Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
M13W1o3scc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\ScreenUpdateSync[1].exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\478F.tmp.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\773416\Welding.pif
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_478F.tmp.exe_b15f1ed1fbe05deb7bf8632b253ff5c7eae35c3_ce0698c2_34045723-5be5-429e-9efc-972a5ba8c6e1\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1D33.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue Oct 8 01:52:47 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1DFF.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1E3E.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\773416\A
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Bangladesh
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Completely
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Cool
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Diet
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Enclosure
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Halo
|
ASCII text, with very long lines (806), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Halo.bat (copy)
|
ASCII text, with very long lines (806), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Mobility
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Partition
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Reference
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Transmit
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Turtle
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Vienna
|
data
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 13 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\M13W1o3scc.exe
|
"C:\Users\user\Desktop\M13W1o3scc.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c move Halo Halo.bat & Halo.bat
|
|
|
|
C:\Windows\SysWOW64\findstr.exe
|
findstr /I "wrsa opssvc"
|
|
|
|
C:\Windows\SysWOW64\findstr.exe
|
findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd /c md 773416
|
|
|
|
C:\Windows\SysWOW64\findstr.exe
|
findstr /V "MineralAlertSignificantVanilla" Partition
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd /c copy /b ..\Transmit + ..\Turtle + ..\Vienna + ..\Diet + ..\Enclosure + ..\Bangladesh + ..\Mobility + ..\Cool + ..\Completely
A
|
|
|
|
C:\Users\user\AppData\Local\Temp\773416\Welding.pif
|
Welding.pif A
|
|
|
|
C:\Users\user\AppData\Local\Temp\773416\Welding.pif
|
C:\Users\user\AppData\Local\Temp\773416\Welding.pif
|
|
|
|
C:\Users\user\AppData\Local\Temp\478F.tmp.exe
|
"C:\Users\user\AppData\Local\Temp\478F.tmp.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\tasklist.exe
|
tasklist
|
||
|
C:\Windows\SysWOW64\tasklist.exe
|
tasklist
|
||
|
C:\Windows\SysWOW64\choice.exe
|
choice /d y /t 5
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 1048
|
There are 5 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://62.204.41.150
|
unknown
|
|
|
|
http://62.204.41.150/edd20096ecef326d.php
|
62.204.41.150
|
|
|
|
http://62.204.41.150/
|
62.204.41.150
|
|
|
|
http://www.autoitscript.com/autoit3/J
|
unknown
|
||
|
http://62.204.41.150/edd20096ecef326d.php;C7
|
unknown
|
||
|
http://62.204.41.151/ScreenUpdateSync.exe
|
unknown
|
||
|
http://62.204.41.150/edd20096ecef326d.php32
|
unknown
|
||
|
https://post-to-me.com/track_prt.php?sub=&cc=DEvector
|
unknown
|
||
|
http://62.204.41.150/edd20096ecef326d.phpL
|
unknown
|
||
|
http://62.204.41.150/ows
|
unknown
|
||
|
https://post-to-me.com/P
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://62.204.41.150PT~
|
unknown
|
||
|
http://62.204.41.150/edd20096ecef326d.phpDZT
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://62.204.41.151/ScreenUpdateSync.exegyaCannot
|
unknown
|
||
|
https://www.autoitscript.com/autoit3/
|
unknown
|
||
|
http://176.113.115.37/ScreenUpdateSync.exeprtscreen1566SOFTWARE
|
unknown
|
||
|
http://62.204.41.150/edd20096ecef326d.phpXZH
|
unknown
|
||
|
http://62.204.41.150/L
|
unknown
|
||
|
https://post-to-me.com/track_prt.php?sub=
|
unknown
|
||
|
https://post-to-me.com/track_prt.php?sub=0&cc=DE
|
172.67.179.207
|
||
|
http://176.113.115.37/ScreenUpdateSync.exe:
|
unknown
|
||
|
https://post-to-me.com/
|
unknown
|
||
|
http://176.113.115.37/ScreenUpdateSync.exe
|
unknown
|
||
|
http://62.204.41.150/Hx
|
unknown
|
||
|
http://62.204.41.150/edd20096ecef326d.phpd
