Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\Microsoft.NET\RedistList\WmiPrvSE.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Windows Media Player\Network Sharing\bdoMPjmZJHMIJMdqEctkzcHPTiy.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\MSBuild\bdoMPjmZJHMIJMdqEctkzcHPTiy.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Windows Defender Advanced Threat Protection\services.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Windows Sidebar\WmiPrvSE.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Recovery\WmiPrvSE.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Recovery\bdoMPjmZJHMIJMdqEctkzcHPTiy.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Downloads\explorer.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\vEbYiTsQ2u.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\wscript.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\jones\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\bdoMPjmZJHMIJMdqEctkzcHPTiy.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\ELAMBKUP\StartMenuExperienceHost.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\reviewDriverIntosessionnet\V50gFn.vbe
|
data
|
dropped
|
|
|
|
C:\reviewDriverIntosessionnet\bdoMPjmZJHMIJMdqEctkzcHPTiy.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\reviewDriverIntosessionnet\comProviderServer.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\reviewDriverIntosessionnet\spoolsv.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft.NET\RedistList\24dbde2999530e
|
ASCII text, with very long lines (785), with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Windows Media Player\Network Sharing\48b6e448d1d68f
|
ASCII text, with very long lines (849), with no line terminators
|
dropped
|
||
|
C:\Program Files\MSBuild\48b6e448d1d68f
|
ASCII text, with very long lines (468), with no line terminators
|
dropped
|
||
|
C:\Program Files\Windows Defender Advanced Threat Protection\c5b4cb5e9653cc
|
ASCII text, with very long lines (782), with no line terminators
|
dropped
|
||
|
C:\Program Files\Windows Sidebar\24dbde2999530e
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Recovery\24dbde2999530e
|
ASCII text, with very long lines (831), with no line terminators
|
dropped
|
||
|
C:\Recovery\48b6e448d1d68f
|
ASCII text, with very long lines (786), with no line terminators
|
dropped
|
||
|
C:\Users\Public\Downloads\7a0fd90576e088
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\817c8c8ec737a7
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\comProviderServer.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\uw0cV3nz2C
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\jones\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\48b6e448d1d68f
|
ASCII text, with very long lines (338), with no line terminators
|
dropped
|
||
|
C:\Windows\ELAMBKUP\55b276f4edf653
|
ASCII text, with very long lines (470), with no line terminators
|
dropped
|
||
|
C:\reviewDriverIntosessionnet\48b6e448d1d68f
|
ASCII text, with very long lines (693), with no line terminators
|
dropped
|
||
|
C:\reviewDriverIntosessionnet\NRWB62aUrGQ.bat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\reviewDriverIntosessionnet\f3b6ecef712a24
|
ASCII text, with very long lines (307), with no line terminators
|
dropped
|
||
|
C:\reviewDriverIntosessionnet\file.vbs
|
ASCII text, with no line terminators
|
dropped
|
There are 24 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Windows\SysWOW64\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\reviewDriverIntosessionnet\V50gFn.vbe"
|
|
|
|
C:\Windows\SysWOW64\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\reviewDriverIntosessionnet\file.vbs"
|
|
|
|
C:\reviewDriverIntosessionnet\comProviderServer.exe
|
