Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
I7GcHDtUIF.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\246122658369
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024,
components 3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
modified
|
|
|
|
C:\Users\user\AppData\Roaming\309a138a12cecf\clip64.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\309a138a12cecf\cred64.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_Files_\HTAGVDFUIE.xlsx
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_Files_\LTKMYBSEYZ.xlsx
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_Files_\ONBQCLYSPU.docx
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_Files_\ONBQCLYSPU.xlsx
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_Files_\UMMBDNEQBN.docx
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_Files_\UMMBDNEQBN.xlsx
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_Files_\VLZDGUKUTZ.docx
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_Files_\XZXHAVGRAG.docx
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fa5gjsuk.erh.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fynr42ps.xyz.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jmyefkhg.vzz.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l0ynuwcx.ev3.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Tasks\Hkbsse.job
|
data
|
dropped
|
There are 13 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\I7GcHDtUIF.exe
|
"C:\Users\user\Desktop\I7GcHDtUIF.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe
|
"C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe
|
C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe
|
C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\309a138a12cecf\cred64.dll, Main
|
|
|
|
C:\Windows\System32\rundll32.exe
|
"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\309a138a12cecf\cred64.dll, Main
|
|
|
|
C:\Windows\System32\netsh.exe
|
netsh wlan show profiles
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\309a138a12cecf\clip64.dll, Main
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip'
-CompressionLevel Optimal
|
|
|
|
C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe
|
C:\Users\user\AppData\Local\Temp\28c5e5ba36\Hkbsse.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 2 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://45.80.158.31/g9bkfkWf/index.php?scr=1
|
unknown
|
|
|
|
http://45.80.158.31/sP
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://aka.ms/winsvr-2022-pshelp
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://45.80.158.31/g9bkfkWf/index.php?wal=1
|
unknown
|
||
|
http://45.80.158.31/
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://aka.ms/winsvr-2022-pshelpX
|
unknown
|
||
|
http://45.80.158.31/im
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://45.80.158.31/g9bkfkWf/index.php?wal=18
|
unknown
|
||
|
http://45.80.158.31/g9bkfkWf/index.phpk
|
unknown
|
||
|
http://45.80.158.31/g9bkfkWf/Plugins/clip64.dllndows.storage.dlll
|
unknown
|
||
|
http://45.80.158.31/g9bkfkWf/index.php?wal=1urn
|
unknown
|
||
|
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://45.80.158.31/g9bkfkWf/Plugins/clip64.dll
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://45.80.158.31/g9bkfkWf/index.php
|
unknown
|
There are 15 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.80.158.31
|
unknown
|
Netherlands
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
141000
|
unkown
|
page execute read
|
|
|
|
6F1000
|
unkown
|
page execute read
|
|
|
|
6F1000
|
unkown
|
page execute read
|
|
|
|
141000
|
unkown
|
page execute read
|
|
|
|
141000
|
unkown
|
page execute read
|
|
|
|
141000
|
