Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
bWrRSlOThY.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\AutoIt3\Au3Check.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Au3Info.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Uninstall.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.134\117.0.5938.134_117.0.5938.132_chrome_updater.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\Install\{EB80938B-EC00-4683-A2CC-456206E3A4E1}\117.0.5938.134_117.0.5938.132_chrome_updater.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\java.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ACCICONS.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\DATABASECOMPARE.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\SPREADSHEETCOMPARE.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\GRAPH.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\IEContentService.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MSOHTMED.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSREC.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MSQRY32.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OLCFG.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ORGCHART.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrBroker.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrSanBroker.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\PPTICO.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\PerfBoost.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SCANPST.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SELFCERT.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\VPREVIEW.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\WORDICON.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Wordconv.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\XLICONS.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\lync99.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\msoadfsb.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\msoasb.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\officeappguardwin32.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\aimgr.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOICONS.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\OLicenseHeartbeat.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\ai.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\aimgr.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Source user\OSE.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\AppSharingHookController64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\MSOHTMED.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\accicons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\dbcicons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\grv_icons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\joticon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\lyncicon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\osmclienticon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\outicon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pj11icon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pptico.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pubs.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\sscicons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\visicon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\wordicon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\xlicons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\EdgeCore\117.0.2045.47\BHO\ie_to_edge_stub.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\EdgeCore\117.0.2045.47\Installer\setup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\EdgeCore\117.0.2045.47\cookie_exporter.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\EdgeCore\117.0.2045.47\elevation_service.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\EdgeCore\117.0.2045.47\identity_helper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\EdgeCore\117.0.2045.47\msedge.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\EdgeCore\117.0.2045.47\msedge_proxy.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\EdgeCore\117.0.2045.47\msedge_pwa_launcher.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\EdgeCore\117.0.2045.47\msedgewebview2.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\EdgeCore\117.0.2045.47\notification_helper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\EdgeCore\117.0.2045.47\pwahelper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\BHO\ie_to_edge_stub.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\Installer\setup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\cookie_exporter.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\elevation_service.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\msedge.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\msedge_proxy.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\msedge_pwa_launcher.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\msedgewebview2.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\notification_click_helper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\pwahelper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeComRegisterShellARM64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ConfigSecurityPolicy.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mpextms.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ConfigSecurityPolicy.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCopyAccelerator.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDefenderCoreService.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDlpCmd.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpCmdRun.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mpextms.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\bWrRSlOThY.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\3582-490\RemoteDestopManagerx86.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\3582-490\bWrRSlOThY.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\chrome.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\svchost.com
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\REMOTE~1.EXE.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RemoteDestopManagerx86.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp5023.tmp
|
Non-ISO extended-ASCII text, with no line terminators
|
modified
|
There are 174 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\bWrRSlOThY.exe
|
"C:\Users\user\Desktop\bWrRSlOThY.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\3582-490\bWrRSlOThY.exe
|
"C:\Users\user\AppData\Local\Temp\3582-490\bWrRSlOThY.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\3582-490\bWrRSlOThY.exe
|
"C:\Users\user\AppData\Local\Temp\3582-490\bWrRSlOThY.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C mkdir "C:\Users\user\AppData\Roaming\RemoteDestopManagerx86"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe'"
/f
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe'"
/f
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C copy "C:\Users\user\AppData\Local\Temp\3582-490\bWrRSlOThY.exe" "C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe
|
C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe
|
|
|
|
C:\Windows\svchost.com
|
"C:\Windows\svchost.com" "C:\Users\user\AppData\Local\Temp\3582-490\REMOTE~1.EXE"
|
|
|
|
C:\Users\user\AppData\Local\Temp\3582-490\RemoteDestopManagerx86.exe
|
C:\Users\user\AppData\Local\Temp\3582-490\REMOTE~1.EXE
|
|
|
|
C:\Users\user\AppData\Local\Temp\3582-490\RemoteDestopManagerx86.exe
|
"C:\Users\user\AppData\Local\Temp\3582-490\REMOTE~1.EXE"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C mkdir "C:\Users\user\AppData\Roaming\RemoteDestopManagerx86"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe'"
/f
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe'"
/f
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C copy "C:\Users\user\AppData\Local\Temp\3582-490\REMOTE~1.EXE" "C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe
|
C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe
|
|
|
|
C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe
|
"C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C mkdir "C:\Users\user\AppData\Roaming\RemoteDestopManagerx86"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe'"
/f
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe'"
/f
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C copy "C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe" "C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe
|
C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe
|
|
|
|
C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe
|
"C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C mkdir "C:\Users\user\AppData\Roaming\RemoteDestopManagerx86"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe'"
/f
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe'"
/f
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C copy "C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe" "C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe
|
C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe
|
|
|
|
C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe
|
"C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C mkdir "C:\Users\user\AppData\Roaming\RemoteDestopManagerx86"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe'"
/f
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe'"
/f
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C copy "C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe" "C:\Users\user\AppData\Roaming\RemoteDestopManagerx86\RemoteDestopManagerx86.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 38 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
enero2022async.duckdns.org
|
|
||
|
https://t.me/xworm_v2
|
unknown
|
|
|
|
http://www.autoitscript.com/autoit3/J
|
unknown
|
||
|
https://crashpad.chromium.org/
|
unknown
|
||
|
https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ffDilithium2Dilith
|
unknown
|
||
|
https://crashpad.chromium.org/bug/new
|
unknown
|
||
|
http://127.0.0.1:13556/InsiderSlabBehaviorReportedBuildInsiderSlabBehaviorInsiderSlabBehaviorReporte
|
unknown
|
||
|
http://www.autoitscript.com/autoit3/8
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://www.autoitscript.com/autoit3/
|
unknown
|
||
|
https://www.autoitscript.com/autoit3/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
|
unknown
|
||
|
https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ff
|
unknown
|
||
|
https://login.windows.net/commonhttps://login.windows.netDBSFetcher::CreateRequestHeader
|
unknown
|
There are 5 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
enero2022async.duckdns.org
|
172.94.108.143
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
|
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
|
217.20.57.34
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.94.108.143
|
enero2022async.duckdns.org
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\svchost.com.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\svchost.com.ApplicationCompany
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
32C2000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
2992000
|
trusted library allocation
|
page read and write
|
|
|
|
2D41000
|
trusted library allocation
|
page read and write
|
|
|
|
409000
|
unkown
|
page read and write
|
|
|
|
2B32000
|
trusted library allocation
|
page read and write
|
|
|
|
207C000
|
direct allocation
|
page read and write
|
||
|
324F000
|
heap
|
page read and write
|
||
|
1368000
|
heap
|
page read and write
|
||
|
50A2000
|
trusted library allocation
|
page read and write
|
||
|
FE0000
|
trusted library allocation
|
page read and write
|
||
|
82E000
|
stack
|
page read and write
|
||
|
2080000
|
direct allocation
|
page read and write
|
||
|
68CE000
|
stack
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
3293000
|
heap
|
page read and write
|
||
|
69CE000
|
stack
|
page read and write
|
||
|
267E000
|
unkown
|
page read and write
|
||
|
54DD000
|
heap
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
D0E000
|
stack
|
page read and write
|
||
|
11FB000
|
heap
|
page read and write
|
||
|
12B0000
|
trusted library allocation
|
page read and write
|
||
|
F1C000
|
heap
|
page read and write
|
||
|
9FE000
|
heap
|
page read and write
|
||
|
AD000
|
stack
|
page read and write
|
||
|
12D0000
|
trusted library allocation
|
page read and write
|
||
|
2B9F000
|
unkown
|
page read and write
|
||
|
27CE000
|
stack
|
page read and write
|
||
|
4CC8000
|
heap
|
page read and write
|
||
|
1190000
|
heap
|
page read and write
|
||
|
5790000
|
trusted library allocation
|
page read and write
|
||
|
2064000
|
direct allocation
|
page read and write
|
||
|
2872000
|
heap
|
page read and write
|
||
|
145E000
|
stack
|
page read and write
|
||
|
581D000
|
trusted library allocation
|
page read and write
|
||
|
317C000
|
heap
|
page read and write
|
||
|
12E0000
|
heap
|
page read and write
|
||
|
2900000
|
heap
|
page read and write
|
||
|
2078000
|
direct allocation
|
page read and write
|
||
|
2088000
|
direct allocation
|
page read and write
|
||
|
158B000
|
heap
|
page read and write
|
||
|
21F0000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
3D51000
|
trusted library allocation
|
page read and write
|
||
|
10E0000
|
trusted library allocation
|
page read and write
|
||
|
2B8F000
|
heap
|
page read and write
|
||
|
580E000
|
trusted library allocation
|
page read and write
|
||
|
15AF000
|
stack
|
page read and write
|
||
|
B78000
|
heap
|
page read and write
|
||
|
1AD000
|
stack
|
page read and write
|
||
|
ECD000
|
trusted library allocation
|
page execute and read and write
|
||
|
10E7000
|
trusted library allocation
|
page execute and read and write
|
||
|
11C7000
|
heap
|
page read and write
|
||
|
297D000
|
stack
|
page read and write
|
||
|
535E000
|
heap
|
page read and write
|
||
|
C5F000
|
stack
|
page read and write
|
||
|
2600000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
2774000
|
trusted library allocation
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
2981000
|
trusted library allocation
|
page read and write
|
||
|
1557000
|
heap
|
page read and write
|
||
|
1587000
|
heap
|
page read and write
|
||
|
225D000
|
stack
|
page read and write
|
||
|
2160000
|
heap
|
page read and write
|
||
|
2D51000
|
trusted library allocation
|
page read and write
|
||
|
1222000
|
heap
|
page read and write
|
||
|
5311000
|
heap
|
page read and write
|
||
|
2B80000
|
heap
|
page execute and read and write
|
||
|
330E000
|
trusted library allocation
|
page read and write
|
||
|
2B5D000
|
stack
|
page read and write
|
||
|
739000
|
stack
|
page read and write
|
||
|
2EFD000
|
stack
|
page read and write
|
||
|
2078000
|
direct allocation
|
page read and write
|
||
|
12A0000
|
trusted library allocation
|
page read and write
|
||
|
5595000
|
trusted library allocation
|
page read and write
|
||
|
8C5000
|
heap
|
page read and write
|
||
|
80A000
|
heap
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
77F000
|
stack
|
page read and write
|
||
|
14B0000
|
trusted library allocation
|
page read and write
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
A8E000
|
heap
|
page read and write
|
||
|
2B1E000
|
stack
|
page read and write
|
||
|
740C000
|
stack
|
page read and write
|
||
|
27C0000
|
heap
|
page read and write
|
||
|
C6E000
|
stack
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
11A6000
|
heap
|
page read and write
|
||
|
CEB000
|
trusted library allocation
|
page execute and read and write
|
||
|
11BB000
|
heap
|
page read and write
|
||
|
544E000
|
stack
|
page read and write
|
||
|
10F0000
|
trusted library allocation
|
page read and write
|
||
|
2800000
|
heap
|
page read and write
|
||
|
5230000
|
trusted library allocation
|
page read and write
|
||
|
2C46000
|
heap
|
page read and write
|
||
|
2E10000
|
trusted library allocation
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
25DE000
|
unkown
|
page read and write
|
||
|
674E000
|
stack
|
page read and write
|
||
|
57E6000
|
trusted library allocation
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