"C:\reviewDriverIntosessionnet\comProviderServer.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "servicess" /sc MINUTE /mo 8 /tr "'C:\Program Files\Windows Defender Advanced Threat Protection\services.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\Program Files\Windows Defender Advanced Threat Protection\services.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "servicess" /sc MINUTE /mo 9 /tr "'C:\Program Files\Windows Defender Advanced Threat Protection\services.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 6 /tr "'C:\Recovery\WmiPrvSE.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\Recovery\WmiPrvSE.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 11 /tr "'C:\Recovery\WmiPrvSE.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 12 /tr "'C:\Program Files\Windows Sidebar\WmiPrvSE.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\Program Files\Windows Sidebar\WmiPrvSE.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 5 /tr "'C:\Program Files\Windows Sidebar\WmiPrvSE.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "explorere" /sc MINUTE /mo 6 /tr "'C:\Users\Public\Downloads\explorer.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "explorer" /sc ONLOGON /tr "'C:\Users\Public\Downloads\explorer.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "explorere" /sc MINUTE /mo 5 /tr "'C:\Users\Public\Downloads\explorer.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "bdoMPjmZJHMIJMdqEctkzcHPTiyb" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\windows media player\Network
Sharing\bdoMPjmZJHMIJMdqEctkzcHPTiy.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "bdoMPjmZJHMIJMdqEctkzcHPTiy" /sc ONLOGON /tr "'C:\Program Files (x86)\windows media player\Network
Sharing\bdoMPjmZJHMIJMdqEctkzcHPTiy.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "bdoMPjmZJHMIJMdqEctkzcHPTiyb" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\windows media player\Network
Sharing\bdoMPjmZJHMIJMdqEctkzcHPTiy.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 12 /tr "'C:\reviewDriverIntosessionnet\spoolsv.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "spoolsv" /sc ONLOGON /tr "'C:\reviewDriverIntosessionnet\spoolsv.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 14 /tr "'C:\reviewDriverIntosessionnet\spoolsv.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "bdoMPjmZJHMIJMdqEctkzcHPTiyb" /sc MINUTE /mo 12 /tr "'C:\Users\jones\Recent\CustomDestinations\bdoMPjmZJHMIJMdqEctkzcHPTiy.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "bdoMPjmZJHMIJMdqEctkzcHPTiy" /sc ONLOGON /tr "'C:\Users\jones\Recent\CustomDestinations\bdoMPjmZJHMIJMdqEctkzcHPTiy.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "bdoMPjmZJHMIJMdqEctkzcHPTiyb" /sc MINUTE /mo 5 /tr "'C:\Users\jones\Recent\CustomDestinations\bdoMPjmZJHMIJMdqEctkzcHPTiy.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\microsoft.net\RedistList\WmiPrvSE.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft.net\RedistList\WmiPrvSE.exe'" /rl HIGHEST
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\microsoft.net\RedistList\WmiPrvSE.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "bdoMPjmZJHMIJMdqEctkzcHPTiyb" /sc MINUTE /mo 14 /tr "'C:\Program Files\MSBuild\bdoMPjmZJHMIJMdqEctkzcHPTiy.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "bdoMPjmZJHMIJMdqEctkzcHPTiy" /sc ONLOGON /tr "'C:\Program Files\MSBuild\bdoMPjmZJHMIJMdqEctkzcHPTiy.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "bdoMPjmZJHMIJMdqEctkzcHPTiyb" /sc MINUTE /mo 11 /tr "'C:\Program Files\MSBuild\bdoMPjmZJHMIJMdqEctkzcHPTiy.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "bdoMPjmZJHMIJMdqEctkzcHPTiyb" /sc MINUTE /mo 14 /tr "'C:\reviewDriverIntosessionnet\bdoMPjmZJHMIJMdqEctkzcHPTiy.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "bdoMPjmZJHMIJMdqEctkzcHPTiy" /sc ONLOGON /tr "'C:\reviewDriverIntosessionnet\bdoMPjmZJHMIJMdqEctkzcHPTiy.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "bdoMPjmZJHMIJMdqEctkzcHPTiyb" /sc MINUTE /mo 5 /tr "'C:\reviewDriverIntosessionnet\bdoMPjmZJHMIJMdqEctkzcHPTiy.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\reviewDriverIntosessionnet\NRWB62aUrGQ.bat" "
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 26 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://nezik.ru.swtest.ru/@=ETYmFWY1UWO
|
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\SOFTWARE\470cc920af96303ac874126d5f4451d284488d74
|
1a6064106982c83165f066efeae374cada0f90ee
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\cmd.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\cmd.exe.ApplicationCompany
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2C81000
|
