Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
PsBygexGwH.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\troopwise
|
MIPSEB MIPS-II ECOFF executable not stripped - version 82.75
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\directory\name.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\aut1009.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\aut1029.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\aut1FED.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\aut201D.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\aut52C5.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\aut5324.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\contrapose
|
ASCII text, with very long lines (29718), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\PsBygexGwH.exe
|
"C:\Users\user\Desktop\PsBygexGwH.exe"
|
|
|
|
C:\Users\user\AppData\Local\directory\name.exe
|
"C:\Users\user\Desktop\PsBygexGwH.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Users\user\Desktop\PsBygexGwH.exe"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs"
|
|
|
|
C:\Users\user\AppData\Local\directory\name.exe
|
"C:\Users\user\AppData\Local\directory\name.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Users\user\AppData\Local\directory\name.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://checkip.dyndns.org/
|
158.101.44.242
|
||
|
http://checkip.dyndns.com(
|
unknown
|
||
|
http://checkip.dyndns.org/q
|
unknown
|
||
|
https://scratchdreams.tk
|
unknown
|
||
|
http://reallyfreegeoip.org
|
unknown
|
||
|
https://reallyfreegeoip.org
|
unknown
|
||
|
https://scratchdreams.tk/_send_.php?TS
|
104.21.27.85
|
||
|
http://checkip.dyndns.org
|
unknown
|
||
|
http://checkip.dyndns.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/102.129.152.231$
|
unknown
|
||
|
http://scratchdreams.tk
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/102.129.152.231
|
172.67.177.134
|
||
|
https://reallyfreegeoip.org/xml/
|
unknown
|
There are 4 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
checkip.dyndns.org
|
unknown
|
|
|
|
reallyfreegeoip.org
|
172.67.177.134
|
||
|
scratchdreams.tk
|
104.21.27.85
|
||
|
checkip.dyndns.com
|
158.101.44.242
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
158.101.44.242
|
checkip.dyndns.com
|
United States
|
||
|
172.67.177.134
|
reallyfreegeoip.org
|
United States
|
||
|
104.21.27.85
|
scratchdreams.tk
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3910000
|
direct allocation
|
page read and write
|
|
|
|
2801000
|
trusted library allocation
|
page read and write
|
|
|
|
579000
|
system
|
page execute and read and write
|
|
|
|
2551000
|
trusted library allocation
|
page read and write
|
|
|
|
40C0000
|
direct allocation
|
page read and write
|
|
|
|
6080000
|
trusted library allocation
|
page execute and read and write
|
||
|
43BD000
|
direct allocation
|
page read and write
|
||
|
2693000
|
trusted library allocation
|
page read and write
|
||
|
29B3000
|
trusted library allocation
|
page read and write
|
||
|
1838000
|
heap
|
page read and write
|
||
|
27D7000
|
trusted library allocation
|
page read and write
|
||
|
579000
|
stack
|
page read and write
|
||
|
289E000
|
trusted library allocation
|
page read and write
|
||
|
17A5000
|
heap
|
page read and write
|
||
|
AA2000
|
trusted library allocation
|
page read and write
|
||
|
4290000
|
direct allocation
|
page read and write
|
||
|
15CF000
|
stack
|
page read and write
|
||
|
49D0000
|
trusted library allocation
|
page read and write
|
||
|
43BD000
|
direct allocation
|
page read and write
|
||
|
12C6DAAE000
|
heap
|
page read and write
|
||
|
B00000
|
trusted library allocation
|
page read and write
|
||
|
2936000
|
trusted library allocation
|
page read and write
|
||
|
B28000
|
heap
|
page read and write
|
||
|
550E000
|
direct allocation
|
page read and write
|
||
|
1C5D000
|
heap
|
page read and write
|
||
|
1C9C000
|
heap
|
page read and write
|
||
|
B3E000
|
heap
|
page read and write
|
||
|
3E00000
|
direct allocation
|
page read and write
|
||
|
7D0E000
|
direct allocation
|
page read and write
|
||
|
1526000
|
heap
|
page read and write
|
||
|
394000
|
unkown
|
page readonly
|
||
|
1697000
|
heap
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
35C7000
|
trusted library allocation
|
page read and write
|
||
|
394000
|
unkown
|
page readonly
|
||
|
176C000
|
heap
|
page read and write
|
||
|
5BDE000
|
heap
|
page read and write
|
||
|
1B727FE000
|
stack
|
page read and write
|
||
|
123E000
|
stack
|
page read and write
