Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
LkIQdqTVXS.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
initial sample
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_LkIQdqTVXS.exe_775ac447131bacac269bffd2a624682a3223612_8c9018df_0b416a27-d8ec-4c4c-9ab0-eb9d048215d8\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\rVzBEyDXVq.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC7D8.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Jul 11 08:52:10 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC8D3.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC912.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rVzBEyDXVq.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
modified
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cte32ask.wff.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d0i5kpx1.dok.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dnbo1vcw.p1c.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f1ojn1al.nml.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_idnnybs4.420.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_j5vgz0kt.rui.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kwdllaqo.tmf.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l4ue05rf.1h4.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ldrdldoc.21o.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ogmpqfba.ea4.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rfnnetvo.btq.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rn1cjycc.ucz.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sateyemt.mia.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tllam1co.jol.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_toeivqer.txb.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zaza0vun.3yb.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 15 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\LkIQdqTVXS.exe
|
"C:\Users\user\Desktop\LkIQdqTVXS.exe"
|
||
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"powershell" -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\411eb279481e454fb468ac701336461b'"
|
||
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"powershell" -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\677b00078d834750b687d58f584bec52'"
|
||
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"powershell" -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\rVzBEyDXVq.exe'"
|
||
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"powershell" -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\JuMXGqLRKI.exe'"
|
||
C:\Users\user\AppData\Roaming\rVzBEyDXVq.exe
|
"C:\Users\user\AppData\Roaming\rVzBEyDXVq.exe"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7512 -s 836
|
There are 1 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/sc/sct
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
|
unknown
|
||
http://tempuri.org/Entity/Id23ResponseD
|
unknown
|
||
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
|
unknown
|
||
http://tempuri.org/Entity/Id12Response
|
unknown
|
||
http://tempuri.org/
|
unknown
|
||
http://tempuri.org/Entity/Id2Response
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
|
unknown
|
||
http://tempuri.org/Entity/Id21Response
|
unknown
|
||
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
|
unknown
|
||
http://tempuri.org/Entity/Id9
|
unknown
|
||
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
|
unknown
|
||
http://tempuri.org/Entity/Id8
|
unknown
|
||
http://tempuri.org/Entity/Id6ResponseD
|
unknown
|
||
http://tempuri.org/Entity/Id5
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
|
unknown
|
||
http://tempuri.org/Entity/Id4
|
unknown
|
||
http://tempuri.org/Entity/Id7
|
unknown
|
||
http://tempuri.org/Entity/Id6
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
|
unknown
|
||
http://tempuri.org/Entity/Id19Response
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidY
|
unknown
|
||
http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
|
unknown
|
||
http://tempuri.org/Entity/Id13ResponseD
|
unknown
|
||
https://aka.ms/nativeaot-compatibility
