Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
QT4aLb3P98.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\QT4aLb3P98.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\eE9QbXcUOX.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Windows\Media\Sonata\wRRcPdViqk.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Windows Defender\en-GB\62cf92e5da7ec3
|
JPEG 2000 image
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\wRRcPdViqk.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\wLOamAKQX5
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Media\Sonata\62cf92e5da7ec3
|
ASCII text, with very long lines (790), with no line terminators
|
dropped
|
||
|
C:\Windows\Media\Sonata\wRRcPdViqk.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
\Device\Null
|
ASCII text
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\QT4aLb3P98.exe
|
"C:\Users\user\Desktop\QT4aLb3P98.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "wRRcPdViqkw" /sc MINUTE /mo 13 /tr "'C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "wRRcPdViqk" /sc ONLOGON /tr "'C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe'" /rl HIGHEST
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "wRRcPdViqkw" /sc MINUTE /mo 5 /tr "'C:\Program Files\Windows Defender\en-GB\wRRcPdViqk.exe'" /rl
HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "wRRcPdViqkw" /sc MINUTE /mo 6 /tr "'C:\Windows\Media\Sonata\wRRcPdViqk.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "wRRcPdViqk" /sc ONLOGON /tr "'C:\Windows\Media\Sonata\wRRcPdViqk.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "wRRcPdViqkw" /sc MINUTE /mo 11 /tr "'C:\Windows\Media\Sonata\wRRcPdViqk.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\eE9QbXcUOX.bat"
|
|
|
|
C:\Windows\Media\Sonata\wRRcPdViqk.exe
|
C:\Windows\Media\Sonata\wRRcPdViqk.exe
|
|
|
|
C:\Windows\Media\Sonata\wRRcPdViqk.exe
|
C:\Windows\Media\Sonata\wRRcPdViqk.exe
|
|
|
|
C:\Windows\Media\Sonata\wRRcPdViqk.exe
|
"C:\Windows\Media\Sonata\wRRcPdViqk.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\w32tm.exe
|
w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
|
There are 3 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://a1009608.xsph.ru/
|
unknown
|
|
|
|
http://a1009608.xsph.ru/1132d6f3.php?rgHy1i1qGuabZNE=KZftVioRcmp7cZPF&3f1b5944bfad4eb3eab4f036622470d5=3fcabe54654b82392e895aa4c4e7b395&a9d3e3cdc71e35b96ad20cf4efbd4740=gY3MmNzQjNkhTNzE2M1YWZwAjZ1QTZ0ITO1Y2NmVmY4YDNwEzYjZmM&rgHy1i1qGuabZNE=KZftVioRcmp7cZPF
|
141.8.192.103
|
|
|
|
http://a1009608.xsph.ru
|
unknown
|
|
|
|
http://a1009608.xsph.ru/@=MjZ2QmMzETM
|
|
||
|
http://a1009608.xsph.ru/1132d6f3.php?rgHy1i1qGuabZNE=KZftVioRcmp7cZPF&3f1b5944bfad4eb3eab4f036622470
|
unknown
|
|
|
|
https://cp.sprinthost.ru
|
unknown
|
||
|
https://index.from.sh/pages/game.html
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://cp.sprinthost.ru/auth/login
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
a1009608.xsph.ru
|
141.8.192.103
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
141.8.192.103
|
a1009608.xsph.ru
|
Russian Federation
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\a17ffecd695de276adbd77f3335e75a96d6964b0
|
0b3b5211087f96787fdda4ad353e5bf3ace489e5
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\cmd.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\cmd.exe.ApplicationCompany
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wRRcPdViqk_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wRRcPdViqk_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wRRcPdViqk_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wRRcPdViqk_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wRRcPdViqk_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wRRcPdViqk_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wRRcPdViqk_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wRRcPdViqk_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wRRcPdViqk_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wRRcPdViqk_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wRRcPdViqk_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wRRcPdViqk_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wRRcPdViqk_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wRRcPdViqk_RASMANCS
