Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
4OVYJHCTFA.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\EASteamProxy.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Qt5Core.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Qt5Network.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\gqnmaqicmbds
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\libcrypto-1_1-x64.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\libssl-1_1-x64.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\msvcp140.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\msvcp140_1.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\steam_api64.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tbh
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\vcruntime140.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\vcruntime140_1.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\demoWordpad_dbg\EASteamProxy.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\demoWordpad_dbg\Qt5Core.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\demoWordpad_dbg\Qt5Network.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\demoWordpad_dbg\libcrypto-1_1-x64.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\demoWordpad_dbg\libssl-1_1-x64.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\demoWordpad_dbg\msvcp140.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\demoWordpad_dbg\msvcp140_1.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\demoWordpad_dbg\steam_api64.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\demoWordpad_dbg\vcruntime140.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\demoWordpad_dbg\vcruntime140_1.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\45f611bb
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\4ab519bc
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\blackleg.pptx
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\decibel.mp3
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\demoWordpad_dbg\blackleg.pptx
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\demoWordpad_dbg\decibel.mp3
|
data
|
dropped
|
There are 19 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\4OVYJHCTFA.exe
|
"C:\Users\user\Desktop\4OVYJHCTFA.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\EASteamProxy.exe
|
"C:\Users\user\AppData\Local\Temp\EASteamProxy.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\demoWordpad_dbg\EASteamProxy.exe
|
C:\Users\user\AppData\Roaming\demoWordpad_dbg\EASteamProxy.exe
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\SysWOW64\cmd.exe
|
|
|
|
C:\Users\user\AppData\Roaming\demoWordpad_dbg\EASteamProxy.exe
|
C:\Users\user\AppData\Roaming\demoWordpad_dbg\EASteamProxy.exe
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\SysWOW64\cmd.exe
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
C:\Windows\SysWOW64\explorer.exe
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
C:\Windows\SysWOW64\explorer.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
facilitycoursedw.shop
|
|
||
|
computerexcudesp.shop
|
|
||
|
doughtdrillyksow.shop
|
|
||
|
disappointcredisotw.shop
|
|
||
|
leafcalfconflcitw.shop
|
|
||
|
periodicroytewrsn.shop
|
|
||
|
publicitycharetew.shop
|
|
||
|
bargainnygroandjwk.shop
|
|
||
|
injurypiggyoewirog.shop
|
|
||
|
http://www.phreedom.org/md5)
|
unknown
|
||
|
http://dm.origin.com/
|
unknown
|
||
|
http://www.phreedom.org/md5)08:27
|
unknown
|
||
|
http://www.vmware.com/0
|
unknown
|
||
|
https://github.com/netty/netty/issues/6520.
|
unknown
|
||
|
http://crl3.digicert.co(m/D
|
unknown
|
||
|
https://statsigapi.net
|
unknown
|
||
|
http://www.vmware.com/0/
|
unknown
|
||
|
http://dm.origin.com/app.httpProxydevUsing
|
unknown
|
||
|
http://c0rl.m%L
|
unknown
|
||
|
http://www.symauth.com/cps0(
|
unknown
|
||
|
http://bugreports.qt.io/
|
unknown
|
||
|
https://store.steampowered.com/app/
|
unknown
|
||
|
https://ps3.scedev.net/
|
unknown
|
||
|
