Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
QqHWdVqNBs.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\LinkGuard Dynamics\SecureHawk.js
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\LinkGuard Dynamics\SecureHawk.pif
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\LinkGuard Dynamics\r
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\369580\Origin.pif
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Temp\369580\Z
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Bdsm
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Convenience
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Dental
|
OpenPGP Public Key
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Falls
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Fight
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Fighting
|
data
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Temp\Joke
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\June
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Mask
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Massachusetts
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Outreach
|
hp200 (68010) BSD
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Radius
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Severe
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Sig
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Stockings
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Vendor
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Alot
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Beginning
|
DOS executable (COM)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Buck
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Chad
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Consecutive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Creator
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Cruises
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Double
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Emotions
|
ASCII text, with very long lines (1341), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Emotions.cmd
|
ASCII text, with very long lines (1341), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Favourite
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Genre
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Hay
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Instance
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Kde
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Lcd
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Older
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Opposition
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Participants
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Portraits
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Quebec
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Race
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Referring
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Richmond
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Seek
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Sn
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Studios
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Tags
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Thereof
|
Matlab v4 mat-file (little endian) , numeric, rows 0, columns 0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Things
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Tokyo
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Violence
|
data
|
dropped
|
There are 44 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\QqHWdVqNBs.exe
|
"C:\Users\user\Desktop\QqHWdVqNBs.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /k copy Emotions Emotions.cmd & Emotions.cmd & exit
|
|
|
|
C:\Windows\SysWOW64\findstr.exe
|
findstr /I "wrsa.exe opssvc.exe"
|
|
|
|
C:\Windows\SysWOW64\findstr.exe
|
findstr /I "avastui.exe avgui.exe bdservicehost.exe nswscsvc.exe sophoshealth.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd /c md 369580
|
|
|
|
C:\Windows\SysWOW64\findstr.exe
|
findstr /V "MaskBathroomsCompoundInjection" Participants
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd /c copy /b Massachusetts + Radius + Dental + Vendor + Fighting + June + Stockings + Convenience + Falls + Joke + Mask
+ Severe + Outreach + Sig + Bdsm 369580\Z
|
|
|
|
C:\Users\user\AppData\Local\Temp\369580\Origin.pif
|
369580\Origin.pif 369580\Z
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks.exe /create /tn "SecureHawk" /tr "wscript //B 'C:\Users\user\AppData\Local\LinkGuard Dynamics\SecureHawk.js'" /sc
onlogon /F /RL HIGHEST
|
|
|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\LinkGuard Dynamics\SecureHawk.js"
|
|
|
|
C:\Users\user\AppData\Local\LinkGuard Dynamics\SecureHawk.pif
|
"C:\Users\user\AppData\Local\LinkGuard Dynamics\SecureHawk.pif" "C:\Users\user\AppData\Local\LinkGuard Dynamics\r"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\tasklist.exe
