Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
BL-INV-PL-ISO.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\BL-INV-PL-ISO.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmp590C.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\dZxrrOCj.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\dZxrrOCj.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2gyktmql.t4p.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cbazdhg0.dun.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cn1tgy2e.ph1.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_n4esw3el.htp.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pq2ypskd.3gr.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sjycvick.3it.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u4ht5npl.kop.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yt04t5bh.pzc.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp68AC.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\dZxrrOCj.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\BL-INV-PL-ISO.exe
|
"C:\Users\user\Desktop\BL-INV-PL-ISO.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BL-INV-PL-ISO.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\dZxrrOCj.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dZxrrOCj" /XML "C:\Users\user\AppData\Local\Temp\tmp590C.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\dZxrrOCj.exe
|
C:\Users\user\AppData\Roaming\dZxrrOCj.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dZxrrOCj" /XML "C:\Users\user\AppData\Local\Temp\tmp68AC.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 7 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://www.sakkal.com.
|
unknown
|
||
|
http://www.typography.netD
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
There are 17 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
58F0000
|
direct allocation
|
page read and write
|
|
|
|
4D83000
|
heap
|
page read and write
|
||
|
28DB000
|
trusted library allocation
|
page read and write
|
||
|
92B5000
|
trusted library allocation
|
page read and write
|
||
|
6B0A000
|
heap
|
page read and write
|
||
|
A0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
263E000
|
stack
|
page read and write
|
||
|
2604000
|
trusted library allocation
|
page read and write
|
||
|
5490000
|
heap
|
page read and write
|
||
|
667000
|
heap
|
page read and write
|
||
|
734E000
|
stack
|
page read and write
|
||
|
5370000
|
heap
|
page read and write
|
||
|
BFA000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E6D000
|
stack
|
page read and write
|
||
|
759C000
|
stack
|
page read and write
|
||
|
40DC000
|
trusted library allocation
|
page read and write
|
||
|
FD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
59E000
|
heap
|
page read and write
|
||
|
A04000
|
trusted library allocation
|
page read and write
|
||
|
A9E000
|
stack
|
page read and write
|
||
|
4F7000
|
stack
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
4F70000
|
heap
|
page read and write
|
||
|
5D4000
|
heap
|
page read and write
|
||
|
4CDB000
|
trusted library allocation
|
page read and write
|
||
|
5B8000
|
heap
|
page read and write
|
||
|
4EC0000
|
heap
|
page read and write
|
||
|
23A0000
|
trusted library allocation
|
page read and write
|
||
|
288F000
|
trusted library allocation
|
page read and write
|
||
|
2661000
|
trusted library allocation
|
page read and write
|
||
|
770E000
|
stack
|
page read and write
|
||
|
90FD000
|
trusted library allocation
|
page read and write
|
||
|
70D0000
|
heap
|
page read and write
|
||
|
5035000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
486E000
|
stack
|
page read and write
|
||
|
24BE000
|
stack
|
page read and write
|
||
|
6B2C000
|
heap
|
page read and write
|
||
|
42000
|
unkown
|
page readonly
|
||
|
37F1000
|
trusted library allocation
|
page read and write
|
||
|
4CD0000
|
trusted library allocation
|
page read and write
|
||
|
BED000
|
trusted library allocation
|
page execute and read and write
|
||
|
2570000
|
trusted library allocation
|
page read and write
|
||
|
5C5000
|
heap
|
page read and write
|
||
|
4D00000
|
trusted library allocation
|
page read and write
|
||
|
6DEE000
|
stack
|
page read and write
|
||
|
749C000
|
stack
|
page read and write
|
||
|
4D70000
|
trusted library allocation
|
page execute and read and write
|
||
|
5030000
|
heap
|
page read and write
|
||
|
BC0000
|
trusted library allocation
|
page read and write
|
||
|
479000
|
stack
|
page read and write
|
||
|
AF0000
|
trusted library allocation
|
page read and write
|
||
|
BB7D000
|
stack
|
page read and write
|
||
|
9AE000
|
stack
|
page read and write
|
||
|
4D60000
|
heap
|
page read and write
|
||
|
8F7000
|
stack
|
page read and write
|
