Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
DOC-20241029-WA0005_pdf .exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DOC-20241029-WA0005_pdf
.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmpC1F8.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\FQDffaysNf.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\FQDffaysNf.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\FQDffaysNf.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_calgutd0.kdh.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_klitpytl.nh1.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qmaedbwr.5wf.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yyqppxrr.u1z.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpD215.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\DOC-20241029-WA0005_pdf .exe
|
"C:\Users\user\Desktop\DOC-20241029-WA0005_pdf .exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FQDffaysNf.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FQDffaysNf" /XML "C:\Users\user\AppData\Local\Temp\tmpC1F8.tmp"
|
|
|
|
C:\Users\user\Desktop\DOC-20241029-WA0005_pdf .exe
|
"C:\Users\user\Desktop\DOC-20241029-WA0005_pdf .exe"
|
|
|
|
C:\Users\user\Desktop\DOC-20241029-WA0005_pdf .exe
|
"C:\Users\user\Desktop\DOC-20241029-WA0005_pdf .exe"
|
|
|
|
C:\Users\user\Desktop\DOC-20241029-WA0005_pdf .exe
|
"C:\Users\user\Desktop\DOC-20241029-WA0005_pdf .exe"
|
|
|
|
C:\Users\user\Desktop\DOC-20241029-WA0005_pdf .exe
|
"C:\Users\user\Desktop\DOC-20241029-WA0005_pdf .exe"
|
|
|
|
C:\Users\user\Desktop\DOC-20241029-WA0005_pdf .exe
|
"C:\Users\user\Desktop\DOC-20241029-WA0005_pdf .exe"
|
|
|
|
C:\Users\user\AppData\Roaming\FQDffaysNf.exe
|
C:\Users\user\AppData\Roaming\FQDffaysNf.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FQDffaysNf" /XML "C:\Users\user\AppData\Local\Temp\tmpD215.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\FQDffaysNf.exe
|
"C:\Users\user\AppData\Roaming\FQDffaysNf.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 5 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
https://stackoverflow.com/q/14436606/23354
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
https://github.com/mgravell/protobuf-netJ
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://tempuri.org/DataSet1.xsd
|
unknown
|
||
|
https://github.com/mgravell/protobuf-net
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://www.typography.netD
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
https://github.com/mgravell/protobuf-neti
|
unknown
|
||
|
https://stackoverflow.com/q/11564914/23354;
|
unknown
|
||
|
https://stackoverflow.com/q/2152978/23354
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
There are 23 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3281000
|
trusted library allocation
|
page read and write
|
|
|
|
5B80000
|
trusted library section
|
page read and write
|
|
|
|
4281000
|
trusted library allocation
|
page read and write
|
|
|
|
51EC000
|
heap
|
page read and write
|
||
|
CF0000
|
trusted library allocation
|
page read and write
|
||
|
5865000
|
heap
|
page read and write
|
||
|
4DD0000
|
heap
|
page execute and read and write
|
||
|
4960000
|
trusted library allocation
|
page read and write
|
||
|
1671000
|
heap
|
page read and write
|
||
|
102F000
|
stack
|
page read and write
|
||
|
EB2B000
|
stack
|
page read and write
|
||
|
3010000
|
heap
|
page read and write
|
||
|
CE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A20000
|
heap
|
page execute and read and write
|
||
|
4F20000
|
trusted library allocation
|
page execute and read and write
|
||
|
C1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
30C0000
|
heap
|
page read and write
|
||
|
1710000
|
trusted library allocation
|
page read and write
|
||
|
34A8000
|
trusted library allocation
|
page read and write
|
||
|
4956000
|
trusted library allocation
|
page read and write
|
||
|
5970000
|
trusted library allocation