unkown
|
page execute read
|
|
|
|
141000
|
unkown
|
page execute read
|
|
|
|
141000
|
unkown
|
page execute read
|
|
|
|
141000
|
unkown
|
page execute read
|
|
|
|
6C831000
|
unkown
|
page execute read
|
|
|
|
D98000
|
heap
|
page read and write
|
||
|
1A9B467B000
|
trusted library allocation
|
page read and write
|
||
|
4502000
|
heap
|
page read and write
|
||
|
14177FE000
|
stack
|
page read and write
|
||
|
141868E000
|
stack
|
page read and write
|
||
|
1A9B4A36000
|
trusted library allocation
|
page read and write
|
||
|
BBE000
|
stack
|
page read and write
|
||
|
D3F000
|
heap
|
page read and write
|
||
|
D95000
|
heap
|
page read and write
|
||
|
4280000
|
heap
|
page read and write
|
||
|
7FFD9B572000
|
trusted library allocation
|
page read and write
|
||
|
4507000
|
heap
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
1A9CB586000
|
heap
|
page read and write
|
||
|
1AD000
|
unkown
|
page readonly
|
||
|
1A9CB322000
|
heap
|
page read and write
|
||
|
1A9B31E7000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B5A0000
|
trusted library allocation
|
page read and write
|
||
|
1A9CB605000
|
heap
|
page read and write
|
||
|
350A000
|
heap
|
page read and write
|
||
|
1A9B1490000
|
trusted library allocation
|
page read and write
|
||
|
3340000
|
heap
|
page read and write
|
||
|
7FFD9B6E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6A0000
|
trusted library allocation
|
page read and write
|
||
|
1A9B4701000
|
trusted library allocation
|
page read and write
|
||
|
89F000
|
stack
|
page read and write
|
||
|
1A9C31D2000
|
trusted library allocation
|
page read and write
|
||
|
1A9C3452000
|
trusted library allocation
|
page read and write
|
||
|
F86EBFB000
|
stack
|
page read and write
|
||
|
33FA000
|
heap
|
page read and write
|
||
|
1A9B4734000
|
trusted library allocation
|
page read and write
|
||
|
1417A38000
|
stack
|
page read and write
|
||
|
7FFD9B650000
|
trusted library allocation
|
page read and write
|
||
|
2970000
|
heap
|
page read and write
|
||
|
1A9B1485000
|
heap
|
page read and write
|
||
|
1A9CB5C2000
|
heap
|
page read and write
|
||
|
756000
|
unkown
|
page read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
450B000
|
heap
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
1A9CB5B3000
|
heap
|
page read and write
|
||
|
7FFD9B7D0000
|
trusted library allocation
|
page read and write
|
||
|
425F000
|
stack
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
FF7D594000
|
stack
|
page read and write
|
||
|
1A6000
|
unkown
|
page read and write
|
||
|
5011000
|
heap
|
page read and write
|
||
|
1A9B12D0000
|
heap
|
page read and write
|
||
|
27C72376000
|
heap
|
page read and write
|
||
|
261E000
|
stack
|
page read and write
|
||
|
265A3CF0000
|
heap
|
page read and write
|
||
|
2FFB000
|
stack
|
page read and write
|
||
|
F86EB7E000
|
stack
|
page read and write
|
||
|
D98000
|
heap
|
page read and write
|
||
|
265A5A00000
|
trusted library allocation
|
page read and write
|
||
|
265A3CB0000
|
heap
|
page read and write
|
||
|
7FFD9B530000
|
trusted library allocation
|
page read and write
|
||
|
194000
|
unkown
|
page readonly
|
||
|
34AA000
|
heap
|
page read and write
|
||
|
7FFD9B760000
|
trusted library allocation
|
page read and write
|
||
|
1A9B38B5000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B740000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B39D000
|
trusted library allocation
|
page execute and read and write
|
||
|
EDE000
|
stack
|
page read and write
|
||
|
7FFD9B6B0000
|
trusted library allocation
|
page read and write
|
||
|
265A5C3B000
|
heap
|
page read and write
|
||
|
347A000
|
heap
|