385F000
|
stack
|
page read and write
|
||
|
2270000
|
heap
|
page read and write
|
||
|
12E8000
|
heap
|
page read and write
|
||
|
F2C000
|
heap
|
page read and write
|
||
|
5967000
|
trusted library allocation
|
page read and write
|
||
|
2098000
|
direct allocation
|
page read and write
|
||
|
8D5000
|
heap
|
page read and write
|
||
|
13A2000
|
heap
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
1218000
|
heap
|
page read and write
|
||
|
11B3000
|
heap
|
page read and write
|
||
|
2BCF000
|
stack
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
1280000
|
trusted library allocation
|
page read and write
|
||
|
120E000
|
heap
|
page read and write
|
||
|
2B2F000
|
stack
|
page read and write
|
||
|
5822000
|
trusted library allocation
|
page read and write
|
||
|
2BF0000
|
heap
|
page read and write
|
||
|
2610000
|
heap
|
page read and write
|
||
|
12BA000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
28B5000
|
heap
|
page read and write
|
||
|
2E20000
|
heap
|
page execute and read and write
|
||
|
342F000
|
stack
|
page read and write
|
||
|
B50000
|
trusted library allocation
|
page execute and read and write
|
||
|
AC7000
|
heap
|
page read and write
|
||
|
367C000
|
heap
|
page read and write
|
||
|
2DBD000
|
stack
|
page read and write
|
||
|
271C000
|
trusted library allocation
|
page read and write
|
||
|
AA4000
|
trusted library allocation
|
page read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
15E2000
|
heap
|
page read and write
|
||
|
4BFD000
|
heap
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
2700000
|
heap
|
page read and write
|
||
|
2078000
|
direct allocation
|
page read and write
|
||
|
1150000
|
trusted library allocation
|
page read and write
|
||
|
2098000
|
direct allocation
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
F7D000
|
heap
|
page read and write
|
||
|
EC7000
|
heap
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
4FF0000
|
trusted library allocation
|
page read and write
|
||
|
3280000
|
heap
|
page read and write
|
||
|
57C6000
|
trusted library allocation
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
2078000
|
direct allocation
|
page read and write
|
||
|
29D0000
|
heap
|
page read and write
|
||
|
369F000
|
heap
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
6D0E000
|
stack
|
page read and write
|
||
|
15D8000
|
heap
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
263D000
|
stack
|
page read and write
|
||
|
57F0000
|
trusted library allocation
|
page read and write
|
||
|
2AE1000
|
trusted library allocation
|
page read and write
|
||
|
14A0000
|
heap
|
page read and write
|
||
|
12DB000
|
trusted library allocation
|
page execute and read and write
|
||
|
42B1000
|
trusted library allocation
|
page read and write
|
||
|
3150000
|
direct allocation
|
page read and write
|
||
|
6F8D000
|
stack
|
page read and write
|
||
|
2098000
|
direct allocation
|
page read and write
|
||
|
A86000
|
heap
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
8F9000
|
stack
|
page read and write
|
||
|
F15000
|
heap
|
page read and write
|
||
|
148D000
|
stack
|
page read and write
|
||
|
253D000
|
stack
|
page read and write
|
||
|
2B60000
|
heap
|
page read and write
|
||
|
10FB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2890000
|
heap
|
page read and write
|
||
|
BF7000
|
trusted library allocation
|
page execute and read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
116D000
|
trusted library allocation
|
page execute and read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
122D000
|
heap
|
page read and write
|
||
|
C80000
|
trusted library allocation
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
50B7000
|
trusted library allocation
|
page read and write
|
||
|
1517000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A8F000
|
unkown
|
page read and write
|
||
|
57E9000
|
stack
|
page read and write
|
||
|
2F87000
|
trusted library allocation
|
page read and write
|
||
|
2098000
|
direct allocation
|
page read and write
|
||
|
2098000
|
direct allocation
|
page read and write
|
||
|
AFF000
|
stack
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
1294000
|
trusted library allocation
|
page read and write
|
||
|
1265000
|
heap
|
page read and write
|
||
|
2098000
|
direct allocation
|
page read and write
|
||
|
2F80000
|
heap
|
page read and write
|
||
|
2A0E000
|
stack
|
page read and write
|
||
|
59E000
|
stack
|
page read and write
|
||
|
5D80000
|
heap
|
page read and write
|
||
|
265E000
|
stack
|
page read and write
|
||
|
29DE000
|
trusted library allocation
|
page read and write
|
||
|
2875000
|
heap
|
page read and write
|
||
|
2070000
|
direct allocation
|
page read and write
|
||
|
1512000
|
trusted library allocation
|
page read and write
|
||
|
3650000
|
heap
|
page read and write
|
||
|
111D000
|
trusted library allocation
|
page execute and read and write
|
||
|
AAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
324F000
|
heap
|
page read and write
|
||
|
2B10000
|
heap
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
28B4000
|
heap
|
page read and write
|
||
|
AB0000
|
trusted library allocation
|
page read and write
|
||
|
51B9000
|
trusted library allocation
|
page read and write
|
||
|
2E6E000
|
stack
|
page read and write
|
||
|
54EB000
|
heap
|
page read and write
|
||
|
D9D000
|
stack
|
page read and write
|
||
|
58A1000
|
trusted library allocation
|
page read and write
|
||
|
24CD000
|
stack
|
page read and write
|
||
|
2098000
|
direct allocation
|
page read and write
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
326E000
|
unkown
|
page read and write
|
||
|
27B2000
|
trusted library allocation
|
page read and write
|
||
|
2830000
|
heap
|
page read and write
|
||
|
4D20000
|
heap
|
page read and write
|
||
|
133F000
|
stack
|
page read and write
|
||
|
5802000
|
trusted library allocation
|
page read and write
|
||
|
1114000
|
trusted library allocation
|
page read and write
|
||
|
57F0000
|
trusted library allocation
|
page read and write
|
||
|
2098000
|
direct allocation
|
page read and write
|
||
|
2B3D000
|
stack
|
page read and write
|
||
|
F81000
|
heap
|
page read and write
|
||
|
136C000
|
heap
|
page read and write
|
||
|
12C0000
|
heap
|
page read and write
|
||
|
57E0000
|
trusted library allocation
|
page read and write
|
||
|
5950000
|
trusted library allocation
|
page read and write
|
||
|
94E000
|
stack
|
page read and write
|
||
|
32B1000
|
trusted library allocation
|
page read and write
|
||
|
150A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1807000
|
trusted library allocation
|
page execute and read and write
|
||
|
369F000
|
heap
|
page read and write
|
||
|
28DF000
|
stack
|
page read and write
|
||
|
528E000
|
stack
|
page read and write
|
||
|
507F000
|
stack
|
page read and write
|
||
|
2098000
|
direct allocation
|
page read and write
|
||
|
3650000
|
heap
|
page read and write
|
||
|
5353000
|
heap
|
page read and write
|
||
|
A76000
|
heap
|
page read and write
|
||
|
2FCE000
|
unkown
|
page read and write
|
||
|
4DF8000
|
heap
|
page read and write
|
||
|
136E000
|
stack
|
page read and write
|
||
|
3291000
|
heap
|
page read and write
|
||
|
2E00000
|
trusted library allocation
|
page read and write
|
||
|
2098000
|
direct allocation
|
page read and write
|
||
|
10DE000
|
stack
|
page read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
1530000
|
trusted library allocation
|
page read and write
|
||
|
53A0000
|
heap
|
page read and write
|
||
|
5D90000
|
heap
|
page read and write
|
||
|
3D55000
|
trusted library allocation
|
page read and write
|
||
|
316E000
|
stack
|
page read and write
|
||
|
2098000
|
direct allocation
|
page read and write
|
||
|
350F000
|
stack
|
page read and write
|
||
|
126A000
|
heap
|
page read and write
|
||
|
C90000
|
heap
|
page read and write
|
||
|
9D4000
|
trusted library allocation
|
page read and write
|
||
|
239E000
|
unkown
|
page read and write
|
||
|
866000
|
heap
|
page read and write
|
||
|
9DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1354000
|
heap
|
page read and write
|
||
|
2D2C000
|
heap
|
