Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
sZXuT60Q6P.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.chk
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0x43ee7967, page size 16384, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\sZXuT60Q6P.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2oeooidd.gzn.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hj3hruci.d22.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i3oo04i5.rk3.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rpol341l.nff.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\sZXuT60Q6P.exe
|
"C:\Users\user\Desktop\sZXuT60Q6P.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"Powershell.exe" ??????????-??????????E??????????x??????????e??????????c??????????u??????????t??????????i??????????o??????????n??????????P??????????o??????????l??????????i??????????c??????????y??????????
??????????B??????????y??????????p??????????a??????????s??????????s?????????? ??????????-??????????c??????????o??????????m??????????m??????????a??????????n??????????d
?????????C?????????o?????????p?????????y?????????-?????????I?????????t?????????e?????????m 'C:\Users\user\Desktop\sZXuT60Q6P.exe'
'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\command-line.exe'
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
https://api.ipify.org/
|
104.26.12.205
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://aka.ms/winsvr-2022-pshelp
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://api.ipif8
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2.C:
|
unknown
|
||
|
https://api.ipify.org/p
|
unknown
|
||
|
http://www.microsoft.
|
unknown
|
||
|
https://api.ipify.org/t
|
unknown
|
||
|
https://github.com/sam210723/goesrecv-monitor/releases/latest
|
unknown
|
||
|
http://go.micros
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://api.ipify.org
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod/C:
|
unknown
|
||
|
https://api.ipify.org
|
unknown
|
||
|
https://vksdr.com/goesrecv-monitor
|
unknown
|
||
|
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://aka.ms/pscore6lBhq
|
unknown
|
||
|
http://ip-api.com
|
unknown
|
||
|
https://api.ipify.org/T
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
There are 20 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
api.ipify.org
|
104.26.12.205
|
||
|
ip-api.com
|
208.95.112.1
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
208.95.112.1
|
ip-api.com
|
United States
|
||
|
104.26.12.205
|
api.ipify.org
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
There are 6 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
3AA9000
|
trusted library allocation
|
page read and write
|
|
|
|
B60000
|
heap
|
page read and write
|
||
|
3690000
|
trusted library allocation
|
page read and write
|
||
|
36C0000
|
trusted library allocation
|
page read and write
|
||
|
BAE000
|
stack
|
page read and write
|
||
|
89F0000
|
heap
|
page read and write
|
||
|
1876F770000
|
trusted library allocation
|
page read and write
|
||
|
7E6E000
|
stack
|
page read and write
|
||
|
1876F4FC000
|
heap
|
page read and write
|
||
|
77AA000
|
stack
|
page read and write
|
||
|
28C7000
|
trusted library allocation
|
page read and write
|
||
|
36C2000
|
trusted library allocation
|
page read and write
|
||
|
5330000
|
heap
|
page read and write
|
||
|
18769D13000
|
heap
|
page read and write
|
||
|
D2E000
|
heap
|
page read and write
|
||
|
4F30000
|
heap
|
page read and write
|
||
|
8920000
|
trusted library allocation
|
page execute and read and write
|
||
|
7A2F000
|
stack
|
page read and write
|
||
|
372E000
|
stack
|
page read and write
|
||
|
291C000
|
trusted library allocation
|
page read and write
|
||
|
8A10000
|
trusted library allocation
|
page read and write
|
||
|
7C7A000
|
heap
|
page read and write
|
||
|
6DA000
|
stack
|
page read and write
|
||
|
3798000
|
trusted library allocation
|
page read and write
|
||
|
4928000
|
trusted library allocation
|