|
||
|
23C0000
|
direct allocation
|
page execute and read and write
|
||
|
12C6D7B8000
|
heap
|
page read and write
|
||
|
4120000
|
direct allocation
|
page read and write
|
||
|
4213000
|
direct allocation
|
page read and write
|
||
|
14B4000
|
heap
|
page read and write
|
||
|
269B000
|
trusted library allocation
|
page read and write
|
||
|
B16000
|
trusted library allocation
|
page read and write
|
||
|
5AAE000
|
stack
|
page read and write
|
||
|
5A6E000
|
stack
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
2350000
|
heap
|
page read and write
|
||
|
B10000
|
trusted library allocation
|
page read and write
|
||
|
17D1000
|
heap
|
page read and write
|
||
|
12A0000
|
heap
|
page read and write
|
||
|
690E000
|
direct allocation
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
4E0E000
|
stack
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
17AD000
|
heap
|
page read and write
|
||
|
1818000
|
heap
|
page read and write
|
||
|
179D000
|
heap
|
page read and write
|
||
|
1737000
|
heap
|
page read and write
|
||
|
27E2000
|
trusted library allocation
|
page read and write
|
||
|
2643000
|
trusted library allocation
|
page read and write
|
||
|
89D000
|
trusted library allocation
|
page execute and read and write
|
||
|
43E9000
|
direct allocation
|
page read and write
|
||
|
1B726FD000
|
stack
|
page read and write
|
||
|
6035000
|
trusted library allocation
|
page read and write
|
||
|
2A38000
|
trusted library allocation
|
page read and write
|
||
|
3D70000
|
heap
|
page read and write
|
||
|
A0E000
|
stack
|
page read and write
|
||
|
1F0000
|
unkown
|
page write copy
|
||
|
26F1000
|
trusted library allocation
|
page read and write
|
||
|
6420000
|
trusted library allocation
|
page read and write
|
||
|
1C9C000
|
heap
|
page read and write
|
||
|
635E000
|
stack
|
page read and write
|
||
|
2977000
|
trusted library allocation
|
page read and write
|
||
|
12C6DAA5000
|
heap
|
page read and write
|
||
|
606A000
|
trusted library allocation
|
page read and write
|
||
|
19FE000
|
heap
|
page read and write
|
||
|
35C000
|
unkown
|
page readonly
|
||
|
1B723FE000
|
stack
|
page read and write
|
||
|
C5F000
|
stack
|
page read and write
|
||
|
27D0000
|
trusted library allocation
|
page read and write
|
||
|
17F9000
|
heap
|
page read and write
|
||
|
49EA000
|
trusted library allocation
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
730E000
|
direct allocation
|
page read and write
|
||
|
3FA0000
|
direct allocation
|
page read and write
|
||
|
4990000
|
trusted library allocation
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
17CE000
|
stack
|
page read and write
|
||
|
2520000
|
trusted library allocation
|
page read and write
|
||
|
40C9000
|
direct allocation
|
page read and write
|
||
|
40CD000
|
direct allocation
|
page read and write
|
||
|
38C000
|
unkown
|
page read and write
|
||
|
176C000
|
heap
|
page read and write
|
||
|
1C27000
|
heap
|
page read and write
|
||
|
3FA0000
|
direct allocation
|
page read and write
|
||
|
12C6D850000
|
heap
|
page read and write
|
||
|
6390000
|
trusted library allocation
|
page execute and read and write
|
||
|
3F23000
|
direct allocation
|
page read and write
|
||
|
267B000
|
trusted library allocation
|
page read and write
|
||
|
8AA000
|
trusted library allocation
|
page execute and read and write
|
||
|
602E000
|
stack
|
page read and write
|
||
|
8B7000
|
trusted library allocation
|
page execute and read and write
|
||
|
5BDC000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
176D000
|
heap
|
page read and write
|
||
|
49C0000
|
heap
|
page read and write
|
||
|
4CE6000
|
trusted library allocation
|
page read and write
|
||
|
272A000
|
trusted library allocation
|
page read and write
|
||
|
2C0000
|
unkown
|
page readonly
|
||
|
3FA0000
|
direct allocation
|
page read and write
|
||
|
4243000
|
direct allocation
|
page read and write
|
||
|
1B04000
|
heap
|
page read and write
|
||
|
4B0E000
|
direct allocation
|
page read and write
|
||
|
403000
|
system
|
page execute and read and write
|
||
|
4290000
|
direct allocation
|
page read and write
|
||
|
4CFA000
|
trusted library allocation
|
page read and write
|
||
|
6360000
|
trusted library allocation
|
page read and write
|
||
|
3579000
|
trusted library allocation
|
page read and write
|
||
|
164A000
|
heap
|
page read and write
|
||
|
26C4000
|
trusted library allocation
|
page read and write
|
||
|
12C6D853000
|
heap
|
page read and write
|
||
|
2A8F000
|
trusted library allocation
|