trusted library allocation
|
page read and write
|
|
|
|
2E15000
|
trusted library allocation
|
page read and write
|
|
|
|
12C8F000
|
trusted library allocation
|
page read and write
|
|
|
|
1BD31000
|
heap
|
page read and write
|
||
|
1BDFC000
|
heap
|
page read and write
|
||
|
3047000
|
heap
|
page read and write
|
||
|
3163000
|
heap
|
page read and write
|
||
|
73C8F000
|
unkown
|
page readonly
|
||
|
7FFAAC2D3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC3B6000
|
trusted library allocation
|
page execute and read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
3027000
|
heap
|
page read and write
|
||
|
3130000
|
heap
|
page read and write
|
||
|
2E2E000
|
trusted library allocation
|
page read and write
|
||
|
2C50000
|
trusted library section
|
page read and write
|
||
|
7FFAAC2E3000
|
trusted library allocation
|
page read and write
|
||
|
315F000
|
heap
|
page read and write
|
||
|
31BC000
|
heap
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
1BE85000
|
heap
|
page read and write
|
||
|
5090000
|
heap
|
page read and write
|
||
|
314F000
|
heap
|
page read and write
|
||
|
C3B000
|
stack
|
page read and write
|
||
|
137E000
|
stack
|
page read and write
|
||
|
7FFAAC54B000
|
trusted library allocation
|
page read and write
|
||
|
11AE000
|
stack
|
page read and write
|
||
|
7FFAAC47C000
|
trusted library allocation
|
page read and write
|
||
|
EBE000
|
stack
|
page read and write
|
||
|
2FE8000
|
heap
|
page read and write
|
||
|
4BF0000
|
heap
|
page read and write
|
||
|
7358000
|
heap
|
page read and write
|
||
|
3104000
|
heap
|
page read and write
|
||
|
7FFAAC5D0000
|
trusted library allocation
|
page read and write
|
||
|
3081000
|
heap
|
page read and write
|
||
|
7351000
|
heap
|
page read and write
|
||
|
3000000
|
heap
|
page read and write
|
||
|
BBE000
|
unkown
|
page read and write
|
||
|
516F000
|
stack
|
page read and write
|
||
|
12C81000
|
trusted library allocation
|
page read and write
|
||
|
31B5000
|
heap
|
page read and write
|
||
|
301F000
|
heap
|
page read and write
|
||
|
31B5000
|
heap
|
page read and write
|
||
|
2E44000
|
trusted library allocation
|
page read and write
|
||
|
31B3000
|
heap
|
page read and write
|
||
|
31DF000
|
stack
|
page read and write
|
||
|
7FFAAC49B000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC493000
|
trusted library allocation
|
page read and write
|
||
|
1BF14000
|
heap
|
page read and write
|
||
|
1BD60000
|
trusted library section
|
page read and write
|
||
|
3030000
|
heap
|
page read and write
|
||
|
1B20C000
|
stack
|
page read and write
|
||
|
10A4000
|
heap
|
page read and write
|
||
|
31B5000
|
heap
|
page read and write
|
||
|
7FFAAC2D2000
|
trusted library allocation
|
page read and write
|
||
|
311F000
|
heap
|
page read and write
|
||
|
305E000
|
stack
|
page read and write
|
||
|
B81000
|
unkown
|
page execute read
|
||
|
7FFAAC2F4000
|
trusted library allocation
|
page read and write
|
||
|
1B94E000
|
stack
|
page read and write
|
||
|
51AE000
|
stack
|
page read and write
|
||
|
3131000
|
heap
|
page read and write
|
||
|
53FF000
|
stack
|
page read and write
|
||
|
1BCE5000
|
heap
|
page read and write
|
||
|
6B90000
|
heap
|
page read and write
|
||
|
7FFAAC55D000
|
trusted library allocation
|
page read and write
|
||
|
11D0000
|
trusted library allocation
|
page read and write
|
||
|
2E9D000
|
trusted library allocation
|
page read and write
|
||
|
EC6000
|
heap
|
page read and write
|
||
|
7FFB16790000
|
unkown
|
page readonly
|
||
|
722000
|
unkown
|
page readonly
|
||
|
4BB0000
|
heap
|
page read and write
|
||
|
1080000
|
trusted library allocation
|
page read and write
|
||
|
B19000
|
stack
|
page read and write
|
||
|
7FFAAC5EC000
|
trusted library allocation
|
page read and write
|
||
|
302A000
|
heap
|
page read and write
|
||
|
7FFB167B0000
|
unkown
|
page read and write
|
||
|
3158000
|
heap
|
page read and write
|
||
|
3170000
|
heap
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
3007000
|
heap
|
page read and write
|
||
|
1B740000
|
heap
|
page read and write
|
||
|
30F8000
|
heap
|
page read and write
|
||
|
2EB8000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC2DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
