Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
vNx9jGoYpb.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_vNx9jGoYpb.exe_1a36ee1e8d866438ce0365ff4a967e6bec3e399_7a62e937_2c513ef4-d8d7-415e-8458-44fe6a175ed7\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREC60.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Jul 3 13:54:03 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF1B1.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF29C.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\vNx9jGoYpb.exe
|
"C:\Users\user\Desktop\vNx9jGoYpb.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 308
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
94.228.166.68:80
|
|
||
|
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/sc/sct
|
unknown
|
||
|
https://duckduckgo.com/chrome_newtab
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
http://tempuri.org/Entity/Id23ResponseD
|
unknown
|
||
|
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
|
unknown
|
||
|
http://tempuri.org/Entity/Id12Response
|
unknown
|
||
|
http://tempuri.org/
|
unknown
|
||
|
http://tempuri.org/Entity/Id2Response
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
|
unknown
|
||
|
http://tempuri.org/Entity/Id21Response
|
unknown
|
||
|
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
|
unknown
|
||
|
http://tempuri.org/Entity/Id9
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
|
unknown
|
||
|
http://tempuri.org/Entity/Id8
|
unknown
|
||
|
http://tempuri.org/Entity/Id5
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
|
unknown
|
||
|
http://tempuri.org/Entity/Id4
|
unknown
|
||
|
http://tempuri.org/Entity/Id7
|
unknown
|
||
|
http://tempuri.org/Entity/Id6
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
|
unknown
|
||
|
http://tempuri.org/Entity/Id19Response
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
|
unknown
|
||
|
http://tempuri.org/Entity/Id15Response
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
|
unknown
|
||
|
http://tempuri.org/Entity/Id6Response
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
|
unknown
|
||
|
https://api.ip.sb/ip
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/sc
|
unknown
|
||
|
http://tempuri.org/Entity/Id1ResponseD
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
|
unknown
|
||
|
http://tempuri.org/Entity/Id9Response
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
http://tempuri.org/Entity/Id20
|
unknown
|
||
|
http://tempuri.org/Entity/Id21
|
unknown
|
||
|
http://tempuri.org/Entity/Id22
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
|
unknown
|
||
|
http://tempuri.org/Entity/Id23
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
|
unknown
|
||
|
http://tempuri.org/Entity/Id24
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
|
unknown
|
||
|
http://tempuri.org/Entity/Id24Response
|
unknown
|
||
|
https://www.ecosia.org/newtab/
|
unknown
|
||
|
http://tempuri.org/Entity/Id1Response
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
|
unknown
|
||
|
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/08/addressing
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/trust
|
unknown
|
||
|
http://tempuri.org/Entity/Id10
|
unknown
|
||
|
http://tempuri.org/Entity/Id11
|
unknown
|
||
|
http://tempuri.org/Entity/Id12
|
unknown
|
||
|
http://tempuri.org/Entity/Id16Response
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
|
unknown
|
||
|
http://tempuri.org/Entity/Id13
|
unknown
|
||
|
http://tempuri.org/Entity/Id14
|
unknown
|
||
|
http://tempuri.org/Entity/Id15
|
unknown
|
||
|
http://tempuri.org/Entity/Id16
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
|
unknown
|
||
|