page read and write
|
||
|
3829000
|
trusted library allocation
|
page read and write
|
||
|
40F0000
|
direct allocation
|
page read and write
|
||
|
28D3000
|
trusted library allocation
|
page read and write
|
||
|
5B9E000
|
stack
|
page read and write
|
||
|
2A3D000
|
trusted library allocation
|
page read and write
|
||
|
43B9000
|
direct allocation
|
page read and write
|
||
|
382000
|
unkown
|
page readonly
|
||
|
263F000
|
trusted library allocation
|
page read and write
|
||
|
24AE000
|
stack
|
page read and write
|
||
|
592E000
|
stack
|
page read and write
|
||
|
19B8000
|
heap
|
page read and write
|
||
|
15CD000
|
heap
|
page read and write
|
||
|
247F000
|
stack
|
page read and write
|
||
|
562E000
|
stack
|
page read and write
|
||
|
17C3000
|
heap
|
page read and write
|
||
|
176D000
|
heap
|
page read and write
|
||
|
3F23000
|
direct allocation
|
page read and write
|
||
|
825000
|
heap
|
page read and write
|
||
|
40CD000
|
direct allocation
|
page read and write
|
||
|
A80000
|
trusted library allocation
|
page read and write
|
||
|
499D000
|
stack
|
page read and write
|
||
|
38C000
|
unkown
|
page read and write
|
||
|
49DE000
|
trusted library allocation
|
page read and write
|
||
|
1B72AFB000
|
stack
|
page read and write
|
||
|
1670000
|
heap
|
page read and write
|
||
|
382000
|
unkown
|
page readonly
|
||
|
5C9F000
|
stack
|
page read and write
|
||
|
445E000
|
direct allocation
|
page read and write
|
||
|
2697000
|
trusted library allocation
|
page read and write
|
||
|
149B000
|
heap
|
page read and write
|
||
|
1EC000
|
unkown
|
page write copy
|
||
|
A9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3F23000
|
direct allocation
|
page read and write
|
||
|
1A82000
|
heap
|
page read and write
|
||
|
5BAE000
|
stack
|
page read and write
|
||
|
8BB000
|
trusted library allocation
|
page execute and read and write
|
||
|
178D000
|
heap
|
page read and write
|
||
|
52E0000
|
trusted library allocation
|
page read and write
|
||
|
28BB000
|
trusted library allocation
|
page read and write
|
||
|
AF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
15EF000
|
stack
|
page read and write
|
||
|
1C9C000
|
heap
|
page read and write
|
||
|
6060000
|
trusted library allocation
|
page read and write
|
||
|
5F2A000
|
heap
|
page read and write
|
||
|
4F60000
|
trusted library allocation
|
page read and write
|
||
|
40C9000
|
direct allocation
|
page read and write
|
||
|
12C6D760000
|
heap
|
page read and write
|
||
|
3E00000
|
direct allocation
|
page read and write
|
||
|
12C6D750000
|
heap
|
page read and write
|
||
|
28AF000
|
trusted library allocation
|
page read and write
|
||
|
8B2000
|
trusted library allocation
|
page read and write
|
||
|
1B721FF000
|
stack
|
page read and write
|
||
|
264B000
|
trusted library allocation
|
page read and write
|
||
|
442E000
|
direct allocation
|
page read and write
|
||
|
413E000
|
direct allocation
|
page read and write
|
||
|
605E000
|
stack
|
page read and write
|
||
|
6050000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E80000
|
heap
|
page read and write
|
||
|
4290000
|
direct allocation
|
page read and write
|
||
|
29C1000
|
trusted library allocation
|
page read and write
|
||
|
4213000
|
direct allocation
|
page read and write
|
||
|
63C0000
|
trusted library allocation
|
page read and write
|
||
|
16DE000
|
heap
|
page read and write
|
||
|
884000
|
trusted library allocation
|
page read and write
|
||
|
5BF4000
|
heap
|
page read and write
|
||
|
4F1F000
|
stack
|
page read and write
|
||
|
1BC000
|
unkown
|
page readonly
|
||
|
2C1000
|
unkown
|
page execute read
|
||
|
3E00000
|
direct allocation
|
page read and write
|
||
|
43ED000
|
direct allocation
|
page read and write
|
||
|
149C000
|
heap
|
page read and write
|
||
|
2C0000
|
unkown
|
page readonly
|
||
|
4CE0000
|
trusted library allocation
|
page read and write
|
||
|
15BF000
|
stack
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
17C5000
|
heap
|
page read and write
|
||
|
606F000
|
trusted library allocation
|
page read and write
|
||
|
279A000
|
trusted library allocation
|
page read and write
|
||
|
2946000
|
trusted library allocation
|
page read and write
|
||
|
2C0000
|
unkown
|
page readonly
|
||
|
4D7D000
|
stack
|
page read and write
|
||
|
1C8C000
|
heap
|
page read and write
|
||
|
2540000
|
heap
|
page execute and read and write
|
||
|
38C000
|
unkown
|
page write copy
|
||
|
3E00000
|
direct allocation
|
page read and write
|
||
|
50FE000
|
stack
|
page read and write
|
||
|
382000
|
