Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
ohtie89k.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\service.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\windows.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ohtie89k.exe.log
|
CSV text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\service.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\service.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\service.exe.log
|
CSV text
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\ohtie89k.exe
|
"C:\Users\user\Desktop\ohtie89k.exe"
|
|
|
|
C:\ProgramData\windows.exe
|
"C:\ProgramData\windows.exe"
|
|
|
|
C:\ProgramData\service.exe
|
"C:\ProgramData\service.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /create /sc minute /mo 1 /tn "service" /tr "C:\Users\user\AppData\Roaming\service.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\service.exe
|
C:\Users\user\AppData\Roaming\service.exe
|
|
|
|
C:\Users\user\AppData\Roaming\service.exe
|
"C:\Users\user\AppData\Roaming\service.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\service.exe
|
"C:\Users\user\AppData\Roaming\service.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\service.exe
|
"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\service.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\service.exe
|
C:\Users\user\AppData\Roaming\service.exe
|
|
|
|
C:\Users\user\AppData\Roaming\service.exe
|
C:\Users\user\AppData\Roaming\service.exe
|
|
|
|
C:\Users\user\AppData\Roaming\service.exe
|
C:\Users\user\AppData\Roaming\service.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 3 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mylogsprvt.zapto.org
|
|
||
|
https://ipinfo.io/ip%appdata%
|
unknown
|
||
|
http://mylogsprvt.zapto.org:45630
|
unknown
|
||
|
http://tempuri.org/Endpoint/CheckConnectLR
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
|
unknown
|
||
|
http://tempuri.org/Endpoint/CheckConnectResponse
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultX
|
unknown
|
||
|
https://api.ip.sb/geoip%USERPEnvironmentROFILE%
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/envelope/
|
unknown
|
||
|
http://exmple.com/Uploader.php
|
unknown
|
||
|
http://tempuri.org/
|
unknown
|
||
|
http://tempuri.org/Endpoint/CheckConnect
|
unknown
|
||
|
http://tempuri.org/Endpoint/EnvironmentSettingsLR
|
unknown
|
||
|
http://tempuri.org/Endpoint/VerifyUpdateResponse
|
unknown
|
||
|
http://tempuri.org/Endpoint/SetEnvironmentResponse
|
unknown
|
||
|
http://tempuri.org/Endpoint/SetEnvironmentLR
|
unknown
|
||
|
https://api.ipify.orgcookies//settinString.Removeg
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/08/addressing
|
unknown
|
||
|
http://tempuri.org/Endpoint/GetUpdatesLR
|
unknown
|
||
|
http://tempuri.org/Endpoint/VerifyUpdateLR
|
unknown
|
||
|
http://tempuri.org/Endpoint/GetUpdatesResponse
|
unknown
|
||
|
http://tempuri.org/Endpoint/
|
unknown
|
||
|
http://tempuri.org/Endpoint/EnvironmentSettingsResponse
|
unknown
|
||
|
http://tempuri.org/Endpoint/CheckConnectT
|
unknown
|
||
|
http://tempuri.org/0
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/actor/next
|
unknown
|
||
|
http://mylogsprvt.zapto.org:45630/
|
unknown
|
There are 18 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mylogsprvt.zapto.org
|
0.0.0.0
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\windows_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\windows_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\windows_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\windows_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\windows_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\windows_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\windows_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\windows_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\windows_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\windows_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\windows_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\windows_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\windows_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\windows_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
service
|
There are 6 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