http://tempuri.org/Entity/Id17
|
unknown
|
||
|
http://tempuri.org/Entity/Id18
|
unknown
|
||
|
http://tempuri.org/Entity/Id5Response
|
unknown
|
||
|
http://tempuri.org/Entity/Id19
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
|
unknown
|
||
|
http://tempuri.org/Entity/Id10Response
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
|
unknown
|
||
|
http://tempuri.org/Entity/Id8Response
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/envelope/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
|
unknown
|
||
|
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust
|
unknown
|
||
|
https://duckduckgo.com/chrome_newtabS
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
|
unknown
|
||
|
http://tempuri.org/Entity/Id3ResponseD
|
unknown
|
||
|
http://tempuri.org/Entity/Id23Response
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
api.ip.sb
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
94.228.166.68
|
unknown
|
Russian Federation
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFiles0000
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFilesHash
|
||
|
\REGISTRY\A\{dc545369-835d-3b78-62d5-fac3e5885162}\Root\InventoryApplicationFile\vnx9jgoypb.exe|4a93e2e5db9788e6
|
ProgramId
|
||
|
\REGISTRY\A\{dc545369-835d-3b78-62d5-fac3e5885162}\Root\InventoryApplicationFile\vnx9jgoypb.exe|4a93e2e5db9788e6
|
FileId
|
||
|
\REGISTRY\A\{dc545369-835d-3b78-62d5-fac3e5885162}\Root\InventoryApplicationFile\vnx9jgoypb.exe|4a93e2e5db9788e6
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{dc545369-835d-3b78-62d5-fac3e5885162}\Root\InventoryApplicationFile\vnx9jgoypb.exe|4a93e2e5db9788e6
|
LongPathHash
|
||
|
\REGISTRY\A\{dc545369-835d-3b78-62d5-fac3e5885162}\Root\InventoryApplicationFile\vnx9jgoypb.exe|4a93e2e5db9788e6
|
Name
|
||
|
\REGISTRY\A\{dc545369-835d-3b78-62d5-fac3e5885162}\Root\InventoryApplicationFile\vnx9jgoypb.exe|4a93e2e5db9788e6
|
OriginalFileName
|
||
|
\REGISTRY\A\{dc545369-835d-3b78-62d5-fac3e5885162}\Root\InventoryApplicationFile\vnx9jgoypb.exe|4a93e2e5db9788e6
|
Publisher
|
||
|
\REGISTRY\A\{dc545369-835d-3b78-62d5-fac3e5885162}\Root\InventoryApplicationFile\vnx9jgoypb.exe|4a93e2e5db9788e6
|
Version
|
||
|
\REGISTRY\A\{dc545369-835d-3b78-62d5-fac3e5885162}\Root\InventoryApplicationFile\vnx9jgoypb.exe|4a93e2e5db9788e6
|
BinFileVersion
|
||
|
\REGISTRY\A\{dc545369-835d-3b78-62d5-fac3e5885162}\Root\InventoryApplicationFile\vnx9jgoypb.exe|4a93e2e5db9788e6
|
BinaryType
|
||
|
\REGISTRY\A\{dc545369-835d-3b78-62d5-fac3e5885162}\Root\InventoryApplicationFile\vnx9jgoypb.exe|4a93e2e5db9788e6
|
ProductName
|
||
|
\REGISTRY\A\{dc545369-835d-3b78-62d5-fac3e5885162}\Root\InventoryApplicationFile\vnx9jgoypb.exe|4a93e2e5db9788e6
|
ProductVersion
|
||
|
\REGISTRY\A\{dc545369-835d-3b78-62d5-fac3e5885162}\Root\InventoryApplicationFile\vnx9jgoypb.exe|4a93e2e5db9788e6
|
LinkDate
|
||
|
\REGISTRY\A\{dc545369-835d-3b78-62d5-fac3e5885162}\Root\InventoryApplicationFile\vnx9jgoypb.exe|4a93e2e5db9788e6
|
BinProductVersion
|
||
|
\REGISTRY\A\{dc545369-835d-3b78-62d5-fac3e5885162}\Root\InventoryApplicationFile\vnx9jgoypb.exe|4a93e2e5db9788e6
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{dc545369-835d-3b78-62d5-fac3e5885162}\Root\InventoryApplicationFile\vnx9jgoypb.exe|4a93e2e5db9788e6
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{dc545369-835d-3b78-62d5-fac3e5885162}\Root\InventoryApplicationFile\vnx9jgoypb.exe|4a93e2e5db9788e6
|
Size
|
||
|
\REGISTRY\A\{dc545369-835d-3b78-62d5-fac3e5885162}\Root\InventoryApplicationFile\vnx9jgoypb.exe|4a93e2e5db9788e6
|
Language
|
||
|
\REGISTRY\A\{dc545369-835d-3b78-62d5-fac3e5885162}\Root\InventoryApplicationFile\vnx9jgoypb.exe|4a93e2e5db9788e6
