Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
eW1QrimJYd.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\Microsoft\qvvfpl.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\21c8026919fd094ab07ec3c180a9f210_d06ed635-68f6-4e9a-955c-4899f5f57b9a
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\eW1QrimJYd.exe
|
"C:\Users\user\Desktop\eW1QrimJYd.exe"
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup nomoreransom.bit dns1.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup emsisoft.bit dns1.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup gandcrab.bit dns1.soprodns.ru
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\qvvfpl.exe
|
"C:\Users\user\AppData\Roaming\Microsoft\qvvfpl.exe"
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup nomoreransom.bit dns1.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup emsisoft.bit dns1.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup gandcrab.bit dns1.soprodns.ru
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\qvvfpl.exe
|
"C:\Users\user\AppData\Roaming\Microsoft\qvvfpl.exe"
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup nomoreransom.bit dns1.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup emsisoft.bit dns1.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup gandcrab.bit dns1.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup nomoreransom.bit dns1.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup emsisoft.bit dns1.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup gandcrab.bit dns1.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup nomoreransom.bit dns1.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup emsisoft.bit dns1.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup gandcrab.bit dns1.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup nomoreransom.bit dns1.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup emsisoft.bit dns1.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup gandcrab.bit dns1.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup nomoreransom.bit dns1.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup emsisoft.bit dns1.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup gandcrab.bit dns1.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup nomoreransom.bit dns1.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup emsisoft.bit dns1.soprodns.ru
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 39 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://gdcbghvjyqy7jclk.onion.casa/5432c2cfc05a5a97
|
unknown
|
|
|
|
http://gdcbghvjyqy7jclk.onion/5432c2cfc05a5a97
|
unknown
|
|
|
|
http://gdcbghvjyqy7jclk.onion.top/5432c2cfc05a5a97
|
unknown
|
|
|
|
http://gdcbghvjyqy7jclk.onion.guide/5432c2cfc05a5a97
|
unknown
|
||
|
http://ipv4bot.whatismyipaddress.com/0
|
unknown
|
||
|
https://www.torproject.org/
|
unknown
|
||
|
http://ipv4bot.whatismyipaddress.com/D
|
unknown
|
||
|
http://gdcbghvjyqy7jclk.onion.rip/5432c2cfc05a5a97
|
unknown
|
||
|
http://ipv4bot.whatismyipaddress.com/
|
unknown
|
||
|
http://gdcbghvjyqy7jclk.onion.plus/5432c2cfc05a5a97
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
emsisoft.bit
|
unknown
|
|
|
|
nomoreransom.bit
|
unknown
|
|
|
|
gandcrab.bit
|
unknown
|
|
|
|
dns1.soprodns.ru
|
unknown
|
|
|
|
ipv4bot.whatismyipaddress.com
|
unknown
|
||
|
8.8.8.8.in-addr.arpa
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
|
cfbtnelfyrp
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
D79000
|
unkown
|
page read and write
|
|
|
|
D79000
|
unkown
|
page write copy
|
|
|
|
D79000
|
unkown
|
page read and write
|
|
|
|
D79000
|
unkown
|
page write copy
|
|
|
|
A89000
|
unkown
|
page read and write
|
|
|
|
A89000
|
unkown
|
page write copy
|
|
|
|
2441000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
1EC54000000
|
heap
|
page read and write
|
||
|
241BE80E000
|
trusted library allocation
|
page read and write
|
||
|
202A2652000
|
heap
|
page read and write
|
||
|
1EC54063000
|
heap
|
page read and write
|
||
|
D84000
|
unkown
|
page readonly
|
||
|
1EC5405E000
|
heap
|
page read and write
|
||
|
860000
|
direct allocation
|
page read and write
|
||
|
202A2602000
|
heap
|
page read and write
|
||
|
740000
|
direct allocation
|
page read and write
|
||
|
241BE62D000
|
heap
|
page read and write
|
||
|
241BE830000
|
trusted library allocation
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
16C95E55000
|
heap
|
page read and write
|
||
|
9E2197F000
|
stack
|
page read and write
|
||
|
740000
|
direct allocation
|
page read and write
|
||
|
87B4B9E000
|
stack
|
page read and write
|
||
|
2A7F000
|
stack
|
page read and write
|
||
|
AEE000
|
stack
|
page read and write
|
||
|
1F50E0F0000
|
heap
|
page read and write
|
||
|
19E48194000
|
heap
|
page read and write
|
||
|
10AE000
|
stack
|
page read and write
|
||
|
1F50E213000
|
heap
|
page read and write
|
||
|
740000
|
