Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
o9jDrpZrgR.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\Microsoft.NET\RedistList\conhost.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Microsoft Office 15\ClientX64\qBJICEqiLNwXNBLrN.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Recovery\qBJICEqiLNwXNBLrN.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\qBJICEqiLNwXNBLrN.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\XJsEcPfXWC.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\BfMGYDNR.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\BhRGcQzx.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\BnwYCmoX.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\ESwXjeKp.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\GVjFENOl.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\GbOXfjDL.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\HJnNqbKj.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\KWPomPtF.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\MTqwIPIz.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\NBQmTGPX.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\QJNvoZJT.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\SoilvDeL.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\XieCzWia.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\eOLjNPjM.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\eQQkRcVr.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\egSCbkdO.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\fNssmckm.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\gRySjyoH.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\hLTAIczh.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\jTkAEhsC.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\lGVRPIpa.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\pwLIWFpU.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\qtmQsFEO.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\sCEQoKxk.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\vnjhvXId.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\zdaXCUIW.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft.NET\RedistList\088424020bedd6
|
ASCII text, with very long lines (881), with no line terminators
|
dropped
|
||
|
C:\Program Files\Microsoft Office 15\ClientX64\9bce06a9fec5b2
|
ASCII text, with very long lines (819), with no line terminators
|
dropped
|
||
|
C:\Recovery\9bce06a9fec5b2
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BlockrefBrokerperf.exe.log
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\9bce06a9fec5b2
|
ASCII text, with very long lines (696), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nltb4WKmeR
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\Contacts\9bce06a9fec5b2
|
ASCII text, with very long lines (744), with no line terminators
|
dropped
|
||
|
C:\reviewruntimeMonitor\XfrEwTdqjpljDpai91jT4EKzapK.bat
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\reviewruntimeMonitor\oYwPDBVe3AuHG3t6JLon5FNZVJrzPzwK1qz3t5qd93gftXcSil5zO.vbe
|
data
|
dropped
|
||
|
\Device\Null
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 34 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\o9jDrpZrgR.exe
|
C:\Users\user\Desktop\o9jDrpZrgR.exe
|
|
|
|
C:\Windows\SysWOW64\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\reviewruntimeMonitor\oYwPDBVe3AuHG3t6JLon5FNZVJrzPzwK1qz3t5qd93gftXcSil5zO.vbe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\reviewruntimeMonitor\BlockrefBrokerperf.exe
|
C:\reviewruntimeMonitor/BlockrefBrokerperf.exe
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\XJsEcPfXWC.bat"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\PING.EXE
|
ping -n 10 localhost
|
|
|
|
C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe
|
"C:\Users\user\Contacts\qBJICEqiLNwXNBLrN.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\reviewruntimeMonitor\XfrEwTdqjpljDpai91jT4EKzapK.bat" "
|
||
|
C:\Windows\System32\chcp.com
|
chcp 65001
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://77.91.124.101/imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/PythontrackDump/Image/Uploads5/temporarymulti/ToPythonpacketProcessormultiTrafficUniversal.php
