Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Purchase Inquiry_002.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Purchase Inquiry_002.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmp3EA3.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\xASiLfzXONGIW.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\xASiLfzXONGIW.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\ios\logs.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\xASiLfzXONGIW.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_33v4kdys.yge.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3ryrwtse.3j2.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_43yswqfg.a4e.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u1iadovm.elz.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ul5pcprh.0rg.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_un2hzs0q.jig.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xb5laily.wjp.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xgkyn1bq.i3f.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp4FBA.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Purchase Inquiry_002.exe
|
"C:\Users\user\Desktop\Purchase Inquiry_002.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Purchase
Inquiry_002.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\xASiLfzXONGIW.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\xASiLfzXONGIW" /XML "C:\Users\user\AppData\Local\Temp\tmp3EA3.tmp"
|
|
|
|
C:\Users\user\Desktop\Purchase Inquiry_002.exe
|
"C:\Users\user\Desktop\Purchase Inquiry_002.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\xASiLfzXONGIW.exe
|
C:\Users\user\AppData\Roaming\xASiLfzXONGIW.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\xASiLfzXONGIW" /XML "C:\Users\user\AppData\Local\Temp\tmp4FBA.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\xASiLfzXONGIW.exe
|
"C:\Users\user\AppData\Roaming\xASiLfzXONGIW.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 3 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
cee.work.gd
|
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
http://geoplugin.net/json.gp7
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://tempuri.org/project_mgtDataSet.xsdOproject_mgt_system.Properties.Resources
|
unknown
|
||
|
http://geoplugin.net/json.gpSystem32
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
cee.work.gd
|
154.216.19.141
|
|
|
|
geoplugin.net
|
178.237.33.50
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
154.216.19.141
|
cee.work.gd
|
Seychelles
|
|
|
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\gig-1IH5DX
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\gig-1IH5DX
|
licence
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3965000
|
trusted library allocation
|
page read and write
|
|
|
|
4337000
|
trusted library allocation
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
1237000
|
heap
|
page read and write
|
|
|
|
1537000
|
heap
|
page read and write
|
|
|
|
3F65000
|
trusted library allocation
|
page read and write
|
|
|
|
2F0E000
|
stack
|
page read and write
|
||
|
2630000
|
trusted library allocation
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
BB5E000
|
stack
|
page read and write
|
||
|
2EA6000
|
trusted library allocation
|
page read and write
|
||
|
BD9C000
|
stack
|
page read and write
|
||
|
13BB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F6C000
|
trusted library allocation
|
page read and write
|
||
|
2831000
|
trusted library allocation
|
page read and write
|
||
|
1080000
|
trusted library allocation
|
page read and write
|
||
|
FA7000
|
heap
|
page read and write
|
||
|
5000000
|
trusted library allocation
|
page read and write
|
||
|
1510000
|
heap
|
page read and write
|
||
|
7156000
|
heap
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
2F02000
|
trusted library allocation
|
page read and write
|
||
|
362000
|
unkown
|
page readonly
|
||
|
701E000
|
heap
|
page read and write
|
||
|
B49D000
|
stack
|
page read and write
|
||
|
7FE000
|
stack
|
page read and write
|
||
|
6E2E000
|
stack
|
page read and write
|
||
|
BBDE000
|
