Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\nika.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\aKuf.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\c1ec479e5342a2\cred64.dll
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with no line terminators
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
C:\Users\user\Desktop\file.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe
|
C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe
|
|
|
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
|
C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
|
|
|
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
|
"C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe"
/F
|
|
|
|
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
|
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main
|
|
|
|
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
|
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
|
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
|
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76"
/P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /S /D /c" echo Y"
|
||
|
C:\Windows\SysWOW64\cacls.exe
|
CACLS "mnolyk.exe" /P "user:N"
|
||
|
C:\Windows\SysWOW64\cacls.exe
|
CACLS "mnolyk.exe" /P "user:R" /E
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /S /D /c" echo Y"
|
||
|
C:\Windows\SysWOW64\cacls.exe
|
CACLS "..\4b9a106e76" /P "user:N"
|
||
|
C:\Windows\SysWOW64\cacls.exe
|
CACLS "..\4b9a106e76" /P "user:R" /E
|
There are 13 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://62.204.41.4/Gol478Ns/Plugins/cred64.dll
|
62.204.41.4
|
|
|
|
http://62.204.41.4/Gol478Ns/Plugins/clip64.dll
|
62.204.41.4
|
|
|
|
62.204.41.4/Gol478Ns/index.php
|
|
||
|
http://62.204.41.4/Gol478Ns/index.php
|
62.204.41.4
|
|
|
|
http://62.204.41.4/Gol478Ns/index.phpoft
|
unknown
|
||
|
http://62.204.41.4/Gol478Ns/index.phprundll32.exe=
|
unknown
|
||
|
http://62.204.41.4/Gol478Ns/index.phpd
|
unknown
|
||
|
http://62.204.41.4/Gol478Ns/Plugins/cred64.dlli;
|
unknown
|
||
|
http://62.204.41.4/Gol478Ns/index.phpa
|
unknown
|
||
|
http://62.204.41.4/Gol478Ns/index.phpm32
|
unknown
|
||
|
http://62.204.41.4/Gol478Ns/index.phpn
|
unknown
|
||
|
http://62.204.41.4/Gol478Ns/index.phpi
|
unknown
|
||
|
http://62.204.41.4/Gol478Ns/index.phpion
|
unknown
|
||
|
http://62.204.41.4/Gol478Ns/index.php5342a2
|
unknown
|
||
|
http://62.204.41.4/Gol478Ns/index.phps
|
unknown
|
||
|
http://62.204.41.4/Gol478Ns/index.php4
|
unknown
|
||
|
http://62.204.41.4/Gol478Ns/index.phpp
|
unknown
|
||
|
http://62.204.41.4/Gol478Ns/index.php(l
|
unknown
|
||
|
http://62.204.41.4/Gol478Ns/Plugins/clip64.dll2;
|
unknown
|
||
|
http://62.204.41.4/Gol478Ns/index.php8
|
unknown
|
||
|
http://62.204.41.4/Gol478Ns/index.phpC
|
unknown
|
||
|
http://62.204.41.4/Gol478Ns/Plugins/cred64.dlls
|
unknown
|
||
|
http://62.204.41.4/Gol478Ns/Plugins/cred64.dll(;
|
unknown
|
||
|
http://62.204.41.4/Gol478Ns/index.php9e5342a2
|
unknown
|
||
|
http://62.204.41.4/Gol478Ns/index.phpH
|
unknown
|
||
|
http://62.204.41.4/Gol478Ns/index.phprundll32.exel
|
unknown
|
||
|
http://62.204.41.4/Gol478Ns/index.phpa106e76
|
unknown
|
||
|
http://62.204.41.4/Gol478Ns/index.phpZI
|
unknown
|
||
|
http://62.204.41.4/Gol478Ns/index.phpix
|
unknown
|
||
|
http://62.204.41.4/Gol478Ns/index.phpQ
|
unknown
|
||
|
http://62.204.41.4/Gol478Ns/index.phprundll32.exe#
|
unknown
|
||
|
http://62.204.41.4/Gol478Ns/index.phpR
|
unknown
|
There are 22 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
62.204.41.4
|
unknown
|
United Kingdom
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
|
Startup
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce
|
wextract_cleanup0
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce
|
wextract_cleanup1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features
|
TamperProtection
