Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
inquiry.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_inquiry.exe_fcd37193b5ccfd31063cfc5e26036f533c63e7_61dfa667_12bae591-e693-4c4a-bc4a-498c1f3dce62\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER355F.tmp.dmp
|
Mini DuMP crash report, 16 streams, Wed Sep 25 16:50:21 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER37E1.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3820.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oqad2h4w.n3o.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_p01ppd1y.4mi.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wfhh1vkh.5zs.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xwgituu0.rez.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\inquiry.exe
|
"C:\Users\user\Desktop\inquiry.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\inquiry.exe"
-Force
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7340 -s 1312
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://aborters.duckdns.org:8081
|
unknown
|
|
|
|
http://checkip.dyndns.org/
|
158.101.44.242
|
|
|
|
http://anotherarmy.dns.army:8081
|
unknown
|
|
|
|
https://www.office.com/
|
unknown
|
||
|
https://duckduckgo.com/chrome_newtab
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
https://api.telegram.org
|
unknown
|
||
|
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
|
unknown
|
||
|
https://api.telegram.org/bot
|
unknown
|
||
|
https://www.office.com/P
|
unknown
|
||
|
https://www.office.com/lB
|
unknown
|
||
|
http://ftp.fastestpay.digital
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://checkip.dyndns.org
|
unknown
|
||
|
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:494126%0D%0ADate%20and%20Time:%2026/09/2024%20/%2003:21:15%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20494126%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D
|
149.154.167.220
|
||
|
https://reallyfreegeoip.org/xml/8.46.123.33
|
188.114.96.3
|
||
|
https://api.telegram.org/bot/sendMessage?chat_id=&text=
|
unknown
|
||
|
https://chrome.google.com/webstore?hl=en
|
unknown
|
||
|
https://www.ecosia.org/newtab/
|
unknown
|
||
|
http://varders.kozow.com:8081
|
unknown
|
||
|
https://ac.ecosia.org/autocomplete?q=
|
unknown
|
||
|
http://51.38.247.67:8081/_send_.php?L
|
unknown
|
||
|
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:494126%0D%0ADate%20a
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/8.46.123.33$
|
unknown
|
||
|
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
|
unknown
|
||
|
http://checkip.dyndns.org/q
|
unknown
|
||
|
https://chrome.google.com/webstore?hl=enlB
|
unknown
|
||
|
https://reallyfreegeoip.org
|
unknown
|
||
|
https://chrome.google.com/webstore?hl=enP
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
|
unknown
|
||
|
http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/
|
unknown
|
There are 25 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ftp.fastestpay.digital
|
192.64.117.204
|
|
|
|
reallyfreegeoip.org
|
188.114.96.3
|
|
|
|
api.telegram.org
|
149.154.167.220
|
|
|
|
checkip.dyndns.com
|
158.101.44.242
|
|
|
|
checkip.dyndns.org
|
unknown
|
|
|
|
time.windows.com
|
unknown
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
149.154.167.220
|
api.telegram.org
|
United Kingdom
|
|
|
|
192.64.117.204
|
ftp.fastestpay.digital
|
United States
|
|
|
|
188.114.96.3
|
reallyfreegeoip.org
|
European Union
|
|
|
|
158.101.44.242
|
checkip.dyndns.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
|
EnableLUA
|
|
|
|
\REGISTRY\A\{2aff5c51-6d22-5234-51b8-da0f27ef6317}\Root\InventoryApplicationFile\inquiry.exe|f8eb96cb19153c7e
|
ProgramId
|
|
|
|
\REGISTRY\A\{2aff5c51-6d22-5234-51b8-da0f27ef6317}\Root\InventoryApplicationFile\inquiry.exe|f8eb96cb19153c7e
|
FileId
|
|
|
|
\REGISTRY\A\{2aff5c51-6d22-5234-51b8-da0f27ef6317}\Root\InventoryApplicationFile\inquiry.exe|f8eb96cb19153c7e
|
LowerCaseLongPath
|
|
|
|
\REGISTRY\A\{2aff5c51-6d22-5234-51b8-da0f27ef6317}\Root\InventoryApplicationFile\inquiry.exe|f8eb96cb19153c7e
|
LongPathHash
|
|
|
|