3042000
|
heap
|
page read and write
|
||
|
766C000
|
stack
|
page read and write
|
||
|
2EAC000
|
trusted library allocation
|
page read and write
|
||
|
513A000
|
trusted library allocation
|
page read and write
|
||
|
3170000
|
heap
|
page read and write
|
||
|
1BF06000
|
heap
|
page read and write
|
||
|
7FFAAC510000
|
trusted library allocation
|
page read and write
|
||
|
2C70000
|
heap
|
page read and write
|
||
|
1C7EB000
|
heap
|
page read and write
|
||
|
13B71000
|
trusted library allocation
|
page read and write
|
||
|
1BD70000
|
trusted library section
|
page read and write
|
||
|
7FFAAC4CD000
|
trusted library allocation
|
page read and write
|
||
|
6A40000
|
heap
|
page read and write
|
||
|
3023000
|
heap
|
page read and write
|
||
|
1BCF1000
|
heap
|
page read and write
|
||
|
14571000
|
trusted library allocation
|
page read and write
|
||
|
31B5000
|
heap
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
7FFAAC5E9000
|
trusted library allocation
|
page read and write
|
||
|
2EB6000
|
trusted library allocation
|
page read and write
|
||
|
AF6000
|
stack
|
page read and write
|
||
|
3180000
|
heap
|
page read and write
|
||
|
3001000
|
heap
|
page read and write
|
||
|
7FFAAC600000
|
trusted library allocation
|
page read and write
|
||
|
303C000
|
heap
|
page read and write
|
||
|
315F000
|
heap
|
page read and write
|
||
|
3007000
|
heap
|
page read and write
|
||
|
13B0D000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC610000
|
trusted library allocation
|
page read and write
|
||
|
E92000
|
heap
|
page read and write
|
||
|
35CE000
|
heap
|
page read and write
|
||
|
306A000
|
heap
|
page read and write
|
||
|
7FFAAC32C000
|
trusted library allocation
|
page execute and read and write
|
||
|
73C71000
|
unkown
|
page execute read
|
||
|
2DA3000
|
trusted library allocation
|
page read and write
|
||
|
2C40000
|
heap
|
page execute and read and write
|
||
|
7FFAAC4E1000
|
trusted library allocation
|
page read and write
|
||
|
1BC65000
|
heap
|
page read and write
|
||
|
302D000
|
heap
|
page read and write
|
||
|
1BDCD000
|
heap
|
page read and write
|
||
|
3151000
|
heap
|
page read and write
|
||
|
B80000
|
unkown
|
page readonly
|
||
|
2E3C000
|
trusted library allocation
|
page read and write
|
||
|
AEC000
|
stack
|
page read and write
|
||
|
126F000
|
stack
|
page read and write
|
||
|
2EBA000
|
trusted library allocation
|
page read and write
|
||
|
569E000
|
stack
|
page read and write
|
||
|
3031000
|
heap
|
page read and write
|
||
|
3047000
|
heap
|
page read and write
|
||
|
3131000
|
heap
|
page read and write
|
||
|
302C000
|
heap
|
page read and write
|
||
|
545E000
|
stack
|
page read and write
|
||
|
3034000
|
heap
|
page read and write
|
||
|
7FFB167B2000
|
unkown
|
page readonly
|
||
|
31BC000
|
heap
|
page read and write
|
||
|
4F5E000
|
stack
|
page read and write
|
||
|
7FFAAC620000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC540000
|
trusted library allocation
|
page read and write
|
||
|
1060000
|
trusted library allocation
|
page read and write
|
||
|
1C7C3000
|
heap
|
page read and write
|
||
|
3039000
|
heap
|
page read and write
|
||
|
2E42000
|
trusted library allocation
|
page read and write
|
||
|
1B00C000
|
heap
|
page read and write
|
||
|
2E36000
|
trusted library allocation
|
page read and write
|
||
|
EC7000
|
heap
|
page read and write
|
||
|
35C0000
|
heap
|
page read and write
|
||
|
3163000
|
heap
|
page read and write
|
||
|
1BE9C000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
3025000
|
heap
|
page read and write
|
||
|
7FFAAC5E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC470000
|
trusted library allocation
|
page read and write
|
||
|
3122000
|
heap
|
page read and write
|
||
|
756F000
|
stack
|
page read and write
|
||
|
2E99000
|
trusted library allocation
|
page read and write
|
||
|
3022000
|
heap
|
page read and write
|
||
|
B89000
|
stack
|
page read and write
|
||
|
3147000
|
heap
|
page read and write
|
||
|
1BD2C000
|
heap
|
page read and write
|
||
|
2DC5000
|
trusted library allocation
|
page read and write
|
||
|
3145000
|
heap
|
page read and write
|
||
|
