Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
tmjGCGOEGMinVPD.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\tmp2292.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\IeagOAdQiUHWi.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\IeagOAdQiUHWi.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\tmjGCGOEGMinVPD.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eec3ihtp.sgc.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ga15zrqr.yav.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gyngporp.a2d.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mf3dbaxa.o3m.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nheterxz.liq.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wlj5ufqp.412.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xqdpq0es.io3.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ypduttnl.tuu.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp31D4.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\IeagOAdQiUHWi.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\tmjGCGOEGMinVPD.exe
|
"C:\Users\user\Desktop\tmjGCGOEGMinVPD.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\tmjGCGOEGMinVPD.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\IeagOAdQiUHWi.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\IeagOAdQiUHWi" /XML "C:\Users\user\AppData\Local\Temp\tmp2292.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\IeagOAdQiUHWi.exe
|
C:\Users\user\AppData\Roaming\IeagOAdQiUHWi.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\IeagOAdQiUHWi" /XML "C:\Users\user\AppData\Local\Temp\tmp31D4.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 3 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.ipify.org/
|
104.26.13.205
|
||
|
https://api.ipify.org
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
https://api.ipify.org/t
|
unknown
|
||
|
http://mail.morabitur.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.morabitur.com
|
198.46.88.214
|
|
|
|
api.ipify.org
|
104.26.13.205
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
198.46.88.214
|
mail.morabitur.com
|
United States
|
|
|
|
104.26.13.205
|
api.ipify.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2D2C000
|
trusted library allocation
|
page read and write
|
|
|
|
300C000
|
trusted library allocation
|
page read and write
|
|
|
|
3014000
|
trusted library allocation
|
page read and write
|
|
|
|
2D01000
|
trusted library allocation
|
page read and write
|
|
|
|
3B0A000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
3CDB000
|
trusted library allocation
|
page read and write
|
|
|
|
2FE1000
|
trusted library allocation
|
page read and write
|
|
|
|
4FB2000
|
trusted library allocation
|
page read and write
|
||
|
1306000
|
trusted library allocation
|
page read and write
|
||
|
261B000
|
heap
|
page read and write
|
||
|
50D0000
|
heap
|
page read and write
|
||
|
4FA6000
|
trusted library allocation
|
page read and write
|
||
|
F58000
|
heap
|
page read and write
|
||
|
895D000
|
stack
|
page read and write
|
||
|
5C40000
|
heap
|
page read and write
|
||
|
CD0000
|
trusted library allocation
|
page read and write
|
||
|
669D000
|
stack
|
page read and write
|
||
|
87BD000
|
stack
|
page read and write
|
||
|
FD5000
|
heap
|
page read and write
|
||
|
3D17000
|
trusted library allocation
|
page read and write
|
||
|
8B9E000
|
stack
|
page read and write
|
||
|
A3A000
|
stack
|
page read and write
|
||
|
6105000
|
heap
|
page read and write
|
||
|
10D0000
|
trusted library allocation
|
page read and write
|
||
|
5310000
|
heap
|
page execute and read and write
|
||
|
DA000
|
stack
|
page read and write
|
||
|
F4A000
|
heap
|
page read and write
|
||
|
10A0000
|
trusted library allocation
|
page read and write
|
||
|
257E000
|
unkown
|
page read and write
|
||
|
2460000
|
heap
|
page read and write
