Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
DHL AWB_NO_9078538809.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DHL AWB_NO_9078538809.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmpECF0.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\GAmFKUIDBo.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\GAmFKUIDBo.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\GAmFKUIDBo.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_di0oxyq3.4gm.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_em3hefzd.oli.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fdnkqmoe.nxi.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zhguzsjp.mc4.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpF888.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\DHL AWB_NO_9078538809.exe
|
"C:\Users\user\Desktop\DHL AWB_NO_9078538809.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\GAmFKUIDBo.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GAmFKUIDBo" /XML "C:\Users\user\AppData\Local\Temp\tmpECF0.tmp"
|
|
|
|
C:\Users\user\Desktop\DHL AWB_NO_9078538809.exe
|
"C:\Users\user\Desktop\DHL AWB_NO_9078538809.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\GAmFKUIDBo.exe
|
C:\Users\user\AppData\Roaming\GAmFKUIDBo.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GAmFKUIDBo" /XML "C:\Users\user\AppData\Local\Temp\tmpF888.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\GAmFKUIDBo.exe
|
"C:\Users\user\AppData\Roaming\GAmFKUIDBo.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 1 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
windowsupdateserveraug.duckdns.org
|
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
http://www.sakkal.com08
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://tempuri.org/DataSet1.xsd
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://geoplugin.net/json.gp
|
unknown
|
||
|
http://www.typography.netD
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
There are 21 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
windowsupdateserveraug.duckdns.org
|
185.214.10.225
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.214.10.225
|
windowsupdateserveraug.duckdns.org
|
United Kingdom
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\msc-XYOFLE
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\msc-XYOFLE
|
licence
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
41DF000
|
trusted library allocation
|
page read and write
|
|
|
|
36B1000
|
trusted library allocation
|
page read and write
|
|
|
|
12C7000
|
heap
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
1317000
|
heap
|
page read and write
|
|
|
|
4FE0000
|
trusted library section
|
page read and write
|
|
|
|
4D70000
|
heap
|
page execute and read and write
|
||
|
C20000
|
trusted library allocation
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
73F9000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
9A2E000
|
stack
|
page read and write
|
||
|
AD000
|
stack
|
page read and write
|
||
|
CF4000
|
trusted library allocation
|
page read and write
|
||
|
952000
|
trusted library allocation
|
page read and write
|
||
|
12BF000
|
stack
|
page read and write
|
||
|
4DF5000
|
heap
|
page read and write
|
||
|
25EE000
|
stack
|
page read and write
|
||
|
D30000
|
trusted library allocation
|
page read and write
|
||
|
C97000
|
heap
|
page read and write
|
||
|
28BF000
|
stack
|
page read and write
|
||
|
4D21000
|
trusted library allocation
|
page read and write
|
||
|
1DF000
|
unkown
|
page read and write
|
||
|
5AA000
|
stack
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
CFC000
|
stack
|
page read and write
|
||
|
CF0000
|
trusted library allocation
|
page read and write
|
||
|
CFB000
|
trusted library allocation
|
page read and write
|
||
|
5020000
|
heap
|
page read and write
|
||
|
3BEF000
|
trusted library allocation
|
page read and write
|
||
|
27B0000
|
heap
|
page read and write
|
||
|
2C5F000
|
stack
|
page read and write
|
||
|
6F7000
|
stack
|
page read and write
|
||
|
CB0000
|
trusted library allocation
|
page read and write
|
||
|
B7E000
|
stack
|
page read and write
|
||
|
CA4000
|
trusted library allocation
|
page read and write
|
||
|
50E000
|
stack
|
page read and write
|
||
|
2E70000
|
heap
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
6D90000
|
trusted library allocation
|
page read and write
|
||
|
D0E000
|
trusted library allocation
|
page read and write
|
||
|
4D80000
|
trusted library allocation
|
page read and write
|
||
|
25F5000
|
trusted library allocation
|
page read and write
|
||
|
26B1000
|
trusted library allocation
|
page read and write
|
||
|
3780000
|
heap
|
page read and write
|
||
|
12C0000
|
heap
|
