Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
cozzy.ps1
|
ASCII text, with very long lines (65494), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\RegAAsm.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\x.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\x.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iyhlvszx.2r1.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tvur0s1n.fqt.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\J2ZN6GT5F28XI67L2ZWX.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms (copy)
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\cozzy.ps1"
|
|
|
|
C:\Users\user\AppData\Local\Temp\x.exe
|
"C:\Users\user\AppData\Local\Temp\x.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\RegAAsm.exe
|
"C:\Users\user\AppData\Local\Temp\RegAAsm.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\notepad.exe
|
"C:\Windows\System32\notepad.exe" "C:\Users\user\Desktop\cozzy.ps1"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
remyma.duckdns.org
|
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
http://geoplugin.net/json.gpb
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://geoplugin.net/$
|
unknown
|
||
|
http://geoplugin.net/json.gpF
|
unknown
|
||
|
http://geoplugin.net/
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://geoplugin.net/json.gpO
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://176.65.144.3
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://geoplugin.net/json.gp2
|
unknown
|
||
|
http://geoplugin.net/json.gpFS
|
unknown
|
||
|
http://176.65.144.3/dev/cozyrem.exe
|
176.65.144.3
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://geoplugin.net/json.gpSystem32
|
unknown
|
There are 13 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
remyma.duckdns.org
|
172.94.9.132
|
|
|
|
geoplugin.net
|
178.237.33.50
|
||
|
198.187.3.20.in-addr.arpa
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.94.9.132
|
remyma.duckdns.org
|
United States
|
|
|
|
176.65.144.3
|
unknown
|
Germany
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-7J4RV4
|
exepath
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-7J4RV4
|
licence
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-7J4RV4
|
time
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-7J4RV4
|
UID
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\x_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\x_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\x_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\x_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\x_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\x_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\x_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\x_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\x_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\x_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\x_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\x_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\x_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\x_RASMANCS
|
FileDirectory
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
68E000
|
heap
|
page read and write
|
|
|
|
13551000
|
trusted library allocation
|
page read and write
|
|
|
|
459000
|
unkown
|
page readonly
|
|
|
|
459000
|
unkown
|
page readonly
|
|
|
|
13631000
|
trusted library allocation
|
page read and write
|
|
|
|
781D000
|
stack
|
page read and write
|
||
|
4860000
|
heap
|
page read and write
|
||
|
13B0000
|
heap
|
page read and write
|
||
|
2E80000
|
heap
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
775E000
|
stack
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
5F09000
|
trusted library allocation
|
page read and write
|
||
|
221F000
|
stack
|
page read and write
|
||
|
475000
|
unkown
|
page read and write
|
||
|
7FFC3BFFC000
|
trusted library allocation
|
page execute and read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
478000
|
unkown
|
page readonly
|
||
|
7850000
|
trusted library allocation
|
page execute and read and write
|
||
|
3160000
|
heap
|
page read and write
|
||
|
5F4D000
|
trusted library allocation
|
page read and write
|
||
|
7FFC3BFC0000
|
trusted library allocation
|
page read and write
|
||
|
83DF000
|
stack
|
page read and write
|
||
|
4E30000
|
trusted library allocation
|
page execute and read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
7658000
|
heap
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
712000
|
heap
|
page read and write
|
||
|
47C0000
|
heap
|
page read and write
|
||
|
4C93000
|
trusted library allocation
|
page execute and read and write
|
||
|
8D1000
|
heap
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
360D000
|
trusted library allocation
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
229A9590000
|
trusted library allocation
|
page read and write
|
||
|
8410000
|
trusted library allocation
