Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
f3ba41ba0b508b0965153c1688d6df6de6b3fdf59b015.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\EduTech Dynamics\ApolloSphere.js
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\EduTech Dynamics\ApolloSphere.pif
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\723582\Flash.pif
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\EduTech Dynamics\L
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\723582\RegAsm.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\723582\r
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Agreed
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Anchor
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Arrangements
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Barrel
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Binding
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Bonus
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Canal
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Confidentiality
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Fisting
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Fred
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Friend
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Has
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Manager
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Milk
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Myself
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\North
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Palestinian
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Parents
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Pose
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Privacy
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Restriction
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Screw
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Seeds
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Sexo
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Success
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Surgeons
|
ASCII text, with very long lines (1660), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Surgeons.cmd
|
ASCII text, with very long lines (1660), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Tagged
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Vitamin
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Wallpapers
|
PDP-11 overlaid pure executable
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Yours
|
data
|
dropped
|
There are 28 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\f3ba41ba0b508b0965153c1688d6df6de6b3fdf59b015.exe
|
"C:\Users\user\Desktop\f3ba41ba0b508b0965153c1688d6df6de6b3fdf59b015.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /k copy Surgeons Surgeons.cmd & Surgeons.cmd & exit
|
|
|
|
C:\Windows\SysWOW64\findstr.exe
|
findstr /I "wrsa.exe opssvc.exe"
|
|
|
|
C:\Windows\SysWOW64\findstr.exe
|
findstr /I "avastui.exe avgui.exe bdservicehost.exe nswscsvc.exe sophoshealth.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd /c md 723582
|
|
|
|
C:\Windows\SysWOW64\findstr.exe
|
findstr /V "wagemissileaffiliatesgreeting" Fisting
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd /c copy /b Restriction + Manager + Screw + Anchor 723582\r
|
|
|
|
C:\Users\user\AppData\Local\Temp\723582\Flash.pif
|
723582\Flash.pif 723582\r
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks.exe /create /tn "ApolloSphere" /tr "wscript //B 'C:\Users\user\AppData\Local\EduTech Dynamics\ApolloSphere.js'" /sc
onlogon /F /RL HIGHEST
|
|
|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\EduTech Dynamics\ApolloSphere.js"
|
|
|
|
C:\Users\user\AppData\Local\EduTech Dynamics\ApolloSphere.pif
|
"C:\Users\user\AppData\Local\EduTech Dynamics\ApolloSphere.pif" "C:\Users\user\AppData\Local\EduTech Dynamics\L"
|
|
|
|
C:\Users\user\AppData\Local\Temp\723582\RegAsm.exe
|
C:\Users\user\AppData\Local\Temp\723582\RegAsm.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\tasklist.exe
|
tasklist
|
||
|
C:\Windows\SysWOW64\tasklist.exe
|
tasklist
|
||
|
C:\Windows\SysWOW64\timeout.exe
