Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
pYHrqNhFKr.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\l64fQ59.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\niba6073.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP001.TMP\imYkV36.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP001.TMP\niba2214.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP002.TMP\f7051zI.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP002.TMP\h99af07.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\f7051zI.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\h99af07.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\pYHrqNhFKr.exe
|
C:\Users\user\Desktop\pYHrqNhFKr.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\niba6073.exe
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\niba6073.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP001.TMP\niba2214.exe
|
C:\Users\user\AppData\Local\Temp\IXP001.TMP\niba2214.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP002.TMP\f7051zI.exe
|
C:\Users\user\AppData\Local\Temp\IXP002.TMP\f7051zI.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP002.TMP\h99af07.exe
|
C:\Users\user\AppData\Local\Temp\IXP002.TMP\h99af07.exe
|
|
|
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
|
||
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
|
||
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP002.TMP\
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
193.233.20.28:4125
|
|
||
|
https://api.ip.sb/ip
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce
|
wextract_cleanup0
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce
|
wextract_cleanup1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce
|
wextract_cleanup2
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features
|
TamperProtection
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
There are 3 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4BCC000
|
heap
|
page read and write
|
|
|
|
2BF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
2E50000
|
heap
|
page execute and read and write
|
||
|
4BDF000
|
trusted library allocation
|
page read and write
|
||
|
7610000
|
trusted library allocation
|
page read and write
|
||
|
77B5000
|
trusted library allocation
|
page read and write
|
||
|
1250000
|
unkown
|
page readonly
|
||
|
902F3FD000
|
stack
|
page read and write
|
||
|
13B0000
|
heap
|
page read and write
|
||
|
1100000
|
heap
|
page read and write
|
||
|
76C0000
|
trusted library allocation
|
page read and write
|
||
|
2830000
|
heap
|
page read and write
|
||
|
265A000
|
stack
|
page read and write
|
||
|
303C000
|
heap
|
page read and write
|
||
|
4BBB000
|
trusted library allocation
|
page read and write
|
||
|
77D0000
|
trusted library allocation
|
page read and write
|
||
|
19E18402000
|
heap
|
page read and write
|
||
|
18335670000
|
heap
|
page read and write
|
||
|
2EF7000
|
heap
|
page read and write
|
||
|
877BF7B000
|
stack
|
page read and write
|
||
|
19E1843D000
|
heap
|
page read and write
|
||
|
459A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E50000
|
heap
|
page read and write
|
||
|
4B9C000
|
trusted library allocation
|
page read and write
|
||
|
494F000
|
stack
|
page read and write
|
||
|
20FC0A73000
|
heap
|
page read and write
|
||
|
1B5D5C02000
|
trusted library allocation
|
page read and write
|
||
|
4BBF000
|
trusted library allocation
|
page read and write
|
||
|
2E70000
|
heap
|
page read and write
|
||
|
1B5D5402000
|
heap
|
page read and write
|
||
|
4BC2000
|
trusted library allocation
|
page read and write
|
||
|
4BB3000
|
trusted library allocation
|
page read and write
|
||
|
2C30000
|
heap
|
page read and write
|
||
|
4670000
|
heap
|
page read and write
|
||
|
4BAF000
|
trusted library allocation
|
page read and write
|
||
|
1CB9FC13000
|
heap
|
page read and write
|
||
|
4BE5000
|
trusted library allocation
|
page read and write
|
||
|
7730000
|
trusted library allocation
|
page read and write
|
||
|
A3E000
|
stack
|
page read and write
|
||
|
4BA0000
|
trusted library allocation
|
page read and write
|
||
|
19E18424000
|