stack
|
page read and write
|
||
|
1530000
|
heap
|
page read and write
|
||
|
B65D000
|
stack
|
page read and write
|
||
|
716A000
|
heap
|
page read and write
|
||
|
4937000
|
trusted library allocation
|
page read and write
|
||
|
1290000
|
trusted library allocation
|
page read and write
|
||
|
4072000
|
trusted library allocation
|
page read and write
|
||
|
574E000
|
stack
|
page read and write
|
||
|
B31E000
|
stack
|
page read and write
|
||
|
1274000
|
trusted library allocation
|
page read and write
|
||
|
FBF000
|
heap
|
page read and write
|
||
|
1514000
|
heap
|
page read and write
|
||
|
45D000
|
stack
|
page read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
5080000
|
heap
|
page read and write
|
||
|
6CE0000
|
trusted library allocation
|
page read and write
|
||
|
49AD000
|
trusted library allocation
|
page read and write
|
||
|
4A22000
|
trusted library allocation
|
page read and write
|
||
|
2604000
|
trusted library allocation
|
page read and write
|
||
|
2650000
|
trusted library allocation
|
page read and write
|
||
|
4FF0000
|
heap
|
page execute and read and write
|
||
|
BD2000
|
heap
|
page read and write
|
||
|
1510000
|
heap
|
page read and write
|
||
|
FEB000
|
stack
|
page read and write
|
||
|
5090000
|
trusted library allocation
|
page execute and read and write
|
||
|
57E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1296000
|
trusted library allocation
|
page execute and read and write
|
||
|
407E000
|
trusted library allocation
|
page read and write
|
||
|
4DA000
|
stack
|
page read and write
|
||
|
2DFC000
|
stack
|
page read and write
|
||
|
F7E000
|
stack
|
page read and write
|
||
|
2E20000
|
heap
|
page read and write
|
||
|
3839000
|
trusted library allocation
|
page read and write
|
||
|
128D000
|
trusted library allocation
|
page execute and read and write
|
||
|
B9F000
|
heap
|
page read and write
|
||
|
4D4D000
|
trusted library allocation
|
page read and write
|
||
|
7192000
|
heap
|
page read and write
|
||
|
BA1000
|
heap
|
page read and write
|
||
|
B51F000
|
stack
|
page read and write
|
||
|
49CC000
|
stack
|
page read and write
|
||
|
5590000
|
heap
|
page read and write
|
||
|
300E000
|
stack
|
page read and write
|
||
|
4E00000
|
heap
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
318C000
|
stack
|
page read and write
|
||
|
1095000
|
heap
|
page read and write
|
||
|
6F30000
|
trusted library section
|
page read and write
|
||
|
B45E000
|
stack
|
page read and write
|
||
|
96E000
|
stack
|
page read and write
|
||
|
4D90000
|
trusted library allocation
|
page read and write
|
||
|
11A0000
|
heap
|
page read and write
|
||
|
1564000
|
heap
|
page read and write
|
||
|
471000
|
remote allocation
|
page execute and read and write
|
||
|
129A000
|
trusted library allocation
|
page execute and read and write
|
||
|
B55D000
|
stack
|
page read and write
|
||
|
2EEF000
|
stack
|
page read and write
|
||
|
1370000
|
heap
|
page read and write
|
||
|
D5E000
|
stack
|
page read and write
|
||
|
1500000
|
trusted library allocation
|
page read and write
|
||
|
46E000
|
remote allocation
|
page execute and read and write
|
||
|
52B0000
|
trusted library allocation
|
page read and write
|
||
|
1026000
|
heap
|
page read and write
|
||
|
103C000
|
stack
|
page read and write
|
||
|
304B000
|
stack
|
page read and write
|
||
|
6F2E000
|
stack
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
7122000
|
trusted library allocation
|
page read and write
|
||
|
4D3E000
|
trusted library allocation
|
page read and write
|
||
|
5530000
|
heap
|
page read and write
|
||
|
5765000
|
heap
|
page read and write
|
||
|
B6E000
|
heap
|
page read and write
|
||
|
279F000
|
stack
|
page read and write
|
||
|
B91E000
|
stack
|
page read and write
|
||
|
2810000
|
trusted library allocation
|
page execute and read and write
|
||
|
B1DF000
|
stack
|
page read and write
|
||
|
BC9B000
|
stack
|
page read and write
|
||
|
5857000
|
trusted library allocation
|
page read and write
|
||
|
3F1E000
|
trusted library allocation
|
page read and write
|
||
|
6BD0000
|
heap
