Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
lLX6Po7hFJ.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\DNS Host\dnshost.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmpC905.tmp
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\9E146BE9-C76A-4720-BCDB-53011B87BD06\run.dat
|
data
|
dropped
|
|
|
|
C:\Program Files (x86)\DNS Host\dnshost.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_lLX6Po7hFJ.exe_52236c2e729429a1e3187843149972c92a6f610_00000000_229a7c85-0bb3-4dc3-8de8-e15575f19acb\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3C5C.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3C7C.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\dnshost.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\lLX6Po7hFJ.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpC9F1.tmp
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Roaming\9E146BE9-C76A-4720-BCDB-53011B87BD06\task.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\lLX6Po7hFJ.exe
|
"C:\Users\user\Desktop\lLX6Po7hFJ.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"schtasks.exe" /create /f /tn "DNS Host" /xml "C:\Users\user\AppData\Local\Temp\tmpC905.tmp"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"schtasks.exe" /create /f /tn "DNS Host Task" /xml "C:\Users\user\AppData\Local\Temp\tmpC9F1.tmp"
|
|
|
|
C:\Users\user\Desktop\lLX6Po7hFJ.exe
|
C:\Users\user\Desktop\lLX6Po7hFJ.exe 0
|
|
|
|
C:\Program Files (x86)\DNS Host\dnshost.exe
|
"C:\Program Files (x86)\DNS Host\dnshost.exe" 0
|
|
|
|
C:\Program Files (x86)\DNS Host\dnshost.exe
|
"C:\Program Files (x86)\DNS Host\dnshost.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
|
dw20.exe -x -s 1468
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
|||
|
0.tcp.eu.ngrok.io
|
|
||
|
http://upx.sf.net
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
0.tcp.eu.ngrok.io
|
3.125.223.134
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
3.125.223.134
|
0.tcp.eu.ngrok.io
|
United States
|
|
|
|
18.192.31.165
|
unknown
|
United States
|
|
|
|
18.158.249.75
|
unknown
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
|
DNS Host
|
||
|
\REGISTRY\A\{9ff4db4a-28bb-838b-de8e-17b4eb7570cc}\Root\InventoryApplicationFile\llx6po7hfj.exe|8bf56e97b234ef88
|
ProgramId
|
||
|
\REGISTRY\A\{9ff4db4a-28bb-838b-de8e-17b4eb7570cc}\Root\InventoryApplicationFile\llx6po7hfj.exe|8bf56e97b234ef88
|
FileId
|
||
|
\REGISTRY\A\{9ff4db4a-28bb-838b-de8e-17b4eb7570cc}\Root\InventoryApplicationFile\llx6po7hfj.exe|8bf56e97b234ef88
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{9ff4db4a-28bb-838b-de8e-17b4eb7570cc}\Root\InventoryApplicationFile\llx6po7hfj.exe|8bf56e97b234ef88
|
LongPathHash
|
||
|
\REGISTRY\A\{9ff4db4a-28bb-838b-de8e-17b4eb7570cc}\Root\InventoryApplicationFile\llx6po7hfj.exe|8bf56e97b234ef88
|
Name
|
||
|
\REGISTRY\A\{9ff4db4a-28bb-838b-de8e-17b4eb7570cc}\Root\InventoryApplicationFile\llx6po7hfj.exe|8bf56e97b234ef88
|
OriginalFileName
|
||
|
\REGISTRY\A\{9ff4db4a-28bb-838b-de8e-17b4eb7570cc}\Root\InventoryApplicationFile\llx6po7hfj.exe|8bf56e97b234ef88
|
Publisher
|
||
|
\REGISTRY\A\{9ff4db4a-28bb-838b-de8e-17b4eb7570cc}\Root\InventoryApplicationFile\llx6po7hfj.exe|8bf56e97b234ef88
|
Version
|
||
|
\REGISTRY\A\{9ff4db4a-28bb-838b-de8e-17b4eb7570cc}\Root\InventoryApplicationFile\llx6po7hfj.exe|8bf56e97b234ef88
|
BinFileVersion
|
||
|
\REGISTRY\A\{9ff4db4a-28bb-838b-de8e-17b4eb7570cc}\Root\InventoryApplicationFile\llx6po7hfj.exe|8bf56e97b234ef88
|
BinaryType
|
||
|
\REGISTRY\A\{9ff4db4a-28bb-838b-de8e-17b4eb7570cc}\Root\InventoryApplicationFile\llx6po7hfj.exe|8bf56e97b234ef88
|
ProductName
|
||
|
\REGISTRY\A\{9ff4db4a-28bb-838b-de8e-17b4eb7570cc}\Root\InventoryApplicationFile\llx6po7hfj.exe|8bf56e97b234ef88
|
ProductVersion