12678000
|
trusted library allocation
|
page read and write
|
|
|
|
2671000
|
trusted library allocation
|
page read and write
|
|
|
|
6E2000
|
unkown
|
page readonly
|
|
|
|
362000
|
unkown
|
page readonly
|
|
|
|
1125000
|
heap
|
page read and write
|
||
|
1675000
|
heap
|
page read and write
|
||
|
8A3000
|
trusted library allocation
|
page read and write
|
||
|
16C0000
|
trusted library allocation
|
page read and write
|
||
|
149B000
|
heap
|
page read and write
|
||
|
126A1000
|
trusted library allocation
|
page read and write
|
||
|
916000
|
heap
|
page read and write
|
||
|
7FFD9B994000
|
trusted library allocation
|
page read and write
|
||
|
2790000
|
trusted library allocation
|
page read and write
|
||
|
269E000
|
stack
|
page read and write
|
||
|
1264000
|
heap
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page execute and read and write
|
||
|
12C01000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
2BC5000
|
trusted library allocation
|
page read and write
|
||
|
903000
|
heap
|
page read and write
|
||
|
870000
|
trusted library allocation
|
page read and write
|
||
|
1B620000
|
heap
|
page read and write
|
||
|
1770000
|
heap
|
page read and write
|
||
|
360000
|
unkown
|
page readonly
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
1B66D000
|
stack
|
page read and write
|
||
|
7FFD9B99D000
|
trusted library allocation
|
page execute and read and write
|
||
|
806000
|
heap
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
1395000
|
heap
|
page read and write
|
||
|
7FFD9B9EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
895000
|
heap
|
page read and write
|
||
|
27B4000
|
trusted library allocation
|
page read and write
|
||
|
1110000
|
heap
|
page execute and read and write
|
||
|
7FFD9B994000
|
trusted library allocation
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
7FFD9B984000
|
trusted library allocation
|
page read and write
|
||
|
27A0000
|
trusted library allocation
|
page read and write
|
||
|
1BB5B000
|
stack
|
page read and write
|
||
|
2A91000
|
trusted library allocation
|
page read and write
|
||
|
2C01000
|
trusted library allocation
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
27A3000
|
trusted library allocation
|
page read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
C80000
|
trusted library allocation
|
page read and write
|
||
|
12EC3000
|
trusted library allocation
|
page read and write
|
||
|
30F0000
|
heap
|
page read and write
|
||
|
157F000
|
stack
|
page read and write
|
||
|
2EB0000
|
heap
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
7FFD9B9DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
2A8B000
|
trusted library allocation
|
page read and write
|
||
|
AF8000
|
stack
|
page read and write
|
||
|
7FFD9B9A9000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB40000
|
trusted library allocation
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
1B1EF000
|
stack
|
page read and write
|
||
|
130A000
|
heap
|
page read and write
|
||
|
AB0000
|
heap
|
page execute and read and write
|
||
|
DA2000
|
trusted library allocation
|
page read and write
|
||
|
1B45D000
|
stack
|
page read and write
|
||
|
8FC000
|
heap
|
page read and write
|
||
|
16E5000
|
heap
|
page read and write
|
||
|
132A000
|
heap
|
page read and write
|
||
|
734000
|
heap
|
page read and write
|
||
|
149D000
|
heap
|
page read and write
|
||
|
E6A000
|
heap
|
page read and write
|
||
|
A00000
|
heap
|
page execute and read and write
|
||
|
1B1DE000
|
stack
|
page read and write
|
||
|
298000
|
unkown
|
page readonly
|
||
|
AA5000
|
heap
|
page read and write
|
||
|
73E000
|
heap
|
page read and write
|
||
|
12EC8000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B999000
|
trusted library allocation
|
page read and write
|
||
|
2A98000
|
trusted library allocation
|
page read and write
|
||
|
5082000
|
trusted library allocation
|
page read and write
|
||
|
1B2DE000
|
stack
|
page read and write
|
||
|
1315000
|
heap
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
3080000
|
heap
|
page execute and read and write
|
||
|
1410000
|
heap
|
page execute and read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
1BA90000
|
heap
|
page execute and read and write
|
||
|
749000
|
heap
|
page read and write
|
||
|
