Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
VbcXXnmIwPPhh.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\VbcXXnmIwPPhh.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1xqyadvx.hmn.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gc3jpauf.ryz.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lj0wzbyw.y3g.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mljpq4ed.5sw.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\Documents\VIPRecovery\Screenshot.png
|
PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\VbcXXnmIwPPhh.exe
|
"C:\Users\user\Desktop\VbcXXnmIwPPhh.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\VbcXXnmIwPPhh.exe"
|
|
|
|
C:\Users\user\Desktop\VbcXXnmIwPPhh.exe
|
"C:\Users\user\Desktop\VbcXXnmIwPPhh.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://aborters.duckdns.org:8081
|
unknown
|
|
|
|
http://anotherarmy.dns.army:8081
|
unknown
|
|
|
|
https://ac.ecosia.org/autocomplete?q=
|
unknown
|
||
|
https://www.office.com/
|
unknown
|
||
|
https://duckduckgo.com/chrome_newtab
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
http://checkip.dyndns.org/
|
132.226.8.169
|
||
|
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
|
unknown
|
||
|
http://51.38.247.67:8081/_send_.php?L
|
unknown
|
||
|
https://api.telegram.org/bot
|
unknown
|
||
|
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
|
unknown
|
||
|
http://checkip.dyndns.org/q
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/8.46.123.33
|
188.114.96.3
|
||
|
https://chrome.google.com/webstore?hl=en
|
unknown
|
||
|
https://www.ecosia.org/newtab/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
|
unknown
|
||
|
http://varders.kozow.com:8081
|
unknown
|
||
|
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:528110%0D%0ADate%20and%20Time:%2027/09/2024%20/%2000:14:59%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20528110%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D
|
149.154.167.220
|
||
|
http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/
|
unknown
|
There are 13 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
reallyfreegeoip.org
|
188.114.96.3
|
|
|
|
api.telegram.org
|
149.154.167.220
|
|
|
|
mail.jhxkgroup.online
|
217.12.218.219
|
|
|
|
checkip.dyndns.org
|
unknown
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
||
|
checkip.dyndns.com
|
132.226.8.169
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
149.154.167.220
|
api.telegram.org
|
United Kingdom
|
|
|
|
217.12.218.219
|
mail.jhxkgroup.online
|
Ukraine
|
|
|
|
188.114.96.3
|
reallyfreegeoip.org
|
European Union
|
|
|
|
132.226.8.169
|
checkip.dyndns.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\VbcXXnmIwPPhh_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\VbcXXnmIwPPhh_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\VbcXXnmIwPPhh_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\VbcXXnmIwPPhh_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\VbcXXnmIwPPhh_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\VbcXXnmIwPPhh_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\VbcXXnmIwPPhh_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\VbcXXnmIwPPhh_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\VbcXXnmIwPPhh_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\VbcXXnmIwPPhh_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\VbcXXnmIwPPhh_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\VbcXXnmIwPPhh_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\VbcXXnmIwPPhh_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\VbcXXnmIwPPhh_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
31B1000
|
trusted library allocation
|
page read and write
|
|
|
|
3269000
|
trusted library allocation
|
page read and write
|
|
|
|
4279000
|
trusted library allocation
|
page read and write
|
|
|
|
6260000
|
heap
|
page read and write
|
||
|
2FD7000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F32000
|
trusted library allocation
|
page read and write
|
||
|
11540000
|
heap
|
page read and write
|
||
|
1155F000
|
heap
|
page read and write
|
||
|
6DDD000
|
stack
|
page read and write
|
||
|
7210000
|
heap
|
page read and write
