Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
0OqTUkeaoD.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AppLaunch.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\0OqTUkeaoD.exe
|
"C:\Users\user\Desktop\0OqTUkeaoD.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/sc/sct
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
|
unknown
|
||
|
http://tempuri.org/Contract/MSValue3ResponseD
|
unknown
|
||
|
http://tempuri.org/Contract/MSValue2Response
|
unknown
|
||
|
http://tempuri.org/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
|
unknown
|
||
|
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
|
unknown
|
||
|
https://pastebin.com/raw/8baCJyMF
|
104.20.3.235
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
|
unknown
|
||
|
https://api.ip.sb/ip
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/sc
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
|
unknown
|
||
|
http://tempuri.org/Contract/MSValue3Response
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
|
unknown
|
||
|
https://www.ecosia.org/newtab/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
|
unknown
|
||
|
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/08/addressing
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/trust
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
|
unknown
|
||
|
https://pastebin.com
|
unknown
|
||
|
http://tempuri.org/Contract/MSValue2ResponseD
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/envelope/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
|
unknown
|
||
|
http://tempuri.org/Contract/MSValue1
|
unknown
|
||
|
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust
|
unknown
|
||
|
http://tempuri.org/Contract/MSValue2
|
unknown
|
||
|
http://tempuri.org/Contract/MSValue3
|
unknown
|
||
|
https://duckduckgo.com/chrome_newtabS
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
|
unknown
|
||
|
http://tempuri.org/D
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/06/addressingex
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wscoor
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
|
unknown
|
||
|
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
|
unknown
|
||
|
http://www.w3.o
|
unknown
|
||
|
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
|
unknown
|
||
|
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/rmD
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
|
unknown
|
||
|
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
|
unknown
|
||
|
http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2002/12/policy
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/sc/dk
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
aktayho.top
|
116.203.6.63
|
|
|
|
pastebin.com
|
104.20.3.235
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
116.203.6.63
|
aktayho.top
|
Germany
|
|
|
|
104.20.3.235
|
pastebin.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AppLaunch_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AppLaunch_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AppLaunch_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AppLaunch_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AppLaunch_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AppLaunch_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AppLaunch_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AppLaunch_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AppLaunch_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AppLaunch_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AppLaunch_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AppLaunch_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AppLaunch_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AppLaunch_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
66B000
|
unkown
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
8E11000
|
trusted library allocation
|
page read and write
|
||
|
8DC0000
|
trusted library allocation
|
page read and write
|
||
|
A0F0000
|
trusted library allocation
|
page read and write
|
||
|
A3E000
|
heap
|
page read and write
|
||
|
DBB000
|
trusted library allocation
|
page execute and read and write
|
||
|
D76000
|
heap
|
page read and write
|
||
|
A0AB000
|
trusted library allocation
|
page read and write
|
||
|
A520000
|
trusted library allocation
|
page read and write
|
||
|
8DB0000
|
trusted library allocation
|
page read and write
|
||
|
A076000
|
trusted library allocation
|
page read and write
|
||
|
D7A000
|
heap
|
page read and write
|
||
|
A3E000
|
stack
|
page read and write
|
||
|
A0E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
9D7C000
|
heap
|
page read and write
|
||
|
7B7E000
|
trusted library allocation
|
page read and write
|
||
|
A5E0000
|
heap
|
page read and write
|
||
|
682C000
|
stack
|
