Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\main\extracted\Installer.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\main\7z.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\main\7z.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\main\KillDuplicate.cmd
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\main\extracted\AntiAV.data
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\main\extracted\file_1.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\main\extracted\file_2.zip
|
Zip archive data, at least v1.0 to extract, compression method=store
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\main\extracted\file_3.zip
|
Zip archive data, at least v1.0 to extract, compression method=store
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\main\extracted\file_4.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\main\file.bin
|
Zip archive data, at least v2.0 to extract, compression method=store
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\main\file.zip (copy)
|
Zip archive data, at least v2.0 to extract, compression method=store
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\main\main.bat
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with CRLF, CR line terminators
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\main\Installer.exe
|
"Installer.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\mode.com
|
mode 65,10
|
||
|
C:\Users\user\AppData\Local\Temp\main\7z.exe
|
7z.exe e file.zip -p1299923009167529232566422481 -oextracted
|
||
|
C:\Users\user\AppData\Local\Temp\main\7z.exe
|
7z.exe e extracted/file_4.zip -oextracted
|
||
|
C:\Users\user\AppData\Local\Temp\main\7z.exe
|
7z.exe e extracted/file_3.zip -oextracted
|
||
|
C:\Users\user\AppData\Local\Temp\main\7z.exe
|
7z.exe e extracted/file_2.zip -oextracted
|
||
|
C:\Users\user\AppData\Local\Temp\main\7z.exe
|
7z.exe e extracted/file_1.zip -oextracted
|
||
|
C:\Windows\System32\attrib.exe
|
attrib +H "Installer.exe"
|
There are 2 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://joxi.net/4Ak49WQH0GE3Nr.mp3openSizeofResourcegfDASrtdstyfewrtydwyu3467YdesauydgewyuyVirtualPr
|
unknown
|
||
|
http://crt.sectigo.com/SectigoRSACodeSigningCA2.crt0#
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
|
unknown
|
||
|
https://librari-night.sbs/
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
https://librari-night.sbs:443/api
|
unknown
|
||
|
https://librari-night.sbs:443/apitPK
|
unknown
|
||
|
https://librari-night.sbs/api
|
172.67.206.172
|
||
|
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
|
unknown
|
||
|
https://librari-night.sbs/b
|
unknown
|
||
|
p3ar11fter.sbs
|
|||
|
http://joxi.net/4Ak49WQH0GE3Nr.mp3
|
176.9.162.205
|
||
|
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
|
unknown
|
||
|
peepburry828.sbs
|
|||
|
http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
|
unknown
|
||
|
http://joxi.net/4Ak49WQH0GE3Nr.mp36U
|
unknown
|
||
|
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
|
unknown
|
||
|
https://librari-night.sbs/=
|
unknown
|
||
|
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
|
unknown
|
||
|
http://usbtor.ru/viewtopic.php?t=798)Z
|
unknown
|
||
|
http://crl.microsoft.c
|
unknown
|
||
|
http://joxi.net/4Ak49WQH0GE3Nr.mp3ouM
|
unknown
|
||
|
http://crl.sectigo.com/SectigoRSACodeSigningCA2.crl0t
|
unknown
|
||
|
https://librari-night.sbs:443/apihv.default-release/key4.dbPK
|
unknown
|
||
|
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
|
unknown
|
||
|
p10tgrace.sbs
|
|||
|