heap
|
page read and write
|
||
|
125C000
|
unkown
|
page readonly
|
||
|
2EF3000
|
heap
|
page read and write
|
||
|
10BC000
|
heap
|
page read and write
|
||
|
2C90000
|
trusted library allocation
|
page read and write
|
||
|
A65000
|
heap
|
page read and write
|
||
|
7FFC9DCD6000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C20000
|
direct allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
A21AE7F000
|
stack
|
page read and write
|
||
|
758D000
|
trusted library allocation
|
page read and write
|
||
|
20FC0A46000
|
heap
|
page read and write
|
||
|
29A0000
|
heap
|
page read and write
|
||
|
1F702AF0000
|
heap
|
page read and write
|
||
|
3004000
|
heap
|
page read and write
|
||
|
19E18400000
|
heap
|
page read and write
|
||
|
2BD6C7C000
|
stack
|
page read and write
|
||
|
78000
|
unkown
|
page write copy
|
||
|
7FFC9DBFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
20FC0940000
|
heap
|
page read and write
|
||
|
1CB9FD00000
|
heap
|
page read and write
|
||
|
2BD6CFE000
|
stack
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
29CE4075000
|
heap
|
page read and write
|
||
|
24440ACC000
|
heap
|
page read and write
|
||
|
AF8A37B000
|
stack
|
page read and write
|
||
|
7750000
|
trusted library allocation
|
page read and write
|
||
|
CA0000
|
unkown
|
page readonly
|
||
|
2E97000
|
heap
|
page execute and read and write
|
||
|
29CE4113000
|
heap
|
page read and write
|
||
|
4A40000
|
heap
|
page read and write
|
||
|
902F17C000
|
stack
|
page read and write
|
||
|
1060000
|
heap
|
page read and write
|
||
|
24440A29000
|
heap
|
page read and write
|
||
|
18335630000
|
heap
|
page read and write
|
||
|
1F702B00000
|
heap
|
page read and write
|
||
|
7700000
|
trusted library allocation
|
page read and write
|
||
|
2F0B000
|
heap
|
page read and write
|
||
|
20FC0A82000
|
heap
|
page read and write
|
||
|
1551000
|
trusted library allocation
|
page read and write
|
||
|
4B00000
|
trusted library allocation
|
page read and write
|
||
|
2C90000
|
trusted library allocation
|
page read and write
|
||
|
1CB9FBC0000
|
trusted library allocation
|
page read and write
|
||
|
10FE000
|
heap
|
page read and write
|
||
|
7FFC9DC02000
|
trusted library allocation
|
page read and write
|
||
|
20FC0A6B000
|
heap
|
page read and write
|
||
|
18335A05000
|
heap
|
page read and write
|
||
|
2E00000
|
heap
|
page read and write
|
||
|
1B5D5200000
|
heap
|
page read and write
|
||
|
1020000
|
heap
|
page read and write
|
||
|
2C7B000
|
stack
|
page read and write
|
||
|
20FC0A4D000
|
heap
|
page read and write
|
||
|
4BD6000
|
trusted library allocation
|
page read and write
|
||
|
1CB9FBF0000
|
remote allocation
|
page read and write
|
||
|
1560000
|
trusted library allocation
|
page read and write
|
||
|
795F000
|
stack
|
page read and write
|
||
|
AF89F3C000
|
stack
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
2835000
|
heap
|
page read and write
|
||
|
4B87000
|
trusted library allocation
|
page read and write
|
||
|
419E000
|
stack
|
page read and write
|
||
|
2CC0000
|
trusted library allocation
|
page read and write
|
||
|
A21B27C000
|
stack
|
page read and write
|
||
|
4590000
|
trusted library allocation
|
page read and write
|
||
|
24440A87000
|
heap
|
page read and write
|
||
|
1CBA15A0000
|
trusted library allocation
|
page read and write
|
||
|
AF8A77D000
|
stack
|
page read and write
|
||
|
272FBD00000
|
heap
|
page read and write
|
||
|
1CB9FA30000
|
heap
|
page read and write
|
||
|
1380000
|
trusted library allocation
|
page read and write
|
||
|
7A000
|
unkown
|
page readonly
|
||
|
2A05000
|
heap
|
page read and write
|
||
|
4B98000
|
trusted library allocation
|
page read and write
|
||
|
A4A000
|
heap
|
page read and write
|
||
|
482E000
|
stack
|
page read and write
|
||
|
20FC0A3D000
|
heap
|
page read and write
|
||
|
49A0000
|
heap
|
page read and write
|
||
|
19E18300000
|
heap
|
page read and write
|
||
|
1250000
|
unkown
|
page readonly
|
||
|
8A0000
|
unkown
|
page readonly
|
||
|
1B5D5500000
|
heap
|
page read and write
|
||
|
1CB9FC2A000
|
heap
|
page read and write
|
||
|
1F702AF5000
|
heap