page read and write
|
||
|
1876F513000
|
heap
|
page read and write
|
||
|
1876F4F4000
|
heap
|
page read and write
|
||
|
5E45000
|
heap
|
page read and write
|
||
|
698D000
|
stack
|
page read and write
|
||
|
66BE000
|
stack
|
page read and write
|
||
|
18769C7B000
|
heap
|
page read and write
|
||
|
2942000
|
trusted library allocation
|
page read and write
|
||
|
DBE000
|
stack
|
page read and write
|
||
|
1876F280000
|
trusted library allocation
|
page read and write
|
||
|
7E2F000
|
stack
|
page read and write
|
||
|
D31000
|
heap
|
page read and write
|
||
|
1876A3E1000
|
trusted library allocation
|
page read and write
|
||
|
18769C8F000
|
heap
|
page read and write
|
||
|
4F20000
|
trusted library allocation
|
page read and write
|
||
|
1876ACE0000
|
trusted library allocation
|
page read and write
|
||
|
1876F2D0000
|
trusted library allocation
|
page read and write
|
||
|
2920000
|
heap
|
page execute and read and write
|
||
|
18769C00000
|
heap
|
page read and write
|
||
|
7BB9000
|
heap
|
page read and write
|
||
|
4E2D000
|
trusted library allocation
|
page read and write
|
||
|
55AE000
|
stack
|
page read and write
|
||
|
3693000
|
trusted library allocation
|
page execute and read and write
|
||
|
18769D02000
|
heap
|
page read and write
|
||
|
18769C95000
|
heap
|
page read and write
|
||
|
6179000
|
trusted library allocation
|
page read and write
|
||
|
7BEE000
|
stack
|
page read and write
|
||
|
1876A790000
|
trusted library allocation
|
page read and write
|
||
|
65B0000
|
trusted library allocation
|
page read and write
|
||
|
1876F290000
|
trusted library allocation
|
page read and write
|
||
|
7C59000
|
heap
|
page read and write
|
||
|
7FAE000
|
stack
|
page read and write
|
||
|
2955000
|
trusted library allocation
|
page read and write
|
||
|
280C000
|
stack
|
page read and write
|
||
|
7BC3000
|
heap
|
page read and write
|
||
|
6660000
|
trusted library allocation
|
page read and write
|
||
|
7C8D000
|
heap
|
page read and write
|
||
|
18769C7D000
|
heap
|
page read and write
|
||
|
8940000
|
trusted library allocation
|
page read and write
|
||
|
7EB15FB000
|
stack
|
page read and write
|
||
|
8AF0000
|
trusted library allocation
|
page read and write
|
||
|
632E000
|
stack
|
page read and write
|
||
|
5C3F000
|
heap
|
page read and write
|
||
|
291C000
|
stack
|
page read and write
|
||
|
60AE000
|
stack
|
page read and write
|
||
|
4FA0000
|
heap
|
page read and write
|
||
|
2976000
|
trusted library allocation
|
page read and write
|
||
|
8A50000
|
trusted library allocation
|
page read and write
|
||
|
1876F4CD000
|
heap
|
page read and write
|
||
|
34C0000
|
heap
|
page read and write
|
||
|
4E21000
|
trusted library allocation
|
page read and write
|
||
|
4FF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7EB24F9000
|
stack
|
page read and write
|
||
|
5C9F000
|
heap
|
page read and write
|
||
|
4F90000
|
trusted library allocation
|
page execute and read and write
|
||
|
766E000
|
stack
|
page read and write
|
||
|
36A9000
|
trusted library allocation
|
page read and write
|
||
|
5E50000
|
heap
|
page read and write
|
||
|
8BD2000
|
heap
|
page read and write
|
||
|
4F10000
|
trusted library allocation
|
page read and write
|
||
|
5167000
|
heap
|
page read and write
|
||
|
7F00000
|
trusted library allocation
|
page read and write
|
||
|
18769BE0000
|
heap
|
page read and write
|
||
|
1876F7C0000
|
trusted library allocation
|
page read and write
|
||
|
18769CAA000
|
heap
|
page read and write
|
||
|
5392000
|
heap
|
page read and write
|
||
|
64EE000
|
stack
|
page read and write
|
||
|
BF5000
|
heap
|
page read and write
|
||
|
4F40000
|
heap
|
page execute and read and write
|
||
|
622E000
|
stack
|
page read and write
|
||
|
491E000
|
stack
|
page read and write
|
||
|
35A6000
|
heap
|
page read and write
|
||
|
8A00000
|
trusted library allocation
|
page execute and read and write
|
||
|
3AA1000
|
trusted library allocation
|
page read and write
|
||
|
