Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
plEnknXWQD.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\ry40VI69.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\will6283.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP001.TMP\qs5212ER.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP001.TMP\will3629.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP002.TMP\py81WM70.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP002.TMP\will3971.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP003.TMP\mx8896IL.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP003.TMP\ns5251Ks.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\mx8896IL.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ns5251Ks.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\plEnknXWQD.exe
|
C:\Users\user\Desktop\plEnknXWQD.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\will6283.exe
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\will6283.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP001.TMP\will3629.exe
|
C:\Users\user\AppData\Local\Temp\IXP001.TMP\will3629.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP002.TMP\will3971.exe
|
C:\Users\user\AppData\Local\Temp\IXP002.TMP\will3971.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP003.TMP\mx8896IL.exe
|
C:\Users\user\AppData\Local\Temp\IXP003.TMP\mx8896IL.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP003.TMP\ns5251Ks.exe
|
C:\Users\user\AppData\Local\Temp\IXP003.TMP\ns5251Ks.exe
|
|
|
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
|
||
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
|
||
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP002.TMP\
|
||
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP002.TMP\
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
62.204.41.87/joomla/index.php
|
|
||
|
193.233.20.30:4125
|
|
||
|
https://api.ip.sb/ip
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce
|
wextract_cleanup0
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce
|
wextract_cleanup1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce
|
wextract_cleanup2
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce
|
wextract_cleanup3
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features
|
TamperProtection
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
4D3E000
|
heap
|
page read and write
|
|
|
|
4904000
|
heap
|
page read and write
|
|
|
|
2BF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
2C20000
|
direct allocation
|
page read and write
|
|
|
|
2C30000
|
heap
|
page read and write
|
||
|
4C43000
|
trusted library allocation
|
page read and write
|
||
|
4C13000
|
trusted library allocation
|
page read and write
|
||
|
130F3000
|
trusted library allocation
|
page read and write
|
||
|
4790000
|
heap
|
page read and write
|
||
|
1340000
|
trusted library allocation
|
page read and write
|
||
|
381000
|
unkown
|
page execute read
|
||
|
49AE000
|
stack
|
page read and write
|
||
|
2690000
|
heap
|
page read and write
|
||
|
6184000
|
heap
|
page read and write
|
||
|
7609000
|
trusted library allocation
|
page read and write
|
||
|
2D07000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C80000
|
trusted library allocation
|
page read and write
|
||
|
2E6F000
|
heap
|
page read and write
|
||
|
4C6F000
|
trusted library allocation
|
page read and write
|
||
|
2D1B000
|
heap
|
page read and write
|
||
|
70B0000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A55A4000
|
trusted library allocation
|
page read and write
|
||
|
2BE4000
|
heap
|
page read and write
|
||
|
2C40000
|
heap
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
2B8F000
|
stack
|
page read and write
|
||
|
2D50000
|
trusted library section
|
