Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
ISS GLOBAL FORWARDING UAE LLC.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\tmpF4E1.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\rOqlzaXqJObX.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\GUIVTme.exe.log
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ISS GLOBAL FORWARDING UAE LLC.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rOqlzaXqJObX.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2t4jqzug.g55.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3tjeortq.w1v.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4d2wjl41.bn0.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_esmun343.4lk.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hoj25hsp.fyi.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t5hrk0sv.nks.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vruxilob.wq2.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wll0xpjt.rpp.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp14AE.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\GUIVTme\GUIVTme.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
modified
|
||
|
C:\Users\user\AppData\Roaming\rOqlzaXqJObX.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 9 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\ISS GLOBAL FORWARDING UAE LLC.exe
|
"C:\Users\user\Desktop\ISS GLOBAL FORWARDING UAE LLC.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ISS GLOBAL
FORWARDING UAE LLC.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\rOqlzaXqJObX.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\rOqlzaXqJObX" /XML "C:\Users\user\AppData\Local\Temp\tmpF4E1.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\rOqlzaXqJObX.exe
|
C:\Users\user\AppData\Roaming\rOqlzaXqJObX.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\rOqlzaXqJObX" /XML "C:\Users\user\AppData\Local\Temp\tmp14AE.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\GUIVTme\GUIVTme.exe
|
"C:\Users\user\AppData\Roaming\GUIVTme\GUIVTme.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\GUIVTme\GUIVTme.exe
|
"C:\Users\user\AppData\Roaming\GUIVTme\GUIVTme.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 7 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://mail.unitechautomations.com
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://www.chiark.greenend.org.uk/~sgtatham/putty/0
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.unitechautomations.com
|
192.185.129.60
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.185.129.60
|
mail.unitechautomations.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
GUIVTme
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
6E90000
|
trusted library section
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
3039000
|
trusted library allocation
|
page read and write
|
|
|
|
2F9C000
|
trusted library allocation
|
page read and write
|
|
|
|
28D9000
|
trusted library allocation
|
page read and write
|
|
|
|
2A11000
|
trusted library allocation
|
page read and write
|
|
|
|
3FED000
|
trusted library allocation
|
page read and write
|
|
|
|
300A000
|
trusted library allocation
|
page read and write
|
|
|
|
388C000
|
trusted library allocation
|
page read and write
|
|
|
|
2A62000
|
trusted library allocation
|
page read and write
|
|
|
|
2A6A000
|
trusted library allocation
|
page read and write
|
|
|
|
25B1000
|
trusted library allocation
|
page read and write
|
|
|
|
3002000
|
trusted library allocation
|
page read and write
|
|
|
|
2D11000
|
trusted library allocation
|
page read and write
|
|
|
|
384B000
|
trusted library allocation
|
page read and write
|
||
|
617F000
|
stack
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
980D000
|
stack
|
page read and write
|
||
|
50C3000
|
heap
|
page read and write
|
||
|
2EBF000
|
trusted library allocation
|
page read and write
|
||
|
B76000
|
trusted library allocation
|
page read and write
|
||
|
E40000
|
trusted library allocation
|
page read and write
|
||
|
7A1E000
|
stack
|
page read and write
|
||
|
1120000
|
heap
|
page read and write
|
||
|
506E000
|
stack
|
page read and write
|
||
|
6060000
|
trusted library allocation
|
page read and write
|
||
|
2E3D000
|
stack
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
8C77000
|
trusted library allocation
|
page read and write
|
||
|
5410000
|
heap
|
page read and write
|
||
|
30FF000
|
stack
|
page read and write
|
||
|
2EC3000
|
trusted library allocation
|
page read and write
|
||
|
7F4000
|
heap
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
5420000
|
trusted library allocation
|
page read and write
|
||
|
2DA8000
|
trusted library allocation
|
page read and write
