Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
TYPE_C_31_M_12 TAMAR 25.4.2024.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SIY5MZAWZIHFXXNL_ab817c95b9792641a6cf1771ef52cb5cb5470dd_4edc7e65_8ab08c20-1951-4d96-9892-76a945d77f90\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER41B1.tmp.dmp
|
Mini DuMP crash report, 16 streams, Fri Apr 26 05:44:58 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER42CB.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER430A.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\GrOcCQC.exe.log
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
modified
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\TYPE_C_31_M_12 TAMAR 25.4.2024.exe
|
"C:\Users\user\Desktop\TYPE_C_31_M_12 TAMAR 25.4.2024.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe
|
"C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe
|
"C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe"
|
|
|
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7304 -s 1104
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://mail.medicalhome.com.pe
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting7
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://x1.c.lencr.org/0
|
unknown
|
||
|
http://x1.i.lencr.org/0
|
unknown
|
||
|
http://r3.i.lencr.org/03
|
unknown
|
||
|
http://ip-api.com
|
unknown
|
||
|
http://r3.o.lencr.org0
|
unknown
|
||
|
http://medicalhome.com.pe
|
unknown
|
||
|
http://r3.o.lencr
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
There are 3 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.medicalhome.com.pe
|
unknown
|
|
|
|
ip-api.com
|
208.95.112.1
|
||
|
medicalhome.com.pe
|
144.217.159.195
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
208.95.112.1
|
ip-api.com
|
United States
|
||
|
144.217.159.195
|
medicalhome.com.pe
|
Canada
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
GrOcCQC
|
||
|
\REGISTRY\A\{4aed8049-6e95-4ec1-001a-20f3cf3480aa}\Root\InventoryApplicationFile\type_c_31_m_12 |cd26783cd471fcd7
|
ProgramId
|
||
|
\REGISTRY\A\{4aed8049-6e95-4ec1-001a-20f3cf3480aa}\Root\InventoryApplicationFile\type_c_31_m_12 |cd26783cd471fcd7
|
FileId
|
||
|
\REGISTRY\A\{4aed8049-6e95-4ec1-001a-20f3cf3480aa}\Root\InventoryApplicationFile\type_c_31_m_12 |cd26783cd471fcd7
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{4aed8049-6e95-4ec1-001a-20f3cf3480aa}\Root\InventoryApplicationFile\type_c_31_m_12 |cd26783cd471fcd7
|
LongPathHash
|
||
|
\REGISTRY\A\{4aed8049-6e95-4ec1-001a-20f3cf3480aa}\Root\InventoryApplicationFile\type_c_31_m_12 |cd26783cd471fcd7
|
Name
|
||
|
\REGISTRY\A\{4aed8049-6e95-4ec1-001a-20f3cf3480aa}\Root\InventoryApplicationFile\type_c_31_m_12 |cd26783cd471fcd7
|
OriginalFileName
|
||
|
\REGISTRY\A\{4aed8049-6e95-4ec1-001a-20f3cf3480aa}\Root\InventoryApplicationFile\type_c_31_m_12 |cd26783cd471fcd7
|
Publisher
|
||
|
\REGISTRY\A\{4aed8049-6e95-4ec1-001a-20f3cf3480aa}\Root\InventoryApplicationFile\type_c_31_m_12 |cd26783cd471fcd7
|
Version
|
||
|
\REGISTRY\A\{4aed8049-6e95-4ec1-001a-20f3cf3480aa}\Root\InventoryApplicationFile\type_c_31_m_12 |cd26783cd471fcd7
|
BinFileVersion
|
||
|
\REGISTRY\A\{4aed8049-6e95-4ec1-001a-20f3cf3480aa}\Root\InventoryApplicationFile\type_c_31_m_12 |cd26783cd471fcd7
|
BinaryType
|
||
|
\REGISTRY\A\{4aed8049-6e95-4ec1-001a-20f3cf3480aa}\Root\InventoryApplicationFile\type_c_31_m_12 |cd26783cd471fcd7
|
ProductName
|
||
|
\REGISTRY\A\{4aed8049-6e95-4ec1-001a-20f3cf3480aa}\Root\InventoryApplicationFile\type_c_31_m_12 |cd26783cd471fcd7
|
ProductVersion
|
||
|
\REGISTRY\A\{4aed8049-6e95-4ec1-001a-20f3cf3480aa}\Root\InventoryApplicationFile\type_c_31_m_12 |cd26783cd471fcd7
|
LinkDate
|
||
|
\REGISTRY\A\{4aed8049-6e95-4ec1-001a-20f3cf3480aa}\Root\InventoryApplicationFile\type_c_31_m_12 |cd26783cd471fcd7
|
BinProductVersion
|
||
|
\REGISTRY\A\{4aed8049-6e95-4ec1-001a-20f3cf3480aa}\Root\InventoryApplicationFile\type_c_31_m_12 |cd26783cd471fcd7
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{4aed8049-6e95-4ec1-001a-20f3cf3480aa}\Root\InventoryApplicationFile\type_c_31_m_12 |cd26783cd471fcd7
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{4aed8049-6e95-4ec1-001a-20f3cf3480aa}\Root\InventoryApplicationFile\type_c_31_m_12 |cd26783cd471fcd7
|
Size
|
||
