Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
3Shape Unite Installer.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\3Shape\DentalDesktop.Bootstrapper\SessionFiles\29e2cc95-69bf-458f-8c1a-fdc52f6f2d2c\3Shape Unite Installer.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\3Shape\DentalDesktop.Bootstrapper\ExceptionLog.txt
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\ProgramData\3Shape\DentalDesktop.Bootstrapper\SessionFiles\29e2cc95-69bf-458f-8c1a-fdc52f6f2d2c\3Shape Unite Installer.exe.config
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\3Shape\DentalDesktop.Bootstrapper\SessionFiles\29e2cc95-69bf-458f-8c1a-fdc52f6f2d2c\3Shape Unite Installer.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\3Shape\DentalDesktop.Bootstrapper\SessionFiles\29e2cc95-69bf-458f-8c1a-fdc52f6f2d2c\DDChange64.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\ProgramData\3Shape\DentalDesktop.Bootstrapper\SessionFiles\29e2cc95-69bf-458f-8c1a-fdc52f6f2d2c\DinkeyChange.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\3Shape\DentalDesktop.Bootstrapper\SessionFiles\29e2cc95-69bf-458f-8c1a-fdc52f6f2d2c\DinkeyChange64.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\ProgramData\3Shape\DentalDesktop.Bootstrapper\SessionFiles\29e2cc95-69bf-458f-8c1a-fdc52f6f2d2c\ddchange.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\3Shape\DentalDesktop.Bootstrapper\SessionFiles\29e2cc95-69bf-458f-8c1a-fdc52f6f2d2c\x64\SQLite.Interop.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\ProgramData\3Shape\DentalDesktop.Bootstrapper\SessionFiles\29e2cc95-69bf-458f-8c1a-fdc52f6f2d2c\x86\SQLite.Interop.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\3Shape Unite Installer.exe.log
|
CSV text
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\3Shape Unite Installer.exe
|
"C:\Users\user\Desktop\3Shape Unite Installer.exe"
|
|
|
|
C:\ProgramData\3Shape\DentalDesktop.Bootstrapper\SessionFiles\29e2cc95-69bf-458f-8c1a-fdc52f6f2d2c\3Shape Unite Installer.exe
|
"C:\ProgramData\3Shape\DentalDesktop.Bootstrapper\SessionFiles\29e2cc95-69bf-458f-8c1a-fdc52f6f2d2c\3Shape Unite Installer.exe"
/IsConfigured /originalFilePath="C:\Users\user\Desktop\3Shape Unite Installer.exe" C:\Users\user\Desktop\3Shape Unite Installer.exe
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://3shape.com
|
unknown
|
||
|
http://google.com/
|
unknown
|
||
|
http://schemas.3shape.com/2014/DDT/DataAccess
|
unknown
|
||
|
https://3shapeconfig.com
|
unknown
|
||
|
http://3shape.com/
|
unknown
|
||
|
https://installer.3shapedentaldesktopdev.com/api/versions/latestzhttps://installer.3shapedentaldeskt
|
unknown
|
||
|
https://csp.withgoogle.com/csp/gws/other-hp
|
unknown
|
||
|
https://installer.3shapedentaldesktop.com
|
unknown
|
||
|
http://www.google.com/sorry/index?continue=http://google.com/&q=EgSaEGkkGJHDobEGIjAT51CbVHv-Lwb5oN8J
|
unknown
|
||
|
https://3shape.com/
|
unknown
|
||
|
https://www.nuget.org/packages/Newtonsoft.Json.Bson
|
unknown
|
||
|
https://installer.3shapedentaldesktop.com/api/versions/latest
|
13.107.246.69
|
||
|
http://google.com
|
unknown
|
||
|
http://schemas.3shape.com/2014/DDT/DataAccessT
|
unknown
|
||
|
https://www.sqlite.org/copyright.html0
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://james.newtonking.com/projects/json
|
unknown
|
||
|
https://installer.3shapedentaldesktop.com/api/downloads/3Shape
|
unknown
|
||
|
https://installer.3shapedentaldesktopdev.com/api/versions/latest
|
unknown
|
||
|
http://www.microcosm.co.uk
|
unknown
|
||
|
http://www.newtonsoft.com/jsonschema
|
unknown
|
||
|
https://installer.3shapedentaldesktopdev.com/api/versions/latestSSELECT
|
unknown
|
There are 12 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
google.com
|
142.251.2.139
|
||
|
part-0041.t-0009.t-msedge.net
|
13.107.246.69
|
||
|
3shape.com
|
40.67.232.186
|
||
|
installer.3shapedentaldesktop.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
13.107.246.69
|
part-0041.t-0009.t-msedge.net