|
||
|
4EF6000
|
trusted library allocation
|
page read and write
|
||
|
3110000
|
heap
|
page read and write
|
||
|
305E000
|
unkown
|
page read and write
|
||
|
4D0E000
|
stack
|
page read and write
|
||
|
542E000
|
trusted library allocation
|
page read and write
|
||
|
77D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
3000000
|
trusted library allocation
|
page read and write
|
||
|
BDD000
|
trusted library allocation
|
page execute and read and write
|
||
|
14C7000
|
trusted library allocation
|
page execute and read and write
|
||
|
D3F000
|
stack
|
page read and write
|
||
|
12F7000
|
heap
|
page read and write
|
||
|
D71000
|
heap
|
page read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
58BF000
|
stack
|
page read and write
|
||
|
66BE000
|
stack
|
page read and write
|
||
|
E5A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A60000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page execute and read and write
|
||
|
B5F000
|
heap
|
page read and write
|
||
|
4ABE000
|
stack
|
page read and write
|
||
|
26EF000
|
trusted library allocation
|
page read and write
|
||
|
2CF2000
|
trusted library allocation
|
page read and write
|
||
|
10F0000
|
trusted library allocation
|
page read and write
|
||
|
5400000
|
trusted library allocation
|
page read and write
|
||
|
4F5E000
|
stack
|
page read and write
|
||
|
5580000
|
heap
|
page read and write
|
||
|
958C000
|
stack
|
page read and write
|
||
|
2F00000
|
heap
|
page read and write
|
||
|
E3F000
|
stack
|
page read and write
|
||
|
59D0000
|
heap
|
page read and write
|
||
|
944E000
|
stack
|
page read and write
|
||
|
4F8E000
|
stack
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
FB5000
|
heap
|
page read and write
|
||
|
310B000
|
heap
|
page read and write
|
||
|
DD7000
|
heap
|
page read and write
|
||
|
775F000
|
trusted library allocation
|
page read and write
|
||
|
14C0000
|
trusted library allocation
|
page read and write
|
||
|
E85000
|
heap
|
page read and write
|
||
|
6BB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A50000
|
trusted library allocation
|
page read and write
|
||
|
10CE000
|
stack
|
page read and write
|
||
|
633E000
|
stack
|
page read and write
|
||
|
CD9000
|
stack
|
page read and write
|
||
|
4A70000
|
trusted library allocation
|
page read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
52D0000
|
trusted library allocation
|
page read and write
|
||
|
2A77000
|
trusted library allocation
|
page read and write
|
||
|
65DE000
|
stack
|
page read and write
|
||
|
2E7C000
|
stack
|
page read and write
|
||
|
B0000
|
unkown
|
page readonly
|
||
|
2CE6000
|
trusted library allocation
|
page read and write
|
||
|
ADE000
|
stack
|
page read and write
|
||
|
14D8000
|
heap
|
page read and write
|
||
|
2E79000
|
stack
|
page read and write
|
||
|
3A7C000
|
trusted library allocation
|
page read and write
|
||
|
535E000
|
stack
|
page read and write
|
||
|
7750000
|
trusted library allocation
|
page read and write
|
||
|
1100000
|
trusted library allocation
|
page read and write
|
||
|
4CDE000
|
stack
|
page read and write
|
||
|
ABE000
|
stack
|
page read and write
|
||
|
B1E000
|
stack
|
page read and write
|
||
|
410C000
|
trusted library allocation
|
page read and write
|
||
|
5446000
|
trusted library allocation
|
page read and write
|
||
|
6D90000
|
heap
|
page read and write
|
||
|
9C0000
|
trusted library allocation
|
page read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
23B7000
|
trusted library allocation
|
page execute and read and write
|
||
|
968C000
|
stack
|
page read and write
|
||
|
BE4000
|
trusted library allocation
|
page read and write
|
||
|
657C000
|
trusted library allocation
|
page read and write
|
||
|
A55000
|
heap
|
page read and write
|
||
|
6FB0000
|
trusted library allocation
|
page read and write
|
||
|
28BE000
|
stack
|
page read and write
|
||
|
2EB6000
|
trusted library allocation
|
page read and write
|
||
|
564E000
|
stack
|
page read and write
|
||
|
954F000
|
stack
|
page read and write
|
||
|
110D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4CCE000
|
stack
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
C40000
|
trusted library allocation
|
page read and write
|
||
|
35B1000
|
trusted library allocation
|
page read and write
|
||
|
A57B000
|
stack
|
page read and write
|
||
|
509E000
|
stack
|
page read and write
|
||
|
B70000
|
trusted library allocation
|
page read and write
|
||
|
531E000
|
stack
|
page read and write
|
||
|
2EBD000
|
trusted library allocation
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
51F6000
|
trusted library allocation
|
page read and write
|
||
|
857000
|
heap
|
page read and write