page read and write
|
||
|
283C000
|
heap
|
page read and write
|
||
|
14C5000
|
heap
|
page read and write
|
||
|
80E000
|
heap
|
page read and write
|
||
|
A05000
|
heap
|
page read and write
|
||
|
5960000
|
trusted library allocation
|
page read and write
|
||
|
1340000
|
trusted library allocation
|
page read and write
|
||
|
32FB000
|
stack
|
page read and write
|
||
|
5B00000
|
heap
|
page read and write
|
||
|
195000
|
stack
|
page read and write
|
||
|
2770000
|
heap
|
page read and write
|
||
|
3130000
|
heap
|
page read and write
|
||
|
10E0000
|
heap
|
page read and write
|
||
|
2A4F000
|
unkown
|
page read and write
|
||
|
2350000
|
heap
|
page read and write
|
||
|
294E000
|
unkown
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
2080000
|
direct allocation
|
page read and write
|
||
|
2D78000
|
trusted library allocation
|
page read and write
|
||
|
2870000
|
heap
|
page read and write
|
||
|
1110000
|
trusted library allocation
|
page read and write
|
||
|
2880000
|
heap
|
page read and write
|
||
|
322E000
|
stack
|
page read and write
|
||
|
30EF000
|
stack
|
page read and write
|
||
|
4FE5000
|
trusted library allocation
|
page read and write
|
||
|
F6B000
|
heap
|
page read and write
|
||
|
291E000
|
stack
|
page read and write
|
||
|
5272000
|
trusted library allocation
|
page read and write
|
||
|
2ACE000
|
stack
|
page read and write
|
||
|
59B0000
|
heap
|
page read and write
|
||
|
28B2000
|
heap
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
49DE000
|
stack
|
page read and write
|
||
|
17FE000
|
stack
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
418000
|
unkown
|
page readonly
|
||
|
1154000
|
trusted library allocation
|
page read and write
|
||
|
A7E000
|
heap
|
page read and write
|
||
|
2B6C000
|
heap
|
page read and write
|
||
|
273D000
|
stack
|
page read and write
|
||
|
71F000
|
stack
|
page read and write
|
||
|
12B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1290000
|
trusted library allocation
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
2540000
|
trusted library allocation
|
page execute and read and write
|
||
|
2098000
|
direct allocation
|
page read and write
|
||
|
1277000
|
trusted library allocation
|
page execute and read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
287E000
|
unkown
|
page read and write
|
||
|
E98000
|
heap
|
page read and write
|
||
|
4B5D000
|
stack
|
page read and write
|
||
|
4BE0000
|
heap
|
page execute and read and write
|
||
|
151A000
|
heap
|
page read and write
|
||
|
4C7D000
|
stack
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
3AE1000
|
trusted library allocation
|
page read and write
|
||
|
1480000
|
heap
|
page read and write
|
||
|
A1B000
|
heap
|
page read and write
|
||
|
3695000
|
heap
|
page read and write
|
||
|
10C0000
|
trusted library allocation
|
page read and write
|
||
|
272B000
|
trusted library allocation
|
page read and write
|
||
|
34CF000
|
unkown
|
page read and write
|
||
|
6E8C000
|
stack
|
page read and write
|
||
|
11CB000
|
heap
|
page read and write
|
||
|
704C000
|
stack
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
12B7000
|
trusted library allocation
|
page execute and read and write
|
||
|
14BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
3650000
|
heap
|
page read and write
|
||
|
F50000
|
heap
|
page read and write
|
||
|
313E000
|
unkown
|
page read and write
|
||
|
5890000
|
trusted library allocation
|
page read and write
|
||
|
12A4000
|
trusted library allocation
|
page read and write
|
||
|
3681000
|
trusted library allocation
|
page read and write
|
||
|
3270000
|
heap
|
page read and write
|
||
|
290E000
|
stack
|
page read and write
|
||
|
CB7000
|
trusted library allocation
|
page execute and read and write
|
||
|
65C000
|
stack
|
page read and write
|
||
|
ACA000
|
heap
|
page read and write
|
||
|
321C000
|
heap
|
page read and write
|
||
|
C7E000
|
stack
|
page read and write
|
||
|
2E14000
|
trusted library allocation
|
page read and write
|
||
|
56AC000
|
stack
|
page read and write
|
||
|
1104000
|
trusted library allocation
|
page read and write
|
||
|
14B4000
|
trusted library allocation
|
page read and write
|
||
|
4D82000
|
heap
|
page read and write
|
||
|
F63000
|
heap
|
page read and write
|
||
|
5294000
|
trusted library allocation
|
page read and write
|
||
|
1204000
|
heap
|
page read and write
|
||
|
5900000
|
heap
|
page read and write
|
||
|
5281000
|
trusted library allocation
|
page read and write
|
||
|
C07000
|
trusted library allocation
|
page execute and read and write
|
||
|
300E000
|
stack
|
page read and write
|
||
|
688F000
|
stack
|
page read and write
|
||
|
3DA4000
|
trusted library allocation
|
page read and write
|
||
|
5270000
|
trusted library allocation
|
page read and write
|
||
|
9D0000
|
trusted library allocation
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
2C3C000
|
heap
|
page read and write
|
||
|
1820000
|
trusted library allocation
|
page read and write
|
||
|
3210000
|
heap
|
page read and write
|
||
|
2780000
|
trusted library allocation
|
page read and write
|
||
|
A90000
|
trusted library allocation
|
page read and write
|
||
|
23A0000
|
heap
|
page read and write
|
||
|
A82000
|
heap
|
page read and write
|
||
|
15D1000
|
heap
|
page read and write
|
||
|
50A0000
|
trusted library allocation
|
page read and write
|
||
|
36B0000
|
heap
|
page read and write
|
||
|
F0B000
|
heap
|
page read and write
|
||
|
2FE2000
|
trusted library allocation
|
page read and write
|
||
|
759000
|
stack
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
2B40000
|
heap
|
page read and write
|
||
|
AB7000
|
heap
|
page read and write
|
||
|
2C30000
|
heap
|
page read and write
|
||
|
2B7E000
|
trusted library allocation
|
page read and write
|
||
|
23CD000
|
stack
|
page read and write
|
||
|
1110000
|
trusted library allocation
|
page read and write
|
||
|
838000
|
heap
|
page read and write
|
||
|
13AD000
|
heap
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
5ADE000
|
stack
|
page read and write
|
||
|
15DC000
|
heap
|
page read and write
|
||
|
10CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
272E000
|
unkown
|
page read and write
|
||
|
2A1F000
|
stack
|
page read and write
|
||
|
1800000
|
trusted library allocation
|
page read and write
|
||
|
26C0000
|
heap
|
page read and write
|
||
|
1577000
|
heap
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
190000
|
stack
|
page read and write
|
||
|
312E000
|
stack
|
page read and write
|
||
|
2098000
|
direct allocation
|
page read and write
|
||
|
112E000
|
stack
|
page read and write
|
||
|
5651000
|
trusted library allocation
|
page read and write
|
||
|
8CA000
|
heap
|
page read and write
|
||
|
53E000
|
stack
|
page read and write
|
||
|
AA3000
|
trusted library allocation
|
page execute and read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
1170000
|
heap
|
page execute and read and write
|
||
|
AD7000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F92000
|
trusted library allocation
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
2098000
|
direct allocation
|
page read and write
|
||
|
343F000
|
unkown
|
page read and write
|
||
|
2B8E000
|
stack
|
page read and write
|
||
|
2BD0000
|
heap
|
page read and write
|
||
|
2ADE000
|
stack
|
page read and write
|
||
|
2078000
|
direct allocation
|
page read and write
|
||
|
859000
|
heap
|
page read and write
|
||
|
AB4000
|
heap
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
34AE000
|
stack
|
page read and write
|
||
|
1233000
|
heap
|
page read and write
|
||
|
2060000
|
direct allocation
|
page read and write
|
||
|
65C000
|
stack
|
page read and write
|
||
|
2874000
|
heap
|
page read and write
|
||
|
B1C000
|
stack
|
page read and write
|
||
|
271C000
|
heap
|
page read and write
|
||
|
113B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A4E000
|
stack
|
page read and write
|
||
|
4EDE000
|
stack
|
page read and write
|
||
|
481D000
|
stack
|
page read and write
|
||
|
8AF000
|
stack
|
page read and write
|
||
|
9ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
9E0000
|
trusted library allocation
