Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
DHL AWB_NO_92847309329.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DHL AWB_NO_92847309329.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmpE78A.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\rjOyFV.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\rjOyFV.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rjOyFV.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_a0f21muy.tc2.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_etv3k0mc.fpf.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r235kwox.5ca.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uzkkmrym.dk2.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp36E.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\DHL AWB_NO_92847309329.exe
|
"C:\Users\user\Desktop\DHL AWB_NO_92847309329.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\rjOyFV.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\rjOyFV" /XML "C:\Users\user\AppData\Local\Temp\tmpE78A.tmp"
|
|
|
|
C:\Users\user\Desktop\DHL AWB_NO_92847309329.exe
|
"C:\Users\user\Desktop\DHL AWB_NO_92847309329.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\rjOyFV.exe
|
C:\Users\user\AppData\Roaming\rjOyFV.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\rjOyFV" /XML "C:\Users\user\AppData\Local\Temp\tmp36E.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\rjOyFV.exe
|
"C:\Users\user\AppData\Roaming\rjOyFV.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\rjOyFV.exe
|
"C:\Users\user\AppData\Roaming\rjOyFV.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 2 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
windowsocttehe.duckdns.org
|
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://geoplugin.net/json.gp&
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
http://geoplugin.net/json.gpl
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://geoplugin.net/json.gpm
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
http://geoplugin.net/json.gpSystem32
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
http://www.typography.netD
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://tempuri.org/DatabaseWalletDataSet.xsd
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
There are 24 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
windowsocttehe.duckdns.org
|
96.9.210.71
|
|
|
|
geoplugin.net
|
178.237.33.50
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
96.9.210.71
|
windowsocttehe.duckdns.org
|
United States
|
|
|
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\764-0XPV9J
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\764-0XPV9J
|
licence
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
CBA000
|
heap
|
page read and write
|
|
|
|
1587000
|
heap
|
page read and write
|
|
|
|
7000000
|
trusted library section
|
page read and write
|
|
|
|
3A69000
|
trusted library allocation
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
4586000
|
trusted library allocation
|
page read and write
|
|
|
|
2E30000
|
trusted library allocation
|
page read and write
|
||
|
1450000
|
heap
|
page read and write
|
||
|
34CF000
|
stack
|
page read and write
|
||
|
471000
|
remote allocation
|
page execute and read and write
|
||
|
EF0000
|
heap
|
page read and write
|
||
|
2A0D000
|
trusted library allocation
|
page read and write
|
||
|
3E2F000
|
stack
|
page read and write
|
||
|
6CED000
|
trusted library allocation
|
page read and write
|
||
|
C48E000
|
stack
|
page read and write
|
||
|
1457000
|
heap
|
page read and write
|
||
|
7120000
|
trusted library allocation
|
page read and write
|
||
|
AFC000
|
stack
|
page read and write
|
||
|
2E98000
|
trusted library allocation
|
page read and write
|
||
|
33A0000
|
heap
|
page read and write
|
||
|
2A23000
|
heap
|
page read and write
|
||
|
2C60000
|
trusted library allocation
|
page read and write
|
||
|
54C0000
|
heap
|
page read and write
|
||
|
5300000
|
trusted library allocation
|
page read and write
|
||
|
3FBA000
|
trusted library allocation
|
page read and write
|
||
|
11FB000
|
stack
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