\REGISTRY\A\{2aff5c51-6d22-5234-51b8-da0f27ef6317}\Root\InventoryApplicationFile\inquiry.exe|f8eb96cb19153c7e
|
Name
|
|
|
|
\REGISTRY\A\{2aff5c51-6d22-5234-51b8-da0f27ef6317}\Root\InventoryApplicationFile\inquiry.exe|f8eb96cb19153c7e
|
OriginalFileName
|
|
|
|
\REGISTRY\A\{2aff5c51-6d22-5234-51b8-da0f27ef6317}\Root\InventoryApplicationFile\inquiry.exe|f8eb96cb19153c7e
|
Publisher
|
|
|
|
\REGISTRY\A\{2aff5c51-6d22-5234-51b8-da0f27ef6317}\Root\InventoryApplicationFile\inquiry.exe|f8eb96cb19153c7e
|
Version
|
|
|
|
\REGISTRY\A\{2aff5c51-6d22-5234-51b8-da0f27ef6317}\Root\InventoryApplicationFile\inquiry.exe|f8eb96cb19153c7e
|
BinFileVersion
|
|
|
|
\REGISTRY\A\{2aff5c51-6d22-5234-51b8-da0f27ef6317}\Root\InventoryApplicationFile\inquiry.exe|f8eb96cb19153c7e
|
BinaryType
|
|
|
|
\REGISTRY\A\{2aff5c51-6d22-5234-51b8-da0f27ef6317}\Root\InventoryApplicationFile\inquiry.exe|f8eb96cb19153c7e
|
ProductName
|
|
|
|
\REGISTRY\A\{2aff5c51-6d22-5234-51b8-da0f27ef6317}\Root\InventoryApplicationFile\inquiry.exe|f8eb96cb19153c7e
|
ProductVersion
|
|
|
|
\REGISTRY\A\{2aff5c51-6d22-5234-51b8-da0f27ef6317}\Root\InventoryApplicationFile\inquiry.exe|f8eb96cb19153c7e
|
LinkDate
|
|
|
|
\REGISTRY\A\{2aff5c51-6d22-5234-51b8-da0f27ef6317}\Root\InventoryApplicationFile\inquiry.exe|f8eb96cb19153c7e
|
BinProductVersion
|
|
|
|
\REGISTRY\A\{2aff5c51-6d22-5234-51b8-da0f27ef6317}\Root\InventoryApplicationFile\inquiry.exe|f8eb96cb19153c7e
|
AppxPackageFullName
|
|
|
|
\REGISTRY\A\{2aff5c51-6d22-5234-51b8-da0f27ef6317}\Root\InventoryApplicationFile\inquiry.exe|f8eb96cb19153c7e
|
AppxPackageRelativeId
|
|
|
|
\REGISTRY\A\{2aff5c51-6d22-5234-51b8-da0f27ef6317}\Root\InventoryApplicationFile\inquiry.exe|f8eb96cb19153c7e
|
Size
|
|
|
|
\REGISTRY\A\{2aff5c51-6d22-5234-51b8-da0f27ef6317}\Root\InventoryApplicationFile\inquiry.exe|f8eb96cb19153c7e
|
Language
|
|
|
|
\REGISTRY\A\{2aff5c51-6d22-5234-51b8-da0f27ef6317}\Root\InventoryApplicationFile\inquiry.exe|f8eb96cb19153c7e
|
Usn
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance
|
Enabled
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASMANCS
|
FileDirectory
|
There are 26 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1F800340000
|
trusted library allocation
|
page read and write
|
|
|
|
1F810011000
|
trusted library allocation
|
page read and write
|
|
|
|
2B23000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
2931000
|
trusted library allocation
|
page read and write
|
|
|
|
1F86BF8D000
|
heap
|
page read and write
|
||
|
1F869B16000
|
heap
|
page read and write
|
||
|
2CD4000
|
trusted library allocation
|
page read and write
|
||
|
3BE1000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB3C000
|
trusted library allocation
|
page execute and read and write
|
||
|
3B02000
|
trusted library allocation
|
page read and write
|
||
|
29A9000
|
trusted library allocation
|
page read and write
|
||
|
1F86BF8A000
|
heap
|
page read and write
|
||
|
6480000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB1D516000
|
unkown
|
page readonly
|
||
|
7FFAACBA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BBF000
|
trusted library allocation
|
page read and write
|
||
|
1F800001000
|
trusted library allocation
|
page read and write
|
||
|
60FD000
|
stack
|
page read and write
|
||
|
2B35000
|
trusted library allocation
|
page read and write
|
||
|
4EBE000
|
trusted library allocation
|
page read and write
|
||
|
AF7000
|
stack
|
page read and write
|
||
|
4EBB000
|
trusted library allocation
|
page read and write
|
||
|
CB6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F810007000
|
trusted library allocation
|
page read and write
|
||
|
643E000
|
stack
|
page read and write
|
||
|
2C3F000
|
trusted library allocation
|
page read and write
|
||
|
5FBF000
|
stack
|
page read and write
|
||
|
3A1B000
|
trusted library allocation
|
page read and write
|
||
|
3959000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1D500000
|
unkown
|
page readonly
|
||
|
C80000
|
trusted library allocation
|
page read and write
|
||
|
4C3E1FD000
|
stack
|
page read and write
|
||
|
1F869C13000
|