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
BB9C000
|
stack
|
page read and write
|
||
|
B8DD000
|
stack
|
page read and write
|
||
|
32F8000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
2E6F000
|
unkown
|
page read and write
|
||
|
27A0000
|
heap
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
1273000
|
trusted library allocation
|
page execute and read and write
|
||
|
6D20000
|
trusted library allocation
|
page read and write
|
||
|
B59D000
|
stack
|
page read and write
|
||
|
2DBE000
|
stack
|
page read and write
|
||
|
5360000
|
trusted library allocation
|
page read and write
|
||
|
13B7000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E10000
|
trusted library allocation
|
page read and write
|
||
|
BBD000
|
stack
|
page read and write
|
||
|
5F0E000
|
stack
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
1410000
|
heap
|
page execute and read and write
|
||
|
2600000
|
trusted library allocation
|
page read and write
|
||
|
2620000
|
trusted library allocation
|
page read and write
|
||
|
6A20000
|
heap
|
page read and write
|
||
|
4DB0000
|
heap
|
page read and write
|
||
|
1578000
|
heap
|
page read and write
|
||
|
FB4000
|
heap
|
page read and write
|
||
|
BDDE000
|
stack
|
page read and write
|
||
|
5070000
|
heap
|
page read and write
|
||
|
269E000
|
stack
|
page read and write
|
||
|
B50000
|
trusted library allocation
|
page read and write
|
||
|
B5A0000
|
heap
|
page read and write
|
||
|
51C0000
|
heap
|
page read and write
|
||
|
2603000
|
trusted library allocation
|
page execute and read and write
|
||
|
5330000
|
trusted library allocation
|
page read and write
|
||
|
4D10000
|
trusted library allocation
|
page read and write
|
||
|
5540000
|
heap
|
page execute and read and write
|
||
|
B4A000
|
stack
|
page read and write
|
||
|
4D70000
|
trusted library allocation
|
page read and write
|
||
|
6CD0000
|
trusted library allocation
|
page read and write
|
||
|
13F0000
|
trusted library allocation
|
page read and write
|
||
|
364F000
|
stack
|
page read and write
|
||
|
6C49000
|
heap
|
page read and write
|
||
|
B3DE000
|
stack
|
page read and write
|
||
|
55A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1480000
|
heap
|
page read and write
|
||
|
5520000
|
trusted library section
|
page readonly
|
||
|
391E000
|
trusted library allocation
|
page read and write
|
||
|
8ACF000
|
stack
|
page read and write
|
||
|
1404000
|
trusted library allocation
|
page read and write
|
||
|
83F000
|
stack
|
page read and write
|
||
|
126F000
|
stack
|
page read and write
|
||
|
33CF000
|
stack
|
page read and write
|
||
|
262A000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D24000
|
trusted library allocation
|
page read and write
|
||
|
52B4000
|
trusted library allocation
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
2637000
|
trusted library allocation
|
page execute and read and write
|
||
|
1400000
|
trusted library allocation
|
page read and write
|
||
|
6D38000
|
trusted library allocation
|
page read and write
|
||
|
328F000
|
stack
|
page read and write
|
||
|
5F10000
|
heap
|
page read and write
|
||
|
FC1000
|
heap
|
page read and write
|
||
|
2EAE000
|
stack
|
page read and write
|
||
|
5760000
|
heap
|
page read and write
|
||
|
354E000
|
stack
|
page read and write
|
||
|
280B000
|
stack
|
page read and write
|
||
|
13B0000
|
trusted library allocation
|
page read and write
|
||
|
B87000
|
heap
|
page read and write
|
||
|
4DB3000
|
heap
|
page read and write
|
||
|
7195000
|
heap
|
page read and write
|
||
|
8B7E000
|
stack
|
page read and write
|
||
|
52A0000
|
heap
|
page read and write
|
||
|
1280000
|
trusted library allocation
|
page read and write
|
||
|
1596000
|
heap
|
page read and write
|
||
|
B29E000
|
stack
|
page read and write
|
||
|
5920000
|
heap
|
page read and write
|
||
|
12A0000
|
heap
|
page read and write
|
||
|
558B000
|
stack
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
5800000
|
trusted library allocation
|
page read and write
|
||
|
4838000
|
trusted library allocation
|
page read and write
|
||
|
3E31000
|