page read and write
|
||
|
1A9B1480000
|
heap
|
page read and write
|
||
|
AFC000
|
stack
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
1A6000
|
unkown
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
7FFD9B446000
|
trusted library allocation
|
page read and write
|
||
|
411F000
|
stack
|
page read and write
|
||
|
29CA000
|
heap
|
page read and write
|
||
|
F86E876000
|
stack
|
page read and write
|
||
|
1A9CB2D6000
|
heap
|
page read and write
|
||
|
1A9B14B0000
|
trusted library allocation
|
page read and write
|
||
|
1A6000
|
unkown
|
page write copy
|
||
|
D6B000
|
heap
|
page read and write
|
||
|
7DF4ED350000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A9B13D0000
|
heap
|
page read and write
|
||
|
1A9B3150000
|
heap
|
page read and write
|
||
|
265A5A80000
|
trusted library allocation
|
page read and write
|
||
|
27C723A0000
|
heap
|
page read and write
|
||
|
1A9B132E000
|
heap
|
page read and write
|
||
|
4504000
|
heap
|
page read and write
|
||
|
450A000
|
heap
|
page read and write
|
||
|
297A000
|
heap
|
page read and write
|
||
|
4030000
|
heap
|
page read and write
|
||
|
D1A000
|
heap
|
page read and write
|
||
|
27C73E00000
|
heap
|
page read and write
|
||
|
744000
|
unkown
|
page readonly
|
||
|
4500000
|
heap
|
page read and write
|
||
|
1A6000
|
unkown
|
page write copy
|
||
|
1A9B49EA000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page read and write
|
||
|
3540000
|
heap
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
348A000
|
heap
|
page read and write
|
||
|
1417879000
|
stack
|
page read and write
|
||
|
1A9CB16A000
|
heap
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
1A9CB2AA000
|
heap
|
page read and write
|
||
|
401E000
|
stack
|
page read and write
|
||
|
7FFD9B720000
|
trusted library allocation
|
page read and write
|
||
|
1A9CB270000
|
heap
|
page read and write
|
||
|
13C000
|
stack
|
page read and write
|
||
|
7FFD9B783000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B620000
|
trusted library allocation
|
page read and write
|
||
|
4509000
|
heap
|
page read and write
|
||
|
686C000
|
stack
|
page read and write
|
||
|
DA1000
|
heap
|
page read and write
|
||
|
1A9B1358000
|
heap
|
page read and write
|
||
|
1A9B1550000
|
heap
|
page read and write
|
||
|
1417CBB000
|
stack
|
page read and write
|
||
|
3500000
|
heap
|
page read and write
|
||
|
1417A3E000
|
stack
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
7DF4ED330000
|
trusted library allocation
|
page execute and read and write
|
||
|
4501000
|
heap
|
page read and write
|
||
|
1A9B3388000
|
trusted library allocation
|
page read and write
|
||
|
1A9B46AA000
|
trusted library allocation
|
page read and write
|
||
|
265A5A80000
|
trusted library allocation
|
page read and write
|
||
|
1A9B46ED000
|
trusted library allocation
|
page read and write
|
||
|
FAE000
|
stack
|
page read and write
|
||
|
140000
|
unkown
|
page readonly
|
||
|
194000
|
unkown
|
page readonly
|
||
|
7FFD9B476000
|
trusted library allocation
|
page execute and read and write
|
||
|
334A000
|
heap
|
page read and write
|
||
|
265A3D28000
|
heap
|
page read and write
|
||
|
3510000
|
heap
|
page read and write
|
||
|
140000
|
unkown
|
page readonly
|
||
|
3530000
|
heap
|
page read and write
|
||
|
1A9C3191000
|
trusted library allocation
|
page read and write
|
||
|
336F000
|
stack
|
page read and write
|
||
|
2930000
|
heap
|
page read and write
|
||
|
35CA000
|
heap
|
page read and write
|
||
|
1A9B1500000
|
heap
|
page execute and read and write
|
||
|
1A9B4663000
|
trusted library allocation
|
page read and write
|
||
|
341F000
|
stack
|
page read and write
|
||
|
1A9B3070000
