Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
c5uqDb5MlY.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\Java\jre-1.8\lib\fonts\kiLVdQuGOoDsAqfKidbVwSiALpZrG.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\lib\fonts\kiLVdQuGOoDsAqfKidbVwSiALpZrG.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Recovery\kiLVdQuGOoDsAqfKidbVwSiALpZrG.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\c5uqDb5MlY.exe.log
|
CSV text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\GwQD1zscMN.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\lib\fonts\0cb67fdef24436
|
ASCII text, with very long lines (950), with no line terminators
|
dropped
|
||
|
C:\Recovery\0cb67fdef24436
|
ASCII text, with very long lines (927), with no line terminators
|
dropped
|
||
|
C:\Recovery\kiLVdQuGOoDsAqfKidbVwSiALpZrG.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\kiLVdQuGOoDsAqfKidbVwSiALpZrG.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ChgBdwEIps
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp9385A.tmp
|
ASCII text, with very long lines (348), with no line terminators
|
dropped
|
||
|
\Device\Null
|
ASCII text
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\c5uqDb5MlY.exe
|
"C:\Users\user\Desktop\c5uqDb5MlY.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "kiLVdQuGOoDsAqfKidbVwSiALpZrGk" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\java\jre-1.8\lib\fonts\kiLVdQuGOoDsAqfKidbVwSiALpZrG.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "kiLVdQuGOoDsAqfKidbVwSiALpZrG" /sc ONLOGON /tr "'C:\Program Files (x86)\java\jre-1.8\lib\fonts\kiLVdQuGOoDsAqfKidbVwSiALpZrG.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "kiLVdQuGOoDsAqfKidbVwSiALpZrGk" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\java\jre-1.8\lib\fonts\kiLVdQuGOoDsAqfKidbVwSiALpZrG.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "kiLVdQuGOoDsAqfKidbVwSiALpZrGk" /sc MINUTE /mo 10 /tr "'C:\Recovery\kiLVdQuGOoDsAqfKidbVwSiALpZrG.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "kiLVdQuGOoDsAqfKidbVwSiALpZrG" /sc ONLOGON /tr "'C:\Recovery\kiLVdQuGOoDsAqfKidbVwSiALpZrG.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "kiLVdQuGOoDsAqfKidbVwSiALpZrGk" /sc MINUTE /mo 11 /tr "'C:\Recovery\kiLVdQuGOoDsAqfKidbVwSiALpZrG.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Recovery\kiLVdQuGOoDsAqfKidbVwSiALpZrG.exe
|
C:\Recovery\kiLVdQuGOoDsAqfKidbVwSiALpZrG.exe
|
|
|
|
C:\Recovery\kiLVdQuGOoDsAqfKidbVwSiALpZrG.exe
|
C:\Recovery\kiLVdQuGOoDsAqfKidbVwSiALpZrG.exe
|
|
|
|
C:\Recovery\kiLVdQuGOoDsAqfKidbVwSiALpZrG.exe
|
"C:\Recovery\kiLVdQuGOoDsAqfKidbVwSiALpZrG.exe"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\GwQD1zscMN.bat"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\w32tm.exe
|
w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
|
There are 3 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://artema1m.beget.tech/L1nc0In.php?yn6s2=2f1CE969I&2eb64d735c3ceb3cf44155d276f7f3b6=c881cd7e5eb0b68e0a305909638f2735&c145db2fdebeb12e252b4934f8f5f296=gZ1QDN1YTY0EGM5YTMjFjZkRmZwMGOkBzYyImMmNDO4MmYxcjN0ADN&yn6s2=2f1CE969I
|
5.101.153.48
|
|
|
|
http://artema1m.beget.tech/L1nc0In.php?yn6s2=2f1CE969I&2eb64d735c3ceb3cf44155d276f7f3b6=c881cd7e5eb0
|
unknown
|
||
|
http://artema1m.beget.tech
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://artema1m.beget.tech/
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
artema1m.beget.tech
|
5.101.153.48
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
5.101.153.48
|
artema1m.beget.tech
|
Russian Federation
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\cmd.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\cmd.exe.ApplicationCompany
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\kiLVdQuGOoDsAqfKidbVwSiALpZrG_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\kiLVdQuGOoDsAqfKidbVwSiALpZrG_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\kiLVdQuGOoDsAqfKidbVwSiALpZrG_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\kiLVdQuGOoDsAqfKidbVwSiALpZrG_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\kiLVdQuGOoDsAqfKidbVwSiALpZrG_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\kiLVdQuGOoDsAqfKidbVwSiALpZrG_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\kiLVdQuGOoDsAqfKidbVwSiALpZrG_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\kiLVdQuGOoDsAqfKidbVwSiALpZrG_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\kiLVdQuGOoDsAqfKidbVwSiALpZrG_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\kiLVdQuGOoDsAqfKidbVwSiALpZrG_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\kiLVdQuGOoDsAqfKidbVwSiALpZrG_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\kiLVdQuGOoDsAqfKidbVwSiALpZrG_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\kiLVdQuGOoDsAqfKidbVwSiALpZrG_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\kiLVdQuGOoDsAqfKidbVwSiALpZrG_RASMANCS