4E32000
|
trusted library allocation
|
page read and write
|
||
|
7F20000
|
trusted library allocation
|
page read and write
|
||
|
5E84000
|
heap
|
page read and write
|
||
|
79EE000
|
stack
|
page read and write
|
||
|
DDE000
|
heap
|
page read and write
|
||
|
28DE000
|
trusted library allocation
|
page read and write
|
||
|
514C000
|
stack
|
page read and write
|
||
|
18769CFF000
|
heap
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
4F05000
|
trusted library allocation
|
page read and write
|
||
|
5320000
|
trusted library allocation
|
page read and write
|
||
|
C20000
|
trusted library allocation
|
page read and write
|
||
|
4F80000
|
trusted library allocation
|
page read and write
|
||
|
4FC4000
|
trusted library allocation
|
page read and write
|
||
|
1000000
|
trusted library allocation
|
page read and write
|
||
|
4F50000
|
heap
|
page read and write
|
||
|
1012000
|
trusted library allocation
|
page read and write
|
||
|
5500000
|
heap
|
page read and write
|
||
|
7EE0000
|
trusted library allocation
|
page read and write
|
||
|
7D9F000
|
stack
|
page read and write
|
||
|
7AED000
|
stack
|
page read and write
|
||
|
C1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1876F2F0000
|
trusted library allocation
|
page read and write
|
||
|
6C3000
|
unkown
|
page readonly
|
||
|
75ED000
|
stack
|
page read and write
|
||
|
7BF0000
|
heap
|
page read and write
|
||
|
4E12000
|
trusted library allocation
|
page read and write
|
||
|
3680000
|
trusted library allocation
|
page read and write
|
||
|
79A000
|
stack
|
page read and write
|
||
|
7D5E000
|
stack
|
page read and write
|
||
|
1027000
|
trusted library allocation
|
page execute and read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
4ABE000
|
stack
|
page read and write
|
||
|
18769CB1000
|
heap
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
7EB087B000
|
stack
|
page read and write
|
||
|
369D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1876F1C0000
|
trusted library allocation
|
page read and write
|
||
|
1876F270000
|
trusted library allocation
|
page read and write
|
||
|
37B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1876A400000
|
heap
|
page read and write
|
||
|
7EB25FE000
|
unkown
|
page readonly
|
||
|
636D000
|
stack
|
page read and write
|
||
|
290E000
|
trusted library allocation
|
page read and write
|
||
|
8E70000
|
trusted library allocation
|
page read and write
|
||
|
8B20000
|
heap
|
page read and write
|
||
|
347E000
|
stack
|
page read and write
|
||
|
286D000
|
trusted library allocation
|
page read and write
|
||
|
37C0000
|
trusted library allocation
|
page read and write
|
||
|
2982000
|
trusted library allocation
|
page read and write
|
||
|
5560000
|
trusted library allocation
|
page read and write
|
||
|
28F8000
|
trusted library allocation
|
page read and write
|
||
|
1876B110000
|
trusted library allocation
|
page read and write
|
||
|
2AA1000
|
trusted library allocation
|
page read and write
|
||
|
7F30000
|
trusted library allocation
|
page read and write
|
||
|
18769CAC000
|
heap
|
page read and write
|
||
|
C32000
|
trusted library allocation
|
page read and write
|
||
|
1876F502000
|
heap
|
page read and write
|
||
|
1876F190000
|
trusted library allocation
|
page read and write
|
||
|
65F0000
|
heap
|
page read and write
|
||
|
7C23000
|
heap
|
page read and write
|
||
|
7BEA000
|
heap
|
page read and write
|
||
|
8BE7000
|
heap
|
page read and write
|
||
|
8A1A000
|
trusted library allocation
|
page read and write
|
||
|
2971000
|
trusted library allocation
|
page read and write
|
||
|
18769CA0000
|
heap
|
page read and write
|
||
|
63AF000
|
stack
|
page read and write
|
||
|
7EF0000
|
trusted library allocation
|
page read and write
|
||
|
75A0000
|
heap
|
page execute and read and write
|
||
|
65A0000
|
trusted library allocation
|
page read and write
|
||
|
3400000
|
heap
|
page read and write
|
||
|
7D2E000
|
stack
|
page read and write
|
||
|
1876F2F0000
