IOC Report
Order_YK240612-01D(estimate).scr.exe

loading gif

Files

File Path
Type
Category
Malicious
Order_YK240612-01D(estimate).scr.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Order_YK240612-01D(estimate).scr.exe.log
ASCII text, with CRLF line terminators
dropped
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif:Zone.Identifier
ASCII text, with CRLF line terminators
modified
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif:Zone.Identifier
ASCII text, with CRLF line terminators
modified
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif:Zone.Identifier
ASCII text, with CRLF line terminators
modified
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif:Zone.Identifier
ASCII text, with CRLF line terminators
modified
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif:Zone.Identifier
ASCII text, with CRLF line terminators
modified
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif:Zone.Identifier
ASCII text, with CRLF line terminators
modified
 malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Order_YK240612-01D(estimate).scr.pif.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Order_YK240612-01D(estimate).scr.pif.pif.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Order_YK240612-01D(estimate).scr.pif.pif.pif.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif.log
ASCII text, with CRLF line terminators
dropped
There are 10 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe
"C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe"
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\SysWOW64\reg.exe
REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif"
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c Copy "C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif"
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe
"C:\Users\user\Desktop\Order_YK240612-01D(estimate).scr.exe"
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif
"C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif"
malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\SysWOW64\reg.exe
REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c Copy "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif
"C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif"
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif
"C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif"
malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\SysWOW64\reg.exe
REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c Copy "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif
"C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"
malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif
"C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif"
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif
"C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif"
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\SysWOW64\reg.exe
REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c Copy "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif
"C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif
"C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif
"C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"
malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\SysWOW64\reg.exe
REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c Copy "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif
"C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif"
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif
"C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\SysWOW64\reg.exe
REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif"
malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c Copy "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif"
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif
"C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif
"C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\SysWOW64\reg.exe
REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif"
malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c Copy "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif"
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif
"C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif
"C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif"
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif
"C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif"
malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\SysWOW64\reg.exe
REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif"
malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c Copy "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif"
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif
"C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif"
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif
"C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif"
malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\SysWOW64\reg.exe
REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif"
malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c Copy "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif"
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif
"C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif"
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif
"C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif"
malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\SysWOW64\reg.exe
REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif"
malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c Copy "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif"
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif
"C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif"
malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif
"C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif"
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\SysWOW64\reg.exe
REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif"
malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c Copy "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif" "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif"
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif
"C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif"
 malicious
C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif
"C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif"
malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif.pif.pif"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\Conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\Conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\Conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\Conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
There are 77 hidden processes, click here to show them.

URLs

Name
IP
Malicious
94.156.65.182
malicious
https://s25.filetransfer.io/storage/download/FW6qSQfmbT8f
188.114.97.3
https://s25.filetransfer.io/storage/download/GmzXz5RU6G6l
188.114.96.3
https://s25.filetransfer.io/storage/download/SeZ4MLo1Yj3m
188.114.96.3
https://s25.filetransfer.io/storage/download/3K9dNKi56G9i
188.114.97.3
https://s25.filetransfer.io/storage/download/lte5DYATfEMG
188.114.97.3
https://s25.filetransfer.io/storage/download/wC3BrnP7dccv
188.114.97.3
https://filetransfer.io/data-package/tbcDkJlg/download
188.114.96.3
https://s25.filetransfer.io/storage/download/EckvwQHrOIHT
188.114.96.3
https://s25.filetransfer.io/storage/download/R2O5rB8ez9xA
188.114.97.3
https://s25.filetransfer.io/storage/download/z3EPFBxRGVVz
188.114.97.3
https://s25.filetransfer.io/storage/download/yPgxNf3KOOqM
188.114.97.3
http://geoplugin.net/json.gp
unknown
https://s25.filetransfer.io
unknown
http://geoplugin.net/json.gp/C
unknown
https://s25.filetransfer.io/storage/download/m3LxQcl7Jw9I
188.114.97.3
https://s25.filetransfer.io/storage/download/XOlEAbM0nRZd
188.114.97.3
https://s25.filetransfer.io/storage/download/hNZBHDZNFUPr
188.114.97.3
https://filetransfer.io
unknown
https://s25.filetransfer.io/storage/download/pnDmg2d0XNkK
188.114.97.3
https://s25.filetransfer.io/storage/download/xbIma69Dnsol
188.114.97.3
https://s25.filetransfer.io/storage/download/8K8OSFaJjyBE
188.114.97.3
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://s25.filetransfer.io/storage/download/HGTlth969vgl
188.114.97.3
https://s25.filetransfer.io/storage/download/gWgSDKWAxsrC
188.114.96.3
https://s25.filetransfer.io/storage/download/6XWH6UilIY7a
188.114.97.3
There are 16 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
206.23.85.13.in-addr.arpa
unknown
 malicious
s25.filetransfer.io
188.114.96.3
filetransfer.io
188.114.96.3

IPs

IP
Domain
Country
Malicious
94.156.65.182
unknown
Bulgaria
malicious
188.114.97.3
unknown
European Union
188.114.96.3
s25.filetransfer.io
European Union

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Order_YK240612-01D(estimate).scr
 malicious
HKEY_CURRENT_USER\SOFTWARE\Rmc-5FAVAX
exepath
 malicious
HKEY_CURRENT_USER\SOFTWARE\Rmc-5FAVAX
licence
 malicious
HKEY_CURRENT_USER\SOFTWARE\Rmc-5FAVAX
time
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Order_YK240612-01D(estimate).scr.pif
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Order_YK240612-01D(estimate).scr.pif.pif
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Order_YK240612-01D(estimate).scr.pif.pif.pif
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Order_YK240612-01D(estimate).scr.pif.pif.pif.pif
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Order_YK240612-01D(estimate).scr.pif.pif.pif.pif.pif
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Order_YK240612-01D(estimate)_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Order_YK240612-01D(estimate)_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Order_YK240612-01D(estimate)_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Order_YK240612-01D(estimate)_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Order_YK240612-01D(estimate)_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Order_YK240612-01D(estimate)_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Order_YK240612-01D(estimate)_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Order_YK240612-01D(estimate)_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Order_YK240612-01D(estimate)_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Order_YK240612-01D(estimate)_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Order_YK240612-01D(estimate)_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Order_YK240612-01D(estimate)_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Order_YK240612-01D(estimate)_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Order_YK240612-01D(estimate)_RASMANCS
FileDirectory
There are 14 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
10B7000
heap
page read and write
 malicious
4311000
trusted library allocation
page read and write
 malicious
38A8000
trusted library allocation
page read and write
 malicious