||
|
AE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
B83E000
|
stack
|
page read and write
|
||
|
A00000
|
trusted library allocation
|
page read and write
|
||
|
E3F000
|
stack
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
72E0000
|
heap
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
5BEE000
|
direct allocation
|
page execute and read and write
|
||
|
A3E000
|
heap
|
page read and write
|
||
|
758E000
|
stack
|
page read and write
|
||
|
86F000
|
stack
|
page read and write
|
||
|
BDD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2660000
|
trusted library allocation
|
page read and write
|
||
|
2656000
|
trusted library allocation
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
4E80000
|
heap
|
page read and write
|
||
|
9700000
|
trusted library section
|
page read and write
|
||
|
4FE0000
|
trusted library allocation
|
page read and write
|
||
|
1AA000
|
stack
|
page read and write
|
||
|
5B79000
|
direct allocation
|
page execute and read and write
|
||
|
37F9000
|
trusted library allocation
|
page read and write
|
||
|
695000
|
heap
|
page read and write
|
||
|
5240000
|
heap
|
page read and write
|
||
|
24E1000
|
trusted library allocation
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
4308000
|
trusted library allocation
|
page read and write
|
||
|
6FC0000
|
trusted library allocation
|
page read and write
|
||
|
BBAD000
|
stack
|
page read and write
|
||
|
25C1000
|
trusted library allocation
|
page read and write
|
||
|
5B7D000
|
direct allocation
|
page execute and read and write
|
||
|
54B0000
|
heap
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
27D0000
|
trusted library allocation
|
page read and write
|
||
|
BB6E000
|
stack
|
page read and write
|
||
|
4CFD000
|
trusted library allocation
|
page read and write
|
||
|
4CEE000
|
trusted library allocation
|
page read and write
|
||
|
58EF000
|
stack
|
page read and write
|
||
|
4CD4000
|
trusted library allocation
|
page read and write
|
||
|
24CB000
|
trusted library allocation
|
page read and write
|
||
|
BA3E000
|
stack
|
page read and write
|
||
|
6B5D000
|
heap
|
page read and write
|
||
|
2DCA000
|
heap
|
page read and write
|
||
|
BF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
4DA6000
|
trusted library allocation
|
page read and write
|
||
|
521E000
|
stack
|
page read and write
|
||
|
4B80000
|
heap
|
page read and write
|
||
|
2DC0000
|
heap
|
page read and write
|
||
|
4D90000
|
trusted library allocation
|
page read and write
|
||
|
97F000
|
unkown
|
page read and write
|
||
|
5050000
|
heap
|
page execute and read and write
|
||
|
6B62000
|
heap
|
page read and write
|
||
|
6F70000
|
heap
|
page read and write
|
||
|
40AF000
|
trusted library allocation
|
page read and write
|
||
|
50BE000
|
stack
|
page read and write
|
||
|
780E000
|
stack
|
page read and write
|
||
|
BAE000
|
stack
|
page read and write
|
||
|
54A0000
|
heap
|
page read and write
|
||
|
235E000
|
stack
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
482E000
|
stack
|
page read and write
|
||
|
498C000
|
stack
|
page read and write
|
||
|
4D80000
|
heap
|
page read and write
|
||
|
B10000
|
trusted library allocation
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
8AE000
|
stack
|
page read and write
|
||
|
4E0B000
|
stack
|
page read and write
|
||
|
42DF000
|
trusted library allocation
|
page read and write
|
||
|
75DE000
|
stack
|
page read and write
|
||
|
23B0000
|
heap
|
page read and write
|
||
|
A1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D50000
|
trusted library allocation
|
page read and write
|
||
|
2D4F000
|
stack
|
page read and write
|
||
|
515D000
|
stack
|
page read and write
|
||
|
66F0000
|
trusted library allocation
|
page read and write
|
||
|
4E10000
|
trusted library section
|
page readonly
|
||
|
6B3E000
|
heap
|
page read and write
|
||
|
5D01000
|
direct allocation
|
page execute and read and write
|
||
|
6AEF000
|
stack
|
page read and write
|
||
|
50E000
|
unkown
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
744E000
|
stack
|
page read and write
|
||
|
709E000
|
stack
|
page read and write
|
||
|
55F0000
|
heap
|
page read and write
|
||
|
2576000
|
trusted library allocation
|
page read and write
|
||
|
7820000
|
trusted library allocation
|
page execute and read and write
|
||
|
4CF6000
|
trusted library allocation
|
page read and write
|
||
|
6CEE000
|
stack
|
page read and write
|
||
|
4E14000
|
trusted library section
|
page readonly
|
||
|
A2A000
|
trusted library allocation
|
page execute and read and write
|
||
|
404A000
|
trusted library allocation
|
page read and write
|
||
|
3E1A000
|
trusted library allocation
|
page read and write
|
||
|
A72000
|
heap
|