|
FileDirectory
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
24D1000
|
trusted library allocation
|
page read and write
|
|
|
|
1327F000
|
trusted library allocation
|
page read and write
|
|
|
|
3271000
|
trusted library allocation
|
page read and write
|
|
|
|
2FB1000
|
trusted library allocation
|
page read and write
|
|
|
|
2EE1000
|
trusted library allocation
|
page read and write
|
|
|
|
3429000
|
trusted library allocation
|
page read and write
|
|
|
|
1BFAE000
|
stack
|
page read and write
|
||
|
7FFD9B816000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B94B000
|
trusted library allocation
|
page read and write
|
||
|
BCF000
|
stack
|
page read and write
|
||
|
10C3000
|
heap
|
page read and write
|
||
|
7FFD9B891000
|
trusted library allocation
|
page execute and read and write
|
||
|
114F000
|
heap
|
page read and write
|
||
|
EA0000
|
unkown
|
page readonly
|
||
|
87D000
|
heap
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
1385000
|
heap
|
page read and write
|
||
|
7FFD9B90A000
|
trusted library allocation
|
page read and write
|
||
|
112E000
|
heap
|
page read and write
|
||
|
7FFD9B7A3000
|
trusted library allocation
|
page read and write
|
||
|
180BDBC0000
|
heap
|
page read and write
|
||
|
3448000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B953000
|
trusted library allocation
|
page read and write
|
||
|
1B71D000
|
stack
|
page read and write
|
||
|
1795000
|
heap
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
|
1765000
|
heap
|
page read and write
|
||
|
7FFD9B916000
|
trusted library allocation
|
page read and write
|
||
|
1C324000
|
heap
|
page read and write
|
||
|
7FFD9B77D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
3070000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7AC000
|
trusted library allocation
|
page read and write
|
||
|
1770000
|
trusted library section
|
page read and write
|
||
|
7FFD9B78B000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7BB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B2F2000
|
stack
|
page read and write
|
||
|
7FFD9B762000
|
trusted library allocation
|
page read and write
|
||
|
16B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B794000
|
trusted library allocation
|
page read and write
|
||
|
848000
|
heap
|
page read and write
|
||
|
7FFD9B941000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B846000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B763000
|
trusted library allocation
|
page execute and read and write
|
||
|
1123000
|
heap
|
page read and write
|
||
|
1C318000
|
heap
|
page read and write
|
||
|
12FC1000
|
trusted library allocation
|
page read and write
|
||
|
1BD6E000
|
stack
|
page read and write
|
||
|
2633000
|
trusted library allocation
|
page read and write
|
||
|
2595000
|
trusted library allocation
|
page read and write
|
||
|
1060000
|
trusted library allocation
|
page read and write
|
||
|
2E1E000
|
stack
|
page read and write
|
||
|
1147000
|
heap
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B792000
|
trusted library allocation
|
page read and write
|
||
|
1335000
|
heap
|
page read and write
|
||
|
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B764000
|
trusted library allocation
|
page read and write
|
||
|
2F93000
|
trusted library allocation
|
page read and write
|
||
|
1301B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B81C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AF10000
|
trusted library allocation
|
page read and write
|
||
|
87B000
|
heap
|
page read and write
|
||
|
2DC0000
|
heap
|
page read and write
|
||
|
14CB000
|
heap
|
page read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
1102000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
1B97E000
|
stack
|
page read and write
|
||
|
2625000
|
trusted library allocation
|
page read and write
|
||
|
9B0000
|
heap
|
page execute and read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
1BDAE000
|
stack
|
page read and write
|
||
|
7FF3FF080000
|
trusted library allocation
|
page execute and read and write
|
||
|
1000FE000
|
stack
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
8A5000
|
heap
|
page read and write
|
||
|