B98000
heap
page read and write
 malicious
BB7000
heap
page read and write
 malicious
3701000
trusted library allocation
page read and write
 malicious
3C59000
trusted library allocation
page read and write
 malicious
400000
remote allocation
page execute and read and write
 malicious
F57000
heap
page read and write
 malicious
3381000
trusted library allocation
page read and write
 malicious
3F35000
trusted library allocation
page read and write
 malicious
3E4F000
trusted library allocation
page read and write
 malicious
4084000
trusted library allocation
page read and write
 malicious
3BD9000
trusted library allocation
page read and write
 malicious
1338000
heap
page read and write
 malicious
E98000
heap
page read and write
 malicious
3D31000
trusted library allocation
page read and write
 malicious
3727000
trusted library allocation
page read and write
 malicious
42E8000
trusted library allocation
page read and write
 malicious
B68000
heap
page read and write
 malicious
3979000
trusted library allocation
page read and write
 malicious
C28000
heap
page read and write
 malicious
BB8000
heap
page read and write
 malicious
1048000
heap
page read and write
 malicious
4234000
trusted library allocation
page read and write
 malicious
1087000
heap
page read and write
 malicious
322E000
stack
page read and write
656E000
stack
page read and write
6E8E000
stack
page read and write
5500000
heap
page read and write
5800000
heap
page read and write
22ED000
trusted library allocation
page read and write
5030000
trusted library allocation
page execute and read and write
331E000
stack
page read and write
2F9B000
stack
page read and write
61EB000
heap
page read and write
5723000
heap
page read and write
6550000
trusted library allocation
page execute and read and write
4FD5000
trusted library allocation
page read and write
6DE1000
trusted library allocation
page read and write
12CE000
stack
page read and write
72EE000
stack
page read and write
2590000
heap
page read and write
5180000
trusted library allocation
page read and write
890000
trusted library allocation
page read and write
74AE000
stack
page read and write
6FE0000
trusted library allocation
page execute and read and write
4BD0000
trusted library allocation
page read and write
2D8E000
stack
page read and write
3040000
heap
page read and write
2CBE000
stack
page read and write
5150000
trusted library allocation
page read and write
4B60000
heap
page read and write
575F000
trusted library allocation
page read and write
62BE000
stack
page read and write
3217000
trusted library allocation
page read and write
73EF000
stack
page read and write
6FE000
unkown
page read and write
11E4000
heap
page read and write
34DF000
stack
page read and write
44AF000
trusted library allocation
page read and write
2D70000
heap
page read and write
1095000
trusted library allocation
page execute and read and write
237F000
trusted library allocation
page read and write
3409000
trusted library allocation
page read and write
327E000
trusted library allocation
page read and write
42B1000
trusted library allocation
page read and write
585E000
stack
page read and write
349E000
stack
page read and write
9AE000
stack
page read and write
59E0000
trusted library allocation
page execute and read and write
3281000
trusted library allocation
page read and write
996000
heap
page read and write
6C4E000
stack
page read and write
27B2000
trusted library allocation
page read and write
4C00000
trusted library allocation
page execute and read and write
474000
remote allocation
page execute and read and write
308F000
heap
page read and write
3650000
heap
page read and write
6C44000
heap
page read and write
321F000
stack
page read and write
2FF0000
trusted library allocation
page execute and read and write
5A2E000
stack
page read and write
67ED000
stack
page read and write
6563000
heap
page read and write
32B9000
trusted library allocation
page read and write
79D0000
trusted library allocation
page execute and read and write
4E23000
heap
page read and write
314F000
stack
page read and write
31CF000
stack
page read and write
67AE000
stack
page read and write
227F000
stack
page read and write
EBE000
stack
page read and write
5B1E000
stack
page read and write
6BD8000
heap
page read and write
2AEF000
stack
page read and write
628E000
stack
page read and write
2DD0000
heap
page read and write
4B72000
trusted library allocation
page read and write
334F000
stack
page read and write
12F7000
stack
page read and write
54F0000
trusted library allocation
page execute and read and write
2CEF000
stack
page read and write
7290000
heap
page read and write
41D1000
trusted library allocation
page read and write
28A7000
trusted library allocation
page read and write
108E000
stack
page read and write
6EA0000
trusted library allocation
page execute and read and write
2A60000
heap
page read and write
5AB0000
trusted library allocation
page execute and read and write
1EE000
unkown
page read and write
474000
remote allocation
page execute and read and write
69CE000
stack
page read and write
B0B000
trusted library allocation
page execute and read and write
2C6E000
stack
page read and write
3070000
heap
page read and write
728C000
stack
page read and write
1010000
trusted library allocation
page read and write
78E000
stack
page read and write
2462000
trusted library allocation
page read and write
680E000
stack
page read and write
2990000
heap
page read and write
3869000
trusted library allocation
page read and write