|
unknown
|
There are 17 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
OrCgYwgbqLzMaeWAfOkOCMa.OrCgYwgbqLzMaeWAfOkOCMa
|
unknown
|
|
|
|
post-to-me.com
|
172.67.179.207
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
62.204.41.150
|
unknown
|
United Kingdom
|
|
|
|
176.113.115.37
|
unknown
|
Russian Federation
|
||
|
172.67.179.207
|
post-to-me.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\prtscreen
|
Enabled
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
|
SlowContextMenuEntries
|
||
|
\REGISTRY\A\{0fcbb6b0-3175-65a9-bac5-a990b9e7a1be}\Root\InventoryApplicationFile\478f.tmp.exe|1962e5cad39f4b2e
|
ProgramId
|
||
|
\REGISTRY\A\{0fcbb6b0-3175-65a9-bac5-a990b9e7a1be}\Root\InventoryApplicationFile\478f.tmp.exe|1962e5cad39f4b2e
|
FileId
|
||
|
\REGISTRY\A\{0fcbb6b0-3175-65a9-bac5-a990b9e7a1be}\Root\InventoryApplicationFile\478f.tmp.exe|1962e5cad39f4b2e
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{0fcbb6b0-3175-65a9-bac5-a990b9e7a1be}\Root\InventoryApplicationFile\478f.tmp.exe|1962e5cad39f4b2e
|
LongPathHash
|
||
|
\REGISTRY\A\{0fcbb6b0-3175-65a9-bac5-a990b9e7a1be}\Root\InventoryApplicationFile\478f.tmp.exe|1962e5cad39f4b2e
|
Name
|
||
|
\REGISTRY\A\{0fcbb6b0-3175-65a9-bac5-a990b9e7a1be}\Root\InventoryApplicationFile\478f.tmp.exe|1962e5cad39f4b2e
|
OriginalFileName
|
||
|
\REGISTRY\A\{0fcbb6b0-3175-65a9-bac5-a990b9e7a1be}\Root\InventoryApplicationFile\478f.tmp.exe|1962e5cad39f4b2e
|
Publisher
|
||
|
\REGISTRY\A\{0fcbb6b0-3175-65a9-bac5-a990b9e7a1be}\Root\InventoryApplicationFile\478f.tmp.exe|1962e5cad39f4b2e
|
Version
|
||
|
\REGISTRY\A\{0fcbb6b0-3175-65a9-bac5-a990b9e7a1be}\Root\InventoryApplicationFile\478f.tmp.exe|1962e5cad39f4b2e
|
BinFileVersion
|
||
|
\REGISTRY\A\{0fcbb6b0-3175-65a9-bac5-a990b9e7a1be}\Root\InventoryApplicationFile\478f.tmp.exe|1962e5cad39f4b2e
|
BinaryType
|
||
|
\REGISTRY\A\{0fcbb6b0-3175-65a9-bac5-a990b9e7a1be}\Root\InventoryApplicationFile\478f.tmp.exe|1962e5cad39f4b2e
|
ProductName
|
||
|
\REGISTRY\A\{0fcbb6b0-3175-65a9-bac5-a990b9e7a1be}\Root\InventoryApplicationFile\478f.tmp.exe|1962e5cad39f4b2e
|
ProductVersion
|
||
|
\REGISTRY\A\{0fcbb6b0-3175-65a9-bac5-a990b9e7a1be}\Root\InventoryApplicationFile\478f.tmp.exe|1962e5cad39f4b2e
|
LinkDate
|
||
|
\REGISTRY\A\{0fcbb6b0-3175-65a9-bac5-a990b9e7a1be}\Root\InventoryApplicationFile\478f.tmp.exe|1962e5cad39f4b2e
|
BinProductVersion
|
||
|
\REGISTRY\A\{0fcbb6b0-3175-65a9-bac5-a990b9e7a1be}\Root\InventoryApplicationFile\478f.tmp.exe|1962e5cad39f4b2e
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{0fcbb6b0-3175-65a9-bac5-a990b9e7a1be}\Root\InventoryApplicationFile\478f.tmp.exe|1962e5cad39f4b2e
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{0fcbb6b0-3175-65a9-bac5-a990b9e7a1be}\Root\InventoryApplicationFile\478f.tmp.exe|1962e5cad39f4b2e
|
Size
|
||
|
\REGISTRY\A\{0fcbb6b0-3175-65a9-bac5-a990b9e7a1be}\Root\InventoryApplicationFile\478f.tmp.exe|1962e5cad39f4b2e
|
Language
|
||
|
\REGISTRY\A\{0fcbb6b0-3175-65a9-bac5-a990b9e7a1be}\Root\InventoryApplicationFile\478f.tmp.exe|1962e5cad39f4b2e
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 13 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
80D000
|
heap
|
page read and write
|
|
|
|
22A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
22F0000
|
direct allocation
|
page read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
305C000
|
heap
|
page read and write
|
||
|
4424000
|
trusted library allocation
|
page read and write
|
||
|
317F000
|
heap
|
page read and write
|
||
|
174000
|
unkown
|
page write copy
|
||
|
26DE000
|
stack
|
page read and write
|
||
|
1024000
|
heap
|
page read and write
|
||
|
3010000
|
heap
|
page read and write
|
||
|
1F5000
|
heap
|
page read and write
|
||
|
64D000
|
heap
|
page read and write
|
||
|
64D000
|
heap
|
page read and write
|
||
|
2224000
|
heap
|
page read and write
|
||
|
3E80000
|
remote allocation
|
page read and write
|
||
|
45FF000
|
trusted library allocation
|
page read and write
|
||
|
661000
|
heap
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
30F0000
|
heap
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
4428000
|
trusted library allocation
|
page read and write
|
||
|
4427000
|
trusted library allocation
|
page read and write
|
||
|
661000
|
heap
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
4021000
|
trusted library allocation
|
page read and write
|
||