|
page read and write
|
||
|
610E000
|
stack
|
page read and write
|
||
|
D20000
|
trusted library allocation
|
page read and write
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
E70000
|
heap
|
page read and write
|
||
|
E23E000
|
stack
|
page read and write
|
||
|
EC2C000
|
stack
|
page read and write
|
||
|
5EE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1712000
|
trusted library allocation
|
page read and write
|
||
|
D4D000
|
trusted library allocation
|
page read and write
|
||
|
628E000
|
stack
|
page read and write
|
||
|
4BB8000
|
trusted library allocation
|
page read and write
|
||
|
4BA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
458C000
|
trusted library allocation
|
page read and write
|
||
|
EC30000
|
heap
|
page read and write
|
||
|
D60000
|
trusted library allocation
|
page read and write
|
||
|
5264000
|
heap
|
page read and write
|
||
|
4E8E000
|
trusted library allocation
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
4E22000
|
heap
|
page read and write
|
||
|
D3E000
|
trusted library allocation
|
page read and write
|
||
|
816000
|
heap
|
page read and write
|
||
|
4F50000
|
heap
|
page read and write
|
||
|
34E4000
|
trusted library allocation
|
page read and write
|
||
|
517C000
|
stack
|
page read and write
|
||
|
1727000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B0C000
|
trusted library allocation
|
page read and write
|
||
|
2650000
|
heap
|
page read and write
|
||
|
5C0D000
|
trusted library allocation
|
page read and write
|
||
|
5380000
|
trusted library allocation
|
page execute and read and write
|
||
|
4DF0000
|
heap
|
page read and write
|
||
|
599C000
|
trusted library allocation
|
page read and write
|
||
|
1625000
|
heap
|
page read and write
|
||
|
5120000
|
trusted library allocation
|
page read and write
|
||
|
2B0A000
|
trusted library allocation
|
page read and write
|
||
|
72AE000
|
stack
|
page read and write
|
||
|
39AA000
|
trusted library allocation
|
page read and write
|
||
|
C37000
|
trusted library allocation
|
page execute and read and write
|
||
|
59FE000
|
stack
|
page read and write
|
||
|
5BBB000
|
heap
|
page read and write
|
||
|
C22000
|
trusted library allocation
|
page read and write
|
||
|
53A0000
|
trusted library allocation
|
page read and write
|
||
|
4DB0000
|
heap
|
page read and write
|
||
|
5288000
|
trusted library allocation
|
page read and write
|
||
|
5E9E000
|
stack
|
page read and write
|
||
|
73AE000
|
stack
|
page read and write
|
||
|
34E0000
|
trusted library allocation
|
page read and write
|
||
|
16F0000
|
trusted library allocation
|
page read and write
|
||
|
4BB0000
|
trusted library allocation
|
page read and write
|
||
|
3959000
|
trusted library allocation
|
page read and write
|
||
|
E9EE000
|
stack
|
page read and write
|
||
|
E9FD000
|
stack
|
page read and write
|
||
|
4686000
|
trusted library allocation
|
page read and write
|
||
|
5B90000
|
heap
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
2810000
|
trusted library allocation
|
page read and write
|
||
|
307E000
|
unkown
|
page read and write
|
||
|
D46000
|
trusted library allocation
|
page read and write
|
||
|
823000
|
heap
|
page read and write
|
||
|
E20000
|
trusted library allocation
|
page read and write
|
||
|
72AE000
|
stack
|
page read and write
|
||
|
143E000
|
stack
|
page read and write
|
||
|
4F60000
|
trusted library allocation
|
page read and write
|
||
|
348F000
|
trusted library allocation
|
page read and write
|
||
|
4EB5000
|
trusted library allocation
|
page read and write
|
||
|
34AE000
|
trusted library allocation
|
page read and write
|
||
|
3740000
|
heap
|
page read and write
|
||
|
43D8000
|
trusted library allocation
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
34C9000
|
trusted library allocation
|
page read and write
|
||
|
638E000
|
stack
|
page read and write
|
||
|
34F7000
|
trusted library allocation
|