|
trusted library allocation
|
page read and write
|
||
|
D86000
|
heap
|
page read and write
|
||
|
776D000
|
stack
|
page read and write
|
||
|
6171000
|
trusted library allocation
|
page read and write
|
||
|
2950000
|
trusted library allocation
|
page read and write
|
||
|
6B7000
|
unkown
|
page readonly
|
||
|
36BA000
|
trusted library allocation
|
page execute and read and write
|
||
|
8BCC000
|
heap
|
page read and write
|
||
|
6AB000
|
unkown
|
page readonly
|
||
|
293E000
|
trusted library allocation
|
page read and write
|
||
|
C5D000
|
stack
|
page read and write
|
||
|
7EB0000
|
trusted library allocation
|
page read and write
|
||
|
3730000
|
heap
|
page readonly
|
||
|
18769BC0000
|
heap
|
page read and write
|
||
|
1034000
|
heap
|
page read and write
|
||
|
1876F455000
|
heap
|
page read and write
|
||
|
4E44000
|
trusted library allocation
|
page read and write
|
||
|
1876F1A0000
|
trusted library allocation
|
page read and write
|
||
|
7EB2BFE000
|
unkown
|
page readonly
|
||
|
512E000
|
stack
|
page read and write
|
||
|
8BEE000
|
heap
|
page read and write
|
||
|
1876A402000
|
heap
|
page read and write
|
||
|
4E80000
|
heap
|
page read and write
|
||
|
6587000
|
trusted library allocation
|
page read and write
|
||
|
8A17000
|
trusted library allocation
|
page read and write
|
||
|
3829000
|
trusted library allocation
|
page read and write
|
||
|
642000
|
unkown
|
page readonly
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
1876F41F000
|
heap
|
page read and write
|
||
|
8BC0000
|
heap
|
page read and write
|
||
|
1876A504000
|
heap
|
page read and write
|
||
|
36E0000
|
trusted library allocation
|
page read and write
|
||
|
8BB2000
|
heap
|
page read and write
|
||
|
378E000
|
stack
|
page read and write
|
||
|
2990000
|
heap
|
page read and write
|
||
|
4FD0000
|
trusted library allocation
|
page read and write
|
||
|
7EB0DFE000
|
stack
|
page read and write
|
||
|
7E50000
|
trusted library allocation
|
page read and write
|
||
|
18769BF0000
|
heap
|
page read and write
|
||
|
C04000
|
trusted library allocation
|
page read and write
|
||
|
5160000
|
heap
|
page read and write
|
||
|
786E000
|
stack
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
1876F4B5000
|
heap
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
63EE000
|
stack
|
page read and write
|
||
|
77EE000
|
stack
|
page read and write
|
||
|
74EE000
|
stack
|
page read and write
|
||
|
32A8000
|
stack
|
page read and write
|
||
|
27F0000
|
trusted library allocation
|
page read and write
|
||
|
7C1F000
|
heap
|
page read and write
|
||
|
295B000
|
trusted library allocation
|
page read and write
|
||
|
6E7000
|
unkown
|
page readonly
|
||
|
CAE000
|
stack
|
page read and write
|
||
|
1003000
|
trusted library allocation
|
page read and write
|
||
|
52F0000
|
trusted library allocation
|
page read and write
|
||
|
7EB11FB000
|
stack
|
page read and write
|
||
|
BE0000
|
trusted library allocation
|
page read and write
|
||
|
C03000
|
trusted library allocation
|
page execute and read and write
|
||
|
7AB2000
|
heap
|
page read and write
|
||
|
102B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1025000
|
trusted library allocation
|
page execute and read and write
|
||
|
C3B000
|
trusted library allocation
|
page execute and read and write
|
||
|
65E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6FD000
|
unkown
|
page readonly
|
||
|
1876A51A000
|
heap
|
page read and write
|
||
|
5310000
|
heap
|
page execute and read and write
|
||
|
75A5000
|
heap
|
page execute and read and write
|
||
|
4E1E000
|
trusted library allocation
|
page read and write
|
||
|
500D000
|
stack
|
page read and write
|
||
|
1876A350000
|
trusted library allocation
|
page read and write
|
||
|
1030000
|
heap
|
page read and write
|
||
|
100D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5BF8000
|
heap
|
page read and write
|
||
|
3886000
|
trusted library allocation
|
page read and write
|
||
|
8BD9000
|
