Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
L3pFsxNFICpBGmi.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\L3pFsxNFICpBGmi.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmp4C43.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\VgPjxShbdbBH.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3pad0gkz.1q4.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_504tzhih.vd4.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dd3gdga5.5id.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uxs0w3zc.zmi.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp5CCE.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe
|
"C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VgPjxShbdbBH" /XML "C:\Users\user\AppData\Local\Temp\tmp4C43.tmp"
|
|
|
|
C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe
|
"C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe
|
C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VgPjxShbdbBH" /XML "C:\Users\user\AppData\Local\Temp\tmp5CCE.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe
|
"C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe
|
"C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 2 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
15.164.165.52.in-addr.arpa
|
unknown
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
BE0000
|
direct allocation
|
page read and write
|
|
|
|
305B000
|
heap
|
page read and write
|
||
|
117F000
|
stack
|
page read and write
|
||
|
1652000
|
trusted library allocation
|
page read and write
|
||
|
4D30000
|
trusted library allocation
|
page read and write
|
||
|
58D0000
|
trusted library allocation
|
page read and write
|
||
|
A8A000
|
heap
|
page read and write
|
||
|
5048000
|
trusted library allocation
|
page read and write
|
||
|
7C03000
|
heap
|
page read and write
|
||
|
1670000
|
trusted library allocation
|
page read and write
|
||
|
7460000
|
trusted library allocation
|
page execute and read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
71FE000
|
stack
|
page read and write
|
||
|
4F20000
|
heap
|
page read and write
|
||
|
164A000
|
trusted library allocation
|
page execute and read and write
|
||
|
9E6E000
|
stack
|
page read and write
|
||
|
450000
|
unkown
|
page readonly
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
76F0000
|
trusted library allocation
|
page read and write
|
||
|
4389000
|
trusted library allocation
|
page read and write
|
||
|
75F0000
|
trusted library allocation
|
page read and write
|
||
|
5E6D000
|
trusted library allocation
|
page read and write
|
||
|
2730000
|
heap
|
page read and write
|
||
|
3861000
|
trusted library allocation
|
page read and write
|
||
|
5903000
|
heap
|
page read and write
|
||
|
1361000
|
direct allocation
|
page execute and read and write
|
||
|
4CA4000
|
trusted library allocation
|
page read and write
|
||
|
5E20000
|
trusted library allocation
|
page read and write
|
||
|
1591000
|
direct allocation
|
page execute and read and write
|
||
|
A1F000
|
heap
|
page read and write
|
||
|
495C000
|
stack
|
page read and write
|
||
|
11A0000
|
heap
|
page read and write
|
||
|
4CBE000
|
trusted library allocation
|
page read and write
|
||
|
7F3E000
|
stack
|
page read and write
|
||
|
CC4000
|
trusted library allocation
|
page read and write
|
||
|
5900000
|
heap
|
page read and write
|
||
|
4381000
|
trusted library allocation
|
page read and write
|
||
|
1680000
|
heap
|
page read and write
|
||
|
3A3E000
|
trusted library allocation
|
page read and write
|
||
|
E1F000
|
unkown
|
page read and write
|
||
|
70D000
|
stack
|
page read and write
|
||
|
96E000
|
stack
|
page read and write
|
||
|
13A2000
|
direct allocation
|
page execute and read and write
|
||
|
E87000
|
heap
|
page read and write
|
||
|
703A000
|
heap
|
page read and write
|
||
|
5360000
|