page read and write
|
||
|
43A8000
|
trusted library allocation
|
page read and write
|
||
|
5D2F000
|
stack
|
page read and write
|
||
|
3975000
|
trusted library allocation
|
page read and write
|
||
|
15B0000
|
heap
|
page read and write
|
||
|
4950000
|
trusted library allocation
|
page read and write
|
||
|
5F36000
|
heap
|
page read and write
|
||
|
73B0000
|
trusted library allocation
|
page read and write
|
||
|
C20000
|
trusted library allocation
|
page read and write
|
||
|
34B2000
|
trusted library allocation
|
page read and write
|
||
|
D5D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5975000
|
trusted library allocation
|
page read and write
|
||
|
5C00000
|
trusted library allocation
|
page read and write
|
||
|
30D0000
|
trusted library allocation
|
page read and write
|
||
|
15A0000
|
trusted library allocation
|
page read and write
|
||
|
4D80000
|
trusted library allocation
|
page read and write
|
||
|
DC6000
|
trusted library allocation
|
page execute and read and write
|
||
|
4DA0000
|
trusted library section
|
page readonly
|
||
|
157F000
|
stack
|
page read and write
|
||
|
7070000
|
heap
|
page read and write
|
||
|
330F000
|
stack
|
page read and write
|
||
|
714E000
|
stack
|
page read and write
|
||
|
51A0000
|
heap
|
page read and write
|
||
|
4E70000
|
trusted library allocation
|
page read and write
|
||
|
DC2000
|
trusted library allocation
|
page read and write
|
||
|
4967000
|
trusted library allocation
|
page read and write
|
||
|
725C000
|
trusted library allocation
|
page read and write
|
||
|
504E000
|
stack
|
page read and write
|
||
|
7F410000
|
trusted library allocation
|
page execute and read and write
|
||
|
4BB2000
|
trusted library allocation
|
page read and write
|
||
|
41AA000
|
trusted library allocation
|
page read and write
|
||
|
3679000
|
trusted library allocation
|
page read and write
|
||
|
808000
|
heap
|
page read and write
|
||
|
3300000
|
heap
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
5222000
|
heap
|
page read and write
|
||
|
51F4000
|
heap
|
page read and write
|
||
|
4BD0000
|
trusted library allocation
|
page read and write
|
||
|
6C70000
|
trusted library allocation
|
page read and write
|
||
|
E7AE000
|
stack
|
page read and write
|
||
|
E27E000
|
stack
|
page read and write
|
||
|
4B50000
|
trusted library allocation
|
page read and write
|
||
|
4E4F000
|
heap
|
page read and write
|
||
|
32CE000
|
stack
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
4443000
|
trusted library allocation
|
page read and write
|
||
|
329A000
|
stack
|
page read and write
|
||
|
178E000
|
stack
|
page read and write
|
||
|
3493000
|
trusted library allocation
|
page read and write
|
||
|
476F000
|
trusted library allocation
|
page read and write
|
||
|
1D2000
|
unkown
|
page readonly
|
||
|
2814000
|
trusted library allocation
|
page read and write
|
||
|
72C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
15E4000
|
heap
|
page read and write
|
||
|
AF7000
|
stack
|
page read and write
|
||
|
E73E000
|
stack
|
page read and write
|
||
|
76D000
|
stack
|
page read and write
|
||
|
3460000
|
heap
|
page read and write
|
||
|
7EB000
|
heap
|
page read and write
|
||
|
57AD000
|
stack
|
page read and write
|
||
|
5DC5000
|
trusted library allocation
|
page read and write
|
||
|
707E000
|
heap
|
page read and write
|
||
|
27E6000
|
trusted library allocation
|
page read and write
|
||
|
1475000
|
heap
|
page read and write
|
||
|
DC0000
|
trusted library allocation
|
page read and write
|
||
|
D54000
|
trusted library allocation
|
page read and write
|
||
|
4EB0000
|
trusted library allocation
|
page read and write
|
||
|
3497000
|
trusted library allocation
|
page read and write
|
||
|
E64000
|
heap
|
page read and write
|
||
|
5360000
|
trusted library allocation
|
page read and write
|
||
|
724E000
|
stack
|
page read and write
|
||
|
CDB000
|
stack
|
page read and write
|
||
|