11F0000
|
trusted library allocation
|
page read and write
|
||
|
1120000
|
heap
|
page read and write
|
||
|
1240000
|
heap
|
page read and write
|
||
|
2794000
|
trusted library allocation
|
page read and write
|
||
|
1318000
|
heap
|
page read and write
|
||
|
9FE000
|
stack
|
page read and write
|
||
|
2BBD000
|
trusted library allocation
|
page read and write
|
||
|
14A1000
|
heap
|
page read and write
|
||
|
1275D000
|
trusted library allocation
|
page read and write
|
||
|
5410000
|
heap
|
page read and write
|
||
|
7FFD9BA66000
|
trusted library allocation
|
page execute and read and write
|
||
|
12A5000
|
heap
|
page read and write
|
||
|
130E5000
|
trusted library allocation
|
page read and write
|
||
|
23A0000
|
heap
|
page read and write
|
||
|
1070000
|
heap
|
page read and write
|
||
|
F22000
|
heap
|
page read and write
|
||
|
7FFD9B9EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B98D000
|
trusted library allocation
|
page execute and read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
30E1000
|
trusted library allocation
|
page read and write
|
||
|
765000
|
heap
|
page read and write
|
||
|
1B919000
|
stack
|
page read and write
|
||
|
1B65D000
|
heap
|
page read and write
|
||
|
13031000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
FF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9A9000
|
trusted library allocation
|
page read and write
|
||
|
1BD1E000
|
stack
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
130C000
|
heap
|
page read and write
|
||
|
1BB1E000
|
stack
|
page read and write
|
||
|
130E3000
|
trusted library allocation
|
page read and write
|
||
|
36E000
|
unkown
|
page readonly
|
||
|
270000
|
unkown
|
page readonly
|
||
|
122F000
|
stack
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
165F000
|
stack
|
page read and write
|
||
|
182F000
|
stack
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
52E0000
|
trusted library allocation
|
page read and write
|
||
|
D60000
|
trusted library allocation
|
page read and write
|
||
|
5B1000
|
stack
|
page read and write
|
||
|
16E0000
|
heap
|
page read and write
|
||
|
12FF000
|
heap
|
page read and write
|
||
|
999000
|
heap
|
page read and write
|
||
|
7FFD9B9AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
29DA000
|
trusted library allocation
|
page read and write
|
||
|
12751000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page execute and read and write
|
||
|
372000
|
stack
|
page read and write
|
||
|
13105000
|
trusted library allocation
|
page read and write
|
||
|
2A9F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
7FFD9B98D000
|
trusted library allocation
|
page execute and read and write
|
||
|
850000
|
trusted library allocation
|
page read and write
|
||
|
922000
|
heap
|
page read and write
|
||
|
7FFD9BA5C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BA56000
|
trusted library allocation
|
page execute and read and write
|
||
|
1210000
|
trusted library allocation
|
page read and write
|
||
|
1BCFE000
|
stack
|
page read and write
|
||
|
1B3DF000
|
stack
|
page read and write
|
||
|
1B81F000
|
stack
|
page read and write
|
||
|
8CC000
|
heap
|
page read and write
|
||
|
EE7000
|
heap
|
page read and write
|
||
|
7A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
12EC1000
|
trusted library allocation
|
page read and write
|
||
|
27B9000
|
trusted library allocation
|
page read and write
|
||
|
264E000
|
stack
|
page read and write
|
||
|
7FFD9BA66000
|
trusted library allocation
|
page execute and read and write
|
||
|
126A8000
|
trusted library allocation
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
1F7CC6A0000
|
heap
|
page read and write
|
||
|
15D0000
|
heap
|
page read and write
|
||
|
16A0000
|
heap
|
page execute and read and write
|
||
|
29D5000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B994000
|
trusted library allocation
|
page read and write
|
||
|
A9E000
|
stack
|
page read and write
|
||
|
7FFD9BA56000
|
trusted library allocation
|
page read and write
|
||
|
53B0000
|
trusted library allocation
|
page read and write
|
||
|
1F7CC588000
|
heap
|
page read and write
|
||
|
777000
|
heap
|
page read and write
|
||
|
7FFD9B9AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
10F1000
|
stack
|
page read and write
|
||
|
508E000
|
