Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Bill_Of _Lading.exe
|
PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Bill_Of _Lading._d5a6bc31333ed2731238387cca9c2baed124745_111ed6a7_b97e09e4-30ca-4144-a8f1-17b94789fc12\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5691.tmp.dmp
|
Mini DuMP crash report, 16 streams, Tue Oct 29 09:07:42 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5886.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER58D5.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1w10vwtz.wqg.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3kjuxhrd.arq.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dvfrzyx5.k1x.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sux4zclx.ilm.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Bill_Of _Lading.exe
|
"C:\Users\user\Desktop\Bill_Of _Lading.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Bill_Of
_Lading.exe" -Force
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7400 -s 1048
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.ipify.org/
|
172.67.74.152
|
||
|
https://api.ipify.org
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
https://api.ipify.org/t
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://mail.iaa-airferight.com
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.iaa-airferight.com
|
46.175.148.58
|
|
|
|
api.ipify.org
|
172.67.74.152
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
46.175.148.58
|
mail.iaa-airferight.com
|
Ukraine
|
|
|
|
172.67.74.152
|
api.ipify.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
|
EnableLUA
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance
|
Enabled
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CasPol_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CasPol_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CasPol_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CasPol_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CasPol_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CasPol_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CasPol_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CasPol_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CasPol_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CasPol_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CasPol_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CasPol_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CasPol_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CasPol_RASMANCS
|
FileDirectory
|
||
|
\REGISTRY\A\{b2ed9813-b7f3-c252-1837-2c7c75404840}\Root\InventoryApplicationFile\bill_of _lading.|de55ad01decb10c3
|
ProgramId
|
||
|
\REGISTRY\A\{b2ed9813-b7f3-c252-1837-2c7c75404840}\Root\InventoryApplicationFile\bill_of _lading.|de55ad01decb10c3
|
FileId
|
||
|
\REGISTRY\A\{b2ed9813-b7f3-c252-1837-2c7c75404840}\Root\InventoryApplicationFile\bill_of _lading.|de55ad01decb10c3
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{b2ed9813-b7f3-c252-1837-2c7c75404840}\Root\InventoryApplicationFile\bill_of _lading.|de55ad01decb10c3
|
LongPathHash
|
||
|
\REGISTRY\A\{b2ed9813-b7f3-c252-1837-2c7c75404840}\Root\InventoryApplicationFile\bill_of _lading.|de55ad01decb10c3
|
Name
|
||
|
\REGISTRY\A\{b2ed9813-b7f3-c252-1837-2c7c75404840}\Root\InventoryApplicationFile\bill_of _lading.|de55ad01decb10c3
|
OriginalFileName
|
||
|
\REGISTRY\A\{b2ed9813-b7f3-c252-1837-2c7c75404840}\Root\InventoryApplicationFile\bill_of _lading.|de55ad01decb10c3
|
Publisher
|
||
|
\REGISTRY\A\{b2ed9813-b7f3-c252-1837-2c7c75404840}\Root\InventoryApplicationFile\bill_of _lading.|de55ad01decb10c3
|
Version
|
||
|
\REGISTRY\A\{b2ed9813-b7f3-c252-1837-2c7c75404840}\Root\InventoryApplicationFile\bill_of _lading.|de55ad01decb10c3
|
BinFileVersion
|
||
|
\REGISTRY\A\{b2ed9813-b7f3-c252-1837-2c7c75404840}\Root\InventoryApplicationFile\bill_of _lading.|de55ad01decb10c3
|
BinaryType
|
||
|
\REGISTRY\A\{b2ed9813-b7f3-c252-1837-2c7c75404840}\Root\InventoryApplicationFile\bill_of _lading.|de55ad01decb10c3
|
ProductName
|
||
|
\REGISTRY\A\{b2ed9813-b7f3-c252-1837-2c7c75404840}\Root\InventoryApplicationFile\bill_of _lading.|de55ad01decb10c3
|
ProductVersion
|
||
|