5F43000
|
heap
|
page read and write
|
||
|
596F000
|
stack
|
page read and write
|
||
|
4BC0000
|
heap
|
page read and write
|
||
|
1716000
|
trusted library allocation
|
page execute and read and write
|
||
|
5B70000
|
heap
|
page read and write
|
||
|
E07000
|
heap
|
page read and write
|
||
|
5EC0000
|
trusted library allocation
|
page read and write
|
||
|
5277000
|
heap
|
page read and write
|
||
|
34E8000
|
trusted library allocation
|
page read and write
|
||
|
E440000
|
heap
|
page read and write
|
||
|
76A000
|
stack
|
page read and write
|
||
|
50D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
50F1000
|
trusted library allocation
|
page read and write
|
||
|
E3AD000
|
stack
|
page read and write
|
||
|
2660000
|
heap
|
page read and write
|
||
|
2951000
|
trusted library allocation
|
page read and write
|
||
|
5EB0000
|
heap
|
page read and write
|
||
|
E63E000
|
stack
|
page read and write
|
||
|
4E91000
|
trusted library allocation
|
page read and write
|
||
|
3996000
|
trusted library allocation
|
page read and write
|
||
|
3160000
|
trusted library allocation
|
page read and write
|
||
|
449A000
|
trusted library allocation
|
page read and write
|
||
|
2610000
|
trusted library allocation
|
page read and write
|
||
|
34DC000
|
trusted library allocation
|
page read and write
|
||
|
51C0000
|
trusted library allocation
|
page read and write
|
||
|
E5AD000
|
stack
|
page read and write
|
||
|
4F62000
|
trusted library allocation
|
page read and write
|
||
|
5F2A000
|
heap
|
page read and write
|
||
|
B270000
|
trusted library section
|
page read and write
|
||
|
346B000
|
heap
|
page read and write
|
||
|
3310000
|
heap
|
page read and write
|
||
|
DD7000
|
trusted library allocation
|
page execute and read and write
|
||
|
4965000
|
trusted library allocation
|
page read and write
|
||
|
9001000
|
trusted library allocation
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
3495000
|
trusted library allocation
|
page read and write
|
||
|
730E000
|
stack
|
page read and write
|
||
|
50E0000
|
trusted library allocation
|
page read and write
|
||
|
5760000
|
heap
|
page read and write
|
||
|
34CD000
|
trusted library allocation
|
page read and write
|
||
|
7260000
|
trusted library allocation
|
page execute and read and write
|
||
|
5F24000
|
heap
|
page read and write
|
||
|
3AA000
|
stack
|
page read and write
|
||
|
27D2000
|
trusted library allocation
|
page read and write
|
||
|
30CA000
|
heap
|
page read and write
|
||
|
59B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
E3A000
|
heap
|
page read and write
|
||
|
D68000
|
heap
|
page read and write
|
||
|
2630000
|
trusted library allocation
|
page read and write
|
||
|
5DA0000
|
trusted library allocation
|
page read and write
|
||
|
2D5D000
|
stack
|
page read and write
|
||
|
71AE000
|
stack
|
page read and write
|
||
|
2816000
|
trusted library allocation
|
page read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
5000000
|
trusted library allocation
|
page read and write
|
||
|
D40000
|
trusted library allocation
|
page read and write
|
||
|
624E000
|
stack
|
page read and write
|
||
|
AE0000
|
trusted library allocation
|
page read and write
|
||
|
4EE0000
|
heap
|
page read and write
|
||
|
4DF8000
|
heap
|
page read and write
|
||
|
172B000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F68000
|
trusted library allocation
|
page read and write
|
||
|
1740000
|
trusted library allocation
|
page read and write
|
||
|
5960000
|
trusted library allocation
|
page execute and read and write
|
||
|
1320000
|
heap
|
page read and write
|
||
|
5DA4000
|
trusted library allocation
|
page read and write
|
||
|
34E2000
|
trusted library allocation
|
page read and write
|
||
|
C50000
|
trusted library allocation
|
page read and write
|
||
|
5770000
|
heap
|
page read and write
|
||
|
4F40000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FC40000
|
