Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
cW5i0RdQ4L.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\GuardianCrypto Systems Inc\GuardianCryptoElite.js
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\GuardianCrypto Systems Inc\GuardianCryptoElite.scr
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\103495\Powder.pif
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GuardianCryptoElite.url
|
MS Windows 95 Internet shortcut text (URL=<"C:\Users\user\AppData\Local\GuardianCrypto Systems Inc\GuardianCryptoElite.js"
>), ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\GuardianCrypto Systems Inc\O
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\103495\n
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Appraisal
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Barbie
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Centres
|
ASCII text, with very long lines (1199), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Centres.bat (copy)
|
ASCII text, with very long lines (1199), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Correct
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Fine
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Gloves
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Latin
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Serious
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Ski
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Story
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Transparent
|
data
|
dropped
|
There are 9 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\cW5i0RdQ4L.exe
|
"C:\Users\user\Desktop\cW5i0RdQ4L.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c move Centres Centres.bat & Centres.bat
|
|
|
|
C:\Windows\SysWOW64\findstr.exe
|
findstr /I "wrsa opssvc"
|
|
|
|
C:\Windows\SysWOW64\findstr.exe
|
findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd /c md 103495
|
|
|
|
C:\Windows\SysWOW64\findstr.exe
|
findstr /V "aroundaccommodategroupseverything" Fine
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd /c copy /b ..\Correct + ..\Transparent + ..\Barbie + ..\Gloves + ..\Latin + ..\Story + ..\Ski + ..\Appraisal n
|
|
|
|
C:\Users\user\AppData\Local\Temp\103495\Powder.pif
|
Powder.pif n
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GuardianCryptoElite.url"
& echo URL="C:\Users\user\AppData\Local\GuardianCrypto Systems Inc\GuardianCryptoElite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\GuardianCryptoElite.url" & exit
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\GuardianCrypto Systems Inc\GuardianCryptoElite.js"
|
|
|
|
C:\Users\user\AppData\Local\GuardianCrypto Systems Inc\GuardianCryptoElite.scr
|
"C:\Users\user\AppData\Local\GuardianCrypto Systems Inc\GuardianCryptoElite.scr" "C:\Users\user\AppData\Local\GuardianCrypto
Systems Inc\O"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\tasklist.exe
|
tasklist
|
||
|
C:\Windows\SysWOW64\tasklist.exe
|
tasklist
|
||
|
C:\Windows\SysWOW64\choice.exe
|
choice /d y /t 5
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 6 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://iplogger.com/15RZZ4O
|
unknown
|
||
|
http://www.autoitscript.com/autoit3/J
|
unknown
|
||
|
https://iplogger.com/m
|
unknown
|
||
|
https://iplogger.com/15RZZ4eListcessId;
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
https://iplogger.com/15RZZ40
|
unknown
|
||
|
https://www.autoitscript.com/autoit3/
|
unknown
|
||
|
https://iplogger.com/R
|
unknown
|
||
|
https://iplogger.com/15RZZ4
|
104.21.76.57
|
||
|
https://iplogger.com/
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
iplogger.com
|
104.21.76.57
|
||
|
SfqIcJOQLLJLIQzEeYKSUBXfTZxPy.SfqIcJOQLLJLIQzEeYKSUBXfTZxPy
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.21.76.57
|
iplogger.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
|
JScriptSetScriptStateStarted
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
8E0000
|
unkown
|
page readonly
|
||
|
1754000
|
heap
|
page read and write
|
||
|
5760000
|
remote allocation
|
page read and write
|
||
|
174A000
|
heap
|
page read and write
|
||
|
31FF000
|
stack
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
298E000
|
stack
|
page read and write
|
||
|
1382000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
5E9000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
5FF000
|
heap
|
page read and write
|
||
|
559E000
|
stack
|
page read and write
|
||
|
FBF000
|
stack
|
page read and write
|
||
|
24603A00000
|
heap
|
page read and write
|
||
|
48CC000
|
stack
|
page read and write
|
||
|
325A000
|
heap
|
page read and write
|
||
|
43D0000
|
trusted library allocation
|
page read and write
|
||
|
FDB000
|
stack
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
3251000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
347E000
|
stack
|
