Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Arrival_Notice.bat.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Arrival_Notice.bat.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmpA612.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\mjiCFnur.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\mjiCFnur.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\mjiCFnur.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_15usn100.210.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2pq32cui.eh0.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4t5eliis.4jm.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c3eufo0x.qul.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mmizh345.esh.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xydign3g.1gh.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ytrxx1lh.ffp.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yuasz5rf.g5z.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpD06D.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Arrival_Notice.bat.exe
|
"C:\Users\user\Desktop\Arrival_Notice.bat.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Arrival_Notice.bat.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mjiCFnur.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mjiCFnur" /XML "C:\Users\user\AppData\Local\Temp\tmpA612.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\mjiCFnur.exe
|
C:\Users\user\AppData\Roaming\mjiCFnur.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mjiCFnur" /XML "C:\Users\user\AppData\Local\Temp\tmpD06D.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 5 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://www.chiark.greenend.org.uk/~sgtatham/putty/0
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2B06000
|
trusted library allocation
|
page read and write
|
|
|
|
E70000
|
direct allocation
|
page read and write
|
|
|
|
5590000
|
trusted library section
|
page read and write
|
|
|
|
296D000
|
trusted library allocation
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
A77000
|
trusted library allocation
|
page execute and read and write
|
||
|
CD2000
|
trusted library allocation
|
page read and write
|
||
|
6E0E000
|
stack
|
page read and write
|
||
|
6F39000
|
heap
|
page read and write
|
||
|
4E60000
|
trusted library allocation
|
page read and write
|
||
|
6B10000
|
trusted library allocation
|
page read and write
|
||
|
2680000
|
trusted library allocation
|
page read and write
|
||
|
5000000
|
heap
|
page read and write
|
||
|
B54000
|
trusted library allocation
|
page read and write
|
||
|
3967000
|
trusted library allocation
|
page read and write
|
||
|
F47000
|
heap
|
page read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
D17000
|
heap
|
page read and write
|
||
|
4F52000
|
trusted library allocation
|
page read and write
|
||
|
850E000
|
stack
|
page read and write
|
||
|
1288000
|
direct allocation
|
page execute and read and write
|
||
|
120D000
|
direct allocation
|
page execute and read and write
|
||
|
CB4000
|
trusted library allocation
|
page read and write
|
||
|
5300000
|
trusted library allocation
|
page execute and read and write
|
||
|
704AD000
|
unkown
|
page read and write
|
||
|
4FAB000
|
stack
|
page read and write
|
||
|
D00000
|
trusted library allocation
|
page read and write
|
||
|
8240000
|
trusted library allocation
|
page read and write
|
||
|
4F40000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A49000
|
direct allocation
|
page execute and read and write
|
||
|
B4DF000
|
stack
|
page read and write
|
||
|
1946000
|
direct allocation
|
page execute and read and write
|
||
|
CBD000
|
trusted library allocation
|
page execute and read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
843D000
|
stack
|
page read and write
|
||
|
15B0000
|
heap
|
page read and write
|
||
|
4E6B000
|
trusted library allocation
|
page read and write
|
||
|
AF7000
|
stack
|
page read and write
|
||
|
A43000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B1C000
|
trusted library allocation
|
page read and write
|
||
|
4E70000
|
heap
|
page read and write
|
||
|
B5E000
|
stack
|
page read and write
|
||
|
4988000
|
trusted library allocation
|
page read and write
|
||
|
7100000
|
trusted library allocation
|
page read and write
|
||