|
page read and write
|
||
|
81E000
|
stack
|
page read and write
|
||
|
2B82000
|
trusted library allocation
|
page read and write
|
||
|
C0B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E8D000
|
stack
|
page read and write
|
||
|
15D4000
|
heap
|
page read and write
|
||
|
2098000
|
direct allocation
|
page read and write
|
||
|
2A8F000
|
unkown
|
page read and write
|
||
|
66CD000
|
stack
|
page read and write
|
||
|
3711000
|
trusted library allocation
|
page read and write
|
||
|
3120000
|
heap
|
page read and write
|
||
|
4E70000
|
heap
|
page read and write
|
||
|
1127000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FF4000
|
trusted library allocation
|
page read and write
|
||
|
3295000
|
heap
|
page read and write
|
||
|
1103000
|
trusted library allocation
|
page execute and read and write
|
||
|
D00000
|
trusted library allocation
|
page read and write
|
||
|
1293000
|
trusted library allocation
|
page execute and read and write
|
||
|
CF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
23ED000
|
stack
|
page read and write
|
||
|
57A4000
|
trusted library allocation
|
page read and write
|
||
|
10C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
3560000
|
heap
|
page read and write
|
||
|
3860000
|
heap
|
page read and write
|
||
|
AB4000
|
trusted library allocation
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
1490000
|
trusted library allocation
|
page read and write
|
||
|
51F0000
|
heap
|
page execute and read and write
|
||
|
2084000
|
direct allocation
|
page read and write
|
||
|
618000
|
heap
|
page read and write
|
||
|
2D57000
|
trusted library allocation
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
5586000
|
trusted library allocation
|
page read and write
|
||
|
8CC000
|
stack
|
page read and write
|
||
|
14C0000
|
heap
|
page read and write
|
||
|
3694000
|
heap
|
page read and write
|
||
|
2B9E000
|
stack
|
page read and write
|
||
|
110D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2098000
|
direct allocation
|
page read and write
|
||
|
B6E000
|
stack
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
4B70000
|
trusted library allocation
|
page read and write
|
||
|
3248000
|
trusted library allocation
|
page read and write
|
||
|
303E000
|
unkown
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
11F8000
|
heap
|
page read and write
|
||
|
2713000
|
trusted library allocation
|
page read and write
|
||
|
58A000
|
heap
|
page read and write
|
||
|
1167000
|
stack
|
page read and write
|
||
|
2B40000
|
heap
|
page read and write
|
||
|
127A000
|
trusted library allocation
|
page execute and read and write
|
||
|
20A0000
|
direct allocation
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
1178000
|
heap
|
page read and write
|
||
|
3550000
|
heap
|
page read and write
|
||
|
25F0000
|
direct allocation
|
page read and write
|
||
|
3140000
|
heap
|
page read and write
|
||
|
4C50000
|
trusted library allocation
|
page read and write
|
||
|
A34000
|
heap
|
page read and write
|
||
|
5287000
|
trusted library allocation
|
page read and write
|
||
|
ADE000
|
heap
|
page read and write
|
||
|
2AEC000
|
trusted library allocation
|
page read and write
|
||
|
E6E000
|
stack
|
page read and write
|
||
|
1137000
|
trusted library allocation
|
page execute and read and write
|
||
|
12A0000
|
trusted library allocation
|
page read and write
|
||
|
27BE000
|
unkown
|
page read and write
|
||
|
CCB000
|
trusted library allocation
|
page execute and read and write
|
||
|
A26000
|
heap
|
page read and write
|
||
|
5892000
|
trusted library allocation
|
page read and write
|
||
|
1130000
|
heap
|
page read and write
|
||
|
2098000
|
direct allocation
|
page read and write
|
||
|
863000
|
heap
|
page read and write
|
||
|
6D4C000
|
stack
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
5000000
|
trusted library allocation
|
page read and write
|
||
|
7BE000
|
stack
|
page read and write
|
||
|
2F8D000
|
stack
|
page read and write
|
||
|
6CCF000
|
stack
|
page read and write
|
||
|
684E000
|
stack
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
ED0000
|
trusted library allocation
|
page read and write
|
||
|
340E000
|
stack
|
page read and write
|
||
|
EB2000
|
heap
|
page read and write
|
||
|
4D20000
|
heap
|
page read and write
|
||
|
EC4000
|
trusted library allocation
|
page read and write
|
||
|
5020000
|
trusted library allocation
|
page execute and read and write
|
||
|
FBA000
|
heap
|
page read and write
|
||
|
24B0000
|
trusted library allocation
|
page read and write
|
||
|
6E4D000
|
stack
|
page read and write
|
||
|
F0E000
|
stack
|
page read and write
|
||
|
3050000
|
heap
|
page read and write
|
||
|
10DE000
|
stack
|
page read and write
|
||
|
2B8F000
|
heap
|
page read and write
|
||
|
ABA000
|
heap
|
page read and write
|
||
|
27D0000
|
heap
|
page execute and read and write
|
||
|
CBD000
|
trusted library allocation
|
page execute and read and write
|
||
|
409000
|
unkown
|
page write copy
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
23E0000
|
heap
|
page read and write
|
||
|
10E7000
|
heap
|
page read and write
|
||
|
C93000
|
trusted library allocation
|
page execute and read and write
|
||
|
5466000
|
heap
|
page read and write
|
||
|
5564000
|
trusted library allocation
|
page read and write
|
||
|
ED4000
|
trusted library allocation
|
page read and write
|
||
|
270E000
|
stack
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
B89000
|
stack
|
page read and write
|
||
|
229F000
|
stack
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
180B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2098000
|
direct allocation
|
page read and write
|
||
|
CC0000
|
trusted library allocation
|
page read and write
|
||
|
F18000
|
heap
|
page read and write
|
||
|
2730000
|
heap
|
page read and write
|
||
|
10FF000
|
stack
|
page read and write
|
||
|
135C000
|
heap
|
page read and write
|
||
|
BCE000
|
stack
|
page read and write
|
||
|
A7A000
|
heap
|
page read and write
|
||
|
A72000
|
heap
|
page read and write
|
||
|
1308000
|
heap
|
page read and write
|
||
|
190000
|
stack
|
page read and write
|
||
|
151B000
|
trusted library allocation
|
page execute and read and write
|
||
|
C6F000
|
stack
|
page read and write
|
||
|
2D4E000
|
stack
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
2AFF000
|
trusted library allocation
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
2070000
|
direct allocation
|
page read and write
|
||
|
369F000
|
heap
|
page read and write
|
||
|
10DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
3470000
|
heap
|
page read and write
|
||
|
17BF000
|
stack
|
page read and write
|
||
|
2C8F000
|
stack
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
B60000
|
trusted library allocation
|
page read and write
|
||
|
5840000
|
trusted library allocation
|
page read and write
|
||
|
2098000
|
direct allocation
|
page read and write
|
||
|
3100000
|
heap
|
page read and write
|
||
|
2750000
|
heap
|
page read and write
|
||
|
2DAE000
|
trusted library allocation
|
page read and write
|
||
|
57F6000
|
trusted library allocation
|
page read and write
|
||
|
2098000
|
direct allocation
|
page read and write
|
||
|
2BCE000
|
stack
|
page read and write
|
||
|
5B10000
|
trusted library allocation
|
page read and write
|
||
|
2A5E000
|
stack
|
page read and write
|
||
|
2A90000
|
heap
|
page read and write
|
||
|
36A0000
|
heap
|
page read and write
|
||
|
14DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
5642000
|
trusted library allocation
|
page read and write
|
||
|
1524000
|
heap
|
page read and write
|
||
|
14B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
51C5000
|
trusted library allocation
|
page read and write
|
||
|
658E000
|
stack
|
page read and write
|
||
|
26FF000
|
unkown
|
page read and write
|
||
|
1356000
|
trusted library allocation
|
page read and write
|
||
|
1364000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
E9F000
|
stack
|
page read and write
|
||
|
5290000
|
trusted library allocation
|
page read and write
|
||
|
FE2000
|
unkown
|
page readonly
|
||
|
14D0000
|
trusted library allocation