heap
|
page read and write
|
||
|
703000
|
unkown
|
page readonly
|
||
|
2810000
|
heap
|
page execute and read and write
|
||
|
6301000
|
trusted library allocation
|
page read and write
|
||
|
1876F4ED000
|
heap
|
page read and write
|
||
|
C75000
|
heap
|
page read and write
|
||
|
1876F443000
|
heap
|
page read and write
|
||
|
1876F462000
|
heap
|
page read and write
|
||
|
3694000
|
trusted library allocation
|
page read and write
|
||
|
1876F180000
|
trusted library allocation
|
page read and write
|
||
|
1876A500000
|
heap
|
page read and write
|
||
|
1876A51A000
|
heap
|
page read and write
|
||
|
2821000
|
trusted library allocation
|
page read and write
|
||
|
1010000
|
trusted library allocation
|
page read and write
|
||
|
296E000
|
trusted library allocation
|
page read and write
|
||
|
6600000
|
trusted library allocation
|
page execute and read and write
|
||
|
7BFB000
|
heap
|
page read and write
|
||
|
4FE0000
|
trusted library allocation
|
page read and write
|
||
|
2860000
|
trusted library allocation
|
page read and write
|
||
|
1876F4C5000
|
heap
|
page read and write
|
||
|
6E0000
|
unkown
|
page readonly
|
||
|
5490000
|
trusted library section
|
page read and write
|
||
|
4E40000
|
trusted library allocation
|
page read and write
|
||
|
1876F1A2000
|
trusted library allocation
|
page read and write
|
||
|
1876F1D0000
|
trusted library allocation
|
page read and write
|
||
|
1876F400000
|
heap
|
page read and write
|
||
|
89EF000
|
stack
|
page read and write
|
||
|
1876F2E0000
|
trusted library allocation
|
page read and write
|
||
|
4EE0000
|
trusted library allocation
|
page read and write
|
||
|
5520000
|
heap
|
page read and write
|
||
|
2969000
|
trusted library allocation
|
page read and write
|
||
|
1876F290000
|
trusted library allocation
|
page read and write
|
||
|
18769D17000
|
heap
|
page read and write
|
||
|
1876A513000
|
heap
|
page read and write
|
||
|
18769C13000
|
heap
|
page read and write
|
||
|
7E40000
|
trusted library allocation
|
page execute and read and write
|
||
|
7D9000
|
stack
|
page read and write
|
||
|
6A4000
|
unkown
|
page readonly
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
5510000
|
trusted library section
|
page readonly
|
||
|
1876F270000
|
trusted library allocation
|
page read and write
|
||
|
C37000
|
trusted library allocation
|
page execute and read and write
|
||
|
5E0D000
|
stack
|
page read and write
|
||
|
326C000
|
stack
|
page read and write
|
||
|
27CE000
|
stack
|
page read and write
|
||
|
6580000
|
trusted library allocation
|
page read and write
|
||
|
50E0000
|
heap
|
page read and write
|
||
|
5CA9000
|
heap
|
page read and write
|
||
|
1876AA40000
|
trusted library allocation
|
page read and write
|
||
|
6570000
|
trusted library allocation
|
page read and write
|
||
|
7C00000
|
heap
|
page read and write
|
||
|
7EB09FD000
|
stack
|
page read and write
|
||
|
772A000
|
stack
|
page read and write
|
||
|
5530000
|
trusted library allocation
|
page execute and read and write
|
||
|
1876F4DE000
|
heap
|
page read and write
|
||
|
18769C5B000
|
heap
|
page read and write
|
||
|
8B62000
|
heap
|
page read and write
|
||
|
1876F1E0000
|
trusted library allocation
|
page read and write
|
||
|
893D000
|
trusted library allocation
|
page read and write
|
||
|
28C5000
|
trusted library allocation
|
page read and write
|
||
|
640000
|
unkown
|
page readonly
|
||
|
5C6F000
|
stack
|
page read and write
|
||
|
AF7000
|
stack
|
page read and write
|
||
|
7EB0BF7000
|
stack
|
page read and write
|
||
|
3821000
|
trusted library allocation
|
page read and write
|
||
|
350F000
|
heap
|
page read and write
|
||
|
5540000
|
trusted library allocation
|
page execute and read and write
|
||
|
C10000
|
trusted library allocation
|
page read and write
|
||
|
18769D02000
|
heap
|
page read and write
|
||
|
6D9000
|
unkown
|
page readonly
|
||
|
FCF000
|
stack
|
page read and write
|
||
|
28FF000
|
trusted library allocation
|