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/10/wsat
|
unknown
|
||
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
|
unknown
|
||
http://tempuri.org/Entity/Id15Response
|
unknown
|
||
http://tempuri.org/Entity/Id5ResponseD
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
|
unknown
|
||
http://tempuri.org/Entity/Id6Response
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
|
unknown
|
||
https://api.ip.sb/ip
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/04/sc
|
unknown
|
||
http://tempuri.org/Entity/Id1ResponseD
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
|
unknown
|
||
http://tempuri.org/Entity/Id9Response
|
unknown
|
||
https://aka.ms/nativeaot-compatibilityy
|
unknown
|
||
http://tempuri.org/Entity/Id20
|
unknown
|
||
http://tempuri.org/Entity/Id21
|
unknown
|
||
http://tempuri.org/Entity/Id22
|
unknown
|
||
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
|
unknown
|
||
http://tempuri.org/Entity/Id23
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
|
unknown
|
||
http://tempuri.org/Entity/Id24
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
|
unknown
|
||
http://tempuri.org/Entity/Id24Response
|
unknown
|
||
http://tempuri.org/Entity/Id1Response
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
|
unknown
|
||
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
|
unknown
|
||
http://tempuri.org/Entity/Id21ResponseD
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/08/addressing
|
unknown
|
||
https://aka.ms/nativeaot-compatibilityY
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/04/trust
|
unknown
|
||
http://tempuri.org/Entity/Id10
|
unknown
|
||
http://tempuri.org/Entity/Id11
|
unknown
|
||
http://tempuri.org/Entity/Id10ResponseD
|
unknown
|
||
http://tempuri.org/Entity/Id12
|
unknown
|
||
http://tempuri.org/Entity/Id16Response
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
|
unknown
|
||
http://tempuri.org/Entity/Id13
|
unknown
|
||
http://tempuri.org/Entity/Id14
|
unknown
|
||
http://tempuri.org/Entity/Id15
|
unknown
|
||
http://tempuri.org/Entity/Id16
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
|
unknown
|
||
http://tempuri.org/Entity/Id17
|
unknown
|
||
http://tempuri.org/Entity/Id18
|
unknown
|
||
http://tempuri.org/Entity/Id5Response
|
unknown
|
||
http://tempuri.org/Entity/Id19
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
|
unknown
|
||
http://tempuri.org/Entity/Id15ResponseD
|
unknown
|
||
http://tempuri.org/Entity/Id10Response
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
|
unknown
|
||
http://tempuri.org/Entity/Id11ResponseD
|
unknown
|
||
http://tempuri.org/Entity/Id8Response
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
|
unknown
|
||
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
|
unknown
|
||
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
|
unknown
|
||
https://aka.ms/nativeaot-c
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
|
unknown
|
||
http://tempuri.org/Entity/Id17ResponseD
|
unknown
|
||
http://schemas.xmlsoap.org/soap/envelope/
|
unknown
|
There are 90 hidden URLs, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
89.23.96.98
|
unknown
|
Russian Federation
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFiles0000
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFilesHash
|
||
\REGISTRY\A\{8fc0b50a-7314-28b9-e976-204ac26559e3}\Root\InventoryApplicationFile\lkiqdqtvxs.exe|6e542737d201a6a6
|
ProgramId
|
||
\REGISTRY\A\{8fc0b50a-7314-28b9-e976-204ac26559e3}\Root\InventoryApplicationFile\lkiqdqtvxs.exe|6e542737d201a6a6
|
FileId
|
||
\REGISTRY\A\{8fc0b50a-7314-28b9-e976-204ac26559e3}\Root\InventoryApplicationFile\lkiqdqtvxs.exe|6e542737d201a6a6
|
LowerCaseLongPath
|
||
\REGISTRY\A\{8fc0b50a-7314-28b9-e976-204ac26559e3}\Root\InventoryApplicationFile\lkiqdqtvxs.exe|6e542737d201a6a6
|
LongPathHash
|
||
\REGISTRY\A\{8fc0b50a-7314-28b9-e976-204ac26559e3}\Root\InventoryApplicationFile\lkiqdqtvxs.exe|6e542737d201a6a6
|
Name
|
||
\REGISTRY\A\{8fc0b50a-7314-28b9-e976-204ac26559e3}\Root\InventoryApplicationFile\lkiqdqtvxs.exe|6e542737d201a6a6