|
77.91.124.101
|
|
|
|
http://77.91.124.101/imagewindows/cdnprotonpipe/9db/Providerphp/downloadsEternalDle/uploads/Pythontr
|
unknown
|
||
|
http://77.91.1H
|
unknown
|
||
|
http://77.91.124.101
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
77.91.124.101
|
unknown
|
Russian Federation
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\SOFTWARE\926a7cadbae82e02997d5998fd2cb49caf3eb59e
|
b56a04f6e86e100fcaa2b9b94a9f3244168756c5
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\cmd.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\cmd.exe.ApplicationCompany
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qBJICEqiLNwXNBLrN_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qBJICEqiLNwXNBLrN_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qBJICEqiLNwXNBLrN_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qBJICEqiLNwXNBLrN_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qBJICEqiLNwXNBLrN_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qBJICEqiLNwXNBLrN_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qBJICEqiLNwXNBLrN_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qBJICEqiLNwXNBLrN_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qBJICEqiLNwXNBLrN_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qBJICEqiLNwXNBLrN_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qBJICEqiLNwXNBLrN_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qBJICEqiLNwXNBLrN_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qBJICEqiLNwXNBLrN_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qBJICEqiLNwXNBLrN_RASMANCS
|
FileDirectory
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2D45000
|
trusted library allocation
|
page read and write
|
|
|
|
4DA6000
|
heap
|
page read and write
|
|
|
|
6E2F000
|
heap
|
page read and write
|
|
|
|
6524000
|
heap
|
page read and write
|
|
|
|
FC2000
|
unkown
|
page readonly
|
|
|
|
6520000
|
trusted library allocation
|
page read and write
|
||
|
1BF30000
|
heap
|
page execute and read and write
|
||
|
1B3F5000
|
heap
|
page read and write
|
||
|
7FF8491D0000
|
trusted library allocation
|
page read and write
|
||
|
3650000
|
heap
|
page read and write
|
||
|
3283000
|
heap
|
page read and write
|
||
|
4B04000
|
heap
|
page read and write
|
||
|
3268000
|
heap
|
page read and write
|
||
|
12B56000
|
trusted library allocation
|
page read and write
|
||
|
17375F60000
|
heap
|
page read and write
|
||
|
7FF849330000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EC6000
|
trusted library allocation
|
page read and write
|
||
|
1CFA5000
|
heap
|
page read and write
|
||
|
7FF8491D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C11000
|
heap
|
page read and write
|
||
|
7FF849298000
|
trusted library allocation
|
page read and write
|
||
|
16E0000
|
heap
|
page read and write
|
||
|
329D000
|
heap
|
page read and write
|
||
|
12A8E000
|
trusted library allocation
|
page read and write
|
||
|
3281000
|
heap
|
page read and write
|
||
|
B2B000
|
stack
|
page read and write
|
||
|
34FD000
|
heap
|
page read and write
|
||
|
32DE000
|
heap
|
page read and write
|
||
|
32C9000
|
heap
|
page read and write
|
||
|
7FF849320000
|
trusted library allocation
|
page read and write
|
||
|
3261000
|
heap
|
page read and write
|
||
|
CE7000
|
heap
|
page read and write
|
||
|
7FF848EF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AAE000
|
unkown
|
page readonly
|
||
|
7FF848FB4000
|
trusted library allocation
|
page read and write
|
||
|
7FF8491C0000
|
trusted library allocation
|
page read and write
|
||
|
2A81000
|
trusted library allocation
|
page read and write
|
||
|
2BBD000
|
heap
|
page read and write
|
||
|
328F000
|
heap
|
page read and write
|
||
|
3293000
|
heap
|
page read and write
|
||
|
7FF8490E2000
|
trusted library allocation
|
page read and write
|
||
|
2975000
|
heap
|
page read and write
|
||
|
2BAA000
|
heap
|
page read and write
|
||
|
17375FB8000
|
heap
|
page read and write
|
||
|
4DAB000
|
heap
|
page read and write
|
||
|
7FF8491F0000
|
trusted library allocation
|
page read and write
|
||
|
17375F80000