|
Usn
|
There are 29 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
E2F000
|
unkown
|
page read and write
|
|
|
|
2CA1000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
104F000
|
heap
|
page read and write
|
||
|
9C1F000
|
trusted library allocation
|
page read and write
|
||
|
8E9D000
|
heap
|
page read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
F4E000
|
stack
|
page read and write
|
||
|
3343000
|
trusted library allocation
|
page read and write
|
||
|
4023000
|
trusted library allocation
|
page read and write
|
||
|
F77000
|
heap
|
page read and write
|
||
|
326D000
|
trusted library allocation
|
page read and write
|
||
|
63C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6300000
|
trusted library allocation
|
page read and write
|
||
|
3FC7000
|
trusted library allocation
|
page read and write
|
||
|
2FB1000
|
trusted library allocation
|
page read and write
|
||
|
9D00000
|
trusted library allocation
|
page read and write
|
||
|
9FCF000
|
stack
|
page read and write
|
||
|
60E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
63F0000
|
trusted library allocation
|
page read and write
|
||
|
E00000
|
unkown
|
page readonly
|
||
|
817D000
|
trusted library allocation
|
page read and write
|
||
|
5450000
|
trusted library allocation
|
page execute and read and write
|
||
|
40B2000
|
trusted library allocation
|
page read and write
|
||
|
2944000
|
trusted library allocation
|
page read and write
|
||
|
62BE000
|
trusted library allocation
|
page read and write
|
||
|
406D000
|
trusted library allocation
|
page read and write
|
||
|
52A0000
|
heap
|
page read and write
|
||
|
8ECC000
|
heap
|
page read and write
|
||
|
60D0000
|
trusted library allocation
|
page read and write
|
||
|
2FA5000
|
trusted library allocation
|
page read and write
|
||
|
8D7C000
|
stack
|
page read and write
|
||
|
E00000
|
unkown
|
page readonly
|
||
|
62A6000
|
trusted library allocation
|
page read and write
|
||
|
62D0000
|
trusted library allocation
|
page read and write
|
||
|
81FC000
|
stack
|
page read and write
|
||
|
409F000
|
trusted library allocation
|
page read and write
|
||
|
3348000
|
trusted library allocation
|
page read and write
|
||
|
13FA000
|
heap
|
page read and write
|
||
|
52B0000
|
trusted library allocation
|
page read and write
|
||
|
8180000
|
heap
|
page read and write
|
||
|
8F4B000
|
heap
|
page read and write
|
||
|
5518000
|
trusted library allocation
|
page read and write
|
||
|
2FA9000
|
trusted library allocation
|
page read and write
|
||
|
31F6000
|
trusted library allocation
|
page read and write
|
||
|
E7D000
|
unkown
|
page readonly
|
||
|
9BCE000
|
trusted library allocation
|
page read and write
|
||
|
3F72000
|
trusted library allocation
|
page read and write
|
||
|
3CC1000
|
trusted library allocation
|
page read and write
|
||
|
63E0000
|
trusted library allocation
|
page read and write
|
||
|
295D000
|
trusted library allocation
|
page execute and read and write
|
||
|
62C1000
|
trusted library allocation
|
page read and write
|
||
|
3336000
|
trusted library allocation
|
page read and write
|
||
|
7FDC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
9BC0000
|
trusted library allocation
|
page read and write
|
||
|
333C000
|
trusted library allocation
|
page read and write
|
||
|
4002000
|
trusted library allocation
|
page read and write
|
||
|
55DD000
|
heap
|
page read and write
|
||
|
5225000
|
trusted library allocation
|
page read and write
|
||
|
8E7C000
|
stack
|
page read and write
|
||
|
40EF000
|
trusted library allocation
|
page read and write
|
||
|
62CA000
|
trusted library allocation
|
page read and write
|
||
|
3F97000