unkown
|
page readonly
|
||
|
1620000
|
heap
|
page read and write
|
||
|
9B0E000
|
direct allocation
|
page read and write
|
||
|
18E3000
|
heap
|
page read and write
|
||
|
1778000
|
heap
|
page read and write
|
||
|
910E000
|
direct allocation
|
page read and write
|
||
|
2370000
|
heap
|
page read and write
|
||
|
1EC000
|
unkown
|
page read and write
|
||
|
6990000
|
heap
|
page read and write
|
||
|
413E000
|
direct allocation
|
page read and write
|
||
|
26D2000
|
trusted library allocation
|
page read and write
|
||
|
863000
|
heap
|
page read and write
|
||
|
1C5D000
|
heap
|
page read and write
|
||
|
1C35000
|
heap
|
page read and write
|
||
|
17B4000
|
heap
|
page read and write
|
||
|
1AB8000
|
heap
|
page read and write
|
||
|
5F0E000
|
direct allocation
|
page read and write
|
||
|
385F000
|
trusted library allocation
|
page read and write
|
||
|
38C000
|
unkown
|
page write copy
|
||
|
35AD000
|
trusted library allocation
|
page read and write
|
||
|
1989000
|
heap
|
page read and write
|
||
|
625E000
|
stack
|
page read and write
|
||
|
1C26000
|
heap
|
page read and write
|
||
|
1E2000
|
unkown
|
page readonly
|
||
|
562000
|
system
|
page execute and read and write
|
||
|
BCF000
|
heap
|
page read and write
|
||
|
1755000
|
heap
|
page read and write
|
||
|
1B71DBA000
|
stack
|
page read and write
|
||
|
1C0F000
|
heap
|
page read and write
|
||
|
5100000
|
heap
|
page execute and read and write
|
||
|
2A5B000
|
trusted library allocation
|
page read and write
|
||
|
2606000
|
trusted library allocation
|
page read and write
|
||
|
2A5F000
|
trusted library allocation
|
page read and write
|
||
|
4A8D000
|
stack
|
page read and write
|
||
|
18E4000
|
heap
|
page read and write
|
||
|
ABB000
|
trusted library allocation
|
page execute and read and write
|
||
|
6140000
|
trusted library allocation
|
page execute and read and write
|
||
|
394000
|
unkown
|
page readonly
|
||
|
3940000
|
direct allocation
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
3FA0000
|
direct allocation
|
page read and write
|
||
|
537000
|
stack
|
page read and write
|
||
|
FBA000
|
stack
|
page read and write
|
||
|
1E2000
|
unkown
|
page readonly
|
||
|
1B729FE000
|
stack
|
page read and write
|
||
|
125F000
|
stack
|
page read and write
|
||
|
1770000
|
heap
|
page read and write
|
||
|
28F6000
|
trusted library allocation
|
page read and write
|
||
|
5EDE000
|
stack
|
page read and write
|
||
|
1838000
|
heap
|
page read and write
|
||
|
6046000
|
trusted library allocation
|
page read and write
|
||
|
410E000
|
direct allocation
|
page read and write
|
||
|
7EB000
|
heap
|
page read and write
|
||
|
6450000
|
heap
|
page read and write
|
||
|
43B9000
|
direct allocation
|
page read and write
|
||
|
40C9000
|
direct allocation
|
page read and write
|
||
|
3551000
|
trusted library allocation
|
page read and write
|
||
|
35C000
|
unkown
|
page readonly
|
||
|
124B000
|
stack
|
page read and write
|
||
|
4F5E000
|
stack
|
page read and write
|
||
|
15DB000
|
stack
|
page read and write
|
||
|
88D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5E6F000
|
stack
|
page read and write
|
||
|
638A000
|
trusted library allocation
|
page read and write
|
||
|
16C2000
|
heap
|
page read and write
|
||
|
39C4000
|
heap
|
page read and write
|
||
|
295C000
|
trusted library allocation
|
page read and write
|
||
|
35DD000
|
trusted library allocation
|
page read and write
|
||
|
25F5000
|
trusted library allocation
|
page read and write
|
||
|
16CC000
|
heap
|
page read and write
|
||
|
1B720FE000
|
stack
|
page read and write
|
||
|
40F0000
|
direct allocation
|
page read and write
|
||
|
4D01000
|
trusted library allocation
|
page read and write
|
||
|
294A000
|
trusted library allocation
|
page read and write
|
||
|
73E000
|
stack
|
page read and write
|
||
|
38E0000
|
heap
|
page read and write
|
||
|
40CD000
|
direct allocation
|
page read and write
|
||
|
42C0000
|
direct allocation
|
page read and write
|
||
|
29DD000
|
trusted library allocation
|
page read and write
|
||
|
23A0000
|
heap
|
page read and write
|
||
|
35D4000
|
trusted library allocation
|
page read and write
|
||
|
A15000
|
heap
|
page read and write
|
||
|
35D1000
|
trusted library allocation
|
page read and write
|
||
|
1721000
|
heap
|
page read and write
|
||
|
49EE000
|
trusted library allocation
|
page read and write
|
||
|
382000
|
unkown
|
page readonly
|
||
|
40CD000
|
direct allocation
|
page read and write
|
||
|
572E000
|
stack
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