trusted library allocation
|
page read and write
|
||
|
B2DE000
|
stack
|
page read and write
|
||
|
7420000
|
trusted library allocation
|
page execute and read and write
|
||
|
B21E000
|
stack
|
page read and write
|
||
|
5F21000
|
heap
|
page read and write
|
||
|
105B000
|
heap
|
page read and write
|
||
|
145E000
|
stack
|
page read and write
|
||
|
159C000
|
heap
|
page read and write
|
||
|
7350000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F6A000
|
trusted library allocation
|
page read and write
|
||
|
1283000
|
trusted library allocation
|
page read and write
|
||
|
2622000
|
trusted library allocation
|
page read and write
|
||
|
AFE000
|
stack
|
page read and write
|
||
|
28A6000
|
trusted library allocation
|
page read and write
|
||
|
2820000
|
heap
|
page read and write
|
||
|
5930000
|
heap
|
page read and write
|
||
|
2E10000
|
trusted library allocation
|
page read and write
|
||
|
6D80000
|
trusted library allocation
|
page execute and read and write
|
||
|
52D1000
|
trusted library allocation
|
page read and write
|
||
|
5D7000
|
stack
|
page read and write
|
||
|
5310000
|
heap
|
page read and write
|
||
|
1406000
|
trusted library allocation
|
page read and write
|
||
|
ABF000
|
stack
|
page read and write
|
||
|
F3E000
|
stack
|
page read and write
|
||
|
261D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D20000
|
trusted library allocation
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
2E31000
|
trusted library allocation
|
page read and write
|
||
|
9B5000
|
heap
|
page read and write
|
||
|
3831000
|
trusted library allocation
|
page read and write
|
||
|
442000
|
unkown
|
page readonly
|
||
|
2613000
|
trusted library allocation
|
page read and write
|
||
|
B3E000
|
stack
|
page read and write
|
||
|
5850000
|
trusted library allocation
|
page read and write
|
||
|
27C0000
|
heap
|
page execute and read and write
|
||
|
13B2000
|
trusted library allocation
|
page read and write
|
||
|
51C5000
|
heap
|
page read and write
|
||
|
6C0D000
|
heap
|
page read and write
|
||
|
5060000
|
trusted library section
|
page readonly
|
||
|
3FB8000
|
trusted library allocation
|
page read and write
|
||
|
4D41000
|
trusted library allocation
|
page read and write
|
||
|
66E000
|
unkown
|
page read and write
|
||
|
B35E000
|
stack
|
page read and write
|
||
|
52DD000
|
trusted library allocation
|
page read and write
|
||
|
1270000
|
trusted library allocation
|
page read and write
|
||
|
2626000
|
trusted library allocation
|
page execute and read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
2E05000
|
trusted library allocation
|
page read and write
|
||
|
EF7000
|
stack
|
page read and write
|
||
|
52A3000
|
heap
|
page read and write
|
||
|
6D7E000
|
stack
|
page read and write
|
||
|
49A000
|
stack
|
page read and write
|
||
|
1090000
|
heap
|
page read and write
|
||
|
C60000
|
heap
|
page read and write
|
||
|
3FEF000
|
stack
|
page read and write
|
||
|
53A000
|
heap
|
page read and write
|
||
|
B0DE000
|
stack
|
page read and write
|
||
|
B89F000
|
stack
|
page read and write
|
||
|
6D30000
|
trusted library allocation
|
page read and write
|
||
|
4D80000
|
trusted library allocation
|
page read and write
|
||
|
BEDE000
|
stack
|
page read and write
|
||
|
15A7000
|
heap
|
page read and write
|
||
|
5958000
|
heap
|
page read and write
|
||
|
1003000
|
heap
|
page read and write
|
||
|
360000
|
unkown
|
page readonly
|
||
|
505B000
|
stack
|
page read and write
|
||
|
6CC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D46000
|
trusted library allocation
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
F9F000
|
heap
|
page read and write
|
||
|
BA9B000
|
stack
|
page read and write
|
||
|
EEC000
|
stack
|
page read and write
|
||
|
F8E000
|
heap
|
page read and write
|
||
|
5370000
|
trusted library allocation
|
page read and write
|
||
|
13E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
F88000
|
heap
|
page read and write
|
||
|
1292000
|
trusted library allocation
|
page read and write
|
||
|
4137000
|
trusted library allocation
|
page read and write