page read and write
|
||
|
24603D50000
|
heap
|
page read and write
|
||
|
335E000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
20C0000
|
heap
|
page read and write
|
||
|
153A000
|
heap
|
page read and write
|
||
|
5F2000
|
heap
|
page read and write
|
||
|
1D40000
|
heap
|
page read and write
|
||
|
5F2000
|
heap
|
page read and write
|
||
|
1C41000
|
heap
|
page read and write
|
||
|
145B000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
3331000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
4125000
|
heap
|
page read and write
|
||
|
EC9000
|
unkown
|
page readonly
|
||
|
EC0000
|
unkown
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
24601E57000
|
heap
|
page read and write
|
||
|
5DD000
|
heap
|
page read and write
|
||
|
59E000
|
stack
|
page read and write
|
||
|
187D000
|
heap
|
page read and write
|
||
|
5EE000
|
heap
|
page read and write
|
||
|
36A0000
|
trusted library allocation
|
page read and write
|
||
|
334B000
|
heap
|
page read and write
|
||
|
24601E36000
|
heap
|
page read and write
|
||
|
627000
|
heap
|
page read and write
|
||
|
24602070000
|
heap
|
page read and write
|
||
|
1754000
|
heap
|
page read and write
|
||
|
60F000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
28C8000
|
heap
|
page read and write
|
||
|
3D10000
|
trusted library allocation
|
page read and write
|
||
|
8BF000
|
stack
|
page read and write
|
||
|
5FF000
|
heap
|
page read and write
|
||
|
528F000
|
stack
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
4E84CFF000
|
stack
|
page read and write
|
||
|
1754000
|
heap
|
page read and write
|
||
|
3607000
|
heap
|
page read and write
|
||
|
36A0000
|
trusted library allocation
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
16EE000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
4E845AA000
|
stack
|
page read and write
|
||
|
202C000
|
stack
|
page read and write
|
||
|
2390000
|
heap
|
page read and write
|
||
|
1C50000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
15BF000
|
stack
|
page read and write
|
||
|
1754000
|
heap
|
page read and write
|
||
|
60F000
|
heap
|
page read and write
|
||
|
24601E6B000
|
heap
|
page read and write
|
||
|
60A000
|
heap
|
page read and write
|
||
|
2B3D000
|
stack
|
page read and write
|
||
|
24601E6B000
|
heap
|
page read and write
|
||
|
9A0000
|
unkown
|
page write copy
|
||
|
332F000
|
heap
|
page read and write
|
||
|
1B43000
|
heap
|
page read and write
|
||
|
36A0000
|
trusted library allocation
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
1754000
|
heap
|
page read and write
|
||
|
1754000
|
heap
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
1C60000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
352E000
|
stack
|
page read and write
|
||
|
1724000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
5F8000
|
heap
|
page read and write
|
||
|
18A8000
|
heap
|
page read and write
|
||
|
5F8000
|
heap
|
page read and write
|
||
|
2BEE000
|
unkown
|
page read and write
|
||
|
5F8000
|
heap
|
page read and write
|
||
|
5EE000
|
heap
|
page read and write
|
||
|
5290000
|
heap
|
page read and write
|
||
|
4673000
|
trusted library allocation
|
page read and write
|
||
|
356E000
|
stack
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
1FD0000
|
trusted library allocation
|
page read and write
|
||
|
5DD000
|
heap
|
page read and write
|
||
|
2285000
|
heap
|
page read and write
|
||
|
323E000
|
heap
|
page read and write
|
||
|
5F2000
|
heap
|
page read and write
|
||
|
607000
|
heap
|
page read and write
|
||
|
24601E59000
|
heap
|
page read and write
|
||
|
4E4C000
|
stack
|
page read and write
|
||
|
28C1000
|
heap
|
page read and write
|
||
|
5DA000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page read and write
|
||
|
5E9000
|
heap
|
page read and write
|
||
|
5F8000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
1C40000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
514E000
|
stack
|
page read and write
|
||
|
5DD000
|
heap
|
page read and write
|
||
|
24601E2A000
|
heap
|
page read and write
|
||
|
1FD0000
|
trusted library allocation
|
page read and write
|
||
|
50EF000
|
stack
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
1754000
|
heap
|
page read and write
|
||
|
2254000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
1959000
|
heap
|
page read and write
|
||
|
2250000
|
heap
|
page read and write
|
||
|
5E9000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
333D000
|
heap
|
page read and write
|
||
|
3396000
|
heap
|
page read and write
|
||
|
1D46000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
4130000
|
heap
|
page read and write
|
||
|
1FD0000
|
trusted library allocation
|
page read and write
|
||
|
1754000
|
heap
|
page read and write
|
||
|
1754000
|
heap
|
page read and write
|
||
|
1B15000
|
heap
|
page read and write
|
||
|
E00000
|