3879000
|
trusted library allocation
|
page read and write
|
||
|
42C0000
|
direct allocation
|
page read and write
|
||
|
25F9000
|
trusted library allocation
|
page read and write
|
||
|
6370000
|
trusted library allocation
|
page execute and read and write
|
||
|
1737000
|
heap
|
page read and write
|
||
|
B14000
|
trusted library allocation
|
page read and write
|
||
|
8E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
442E000
|
direct allocation
|
page read and write
|
||
|
25E8000
|
trusted library allocation
|
page read and write
|
||
|
5CED000
|
stack
|
page read and write
|
||
|
2637000
|
trusted library allocation
|
page read and write
|
||
|
2240000
|
heap
|
page read and write
|
||
|
17AC000
|
heap
|
page read and write
|
||
|
8A0000
|
trusted library allocation
|
page read and write
|
||
|
B10000
|
trusted library allocation
|
page read and write
|
||
|
638F000
|
trusted library allocation
|
page read and write
|
||
|
230E000
|
stack
|
page read and write
|
||
|
1738000
|
heap
|
page read and write
|
||
|
1640000
|
heap
|
page read and write
|
||
|
40C9000
|
direct allocation
|
page read and write
|
||
|
15CE000
|
stack
|
page read and write
|
||
|
40C9000
|
direct allocation
|
page read and write
|
||
|
1760000
|
heap
|
page read and write
|
||
|
43BD000
|
direct allocation
|
page read and write
|
||
|
6048000
|
trusted library allocation
|
page read and write
|
||
|
14D3000
|
heap
|
page read and write
|
||
|
49D6000
|
trusted library allocation
|
page read and write
|
||
|
2942000
|
trusted library allocation
|
page read and write
|
||
|
4A4D000
|
stack
|
page read and write
|
||
|
28E7000
|
trusted library allocation
|
page read and write
|
||
|
A0E000
|
stack
|
page read and write
|
||
|
49FD000
|
trusted library allocation
|
page read and write
|
||
|
1924000
|
heap
|
page read and write
|
||
|
4040000
|
direct allocation
|
page read and write
|
||
|
3886000
|
trusted library allocation
|
page read and write
|
||
|
23D0000
|
direct allocation
|
page read and write
|
||
|
499F000
|
trusted library allocation
|
page read and write
|
||
|
17C3000
|
heap
|
page read and write
|
||
|
26B7000
|
trusted library allocation
|
page read and write
|
||
|
442E000
|
direct allocation
|
page read and write
|
||
|
63B0000
|
trusted library allocation
|
page read and write
|
||
|
445E000
|
direct allocation
|
page read and write
|
||
|
1737000
|
heap
|
page read and write
|
||
|
A84000
|
trusted library allocation
|
page read and write
|
||
|
4DBE000
|
stack
|
page read and write
|
||
|
1BDB000
|
heap
|
page read and write
|
||
|
A8D000
|
trusted library allocation
|
page execute and read and write
|
||
|
15DB000
|
stack
|
page read and write
|
||
|
4D0D000
|
trusted library allocation
|
page read and write
|
||
|
12C6D7B0000
|
heap
|
page read and write
|
||
|
162E000
|
heap
|
page read and write
|
||
|
4243000
|
direct allocation
|
page read and write
|
||
|
3CF4000
|
heap
|
page read and write
|
||
|
27AD000
|
trusted library allocation
|
page read and write
|
||
|
DDD000
|
stack
|
page read and write
|
||
|
1F4000
|
unkown
|
page readonly
|
||
|
A83000
|
trusted library allocation
|
page execute and read and write
|
||
|
B4A000
|
heap
|
page read and write
|
||
|
AA0000
|
trusted library allocation
|
page read and write
|
||
|
18B0000
|
heap
|
page read and write
|
||
|
3E00000
|
direct allocation
|
page read and write
|
||
|
18B8000
|
heap
|
page read and write
|
||
|
870E000
|
direct allocation
|
page read and write
|
||
|
6040000
|
trusted library allocation
|
page read and write
|
||
|
234E000
|
stack
|
page read and write
|
||
|
2A43000
|
trusted library allocation
|
page read and write
|
||
|
184B000
|
heap
|
page read and write
|
||
|
1C17000
|
heap
|
page read and write
|
||
|
2932000
|
trusted library allocation
|
page read and write
|
||
|
577000
|
system
|
page execute and read and write
|
||
|
6380000
|
trusted library allocation
|
page read and write
|
||
|
27A4000
|
trusted library allocation
|
page read and write
|
||
|
C0D000
|
heap
|
page read and write
|
||
|
582E000
|
stack
|
page read and write
|
||
|
1A30000
|
heap
|
page read and write
|
||
|
6366000
|
trusted library allocation
|
page read and write
|
||
|
204E000
|
stack
|
page read and write
|
||
|
28E9000
|
trusted library allocation
|
page read and write
|
||
|
17C3000
|
heap
|
page read and write
|
||
|
26CF000
|
stack
|
page read and write
|
||
|
2A4D000
|
trusted library allocation
|
page read and write
|
||
|
27A8000
|
trusted library allocation
