Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
2E7ZdlxkOL.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\2E7ZdlxkOL.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\CGHCGIIDGDAK\DAEHJJ
|
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie
0xe, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\ProgramData\CGHCGIIDGDAK\DHCBAE
|
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie
0x24, schema 4, UTF-8, version-valid-for 2
|
modified
|
||
|
C:\ProgramData\CGHCGIIDGDAK\EHCAEG
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8,
version-valid-for 11
|
dropped
|
||
|
C:\ProgramData\CGHCGIIDGDAK\FCBFBG
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4,
UTF-8, version-valid-for 4
|
dropped
|
||
|
C:\ProgramData\CGHCGIIDGDAK\GIJECG
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie
0xb, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\ProgramData\CGHCGIIDGDAK\JKEHII
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie
0x21, schema 4, UTF-8, version-valid-for 3
|
dropped
|
||
|
C:\ProgramData\CGHCGIIDGDAK\KFBGCA
|
SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4,
UTF-8, version-valid-for 2
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\sqlt[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\2E7ZdlxkOL.exe
|
"C:\Users\user\Desktop\2E7ZdlxkOL.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://t.me/
|
unknown
|
|
|
|
https://steamcommunity.com/profiles/76561199707802586
|
|
||
|
https://t.me/g067n
|
149.154.167.99
|
|
|
|
https://duckduckgo.com/chrome_newtab
|
unknown
|
||
|
https://195.201.251.214:9000/;jj
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
https://195.201.251.214:9000/freebl3.dll;
|
unknown
|
||
|
https://195.201.251.214:9000/mozglue.dll
|
unknown
|
||
|
https://195.201.251.214:9000/vcruntime140.dllN$8
|
unknown
|
||
|
https://195.201.251.214:9000/nss3.dll
|
unknown
|
||
|
https://195.201.251.214:9000/y
|
unknown
|
||
|
https://web.telegram.org
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199707802586hellosqlt.dllsqlite3.dll
|
unknown
|
||
|
https://195.201.251.214:9000/
|
unknown
|
||
|
https://t.me//
|
unknown
|
||
|
https://195.201.251.214:9000/mozglue.dllge
|
unknown
|
||
|
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
https://195.201.251.214:9000/Mac
|
unknown
|
||
|
https://195.201.251.214:9000/h
|
unknown
|
||
|
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
|
unknown
|
||
|
https://195.201.251.214:9000/mozglue.dllK
|
unknown
|
||
|
https://195.201.251.214:9000/icrosoft
|
unknown
|
||
|
https://195.201.251.214:9000/vcruntime140.dllz
|
unknown
|
||
|
https://195.201.251.214:9000/nss3.dllM
|
unknown
|
||
|
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe
|
unknown
|
||
|
https://github.com/mullvad/mullvadvpn-app#readme0
|
unknown
|
||
|
https://195.201.251.214:9000/al
|
unknown
|
||
|
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
|
unknown
|
||
|
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
|
unknown
|
||
|
https://195.201.251.214:9000/freebl3.dll
|
unknown
|
||
|
https://195.201.251.214:9000/softokn3.dll
|
unknown
|
||
|
https://t.me/g067nry1neMozilla/5.0
|
unknown
|
||
|
http://www.sqlite.org/copyright.html.
|
unknown
|
||
|
https://195.201.251.214:9000g
|
unknown
|
||
|
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
|
unknown
|
||
|
https://t.me/g067n8
|
unknown
|
||
|
https://195.201.251.214:9000/msvcp140.dll
|
unknown
|
||
|
https://195.201.251.214:9000/sqlt.dll9
|
unknown
|
||
|
https://195.201.251.214:9000/ivaldi
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
|
unknown
|
||
|
https://195.201.251.214:9000/vcruntime140.dllrv:129.0)
|
unknown
|
||
|
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exe
|
unknown
|
||
|
https://www.ecosia.org/newtab/
|
unknown
|
||
|
https://195.201.251.214:9000/vcruntime140.dller
|
unknown
|
||
|
https://195.201.251.214:9000/msvcp140.dllc
|
unknown
|
||
|
https://195.201.251.214:9000/vcruntime140.dll
|
unknown
|
||
|
https://ac.ecosia.org/autocomplete?q=
|
unknown
|
||
|
https://195.201.251.214:9000/msvcp140.dlle
|
unknown
|
||
|
https://195.201.251.214:9000/softokn3.dlle
|
unknown
|
||
|
https://195.201.251.214:9000/freebl3.dllge
|
unknown
|
||
|
https://195.201.251.214:9000/c3osoft
|
unknown
|
||
|
https://195.201.251.214:9000/softokn3.dll7i
|
unknown
|
||
|
https://195.201.251.214:9000/vcruntime140.dllU
|
unknown
|
||
|
https://195.201.251.214/
|
unknown
|
||
|
https://195.201.251.214:9000/Rk
|
unknown
|
||
|
https://195.201.251.214/j.