unkown
|
page readonly
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
15AC000
|
heap
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
4F4000
|
unkown
|
page readonly
|
||
|
5F8000
|
heap
|
page read and write
|
||
|
2A40000
|
heap
|
page read and write
|
||
|
35EE000
|
stack
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
228B000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
4120000
|
heap
|
page read and write
|
||
|
4A4E000
|
stack
|
page read and write
|
||
|
335E000
|
heap
|
page read and write
|
||
|
28C3000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
2044000
|
heap
|
page read and write
|
||
|
60A000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
1790000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
24601E65000
|
heap
|
page read and write
|
||
|
5F2000
|
heap
|
page read and write
|
||
|
1798000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
263C000
|
stack
|
page read and write
|
||
|
1C41000
|
heap
|
page read and write
|
||
|
29CF000
|
stack
|
page read and write
|
||
|
4E8E000
|
stack
|
page read and write
|
||
|
3242000
|
heap
|
page read and write
|
||
|
420D000
|
stack
|
page read and write
|
||
|
5760000
|
remote allocation
|
page read and write
|
||
|
3170000
|
heap
|
page read and write
|
||
|
5F2000
|
heap
|
page read and write
|
||
|
24601E65000
|
heap
|
page read and write
|
||
|
2BF0000
|
heap
|
page read and write
|
||
|
1C43000
|
heap
|
page read and write
|
||
|
24601E58000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
1FD0000
|
trusted library allocation
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
335E000
|
stack
|
page read and write
|
||
|
24601E4C000
|
heap
|
page read and write
|
||
|
1350000
|
heap
|
page read and write
|
||
|
36A0000
|
trusted library allocation
|
page read and write
|
||
|
2040000
|
heap
|
page read and write
|
||
|
15CF000
|
stack
|
page read and write
|
||
|
24602000000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
52EF000
|
stack
|
page read and write
|
||
|
5FF000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
6E5000
|
heap
|
page read and write
|
||
|
24601F00000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
3390000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
45B0000
|
trusted library allocation
|
page read and write
|
||
|
310D000
|
stack
|
page read and write
|
||
|
EC9000
|
unkown
|
page readonly
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
325A000
|
heap
|
page read and write
|
||
|
1FD0000
|
trusted library allocation
|
page read and write
|
||
|
24601E3E000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
24601E2B000
|
heap
|
page read and write
|
||
|
28BF000
|
stack
|
page read and write
|
||
|
333E000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
5F2000
|
heap
|
page read and write
|
||
|
3250000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
3267000
|
heap
|
page read and write
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
1754000
|
heap
|
page read and write
|
||
|
1FD0000
|
trusted library allocation
|
page read and write
|
||
|
627000
|
heap
|
page read and write
|
||
|
1477000
|
heap
|
page read and write
|
||
|
332D000
|
heap
|
page read and write
|
||
|
24601E00000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
36A0000
|
trusted library allocation
|
page read and write
|
||
|
4597000
|
trusted library allocation
|
page read and write
|
||
|
36BC000
|
stack
|
page read and write
|
||
|
20C6000
|
heap
|
page read and write
|
||
|
1754000
|
heap
|
page read and write
|
||
|
98000
|
stack
|
page read and write
|
||
|
3D62000
|
trusted library allocation
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
11A5000
|
heap
|
page read and write
|
||
|
5A10000
|
remote allocation
|
page read and write
|
||
|
2728000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
2F3C000
|
stack
|
page read and write
|
||
|
55E000
|
stack
|
page read and write
|
||
|
1754000
|
heap
|
page read and write
|
||
|
970000
|
unkown
|
page readonly
|
||
|
5FF000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
8E1000
|
unkown
|
page execute read
|
||
|
1FD0000
|
trusted library allocation
|
page read and write
|
||
|
23A0000
|
heap
|
page read and write
|
||
|
52FE000
|
stack
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
5DD000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
34EE000
|
stack
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
2470000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
3600000
|
heap
|
page read and write
|
||
|
17C4000
|
heap
|
page read and write
|
||
|
3000000
|
heap
|
page read and write
|
||
|
325E000
|
heap
|
page read and write
|
||
|
62C000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
334B000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
5AA000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1FD0000
|