|
trusted library allocation
|
page read and write
|
||
|
FC4000
|
heap
|
page read and write
|
||
|
6860000
|
heap
|
page read and write
|
||
|
55B2000
|
heap
|
page read and write
|
||
|
4CA8000
|
trusted library allocation
|
page read and write
|
||
|
9D6E000
|
stack
|
page read and write
|
||
|
2B80000
|
heap
|
page execute and read and write
|
||
|
51DD000
|
trusted library allocation
|
page read and write
|
||
|
550E000
|
stack
|
page read and write
|
||
|
3204000
|
trusted library allocation
|
page read and write
|
||
|
3325000
|
trusted library allocation
|
page read and write
|
||
|
29DE000
|
stack
|
page read and write
|
||
|
403D000
|
trusted library allocation
|
page read and write
|
||
|
5592000
|
heap
|
page read and write
|
||
|
3FA4000
|
trusted library allocation
|
page read and write
|
||
|
5510000
|
trusted library allocation
|
page read and write
|
||
|
4078000
|
trusted library allocation
|
page read and write
|
||
|
2966000
|
trusted library allocation
|
page execute and read and write
|
||
|
8262000
|
trusted library allocation
|
page read and write
|
||
|
2F4E000
|
stack
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
5647000
|
heap
|
page read and write
|
||
|
400C000
|
trusted library allocation
|
page read and write
|
||
|
3FF0000
|
trusted library allocation
|
page read and write
|
||
|
5550000
|
heap
|
page read and write
|
||
|
A010000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C9E000
|
stack
|
page read and write
|
||
|
3FAB000
|
trusted library allocation
|
page read and write
|
||
|
E01000
|
unkown
|
page execute read
|
||
|
8150000
|
trusted library allocation
|
page read and write
|
||
|
9CF0000
|
trusted library allocation
|
page read and write
|
||
|
9C0A000
|
trusted library allocation
|
page read and write
|
||
|
E2F000
|
unkown
|
page write copy
|
||
|
4082000
|
trusted library allocation
|
page read and write
|
||
|
A00E000
|
stack
|
page read and write
|
||
|
6350000
|
trusted library allocation
|
page read and write
|
||
|
55EF000
|
heap
|
page read and write
|
||
|
32A3000
|
trusted library allocation
|
page read and write
|
||
|
817A000
|
trusted library allocation
|
page read and write
|
||
|
3EA3000
|
trusted library allocation
|
page read and write
|
||
|
40A5000
|
trusted library allocation
|
page read and write
|
||
|
9BF0000
|
trusted library allocation
|
page read and write
|
||
|
3F6C000
|
trusted library allocation
|
page read and write
|
||
|
62A1000
|
trusted library allocation
|
page read and write
|
||
|
51B0000
|
trusted library allocation
|
page read and write
|
||
|
2977000
|
trusted library allocation
|
page execute and read and write
|
||
|
E23000
|
unkown
|
page readonly
|
||
|
334C000
|
trusted library allocation
|
page read and write
|
||
|
3E7A000
|
trusted library allocation
|
page read and write
|
||
|
2D84000
|
trusted library allocation
|
page read and write
|
||
|
5F7E000
|
stack
|
page read and write
|
||
|
628F000
|
stack
|
page read and write
|
||
|
2B60000
|
heap
|
page read and write
|
||
|
5210000
|
heap
|
page read and write
|
||
|
E7D000
|
unkown
|
page readonly
|
||
|
8EA1000
|
heap
|
page read and write
|
||
|
8170000
|
trusted library allocation
|
page read and write
|
||
|
578E000
|
stack
|
page read and write
|
||
|
5E7E000
|
stack
|
page read and write
|
||
|
3FC2000
|
trusted library allocation
|
page read and write
|
||
|
3F59000
|
trusted library allocation
|
page read and write
|
||
|
8F09000
|
heap
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
2F8B000
|
trusted library allocation
|
page read and write
|
||
|
8ED1000
|
heap
|
page read and write
|
||
|
618E000
|
stack
|
page read and write