page read and write
|
||
|
AE0000
|
trusted library allocation
|
page read and write
|
||
|
4D73000
|
heap
|
page read and write
|
||
|
9CAF000
|
stack
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
3337000
|
heap
|
page read and write
|
||
|
BCE000
|
stack
|
page read and write
|
||
|
3330000
|
heap
|
page read and write
|
||
|
B0B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1310000
|
heap
|
page read and write
|
||
|
117E000
|
stack
|
page read and write
|
||
|
5070000
|
heap
|
page execute and read and write
|
||
|
9B2F000
|
stack
|
page read and write
|
||
|
278C000
|
stack
|
page read and write
|
||
|
9DEF000
|
stack
|
page read and write
|
||
|
4D32000
|
trusted library allocation
|
page read and write
|
||
|
2680000
|
trusted library allocation
|
page execute and read and write
|
||
|
729E000
|
stack
|
page read and write
|
||
|
7FA90000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E10000
|
heap
|
page read and write
|
||
|
4FEB000
|
stack
|
page read and write
|
||
|
2720000
|
trusted library allocation
|
page read and write
|
||
|
4D82000
|
trusted library allocation
|
page read and write
|
||
|
ADD000
|
trusted library allocation
|
page execute and read and write
|
||
|
956000
|
trusted library allocation
|
page execute and read and write
|
||
|
2690000
|
heap
|
page execute and read and write
|
||
|
150F000
|
stack
|
page read and write
|
||
|
9F6B000
|
stack
|
page read and write
|
||
|
3A2C000
|
trusted library allocation
|
page read and write
|
||
|
69E0000
|
heap
|
page read and write
|
||
|
5320000
|
trusted library allocation
|
page read and write
|
||
|
5040000
|
heap
|
page read and write
|
||
|
4465000
|
trusted library allocation
|
page read and write
|
||
|
6710000
|
trusted library allocation
|
page read and write
|
||
|
58F0000
|
heap
|
page read and write
|
||
|
EA000
|
stack
|
page read and write
|
||
|
A0AD000
|
stack
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
25F0000
|
trusted library allocation
|
page read and write
|
||
|
471000
|
remote allocation
|
page execute and read and write
|
||
|
11EF000
|
stack
|
page read and write
|
||
|
97EE000
|
stack
|
page read and write
|
||
|
A3E000
|
stack
|
page read and write
|
||
|
DFC000
|
stack
|
page read and write
|
||
|
A37000
|
heap
|
page read and write
|
||
|
9BAE000
|
stack
|
page read and write
|
||
|
AD4000
|
trusted library allocation
|
page read and write
|
||
|
353F000
|
unkown
|
page read and write
|
||
|
4FBE000
|
stack
|
page read and write
|
||
|
72DF000
|
stack
|
page read and write
|
||
|
5025000
|
heap
|
page read and write
|
||
|
93E000
|
stack
|
page read and write
|
||
|
4D70000
|
heap
|
page read and write
|
||
|
DDE000
|
stack
|
page read and write
|
||
|
940000
|
trusted library allocation
|
page read and write
|
||
|
A6A000
|
heap
|
page read and write
|
||
|
6DA7000
|
trusted library allocation
|
page read and write
|
||
|
4D1B000
|
stack
|
page read and write
|
||
|
5080000
|
heap
|
page read and write
|
||
|
A450000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E00000
|
heap
|
page read and write
|
||
|
4CC0000
|
trusted library allocation
|
page read and write
|
||
|
A33C000
|
stack
|
page read and write
|
||
|
2688000
|
trusted library allocation
|
page read and write
|
||
|
4D2D000
|
trusted library allocation
|
page read and write
|
||
|
2908000
|
trusted library allocation
|
page read and write
|
||
|
759F000
|
stack
|
page read and write
|
||
|
6B2E000
|
heap
|
page read and write
|
||
|
6D1F000
|
stack
|
page read and write
|
||
|
32C0000
|
heap
|
page read and write
|
||
|
4D1E000
|
trusted library allocation
|
page read and write
|
||
|
9CAE000
|
stack
|
page read and write
|
||
|
3CE000
|
stack
|
page read and write
|
||
|
B07000
|
trusted library allocation
|
page execute and read and write
|
||
|
CA6000
|
trusted library allocation
|
page read and write
|
||
|
80D000
|
stack
|
page read and write
|
||
|
47AC000
|
stack
|
page read and write
|
||
|
28C1000
|
trusted library allocation
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
9A7000
|
heap
|
page read and write
|
||
|
B53000
|
heap
|
page read and write
|
||
|
C6E000
|
stack
|
page read and write
|
||
|
CC0000
|
trusted library allocation
|
page read and write
|
||
|
471000
|
remote allocation
|
page execute and read and write
|
||
|
A0BE000
|
stack
|
page read and write
|
||
|
A77000
|
heap
|
page read and write
|
||
|
521E000
|
stack
|
page read and write
|
||
|
3B36000
|
trusted library allocation
|
page read and write
|
||
|
4D30000
|
heap
|
page read and write
|
||
|
9C7000
|
heap
|
page read and write
|
||
|
3310000
|
heap
|
page read and write
|
||
|
824000
|
trusted library allocation
|