|
page read and write
|
||
|
1A76000
|
heap
|
page read and write
|
||
|
5D9E000
|
stack
|
page read and write
|
||
|
1728000
|
heap
|
page read and write
|
||
|
528D000
|
stack
|
page read and write
|
||
|
890000
|
trusted library allocation
|
page read and write
|
||
|
AB5000
|
trusted library allocation
|
page execute and read and write
|
||
|
12C6D780000
|
heap
|
page read and write
|
||
|
4D30000
|
heap
|
page read and write
|
||
|
524E000
|
stack
|
page read and write
|
||
|
29A4000
|
trusted library allocation
|
page read and write
|
||
|
413E000
|
direct allocation
|
page read and write
|
||
|
2C1000
|
unkown
|
page execute read
|
||
|
4CEE000
|
trusted library allocation
|
page read and write
|
||
|
6070000
|
trusted library allocation
|
page execute and read and write
|
||
|
12C6F3B0000
|
heap
|
page read and write
|
||
|
5F2E000
|
stack
|
page read and write
|
||
|
1AB9000
|
heap
|
page read and write
|
||
|
195C000
|
heap
|
page read and write
|
||
|
19EF000
|
heap
|
page read and write
|
||
|
603A000
|
trusted library allocation
|
page read and write
|
||
|
1C7C000
|
heap
|
page read and write
|
||
|
4E10000
|
heap
|
page execute and read and write
|
||
|
2687000
|
trusted library allocation
|
page read and write
|
||
|
28FA000
|
trusted library allocation
|
page read and write
|
||
|
1828000
|
heap
|
page read and write
|
||
|
2647000
|
trusted library allocation
|
page read and write
|
||
|
27DC000
|
trusted library allocation
|
page read and write
|
||
|
3F23000
|
direct allocation
|
page read and write
|
||
|
636B000
|
trusted library allocation
|
page read and write
|
||
|
5DDE000
|
stack
|
page read and write
|
||
|
2A8A000
|
trusted library allocation
|
page read and write
|
||
|
1C44000
|
heap
|
page read and write
|
||
|
1800000
|
heap
|
page read and write
|
||
|
4DD0000
|
trusted library allocation
|
page read and write
|
||
|
8B5000
|
trusted library allocation
|
page execute and read and write
|
||
|
388F000
|
trusted library allocation
|
page read and write
|
||
|
3FA0000
|
direct allocation
|
page read and write
|
||
|
121000
|
unkown
|
page execute read
|
||
|
2608000
|
trusted library allocation
|
page read and write
|
||
|
464E000
|
stack
|
page read and write
|
||
|
B58000
|
heap
|
page read and write
|
||
|
390000
|
unkown
|
page write copy
|
||
|
3F23000
|
direct allocation
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
609E000
|
stack
|
page read and write
|
||
|
6130000
|
heap
|
page read and write
|
||
|
6460000
|
trusted library allocation
|
page execute and read and write
|
||
|
5D6E000
|
stack
|
page read and write
|
||
|
1C4E000
|
stack
|
page read and write
|
||
|
15FF000
|
stack
|
page read and write
|
||
|
292E000
|
trusted library allocation
|
page read and write
|
||
|
1B84000
|
heap
|
page read and write
|
||
|
4A02000
|
trusted library allocation
|
page read and write
|
||
|
52EE000
|
trusted library allocation
|
page read and write
|
||
|
43E9000
|
direct allocation
|
page read and write
|
||
|
166C000
|
heap
|
page read and write
|
||
|
43ED000
|
direct allocation
|
page read and write
|
||
|
278A000
|
trusted library allocation
|
page read and write
|
||
|
13F5000
|
heap
|
page read and write
|
||
|
40C9000
|
direct allocation
|
page read and write
|
||
|
390000
|
unkown
|
page write copy
|
||
|
12E0000
|
heap
|
page read and write
|
||
|
18BA000
|
heap
|
page read and write
|
||
|
49F1000
|
trusted library allocation
|
page read and write
|
||
|
12C6DAA0000
|
heap
|
page read and write
|
||
|
413E000
|
direct allocation
|
page read and write
|
||
|
601D000
|
stack
|
page read and write
|
||
|
28FE000
|
trusted library allocation
|
page read and write
|
||
|
8F0000
|
trusted library allocation
|
page read and write
|
||
|
596E000
|
stack
|
page read and write
|
||
|
52D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
26EE000
|
trusted library allocation
|
page read and write
|
||
|
5C31000
|
heap
|
page read and write
|
||
|
3D40000
|
direct allocation
|
page execute and read and write
|
||
|
28B8000
|
trusted library allocation
|
page read and write
|
||
|
126F000
|
stack
|
page read and write
|
||
|
A90000
|
trusted library allocation
|
page read and write
|
||
|
AA6000
|
trusted library allocation
|
page execute and read and write
|
||
|
15E4000
|
heap
|
page read and write
|
||
|
17A4000
|
heap
|
page read and write
|
||
|
E69000
|
stack
|
page read and write
|
||
|
19A3000
|
heap
|
page read and write
|
||
|
267F000
|
trusted library allocation
|
page read and write
|
||
|
120000