trusted library allocation
|
page read and write
|
||
|
1F869AE2000
|
heap
|
page read and write
|
||
|
6510000
|
trusted library allocation
|
page read and write
|
||
|
4EB6000
|
trusted library allocation
|
page read and write
|
||
|
6A40000
|
heap
|
page read and write
|
||
|
1F8698B2000
|
unkown
|
page readonly
|
||
|
4F60000
|
trusted library allocation
|
page read and write
|
||
|
2AC7000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB96000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1D525000
|
unkown
|
page readonly
|
||
|
65C0000
|
trusted library allocation
|
page read and write
|
||
|
2CCB000
|
trusted library allocation
|
page read and write
|
||
|
E3E000
|
stack
|
page read and write
|
||
|
7FFAACAE3000
|
trusted library allocation
|
page execute and read and write
|
||
|
602D000
|
heap
|
page read and write
|
||
|
29E3000
|
trusted library allocation
|
page read and write
|
||
|
2A3C000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACAF0000
|
trusted library allocation
|
page read and write
|
||
|
7FF42CB00000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F86BF90000
|
heap
|
page read and write
|
||
|
633E000
|
stack
|
page read and write
|
||
|
C93000
|
trusted library allocation
|
page execute and read and write
|
||
|
65F0000
|
heap
|
page read and write
|
||
|
EE5000
|
heap
|
page read and write
|
||
|
F1F000
|
heap
|
page read and write
|
||
|
2BB6000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC00000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AB8000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACAE0000
|
trusted library allocation
|
page read and write
|
||
|
5FF3000
|
heap
|
page read and write
|
||
|
3931000
|
trusted library allocation
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
2983000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACCA0000
|
trusted library allocation
|
page read and write
|
||
|
4C3DCFF000
|
stack
|
page read and write
|
||
|
1F869AAC000
|
heap
|
page read and write
|
||
|
54C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACCBE000
|
trusted library allocation
|
page read and write
|
||
|
1F869CE0000
|
heap
|
page execute and read and write
|
||
|
3A57000
|
trusted library allocation
|
page read and write
|
||
|
29A5000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC94000
|
trusted library allocation
|
page read and write
|
||
|
3A04000
|
trusted library allocation
|
page read and write
|
||
|
1F869C60000
|
heap
|
page read and write
|
||
|
627E000
|
stack
|
page read and write
|
||
|
DF0000
|
trusted library allocation
|
page read and write
|
||
|
54B0000
|
trusted library allocation
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
446000
|
remote allocation
|
page execute and read and write
|
||
|
2C23000
|
trusted library allocation
|
page read and write
|
||
|
1F86BF81000
|
heap
|
page read and write
|
||
|
29EF000
|
trusted library allocation
|
page read and write
|
||
|
1F86BF20000
|
heap
|
page execute and read and write
|
||
|
3C40000
|
trusted library allocation
|
page read and write
|
||
|
1F869ACE000
|
heap
|
page read and write
|
||
|
6470000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C3DDFE000
|
stack
|
page read and write
|
||
|
C0E000
|
stack
|
page read and write
|
||
|
1F869D25000
|
heap
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
7FFB1D501000
|
unkown
|
page execute read
|
||
|
2BE6000
|
trusted library allocation
|
page read and write
|
||
|
2A3A000
|
trusted library allocation
|
page read and write
|
||
|
1F869C65000
|
heap
|
page read and write
|
||
|
CBA000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BE0000
|
trusted library allocation
|
page read and write
|
||
|
65B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
29EB000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB90000
|
trusted library allocation
|
page read and write
|
||
|
54AA000
|
trusted library allocation
|
page read and write
|
||
|
2BEC000
|
trusted library allocation
|
page read and write
|
||
|
2CA1000
|
trusted library allocation
|
page read and write
|
||
|
5060000
|