|
There are 3 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
AD1000
|
unkown
|
page execute read
|
|
|
|
AD1000
|
unkown
|
page execute read
|
|
|
|
AD1000
|
unkown
|
page execute read
|
|
|
|
AD1000
|
unkown
|
page execute read
|
|
|
|
AD1000
|
unkown
|
page execute read
|
|
|
|
5B0000
|
direct allocation
|
page read and write
|
|
|
|
AD1000
|
unkown
|
page execute read
|
|
|
|
AD1000
|
unkown
|
page execute read
|
|
|
|
4AE7000
|
heap
|
page read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
8C1000
|
unkown
|
page execute read
|
|
|
|
AD1000
|
unkown
|
page execute read
|
|
|
|
E4C000
|
heap
|
page read and write
|
|
|
|
580000
|
direct allocation
|
page execute and read and write
|
|
|
|
8C1000
|
unkown
|
page execute read
|
|
|
|
DBA000
|
heap
|
page read and write
|
|
|
|
AD1000
|
unkown
|
page execute read
|
|
|
|
E2B000
|
heap
|
page read and write
|
|
|
|
E0C000
|
heap
|
page read and write
|
|
|
|
AD1000
|
unkown
|
page execute read
|
|
|
|
D8A000
|
heap
|
page read and write
|
||
|
AEF000
|
heap
|
page read and write
|
||
|
87A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2872000
|
trusted library allocation
|
page read and write
|
||
|
6E5000
|
heap
|
page read and write
|
||
|
30CF000
|
stack
|
page read and write
|
||
|
A11000
|
trusted library allocation
|
page read and write
|
||
|
2410000
|
trusted library allocation
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
108A000
|
unkown
|
page readonly
|
||
|
4E6000
|
unkown
|
page readonly
|
||
|
11E7000
|
heap
|
page read and write
|
||
|
2831000
|
trusted library allocation
|
page read and write
|
||
|
A18000
|
trusted library allocation
|
page read and write
|
||
|
73E000
|
stack
|
page read and write
|
||
|
2390000
|
trusted library section
|
page read and write
|
||
|
6E7D8000
|
unkown
|
page readonly
|
||
|
388D000
|
stack
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
3210000
|
heap
|
page read and write
|
||
|
8DF000
|
stack
|
page read and write
|
||
|
310E000
|
stack
|
page read and write
|
||
|
2038A2B0000
|
heap
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
288C000
|
trusted library allocation
|
page read and write
|
||
|
B08000
|
unkown
|
page read and write
|
||
|
7A000
|
unkown
|
page readonly
|
||
|
2C0000
|
heap
|
page read and write
|
||
|
32ED000
|
stack
|
page read and write
|
||
|
11B6000
|
heap
|
page read and write
|
||
|
AFE000
|
unkown
|
page readonly
|
||
|
85D000
|
trusted library allocation
|
page execute and read and write
|
||
|
27D0000
|
trusted library allocation
|
page read and write
|
||
|
295E000
|
stack
|
page read and write
|
||
|
1080000
|
unkown
|
page readonly
|
||
|
4E0000
|
unkown
|
page readonly
|
||
|
9CE000
|
stack
|
page read and write
|
||
|
AD0000
|
unkown
|
page readonly
|
||
|
8C0000
|
trusted library section
|
page read and write
|
||
|
7DC000
|
stack
|
page read and write
|
||
|
D5C000
|
stack
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
A10000
|
trusted library allocation
|
page read and write
|
||
|
324E000
|
stack
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
CF6000
|
heap
|
page read and write
|
||
|
F6D000
|
stack
|
page read and write
|
||
|
854000
|
trusted library allocation
|
page read and write
|
||
|
C1B000
|
stack
|
page read and write
|
||
|
853000
|
trusted library allocation
|
page execute and read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
4E0000
|
unkown
|
page readonly
|
||
|
14DE000
|
stack
|
page read and write
|
||
|
AC3000
|
heap
|
page read and write
|
||
|
2850000
|
trusted library allocation
|
page read and write
|
||
|
D1E000
|
stack
|
page read and write
|
||
|
2DF8000
|
heap
|
page read and write
|
||
|
2880000
|
trusted library allocation
|
page read and write
|
||
|
550F000
|
stack
|
page read and write
|
||
|
8EE000
|
unkown
|
page readonly
|
||
|
2EFE000
|
stack
|
page read and write