|
page read and write
|
||
|
1354000
|
trusted library allocation
|
page read and write
|
||
|
52B0000
|
heap
|
page read and write
|
||
|
2050000
|
direct allocation
|
page read and write
|
||
|
1502000
|
trusted library allocation
|
page read and write
|
||
|
2660000
|
trusted library allocation
|
page read and write
|
||
|
283F000
|
unkown
|
page read and write
|
||
|
CC4000
|
trusted library allocation
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
5426000
|
heap
|
page read and write
|
||
|
B3E000
|
stack
|
page read and write
|
||
|
11A8000
|
heap
|
page read and write
|
||
|
2C50000
|
heap
|
page read and write
|
||
|
23DE000
|
stack
|
page read and write
|
||
|
2F80000
|
heap
|
page read and write
|
||
|
2AE3000
|
trusted library allocation
|
page read and write
|
||
|
5589000
|
trusted library allocation
|
page read and write
|
||
|
2C3E000
|
stack
|
page read and write
|
||
|
CE7000
|
trusted library allocation
|
page execute and read and write
|
||
|
1510000
|
trusted library allocation
|
page read and write
|
||
|
2098000
|
direct allocation
|
page read and write
|
||
|
139A000
|
heap
|
page read and write
|
||
|
1120000
|
trusted library allocation
|
page read and write
|
||
|
2E50000
|
heap
|
page read and write
|
||
|
2078000
|
direct allocation
|
page read and write
|
||
|
F14000
|
heap
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
5B14000
|
trusted library allocation
|
page read and write
|
||
|
2ACF000
|
unkown
|
page read and write
|
||
|
2BD0000
|
heap
|
page read and write
|
||
|
2980000
|
heap
|
page read and write
|
||
|
2BEE000
|
unkown
|
page read and write
|
||
|
2078000
|
direct allocation
|
page read and write
|
||
|
51B6000
|
trusted library allocation
|
page read and write
|
||
|
5194000
|
trusted library allocation
|
page read and write
|
||
|
D10000
|
heap
|
page execute and read and write
|
||
|
297F000
|
stack
|
page read and write
|
||
|
521E000
|
stack
|
page read and write
|
||
|
57B4000
|
trusted library allocation
|
page read and write
|
||
|
2F7E000
|
stack
|
page read and write
|
||
|
272F000
|
trusted library allocation
|
page read and write
|
||
|
27A0000
|
heap
|
page read and write
|
||
|
2AFB000
|
trusted library allocation
|
page read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
332F000
|
unkown
|
page read and write
|
||
|
644F000
|
stack
|
page read and write
|
||
|
2F1D000
|
stack
|
page read and write
|
||
|
117A000
|
heap
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
ADB000
|
trusted library allocation
|
page execute and read and write
|
||
|
290F000
|
stack
|
page read and write
|
||
|
B9A000
|
heap
|
page read and write
|
||
|
3170000
|
heap
|
page read and write
|
||
|
1392000
|
heap
|
page read and write
|
||
|
5070000
|
heap
|
page execute and read and write
|
||
|
2C9F000
|
stack
|
page read and write
|
||
|
A8C000
|
stack
|
page read and write
|
||
|
2D89000
|
trusted library allocation
|
page read and write
|
||
|
5B30000
|
heap
|
page read and write
|
||
|
35A0000
|
heap
|
page read and write
|
||
|
8D7000
|
heap
|
page read and write
|
||
|
3130000
|
heap
|
page read and write
|
||
|
23AD000
|
stack
|
page read and write
|
||
|
2CCE000
|
stack
|
page read and write
|
||
|
5640000
|
trusted library allocation
|
page read and write
|
||
|
2078000
|
direct allocation
|
page read and write
|
||
|
2078000
|
direct allocation
|
page read and write
|
||
|
4B50000
|
heap
|
page read and write
|
||
|
1153000
|
trusted library allocation
|
page execute and read and write
|
||
|
3040000
|
heap
|
page read and write
|
||
|
1162000
|
heap
|
page read and write
|
||
|
10B0000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
2098000
|
direct allocation
|
page read and write
|
||
|
293E000
|
stack
|
page read and write
|
||
|
27DE000
|
stack
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
9D3000
|
trusted library allocation
|
page execute and read and write
|
||
|
366F000
|
stack
|
page read and write
|
||
|
3D41000
|
trusted library allocation
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
324F000
|
heap
|
page read and write
|
||
|
14F0000
|
heap
|
page read and write
|
||
|
55C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
9C0000
|
trusted library allocation
|
page read and write
|
||
|
4BF0000
|
heap
|
page read and write
|
||
|
27C7000
|
trusted library allocation
|
page read and write
|
||
|
2B4F000
|
stack
|
page read and write
|
||
|
22CD000
|
stack
|
page read and write
|
||
|
9E4000
|
trusted library allocation
|
page read and write
|
||
|
BEE000
|
stack
|
page read and write
|
||
|
193F000
|
stack
|
page read and write
|
||
|
3520000
|
heap
|
page read and write
|
||
|
28CF000
|
stack
|
page read and write
|
||
|
3234000
|
heap
|
page read and write
|
||
|
BA4000
|
heap
|
page read and write
|
||
|
3312000
|
trusted library allocation
|
page read and write
|
||
|
3575000
|
heap
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
4C5E000
|
stack
|
page read and write
|
||
|
1120000
|
trusted library allocation
|
page execute and read and write
|
||
|
32A0000
|
heap
|
page execute and read and write
|
||
|
2098000
|
direct allocation
|
page read and write
|
||
|
5830000
|
trusted library allocation
|
page read and write
|
||
|
296E000
|
stack
|
page read and write
|
||
|
2C40000
|
heap
|
page read and write
|
||
|
2A10000
|
heap
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
2830000
|
heap
|
page read and write
|
||
|
2098000
|
direct allocation
|
page read and write
|
||
|
2083000
|
direct allocation
|
page read and write
|
||
|
11E0000
|
heap
|
page read and write
|
||
|
2E9F000
|
heap
|
page read and write
|
||
|
2DA8000
|
trusted library allocation
|
page read and write
|
||
|
480D000
|
stack
|
page read and write
|
||
|
34E0000
|
heap
|
page read and write
|
||
|
2FD8000
|
trusted library allocation
|
page read and write
|
||
|
1830000
|
heap
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
2AEA000
|
trusted library allocation
|
page read and write
|
||
|
F12000
|
heap
|
page read and write
|
||
|
12AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
5657000
|
trusted library allocation
|
page read and write
|
||
|
2B40000
|
heap
|
page read and write
|
||
|
2776000
|
trusted library allocation
|
page read and write
|
||
|
D5E000
|
stack
|
page read and write
|
||
|
C80000
|
trusted library allocation
|
page read and write
|
||
|
5B33000
|
heap
|
page read and write
|
||
|
1287000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FDE000
|
trusted library allocation
|
page read and write
|
||
|
29E2000
|
trusted library allocation
|
page read and write
|
||
|
3F85000
|
trusted library allocation
|
page read and write
|
||
|
20A4000
|
direct allocation
|
page read and write
|
||
|
D87000
|
stack
|
page read and write
|
||
|
2B4F000
|
stack
|
page read and write
|
||
|
26BE000
|
stack
|
page read and write
|
||
|
9C7000
|
stack
|
page read and write
|
||
|
57FE000
|
trusted library allocation
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
D9F000
|
stack
|
page read and write
|
||
|
4E60000
|
heap
|
page execute and read and write
|
||
|
327C000
|
heap
|
page read and write
|
||
|
27E0000
|
heap
|
page read and write
|
||
|
11C3000
|
heap
|
page read and write
|
||
|
326D000
|
stack
|
page read and write
|
||
|
3880000
|
heap
|
page read and write
|
||
|
2D5F000
|
stack
|
page read and write
|
||
|
112A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2681000
|
trusted library allocation
|
page read and write
|
||
|
2D20000
|
heap
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
26FD000
|
stack
|
page read and write
|
||
|
2765000
|
trusted library allocation
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
128B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2550000
|
heap
|
page execute and read and write
|
||
|
F60000
|
heap
|
page read and write
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
BA7000
|
heap
|
page read and write
|
||
|
F4E000
|
stack
|
page read and write
|
||
|
57F4000
|
trusted library allocation
|
page read and write
|
||
|
4BE000
|
stack
|
page read and write
|
||
|
648E000
|
stack
