Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
ngrok.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
initial sample
|
 |
|
|
\Device\Mup\user-PC\PIPE\samr
|
GLS_BINARY_LSB_FIRST
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\ngrok.exe
|
"C:\Users\user\Desktop\ngrok.exe"
|
|
|
|
C:\Users\user\Desktop\ngrok.exe
|
C:\Users\user\Desktop\ngrok.exe
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /K
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://ngrok.com/tosAuto
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
https://ngrok.com/docs/cloud-edge/modules/webhook-verification)the
|
unknown
|
||
|
https://www.ngrok.com
|
unknown
|
||
|
http://www.apache.org/licenses/
|
unknown
|
||
|
https://ngrok.com/docs/cloud-edge/endpoints#certificate-chains).Integer
|
unknown
|
||
|
http://www.eslinstructor.net/vkbeautify/
|
unknown
|
||
|
https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys)
|
unknown
|
||
|
https://dashboard.ngrok.com/api/keys)
|
unknown
|
||
|
https://ngrok.com/tos
|
unknown
|
||
|
https://getbootstrap.com/)
|
unknown
|
||
|
https://github.com/spf13/cobra/issues/1508
|
unknown
|
||
|
https://ngrok.com/docs/errors/err_ngrok_8012
|
unknown
|
||
|
https://ngrok.com/docs/cloud-edge/modules/webhook-verification
|
unknown
|
||
|
https://dns.google.com/resolve?/tunnel_sessions/
|
unknown
|
||
|
http://creativecommons.org/publicdomain/zero/1.0
|
unknown
|
||
|
https://ngrok.com/docs/cloud-edge/endpoints#private-keys).A
|
unknown
|
||
|
http://www.opensource.org/licenses/mit-license.php
|
unknown
|
||
|
https://ngrok.com/docs/api#authentication).
|
unknown
|
||
|
https://instrumentation-telemetry-intake.datadoghq.com/api/v2/apmtelemetryAddAttrs
|
unknown
|
||
|
https://dashboard.ngrok.com/api.
|
unknown
|
||
|
https://github.com/twbs/bootstrap/blob/master/LICENSE)
|
unknown
|
||
|
http://www.gnu.org/licenses/gpl.html
|
unknown
|
||
|
https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css
|
unknown
|
||
|
http://fsf.org/
|
unknown
|
||
|
https://api.ngrok.comunsupported
|
unknown
|
||
|
https://ngrok....Certificate
|
unknown
|
||
|
http://mattn.mit-license.org/2013
|
unknown
|
||
|
http://jedwatson.github.io/classnames
|
unknown
|
||
|
https://github.com/spf13/cobra/issues/1279
|
unknown
|
||
|
https://dashboard.ngrok.com/billing/subscription
|
unknown
|
There are 21 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2194A024000
|
heap
|
page read and write
|
||
|
C00065E000
|
direct allocation
|
page read and write
|
||
|
C000279000
|
direct allocation
|
page read and write
|
||
|
F353BFF000
|
stack
|
page read and write
|
||
|
C00029E000
|
direct allocation
|
page read and write
|
||
|
2196F67A000
|
direct allocation
|
page read and write
|
||
|
C0003F3000
|
direct allocation
|
page read and write
|
||
|
C0000EE000
|
direct allocation
|
page read and write
|
||
|
2194A1E4000
|
direct allocation
|
page read and write
|
||
|
C00006B000
|
direct allocation
|
page read and write
|
||
|
2196F459000
|
direct allocation
|
page read and write
|
||
|
1799000
|
unkown
|
page readonly
|
||
|
C0003AB000
|
direct allocation
|
page read and write
|
||
|
C0002A2000
|
direct allocation
|
page read and write
|
||
|
F3541FE000
|
stack
|
page read and write
|
||
|
1779000
|
unkown
|
page readonly
|
||
|
C0003DB000
|
direct allocation
|
page read and write
|
||
|
17BA000
|
unkown
|
page readonly
|
||
|
C000064000
|
direct allocation
|
