Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
cuAvoExY41.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Windows Multimedia Platform\WmiPrvSE.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Libraries\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\KhSi255NBg.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\Desktop\CUGzHwzy.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\EQOQCKPT.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\UxpXqoOQ.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\VDAxqXDQ.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\dVTvzLpX.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\ddDNduPc.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\ffpwzeUX.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\mKRcJKjf.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\oOILjGZF.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\vnZStDyM.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\surrogateFontdhcpCommon\OneEFBaC8w.vbe
|
data
|
dropped
|
|
|
|
C:\surrogateFontdhcpCommon\upfc.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Microsoft Office 15\6bc8f6e50ab287
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Program Files\Windows Multimedia Platform\24dbde2999530e
|
ASCII text, with very long lines (604), with no line terminators
|
dropped
|
||
|
C:\Users\Public\Libraries\6bc8f6e50ab287
|
ASCII text, with very long lines (407), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ChainPortServerBrowsermonitor.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\LiXPpMYSA8
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Temp\Crashpad\reports\6bc8f6e50ab287
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\surrogateFontdhcpCommon\8R9u62iDagU8Uc7aonuPLC09qlpNFRfyF1hoQ7xLsx4xo5Yd8alS.bat
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\surrogateFontdhcpCommon\99a93b5a245da8
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\surrogateFontdhcpCommon\ea1d8f6d871115
|
ASCII text, with very long lines (378), with no line terminators
|
dropped
|
||
|
\Device\Null
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 19 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\cuAvoExY41.exe
|
"C:\Users\user\Desktop\cuAvoExY41.exe"
|
|
|
|
C:\Windows\SysWOW64\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\surrogateFontdhcpCommon\OneEFBaC8w.vbe"
|
|
|
|
C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe
|
"C:\surrogateFontdhcpCommon/ChainPortServerBrowsermonitor.exe"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\KhSi255NBg.bat"
|
|
|
|
C:\Windows\System32\PING.EXE
|
ping -n 10 localhost
|
|
|
|
C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
|
"C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\surrogateFontdhcpCommon\8R9u62iDagU8Uc7aonuPLC09qlpNFRfyF1hoQ7xLsx4xo5Yd8alS.bat" "
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\chcp.com
|
chcp 65001
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://hvatit.top
|
unknown
|
|
|
|
http://hvatit.top/
|
unknown
|
|
|
|
http://hvatit.top/dbwp.php
|
80.211.144.156
|
|
|
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
hvatit.top
|
80.211.144.156
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
80.211.144.156
|
hvatit.top
|
Italy
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\SOFTWARE\14e837138360754dc1d1518157f70903fdcc9df2
|
af14b2d2c1fdd9b62a5170c467c74ce6f678c3ae
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\cmd.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\cmd.exe.ApplicationCompany