|
United States
|
||
|
142.251.2.139
|
google.com
|
United States
|
||
|
40.67.232.186
|
3shape.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\3Shape Unite Installer_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\3Shape Unite Installer_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\3Shape Unite Installer_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\3Shape Unite Installer_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\3Shape Unite Installer_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\3Shape Unite Installer_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\3Shape Unite Installer_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\3Shape Unite Installer_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\3Shape Unite Installer_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\3Shape Unite Installer_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\3Shape Unite Installer_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\3Shape Unite Installer_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\3Shape Unite Installer_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\3Shape Unite Installer_RASMANCS
|
FileDirectory
|
There are 16 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
6560000
|
heap
|
page read and write
|
||
|
FF4E9000
|
trusted library allocation
|
page execute read
|
||
|
7740000
|
trusted library allocation
|
page read and write
|
||
|
5B00000
|
trusted library section
|
page read and write
|
||
|
B070000
|
trusted library allocation
|
page read and write
|
||
|
FF4D9000
|
trusted library allocation
|
page execute read
|
||
|
16D0000
|
heap
|
page read and write
|
||
|
601E000
|
heap
|
page read and write
|
||
|
7094000
|
heap
|
page read and write
|
||
|
308B000
|
trusted library allocation
|
page read and write
|
||
|
D330000
|
trusted library allocation
|
page read and write
|
||
|
D180000
|
trusted library allocation
|
page read and write
|
||
|
65D000
|
unkown
|
page readonly
|
||
|
4764000
|
trusted library allocation
|
page read and write
|
||
|
71DA000
|
heap
|
page read and write
|
||
|
B1B9000
|
heap
|
page read and write
|
||
|
6035000
|
heap
|
page read and write
|
||
|
5400000
|
trusted library allocation
|
page read and write
|
||
|
717C000
|
heap
|
page read and write
|
||
|
FF4DF000
|
trusted library allocation
|
page execute read
|
||
|
D760000
|
trusted library allocation
|
page read and write
|
||
|
FF503000
|
trusted library allocation
|
page readonly
|
||
|
17B0000
|
heap
|
page execute and read and write
|
||
|
727A000
|
heap
|
page read and write
|
||
|
FF4D3000
|
trusted library allocation
|
page execute read
|
||
|
6292000
|
heap
|
page read and write
|
||
|
FF50E000
|
trusted library allocation
|
page execute read
|
||
|
7AF0000
|
trusted library section
|
page read and write
|
||
|
709C000
|
heap
|
page read and write
|
||
|
D2B0000
|
trusted library allocation
|
page read and write
|
||
|
624B000
|
heap
|
page read and write
|
||
|
1243000
|
trusted library allocation
|
page execute and read and write
|
||
|
81A0000
|
trusted library allocation
|
page read and write
|
||
|
D280000
|
trusted library allocation
|
page read and write
|
||
|
15AE000
|
stack
|
page read and write
|
||
|
16AE000
|
stack
|
page read and write
|
||
|
17C0000
|
trusted library allocation
|
page read and write
|
||
|
719F000
|
heap
|
page read and write
|
||
|
3640000
|
heap
|
page execute and read and write
|
||
|
63D0000
|
trusted library allocation
|
page read and write
|
||
|
FF4F7000
|
trusted library allocation
|
page execute read
|
||
|
6077000
|
heap
|
page read and write
|
||
|
63A0000
|
trusted library allocation
|
page read and write
|
||
|
B6F000
|
unkown
|
page readonly
|
||
|
97D000
|
unkown
|
page readonly
|
||
|
6190000
|
trusted library section
|
page read and write
|
||
|
1889000
|
heap
|
page read and write
|
||
|
12A0000
|
heap
|
page read and write
|
||
|
4045000
|
trusted library allocation
|