|
||
|
4F0E000
|
trusted library allocation
|
page read and write
|
||
|
4DEE000
|
stack
|
page read and write
|
||
|
536000
|
stack
|
page read and write
|
||
|
E58000
|
heap
|
page read and write
|
||
|
12B6000
|
heap
|
page read and write
|
||
|
A1BF000
|
stack
|
page read and write
|
||
|
4D20000
|
heap
|
page execute and read and write
|
||
|
63BE000
|
stack
|
page read and write
|
||
|
519E000
|
stack
|
page read and write
|
||
|
74DE000
|
heap
|
page read and write
|
||
|
7CE000
|
heap
|
page read and write
|
||
|
A67C000
|
stack
|
page read and write
|
||
|
4D00000
|
trusted library allocation
|
page execute and read and write
|
||
|
6EA0000
|
trusted library allocation
|
page read and write
|
||
|
37A3000
|
trusted library allocation
|
page read and write
|
||
|
2B90000
|
trusted library allocation
|
page execute and read and write
|
||
|
C6B000
|
trusted library allocation
|
page read and write
|
||
|
930E000
|
stack
|
page read and write
|
||
|
4C9E000
|
stack
|
page read and write
|
||
|
79A000
|
trusted library allocation
|
page execute and read and write
|
||
|
B1F000
|
stack
|
page read and write
|
||
|
60E7000
|
trusted library allocation
|
page read and write
|
||
|
A0E000
|
stack
|
page read and write
|
||
|
5AE0000
|
trusted library allocation
|
page read and write
|
||
|
3F8B000
|
trusted library allocation
|
page read and write
|
||
|
BA6000
|
heap
|
page read and write
|
||
|
BBF000
|
stack
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
55DE000
|
stack
|
page read and write
|
||
|
2F8E000
|
stack
|
page read and write
|
||
|
66C0000
|
trusted library allocation
|
page read and write
|
||
|
2CC0000
|
trusted library allocation
|
page read and write
|
||
|
E47000
|
trusted library allocation
|
page execute and read and write
|
||
|
25A0000
|
heap
|
page execute and read and write
|
||
|
10DF000
|
stack
|
page read and write
|
||
|
521E000
|
stack
|
page read and write
|
||
|
4EFB000
|
trusted library allocation
|
page read and write
|
||
|
53F4000
|
trusted library allocation
|
page read and write
|
||
|
307E000
|
unkown
|
page read and write
|
||
|
14D0000
|
heap
|
page read and write
|
||
|
637E000
|
stack
|
page read and write
|
||
|
7840000
|
trusted library section
|
page read and write
|
||
|
C30000
|
trusted library allocation
|
page read and write
|
||
|
4D70000
|
trusted library allocation
|
page read and write
|
||
|
E5E000
|
heap
|
page read and write
|
||
|
4BBF000
|
stack
|
page read and write
|
||
|
4ECE000
|
stack
|
page read and write
|
||
|
5AF0000
|
heap
|
page read and write
|
||
|
2E86000
|
trusted library allocation
|
page read and write
|
||
|
52C0000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
C8E000
|
stack
|
page read and write
|
||
|
5540000
|
heap
|
page read and write
|
||
|
65E0000
|
trusted library allocation
|
page read and write
|
||
|
4C5E000
|
stack
|
page read and write
|
||
|
3FFB000
|
trusted library allocation
|
page read and write
|
||
|
783000
|
trusted library allocation
|
page read and write
|
||
|
46AC000
|
stack
|
page read and write
|
||
|
5280000
|
heap
|
page read and write
|
||
|
773000
|
trusted library allocation
|
page execute and read and write
|
||
|
7B30000
|
heap
|
page read and write
|
||
|
2CD0000
|
trusted library allocation
|
page read and write
|
||
|
2CDE000
|
trusted library allocation
|
page read and write
|
||
|
1110000
|
trusted library allocation
|
page read and write
|
||
|
6570000
|
trusted library allocation
|
page read and write
|
||
|
51F0000
|
trusted library allocation
|
page read and write
|
||
|
770000
|
trusted library allocation
|
page read and write
|
||
|
2CAE000
|
stack
|
page read and write
|
||
|
53D0000
|
heap
|
page read and write
|
||
|
C8D000
|
trusted library allocation
|
page read and write
|
||
|
4BC0000
|
trusted library allocation
|
page read and write
|
||
|
4D4E000
|
stack
|
page read and write
|
||
|
790000
|
trusted library allocation
|
page read and write
|
||
|
A2FE000
|
stack
|
page read and write
|
||
|
5240000
|
trusted library allocation
|
page read and write
|
||
|
3D11000
|
trusted library allocation
|
page read and write
|
||
|
2CE2000
|
trusted library allocation
|
page read and write
|
||
|
E67000
|
trusted library allocation
|
page execute and read and write
|
||
|
C53000
|
heap
|
page read and write
|
||
|
5BA000
|
stack
|
page read and write
|
||
|
2A00000
|
heap
|
page read and write
|
||
|
420000
|
unkown
|
page readonly
|
||
|
C60000
|
trusted library allocation
|
page read and write
|
||
|
1280000
|
heap
|
page read and write
|
||
|
549E000
|
stack
|
page read and write
|
||
|
4F34000
|
trusted library allocation
|
page read and write
|