|
||
|
\REGISTRY\A\{9ff4db4a-28bb-838b-de8e-17b4eb7570cc}\Root\InventoryApplicationFile\llx6po7hfj.exe|8bf56e97b234ef88
|
LinkDate
|
||
|
\REGISTRY\A\{9ff4db4a-28bb-838b-de8e-17b4eb7570cc}\Root\InventoryApplicationFile\llx6po7hfj.exe|8bf56e97b234ef88
|
BinProductVersion
|
||
|
\REGISTRY\A\{9ff4db4a-28bb-838b-de8e-17b4eb7570cc}\Root\InventoryApplicationFile\llx6po7hfj.exe|8bf56e97b234ef88
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{9ff4db4a-28bb-838b-de8e-17b4eb7570cc}\Root\InventoryApplicationFile\llx6po7hfj.exe|8bf56e97b234ef88
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{9ff4db4a-28bb-838b-de8e-17b4eb7570cc}\Root\InventoryApplicationFile\llx6po7hfj.exe|8bf56e97b234ef88
|
Size
|
||
|
\REGISTRY\A\{9ff4db4a-28bb-838b-de8e-17b4eb7570cc}\Root\InventoryApplicationFile\llx6po7hfj.exe|8bf56e97b234ef88
|
Language
|
||
|
\REGISTRY\A\{9ff4db4a-28bb-838b-de8e-17b4eb7570cc}\Root\InventoryApplicationFile\llx6po7hfj.exe|8bf56e97b234ef88
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 12 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
E52000
|
unkown
|
page readonly
|
|
|
|
29D1000
|
trusted library allocation
|
page read and write
|
|
|
|
6190000
|
trusted library section
|
page read and write
|
|
|
|
39D1000
|
trusted library allocation
|
page read and write
|
|
|
|
2921000
|
trusted library allocation
|
page read and write
|
|
|
|
21A8000
|
heap
|
page read and write
|
||
|
4DA6000
|
heap
|
page execute and read and write
|
||
|
73C000
|
heap
|
page read and write
|
||
|
4AF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5920000
|
trusted library allocation
|
page execute and read and write
|
||
|
A3C000
|
trusted library allocation
|
page execute and read and write
|
||
|
3601000
|
trusted library allocation
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
178A000
|
trusted library allocation
|
page execute and read and write
|
||
|
63D000
|
stack
|
page read and write
|
||
|
1380000
|
heap
|
page read and write
|
||
|
3714000
|
trusted library allocation
|
page read and write
|
||
|
9DD000
|
stack
|
page read and write
|
||
|
4ABE000
|
stack
|
page read and write
|
||
|
53E000
|
unkown
|
page read and write
|
||
|
5DEF000
|
stack
|
page read and write
|
||
|
1780000
|
trusted library allocation
|
page read and write
|
||
|
157A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1450000
|
heap
|
page read and write
|
||
|
98E000
|
stack
|
page read and write
|
||
|
742000
|
heap
|
page read and write
|
||
|
876000
|
heap
|
page read and write
|
||
|
400000
|
heap
|
page read and write
|
||
|
4667000
|
trusted library allocation
|
page read and write
|
||
|
4B34000
|
heap
|
page read and write
|
||
|
57A0000
|
heap
|
page read and write
|
||
|
61E0000
|
unclassified section
|
page read and write
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
5ACE000
|
stack
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
21AC000
|
heap
|
page read and write
|
||
|
1F6E000
|
stack
|
page read and write
|
||
|
2B40000
|
heap
|
page read and write
|
||
|
6DD000
|
heap
|
page read and write
|
||
|
327F000
|
stack
|
page read and write
|
||
|
1792000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BCF000
|
stack
|
page read and write
|
||
|
378F000
|
trusted library allocation
|
page read and write
|
||
|
85E000
|
stack
|
page read and write
|
||
|
2E3F000
|
stack
|
page read and write
|
||
|
1370000
|
heap
|
page read and write
|
||
|
5790000
|
heap
|
page read and write
|
||
|
6F6000
|
stack
|
page read and write
|
||
|
8F0000
|
trusted library allocation
|
page read and write
|
||
|
144A000
|
trusted library allocation
|
page execute and read and write
|
||
|
292F000
|
stack
|
page read and write
|
||
|
159B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1560000
