Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Aura.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Aura.exe_e9ccdead3da720bcd67a7c350b694bf781f7f_581b5296_06915200-1f3b-4d4c-8328-97b9cf82a67b\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\gdi32.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC939.tmp.dmp
|
Mini DuMP crash report, 15 streams, Sat Nov 23 13:17:46 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCCC4.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCD13.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Logs\SIH\SIH.20241123.081801.076.1.etl
|
data
|
dropped
|
||
|
C:\Windows\SoftwareDistribution\SLS\522D76A4-93E1-47F8-B8CE-07C937AD1A1E\TMP11BB.tmp
|
Microsoft Cabinet archive data, single, 462 bytes, 1 file, at 0x44 +Utf "environment.xml", flags 0x4, ID 31944, number 1,
extra bytes 20 in head, 1 datablock, 0x1 compression
|
dropped
|
||
|
C:\Windows\SoftwareDistribution\SLS\522D76A4-93E1-47F8-B8CE-07C937AD1A1E\sls.cab
|
Microsoft Cabinet archive data, single, 7826 bytes, 1 file, at 0x44 +Utf "environment.cab", flags 0x4, ID 53283, number 1,
extra bytes 20 in head, 1 datablock, 0x1 compression
|
dropped
|
||
|
C:\Windows\SoftwareDistribution\SLS\E7A50285-D08D-499D-9FF8-180FDC2332BC\TMP1E79.tmp
|
Microsoft Cabinet archive data, single, 858 bytes, 1 file, at 0x44 +Utf "environment.xml", flags 0x4, ID 12183, number 1,
extra bytes 20 in head, 1 datablock, 0x1 compression
|
dropped
|
||
|
C:\Windows\SoftwareDistribution\SLS\E7A50285-D08D-499D-9FF8-180FDC2332BC\sls.cab
|
Microsoft Cabinet archive data, single, 11149 bytes, 1 file, at 0x44 +Utf "environment.cab", flags 0x4, ID 18779, number 1,
extra bytes 20 in head, 1 datablock, 0x1 compression
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with very long lines (351), with CRLF, LF line terminators
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Aura.exe
|
"C:\Users\user\Desktop\Aura.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 1228
|
||
|
C:\Windows\System32\SIHClient.exe
|
C:\Windows\System32\sihclient.exe /cv jMwXD3dEvUmoR35eQmr9Ww.0.2
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://property-imper.sbs/api%
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
http://ocsp.entrust.net02
|
unknown
|
||
|
http://www.entrust.net/rpa03
|
unknown
|
||
|
https://property-imper.sbs/api
|
104.21.33.116
|
||
|
http://aia.entrust.net/ts1-chain256.cer01
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://property-imper.sbs/Qq
|
unknown
|
||
|
http://crl.entrust.net/ts1ca.crl0
|
unknown
|
||
|
https://property-imper.sbs/
|
unknown
|
||
|
https://property-imper.sbs/apiNlV&
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
||
|
https://www.entrust.net/rpa0
|
unknown
|
There are 3 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
property-imper.sbs
|
104.21.33.116
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.21.33.116
|
property-imper.sbs
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{65a5dfe5-24ed-414b-b06b-e7a5c87f82f6}\Root\InventoryApplicationFile\aura.exe|3be06526747a20c7
|
ProgramId
|
||
|
\REGISTRY\A\{65a5dfe5-24ed-414b-b06b-e7a5c87f82f6}\Root\InventoryApplicationFile\aura.exe|3be06526747a20c7