page read and write
|
||
|
783F000
|
stack
|
page read and write
|
||
|
130F7000
|
trusted library allocation
|
page read and write
|
||
|
48F6000
|
trusted library allocation
|
page read and write
|
||
|
2CDE000
|
stack
|
page read and write
|
||
|
4C4B000
|
trusted library allocation
|
page read and write
|
||
|
F4F000
|
heap
|
page read and write
|
||
|
2EDD000
|
heap
|
page read and write
|
||
|
EF5000
|
heap
|
page read and write
|
||
|
1393000
|
heap
|
page read and write
|
||
|
ACA000
|
unkown
|
page readonly
|
||
|
13E5000
|
heap
|
page read and write
|
||
|
1325000
|
heap
|
page read and write
|
||
|
70D0000
|
trusted library allocation
|
page read and write
|
||
|
4AEE000
|
stack
|
page read and write
|
||
|
48FF000
|
stack
|
page read and write
|
||
|
1463286B000
|
heap
|
page read and write
|
||
|
1BA00000
|
heap
|
page execute and read and write
|
||
|
A3A000
|
stack
|
page read and write
|
||
|
2A3A000
|
stack
|
page read and write
|
||
|
4BD1000
|
trusted library allocation
|
page read and write
|
||
|
7770000
|
trusted library allocation
|
page read and write
|
||
|
14632810000
|
heap
|
page read and write
|
||
|
787E000
|
stack
|
page read and write
|
||
|
29492E60000
|
heap
|
page read and write
|
||
|
2C60000
|
heap
|
page read and write
|
||
|
AC0000
|
unkown
|
page readonly
|
||
|
2D20000
|
trusted library allocation
|
page read and write
|
||
|
1A70EE80000
|
heap
|
page read and write
|
||
|
7660000
|
trusted library allocation
|
page read and write
|
||
|
2C45000
|
heap
|
page read and write
|
||
|
1330000
|
trusted library allocation
|
page read and write
|
||
|
4C39000
|
trusted library allocation
|
page read and write
|
||
|
13CD000
|
heap
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
2ED2000
|
heap
|
page read and write
|
||
|
1300000
|
trusted library allocation
|
page read and write
|
||
|
4B2E000
|
stack
|
page read and write
|
||
|
1A70EED0000
|
heap
|
page read and write
|
||
|
93655BE000
|
stack
|
page read and write
|
||
|
1331000
|
trusted library allocation
|
page read and write
|
||
|
38A000
|
unkown
|
page readonly
|
||
|
D70D4CC000
|
stack
|
page read and write
|
||
|
29492990000
|
heap
|
page read and write
|
||
|
F45000
|
stack
|
page read and write
|
||
|
29492B7B000
|
heap
|
page read and write
|
||
|
93658FF000
|
stack
|
page read and write
|
||
|
2E36000
|
heap
|
page read and write
|
||
|
2ED2000
|
heap
|
page read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
7670000
|
trusted library allocation
|
page read and write
|
||
|
4C47000
|
trusted library allocation
|
page read and write
|
||
|
EF0000
|
heap
|
page read and write
|
||
|
F5B000
|
heap
|
page read and write
|
||
|
1340000
|
trusted library allocation
|
page read and write
|
||
|
2ED2000
|
heap
|
page read and write
|
||
|
49B0000
|
heap
|
page read and write
|
||
|
38C000
|
unkown
|
page readonly
|
||
|
2E8A000
|
heap
|
page read and write
|
||
|
1B55D000
|
stack
|
page read and write
|
||
|
4C6C000
|
trusted library allocation
|
page read and write
|
||
|
7090000
|
trusted library section
|
page read and write
|
||
|
26FC000
|
stack
|
page read and write
|
||
|
AC1000
|
unkown
|
page execute read
|
||
|
7A80000
|
trusted library allocation
|
page read and write
|
||
|
4C0F000
|
trusted library allocation
|
page read and write
|
||
|
106C000
|
unkown
|
page readonly
|
||
|
1330000
|
trusted library allocation
|
page read and write
|
||
|
4B04000
|
heap
|
page read and write
|
||
|
4C09000
|
trusted library allocation
|
page read and write
|
||
|
2ED6000
|
heap
|
page read and write
|
||
|
F00000
|
heap
|
page read and write
|
||
|
4825000
|
heap
|
page read and write
|
||
|
4BCF000
|
stack
|
page read and write
|
||
|
2319EED0000
|
heap
|