http://www.symauth.com/rpa00
|
unknown
|
||
|
https://www.openssl.org/H
|
unknown
|
||
|
http://www.info-zip.org/
|
unknown
|
||
|
http://bugreports.qt.io/_q_receiveReplyensureClientPrefaceSentMicrosoft-IIS/4.Microsoft-IIS/5.Netsca
|
unknown
|
||
|
https://github.com/netty/netty/issues/6520.s
|
unknown
|
||
|
https://store.steampowered.com/app/User
|
unknown
|
There are 19 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
5C50000
|
direct allocation
|
page read and write
|
|
|
|
7FFE13200000
|
unkown
|
page readonly
|
||
|
7FFDFB82F000
|
unkown
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
2EEF000
|
heap
|
page read and write
|
||
|
7FF66A5B9000
|
unkown
|
page readonly
|
||
|
2AAE000
|
stack
|
page read and write
|
||
|
7FFE13317000
|
unkown
|
page readonly
|
||
|
7FFDFF26C000
|
unkown
|
page readonly
|
||
|
295E000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
5141000
|
unkown
|
page read and write
|
||
|
7FF6429BA000
|
unkown
|
page write copy
|
||
|
23839FA2000
|
trusted library allocation
|
page read and write
|
||
|
257755F7000
|
heap
|
page read and write
|
||
|
7FF66A58F000
|
unkown
|
page write copy
|
||
|
25773230000
|
heap
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
246D000
|
heap
|
page read and write
|
||
|
7FFDFB1D7000
|
unkown
|
page readonly
|
||
|
7FFE130C6000
|
unkown
|
page readonly
|
||
|
25773380000
|
heap
|
page read and write
|
||
|
7FFE148E1000
|
unkown
|
page execute read
|
||
|
4D20000
|
heap
|
page read and write
|
||
|
24612F95000
|
heap
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
7FFDFB7B9000
|
unkown
|
page readonly
|
||
|
25775B76000
|
trusted library allocation
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
7FF6424B0000
|
unkown
|
page readonly
|
||
|
7FFDFB1D2000
|
unkown
|
page write copy
|
||
|
5AD0000
|
unkown
|
page read and write
|
||
|
7FF642825000
|
unkown
|
page readonly
|
||
|
7FFE11EE3000
|
unkown
|
page read and write
|
||
|
7FFDFAF04000
|
unkown
|
page readonly
|
||
|
7FFE148E5000
|
unkown
|
page readonly
|
||
|
7FFDFAF39000
|
unkown
|
page readonly
|
||
|
2844000
|
heap
|
page read and write
|
||
|
325F000
|
heap
|
page read and write
|
||
|
565F000
|
trusted library allocation
|
page read and write
|
||
|
3230000
|
heap
|
page read and write
|
||
|
7FFDFA09B000
|
unkown
|
page read and write
|
||
|
7FFDFA198000
|
unkown
|
page readonly
|
||
|
2844000
|
heap
|
page read and write
|
||
|
24612F90000
|
heap
|
page read and write
|
||
|
7FFDFA221000
|
unkown
|
page execute read
|
||
|
4E57000
|
heap
|
page read and write
|
||
|
555000
|
heap
|
page read and write
|
||
|
2A14000
|
heap
|
page read and write
|
||
|
23839919000
|
heap
|
page read and write
|
||
|
7FFDFA564000
|
unkown
|
page read and write
|
||
|
257752D0000
|
heap
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
59E000
|
stack
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
7FFDFAF32000
|
unkown
|
page readonly
|
||
|
2844000
|
heap
|
page read and write
|
||
|
7FF6429E9000
|
unkown
|
page readonly
|
||
|
520000
|
heap
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
3376000
|
heap
|
page read and write
|
||
|
7FFDFB830000
|
unkown
|
page readonly
|
||
|
51BD000
|
direct allocation
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
3376000
|
heap
|
page read and write
|
||
|
3376000
|
heap
|
page read and write
|
||
|
24614F7C000
|
heap
|
page read and write
|
||
|
3581000
|
heap
|
page read and write
|
||
|
325F000
|
heap
|
page read and write
|
||
|
26EE000
|
stack
|
page read and write
|
||
|
7FF6429BF000
|
unkown
|
page write copy
|
||
|
3376000
|
heap
|
page read and write
|
||
|
5514CFD000
|
stack
|
page read and write
|
||
|
7BF45FE000
|
stack
|
page read and write
|
||
|
25773350000
|
heap
|
page read and write
|
||
|
7FFDFB090000
|
unkown
|
page readonly
|
||
|
4EBD000
|
direct allocation
|
page read and write
|
||
|
3376000
|
heap
|
page read and write
|
||
|
3376000
|
heap
|
page read and write
|
||
|
3370000
|