|
page read and write
|
||
|
750E000
|
stack
|
page read and write
|
||
|
2098000
|
direct allocation
|
page read and write
|
||
|
14A0000
|
trusted library allocation
|
page read and write
|
||
|
465000
|
heap
|
page read and write
|
||
|
670E000
|
stack
|
page read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
F28000
|
heap
|
page read and write
|
||
|
65CE000
|
stack
|
page read and write
|
||
|
2630000
|
heap
|
page read and write
|
||
|
58C0000
|
heap
|
page execute and read and write
|
||
|
2770000
|
trusted library allocation
|
page read and write
|
||
|
38CF000
|
heap
|
page read and write
|
||
|
2C60000
|
heap
|
page read and write
|
||
|
2B70000
|
trusted library allocation
|
page read and write
|
||
|
4D10000
|
heap
|
page execute and read and write
|
||
|
5810000
|
trusted library allocation
|
page execute and read and write
|
||
|
2770000
|
heap
|
page read and write
|
||
|
58E000
|
heap
|
page read and write
|
||
|
1532000
|
heap
|
page read and write
|
||
|
1315000
|
heap
|
page read and write
|
||
|
2990000
|
trusted library allocation
|
page read and write
|
||
|
28E1000
|
trusted library allocation
|
page read and write
|
||
|
EBE000
|
stack
|
page read and write
|
||
|
1301000
|
heap
|
page read and write
|
||
|
51A4000
|
trusted library allocation
|
page read and write
|
||
|
4EA000
|
heap
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
25E0000
|
heap
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
2FB9000
|
trusted library allocation
|
page read and write
|
||
|
53B0000
|
heap
|
page read and write
|
||
|
13CD000
|
heap
|
page read and write
|
||
|
57E000
|
stack
|
page read and write
|
||
|
7580000
|
trusted library allocation
|
page execute and read and write
|
||
|
1280000
|
heap
|
page read and write
|
||
|
D6F000
|
stack
|
page read and write
|
||
|
11B7000
|
heap
|
page read and write
|
||
|
F4D000
|
stack
|
page read and write
|
||
|
272D000
|
stack
|
page read and write
|
||
|
50B1000
|
trusted library allocation
|
page read and write
|
||
|
285C000
|
heap
|
page read and write
|
||
|
2C0F000
|
stack
|
page read and write
|
||
|
EE8000
|
heap
|
page read and write
|
||
|
7DE000
|
stack
|
page read and write
|
||
|
5324000
|
heap
|
page read and write
|
||
|
346F000
|
unkown
|
page read and write
|
||
|
2FCE000
|
unkown
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
12C0000
|
heap
|
page read and write
|
||
|
757000
|
stack
|
page read and write
|
||
|
10EA000
|
trusted library allocation
|
page execute and read and write
|
||
|
7EF00000
|
trusted library allocation
|
page execute and read and write
|
||
|
10C4000
|
trusted library allocation
|
page read and write
|
||
|
2590000
|
heap
|
page read and write
|
||
|
3232000
|
heap
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
E90000
|
heap
|
page read and write
|
||
|
3590000
|
heap
|
page read and write
|
||
|
8CD000
|
heap
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
2B5F000
|
stack
|
page read and write
|
||
|
2DEC000
|
trusted library allocation
|
page read and write
|
||
|
30FD000
|
stack
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
57FB000
|
trusted library allocation
|
page read and write
|
||
|
832000
|
heap
|
page read and write
|
||
|
A8E000
|
stack
|
page read and write
|
||
|
1140000
|
trusted library allocation
|
page read and write
|
||
|
4D48000
|
trusted library allocation
|
page read and write
|
||
|
28D0000
|
heap
|
page read and write
|
||
|
1170000
|
heap
|
page read and write
|
||
|
24FE000
|
stack
|
page read and write
|
||
|
2D62000
|
trusted library allocation
|
page read and write
|
||
|
3692000
|
heap
|
page read and write
|
||
|
313C000
|
heap
|
page read and write
|
||
|
2910000
|
heap
|
page read and write
|
||
|
2F1D000
|
stack
|
page read and write
|
||
|
5180000
|
heap
|
page execute and read and write
|
||
|
2FA8000
|
trusted library allocation
|
page read and write
|
||
|
27B0000
|
trusted library allocation
|
page read and write
|
||
|
FE0000
|
unkown
|
page readonly
|
||
|
4A7E000
|
stack
|
page read and write
|
||
|
DA0000
|
trusted library allocation
|
page read and write
|
||
|
CA4000
|
trusted library allocation
|
page read and write
|
||
|
63C000
|
stack
|
page read and write
|
||
|
2807000
|
heap
|
page read and write
|
||
|
F52000
|
heap
|
page read and write
|
||
|
1270000
|
trusted library allocation
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
28F0000
|
heap
|
page execute and read and write
|
||
|
ADC000
|
heap
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
1160000
|
trusted library allocation
|
page execute and read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
1583000
|
heap
|
page read and write
|
||
|
714D000
|
stack
|
page read and write
|
||
|
4FF6000
|
trusted library allocation
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
22AD000
|
stack
|
page read and write
|
||
|
235D000
|
stack
|
page read and write
|
||
|
2098000
|
direct allocation
|
page read and write
|
||
|
14FE000
|
heap
|
page read and write
|
||
|
268E000
|
stack
|
page read and write
|
||
|
3D69000
|
trusted library allocation
|
page read and write
|
||
|
56EA000
|
stack
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
8B2000
|
heap
|
page read and write
|
||
|
2710000
|
heap
|
page read and write
|
||
|
5080000
|
heap
|
page read and write
|
||
|
208B000
|
direct allocation
|
page read and write
|
||
|
2D30000
|
heap
|
page read and write
|
||
|
42B5000
|
trusted library allocation
|
page read and write
|
||
|
87D000
|
stack
|
page read and write
|
||
|
CB3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1358000
|
heap
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
2DF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1160000
|
trusted library allocation
|
page read and write
|
||
|
280F000
|
stack
|
page read and write
|
||
|
375E000
|
unkown
|
page read and write
|
||
|
F50000
|
heap
|
page execute and read and write
|
||
|
2098000
|
direct allocation
|
page read and write
|
||
|
30FD000
|
stack
|
page read and write
|
||
|
2B21000
|
trusted library allocation
|
page read and write
|
||
|
F24000
|
heap
|
page read and write
|
||
|
10A0000
|
heap
|
page read and write
|
||
|
A4E000
|
stack
|
page read and write
|
||
|
3985000
|
trusted library allocation
|
page read and write
|
||
|
FD5000
|
heap
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
E7E000
|
stack
|
page read and write
|
||
|
20A0000
|
direct allocation
|
page read and write
|
||
|
5345000
|
heap
|
page read and write
|
||
|
2F81000
|
trusted library allocation
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
4EE000
|
heap
|
page read and write
|
||
|
1350000
|
trusted library allocation
|
page read and write
|
||
|
2098000
|
direct allocation
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
55A0000
|
trusted library allocation
|
page read and write
|
||
|
C9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3981000
|
trusted library allocation
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
2A2F000
|
unkown
|
page read and write
|
||
|
2098000
|
direct allocation
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
55C000
|
stack
|
page read and write
|
||
|
59A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E2F000
|
stack
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
10D4000
|
trusted library allocation
|
page read and write
|
||
|
2ACE000
|
stack
|
page read and write
|
||
|
2780000
|
heap
|
page read and write
|
||
|
CA0000
|
trusted library allocation
|
page read and write
|
||
|
EBA000
|
heap
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
1550000
|
heap
|
page read and write
|
||
|
2A90000
|
heap
|
page read and write
|
||
|
4EA0000
|
heap
|
page execute and read and write
|
||
|
340F000
|
unkown
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
3F81000
|
trusted library allocation
|
page read and write
|
||
|
3560000
|
heap
|
page read and write
|
||
|
3670000
|
heap
|
page read and write
|
||
|
5374000
|
heap
|
page read and write
|
||
|
1270000
|
trusted library allocation
|
page read and write
|
||
|
EC3000
|
trusted library allocation
|
page execute and read and write