|
||
|
1220000
|
heap
|
page read and write
|
||
|
3FB6000
|
trusted library allocation
|
page read and write
|
||
|
5190000
|
trusted library allocation
|
page read and write
|
||
|
40E2000
|
trusted library allocation
|
page read and write
|
||
|
5230000
|
trusted library allocation
|
page read and write
|
||
|
F7C000
|
stack
|
page read and write
|
||
|
3216000
|
trusted library allocation
|
page read and write
|
||
|
2B90000
|
heap
|
page read and write
|
||
|
320F000
|
trusted library allocation
|
page read and write
|
||
|
8EF4000
|
heap
|
page read and write
|
||
|
2D80000
|
trusted library allocation
|
page read and write
|
||
|
296A000
|
trusted library allocation
|
page execute and read and write
|
||
|
40D5000
|
trusted library allocation
|
page read and write
|
||
|
51D6000
|
trusted library allocation
|
page read and write
|
||
|
815E000
|
trusted library allocation
|
page read and write
|
||
|
91C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
32CC000
|
trusted library allocation
|
page read and write
|
||
|
9C1A000
|
trusted library allocation
|
page read and write
|
||
|
3E83000
|
trusted library allocation
|
page read and write
|
||
|
3F6F000
|
trusted library allocation
|
page read and write
|
||
|
3F7E000
|
trusted library allocation
|
page read and write
|
||
|
F99000
|
heap
|
page read and write
|
||
|
308D000
|
stack
|
page read and write
|
||
|
62F0000
|
trusted library allocation
|
page read and write
|
||
|
2990000
|
trusted library allocation
|
page read and write
|
||
|
1226000
|
heap
|
page read and write
|
||
|
E23000
|
unkown
|
page readonly
|
||
|
F80000
|
trusted library allocation
|
page read and write
|
||
|
3CD2000
|
trusted library allocation
|
page read and write
|
||
|
60F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
410D000
|
trusted library allocation
|
page read and write
|
||
|
629B000
|
trusted library allocation
|
page read and write
|
||
|
62B2000
|
trusted library allocation
|
page read and write
|
||
|
3FD2000
|
trusted library allocation
|
page read and write
|
||
|
435000
|
remote allocation
|
page execute and read and write
|
||
|
32C8000
|
trusted library allocation
|
page read and write
|
||
|
A0D1000
|
heap
|
page read and write
|
||
|
8EE1000
|
heap
|
page read and write
|
||
|
8EC5000
|
heap
|
page read and write
|
||
|
90BC000
|
stack
|
page read and write
|
||
|
9CEE000
|
stack
|
page read and write
|
||
|
2FB3000
|
trusted library allocation
|
page read and write
|
||
|
5624000
|
heap
|
page read and write
|
||
|
2FAF000
|
trusted library allocation
|
page read and write
|
||
|
551A000
|
trusted library allocation
|
page read and write
|
||
|
2E5C000
|
trusted library allocation
|
page read and write
|
||
|
2D72000
|
trusted library allocation
|
page read and write
|
||
|
9D10000
|
trusted library allocation
|
page execute and read and write
|
||
|
9C30000
|
trusted library allocation
|
page read and write
|
||
|
6390000
|
trusted library allocation
|
page execute and read and write
|
||
|
3F69000
|
trusted library allocation
|
page read and write
|
||
|
2D35000
|
trusted library allocation
|
page read and write
|
||
|
3FDC000
|
trusted library allocation
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
51CE000
|
trusted library allocation
|
page read and write
|
||
|
3D6E000
|
trusted library allocation
|
page read and write
|
||
|
4089000
|
trusted library allocation
|
page read and write
|
||
|
32C3000
|
trusted library allocation
|
page read and write
|
||
|
823E000
|
stack
|
page read and write
|
||
|
57CA000
|
stack
|
page read and write
|
||
|
3CAF000
|
trusted library allocation
|
page read and write
|
||
|
51D1000
|