||
|
687E000
|
stack
|
page read and write
|
||
|
3861000
|
trusted library allocation
|
page read and write
|
||
|
2D20000
|
trusted library allocation
|
page execute and read and write
|
||
|
5413000
|
heap
|
page read and write
|
||
|
5452000
|
trusted library allocation
|
page read and write
|
||
|
5AE7000
|
trusted library allocation
|
page read and write
|
||
|
7A7000
|
trusted library allocation
|
page execute and read and write
|
||
|
67BE000
|
stack
|
page read and write
|
||
|
5330000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
7A9E000
|
stack
|
page read and write
|
||
|
3A11000
|
trusted library allocation
|
page read and write
|
||
|
2B4E000
|
stack
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
5530000
|
heap
|
page execute and read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
1116000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D75000
|
trusted library allocation
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
4F6E000
|
stack
|
page read and write
|
||
|
61E0000
|
heap
|
page read and write
|
||
|
2F10000
|
heap
|
page read and write
|
||
|
543A000
|
trusted library allocation
|
page read and write
|
||
|
6590000
|
trusted library allocation
|
page execute and read and write
|
||
|
6C60000
|
heap
|
page read and write
|
||
|
4F11000
|
trusted library allocation
|
page read and write
|
||
|
36B9000
|
trusted library allocation
|
page read and write
|
||
|
3100000
|
heap
|
page read and write
|
||
|
6340000
|
heap
|
page read and write
|
||
|
7782000
|
heap
|
page read and write
|
||
|
74C0000
|
heap
|
page read and write
|
||
|
550E000
|
stack
|
page read and write
|
||
|
6080000
|
trusted library allocation
|
page execute and read and write
|
||
|
7AD0000
|
trusted library allocation
|
page read and write
|
||
|
6057000
|
trusted library allocation
|
page read and write
|
||
|
4F0A000
|
trusted library allocation
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
4D10000
|
heap
|
page read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
2CB0000
|
trusted library allocation
|
page read and write
|
||
|
75F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
544D000
|
trusted library allocation
|
page read and write
|
||
|
3FB9000
|
trusted library allocation
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
EB0000
|
trusted library allocation
|
page read and write
|
||
|
BC0000
|
trusted library allocation
|
page read and write
|
||
|
E62000
|
trusted library allocation
|
page read and write
|
||
|
F00000
|
heap
|
page read and write
|
||
|
607C000
|
trusted library allocation
|
page read and write
|
||
|
6200000
|
heap
|
page read and write
|
||
|
3F91000
|
trusted library allocation
|
page read and write
|
||
|
1112000
|
trusted library allocation
|
page read and write
|
||
|
E30000
|
trusted library allocation
|
page read and write
|
||
|
5426000
|
trusted library allocation
|
page read and write
|
||
|
9BF000
|
stack
|
page read and write
|
||
|
5060000
|
heap
|
page execute and read and write
|
||
|
7362000
|
trusted library allocation
|
page read and write
|
||
|
A7BE000
|
stack
|
page read and write
|
||
|
14CB000
|
trusted library allocation
|
page execute and read and write
|
||
|
10F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A20000
|
trusted library allocation
|
page execute and read and write
|
||
|
A33D000
|
stack
|
page read and write
|
||
|
78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EB9000
|
trusted library allocation
|
page read and write
|
||
|
792000
|
trusted library allocation
|
page read and write
|
||
|
6E30000
|
heap
|
page read and write
|
||
|
53F0000
|
trusted library allocation
|
page read and write
|
||
|
5333000
|
heap
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
2D10000
|
trusted library allocation
|
page read and write
|
||
|
9FBD000
|
stack
|
page read and write
|
||
|
366B000
|
trusted library allocation
|
page read and write
|
||
|
4A30000
|
trusted library allocation
|
page read and write
|
||
|
29BE000
|
stack
|
page read and write
|
||
|
74D0000
|
heap
|
page read and write
|
||
|
43E000
|
remote allocation
|
page execute and read and write
|
||
|
9FC0000
|
heap
|
page read and write
|
||
|
D99000
|
heap
|
page read and write
|
||
|
10F4000
|
trusted library allocation
|
page read and write
|
||
|
B75000
|
heap
|
page read and write
|
||
|
C10000
|
trusted library allocation
|
page execute and read and write
|
||
|
E3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6FD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
844000
|
heap
|
page read and write
|
||
|
806000
|
heap
|
page read and write
|
||
|
2CCB000
|
trusted library allocation
|
page read and write