page read and write
|
||
|
B1B4000
|
heap
|
page read and write
|
||
|
71C0000
|
heap
|
page read and write
|
||
|
FF4C4000
|
trusted library allocation
|
page execute read
|
||
|
B26B000
|
heap
|
page read and write
|
||
|
3480000
|
heap
|
page read and write
|
||
|
FF4FD000
|
trusted library allocation
|
page execute read
|
||
|
1610000
|
heap
|
page read and write
|
||
|
17AE000
|
stack
|
page read and write
|
||
|
FF50A000
|
trusted library allocation
|
page execute read
|
||
|
4651000
|
trusted library allocation
|
page read and write
|
||
|
6E60000
|
trusted library allocation
|
page read and write
|
||
|
145A000
|
heap
|
page read and write
|
||
|
B050000
|
trusted library allocation
|
page read and write
|
||
|
1B17000
|
trusted library allocation
|
page execute and read and write
|
||
|
6920000
|
trusted library section
|
page read and write
|
||
|
59E0000
|
heap
|
page read and write
|
||
|
5C6C000
|
stack
|
page read and write
|
||
|
1277000
|
trusted library allocation
|
page execute and read and write
|
||
|
D200000
|
trusted library allocation
|
page read and write
|
||
|
FF506000
|
trusted library allocation
|
page execute read
|
||
|
6943000
|
trusted library section
|
page read and write
|
||
|
D1F0000
|
trusted library allocation
|
page read and write
|
||
|
FF4D2000
|
trusted library allocation
|
page readonly
|
||
|
D1B0000
|
trusted library allocation
|
page read and write
|
||
|
1660000
|
heap
|
page read and write
|
||
|
FF4C8000
|
trusted library allocation
|
page readonly
|
||
|
7285000
|
heap
|
page read and write
|
||
|
B2E1000
|
heap
|
page read and write
|
||
|
69BC000
|
trusted library section
|
page read and write
|
||
|
603D000
|
stack
|
page read and write
|
||
|
FF4DD000
|
trusted library allocation
|
page execute read
|
||
|
B030000
|
trusted library allocation
|
page execute and read and write
|
||
|
607D000
|
heap
|
page read and write
|
||
|
13A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
120E000
|
stack
|
page read and write
|
||
|
5450000
|
trusted library section
|
page read and write
|
||
|
1244000
|
trusted library allocation
|
page read and write
|
||
|
19E0000
|
trusted library allocation
|
page read and write
|
||
|
1B80000
|
heap
|
page read and write
|
||
|
13B8000
|
heap
|
page read and write
|
||
|
FF4FB000
|
trusted library allocation
|
page execute read
|
||
|
FF4DA000
|
trusted library allocation
|
page readonly
|
||
|
FF508000
|
trusted library allocation
|
page execute read
|
||
|
6C8E000
|
stack
|
page read and write
|
||
|
1270000
|
trusted library allocation
|
page read and write
|
||
|
6DFC000
|
stack
|
page read and write
|
||
|
FF4EA000
|
trusted library allocation
|
page readonly
|
||
|
B147000
|
heap
|
page read and write
|
||
|
B150000
|
heap
|
page read and write
|
||
|
B2AD000
|
heap
|
page read and write
|
||
|
D2E0000
|
trusted library allocation
|
page read and write
|
||
|
7099000
|
heap
|
page read and write
|
||
|
16D7000
|
heap
|
page read and write
|
||
|
B297000
|
heap
|
page read and write
|
||
|
FF4FF000
|
trusted library allocation
|
page execute read
|
||
|
124D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7211000
|
heap
|
page read and write
|
||
|
D240000
|
trusted library allocation
|
page read and write
|
||
|
7327000
|
heap
|
page read and write
|
||
|
FF504000
|
trusted library allocation
|
page execute read
|
||
|
5F60000
|
trusted library allocation
|
page read and write
|
||
|
7130000
|
heap
|
page read and write
|
||
|
FF502000
|
trusted library allocation
|
page execute read
|
||
|
376A000
|
trusted library allocation
|
page read and write
|
||
|
61E0000
|
trusted library allocation
|
page read and write
|
||
|
13EA000
|
heap
|
page read and write
|
||
|
FF4CB000
|
trusted library allocation
|
page execute read
|
||
|
D290000
|
trusted library allocation
|
page read and write
|
||
|
61A0000
|
trusted library section
|
page read and write
|
||
|
5FF5000
|
heap
|
page read and write
|
||
|
1B06000
|
trusted library allocation