trusted library allocation
|
page read and write
|
||
|
5D5000
|
heap
|
page read and write
|
||
|
78CE000
|
stack
|
page read and write
|
||
|
11DD000
|
direct allocation
|
page execute and read and write
|
||
|
13F8000
|
direct allocation
|
page execute and read and write
|
||
|
3050000
|
heap
|
page read and write
|
||
|
2720000
|
trusted library allocation
|
page execute and read and write
|
||
|
1409000
|
direct allocation
|
page execute and read and write
|
||
|
DFA000
|
trusted library allocation
|
page execute and read and write
|
||
|
E1E000
|
stack
|
page read and write
|
||
|
4CA0000
|
trusted library allocation
|
page read and write
|
||
|
5E08000
|
trusted library allocation
|
page read and write
|
||
|
16D0000
|
heap
|
page read and write
|
||
|
17B5000
|
heap
|
page read and write
|
||
|
A51E000
|
stack
|
page read and write
|
||
|
2ACB000
|
trusted library allocation
|
page read and write
|
||
|
165B000
|
trusted library allocation
|
page execute and read and write
|
||
|
AD5000
|
heap
|
page read and write
|
||
|
E6E000
|
stack
|
page read and write
|
||
|
1657000
|
trusted library allocation
|
page execute and read and write
|
||
|
5950000
|
trusted library section
|
page readonly
|
||
|
595F000
|
trusted library section
|
page readonly
|
||
|
2700000
|
heap
|
page read and write
|
||
|
DED000
|
trusted library allocation
|
page execute and read and write
|
||
|
33C4000
|
trusted library allocation
|
page read and write
|
||
|
4DC0000
|
heap
|
page read and write
|
||
|
33D4000
|
trusted library allocation
|
page read and write
|
||
|
42E000
|
remote allocation
|
page execute and read and write
|
||
|
12BF000
|
stack
|
page read and write
|
||
|
1646000
|
trusted library allocation
|
page execute and read and write
|
||
|
BBA000
|
stack
|
page read and write
|
||
|
9FEF000
|
stack
|
page read and write
|
||
|
7210000
|
trusted library allocation
|
page read and write
|
||
|
AA50000
|
heap
|
page read and write
|
||
|
E70000
|
heap
|
page read and write
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
4DD0000
|
heap
|
page read and write
|
||
|
16D8000
|
heap
|
page read and write
|
||
|
58B0000
|
trusted library allocation
|
page read and write
|
||
|
5BE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7F200000
|
trusted library allocation
|
page execute and read and write
|
||
|
1625000
|
heap
|
page read and write
|
||
|
75DD000
|
trusted library allocation
|
page read and write
|
||
|
14FF000
|
stack
|
page read and write
|
||
|
A7FE000
|
stack
|
page read and write
|
||
|
9EE000
|
heap
|
page read and write
|
||
|
A02E000
|
stack
|
page read and write
|
||
|
EB7000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
A12F000
|
stack
|
page read and write
|
||
|
7230000
|
trusted library allocation
|
page read and write
|
||
|
11D9000
|
direct allocation
|
page execute and read and write
|
||
|
7600000
|
trusted library allocation
|
page execute and read and write
|
||
|
18CF000
|
stack
|
page read and write
|
||
|
5E60000
|
trusted library allocation
|
page read and write
|
||
|
5E70000
|
trusted library allocation
|
page execute and read and write
|
||
|
4DB0000
|
heap
|
page read and write
|
||
|
2840000
|
trusted library allocation
|
page read and write
|
||
|
AA44000
|
trusted library allocation
|
page read and write
|
||
|
5892000
|
trusted library allocation
|
page read and write
|
||
|
CB0000
|
trusted library allocation
|
page read and write
|
||
|
7FE000
|
stack
|
page read and write
|
||
|
5886000
|
trusted library allocation
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
CC0000
|
trusted library allocation
|
page read and write
|
||
|
734E000
|
stack
|
page read and write
|
||
|
5B55000
|
heap
|
page read and write
|
||
|
CCD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1613000
|
trusted library allocation