|
tasklist
|
||
|
C:\Windows\SysWOW64\tasklist.exe
|
tasklist
|
||
|
C:\Windows\SysWOW64\timeout.exe
|
timeout 15
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 6 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.autoitscript.com/autoit3/J
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://www.autoitscript.com/autoit3/0
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
jZFqZYoOtpryMyRHD.jZFqZYoOtpryMyRHD
|
unknown
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
|
JScriptSetScriptStateStarted
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1BC4115E000
|
heap
|
page read and write
|
||
|
13F5000
|
heap
|
page read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
92F000
|
stack
|
page read and write
|
||
|
3814000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
289F000
|
heap
|
page read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
1BC41060000
|
heap
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
63D000
|
heap
|
page read and write
|
||
|
1BC413DC000
|
heap
|
page read and write
|
||
|
1BC41111000
|
heap
|
page read and write
|
||
|
1351000
|
heap
|
page read and write
|
||
|
1A80000
|
heap
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
55E000
|
stack
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
37B0000
|
trusted library allocation
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
3F72000
|
heap
|
page read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
2893000
|
heap
|
page read and write
|
||
|
36B0000
|
heap
|
page read and write
|
||
|
101F000
|
stack
|
page read and write
|
||
|
3DB4000
|
heap
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
1BC413D5000
|
heap
|
page read and write
|
||
|
2A9C000
|
stack
|
page read and write
|
||
|
1318000
|
heap
|
page read and write
|
||
|
33D9000
|
trusted library allocation
|
page read and write
|
||
|
48DF000
|
stack
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
3D0E000
|
stack
|
page read and write
|
||
|
12E0000
|
heap
|
page read and write
|
||
|
379A000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
289B000
|
heap
|
page read and write
|
||
|
1390000
|
heap
|
page read and write
|
||
|
1BC410F0000
|
heap
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
45E0000
|
heap
|
page read and write
|
||
|
3824000
|
heap
|
page read and write
|
||
|
302E000
|
stack
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
2E6E000
|
heap
|
page read and write
|
||
|
1444000
|
heap
|
page read and write
|
||
|
1A40000
|
trusted library allocation
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
1BC4111F000
|
heap
|
page read and write
|
||
|
461000
|
unkown
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
73A000
|
stack
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
553000
|
unkown
|
page write copy
|
||
|
44BF000
|
stack
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
37B0000
|
trusted library allocation
|
page read and write
|
||
|
1BC42FB0000
|
heap
|
page read and write
|
||
|
65E000
|
heap
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
1BC41148000
|
heap
|
page read and write
|
||
|
796000
|
heap
|
page read and write
|
||
|
2898000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
1458000
|
heap
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
2E9E000
|
heap
|
page read and write
|
||
|
796000
|
heap
|
page read and write
|
||
|
4E3F000
|
stack
|
page read and write
|
||
|
2B20000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
7FFB23B25000
|
unkown
|
page readonly
|
||
|
779000
|
heap
|
page read and write
|
||
|
2890000
|
heap
|
page read and write
|
||
|
3825000
|
heap
|
page read and write
|
||
|
37B0000
|
trusted library allocation
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
1BC4111E000
|
heap
|
page read and write
|
||
|
109D000
|
stack
|
page read and write
|
||
|
491000
|
unkown
|
page execute read
|
||
|
2890000
|
heap
|
page read and write
|
||
|
220E000
|
stack
|
page read and write
|
||
|
49DF000
|
stack
|
page read and write
|
||
|
54F000
|
unkown
|
page read and write
|
||
|
6B8000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
1A40000
|
trusted library allocation
|
page read and write
|
||
|
C93000
|
unkown
|
page write copy
|
||
|
3326000
|
trusted library allocation
|
page read and write
|
||
|
1BC41146000
|
heap
|
page read and write
|
||
|
3E7A000
|
heap
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
42953FF000
|
stack
|
page read and write
|
||
|
7B9000
|
heap
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
10C0000
|
heap
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
16BC000
|
heap
|
page read and write
|
||
|
1174000
|
heap
|
page read and write
|
||
|
4DDF000
|
stack
|
page read and write
|
||
|
37B0000
|
trusted library allocation
|
page read and write
|
||
|
4DFE000
|
stack
|
page read and write
|
||
|
2E94000
|
heap
|
page read and write
|
||
|
1428000
|
heap
|
page read and write
|
||
|
1158000
|
heap
|
page read and write
|
||
|
1A40000
|
trusted library allocation