|
||
|
3008000
|
trusted library allocation
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
91CE000
|
stack
|
page read and write
|
||
|
270E000
|
stack
|
page read and write
|
||
|
67F0000
|
trusted library allocation
|
page read and write
|
||
|
2B64000
|
trusted library allocation
|
page read and write
|
||
|
4ADE000
|
stack
|
page read and write
|
||
|
8DD0000
|
heap
|
page read and write
|
||
|
B1E000
|
heap
|
page read and write
|
||
|
535B000
|
stack
|
page read and write
|
||
|
25BF000
|
stack
|
page read and write
|
||
|
50D3000
|
heap
|
page read and write
|
||
|
69FF000
|
stack
|
page read and write
|
||
|
6C30000
|
heap
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
6BD0000
|
heap
|
page read and write
|
||
|
5A30000
|
heap
|
page read and write
|
||
|
116B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1140000
|
trusted library allocation
|
page read and write
|
||
|
11E0000
|
trusted library allocation
|
page read and write
|
||
|
6660000
|
trusted library allocation
|
page read and write
|
||
|
1320000
|
heap
|
page read and write
|
||
|
2D34000
|
trusted library allocation
|
page read and write
|
||
|
4F84000
|
trusted library allocation
|
page read and write
|
||
|
21EA000
|
stack
|
page read and write
|
||
|
5DC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
71AE000
|
stack
|
page read and write
|
||
|
FF3000
|
heap
|
page read and write
|
||
|
2D9C000
|
stack
|
page read and write
|
||
|
1326000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E00000
|
trusted library allocation
|
page read and write
|
||
|
88FD000
|
stack
|
page read and write
|
||
|
1332000
|
trusted library allocation
|
page read and write
|
||
|
536E000
|
stack
|
page read and write
|
||
|
300A000
|
trusted library allocation
|
page read and write
|
||
|
F45000
|
heap
|
page read and write
|
||
|
1073000
|
trusted library allocation
|
page execute and read and write
|
||
|
1070000
|
trusted library allocation
|
page read and write
|
||
|
110B000
|
heap
|
page read and write
|
||
|
F0E000
|
stack
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
3C9E000
|
trusted library allocation
|
page read and write
|
||
|
5360000
|
trusted library allocation
|
page read and write
|
||
|
1134000
|
trusted library allocation
|
page read and write
|
||
|
CE2000
|
trusted library allocation
|
page read and write
|
||
|
5200000
|
heap
|
page read and write
|
||
|
559E000
|
stack
|
page read and write
|
||
|
8E4B000
|
stack
|
page read and write
|
||
|
5C64000
|
heap
|
page read and write
|
||
|
CD2000
|
trusted library allocation
|
page read and write
|
||
|
82BD000
|
stack
|
page read and write
|
||
|
10F3000
|
heap
|
page read and write
|
||
|
EF9000
|
stack
|
page read and write
|
||
|
532E000
|
trusted library allocation
|
page read and write
|
||
|
490E000
|
stack
|
page read and write
|
||
|
4E4E000
|
stack
|
page read and write
|
||
|
11E0000
|
trusted library allocation
|
page read and write
|
||
|
5D40000
|
heap
|
page read and write
|
||
|
573D000
|
stack
|
page read and write
|
||
|
CB4000
|
trusted library allocation
|
page read and write
|
||
|
2F9C000
|
trusted library allocation
|
page read and write
|
||
|
FA3000
|
heap
|
page read and write
|
||
|
496E000
|
stack
|
page read and write
|
||
|
865F000
|
stack
|
page read and write
|
||
|
5473000
|
heap
|
page read and write
|
||
|
6650000
|
trusted library allocation
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
285C000
|
stack
|
page read and write
|
||
|
1350000
|
trusted library allocation
|
page read and write
|
||
|
84BE000
|
stack
|
page read and write
|
||
|
1337000
|
trusted library allocation
|
page execute and read and write
|
||
|
91D0000
|
trusted library allocation
|
page read and write
|
||
|
5E40000
|
trusted library allocation
|
page execute and read and write
|
||