|
timeout 15
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 7 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
88.99.151.68:7200
|
|
||
|
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
|
unknown
|
||
|
http://www.autoitscript.com/autoit3/J
|
unknown
|
||
|
https://api.ip.sb/ip
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
https://www.autoitscript.com/autoit3/
|
unknown
|
||
|
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
RADgSUbEiddPOZAFcUYmDkmxSjP.RADgSUbEiddPOZAFcUYmDkmxSjP
|
unknown
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
|
JScriptSetScriptStateStarted
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
141A000
|
trusted library allocation
|
page read and write
|
|
|
|
1350000
|
trusted library allocation
|
page read and write
|
|
|
|
30D4000
|
trusted library allocation
|
page read and write
|
|
|
|
139B000
|
trusted library allocation
|
page read and write
|
|
|
|
14CB000
|
trusted library allocation
|
page read and write
|
|
|
|
1351000
|
trusted library allocation
|
page read and write
|
|
|
|
42DB000
|
trusted library allocation
|
page read and write
|
|
|
|
141B000
|
trusted library allocation
|
page read and write
|
|
|
|
30D4000
|
trusted library allocation
|
page read and write
|
|
|
|
1285000
|
heap
|
page read and write
|
||
|
4F4000
|
unkown
|
page readonly
|
||
|
1092000
|
heap
|
page read and write
|
||
|
2F27000
|
heap
|
page read and write
|
||
|
64D000
|
heap
|
page read and write
|
||
|
2F9E000
|
heap
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
283E000
|
heap
|
page read and write
|
||
|
1565000
|
heap
|
page read and write
|
||
|
3A90000
|
heap
|
page read and write
|
||
|
30C3000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
824000
|
heap
|
page read and write
|
||
|
133A2B4D000
|
heap
|
page read and write
|
||
|
1150000
|
heap
|
page read and write
|
||
|
3B90000
|
heap
|
page read and write
|
||
|
3B9A000
|
trusted library allocation
|
page read and write
|
||
|
FFC000
|
stack
|
page read and write
|
||
|
133A2B2F000
|
heap
|
page read and write
|
||
|
2FAC000
|
heap
|
page read and write
|
||
|
1184000
|
heap
|
page read and write
|
||
|
9CF000
|
stack
|
page read and write
|
||
|
133A2AE0000
|
heap
|
page read and write
|
||
|
63D000
|
heap
|
page read and write
|
||
|
1483000
|
trusted library allocation
|
page read and write
|
||
|
3240000
|
trusted library allocation
|
page read and write
|
||
|
133A2B16000
|
heap
|
page read and write
|
||
|
249000
|
unkown
|
page readonly
|
||
|
230E000
|
stack
|
page read and write
|
||
|
3397000
|
heap
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
5DE000
|
stack
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
6B51FF000
|
stack
|
page read and write
|
||
|
283F000
|
heap
|
page read and write
|
||
|
133A4720000
|
heap
|
page read and write
|
||
|
39F2000
|
trusted library allocation
|
page read and write
|
||
|
EB0000
|
trusted library allocation
|
page read and write
|
||
|
30EC000
|
heap
|
page read and write
|
||
|
2840000
|
heap
|
page read and write
|
||
|
30A4000
|
trusted library allocation
|
page read and write
|
||
|
2F9E000
|
heap
|
page read and write
|
||
|
4F4000
|
unkown
|
page readonly
|
||
|
56C000
|
stack
|
page read and write
|
||
|
133A2B08000
|
heap
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
A99000
|
unkown
|
page readonly
|
||
|
133A2B42000
|
heap
|
page read and write
|
||
|
3240000
|
trusted library allocation
|
page read and write
|
||
|
210000
|
unkown
|
page readonly
|
||
|
2ECC000
|
stack
|
page read and write
|
||
|
649000
|
heap
|
page read and write
|
||
|
133A2B07000
|
heap
|
page read and write
|
||
|
EB0000
|
trusted library allocation
|
page read and write
|
||
|
2835000
|
heap
|
page read and write
|
||
|
30E9000
|
heap
|
page read and write
|
||
|
4C3000
|
unkown
|
page read and write
|
||
|
3A79000
|
trusted library allocation
|
page read and write
|
||
|
4FEE000
|
stack
|
page read and write
|
||
|
210000
|
unkown
|
page readonly
|
||
|
30EC000
|
heap
|
page read and write
|
||
|
2E7F000
|
stack
|
page read and write
|
||
|
2FBB000
|
heap
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