6A4B000
heap
page read and write
328D000
trusted library allocation
page read and write
52F0000
trusted library allocation
page read and write
65E7000
heap
page read and write
2B7D000
stack
page read and write
1745000
trusted library allocation
page execute and read and write
3321000
trusted library allocation
page read and write
12F7000
stack
page read and write
6810000
heap
page read and write
5570000
trusted library allocation
page read and write
13D000
stack
page read and write
474000
remote allocation
page execute and read and write
5A8E000
stack
page read and write
471000
remote allocation
page execute and read and write
34C2000
trusted library allocation
page read and write
5182000
trusted library allocation
page read and write
1080000
trusted library allocation
page read and write
7450000
heap
page read and write
5E0D000
stack
page read and write
6FC000
stack
page read and write
5D4E000
stack
page read and write
30D0000
heap
page read and write
500000
heap
page read and write
5950000
heap
page read and write
148A000
heap
page read and write
32AE000
stack
page read and write
2A46000
trusted library allocation
page read and write
56C0000
trusted library allocation
page read and write
F30000
heap
page read and write
562D000
stack
page read and write
3A3F000
trusted library allocation
page read and write
14D4000
heap
page read and write
777000
heap
page read and write
6ECE000
trusted library allocation
page read and write
7231000
trusted library allocation
page read and write
653D000
stack
page read and write
572D000
trusted library allocation
page read and write
6D0E000
stack
page read and write
7380000
heap
page read and write
1010000
heap
page read and write
4399000
trusted library allocation
page read and write
14A9000
heap
page read and write
60E6000
trusted library allocation
page read and write
3059000
trusted library allocation
page read and write
33DE000
stack
page read and write
65DF000
heap
page read and write
8BA000
trusted library allocation
page execute and read and write
419A000
trusted library allocation
page read and write
313E000
stack
page read and write
2C21000
trusted library allocation
page read and write
645F000
stack
page read and write
C40000
heap
page read and write
805000
heap
page read and write
6C8E000
stack
page read and write
5410000
heap
page execute and read and write
50D3000
heap
page read and write
43FA000
trusted library allocation
page read and write
148B000
heap
page read and write
6480000
trusted library allocation
page execute and read and write
5F1B000
heap
page read and write
109B000
trusted library allocation
page execute and read and write
3100000
heap
page read and write
2BB0000
heap
page read and write
44AF000
trusted library allocation
page read and write
2AC6000
heap
page read and write
DE0000
heap
page read and write
404A000
trusted library allocation
page read and write
7FC000
stack
page read and write
75AE000
stack
page read and write
970000
heap
page read and write
310E000
stack
page read and write
628E000
stack
page read and write
6516000
trusted library allocation
page read and write
3939000
trusted library allocation
page read and write
4EA0000
heap
page execute and read and write
547E000
stack
page read and write
37C0000
heap
page read and write
1F0000
heap
page read and write
63B0000
trusted library allocation
page execute and read and write
4848000
trusted library allocation
page read and write
9CB000
heap
page read and write
F20000
trusted library allocation
page read and write
1682000
trusted library allocation
page read and write
31D0000
heap
page read and write
2D0F000
unkown
page read and write
2C20000
heap
page read and write
1747000
trusted library allocation
page execute and read and write
6960000
trusted library allocation
page execute and read and write
471000
remote allocation
page execute and read and write
59D0000
trusted library allocation
page read and write
3660000
heap
page read and write
11CE000
stack
page read and write
3074000
trusted library allocation
page read and write
2A3F000
unkown
page read and write
138E000
stack
page read and write
144E000
stack
page read and write
B20000
heap
page read and write
78C000
stack
page read and write
30B0000
heap
page read and write
51D0000
trusted library allocation
page read and write
546000
heap
page read and write
310E000
stack
page read and write
6396000
trusted library allocation
page read and write
3841000
trusted library allocation
page read and write
6B24000
heap
page read and write
4950000
heap
page read and write
52B8000
trusted library allocation
page read and write
2941000
trusted library allocation
page read and write
5E6000
heap
page read and write
52FF000
stack
page read and write
4D28000
trusted library allocation
page read and write
2CAD000
stack
page read and write
62BF000
stack
page read and write
32D0000
heap
page read and write
5FCE000
stack
page read and write
F6E000
stack
page read and write
517D000
trusted library allocation
page read and write
E60000
trusted library allocation
page execute and read and write
345E000
stack
page read and write
652E000
trusted library allocation
page read and write
4049000
trusted library allocation
page read and write
3470000
heap
page read and write
BE0000
trusted library allocation
page read and write
474000
remote allocation
page execute and read and write
572E000
stack
page read and write
328E000
stack
page read and write
3064000
trusted library allocation
page read and write
4E30000
heap
page read and write
1050000
