Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
COMMERCIAL INVOICE - BL - AWB 7032805642.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_COMMERCIAL INVOI_d7834551923348fdd4bf39d55123055b1a346a_65c60274_2eae240f-f059-4d10-a8b0-0f9a1e70392f\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF4A7.tmp.dmp
|
Mini DuMP crash report, 16 streams, Thu May 23 18:21:57 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF709.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF7F5.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0zdhnazt.3lq.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4us1mcsa.nnh.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uh5pnaz3.53w.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yefk2xkd.aml.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\COMMERCIAL INVOICE - BL - AWB 7032805642.exe
|
"C:\Users\user\Desktop\COMMERCIAL INVOICE - BL - AWB 7032805642.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\COMMERCIAL
INVOICE - BL - AWB 7032805642.exe" -Force
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 3648 -s 1124
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.telegram.org/bot6521856051:AAE_VqJACYh8GJnmBCYkrp8n7Ax0fW5fJ5s/
|
unknown
|
|
|
|
https://api.telegram.org
|
unknown
|
|
|
|
https://api.telegram.org/bot6521856051:AAE_VqJACYh8GJnmBCYkrp8n7Ax0fW5fJ5s/sendDocument
|
149.154.167.220
|
|
|
|
http://upx.sf.net
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://api.telegram.org
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://www.google.ru/
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
api.telegram.org
|
149.154.167.220
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
149.154.167.220
|
api.telegram.org
|
United Kingdom
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
|
EnableLUA
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance
|
Enabled
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
FileDirectory
|
||
|
\REGISTRY\A\{5b310e98-bb24-a19a-ef78-a1e02e282425}\Root\InventoryApplicationFile\commercial invoi|cba07b59419169a
|
ProgramId
|
||
|
\REGISTRY\A\{5b310e98-bb24-a19a-ef78-a1e02e282425}\Root\InventoryApplicationFile\commercial invoi|cba07b59419169a
|
FileId
|
||
|
\REGISTRY\A\{5b310e98-bb24-a19a-ef78-a1e02e282425}\Root\InventoryApplicationFile\commercial invoi|cba07b59419169a
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{5b310e98-bb24-a19a-ef78-a1e02e282425}\Root\InventoryApplicationFile\commercial invoi|cba07b59419169a
|
LongPathHash
|
||
|
\REGISTRY\A\{5b310e98-bb24-a19a-ef78-a1e02e282425}\Root\InventoryApplicationFile\commercial invoi|cba07b59419169a
|
Name
|
||
|
\REGISTRY\A\{5b310e98-bb24-a19a-ef78-a1e02e282425}\Root\InventoryApplicationFile\commercial invoi|cba07b59419169a
|
OriginalFileName
|
||
|
\REGISTRY\A\{5b310e98-bb24-a19a-ef78-a1e02e282425}\Root\InventoryApplicationFile\commercial invoi|cba07b59419169a
|
Publisher
|
||
|
\REGISTRY\A\{5b310e98-bb24-a19a-ef78-a1e02e282425}\Root\InventoryApplicationFile\commercial invoi|cba07b59419169a
|
Version
|
||
|
\REGISTRY\A\{5b310e98-bb24-a19a-ef78-a1e02e282425}\Root\InventoryApplicationFile\commercial invoi|cba07b59419169a
|
BinFileVersion
|
||
|
\REGISTRY\A\{5b310e98-bb24-a19a-ef78-a1e02e282425}\Root\InventoryApplicationFile\commercial invoi|cba07b59419169a
|
BinaryType
|
||
|
\REGISTRY\A\{5b310e98-bb24-a19a-ef78-a1e02e282425}\Root\InventoryApplicationFile\commercial invoi|cba07b59419169a
|
ProductName
|
||
|
\REGISTRY\A\{5b310e98-bb24-a19a-ef78-a1e02e282425}\Root\InventoryApplicationFile\commercial invoi|cba07b59419169a
|
ProductVersion
|
||
|
\REGISTRY\A\{5b310e98-bb24-a19a-ef78-a1e02e282425}\Root\InventoryApplicationFile\commercial invoi|cba07b59419169a
|
LinkDate
|
||
|
\REGISTRY\A\{5b310e98-bb24-a19a-ef78-a1e02e282425}\Root\InventoryApplicationFile\commercial invoi|cba07b59419169a
|
BinProductVersion
|
||
|
\REGISTRY\A\{5b310e98-bb24-a19a-ef78-a1e02e282425}\Root\InventoryApplicationFile\commercial invoi|cba07b59419169a
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{5b310e98-bb24-a19a-ef78-a1e02e282425}\Root\InventoryApplicationFile\commercial invoi|cba07b59419169a
