Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
PO-095325.scr.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.chk
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0xf6d8adac, page size 16384, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO-095325.scr.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bby2xb0d.scu.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lvbxtp5v.tvb.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mmkgnilv.5rb.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zf23jsrj.ygd.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\PO-095325.scr.exe
|
"C:\Users\user\Desktop\PO-095325.scr.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"Powershell.exe" ??????????-??????????E??????????x??????????e??????????c??????????u??????????t??????????i??????????o??????????n??????????P??????????o??????????l??????????i??????????c??????????y??????????
??????????B??????????y??????????p??????????a??????????s??????????s?????????? ??????????-??????????c??????????o??????????m??????????m??????????a??????????n??????????d
?????????C?????????o?????????p?????????y?????????-?????????I?????????t?????????e?????????m 'C:\Users\user\Desktop\PO-095325.scr.exe'
'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\command-line.exe'
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
https://api.ipify.org/
|
104.26.12.205
|
||
|
https://api.ipify.org/T4
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://aka.ms/winsvr-2022-pshelp
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://api.ipif8
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2.C:
|
unknown
|
||
|
https://api.ipify.org/p
|
unknown
|
||
|
https://api.ipify.org/t
|
unknown
|
||
|
https://github.com/sam210723/goesrecv-monitor/releases/latest
|
unknown
|
||
|
http://go.micros
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://api.ipify.org
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod/C:
|
unknown
|
||
|
https://api.ipify.org
|
unknown
|
||
|
http://crl.micro
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://vksdr.com/goesrecv-monitor
|
unknown
|
||
|
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://ip-api.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
There are 20 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
api.ipify.org
|
104.26.12.205
|
||
|
ip-api.com
|
208.95.112.1
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
208.95.112.1
|
ip-api.com
|
United States
|
||
|
104.26.12.205
|
api.ipify.org
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
There are 6 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
38F9000
|
trusted library allocation
|
page read and write
|
|
|
|
214422C0000
|
trusted library allocation
|
page read and write
|
||
|
49EC000
|
stack
|
page read and write
|
||
|
4E70000
|
trusted library allocation
|
page read and write
|
||
|
32B1000
|
trusted library allocation
|
page read and write
|
||
|
7F9E8000
|
trusted library allocation
|
page execute and read and write
|
||
|
1500000
|
trusted library allocation
|
page read and write
|
||
|
8080000
|
trusted library allocation
|
page read and write
|
||
|
4D30000
|
heap
|
page read and write
|
||
|
1460000
|
heap
|
page read and write
|
||
|
6C40000
|
heap
|
page execute and read and write
|
||
|
725A000
|
heap
|
page read and write
|
||
|
2BE8000
|
heap
|
page read and write
|
||
|
F99000
|
stack
|
page read and write
|
||
|
166F000
|
heap
|
page read and write
|
||
|
2144240F000
|
heap
|
page read and write
|
||
|
2143D513000
|
heap
|
page read and write
|
||
|
285E000
|
stack
|
page read and write
|
||
|
1300000
|
heap
|
page read and write
|
||
|
3FCECFE000
|
unkown
|
page readonly
|
||
|
AEE000
|
heap
|
page read and write
|
||
|
4620000
|
trusted library allocation