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\KSFasOVYpBufeMshBMPdEDfTcvlm_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\KSFasOVYpBufeMshBMPdEDfTcvlm_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\KSFasOVYpBufeMshBMPdEDfTcvlm_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\KSFasOVYpBufeMshBMPdEDfTcvlm_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\KSFasOVYpBufeMshBMPdEDfTcvlm_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\KSFasOVYpBufeMshBMPdEDfTcvlm_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\KSFasOVYpBufeMshBMPdEDfTcvlm_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\KSFasOVYpBufeMshBMPdEDfTcvlm_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\KSFasOVYpBufeMshBMPdEDfTcvlm_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\KSFasOVYpBufeMshBMPdEDfTcvlm_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\KSFasOVYpBufeMshBMPdEDfTcvlm_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\KSFasOVYpBufeMshBMPdEDfTcvlm_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\KSFasOVYpBufeMshBMPdEDfTcvlm_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\KSFasOVYpBufeMshBMPdEDfTcvlm_RASMANCS
|
FileDirectory
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
6E22000
|
heap
|
page read and write
|
|
|
|
13407000
|
trusted library allocation
|
page read and write
|
|
|
|
2EAB000
|
trusted library allocation
|
page read and write
|
|
|
|
B32000
|
unkown
|
page readonly
|
|
|
|
652A000
|
heap
|
page read and write
|
|
|
|
366E000
|
trusted library allocation
|
page read and write
|
||
|
4BED000
|
stack
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
12DC1000
|
trusted library allocation
|
page read and write
|
||
|
1D8B0CA0000
|
heap
|
page read and write
|
||
|
2904000
|
heap
|
page read and write
|
||
|
7FF41E230000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B66B000
|
stack
|
page read and write
|
||
|
E9D000
|
heap
|
page read and write
|
||
|
AFE000
|
heap
|
page read and write
|
||
|
1BC0E000
|
stack
|
page read and write
|
||
|
1B9B0000
|
heap
|
page read and write
|
||
|
AD2000
|
heap
|
page read and write
|
||
|
5C2000
|
stack
|
page read and write
|
||
|
28DF000
|
heap
|
page read and write
|
||
|
1C5CE000
|
stack
|
page read and write
|
||
|
2934000
|
heap
|
page read and write
|
||
|
12B6D000
|
trusted library allocation
|
page read and write
|
||
|
290E000
|
heap
|
page read and write
|
||
|
735E000
|
stack
|
page read and write
|
||
|
7FFD9B860000
|
trusted library allocation
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
1C6ED000
|
stack
|
page read and write
|
||
|
149E000
|
stack
|
page read and write
|
||
|
13AA5000000
|
heap
|
page read and write
|
||
|
55C6AFF000
|
stack
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
12D3D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6E0000
|
trusted library allocation
|
page read and write
|
||
|
51FC000
|
stack
|
page read and write
|
||
|
1C23A000
|
stack
|
page read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
13AA5004000
|
heap
|
page read and write
|
||
|
2934000
|
heap
|
page read and write
|
||
|
13AA4FA0000
|
heap
|
page read and write
|
||
|
EA1000
|
heap
|
page read and write
|
||
|
12E9D000
|
trusted library allocation
|
page read and write
|
||
|
173E000
|
stack
|
page read and write
|
||
|
2917000
|
heap
|
page read and write
|
||
|
5AC000
|
stack
|
page read and write
|
||
|
1AF8D000
|
stack
|
page read and write
|
||
|
28F1000
|
heap
|
page read and write
|
||
|
AFE000
|
heap
|
page read and write
|
||
|
1DB90000
|
heap
|
page read and write
|
||
|
7FFD9BAC7000
|
trusted library allocation
|
page read and write
|
||
|
12C3A000
|
trusted library allocation
|
page read and write
|
||
|
1BA5C000
|
heap
|
page read and write
|
||
|
7FFD9BD8C000
|
trusted library allocation
|
page read and write
|
||
|
599000
|
stack
|
page read and write
|
||
|
28F2000
|
heap
|
page read and write
|
||
|
1BA55000
|
heap
|
page read and write
|
||
|
7FFD9BBB0000
|
trusted library allocation
|
page read and write
|
||
|
B65000
|
unkown
|
page readonly
|
||
|
5CA000
|
stack
|
page read and write
|
||
|
12E35000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB10000
|