|
||
|
566E000
|
stack
|
page read and write
|
||
|
BD3000
|
trusted library allocation
|
page execute and read and write
|
||
|
E50000
|
trusted library allocation
|
page read and write
|
||
|
4D60000
|
trusted library allocation
|
page execute and read and write
|
||
|
5290000
|
trusted library allocation
|
page execute and read and write
|
||
|
EEC000
|
stack
|
page read and write
|
||
|
7740000
|
heap
|
page read and write
|
||
|
5F92000
|
heap
|
page read and write
|
||
|
4EFE000
|
trusted library allocation
|
page read and write
|
||
|
E56000
|
trusted library allocation
|
page execute and read and write
|
||
|
2480000
|
heap
|
page read and write
|
||
|
828000
|
heap
|
page read and write
|
||
|
52DE000
|
trusted library allocation
|
page read and write
|
||
|
52A0000
|
trusted library allocation
|
page read and write
|
||
|
EC0000
|
trusted library allocation
|
page read and write
|
||
|
5560000
|
trusted library section
|
page readonly
|
||
|
B2000
|
unkown
|
page readonly
|
||
|
67F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
84B000
|
heap
|
page read and write
|
||
|
60E0000
|
trusted library allocation
|
page read and write
|
||
|
7DA000
|
stack
|
page read and write
|
||
|
2850000
|
heap
|
page read and write
|
||
|
4EAC000
|
stack
|
page read and write
|
||
|
4BC000
|
stack
|
page read and write
|
||
|
EA0000
|
heap
|
page execute and read and write
|
||
|
B6A000
|
heap
|
page read and write
|
||
|
760000
|
trusted library allocation
|
page read and write
|
||
|
2D9E000
|
stack
|
page read and write
|
||
|
7610000
|
trusted library allocation
|
page execute and read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
4F1D000
|
trusted library allocation
|
page read and write
|
||
|
6BA0000
|
heap
|
page read and write
|
||
|
51F4000
|
trusted library allocation
|
page read and write
|
||
|
5678000
|
trusted library allocation
|
page read and write
|
||
|
9A5000
|
heap
|
page read and write
|
||
|
5200000
|
trusted library allocation
|
page read and write
|
||
|
604E000
|
stack
|
page read and write
|
||
|
65E7000
|
trusted library allocation
|
page read and write
|
||
|
2B00000
|
trusted library allocation
|
page read and write
|
||
|
361D000
|
trusted library allocation
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
6C6E000
|
heap
|
page read and write
|
||
|
E34000
|
trusted library allocation
|
page read and write
|
||
|
573C000
|
stack
|
page read and write
|
||
|
6564000
|
trusted library allocation
|
page read and write
|
||
|
C86000
|
trusted library allocation
|
page read and write
|
||
|
900D000
|
stack
|
page read and write
|
||
|
5520000
|
trusted library allocation
|
page read and write
|
||
|
667E000
|
stack
|
page read and write
|
||
|
C92000
|
trusted library allocation
|
page read and write
|
||
|
4E2E000
|
stack
|
page read and write
|
||
|
7A2000
|
trusted library allocation
|
page read and write
|
||
|
3A39000
|
trusted library allocation
|
page read and write
|
||
|
71B0000
|
trusted library section
|
page read and write
|
||
|
9010000
|
heap
|
page read and write
|
||
|
2460000
|
heap
|
page execute and read and write
|
||
|
59D5000
|
heap
|
page read and write
|
||
|
CA8000
|
heap
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
245C000
|
stack
|
page read and write
|
||
|
BC6000
|
heap
|
page read and write
|
||
|
2CF0000
|
trusted library allocation
|
page read and write
|
||
|
309F000
|
unkown
|
page read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
505E000
|
stack
|
page read and write
|
||
|
605000
|
heap
|
page read and write
|
||
|
E77000
|
heap
|
page read and write
|
||
|
6560000
|
trusted library allocation
|
page read and write
|
||
|
EF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CE1000
|
trusted library allocation
|
page read and write
|
||
|
4D80000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CFB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CF5000
|
trusted library allocation
|
page execute and read and write
|
||
|
111A000
|
trusted library allocation
|
page execute and read and write
|
||
|
7757000
|
trusted library allocation
|
page read and write
|
||
|
2550000
|
trusted library allocation
|
page read and write
|
||
|
61D0000
|
trusted library allocation
|
page read and write
|
||
|
6580000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EC5000
|
trusted library allocation
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
5AE0000
|
heap
|
page read and write
|
||
|
780000
|
trusted library allocation
|
page read and write
|
||
|
C20000
|
trusted library allocation
|
page read and write
|
||
|
2F91000
|
trusted library allocation
|
page read and write
|
||
|
52F0000
|
heap
|
