Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
hesaphareketi__.exe
|
PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_hesaphareketi__._1cfc9f95d0ac0ef7b4ea5d88dfd59ba3ea51acd_450e69c1_03aa1bc2-e93c-49cf-bd30-47bb52d92b80\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF96D.tmp.dmp
|
Mini DuMP crash report, 16 streams, Tue Jul 2 06:31:27 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFBDF.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFC0F.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\hesaphareketi__.exe
|
"C:\Users\user\Desktop\hesaphareketi__.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7116 -s 1128
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://ftp.normagroup.com.tr
|
unknown
|
|
|
|
http://upx.sf.net
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ftp.normagroup.com.tr
|
104.247.165.99
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.247.165.99
|
ftp.normagroup.com.tr
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASMANCS
|
FileDirectory
|
||
|
\REGISTRY\A\{00473ae5-31ce-7da6-5e2d-c4743bfd91ae}\Root\InventoryApplicationFile\hesaphareketi__.|3666c75154d2a817
|
ProgramId
|
||
|
\REGISTRY\A\{00473ae5-31ce-7da6-5e2d-c4743bfd91ae}\Root\InventoryApplicationFile\hesaphareketi__.|3666c75154d2a817
|
FileId
|
||
|
\REGISTRY\A\{00473ae5-31ce-7da6-5e2d-c4743bfd91ae}\Root\InventoryApplicationFile\hesaphareketi__.|3666c75154d2a817
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{00473ae5-31ce-7da6-5e2d-c4743bfd91ae}\Root\InventoryApplicationFile\hesaphareketi__.|3666c75154d2a817
|
LongPathHash
|
||
|
\REGISTRY\A\{00473ae5-31ce-7da6-5e2d-c4743bfd91ae}\Root\InventoryApplicationFile\hesaphareketi__.|3666c75154d2a817
|
Name
|
||
|
\REGISTRY\A\{00473ae5-31ce-7da6-5e2d-c4743bfd91ae}\Root\InventoryApplicationFile\hesaphareketi__.|3666c75154d2a817
|
OriginalFileName
|
||
|
\REGISTRY\A\{00473ae5-31ce-7da6-5e2d-c4743bfd91ae}\Root\InventoryApplicationFile\hesaphareketi__.|3666c75154d2a817
|
Publisher
|
||
|
\REGISTRY\A\{00473ae5-31ce-7da6-5e2d-c4743bfd91ae}\Root\InventoryApplicationFile\hesaphareketi__.|3666c75154d2a817
|
Version
|
||
|
\REGISTRY\A\{00473ae5-31ce-7da6-5e2d-c4743bfd91ae}\Root\InventoryApplicationFile\hesaphareketi__.|3666c75154d2a817
|
BinFileVersion
|
||
|
\REGISTRY\A\{00473ae5-31ce-7da6-5e2d-c4743bfd91ae}\Root\InventoryApplicationFile\hesaphareketi__.|3666c75154d2a817
|
BinaryType
|
||
|
\REGISTRY\A\{00473ae5-31ce-7da6-5e2d-c4743bfd91ae}\Root\InventoryApplicationFile\hesaphareketi__.|3666c75154d2a817
|
ProductName
|
||
|
\REGISTRY\A\{00473ae5-31ce-7da6-5e2d-c4743bfd91ae}\Root\InventoryApplicationFile\hesaphareketi__.|3666c75154d2a817
|
ProductVersion
|
||
|
\REGISTRY\A\{00473ae5-31ce-7da6-5e2d-c4743bfd91ae}\Root\InventoryApplicationFile\hesaphareketi__.|3666c75154d2a817
|
LinkDate
|
||
|
\REGISTRY\A\{00473ae5-31ce-7da6-5e2d-c4743bfd91ae}\Root\InventoryApplicationFile\hesaphareketi__.|3666c75154d2a817
|
BinProductVersion
|
||
|
\REGISTRY\A\{00473ae5-31ce-7da6-5e2d-c4743bfd91ae}\Root\InventoryApplicationFile\hesaphareketi__.|3666c75154d2a817
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{00473ae5-31ce-7da6-5e2d-c4743bfd91ae}\Root\InventoryApplicationFile\hesaphareketi__.|3666c75154d2a817
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{00473ae5-31ce-7da6-5e2d-c4743bfd91ae}\Root\InventoryApplicationFile\hesaphareketi__.|3666c75154d2a817
|
Size
|
||
|
\REGISTRY\A\{00473ae5-31ce-7da6-5e2d-c4743bfd91ae}\Root\InventoryApplicationFile\hesaphareketi__.|3666c75154d2a817
|
Language
|
||
|
\REGISTRY\A\{00473ae5-31ce-7da6-5e2d-c4743bfd91ae}\Root\InventoryApplicationFile\hesaphareketi__.|3666c75154d2a817
|
Usn
|
There are 24 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2E01000
|
trusted library allocation
|
page read and write
|
|
|
|
1CEC2570000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