|
unkown
|
page readonly
|
||
|
445E000
|
direct allocation
|
page read and write
|
||
|
413E000
|
direct allocation
|
page read and write
|
||
|
1746000
|
heap
|
page read and write
|
||
|
421000
|
system
|
page execute and read and write
|
||
|
1810000
|
heap
|
page read and write
|
||
|
2700000
|
trusted library allocation
|
page read and write
|
||
|
8A2000
|
trusted library allocation
|
page read and write
|
||
|
394000
|
unkown
|
page readonly
|
||
|
12C6D7E6000
|
heap
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
166E000
|
stack
|
page read and write
|
||
|
4D33000
|
heap
|
page read and write
|
||
|
176E000
|
heap
|
page read and write
|
||
|
5BB0000
|
heap
|
page read and write
|
||
|
20AF000
|
stack
|
page read and write
|
||
|
28A6000
|
trusted library allocation
|
page read and write
|
||
|
35C000
|
unkown
|
page readonly
|
||
|
6030000
|
trusted library allocation
|
page read and write
|
||
|
2450000
|
heap
|
page read and write
|
||
|
40C9000
|
direct allocation
|
page read and write
|
||
|
13C8000
|
heap
|
page read and write
|
||
|
7A8000
|
heap
|
page read and write
|
||
|
413E000
|
direct allocation
|
page read and write
|
||
|
599F000
|
stack
|
page read and write
|
||
|
49F6000
|
trusted library allocation
|
page read and write
|
||
|
413E000
|
direct allocation
|
page read and write
|
||
|
604B000
|
trusted library allocation
|
page read and write
|
||
|
17FD000
|
stack
|
page read and write
|
||
|
49DB000
|
trusted library allocation
|
page read and write
|
||
|
12C6D816000
|
heap
|
page read and write
|
||
|
E10000
|
trusted library allocation
|
page read and write
|
||
|
1B1A000
|
heap
|
page read and write
|
||
|
35C000
|
unkown
|
page readonly
|
||
|
4213000
|
direct allocation
|
page read and write
|
||
|
6368000
|
trusted library allocation
|
page read and write
|
||
|
25FC000
|
trusted library allocation
|
page read and write
|
||
|
880000
|
trusted library allocation
|
page read and write
|
||
|
17AD000
|
heap
|
page read and write
|
||
|
D5E000
|
stack
|
page read and write
|
||
|
15EF000
|
stack
|
page read and write
|
||
|
1B724FF000
|
stack
|
page read and write
|
||
|
1C17000
|
heap
|
page read and write
|
||
|
1C0F000
|
heap
|
page read and write
|
||
|
2634000
|
trusted library allocation
|
page read and write
|
||
|
1A73000
|
heap
|
page read and write
|
||
|
2C0000
|
unkown
|
page readonly
|
||
|
268F000
|
trusted library allocation
|
page read and write
|
||
|
3E00000
|
direct allocation
|
page read and write
|
||
|
3884000
|
trusted library allocation
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
3F23000
|
direct allocation
|
page read and write
|
||
|
1AD7000
|
heap
|
page read and write
|
||
|
2A95000
|
trusted library allocation
|
page read and write
|
||
|
520F000
|
stack
|
page read and write
|
||
|
4120000
|
direct allocation
|
page read and write
|
||
|
3E00000
|
direct allocation
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
26F0000
|
heap
|
page execute and read and write
|
||
|
5EE0000
|
heap
|
page read and write
|
||
|
1A7D000
|
heap
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
40F0000
|
direct allocation
|
page read and write
|
||
|
39C0000
|
heap
|
page read and write
|
||
|
4D06000
|
trusted library allocation
|
page read and write
|
||
|
6063000
|
trusted library allocation
|
page read and write
|
||
|
1838000
|
heap
|
page read and write
|
||
|
6E5000
|
heap
|
page read and write
|
||
|
8F7000
|
stack
|
page read and write
|
||
|
60A0000
|
trusted library allocation
|
page read and write
|
||
|
13F4000
|
heap
|
page read and write
|
||
|
1728000
|
heap
|
page read and write
|
||
|
17AC000
|
heap
|
page read and write
|
||
|
EDA000
|
stack
|
page read and write
|
||
|
418000
|
system
|
page execute and read and write
|
||
|
19C2000
|
heap
|
page read and write
|
||
|
4CEB000
|
trusted library allocation
|
page read and write
|
||
|
1BAF000
|
heap
|
page read and write
|
||
|
293A000
|
trusted library allocation
|
page read and write
|
||
|
1C00000
|
heap
|
page read and write
|
||
|
17AD000
|
heap
|
page read and write
|
||
|
63A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1882000
|
heap
|
page read and write
|
||
|
40CD000
|
direct allocation
|
page read and write
|
||
|
4101000
|
direct allocation
|
page read and write
|
||
|
17F9000
|
heap
|
page read and write
|
||
|
272C000
|
trusted library allocation
|
page read and write
|
||
|
AAA000
|
trusted library allocation
|
page execute and read and write
|
||
|
42C0000
|
direct allocation
|
page read and write
