Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Quote.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\gfh\logs.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Quote.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmpCCF1.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\OlhQyptevOgDP.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\OlhQyptevOgDP.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\OlhQyptevOgDP.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2owzu1u5.0nt.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5yuf4t30.k5y.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gmgco5jj.okp.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zr3r1j30.24n.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpDD4C.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Quote.exe
|
"C:\Users\user\Desktop\Quote.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\OlhQyptevOgDP.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\OlhQyptevOgDP" /XML "C:\Users\user\AppData\Local\Temp\tmpCCF1.tmp"
|
|
|
|
C:\Users\user\Desktop\Quote.exe
|
"C:\Users\user\Desktop\Quote.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\OlhQyptevOgDP.exe
|
C:\Users\user\AppData\Roaming\OlhQyptevOgDP.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\OlhQyptevOgDP" /XML "C:\Users\user\AppData\Local\Temp\tmpDD4C.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\OlhQyptevOgDP.exe
|
"C:\Users\user\AppData\Roaming\OlhQyptevOgDP.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 1 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.projectusf.com
|
|
||
|
http://geoplugin.net/json.gp
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.projectusf.com
|
103.186.117.77
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
103.186.117.77
|
www.projectusf.com
|
unknown
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-J91LMC
|
exepath
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-J91LMC
|
licence
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-J91LMC
|
time
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1087000
|
heap
|
page read and write
|
|
|
|
499B000
|
trusted library allocation
|
page read and write
|
|
|
|
3E99000
|
trusted library allocation
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
11CA000
|
heap
|
page read and write
|
|
|
|
3DFA000
|
trusted library allocation
|
page read and write
|
||
|
EF7000
|
stack
|
page read and write
|
||
|
B78000
|
unkown
|
page readonly
|
||
|
6FA0000
|
heap
|
page read and write
|
||
|
F85000
|
heap
|
page read and write
|
||
|
2CD3000
|
trusted library allocation
|
page read and write
|
||
|
ABCE000
|
stack
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
10A2000
|
trusted library allocation
|
page read and write
|
||
|
117E000
|
stack
|
page read and write
|
||
|
2FEA000
|
stack
|
page read and write
|
||
|
4E4B000
|
stack
|
page read and write
|
||
|
B3C000
|
stack
|
page read and write
|
||
|
2B10000
|
heap
|
page read and write
|
||
|
578D000
|
stack
|
page read and write
|
||
|
58E0000
|
heap
|
page read and write
|
||
|
756E000
|
stack
|
page read and write
|
||
|
776E000
|
stack
|
page read and write
|
||
|
58AE000
|
stack
|
page read and write
|
||
|
349E000
|
unkown
|
page read and write
|
||
|
1343000
|
trusted library allocation
|
page execute and read and write
|
||
|
726B000
|
trusted library allocation
|
page read and write
|
||
|
54D0000
|
trusted library allocation
|
page read and write
|
||
|
9C70000
|
trusted library allocation
|
page execute and read and write
|
||
|
477B000
|
trusted library allocation
|
page read and write
|
||
|
1130000
|
heap
|
page read and write
|
||
|
5370000
|
heap
|
page read and write
|
||
|
3250000
|
heap
|
page read and write
|
||
|
351E000
|
stack
|
page read and write
|
||
|
A60E000
|
stack
|
page read and write
|
||
|
1340000
|
trusted library allocation
|
page read and write
|
||
|
71CC000
|
heap
|
page read and write
|
||
|
5840000
|
trusted library allocation
|
page read and write
|
||
|
7F6E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7266000
|
trusted library allocation
|
page read and write
|
||
|
53B0000
|
trusted library allocation
|
page read and write
|
||
|
2E91000
|
trusted library allocation
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
2E60000
|
trusted library allocation
|
page read and write
|
||
|
56B0000
|
heap
|
page read and write
|
||
|
1377000
|
trusted library allocation
|
page execute and read and write
|
||
|
AE0C000
|
stack
|
page read and write
|
||
|
52D4000
|
trusted library allocation
|
page read and write
|
||
|
52B1000
|
trusted library allocation
|
page read and write
|
||
|
1344000
|
trusted library allocation
|
page read and write
|
||
|
