Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
run0796.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\VCRUNTIME140.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\_bz2.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\_hashlib.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\_lzma.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\_socket.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\_ssl.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-core-console-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-core-datetime-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-core-debug-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-core-errorhandling-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-core-file-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-core-file-l1-2-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-core-file-l2-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-core-handle-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-core-heap-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-core-interlocked-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-core-libraryloader-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-core-localization-l1-2-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-core-memory-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-core-namedpipe-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-core-processenvironment-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-core-processthreads-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-core-processthreads-l1-1-1.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-core-profile-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-core-rtlsupport-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-core-string-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-core-synch-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-core-synch-l1-2-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-core-sysinfo-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-core-timezone-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-core-util-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-crt-conio-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-crt-convert-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-crt-environment-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-crt-filesystem-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-crt-heap-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-crt-locale-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-crt-math-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-crt-process-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-crt-runtime-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-crt-stdio-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-crt-string-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-crt-time-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\api-ms-win-crt-utility-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\base_library.zip
|
Zip archive data, at least v2.0 to extract, compression method=store
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\libcrypto-1_1.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\libssl-1_1.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\python38.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\select.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\ucrtbase.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\_MEI64722\unicodedata.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
There are 42 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\run0796.exe
|
"C:\Users\user\Desktop\run0796.exe"
|
 |
|
|
C:\Users\user\Desktop\run0796.exe
|
"C:\Users\user\Desktop\run0796.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://crl.usertrtok
|
unknown
|
||
|
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
|
unknown
|
||
|
http://python.org/dev/peps/pep-0263/
|
unknown
|
||
|
http://www.eclipse.org/0
|
unknown
|
||
|
https://mahler:8092/site-updates.py
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
http://crl.usertrtokstrtok_sucrtbase.strtok_sstrxfrmucrtbase.strxfrmtolowerucrtbase.tolowertoupperuc
|
unknown
|
||
|
http://www.robotstxt.org/norobots-rfc.txt
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
http://ocsp.thawte.com0
|
unknown
|
||
|
http://www.python.org/
|
unknown
|
||
|
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
|
unknown
|
||
|
http://crl.mic
|
unknown