page read and write
|
||
|
1E07000
|
unkown
|
page write copy
|
||
|
2196F488000
|
direct allocation
|
page read and write
|
||
|
1784000
|
unkown
|
page readonly
|
||
|
C0003F7000
|
direct allocation
|
page read and write
|
||
|
1792000
|
unkown
|
page readonly
|
||
|
2196F485000
|
direct allocation
|
page read and write
|
||
|
C0002CF000
|
direct allocation
|
page read and write
|
||
|
24173440000
|
trusted library allocation
|
page read and write
|
||
|
C0002FF000
|
direct allocation
|
page read and write
|
||
|
C000676000
|
direct allocation
|
page read and write
|
||
|
D8F000
|
unkown
|
page readonly
|
||
|
C000123000
|
direct allocation
|
page read and write
|
||
|
C0004A2000
|
direct allocation
|
page read and write
|
||
|
F3537F9000
|
stack
|
page read and write
|
||
|
C000212000
|
direct allocation
|
page read and write
|
||
|
C0000A6000
|
direct allocation
|
page read and write
|
||
|
C000277000
|
direct allocation
|
page read and write
|
||
|
C0000D4000
|
direct allocation
|
page read and write
|
||
|
C0000D6000
|
direct allocation
|
page read and write
|
||
|
C0004E6000
|
direct allocation
|
page read and write
|
||
|
17A1000
|
unkown
|
page readonly
|
||
|
16D5000
|
unkown
|
page readonly
|
||
|
C00041F000
|
direct allocation
|
page read and write
|
||
|
C0005A8000
|
direct allocation
|
page read and write
|
||
|
1F0F000
|
unkown
|
page read and write
|
||
|
1EDD000
|
unkown
|
page write copy
|
||
|
C0000AC000
|
direct allocation
|
page read and write
|
||
|
C000104000
|
direct allocation
|
page read and write
|
||
|
17BA000
|
unkown
|
page readonly
|
||
|
172A000
|
unkown
|
page readonly
|
||
|
C00018F000
|
direct allocation
|
page read and write
|
||
|
1F8D000
|
unkown
|
page readonly
|
||
|
C000540000
|
direct allocation
|
page read and write
|
||
|
C000034000
|
direct allocation
|
page read and write
|
||
|
340000
|
unkown
|
page readonly
|
||
|
C000315000
|
direct allocation
|
page read and write
|
||
|
17B3000
|
unkown
|
page readonly
|
||
|
F353FFF000
|
stack
|
page read and write
|
||
|
C00006D000
|
direct allocation
|
page read and write
|
||
|
1EE0000
|
unkown
|
page read and write
|
||
|
C0002E7000
|
direct allocation
|
page read and write
|
||
|
17A9000
|
unkown
|
page readonly
|
||
|
1799000
|
unkown
|
page readonly
|
||
|
C0003C1000
|
direct allocation
|
page read and write
|
||
|
C000365000
|
direct allocation
|
page read and write
|
||
|
17B0000
|
unkown
|
page readonly
|
||
|
21971240000
|
trusted library allocation
|
page read and write
|
||
|
172A000
|
unkown
|
page readonly
|
||
|
D8F000
|
unkown
|
page readonly
|
||
|
C000236000
|
direct allocation
|
page read and write
|
||
|
C000614000
|
direct allocation
|
page read and write
|
||
|
C0001BC000
|
direct allocation
|
page read and write
|
||
|
C00007E000
|
direct allocation
|
page read and write
|
||
|
C000389000
|
direct allocation
|
page read and write
|
||
|
C0000A8000
|
direct allocation
|
page read and write
|
||
|
17A9000
|
unkown
|
page readonly
|
||
|
2009000
|
unkown
|
page readonly
|
||
|
2194A01C000
|
heap
|
page read and write
|
||
|
C0002AC000
|
direct allocation
|
page read and write
|
||
|
C0005A2000
|
direct allocation
|
page read and write
|
||
|
1779000
|
unkown
|
page readonly
|
||
|
2196F4D0000
|
direct allocation
|
page read and write
|
||
|
C0002F9000
|
direct allocation
|
page read and write
|
||
|
C0003D7000
|
direct allocation
|
page read and write