|
OriginalFileName
|
||
\REGISTRY\A\{8fc0b50a-7314-28b9-e976-204ac26559e3}\Root\InventoryApplicationFile\lkiqdqtvxs.exe|6e542737d201a6a6
|
Publisher
|
||
\REGISTRY\A\{8fc0b50a-7314-28b9-e976-204ac26559e3}\Root\InventoryApplicationFile\lkiqdqtvxs.exe|6e542737d201a6a6
|
Version
|
||
\REGISTRY\A\{8fc0b50a-7314-28b9-e976-204ac26559e3}\Root\InventoryApplicationFile\lkiqdqtvxs.exe|6e542737d201a6a6
|
BinFileVersion
|
||
\REGISTRY\A\{8fc0b50a-7314-28b9-e976-204ac26559e3}\Root\InventoryApplicationFile\lkiqdqtvxs.exe|6e542737d201a6a6
|
BinaryType
|
||
\REGISTRY\A\{8fc0b50a-7314-28b9-e976-204ac26559e3}\Root\InventoryApplicationFile\lkiqdqtvxs.exe|6e542737d201a6a6
|
ProductName
|
||
\REGISTRY\A\{8fc0b50a-7314-28b9-e976-204ac26559e3}\Root\InventoryApplicationFile\lkiqdqtvxs.exe|6e542737d201a6a6
|
ProductVersion
|
||
\REGISTRY\A\{8fc0b50a-7314-28b9-e976-204ac26559e3}\Root\InventoryApplicationFile\lkiqdqtvxs.exe|6e542737d201a6a6
|
LinkDate
|
||
\REGISTRY\A\{8fc0b50a-7314-28b9-e976-204ac26559e3}\Root\InventoryApplicationFile\lkiqdqtvxs.exe|6e542737d201a6a6
|
BinProductVersion
|
||
\REGISTRY\A\{8fc0b50a-7314-28b9-e976-204ac26559e3}\Root\InventoryApplicationFile\lkiqdqtvxs.exe|6e542737d201a6a6
|
AppxPackageFullName
|
||
\REGISTRY\A\{8fc0b50a-7314-28b9-e976-204ac26559e3}\Root\InventoryApplicationFile\lkiqdqtvxs.exe|6e542737d201a6a6
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{8fc0b50a-7314-28b9-e976-204ac26559e3}\Root\InventoryApplicationFile\lkiqdqtvxs.exe|6e542737d201a6a6
|
Size
|
||
\REGISTRY\A\{8fc0b50a-7314-28b9-e976-204ac26559e3}\Root\InventoryApplicationFile\lkiqdqtvxs.exe|6e542737d201a6a6
|
Language
|
||
\REGISTRY\A\{8fc0b50a-7314-28b9-e976-204ac26559e3}\Root\InventoryApplicationFile\lkiqdqtvxs.exe|6e542737d201a6a6
|
Usn
|
There are 14 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
632000
|
unkown
|
page readonly
|
||
29C1000
|
trusted library allocation
|
page read and write
|
||
24BF8400000
|
direct allocation
|
page read and write
|
||
5F88000
|
trusted library allocation
|
page read and write
|
||
A60000
|
heap
|
page read and write
|
||
5290000
|
trusted library allocation
|
page execute and read and write
|
||
2EE1000
|
trusted library allocation
|
page read and write
|
||
F7B000
|
trusted library allocation
|
page execute and read and write
|
||
2E9C000
|
trusted library allocation
|
page read and write
|
||
2BAF000
|
trusted library allocation
|
page read and write
|
||
7FF76E663000
|
unkown
|
page read and write
|
||
2D49000
|
trusted library allocation
|
page read and write
|
||
F50000
|
trusted library allocation
|
page read and write
|
||
7FF76E668000
|
unkown
|
page readonly
|
||
5B25000
|
heap
|
page read and write
|
||
D54000
|
heap
|
page read and write
|
||
2E78000
|
trusted library allocation
|
page read and write
|
||
4FC8000
|
trusted library allocation
|
page read and write
|
||
6D0F000
|
stack
|
page read and write
|
||
24BF3C40000
|
direct allocation
|
page read and write
|
||
28C8A21E000
|
heap
|
page read and write
|
||
2E04000
|
trusted library allocation
|
page read and write
|
||
24BF3C96000
|
heap
|
page read and write
|
||
4C0E19A000
|
stack
|
page read and write
|
||
5280000
|
trusted library allocation
|
page read and write
|
||
5030000
|
trusted library allocation
|
page read and write
|
||
7FF76E65E000
|
unkown
|
page read and write
|
||
2ECF000
|
trusted library allocation
|
page read and write
|
||
5B8E000
|
heap
|
page read and write
|
||
4F02000
|
trusted library allocation
|
page read and write
|
||
4E10000
|
trusted library allocation
|
page read and write
|
||
2F0A000
|
trusted library allocation
|
page read and write
|
||
4E90000
|
trusted library allocation
|
page read and write
|
||
F60000
|
trusted library allocation
|
page read and write
|
||
69DB000
|
heap
|
page read and write
|
||
51F0000
|
trusted library allocation
|
page read and write
|
||
5AE5000
|
heap
|
page read and write
|
||
D20000
|
heap
|
page read and write
|
||
6C40000
|
trusted library allocation
|
page read and write
|
||
5180000
|
trusted library allocation
|