2E9F000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC5B8000
|
trusted library allocation
|
page read and write
|
||
|
73C71000
|
unkown
|
page execute read
|
||
|
3195000
|
heap
|
page read and write
|
||
|
304D000
|
heap
|
page read and write
|
||
|
555E000
|
stack
|
page read and write
|
||
|
7FFAAC390000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BC50000
|
heap
|
page read and write
|
||
|
2E9B000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC480000
|
trusted library allocation
|
page read and write
|
||
|
31B5000
|
heap
|
page read and write
|
||
|
3062000
|
heap
|
page read and write
|
||
|
52B0000
|
heap
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
6A50000
|
trusted library allocation
|
page read and write
|
||
|
3081000
|
heap
|
page read and write
|
||
|
BB3000
|
unkown
|
page readonly
|
||
|
344B000
|
heap
|
page read and write
|
||
|
7FFAAC500000
|
trusted library allocation
|
page read and write
|
||
|
3026000
|
trusted library allocation
|
page read and write
|
||
|
3051000
|
heap
|
page read and write
|
||
|
3131000
|
heap
|
page read and write
|
||
|
104F000
|
stack
|
page read and write
|
||
|
1BC9E000
|
heap
|
page read and write
|
||
|
1CDAE000
|
stack
|
page read and write
|
||
|
303F000
|
heap
|
page read and write
|
||
|
1BE3C000
|
heap
|
page read and write
|
||
|
12C8D000
|
trusted library allocation
|
page read and write
|
||
|
B06000
|
stack
|
page read and write
|
||
|
B80000
|
unkown
|
page readonly
|
||
|
7350000
|
heap
|
page read and write
|
||
|
6A41000
|
heap
|
page read and write
|
||
|
3023000
|
heap
|
page read and write
|
||
|
7FFAAC4A0000
|
trusted library allocation
|
page read and write
|
||
|
73C8D000
|
unkown
|
page read and write
|
||
|
2E10000
|
heap
|
page read and write
|
||
|
7FFAAC3F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7250000
|
heap
|
page read and write
|
||
|
35C7000
|
heap
|
page read and write
|
||
|
559E000
|
stack
|
page read and write
|
||
|
304D000
|
heap
|
page read and write
|
||
|
332E000
|
stack
|
page read and write
|
||
|
315C000
|
heap
|
page read and write
|
||
|
332F000
|
stack
|
page read and write
|
||
|
3081000
|
heap
|
page read and write
|
||
|
1BEE9000
|
heap
|
page read and write
|
||
|
E90000
|
heap
|
page read and write
|
||
|
3031000
|
heap
|
page read and write
|
||
|
1BC61000
|
heap
|
page read and write
|
||
|
1BF03000
|
heap
|
page read and write
|
||
|
31B3000
|
heap
|
page read and write
|
||
|
6A47000
|
heap
|
page read and write
|
||
|
2EEC000
|
trusted library allocation
|
page read and write
|
||
|
3161000
|
heap
|
page read and write
|
||
|
1BDF4000
|
heap
|
page read and write
|
||
|
303D000
|
heap
|
page read and write
|
||
|
3440000
|
heap
|
page read and write
|
||
|
303A000
|
heap
|
page read and write
|
||
|
3132000
|
heap
|
page read and write
|
||
|
3118000
|
heap
|
page read and write
|
||
|
2E4C000
|
trusted library allocation
|
page read and write
|
||
|
7FFB167A6000
|
unkown
|
page readonly
|
||
|
5410000
|
heap
|
page read and write
|
||
|
1B64F000
|
stack
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
E65000
|
heap
|
page read and write
|
||
|
3040000
|
heap
|
page read and write
|
||
|
B22000
|
stack
|
page read and write
|
||
|
7FFAAC47A000
|
trusted library allocation
|
page read and write
|
||
|
73C8D000
|
unkown
|
page read and write
|
||
|
2EC0000
|
trusted library allocation
|
page read and write
|
||
|
554E000
|
stack
|
page read and write
|
||
|
309E000
|
stack
|
page read and write
|
||
|
2EAE000
|
trusted library allocation
|
page read and write
|
||
|
3127000
|
heap
|
page read and write
|
||
|
2E32000
|
trusted library allocation
|
page read and write
|
||
|
3151000
|
heap
|
page read and write
|
||
|
3081000
|
heap
|
page read and write
|
||
|
13B00000
|
trusted library allocation
|
page read and write
|
||
|
2E3A000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC4D0000
|
trusted library allocation
|
page read and write
|
||
|
32EE000
|
stack
|
page read and write
|
||
|
3038000
|
heap
|
page read and write
|
||
|
7FFAAC530000
|
trusted library allocation
|
page read and write
|
||
|
506E000
|
stack
|
page read and write
|
||
|
2EAA000
|
trusted library allocation
|
page read and write