|
FileId
|
||
|
\REGISTRY\A\{65a5dfe5-24ed-414b-b06b-e7a5c87f82f6}\Root\InventoryApplicationFile\aura.exe|3be06526747a20c7
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{65a5dfe5-24ed-414b-b06b-e7a5c87f82f6}\Root\InventoryApplicationFile\aura.exe|3be06526747a20c7
|
LongPathHash
|
||
|
\REGISTRY\A\{65a5dfe5-24ed-414b-b06b-e7a5c87f82f6}\Root\InventoryApplicationFile\aura.exe|3be06526747a20c7
|
Name
|
||
|
\REGISTRY\A\{65a5dfe5-24ed-414b-b06b-e7a5c87f82f6}\Root\InventoryApplicationFile\aura.exe|3be06526747a20c7
|
OriginalFileName
|
||
|
\REGISTRY\A\{65a5dfe5-24ed-414b-b06b-e7a5c87f82f6}\Root\InventoryApplicationFile\aura.exe|3be06526747a20c7
|
Publisher
|
||
|
\REGISTRY\A\{65a5dfe5-24ed-414b-b06b-e7a5c87f82f6}\Root\InventoryApplicationFile\aura.exe|3be06526747a20c7
|
Version
|
||
|
\REGISTRY\A\{65a5dfe5-24ed-414b-b06b-e7a5c87f82f6}\Root\InventoryApplicationFile\aura.exe|3be06526747a20c7
|
BinFileVersion
|
||
|
\REGISTRY\A\{65a5dfe5-24ed-414b-b06b-e7a5c87f82f6}\Root\InventoryApplicationFile\aura.exe|3be06526747a20c7
|
BinaryType
|
||
|
\REGISTRY\A\{65a5dfe5-24ed-414b-b06b-e7a5c87f82f6}\Root\InventoryApplicationFile\aura.exe|3be06526747a20c7
|
ProductName
|
||
|
\REGISTRY\A\{65a5dfe5-24ed-414b-b06b-e7a5c87f82f6}\Root\InventoryApplicationFile\aura.exe|3be06526747a20c7
|
ProductVersion
|
||
|
\REGISTRY\A\{65a5dfe5-24ed-414b-b06b-e7a5c87f82f6}\Root\InventoryApplicationFile\aura.exe|3be06526747a20c7
|
LinkDate
|
||
|
\REGISTRY\A\{65a5dfe5-24ed-414b-b06b-e7a5c87f82f6}\Root\InventoryApplicationFile\aura.exe|3be06526747a20c7
|
BinProductVersion
|
||
|
\REGISTRY\A\{65a5dfe5-24ed-414b-b06b-e7a5c87f82f6}\Root\InventoryApplicationFile\aura.exe|3be06526747a20c7
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{65a5dfe5-24ed-414b-b06b-e7a5c87f82f6}\Root\InventoryApplicationFile\aura.exe|3be06526747a20c7
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{65a5dfe5-24ed-414b-b06b-e7a5c87f82f6}\Root\InventoryApplicationFile\aura.exe|3be06526747a20c7
|
Size
|
||
|
\REGISTRY\A\{65a5dfe5-24ed-414b-b06b-e7a5c87f82f6}\Root\InventoryApplicationFile\aura.exe|3be06526747a20c7
|
Language
|
||
|
\REGISTRY\A\{65a5dfe5-24ed-414b-b06b-e7a5c87f82f6}\Root\InventoryApplicationFile\aura.exe|3be06526747a20c7
|
Usn
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
B41000
|
heap
|
page read and write
|
||
|
29D86594000
|
heap
|
page read and write
|
||
|
285E000
|
stack
|
page read and write
|
||
|
29D863C3000
|
heap
|
page read and write
|
||
|
29D85BD0000
|
heap
|
page read and write
|
||
|
92ED000
|
stack
|
page read and write
|
||
|
29FC000
|
heap
|
page read and write
|
||
|
29D859A3000
|
heap
|
page read and write
|
||
|
4D0F000
|
stack
|
page read and write
|
||
|
29D866E8000
|
heap
|
page read and write
|
||
|
90E000
|
stack
|
page read and write
|
||
|
29D85BD5000
|
heap
|
page read and write
|
||
|
29D85A0C000
|
heap
|
page read and write
|
||
|
29D859B7000
|
heap
|
page read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
29D859EB000
|
heap
|
page read and write
|
||
|
29D86597000
|
heap
|
page read and write
|
||
|
29D863AB000
|
heap
|
page read and write