|
unknown
|
||
|
https://195.201.251.214:9000
|
unknown
|
||
|
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
|
unknown
|
||
|
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
|
unknown
|
||
|
https://195.201.251.214:9000/sqlt.dll
|
unknown
|
||
|
https://195.201.251.214:9000ontent-Disposition:
|
unknown
|
||
|
https://195.201.251.214:90007c3le
|
unknown
|
||
|
https://195.201.251.214:9000Microsoft
|
unknown
|
There are 54 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
t.me
|
149.154.167.99
|
|
|
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
149.154.167.99
|
t.me
|
United Kingdom
|
|
|
|
195.201.251.214
|
unknown
|
Germany
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
465C000
|
trusted library allocation
|
page read and write
|
|
|
|
4BE2000
|
trusted library allocation
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
3773000
|
trusted library allocation
|
page read and write
|
|
|
|
445000
|
remote allocation
|
page execute and read and write
|
|
|
|
45F4000
|
trusted library allocation
|
page read and write
|
|
|
|
4C16000
|
trusted library allocation
|
page read and write
|
|
|
|
BE2000
|
unkown
|
page readonly
|
|
|
|
107C000
|
unkown
|
page readonly
|
||
|
35DE000
|
stack
|
page read and write
|
||
|
619E000
|
stack
|
page read and write
|
||
|
3717000
|
trusted library allocation
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
2229D000
|
direct allocation
|
page execute read
|
||
|
368D000
|
trusted library allocation
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
36FC000
|
trusted library allocation
|
page read and write
|
||
|
4A9000
|
remote allocation
|
page execute and read and write
|
||
|
375E000
|
trusted library allocation
|
page read and write
|
||
|
1257D000
|
stack
|
page read and write
|
||
|
3734000
|
trusted library allocation
|
page read and write
|
||
|
18E2000
|
heap
|
page read and write
|
||
|
1C132000
|
heap
|
page read and write
|
||
|
36F1000
|
trusted library allocation
|
page read and write
|
||
|
373A000
|
trusted library allocation
|
page read and write
|
||
|
1B10000
|
heap
|
page read and write
|
||
|
36F7000
|
trusted library allocation
|
page read and write
|
||
|
1860000
|
heap
|
page read and write
|
||
|
372C000
|
trusted library allocation
|
page read and write
|
||
|
5990000
|
trusted library allocation
|
page execute and read and write
|
||
|
1038000
|
heap
|
page read and write
|
||
|
36C3000
|
trusted library allocation
|
page read and write
|
||
|
3723000
|
trusted library allocation
|
page read and write
|
||
|
1C290000
|
heap
|
page read and write
|
||
|
5C70000
|
heap
|
page read and write
|
||
|
CFC000
|
stack
|
page read and write
|
||
|
371F000
|
trusted library allocation
|
page read and write
|
||
|
14B3E000
|
stack
|
page read and write
|
||
|
3738000
|
trusted library allocation
|
page read and write
|
||
|
33C4000
|
trusted library allocation
|
page read and write
|
||
|
33E0000
|
trusted library allocation
|
page read and write
|
||
|
1900000
|
heap
|
page read and write
|
||
|
376A000
|
trusted library allocation
|
page read and write
|
||
|
1190000
|
heap
|
page read and write
|
||
|
5930000
|
trusted library allocation
|
page read and write
|
||
|
35F1000
|
trusted library allocation
|
page read and write
|
||
|
9800000
|
unclassified section
|
page read and write
|
||
|
36BD000
|
trusted library allocation
|
page read and write
|
||
|
36BF000
|
trusted library allocation
|
page read and write
|
||
|
33CD000
|
trusted library allocation
|
page read and write
|
||
|
373C000
|
trusted library allocation
|
page read and write
|
||
|
36DF000
|
trusted library allocation
|
page read and write
|
||
|
5940000
|
trusted library section