|
||
|
C00037B000
|
direct allocation
|
page read and write
|
||
|
C000407000
|
direct allocation
|
page read and write
|
||
|
C000051000
|
direct allocation
|
page read and write
|
||
|
17A9000
|
unkown
|
page readonly
|
||
|
C000642000
|
direct allocation
|
page read and write
|
||
|
C00002C000
|
direct allocation
|
page read and write
|
||
|
21971240000
|
trusted library allocation
|
page read and write
|
||
|
C0001B8000
|
direct allocation
|
page read and write
|
||
|
172C000
|
unkown
|
page readonly
|
||
|
1EC6000
|
unkown
|
page write copy
|
||
|
C000606000
|
direct allocation
|
page read and write
|
||
|
21971224000
|
direct allocation
|
page read and write
|
||
|
C00026F000
|
direct allocation
|
page read and write
|
||
|
C0001C4000
|
direct allocation
|
page read and write
|
||
|
C000542000
|
direct allocation
|
page read and write
|
||
|
173D000
|
unkown
|
page readonly
|
||
|
17B0000
|
unkown
|
page readonly
|
||
|
1EC7000
|
unkown
|
page read and write
|
||
|
1726000
|
unkown
|
page readonly
|
||
|
C000335000
|
direct allocation
|
page read and write
|
||
|
C000532000
|
direct allocation
|
page read and write
|
||
|
17B0000
|
unkown
|
page readonly
|
||
|
C00005F000
|
direct allocation
|
page read and write
|
||
|
2196F46E000
|
direct allocation
|
page read and write
|
||
|
C0002C7000
|
direct allocation
|
page read and write
|
||
|
C0004D8000
|
direct allocation
|
page read and write
|
||
|
C0000C6000
|
direct allocation
|
page read and write
|
||
|
C0001F0000
|
direct allocation
|
page read and write
|
||
|
C0000D2000
|
direct allocation
|
page read and write
|
||
|
C000435000
|
direct allocation
|
page read and write
|
||
|
C000191000
|
direct allocation
|
page read and write
|
||
|
C00063E000
|
direct allocation
|
page read and write
|
||
|
F3545FF000
|
stack
|
page read and write
|
||
|
1DFF000
|
unkown
|
page write copy
|
||
|
C0003BB000
|
direct allocation
|
page read and write
|
||
|
C00057E000
|
direct allocation
|
page read and write
|
||
|
C0002C5000
|
direct allocation
|
page read and write
|
||
|
C000369000
|
direct allocation
|
page read and write
|
||
|
C0005AA000
|
direct allocation
|
page read and write
|
||
|
219711EA000
|
direct allocation
|
page read and write
|
||
|
C000670000
|
direct allocation
|
page read and write
|
||
|
1F8D000
|
unkown
|
page readonly
|
||
|
172C000
|
unkown
|
page readonly
|
||
|
2009000
|
unkown
|
page readonly
|
||
|
C00040B000
|
direct allocation
|
page read and write
|
||
|
C0004EE000
|
direct allocation
|
page read and write
|
||
|
C000590000
|
direct allocation
|
page read and write
|
||
|
C0000DA000
|
direct allocation
|
page read and write
|
||
|
C000355000
|
direct allocation
|
page read and write
|
||
|
219711D9000
|
direct allocation
|
page read and write
|
||
|
1FCF000
|
unkown
|
page write copy
|
||
|
C00020A000
|
direct allocation
|
page read and write
|
||
|
16D5000
|
unkown
|
page readonly
|
||
|
1EBE000
|
unkown
|
page write copy
|
||
|
177E000
|
unkown
|
page readonly
|
||
|
F353DFF000
|
stack
|
page read and write
|
||
|
340000
|
unkown
|
page readonly
|
||
|
C00043D000
|
direct allocation
|
page read and write
|
||
|
C000198000
|
direct allocation
|
page read and write
|
||
|
C000433000
|
direct allocation
|
page read and write
|
||
|
D8F000
|
unkown
|
page readonly
|
||
|
C00003A000
|
direct allocation
|
page read and write
|
||
|
171A000
|
unkown
|
page readonly
|
||
|
C00023C000
|
