Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
inxVlfQD8T.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\Java\xzCoZyfxKxCkf.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Windows Defender\en-GB\xzCoZyfxKxCkf.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Windows NT\TableTextService\en-US\xzCoZyfxKxCkf.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\xzCoZyfxKxCkf.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\7-Zip\Lang\xzCoZyfxKxCkf.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Common Files\microsoft shared\Stationery\xzCoZyfxKxCkf.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Microsoft\OneDrive\ListSync\settings\xzCoZyfxKxCkf.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Reference Assemblies\Microsoft\Framework\smss.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Uninstall Information\xzCoZyfxKxCkf.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Recovery\winlogon.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Recovery\xzCoZyfxKxCkf.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Default\Favorites\xzCoZyfxKxCkf.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Microsoft.NET\xzCoZyfxKxCkf.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\addins\xzCoZyfxKxCkf.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\016488274f7f2b
|
ASCII text, with very long lines (664), with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Java\xzCoZyfxKxCkf.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Windows Defender\en-GB\016488274f7f2b
|
ASCII text, with very long lines (499), with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Windows Defender\en-GB\xzCoZyfxKxCkf.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Windows NT\TableTextService\en-US\016488274f7f2b
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Windows NT\TableTextService\en-US\xzCoZyfxKxCkf.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\016488274f7f2b
|
ASCII text, with very long lines (335), with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\xzCoZyfxKxCkf.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\7-Zip\Lang\016488274f7f2b
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Program Files\7-Zip\Lang\xzCoZyfxKxCkf.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Common Files\microsoft shared\Stationery\016488274f7f2b
|
ASCII text, with very long lines (387), with no line terminators
|
dropped
|
||
|
C:\Program Files\Common Files\microsoft shared\Stationery\xzCoZyfxKxCkf.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Microsoft\OneDrive\ListSync\settings\016488274f7f2b
|
ASCII text, with very long lines (778), with no line terminators
|
dropped
|
||
|
C:\Program Files\Microsoft\OneDrive\ListSync\settings\xzCoZyfxKxCkf.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Reference Assemblies\Microsoft\Framework\69ddcba757bf72
|
ASCII text, with very long lines (750), with no line terminators
|
dropped
|
||
|
C:\Program Files\Reference Assemblies\Microsoft\Framework\smss.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Uninstall Information\016488274f7f2b
|
ASCII text, with very long lines (817), with no line terminators
|
dropped
|
||
|
C:\Program Files\Uninstall Information\xzCoZyfxKxCkf.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Recovery\016488274f7f2b
|
ASCII text, with very long lines (917), with no line terminators
|
dropped
|
||
|
C:\Recovery\cc11b995f2a76d
|
ASCII text, with very long lines (948), with no line terminators
|
dropped
|
||
|
C:\Recovery\winlogon.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Recovery\xzCoZyfxKxCkf.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Default\Favorites\016488274f7f2b
|
ASCII text, with very long lines (593), with no line terminators
|
dropped
|
||
|
C:\Users\Default\Favorites\xzCoZyfxKxCkf.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\inxVlfQD8T.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\xzCoZyfxKxCkf.exe.log
|
CSV text
|
dropped
|
||
|
C:\Windows\Microsoft.NET\016488274f7f2b
|
ASCII text, with very long lines (321), with no line terminators
|
dropped
|
||
|
C:\Windows\Microsoft.NET\xzCoZyfxKxCkf.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\addins\016488274f7f2b