direct allocation
|
page read and write
|
||
|
19D7C27E000
|
heap
|
page read and write
|
||
|
241B907C000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
241BE6FA000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
7F4B0FD000
|
stack
|
page read and write
|
||
|
1EC54066000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
241BA460000
|
trusted library allocation
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
918000
|
heap
|
page read and write
|
||
|
557EB0B000
|
stack
|
page read and write
|
||
|
241B9918000
|
heap
|
page read and write
|
||
|
693187E000
|
stack
|
page read and write
|
||
|
202A2460000
|
heap
|
page read and write
|
||
|
19E48002000
|
heap
|
page read and write
|
||
|
370000
|
heap
|
page read and write
|
||
|
20D94C2F000
|
heap
|
page read and write
|
||
|
557FA7F000
|
stack
|
page read and write
|
||
|
EB8000
|
heap
|
page read and write
|
||
|
19E475E0000
|
trusted library allocation
|
page read and write
|
||
|
6FC000
|
stack
|
page read and write
|
||
|
11F09FF000
|
stack
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
1EC54052000
|
heap
|
page read and write
|
||
|
241B9000000
|
heap
|
page read and write
|
||
|
19E47691000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
8DD90FD000
|
stack
|
page read and write
|
||
|
241BE960000
|
remote allocation
|
page read and write
|
||
|
1EC5408B000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
D70000
|
unkown
|
page readonly
|
||
|
2441000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
202A2590000
|
remote allocation
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
730000
|
direct allocation
|
page read and write
|
||
|
241B8FD1000
|
trusted library allocation
|
page read and write
|
||
|
241B90A1000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
1EC5405C000
|
heap
|
page read and write
|
||
|
730000
|
direct allocation
|
page read and write
|
||
|
45C000
|
stack
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
16C95E69000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
20D94A80000
|
heap
|
page read and write
|
||
|
1F50E284000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
16C965B0000
|
trusted library allocation
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
7F4AF7D000
|
stack
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
241B9093000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
19D7C200000
|
heap
|
page read and write
|
||
|
19E47652000
|
heap
|
page read and write
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
7F4AA7B000
|
stack
|
page read and write
|
||
|
3DC000
|
stack
|
page read and write
|
||
|
241B9058000
|
heap
|
page read and write
|
||
|
557F57E000
|
stack
|
page read and write
|
||
|
730000
|
direct allocation
|
page read and write
|
||
|
9E20FDB000
|
stack
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
1F50E27B000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
202A2400000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
8DD9477000
|
stack
|
page read and write
|
||
|
16C96602000
|
trusted library allocation
|
page read and write
|
||
|
D70000
|
unkown
|
page readonly
|
||
|
D71000
|
unkown
|
page execute read
|
||
|
241B9918000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
1EC53DA0000
|
heap
|
page read and write
|
||
|
19E47629000
|
heap
|
page read and write
|
||
|
19E48227000
|
heap
|
page read and write
|
||
|
19E47672000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
241BA0F0000
|
trusted library section
|
page readonly
|
||
|
2441000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
87B4A9C000
|
stack
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
20D94C3A000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
241BA0E0000
|
trusted library section
|
page readonly
|
||
|
2441000
|
heap
|
page read and write
|
||
|
19E48171000
|
heap
|
page read and write
|
||
|
8CA000
|
heap
|
page read and write
|
||
|
19E48230000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
241BE920000
|
trusted library allocation
|
page read and write
|
||
|
19E48223000
|
heap
|
page read and write
|
||
|
241B9029000
|
heap
|
page read and write
|
||
|
241BE960000
|
remote allocation
|
page read and write
|
||
|
238E000
|
stack
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
8DD937B000
|
stack
|
page read and write
|
||
|
730000
|
direct allocation
|
page read and write
|
||
|
9E21A7F000
|
stack
|
page read and write
|
||
|
1F50E26D000
|
heap
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
241B8F70000
|
trusted library section
|
page read and write
|
||
|
87B517E000
|
stack
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
19E48122000
|
heap
|
page read and write
|
||
|
241B9913000
|
heap
|
page read and write
|
||
|
19E477E5000
|
heap
|
page read and write
|
||
|
A94000
|
unkown
|
page readonly
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
241B908F000
|
heap
|
page read and write
