Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Supplier Purchase Order - PO0002491.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Supplier Purchase Order - PO0002491.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmp9421.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\keHuNxIumw.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\keHuNxIumw.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\keHuNxIumw.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4l2xppn3.xlm.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lrehmxo0.nid.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mx0mab4b.5hl.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tvcemrgj.ui5.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpB43C.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Supplier Purchase Order - PO0002491.exe
|
"C:\Users\user\Desktop\Supplier Purchase Order - PO0002491.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\keHuNxIumw.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\keHuNxIumw" /XML "C:\Users\user\AppData\Local\Temp\tmp9421.tmp"
|
|
|
|
C:\Users\user\Desktop\Supplier Purchase Order - PO0002491.exe
|
"C:\Users\user\Desktop\Supplier Purchase Order - PO0002491.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\keHuNxIumw.exe
|
C:\Users\user\AppData\Roaming\keHuNxIumw.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\keHuNxIumw" /XML "C:\Users\user\AppData\Local\Temp\tmpB43C.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\keHuNxIumw.exe
|
"C:\Users\user\AppData\Roaming\keHuNxIumw.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 1 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
http://geoplugin.net/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameP#
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
http://geoplugin.net/json.gpl
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://geoplugin.net/json.gpSystem32
|
unknown
|
||
|
http://tempuri.org/DataSet1.xsd
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
geoplugin.net
|
178.237.33.50
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.210.150.14
|
unknown
|
United States
|
|
|
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-GOFAGZ
|
exepath
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-GOFAGZ
|
licence
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-GOFAGZ
|
time
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
C97000
|
heap
|
page read and write
|
|
|
|
15D8000
|
heap
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
4EC0000
|
trusted library allocation
|
page read and write
|
|
|
|
4379000
|
trusted library allocation
|
page read and write
|
|
|
|
7AA0000
|
trusted library section
|
page read and write
|
|
|
|
9450000
|
trusted library allocation
|
page execute and read and write
|
||
|
59C3000
|
heap
|
page read and write
|
||
|
3371000
|
trusted library allocation
|
page read and write
|
||
|
5890000
|
trusted library allocation
|
page read and write
|
||
|
152E000
|
heap
|
page read and write
|
||
|
FB0000
|
unkown
|
page readonly
|
||
|
1096000
|
trusted library allocation
|
page read and write
|
||
|
7D5E000
|
stack
|
page read and write
|
||
|
D51000
|
heap
|
page read and write
|
||
|
7530000
|
heap
|
page read and write
|
||
|
C29E000
|
stack
|
page read and write
|
||
|
D02000
|
heap
|
page read and write
|
||
|
3260000
|
heap
|
page execute and read and write
|
||
|
1556000
|
heap
|
page read and write
|
||
|
180E000
|
stack
|
page read and write
|
||
|
CFC000
|
heap
|
page read and write
|
||
|
4F40000
|
trusted library allocation
|
page read and write
|
||
|
1139000
|
stack
|
page read and write
|
||
|
CA2000
|
trusted library allocation
|
page read and write
|
||
|
C80000
|
trusted library allocation
|
page read and write
|
||
|
2980000
|
trusted library allocation
|
page read and write
|
||
|
CFE000
|
unkown
|
page read and write
|
||
|
1A20000
|
heap
|
page read and write
|
||
|
ED0000
|