|
page read and write
|
||
|
A21AF7C000
|
stack
|
page read and write
|
||
|
1B5D51F0000
|
heap
|
page read and write
|
||
|
4597000
|
trusted library allocation
|
page execute and read and write
|
||
|
195000
|
stack
|
page read and write
|
||
|
AF8A97E000
|
stack
|
page read and write
|
||
|
1B5D5502000
|
heap
|
page read and write
|
||
|
19E18451000
|
heap
|
page read and write
|
||
|
4870000
|
heap
|
page read and write
|
||
|
20FC0A4B000
|
heap
|
page read and write
|
||
|
902F57D000
|
stack
|
page read and write
|
||
|
45AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
707F000
|
stack
|
page read and write
|
||
|
2ED0000
|
heap
|
page read and write
|
||
|
71000
|
unkown
|
page execute read
|
||
|
4880000
|
heap
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
BACBAEC000
|
stack
|
page read and write
|
||
|
20FC0A50000
|
heap
|
page read and write
|
||
|
26487FE000
|
stack
|
page read and write
|
||
|
1B5D5440000
|
heap
|
page read and write
|
||
|
20FC0A67000
|
heap
|
page read and write
|
||
|
272FBB3B000
|
heap
|
page read and write
|
||
|
4B41000
|
trusted library allocation
|
page read and write
|
||
|
77C0000
|
trusted library allocation
|
page read and write
|
||
|
300E000
|
heap
|
page read and write
|
||
|
29CE403D000
|
heap
|
page read and write
|
||
|
2CA0000
|
trusted library allocation
|
page read and write
|
||
|
1258000
|
unkown
|
page write copy
|
||
|
47AE000
|
stack
|
page read and write
|
||
|
1560000
|
trusted library allocation
|
page read and write
|
||
|
7ADE000
|
stack
|
page read and write
|
||
|
AF8AB7F000
|
stack
|
page read and write
|
||
|
7720000
|
trusted library allocation
|
page read and write
|
||
|
77F0000
|
trusted library allocation
|
page read and write
|
||
|
264813C000
|
stack
|
page read and write
|
||
|
4720000
|
heap
|
page read and write
|
||
|
24440A13000
|
heap
|
page read and write
|
||
|
20FC0A79000
|
heap
|
page read and write
|
||
|
1104000
|
heap
|
page read and write
|
||
|
19E18310000
|
heap
|
page read and write
|
||
|
29CE4002000
|
heap
|
page read and write
|
||
|
2AE0000
|
unkown
|
page readonly
|
||
|
20FC0A7C000
|
heap
|
page read and write
|
||
|
5987E7E000
|
stack
|
page read and write
|
||
|
1CBA1602000
|
heap
|
page read and write
|
||
|
2A10000
|
heap
|
page read and write
|
||
|
7FFC9DC4C000
|
trusted library allocation
|
page execute and read and write
|
||
|
19E183A0000
|
trusted library allocation
|
page read and write
|
||
|
19E18502000
|
heap
|
page read and write
|
||
|
AF8A57C000
|
stack
|
page read and write
|
||
|
24440A3E000
|
heap
|
page read and write
|
||
|
29CE3EE0000
|
heap
|
page read and write
|
||
|
26481BE000
|
stack
|
page read and write
|
||
|
1560000
|
trusted library allocation
|
page read and write
|
||
|
20FC0A76000
|
heap
|
page read and write
|
||
|
7640000
|
trusted library allocation
|
page read and write
|
||
|
20FC0A60000
|
heap
|
page read and write
|
||
|
24440B13000
|
heap
|
page read and write
|
||
|
19E18429000
|
heap
|
page read and write
|
||
|
2DE9000
|
heap
|
page read and write
|
||
|
2C90000
|
trusted library allocation
|
page read and write
|
||
|
2EEF000
|
heap
|
page read and write
|
||
|
A21B07D000
|
stack
|
page read and write
|
||
|
4BD4000
|
trusted library allocation
|
page read and write
|
||
|
61D2F4B000
|
stack
|
page read and write
|
||
|
1CB9FC58000
|
heap
|
page read and write
|
||
|
26488FF000
|
stack
|
page read and write
|
||
|
1B5D5464000
|
heap
|
page read and write
|
||
|
1B5D5260000
|
heap
|
page read and write
|
||
|
4BA2000
|
trusted library allocation
|
page read and write
|
||
|
3011000
|
heap
|
page read and write
|
||
|
7680000
|
trusted library allocation
|
page read and write
|
||
|
4B00000
|
trusted library allocation
|
page read and write
|
||
|
7630000
|
trusted library allocation
|
page read and write
|
||
|
1562000
|
trusted library allocation
|
page read and write
|
||
|
61D377E000
|
stack
|
page read and write
|
||
|
4B20000
|
trusted library allocation
|
page read and write
|
||
|
2E63000
|
trusted library allocation
|
page execute and read and write
|
||
|
4990000
|
