Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
bhevLCQYD6.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bhevLCQYD6.exe_8827a0dbb697e60d3eedbe15e2e4538eca41c0_4be6e095_ef33ba46-e919-4d22-a920-a353ca617ed5\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA3BE.tmp.dmp
|
Mini DuMP crash report, 16 streams, Fri Mar 29 10:30:51 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA594.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA5D4.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\bhevLCQYD6.exe
|
"C:\Users\user\Desktop\bhevLCQYD6.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe"
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 6956 -s 1212
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.ipify.org/
|
104.26.13.205
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
https://api.ipify.org/t
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://www.typography.netD
|
unknown
|
||
|
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
https://api.ipify.org
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
|
unknown
|
||
|
http://mail.gosportz.in
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
There are 26 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.gosportz.in
|
51.79.229.7
|
|
|
|
api.ipify.org
|
104.26.13.205
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
51.79.229.7
|
mail.gosportz.in
|
Canada
|
|
|
|
104.26.13.205
|
api.ipify.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
FileDirectory
|
||
|
\REGISTRY\A\{768806f9-c608-2ddf-aace-88bb09e0723a}\Root\InventoryApplicationFile\bhevlcqyd6.exe|85b3b372173c1abe
|
ProgramId
|
||
|
\REGISTRY\A\{768806f9-c608-2ddf-aace-88bb09e0723a}\Root\InventoryApplicationFile\bhevlcqyd6.exe|85b3b372173c1abe
|
FileId
|
||
|
\REGISTRY\A\{768806f9-c608-2ddf-aace-88bb09e0723a}\Root\InventoryApplicationFile\bhevlcqyd6.exe|85b3b372173c1abe
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{768806f9-c608-2ddf-aace-88bb09e0723a}\Root\InventoryApplicationFile\bhevlcqyd6.exe|85b3b372173c1abe
|
LongPathHash
|
||
|
\REGISTRY\A\{768806f9-c608-2ddf-aace-88bb09e0723a}\Root\InventoryApplicationFile\bhevlcqyd6.exe|85b3b372173c1abe
|
Name
|
||
|
\REGISTRY\A\{768806f9-c608-2ddf-aace-88bb09e0723a}\Root\InventoryApplicationFile\bhevlcqyd6.exe|85b3b372173c1abe
|
OriginalFileName
|
||
|
\REGISTRY\A\{768806f9-c608-2ddf-aace-88bb09e0723a}\Root\InventoryApplicationFile\bhevlcqyd6.exe|85b3b372173c1abe
|
Publisher
|
||
|
\REGISTRY\A\{768806f9-c608-2ddf-aace-88bb09e0723a}\Root\InventoryApplicationFile\bhevlcqyd6.exe|85b3b372173c1abe
|
Version
|
||
|
\REGISTRY\A\{768806f9-c608-2ddf-aace-88bb09e0723a}\Root\InventoryApplicationFile\bhevlcqyd6.exe|85b3b372173c1abe
|
BinFileVersion
|
||
|
\REGISTRY\A\{768806f9-c608-2ddf-aace-88bb09e0723a}\Root\InventoryApplicationFile\bhevlcqyd6.exe|85b3b372173c1abe
|
BinaryType
|
||
|
\REGISTRY\A\{768806f9-c608-2ddf-aace-88bb09e0723a}\Root\InventoryApplicationFile\bhevlcqyd6.exe|85b3b372173c1abe
|
ProductName
|
||
|
\REGISTRY\A\{768806f9-c608-2ddf-aace-88bb09e0723a}\Root\InventoryApplicationFile\bhevlcqyd6.exe|85b3b372173c1abe
|
ProductVersion
|
||
|
\REGISTRY\A\{768806f9-c608-2ddf-aace-88bb09e0723a}\Root\InventoryApplicationFile\bhevlcqyd6.exe|85b3b372173c1abe
|
LinkDate
|
||
|
\REGISTRY\A\{768806f9-c608-2ddf-aace-88bb09e0723a}\Root\InventoryApplicationFile\bhevlcqyd6.exe|85b3b372173c1abe
|
BinProductVersion
|
||
|
\REGISTRY\A\{768806f9-c608-2ddf-aace-88bb09e0723a}\Root\InventoryApplicationFile\bhevlcqyd6.exe|85b3b372173c1abe
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{768806f9-c608-2ddf-aace-88bb09e0723a}\Root\InventoryApplicationFile\bhevlcqyd6.exe|85b3b372173c1abe
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{768806f9-c608-2ddf-aace-88bb09e0723a}\Root\InventoryApplicationFile\bhevlcqyd6.exe|85b3b372173c1abe
|
Size
|
||
|
\REGISTRY\A\{768806f9-c608-2ddf-aace-88bb09e0723a}\Root\InventoryApplicationFile\bhevlcqyd6.exe|85b3b372173c1abe
|
Language
|
||
|