|
||
|
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
|
unknown
|
||
|
http://www.python.org/download/releases/2.3/mro/.
|
unknown
|
||
|
http://crl.usert
|
unknown
|
||
|
https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
|
unknown
|
||
|
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
|
unknown
|
||
|
http://ocsp.digicert
|
unknown
|
||
|
http://crl.sectigo.com/
|
unknown
|
||
|
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
|
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
|
unknown
|
||
|
https://www.openssl.org/H
|
unknown
|
||
|
http://www.python.org/dev/peps/pep-0205/
|
unknown
|
||
|
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
|
unknown
|
There are 15 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1AA09D45000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
7FFE01380000
|
unkown
|
page readonly
|
||
|
1AA09DCD000
|
heap
|
page read and write
|
||
|
1AA09DCD000
|
heap
|
page read and write
|
||
|
2523FAC0000
|
heap
|
page read and write
|
||
|
228F3CE000
|
stack
|
page read and write
|
||
|
1AA09C90000
|
direct allocation
|
page read and write
|
||
|
9670FEA000
|
stack
|
page read and write
|
||
|
1AA09DA6000
|
heap
|
page read and write
|
||
|
228EFE1000
|
stack
|
page read and write
|
||
|
1AA09DA6000
|
heap
|
page read and write
|
||
|
7FF60F181000
|
unkown
|
page execute read
|
||
|
1AA09D9B000
|
heap
|
page read and write
|
||
|
1AA09D0D000
|
heap
|
page read and write
|
||
|
1AA09DA8000
|
heap
|
page read and write
|
||
|
7FFE13300000
|
unkown
|
page readonly
|
||
|
1AA09DAE000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
1AA0A589000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
1AA09D6B000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
1AA09DAC000
|
heap
|
page read and write
|
||
|
1AA09DC3000
|
heap
|
page read and write
|
||
|
1AA09D6B000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
1AA09D34000
|
heap
|
page read and write
|
||
|
7FFDFB864000
|
unkown
|
page execute and read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
1AA09C10000
|
heap
|
page read and write
|
||
|
1AA09DC0000
|
heap
|
page read and write
|
||
|
1AA09DA6000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
1AA09DCD000
|
heap
|
page read and write
|
||
|
1AA09DA6000
|
heap
|
page read and write
|
||
|
1AA09DAE000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
1AA09D2F000
|
heap
|
page read and write
|
||
|
7FF60F180000
|
unkown
|
page readonly
|
||
|
7FF60F1CE000
|
unkown
|
page readonly
|
||
|
1AA09D45000
|
heap
|
page read and write
|
||
|
1AA09D71000
|
heap
|
page read and write
|
||
|
7FF60F1BD000
|
unkown
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
1AA09B20000
|
heap
|
page read and write
|
||
|
1AA09DB1000
|
heap
|
page read and write
|
||
|
1AA09D9B000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
1AA09D1C000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
1AA09D6B000
|
heap
|
page read and write
|
||
|
1AA09D38000
|
heap
|
page read and write
|
||
|
1AA09D63000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
1AA09D9B000
|
heap
|
page read and write
|
||
|
1AA09D1C000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
1AA09DB3000
|
heap
|
page read and write
|
||
|
1AA09DAE000
|
heap
|
page read and write
|
||
|
1AA09D83000
|
heap
|
page read and write
|
||
|
7FF60F1BD000
|
unkown
|
page write copy
|
||
|
1AA09D63000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
1AA09D8C000
|
heap
|
page read and write
|
||
|
1AA09D4A000
|
heap
|
page read and write
|
||
|
1AA09D45000
|
heap
|
page read and write
|
||
|
1AA0A310000
|
direct allocation
|
page read and write
|
||
|
1AA09DAE000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
2523FAE0000
|
heap
|
page read and write
|
||
|
1AA09D34000
|
heap
|
page read and write
|
||
|
1AA09D9D000
|
heap
|
page read and write
|
||
|
1AA09D47000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
1AA09D34000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
7FFE148E9000
|
unkown
|
page execute and read and write
|
||
|
1AA09D63000
|
heap
|
page read and write
|
||
|
1AA09DB5000
|
heap
|
page read and write
|
||
|
1AA09DB1000
|
heap
|
page read and write
|
||
|
96713CE000
|
stack
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
1AA09DA6000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
1AA09DC0000
|
heap
|
page read and write
|
||
|
7FFE148E1000
|
unkown
|
page execute and read and write
|
||
|
1AA09D4E000
|
heap
|
page read and write
|
||
|
7FF60F180000
|
unkown
|
page readonly
