Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
hJp7k54EgT.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\hJp7k54EgT.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\confuse\chargeable.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_chargeable.exe_d2d19846a870e8afb689d51a34aaec7e232cc10_1e506eff_e3c94be1-607a-45b9-ad9e-1c1b0a51c531\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7374.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Jun 28 19:02:11 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7440.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER749F.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\chargeable.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\hJp7k54EgT.exe
|
"C:\Users\user\Desktop\hJp7k54EgT.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\confuse\chargeable.exe
|
"C:\Users\user\AppData\Roaming\confuse\chargeable.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\confuse\chargeable.exe
|
C:\Users\user\AppData\Roaming\confuse\chargeable.exe
|
|
|
|
C:\Users\user\AppData\Roaming\confuse\chargeable.exe
|
"C:\Users\user\AppData\Roaming\confuse\chargeable.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\confuse\chargeable.exe
|
C:\Users\user\AppData\Roaming\confuse\chargeable.exe
|
|
|
|
C:\Users\user\AppData\Roaming\confuse\chargeable.exe
|
C:\Users\user\AppData\Roaming\confuse\chargeable.exe
|
|
|
|
C:\Windows\SysWOW64\netsh.exe
|
netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\confuse\chargeable.exe" "chargeable.exe" ENABLE
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 156
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 80
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
doddyfire.linkpc.net
|
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://www.sysinternals.com0
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
doddyfire.linkpc.net
|
160.177.56.173
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
160.177.56.173
|
doddyfire.linkpc.net
|
Morocco
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
confuse
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
SysMain
|
|
|
|
HKEY_CURRENT_USER
|
di
|
|
|
|
HKEY_CURRENT_USER\Environment
|
SEE_MASK_NOZONECHECKS
|
|
|
|
\REGISTRY\A\{114a7af0-a0e4-0412-f568-44b309862392}\Root\InventoryApplicationFile\chargeable.exe|d83185729ad275da
|
ProgramId
|
||
|
\REGISTRY\A\{114a7af0-a0e4-0412-f568-44b309862392}\Root\InventoryApplicationFile\chargeable.exe|d83185729ad275da
|
FileId
|
||
|
\REGISTRY\A\{114a7af0-a0e4-0412-f568-44b309862392}\Root\InventoryApplicationFile\chargeable.exe|d83185729ad275da
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{114a7af0-a0e4-0412-f568-44b309862392}\Root\InventoryApplicationFile\chargeable.exe|d83185729ad275da
|
LongPathHash
|
||
|
\REGISTRY\A\{114a7af0-a0e4-0412-f568-44b309862392}\Root\InventoryApplicationFile\chargeable.exe|d83185729ad275da
|
Name
|
||
|
\REGISTRY\A\{114a7af0-a0e4-0412-f568-44b309862392}\Root\InventoryApplicationFile\chargeable.exe|d83185729ad275da
|
OriginalFileName
|
||
|
\REGISTRY\A\{114a7af0-a0e4-0412-f568-44b309862392}\Root\InventoryApplicationFile\chargeable.exe|d83185729ad275da
|
Publisher
|
||
|
\REGISTRY\A\{114a7af0-a0e4-0412-f568-44b309862392}\Root\InventoryApplicationFile\chargeable.exe|d83185729ad275da
|
Version
|
||
|
\REGISTRY\A\{114a7af0-a0e4-0412-f568-44b309862392}\Root\InventoryApplicationFile\chargeable.exe|d83185729ad275da
|
BinFileVersion
|
||
|
\REGISTRY\A\{114a7af0-a0e4-0412-f568-44b309862392}\Root\InventoryApplicationFile\chargeable.exe|d83185729ad275da
|
BinaryType