|
4F7E000
|
stack
|
page read and write
|
||
|
1250000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
64D000
|
heap
|
page read and write
|
||
|
ACC000
|
stack
|
page read and write
|
||
|
64D000
|
heap
|
page read and write
|
||
|
44C8000
|
trusted library allocation
|
page read and write
|
||
|
66E000
|
heap
|
page read and write
|
||
|
304A000
|
heap
|
page read and write
|
||
|
698000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
65D000
|
heap
|
page read and write
|
||
|
677000
|
heap
|
page read and write
|
||
|
4421000
|
trusted library allocation
|
page read and write
|
||
|
442B000
|
trusted library allocation
|
page read and write
|
||
|
5DE000
|
stack
|
page read and write
|
||
|
3193000
|
heap
|
page read and write
|
||
|
27E0000
|
heap
|
page read and write
|
||
|
4558000
|
trusted library allocation
|
page read and write
|
||
|
28A4000
|
heap
|
page read and write
|
||
|
659000
|
heap
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
4508000
|
trusted library allocation
|
page read and write
|
||
|
442F000
|
trusted library allocation
|
page read and write
|
||
|
44DC000
|
trusted library allocation
|
page read and write
|
||
|
65D000
|
heap
|
page read and write
|
||
|
317F000
|
heap
|
page read and write
|
||
|
2D06000
|
heap
|
page read and write
|
||
|
454E000
|
trusted library allocation
|
page read and write
|
||
|
442E000
|
trusted library allocation
|
page read and write
|
||
|
44F8000
|
trusted library allocation
|
page read and write
|
||
|
2DCE000
|
stack
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
304A000
|
heap
|
page read and write
|
||
|
64D000
|
heap
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
64D000
|
heap
|
page read and write
|
||
|
4515000
|
trusted library allocation
|
page read and write
|
||
|
4E2000
|
unkown
|
page execute and read and write
|
||
|
4F4000
|
unkown
|
page readonly
|
||
|
677000
|
heap
|
page read and write
|
||
|
1383000
|
heap
|
page read and write
|
||
|
4421000
|
trusted library allocation
|
page read and write
|
||
|
677000
|
heap
|
page read and write
|
||
|
3196000
|
heap
|
page read and write
|
||
|
3172000
|
heap
|
page read and write
|
||
|
27E4000
|
heap
|
page read and write
|
||
|
65D000
|
heap
|
page read and write
|
||
|
677000
|
heap
|
page read and write
|
||
|
442D000
|
trusted library allocation
|
page read and write
|
||
|
5500000
|
heap
|
page read and write
|
||
|
44CC000
|
trusted library allocation
|
page read and write
|
||
|
12D0000
|
heap
|
page read and write
|
||
|
677000
|
heap
|
page read and write
|
||
|
B1000
|
unkown
|
page execute read
|
||
|
27E2000
|
heap
|
page read and write
|
||
|
3030000
|
heap
|
page read and write
|
||
|
7E1000
|
heap
|
page execute and read and write
|
||
|
44E6000
|
trusted library allocation
|
page read and write
|
||
|
4424000
|
trusted library allocation
|
page read and write
|
||
|
3EBC000
|
trusted library allocation
|
page read and write
|
||
|
1A63E000
|
stack
|
page read and write
|
||
|
459C000
|
trusted library allocation
|
page read and write
|
||
|
12D8000
|
heap
|
page read and write
|
||
|
4203000
|
trusted library allocation
|
page read and write
|
||
|
1275000
|
heap
|
page read and write
|
||
|
3E5E000
|
trusted library allocation
|
page read and write
|
||
|
1344000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
44E8000
|
trusted library allocation
|
page read and write
|
||
|
66E000
|
heap
|
page read and write
|
||
|
40F000
|
unkown
|
page readonly
|
||
|
408000
|
unkown
|
page readonly
|
||
|
44D7000
|
trusted library allocation
|
page read and write
|
||
|
44CC000
|
trusted library allocation
|
page read and write
|
||
|
1AC5E000
|
stack
|
page read and write
|
||
|
859000
|
heap
|
page read and write
|
||
|
2F3E000
|
stack
|
page read and write
|
||
|
44B5000
|
trusted library allocation
|
page read and write
|
||
|
44D4000
|
trusted library allocation
|
page read and write
|
||
|
4510000
|
trusted library allocation
|
page read and write
|
||
|
67E000
|
heap
|
page read and write
|
||
|
66E000
|
heap
|
page read and write
|
||
|
9BF000
|
stack
|
page read and write
|
||
|
661000
|
heap
|
page read and write
|
||
|
2220000
|
heap
|
page read and write
|
||
|
661000
|
heap
|
page read and write
|
||
|
B0000
|
unkown
|
page readonly
|
||
|
4021000
|
trusted library allocation
|
page read and write
|
||
|
23BE000
|
stack
|