10B7000
|
heap
|
page read and write
|
||
|
7280000
|
trusted library allocation
|
page read and write
|
||
|
78D000
|
stack
|
page read and write
|
||
|
10BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
EE0000
|
trusted library allocation
|
page read and write
|
||
|
5160000
|
trusted library allocation
|
page execute and read and write
|
||
|
7EF70000
|
trusted library allocation
|
page execute and read and write
|
||
|
C40000
|
trusted library allocation
|
page read and write
|
||
|
5A67000
|
heap
|
page read and write
|
||
|
717E000
|
stack
|
page read and write
|
||
|
5100000
|
heap
|
page read and write
|
||
|
1104000
|
heap
|
page read and write
|
||
|
1617000
|
heap
|
page read and write
|
||
|
704C000
|
heap
|
page read and write
|
||
|
302B000
|
heap
|
page read and write
|
||
|
1102000
|
heap
|
page read and write
|
||
|
E9E000
|
stack
|
page read and write
|
||
|
7DE000
|
stack
|
page read and write
|
||
|
53AD000
|
stack
|
page read and write
|
||
|
C8CE000
|
stack
|
page read and write
|
||
|
5840000
|
heap
|
page read and write
|
||
|
56E0000
|
trusted library allocation
|
page read and write
|
||
|
C72E000
|
stack
|
page read and write
|
||
|
52D0000
|
trusted library allocation
|
page read and write
|
||
|
A5AE000
|
stack
|
page read and write
|
||
|
CB0E000
|
stack
|
page read and write
|
||
|
49EB000
|
trusted library allocation
|
page read and write
|
||
|
715E000
|
heap
|
page read and write
|
||
|
E9F000
|
stack
|
page read and write
|
||
|
C52000
|
trusted library allocation
|
page read and write
|
||
|
31AF000
|
trusted library allocation
|
page read and write
|
||
|
13C0000
|
trusted library allocation
|
page read and write
|
||
|
C62D000
|
stack
|
page read and write
|
||
|
2A40000
|
trusted library allocation
|
page read and write
|
||
|
59EE000
|
stack
|
page read and write
|
||
|
CD8C000
|
stack
|
page read and write
|
||
|
A22E000
|
stack
|
page read and write
|
||
|
FF5000
|
heap
|
page read and write
|
||
|
2DBF000
|
stack
|
page read and write
|
||
|
D5D000
|
heap
|
page read and write
|
||
|
28F0000
|
heap
|
page read and write
|
||
|
EDE000
|
stack
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
52A0000
|
heap
|
page read and write
|
||
|
4176000
|
trusted library allocation
|
page read and write
|
||
|
9E7D000
|
stack
|
page read and write
|
||
|
1615000
|
heap
|
page read and write
|
||
|
CD7000
|
heap
|
page read and write
|
||
|
143E000
|
stack
|
page read and write
|
||
|
72A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
10A4000
|
trusted library allocation
|
page read and write
|
||
|
2D98000
|
trusted library allocation
|
page read and write
|
||
|
76C000
|
stack
|
page read and write
|
||
|
AF7000
|
stack
|
page read and write
|
||
|
C5E000
|
stack
|
page read and write
|
||
|
1603000
|
heap
|
page read and write
|
||
|
FFF000
|
stack
|
page read and write
|
||
|
15FE000
|
heap
|
page read and write
|
||
|
56D0000
|
trusted library allocation
|
page read and write
|
||
|
2A06000
|
trusted library allocation
|
page read and write
|
||
|
4EE2000
|
trusted library allocation
|
page read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
5A3E000
|
heap
|
page read and write
|
||
|
515C000
|
stack
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
A5EC000
|
stack
|
page read and write
|
||
|
CC4E000
|
stack
|
page read and write
|
||
|
5800000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A4C000
|
heap
|
page read and write
|
||
|
57FE000
|
stack
|
page read and write
|
||
|
A32E000
|
stack
|
page read and write
|
||
|
46E000
|
remote allocation
|
page execute and read and write
|
||
|
13D0000
|
trusted library allocation
|
page read and write
|
||
|
3FD2000
|
trusted library allocation
|
page read and write
|
||
|
CC9000
|
heap
|
page read and write
|
||
|
31AD000
|
trusted library allocation
|
page read and write
|
||
|
3E83000
|
trusted library allocation
|
page read and write
|
||
|
5830000
|
heap
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
14AE000
|
stack
|
page read and write
|
||
|
2E51000
|
trusted library allocation