heap
|
page read and write
|
||
|
2CF8000
|
trusted library allocation
|
page read and write
|
||
|
1F86B4D0000
|
trusted library section
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
28EE000
|
stack
|
page read and write
|
||
|
F7C000
|
stack
|
page read and write
|
||
|
7FFAACC99000
|
trusted library allocation
|
page read and write
|
||
|
4C3DEFE000
|
stack
|
page read and write
|
||
|
2990000
|
trusted library allocation
|
page read and write
|
||
|
2BAC000
|
trusted library allocation
|
page read and write
|
||
|
3CD1000
|
trusted library allocation
|
page read and write
|
||
|
4C3DAFB000
|
stack
|
page read and write
|
||
|
2AE5000
|
trusted library allocation
|
page read and write
|
||
|
1F869AA0000
|
heap
|
page read and write
|
||
|
7FFAACCC0000
|
trusted library allocation
|
page read and write
|
||
|
2C30000
|
trusted library allocation
|
page read and write
|
||
|
2BA3000
|
trusted library allocation
|
page read and write
|
||
|
2C3C000
|
trusted library allocation
|
page read and write
|
||
|
2ABC000
|
trusted library allocation
|
page read and write
|
||
|
29AD000
|
trusted library allocation
|
page read and write
|
||
|
2CC9000
|
trusted library allocation
|
page read and write
|
||
|
CC2000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC90000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACCF1000
|
trusted library allocation
|
page read and write
|
||
|
1F869AE4000
|
heap
|
page read and write
|
||
|
4EE2000
|
trusted library allocation
|
page read and write
|
||
|
2A19000
|
trusted library allocation
|
page read and write
|
||
|
4ED6000
|
trusted library allocation
|
page read and write
|
||
|
1F869A50000
|
heap
|
page read and write
|
||
|
1030000
|
trusted library allocation
|
page execute and read and write
|
||
|
3BDD000
|
trusted library allocation
|
page read and write
|
||
|
4F70000
|
heap
|
page execute and read and write
|
||
|
3BEF000
|
trusted library allocation
|
page read and write
|
||
|
2CC1000
|
trusted library allocation
|
page read and write
|
||
|
1F86BF95000
|
heap
|
page read and write
|
||
|
1F869B0D000
|
heap
|
page read and write
|
||
|
65A9000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACAE4000
|
trusted library allocation
|
page read and write
|
||
|
3B72000
|
trusted library allocation
|
page read and write
|
||
|
29E7000
|
trusted library allocation
|
page read and write
|
||
|
4ED1000
|
trusted library allocation
|
page read and write
|
||
|
789000
|
stack
|
page read and write
|
||
|
7FFAACBC6000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C39000
|
trusted library allocation
|
page read and write
|
||
|
3B41000
|
trusted library allocation
|
page read and write
|
||
|
3B5C000
|
trusted library allocation
|
page read and write
|
||
|
1F86C1C0000
|
heap
|
page read and write
|
||
|
2920000
|
heap
|
page execute and read and write
|
||
|
4C3D7FE000
|
stack
|
page read and write
|
||
|
3D0F000
|
trusted library allocation
|
page read and write
|
||
|
1F86BF30000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
5EBE000
|
stack
|
page read and write
|
||
|
1F869D20000
|
heap
|
page read and write
|
||
|
CB2000
|
trusted library allocation
|
page read and write
|
||
|
1F800041000
|
trusted library allocation
|
page read and write
|
||
|
3C5F000
|
trusted library allocation
|
page read and write
|
||
|
613F000
|
stack
|
page read and write
|
||
|
29DB000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACAF2000
|
trusted library allocation
|
page read and write
|
||
|
2910000
|
trusted library allocation
|
page read and write
|
||
|
2AB4000
|
trusted library allocation
|
page read and write
|
||
|
6580000
|
trusted library allocation
|
page read and write
|
||
|
6546000
|
trusted library allocation
|
page read and write
|
||
|
1F869A70000
|
heap
|
page read and write
|
||
|
6500000
|
trusted library allocation
|
page read and write
|
||
|
E73000
|
heap
|
page read and write
|
||
|
2B98000
|
trusted library allocation
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
CD5000
|
heap
|
page read and write
|
||
|
299B000
|