trusted library allocation
|
page read and write
|
||
|
4AAF000
|
stack
|
page read and write
|
||
|
430000
|
unkown
|
page write copy
|
||
|
4DCC000
|
heap
|
page read and write
|
||
|
A73000
|
heap
|
page read and write
|
||
|
3009000
|
heap
|
page read and write
|
||
|
7FFC9DD92000
|
trusted library allocation
|
page read and write
|
||
|
3009000
|
heap
|
page read and write
|
||
|
20FC0A40000
|
heap
|
page read and write
|
||
|
125C000
|
unkown
|
page readonly
|
||
|
45F0000
|
heap
|
page execute and read and write
|
||
|
183355B0000
|
heap
|
page read and write
|
||
|
29D0000
|
heap
|
page read and write
|
||
|
4B9E000
|
trusted library allocation
|
page read and write
|
||
|
7FFC9DCA0000
|
trusted library allocation
|
page read and write
|
||
|
4B81000
|
trusted library allocation
|
page read and write
|
||
|
4B7B000
|
trusted library allocation
|
page read and write
|
||
|
2CB0000
|
trusted library allocation
|
page read and write
|
||
|
77E0000
|
trusted library allocation
|
page read and write
|
||
|
4BB1000
|
trusted library allocation
|
page read and write
|
||
|
12E61000
|
trusted library allocation
|
page read and write
|
||
|
73F0000
|
trusted library allocation
|
page read and write
|
||
|
1560000
|
trusted library allocation
|
page read and write
|
||
|
2A2B000
|
heap
|
page read and write
|
||
|
29CE4013000
|
heap
|
page read and write
|
||
|
A21AD7E000
|
stack
|
page read and write
|
||
|
7A000
|
unkown
|
page readonly
|
||
|
877BE7E000
|
stack
|
page read and write
|
||
|
BACBBEF000
|
stack
|
page read and write
|
||
|
29CE3E70000
|
heap
|
page read and write
|
||
|
61D38FD000
|
stack
|
page read and write
|
||
|
6C3E000
|
stack
|
page read and write
|
||
|
4B83000
|
trusted library allocation
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
2E64000
|
trusted library allocation
|
page read and write
|
||
|
24440AC3000
|
heap
|
page read and write
|
||
|
877BD7B000
|
stack
|
page read and write
|
||
|
463E000
|
stack
|
page read and write
|
||
|
20FC0A13000
|
heap
|
page read and write
|
||
|
BACBB6F000
|
stack
|
page read and write
|
||
|
2E6D000
|
trusted library allocation
|
page execute and read and write
|
||
|
CA6000
|
unkown
|
page readonly
|
||
|
125A000
|
unkown
|
page readonly
|
||
|
29F9000
|
heap
|
page read and write
|
||
|
1251000
|
unkown
|
page execute read
|
||
|
8A1000
|
unkown
|
page execute read
|
||
|
4D6E000
|
stack
|
page read and write
|
||
|
4B30000
|
heap
|
page read and write
|
||
|
42F000
|
unkown
|
page execute and read and write
|
||
|
29CE4802000
|
trusted library allocation
|
page read and write
|
||
|
2A02000
|
heap
|
page read and write
|
||
|
7609000
|
trusted library allocation
|
page read and write
|
||
|
300D000
|
heap
|
page read and write
|
||
|
2E4E000
|
stack
|
page read and write
|
||
|
1CB9FBF0000
|
remote allocation
|
page read and write
|
||
|
26486FE000
|
stack
|
page read and write
|
||
|
4B85000
|
trusted library allocation
|
page read and write
|
||
|
75E0000
|
trusted library allocation
|
page read and write
|
||
|
4AF0000
|
trusted library allocation
|
page read and write
|
||
|
5987BBF000
|
stack
|
page read and write
|
||
|
7FFC9DBF4000
|
trusted library allocation
|
page read and write
|
||
|
61D34FF000
|
stack
|
page read and write
|
||
|
1CB9FC4B000
|
heap
|
page read and write
|
||
|
40F0000
|
heap
|
page read and write
|
||
|
2C20000
|
heap
|
page read and write
|
||
|
7C70000
|
trusted library allocation
|
page read and write
|
||
|
72B000
|
stack
|
page read and write
|
||
|
7710000
|
trusted library allocation
|
page read and write
|
||
|
902F1FE000
|
stack
|
page read and write
|
||
|
8AA000
|
unkown
|
page readonly
|
||
|
61D35FF000
|
stack
|
page read and write
|
||
|
2F0F000
|
heap
|
page read and write
|
||
|
4B7D000
|
trusted library allocation
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
29F3000
|
heap
|
page read and write
|
||
|
1560000
|
trusted library allocation
|
page read and write
|
||
|
426000
|
unkown
|
page execute and read and write
|
||
|
19E183D0000
|
remote allocation
|
page read and write
|
||
|
8A1000
|
unkown
|
page execute read
|
||