|
||
|
29D859EB000
|
heap
|
page read and write
|
||
|
44BD000
|
stack
|
page read and write
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
29D866F6000
|
heap
|
page read and write
|
||
|
6EC0000
|
trusted library allocation
|
page read and write
|
||
|
29D85932000
|
heap
|
page read and write
|
||
|
29D8659A000
|
heap
|
page read and write
|
||
|
27C4000
|
remote allocation
|
page readonly
|
||
|
29D863B3000
|
heap
|
page read and write
|
||
|
BBE000
|
heap
|
page read and write
|
||
|
2A77000
|
heap
|
page read and write
|
||
|
F68307D000
|
stack
|
page read and write
|
||
|
29D866F8000
|
heap
|
page read and write
|
||
|
A90000
|
trusted library allocation
|
page read and write
|
||
|
29D863D9000
|
heap
|
page read and write
|
||
|
29D85972000
|
heap
|
page read and write
|
||
|
29D86597000
|
heap
|
page read and write
|
||
|
D9D000
|
stack
|
page read and write
|
||
|
29D859A3000
|
heap
|
page read and write
|
||
|
29D866E7000
|
heap
|
page read and write
|
||
|
2A80000
|
heap
|
page read and write
|
||
|
29D864B0000
|
heap
|
page read and write
|
||
|
2A93000
|
heap
|
page read and write
|
||
|
29D85958000
|
heap
|
page read and write
|
||
|
29D863B8000
|
heap
|
page read and write
|
||
|
495E000
|
stack
|
page read and write
|
||
|
29D85972000
|
heap
|
page read and write
|
||
|
484E000
|
stack
|
page read and write
|
||
|
29D866EF000
|
heap
|
page read and write
|
||
|
29D863B5000
|
heap
|
page read and write
|
||
|
29F8000
|
heap
|
page read and write
|
||
|
29D859B6000
|
heap
|
page read and write
|
||
|
29D863A5000
|
heap
|
page read and write
|
||
|
4BA0000
|
trusted library allocation
|
page read and write
|
||
|
29D866F6000
|
heap
|
page read and write
|
||
|
29D859EB000
|
heap
|
page read and write
|
||
|
29D85919000
|
heap
|
page read and write
|
||
|
2A29000
|
heap
|
page read and write
|
||
|
29D85910000
|
heap
|
page read and write
|
||
|
29D85958000
|
heap
|
page read and write
|
||
|
4BAD000
|
stack
|
page read and write
|
||
|
AA3000
|
trusted library allocation
|
page execute and read and write
|
||
|
F682D7E000
|
stack
|
page read and write
|
||
|
6CDCC000
|
unkown
|
page readonly
|
||
|
D3E000
|
stack
|
page read and write
|
||
|
29D859A3000
|
heap
|
page read and write
|
||
|
29D859A3000
|
heap
|
page read and write
|
||
|
29D859EB000
|
heap
|
page read and write
|
||
|
29D863CD000
|
heap
|
page read and write
|
||
|
543E000
|
stack
|
page read and write
|
||
|
AA4000
|
trusted library allocation
|
page read and write
|
||
|
AA0000
|
trusted library allocation
|
page read and write
|
||
|
94E000
|
stack
|
page read and write
|
||
|
29D863C4000
|
heap
|
page read and write
|
||
|
29D859B7000
|
heap
|
page read and write
|
||
|
29FC000
|
heap
|
page read and write
|
||
|
2A29000
|
heap
|
page read and write
|
||
|
29D8598E000
|
heap
|
page read and write
|
||
|
29D86590000
|
heap
|
page read and write
|
||
|
2751000
|
trusted library allocation
|
page read and write
|
||
|
2650000
|
heap
|
page read and write
|
||
|
29D863C4000
|
heap
|
page read and write
|
||
|
29D863B4000
|
heap
|
page read and write
|
||
|
F682F7F000
|
stack
|
page read and write
|
