Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
1LFcs1ZJy2.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_1LFcs1ZJy2.exe_73fc80f9f32ec3627adb6e84ef30b754d077e0_089bc09d_1781eaf7-9379-4f4a-b314-2a9ae27ff6a7\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\XClient.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6EFF.tmp.dmp
|
Mini DuMP crash report, 16 streams, Sat Nov 23 20:09:01 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER70C5.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7104.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\XClient.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sat Nov 23 19:06:01
2024, mtime=Sat Nov 23 19:06:01 2024, atime=Sat Nov 23 19:06:01 2024, length=35840, window=hide
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\1LFcs1ZJy2.exe
|
"C:\Users\user\Desktop\1LFcs1ZJy2.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XClient" /tr "C:\Users\user\AppData\Roaming\XClient.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\XClient.exe
|
C:\Users\user\AppData\Roaming\XClient.exe
|
|
|
|
C:\Users\user\AppData\Roaming\XClient.exe
|
"C:\Users\user\AppData\Roaming\XClient.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\XClient.exe
|
"C:\Users\user\AppData\Roaming\XClient.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\XClient.exe
|
C:\Users\user\AppData\Roaming\XClient.exe
|
|
|
|
C:\Users\user\AppData\Roaming\XClient.exe
|
C:\Users\user\AppData\Roaming\XClient.exe
|
|
|
|
C:\Users\user\AppData\Roaming\XClient.exe
|
C:\Users\user\AppData\Roaming\XClient.exe
|
|
|
|
C:\Users\user\AppData\Roaming\XClient.exe
|
C:\Users\user\AppData\Roaming\XClient.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 6512 -s 2088
|
There are 1 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
sales-mathematical.gl.at.ply.gg
|
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://go.mic
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
sales-mathematical.gl.at.ply.gg
|
147.185.221.24
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
147.185.221.24
|
sales-mathematical.gl.at.ply.gg
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
XClient
|
||
|
\REGISTRY\A\{ef27c341-cd74-d311-4867-4ab678d6eed1}\Root\InventoryApplicationFile\1lfcs1zjy2.exe|cd48564edb24aac8
|
ProgramId
|
||
|
\REGISTRY\A\{ef27c341-cd74-d311-4867-4ab678d6eed1}\Root\InventoryApplicationFile\1lfcs1zjy2.exe|cd48564edb24aac8
|
FileId
|
||
|
\REGISTRY\A\{ef27c341-cd74-d311-4867-4ab678d6eed1}\Root\InventoryApplicationFile\1lfcs1zjy2.exe|cd48564edb24aac8
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{ef27c341-cd74-d311-4867-4ab678d6eed1}\Root\InventoryApplicationFile\1lfcs1zjy2.exe|cd48564edb24aac8
|
LongPathHash
|
||
|
\REGISTRY\A\{ef27c341-cd74-d311-4867-4ab678d6eed1}\Root\InventoryApplicationFile\1lfcs1zjy2.exe|cd48564edb24aac8
|
Name
|
||
|
\REGISTRY\A\{ef27c341-cd74-d311-4867-4ab678d6eed1}\Root\InventoryApplicationFile\1lfcs1zjy2.exe|cd48564edb24aac8
|
OriginalFileName
|
||
|
\REGISTRY\A\{ef27c341-cd74-d311-4867-4ab678d6eed1}\Root\InventoryApplicationFile\1lfcs1zjy2.exe|cd48564edb24aac8
|
Publisher
|
||
|
\REGISTRY\A\{ef27c341-cd74-d311-4867-4ab678d6eed1}\Root\InventoryApplicationFile\1lfcs1zjy2.exe|cd48564edb24aac8
|
Version
|
||
|
\REGISTRY\A\{ef27c341-cd74-d311-4867-4ab678d6eed1}\Root\InventoryApplicationFile\1lfcs1zjy2.exe|cd48564edb24aac8
|
BinFileVersion
|
||
|
\REGISTRY\A\{ef27c341-cd74-d311-4867-4ab678d6eed1}\Root\InventoryApplicationFile\1lfcs1zjy2.exe|cd48564edb24aac8
|
BinaryType
|
||
|
\REGISTRY\A\{ef27c341-cd74-d311-4867-4ab678d6eed1}\Root\InventoryApplicationFile\1lfcs1zjy2.exe|cd48564edb24aac8
|
ProductName
|
||
|
\REGISTRY\A\{ef27c341-cd74-d311-4867-4ab678d6eed1}\Root\InventoryApplicationFile\1lfcs1zjy2.exe|cd48564edb24aac8
|
ProductVersion
|
||
|
\REGISTRY\A\{ef27c341-cd74-d311-4867-4ab678d6eed1}\Root\InventoryApplicationFile\1lfcs1zjy2.exe|cd48564edb24aac8
|
LinkDate