page read and write
|
||
|
7C2C000
|
heap
|
page read and write
|
||
|
18769CFF000
|
heap
|
page read and write
|
||
|
101A000
|
trusted library allocation
|
page execute and read and write
|
||
|
4EFF000
|
trusted library allocation
|
page read and write
|
||
|
5430000
|
trusted library section
|
page read and write
|
||
|
8A20000
|
trusted library allocation
|
page read and write
|
||
|
7590000
|
heap
|
page execute and read and write
|
||
|
7F10000
|
trusted library allocation
|
page read and write
|
||
|
7E80000
|
trusted library allocation
|
page read and write
|
||
|
78AE000
|
stack
|
page read and write
|
||
|
65A7000
|
trusted library allocation
|
page read and write
|
||
|
35AA000
|
heap
|
page read and write
|
||
|
4E84000
|
heap
|
page read and write
|
||
|
E13000
|
heap
|
page read and write
|
||
|
1876F4AB000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
2962000
|
trusted library allocation
|
page read and write
|
||
|
3560000
|
heap
|
page read and write
|
||
|
504E000
|
stack
|
page read and write
|
||
|
4E26000
|
trusted library allocation
|
page read and write
|
||
|
7EA0000
|
trusted library allocation
|
page read and write
|
||
|
4FCC000
|
stack
|
page read and write
|
||
|
2950000
|
trusted library allocation
|
page read and write
|
||
|
1876A502000
|
heap
|
page read and write
|
||
|
1876F340000
|
remote allocation
|
page read and write
|
||
|
28E4000
|
trusted library allocation
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
561D000
|
trusted library allocation
|
page read and write
|
||
|
18770000000
|
heap
|
page read and write
|
||
|
8BA3000
|
heap
|
page read and write
|
||
|
7C71000
|
heap
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
2940000
|
trusted library allocation
|
page read and write
|
||
|
C50000
|
trusted library allocation
|
page read and write
|
||
|
7E1D000
|
stack
|
page read and write
|
||
|
4E50000
|
trusted library allocation
|
page read and write
|
||
|
1876F1E4000
|
trusted library allocation
|
page read and write
|
||
|
2920000
|
trusted library allocation
|
page read and write
|
||
|
FFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
F80000
|
trusted library allocation
|
page execute and read and write
|
||
|
76AF000
|
stack
|
page read and write
|
||
|
36B0000
|
trusted library allocation
|
page read and write
|
||
|
2884000
|
trusted library allocation
|
page read and write
|
||
|
55B0000
|
trusted library allocation
|
page read and write
|
||
|
6FD0000
|
heap
|
page read and write
|
||
|
1876F1D0000
|
trusted library allocation
|
page read and write
|
||
|
7EB0AFE000
|
unkown
|
page readonly
|
||
|
CF9000
|
heap
|
page read and write
|
||
|
52B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
8AC2000
|
trusted library allocation
|
page read and write
|
||
|
782E000
|
stack
|
page read and write
|
||
|
7F4C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
18769C43000
|
heap
|
page read and write
|
||
|
1876F340000
|
remote allocation
|
page read and write
|
||
|
8EE0000
|
trusted library allocation
|
page read and write
|
||
|
8A60000
|
trusted library allocation
|
page read and write
|
||
|
1876F4AA000
|
heap
|
page read and write
|
||
|
1876F4A9000
|
heap
|
page read and write
|
||
|
1016000
|
trusted library allocation
|
page execute and read and write
|
||
|
1876F120000
|
trusted library allocation
|
page read and write
|
||
|
297D000
|
trusted library allocation
|
page read and write
|
||
|
F90000
|
trusted library allocation
|
page read and write
|
||
|
508E000
|
stack
|
page read and write
|
||
|
7EB16FE000
|
unkown
|
page readonly
|
||
|
7C92000
|
heap
|
page read and write
|
||
|
264E000
|
stack
|
page read and write
|
||
|
7E30000
|
trusted library allocation
|
page read and write
|
||
|
3849000
|
trusted library allocation
|
page read and write
|
||
|
7DDE000
|
stack
|
page read and write
|
||
|
4ECC000
|
stack
|
page read and write
|
||
|
18769C73000
|
heap
|
page read and write
|
||
|
8930000
|