|
heap
|
page read and write
|
||
|
881000
|
unkown
|
page execute read
|
||
|
7FF8492E0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
12E7F000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E12000
|
trusted library allocation
|
page read and write
|
||
|
F3E000
|
stack
|
page read and write
|
||
|
1CC4D000
|
stack
|
page read and write
|
||
|
12E53000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E20000
|
trusted library allocation
|
page read and write
|
||
|
3492000
|
unkown
|
page readonly
|
||
|
CAC000
|
heap
|
page read and write
|
||
|
7FF848E7C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AE02000
|
heap
|
page read and write
|
||
|
2B7C000
|
heap
|
page read and write
|
||
|
12F15000
|
trusted library allocation
|
page read and write
|
||
|
51DD000
|
stack
|
page read and write
|
||
|
32A4000
|
heap
|
page read and write
|
||
|
3293000
|
heap
|
page read and write
|
||
|
6D20000
|
heap
|
page read and write
|
||
|
327D000
|
heap
|
page read and write
|
||
|
1CA70000
|
heap
|
page read and write
|
||
|
8E3000
|
unkown
|
page readonly
|
||
|
7FF848FE0000
|
trusted library allocation
|
page read and write
|
||
|
12E78000
|
trusted library allocation
|
page read and write
|
||
|
3126000
|
heap
|
page read and write
|
||
|
1710000
|
heap
|
page read and write
|
||
|
12ED4000
|
trusted library allocation
|
page read and write
|
||
|
2B87000
|
heap
|
page read and write
|
||
|
7FF849380000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF849220000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF8492D1000
|
trusted library allocation
|
page read and write
|
||
|
5C0000
|
stack
|
page read and write
|
||
|
3B21000
|
trusted library allocation
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
723631C000
|
stack
|
page read and write
|
||
|
343E000
|
stack
|
page read and write
|
||
|
1B520000
|
heap
|
page execute and read and write
|
||
|
2C11000
|
heap
|
page read and write
|
||
|
7FF849200000
|
trusted library allocation
|
page read and write
|
||
|
1A80000
|
unkown
|
page readonly
|
||
|
3260000
|
heap
|
page read and write
|
||
|
329B000
|
heap
|
page read and write
|
||
|
4DA0000
|
trusted library allocation
|
page read and write
|
||
|
1670000
|
heap
|
page read and write
|
||
|
5D8000
|
stack
|
page read and write
|
||
|
7FF849370000
|
trusted library allocation
|
page execute and read and write
|
||
|
4DAD000
|
heap
|
page read and write
|
||
|
327C000
|
heap
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
1690000
|
unkown
|
page readonly
|
||
|
1AC0000
|
heap
|
page read and write
|
||
|
2BBF000
|
heap
|
page read and write
|
||
|
7FF848FE5000
|
trusted library allocation
|
page read and write
|
||
|
2D8E000
|
stack
|
page read and write
|
||
|
3A49000
|
trusted library allocation
|
page read and write
|
||
|
1723000
|
heap
|
page read and write
|
||
|
2B78000
|
heap
|
page read and write
|
||
|
1674000
|
heap
|
page read and write
|
||
|
5B7C000
|
stack
|
page read and write
|
||
|
C90000
|
trusted library allocation
|
page read and write
|
||
|
5F1000
|
stack
|
page read and write
|
||
|
7FF849360000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AC4000
|
heap
|
page read and write
|
||
|
7FF848FFA000
|
trusted library allocation
|
page read and write
|
||
|
18DE000
|
stack
|
page read and write
|
||
|
1A82000
|
unkown
|
page readonly
|
||
|
32A3000
|
heap
|
page read and write
|
||
|
8BE000
|
unkown
|
page read and write
|
||
|
7FF849350000
|
trusted library allocation
|
page read and write
|
||
|
7FF848ECC000
|
trusted library allocation
|
page execute and read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
32A9000
|
heap
|
page read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
|
1B00C000
|
stack
|
page read and write
|
||
|
2C1A000
|
heap
|
page read and write
|
||
|
1A02000
|
unkown
|
page readonly
|
||
|
1650000
|
unkown
|
page readonly
|
||
|
2B9A000
|
trusted library allocation
|
page read and write
|
||
|
173761A0000
|
heap
|
page read and write
|
||
|
7FF849117000
|
trusted library allocation
|
page read and write
|
||
|
16C2000
|
unkown
|
page readonly
|
||
|
3630000
|
heap
|
page read and write