trusted library allocation
|
page read and write
|
||
|
12A5000
|
heap
|
page read and write
|
||
|
7FFD9B992000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
15D5000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
6E0000
|
unkown
|
page readonly
|
||
|
7FFD9B9AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B9B4000
|
trusted library allocation
|
page read and write
|
||
|
12758000
|
trusted library allocation
|
page read and write
|
||
|
1A93D000
|
stack
|
page read and write
|
||
|
50A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9CC000
|
trusted library allocation
|
page execute and read and write
|
||
|
DB5000
|
trusted library allocation
|
page execute and read and write
|
||
|
13D3000
|
heap
|
page read and write
|
||
|
7FFD9B9A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B0EE000
|
stack
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
1670000
|
heap
|
page read and write
|
||
|
830000
|
trusted library allocation
|
page read and write
|
||
|
7F290000
|
trusted library allocation
|
page execute and read and write
|
||
|
1720000
|
heap
|
page read and write
|
||
|
1489000
|
heap
|
page read and write
|
||
|
12753000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page execute and read and write
|
||
|
78C000
|
stack
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9A4000
|
trusted library allocation
|
page read and write
|
||
|
279D000
|
trusted library allocation
|
page read and write
|
||
|
7FF4CC330000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B5CE000
|
stack
|
page read and write
|
||
|
8C9000
|
heap
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
D70000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
104F000
|
stack
|
page read and write
|
||
|
7FFD9BAC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5300000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page execute and read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
1725000
|
heap
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
1338000
|
heap
|
page read and write
|
||
|
7FFD9B98D000
|
trusted library allocation
|
page execute and read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
7FFD9BA96000
|
trusted library allocation
|
page execute and read and write
|
||
|
EBC000
|
heap
|
page read and write
|
||
|
270000
|
unkown
|
page readonly
|
||
|
12D0000
|
heap
|
page read and write
|
||
|
7FFD9B9BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
86D000
|
heap
|
page read and write
|
||
|
7C0000
|
trusted library allocation
|
page read and write
|
||
|
1460000
|
heap
|
page read and write
|
||
|
DB2000
|
trusted library allocation
|
page read and write
|
||
|
82C000
|
heap
|
page read and write
|
||
|
7FFD9BAC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
8E6000
|
heap
|
page read and write
|
||
|
12F5000
|
heap
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
72F000
|
heap
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
7FFD9B9B9000
|
trusted library allocation
|
page read and write
|
||
|
2B4E000
|
stack
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
8EC000
|
heap
|
page read and write
|
||
|
13101000
|
trusted library allocation
|
page read and write
|
||
|
130B000
|
heap
|
page read and write
|
||
|
901000
|
heap
|
page read and write
|
||
|
1A780000
|
trusted library allocation
|
page read and write
|
||
|
1AC2D000
|
stack
|
page read and write
|
||
|
30D0000
|
heap
|
page read and write
|
||
|
7FFD9BB30000
|
trusted library allocation
|
page read and write
|
||
|
12673000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page execute and read and write
|
||
|
30CE000
|
stack
|
page read and write
|
||
|
12F8000
|
heap
|
page read and write
|
||
|
2F8E000
|
stack
|
page read and write
|
||
|
5330000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BB20000
|
trusted library allocation
|
page read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
74B000
|
heap
|
page read and write
|
||
|
27A6000
|
trusted library allocation
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
3D1000
|
stack
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
1B9FF000
|
stack
|
page read and write
|
||
|
5360000
|
trusted library allocation
|
page execute and read and write
|
||
|
621E000
|
stack
|
page read and write
|
||
|
2AAC000
|