|
||
|
3E39000
|
trusted library allocation
|
page read and write
|
||
|
5840000
|
trusted library allocation
|
page read and write
|
||
|
6DDE000
|
stack
|
page read and write
|
||
|
BFA000
|
stack
|
page read and write
|
||
|
5380000
|
trusted library allocation
|
page read and write
|
||
|
7010000
|
heap
|
page read and write
|
||
|
B68000
|
heap
|
page read and write
|
||
|
4D85000
|
trusted library allocation
|
page read and write
|
||
|
DBE000
|
unkown
|
page read and write
|
||
|
4F2C000
|
stack
|
page read and write
|
||
|
4D52000
|
trusted library allocation
|
page read and write
|
||
|
52BB000
|
trusted library allocation
|
page read and write
|
||
|
471000
|
remote allocation
|
page execute and read and write
|
||
|
314F000
|
stack
|
page read and write
|
||
|
E5F000
|
stack
|
page read and write
|
||
|
6D90000
|
trusted library allocation
|
page execute and read and write
|
||
|
475000
|
remote allocation
|
page execute and read and write
|
||
|
4D2B000
|
trusted library allocation
|
page read and write
|
||
|
4E20000
|
trusted library allocation
|
page execute and read and write
|
||
|
5280000
|
trusted library allocation
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
7BE000
|
unkown
|
page read and write
|
||
|
7130000
|
heap
|
page read and write
|
||
|
B660000
|
heap
|
page read and write
|
||
|
4E12000
|
trusted library allocation
|
page read and write
|
||
|
263B000
|
trusted library allocation
|
page execute and read and write
|
||
|
13AF000
|
stack
|
page read and write
|
||
|
5320000
|
heap
|
page read and write
|
||
|
B41E000
|
stack
|
page read and write
|
||
|
B7DE000
|
stack
|
page read and write
|
||
|
1468000
|
trusted library allocation
|
page read and write
|
||
|
2F20000
|
heap
|
page read and write
|
||
|
5802000
|
trusted library allocation
|
page read and write
|
||
|
32F0000
|
heap
|
page read and write
|
||
|
5010000
|
trusted library allocation
|
page read and write
|
||
|
113C000
|
stack
|
page read and write
|
||
|
2610000
|
trusted library allocation
|
page read and write
|
||
|
B9DE000
|
stack
|
page read and write
|
||
|
6CB0000
|
trusted library section
|
page read and write
|
||
|
5340000
|
trusted library allocation
|
page execute and read and write
|
||
|
BD1E000
|
stack
|
page read and write
|
||
|
1250000
|
heap
|
page read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
57F0000
|
trusted library allocation
|
page read and write
|
||
|
B79D000
|
stack
|
page read and write
|
||
|
BCDE000
|
stack
|
page read and write
|
||
|
BC5F000
|
stack
|
page read and write
|
||
|
127D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D60000
|
trusted library allocation
|
page read and write
|
||
|
3EFE000
|
trusted library allocation
|
page read and write
|
||
|
13D0000
|
trusted library allocation
|
page read and write
|
||
|
B81E000
|
stack
|
page read and write
|
||
|
15B0000
|
heap
|
page read and write
|
||
|
977000
|
heap
|
page read and write
|
||
|
C41000
|
heap
|
page read and write
|
||
|
4E50000
|
heap
|
page read and write
|
||
|
2632000
|
trusted library allocation
|
page read and write
|
||
|
B6DE000
|
stack
|
page read and write
|
||
|
52CE000
|
trusted library allocation
|
page read and write
|
||
|
2E00000
|
trusted library allocation
|
page read and write
|
||
|
52CD000
|
stack
|
page read and write
|
||
|
3EEE000
|
stack
|
page read and write
|
||
|
BE1E000
|
stack
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
32CE000
|
stack
|
page read and write
|
||
|
55C0000
|
trusted library allocation
|
page read and write
|
||
|
260D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4DC0000
|
trusted library allocation
|
page read and write
|
||
|
5332000
|
trusted library allocation
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
730F000
|
stack
|
page read and write
|
||
|
52D6000
|
trusted library allocation
|
page read and write
|
||
|
296C000
|
trusted library allocation
|
page read and write
|
||
|
5950000
|
heap
|
page read and write
|
||
|
734E000
|
stack
|
page read and write
|
There are 331 hidden memdumps, click here to show them.