|
page read and write
|
||
|
DCF000
|
stack
|
page read and write
|
||
|
4E75000
|
trusted library allocation
|
page read and write
|
||
|
C62000
|
trusted library allocation
|
page read and write
|
||
|
6FEE000
|
stack
|
page read and write
|
||
|
2BB0000
|
trusted library allocation
|
page read and write
|
||
|
F0E000
|
stack
|
page read and write
|
||
|
7500000
|
trusted library allocation
|
page read and write
|
||
|
2143CE94000
|
heap
|
page read and write
|
||
|
72C2000
|
heap
|
page read and write
|
||
|
2143D790000
|
trusted library allocation
|
page read and write
|
||
|
2143D55A000
|
heap
|
page read and write
|
||
|
46FE000
|
stack
|
page read and write
|
||
|
5440000
|
trusted library allocation
|
page read and write
|
||
|
2CE2000
|
trusted library allocation
|
page read and write
|
||
|
336E000
|
trusted library allocation
|
page read and write
|
||
|
214422D0000
|
trusted library allocation
|
page read and write
|
||
|
6D30000
|
trusted library allocation
|
page read and write
|
||
|
726E000
|
heap
|
page read and write
|
||
|
746D000
|
stack
|
page read and write
|
||
|
58E1000
|
trusted library allocation
|
page read and write
|
||
|
32AE000
|
stack
|
page read and write
|
||
|
21442400000
|
heap
|
page read and write
|
||
|
4741000
|
trusted library allocation
|
page read and write
|
||
|
7530000
|
trusted library allocation
|
page read and write
|
||
|
4E34000
|
trusted library allocation
|
page read and write
|
||
|
56FE000
|
trusted library allocation
|
page read and write
|
||
|
6E60000
|
heap
|
page read and write
|
||
|
214421D0000
|
trusted library allocation
|
page read and write
|
||
|
214422F0000
|
trusted library allocation
|
page read and write
|
||
|
28D0000
|
trusted library allocation
|
page read and write
|
||
|
5530000
|
heap
|
page read and write
|
||
|
4BEA000
|
trusted library allocation
|
page read and write
|
||
|
21442220000
|
trusted library allocation
|
page read and write
|
||
|
33F0000
|
trusted library allocation
|
page read and write
|
||
|
5400000
|
trusted library section
|
page read and write
|
||
|
C6B000
|
trusted library allocation
|
page execute and read and write
|
||
|
21442230000
|
trusted library allocation
|
page read and write
|
||
|
6E0E000
|
stack
|
page read and write
|
||
|
528F000
|
stack
|
page read and write
|
||
|
4316000
|
trusted library allocation
|
page read and write
|
||
|
4EA0000
|
trusted library allocation
|
page read and write
|
||
|
1639000
|
heap
|
page read and write
|
||
|
3FCEFFC000
|
stack
|
page read and write
|
||
|
2C0D000
|
heap
|
page read and write
|
||
|
74B0000
|
trusted library allocation
|
page read and write
|
||
|
682E000
|
stack
|
page read and write
|
||
|
5540000
|
heap
|
page read and write
|
||
|
5CE0000
|
heap
|
page read and write
|
||
|
28A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
214421F0000
|
trusted library allocation
|
page read and write
|
||
|
2143D51A000
|
heap
|
page read and write
|
||
|
571D000
|
trusted library allocation
|
page read and write
|
||
|
6D70000
|
trusted library allocation
|
page execute and read and write
|
||
|
2143DA50000
|
trusted library allocation
|
page read and write
|
||
|
72A6000
|
heap
|
page read and write
|
||
|
8020000
|
heap
|
page read and write
|
||
|
14D0000
|
trusted library allocation
|
page read and write
|
||
|
AEA000
|
heap
|
page read and write
|
||
|
14B0000
|
trusted library allocation
|
page read and write
|
||
|
3FD097E000
|
stack
|
page read and write
|
||
|
2143CF17000
|
heap
|
page read and write
|
||
|
C80000
|
trusted library allocation
|
page read and write
|
||
|
6D80000
|
trusted library allocation
|
page read and write
|
||
|
817E000
|
heap
|
page read and write
|
||
|
2143CEFE000
|
heap
|
page read and write
|
||