|
||
|
CEE000
|
stack
|
page read and write
|
||
|
AD0000
|
unkown
|
page readonly
|
||
|
A10000
|
trusted library allocation
|
page read and write
|
||
|
288E000
|
trusted library allocation
|
page read and write
|
||
|
2038A400000
|
heap
|
page read and write
|
||
|
71000
|
unkown
|
page execute read
|
||
|
127D3000
|
trusted library allocation
|
page read and write
|
||
|
2E8E000
|
stack
|
page read and write
|
||
|
860000
|
trusted library allocation
|
page read and write
|
||
|
9F0000
|
trusted library allocation
|
page read and write
|
||
|
A8E000
|
stack
|
page read and write
|
||
|
37F5000
|
trusted library allocation
|
page read and write
|
||
|
398C000
|
stack
|
page read and write
|
||
|
A10000
|
trusted library allocation
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
4C60000
|
trusted library allocation
|
page read and write
|
||
|
3380000
|
heap
|
page read and write
|
||
|
31ED000
|
stack
|
page read and write
|
||
|
9CE000
|
stack
|
page read and write
|
||
|
1AC3D000
|
stack
|
page read and write
|
||
|
C46000
|
heap
|
page read and write
|
||
|
284C000
|
trusted library allocation
|
page read and write
|
||
|
A8C000
|
heap
|
page read and write
|
||
|
6A8000
|
heap
|
page read and write
|
||
|
41168DC000
|
stack
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
2038A0B0000
|
heap
|
page read and write
|
||
|
AC5000
|
heap
|
page read and write
|
||
|
244F000
|
stack
|
page read and write
|
||
|
676000
|
heap
|
page execute and read and write
|
||
|
B08000
|
unkown
|
page write copy
|
||
|
13DF000
|
stack
|
page read and write
|
||
|
23D0000
|
trusted library allocation
|
page read and write
|
||
|
2DE8000
|
heap
|
page read and write
|
||
|
AB3000
|
heap
|
page read and write
|
||
|
2FCD000
|
stack
|
page read and write
|
||
|
7FF9A5C3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
4C90000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5C32000
|
trusted library allocation
|
page read and write
|
||
|
A10000
|
trusted library allocation
|
page read and write
|
||
|
2780000
|
trusted library allocation
|
page read and write
|
||
|
5DC000
|
stack
|
page read and write
|
||
|
4A4A000
|
heap
|
page read and write
|
||
|
2430000
|
trusted library allocation
|
page read and write
|
||
|
89E000
|
stack
|
page read and write
|
||
|
5FE000
|
stack
|
page read and write
|
||
|
27C0000
|
trusted library allocation
|
page read and write
|
||
|
A40000
|
trusted library allocation
|
page read and write
|
||
|
B0D000
|
unkown
|
page readonly
|
||
|
1FBB7940000
|
heap
|
page read and write
|
||
|
1088000
|
unkown
|
page read and write
|
||
|
B0D000
|
unkown
|
page readonly
|
||
|
890000
|
heap
|
page read and write
|
||
|
2895000
|
trusted library allocation
|
page read and write
|
||
|
A20000
|
trusted library allocation
|
page read and write
|
||
|
CF9000
|
stack
|
page read and write
|
||
|
FA8000
|
heap
|
page read and write
|
||
|
2790000
|
trusted library allocation
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
2450000
|
trusted library allocation
|
page read and write
|
||
|
AD0000
|
unkown
|
page readonly
|
||
|
AD0000
|
unkown
|
page readonly
|
||
|
7FF9A5C40000
|
trusted library allocation
|
page read and write
|
||
|
C9E000
|
stack
|
page read and write
|
||
|
5AD000
|
stack
|
page read and write
|
||
|
887000
|
trusted library allocation
|
page execute and read and write
|
||
|
46BE000
|
stack
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
10E0000
|
heap
|
page read and write
|
||
|
A20000
|
trusted library allocation
|
page read and write
|
||
|
C7E000
|
stack
|
page read and write
|
||
|
2848000
|
trusted library allocation
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
4CD0000
|
trusted library allocation
|
page read and write
|
||
|
8F8000
|
unkown
|
page write copy
|
||
|
6E2A97F000
|
stack
|
page read and write
|
||
|
5CD000