|
page execute and read and write
|
||
|
FF4C6000
|
trusted library allocation
|
page execute read
|
||
|
FF4EF000
|
trusted library allocation
|
page execute read
|
||
|
B0B0000
|
heap
|
page read and write
|
||
|
17D4000
|
trusted library allocation
|
page read and write
|
||
|
50BE000
|
stack
|
page read and write
|
||
|
5DAD000
|
stack
|
page read and write
|
||
|
12A8000
|
stack
|
page read and write
|
||
|
6E00000
|
heap
|
page read and write
|
||
|
4033000
|
trusted library allocation
|
page read and write
|
||
|
5B6E000
|
stack
|
page read and write
|
||
|
6026000
|
heap
|
page read and write
|
||
|
3FCD000
|
trusted library allocation
|
page read and write
|
||
|
D750000
|
trusted library allocation
|
page read and write
|
||
|
1B1B000
|
trusted library allocation
|
page execute and read and write
|
||
|
63F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6390000
|
trusted library allocation
|
page read and write
|
||
|
785E000
|
stack
|
page read and write
|
||
|
B321000
|
heap
|
page read and write
|
||
|
1B12000
|
trusted library allocation
|
page read and write
|
||
|
1272000
|
trusted library allocation
|
page read and write
|
||
|
B259000
|
heap
|
page read and write
|
||
|
1230000
|
trusted library allocation
|
page read and write
|
||
|
7BA0000
|
trusted library allocation
|
page read and write
|
||
|
5F8D000
|
heap
|
page read and write
|
||
|
13DB000
|
heap
|
page read and write
|
||
|
B0A0000
|
trusted library allocation
|
page read and write
|
||
|
FF4F9000
|
trusted library allocation
|
page execute read
|
||
|
9FA000
|
unkown
|
page readonly
|
||
|
D190000
|
trusted library allocation
|
page read and write
|
||
|
7266000
|
heap
|
page read and write
|
||
|
5B10000
|
trusted library section
|
page read and write
|
||
|
604F000
|
heap
|
page read and write
|
||
|
5A2000
|
unkown
|
page readonly
|
||
|
B040000
|
trusted library allocation
|
page execute and read and write
|
||
|
393F000
|
trusted library allocation
|
page read and write
|
||
|
54AE000
|
stack
|
page read and write
|
||
|
1B87000
|
heap
|
page read and write
|
||
|
FF4D5000
|
trusted library allocation
|
page execute read
|
||
|
D320000
|
trusted library allocation
|
page read and write
|
||
|
7AB0000
|
trusted library allocation
|
page read and write
|
||
|
5990000
|
trusted library allocation
|
page read and write
|
||
|
636000
|
unkown
|
page readonly
|
||
|
346C000
|
stack
|
page read and write
|
||
|
62D6000
|
heap
|
page read and write
|
||
|
3470000
|
trusted library allocation
|
page execute and read and write
|
||
|
D300000
|
trusted library allocation
|
page read and write
|
||
|
7560000
|
trusted library allocation
|
page read and write
|
||
|
1B7E000
|
stack
|
page read and write
|
||
|
3FC7000
|
trusted library allocation
|
page read and write
|
||
|
5CAC000
|
stack
|
page read and write
|
||
|
6910000
|
heap
|
page execute and read and write
|
||
|
1824000
|
heap
|
page read and write
|
||
|
5440000
|
trusted library section
|
page read and write
|
||
|
72B0000
|
heap
|
page read and write
|
||
|
5AE0000
|
trusted library allocation
|
page read and write
|
||
|
375B000
|
trusted library allocation
|
page read and write
|
||
|
5A0000
|
unkown
|
page readonly
|
||
|
B11D000
|
heap
|
page read and write
|
||
|
7294000
|
heap
|
page read and write
|
||
|
B32B000
|
heap
|
page read and write
|
||
|
180E000
|
stack
|
page read and write
|
||
|
19F0000
|
heap
|
page read and write
|
||
|
D270000
|
trusted library allocation
|
page execute and read and write
|
||
|
B0E5000
|
heap
|
page read and write
|
||
|
61C0000
|
trusted library allocation
|
page read and write
|
||
|
FF4C9000
|
trusted library allocation
|
page execute read
|
||
|
7081000
|
heap
|
page read and write
|
||
|
6580000
|
heap
|
page read and write
|
||
|
1275000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FC1000
|
trusted library allocation
|
page read and write
|
||
|
750F000
|
trusted library allocation
|
page read and write