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\addins\xzCoZyfxKxCkf.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 35 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\inxVlfQD8T.exe
|
"C:\Users\user\Desktop\inxVlfQD8T.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "xzCoZyfxKxCkfx" /sc MINUTE /mo 6 /tr "'C:\Program Files\Common Files\microsoft shared\Stationery\xzCoZyfxKxCkf.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "xzCoZyfxKxCkf" /sc ONLOGON /tr "'C:\Program Files\Common Files\microsoft shared\Stationery\xzCoZyfxKxCkf.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "xzCoZyfxKxCkfx" /sc MINUTE /mo 9 /tr "'C:\Program Files\Common Files\microsoft shared\Stationery\xzCoZyfxKxCkf.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "xzCoZyfxKxCkfx" /sc MINUTE /mo 13 /tr "'C:\Recovery\xzCoZyfxKxCkf.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "xzCoZyfxKxCkf" /sc ONLOGON /tr "'C:\Recovery\xzCoZyfxKxCkf.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "xzCoZyfxKxCkfx" /sc MINUTE /mo 8 /tr "'C:\Recovery\xzCoZyfxKxCkf.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "xzCoZyfxKxCkfx" /sc MINUTE /mo 13 /tr "'C:\Recovery\xzCoZyfxKxCkf.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "xzCoZyfxKxCkf" /sc ONLOGON /tr "'C:\Recovery\xzCoZyfxKxCkf.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "xzCoZyfxKxCkfx" /sc MINUTE /mo 8 /tr "'C:\Recovery\xzCoZyfxKxCkf.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "xzCoZyfxKxCkfx" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\windowspowershell\Modules\PackageManagement\1.0.0.1\xzCoZyfxKxCkf.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "xzCoZyfxKxCkf" /sc ONLOGON /tr "'C:\Program Files (x86)\windowspowershell\Modules\PackageManagement\1.0.0.1\xzCoZyfxKxCkf.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "xzCoZyfxKxCkfx" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\windowspowershell\Modules\PackageManagement\1.0.0.1\xzCoZyfxKxCkf.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "xzCoZyfxKxCkfx" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\windows nt\TableTextService\en-US\xzCoZyfxKxCkf.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "xzCoZyfxKxCkf" /sc ONLOGON /tr "'C:\Program Files (x86)\windows nt\TableTextService\en-US\xzCoZyfxKxCkf.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "xzCoZyfxKxCkfx" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\windows nt\TableTextService\en-US\xzCoZyfxKxCkf.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "xzCoZyfxKxCkfx" /sc MINUTE /mo 11 /tr "'C:\Recovery\xzCoZyfxKxCkf.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "xzCoZyfxKxCkf" /sc ONLOGON /tr "'C:\Recovery\xzCoZyfxKxCkf.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "xzCoZyfxKxCkfx" /sc MINUTE /mo 13 /tr "'C:\Recovery\xzCoZyfxKxCkf.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "xzCoZyfxKxCkfx" /sc MINUTE /mo 11 /tr "'C:\Program Files\Microsoft\OneDrive\ListSync\settings\xzCoZyfxKxCkf.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "xzCoZyfxKxCkf" /sc ONLOGON /tr "'C:\Program Files\Microsoft\OneDrive\ListSync\settings\xzCoZyfxKxCkf.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "xzCoZyfxKxCkfx" /sc MINUTE /mo 8 /tr "'C:\Program Files\Microsoft\OneDrive\ListSync\settings\xzCoZyfxKxCkf.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Recovery\xzCoZyfxKxCkf.exe
|
C:\Recovery\xzCoZyfxKxCkf.exe
|
|
|
|
C:\Program Files\Microsoft\OneDrive\ListSync\settings\xzCoZyfxKxCkf.exe
|
"C:\Program Files\Microsoft\OneDrive\ListSync\settings\xzCoZyfxKxCkf.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "xzCoZyfxKxCkfx" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\windows defender\en-GB\xzCoZyfxKxCkf.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "xzCoZyfxKxCkf" /sc ONLOGON /tr "'C:\Program Files (x86)\windows defender\en-GB\xzCoZyfxKxCkf.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "xzCoZyfxKxCkfx" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\windows defender\en-GB\xzCoZyfxKxCkf.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "xzCoZyfxKxCkfx" /sc MINUTE /mo 13 /tr "'C:\Program Files\Uninstall Information\xzCoZyfxKxCkf.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "xzCoZyfxKxCkf" /sc ONLOGON /tr "'C:\Program Files\Uninstall Information\xzCoZyfxKxCkf.exe'" /rl
HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "xzCoZyfxKxCkfx" /sc MINUTE /mo 12 /tr "'C:\Program Files\Uninstall Information\xzCoZyfxKxCkf.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 13 /tr "'C:\Recovery\winlogon.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "winlogon" /sc ONLOGON /tr "'C:\Recovery\winlogon.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 9 /tr "'C:\Recovery\winlogon.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "xzCoZyfxKxCkfx" /sc MINUTE /mo 8 /tr "'C:\Program Files\7-Zip\Lang\xzCoZyfxKxCkf.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "xzCoZyfxKxCkf" /sc ONLOGON /tr "'C:\Program Files\7-Zip\Lang\xzCoZyfxKxCkf.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "xzCoZyfxKxCkfx" /sc MINUTE /mo 14 /tr "'C:\Program Files\7-Zip\Lang\xzCoZyfxKxCkf.exe'" /rl HIGHEST
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "smsss" /sc MINUTE /mo 12 /tr "'C:\Program Files\Reference Assemblies\Microsoft\Framework\smss.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "smss" /sc ONLOGON /tr "'C:\Program Files\Reference Assemblies\Microsoft\Framework\smss.exe'" /rl
HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "smsss" /sc MINUTE /mo 8 /tr "'C:\Program Files\Reference Assemblies\Microsoft\Framework\smss.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "xzCoZyfxKxCkfx" /sc MINUTE /mo 10 /tr "'C:\Windows\addins\xzCoZyfxKxCkf.exe'" /f
|
|
There are 30 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://a0984800.xsph.ru/@zd3bk5Wa3RHb1FmZlR0X
|
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\704ebbba7255d8cf22262481eb734a58e3c1d79c
|
973d9743253f692445b060002b7e6e309cedefb4
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2861000
|
trusted library allocation
|
page read and write
|
|
|
|
2DA7000
|
trusted library allocation
|
page read and write
|
|
|
|
2ED1000
|
trusted library allocation
|
page read and write
|
|
|
|
2DA1000
|
trusted library allocation
|
page read and write
|
|
|
|
1286F000
|
trusted library allocation
|
page read and write
|
|
|
|
1BBFD000
|
heap
|
page read and write
|
||
|
FCF000
|
heap
|
page read and write
|
||
|
7FFD9B90A000
|
trusted library allocation
|
page read and write
|
||
|
1C53F000
|
stack
|
page read and write
|
||
|
7FFD9B794000
|
trusted library allocation
|
page read and write
|
||
|
12DFB000
|
trusted library allocation
|
page read and write
|
||
|
2D9E000
|
stack
|
page read and write
|
||
|
1BD6E000
|
stack
|
page read and write
|
||
|
12B37000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B783000
|
trusted library allocation
|
page read and write
|
||
|
1BEB5000
|
heap
|
page read and write
|
||
|
1240000
|
heap
|
page read and write
|
||
|
1A890000
|
trusted library allocation
|
page read and write
|
||
|
1BCB7000
|
heap
|
page read and write
|
||
|
7FFD9B764000
|
trusted library allocation
|
page read and write
|
||
|
1BCC6000
|
heap
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
1BB18000
|
heap
|
page read and write
|
||
|
7FFD9B773000
|
trusted library allocation
|
page read and write
|
||
|
12F31000
|
trusted library allocation
|
page read and write
|
||
|
29BF000
|
trusted library allocation
|
page read and write
|
||
|
1B819000
|
heap
|
page read and write
|
||
|
EE0000
|
trusted library allocation
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
1B86D000
|
heap
|
page read and write
|
||
|
5DC000
|
unkown
|
page readonly
|
||
|
1BBA6000
|
heap
|
page read and write
|
||
|
137E000
|
stack
|
page read and write
|
||
|
1010000
|
heap
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
12DAD000
|
trusted library allocation
|
page read and write
|
||
|
B04000
|
heap
|
page read and write
|
||
|
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
|
F70000
|
heap
|
page execute and read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BA63000
|
stack
|
page read and write
|
||
|
1BC06000
|
heap
|
page read and write
|
||
|
12DF7000
|
trusted library allocation
|
page read and write
|
||
|
FA6000
|
heap
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
29DE000
|
trusted library allocation
|
page read and write
|
||
|
1BC70000
|
heap
|
page read and write
|
||
|
2F8E000
|
trusted library allocation