|
||
|
\REGISTRY\A\{ef27c341-cd74-d311-4867-4ab678d6eed1}\Root\InventoryApplicationFile\1lfcs1zjy2.exe|cd48564edb24aac8
|
BinProductVersion
|
||
|
\REGISTRY\A\{ef27c341-cd74-d311-4867-4ab678d6eed1}\Root\InventoryApplicationFile\1lfcs1zjy2.exe|cd48564edb24aac8
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{ef27c341-cd74-d311-4867-4ab678d6eed1}\Root\InventoryApplicationFile\1lfcs1zjy2.exe|cd48564edb24aac8
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{ef27c341-cd74-d311-4867-4ab678d6eed1}\Root\InventoryApplicationFile\1lfcs1zjy2.exe|cd48564edb24aac8
|
Size
|
||
|
\REGISTRY\A\{ef27c341-cd74-d311-4867-4ab678d6eed1}\Root\InventoryApplicationFile\1lfcs1zjy2.exe|cd48564edb24aac8
|
Language
|
||
|
\REGISTRY\A\{ef27c341-cd74-d311-4867-4ab678d6eed1}\Root\InventoryApplicationFile\1lfcs1zjy2.exe|cd48564edb24aac8
|
Usn
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
942000
|
unkown
|
page readonly
|
|
|
|
360000
|
heap
|
page read and write
|
||
|
7FF848E0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
F55000
|
heap
|
page read and write
|
||
|
6C3000
|
heap
|
page read and write
|
||
|
7FF848E0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E24000
|
trusted library allocation
|
page read and write
|
||
|
1ADBD000
|
stack
|
page read and write
|
||
|
12F81000
|
trusted library allocation
|
page read and write
|
||
|
1AD9E000
|
stack
|
page read and write
|
||
|
1126000
|
heap
|
page read and write
|
||
|
5E6000
|
heap
|
page read and write
|
||
|
196DBEF0000
|
heap
|
page read and write
|
||
|
1425000
|
heap
|
page read and write
|
||
|
1BAF4000
|
heap
|
page read and write
|
||
|
AA5000
|
heap
|
page read and write
|
||
|
1370000
|
trusted library allocation
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
254F000
|
stack
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
879000
|
heap
|
page read and write
|
||
|
124A3000
|
trusted library allocation
|
page read and write
|
||
|
EBC000
|
heap
|
page read and write
|
||
|
2F7F000
|
stack
|
page read and write
|
||
|
2F81000
|
trusted library allocation
|
page read and write
|
||
|
C49000
|
heap
|
page read and write
|
||
|
7FF848E13000
|
trusted library allocation
|
page execute and read and write
|
||
|
25B0000
|
heap
|
page execute and read and write
|
||
|
1AB4D000
|
stack
|
page read and write
|
||
|
A76000
|
heap
|
page read and write
|
||
|
7FF848EF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
C5D000
|
heap
|
page read and write
|
||
|
1AFA0000
|
heap
|
page execute and read and write
|
||
|
C90000
|
heap
|
page read and write
|
||
|
2600000
|
heap
|
page execute and read and write
|
||
|
7FF848E4C000
|
trusted library allocation
|
page execute and read and write
|
||
|
C61000
|
heap
|
page read and write
|
||
|
2820000
|
heap
|
page read and write
|
||
|
10AC000
|
heap
|
page read and write
|
||
|
22E0000
|
heap
|
page execute and read and write
|
||
|
EC6000
|
heap
|
page read and write
|
||
|
2BDE000
|
stack
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
7FF848E22000
|
trusted library allocation
|
page read and write
|
||
|
DDE000
|
stack
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
7FF848E4C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E03000
|
trusted library allocation
|
page execute and read and write
|
||
|
A7D000
|
heap
|
page read and write
|
||
|
196DBDA0000
|
heap
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
1B5DE000
|
stack
|
page read and write
|
||
|
7FF848F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E44000
|
trusted library allocation
|
page read and write
|
||
|
55F000
|
heap
|
page read and write
|
||
|
12C11000
|
trusted library allocation
|
page read and write
|
||
|
196DBE80000
|
heap
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
23F1000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DE4000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DF3000
|
trusted library allocation
