Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
QUOTATION_APRQTRA031244#U00b7PDF.scr.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.chk
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage user DataBase, version 0x620, checksum 0x5f3c1cc4, page size 16384, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\QUOTATION_APRQTRA031244#U00b7PDF.scr.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4czr4rc3.sms.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cgdkc3bu.gyo.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oqg0abk2.hdp.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wvhppwqi.1nz.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\QUOTATION_APRQTRA031244#U00b7PDF.scr.exe
|
"C:\Users\user\Desktop\QUOTATION_APRQTRA031244#U00b7PDF.scr.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"Powershell.exe" ??????????-??????????E??????????x??????????e??????????c??????????u??????????t??????????i??????????o??????????n??????????P??????????o??????????l??????????i??????????c??????????y??????????
??????????B??????????y??????????p??????????a??????????s??????????s?????????? ??????????-??????????c??????????o??????????m??????????m??????????a??????????n??????????d
?????????C?????????o?????????p?????????y?????????-?????????I?????????t?????????e?????????m 'C:\Users\user\Desktop\QUOTATION_APRQTRA031244#U00b7PDF.scr.exe'
'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ESET.exe'
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://aka.ms/winsvr-2022-pshelp
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://www.microsoft.co
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV21C:
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://github.com/sam210723/goesrecv-monitor/releases/latest
|
unknown
|
||
|
http://go.micros
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://go.microsoft.UEV.psd1id
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod1C:
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://vksdr.com/goesrecv-monitor
|
unknown
|
||
|
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://ip-api.com
|
unknown
|
||
|
https://go.microsoft.U
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
There are 15 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ip-api.com
|
208.95.112.1
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
208.95.112.1
|
ip-api.com
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
There are 6 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
36F9000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
68BE000
|
stack
|
page read and write
|
||
|
FAF2A7E000
|
stack
|
page read and write
|
||
|
7F288000
|
trusted library allocation
|
page execute and read and write
|
||
|
5330000
|
heap
|
page read and write
|
||
|
708B000
|
heap
|
page read and write
|
||
|
6A3D000
|
stack
|
page read and write
|
||
|
A6A000
|
trusted library allocation
|
page execute and read and write
|
||
|
8370000
|
trusted library allocation
|
page read and write
|
||
|
6C1A000
|
stack
|
page read and write
|
||
|
2D1E000
|
stack
|
page read and write
|
||
|
9B6000
|
heap
|
page read and write
|
||
|
7E10000
|
heap
|
page read and write
|
||
|
FAF09FD000
|
stack
|
page read and write
|
||
|
26C0000
|
trusted library allocation
|
page read and write
|
||
|
2B6E000
|
stack
|
page read and write
|
||
|
4A30000
|
trusted library allocation
|
page read and write
|
||
|
2DB7000
|
trusted library allocation
|
page read and write
|
||
|
51D0000
|
trusted library allocation
|
page read and write
|
||
|
85D000
|
trusted library allocation
|
page execute and read and write
|
||
|
20D000
|
unkown
|
page readonly
|
||
|
636D000
|
stack
|
page read and write
|
||
|
72CE000
|
stack
|
page read and write
|
||
|
ADE000
|
stack
|
page read and write
|
||
|
2500000
|
trusted library allocation
|
page read and write
|
||
|
73C0000
|
trusted library allocation
|
page read and write
|
||
|
538000
|
stack
|
page read and write
|
||
|
7370000
|
trusted library allocation
|
page read and write
|
||
|
461E000
|
stack
|
page read and write
|
||
|
2F4118DF000
|
heap
|
page read and write