30BE000
|
heap
|
page read and write
|
||
|
113F000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
145B000
|
trusted library allocation
|
page read and write
|
||
|
283A000
|
heap
|
page read and write
|
||
|
E6E000
|
stack
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
A90000
|
unkown
|
page write copy
|
||
|
40B000
|
unkown
|
page write copy
|
||
|
461000
|
unkown
|
page read and write
|
||
|
133A2B4D000
|
heap
|
page read and write
|
||
|
3046000
|
heap
|
page read and write
|
||
|
5AC000
|
stack
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
824000
|
heap
|
page read and write
|
||
|
649000
|
heap
|
page read and write
|
||
|
3A37000
|
trusted library allocation
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
649000
|
heap
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
21AE000
|
stack
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
EB0000
|
trusted library allocation
|
page read and write
|
||
|
824000
|
heap
|
page read and write
|
||
|
140A000
|
trusted library allocation
|
page read and write
|
||
|
2836000
|
heap
|
page read and write
|
||
|
2FCC000
|
heap
|
page read and write
|
||
|
A2F000
|
stack
|
page read and write
|
||
|
1403000
|
trusted library allocation
|
page read and write
|
||
|
30BE000
|
heap
|
page read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
1325000
|
heap
|
page read and write
|
||
|
3A98000
|
heap
|
page read and write
|
||
|
1247000
|
heap
|
page read and write
|
||
|
30DF000
|
heap
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
3240000
|
trusted library allocation
|
page read and write
|
||
|
2E3E000
|
stack
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
2835000
|
heap
|
page read and write
|
||
|
15E1000
|
trusted library allocation
|
page read and write
|
||
|
63D000
|
heap
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
2FCC000
|
heap
|
page read and write
|
||
|
15E4000
|
trusted library allocation
|
page read and write
|
||
|
63D000
|
heap
|
page read and write
|
||
|
133A2B4D000
|
heap
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
649000
|
heap
|
page read and write
|
||
|
671000
|
heap
|
page read and write
|
||
|
11B8000
|
heap
|
page read and write
|
||
|
824000
|
heap
|
page read and write
|
||
|
EB0000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3AA0000
|
heap
|
page read and write
|
||
|
2836000
|
heap
|
page read and write
|
||
|
6B56FE000
|
stack
|
page read and write
|
||
|
824000
|
heap
|
page read and write
|
||
|
3284000
|
heap
|
page read and write
|
||
|
41F000
|
unkown
|
page read and write
|
||
|
3A79000
|
trusted library allocation
|
page read and write
|
||
|
134E000
|
heap
|
page read and write
|
||
|
181000
|
unkown
|
page execute read
|
||
|
3721000
|
heap
|
page read and write
|
||
|
181000
|
unkown
|
page execute read
|
||
|
649000
|
heap
|
page read and write
|
||
|
152F000
|
trusted library allocation
|
page read and write
|
||
|
649000
|
heap
|
page read and write
|
||
|
244000
|
unkown
|
page write copy
|
||
|
1351000
|
trusted library allocation
|
page read and write
|
||
|
39E0000
|
trusted library allocation
|
page read and write
|
||
|
133A2B1F000
|
heap
|
page read and write
|
||
|
651000
|
heap
|
page read and write
|
||
|
F85000
|
heap
|
page read and write
|
||
|
133A2AB0000
|
heap
|
page read and write
|
||
|
6B57FE000
|
stack
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
1344000
|
heap
|
page read and write
|
||
|
59E000
|
stack
|
page read and write
|
||
|
649000
|
heap
|
page read and write
|
||
|
3AD7000
|
trusted library allocation
|
page read and write
|
||
|
3040000
|
heap
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
860000
|
trusted library allocation
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
15ED000
|
trusted library allocation
|
page read and write
|
||
|
63D000
|
heap
|
page read and write
|
||
|
2830000
|
heap
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
13F0000
|
heap
|
page read and write
|
||
|
39F2000
|
trusted library allocation
|
page read and write
|
||
|
34AC000
|
stack
|
page read and write
|
||
|
1305000
|
heap
|
page read and write
|
||
|
14A0000
|