|
page execute and read and write
|
||
|
C41000
|
heap
|
page read and write
|
||
|
1BA9E000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
1B80E000
|
stack
|
page read and write
|
||
|
123F8000
|
trusted library allocation
|
page read and write
|
||
|
DB4000
|
stack
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
1097000
|
heap
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page read and write
|
||
|
1BB6E000
|
stack
|
page read and write
|
||
|
25CC000
|
trusted library allocation
|
page read and write
|
||
|
877000
|
heap
|
page read and write
|
||
|
1AEBE000
|
stack
|
page read and write
|
||
|
12E0000
|
heap
|
page read and write
|
||
|
E1F000
|
stack
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
8CF000
|
stack
|
page read and write
|
||
|
7FF848DF4000
|
trusted library allocation
|
page read and write
|
||
|
DE0000
|
trusted library allocation
|
page read and write
|
||
|
1B65E000
|
stack
|
page read and write
|
||
|
559000
|
heap
|
page read and write
|
||
|
2F8F000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F10000
|
trusted library allocation
|
page execute and read and write
|
||
|
125C8000
|
trusted library allocation
|
page read and write
|
||
|
15C5000
|
heap
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
24AF000
|
trusted library allocation
|
page read and write
|
||
|
23FC000
|
trusted library allocation
|
page read and write
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
AA4000
|
heap
|
page read and write
|
||
|
9E9000
|
heap
|
page read and write
|
||
|
7FF848E2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
E85000
|
heap
|
page read and write
|
||
|
108F000
|
heap
|
page read and write
|
||
|
1B210000
|
heap
|
page read and write
|
||
|
6F4000
|
stack
|
page read and write
|
||
|
1BF48000
|
stack
|
page read and write
|
||
|
D65000
|
heap
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
12813000
|
trusted library allocation
|
page read and write
|
||
|
1BA10000
|
heap
|
page read and write
|
||
|
1B0FE000
|
stack
|
page read and write
|
||
|
AE1000
|
heap
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
25C1000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E00000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E24000
|
trusted library allocation
|
page read and write
|
||
|
1BC0E000
|
stack
|
page read and write
|
||
|
7FF848DF0000
|
trusted library allocation
|
page read and write
|
||
|
1010000
|
heap
|
page read and write
|
||
|
1AC40000
|
trusted library allocation
|
page read and write
|
||
|
1B53E000
|
stack
|
page read and write
|
||
|
C46000
|
heap
|
page read and write
|
||
|
127D8000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DE3000
|
trusted library allocation
|
page execute and read and write
|
||
|
125C3000
|
trusted library allocation
|
page read and write
|
||
|
C87000
|
heap
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
1B50E000
|
stack
|
page read and write
|
||
|
281E000
|
stack
|
page read and write
|
||
|
EFD000
|
heap
|
page read and write
|
||
|
7FF848E22000
|
trusted library allocation
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
7D8000
|
heap
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
E96000
|
heap
|
page read and write
|
||
|
E70000
|
heap
|
page read and write
|
||
|
7FF848E04000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E90000
|
trusted library allocation
|
page read and write
|
||
|
2D70000
|
heap
|
page read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
|
127D3000
|
trusted library allocation
|
page read and write
|
||
|
547000
|
heap
|
page read and write
|
||
|
B31000
|
heap
|
page read and write
|
||
|
63D000
|
heap
|
page read and write
|
||
|
10D6000
|
heap
|
page read and write
|
||
|
1B41E000
|
stack
|
page read and write
|
||
|
7FF848E4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
249E000
|
stack
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