page read and write
|
||
630000
|
unkown
|
page readonly
|
||
2DB9000
|
trusted library allocation
|
page read and write
|
||
6CCD000
|
stack
|
page read and write
|
||
5070000
|
heap
|
page execute and read and write
|
||
111E000
|
heap
|
page read and write
|
||
3A48000
|
trusted library allocation
|
page read and write
|
||
7FF76E657000
|
unkown
|
page read and write
|
||
F43000
|
trusted library allocation
|
page execute and read and write
|
||
72D6000
|
heap
|
page read and write
|
||
5B0F000
|
heap
|
page read and write
|
||
2E7B000
|
trusted library allocation
|
page read and write
|
||
2D51000
|
trusted library allocation
|
page read and write
|
||
5B62000
|
heap
|
page read and write
|
||
52A0000
|
trusted library allocation
|
page read and write
|
||
D47000
|
heap
|
page read and write
|
||
7FF76E52A000
|
unkown
|
page readonly
|
||
DBC000
|
heap
|
page read and write
|
||
2BB1000
|
trusted library allocation
|
page read and write
|
||
5AE1000
|
heap
|
page read and write
|
||
F62000
|
trusted library allocation
|
page read and write
|
||
89DE000
|
stack
|
page read and write
|
||
2D4E000
|
trusted library allocation
|
page read and write
|
||
6A7B000
|
heap
|
page read and write
|
||
5B06000
|
heap
|
page read and write
|
||
5B69000
|
heap
|
page read and write
|
||
FA0000
|
heap
|
page read and write
|
||
6C50000
|
trusted library allocation
|
page read and write
|
||
39FC000
|
trusted library allocation
|
page read and write
|
||
4FF1000
|
trusted library allocation
|
page read and write
|
||
39E9000
|
trusted library allocation
|
page read and write
|
||
2E13000
|
trusted library allocation
|
page read and write
|
||
29BE000
|
stack
|
page read and write
|
||
7FF76E321000
|
unkown
|
page execute read
|
||
530E000
|
stack
|
page read and write
|
||
4F10000
|
trusted library allocation
|
page execute and read and write
|
||
2EA4000
|
trusted library allocation
|
page read and write
|
||
4E60000
|
trusted library allocation
|
page read and write
|
||
6D20000
|
trusted library allocation
|
page execute and read and write
|
||
DEA000
|
heap
|
page read and write
|
||
4C0E8FE000
|
stack
|
page read and write
|
||
2D55000
|
trusted library allocation
|
page read and write
|
||
5E8F000
|
stack
|
page read and write
|
||
52B0000
|
trusted library allocation
|
page read and write
|
||
2EDE000
|
trusted library allocation
|
page read and write
|
||
1110000
|
heap
|
page read and write
|
||
28C0962F000
|
direct allocation
|
page read and write
|
||
2E06000
|
trusted library allocation
|
page read and write
|
||
5B2E000
|
heap
|
page read and write
|
||
4FE0000
|
trusted library allocation
|
page read and write
|
||
69F2000
|
heap
|
page read and write
|
||
5B38000
|
heap
|
page read and write
|
||
5F80000
|
trusted library allocation
|
page read and write
|
||
5EFC000
|
stack
|
page read and write
|
||
100E000
|
stack
|
page read and write
|
||
5AF3000
|
heap
|
page read and write
|
||
6C35000
|
trusted library allocation
|
page read and write
|
||
5240000
|
trusted library allocation
|
page execute and read and write
|
||
5002000
|
trusted library allocation
|
page read and write
|
||
4C0E6FF000
|
stack
|
page read and write
|
||
F44000
|
trusted library allocation
|
page read and write
|
||
6D10000
|
trusted library allocation
|
page read and write
|
||
740E000
|
stack
|
page read and write
|
||
5011000
|
trusted library allocation
|
page read and write
|
||
5B74000
|
heap
|
page read and write
|
||
5270000
|
trusted library allocation
|
page read and write
|
||
5250000
|
heap
|
page read and write
|
||
6C32000
|
trusted library allocation
|
page read and write
|
||
5B15000
|
heap
|
page read and write
|
||
53C0000
|
trusted library allocation
|
page read and write
|
||
7FF76E320000
|
unkown
|
page readonly
|
||
28C8A330000
|
heap
|
page read and write
|
||
5055000
|
trusted library allocation
|
page read and write
|
||
6AC8000
|
heap
|
page read and write
|
||
72BE000
|
stack
|
page read and write
|
||
2D46000
|
trusted library allocation
|
page read and write
|
||
5A9C000
|
heap
|
page read and write