page read and write
|
||
|
6D4F000
|
stack
|
page read and write
|
||
|
76DE000
|
stack
|
page read and write
|
||
|
9F0000
|
trusted library allocation
|
page read and write
|
||
|
748E000
|
stack
|
page read and write
|
||
|
35C1000
|
trusted library allocation
|
page read and write
|
||
|
27F1000
|
trusted library allocation
|
page read and write
|
||
|
58E000
|
stack
|
page read and write
|
||
|
2650000
|
trusted library allocation
|
page read and write
|
||
|
27C0000
|
trusted library allocation
|
page read and write
|
||
|
BD4000
|
trusted library allocation
|
page read and write
|
||
|
10E000
|
unkown
|
page readonly
|
||
|
FE7000
|
heap
|
page read and write
|
||
|
BD3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2530000
|
heap
|
page read and write
|
||
|
77E000
|
stack
|
page read and write
|
||
|
4EAE000
|
heap
|
page read and write
|
||
|
2663000
|
trusted library allocation
|
page read and write
|
||
|
C0B000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B10000
|
heap
|
page read and write
|
||
|
92FE000
|
stack
|
page read and write
|
||
|
5220000
|
trusted library allocation
|
page execute and read and write
|
||
|
A03000
|
trusted library allocation
|
page execute and read and write
|
||
|
25B0000
|
heap
|
page execute and read and write
|
||
|
4169000
|
trusted library allocation
|
page read and write
|
||
|
6AF0000
|
heap
|
page read and write
|
||
|
68F0000
|
heap
|
page read and write
|
||
|
6FC5000
|
trusted library allocation
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
83D000
|
stack
|
page read and write
|
||
|
4B83000
|
heap
|
page read and write
|
||
|
A37000
|
trusted library allocation
|
page execute and read and write
|
||
|
24C4000
|
trusted library allocation
|
page read and write
|
||
|
611000
|
heap
|
page read and write
|
||
|
46BC000
|
stack
|
page read and write
|
||
|
8F8B000
|
trusted library allocation
|
page read and write
|
||
|
87A000
|
stack
|
page read and write
|
||
|
784C000
|
stack
|
page read and write
|
||
|
B92E000
|
stack
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
A64000
|
heap
|
page read and write
|
||
|
2670000
|
heap
|
page read and write
|
||
|
BA6E000
|
stack
|
page read and write
|
||
|
4ADC000
|
stack
|
page read and write
|
||
|
59A000
|
heap
|
page read and write
|
||
|
7830000
|
trusted library allocation
|
page read and write
|
||
|
2380000
|
trusted library allocation
|
page read and write
|
||
|
C02000
|
trusted library allocation
|
page read and write
|
||
|
C07000
|
trusted library allocation
|
page execute and read and write
|
||
|
A57000
|
heap
|
page read and write
|
||
|
24DE000
|
trusted library allocation
|
page read and write
|
||
|
92B0000
|
trusted library allocation
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
BA7D000
|
stack
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
C20000
|
trusted library allocation
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
2540000
|
trusted library allocation
|
page execute and read and write
|
||
|
7BF000
|
stack
|
page read and write
|
||
|
BF2000
|
trusted library allocation
|
page read and write
|
||
|
771E000
|
stack
|
page read and write
|
||
|
40000
|
unkown
|
page readonly
|
||
|
50C0000
|
trusted library section
|
page read and write
|
||
|
2D0E000
|
stack
|
page read and write
|
||
|
42A0000
|
trusted library allocation
|
page read and write
|
||
|
7961000
|
trusted library allocation
|
page read and write
|
||
|
57B000
|
heap
|
page read and write
|
||
|
4D10000
|
trusted library allocation
|
page read and write
|
||
|
288B000
|
trusted library allocation
|
page read and write
|
||
|
A32000
|
trusted library allocation
|
page read and write
|
||
|
BA2F000
|
stack
|
page read and write
|
||
|
511E000
|
stack
|
page read and write
|
||
|
4070000
|
trusted library allocation
|
page read and write
|
||
|
2654000
|
trusted library allocation
|
page read and write
|
||
|
A3A000
|
heap
|
page read and write
|
||
|
5D1D000
|
direct allocation
|
page execute and read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
2560000
|
trusted library allocation
|
page read and write
|
||
|
A26000
|
trusted library allocation
|
page execute and read and write
|
||
|
231E000
|
stack
|
page read and write
|
||
|
5025000
|
trusted library allocation
|
page read and write
|
||
|
4D60000
|
heap
|
page execute and read and write
|
||
|
BCAD000
|
stack
|
page read and write
|
||
|
4DA0000
|
trusted library allocation
|
page read and write
|
||
|
3819000
|
trusted library allocation
|
page read and write
|
||
|
25A0000
|
trusted library section
|
page readonly
|
||
|
6B17000
|
heap
|
page read and write
|
||
|
55EE000
|
stack
|
page read and write
|
||
|
2A6A000
|
trusted library allocation