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
7FFDFB89E000
|
unkown
|
page execute and write copy
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
7FF60F180000
|
unkown
|
page readonly
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
7FF60F1BD000
|
unkown
|
page write copy
|
||
|
1AA09D6B000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
7FFDFB75D000
|
unkown
|
page execute and read and write
|
||
|
1AA09DAC000
|
heap
|
page read and write
|
||
|
7FFE148E0000
|
unkown
|
page readonly
|
||
|
228EFED000
|
stack
|
page read and write
|
||
|
7FFE13283000
|
unkown
|
page execute and read and write
|
||
|
1AA0A450000
|
direct allocation
|
page read and write
|
||
|
96711DE000
|
stack
|
page read and write
|
||
|
1AA0A490000
|
direct allocation
|
page read and write
|
||
|
1AA09D4C000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
1AA0A190000
|
direct allocation
|
page read and write
|
||
|
7FF60F1CC000
|
unkown
|
page read and write
|
||
|
1AA0A580000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
1AA09DAE000
|
heap
|
page read and write
|
||
|
2523FC80000
|
heap
|
page read and write
|
||
|
2523F8F9000
|
heap
|
page read and write
|
||
|
1AA09D4E000
|
heap
|
page read and write
|
||
|
7FF60F1C0000
|
unkown
|
page read and write
|
||
|
1AA09D86000
|
heap
|
page read and write
|
||
|
7FFE148EA000
|
unkown
|
page execute and write copy
|
||
|
1AA09D45000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
1AA09DC7000
|
heap
|
page read and write
|
||
|
1AA0A610000
|
direct allocation
|
page read and write
|
||
|
2523FAB0000
|
heap
|
page readonly
|
||
|
7FF60F181000
|
unkown
|
page execute read
|
||
|
1AA09DA6000
|
heap
|
page read and write
|
||
|
1AA0A529000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
1AA09D4E000
|
heap
|
page read and write
|
||
|
7FFE13271000
|
unkown
|
page execute and read and write
|
||
|
1AA09D36000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
7FFDFB899000
|
unkown
|
page execute and read and write
|
||
|
1AA09DAE000
|
heap
|
page read and write
|
||
|
7FFE13313000
|
unkown
|
page readonly
|
||
|
7FF60F1CE000
|
unkown
|
page readonly
|
||
|
1AA09D7F000
|
heap
|
page read and write
|
||
|
1AA09D11000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
2523F8D0000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
1AA09D72000
|
heap
|
page read and write
|
||
|
7FFE13288000
|
unkown
|
page read and write
|
||
|
7FFDFB471000
|
unkown
|
page execute and read and write
|
||
|
1AA09DB5000
|
heap
|
page read and write
|
||
|
7FF60F180000
|
unkown
|
page readonly
|
||
|
2523F8D8000
|
heap
|
page read and write
|
||
|
1AA09D30000
|
heap
|
page read and write
|
||
|
1AA0A650000
|
direct allocation
|
page read and write
|
||
|
1AA09D30000
|
heap
|
page read and write
|
||
|
1AA0A150000
|
direct allocation
|
page read and write
|
||
|
7FF60F1AA000
|
unkown
|
page readonly
|
||
|
1AA0A595000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
1AA09D6B000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
7FF60F1BD000
|
unkown
|
page read and write
|
||
|
1AA09DA4000
|
heap
|
page read and write
|
||
|
1AA09D78000
|
heap
|
page read and write
|
||
|
1AA09DA9000
|
heap
|
page read and write
|
||
|
7FF60F1CC000
|
unkown
|
page read and write
|
||
|
1AA0A593000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
1AA0A4D0000
|
direct allocation
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
1AA09D4E000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
1AA09D40000
|
heap
|
page read and write
|
||
|
1AA09DCC000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
1AA09D72000
|
heap
|
page read and write
|
||
|
1AA09D66000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
1AA09D3E000
|
heap
|
page read and write
|
||
|
7FF60F1AA000
|
unkown
|
page readonly
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
1AA09DA6000
|
heap
|
page read and write
|
||
|
7FFE13281000
|
unkown
|
page execute and read and write
|
||
|
1AA09D77000
|
heap
|
page read and write
|
||
|
1AA09D64000
|
heap
|
page read and write
|
||
|
1AA09DA0000
|
heap
|
page read and write
|
||
|
1AA09D0F000
|
heap
|
page read and write
|
||
|
2523F8E4000
|
heap
|
page read and write
|
||
|
1AA09C80000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
7FFDFB800000
|
unkown
|
page execute and read and write
|
||
|
1AA09CD0000
|
heap
|
page read and write
|
||
|
9670FE3000
|
stack
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
1AA09D7C000
|
heap
|
page read and write
|
||
|
1AA09DB5000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