54E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CFB000
|
stack
|
page read and write
|
||
|
1080000
|
trusted library allocation
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
70AE000
|
stack
|
page read and write
|
||
|
A92000
|
unkown
|
page readonly
|
||
|
478000
|
remote allocation
|
page execute and read and write
|
||
|
3260000
|
heap
|
page read and write
|
||
|
104E000
|
stack
|
page read and write
|
||
|
AB8E000
|
stack
|
page read and write
|
||
|
5580000
|
trusted library allocation
|
page read and write
|
||
|
3D3F000
|
trusted library allocation
|
page read and write
|
||
|
5590000
|
heap
|
page execute and read and write
|
||
|
ACCE000
|
stack
|
page read and write
|
||
|
10FE000
|
stack
|
page read and write
|
||
|
5380000
|
trusted library allocation
|
page read and write
|
||
|
1090000
|
trusted library allocation
|
page read and write
|
||
|
10A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
A5CE000
|
stack
|
page read and write
|
||
|
1138000
|
heap
|
page read and write
|
||
|
52C2000
|
trusted library allocation
|
page read and write
|
||
|
5670000
|
trusted library allocation
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
112E000
|
stack
|
page read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
2D36000
|
trusted library allocation
|
page read and write
|
||
|
9FD0000
|
heap
|
page read and write
|
||
|
2D3D000
|
trusted library allocation
|
page read and write
|
||
|
A6CE000
|
stack
|
page read and write
|
||
|
A44E000
|
stack
|
page read and write
|
||
|
2D31000
|
trusted library allocation
|
page read and write
|
||
|
2B30000
|
trusted library allocation
|
page execute and read and write
|
||
|
A0D0000
|
heap
|
page read and write
|
||
|
57F0000
|
heap
|
page read and write
|
||
|
737D000
|
stack
|
page read and write
|
||
|
2ECF000
|
stack
|
page read and write
|
||
|
5870000
|
trusted library section
|
page read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
5380000
|
trusted library allocation
|
page read and write
|
||
|
5AB6000
|
trusted library allocation
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
31CE000
|
stack
|
page read and write
|
||
|
1400000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B40000
|
heap
|
page execute and read and write
|
||
|
58A0000
|
heap
|
page read and write
|
||
|
2D2D000
|
stack
|
page read and write
|
||
|
47F4000
|
trusted library allocation
|
page read and write
|
||
|
AA4E000
|
stack
|
page read and write
|
||
|
127E000
|
stack
|
page read and write
|
||
|
2E5F000
|
stack
|
page read and write
|
||
|
E3A000
|
stack
|
page read and write
|
||
|
563B000
|
stack
|
page read and write
|
||
|
13DE000
|
stack
|
page read and write
|
||
|
731E000
|
stack
|
page read and write
|
||
|
588B000
|
trusted library allocation
|
page read and write
|
||
|
52F0000
|
trusted library allocation
|
page read and write
|
||
|
2B60000
|
heap
|
page read and write
|
||
|
57C0000
|
trusted library allocation
|
page read and write
|
||
|
314F000
|
stack
|
page read and write
|
||
|
1130000
|
heap
|
page read and write
|
||
|
54C0000
|
trusted library section
|
page readonly
|
||
|
2F0C000
|
stack
|
page read and write
|
||
|
358F000
|
stack
|
page read and write
|
||
|
100E000
|
stack
|
page read and write
|
||
|
A7ED000
|
stack
|
page read and write
|
||
|
5550000
|
heap
|
page read and write
|
||
|
113E000
|
heap
|
page read and write
|
||
|
5680000
|
trusted library allocation
|
page read and write
|
||
|
320F000
|
stack
|
page read and write
|
||
|
1350000
|
trusted library allocation
|
page read and write
|
||
|
5EA0000
|
heap
|
page read and write
|
||
|
5570000
|
heap
|
page read and write
|
||
|
3DB8000
|
trusted library allocation
|
page read and write
|
||
|
2C71000
|
trusted library allocation
|
page read and write
|
||
|
52B6000
|
trusted library allocation
|
page read and write
|
||
|
10A0000
|
trusted library allocation
|
page read and write
|
||
|
3C71000
|
trusted library allocation
|
page read and write
|
||
|
5650000
|
heap
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
54B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
A94F000
|
stack
|
page read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
A80C000
|
stack
|
page read and write
|
||
|
529B000
|
trusted library allocation
|
page read and write
|
||
|
1417000
|
heap
|
page read and write
|
||
|
1083000
|
trusted library allocation
|
page execute and read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
1229000
|
heap
|
page read and write
|
||
|
2B50000
|
trusted library allocation
|
page read and write
|
||
|
F5C000
|
stack
|
page read and write
|
||
|
7F360000
|
trusted library allocation
|
page execute and read and write
|
||
|
6FAE000
|
heap
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
10B0000
|
heap