page read and write
|
||
|
2BE2000
|
heap
|
page read and write
|
||
|
4BFC000
|
trusted library allocation
|
page read and write
|
||
|
76C0000
|
trusted library allocation
|
page read and write
|
||
|
4A48000
|
heap
|
page read and write
|
||
|
106A000
|
unkown
|
page readonly
|
||
|
2319EF0B000
|
heap
|
page read and write
|
||
|
273B000
|
stack
|
page read and write
|
||
|
2CF7000
|
trusted library allocation
|
page execute and read and write
|
||
|
146326B0000
|
heap
|
page read and write
|
||
|
1060000
|
unkown
|
page readonly
|
||
|
294945A0000
|
heap
|
page read and write
|
||
|
2CA0000
|
heap
|
page read and write
|
||
|
42F000
|
unkown
|
page execute and read and write
|
||
|
2E7E000
|
stack
|
page read and write
|
||
|
7FF4D3A30000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AE0000
|
unkown
|
page readonly
|
||
|
380000
|
unkown
|
page readonly
|
||
|
2D70000
|
heap
|
page read and write
|
||
|
4C2E000
|
trusted library allocation
|
page read and write
|
||
|
2DBE000
|
stack
|
page read and write
|
||
|
7FF9A55A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2ED2000
|
heap
|
page read and write
|
||
|
62D0000
|
heap
|
page read and write
|
||
|
4C4D000
|
trusted library allocation
|
page read and write
|
||
|
130F9000
|
trusted library allocation
|
page read and write
|
||
|
70D0000
|
trusted library allocation
|
page read and write
|
||
|
1332000
|
trusted library allocation
|
page read and write
|
||
|
2E81000
|
heap
|
page read and write
|
||
|
2C90000
|
heap
|
page read and write
|
||
|
77D0000
|
trusted library allocation
|
page read and write
|
||
|
2BD3000
|
heap
|
page read and write
|
||
|
30E0000
|
heap
|
page execute and read and write
|
||
|
2BD4000
|
heap
|
page read and write
|
||
|
797F000
|
stack
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
1A70EE60000
|
heap
|
page read and write
|
||
|
2CEE000
|
stack
|
page read and write
|
||
|
ACC000
|
unkown
|
page readonly
|
||
|
1330000
|
trusted library allocation
|
page read and write
|
||
|
7600000
|
trusted library allocation
|
page read and write
|
||
|
2D1E000
|
heap
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
2CE0000
|
heap
|
page read and write
|
||
|
7750000
|
trusted library allocation
|
page read and write
|
||
|
27D0000
|
heap
|
page read and write
|
||
|
7720000
|
trusted library allocation
|
page read and write
|
||
|
2C73000
|
trusted library allocation
|
page execute and read and write
|
||
|
2ECE000
|
heap
|
page read and write
|
||
|
2D30000
|
trusted library allocation
|
page read and write
|
||
|
2A70000
|
heap
|
page read and write
|
||
|
2ED9000
|
heap
|
page read and write
|
||
|
2D05000
|
heap
|
page read and write
|
||
|
231A0980000
|
heap
|
page read and write
|
||
|
195000
|
stack
|
page read and write
|
||
|
2BD6000
|
heap
|
page read and write
|
||
|
13A3000
|
heap
|
page read and write
|
||
|
7DC0000
|
trusted library allocation
|
page read and write
|
||
|
76D0000
|
trusted library allocation
|
page read and write
|
||
|
E00000
|
unkown
|
page readonly
|
||
|
48E0000
|
trusted library allocation
|
page read and write
|
||
|
2ECE000
|
heap
|
page read and write
|
||
|
11EC93E000
|
stack
|
page read and write
|
||
|
2D09000
|
heap
|
page read and write
|
||
|
936553C000
|
stack
|
page read and write
|
||
|
48F0000
|
trusted library allocation
|
page read and write
|
||
|
2EE6000
|
heap
|
page read and write
|
||
|
430000
|
unkown
|
page write copy
|
||
|
12E0000
|
trusted library allocation
|
page read and write
|
||
|
2C49000
|
heap
|
page read and write
|
||
|
47F1000
|
heap
|
page read and write
|
||
|
7FF9A5660000
|
trusted library allocation
|
page execute and read and write
|
||
|
7700000
|
trusted library allocation
|
page read and write