|
trusted library allocation
|
page read and write
|
||
|
5A8E000
|
stack
|
page read and write
|
||
|
5F4D000
|
stack
|
page read and write
|
||
|
C47000
|
trusted library allocation
|
page execute and read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
1800000
|
heap
|
page read and write
|
||
|
4F8E000
|
stack
|
page read and write
|
||
|
C2F000
|
stack
|
page read and write
|
||
|
992000
|
heap
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
B2F000
|
stack
|
page read and write
|
||
|
7F320000
|
trusted library allocation
|
page execute and read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
160E000
|
heap
|
page read and write
|
||
|
A2A000
|
trusted library allocation
|
page execute and read and write
|
||
|
723000
|
heap
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
624E000
|
stack
|
page read and write
|
||
|
474E000
|
trusted library allocation
|
page read and write
|
||
|
301F000
|
stack
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
17EE000
|
stack
|
page read and write
|
||
|
4CA0000
|
heap
|
page execute and read and write
|
||
|
6200000
|
heap
|
page execute and read and write
|
||
|
2B0E000
|
unkown
|
page read and write
|
||
|
363B000
|
trusted library allocation
|
page read and write
|
||
|
902000
|
trusted library allocation
|
page execute and read and write
|
||
|
15E1000
|
heap
|
page read and write
|
||
|
C4B000
|
trusted library allocation
|
page execute and read and write
|
||
|
723000
|
heap
|
page read and write
|
||
|
61B0000
|
trusted library section
|
page read and write
|
||
|
300E000
|
stack
|
page read and write
|
||
|
2AC0000
|
heap
|
page read and write
|
||
|
4CC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3110000
|
remote allocation
|
page read and write
|
||
|
916000
|
heap
|
page read and write
|
||
|
638E000
|
stack
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
65CC000
|
stack
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
268F000
|
stack
|
page read and write
|
||
|
1623000
|
heap
|
page read and write
|
||
|
1562000
|
trusted library allocation
|
page execute and read and write
|
||
|
4680000
|
trusted library allocation
|
page read and write
|
||
|
1980000
|
trusted library allocation
|
page read and write
|
||
|
29EE000
|
stack
|
page read and write
|
||
|
376B000
|
trusted library allocation
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
598E000
|
stack
|
page read and write
|
||
|
A32000
|
trusted library allocation
|
page execute and read and write
|
||
|
3773000
|
trusted library allocation
|
page read and write
|
||
|
648E000
|
stack
|
page read and write
|
||
|
1770000
|
trusted library allocation
|
page read and write
|
||
|
723000
|
heap
|
page read and write
|
||
|
58EE000
|
stack
|
page read and write
|
||
|
2D3E000
|
stack
|
page read and write
|
||
|
4527000
|
trusted library allocation
|
page read and write
|
||
|
363E000
|
trusted library allocation
|
page read and write
|
||
|
5800000
|
trusted library allocation
|
page execute and read and write
|
||
|
4AE0000
|
trusted library allocation
|
page read and write
|
||
|
2B30000
|
heap
|
page read and write
|
||
|
5956000
|
heap
|
page execute and read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
35C0000
|
trusted library allocation
|
page read and write
|
||
|
2A8A000
|
stack
|
page read and write
|
||
|
81E000
|
unkown
|
page read and write
|
||
|
1430000
|
trusted library allocation
|
page read and write
|
||
|
158C000
|
trusted library allocation
|
page execute and read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
604F000
|
stack
|
page read and write
|
||
|
A30000
|
trusted library allocation
|
page read and write
|
||
|
89E000
|
stack
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