2DB1000
|
trusted library allocation
|
page read and write
|
|
|
|
1CED2824000
|
trusted library allocation
|
page read and write
|
|
|
|
10C20000
|
trusted library allocation
|
page read and write
|
||
|
10C5C000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1CFE6000
|
unkown
|
page readonly
|
||
|
6360000
|
trusted library allocation
|
page read and write
|
||
|
5800000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC50000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CEC0BB0000
|
trusted library section
|
page readonly
|
||
|
31BE000
|
trusted library allocation
|
page read and write
|
||
|
2B7C000
|
stack
|
page read and write
|
||
|
DB89000
|
trusted library allocation
|
page read and write
|
||
|
F18000
|
heap
|
page read and write
|
||
|
6A60000
|
heap
|
page read and write
|
||
|
F83000
|
heap
|
page read and write
|
||
|
83DD5FE000
|
stack
|
page read and write
|
||
|
7FFAACBAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BC8000
|
trusted library allocation
|
page read and write
|
||
|
10C66000
|
trusted library allocation
|
page read and write
|
||
|
1CEC0CB5000
|
heap
|
page read and write
|
||
|
11AB000
|
stack
|
page read and write
|
||
|
2BB0000
|
heap
|
page execute and read and write
|
||
|
7FFAACD47000
|
trusted library allocation
|
page read and write
|
||
|
2CA0000
|
heap
|
page read and write
|
||
|
DB86000
|
trusted library allocation
|
page read and write
|
||
|
1CEDC040000
|
heap
|
page read and write
|
||
|
83DD2FD000
|
stack
|
page read and write
|
||
|
1150000
|
heap
|
page read and write
|
||
|
78AE000
|
stack
|
page read and write
|
||
|
83DD7FE000
|
stack
|
page read and write
|
||
|
57EC000
|
stack
|
page read and write
|
||
|
674E000
|
stack
|
page read and write
|
||
|
7FFB1CFF0000
|
unkown
|
page read and write
|
||
|
3DB1000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACDA0000
|
trusted library allocation
|
page read and write
|
||
|
3195000
|
trusted library allocation
|
page read and write
|
||
|
10C4D000
|
trusted library allocation
|
page read and write
|
||
|
10C48000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACBA2000
|
trusted library allocation
|
page read and write
|
||
|
67E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CEC0840000
|
unkown
|
page readonly
|
||
|
2E23000
|
trusted library allocation
|
page read and write
|
||
|
1CED2A5D000
|
trusted library allocation
|
page read and write
|
||
|
1CEC0A3B000
|
heap
|
page read and write
|
||
|
6130000
|
heap
|
page read and write
|
||
|
1CEC0A10000
|
heap
|
page read and write
|
||
|
1CEDC1B0000
|
heap
|
page execute and read and write
|
||
|
1CEC0A1C000
|
heap
|
page read and write
|
||
|
1167000
|
heap
|
page read and write
|
||
|
10C11000
|
trusted library allocation
|
page read and write
|
||
|
83DD6FF000
|
stack
|
page read and write
|
||
|
5222000
|
trusted library allocation
|
page read and write
|
||
|
1CEC2531000
|
trusted library allocation
|
page read and write
|
||
|
1CEC0B50000
|
trusted library allocation
|
page read and write
|
||
|
10C39000
|
trusted library allocation
|
page read and write
|
||
|
6270000
|
trusted library allocation
|
page read and write
|
||
|
5840000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD30000
|
trusted library allocation
|
page read and write
|
||
|
5F2F000
|
stack
|
page read and write
|
||
|
1CEDBF40000
|
heap
|
page read and write
|
||
|
5866000
|
trusted library allocation
|
page read and write
|
||
|
52B0000
|
heap
|
page execute and read and write
|
||
|
54CC000
|
stack
|
page read and write
|
||
|
67CF000
|
stack
|
page read and write
|
||
|
2AD7000
|
trusted library allocation
|
page execute and read and write
|
||
|
7EFA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CEC09C5000
|
heap
|
page read and write
|
||
|
3167000
|
trusted library allocation