|
stack
|
page read and write
|
||
|
320F000
|
stack
|
page read and write
|
||
|
D98000
|
heap
|
page read and write
|
||
|
6FB000
|
stack
|
page read and write
|
||
|
41169DF000
|
stack
|
page read and write
|
||
|
1FBB7660000
|
heap
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
2110000
|
heap
|
page read and write
|
||
|
A10000
|
trusted library allocation
|
page read and write
|
||
|
A10000
|
trusted library allocation
|
page read and write
|
||
|
1B110000
|
heap
|
page execute and read and write
|
||
|
7FF9A5C24000
|
trusted library allocation
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
B0D000
|
unkown
|
page readonly
|
||
|
A0E000
|
stack
|
page read and write
|
||
|
AFE000
|
unkown
|
page readonly
|
||
|
A40000
|
heap
|
page read and write
|
||
|
C1E000
|
stack
|
page read and write
|
||
|
6E7C1000
|
unkown
|
page execute read
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
2E2F000
|
stack
|
page read and write
|
||
|
A10000
|
trusted library allocation
|
page read and write
|
||
|
AFE000
|
unkown
|
page readonly
|
||
|
2270000
|
heap
|
page read and write
|
||
|
B08000
|
unkown
|
page read and write
|
||
|
7FF9A5D40000
|
trusted library allocation
|
page execute and read and write
|
||
|
320000
|
heap
|
page read and write
|
||
|
AF5000
|
heap
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
C1F000
|
stack
|
page read and write
|
||
|
83C000
|
stack
|
page read and write
|
||
|
2837000
|
trusted library allocation
|
page read and write
|
||
|
108C000
|
unkown
|
page readonly
|
||
|
2855000
|
trusted library allocation
|
page read and write
|
||
|
439000
|
unkown
|
page read and write
|
||
|
48EE000
|
stack
|
page read and write
|
||
|
3298000
|
heap
|
page read and write
|
||
|
A11000
|
trusted library allocation
|
page read and write
|
||
|
2140000
|
trusted library allocation
|
page read and write
|
||
|
9C4000
|
heap
|
page read and write
|
||
|
8B0000
|
trusted library allocation
|
page read and write
|
||
|
323F000
|
stack
|
page read and write
|
||
|
567000
|
unkown
|
page readonly
|
||
|
127D7000
|
trusted library allocation
|
page read and write
|
||
|
A12000
|
trusted library allocation
|
page read and write
|
||
|
7A000
|
unkown
|
page readonly
|
||
|
34CE000
|
stack
|
page read and write
|
||
|
197000
|
stack
|
page read and write
|
||
|
285F000
|
trusted library allocation
|
page read and write
|
||
|
372E000
|
stack
|
page read and write
|
||
|
7FF9A5C30000
|
trusted library allocation
|
page read and write
|
||
|
E5F000
|
heap
|
page read and write
|
||
|
7FF9A5DC2000
|
trusted library allocation
|
page read and write
|
||
|
20CE000
|
stack
|
page read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
CCC000
|
stack
|
page read and write
|
||
|
2038A0EE000
|
heap
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
417000
|
unkown
|
page execute read
|
||
|
2F3F000
|
stack
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
A10000
|
trusted library allocation
|
page read and write
|
||
|
2CCE000
|
stack
|
page read and write
|
||
|
2130000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF9A5CE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
AFE000
|
unkown
|
page readonly
|
||
|
282F000
|
trusted library allocation
|
page read and write
|
||
|
23B0000
|
trusted library allocation
|
page read and write
|
||
|
2867000
|
trusted library allocation
|
page read and write
|
||
|
98F000
|
stack
|
page read and write
|
||
|
2460000
|
heap
|
page read and write
|
||
|
266F000
|
stack
|
page read and write
|
||
|
E2E000
|
stack
|
page read and write
|
||
|
A20000
|
trusted library allocation
|
page read and write
|
||
|
77E000
|
stack
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
DD5000
|
heap
|
page read and write
|
||
|
850000
|
trusted library allocation
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
21B0000
|