|
||
|
\REGISTRY\A\{114a7af0-a0e4-0412-f568-44b309862392}\Root\InventoryApplicationFile\chargeable.exe|d83185729ad275da
|
ProductName
|
||
|
\REGISTRY\A\{114a7af0-a0e4-0412-f568-44b309862392}\Root\InventoryApplicationFile\chargeable.exe|d83185729ad275da
|
ProductVersion
|
||
|
\REGISTRY\A\{114a7af0-a0e4-0412-f568-44b309862392}\Root\InventoryApplicationFile\chargeable.exe|d83185729ad275da
|
LinkDate
|
||
|
\REGISTRY\A\{114a7af0-a0e4-0412-f568-44b309862392}\Root\InventoryApplicationFile\chargeable.exe|d83185729ad275da
|
BinProductVersion
|
||
|
\REGISTRY\A\{114a7af0-a0e4-0412-f568-44b309862392}\Root\InventoryApplicationFile\chargeable.exe|d83185729ad275da
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{114a7af0-a0e4-0412-f568-44b309862392}\Root\InventoryApplicationFile\chargeable.exe|d83185729ad275da
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{114a7af0-a0e4-0412-f568-44b309862392}\Root\InventoryApplicationFile\chargeable.exe|d83185729ad275da
|
Size
|
||
|
\REGISTRY\A\{114a7af0-a0e4-0412-f568-44b309862392}\Root\InventoryApplicationFile\chargeable.exe|d83185729ad275da
|
Language
|
||
|
\REGISTRY\A\{114a7af0-a0e4-0412-f568-44b309862392}\Root\InventoryApplicationFile\chargeable.exe|d83185729ad275da
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDABBE6B3
|
||
|
HKEY_CURRENT_USER\SOFTWARE\e1a87040f2026369a233f9ae76301b7b
|
[kl]
|
There are 18 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2D81000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
2631000
|
trusted library allocation
|
page read and write
|
|
|
|
523F000
|
trusted library section
|
page readonly
|
||
|
6CFE000
|
stack
|
page read and write
|
||
|
E8A000
|
stack
|
page read and write
|
||
|
50FD000
|
stack
|
page read and write
|
||
|
9FE000
|
stack
|
page read and write
|
||
|
306F000
|
heap
|
page read and write
|
||
|
173E000
|
stack
|
page read and write
|
||
|
12F0000
|
trusted library allocation
|
page read and write
|
||
|
2B0E000
|
stack
|
page read and write
|
||
|
5347000
|
heap
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
5339000
|
heap
|
page read and write
|
||
|
1320000
|
trusted library allocation
|
page read and write
|
||
|
2981000
|
trusted library allocation
|
page read and write
|
||
|
D02000
|
trusted library allocation
|
page execute and read and write
|
||
|
3015000
|
heap
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
68CE000
|
stack
|
page read and write
|
||
|
12E2000
|
trusted library allocation
|
page execute and read and write
|
||
|
110D000
|
heap
|
page read and write
|
||
|
303A000
|
heap
|
page read and write
|
||
|
8140000
|
heap
|
page read and write
|
||
|
3045000
|
heap
|
page read and write
|
||
|
6BA000
|
heap
|
page read and write
|
||
|
687000
|
heap
|
page read and write
|
||
|
F6E000
|
stack
|
page read and write
|
||
|
48B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
6BBE000
|
stack
|
page read and write
|
||
|
CEC000
|
trusted library allocation
|
page execute and read and write
|
||
|
D9F000
|
heap
|
page read and write
|
||
|
302A000
|
heap
|
page read and write
|
||
|
304A000
|
heap
|
page read and write
|
||
|
303F000
|
heap
|
page read and write
|
||
|
302F000
|
heap
|
page read and write
|
||
|
4F5000
|
heap
|
page read and write
|
||
|
AA5000
|
heap
|
page read and write
|
||
|
4F70000
|
heap
|
page read and write
|
||
|
1327000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F00000
|
heap
|
page read and write
|
||
|
63D0000
|
trusted library section
|
page read and write
|
||
|
5833000
|
heap
|
page read and write
|
||
|
22EE000
|
stack
|