|
21442820000
|
trusted library allocation
|
page read and write
|
||
|
5769000
|
trusted library allocation
|
page read and write
|
||
|
214424A8000
|
heap
|
page read and write
|
||
|
4FE0000
|
heap
|
page read and write
|
||
|
3FCEDFE000
|
stack
|
page read and write
|
||
|
32FD000
|
trusted library allocation
|
page read and write
|
||
|
21442263000
|
trusted library allocation
|
page read and write
|
||
|
6C0B000
|
stack
|
page read and write
|
||
|
2143CE13000
|
heap
|
page read and write
|
||
|
2B2F000
|
stack
|
page read and write
|
||
|
6B6E000
|
stack
|
page read and write
|
||
|
6DCB000
|
stack
|
page read and write
|
||
|
5711000
|
trusted library allocation
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
2143CF13000
|
heap
|
page read and write
|
||
|
214421E0000
|
trusted library allocation
|
page read and write
|
||
|
6ABF000
|
stack
|
page read and write
|
||
|
2143CC30000
|
heap
|
page read and write
|
||
|
14EB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1550000
|
heap
|
page read and write
|
||
|
21442390000
|
remote allocation
|
page read and write
|
||
|
21442443000
|
heap
|
page read and write
|
||
|
711D000
|
stack
|
page read and write
|
||
|
14A0000
|
trusted library allocation
|
page read and write
|
||
|
937000
|
stack
|
page read and write
|
||
|
52F0000
|
heap
|
page read and write
|
||
|
7520000
|
trusted library allocation
|
page read and write
|
||
|
8194000
|
heap
|
page read and write
|
||
|
21442455000
|
heap
|
page read and write
|
||
|
7F7C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E2000
|
unkown
|
page readonly
|
||
|
5722000
|
trusted library allocation
|
page read and write
|
||
|
3374000
|
trusted library allocation
|
page read and write
|
||
|
4737000
|
heap
|
page read and write
|
||
|
8180000
|
heap
|
page read and write
|
||
|
7A2E000
|
stack
|
page read and write
|
||
|
33D8000
|
trusted library allocation
|
page read and write
|
||
|
8047000
|
trusted library allocation
|
page read and write
|
||
|
B14000
|
heap
|
page read and write
|
||
|
6562000
|
heap
|
page read and write
|
||
|
4E51000
|
trusted library allocation
|
page read and write
|
||
|
214421F1000
|
trusted library allocation
|
page read and write
|
||
|
31AF000
|
stack
|
page read and write
|
||
|
33C6000
|
trusted library allocation
|
page read and write
|
||
|
70BE000
|
stack
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
5550000
|
trusted library allocation
|
page read and write
|
||
|
7249000
|
heap
|
page read and write
|
||
|
74D0000
|
trusted library allocation
|
page read and write
|
||
|
7470000
|
trusted library allocation
|
page read and write
|
||
|
2B30000
|
heap
|
page read and write
|
||
|
14C0000
|
trusted library allocation
|
page read and write
|
||
|
21442234000
|
trusted library allocation
|
page read and write
|
||
|
2CE5000
|
trusted library allocation
|
page execute and read and write
|
||
|
CB0000
|
heap
|
page execute and read and write
|
||
|
2143DBC1000
|
trusted library allocation
|
page read and write
|
||
|
159E000
|
stack
|
page read and write
|
||
|
2DB8000
|
trusted library allocation
|
page read and write
|
||
|
1620000
|
trusted library allocation
|
page read and write
|
||
|
15F0000
|
heap
|
page read and write
|
||
|
467E000
|
stack
|
page read and write
|
||
|
14CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
53A000
|
unkown
|
page readonly
|
||
|
7010000
|
heap
|
page read and write
|
||
|
B28000
|
heap
|
page read and write
|
||
|
2144242C000
|
heap
|
page read and write
|
||
|
289C000
|
stack
|
page read and write
|
||
|
21442459000
|
heap
|
page read and write
|
||
|
71F0000
|
heap
|
page read and write
|
||
|
334B000
|
trusted library allocation
|
page read and write
|
||
|
4E5D000
|
trusted library allocation