|
2580000
|
heap
|
page read and write
|
||
|
38D7000
|
trusted library allocation
|
page read and write
|
||
|
66BD000
|
stack
|
page read and write
|
||
|
6677000
|
trusted library allocation
|
page read and write
|
||
|
697E000
|
stack
|
page read and write
|
||
|
AD4000
|
heap
|
page read and write
|
||
|
5C30000
|
heap
|
page read and write
|
||
|
691E000
|
stack
|
page read and write
|
||
|
2B8F000
|
trusted library allocation
|
page read and write
|
||
|
2B54000
|
trusted library allocation
|
page read and write
|
||
|
66DE000
|
stack
|
page read and write
|
||
|
CDA000
|
trusted library allocation
|
page execute and read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
1065000
|
heap
|
page read and write
|
||
|
131D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6870000
|
trusted library allocation
|
page read and write
|
||
|
D35000
|
heap
|
page read and write
|
||
|
293B000
|
stack
|
page read and write
|
||
|
CEB000
|
trusted library allocation
|
page execute and read and write
|
||
|
3927000
|
trusted library allocation
|
page read and write
|
||
|
2450000
|
heap
|
page read and write
|
||
|
EEE000
|
stack
|
page read and write
|
||
|
5150000
|
trusted library allocation
|
page read and write
|
||
|
1140000
|
trusted library allocation
|
page read and write
|
||
|
1060000
|
trusted library allocation
|
page read and write
|
||
|
1152000
|
trusted library allocation
|
page read and write
|
||
|
2979000
|
trusted library allocation
|
page read and write
|
||
|
3020000
|
trusted library allocation
|
page read and write
|
||
|
1080000
|
trusted library allocation
|
page read and write
|
||
|
3B93000
|
trusted library allocation
|
page read and write
|
||
|
67DE000
|
stack
|
page read and write
|
||
|
2590000
|
heap
|
page read and write
|
||
|
607D000
|
stack
|
page read and write
|
||
|
4CB8000
|
trusted library allocation
|
page read and write
|
||
|
653E000
|
stack
|
page read and write
|
||
|
6108000
|
heap
|
page read and write
|
||
|
4FAE000
|
stack
|
page read and write
|
||
|
1012000
|
heap
|
page read and write
|
||
|
8CDF000
|
stack
|
page read and write
|
||
|
5680000
|
trusted library allocation
|
page read and write
|
||
|
54DE000
|
stack
|
page read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
1162000
|
trusted library allocation
|
page read and write
|
||
|
10EE000
|
stack
|
page read and write
|
||
|
82F0000
|
trusted library allocation
|
page read and write
|
||
|
8A9E000
|
stack
|
page read and write
|
||
|
D95000
|
heap
|
page read and write
|
||
|
F28000
|
heap
|
page read and write
|
||
|
281E000
|
stack
|
page read and write
|
||
|
115A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2950000
|
heap
|
page execute and read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
2DB0000
|
trusted library allocation
|
page read and write
|
||
|
1300000
|
trusted library allocation
|
page read and write
|
||
|
63FE000
|
stack
|
page read and write
|
||
|
9D000
|
stack
|
page read and write
|
||
|
5C1E000
|
stack
|
page read and write
|
||
|
6DE1000
|
trusted library allocation
|
page read and write
|
||
|
1120000
|
trusted library allocation
|
page read and write
|
||
|
585E000
|
stack
|
page read and write
|
||
|
89FE000
|
stack
|
page read and write
|
||
|
2F91000
|
trusted library allocation
|
page read and write
|
||
|
133B000
|
trusted library allocation
|
page execute and read and write
|
||
|
5B60000
|
trusted library section
|
page read and write
|
||
|
4DD6000
|
trusted library allocation
|
page read and write
|
||
|
6C20000
|
trusted library allocation
|
page execute and read and write
|
||
|
2970000
|
trusted library allocation
|
page read and write
|
||
|
10C0000
|
heap
|
page read and write
|
||
|
2D5F000
|
stack
|
page read and write
|
||
|
6810000
|
trusted library allocation
|
page read and write