|
||
|
19E47590000
|
heap
|
page read and write
|
||
|
241BF000000
|
heap
|
page read and write
|
||
|
202A2E02000
|
trusted library allocation
|
page read and write
|
||
|
19E47656000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
241BE700000
|
heap
|
page read and write
|
||
|
241BE960000
|
trusted library allocation
|
page read and write
|
||
|
1EC53D90000
|
heap
|
page read and write
|
||
|
19E47613000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
2DFD000
|
stack
|
page read and write
|
||
|
202A2590000
|
remote allocation
|
page read and write
|
||
|
730000
|
direct allocation
|
page execute and read and write
|
||
|
241BE820000
|
trusted library allocation
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
16C95F13000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
1F50E231000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
9E215FB000
|
stack
|
page read and write
|
||
|
19E475C0000
|
trusted library allocation
|
page read and write
|
||
|
693154B000
|
stack
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
241B9958000
|
heap
|
page read and write
|
||
|
1F50E263000
|
heap
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
19E477B9000
|
heap
|
page read and write
|
||
|
19E47687000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
241B9013000
|
heap
|
page read and write
|
||
|
D60000
|
direct allocation
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
A50000
|
direct allocation
|
page execute and read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
19E48122000
|
heap
|
page read and write
|
||
|
D50000
|
direct allocation
|
page read and write
|
||
|
557F3FF000
|
stack
|
page read and write
|
||
|
96C000
|
stack
|
page read and write
|
||
|
16C95CA0000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
A94000
|
unkown
|
page readonly
|
||
|
19D7C150000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
16C95CB0000
|
heap
|
page read and write
|
||
|
1F50E246000
|
heap
|
page read and write
|
||
|
241BA110000
|
trusted library section
|
page readonly
|
||
|
241BE6AC000
|
heap
|
page read and write
|
||
|
20D94C13000
|
heap
|
page read and write
|
||
|
19E47713000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
D82000
|
unkown
|
page write copy
|
||
|
1F50E277000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
19E48100000
|
heap
|
page read and write
|
||
|
19D7CC02000
|
trusted library allocation
|
page read and write
|
||
|
19E481BF000
|
heap
|
page read and write
|
||
|
19D7C28E000
|
heap
|
page read and write
|
||
|
241BE6A2000
|
heap
|
page read and write
|
||
|
20D94C02000
|
heap
|
page read and write
|
||
|
2443000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
870000
|
direct allocation
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
42A38FF000
|
stack
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
202A2635000
|
heap
|
page read and write
|
||
|
87B4B1E000
|
stack
|
page read and write
|
||
|
557F5FF000
|
stack
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
241B90B0000
|
heap
|
page read and write
|
||
|
92F000
|
heap
|
page read and write
|
||
|
202A23F0000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
241B9800000
|
heap
|
page read and write
|
||
|
6931BFC000
|
stack
|
page read and write
|
||
|
19E4765C000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
1EC54081000
|
heap
|
page read and write
|
||
|
D71000
|
unkown
|
page execute read
|
||
|
241B9102000
|
heap
|
page read and write
|
||
|
860000
|
trusted library allocation
|
page read and write
|
||
|
11EF000
|
stack
|
page read and write
|
||
|
1F50E240000
|
heap
|
page read and write
|
||
|
20D94C48000
|
heap
|
page read and write
|
||
|
19E47670000
|
heap
|
page read and write
|
||
|
19D7C300000
|
heap
|
page read and write
|
||
|
D71000
|
unkown
|
page execute read
|
||
|
241B909F000
|
heap
|
page read and write
|
||
|
241B9079000
|
heap
|
page read and write
|
||
|
8DD967F000
|
stack
|
page read and write
|
||
|
241B908D000
|
heap
|
page read and write
|
||
|
241B90FE000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
42A37FF000
|
stack
|
page read and write
|
||
|
1F50E249000
|
heap
|
page read and write
|
||
|
740000
|
direct allocation
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
241B9900000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
20D94C54000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
241BE6F4000
|
heap
|
page read and write
|
||
|
D84000
|
unkown
|
page readonly
|
||
|
1F50E25E000
|
heap
|
page read and write
|
||
|
1F50E26A000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
30B0000
|
direct allocation
|
page execute and read and write
|
||
|
241BA0C0000
|
trusted library section
|
page readonly
|
||
|
202A2590000
|
remote allocation
|
page read and write
|
||
|
936000
|
heap
|
page read and write
|
||
|
241B8E00000
|
heap
|
page read and write
|
||
|
20D94BD0000
|
trusted library allocation