heap
|
page read and write
|
||
|
31E0000
|
heap
|
page read and write
|
||
|
7FF642825000
|
unkown
|
page readonly
|
||
|
7FFDFB193000
|
unkown
|
page readonly
|
||
|
2844000
|
heap
|
page read and write
|
||
|
2F61000
|
heap
|
page read and write
|
||
|
2EA1000
|
heap
|
page read and write
|
||
|
25773388000
|
heap
|
page read and write
|
||
|
3376000
|
heap
|
page read and write
|
||
|
24615870000
|
unkown
|
page read and write
|
||
|
7FFDFB4C0000
|
unkown
|
page readonly
|
||
|
2844000
|
heap
|
page read and write
|
||
|
7FFDFA0B0000
|
unkown
|
page readonly
|
||
|
2845000
|
heap
|
page read and write
|
||
|
7FFE126E1000
|
unkown
|
page execute read
|
||
|
2BEE000
|
stack
|
page read and write
|
||
|
7FFDFF304000
|
unkown
|
page read and write
|
||
|
7FFE126F7000
|
unkown
|
page readonly
|
||
|
5849000
|
direct allocation
|
page read and write
|
||
|
7FF6429B7000
|
unkown
|
page write copy
|
||
|
7FFE13243000
|
unkown
|
page read and write
|
||
|
7FFDFB215000
|
unkown
|
page readonly
|
||
|
2EE5000
|
heap
|
page read and write
|
||
|
7FFE130C5000
|
unkown
|
page read and write
|
||
|
7FFDFB824000
|
unkown
|
page readonly
|
||
|
413000
|
unkown
|
page readonly
|
||
|
2D2D000
|
stack
|
page read and write
|
||
|
7FFE130C3000
|
unkown
|
page readonly
|
||
|
3377000
|
heap
|
page read and write
|
||
|
36EE000
|
heap
|
page read and write
|
||
|
7FF66A587000
|
unkown
|
page write copy
|
||
|
5270000
|
direct allocation
|
page read and write
|
||
|
551494A000
|
stack
|
page read and write
|
||
|
3376000
|
heap
|
page read and write
|
||
|
2840000
|
heap
|
page read and write
|
||
|
7FFDFB191000
|
unkown
|
page execute read
|
||
|
2A0B000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
7FFDFAFC8000
|
unkown
|
page readonly
|
||
|
2844000
|
heap
|
page read and write
|
||
|
7FFE12E18000
|
unkown
|
page read and write
|
||
|
7FFDFA211000
|
unkown
|
page execute read
|
||
|
7FFDFB2A1000
|
unkown
|
page execute read
|
||
|
53D3000
|
heap
|
page read and write
|
||
|
24612F49000
|
heap
|
page read and write
|
||
|
2DFA000
|
heap
|
page read and write
|
||
|
7FFDFA3D1000
|
unkown
|
page execute read
|
||
|
2844000
|
heap
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
2383787A000
|
heap
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
4D1000
|
unkown
|
page write copy
|
||
|
400000
|
unkown
|
page readonly
|
||
|
7FFDFA4E1000
|
unkown
|
page execute read
|
||
|
24612BF0000
|
heap
|
page read and write
|
||
|
2460000
|
heap
|
page read and write
|
||
|
5C40000
|
unkown
|
page read and write
|
||
|
7FF6424B0000
|
unkown
|
page readonly
|
||
|
7FFE13300000
|
unkown
|
page readonly
|
||
|
2844000
|
heap
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
7FFDFB1EF000
|
unkown
|
page readonly
|
||
|
7FFDFB28A000
|
unkown
|
page readonly
|
||
|
7FF6424B1000
|
unkown
|
page execute read
|
||
|
2CFF000
|
stack
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
282E000
|
stack
|
page read and write
|
||
|
7FFDFAFE1000
|
unkown
|
page execute read
|
||
|
3376000
|
heap
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
238397D5000
|
heap
|
page read and write
|
||
|
2810000
|
heap
|
page read and write
|
||
|
7FFDFF1D0000
|
unkown
|
page readonly
|
||
|
2845000
|
heap
|
page read and write
|
||
|
7FFDFB48A000
|
unkown
|
page readonly
|
||
|
5DC0000
|
heap
|
page read and write
|
||
|
327E000
|
heap
|
page read and write
|
||
|
7FFDFA571000
|
unkown
|
page execute read
|
||
|
7FF6429B7000
|
unkown
|
page write copy
|
||
|
23839E30000
|
trusted library allocation
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
307B000
|
stack
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
7FFDFA4CA000
|
unkown
|
page readonly
|
||
|
7FFE13201000
|
unkown
|
page execute read
|
||
|
2844000
|
heap
|
page read and write
|
||
|
4C8C000
|
trusted library allocation
|
page read and write
|
||
|
7FFE130C0000
|
unkown
|
page readonly
|
||
|
7FF642825000
|
unkown
|
page readonly
|
||
|
238378FD000