|
||
|
728E000
|
stack
|
page read and write
|
||
|
2F40CC90000
|
trusted library allocation
|
page read and write
|
||
|
65C7000
|
trusted library allocation
|
page read and write
|
||
|
2D75000
|
trusted library allocation
|
page read and write
|
||
|
706D000
|
heap
|
page read and write
|
||
|
58DE000
|
stack
|
page read and write
|
||
|
2F40D5A0000
|
trusted library allocation
|
page read and write
|
||
|
2F40C9D0000
|
trusted library allocation
|
page read and write
|
||
|
2F4117A0000
|
remote allocation
|
page read and write
|
||
|
BA7000
|
heap
|
page read and write
|
||
|
8400000
|
trusted library allocation
|
page read and write
|
||
|
24E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F411760000
|
trusted library allocation
|
page read and write
|
||
|
26D0000
|
trusted library allocation
|
page read and write
|
||
|
7217000
|
trusted library allocation
|
page read and write
|
||
|
C1F000
|
stack
|
page read and write
|
||
|
6FEB000
|
heap
|
page read and write
|
||
|
5210000
|
trusted library allocation
|
page read and write
|
||
|
5FA2000
|
heap
|
page read and write
|
||
|
F7B000
|
heap
|
page read and write
|
||
|
7EAD000
|
stack
|
page read and write
|
||
|
46F2000
|
trusted library allocation
|
page read and write
|
||
|
2F412000000
|
heap
|
page read and write
|
||
|
777E000
|
stack
|
page read and write
|
||
|
2F40C150000
|
trusted library allocation
|
page read and write
|
||
|
84D000
|
trusted library allocation
|
page execute and read and write
|
||
|
117E000
|
stack
|
page read and write
|
||
|
B0C000
|
heap
|
page read and write
|
||
|
98E000
|
stack
|
page read and write
|
||
|
6AFE000
|
stack
|
page read and write
|
||
|
7059000
|
heap
|
page read and write
|
||
|
86E000
|
heap
|
page read and write
|
||
|
2F411600000
|
trusted library allocation
|
page read and write
|
||
|
43E000
|
remote allocation
|
page execute and read and write
|
||
|
51C0000
|
trusted library allocation
|
page read and write
|
||
|
7F60000
|
heap
|
page read and write
|
||
|
2F411730000
|
trusted library allocation
|
page read and write
|
||
|
2F411853000
|
heap
|
page read and write
|
||
|
7F50000
|
heap
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
F6E000
|
stack
|
page read and write
|
||
|
6FC0000
|
heap
|
page read and write
|
||
|
103D000
|
heap
|
page read and write
|
||
|
FAF24FE000
|
unkown
|
page readonly
|
||
|
2F40CB1A000
|
heap
|
page read and write
|
||
|
20A000
|
unkown
|
page readonly
|
||
|
4BB3000
|
heap
|
page read and write
|
||
|
4BB0000
|
heap
|
page read and write
|
||
|
2F40CB00000
|
heap
|
page read and write
|
||
|
A20000
|
trusted library allocation
|
page read and write
|
||
|
2D30000
|
heap
|
page execute and read and write
|
||
|
24F0000
|
trusted library allocation
|
page read and write
|
||
|
1236000
|
trusted library allocation
|
page execute and read and write
|
||
|
52EE000
|
stack
|
page read and write
|
||
|
6F1E000
|
stack
|
page read and write
|
||
|
FAF0FF9000
|
stack
|
page read and write
|
||
|
8211000
|
trusted library allocation
|
page read and write
|
||
|
FAF087B000
|
stack
|
page read and write
|
||
|
6A20000
|
heap
|
page read and write
|
||
|
2C10000
|
heap
|
page read and write
|
||
|
5840000
|
trusted library allocation
|
page read and write
|
||
|
2F4116D0000
|
trusted library allocation
|
page read and write
|
||
|
4A62000
|
trusted library allocation
|
page read and write
|
||
|
26CF000
|
trusted library allocation
|
page read and write
|
||
|
6D20000
|
heap
|
page read and write
|
||
|
6FB0000
|
heap
|
page execute and read and write
|
||
|
A66000
|
trusted library allocation
|
page execute and read and write
|
||
|
9F7000
|
heap
|
page read and write
|
||
|
BBF000
|
heap
|
page read and write
|
||
|
7E40000
|
trusted library allocation
|
page read and write
|
||
|
2F40D120000
|
trusted library allocation
|
page read and write
|
||
|
A30000
|
trusted library allocation
|
page read and write
|
||
|
7360000
|
trusted library allocation
|
page execute and read and write
|
||
|
1213000
|
trusted library allocation
|
page execute and read and write
|
||
|
1260000
