Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
N0tepkRPzw.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\WindowsPowerShell\Configuration\qVUjshNEHYUOCXyHyUMQwFlZoe.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\7-Zip\Lang\qVUjshNEHYUOCXyHyUMQwFlZoe.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft OneDrive\qVUjshNEHYUOCXyHyUMQwFlZoe.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Recovery\qVUjshNEHYUOCXyHyUMQwFlZoe.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Default\Favorites\qVUjshNEHYUOCXyHyUMQwFlZoe.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Provisioning\Packages\qVUjshNEHYUOCXyHyUMQwFlZoe.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\addins\RuntimeBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\bridgeportserver\blockServerruntime.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\bridgeportserver\u0vIoi.vbe
|
data
|
dropped
|
|
|
|
C:\Program Files (x86)\WindowsPowerShell\Configuration\c4950d50751633
|
ASCII text, with very long lines (613), with no line terminators
|
dropped
|
||
|
C:\Program Files\7-Zip\Lang\c4950d50751633
|
ASCII text, with very long lines (659), with no line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft OneDrive\c4950d50751633
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Recovery\c4950d50751633
|
ASCII text, with very long lines (900), with no line terminators
|
dropped
|
||
|
C:\Users\Default\Favorites\c4950d50751633
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\blockServerruntime.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\qVUjshNEHYUOCXyHyUMQwFlZoe.exe.log
|
CSV text
|
dropped
|
||
|
C:\Windows\Provisioning\Packages\c4950d50751633
|
ASCII text, with very long lines (929), with no line terminators
|
dropped
|
||
|
C:\Windows\addins\9e8d7a4ca61bd9
|
ASCII text, with very long lines (921), with no line terminators
|
dropped
|
||
|
C:\bridgeportserver\8nlgr42PAYPKgwQGCAUD8OnyAwE.bat
|
ASCII text, with no line terminators
|
dropped
|
There are 10 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\N0tepkRPzw.exe
|
"C:\Users\user\Desktop\N0tepkRPzw.exe"
|
|
|
|
C:\Windows\SysWOW64\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\bridgeportserver\u0vIoi.vbe"
|
|
|
|
C:\bridgeportserver\blockServerruntime.exe
|
"C:\bridgeportserver\blockServerruntime.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qVUjshNEHYUOCXyHyUMQwFlZoeq" /sc MINUTE /mo 5 /tr "'C:\Windows\Provisioning\Packages\qVUjshNEHYUOCXyHyUMQwFlZoe.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qVUjshNEHYUOCXyHyUMQwFlZoe" /sc ONLOGON /tr "'C:\Windows\Provisioning\Packages\qVUjshNEHYUOCXyHyUMQwFlZoe.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qVUjshNEHYUOCXyHyUMQwFlZoeq" /sc MINUTE /mo 11 /tr "'C:\Windows\Provisioning\Packages\qVUjshNEHYUOCXyHyUMQwFlZoe.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qVUjshNEHYUOCXyHyUMQwFlZoeq" /sc MINUTE /mo 13 /tr "'C:\Program Files\7-Zip\Lang\qVUjshNEHYUOCXyHyUMQwFlZoe.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qVUjshNEHYUOCXyHyUMQwFlZoe" /sc ONLOGON /tr "'C:\Program Files\7-Zip\Lang\qVUjshNEHYUOCXyHyUMQwFlZoe.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qVUjshNEHYUOCXyHyUMQwFlZoeq" /sc MINUTE /mo 8 /tr "'C:\Program Files\7-Zip\Lang\qVUjshNEHYUOCXyHyUMQwFlZoe.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Program Files\7-Zip\Lang\qVUjshNEHYUOCXyHyUMQwFlZoe.exe
|
"C:\Program Files\7-Zip\Lang\qVUjshNEHYUOCXyHyUMQwFlZoe.exe"
|
|
|
|
C:\Program Files\7-Zip\Lang\qVUjshNEHYUOCXyHyUMQwFlZoe.exe
|
"C:\Program Files\7-Zip\Lang\qVUjshNEHYUOCXyHyUMQwFlZoe.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qVUjshNEHYUOCXyHyUMQwFlZoeq" /sc MINUTE /mo 10 /tr "'C:\Recovery\qVUjshNEHYUOCXyHyUMQwFlZoe.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qVUjshNEHYUOCXyHyUMQwFlZoe" /sc ONLOGON /tr "'C:\Recovery\qVUjshNEHYUOCXyHyUMQwFlZoe.exe'" /rl HIGHEST
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qVUjshNEHYUOCXyHyUMQwFlZoeq" /sc MINUTE /mo 8 /tr "'C:\Recovery\qVUjshNEHYUOCXyHyUMQwFlZoe.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qVUjshNEHYUOCXyHyUMQwFlZoeq" /sc MINUTE /mo 9 /tr "'C:\Users\Default User\Favorites\qVUjshNEHYUOCXyHyUMQwFlZoe.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qVUjshNEHYUOCXyHyUMQwFlZoe" /sc ONLOGON /tr "'C:\Users\Default User\Favorites\qVUjshNEHYUOCXyHyUMQwFlZoe.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qVUjshNEHYUOCXyHyUMQwFlZoeq" /sc MINUTE /mo 13 /tr "'C:\Users\Default User\Favorites\qVUjshNEHYUOCXyHyUMQwFlZoe.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 12 /tr "'C:\Windows\addins\RuntimeBroker.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Windows\addins\RuntimeBroker.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 13 /tr "'C:\Windows\addins\RuntimeBroker.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qVUjshNEHYUOCXyHyUMQwFlZoeq" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\windowspowershell\Configuration\qVUjshNEHYUOCXyHyUMQwFlZoe.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qVUjshNEHYUOCXyHyUMQwFlZoe" /sc ONLOGON /tr "'C:\Program Files (x86)\windowspowershell\Configuration\qVUjshNEHYUOCXyHyUMQwFlZoe.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qVUjshNEHYUOCXyHyUMQwFlZoeq" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\windowspowershell\Configuration\qVUjshNEHYUOCXyHyUMQwFlZoe.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qVUjshNEHYUOCXyHyUMQwFlZoeq" /sc MINUTE /mo 11 /tr "'C:\Users\All Users\Microsoft OneDrive\qVUjshNEHYUOCXyHyUMQwFlZoe.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qVUjshNEHYUOCXyHyUMQwFlZoe" /sc ONLOGON /tr "'C:\Users\All Users\Microsoft OneDrive\qVUjshNEHYUOCXyHyUMQwFlZoe.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qVUjshNEHYUOCXyHyUMQwFlZoeq" /sc MINUTE /mo 12 /tr "'C:\Users\All Users\Microsoft OneDrive\qVUjshNEHYUOCXyHyUMQwFlZoe.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Recovery\qVUjshNEHYUOCXyHyUMQwFlZoe.exe