|
||
|
FF4E1000
|
trusted library allocation
|
page execute read
|
||
|
B20D000
|
heap
|
page read and write
|
||
|
7191000
|
heap
|
page read and write
|
||
|
1257000
|
trusted library allocation
|
page read and write
|
||
|
7028000
|
stack
|
page read and write
|
||
|
17D3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7075000
|
heap
|
page read and write
|
||
|
5410000
|
trusted library allocation
|
page read and write
|
||
|
D372000
|
trusted library allocation
|
page read and write
|
||
|
1441000
|
heap
|
page read and write
|
||
|
730B000
|
heap
|
page read and write
|
||
|
FF4D7000
|
trusted library allocation
|
page execute read
|
||
|
FF500000
|
trusted library allocation
|
page execute read
|
||
|
D310000
|
trusted library allocation
|
page read and write
|
||
|
754B000
|
trusted library allocation
|
page read and write
|
||
|
12EE000
|
stack
|
page read and write
|
||
|
7550000
|
trusted library allocation
|
page read and write
|
||
|
625E000
|
stack
|
page read and write
|
||
|
7AD0000
|
trusted library allocation
|
page read and write
|
||
|
B2A9000
|
heap
|
page read and write
|
||
|
69C0000
|
trusted library allocation
|
page read and write
|
||
|
FF4C1000
|
trusted library allocation
|
page execute read
|
||
|
13D2000
|
heap
|
page read and write
|
||
|
FF4D1000
|
trusted library allocation
|
page execute read
|
||
|
5C60000
|
heap
|
page read and write
|
||
|
17D0000
|
trusted library allocation
|
page read and write
|
||
|
FF510000
|
trusted library allocation
|
page execute and read and write
|
||
|
127B000
|
trusted library allocation
|
page execute and read and write
|
||
|
7BB0000
|
trusted library allocation
|
page read and write
|
||
|
6900000
|
heap
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
72C2000
|
heap
|
page read and write
|
||
|
FF4E3000
|
trusted library allocation
|
page execute read
|
||
|
362E000
|
stack
|
page read and write
|
||
|
D1C0000
|
trusted library allocation
|
page read and write
|
||
|
391F000
|
trusted library allocation
|
page read and write
|
||
|
71DE000
|
heap
|
page read and write
|
||
|
1B02000
|
trusted library allocation
|
page read and write
|
||
|
7529000
|
trusted library allocation
|
page read and write
|
||
|
7A9C000
|
stack
|
page read and write
|
||
|
7AC0000
|
trusted library allocation
|
page read and write
|
||
|
B181000
|
heap
|
page read and write
|
||
|
5F9B000
|
heap
|
page read and write
|
||
|
608E000
|
stack
|
page read and write
|
||
|
59D3000
|
heap
|
page execute and read and write
|
||
|
5F3B000
|
stack
|
page read and write
|
||
|
126A000
|
trusted library allocation
|
page execute and read and write
|
||
|
D1A0000
|
trusted library allocation
|
page read and write
|
||
|
718C000
|
heap
|
page read and write
|
||
|
D770000
|
trusted library allocation
|
page read and write
|
||
|
6B4D000
|
stack
|
page read and write
|
||
|
6C4E000
|
stack
|
page read and write
|
||
|
D2D0000
|
trusted library allocation
|
page read and write
|
||
|
3651000
|
trusted library allocation
|
page read and write
|
||
|
62DE000
|
heap
|
page read and write
|
||
|
D2A0000
|
trusted library allocation
|
page read and write
|
||
|
7533000
|
trusted library allocation
|
page read and write
|
||
|
B10C000
|
heap
|
page read and write
|
||
|
71BA000
|
heap
|
page read and write
|
||
|
B29F000
|
heap
|
page read and write
|
||
|
55AE000
|
stack
|
page read and write
|
||
|
3923000
|
trusted library allocation
|
page read and write
|
||
|
FF4EB000
|
trusted library allocation
|
page execute read
|
||
|
7030000
|
heap
|
page read and write
|
||
|
FF4F3000
|
trusted library allocation
|
page execute read
|
||
|
342F000
|
stack
|
page read and write
|
||
|
B090000
|
trusted library allocation
|
page read and write
|
||
|
720C000
|
heap
|
page read and write
|
||
|
7048000
|
heap
|
page read and write
|
||
|
582E000
|
stack
|
page read and write
|
||
|
FF4ED000
|
trusted library allocation
|
page execute read
|
||
|
3913000
|
trusted library allocation