page read and write
|
||
|
C8B000
|
trusted library allocation
|
page execute and read and write
|
||
|
C67000
|
trusted library allocation
|
page execute and read and write
|
||
|
D2B000
|
heap
|
page read and write
|
||
|
30B7000
|
heap
|
page read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
5335000
|
heap
|
page read and write
|
||
|
52A3000
|
heap
|
page read and write
|
||
|
848E000
|
stack
|
page read and write
|
||
|
C52000
|
trusted library allocation
|
page execute and read and write
|
||
|
1000000
|
heap
|
page read and write
|
||
|
3042000
|
heap
|
page read and write
|
||
|
C82000
|
trusted library allocation
|
page read and write
|
||
|
8BD000
|
stack
|
page read and write
|
||
|
47D0000
|
trusted library allocation
|
page read and write
|
||
|
146E000
|
stack
|
page read and write
|
||
|
CEA000
|
trusted library allocation
|
page execute and read and write
|
||
|
3018000
|
heap
|
page read and write
|
||
|
350000
|
unkown
|
page readonly
|
||
|
AF6000
|
stack
|
page read and write
|
||
|
12FA000
|
trusted library allocation
|
page execute and read and write
|
||
|
1307000
|
trusted library allocation
|
page execute and read and write
|
||
|
300D000
|
heap
|
page read and write
|
||
|
FBC000
|
stack
|
page read and write
|
||
|
3037000
|
heap
|
page read and write
|
||
|
304E000
|
heap
|
page read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
6630000
|
trusted library allocation
|
page read and write
|
||
|
1111000
|
heap
|
page read and write
|
||
|
4DE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
862000
|
trusted library allocation
|
page execute and read and write
|
||
|
3017000
|
heap
|
page read and write
|
||
|
6530000
|
heap
|
page read and write
|
||
|
62C0000
|
heap
|
page read and write
|
||
|
2FF9000
|
heap
|
page read and write
|
||
|
AEF000
|
heap
|
page read and write
|
||
|
323E000
|
trusted library allocation
|
page read and write
|
||
|
2FE1000
|
heap
|
page read and write
|
||
|
3018000
|
heap
|
page read and write
|
||
|
847000
|
trusted library allocation
|
page execute and read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
5F78000
|
heap
|
page read and write
|
||
|
3008000
|
heap
|
page read and write
|
||
|
300E000
|
heap
|
page read and write
|
||
|
1137000
|
heap
|
page read and write
|
||
|
2FD5000
|
heap
|
page read and write
|
||
|
1124000
|
heap
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
834F000
|
stack
|
page read and write
|
||
|
29AE000
|
stack
|
page read and write
|
||
|
6070000
|
heap
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
861E000
|
stack
|
page read and write
|
||
|
102E000
|
stack
|
page read and write
|
||
|
53AD000
|
stack
|
page read and write
|
||
|
303A000
|
heap
|
page read and write
|
||
|
C87000
|
trusted library allocation
|
page execute and read and write
|
||
|
CF7000
|
trusted library allocation
|
page execute and read and write
|
||
|
D2E000
|
heap
|
page read and write
|
||
|
51EB000
|
heap
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
4F50000
|
heap
|
page read and write
|
||
|
3042000
|
heap
|
page read and write
|
||
|
52A0000
|
heap
|
page read and write
|
||
|
83A000
|
trusted library allocation
|
page execute and read and write
|
||
|
850000
|
heap
|
page execute and read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
6A3F000
|
stack
|
page read and write
|
||
|
30B1000
|
heap
|
page read and write
|
||
|
30B4000
|
heap
|
page read and write
|
||
|
1030000
|
heap
|
page read and write
|
||
|
7DB000
|
stack
|
page read and write
|
||
|
304C000
|
heap
|
page read and write