|
trusted library allocation
|
page read and write
|
||
|
2E37000
|
trusted library allocation
|
page read and write
|
||
|
2510000
|
heap
|
page read and write
|
||
|
563F000
|
stack
|
page read and write
|
||
|
573F000
|
stack
|
page read and write
|
||
|
2F40CB13000
|
heap
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
51DE000
|
trusted library allocation
|
page read and write
|
||
|
2F411750000
|
trusted library allocation
|
page read and write
|
||
|
FAF23FC000
|
stack
|
page read and write
|
||
|
507C000
|
stack
|
page read and write
|
||
|
4AD0000
|
trusted library allocation
|
page read and write
|
||
|
73E0000
|
trusted library allocation
|
page read and write
|
||
|
868000
|
heap
|
page read and write
|
||
|
7E30000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
7FBD000
|
heap
|
page read and write
|
||
|
2F40C302000
|
heap
|
page read and write
|
||
|
2F40C2FF000
|
heap
|
page read and write
|
||
|
2F4118C0000
|
heap
|
page read and write
|
||
|
5955000
|
heap
|
page read and write
|
||
|
2F40C329000
|
heap
|
page read and write
|
||
|
4691000
|
trusted library allocation
|
page read and write
|
||
|
5838000
|
trusted library allocation
|
page read and write
|
||
|
2F40C272000
|
heap
|
page read and write
|
||
|
A70000
|
trusted library allocation
|
page read and write
|
||
|
AAA000
|
stack
|
page read and write
|
||
|
51EE000
|
trusted library allocation
|
page read and write
|
||
|
84EE000
|
stack
|
page read and write
|
||
|
2F40C2A1000
|
heap
|
page read and write
|
||
|
4B95000
|
trusted library allocation
|
page read and write
|
||
|
763E000
|
stack
|
page read and write
|
||
|
7F40000
|
trusted library allocation
|
page read and write
|
||
|
4ECE000
|
stack
|
page read and write
|
||
|
5214000
|
trusted library allocation
|
page read and write
|
||
|
2F41181E000
|
heap
|
page read and write
|
||
|
FB6000
|
heap
|
page read and write
|
||
|
B92000
|
heap
|
page read and write
|
||
|
5FD6000
|
heap
|
page read and write
|
||
|
FAF0AFE000
|
unkown
|
page readonly
|
||
|
65B0000
|
trusted library allocation
|
page read and write
|
||
|
8004000
|
heap
|
page read and write
|
||
|
6ADD000
|
stack
|
page read and write
|
||
|
50C0000
|
trusted library allocation
|
page read and write
|
||
|
2F4118E2000
|
heap
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
5920000
|
heap
|
page read and write
|
||
|
818E000
|
stack
|
page read and write
|
||
|
2F40C306000
|
heap
|
page read and write
|
||
|
91F000
|
heap
|
page read and write
|
||
|
A60000
|
trusted library allocation
|
page read and write
|
||
|
4DB0000
|
trusted library section
|
page readonly
|
||
|
7B6000
|
heap
|
page read and write
|
||
|
553C000
|
stack
|
page read and write
|
||
|
2F41190A000
|
heap
|
page read and write
|
||
|
B19000
|
heap
|
page read and write
|
||
|
7FCD000
|
heap
|
page read and write
|
||
|
2F4116E0000
|
trusted library allocation
|
page read and write
|
||
|
527C000
|
stack
|
page read and write
|
||
|
4A3B000
|
trusted library allocation
|
page read and write
|
||
|
10EF000
|
stack
|
page read and write
|
||
|
1280000
|
heap
|
page read and write
|
||
|
843000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F4116F0000
|
trusted library allocation
|
page read and write
|
||
|
6A2E000
|
heap
|
page read and write
|
||
|
FAF14FE000
|
unkown
|
page readonly
|
||
|
E20000
|
heap
|
page read and write
|
||
|
4D6E000
|
stack
|
page read and write
|
||
|
1200000
|
trusted library allocation
|
page read and write
|
||
|
7F20000
|
trusted library allocation
|
page read and write
|
||
|
4D7C000
|
stack
|
page read and write
|
||
|
6B9F000
|
stack
|
page read and write
|
||
|
2E33000
|
trusted library allocation
|
page read and write
|
||
|
65D0000
|
trusted library allocation
|
page read and write
|
||
|
36F1000
|
trusted library allocation
|
page read and write
|
||
|
5090000
|
heap
|
page read and write
|
||
|
6E5E000
|
stack
|
page read and write
|
||
|
7032000
|
heap
|
page read and write
|
||
|
5334000
|
heap
|
page read and write
|
||
|
4680000
|
heap
|
page execute and read and write
|
||
|
2F4118FA000
|