trusted library allocation
|
page read and write
|
||
|
1B7AE000
|
stack
|
page read and write
|
||
|
E3B000
|
heap
|
page read and write
|
||
|
1BD0F000
|
stack
|
page read and write
|
||
|
7FFD9B868000
|
trusted library allocation
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
B72000
|
heap
|
page read and write
|
||
|
7FFD9BAE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
28EF000
|
heap
|
page read and write
|
||
|
1B6AE000
|
stack
|
page read and write
|
||
|
1DC23000
|
heap
|
page read and write
|
||
|
7FFD9B92D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B90D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4CC4000
|
heap
|
page read and write
|
||
|
28F5000
|
heap
|
page read and write
|
||
|
28E3000
|
heap
|
page read and write
|
||
|
237B000
|
stack
|
page read and write
|
||
|
AE2000
|
heap
|
page read and write
|
||
|
E1C000
|
heap
|
page read and write
|
||
|
1013000
|
unkown
|
page readonly
|
||
|
1BB00000
|
heap
|
page execute and read and write
|
||
|
7FFD9B8C4000
|
trusted library allocation
|
page read and write
|
||
|
2FF4000
|
unkown
|
page readonly
|
||
|
7FFD9BB87000
|
trusted library allocation
|
page read and write
|
||
|
13AA4EB3000
|
heap
|
page read and write
|
||
|
12CBF000
|
trusted library allocation
|
page read and write
|
||
|
ACD000
|
heap
|
page read and write
|
||
|
1B520000
|
heap
|
page execute and read and write
|
||
|
3322000
|
trusted library allocation
|
page read and write
|
||
|
43AE000
|
stack
|
page read and write
|
||
|
1B19B000
|
stack
|
page read and write
|
||
|
28E4000
|
heap
|
page read and write
|
||
|
ABA000
|
heap
|
page read and write
|
||
|
139C000
|
heap
|
page read and write
|
||
|
2900000
|
heap
|
page read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
7FFD9BB1D000
|
trusted library allocation
|
page read and write
|
||
|
43F0000
|
heap
|
page read and write
|
||
|
AD1000
|
heap
|
page read and write
|
||
|
7FFD9BD90000
|
trusted library allocation
|
page read and write
|
||
|
12B11000
|
trusted library allocation
|
page read and write
|
||
|
4D2D000
|
stack
|
page read and write
|
||
|
910000
|
heap
|
page readonly
|
||
|
7FFD9B7A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
28E6000
|
heap
|
page read and write
|
||
|
4C50000
|
heap
|
page read and write
|
||
|
7FFD9B71C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DF5000
|
trusted library allocation
|
page read and write
|
||
|
1C7FC000
|
stack
|
page read and write
|
||
|
6E20000
|
heap
|
page read and write
|
||
|
12B5000
|
heap
|
page read and write
|
||
|
7FFD9B8C0000
|
trusted library allocation
|
page read and write
|
||
|
2934000
|
heap
|
page read and write
|
||
|
2909000
|
heap
|
page read and write
|
||
|
70DE000
|
stack
|
page read and write
|
||
|
13AA4EB4000
|
heap
|
page read and write
|
||
|
4E30000
|
heap
|
page read and write
|
||
|
28F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC22000
|
trusted library allocation
|
page read and write
|
||
|
1BB00000
|
heap
|
page read and write
|
||
|
1C58C000
|
stack
|
page read and write
|
||
|
B16000
|
heap
|
page read and write
|
||
|
7FFD9B77C000
|
trusted library allocation
|
page execute and read and write
|
||
|
FEE000
|
unkown
|
page read and write
|
||
|
7FFD9BE90000
|
trusted library allocation
|
page read and write
|
||
|
E7C000
|
heap
|
page read and write
|
||
|
1B5A0000
|
heap
|
page read and write
|
||
|
7FFD9BDC7000
|
trusted library allocation
|
page read and write
|
||
|
731E000
|
stack
|
page read and write
|
||
|
12BF000
|
heap
|
page read and write
|
||
|
1D8B0820000
|
heap
|
page read and write
|
||
|
13AA4EAE000
|
heap
|
page read and write
|
||
|
2B11000
|
trusted library allocation
|
page read and write
|
||
|
B2E000
|
heap
|
page read and write
|
||
|
E84000
|
heap
|
page read and write
|
||
|
12C96000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB04000
|