trusted library allocation
page read and write
42D9000
trusted library allocation
page read and write
723C000
stack
page read and write
C20000
heap
page read and write
3281000
trusted library allocation
page read and write
2911000
trusted library allocation
page read and write
680000
heap
page read and write
690E000
stack
page read and write
78EF000
stack
page read and write
5090000
trusted library allocation
page read and write
5C8E000
stack
page read and write
8FC000
stack
page read and write
53CE000
stack
page read and write
357F000
trusted library allocation
page read and write
67BE000
stack
page read and write
950000
trusted library allocation
page read and write
10C7000
heap
page read and write
923000
trusted library allocation
page execute and read and write
B3E000
stack
page read and write
3911000
trusted library allocation
page read and write
32B1000
trusted library allocation
page read and write
147E000
heap
page read and write
345B000
heap
page read and write
642E000
stack
page read and write
AFA000
trusted library allocation
page execute and read and write
6CDC000
stack
page read and write
6C80000
heap
page read and write
2310000
heap
page read and write
4FFD000
stack
page read and write
13A5000
heap
page read and write
40EF000
trusted library allocation
page read and write
17E0000
trusted library allocation
page execute and read and write
326B000
trusted library allocation
page read and write
615E000
stack
page read and write
62E000
stack
page read and write
35B0000
heap
page read and write
B05000
trusted library allocation
page execute and read and write
AC0000
trusted library allocation
page read and write
677E000
stack
page read and write
599E000
stack
page read and write
684E000
stack
page read and write
33F0000
heap
page read and write
504E000
stack
page read and write
65A0000
heap
page read and write
2BEF000
stack
page read and write
2A1E000
trusted library allocation
page read and write
4D80000
heap
page read and write
2D17000
trusted library allocation
page read and write
BCE000
stack
page read and write
3310000
heap
page read and write
6D8E000
stack
page read and write
26BE000
stack
page read and write
4328000
trusted library allocation
page read and write
2DCD000
stack
page read and write
56A5000
trusted library allocation
page read and write
F37000
heap
page read and write
6940000
trusted library allocation
page read and write
769E000
stack
page read and write
6E8000
heap
page read and write
7FE000
stack
page read and write
555D000
stack
page read and write
2FD0000
heap
page read and write
2A3E000
unkown
page read and write
639D000
heap
page read and write
B6B000
trusted library allocation
page execute and read and write
318E000
stack
page read and write
737E000
stack
page read and write
2A20000
trusted library allocation
page read and write
2E40000
heap
page read and write
658F000
stack
page read and write
2FC0000
heap
page read and write
6F60000
heap
page read and write
6536000
trusted library allocation
page read and write
1727000
heap
page read and write
678E000
stack
page read and write
27F0000
heap
page read and write
36C1000
trusted library allocation
page read and write
18DE000
stack
page read and write
5704000
trusted library allocation
page read and write
1498000
heap
page read and write
16B0000
heap
page read and write
2DF0000
heap
page read and write
2B3D000
stack
page read and write
4E6D000
stack
page read and write
44DF000
trusted library allocation
page read and write
3264000
trusted library allocation
page read and write
B65000
trusted library allocation
page execute and read and write
95C000
stack
page read and write
64A6000
trusted library allocation
page read and write
2EA0000
heap
page read and write
EB0000
trusted library allocation
page read and write
6A10000
heap
page read and write
31C8000
trusted library allocation
page read and write
6F70000
trusted library allocation
page execute and read and write
C27000
heap
page read and write
2B1B000
heap
page read and write
EA0000
trusted library allocation
page read and write
288B000
trusted library allocation
page read and write
6B20000
heap
page read and write
30FC000
stack
page read and write
60A2000
heap
page read and write
6504000
heap
page read and write
5750000
trusted library allocation
page read and write
589E000
stack
page read and write
1374000
trusted library allocation
page read and write
3619000
trusted library allocation
page read and write
2C30000
heap
page read and write
4FCC000
stack
page read and write
32BC000
trusted library allocation
page read and write
330E000
stack
page read and write
22D5000
trusted library allocation
page read and write
4F0E000
stack
page read and write
64F0000
trusted library allocation
page execute and read and write
4DA0000
heap
page read and write
64F0000
trusted library allocation
page execute and read and write
58CF000
stack
page read and write
32D6000
heap
page read and write
3100000
heap
page read and write
324B000
trusted library allocation
page read and write
2C10000
heap
page read and write
70C0000
heap
page read and write
636F000
stack
page read and write
56F0000
trusted library allocation
page read and write
DD0000
trusted library allocation
page execute and read and write
13F0000
heap
page read and write
3260000
trusted library allocation
page read and write
6BC1000
heap
page read and write
7F360000
trusted library allocation
page execute and read and write
3528000
heap
page read and write
294E000
unkown
page read and write
5FDE000
stack
