Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
ORDEM DE COMPRA.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ORDEM DE COMPRA._91254e13668f945c2f47b2a799bdf1c6d5b84f_91d2ff47_ce427198-6557-43e4-8d33-11f601ed856b\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE5FE.tmp.dmp
|
Mini DuMP crash report, 16 streams, Thu May 23 13:13:01 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE90C.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE97A.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gb1eegws.kbb.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kstr1w5g.bn5.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vygn0e5n.2jg.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wo3x5km0.qeo.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\ORDEM DE COMPRA.exe
|
"C:\Users\user\Desktop\ORDEM DE COMPRA.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ORDEM DE
COMPRA.exe" -Force
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe"
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 1756 -s 1120
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://reallyfreegeoip.org/xml/8.46.123.175$
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/8.46.123.175
|
188.114.97.3
|
||
|
http://checkip.dyndns.org/
|
132.226.8.169
|
||
|
http://www.microsoft.0
|
unknown
|
||
|
http://checkip.dyndns.org/q
|
unknown
|
||
|
https://scratchdreams.tk
|
unknown
|
||
|
http://reallyfreegeoip.org
|
unknown
|
||
|
https://reallyfreegeoip.org
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://scratchdreams.tk/_send_.php?TS
|
188.114.97.3
|
||
|
http://checkip.dyndns.org
|
unknown
|
||
|
http://www.microsoft.
|
unknown
|
||
|
http://checkip.dyndns.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://scratchdreams.tk
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/
|
unknown
|
There are 6 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
reallyfreegeoip.org
|
188.114.97.3
|
|
|
|
15.164.165.52.in-addr.arpa
|
unknown
|
|
|
|
checkip.dyndns.org
|
unknown
|
|
|
|
scratchdreams.tk
|
188.114.97.3
|
||
|
checkip.dyndns.com
|
132.226.8.169
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
188.114.97.3
|
reallyfreegeoip.org
|
European Union
|
|
|
|
132.226.8.169
|
checkip.dyndns.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
|
EnableLUA
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance
|
Enabled
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
FileDirectory
|
||
|
\REGISTRY\A\{39bb5d41-7673-9ed5-3d7c-b4b49dae4148}\Root\InventoryApplicationFile\ordem de compra.|26a3604438ca4a43
|
ProgramId
|
||
|
\REGISTRY\A\{39bb5d41-7673-9ed5-3d7c-b4b49dae4148}\Root\InventoryApplicationFile\ordem de compra.|26a3604438ca4a43
|
FileId
|
||
|
\REGISTRY\A\{39bb5d41-7673-9ed5-3d7c-b4b49dae4148}\Root\InventoryApplicationFile\ordem de compra.|26a3604438ca4a43
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{39bb5d41-7673-9ed5-3d7c-b4b49dae4148}\Root\InventoryApplicationFile\ordem de compra.|26a3604438ca4a43
|
LongPathHash
|
||
|
\REGISTRY\A\{39bb5d41-7673-9ed5-3d7c-b4b49dae4148}\Root\InventoryApplicationFile\ordem de compra.|26a3604438ca4a43
|
Name
|
||
|
\REGISTRY\A\{39bb5d41-7673-9ed5-3d7c-b4b49dae4148}\Root\InventoryApplicationFile\ordem de compra.|26a3604438ca4a43
|
OriginalFileName
|
||
|
\REGISTRY\A\{39bb5d41-7673-9ed5-3d7c-b4b49dae4148}\Root\InventoryApplicationFile\ordem de compra.|26a3604438ca4a43
|
Publisher
|
||
|
\REGISTRY\A\{39bb5d41-7673-9ed5-3d7c-b4b49dae4148}\Root\InventoryApplicationFile\ordem de compra.|26a3604438ca4a43
|
Version
|
||
|
\REGISTRY\A\{39bb5d41-7673-9ed5-3d7c-b4b49dae4148}\Root\InventoryApplicationFile\ordem de compra.|26a3604438ca4a43
|
BinFileVersion
|
||
|
\REGISTRY\A\{39bb5d41-7673-9ed5-3d7c-b4b49dae4148}\Root\InventoryApplicationFile\ordem de compra.|26a3604438ca4a43
|
BinaryType
|
||
|
\REGISTRY\A\{39bb5d41-7673-9ed5-3d7c-b4b49dae4148}\Root\InventoryApplicationFile\ordem de compra.|26a3604438ca4a43
|
ProductName
|
||
|
\REGISTRY\A\{39bb5d41-7673-9ed5-3d7c-b4b49dae4148}\Root\InventoryApplicationFile\ordem de compra.|26a3604438ca4a43
|
ProductVersion
|
||
|