|
||
|
1C815000
|
heap
|
page read and write
|
||
|
505F000
|
stack
|
page read and write
|
||
|
5270000
|
trusted library allocation
|
page read and write
|
||
|
1BF32000
|
heap
|
page read and write
|
||
|
1B84F000
|
stack
|
page read and write
|
||
|
7FFAAC2ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
3024000
|
heap
|
page read and write
|
||
|
7FFAAC4C0000
|
trusted library allocation
|
page read and write
|
||
|
1BB44000
|
stack
|
page read and write
|
||
|
1BF42000
|
heap
|
page read and write
|
||
|
1BC53000
|
heap
|
page read and write
|
||
|
2EBC000
|
trusted library allocation
|
page read and write
|
||
|
B17000
|
stack
|
page read and write
|
||
|
1BE6C000
|
heap
|
page read and write
|
||
|
2F9D000
|
trusted library allocation
|
page read and write
|
||
|
1BD35000
|
heap
|
page read and write
|
||
|
2DFB000
|
trusted library allocation
|
page read and write
|
||
|
3006000
|
heap
|
page read and write
|
||
|
2EA1000
|
trusted library allocation
|
page read and write
|
||
|
1C1FE000
|
stack
|
page read and write
|
||
|
304E000
|
heap
|
page read and write
|
||
|
7FFAAC2F0000
|
trusted library allocation
|
page read and write
|
||
|
3049000
|
heap
|
page read and write
|
||
|
3045000
|
heap
|
page read and write
|
||
|
31B2000
|
heap
|
page read and write
|
||
|
7FFAAC380000
|
trusted library allocation
|
page read and write
|
||
|
EBC000
|
heap
|
page read and write
|
||
|
1C7EF000
|
heap
|
page read and write
|
||
|
12C88000
|
trusted library allocation
|
page read and write
|
||
|
3029000
|
heap
|
page read and write
|
||
|
1BED2000
|
heap
|
page read and write
|
||
|
319D000
|
heap
|
page read and write
|
||
|
3062000
|
heap
|
page read and write
|
||
|
52FE000
|
stack
|
page read and write
|
||
|
7FFAAC520000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC4B0000
|
trusted library allocation
|
page read and write
|
||
|
EFA000
|
stack
|
page read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
303F000
|
heap
|
page read and write
|
||
|
7355000
|
heap
|
page read and write
|
||
|
30F0000
|
heap
|
page read and write
|
||
|
306A000
|
heap
|
page read and write
|
||
|
2E30000
|
trusted library allocation
|
page read and write
|
||
|
2E50000
|
trusted library allocation
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
B00000
|
stack
|
page read and write
|
||
|
1C7B0000
|
heap
|
page read and write
|
||
|
2E60000
|
trusted library allocation
|
page read and write
|
||
|
3029000
|
heap
|
page read and write
|
||
|
303C000
|
heap
|
page read and write
|
||
|
138A8000
|
trusted library allocation
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
3138000
|
heap
|
page read and write
|
||
|
1BD80000
|
trusted library section
|
page read and write
|
||
|
2EB4000
|
trusted library allocation
|
page read and write
|
||
|
2FD1000
|
trusted library allocation
|
page read and write
|
||
|
2EA4000
|
trusted library allocation
|
page read and write
|
||
|
CF6000
|
stack
|
page read and write
|
||
|
1ACB0000
|
trusted library allocation
|
page read and write
|
||
|
3066000
|
trusted library allocation
|
page read and write
|
||
|
3163000
|
heap
|
page read and write
|
||
|
31BC000
|
heap
|
page read and write
|
||
|
F3E000
|
stack
|
page read and write
|
||
|
3100000
|
heap
|
page read and write
|
||
|
2EB2000
|
trusted library allocation
|
page read and write
|
||
|
EE8000
|
heap
|
page read and write
|
||
|
342F000
|
stack
|
page read and write
|
||
|
BE2000
|
unkown
|
page readonly
|
||
|
1BF1B000
|
heap
|
page read and write
|
||
|
73C70000
|
unkown
|
page readonly
|
||
|
3163000
|
heap
|
page read and write
|
||
|
1BCDA000
|
heap
|
page read and write
|
||
|
3447000
|
heap
|
page read and write
|
||
|
5150000
|
heap
|
page read and write
|
||
|
1CEAF000
|
stack
|
page read and write
|
||
|
1BC98000
|
heap
|
page read and write
|
||
|
2FBE000
|
stack
|
page read and write
|
||
|
3158000
|
heap
|
page read and write
|
||
|
2E38000
|
trusted library allocation
|
page read and write
|
||
|
BB3000
|
unkown
|
page readonly
|
||
|
1270000
|
heap
|
page read and write
|
||
|
7FFAAC5C0000
|
trusted library allocation
|
page read and write
|
||
|
31B5000
|
heap
|
page read and write
|
||
|
2E4E000
|