\REGISTRY\A\{768806f9-c608-2ddf-aace-88bb09e0723a}\Root\InventoryApplicationFile\bhevlcqyd6.exe|85b3b372173c1abe
|
Usn
|
There are 24 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
29C1000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
1D782B1C000
|
trusted library allocation
|
page read and write
|
|
|
|
1D792611000
|
trusted library allocation
|
page read and write
|
|
|
|
1D79C3B0000
|
heap
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
52C0000
|
trusted library allocation
|
page read and write
|
||
|
60CE000
|
stack
|
page read and write
|
||
|
2E0A000
|
trusted library allocation
|
page read and write
|
||
|
1D79BFB0000
|
trusted library allocation
|
page read and write
|
||
|
D23000
|
trusted library allocation
|
page execute and read and write
|
||
|
D5A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DE6000
|
trusted library allocation
|
page read and write
|
||
|
5CED000
|
heap
|
page read and write
|
||
|
534C000
|
stack
|
page read and write
|
||
|
D90000
|
trusted library allocation
|
page execute and read and write
|
||
|
27E0000
|
trusted library allocation
|
page read and write
|
||
|
1D780AB0000
|
heap
|
page read and write
|
||
|
3999000
|
trusted library allocation
|
page read and write
|
||
|
D67000
|
trusted library allocation
|
page execute and read and write
|
||
|
6267000
|
trusted library allocation
|
page read and write
|
||
|
D3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D780E25000
|
heap
|
page read and write
|
||
|
2CB0000
|
trusted library allocation
|
page read and write
|
||
|
513D000
|
stack
|
page read and write
|
||
|
2A33000
|
trusted library allocation
|
page read and write
|
||
|
A79D000
|
stack
|
page read and write
|
||
|
1D780BA0000
|
heap
|
page read and write
|
||
|
2B6C000
|
trusted library allocation
|
page read and write
|
||
|
5C0C000
|
stack
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
6240000
|
trusted library allocation
|
page read and write
|
||
|
1D79ACC0000
|
trusted library section
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
5FA000
|
stack
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
2BE8000
|
trusted library allocation
|
page read and write
|
||
|
A4C000
|
heap
|
page read and write
|
||
|
96CC000
|
heap
|
page read and write
|
||
|
D6458FF000
|
stack
|
page read and write
|
||
|
1D7809F1000
|
heap
|
page read and write
|
||
|
2800000
|
trusted library allocation
|
page read and write
|
||
|
D56000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
5C10000
|
heap
|
page read and write
|
||
|
5F8F000
|
stack
|
page read and write
|
||
|
2A15000
|
trusted library allocation
|
page read and write
|
||
|
2832000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7BB000
|
trusted library allocation
|
page execute and read and write
|
||
|
280E000
|
trusted library allocation
|
page read and write
|
||
|
662C000
|
stack
|
page read and write
|
||
|
1D79ADB0000
|
heap
|
page execute and read and write
|
||
|
D10000
|
trusted library allocation
|
page read and write
|
||
|
CEC000
|
stack
|
page read and write
|
||
|
D62000
|
trusted library allocation
|
page read and write
|
||
|
65EF000
|
stack
|
page read and write
|
||
|
7FFD9B794000
|
trusted library allocation
|
page read and write
|
||
|
1D780A1E000
|
heap
|
page read and write
|
||
|
DA0000
|
trusted library allocation
|
page read and write
|
||
|
62B6000
|
trusted library allocation
|
page read and write
|
||
|
2860000
|
heap
|
page read and write
|
||
|
4DB0000
|
heap
|
page read and write
|
||
|
62C0000
|
trusted library allocation
|
page read and write
|
||
|
1D79AEB0000
|
heap
|
page read and write
|
||
|
2ECC000
|
trusted library allocation
|
page read and write
|
||
|
5C69000
|
heap
|
page read and write
|
||
|
D24000
|
trusted library allocation
|
page read and write
|
||
|
AC5000
|
heap
|
page read and write
|
||
|
1D792601000
|
trusted library allocation
|
page read and write
|
||
|
AF6000
|
heap
|
page read and write
|
||
|
7FFD9B7A2000
|
trusted library allocation
|
page read and write
|
||