direct allocation
|
page read and write
|
||
|
C000038000
|
direct allocation
|
page read and write
|
||
|
C00027B000
|
direct allocation
|
page read and write
|
||
|
1F83000
|
unkown
|
page read and write
|
||
|
340000
|
unkown
|
page readonly
|
||
|
172A000
|
unkown
|
page readonly
|
||
|
C0003AF000
|
direct allocation
|
page read and write
|
||
|
C000062000
|
direct allocation
|
page read and write
|
||
|
C000393000
|
direct allocation
|
page read and write
|
||
|
341000
|
unkown
|
page execute read
|
||
|
1EE7000
|
unkown
|
page write copy
|
||
|
C0004F0000
|
direct allocation
|
page read and write
|
||
|
2196F440000
|
direct allocation
|
page read and write
|
||
|
17BA000
|
unkown
|
page readonly
|
||
|
C000333000
|
direct allocation
|
page read and write
|
||
|
C00035B000
|
direct allocation
|
page read and write
|
||
|
C000400000
|
direct allocation
|
page read and write
|
||
|
C00033B000
|
direct allocation
|
page read and write
|
||
|
C000640000
|
direct allocation
|
page read and write
|
||
|
17AB000
|
unkown
|
page readonly
|
||
|
C000200000
|
direct allocation
|
page read and write
|
||
|
C000405000
|
direct allocation
|
page read and write
|
||
|
C00033D000
|
direct allocation
|
page read and write
|
||
|
C000608000
|
direct allocation
|
page read and write
|
||
|
1784000
|
unkown
|
page readonly
|
||
|
C00011F000
|
direct allocation
|
page read and write
|
||
|
C0002E3000
|
direct allocation
|
page read and write
|
||
|
2194A1E0000
|
direct allocation
|
page read and write
|
||
|
C0002DF000
|
direct allocation
|
page read and write
|
||
|
C0004FA000
|
direct allocation
|
page read and write
|
||
|
C00030B000
|
direct allocation
|
page read and write
|
||
|
2194A1EC000
|
direct allocation
|
page read and write
|
||
|
C000391000
|
direct allocation
|
page read and write
|
||
|
C0005B0000
|
direct allocation
|
page read and write
|
||
|
C000536000
|
direct allocation
|
page read and write
|
||
|
C000012000
|
direct allocation
|
page read and write
|
||
|
1734000
|
unkown
|
page readonly
|
||
|
C000409000
|
direct allocation
|
page read and write
|
||
|
C00052C000
|
direct allocation
|
page read and write
|
||
|
C0000F0000
|
direct allocation
|
page read and write
|
||
|
C0002C9000
|
direct allocation
|
page read and write
|
||
|
C00028C000
|
direct allocation
|
page read and write
|
||
|
C000232000
|
direct allocation
|
page read and write
|
||
|
C0001A4000
|
direct allocation
|
page read and write
|
||
|
C000361000
|
direct allocation
|
page read and write
|
||
|
C00038D000
|
direct allocation
|
page read and write
|
||
|
179C000
|
unkown
|
page readonly
|
||
|
C0002B2000
|
direct allocation
|
page read and write
|
||
|
C000309000
|
direct allocation
|
page read and write
|
||
|
21949FD0000
|
heap
|
page read and write
|
||
|
C000429000
|
direct allocation
|
page read and write
|
||
|
C000381000
|
direct allocation
|
page read and write
|
||
|
1DFF000
|
unkown
|
page write copy
|
||
|
C000331000
|
direct allocation
|
page read and write
|
||
|
C000032000
|
direct allocation
|
page read and write
|
||
|
C000210000
|
direct allocation
|
page read and write
|
||
|
C000078000
|
direct allocation
|
page read and write
|
||
|
C000321000
|
direct allocation
|
page read and write
|
||
|
2196F453000
|
direct allocation
|
page read and write
|
||
|
C0001E2000
|
direct allocation
|
page read and write
|
||
|
1EBC000
|
unkown
|
page read and write
|
||
|