trusted library allocation
|
page read and write
|
||
|
2BE8000
|
trusted library allocation
|
page read and write
|
||
|
5FC0000
|
heap
|
page read and write
|
||
|
6450000
|
trusted library allocation
|
page execute and read and write
|
||
|
3A77000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB0B000
|
trusted library allocation
|
page execute and read and write
|
||
|
539E000
|
stack
|
page read and write
|
||
|
3BEC000
|
trusted library allocation
|
page read and write
|
||
|
4C3D8FF000
|
stack
|
page read and write
|
||
|
7FFAACCE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACCB0000
|
trusted library allocation
|
page read and write
|
||
|
1F869B19000
|
heap
|
page read and write
|
||
|
CB0000
|
trusted library allocation
|
page read and write
|
||
|
1F869970000
|
heap
|
page read and write
|
||
|
3C33000
|
trusted library allocation
|
page read and write
|
||
|
1F869C00000
|
trusted library allocation
|
page read and write
|
||
|
3C2E000
|
trusted library allocation
|
page read and write
|
||
|
3A8D000
|
trusted library allocation
|
page read and write
|
||
|
399E000
|
trusted library allocation
|
page read and write
|
||
|
F98000
|
trusted library allocation
|
page read and write
|
||
|
3AEA000
|
trusted library allocation
|
page read and write
|
||
|
54A6000
|
trusted library allocation
|
page read and write
|
||
|
3B90000
|
trusted library allocation
|
page read and write
|
||
|
3B00000
|
trusted library allocation
|
page read and write
|
||
|
4ECE000
|
trusted library allocation
|
page read and write
|
||
|
4F10000
|
heap
|
page read and write
|
||
|
2AF3000
|
trusted library allocation
|
page read and write
|
||
|
2AC2000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1D520000
|
unkown
|
page read and write
|
||
|
1F869BE0000
|
trusted library allocation
|
page read and write
|
||
|
4C3D6FE000
|
stack
|
page read and write
|
||
|
1F86B5C0000
|
heap
|
page read and write
|
||
|
5E7E000
|
stack
|
page read and write
|
||
|
1F8698B0000
|
unkown
|
page readonly
|
||
|
2B49000
|
trusted library allocation
|
page read and write
|
||
|
1F869B98000
|
heap
|
page read and write
|
||
|
3B74000
|
trusted library allocation
|
page read and write
|
||
|
1F869B0F000
|
heap
|
page read and write
|
||
|
3951000
|
trusted library allocation
|
page read and write
|
||
|
4C3E2FE000
|
stack
|
page read and write
|
||
|
28F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB04000
|
trusted library allocation
|
page read and write
|
||
|
4C3D9FE000
|
stack
|
page read and write
|
||
|
3BEA000
|
trusted library allocation
|
page read and write
|
||
|
6440000
|
trusted library allocation
|
page read and write
|
||
|
4F13000
|
heap
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
3CBC000
|
trusted library allocation
|
page read and write
|
||
|
617E000
|
stack
|
page read and write
|
||
|
3944000
|
trusted library allocation
|
page read and write
|
||
|
3BE6000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB00000
|
trusted library allocation
|
page read and write
|
||
|
2C74000
|
trusted library allocation
|
page read and write
|
||
|
65A0000
|
trusted library allocation
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
2B9D000
|
trusted library allocation
|
page read and write
|
||
|
6490000
|
trusted library allocation
|
page execute and read and write
|
||
|
3C39000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACCE6000
|
trusted library allocation
|
page read and write
|
||
|
C90000
|
trusted library allocation
|
page read and write
|
||
|
E76000
|
heap
|
page read and write
|
||
|
2AF8000
|
trusted library allocation
|
page read and write
|
||
|
549E000
|
stack
|
page read and write
|
||
|
1F86B600000
|
trusted library allocation
|
page read and write
|
||
|
3C45000
|
trusted library allocation
|
page read and write
|
||
|
3CE4000
|
trusted library allocation
|
page read and write
|
||
|
CC7000
|
trusted library allocation
|
page execute and read and write
|
||
|
3BBD000
|
trusted library allocation
|
page read and write
|
||
|
6524000
|
trusted library allocation
|
page read and write