|
page read and write
|
||
|
14B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
288C000
|
stack
|
page read and write
|
||
|
3090000
|
trusted library allocation
|
page read and write
|
||
|
8500000
|
trusted library allocation
|
page read and write
|
||
|
8040000
|
trusted library allocation
|
page read and write
|
||
|
21442220000
|
trusted library allocation
|
page read and write
|
||
|
559E000
|
stack
|
page read and write
|
||
|
6C8E000
|
stack
|
page read and write
|
||
|
3356000
|
trusted library allocation
|
page read and write
|
||
|
736E000
|
stack
|
page read and write
|
||
|
21442450000
|
heap
|
page read and write
|
||
|
33DC000
|
trusted library allocation
|
page read and write
|
||
|
6D4A000
|
stack
|
page read and write
|
||
|
4E4E000
|
trusted library allocation
|
page read and write
|
||
|
4EF0000
|
heap
|
page read and write
|
||
|
4E30000
|
trusted library allocation
|
page read and write
|
||
|
5DC0000
|
heap
|
page read and write
|
||
|
7FCD000
|
stack
|
page read and write
|
||
|
14B4000
|
trusted library allocation
|
page read and write
|
||
|
28F1000
|
trusted library allocation
|
page read and write
|
||
|
715E000
|
stack
|
page read and write
|
||
|
2D9F000
|
stack
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
4E80000
|
trusted library allocation
|
page read and write
|
||
|
7F9D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E3E000
|
trusted library allocation
|
page read and write
|
||
|
3FCF0FE000
|
unkown
|
page readonly
|
||
|
214424E8000
|
heap
|
page read and write
|
||
|
2C19000
|
heap
|
page read and write
|
||
|
1671000
|
heap
|
page read and write
|
||
|
14E7000
|
trusted library allocation
|
page execute and read and write
|
||
|
ECE000
|
stack
|
page read and write
|
||
|
72A4000
|
heap
|
page read and write
|
||
|
2A10000
|
heap
|
page read and write
|
||
|
8192000
|
heap
|
page read and write
|
||
|
818D000
|
heap
|
page read and write
|
||
|
214424BC000
|
heap
|
page read and write
|
||
|
C5A000
|
trusted library allocation
|
page execute and read and write
|
||
|
8050000
|
trusted library allocation
|
page read and write
|
||
|
8030000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
28C0000
|
trusted library allocation
|
page read and write
|
||
|
2DF8000
|
heap
|
page read and write
|
||
|
724F000
|
heap
|
page read and write
|
||
|
14D6000
|
trusted library allocation
|
page execute and read and write
|
||
|
21442210000
|
trusted library allocation
|
page read and write
|
||
|
2143D402000
|
heap
|
page read and write
|
||
|
2144241F000
|
heap
|
page read and write
|
||
|
4FE3000
|
heap
|
page read and write
|
||
|
3FCF4FE000
|
unkown
|
page readonly
|
||
|
15E0000
|
heap
|
page read and write
|
||
|
814C000
|
heap
|
page read and write
|
||
|
1600000
|
trusted library allocation
|
page execute and read and write
|
||
|
21442260000
|
trusted library allocation
|
page read and write
|
||
|
6FFE000
|
stack
|
page read and write
|
||
|
7236000
|
heap
|
page read and write
|
||
|
2D10000
|
heap
|
page execute and read and write
|
||
|
461D000
|
stack
|
page read and write
|
||
|
2143CE9F000
|
heap
|
page read and write
|
||
|
7B6E000
|
stack
|
page read and write
|
||
|
71D0000
|
trusted library allocation
|
page read and write
|
||
|
7F50000
|
trusted library allocation
|
page read and write
|
||
|
C50000
|
trusted library allocation
|
page read and write
|
||
|
BA7000
|
heap
|
page read and write
|
||
|
57A5000
|
trusted library allocation
|
page read and write
|
||
|
64BA000
|
heap
|
page read and write
|
||
|
21442462000
|
heap
|
page read and write
|
||
|
518E000
|
stack
|
page read and write
|
||
|
73EE000
|
stack
|
page read and write
|
||
|
C90000
|
heap
|
page read and write
|
||
|
742E000
|
stack
|