\REGISTRY\A\{39bb5d41-7673-9ed5-3d7c-b4b49dae4148}\Root\InventoryApplicationFile\ordem de compra.|26a3604438ca4a43
|
LinkDate
|
||
|
\REGISTRY\A\{39bb5d41-7673-9ed5-3d7c-b4b49dae4148}\Root\InventoryApplicationFile\ordem de compra.|26a3604438ca4a43
|
BinProductVersion
|
||
|
\REGISTRY\A\{39bb5d41-7673-9ed5-3d7c-b4b49dae4148}\Root\InventoryApplicationFile\ordem de compra.|26a3604438ca4a43
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{39bb5d41-7673-9ed5-3d7c-b4b49dae4148}\Root\InventoryApplicationFile\ordem de compra.|26a3604438ca4a43
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{39bb5d41-7673-9ed5-3d7c-b4b49dae4148}\Root\InventoryApplicationFile\ordem de compra.|26a3604438ca4a43
|
Size
|
||
|
\REGISTRY\A\{39bb5d41-7673-9ed5-3d7c-b4b49dae4148}\Root\InventoryApplicationFile\ordem de compra.|26a3604438ca4a43
|
Language
|
||
|
\REGISTRY\A\{39bb5d41-7673-9ed5-3d7c-b4b49dae4148}\Root\InventoryApplicationFile\ordem de compra.|26a3604438ca4a43
|
Usn
|
There are 26 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
1FBD9A26000
|
trusted library allocation
|
page read and write
|
|
|
|
1FBE99FC000
|
trusted library allocation
|
page read and write
|
|
|
|
326C000
|
trusted library allocation
|
page read and write
|
|
|
|
30B1000
|
trusted library allocation
|
page read and write
|
|
|
|
7FFD3494F000
|
trusted library allocation
|
page read and write
|
||
|
AA72CFE000
|
stack
|
page read and write
|
||
|
1FBD7C50000
|
heap
|
page read and write
|
||
|
AA72BFF000
|
stack
|
page read and write
|
||
|
40D9000
|
trusted library allocation
|
page read and write
|
||
|
1FBD9580000
|
trusted library allocation
|
page read and write
|
||
|
5502000
|
trusted library allocation
|
page read and write
|
||
|
3317000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34930000
|
trusted library allocation
|
page read and write
|
||
|
31B0000
|
trusted library allocation
|
page read and write
|
||
|
AA732FF000
|
stack
|
page read and write
|
||
|
AA72FFD000
|
stack
|
page read and write
|
||
|
5563000
|
heap
|
page read and write
|
||
|
31A3000
|
trusted library allocation
|
page read and write
|
||
|
1FBD979A000
|
trusted library allocation
|
page read and write
|
||
|
14DE000
|
stack
|
page read and write
|
||
|
3175000
|
trusted library allocation
|
page read and write
|
||
|
1642000
|
trusted library allocation
|
page read and write
|
||
|
2FA0000
|
heap
|
page execute and read and write
|
||
|
2F70000
|
trusted library allocation
|
page read and write
|
||
|
3350000
|
trusted library allocation
|
page read and write
|
||
|
7FFD347DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
3155000
|
trusted library allocation
|
page read and write
|
||
|
65CE000
|
stack
|
page read and write
|
||
|
164A000
|
trusted library allocation
|
page execute and read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
550E000
|
trusted library allocation
|
page read and write
|
||
|
14F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5B1E000
|
stack
|
page read and write
|
||
|
6A60000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FBD97DC000
|
trusted library allocation
|
page read and write
|
||
|
5511000
|
trusted library allocation
|
page read and write
|
||
|
1FBD9711000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349AD000
|
trusted library allocation
|
page read and write
|
||
|
127F000
|
heap
|
page read and write
|
||
|
2EB0000
|
heap
|
page read and write
|
||
|
1FBD7CA0000
|
heap
|
page read and write
|
||
|
1FBD7D0D000
|
heap
|
page read and write
|
||
|
7FFD34790000
|
trusted library allocation
|
page read and write
|
||
|
31FC000
|
trusted library allocation
|
page read and write
|
||
|
10F7000
|
stack
|
page read and write
|
||
|
1380000
|
trusted library allocation
|
page read and write
|
||
|
31F8000
|
trusted library allocation
|
page read and write
|
||
|
7FFD347AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF496190000
|
trusted library allocation
|
page execute and read and write
|
||
|
61CF000
|
stack
|
page read and write
|
||
|
1550000
|
heap
|
page read and write
|
||
|