page read and write
|
||
|
170000
|
unkown
|
page write copy
|
||
|
166000
|
unkown
|
page readonly
|
||
|
64D000
|
heap
|
page read and write
|
||
|
3189000
|
heap
|
page read and write
|
||
|
451F000
|
trusted library allocation
|
page read and write
|
||
|
4427000
|
trusted library allocation
|
page read and write
|
||
|
45EB000
|
trusted library allocation
|
page read and write
|
||
|
41D000
|
unkown
|
page readonly
|
||
|
442C000
|
trusted library allocation
|
page read and write
|
||
|
843000
|
heap
|
page read and write
|
||
|
1345000
|
heap
|
page read and write
|
||
|
4B1000
|
unkown
|
page execute and read and write
|
||
|
4506000
|
trusted library allocation
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
49C1000
|
heap
|
page read and write
|
||
|
174000
|
unkown
|
page write copy
|
||
|
305C000
|
heap
|
page read and write
|
||
|
166000
|
unkown
|
page readonly
|
||
|
4424000
|
trusted library allocation
|
page read and write
|
||
|
318F000
|
stack
|
page read and write
|
||
|
3542000
|
heap
|
page read and write
|
||
|
4502000
|
trusted library allocation
|
page read and write
|
||
|
45DF000
|
trusted library allocation
|
page read and write
|
||
|
21B0000
|
heap
|
page read and write
|
||
|
44F6000
|
trusted library allocation
|
page read and write
|
||
|
3032000
|
heap
|
page read and write
|
||
|
3E21000
|
trusted library allocation
|
page read and write
|
||
|
79E000
|
stack
|
page read and write
|
||
|
4508000
|
trusted library allocation
|
page read and write
|
||
|
304E000
|
heap
|
page read and write
|
||
|
661000
|
heap
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
442F000
|
trusted library allocation
|
page read and write
|
||
|
4428000
|
trusted library allocation
|
page read and write
|
||
|
661000
|
heap
|
page read and write
|
||
|
44F2000
|
trusted library allocation
|
page read and write
|
||
|
305C000
|
heap
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
66E000
|
heap
|
page read and write
|
||
|
2330000
|
heap
|
page read and write
|
||
|
3189000
|
heap
|
page read and write
|
||
|
442B000
|
trusted library allocation
|
page read and write
|
||
|
2520000
|
heap
|
page read and write
|
||
|
1D30000
|
trusted library allocation
|
page read and write
|
||
|
3420000
|
heap
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
4508000
|
trusted library allocation
|
page read and write
|
||
|
2350000
|
heap
|
page read and write
|
||
|
450E000
|
trusted library allocation
|
page read and write
|
||
|
659000
|
heap
|
page read and write
|
||
|
1D30000
|
trusted library allocation
|
page read and write
|
||
|
27E8000
|
heap
|
page read and write
|
||
|
45AF000
|
trusted library allocation
|
page read and write
|
||
|
457D000
|
trusted library allocation
|
page read and write
|
||
|
317F000
|
heap
|
page read and write
|
||
|
451E000
|
trusted library allocation
|
page read and write
|
||
|
677000
|
heap
|
page read and write
|
||
|
4EDF000
|
stack
|
page read and write
|
||
|
49EF000
|
heap
|
page read and write
|
||
|
661000
|
heap
|
page read and write
|
||
|
442B000
|
trusted library allocation
|
page read and write
|
||
|
4426000
|
trusted library allocation
|
page read and write
|
||
|
304D000
|
heap
|
page read and write
|
||
|
4559000
|
trusted library allocation
|
page read and write
|
||
|
4425000
|
trusted library allocation
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
2355000
|
heap
|
page read and write
|
||
|
1D30000
|
trusted library allocation
|
page read and write
|
||
|
27E0000
|
heap
|
page read and write
|
||
|
3057000
|
heap
|
page read and write
|
||
|
45CF000
|
trusted library allocation
|
page read and write
|
||
|
2CCC000
|
stack
|
page read and write
|
||
|
503F000
|
stack
|
page read and write
|
||
|
484F000
|
stack
|
page read and write
|
||
|
319B000
|
heap
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
AFF000
|
stack
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
677000
|
heap
|
page read and write
|
||
|
659000
|
heap
|
page read and write
|
||
|
4198000
|
trusted library allocation
|
page read and write
|
||
|
140000
|
unkown
|
page readonly
|
||
|
140000
|
unkown
|
page readonly
|
||
|
442A000
|
trusted library allocation
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
2896000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
555000
|
heap
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
41F000
|