heap
|
page read and write
|
||
|
4AC0000
|
heap
|
page read and write
|
||
|
24DE000
|
stack
|
page read and write
|
||
|
5910000
|
heap
|
page read and write
|
||
|
2F4117A0000
|
remote allocation
|
page read and write
|
||
|
4590000
|
heap
|
page execute and read and write
|
||
|
2F41180E000
|
heap
|
page read and write
|
||
|
65F0000
|
trusted library allocation
|
page read and write
|
||
|
A34000
|
trusted library allocation
|
page read and write
|
||
|
6A0E000
|
stack
|
page read and write
|
||
|
7220000
|
trusted library allocation
|
page read and write
|
||
|
2F40C302000
|
heap
|
page read and write
|
||
|
A3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
75FE000
|
stack
|
page read and write
|
||
|
2F4116F0000
|
trusted library allocation
|
page read and write
|
||
|
2F411644000
|
trusted library allocation
|
page read and write
|
||
|
4A3E000
|
trusted library allocation
|
page read and write
|
||
|
581D000
|
stack
|
page read and write
|
||
|
1214000
|
trusted library allocation
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
83FE000
|
stack
|
page read and write
|
||
|
2F40C240000
|
heap
|
page read and write
|
||
|
C8C000
|
stack
|
page read and write
|
||
|
2F40C020000
|
heap
|
page read and write
|
||
|
2F41182B000
|
heap
|
page read and write
|
||
|
1B0000
|
unkown
|
page readonly
|
||
|
2F4118F3000
|
heap
|
page read and write
|
||
|
5220000
|
trusted library allocation
|
page read and write
|
||
|
A33000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F40C313000
|
heap
|
page read and write
|
||
|
2F40C29F000
|
heap
|
page read and write
|
||
|
6600000
|
trusted library allocation
|
page read and write
|
||
|
26BB000
|
stack
|
page read and write
|
||
|
56B9000
|
trusted library allocation
|
page read and write
|
||
|
2F40C213000
|
heap
|
page read and write
|
||
|
787F000
|
stack
|
page read and write
|
||
|
73A0000
|
trusted library allocation
|
page read and write
|
||
|
2F4115E0000
|
trusted library allocation
|
page read and write
|
||
|
904000
|
heap
|
page read and write
|
||
|
51F6000
|
trusted library allocation
|
page read and write
|
||
|
51E2000
|
trusted library allocation
|
page read and write
|
||
|
2F40CA15000
|
heap
|
page read and write
|
||
|
2F40CA02000
|
heap
|
page read and write
|
||
|
4C91000
|
trusted library allocation
|
page read and write
|
||
|
4E45000
|
trusted library allocation
|
page read and write
|
||
|
2F40C9E0000
|
trusted library allocation
|
page read and write
|
||
|
2F411640000
|
trusted library allocation
|
page read and write
|
||
|
693E000
|
stack
|
page read and write
|
||
|
2FA000
|
stack
|
page read and write
|
||
|
2F40CB5A000
|
heap
|
page read and write
|
||
|
2F411740000
|
trusted library allocation
|
page read and write
|
||
|
830000
|
trusted library allocation
|
page read and write
|
||
|
4CB0000
|
heap
|
page execute and read and write
|
||
|
455E000
|
stack
|
page read and write
|
||
|
2E1D000
|
trusted library allocation
|
page read and write
|
||
|
4D90000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E02000
|
trusted library allocation
|
page read and write
|
||
|
2F411C70000
|
trusted library allocation
|
page read and write
|
||
|
FAF0EFE000
|
unkown
|
page readonly
|
||
|
FAF0CFE000
|
unkown
|
page readonly
|
||
|
90E000
|
stack
|
page read and write
|
||
|
1286000
|
heap
|
page read and write
|
||
|
734D000
|
stack
|
page read and write
|
||
|
1247000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F40C040000
|
heap
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
51FD000
|
trusted library allocation
|
page read and write
|
||
|
26E0000
|
heap
|
page execute and read and write
|
||
|
6630000
|
heap
|
page read and write
|
||
|
FAF13FB000
|
stack
|
page read and write
|
||
|
2F411902000
|
heap
|
page read and write
|
||
|
6BFF000
|
stack
|
page read and write
|
||
|
A90000
|
trusted library allocation
|
page read and write
|
||
|
5831000
|
trusted library allocation
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
2F4118E9000
|
heap
|
page read and write
|
||
|
4A90000
|
trusted library allocation
|
page read and write