\REGISTRY\A\{b2ed9813-b7f3-c252-1837-2c7c75404840}\Root\InventoryApplicationFile\bill_of _lading.|de55ad01decb10c3
|
LinkDate
|
||
|
\REGISTRY\A\{b2ed9813-b7f3-c252-1837-2c7c75404840}\Root\InventoryApplicationFile\bill_of _lading.|de55ad01decb10c3
|
BinProductVersion
|
||
|
\REGISTRY\A\{b2ed9813-b7f3-c252-1837-2c7c75404840}\Root\InventoryApplicationFile\bill_of _lading.|de55ad01decb10c3
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{b2ed9813-b7f3-c252-1837-2c7c75404840}\Root\InventoryApplicationFile\bill_of _lading.|de55ad01decb10c3
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{b2ed9813-b7f3-c252-1837-2c7c75404840}\Root\InventoryApplicationFile\bill_of _lading.|de55ad01decb10c3
|
Size
|
||
|
\REGISTRY\A\{b2ed9813-b7f3-c252-1837-2c7c75404840}\Root\InventoryApplicationFile\bill_of _lading.|de55ad01decb10c3
|
Language
|
||
|
\REGISTRY\A\{b2ed9813-b7f3-c252-1837-2c7c75404840}\Root\InventoryApplicationFile\bill_of _lading.|de55ad01decb10c3
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018001125DC8648
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
There are 29 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
32FC000
|
trusted library allocation
|
page read and write
|
|
|
|
32D1000
|
trusted library allocation
|
page read and write
|
|
|
|
1923DAF1000
|
trusted library allocation
|
page read and write
|
|
|
|
1922DE20000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
6B07000
|
trusted library allocation
|
page read and write
|
||
|
1250000
|
heap
|
page read and write
|
||
|
32C1000
|
trusted library allocation
|
page read and write
|
||
|
69AD000
|
trusted library allocation
|
page read and write
|
||
|
548E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
12D0000
|
trusted library allocation
|
page read and write
|
||
|
1922DAD0000
|
heap
|
page execute and read and write
|
||
|
19246650000
|
heap
|
page read and write
|
||
|
32BF000
|
trusted library allocation
|
page read and write
|
||
|
54A2000
|
trusted library allocation
|
page read and write
|
||
|
12F5000
|
heap
|
page read and write
|
||
|
69B0000
|
trusted library allocation
|
page read and write
|
||
|
1922C013000
|
trusted library allocation
|
page read and write
|
||
|
6A20000
|
trusted library allocation
|
page execute and read and write
|
||
|
545E000
|
stack
|
page read and write
|
||
|
1922C03E000
|
heap
|
page read and write
|
||
|
25C4DFE000
|
stack
|
page read and write
|
||
|
535C000
|
stack
|
page read and write
|
||
|
547E000
|
trusted library allocation
|
page read and write
|
||
|
4281000
|
trusted library allocation
|
page read and write
|
||
|
11B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1922C0DF000
|
heap
|
page read and write
|
||
|
7FFD9B916000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
5460000
|
trusted library allocation
|
page read and write
|
||
|
15E0000
|
trusted library allocation
|
page read and write
|
||
|
330C000
|
trusted library allocation
|
page read and write
|
||
|
2DC0000
|
heap
|
page execute and read and write
|
||
|
5482000
|
trusted library allocation
|
page read and write
|
||
|
1292000
|
heap
|
page read and write
|
||
|
2E0E000
|
stack
|
page read and write
|
||
|
1922DBAF000
|
trusted library allocation
|
page read and write
|
||
|
42A9000
|
trusted library allocation
|
page read and write
|
||
|
6A00000
|
trusted library allocation
|
page read and write
|
||
|
5470000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B946000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B860000
|
trusted library allocation
|
page read and write
|
||
|
58BE000
|
stack
|
page read and write
|
||
|
12E2000
|
trusted library allocation
|
page read and write
|
||
|
32CD000
|
trusted library allocation
|
page read and write
|
||
|
12D6000
|
trusted library allocation
|
page execute and read and write
|
||
|
3304000
|
trusted library allocation
|
page read and write
|
||
|
6EB0000
|
heap
|
page read and write
|
||
|
25C54FD000
|
stack
|
page read and write
|
||
|
1922C200000
|
heap
|
page read and write
|
||
|
1600000
|
heap
|
page read and write
|
||
|
5650000
|
heap
|
page read and write
|
||
|
11FB000
|
heap
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page execute and read and write
|
||
|
6E80000