|
heap
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
24612D6B000
|
heap
|
page read and write
|
||
|
7FFDFAF40000
|
unkown
|
page readonly
|
||
|
7FFDFA4A4000
|
unkown
|
page read and write
|
||
|
7FFDFA001000
|
unkown
|
page execute read
|
||
|
23839710000
|
heap
|
page read and write
|
||
|
7FFE13227000
|
unkown
|
page readonly
|
||
|
2844000
|
heap
|
page read and write
|
||
|
2D2C000
|
stack
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
3376000
|
heap
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
7FFDFBA46000
|
unkown
|
page write copy
|
||
|
437000
|
unkown
|
page read and write
|
||
|
7FFDFF2F7000
|
unkown
|
page readonly
|
||
|
7FFE13246000
|
unkown
|
page readonly
|
||
|
7FFE126D3000
|
unkown
|
page readonly
|
||
|
25775B62000
|
trusted library allocation
|
page read and write
|
||
|
7FFDFB482000
|
unkown
|
page write copy
|
||
|
7FFDFAA0C000
|
unkown
|
page readonly
|
||
|
3376000
|
heap
|
page read and write
|
||
|
3376000
|
heap
|
page read and write
|
||
|
2461000
|
heap
|
page read and write
|
||
|
5617000
|
trusted library allocation
|
page read and write
|
||
|
7FF6429E9000
|
unkown
|
page readonly
|
||
|
2820000
|
heap
|
page read and write
|
||
|
3376000
|
heap
|
page read and write
|
||
|
7FFDFA4A2000
|
unkown
|
page write copy
|
||
|
7FF66A5B9000
|
unkown
|
page readonly
|
||
|
2BE4000
|
heap
|
page read and write
|
||
|
7FFE12E11000
|
unkown
|
page execute read
|
||
|
432000
|
unkown
|
page readonly
|
||
|
317A000
|
stack
|
page read and write
|
||
|
2845000
|
heap
|
page read and write
|
||
|
7FFDFA21D000
|
unkown
|
page execute read
|
||
|
7FFDFAF02000
|
unkown
|
page execute read
|
||
|
7FFDFA072000
|
unkown
|
page execute read
|
||
|
7FFE13316000
|
unkown
|
page read and write
|
||
|
453000
|
unkown
|
page write copy
|
||
|
7FFDFA0A2000
|
unkown
|
page readonly
|
||
|
7FF6429B9000
|
unkown
|
page read and write
|
||
|
24615770000
|
unkown
|
page read and write
|
||
|
2845000
|
heap
|
page read and write
|
||
|
2CEF000
|
stack
|
page read and write
|
||
|
6E6000
|
heap
|
page read and write
|
||
|
51B9000
|
direct allocation
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
3240000
|
direct allocation
|
page read and write
|
||
|
2DC0000
|
heap
|
page read and write
|
||
|
7FFDFA568000
|
unkown
|
page readonly
|
||
|
4EB9000
|
direct allocation
|
page read and write
|
||
|
7FFDFB1F0000
|
unkown
|
page readonly
|
||
|
7FFDFAF2C000
|
unkown
|
page readonly
|
||
|
24615570000
|
unkown
|
page read and write
|
||
|
4F2E000
|
direct allocation
|
page read and write
|
||
|
2577576F000
|
heap
|
page read and write
|
||
|
25775BF6000
|
unkown
|
page read and write
|
||
|
3250000
|
heap
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
7FFDFA0A9000
|
unkown
|
page readonly
|
||
|
2D24000
|
heap
|
page read and write
|
||
|
7FFDFA455000
|
unkown
|
page readonly
|
||
|
7FF6429E9000
|
unkown
|
page readonly
|
||
|
2E7C000
|
heap
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
25775295000
|
heap
|
page read and write
|
||
|
2D32000
|
heap
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
326F000
|
heap
|
page read and write
|
||
|
7FFDFA42F000
|
unkown
|
page readonly
|
||
|
25775B56000
|
trusted library allocation
|
page read and write
|
||
|
49A9000
|
direct allocation
|
page read and write
|
||
|
7FFDFBA50000
|
unkown
|
page readonly
|
||
|
3376000
|
heap
|
page read and write
|
||
|
35CE000
|
stack
|
page read and write
|
||
|
7FFDFF308000
|
unkown
|
page readonly
|
||
|
7BF44FE000
|
stack
|
page read and write
|
||
|
7FFDFB823000
|
unkown
|
page read and write
|
||
|
24614EB4000
|
heap
|
page read and write
|
||
|
4BAE000
|
trusted library allocation
|
page read and write
|
||
|
25775EF0000
|
unkown
|
page read and write
|
||
|
7FFDFA0B1000
|
unkown
|
page execute read
|
||
|
401000
|
unkown
|
page execute read
|
||
|
436000
|
unkown
|
page write copy
|
||
|
2844000
|
heap
|
page read and write
|
||
|
4E3000
|
unkown
|