|
||
|
71C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B78000
|
trusted library allocation
|
page read and write
|
||
|
7EF0000
|
heap
|
page read and write
|
||
|
2F411620000
|
trusted library allocation
|
page read and write
|
||
|
C3F000
|
stack
|
page read and write
|
||
|
5930000
|
heap
|
page read and write
|
||
|
2F4115F0000
|
trusted library allocation
|
page read and write
|
||
|
70D1000
|
heap
|
page read and write
|
||
|
6CDE000
|
stack
|
page read and write
|
||
|
C38000
|
trusted library allocation
|
page read and write
|
||
|
7FE3000
|
heap
|
page read and write
|
||
|
4A70000
|
trusted library allocation
|
page read and write
|
||
|
BA8000
|
stack
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
8014000
|
heap
|
page read and write
|
||
|
81C0000
|
trusted library allocation
|
page read and write
|
||
|
4AE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
8DD000
|
heap
|
page read and write
|
||
|
2F40CF40000
|
trusted library allocation
|
page read and write
|
||
|
5280000
|
heap
|
page execute and read and write
|
||
|
2F4117A0000
|
remote allocation
|
page read and write
|
||
|
2F4118FE000
|
heap
|
page read and write
|
||
|
FAF0DFE000
|
stack
|
page read and write
|
||
|
7F270000
|
trusted library allocation
|
page execute and read and write
|
||
|
7420000
|
trusted library allocation
|
page read and write
|
||
|
A5F000
|
stack
|
page read and write
|
||
|
721A000
|
trusted library allocation
|
page read and write
|
||
|
4A51000
|
trusted library allocation
|
page read and write
|
||
|
730E000
|
stack
|
page read and write
|
||
|
A90000
|
trusted library allocation
|
page read and write
|
||
|
9B8000
|
heap
|
page read and write
|
||
|
7F74000
|
heap
|
page read and write
|
||
|
7430000
|
trusted library allocation
|
page read and write
|
||
|
2F40C2FF000
|
heap
|
page read and write
|
||
|
A59000
|
trusted library allocation
|
page read and write
|
||
|
4A4E000
|
trusted library allocation
|
page read and write
|
||
|
2F411BE0000
|
trusted library allocation
|
page read and write
|
||
|
7210000
|
trusted library allocation
|
page read and write
|
||
|
2F40C317000
|
heap
|
page read and write
|
||
|
1242000
|
trusted library allocation
|
page read and write
|
||
|
6A4E000
|
stack
|
page read and write
|
||
|
2F41185E000
|
heap
|
page read and write
|
||
|
2F41188B000
|
heap
|
page read and write
|
||
|
2F411750000
|
trusted library allocation
|
page read and write
|
||
|
61E0000
|
heap
|
page read and write
|
||
|
5080000
|
heap
|
page read and write
|
||
|
6C5E000
|
stack
|
page read and write
|
||
|
A75000
|
trusted library allocation
|
page execute and read and write
|
||
|
B27000
|
heap
|
page read and write
|
||
|
3D69000
|
trusted library allocation
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
1070000
|
heap
|
page read and write
|
||
|
7122000
|
trusted library allocation
|
page read and write
|
||
|
65C0000
|
trusted library allocation
|
page read and write
|
||
|
A6A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F411700000
|
trusted library allocation
|
page read and write
|
||
|
7400000
|
trusted library allocation
|
page read and write
|
||
|
1055000
|
heap
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
26D5000
|
trusted library allocation
|
page read and write
|
||
|
2E4B000
|
trusted library allocation
|
page read and write
|
||
|
1230000
|
trusted library allocation
|
page read and write
|
||
|
5691000
|
trusted library allocation
|
page read and write
|
||
|
2D20000
|
trusted library allocation
|
page read and write
|
||
|
45DF000
|
stack
|
page read and write
|
||
|
687D000
|
stack
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
2E45000
|
trusted library allocation
|
page read and write
|
||
|
CCD000
|
stack
|
page read and write
|
||
|
2F411630000
|
trusted library allocation
|
page read and write
|
||
|
2F4118B9000
|
heap
|
page read and write
|
||
|
2F40C2BD000
|
heap
|
page read and write
|
||
|
2F40C25B000
|
heap
|
page read and write
|
||
|
1270000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E7D000
|
stack
|
page read and write