344A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B876000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BD3E000
|
stack
|
page read and write
|
||
|
1BCA0000
|
heap
|
page execute and read and write
|
||
|
1050000
|
heap
|
page read and write
|
||
|
1AEF0000
|
heap
|
page execute and read and write
|
||
|
13271000
|
trusted library allocation
|
page read and write
|
||
|
DE6000
|
stack
|
page read and write
|
||
|
7F0000
|
trusted library allocation
|
page read and write
|
||
|
2F99000
|
trusted library allocation
|
page read and write
|
||
|
1C35F000
|
heap
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
1BB6F000
|
stack
|
page read and write
|
||
|
10B9000
|
heap
|
page read and write
|
||
|
7FFD9B978000
|
trusted library allocation
|
page read and write
|
||
|
180BDA00000
|
heap
|
page read and write
|
||
|
1C31D000
|
heap
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
180BDA22000
|
heap
|
page read and write
|
||
|
1BEAE000
|
stack
|
page read and write
|
||
|
10AE000
|
heap
|
page read and write
|
||
|
2631000
|
trusted library allocation
|
page read and write
|
||
|
1B3FE000
|
stack
|
page read and write
|
||
|
116A000
|
heap
|
page read and write
|
||
|
135F000
|
stack
|
page read and write
|
||
|
1700000
|
trusted library allocation
|
page read and write
|
||
|
1316000
|
stack
|
page read and write
|
||
|
1380000
|
heap
|
page read and write
|
||
|
1BA60000
|
heap
|
page execute and read and write
|
||
|
7FFD9B84C000
|
trusted library allocation
|
page execute and read and write
|
||
|
323E000
|
stack
|
page read and write
|
||
|
1327D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B946000
|
trusted library allocation
|
page read and write
|
||
|
99E000
|
stack
|
page read and write
|
||
|
1AFFE000
|
stack
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
10BA000
|
heap
|
page read and write
|
||
|
7FFD9B76D000
|
trusted library allocation
|
page execute and read and write
|
||
|
150F000
|
heap
|
page read and write
|
||
|
1088000
|
heap
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B777000
|
trusted library allocation
|
page read and write
|
||
|
136B5000
|
trusted library allocation
|
page read and write
|
||
|
124DF000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8BA000
|
trusted library allocation
|
page execute and read and write
|
||
|
950000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B850000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BE4A000
|
stack
|
page read and write
|
||
|
2F9F000
|
trusted library allocation
|
page read and write
|
||
|
180BD9E0000
|
heap
|
page read and write
|
||
|
153E000
|
stack
|
page read and write
|
||
|
810000
|
trusted library allocation
|
page read and write
|
||
|
306D000
|
trusted library allocation
|
page read and write
|
||
|
2ED0000
|
heap
|
page read and write
|
||
|
7FFD9B7AC000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
1295000
|
heap
|
page read and write
|
||
|
1C364000
|
heap
|
page read and write
|
||
|
13A0000
|
trusted library allocation
|
page read and write
|
||
|
1BC4E000
|
stack
|
page read and write
|
||
|
7FFD9B8B6000
|
trusted library allocation
|
page execute and read and write
|
||
|
180BDA07000
|
heap
|
page read and write
|
||
|
2FA2000
|
trusted library allocation
|
page read and write
|
||
|
1C8DA000
|
heap
|
page read and write
|
||
|
7FFD9B7A7000
|
trusted library allocation
|
page read and write
|
||
|
10D6000
|
heap
|
page read and write
|
||
|
7FFD9B947000
|
trusted library allocation
|
page read and write
|
||
|
1460000
|
heap
|
page read and write
|
||
|
1C337000
|
heap
|
page read and write
|
||
|
1B9FE000
|
stack
|
page read and write
|
||
|
7FFD9B88A000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B927000
|
trusted library allocation
|
page read and write
|
||
|
13278000
|
trusted library allocation
|
page read and write
|
||
|
1C2B0000
|
heap
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B89C000
|
trusted library allocation
|
page execute and read and write
|
||
|
D86000
|
stack
|
page read and write
|
||
|
1C34A000
|
heap
|
page read and write
|
||
|
1B8AE000
|
stack
|
page read and write
|
||
|
7FFD9B886000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1440000
|
heap
|
page read and write