trusted library allocation
|
page read and write
|
||
|
52C6000
|
trusted library allocation
|
page read and write
|
||
|
2856000
|
trusted library allocation
|
page read and write
|
||
|
4F70000
|
heap
|
page read and write
|
||
|
1876F42C000
|
heap
|
page read and write
|
||
|
FF4000
|
trusted library allocation
|
page read and write
|
||
|
1876F500000
|
heap
|
page read and write
|
||
|
1876F340000
|
remote allocation
|
page read and write
|
||
|
7EF60000
|
trusted library allocation
|
page execute and read and write
|
||
|
FF3000
|
trusted library allocation
|
page execute and read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
7EB0EFE000
|
unkown
|
page readonly
|
||
|
34BE000
|
stack
|
page read and write
|
||
|
3567000
|
heap
|
page read and write
|
||
|
D24000
|
heap
|
page read and write
|
||
|
E04000
|
heap
|
page read and write
|
||
|
4E0E000
|
trusted library allocation
|
page read and write
|
||
|
260E000
|
stack
|
page read and write
|
||
|
4E00000
|
trusted library allocation
|
page read and write
|
||
|
6318000
|
trusted library allocation
|
page read and write
|
||
|
8BBC000
|
heap
|
page read and write
|
||
|
1876F1A1000
|
trusted library allocation
|
page read and write
|
||
|
1876F213000
|
trusted library allocation
|
page read and write
|
||
|
2954000
|
trusted library allocation
|
page read and write
|
||
|
C60000
|
heap
|
page read and write
|
||
|
752E000
|
stack
|
page read and write
|
||
|
43E000
|
remote allocation
|
page execute and read and write
|
||
|
6DD000
|
unkown
|
page readonly
|
||
|
DF7000
|
heap
|
page read and write
|
||
|
1020000
|
trusted library allocation
|
page read and write
|
||
|
1876F2A0000
|
trusted library allocation
|
page read and write
|
||
|
6321000
|
trusted library allocation
|
page read and write
|
||
|
7ED0000
|
trusted library allocation
|
page read and write
|
||
|
7C09000
|
heap
|
page read and write
|
||
|
C00000
|
trusted library allocation
|
page read and write
|
||
|
4F30000
|
trusted library allocation
|
page read and write
|
||
|
2940000
|
trusted library allocation
|
page read and write
|
||
|
8B10000
|
heap
|
page read and write
|
||
|
5C10000
|
heap
|
page read and write
|
||
|
6590000
|
trusted library allocation
|
page read and write
|
||
|
8910000
|
heap
|
page read and write
|
||
|
C2A000
|
trusted library allocation
|
page execute and read and write
|
||
|
3436000
|
heap
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
C0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
C22000
|
trusted library allocation
|
page read and write
|
||
|
E16000
|
heap
|
page read and write
|
||
|
7EF78000
|
trusted library allocation
|
page execute and read and write
|
||
|
1876F45B000
|
heap
|
page read and write
|
||
|
1022000
|
trusted library allocation
|
page read and write
|
||
|
659B000
|
trusted library allocation
|
page read and write
|
||
|
7F6E000
|
stack
|
page read and write
|
||
|
5FAD000
|
stack
|
page read and write
|
||
|
7EB2B7E000
|
stack
|
page read and write
|
||
|
1876F450000
|
heap
|
page read and write
|
||
|
8B01000
|
trusted library allocation
|
page read and write
|
||
|
78B0000
|
heap
|
page read and write
|
||
|
18769D06000
|
heap
|
page read and write
|
||
|
3320000
|
heap
|
page read and write
|
||
|
8AE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1876F45F000
|
heap
|
page read and write
|
||
|
1876A415000
|
heap
|
page read and write
|
||
|
50CE000
|
stack
|
page read and write
|
||
|
18769C79000
|
heap
|
page read and write
|
||
|
E99000
|
heap
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
61D5000
|
trusted library allocation
|
page read and write
|
||
|
2871000
|
trusted library allocation
|
page read and write
|
||
|
1876F50B000
|
heap
|
page read and write
|
||
|
1876F4B5000
|
heap
|
page read and write
|
||
|
2930000
|
trusted library allocation
|
page execute and read and write
|
||
|
7EC0000
|
trusted library allocation
|
page read and write
|
||
|
18769D29000
|
heap
|
page read and write