|
"C:\Recovery\qVUjshNEHYUOCXyHyUMQwFlZoe.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\bridgeportserver\8nlgr42PAYPKgwQGCAUD8OnyAwE.bat" "
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 19 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://a0985701.xsph.ru/8724b2c0.php?NojHfreA=XOUz3&s70=tQaeMHcDQCRT7QXgceCiIA&tJD6pNMml=ZU&d7b761e65d6b27ab6613537ab4fbd2d6=gNiJDZ0MTY1UGNkRWYzMzYwIGOiBTN5YTNxgjN1UzMygTZ3kTMiZ2YxIjN3gTNwMTMzYTO0QDN&64f08b8004af955eddd13c6a6e9c8200=gYwY2N1I2NwUTO1kDOkFmZ4YTNhRDM1YTZhRWNxYGM2cTM4YzN5EmM&dd417e5f2f0794e9aefa76f87ad32878=d1nIlFzNhRWZlZTNhF2MhlTN3kjZhRzMiVzYjZGOhBDZmFmMjdDO3UGZlJiOiAjZ3QGMhJmNxImYjZ2M5UWOidDZxIGNiJjY0I2N5UGZiwiIjhDZxM2MzcjN4kzYxM2M3ITM1gTYkRWM3ADM2UzMiZTYkF2NkJjMmJiOiYTZwIzM4MGNhhTMhRTYhVWOkhTNzMTO0YjMjRmZwYGMis3W&a84a2843b4ef9db88df9dc44c2636162=QX9JiI6IiMyEjNwkDO0UWNhJ2M0EjZycDMkRGZ1E2Y0gTZiVzYiJCLiUWM3EGZlVmN1EWYzEWO1cTOmFGNzIWNjNmZ4EGMkZWYyM2N4cTZkVmI6ICMmdDZwEmY2EjYiNmZzkTZ5I2NkFjY0ImMiRjY3kTZkJCLiMGOkFzYzMzN2gTOjFzYzcjMxUDOhRGZxcDMwYTNzImNhRWY3QmMyYmI6IiNlBjMzgzY0EGOxEGNhFWZ5QGO1MzM5QjNyMGZmBjZwIyes0nI5YlaPlWUYRmdWdlYwJlRjxmVHJGVKNETpNWbiBnQYpFb4JTVp9maJpnVIRGaSNTV1IFWhJDbHRmaGtWSzlUaJZTS5RmdS1mYwRmRWRkRrl0cJlGVp9maJRnRykVaWJjV6xWbJNXSTdVavpWSsVjMi9mQzIWeOdVYO5EWhl2dplEc0IDZ2VjMhVnVGt0Z0IDZ2VjMhVnVslkNJNlW0ZUbUZlQxEVa3lWSwRjMkZXNyEWdWZ0SnRjMkZXNyEWdWxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUMjRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpVEVOp3ZE5kMJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiIjMxYDM5gDNlVTYiNDNxYmM3ADZkRWNhNGN4UmY1MmYiwiI1EWO0gjN4UWNjVjMjdTO0kTO3EGNlBzYzUWOmljYhBzYzQmNwcjZ2IiOiAjZ3QGMhJmNxImYjZ2M5UWOidDZxIGNiJjY0I2N5UGZiwiIjhDZxM2MzcjN4kzYxM2M3ITM1gTYkRWM3ADM2UzMiZTYkF2NkJjMmJiOiYTZwIzM4MGNhhTMhRTYhVWOkhTNzMTO0YjMjRmZwYGMis3W
|
141.8.192.26
|
|
|
|
http://a0985701.xsph.ru/8724b2c0.php?NojHfreA=XOUz3&s70=tQaeMHcDQCRT7QXgceCiIA&tJD6pNMml=ZU&d7b761e65d6b27ab6613537ab4fbd2d6=gNiJDZ0MTY1UGNkRWYzMzYwIGOiBTN5YTNxgjN1UzMygTZ3kTMiZ2YxIjN3gTNwMTMzYTO0QDN&64f08b8004af955eddd13c6a6e9c8200=gYwY2N1I2NwUTO1kDOkFmZ4YTNhRDM1YTZhRWNxYGM2cTM4YzN5EmM&dd417e5f2f0794e9aefa76f87ad32878=d1nIlFzNhRWZlZTNhF2MhlTN3kjZhRzMiVzYjZGOhBDZmFmMjdDO3UGZlJiOiAjZ3QGMhJmNxImYjZ2M5UWOidDZxIGNiJjY0I2N5UGZiwiIjhDZxM2MzcjN4kzYxM2M3ITM1gTYkRWM3ADM2UzMiZTYkF2NkJjMmJiOiYTZwIzM4MGNhhTMhRTYhVWOkhTNzMTO0YjMjRmZwYGMis3W&a84a2843b4ef9db88df9dc44c2636162=d1nIiojIyITM2ATO4QTZ1EmYzQTMmJzNwQGZkVTYjRDOlJWNjJmIsISZxcTYkVWZ2UTYhNTY5UzN5YWY0MjY1M2YmhTYwQmZhJzY3gzNlRWZiojIwY2NkBTYiZTMiJ2YmNTOlljY3QWMiRjYyIGNidTOlRmIsIyY4QWMjNzM3YDO5MWMjNzNyETN4EGZkFzNwAjN1MjY2EGZhdDZyIjZiojI2UGMyMDOjRTY4ETY0EWYllDZ4UzMzkDN2IzYkZGMmBjI7xSfikjVq9UaRhFZ2Z1ViBnUGNGbWdkYUp0QMl2YtJGcChlWshnMVl2bqlkeWhEZoJ1MVVjUYFmMsdEZqZ0aJNXSpNGbkdVW1Z0VUdGMXlVekJjY5JEbJZTS5RmdS1mYwRmRWRkRrl0cJlGVp9maJRnRykVaWJjV6xWbJNXSTdVavpWSsVjMi9mQzIWeOdVYO5EWhl2dplEc0IDZ2VjMhVnVGt0Z0IDZ2VjMhVnVslkNJNlW0ZUbUZlQxEVa3lWSwRjMkZXNyEWdWZ0SnRjMkZXNyEWdWxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUMjRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpVEVOp3ZE5kMJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiIjMxYDM5gDNlVTYiNDNxYmM3ADZkRWNhNGN4UmY1MmYiwiI1EWO0gjN4UWNjVjMjdTO0kTO3EGNlBzYzUWOmljYhBzYzQmNwcjZ2IiOiAjZ3QGMhJmNxImYjZ2M5UWOidDZxIGNiJjY0I2N5UGZiwiIjhDZxM2MzcjN4kzYxM2M3ITM1gTYkRWM3ADM2UzMiZTYkF2NkJjMmJiOiYTZwIzM4MGNhhTMhRTYhVWOkhTNzMTO0YjMjRmZwYGMis3W
|
141.8.192.26
|
|
|
|
http://a0985701.xsph.ru/
|
unknown
|
|
|
|
http://a0985701.xsph.ru
|
unknown
|
|
|
|
http://a0985701.xsph.ru/8724b2c0.php?NojHfreA=XOUz3&s70=tQaeMHcDQCRT7QXgceCiIA&tJD6pNMml=ZU&d7b761e65d6b27ab6613537ab4fbd2d6=gNiJDZ0MTY1UGNkRWYzMzYwIGOiBTN5YTNxgjN1UzMygTZ3kTMiZ2YxIjN3gTNwMTMzYTO0QDN&64f08b8004af955eddd13c6a6e9c8200=gYwY2N1I2NwUTO1kDOkFmZ4YTNhRDM1YTZhRWNxYGM2cTM4YzN5EmM&a84a2843b4ef9db88df9dc44c2636162=0VfiIiOiIjMxYDM5gDNlVTYiNDNxYmM3ADZkRWNhNGN4UmY1MmYiwiI0ITOlhzNhJzM4EjZmRTZlZTOiVWYkZmNiRTM2YWYykTOlVTMzQTNzIiOiAjZ3QGMhJmNxImYjZ2M5UWOidDZxIGNiJjY0I2N5UGZiwiIjhDZxM2MzcjN4kzYxM2M3ITM1gTYkRWM3ADM2UzMiZTYkF2NkJjMmJiOiYTZwIzM4MGNhhTMhRTYhVWOkhTNzMTO0YjMjRmZwYGMis3W
|
141.8.192.26
|
|
|
|
http://a0985701.xsph.ru/8724b2c0.php?NojHfreA=XOUz3&s70=tQaeMHcDQCRT7QXgceCiIA&tJD6pNMml=ZU&d7b761e65d6b27ab6613537ab4fbd2d6=gNiJDZ0MTY1UGNkRWYzMzYwIGOiBTN5YTNxgjN1UzMygTZ3kTMiZ2YxIjN3gTNwMTMzYTO0QDN&64f08b8004af955eddd13c6a6e9c8200=gYwY2N1I2NwUTO1kDOkFmZ4YTNhRDM1YTZhRWNxYGM2cTM4YzN5EmM&dd417e5f2f0794e9aefa76f87ad32878=d1nIlFzNhRWZlZTNhF2MhlTN3kjZhRzMiVzYjZGOhBDZmFmMjdDO3UGZlJiOiAjZ3QGMhJmNxImYjZ2M5UWOidDZxIGNiJjY0I2N5UGZiwiIjhDZxM2MzcjN4kzYxM2M3ITM1gTYkRWM3ADM2UzMiZTYkF2NkJjMmJiOiYTZwIzM4MGNhhTMhRTYhVWOkhTNzMTO0YjMjRmZwYGMis3W&a84a2843b4ef9db88df9dc44c2636162=QX9JiI6IiMyEjNwkDO0UWNhJ2M0EjZycDMkRGZ1E2Y0gTZiVzYiJCLiUWM3EGZlVmN1EWYzEWO1cTOmFGNzIWNjNmZ4EGMkZWYyM2N4cTZkVmI6ICMmdDZwEmY2EjYiNmZzkTZ5I2NkFjY0ImMiRjY3kTZkJCLiMGOkFzYzMzN2gTOjFzYzcjMxUDOhRGZxcDMwYTNzImNhRWY3QmMyYmI6IiNlBjMzgzY0EGOxEGNhFWZ5QGO1MzM5QjNyMGZmBjZwIyes0nIRZWMvpWSwY1MixWMXFWVChlWshnMVl2dplEbahVYw40VRl2bqlkeWhEZoJ1MVVjUYFmMsdEZqZ0aJNXSpNGbkdVW1Z0VUdGMXlVekJjY5JEbJZTS5RmdS1mYwRmRWRkRrl0cJlGVp9maJRnRykVaWJjV6xWbJNXSTdVavpWSsVjMi9mQzIWeOdVYO5EWhl2dplEc0IDZ2VjMhVnVGt0Z0IDZ2VjMhVnVslkNJNlW0ZUbUZlQxEVa3lWSwRjMkZXNyEWdWZ0SnRjMkZXNyEWdWxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUMjRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpVEVOp3ZE5kMJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiIjMxYDM5gDNlVTYiNDNxYmM3ADZkRWNhNGN4UmY1MmYiwiI1EWO0gjN4UWNjVjMjdTO0kTO3EGNlBzYzUWOmljYhBzYzQmNwcjZ2IiOiAjZ3QGMhJmNxImYjZ2M5UWOidDZxIGNiJjY0I2N5UGZiwiIjhDZxM2MzcjN4kzYxM2M3ITM1gTYkRWM3ADM2UzMiZTYkF2NkJjMmJiOiYTZwIzM4MGNhhTMhRTYhVWOkhTNzMTO0YjMjRmZwYGMis3W