trusted library allocation
|
page read and write
|
||
|
5554000
|
heap
|
page read and write
|
||
|
176F000
|
stack
|
page read and write
|
||
|
A0C0000
|
heap
|
page read and write
|
||
|
40C9000
|
trusted library allocation
|
page read and write
|
||
|
51F0000
|
trusted library allocation
|
page read and write
|
||
|
8C7F000
|
stack
|
page read and write
|
||
|
5564000
|
heap
|
page read and write
|
||
|
8EEA000
|
heap
|
page read and write
|
||
|
3FE9000
|
trusted library allocation
|
page read and write
|
||
|
6370000
|
trusted library allocation
|
page execute and read and write
|
||
|
5280000
|
heap
|
page read and write
|
||
|
333A000
|
trusted library allocation
|
page read and write
|
||
|
4127000
|
trusted library allocation
|
page read and write
|
||
|
5200000
|
trusted library allocation
|
page read and write
|
||
|
8EC1000
|
heap
|
page read and write
|
||
|
60CC000
|
stack
|
page read and write
|
||
|
2B5B000
|
stack
|
page read and write
|
||
|
13E0000
|
direct allocation
|
page execute and read and write
|
||
|
32EE000
|
trusted library allocation
|
page read and write
|
||
|
3F63000
|
trusted library allocation
|
page read and write
|
||
|
152E000
|
stack
|
page read and write
|
||
|
8380000
|
trusted library allocation
|
page read and write
|
||
|
A2BF000
|
stack
|
page read and write
|
||
|
8F90000
|
heap
|
page read and write
|
||
|
4099000
|
trusted library allocation
|
page read and write
|
||
|
664E000
|
stack
|
page read and write
|
||
|
4051000
|
trusted library allocation
|
page read and write
|
||
|
2972000
|
trusted library allocation
|
page read and write
|
||
|
8E8D000
|
heap
|
page read and write
|
||
|
3F8A000
|
trusted library allocation
|
page read and write
|
||
|
63B0000
|
trusted library allocation
|
page read and write
|
||
|
8141000
|
trusted library allocation
|
page read and write
|
||
|
5250000
|
trusted library allocation
|
page read and write
|
||
|
91BD000
|
stack
|
page read and write
|
||
|
12FD000
|
stack
|
page read and write
|
||
|
32BC000
|
trusted library allocation
|
page read and write
|
||
|
1035000
|
heap
|
page read and write
|
||
|
51B4000
|
trusted library allocation
|
page read and write
|
||
|
52B2000
|
trusted library allocation
|
page read and write
|
||
|
6290000
|
trusted library allocation
|
page read and write
|
||
|
574F000
|
stack
|
page read and write
|
||
|
3346000
|
trusted library allocation
|
page read and write
|
||
|
A2D0000
|
heap
|
page read and write
|
||
|
4E3C000
|
stack
|
page read and write
|
||
|
8E80000
|
heap
|
page read and write
|
||
|
40A7000
|
trusted library allocation
|
page read and write
|
||
|
4030000
|
trusted library allocation
|
page read and write
|
||
|
9300000
|
heap
|
page read and write
|
||
|
444000
|
remote allocation
|
page execute and read and write
|
||
|
3FFF000
|
trusted library allocation
|
page read and write
|
||
|
162F000
|
stack
|
page read and write
|
||
|
3FFC000
|
trusted library allocation
|
page read and write
|
||
|
3E9F000
|
trusted library allocation
|
page read and write
|
||
|
62E0000
|
trusted library allocation
|
page read and write
|
||
|
2D69000
|
trusted library allocation
|
page read and write
|
||
|
2FAB000
|
trusted library allocation
|
page read and write
|
||
|
9C08000
|
trusted library allocation
|
page read and write
|
||
|
4068000
|
trusted library allocation
|
page read and write
|
||
|
4112000
|
trusted library allocation
|
page read and write
|
||
|
8F6E000
|
heap
|
page read and write
|
||
|
31EB000
|
trusted library allocation
|
page read and write
|
||
|
68AE000
|
stack
|
page read and write
|
||
|
920E000
|
stack
|
page read and write
|
||
|
2E5E000
|