page read and write
17D0000
heap
page execute and read and write
6E50000
heap
page read and write
1650000
trusted library allocation
page read and write
3110000
heap
page read and write
2BB4000
trusted library allocation
page read and write
3240000
heap
page read and write
447F000
trusted library allocation
page read and write
DAE000
stack
page read and write
3040000
heap
page read and write
17A000
stack
page read and write
178F000
stack
page read and write
1035000
trusted library allocation
page execute and read and write
AD4000
trusted library allocation
page read and write
356F000
heap
page read and write
E37000
trusted library allocation
page execute and read and write
2BDE000
stack
page read and write
D6E000
stack
page read and write
13F7000
heap
page read and write
36E9000
trusted library allocation
page read and write
1060000
trusted library allocation
page read and write
474000
remote allocation
page execute and read and write
306C000
trusted library allocation
page read and write
101B000
trusted library allocation
page read and write
4B70000
trusted library allocation
page read and write
6F20000
heap
page read and write
4B06000
trusted library allocation
page read and write
5ED2000
heap
page read and write
166D000
trusted library allocation
page execute and read and write
6A34000
heap
page read and write
6C00000
heap
page read and write
2F6C000
heap
page read and write
5A1E000
stack
page read and write
534F000
stack
page read and write
4D30000
trusted library allocation
page read and write
6E90000
trusted library allocation
page execute and read and write
3260000
trusted library allocation
page read and write
603E000
stack
page read and write
6BD0000
heap
page read and write
6C4D000
stack
page read and write
6A30000
heap
page read and write
59A0000
heap
page read and write
5E98000
heap
page read and write
51BF000
trusted library allocation
page read and write
6C50000
heap
page read and write
6F0E000
stack
page read and write
3A8A000
trusted library allocation
page read and write
5F0000
heap
page read and write
47D000
stack
page read and write
31F4000
trusted library allocation
page read and write
5040000
heap
page read and write
2DCF000
stack
page read and write
779E000
stack
page read and write
33FF000
unkown
page read and write
4E20000
heap
page read and write
72B000
stack
page read and write
68CE000
stack
page read and write
BB0000
heap
page read and write
5E6F000
stack
page read and write
65CE000
stack
page read and write
35FF000
trusted library allocation
page read and write
2806000
trusted library allocation
page read and write
4109000
trusted library allocation
page read and write
BE0000
heap
page read and write
3220000
direct allocation
page read and write
2CD1000
trusted library allocation
page read and write
5644000
trusted library allocation
page read and write
6594000
heap
page read and write
5CAE000
stack
page read and write
4C10000
heap
page execute and read and write
4FD000
stack
page read and write
70BE000
stack
page read and write
A17000
heap
page read and write
18F0000
trusted library allocation
page read and write
1031000
trusted library allocation
page read and write
306F000
heap
page read and write
316E000
stack
page read and write
3365000
trusted library allocation
page read and write
7100000
heap
page read and write
96E000
stack
page read and write
6A40000
trusted library allocation
page execute and read and write
2A4D000
trusted library allocation
page read and write
2B6E000
stack
page read and write
B80000
heap
page read and write
5690000
trusted library allocation
page read and write
30FB000
stack
page read and write
3E0000
heap
page read and write
1042000
trusted library allocation
page read and write
2670000
heap
page read and write
7FA40000
trusted library allocation
page execute and read and write
501E000
stack
page read and write
38DF000
trusted library allocation
page read and write
9A0000
heap
page execute and read and write
5A80000
heap
page execute and read and write
5C4E000
stack
page read and write
140E000
stack
page read and write
4D4F000
trusted library allocation
page read and write
510000
direct allocation
page read and write
78E000
stack
page read and write
2F84000
heap
page read and write
700000
heap
page read and write
D2F000
stack
page read and write
7AE000
stack
page read and write
5D4F000
stack
page read and write
A00000
heap
page read and write
304F000
stack
page read and write
3268000
trusted library allocation
page read and write
36A0000
heap
page read and write
1097000
trusted library allocation
page execute and read and write
1092000
trusted library allocation
page read and write
703E000
stack
page read and write
3770000
heap
page read and write
5000000
trusted library allocation
page read and write
243D000
trusted library allocation
page execute and read and write
8C5000
trusted library allocation
page execute and read and write
6A0E000
stack
page read and write
DDE000
heap
page read and write
103E000
stack
page read and write
1522000
trusted library allocation
page read and write
6500000
trusted library allocation
page execute and read and write
BB3000
heap
page read and write
6FD000
stack
page read and write
397F000
trusted library allocation
page read and write
10B0000
trusted library allocation
page read and write
93D000
trusted library allocation
page execute and read and write
6BBF000
heap
page read and write
66AE000
stack
page read and write
5CA8000
heap
page read and write
3FB9000
trusted library allocation
page read and write