|
||
|
5F70000
|
heap
|
page read and write
|
||
|
AA9000
|
heap
|
page read and write
|
||
|
6DB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
66AE000
|
stack
|
page read and write
|
||
|
D6A000
|
heap
|
page read and write
|
||
|
4998000
|
stack
|
page read and write
|
||
|
304A000
|
heap
|
page read and write
|
||
|
C50000
|
trusted library allocation
|
page read and write
|
||
|
26A9000
|
trusted library allocation
|
page read and write
|
||
|
1300000
|
trusted library allocation
|
page read and write
|
||
|
67DE000
|
stack
|
page read and write
|
||
|
3252000
|
trusted library allocation
|
page read and write
|
||
|
4F70000
|
heap
|
page read and write
|
||
|
9FD000
|
stack
|
page read and write
|
||
|
528B000
|
stack
|
page read and write
|
||
|
572B000
|
stack
|
page read and write
|
||
|
3016000
|
heap
|
page read and write
|
||
|
2FD2000
|
heap
|
page read and write
|
||
|
CD2000
|
trusted library allocation
|
page execute and read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
5347000
|
heap
|
page read and write
|
||
|
4B1E000
|
stack
|
page read and write
|
||
|
3038000
|
heap
|
page read and write
|
||
|
3049000
|
heap
|
page read and write
|
||
|
1750000
|
heap
|
page execute and read and write
|
||
|
3018000
|
heap
|
page read and write
|
||
|
4CB0000
|
trusted library allocation
|
page read and write
|
||
|
57F0000
|
heap
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
66DE000
|
stack
|
page read and write
|
||
|
51D5000
|
heap
|
page read and write
|
||
|
3037000
|
heap
|
page read and write
|
||
|
304A000
|
heap
|
page read and write
|
||
|
4850000
|
trusted library allocation
|
page read and write
|
||
|
6DFE000
|
stack
|
page read and write
|
||
|
48AC000
|
stack
|
page read and write
|
||
|
CFA000
|
trusted library allocation
|
page execute and read and write
|
||
|
3005000
|
heap
|
page read and write
|
||
|
84CC000
|
stack
|
page read and write
|
||
|
8F6000
|
heap
|
page read and write
|
||
|
300B000
|
heap
|
page read and write
|
||
|
550E000
|
stack
|
page read and write
|
||
|
47CE000
|
stack
|
page read and write
|
||
|
2A18000
|
trusted library allocation
|
page read and write
|
||
|
3034000
|
heap
|
page read and write
|
||
|
30BE000
|
heap
|
page read and write
|
||
|
4B5E000
|
stack
|
page read and write
|
||
|
10A0000
|
heap
|
page read and write
|
||
|
4FD000
|
stack
|
page read and write
|
||
|
507F000
|
stack
|
page read and write
|
||
|
62D0000
|
heap
|
page read and write
|
||
|
304E000
|
heap
|
page read and write
|
||
|
302A000
|
heap
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
C35000
|
heap
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
688E000
|
stack
|
page read and write
|
||
|
6543000
|
heap
|
page read and write
|
||
|
593D000
|
stack
|
page read and write
|
||
|
810000
|
trusted library allocation
|
page read and write
|
||
|
AC5000
|
heap
|
page read and write
|
||
|
C72000
|
trusted library allocation
|
page execute and read and write
|
||
|
F1E000
|
stack
|
page read and write
|
||
|
306F000
|
heap
|
page read and write
|
||
|
303F000
|
heap
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
2F06000
|
heap
|
page read and write
|
||
|
302A000
|
heap
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
306F000
|
heap
|
page read and write
|
||
|
F27000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F30000
|
trusted library allocation
|
page read and write
|
||
|
6E3E000
|
stack
|
page read and write
|
||
|
109E000
|
stack
|
page read and write
|
||
|
131A000
|
trusted library allocation
|
page execute and read and write