91C000
|
trusted library allocation
|
page execute and read and write
|
||
|
196000
|
stack
|
page read and write
|
||
|
175E000
|
stack
|
page read and write
|
||
|
179A000
|
trusted library allocation
|
page execute and read and write
|
||
|
123A000
|
stack
|
page read and write
|
||
|
510E000
|
stack
|
page read and write
|
||
|
46F6000
|
trusted library allocation
|
page read and write
|
||
|
90A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1550000
|
trusted library allocation
|
page read and write
|
||
|
365C000
|
trusted library allocation
|
page read and write
|
||
|
4C70000
|
heap
|
page read and write
|
||
|
2BCE000
|
stack
|
page read and write
|
||
|
5C5E000
|
stack
|
page read and write
|
||
|
20D0000
|
heap
|
page read and write
|
||
|
912000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E8E000
|
stack
|
page read and write
|
||
|
6FA000
|
heap
|
page read and write
|
||
|
573E000
|
stack
|
page read and write
|
||
|
19C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
A62000
|
trusted library allocation
|
page execute and read and write
|
||
|
3953000
|
trusted library allocation
|
page read and write
|
||
|
149E000
|
stack
|
page read and write
|
||
|
4FCE000
|
stack
|
page read and write
|
||
|
910000
|
trusted library allocation
|
page read and write
|
||
|
5C0E000
|
stack
|
page read and write
|
||
|
4CD0000
|
heap
|
page execute and read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
6FA000
|
heap
|
page read and write
|
||
|
563C000
|
stack
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
3632000
|
trusted library allocation
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
522F000
|
stack
|
page read and write
|
||
|
A6A000
|
trusted library allocation
|
page execute and read and write
|
||
|
742000
|
heap
|
page read and write
|
||
|
29AE000
|
stack
|
page read and write
|
||
|
374C000
|
trusted library allocation
|
page read and write
|
||
|
E72000
|
unkown
|
page readonly
|
||
|
180E000
|
stack
|
page read and write
|
||
|
6860000
|
heap
|
page read and write
|
||
|
50EF000
|
stack
|
page read and write
|
||
|
1580000
|
trusted library allocation
|
page read and write
|
||
|
4AD0000
|
trusted library allocation
|
page read and write
|
||
|
618B000
|
stack
|
page read and write
|
||
|
1625000
|
heap
|
page read and write
|
||
|
520E000
|
stack
|
page read and write
|
||
|
4D0D000
|
stack
|
page read and write
|
||
|
63F000
|
unkown
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
317E000
|
stack
|
page read and write
|
||
|
592E000
|
stack
|
page read and write
|
||
|
469E000
|
trusted library allocation
|
page read and write
|
||
|
D2C000
|
stack
|
page read and write
|
||
|
17A0000
|
trusted library allocation
|
page read and write
|
||
|
4CB4000
|
heap
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
92A000
|
trusted library allocation
|
page execute and read and write
|
||
|
5BCE000
|
stack
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
CEE000
|
stack
|
page read and write
|
||
|
5960000
|
heap
|
page execute and read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
C8E000
|
stack
|
page read and write
|
||
|
1660000
|
heap
|
page read and write
|
||
|
39A0000
|
trusted library allocation
|
page read and write
|
||
|
6F1000
|
heap
|
page read and write
|
||
|
BAF000
|
stack
|
page read and write
|
||
|
19D0000
|
heap
|
page read and write
|
||
|
5946000
|
heap
|
page execute and read and write
|
||
|
6FA000
|
heap
|
page read and write
|
||
|
6EF000
|
heap
|
page read and write
|
||
|
6D3000
|
heap
|
page read and write
|
||
|
2B10000
|
heap
|
page read and write
|
||
|
1336000
|
stack
|
page read and write
|
||
|
1455000
|
heap
|
page read and write
|
||
|
378D000
|
trusted library allocation