trusted library allocation
|
page execute and read and write
|
||
|
34C7000
|
trusted library allocation
|
page read and write
|
||
|
1676000
|
heap
|
page read and write
|
||
|
5F2C000
|
heap
|
page read and write
|
||
|
4E8E000
|
heap
|
page read and write
|
||
|
2820000
|
trusted library allocation
|
page read and write
|
||
|
4DE4000
|
heap
|
page read and write
|
||
|
18BF000
|
stack
|
page read and write
|
||
|
DF0000
|
trusted library allocation
|
page read and write
|
||
|
260F000
|
stack
|
page read and write
|
||
|
5184000
|
trusted library section
|
page readonly
|
||
|
16F4000
|
trusted library allocation
|
page read and write
|
||
|
4688000
|
trusted library allocation
|
page read and write
|
||
|
5D9F000
|
stack
|
page read and write
|
||
|
17B0000
|
heap
|
page read and write
|
||
|
D00000
|
trusted library allocation
|
page read and write
|
||
|
595E000
|
stack
|
page read and write
|
||
|
3ECA000
|
trusted library allocation
|
page read and write
|
||
|
BFE000
|
stack
|
page read and write
|
||
|
16F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
5B95000
|
heap
|
page read and write
|
||
|
467B000
|
trusted library allocation
|
page read and write
|
||
|
4B90000
|
heap
|
page read and write
|
||
|
34C3000
|
trusted library allocation
|
page read and write
|
||
|
5190000
|
heap
|
page read and write
|
||
|
5180000
|
trusted library section
|
page readonly
|
||
|
44D0000
|
trusted library allocation
|
page read and write
|
||
|
4670000
|
trusted library allocation
|
page read and write
|
||
|
5D30000
|
trusted library section
|
page read and write
|
||
|
4680000
|
trusted library allocation
|
page read and write
|
||
|
167C000
|
heap
|
page read and write
|
||
|
6C92000
|
trusted library allocation
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
C0D000
|
stack
|
page read and write
|
||
|
53EE000
|
stack
|
page read and write
|
||
|
4F70000
|
trusted library allocation
|
page read and write
|
||
|
4FC0000
|
trusted library allocation
|
page read and write
|
||
|
7AE000
|
stack
|
page read and write
|
||
|
34D2000
|
trusted library allocation
|
page read and write
|
||
|
AA37000
|
trusted library allocation
|
page read and write
|
||
|
E8EE000
|
stack
|
page read and write
|
||
|
EF0000
|
heap
|
page read and write
|
||
|
49AD000
|
stack
|
page read and write
|
||
|
3000000
|
heap
|
page read and write
|
||
|
5BF0000
|
trusted library allocation
|
page read and write
|
||
|
4FE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
495B000
|
trusted library allocation
|
page read and write
|
||
|
4FB0000
|
trusted library allocation
|
page read and write
|
||
|
325D000
|
stack
|
page read and write
|
||
|
3671000
|
trusted library allocation
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
1580000
|
heap
|
page read and write
|
||
|
309C000
|
stack
|
page read and write
|
||
|
5980000
|
trusted library allocation
|
page read and write
|
||
|
280E000
|
stack
|
page read and write
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
359F000
|
unkown
|
page read and write
|
||
|
A9E9000
|
trusted library allocation
|
page read and write
|
||
|
5A6E000
|
stack
|
page read and write
|
||
|
4E96000
|
trusted library allocation
|
page read and write
|
||
|
D10000
|
heap
|
page execute and read and write
|
||
|
C0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5268000
|
heap
|
page read and write
|
||
|
D53000
|
trusted library allocation
|
page execute and read and write
|
||
|
EDF000
|
heap
|
page read and write
|
||
|
53A6000
|
trusted library allocation
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
5470000
|
trusted library allocation
|
page execute and read and write
|
||
|
327F000
|
stack
|
page read and write
|
||
|
C10000
|
trusted library allocation
|
page read and write
|
||
|
3499000
|
trusted library allocation
|
page read and write
|
||
|
277F000
|
trusted library allocation
|
page read and write
|
||