page execute and read and write
|
||
|
5ADD000
|
stack
|
page read and write
|
||
|
E65000
|
trusted library allocation
|
page execute and read and write
|
||
|
554E000
|
stack
|
page read and write
|
||
|
B2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5DC000
|
stack
|
page read and write
|
||
|
134F000
|
heap
|
page read and write
|
||
|
1500000
|
heap
|
page read and write
|
||
|
F20000
|
heap
|
page execute and read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
5F9E000
|
stack
|
page read and write
|
||
|
5220000
|
trusted library allocation
|
page read and write
|
||
|
2E80000
|
heap
|
page execute and read and write
|
||
|
53F6000
|
trusted library allocation
|
page read and write
|
||
|
D34000
|
heap
|
page read and write
|
||
|
2D50000
|
heap
|
page read and write
|
||
|
543E000
|
trusted library allocation
|
page read and write
|
||
|
E80000
|
trusted library allocation
|
page read and write
|
||
|
2CED000
|
trusted library allocation
|
page read and write
|
||
|
23B0000
|
trusted library allocation
|
page read and write
|
||
|
2CE6000
|
trusted library allocation
|
page execute and read and write
|
||
|
A8D000
|
trusted library allocation
|
page execute and read and write
|
||
|
97CE000
|
stack
|
page read and write
|
||
|
B20000
|
trusted library allocation
|
page read and write
|
||
|
6350000
|
heap
|
page read and write
|
||
|
5528000
|
trusted library allocation
|
page read and write
|
||
|
60DD000
|
stack
|
page read and write
|
||
|
4BAE000
|
stack
|
page read and write
|
||
|
4A10000
|
heap
|
page read and write
|
||
|
258E000
|
stack
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
508E000
|
stack
|
page read and write
|
||
|
E96000
|
heap
|
page read and write
|
||
|
6090000
|
trusted library allocation
|
page execute and read and write
|
||
|
130C000
|
heap
|
page read and write
|
||
|
23BB000
|
trusted library allocation
|
page execute and read and write
|
||
|
5315000
|
heap
|
page read and write
|
||
|
43A000
|
stack
|
page read and write
|
||
|
59B0000
|
heap
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
2861000
|
trusted library allocation
|
page read and write
|
||
|
54AC000
|
stack
|
page read and write
|
||
|
990F000
|
stack
|
page read and write
|
||
|
5F2C000
|
stack
|
page read and write
|
||
|
2D40000
|
trusted library allocation
|
page read and write
|
||
|
2CCD000
|
trusted library allocation
|
page execute and read and write
|
||
|
241E000
|
stack
|
page read and write
|
||
|
586E000
|
stack
|
page read and write
|
||
|
597E000
|
stack
|
page read and write
|
||
|
7640000
|
heap
|
page read and write
|
||
|
5310000
|
heap
|
page read and write
|
||
|
32A0000
|
heap
|
page read and write
|
||
|
422000
|
unkown
|
page readonly
|
||
|
559E000
|
stack
|
page read and write
|
||
|
5550000
|
trusted library allocation
|
page execute and read and write
|
||
|
282F000
|
stack
|
page read and write
|
||
|
6A70000
|
heap
|
page read and write
|
||
|
2580000
|
trusted library allocation
|
page read and write
|
||
|
8898000
|
trusted library allocation
|
page read and write
|
||
|
2CF7000
|
trusted library allocation
|
page execute and read and write
|
||
|
545E000
|
stack
|
page read and write
|
||
|
42A000
|
unkown
|
page readonly
|
||
|
10FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
FDF000
|
stack
|
page read and write
|
||
|
A43E000
|
stack
|
page read and write
|
||
|
A83000
|
trusted library allocation
|
page execute and read and write
|
||
|
6578000
|
trusted library allocation
|
page read and write
|
||
|
2777000
|
trusted library allocation
|
page read and write
|
||
|
D1E000
|
heap
|
page read and write
|
||
|
F30000
|
trusted library allocation
|
page read and write
|
||
|
4CF0000
|
trusted library section
|
page readonly
|
||
|
B40000
|
heap
|
page read and write
|
||
|
2CC0000
|
trusted library allocation
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
51CC000
|
stack
|
page read and write
|
||
|
5441000
|
trusted library allocation
|
page read and write
|
||
|
3591000
|
trusted library allocation
|
page read and write
|
||
|
59C0000
|
trusted library allocation
|
page read and write
|
||
|
3D2E000
|
trusted library allocation
|
page read and write
|
||
|
52D4000
|
trusted library allocation
|
page read and write
|
||
|
8B3E000
|
stack
|
page read and write
|
||
|
E20000
|
trusted library allocation
|
page read and write
|
||
|
562E000
|
stack
|
page read and write
|
||
|
EAE000
|
stack
|
page read and write
|
||
|
14D0000
|
heap
|
page read and write
|
||
|
B48000
|
heap
|
page read and write
|
||
|
3F03000
|
trusted library allocation
|
page read and write
|
||
|
4A18000
|
trusted library allocation
|
page read and write