|
141.8.192.26
|
|
|
|
http://a0985701.xsph.ru/@=AzYyIGNycDO
|
|
||
|
http://a0985701.xsph.ru/8724b2c0.php?NojHfreA=XOUz3&s70=tQaeMHcDQCRT7QXgceCiIA&tJD6pNMml=ZU&d7b761e6
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://a0985701.xsph.ru/8724b2c0.php?JXADoN71DREbXlN5ShtBqUILw=EapRi6atSHCfexR2Fv1OzkYpt1k&FyPyQyIgL
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
a0985701.xsph.ru
|
141.8.192.26
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
141.8.192.26
|
a0985701.xsph.ru
|
Russian Federation
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\SOFTWARE\467ffbc38d83c08c99dce5d8ed43a648065e6cc4
|
99ad3e2ab5ce408954fb9f26351bab689f45e210
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qVUjshNEHYUOCXyHyUMQwFlZoe_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qVUjshNEHYUOCXyHyUMQwFlZoe_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qVUjshNEHYUOCXyHyUMQwFlZoe_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qVUjshNEHYUOCXyHyUMQwFlZoe_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qVUjshNEHYUOCXyHyUMQwFlZoe_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qVUjshNEHYUOCXyHyUMQwFlZoe_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qVUjshNEHYUOCXyHyUMQwFlZoe_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qVUjshNEHYUOCXyHyUMQwFlZoe_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qVUjshNEHYUOCXyHyUMQwFlZoe_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qVUjshNEHYUOCXyHyUMQwFlZoe_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qVUjshNEHYUOCXyHyUMQwFlZoe_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qVUjshNEHYUOCXyHyUMQwFlZoe_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qVUjshNEHYUOCXyHyUMQwFlZoe_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qVUjshNEHYUOCXyHyUMQwFlZoe_RASMANCS
|
FileDirectory
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2811000
|
trusted library allocation
|
page read and write
|
|
|
|
2CEC000
|
trusted library allocation
|
page read and write
|
|
|
|
2B75000
|
trusted library allocation
|
page read and write
|
|
|
|
2A52000
|
trusted library allocation
|
page read and write
|
|
|
|
2471000
|
trusted library allocation
|
page read and write
|
|
|
|
2AE0000
|
trusted library allocation
|
page read and write
|
|
|
|
24D1000
|
trusted library allocation
|
page read and write
|
|
|
|
287F000
|
trusted library allocation
|
page read and write
|
|
|
|
2A00000
|
trusted library allocation
|
page read and write
|
|
|
|
2ABC000
|
trusted library allocation
|
page read and write
|
|
|
|
124DF000
|
trusted library allocation
|
page read and write
|
|
|
|
2F00000
|
trusted library allocation
|
page read and write
|
|
|
|
2951000
|
trusted library allocation
|
page read and write
|
|
|
|
2B5D000
|
trusted library allocation
|
page read and write
|
|
|
|
CAF000
|
stack
|
page read and write
|
||
|
818000
|
heap
|
page read and write
|
||
|
90000
|
unkown
|
page readonly
|
||
|
1B54E000
|
stack
|
page read and write
|
||
|
34B2000
|
heap
|
page read and write
|
||
|
E90000
|
trusted library allocation
|
page read and write
|
||
|
386000
|
stack
|
page read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
6A9F000
|
heap
|
page read and write
|
||
|
34B2000
|
heap
|
page read and write
|
||
|
1BFBA000
|
stack
|
page read and write
|
||
|
D94000
|
unkown
|
page read and write
|
||
|
1B350000
|
heap
|
page execute and read and write
|
||
|
3428000
|
heap
|
page read and write
|
||
|
A0B000
|
heap
|
page read and write
|
||
|
60E000
|
stack
|
page read and write
|
||
|
7FFD9BB30000
|
trusted library allocation
|
page read and write
|
||
|
260B000
|
trusted library allocation
|
page read and write
|
||
|
4CCE000
|
stack
|
page read and write
|
||
|
1B75E000
|
stack
|
page read and write
|
||
|
950000
|
trusted library allocation
|
page read and write
|
||
|
804000
|
heap
|
page read and write
|
||
|
A1C000
|
heap
|
page read and write
|
||
|
660000
|
trusted library allocation
|
page read and write
|
||
|
23CE000
|
stack
|
page read and write
|
||
|
1BDBE000
|
stack
|
page read and write
|
||
|
7FFD9B994000
|
trusted library allocation
|
page read and write
|
||
|
1B3EF000
|
stack
|
page read and write
|
||
|
1D0000
|
heap
|
page readonly
|
||
|
560000
|
heap
|
page read and write
|
||
|
1B586000
|
heap
|
page read and write
|
||
|
832000
|
heap
|
page read and write
|
||
|
80E000
|
heap
|
page read and write
|
||
|
92000
|
unkown
|
page readonly
|
||
|
7FFD9B996000
|
trusted library allocation
|
page read and write
|
||
|
5B60000
|
heap
|
page read and write
|
||
|
4E9000
|
stack
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
1B928000
|
heap
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
8A1000
|
heap
|
page read and write
|
||
|
1B493000
|
stack
|
page read and write
|
||
|
818000
|
heap
|
page read and write
|
||
|
124D1000
|
trusted library allocation
|
page read and write
|
||
|
1B90A000
|
heap
|
page read and write
|
||
|
2740000
|
heap
|
page read and write
|
||
|
7FFD9B99C000
|
trusted library allocation
|
page read and write
|
||
|
ABE000
|
stack
|
page read and write
|
||
|
7FFD9BB23000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA4C000
|
trusted library allocation
|
page execute and read and write
|
||
|
3469000
|
heap
|
page read and write
|
||
|
7FFD9BA46000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B99D000
|
trusted library allocation
|
page execute and read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
7FFD9BB4B000
|
trusted library allocation
|
page read and write
|
||
|
252B000
|
trusted library allocation
|
page read and write