page read and write
|
||
|
7F60000
|
trusted library allocation
|
page read and write
|
||
|
5290000
|
trusted library section
|
page read and write
|
||
|
4BF3000
|
trusted library allocation
|
page read and write
|
||
|
C40000
|
trusted library allocation
|
page read and write
|
||
|
214422E0000
|
trusted library allocation
|
page read and write
|
||
|
672D000
|
stack
|
page read and write
|
||
|
21442390000
|
remote allocation
|
page read and write
|
||
|
21442504000
|
heap
|
page read and write
|
||
|
6D07000
|
trusted library allocation
|
page read and write
|
||
|
21442390000
|
remote allocation
|
page read and write
|
||
|
2143CEFE000
|
heap
|
page read and write
|
||
|
2144248E000
|
heap
|
page read and write
|
||
|
804A000
|
trusted library allocation
|
page read and write
|
||
|
214424F9000
|
heap
|
page read and write
|
||
|
2BDA000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E0000
|
unkown
|
page readonly
|
||
|
732E000
|
stack
|
page read and write
|
||
|
46BF000
|
stack
|
page read and write
|
||
|
2BC9000
|
trusted library allocation
|
page read and write
|
||
|
21443000000
|
heap
|
page read and write
|
||
|
21442330000
|
trusted library allocation
|
page read and write
|
||
|
53AD000
|
stack
|
page read and write
|
||
|
56F0000
|
trusted library allocation
|
page read and write
|
||
|
C56000
|
trusted library allocation
|
page execute and read and write
|
||
|
74A0000
|
trusted library allocation
|
page read and write
|
||
|
58D0000
|
trusted library allocation
|
page read and write
|
||
|
69AE000
|
stack
|
page read and write
|
||
|
8490000
|
trusted library allocation
|
page read and write
|
||
|
B21000
|
heap
|
page read and write
|
||
|
21442230000
|
trusted library allocation
|
page read and write
|
||
|
C30000
|
trusted library allocation
|
page read and write
|
||
|
64E4000
|
heap
|
page read and write
|
||
|
813E000
|
heap
|
page read and write
|
||
|
6E4E000
|
stack
|
page read and write
|
||
|
FB7000
|
heap
|
page read and write
|
||
|
2144250C000
|
heap
|
page read and write
|
||
|
298E000
|
stack
|
page read and write
|
||
|
72AA000
|
heap
|
page read and write
|
||
|
28CD000
|
stack
|
page read and write
|
||
|
4FB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3FCE97E000
|
stack
|
page read and write
|
||
|
2C50000
|
heap
|
page read and write
|
||
|
4D40000
|
heap
|
page read and write
|
||
|
2143CE7B000
|
heap
|
page read and write
|
||
|
8132000
|
heap
|
page read and write
|
||
|
B07000
|
heap
|
page read and write
|
||
|
2CE0000
|
trusted library allocation
|
page read and write
|
||
|
3FCF1F9000
|
stack
|
page read and write
|
||
|
1834000
|
trusted library allocation
|
page read and write
|
||
|
2D00000
|
trusted library allocation
|
page read and write
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
43E000
|
remote allocation
|
page execute and read and write
|
||
|
5740000
|
heap
|
page read and write
|
||
|
2143CE5B000
|
heap
|
page read and write
|
||
|
15E4000
|
heap
|
page read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
2143CF02000
|
heap
|
page read and write
|
||
|
2143CE43000
|
heap
|
page read and write
|
||
|
4E60000
|
trusted library allocation
|
page read and write
|
||
|
C3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
28E0000
|
heap
|
page read and write
|
||
|
5CD0000
|
heap
|
page read and write
|
||
|
2143CEBC000
|
heap
|
page read and write
|
||
|
2143CF29000
|
heap
|
page read and write
|
||
|
214422C0000
|
trusted library allocation
|
page read and write
|
||
|
12F8000
|
stack
|
page read and write
|
||
|
548B000
|
stack
|
page read and write
|
||
|
28DF000
|
trusted library allocation
|
page read and write
|
||
|
38F1000
|
trusted library allocation
|
page read and write
|
||
|
5BC0000
|
heap
|