|
page read and write
|
||
|
5810000
|
heap
|
page execute and read and write
|
||
|
A7B000
|
trusted library allocation
|
page execute and read and write
|
||
|
35C6000
|
trusted library allocation
|
page read and write
|
||
|
1AC0000
|
heap
|
page read and write
|
||
|
6A1000
|
heap
|
page read and write
|
||
|
F19000
|
stack
|
page read and write
|
||
|
5D0E000
|
stack
|
page read and write
|
||
|
190F000
|
stack
|
page read and write
|
||
|
1854000
|
heap
|
page execute and read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
177C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C70000
|
trusted library allocation
|
page read and write
|
||
|
4647000
|
trusted library allocation
|
page read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
47FE000
|
trusted library allocation
|
page read and write
|
||
|
742000
|
heap
|
page read and write
|
||
|
378B000
|
trusted library allocation
|
page read and write
|
||
|
565E000
|
stack
|
page read and write
|
||
|
660E000
|
stack
|
page read and write
|
||
|
6E2000
|
heap
|
page read and write
|
||
|
6CDD000
|
stack
|
page read and write
|
||
|
20C0000
|
heap
|
page read and write
|
||
|
73C000
|
heap
|
page read and write
|
||
|
5F00000
|
trusted library section
|
page read and write
|
||
|
1510000
|
heap
|
page read and write
|
||
|
2B8F000
|
unkown
|
page read and write
|
||
|
3969000
|
trusted library allocation
|
page read and write
|
||
|
6F6000
|
stack
|
page read and write
|
||
|
25DF000
|
stack
|
page read and write
|
||
|
927000
|
trusted library allocation
|
page execute and read and write
|
||
|
1375000
|
heap
|
page read and write
|
||
|
3B9000
|
stack
|
page read and write
|
||
|
1576000
|
trusted library allocation
|
page execute and read and write
|
||
|
4CC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1860000
|
heap
|
page read and write
|
||
|
C3A000
|
trusted library allocation
|
page execute and read and write
|
||
|
82F000
|
heap
|
page read and write
|
||
|
7F280000
|
trusted library allocation
|
page execute and read and write
|
||
|
196E000
|
stack
|
page read and write
|
||
|
874000
|
heap
|
page read and write
|
||
|
4B30000
|
heap
|
page read and write
|
||
|
4508000
|
trusted library allocation
|
page read and write
|
||
|
705000
|
heap
|
page read and write
|
||
|
5B5E000
|
stack
|
page read and write
|
||
|
12F6000
|
stack
|
page read and write
|
||
|
9CF000
|
stack
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
6DD000
|
heap
|
page read and write
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
15D9000
|
heap
|
page read and write
|
||
|
A22000
|
trusted library allocation
|
page execute and read and write
|
||
|
780000
|
heap
|
page execute and read and write
|
||
|
376D000
|
trusted library allocation
|
page read and write
|
||
|
4D86000
|
heap
|
page execute and read and write
|
||
|
3110000
|
remote allocation
|
page read and write
|
||
|
4601000
|
trusted library allocation
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
64CC000
|
stack
|
page read and write
|
||
|
5940000
|
heap
|
page execute and read and write
|
||
|
3775000
|
trusted library allocation
|
page read and write
|
||
|
4D6E000
|
stack
|
page read and write
|
||
|
363A000
|
trusted library allocation
|
page read and write
|
||
|
4D80000
|
heap
|
page execute and read and write
|
||
|
2A2C000
|
trusted library allocation
|
page read and write
|
||
|
155E000
|
stack
|
page read and write
|
||
|
6DB000
|
heap
|
page read and write
|
||
|
57A4000
|
heap
|
page read and write
|
||
|
1597000
|
trusted library allocation
|
page execute and read and write
|
||
|
9B1000
|
heap
|
page read and write
|
||
|
214E000
|
stack
|
page read and write
|
||
|
162D000
|
heap
|
page read and write
|
||
|
393D000
|