|
||
|
4C6000
|
stack
|
page read and write
|
||
|
8AA000
|
heap
|
page read and write
|
||
|
89F000
|
heap
|
page read and write
|
||
|
7FFD9BB5B000
|
trusted library allocation
|
page read and write
|
||
|
4F1000
|
stack
|
page read and write
|
||
|
24BF000
|
trusted library allocation
|
page read and write
|
||
|
E6F000
|
stack
|
page read and write
|
||
|
1B653000
|
stack
|
page read and write
|
||
|
1B811000
|
heap
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
832000
|
heap
|
page read and write
|
||
|
60C4000
|
heap
|
page read and write
|
||
|
A9C000
|
heap
|
page read and write
|
||
|
2726000
|
trusted library allocation
|
page read and write
|
||
|
348B000
|
heap
|
page read and write
|
||
|
129C5000
|
trusted library allocation
|
page read and write
|
||
|
607B000
|
heap
|
page read and write
|
||
|
7FFD9BB60000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
D50000
|
unkown
|
page readonly
|
||
|
7FFD9BC20000
|
trusted library allocation
|
page read and write
|
||
|
818000
|
heap
|
page read and write
|
||
|
3468000
|
heap
|
page read and write
|
||
|
7FFD9BB60000
|
trusted library allocation
|
page read and write
|
||
|
A7D000
|
heap
|
page read and write
|
||
|
CC0000
|
trusted library allocation
|
page read and write
|
||
|
1B57E000
|
heap
|
page read and write
|
||
|
7FFD9B9AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BA56000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB50000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB30000
|
trusted library allocation
|
page read and write
|
||
|
1B39E000
|
stack
|
page read and write
|
||
|
DF7000
|
unkown
|
page readonly
|
||
|
69F3000
|
heap
|
page read and write
|
||
|
3490000
|
heap
|
page read and write
|
||
|
CA1000
|
trusted library allocation
|
page read and write
|
||
|
8AA000
|
heap
|
page read and write
|
||
|
1ADA0000
|
trusted library section
|
page read and write
|
||
|
1B620000
|
heap
|
page read and write
|
||
|
1B59F000
|
heap
|
page read and write
|
||
|
E40000
|
trusted library allocation
|
page read and write
|
||
|
3471000
|
heap
|
page read and write
|
||
|
3486000
|
heap
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
12951000
|
trusted library allocation
|
page read and write
|
||
|
12B99000
|
trusted library allocation
|
page read and write
|
||
|
32FB000
|
stack
|
page read and write
|
||
|
12473000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB46000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BBF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
7FFD9BB60000
|
trusted library allocation
|
page read and write
|
||
|
9B5000
|
heap
|
page read and write
|
||
|
7FFD9BB70000
|
trusted library allocation
|
page read and write
|
||
|
1B550000
|
heap
|
page read and write
|
||
|
84C000
|
heap
|
page read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BB70000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB3A000
|
trusted library allocation
|
page read and write
|
||
|
1B5B1000
|
heap
|
page read and write
|
||
|
D65000
|
heap
|
page read and write
|
||
|
3482000
|
heap
|
page read and write
|
||
|
7FFD9B9A4000
|
trusted library allocation
|
page read and write
|
||
|
6D2F000
|
stack
|
page read and write
|
||
|
29E8000
|
trusted library allocation
|
page read and write
|
||
|
89F000
|
heap
|
page read and write
|
||
|
3461000
|
heap
|
page read and write
|
||
|
34B2000
|
heap
|
page read and write
|
||
|
7FFD9BB74000
|
trusted library allocation
|
page read and write
|
||
|
3441000
|
heap
|
page read and write
|
||
|
26D5000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAB8000
|
trusted library allocation
|
page execute and read and write
|
||
|
A34000
|
heap
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
7FFD9BB3A000
|
trusted library allocation
|
page read and write
|
||
|
84C000
|
heap
|
page read and write
|
||
|
8A1000
|
heap
|
page read and write
|
||
|
1B14F000
|
stack
|
page read and write
|
||
|
346B000
|
heap
|
page read and write
|
||
|
129D0000
|
trusted library allocation
|
page read and write
|
||
|
CE0000
|
trusted library allocation
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
3473000
|
heap
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
34AA000
|
heap
|
page read and write
|
||
|
7FFD9B9BB000
|
trusted library allocation
|
page execute and read and write
|
||
|
CF4000
|
heap
|
page read and write
|
||
|
7FFD9B992000
|
trusted library allocation
|
page read and write
|
||
|
2420000
|
heap
|
page execute and read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page execute and read and write
|
||
|
348B000
|
heap
|
page read and write
|
||
|
7FFD9B9AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B9A2000
|
trusted library allocation
|
page read and write
|
||
|
3449000
|
heap
|
page read and write
|
||
|
1B343000
|
stack
|
page read and write
|
||
|
2420000
|
heap
|
page execute and read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
E60000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B99D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E7000
|
stack
|
page read and write
|
||
|
38F9000
|
heap
|
page read and write
|
||
|
1B809000
|
heap
|
page read and write
|
||
|
24B0000
|
trusted library section
|
page read and write
|
||
|
7FFD9B9A8000
|
trusted library allocation
|
page read and write
|
||
|
60AE000
|
stack
|
page read and write
|
||
|
68C000
|
heap
|
page read and write
|
||
|
24C0000
|
heap
|
page read and write
|
||
|
4CD0000
|
heap
|
page read and write
|
||
|
1AE90000
|
heap
|
page read and write
|
||
|
5B70000
|
heap
|
page read and write
|
||
|
1B860000
|
heap
|
page read and write
|
||
|
3490000
|
heap
|
page read and write
|
||
|
1B5F6000
|
heap
|
page read and write
|
||