|
page read and write
|
||
|
7920000
|
trusted library allocation
|
page read and write
|
||
|
126E000
|
stack
|
page read and write
|
||
|
866B000
|
stack
|
page read and write
|
||
|
13548000
|
trusted library allocation
|
page read and write
|
||
|
8CE000
|
heap
|
page read and write
|
||
|
7840000
|
trusted library allocation
|
page read and write
|
||
|
5D98129000
|
stack
|
page read and write
|
||
|
4D60000
|
heap
|
page execute and read and write
|
||
|
3130000
|
heap
|
page execute and read and write
|
||
|
7FFC3C060000
|
trusted library allocation
|
page execute and read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
75C1000
|
heap
|
page read and write
|
||
|
86AC000
|
stack
|
page read and write
|
||
|
78C0000
|
trusted library allocation
|
page read and write
|
||
|
4DEC000
|
stack
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
5D5000
|
heap
|
page read and write
|
||
|
7FF47E470000
|
trusted library allocation
|
page execute and read and write
|
||
|
6BE000
|
heap
|
page read and write
|
||
|
726E000
|
stack
|
page read and write
|
||
|
8400000
|
trusted library allocation
|
page read and write
|
||
|
8E2000
|
heap
|
page read and write
|
||
|
7820000
|
trusted library allocation
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
472000
|
unkown
|
page read and write
|
||
|
71ED000
|
stack
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
77DE000
|
stack
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
8A6000
|
heap
|
page read and write
|
||
|
2DA0000
|
heap
|
page read and write
|
||
|
72E0000
|
heap
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
229A7B2B000
|
heap
|
page read and write
|
||
|
90000
|
unkown
|
page readonly
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
1E24C000
|
heap
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
6FEB000
|
stack
|
page read and write
|
||
|
35DA000
|
trusted library allocation
|
page read and write
|
||
|
229A7B24000
|
heap
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
35C9000
|
trusted library allocation
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
229A94A0000
|
heap
|
page read and write
|
||
|
3541000
|
trusted library allocation
|
page read and write
|
||
|
4CA0000
|
trusted library allocation
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
4D48000
|
trusted library allocation
|
page read and write
|
||
|
2220000
|
heap
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
7FFC3C150000
|
trusted library allocation
|
page execute and read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
8430000
|
trusted library allocation
|
page read and write
|
||
|
2FBE000
|
stack
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
229A9A10000
|
heap
|
page read and write
|
||
|
485E000
|
stack
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
7870000
|
trusted library allocation
|
page read and write
|
||
|
712E000
|
stack
|
page read and write
|
||
|
6CD000
|
heap
|
page read and write
|
||
|
1BCBC000
|
stack
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
13541000
|
trusted library allocation
|
page read and write
|
||
|
7FFC3C141000
|
trusted library allocation
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
2C77000
|
stack
|
page read and write
|
||
|
8585000
|
trusted library allocation
|
page read and write
|
||
|
605D000
|
trusted library allocation
|
page read and write
|
||
|
7FFC3BFBD000
|
trusted library allocation
|
page execute and read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
7590000
|
heap
|
page read and write
|
||
|
7910000
|
trusted library allocation
|
page read and write
|
||
|
7FFC3C086000
|
trusted library allocation
|
page execute and read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
4C9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
78E0000
|
trusted library allocation
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
7890000
|
trusted library allocation
|
page read and write
|
||
|
229A7B2E000
|
heap
|
page read and write
|
||
|
8300000
|
trusted library allocation
|
page execute and read and write
|
||
|
5EE9000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
2CB0000
|
heap
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
7FFC3C05C000
|
trusted library allocation
|
page execute and read and write
|
||
|
229A7AE0000
|
heap
|
page read and write
|
||
|
7F5000
|
stack
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
4CC0000
|
trusted library allocation
|
page read and write
|
||
|
779E000
|
stack
|
page read and write
|
||
|
54E5000
|
trusted library allocation
|
page read and write
|
||
|
229A7B4A000
|
heap
|
page read and write
|
||
|
229A7B34000
|
heap
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
35C2000
|
trusted library allocation
|
page read and write
|
||
|
712000
|
heap
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
1354D000
|
trusted library allocation
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