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
AB2000
|
trusted library allocation
|
page read and write
|
||
|
3FA0000
|
direct allocation
|
page read and write
|
||
|
15BF000
|
stack
|
page read and write
|
||
|
1BFE000
|
stack
|
page read and write
|
||
|
5A9F000
|
stack
|
page read and write
|
||
|
43B9000
|
direct allocation
|
page read and write
|
||
|
1BC1000
|
heap
|
page read and write
|
||
|
17E1000
|
heap
|
page read and write
|
||
|
52CE000
|
stack
|
page read and write
|
||
|
43ED000
|
direct allocation
|
page read and write
|
||
|
1BC000
|
unkown
|
page readonly
|
||
|
4120000
|
direct allocation
|
page read and write
|
||
|
199E000
|
heap
|
page read and write
|
||
|
29A1000
|
trusted library allocation
|
page read and write
|
||
|
A70000
|
trusted library allocation
|
page read and write
|
||
|
184A000
|
heap
|
page read and write
|
||
|
121000
|
unkown
|
page execute read
|
||
|
6383000
|
trusted library allocation
|
page read and write
|
||
|
778000
|
heap
|
page read and write
|
||
|
1A64000
|
heap
|
page read and write
|
||
|
43E9000
|
direct allocation
|
page read and write
|
||
|
DE0000
|
trusted library allocation
|
page read and write
|
||
|
3FA0000
|
direct allocation
|
page read and write
|
||
|
6090000
|
trusted library allocation
|
page read and write
|
||
|
270E000
|
trusted library allocation
|
page read and write
|
||
|
1863000
|
heap
|
page read and write
|
||
|
2791000
|
trusted library allocation
|
page read and write
|
||
|
15FF000
|
stack
|
page read and write
|
||
|
2969000
|
trusted library allocation
|
page read and write
|
||
|
65C0000
|
heap
|
page read and write
|
||
|
4243000
|
direct allocation
|
page read and write
|
||
|
3900000
|
direct allocation
|
page execute and read and write
|
||
|
1721000
|
heap
|
page read and write
|
||
|
439000
|
stack
|
page read and write
|
||
|
4D12000
|
trusted library allocation
|
page read and write
|
||
|
28F2000
|
trusted library allocation
|
page read and write
|
||
|
2C1000
|
unkown
|
page execute read
|
||
|
120000
|
unkown
|
page readonly
|
||
|
2620000
|
trusted library allocation
|
page read and write
|
||
|
1585000
|
heap
|
page read and write
|
||
|
5D2E000
|
stack
|
page read and write
|
||
|
16B0000
|
heap
|
page read and write
|
||
|
13C0000
|
heap
|
page read and write
|
||
|
4F70000
|
trusted library allocation
|
page execute and read and write
|
||
|
4CFE000
|
trusted library allocation
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
A4E000
|
stack
|
page read and write
|
||
|
2683000
|
trusted library allocation
|
page read and write
|
||
|
49C3000
|
heap
|
page read and write
|
||
|
176E000
|
heap
|
page read and write
|
||
|
4B50000
|
heap
|
page read and write
|
||
|
1B728FF000
|
stack
|
page read and write
|
||
|
883000
|
trusted library allocation
|
page execute and read and write
|
||
|
5F18000
|
heap
|
page read and write
|
||
|
26A9000
|
trusted library allocation
|
page read and write
|
||
|
1662000
|
heap
|
page read and write
|
||
|
17B4000
|
heap
|
page read and write
|
||
|
3801000
|
trusted library allocation
|
page read and write
|
||
|
122F000
|
stack
|
page read and write
|
||
|
2A56000
|
trusted library allocation
|
page read and write
|
||
|
268B000
|
trusted library allocation
|
page read and write
|
||
|
8A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
3F23000
|
direct allocation
|
page read and write
|
||
|
3D74000
|
heap
|
page read and write
|
||
|
6DE000
|
stack
|
page read and write
|
||
|
40CD000
|
direct allocation
|
page read and write
|
||
|
1F4000
|
unkown
|
page readonly
|
||
|
2786000
|
trusted library allocation
|
page read and write
|
||
|
6100000
|
trusted library allocation
|
page read and write
|
||
|
870000
|
trusted library allocation
|
page read and write
|
||
|
40CD000
|
direct allocation
|
page read and write
|
||
|
619F000
|
stack
|
page read and write
|
||
|
4DCE000
|
stack
|
page read and write
|
||
|
2A83000
|
trusted library allocation
|
page read and write
|
||
|
293E000
|
trusted library allocation
|
page read and write
|
||
|
2985000
|
trusted library allocation
|
page read and write
|
||
|
2C1000
|
unkown
|
page execute read
|
||
|
3CF0000
|
heap
|
page read and write
|
||
|
198A000
|
heap
|
page read and write
|
||
|
603E000
|
trusted library allocation
|
page read and write
|
||
|
25F0000
|
trusted library allocation
|
page read and write
|
||
|
AB7000
|
trusted library allocation
|
page execute and read and write
|
There are 627 hidden memdumps, click here to show them.