trusted library allocation
|
page read and write
|
||
|
DFB000
|
stack
|
page read and write
|
||
|
727000
|
heap
|
page read and write
|
||
|
35CC000
|
stack
|
page read and write
|
||
|
A94000
|
heap
|
page read and write
|
||
|
6EB000
|
heap
|
page read and write
|
||
|
AFE000
|
unkown
|
page readonly
|
||
|
4A61000
|
heap
|
page read and write
|
||
|
7FF9A5C23000
|
trusted library allocation
|
page execute and read and write
|
||
|
27D1000
|
trusted library allocation
|
page read and write
|
||
|
3CE000
|
stack
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
2884000
|
trusted library allocation
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
21C0000
|
heap
|
page read and write
|
||
|
AFE000
|
unkown
|
page readonly
|
||
|
27F1000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5C2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6E5000
|
heap
|
page read and write
|
||
|
A75000
|
heap
|
page read and write
|
||
|
338E000
|
stack
|
page read and write
|
||
|
2835000
|
trusted library allocation
|
page read and write
|
||
|
2280000
|
heap
|
page read and write
|
||
|
113D000
|
stack
|
page read and write
|
||
|
1FBB7945000
|
heap
|
page read and write
|
||
|
897000
|
heap
|
page read and write
|
||
|
C3E000
|
stack
|
page read and write
|
||
|
11AE000
|
stack
|
page read and write
|
||
|
4C69000
|
trusted library allocation
|
page read and write
|
||
|
A12000
|
trusted library allocation
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
85E000
|
stack
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
2888000
|
trusted library allocation
|
page read and write
|
||
|
1150000
|
heap
|
page read and write
|
||
|
B08000
|
unkown
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
AD0000
|
unkown
|
page readonly
|
||
|
2882000
|
trusted library allocation
|
page read and write
|
||
|
AD0000
|
unkown
|
page readonly
|
||
|
605000
|
heap
|
page read and write
|
||
|
2846000
|
trusted library allocation
|
page read and write
|
||
|
D35000
|
heap
|
page read and write
|
||
|
7C000
|
unkown
|
page readonly
|
||
|
540F000
|
stack
|
page read and write
|
||
|
AD0000
|
unkown
|
page readonly
|
||
|
1088000
|
unkown
|
page write copy
|
||
|
2DE7000
|
heap
|
page read and write
|
||
|
70000
|
unkown
|
page readonly
|
||
|
A10000
|
trusted library allocation
|
page read and write
|
||
|
4D30000
|
trusted library allocation
|
page read and write
|
||
|
3819000
|
trusted library allocation
|
page read and write
|
||
|
41A000
|
unkown
|
page write copy
|
||
|
108A000
|
unkown
|
page readonly
|
||
|
9D0000
|
trusted library allocation
|
page read and write
|
||
|
4C40000
|
trusted library allocation
|
page read and write
|
||
|
B0D000
|
unkown
|
page readonly
|
||
|
1FBB7680000
|
heap
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
DA5000
|
heap
|
page read and write
|
||
|
2DE5000
|
heap
|
page read and write
|
||
|
AD0000
|
unkown
|
page readonly
|
||
|
6E2A87C000
|
stack
|
page read and write
|
||
|
299B000
|
stack
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
127D9000
|
trusted library allocation
|
page read and write
|
||
|
7FF4B1BD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F8F000
|
stack
|
page read and write
|
||
|
F7A000
|
heap
|
page read and write
|
||
|
6E7C0000
|
unkown
|
page readonly
|
||
|
27E0000
|
heap
|
page read and write
|
||
|
2861000
|
trusted library allocation
|
page read and write
|
||
|
282B000
|
trusted library allocation
|
page read and write
|
||
|
30AE000
|
stack
|
page read and write
|
||
|
D6E000
|
stack
|
page read and write
|
||
|
B08000
|
unkown
|
page read and write
|
||
|
65A000
|
heap
|
page read and write
|
||
|
286B000
|
trusted library allocation
|
page read and write
|
||
|
4C30000
|
heap
|
page read and write
|
||
|
42F000
|
unkown
|
page execute and read and write
|
||
|
23F0000
|
trusted library allocation