|
||
|
7FFD9B95F000
|
trusted library allocation
|
page read and write
|
||
|
1BBFE000
|
stack
|
page read and write
|
||
|
8A7000
|
heap
|
page read and write
|
||
|
12EED000
|
trusted library allocation
|
page read and write
|
||
|
1C4CD000
|
stack
|
page read and write
|
||
|
12FBD000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B991000
|
trusted library allocation
|
page read and write
|
||
|
12A0000
|
trusted library allocation
|
page read and write
|
||
|
1BC64000
|
stack
|
page read and write
|
||
|
12C0000
|
trusted library allocation
|
page read and write
|
||
|
159E000
|
heap
|
page read and write
|
||
|
7FFD9B846000
|
trusted library allocation
|
page read and write
|
||
|
1C2F9000
|
heap
|
page read and write
|
||
|
1B4FE000
|
stack
|
page read and write
|
||
|
7FFD9B92B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B76D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1030000
|
heap
|
page read and write
|
||
|
126F0000
|
trusted library allocation
|
page read and write
|
||
|
C25000
|
heap
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
14A6000
|
heap
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AFE0000
|
trusted library allocation
|
page read and write
|
||
|
1C2AE000
|
stack
|
page read and write
|
||
|
EA2000
|
unkown
|
page readonly
|
||
|
1080000
|
heap
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B846000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F96000
|
trusted library allocation
|
page read and write
|
||
|
1B53D000
|
stack
|
page read and write
|
||
|
26B4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B92B000
|
trusted library allocation
|
page read and write
|
||
|
FBE000
|
unkown
|
page readonly
|
||
|
7FFD9B7B4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B763000
|
trusted library allocation
|
page execute and read and write
|
||
|
9C5000
|
heap
|
page read and write
|
||
|
12FA5000
|
trusted library allocation
|
page read and write
|
||
|
159B000
|
heap
|
page read and write
|
||
|
7FFD9B90C000
|
trusted library allocation
|
page read and write
|
||
|
1740000
|
trusted library section
|
page read and write
|
||
|
1285D000
|
trusted library allocation
|
page read and write
|
||
|
12EF1000
|
trusted library allocation
|
page read and write
|
||
|
1790000
|
heap
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
1BCFD000
|
stack
|
page read and write
|
||
|
1B9BE000
|
stack
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
12FB1000
|
trusted library allocation
|
page read and write
|
||
|
1B7FC000
|
stack
|
page read and write
|
||
|
7FFD9B90A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B941000
|
trusted library allocation
|
page read and write
|
||
|
1730000
|
heap
|
page execute and read and write
|
||
|
14C0000
|
heap
|
page read and write
|
||
|
7FFD9B764000
|
trusted library allocation
|
page read and write
|
||
|
1363F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B971000
|
trusted library allocation
|
page read and write
|
||
|
1BE63000
|
stack
|
page read and write
|
||
|
7FFD9B7EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D50000
|
heap
|
page execute and read and write
|
||
|
ACF000
|
stack
|
page read and write
|
||
|
7FFD9B773000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1760000
|
heap
|
page read and write
|
||
|
10E6000
|
heap
|
page read and write
|
||
|
10BD000
|
heap
|
page read and write
|
||
|
1C2D6000
|
heap
|
page read and write
|
||
|
109C000
|
heap
|
page read and write
|
||
|
1518000
|
heap
|
page read and write
|
||
|
1512000
|
heap
|
page read and write
|
||
|
10FE000
|
heap
|
page read and write
|
||
|
1C374000
|
heap
|
page read and write
|
||
|
1BD44000
|
stack
|
page read and write
|
||
|
1420000
|
heap
|
page read and write
|
||
|
EA0000
|
unkown
|
page readonly
|
||
|
1290000
|
heap
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
1B501000
|
heap
|
page read and write
|
||
|
FC2000
|
unkown
|
page readonly
|
||
|
1470000
|
heap
|
page read and write
|
||
|
7FFD9B933000
|
trusted library allocation
|
page read and write
|
||
|
344F000
|
trusted library allocation
|
page read and write
|
||
|
1B46D000
|
stack
|
page read and write
|
||
|