|
page execute and read and write
|
||
|
5E10000
|
trusted library allocation
|
page read and write
|
||
|
515D000
|
stack
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
5960000
|
heap
|
page read and write
|
||
|
7220000
|
trusted library section
|
page read and write
|
||
|
5860000
|
trusted library allocation
|
page read and write
|
||
|
7A80000
|
trusted library allocation
|
page execute and read and write
|
||
|
6FF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7454000
|
trusted library allocation
|
page read and write
|
||
|
586B000
|
trusted library allocation
|
page read and write
|
||
|
7035000
|
heap
|
page read and write
|
||
|
A14000
|
heap
|
page read and write
|
||
|
4CD0000
|
trusted library allocation
|
page read and write
|
||
|
5E00000
|
trusted library allocation
|
page read and write
|
||
|
7270000
|
trusted library allocation
|
page read and write
|
||
|
1743000
|
heap
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
DCE000
|
unkown
|
page read and write
|
||
|
E6E000
|
unkown
|
page read and write
|
||
|
75D0000
|
trusted library allocation
|
page read and write
|
||
|
5B4D000
|
stack
|
page read and write
|
||
|
7000000
|
heap
|
page read and write
|
||
|
8F7000
|
stack
|
page read and write
|
||
|
E8E000
|
stack
|
page read and write
|
||
|
AD2000
|
heap
|
page read and write
|
||
|
4CC6000
|
trusted library allocation
|
page read and write
|
||
|
3300000
|
heap
|
page read and write
|
||
|
4F40000
|
heap
|
page read and write
|
||
|
7BE000
|
stack
|
page read and write
|
||
|
7DFE000
|
stack
|
page read and write
|
||
|
4416000
|
trusted library allocation
|
page read and write
|
||
|
AFC000
|
stack
|
page read and write
|
||
|
CAE000
|
stack
|
page read and write
|
||
|
5C00000
|
heap
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
9F6D000
|
trusted library allocation
|
page read and write
|
||
|
9D6D000
|
stack
|
page read and write
|
||
|
6962000
|
trusted library allocation
|
page read and write
|
||
|
9B0E000
|
stack
|
page read and write
|
||
|
7280000
|
trusted library section
|
page read and write
|
||
|
C7A000
|
stack
|
page read and write
|
||
|
7C4B000
|
heap
|
page read and write
|
||
|
16C0000
|
trusted library allocation
|
page read and write
|
||
|
4DA0000
|
trusted library section
|
page readonly
|
||
|
11FE000
|
stack
|
page read and write
|
||
|
7B1E000
|
stack
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
DF8000
|
heap
|
page read and write
|
||
|
15A6000
|
direct allocation
|
page execute and read and write
|
||
|
43CF000
|
trusted library allocation
|
page read and write
|
||
|
7BE0000
|
heap
|
page read and write
|
||
|
1376000
|
direct allocation
|
page execute and read and write
|
||
|
7ADE000
|
stack
|
page read and write
|
||
|
16DE000
|
heap
|
page read and write
|
||
|
594C000
|
stack
|
page read and write
|
||
|
75AE000
|
stack
|
page read and write
|
||
|
2861000
|
trusted library allocation
|
page read and write
|
||
|
1A20000
|
trusted library allocation
|
page read and write
|
||
|
3953000
|
trusted library allocation
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
15AD000
|
direct allocation
|
page execute and read and write
|
||
|
14F6000
|
stack
|
page read and write
|
||
|
1707000
|
heap
|
page read and write
|
||
|
E0B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1620000
|
heap
|
page read and write
|
||
|
1366000
|
direct allocation
|
page execute and read and write
|
||
|
1A40000
|
heap
|
page read and write
|
||
|
ECF000
|
stack
|
page read and write
|
||
|
6FEE000
|
stack
|
page read and write
|
||
|
E20000
|
trusted library allocation
|
page read and write
|
||
|
2668000
|
trusted library allocation
|
page read and write
|
||
|
77CE000
|
stack
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
4CCD000
|
trusted library allocation
|
