Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Rfq H2110-11#U3000Order_ROYPOWTECH %100% S51105P-E01 #Uff08#U6700#U65b0#Uff09.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Rfq H2110-11#U3000Order_ROYPOWTECH %100% S51105P-E01 #Uff08#U6700#U65b0#Uff09.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_OOOBE2UTTQADMYZZ_f1aacb97412eb26466c8dbf24479df3a7fdfe98_b761ca27_15888fec-3d80-4076-a090-86976d798eb2\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER16B2.tmp.dmp
|
Mini DuMP crash report, 15 streams, Tue Oct 1 03:22:41 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1878.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1898.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ft1l0bfw.inc.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ljpjz21n.tlo.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qlipt1em.p3g.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yyrnnctg.5bf.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Rfq H2110-11#U3000Order_ROYPOWTECH %100% S51105P-E01 #Uff08#U6700#U65b0#Uff09.exe
|
"C:\Users\user\Desktop\Rfq H2110-11#U3000Order_ROYPOWTECH %100% S51105P-E01 #Uff08#U6700#U65b0#Uff09.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Rfq H2110-11#U3000Order_ROYPOWTECH
%100% S51105P-E01 #Uff08#U6700#U65b0#Uff09.exe"
|
|
|
|
C:\Users\user\Desktop\Rfq H2110-11#U3000Order_ROYPOWTECH %100% S51105P-E01 #Uff08#U6700#U65b0#Uff09.exe
|
"C:\Users\user\Desktop\Rfq H2110-11#U3000Order_ROYPOWTECH %100% S51105P-E01 #Uff08#U6700#U65b0#Uff09.exe"
|
|
|
|
C:\Users\user\Desktop\Rfq H2110-11#U3000Order_ROYPOWTECH %100% S51105P-E01 #Uff08#U6700#U65b0#Uff09.exe
|
"C:\Users\user\Desktop\Rfq H2110-11#U3000Order_ROYPOWTECH %100% S51105P-E01 #Uff08#U6700#U65b0#Uff09.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 2536
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://checkip.dyndns.org
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/8.46.123.33
|
188.114.96.3
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://www.typography.netD
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
http://checkip.dyndns.org/
|
132.226.8.169
|
||
|
https://reallyfreegeoip.org/xml/8.46.123.33$
|
unknown
|
||
|
http://checkip.dyndns.org/q
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
http://reallyfreegeoip.org
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
https://reallyfreegeoip.org
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://www.sakkal.comP&
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://checkip.dyndns.com
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/
|
unknown
|
There are 27 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
reallyfreegeoip.org
|
188.114.96.3
|
|
|
|
checkip.dyndns.org
|
unknown
|
|
|
|
checkip.dyndns.com
|
132.226.8.169
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
188.114.96.3
|
reallyfreegeoip.org
|
European Union
|
|
|
|
132.226.8.169
|
checkip.dyndns.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASMANCS
|
FileDirectory
|
||
|
\REGISTRY\A\{2866b133-f1dd-3c16-7710-8d14422cba4d}\Root\InventoryApplicationFile\rfq h2110-11#u30|4947c5e736a761ad
|
ProgramId
|
||
|
\REGISTRY\A\{2866b133-f1dd-3c16-7710-8d14422cba4d}\Root\InventoryApplicationFile\rfq h2110-11#u30|4947c5e736a761ad
|
FileId
|
||
|
\REGISTRY\A\{2866b133-f1dd-3c16-7710-8d14422cba4d}\Root\InventoryApplicationFile\rfq h2110-11#u30|4947c5e736a761ad
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{2866b133-f1dd-3c16-7710-8d14422cba4d}\Root\InventoryApplicationFile\rfq h2110-11#u30|4947c5e736a761ad
|
LongPathHash
|
||
|
\REGISTRY\A\{2866b133-f1dd-3c16-7710-8d14422cba4d}\Root\InventoryApplicationFile\rfq h2110-11#u30|4947c5e736a761ad
|
Name
|
||
|
\REGISTRY\A\{2866b133-f1dd-3c16-7710-8d14422cba4d}\Root\InventoryApplicationFile\rfq h2110-11#u30|4947c5e736a761ad