|
6F7000
|
stack
|
page read and write
|
||
|
59A0000
|
trusted library allocation
|
page read and write
|
||
|
15DA000
|
heap
|
page read and write
|
||
|
5B6F000
|
stack
|
page read and write
|
||
|
46CE000
|
stack
|
page read and write
|
||
|
5840000
|
trusted library section
|
page read and write
|
||
|
4E9F000
|
heap
|
page read and write
|
||
|
7C6000
|
heap
|
page read and write
|
||
|
5B4D000
|
stack
|
page read and write
|
||
|
2D9A000
|
stack
|
page read and write
|
||
|
3491000
|
trusted library allocation
|
page read and write
|
||
|
342E000
|
unkown
|
page read and write
|
||
|
1470000
|
heap
|
page read and write
|
||
|
5DD0000
|
trusted library allocation
|
page read and write
|
||
|
51E4000
|
heap
|
page read and write
|
||
|
16EE000
|
stack
|
page read and write
|
||
|
16FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1720000
|
trusted library allocation
|
page read and write
|
||
|
D50000
|
trusted library allocation
|
page read and write
|
||
|
34DE000
|
trusted library allocation
|
page read and write
|
||
|
36B6000
|
trusted library allocation
|
page read and write
|
||
|
531E000
|
stack
|
page read and write
|
||
|
46D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
C2A000
|
trusted library allocation
|
page execute and read and write
|
||
|
C26000
|
trusted library allocation
|
page execute and read and write
|
||
|
34CF000
|
trusted library allocation
|
page read and write
|
||
|
17A0000
|
trusted library allocation
|
page read and write
|
||
|
6FAE000
|
heap
|
page read and write
|
||
|
5370000
|
trusted library allocation
|
page execute and read and write
|
||
|
8BA000
|
heap
|
page read and write
|
||
|
4B2C000
|
stack
|
page read and write
|
||
|
DD2000
|
trusted library allocation
|
page read and write
|
||
|
30E0000
|
heap
|
page read and write
|
||
|
E97C000
|
stack
|
page read and write
|
||
|
4E34000
|
heap
|
page read and write
|
||
|
4FAE000
|
stack
|
page read and write
|
||
|
5E1E000
|
stack
|
page read and write
|
||
|
42A9000
|
trusted library allocation
|
page read and write
|
||
|
5B80000
|
heap
|
page read and write
|
||
|
FBB000
|
stack
|
page read and write
|
||
|
740E000
|
stack
|
page read and write
|
||
|
51B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
614E000
|
stack
|
page read and write
|
||
|
DBE000
|
stack
|
page read and write
|
||
|
5A00000
|
trusted library allocation
|
page read and write
|
||
|
ADC0000
|
trusted library allocation
|
page read and write
|
||
|
1D0000
|
unkown
|
page readonly
|
||
|
467D000
|
trusted library allocation
|
page read and write
|
||
|
4EC0000
|
trusted library allocation
|
page read and write
|
||
|
AAE000
|
stack
|
page read and write
|
||
|
34C1000
|
trusted library allocation
|
page read and write
|
||
|
5BB7000
|
heap
|
page read and write
|
||
|
3951000
|
trusted library allocation
|
page read and write
|
||
|
34A0000
|
trusted library allocation
|
page read and write
|
||
|
E8AE000
|
stack
|
page read and write
|
||
|
3350000
|
heap
|
page read and write
|
||
|
3430000
|
heap
|
page read and write
|
||
|
171A000
|
trusted library allocation
|
page execute and read and write
|
||
|
4421000
|
trusted library allocation
|
page read and write
|
||
|
5C20000
|
trusted library allocation
|
page execute and read and write
|
||
|
5F10000
|
heap
|
page read and write
|
||
|
4FD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
EAFE000
|
stack
|
page read and write
|
||
|
C3B000
|
trusted library allocation
|
page execute and read and write
|
||
|
7EED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
34B5000
|
trusted library allocation
|
page read and write
|
||
|
72B0000
|
trusted library allocation
|
page read and write
|
||
|
2620000
|
trusted library allocation
|
page read and write
|
||
|
2625000
|
trusted library allocation
|
page read and write
|
||
|
2A5F000
|
trusted library allocation
|
page read and write
|
||
|
5480000
|