820000
|
trusted library allocation
|
page read and write
|
||
|
7FFC3BFCB000
|
trusted library allocation
|
page execute and read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
4C90000
|
trusted library allocation
|
page read and write
|
||
|
4E9E000
|
stack
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
2EE4000
|
heap
|
page read and write
|
||
|
1E216000
|
heap
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
7FFC3BFAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C2E000
|
stack
|
page read and write
|
||
|
7FFC3C0C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
4D2E000
|
stack
|
page read and write
|
||
|
7665000
|
heap
|
page read and write
|
||
|
4ED0000
|
heap
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
1EAFE000
|
stack
|
page read and write
|
||
|
4CC2000
|
trusted library allocation
|
page read and write
|
||
|
229A96C3000
|
heap
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
722E000
|
stack
|
page read and write
|
||
|
745E000
|
stack
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
800000
|
trusted library allocation
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
75EB000
|
heap
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
229A7B2E000
|
heap
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
229A7CC0000
|
heap
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
75D7000
|
heap
|
page read and write
|
||
|
35C0000
|
trusted library allocation
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
2DEE000
|
stack
|
page read and write
|
||
|
8350000
|
trusted library allocation
|
page read and write
|
||
|
2E6E000
|
stack
|
page read and write
|
||
|
90C000
|
heap
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
2F61000
|
heap
|
page read and write
|
||
|
97F000
|
heap
|
page read and write
|
||
|
97F000
|
stack
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
2F5C000
|
heap
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
4EE1000
|
trusted library allocation
|
page read and write
|
||
|
31A6000
|
heap
|
page read and write
|
||
|
35C5000
|
trusted library allocation
|
page read and write
|
||
|
4867000
|
heap
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
227E000
|
stack
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
78D0000
|
trusted library allocation
|
page read and write
|
||
|
761E000
|
heap
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
90E000
|
heap
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
4EB5000
|
heap
|
page execute and read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
150000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
478000
|
unkown
|
page readonly
|
||
|
1E200000
|
heap
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
31A0000
|
heap
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
4F3B000
|
trusted library allocation
|
page read and write
|
||
|
72F0000
|
heap
|
page read and write
|
||
|
4EB0000
|
heap
|
page execute and read and write
|
||
|
7FFC3BFA4000
|
trusted library allocation
|
page read and write
|
||
|
13543000
|
trusted library allocation
|
page read and write
|
||
|
70B000
|
heap
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
7631000
|
heap
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
92000
|
unkown
|
page readonly
|
||
|
2ED5000
|
heap
|
page read and write
|
||
|
237F000
|
stack
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
7710000
|
heap
|
page execute and read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
2DA5000
|
heap
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
3548000
|
trusted library allocation
|
page read and write
|
||
|
7628000
|
heap
|
page read and write
|
||
|
741E000
|
stack
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
8439000
|
trusted library allocation
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
70EA000
|
stack
|
page read and write
|
||
|
70AD000
|
stack
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
7FFC3BFA3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFC3C143000
|
trusted library allocation
|
page read and write
|
||
|
83F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
1EEFB000
|
stack
|
page read and write
|
||
|
229A7B36000
|
heap
|
page read and write
|
||
|
229A7B52000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
5D981AE000
|
stack
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
75C9000
|
heap
|
page read and write
|
||
|
2D2F000
|
stack
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
1E23B000
|
heap
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
7FFC3BFCD000
|
trusted library allocation
|
page execute and read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
716B000
|
stack
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
17BE000
|
stack
|
page read and write
|
||
|
229A7AF8000
|
heap
|
page read and write
|
||
|
1CDFE000
|
stack
|
page read and write
|
||
|
4DAE000
|
stack
|
page read and write