|
page read and write
|
||
|
185D000
|
trusted library allocation
|
page execute and read and write
|
||
|
11EE000
|
stack
|
page read and write
|
||
|
59F0000
|
heap
|
page read and write
|
||
|
357E000
|
stack
|
page read and write
|
||
|
33C1000
|
trusted library allocation
|
page read and write
|
||
|
352C000
|
trusted library allocation
|
page read and write
|
||
|
3757000
|
trusted library allocation
|
page read and write
|
||
|
1C12B000
|
heap
|
page read and write
|
||
|
351E000
|
stack
|
page read and write
|
||
|
1B00000
|
trusted library allocation
|
page execute and read and write
|
||
|
171E000
|
stack
|
page read and write
|
||
|
359A000
|
trusted library allocation
|
page read and write
|
||
|
1BFEC000
|
heap
|
page read and write
|
||
|
96C000
|
stack
|
page read and write
|
||
|
10EE000
|
heap
|
page read and write
|
||
|
374D000
|
trusted library allocation
|
page read and write
|
||
|
611E000
|
stack
|
page read and write
|
||
|
36A8000
|
trusted library allocation
|
page read and write
|
||
|
3590000
|
trusted library allocation
|
page read and write
|
||
|
2229F000
|
direct allocation
|
page readonly
|
||
|
33D1000
|
trusted library allocation
|
page read and write
|
||
|
3520000
|
trusted library allocation
|
page read and write
|
||
|
1BE9B000
|
stack
|
page read and write
|
||
|
222DF000
|
direct allocation
|
page readonly
|
||
|
113C000
|
heap
|
page read and write
|
||
|
197AD000
|
heap
|
page read and write
|
||
|
439000
|
remote allocation
|
page execute and read and write
|
||
|
12A6000
|
heap
|
page read and write
|
||
|
16CE000
|
stack
|
page read and write
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
19FE000
|
stack
|
page read and write
|
||
|
376C000
|
trusted library allocation
|
page read and write
|
||
|
5E6E000
|
stack
|
page read and write
|
||
|
3709000
|
trusted library allocation
|
page read and write
|
||
|
10A8000
|
heap
|
page read and write
|
||
|
1946000
|
heap
|
page read and write
|
||
|
339E000
|
stack
|
page read and write
|
||
|
539000
|
remote allocation
|
page execute and read and write
|
||
|
641000
|
remote allocation
|
page execute and read and write
|
||
|
1078000
|
heap
|
page read and write
|
||
|
36F3000
|
trusted library allocation
|
page read and write
|
||
|
19790000
|
heap
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
CF2000
|
stack
|
page read and write
|
||
|
11A3000
|
heap
|
page read and write
|
||
|
36EF000
|
trusted library allocation
|
page read and write
|
||
|
3766000
|
trusted library allocation
|
page read and write
|
||
|
3755000
|
trusted library allocation
|
page read and write
|
||
|
59D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BF9C000
|
stack
|
page read and write
|
||
|
4C49000
|
trusted library allocation
|
page read and write
|
||
|
1850000
|
trusted library allocation
|
page read and write
|
||
|
1887000
|
heap
|
page read and write
|
||
|
5CA0000
|
heap
|
page read and write
|
||
|
4769000
|
trusted library allocation
|
page read and write
|
||
|
19A0000
|
trusted library allocation
|
page read and write
|
||
|
197A000
|
trusted library allocation
|
page execute and read and write
|
||
|
14C3F000
|
stack
|
page read and write
|
||
|
1976000
|
trusted library allocation
|
page execute and read and write
|
||
|
14C7D000
|
stack
|
page read and write
|
||
|
16D5000
|
heap
|
page read and write
|
||
|
1987000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C337000
|
heap
|
page read and write
|
||
|
33F0000
|
trusted library allocation
|
page read and write
|
||
|
33A0000
|
heap
|
page read and write
|
||
|
3732000
|
trusted library allocation
|
page read and write
|
||
|
5EE3000
|
trusted library section
|
page read and write