page read and write
|
||
|
6AAE000
|
stack
|
page read and write
|
||
|
2143DCD0000
|
trusted library allocation
|
page read and write
|
||
|
74C0000
|
trusted library allocation
|
page read and write
|
||
|
339F000
|
trusted library allocation
|
page read and write
|
||
|
14BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2143D51A000
|
heap
|
page read and write
|
||
|
6D8E000
|
stack
|
page read and write
|
||
|
3FD09FE000
|
unkown
|
page readonly
|
||
|
338E000
|
trusted library allocation
|
page read and write
|
||
|
28B0000
|
trusted library allocation
|
page read and write
|
||
|
64B0000
|
heap
|
page read and write
|
||
|
816A000
|
heap
|
page read and write
|
||
|
339D000
|
trusted library allocation
|
page read and write
|
||
|
6D60000
|
heap
|
page read and write
|
||
|
21442340000
|
trusted library allocation
|
page read and write
|
||
|
3FCEEFE000
|
unkown
|
page readonly
|
||
|
16A6000
|
heap
|
page read and write
|
||
|
4E3B000
|
trusted library allocation
|
page read and write
|
||
|
4EB0000
|
heap
|
page execute and read and write
|
||
|
2BB4000
|
trusted library allocation
|
page read and write
|
||
|
725E000
|
stack
|
page read and write
|
||
|
7B2E000
|
stack
|
page read and write
|
||
|
C43000
|
trusted library allocation
|
page read and write
|
||
|
33AB000
|
trusted library allocation
|
page read and write
|
||
|
32F0000
|
trusted library allocation
|
page read and write
|
||
|
7244000
|
heap
|
page read and write
|
||
|
14D2000
|
trusted library allocation
|
page read and write
|
||
|
2FF8000
|
trusted library allocation
|
page read and write
|
||
|
2143D500000
|
heap
|
page read and write
|
||
|
2143CE00000
|
heap
|
page read and write
|
||
|
21442160000
|
trusted library allocation
|
page read and write
|
||
|
70D2000
|
heap
|
page read and write
|
||
|
58E8000
|
trusted library allocation
|
page read and write
|
||
|
56FB000
|
trusted library allocation
|
page read and write
|
||
|
2143CEB0000
|
heap
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
3388000
|
trusted library allocation
|
page read and write
|
||
|
5716000
|
trusted library allocation
|
page read and write
|
||
|
588C000
|
stack
|
page read and write
|
||
|
ACE000
|
stack
|
page read and write
|
||
|
1664000
|
heap
|
page read and write
|
||
|
598C000
|
stack
|
page read and write
|
||
|
1465000
|
heap
|
page read and write
|
||
|
21442320000
|
trusted library allocation
|
page read and write
|
||
|
703E000
|
stack
|
page read and write
|
||
|
8320000
|
trusted library allocation
|
page read and write
|
||
|
8162000
|
heap
|
page read and write
|
||
|
6D0D000
|
stack
|
page read and write
|
||
|
2143D3A0000
|
trusted library allocation
|
page read and write
|
||
|
32E6000
|
trusted library allocation
|
page read and write
|
||
|
7FD0000
|
heap
|
page read and write
|
||
|
33AF000
|
trusted library allocation
|
page read and write
|
||
|
2143CE72000
|
heap
|
page read and write
|
||
|
6D10000
|
trusted library allocation
|
page read and write
|
||
|
801F000
|
stack
|
page read and write
|
||
|
2143CF06000
|
heap
|
page read and write
|
||
|
30A0000
|
heap
|
page execute and read and write
|
||
|
214424F2000
|
heap
|
page read and write
|
||
|
C1E000
|
stack
|
page read and write
|
||
|
21442340000
|
trusted library allocation
|
page read and write
|
||
|
2144250B000
|
heap
|
page read and write
|
||
|
2143D502000
|
heap
|
page read and write
|
||
|
6E50000
|
heap
|
page read and write
|
||
|
64D0000
|
heap
|
page read and write
|
||
|
6D1A000
|
trusted library allocation
|
page read and write
|
||
|
5749000
|
trusted library allocation
|
page read and write
|
||
|
2A0E000
|
stack
|
page read and write
|
||
|
214424C3000
|
heap
|
page read and write
|
||
|
1840000
|
heap
|
page read and write
|