trusted library allocation
|
page read and write
|
||
|
824000
|
heap
|
page read and write
|
||
|
EB0000
|
trusted library allocation
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
30DC000
|
heap
|
page read and write
|
||
|
2835000
|
heap
|
page read and write
|
||
|
824000
|
heap
|
page read and write
|
||
|
EEE000
|
stack
|
page read and write
|
||
|
824000
|
heap
|
page read and write
|
||
|
3240000
|
trusted library allocation
|
page read and write
|
||
|
3114000
|
trusted library allocation
|
page read and write
|
||
|
651000
|
heap
|
page read and write
|
||
|
1351000
|
trusted library allocation
|
page read and write
|
||
|
A86000
|
unkown
|
page readonly
|
||
|
6B53FF000
|
stack
|
page read and write
|
||
|
63D000
|
heap
|
page read and write
|
||
|
D00000
|
unkown
|
page readonly
|
||
|
D02000
|
unkown
|
page readonly
|
||
|
2FBB000
|
heap
|
page read and write
|
||
|
649000
|
heap
|
page read and write
|
||
|
1391000
|
trusted library allocation
|
page read and write
|
||
|
F50000
|
heap
|
page read and write
|
||
|
336F000
|
stack
|
page read and write
|
||
|
133A2B2E000
|
heap
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
15F1000
|
trusted library allocation
|
page read and write
|
||
|
2836000
|
heap
|
page read and write
|
||
|
3720000
|
heap
|
page read and write
|
||
|
63D000
|
heap
|
page read and write
|
||
|
60A000
|
heap
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
8C9000
|
stack
|
page read and write
|
||
|
118E000
|
heap
|
page read and write
|
||
|
1264000
|
heap
|
page read and write
|
||
|
2F20000
|
heap
|
page read and write
|
||
|
1351000
|
trusted library allocation
|
page read and write
|
||
|
64D000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
2F80000
|
heap
|
page read and write
|
||
|
30D4000
|
trusted library allocation
|
page read and write
|
||
|
150C000
|
trusted library allocation
|
page read and write
|
||
|
9EE000
|
stack
|
page read and write
|
||
|
29BC000
|
stack
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
1553000
|
trusted library allocation
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
134E000
|
heap
|
page read and write
|
||
|
6B4DCA000
|
stack
|
page read and write
|
||
|
283F000
|
heap
|
page read and write
|
||
|
3ECF000
|
stack
|
page read and write
|
||
|
649000
|
heap
|
page read and write
|
||
|
63D000
|
heap
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
240000
|
unkown
|
page read and write
|
||
|
3A2A000
|
trusted library allocation
|
page read and write
|
||
|
63D000
|
heap
|
page read and write
|
||
|
2C60000
|
heap
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
4D2E000
|
stack
|
page read and write
|
||
|
155E000
|
trusted library allocation
|
page read and write
|
||
|
11D3000
|
heap
|
page read and write
|
||
|
29FC000
|
stack
|
page read and write
|
||
|
2FAD000
|
heap
|
page read and write
|
||
|
39D1000
|
trusted library allocation
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
A86000
|
unkown
|
page readonly
|
||
|
1685000
|
trusted library allocation
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
133A2B0E000
|
heap
|
page read and write
|
||
|
4D1E000
|
stack
|
page read and write
|
||
|
30EA000
|
heap
|
page read and write
|
||
|
954000
|
heap
|
page read and write
|
||
|
2EF0000
|
trusted library allocation
|
page read and write
|
||
|
133A2B16000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
145B000
|
trusted library allocation
|
page read and write
|
||
|
1282000
|
heap
|
page read and write
|
||
|
1119000
|
heap
|
page read and write
|
||
|
A94000
|
unkown
|
page write copy
|
||
|
133A4A70000
|
heap
|
page read and write
|
||
|
9D0000
|
unkown
|
page readonly
|
||
|
249000
|
unkown
|
page readonly
|
||
|
3721000
|
heap
|
page read and write
|
||
|
133A2B1E000
|
heap
|
page read and write
|
||
|
64D000
|
heap
|
page read and write
|
||
|
63D000
|
heap
|
page read and write
|
||
|
2FCC000
|
heap
|
page read and write
|
||
|
308E000
|
stack
|
page read and write
|
||
|
2DF6000
|
heap
|
page read and write
|
||
|
EB0000
|
trusted library allocation
|
page read and write
|
||
|
60E000
|
heap
|
page read and write
|
||
|
63D000
|
heap