|
||
|
6E9F000
|
stack
|
page read and write
|
||
|
B1C000
|
stack
|
page read and write
|
||
|
2F411600000
|
trusted library allocation
|
page read and write
|
||
|
6FA0000
|
trusted library allocation
|
page read and write
|
||
|
2F40CA00000
|
heap
|
page read and write
|
||
|
51DB000
|
trusted library allocation
|
page read and write
|
||
|
7F6C000
|
heap
|
page read and write
|
||
|
2F4116D0000
|
trusted library allocation
|
page read and write
|
||
|
1220000
|
trusted library allocation
|
page read and write
|
||
|
850000
|
trusted library allocation
|
page read and write
|
||
|
A47000
|
heap
|
page read and write
|
||
|
844000
|
trusted library allocation
|
page read and write
|
||
|
65E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7410000
|
trusted library allocation
|
page read and write
|
||
|
8A2000
|
heap
|
page read and write
|
||
|
2DFE000
|
trusted library allocation
|
page read and write
|
||
|
5030000
|
trusted library allocation
|
page read and write
|
||
|
6640000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F40C200000
|
heap
|
page read and write
|
||
|
73F0000
|
trusted library allocation
|
page read and write
|
||
|
BF5000
|
heap
|
page read and write
|
||
|
73D0000
|
trusted library allocation
|
page read and write
|
||
|
7390000
|
trusted library allocation
|
page read and write
|
||
|
6EDE000
|
stack
|
page read and write
|
||
|
FA9000
|
heap
|
page read and write
|
||
|
A77000
|
trusted library allocation
|
page execute and read and write
|
||
|
5699000
|
trusted library allocation
|
page read and write
|
||
|
2F40CB1A000
|
heap
|
page read and write
|
||
|
800F000
|
heap
|
page read and write
|
||
|
2F40C1E1000
|
trusted library allocation
|
page read and write
|
||
|
720E000
|
stack
|
page read and write
|
||
|
2F411900000
|
heap
|
page read and write
|
||
|
4DC0000
|
heap
|
page read and write
|
||
|
2F411910000
|
heap
|
page read and write
|
||
|
ADE000
|
stack
|
page read and write
|
||
|
FAF0BF7000
|
stack
|
page read and write
|
||
|
7EEE000
|
stack
|
page read and write
|
||
|
1240000
|
trusted library allocation
|
page read and write
|
||
|
465E000
|
stack
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
123A000
|
trusted library allocation
|
page execute and read and write
|
||
|
7061000
|
heap
|
page read and write
|
||
|
1232000
|
trusted library allocation
|
page read and write
|
||
|
4E72000
|
trusted library allocation
|
page read and write
|
||
|
2B2E000
|
stack
|
page read and write
|
||
|
4A5D000
|
trusted library allocation
|
page read and write
|
||
|
4F30000
|
heap
|
page read and write
|
||
|
CE0000
|
trusted library allocation
|
page read and write
|
||
|
6C9B000
|
stack
|
page read and write
|
||
|
7069000
|
heap
|
page read and write
|
||
|
2F41165E000
|
trusted library allocation
|
page read and write
|
||
|
A72000
|
trusted library allocation
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
887000
|
heap
|
page read and write
|
||
|
5FC0000
|
heap
|
page read and write
|
||
|
4ED0000
|
trusted library section
|
page read and write
|
||
|
2F40C2AF000
|
heap
|
page read and write
|
||
|
7350000
|
trusted library allocation
|
page read and write
|
||
|
26F1000
|
trusted library allocation
|
page read and write
|
||
|
CD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
56F4000
|
trusted library allocation
|
page read and write
|
||
|
122D000
|
trusted library allocation
|
page execute and read and write
|
||
|
FAF10FE000
|
unkown
|
page readonly
|
||
|
A72000
|
trusted library allocation
|
page read and write
|
||
|
2DBD000
|
trusted library allocation
|
page read and write
|
||
|
A50000
|
trusted library allocation
|
page read and write
|
||
|
7F350000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F411601000
|
trusted library allocation
|
page read and write
|
||
|
4D70000
|
trusted library allocation
|
page read and write
|
||
|
A7B000
|
trusted library allocation
|
page execute and read and write
|
||
|
7085000
|
heap
|
page read and write
|
||
|
47E6000
|
trusted library allocation
|
page read and write
|
||
|
AE7000
|
heap
|