1335000
|
heap
|
page read and write
|
||
|
63A000
|
heap
|
page read and write
|
||
|
280F000
|
stack
|
page read and write
|
||
|
ACE000
|
stack
|
page read and write
|
||
|
1AFBF000
|
stack
|
page read and write
|
||
|
283F000
|
trusted library allocation
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
930000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E4C000
|
trusted library allocation
|
page execute and read and write
|
||
|
10F5000
|
heap
|
page read and write
|
||
|
283C000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DF4000
|
trusted library allocation
|
page read and write
|
||
|
7EA000
|
heap
|
page read and write
|
||
|
7FF848E20000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F90000
|
trusted library allocation
|
page read and write
|
||
|
196DC0F5000
|
heap
|
page read and write
|
||
|
2811000
|
trusted library allocation
|
page read and write
|
||
|
24B1000
|
trusted library allocation
|
page read and write
|
||
|
710000
|
trusted library allocation
|
page read and write
|
||
|
E40000
|
trusted library allocation
|
page read and write
|
||
|
3191000
|
trusted library allocation
|
page read and write
|
||
|
170000
|
heap
|
page read and write
|
||
|
1B1F0000
|
heap
|
page execute and read and write
|
||
|
9B8000
|
heap
|
page read and write
|
||
|
8455BC9000
|
stack
|
page read and write
|
||
|
26C0000
|
heap
|
page execute and read and write
|
||
|
A9A000
|
heap
|
page read and write
|
||
|
1AF95000
|
heap
|
page read and write
|
||
|
10AF000
|
heap
|
page read and write
|
||
|
AB2000
|
heap
|
page read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
1B90E000
|
stack
|
page read and write
|
||
|
E60000
|
trusted library allocation
|
page read and write
|
||
|
1B250000
|
heap
|
page read and write
|
||
|
7FF848E30000
|
trusted library allocation
|
page read and write
|
||
|
12811000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E02000
|
trusted library allocation
|
page read and write
|
||
|
F53000
|
heap
|
page read and write
|
||
|
E9C000
|
heap
|
page read and write
|
||
|
7FF848DFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
8CF000
|
stack
|
page read and write
|
||
|
ADD000
|
heap
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
7FF848DFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
ED3000
|
heap
|
page read and write
|
||
|
1B1AE000
|
stack
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
625000
|
heap
|
page read and write
|
||
|
53F000
|
heap
|
page read and write
|
||
|
BAF000
|
stack
|
page read and write
|
||
|
1B1FF000
|
stack
|
page read and write
|
||
|
24AC000
|
trusted library allocation
|
page read and write
|
||
|
2C00000
|
heap
|
page execute and read and write
|
||
|
1BABE000
|
heap
|
page read and write
|
||
|
7C5000
|
heap
|
page read and write
|
||
|
AAF000
|
heap
|
page read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
15C0000
|
heap
|
page read and write
|
||
|
700000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E30000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
C10000
|
trusted library allocation
|
page read and write
|
||
|
990000
|
trusted library allocation
|
page read and write
|
||
|
2F8C000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E00000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DF3000
|
trusted library allocation
|
page execute and read and write
|
||
|
C6E000
|
stack
|
page read and write
|
||
|
2E7E000
|
stack
|
page read and write
|
||
|
7FF848F10000
|
trusted library allocation
|
page execute and read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
7EC000
|
heap
|
page read and write
|
||
|
1270000
|
heap
|
page execute and read and write
|
||
|
5D0000
|
unkown
|
page readonly
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
586000
|
heap
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
7FF848ED6000
|
trusted library allocation
|
page execute and read and write