|
\REGISTRY\A\{4aed8049-6e95-4ec1-001a-20f3cf3480aa}\Root\InventoryApplicationFile\type_c_31_m_12 |cd26783cd471fcd7
|
Language
|
||
|
\REGISTRY\A\{4aed8049-6e95-4ec1-001a-20f3cf3480aa}\Root\InventoryApplicationFile\type_c_31_m_12 |cd26783cd471fcd7
|
Usn
|
There are 25 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
3102000
|
trusted library allocation
|
page read and write
|
|
|
|
30D5000
|
trusted library allocation
|
page read and write
|
|
|
|
28BF5522000
|
trusted library allocation
|
page read and write
|
|
|
|
28BE5666000
|
trusted library allocation
|
page read and write
|
|
|
|
3126000
|
trusted library allocation
|
page read and write
|
|
|
|
28BE3B10000
|
trusted library allocation
|
page read and write
|
||
|
4F9F000
|
stack
|
page read and write
|
||
|
2E0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
C53000
|
trusted library allocation
|
page execute and read and write
|
||
|
591E000
|
stack
|
page read and write
|
||
|
2A0E000
|
stack
|
page read and write
|
||
|
3114000
|
trusted library allocation
|
page read and write
|
||
|
146E000
|
stack
|
page read and write
|
||
|
28BE3B20000
|
heap
|
page execute and read and write
|
||
|
28BF5518000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B400000
|
trusted library allocation
|
page read and write
|
||
|
5BA000
|
unkown
|
page readonly
|
||
|
4E9F000
|
stack
|
page read and write
|
||
|
3341000
|
trusted library allocation
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
1366000
|
heap
|
page read and write
|
||
|
28BE5340000
|
heap
|
page read and write
|
||
|
28BE5511000
|
trusted library allocation
|
page read and write
|
||
|
28BE36E0000
|
heap
|
page read and write
|
||
|
2E90000
|
heap
|
page read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
B55000
|
heap
|
page read and write
|
||
|
7FFB4B244000
|
trusted library allocation
|
page read and write
|
||
|
32DC000
|
stack
|
page read and write
|
||
|
28BE553C000
|
trusted library allocation
|
page read and write
|
||
|
32F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B41B000
|
trusted library allocation
|
page read and write
|
||
|
5CA0000
|
heap
|
page read and write
|
||
|
17DF000
|
stack
|
page read and write
|
||
|
5B0000
|
unkown
|
page readonly
|
||
|
7FFB4B3D1000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
C1B5FFA000
|
stack
|
page read and write
|
||
|
B0E000
|
stack
|
page read and write
|
||
|
1348000
|
heap
|
page read and write
|
||
|
7FFB4B2E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
55AC000
|
stack
|
page read and write
|
||
|
7FFB4B220000
|
trusted library allocation
|
page read and write
|
||
|
28BE376E000
|
heap
|
page read and write
|
||
|
40C9000
|
trusted library allocation
|
page read and write
|
||
|
11D6000
|
heap
|
page read and write
|
||
|
7FFB4B340000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DF3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1960000
|
trusted library allocation
|
page read and write
|
||
|
6380000
|
heap
|
page read and write
|
||
|
1964000
|
trusted library allocation
|
page read and write
|
||
|
2E27000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F80000
|
trusted library allocation
|
page execute and read and write
|
||
|
28BE5190000
|
trusted library section
|
page read and write
|
||
|
5500000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B2D0000
|
trusted library allocation
|
page read and write
|
||
|
181E000
|
stack
|
page read and write
|
||
|
1987000
|
trusted library allocation
|
page execute and read and write
|
||
|
5ADE000
|
stack
|
page read and write
|
||
|
28BE5500000
|
heap
|
page execute and read and write
|
||
|
29A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
C1B53A2000
|
stack
|
page read and write
|
||
|
5CB0000
|
trusted library allocation
|
page read and write
|
||
|
E1E000
|
stack
|
page read and write
|
||
|
14CA000
|
heap
|
page read and write
|
||
|
28BE5330000
|
heap
|
page read and write
|
||
|
7FFB4B27C000
|
trusted library allocation
|
page execute and read and write
|
||
|
28BE3B13000
|
trusted library allocation
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
169F000
|
stack
|
page read and write
|
||
|
1940000
|
trusted library allocation
|
page read and write
|
||
|
C1B56FE000