|
||
|
28FB000
|
stack
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
271A000
|
trusted library allocation
|
page read and write
|
||
|
289C000
|
heap
|
page read and write
|
||
|
2CDC000
|
stack
|
page read and write
|
||
|
10F7000
|
trusted library allocation
|
page execute and read and write
|
||
|
58A7000
|
trusted library allocation
|
page read and write
|
||
|
2B0E000
|
stack
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
415000
|
unkown
|
page write copy
|
||
|
2E16000
|
trusted library allocation
|
page read and write
|
||
|
2B8F000
|
heap
|
page read and write
|
||
|
2FE0000
|
direct allocation
|
page read and write
|
||
|
47E000
|
stack
|
page read and write
|
||
|
13AE000
|
stack
|
page read and write
|
||
|
28E0000
|
trusted library allocation
|
page read and write
|
||
|
14D4000
|
trusted library allocation
|
page read and write
|
||
|
290C000
|
heap
|
page read and write
|
||
|
57C9000
|
trusted library allocation
|
page read and write
|
||
|
1500000
|
trusted library allocation
|
page read and write
|
||
|
ABF000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page read and write
|
||
|
2DEE000
|
stack
|
page read and write
|
||
|
2670000
|
heap
|
page read and write
|
||
|
1148000
|
heap
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
2098000
|
direct allocation
|
page read and write
|
||
|
5574000
|
trusted library allocation
|
page read and write
|
||
|
109C000
|
stack
|
page read and write
|
||
|
10D0000
|
trusted library allocation
|
page read and write
|
||
|
90E000
|
stack
|
page read and write
|
||
|
2C50000
|
direct allocation
|
page read and write
|
||
|
2790000
|
heap
|
page read and write
|
||
|
38E1000
|
trusted library allocation
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
5EB000
|
heap
|
page read and write
|
||
|
BFA000
|
trusted library allocation
|
page execute and read and write
|
||
|
51E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5811000
|
trusted library allocation
|
page read and write
|
||
|
2078000
|
direct allocation
|
page read and write
|
||
|
4FA0000
|
trusted library allocation
|
page read and write
|
||
|
5816000
|
trusted library allocation
|
page read and write
|
||
|
157B000
|
heap
|
page read and write
|
||
|
2950000
|
heap
|
page read and write
|
||
|
F09000
|
heap
|
page read and write
|
||
|
7AF000
|
stack
|
page read and write
|
||
|
5850000
|
heap
|
page read and write
|
||
|
129D000
|
trusted library allocation
|
page execute and read and write
|
||
|
12D7000
|
trusted library allocation
|
page execute and read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
2820000
|
trusted library allocation
|
page read and write
|
||
|
347E000
|
stack
|
page read and write
|
||
|
124E000
|
stack
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
1150000
|
trusted library allocation
|
page read and write
|
||
|
2D7D000
|
stack
|
page read and write
|
||
|
2210000
|
heap
|
page read and write
|
||
|
F2C000
|
heap
|
page read and write
|
||
|
107E000
|
stack
|
page read and write
|
||
|
126E000
|
heap
|
page read and write
|
||
|
1100000
|
trusted library allocation
|
page read and write
|
||
|
98E000
|
stack
|
page read and write
|
||
|
8BF000
|
stack
|
page read and write
|
||
|
2078000
|
direct allocation
|
page read and write
|
||
|
2078000
|
direct allocation
|
page read and write
|
||
|
C70000
|
trusted library allocation
|
page execute and read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
1251000
|
heap
|
page read and write
|
||
|
1360000
|
heap
|
page execute and read and write
|
||
|
CD7000
|
trusted library allocation
|
page execute and read and write
|
||
|
2711000
|
trusted library allocation
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
56D0000
|
heap
|
page execute and read and write
|
||
|
B3E000
|
stack
|
page read and write
|
||
|
2D0C000
|
stack
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
5970000
|
trusted library allocation
|
page read and write
|
||
|
2098000
|
direct allocation
|
page read and write
|
||
|
2C10000
|
heap
|
page read and write
|
||
|
2DAE000
|
stack
|
page read and write
|
||
|
2AFF000
|
stack
|
page read and write
|
||
|
15B1000
|
heap
|
page read and write
|
||
|
1506000
|
trusted library allocation
|
page execute and read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
2D60000
|
trusted library allocation
|
page read and write
|
||
|
276E000
|
stack
|
page read and write
|
||
|
31D0000
|
heap
|
page read and write
|
||
|
30E0000
|
heap
|
page read and write
|
||
|
52A0000
|
heap
|
page execute and read and write
|
||
|
356C000
|
heap
|
page read and write
|
||
|
C94000
|
trusted library allocation
|
page read and write
|
||
|
25CD000
|
stack
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
2850000
|
heap
|
page read and write
|
||
|
14E7000
|
trusted library allocation
|
page execute and read and write
|
||
|
265E000
|
stack
|
page read and write
|
||
|
2710000
|
direct allocation
|
page read and write
|
||
|
8A8000
|
heap
|
page read and write
|
||
|
57D5000
|
trusted library allocation
|
page read and write
|
||
|
EFD000
|
heap
|
page read and write
|
||
|
4D96000
|
heap
|
page read and write
|
||
|
115D000
|
trusted library allocation
|
page execute and read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
14E0000
|
trusted library allocation
|
page read and write
|
||
|
352E000
|
stack
|
page read and write
|
||
|
1197000
|
stack
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
C8C000
|
stack
|
page read and write
|
||
|
2FEE000
|
unkown
|
page read and write
|
||
|
11BF000
|
heap
|
page read and write
|
||
|
3270000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A0F000
|
stack
|
page read and write
|
||
|
278E000
|
stack
|
page read and write
|
||
|
2BFE000
|
unkown
|
page read and write
|
||
|
23EE000
|
unkown
|
page read and write
|
||
|
106C000
|
stack
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
2078000
|
direct allocation
|
page read and write
|
||
|
15DE000
|
heap
|
page read and write
|
||
|
2E70000
|
heap
|
page read and write
|
||
|
32FD000
|
stack
|
page read and write
|
||
|
CA0000
|
trusted library allocation
|
page read and write
|
||
|
1130000
|
trusted library allocation
|
page read and write
|
||
|
5B1000
|
heap
|
page read and write
|
||
|
252D000
|
stack
|
page read and write
|
||
|
FCE000
|
stack
|
page read and write
|
||
|
2DB2000
|
trusted library allocation
|
page read and write
|
||
|
3234000
|
heap
|
page read and write
|
||
|
277E000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3200000
|
heap
|
page read and write
|
||
|
13BD000
|
heap
|
page read and write
|
||
|
3B25000
|
trusted library allocation
|
page read and write
|
||
|
14FB000
|
heap
|
page read and write
|
||
|
2078000
|
direct allocation
|
page read and write
|
||
|
1540000
|
trusted library allocation
|
page execute and read and write
|
||
|
362F000
|
stack
|
page read and write
|
||
|
2A5D000
|
stack
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
157F000
|
heap
|
page read and write
|
||
|
EF8000
|
stack
|
page read and write
|
||
|
35AE000
|
stack
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
207C000
|
direct allocation
|
page read and write
|
||
|
3B21000
|
trusted library allocation
|
page read and write
|
||
|
1573000
|
heap
|
page read and write
|
||
|
27C1000
|
trusted library allocation
|
page read and write
|
||
|
4E4D000
|
stack
|
page read and write
|
||
|
AC7000
|
trusted library allocation
|
page execute and read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
9FA000
|
heap
|
page read and write
|
||
|
2DDC000
|
stack
|
page read and write
|
||
|
23F0000
|
heap
|
page read and write
|
||
|
D5D000
|
stack
|
page read and write
|
||
|
2760000
|
heap
|
page read and write
|
||
|
14EA000
|
trusted library allocation
|
page execute and read and write
|
||
|
AE1000
|
heap
|
page read and write
|
||
|
CC7000
|
trusted library allocation
|
page execute and read and write
|
||
|
CB4000
|
trusted library allocation
|
page read and write
|
||
|
2098000
|
direct allocation
|
page read and write
|
There are 1089 hidden memdumps, click here to show them.