7FFD9B79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B94A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7A3000
|
trusted library allocation
|
page read and write
|
||
|
1B1F3000
|
stack
|
page read and write
|
||
|
2611000
|
trusted library allocation
|
page read and write
|
||
|
260F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
2639000
|
trusted library allocation
|
page read and write
|
||
|
2660000
|
trusted library allocation
|
page read and write
|
||
|
1020000
|
heap
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B816000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
6F6000
|
stack
|
page read and write
|
||
|
7FFD9B7AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B773000
|
trusted library allocation
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
12F0000
|
trusted library allocation
|
page read and write
|
||
|
12EE1000
|
trusted library allocation
|
page read and write
|
||
|
1C8DC000
|
heap
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
1C396000
|
heap
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
1560000
|
heap
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
7FFD9B7A7000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B90C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B971000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
12F4B000
|
trusted library allocation
|
page read and write
|
||
|
180BDB00000
|
heap
|
page read and write
|
||
|
2FFD000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
heap
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
|
1BB4E000
|
stack
|
page read and write
|
||
|
1C7CE000
|
stack
|
page read and write
|
||
|
1C8C0000
|
heap
|
page read and write
|
||
|
7FFD9B93A000
|
trusted library allocation
|
page read and write
|
||
|
12EE8000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B77D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BAFE000
|
stack
|
page read and write
|
||
|
14E5000
|
heap
|
page read and write
|
||
|
10D0000
|
heap
|
page read and write
|
||
|
7FFD9B7B4000
|
trusted library allocation
|
page read and write
|
||
|
154F000
|
heap
|
page read and write
|
||
|
7FFD9B793000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B541000
|
heap
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
16D0000
|
trusted library allocation
|
page read and write
|
||
|
1BF4E000
|
stack
|
page read and write
|
||
|
2573000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
1266D000
|
trusted library allocation
|
page read and write
|
||
|
189E000
|
stack
|
page read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B766000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C050000
|
heap
|
page read and write
|
||
|
1080000
|
trusted library allocation
|
page read and write
|
||
|
10017E000
|
stack
|
page read and write
|
||
|
7FFD9B93E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B846000
|
trusted library allocation
|
page execute and read and write
|
||
|
1000000
|
heap
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
1C0A3000
|
stack
|
page read and write
|
||
|
7FFD9B78B000
|
trusted library allocation
|
page execute and read and write
|
||
|
12FB8000
|
trusted library allocation
|
page read and write
|
||
|
8EC000
|
heap
|
page read and write
|
||
|
1C1AE000
|
stack
|
page read and write
|
||
|
1BBB0000
|
heap
|
page read and write
|
||
|
1C36B000
|
heap
|
page read and write
|
||
|
109B000
|
heap
|
page read and write
|
||
|
1B0FE000
|
stack
|
page read and write
|
||
|
12595000
|
trusted library allocation
|
page read and write
|
||
|
180BDA28000
|
heap
|
page read and write
|
||
|
2F9C000
|
trusted library allocation
|
page read and write
|
||
|
124D1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B923000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B923000
|
trusted library allocation
|
page read and write
|
||
|
12FB3000
|
trusted library allocation
|
page read and write
|
||
|
24CE000
|
stack
|
page read and write
|
||
|
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
1475000
|
heap
|
page read and write
|
||
|
7FFD9B93C000
|
trusted library allocation
|
page read and write
|
||
|
12EE3000
|
trusted library allocation
|
page read and write
|
||
|
12530000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
306A000
|