trusted library allocation
|
page read and write
|
||
|
3651000
|
trusted library allocation
|
page read and write
|
||
|
2FE0000
|
unkown
|
page readonly
|
||
|
14E0000
|
unkown
|
page readonly
|
||
|
12E3000
|
heap
|
page read and write
|
||
|
7FFD9BAB5000
|
trusted library allocation
|
page read and write
|
||
|
1B9FB000
|
stack
|
page read and write
|
||
|
12C53000
|
trusted library allocation
|
page read and write
|
||
|
6E2C000
|
heap
|
page read and write
|
||
|
AC7000
|
heap
|
page read and write
|
||
|
B72000
|
heap
|
page read and write
|
||
|
FB1000
|
unkown
|
page execute read
|
||
|
7FFD9B6DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
28FF000
|
heap
|
page read and write
|
||
|
B2E000
|
heap
|
page read and write
|
||
|
2B0F000
|
stack
|
page read and write
|
||
|
FF5000
|
unkown
|
page read and write
|
||
|
7FFD9BED4000
|
trusted library allocation
|
page read and write
|
||
|
28E0000
|
heap
|
page read and write
|
||
|
28C8000
|
heap
|
page read and write
|
||
|
B2E000
|
heap
|
page read and write
|
||
|
28EB000
|
heap
|
page read and write
|
||
|
590000
|
stack
|
page read and write
|
||
|
7FFD9B9E2000
|
trusted library allocation
|
page read and write
|
||
|
B72000
|
heap
|
page read and write
|
||
|
7FFD9B903000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C00F000
|
stack
|
page read and write
|
||
|
7FFD9B8F0000
|
trusted library allocation
|
page read and write
|
||
|
B32000
|
heap
|
page read and write
|
||
|
B2E000
|
heap
|
page read and write
|
||
|
13AA4E80000
|
heap
|
page read and write
|
||
|
FB0000
|
unkown
|
page readonly
|
||
|
2FDE000
|
stack
|
page read and write
|
||
|
292B000
|
heap
|
page read and write
|
||
|
B3E000
|
stack
|
page read and write
|
||
|
28F3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BED0000
|
trusted library allocation
|
page read and write
|
||
|
292B000
|
heap
|
page read and write
|
||
|
AC1000
|
heap
|
page read and write
|
||
|
1530000
|
heap
|
page read and write
|
||
|
1D8B0CA4000
|
heap
|
page read and write
|
||
|
ABE000
|
heap
|
page read and write
|
||
|
7FFD9BB22000
|
trusted library allocation
|
page read and write
|
||
|
94B000
|
heap
|
page read and write
|
||
|
12C6A000
|
trusted library allocation
|
page read and write
|
||
|
3735000
|
trusted library allocation
|
page read and write
|
||
|
1110000
|
trusted library allocation
|
page read and write
|
||
|
947000
|
heap
|
page read and write
|
||
|
7FFD9B8E0000
|
trusted library allocation
|
page read and write
|
||
|
AE2000
|
heap
|
page read and write
|
||
|
2909000
|
heap
|
page read and write
|
||
|
2AC0000
|
heap
|
page read and write
|
||
|
12C80000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BE10000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BDD0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB30000
|
trusted library allocation
|
page read and write
|
||
|
2950000
|
heap
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
13AA5080000
|
heap
|
page read and write
|
||
|
1B9F4000
|
heap
|
page read and write
|
||
|
7FFD9BB20000
|
trusted library allocation
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
ABE000
|
heap
|
page read and write
|
||
|
1C1BC000
|
stack
|
page read and write
|
||
|
BE4000
|
heap
|
page read and write
|
||
|
955000
|
heap
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
28E8000
|
heap
|
page read and write
|
||
|
3311000
|
trusted library allocation
|
page read and write
|
||
|
2958000
|
heap
|
page read and write
|
||
|
1B8AF000
|
stack
|
page read and write
|
||
|
14D0000
|
unkown
|
page readonly
|
||
|
1318000
|
heap
|
page read and write
|
||
|
E8E000
|
stack
|
page read and write
|
||
|
6E2B000
|
heap
|
page read and write
|
||
|
7FFD9BDE0000
|
trusted library allocation
|
page read and write
|
||
|
55C6B7E000
|
stack
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
23FE000
|
stack
|