trusted library allocation
|
page read and write
|
||
|
1FD0000
|
trusted library allocation
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3228000
|
heap
|
page read and write
|
||
|
5F2000
|
heap
|
page read and write
|
||
|
5DD000
|
heap
|
page read and write
|
||
|
1FD0000
|
trusted library allocation
|
page read and write
|
||
|
4E848FE000
|
stack
|
page read and write
|
||
|
1754000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
4E84DFF000
|
stack
|
page read and write
|
||
|
304E000
|
stack
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
9A9000
|
unkown
|
page readonly
|
||
|
E90000
|
unkown
|
page readonly
|
||
|
52AE000
|
stack
|
page read and write
|
||
|
32FE000
|
stack
|
page read and write
|
||
|
78A000
|
stack
|
page read and write
|
||
|
24601E29000
|
heap
|
page read and write
|
||
|
1754000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
5E9000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
324D000
|
heap
|
page read and write
|
||
|
658000
|
heap
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
326D000
|
heap
|
page read and write
|
||
|
5FF000
|
heap
|
page read and write
|
||
|
1B54000
|
heap
|
page read and write
|
||
|
EB6000
|
unkown
|
page readonly
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
8E0000
|
unkown
|
page readonly
|
||
|
4121000
|
heap
|
page read and write
|
||
|
9BF000
|
stack
|
page read and write
|
||
|
41F000
|
unkown
|
page read and write
|
||
|
17B3000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
1373000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
F6A000
|
stack
|
page read and write
|
||
|
35AF000
|
stack
|
page read and write
|
||
|
5300000
|
heap
|
page read and write
|
||
|
18BA000
|
heap
|
page read and write
|
||
|
1FD0000
|
trusted library allocation
|
page read and write
|
||
|
5FF000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
5EA000
|
heap
|
page read and write
|
||
|
1754000
|
heap
|
page read and write
|
||
|
334B000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page write copy
|
||
|
4E849FF000
|
stack
|
page read and write
|
||
|
4F4000
|
unkown
|
page readonly
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
24601E5B000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
327E000
|
stack
|
page read and write
|
||
|
607000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
314E000
|
stack
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
56FF000
|
stack
|
page read and write
|
||
|
E01000
|
unkown
|
page execute read
|
||
|
325A000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
5E9000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
316F000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
28C6000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
28C4000
|
heap
|
page read and write
|
||
|
267C000
|
stack
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
1392000
|
heap
|
page read and write
|
||
|
36A0000
|
trusted library allocation
|
page read and write
|
||
|
36A0000
|
trusted library allocation
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
5E4F000
|
stack
|
page read and write
|
||
|
1314000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
3251000
|
heap
|
page read and write
|
||
|
5EE000
|
heap
|
page read and write
|
||
|
3D1E000
|
trusted library allocation
|
page read and write
|
||
|
24601E36000
|
heap
|
page read and write
|
||
|
5A4E000
|
stack
|
page read and write
|
||
|
5A10000
|
remote allocation
|
page read and write
|
||
|
5F8000
|
heap
|
page read and write
|
||
|
3268000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
2720000
|
heap
|
page read and write
|
||
|
2980000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
60F000
|
heap
|
page read and write
|
||
|
1B60000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
8E1000
|
unkown
|
page execute read
|
||
|
E00000
|
unkown
|
page readonly
|
||
|
5DD000
|
heap
|
page read and write
|
||
|
2F7C000
|
stack
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
4589000
|
trusted library allocation
|
page read and write
|
||
|
3176000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
26FE000
|
stack
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
24602075000
|
heap
|
page read and write
|
||
|
3217000
|
heap
|
page read and write
|
||
|
3251000
|
heap
|
page read and write
|
||
|
36A0000
|
trusted library allocation
|
page read and write
|
||
|
1831000
|
heap
|
page read and write
|
||
|
4E84BFF000
|
stack
|
page read and write
|
||
|
24601E69000
|
heap
|
page read and write
|
||
|
3C7A000
|
heap
|
page read and write
|
||
|
60A000
|
heap
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
1754000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
5760000
|
remote allocation
|
page read and write
|
||
|
1C41000
|
heap
|
page read and write
|
||
|
5FF000
|
heap
|
page read and write
|
||
|
344F000
|
stack