page read and write
|
||
|
4DA0000
|
trusted library allocation
|
page read and write
|
||
|
4D0B000
|
trusted library allocation
|
page read and write
|
||
|
B02000
|
trusted library allocation
|
page read and write
|
||
|
190000
|
unkown
|
page readonly
|
||
|
EFB000
|
stack
|
page read and write
|
||
|
2672000
|
trusted library allocation
|
page read and write
|
||
|
D47000
|
heap
|
page read and write
|
||
|
5150000
|
trusted library allocation
|
page execute and read and write
|
||
|
192000
|
unkown
|
page readonly
|
||
|
38C1000
|
trusted library allocation
|
page read and write
|
||
|
102E000
|
stack
|
page read and write
|
||
|
96B000
|
trusted library allocation
|
page execute and read and write
|
||
|
C90000
|
heap
|
page read and write
|
||
|
5030000
|
heap
|
page read and write
|
||
|
370000
|
heap
|
page read and write
|
||
|
A1AF000
|
stack
|
page read and write
|
||
|
2660000
|
heap
|
page read and write
|
||
|
9F2E000
|
stack
|
page read and write
|
||
|
C10000
|
trusted library allocation
|
page execute and read and write
|
||
|
73B6000
|
heap
|
page read and write
|
||
|
A1C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6C57000
|
trusted library allocation
|
page read and write
|
||
|
6D40000
|
trusted library allocation
|
page read and write
|
||
|
35BF000
|
stack
|
page read and write
|
||
|
73A0000
|
heap
|
page read and write
|
||
|
6DEE000
|
stack
|
page read and write
|
||
|
6AE0000
|
heap
|
page read and write
|
||
|
CC5000
|
trusted library allocation
|
page read and write
|
||
|
5130000
|
trusted library allocation
|
page execute and read and write
|
||
|
330E000
|
unkown
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
6DA0000
|
trusted library allocation
|
page read and write
|
||
|
26F8000
|
trusted library allocation
|
page read and write
|
||
|
32B0000
|
heap
|
page read and write
|
||
|
7F350000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B12000
|
heap
|
page read and write
|
||
|
5220000
|
trusted library allocation
|
page execute and read and write
|
||
|
6D50000
|
trusted library allocation
|
page execute and read and write
|
||
|
A06C000
|
stack
|
page read and write
|
||
|
A43C000
|
stack
|
page read and write
|
||
|
6FB000
|
heap
|
page read and write
|
||
|
38F3000
|
trusted library allocation
|
page read and write
|
||
|
A1FE000
|
stack
|
page read and write
|
||
|
6AFD000
|
heap
|
page read and write
|
||
|
26A0000
|
heap
|
page read and write
|
||
|
810000
|
trusted library allocation
|
page read and write
|
||
|
A2FF000
|
stack
|
page read and write
|
||
|
4D04000
|
trusted library allocation
|
page read and write
|
||
|
AD3000
|
trusted library allocation
|
page execute and read and write
|
||
|
49BC000
|
stack
|
page read and write
|
||
|
967000
|
trusted library allocation
|
page execute and read and write
|
||
|
70FE000
|
stack
|
page read and write
|
||
|
5230000
|
heap
|
page read and write
|
||
|
5010000
|
trusted library allocation
|
page read and write
|
||
|
108E000
|
stack
|
page read and write
|
||
|
B1E000
|
heap
|
page read and write
|
||
|
12FE000
|
stack
|
page read and write
|
||
|
988000
|
heap
|
page read and write
|
||
|
2670000
|
trusted library allocation
|
page read and write
|
||
|
4DD0000
|
trusted library allocation
|
page read and write
|
||
|
3B2A000
|
trusted library allocation
|
page read and write
|
||
|
4D60000
|
heap
|
page read and write
|
||
|
739F000
|
stack
|
page read and write
|
||
|
820000
|
trusted library allocation
|
page read and write
|
||
|
C20000
|
trusted library allocation
|
page read and write
|
||
|
4DE0000
|
trusted library section
|
page readonly
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
CA0000
|
trusted library allocation
|
page read and write
|
||
|
AF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
9C3000
|
heap
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
7404000
|
heap
|
page read and write
|
||
|
3A71000
|
trusted library allocation
|
page read and write
|
||
|
6C40000
|
trusted library allocation
|
page read and write
|
||
|
3279000
|
stack
|
page read and write
|
||
|
98E000
|
heap
|
page read and write
|
||
|
94D000
|
trusted library allocation
|
page execute and read and write
|
||
|
95A000
|
trusted library allocation
|
page execute and read and write
|
||
|
AF2000
|
trusted library allocation
|
page read and write
|
||
|
4BA0000
|
heap
|
page read and write
|
||
|
A6D000
|
heap
|
page read and write
|
||
|
1060000
|
heap
|
page read and write
|
||
|
6C1E000
|
stack
|
page read and write
|
||
|
2620000
|
trusted library allocation
|
page read and write
|
||
|
9CEE000
|
stack
|
page read and write
|
||
|
A9E000
|
stack
|
page read and write
|
||
|
6FE0000
|