page read and write
|
||
|
7E20000
|
trusted library allocation
|
page execute and read and write
|
||
|
7F86000
|
heap
|
page read and write
|
||
|
2F411630000
|
trusted library allocation
|
page read and write
|
||
|
2E16000
|
trusted library allocation
|
page read and write
|
||
|
5340000
|
heap
|
page read and write
|
||
|
2F40CB02000
|
heap
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
6650000
|
trusted library allocation
|
page read and write
|
||
|
121D000
|
trusted library allocation
|
page execute and read and write
|
||
|
707D000
|
heap
|
page read and write
|
||
|
7F10000
|
heap
|
page read and write
|
||
|
2F40C120000
|
heap
|
page read and write
|
||
|
2F40C27C000
|
heap
|
page read and write
|
||
|
1B2000
|
unkown
|
page readonly
|
||
|
5FD000
|
stack
|
page read and write
|
||
|
94E000
|
stack
|
page read and write
|
||
|
853000
|
trusted library allocation
|
page read and write
|
||
|
2F40C294000
|
heap
|
page read and write
|
||
|
3F7000
|
stack
|
page read and write
|
||
|
3D41000
|
trusted library allocation
|
page read and write
|
||
|
65DA000
|
trusted library allocation
|
page read and write
|
||
|
773F000
|
stack
|
page read and write
|
||
|
2F41184D000
|
heap
|
page read and write
|
||
|
2F40C277000
|
heap
|
page read and write
|
||
|
1210000
|
trusted library allocation
|
page read and write
|
||
|
7E3D000
|
trusted library allocation
|
page read and write
|
||
|
2F411800000
|
heap
|
page read and write
|
||
|
2F40C22B000
|
heap
|
page read and write
|
||
|
4F91000
|
heap
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
2D41000
|
trusted library allocation
|
page read and write
|
||
|
7F32000
|
trusted library allocation
|
page read and write
|
||
|
F00000
|
heap
|
page read and write
|
||
|
6D1A000
|
stack
|
page read and write
|
||
|
2F40C28F000
|
heap
|
page read and write
|
||
|
FAF2AFE000
|
unkown
|
page readonly
|
||
|
840000
|
trusted library allocation
|
page read and write
|
||
|
68F0000
|
heap
|
page read and write
|
||
|
73B0000
|
trusted library allocation
|
page read and write
|
||
|
5202000
|
trusted library allocation
|
page read and write
|
||
|
2F411602000
|
trusted library allocation
|
page read and write
|
||
|
2F411B70000
|
trusted library allocation
|
page read and write
|
||
|
4A56000
|
trusted library allocation
|
page read and write
|
||
|
2F40CB04000
|
heap
|
page read and write
|
||
|
2F411840000
|
heap
|
page read and write
|
||
|
3DA5000
|
trusted library allocation
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
8EE000
|
heap
|
page read and write
|
||
|
FB3000
|
heap
|
page read and write
|
||
|
2F4116F0000
|
trusted library allocation
|
page read and write
|
||
|
7380000
|
trusted library allocation
|
page read and write
|
||
|
5FA0000
|
heap
|
page read and write
|
||
|
78E000
|
stack
|
page read and write
|
||
|
6B1B000
|
stack
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
50A0000
|
trusted library allocation
|
page read and write
|
||
|
51F1000
|
trusted library allocation
|
page read and write
|
||
|
2F40C28D000
|
heap
|
page read and write
|
||
|
6BDE000
|
stack
|
page read and write
|
||
|
5915000
|
heap
|
page read and write
|
||
|
6B5E000
|
stack
|
page read and write
|
||
|
4A34000
|
trusted library allocation
|
page read and write
|
||
|
B30000
|
heap
|
page read and write
|
||
|
646E000
|
stack
|
page read and write
|
||
|
4FC000
|
stack
|
page read and write
|
||
|
2F411860000
|
heap
|
page read and write
|
||
|
124B000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FDD000
|
heap
|
page read and write
|
||
|
C20000
|
heap
|
page readonly
|
||
|
113E000
|
stack
|
page read and write
|
||
|
7000000
|
heap
|
page read and write
|
||
|
5FF2000
|
heap
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
4D80000
|
trusted library section
|
page read and write
|
||
|
5820000
|
trusted library allocation
|
page read and write
|
||
|
7FE000
|
stack
|
page read and write
|
||
|
81B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4595000
|
heap
|
page execute and read and write
|
There are 479 hidden memdumps, click here to show them.