page read and write
|
||
|
7FFD9BB70000
|
trusted library allocation
|
page read and write
|
||
|
B5A000
|
heap
|
page read and write
|
||
|
7FFD9BB60000
|
trusted library allocation
|
page read and write
|
||
|
652D000
|
heap
|
page read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page read and write
|
||
|
1280000
|
heap
|
page read and write
|
||
|
2908000
|
heap
|
page read and write
|
||
|
7FFD9B92B000
|
trusted library allocation
|
page execute and read and write
|
||
|
A98000
|
heap
|
page read and write
|
||
|
292B000
|
heap
|
page read and write
|
||
|
ACB000
|
heap
|
page read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
1357E000
|
trusted library allocation
|
page read and write
|
||
|
2EA9000
|
trusted library allocation
|
page read and write
|
||
|
4CEE000
|
stack
|
page read and write
|
||
|
B30000
|
unkown
|
page readonly
|
||
|
2934000
|
heap
|
page read and write
|
||
|
132E8000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
4CC0000
|
heap
|
page read and write
|
||
|
7FFD9BAF0000
|
trusted library allocation
|
page read and write
|
||
|
1D8B09CA000
|
heap
|
page read and write
|
||
|
1BF3F000
|
stack
|
page read and write
|
||
|
292B000
|
heap
|
page read and write
|
||
|
7FFD9B6C4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page read and write
|
||
|
6520000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B776000
|
trusted library allocation
|
page read and write
|
||
|
AE7000
|
heap
|
page read and write
|
||
|
7FFD9B9BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
AB6000
|
heap
|
page read and write
|
||
|
2C46000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAAC000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BA3B000
|
heap
|
page read and write
|
||
|
2917000
|
heap
|
page read and write
|
||
|
28ED000
|
heap
|
page read and write
|
||
|
292B000
|
heap
|
page read and write
|
||
|
7FFD9BBA0000
|
trusted library allocation
|
page read and write
|
||
|
1BA2E000
|
heap
|
page read and write
|
||
|
289F000
|
stack
|
page read and write
|
||
|
E53000
|
heap
|
page read and write
|
||
|
3665000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
B12000
|
heap
|
page read and write
|
||
|
B77000
|
unkown
|
page readonly
|
||
|
7FFD9B880000
|
trusted library allocation
|
page read and write
|
||
|
AFE000
|
heap
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page execute and read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
10E0000
|
heap
|
page read and write
|
||
|
1BA7A000
|
heap
|
page read and write
|
||
|
28EF000
|
heap
|
page read and write
|
||
|
2D20000
|
trusted library allocation
|
page read and write
|
||
|
1B550000
|
trusted library allocation
|
page read and write
|
||
|
28F7000
|
heap
|
page read and write
|
||
|
28F1000
|
heap
|
page read and write
|
||
|
2A00000
|
heap
|
page execute and read and write
|
||
|
3A66CFF000
|
stack
|
page read and write
|
||
|
28D0000
|
heap
|
page read and write
|
||
|
7FFD9BC30000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB66000
|
trusted library allocation
|
page read and write
|
||
|
12EB7000
|
trusted library allocation
|
page read and write
|
||
|
28F4000
|
heap
|
page read and write
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
28F0000
|
heap
|
page read and write
|
||
|
7FFD9BB70000
|
trusted library allocation
|
page read and write
|
||
|
B13000
|
heap
|
page read and write
|
||
|
2B19000
|
trusted library allocation
|
page read and write
|
||
|
1C385000
|
stack
|
page read and write
|
||
|
13556000
|
trusted library allocation
|
page read and write
|
||
|
14B0000
|
heap
|
page execute and read and write
|
||
|
1DC21000
|
heap
|
page read and write
|
||
|
1BE0E000
|
stack
|
page read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BEC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
13AA5010000
|
heap
|
page read and write
|
||
|
7FFD9BC50000
|