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{5b310e98-bb24-a19a-ef78-a1e02e282425}\Root\InventoryApplicationFile\commercial invoi|cba07b59419169a
|
Size
|
||
|
\REGISTRY\A\{5b310e98-bb24-a19a-ef78-a1e02e282425}\Root\InventoryApplicationFile\commercial invoi|cba07b59419169a
|
Language
|
||
|
\REGISTRY\A\{5b310e98-bb24-a19a-ef78-a1e02e282425}\Root\InventoryApplicationFile\commercial invoi|cba07b59419169a
|
Usn
|
There are 26 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2C3E000
|
trusted library allocation
|
page read and write
|
|
|
|
19865ABB000
|
trusted library allocation
|
page read and write
|
|
|
|
198756F1000
|
trusted library allocation
|
page read and write
|
|
|
|
2C5A000
|
trusted library allocation
|
page read and write
|
|
|
|
2BF1000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
7FF7C1730000
|
trusted library allocation
|
page read and write
|
||
|
198639E0000
|
heap
|
page read and write
|
||
|
1AFF7FE000
|
stack
|
page read and write
|
||
|
7FF7C173D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3C19000
|
trusted library allocation
|
page read and write
|
||
|
2B8B000
|
trusted library allocation
|
page read and write
|
||
|
2B30000
|
trusted library allocation
|
page execute and read and write
|
||
|
19863B65000
|
heap
|
page read and write
|
||
|
6530000
|
trusted library allocation
|
page read and write
|
||
|
CEA000
|
heap
|
page read and write
|
||
|
10F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C171D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1100000
|
trusted library allocation
|
page read and write
|
||
|
1116000
|
trusted library allocation
|
page execute and read and write
|
||
|
19863B60000
|
heap
|
page read and write
|
||
|
2B40000
|
trusted library allocation
|
page read and write
|
||
|
1987DF10000
|
heap
|
page execute and read and write
|
||
|
D4C000
|
heap
|
page read and write
|
||
|
198655D0000
|
heap
|
page read and write
|
||
|
1987DDA0000
|
trusted library section
|
page read and write
|
||
|
19863AE0000
|
heap
|
page read and write
|
||
|
2B92000
|
trusted library allocation
|
page read and write
|
||
|
2C76000
|
trusted library allocation
|
page read and write
|
||
|
641E000
|
stack
|
page read and write
|
||
|
19863A21000
|
heap
|
page read and write
|
||
|
7FF7C1905000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1710000
|
trusted library allocation
|
page read and write
|
||
|
5E00000
|
heap
|
page read and write
|
||
|
19863C30000
|
heap
|
page read and write
|
||
|
7FF7C17C0000
|
trusted library allocation
|
page read and write
|
||
|
1AFF4FF000
|
stack
|
page read and write
|
||
|
7FF7C1920000
|
trusted library allocation
|
page read and write
|
||
|
1125000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C1970000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1939000
|
trusted library allocation
|
page read and write
|
||
|
6020000
|
trusted library allocation
|
page read and write
|
||
|
1120000
|
trusted library allocation
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
19863B50000
|
trusted library allocation
|
page read and write
|
||
|
1AFFDFE000
|
stack
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
19863840000
|
unkown
|
page readonly
|
||
|
1190000
|
heap
|
page read and write
|
||
|
5FDE000
|
stack
|
page read and write
|
||
|
5180000
|
trusted library allocation
|
page read and write
|
||
|
1987DEE0000
|
heap
|
page read and write
|
||
|
7FF7C18F0000
|
trusted library allocation
|
page read and write
|
||
|
19863A1F000
|
heap
|
page read and write
|
||
|
559E000
|
stack
|
page read and write
|
||
|
6560000
|
heap
|
page read and write
|
||
|
5189000
|
trusted library allocation
|
page read and write
|
||
|
2C46000
|
trusted library allocation
|
page read and write
|
||
|
CC3000
|
heap
|
page read and write
|
||
|
7FF41F070000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BA6000
|
trusted library allocation
|
page read and write
|
||
|
1AFF9FE000
|
stack
|
page read and write
|
||
|
7FF7C1995000
|
trusted library allocation
|
page read and write
|
||
|
2BD0000
|
trusted library allocation
|
page read and write
|
||
|
110D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C173B000
|
trusted library allocation
|
page execute and read and write