trusted library allocation
|
page read and write
|
||
|
28FD000
|
stack
|
page read and write
|
||
|
5395000
|
heap
|
page read and write
|
||
|
4371000
|
trusted library allocation
|
page read and write
|
||
|
CB2000
|
trusted library allocation
|
page read and write
|
||
|
31E0000
|
trusted library allocation
|
page read and write
|
||
|
11FE000
|
stack
|
page read and write
|
||
|
CCD000
|
heap
|
page read and write
|
||
|
104E000
|
stack
|
page read and write
|
||
|
2B3F000
|
stack
|
page read and write
|
||
|
19F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7B45000
|
heap
|
page read and write
|
||
|
31F0000
|
trusted library allocation
|
page read and write
|
||
|
6EE4000
|
heap
|
page read and write
|
||
|
6F2B000
|
heap
|
page read and write
|
||
|
D05000
|
heap
|
page read and write
|
||
|
56C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7B08000
|
heap
|
page read and write
|
||
|
CB7000
|
trusted library allocation
|
page execute and read and write
|
||
|
FFE000
|
stack
|
page read and write
|
||
|
2740000
|
heap
|
page read and write
|
||
|
2946000
|
trusted library allocation
|
page read and write
|
||
|
7B0A000
|
heap
|
page read and write
|
||
|
9400000
|
trusted library allocation
|
page read and write
|
||
|
293E000
|
trusted library allocation
|
page read and write
|
||
|
10A0000
|
heap
|
page read and write
|
||
|
D16000
|
heap
|
page read and write
|
||
|
2905000
|
trusted library allocation
|
page read and write
|
||
|
7350000
|
trusted library allocation
|
page read and write
|
||
|
76C0000
|
trusted library allocation
|
page read and write
|
||
|
7B5000
|
heap
|
page read and write
|
||
|
C09000
|
stack
|
page read and write
|
||
|
9DC000
|
stack
|
page read and write
|
||
|
2F67000
|
trusted library allocation
|
page read and write
|
||
|
2FBE000
|
stack
|
page read and write
|
||
|
C4DE000
|
stack
|
page read and write
|
||
|
5D20000
|
heap
|
page read and write
|
||
|
2F7F000
|
unkown
|
page read and write
|
||
|
9460000
|
trusted library allocation
|
page read and write
|
||
|
15D0000
|
heap
|
page read and write
|
||
|
2920000
|
trusted library allocation
|
page read and write
|
||
|
C65C000
|
stack
|
page read and write
|
||
|
6EBE000
|
heap
|
page read and write
|
||
|
140E000
|
stack
|
page read and write
|
||
|
7652000
|
trusted library allocation
|
page read and write
|
||
|
C60000
|
heap
|
page read and write
|
||
|
5100000
|
heap
|
page read and write
|
||
|
B49E000
|
stack
|
page read and write
|
||
|
2F3E000
|
unkown
|
page read and write
|
||
|
76B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
7ADA000
|
heap
|
page read and write
|
||
|
1090000
|
trusted library allocation
|
page read and write
|
||
|
5940000
|
trusted library allocation
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
7D1F000
|
stack
|
page read and write
|
||
|
C9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
753E000
|
heap
|
page read and write
|
||
|
339B000
|
heap
|
page read and write
|
||
|
B71C000
|
stack
|
page read and write
|
||
|
C8D000
|
trusted library allocation
|
page execute and read and write
|
||
|
776E000
|
stack
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
6EBA000
|
heap
|
page read and write
|
||
|
589B000
|
trusted library allocation
|
page read and write
|
||
|
9850000
|
trusted library section
|
page read and write
|
||
|
3C7D000
|
trusted library allocation
|
page read and write
|
||
|
474000
|
remote allocation
|
page execute and read and write
|
||
|
19B2000
|
trusted library allocation
|
page read and write
|
||
|
10A7000
|
heap
|
page read and write
|
||
|
1559000
|
heap
|
page read and write
|
||
|
CDE000
|
heap
|
page read and write
|
||
|
739000
|
stack
|
page read and write
|
||
|
478000
|
remote allocation
|
page execute and read and write
|
||
|
2AF1000
|
trusted library allocation
|
page read and write
|
||
|
739E000
|
stack
|
page read and write
|
||
|
471000
|
remote allocation
|
page execute and read and write