page readonly
|
||
|
23837790000
|
heap
|
page read and write
|
||
|
4A1E000
|
direct allocation
|
page read and write
|
||
|
7FFE11EA1000
|
unkown
|
page execute read
|
||
|
2E56000
|
heap
|
page read and write
|
||
|
7FFDFB1F1000
|
unkown
|
page execute read
|
||
|
7FFE130C5000
|
unkown
|
page read and write
|
||
|
7FFE148E5000
|
unkown
|
page readonly
|
||
|
24614DAD000
|
heap
|
page read and write
|
||
|
7FFDFF2F1000
|
unkown
|
page read and write
|
||
|
7FFE130C1000
|
unkown
|
page execute read
|
||
|
3376000
|
heap
|
page read and write
|
||
|
7FFE148E9000
|
unkown
|
page readonly
|
||
|
3588000
|
heap
|
page read and write
|
||
|
58BE000
|
direct allocation
|
page read and write
|
||
|
7FFDFA4E0000
|
unkown
|
page readonly
|
||
|
7FFDFB95C000
|
unkown
|
page readonly
|
||
|
2577342E000
|
heap
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
7FFDFF280000
|
unkown
|
page readonly
|
||
|
2844000
|
heap
|
page read and write
|
||
|
358C000
|
heap
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
2D26000
|
heap
|
page read and write
|
||
|
4D90000
|
direct allocation
|
page read and write
|
||
|
7FF66A589000
|
unkown
|
page read and write
|
||
|
7FFDFF267000
|
unkown
|
page write copy
|
||
|
2844000
|
heap
|
page read and write
|
||
|
3270000
|
heap
|
page read and write
|
||
|
5514DFE000
|
stack
|
page read and write
|
||
|
7FFE148E9000
|
unkown
|
page readonly
|
||
|
2844000
|
heap
|
page read and write
|
||
|
7FFDFA3D3000
|
unkown
|
page readonly
|
||
|
7FFDFB40F000
|
unkown
|
page readonly
|
||
|
7FFE130C6000
|
unkown
|
page readonly
|
||
|
2EC7000
|
heap
|
page read and write
|
||
|
2D24000
|
heap
|
page read and write
|
||
|
25773515000
|
heap
|
page read and write
|
||
|
7FFDFB178000
|
unkown
|
page readonly
|
||
|
7FFE148E0000
|
unkown
|
page readonly
|
||
|
7FF6429B9000
|
unkown
|
page read and write
|
||
|
49AD000
|
direct allocation
|
page read and write
|
||
|
7FFDFAFD0000
|
unkown
|
page readonly
|
||
|
25773310000
|
heap
|
page read and write
|
||
|
7FF66A081000
|
unkown
|
page execute read
|
||
|
7FFDFA1F2000
|
unkown
|
page write copy
|
||
|
27EE000
|
stack
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
23839A3A000
|
heap
|
page read and write
|
||
|
3376000
|
heap
|
page read and write
|
||
|
24AB000
|
stack
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
7FFDFB1FD000
|
unkown
|
page execute read
|
||
|
25775F38000
|
unkown
|
page read and write
|
||
|
7FFDFF298000
|
unkown
|
page readonly
|
||
|
7FFE13317000
|
unkown
|
page readonly
|
||
|
2F63000
|
heap
|
page read and write
|
||
|
2C49000
|
heap
|
page read and write
|
||
|
3376000
|
heap
|
page read and write
|
||
|
2461000
|
heap
|
page read and write
|
||
|
358D000
|
heap
|
page read and write
|
||
|
7FFE126E0000
|
unkown
|
page readonly
|
||
|
2844000
|
heap
|
page read and write
|
||
|
7FFDFA000000
|
unkown
|
page readonly
|
||
|
7FFDFF244000
|
unkown
|
page readonly
|
||
|
2CEC000
|
stack
|
page read and write
|
||
|
34C8000
|
heap
|
page read and write
|
||
|
7FFE11EA0000
|
unkown
|
page readonly
|
||
|
7FF66A080000
|
unkown
|
page readonly
|
||
|
5AD1000
|
unkown
|
page read and write
|
||
|
330C000
|
heap
|
page read and write
|
||
|
7FFDFBA43000
|
unkown
|
page read and write
|
||
|
36F4000
|
heap
|
page read and write
|
||
|
7FFDFA536000
|
unkown
|
page readonly
|
||
|
7FFDFB4A6000
|
unkown
|
page readonly
|
||
|
36F0000
|
heap
|
page read and write
|
||
|
7FFDFB2A0000
|
unkown
|
page readonly
|
||
|
2844000
|
heap
|
page read and write
|
||
|
5AD1000
|
unkown
|
page read and write
|
||
|
3376000
|
heap
|
page read and write
|
||
|
24612BE0000
|
heap
|
page read and write
|
||
|
25774CC6000
|
heap
|
page read and write
|
||
|
7FFDFA1F1000
|
unkown
|
page read and write
|
||
|
257754DF000
|
heap
|
page read and write
|
||
|
7FF6429BF000
|
unkown
|
page write copy
|
||
|
24612CBE000
|
heap
|
page read and write
|
||
|
7FF6424B1000
|
unkown
|
page execute read
|
||
|
2E2C000
|
stack
|