|
page read and write
|
||
|
1CEC0B80000
|
trusted library allocation
|
page read and write
|
||
|
1CEC289C000
|
trusted library allocation
|
page read and write
|
||
|
2B90000
|
trusted library allocation
|
page read and write
|
||
|
1CEC0A7D000
|
heap
|
page read and write
|
||
|
1CEC0BC0000
|
heap
|
page read and write
|
||
|
DB8E000
|
trusted library allocation
|
page read and write
|
||
|
51F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC40000
|
trusted library allocation
|
page read and write
|
||
|
6CAC000
|
stack
|
page read and write
|
||
|
5860000
|
trusted library allocation
|
page read and write
|
||
|
520E000
|
trusted library allocation
|
page read and write
|
||
|
1CEC0A3D000
|
heap
|
page read and write
|
||
|
F47000
|
heap
|
page read and write
|
||
|
131A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CEDADE0000
|
heap
|
page read and write
|
||
|
104C000
|
stack
|
page read and write
|
||
|
2C90000
|
trusted library allocation
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
54E0000
|
heap
|
page read and write
|
||
|
60C0000
|
heap
|
page read and write
|
||
|
12F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1CFD0000
|
unkown
|
page readonly
|
||
|
5FB7000
|
heap
|
page read and write
|
||
|
6EE0F000
|
unkown
|
page readonly
|
||
|
BB9000
|
stack
|
page read and write
|
||
|
1310000
|
trusted library allocation
|
page read and write
|
||
|
2C80000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACBB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD82000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB90000
|
trusted library allocation
|
page read and write
|
||
|
8189000
|
trusted library allocation
|
page read and write
|
||
|
FE7000
|
heap
|
page read and write
|
||
|
2E0F000
|
trusted library allocation
|
page read and write
|
||
|
10D86000
|
trusted library allocation
|
page read and write
|
||
|
52C4000
|
heap
|
page read and write
|
||
|
7FFAACBA8000
|
trusted library allocation
|
page read and write
|
||
|
10C57000
|
trusted library allocation
|
page read and write
|
||
|
678E000
|
stack
|
page read and write
|
||
|
6A5F000
|
stack
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
626D000
|
stack
|
page read and write
|
||
|
5FB0000
|
heap
|
page read and write
|
||
|
10C43000
|
trusted library allocation
|
page read and write
|
||
|
2B80000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AF0000
|
trusted library allocation
|
page read and write
|
||
|
10C0F000
|
trusted library allocation
|
page read and write
|
||
|
1CEDAE50000
|
heap
|
page read and write
|
||
|
5216000
|
trusted library allocation
|
page read and write
|
||
|
10C1B000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACBBD000
|
trusted library allocation
|
page execute and read and write
|
||
|
FD4000
|
heap
|
page read and write
|
||
|
3032000
|
trusted library allocation
|
page read and write
|
||
|
1CEC0CB0000
|
heap
|
page read and write
|
||
|
7FFAACB94000
|
trusted library allocation
|
page read and write
|
||
|
1CEC0A33000
|
heap
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
2DFF000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD40000
|
trusted library allocation
|
page read and write
|
||
|
1320000
|
heap
|
page read and write
|
||
|
7FFAACB9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACB93000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C60000
|
heap
|
page read and write
|
||
|
F45000
|
heap
|
page read and write
|
||
|
2DFD000
|
trusted library allocation
|
page read and write
|
||
|
51FB000
|
trusted library allocation
|
page read and write
|
||
|
5211000
|
trusted library allocation
|
page read and write
|
||
|
60BE000
|
stack
|
page read and write
|
||
|
1CEDC1C0000
|
trusted library section
|
page read and write
|
||
|
12F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