|
1B5A2000
|
heap
|
page read and write
|
||
|
1B847000
|
heap
|
page read and write
|
||
|
347F000
|
heap
|
page read and write
|
||
|
3490000
|
heap
|
page read and write
|
||
|
7FFD9BC00000
|
trusted library allocation
|
page execute and read and write
|
||
|
12F01000
|
trusted library allocation
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
2815000
|
trusted library allocation
|
page read and write
|
||
|
4BC000
|
stack
|
page read and write
|
||
|
12818000
|
trusted library allocation
|
page read and write
|
||
|
1B589000
|
heap
|
page read and write
|
||
|
47E0000
|
heap
|
page read and write
|
||
|
7FFD9BB60000
|
trusted library allocation
|
page read and write
|
||
|
34B2000
|
heap
|
page read and write
|
||
|
1B7B6000
|
heap
|
page read and write
|
||
|
1B868000
|
heap
|
page read and write
|
||
|
F60000
|
heap
|
page read and write
|
||
|
81D000
|
heap
|
page read and write
|
||
|
CF0000
|
heap
|
page execute and read and write
|
||
|
7FFD9B9BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
516000
|
stack
|
page read and write
|
||
|
5E0E000
|
stack
|
page read and write
|
||
|
A7B000
|
heap
|
page read and write
|
||
|
6E6D000
|
stack
|
page read and write
|
||
|
808000
|
heap
|
page read and write
|
||
|
7FFD9B9AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BBA1000
|
trusted library allocation
|
page read and write
|
||
|
1B890000
|
heap
|
page read and write
|
||
|
910000
|
trusted library allocation
|
page read and write
|
||
|
34B2000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
80B000
|
heap
|
page read and write
|
||
|
5A1000
|
heap
|
page read and write
|
||
|
7FFD9BB91000
|
trusted library allocation
|
page read and write
|
||
|
65A000
|
heap
|
page read and write
|
||
|
348A000
|
heap
|
page read and write
|
||
|
1B7D5000
|
heap
|
page read and write
|
||
|
7FFD9B9EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B648000
|
heap
|
page read and write
|
||
|
69C2000
|
heap
|
page read and write
|
||
|
1A980000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9AC000
|
trusted library allocation
|
page read and write
|
||
|
27AE000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9CB000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BB80000
|
trusted library allocation
|
page read and write
|
||
|
6F1000
|
heap
|
page read and write
|
||
|
128D1000
|
trusted library allocation
|
page read and write
|
||
|
8A1000
|
heap
|
page read and write
|
||
|
A51000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
28A1000
|
trusted library allocation
|
page read and write
|
||
|
80F000
|
heap
|
page read and write
|
||
|
686000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
6EC000
|
heap
|
page read and write
|
||
|
A2F000
|
stack
|
page read and write
|
||
|
6C1000
|
heap
|
page read and write
|
||
|
4BCE000
|
stack
|
page read and write
|
||
|
1B8EB000
|
heap
|
page read and write
|
||
|
7FFD9BB90000
|
trusted library allocation
|
page read and write
|
||
|
D50000
|
unkown
|
page readonly
|
||
|
6972000
|
heap
|
page read and write
|
||
|
3490000
|
heap
|
page read and write
|
||
|
4A4E000
|
stack
|
page read and write
|
||
|
7FFD9BA66000
|
trusted library allocation
|
page execute and read and write
|
||
|
25ED000
|
trusted library allocation
|
page read and write
|
||
|
5A3000
|
heap
|
page read and write
|
||
|
1B59B000
|
heap
|
page read and write
|
||
|
1AA5C000
|
stack
|
page read and write
|
||
|
7FFD9B9A3000
|
trusted library allocation
|
page read and write
|
||
|
1B79D000
|
stack
|
page read and write
|
||
|
34AA000
|
heap
|
page read and write
|
||
|
6974000
|
heap
|
page read and write
|
||
|
A53000
|
heap
|
page read and write
|
||
|
348B000
|
heap
|
page read and write
|
||
|
3466000
|
heap
|
page read and write
|
||
|
1B7C3000
|
heap
|
page read and write
|
||
|
1B5FB000
|
heap
|
page read and write
|
||
|
7FFD9B9B4000
|
trusted library allocation
|
page read and write
|
||
|
1B09E000
|
stack
|
page read and write
|
||
|
50B0000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
2490000
|
trusted library section
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
1B7F1000
|
heap
|
page read and write
|
||
|
1247D000
|
trusted library allocation
|
page read and write
|
||
|
1C1BC000
|
stack
|
page read and write
|
||
|
12BD0000
|
trusted library allocation
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
1B6E4000
|
stack
|
page read and write
|
||
|
4B8E000
|
stack
|
page read and write
|
||
|
7FFD9BABA000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BC10000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AF40000
|
heap
|
page execute and read and write
|
||
|
1ACD0000
|
heap
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page execute and read and write
|
||
|
6EE000
|
heap
|
page read and write
|
||
|
12811000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
1B8FF000
|
heap
|
page read and write
|
||
|
7E8000
|
heap
|
page read and write
|
||
|
12481000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BBC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB30000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB5B000
|
trusted library allocation
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
7FFD9B9BC000
|
trusted library allocation
|
page read and write
|
||
|
1C6000
|
unkown
|
page readonly
|
||
|
7FF404410000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page execute and read and write
|
||
|
3465000
|
heap
|
page read and write
|
||
|
675000
|
heap
|
page read and write
|
||
|
12478000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB8D000
|
trusted library allocation
|
page read and write
|
||
|
EFB000
|
stack
|
page read and write
|
||
|