unkown
|
page read and write
|
||
|
1381000
|
heap
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
179000
|
unkown
|
page readonly
|
||
|
170000
|
unkown
|
page write copy
|
||
|
65D000
|
heap
|
page read and write
|
||
|
123E000
|
stack
|
page read and write
|
||
|
44D6000
|
trusted library allocation
|
page read and write
|
||
|
41B5000
|
trusted library allocation
|
page read and write
|
||
|
4A0F000
|
heap
|
page read and write
|
||
|
305C000
|
heap
|
page read and write
|
||
|
B0C000
|
stack
|
page read and write
|
||
|
251F000
|
stack
|
page read and write
|
||
|
4422000
|
trusted library allocation
|
page read and write
|
||
|
442B000
|
trusted library allocation
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
179000
|
unkown
|
page readonly
|
||
|
27DF000
|
stack
|
page read and write
|
||
|
1333000
|
heap
|
page read and write
|
||
|
B1000
|
unkown
|
page execute read
|
||
|
44DB000
|
trusted library allocation
|
page read and write
|
||
|
1A9BD000
|
stack
|
page read and write
|
||
|
65D000
|
heap
|
page read and write
|
||
|
65C000
|
unkown
|
page execute and read and write
|
||
|
677000
|
heap
|
page read and write
|
||
|
49DC000
|
heap
|
page read and write
|
||
|
659000
|
heap
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
61E000
|
heap
|
page read and write
|
||
|
442E000
|
trusted library allocation
|
page read and write
|
||
|
B6B000
|
stack
|
page read and write
|
||
|
2413000
|
heap
|
page read and write
|
||
|
316E000
|
heap
|
page read and write
|
||
|
316E000
|
heap
|
page read and write
|
||
|
2FFF000
|
stack
|
page read and write
|
||
|
23FE000
|
stack
|
page read and write
|
||
|
442B000
|
trusted library allocation
|
page read and write
|
||
|
134B000
|
heap
|
page read and write
|
||
|
31B7000
|
heap
|
page read and write
|
||
|
66E000
|
heap
|
page read and write
|
||
|
21FE000
|
stack
|
page read and write
|
||
|
40B000
|
unkown
|
page write copy
|
||
|
64D000
|
heap
|
page read and write
|
||
|
1318000
|
heap
|
page read and write
|
||
|
4424000
|
trusted library allocation
|
page read and write
|
||
|
2D8E000
|
stack
|
page read and write
|
||
|
2370000
|
heap
|
page read and write
|
||
|
44D6000
|
trusted library allocation
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
4427000
|
trusted library allocation
|
page read and write
|
||
|
44EE000
|
trusted library allocation
|
page read and write
|
||
|
40F7000
|
trusted library allocation
|
page read and write
|
||
|
319B000
|
heap
|
page read and write
|
||
|
67E000
|
heap
|
page read and write
|
||
|
1AB5E000
|
stack
|
page read and write
|
||
|
661000
|
heap
|
page read and write
|
||
|
4422000
|
trusted library allocation
|
page read and write
|
||
|
1270000
|
heap
|
page read and write
|
||
|
44B9000
|
trusted library allocation
|
page read and write
|
||
|
3E21000
|
trusted library allocation
|
page read and write
|
||
|
456F000
|
trusted library allocation
|
page read and write
|
||
|
3EA1000
|
trusted library allocation
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
64D000
|
heap
|
page read and write
|
||
|
140000
|
unkown
|
page readonly
|
||
|
661000
|
heap
|
page read and write
|
||
|
442B000
|
trusted library allocation
|
page read and write
|
||
|
44C1000
|
trusted library allocation
|
page read and write
|
||
|
442C000
|
trusted library allocation
|
page read and write
|
||
|
659000
|
heap
|
page read and write
|
||
|
659000
|
heap
|
page read and write
|
||
|
44F3000
|
trusted library allocation
|
page read and write
|
||
|
66E000
|
heap
|
page read and write
|
||
|
44B8000
|
trusted library allocation
|
page read and write
|
||
|
304A000
|
heap
|
page read and write
|
||
|
3195000
|
heap
|
page read and write
|
||
|
27EB000
|
heap
|
page read and write
|
||
|
44BD000
|
trusted library allocation
|
page read and write
|
||
|
4426000
|
trusted library allocation
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
677000
|
heap
|
page read and write
|
||
|
4423000
|
trusted library allocation
|
page read and write
|
||
|
4021000
|
trusted library allocation
|
page read and write
|
||
|
442A000
|
trusted library allocation
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
44E4000
|
trusted library allocation
|
page read and write
|
||
|
2FBE000
|
stack
|
page read and write
|
||
|
1345000
|
heap
|
page read and write
|
||
|
304A000
|
heap
|
page read and write
|
||
|
4425000
|