|
trusted library allocation
|
page read and write
|
||
|
265A5A80000
|
trusted library allocation
|
page read and write
|
||
|
4010000
|
heap
|
page read and write
|
||
|
E8F000
|
stack
|
page read and write
|
||
|
2E0F000
|
stack
|
page read and write
|
||
|
141747E000
|
unkown
|
page read and write
|
||
|
1A9B3161000
|
trusted library allocation
|
page read and write
|
||
|
265A3C30000
|
heap
|
page read and write
|
||
|
4810000
|
trusted library allocation
|
page read and write
|
||
|
6A7000
|
heap
|
page read and write
|
||
|
4410000
|
heap
|
page read and write
|
||
|
F86EC7B000
|
stack
|
page read and write
|
||
|
D9C000
|
heap
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
7FFD9B700000
|
trusted library allocation
|
page read and write
|
||
|
1A9CB520000
|
heap
|
page read and write
|
||
|
1A9CB2D2000
|
heap
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
194000
|
unkown
|
page readonly
|
||
|
3410000
|
heap
|
page read and write
|
||
|
27C7239B000
|
heap
|
page read and write
|
||
|
450B000
|
heap
|
page read and write
|
||
|
27C72315000
|
heap
|
page read and write
|
||
|
7FFD9B392000
|
trusted library allocation
|
page read and write
|
||
|
35A9000
|
heap
|
page read and write
|
||
|
265A3C10000
|
heap
|
page read and write
|
||
|
1A9B497A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6E4000
|
trusted library allocation
|
page read and write
|
||
|
265A5680000
|
trusted library allocation
|
page read and write
|
||
|
C35000
|
heap
|
page read and write
|
||
|
294B000
|
stack
|
page read and write
|
||
|
7FFD9B6C0000
|
trusted library allocation
|
page read and write
|
||
|
6F0000
|
unkown
|
page readonly
|
||
|
D39000
|
heap
|
page read and write
|
||
|
7FFD9B730000
|
trusted library allocation
|
page read and write
|
||
|
1417679000
|
stack
|
page read and write
|
||
|
4A0B000
|
heap
|
page read and write
|
||
|
7FFD9B550000
|
trusted library allocation
|
page execute and read and write
|
||
|
3E9D000
|
stack
|
page read and write
|
||
|
3390000
|
heap
|
page read and write
|
||
|
7FFD9B3AB000
|
trusted library allocation
|
page read and write
|
||
|
2CF0000
|
heap
|
page read and write
|
||
|
ADE000
|
stack
|
page read and write
|
||
|
1A9CB2C7000
|
heap
|
page read and write
|
||
|
21F0000
|
heap
|
page read and write
|
||
|
1AD000
|
unkown
|
page readonly
|
||
|
550000
|
heap
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
759000
|
unkown
|
page read and write
|
||
|
7FFD9B6F8000
|
trusted library allocation
|
page read and write
|
||
|
194000
|
unkown
|
page readonly
|
||
|
1A9B46BE000
|
trusted library allocation
|
page read and write
|
||
|
1A9B12E2000
|
heap
|
page read and write
|
||
|
3340000
|
heap
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
141757E000
|
stack
|
page read and write
|
||
|
7FFD9B750000
|
trusted library allocation
|
page read and write
|
||
|
265A5A00000
|
trusted library allocation
|
page read and write
|
||
|
CEE000
|
heap
|
page read and write
|
||
|
75D000
|
unkown
|
page readonly
|
||
|
265A3DB2000
|
heap
|
page read and write
|
||
|
1A9B3040000
|
trusted library allocation
|
page read and write
|
||
|
66E000
|
stack
|
page read and write
|
||
|
1A8000
|
unkown
|
page write copy
|
||
|
7FFD9B390000
|
trusted library allocation
|
page read and write
|
||
|
4503000
|
heap
|
page read and write
|
||
|
354A000
|
heap
|
page read and write
|
||
|
271F000
|
stack
|
page read and write
|
||
|
403A000
|
heap
|
page read and write
|
||
|
7FFD9B630000
|
trusted library allocation
|
page read and write
|
||
|
1A8000
|
unkown
|
page write copy
|
||
|
1417B3F000
|
stack
|
page read and write
|
||
|
415E000
|
stack
|