|
page read and write
|
||
|
2FA6000
|
heap
|
page read and write
|
||
|
1BC41350000
|
heap
|
page read and write
|
||
|
1174000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
289D000
|
heap
|
page read and write
|
||
|
796000
|
heap
|
page read and write
|
||
|
1BC4111A000
|
heap
|
page read and write
|
||
|
3FF6000
|
heap
|
page read and write
|
||
|
3E38000
|
heap
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
796000
|
heap
|
page read and write
|
||
|
490000
|
unkown
|
page readonly
|
||
|
3EBC000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
4D3F000
|
stack
|
page read and write
|
||
|
102E000
|
stack
|
page read and write
|
||
|
1225000
|
heap
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
30D0000
|
heap
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1A40000
|
trusted library allocation
|
page read and write
|
||
|
7FFB23B20000
|
unkown
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
1BC41159000
|
heap
|
page read and write
|
||
|
64A000
|
heap
|
page read and write
|
||
|
37B0000
|
trusted library allocation
|
page read and write
|
||
|
2E7C000
|
heap
|
page read and write
|
||
|
37B0000
|
trusted library allocation
|
page read and write
|
||
|
62F000
|
heap
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
62E000
|
heap
|
page read and write
|
||
|
2893000
|
heap
|
page read and write
|
||
|
C98000
|
unkown
|
page readonly
|
||
|
2E9E000
|
heap
|
page read and write
|
||
|
2898000
|
heap
|
page read and write
|
||
|
4294EFE000
|
stack
|
page read and write
|
||
|
1BC4114E000
|
heap
|
page read and write
|
||
|
1BC41154000
|
heap
|
page read and write
|
||
|
3D72000
|
heap
|
page read and write
|
||
|
4E40000
|
heap
|
page read and write
|
||
|
77E000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
C59000
|
stack
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
1BC4111F000
|
heap
|
page read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
1175000
|
heap
|
page read and write
|
||
|
4330000
|
heap
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
C8F000
|
unkown
|
page write copy
|
||
|
1353000
|
heap
|
page read and write
|
||
|
13EE000
|
heap
|
page read and write
|
||
|
37B0000
|
trusted library allocation
|
page read and write
|
||
|
1A40000
|
trusted library allocation
|
page read and write
|
||
|
37B0000
|
trusted library allocation
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
3810000
|
heap
|
page read and write
|
||
|
1164000
|
heap
|
page read and write
|
||
|
3410000
|
heap
|
page read and write
|
||
|
2895000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
37B0000
|
trusted library allocation
|
page read and write
|
||
|
45C000
|
stack
|
page read and write
|
||
|
309E000
|
stack
|
page read and write
|
||
|
22C0000
|
heap
|
page read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
4294FFF000
|
stack
|
page read and write
|
||
|
289B000
|
heap
|
page read and write
|
||
|
1174000
|
heap
|
page read and write
|
||
|
2FEE000
|
stack
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
65E000
|
heap
|
page read and write
|
||
|
73E000
|
heap
|
page read and write
|
||
|
37B0000
|
trusted library allocation
|
page read and write
|
||
|
42951FF000
|
stack
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
77E000
|
heap
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
1A40000
|
trusted library allocation
|
page read and write
|
||
|
1A7E000
|
stack
|
page read and write
|
||
|
459E000
|
trusted library allocation
|
page read and write
|
||
|
3B60000
|
heap
|
page read and write
|
||
|
130F000
|
heap
|
page read and write
|
||
|
2E99000
|
heap
|
page read and write
|
||
|
2898000
|
heap
|
page read and write
|
||
|
1148000
|
heap
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
3230000
|
heap
|
page read and write
|
||
|
1174000
|
heap
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
1BC410F8000
|
heap
|
page read and write
|
||
|
1FC000
|
stack
|
page read and write
|
||
|
2891000
|
heap
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
107F000
|
stack
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
73D1F000
|
unkown
|
page readonly
|
||
|
2E93000
|
heap
|
page read and write
|
||
|
1175000
|
heap
|
page read and write
|
||
|
2899000
|
heap
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
618000
|
heap
|
page read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
1BC4111F000
|
heap
|
page read and write
|
||
|
45BF000
|
stack
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
49D000
|
stack
|
page read and write
|
||
|
2E8B000
|
heap
|
page read and write
|
||
|
54F000
|
unkown
|
page write copy
|
||
|
779000
|
heap
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
2895000
|
heap
|
page read and write
|
||
|
1174000
|
heap
|
page read and write
|
||
|
C85000
|
unkown
|
page readonly
|
||
|
1A40000
|
trusted library allocation
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
1256000
|
heap
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
1BC41050000
|
heap
|
page read and write