1624000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34A00000
|
trusted library allocation
|
page read and write
|
||
|
2E20000
|
trusted library allocation
|
page read and write
|
||
|
3304000
|
trusted library allocation
|
page read and write
|
||
|
31AC000
|
trusted library allocation
|
page read and write
|
||
|
163D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34792000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34866000
|
trusted library allocation
|
page execute and read and write
|
||
|
663B000
|
heap
|
page read and write
|
||
|
550A000
|
trusted library allocation
|
page read and write
|
||
|
14EB000
|
trusted library allocation
|
page read and write
|
||
|
3216000
|
trusted library allocation
|
page read and write
|
||
|
DCA000
|
stack
|
page read and write
|
||
|
334C000
|
trusted library allocation
|
page read and write
|
||
|
1FBF1FCD000
|
heap
|
page read and write
|
||
|
6618000
|
heap
|
page read and write
|
||
|
2F60000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FBD7F40000
|
trusted library allocation
|
page read and write
|
||
|
6600000
|
heap
|
page read and write
|
||
|
7FFD3479D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FBF1F60000
|
heap
|
page read and write
|
||
|
151B000
|
trusted library allocation
|
page read and write
|
||
|
2E6E000
|
stack
|
page read and write
|
||
|
1FBF1FFF000
|
heap
|
page read and write
|
||
|
7FFD349A9000
|
trusted library allocation
|
page read and write
|
||
|
1646000
|
trusted library allocation
|
page execute and read and write
|
||
|
3387000
|
trusted library allocation
|
page read and write
|
||
|
325C000
|
trusted library allocation
|
page read and write
|
||
|
14E0000
|
trusted library allocation
|
page read and write
|
||
|
1FBF1FB8000
|
heap
|
page read and write
|
||
|
674E000
|
stack
|
page read and write
|
||
|
AA731FE000
|
stack
|
page read and write
|
||
|
1390000
|
heap
|
page read and write
|
||
|
7FFD34A10000
|
trusted library allocation
|
page read and write
|
||
|
7FFD348A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34980000
|
trusted library allocation
|
page read and write
|
||
|
688E000
|
stack
|
page read and write
|
||
|
1FBD7C10000
|
heap
|
page read and write
|
||
|
7FFD34836000
|
trusted library allocation
|
page read and write
|
||
|
3160000
|
trusted library allocation
|
page read and write
|
||
|
6AA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FBD7CCC000
|
heap
|
page read and write
|
||
|
1251000
|
heap
|
page read and write
|
||
|
1130000
|
heap
|
page read and write
|
||
|
2EAD000
|
stack
|
page read and write
|
||
|
1520000
|
trusted library allocation
|
page read and write
|
||
|
1FBD9700000
|
heap
|
page execute and read and write
|
||
|
3223000
|
trusted library allocation
|
page read and write
|
||
|
1FBF1F70000
|
heap
|
page read and write
|
||
|
1FBD9600000
|
heap
|
page read and write
|
||
|
3172000
|
trusted library allocation
|
page read and write
|
||
|
5990000
|
heap
|
page execute and read and write
|
||
|
1FBD9590000
|
trusted library allocation
|
page read and write
|
||
|
56B0000
|
heap
|
page read and write
|
||
|
51AE000
|
stack
|
page read and write
|
||
|
7FFD34990000
|
trusted library allocation
|
page read and write
|
||
|
318D000
|
trusted library allocation
|
page read and write
|
||
|
662B000
|
heap
|
page read and write
|
||
|
3158000
|
trusted library allocation
|
page read and write
|
||
|
6635000
|
heap
|
page read and write
|
||
|
3166000
|
trusted library allocation
|
page read and write
|
||
|
6A5C000
|
trusted library allocation
|
page read and write
|
||
|
1FBD9A29000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34783000
|
trusted library allocation
|
page execute and read and write
|
||
|
560E000
|
stack
|
page read and write
|
||
|
7FFD34970000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34840000
|
trusted library allocation
|
page execute and read and write
|
||
|
54F0000
|
trusted library allocation
|
page read and write
|
||
|
2E02000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349A0000
|
trusted library allocation
|
page read and write
|
||
|