|
AF8AA7F000
|
stack
|
page read and write
|
||
|
4994000
|
trusted library allocation
|
page read and write
|
||
|
4BB9000
|
trusted library allocation
|
page read and write
|
||
|
8A8000
|
unkown
|
page write copy
|
||
|
2E61000
|
trusted library allocation
|
page read and write
|
||
|
2A2C000
|
heap
|
page read and write
|
||
|
4583000
|
trusted library allocation
|
page read and write
|
||
|
4B10000
|
heap
|
page execute and read and write
|
||
|
1B5D5513000
|
heap
|
page read and write
|
||
|
2F0B000
|
heap
|
page read and write
|
||
|
1CBA1800000
|
trusted library allocation
|
page read and write
|
||
|
272FD660000
|
heap
|
page read and write
|
||
|
12E63000
|
trusted library allocation
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
1B5D5477000
|
heap
|
page read and write
|
||
|
7FF4AD530000
|
trusted library allocation
|
page execute and read and write
|
||
|
781F000
|
stack
|
page read and write
|
||
|
1B5D5400000
|
heap
|
page read and write
|
||
|
24440AE1000
|
heap
|
page read and write
|
||
|
1561000
|
trusted library allocation
|
page read and write
|
||
|
10D2000
|
heap
|
page read and write
|
||
|
432000
|
unkown
|
page read and write
|
||
|
20FC0A47000
|
heap
|
page read and write
|
||
|
5B45000
|
trusted library allocation
|
page read and write
|
||
|
4BB5000
|
trusted library allocation
|
page read and write
|
||
|
1B5D5428000
|
heap
|
page read and write
|
||
|
1568000
|
trusted library allocation
|
page read and write
|
||
|
DE6000
|
stack
|
page read and write
|
||
|
41DF000
|
stack
|
page read and write
|
||
|
20FC0A29000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2A2C000
|
heap
|
page read and write
|
||
|
2CA0000
|
trusted library allocation
|
page read and write
|
||
|
135F000
|
stack
|
page read and write
|
||
|
19E183D0000
|
remote allocation
|
page read and write
|
||
|
4BB7000
|
trusted library allocation
|
page read and write
|
||
|
29FE000
|
heap
|
page read and write
|
||
|
1CB9FC4A000
|
heap
|
page read and write
|
||
|
4B79000
|
trusted library allocation
|
page read and write
|
||
|
29CE4029000
|
heap
|
page read and write
|
||
|
AF8A47F000
|
stack
|
page read and write
|
||
|
61D3AFC000
|
stack
|
page read and write
|
||
|
20FC0A7A000
|
heap
|
page read and write
|
||
|
2819000
|
heap
|
page read and write
|
||
|
1F702910000
|
heap
|
page read and write
|
||
|
4721000
|
heap
|
page read and write
|
||
|
20FC0A74000
|
heap
|
page read and write
|
||
|
13A0000
|
trusted library allocation
|
page read and write
|
||
|
A65000
|
heap
|
page read and write
|
||
|
75F0000
|
trusted library allocation
|
page read and write
|
||
|
45A0000
|
trusted library allocation
|
page read and write
|
||
|
20FC0A00000
|
heap
|
page read and write
|
||
|
61D37FB000
|
stack
|
page read and write
|
||
|
4BDC000
|
trusted library allocation
|
page read and write
|
||
|
902F07E000
|
stack
|
page read and write
|
||
|
125A000
|
unkown
|
page readonly
|
||
|
1CB9FBF0000
|
remote allocation
|
page read and write
|
||
|
71000
|
unkown
|
page execute read
|
||
|
3017000
|
heap
|
page read and write
|
||
|
244407E0000
|
heap
|
page read and write
|
||
|
2C8F000
|
stack
|
page read and write
|
||
|
76B0000
|
trusted library allocation
|
page read and write
|
||
|
1CB9FC5B000
|
heap
|
page read and write
|
||
|
46D0000
|
heap
|
page read and write
|
||
|
6ED000
|
stack
|
page read and write
|
||
|
7600000
|
trusted library allocation
|
page read and write
|
||
|
47EF000
|
stack
|
page read and write
|
||
|
183355D0000
|
heap
|
page read and write
|
||
|
3004000
|
heap
|
page read and write
|
||
|
A21A6BC000
|
stack
|
page read and write
|
||
|
1B5D5413000
|
heap
|
page read and write
|
||
|
75C0000
|
trusted library section
|
page read and write
|
||
|
2C3A000
|
stack
|
page read and write
|
||
|
1560000
|
trusted library allocation
|
page read and write
|
||
|
109C000
|
heap
|
page read and write
|
||
|
7FFC9DC1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
20FC0A64000
|
heap
|
page read and write
|
||
|
3015000
|
heap
|
page read and write
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
20FC0A39000
|