|
page read and write
|
||
|
9FE8000
|
heap
|
page read and write
|
||
|
3C79000
|
trusted library allocation
|
page read and write
|
||
|
A48E000
|
stack
|
page read and write
|
||
|
F00000
|
heap
|
page read and write
|
||
|
F55000
|
heap
|
page read and write
|
||
|
2FAD000
|
stack
|
page read and write
|
||
|
9FCF000
|
stack
|
page read and write
|
||
|
9C50000
|
trusted library allocation
|
page read and write
|
||
|
474000
|
remote allocation
|
page execute and read and write
|
||
|
53F0000
|
heap
|
page read and write
|
||
|
AD0B000
|
stack
|
page read and write
|
||
|
2EF3000
|
trusted library allocation
|
page read and write
|
||
|
324F000
|
stack
|
page read and write
|
||
|
54BB000
|
stack
|
page read and write
|
||
|
136A000
|
trusted library allocation
|
page execute and read and write
|
||
|
5640000
|
trusted library section
|
page readonly
|
||
|
9E8E000
|
stack
|
page read and write
|
||
|
5290000
|
trusted library allocation
|
page read and write
|
||
|
322B000
|
heap
|
page read and write
|
||
|
34DF000
|
unkown
|
page read and write
|
||
|
A58E000
|
stack
|
page read and write
|
||
|
108D000
|
trusted library allocation
|
page execute and read and write
|
||
|
EFC000
|
stack
|
page read and write
|
||
|
11B7000
|
heap
|
page read and write
|
||
|
1366000
|
trusted library allocation
|
page execute and read and write
|
||
|
10C2000
|
trusted library allocation
|
page read and write
|
||
|
151E000
|
stack
|
page read and write
|
||
|
FBE000
|
heap
|
page read and write
|
||
|
7672000
|
trusted library allocation
|
page read and write
|
||
|
1390000
|
trusted library allocation
|
page read and write
|
||
|
7260000
|
trusted library allocation
|
page read and write
|
||
|
3F7B000
|
trusted library allocation
|
page read and write
|
||
|
1362000
|
trusted library allocation
|
page read and write
|
||
|
52C0000
|
trusted library allocation
|
page read and write
|
||
|
2C8F000
|
stack
|
page read and write
|
||
|
52D6000
|
trusted library allocation
|
page read and write
|
||
|
52AE000
|
trusted library allocation
|
page read and write
|
||
|
1360000
|
trusted library allocation
|
page read and write
|
||
|
3007000
|
trusted library allocation
|
page read and write
|
||
|
766E000
|
stack
|
page read and write
|
||
|
2B0E000
|
stack
|
page read and write
|
||
|
137E000
|
stack
|
page read and write
|
||
|
132E000
|
stack
|
page read and write
|
||
|
53E0000
|
heap
|
page execute and read and write
|
||
|
5503000
|
heap
|
page read and write
|
||
|
1058000
|
heap
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
303E000
|
unkown
|
page read and write
|
||
|
7270000
|
trusted library allocation
|
page read and write
|
||
|
3290000
|
heap
|
page read and write
|
||
|
57BD000
|
stack
|
page read and write
|
||
|
A34E000
|
stack
|
page read and write
|
||
|
5300000
|
trusted library allocation
|
page read and write
|
||
|
5500000
|
heap
|
page read and write
|
||
|
5880000
|
trusted library allocation
|
page read and write
|
||
|
A70E000
|
stack
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
304D000
|
stack
|
page read and write
|
||
|
471000
|
remote allocation
|
page execute and read and write
|
||
|
1165000
|
heap
|
page read and write
|
||
|
9CCD000
|
stack
|
page read and write
|
||
|
137B000
|
trusted library allocation
|
page execute and read and write
|
||
|
A0E8000
|
heap
|
page read and write
|
||
|
71B0000
|
heap
|
page read and write
|
||
|
5AB0000
|
trusted library allocation
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
2E70000
|
trusted library allocation
|
page read and write
|
||
|
4D6E000
|
stack
|
page read and write
|
||
|
5330000
|
heap
|
page read and write
|
||
|
11BE000
|
stack
|
page read and write
|
||
|
3EC1000
|
trusted library allocation
|
page read and write
|
||
|
58B0000
|
heap
|
page read and write
|
||
|
1330000
|
trusted library allocation
|
page read and write
|
||
|
131E000
|
stack
|
page read and write
|
||
|
109D000
|
trusted library allocation
|
page execute and read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
2D8F000
|
stack
|
page read and write
|
||
|
1084000
|
trusted library allocation
|
page read and write
|
||
|
7330000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D1B000
|
trusted library allocation
|
page read and write
|
||
|
10E0000
|
trusted library allocation
|
page read and write
|
||
|
502C000
|
stack
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
5400000
|
trusted library allocation
|
page read and write
|
||
|
307F000
|
unkown
|
page read and write
|
||
|
5375000
|
trusted library allocation
|
page read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
4E98000
|
trusted library allocation
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
A90000
|
unkown
|