|
||
|
19863A4A000
|
heap
|
page read and write
|
||
|
1AFF3FE000
|
stack
|
page read and write
|
||
|
2AEF000
|
stack
|
page read and write
|
||
|
7FF7C176C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C195A000
|
trusted library allocation
|
page read and write
|
||
|
1986562D000
|
heap
|
page read and write
|
||
|
7FF7C1910000
|
trusted library allocation
|
page read and write
|
||
|
29E0000
|
heap
|
page read and write
|
||
|
7FF7C17CC000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BAD000
|
trusted library allocation
|
page read and write
|
||
|
198639A0000
|
heap
|
page read and write
|
||
|
1196000
|
heap
|
page read and write
|
||
|
7FBF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
112B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BA1000
|
trusted library allocation
|
page read and write
|
||
|
5726000
|
trusted library allocation
|
page read and write
|
||
|
2C42000
|
trusted library allocation
|
page read and write
|
||
|
2B70000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1900000
|
trusted library allocation
|
page read and write
|
||
|
19865630000
|
heap
|
page read and write
|
||
|
1AFF2FE000
|
stack
|
page read and write
|
||
|
6520000
|
trusted library allocation
|
page read and write
|
||
|
198656D0000
|
heap
|
page execute and read and write
|
||
|
1AFF6FC000
|
stack
|
page read and write
|
||
|
1AFFEFE000
|
stack
|
page read and write
|
||
|
D33000
|
heap
|
page read and write
|
||
|
7FF7C1930000
|
trusted library allocation
|
page read and write
|
||
|
C87000
|
heap
|
page read and write
|
||
|
10FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
5730000
|
trusted library allocation
|
page execute and read and write
|
||
|
5F40000
|
trusted library allocation
|
page execute and read and write
|
||
|
8BA000
|
stack
|
page read and write
|
||
|
19863842000
|
unkown
|
page readonly
|
||
|
19863B73000
|
trusted library allocation
|
page read and write
|
||
|
2BC0000
|
trusted library allocation
|
page read and write
|
||
|
2B2C000
|
stack
|
page read and write
|
||
|
198657C8000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1729000
|
trusted library allocation
|
page read and write
|
||
|
198756E8000
|
trusted library allocation
|
page read and write
|
||
|
1AFFAFD000
|
stack
|
page read and write
|
||
|
7FF7C1950000
|
trusted library allocation
|
page read and write
|
||
|
1140000
|
trusted library allocation
|
page read and write
|
||
|
51A0000
|
heap
|
page read and write
|
||
|
7FF7C1960000
|
trusted library allocation
|
page read and write
|
||
|
2B8E000
|
trusted library allocation
|
page read and write
|
||
|
C85000
|
heap
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
7FF7C1934000
|
trusted library allocation
|
page read and write
|
||
|
5720000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1830000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AFEFE2000
|
stack
|
page read and write
|
||
|
7FF7C18B0000
|
trusted library allocation
|
page read and write
|
||
|
198639C0000
|
heap
|
page read and write
|
||
|
7FF7C18C0000
|
trusted library allocation
|
page read and write
|
||
|
2BE0000
|
heap
|
page execute and read and write
|
||
|
19863A4C000
|
heap
|
page read and write
|
||
|
569F000
|
stack
|
page read and write
|
||
|
198638C0000
|
heap
|
page read and write
|
||
|
7FF7C17D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
9B9000
|
stack
|
page read and write
|
||
|
2BB2000
|
trusted library allocation
|
page read and write
|
||
|
C7A000
|
heap
|
page read and write
|
||
|
1AFFFFB000
|
stack
|
page read and write
|
||
|
651E000
|
stack
|
page read and write
|
||
|
19863B30000
|
trusted library allocation
|
page read and write
|
||
|
C58000
|
heap
|
page read and write
|
||
|
D15000
|
heap
|
page read and write
|
||
|
2B86000
|
trusted library allocation
|
page read and write
|
||
|
D75000
|
heap
|
page read and write
|
||
|
1122000
|
trusted library allocation
|
page read and write
|
||
|
19863B90000
|
trusted library section
|
page read and write
|
||
|
2C56000
|
trusted library allocation
|
page read and write
|
||
|
19865651000
|
heap
|
page read and write
|
||
|