|
24C0000
|
heap
|
page read and write
|
||
|
4F50000
|
trusted library allocation
|
page read and write
|
||
|
5030000
|
trusted library allocation
|
page execute and read and write
|
||
|
3A86000
|
trusted library allocation
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
D75000
|
heap
|
page read and write
|
||
|
CD6000
|
trusted library allocation
|
page execute and read and write
|
||
|
704AD000
|
unkown
|
page read and write
|
||
|
4E30000
|
trusted library allocation
|
page read and write
|
||
|
C9D000
|
stack
|
page read and write
|
||
|
1500000
|
heap
|
page read and write
|
||
|
A44000
|
trusted library allocation
|
page read and write
|
||
|
291F000
|
stack
|
page read and write
|
||
|
5360000
|
heap
|
page read and write
|
||
|
B96C000
|
stack
|
page read and write
|
||
|
4E86000
|
trusted library allocation
|
page read and write
|
||
|
868D000
|
stack
|
page read and write
|
||
|
B30000
|
trusted library allocation
|
page execute and read and write
|
||
|
A6A000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E60000
|
heap
|
page read and write
|
||
|
8690000
|
heap
|
page read and write
|
||
|
12FD000
|
stack
|
page read and write
|
||
|
D67000
|
heap
|
page read and write
|
||
|
6A4E000
|
stack
|
page read and write
|
||
|
6EE8000
|
heap
|
page read and write
|
||
|
4ED0000
|
trusted library allocation
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
41A000
|
stack
|
page read and write
|
||
|
18AF000
|
stack
|
page read and write
|
||
|
B12E000
|
stack
|
page read and write
|
||
|
E3D000
|
heap
|
page read and write
|
||
|
1206000
|
direct allocation
|
page execute and read and write
|
||
|
5320000
|
trusted library allocation
|
page read and write
|
||
|
B0BD000
|
stack
|
page read and write
|
||
|
5070000
|
trusted library section
|
page readonly
|
||
|
4E81000
|
trusted library allocation
|
page read and write
|
||
|
A72000
|
trusted library allocation
|
page read and write
|
||
|
25E0000
|
heap
|
page read and write
|
||
|
290A000
|
stack
|
page read and write
|
||
|
CE2000
|
trusted library allocation
|
page read and write
|
||
|
D48000
|
heap
|
page read and write
|
||
|
8F7000
|
stack
|
page read and write
|
||
|
E0D000
|
heap
|
page read and write
|
||
|
888F000
|
stack
|
page read and write
|
||
|
3B24000
|
trusted library allocation
|
page read and write
|
||
|
19A6000
|
direct allocation
|
page execute and read and write
|
||
|
D83000
|
heap
|
page read and write
|
||
|
18B0000
|
direct allocation
|
page read and write
|
||
|
5380000
|
heap
|
page read and write
|
||
|
2D2E000
|
stack
|
page read and write
|
||
|
53B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5080000
|
heap
|
page read and write
|
||
|
29CD000
|
trusted library allocation
|
page read and write
|
||
|
19E2000
|
direct allocation
|
page execute and read and write
|
||
|
A66000
|
trusted library allocation
|
page execute and read and write
|
||
|
78A000
|
stack
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
5365000
|
heap
|
page read and write
|
||
|
E15000
|
heap
|
page read and write
|
||
|
B2F0000
|
heap
|
page read and write
|
||
|
69E0000
|
trusted library allocation
|
page read and write
|
||
|
5390000
|
trusted library allocation
|
page read and write
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
147E000
|
stack
|
page read and write
|
||
|
DEB000
|
heap
|
page read and write
|
||
|
50F0000
|
heap
|
page execute and read and write
|
||
|
55B0000
|
trusted library allocation
|
page read and write
|
||
|
6DCE000
|
stack
|
page read and write
|
||
|
26E0000
|
trusted library allocation
|
page read and write
|
||
|
7F3E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
E01000
|
heap
|
page read and write
|
||
|
6C70000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D6B000
|
heap
|
page read and write
|
||
|
70490000
|
unkown
|
page readonly
|
||
|
B84F000
|
stack
|
page read and write
|
||
|
D2E000
|
stack
|
page read and write
|
||
|
6EBE000
|
stack
|
page read and write
|
||
|
8448000
|
heap
|
page read and write
|
||
|
2600000
|
trusted library allocation
|
page read and write
|
||
|
4430000
|
trusted library allocation
|
page read and write
|
||
|
B0C0000
|
heap
|
page read and write
|
||
|
DD3000
|
heap
|
page read and write
|
||
|
4FB0000
|
heap
|
page read and write