page read and write
|
||
|
7FFDFA4C6000
|
unkown
|
page readonly
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
4CE000
|
unkown
|
page readonly
|
||
|
25775D6E000
|
unkown
|
page read and write
|
||
|
24615567000
|
trusted library allocation
|
page read and write
|
||
|
7FFDFAAF6000
|
unkown
|
page write copy
|
||
|
7FFE13243000
|
unkown
|
page read and write
|
||
|
7FFDFF279000
|
unkown
|
page readonly
|
||
|
417000
|
unkown
|
page read and write
|
||
|
24614C50000
|
heap
|
page read and write
|
||
|
7FFDFF1D1000
|
unkown
|
page execute read
|
||
|
3269000
|
heap
|
page read and write
|
||
|
7FFE148E1000
|
unkown
|
page execute read
|
||
|
2844000
|
heap
|
page read and write
|
||
|
2D31000
|
heap
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
24612CB0000
|
heap
|
page read and write
|
||
|
23837840000
|
heap
|
page read and write
|
||
|
7BF418B000
|
stack
|
page read and write
|
||
|
491000
|
unkown
|
page execute read
|
||
|
7FFDFB262000
|
unkown
|
page write copy
|
||
|
354F000
|
unkown
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
558000
|
heap
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
7FF6424B1000
|
unkown
|
page execute read
|
||
|
7FFDFF26B000
|
unkown
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
7FFDFB435000
|
unkown
|
page readonly
|
||
|
2BFF000
|
unkown
|
page read and write
|
||
|
7FFDFA570000
|
unkown
|
page readonly
|
||
|
7FFDFB4C1000
|
unkown
|
page execute read
|
||
|
5140000
|
unkown
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
7FF66A080000
|
unkown
|
page readonly
|
||
|
7FFDFA074000
|
unkown
|
page readonly
|
||
|
4928000
|
heap
|
page read and write
|
||
|
7FF6424B0000
|
unkown
|
page readonly
|
||
|
7FFDFA4AA000
|
unkown
|
page readonly
|
||
|
7FFDFB201000
|
unkown
|
page execute read
|
||
|
23839F96000
|
trusted library allocation
|
page read and write
|
||
|
7FFE126F1000
|
unkown
|
page readonly
|
||
|
2844000
|
heap
|
page read and write
|
||
|
2845000
|
heap
|
page read and write
|
||
|
7FFDFA869000
|
unkown
|
page readonly
|
||
|
24614753000
|
heap
|
page read and write
|
||
|
7FFE13301000
|
unkown
|
page execute read
|
||
|
7FFE126D1000
|
unkown
|
page execute read
|
||
|
7FFE130C0000
|
unkown
|
page readonly
|
||
|
17C000
|
stack
|
page read and write
|
||
|
25C0000
|
heap
|
page read and write
|
||
|
7FFE130C3000
|
unkown
|
page readonly
|
||
|
7FF6429B7000
|
unkown
|
page write copy
|
||
|
7FFDFF2D6000
|
unkown
|
page readonly
|
||
|
246150F4000
|
heap
|
page read and write
|
||
|
4510000
|
heap
|
page read and write
|
||
|
2383996F000
|
heap
|
page read and write
|
||
|
7FFE13246000
|
unkown
|
page readonly
|
||
|
535000
|
heap
|
page read and write
|
||
|
97F000
|
stack
|
page read and write
|
||
|
23837750000
|
heap
|
page read and write
|
||
|
24612C30000
|
heap
|
page read and write
|
||
|
23837A55000
|
heap
|
page read and write
|
||
|
7FFDFF1B1000
|
unkown
|
page execute read
|
||
|
246154E2000
|
trusted library allocation
|
page read and write
|
||
|
43EC000
|
trusted library allocation
|
page read and write
|
||
|
7FFDFB484000
|
unkown
|
page read and write
|
||
|
2383A027000
|
trusted library allocation
|
page read and write
|
||
|
2D27000
|
heap
|
page read and write
|
||
|
7FFDFB73C000
|
unkown
|
page readonly
|
||
|
7FFDFA8D4000
|
unkown
|
page readonly
|
||
|
36F4000
|
heap
|
page read and write
|
||
|
7FFE126D6000
|
unkown
|
page readonly
|
||
|
87E000
|
stack
|
page read and write
|
||
|
24614E5E000
|
heap
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
2C44000
|
heap
|
page read and write
|
||
|
7FFDFB1D1000
|
unkown
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
7FFDFF242000
|
unkown
|
page execute read
|
||
|
7FFDFAFD1000
|
unkown
|
page execute read
|
||
|
432000
|
unkown
|
page readonly
|
||
|
7FFE11EC7000
|
unkown
|
page readonly
|
||
|
3580000
|
heap
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
7FFDFB826000
|
unkown
|
page write copy
|
||
|
25773510000
|
heap