trusted library allocation
|
page read and write
|
||
|
29E0000
|
trusted library allocation
|
page read and write
|
||
|
23B1000
|
trusted library allocation
|
page read and write
|
||
|
279A000
|
trusted library allocation
|
page read and write
|
||
|
F33000
|
heap
|
page read and write
|
||
|
7FFD9B999000
|
trusted library allocation
|
page read and write
|
||
|
2A01000
|
trusted library allocation
|
page read and write
|
||
|
83F000
|
heap
|
page read and write
|
||
|
D8D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B9CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
123C000
|
heap
|
page read and write
|
||
|
16E0000
|
trusted library allocation
|
page read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
298F000
|
stack
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
2BF0000
|
heap
|
page read and write
|
||
|
3A09000
|
trusted library allocation
|
page read and write
|
||
|
1272000
|
heap
|
page read and write
|
||
|
1468000
|
heap
|
page read and write
|
||
|
7FFD9B9C2000
|
trusted library allocation
|
page read and write
|
||
|
1B220000
|
heap
|
page execute and read and write
|
||
|
79F000
|
heap
|
page read and write
|
||
|
DA0000
|
trusted library allocation
|
page read and write
|
||
|
EEA000
|
heap
|
page read and write
|
||
|
90E000
|
heap
|
page read and write
|
||
|
29D8000
|
trusted library allocation
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
1B4E0000
|
heap
|
page read and write
|
||
|
13108000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B989000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9A4000
|
trusted library allocation
|
page read and write
|
||
|
12D8000
|
heap
|
page read and write
|
||
|
12F2000
|
stack
|
page read and write
|
||
|
7FFD9BA86000
|
trusted library allocation
|
page execute and read and write
|
||
|
1491000
|
heap
|
page read and write
|
||
|
13E0000
|
trusted library allocation
|
page read and write
|
||
|
C55000
|
heap
|
page read and write
|
||
|
8C6000
|
heap
|
page read and write
|
||
|
92E000
|
heap
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
DBB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F7CC58F000
|
heap
|
page read and write
|
||
|
7FFD9B9B2000
|
trusted library allocation
|
page read and write
|
||
|
1240000
|
heap
|
page read and write
|
||
|
2AB4000
|
trusted library allocation
|
page read and write
|
||
|
559E000
|
stack
|
page read and write
|
||
|
D74000
|
trusted library allocation
|
page read and write
|
||
|
142F000
|
stack
|
page read and write
|
||
|
1475000
|
heap
|
page read and write
|
||
|
DAA000
|
trusted library allocation
|
page execute and read and write
|
||
|
9C3CCFF000
|
stack
|
page read and write
|
||
|
7FFD9B9BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page execute and read and write
|
||
|
272000
|
unkown
|
page readonly
|
||
|
12C03000
|
trusted library allocation
|
page read and write
|
||
|
130E8000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
E5E000
|
heap
|
page read and write
|
||
|
7FFD9BB20000
|
trusted library allocation
|
page read and write
|
||
|
1B68D000
|
stack
|
page read and write
|
||
|
1527000
|
heap
|
page read and write
|
||
|
AB5000
|
heap
|
page read and write
|
||
|
7FFD9BA86000
|
trusted library allocation
|
page execute and read and write
|
||
|
16F0000
|
heap
|
page read and write
|
||
|
8DF000
|
heap
|
page read and write
|
||
|
7FFD9BA0C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BA4C000
|
trusted library allocation
|
page execute and read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
1361000
|
heap
|
page read and write
|
||
|
5490000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B31E000
|
stack
|
page read and write
|
||
|
7FFD9BA5C000
|
trusted library allocation
|
page execute and read and write
|
||
|
81F000
|
heap
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
1F7CC680000
|
heap
|
page read and write
|
||
|
123B5000
|
trusted library allocation
|
page read and write
|
||
|
1AD10000
|
heap
|
page read and write
|
||
|
CDE000
|
stack
|
page read and write
|
||
|
53DD000
|
trusted library allocation
|
page read and write
|
||
|
F60000
|
heap
|
page read and write
|
||
|
D7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
952000
|
heap
|
page read and write
|
||
|
13103000
|
trusted library allocation
|