7FFD9B993000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B573000
|
heap
|
page read and write
|
||
|
7FFD9BB3E000
|
trusted library allocation
|
page read and write
|
||
|
94E000
|
stack
|
page read and write
|
||
|
3480000
|
heap
|
page read and write
|
||
|
A88000
|
heap
|
page read and write
|
||
|
7FFD9B994000
|
trusted library allocation
|
page read and write
|
||
|
294E000
|
stack
|
page read and write
|
||
|
1ADC0000
|
trusted library section
|
page read and write
|
||
|
7FFD9BB33000
|
trusted library allocation
|
page read and write
|
||
|
3442000
|
heap
|
page read and write
|
||
|
7FFD9BB43000
|
trusted library allocation
|
page read and write
|
||
|
34AA000
|
heap
|
page read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BBF0000
|
trusted library allocation
|
page read and write
|
||
|
89F000
|
heap
|
page read and write
|
||
|
A08000
|
heap
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
1B855000
|
heap
|
page read and write
|
||
|
38F0000
|
heap
|
page read and write
|
||
|
A0D000
|
heap
|
page read and write
|
||
|
1B24E000
|
stack
|
page read and write
|
||
|
1281D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA46000
|
trusted library allocation
|
page read and write
|
||
|
5A1E000
|
stack
|
page read and write
|
||
|
4E0E000
|
stack
|
page read and write
|
||
|
5D5000
|
heap
|
page read and write
|
||
|
33D0000
|
heap
|
page read and write
|
||
|
7FFD9BA76000
|
trusted library allocation
|
page execute and read and write
|
||
|
9FB000
|
heap
|
page read and write
|
||
|
4F9000
|
stack
|
page read and write
|
||
|
8AA000
|
heap
|
page read and write
|
||
|
7FFD9BBC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B9BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
347A000
|
heap
|
page read and write
|
||
|
8AA000
|
heap
|
page read and write
|
||
|
1B63A000
|
heap
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
348F000
|
heap
|
page read and write
|
||
|
576F000
|
stack
|
page read and write
|
||
|
DB2000
|
unkown
|
page readonly
|
||
|
D83000
|
unkown
|
page readonly
|
||
|
7FFD9B9AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
34AA000
|
heap
|
page read and write
|
||
|
7FFD9BBEB000
|
trusted library allocation
|
page read and write
|
||
|
8AA000
|
heap
|
page read and write
|
||
|
1295D000
|
trusted library allocation
|
page read and write
|
||
|
D34000
|
heap
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BBE0000
|
trusted library allocation
|
page read and write
|
||
|
2840000
|
heap
|
page execute and read and write
|
||
|
1BEBE000
|
stack
|
page read and write
|
||
|
8AA000
|
heap
|
page read and write
|
||
|
7FFD9B99D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B983000
|
trusted library allocation
|
page execute and read and write
|
||
|
258B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB70000
|
trusted library allocation
|
page read and write
|
||
|
562F000
|
stack
|
page read and write
|
||
|
A4C000
|
heap
|
page read and write
|
||
|
DC6000
|
unkown
|
page readonly
|
||
|
1B7EF000
|
stack
|
page read and write
|
||
|
D83000
|
unkown
|
page readonly
|
||
|
6C3000
|
heap
|
page read and write
|
||
|
7FFD9B9CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D6000
|
stack
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
1295F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB4C000
|
trusted library allocation
|
page read and write
|
||
|
371E000
|
stack
|
page read and write
|
||
|
6D6B000
|
stack
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
C95000
|
heap
|
page read and write
|
||
|
6B7000
|
heap
|
page read and write
|
||
|
3449000
|
heap
|
page read and write
|
||
|
34AA000
|
heap
|
page read and write
|
||
|
7FFD9BB40000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB70000
|
trusted library allocation
|
page read and write
|
||
|
12B62000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BBB0000
|
trusted library allocation
|
page read and write
|
||
|
3420000
|
heap
|
page read and write
|
||
|
832000
|
heap
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
7FFD9BB57000
|
trusted library allocation
|
page read and write
|
||
|
1B194000
|
stack
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
5CC000
|
heap
|
page read and write
|
||
|
5070000
|
heap
|
page read and write
|
||
|
34B2000
|
heap
|
page read and write
|
||
|
1A840000
|
trusted library allocation
|
page read and write
|
||
|
128FF000
|
trusted library allocation
|
page read and write
|
||
|
346F000
|
heap
|
page read and write
|
||
|
84A000
|
heap
|
page read and write
|
||
|
124DD000
|
trusted library allocation
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
E85000
|
heap
|
page read and write
|
||
|
7FFD9BB7C000
|
trusted library allocation
|
page read and write
|
||
|
1B64E000
|
heap
|
page read and write
|
||
|
1B552000
|
heap
|
page read and write
|
||
|
77E000
|
stack
|
page read and write
|
||
|
D30000
|
trusted library allocation
|
page read and write
|
||
|
ACE000
|
heap
|
page read and write
|
||
|
346F000
|
heap
|
page read and write
|
||
|
3486000
|
heap
|
page read and write
|
||
|
8A8000
|
heap
|
page read and write
|
||
|
916000
|
stack
|
page read and write
|
||
|
1B84C000
|
heap
|
page read and write
|
||
|
1B58B000
|
heap
|
page read and write
|
||
|
34AA000
|
heap
|
page read and write
|
||
|
7FFD9BB33000
|
trusted library allocation
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
6B2000
|
heap
|
page read and write
|
||
|
1B887000
|
heap
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
7FFD9BB40000
|
trusted library allocation
|
page read and write
|
||
|
3474000
|
heap
|
page read and write
|
||
|
7FFD9BB4B000
|
trusted library allocation
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
D8E000
|
unkown