51FE000
|
trusted library allocation
|
page read and write
|
||
|
1CEC0A83000
|
heap
|
page read and write
|
||
|
1316000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CEC09D0000
|
heap
|
page read and write
|
||
|
7FFAACBA0000
|
trusted library allocation
|
page read and write
|
||
|
6330000
|
trusted library allocation
|
page read and write
|
||
|
664E000
|
stack
|
page read and write
|
||
|
1CEC09C0000
|
heap
|
page read and write
|
||
|
584C000
|
trusted library allocation
|
page read and write
|
||
|
2E55000
|
trusted library allocation
|
page read and write
|
||
|
6CB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD50000
|
trusted library allocation
|
page read and write
|
||
|
6A1E000
|
stack
|
page read and write
|
||
|
7FFB1CFF2000
|
unkown
|
page readonly
|
||
|
7FFAACD80000
|
trusted library allocation
|
page read and write
|
||
|
6EE06000
|
unkown
|
page readonly
|
||
|
1326000
|
heap
|
page read and write
|
||
|
130D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5202000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACBBB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CEC08D0000
|
heap
|
page read and write
|
||
|
7FFAACB92000
|
trusted library allocation
|
page read and write
|
||
|
83DD8FE000
|
stack
|
page read and write
|
||
|
2DAE000
|
stack
|
page read and write
|
||
|
2BA0000
|
trusted library allocation
|
page read and write
|
||
|
1CEDC078000
|
heap
|
page read and write
|
||
|
5850000
|
heap
|
page read and write
|
||
|
10C52000
|
trusted library allocation
|
page read and write
|
||
|
1CED2DCE000
|
trusted library allocation
|
page read and write
|
||
|
52D0000
|
heap
|
page read and write
|
||
|
F96000
|
heap
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
5870000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CEC0A53000
|
heap
|
page read and write
|
||
|
5810000
|
trusted library allocation
|
page read and write
|
||
|
1CEC0A97000
|
heap
|
page read and write
|
||
|
ABA000
|
stack
|
page read and write
|
||
|
2AD0000
|
trusted library allocation
|
page read and write
|
||
|
1CED2537000
|
trusted library allocation
|
page read and write
|
||
|
1CEDAD00000
|
trusted library section
|
page read and write
|
||
|
6BAC000
|
stack
|
page read and write
|
||
|
1CEDA560000
|
trusted library allocation
|
page read and write
|
||
|
10B72000
|
trusted library allocation
|
page read and write
|
||
|
1CEC0AFF000
|
heap
|
page read and write
|
||
|
77AE000
|
stack
|
page read and write
|
||
|
F3A000
|
heap
|
page read and write
|
||
|
2AD5000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CEDAE40000
|
heap
|
page read and write
|
||
|
12AD000
|
stack
|
page read and write
|
||
|
552E000
|
stack
|
page read and write
|
||
|
1CED2531000
|
trusted library allocation
|
page read and write
|
||
|
52C0000
|
heap
|
page read and write
|
||
|
1CEDC4A2000
|
trusted library section
|
page read and write
|
||
|
521D000
|
trusted library allocation
|
page read and write
|
||
|
1CEC0B10000
|
heap
|
page read and write
|
||
|
7FFAACD60000
|
trusted library allocation
|
page read and write
|
||
|
1CEC2555000
|
trusted library allocation
|
page read and write
|
||
|
527C000
|
stack
|
page read and write
|
||
|
10C16000
|
trusted library allocation
|
page read and write
|
||
|
5610000
|
heap
|
page read and write
|
||
|
7FFAACC4C000
|
trusted library allocation
|
page execute and read and write
|
||
|
3DD9000
|
trusted library allocation
|
page read and write
|
||
|
6310000
|
trusted library allocation
|
page read and write
|
||
|
10C3E000
|
trusted library allocation
|
page read and write
|
||
|
1CED2541000
|
trusted library allocation
|
page read and write
|
||
|
83DD1FE000
|
stack
|
page read and write
|
||
|
1CEC0B70000
|
trusted library allocation
|
page read and write
|
||
|
83DD0FE000
|
stack
|