|
page read and write
|
||
|
19E48154000
|
heap
|
page read and write
|
||
|
1EC54060000
|
heap
|
page read and write
|
||
|
16C95E5B000
|
heap
|
page read and write
|
||
|
241B9902000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
19D7C228000
|
heap
|
page read and write
|
||
|
16C95E4F000
|
heap
|
page read and write
|
||
|
BEE000
|
stack
|
page read and write
|
||
|
AAF000
|
stack
|
page read and write
|
||
|
1F50E200000
|
heap
|
page read and write
|
||
|
1F50E24E000
|
heap
|
page read and write
|
||
|
19E4762F000
|
heap
|
page read and write
|
||
|
241B9113000
|
heap
|
page read and write
|
||
|
16C95F02000
|
heap
|
page read and write
|
||
|
937000
|
heap
|
page read and write
|
||
|
1EC54802000
|
trusted library allocation
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
19E47530000
|
heap
|
page read and write
|
||
|
1EC54100000
|
heap
|
page read and write
|
||
|
19E47600000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
87B4F7E000
|
stack
|
page read and write
|
||
|
730000
|
direct allocation
|
page read and write
|
||
|
241B9815000
|
heap
|
page read and write
|
||
|
1F50E244000
|
heap
|
page read and write
|
||
|
20D94C36000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
730000
|
direct allocation
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
557F17C000
|
stack
|
page read and write
|
||
|
7F4B1FD000
|
stack
|
page read and write
|
||
|
557F07A000
|
stack
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
1EC54029000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
740000
|
direct allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
8A0000
|
direct allocation
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
8DD977E000
|
stack
|
page read and write
|
||
|
19D7C1C0000
|
heap
|
page read and write
|
||
|
241BE821000
|
trusted library allocation
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
557EF78000
|
stack
|
page read and write
|
||
|
11F08FA000
|
stack
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
1F50E23D000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
1F50E267000
|
heap
|
page read and write
|
||
|
8E5000
|
heap
|
page read and write
|
||
|
241BE930000
|
trusted library allocation
|
page read and write
|
||
|
241B8E60000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
1F50E080000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
860000
|
direct allocation
|
page read and write
|
||
|
16C95E13000
|
heap
|
page read and write
|
||
|
6931AFE000
|
stack
|
page read and write
|
||
|
20D94C46000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
16C95E7A000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
241BA100000
|
trusted library section
|
page readonly
|
||
|
6931A7B000
|
stack
|
page read and write
|
||
|
241BE63D000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
241BE940000
|
trusted library allocation
|
page read and write
|
||
|
8DD907B000
|
stack
|
page read and write
|
||
|
1EC54027000
|
heap
|
page read and write
|
||
|
241BE6E3000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
30BB000
|
direct allocation
|
page execute and read and write
|
||
|
A30000
|
direct allocation
|
page read and write
|
||
|
D70000
|
unkown
|
page readonly
|
||
|
241BE840000
|
trusted library allocation
|
page read and write
|
||
|
1F50E090000
|
heap
|
page read and write
|
||
|
42A35FD000
|
stack
|
page read and write
|
||
|
55C000
|
stack
|
page read and write
|
||
|
10EE000
|
stack
|
page read and write
|
||
|
1F50E1F0000
|
trusted library allocation
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
42A2D4B000
|
stack
|
page read and write
|
||
|
19E4763D000
|
heap
|
page read and write
|
||
|
19D7C202000
|
heap
|
page read and write
|
||
|
16C95E02000
|
heap
|
page read and write
|
||
|
87B527E000
|
stack
|
page read and write
|
||
|
241BE8D0000
|
trusted library allocation
|
page read and write
|
||
|
740000
|
direct allocation
|
page read and write
|
||
|
1EC54108000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
308F000
|
stack
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
23CE000
|
stack
|
page read and write
|
||
|
E90000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
9E219FF000
|
stack
|
page read and write
|
||
|
8BA000
|
heap
|
page read and write
|
||
|
1F50E258000
|
heap
|
page read and write
|
||
|
A81000
|
unkown
|
page execute read
|
||
|
19E48102000
|
heap
|
page read and write
|
||
|
9E213FA000
|
stack
|
page read and write
|
||
|
11F039C000
|
stack
|
page read and write
|
||
|
A50000
|
trusted library allocation
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
20D94D02000
|
heap
|
page read and write
|
||
|
1F50E22E000
|
heap
|
page read and write
|
||
|
20D94C3E000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
19E481D6000
|
heap
|
page read and write
|
||
|
890000
|
direct allocation
|
page read and write
|
||
|
20D95402000
|
trusted library allocation