page read and write
|
||
|
29D0000
|
trusted library allocation
|
page read and write
|
||
|
169E000
|
stack
|
page read and write
|
||
|
7FFD9B9AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A93000
|
trusted library allocation
|
page read and write
|
||
|
D45000
|
heap
|
page read and write
|
||
|
CE0000
|
unkown
|
page readonly
|
||
|
1BB60000
|
heap
|
page read and write
|
||
|
7FFD9B994000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB10000
|
trusted library allocation
|
page read and write
|
||
|
E91000
|
heap
|
page read and write
|
||
|
1AFEE000
|
stack
|
page read and write
|
||
|
7FFD9B9A4000
|
trusted library allocation
|
page read and write
|
||
|
1B97F000
|
stack
|
page read and write
|
||
|
7FFD9BA66000
|
trusted library allocation
|
page execute and read and write
|
||
|
F17000
|
heap
|
page read and write
|
||
|
1AEEF000
|
stack
|
page read and write
|
||
|
94E000
|
heap
|
page read and write
|
||
|
1270000
|
heap
|
page read and write
|
||
|
546D000
|
stack
|
page read and write
|
||
|
1BBFF000
|
stack
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
12C08000
|
trusted library allocation
|
page read and write
|
||
|
1320000
|
heap
|
page read and write
|
||
|
14C9000
|
heap
|
page read and write
|
||
|
3A01000
|
trusted library allocation
|
page read and write
|
||
|
D73000
|
trusted library allocation
|
page execute and read and write
|
||
|
1ADE0000
|
heap
|
page execute and read and write
|
||
|
D80000
|
trusted library allocation
|
page read and write
|
||
|
AD5000
|
heap
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
1B870000
|
heap
|
page read and write
|
||
|
99F000
|
stack
|
page read and write
|
||
|
CA0000
|
trusted library allocation
|
page read and write
|
||
|
1B11F000
|
stack
|
page read and write
|
||
|
7FFD9B992000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA76000
|
trusted library allocation
|
page execute and read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
1B4F9000
|
heap
|
page read and write
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
1230000
|
trusted library allocation
|
page read and write
|
||
|
F50000
|
heap
|
page read and write
|
||
|
7FFD9B99D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BBCE000
|
stack
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
123B3000
|
trusted library allocation
|
page read and write
|
||
|
159F000
|
stack
|
page read and write
|
||
|
2EC1000
|
trusted library allocation
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
132D000
|
heap
|
page read and write
|
||
|
7FFD9B9DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B71E000
|
stack
|
page read and write
|
||
|
736000
|
heap
|
page read and write
|
||
|
1BC6F000
|
stack
|
page read and write
|
||
|
7FFD9B97D000
|
trusted library allocation
|
page execute and read and write
|
||
|
506B000
|
trusted library allocation
|
page read and write
|
||
|
834000
|
heap
|
page read and write
|
||
|
12A0000
|
heap
|
page read and write
|
||
|
1740000
|
heap
|
page execute and read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
82A000
|
heap
|
page read and write
|
||
|
1BCCE000
|
stack
|
page read and write
|
||
|
7FFD9BA3C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B9FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
92C000
|
heap
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA2C000
|
trusted library allocation
|
page execute and read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
D5E000
|
stack
|
page read and write
|
||
|
7FFD9B9A2000
|
trusted library allocation
|
page read and write
|
||
|
1B6DC000
|
stack
|
page read and write
|
||
|
3031000
|
trusted library allocation
|
page read and write
|
||
|
1B1CE000
|
stack
|
page read and write
|
||
|
8EC000
|
heap
|
page read and write
|
||
|
C1E000
|
stack
|
page read and write
|
||
|
7FFD9B99D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E7E000
|
stack
|
page read and write
|
||
|
10D0000
|
trusted library allocation
|
page read and write
|
||
|
5060000
|
trusted library allocation
|
page read and write
|
||
|
1050000
|
heap
|
page read and write
|
||
|
7FFD9B99D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B9A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
10F1000
|
stack
|
page read and write
|
||
|
7FFD9B9A2000
|
trusted library allocation
|