|
||
|
13B0000
|
heap
|
page read and write
|
||
|
5ECE000
|
stack
|
page read and write
|
||
|
7F5E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D2A000
|
trusted library allocation
|
page read and write
|
||
|
5B70000
|
trusted library section
|
page read and write
|
||
|
5331000
|
trusted library allocation
|
page read and write
|
||
|
4DF0000
|
trusted library allocation
|
page read and write
|
||
|
8BDE000
|
stack
|
page read and write
|
||
|
2B4C000
|
stack
|
page read and write
|
||
|
113D000
|
trusted library allocation
|
page execute and read and write
|
||
|
38D1000
|
trusted library allocation
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
5B10000
|
trusted library allocation
|
page execute and read and write
|
||
|
4925000
|
trusted library allocation
|
page read and write
|
||
|
1074000
|
trusted library allocation
|
page read and write
|
||
|
3CB7000
|
trusted library allocation
|
page read and write
|
||
|
845D000
|
stack
|
page read and write
|
||
|
E96000
|
heap
|
page read and write
|
||
|
1090000
|
trusted library allocation
|
page read and write
|
||
|
2CFD000
|
trusted library allocation
|
page read and write
|
||
|
274F000
|
stack
|
page read and write
|
||
|
555F000
|
stack
|
page read and write
|
||
|
13B6000
|
heap
|
page read and write
|
||
|
E6E000
|
heap
|
page read and write
|
||
|
541C000
|
stack
|
page read and write
|
||
|
4E05000
|
trusted library allocation
|
page read and write
|
||
|
7FA30000
|
trusted library allocation
|
page execute and read and write
|
||
|
2860000
|
heap
|
page read and write
|
||
|
3CB1000
|
trusted library allocation
|
page read and write
|
||
|
C3B000
|
stack
|
page read and write
|
||
|
4DD1000
|
trusted library allocation
|
page read and write
|
||
|
5A3D000
|
heap
|
page read and write
|
||
|
5A7F000
|
heap
|
page read and write
|
||
|
1027000
|
heap
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
5C94000
|
heap
|
page read and write
|
||
|
655F000
|
stack
|
page read and write
|
||
|
1156000
|
trusted library allocation
|
page execute and read and write
|
||
|
2944000
|
trusted library allocation
|
page read and write
|
||
|
1310000
|
trusted library allocation
|
page read and write
|
||
|
797000
|
stack
|
page read and write
|
||
|
90CE000
|
stack
|
page read and write
|
||
|
1180000
|
trusted library allocation
|
page read and write
|
||
|
52D0000
|
trusted library allocation
|
page read and write
|
||
|
2F80000
|
heap
|
page execute and read and write
|
||
|
569E000
|
stack
|
page read and write
|
||
|
B2E000
|
heap
|
page read and write
|
||
|
50A0000
|
trusted library allocation
|
page read and write
|
||
|
5F5A000
|
trusted library allocation
|
page read and write
|
||
|
107D000
|
trusted library allocation
|
page execute and read and write
|
||
|
E68000
|
heap
|
page read and write
|
||
|
CB0000
|
trusted library allocation
|
page read and write
|
||
|
3E86000
|
trusted library allocation
|
page read and write
|
||
|
645D000
|
stack
|
page read and write
|
||
|
CC0000
|
trusted library allocation
|
page read and write
|
||
|
2AA1000
|
trusted library allocation
|
page read and write
|
||
|
55E0000
|
trusted library allocation
|
page read and write
|
||
|
2A9E000
|
stack
|
page read and write
|
||
|
5F50000
|
trusted library allocation
|
page read and write
|
||
|
6860000
|
trusted library allocation
|
page execute and read and write
|
||
|
F5C000
|
heap
|
page read and write
|
||
|
2B79000
|
trusted library allocation
|
page read and write
|
||
|
5470000
|
heap
|
page read and write
|
||
|
56DD000
|
stack
|
page read and write
|
||
|
85BF000
|
stack
|
page read and write
|
||
|
685D000
|
stack
|
page read and write
|
||
|
581E000
|
stack
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
FD8000
|
heap
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
1320000