|
||
|
4F3E000
|
heap
|
page read and write
|
||
|
70F0000
|
heap
|
page execute and read and write
|
||
|
7630000
|
trusted library allocation
|
page read and write
|
||
|
138A000
|
heap
|
page read and write
|
||
|
1396000
|
heap
|
page read and write
|
||
|
2FC000
|
unkown
|
page readonly
|
||
|
2E70000
|
heap
|
page read and write
|
||
|
1350000
|
trusted library allocation
|
page read and write
|
||
|
F53000
|
heap
|
page read and write
|
||
|
63E4000
|
heap
|
page read and write
|
||
|
F2A000
|
heap
|
page read and write
|
||
|
4C11000
|
trusted library allocation
|
page read and write
|
||
|
1A70F145000
|
heap
|
page read and write
|
||
|
4690000
|
heap
|
page read and write
|
||
|
1330000
|
trusted library allocation
|
page read and write
|
||
|
2E81000
|
heap
|
page read and write
|
||
|
1330000
|
trusted library allocation
|
page read and write
|
||
|
7DBF000
|
stack
|
page read and write
|
||
|
2D29000
|
heap
|
page read and write
|
||
|
1341C7C000
|
stack
|
page read and write
|
||
|
76B0000
|
trusted library allocation
|
page read and write
|
||
|
38C000
|
unkown
|
page readonly
|
||
|
4C62000
|
trusted library allocation
|
page read and write
|
||
|
2CFA000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C52000
|
trusted library allocation
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
2F8000
|
unkown
|
page write copy
|
||
|
ACA000
|
unkown
|
page readonly
|
||
|
76A0000
|
trusted library allocation
|
page read and write
|
||
|
49C0000
|
heap
|
page execute and read and write
|
||
|
14632A80000
|
heap
|
page read and write
|
||
|
2E49000
|
heap
|
page read and write
|
||
|
136C000
|
heap
|
page read and write
|
||
|
2D1B000
|
heap
|
page read and write
|
||
|
4C75000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A55FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EAA000
|
heap
|
page read and write
|
||
|
29492B70000
|
heap
|
page read and write
|
||
|
2F8000
|
unkown
|
page read and write
|
||
|
6C0E000
|
stack
|
page read and write
|
||
|
7710000
|
trusted library allocation
|
page read and write
|
||
|
2E50000
|
heap
|
page read and write
|
||
|
1A70EDF0000
|
heap
|
page read and write
|
||
|
F54000
|
heap
|
page read and write
|
||
|
2319F145000
|
heap
|
page read and write
|
||
|
27A0000
|
heap
|
page read and write
|
||
|
2ECA000
|
heap
|
page read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
2319EF07000
|
heap
|
page read and write
|
||
|
4ACF000
|
stack
|
page read and write
|
||
|
489F000
|
stack
|
page read and write
|
||
|
2FC000
|
unkown
|
page readonly
|
||
|
29492AF0000
|
heap
|
page read and write
|
||
|
49EE000
|
stack
|
page read and write
|
||
|
1341D7E000
|
stack
|
page read and write
|
||
|
77B5000
|
trusted library allocation
|
page read and write
|
||
|
2C70000
|
trusted library allocation
|
page read and write
|
||
|
4C0D000
|
trusted library allocation
|
page read and write
|
||
|
F4B000
|
heap
|
page read and write
|
||
|
14632860000
|
heap
|
page read and write
|
||
|
7760000
|
trusted library allocation
|
page read and write
|
||
|
2FA000
|
unkown
|
page readonly
|
||
|
7090000
|
trusted library allocation
|
page read and write
|
||
|
AC8000
|
unkown
|
page read and write
|
||
|
4B90000
|
heap
|
page read and write
|
||
|
7690000
|
trusted library allocation
|
page read and write
|
||
|
F53000
|
heap
|
page read and write
|
||
|
4C15000
|
trusted library allocation
|
page read and write
|
||
|
BBB000
|
stack
|
page read and write
|
||
|
29492AD0000
|
heap
|
page read and write
|
||
|
14632A85000
|
heap
|
page read and write
|
||
|
AC0000
|
unkown
|
page readonly
|
||
|
63E0000
|
heap
|
page read and write
|
||
|
7CFE000
|
stack
|
page read and write
|
||
|
F43000
|
heap
|
page read and write
|