|
page read and write
|
||
|
19E47644000
|
heap
|
page read and write
|
||
|
7F4ACFE000
|
stack
|
page read and write
|
||
|
D84000
|
unkown
|
page readonly
|
||
|
9E2177F000
|
stack
|
page read and write
|
||
|
D71000
|
unkown
|
page execute read
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
2BBE000
|
stack
|
page read and write
|
||
|
557F47E000
|
stack
|
page read and write
|
||
|
557F4FE000
|
stack
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
19E4778E000
|
heap
|
page read and write
|
||
|
A40000
|
direct allocation
|
page read and write
|
||
|
241BE950000
|
trusted library allocation
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
2469000
|
heap
|
page read and write
|
||
|
241BE64A000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
202A2702000
|
heap
|
page read and write
|
||
|
2E00000
|
direct allocation
|
page execute and read and write
|
||
|
8DD917E000
|
stack
|
page read and write
|
||
|
241BE800000
|
trusted library allocation
|
page read and write
|
||
|
241BE663000
|
heap
|
page read and write
|
||
|
7F4AE7E000
|
stack
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
557F37B000
|
stack
|
page read and write
|
||
|
730000
|
direct allocation
|
page read and write
|
||
|
19E481CB000
|
heap
|
page read and write
|
||
|
19E48213000
|
heap
|
page read and write
|
||
|
9E214FE000
|
stack
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
557F6FA000
|
stack
|
page read and write
|
||
|
11F0AFF000
|
stack
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
42A34FF000
|
stack
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
42A3AFE000
|
stack
|
page read and write
|
||
|
1F50E26B000
|
heap
|
page read and write
|
||
|
20D94C00000
|
heap
|
page read and write
|
||
|
19E48143000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
1EC53F00000
|
trusted library allocation
|
page read and write
|
||
|
1F50E25A000
|
heap
|
page read and write
|
||
|
19E48200000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
241B9072000
|
heap
|
page read and write
|
||
|
1F50E302000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
20D94AD0000
|
heap
|
page read and write
|
||
|
241B9802000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
19D7C23C000
|
heap
|
page read and write
|
||
|
241B8DF0000
|
heap
|
page read and write
|
||
|
19E47664000
|
heap
|
page read and write
|
||
|
241BE824000
|
trusted library allocation
|
page read and write
|
||
|
42A33FC000
|
stack
|
page read and write
|
||
|
19E481B1000
|
heap
|
page read and write
|
||
|
D70000
|
unkown
|
page readonly
|
||
|
202A2629000
|
heap
|
page read and write
|
||
|
42A36FF000
|
stack
|
page read and write
|
||
|
557F27E000
|
stack
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
241BE4E0000
|
trusted library allocation
|
page read and write
|
||
|
241BE808000
|
trusted library allocation
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
810000
|
trusted library allocation
|
page read and write
|
||
|
202A2613000
|
heap
|
page read and write
|
||
|
241BE69F000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
11F0BF9000
|
stack
|
page read and write
|
||
|
740000
|
direct allocation
|
page read and write
|
||
|
690000
|
trusted library allocation
|
page read and write
|
||
|
8DD957D000
|
stack
|
page read and write
|
||
|
42A32FF000
|
stack
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
860000
|
direct allocation
|
page read and write
|
||
|
2E4D000
|
stack
|
page read and write
|
||
|
19D7C254000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
16C95E00000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
1F50E260000
|
heap
|
page read and write
|
||
|
122E000
|
stack
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
241BE702000
|
heap
|
page read and write
|
||
|
19D7C160000
|
heap
|
page read and write
|
||
|
241BE844000
|
trusted library allocation
|
page read and write
|
||
|
20D94C29000
|
heap
|
page read and write
|
||
|
241BE910000
|
trusted library allocation
|
page read and write
|
||
|
A80000
|
unkown
|
page readonly
|
||
|
2441000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
D82000
|
unkown
|
page write copy
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
1F50E27E000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
19E47690000
|
heap
|
page read and write
|
||
|
241B903D000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
8FB000
|
heap
|
page read and write
|
||
|
241B9077000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
2CFD000
|
stack
|
page read and write
|
||
|
D84000
|
unkown
|
page readonly
|
||
|
2441000
|
heap
|
page read and write
|
||
|
1F50E259000
|
heap
|
page read and write
|
||
|
16C95E3F000
|
heap
|
page read and write
|
||
|
241B8FF3000
|
trusted library allocation
|
page read and write
|
||
|
202A263E000
|
heap
|
page read and write
|
||
|
241B8F60000
|
trusted library allocation
|
page read and write