page read and write
|
||
|
4D00000
|
trusted library allocation
|
page read and write
|
||
|
1650000
|
trusted library allocation
|
page read and write
|
||
|
1A26000
|
trusted library allocation
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
5050000
|
heap
|
page read and write
|
||
|
113A000
|
stack
|
page read and write
|
||
|
9C0E000
|
stack
|
page read and write
|
||
|
5C10000
|
heap
|
page read and write
|
||
|
A16E000
|
stack
|
page read and write
|
||
|
EDF000
|
unkown
|
page read and write
|
||
|
3280000
|
heap
|
page read and write
|
||
|
7610000
|
heap
|
page read and write
|
||
|
4CF0000
|
trusted library allocation
|
page read and write
|
||
|
DF2000
|
trusted library allocation
|
page read and write
|
||
|
A26E000
|
stack
|
page read and write
|
||
|
9AE000
|
stack
|
page read and write
|
||
|
1306000
|
direct allocation
|
page execute and read and write
|
||
|
B7D000
|
stack
|
page read and write
|
||
|
3070000
|
heap
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
AC4E000
|
stack
|
page read and write
|
||
|
4F50000
|
heap
|
page execute and read and write
|
||
|
A57E000
|
stack
|
page read and write
|
||
|
445B000
|
trusted library allocation
|
page read and write
|
||
|
5BF0000
|
heap
|
page execute and read and write
|
||
|
4D9B000
|
stack
|
page read and write
|
||
|
59A0000
|
heap
|
page read and write
|
||
|
7DBE000
|
unkown
|
page read and write
|
||
|
DE0000
|
trusted library allocation
|
page read and write
|
||
|
5D00000
|
heap
|
page read and write
|
||
|
5970000
|
heap
|
page read and write
|
||
|
EAB000
|
stack
|
page read and write
|
||
|
4CE0000
|
trusted library allocation
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
10B0000
|
direct allocation
|
page execute and read and write
|
||
|
1A1F000
|
stack
|
page read and write
|
||
|
74AE000
|
stack
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
16F8000
|
heap
|
page read and write
|
||
|
1403000
|
direct allocation
|
page execute and read and write
|
||
|
332F000
|
stack
|
page read and write
|
||
|
124E000
|
direct allocation
|
page execute and read and write
|
||
|
6E50000
|
trusted library allocation
|
page read and write
|
||
|
9FF000
|
heap
|
page read and write
|
||
|
A8FE000
|
stack
|
page read and write
|
||
|
18D0000
|
heap
|
page read and write
|
||
|
1712000
|
heap
|
page read and write
|
||
|
4D10000
|
trusted library allocation
|
page read and write
|
||
|
9EEE000
|
stack
|
page read and write
|
||
|
58A0000
|
trusted library allocation
|
page read and write
|
||
|
4F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
163D000
|
trusted library allocation
|
page execute and read and write
|
||
|
E07000
|
trusted library allocation
|
page execute and read and write
|
||
|
7C12000
|
heap
|
page read and write
|
||
|
3370000
|
heap
|
page read and write
|
||
|
5260000
|
heap
|
page read and write
|
||
|
452000
|
unkown
|
page readonly
|
||
|
770000
|
heap
|
page read and write
|
||
|
DF0000
|
trusted library allocation
|
page read and write
|
||
|
E30000
|
direct allocation
|
page read and write
|
||
|
7200000
|
trusted library section
|
page read and write
|
||
|
137D000
|
direct allocation
|
page execute and read and write
|
||
|
A37E000
|
stack
|
page read and write
|
||
|
CFC000
|
stack
|
page read and write
|
||
|
CC3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1360000
|
direct allocation
|
page execute and read and write
|
||
|
587E000
|
trusted library allocation
|
page read and write
|
||
|
12E0000
|
direct allocation
|
page execute and read and write
|
||
|
1600000
|
trusted library allocation
|
page read and write
|
||
|
744E000
|
stack
|
page read and write
|
||
|
5055000
|
heap
|
page read and write
|
||
|
7450000
|
trusted library allocation
|
page read and write
|
||
|
A93C000
|
stack
|
page read and write
|
||
|
588D000