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
1754000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
2D4C000
|
stack
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
35BC000
|
stack
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
E90000
|
unkown
|
page readonly
|
||
|
324E000
|
heap
|
page read and write
|
||
|
24601E21000
|
heap
|
page read and write
|
||
|
1899000
|
heap
|
page read and write
|
||
|
334B000
|
heap
|
page read and write
|
||
|
1B30000
|
heap
|
page read and write
|
||
|
14FF000
|
heap
|
page read and write
|
||
|
198E000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
5E50000
|
trusted library allocation
|
page read and write
|
||
|
332D000
|
heap
|
page read and write
|
||
|
623000
|
heap
|
page read and write
|
||
|
325A000
|
heap
|
page read and write
|
||
|
5EE000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
EB6000
|
unkown
|
page readonly
|
||
|
1707000
|
heap
|
page read and write
|
||
|
325F000
|
heap
|
page read and write
|
||
|
142F000
|
heap
|
page read and write
|
||
|
5EE000
|
heap
|
page read and write
|
||
|
15DB000
|
stack
|
page read and write
|
||
|
5DD000
|
heap
|
page read and write
|
||
|
5EE000
|
heap
|
page read and write
|
||
|
43ED000
|
trusted library allocation
|
page read and write
|
||
|
4665000
|
trusted library allocation
|
page read and write
|
||
|
24601E63000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
5F2000
|
heap
|
page read and write
|
||
|
298E000
|
heap
|
page read and write
|
||
|
5DD000
|
heap
|
page read and write
|
||
|
1754000
|
heap
|
page read and write
|
||
|
326D000
|
heap
|
page read and write
|
||
|
5A10000
|
remote allocation
|
page read and write
|
||
|
599E000
|
stack
|
page read and write
|
||
|
28C4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
125C000
|
heap
|
page read and write
|
||
|
5EE000
|
heap
|
page read and write
|
||
|
5FF000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
323E000
|
heap
|
page read and write
|
||
|
526F000
|
stack
|
page read and write
|
||
|
5E9000
|
heap
|
page read and write
|
||
|
1754000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
1C41000
|
heap
|
page read and write
|
||
|
3220000
|
heap
|
page read and write
|
||
|
24601E1C000
|
heap
|
page read and write
|
||
|
335B000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
28C5000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
970000
|
unkown
|
page readonly
|
||
|
26B0000
|
heap
|
page read and write
|
||
|
43D6000
|
trusted library allocation
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
19A3000
|
heap
|
page read and write
|
||
|
1754000
|
heap
|
page read and write
|
||
|
3251000
|
heap
|
page read and write
|
||
|
1754000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
4121000
|
heap
|
page read and write
|
||
|
2460207C000
|
heap
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
1754000
|
heap
|
page read and write
|
||
|
1392000
|
heap
|
page read and write
|
||
|
5F2000
|
heap
|
page read and write
|
||
|
5140000
|
heap
|
page read and write
|
||
|
24601E61000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
5E9000
|
heap
|
page read and write
|
||
|
1754000
|
heap
|
page read and write
|
||
|
36A0000
|
trusted library allocation
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
2EFD000
|
stack
|
page read and write
|
||
|
996000
|
unkown
|
page readonly
|
||
|
4121000
|
heap
|
page read and write
|
||
|
2700000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
5AE000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
31BE000
|
stack
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
24601E21000
|
heap
|
page read and write
|
||
|
FFC000
|
stack
|
page read and write
|
||
|
325C000
|
heap
|
page read and write
|
||
|
9A9000
|
unkown
|
page readonly
|
||
|
5330000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
1392000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
EC0000
|
unkown
|
page write copy
|
||
|
238E000
|
stack
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
1358000
|
heap
|
page read and write
|
||
|
36DC000
|
stack
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
326B000
|
heap
|
page read and write
|
||
|
24601E53000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
24601E36000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
16F2000
|
heap
|
page read and write
|
||
|
506F000
|
stack
|
page read and write
|
||
|
24601E64000
|
heap
|
page read and write
|
||
|
1569000
|
heap
|
page read and write
|
||
|
5EE000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
36A0000
|
trusted library allocation
|
page read and write
|
||
|
21EE000
|
stack
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
1750000
|
heap
|
page read and write
|
||
|
9A0000
|
unkown
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
E01000
|
unkown
|
page execute read
|
||
|