page read and write
|
||
|
A1DE000
|
stack
|
page read and write
|
||
|
8F2D000
|
stack
|
page read and write
|
||
|
9FB0000
|
trusted library allocation
|
page read and write
|
||
|
B360000
|
heap
|
page read and write
|
||
|
7881000
|
trusted library allocation
|
page read and write
|
||
|
9DF3000
|
heap
|
page read and write
|
||
|
A8E000
|
heap
|
page read and write
|
||
|
78A5000
|
trusted library allocation
|
page read and write
|
||
|
A4B0000
|
trusted library allocation
|
page read and write
|
||
|
A24F000
|
trusted library allocation
|
page read and write
|
||
|
A0CF000
|
trusted library allocation
|
page read and write
|
||
|
7C10000
|
trusted library allocation
|
page read and write
|
||
|
A280000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
7EE000
|
stack
|
page read and write
|
||
|
8D60000
|
trusted library allocation
|
page read and write
|
||
|
9DE000
|
stack
|
page read and write
|
||
|
AF26000
|
heap
|
page read and write
|
||
|
7BC2000
|
trusted library allocation
|
page read and write
|
||
|
66DE000
|
stack
|
page read and write
|
||
|
DD0000
|
trusted library allocation
|
page read and write
|
||
|
788F000
|
trusted library allocation
|
page read and write
|
||
|
A030000
|
trusted library allocation
|
page execute and read and write
|
||
|
A090000
|
trusted library allocation
|
page execute and read and write
|
||
|
67E0000
|
heap
|
page readonly
|
||
|
6F8F000
|
trusted library allocation
|
page read and write
|
||
|
A28000
|
heap
|
page read and write
|
||
|
8E03000
|
heap
|
page execute and read and write
|
||
|
A0F3000
|
trusted library allocation
|
page read and write
|
||
|
686000
|
unkown
|
page readonly
|
||
|
A990000
|
trusted library allocation
|
page read and write
|
||
|
A980000
|
trusted library allocation
|
page execute and read and write
|
||
|
A950000
|
trusted library allocation
|
page read and write
|
||
|
A2B0000
|
trusted library allocation
|
page read and write
|
||
|
92AF000
|
stack
|
page read and write
|
||
|
DA0000
|
trusted library allocation
|
page read and write
|
||
|
A010000
|
trusted library allocation
|
page read and write
|
||
|
A260000
|
trusted library allocation
|
page read and write
|
||
|
B110000
|
trusted library allocation
|
page read and write
|
||
|
A020000
|
trusted library allocation
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
DB5000
|
trusted library allocation
|
page execute and read and write
|
||
|
7C16000
|
trusted library allocation
|
page read and write
|
||
|
A0D5000
|
trusted library allocation
|
page read and write
|
||
|
A120000
|
trusted library allocation
|
page execute and read and write
|
||
|
B120000
|
trusted library allocation
|
page read and write
|
||
|
9E2A000
|
heap
|
page read and write
|
||
|
B49E000
|
stack
|
page read and write
|
||
|
D60000
|
trusted library allocation
|
page read and write
|
||
|
D2E000
|
stack
|
page read and write
|
||
|
A110000
|
trusted library allocation
|
page read and write
|
||
|
A070000
|
trusted library allocation
|
page read and write
|
||
|
78F7000
|
trusted library allocation
|
page read and write
|
||
|
8EAD000
|
stack
|
page read and write
|
||
|
7BCA000
|
trusted library allocation
|
page read and write
|
||
|
7C3C000
|
trusted library allocation
|
page read and write
|
||
|
8D82000
|
trusted library allocation
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
A290000
|
trusted library allocation
|
page read and write
|
||
|
AF48000
|
heap
|
page read and write
|
||
|
A7CF000
|
stack
|
page read and write
|
||
|
65E000
|
unkown
|
page readonly
|
||
|
8D8E000
|
trusted library allocation
|
page read and write
|
||
|
B1CB000
|
stack
|
page read and write
|
||
|
A22F000
|
trusted library allocation
|
page read and write
|
||
|
7C13000
|
trusted library allocation
|
page read and write
|
||
|
A080000
|
heap
|
page execute and read and write
|
||
|
D90000
|
trusted library allocation
|
page read and write
|
||
|
A0BD000
|
trusted library allocation
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
AEF8000
|
heap
|
page read and write
|
||
|
9DD0000
|
heap
|
page read and write
|
||
|
9B4E000
|
stack
|
page read and write
|
||
|
A0B5000
|
trusted library allocation
|
page read and write
|
||
|
C9F000
|
stack
|
page read and write
|
||
|
A24D000
|
trusted library allocation
|
page read and write
|
||
|
8DA5000
|
trusted library allocation
|
page read and write
|
||
|
9FA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
A8B0000
|
trusted library allocation
|
page read and write
|
||
|
B20E000
|
stack
|
page read and write
|
||
|
D9F000
|
stack
|
page read and write
|
||
|
66D000
|
unkown
|
page write copy
|
||
|
A80E000
|
stack
|
page read and write
|
||
|
A50E000
|
stack
|
page read and write
|
||
|
8D71000
|
trusted library allocation
|
page read and write
|
||
|
93AF000
|
stack