|
||
|
5C3E000
|
stack
|
page read and write
|
||
|
16EE000
|
stack
|
page read and write
|
||
|
695E000
|
stack
|
page read and write
|
||
|
7D55000
|
heap
|
page read and write
|
||
|
56CE000
|
trusted library allocation
|
page read and write
|
||
|
5673000
|
heap
|
page read and write
|
||
|
4293000
|
trusted library allocation
|
page read and write
|
||
|
5670000
|
heap
|
page read and write
|
||
|
5B9F000
|
stack
|
page read and write
|
||
|
58FE000
|
stack
|
page read and write
|
||
|
15A0000
|
trusted library allocation
|
page read and write
|
||
|
7E4E000
|
stack
|
page read and write
|
||
|
736E000
|
heap
|
page read and write
|
||
|
41D1000
|
trusted library allocation
|
page read and write
|
||
|
7D10000
|
heap
|
page read and write
|
||
|
5C2A000
|
trusted library allocation
|
page read and write
|
||
|
1510000
|
trusted library allocation
|
page read and write
|
||
|
A48E000
|
stack
|
page read and write
|
||
|
6C5E000
|
stack
|
page read and write
|
||
|
6E30000
|
trusted library allocation
|
page execute and read and write
|
||
|
1984000
|
trusted library allocation
|
page read and write
|
||
|
6DF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
16FE000
|
stack
|
page read and write
|
||
|
450000
|
trusted library allocation
|
page read and write
|
||
|
5700000
|
trusted library allocation
|
page read and write
|
||
|
4216000
|
trusted library allocation
|
page read and write
|
||
|
5C24000
|
trusted library allocation
|
page read and write
|
||
|
6F40000
|
trusted library allocation
|
page read and write
|
||
|
685E000
|
stack
|
page read and write
|
||
|
7B5F000
|
stack
|
page read and write
|
||
|
A78E000
|
stack
|
page read and write
|
||
|
F0A000
|
unkown
|
page readonly
|
||
|
1532000
|
trusted library allocation
|
page read and write
|
||
|
7600000
|
trusted library allocation
|
page execute and read and write
|
||
|
58D0000
|
heap
|
page read and write
|
||
|
2FC2000
|
trusted library allocation
|
page read and write
|
||
|
32D2000
|
trusted library allocation
|
page read and write
|
||
|
6E60000
|
trusted library allocation
|
page execute and read and write
|
||
|
9700000
|
heap
|
page read and write
|
||
|
56F0000
|
heap
|
page read and write
|
||
|
73CF1000
|
unkown
|
page execute read
|
||
|
74DD000
|
stack
|
page read and write
|
||
|
3218000
|
trusted library allocation
|
page read and write
|
||
|
15F7000
|
heap
|
page read and write
|
||
|
162F000
|
heap
|
page read and write
|
||
|
3271000
|
trusted library allocation
|
page read and write
|
||
|
56D1000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
6A9D000
|
stack
|
page read and write
|
||
|
5C6A000
|
trusted library allocation
|
page read and write
|
||
|
323A000
|
trusted library allocation
|
page read and write
|
||
|
6FB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
11508000
|
heap
|
page read and write
|
||
|
6EC0000
|
trusted library allocation
|
page read and write
|
||
|
671E000
|
stack
|
page read and write
|
||
|
7670000
|
heap
|
page read and write
|
||
|
1680000
|
trusted library allocation
|
page execute and read and write
|
||
|
1420000
|
heap
|
page read and write
|
||
|
6999000
|
heap
|
page read and write
|
||
|
3236000
|
trusted library allocation
|
page read and write
|
||
|
16A4000
|
trusted library allocation
|
page read and write
|
||
|
13B8000
|
heap
|
page read and write
|
||
|
1499000
|
heap
|
page read and write
|
||
|
2FF0000
|
trusted library allocation
|
page read and write
|
||
|
13E6000
|
heap
|
page read and write
|
||
|
56BD000
|
stack
|
page read and write
|
||
|
6EF6000
|
trusted library allocation
|
page read and write
|
||
|
32C7000
|
trusted library allocation
|
page read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
6DED000
|
trusted library allocation
|
page read and write
|
||
|
5C70000
|
heap
|
page read and write
|
||
|
164A000
|
heap
|
page read and write
|
||
|
6960000
|
heap
|
page read and write
|
||
|
6E10000
|
trusted library allocation
|
page execute and read and write
|
||
|
6ADE000
|
stack
|
page read and write
|
||
|
6FC0000
|
trusted library allocation
|
page read and write
|
||
|
1997000
|
heap
|
page read and write
|
||
|
42A9000
|