trusted library allocation
|
page read and write
|
||
|
10E8000
|
heap
|
page read and write
|
||
|
14E3000
|
heap
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B90E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
143E000
|
stack
|
page read and write
|
||
|
14AC000
|
heap
|
page read and write
|
||
|
1C2EA000
|
heap
|
page read and write
|
||
|
7FFD9B793000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B77C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B876000
|
trusted library allocation
|
page execute and read and write
|
||
|
10FC000
|
heap
|
page read and write
|
||
|
169E000
|
stack
|
page read and write
|
||
|
3315000
|
trusted library allocation
|
page read and write
|
||
|
2FA0000
|
heap
|
page execute and read and write
|
||
|
7FFD9B93C000
|
trusted library allocation
|
page read and write
|
||
|
1B8B0000
|
heap
|
page read and write
|
||
|
1AA5E000
|
stack
|
page read and write
|
||
|
10BF000
|
heap
|
page read and write
|
||
|
7FFD9B95D000
|
trusted library allocation
|
page read and write
|
||
|
268B000
|
trusted library allocation
|
page read and write
|
||
|
14C8000
|
heap
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
2656000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
2ECE000
|
stack
|
page read and write
|
||
|
3260000
|
heap
|
page read and write
|
||
|
1370000
|
heap
|
page execute and read and write
|
||
|
7FFD9B94E000
|
trusted library allocation
|
page read and write
|
||
|
1C303000
|
heap
|
page read and write
|
||
|
1340000
|
heap
|
page read and write
|
||
|
180BDA25000
|
heap
|
page read and write
|
||
|
1020000
|
heap
|
page read and write
|
||
|
1AE9E000
|
stack
|
page read and write
|
||
|
1A500000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B77C000
|
trusted library allocation
|
page read and write
|
||
|
1C043000
|
stack
|
page read and write
|
||
|
1090000
|
heap
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
10007B000
|
stack
|
page read and write
|
||
|
7FFD9B97B000
|
trusted library allocation
|
page read and write
|
||
|
33F5000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B974000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B975000
|
trusted library allocation
|
page read and write
|
||
|
14A0000
|
heap
|
page read and write
|
||
|
1CBBB000
|
stack
|
page read and write
|
||
|
199F000
|
stack
|
page read and write
|
||
|
1C353000
|
heap
|
page read and write
|
||
|
7FFD9B81C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B760000
|
trusted library allocation
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
1253B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B903000
|
trusted library allocation
|
page read and write
|
||
|
3313000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B953000
|
trusted library allocation
|
page read and write
|
||
|
10B0000
|
heap
|
page read and write
|
||
|
7FFD9B971000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B95D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B94C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B903000
|
trusted library allocation
|
page read and write
|
||
|
157E000
|
stack
|
page read and write
|
||
|
1C330000
|
heap
|
page read and write
|
||
|
7FFD9B777000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B944000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B952000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8C1000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BF6E000
|
stack
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page execute and read and write
|
||
|
180BD900000
|
heap
|
page read and write
|
||
|
10D3000
|
heap
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
124DD000
|
trusted library allocation
|
page read and write
|
||
|
1C6CE000
|
stack
|
page read and write
|
||
|
1BA40000
|
heap
|
page read and write
|
||
|
1096000
|
heap
|
page read and write
|
||
|
10BD000
|
heap
|
page read and write
|
||
|
7FFD9B760000
|
trusted library allocation
|
page read and write
|
||
|
180BDA16000
|
heap
|
page read and write
|
||
|
1250000
|
heap
|
page read and write
|
||
|
1C37C000
|
heap
|
page read and write
|
||
|
1B2A0000
|
trusted library allocation
|
page read and write
|
There are 410 hidden memdumps, click here to show them.