page read and write
|
||
|
1A9B49C6000
|
trusted library allocation
|
page read and write
|
||
|
1A9CB336000
|
heap
|
page read and write
|
||
|
7FFD9B610000
|
trusted library allocation
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
C0E000
|
stack
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
1A9B1460000
|
trusted library allocation
|
page read and write
|
||
|
265A3CF8000
|
heap
|
page read and write
|
||
|
BFE000
|
stack
|
page read and write
|
||
|
1A9CB4E8000
|
heap
|
page read and write
|
||
|
7FFD9B7C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B680000
|
trusted library allocation
|
page read and write
|
||
|
408A000
|
heap
|
page read and write
|
||
|
34BA000
|
heap
|
page read and write
|
||
|
141777F000
|
stack
|
page read and write
|
||
|
265A5680000
|
trusted library allocation
|
page read and write
|
||
|
7FB000
|
stack
|
page read and write
|
||
|
347A000
|
heap
|
page read and write
|
||
|
4A01000
|
heap
|
page read and write
|
||
|
1A9B49FA000
|
trusted library allocation
|
page read and write
|
||
|
3395000
|
heap
|
page read and write
|
||
|
4270000
|
heap
|
page read and write
|
||
|
BDF000
|
stack
|
page read and write
|
||
|
543F000
|
stack
|
page read and write
|
||
|
3420000
|
heap
|
page read and write
|
||
|
2FBB000
|
stack
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
1A9B46D4000
|
trusted library allocation
|
page read and write
|
||
|
1A9B4D83000
|
trusted library allocation
|
page read and write
|
||
|
27C72368000
|
heap
|
page read and write
|
||
|
FF7D58D000
|
stack
|
page read and write
|
||
|
7FFD9B670000
|
trusted library allocation
|
page read and write
|
||
|
27C72310000
|
heap
|
page read and write
|
||
|
29C6000
|
heap
|
page read and write
|
||
|
351A000
|
heap
|
page read and write
|
||
|
756000
|
unkown
|
page write copy
|
||
|
3EC1000
|
heap
|
page read and write
|
||
|
7FFD9B6E9000
|
trusted library allocation
|
page read and write
|
||
|
27C72350000
|
heap
|
page read and write
|
||
|
1A9B41BC000
|
trusted library allocation
|
page read and write
|
||
|
265A3CB5000
|
heap
|
page read and write
|
||
|
7FFD9B3A0000
|
trusted library allocation
|
page read and write
|
||
|
1A9CB57B000
|
heap
|
page read and write
|
||
|
7FFD9B541000
|
trusted library allocation
|
page read and write
|
||
|
1A6000
|
unkown
|
page write copy
|
||
|
1A6000
|
unkown
|
page read and write
|
||
|
D89000
|
heap
|
page read and write
|
||
|
1A9B13F0000
|
heap
|
page read and write
|
||
|
DA1000
|
heap
|
page read and write
|
||
|
1A9B46C0000
|
trusted library allocation
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
3330000
|
heap
|
page read and write
|
||
|
76C000
|
stack
|
page read and write
|
||
|
265A5A00000
|
trusted library allocation
|
page read and write
|
||
|
1A9000
|
unkown
|
page read and write
|
||
|
46EB000
|
stack
|
page read and write
|
||
|
D98000
|
heap
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
1A9CB2A8000
|
heap
|
page read and write
|
||
|
2960000
|
heap
|
page read and write
|
||
|
AFD000
|
stack
|
page read and write
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B580000
|
trusted library allocation
|
page execute and read and write
|
||
|
343A000
|
heap
|
page read and write
|
||
|
27C72290000
|
heap
|
page read and write
|
||
|
1A9CB5E3000
|
heap
|
page read and write
|
||
|
1A9B1310000
|
heap
|
page read and write
|
||
|
458E000
|
stack
|
page read and write
|
||
|
C74000
|
heap
|
page read and write
|
||
|
7FFD9B5C0000
|
trusted library allocation
|
page read and write
|
||
|
1AD000
|
unkown
|
page readonly
|
||
|
4A0C000
|
heap
|
page read and write
|
||
|
1417ABE000
|
stack
|
page read and write