http://joxi.net/4Ak49WQH0GE3Nr.mp3S
|
unknown
|
||
|
processhol.sbs
|
|||
|
http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
|
unknown
|
||
|
https://librari-night.sbs/apiAA==
|
unknown
|
There are 22 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
joxi.net
|
176.9.162.205
|
||
|
librari-night.sbs
|
172.67.206.172
|
||
|
processhol.sbs
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.67.206.172
|
librari-night.sbs
|
United States
|
||
|
176.9.162.205
|
joxi.net
|
Germany
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
35F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
26C000
|
unkown
|
page read and write
|
|
|
|
400000
|
unkown
|
page readonly
|
||
|
181EA240000
|
heap
|
page read and write
|
||
|
2C3E000
|
stack
|
page read and write
|
||
|
28F000
|
unkown
|
page readonly
|
||
|
2400000
|
direct allocation
|
page read and write
|
||
|
2DD70FD000
|
stack
|
page read and write
|
||
|
2C70000
|
heap
|
page read and write
|
||
|
46975FE000
|
stack
|
page read and write
|
||
|
442000
|
remote allocation
|
page readonly
|
||
|
E88000
|
heap
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
46971CC000
|
stack
|
page read and write
|
||
|
3486000
|
trusted library allocation
|
page read and write
|
||
|
1FC4B160000
|
direct allocation
|
page read and write
|
||
|
2AC000
|
unkown
|
page write copy
|
||
|
CC9000
|
heap
|
page read and write
|
||
|
28F000
|
unkown
|
page readonly
|
||
|
199000
|
stack
|
page read and write
|
||
|
41A000
|
unkown
|
page readonly
|
||
|
2400000
|
direct allocation
|
page read and write
|
||
|
1BDA7AEB000
|
heap
|
page read and write
|
||
|
2451000
|
heap
|
page read and write
|
||
|
241000
|
unkown
|
page execute read
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
1FC4B120000
|
heap
|
page read and write
|
||
|
16CAEFE0000
|
direct allocation
|
page read and write
|
||
|
2F70000
|
direct allocation
|
page read and write
|
||
|
D5A000
|
stack
|
page read and write
|
||
|
181EA160000
|
heap
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
250000
|
unkown
|
page readonly
|
||
|
2650000
|
direct allocation
|
page read and write
|
||
|
423000
|
unkown
|
page readonly
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
1BDA93B0000
|
heap
|
page read and write
|
||
|
28F000
|
unkown
|
page readonly
|
||
|
181EA270000
|
direct allocation
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
1FC4CBE0000
|
direct allocation
|
page read and write
|
||
|
C8B000
|
heap
|
page read and write
|
||
|
4B2E8FE000
|
stack
|
page read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
316F000
|
stack
|
page read and write
|
||
|
1BDA93D0000
|
direct allocation
|
page read and write
|
||
|
D3E851C000
|
stack
|
page read and write
|
||
|
F62000
|
heap
|
page read and write
|
||
|
34BA000
|
trusted library allocation
|
page read and write
|
||
|
BDD000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
41A000
|
unkown
|
page readonly
|
||
|
4E9000
|
unkown
|
page readonly
|
||
|
EDE000
|
stack
|
page read and write
|
||
|
240000
|
unkown
|
page readonly
|
||
|
250000
|
unkown
|
page readonly
|
||
|
16CAF0C5000
|
heap
|
page read and write
|
||
|
6FA000
|
heap
|
page read and write
|
||
|
3470000
|
trusted library allocation
|
page read and write
|
||
|
B78000
|
heap
|
page read and write
|
||
|
2670000
|
direct allocation
|
page read and write
|
||
|
265772E0000
|
heap
|
page read and write
|
||
|
3464000
|
trusted library allocation
|
page read and write
|
||
|
423000
|
unkown
|
page readonly
|
||
|
2AC000
|
unkown
|
page read and write
|
||
|