|
||
|
5210000
|
trusted library allocation
|
page read and write
|
||
|
61C0000
|
trusted library allocation
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
133E000
|
heap
|
page read and write
|
||
|
587E000
|
stack
|
page read and write
|
||
|
61BE000
|
stack
|
page read and write
|
||
|
30DE000
|
stack
|
page read and write
|
||
|
2EC7000
|
trusted library allocation
|
page read and write
|
||
|
49FE000
|
stack
|
page read and write
|
||
|
50C0000
|
heap
|
page read and write
|
||
|
F40000
|
trusted library allocation
|
page read and write
|
||
|
1270000
|
heap
|
page read and write
|
||
|
C7E000
|
trusted library allocation
|
page read and write
|
||
|
E4B000
|
trusted library allocation
|
page execute and read and write
|
||
|
4188000
|
trusted library allocation
|
page read and write
|
||
|
4C60000
|
trusted library allocation
|
page execute and read and write
|
||
|
5D2C000
|
stack
|
page read and write
|
||
|
7880000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F30000
|
trusted library allocation
|
page read and write
|
||
|
29FC000
|
stack
|
page read and write
|
||
|
7E7000
|
heap
|
page read and write
|
||
|
7AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
77C9000
|
heap
|
page read and write
|
||
|
F8E000
|
stack
|
page read and write
|
||
|
D08000
|
heap
|
page read and write
|
||
|
E6B000
|
trusted library allocation
|
page execute and read and write
|
||
|
3118000
|
heap
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
B24000
|
trusted library allocation
|
page read and write
|
||
|
2BA0000
|
heap
|
page execute and read and write
|
||
|
A6BE000
|
stack
|
page read and write
|
||
|
7787000
|
heap
|
page read and write
|
||
|
6050000
|
trusted library allocation
|
page read and write
|
||
|
85A000
|
heap
|
page read and write
|
||
|
7860000
|
trusted library allocation
|
page read and write
|
||
|
4F02000
|
trusted library allocation
|
page read and write
|
||
|
2D8B000
|
trusted library allocation
|
page read and write
|
||
|
2CE0000
|
trusted library allocation
|
page read and write
|
||
|
5ED000
|
stack
|
page read and write
|
||
|
2E9A000
|
stack
|
page read and write
|
||
|
3FAB000
|
trusted library allocation
|
page read and write
|
||
|
2CDD000
|
trusted library allocation
|
page execute and read and write
|
||
|
D2A000
|
heap
|
page read and write
|
||
|
2CC4000
|
trusted library allocation
|
page read and write
|
||
|
2D09000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
2591000
|
trusted library allocation
|
page read and write
|
||
|
2CC3000
|
trusted library allocation
|
page execute and read and write
|
||
|
BE0000
|
trusted library allocation
|
page read and write
|
||
|
4F22000
|
trusted library allocation
|
page read and write
|
||
|
5432000
|
trusted library allocation
|
page read and write
|
||
|
A84000
|
trusted library allocation
|
page read and write
|
||
|
52E0000
|
trusted library allocation
|
page read and write
|
||
|
572E000
|
stack
|
page read and write
|
||
|
2B8C000
|
stack
|
page read and write
|
||
|
7793000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
AF8000
|
stack
|
page read and write
|
||
|
12AA000
|
heap
|
page read and write
|
||
|
4F1F000
|
stack
|
page read and write
|
||
|
5B14000
|
heap
|
page read and write
|
||
|
582F000
|
stack
|
page read and write
|
||
|
6D80000
|
heap
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
623B000
|
stack
|
page read and write
|
||
|
472E000
|
stack
|
page read and write
|
||
|
CCE000
|
stack
|
page read and write
|
||
|
61E4000
|
heap
|
page read and write
|
||
|
2775000
|
trusted library allocation
|
page read and write
|
||
|
71E000
|
stack
|
page read and write
|
||
|
7B57000
|
heap
|
page read and write
|
||
|
542B000
|
trusted library allocation
|
page read and write
|
||
|
71AE000
|
stack
|
page read and write
|
||
|
2CC4000
|
trusted library allocation
|
page read and write
|
||
|
B5E000
|
stack
|
page read and write
|
||
|
E90000
|
trusted library allocation
|
page execute and read and write
|
||
|
14C2000
|
trusted library allocation
|
page read and write
|
||
|
5F50000
|
heap
|
page read and write
|
||
|
A70000
|
trusted library allocation
|
page read and write
|
||
|
66BE000
|
stack
|
page read and write
|
||
|
2470000
|
trusted library allocation
|
page execute and read and write
|
||
|
5ABE000
|
stack
|
page read and write
|
||
|
C50000
|
heap
|
page read and write
|
||
|
254E000
|
stack
|
page read and write
|
||
|
122E000
|
stack
|
page read and write
|
||
|
BED000
|
trusted library allocation
|
page execute and read and write
|
||
|
DC2000
|
heap
|
page read and write
|
||
|
7870000
|
trusted library allocation
|
page read and write
|
||
|