|
||
|
1A40000
|
trusted library allocation
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
37B0000
|
trusted library allocation
|
page read and write
|
||
|
289B000
|
heap
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
1170000
|
heap
|
page read and write
|
||
|
2F8F000
|
stack
|
page read and write
|
||
|
1BC41080000
|
heap
|
page read and write
|
||
|
4EE000
|
stack
|
page read and write
|
||
|
2897000
|
heap
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
1BC41148000
|
heap
|
page read and write
|
||
|
2896000
|
heap
|
page read and write
|
||
|
7FFB23B01000
|
unkown
|
page execute read
|
||
|
3F2C000
|
heap
|
page read and write
|
||
|
1BC4113D000
|
heap
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
289D000
|
heap
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
796000
|
heap
|
page read and write
|
||
|
796000
|
heap
|
page read and write
|
||
|
64C000
|
heap
|
page read and write
|
||
|
2890000
|
heap
|
page read and write
|
||
|
1A40000
|
trusted library allocation
|
page read and write
|
||
|
37EE000
|
stack
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
1BC41126000
|
heap
|
page read and write
|
||
|
289E000
|
heap
|
page read and write
|
||
|
44FE000
|
stack
|
page read and write
|
||
|
1383000
|
heap
|
page read and write
|
||
|
2897000
|
heap
|
page read and write
|
||
|
558000
|
unkown
|
page readonly
|
||
|
1BC41159000
|
heap
|
page read and write
|
||
|
65E000
|
heap
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
78E000
|
stack
|
page read and write
|
||
|
1BC41126000
|
heap
|
page read and write
|
||
|
406E000
|
heap
|
page read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
7A2000
|
heap
|
page read and write
|
||
|
37B0000
|
trusted library allocation
|
page read and write
|
||
|
2E99000
|
heap
|
page read and write
|
||
|
5D5000
|
heap
|
page read and write
|
||
|
289A000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
457E000
|
stack
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
65E000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
1A40000
|
trusted library allocation
|
page read and write
|
||
|
2896000
|
heap
|
page read and write
|
||
|
37B0000
|
trusted library allocation
|
page read and write
|
||
|
796000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
BD1000
|
unkown
|
page execute read
|
||
|
289D000
|
heap
|
page read and write
|
||
|
1BC41148000
|
heap
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
151A000
|
heap
|
page read and write
|
||
|
64E000
|
heap
|
page read and write
|
||
|
77E000
|
heap
|
page read and write
|
||
|
40AF000
|
heap
|
page read and write
|
||
|
64E000
|
stack
|
page read and write
|
||
|
BD0000
|
unkown
|
page readonly
|
||
|
1372000
|
heap
|
page read and write
|
||
|
30D8000
|
heap
|
page read and write
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
289D000
|
heap
|
page read and write
|
||
|
2895000
|
heap
|
page read and write
|
||
|
2E3D000
|
stack
|
page read and write
|
||
|
15D6000
|
heap
|
page read and write
|
||
|
1BC41148000
|
heap
|
page read and write
|
||
|
77E000
|
heap
|
page read and write
|
||
|
3FF6000
|
heap
|
page read and write
|
||
|
64C000
|
heap
|
page read and write
|
||
|
289C000
|
heap
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
1BC41159000
|
heap
|
page read and write
|
||
|
1150000
|
heap
|
page read and write
|
||
|
4F4000
|
unkown
|
page readonly
|
||
|
4331000
|
heap
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
1A40000
|
trusted library allocation
|
page read and write
|
||
|
4CDF000
|
stack
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
1294000
|
heap
|
page read and write
|
||
|
2895000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
1538000
|
heap
|
page read and write
|
||
|
2895000
|
heap
|
page read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
4610000
|
heap
|
page read and write
|
||
|
4294AFA000
|
stack
|
page read and write
|
||
|
4D7E000
|
stack
|
page read and write
|
||
|
4294CFE000
|
stack
|
page read and write
|
||
|
1BC41126000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
73D01000
|
unkown
|
page execute read
|
||
|
A2F000
|
stack
|
page read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
37B0000
|
trusted library allocation
|
page read and write
|
||
|
1BC4111A000
|
heap
|
page read and write
|
||
|
79A000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
1A40000
|
trusted library allocation
|
page read and write
|
||
|
2E81000
|
heap
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
1174000
|
heap
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
558000
|
unkown
|
page readonly
|
||
|
4331000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
34CC000
|
stack
|
page read and write
|
||
|
73A000
|
heap
|
page read and write
|
||
|
2897000
|
heap
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
33E7000
|
trusted library allocation
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
41F000
|
unkown
|
page read and write
|
||
|
2896000
|
heap
|
page read and write