|
||
|
19D7C313000
|
heap
|
page read and write
|
||
|
924000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
19D7C1F0000
|
trusted library allocation
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
19D7C246000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
241BE615000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
1F50E242000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
8DD927B000
|
stack
|
page read and write
|
||
|
1EC53E00000
|
heap
|
page read and write
|
||
|
19D7C266000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
1F50E262000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
132E000
|
stack
|
page read and write
|
||
|
42A317B000
|
stack
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
1EC54013000
|
heap
|
page read and write
|
||
|
241B8FF0000
|
trusted library allocation
|
page read and write
|
||
|
7F4AFFF000
|
stack
|
page read and write
|
||
|
202A2600000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
19D7C308000
|
heap
|
page read and write
|
||
|
19D7C260000
|
heap
|
page read and write
|
||
|
9E2187A000
|
stack
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
2450000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
241BE830000
|
trusted library allocation
|
page read and write
|
||
|
1F50E241000
|
heap
|
page read and write
|
||
|
241B9FE0000
|
trusted library allocation
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
241BE600000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
19E47520000
|
heap
|
page read and write
|
||
|
241BE470000
|
trusted library allocation
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
69315CD000
|
stack
|
page read and write
|
||
|
19E48202000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
241B9026000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
D3D000
|
stack
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
202A2560000
|
trusted library allocation
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
241BE960000
|
remote allocation
|
page read and write
|
||
|
1EC5403C000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
16C95E29000
|
heap
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
557F77E000
|
stack
|
page read and write
|
||
|
CFC000
|
stack
|
page read and write
|
||
|
6931EFF000
|
stack
|
page read and write
|
||
|
7F4B27E000
|
stack
|
page read and write
|
||
|
A80000
|
unkown
|
page readonly
|
||
|
7F4AD7E000
|
stack
|
page read and write
|
||
|
2F8E000
|
stack
|
page read and write
|
||
|
A81000
|
unkown
|
page execute read
|
||
|
19D7C302000
|
heap
|
page read and write
|
||
|
16C95E75000
|
heap
|
page read and write
|
||
|
1F50E23A000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
9D0000
|
trusted library allocation
|
page read and write
|
||
|
16C95D10000
|
heap
|
page read and write
|
||
|
2420000
|
direct allocation
|
page execute and read and write
|
||
|
20D94A70000
|
heap
|
page read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
6931DFF000
|
stack
|
page read and write
|
||
|
1F50E22D000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
1F50EA02000
|
trusted library allocation
|
page read and write
|
||
|
241BE6DD000
|
heap
|
page read and write
|
||
|
297F000
|
stack
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
1F50E257000
|
heap
|
page read and write
|
||
|
241BE4F0000
|
trusted library allocation
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
2F4A000
|
stack
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
693197B000
|
stack
|
page read and write
|
||
|
9E21679000
|
stack
|
page read and write
|
||
|
202A2624000
|
heap
|
page read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
241BE702000
|
heap
|
page read and write
|
||
|
1EC54102000
|
heap
|
page read and write
|
||
|
241B9126000
|
heap
|
page read and write
|
||
|
241BE800000
|
trusted library allocation
|
page read and write
|
||
|
1F50E27A000
|
heap
|
page read and write
|
||
|
1F50E245000
|
heap
|
page read and write
|
||
|
42A39FF000
|
stack
|
page read and write
|
||
|
2440000
|
heap
|
page read and write
|
||
|
87B507E000
|
stack
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
2CBF000
|
stack
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
241BE61F000
|
heap
|
page read and write
|
||
|
6931CF7000
|
stack
|
page read and write
|
||
|
1EC54113000
|
heap
|
page read and write
|
||
|
740000
|
direct allocation
|
page read and write
|
||
|
241BE460000
|
trusted library allocation
|
page read and write
|
||
|
19D7C28A000
|
heap
|
page read and write
|
||
|
19D7C213000
|
heap
|
page read and write
|
||
|
557F87A000
|
stack
|
page read and write
|
||
|
87D000
|
stack
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
241BA0D0000
|
trusted library section
|
page readonly
|
||
|
1F50E265000
|
heap
|
page read and write
|
||
|
1F50E229000
|
heap
|
page read and write
|
There are 636 hidden memdumps, click here to show them.