|
trusted library allocation
|
page read and write
|
||
|
583E000
|
stack
|
page read and write
|
||
|
4DDD000
|
trusted library allocation
|
page read and write
|
||
|
6803000
|
trusted library allocation
|
page read and write
|
||
|
AAA000
|
heap
|
page read and write
|
||
|
FB9000
|
heap
|
page read and write
|
||
|
5316000
|
trusted library allocation
|
page read and write
|
||
|
1100000
|
heap
|
page read and write
|
||
|
1084000
|
heap
|
page read and write
|
||
|
108D000
|
trusted library allocation
|
page execute and read and write
|
||
|
CB3000
|
trusted library allocation
|
page execute and read and write
|
||
|
EF9000
|
heap
|
page read and write
|
||
|
10E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
612E000
|
heap
|
page read and write
|
||
|
57DE000
|
stack
|
page read and write
|
||
|
1130000
|
trusted library allocation
|
page read and write
|
||
|
5B30000
|
trusted library section
|
page read and write
|
||
|
5B40000
|
trusted library allocation
|
page read and write
|
||
|
564D000
|
trusted library allocation
|
page read and write
|
||
|
87C0000
|
heap
|
page read and write
|
||
|
A9E000
|
stack
|
page read and write
|
||
|
11C0000
|
heap
|
page execute and read and write
|
||
|
5640000
|
trusted library allocation
|
page read and write
|
||
|
CBD000
|
trusted library allocation
|
page execute and read and write
|
||
|
4DBB000
|
trusted library allocation
|
page read and write
|
||
|
552000
|
unkown
|
page readonly
|
||
|
659E000
|
stack
|
page read and write
|
||
|
8C10000
|
heap
|
page read and write
|
||
|
10AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
533D000
|
trusted library allocation
|
page read and write
|
||
|
67F8000
|
trusted library allocation
|
page read and write
|
||
|
BAA000
|
stack
|
page read and write
|
||
|
4DB0000
|
trusted library allocation
|
page read and write
|
||
|
4C3C000
|
stack
|
page read and write
|
||
|
2530000
|
heap
|
page read and write
|
||
|
3975000
|
trusted library allocation
|
page read and write
|
||
|
2975000
|
trusted library allocation
|
page read and write
|
||
|
53A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1150000
|
heap
|
page read and write
|
||
|
26CF000
|
unkown
|
page read and write
|
||
|
6658000
|
trusted library allocation
|
page read and write
|
||
|
527F000
|
stack
|
page read and write
|
||
|
1330000
|
trusted library allocation
|
page read and write
|
||
|
2940000
|
trusted library allocation
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
6817000
|
trusted library allocation
|
page read and write
|
||
|
111F000
|
stack
|
page read and write
|
||
|
8C8E000
|
stack
|
page read and write
|
||
|
21CE000
|
unkown
|
page read and write
|
||
|
CA0000
|
trusted library allocation
|
page read and write
|
||
|
1160000
|
trusted library allocation
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
532A000
|
trusted library allocation
|
page read and write
|
||
|
D39000
|
stack
|
page read and write
|
||
|
EA4000
|
heap
|
page read and write
|
||
|
5F7C000
|
stack
|
page read and write
|
||
|
63BE000
|
stack
|
page read and write
|
||
|
10A7000
|
trusted library allocation
|
page execute and read and write
|
||
|
1335000
|
trusted library allocation
|
page execute and read and write
|
||
|
5BDE000
|
stack
|
page read and write
|
||
|
4FAD000
|
trusted library allocation
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
1096000
|
trusted library allocation
|
page execute and read and write
|
||
|
1068000
|
heap
|
page read and write
|
||
|
5610000
|
trusted library allocation
|
page execute and read and write
|
||
|
6808000
|
trusted library allocation
|
page read and write
|
||
|
4AF0000
|
trusted library allocation
|
page read and write
|
||
|
6BA0000
|
trusted library allocation
|
page read and write
|
||
|
908E000
|
stack
|
page read and write
|