|
||
|
1093000
|
trusted library allocation
|
page read and write
|
||
|
7FF8491E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
12DDC000
|
trusted library allocation
|
page read and write
|
||
|
7FF8492D0000
|
trusted library allocation
|
page read and write
|
||
|
12CF6000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E24000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3281000
|
heap
|
page read and write
|
||
|
1610000
|
trusted library allocation
|
page read and write
|
||
|
1CFA0000
|
heap
|
page read and write
|
||
|
525B000
|
stack
|
page read and write
|
||
|
1CFA3000
|
heap
|
page read and write
|
||
|
7FF849100000
|
trusted library allocation
|
page read and write
|
||
|
32C9000
|
heap
|
page read and write
|
||
|
7FF848E40000
|
trusted library allocation
|
page read and write
|
||
|
1B6B0000
|
trusted library allocation
|
page read and write
|
||
|
32A8000
|
heap
|
page read and write
|
||
|
7FF848E34000
|
trusted library allocation
|
page read and write
|
||
|
32A6000
|
heap
|
page read and write
|
||
|
12EBF000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E44000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FBB000
|
trusted library allocation
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
16C0000
|
unkown
|
page readonly
|
||
|
3266000
|
heap
|
page read and write
|
||
|
12C19000
|
trusted library allocation
|
page read and write
|
||
|
52A0000
|
heap
|
page read and write
|
||
|
2BAA000
|
heap
|
page read and write
|
||
|
12E2F000
|
trusted library allocation
|
page read and write
|
||
|
32A3000
|
heap
|
page read and write
|
||
|
3286000
|
heap
|
page read and write
|
||
|
1C11E000
|
heap
|
page read and write
|
||
|
16EC000
|
heap
|
page read and write
|
||
|
7FF848FC7000
|
trusted library allocation
|
page read and write
|
||
|
12E07000
|
trusted library allocation
|
page read and write
|
||
|
12EAA000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490E0000
|
trusted library allocation
|
page read and write
|
||
|
32C9000
|
heap
|
page read and write
|
||
|
19E0000
|
heap
|
page execute and read and write
|
||
|
328D000
|
heap
|
page read and write
|
||
|
7FF849300000
|
trusted library allocation
|
page read and write
|
||
|
32C9000
|
heap
|
page read and write
|
||
|
12DF1000
|
trusted library allocation
|
page read and write
|
||
|
17C6000
|
heap
|
page read and write
|
||
|
32A4000
|
heap
|
page read and write
|
||
|
4D80000
|
heap
|
page read and write
|
||
|
32DE000
|
heap
|
page read and write
|
||
|
19DE000
|
stack
|
page read and write
|
||
|
7FF848E33000
|
trusted library allocation
|
page read and write
|
||
|
7FF849340000
|
trusted library allocation
|
page read and write
|
||
|
3288000
|
heap
|
page read and write
|
||
|
1CB40000
|
heap
|
page read and write
|
||
|
328F000
|
heap
|
page read and write
|
||
|
346F000
|
stack
|
page read and write
|
||
|
557E000
|
stack
|
page read and write
|
||
|
2B58000
|
heap
|
page read and write
|
||
|
7FF849010000
|
trusted library allocation
|
page read and write
|
||
|
1B43F000
|
heap
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FF0000
|
trusted library allocation
|
page read and write
|
||
|
1BB10000
|
trusted library allocation
|
page read and write
|
||
|
17375E80000
|
heap
|
page read and write
|
||
|
880000
|
unkown
|
page readonly
|
||
|
1B82F000
|
stack
|
page read and write
|
||
|
2B8A000
|
heap
|
page read and write
|
||
|
1652000
|
unkown
|
page readonly
|
||
|
5F9000
|
stack
|
page read and write
|
||
|
2ECE000
|
stack
|
page read and write
|
||
|
2C11000
|
heap
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FF4000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FD2000
|
trusted library allocation
|
page read and write
|
||
|
2BE4000
|
heap
|
page read and write
|
||
|
11C0000
|
heap
|
page read and write
|
||
|
870000
|
heap
|
page readonly
|
||
|
7FF848FE2000
|
trusted library allocation
|
page read and write
|
||
|
7FF8491B0000
|
trusted library allocation
|
page read and write
|
||
|
2BBC000
|
heap
|
page read and write
|
||
|
1CA2E000
|
stack
|
page read and write
|
||
|
7FF8491C0000
|
trusted library allocation
|