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
210E000
|
stack
|
page read and write
|
||
|
28F0000
|
heap
|
page read and write
|
||
|
ECF000
|
stack
|
page read and write
|
||
|
DEE000
|
stack
|
page read and write
|
||
|
B0D000
|
unkown
|
page readonly
|
||
|
94E000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
4D10000
|
trusted library allocation
|
page read and write
|
||
|
564000
|
unkown
|
page read and write
|
||
|
89E000
|
stack
|
page read and write
|
||
|
8FD000
|
unkown
|
page readonly
|
||
|
6BD000
|
heap
|
page read and write
|
||
|
AFE000
|
unkown
|
page readonly
|
||
|
2038A040000
|
heap
|
page read and write
|
||
|
2770000
|
trusted library allocation
|
page read and write
|
||
|
DB8000
|
heap
|
page read and write
|
||
|
7FF9A5C7C000
|
trusted library allocation
|
page execute and read and write
|
||
|
B0D000
|
unkown
|
page readonly
|
||
|
DB8000
|
heap
|
page read and write
|
||
|
B0D000
|
unkown
|
page readonly
|
||
|
2821000
|
trusted library allocation
|
page read and write
|
||
|
DFA000
|
heap
|
page read and write
|
||
|
23C0000
|
trusted library allocation
|
page read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
46FE000
|
stack
|
page read and write
|
||
|
264E000
|
stack
|
page read and write
|
||
|
8C0000
|
unkown
|
page readonly
|
||
|
119E000
|
stack
|
page read and write
|
||
|
276F000
|
stack
|
page read and write
|
||
|
2038A0E0000
|
heap
|
page read and write
|
||
|
2F2E000
|
stack
|
page read and write
|
||
|
4C4A000
|
heap
|
page read and write
|
||
|
32A4000
|
heap
|
page read and write
|
||
|
2660000
|
heap
|
page read and write
|
||
|
4CA0000
|
trusted library allocation
|
page read and write
|
||
|
B08000
|
unkown
|
page write copy
|
||
|
338A000
|
heap
|
page read and write
|
||
|
567000
|
unkown
|
page readonly
|
||
|
64E000
|
stack
|
page read and write
|
||
|
A50000
|
trusted library allocation
|
page read and write
|
||
|
AB6000
|
heap
|
page read and write
|
||
|
2869000
|
trusted library allocation
|
page read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
116F000
|
stack
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
8EE000
|
unkown
|
page readonly
|
||
|
78000
|
unkown
|
page read and write
|
||
|
863000
|
trusted library allocation
|
page read and write
|
||
|
2B8C000
|
stack
|
page read and write
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
2DF8000
|
heap
|
page read and write
|
||
|
288A000
|
trusted library allocation
|
page read and write
|
||
|
21A4000
|
trusted library allocation
|
page read and write
|
||
|
1FBB76AB000
|
heap
|
page read and write
|
||
|
FD5000
|
heap
|
page read and write
|
||
|
E6A000
|
heap
|
page read and write
|
||
|
2829000
|
trusted library allocation
|
page read and write
|
||
|
4E00000
|
heap
|
page execute and read and write
|
||
|
4E2000
|
unkown
|
page readonly
|
||
|
FE4000
|
heap
|
page read and write
|
||
|
2852000
|
trusted library allocation
|
page read and write
|
||
|
10B0000
|
heap
|
page read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
E09000
|
heap
|
page read and write
|
||
|
6D2000
|
heap
|
page read and write
|
||
|
4D20000
|
trusted library allocation
|
page read and write
|
||
|
108C000
|
unkown
|
page readonly
|
||
|
6FB000
|
stack
|
page read and write
|
||
|
7C000
|
unkown
|
page readonly
|
||
|
1140000
|
heap
|
page read and write
|
||
|
254F000
|
stack
|
page read and write
|
||
|
2E40000
|
heap
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
D1D000
|
stack
|
page read and write
|
||
|
8F8000
|
unkown
|
page read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
426000
|
unkown
|
page execute and read and write
|
||
|
AFE000
|
unkown
|
page readonly
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
AFE000
|
unkown
|
page readonly
|
||
|
6D2000
|
heap
|
page read and write
|
||
|
6E7D6000
|
unkown
|
page read and write
|
||
|
DCB000
|
stack