|
||
|
1A9B1420000
|
heap
|
page read and write
|
||
|
32FA000
|
heap
|
page read and write
|
||
|
7FFD9B394000
|
trusted library allocation
|
page read and write
|
||
|
4508000
|
heap
|
page read and write
|
||
|
7FFD9B54A000
|
trusted library allocation
|
page read and write
|
||
|
265A3B30000
|
heap
|
page read and write
|
||
|
7FFD9B640000
|
trusted library allocation
|
page read and write
|
||
|
D94000
|
heap
|
page read and write
|
||
|
4A07000
|
heap
|
page read and write
|
||
|
DA7000
|
heap
|
page read and write
|
||
|
1AD000
|
unkown
|
page readonly
|
||
|
354A000
|
heap
|
page read and write
|
||
|
1A9C3450000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7B0000
|
trusted library allocation
|
page read and write
|
||
|
694C000
|
stack
|
page read and write
|
||
|
140000
|
unkown
|
page readonly
|
||
|
D6F000
|
heap
|
page read and write
|
||
|
4780000
|
heap
|
page read and write
|
||
|
29C0000
|
heap
|
page read and write
|
||
|
FDF000
|
stack
|
page read and write
|
||
|
1AD000
|
unkown
|
page readonly
|
||
|
D6E000
|
heap
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
1A9CB400000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
1A9CB4FD000
|
heap
|
page read and write
|
||
|
14176FE000
|
stack
|
page read and write
|
||
|
1A9CB4E0000
|
heap
|
page read and write
|
||
|
14175FE000
|
stack
|
page read and write
|
||
|
6C847000
|
unkown
|
page readonly
|
||
|
4503000
|
heap
|
page read and write
|
||
|
4A0B000
|
heap
|
page read and write
|
||
|
7FFD9B5B0000
|
trusted library allocation
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
7FFD9B4B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
468E000
|
stack
|
page read and write
|
||
|
7FFD9B440000
|
trusted library allocation
|
page read and write
|
||
|
3EDE000
|
stack
|
page read and write
|
||
|
1A9C3161000
|
trusted library allocation
|
page read and write
|
||
|
4502000
|
heap
|
page read and write
|
||
|
1A9CB314000
|
heap
|
page read and write
|
||
|
7FFD9B3B0000
|
trusted library allocation
|
page read and write
|
||
|
1A9B14F0000
|
heap
|
page execute and read and write
|
||
|
7FFD9B560000
|
trusted library allocation
|
page execute and read and write
|
||
|
F86E97E000
|
stack
|
page read and write
|
||
|
333A000
|
heap
|
page read and write
|
||
|
3320000
|
heap
|
page read and write
|
||
|
1A6000
|
unkown
|
page write copy
|
||
|
1417BBC000
|
stack
|
page read and write
|
||
|
33DE000
|
stack
|
page read and write
|
||
|
1A9CB6E0000
|
trusted library allocation
|
page read and write
|
||
|
1A9C3181000
|
trusted library allocation
|
page read and write
|
||
|
140000
|
unkown
|
page readonly
|
||
|
3480000
|
heap
|
page read and write
|
||
|
140000
|
unkown
|
page readonly
|
||
|
265A5A80000
|
trusted library allocation
|
page read and write
|
||
|
1A9CB54D000
|
heap
|
page read and write
|
||
|
1A9CB5D9000
|
heap
|
page read and write
|
||
|
1A9B4CB9000
|
trusted library allocation
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
FF7DCFE000
|
stack
|
page read and write
|
||
|
7FFD9B3EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
D7F000
|
heap
|
page read and write
|
||
|
357A000
|
heap
|
page read and write
|
||
|
32F0000
|
heap
|
page read and write
|
||
|
D9D000
|
heap
|
page read and write
|
||
|
1A9B3100000
|
heap
|
page execute and read and write
|
||
|
7DF4ED340000
|
trusted library allocation
|
page execute and read and write
|
||
|
3500000
|
heap
|
page read and write
|
||
|
3470000
|
heap
|
page read and write
|
||
|
3FDF000
|
stack
|
page read and write
|
||
|
27C72376000
|
heap
|
page read and write
|
||
|
2F0C000
|
stack
|
page read and write
|
||
|
4F60000
|
heap