|
||
5ACD000
|
heap
|
page read and write
|
||
4FC0000
|
trusted library allocation
|
page read and write
|
||
DB2000
|
heap
|
page read and write
|
||
6C60000
|
trusted library allocation
|
page execute and read and write
|
||
F6A000
|
trusted library allocation
|
page execute and read and write
|
||
4FF6000
|
trusted library allocation
|
page read and write
|
||
5F8B000
|
trusted library allocation
|
page read and write
|
||
68C0000
|
heap
|
page read and write
|
||
4E70000
|
trusted library allocation
|
page read and write
|
||
2E29000
|
trusted library allocation
|
page read and write
|
||
7F700000
|
trusted library allocation
|
page execute and read and write
|
||
69C0000
|
heap
|
page read and write
|
||
4E4D000
|
trusted library allocation
|
page read and write
|
||
6BF0000
|
trusted library allocation
|
page read and write
|
||
2E3F000
|
trusted library allocation
|
page read and write
|
||
4ABC000
|
stack
|
page read and write
|
||
5B6C000
|
heap
|
page read and write
|
||
7FF76E665000
|
unkown
|
page read and write
|
||
5C8E000
|
stack
|
page read and write
|
||
2DDA000
|
trusted library allocation
|
page read and write
|
||
D61000
|
heap
|
page read and write
|
||
4FCA000
|
trusted library allocation
|
page read and write
|
||
6BF5000
|
trusted library allocation
|
page read and write
|
||
6D80000
|
trusted library allocation
|
page read and write
|
||
4E80000
|
trusted library allocation
|
page read and write
|
||
52C0000
|
trusted library allocation
|
page execute and read and write
|
||
6BF2000
|
trusted library allocation
|
page read and write
|
||
F77000
|
trusted library allocation
|
page execute and read and write
|
||
501A000
|
trusted library allocation
|
page read and write
|
||
51E0000
|
trusted library allocation
|
page read and write
|
||
6C1A000
|
trusted library allocation
|
page read and write
|
||
51C0000
|
trusted library allocation
|
page read and write
|
||
24BF3C10000
|
heap
|
page read and write
|
||
4E24000
|
trusted library allocation
|
page read and write
|
||
F30000
|
trusted library allocation
|
page read and write
|
||
3A03000
|
trusted library allocation
|
page read and write
|
||
2F4F000
|
trusted library allocation
|
page read and write
|
||
BCE000
|
stack
|
page read and write
|
||
E03000
|
heap
|
page read and write
|
||
72C0000
|
heap
|
page read and write
|
||
1100000
|
trusted library allocation
|
page execute and read and write
|
||
4C0E9FE000
|
stack
|
page read and write
|
||
28C8A130000
|
heap
|
page read and write
|
||
70CF000
|
stack
|
page read and write
|
||
79E0000
|
heap
|
page read and write
|
||
24BF3BE0000
|
heap
|
page read and write
|
||
6C24000
|
trusted library allocation
|
page read and write
|
||
73C0000
|
trusted library allocation
|
page execute and read and write
|
||
39CF000
|
trusted library allocation
|
page read and write
|
||
5B0A000
|
heap
|
page read and write
|
||
662000
|
unkown
|
page readonly
|
||
4C0E7FE000
|
stack
|
page read and write
|
||
6C30000
|
trusted library allocation
|
page read and write
|
||
2E69000
|
trusted library allocation
|
page read and write
|
||
F90000
|
trusted library allocation
|
page read and write
|
||
39FF000
|
trusted library allocation
|
page read and write
|
||
4FC5000
|
trusted library allocation
|
page read and write
|
||
6C1F000
|
trusted library allocation
|
page read and write
|
||
2E75000
|
trusted library allocation
|
page read and write
|
||
4E00000
|
trusted library allocation
|
page read and write
|
||
5050000
|
trusted library allocation
|
page read and write
|
||
66BC000
|
stack
|
page read and write
|
||
2F5A000
|
trusted library allocation
|
page read and write
|
||
51D0000
|
trusted library allocation
|
page read and write
|
||
24BF5800000
|
direct allocation
|
page read and write
|
||
1018000
|
trusted library allocation
|
page read and write
|
||
2BB7000
|
trusted library allocation
|
page read and write
|
||
6C20000
|
trusted library allocation
|
page read and write
|
||
111A000
|
heap
|
page read and write
|
||
2F47000
|
trusted library allocation
|
page read and write