||
|
13A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
700F000
|
stack
|
page read and write
|
||
|
AAE000
|
heap
|
page read and write
|
||
|
2CE6000
|
trusted library allocation
|
page read and write
|
||
|
1167000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CEF000
|
trusted library allocation
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
51BC000
|
stack
|
page read and write
|
||
|
296F000
|
trusted library allocation
|
page read and write
|
||
|
EEE000
|
heap
|
page read and write
|
||
|
5230000
|
heap
|
page read and write
|
||
|
885E000
|
stack
|
page read and write
|
||
|
5200000
|
trusted library allocation
|
page execute and read and write
|
||
|
CBE000
|
stack
|
page read and write
|
||
|
4EA0000
|
heap
|
page execute and read and write
|
||
|
545E000
|
stack
|
page read and write
|
||
|
5B80000
|
trusted library allocation
|
page read and write
|
||
|
F55000
|
heap
|
page read and write
|
||
|
8FCF000
|
stack
|
page read and write
|
||
|
B37000
|
stack
|
page read and write
|
||
|
12FF000
|
stack
|
page read and write
|
||
|
5300000
|
heap
|
page execute and read and write
|
||
|
21AD000
|
stack
|
page read and write
|
||
|
509E000
|
stack
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
5DBA000
|
trusted library allocation
|
page read and write
|
||
|
4DCE000
|
trusted library allocation
|
page read and write
|
||
|
5342000
|
trusted library allocation
|
page read and write
|
||
|
7D5000
|
heap
|
page read and write
|
||
|
66E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6967000
|
trusted library allocation
|
page read and write
|
||
|
2DE8000
|
trusted library allocation
|
page read and write
|
||
|
2FCF000
|
trusted library allocation
|
page read and write
|
||
|
4E10000
|
trusted library allocation
|
page read and write
|
||
|
2AF1000
|
trusted library allocation
|
page read and write
|
||
|
AE4000
|
heap
|
page read and write
|
||
|
64FE000
|
stack
|
page read and write
|
||
|
5A20000
|
heap
|
page read and write
|
||
|
1078000
|
heap
|
page read and write
|
||
|
259A000
|
heap
|
page read and write
|
||
|
2840000
|
heap
|
page read and write
|
||
|
50B0000
|
trusted library section
|
page read and write
|
||
|
2B60000
|
trusted library allocation
|
page read and write
|
||
|
FA8000
|
heap
|
page read and write
|
||
|
2DC4000
|
trusted library allocation
|
page read and write
|
||
|
67BE000
|
stack
|
page read and write
|
||
|
587E000
|
stack
|
page read and write
|
||
|
28C0000
|
heap
|
page read and write
|
||
|
2990000
|
heap
|
page read and write
|
||
|
8DCC000
|
stack
|
page read and write
|
||
|
8AFE000
|
stack
|
page read and write
|
||
|
589D000
|
stack
|
page read and write
|
||
|
11B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6124000
|
heap
|
page read and write
|
||
|
5322000
|
trusted library allocation
|
page read and write
|
||
|
2946000
|
trusted library allocation
|
page read and write
|
||
|
5250000
|
trusted library allocation
|
page read and write
|
||
|
5A12000
|
heap
|
page read and write
|
||
|
5DB0000
|
trusted library allocation
|
page read and write
|
||
|
2980000
|
trusted library allocation
|
page read and write
|
||
|
663F000
|
stack
|
page read and write
|
||
|
8F8E000
|
stack
|
page read and write
|
||
|
55FE000
|
stack
|
page read and write
|
||
|
611D000
|
heap
|
page read and write
|
||
|
60E0000
|
heap
|
page read and write
|
||
|
6800000
|
trusted library allocation
|
page read and write
|
||
|
5600000
|
heap
|
page read and write
|
||
|
E3E000
|
stack
|
page read and write
|
||
|
43E000
|
remote allocation
|
page execute and read and write
|
||
|
132A000
|
trusted library allocation
|
page execute and read and write
|
||
|
50AF000
|
stack
|
page read and write
|
||
|
55F0000
|
trusted library allocation
|
page read and write
|
||
|
2F7D000
|
stack
|
page read and write