||
|
4BB0000
|
heap
|
page read and write
|
||
|
2ED0000
|
heap
|
page read and write
|
||
|
5BD5000
|
trusted library allocation
|
page read and write
|
||
|
11EC8BC000
|
stack
|
page read and write
|
||
|
130F1000
|
trusted library allocation
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
496E000
|
stack
|
page read and write
|
||
|
2D0B000
|
heap
|
page read and write
|
||
|
426000
|
unkown
|
page execute and read and write
|
||
|
D70D54E000
|
stack
|
page read and write
|
||
|
4C3F000
|
trusted library allocation
|
page read and write
|
||
|
4C68000
|
trusted library allocation
|
page read and write
|
||
|
AC1000
|
unkown
|
page execute read
|
||
|
401000
|
unkown
|
page execute read
|
||
|
4910000
|
heap
|
page read and write
|
||
|
76E0000
|
trusted library allocation
|
page read and write
|
||
|
4C2C000
|
trusted library allocation
|
page read and write
|
||
|
2CEA000
|
heap
|
page read and write
|
||
|
7FF9A55B0000
|
trusted library allocation
|
page read and write
|
||
|
2C60000
|
trusted library allocation
|
page read and write
|
||
|
4C01000
|
trusted library allocation
|
page read and write
|
||
|
1314000
|
trusted library allocation
|
page read and write
|
||
|
4BA0000
|
heap
|
page read and write
|
||
|
77C0000
|
trusted library allocation
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
1332000
|
trusted library allocation
|
page read and write
|
||
|
4C49000
|
trusted library allocation
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
F53000
|
heap
|
page read and write
|
||
|
4A3F000
|
stack
|
page read and write
|
||
|
2A3E000
|
stack
|
page read and write
|
||
|
1320000
|
heap
|
page read and write
|
||
|
48F4000
|
trusted library allocation
|
page read and write
|
||
|
4C32000
|
trusted library allocation
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
7FF9A5650000
|
trusted library allocation
|
page read and write
|
||
|
432000
|
unkown
|
page read and write
|
||
|
2D0F000
|
heap
|
page read and write
|
||
|
D70D5CF000
|
stack
|
page read and write
|
||
|
4C26000
|
trusted library allocation
|
page read and write
|
||
|
45EF000
|
stack
|
page read and write
|
||
|
2C50000
|
heap
|
page read and write
|
||
|
1350000
|
trusted library allocation
|
page read and write
|
||
|
4C41000
|
trusted library allocation
|
page read and write
|
||
|
2C7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EE9000
|
heap
|
page read and write
|
||
|
2ED4000
|
heap
|
page read and write
|
||
|
F50000
|
heap
|
page read and write
|
||
|
2FA000
|
unkown
|
page readonly
|
||
|
1068000
|
unkown
|
page read and write
|
||
|
2CEE000
|
stack
|
page read and write
|
||
|
48DE000
|
stack
|
page read and write
|
||
|
32D5000
|
heap
|
page read and write
|
||
|
2E6F000
|
stack
|
page read and write
|
||
|
1338000
|
trusted library allocation
|
page read and write
|
||
|
7820000
|
trusted library allocation
|
page read and write
|
||
|
E02000
|
unkown
|
page readonly
|
||
|
388000
|
unkown
|
page read and write
|
||
|
1560000
|
trusted library allocation
|
page read and write
|
||
|
2319EEB0000
|
heap
|
page read and write
|
||
|
29492E65000
|
heap
|
page read and write
|
||
|
2BD0000
|
heap
|
page read and write
|
||
|
2ECF000
|
heap
|
page read and write
|
||
|
4C28000
|
trusted library allocation
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
7FF9A55B2000
|
trusted library allocation
|
page read and write
|
||
|
ACC000
|
unkown
|
page readonly
|
||
|
30000
|
heap
|
page read and write
|
||
|
4C45000
|
trusted library allocation
|
page read and write
|
||
|
F4B000
|
heap
|
page read and write
|
||
|
7FF9A55CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BBA000
|
heap
|
page read and write
|
||
|
4950000
|
heap
|
page read and write
|
||