page read and write
|
||
|
FF2000
|
stack
|
page read and write
|
||
|
DA6000
|
trusted library allocation
|
page execute and read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
7FFD9B9B2000
|
trusted library allocation
|
page read and write
|
||
|
12EC5000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA6C000
|
trusted library allocation
|
page execute and read and write
|
||
|
123B1000
|
trusted library allocation
|
page read and write
|
||
|
80C000
|
heap
|
page read and write
|
||
|
EF2000
|
heap
|
page read and write
|
||
|
123B8000
|
trusted library allocation
|
page read and write
|
||
|
5091000
|
trusted library allocation
|
page read and write
|
||
|
1ACDD000
|
stack
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
E97000
|
heap
|
page read and write
|
||
|
5400000
|
trusted library allocation
|
page execute and read and write
|
||
|
880000
|
heap
|
page execute and read and write
|
||
|
12A0000
|
heap
|
page read and write
|
||
|
13035000
|
trusted library allocation
|
page read and write
|
||
|
2ADE000
|
trusted library allocation
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
53DA000
|
trusted library allocation
|
page read and write
|
||
|
126A3000
|
trusted library allocation
|
page read and write
|
||
|
1F7CC4A0000
|
heap
|
page read and write
|
||
|
27AA000
|
trusted library allocation
|
page read and write
|
||
|
2B50000
|
heap
|
page execute and read and write
|
||
|
BDE000
|
stack
|
page read and write
|
||
|
890000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
13033000
|
trusted library allocation
|
page read and write
|
||
|
1B0C0000
|
heap
|
page read and write
|
||
|
72A000
|
heap
|
page read and write
|
||
|
7FFD9BB20000
|
trusted library allocation
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
14EE000
|
stack
|
page read and write
|
||
|
7FFD9B982000
|
trusted library allocation
|
page read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
CB9000
|
stack
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
1245000
|
heap
|
page read and write
|
||
|
58BE000
|
stack
|
page read and write
|
||
|
7FFD9B9C4000
|
trusted library allocation
|
page read and write
|
||
|
130E1000
|
trusted library allocation
|
page read and write
|
||
|
1BA10000
|
heap
|
page execute and read and write
|
||
|
13038000
|
trusted library allocation
|
page read and write
|
||
|
1ABFC000
|
stack
|
page read and write
|
||
|
7FFD9B9C9000
|
trusted library allocation
|
page read and write
|
||
|
DB7000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B974000
|
trusted library allocation
|
page read and write
|
||
|
129E000
|
heap
|
page read and write
|
||
|
E40000
|
trusted library allocation
|
page read and write
|
||
|
3101000
|
trusted library allocation
|
page read and write
|
||
|
1BAFE000
|
stack
|
page read and write
|
||
|
7FFD9B9A4000
|
trusted library allocation
|
page read and write
|
||
|
4B9E000
|
stack
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
9C3C989000
|
stack
|
page read and write
|
||
|
12671000
|
trusted library allocation
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
2880000
|
heap
|
page read and write
|
||
|
12A1000
|
heap
|
page read and write
|
||
|
90C000
|
heap
|
page read and write
|
||
|
CF2000
|
stack
|
page read and write
|
||
|
DA5000
|
heap
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
1B7DE000
|
stack
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
1260000
|
heap
|
page execute and read and write
|
||
|
9A1000
|
heap
|
page read and write
|
||
|
5350000
|
trusted library allocation
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
7FFD9B9CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B98D000
|
trusted library allocation
|
page execute and read and write
|
||
|
8EE000
|
heap
|
page read and write
|
||
|
53C0000
|
trusted library allocation
|
page read and write
|
||
|
1F7CC580000
|
heap
|
page read and write
|
||
|
301E000
|
stack
|
page read and write
|
||
|
E30000
|
trusted library allocation
|
page execute and read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
1775000
|
heap
|
page read and write
|
||
|
12C05000
|
trusted library allocation
|
page read and write
|
||
|
2DCF000
|
trusted library allocation
|
page read and write
|
||
|
5076000
|
trusted library allocation
|
page read and write
|
||
|