trusted library allocation
|
page read and write
|
||
|
661000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
444C000
|
stack
|
page read and write
|
||
|
64D000
|
heap
|
page read and write
|
||
|
659000
|
heap
|
page read and write
|
||
|
4422000
|
trusted library allocation
|
page read and write
|
||
|
45A7000
|
trusted library allocation
|
page read and write
|
||
|
3F33000
|
trusted library allocation
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
48C0000
|
heap
|
page read and write
|
||
|
4422000
|
trusted library allocation
|
page read and write
|
||
|
65D000
|
heap
|
page read and write
|
||
|
2B6C000
|
stack
|
page read and write
|
||
|
677000
|
heap
|
page read and write
|
||
|
232E000
|
stack
|
page read and write
|
||
|
4021000
|
trusted library allocation
|
page read and write
|
||
|
38BE000
|
stack
|
page read and write
|
||
|
66E000
|
heap
|
page read and write
|
||
|
4514000
|
trusted library allocation
|
page read and write
|
||
|
3EBE000
|
stack
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
2D8E000
|
stack
|
page read and write
|
||
|
64D000
|
heap
|
page read and write
|
||
|
235B000
|
heap
|
page read and write
|
||
|
461000
|
unkown
|
page read and write
|
||
|
B0000
|
unkown
|
page readonly
|
||
|
27ED000
|
heap
|
page read and write
|
||
|
319B000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
7CE000
|
heap
|
page read and write
|
||
|
442E000
|
trusted library allocation
|
page read and write
|
||
|
44F7000
|
trusted library allocation
|
page read and write
|
||
|
174000
|
unkown
|
page write copy
|
||
|
44E4000
|
trusted library allocation
|
page read and write
|
||
|
44F9000
|
trusted library allocation
|
page read and write
|
||
|
2D4E000
|
stack
|
page read and write
|
||
|
4505000
|
trusted library allocation
|
page read and write
|
||
|
3E21000
|
trusted library allocation
|
page read and write
|
||
|
4428000
|
trusted library allocation
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
4F4000
|
unkown
|
page readonly
|
||
|
302E000
|
heap
|
page read and write
|
||
|
44E4000
|
trusted library allocation
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
4FFE000
|
stack
|
page read and write
|
||
|
1A77E000
|
stack
|
page read and write
|
||
|
4424000
|
trusted library allocation
|
page read and write
|
||
|
698000
|
heap
|
page read and write
|
||
|
27EE000
|
heap
|
page read and write
|
||
|
442D000
|
trusted library allocation
|
page read and write
|
||
|
317B000
|
heap
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
410D000
|
trusted library allocation
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
358E000
|
stack
|
page read and write
|
||
|
3170000
|
heap
|
page read and write
|
||
|
354F000
|
stack
|
page read and write
|
||
|
66E000
|
heap
|
page read and write
|
||
|
317F000
|
heap
|
page read and write
|
||
|
1AB0E000
|
stack
|
page read and write
|
||
|
1AA0E000
|
stack
|
page read and write
|
||
|
659000
|
heap
|
page read and write
|
||
|
4E1E000
|
stack
|
page read and write
|
||
|
66E000
|
heap
|
page read and write
|
||
|
BBE000
|
stack
|
page read and write
|
||
|
65D000
|
heap
|
page read and write
|
||
|
3E21000
|
trusted library allocation
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
61A000
|
heap
|
page read and write
|
||
|
27E0000
|
heap
|
page read and write
|
||
|
65D000
|
heap
|
page read and write
|
||
|
368F000
|
stack
|
page read and write
|
||
|
65D000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page read and write
|
||
|
3E21000
|
trusted library allocation
|
page read and write
|
||
|
4BD000
|
unkown
|
page execute and read and write
|
||
|
3428000
|
heap
|
page read and write
|
||
|
44E5000
|
trusted library allocation
|
page read and write
|
||
|
30C0000
|
heap
|
page read and write
|
||
|
4518000
|
trusted library allocation
|
page read and write
|
||
|
450C000
|
trusted library allocation
|
page read and write
|
||
|
302E000
|
heap
|
page read and write
|
||
|
3E80000
|
remote allocation
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
44DD000
|
trusted library allocation
|
page read and write
|
||
|
442E000
|
trusted library allocation
|
page read and write
|
||
|
659000
|
heap
|
page read and write
|
||
|
44E9000
|
trusted library allocation
|
page read and write
|
||
|
9DF000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
44C5000
|
trusted library allocation
|