|
||
|
7AC0000
|
heap
|
page read and write
|
||
|
287F000
|
stack
|
page read and write
|
||
|
56D0000
|
trusted library allocation
|
page read and write
|
||
|
7E9E000
|
stack
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
5D00000
|
heap
|
page read and write
|
||
|
2B46000
|
trusted library allocation
|
page read and write
|
||
|
59AC000
|
stack
|
page read and write
|
||
|
19B0000
|
trusted library allocation
|
page read and write
|
||
|
1520000
|
heap
|
page read and write
|
||
|
1630000
|
heap
|
page read and write
|
||
|
12FC000
|
stack
|
page read and write
|
||
|
1635000
|
heap
|
page read and write
|
||
|
2960000
|
trusted library allocation
|
page read and write
|
||
|
76C8000
|
trusted library allocation
|
page read and write
|
||
|
19C0000
|
trusted library allocation
|
page read and write
|
||
|
292B000
|
trusted library allocation
|
page read and write
|
||
|
C39E000
|
stack
|
page read and write
|
||
|
54A0000
|
heap
|
page read and write
|
||
|
58B1000
|
trusted library allocation
|
page read and write
|
||
|
C4E000
|
stack
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
B39E000
|
stack
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
D13000
|
heap
|
page read and write
|
||
|
19CB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1562000
|
heap
|
page read and write
|
||
|
8DC000
|
stack
|
page read and write
|
||
|
1529000
|
heap
|
page read and write
|
||
|
4FBB000
|
stack
|
page read and write
|
||
|
720E000
|
stack
|
page read and write
|
||
|
59C0000
|
heap
|
page read and write
|
||
|
32A0000
|
heap
|
page read and write
|
||
|
9A0E000
|
stack
|
page read and write
|
||
|
54B0000
|
heap
|
page read and write
|
||
|
70CE000
|
stack
|
page read and write
|
||
|
154F000
|
stack
|
page read and write
|
||
|
5120000
|
heap
|
page read and write
|
||
|
5894000
|
trusted library allocation
|
page read and write
|
||
|
CF8000
|
heap
|
page read and write
|
||
|
1960000
|
heap
|
page read and write
|
||
|
944E000
|
stack
|
page read and write
|
||
|
CDA000
|
heap
|
page read and write
|
||
|
2A3E000
|
stack
|
page read and write
|
||
|
7E5E000
|
stack
|
page read and write
|
||
|
535E000
|
stack
|
page read and write
|
||
|
C83000
|
trusted library allocation
|
page execute and read and write
|
||
|
32AA000
|
heap
|
page read and write
|
||
|
29FF000
|
stack
|
page read and write
|
||
|
D06000
|
heap
|
page read and write
|
||
|
1440000
|
heap
|
page read and write
|
||
|
50F0000
|
heap
|
page read and write
|
||
|
4640000
|
trusted library allocation
|
page read and write
|
||
|
5123000
|
heap
|
page read and write
|
||
|
5B80000
|
heap
|
page read and write
|
||
|
C84000
|
trusted library allocation
|
page read and write
|
||
|
FB2000
|
unkown
|
page readonly
|
||
|
1A10000
|
trusted library allocation
|
page read and write
|
||
|
ECE000
|
stack
|
page read and write
|
||
|
D9E000
|
stack
|
page read and write
|
||
|
7FDE000
|
stack
|
page read and write
|
||
|
6FCE000
|
stack
|
page read and write
|
||
|
D08000
|
heap
|
page read and write
|
||
|
3B15000
|
trusted library allocation
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
7F9E000
|
stack
|
page read and write
|
||
|
BCD000
|
stack
|
page read and write
|
||
|
6E90000
|
heap
|
page read and write
|
||
|
DCC000
|
heap
|
page read and write
|
||
|
3CBF000
|
trusted library allocation
|
page read and write
|
||
|
34EF000
|
stack
|
page read and write
|
||
|
1A00000
|
trusted library allocation
|
page read and write
|
||
|
1990000
|
trusted library allocation
|
page read and write
|
||
|
5D05000
|
heap
|
page read and write
|
||
|
4F50000
|
trusted library allocation
|
page read and write
|
||
|
531E000
|
stack
|
page read and write
|
||
|
5910000
|
heap
|
page read and write
|
||
|
1565000
|
heap
|
page read and write
|
||
|
5930000
|
trusted library allocation
|
page read and write
|
||
|
749E000
|
stack
|
page read and write
|
||
|
CBE000
|
unkown
|
page read and write
|
||
|