|
page read and write
|
||
|
30E8000
|
heap
|
page read and write
|
||
|
42CF000
|
stack
|
page read and write
|
||
|
2832000
|
heap
|
page read and write
|
||
|
133A2B4D000
|
heap
|
page read and write
|
||
|
157C000
|
heap
|
page read and write
|
||
|
1047000
|
heap
|
page read and write
|
||
|
3240000
|
trusted library allocation
|
page read and write
|
||
|
824000
|
heap
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
1351000
|
trusted library allocation
|
page read and write
|
||
|
236000
|
unkown
|
page readonly
|
||
|
63A000
|
heap
|
page read and write
|
||
|
EB0000
|
trusted library allocation
|
page read and write
|
||
|
2EF1000
|
trusted library allocation
|
page read and write
|
||
|
2F6E000
|
stack
|
page read and write
|
||
|
10AB000
|
heap
|
page read and write
|
||
|
4D6F000
|
stack
|
page read and write
|
||
|
152F000
|
trusted library allocation
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
3240000
|
trusted library allocation
|
page read and write
|
||
|
649000
|
heap
|
page read and write
|
||
|
1184000
|
heap
|
page read and write
|
||
|
1295000
|
heap
|
page read and write
|
||
|
15E2000
|
trusted library allocation
|
page read and write
|
||
|
1314000
|
heap
|
page read and write
|
||
|
30A8000
|
heap
|
page read and write
|
||
|
143D000
|
heap
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
68A000
|
stack
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
649000
|
heap
|
page read and write
|
||
|
1351000
|
trusted library allocation
|
page read and write
|
||
|
3240000
|
trusted library allocation
|
page read and write
|
||
|
10F8000
|
heap
|
page read and write
|
||
|
EB0000
|
trusted library allocation
|
page read and write
|
||
|
133A2B44000
|
heap
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
1184000
|
heap
|
page read and write
|
||
|
133A2B0E000
|
heap
|
page read and write
|
||
|
2835000
|
heap
|
page read and write
|
||
|
EB0000
|
trusted library allocation
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
FDD000
|
stack
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
64D000
|
heap
|
page read and write
|
||
|
2FBF000
|
heap
|
page read and write
|
||
|
824000
|
heap
|
page read and write
|
||
|
64D000
|
heap
|
page read and write
|
||
|
4CDF000
|
stack
|
page read and write
|
||
|
9D1000
|
unkown
|
page execute read
|
||
|
133A2B0D000
|
heap
|
page read and write
|
||
|
3240000
|
trusted library allocation
|
page read and write
|
||
|
6B54FF000
|
stack
|
page read and write
|
||
|
3A91000
|
heap
|
page read and write
|
||
|
15E4000
|
trusted library allocation
|
page read and write
|
||
|
824000
|
heap
|
page read and write
|
||
|
133A2B27000
|
heap
|
page read and write
|
||
|
64D000
|
heap
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
133A2B4B000
|
heap
|
page read and write
|
||
|
2FCC000
|
heap
|
page read and write
|
||
|
11E4000
|
heap
|
page read and write
|
||
|
8CF000
|
stack
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
1550000
|
trusted library allocation
|
page read and write
|
||
|
4F2F000
|
stack
|
page read and write
|
||
|
1120000
|
heap
|
page read and write
|
||
|
283F000
|
heap
|
page read and write
|
||
|
649000
|
heap
|
page read and write
|
||
|
283D000
|
heap
|
page read and write
|
||
|
EB0000
|
trusted library allocation
|
page read and write
|
||
|
3240000
|
trusted library allocation
|
page read and write
|
||
|
283A000
|
heap
|
page read and write
|
||
|
133A2AFC000
|
heap
|
page read and write
|
||
|
1184000
|
heap
|
page read and write
|
||
|
A90000
|
unkown
|
page read and write
|
||
|
A60000
|
unkown
|
page readonly
|
||
|
3721000
|
heap
|
page read and write
|
||
|
2DBF000
|
stack
|
page read and write
|
||
|
63D000
|
heap
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
4DF000
|
unkown
|
page read and write
|
||
|
3280000
|
heap
|
page read and write
|
||
|
133A2AC0000
|
heap
|
page read and write
|
||
|
63D000
|
heap
|
page read and write
|
||
|
678000
|
heap
|
page read and write
|
||
|
A60000
|
unkown
|
page readonly
|
||
|
2EF1000
|
trusted library allocation
|
page read and write
|
||
|
F58000
|
heap
|
page read and write
|
||
|
824000
|
heap
|