219E000
|
stack
|
page read and write
|
||
|
285F000
|
stack
|
page read and write
|
||
|
5E9000
|
heap
|
page read and write
|
||
|
1551000
|
heap
|
page read and write
|
||
|
357F000
|
stack
|
page read and write
|
||
|
13B3000
|
heap
|
page read and write
|
||
|
5E9000
|
heap
|
page read and write
|
||
|
5F8000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
36A0000
|
trusted library allocation
|
page read and write
|
||
|
28C8000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
623000
|
heap
|
page read and write
|
||
|
5EE000
|
heap
|
page read and write
|
||
|
5760000
|
trusted library allocation
|
page read and write
|
||
|
5110000
|
heap
|
page read and write
|
||
|
1394000
|
heap
|
page read and write
|
||
|
60A000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
996000
|
unkown
|
page readonly
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
5FF000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
3D51000
|
trusted library allocation
|
page read and write
|
||
|
9A4000
|
unkown
|
page write copy
|
||
|
5F8000
|
heap
|
page read and write
|
||
|
24601E36000
|
heap
|
page read and write
|
||
|
32BF000
|
stack
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
3310000
|
heap
|
page read and write
|
||
|
1754000
|
heap
|
page read and write
|
||
|
24601E5A000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
28CC000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
24601E28000
|
heap
|
page read and write
|
||
|
34AE000
|
stack
|
page read and write
|
||
|
5F2000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
24601E5B000
|
heap
|
page read and write
|
||
|
3D67000
|
trusted library allocation
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
24601E4E000
|
heap
|
page read and write
|
||
|
1FD0000
|
trusted library allocation
|
page read and write
|
||
|
335E000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
1754000
|
heap
|
page read and write
|
||
|
1310000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
24601FE0000
|
heap
|
page read and write
|
||
|
3210000
|
heap
|
page read and write
|
||
|
24601E3F000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
19C9000
|
heap
|
page read and write
|
||
|
326D000
|
heap
|
page read and write
|
||
|
50AE000
|
stack
|
page read and write
|
||
|
28CB000
|
heap
|
page read and write
|
||
|
5EE000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
1401000
|
heap
|
page read and write
|
||
|
60F000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
2870000
|
heap
|
page read and write
|
||
|
1770000
|
heap
|
page read and write
|
||
|
5FF000
|
heap
|
page read and write
|
||
|
5E9000
|
heap
|
page read and write
|
||
|
326D000
|
heap
|
page read and write
|
||
|
24601E54000
|
heap
|
page read and write
|
||
|
334B000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
1FD0000
|
heap
|
page read and write
|
||
|
554F000
|
stack
|
page read and write
|
||
|
3E2C000
|
heap
|
page read and write
|
||
|
4E84EFF000
|
stack
|
page read and write
|
||
|
5EE000
|
heap
|
page read and write
|
||
|
5FF000
|
heap
|
page read and write
|
||
|
1580000
|
heap
|
page read and write
|
||
|
3240000
|
heap
|
page read and write
|
||
|
5F8000
|
heap
|
page read and write
|
||
|
1FD0000
|
trusted library allocation
|
page read and write
|
||
|
14C6000
|
heap
|
page read and write
|
||
|
5F2000
|
heap
|
page read and write
|
||
|
44D4000
|
trusted library allocation
|
page read and write
|
||
|
3450000
|
heap
|
page read and write
|
||
|
2280000
|
heap
|
page read and write
|
||
|
3318000
|
heap
|
page read and write
|
||
|
1754000
|
heap
|
page read and write
|
||
|
28C6000
|
heap
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
5DD000
|
heap
|
page read and write
|
||
|
62C000
|
heap
|
page read and write
|
||
|
4B20000
|
trusted library allocation
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
||
|
3002000
|
heap
|
page read and write
|
||
|
171A000
|
heap
|
page read and write
|
||
|
28CD000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
24601E6B000
|
heap
|
page read and write
|
||
|
2D8C000
|
stack
|
page read and write
|
||
|
FCE000
|
stack
|
page read and write
|
||
|
24601E6B000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
36A0000
|
trusted library allocation
|
page read and write
|
||
|
3358000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
4140000
|
heap
|
page read and write
|
||
|
EC4000
|
unkown
|
page write copy
|
||
|
658000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
15FC000
|
stack
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
4E84FFF000
|
stack
|
page read and write
|
||
|
461000
|
unkown
|
page read and write
|
||
|
1FD0000
|
trusted library allocation
|
page read and write
|
||
|
11A0000
|
heap
|
page read and write
|
||
|
4121000
|
heap
|
page read and write
|
There are 690 hidden memdumps, click here to show them.