171C000
|
unkown
|
page readonly
|
||
|
1726000
|
unkown
|
page readonly
|
||
|
C00023A000
|
direct allocation
|
page read and write
|
||
|
C000323000
|
direct allocation
|
page read and write
|
||
|
1738000
|
unkown
|
page readonly
|
||
|
1E09000
|
unkown
|
page write copy
|
||
|
171C000
|
unkown
|
page readonly
|
||
|
C00021E000
|
direct allocation
|
page read and write
|
||
|
1738000
|
unkown
|
page readonly
|
||
|
21971210000
|
direct allocation
|
page read and write
|
||
|
C00012A000
|
direct allocation
|
page read and write
|
||
|
177E000
|
unkown
|
page readonly
|
||
|
C000080000
|
direct allocation
|
page read and write
|
||
|
1792000
|
unkown
|
page readonly
|
||
|
219711E7000
|
direct allocation
|
page read and write
|
||
|
16D5000
|
unkown
|
page readonly
|
||
|
C000345000
|
direct allocation
|
page read and write
|
||
|
C00032F000
|
direct allocation
|
page read and write
|
||
|
C0004E0000
|
direct allocation
|
page read and write
|
||
|
1EC1000
|
unkown
|
page write copy
|
||
|
219711E4000
|
direct allocation
|
page read and write
|
||
|
C000108000
|
direct allocation
|
page read and write
|
||
|
179C000
|
unkown
|
page readonly
|
||
|
C000298000
|
direct allocation
|
page read and write
|
||
|
C00005B000
|
direct allocation
|
page read and write
|
||
|
C00042F000
|
direct allocation
|
page read and write
|
||
|
D41000
|
unkown
|
page execute read
|
||
|
C000387000
|
direct allocation
|
page read and write
|
||
|
C0000FC000
|
direct allocation
|
page read and write
|
||
|
C0003FF000
|
direct allocation
|
page read and write
|
||
|
C000646000
|
direct allocation
|
page read and write
|
||
|
C0003B1000
|
direct allocation
|
page read and write
|
||
|
1FCF000
|
unkown
|
page write copy
|
||
|
1726000
|
unkown
|
page readonly
|
||
|
17A1000
|
unkown
|
page readonly
|
||
|
C0002DD000
|
direct allocation
|
page read and write
|
||
|
C00025C000
|
direct allocation
|
page read and write
|
||
|
1738000
|
unkown
|
page readonly
|
||
|
C0002E5000
|
direct allocation
|
page read and write
|
||
|
C000483000
|
direct allocation
|
page read and write
|
||
|
C00006F000
|
direct allocation
|
page read and write
|
||
|
C00038F000
|
direct allocation
|
page read and write
|
||
|
17AB000
|
unkown
|
page readonly
|
||
|
C00053C000
|
direct allocation
|
page read and write
|
||
|
1734000
|
unkown
|
page readonly
|
||
|
17AB000
|
unkown
|
page readonly
|
||
|
21971216000
|
direct allocation
|
page read and write
|
||
|
C0002C0000
|
direct allocation
|
page read and write
|
||
|
F3549FF000
|
stack
|
page read and write
|
||
|
C0000A0000
|
direct allocation
|
page read and write
|
||
|
C000598000
|
direct allocation
|
page read and write
|
||
|
21949F90000
|
heap
|
page read and write
|
||
|
C0003F5000
|
direct allocation
|
page read and write
|
||
|
C0002DB000
|
direct allocation
|
page read and write
|
||
|
171A000
|
unkown
|
page readonly
|
||
|
C000188000
|
direct allocation
|
page read and write
|
||
|
C000343000
|
direct allocation
|
page read and write
|
||
|
21971240000
|
trusted library allocation
|
page read and write
|
||
|
173D000
|
unkown
|
page readonly
|
||
|
C00001A000
|
direct allocation
|
page read and write
|
||
|
17B3000
|
unkown
|
page readonly
|
||
|
17B3000
|
unkown
|
page readonly
|
||
|
C000084000
|
direct allocation
|
page read and write
|
||
|
C0003BF000
|
direct allocation
|
page read and write
|
||
|
171C000
|
unkown
|
page readonly
|
||
|
C00032D000