||
|
6BCD000
|
stack
|
page read and write
|
||
|
42D9000
|
trusted library allocation
|
page read and write
|
||
|
6C45000
|
heap
|
page execute and read and write
|
||
|
14DA000
|
trusted library allocation
|
page execute and read and write
|
||
|
45DC000
|
stack
|
page read and write
|
||
|
7C6E000
|
stack
|
page read and write
|
||
|
2143D504000
|
heap
|
page read and write
|
||
|
5BA0000
|
trusted library allocation
|
page read and write
|
||
|
2143CE2B000
|
heap
|
page read and write
|
||
|
4F00000
|
trusted library allocation
|
page read and write
|
||
|
7480000
|
trusted library allocation
|
page execute and read and write
|
||
|
7F30000
|
heap
|
page read and write
|
||
|
6C6E000
|
stack
|
page read and write
|
||
|
15DC000
|
stack
|
page read and write
|
||
|
B51000
|
heap
|
page read and write
|
||
|
7268000
|
heap
|
page read and write
|
||
|
5CCD000
|
stack
|
page read and write
|
||
|
47A2000
|
trusted library allocation
|
page read and write
|
||
|
2143CC10000
|
heap
|
page read and write
|
||
|
2DA0000
|
heap
|
page readonly
|
||
|
A50000
|
heap
|
page read and write
|
||
|
3301000
|
trusted library allocation
|
page read and write
|
||
|
7552000
|
trusted library allocation
|
page read and write
|
||
|
29CD000
|
stack
|
page read and write
|
||
|
2143CF02000
|
heap
|
page read and write
|
||
|
C67000
|
trusted library allocation
|
page execute and read and write
|
||
|
2143CE8D000
|
heap
|
page read and write
|
||
|
8198000
|
heap
|
page read and write
|
||
|
2143CEA8000
|
heap
|
page read and write
|
||
|
214421F2000
|
trusted library allocation
|
page read and write
|
||
|
14E0000
|
trusted library allocation
|
page read and write
|
||
|
4EC0000
|
heap
|
page read and write
|
||
|
2143E160000
|
trusted library allocation
|
page read and write
|
||
|
5741000
|
trusted library allocation
|
page read and write
|
||
|
6D20000
|
trusted library allocation
|
page read and write
|
||
|
1610000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
3FCE87B000
|
stack
|
page read and write
|
||
|
53F0000
|
trusted library allocation
|
page read and write
|
||
|
6E50000
|
heap
|
page read and write
|
||
|
4896000
|
trusted library allocation
|
page read and write
|
||
|
6CCE000
|
stack
|
page read and write
|
||
|
2C53000
|
heap
|
page read and write
|
||
|
176E000
|
stack
|
page read and write
|
||
|
6B2E000
|
stack
|
page read and write
|
||
|
58E4000
|
trusted library allocation
|
page read and write
|
||
|
8090000
|
trusted library allocation
|
page read and write
|
||
|
2143D400000
|
heap
|
page read and write
|
||
|
2143CD10000
|
heap
|
page read and write
|
||
|
2143CE22000
|
heap
|
page read and write
|
||
|
815A000
|
heap
|
page read and write
|
||
|
214424F7000
|
heap
|
page read and write
|
||
|
7550000
|
trusted library allocation
|
page read and write
|
||
|
2143D509000
|
heap
|
page read and write
|
||
|
5357000
|
heap
|
page read and write
|
||
|
1630000
|
heap
|
page read and write
|
||
|
4E56000
|
trusted library allocation
|
page read and write
|
||
|
6D00000
|
trusted library allocation
|
page read and write
|
||
|
4E62000
|
trusted library allocation
|
page read and write
|
||
|
8172000
|
heap
|
page read and write
|
||
|
C20000
|
trusted library allocation
|
page read and write
|
||
|
2BC0000
|
trusted library allocation
|
page read and write
|
||
|
80F0000
|
heap
|
page read and write
|
||
|
1470000
|
heap
|
page read and write
|
||
|
28C8000
|
stack
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
3314000
|
trusted library allocation
|
page read and write
|
||
|
2D5E000
|
stack
|
page read and write
|
||
|
2A16000
|
heap
|
page read and write
|
||
|
2143CEB0000
|
heap
|
page read and write
|
||
|
7540000
|
trusted library allocation
|
page read and write