page read and write
|
||
|
1AA0000
|
unkown
|
page readonly
|
||
|
3285000
|
heap
|
page read and write
|
||
|
3268000
|
heap
|
page read and write
|
||
|
567E000
|
stack
|
page read and write
|
||
|
2F60000
|
heap
|
page read and write
|
||
|
1C48F000
|
stack
|
page read and write
|
||
|
7FF849107000
|
trusted library allocation
|
page read and write
|
||
|
166C000
|
unkown
|
page readonly
|
||
|
1C8D7000
|
stack
|
page read and write
|
||
|
7FF849340000
|
trusted library allocation
|
page read and write
|
||
|
3283000
|
heap
|
page read and write
|
||
|
1A12000
|
unkown
|
page readonly
|
||
|
5A3F000
|
stack
|
page read and write
|
||
|
173761A4000
|
heap
|
page read and write
|
||
|
7FF848F06000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF849350000
|
trusted library allocation
|
page read and write
|
||
|
1C171000
|
heap
|
page read and write
|
||
|
2A6E000
|
stack
|
page read and write
|
||
|
3610000
|
heap
|
page read and write
|
||
|
8E3000
|
unkown
|
page write copy
|
||
|
D0E000
|
heap
|
page read and write
|
||
|
7FF8490D0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E6C000
|
trusted library allocation
|
page execute and read and write
|
||
|
360E000
|
stack
|
page read and write
|
||
|
7FF848E13000
|
trusted library allocation
|
page execute and read and write
|
||
|
15F0000
|
trusted library allocation
|
page read and write
|
||
|
4F6000
|
stack
|
page read and write
|
||
|
7FF8492E0000
|
trusted library allocation
|
page read and write
|
||
|
519E000
|
stack
|
page read and write
|
||
|
7FF849120000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848FC4000
|
trusted library allocation
|
page read and write
|
||
|
EBF000
|
unkown
|
page read and write
|
||
|
3290000
|
heap
|
page read and write
|
||
|
13A6D000
|
trusted library allocation
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
32A9000
|
heap
|
page read and write
|
||
|
7FF8490F0000
|
trusted library allocation
|
page read and write
|
||
|
5CE000
|
stack
|
page read and write
|
||
|
16A2000
|
unkown
|
page readonly
|
||
|
3A3E000
|
trusted library allocation
|
page read and write
|
||
|
52FE000
|
stack
|
page read and write
|
||
|
16B8000
|
unkown
|
page readonly
|
||
|
4DAA000
|
heap
|
page read and write
|
||
|
2C11000
|
heap
|
page read and write
|
||
|
7FF848E3B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BCE000
|
stack
|
page read and write
|
||
|
1AA2000
|
unkown
|
page readonly
|
||
|
1CD9E000
|
stack
|
page read and write
|
||
|
32A2000
|
heap
|
page read and write
|
||
|
1C38F000
|
stack
|
page read and write
|
||
|
170E000
|
heap
|
page read and write
|
||
|
D1C000
|
heap
|
page read and write
|
||
|
7FF8492F0000
|
trusted library allocation
|
page read and write
|
||
|
4C90000
|
heap
|
page read and write
|
||
|
1B523000
|
heap
|
page execute and read and write
|
||
|
1BF40000
|
heap
|
page read and write
|
||
|
881000
|
unkown
|
page execute read
|
||
|
56BE000
|
stack
|
page read and write
|
||
|
32A6000
|
heap
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
BDE000
|
stack
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
CE3000
|
heap
|
page read and write
|
||
|
3A29000
|
trusted library allocation
|
page read and write
|
||
|
32A9000
|
heap
|
page read and write
|
||
|
509E000
|
stack
|
page read and write
|
||
|
1C090000
|
heap
|
page read and write
|
||
|
2C1A000
|
heap
|
page read and write
|
||
|
1CE9E000
|
stack
|
page read and write
|
||
|
3288000
|
heap
|
page read and write
|
||
|
470000
|
unclassified section
|
page readonly
|
||
|
6F1E000
|
stack
|
page read and write
|
||
|
480000
|
unclassified section
|
page readonly
|
||
|
D2E000
|
heap
|
page read and write
|
||
|
32DE000
|
heap
|
page read and write
|
||
|
7FF8492C1000
|
trusted library allocation
|
page read and write
|
||
|
1757000
|
heap
|
page read and write
|
||
|
1140000
|
heap
|
page execute and read and write
|
||
|
7FF849130000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E30000
|
trusted library allocation
|
page read and write
|
||
|
7FF84930D000
|
trusted library allocation
|
page read and write
|
||
|
32A0000
|
heap
|
page read and write
|
||
|
593E000
|