|
OriginalFileName
|
||
|
\REGISTRY\A\{2866b133-f1dd-3c16-7710-8d14422cba4d}\Root\InventoryApplicationFile\rfq h2110-11#u30|4947c5e736a761ad
|
Publisher
|
||
|
\REGISTRY\A\{2866b133-f1dd-3c16-7710-8d14422cba4d}\Root\InventoryApplicationFile\rfq h2110-11#u30|4947c5e736a761ad
|
Version
|
||
|
\REGISTRY\A\{2866b133-f1dd-3c16-7710-8d14422cba4d}\Root\InventoryApplicationFile\rfq h2110-11#u30|4947c5e736a761ad
|
BinFileVersion
|
||
|
\REGISTRY\A\{2866b133-f1dd-3c16-7710-8d14422cba4d}\Root\InventoryApplicationFile\rfq h2110-11#u30|4947c5e736a761ad
|
BinaryType
|
||
|
\REGISTRY\A\{2866b133-f1dd-3c16-7710-8d14422cba4d}\Root\InventoryApplicationFile\rfq h2110-11#u30|4947c5e736a761ad
|
ProductName
|
||
|
\REGISTRY\A\{2866b133-f1dd-3c16-7710-8d14422cba4d}\Root\InventoryApplicationFile\rfq h2110-11#u30|4947c5e736a761ad
|
ProductVersion
|
||
|
\REGISTRY\A\{2866b133-f1dd-3c16-7710-8d14422cba4d}\Root\InventoryApplicationFile\rfq h2110-11#u30|4947c5e736a761ad
|
LinkDate
|
||
|
\REGISTRY\A\{2866b133-f1dd-3c16-7710-8d14422cba4d}\Root\InventoryApplicationFile\rfq h2110-11#u30|4947c5e736a761ad
|
BinProductVersion
|
||
|
\REGISTRY\A\{2866b133-f1dd-3c16-7710-8d14422cba4d}\Root\InventoryApplicationFile\rfq h2110-11#u30|4947c5e736a761ad
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{2866b133-f1dd-3c16-7710-8d14422cba4d}\Root\InventoryApplicationFile\rfq h2110-11#u30|4947c5e736a761ad
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{2866b133-f1dd-3c16-7710-8d14422cba4d}\Root\InventoryApplicationFile\rfq h2110-11#u30|4947c5e736a761ad
|
Size
|
||
|
\REGISTRY\A\{2866b133-f1dd-3c16-7710-8d14422cba4d}\Root\InventoryApplicationFile\rfq h2110-11#u30|4947c5e736a761ad
|
Language
|
||
|
\REGISTRY\A\{2866b133-f1dd-3c16-7710-8d14422cba4d}\Root\InventoryApplicationFile\rfq h2110-11#u30|4947c5e736a761ad
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 26 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
2961000
|
trusted library allocation
|
page read and write
|
|
|
|
4F73000
|
trusted library allocation
|
page read and write
|
|
|
|
5A90000
|
heap
|
page read and write
|
||
|
4FC0000
|
heap
|
page read and write
|
||
|
193D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3640000
|
trusted library allocation
|
page read and write
|
||
|
1006000
|
trusted library allocation
|
page read and write
|
||
|
2AB8000
|
trusted library allocation
|
page read and write
|
||
|
7CD0000
|
trusted library section
|
page read and write
|
||
|
63EE000
|
stack
|
page read and write
|
||
|
F8E000
|
stack
|
page read and write
|
||
|
2AB4000
|
trusted library allocation
|
page read and write
|
||
|
555C000
|
stack
|
page read and write
|
||
|
180E000
|
stack
|
page read and write
|
||
|
C58000
|
heap
|
page read and write
|
||
|
1000000
|
trusted library allocation
|
page read and write
|
||
|
7D50000
|
trusted library allocation
|
page read and write
|
||
|
53CE000
|
stack
|
page read and write
|
||
|
5C90000
|
trusted library allocation
|
page read and write
|
||
|
500E000
|
stack
|
page read and write
|
||
|
D9FE000
|
stack
|
page read and write
|
||
|
616E000
|
stack
|
page read and write
|
||
|
C7A000
|
heap
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
DE3E000
|
stack
|
page read and write
|
||
|
12F7000
|
stack
|
page read and write
|
||
|
2829000
|
trusted library allocation
|
page read and write
|
||
|
5F2F000
|
stack
|
page read and write
|
||
|
62B3000
|
heap
|
page read and write
|
||
|
C46000
|
trusted library allocation
|
page execute and read and write
|
||
|
E70000
|
unkown
|
page readonly
|
||
|
2850000
|
heap
|
page execute and read and write
|
||
|
3989000
|
trusted library allocation
|
page read and write
|
||
|
3450000
|
heap
|
page execute and read and write
|
||
|
5C40000
|
trusted library allocation
|
page execute and read and write