|
903E000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
D644FE3000
|
stack
|
page read and write
|
||
|
29A7000
|
trusted library allocation
|
page read and write
|
||
|
1D780B20000
|
trusted library allocation
|
page read and write
|
||
|
5350000
|
heap
|
page read and write
|
||
|
1D782560000
|
heap
|
page execute and read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
1D780C30000
|
heap
|
page read and write
|
||
|
7FFD9B876000
|
trusted library allocation
|
page execute and read and write
|
||
|
62B0000
|
trusted library allocation
|
page read and write
|
||
|
D30000
|
trusted library allocation
|
page read and write
|
||
|
636E000
|
stack
|
page read and write
|
||
|
1D79AD70000
|
heap
|
page read and write
|
||
|
9678000
|
heap
|
page read and write
|
||
|
1D780800000
|
unkown
|
page readonly
|
||
|
7FFD9B975000
|
trusted library allocation
|
page read and write
|
||
|
1D7807F2000
|
unkown
|
page readonly
|
||
|
5FCE000
|
stack
|
page read and write
|
||
|
3B39000
|
trusted library allocation
|
page read and write
|
||
|
9DC000
|
stack
|
page read and write
|
||
|
6A5D000
|
stack
|
page read and write
|
||
|
D2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
3AF9000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
E0C000
|
stack
|
page read and write
|
||
|
7FFD9BA14000
|
trusted library allocation
|
page read and write
|
||
|
3CB9000
|
trusted library allocation
|
page read and write
|
||
|
26AE000
|
stack
|
page read and write
|
||
|
1D780B90000
|
heap
|
page read and write
|
||
|
D6B000
|
trusted library allocation
|
page execute and read and write
|
||
|
29BD000
|
trusted library allocation
|
page read and write
|
||
|
2BF8000
|
trusted library allocation
|
page read and write
|
||
|
3C39000
|
trusted library allocation
|
page read and write
|
||
|
1D78283B000
|
trusted library allocation
|
page read and write
|
||
|
D6454FF000
|
stack
|
page read and write
|
||
|
296F000
|
stack
|
page read and write
|
||
|
1D780E20000
|
heap
|
page read and write
|
||
|
95EB000
|
heap
|
page read and write
|
||
|
D645CFD000
|
stack
|
page read and write
|
||
|
6250000
|
trusted library allocation
|
page read and write
|
||
|
3B79000
|
trusted library allocation
|
page read and write
|
||
|
29AF000
|
trusted library allocation
|
page read and write
|
||
|
7FD00000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D7809BC000
|
heap
|
page read and write
|
||
|
3C59000
|
trusted library allocation
|
page read and write
|
||
|
1D79A630000
|
trusted library allocation
|
page read and write
|
||
|
A59000
|
heap
|
page read and write
|
||
|
966E000
|
heap
|
page read and write
|
||
|
3AD9000
|
trusted library allocation
|
page read and write
|
||
|
D6459FE000
|
stack
|
page read and write
|
||
|
3A59000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
1D792893000
|
trusted library allocation
|
page read and write
|
||
|
2750000
|
heap
|
page read and write
|
||
|
D645BFA000
|
stack
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
D20000
|
trusted library allocation
|
page read and write
|
||
|
D6456FC000
|
stack
|
page read and write
|
||
|
1D780BD5000
|
heap
|
page read and write
|
||
|
7FFD9B84C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2971000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA2D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B850000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D79AEC0000
|
heap
|
page read and write
|
||
|
65AE000
|
stack
|
page read and write
|
||
|
27F0000
|
heap
|
page execute and read and write
|
||
|
3A99000
|
trusted library allocation
|
page read and write
|
||
|
D645AFD000
|
stack
|
page read and write
|
||
|
2812000
|
trusted library allocation
|
page read and write
|
||
|
3BD9000
|
trusted library allocation
|
page read and write
|
||
|
6B5D000
|
stack
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
6760000
|
heap
|
page read and write
|
||
|
A9E000
|
heap
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
6260000
|