stack
|
page read and write
|
||
|
32A8000
|
heap
|
page read and write
|
||
|
2BAA000
|
heap
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
3120000
|
heap
|
page read and write
|
||
|
13A72000
|
trusted library allocation
|
page read and write
|
||
|
12EEA000
|
trusted library allocation
|
page read and write
|
||
|
4AEA000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E23000
|
trusted library allocation
|
page read and write
|
||
|
4AF0000
|
heap
|
page read and write
|
||
|
2B8E000
|
heap
|
page read and write
|
||
|
3681000
|
trusted library allocation
|
page read and write
|
||
|
32C9000
|
heap
|
page read and write
|
||
|
3490000
|
unkown
|
page readonly
|
||
|
1B350000
|
heap
|
page read and write
|
||
|
7FF848EE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
32C9000
|
heap
|
page read and write
|
||
|
1C58D000
|
stack
|
page read and write
|
||
|
7FF84923D000
|
trusted library allocation
|
page read and write
|
||
|
13A78000
|
trusted library allocation
|
page read and write
|
||
|
8E2000
|
unkown
|
page read and write
|
||
|
2B8A000
|
heap
|
page read and write
|
||
|
1682000
|
unkown
|
page readonly
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
1C43E000
|
stack
|
page read and write
|
||
|
1660000
|
unkown
|
page readonly
|
||
|
16A0000
|
unkown
|
page readonly
|
||
|
FC0000
|
unkown
|
page readonly
|
||
|
2DCE000
|
stack
|
page read and write
|
||
|
2F6B000
|
heap
|
page read and write
|
||
|
D16000
|
heap
|
page read and write
|
||
|
701F000
|
stack
|
page read and write
|
||
|
2C1A000
|
heap
|
page read and write
|
||
|
7FF84924D000
|
trusted library allocation
|
page read and write
|
||
|
7FF8493A0000
|
trusted library allocation
|
page read and write
|
||
|
8B3000
|
unkown
|
page readonly
|
||
|
2C18000
|
heap
|
page read and write
|
||
|
7FF8492B0000
|
trusted library allocation
|
page read and write
|
||
|
1A20000
|
unkown
|
page readonly
|
||
|
1C13D000
|
stack
|
page read and write
|
||
|
32DE000
|
heap
|
page read and write
|
||
|
2F67000
|
heap
|
page read and write
|
||
|
1A00000
|
unkown
|
page readonly
|
||
|
5E9000
|
stack
|
page read and write
|
||
|
7FF848E3A000
|
trusted library allocation
|
page read and write
|
||
|
5E5000
|
stack
|
page read and write
|
||
|
6525000
|
heap
|
page read and write
|
||
|
1BFEF000
|
heap
|
page read and write
|
||
|
1368E000
|
trusted library allocation
|
page read and write
|
||
|
53FF000
|
stack
|
page read and write
|
||
|
3B37000
|
trusted library allocation
|
page read and write
|
||
|
3295000
|
heap
|
page read and write
|
||
|
7FF8490C0000
|
trusted library allocation
|
page read and write
|
||
|
12D19000
|
trusted library allocation
|
page read and write
|
||
|
1BF56000
|
heap
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
7FF8492A8000
|
trusted library allocation
|
page read and write
|
||
|
1A90000
|
unkown
|
page readonly
|
||
|
2C13000
|
heap
|
page read and write
|
||
|
7FF848E4B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1774000
|
heap
|
page read and write
|
||
|
2B75000
|
heap
|
page read and write
|
||
|
8BE000
|
unkown
|
page write copy
|
||
|
AA0000
|
unclassified section
|
page readonly
|
||
|
7FF849000000
|
trusted library allocation
|
page read and write
|
||
|
7FF849200000
|
trusted library allocation
|
page read and write
|
||
|
8C5000
|
unkown
|
page read and write
|
||
|
4AD1000
|
trusted library allocation
|
page read and write
|
||
|
7FF8492A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF849330000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3470000
|
unkown
|
page readonly
|
||
|
13681000
|
trusted library allocation
|
page read and write
|
||
|
12E68000
|
trusted library allocation
|
page read and write
|
||
|
1BAFC000
|
stack
|
page read and write
|
||
|
2C13000
|
heap
|
page read and write
|
||
|
3284000
|
heap
|
page read and write
|
||
|
2C1A000
|
heap
|
page read and write
|
||
|
1AAB0000
|
trusted library allocation
|
page read and write
|
||
|
7FF849390000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
3639000
|
heap
|
page read and write
|
||
|
1BF8D000
|
heap
|
page read and write
|
||
|
1C33F000
|
stack
|
