read and write
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
35CE000
|
stack
|
page read and write
|
||
|
1E38D140000
|
trusted library allocation
|
page read and write
|
||
|
2AB1000
|
trusted library allocation
|
page read and write
|
||
|
DBA000
|
trusted library allocation
|
page execute and read and write
|
||
|
E00000
|
trusted library allocation
|
page execute and read and write
|
||
|
3A17000
|
trusted library allocation
|
page read and write
|
||
|
5380000
|
trusted library allocation
|
page read and write
|
There are 495 hidden memdumps, click here to show them.