EE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
55A0000
|
heap
|
page read and write
|
||
|
14F7000
|
stack
|
page read and write
|
||
|
CAA000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A27000
|
heap
|
page read and write
|
||
|
324E000
|
stack
|
page read and write
|
||
|
CA6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1810000
|
heap
|
page read and write
|
||
|
C0DE000
|
stack
|
page read and write
|
||
|
5CB0000
|
trusted library allocation
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
2910000
|
heap
|
page read and write
|
||
|
93F0000
|
trusted library allocation
|
page read and write
|
||
|
B61B000
|
stack
|
page read and write
|
||
|
19BA000
|
trusted library allocation
|
page execute and read and write
|
||
|
5CAD000
|
stack
|
page read and write
|
||
|
15E1000
|
heap
|
page read and write
|
||
|
11A0000
|
heap
|
page read and write
|
||
|
19E0000
|
trusted library allocation
|
page read and write
|
||
|
C09E000
|
stack
|
page read and write
|
||
|
2AEF000
|
stack
|
page read and write
|
||
|
4FC0000
|
trusted library section
|
page readonly
|
||
|
474000
|
remote allocation
|
page execute and read and write
|
||
|
19A0000
|
trusted library allocation
|
page read and write
|
||
|
F00000
|
heap
|
page read and write
|
||
|
59B0000
|
heap
|
page execute and read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
CDF000
|
heap
|
page read and write
|
||
|
6E8E000
|
stack
|
page read and write
|
||
|
6F1A000
|
heap
|
page read and write
|
||
|
5B60000
|
trusted library section
|
page readonly
|
||
|
2941000
|
trusted library allocation
|
page read and write
|
||
|
195E000
|
stack
|
page read and write
|
||
|
6F18000
|
heap
|
page read and write
|
||
|
D1D000
|
stack
|
page read and write
|
||
|
5290000
|
trusted library allocation
|
page read and write
|
||
|
C70000
|
trusted library allocation
|
page read and write
|
||
|
B85E000
|
stack
|
page read and write
|
||
|
33C6000
|
trusted library allocation
|
page read and write
|
||
|
7B27000
|
heap
|
page read and write
|
||
|
C50000
|
heap
|
page read and write
|
||
|
3D79000
|
trusted library allocation
|
page read and write
|
||
|
7C1E000
|
stack
|
page read and write
|
||
|
7ACA000
|
heap
|
page read and write
|
||
|
C90000
|
heap
|
page read and write
|
||
|
544C000
|
stack
|
page read and write
|
||
|
3AF1000
|
trusted library allocation
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
3390000
|
heap
|
page read and write
|
||
|
F9E000
|
stack
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
6EAA000
|
heap
|
page read and write
|
||
|
28F0000
|
trusted library allocation
|
page read and write
|
||
|
5932000
|
trusted library allocation
|
page read and write
|
||
|
294D000
|
trusted library allocation
|
page read and write
|
||
|
EF0000
|
trusted library allocation
|
page read and write
|
||
|
336E000
|
stack
|
page read and write
|
||
|
1994000
|
trusted library allocation
|
page read and write
|
||
|
5B90000
|
trusted library allocation
|
page execute and read and write
|
||
|
9469000
|
trusted library allocation
|
page read and write
|
||
|
19C2000
|
trusted library allocation
|
page read and write
|
||
|
2FFF000
|
stack
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
549E000
|
stack
|
page read and write
|
||
|
554B000
|
stack
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
1094000
|
trusted library allocation
|
page read and write
|
||
|
772D000
|
stack
|
page read and write
|
||
|
5390000
|
heap
|
page read and write
|
||
|
C75C000
|
stack
|
page read and write
|
||
|
3D86000
|
trusted library allocation
|
page read and write
|
||
|
19C7000
|
trusted library allocation
|
page execute and read and write
|
||
|
34CE000
|
trusted library allocation
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
F4C000
|
stack
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
3C05000
|
trusted library allocation
|
page read and write
|
||
|
2B61000
|
trusted library allocation