page readonly
|
||
|
2D2E000
|
trusted library allocation
|
page read and write
|
||
|
E5C000
|
stack
|
page read and write
|
||
|
10B7000
|
heap
|
page read and write
|
||
|
5850000
|
trusted library allocation
|
page execute and read and write
|
||
|
10CB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1070000
|
trusted library allocation
|
page read and write
|
||
|
5790000
|
trusted library allocation
|
page read and write
|
||
|
F50000
|
heap
|
page read and write
|
||
|
58C0000
|
heap
|
page read and write
|
||
|
53C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
9ECE000
|
stack
|
page read and write
|
||
|
2D50000
|
heap
|
page execute and read and write
|
||
|
3EB4000
|
trusted library allocation
|
page read and write
|
||
|
FB8000
|
heap
|
page read and write
|
||
|
52E0000
|
trusted library allocation
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
10C0000
|
trusted library allocation
|
page read and write
|
||
|
1072000
|
heap
|
page read and write
|
||
|
1093000
|
trusted library allocation
|
page read and write
|
||
|
F37000
|
stack
|
page read and write
|
||
|
71AE000
|
stack
|
page read and write
|
||
|
329A000
|
heap
|
page read and write
|
||
|
106E000
|
stack
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
10AA000
|
trusted library allocation
|
page execute and read and write
|
||
|
5EB0000
|
heap
|
page read and write
|
||
|
9FD3000
|
heap
|
page read and write
|
||
|
AA8E000
|
stack
|
page read and write
|
||
|
1370000
|
trusted library allocation
|
page read and write
|
||
|
2D42000
|
trusted library allocation
|
page read and write
|
||
|
57D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
114F000
|
heap
|
page read and write
|
||
|
7E9E000
|
stack
|
page read and write
|
||
|
A84E000
|
stack
|
page read and write
|
||
|
3430000
|
heap
|
page read and write
|
||
|
3220000
|
heap
|
page read and write
|
||
|
3270000
|
heap
|
page read and write
|
||
|
7CE0000
|
trusted library section
|
page read and write
|
||
|
52BD000
|
trusted library allocation
|
page read and write
|
||
|
11FE000
|
stack
|
page read and write
|
||
|
135D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5333000
|
heap
|
page read and write
|
||
|
12C0000
|
heap
|
page read and write
|
||
|
134D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C6E000
|
stack
|
page read and write
|
||
|
1353000
|
trusted library allocation
|
page read and write
|
||
|
B8A000
|
stack
|
page read and write
|
||
|
2B8E000
|
stack
|
page read and write
|
||
|
2D10000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
FF2000
|
heap
|
page read and write
|
||
|
1170000
|
heap
|
page read and write
|
||
|
2DCB000
|
stack
|
page read and write
|
||
|
300F000
|
stack
|
page read and write
|
||
|
3E91000
|
trusted library allocation
|
page read and write
|
||
|
5560000
|
heap
|
page read and write
|
||
|
1372000
|
trusted library allocation
|
page read and write
|
||
|
FE5000
|
heap
|
page read and write
|
||
|
A8EE000
|
stack
|
page read and write
|
||
|
474000
|
remote allocation
|
page execute and read and write
|
||
|
5370000
|
trusted library allocation
|
page read and write
|
||
|
2D00000
|
trusted library allocation
|
page read and write
|
||
|
2D6A000
|
stack
|
page read and write
|
||
|
10C7000
|
trusted library allocation
|
page execute and read and write
|
||
|
52F5000
|
trusted library allocation
|
page read and write
|
||
|
A70B000
|
stack
|
page read and write
|
||
|
5320000
|
trusted library allocation
|
page read and write
|
||
|
5294000
|
trusted library allocation
|
page read and write
|
||
|
5390000
|
trusted library allocation
|
page execute and read and write
|
||
|
58A5000
|
heap
|
page read and write
|
||
|
57F5000
|
heap
|
page read and write
|
||
|
719E000
|
stack
|
page read and write
|
||
|
3DCF000
|
trusted library allocation
|
page read and write
|
||
|
1080000
|
heap
|
page read and write
|
||
|
5660000
|
heap
|
page read and write
|
||
|
53A0000
|
trusted library allocation
|
page read and write
|
||
|
1172000
|
heap
|
page read and write
|
||
|
4F4C000
|
stack
|
page read and write
|
||
|
59B0000
|
heap
|
page read and write
|
||
|
A94E000
|
stack
|
page read and write
|
||
|
1218000
|
heap
|
page read and write
|
||
|
4D78000
|
trusted library allocation
|
page read and write
|
||
|
726E000
|
trusted library allocation
|
page read and write
|
||
|
A00E000
|
heap
|
page read and write
|
||
|
52D0000
|
trusted library allocation
|
page read and write
|
||
|
11CD000
|
heap
|
page read and write
|
||
|
3540000
|
heap
|
page read and write
|
||
|
2E80000
|
heap
|
page read and write
|
||
|
1110000
|
heap
|
page read and write
|
||
|
5890000
|
trusted library allocation
|
page read and write
|
There are 316 hidden memdumps, click here to show them.