|
||
|
5560000
|
trusted library allocation
|
page read and write
|
||
|
1490000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
AF7000
|
stack
|
page read and write
|
||
|
2AE8000
|
trusted library allocation
|
page read and write
|
||
|
3130000
|
trusted library allocation
|
page read and write
|
||
|
33F0000
|
trusted library allocation
|
page read and write
|
||
|
1977000
|
heap
|
page read and write
|
||
|
62F0000
|
heap
|
page read and write
|
||
|
33A4000
|
trusted library allocation
|
page read and write
|
||
|
B8E000
|
stack
|
page read and write
|
||
|
538E000
|
stack
|
page read and write
|
||
|
5FA0000
|
trusted library allocation
|
page read and write
|
||
|
3188000
|
trusted library allocation
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
1390000
|
heap
|
page read and write
|
||
|
2A60000
|
trusted library allocation
|
page read and write
|
||
|
3400000
|
trusted library allocation
|
page read and write
|
||
|
E72000
|
unkown
|
page readonly
|
||
|
E45E000
|
stack
|
page read and write
|
||
|
33D2000
|
trusted library allocation
|
page read and write
|
||
|
6270000
|
heap
|
page read and write
|
||
|
1933000
|
trusted library allocation
|
page execute and read and write
|
||
|
2804000
|
trusted library allocation
|
page read and write
|
||
|
2A53000
|
trusted library allocation
|
page read and write
|
||
|
E31C000
|
stack
|
page read and write
|
||
|
4F36000
|
trusted library allocation
|
page read and write
|
||
|
1470000
|
heap
|
page read and write
|
||
|
3420000
|
trusted library allocation
|
page read and write
|
||
|
1585000
|
heap
|
page read and write
|
||
|
1004000
|
trusted library allocation
|
page read and write
|
||
|
81D9000
|
heap
|
page read and write
|
||
|
36DC000
|
trusted library allocation
|
page read and write
|
||
|
168F000
|
stack
|
page read and write
|
||
|
555E000
|
stack
|
page read and write
|
||
|
7D5F000
|
trusted library allocation
|
page read and write
|
||
|
5A80000
|
heap
|
page read and write
|
||
|
1962000
|
trusted library allocation
|
page read and write
|
||
|
E21B000
|
stack
|
page read and write
|
||
|
7582000
|
trusted library allocation
|
page read and write
|
||
|
2826000
|
trusted library allocation
|
page read and write
|
||
|
155C000
|
heap
|
page read and write
|
||
|
F27000
|
trusted library allocation
|
page execute and read and write
|
||
|
5D70000
|
trusted library section
|
page read and write
|
||
|
7DDE000
|
stack
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
195A000
|
trusted library allocation
|
page execute and read and write
|
||
|
F08000
|
unkown
|
page readonly
|
||
|
DAFE000
|
stack
|
page read and write
|
||
|
194D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5D2E000
|
stack
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
5C2E000
|
stack
|
page read and write
|
||
|
4FBD000
|
stack
|
page read and write
|
||
|
D19000
|
heap
|
page read and write
|
||
|
2AB0000
|
trusted library allocation
|
page read and write
|
||
|
14B8000
|
heap
|
page read and write
|
||
|
5EDE000
|
heap
|
page read and write
|
||
|
1300000
|
heap
|
page read and write
|
||
|
DF3E000
|
stack
|
page read and write
|
||
|
83EE000
|
stack
|
page read and write
|
||
|
F90000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F3F000
|
stack
|
page read and write
|
||
|
C2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A40000
|
trusted library allocation
|
page read and write
|
||
|
154C000
|
heap
|
page read and write
|
||
|
33C1000
|
trusted library allocation
|
page read and write
|
||
|
58B8000
|
heap
|
page read and write
|
||
|
C24000
|
trusted library allocation
|
page read and write
|
||
|
152B000
|
heap
|
page read and write
|
||
|
1531000
|
heap
|
page read and write
|
||
|
1920000
|
trusted library allocation
|
page read and write
|