|
trusted library allocation
|
page read and write
|
||
|
32F8000
|
trusted library allocation
|
page read and write
|
||
|
1922BFE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B91C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B8BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1922C1F0000
|
heap
|
page read and write
|
||
|
12E7000
|
trusted library allocation
|
page execute and read and write
|
||
|
5496000
|
trusted library allocation
|
page read and write
|
||
|
19246390000
|
heap
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
561C000
|
stack
|
page read and write
|
||
|
1922C063000
|
heap
|
page read and write
|
||
|
54B0000
|
trusted library allocation
|
page read and write
|
||
|
1923DDEE000
|
trusted library allocation
|
page read and write
|
||
|
2F20000
|
trusted library allocation
|
page read and write
|
||
|
7FF4A0880000
|
trusted library allocation
|
page execute and read and write
|
||
|
5288000
|
trusted library allocation
|
page read and write
|
||
|
32F6000
|
trusted library allocation
|
page read and write
|
||
|
19245B10000
|
trusted library allocation
|
page read and write
|
||
|
70E0000
|
heap
|
page read and write
|
||
|
7FFD9BA4C000
|
trusted library allocation
|
page read and write
|
||
|
25C58FE000
|
stack
|
page read and write
|
||
|
7FFD9BA19000
|
trusted library allocation
|
page read and write
|
||
|
D3A000
|
stack
|
page read and write
|
||
|
25C4CFE000
|
stack
|
page read and write
|
||
|
25C50FC000
|
stack
|
page read and write
|
||
|
192462E0000
|
trusted library section
|
page read and write
|
||
|
1922C02C000
|
heap
|
page read and write
|
||
|
25C51FE000
|
stack
|
page read and write
|
||
|
1923DAE7000
|
trusted library allocation
|
page read and write
|
||
|
547B000
|
trusted library allocation
|
page read and write
|
||
|
2DB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
11BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BA14000
|
trusted library allocation
|
page read and write
|
||
|
69A0000
|
trusted library allocation
|
page read and write
|
||
|
11EA000
|
heap
|
page read and write
|
||
|
5C28000
|
trusted library allocation
|
page read and write
|
||
|
7EEE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B10000
|
trusted library allocation
|
page read and write
|
||
|
25C52FF000
|
stack
|
page read and write
|
||
|
25C4EFE000
|
stack
|
page read and write
|
||
|
12DA000
|
trusted library allocation
|
page execute and read and write
|
||
|
1923DC47000
|
trusted library allocation
|
page read and write
|
||
|
675E000
|
stack
|
page read and write
|
||
|
5670000
|
heap
|
page execute and read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
32FA000
|
trusted library allocation
|
page read and write
|
||
|
685E000
|
stack
|
page read and write
|
||
|
12E5000
|
trusted library allocation
|
page execute and read and write
|
||
|
19246380000
|
heap
|
page execute and read and write
|
||
|
69B7000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page execute and read and write
|
||
|
3281000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B872000
|
trusted library allocation
|
page read and write
|
||
|
1922C010000
|
trusted library allocation
|
page read and write
|
||
|
62F6000
|
heap
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
1150000
|
heap
|
page read and write
|
||
|
1922C020000
|
heap
|
page read and write
|
||
|
1923DAE1000
|
trusted library allocation
|
page read and write
|
||
|
5B3E000
|
stack
|
page read and write
|
||
|
5A3D000
|
stack
|
page read and write
|
||
|
6B00000
|
trusted library allocation
|
page read and write
|
||
|
11C8000
|
heap
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page read and write
|
||
|
42EB000
|
trusted library allocation
|
page read and write
|
||
|
6369000
|
heap
|
page read and write
|
||
|
12CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
54D0000
|
trusted library allocation
|
page read and write
|
||
|
62E0000
|
heap
|
page read and write
|
||
|
1922BDB6000
|
unkown
|
page readonly
|
||
|
1922BE70000
|
heap
|
page read and write
|
||
|
2F0F000
|
stack
|
page read and write
|
||
|
54C3000
|
heap
|
page read and write
|
||
|
7FFD9B863000
|
trusted library allocation
|