page read and write
|
||
|
283F000
|
heap
|
page read and write
|
||
|
6B50FF000
|
stack
|
page read and write
|
||
|
1184000
|
heap
|
page read and write
|
||
|
649000
|
heap
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
85E000
|
stack
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
13DF000
|
trusted library allocation
|
page read and write
|
||
|
13F3000
|
trusted library allocation
|
page read and write
|
||
|
133A2B16000
|
heap
|
page read and write
|
||
|
D0E000
|
unkown
|
page readonly
|
||
|
EB0000
|
trusted library allocation
|
page read and write
|
||
|
9D0000
|
unkown
|
page readonly
|
||
|
3721000
|
heap
|
page read and write
|
||
|
63D000
|
heap
|
page read and write
|
||
|
30CD000
|
heap
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
133A2B27000
|
heap
|
page read and write
|
||
|
63D000
|
heap
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
133A2DDC000
|
heap
|
page read and write
|
||
|
14CC000
|
trusted library allocation
|
page read and write
|
||
|
133A2AE8000
|
heap
|
page read and write
|
||
|
133A2B4D000
|
heap
|
page read and write
|
||
|
159D000
|
heap
|
page read and write
|
||
|
2D7E000
|
stack
|
page read and write
|
||
|
30E0000
|
heap
|
page read and write
|
||
|
133A2B27000
|
heap
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
649000
|
heap
|
page read and write
|
||
|
3240000
|
trusted library allocation
|
page read and write
|
||
|
2DC0000
|
heap
|
page read and write
|
||
|
2E8C000
|
stack
|
page read and write
|
||
|
32F5000
|
heap
|
page read and write
|
||
|
152F000
|
trusted library allocation
|
page read and write
|
||
|
1569000
|
heap
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
824000
|
heap
|
page read and write
|
||
|
5080000
|
heap
|
page read and write
|
||
|
1184000
|
heap
|
page read and write
|
||
|
326E000
|
stack
|
page read and write
|
||
|
2FBE000
|
heap
|
page read and write
|
||
|
89F000
|
stack
|
page read and write
|
||
|
2835000
|
heap
|
page read and write
|
||
|
5050000
|
heap
|
page read and write
|
||
|
39F2000
|
trusted library allocation
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
1483000
|
trusted library allocation
|
page read and write
|
||
|
133A2B27000
|
heap
|
page read and write
|
||
|
31DF000
|
stack
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
3A37000
|
trusted library allocation
|
page read and write
|
||
|
63D000
|
heap
|
page read and write
|
||
|
1387000
|
heap
|
page read and write
|
||
|
133A2B4D000
|
heap
|
page read and write
|
||
|
2834000
|
heap
|
page read and write
|
||
|
133A2B01000
|
heap
|
page read and write
|
||
|
651000
|
heap
|
page read and write
|
||
|
649000
|
heap
|
page read and write
|
||
|
133A2B44000
|
heap
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
649000
|
heap
|
page read and write
|
||
|
2836000
|
heap
|
page read and write
|
||
|
2FC6000
|
trusted library allocation
|
page read and write
|
||
|
860000
|
trusted library allocation
|
page read and write
|
||
|
63D000
|
heap
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
39D0000
|
trusted library allocation
|
page read and write
|
||
|
168D000
|
trusted library allocation
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
EB0000
|
trusted library allocation
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
1351000
|
trusted library allocation
|
page read and write
|
||
|
2FCC000
|
heap
|
page read and write
|
||
|
13ED000
|
trusted library allocation
|
page read and write
|
||
|
3A92000
|
heap
|
page read and write
|
||
|
FCE000
|
stack
|
page read and write
|
||
|
133A2B3E000
|
heap
|
page read and write
|
||
|
3B8C000
|
trusted library allocation
|
page read and write
|
||
|
39F2000
|
trusted library allocation
|
page read and write
|
||
|
133A2B3D000
|
heap
|
page read and write
|
||
|
EB0000
|
trusted library allocation
|
page read and write
|
||
|
4FAF000
|
stack
|
page read and write
|
||
|
11EA000
|
heap
|
page read and write
|
||
|
4D80000
|
heap
|
page read and write
|
||
|
FE6000
|
heap
|
page read and write
|
||
|
15EF000
|
trusted library allocation
|
page read and write
|
||
|
1491000
|
heap
|
page read and write
|
||
|
3240000
|