|
||
|
F06000
|
heap
|
page read and write
|
||
|
1C044000
|
stack
|
page read and write
|
||
|
7FF848F40000
|
trusted library allocation
|
page execute and read and write
|
||
|
A17000
|
heap
|
page read and write
|
||
|
CA5000
|
heap
|
page read and write
|
||
|
7FF848E20000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E7C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848ED6000
|
trusted library allocation
|
page read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
7FF848FA0000
|
trusted library allocation
|
page read and write
|
||
|
4F4000
|
stack
|
page read and write
|
||
|
7FF848EA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
133F000
|
stack
|
page read and write
|
||
|
510000
|
trusted library allocation
|
page read and write
|
||
|
2841000
|
trusted library allocation
|
page read and write
|
||
|
2710000
|
heap
|
page execute and read and write
|
||
|
1000000
|
heap
|
page read and write
|
||
|
7FF848E0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
AF4000
|
stack
|
page read and write
|
||
|
F1F000
|
stack
|
page read and write
|
||
|
A65000
|
heap
|
page read and write
|
||
|
7FF848ED6000
|
trusted library allocation
|
page execute and read and write
|
||
|
A7F000
|
stack
|
page read and write
|
||
|
1070000
|
heap
|
page read and write
|
||
|
1AFFE000
|
stack
|
page read and write
|
||
|
12831000
|
trusted library allocation
|
page read and write
|
||
|
1AA2D000
|
stack
|
page read and write
|
||
|
1078000
|
heap
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
1050000
|
heap
|
page read and write
|
||
|
9EC000
|
heap
|
page read and write
|
||
|
62F000
|
heap
|
page read and write
|
||
|
196DBEF8000
|
heap
|
page read and write
|
||
|
1B1D0000
|
heap
|
page execute and read and write
|
||
|
1390000
|
trusted library allocation
|
page read and write
|
||
|
9CF000
|
heap
|
page read and write
|
||
|
11FE000
|
stack
|
page read and write
|
||
|
2C80000
|
heap
|
page execute and read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
669000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
7FF848EC6000
|
trusted library allocation
|
page execute and read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
7FF848E04000
|
trusted library allocation
|
page read and write
|
||
|
8455EFF000
|
stack
|
page read and write
|
||
|
25F0000
|
heap
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2140000
|
heap
|
page execute and read and write
|
||
|
7FF848DFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
C5B000
|
heap
|
page read and write
|
||
|
7FF848E3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848F06000
|
trusted library allocation
|
page execute and read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
124A1000
|
trusted library allocation
|
page read and write
|
||
|
1BA60000
|
heap
|
page execute and read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
124A8000
|
trusted library allocation
|
page read and write
|
||
|
1133000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
350000
|
heap
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
1ADBE000
|
stack
|
page read and write
|
||
|
12F88000
|
trusted library allocation
|
page read and write
|
||
|
5A4000
|
stack
|
page read and write
|
||
|
1B430000
|
heap
|
page execute and read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
C51000
|
heap
|
page read and write
|
||
|
1BA0E000
|
stack
|
page read and write
|
||
|
1B19E000
|
stack
|
page read and write
|
||
|
B36000
|
heap
|
page read and write
|
||
|
1B19D000
|
stack
|
page read and write
|
||
|
12F83000
|
trusted library allocation
|
page read and write
|
||
|
27D1000
|
trusted library allocation
|
page read and write
|
||
|
1BA4F000
|
stack
|
page read and write
|
||
|
817000
|
heap
|
page read and write
|
||
|
7FF848F80000
|
trusted library allocation
|
page read and write
|
||
|
B43000
|
heap
|
page read and write
|
||
|
374000