trusted library allocation
|
page read and write
|
||
|
69F8000
|
heap
|
page read and write
|
||
|
55F0000
|
trusted library allocation
|
page read and write
|
||
|
561D000
|
trusted library allocation
|
page read and write
|
||
|
1567000
|
heap
|
page read and write
|
||
|
FC7000
|
stack
|
page read and write
|
||
|
1490000
|
heap
|
page read and write
|
||
|
1536000
|
trusted library allocation
|
page execute and read and write
|
||
|
1983000
|
trusted library allocation
|
page execute and read and write
|
||
|
1540000
|
trusted library allocation
|
page read and write
|
||
|
6EE6000
|
trusted library allocation
|
page read and write
|
||
|
11500000
|
heap
|
page read and write
|
||
|
3242000
|
trusted library allocation
|
page read and write
|
||
|
73D9000
|
stack
|
page read and write
|
||
|
A99E000
|
stack
|
page read and write
|
||
|
56B4000
|
trusted library allocation
|
page read and write
|
||
|
166D000
|
stack
|
page read and write
|
||
|
154B000
|
trusted library allocation
|
page execute and read and write
|
||
|
13AE000
|
stack
|
page read and write
|
||
|
5850000
|
trusted library allocation
|
page read and write
|
||
|
58E0000
|
heap
|
page read and write
|
||
|
151D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6A40000
|
heap
|
page read and write
|
||
|
2FCA000
|
trusted library allocation
|
page execute and read and write
|
||
|
5C75000
|
heap
|
page read and write
|
||
|
5C50000
|
trusted library allocation
|
page read and write
|
||
|
7DFB000
|
heap
|
page read and write
|
||
|
3246000
|
trusted library allocation
|
page read and write
|
||
|
198D000
|
trusted library allocation
|
page execute and read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
5C40000
|
trusted library allocation
|
page read and write
|
||
|
78FE000
|
stack
|
page read and write
|
||
|
15BE000
|
heap
|
page read and write
|
||
|
41CB000
|
trusted library allocation
|
page read and write
|
||
|
15F5000
|
heap
|
page read and write
|
||
|
322A000
|
trusted library allocation
|
page read and write
|
||
|
1530000
|
trusted library allocation
|
page read and write
|
||
|
5622000
|
trusted library allocation
|
page read and write
|
||
|
2FBD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7360000
|
heap
|
page read and write
|
||
|
1500000
|
trusted library allocation
|
page read and write
|
||
|
5900000
|
trusted library allocation
|
page read and write
|
||
|
5B7E000
|
stack
|
page read and write
|
||
|
14D0000
|
heap
|
page read and write
|
||
|
135D000
|
stack
|
page read and write
|
||
|
6EE0000
|
trusted library allocation
|
page read and write
|
||
|
1520000
|
trusted library allocation
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
303E000
|
stack
|
page read and write
|
||
|
6E50000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F24000
|
trusted library allocation
|
page read and write
|
||
|
16A0000
|
trusted library allocation
|
page read and write
|
||
|
1154C000
|
heap
|
page read and write
|
||
|
593D000
|
stack
|
page read and write
|
||
|
31FD000
|
trusted library allocation
|
page read and write
|
||
|
1513000
|
trusted library allocation
|
page execute and read and write
|
||
|
3080000
|
trusted library allocation
|
page execute and read and write
|
||
|
5611000
|
trusted library allocation
|
page read and write
|
||
|
2FD2000
|
trusted library allocation
|
page read and write
|
||
|
73CF0000
|
unkown
|
page readonly
|
||
|
324A000
|
trusted library allocation
|
page read and write
|
||
|
7CFD000
|
stack
|
page read and write
|
||
|
7F4E000
|
stack
|
page read and write
|
||
|
3686000
|
trusted library allocation
|
page read and write
|
||
|
17EF000
|
stack
|
page read and write
|
||
|
1545000
|
trusted library allocation
|
page execute and read and write
|
||
|
31AF000
|
stack
|
page read and write
|
||
|
7C9E000
|
stack
|
page read and write
|
||
|
536C000
|
stack
|
page read and write
|
||
|
1990000
|
heap
|
page read and write
|
||
|
6C1D000
|
stack
|
page read and write
|
||
|
30A0000
|
heap
|
page execute and read and write
|
||
|
146D000
|
stack
|
page read and write
|
||
|
58F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
A89E000
|
stack