|
page read and write
|
||
|
B24B000
|
heap
|
page read and write
|
||
|
10F8000
|
stack
|
page read and write
|
||
|
6065000
|
heap
|
page read and write
|
||
|
D2C0000
|
trusted library allocation
|
page read and write
|
||
|
13A5000
|
stack
|
page read and write
|
||
|
6DB0000
|
trusted library allocation
|
page read and write
|
||
|
6DB5000
|
trusted library allocation
|
page read and write
|
||
|
1B15000
|
trusted library allocation
|
page execute and read and write
|
||
|
17C0000
|
heap
|
page read and write
|
||
|
1240000
|
trusted library allocation
|
page read and write
|
||
|
B2E3000
|
heap
|
page read and write
|
||
|
D2F0000
|
trusted library allocation
|
page read and write
|
||
|
7177000
|
heap
|
page read and write
|
||
|
7526000
|
trusted library allocation
|
page read and write
|
||
|
722F000
|
heap
|
page read and write
|
||
|
FF4E8000
|
trusted library allocation
|
page readonly
|
||
|
180A000
|
heap
|
page read and write
|
||
|
1B30000
|
trusted library allocation
|
page read and write
|
||
|
6E20000
|
trusted library allocation
|
page execute and read and write
|
||
|
B163000
|
heap
|
page read and write
|
||
|
59D0000
|
heap
|
page execute and read and write
|
||
|
72F4000
|
heap
|
page read and write
|
||
|
5C70000
|
heap
|
page read and write
|
||
|
7275000
|
heap
|
page read and write
|
||
|
D220000
|
trusted library allocation
|
page read and write
|
||
|
5E5E000
|
stack
|
page read and write
|
||
|
17DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
6E32000
|
trusted library allocation
|
page read and write
|
||
|
5EE0000
|
heap
|
page read and write
|
||
|
B0F2000
|
heap
|
page read and write
|
||
|
FF4F5000
|
trusted library allocation
|
page execute read
|
||
|
5430000
|
heap
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
7AA0000
|
trusted library allocation
|
page read and write
|
||
|
7172000
|
heap
|
page read and write
|
||
|
B01000
|
unkown
|
page readonly
|
||
|
FF50C000
|
trusted library allocation
|
page execute read
|
||
|
3490000
|
trusted library allocation
|
page read and write
|
||
|
6D8E000
|
stack
|
page read and write
|
||
|
1259000
|
trusted library allocation
|
page read and write
|
||
|
63B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6E10000
|
trusted library section
|
page read and write
|
||
|
FF501000
|
trusted library allocation
|
page readonly
|
||
|
7072000
|
heap
|
page read and write
|
||
|
7044000
|
heap
|
page read and write
|
||
|
FF50D000
|
trusted library allocation
|
page readonly
|
||
|
600F000
|
heap
|
page read and write
|
||
|
620000
|
unkown
|
page readonly
|
||
|
3FC9000
|
trusted library allocation
|
page read and write
|
||
|
3498000
|
trusted library allocation
|
page read and write
|
||
|
FF4F1000
|
trusted library allocation
|
page execute read
|
||
|
59E0000
|
heap
|
page read and write
|
||
|
FF505000
|
trusted library allocation
|
page readonly
|
||
|
D7B0000
|
trusted library allocation
|
page read and write
|
||
|
7535000
|
trusted library allocation
|
page read and write
|
||
|
6E30000
|
trusted library allocation
|
page read and write
|
||
|
B080000
|
trusted library allocation
|
page read and write
|
||
|
799D000
|
stack
|
page read and write
|
||
|
62D4000
|
heap
|
page read and write
|
||
|
55EE000
|
stack
|
page read and write
|
||
|
724C000
|
heap
|
page read and write
|
||
|
B1AB000
|
heap
|
page read and write
|
||
|
7AE0000
|
trusted library allocation
|
page read and write
|
||
|
B0ED000
|
heap
|
page read and write
|
||
|
B1A1000
|
heap
|
page read and write
|
||
|
D210000
|
trusted library allocation
|
page read and write
|
||
|
B13D000
|
heap
|
page read and write
|
||
|
DDD000
|
stack
|
page read and write
|
||
|
71C5000
|
heap
|
page read and write
|
||
|
5F5E000
|
stack
|
page read and write
|
||
|
FF4DB000
|
trusted library allocation
|
page execute read
|
||
|
D780000
|
trusted library allocation
|
page read and write
|
||
|
B060000
|
trusted library allocation
|
page read and write
|
||