page read and write
|
||
|
7FF8492C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF8491A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF8492B0000
|
trusted library allocation
|
page read and write
|
||
|
329F000
|
heap
|
page read and write
|
||
|
3291000
|
heap
|
page read and write
|
||
|
7FF8491B0000
|
trusted library allocation
|
page read and write
|
||
|
7FF849220000
|
trusted library allocation
|
page read and write
|
||
|
12E6D000
|
trusted library allocation
|
page read and write
|
||
|
1B72E000
|
stack
|
page read and write
|
||
|
1BF33000
|
heap
|
page execute and read and write
|
||
|
7FF849210000
|
trusted library allocation
|
page read and write
|
||
|
32A7000
|
heap
|
page read and write
|
||
|
30E0000
|
heap
|
page read and write
|
||
|
3281000
|
heap
|
page read and write
|
||
|
13791000
|
trusted library allocation
|
page read and write
|
||
|
3291000
|
heap
|
page read and write
|
||
|
3287000
|
heap
|
page read and write
|
||
|
2C13000
|
heap
|
page read and write
|
||
|
2B8A000
|
heap
|
page read and write
|
||
|
2C13000
|
heap
|
page read and write
|
||
|
7FF8490BF000
|
trusted library allocation
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
2BBD000
|
heap
|
page read and write
|
||
|
2970000
|
heap
|
page read and write
|
||
|
138DD000
|
trusted library allocation
|
page read and write
|
||
|
3268000
|
heap
|
page read and write
|
||
|
1662000
|
unkown
|
page readonly
|
||
|
830000
|
unclassified section
|
page readonly
|
||
|
174D000
|
heap
|
page read and write
|
||
|
B60000
|
unclassified section
|
page readonly
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
14EF000
|
stack
|
page read and write
|
||
|
1190000
|
heap
|
page read and write
|
||
|
12D0C000
|
trusted library allocation
|
page read and write
|
||
|
7FF849120000
|
trusted library allocation
|
page read and write
|
||
|
293D000
|
stack
|
page read and write
|
||
|
3248000
|
heap
|
page read and write
|
||
|
13A2F000
|
trusted library allocation
|
page read and write
|
||
|
7FF849370000
|
trusted library allocation
|
page read and write
|
||
|
2C1A000
|
heap
|
page read and write
|
||
|
7FF8490F0000
|
trusted library allocation
|
page read and write
|
||
|
1080000
|
trusted library allocation
|
page read and write
|
||
|
1CF9B000
|
stack
|
page read and write
|
||
|
711D000
|
stack
|
page read and write
|
||
|
2B4E000
|
stack
|
page read and write
|
||
|
10C0000
|
heap
|
page read and write
|
||
|
7FF848EDC000
|
trusted library allocation
|
page execute and read and write
|
||
|
8E4000
|
unkown
|
page readonly
|
||
|
2A70000
|
heap
|
page execute and read and write
|
||
|
1B3A5000
|
heap
|
page read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
7FF848E23000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C124000
|
heap
|
page read and write
|
||
|
12A81000
|
trusted library allocation
|
page read and write
|
||
|
1B92E000
|
stack
|
page read and write
|
||
|
D35000
|
heap
|
page read and write
|
||
|
7FF849310000
|
trusted library allocation
|
page read and write
|
||
|
1090000
|
trusted library allocation
|
page read and write
|
||
|
3472000
|
unkown
|
page readonly
|
||
|
1727000
|
heap
|
page read and write
|
||
|
1680000
|
unkown
|
page readonly
|
||
|
2940000
|
heap
|
page read and write
|
||
|
4B00000
|
heap
|
page read and write
|
||
|
7FF84910F000
|
trusted library allocation
|
page read and write
|
||
|
1C9DB000
|
stack
|
page read and write
|
||
|
1C7D4000
|
stack
|
page read and write
|
||
|
57BF000
|
stack
|
page read and write
|
||
|
32DE000
|
heap
|
page read and write
|
||
|
1B379000
|
heap
|
page read and write
|
||
|
723667F000
|
stack
|
page read and write
|
||
|
7FF848ED6000
|
trusted library allocation
|
page read and write
|
||
|
3290000
|
heap
|
page read and write
|
||
|
2C13000
|
heap
|
page read and write
|
||
|
7FF849210000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F40000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A92000
|
unkown
|
page readonly
|
||
|
1C005000
|
heap
|
page read and write
|
||
|
7FF849360000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490D0000
|
trusted library allocation
|