||
|
BCE000
|
heap
|
page read and write
|
||
|
29D8659E000
|
heap
|
page read and write
|
||
|
4EC0000
|
heap
|
page read and write
|
||
|
F682E7F000
|
stack
|
page read and write
|
||
|
51BE000
|
stack
|
page read and write
|
||
|
4E7F000
|
stack
|
page read and write
|
||
|
29D859EB000
|
heap
|
page read and write
|
||
|
2BDE000
|
stack
|
page read and write
|
||
|
29D863C7000
|
heap
|
page read and write
|
||
|
AAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
29D859EB000
|
heap
|
page read and write
|
||
|
93ED000
|
stack
|
page read and write
|
||
|
29D85994000
|
heap
|
page read and write
|
||
|
29D859EB000
|
heap
|
page read and write
|
||
|
B08000
|
heap
|
page read and write
|
||
|
2720000
|
trusted library allocation
|
page read and write
|
||
|
CFE000
|
stack
|
page read and write
|
||
|
AD7000
|
trusted library allocation
|
page execute and read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
330000
|
unkown
|
page readonly
|
||
|
29D859EB000
|
heap
|
page read and write
|
||
|
29D859A3000
|
heap
|
page read and write
|
||
|
BA9000
|
heap
|
page read and write
|
||
|
ADB000
|
trusted library allocation
|
page execute and read and write
|
||
|
29D863F1000
|
heap
|
page read and write
|
||
|
2A06000
|
heap
|
page read and write
|
||
|
29D866F2000
|
heap
|
page read and write
|
||
|
29D86393000
|
heap
|
page read and write
|
||
|
2A86000
|
heap
|
page read and write
|
||
|
29D863D0000
|
heap
|
page read and write
|
||
|
29D859EB000
|
heap
|
page read and write
|
||
|
3751000
|
trusted library allocation
|
page read and write
|
||
|
29D863C9000
|
heap
|
page read and write
|
||
|
29D85958000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
2A8D000
|
heap
|
page read and write
|
||
|
F682FFE000
|
stack
|
page read and write
|
||
|
2A34000
|
heap
|
page read and write
|
||
|
29D8598E000
|
heap
|
page read and write
|
||
|
3E2000
|
unkown
|
page readonly
|
||
|
71EE000
|
stack
|
page read and write
|
||
|
D50000
|
heap
|
page read and write
|
||
|
4A60000
|
remote allocation
|
page read and write
|
||
|
29D85991000
|
heap
|
page read and write
|
||
|
AB4000
|
trusted library allocation
|
page read and write
|
||
|
29D85A0C000
|
heap
|
page read and write
|
||
|
29D85A0C000
|
heap
|
page read and write
|
||
|
29D85914000
|
heap
|
page read and write
|
||
|
29D863E5000
|
heap
|
page read and write
|
||
|
29D8591B000
|
heap
|
page read and write
|
||
|
B34000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
BD1000
|
heap
|
page read and write
|
||
|
275B000
|
stack
|
page read and write
|
||
|
50BE000
|
stack
|
page read and write
|
||
|
29D863A0000
|
heap
|
page read and write
|
||
|
29D85918000
|
heap
|
page read and write
|
||
|
D40000
|
trusted library allocation
|
page execute and read and write
|
||
|
29D85B00000
|
heap
|
page read and write
|
||
|
2A11000
|
heap
|
page read and write
|
||
|
29D8659A000
|
heap
|
page read and write
|
||
|
4B90000
|
trusted library section
|
page read and write
|
||
|
29D8592D000
|
heap
|
page read and write
|
||
|
29D863AF000
|
heap
|
page read and write
|
||
|
29D859A3000
|
heap
|
page read and write
|
||
|
29D859EB000
|
heap