|
FileDirectory
|
There are 7 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2D61000
|
trusted library allocation
|
page read and write
|
|
|
|
2D11000
|
trusted library allocation
|
page read and write
|
|
|
|
2D56000
|
trusted library allocation
|
page read and write
|
|
|
|
310E000
|
trusted library allocation
|
page read and write
|
|
|
|
2BB1000
|
trusted library allocation
|
page read and write
|
|
|
|
2BFA000
|
trusted library allocation
|
page read and write
|
|
|
|
2F81000
|
trusted library allocation
|
page read and write
|
|
|
|
7FFD9B92A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
1AFB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B92C000
|
trusted library allocation
|
page read and write
|
||
|
12D63000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
12F81000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1470000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B953000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B816000
|
trusted library allocation
|
page read and write
|
||
|
FB0000
|
trusted library allocation
|
page read and write
|
||
|
1190000
|
heap
|
page read and write
|
||
|
1194000
|
heap
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
|
1BF7E880000
|
heap
|
page read and write
|
||
|
14F0000
|
heap
|
page read and write
|
||
|
F65000
|
heap
|
page read and write
|
||
|
2C0E000
|
trusted library allocation
|
page read and write
|
||
|
1B510000
|
heap
|
page read and write
|
||
|
12F88000
|
trusted library allocation
|
page read and write
|
||
|
1B83E000
|
stack
|
page read and write
|
||
|
BC6000
|
stack
|
page read and write
|
||
|
7FFD9B764000
|
trusted library allocation
|
page read and write
|
||
|
C22000
|
unkown
|
page readonly
|
||
|
2E80000
|
trusted library allocation
|
page read and write
|
||
|
13C5000
|
heap
|
page read and write
|
||
|
1C002000
|
heap
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B92B000
|
trusted library allocation
|
page read and write
|
||
|
10A8000
|
heap
|
page read and write
|
||
|
7FFD9B77D000
|
trusted library allocation
|
page execute and read and write
|
||
|
FE9000
|
heap
|
page read and write
|
||
|
11D6000
|
heap
|
page read and write
|
||
|
7FFD9B90A000
|
trusted library allocation
|
page read and write
|
||
|
10FC000
|
heap
|
page read and write
|
||
|
1BF85000
|
heap
|
page read and write
|
||
|
1270000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7A3000
|
trusted library allocation
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
7FFD9B81C000
|
trusted library allocation
|
page execute and read and write
|
||
|
FC9000
|
heap
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
1BFEC000
|
heap
|
page read and write
|
||
|
7FFD9B81C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BFA3000
|
heap
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
1BF98000
|
heap
|
page read and write
|
||
|
2E47000
|
trusted library allocation
|
page read and write
|
||
|
131E000
|
stack
|
page read and write
|
||
|
7FFD9B846000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B90A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B763000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B850000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BD23000
|
stack
|
page read and write
|
||
|
B52000
|
unkown
|
page readonly
|
||
|
2E45000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
12BE000
|
stack
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B94B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B943000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B846000
|
trusted library allocation
|
page execute and read and write
|
||
|
1480000
|
heap
|
page execute and read and write
|
||
|
FFB000
|
heap
|
page read and write
|
||
|
14F5000
|
heap
|
page read and write
|
||
|
7FFD9B782000
|
trusted library allocation
|
page read and write
|
||
|
1BFD8000
|
heap
|
page read and write
|
||
|
1C36E000
|
stack
|
page read and write
|
||
|
1133000
|
heap
|
page read and write
|
||
|
3132000
|
trusted library allocation
|
page read and write
|
||
|
12F8D000
|
trusted library allocation
|
page read and write
|
||
|
FE6000