|
||
|
300A000
|
heap
|
page read and write
|
||
|
296E000
|
trusted library allocation
|
page read and write
|
||
|
522B000
|
stack
|
page read and write
|
||
|
7FBE000
|
stack
|
page read and write
|
||
|
302A000
|
heap
|
page read and write
|
||
|
3036000
|
heap
|
page read and write
|
||
|
4DDE000
|
stack
|
page read and write
|
||
|
5330000
|
heap
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
5314000
|
heap
|
page read and write
|
||
|
51E0000
|
heap
|
page read and write
|
||
|
4F10000
|
trusted library allocation
|
page read and write
|
||
|
C5A000
|
trusted library allocation
|
page execute and read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
5520000
|
trusted library allocation
|
page read and write
|
||
|
3048000
|
heap
|
page read and write
|
||
|
31B1000
|
trusted library allocation
|
page read and write
|
||
|
4F1E000
|
stack
|
page read and write
|
||
|
AAD000
|
heap
|
page read and write
|
||
|
6C1000
|
heap
|
page read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
110F000
|
stack
|
page read and write
|
||
|
4ACE000
|
stack
|
page read and write
|
||
|
4E1E000
|
stack
|
page read and write
|
||
|
5270000
|
heap
|
page read and write
|
||
|
CDA000
|
trusted library allocation
|
page execute and read and write
|
||
|
E6C000
|
stack
|
page read and write
|
||
|
E97000
|
heap
|
page read and write
|
||
|
1337000
|
heap
|
page read and write
|
||
|
5755000
|
heap
|
page read and write
|
||
|
53B0000
|
heap
|
page read and write
|
||
|
3049000
|
heap
|
page read and write
|
||
|
4B70000
|
heap
|
page read and write
|
||
|
DFE000
|
stack
|
page read and write
|
||
|
533C000
|
heap
|
page read and write
|
||
|
132B000
|
trusted library allocation
|
page execute and read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
2A11000
|
trusted library allocation
|
page read and write
|
||
|
54CF000
|
stack
|
page read and write
|
||
|
F89000
|
stack
|
page read and write
|
||
|
6A7E000
|
stack
|
page read and write
|
||
|
AF3000
|
heap
|
page read and write
|
||
|
3030000
|
heap
|
page read and write
|
||
|
3033000
|
heap
|
page read and write
|
||
|
45D000
|
stack
|
page read and write
|
||
|
3018000
|
heap
|
page read and write
|
||
|
6F3E000
|
stack
|
page read and write
|
||
|
2D7E000
|
trusted library allocation
|
page read and write
|
||
|
30B9000
|
heap
|
page read and write
|
||
|
CC0000
|
trusted library allocation
|
page read and write
|
||
|
304D000
|
heap
|
page read and write
|
||
|
53C0000
|
heap
|
page read and write
|
||
|
564F000
|
stack
|
page read and write
|
||
|
304D000
|
heap
|
page read and write
|
||
|
6D3000
|
heap
|
page read and write
|
||
|
1055000
|
heap
|
page read and write
|
||
|
693E000
|
stack
|
page read and write
|
||
|
5339000
|
heap
|
page read and write
|
||
|
E20000
|
heap
|
page execute and read and write
|
||
|
26F1000
|
trusted library allocation
|
page read and write
|
||
|
51D0000
|
heap
|
page read and write
|
||
|
2E6E000
|
stack
|
page read and write
|
||
|
300D000
|
heap
|
page read and write
|
||
|
C30000
|
trusted library allocation
|
page read and write
|
||
|
5316000
|
heap
|
page read and write
|
||
|
6F9000
|
stack
|
page read and write
|
||
|
8F5000
|
heap
|
page read and write
|
||
|
6A40000
|
heap
|
page read and write
|
||
|
C6A000
|
trusted library allocation
|
page execute and read and write
|
||
|
3241000
|
trusted library allocation
|
page read and write
|
||
|
325F000
|
trusted library allocation
|
page read and write
|
||
|
3014000
|
heap
|
page read and write
|
||
|
2CF1000
|
trusted library allocation