|
direct allocation
|
page read and write
|
||
|
172C000
|
unkown
|
page readonly
|
||
|
1FD0000
|
unkown
|
page readonly
|
||
|
C000419000
|
direct allocation
|
page read and write
|
||
|
C0002C3000
|
direct allocation
|
page read and write
|
||
|
C000375000
|
direct allocation
|
page read and write
|
||
|
C0001A0000
|
direct allocation
|
page read and write
|
||
|
C000363000
|
direct allocation
|
page read and write
|
||
|
C00060C000
|
direct allocation
|
page read and write
|
||
|
341000
|
unkown
|
page execute read
|
||
|
341000
|
unkown
|
page execute read
|
||
|
C000444000
|
direct allocation
|
page read and write
|
||
|
24173440000
|
trusted library allocation
|
page read and write
|
||
|
C0003D9000
|
direct allocation
|
page read and write
|
||
|
C0000BE000
|
direct allocation
|
page read and write
|
||
|
F354BFE000
|
stack
|
page read and write
|
||
|
C000538000
|
direct allocation
|
page read and write
|
||
|
C00024E000
|
direct allocation
|
page read and write
|
||
|
C0003FB000
|
direct allocation
|
page read and write
|
||
|
C0003F9000
|
direct allocation
|
page read and write
|
||
|
1799000
|
unkown
|
page readonly
|
||
|
1DFF000
|
unkown
|
page write copy
|
||
|
C00018B000
|
direct allocation
|
page read and write
|
||
|
C000048000
|
direct allocation
|
page read and write
|
||
|
171A000
|
unkown
|
page readonly
|
||
|
C000265000
|
direct allocation
|
page read and write
|
||
|
D41000
|
unkown
|
page execute read
|
||
|
C0000A4000
|
direct allocation
|
page read and write
|
||
|
1E08000
|
unkown
|
page read and write
|
||
|
C00051C000
|
direct allocation
|
page read and write
|
||
|
C0003FD000
|
direct allocation
|
page read and write
|
||
|
C0003CF000
|
direct allocation
|
page read and write
|
||
|
C00026B000
|
direct allocation
|
page read and write
|
||
|
C0003A1000
|
direct allocation
|
page read and write
|
||
|
1792000
|
unkown
|
page readonly
|
||
|
C0002ED000
|
direct allocation
|
page read and write
|
||
|
C0003D5000
|
direct allocation
|
page read and write
|
||
|
1F8D000
|
unkown
|
page readonly
|
||
|
D8F000
|
unkown
|
page readonly
|
||
|
D41000
|
unkown
|
page execute read
|
||
|
2414C5A0000
|
trusted library allocation
|
page read and write
|
||
|
C000294000
|
direct allocation
|
page read and write
|
||
|
177E000
|
unkown
|
page readonly
|
||
|
2414C5A0000
|
trusted library allocation
|
page read and write
|
||
|
1EEB000
|
unkown
|
page read and write
|
||
|
C00063C000
|
direct allocation
|
page read and write
|
||
|
C000636000
|
direct allocation
|
page read and write
|
||
|
C0004C2000
|
direct allocation
|
page read and write
|
||
|
C0002D1000
|
direct allocation
|
page read and write
|
||
|
1E01000
|
unkown
|
page read and write
|
||
|
1FD0000
|
unkown
|
page readonly
|
||
|
C000256000
|
direct allocation
|
page read and write
|
||
|
C00008C000
|
direct allocation
|
page read and write
|
||
|
1F7D000
|
unkown
|
page read and write
|
||
|
C000578000
|
direct allocation
|
page read and write
|
||
|
1EC0000
|
unkown
|
page read and write
|
||
|
C000008000
|
direct allocation
|
page read and write
|
||
|
C0002A8000
|
direct allocation
|
page read and write
|
||
|
1779000
|
unkown
|
page readonly
|
||
|
C0003A9000
|
direct allocation
|
page read and write
|
||
|
C000347000
|
direct allocation
|
page read and write
|
||
|
C000638000
|
direct allocation
|
page read and write
|
||
|
2196F450000
|
direct allocation
|
page read and write