page read and write
|
||
|
44B8000
|
trusted library allocation
|
page read and write
|
||
|
166000
|
unkown
|
page readonly
|
||
|
4429000
|
trusted library allocation
|
page read and write
|
||
|
314F000
|
stack
|
page read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
65D000
|
heap
|
page read and write
|
||
|
3018000
|
heap
|
page read and write
|
||
|
65D000
|
heap
|
page read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
B1000
|
unkown
|
page execute read
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
442B000
|
trusted library allocation
|
page read and write
|
||
|
4BAC000
|
stack
|
page read and write
|
||
|
170000
|
unkown
|
page write copy
|
||
|
40E6000
|
trusted library allocation
|
page read and write
|
||
|
442D000
|
trusted library allocation
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
4424000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
3189000
|
heap
|
page read and write
|
||
|
4E9E000
|
stack
|
page read and write
|
||
|
1024000
|
heap
|
page read and write
|
||
|
442A000
|
trusted library allocation
|
page read and write
|
||
|
4021000
|
trusted library allocation
|
page read and write
|
||
|
4428000
|
trusted library allocation
|
page read and write
|
||
|
3CBF000
|
stack
|
page read and write
|
||
|
8DF000
|
stack
|
page read and write
|
||
|
27E3000
|
heap
|
page read and write
|
||
|
451F000
|
trusted library allocation
|
page read and write
|
||
|
4021000
|
trusted library allocation
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
64A000
|
unkown
|
page execute and read and write
|
||
|
64A000
|
heap
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
3192000
|
heap
|
page read and write
|
||
|
4429000
|
trusted library allocation
|
page read and write
|
||
|
4421000
|
trusted library allocation
|
page read and write
|
||
|
677000
|
heap
|
page read and write
|
||
|
4109000
|
trusted library allocation
|
page read and write
|
||
|
2DCF000
|
stack
|
page read and write
|
||
|
659000
|
heap
|
page read and write
|
||
|
460000
|
unkown
|
page readonly
|
||
|
661000
|
heap
|
page read and write
|
||
|
4F3F000
|
stack
|
page read and write
|
||
|
98000
|
stack
|
page read and write
|
||
|
4021000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
659000
|
heap
|
page read and write
|
||
|
44B2000
|
trusted library allocation
|
page read and write
|
||
|
44E5000
|
trusted library allocation
|
page read and write
|
||
|
451A000
|
trusted library allocation
|
page read and write
|
||
|
458D000
|
trusted library allocation
|
page read and write
|
||
|
319F000
|
heap
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
3E80000
|
remote allocation
|
page read and write
|
||
|
3056000
|
heap
|
page read and write
|
||
|
1A87F000
|
stack
|
page read and write
|
||
|
344E000
|
stack
|
page read and write
|
||
|
2D16000
|
heap
|
page read and write
|
||
|
179000
|
unkown
|
page readonly
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
134E000
|
heap
|
page read and write
|
||
|
66E000
|
heap
|
page read and write
|
||
|
3000000
|
heap
|
page read and write
|
||
|
659000
|
heap
|
page read and write
|
||
|
41DB000
|
trusted library allocation
|
page read and write
|
||
|
317C000
|
heap
|
page read and write
|
||
|
4515000
|
trusted library allocation
|
page read and write
|
||
|
4420000
|
trusted library allocation
|
page read and write
|
||
|
B0000
|
unkown
|
page readonly
|
||
|
661000
|
heap
|
page read and write
|
||
|
442A000
|
trusted library allocation
|
page read and write
|
||
|
64D000
|
heap
|
page read and write
|
||
|
7CA000
|
heap
|
page read and write
|
||
|
4507000
|
trusted library allocation
|
page read and write
|
||
|
27E0000
|
heap
|
page read and write
|
||
|
31B0000
|
heap
|
page read and write
|
||
|
44F0000
|
trusted library allocation
|
page read and write
|
||
|
3100000
|
heap
|
page read and write
|
||
|
314E000
|
stack
|
page read and write
|
||
|
659000
|
heap
|
page read and write
|
||
|
66E000
|
heap
|
page read and write
|
||
|
44DA000
|
trusted library allocation
|
page read and write
|
||
|
3731000
|
heap
|
page read and write
|
||
|
828000
|
heap
|
page read and write
|
||
|
44B000
|
unkown
|
page write copy
|
||
|
27E8000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
27E2000
|
heap
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
5070000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
2C8C000