|
3911000
|
trusted library allocation
|
page read and write
|
||
|
1266000
|
trusted library allocation
|
page execute and read and write
|
||
|
3630000
|
trusted library allocation
|
page read and write
|
||
|
C9A000
|
unkown
|
page readonly
|
||
|
1810000
|
heap
|
page read and write
|
||
|
471E000
|
trusted library allocation
|
page read and write
|
||
|
7282000
|
heap
|
page read and write
|
||
|
7202000
|
heap
|
page read and write
|
||
|
7514000
|
trusted library allocation
|
page read and write
|
||
|
596E000
|
stack
|
page read and write
|
||
|
1390000
|
heap
|
page read and write
|
||
|
5C5F000
|
stack
|
page read and write
|
||
|
406D000
|
trusted library allocation
|
page read and write
|
||
|
B2AF000
|
heap
|
page read and write
|
||
|
125D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1816000
|
heap
|
page read and write
|
||
|
4770000
|
trusted library allocation
|
page read and write
|
||
|
17E8000
|
heap
|
page read and write
|
||
|
13B0000
|
heap
|
page read and write
|
||
|
1B10000
|
trusted library allocation
|
page read and write
|
||
|
D2A000
|
stack
|
page read and write
|
||
|
7183000
|
heap
|
page read and write
|
||
|
6400000
|
trusted library section
|
page read and write
|
||
|
7502000
|
trusted library allocation
|
page read and write
|
||
|
181C000
|
heap
|
page read and write
|
||
|
59E4000
|
heap
|
page read and write
|
||
|
5FBE000
|
heap
|
page read and write
|
||
|
7BE0000
|
heap
|
page read and write
|
||
|
5B5E000
|
stack
|
page read and write
|
||
|
1250000
|
trusted library allocation
|
page read and write
|
||
|
19F7000
|
heap
|
page read and write
|
||
|
7720000
|
trusted library allocation
|
page read and write
|
||
|
A84000
|
unkown
|
page readonly
|
||
|
13CF000
|
heap
|
page read and write
|
||
|
63E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6E39000
|
trusted library allocation
|
page read and write
|
||
|
D1E0000
|
trusted library allocation
|
page read and write
|
||
|
5460000
|
heap
|
page execute and read and write
|
||
|
FF4E6000
|
trusted library allocation
|
page execute read
|
||
|
7040000
|
heap
|
page read and write
|
||
|
1260000
|
trusted library allocation
|
page read and write
|
||
|
B154000
|
heap
|
page read and write
|
||
|
1290000
|
trusted library allocation
|
page read and write
|
||
|
19ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FCA000
|
trusted library allocation
|
page read and write
|
||
|
720F000
|
heap
|
page read and write
|
||
|
630F000
|
heap
|
page read and write
|
||
|
3FF1000
|
trusted library allocation
|
page read and write
|
||
|
7730000
|
trusted library allocation
|
page read and write
|
||
|
FF4C3000
|
trusted library allocation
|
page readonly
|
||
|
B122000
|
heap
|
page read and write
|
||
|
71D5000
|
heap
|
page read and write
|
||
|
6067000
|
heap
|
page read and write
|
||
|
D7A0000
|
trusted library allocation
|
page read and write
|
||
|
1B00000
|
trusted library allocation
|
page read and write
|
||
|
C88000
|
unkown
|
page readonly
|
||
|
5FC1000
|
heap
|
page read and write
|
||
|
D230000
|
trusted library allocation
|
page read and write
|
||
|
FF4C0000
|
trusted library allocation
|
page readonly
|
||
|
61B0000
|
trusted library section
|
page read and write
|
||
|
5AE6000
|
trusted library allocation
|
page read and write
|
||
|
D340000
|
trusted library allocation
|
page read and write
|
||
|
56EF000
|
stack
|
page read and write
|
||
|
795C000
|
stack
|
page read and write
|
||
|
7540000
|
trusted library allocation
|
page read and write
|
||
|
B2A7000
|
heap
|
page read and write
|
||
|
D1D0000
|
trusted library allocation
|
page read and write
|
||
|
3FC1000
|
trusted library allocation
|
page read and write
|
||
|
572E000
|
stack
|
page read and write
|
||
|
586E000
|
stack
|
page read and write
|
||
|
5F80000
|
heap
|
page read and write
|
||
|
6040000
|
heap
|
page read and write
|
||
|
17E0000
|
heap
|
page read and write
|
There are 399 hidden memdumps, click here to show them.