trusted library allocation
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
4032000
|
trusted library allocation
|
page read and write
|
||
|
9CAD000
|
stack
|
page read and write
|
||
|
294D000
|
trusted library allocation
|
page execute and read and write
|
||
|
51E2000
|
trusted library allocation
|
page read and write
|
||
|
3D2B000
|
trusted library allocation
|
page read and write
|
||
|
A049000
|
trusted library allocation
|
page read and write
|
||
|
3CFA000
|
trusted library allocation
|
page read and write
|
||
|
2F67000
|
trusted library allocation
|
page read and write
|
||
|
51BB000
|
trusted library allocation
|
page read and write
|
||
|
8F41000
|
heap
|
page read and write
|
||
|
4096000
|
trusted library allocation
|
page read and write
|
||
|
31DC000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
5520000
|
trusted library allocation
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
405C000
|
trusted library allocation
|
page read and write
|
||
|
9BF9000
|
trusted library allocation
|
page read and write
|
||
|
9C15000
|
trusted library allocation
|
page read and write
|
||
|
8EDC000
|
heap
|
page read and write
|
||
|
8FAA000
|
heap
|
page read and write
|
||
|
408F000
|
trusted library allocation
|
page read and write
|
||
|
2962000
|
trusted library allocation
|
page read and write
|
||
|
5540000
|
heap
|
page execute and read and write
|
||
|
315E000
|
trusted library allocation
|
page read and write
|
||
|
8190000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FA1000
|
trusted library allocation
|
page read and write
|
||
|
6100000
|
heap
|
page execute and read and write
|
||
|
5220000
|
trusted library allocation
|
page read and write
|
||
|
2FD0000
|
trusted library allocation
|
page read and write
|
||
|
2940000
|
trusted library allocation
|
page read and write
|
||
|
3F77000
|
trusted library allocation
|
page read and write
|
||
|
32AD000
|
trusted library allocation
|
page read and write
|
||
|
9BF2000
|
trusted library allocation
|
page read and write
|
||
|
40F6000
|
trusted library allocation
|
page read and write
|
||
|
404A000
|
trusted library allocation
|
page read and write
|
||
|
8EE4000
|
heap
|
page read and write
|
||
|
5213000
|
heap
|
page read and write
|
||
|
940E000
|
stack
|
page read and write
|
||
|
5480000
|
trusted library allocation
|
page read and write
|
||
|
13F0000
|
heap
|
page read and write
|
||
|
9D20000
|
trusted library allocation
|
page read and write
|
||
|
4063000
|
trusted library allocation
|
page read and write
|
||
|
32D1000
|
trusted library allocation
|
page read and write
|
||
|
9C20000
|
trusted library allocation
|
page read and write
|
||
|
304F000
|
stack
|
page read and write
|
||
|
8F25000
|
heap
|
page read and write
|
||
|
6360000
|
trusted library allocation
|
page read and write
|
||
|
3E6E000
|
trusted library allocation
|
page read and write
|
||
|
8155000
|
trusted library allocation
|
page read and write
|
||
|
4007000
|
trusted library allocation
|
page read and write
|
||
|
293F000
|
stack
|
page read and write
|
||
|
815B000
|
trusted library allocation
|
page read and write
|
||
|
564B000
|
heap
|
page read and write
|
||
|
2970000
|
trusted library allocation
|
page read and write
|
||
|
140D000
|
heap
|
page read and write
|
||
|
318D000
|
stack
|
page read and write
|
||
|
297B000
|
trusted library allocation
|
page execute and read and write
|
||
|
9C10000
|
trusted library allocation
|
page read and write
|
||
|
3351000
|
trusted library allocation
|
page read and write
|
||
|
5543000
|
heap
|
page execute and read and write
|
||
|
E01000
|
unkown
|
page execute read
|
||
|
2B1D000
|
stack
|