|
page read and write
|
||
|
2170000
|
trusted library allocation
|
page read and write
|
||
|
A9C000
|
stack
|
page read and write
|
||
|
B0D000
|
unkown
|
page readonly
|
||
|
A4E000
|
stack
|
page read and write
|
||
|
240E000
|
stack
|
page read and write
|
||
|
1081000
|
unkown
|
page execute read
|
||
|
F2F000
|
stack
|
page read and write
|
||
|
E65000
|
heap
|
page read and write
|
||
|
8DC000
|
stack
|
page read and write
|
||
|
7FF9A5C4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
A10000
|
trusted library allocation
|
page read and write
|
||
|
F3E000
|
stack
|
page read and write
|
||
|
31B0000
|
heap
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
CB6000
|
heap
|
page read and write
|
||
|
32D000
|
stack
|
page read and write
|
||
|
A10000
|
trusted library allocation
|
page read and write
|
||
|
840000
|
trusted library allocation
|
page read and write
|
||
|
70000
|
unkown
|
page readonly
|
||
|
286F000
|
trusted library allocation
|
page read and write
|
||
|
4C70000
|
trusted library allocation
|
page read and write
|
||
|
4CC0000
|
trusted library allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
112E000
|
stack
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
4C30000
|
trusted library allocation
|
page read and write
|
||
|
2859000
|
trusted library allocation
|
page read and write
|
||
|
1080000
|
unkown
|
page readonly
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
DBC000
|
stack
|
page read and write
|
||
|
97C000
|
stack
|
page read and write
|
||
|
23F9000
|
trusted library allocation
|
page read and write
|
||
|
4D05000
|
trusted library allocation
|
page read and write
|
||
|
A10000
|
trusted library allocation
|
page read and write
|
||
|
27B0000
|
trusted library allocation
|
page read and write
|
||
|
AC8000
|
heap
|
page read and write
|
||
|
4CB0000
|
trusted library allocation
|
page read and write
|
||
|
2440000
|
trusted library allocation
|
page read and write
|
||
|
ABF000
|
stack
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
BBE000
|
stack
|
page read and write
|
||
|
7A000
|
unkown
|
page readonly
|
||
|
1FBB76A7000
|
heap
|
page read and write
|
||
|
348F000
|
stack
|
page read and write
|
||
|
38C000
|
stack
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
1FBB76A0000
|
heap
|
page read and write
|
||
|
C90000
|
heap
|
page read and write
|
||
|
B08000
|
unkown
|
page write copy
|
||
|
A01000
|
trusted library allocation
|
page read and write
|
||
|
DA8000
|
heap
|
page read and write
|
||
|
7C000
|
unkown
|
page readonly
|
||
|
8C0000
|
unkown
|
page readonly
|
||
|
600000
|
heap
|
page read and write
|
||
|
2833000
|
trusted library allocation
|
page read and write
|
||
|
C1D000
|
stack
|
page read and write
|
||
|
696000
|
heap
|
page read and write
|
||
|
9D7000
|
heap
|
page read and write
|
||
|
1FBB7520000
|
heap
|
page read and write
|
||
|
281C000
|
trusted library allocation
|
page read and write
|
||
|
AD0000
|
unkown
|
page readonly
|
||
|
2DC0000
|
heap
|
page read and write
|
||
|
78000
|
unkown
|
page write copy
|
||
|
2D20000
|
heap
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
AFE000
|
unkown
|
page readonly
|
||
|
560000
|
heap
|
page read and write
|
||
|
31AE000
|
stack
|
page read and write
|
||
|
430000
|
unkown
|
page write copy
|
||
|
4D40000
|
trusted library allocation
|
page read and write
|
||
|
D5E000
|
stack
|
page read and write
|
||
|
8F5000
|
stack
|
page read and write
|
||
|
4CE7000
|
heap
|
page read and write
|
||
|
3290000
|
heap
|
page read and write
|
||
|
244E000
|
stack
|
page read and write
|
||
|
2D0E000
|
stack
|
page read and write
|
||
|
2400000
|
trusted library allocation
|
page read and write
|
||
|
71000
|
unkown
|
page execute read
|
||
|
2160000
|
heap
|
page read and write
|
||
|
382F000
|
stack
|
page read and write
|
||
|
B08000
|
unkown
|