1B4DE000
|
stack
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
2680000
|
stack
|
page read and write
|
||
|
1B4E4000
|
heap
|
page read and write
|
||
|
1F7CC6C0000
|
heap
|
page read and write
|
||
|
7FFD9BB40000
|
trusted library allocation
|
page read and write
|
||
|
125C000
|
heap
|
page read and write
|
||
|
1BC1F000
|
stack
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
7FFD9B99D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BACE000
|
stack
|
page read and write
|
||
|
2DDE000
|
trusted library allocation
|
page read and write
|
||
|
1470000
|
heap
|
page read and write
|
||
|
F41000
|
heap
|
page read and write
|
||
|
E6C000
|
heap
|
page read and write
|
||
|
50B1000
|
trusted library allocation
|
page read and write
|
||
|
1250000
|
heap
|
page read and write
|
||
|
2870000
|
trusted library allocation
|
page read and write
|
||
|
26A1000
|
trusted library allocation
|
page read and write
|
||
|
126A5000
|
trusted library allocation
|
page read and write
|
||
|
50D0000
|
heap
|
page execute and read and write
|
||
|
1460000
|
heap
|
page execute and read and write
|
||
|
1210000
|
trusted library allocation
|
page read and write
|
||
|
282E000
|
stack
|
page read and write
|
||
|
E38000
|
heap
|
page read and write
|
||
|
7FFD9B9FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
6F1000
|
stack
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
1236000
|
heap
|
page read and write
|
||
|
27BB000
|
trusted library allocation
|
page read and write
|
||
|
278C000
|
trusted library allocation
|
page read and write
|
||
|
234E000
|
stack
|
page read and write
|
||
|
7FFD9BA90000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F7CC6C5000
|
heap
|
page read and write
|
||
|
12EB000
|
heap
|
page read and write
|
||
|
B1E000
|
stack
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
10B0000
|
trusted library allocation
|
page read and write
|
||
|
52F0000
|
trusted library allocation
|
page read and write
|
||
|
53E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B999000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB50000
|
trusted library allocation
|
page read and write
|
||
|
286D000
|
stack
|
page read and write
|
||
|
2A9C000
|
trusted library allocation
|
page read and write
|
||
|
5340000
|
trusted library allocation
|
page read and write
|
||
|
29F0000
|
heap
|
page execute and read and write
|
||
|
2751000
|
trusted library allocation
|
page read and write
|
||
|
C3E000
|
stack
|
page read and write
|
||
|
1B610000
|
heap
|
page read and write
|
||
|
7FFD9BA76000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B18D000
|
stack
|
page read and write
|
||
|
C50000
|
heap
|
page read and write
|
||
|
1377000
|
heap
|
page read and write
|
||
|
2797000
|
trusted library allocation
|
page read and write
|
||
|
1B5BD000
|
stack
|
page read and write
|
||
|
8A0000
|
trusted library allocation
|
page read and write
|
||
|
1BD6F000
|
stack
|
page read and write
|
||
|
7FFD9B992000
|
trusted library allocation
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
9C3CC7E000
|
unkown
|
page read and write
|
||
|
1B0DE000
|
stack
|
page read and write
|
||
|
1B06E000
|
stack
|
page read and write
|
||
|
9F5000
|
heap
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
5071000
|
trusted library allocation
|
page read and write
|
||
|
E58000
|
heap
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
1BE6E000
|
stack
|
page read and write
|
||
|
841000
|
heap
|
page read and write
|
||
|
53F0000
|
trusted library allocation
|
page read and write
|
||
|
2560000
|
heap
|
page execute and read and write
|
||
|
E58000
|
heap
|
page read and write
|
||
|
1B32E000
|
stack
|
page read and write
|
||
|
2590000
|
heap
|
page execute and read and write
|
||
|
7FFD9BB30000
|
trusted library allocation
|
page read and write
|
||
|
1270000
|
heap
|
page read and write
|
||
|
12DC000
|
heap
|
page read and write
|
||
|
8FE000
|
heap
|
page read and write
|
||
|
266E000
|
stack
|
page read and write
|
||
|
2740000
|
heap
|
page execute and read and write
|
||
|
7FFD9B984000
|
trusted library allocation
|
page read and write
|
||
|
15EE000
|
stack
|
page read and write
|
||
|
27AE000
|
trusted library allocation
|
page read and write
|
There are 597 hidden memdumps, click here to show them.