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
1B46D000
|
stack
|
page read and write
|
||
|
4B0000
|
unkown
|
page readonly
|
||
|
12DED000
|
trusted library allocation
|
page read and write
|
||
|
2D5B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
28E6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B79B000
|
trusted library allocation
|
page execute and read and write
|
||
|
5E0000
|
unkown
|
page readonly
|
||
|
1C63C000
|
stack
|
page read and write
|
||
|
2DEE000
|
stack
|
page read and write
|
||
|
1BC6E000
|
stack
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
C90000
|
heap
|
page read and write
|
||
|
1BAAF000
|
stack
|
page read and write
|
||
|
1B76E000
|
stack
|
page read and write
|
||
|
1150000
|
heap
|
page read and write
|
||
|
1BBF4000
|
heap
|
page read and write
|
||
|
1BC9F000
|
heap
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
12E04000
|
trusted library allocation
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
1BB8B000
|
heap
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
2C70000
|
heap
|
page execute and read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BE98000
|
heap
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
B43000
|
heap
|
page read and write
|
||
|
1080000
|
heap
|
page read and write
|
||
|
2A74000
|
trusted library allocation
|
page read and write
|
||
|
1BE43000
|
heap
|
page read and write
|
||
|
7FFD9B856000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CD4000
|
trusted library allocation
|
page read and write
|
||
|
AFA000
|
heap
|
page read and write
|
||
|
1B3AE000
|
stack
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page execute and read and write
|
||
|
FDF000
|
heap
|
page read and write
|
||
|
127F000
|
stack
|
page read and write
|
||
|
7FFD9B77D000
|
trusted library allocation
|
page execute and read and write
|
||
|
12DDF000
|
trusted library allocation
|
page read and write
|
||
|
1B6A3000
|
stack
|
page read and write
|
||
|
7FFD9B816000
|
trusted library allocation
|
page read and write
|
||
|
1B32D000
|
stack
|
page read and write
|
||
|
12B39000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B79C000
|
trusted library allocation
|
page read and write
|
||
|
1B877000
|
heap
|
page read and write
|
||
|
1175000
|
heap
|
page read and write
|
||
|
1BDE3000
|
heap
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
107A000
|
heap
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
2B2B000
|
trusted library allocation
|
page read and write
|
||
|
EF6000
|
stack
|
page read and write
|
||
|
2B70000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B77C000
|
trusted library allocation
|
page read and write
|
||
|
1B845000
|
heap
|
page read and write
|
||
|
7FFD9B81C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
|
1BD36000
|
heap
|
page read and write
|
||
|
F80000
|
trusted library section
|
page read and write
|
||
|
12F2C000
|
trusted library allocation
|
page read and write
|
||
|
1BBCB000
|
heap
|
page read and write
|
||
|
1B840000
|
heap
|
page read and write
|
||
|
1BDC2000
|
heap
|
page read and write
|
||
|
1395000
|
heap
|
page read and write
|
||
|
1B821000
|
heap
|
page read and write
|
||
|
1110000
|
heap
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
2BA0000
|
trusted library allocation
|
page read and write
|
||
|
FE1000
|
heap
|
page read and write
|
||
|
2C53000
|
trusted library allocation
|
page read and write
|
||
|
2A18000
|
trusted library allocation
|
page read and write
|
||
|
1BCAE000
|
stack
|
page read and write
|
||
|
1BE00000
|
heap
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
12DEF000
|
trusted library allocation
|
page read and write
|
||
|
12DA8000
|
trusted library allocation
|
page read and write
|
||
|
1B7AA000
|
stack
|
page read and write
|
||
|
1047000
|
heap
|
page read and write
|
||
|
12F2A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B846000
|
trusted library allocation
|
page execute and read and write
|
||
|
12DA3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B82C000
|
trusted library allocation
|
page execute and read and write
|
||
|
12E0C000
|
trusted library allocation
|
page read and write
|
||
|
12F17000
|
trusted library allocation
|
page read and write
|
||
|