|
||
5F3E000
|
stack
|
page read and write
|
||
6D30000
|
trusted library allocation
|
page read and write
|
||
4E46000
|
trusted library allocation
|
page read and write
|
||
2A54000
|
trusted library allocation
|
page read and write
|
||
7FF76E668000
|
unkown
|
page readonly
|
||
2D58000
|
trusted library allocation
|
page read and write
|
||
24BF3CEF000
|
heap
|
page read and write
|
||
7FF76E44B000
|
unkown
|
page read and write
|
||
5190000
|
trusted library allocation
|
page execute and read and write
|
||
DB0000
|
heap
|
page read and write
|
||
7FF76E52A000
|
unkown
|
page readonly
|
||
1010000
|
trusted library allocation
|
page read and write
|
||
24BF3C9C000
|
heap
|
page read and write
|
||
28C8A343000
|
heap
|
page read and write
|
||
500E000
|
trusted library allocation
|
page read and write
|
||
2D5A000
|
trusted library allocation
|
page read and write
|
||
24BF3C60000
|
heap
|
page read and write
|
||
7FF76E657000
|
unkown
|
page write copy
|
||
F75000
|
trusted library allocation
|
page execute and read and write
|
||
68BD000
|
stack
|
page read and write
|
||
5F7E000
|
stack
|
page read and write
|
||
F1F000
|
stack
|
page read and write
|
||
24BF3C65000
|
heap
|
page read and write
|
||
FB0000
|
heap
|
page read and write
|
||
5B29000
|
heap
|
page read and write
|
||
505E000
|
trusted library allocation
|
page read and write
|
||
538E000
|
stack
|
page read and write
|
||
5390000
|
trusted library allocation
|
page execute and read and write
|
||
534E000
|
stack
|
page read and write
|
||
CDE000
|
stack
|
page read and write
|
||
79E2000
|
heap
|
page read and write
|
||
BD0000
|
heap
|
page read and write
|
||
2ED1000
|
trusted library allocation
|
page read and write
|
||
24BF3CF1000
|
heap
|
page read and write
|
||
4E3E000
|
trusted library allocation
|
page read and write
|
||
4E20000
|
trusted library allocation
|
page read and write
|
||
4E52000
|
trusted library allocation
|
page read and write
|
||
2EF4000
|
trusted library allocation
|
page read and write
|
||
39C1000
|
trusted library allocation
|
page read and write
|
||
2AAB000
|
trusted library allocation
|
page read and write
|
||
5060000
|
trusted library allocation
|
page read and write
|
||
67BC000
|
stack
|
page read and write
|
||
5D8E000
|
stack
|
page read and write
|
||
2EE9000
|
trusted library allocation
|
page read and write
|
||
2BBD000
|
trusted library allocation
|
page read and write
|
||
6C0A000
|
trusted library allocation
|
page read and write
|
||
6C15000
|
trusted library allocation
|
page read and write
|
||
6BF9000
|
trusted library allocation
|
page read and write
|
||
2BBB000
|
trusted library allocation
|
page read and write
|
||
1117000
|
heap
|
page read and write
|
||
5260000
|
trusted library allocation
|
page execute and read and write
|
||
7170000
|
heap
|
page read and write
|
||
2E37000
|
trusted library allocation
|
page read and write
|
||
FB3000
|
heap
|
page read and write
|
||
6AC3000
|
heap
|
page read and write
|
||
6D14000
|
trusted library allocation
|
page read and write
|
||
2EDB000
|
trusted library allocation
|
page read and write
|
||
B8E000
|
stack
|
page read and write
|
||
10FC000
|
stack
|
page read and write
|
||
4EB0000
|
trusted library allocation
|
page read and write
|
||
6A20000
|
heap
|
page read and write
|
||
6BE0000
|
trusted library allocation
|
page read and write
|
||
2E6B000
|
trusted library allocation
|
page read and write
|
||
6C08000
|
trusted library allocation
|
page read and write
|
||
5AFE000
|
heap
|
page read and write
|
||
6D7E000
|
stack
|
page read and write
|
||
745D000
|
stack
|
page read and write
|
||
2E1E000
|
trusted library allocation
|
page read and write
|
||
6C0F000
|
trusted library allocation
|
page read and write
|
||
5AEF000
|
heap
|
page read and write
|
||
24BF3BF0000
|
heap
|
page read and write
|
||
7410000
|
trusted library allocation
|
page execute and read and write
|
||
2F02000
|
trusted library allocation
|
page read and write
|
||
710E000
|
stack
|
page read and write
|
||
3DA4000
|
trusted library allocation