trusted library allocation
|
page read and write
|
||
|
34AC000
|
trusted library allocation
|
page read and write
|
||
|
D3E000
|
stack
|
page read and write
|
||
|
E3E000
|
heap
|
page read and write
|
||
|
C04000
|
trusted library allocation
|
page read and write
|
||
|
313E000
|
stack
|
page read and write
|
||
|
480C000
|
stack
|
page read and write
|
||
|
402000
|
remote allocation
|
page execute and read and write
|
||
|
1790000
|
trusted library allocation
|
page execute and read and write
|
||
|
5491000
|
trusted library allocation
|
page read and write
|
||
|
F00000
|
heap
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
51D0000
|
heap
|
page execute and read and write
|
||
|
541D000
|
stack
|
page read and write
|
||
|
C32000
|
trusted library allocation
|
page read and write
|
||
|
5A10000
|
trusted library allocation
|
page execute and read and write
|
||
|
535E000
|
stack
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
4EE3000
|
heap
|
page read and write
|
||
|
15E7000
|
heap
|
page read and write
|
||
|
34B0000
|
trusted library allocation
|
page read and write
|
||
|
5860000
|
heap
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
D6D000
|
trusted library allocation
|
page execute and read and write
|
||
|
C35000
|
heap
|
page read and write
|
||
|
5EA0000
|
heap
|
page read and write
|
||
|
5239000
|
heap
|
page read and write
|
||
|
1695000
|
heap
|
page read and write
|
||
|
C00000
|
trusted library allocation
|
page read and write
|
||
|
ED9000
|
heap
|
page read and write
|
||
|
DDB000
|
trusted library allocation
|
page execute and read and write
|
||
|
34AA000
|
trusted library allocation
|
page read and write
|
||
|
2854000
|
trusted library allocation
|
page read and write
|
||
|
DCA000
|
trusted library allocation
|
page execute and read and write
|
||
|
E9B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2830000
|
heap
|
page execute and read and write
|
||
|
E72000
|
heap
|
page read and write
|
||
|
4F30000
|
heap
|
page read and write
|
||
|
34CB000
|
trusted library allocation
|
page read and write
|
||
|
4F6E000
|
stack
|
page read and write
|
||
|
EC3E000
|
stack
|
page read and write
|
||
|
12F8000
|
stack
|
page read and write
|
||
|
3170000
|
heap
|
page execute and read and write
|
||
|
E10000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E9D000
|
trusted library allocation
|
page read and write
|
||
|
E87C000
|
stack
|
page read and write
|
||
|
5BFA000
|
trusted library allocation
|
page read and write
|
||
|
4DC0000
|
heap
|
page read and write
|
||
|
E43D000
|
stack
|
page read and write
|
||
|
30BF000
|
unkown
|
page read and write
|
||
|
293E000
|
stack
|
page read and write
|
||
|
6510000
|
heap
|
page read and write
|
||
|
6FA0000
|
heap
|
page read and write
|
||
|
1722000
|
trusted library allocation
|
page read and write
|
||
|
D41000
|
trusted library allocation
|
page read and write
|
||
|
1440000
|
heap
|
page read and write
|
||
|
47B0000
|
trusted library allocation
|
page read and write
|
||
|
7250000
|
trusted library allocation
|
page read and write
|
||
|
2B34000
|
trusted library allocation
|
page read and write
|
||
|
5A30000
|
trusted library section
|
page read and write
|
||
|
C03000
|
trusted library allocation
|
page execute and read and write
|
||
|
2671000
|
trusted library allocation
|
page read and write
|
||
|
4A2C000
|
stack
|
page read and write
|
||
|
2653000
|
heap
|
page read and write
|
||
|
7EE000
|
heap
|
page read and write
|
||
|
EB3E000
|
stack
|
page read and write
|
||
|
E3EE000
|
stack
|
page read and write
|
||
|
1700000
|
trusted library allocation
|
page read and write
|
||
|
4F1B000
|
stack
|
page read and write
|
||
|
E5B0000
|
heap
|
page read and write
|
||
|
C9E000
|
stack
|
page read and write
|
||
|
5C9E000
|
stack
|
page read and write
|
||
|
3030000
|
heap
|
page read and write
|
There are 442 hidden memdumps, click here to show them.