|
||
|
68A000
|
heap
|
page read and write
|
||
|
1C9FE000
|
stack
|
page read and write
|
||
|
229A7B52000
|
heap
|
page read and write
|
||
|
75F6000
|
heap
|
page read and write
|
||
|
4800000
|
heap
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
74E3000
|
heap
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
1D9FD000
|
stack
|
page read and write
|
||
|
78F0000
|
trusted library allocation
|
page read and write
|
||
|
12E0000
|
heap
|
page read and write
|
||
|
1C1F0000
|
heap
|
page execute and read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
2C2E000
|
stack
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
229A7B2A000
|
heap
|
page read and write
|
||
|
7860000
|
trusted library allocation
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
353F000
|
stack
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
4CC5000
|
trusted library allocation
|
page execute and read and write
|
||
|
702E000
|
stack
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
1D5FE000
|
stack
|
page read and write
|
||
|
74A1000
|
heap
|
page read and write
|
||
|
4CE0000
|
trusted library allocation
|
page read and write
|
||
|
195000
|
heap
|
page read and write
|
||
|
1D1FE000
|
stack
|
page read and write
|
||
|
4C80000
|
trusted library allocation
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
229A96A0000
|
heap
|
page read and write
|
||
|
7900000
|
trusted library allocation
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
2C3B000
|
stack
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
229A7B0D000
|
heap
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
712000
|
heap
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
35E7000
|
trusted library allocation
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
703000
|
heap
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
35CC000
|
trusted library allocation
|
page read and write
|
||
|
8340000
|
trusted library allocation
|
page read and write
|
||
|
1DDFE000
|
stack
|
page read and write
|
||
|
760B000
|
heap
|
page read and write
|
||
|
701000
|
heap
|
page read and write
|
||
|
2E88000
|
heap
|
page read and write
|
||
|
7609000
|
heap
|
page read and write
|
||
|
229A94A5000
|
heap
|
page read and write
|
||
|
2E2E000
|
stack
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
65E000
|
stack
|
page read and write
|
||
|
4C94000
|
trusted library allocation
|
page read and write
|
||
|
5036000
|
trusted library allocation
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
4BEE000
|
stack
|
page read and write
|
||
|
4CA9000
|
trusted library allocation
|
page read and write
|
||
|
70B000
|
heap
|
page read and write
|
||
|
7FFC3BFB3000
|
trusted library allocation
|
page read and write
|
||
|
6FAD000
|
stack
|
page read and write
|
||
|
1E1FE000
|
stack
|
page read and write
|
||
|
5EE1000
|
trusted library allocation
|
page read and write
|
||
|
6F1F000
|
stack
|
page read and write
|
||
|
E6E000
|
stack
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
83E0000
|
heap
|
page read and write
|
||
|
4C6F000
|
stack
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
229A7AF0000
|
heap
|
page read and write
|
||
|
5AE000
|
stack
|
page read and write
|
||
|
472000
|
unkown
|
page write copy
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
7FFC3BFB9000
|
trusted library allocation
|
page read and write
|
||
|
70B000
|
heap
|
page read and write
|
||
|
78A0000
|
trusted library allocation
|
page read and write
|
||
|
7880000
|
trusted library allocation
|
page read and write
|
||
|
2C7D000
|
stack
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
78B0000
|
trusted library allocation
|
page read and write
|
||
|
762C000
|
heap
|
page read and write
|
||
|
6CD000
|
heap
|
page read and write
|
||
|
839D000
|
stack
|
page read and write
|
||
|
8421000
|
trusted library allocation
|
page read and write
|
||
|
706F000
|
stack
|
page read and write
|
||
|
1C5FA000
|
stack
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
4D30000
|
heap
|
page readonly
|
||
|
13B5000
|
heap
|
page read and write
|
||
|
1390000
|
heap
|
page read and write
|
||
|
229A7BE5000
|
heap
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
229A9A15000
|
heap
|
page read and write
|
||
|
8D6000
|
heap
|
page read and write
|
||
|
229A7BE7000
|
heap
|
page read and write
|
||
|
8440000
|
trusted library allocation
|
page read and write
|
||
|
7640000
|
heap
|
page read and write
|
||
|
4E40000
|
trusted library allocation
|
page read and write
|
||
|
71AD000
|
stack
|
page read and write
|
||
|
4E2E000
|
stack
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
||
|
229A96C0000
|
heap
|
page read and write
|
||
|
7FFC3C050000
|
trusted library allocation
|
page read and write
|
||
|
229A94B0000
|
heap
|
page read and write
|
||
|
229A9A1D000
|
heap
|
page read and write
|
There are 433 hidden memdumps, click here to show them.