page execute and read and write
|
||
|
1922C060000
|
heap
|
page read and write
|
||
|
1607000
|
heap
|
page read and write
|
||
|
11B4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B88D000
|
trusted library allocation
|
page execute and read and write
|
||
|
633E000
|
heap
|
page read and write
|
||
|
7FFD9BA71000
|
trusted library allocation
|
page read and write
|
||
|
25C53FF000
|
stack
|
page read and write
|
||
|
1922BDB0000
|
unkown
|
page readonly
|
||
|
549D000
|
trusted library allocation
|
page read and write
|
||
|
32B7000
|
trusted library allocation
|
page read and write
|
||
|
54C0000
|
heap
|
page read and write
|
||
|
5C20000
|
trusted library allocation
|
page read and write
|
||
|
6ABE000
|
stack
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
25C59FC000
|
stack
|
page read and write
|
||
|
1922C205000
|
heap
|
page read and write
|
||
|
1922C000000
|
trusted library allocation
|
page read and write
|
||
|
128E000
|
heap
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
1922DB01000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B884000
|
trusted library allocation
|
page read and write
|
||
|
1922C08C000
|
heap
|
page read and write
|
||
|
10F9000
|
stack
|
page read and write
|
||
|
25C4952000
|
stack
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
1922C160000
|
heap
|
page read and write
|
||
|
1922BF90000
|
heap
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
69FE000
|
stack
|
page read and write
|
||
|
11B0000
|
trusted library allocation
|
page read and write
|
||
|
25C4FFE000
|
stack
|
page read and write
|
||
|
1922C08F000
|
heap
|
page read and write
|
||
|
7FFD9B86D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1922DAE1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA65000
|
trusted library allocation
|
page read and write
|
||
|
5BFD000
|
stack
|
page read and write
|
||
|
689E000
|
stack
|
page read and write
|
||
|
6A10000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
5491000
|
trusted library allocation
|
page read and write
|
||
|
1922C1F5000
|
heap
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page execute and read and write
|
||
|
577C000
|
stack
|
page read and write
|
||
|
192463FC000
|
heap
|
page read and write
|
||
|
12E0000
|
trusted library allocation
|
page read and write
|
||
|
58FD000
|
stack
|
page read and write
|
||
|
1922BF70000
|
heap
|
page read and write
|
||
|
12D2000
|
trusted library allocation
|
page read and write
|
||
|
1922C094000
|
heap
|
page read and write
|
||
|
1922BF50000
|
heap
|
page read and write
|
||
|
1245000
|
heap
|
page read and write
|
||
|
7FFD9B87D000
|
trusted library allocation
|
page execute and read and write
|
||
|
671E000
|
stack
|
page read and write
|
||
|
7FFD9B870000
|
trusted library allocation
|
page read and write
|
||
|
33CC000
|
trusted library allocation
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
12EB000
|
trusted library allocation
|
page execute and read and write
|
||
|
12C0000
|
trusted library allocation
|
page read and write
|
||
|
6EC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
25C57FD000
|
stack
|
page read and write
|
||
|
11A0000
|
trusted library allocation
|
page read and write
|
||
|
548A000
|
trusted library allocation
|
page read and write
|
||
|
1922C0F0000
|
heap
|
page read and write
|
||
|
1922C049000
|
heap
|
page read and write
|
||
|
54E0000
|
heap
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
11C0000
|
heap
|
page read and write
|
||
|
699E000
|
stack
|
page read and write
|
||
|
637B000
|
heap
|
page read and write
|
||
|
7FFD9B862000
|
trusted library allocation
|
page read and write
|
||
|
1922C116000
|
heap
|
page read and write
|
||
|
11FF000
|
heap
|
page read and write
|
||
|
1922DBB9000
|
trusted library allocation
|
page read and write
|
||
|
5476000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B88B000
|
trusted library allocation
|
page execute and read and write
|
||
|
57BE000
|
stack
|
page read and write
|
||
|
59FE000
|
stack
|
page read and write
|
||
|
1922BDB2000
|
unkown
|
page readonly
|
||
|
7FFD9B864000
|
trusted library allocation
|
page read and write
|
There are 200 hidden memdumps, click here to show them.