12861000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B933000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B787000
|
trusted library allocation
|
page read and write
|
||
|
1BE37000
|
heap
|
page read and write
|
||
|
FC2000
|
heap
|
page read and write
|
||
|
12F1C000
|
trusted library allocation
|
page read and write
|
||
|
12F2F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B83C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B87C000
|
heap
|
page read and write
|
||
|
EF6000
|
stack
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
12EE1000
|
trusted library allocation
|
page read and write
|
||
|
107C000
|
heap
|
page read and write
|
||
|
2D09000
|
trusted library allocation
|
page read and write
|
||
|
1B7DF000
|
heap
|
page read and write
|
||
|
7FFD9B7BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
FC9000
|
heap
|
page read and write
|
||
|
1BDC8000
|
heap
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
2CA8000
|
trusted library allocation
|
page read and write
|
||
|
1B1FF000
|
stack
|
page read and write
|
||
|
7FFD9B836000
|
trusted library allocation
|
page read and write
|
||
|
1286D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
12E0E000
|
trusted library allocation
|
page read and write
|
||
|
1044000
|
heap
|
page read and write
|
||
|
7FFD9B93B000
|
trusted library allocation
|
page read and write
|
||
|
12DE6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
4B0000
|
unkown
|
page readonly
|
||
|
12E08000
|
trusted library allocation
|
page read and write
|
||
|
1130000
|
heap
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
12F49000
|
trusted library allocation
|
page read and write
|
||
|
1BBBC000
|
heap
|
page read and write
|
||
|
7FFD9B76D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BC0C000
|
heap
|
page read and write
|
||
|
7FFD9B923000
|
trusted library allocation
|
page read and write
|
||
|
F00000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B943000
|
trusted library allocation
|
page read and write
|
||
|
2E5C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B6A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
|
1B85B000
|
heap
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
1BEAA000
|
heap
|
page read and write
|
||
|
7FFD9B797000
|
trusted library allocation
|
page read and write
|
||
|
1BC95000
|
heap
|
page read and write
|
||
|
1BD24000
|
heap
|
page read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
101C000
|
heap
|
page read and write
|
||
|
1B2A0000
|
heap
|
page read and write
|
||
|
1BBA4000
|
stack
|
page read and write
|
||
|
12FB1000
|
trusted library allocation
|
page read and write
|
||
|
1BDAE000
|
stack
|
page read and write
|
||
|
2C25000
|
trusted library allocation
|
page read and write
|
||
|
1BE34000
|
heap
|
page read and write
|
||
|
1BBAC000
|
heap
|
page read and write
|
||
|
1BE14000
|
heap
|
page read and write
|
||
|
7FFD9B783000
|
trusted library allocation
|
page execute and read and write
|
||
|
10BC000
|
heap
|
page read and write
|
||
|
BE0000
|
trusted library allocation
|
page read and write
|
||
|
2BDA000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
12F1A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
F30000
|
trusted library allocation
|
page read and write
|
||
|
F70000
|
heap
|
page execute and read and write
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page read and write
|
||
|
1170000
|
heap
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B77D000
|
trusted library allocation
|
page execute and read and write
|
||
|
EDE000
|
stack
|
page read and write
|
||
|
7FFD9B91A000
|
trusted library allocation
|
page read and write
|
||
|
FAC000
|
heap
|
page read and write
|
||
|
1BE5E000
|
heap
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
1C43D000
|
stack
|
page read and write
|
||
|
104F000
|
heap
|
page read and write
|
||
|
2B50000
|
trusted library allocation
|
page read and write
|
||
|
12EDD000
|
trusted library allocation
|
page read and write
|
||
|
12F26000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
12F33000
|
trusted library allocation
|
page read and write
|
||
|
936000
|
stack
|
page read and write
|
||
|
285E000
|
stack
|
page read and write
|
||
|
7FFD9B7AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