|
||
|
CFE000
|
stack
|
page read and write
|
||
|
2B48000
|
trusted library allocation
|
page read and write
|
||
|
4DFF000
|
trusted library allocation
|
page read and write
|
||
|
1304000
|
trusted library allocation
|
page read and write
|
||
|
28A0000
|
heap
|
page read and write
|
||
|
5350000
|
heap
|
page read and write
|
||
|
3FF6000
|
trusted library allocation
|
page read and write
|
||
|
4F80000
|
trusted library allocation
|
page read and write
|
||
|
69A000
|
stack
|
page read and write
|
||
|
6F81000
|
trusted library allocation
|
page read and write
|
||
|
3ACE000
|
trusted library allocation
|
page read and write
|
||
|
2880000
|
heap
|
page execute and read and write
|
||
|
10A2000
|
trusted library allocation
|
page read and write
|
||
|
53D0000
|
heap
|
page read and write
|
||
|
4DE2000
|
trusted library allocation
|
page read and write
|
||
|
28A0000
|
trusted library allocation
|
page read and write
|
||
|
FCA000
|
heap
|
page read and write
|
||
|
2921000
|
trusted library allocation
|
page read and write
|
||
|
11D0000
|
trusted library allocation
|
page read and write
|
||
|
1133000
|
trusted library allocation
|
page execute and read and write
|
||
|
8F4C000
|
stack
|
page read and write
|
||
|
4DB4000
|
trusted library allocation
|
page read and write
|
||
|
105E000
|
stack
|
page read and write
|
||
|
EA1000
|
heap
|
page read and write
|
||
|
1322000
|
trusted library allocation
|
page read and write
|
||
|
7EE70000
|
trusted library allocation
|
page execute and read and write
|
||
|
56FE000
|
stack
|
page read and write
|
||
|
58C0000
|
heap
|
page read and write
|
||
|
8D8F000
|
stack
|
page read and write
|
||
|
CE7000
|
trusted library allocation
|
page execute and read and write
|
||
|
550000
|
unkown
|
page readonly
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
F97000
|
heap
|
page read and write
|
||
|
109A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1092000
|
trusted library allocation
|
page read and write
|
||
|
10F0000
|
heap
|
page execute and read and write
|
||
|
6970000
|
trusted library allocation
|
page read and write
|
||
|
1327000
|
heap
|
page read and write
|
||
|
E88000
|
heap
|
page read and write
|
||
|
875F000
|
stack
|
page read and write
|
||
|
677F000
|
stack
|
page read and write
|
||
|
2960000
|
trusted library allocation
|
page read and write
|
||
|
6670000
|
trusted library allocation
|
page read and write
|
||
|
2B0E000
|
stack
|
page read and write
|
||
|
51F0000
|
heap
|
page read and write
|
||
|
2890000
|
trusted library allocation
|
page execute and read and write
|
||
|
55BC000
|
stack
|
page read and write
|
||
|
E0E000
|
stack
|
page read and write
|
||
|
1190000
|
heap
|
page read and write
|
||
|
4F9E000
|
trusted library allocation
|
page read and write
|
||
|
CD6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1150000
|
trusted library allocation
|
page read and write
|
||
|
6080000
|
heap
|
page read and write
|
||
|
F3E000
|
heap
|
page read and write
|
||
|
5E8E000
|
stack
|
page read and write
|
||
|
113E000
|
stack
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
39C3000
|
trusted library allocation
|
page read and write
|
||
|
54BC000
|
stack
|
page read and write
|
||
|
6960000
|
trusted library allocation
|
page read and write
|
||
|
28D1000
|
trusted library allocation
|
page read and write
|
||
|
3AA7000
|
trusted library allocation
|
page read and write
|
||
|
597F000
|
stack
|
page read and write
|
||
|
1300000
|
trusted library allocation
|
page read and write
|
||
|
51C0000
|
trusted library allocation
|
page read and write
|
||
|
3AA1000
|
trusted library allocation
|
page read and write
|
||
|
2180000
|
heap
|
page read and write
|
||
|
2D28000
|
trusted library allocation
|
page read and write
|
||
|
250F000
|
unkown
|
page read and write