trusted library allocation
|
page read and write
|
||
|
3148000
|
heap
|
page read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
3121000
|
heap
|
page read and write
|
||
|
3188000
|
heap
|
page read and write
|
||
|
306A000
|
heap
|
page read and write
|
||
|
3062000
|
heap
|
page read and write
|
||
|
1368F000
|
trusted library allocation
|
page read and write
|
||
|
3182000
|
heap
|
page read and write
|
||
|
EFA000
|
heap
|
page read and write
|
||
|
EF0000
|
heap
|
page read and write
|
||
|
301E000
|
heap
|
page read and write
|
||
|
30D4000
|
heap
|
page read and write
|
||
|
3038000
|
heap
|
page read and write
|
||
|
2EB0000
|
trusted library allocation
|
page read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
1BE93000
|
heap
|
page read and write
|
||
|
31BC000
|
heap
|
page read and write
|
||
|
5260000
|
heap
|
page read and write
|
||
|
30B2000
|
trusted library allocation
|
page read and write
|
||
|
31BC000
|
heap
|
page read and write
|
||
|
7FFAAC473000
|
trusted library allocation
|
page read and write
|
||
|
31B3000
|
heap
|
page read and write
|
||
|
BC4000
|
unkown
|
page read and write
|
||
|
3158000
|
heap
|
page read and write
|
||
|
342E000
|
stack
|
page read and write
|
||
|
2E4A000
|
trusted library allocation
|
page read and write
|
||
|
1B670000
|
trusted library section
|
page read and write
|
||
|
7FFAAC386000
|
trusted library allocation
|
page read and write
|
||
|
35CA000
|
heap
|
page read and write
|
||
|
3031000
|
heap
|
page read and write
|
||
|
10A0000
|
heap
|
page read and write
|
||
|
1BE7D000
|
heap
|
page read and write
|
||
|
1BE52000
|
heap
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
7FFAAC4F0000
|
trusted library allocation
|
page read and write
|
||
|
3022000
|
heap
|
page read and write
|
||
|
3022000
|
heap
|
page read and write
|
||
|
31BC000
|
heap
|
page read and write
|
||
|
1BC4D000
|
stack
|
page read and write
|
||
|
B13000
|
stack
|
page read and write
|
||
|
2EE6000
|
trusted library allocation
|
page read and write
|
||
|
2E24000
|
trusted library allocation
|
page read and write
|
||
|
4A7F000
|
stack
|
page read and write
|
||
|
5A8C000
|
stack
|
page read and write
|
||
|
303D000
|
heap
|
page read and write
|
||
|
BE3000
|
unkown
|
page readonly
|
||
|
7FFB167B5000
|
unkown
|
page readonly
|
||
|
7FFAAC2EC000
|
trusted library allocation
|
page read and write
|
||
|
1BC8F000
|
heap
|
page read and write
|
||
|
2F55000
|
heap
|
page read and write
|
||
|
3039000
|
heap
|
page read and write
|
||
|
BBE000
|
unkown
|
page write copy
|
||
|
7FFAAC2D0000
|
trusted library allocation
|
page read and write
|
||
|
52AF000
|
stack
|
page read and write
|
||
|
315E000
|
heap
|
page read and write
|
||
|
2EE2000
|
trusted library allocation
|
page read and write
|
||
|
584E000
|
stack
|
page read and write
|
||
|
7FFB16791000
|
unkown
|
page execute read
|
||
|
744E000
|
stack
|
page read and write
|
||
|
2F3D000
|
stack
|
page read and write
|
||
|
52C0000
|
heap
|
page read and write
|
||
|
BE2000
|
unkown
|
page write copy
|
||
|
1BE59000
|
heap
|
page read and write
|
||
|
B81000
|
unkown
|
page execute read
|
||
|
598B000
|
stack
|
page read and write
|
||
|
1BD41000
|
heap
|
page read and write
|
||
|
3029000
|
heap
|
page read and write
|
||
|
1BEF7000
|
heap
|
page read and write
|
||
|
7FFAAC38C000
|
trusted library allocation
|
page execute and read and write
|
||
|
5121000
|
trusted library allocation
|
page read and write
|
||
|
3007000
|
heap
|
page read and write
|
||
|
1C7C5000
|
heap
|
page read and write
|
||
|
564E000
|
stack
|
page read and write
|
||
|
564F000
|
stack
|
page read and write
|
||
|
2EE4000
|
trusted library allocation
|
page read and write
|
||
|
2E40000
|
trusted library allocation
|
page read and write
|
||
|
E5D000
|
heap
|
page read and write
|
||
|
73C8F000
|
unkown
|
page readonly
|
||
|
1C811000
|
heap
|
page read and write
|
||
|
1BDE0000
|
heap
|
page read and write
|
||
|
302D000
|
heap
|
page read and write
|
||
|
7FFAAC630000
|
trusted library allocation
|
page read and write
|
||
|
BE1000
|
unkown
|
page read and write
|
||
|
1C7FD000
|
heap
|
page read and write
|
||
|
570B000
|
stack
|
page read and write