|
||
|
4ECA000
|
trusted library allocation
|
page read and write
|
||
|
604B000
|
heap
|
page read and write
|
||
|
C94000
|
trusted library allocation
|
page read and write
|
||
|
2CC7000
|
trusted library allocation
|
page read and write
|
||
|
2AED000
|
trusted library allocation
|
page read and write
|
||
|
5FF7000
|
heap
|
page read and write
|
||
|
7FFAACAFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F80002C000
|
trusted library allocation
|
page read and write
|
||
|
6575000
|
trusted library allocation
|
page read and write
|
||
|
2900000
|
trusted library allocation
|
page read and write
|
||
|
2A1B000
|
trusted library allocation
|
page read and write
|
||
|
29DF000
|
trusted library allocation
|
page read and write
|
||
|
2CD0000
|
trusted library allocation
|
page read and write
|
||
|
62BE000
|
stack
|
page read and write
|
||
|
54A4000
|
trusted library allocation
|
page read and write
|
||
|
54BD000
|
trusted library allocation
|
page read and write
|
||
|
39EE000
|
trusted library allocation
|
page read and write
|
||
|
4C3E3FB000
|
stack
|
page read and write
|
||
|
EF9000
|
heap
|
page read and write
|
||
|
2AEB000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB9C000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A2E000
|
stack
|
page read and write
|
||
|
3BF4000
|
trusted library allocation
|
page read and write
|
||
|
DDE000
|
stack
|
page read and write
|
||
|
3B12000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACAED000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AE9000
|
trusted library allocation
|
page read and write
|
||
|
E48000
|
heap
|
page read and write
|
||
|
3B3D000
|
trusted library allocation
|
page read and write
|
||
|
62FF000
|
stack
|
page read and write
|
||
|
6572000
|
trusted library allocation
|
page read and write
|
||
|
3A2B000
|
trusted library allocation
|
page read and write
|
||
|
2BF2000
|
trusted library allocation
|
page read and write
|
||
|
4EB0000
|
trusted library allocation
|
page read and write
|
||
|
6460000
|
trusted library allocation
|
page read and write
|
||
|
1F869ACC000
|
heap
|
page read and write
|
||
|
6530000
|
trusted library allocation
|
page execute and read and write
|
||
|
29D7000
|
trusted library allocation
|
page read and write
|
||
|
6517000
|
trusted library allocation
|
page read and write
|
||
|
1F869BA0000
|
heap
|
page read and write
|
||
|
1F810001000
|
trusted library allocation
|
page read and write
|
||
|
6001000
|
heap
|
page read and write
|
||
|
3D12000
|
trusted library allocation
|
page read and write
|
||
|
C9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BBB000
|
trusted library allocation
|
page read and write
|
||
|
CCB000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C3D323000
|
stack
|
page read and write
|
||
|
2ABA000
|
trusted library allocation
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
3C49000
|
trusted library allocation
|
page read and write
|
||
|
6590000
|
trusted library allocation
|
page read and write
|
||
|
6570000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACCD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB1D522000
|
unkown
|
page readonly
|
||
|
7FFAACC80000
|
trusted library allocation
|
page read and write
|
||
|
4EDD000
|
trusted library allocation
|
page read and write
|
||
|
CC5000
|
trusted library allocation
|
page execute and read and write
|
||
|
393F000
|
trusted library allocation
|
page read and write
|
||
|
CA0000
|
trusted library allocation
|
page read and write
|
||
|
1F8698D0000
|
unkown
|
page readonly
|
||
|
1F869C10000
|
trusted library allocation
|
page read and write
|
||
|
394B000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACAE2000
|
trusted library allocation
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
CAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
64A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
29F3000
|
trusted library allocation
|
page read and write
|
||
|
4FBE000
|
stack
|
page read and write
|
There are 303 hidden memdumps, click here to show them.