|
||
|
10BC000
|
stack
|
page read and write
|
||
|
63C000
|
heap
|
page read and write
|
||
|
2899000
|
heap
|
page read and write
|
||
|
12C0000
|
heap
|
page read and write
|
||
|
2E99000
|
heap
|
page read and write
|
||
|
73D00000
|
unkown
|
page readonly
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
A3E000
|
stack
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
70E000
|
stack
|
page read and write
|
||
|
1BC41154000
|
heap
|
page read and write
|
||
|
C98000
|
unkown
|
page readonly
|
||
|
4331000
|
heap
|
page read and write
|
||
|
4038000
|
heap
|
page read and write
|
||
|
14DC000
|
heap
|
page read and write
|
||
|
289A000
|
heap
|
page read and write
|
||
|
1A40000
|
trusted library allocation
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
1BC4112F000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
1174000
|
heap
|
page read and write
|
||
|
289E000
|
heap
|
page read and write
|
||
|
2E8B000
|
heap
|
page read and write
|
||
|
37B0000
|
trusted library allocation
|
page read and write
|
||
|
9FE000
|
stack
|
page read and write
|
||
|
2E58000
|
heap
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
37B0000
|
trusted library allocation
|
page read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
7EE000
|
stack
|
page read and write
|
||
|
1BC41146000
|
heap
|
page read and write
|
||
|
3D35000
|
heap
|
page read and write
|
||
|
1BC4112F000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
2E99000
|
heap
|
page read and write
|
||
|
44EB000
|
trusted library allocation
|
page read and write
|
||
|
1310000
|
heap
|
page read and write
|
||
|
338F000
|
stack
|
page read and write
|
||
|
14FF000
|
heap
|
page read and write
|
||
|
545000
|
unkown
|
page readonly
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
1BC4111A000
|
heap
|
page read and write
|
||
|
64F000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
105C000
|
stack
|
page read and write
|
||
|
7FFB23B16000
|
unkown
|
page readonly
|
||
|
2891000
|
heap
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
2340000
|
heap
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
76A000
|
heap
|
page read and write
|
||
|
3F08000
|
heap
|
page read and write
|
||
|
545000
|
unkown
|
page readonly
|
||
|
3DF6000
|
heap
|
page read and write
|
||
|
1BC41152000
|
heap
|
page read and write
|
||
|
1BC41159000
|
heap
|
page read and write
|
||
|
3D30000
|
heap
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
68E000
|
stack
|
page read and write
|
||
|
4E70000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
3F30000
|
heap
|
page read and write
|
||
|
2E9E000
|
heap
|
page read and write
|
||
|
407A000
|
heap
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page write copy
|
||
|
76D000
|
heap
|
page read and write
|
||
|
497000
|
unkown
|
page read and write
|
||
|
2891000
|
heap
|
page read and write
|
||
|
3E7A000
|
heap
|
page read and write
|
||
|
7FFB23B00000
|
unkown
|
page readonly
|
||
|
2895000
|
heap
|
page read and write
|
||
|
59E000
|
stack
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
42950FE000
|
stack
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
2E81000
|
heap
|
page read and write
|
||
|
3414000
|
heap
|
page read and write
|
||
|
73D01000
|
unkown
|
page execute read
|
||
|
4331000
|
heap
|
page read and write
|
||
|
1BC41146000
|
heap
|
page read and write
|
||
|
2E81000
|
heap
|
page read and write
|
||
|
4038000
|
heap
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
632000
|
heap
|
page read and write
|
||
|
1BC41119000
|
heap
|
page read and write
|
||
|
328E000
|
stack
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
520000
|
unkown
|
page readonly
|
||
|
288F000
|
stack
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
3DF6000
|
heap
|
page read and write
|
||
|
1A3D000
|
heap
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
520000
|
unkown
|
page readonly
|
||
|
2898000
|
heap
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
4A0000
|
heap
|
page read and write
|
||
|
73D1D000
|
unkown
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
62E000
|
heap
|
page read and write
|
||
|
37B0000
|
trusted library allocation
|
page read and write
|
||
|
4294BFF000
|
stack
|
page read and write
|
||
|
3E38000
|
heap
|
page read and write
|
||
|
37B0000
|
trusted library allocation
|
page read and write
|
||
|
2E99000
|
heap
|
page read and write
|
||
|
64C000
|
heap
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
2898000
|
heap
|
page read and write
|
||
|
3F72000
|
heap
|
page read and write
|
||
|
3D72000
|
heap
|
page read and write
|
||
|
103D000
|
stack
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
4DBF000
|
stack
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
2E7B000
|
heap
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
2E6E000
|
heap
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
1BC41111000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1BC41126000
|
heap
|
page read and write
|
||
|
2E70000