|
page read and write
|
||
|
D9B000
|
heap
|
page read and write
|
||
|
517E000
|
stack
|
page read and write
|
||
|
12FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
659E000
|
stack
|
page read and write
|
||
|
10A8000
|
heap
|
page read and write
|
||
|
877000
|
trusted library allocation
|
page execute and read and write
|
||
|
533A000
|
heap
|
page read and write
|
||
|
F86000
|
stack
|
page read and write
|
||
|
816000
|
trusted library allocation
|
page read and write
|
||
|
12D0000
|
trusted library allocation
|
page read and write
|
||
|
1270000
|
heap
|
page read and write
|
||
|
352000
|
unkown
|
page readonly
|
||
|
3CF1000
|
trusted library allocation
|
page read and write
|
||
|
C5C000
|
trusted library allocation
|
page execute and read and write
|
||
|
84A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F10000
|
heap
|
page read and write
|
||
|
B07000
|
heap
|
page read and write
|
||
|
CE0000
|
trusted library allocation
|
page read and write
|
||
|
5100000
|
heap
|
page read and write
|
||
|
5940000
|
heap
|
page read and write
|
||
|
3014000
|
heap
|
page read and write
|
||
|
7F9C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B7000
|
heap
|
page read and write
|
||
|
3031000
|
heap
|
page read and write
|
||
|
82A000
|
trusted library allocation
|
page execute and read and write
|
||
|
69D2000
|
trusted library allocation
|
page read and write
|
||
|
871F000
|
stack
|
page read and write
|
||
|
2EFE000
|
unkown
|
page read and write
|
||
|
12EA000
|
trusted library allocation
|
page execute and read and write
|
||
|
67AF000
|
stack
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
C7E000
|
stack
|
page read and write
|
||
|
302B000
|
heap
|
page read and write
|
||
|
320E000
|
trusted library allocation
|
page read and write
|
||
|
8FB000
|
stack
|
page read and write
|
||
|
3038000
|
heap
|
page read and write
|
||
|
1007000
|
heap
|
page read and write
|
||
|
3049000
|
heap
|
page read and write
|
||
|
3285000
|
trusted library allocation
|
page read and write
|
||
|
5110000
|
heap
|
page read and write
|
||
|
C4A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1302000
|
trusted library allocation
|
page read and write
|
||
|
4F0E000
|
stack
|
page read and write
|
||
|
87E000
|
stack
|
page read and write
|
||
|
304E000
|
heap
|
page read and write
|
||
|
4B20000
|
heap
|
page read and write
|
||
|
3041000
|
heap
|
page read and write
|
||
|
46F000
|
stack
|
page read and write
|
||
|
10D6000
|
heap
|
page read and write
|
||
|
2FC8000
|
heap
|
page read and write
|
||
|
6CBF000
|
stack
|
page read and write
|
||
|
5230000
|
trusted library section
|
page readonly
|
||
|
5730000
|
trusted library section
|
page readonly
|
||
|
1312000
|
trusted library allocation
|
page execute and read and write
|
||
|
9F3000
|
stack
|
page read and write
|
||
|
112F000
|
heap
|
page read and write
|
||
|
2B10000
|
heap
|
page read and write
|
||
|
CE2000
|
trusted library allocation
|
page execute and read and write
|
||
|
302F000
|
heap
|
page read and write
|
||
|
77A000
|
stack
|
page read and write
|
||
|
3033000
|
heap
|
page read and write
|
||
|
3042000
|
heap
|
page read and write
|
||
|
26CC000
|
trusted library allocation
|
page read and write
|
||
|
48D3000
|
heap
|
page read and write
|
||
|
E80000
|
trusted library allocation
|
page read and write
|
||
|
6A59000
|
heap
|
page read and write
|
||
|
A3E000
|
heap
|
page read and write
|
||
|
6F6000
|
stack
|
page read and write
|
||
|
4FFB000
|
stack
|
page read and write
|
||
|
130A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B15000