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
27C72376000
|
heap
|
page read and write
|
||
|
194000
|
unkown
|
page readonly
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
450F000
|
heap
|
page read and write
|
||
|
1417936000
|
stack
|
page read and write
|
||
|
3570000
|
heap
|
page read and write
|
||
|
F86EAFD000
|
stack
|
page read and write
|
||
|
36A0000
|
heap
|
page read and write
|
||
|
3430000
|
heap
|
page read and write
|
||
|
3D55000
|
heap
|
page read and write
|
||
|
353A000
|
heap
|
page read and write
|
||
|
4A07000
|
heap
|
page read and write
|
||
|
7FFD9B710000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6FC000
|
trusted library allocation
|
page read and write
|
||
|
1A9B3B54000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B660000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7E0000
|
trusted library allocation
|
page read and write
|
||
|
1A9B464F000
|
trusted library allocation
|
page read and write
|
||
|
265A3DD3000
|
heap
|
page read and write
|
||
|
CD9000
|
stack
|
page read and write
|
||
|
B47000
|
heap
|
page read and write
|
||
|
14179B9000
|
stack
|
page read and write
|
||
|
1417C3E000
|
stack
|
page read and write
|
||
|
1A9C345A000
|
trusted library allocation
|
page read and write
|
||
|
D8E000
|
stack
|
page read and write
|
||
|
1A9B46EA000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
2CFA000
|
heap
|
page read and write
|
||
|
7FFD9B5E0000
|
trusted library allocation
|
page read and write
|
||
|
DB1000
|
heap
|
page read and write
|
||
|
2960000
|
heap
|
page read and write
|
||
|
441E000
|
heap
|
page read and write
|
||
|
1A9CB5EB000
|
heap
|
page read and write
|
||
|
3480000
|
heap
|
page read and write
|
||
|
1A9B4D7F000
|
trusted library allocation
|
page read and write
|
||
|
1A9000
|
unkown
|
page read and write
|
||
|
1A9000
|
unkown
|
page read and write
|
||
|
27C722B0000
|
heap
|
page read and write
|
||
|
F86EA7E000
|
stack
|
page read and write
|
||
|
4A0E000
|
heap
|
page read and write
|
||
|
265A3CFE000
|
heap
|
page read and write
|
||
|
DB4000
|
heap
|
page read and write
|
||
|
3D9C000
|
stack
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
27C74110000
|
heap
|
page read and write
|
||
|
75D000
|
unkown
|
page readonly
|
||
|
1A9B14A0000
|
heap
|
page readonly
|
||
|
D27000
|
heap
|
page read and write
|
||
|
341A000
|
heap
|
page read and write
|
||
|
1A9B47D3000
|
trusted library allocation
|
page read and write
|
||
|
10AE000
|
stack
|
page read and write
|
||
|
34A0000
|
heap
|
page read and write
|
||
|
14178BE000
|
stack
|
page read and write
|
||
|
1A9B11E0000
|
heap
|
page read and write
|
||
|
1AD000
|
unkown
|
page readonly
|
||
|
299C000
|
stack
|
page read and write
|
||
|
1A9C344C000
|
trusted library allocation
|
page read and write
|
||
|
27C72365000
|
heap
|
page read and write
|
||
|
7FFD9B800000
|
trusted library allocation
|
page read and write
|
||
|
3590000
|
heap
|
page read and write
|
||
|
3260000
|
heap
|
page read and write
|
||
|
1A9B4691000
|
trusted library allocation
|
page read and write
|
||
|
1A9B130E000
|
heap
|
page read and write
|
||
|
4420000
|
heap
|
page read and write
|
||
|
27C72358000
|
heap
|
page read and write
|
||
|
265A5C00000
|
heap
|
page read and write
|
||
|
1A9B135C000
|
heap
|
page read and write
|
||
|
6C84F000
|
unkown
|
page read and write
|
||
|
CEA000
|
heap
|
page read and write
|
||
|
1A9B46A8000
|
trusted library allocation
|
page read and write
|
||
|
4FC000
|
stack
|
page read and write
|
||
|
6C851000
|
unkown
|
page readonly
|
||
|
3D50000
|
heap
|
page read and write
|
||
|
33EF000
|
stack
|
page read and write