|
stack
|
page read and write
|
||
|
320D000
|
trusted library allocation
|
page read and write
|
||
|
694D000
|
stack
|
page read and write
|
||
|
85C000
|
stack
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
5B2000
|
unkown
|
page readonly
|
||
|
28BE3B65000
|
heap
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
5BFE000
|
stack
|
page read and write
|
||
|
1320000
|
heap
|
page read and write
|
||
|
959000
|
stack
|
page read and write
|
||
|
7FFB4B24D000
|
trusted library allocation
|
page execute and read and write
|
||
|
C60000
|
trusted library allocation
|
page read and write
|
||
|
54DE000
|
stack
|
page read and write
|
||
|
550B000
|
trusted library allocation
|
page read and write
|
||
|
6A50000
|
trusted library allocation
|
page read and write
|
||
|
3108000
|
trusted library allocation
|
page read and write
|
||
|
28BE373C000
|
heap
|
page read and write
|
||
|
1280000
|
heap
|
page read and write
|
||
|
5C9D000
|
stack
|
page read and write
|
||
|
59F0000
|
heap
|
page execute and read and write
|
||
|
551A000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B2DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
28BE375A000
|
heap
|
page read and write
|
||
|
6907000
|
trusted library allocation
|
page read and write
|
||
|
10F9000
|
stack
|
page read and write
|
||
|
5710000
|
heap
|
page execute and read and write
|
||
|
28BE3773000
|
heap
|
page read and write
|
||
|
5CB8000
|
trusted library allocation
|
page read and write
|
||
|
C1B59FE000
|
stack
|
page read and write
|
||
|
54F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B24B000
|
trusted library allocation
|
page execute and read and write
|
||
|
309E000
|
stack
|
page read and write
|
||
|
28BE3850000
|
trusted library allocation
|
page read and write
|
||
|
C40000
|
trusted library allocation
|
page read and write
|
||
|
C5D000
|
trusted library allocation
|
page execute and read and write
|
||
|
C1B57FE000
|
stack
|
page read and write
|
||
|
28BF5511000
|
trusted library allocation
|
page read and write
|
||
|
7FF448370000
|
trusted library allocation
|
page execute and read and write
|
||
|
6970000
|
trusted library allocation
|
page execute and read and write
|
||
|
A07000
|
heap
|
page read and write
|
||
|
1378000
|
heap
|
page read and write
|
||
|
5550000
|
trusted library allocation
|
page read and write
|
||
|
C1B5AFD000
|
stack
|
page read and write
|
||
|
C87000
|
trusted library allocation
|
page execute and read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
19A0000
|
trusted library allocation
|
page read and write
|
||
|
28BE3830000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B306000
|
trusted library allocation
|
page execute and read and write
|
||
|
40A1000
|
trusted library allocation
|
page read and write
|
||
|
5532000
|
trusted library allocation
|
page read and write
|
||
|
28BE52D0000
|
heap
|
page read and write
|
||
|
595E000
|
stack
|
page read and write
|
||
|
2A50000
|
heap
|
page execute and read and write
|
||
|
12B8000
|
heap
|
page read and write
|
||
|
C6D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1270000
|
trusted library allocation
|
page read and write
|
||
|
1240000
|
heap
|
page read and write
|
||
|
191F000
|
stack
|
page read and write
|
||
|
6F90000
|
trusted library allocation
|
page execute and read and write
|
||
|
28BE34C0000
|
unkown
|
page readonly
|
||
|
4FE0000
|
heap
|
page execute and read and write
|
||
|
7FFB4B224000
|
trusted library allocation
|
page read and write
|
||
|
28BE5339000
|
heap
|
page read and write
|
||
|
1480000
|
heap
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
2A61000
|
trusted library allocation
|
page read and write
|
||
|
6A57000
|
trusted library allocation
|
page read and write
|
||
|
9FB000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
28BE352E000
|
unkown
|
page readonly
|
||
|
51EE000
|
stack
|
page read and write
|
||
|
14D6000
|
heap
|
page read and write
|
||
|
55D0000
|
heap
|
page read and write
|
||
|
6A60000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B3C0000
|
trusted library allocation
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
519E000
|
stack
|
page read and write
|
||
|
1288000
|
heap
|
page read and write
|
||