|
||
|
58F0000
|
trusted library allocation
|
page read and write
|
||
|
21442350000
|
trusted library allocation
|
page read and write
|
||
|
5410000
|
trusted library allocation
|
page execute and read and write
|
||
|
7F40000
|
trusted library allocation
|
page execute and read and write
|
||
|
2143CE77000
|
heap
|
page read and write
|
||
|
2BB3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1846000
|
heap
|
page read and write
|
||
|
5702000
|
trusted library allocation
|
page read and write
|
||
|
C4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
214427D0000
|
trusted library allocation
|
page read and write
|
||
|
3FCF3FB000
|
stack
|
page read and write
|
||
|
2BA0000
|
trusted library allocation
|
page read and write
|
||
|
4730000
|
heap
|
page read and write
|
||
|
71C0000
|
heap
|
page execute and read and write
|
||
|
C33000
|
trusted library allocation
|
page execute and read and write
|
||
|
1830000
|
trusted library allocation
|
page read and write
|
||
|
7242000
|
heap
|
page read and write
|
||
|
42B1000
|
trusted library allocation
|
page read and write
|
||
|
570E000
|
trusted library allocation
|
page read and write
|
||
|
14E2000
|
trusted library allocation
|
page read and write
|
||
|
5D05000
|
heap
|
page read and write
|
||
|
817C000
|
heap
|
page read and write
|
||
|
2143D415000
|
heap
|
page read and write
|
||
|
6E60000
|
trusted library allocation
|
page execute and read and write
|
||
|
3FCF2FE000
|
unkown
|
page readonly
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
82F2000
|
trusted library allocation
|
page read and write
|
||
|
214422E0000
|
trusted library allocation
|
page read and write
|
||
|
A86000
|
heap
|
page read and write
|
||
|
2DE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7F5D000
|
trusted library allocation
|
page read and write
|
||
|
214424FF000
|
heap
|
page read and write
|
||
|
5430000
|
trusted library section
|
page readonly
|
||
|
74E0000
|
trusted library allocation
|
page read and write
|
||
|
16F8000
|
heap
|
page read and write
|
||
|
8310000
|
trusted library allocation
|
page execute and read and write
|
||
|
5840000
|
heap
|
page execute and read and write
|
||
|
7510000
|
trusted library allocation
|
page read and write
|
||
|
2BBD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
6AED000
|
stack
|
page read and write
|
||
|
74F0000
|
trusted library allocation
|
page read and write
|
||
|
21442810000
|
trusted library allocation
|
page read and write
|
||
|
2143CEAA000
|
heap
|
page read and write
|
||
|
5BC5000
|
heap
|
page read and write
|
||
|
8331000
|
trusted library allocation
|
page read and write
|
||
|
2BD0000
|
trusted library allocation
|
page read and write
|
||
|
6AFE000
|
stack
|
page read and write
|
||
|
7218000
|
heap
|
page read and write
|
||
|
154E000
|
stack
|
page read and write
|
||
|
839000
|
stack
|
page read and write
|
||
|
C34000
|
trusted library allocation
|
page read and write
|
||
|
6CF0000
|
trusted library allocation
|
page read and write
|
||
|
707E000
|
stack
|
page read and write
|
||
|
73AE000
|
stack
|
page read and write
|
||
|
8182000
|
heap
|
page read and write
|
||
|
6B3F000
|
stack
|
page read and write
|
||
|
21442170000
|
trusted library allocation
|
page read and write
|
||
|
144E000
|
stack
|
page read and write
|
||
|
214421F0000
|
trusted library allocation
|
page read and write
|
||
|
5B9E000
|
stack
|
page read and write
|
||
|
2B60000
|
heap
|
page read and write
|
||
|
6556000
|
heap
|
page read and write
|
||
|
33EA000
|
trusted library allocation
|
page read and write
|
||
|
7490000
|
trusted library allocation
|
page read and write
|
||
|
3FCEBF7000
|
stack
|
page read and write
|
There are 496 hidden memdumps, click here to show them.