Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
INV0062180.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\tmp1E43.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\iqKlcCJyhhi.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\INV0062180.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\iqKlcCJyhhi.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_coocotsl.bbr.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dinwdip5.btf.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hfl2xo1l.chz.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_inddqjh0.u4i.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kqhnxaxh.y5b.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tmsl30gx.mit.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u5sc3zda.az5.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zw0qf0gj.zip.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp2D85.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\iqKlcCJyhhi.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\INV0062180.exe
|
"C:\Users\user\Desktop\INV0062180.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\INV0062180.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\iqKlcCJyhhi.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\iqKlcCJyhhi" /XML "C:\Users\user\AppData\Local\Temp\tmp1E43.tmp"
|
|
|
|
C:\Users\user\Desktop\INV0062180.exe
|
"C:\Users\user\Desktop\INV0062180.exe"
|
|
|
|
C:\Users\user\Desktop\INV0062180.exe
|
"C:\Users\user\Desktop\INV0062180.exe"
|
|
|
|
C:\Users\user\Desktop\INV0062180.exe
|
"C:\Users\user\Desktop\INV0062180.exe"
|
|
|
|
C:\Users\user\Desktop\INV0062180.exe
|
"C:\Users\user\Desktop\INV0062180.exe"
|
|
|
|
C:\Users\user\Desktop\INV0062180.exe
|
"C:\Users\user\Desktop\INV0062180.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\iqKlcCJyhhi.exe
|
C:\Users\user\AppData\Roaming\iqKlcCJyhhi.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\iqKlcCJyhhi" /XML "C:\Users\user\AppData\Local\Temp\tmp2D85.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\iqKlcCJyhhi.exe
|
"C:\Users\user\AppData\Roaming\iqKlcCJyhhi.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\iqKlcCJyhhi.exe
|
"C:\Users\user\AppData\Roaming\iqKlcCJyhhi.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\iqKlcCJyhhi.exe
|
"C:\Users\user\AppData\Roaming\iqKlcCJyhhi.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\iqKlcCJyhhi.exe
|
"C:\Users\user\AppData\Roaming\iqKlcCJyhhi.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\iqKlcCJyhhi.exe
|
"C:\Users\user\AppData\Roaming\iqKlcCJyhhi.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 11 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://dev.neptuo.com
|
unknown
|
||
|
http://checkip.dyndns.org/q
|
unknown
|
||
|
https://scratchdreams.tk
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
37FB000
|
trusted library allocation
|
page read and write
|
|
|
|
3CCA000
|
trusted library allocation
|
page read and write
|
|
|
|
4AFC000
|
stack
|
page read and write
|
||
|
4E5E000
|
trusted library allocation
|
page read and write
|
||
|
856000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E90000
|
trusted library allocation
|
page read and write
|
||
|
1040000
|
trusted library allocation
|
page read and write
|
||
|
6DDB000
|
heap
|
page read and write
|
||
|
8BFE000
|
stack
|
page read and write
|
||
|
6BAE000
|
stack
|
page read and write
|
||
|
4AD0000
|
trusted library allocation
|
page read and write
|
||
|
2395000
|
trusted library allocation
|
page read and write
|
||
|
4BC0000
|
heap
|
page read and write
|
||
|
7DE000
|
stack
|
page read and write
|
||
|
4A3D000
|
trusted library allocation
|
page read and write
|
||
|
4E95000
|
trusted library allocation
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
610000
|
unkown
|
page readonly
|
||
|
2552000
|
trusted library allocation
|
page read and write
|
||
|
508E000
|
heap
|
page read and write
|
||
|
3AB3000
|
trusted library allocation
|
page read and write
|
||
|
C8A000
|
trusted library allocation
|
page execute and read and write
|
||
|
870E000
|
stack
|
page read and write
|
||
|
4E90000
|
heap
|
page read and write
|
||
|
2374000
|
trusted library allocation
|
page read and write
|
||
|
934000
|
heap
|
page read and write
|
||
|
5220000
|
heap
|
page read and write
|
||
|
4F10000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E6D000
|
trusted library allocation
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
834000
|
trusted library allocation