|
trusted library allocation
|
page read and write
|
||
|
6E60000
|
trusted library allocation
|
page execute and read and write
|
||
|
5E50000
|
trusted library allocation
|
page read and write
|
||
|
5160000
|
heap
|
page read and write
|
||
|
1614000
|
trusted library allocation
|
page read and write
|
||
|
7FB80000
|
trusted library allocation
|
page execute and read and write
|
||
|
A3AC000
|
stack
|
page read and write
|
||
|
AA3C000
|
stack
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
3869000
|
trusted library allocation
|
page read and write
|
||
|
DDE000
|
stack
|
page read and write
|
||
|
16A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
336B000
|
stack
|
page read and write
|
||
|
5170000
|
heap
|
page read and write
|
||
|
1714000
|
heap
|
page read and write
|
||
|
A67E000
|
stack
|
page read and write
|
||
|
E02000
|
trusted library allocation
|
page read and write
|
||
|
C3D000
|
stack
|
page read and write
|
||
|
6E30000
|
trusted library allocation
|
page execute and read and write
|
||
|
A6BE000
|
stack
|
page read and write
|
||
|
1610000
|
trusted library allocation
|
page read and write
|
||
|
5B50000
|
heap
|
page read and write
|
||
|
AA40000
|
trusted library allocation
|
page read and write
|
||
|
5881000
|
trusted library allocation
|
page read and write
|
||
|
16B0000
|
heap
|
page execute and read and write
|
||
|
DF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
4CD2000
|
trusted library allocation
|
page read and write
|
||
|
551C000
|
stack
|
page read and write
|
||
|
53BE000
|
stack
|
page read and write
|
||
|
59A000
|
stack
|
page read and write
|
||
|
A2AC000
|
stack
|
page read and write
|
||
|
7C35000
|
heap
|
page read and write
|
||
|
1A24000
|
trusted library allocation
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
98D000
|
stack
|
page read and write
|
||
|
E5A000
|
direct allocation
|
page read and write
|
||
|
1A47000
|
heap
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
283E000
|
stack
|
page read and write
|
||
|
AC2000
|
heap
|
page read and write
|
||
|
191E000
|
stack
|
page read and write
|
||
|
1642000
|
trusted library allocation
|
page read and write
|
||
|
6E40000
|
trusted library allocation
|
page read and write
|
||
|
5370000
|
trusted library allocation
|
page read and write
|
||
|
5D0E000
|
heap
|
page read and write
|
||
|
322E000
|
stack
|
page read and write
|
||
|
1A30000
|
trusted library allocation
|
page read and write
|
||
|
4CAB000
|
trusted library allocation
|
page read and write
|
||
|
504000
|
unkown
|
page readonly
|
||
|
5040000
|
trusted library allocation
|
page read and write
|
||
|
FEF000
|
stack
|
page read and write
|
||
|
1640000
|
trusted library allocation
|
page read and write
|
||
|
1630000
|
trusted library allocation
|
page read and write
|
||
|
A7BE000
|
stack
|
page read and write
|
||
|
E90000
|
heap
|
page read and write
|
||
|
3381000
|
trusted library allocation
|
page read and write
|
||
|
2850000
|
heap
|
page execute and read and write
|
||
|
307B000
|
heap
|
page read and write
|
||
|
5864000
|
trusted library allocation
|
page read and write
|
||
|
4CC1000
|
trusted library allocation
|
page read and write
|
||
|
5190000
|
heap
|
page read and write
|
||
|
A21000
|
heap
|
page read and write
|
||
|
11BE000
|
stack
|
page read and write
|
||
|
7E3E000
|
stack
|
page read and write
|
||
|
17B0000
|
heap
|
page read and write
|
||
|
12E7000
|
direct allocation
|
page execute and read and write
|
||
|
5E40000
|
trusted library allocation
|
page execute and read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
4DD3000
|
heap
|
page read and write
|
||
|
161D000
|
trusted library allocation
|
page execute and read and write
|
||
|
CD0000
|
heap
|
page read and write
|
There are 324 hidden memdumps, click here to show them.