1AA09D69000
|
heap
|
page read and write
|
||
|
1AA09DCD000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
1AA09D4E000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
1AA09CE5000
|
heap
|
page read and write
|
||
|
1AA09DAC000
|
heap
|
page read and write
|
||
|
1AA09C30000
|
heap
|
page read and write
|
||
|
1AA09D76000
|
heap
|
page read and write
|
||
|
228F1DE000
|
stack
|
page read and write
|
||
|
7FF60F1AA000
|
unkown
|
page readonly
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
1AA0A690000
|
direct allocation
|
page read and write
|
||
|
1AA09D78000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
1AA09D6F000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
1AA09DAA000
|
heap
|
page read and write
|
||
|
1AA09D30000
|
heap
|
page read and write
|
||
|
7FFE13301000
|
unkown
|
page execute read
|
||
|
1AA09D38000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
1AA09D6B000
|
heap
|
page read and write
|
||
|
7FF60F181000
|
unkown
|
page execute read
|
||
|
1AA09DC1000
|
heap
|
page read and write
|
||
|
1AA09D73000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
1AA09D9B000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
1AA09DAE000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
1AA0A510000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
1AA09D0E000
|
heap
|
page read and write
|
||
|
1AA0A110000
|
direct allocation
|
page read and write
|
||
|
1AA09D5F000
|
heap
|
page read and write
|
||
|
1AA09D6B000
|
heap
|
page read and write
|
||
|
9670FEC000
|
stack
|
page read and write
|
||
|
1AA09C00000
|
heap
|
page readonly
|
||
|
1AA09D8F000
|
heap
|
page read and write
|
||
|
7FFE13312000
|
unkown
|
page read and write
|
||
|
1AA09D38000
|
heap
|
page read and write
|
||
|
1AA09DBA000
|
heap
|
page read and write
|
||
|
1AA09DC3000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
1AA09D6B000
|
heap
|
page read and write
|
||
|
1AA09DA7000
|
heap
|
page read and write
|
||
|
1AA09DC0000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
1AA09DC1000
|
heap
|
page read and write
|
||
|
7FFE13270000
|
unkown
|
page readonly
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
1AA09DB3000
|
heap
|
page read and write
|
||
|
1AA09D76000
|
heap
|
page read and write
|
||
|
1AA09DAC000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
1AA09D6F000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
7FFDFB847000
|
unkown
|
page execute and read and write
|
||
|
1AA09D45000
|
heap
|
page read and write
|
||
|
1AA09D47000
|
heap
|
page read and write
|
||
|
2523F9D0000
|
heap
|
page read and write
|
||
|
7FFDFB89F000
|
unkown
|
page read and write
|
||
|
1AA09DB3000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
7FFE148EC000
|
unkown
|
page read and write
|
||
|
7FFE13287000
|
unkown
|
page execute and write copy
|
||
|
1AA09DAC000
|
heap
|
page read and write
|
||
|
7FF60F181000
|
unkown
|
page execute read
|
||
|
7FF60F1AA000
|
unkown
|
page readonly
|
||
|
1AA09DCC000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
1AA0A520000
|
heap
|
page read and write
|
||
|
7FFDFB803000
|
unkown
|
page execute and read and write
|
||
|
1AA09DB2000
|
heap
|
page read and write
|
||
|
7FFE13286000
|
unkown
|
page execute and read and write
|
||
|
7FFE01431000
|
unkown
|
page readonly
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
1AA09DA6000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
1AA09DB1000
|
heap
|
page read and write
|
||
|
7FFE1330E000
|
unkown
|
page readonly
|
||
|
1AA09DCE000
|
heap
|
page read and write
|
||
|
7FF60F1CE000
|
unkown
|
page readonly
|
||
|
1AA09DAE000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
7FFE0146C000
|
unkown
|
page readonly
|
||
|
1AA09D45000
|
heap
|
page read and write
|
||
|
7FFDFB86F000
|
unkown
|
page execute and read and write
|
||
|
1AA09D6B000
|
heap
|
page read and write
|
||
|
1AA09D4A000
|
heap
|
page read and write
|
||
|
1AA09DA6000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
1AA09DA8000
|
heap
|
page read and write
|
||
|
1AA09D6F000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
2523F8EA000
|
heap
|
page read and write
|
||
|
7FF60F1CE000
|
unkown
|
page readonly
|
||
|
1AA09DAC000
|
heap
|
page read and write
|
||
|
2523F8F7000
|
heap
|
page read and write
|
||
|
7FFE01381000
|
unkown
|
page execute read
|
||
|
1AA09DCE000
|
heap
|
page read and write
|
||
|
7FFDFB470000
|
unkown
|
page readonly
|
||
|
7FFE01469000
|
unkown
|
page read and write
|
There are 311 hidden memdumps, click here to show them.