|
heap
|
page read and write
|
||
|
53CE000
|
stack
|
page read and write
|
||
|
5200000
|
trusted library section
|
page readonly
|
||
|
303D000
|
heap
|
page read and write
|
||
|
3981000
|
trusted library allocation
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
2BF0000
|
heap
|
page read and write
|
||
|
304E000
|
heap
|
page read and write
|
||
|
3F9000
|
stack
|
page read and write
|
||
|
4FB0000
|
heap
|
page read and write
|
||
|
BA000
|
stack
|
page read and write
|
||
|
85CC000
|
stack
|
page read and write
|
||
|
4860000
|
trusted library allocation
|
page read and write
|
||
|
832000
|
trusted library allocation
|
page execute and read and write
|
||
|
3006000
|
heap
|
page read and write
|
||
|
2686000
|
trusted library allocation
|
page read and write
|
||
|
5280000
|
trusted library allocation
|
page execute and read and write
|
||
|
74B000
|
stack
|
page read and write
|
||
|
303A000
|
heap
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
4CD0000
|
heap
|
page read and write
|
||
|
4E6000
|
heap
|
page read and write
|
||
|
669E000
|
stack
|
page read and write
|
||
|
824F000
|
stack
|
page read and write
|
||
|
2A80000
|
heap
|
page read and write
|
||
|
3043000
|
heap
|
page read and write
|
||
|
306F000
|
heap
|
page read and write
|
||
|
62DE000
|
heap
|
page read and write
|
||
|
304A000
|
heap
|
page read and write
|
||
|
304A000
|
heap
|
page read and write
|
||
|
47E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5540000
|
heap
|
page read and write
|
||
|
1B6000
|
stack
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
68EF000
|
stack
|
page read and write
|
||
|
156E000
|
stack
|
page read and write
|
||
|
E90000
|
heap
|
page read and write
|
||
|
3265000
|
trusted library allocation
|
page read and write
|
||
|
2FE1000
|
heap
|
page read and write
|
||
|
C42000
|
trusted library allocation
|
page execute and read and write
|
||
|
3038000
|
heap
|
page read and write
|
||
|
55C000
|
stack
|
page read and write
|
||
|
304E000
|
heap
|
page read and write
|
||
|
DBE000
|
heap
|
page read and write
|
||
|
CF2000
|
trusted library allocation
|
page read and write
|
||
|
303A000
|
heap
|
page read and write
|
||
|
3008000
|
heap
|
page read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
4CA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5530000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F60000
|
heap
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
87B000
|
trusted library allocation
|
page execute and read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
2FF6000
|
heap
|
page read and write
|
||
|
538E000
|
stack
|
page read and write
|
||
|
5334000
|
heap
|
page read and write
|
||
|
5135000
|
heap
|
page read and write
|
||
|
5830000
|
heap
|
page read and write
|
||
|
1050000
|
heap
|
page read and write
|
||
|
5750000
|
heap
|
page read and write
|
||
|
F2B000
|
trusted library allocation
|
page execute and read and write
|
||
|
5800000
|
heap
|
page read and write
|
||
|
5950000
|
heap
|
page read and write
|
||
|
320C000
|
trusted library allocation
|
page read and write
|
||
|
3018000
|
heap
|
page read and write
|
||
|
822000
|
trusted library allocation
|
page execute and read and write
|
||
|
C7A000
|
trusted library allocation
|
page execute and read and write
|
||
|
3283000
|
trusted library allocation
|
page read and write
|
||
|
3631000
|
trusted library allocation
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
4F95000
|
heap
|
page read and write
|
||
|
4F20000
|
trusted library allocation