|
||
|
FF7D8FD000
|
unkown
|
page read and write
|
||
|
1A9B480C000
|
trusted library allocation
|
page read and write
|
||
|
1A9B1555000
|
heap
|
page read and write
|
||
|
27C72280000
|
heap
|
page read and write
|
||
|
3470000
|
heap
|
page read and write
|
||
|
296A000
|
heap
|
page read and write
|
||
|
7FFD9B6C3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B690000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B44C000
|
trusted library allocation
|
page execute and read and write
|
||
|
744000
|
unkown
|
page readonly
|
||
|
758000
|
unkown
|
page write copy
|
||
|
6F0000
|
unkown
|
page readonly
|
||
|
2780000
|
heap
|
page read and write
|
||
|
1A8000
|
unkown
|
page write copy
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page execute and read and write
|
||
|
3540000
|
heap
|
page read and write
|
||
|
7FFD9B749000
|
trusted library allocation
|
page read and write
|
||
|
E90000
|
heap
|
page read and write
|
||
|
141870E000
|
stack
|
page read and write
|
||
|
401A000
|
heap
|
page read and write
|
||
|
35C0000
|
heap
|
page read and write
|
||
|
450B000
|
heap
|
page read and write
|
||
|
450E000
|
heap
|
page read and write
|
||
|
14174FE000
|
stack
|
page read and write
|
||
|
265A56B0000
|
heap
|
page read and write
|
||
|
2A5A000
|
heap
|
page read and write
|
||
|
27C73F40000
|
heap
|
page read and write
|
||
|
265A3D88000
|
heap
|
page read and write
|
||
|
6A4C000
|
stack
|
page read and write
|
||
|
FF7D59E000
|
stack
|
page read and write
|
||
|
7FFD9B5F0000
|
trusted library allocation
|
page read and write
|
||
|
F86E9FE000
|
stack
|
page read and write
|
||
|
6C830000
|
unkown
|
page readonly
|
||
|
1A9B4667000
|
trusted library allocation
|
page read and write
|
||
|
1AD000
|
unkown
|
page readonly
|
||
|
B60000
|
heap
|
page read and write
|
||
|
F86E8FE000
|
stack
|
page read and write
|
||
|
194000
|
unkown
|
page readonly
|
||
|
348A000
|
heap
|
page read and write
|
||
|
1A9CB890000
|
heap
|
page read and write
|
||
|
296A000
|
heap
|
page read and write
|
||
|
265A3DCA000
|
heap
|
page read and write
|
||
|
33AE000
|
stack
|
page read and write
|
||
|
14171F3000
|
stack
|
page read and write
|
||
|
140000
|
unkown
|
page readonly
|
||
|
DB1000
|
heap
|
page read and write
|
||
|
34B0000
|
heap
|
page read and write
|
||
|
D47000
|
heap
|
page read and write
|
||
|
7FFD9B590000
|
trusted library allocation
|
page read and write
|
||
|
1A9B467D000
|
trusted library allocation
|
page read and write
|
||
|
1A9B1314000
|
heap
|
page read and write
|
||
|
265A5680000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B600000
|
trusted library allocation
|
page read and write
|
||
|
4080000
|
heap
|
page read and write
|
||
|
194000
|
unkown
|
page readonly
|
||
|
330E000
|
stack
|
page read and write
|
||
|
AFA000
|
stack
|
page read and write
|
||
|
FF7D9FE000
|
stack
|
page read and write
|
||
|
D3F000
|
stack
|
page read and write
|
||
|
7FC000
|
stack
|
page read and write
|
||
|
4506000
|
heap
|
page read and write
|
||
|
33F0000
|
heap
|
page read and write
|
||
|
5010000
|
heap
|
page read and write
|
||
|
7FFD9B7F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B5D0000
|
trusted library allocation
|
page read and write
|
||
|
53FE000
|
stack
|
page read and write
|
||
|
1A9B1356000
|
heap
|
page read and write
|
||
|
2F4C000
|
stack
|
page read and write
|
||
|
1A9B14F7000
|
heap
|
page execute and read and write
|
||
|
450C000
|
heap
|
page read and write
|
||
|
140000
|
unkown
|
page readonly
|
||
|
7FFD9B393000
|
trusted library allocation
|
page execute and read and write
|
There are 510 hidden memdumps, click here to show them.