heap
|
page read and write
|
||
|
1560000
|
trusted library allocation
|
page read and write
|
||
|
61D367C000
|
stack
|
page read and write
|
||
|
20FC0950000
|
heap
|
page read and write
|
||
|
3011000
|
heap
|
page read and write
|
||
|
75E0000
|
heap
|
page read and write
|
||
|
A67000
|
heap
|
page read and write
|
||
|
27C0000
|
heap
|
page read and write
|
||
|
7770000
|
trusted library allocation
|
page read and write
|
||
|
272FBAA0000
|
heap
|
page read and write
|
||
|
77B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFC9DC0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
70000
|
unkown
|
page readonly
|
||
|
1CB9FC48000
|
heap
|
page read and write
|
||
|
4580000
|
trusted library allocation
|
page read and write
|
||
|
2C7E000
|
stack
|
page read and write
|
||
|
2AE0000
|
unkown
|
page readonly
|
||
|
3012000
|
heap
|
page read and write
|
||
|
2A24000
|
heap
|
page read and write
|
||
|
76F0000
|
trusted library allocation
|
page read and write
|
||
|
29CE401F000
|
heap
|
page read and write
|
||
|
3035000
|
heap
|
page read and write
|
||
|
29F9000
|
heap
|
page read and write
|
||
|
1CB9FC73000
|
heap
|
page read and write
|
||
|
5987B3C000
|
stack
|
page read and write
|
||
|
799E000
|
stack
|
page read and write
|
||
|
1CB9FBA0000
|
trusted library allocation
|
page read and write
|
||
|
A78000
|
heap
|
page read and write
|
||
|
24440ABB000
|
heap
|
page read and write
|
||
|
7FFC9DBF3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7BDF000
|
stack
|
page read and write
|
||
|
61D39FE000
|
stack
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
A78000
|
heap
|
page read and write
|
||
|
1CBA1702000
|
heap
|
page read and write
|
||
|
269B000
|
stack
|
page read and write
|
||
|
4BA4000
|
trusted library allocation
|
page read and write
|
||
|
7690000
|
trusted library allocation
|
page read and write
|
||
|
2EB7000
|
heap
|
page read and write
|
||
|
20FC1402000
|
trusted library allocation
|
page read and write
|
||
|
8AA000
|
unkown
|
page readonly
|
||
|
7C000
|
unkown
|
page readonly
|
||
|
20FC0A42000
|
heap
|
page read and write
|
||
|
1575000
|
heap
|
page read and write
|
||
|
1B5D5451000
|
heap
|
page read and write
|
||
|
76D0000
|
trusted library allocation
|
page read and write
|
||
|
20FC0A4E000
|
heap
|
page read and write
|
||
|
2A02000
|
heap
|
page read and write
|
||
|
785E000
|
stack
|
page read and write
|
||
|
19E18E02000
|
trusted library allocation
|
page read and write
|
||
|
2A07000
|
heap
|
page read and write
|
||
|
1570000
|
heap
|
page read and write
|
||
|
7620000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1CB9FA40000
|
heap
|
page read and write
|
||
|
1CB9FC67000
|
heap
|
page read and write
|
||
|
10D4000
|
heap
|
page read and write
|
||
|
10C7000
|
heap
|
page read and write
|
||
|
4B96000
|
trusted library allocation
|
page read and write
|
||
|
4521000
|
heap
|
page read and write
|
||
|
65D0000
|
heap
|
page read and write
|
||
|
4A0C000
|
heap
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
2A04000
|
heap
|
page read and write
|
||
|
8A0000
|
unkown
|
page readonly
|
||
|
2C90000
|
trusted library allocation
|
page read and write
|
||
|
2F13000
|
heap
|
page read and write
|
||
|
272FBDA5000
|
heap
|
page read and write
|
||
|
7A9F000
|
stack
|
page read and write
|
||
|
1554000
|
trusted library allocation
|
page read and write
|
||
|
29FD000
|
heap
|
page read and write
|
||
|
78000
|
unkown
|
page read and write
|
||
|
20FC0A55000
|
heap
|
page read and write
|
||
|
2F05000
|
heap
|
page read and write
|
||
|
29CE4000000
|
heap
|
page read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
8AC000
|
unkown
|
page readonly
|
||
|
1F7043A0000
|
heap
|
page read and write
|
||
|
2E7A000
|
heap
|
page read and write
|
||
|
CA2000
|
unkown
|
page readonly
|
||
|
76A0000
|
trusted library allocation
|
page read and write
|
||
|
3011000
|
heap
|
page read and write
|
||
|
1251000
|
unkown
|
page execute read
|
||
|
2CB0000
|
heap
|
page read and write
|
||
|
4B71000
|
trusted library allocation
|
page read and write
|
||
|
1B3DD000
|
stack
|
page read and write