|
page read and write
|
||
|
735F000
|
trusted library allocation
|
page read and write
|
||
|
A060000
|
trusted library allocation
|
page read and write
|
||
|
A0B9000
|
trusted library allocation
|
page read and write
|
||
|
A222000
|
trusted library allocation
|
page read and write
|
||
|
A0A8000
|
trusted library allocation
|
page read and write
|
||
|
A4C0000
|
trusted library allocation
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
9E14000
|
heap
|
page read and write
|
||
|
AF3A000
|
heap
|
page read and write
|
||
|
8A1D000
|
stack
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
6860000
|
heap
|
page execute and read and write
|
||
|
8EEE000
|
stack
|
page read and write
|
||
|
B376000
|
heap
|
page read and write
|
||
|
8D6B000
|
trusted library allocation
|
page read and write
|
||
|
A0C8000
|
trusted library allocation
|
page read and write
|
||
|
8F30000
|
trusted library allocation
|
page read and write
|
||
|
67DF000
|
stack
|
page read and write
|
||
|
AF30000
|
heap
|
page read and write
|
||
|
6901000
|
trusted library allocation
|
page read and write
|
||
|
A224000
|
trusted library allocation
|
page read and write
|
||
|
A210000
|
heap
|
page read and write
|
||
|
A23E000
|
trusted library allocation
|
page read and write
|
||
|
DA6000
|
trusted library allocation
|
page execute and read and write
|
||
|
D80000
|
trusted library allocation
|
page read and write
|
||
|
B1B000
|
heap
|
page read and write
|
||
|
8DAA000
|
trusted library allocation
|
page read and write
|
||
|
A56000
|
heap
|
page read and write
|
||
|
9F90000
|
trusted library allocation
|
page read and write
|
||
|
A073000
|
trusted library allocation
|
page read and write
|
||
|
A234000
|
trusted library allocation
|
page read and write
|
||
|
A2A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
9E3B000
|
heap
|
page read and write
|
||
|
A960000
|
trusted library allocation
|
page execute and read and write
|
||
|
61D000
|
stack
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
CEE000
|
stack
|
page read and write
|
||
|
A0DA000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
A050000
|
trusted library allocation
|
page read and write
|
||
|
8E00000
|
heap
|
page execute and read and write
|
||
|
6830000
|
trusted library allocation
|
page execute and read and write
|
||
|
A0A0000
|
trusted library allocation
|
page read and write
|
||
|
6870000
|
heap
|
page read and write
|
||
|
AF85000
|
heap
|
page read and write
|
||
|
6840000
|
trusted library allocation
|
page read and write
|
||
|
9E8E000
|
stack
|
page read and write
|
||
|
8DD1000
|
trusted library allocation
|
page read and write
|
||
|
93EE000
|
stack
|
page read and write
|
||
|
78A0000
|
trusted library allocation
|
page read and write
|
||
|
A8A1000
|
trusted library allocation
|
page read and write
|
||
|
9E1F000
|
heap
|
page read and write
|
||
|
A246000
|
trusted library allocation
|
page read and write
|
||
|
78B3000
|
trusted library allocation
|
page read and write
|
||
|
A0DF000
|
trusted library allocation
|
page read and write
|
||
|
A241000
|
trusted library allocation
|
page read and write
|
||
|
8DE0000
|
trusted library allocation
|
page read and write
|
||
|
AF2B000
|
heap
|
page read and write
|
||
|
A249000
|
trusted library allocation
|
page read and write
|
||
|
DB7000
|
trusted library allocation
|
page execute and read and write
|
||
|
640000
|
unkown
|
page readonly
|
||
|
AEF0000
|
heap
|
page read and write
|
||
|
7BAD000
|
trusted library allocation
|
page read and write
|
||
|
D83000
|
trusted library allocation
|
page execute and read and write
|
||
|
FEE50000
|
trusted library allocation
|
page execute and read and write
|
||
|
7B93000
|
trusted library allocation
|
page read and write
|
||
|
8F40000
|
trusted library allocation
|
page read and write
|
||
|
51D000
|
stack
|
page read and write
|
||
|
9D7A000
|
heap
|
page read and write
|
||
|
9D96000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
A255000
|
trusted library allocation
|
page read and write
|
||
|
78F5000
|
trusted library allocation
|
page read and write
|
||
|
7C02000
|
trusted library allocation
|
page read and write
|
||
|
68B2000
|
trusted library allocation
|
page read and write
|
||
|
A040000
|
trusted library allocation
|
page execute and read and write
|
||
|
A9B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7BEE000
|
trusted library allocation
|
page read and write
|
||
|
7C06000
|
trusted library allocation
|
page read and write
|
||
|
AF73000
|
heap
|
page read and write
|
||
|
A84F000
|
stack
|
page read and write
|
||
|
9FC0000
|
trusted library allocation
|
page read and write
|
||
|
68C0000
|
trusted library allocation
|
page read and write
|
||
|
A26B000
|
trusted library allocation
|
page read and write
|
||
|
DB0000
|