|
heap
|
page read and write
|
||
|
7FFD9B79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
12BB3000
|
trusted library allocation
|
page read and write
|
||
|
1BC2E000
|
stack
|
page read and write
|
||
|
1310000
|
heap
|
page execute and read and write
|
||
|
1B92E000
|
stack
|
page read and write
|
||
|
1BF7C000
|
heap
|
page read and write
|
||
|
12D1D000
|
trusted library allocation
|
page read and write
|
||
|
B50000
|
unkown
|
page readonly
|
||
|
15FE000
|
stack
|
page read and write
|
||
|
7FFD9B923000
|
trusted library allocation
|
page read and write
|
||
|
2B70000
|
heap
|
page execute and read and write
|
||
|
2D0F000
|
stack
|
page read and write
|
||
|
2FEA000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B79C000
|
trusted library allocation
|
page read and write
|
||
|
1B94F000
|
stack
|
page read and write
|
||
|
10E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B93C000
|
trusted library allocation
|
page read and write
|
||
|
1B72E000
|
stack
|
page read and write
|
||
|
125F000
|
stack
|
page read and write
|
||
|
118E000
|
heap
|
page read and write
|
||
|
1197000
|
heap
|
page read and write
|
||
|
115D000
|
heap
|
page read and write
|
||
|
306F000
|
trusted library allocation
|
page read and write
|
||
|
30A6000
|
trusted library allocation
|
page read and write
|
||
|
1037000
|
heap
|
page read and write
|
||
|
7FFD9B7BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
11B8000
|
heap
|
page read and write
|
||
|
1BFC3000
|
heap
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
12D11000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B77C000
|
trusted library allocation
|
page read and write
|
||
|
2D1E000
|
stack
|
page read and write
|
||
|
2C0E000
|
stack
|
page read and write
|
||
|
7FFD9B7A7000
|
trusted library allocation
|
page read and write
|
||
|
1B93E000
|
stack
|
page read and write
|
||
|
1B6EE000
|
stack
|
page read and write
|
||
|
1BD4A000
|
stack
|
page read and write
|
||
|
1BF7EA80000
|
heap
|
page read and write
|
||
|
7FFD9B762000
|
trusted library allocation
|
page read and write
|
||
|
FE7000
|
heap
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
7FFD9B7A4000
|
trusted library allocation
|
page read and write
|
||
|
1163000
|
heap
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E5B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B923000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B766000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B2EE000
|
stack
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B773000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B793000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
1365000
|
heap
|
page read and write
|
||
|
1C044000
|
heap
|
page read and write
|
||
|
2B5E000
|
stack
|
page read and write
|
||
|
7FFD9B876000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
1BF50000
|
heap
|
page read and write
|
||
|
FEE000
|
heap
|
page read and write
|
||
|
1B50D000
|
stack
|
page read and write
|
||
|
1028000
|
heap
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B76D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E9E000
|
stack
|
page read and write
|
||
|
FA7000
|
heap
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B866000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B8EE000
|
stack
|
page read and write
|
||
|
7FFD9B816000
|
trusted library allocation
|
page read and write
|
||
|
1072000
|
heap
|
page read and write
|
||
|
1365000
|
heap
|
page read and write
|
||
|
11D4000
|
heap
|
page read and write
|
||
|
1B7EE000
|
stack
|
page read and write
|
||
|
1ABE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
7FF4752E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1155000
|
heap
|
page read and write
|
||
|
1BA40000
|
heap
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page execute and read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
1330000
|
heap
|
page execute and read and write
|
||
|
7FFD9B923000
|
trusted library allocation
|
page read and write
|
||
|
D66000
|
stack
|
page read and write
|
||
|
111B000
|
heap
|
page read and write
|
||
|
114A000
|
heap
|
page read and write
|
||
|
F7D000
|
heap
|
page read and write
|
||
|
12A0000
|
trusted library allocation
|
page read and write
|
||
|
1BD40000
|
heap
|
page read and write
|
||
|
1152000
|
heap
|
page read and write
|
||
|
1BAEE000
|
stack
|
page read and write
|
||
|
1C26E000
|
stack
|
page read and write
|
||
|
7FFD9B90C000
|
trusted library allocation