|
stack
|
page read and write
|
||
|
2BAC000
|
stack
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
4422000
|
trusted library allocation
|
page read and write
|
||
|
3189000
|
heap
|
page read and write
|
||
|
5050000
|
heap
|
page read and write
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
194000
|
stack
|
page read and write
|
||
|
456A000
|
trusted library allocation
|
page read and write
|
||
|
4422000
|
trusted library allocation
|
page read and write
|
||
|
159F000
|
stack
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
44E7000
|
trusted library allocation
|
page read and write
|
||
|
30C8000
|
heap
|
page read and write
|
||
|
4EFE000
|
stack
|
page read and write
|
||
|
4E5F000
|
stack
|
page read and write
|
||
|
66E000
|
heap
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
4420000
|
trusted library allocation
|
page read and write
|
||
|
45B7000
|
trusted library allocation
|
page read and write
|
||
|
44D3000
|
trusted library allocation
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
4FBF000
|
stack
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
2F37000
|
heap
|
page read and write
|
||
|
66E000
|
heap
|
page read and write
|
||
|
44C2000
|
trusted library allocation
|
page read and write
|
||
|
49C0000
|
heap
|
page read and write
|
||
|
442E000
|
trusted library allocation
|
page read and write
|
||
|
44EF000
|
trusted library allocation
|
page read and write
|
||
|
4293000
|
trusted library allocation
|
page read and write
|
||
|
2F7F000
|
stack
|
page read and write
|
||
|
65D000
|
heap
|
page read and write
|
||
|
1A73F000
|
stack
|
page read and write
|
||
|
4421000
|
trusted library allocation
|
page read and write
|
||
|
318D000
|
heap
|
page read and write
|
||
|
44F4000
|
trusted library allocation
|
page read and write
|
||
|
442E000
|
trusted library allocation
|
page read and write
|
||
|
65D000
|
heap
|
page read and write
|
||
|
442A000
|
trusted library allocation
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
4422000
|
trusted library allocation
|
page read and write
|
||
|
442F000
|
trusted library allocation
|
page read and write
|
||
|
661000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
460F000
|
trusted library allocation
|
page read and write
|
||
|
4021000
|
trusted library allocation
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
40D4000
|
trusted library allocation
|
page read and write
|
||
|
3EA5000
|
trusted library allocation
|
page read and write
|
||
|
380C000
|
stack
|
page read and write
|
||
|
305C000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3158000
|
heap
|
page read and write
|
||
|
9FE000
|
stack
|
page read and write
|
||
|
310E000
|
stack
|
page read and write
|
||
|
134E000
|
heap
|
page read and write
|
||
|
59E000
|
stack
|
page read and write
|
||
|
44B1000
|
trusted library allocation
|
page read and write
|
||
|
677000
|
heap
|
page read and write
|
||
|
452E000
|
trusted library allocation
|
page read and write
|
||
|
45AD000
|
trusted library allocation
|
page read and write
|
||
|
318C000
|
heap
|
page read and write
|
||
|
3FBF000
|
stack
|
page read and write
|
||
|
319B000
|
heap
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
2E10000
|
heap
|
page read and write
|
||
|
1A5FF000
|
stack
|
page read and write
|
||
|
11FA000
|
stack
|
page read and write
|
||
|
3E21000
|
trusted library allocation
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
4021000
|
trusted library allocation
|
page read and write
|
||
|
4BB0000
|
trusted library allocation
|
page read and write
|
||
|
442E000
|
trusted library allocation
|
page read and write
|
||
|
4EE0000
|
heap
|
page read and write
|
||
|
1A8BE000
|
stack
|
page read and write
|
||
|
44C1000
|
trusted library allocation
|
page read and write
|
||
|
4427000
|
trusted library allocation
|
page read and write
|
||
|
4420000
|
trusted library allocation
|
page read and write
|
||
|
40D9000
|
trusted library allocation
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
661000
|
heap
|
page read and write
|
||
|
674000
|
heap
|
page read and write
|
||
|
2410000
|
heap
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
66E000
|
heap
|
page read and write
|
||
|
83B000
|
heap
|
page read and write
|
||
|
4513000
|
trusted library allocation
|
page read and write
|
There are 560 hidden memdumps, click here to show them.