|
page read and write
|
||
|
5D40000
|
heap
|
page read and write
|
||
|
3B3F000
|
trusted library allocation
|
page read and write
|
||
|
58B6000
|
trusted library allocation
|
page read and write
|
||
|
7BC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C4E000
|
trusted library allocation
|
page read and write
|
||
|
17CE000
|
stack
|
page read and write
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
5F70000
|
trusted library allocation
|
page read and write
|
||
|
2858000
|
trusted library allocation
|
page read and write
|
||
|
58AE000
|
trusted library allocation
|
page read and write
|
||
|
5110000
|
trusted library allocation
|
page execute and read and write
|
||
|
CA0000
|
trusted library allocation
|
page read and write
|
||
|
29E0000
|
heap
|
page execute and read and write
|
||
|
1980000
|
trusted library allocation
|
page read and write
|
||
|
D5A000
|
stack
|
page read and write
|
||
|
3B2D000
|
trusted library allocation
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
B75E000
|
stack
|
page read and write
|
||
|
199D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1540000
|
heap
|
page read and write
|
||
|
4BEC000
|
stack
|
page read and write
|
||
|
5920000
|
trusted library allocation
|
page execute and read and write
|
||
|
46B9000
|
trusted library allocation
|
page read and write
|
||
|
7AD7000
|
heap
|
page read and write
|
||
|
D92000
|
heap
|
page read and write
|
||
|
C3DD000
|
stack
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
4F42000
|
trusted library allocation
|
page read and write
|
||
|
5BA0000
|
heap
|
page read and write
|
||
|
58D0000
|
trusted library allocation
|
page read and write
|
||
|
15B9000
|
heap
|
page read and write
|
||
|
AF7000
|
stack
|
page read and write
|
||
|
5D10000
|
heap
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
3450000
|
heap
|
page read and write
|
||
|
19B6000
|
trusted library allocation
|
page execute and read and write
|
||
|
29D0000
|
heap
|
page read and write
|
||
|
5CF0000
|
trusted library allocation
|
page read and write
|
||
|
2900000
|
trusted library allocation
|
page read and write
|
||
|
5378000
|
trusted library allocation
|
page read and write
|
||
|
6D8E000
|
stack
|
page read and write
|
||
|
D18000
|
heap
|
page read and write
|
||
|
C0E000
|
stack
|
page read and write
|
||
|
1993000
|
trusted library allocation
|
page execute and read and write
|
||
|
3E40000
|
trusted library allocation
|
page read and write
|
||
|
E70000
|
heap
|
page read and write
|
||
|
C57000
|
heap
|
page read and write
|
||
|
33EE000
|
stack
|
page read and write
|
||
|
80DE000
|
stack
|
page read and write
|
||
|
CBB000
|
trusted library allocation
|
page execute and read and write
|
||
|
7BD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
D5E000
|
stack
|
page read and write
|
||
|
5B70000
|
heap
|
page read and write
|
||
|
2770000
|
heap
|
page read and write
|
||
|
3AF9000
|
trusted library allocation
|
page read and write
|
||
|
31E5000
|
trusted library allocation
|
page read and write
|
||
|
6EED000
|
heap
|
page read and write
|
||
|
6EE7000
|
heap
|
page read and write
|
||
|
710E000
|
stack
|
page read and write
|
||
|
56A0000
|
trusted library allocation
|
page read and write
|
||
|
108B000
|
stack
|
page read and write
|
||
|
52C0000
|
heap
|
page execute and read and write
|
||
|
56B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
100E000
|
stack
|
page read and write
|
||
|
C90000
|
trusted library allocation
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
58BD000
|
trusted library allocation
|
page read and write
|
||
|
31D0000
|
trusted library allocation
|
page read and write
|
||
|
19AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
185E000
|
stack
|
page read and write
|
||
|
4F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
5380000
|
trusted library allocation
|
page read and write
|
There are 329 hidden memdumps, click here to show them.