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
7FFD9B903000
|
trusted library allocation
|
page read and write
|
||
|
1BBE3000
|
stack
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
|
10D0000
|
heap
|
page read and write
|
||
|
1C46D000
|
stack
|
page read and write
|
||
|
1320000
|
trusted library allocation
|
page read and write
|
||
|
1BF57000
|
heap
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
7FFD9B84C000
|
trusted library allocation
|
page execute and read and write
|
||
|
934ACFF000
|
stack
|
page read and write
|
||
|
F00000
|
heap
|
page read and write
|
||
|
2E3D000
|
trusted library allocation
|
page read and write
|
||
|
2DB3000
|
trusted library allocation
|
page read and write
|
||
|
1365000
|
heap
|
page read and write
|
||
|
1131000
|
heap
|
page read and write
|
||
|
7FFD9B792000
|
trusted library allocation
|
page read and write
|
||
|
12BBD000
|
trusted library allocation
|
page read and write
|
||
|
F48000
|
heap
|
page read and write
|
||
|
7FFD9B846000
|
trusted library allocation
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
12D71000
|
trusted library allocation
|
page read and write
|
||
|
1BD3E000
|
stack
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B944000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B793000
|
trusted library allocation
|
page read and write
|
||
|
B50000
|
unkown
|
page readonly
|
||
|
934A9AC000
|
stack
|
page read and write
|
||
|
7FFD9B777000
|
trusted library allocation
|
page read and write
|
||
|
115F000
|
heap
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
10F6000
|
heap
|
page read and write
|
||
|
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
|
F60000
|
heap
|
page read and write
|
||
|
7FFD9B797000
|
trusted library allocation
|
page read and write
|
||
|
1B9E4000
|
stack
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
1BE43000
|
stack
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
1300000
|
heap
|
page execute and read and write
|
||
|
1BF7E889000
|
heap
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
1BB34000
|
stack
|
page read and write
|
||
|
1C16E000
|
stack
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B90C000
|
trusted library allocation
|
page read and write
|
||
|
1B820000
|
heap
|
page read and write
|
||
|
2D50000
|
heap
|
page read and write
|
||
|
1330000
|
trusted library allocation
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
F7B000
|
heap
|
page read and write
|
||
|
7FFD9B947000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page execute and read and write
|
||
|
13C0000
|
heap
|
page read and write
|
||
|
7FFD9B760000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
2FD3000
|
trusted library allocation
|
page read and write
|
||
|
1BE2E000
|
stack
|
page read and write
|
||
|
2CAE000
|
stack
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EA0000
|
heap
|
page execute and read and write
|
||
|
F00000
|
heap
|
page read and write
|
||
|
1AD40000
|
trusted library allocation
|
page read and write
|
||
|
1BC4E000
|
stack
|
page read and write
|
||
|
7FFD9B773000
|
trusted library allocation
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
7FFD9B7B0000
|
trusted library allocation
|
page read and write
|
||
|
1C4EB000
|
stack
|
page read and write
|
||
|
7FFD9B79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BF7E6A0000
|
heap
|
page read and write
|
||
|
10CE000
|
stack
|
page read and write
|
||
|
7FFD9B76D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page read and write
|
||
|
1BB4F000
|
stack
|
page read and write
|
||
|
1B730000
|
heap
|
page read and write
|
||
|
1BE30000
|
heap
|
page read and write
|
||
|
2C6E000
|
stack
|
page read and write
|
||
|
7FFD9B7BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
121E000
|
heap
|
page read and write
|
||
|
1BFB9000
|
heap
|
page read and write
|
||
|
1BF7E780000
|
heap
|
page read and write
|
||
|
934AC7F000
|
stack
|
page read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1150000
|
heap
|
page read and write
|
||
|
1120000
|
heap
|
page read and write
|
||
|
1BFB1000
|
heap
|
page read and write
|
||
|
7FFD9B764000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B77D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7B4000
|
trusted library allocation
|
page read and write
|
||
|
1B2AD000
|
stack
|
page read and write
|
||
|
12D18000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page execute and read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B90000