12F37000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B782000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
FB5000
|
heap
|
page read and write
|
||
|
2EC0000
|
heap
|
page execute and read and write
|
||
|
1BBB3000
|
heap
|
page read and write
|
||
|
AB3000
|
heap
|
page read and write
|
||
|
1B1B0000
|
heap
|
page execute and read and write
|
||
|
12DF5000
|
trusted library allocation
|
page read and write
|
||
|
1B8AE000
|
stack
|
page read and write
|
||
|
A9A000
|
heap
|
page read and write
|
||
|
104F000
|
heap
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
12DF1000
|
trusted library allocation
|
page read and write
|
||
|
1540000
|
heap
|
page read and write
|
||
|
1BCD9000
|
heap
|
page read and write
|
||
|
1BC3F000
|
heap
|
page read and write
|
||
|
7FFD9B7A4000
|
trusted library allocation
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
7FFD9B971000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B762000
|
trusted library allocation
|
page read and write
|
||
|
12DF3000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
12E06000
|
trusted library allocation
|
page read and write
|
||
|
1BB92000
|
heap
|
page read and write
|
||
|
12F35000
|
trusted library allocation
|
page read and write
|
||
|
1BB48000
|
heap
|
page read and write
|
||
|
7FFD9B91C000
|
trusted library allocation
|
page read and write
|
||
|
12DA1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B90C000
|
trusted library allocation
|
page read and write
|
||
|
ADA000
|
heap
|
page read and write
|
||
|
7FFD9B92B000
|
trusted library allocation
|
page read and write
|
||
|
1BD83000
|
heap
|
page read and write
|
||
|
1BC33000
|
heap
|
page read and write
|
||
|
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B95D000
|
trusted library allocation
|
page read and write
|
||
|
1B9AE000
|
stack
|
page read and write
|
||
|
1BDE7000
|
heap
|
page read and write
|
||
|
CD5000
|
heap
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1016000
|
heap
|
page read and write
|
||
|
FDD000
|
heap
|
page read and write
|
||
|
12F3D000
|
trusted library allocation
|
page read and write
|
||
|
100E000
|
heap
|
page read and write
|
||
|
12DF9000
|
trusted library allocation
|
page read and write
|
||
|
1B5AE000
|
stack
|
page read and write
|
||
|
1390000
|
heap
|
page read and write
|
||
|
1BD9A000
|
heap
|
page read and write
|
||
|
A7C000
|
heap
|
page read and write
|
||
|
4B2000
|
unkown
|
page readonly
|
||
|
12F12000
|
trusted library allocation
|
page read and write
|
||
|
12F39000
|
trusted library allocation
|
page read and write
|
||
|
1B7FE000
|
heap
|
page read and write
|
||
|
106E000
|
heap
|
page read and write
|
||
|
1BE9C000
|
heap
|
page read and write
|
||
|
1BB32000
|
heap
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B763000
|
trusted library allocation
|
page execute and read and write
|
||
|
1052000
|
heap
|
page read and write
|
||
|
DDE000
|
stack
|
page read and write
|
||
|
1BD6D000
|
heap
|
page read and write
|
||
|
7FFD9B866000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E60000
|
trusted library allocation
|
page read and write
|
||
|
1B888000
|
heap
|
page read and write
|
||
|
7FFD9B774000
|
trusted library allocation
|
page read and write
|
||
|
12DFE000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7CC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AF00000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B903000
|
trusted library allocation
|
page read and write
|
||
|
1B8AE000
|
heap
|
page read and write
|
||
|
1BEA5000
|
heap
|
page read and write
|
||
|
1BC1D000
|
heap
|
page read and write
|
||
|
12F20000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E59000
|
trusted library allocation
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
1BCF0000
|
heap
|
page read and write
|
||
|
7FFD9B913000
|
trusted library allocation
|
page read and write
|
||
|
12F22000
|
trusted library allocation
|
page read and write
|
||
|
A76000
|
heap
|
page read and write
|
||
|
2A4C000
|
trusted library allocation
|
page read and write
|
||
|
12E02000
|
trusted library allocation
|
page read and write
|
||
|
1B82C000
|
heap
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
100A000
|
heap
|
page read and write
|
||
|
1BB59000
|
heap
|