2440000
|
heap
|
page read and write
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
1FC4CC50000
|
heap
|
page read and write
|
||
|
264000
|
unkown
|
page readonly
|
||
|
22A847E0000
|
heap
|
page read and write
|
||
|
2CAD000
|
stack
|
page read and write
|
||
|
E90000
|
heap
|
page read and write
|
||
|
2450000
|
heap
|
page read and write
|
||
|
22A84825000
|
heap
|
page read and write
|
||
|
2AF000
|
unkown
|
page readonly
|
||
|
737000
|
heap
|
page read and write
|
||
|
2AC000
|
unkown
|
page write copy
|
||
|
46974FE000
|
stack
|
page read and write
|
||
|
CA4000
|
heap
|
page read and write
|
||
|
2AF000
|
unkown
|
page readonly
|
||
|
264000
|
unkown
|
page readonly
|
||
|
2910000
|
heap
|
page read and write
|
||
|
C45000
|
heap
|
page read and write
|
||
|
241000
|
unkown
|
page execute read
|
||
|
2AF000
|
unkown
|
page readonly
|
||
|
3BF3AFC000
|
stack
|
page read and write
|
||
|
1BDA7BE0000
|
heap
|
page read and write
|
||
|
241000
|
unkown
|
page execute read
|
||
|
33CF000
|
stack
|
page read and write
|
||
|
2AF000
|
unkown
|
page readonly
|
||
|
CD5E07F000
|
stack
|
page read and write
|
||
|
2DC0000
|
heap
|
page read and write
|
||
|
C09000
|
heap
|
page read and write
|
||
|
131E000
|
stack
|
page read and write
|
||
|
28F000
|
unkown
|
page readonly
|
||
|
E80000
|
heap
|
page read and write
|
||
|
FB8000
|
heap
|
page read and write
|
||
|
2AC000
|
unkown
|
page read and write
|
||
|
3AA000
|
unkown
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
4D70000
|
direct allocation
|
page read and write
|
||
|
240000
|
unkown
|
page readonly
|
||
|
26577610000
|
heap
|
page read and write
|
||
|
2AF000
|
unkown
|
page readonly
|
||
|
1BDA7A00000
|
heap
|
page read and write
|
||
|
C1E000
|
heap
|
page read and write
|
||
|
121D000
|
stack
|
page read and write
|
||
|
347D000
|
stack
|
page read and write
|
||
|
240000
|
unkown
|
page readonly
|
||
|
2BFE000
|
stack
|
page read and write
|
||
|
306E000
|
stack
|
page read and write
|
||
|
4E9000
|
unkown
|
page readonly
|
||
|
FA4000
|
heap
|
page read and write
|
||
|
31FE000
|
stack
|
page read and write
|
||
|
FDD000
|
stack
|
page read and write
|
||
|
241000
|
unkown
|
page execute read
|
||
|
2DAD000
|
stack
|
page read and write
|
||
|
2AF000
|
unkown
|
page readonly
|
||
|
22A84820000
|
heap
|
page read and write
|
||
|
E4E000
|
stack
|
page read and write
|
||
|
2670000
|
direct allocation
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
3472000
|
trusted library allocation
|
page read and write
|
||
|
1FC4CAE0000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
241000
|
unkown
|
page execute read
|
||
|
2920000
|
heap
|
page read and write
|
||
|
C3A000
|
heap
|
page read and write
|
||
|
2AF000
|
unkown
|
page readonly
|
||
|
F50000
|
heap
|
page read and write
|
||
|
E0D000
|
stack
|
page read and write
|
||
|
181EA285000
|
heap
|
page read and write
|
||
|
2650000
|
direct allocation
|
page read and write
|
||
|
265772D0000
|
heap
|
page read and write
|
||
|
241000
|
unkown
|
page execute read
|
||
|
CAD000
|
heap
|
page read and write
|
||
|
2C6E000
|
stack
|
page read and write
|
||
|
C3D000
|
heap
|
page read and write
|
||
|
1BDA9410000
|
heap
|
page read and write
|
||
|
16CAD67A000
|
heap
|
page read and write
|
||
|
181EBC60000
|
direct allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
240000
|
unkown
|
page readonly
|
||
|
34B7000
|
trusted library allocation
|
page read and write
|
||
|
357E000
|
stack
|
page read and write
|
||
|