|
||
|
1BE5E000
|
stack
|
page read and write
|
||
|
36A4000
|
trusted library allocation
|
page read and write
|
||
|
36D4000
|
trusted library allocation
|
page read and write
|
||
|
19B0000
|
heap
|
page read and write
|
||
|
376E000
|
trusted library allocation
|
page read and write
|
||
|
32C8000
|
trusted library allocation
|
page read and write
|
||
|
1970000
|
trusted library allocation
|
page read and write
|
||
|
3770000
|
trusted library allocation
|
page read and write
|
||
|
1158000
|
heap
|
page read and write
|
||
|
1093000
|
heap
|
page read and write
|
||
|
643000
|
remote allocation
|
page execute and read and write
|
||
|
1AFE000
|
stack
|
page read and write
|
||
|
1081000
|
unkown
|
page readonly
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
1991D000
|
stack
|
page read and write
|
||
|
502000
|
remote allocation
|
page execute and read and write
|
||
|
3691000
|
trusted library allocation
|
page read and write
|
||
|
371B000
|
trusted library allocation
|
page read and write
|
||
|
5C7D000
|
stack
|
page read and write
|
||
|
14AFC000
|
stack
|
page read and write
|
||
|
1167000
|
heap
|
page read and write
|
||
|
1186000
|
heap
|
page read and write
|
||
|
3719000
|
trusted library allocation
|
page read and write
|
||
|
5C8000
|
remote allocation
|
page execute and read and write
|
||
|
BE0000
|
unkown
|
page readonly
|
||
|
1979C000
|
heap
|
page read and write
|
||
|
601E000
|
stack
|
page read and write
|
||
|
374B000
|
trusted library allocation
|
page read and write
|
||
|
374F000
|
trusted library allocation
|
page read and write
|
||
|
4B1000
|
remote allocation
|
page execute and read and write
|
||
|
3721000
|
trusted library allocation
|
page read and write
|
||
|
1976F000
|
stack
|
page read and write
|
||
|
36F5000
|
trusted library allocation
|
page read and write
|
||
|
36F9000
|
trusted library allocation
|
page read and write
|
||
|
3768000
|
trusted library allocation
|
page read and write
|
||
|
221F6000
|
direct allocation
|
page execute read
|
||
|
3400000
|
trusted library allocation
|
page execute and read and write
|
||
|
19780000
|
heap
|
page read and write
|
||
|
36A6000
|
trusted library allocation
|
page read and write
|
||
|
4AB7000
|
trusted library allocation
|
page read and write
|
||
|
125BD000
|
stack
|
page read and write
|
||
|
36C7000
|
trusted library allocation
|
page read and write
|
||
|
1980000
|
trusted library allocation
|
page read and write
|
||
|
3736000
|
trusted library allocation
|
page read and write
|
||
|
16D0000
|
heap
|
page read and write
|
||
|
1277000
|
heap
|
page read and write
|
||
|
1C272000
|
heap
|
page read and write
|
||
|
36A0000
|
trusted library allocation
|
page read and write
|
||
|
1959000
|
heap
|
page read and write
|
||
|
3762000
|
trusted library allocation
|
page read and write
|
||
|
1003F000
|
stack
|
page read and write
|
||
|
61B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
373E000
|
trusted library allocation
|
page read and write
|
||
|
1722E000
|
stack
|
page read and write
|
||
|
18A5000
|
heap
|
page read and write
|
||
|
36AE000
|
trusted library allocation
|
page read and write
|
||
|
186E000
|
heap
|
page read and write
|
||
|
188C000
|
heap
|
page read and write
|
||
|
198B000
|
trusted library allocation
|
page execute and read and write
|
||
|
10CE000
|
heap
|
page read and write
|
||
|
11EE000
|
heap
|
page read and write
|
||
|
222D2000
|
direct allocation
|
page read and write
|
||
|
3740000
|
trusted library allocation
|
page read and write
|
||
|
119D000
|
heap
|
page read and write
|
||
|
1C339000
|
heap
|
page read and write
|
||
|
FFE000
|
stack
|
page read and write
|
||
|
45F1000
|
trusted library allocation