|
stack
|
page read and write
|
||
|
7FF848F90000
|
trusted library allocation
|
page read and write
|
||
|
1BA89000
|
heap
|
page read and write
|
||
|
270F000
|
stack
|
page read and write
|
||
|
BAF000
|
stack
|
page read and write
|
||
|
1B51E000
|
stack
|
page read and write
|
||
|
7FF4AD760000
|
trusted library allocation
|
page execute and read and write
|
||
|
5CF000
|
heap
|
page read and write
|
||
|
86A000
|
heap
|
page read and write
|
||
|
CC5000
|
heap
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
196DBEA0000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
1A97E000
|
stack
|
page read and write
|
||
|
7FF848E02000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E02000
|
trusted library allocation
|
page read and write
|
||
|
1BC6F000
|
stack
|
page read and write
|
||
|
7FF848E04000
|
trusted library allocation
|
page read and write
|
||
|
55C000
|
heap
|
page read and write
|
||
|
993000
|
trusted library allocation
|
page read and write
|
||
|
1B940000
|
heap
|
page read and write
|
||
|
CD5000
|
heap
|
page read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
1BA60000
|
heap
|
page read and write
|
||
|
1BAD9000
|
heap
|
page read and write
|
||
|
E00000
|
trusted library allocation
|
page read and write
|
||
|
588000
|
heap
|
page read and write
|
||
|
7FF848ED6000
|
trusted library allocation
|
page execute and read and write
|
||
|
960000
|
trusted library allocation
|
page read and write
|
||
|
123F3000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E04000
|
trusted library allocation
|
page read and write
|
||
|
7A5000
|
heap
|
page read and write
|
||
|
E73000
|
trusted library allocation
|
page read and write
|
||
|
1030000
|
heap
|
page read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
2C59000
|
trusted library allocation
|
page read and write
|
||
|
109F000
|
heap
|
page read and write
|
||
|
1B0BE000
|
stack
|
page read and write
|
||
|
7FF848E13000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C14E000
|
stack
|
page read and write
|
||
|
950000
|
trusted library allocation
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
1AD5C000
|
stack
|
page read and write
|
||
|
1C200000
|
heap
|
page read and write
|
||
|
123F1000
|
trusted library allocation
|
page read and write
|
||
|
5E4000
|
heap
|
page read and write
|
||
|
112A000
|
heap
|
page read and write
|
||
|
7FF848E14000
|
trusted library allocation
|
page read and write
|
||
|
27CE000
|
stack
|
page read and write
|
||
|
7FF848E00000
|
trusted library allocation
|
page read and write
|
||
|
94C000
|
unkown
|
page readonly
|
||
|
7FF848F00000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BAD5000
|
heap
|
page read and write
|
||
|
12A0000
|
heap
|
page read and write
|
||
|
940000
|
unkown
|
page readonly
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
E70000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EDC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E00000
|
trusted library allocation
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
127D1000
|
trusted library allocation
|
page read and write
|
||
|
2C6B000
|
trusted library allocation
|
page read and write
|
||
|
914000
|
stack
|
page read and write
|
||
|
1AE6E000
|
stack
|
page read and write
|
||
|
1B35F000
|
stack
|
page read and write
|
||
|
7FF848E0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848DED000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AF8E000
|
stack
|
page read and write
|
||
|
3F0000
|
trusted library allocation
|
page read and write
|
||
|
1BD0E000
|
stack
|
page read and write
|
||
|
7FF848F10000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C11000
|
trusted library allocation
|
page read and write
|
||
|
12C18000
|
trusted library allocation
|
page read and write
|
||
|
F30000
|
trusted library allocation
|
page read and write
|
||
|
2370000
|
heap
|
page read and write
|
||
|