1640000
|
trusted library allocation
|
page read and write
|
||
|
1FBD9593000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349E0000
|
trusted library allocation
|
page read and write
|
||
|
2E0B000
|
trusted library allocation
|
page execute and read and write
|
||
|
54FE000
|
trusted library allocation
|
page read and write
|
||
|
1FBD9CE9000
|
trusted library allocation
|
page read and write
|
||
|
AA736FD000
|
stack
|
page read and write
|
||
|
31B4000
|
trusted library allocation
|
page read and write
|
||
|
1FBD97EB000
|
trusted library allocation
|
page read and write
|
||
|
1FBE997D000
|
trusted library allocation
|
page read and write
|
||
|
AA738FB000
|
stack
|
page read and write
|
||
|
1198000
|
heap
|
page read and write
|
||
|
31F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349FF000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34950000
|
trusted library allocation
|
page read and write
|
||
|
54FB000
|
trusted library allocation
|
page read and write
|
||
|
7FFD347AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
3357000
|
trusted library allocation
|
page read and write
|
||
|
AA72EFE000
|
stack
|
page read and write
|
||
|
1FBF1A91000
|
heap
|
page read and write
|
||
|
31A1000
|
trusted library allocation
|
page read and write
|
||
|
6620000
|
heap
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
5560000
|
heap
|
page read and write
|
||
|
3344000
|
trusted library allocation
|
page read and write
|
||
|
670E000
|
stack
|
page read and write
|
||
|
413B000
|
trusted library allocation
|
page read and write
|
||
|
65D0000
|
heap
|
page read and write
|
||
|
6A57000
|
trusted library allocation
|
page read and write
|
||
|
3321000
|
trusted library allocation
|
page read and write
|
||
|
31B8000
|
trusted library allocation
|
page read and write
|
||
|
6ACE000
|
trusted library allocation
|
page read and write
|
||
|
315D000
|
trusted library allocation
|
page read and write
|
||
|
3259000
|
trusted library allocation
|
page read and write
|
||
|
1570000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34A0B000
|
trusted library allocation
|
page read and write
|
||
|
11BB000
|
heap
|
page read and write
|
||
|
1FBD7F65000
|
heap
|
page read and write
|
||
|
3204000
|
trusted library allocation
|
page read and write
|
||
|
1FBF20E0000
|
heap
|
page read and write
|
||
|
1FBE9717000
|
trusted library allocation
|
page read and write
|
||
|
15F0000
|
heap
|
page read and write
|
||
|
7FFD34780000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34920000
|
trusted library allocation
|
page read and write
|
||
|
1FBD7C75000
|
heap
|
page read and write
|
||
|
54F6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349F0000
|
trusted library allocation
|
page read and write
|
||
|
694E000
|
stack
|
page read and write
|
||
|
2F80000
|
trusted library allocation
|
page read and write
|
||
|
1FBF1740000
|
trusted library allocation
|
page read and write
|
||
|
7FFD347A0000
|
trusted library allocation
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
592E000
|
stack
|
page read and write
|
||
|
1FBD7D8C000
|
heap
|
page read and write
|
||
|
7FFD3483C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FBD7D0B000
|
heap
|
page read and write
|
||
|
1510000
|
trusted library allocation
|
page read and write
|
||
|
1FBF20F0000
|
heap
|
page execute and read and write
|
||
|
1FBD7D97000
|
heap
|
page read and write
|
||
|
1170000
|
heap
|
page read and write
|
||
|
15CE000
|
stack
|
page read and write
|
||
|
7FFD349C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
AA737FE000
|
stack
|
page read and write
|
||
|
3200000
|
trusted library allocation
|
page read and write
|
||
|
5516000
|
trusted library allocation
|
page read and write
|
||
|
6A4E000
|
stack
|
page read and write
|
||
|
1FBD7D13000
|
heap
|
page read and write
|
||
|
1FBE9711000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349BA000
|
trusted library allocation
|
page read and write
|
||
|
1623000
|
trusted library allocation
|
page execute and read and write
|
||
|
162D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E00000