|
page execute and read and write
|
||
|
86A000
|
trusted library allocation
|
page execute and read and write
|
||
|
3035000
|
heap
|
page read and write
|
||
|
3041000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
813000
|
trusted library allocation
|
page read and write
|
||
|
51BF000
|
stack
|
page read and write
|
||
|
BCC000
|
stack
|
page read and write
|
||
|
645000
|
heap
|
page read and write
|
||
|
306F000
|
heap
|
page read and write
|
||
|
CFE000
|
stack
|
page read and write
|
||
|
860000
|
trusted library allocation
|
page read and write
|
||
|
2ACD000
|
unkown
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
51C0000
|
heap
|
page read and write
|
||
|
4E8E000
|
stack
|
page read and write
|
||
|
41B1000
|
trusted library allocation
|
page read and write
|
||
|
4F90000
|
heap
|
page read and write
|
||
|
9FB000
|
stack
|
page read and write
|
||
|
573F000
|
trusted library section
|
page readonly
|
||
|
304D000
|
heap
|
page read and write
|
||
|
48D0000
|
heap
|
page read and write
|
||
|
3019000
|
heap
|
page read and write
|
||
|
12F2000
|
trusted library allocation
|
page execute and read and write
|
||
|
4638000
|
trusted library allocation
|
page read and write
|
||
|
4C5E000
|
stack
|
page read and write
|
||
|
AF9000
|
stack
|
page read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
5310000
|
heap
|
page read and write
|
||
|
2DC5000
|
trusted library allocation
|
page read and write
|
||
|
4ECE000
|
stack
|
page read and write
|
||
|
52B0000
|
heap
|
page read and write
|
||
|
C2E000
|
stack
|
page read and write
|
||
|
4FB3000
|
heap
|
page read and write
|
||
|
D10000
|
heap
|
page execute and read and write
|
||
|
2A0E000
|
trusted library allocation
|
page read and write
|
||
|
9EE000
|
stack
|
page read and write
|
||
|
838E000
|
stack
|
page read and write
|
||
|
C0E000
|
stack
|
page read and write
|
||
|
491B000
|
stack
|
page read and write
|
||
|
6080000
|
heap
|
page read and write
|
||
|
4C9E000
|
stack
|
page read and write
|
||
|
304E000
|
heap
|
page read and write
|
||
|
5810000
|
trusted library allocation
|
page execute and read and write
|
||
|
9FE000
|
stack
|
page read and write
|
||
|
2FE1000
|
heap
|
page read and write
|
||
|
4A00000
|
unclassified section
|
page read and write
|
||
|
6B40000
|
trusted library allocation
|
page read and write
|
||
|
30B7000
|
heap
|
page read and write
|
||
|
495C000
|
stack
|
page read and write
|
||
|
303C000
|
heap
|
page read and write
|
||
|
3004000
|
heap
|
page read and write
|
||
|
830000
|
trusted library allocation
|
page read and write
|
||
|
D5F000
|
heap
|
page read and write
|
||
|
C62000
|
trusted library allocation
|
page read and write
|
||
|
4B1E000
|
stack
|
page read and write
|
||
|
3008000
|
heap
|
page read and write
|
||
|
5650000
|
trusted library allocation
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
7EA0000
|
heap
|
page read and write
|
||
|
52ED000
|
stack
|
page read and write
|
||
|
D97000
|
heap
|
page read and write
|
||
|
1290000
|
heap
|
page read and write
|
||
|
D0A000
|
trusted library allocation
|
page execute and read and write
|
||
|
872000
|
trusted library allocation
|
page read and write
|
||
|
67EE000
|
stack
|
page read and write
|
||
|
83B0000
|
heap
|
page read and write
|
||
|
5260000
|
heap
|
page read and write
|
||
|
8BE000
|
stack
|
page read and write
|
||
|
31BE000
|
stack
|
page read and write
|
||
|
618000
|
heap
|
page read and write
|
||
|
3004000
|
heap
|
page read and write
|
There are 473 hidden memdumps, click here to show them.