||
|
1952000
|
trusted library allocation
|
page read and write
|
||
|
59E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
82EE000
|
stack
|
page read and write
|
||
|
317E000
|
stack
|
page read and write
|
||
|
5C30000
|
trusted library allocation
|
page read and write
|
||
|
2835000
|
trusted library allocation
|
page read and write
|
||
|
2A68000
|
trusted library allocation
|
page read and write
|
||
|
2AAC000
|
trusted library allocation
|
page read and write
|
||
|
7F4D000
|
stack
|
page read and write
|
||
|
5C60000
|
trusted library allocation
|
page read and write
|
||
|
3230000
|
trusted library allocation
|
page read and write
|
||
|
3250000
|
heap
|
page read and write
|
||
|
335E000
|
stack
|
page read and write
|
||
|
1943000
|
trusted library allocation
|
page read and write
|
||
|
1934000
|
trusted library allocation
|
page read and write
|
||
|
3220000
|
trusted library allocation
|
page execute and read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
58A0000
|
heap
|
page read and write
|
||
|
7DB000
|
stack
|
page read and write
|
||
|
4CBA000
|
trusted library allocation
|
page read and write
|
||
|
656E000
|
stack
|
page read and write
|
||
|
149E000
|
heap
|
page read and write
|
||
|
14D3000
|
heap
|
page read and write
|
||
|
2A26000
|
trusted library allocation
|
page read and write
|
||
|
C30000
|
trusted library allocation
|
page read and write
|
||
|
DCFD000
|
stack
|
page read and write
|
||
|
1549000
|
heap
|
page read and write
|
||
|
3240000
|
trusted library allocation
|
page read and write
|
||
|
C20000
|
trusted library allocation
|
page read and write
|
||
|
1310000
|
heap
|
page read and write
|
||
|
2A5C000
|
trusted library allocation
|
page read and write
|
||
|
1956000
|
trusted library allocation
|
page execute and read and write
|
||
|
4469000
|
trusted library allocation
|
page read and write
|
||
|
33AB000
|
trusted library allocation
|
page read and write
|
||
|
33CD000
|
trusted library allocation
|
page read and write
|
||
|
C50000
|
heap
|
page read and write
|
||
|
33A0000
|
trusted library allocation
|
page read and write
|
||
|
7560000
|
trusted library allocation
|
page read and write
|
||
|
652E000
|
stack
|
page read and write
|
||
|
4F50000
|
trusted library allocation
|
page read and write
|
||
|
66EE000
|
stack
|
page read and write
|
||
|
7D40000
|
trusted library allocation
|
page execute and read and write
|
||
|
1967000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A70000
|
trusted library section
|
page readonly
|
||
|
3961000
|
trusted library allocation
|
page read and write
|
||
|
7F0D000
|
stack
|
page read and write
|
||
|
137E000
|
stack
|
page read and write
|
||
|
81D4000
|
heap
|
page read and write
|
||
|
81B0000
|
heap
|
page read and write
|
||
|
5A00000
|
trusted library allocation
|
page read and write
|
||
|
C86000
|
heap
|
page read and write
|
||
|
7D55000
|
trusted library allocation
|
page read and write
|
||
|
1940000
|
trusted library allocation
|
page read and write
|
||
|
33C6000
|
trusted library allocation
|
page read and write
|
||
|
5110000
|
heap
|
page read and write
|
||
|
E1DE000
|
stack
|
page read and write
|
||
|
642E000
|
stack
|
page read and write
|
||
|
BE6000
|
heap
|
page read and write
|
||
|
81CA000
|
heap
|
page read and write
|
||
|
FF0000
|
trusted library allocation
|
page read and write
|
||
|
3967000
|
trusted library allocation
|
page read and write
|
||
|
59B0000
|
heap
|
page read and write
|
||
|
14D9000
|
heap
|
page read and write
|
||
|
1930000
|
trusted library allocation
|
page read and write
|
||
|
C4A000
|
trusted library allocation
|
page execute and read and write
|
||
|
81AE000
|
stack
|
page read and write
|
||
|
14C6000
|
heap
|
page read and write
|
||
|
F2B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1950000