page read and write
|
||
|
8B3000
|
unkown
|
page readonly
|
||
|
328B000
|
heap
|
page read and write
|
||
|
7FF848E14000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FF0000
|
trusted library allocation
|
page read and write
|
||
|
2C17000
|
heap
|
page read and write
|
||
|
11C4000
|
heap
|
page read and write
|
||
|
32A8000
|
heap
|
page read and write
|
||
|
2B7F000
|
heap
|
page read and write
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BBF000
|
heap
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
2B8A000
|
heap
|
page read and write
|
||
|
1100000
|
unkown
|
page readonly
|
||
|
16D4000
|
unkown
|
page readonly
|
||
|
5A7C000
|
stack
|
page read and write
|
||
|
1C0D7000
|
heap
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
1692000
|
unkown
|
page readonly
|
||
|
7FF8490E0000
|
trusted library allocation
|
page read and write
|
||
|
7FF849110000
|
trusted library allocation
|
page read and write
|
||
|
17375FBA000
|
heap
|
page read and write
|
||
|
32DE000
|
heap
|
page read and write
|
||
|
1B3FA000
|
heap
|
page read and write
|
||
|
12E3A000
|
trusted library allocation
|
page read and write
|
||
|
327F000
|
heap
|
page read and write
|
||
|
32AC000
|
heap
|
page read and write
|
||
|
7FF848FCA000
|
trusted library allocation
|
page read and write
|
||
|
3A50000
|
trusted library allocation
|
page read and write
|
||
|
EFB000
|
stack
|
page read and write
|
||
|
1C10D000
|
heap
|
page read and write
|
||
|
1A22000
|
unkown
|
page readonly
|
||
|
329F000
|
heap
|
page read and write
|
||
|
322E000
|
stack
|
page read and write
|
||
|
4CA0000
|
heap
|
page read and write
|
||
|
1CF4D000
|
stack
|
page read and write
|
||
|
3284000
|
heap
|
page read and write
|
||
|
7FF8491F5000
|
trusted library allocation
|
page read and write
|
||
|
1C23E000
|
stack
|
page read and write
|
||
|
12EFF000
|
trusted library allocation
|
page read and write
|
||
|
7FF849004000
|
trusted library allocation
|
page read and write
|
||
|
3240000
|
heap
|
page read and write
|
||
|
880000
|
unkown
|
page readonly
|
||
|
1BFDF000
|
heap
|
page read and write
|
||
|
2C8E000
|
stack
|
page read and write
|
||
|
9F4000
|
heap
|
page read and write
|
||
|
32AC000
|
heap
|
page read and write
|
||
|
FC0000
|
unkown
|
page readonly
|
||
|
7FF849000000
|
trusted library allocation
|
page read and write
|
||
|
32EC000
|
heap
|
page read and write
|
||
|
1B373000
|
heap
|
page read and write
|
||
|
7FF445F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF849320000
|
trusted library allocation
|
page read and write
|
||
|
521E000
|
stack
|
page read and write
|
||
|
7FF8491F0000
|
trusted library allocation
|
page read and write
|
||
|
52BF000
|
stack
|
page read and write
|
||
|
1B403000
|
heap
|
page read and write
|
||
|
99F000
|
stack
|
page read and write
|
||
|
1CD4C000
|
stack
|
page read and write
|
||
|
2B80000
|
heap
|
page read and write
|
||
|
34E0000
|
heap
|
page read and write
|
||
|
1BFD6000
|
heap
|
page read and write
|
||
|
32AD000
|
heap
|
page read and write
|
||
|
7FF848E3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
12E95000
|
trusted library allocation
|
page read and write
|
||
|
3670000
|
heap
|
page execute and read and write
|
||
|
723639F000
|
stack
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
AB0000
|
unclassified section
|
page readonly
|
||
|
7FF8492F0000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
7FF848E2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
328C000
|
heap
|
page read and write
|
||
|
2C1A000
|
heap
|
page read and write
|
||
|
5C9000
|
stack
|
page read and write
|
||
|
7FF849300000
|
trusted library allocation
|
page read and write
|
||
|
176D000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
2B8F000
|
heap
|
page read and write
|
||
|
17375FB0000
|
heap
|
page read and write
|
||
|
7FF849230000
|
trusted library allocation
|
page read and write
|
||
|
7FF8491E0000
|
trusted library allocation
|
page read and write
|
||
|
7FF849310000
|
trusted library allocation
|
page read and write
|
||
|
1C68B000
|
stack
|
page read and write
|
There are 529 hidden memdumps, click here to show them.