|
page read and write
|
||
|
2975000
|
trusted library allocation
|
page read and write
|
||
|
326F000
|
stack
|
page read and write
|
||
|
5352000
|
trusted library allocation
|
page read and write
|
||
|
C340000
|
trusted library allocation
|
page execute and read and write
|
||
|
1008000
|
trusted library allocation
|
page read and write
|
||
|
590000
|
unkown
|
page readonly
|
||
|
795E000
|
stack
|
page read and write
|
||
|
2A01000
|
trusted library allocation
|
page read and write
|
||
|
6FA0000
|
heap
|
page read and write
|
||
|
5350000
|
trusted library allocation
|
page read and write
|
||
|
3A61000
|
trusted library allocation
|
page read and write
|
||
|
2D30000
|
heap
|
page read and write
|
||
|
2C76000
|
trusted library allocation
|
page read and write
|
||
|
2A20000
|
heap
|
page read and write
|
||
|
2990000
|
heap
|
page execute and read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
13C2000
|
trusted library allocation
|
page read and write
|
||
|
2A61000
|
trusted library allocation
|
page read and write
|
||
|
CA0E000
|
stack
|
page read and write
|
||
|
A0BE000
|
stack
|
page read and write
|
||
|
13CA000
|
trusted library allocation
|
page execute and read and write
|
||
|
4B5C000
|
stack
|
page read and write
|
||
|
87E000
|
unkown
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
7140000
|
heap
|
page read and write
|
||
|
54A0000
|
trusted library section
|
page readonly
|
||
|
C4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
4F20000
|
trusted library allocation
|
page read and write
|
||
|
10F4000
|
heap
|
page read and write
|
||
|
A6EC000
|
stack
|
page read and write
|
||
|
9C4F000
|
stack
|
page read and write
|
||
|
184F000
|
stack
|
page read and write
|
||
|
29FE000
|
trusted library allocation
|
page read and write
|
||
|
A36E000
|
stack
|
page read and write
|
||
|
529B000
|
trusted library allocation
|
page read and write
|
||
|
5290000
|
trusted library allocation
|
page read and write
|
||
|
5810000
|
trusted library allocation
|
page read and write
|
||
|
54A4000
|
trusted library section
|
page readonly
|
||
|
1440000
|
trusted library allocation
|
page execute and read and write
|
||
|
5433000
|
heap
|
page read and write
|
||
|
6F0E000
|
heap
|
page read and write
|
||
|
C34000
|
trusted library allocation
|
page read and write
|
||
|
C90000
|
trusted library allocation
|
page execute and read and write
|
||
|
40BF000
|
trusted library allocation
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
67C000
|
unkown
|
page readonly
|
||
|
7110000
|
heap
|
page read and write
|
||
|
5825000
|
heap
|
page read and write
|
||
|
112F000
|
heap
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
7310000
|
trusted library allocation
|
page read and write
|
||
|
2C70000
|
trusted library allocation
|
page read and write
|
||
|
4ED0000
|
heap
|
page read and write
|
||
|
50D0000
|
trusted library section
|
page readonly
|
||
|
C38D000
|
stack
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
29E0000
|
trusted library allocation
|
page read and write
|
||
|
52BD000
|
trusted library allocation
|
page read and write
|
||
|
592000
|
unkown
|
page readonly
|
||
|
15C6000
|
heap
|
page read and write
|
||
|
74F0000
|
trusted library allocation
|
page read and write
|
||
|
730E000
|
stack
|
page read and write
|
||
|
3FFC000
|
trusted library allocation
|
page read and write
|
||
|
C3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
50E0000
|
heap
|
page execute and read and write
|
||
|
10B0000
|
heap
|
page read and write
|
||
|
5410000
|
trusted library allocation
|
page read and write
|
||
|
3F45000
|
trusted library allocation
|
page read and write
|
||
|
52E0000
|
trusted library allocation
|
page read and write
|
||
|
3E6E000
|
trusted library allocation
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
2C3B000
|
stack
|
page read and write
|
||
|
7030000
|
heap
|
page read and write
|
||
|
C43000
|
trusted library allocation
|
page read and write
|
||
|
7121000
|
heap
|
page read and write
|
||
|
9B4E000
|
stack
|
page read and write
|
||
|
29DB000
|
stack