trusted library allocation
|
page read and write
|
||
|
E7F000
|
stack
|
page read and write
|
||
|
824000
|
heap
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
283F000
|
heap
|
page read and write
|
||
|
3C75000
|
trusted library allocation
|
page read and write
|
||
|
3BC0000
|
trusted library allocation
|
page read and write
|
||
|
133A2DD5000
|
heap
|
page read and write
|
||
|
F74000
|
heap
|
page read and write
|
||
|
1551000
|
trusted library allocation
|
page read and write
|
||
|
236000
|
unkown
|
page readonly
|
||
|
14CC000
|
trusted library allocation
|
page read and write
|
||
|
2838000
|
heap
|
page read and write
|
||
|
649000
|
heap
|
page read and write
|
||
|
63D000
|
heap
|
page read and write
|
||
|
A78000
|
heap
|
page read and write
|
||
|
431C000
|
trusted library allocation
|
page read and write
|
||
|
649000
|
heap
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
1556000
|
trusted library allocation
|
page read and write
|
||
|
283F000
|
heap
|
page read and write
|
||
|
2EDE000
|
stack
|
page read and write
|
||
|
134E000
|
heap
|
page read and write
|
||
|
1245000
|
heap
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
2EF1000
|
trusted library allocation
|
page read and write
|
||
|
133A2B46000
|
heap
|
page read and write
|
||
|
39F2000
|
trusted library allocation
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
133A2B43000
|
heap
|
page read and write
|
||
|
649000
|
heap
|
page read and write
|
||
|
368E000
|
stack
|
page read and write
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
283F000
|
heap
|
page read and write
|
||
|
63D000
|
heap
|
page read and write
|
||
|
4DB0000
|
heap
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
1553000
|
trusted library allocation
|
page read and write
|
||
|
14CC000
|
trusted library allocation
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
9D1000
|
unkown
|
page execute read
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
283B000
|
heap
|
page read and write
|
||
|
283C000
|
heap
|
page read and write
|
||
|
152F000
|
trusted library allocation
|
page read and write
|
||
|
FBF000
|
stack
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
133A2B16000
|
heap
|
page read and write
|
||
|
2833000
|
heap
|
page read and write
|
||
|
423F000
|
stack
|
page read and write
|
||
|
15FE000
|
trusted library allocation
|
page read and write
|
||
|
133A2B4D000
|
heap
|
page read and write
|
||
|
3114000
|
trusted library allocation
|
page read and write
|
||
|
133A2B01000
|
heap
|
page read and write
|
||
|
11F9000
|
heap
|
page read and write
|
||
|
64D000
|
heap
|
page read and write
|
||
|
4EEE000
|
stack
|
page read and write
|
||
|
2FBB000
|
heap
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
1351000
|
trusted library allocation
|
page read and write
|
||
|
1559000
|
trusted library allocation
|
page read and write
|
||
|
155A000
|
trusted library allocation
|
page read and write
|
||
|
133A2CB0000
|
heap
|
page read and write
|
||
|
649000
|
heap
|
page read and write
|
||
|
64D000
|
heap
|
page read and write
|
||
|
141B000
|
trusted library allocation
|
page read and write
|
||
|
E8C000
|
stack
|
page read and write
|
||
|
692000
|
heap
|
page read and write
|
||
|
63D000
|
heap
|
page read and write
|
||
|
63D000
|
heap
|
page read and write
|
||
|
282F000
|
stack
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
30ED000
|
heap
|
page read and write
|
||
|
30EC000
|
heap
|
page read and write
|
||
|
3240000
|
trusted library allocation
|
page read and write
|
||
|
3C83000
|
trusted library allocation
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
3010000
|
heap
|
page read and write
|
||
|
824000
|
heap
|
page read and write
|
||
|
EB0000
|
trusted library allocation
|
page read and write
|
||
|
EB0000
|
trusted library allocation
|
page read and write
|
||
|
23E0000
|
heap
|
page read and write
|
||
|
63D000
|
heap
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
649000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
7D0000
|
direct allocation
|
page execute and read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
3390000
|
heap
|
page read and write