|
||
|
24440A00000
|
heap
|
page read and write
|
||
|
75B4000
|
trusted library allocation
|
page read and write
|
||
|
1B5D5479000
|
heap
|
page read and write
|
||
|
1CB9FC02000
|
heap
|
page read and write
|
||
|
45E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
1CB9FD02000
|
heap
|
page read and write
|
||
|
2C90000
|
trusted library allocation
|
page read and write
|
||
|
19E18370000
|
heap
|
page read and write
|
||
|
20FC0A31000
|
heap
|
page read and write
|
||
|
272FBDA0000
|
heap
|
page read and write
|
||
|
301A000
|
heap
|
page read and write
|
||
|
18335540000
|
heap
|
page read and write
|
||
|
19E183D0000
|
remote allocation
|
page read and write
|
||
|
244407F0000
|
heap
|
page read and write
|
||
|
8A8000
|
unkown
|
page read and write
|
||
|
1560000
|
trusted library allocation
|
page read and write
|
||
|
1B890000
|
heap
|
page execute and read and write
|
||
|
7780000
|
trusted library allocation
|
page read and write
|
||
|
8AC000
|
unkown
|
page readonly
|
||
|
4740000
|
heap
|
page read and write
|
||
|
877BA7B000
|
stack
|
page read and write
|
||
|
23E0000
|
heap
|
page read and write
|
||
|
1CB9FD18000
|
heap
|
page read and write
|
||
|
4DAF000
|
stack
|
page read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
1560000
|
trusted library allocation
|
page read and write
|
||
|
2816000
|
heap
|
page read and write
|
||
|
4990000
|
trusted library allocation
|
page read and write
|
||
|
2A0F000
|
heap
|
page read and write
|
||
|
A21AC7E000
|
stack
|
page read and write
|
||
|
264847E000
|
stack
|
page read and write
|
||
|
7FFC9DD10000
|
trusted library allocation
|
page execute and read and write
|
||
|
3012000
|
heap
|
page read and write
|
||
|
29CE4077000
|
heap
|
page read and write
|
||
|
4750000
|
heap
|
page read and write
|
||
|
1258000
|
unkown
|
page read and write
|
||
|
1561000
|
trusted library allocation
|
page read and write
|
||
|
4AEE000
|
stack
|
page read and write
|
||
|
61D3BFE000
|
stack
|
page read and write
|
||
|
7FFC9DC10000
|
trusted library allocation
|
page read and write
|
||
|
486E000
|
stack
|
page read and write
|
||
|
1CB9FC5A000
|
heap
|
page read and write
|
||
|
20FC0A7D000
|
heap
|
page read and write
|
||
|
24440950000
|
trusted library allocation
|
page read and write
|
||
|
CA0000
|
unkown
|
page readonly
|
||
|
20FC0A49000
|
heap
|
page read and write
|
||
|
7719000
|
trusted library allocation
|
page read and write
|
||
|
2BD6DFF000
|
stack
|
page read and write
|
||
|
76E0000
|
trusted library allocation
|
page read and write
|
||
|
61D337C000
|
stack
|
page read and write
|
||
|
20FC0A62000
|
heap
|
page read and write
|
||
|
1560000
|
trusted library allocation
|
page read and write
|
||
|
4BBD000
|
trusted library allocation
|
page read and write
|
||
|
1CB9FC00000
|
heap
|
page read and write
|
||
|
4BD0000
|
trusted library allocation
|
page read and write
|
||
|
2E60000
|
trusted library allocation
|
page read and write
|
||
|
4B9A000
|
trusted library allocation
|
page read and write
|
||
|
300D000
|
heap
|
page read and write
|
||
|
771E000
|
stack
|
page read and write
|
||
|
430000
|
unkown
|
page read and write
|
||
|
7740000
|
trusted library allocation
|
page read and write
|
||
|
20FC09E0000
|
trusted library allocation
|
page read and write
|
||
|
1F702890000
|
heap
|
page read and write
|
||
|
7C000
|
unkown
|
page readonly
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
2A19000
|
heap
|
page read and write
|
||
|
1CB9FAA0000
|
heap
|
page read and write
|
||
|
1560000
|
trusted library allocation
|
page read and write
|
||
|
2CC5000
|
heap
|
page read and write
|
||
|
45A7000
|
trusted library allocation
|
page execute and read and write
|
||
|
26485FE000
|
stack
|
page read and write
|
||
|
7660000
|
trusted library allocation
|
page read and write
|
||
|
3028000
|
heap
|
page read and write
|
||
|
4B6C000
|
trusted library allocation
|
page read and write
|
||
|
5B41000
|
trusted library allocation
|
page read and write
|
||
|
4BA9000
|
trusted library allocation
|
page read and write
|
||
|
29CE405A000
|
heap
|
page read and write