|
trusted library allocation
|
page read and write
|
||
|
59C0000
|
trusted library allocation
|
page read and write
|
||
|
7960000
|
heap
|
page read and write
|
||
|
5EF0000
|
heap
|
page read and write
|
||
|
2814000
|
trusted library allocation
|
page read and write
|
||
|
16CE000
|
stack
|
page read and write
|
||
|
1396000
|
heap
|
page read and write
|
||
|
4AFE000
|
stack
|
page read and write
|
||
|
63AD000
|
stack
|
page read and write
|
||
|
33F5000
|
trusted library allocation
|
page read and write
|
||
|
4461000
|
trusted library allocation
|
page read and write
|
||
|
196B000
|
trusted library allocation
|
page execute and read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
5EF4000
|
heap
|
page read and write
|
||
|
59F0000
|
heap
|
page read and write
|
||
|
612E000
|
stack
|
page read and write
|
||
|
5E2E000
|
stack
|
page read and write
|
||
|
295E000
|
stack
|
page read and write
|
||
|
33BE000
|
trusted library allocation
|
page read and write
|
||
|
7ECE000
|
stack
|
page read and write
|
||
|
2AD5000
|
trusted library allocation
|
page read and write
|
||
|
339C000
|
stack
|
page read and write
|
||
|
1970000
|
heap
|
page read and write
|
||
|
F1F000
|
stack
|
page read and write
|
||
|
59F3000
|
heap
|
page read and write
|
||
|
62E6000
|
heap
|
page read and write
|
||
|
65EE000
|
stack
|
page read and write
|
||
|
C6E000
|
heap
|
page read and write
|
||
|
FEE000
|
stack
|
page read and write
|
||
|
3505000
|
trusted library allocation
|
page read and write
|
||
|
7D9E000
|
stack
|
page read and write
|
||
|
F22000
|
trusted library allocation
|
page read and write
|
||
|
DDFE000
|
stack
|
page read and write
|
||
|
53D0000
|
heap
|
page execute and read and write
|
||
|
5EA0000
|
heap
|
page read and write
|
||
|
E0DE000
|
stack
|
page read and write
|
||
|
54DF000
|
stack
|
page read and write
|
||
|
33E0000
|
trusted library allocation
|
page read and write
|
||
|
27FE000
|
stack
|
page read and write
|
||
|
2A64000
|
trusted library allocation
|
page read and write
|
||
|
5D95000
|
heap
|
page read and write
|
||
|
149B000
|
heap
|
page read and write
|
||
|
59D0000
|
heap
|
page read and write
|
||
|
551E000
|
stack
|
page read and write
|
||
|
C10000
|
trusted library allocation
|
page read and write
|
||
|
F99000
|
stack
|
page read and write
|
||
|
C42000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
626E000
|
stack
|
page read and write
|
||
|
5EF2000
|
heap
|
page read and write
|
||
|
C23000
|
trusted library allocation
|
page execute and read and write
|
||
|
5D6E000
|
stack
|
page read and write
|
||
|
5EB0000
|
heap
|
page read and write
|
||
|
602E000
|
stack
|
page read and write
|
||
|
5D90000
|
heap
|
page read and write
|
||
|
151F000
|
heap
|
page read and write
|
||
|
E35D000
|
stack
|
page read and write
|
||
|
2840000
|
trusted library allocation
|
page read and write
|
||
|
190F000
|
stack
|
page read and write
|
||
|
DBFE000
|
stack
|
page read and write
|
||
|
65AE000
|
stack
|
page read and write
|
||
|
3461000
|
trusted library allocation
|
page read and write
|
||
|
504E000
|
stack
|
page read and write
|
||
|
17CE000
|
stack
|
page read and write
|
||
|
D42000
|
heap
|
page read and write
|
||
|
422000
|
remote allocation
|
page execute and read and write
|
||
|
5A6B000
|
stack
|
page read and write
|
||
|
C40000
|
trusted library allocation
|
page read and write
|
||
|
1960000
|
trusted library allocation
|
page read and write
|
||
|
629B000
|
heap
|
page read and write
|
||
|
5E9E000
|
stack
|
page read and write
|
||
|
59C2000
|
trusted library allocation
|
page read and write
|
||
|
5CA0000
|
heap
|
page execute and read and write
|
||
|
1010000
|
heap
|
page read and write
|
There are 240 hidden memdumps, click here to show them.