trusted library allocation
|
page read and write
|
||
|
1772000
|
trusted library allocation
|
page execute and read and write
|
||
|
15D0000
|
heap
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
A4A000
|
trusted library allocation
|
page execute and read and write
|
||
|
57D0000
|
heap
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
6E1E000
|
stack
|
page read and write
|
||
|
14DE000
|
stack
|
page read and write
|
||
|
1568000
|
heap
|
page read and write
|
||
|
5820000
|
heap
|
page read and write
|
||
|
1AA0000
|
heap
|
page execute and read and write
|
||
|
206F000
|
stack
|
page read and write
|
||
|
5824000
|
heap
|
page read and write
|
||
|
705000
|
heap
|
page read and write
|
||
|
351A000
|
trusted library allocation
|
page read and write
|
||
|
C32000
|
trusted library allocation
|
page execute and read and write
|
||
|
461D000
|
trusted library allocation
|
page read and write
|
||
|
1850000
|
heap
|
page execute and read and write
|
||
|
1582000
|
trusted library allocation
|
page execute and read and write
|
||
|
54C8000
|
trusted library allocation
|
page read and write
|
||
|
7DE000
|
stack
|
page read and write
|
||
|
4597000
|
trusted library allocation
|
page read and write
|
||
|
4633000
|
trusted library allocation
|
page read and write
|
||
|
85F000
|
unkown
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
512E000
|
stack
|
page read and write
|
||
|
670E000
|
stack
|
page read and write
|
||
|
634E000
|
stack
|
page read and write
|
||
|
34C1000
|
trusted library allocation
|
page read and write
|
||
|
5950000
|
heap
|
page execute and read and write
|
||
|
A10000
|
trusted library allocation
|
page read and write
|
||
|
3987000
|
trusted library allocation
|
page read and write
|
||
|
6E1000
|
heap
|
page read and write
|
||
|
376F000
|
trusted library allocation
|
page read and write
|
||
|
745000
|
heap
|
page read and write
|
||
|
3645000
|
trusted library allocation
|
page read and write
|
||
|
6850000
|
trusted library allocation
|
page execute and read and write
|
||
|
73C000
|
heap
|
page read and write
|
||
|
9AF000
|
heap
|
page read and write
|
||
|
6E1000
|
heap
|
page read and write
|
||
|
A77000
|
trusted library allocation
|
page execute and read and write
|
||
|
6EF000
|
heap
|
page read and write
|
||
|
4C90000
|
heap
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
1572000
|
trusted library allocation
|
page read and write
|
||
|
4CB0000
|
heap
|
page read and write
|
||
|
1CA0000
|
heap
|
page read and write
|
||
|
4AC0000
|
trusted library allocation
|
page read and write
|
||
|
310D000
|
stack
|
page read and write
|
||
|
1442000
|
trusted library allocation
|
page execute and read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
61D0000
|
trusted library allocation
|
page read and write
|
||
|
67A000
|
stack
|
page read and write
|
||
|
A47000
|
trusted library allocation
|
page execute and read and write
|
||
|
3110000
|
remote allocation
|
page read and write
|
||
|
5910000
|
heap
|
page execute and read and write
|
||
|
1570000
|
trusted library allocation
|
page read and write
|
||
|
4FAF000
|
stack
|
page read and write
|
||
|
1590000
|
trusted library allocation
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
6C7000
|
heap
|
page read and write
|
||
|
14E0000
|
heap
|
page read and write
|
||
|
21A0000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
2BFF000
|
stack
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
3E9000
|
stack
|
page read and write
|
||
|
50CE000
|
stack
|
page read and write
|
||
|
15D8000
|
heap
|
page read and write
|
||
|
362B000
|
trusted library allocation
|
page read and write
|
||
|
667000
|
heap
|
page read and write
|
||
|
4B00000
|
trusted library allocation
|