|
page read and write
|
||
|
D94000
|
heap
|
page read and write
|
||
|
29EB000
|
trusted library allocation
|
page read and write
|
||
|
2980000
|
trusted library allocation
|
page read and write
|
||
|
117F000
|
heap
|
page read and write
|
||
|
107E000
|
stack
|
page read and write
|
||
|
2D50000
|
heap
|
page read and write
|
||
|
2DAE000
|
unkown
|
page read and write
|
||
|
C30000
|
trusted library allocation
|
page read and write
|
||
|
15F1000
|
heap
|
page read and write
|
||
|
C4ED000
|
stack
|
page read and write
|
||
|
EF7000
|
stack
|
page read and write
|
||
|
13DB000
|
trusted library allocation
|
page execute and read and write
|
||
|
3180000
|
heap
|
page read and write
|
||
|
2D7E000
|
stack
|
page read and write
|
||
|
739E000
|
stack
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
A93E000
|
stack
|
page read and write
|
||
|
10CA000
|
heap
|
page read and write
|
||
|
CB4E000
|
stack
|
page read and write
|
||
|
9F7E000
|
stack
|
page read and write
|
||
|
10B3000
|
trusted library allocation
|
page read and write
|
||
|
15CF000
|
heap
|
page read and write
|
||
|
13C6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7020000
|
heap
|
page read and write
|
||
|
F9E000
|
stack
|
page read and write
|
||
|
549B000
|
stack
|
page read and write
|
||
|
7044000
|
heap
|
page read and write
|
||
|
5A10000
|
heap
|
page read and write
|
||
|
6B00000
|
trusted library allocation
|
page read and write
|
||
|
1610000
|
heap
|
page read and write
|
||
|
328F000
|
stack
|
page read and write
|
||
|
54F0000
|
heap
|
page execute and read and write
|
||
|
727F000
|
stack
|
page read and write
|
||
|
C20000
|
trusted library allocation
|
page read and write
|
||
|
56F0000
|
heap
|
page read and write
|
||
|
15E1000
|
heap
|
page read and write
|
||
|
C62000
|
trusted library allocation
|
page read and write
|
||
|
C80000
|
trusted library allocation
|
page read and write
|
||
|
10FC000
|
stack
|
page read and write
|
||
|
14B0000
|
heap
|
page read and write
|
||
|
D1C000
|
heap
|
page read and write
|
||
|
5440000
|
trusted library allocation
|
page read and write
|
||
|
A6F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
A700000
|
heap
|
page read and write
|
||
|
CE2000
|
heap
|
page read and write
|
||
|
CAE000
|
heap
|
page read and write
|
||
|
CA8000
|
heap
|
page read and write
|
||
|
7EF10000
|
trusted library allocation
|
page execute and read and write
|
||
|
312E000
|
stack
|
page read and write
|
||
|
5820000
|
heap
|
page read and write
|
||
|
5430000
|
heap
|
page read and write
|
||
|
2C0A000
|
heap
|
page read and write
|
||
|
5110000
|
heap
|
page read and write
|
||
|
13F0000
|
trusted library allocation
|
page read and write
|
||
|
10AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
29EF000
|
unkown
|
page read and write
|
||
|
C5A000
|
trusted library allocation
|
page execute and read and write
|
||
|
C5EE000
|
stack
|
page read and write
|
||
|
52B6000
|
trusted library allocation
|
page read and write
|
||
|
3E51000
|
trusted library allocation
|
page read and write
|
||
|
9FBE000
|
stack
|
page read and write
|
||
|
7290000
|
trusted library allocation
|
page read and write
|
||
|
2E40000
|
heap
|
page execute and read and write
|
||
|
12BE000
|
stack
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
10A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
B6A000
|
stack
|
page read and write
|
||
|
2C40000
|
heap
|
page read and write
|
||
|
10CE000
|
heap
|
page read and write
|
||
|
10A0000
|
trusted library allocation
|
page read and write
|
||
|
2C9D000
|
stack
|
page read and write
|
||
|
52C2000
|
trusted library allocation
|
page read and write
|
||
|
7320000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B22000
|
trusted library allocation
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
3D2E000
|
stack
|
page read and write
|
||
|
54D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4EF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3E59000
|
trusted library allocation
|
page read and write
|
||
|
2C74000
|
trusted library allocation
|