|
page read and write
|
||
|
2764000
|
trusted library allocation
|
page read and write
|
||
|
2810000
|
heap
|
page read and write
|
||
|
29D85991000
|
heap
|
page read and write
|
||
|
29D85A0C000
|
heap
|
page read and write
|
||
|
29D863C4000
|
heap
|
page read and write
|
||
|
332000
|
unkown
|
page execute and read and write
|
||
|
52FE000
|
stack
|
page read and write
|
||
|
29D86398000
|
heap
|
page read and write
|
||
|
275B000
|
trusted library allocation
|
page read and write
|
||
|
27C7000
|
remote allocation
|
page execute and read and write
|
||
|
29D863CC000
|
heap
|
page read and write
|
||
|
51FE000
|
stack
|
page read and write
|
||
|
298E000
|
stack
|
page read and write
|
||
|
265B000
|
stack
|
page read and write
|
||
|
29D859A3000
|
heap
|
page read and write
|
||
|
29D85972000
|
heap
|
page read and write
|
||
|
332000
|
unkown
|
page readonly
|
||
|
29D85A03000
|
heap
|
page read and write
|
||
|
2A70000
|
heap
|
page read and write
|
||
|
330000
|
unkown
|
page execute and read and write
|
||
|
F682C77000
|
stack
|
page read and write
|
||
|
29D85980000
|
heap
|
page read and write
|
||
|
29D859B7000
|
heap
|
page read and write
|
||
|
2740000
|
heap
|
page read and write
|
||
|
B6B000
|
heap
|
page read and write
|
||
|
B2C000
|
heap
|
page read and write
|
||
|
29D85921000
|
heap
|
page read and write
|
||
|
6CDD2000
|
unkown
|
page read and write
|
||
|
29D863B2000
|
heap
|
page read and write
|
||
|
270E000
|
stack
|
page read and write
|
||
|
4A60000
|
remote allocation
|
page read and write
|
||
|
29D866EC000
|
heap
|
page read and write
|
||
|
29D85973000
|
heap
|
page read and write
|
||
|
2A86000
|
heap
|
page read and write
|
||
|
29D85A0C000
|
heap
|
page read and write
|
||
|
264E000
|
stack
|
page read and write
|
||
|
29D86593000
|
heap
|
page read and write
|
||
|
2A8F000
|
heap
|
page read and write
|
||
|
29D85A0C000
|
heap
|
page read and write
|
||
|
F682EFB000
|
stack
|
page read and write
|
||
|
29D85945000
|
heap
|
page read and write
|
||
|
29D863CB000
|
heap
|
page read and write
|
||
|
29D863CD000
|
heap
|
page read and write
|
||
|
29D85917000
|
heap
|
page read and write
|
||
|
2A48000
|
heap
|
page read and write
|
||
|
29D85A0C000
|
heap
|
page read and write
|
||
|
29D859B7000
|
heap
|
page read and write
|
||
|
29D86592000
|
heap
|
page read and write
|
||
|
2781000
|
remote allocation
|
page execute read
|
||
|
29D85958000
|
heap
|
page read and write
|
||
|
A5F000
|
stack
|
page read and write
|
||
|
29D863C4000
|
heap
|
page read and write
|
||
|
29D86595000
|
heap
|
page read and write
|
||
|
2860000
|
heap
|
page read and write
|
||
|
2A81000
|
heap
|
page read and write
|
||
|
29D85A10000
|
heap
|
page read and write
|
||
|
4D7E000
|
stack
|
page read and write
|
||
|
29D85A0C000
|
heap
|
page read and write
|
||
|
533E000
|
stack
|
page read and write
|
||
|
29E0000
|
heap
|
page read and write
|
||
|
2CDE000
|
stack
|
page read and write
|
||
|
29D863D2000
|
heap
|
page read and write
|
||
|
29D8598E000
|
heap
|
page read and write
|
||
|
29D85A0C000
|
heap
|
page read and write
|
||
|
F682CFE000
|
stack
|
page read and write