|
||
|
C0004BC000
|
direct allocation
|
page read and write
|
||
|
C000121000
|
direct allocation
|
page read and write
|
||
|
C000102000
|
direct allocation
|
page read and write
|
||
|
C00010A000
|
direct allocation
|
page read and write
|
||
|
C000634000
|
direct allocation
|
page read and write
|
||
|
C00011D000
|
direct allocation
|
page read and write
|
||
|
21971240000
|
trusted library allocation
|
page read and write
|
||
|
C00040D000
|
direct allocation
|
page read and write
|
||
|
1FD0000
|
unkown
|
page readonly
|
||
|
C0001C8000
|
direct allocation
|
page read and write
|
||
|
F3547FF000
|
stack
|
page read and write
|
||
|
21949FA0000
|
heap
|
page read and write
|
||
|
C00019C000
|
direct allocation
|
page read and write
|
||
|
1784000
|
unkown
|
page readonly
|
||
|
C000576000
|
direct allocation
|
page read and write
|
||
|
C000058000
|
direct allocation
|
page read and write
|
||
|
D8F000
|
unkown
|
page readonly
|
||
|
C0002F7000
|
direct allocation
|
page read and write
|
||
|
1E0E000
|
unkown
|
page read and write
|
||
|
C0003C5000
|
direct allocation
|
page read and write
|
||
|
C000317000
|
direct allocation
|
page read and write
|
||
|
2194A000000
|
direct allocation
|
page read and write
|
||
|
341000
|
unkown
|
page execute read
|
||
|
2194A1E8000
|
direct allocation
|
page read and write
|
||
|
1734000
|
unkown
|
page readonly
|
||
|
341000
|
unkown
|
page execute read
|
||
|
C00065A000
|
direct allocation
|
page read and write
|
||
|
C000000000
|
direct allocation
|
page read and write
|
||
|
C000303000
|
direct allocation
|
page read and write
|
||
|
C0000EA000
|
direct allocation
|
page read and write
|
||
|
179C000
|
unkown
|
page readonly
|
||
|
1E0F000
|
unkown
|
page write copy
|
||
|
C000076000
|
direct allocation
|
page read and write
|
||
|
C00022B000
|
direct allocation
|
page read and write
|
||
|
C0002D5000
|
direct allocation
|
page read and write
|
||
|
C0003C3000
|
direct allocation
|
page read and write
|
||
|
C000379000
|
direct allocation
|
page read and write
|
||
|
1FCF000
|
unkown
|
page write copy
|
||
|
2197121B000
|
direct allocation
|
page read and write
|
||
|
173D000
|
unkown
|
page readonly
|
||
|
C0002CD000
|
direct allocation
|
page read and write
|
||
|
C0003D1000
|
direct allocation
|
page read and write
|
||
|
C00005D000
|
direct allocation
|
page read and write
|
||
|
17A1000
|
unkown
|
page readonly
|
||
|
C0004C4000
|
direct allocation
|
page read and write
|
||
|
2196F467000
|
direct allocation
|
page read and write
|
||
|
2194A010000
|
heap
|
page read and write
|
||
|
219711B0000
|
direct allocation
|
page read and write
|
||
|
C0000AE000
|
direct allocation
|
page read and write
|
||
|
C0002E1000
|
direct allocation
|
page read and write
|
||
|
C000305000
|
direct allocation
|
page read and write
|
||
|
C000600000
|
direct allocation
|
page read and write
|
||
|
C0002F1000
|
direct allocation
|
page read and write
|
||
|
2009000
|
unkown
|
page readonly
|
||
|
21949FC0000
|
heap
|
page read and write
|
||
|
C000377000
|
direct allocation
|
page read and write
|
||
|
C00037D000
|
direct allocation
|
page read and write
|
||
|
C000118000
|
direct allocation
|
page read and write
|
||
|
21949FC5000
|
heap
|
page read and write
|
||
|
C0003A3000
|
direct allocation
|
page read and write
|
||
|
1EC4000
|
unkown
|
page read and write
|
There are 386 hidden memdumps, click here to show them.