page execute and read and write
|
||
|
688000
|
heap
|
page read and write
|
||
|
20E0000
|
heap
|
page read and write
|
||
|
4FEE000
|
stack
|
page read and write
|
||
|
6EB000
|
heap
|
page read and write
|
||
|
2EEA000
|
heap
|
page read and write
|
||
|
45EF000
|
trusted library allocation
|
page read and write
|
||
|
161F000
|
heap
|
page read and write
|
||
|
5DDC000
|
stack
|
page read and write
|
||
|
6960000
|
heap
|
page read and write
|
||
|
1560000
|
heap
|
page read and write
|
||
|
1594000
|
heap
|
page read and write
|
||
|
CAF000
|
stack
|
page read and write
|
||
|
13D0000
|
trusted library section
|
page read and write
|
||
|
1762000
|
trusted library allocation
|
page execute and read and write
|
||
|
4DA0000
|
heap
|
page execute and read and write
|
||
|
4EAE000
|
stack
|
page read and write
|
||
|
705000
|
heap
|
page read and write
|
||
|
7FE000
|
heap
|
page read and write
|
||
|
184E000
|
stack
|
page read and write
|
||
|
296E000
|
stack
|
page read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
E50000
|
unkown
|
page readonly
|
||
|
176A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AFE000
|
stack
|
page read and write
|
||
|
15B0000
|
heap
|
page read and write
|
||
|
54C0000
|
trusted library allocation
|
page read and write
|
||
|
D80000
|
heap
|
page execute and read and write
|
||
|
1592000
|
trusted library allocation
|
page read and write
|
||
|
4D1E000
|
stack
|
page read and write
|
||
|
6BDC000
|
stack
|
page read and write
|
||
|
15DB000
|
heap
|
page read and write
|
||
|
6A3000
|
heap
|
page read and write
|
||
|
47A6000
|
trusted library allocation
|
page read and write
|
||
|
2CFF000
|
stack
|
page read and write
|
||
|
608C000
|
stack
|
page read and write
|
||
|
19A0000
|
trusted library allocation
|
page read and write
|
||
|
19D5000
|
heap
|
page read and write
|
||
|
297C000
|
trusted library allocation
|
page read and write
|
||
|
F50000
|
trusted library allocation
|
page read and write
|
||
|
69D000
|
heap
|
page read and write
|
||
|
5750000
|
trusted library allocation
|
page execute and read and write
|
||
|
3921000
|
trusted library allocation
|
page read and write
|
||
|
FFE000
|
stack
|
page read and write
|
||
|
15DE000
|
heap
|
page read and write
|
||
|
7FA000
|
heap
|
page read and write
|
||
|
1C90000
|
trusted library allocation
|
page read and write
|
||
|
61C1000
|
trusted library allocation
|
page read and write
|
||
|
19B000
|
stack
|
page read and write
|
||
|
17AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2730000
|
heap
|
page read and write
|
||
|
9FE000
|
stack
|
page read and write
|
||
|
158A000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F5000
|
heap
|
page read and write
|
||
|
69D000
|
heap
|
page read and write
|
||
|
964000
|
heap
|
page read and write
|
||
|
44C1000
|
trusted library allocation
|
page read and write
|
||
|
1787000
|
trusted library allocation
|
page execute and read and write
|
||
|
17A7000
|
trusted library allocation
|
page execute and read and write
|
||
|
4ACE000
|
stack
|
page read and write
|
||
|
7F9E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
6A1000
|
heap
|
page read and write
|
||
|
35FE000
|
trusted library allocation
|
page read and write
|
||
|
7EE80000
|
trusted library allocation
|
page execute and read and write
|
||
|
58A0000
|
heap
|
page read and write
|
||
|
6D1E000
|
stack
|
page read and write
|
||
|
D7B000
|
stack
|
page read and write
|
||
|
4649000
|
trusted library allocation
|
page read and write
|
||
|
4540000
|
trusted library allocation
|
page read and write
|
||
|
4D5E000
|
stack
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
938000
|
heap
|
page read and write
|
There are 407 hidden memdumps, click here to show them.