AA5000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2AC000
|
unkown
|
page write copy
|
||
|
2AF000
|
unkown
|
page readonly
|
||
|
268E000
|
stack
|
page read and write
|
||
|
22A84830000
|
heap
|
page read and write
|
||
|
508C000
|
direct allocation
|
page read and write
|
||
|
240000
|
unkown
|
page readonly
|
||
|
4B2E5DC000
|
stack
|
page read and write
|
||
|
6A10000
|
direct allocation
|
page read and write
|
||
|
3BF3BFE000
|
stack
|
page read and write
|
||
|
26C000
|
unkown
|
page write copy
|
||
|
2AC000
|
unkown
|
page write copy
|
||
|
E9E000
|
stack
|
page read and write
|
||
|
240000
|
unkown
|
page readonly
|
||
|
3970000
|
direct allocation
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
2790000
|
direct allocation
|
page read and write
|
||
|
343C000
|
stack
|
page read and write
|
||
|
26577300000
|
heap
|
page read and write
|
||
|
AFA000
|
stack
|
page read and write
|
||
|
240000
|
unkown
|
page readonly
|
||
|
16CAF0C0000
|
heap
|
page read and write
|
||
|
3BF3CFE000
|
stack
|
page read and write
|
||
|
3990000
|
direct allocation
|
page read and write
|
||
|
2B6D000
|
stack
|
page read and write
|
||
|
251000
|
unkown
|
page execute read
|
||
|
FD5000
|
heap
|
page read and write
|
||
|
32FF000
|
stack
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
33FB000
|
trusted library allocation
|
page read and write
|
||
|
F5F000
|
heap
|
page read and write
|
||
|
27A0000
|
heap
|
page read and write
|
||
|
181EBB60000
|
heap
|
page read and write
|
||
|
6AAA000
|
direct allocation
|
page read and write
|
||
|
27E0000
|
heap
|
page read and write
|
||
|
3646000
|
direct allocation
|
page execute and read and write
|
||
|
30BF000
|
stack
|
page read and write
|
||
|
C2C000
|
heap
|
page read and write
|
||
|
2657736E000
|
heap
|
page read and write
|
||
|
1FC4B170000
|
heap
|
page read and write
|
||
|
41E000
|
unkown
|
page write copy
|
||
|
5A8C000
|
direct allocation
|
page read and write
|
||
|
2AF000
|
unkown
|
page readonly
|
||
|
258E000
|
unkown
|
page read and write
|
||
|
22A862E0000
|
direct allocation
|
page read and write
|
||
|
16CAD5F0000
|
heap
|
page read and write
|
||
|
28F000
|
unkown
|
page readonly
|
||
|
290F000
|
stack
|
page read and write
|
||
|
41E000
|
unkown
|
page read and write
|
||
|
1FC4CC55000
|
heap
|
page read and write
|
||
|
22A861E0000
|
heap
|
page read and write
|
||
|
240000
|
unkown
|
page readonly
|
||
|
240000
|
unkown
|
page readonly
|
||
|
1BDA9420000
|
heap
|
page read and write
|
||
|
2B4F000
|
stack
|
page read and write
|
||
|
CB1000
|
heap
|
page read and write
|
||
|
2BBF000
|
stack
|
page read and write
|
||
|
445000
|
remote allocation
|
page read and write
|
||
|
3476000
|
trusted library allocation
|
page read and write
|
||
|
346B000
|
trusted library allocation
|
page read and write
|
||
|
FD5000
|
heap
|
page read and write
|
||
|
2FFE000
|
stack
|
page read and write
|
||
|
2DD71FF000
|
stack
|
page read and write
|
||
|
349F000
|
trusted library allocation
|
page read and write
|
||
|
16CAF0D0000
|
heap
|
page read and write
|
||
|
280E000
|
stack
|
page read and write
|
||
|
648C000
|
direct allocation
|
page read and write
|
||
|
240000
|
unkown
|
page readonly
|
||
|
16CAD620000
|
heap
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
2EFE000
|
stack
|
page read and write
|
||
|
22A847D0000
|
heap
|
page read and write
|
||
|
2A4E000
|
stack
|
page read and write
|
||
|
2400000
|
heap
|
page read and write
|
||
|
241000
|
unkown
|
page execute read
|
||
|
181EA280000
|
heap
|
page read and write
|
||
|
28F000