|
||
|
B60E000
|
stack
|
page read and write
|
||
|
26C0000
|
heap
|
page read and write
|
||
|
281E000
|
stack
|
page read and write
|
||
|
9D5000
|
heap
|
page read and write
|
||
|
4F5C000
|
trusted library allocation
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
B0A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
262B000
|
trusted library allocation
|
page read and write
|
||
|
2921000
|
trusted library allocation
|
page read and write
|
||
|
B9F000
|
heap
|
page read and write
|
||
|
5110000
|
heap
|
page read and write
|
||
|
BFE000
|
heap
|
page read and write
|
||
|
B86000
|
heap
|
page read and write
|
||
|
B93000
|
heap
|
page read and write
|
||
|
3981000
|
trusted library allocation
|
page read and write
|
||
|
14B8000
|
heap
|
page read and write
|
||
|
CD0000
|
trusted library allocation
|
page read and write
|
||
|
B6A000
|
heap
|
page read and write
|
||
|
6B17000
|
trusted library allocation
|
page read and write
|
||
|
C12000
|
heap
|
page read and write
|
||
|
26EC000
|
trusted library allocation
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
D4E000
|
heap
|
page read and write
|
||
|
4F30000
|
heap
|
page read and write
|
||
|
88D000
|
stack
|
page read and write
|
||
|
F2C000
|
stack
|
page read and write
|
||
|
5340000
|
trusted library allocation
|
page execute and read and write
|
||
|
28BB000
|
heap
|
page read and write
|
||
|
B0ED000
|
stack
|
page read and write
|
||
|
4E10000
|
trusted library allocation
|
page execute and read and write
|
||
|
84B0000
|
trusted library allocation
|
page read and write
|
||
|
5090000
|
heap
|
page read and write
|
||
|
26D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
704F000
|
stack
|
page read and write
|
||
|
D30000
|
heap
|
page execute and read and write
|
||
|
29FF000
|
unkown
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
2641000
|
trusted library allocation
|
page read and write
|
||
|
5050000
|
trusted library allocation
|
page read and write
|
||
|
103E000
|
stack
|
page read and write
|
||
|
4EA0000
|
trusted library allocation
|
page read and write
|
||
|
D81000
|
heap
|
page read and write
|
||
|
4A1C000
|
stack
|
page read and write
|
||
|
291E000
|
stack
|
page read and write
|
||
|
6B7E000
|
heap
|
page read and write
|
||
|
281F000
|
stack
|
page read and write
|
||
|
2620000
|
trusted library allocation
|
page read and write
|
||
|
25DE000
|
unkown
|
page read and write
|
||
|
2960000
|
trusted library allocation
|
page read and write
|
||
|
B6DE000
|
stack
|
page read and write
|
||
|
283F000
|
unkown
|
page read and write
|
||
|
50E0000
|
heap
|
page read and write
|
||
|
715E000
|
stack
|
page read and write
|
||
|
50F5000
|
heap
|
page read and write
|
||
|
50DB000
|
stack
|
page read and write
|
||
|
B3BE000
|
stack
|
page read and write
|
||
|
54A000
|
stack
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
B2DD000
|
stack
|
page read and write
|
||
|
704A6000
|
unkown
|
page readonly
|
||
|
5FE000
|
stack
|
page read and write
|
||
|
5003000
|
heap
|
page read and write
|
||
|
1BD1000
|
direct allocation
|
page execute and read and write
|
||
|
3C30000
|
trusted library allocation
|
page read and write
|
||
|
6C80000
|
trusted library allocation
|
page execute and read and write
|
||
|
7160000
|
trusted library allocation
|
page read and write
|
||
|
837E000
|
stack
|
page read and write
|
||
|
AEE000
|
stack
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
6B5E000
|
stack
|
page read and write
|
||
|
4E73000
|
heap
|
page read and write
|
||
|
B70E000
|
stack
|
page read and write
|
||
|
1D00000
|
heap
|
page read and write
|
||
|
DB7000
|
heap
|
page read and write
|
||
|
CC3000
|
trusted library allocation
|
page read and write
|
||
|
52F0000
|
trusted library allocation
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
264D000
|
trusted library allocation
|
page read and write
|
||
|
A30000
|
trusted library allocation
|
page read and write
|
||
|
BBAD000
|
stack
|
page read and write
|
||
|
A62000
|
trusted library allocation
|
page read and write
|
||
|
842B000
|
heap
|
page read and write
|
||
|
CC0000
|
trusted library allocation
|
page read and write
|
||
|
50E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
26E2000
|
trusted library allocation
|
page read and write