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
181F000
|
stack
|
page read and write
|
||
|
378E000
|
trusted library allocation
|
page read and write
|
||
|
36C9000
|
trusted library allocation
|
page read and write
|
||
|
1868000
|
heap
|
page read and write
|
||
|
222A8000
|
direct allocation
|
page readonly
|
||
|
3725000
|
trusted library allocation
|
page read and write
|
||
|
EC5000
|
heap
|
page read and write
|
||
|
36D8000
|
trusted library allocation
|
page read and write
|
||
|
1146000
|
heap
|
page read and write
|
||
|
18EA000
|
heap
|
page read and write
|
||
|
4A6000
|
remote allocation
|
page execute and read and write
|
||
|
112B000
|
stack
|
page read and write
|
||
|
36DC000
|
trusted library allocation
|
page read and write
|
||
|
36AA000
|
trusted library allocation
|
page read and write
|
||
|
126F000
|
heap
|
page read and write
|
||
|
35E0000
|
heap
|
page execute and read and write
|
||
|
5960000
|
trusted library allocation
|
page read and write
|
||
|
63BE000
|
stack
|
page read and write
|
||
|
52D000
|
remote allocation
|
page execute and read and write
|
||
|
36A2000
|
trusted library allocation
|
page read and write
|
||
|
371D000
|
trusted library allocation
|
page read and write
|
||
|
22090000
|
direct allocation
|
page execute and read and write
|
||
|
5E70000
|
trusted library section
|
page read and write
|
||
|
1854000
|
trusted library allocation
|
page read and write
|
||
|
197BD000
|
heap
|
page read and write
|
||
|
11A0000
|
heap
|
page read and write
|
||
|
1911000
|
heap
|
page read and write
|
||
|
1963000
|
trusted library allocation
|
page read and write
|
||
|
1030000
|
heap
|
page read and write
|
||
|
22091000
|
direct allocation
|
page execute read
|
||
|
5CAE000
|
heap
|
page read and write
|
||
|
196D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3753000
|
trusted library allocation
|
page read and write
|
||
|
1853000
|
trusted library allocation
|
page execute and read and write
|
||
|
36C1000
|
trusted library allocation
|
page read and write
|
||
|
1BFD0000
|
heap
|
page read and write
|
||
|
368F000
|
trusted library allocation
|
page read and write
|
||
|
43F000
|
remote allocation
|
page execute and read and write
|
||
|
14F5000
|
stack
|
page read and write
|
||
|
36BB000
|
trusted library allocation
|
page read and write
|
||
|
1840000
|
trusted library allocation
|
page read and write
|
||
|
5C6E000
|
stack
|
page read and write
|
||
|
36DA000
|
trusted library allocation
|
page read and write
|
||
|
5B60000
|
heap
|
page execute and read and write
|
||
|
4DD000
|
remote allocation
|
page execute and read and write
|
||
|
22098000
|
direct allocation
|
page execute read
|
||
|
3410000
|
heap
|
page read and write
|
||
|
476B000
|
trusted library allocation
|
page read and write
|
||
|
4690000
|
trusted library allocation
|
page read and write
|
||
|
4D1000
|
remote allocation
|
page execute and read and write
|
||
|
50E000
|
remote allocation
|
page execute and read and write
|
||
|
3706000
|
trusted library allocation
|
page read and write
|
||
|
222DA000
|
direct allocation
|
page readonly
|
||
|
197FD000
|
heap
|
page read and write
|
||
|
1921000
|
heap
|
page read and write
|
||
|
171BD000
|
stack
|
page read and write
|
||
|
59B0000
|
trusted library allocation
|
page read and write
|
||
|
36D6000
|
trusted library allocation
|
page read and write
|
||
|
62BF000
|
stack
|
page read and write
|
||
|
222DD000
|
direct allocation
|
page readonly
|
||
|
615E000
|
stack
|
page read and write
|
||
|
5CA7000
|
heap
|
page read and write
|
||
|
196A000
|
trusted library allocation
|
page read and write
|
There are 242 hidden memdumps, click here to show them.