|
||
|
29D866E0000
|
heap
|
page read and write
|
||
|
29D8598E000
|
heap
|
page read and write
|
||
|
6CDB0000
|
unkown
|
page readonly
|
||
|
4D60000
|
heap
|
page execute and read and write
|
||
|
29D85A0C000
|
heap
|
page read and write
|
||
|
4AAE000
|
stack
|
page read and write
|
||
|
4510000
|
heap
|
page read and write
|
||
|
29D8659B000
|
heap
|
page read and write
|
||
|
F682DFD000
|
stack
|
page read and write
|
||
|
29D85A0C000
|
heap
|
page read and write
|
||
|
2A86000
|
heap
|
page read and write
|
||
|
2A7D000
|
heap
|
page read and write
|
||
|
4D2E000
|
stack
|
page read and write
|
||
|
2A06000
|
heap
|
page read and write
|
||
|
29D85A0C000
|
heap
|
page read and write
|
||
|
29D85943000
|
heap
|
page read and write
|
||
|
29D8592A000
|
heap
|
page read and write
|
||
|
67C000
|
stack
|
page read and write
|
||
|
B2A000
|
heap
|
page read and write
|
||
|
2A86000
|
heap
|
page read and write
|
||
|
29D8659E000
|
heap
|
page read and write
|
||
|
29D863BD000
|
heap
|
page read and write
|
||
|
29D863C3000
|
heap
|
page read and write
|
||
|
6CE22000
|
unkown
|
page readonly
|
||
|
2865000
|
heap
|
page read and write
|
||
|
29D8659A000
|
heap
|
page read and write
|
||
|
2A11000
|
heap
|
page read and write
|
||
|
29D85900000
|
heap
|
page read and write
|
||
|
27D9000
|
remote allocation
|
page readonly
|
||
|
29D859B6000
|
heap
|
page read and write
|
||
|
29D863C0000
|
heap
|
page read and write
|
||
|
29D863A7000
|
heap
|
page read and write
|
||
|
29D86390000
|
heap
|
page read and write
|
||
|
2A97000
|
heap
|
page read and write
|
||
|
29D859EB000
|
heap
|
page read and write
|
||
|
4A60000
|
remote allocation
|
page read and write
|
||
|
29D863C9000
|
heap
|
page read and write
|
||
|
29D859B6000
|
heap
|
page read and write
|
||
|
2780000
|
remote allocation
|
page execute and read and write
|
||
|
3F55000
|
trusted library allocation
|
page read and write
|
||
|
29D8599E000
|
heap
|
page read and write
|
||
|
29D859EB000
|
heap
|
page read and write
|
||
|
29D867E0000
|
heap
|
page read and write
|
||
|
6CDB1000
|
unkown
|
page execute read
|
||
|
77A000
|
stack
|
page read and write
|
||
|
29D859A3000
|
heap
|
page read and write
|
||
|
4A5D000
|
stack
|
page read and write
|
||
|
26BE000
|
stack
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
2A34000
|
heap
|
page read and write
|
||
|
29D85972000
|
heap
|
page read and write
|
||
|
2A7D000
|
heap
|
page read and write
|
||
|
44FD000
|
stack
|
page read and write
|
||
|
29D863ED000
|
heap
|
page read and write
|
||
|
B27000
|
heap
|
page read and write
|
||
|
276D000
|
trusted library allocation
|
page read and write
|
||
|
29D863C0000
|
heap
|
page read and write
|
||
|
29D863D2000
|
heap
|
page read and write
|
||
|
955000
|
heap
|
page read and write
|
||
|
2670000
|
heap
|
page execute and read and write
|
||
|
AB0000
|
trusted library allocation
|
page read and write
|
||
|
29E8000
|
heap
|
page read and write
|
||
|
2A96000
|
heap
|
page read and write
|
||
|
4C0E000
|
stack
|
page read and write
|
||
|
B0E000
|
heap
|
page read and write
|
There are 269 hidden memdumps, click here to show them.