|
page read and write
|
||
|
7FFD9BB40000
|
trusted library allocation
|
page read and write
|
||
|
1BC3D000
|
stack
|
page read and write
|
||
|
786000
|
stack
|
page read and write
|
||
|
61C000
|
heap
|
page read and write
|
||
|
5A5E000
|
stack
|
page read and write
|
||
|
3468000
|
heap
|
page read and write
|
||
|
7FFD9BBE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9B3000
|
trusted library allocation
|
page read and write
|
||
|
1AEDD000
|
stack
|
page read and write
|
||
|
C90000
|
heap
|
page read and write
|
||
|
1AE3E000
|
stack
|
page read and write
|
||
|
7FFD9B9DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
DB3000
|
unkown
|
page readonly
|
||
|
1B1EE000
|
stack
|
page read and write
|
||
|
7FFD9BB20000
|
trusted library allocation
|
page read and write
|
||
|
60F5000
|
heap
|
page read and write
|
||
|
591D000
|
stack
|
page read and write
|
||
|
D51000
|
unkown
|
page execute read
|
||
|
7FFD9BB53000
|
trusted library allocation
|
page read and write
|
||
|
12EF1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB50000
|
trusted library allocation
|
page read and write
|
||
|
494E000
|
stack
|
page read and write
|
||
|
552E000
|
stack
|
page read and write
|
||
|
D51000
|
unkown
|
page execute read
|
||
|
1B8B2000
|
heap
|
page read and write
|
||
|
7FFD9BB2A000
|
trusted library allocation
|
page read and write
|
||
|
DB1000
|
unkown
|
page read and write
|
||
|
7C7000
|
heap
|
page read and write
|
||
|
7FFD9B982000
|
trusted library allocation
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
7FFD9B984000
|
trusted library allocation
|
page read and write
|
||
|
1B8E9000
|
heap
|
page read and write
|
||
|
8E4000
|
heap
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
64E000
|
stack
|
page read and write
|
||
|
347E000
|
heap
|
page read and write
|
||
|
7FFD9BAC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
12A3F000
|
trusted library allocation
|
page read and write
|
||
|
26E0000
|
heap
|
page read and write
|
||
|
1BCBF000
|
stack
|
page read and write
|
||
|
61AF000
|
stack
|
page read and write
|
||
|
1B5E1000
|
heap
|
page read and write
|
||
|
1B8E6000
|
heap
|
page read and write
|
||
|
34B2000
|
heap
|
page read and write
|
||
|
1B907000
|
heap
|
page read and write
|
||
|
DB2000
|
unkown
|
page write copy
|
||
|
1B8B8000
|
heap
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
1B31F000
|
stack
|
page read and write
|
||
|
124D8000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
1ADAC000
|
stack
|
page read and write
|
||
|
3489000
|
heap
|
page read and write
|
||
|
3465000
|
heap
|
page read and write
|
||
|
4910000
|
trusted library allocation
|
page read and write
|
||
|
1B7F9000
|
heap
|
page read and write
|
||
|
566E000
|
stack
|
page read and write
|
||
|
1B7BE000
|
heap
|
page read and write
|
||
|
8B0000
|
trusted library allocation
|
page read and write
|
||
|
84C000
|
heap
|
page read and write
|
||
|
849000
|
heap
|
page read and write
|
||
|
34AA000
|
heap
|
page read and write
|
||
|
5CE000
|
heap
|
page read and write
|
||
|
1B803000
|
heap
|
page read and write
|
||
|
1B8D5000
|
heap
|
page read and write
|
||
|
2860000
|
trusted library allocation
|
page read and write
|
||
|
1B844000
|
heap
|
page read and write
|
||
|
1B84E000
|
heap
|
page read and write
|
||
|
2700000
|
heap
|
page read and write
|
||
|
1B445000
|
stack
|
page read and write
|
||
|
AD2000
|
heap
|
page read and write
|
||
|
1B896000
|
heap
|
page read and write
|
||
|
361F000
|
stack
|
page read and write
|
||
|
1B7E9000
|
heap
|
page read and write
|
||
|
980000
|
trusted library allocation
|
page read and write
|
||
|
1A4A0000
|
trusted library allocation
|
page read and write
|
||
|
4D0000
|
stack
|
page read and write
|
||
|
1B29E000
|
stack
|
page read and write
|
||
|
7FFD9B9BB000
|
trusted library allocation
|
page execute and read and write
|
||
|
12813000
|
trusted library allocation
|
page read and write
|
||
|
12AE5000
|
trusted library allocation
|
page read and write
|
||
|
4A8E000
|
stack
|
page read and write
|
||
|
7FFD9BB50000
|
trusted library allocation
|
page read and write
|
||
|
1C3F7000
|
stack
|
page read and write
|
||
|
1B599000
|
heap
|
page read and write
|
||
|
246E000
|
stack
|
page read and write
|
||
|
1B817000
|
heap
|
page read and write
|
||
|
3489000
|
heap
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B9A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B60D000
|
heap
|
page read and write
|
||
|
6070000
|
trusted library allocation
|
page read and write
|
||
|
1B55E000
|
stack
|
page read and write
|
||
|
346C000
|
heap
|
page read and write
|
||
|
12890000
|
trusted library allocation
|
page read and write
|
||
|
1AE60000
|
heap
|
page read and write
|
||
|
7FFD9BBB0000
|
trusted library allocation
|
page read and write
|
||
|
33D5000
|
heap
|
page read and write
|
||
|
7FFD9B9B4000
|
trusted library allocation
|
page read and write
|
||
|
12BC4000
|
trusted library allocation
|
page read and write
|
||
|
1BD3E000
|
stack
|
page read and write
|
||
|
DC6000
|
unkown
|
page readonly
|
||
|
5F0F000
|
stack
|
page read and write
|
||
|
872000
|
heap
|
page read and write
|
||
|
8A1000
|
heap
|
page read and write
|
||
|
3472000
|
heap
|
page read and write
|
||
|
7FFD9BA76000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BE3C000
|
stack
|
page read and write
|
||
|
7FFD9BB80000
|
trusted library allocation
|
page read and write
|
||
|
A05000
|
heap
|
page read and write
|
||
|
7FFD9BA5C000
|
trusted library allocation
|
page execute and read and write
|
||
|
A1E000
|
heap
|
page read and write
|
||
|
7FFD9BA86000
|
trusted library allocation
|
page execute and read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