|
page read and write
|
||
|
2A6F000
|
stack
|
page read and write
|
||
|
322E000
|
unkown
|
page read and write
|
||
|
24612CB8000
|
heap
|
page read and write
|
||
|
36CF000
|
stack
|
page read and write
|
||
|
257759F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFDFAAF3000
|
unkown
|
page read and write
|
||
|
23837A05000
|
heap
|
page read and write
|
||
|
2383920B000
|
heap
|
page read and write
|
||
|
7FFDFAB00000
|
unkown
|
page readonly
|
||
|
7FFE148E8000
|
unkown
|
page read and write
|
||
|
5300000
|
heap
|
page read and write
|
||
|
36D0000
|
heap
|
page read and write
|
||
|
2383784E000
|
heap
|
page read and write
|
||
|
24612DAC000
|
heap
|
page read and write
|
||
|
2D3F000
|
heap
|
page read and write
|
||
|
7FFE12E15000
|
unkown
|
page readonly
|
||
|
2844000
|
heap
|
page read and write
|
||
|
5514EFE000
|
stack
|
page read and write
|
||
|
7FF6424B1000
|
unkown
|
page execute read
|
||
|
7FFDFAF27000
|
unkown
|
page write copy
|
||
|
7FFE13200000
|
unkown
|
page readonly
|
||
|
584D000
|
direct allocation
|
page read and write
|
||
|
480000
|
heap
|
page read and write
|
||
|
2577542D000
|
heap
|
page read and write
|
||
|
1BD000
|
stack
|
page read and write
|
||
|
5310000
|
unkown
|
page read and write
|
||
|
7FFDFAF41000
|
unkown
|
page execute read
|
||
|
292F000
|
stack
|
page read and write
|
||
|
3376000
|
heap
|
page read and write
|
||
|
36E3000
|
heap
|
page read and write
|
||
|
7FF66A3F5000
|
unkown
|
page readonly
|
||
|
7FFE130C1000
|
unkown
|
page execute read
|
||
|
25775535000
|
heap
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
3376000
|
heap
|
page read and write
|
||
|
7FFDFAE91000
|
unkown
|
page execute read
|
||
|
7FF66A587000
|
unkown
|
page write copy
|
||
|
2844000
|
heap
|
page read and write
|
||
|
5DE000
|
stack
|
page read and write
|
||
|
7FF66A081000
|
unkown
|
page execute read
|
||
|
7FFE126D0000
|
unkown
|
page readonly
|
||
|
A2F40FE000
|
stack
|
page read and write
|
||
|
23839200000
|
heap
|
page read and write
|
||
|
41A000
|
unkown
|
page readonly
|
||
|
246154D6000
|
trusted library allocation
|
page read and write
|
||
|
2461000
|
heap
|
page read and write
|
||
|
7FF66A58F000
|
unkown
|
page write copy
|
||
|
4BF6000
|
trusted library allocation
|
page read and write
|
||
|
52B0000
|
heap
|
page read and write
|
||
|
7FFDFAF2B000
|
unkown
|
page read and write
|
||
|
4434000
|
trusted library allocation
|
page read and write
|
||
|
24614748000
|
heap
|
page read and write
|
||
|
7FFDFB4AA000
|
unkown
|
page readonly
|
||
|
68E000
|
heap
|
page read and write
|
||
|
7FFDFA210000
|
unkown
|
page readonly
|
||
|
25774CD1000
|
heap
|
page read and write
|
||
|
36F4000
|
heap
|
page read and write
|
||
|
452A000
|
heap
|
page read and write
|
||
|
7FF6429B7000
|
unkown
|
page write copy
|
||
|
7FFDFB286000
|
unkown
|
page readonly
|
||
|
257733AB000
|
heap
|
page read and write
|
||
|
7FFE13201000
|
unkown
|
page execute read
|
||
|
7FFDFB604000
|
unkown
|
page readonly
|
||
|
68A000
|
heap
|
page read and write
|
||
|
7FFE13227000
|
unkown
|
page readonly
|
||
|
25775DF0000
|
unkown
|
page read and write
|
||
|
7FFDFAFC4000
|
unkown
|
page read and write
|
||
|
2DF8000
|
heap
|
page read and write
|
||
|
24612E80000
|
heap
|
page read and write
|
||
|
7FFE13300000
|
unkown
|
page readonly
|
||
|
3376000
|
heap
|
page read and write
|
||
|
7FFE148E0000
|
unkown
|
page readonly
|
||
|
4880000
|
direct allocation
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
7FFDFB3B1000
|
unkown
|
page execute read
|
||
|
522E000
|
direct allocation
|
page read and write
|
||
|
325A000
|
heap
|
page read and write
|
||
|
4CD4000
|
trusted library allocation
|
page read and write
|
||
|
23837848000
|
heap
|
page read and write
|
||
|
2BAF000
|
stack
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
2830000
|
direct allocation
|
page read and write
|
||
|
7FFDFAE90000
|
unkown
|
page readonly
|
||
|
2844000
|
heap
|