|
||
|
5350000
|
trusted library allocation
|
page read and write
|
||
|
CEB000
|
trusted library allocation
|
page execute and read and write
|
||
|
B56000
|
trusted library allocation
|
page read and write
|
||
|
1A43000
|
direct allocation
|
page execute and read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
B6E000
|
heap
|
page read and write
|
||
|
B74E000
|
stack
|
page read and write
|
||
|
2568000
|
trusted library allocation
|
page read and write
|
||
|
A60000
|
trusted library allocation
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
B2E000
|
stack
|
page read and write
|
||
|
CCD000
|
trusted library allocation
|
page execute and read and write
|
||
|
F30000
|
trusted library allocation
|
page read and write
|
||
|
A40000
|
trusted library allocation
|
page read and write
|
||
|
4EC5000
|
trusted library allocation
|
page read and write
|
||
|
CA0000
|
trusted library allocation
|
page read and write
|
||
|
CB3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
1920000
|
direct allocation
|
page execute and read and write
|
||
|
B86C000
|
stack
|
page read and write
|
||
|
19A0000
|
direct allocation
|
page execute and read and write
|
||
|
4B1C000
|
stack
|
page read and write
|
||
|
DFD000
|
heap
|
page read and write
|
||
|
4E8D000
|
trusted library allocation
|
page read and write
|
||
|
6B70000
|
heap
|
page read and write
|
||
|
4FC0000
|
heap
|
page execute and read and write
|
||
|
AEBE000
|
stack
|
page read and write
|
||
|
3DD000
|
stack
|
page read and write
|
||
|
106D000
|
direct allocation
|
page execute and read and write
|
||
|
5370000
|
heap
|
page read and write
|
||
|
8910000
|
trusted library section
|
page read and write
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
18DB000
|
direct allocation
|
page read and write
|
||
|
1BE6000
|
direct allocation
|
page execute and read and write
|
||
|
6EF8000
|
heap
|
page read and write
|
||
|
CE7000
|
trusted library allocation
|
page execute and read and write
|
||
|
50F0000
|
heap
|
page read and write
|
||
|
4E7E000
|
trusted library allocation
|
page read and write
|
||
|
711C000
|
trusted library allocation
|
page read and write
|
||
|
6B0D000
|
trusted library allocation
|
page read and write
|
||
|
50CD000
|
stack
|
page read and write
|
||
|
3947000
|
trusted library allocation
|
page read and write
|
||
|
8A9E000
|
stack
|
page read and write
|
||
|
B970000
|
heap
|
page read and write
|
||
|
3921000
|
trusted library allocation
|
page read and write
|
||
|
1BED000
|
direct allocation
|
page execute and read and write
|
||
|
7F440000
|
trusted library allocation
|
page execute and read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
69F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7110000
|
trusted library allocation
|
page read and write
|
||
|
3BA5000
|
trusted library allocation
|
page read and write
|
||
|
2710000
|
heap
|
page execute and read and write
|
||
|
E3B000
|
heap
|
page read and write
|
||
|
11F1000
|
direct allocation
|
page execute and read and write
|
||
|
704AF000
|
unkown
|
page readonly
|
||
|
25F0000
|
heap
|
page read and write
|
||
|
5040000
|
trusted library allocation
|
page read and write
|
||
|
29FF000
|
stack
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
5100000
|
heap
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
8423000
|
heap
|
page read and write
|
||
|
B5DE000
|
stack
|
page read and write
|
||
|
F6D000
|
stack
|
page read and write
|
||
|
3B1B000
|
trusted library allocation
|
page read and write
|
||
|
5280000
|
heap
|
page read and write
|
||
|
F3E000
|
stack
|
page read and write
|
||
|
6EC0000
|
trusted library allocation
|
page read and write
|
||
|
BA2000
|
heap
|
page read and write
|
||
|
3929000
|
trusted library allocation
|
page read and write
|
||
|
E2F000
|
stack
|
page read and write
|
||
|
28CD000
|
stack
|
page read and write
|
||
|
1069000
|
direct allocation
|
page execute and read and write
|
||
|
52EE000
|
stack
|
page read and write
|
||
|
6B00000
|
trusted library allocation
|
page read and write
|
||
|
2970000
|
heap
|
page read and write
|
||
|
6F4E000
|
stack
|
page read and write
|
||
|
6F22000
|
heap
|
page read and write
|
||
|
860F000
|
stack
|
page read and write
|
||
|
39FB000
|
trusted library allocation
|