|
page read and write
|
||
2BD1000
|
trusted library allocation
|
page read and write
|
||
4C0E4FE000
|
stack
|
page read and write
|
||
2E8E000
|
trusted library allocation
|
page read and write
|
||
2E16000
|
trusted library allocation
|
page read and write
|
||
FC0000
|
heap
|
page read and write
|
||
7F7000
|
stack
|
page read and write
|
||
2BB5000
|
trusted library allocation
|
page read and write
|
||
4E2B000
|
trusted library allocation
|
page read and write
|
||
2D5C000
|
trusted library allocation
|
page read and write
|
||
5B56000
|
heap
|
page read and write
|
||
4FEB000
|
trusted library allocation
|
page read and write
|
||
5041000
|
trusted library allocation
|
page read and write
|
||
2F35000
|
trusted library allocation
|
page read and write
|
||
5020000
|
trusted library allocation
|
page read and write
|
||
69FF000
|
heap
|
page read and write
|
||
3BF1000
|
trusted library allocation
|
page read and write
|
||
4E41000
|
trusted library allocation
|
page read and write
|
||
CF0000
|
heap
|
page read and write
|
||
2F68000
|
trusted library allocation
|
page read and write
|
||
88DE000
|
stack
|
page read and write
|
||
69C4000
|
heap
|
page read and write
|
||
7FF76E320000
|
unkown
|
page readonly
|
||
6A26000
|
heap
|
page read and write
|
||
F5D000
|
trusted library allocation
|
page execute and read and write
|
||
39F0000
|
trusted library allocation
|
page read and write
|
||
5AF9000
|
heap
|
page read and write
|
||
4EF0000
|
heap
|
page read and write
|
||
2B23000
|
trusted library allocation
|
page read and write
|
||
69D2000
|
heap
|
page read and write
|
||
24BF3C90000
|
heap
|
page read and write
|
||
2F41000
|
trusted library allocation
|
page read and write
|
||
2DC4000
|
trusted library allocation
|
page read and write
|
||
2F44000
|
trusted library allocation
|
page read and write
|
||
5B7C000
|
heap
|
page read and write
|
||
7FF76E321000
|
unkown
|
page execute read
|
||
39F5000
|
trusted library allocation
|
page read and write
|
||
10B0000
|
heap
|
page execute and read and write
|
||
4E7E000
|
trusted library allocation
|
page read and write
|
||
F72000
|
trusted library allocation
|
page read and write
|
||
6FA000
|
stack
|
page read and write
|
||
5EB0000
|
trusted library allocation
|
page execute and read and write
|
||
714E000
|
stack
|
page read and write
|
||
7FF76E660000
|
unkown
|
page read and write
|
||
4E85000
|
trusted library allocation
|
page read and write
|
||
2E83000
|
trusted library allocation
|
page read and write
|
||
4C0E5FF000
|
stack
|
page read and write
|
||
5170000
|
trusted library allocation
|
page read and write
|
||
5B45000
|
heap
|
page read and write
|
||
5B86000
|
heap
|
page read and write
|
||
505B000
|
trusted library allocation
|
page read and write
|
||
5B3E000
|
heap
|
page read and write
|
||
71BB000
|
stack
|
page read and write
|
||
4F00000
|
trusted library allocation
|
page read and write
|
||
24BF3C50000
|
direct allocation
|
page read and write
|
||
F66000
|
trusted library allocation
|
page execute and read and write
|
||
5A90000
|
heap
|
page read and write
|
||
79F0000
|
heap
|
page read and write
|
||
F70000
|
trusted library allocation
|
page read and write
|
||
F40000
|
trusted library allocation
|
page read and write
|
||
7160000
|
heap
|
page read and write
|
||
D2E000
|
heap
|
page read and write
|
||
2DD2000
|
trusted library allocation
|
page read and write
|
||
6DA0000
|
trusted library allocation
|
page read and write
|
||
24BF8000000
|
direct allocation
|
page read and write
|
||
2D43000
|
trusted library allocation
|
page read and write
|
||
2E10000
|
trusted library allocation
|
page read and write
|
||
7150000
|
trusted library allocation
|
page read and write
|
||
24BF8003000
|
direct allocation
|
page read and write
|
||
B40000
|
heap
|
page read and write
|
||
39E1000
|
trusted library allocation
|
page read and write
|
||
BD5000
|
heap
|
page read and write
|
||
F4D000
|
trusted library allocation
|
page execute and read and write
|
There are 323 hidden memdumps, click here to show them.