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
77FE000
|
stack
|
page read and write
|
||
|
1747000
|
heap
|
page read and write
|
||
|
5630000
|
trusted library allocation
|
page read and write
|
||
|
3220000
|
trusted library allocation
|
page read and write
|
||
|
56BB000
|
trusted library allocation
|
page read and write
|
||
|
ECA000
|
stack
|
page read and write
|
||
|
58C0000
|
trusted library section
|
page readonly
|
||
|
7F760000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFF000
|
stack
|
page read and write
|
||
|
13B0000
|
heap
|
page read and write
|
||
|
6F35000
|
trusted library allocation
|
page read and write
|
||
|
793E000
|
stack
|
page read and write
|
||
|
4266000
|
trusted library allocation
|
page read and write
|
||
|
55FE000
|
trusted library allocation
|
page read and write
|
||
|
7DF0000
|
heap
|
page read and write
|
||
|
153A000
|
trusted library allocation
|
page execute and read and write
|
||
|
73D0D000
|
unkown
|
page read and write
|
||
|
5C26000
|
trusted library allocation
|
page read and write
|
||
|
5A4E000
|
stack
|
page read and write
|
||
|
6F60000
|
trusted library allocation
|
page read and write
|
||
|
56E0000
|
trusted library allocation
|
page read and write
|
||
|
9710000
|
heap
|
page read and write
|
||
|
12F7000
|
stack
|
page read and write
|
||
|
16B0000
|
heap
|
page read and write
|
||
|
7B9E000
|
stack
|
page read and write
|
||
|
325B000
|
trusted library allocation
|
page read and write
|
||
|
2FD0000
|
trusted library allocation
|
page read and write
|
||
|
173C000
|
stack
|
page read and write
|
||
|
41B1000
|
trusted library allocation
|
page read and write
|
||
|
446000
|
remote allocation
|
page execute and read and write
|
||
|
427C000
|
trusted library allocation
|
page read and write
|
||
|
1425000
|
heap
|
page read and write
|
||
|
56DD000
|
trusted library allocation
|
page read and write
|
||
|
560E000
|
trusted library allocation
|
page read and write
|
||
|
31BF000
|
stack
|
page read and write
|
||
|
5710000
|
trusted library allocation
|
page read and write
|
||
|
5A60000
|
trusted library section
|
page read and write
|
||
|
1560000
|
heap
|
page read and write
|
||
|
6CDD000
|
stack
|
page read and write
|
||
|
146B000
|
heap
|
page read and write
|
||
|
307C000
|
stack
|
page read and write
|
||
|
5950000
|
heap
|
page execute and read and write
|
||
|
58BC000
|
stack
|
page read and write
|
||
|
55FB000
|
trusted library allocation
|
page read and write
|
||
|
6B1D000
|
stack
|
page read and write
|
||
|
A68E000
|
stack
|
page read and write
|
||
|
2FB0000
|
trusted library allocation
|
page read and write
|
||
|
5910000
|
heap
|
page execute and read and write
|
||
|
1547000
|
trusted library allocation
|
page execute and read and write
|
||
|
3262000
|
trusted library allocation
|
page read and write
|
||
|
69E5000
|
heap
|
page read and write
|
||
|
13E3000
|
heap
|
page read and write
|
||
|
1670000
|
trusted library allocation
|
page read and write
|
||
|
1300000
|
heap
|
page read and write
|
||
|
6C9E000
|
stack
|
page read and write
|
||
|
30A0000
|
trusted library allocation
|
page read and write
|
||
|
9E7000
|
heap
|
page read and write
|
||
|
5616000
|
trusted library allocation
|
page read and write
|
||
|
5BDE000
|
stack
|
page read and write
|
||
|
3090000
|
trusted library allocation
|
page read and write
|
||
|
4271000
|
trusted library allocation
|
page read and write
|
||
|
3232000
|
trusted library allocation
|
page read and write
|
||
|
57C0000
|
heap
|
page read and write
|
||
|
6F50000
|
trusted library allocation
|
page read and write
|
||
|
3260000
|
heap
|
page execute and read and write
|
||
|
3207000
|
trusted library allocation
|
page read and write
|
||
|
13DA000
|
heap
|
page read and write
|
||
|
766B000
|
stack
|
page read and write
|
||
|
5790000
|
trusted library allocation
|
page read and write
|
||
|
7620000
|
heap
|
page read and write
|
||
|
5A70000
|
heap
|
page read and write
|
||
|
1315000
|
heap
|
page read and write
|
||
|
E62000
|
unkown
|
page readonly
|
||
|
2FB3000
|
trusted library allocation
|
page read and write
|
||
|
322E000
|
trusted library allocation
|
page read and write