page read and write
|
||
|
7FFD9B773000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BE26000
|
heap
|
page read and write
|
||
|
1BDAF000
|
heap
|
page read and write
|
||
|
7FFD9B92C000
|
trusted library allocation
|
page read and write
|
||
|
1BB64000
|
stack
|
page read and write
|
||
|
1B86E000
|
stack
|
page read and write
|
||
|
12DB1000
|
trusted library allocation
|
page read and write
|
||
|
12F1E000
|
trusted library allocation
|
page read and write
|
||
|
1BD2C000
|
heap
|
page read and write
|
||
|
12DEB000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
1ADFC000
|
stack
|
page read and write
|
||
|
1B8A2000
|
heap
|
page read and write
|
||
|
1B895000
|
heap
|
page read and write
|
||
|
12F10000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B78B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C90000
|
heap
|
page read and write
|
||
|
1B200000
|
trusted library section
|
page read and write
|
||
|
12F28000
|
trusted library allocation
|
page read and write
|
||
|
12E0A000
|
trusted library allocation
|
page read and write
|
||
|
1BD66000
|
heap
|
page read and write
|
||
|
1245000
|
heap
|
page read and write
|
||
|
7FFD9B793000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page execute and read and write
|
||
|
12DE8000
|
trusted library allocation
|
page read and write
|
||
|
1BEB0000
|
heap
|
page read and write
|
||
|
12F24000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B760000
|
trusted library allocation
|
page read and write
|
||
|
1BB21000
|
heap
|
page read and write
|
||
|
2926000
|
trusted library allocation
|
page read and write
|
||
|
144F000
|
stack
|
page read and write
|
||
|
12ED3000
|
trusted library allocation
|
page read and write
|
||
|
12ED1000
|
trusted library allocation
|
page read and write
|
||
|
134F000
|
stack
|
page read and write
|
||
|
1545000
|
heap
|
page read and write
|
||
|
7FFD9B79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BD47000
|
heap
|
page read and write
|
||
|
12E19000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B977000
|
trusted library allocation
|
page read and write
|
||
|
1BB08000
|
heap
|
page read and write
|
||
|
1B4AE000
|
stack
|
page read and write
|
||
|
2C60000
|
heap
|
page read and write
|
||
|
1B7B0000
|
heap
|
page read and write
|
||
|
1BDA0000
|
heap
|
page read and write
|
||
|
1BD06000
|
heap
|
page read and write
|
||
|
7FFD9B78C000
|
trusted library allocation
|
page read and write
|
||
|
7FF4BB210000
|
trusted library allocation
|
page execute and read and write
|
||
|
12DE1000
|
trusted library allocation
|
page read and write
|
||
|
1BEA3000
|
stack
|
page read and write
|
||
|
1BE88000
|
heap
|
page read and write
|
||
|
12C74000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BB72000
|
heap
|
page read and write
|
||
|
12F3B000
|
trusted library allocation
|
page read and write
|
||
|
12ED8000
|
trusted library allocation
|
page read and write
|
||
|
1BAF0000
|
heap
|
page read and write
|
||
|
2CD6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
1BB9C000
|
heap
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BF0000
|
heap
|
page execute and read and write
|
||
|
2BC3000
|
trusted library allocation
|
page read and write
|
||
|
C6E000
|
stack
|
page read and write
|
||
|
1BCB0000
|
heap
|
page read and write
|
||
|
F60000
|
trusted library section
|
page read and write
|
||
|
1BB43000
|
heap
|
page read and write
|
||
|
1B96F000
|
stack
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
1BAED000
|
stack
|
page read and write
|
||
|
12E00000
|
trusted library allocation
|
page read and write
|
||
|
F00000
|
trusted library allocation
|
page read and write
|
||
|
2AD0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B92B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B777000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B826000
|
trusted library allocation
|
page read and write
|
||
|
12868000
|
trusted library allocation
|
page read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
1B190000
|
trusted library section
|
page read and write
|
||
|
7FFD9B772000
|
trusted library allocation
|
page read and write
|
||
|
1ADD0000
|
trusted library allocation
|
page read and write
|
There are 388 hidden memdumps, click here to show them.