|
||
|
3025000
|
heap
|
page read and write
|
||
|
303D000
|
heap
|
page read and write
|
||
|
31B5000
|
heap
|
page read and write
|
||
|
2E46000
|
trusted library allocation
|
page read and write
|
||
|
2EE0000
|
trusted library allocation
|
page read and write
|
||
|
1BCF6000
|
heap
|
page read and write
|
||
|
3043000
|
heap
|
page read and write
|
||
|
1274000
|
heap
|
page read and write
|
||
|
7FFAAC5F0000
|
trusted library allocation
|
page read and write
|
||
|
1BA43000
|
stack
|
page read and write
|
||
|
11C0000
|
heap
|
page execute and read and write
|
||
|
A26000
|
stack
|
page read and write
|
||
|
1BDC0000
|
heap
|
page read and write
|
||
|
51AE000
|
stack
|
page read and write
|
||
|
3022000
|
heap
|
page read and write
|
||
|
2F0D000
|
trusted library allocation
|
page read and write
|
||
|
2E96000
|
trusted library allocation
|
page read and write
|
||
|
2E48000
|
trusted library allocation
|
page read and write
|
||
|
1BEA7000
|
heap
|
page read and write
|
||
|
3000000
|
heap
|
page read and write
|
||
|
57C0000
|
heap
|
page read and write
|
||
|
E73000
|
heap
|
page read and write
|
||
|
2EF0000
|
heap
|
page readonly
|
||
|
568D000
|
stack
|
page read and write
|
||
|
1BE61000
|
heap
|
page read and write
|
||
|
7FFAAC2FB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E34000
|
trusted library allocation
|
page read and write
|
||
|
315B000
|
heap
|
page read and write
|
||
|
720000
|
unkown
|
page readonly
|
||
|
7FF4D20C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
30D0000
|
heap
|
page read and write
|
||
|
56CE000
|
stack
|
page read and write
|
||
|
EBE000
|
heap
|
page read and write
|
||
|
73C86000
|
unkown
|
page readonly
|
||
|
73C86000
|
unkown
|
page readonly
|
||
|
311B000
|
heap
|
page read and write
|
||
|
52AF000
|
stack
|
page read and write
|
||
|
594F000
|
stack
|
page read and write
|
||
|
2EA6000
|
trusted library allocation
|
page read and write
|
||
|
3175000
|
heap
|
page read and write
|
||
|
1BD50000
|
trusted library section
|
page read and write
|
||
|
B29000
|
stack
|
page read and write
|
||
|
3179000
|
heap
|
page read and write
|
||
|
2EBE000
|
trusted library allocation
|
page read and write
|
||
|
31BC000
|
heap
|
page read and write
|
||
|
F3E000
|
stack
|
page read and write
|
||
|
1BDF6000
|
heap
|
page read and write
|
||
|
303D000
|
heap
|
page read and write
|
||
|
3128000
|
heap
|
page read and write
|
||
|
720000
|
unkown
|
page readonly
|
||
|
31B5000
|
heap
|
page read and write
|
||
|
1BE0D000
|
heap
|
page read and write
|
||
|
1B6F0000
|
trusted library section
|
page read and write
|
||
|
D3B000
|
stack
|
page read and write
|
||
|
2E3E000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC2D4000
|
trusted library allocation
|
page read and write
|
||
|
1B650000
|
trusted library section
|
page read and write
|
||
|
1C805000
|
heap
|
page read and write
|
||
|
3012000
|
heap
|
page read and write
|
||
|
1BD1E000
|
heap
|
page read and write
|
||
|
315B000
|
heap
|
page read and write
|
||
|
1BD07000
|
heap
|
page read and write
|
||
|
31BC000
|
heap
|
page read and write
|
||
|
3062000
|
heap
|
page read and write
|
||
|
2EA8000
|
trusted library allocation
|
page read and write
|
||
|
73C70000
|
unkown
|
page readonly
|
||
|
3011000
|
heap
|
page read and write
|
||
|
2C1E000
|
stack
|
page read and write
|
||
|
7FFAAC490000
|
trusted library allocation
|
page read and write
|
||
|
306A000
|
heap
|
page read and write
|
||
|
97A000
|
unkown
|
page readonly
|
||
|
3032000
|
heap
|
page read and write
|
||
|
6C50000
|
trusted library allocation
|
page read and write
|
||
|
1D09C000
|
stack
|
page read and write
|
||
|
1BE24000
|
heap
|
page read and write
|
||
|
2F6C000
|
trusted library allocation
|
page read and write
|
||
|
312B000
|
heap
|
page read and write
|
||
|
1BF3C000
|
heap
|
page read and write
|
||
|
7FFAAC2FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
527B000
|
heap
|
page read and write
|
||
|
319D000
|
heap
|
page read and write
|
||
|
302C000
|
heap
|
page read and write
|
||
|
3031000
|
heap
|
page read and write
|
||
|
554E000
|
stack
|
page read and write
|
There are 495 hidden memdumps, click here to show them.