page read and write
|
||
|
73A5000
|
trusted library allocation
|
page read and write
|
||
|
10C0000
|
heap
|
page read and write
|
||
|
6CCE000
|
trusted library allocation
|
page read and write
|
||
|
C9CE000
|
stack
|
page read and write
|
||
|
2960000
|
trusted library allocation
|
page read and write
|
||
|
2D8F000
|
stack
|
page read and write
|
||
|
73A0000
|
trusted library allocation
|
page read and write
|
||
|
1580000
|
heap
|
page read and write
|
||
|
5A19000
|
heap
|
page read and write
|
||
|
54B0000
|
heap
|
page read and write
|
||
|
29A0000
|
heap
|
page read and write
|
||
|
CEB000
|
heap
|
page read and write
|
||
|
13BF000
|
stack
|
page read and write
|
||
|
C6B000
|
trusted library allocation
|
page execute and read and write
|
||
|
C0E000
|
stack
|
page read and write
|
||
|
2970000
|
trusted library allocation
|
page read and write
|
||
|
2AA8000
|
trusted library allocation
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
7CA000
|
stack
|
page read and write
|
||
|
155E000
|
stack
|
page read and write
|
||
|
5115000
|
heap
|
page read and write
|
||
|
A46E000
|
stack
|
page read and write
|
||
|
52AE000
|
trusted library allocation
|
page read and write
|
||
|
CC8C000
|
stack
|
page read and write
|
||
|
2EB4000
|
trusted library allocation
|
page read and write
|
||
|
2C1D000
|
heap
|
page read and write
|
||
|
A83E000
|
stack
|
page read and write
|
||
|
1090000
|
trusted library allocation
|
page read and write
|
||
|
10A0000
|
trusted library allocation
|
page read and write
|
||
|
475000
|
remote allocation
|
page execute and read and write
|
||
|
5340000
|
heap
|
page read and write
|
||
|
70A000
|
stack
|
page read and write
|
||
|
10B0000
|
trusted library allocation
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
5A50000
|
heap
|
page read and write
|
||
|
C33000
|
trusted library allocation
|
page execute and read and write
|
||
|
CA7000
|
heap
|
page read and write
|
||
|
13D2000
|
trusted library allocation
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
C1D000
|
stack
|
page read and write
|
||
|
4F00000
|
trusted library allocation
|
page read and write
|
||
|
2CDA000
|
stack
|
page read and write
|
||
|
5360000
|
trusted library allocation
|
page execute and read and write
|
||
|
5440000
|
trusted library allocation
|
page read and write
|
||
|
10F8000
|
heap
|
page read and write
|
||
|
471000
|
remote allocation
|
page execute and read and write
|
||
|
C67000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
C56000
|
trusted library allocation
|
page execute and read and write
|
||
|
10DF000
|
heap
|
page read and write
|
||
|
6F00000
|
heap
|
page read and write
|
||
|
52B1000
|
trusted library allocation
|
page read and write
|
||
|
295E000
|
stack
|
page read and write
|
||
|
161E000
|
heap
|
page read and write
|
||
|
7161000
|
heap
|
page read and write
|
||
|
13D7000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A00000
|
heap
|
page read and write
|
||
|
2AC4000
|
trusted library allocation
|
page read and write
|
||
|
A4AE000
|
stack
|
page read and write
|
||
|
4976000
|
trusted library allocation
|
page read and write
|
||
|
4F4C000
|
stack
|
page read and write
|
||
|
50F0000
|
heap
|
page read and write
|
||
|
160E000
|
heap
|
page read and write
|
||
|
40B3000
|
trusted library allocation
|
page read and write
|
||
|
1510000
|
heap
|
page read and write
|
||
|
9A50000
|
trusted library section
|
page read and write
|
||
|
52D5000
|
trusted library allocation
|
page read and write
|
||
|
322E000
|
stack
|
page read and write
|
||
|
56EE000
|
trusted library allocation
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
C50000
|
trusted library allocation
|
page read and write
|
||
|
103E000
|
stack
|
page read and write
|
||
|
1460000
|
heap
|
page read and write
|
||
|
4EE0000
|
trusted library allocation
|
page read and write
|
||
|
5294000
|
trusted library allocation
|
page read and write
|
||
|
7130000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DEF000
|
unkown
|
page read and write
|
There are 334 hidden memdumps, click here to show them.