page read and write
|
||
|
1CEDAE35000
|
heap
|
page read and write
|
||
|
6EDF1000
|
unkown
|
page execute read
|
||
|
7FFB1CFD1000
|
unkown
|
page execute read
|
||
|
5818000
|
trusted library allocation
|
page read and write
|
||
|
83DCEF3000
|
stack
|
page read and write
|
||
|
7FFAACBB4000
|
trusted library allocation
|
page read and write
|
||
|
5F6C000
|
stack
|
page read and write
|
||
|
12F4000
|
trusted library allocation
|
page read and write
|
||
|
2E25000
|
trusted library allocation
|
page read and write
|
||
|
1CEC0842000
|
unkown
|
page readonly
|
||
|
7BC0000
|
heap
|
page read and write
|
||
|
3E1B000
|
trusted library allocation
|
page read and write
|
||
|
6B6C000
|
stack
|
page read and write
|
||
|
6276000
|
trusted library allocation
|
page read and write
|
||
|
1312000
|
trusted library allocation
|
page read and write
|
||
|
5790000
|
trusted library allocation
|
page read and write
|
||
|
1CED253D000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD90000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACD36000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC76000
|
trusted library allocation
|
page execute and read and write
|
||
|
6EE0D000
|
unkown
|
page read and write
|
||
|
1CEC09F0000
|
heap
|
page read and write
|
||
|
4EAD000
|
stack
|
page read and write
|
||
|
10C25000
|
trusted library allocation
|
page read and write
|
||
|
83DD4FC000
|
stack
|
page read and write
|
||
|
5FAC000
|
stack
|
page read and write
|
||
|
2AD2000
|
trusted library allocation
|
page read and write
|
||
|
1CEC0A51000
|
heap
|
page read and write
|
||
|
12FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
69DB000
|
stack
|
page read and write
|
||
|
10D8E000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1CFF5000
|
unkown
|
page readonly
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
10D89000
|
trusted library allocation
|
page read and write
|
||
|
1CEDAE30000
|
heap
|
page read and write
|
||
|
12E0000
|
trusted library allocation
|
page read and write
|
||
|
7BB0000
|
heap
|
page read and write
|
||
|
10C61000
|
trusted library allocation
|
page read and write
|
||
|
83DD3FC000
|
stack
|
page read and write
|
||
|
818E000
|
trusted library allocation
|
page read and write
|
||
|
1CEC0B83000
|
trusted library allocation
|
page read and write
|
||
|
83DCFFF000
|
stack
|
page read and write
|
||
|
10C34000
|
trusted library allocation
|
page read and write
|
||
|
2ADB000
|
trusted library allocation
|
page execute and read and write
|
||
|
6320000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF40ADB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CEC0C30000
|
heap
|
page read and write
|
||
|
7FFAACBEC000
|
trusted library allocation
|
page execute and read and write
|
||
|
E25000
|
heap
|
page read and write
|
||
|
10C2A000
|
trusted library allocation
|
page read and write
|
||
|
5619000
|
heap
|
page read and write
|
||
|
67D0000
|
heap
|
page read and write
|
||
|
1CEC2520000
|
heap
|
page execute and read and write
|
||
|
6EDF0000
|
unkown
|
page readonly
|
||
|
31A2000
|
trusted library allocation
|
page read and write
|
||
|
2B3E000
|
stack
|
page read and write
|
||
|
630E000
|
stack
|
page read and write
|
||
|
7FFAACD70000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACCB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACD4C000
|
trusted library allocation
|
page read and write
|
||
|
114E000
|
stack
|
page read and write
|
||
|
10C2F000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC46000
|
trusted library allocation
|
page read and write
|
||
|
1300000
|
trusted library allocation
|
page read and write
|
||
|
57F0000
|
trusted library allocation
|
page read and write
|
||
|
8186000
|
trusted library allocation
|
page read and write
|
There are 264 hidden memdumps, click here to show them.