|
||
|
133A2B39000
|
heap
|
page read and write
|
||
|
21EE000
|
stack
|
page read and write
|
||
|
180000
|
unkown
|
page readonly
|
||
|
1555000
|
trusted library allocation
|
page read and write
|
||
|
651000
|
heap
|
page read and write
|
||
|
30C0000
|
heap
|
page read and write
|
||
|
30CC000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
F2E000
|
stack
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
3721000
|
heap
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
2831000
|
heap
|
page read and write
|
||
|
649000
|
heap
|
page read and write
|
||
|
327E000
|
stack
|
page read and write
|
||
|
649000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
33AC000
|
stack
|
page read and write
|
||
|
30DC000
|
heap
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
3240000
|
trusted library allocation
|
page read and write
|
||
|
180000
|
unkown
|
page readonly
|
||
|
1391000
|
trusted library allocation
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
EB0000
|
trusted library allocation
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
1184000
|
heap
|
page read and write
|
||
|
39DA000
|
trusted library allocation
|
page read and write
|
||
|
240000
|
unkown
|
page write copy
|
||
|
6B55FE000
|
stack
|
page read and write
|
||
|
12EC000
|
heap
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
15E3000
|
trusted library allocation
|
page read and write
|
||
|
2EF1000
|
trusted library allocation
|
page read and write
|
||
|
463F000
|
stack
|
page read and write
|
||
|
EAC000
|
stack
|
page read and write
|
||
|
134E000
|
heap
|
page read and write
|
||
|
318B000
|
trusted library allocation
|
page read and write
|
||
|
3A79000
|
trusted library allocation
|
page read and write
|
||
|
64D000
|
heap
|
page read and write
|
||
|
1475000
|
trusted library allocation
|
page read and write
|
||
|
3A37000
|
trusted library allocation
|
page read and write
|
||
|
1483000
|
trusted library allocation
|
page read and write
|
||
|
30DC000
|
heap
|
page read and write
|
||
|
63D000
|
heap
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
12D9000
|
heap
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
30DC000
|
heap
|
page read and write
|
||
|
1005000
|
heap
|
page read and write
|
||
|
A99000
|
unkown
|
page readonly
|
||
|
2FDE000
|
trusted library allocation
|
page read and write
|
||
|
63D000
|
heap
|
page read and write
|
||
|
1351000
|
trusted library allocation
|
page read and write
|
||
|
3A37000
|
trusted library allocation
|
page read and write
|
||
|
649000
|
heap
|
page read and write
|
||
|
4CF000
|
unkown
|
page read and write
|
||
|
1591000
|
heap
|
page read and write
|
||
|
6B58FE000
|
stack
|
page read and write
|
||
|
30D3000
|
trusted library allocation
|
page read and write
|
||
|
3A78000
|
trusted library allocation
|
page read and write
|
||
|
2830000
|
heap
|
page read and write
|
||
|
502F000
|
stack
|
page read and write
|
||
|
12F7000
|
heap
|
page read and write
|
||
|
2F99000
|
heap
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
1351000
|
trusted library allocation
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
1351000
|
trusted library allocation
|
page read and write
|
||
|
133A2DD0000
|
heap
|
page read and write
|
||
|
649000
|
heap
|
page read and write
|
||
|
2F1F000
|
stack
|
page read and write
|
||
|
3240000
|
trusted library allocation
|
page read and write
|
||
|
3B91000
|
heap
|
page read and write
|
||
|
4F6E000
|
stack
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
1106000
|
heap
|
page read and write
|
||
|
12E7000
|
heap
|
page read and write
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
2837000
|
heap
|
page read and write
|
||
|
3240000
|
trusted library allocation
|
page read and write
|
||
|
2FA3000
|
heap
|
page read and write
|
||
|
133A2B27000
|
heap
|
page read and write
|
||
|
63D000
|
heap
|
page read and write
|
||
|
4D5F000
|
stack
|
page read and write
|
||
|
1344000
|
heap
|
page read and write
|
||
|
2FBB000
|
heap
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
2200000
|
heap
|
page read and write
|
There are 627 hidden memdumps, click here to show them.