|
||
|
AE1000
|
heap
|
page read and write
|
||
|
4A6C000
|
stack
|
page read and write
|
||
|
5310000
|
trusted library allocation
|
page read and write
|
||
|
10A0000
|
trusted library allocation
|
page read and write
|
||
|
90CE000
|
stack
|
page read and write
|
||
|
10CB000
|
heap
|
page read and write
|
||
|
666D000
|
trusted library allocation
|
page read and write
|
||
|
2DC0000
|
trusted library allocation
|
page read and write
|
||
|
EAD000
|
stack
|
page read and write
|
||
|
2FC7000
|
trusted library allocation
|
page read and write
|
||
|
680D000
|
trusted library allocation
|
page read and write
|
||
|
531B000
|
trusted library allocation
|
page read and write
|
||
|
5F55000
|
trusted library allocation
|
page read and write
|
||
|
5B90000
|
trusted library allocation
|
page execute and read and write
|
||
|
A5D000
|
stack
|
page read and write
|
||
|
8960000
|
heap
|
page read and write
|
||
|
1304000
|
trusted library allocation
|
page read and write
|
||
|
55D0000
|
heap
|
page read and write
|
||
|
2DA0000
|
trusted library allocation
|
page read and write
|
||
|
4FA1000
|
trusted library allocation
|
page read and write
|
||
|
5C55000
|
heap
|
page read and write
|
||
|
1303000
|
trusted library allocation
|
page execute and read and write
|
||
|
CCD000
|
trusted library allocation
|
page execute and read and write
|
||
|
6880000
|
trusted library allocation
|
page execute and read and write
|
||
|
86BF000
|
stack
|
page read and write
|
||
|
1310000
|
trusted library allocation
|
page read and write
|
||
|
5240000
|
trusted library allocation
|
page read and write
|
||
|
3FB9000
|
trusted library allocation
|
page read and write
|
||
|
8ECC000
|
stack
|
page read and write
|
||
|
1008000
|
heap
|
page read and write
|
||
|
5A4B000
|
heap
|
page read and write
|
||
|
2B85000
|
trusted library allocation
|
page read and write
|
||
|
1165000
|
trusted library allocation
|
page execute and read and write
|
||
|
2610000
|
heap
|
page read and write
|
||
|
69BE000
|
stack
|
page read and write
|
||
|
4F8B000
|
trusted library allocation
|
page read and write
|
||
|
2CAE000
|
stack
|
page read and write
|
||
|
1096000
|
heap
|
page read and write
|
||
|
51CC000
|
stack
|
page read and write
|
||
|
5336000
|
trusted library allocation
|
page read and write
|
||
|
4B3E000
|
stack
|
page read and write
|
||
|
5D30000
|
trusted library section
|
page read and write
|
||
|
3E0A000
|
trusted library allocation
|
page read and write
|
||
|
3F91000
|
trusted library allocation
|
page read and write
|
||
|
5C20000
|
heap
|
page read and write
|
||
|
5260000
|
heap
|
page read and write
|
||
|
5A10000
|
heap
|
page read and write
|
||
|
28B0000
|
trusted library allocation
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
B3B000
|
heap
|
page read and write
|
||
|
11F0000
|
heap
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
531E000
|
trusted library allocation
|
page read and write
|
||
|
11F0000
|
heap
|
page read and write
|
||
|
257E000
|
stack
|
page read and write
|
||
|
2FDD000
|
trusted library allocation
|
page read and write
|
||
|
7F610000
|
trusted library allocation
|
page execute and read and write
|
||
|
ED7000
|
heap
|
page read and write
|
||
|
893E000
|
stack
|
page read and write
|
||
|
4920000
|
trusted library allocation
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
5F60000
|
trusted library allocation
|
page execute and read and write
|
||
|
3CD9000
|
trusted library allocation
|
page read and write
|
||
|
139E000
|
stack
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
2CB1000
|
trusted library allocation
|
page read and write
|
||
|
130D000
|
trusted library allocation
|
page execute and read and write
|
||
|
21D0000
|
heap
|
page read and write
|
There are 514 hidden memdumps, click here to show them.