50AC000
|
stack
|
page read and write
|
||
|
716D000
|
stack
|
page read and write
|
||
|
1125000
|
heap
|
page read and write
|
||
|
8F9000
|
stack
|
page read and write
|
||
|
774000
|
trusted library allocation
|
page read and write
|
||
|
67E0000
|
heap
|
page read and write
|
||
|
7F6E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
E94000
|
heap
|
page read and write
|
||
|
8F0E000
|
stack
|
page read and write
|
||
|
7860000
|
trusted library allocation
|
page execute and read and write
|
||
|
7600000
|
trusted library allocation
|
page read and write
|
||
|
1103000
|
trusted library allocation
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
3A19000
|
trusted library allocation
|
page read and write
|
||
|
E33000
|
trusted library allocation
|
page execute and read and write
|
||
|
7A5E000
|
stack
|
page read and write
|
||
|
802000
|
heap
|
page read and write
|
||
|
10E0000
|
trusted library allocation
|
page read and write
|
||
|
AAA000
|
stack
|
page read and write
|
||
|
BA6000
|
stack
|
page read and write
|
||
|
614E000
|
stack
|
page read and write
|
||
|
4A60000
|
trusted library allocation
|
page read and write
|
||
|
3017000
|
trusted library allocation
|
page read and write
|
||
|
4F2E000
|
stack
|
page read and write
|
||
|
B76000
|
heap
|
page read and write
|
||
|
796000
|
trusted library allocation
|
page execute and read and write
|
||
|
58C0000
|
trusted library section
|
page read and write
|
||
|
3F99000
|
trusted library allocation
|
page read and write
|
||
|
2CB0000
|
trusted library allocation
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
23D0000
|
trusted library allocation
|
page read and write
|
||
|
2EBB000
|
trusted library allocation
|
page read and write
|
||
|
96CD000
|
stack
|
page read and write
|
||
|
77A4000
|
heap
|
page read and write
|
||
|
7B22000
|
heap
|
page read and write
|
||
|
4F16000
|
trusted library allocation
|
page read and write
|
||
|
5670000
|
trusted library allocation
|
page read and write
|
||
|
5570000
|
heap
|
page read and write
|
||
|
64BE000
|
stack
|
page read and write
|
||
|
920E000
|
stack
|
page read and write
|
||
|
760A000
|
trusted library allocation
|
page read and write
|
||
|
D36000
|
heap
|
page read and write
|
||
|
4F90000
|
heap
|
page read and write
|
||
|
7EFA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
C64000
|
trusted library allocation
|
page read and write
|
||
|
2555000
|
trusted library allocation
|
page read and write
|
||
|
574E000
|
stack
|
page read and write
|
||
|
2E5D000
|
stack
|
page read and write
|
||
|
BD4000
|
trusted library allocation
|
page read and write
|
||
|
3E19000
|
trusted library allocation
|
page read and write
|
||
|
4D20000
|
heap
|
page execute and read and write
|
||
|
C81000
|
trusted library allocation
|
page read and write
|
||
|
B64000
|
heap
|
page read and write
|
||
|
12B8000
|
heap
|
page read and write
|
||
|
C09000
|
heap
|
page read and write
|
||
|
4F40000
|
trusted library allocation
|
page read and write
|
||
|
1120000
|
heap
|
page read and write
|
||
|
132E000
|
stack
|
page read and write
|
||
|
2CEA000
|
trusted library allocation
|
page execute and read and write
|
||
|
303E000
|
unkown
|
page read and write
|
||
|
2560000
|
trusted library allocation
|
page read and write
|
||
|
30BE000
|
stack
|
page read and write
|
||
|
324F000
|
stack
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
6070000
|
trusted library allocation
|
page read and write
|
||
|
7630000
|
heap
|
page read and write
|
||
|
2EC1000
|
trusted library allocation
|
page read and write
|
||
|
583F000
|
stack
|
page read and write
|
||
|
6D70000
|
trusted library section
|
page read and write
|
||
|
E52000
|
trusted library allocation
|
page read and write
|
||
|
59BE000
|
stack
|
page read and write
|
||
|
66D0000
|
trusted library allocation
|
page read and write
|
||
|
6D60000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F60000
|
heap
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
2D30000
|
trusted library allocation
|
page read and write
|
||
|
550E000
|
stack
|
page read and write
|
||
|
A1FE000
|
stack
|
page read and write
|
||
|
BFB000
|
stack
|
page read and write
|
||
|
5E2E000
|
stack
|
page read and write
|
||
|
4E10000
|
heap
|
page execute and read and write
|
||
|
4A70000
|
trusted library allocation
|
page read and write
|
||
|
E4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5215000
|
trusted library allocation
|
page read and write
|
||
|
1288000
|
heap
|
page read and write
|
||
|
DD9000
|
stack
|
page read and write
|
||
|
59AC000
|
stack
|
page read and write
|
There are 640 hidden memdumps, click here to show them.