|
||
|
321C000
|
trusted library allocation
|
page read and write
|
||
|
2FDB000
|
trusted library allocation
|
page execute and read and write
|
||
|
81FD000
|
stack
|
page read and write
|
||
|
75D0000
|
trusted library allocation
|
page read and write
|
||
|
73D06000
|
unkown
|
page readonly
|
||
|
1360000
|
heap
|
page read and write
|
||
|
A0C000
|
heap
|
page read and write
|
||
|
6995000
|
heap
|
page read and write
|
||
|
184E000
|
stack
|
page read and write
|
||
|
AA0C000
|
stack
|
page read and write
|
||
|
5C60000
|
trusted library allocation
|
page read and write
|
||
|
5940000
|
trusted library allocation
|
page read and write
|
||
|
681E000
|
stack
|
page read and write
|
||
|
323E000
|
trusted library allocation
|
page read and write
|
||
|
11514000
|
heap
|
page read and write
|
||
|
7DF8000
|
heap
|
page read and write
|
||
|
52AD000
|
stack
|
page read and write
|
||
|
31C8000
|
trusted library allocation
|
page read and write
|
||
|
41C4000
|
trusted library allocation
|
page read and write
|
||
|
159E000
|
stack
|
page read and write
|
||
|
E60000
|
unkown
|
page readonly
|
||
|
2FC0000
|
trusted library allocation
|
page read and write
|
||
|
6ED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1310000
|
heap
|
page read and write
|
||
|
5792000
|
trusted library allocation
|
page read and write
|
||
|
5720000
|
trusted library allocation
|
page read and write
|
||
|
56B0000
|
trusted library allocation
|
page read and write
|
||
|
AB10000
|
trusted library allocation
|
page execute and read and write
|
||
|
5780000
|
heap
|
page read and write
|
||
|
2FC6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1980000
|
trusted library allocation
|
page read and write
|
||
|
9F7000
|
heap
|
page read and write
|
||
|
57A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1514000
|
trusted library allocation
|
page read and write
|
||
|
5715000
|
trusted library allocation
|
page read and write
|
||
|
3696000
|
trusted library allocation
|
page read and write
|
||
|
1740000
|
heap
|
page read and write
|
||
|
5740000
|
trusted library allocation
|
page read and write
|
||
|
2FF8000
|
trusted library allocation
|
page read and write
|
||
|
75F0000
|
heap
|
page read and write
|
||
|
15E8000
|
heap
|
page read and write
|
||
|
AB0C000
|
stack
|
page read and write
|
||
|
15CF000
|
heap
|
page read and write
|
||
|
152D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1684000
|
heap
|
page read and write
|
||
|
41BF000
|
trusted library allocation
|
page read and write
|
||
|
6270000
|
heap
|
page read and write
|
||
|
6E20000
|
trusted library allocation
|
page read and write
|
||
|
3090000
|
trusted library allocation
|
page read and write
|
||
|
F99000
|
stack
|
page read and write
|
||
|
15B0000
|
heap
|
page read and write
|
||
|
41D9000
|
trusted library allocation
|
page read and write
|
||
|
7D2F000
|
heap
|
page read and write
|
||
|
11557000
|
heap
|
page read and write
|
||
|
320D000
|
trusted library allocation
|
page read and write
|
||
|
80FE000
|
stack
|
page read and write
|
||
|
7A5F000
|
stack
|
page read and write
|
||
|
1690000
|
trusted library allocation
|
page read and write
|
||
|
3210000
|
trusted library allocation
|
page read and write
|
||
|
6DE0000
|
trusted library allocation
|
page read and write
|
||
|
7730000
|
trusted library section
|
page read and write
|
||
|
56E2000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
6F30000
|
trusted library allocation
|
page read and write
|
||
|
71DC000
|
stack
|
page read and write
|
||
|
56F3000
|
heap
|
page read and write
|
||
|
7230000
|
trusted library allocation
|
page read and write
|
||
|
7200000
|
heap
|
page read and write
|
||
|
15E4000
|
heap
|
page read and write
|
||
|
73D0F000
|
unkown
|
page readonly
|
||
|
1542000
|
trusted library allocation
|
page read and write
|
||
|
6FAA000
|
stack
|
page read and write
|
||
|
56D6000
|
trusted library allocation
|
page read and write
|
||
|
6A34000
|
heap
|
page read and write
|
||
|
6E00000
|
trusted library allocation
|
page read and write
|
||
|
162D000
|
heap
|
page read and write
|
There are 305 hidden memdumps, click here to show them.