|
heap
|
page read and write
|
||
|
1A40000
|
trusted library allocation
|
page read and write
|
||
|
289A000
|
heap
|
page read and write
|
||
|
1A40000
|
trusted library allocation
|
page read and write
|
||
|
490000
|
unkown
|
page readonly
|
||
|
1351000
|
heap
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
45AC000
|
trusted library allocation
|
page read and write
|
||
|
1A40000
|
trusted library allocation
|
page read and write
|
||
|
4F4000
|
unkown
|
page readonly
|
||
|
1BC4113D000
|
heap
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
3F30000
|
heap
|
page read and write
|
||
|
BD0000
|
unkown
|
page readonly
|
||
|
1BC41146000
|
heap
|
page read and write
|
||
|
1BC4113B000
|
heap
|
page read and write
|
||
|
516000
|
heap
|
page read and write
|
||
|
1536000
|
heap
|
page read and write
|
||
|
1BC413D0000
|
heap
|
page read and write
|
||
|
3FB4000
|
heap
|
page read and write
|
||
|
73D16000
|
unkown
|
page readonly
|
||
|
796000
|
heap
|
page read and write
|
||
|
BD1000
|
unkown
|
page execute read
|
||
|
2ADC000
|
stack
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
C60000
|
unkown
|
page readonly
|
||
|
76D000
|
heap
|
page read and write
|
||
|
73D16000
|
unkown
|
page readonly
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
1A40000
|
trusted library allocation
|
page read and write
|
||
|
2E40000
|
heap
|
page read and write
|
||
|
2E8B000
|
heap
|
page read and write
|
||
|
149B000
|
heap
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
43C000
|
stack
|
page read and write
|
||
|
73D00000
|
unkown
|
page readonly
|
||
|
1BC4110C000
|
heap
|
page read and write
|
||
|
1689000
|
heap
|
page read and write
|
||
|
2897000
|
heap
|
page read and write
|
||
|
1BC4112F000
|
heap
|
page read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
2895000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
2E9E000
|
heap
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
2E8B000
|
heap
|
page read and write
|
||
|
1BC4113D000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
76D000
|
heap
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
15AF000
|
heap
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
64C000
|
heap
|
page read and write
|
||
|
74F000
|
stack
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
13DA000
|
heap
|
page read and write
|
||
|
12A0000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
796000
|
heap
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
1BC41149000
|
heap
|
page read and write
|
||
|
3FB4000
|
heap
|
page read and write
|
||
|
1332000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
1A40000
|
trusted library allocation
|
page read and write
|
||
|
1BC41148000
|
heap
|
page read and write
|
||
|
1BC41159000
|
heap
|
page read and write
|
||
|
1BC41146000
|
heap
|
page read and write
|
||
|
1BC4113C000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
3F2A000
|
heap
|
page read and write
|
||
|
335E000
|
stack
|
page read and write
|
||
|
2891000
|
heap
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
73D1F000
|
unkown
|
page readonly
|
||
|
1BC41156000
|
heap
|
page read and write
|
||
|
3EC6000
|
heap
|
page read and write
|
||
|
1BC4114D000
|
heap
|
page read and write
|
||
|
73D1D000
|
unkown
|
page read and write
|
||
|
3DB4000
|
heap
|
page read and write
|
||
|
1940000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
108F000
|
stack
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
7FFB23B22000
|
unkown
|
page readonly
|
||
|
76D000
|
heap
|
page read and write
|
||
|
2E50000
|
heap
|
page read and write
|
||
|
1351000
|
heap
|
page read and write
|
||
|
4331000
|
heap
|
page read and write
|
||
|
2894000
|
heap
|
page read and write
|
||
|
2890000
|
heap
|
page read and write
|
||
|
3EBC000
|
heap
|
page read and write
|
||
|
65E000
|
heap
|
page read and write
|
||
|
278E000
|
stack
|
page read and write
|
||
|
409E000
|
heap
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
42952FF000
|
stack
|
page read and write
|
||
|
141B000
|
heap
|
page read and write
|
||
|
1BC4112F000
|
heap
|
page read and write
|
||
|
3D30000
|
heap
|
page read and write
|
||
|
453F000
|
stack
|
page read and write
|
||
|
1341000
|
heap
|
page read and write
|
||
|
2E81000
|
heap
|
page read and write
|
||
|
1A40000
|
trusted library allocation
|
page read and write
|
||
|
407A000
|
heap
|
page read and write
|
||
|
33CC000
|
stack
|
page read and write
|
||
|
2899000
|
heap
|
page read and write
|
||
|
2E73000
|
heap
|
page read and write
|
||
|
C60000
|
unkown
|
page readonly
|
||
|
C8F000
|
unkown
|
page read and write
|
||
|
289C000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
796000
|
heap
|
page read and write
|
||
|
82F000
|
stack
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
C85000
|
unkown
|
page readonly
|
||
|
491000
|
unkown
|
page execute read
|
||
|
289F000
|
heap
|
page read and write
|
||
|
3EFE000
|
heap
|
page read and write
|
There are 641 hidden memdumps, click here to show them.