|
trusted library allocation
|
page read and write
|
||
|
102A000
|
heap
|
page read and write
|
||
|
1350000
|
heap
|
page execute and read and write
|
||
|
7FFD9B94B000
|
trusted library allocation
|
page read and write
|
||
|
F90000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B836000
|
trusted library allocation
|
page read and write
|
||
|
2D6C000
|
trusted library allocation
|
page read and write
|
||
|
1110000
|
trusted library allocation
|
page read and write
|
||
|
12F91000
|
trusted library allocation
|
page read and write
|
||
|
12BB8000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
FFE000
|
heap
|
page read and write
|
||
|
7FFD9B7BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
12BB1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
146E000
|
stack
|
page read and write
|
||
|
2EEF000
|
stack
|
page read and write
|
||
|
7FFD9B77C000
|
trusted library allocation
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
1C24E000
|
stack
|
page read and write
|
||
|
1B6EE000
|
stack
|
page read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
1C34E000
|
stack
|
page read and write
|
||
|
1BCF0000
|
heap
|
page read and write
|
||
|
7FFD9B903000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B78B000
|
trusted library allocation
|
page execute and read and write
|
||
|
FAC000
|
heap
|
page read and write
|
||
|
1BF4E000
|
stack
|
page read and write
|
||
|
1BFCE000
|
heap
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B891000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B78B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BA3A000
|
stack
|
page read and write
|
||
|
2E8A000
|
trusted library allocation
|
page read and write
|
||
|
2DCA000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
1126000
|
heap
|
page read and write
|
||
|
7FFD9B794000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B760000
|
trusted library allocation
|
page read and write
|
||
|
1C00E000
|
heap
|
page read and write
|
||
|
1BA2E000
|
stack
|
page read and write
|
||
|
12EE000
|
stack
|
page read and write
|
||
|
EF6000
|
stack
|
page read and write
|
||
|
1140000
|
trusted library allocation
|
page read and write
|
||
|
1BCEE000
|
stack
|
page read and write
|
||
|
11BE000
|
stack
|
page read and write
|
||
|
BF0000
|
trusted library allocation
|
page read and write
|
||
|
12D13000
|
trusted library allocation
|
page read and write
|
||
|
1BF7E89A000
|
heap
|
page read and write
|
||
|
1B5E0000
|
heap
|
page execute and read and write
|
||
|
FE4000
|
heap
|
page read and write
|
||
|
1BE53000
|
heap
|
page read and write
|
||
|
1BB24000
|
stack
|
page read and write
|
||
|
1BFAF000
|
heap
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
7FFD9B7AC000
|
trusted library allocation
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
7FFD9B88A000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B927000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B783000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page read and write
|
||
|
312F000
|
trusted library allocation
|
page read and write
|
||
|
1AD90000
|
trusted library allocation
|
page read and write
|
||
|
12D6D000
|
trusted library allocation
|
page read and write
|
||
|
1063000
|
heap
|
page read and write
|
||
|
1BE40000
|
heap
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B763000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7BB000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B93B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B916000
|
trusted library allocation
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B777000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
F75000
|
heap
|
page read and write
|
||
|
1BF7E7A0000
|
heap
|
page read and write
|
||
|
12D61000
|
trusted library allocation
|
page read and write
|
||
|
1022000
|
heap
|
page read and write
|
||
|
7FFD9B88F000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BF7E899000
|
heap
|
page read and write
|
||
|
EF6000
|
stack
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B90E000
|
trusted library allocation
|
page read and write
|
||
|
1B13D000
|
stack
|
page read and write
|
||
|
1BC33000
|
stack
|
page read and write
|
||
|
7FFD9B7EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C005000
|
heap
|
page read and write
|
||
|
7FFD9B83C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
1BF6D000
|
heap
|
page read and write
|
There are 364 hidden memdumps, click here to show them.