trusted library section
|
page read and write
|
||
|
C30000
|
trusted library allocation
|
page read and write
|
||
|
30A000
|
stack
|
page read and write
|
||
|
323D000
|
stack
|
page read and write
|
||
|
BAC000
|
stack
|
page read and write
|
||
|
150000
|
heap
|
page read and write
|
||
|
B44000
|
heap
|
page read and write
|
||
|
BF2000
|
heap
|
page read and write
|
||
|
AD0000
|
trusted library allocation
|
page read and write
|
||
|
1030000
|
heap
|
page read and write
|
||
|
99F000
|
heap
|
page read and write
|
||
|
9F3F000
|
stack
|
page read and write
|
||
|
6C9E000
|
stack
|
page read and write
|
||
|
D1D000
|
trusted library allocation
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
9E3D000
|
stack
|
page read and write
|
||
|
2DDF000
|
stack
|
page read and write
|
||
|
AF0000
|
trusted library allocation
|
page read and write
|
||
|
4B90000
|
trusted library allocation
|
page read and write
|
||
|
9F7E000
|
stack
|
page read and write
|
||
|
46E000
|
remote allocation
|
page execute and read and write
|
||
|
506E000
|
heap
|
page read and write
|
||
|
2790000
|
trusted library allocation
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
C0C000
|
stack
|
page read and write
|
||
|
C80000
|
trusted library allocation
|
page read and write
|
||
|
43EF000
|
trusted library allocation
|
page read and write
|
||
|
5140000
|
trusted library allocation
|
page read and write
|
||
|
5000000
|
trusted library allocation
|
page read and write
|
||
|
4DDA000
|
trusted library allocation
|
page read and write
|
||
|
9BAE000
|
stack
|
page read and write
|
||
|
B1A000
|
heap
|
page read and write
|
||
|
C58000
|
trusted library allocation
|
page read and write
|
||
|
19E000
|
unkown
|
page read and write
|
||
|
4D50000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D00000
|
trusted library allocation
|
page read and write
|
||
|
6732000
|
trusted library allocation
|
page read and write
|
||
|
EDF000
|
stack
|
page read and write
|
||
|
962000
|
trusted library allocation
|
page read and write
|
||
|
357E000
|
stack
|
page read and write
|
||
|
2740000
|
heap
|
page execute and read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
10CD000
|
stack
|
page read and write
|
||
|
C70000
|
trusted library allocation
|
page execute and read and write
|
||
|
A1BE000
|
stack
|
page read and write
|
||
|
4D40000
|
heap
|
page read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
6C50000
|
trusted library allocation
|
page read and write
|
||
|
AC0000
|
trusted library allocation
|
page read and write
|
||
|
4DF0000
|
heap
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
9E2E000
|
stack
|
page read and write
|
||
|
4D20000
|
trusted library section
|
page readonly
|
||
|
6CDD000
|
stack
|
page read and write
|
||
|
3A44000
|
trusted library allocation
|
page read and write
|
||
|
D22000
|
trusted library allocation
|
page read and write
|
||
|
8F7000
|
stack
|
page read and write
|
||
|
507C000
|
heap
|
page read and write
|
||
|
950000
|
trusted library allocation
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
A07E000
|
stack
|
page read and write
|
||
|
4D90000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B10000
|
heap
|
page read and write
|
||
|
54F000
|
stack
|
page read and write
|
||
|
4DE4000
|
trusted library section
|
page readonly
|
||
|
823000
|
trusted library allocation
|
page execute and read and write
|
||
|
98EE000
|
stack
|
page read and write
|
||
|
AFA000
|
trusted library allocation
|
page execute and read and write
|
||
|
4CD0000
|
heap
|
page read and write
|
||
|
38DE000
|
trusted library allocation
|
page read and write
|
||
|
4BA3000
|
heap
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
10E0000
|
heap
|
page read and write
|
||
|
39B7000
|
trusted library allocation
|
page read and write
|
||
|
6D30000
|
trusted library allocation
|
page execute and read and write
|
||
|
82D000
|
trusted library allocation
|
page execute and read and write
|
||
|
D11000
|
trusted library allocation
|
page read and write
|
||
|
D16000
|
trusted library allocation
|
page read and write
|
||
|
58E0000
|
heap
|
page read and write
|
||
|
AED000
|
trusted library allocation
|
page execute and read and write
|
||
|
475000
|
remote allocation
|
page execute and read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
2600000
|
trusted library allocation
|
page read and write
|
||
|
6D20000
|
trusted library allocation
|
page read and write
|
||
|
4D8B000
|
trusted library allocation
|
page read and write
|
||
|
4D26000
|
trusted library allocation
|
page read and write
|
||
|
A50000
|
heap
|
page read and write
|
There are 304 hidden memdumps, click here to show them.