|
||
|
28BC000
|
trusted library allocation
|
page read and write
|
||
|
7E60000
|
trusted library allocation
|
page read and write
|
||
|
28C1000
|
trusted library allocation
|
page read and write
|
||
|
8B99000
|
heap
|
page read and write
|
||
|
1876F210000
|
trusted library allocation
|
page read and write
|
||
|
5E61000
|
heap
|
page read and write
|
||
|
283E000
|
stack
|
page read and write
|
||
|
4FC0000
|
trusted library allocation
|
page read and write
|
||
|
5362000
|
heap
|
page read and write
|
||
|
6F3000
|
unkown
|
page readonly
|
||
|
36C5000
|
trusted library allocation
|
page execute and read and write
|
||
|
3740000
|
heap
|
page execute and read and write
|
||
|
4F00000
|
trusted library allocation
|
page read and write
|
||
|
18769C2B000
|
heap
|
page read and write
|
||
|
18769CB5000
|
heap
|
page read and write
|
||
|
36A0000
|
trusted library allocation
|
page read and write
|
||
|
1876F300000
|
trusted library allocation
|
page read and write
|
||
|
7E90000
|
trusted library allocation
|
page read and write
|
||
|
1876F7B0000
|
trusted library allocation
|
page read and write
|
||
|
2937000
|
trusted library allocation
|
page read and write
|
||
|
524F000
|
stack
|
page read and write
|
||
|
80AE000
|
stack
|
page read and write
|
||
|
37E8000
|
heap
|
page read and write
|
||
|
1876F110000
|
trusted library allocation
|
page read and write
|
||
|
1876F1A0000
|
trusted library allocation
|
page read and write
|
||
|
762B000
|
stack
|
page read and write
|
||
|
5BFA000
|
heap
|
page read and write
|
||
|
FA0000
|
trusted library allocation
|
page read and write
|
||
|
76ED000
|
stack
|
page read and write
|
||
|
2A9E000
|
stack
|
page read and write
|
||
|
D7E000
|
stack
|
page read and write
|
||
|
5300000
|
trusted library allocation
|
page execute and read and write
|
||
|
89AE000
|
stack
|
page read and write
|
||
|
4B9C000
|
stack
|
page read and write
|
||
|
DB8000
|
heap
|
page read and write
|
||
|
54FC000
|
stack
|
page read and write
|
||
|
18769CB1000
|
heap
|
page read and write
|
||
|
4E0B000
|
trusted library allocation
|
page read and write
|
||
|
5340000
|
heap
|
page read and write
|
||
|
5171000
|
trusted library allocation
|
page read and write
|
||
|
1876F4C5000
|
heap
|
page read and write
|
||
|
6199000
|
trusted library allocation
|
page read and write
|
||
|
5003000
|
heap
|
page read and write
|
||
|
7CDE000
|
stack
|
page read and write
|
||
|
76D2000
|
trusted library allocation
|
page read and write
|
||
|
7EB0CFE000
|
unkown
|
page readonly
|
||
|
7D1E000
|
stack
|
page read and write
|
||
|
54A0000
|
trusted library allocation
|
page read and write
|
||
|
7EB12FE000
|
unkown
|
page readonly
|
||
|
FF0000
|
trusted library allocation
|
page read and write
|
||
|
52D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
37E0000
|
heap
|
page read and write
|
||
|
6312000
|
trusted library allocation
|
page read and write
|
||
|
5BF0000
|
heap
|
page read and write
|
||
|
359D000
|
heap
|
page read and write
|
||
|
18769CB5000
|
heap
|
page read and write
|
||
|
CEF000
|
stack
|
page read and write
|
||
|
ECB000
|
heap
|
page read and write
|
||
|
FB6000
|
heap
|
page read and write
|
||
|
3430000
|
heap
|
page read and write
|
||
|
361E000
|
stack
|
page read and write
|
||
|
365E000
|
stack
|
page read and write
|
||
|
DC0000
|
trusted library allocation
|
page read and write
|
||
|
52C0000
|
trusted library allocation
|
page read and write
|
||
|
5000000
|
heap
|
page read and write
|
||
|
51C6000
|
trusted library allocation
|
page read and write
|
||
|
69C0000
|
heap
|
page read and write
|
||
|
351C000
|
heap
|
page read and write
|
||
|
34E0000
|
heap
|
page read and write
|
||
|
5E40000
|
heap
|
page read and write
|
||
|
5C9D000
|
heap
|
page read and write
|
||
|
C26000
|
trusted library allocation
|
page execute and read and write
|
||
|
5C26000
|
heap
|
page read and write
|
There are 526 hidden memdumps, click here to show them.