|
2ECA000
|
heap
|
page read and write
|
||
|
E06000
|
unkown
|
page readonly
|
||
|
14632867000
|
heap
|
page read and write
|
||
|
70C0000
|
trusted library allocation
|
page read and write
|
||
|
32D9000
|
heap
|
page read and write
|
||
|
705D000
|
trusted library allocation
|
page read and write
|
||
|
1340000
|
trusted library allocation
|
page read and write
|
||
|
4C4F000
|
trusted library allocation
|
page read and write
|
||
|
2319EE40000
|
heap
|
page read and write
|
||
|
4C2A000
|
trusted library allocation
|
page read and write
|
||
|
48F0000
|
heap
|
page read and write
|
||
|
14634410000
|
heap
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
155E000
|
stack
|
page read and write
|
||
|
7FF9A5742000
|
trusted library allocation
|
page read and write
|
||
|
1A70F140000
|
heap
|
page read and write
|
||
|
1330000
|
trusted library allocation
|
page read and write
|
||
|
1311000
|
trusted library allocation
|
page read and write
|
||
|
11EC9BF000
|
stack
|
page read and write
|
||
|
2C83000
|
trusted library allocation
|
page read and write
|
||
|
388000
|
unkown
|
page write copy
|
||
|
7650000
|
trusted library allocation
|
page read and write
|
||
|
B7A000
|
stack
|
page read and write
|
||
|
4C34000
|
trusted library allocation
|
page read and write
|
||
|
4C60000
|
trusted library allocation
|
page read and write
|
||
|
2CA5000
|
heap
|
page read and write
|
||
|
2F0000
|
unkown
|
page readonly
|
||
|
F5E000
|
heap
|
page read and write
|
||
|
7730000
|
trusted library allocation
|
page read and write
|
||
|
936587E000
|
stack
|
page read and write
|
||
|
1061000
|
unkown
|
page execute read
|
||
|
146327F0000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
4930000
|
heap
|
page read and write
|
||
|
4C07000
|
trusted library allocation
|
page read and write
|
||
|
77B0000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A56C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C74000
|
trusted library allocation
|
page read and write
|
||
|
106A000
|
unkown
|
page readonly
|
||
|
430000
|
unkown
|
page read and write
|
||
|
1330000
|
trusted library allocation
|
page read and write
|
||
|
7719000
|
trusted library allocation
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
E00000
|
unkown
|
page readonly
|
||
|
F53000
|
heap
|
page read and write
|
||
|
77E0000
|
trusted library allocation
|
page read and write
|
||
|
2EC3000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
6D0E000
|
stack
|
page read and write
|
||
|
2EDD000
|
heap
|
page read and write
|
||
|
2D04000
|
heap
|
page read and write
|
||
|
7FF9A55BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
6180000
|
heap
|
page read and write
|
||
|
1340000
|
trusted library allocation
|
page read and write
|
||
|
1330000
|
trusted library allocation
|
page read and write
|
||
|
2ED3000
|
heap
|
page read and write
|
||
|
1068000
|
unkown
|
page write copy
|
||
|
106C000
|
unkown
|
page readonly
|
||
|
7680000
|
trusted library allocation
|
page read and write
|
||
|
F5E000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
2ECE000
|
heap
|
page read and write
|
||
|
2F1000
|
unkown
|
page execute read
|
||
|
F5B000
|
heap
|
page read and write
|
||
|
F44000
|
heap
|
page read and write
|
||
|
1330000
|
trusted library allocation
|
page read and write
|
||
|
2319F140000
|
heap
|
page read and write
|
||
|
2ED2000
|
heap
|
page read and write
|
||
|
2F0000
|
unkown
|
page readonly
|
||
|
1330000
|
trusted library allocation
|
page read and write
|
||
|
13CF000
|
heap
|
page read and write
|
||
|
2D0B000
|
heap
|
page read and write
|
||
|
7780000
|
trusted library allocation
|
page read and write
|
||
|
2D00000
|
trusted library allocation
|
page read and write
|
||