trusted library allocation
|
page read and write
|
||
|
A100000
|
trusted library allocation
|
page read and write
|
||
|
4EFF000
|
stack
|
page read and write
|
||
|
DA2000
|
trusted library allocation
|
page read and write
|
||
|
7D3C000
|
trusted library allocation
|
page read and write
|
||
|
B35D000
|
stack
|
page read and write
|
||
|
8F50000
|
trusted library allocation
|
page read and write
|
||
|
A22B000
|
trusted library allocation
|
page read and write
|
||
|
AED000
|
heap
|
page read and write
|
||
|
AF56000
|
heap
|
page read and write
|
||
|
7C2A000
|
trusted library allocation
|
page read and write
|
||
|
7BBC000
|
trusted library allocation
|
page read and write
|
||
|
7BA2000
|
trusted library allocation
|
page read and write
|
||
|
A4A000
|
heap
|
page read and write
|
||
|
686000
|
unkown
|
page readonly
|
||
|
641000
|
unkown
|
page execute read
|
||
|
7BBF000
|
trusted library allocation
|
page read and write
|
||
|
641000
|
unkown
|
page execute read
|
||
|
9E5000
|
heap
|
page read and write
|
||
|
A8A000
|
heap
|
page read and write
|
||
|
A252000
|
trusted library allocation
|
page read and write
|
||
|
7899000
|
trusted library allocation
|
page read and write
|
||
|
7B88000
|
trusted library allocation
|
page read and write
|
||
|
A269000
|
trusted library allocation
|
page read and write
|
||
|
7BF5000
|
trusted library allocation
|
page read and write
|
||
|
D9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
83B000
|
stack
|
page read and write
|
||
|
7B73000
|
trusted library allocation
|
page read and write
|
||
|
7AF7000
|
trusted library allocation
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
79F7000
|
trusted library allocation
|
page read and write
|
||
|
D8D000
|
trusted library allocation
|
page execute and read and write
|
||
|
A860000
|
trusted library allocation
|
page execute and read and write
|
||
|
BB4E000
|
stack
|
page read and write
|
||
|
D84000
|
trusted library allocation
|
page read and write
|
||
|
6850000
|
trusted library allocation
|
page read and write
|
||
|
8D76000
|
trusted library allocation
|
page read and write
|
||
|
7BB2000
|
trusted library allocation
|
page read and write
|
||
|
DB2000
|
trusted library allocation
|
page read and write
|
||
|
8DED000
|
trusted library allocation
|
page read and write
|
||
|
65E000
|
unkown
|
page readonly
|
||
|
7893000
|
trusted library allocation
|
page read and write
|
||
|
9D4E000
|
stack
|
page read and write
|
||
|
A130000
|
trusted library allocation
|
page execute and read and write
|
||
|
9DCA000
|
heap
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
8DE7000
|
trusted library allocation
|
page read and write
|
||
|
A959000
|
trusted library allocation
|
page read and write
|
||
|
A5D0000
|
heap
|
page read and write
|
||
|
A0B0000
|
trusted library allocation
|
page read and write
|
||
|
A8C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
A9A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7C37000
|
trusted library allocation
|
page read and write
|
||
|
7C1E000
|
trusted library allocation
|
page read and write
|
||
|
A510000
|
heap
|
page read and write
|
||
|
66B000
|
unkown
|
page write copy
|
||
|
937000
|
stack
|
page read and write
|
||
|
8DA0000
|
trusted library allocation
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
942E000
|
stack
|
page read and write
|
||
|
CA4E000
|
stack
|
page read and write
|
||
|
A850000
|
trusted library allocation
|
page read and write
|
||
|
68B8000
|
trusted library allocation
|
page read and write
|
||
|
9C4E000
|
stack
|
page read and write
|
||
|
A270000
|
trusted library allocation
|
page read and write
|
||
|
A890000
|
trusted library allocation
|
page execute and read and write
|
||
|
9D50000
|
heap
|
page read and write
|
||
|
AE5000
|
heap
|
page read and write
|
||
|
6881000
|
trusted library allocation
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
9F8F000
|
stack
|
page read and write
|
||
|
B250000
|
heap
|
page read and write
|
||
|
AF8E000
|
heap
|
page read and write
|
||
|
640000
|
unkown
|
page readonly
|
||
|
7BFB000
|
trusted library allocation
|
page read and write
|
||
|
7BE9000
|
trusted library allocation
|
page read and write
|
||
|
A19E000
|
stack
|
page read and write
|
||
|
D7E000
|
heap
|
page read and write
|
||
|
A238000
|
trusted library allocation
|
page read and write
|
||
|
A970000
|
trusted library allocation
|
page read and write
|
||
|
7BD6000
|
trusted library allocation
|
page read and write
|
||
|
78AC000
|
trusted library allocation
|
page read and write
|
||
|
7BE3000
|
trusted library allocation
|
page read and write
|
||
|
8D91000
|
trusted library allocation
|
page read and write
|
||
|
8888000
|
trusted library allocation
|
page read and write
|
There are 264 hidden memdumps, click here to show them.