trusted library allocation
|
page read and write
|
||
|
3BB9000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
26B8000
|
trusted library allocation
|
page read and write
|
||
|
282D000
|
trusted library allocation
|
page read and write
|
||
|
2C22000
|
trusted library allocation
|
page read and write
|
||
|
A69D000
|
stack
|
page read and write
|
||
|
1D79BFD2000
|
trusted library allocation
|
page read and write
|
||
|
C56E000
|
trusted library allocation
|
page read and write
|
||
|
3A19000
|
trusted library allocation
|
page read and write
|
||
|
4FEC000
|
stack
|
page read and write
|
||
|
7FFD9B7BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
D65000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
D6453FE000
|
stack
|
page read and write
|
||
|
27BC000
|
stack
|
page read and write
|
||
|
1D780A8C000
|
heap
|
page read and write
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page read and write
|
||
|
2AA3000
|
trusted library allocation
|
page read and write
|
||
|
E79000
|
heap
|
page read and write
|
||
|
3C79000
|
trusted library allocation
|
page read and write
|
||
|
2E85000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D7825F0000
|
heap
|
page read and write
|
||
|
3B99000
|
trusted library allocation
|
page read and write
|
||
|
3A39000
|
trusted library allocation
|
page read and write
|
||
|
1D780A26000
|
heap
|
page read and write
|
||
|
D6455FC000
|
stack
|
page read and write
|
||
|
67C0000
|
heap
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
5C65000
|
heap
|
page read and write
|
||
|
2E1A000
|
trusted library allocation
|
page read and write
|
||
|
1D780B30000
|
trusted library allocation
|
page read and write
|
||
|
AF1000
|
heap
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
DC7000
|
heap
|
page read and write
|
||
|
4EEC000
|
stack
|
page read and write
|
||
|
63AB000
|
stack
|
page read and write
|
||
|
612E000
|
stack
|
page read and write
|
||
|
27C0000
|
trusted library allocation
|
page read and write
|
||
|
A1C000
|
stack
|
page read and write
|
||
|
9039000
|
trusted library allocation
|
page read and write
|
||
|
2826000
|
trusted library allocation
|
page read and write
|
||
|
6780000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D780BE0000
|
heap
|
page read and write
|
||
|
1D7809B6000
|
heap
|
page read and write
|
||
|
5140000
|
heap
|
page read and write
|
||
|
5B0C000
|
stack
|
page read and write
|
||
|
7C5C000
|
stack
|
page read and write
|
||
|
1D79C630000
|
heap
|
page read and write
|
||
|
503E000
|
stack
|
page read and write
|
||
|
E60000
|
trusted library allocation
|
page read and write
|
||
|
D6452FE000
|
stack
|
page read and write
|
||
|
9673000
|
heap
|
page read and write
|
||
|
9036000
|
trusted library allocation
|
page read and write
|
||
|
2DBA000
|
trusted library allocation
|
page read and write
|
||
|
DB4000
|
heap
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
D6457FF000
|
stack
|
page read and write
|
||
|
D52000
|
trusted library allocation
|
page read and write
|
||
|
CAA0000
|
trusted library allocation
|
page read and write
|
||
|
96C1000
|
heap
|
page read and write
|
||
|
2BBB000
|
trusted library allocation
|
page read and write
|
||
|
625D000
|
trusted library allocation
|
page read and write
|
||
|
1D780A1C000
|
heap
|
page read and write
|
||
|
281E000
|
trusted library allocation
|
page read and write
|
||
|
1D780B93000
|
heap
|
page read and write
|
||
|
E4C000
|
stack
|
page read and write
|
||
|
2770000
|
heap
|
page execute and read and write
|
||
|
7A70000
|
heap
|
page read and write
|
||
|
7FFD9B793000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D780990000
|
heap
|
page read and write
|
||
|
29B1000
|
trusted library allocation
|
page read and write
|
||
|
958D000
|
heap
|
page read and write
|
||
|
622F000
|
stack
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
1D79AEDB000
|
heap
|
page read and write
|
||
|
1D7807F0000
|
unkown
|
page readonly
|
||
|
7FFD9B7AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