|
trusted library allocation
|
page read and write
|
||
|
30AF000
|
stack
|
page read and write
|
||
|
4132000
|
trusted library allocation
|
page read and write
|
||
|
4148000
|
trusted library allocation
|
page read and write
|
||
|
5A9E000
|
stack
|
page read and write
|
||
|
1FBD7CAC000
|
heap
|
page read and write
|
||
|
7FFD34830000
|
trusted library allocation
|
page read and write
|
||
|
55CD000
|
stack
|
page read and write
|
||
|
1FBD7C70000
|
heap
|
page read and write
|
||
|
1190000
|
heap
|
page read and write
|
||
|
7FFD3496A000
|
trusted library allocation
|
page read and write
|
||
|
AA72DFE000
|
stack
|
page read and write
|
||
|
1FBF1FBB000
|
heap
|
page read and write
|
||
|
5980000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34960000
|
trusted library allocation
|
page read and write
|
||
|
4117000
|
trusted library allocation
|
page read and write
|
||
|
1FBD7CE1000
|
heap
|
page read and write
|
||
|
1620000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349D0000
|
trusted library allocation
|
page read and write
|
||
|
551D000
|
trusted library allocation
|
page read and write
|
||
|
6A70000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F90000
|
trusted library allocation
|
page read and write
|
||
|
678E000
|
stack
|
page read and write
|
||
|
1630000
|
trusted library allocation
|
page read and write
|
||
|
1FBD7AAE000
|
unkown
|
page readonly
|
||
|
6A50000
|
trusted library allocation
|
page read and write
|
||
|
13DE000
|
stack
|
page read and write
|
||
|
2E05000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD349B0000
|
trusted library allocation
|
page read and write
|
||
|
1FBF1FF7000
|
heap
|
page read and write
|
||
|
6A59000
|
trusted library allocation
|
page read and write
|
||
|
1175000
|
heap
|
page read and write
|
||
|
3169000
|
trusted library allocation
|
page read and write
|
||
|
11C8000
|
heap
|
page read and write
|
||
|
31EC000
|
trusted library allocation
|
page read and write
|
||
|
1FBD7C30000
|
heap
|
page read and write
|
||
|
7FFD347A4000
|
trusted library allocation
|
page read and write
|
||
|
1FBD7F60000
|
heap
|
page read and write
|
||
|
40B1000
|
trusted library allocation
|
page read and write
|
||
|
6602000
|
heap
|
page read and write
|
||
|
7FFD34A20000
|
trusted library allocation
|
page read and write
|
||
|
334A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3478D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FBD7AA0000
|
unkown
|
page readonly
|
||
|
AA733FD000
|
stack
|
page read and write
|
||
|
3296000
|
trusted library allocation
|
page read and write
|
||
|
1FBD9680000
|
trusted library section
|
page read and write
|
||
|
AA730FE000
|
stack
|
page read and write
|
||
|
32F9000
|
trusted library allocation
|
page read and write
|
||
|
1FBD987F000
|
trusted library allocation
|
page read and write
|
||
|
AA72AF2000
|
stack
|
page read and write
|
||
|
5540000
|
trusted library allocation
|
page read and write
|
||
|
31E8000
|
trusted library allocation
|
page read and write
|
||
|
32FE000
|
trusted library allocation
|
page read and write
|
||
|
1FBD7AA2000
|
unkown
|
page readonly
|
||
|
31F4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34784000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34940000
|
trusted library allocation
|
page read and write
|
||
|
2E07000
|
trusted library allocation
|
page execute and read and write
|
||
|
3230000
|
trusted library allocation
|
page read and write
|
||
|
1650000
|
heap
|
page read and write
|
||
|
1FBD95B0000
|
trusted library section
|
page read and write
|
||
|
6AC0000
|
trusted library allocation
|
page read and write
|
||
|
1500000
|
trusted library allocation
|
page read and write
|
||
|
1FBD7CE3000
|
heap
|
page read and write
|
||
|
1FBD7B30000
|
heap
|
page read and write
|
||
|
3208000
|
trusted library allocation
|
page read and write
|
||
|
331C000
|
trusted library allocation
|
page read and write
|
||
|
330E000
|
trusted library allocation
|
page read and write
|
There are 252 hidden memdumps, click here to show them.