|
AC8000
|
unkown
|
page write copy
|
||
|
2D1E000
|
heap
|
page read and write
|
||
|
76F0000
|
trusted library allocation
|
page read and write
|
||
|
F6A000
|
heap
|
page read and write
|
||
|
77F0000
|
trusted library allocation
|
page read and write
|
||
|
4910000
|
heap
|
page read and write
|
||
|
49AF000
|
stack
|
page read and write
|
||
|
38A000
|
unkown
|
page readonly
|
||
|
2DFA000
|
heap
|
page read and write
|
||
|
A7B000
|
stack
|
page read and write
|
||
|
4C66000
|
trusted library allocation
|
page read and write
|
||
|
48F4000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
7620000
|
trusted library allocation
|
page read and write
|
||
|
2D14000
|
heap
|
page read and write
|
||
|
2CA5000
|
heap
|
page read and write
|
||
|
1330000
|
trusted library allocation
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
7610000
|
trusted library allocation
|
page read and write
|
||
|
1330000
|
trusted library allocation
|
page read and write
|
||
|
2D04000
|
heap
|
page read and write
|
||
|
2CF0000
|
trusted library allocation
|
page read and write
|
||
|
70E0000
|
trusted library allocation
|
page read and write
|
||
|
2C20000
|
heap
|
page read and write
|
||
|
2F6E000
|
stack
|
page read and write
|
||
|
2E16000
|
heap
|
page execute and read and write
|
||
|
2EC4000
|
heap
|
page read and write
|
||
|
2F80000
|
heap
|
page read and write
|
||
|
4900000
|
trusted library allocation
|
page read and write
|
||
|
4C0B000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A55C0000
|
trusted library allocation
|
page read and write
|
||
|
2D0B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1061000
|
unkown
|
page execute read
|
||
|
2F1000
|
unkown
|
page execute read
|
||
|
1331000
|
trusted library allocation
|
page read and write
|
||
|
2D0D000
|
heap
|
page read and write
|
||
|
13D2000
|
heap
|
page read and write
|
||
|
7740000
|
trusted library allocation
|
page read and write
|
||
|
1341CFF000
|
stack
|
page read and write
|
||
|
2E5E000
|
heap
|
page read and write
|
||
|
4C30000
|
trusted library allocation
|
page read and write
|
||
|
1A70EEDB000
|
heap
|
page read and write
|
||
|
5BD1000
|
trusted library allocation
|
page read and write
|
||
|
2DC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C6A000
|
trusted library allocation
|
page read and write
|
||
|
48F0000
|
trusted library allocation
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
5BF9000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A55AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
380000
|
unkown
|
page readonly
|
||
|
773E000
|
stack
|
page read and write
|
||
|
2AE0000
|
unkown
|
page readonly
|
||
|
2319EF00000
|
heap
|
page read and write
|
||
|
13A1000
|
heap
|
page read and write
|
||
|
7600000
|
heap
|
page read and write
|
||
|
7FF9A5686000
|
trusted library allocation
|
page execute and read and write
|
||
|
7084000
|
trusted library allocation
|
page read and write
|
||
|
2ECE000
|
heap
|
page read and write
|
||
|
2CA0000
|
heap
|
page read and write
|
||
|
30F1000
|
trusted library allocation
|
page read and write
|
||
|
1340000
|
trusted library allocation
|
page read and write
|
||
|
2ED9000
|
heap
|
page read and write
|
||
|
1A70F100000
|
heap
|
page read and write
|
||
|
1060000
|
unkown
|
page readonly
|
||
|
2A7B000
|
stack
|
page read and write
|
||
|
7640000
|
trusted library allocation
|
page read and write
|
||
|
2E90000
|
heap
|
page read and write
|
||
|
4C64000
|
trusted library allocation
|
page read and write
|
||
|
15C0000
|
heap
|
page read and write
|
||
|
381000
|
unkown
|
page execute read
|
||
|
1570000
|
trusted library allocation
|
page read and write
|
There are 458 hidden memdumps, click here to show them.