trusted library allocation
|
page read and write
|
||
|
B32000
|
unkown
|
page readonly
|
||
|
B2E000
|
heap
|
page read and write
|
||
|
28EF000
|
heap
|
page read and write
|
||
|
2909000
|
heap
|
page read and write
|
||
|
7FFD9B95C000
|
trusted library allocation
|
page execute and read and write
|
||
|
290F000
|
heap
|
page read and write
|
||
|
12CC000
|
heap
|
page read and write
|
||
|
7FFD9B904000
|
trusted library allocation
|
page read and write
|
||
|
5B5000
|
stack
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
1AB000
|
stack
|
page read and write
|
||
|
B72000
|
heap
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
1B523000
|
heap
|
page execute and read and write
|
||
|
1B59E000
|
stack
|
page read and write
|
||
|
7FFD9BAC0000
|
trusted library allocation
|
page read and write
|
||
|
B73000
|
unkown
|
page readonly
|
||
|
ABA000
|
heap
|
page read and write
|
||
|
10DF000
|
stack
|
page read and write
|
||
|
1DC2C000
|
heap
|
page read and write
|
||
|
4B91000
|
trusted library allocation
|
page read and write
|
||
|
1124000
|
heap
|
page read and write
|
||
|
4C70000
|
heap
|
page read and write
|
||
|
1BB4D000
|
heap
|
page read and write
|
||
|
ADF000
|
heap
|
page read and write
|
||
|
292B000
|
heap
|
page read and write
|
||
|
130D000
|
heap
|
page read and write
|
||
|
3A66BFF000
|
unkown
|
page read and write
|
||
|
12A0000
|
heap
|
page read and write
|
||
|
23BE000
|
stack
|
page read and write
|
||
|
31E0000
|
heap
|
page execute and read and write
|
||
|
7FFD9B6D8000
|
trusted library allocation
|
page read and write
|
||
|
4C80000
|
heap
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
B2E000
|
heap
|
page read and write
|
||
|
12C08000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BDA2000
|
trusted library allocation
|
page read and write
|
||
|
1510000
|
unkown
|
page readonly
|
||
|
4C6000
|
stack
|
page read and write
|
||
|
1BA49000
|
heap
|
page read and write
|
||
|
FEE000
|
unkown
|
page write copy
|
||
|
FB1000
|
unkown
|
page execute read
|
||
|
290A000
|
heap
|
page read and write
|
||
|
1500000
|
heap
|
page read and write
|
||
|
220000
|
heap
|
page read and write
|
||
|
1D8B0900000
|
heap
|
page read and write
|
||
|
51BF000
|
stack
|
page read and write
|
||
|
7FF48E520000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B9E6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D8B09C8000
|
heap
|
page read and write
|
||
|
721D000
|
stack
|
page read and write
|
||
|
371F000
|
trusted library allocation
|
page read and write
|
||
|
26C0000
|
heap
|
page read and write
|
||
|
1013000
|
unkown
|
page write copy
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB40000
|
trusted library allocation
|
page execute and read and write
|
||
|
3326000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB80000
|
trusted library allocation
|
page execute and read and write
|
||
|
AFE000
|
heap
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AF91000
|
heap
|
page read and write
|
||
|
7FFD9B872000
|
trusted library allocation
|
page read and write
|
||
|
12C21000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BEB0000
|
trusted library allocation
|
page read and write
|
||
|
28A8000
|
heap
|
page read and write
|
||
|
13AA4D90000
|
heap
|
page read and write
|
||
|
759C000
|
stack
|
page read and write
|
||
|
496F000
|
stack
|
page read and write
|
||
|
12DDA000
|
trusted library allocation
|
page read and write
|
||
|
12D9B000
|
trusted library allocation
|
page read and write
|
||
|
2917000
|
heap
|
page read and write
|
||
|
7FFD9B902000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
28F1000
|
heap
|
page read and write
|
||
|
7FFD9B6EB000
|
trusted library allocation
|
page execute and read and write
|
||
|
AFE000
|
heap
|
page read and write
|
||
|
31F9000
|
trusted library allocation
|
page read and write
|
||
|
D8E000
|