|
unkown
|
page readonly
|
||
|
401000
|
remote allocation
|
page execute read
|
||
|
28F000
|
unkown
|
page readonly
|
||
|
241000
|
unkown
|
page execute read
|
||
|
64D7000
|
direct allocation
|
page read and write
|
||
|
16CAD5E0000
|
heap
|
page read and write
|
||
|
181EBC80000
|
direct allocation
|
page read and write
|
||
|
6FE000
|
heap
|
page read and write
|
||
|
2AC000
|
unkown
|
page read and write
|
||
|
34DF000
|
trusted library allocation
|
page read and write
|
||
|
1FC4B0E0000
|
heap
|
page read and write
|
||
|
32C0000
|
heap
|
page read and write
|
||
|
28F000
|
unkown
|
page readonly
|
||
|
181EA2AB000
|
heap
|
page read and write
|
||
|
241000
|
unkown
|
page execute read
|
||
|
68B0000
|
direct allocation
|
page read and write
|
||
|
1FC4B140000
|
direct allocation
|
page read and write
|
||
|
16CAD670000
|
heap
|
page read and write
|
||
|
2DD72FF000
|
stack
|
page read and write
|
||
|
1BDA7AE0000
|
heap
|
page read and write
|
||
|
FDD000
|
heap
|
page read and write
|
||
|
22A84870000
|
heap
|
page read and write
|
||
|
7FB000
|
stack
|
page read and write
|
||
|
22A8487B000
|
heap
|
page read and write
|
||
|
BF4000
|
heap
|
page read and write
|
||
|
2AC000
|
unkown
|
page write copy
|
||
|
2F90000
|
direct allocation
|
page read and write
|
||
|
26577615000
|
heap
|
page read and write
|
||
|
CD5E0FF000
|
stack
|
page read and write
|
||
|
C7C000
|
heap
|
page read and write
|
||
|
241000
|
unkown
|
page execute read
|
||
|
C36000
|
heap
|
page read and write
|
||
|
346E000
|
trusted library allocation
|
page read and write
|
||
|
2AF000
|
unkown
|
page readonly
|
||
|
D3E88FE000
|
stack
|
page read and write
|
||
|
26577369000
|
heap
|
page read and write
|
||
|
1FC4B17B000
|
heap
|
page read and write
|
||
|
CD5DDDC000
|
stack
|
page read and write
|
||
|
2690000
|
direct allocation
|
page read and write
|
||
|
2770000
|
direct allocation
|
page read and write
|
||
|
1BDA9415000
|
heap
|
page read and write
|
||
|
251000
|
unkown
|
page execute read
|
||
|
BFE000
|
heap
|
page read and write
|
||
|
4370000
|
direct allocation
|
page read and write
|
||
|
28F000
|
unkown
|
page readonly
|
||
|
333C000
|
stack
|
page read and write
|
||
|
1FC4B0F0000
|
heap
|
page read and write
|
||
|
BBE000
|
stack
|
page read and write
|
||
|
D3E89FE000
|
stack
|
page read and write
|
||
|
1FC4CC60000
|
direct allocation
|
page read and write
|
||
|
4B2E9FE000
|
stack
|
page read and write
|
||
|
347C000
|
trusted library allocation
|
page read and write
|
||
|
16CAD640000
|
direct allocation
|
page read and write
|
||
|
31CE000
|
stack
|
page read and write
|
||
|
2451000
|
heap
|
page read and write
|
||
|
2AC000
|
unkown
|
page read and write
|
||
|
31BF000
|
stack
|
page read and write
|
||
|
181EA2A0000
|
heap
|
page read and write
|
||
|
456000
|
remote allocation
|
page readonly
|
||
|
D5F000
|
stack
|
page execute and read and write
|
||
|
22A84850000
|
direct allocation
|
page read and write
|
||
|
2AC000
|
unkown
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
595000
|
heap
|
page read and write
|
||
|
181EBB40000
|
heap
|
page read and write
|
||
|
28F000
|
unkown
|
page readonly
|
||
|
C5B000
|
stack
|
page read and write
|
||
|
1BDA9520000
|
direct allocation
|
page read and write
|
||
|
1BDA93F0000
|
direct allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
2454000
|
heap
|
page read and write
|
||
|
26577360000
|
heap
|
page read and write
|
||
|
F1E000
|
stack
|
page read and write
|
There are 287 hidden memdumps, click here to show them.