2C69000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1980000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C18E0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1990000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1714000
|
trusted library allocation
|
page read and write
|
||
|
50A0000
|
heap
|
page execute and read and write
|
||
|
601E000
|
stack
|
page read and write
|
||
|
7FF7C1713000
|
trusted library allocation
|
page execute and read and write
|
||
|
65B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
50EE000
|
stack
|
page read and write
|
||
|
7FF7C17F6000
|
trusted library allocation
|
page execute and read and write
|
||
|
198639EC000
|
heap
|
page read and write
|
||
|
C6E000
|
heap
|
page read and write
|
||
|
631E000
|
stack
|
page read and write
|
||
|
2C3C000
|
trusted library allocation
|
page read and write
|
||
|
198756E1000
|
trusted library allocation
|
page read and write
|
||
|
C50000
|
heap
|
page read and write
|
||
|
7FF7C17C6000
|
trusted library allocation
|
page read and write
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
1127000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B80000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C18D0000
|
trusted library allocation
|
page read and write
|
||
|
2B9A000
|
trusted library allocation
|
page read and write
|
||
|
198756ED000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1720000
|
trusted library allocation
|
page read and write
|
||
|
198655E0000
|
heap
|
page read and write
|
||
|
512E000
|
stack
|
page read and write
|
||
|
D2F000
|
heap
|
page read and write
|
||
|
5193000
|
heap
|
page read and write
|
||
|
1987D710000
|
trusted library allocation
|
page read and write
|
||
|
549E000
|
stack
|
page read and write
|
||
|
19865540000
|
heap
|
page read and write
|
||
|
7FF7C172D000
|
trusted library allocation
|
page execute and read and write
|
||
|
118E000
|
stack
|
page read and write
|
||
|
10F4000
|
trusted library allocation
|
page read and write
|
||
|
5710000
|
heap
|
page read and write
|
||
|
19865656000
|
heap
|
page read and write
|
||
|
43E000
|
remote allocation
|
page execute and read and write
|
||
|
198657A5000
|
trusted library allocation
|
page read and write
|
||
|
2948000
|
trusted library allocation
|
page read and write
|
||
|
3C59000
|
trusted library allocation
|
page read and write
|
||
|
5F3E000
|
stack
|
page read and write
|
||
|
507C000
|
stack
|
page read and write
|
||
|
1AFF5FE000
|
stack
|
page read and write
|
||
|
1112000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1940000
|
trusted library allocation
|
page execute and read and write
|
||
|
570C000
|
trusted library allocation
|
page read and write
|
||
|
E90000
|
trusted library allocation
|
page read and write
|
||
|
1110000
|
trusted library allocation
|
page read and write
|
||
|
6037000
|
trusted library allocation
|
page read and write
|
||
|
516E000
|
stack
|
page read and write
|
||
|
198656E1000
|
trusted library allocation
|
page read and write
|
||
|
66E0000
|
heap
|
page read and write
|
||
|
19863B70000
|
trusted library allocation
|
page read and write
|
||
|
3BF1000
|
trusted library allocation
|
page read and write
|
||
|
5190000
|
heap
|
page read and write
|
||
|
539C000
|
stack
|
page read and write
|
||
|
5700000
|
trusted library allocation
|
page read and write
|
||
|
1986384A000
|
unkown
|
page readonly
|
||
|
6030000
|
trusted library allocation
|
page read and write
|
||
|
2B9E000
|
trusted library allocation
|
page read and write
|
||
|
5E9C000
|
heap
|
page read and write
|
||
|
7FF7C1734000
|
trusted library allocation
|
page read and write
|
||
|
EA0000
|
heap
|
page read and write
|
||
|
1AFF8FE000
|
stack
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
19863C35000
|
heap
|
page read and write
|
||
|
7FF7C1722000
|
trusted library allocation
|
page read and write
|
||
|
111A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C7A000
|
trusted library allocation
|
page read and write
|
||
|
10F0000
|
trusted library allocation
|
page read and write
|
||
|
19863A09000
|
heap
|
page read and write
|
||
|
4CEE000
|
stack
|
page read and write
|
There are 202 hidden memdumps, click here to show them.