page read and write
|
||
|
7FFE12E19000
|
unkown
|
page readonly
|
||
|
26D1000
|
heap
|
page read and write
|
||
|
7FFE148E8000
|
unkown
|
page read and write
|
||
|
23837A50000
|
heap
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
3376000
|
heap
|
page read and write
|
||
|
2D20000
|
heap
|
page read and write
|
||
|
7FFDFF1B0000
|
unkown
|
page readonly
|
||
|
9B000
|
stack
|
page read and write
|
||
|
7FFE13311000
|
unkown
|
page readonly
|
||
|
246158B8000
|
unkown
|
page read and write
|
||
|
7FFDFB3B3000
|
unkown
|
page readonly
|
||
|
7FFDFB264000
|
unkown
|
page read and write
|
||
|
413000
|
unkown
|
page readonly
|
||
|
4D34000
|
heap
|
page read and write
|
||
|
299E000
|
stack
|
page read and write
|
||
|
4E9000
|
unkown
|
page write copy
|
||
|
7FFDFA1F7000
|
unkown
|
page readonly
|
||
|
25AA000
|
stack
|
page read and write
|
||
|
7FFE126F6000
|
unkown
|
page read and write
|
||
|
23837940000
|
heap
|
page read and write
|
||
|
23837670000
|
heap
|
page read and write
|
||
|
7FFDFB26A000
|
unkown
|
page readonly
|
||
|
2A00000
|
heap
|
page read and write
|
||
|
257751D0000
|
heap
|
page read and write
|
||
|
7FF642825000
|
unkown
|
page readonly
|
||
|
2845000
|
heap
|
page read and write
|
||
|
7FFE13311000
|
unkown
|
page readonly
|
||
|
25775BE7000
|
trusted library allocation
|
page read and write
|
||
|
A2F3FFD000
|
stack
|
page read and write
|
||
|
7FFE126D5000
|
unkown
|
page read and write
|
||
|
7FFE12E10000
|
unkown
|
page readonly
|
||
|
7FFDFF272000
|
unkown
|
page readonly
|
||
|
3110000
|
heap
|
page read and write
|
||
|
23839BB2000
|
heap
|
page read and write
|
||
|
246154F6000
|
trusted library allocation
|
page read and write
|
||
|
7FFDFAFDD000
|
unkown
|
page execute read
|
||
|
7FF6429BA000
|
unkown
|
page write copy
|
||
|
660000
|
direct allocation
|
page read and write
|
||
|
7FFE11EE6000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
5141000
|
unkown
|
page read and write
|
||
|
7FFDFB828000
|
unkown
|
page read and write
|
||
|
7FFDFA097000
|
unkown
|
page write copy
|
||
|
610000
|
heap
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
A2F3EFB000
|
stack
|
page read and write
|
||
|
7FFE13301000
|
unkown
|
page execute read
|
||
|
7FFDFF281000
|
unkown
|
page execute read
|
||
|
26D6000
|
heap
|
page read and write
|
||
|
7FF66A3F5000
|
unkown
|
page readonly
|
||
|
7FFDFAF96000
|
unkown
|
page readonly
|
||
|
2845000
|
heap
|
page read and write
|
||
|
3376000
|
heap
|
page read and write
|
||
|
25D4000
|
heap
|
page read and write
|
||
|
417000
|
unkown
|
page write copy
|
||
|
7FF6424B0000
|
unkown
|
page readonly
|
||
|
2E25000
|
heap
|
page read and write
|
||
|
41A000
|
unkown
|
page readonly
|
||
|
7FFDFB599000
|
unkown
|
page readonly
|
||
|
3300000
|
heap
|
page read and write
|
||
|
25773475000
|
heap
|
page read and write
|
||
|
7FFE13316000
|
unkown
|
page read and write
|
||
|
7FFDFAAF8000
|
unkown
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
5090000
|
direct allocation
|
page read and write
|
||
|
7FFDFF2F2000
|
unkown
|
page write copy
|
||
|
7FF6429BF000
|
unkown
|
page write copy
|
||
|
7FF6429E9000
|
unkown
|
page readonly
|
||
|
246156E8000
|
unkown
|
page read and write
|
||
|
7FFDFA09C000
|
unkown
|
page readonly
|
||
|
7FFDFBA48000
|
unkown
|
page read and write
|
||
|
24615370000
|
trusted library allocation
|
page read and write
|
||
|
5720000
|
direct allocation
|
page read and write
|
||
|
2383793D000
|
heap
|
page read and write
|
||
|
3268000
|
heap
|
page read and write
|
||
|
296E000
|
stack
|
page read and write
|
||
|
7FF66A58A000
|
unkown
|
page write copy
|
||
|
23839FB6000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page read and write
|
||
|
464D000
|
heap
|
page read and write
|
||
|
4A4B000
|
heap
|
page read and write
|
||
|
7FF6429BF000
|
unkown
|
page write copy
|
||
|
7FFDFB091000
|
unkown
|
page execute read
|
There are 593 hidden memdumps, click here to show them.