3B59000
|
trusted library allocation
|
page read and write
|
||
|
4A6E000
|
stack
|
page read and write
|
||
|
1D782601000
|
trusted library allocation
|
page read and write
|
||
|
3A79000
|
trusted library allocation
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
27D0000
|
trusted library allocation
|
page read and write
|
||
|
7FF415C10000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7B4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
3971000
|
trusted library allocation
|
page read and write
|
||
|
A57000
|
heap
|
page read and write
|
||
|
ECB000
|
stack
|
page read and write
|
||
|
1D780C35000
|
heap
|
page read and write
|
||
|
AEB000
|
heap
|
page read and write
|
||
|
D46000
|
heap
|
page read and write
|
||
|
3C99000
|
trusted library allocation
|
page read and write
|
||
|
2CD4000
|
trusted library allocation
|
page read and write
|
||
|
8F9000
|
stack
|
page read and write
|
||
|
62D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D780B33000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D7809B0000
|
heap
|
page read and write
|
||
|
4DC0000
|
heap
|
page read and write
|
||
|
1D792607000
|
trusted library allocation
|
page read and write
|
||
|
63C0000
|
trusted library allocation
|
page read and write
|
||
|
52D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
2E0C000
|
trusted library allocation
|
page read and write
|
||
|
3C19000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9C9000
|
trusted library allocation
|
page read and write
|
||
|
6248000
|
trusted library allocation
|
page read and write
|
||
|
1D780BD0000
|
heap
|
page read and write
|
||
|
1D79C632000
|
heap
|
page read and write
|
||
|
1D7809F4000
|
heap
|
page read and write
|
||
|
2CD6000
|
trusted library allocation
|
page read and write
|
||
|
39D9000
|
trusted library allocation
|
page read and write
|
||
|
1D780C00000
|
trusted library allocation
|
page read and write
|
||
|
6750000
|
trusted library allocation
|
page read and write
|
||
|
280B000
|
trusted library allocation
|
page read and write
|
||
|
1D79C6C7000
|
heap
|
page read and write
|
||
|
995000
|
heap
|
page read and write
|
||
|
966B000
|
heap
|
page read and write
|
||
|
D50000
|
trusted library allocation
|
page read and write
|
||
|
3BF9000
|
trusted library allocation
|
page read and write
|
||
|
1D79AEEC000
|
heap
|
page read and write
|
||
|
1D780890000
|
heap
|
page read and write
|
||
|
1D780B00000
|
trusted library allocation
|
page read and write
|
||
|
672C000
|
stack
|
page read and write
|
||
|
E70000
|
heap
|
page read and write
|
||
|
1D780970000
|
heap
|
page read and write
|
||
|
968B000
|
heap
|
page read and write
|
||
|
9598000
|
heap
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page execute and read and write
|
||
|
5E8D000
|
stack
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
1D780BC0000
|
trusted library section
|
page readonly
|
||
|
9560000
|
heap
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
3AB9000
|
trusted library allocation
|
page read and write
|
||
|
39F9000
|
trusted library allocation
|
page read and write
|
||
|
62AE000
|
stack
|
page read and write
|
||
|
6B60000
|
trusted library allocation
|
page read and write
|
||
|
1D79AEEA000
|
heap
|
page read and write
|
||
|
63B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D7807FA000
|
unkown
|
page readonly
|
||
|
7FFD9B7B0000
|
trusted library allocation
|
page read and write
|
||
|
656C000
|
stack
|
page read and write
|
||
|
7A60000
|
heap
|
page read and write
|
||
|
2ADF000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B846000
|
trusted library allocation
|
page read and write
|
||
|
D80000
|
trusted library allocation
|
page read and write
|
||
|
2821000
|
trusted library allocation
|
page read and write
|
||
|
2C85000
|
trusted library allocation
|
page read and write
|
||
|
3B19000
|
trusted library allocation
|
page read and write
|
There are 298 hidden memdumps, click here to show them.