stack
|
page read and write
|
||
|
1BB03000
|
heap
|
page execute and read and write
|
||
|
12E0000
|
heap
|
page read and write
|
||
|
7FFD9BAFC000
|
trusted library allocation
|
page read and write
|
||
|
A1E000
|
stack
|
page read and write
|
||
|
28F3000
|
heap
|
page read and write
|
||
|
B72000
|
heap
|
page read and write
|
||
|
7FFD9BC60000
|
trusted library allocation
|
page read and write
|
||
|
2902000
|
heap
|
page read and write
|
||
|
13AA4F80000
|
heap
|
page read and write
|
||
|
14F0000
|
unkown
|
page readonly
|
||
|
2FE2000
|
unkown
|
page readonly
|
||
|
6D20000
|
heap
|
page read and write
|
||
|
28E0000
|
trusted library allocation
|
page read and write
|
||
|
B72000
|
heap
|
page read and write
|
||
|
4430000
|
heap
|
page read and write
|
||
|
1204000
|
heap
|
page read and write
|
||
|
3673000
|
trusted library allocation
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
2917000
|
heap
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
14F2000
|
unkown
|
page readonly
|
||
|
1BBBB000
|
heap
|
page read and write
|
||
|
FB0000
|
unkown
|
page readonly
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
FE3000
|
unkown
|
page readonly
|
||
|
28C0000
|
heap
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
5B9000
|
stack
|
page read and write
|
||
|
7FFD9B6D3000
|
trusted library allocation
|
page read and write
|
||
|
210000
|
heap
|
page read and write
|
||
|
7FFD9BB00000
|
trusted library allocation
|
page read and write
|
||
|
B30000
|
unkown
|
page readonly
|
||
|
13AA4E8B000
|
heap
|
page read and write
|
||
|
12DE8000
|
trusted library allocation
|
page read and write
|
||
|
1C2DE000
|
stack
|
page read and write
|
||
|
55C6A7C000
|
stack
|
page read and write
|
||
|
7FFD9BBC0000
|
trusted library allocation
|
page read and write
|
||
|
2900000
|
heap
|
page read and write
|
||
|
28E3000
|
heap
|
page read and write
|
||
|
2934000
|
heap
|
page read and write
|
||
|
AFE000
|
heap
|
page read and write
|
||
|
1BBA5000
|
heap
|
page read and write
|
||
|
1314000
|
heap
|
page read and write
|
||
|
1C6F0000
|
heap
|
page read and write
|
||
|
71DE000
|
stack
|
page read and write
|
||
|
7FFD9BDF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BE00000
|
trusted library allocation
|
page read and write
|
||
|
B2E000
|
heap
|
page read and write
|
||
|
7FFD9BDB0000
|
trusted library allocation
|
page read and write
|
||
|
12D8E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB90000
|
trusted library allocation
|
page read and write
|
||
|
4BAA000
|
trusted library allocation
|
page read and write
|
||
|
4DC0000
|
trusted library allocation
|
page read and write
|
||
|
FE3000
|
unkown
|
page readonly
|
||
|
28D1000
|
heap
|
page read and write
|
||
|
1C487000
|
stack
|
page read and write
|
||
|
1BA93000
|
heap
|
page read and write
|
||
|
12E75000
|
trusted library allocation
|
page read and write
|
||
|
1B220000
|
trusted library allocation
|
page read and write
|
||
|
14E2000
|
unkown
|
page readonly
|
||
|
31F1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8D0000
|
trusted library allocation
|
page read and write
|
||
|
28E3000
|
heap
|
page read and write
|
||
|
7FFD9B91D000
|
trusted library allocation
|
page execute and read and write
|
||
|
749B000
|
stack
|
page read and write
|
||
|
12BBA000
|
trusted library allocation
|
page read and write
|
||
|
2949000
|
heap
|
page read and write
|
||
|
28ED000
|
heap
|
page read and write
|
||
|
7FFD9B918000
|
trusted library allocation
|
page read and write
|
||
|
9DE000
|
stack
|
page read and write
|
||
|
1AB40000
|
trusted library allocation
|
page read and write
|
||
|
C8E000
|
stack
|
page read and write
|
||
|
745F000
|
stack
|
page read and write
|
||
|
163E000
|
stack
|
page read and write
|
||
|
1D8B0920000
|
heap
|
page read and write
|
||
|
B72000
|
heap
|
page read and write
|
||
|
4BF0000
|
heap