7FF848DF3000
|
trusted library allocation
|
page execute and read and write
|
||
|
196DC0F0000
|
heap
|
page read and write
|
||
|
23FF000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E6C000
|
trusted library allocation
|
page execute and read and write
|
||
|
12838000
|
trusted library allocation
|
page read and write
|
||
|
12818000
|
trusted library allocation
|
page read and write
|
||
|
1B663000
|
heap
|
page read and write
|
||
|
7FF848DF2000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E14000
|
trusted library allocation
|
page read and write
|
||
|
1B0AE000
|
stack
|
page read and write
|
||
|
54F000
|
heap
|
page read and write
|
||
|
2401000
|
trusted library allocation
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
8455E7F000
|
unkown
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
7FF848E12000
|
trusted library allocation
|
page read and write
|
||
|
1420000
|
heap
|
page read and write
|
||
|
7FF848E6C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F91000
|
trusted library allocation
|
page read and write
|
||
|
25D1000
|
trusted library allocation
|
page read and write
|
||
|
9C5000
|
heap
|
page read and write
|
||
|
7FF848E23000
|
trusted library allocation
|
page execute and read and write
|
||
|
9D7000
|
heap
|
page read and write
|
||
|
105F000
|
stack
|
page read and write
|
||
|
1B660000
|
heap
|
page read and write
|
||
|
7FF848F20000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848EA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E3C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B2AE000
|
stack
|
page read and write
|
||
|
2390000
|
heap
|
page execute and read and write
|
||
|
F69000
|
heap
|
page read and write
|
||
|
980000
|
trusted library allocation
|
page read and write
|
||
|
F45000
|
heap
|
page read and write
|
||
|
ADB000
|
heap
|
page read and write
|
||
|
9EF000
|
heap
|
page read and write
|
||
|
7FF848E32000
|
trusted library allocation
|
page read and write
|
||
|
1B1FE000
|
stack
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
CF4000
|
stack
|
page read and write
|
||
|
C28000
|
heap
|
page read and write
|
||
|
7FF848DFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
7FF848EE6000
|
trusted library allocation
|
page execute and read and write
|
||
|
226E000
|
stack
|
page read and write
|
||
|
2160000
|
heap
|
page read and write
|
||
|
281C000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E40000
|
trusted library allocation
|
page read and write
|
||
|
10D8000
|
heap
|
page read and write
|
||
|
7FF848F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
528000
|
heap
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
25CF000
|
trusted library allocation
|
page read and write
|
||
|
27DC000
|
trusted library allocation
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
E90000
|
heap
|
page read and write
|
||
|
7FF848E20000
|
trusted library allocation
|
page read and write
|
||
|
318A000
|
trusted library allocation
|
page read and write
|
||
|
125C1000
|
trusted library allocation
|
page read and write
|
||
|
9DF000
|
heap
|
page read and write
|
||
|
7B9000
|
heap
|
page read and write
|
||
|
2831000
|
trusted library allocation
|
page read and write
|
||
|
1B31F000
|
stack
|
page read and write
|
||
|
1AEF0000
|
heap
|
page execute and read and write
|
||
|
10A9000
|
heap
|
page read and write
|
||
|
23EF000
|
stack
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
12833000
|
trusted library allocation
|
page read and write
|
||
|
24A1000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F90000
|
trusted library allocation
|
page read and write
|
||
|
609000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
7FF848E24000
|
trusted library allocation
|
page read and write
|
||
|
667000
|
heap
|
page read and write
|
||
|
C89000
|
heap
|
page read and write
|
There are 452 hidden memdumps, click here to show them.