page write copy
|
||
|
D50000
|
heap
|
page read and write
|
||
|
7FF9A5D06000
|
trusted library allocation
|
page execute and read and write
|
||
|
1081000
|
unkown
|
page execute read
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
2865000
|
trusted library allocation
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
A20000
|
trusted library allocation
|
page read and write
|
||
|
A8A000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
2886000
|
trusted library allocation
|
page read and write
|
||
|
2150000
|
heap
|
page execute and read and write
|
||
|
A88000
|
heap
|
page read and write
|
||
|
295D000
|
stack
|
page read and write
|
||
|
B0D000
|
unkown
|
page readonly
|
||
|
2420000
|
trusted library allocation
|
page read and write
|
||
|
E3E000
|
stack
|
page read and write
|
||
|
23E0000
|
trusted library allocation
|
page read and write
|
||
|
B0D000
|
unkown
|
page readonly
|
||
|
8FB000
|
stack
|
page read and write
|
||
|
A04000
|
trusted library allocation
|
page read and write
|
||
|
4A87000
|
heap
|
page read and write
|
||
|
6E7CF000
|
unkown
|
page readonly
|
||
|
282D000
|
trusted library allocation
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
21B6000
|
trusted library allocation
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
4C80000
|
trusted library allocation
|
page read and write
|
||
|
97E000
|
stack
|
page read and write
|
||
|
C50000
|
heap
|
page read and write
|
||
|
AD0000
|
unkown
|
page readonly
|
||
|
334F000
|
stack
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
A5D000
|
stack
|
page read and write
|
||
|
7FF9A5CD0000
|
trusted library allocation
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
284A000
|
trusted library allocation
|
page read and write
|
||
|
A20000
|
trusted library allocation
|
page read and write
|
||
|
37F1000
|
trusted library allocation
|
page read and write
|
||
|
411695E000
|
stack
|
page read and write
|
||
|
877000
|
trusted library allocation
|
page execute and read and write
|
||
|
27A0000
|
trusted library allocation
|
page read and write
|
||
|
2038A3F0000
|
heap
|
page read and write
|
||
|
2390000
|
trusted library allocation
|
page read and write
|
||
|
B08000
|
unkown
|
page read and write
|
||
|
C60000
|
heap
|
page read and write
|
||
|
21B4000
|
trusted library allocation
|
page read and write
|
||
|
88B000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C50000
|
trusted library allocation
|
page read and write
|
||
|
A30000
|
trusted library allocation
|
page read and write
|
||
|
256F000
|
stack
|
page read and write
|
||
|
1FBB9070000
|
heap
|
page read and write
|
||
|
284E000
|
trusted library allocation
|
page read and write
|
||
|
A30000
|
trusted library allocation
|
page read and write
|
||
|
2863000
|
trusted library allocation
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
2380000
|
trusted library allocation
|
page read and write
|
||
|
5EC000
|
stack
|
page read and write
|
||
|
2038A405000
|
heap
|
page read and write
|
||
|
23D0000
|
trusted library allocation
|
page read and write
|
||
|
2DCA000
|
heap
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
27C0000
|
heap
|
page execute and read and write
|
||
|
6E2A8FF000
|
stack
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
9B8000
|
heap
|
page read and write
|
||
|
127D1000
|
trusted library allocation
|
page read and write
|
||
|
CDE000
|
stack
|
page read and write
|
||
|
D1F000
|
stack
|
page read and write
|
||
|
91B000
|
stack
|
page read and write
|
||
|
8FD000
|
unkown
|
page readonly
|
||
|
11E0000
|
heap
|
page read and write
|
||
|
B08000
|
unkown
|
page write copy
|
||
|
4D00000
|
trusted library allocation
|
page read and write
|
||
|
1240000
|
heap
|
page read and write
|
||
|
286D000
|
trusted library allocation
|
page read and write
|
There are 562 hidden memdumps, click here to show them.