|
page read and write
|
||
|
2917000
|
heap
|
page read and write
|
||
|
2917000
|
heap
|
page read and write
|
||
|
304B000
|
heap
|
page read and write
|
||
|
7FFD9BDCF000
|
trusted library allocation
|
page read and write
|
||
|
99E000
|
stack
|
page read and write
|
||
|
3A66AFB000
|
stack
|
page read and write
|
||
|
28A0000
|
heap
|
page read and write
|
||
|
1D8B09C0000
|
heap
|
page read and write
|
||
|
367F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page execute and read and write
|
||
|
28C1000
|
heap
|
page read and write
|
||
|
2917000
|
heap
|
page read and write
|
||
|
4E2F000
|
stack
|
page read and write
|
||
|
7FFD9B6ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
2908000
|
heap
|
page read and write
|
||
|
12D93000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B913000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1120000
|
heap
|
page read and write
|
||
|
7FFD9BB50000
|
trusted library allocation
|
page read and write
|
||
|
1528000
|
unkown
|
page readonly
|
||
|
13AA4EC3000
|
heap
|
page read and write
|
||
|
2AC9000
|
heap
|
page read and write
|
||
|
7FFD9BBD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
131F1000
|
trusted library allocation
|
page read and write
|
||
|
12D27000
|
trusted library allocation
|
page read and write
|
||
|
13AA4EC4000
|
heap
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page execute and read and write
|
||
|
AEF000
|
heap
|
page read and write
|
||
|
2970000
|
heap
|
page execute and read and write
|
||
|
28E5000
|
heap
|
page read and write
|
||
|
AE2000
|
heap
|
page read and write
|
||
|
AFE000
|
heap
|
page read and write
|
||
|
12CFF000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BEA0000
|
trusted library allocation
|
page read and write
|
||
|
5A8000
|
stack
|
page read and write
|
||
|
3039000
|
heap
|
page read and write
|
||
|
1CA0D000
|
stack
|
page read and write
|
||
|
7FFD9BB50000
|
trusted library allocation
|
page read and write
|
||
|
28E6000
|
heap
|
page read and write
|
||
|
3409000
|
trusted library allocation
|
page read and write
|
||
|
50BE000
|
stack
|
page read and write
|
||
|
52FC000
|
stack
|
page read and write
|
||
|
7FFD9BB60000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BDA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6E4000
|
trusted library allocation
|
page read and write
|
||
|
2934000
|
heap
|
page read and write
|
||
|
2A9E000
|
stack
|
page read and write
|
||
|
2934000
|
heap
|
page read and write
|
||
|
E9A000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
12CE000
|
heap
|
page read and write
|
||
|
2E8F000
|
trusted library allocation
|
page read and write
|
||
|
26C5000
|
heap
|
page read and write
|
||
|
7FFD9B8E2000
|
trusted library allocation
|
page read and write
|
||
|
1014000
|
unkown
|
page readonly
|
||
|
7FFD9B924000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9B6000
|
trusted library allocation
|
page read and write
|
||
|
1012000
|
unkown
|
page read and write
|
||
|
1512000
|
unkown
|
page readonly
|
||
|
6E2F000
|
heap
|
page read and write
|
||
|
3030000
|
heap
|
page read and write
|
||
|
1B9E2000
|
heap
|
page read and write
|
||
|
13AA5084000
|
heap
|
page read and write
|
||
|
59E000
|
stack
|
page read and write
|
||
|
2690000
|
heap
|
page read and write
|
||
|
4A6F000
|
stack
|
page read and write
|
||
|
28C8000
|
heap
|
page read and write
|
||
|
28F6000
|
heap
|
page read and write
|
||
|
43EE000
|
stack
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
1230000
|
trusted library allocation
|
page read and write
|
||
|
1BF0D000
|
stack
|
page read and write
|
||
|
14D2000
|
unkown
|
page readonly
|
||
|
AE2000
|
heap
|
page read and write
|
||
|
292B000
|
heap
|
page read and write
|
||
|
1210000
|
trusted library allocation
|
page read and write
|
There are 522 hidden memdumps, click here to show them.