|
page read and write
|
||
|
4D20000
|
trusted library allocation
|
page read and write
|
||
|
54F000
|
unkown
|
page read and write
|
||
|
6F60000
|
heap
|
page read and write
|
||
|
27BC000
|
stack
|
page read and write
|
||
|
5020000
|
trusted library allocation
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
68FC000
|
heap
|
page read and write
|
||
|
794C000
|
stack
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
5A50000
|
direct allocation
|
page execute and read and write
|
||
|
5A9000
|
stack
|
page read and write
|
||
|
4FD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5D16000
|
direct allocation
|
page execute and read and write
|
||
|
BF0000
|
trusted library allocation
|
page read and write
|
||
|
AA6000
|
heap
|
page read and write
|
||
|
4C90000
|
trusted library allocation
|
page execute and read and write
|
||
|
2640000
|
trusted library allocation
|
page read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
5130000
|
trusted library allocation
|
page read and write
|
||
|
5230000
|
heap
|
page read and write
|
||
|
57EF000
|
stack
|
page read and write
|
||
|
24ED000
|
trusted library allocation
|
page read and write
|
||
|
4B60000
|
heap
|
page read and write
|
||
|
71DE000
|
stack
|
page read and write
|
||
|
2834000
|
trusted library allocation
|
page read and write
|
||
|
A10000
|
trusted library allocation
|
page read and write
|
||
|
4E70000
|
heap
|
page read and write
|
||
|
A22000
|
trusted library allocation
|
page read and write
|
||
|
B6E000
|
stack
|
page read and write
|
||
|
277F000
|
stack
|
page read and write
|
||
|
523D000
|
stack
|
page read and write
|
||
|
43D000
|
stack
|
page read and write
|
||
|
283A000
|
trusted library allocation
|
page read and write
|
||
|
4C80000
|
heap
|
page read and write
|
||
|
4B75000
|
heap
|
page read and write
|
||
|
A4F000
|
heap
|
page read and write
|
||
|
5120000
|
trusted library allocation
|
page execute and read and write
|
||
|
60B000
|
heap
|
page read and write
|
||
|
AF1000
|
heap
|
page read and write
|
||
|
4CF1000
|
trusted library allocation
|
page read and write
|
||
|
72DE000
|
stack
|
page read and write
|
||
|
4FC0000
|
heap
|
page read and write
|
||
|
720E000
|
stack
|
page read and write
|
||
|
B30000
|
heap
|
page read and write
|
||
|
4123000
|
trusted library allocation
|
page read and write
|
||
|
5250000
|
heap
|
page read and write
|
||
|
24E6000
|
trusted library allocation
|
page read and write
|
||
|
ADC000
|
stack
|
page read and write
|
||
|
93E000
|
unkown
|
page read and write
|
||
|
B2A000
|
heap
|
page read and write
|
||
|
B20000
|
trusted library allocation
|
page read and write
|
||
|
6C4E000
|
stack
|
page read and write
|
||
|
A50000
|
trusted library allocation
|
page read and write
|
||
|
41F8000
|
trusted library allocation
|
page read and write
|
||
|
A3B000
|
trusted library allocation
|
page execute and read and write
|
||
|
B00000
|
trusted library allocation
|
page read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
4EC4000
|
heap
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
4280000
|
trusted library allocation
|
page read and write
|
||
|
24C0000
|
trusted library allocation
|
page read and write
|
||
|
D3E000
|
stack
|
page read and write
|
||
|
AA8000
|
heap
|
page read and write
|
||
|
719E000
|
stack
|
page read and write
|
||
|
730E000
|
stack
|
page read and write
|
||
|
781E000
|
stack
|
page read and write
|
||
|
35C9000
|
trusted library allocation
|
page read and write
|
||
|
7970000
|
trusted library allocation
|
page execute and read and write
|
||
|
28D9000
|
trusted library allocation
|
page read and write
|
||
|
6712000
|
trusted library allocation
|
page read and write
|
||
|
27E0000
|
heap
|
page execute and read and write
|
||
|
BE0000
|
trusted library allocation
|
page read and write
|
||
|
BD0000
|
trusted library allocation
|
page read and write
|
||
|
5D6000
|
heap
|
page read and write
|
||
|
4E20000
|
heap
|
page read and write
|
||
|
647000
|
heap
|
page read and write
|
||
|
B93E000
|
stack
|
page read and write
|
||
|
548E000
|
stack
|
page read and write
|
||
|
B37000
|
heap
|
page read and write
|
||
|
55F8000
|
heap
|
page read and write
|
||
|
3831000
|
trusted library allocation
|
page read and write
|
||
|
5D98000
|
direct allocation
|
page execute and read and write
|
||
|
6EE0000
|
trusted library allocation
|
page read and write
|
||
|
533C000
|
stack
|
page read and write
|
||
|
2550000
|
heap
|
page read and write
|
||
|
A20000
|
trusted library allocation
|
page read and write
|
||
|
59B0000
|
heap
|
page read and write
|
||
|
4B70000
|
heap
|
page read and write
|
There are 316 hidden memdumps, click here to show them.