12471000
|
trusted library allocation
|
page read and write
|
||
|
A78000
|
heap
|
page read and write
|
||
|
8A7000
|
heap
|
page read and write
|
||
|
7FFD9BB3C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B45F000
|
stack
|
page read and write
|
||
|
E70000
|
trusted library allocation
|
page read and write
|
||
|
3473000
|
heap
|
page read and write
|
||
|
1B7CB000
|
heap
|
page read and write
|
||
|
2783000
|
trusted library allocation
|
page read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
7FFD9B9B7000
|
trusted library allocation
|
page read and write
|
||
|
A1C000
|
heap
|
page read and write
|
||
|
7CB000
|
heap
|
page read and write
|
||
|
7FFD9B993000
|
trusted library allocation
|
page execute and read and write
|
||
|
124F0000
|
trusted library allocation
|
page read and write
|
||
|
818000
|
heap
|
page read and write
|
||
|
ED4000
|
heap
|
page read and write
|
||
|
1B871000
|
heap
|
page read and write
|
||
|
1B04E000
|
stack
|
page read and write
|
||
|
12821000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9C4000
|
trusted library allocation
|
page read and write
|
||
|
84E000
|
stack
|
page read and write
|
||
|
2EEB000
|
trusted library allocation
|
page read and write
|
||
|
2460000
|
heap
|
page read and write
|
||
|
7FFD9BB53000
|
trusted library allocation
|
page read and write
|
||
|
8A1000
|
heap
|
page read and write
|
||
|
34AA000
|
heap
|
page read and write
|
||
|
3481000
|
heap
|
page read and write
|
||
|
7FFD9B9AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
12BC9000
|
trusted library allocation
|
page read and write
|
||
|
156000
|
stack
|
page read and write
|
||
|
1B5CC000
|
heap
|
page read and write
|
||
|
FAE000
|
stack
|
page read and write
|
||
|
3474000
|
heap
|
page read and write
|
||
|
7FFD9BAC1000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BB80000
|
trusted library allocation
|
page read and write
|
||
|
DF7000
|
unkown
|
page readonly
|
||
|
670000
|
heap
|
page read and write
|
||
|
B2E000
|
stack
|
page read and write
|
||
|
2660000
|
heap
|
page execute and read and write
|
||
|
7FFD9BBD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
347D000
|
heap
|
page read and write
|
||
|
5F4C000
|
stack
|
page read and write
|
||
|
5B5E000
|
stack
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
90000
|
unkown
|
page readonly
|
||
|
346D000
|
heap
|
page read and write
|
||
|
7FFD9BB2C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB63000
|
trusted library allocation
|
page read and write
|
||
|
1B2EE000
|
stack
|
page read and write
|
||
|
7FFD9B98D000
|
trusted library allocation
|
page execute and read and write
|
||
|
9E9000
|
heap
|
page read and write
|
||
|
3460000
|
heap
|
page read and write
|
||
|
7FFD9BBD0000
|
trusted library allocation
|
page read and write
|
||
|
1B4E3000
|
stack
|
page read and write
|
||
|
9DE000
|
stack
|
page read and write
|
||
|
1A500000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
5780000
|
heap
|
page read and write
|
||
|
1B855000
|
stack
|
page read and write
|
||
|
7FFD9B9A3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB7D000
|
trusted library allocation
|
page read and write
|
||
|
23AE000
|
stack
|
page read and write
|
||
|
1B5E4000
|
heap
|
page read and write
|
||
|
12C76000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB50000
|
trusted library allocation
|
page read and write
|
||
|
347C000
|
heap
|
page read and write
|
||
|
346D000
|
heap
|
page read and write
|
||
|
7FFD9BBA0000
|
trusted library allocation
|
page read and write
|
||
|
1A9FD000
|
stack
|
page read and write
|
||
|
6074000
|
heap
|
page read and write
|
||
|
346A000
|
heap
|
page read and write
|
||
|
4810000
|
heap
|
page read and write
|
||
|
E73000
|
trusted library allocation
|
page read and write
|
||
|
604C000
|
stack
|
page read and write
|
||
|
6870000
|
heap
|
page read and write
|
||
|
1B7A0000
|
heap
|
page read and write
|
||
|
2440000
|
heap
|
page execute and read and write
|
||
|
924000
|
heap
|
page read and write
|
||
|
7FFD9B9A4000
|
trusted library allocation
|
page read and write
|
||
|
A9F000
|
heap
|
page read and write
|
||
|
4800000
|
heap
|
page read and write
|
||
|
7FFD9B9FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
280E000
|
stack
|
page read and write
|
||
|
7FFD9BB3C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
8D0000
|
trusted library allocation
|
page read and write
|
||
|
697A000
|
heap
|
page read and write
|
||
|
1C2FE000
|
stack
|
page read and write
|
||
|
348F000
|
heap
|
page read and write
|
||
|
1B5EE000
|
stack
|
page read and write
|
||
|
341E000
|
stack
|
page read and write
|
||
|
1AF9E000
|
stack
|
page read and write
|
||
|
1C0BD000
|
stack
|
page read and write
|
||
|
84C000
|
heap
|
page read and write
|
||
|
81C000
|
heap
|
page read and write
|
||
|
34B2000
|
heap
|
page read and write
|
||
|
1B899000
|
heap
|
page read and write
|
||
|
4E3000
|
stack
|
page read and write
|
||
|
7FFD9BB40000
|
trusted library allocation
|
page read and write
|
||
|
CBA000
|
trusted library allocation
|
page read and write
|
||
|
1B8A6000
|
heap
|
page read and write
|
||
|
C1F000
|
stack
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
7FFD9BA3C000
|
trusted library allocation
|
page execute and read and write
|
||
|
3486000
|
heap
|
page read and write
|
||
|
7FFD9B993000
|
trusted library allocation
|
page read and write
|
||
|
74E000
|
heap
|
page read and write
|
||
|
A48000
|
heap
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA36000
|
trusted library allocation
|
page read and write
|
||
|
D8E000
|
unkown
|
page write copy
|
There are 642 hidden memdumps, click here to show them.