page read and write
|
||
|
5558000
|
heap
|
page read and write
|
||
|
8ED7000
|
heap
|
page read and write
|
||
|
166E000
|
stack
|
page read and write
|
||
|
8EB1000
|
heap
|
page read and write
|
||
|
40A2000
|
trusted library allocation
|
page read and write
|
||
|
6380000
|
trusted library allocation
|
page execute and read and write
|
||
|
3FBD000
|
trusted library allocation
|
page read and write
|
||
|
2960000
|
trusted library allocation
|
page read and write
|
||
|
5632000
|
heap
|
page read and write
|
||
|
3CA1000
|
trusted library allocation
|
page read and write
|
||
|
3FF9000
|
trusted library allocation
|
page read and write
|
||
|
A0DB000
|
heap
|
page read and write
|
||
|
EE5000
|
heap
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
32C6000
|
trusted library allocation
|
page read and write
|
||
|
4108000
|
trusted library allocation
|
page read and write
|
||
|
51A0000
|
trusted library allocation
|
page read and write
|
||
|
3F53000
|
trusted library allocation
|
page read and write
|
||
|
8160000
|
trusted library allocation
|
page read and write
|
||
|
8260000
|
trusted library allocation
|
page read and write
|
||
|
9C40000
|
trusted library allocation
|
page read and write
|
||
|
8130000
|
trusted library allocation
|
page read and write
|
||
|
122A000
|
heap
|
page read and write
|
||
|
668E000
|
stack
|
page read and write
|
||
|
2E62000
|
trusted library allocation
|
page read and write
|
||
|
32B6000
|
trusted library allocation
|
page read and write
|
||
|
A040000
|
trusted library allocation
|
page read and write
|
||
|
2975000
|
trusted library allocation
|
page execute and read and write
|
||
|
2950000
|
trusted library allocation
|
page read and write
|
||
|
13FE000
|
heap
|
page read and write
|
||
|
8F93000
|
heap
|
page read and write
|
||
|
411E000
|
trusted library allocation
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
A2C0000
|
heap
|
page read and write
|
||
|
4101000
|
trusted library allocation
|
page read and write
|
||
|
D87000
|
stack
|
page read and write
|
||
|
40AD000
|
trusted library allocation
|
page read and write
|
||
|
3FE3000
|
trusted library allocation
|
page read and write
|
||
|
678E000
|
stack
|
page read and write
|
||
|
9D04000
|
trusted library allocation
|
page read and write
|
||
|
614D000
|
stack
|
page read and write
|
||
|
63A0000
|
trusted library allocation
|
page read and write
|
||
|
3F60000
|
trusted library allocation
|
page read and write
|
||
|
32BA000
|
trusted library allocation
|
page read and write
|
||
|
C8A000
|
stack
|
page read and write
|
||
|
3FF3000
|
trusted library allocation
|
page read and write
|
||
|
556C000
|
heap
|
page read and write
|
||
|
2F3C000
|
trusted library allocation
|
page read and write
|
||
|
2E58000
|
trusted library allocation
|
page read and write
|
||
|
430000
|
remote allocation
|
page execute and read and write
|
||
|
5180000
|
trusted library allocation
|
page execute and read and write
|
||
|
8EB7000
|
heap
|
page read and write
|
||
|
5515000
|
trusted library allocation
|
page read and write
|
||
|
2ADE000
|
stack
|
page read and write
|
||
|
2943000
|
trusted library allocation
|
page execute and read and write
|
||
|
520E000
|
trusted library allocation
|
page read and write
|
||
|
8F86000
|
heap
|
page read and write
|
||
|
FD1000
|
heap
|
page read and write
|
||
|
54CE000
|
stack
|
page read and write
|
||
|
6400000
|
trusted library allocation
|
page execute and read and write
|
||
|
9BF5000
|
trusted library allocation
|
page read and write
|
||
|
9C24000
|
trusted library allocation
|
page read and write
|
There are 369 hidden memdumps, click here to show them.