|
150B000
|
heap
|
page read and write
|
||
|
3320000
|
trusted library allocation
|
page execute and read and write
|
||
|
CC0000
|
trusted library allocation
|
page read and write
|
||
|
27AC000
|
stack
|
page read and write
|
||
|
6DCE000
|
stack
|
page read and write
|
||
|
12B5000
|
heap
|
page read and write
|
||
|
C1B60FD000
|
stack
|
page read and write
|
||
|
28BE593D000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B23D000
|
trusted library allocation
|
page execute and read and write
|
||
|
28BE3970000
|
heap
|
page read and write
|
||
|
2DFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
599E000
|
stack
|
page read and write
|
||
|
1954000
|
trusted library allocation
|
page read and write
|
||
|
2E1A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E20000
|
trusted library allocation
|
page read and write
|
||
|
198B000
|
trusted library allocation
|
page execute and read and write
|
||
|
5540000
|
trusted library allocation
|
page read and write
|
||
|
F1E000
|
stack
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
7FFB4B3D9000
|
trusted library allocation
|
page read and write
|
||
|
55D3000
|
heap
|
page read and write
|
||
|
2F90000
|
heap
|
page execute and read and write
|
||
|
14BF000
|
heap
|
page read and write
|
||
|
C1B58FF000
|
stack
|
page read and write
|
||
|
16DD000
|
stack
|
page read and write
|
||
|
1425000
|
heap
|
page read and write
|
||
|
2870000
|
heap
|
page read and write
|
||
|
9D8000
|
heap
|
page read and write
|
||
|
7FFB4B222000
|
trusted library allocation
|
page read and write
|
||
|
C1B5EFD000
|
stack
|
page read and write
|
||
|
28BE35C0000
|
heap
|
page read and write
|
||
|
28BE3771000
|
heap
|
page read and write
|
||
|
7FFB4B3E0000
|
trusted library allocation
|
page read and write
|
||
|
28BE34C2000
|
unkown
|
page readonly
|
||
|
550E000
|
trusted library allocation
|
page read and write
|
||
|
C1B5BFF000
|
stack
|
page read and write
|
||
|
551E000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B420000
|
trusted library allocation
|
page read and write
|
||
|
3310000
|
trusted library allocation
|
page read and write
|
||
|
28BE36A0000
|
heap
|
page read and write
|
||
|
14A0000
|
heap
|
page read and write
|
||
|
6CCE000
|
stack
|
page read and write
|
||
|
7FFB4B3F0000
|
trusted library allocation
|
page read and write
|
||
|
2E16000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B22D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DF0000
|
trusted library allocation
|
page read and write
|
||
|
14A8000
|
heap
|
page read and write
|
||
|
2A4E000
|
stack
|
page read and write
|
||
|
4FDE000
|
stack
|
page read and write
|
||
|
28BFD540000
|
trusted library allocation
|
page read and write
|
||
|
6950000
|
trusted library allocation
|
page execute and read and write
|
||
|
329E000
|
stack
|
page read and write
|
||
|
6960000
|
trusted library allocation
|
page read and write
|
||
|
6F10000
|
trusted library allocation
|
page read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
129E000
|
heap
|
page read and write
|
||
|
6A0E000
|
stack
|
page read and write
|
||
|
1953000
|
trusted library allocation
|
page execute and read and write
|
||
|
28BE5608000
|
trusted library allocation
|
page read and write
|
||
|
135A000
|
heap
|
page read and write
|
||
|
30A1000
|
trusted library allocation
|
page read and write
|
||
|
14E7000
|
heap
|
page read and write
|
||
|
5A9E000
|
stack
|
page read and write
|
||
|
3100000
|
trusted library allocation
|
page read and write
|
||
|
DEA000
|
stack
|
page read and write
|
||
|
2E40000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B440000
|
trusted library allocation
|
page read and write
|
||
|
28BE36C0000
|
heap
|
page read and write
|
||
|
2E10000
|
trusted library allocation
|
page read and write
|
||
|
195D000
|
trusted library allocation
|
page execute and read and write
|
||
|
FBC000
|
stack
|
page read and write
|
||
|
19B0000
|
heap
|
page read and write
|
||
|
5526000
|
trusted library allocation
|
page read and write
|
||
|
67BE000
|
stack
|
page read and write
|
||
|
11F0000
|
heap
|
page read and write
|
||
|
28BE3866000
|
heap
|
page read and write
|
||
|
2E25000
|
trusted library allocation
|
page execute and read and write