page read and write
|
||
|
A5D000
|
trusted library allocation
|
page execute and read and write
|
||
|
8490000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CE0000
|
heap
|
page read and write
|
||
|
3BEC000
|
trusted library allocation
|
page read and write
|
||
|
B4CC000
|
stack
|
page read and write
|
||
|
6F56000
|
heap
|
page read and write
|
||
|
13F0000
|
heap
|
page read and write
|
||
|
4EC0000
|
trusted library allocation
|
page read and write
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
2970000
|
heap
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
6ACE000
|
stack
|
page read and write
|
||
|
39C7000
|
trusted library allocation
|
page read and write
|
||
|
B5CC000
|
stack
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
26F0000
|
trusted library allocation
|
page read and write
|
||
|
6CCE000
|
stack
|
page read and write
|
||
|
B2E0000
|
heap
|
page read and write
|
||
|
F40000
|
direct allocation
|
page execute and read and write
|
||
|
6A00000
|
trusted library allocation
|
page execute and read and write
|
||
|
2610000
|
heap
|
page read and write
|
||
|
86B0000
|
trusted library allocation
|
page read and write
|
||
|
6A8E000
|
stack
|
page read and write
|
||
|
3AC3000
|
trusted library allocation
|
page read and write
|
||
|
6C5E000
|
stack
|
page read and write
|
||
|
287E000
|
stack
|
page read and write
|
||
|
864D000
|
stack
|
page read and write
|
||
|
B40000
|
trusted library allocation
|
page read and write
|
||
|
2605000
|
trusted library allocation
|
page read and write
|
||
|
83D0000
|
heap
|
page read and write
|
||
|
847E000
|
stack
|
page read and write
|
||
|
D5F000
|
stack
|
page read and write
|
||
|
98C000
|
stack
|
page read and write
|
||
|
B50000
|
trusted library allocation
|
page read and write
|
||
|
50D0000
|
trusted library allocation
|
page read and write
|
||
|
CB0000
|
trusted library allocation
|
page read and write
|
||
|
E6E000
|
stack
|
page read and write
|
||
|
4490000
|
trusted library allocation
|
page read and write
|
||
|
4E20000
|
trusted library allocation
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
A4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
A50000
|
trusted library allocation
|
page read and write
|
||
|
630000
|
unkown
|
page readonly
|
||
|
6EE0000
|
heap
|
page read and write
|
||
|
B2BE000
|
stack
|
page read and write
|
||
|
2700000
|
heap
|
page read and write
|
||
|
3989000
|
trusted library allocation
|
page read and write
|
||
|
AA0000
|
trusted library allocation
|
page read and write
|
||
|
28B0000
|
heap
|
page read and write
|
||
|
6E7E000
|
stack
|
page read and write
|
||
|
2646000
|
trusted library allocation
|
page read and write
|
||
|
A7B000
|
trusted library allocation
|
page execute and read and write
|
||
|
10DE000
|
direct allocation
|
page execute and read and write
|
||
|
6F0000
|
unkown
|
page readonly
|
||
|
4E50000
|
trusted library section
|
page readonly
|
||
|
2660000
|
trusted library allocation
|
page read and write
|
||
|
A53000
|
trusted library allocation
|
page read and write
|
||
|
29BE000
|
unkown
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
4EB0000
|
trusted library allocation
|
page read and write
|
||
|
263E000
|
trusted library allocation
|
page read and write
|
||
|
6F0E000
|
stack
|
page read and write
|
||
|
17AF000
|
stack
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
143E000
|
stack
|
page read and write
|
||
|
295B000
|
stack
|
page read and write
|
||
|
2E9F000
|
stack
|
page read and write
|
||
|
9F8000
|
heap
|
page read and write
|
||
|
14B0000
|
heap
|
page read and write
|
||
|
138F000
|
stack
|
page read and write
|
||
|
2981000
|
trusted library allocation
|
page read and write
|
||
|
632000
|
unkown
|
page readonly
|
||
|
1927000
|
direct allocation
|
page execute and read and write
|
||
|
BCAE000
|
stack
|
page read and write
|
||
|
6D7E000
|
stack
|
page read and write
|
||
|
D20000
|
trusted library allocation
|
page execute and read and write
|
||
|
5010000
|
trusted library allocation
|
page read and write
|
||
|
CDA000
|
trusted library allocation
|
page execute and read and write
|
||
|
70491000
|
unkown
|
page execute read
|
||
|
6EF0000
|
heap
|
page read and write
|
There are 362 hidden memdumps, click here to show them.