|
||
|
24441202000
|
heap
|
page read and write
|
||
|
4B77000
|
trusted library allocation
|
page read and write
|
||
|
4B7F000
|
trusted library allocation
|
page read and write
|
||
|
24440A6E000
|
heap
|
page read and write
|
||
|
1F702B20000
|
heap
|
page read and write
|
||
|
4BDA000
|
trusted library allocation
|
page read and write
|
||
|
20FC09B0000
|
heap
|
page read and write
|
||
|
4BD8000
|
trusted library allocation
|
page read and write
|
||
|
65D4000
|
heap
|
page read and write
|
||
|
7FFC9DC00000
|
trusted library allocation
|
page read and write
|
||
|
AF8A87F000
|
stack
|
page read and write
|
||
|
2CC0000
|
heap
|
page read and write
|
||
|
45D0000
|
trusted library allocation
|
page read and write
|
||
|
2A0F000
|
heap
|
page read and write
|
||
|
AF8AC7F000
|
stack
|
page read and write
|
||
|
1560000
|
trusted library allocation
|
page read and write
|
||
|
5B69000
|
trusted library allocation
|
page read and write
|
||
|
2F1F000
|
stack
|
page read and write
|
||
|
2BD6D7E000
|
stack
|
page read and write
|
||
|
272FBB10000
|
heap
|
page read and write
|
||
|
24441300000
|
heap
|
page read and write
|
||
|
29CE3FE0000
|
trusted library allocation
|
page read and write
|
||
|
4996000
|
trusted library allocation
|
page read and write
|
||
|
902F47E000
|
stack
|
page read and write
|
||
|
29CE4102000
|
heap
|
page read and write
|
||
|
2E20000
|
heap
|
page read and write
|
||
|
2A09000
|
heap
|
page read and write
|
||
|
2EDC000
|
heap
|
page read and write
|
||
|
12E69000
|
trusted library allocation
|
page read and write
|
||
|
24440B02000
|
heap
|
page read and write
|
||
|
2DE5000
|
heap
|
page read and write
|
||
|
2CA0000
|
trusted library allocation
|
page read and write
|
||
|
2EC9000
|
heap
|
page read and write
|
||
|
2F0B000
|
heap
|
page read and write
|
||
|
20FC0B02000
|
heap
|
page read and write
|
||
|
1562000
|
trusted library allocation
|
page read and write
|
||
|
7760000
|
trusted library allocation
|
page read and write
|
||
|
2A07000
|
heap
|
page read and write
|
||
|
2FE9000
|
heap
|
page read and write
|
||
|
24440850000
|
heap
|
page read and write
|
||
|
1CB9FD13000
|
heap
|
page read and write
|
||
|
7C000
|
unkown
|
page readonly
|
||
|
46D4000
|
heap
|
page read and write
|
||
|
18335A00000
|
heap
|
page read and write
|
||
|
76E0000
|
trusted library allocation
|
page read and write
|
||
|
4640000
|
trusted library section
|
page read and write
|
||
|
7650000
|
trusted library allocation
|
page read and write
|
||
|
29DA000
|
heap
|
page read and write
|
||
|
3017000
|
heap
|
page read and write
|
||
|
7670000
|
trusted library allocation
|
page read and write
|
||
|
3021000
|
heap
|
page read and write
|
||
|
10C4000
|
heap
|
page read and write
|
||
|
19E1844C000
|
heap
|
page read and write
|
||
|
20FC0A45000
|
heap
|
page read and write
|
||
|
10BF000
|
heap
|
page read and write
|
||
|
272FBB30000
|
heap
|
page read and write
|
||
|
1CB9FC40000
|
heap
|
page read and write
|
||
|
2EDE000
|
stack
|
page read and write
|
||
|
70000
|
unkown
|
page readonly
|
||
|
2810000
|
heap
|
page read and write
|
||
|
4C0C000
|
heap
|
page read and write
|
||
|
902ECDB000
|
stack
|
page read and write
|
||
|
7A000
|
unkown
|
page readonly
|
||
|
303D000
|
heap
|
page read and write
|
||
|
20FC0A30000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
303D000
|
heap
|
page read and write
|
||
|
DDE000
|
stack
|
page read and write
|
||
|
4660000
|
trusted library allocation
|
page read and write
|
||
|
877C07E000
|
stack
|
page read and write
|
||
|
19E18413000
|
heap
|
page read and write
|
||
|
12E67000
|
trusted library allocation
|
page read and write
|
||
|
1B5D5360000
|
trusted library allocation
|
page read and write
|
||
|
29CE3E80000
|
heap
|
page read and write
|
||
|
4BD2000
|
trusted library allocation
|
page read and write
|
||
|
1090000
|
heap
|
page read and write
|
||
|
7FFC9DCB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
498E000
|
stack
|
page read and write
|
||
|
3011000
|
heap
|
page read and write
|
There are 594 hidden memdumps, click here to show them.