|
||
|
6900000
|
trusted library allocation
|
page read and write
|
||
|
312E000
|
trusted library allocation
|
page read and write
|
||
|
11A0000
|
heap
|
page read and write
|
||
|
7180000
|
heap
|
page read and write
|
||
|
595E000
|
stack
|
page read and write
|
||
|
5CC0000
|
trusted library allocation
|
page read and write
|
||
|
55E0000
|
heap
|
page read and write
|
||
|
7FFB4B3C4000
|
trusted library allocation
|
page read and write
|
||
|
552D000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B223000
|
trusted library allocation
|
page execute and read and write
|
||
|
9F4000
|
heap
|
page read and write
|
||
|
2EA8000
|
trusted library allocation
|
page read and write
|
||
|
585E000
|
stack
|
page read and write
|
||
|
2E22000
|
trusted library allocation
|
page read and write
|
||
|
5CFE000
|
stack
|
page read and write
|
||
|
32E0000
|
heap
|
page execute and read and write
|
||
|
C8B000
|
trusted library allocation
|
page execute and read and write
|
||
|
27F0000
|
trusted library allocation
|
page read and write
|
||
|
3330000
|
heap
|
page read and write
|
||
|
3122000
|
trusted library allocation
|
page read and write
|
||
|
28BE382D000
|
heap
|
page read and write
|
||
|
C1B5DFE000
|
stack
|
page read and write
|
||
|
DDF000
|
stack
|
page read and write
|
||
|
C64000
|
trusted library allocation
|
page read and write
|
||
|
5521000
|
trusted library allocation
|
page read and write
|
||
|
C1B5CFF000
|
stack
|
page read and write
|
||
|
11F5000
|
heap
|
page read and write
|
||
|
7FFB4B3DE000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B2D6000
|
trusted library allocation
|
page read and write
|
||
|
67FE000
|
stack
|
page read and write
|
||
|
1150000
|
heap
|
page read and write
|
||
|
28BE3975000
|
heap
|
page read and write
|
||
|
297E000
|
stack
|
page read and write
|
||
|
28BF551E000
|
trusted library allocation
|
page read and write
|
||
|
CB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
581C000
|
stack
|
page read and write
|
||
|
5512000
|
trusted library allocation
|
page read and write
|
||
|
2E00000
|
trusted library allocation
|
page read and write
|
||
|
2E8E000
|
stack
|
page read and write
|
||
|
2F7C000
|
stack
|
page read and write
|
||
|
1420000
|
heap
|
page read and write
|
||
|
28BE37A4000
|
heap
|
page read and write
|
||
|
5506000
|
trusted library allocation
|
page read and write
|
||
|
196D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1980000
|
trusted library allocation
|
page read and write
|
||
|
6F40000
|
heap
|
page read and write
|
||
|
3A61000
|
trusted library allocation
|
page read and write
|
||
|
C54000
|
trusted library allocation
|
page read and write
|
||
|
2E12000
|
trusted library allocation
|
page read and write
|
||
|
28BE3730000
|
heap
|
page read and write
|
||
|
12FA000
|
stack
|
page read and write
|
||
|
7FFB4B240000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B233000
|
trusted library allocation
|
page read and write
|
||
|
5CCD000
|
trusted library allocation
|
page read and write
|
||
|
5BDE000
|
stack
|
page read and write
|
||
|
3300000
|
trusted library allocation
|
page read and write
|
||
|
50EE000
|
stack
|
page read and write
|
||
|
319E000
|
stack
|
page read and write
|
||
|
27EE000
|
stack
|
page read and write
|
||
|
410B000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B430000
|
trusted library allocation
|
page execute and read and write
|
||
|
4341000
|
trusted library allocation
|
page read and write
|
||
|
14C4000
|
heap
|
page read and write
|
||
|
28BE379B000
|
heap
|
page read and write
|
||
|
2DF4000
|
trusted library allocation
|
page read and write
|
||
|
7FD90000
|
trusted library allocation
|
page execute and read and write
|
||
|
28BE55F1000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B410000
|
trusted library allocation
|
page read and write
|
||
|
5AFE000
|
stack
|
page read and write
|
||
|
28BE3B60000
|
heap
|
page read and write
|
||
|
599E000
|
stack
|
page read and write
|
||
|
2E2B000
|
trusted library allocation
|
page execute and read and write
|
||
|
68FD000
|
stack
|
page read and write
|
||
|
54E0000
|
trusted library allocation
|
page read and write
|
There are 292 hidden memdumps, click here to show them.