|
page read and write
|
||
|
6DE000
|
stack
|
page read and write
|
||
|
2A22000
|
trusted library allocation
|
page read and write
|
||
|
4D2C000
|
stack
|
page read and write
|
||
|
71F000
|
stack
|
page read and write
|
||
|
D43000
|
heap
|
page read and write
|
||
|
47F000
|
unkown
|
page read and write
|
||
|
84D0000
|
heap
|
page read and write
|
||
|
3B9E000
|
trusted library allocation
|
page read and write
|
||
|
6C2D000
|
stack
|
page read and write
|
||
|
2330000
|
trusted library allocation
|
page read and write
|
||
|
C80000
|
trusted library allocation
|
page read and write
|
||
|
5080000
|
heap
|
page read and write
|
||
|
35E3000
|
trusted library allocation
|
page read and write
|
||
|
85A000
|
trusted library allocation
|
page execute and read and write
|
||
|
B8E000
|
stack
|
page read and write
|
||
|
4AC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E3F000
|
trusted library section
|
page readonly
|
||
|
3A65000
|
trusted library allocation
|
page read and write
|
||
|
AF7000
|
stack
|
page read and write
|
||
|
347F000
|
unkown
|
page read and write
|
||
|
FB0000
|
trusted library allocation
|
page read and write
|
||
|
C0E000
|
stack
|
page read and write
|
||
|
C92000
|
trusted library allocation
|
page read and write
|
||
|
89EB000
|
stack
|
page read and write
|
||
|
24F1000
|
trusted library allocation
|
page read and write
|
||
|
CBE000
|
heap
|
page read and write
|
||
|
2350000
|
trusted library allocation
|
page read and write
|
||
|
6DAE000
|
stack
|
page read and write
|
||
|
49FC000
|
stack
|
page read and write
|
||
|
53AE000
|
stack
|
page read and write
|
||
|
4BA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
612000
|
unkown
|
page readonly
|
||
|
33E0000
|
heap
|
page read and write
|
||
|
3E7000
|
stack
|
page read and write
|
||
|
46CC000
|
stack
|
page read and write
|
||
|
34F9000
|
trusted library allocation
|
page read and write
|
||
|
84D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F00000
|
heap
|
page read and write
|
||
|
6870000
|
trusted library allocation
|
page read and write
|
||
|
2380000
|
trusted library allocation
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
50D0000
|
heap
|
page execute and read and write
|
||
|
5100000
|
trusted library allocation
|
page execute and read and write
|
||
|
298E000
|
stack
|
page read and write
|
||
|
8E3D000
|
stack
|
page read and write
|
||
|
862000
|
trusted library allocation
|
page read and write
|
||
|
CD6000
|
heap
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
4FD0000
|
heap
|
page read and write
|
||
|
6F10000
|
trusted library allocation
|
page read and write
|
||
|
D3E000
|
heap
|
page read and write
|
||
|
5230000
|
heap
|
page read and write
|
||
|
4E2D000
|
stack
|
page read and write
|
||
|
7162000
|
trusted library allocation
|
page read and write
|
||
|
6B60000
|
trusted library allocation
|
page read and write
|
||
|
8AF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
C70000
|
trusted library allocation
|
page read and write
|
||
|
4E40000
|
trusted library allocation
|
page read and write
|
||
|
C54000
|
trusted library allocation
|
page read and write
|
||
|
3C8B000
|
trusted library allocation
|
page read and write
|
||
|
4F20000
|
trusted library allocation
|
page read and write
|
||
|
4AB0000
|
heap
|
page read and write
|
||
|
25B4000
|
trusted library allocation
|
page read and write
|
||
|
53B0000
|
heap
|
page read and write
|
||
|
1050000
|
trusted library allocation
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
1067000
|
heap
|
page read and write
|
||
|
81E000
|
stack
|
page read and write
|
||
|
C50000
|
trusted library allocation
|
page read and write
|
||
|
C97000
|
trusted library allocation
|
page execute and read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
4CC0000
|
trusted library allocation
|
page read and write
|
||
|
23A0000
|
heap
|
page execute and read and write
|
||
|
7110000
|
trusted library allocation
|
page read and write
|
||
|
8D1000
|
heap
|
page read and write
|
||
|
8E40000
|
heap
|
page read and write
|
||
|
6860000
|
trusted library allocation
|
page execute and read and write
|
||
|
91FE000
|
stack
|
page read and write
|
||
|
3500000
|
heap
|
page read and write
|
||
|
2A04000
|
trusted library allocation
|
page read and write
|
||
|
CEF000
|
heap
|
page read and write
|
||
|
4A50000
|
trusted library allocation
|
page read and write
|
||
|
5180000
|
trusted library section
|
page readonly
|
||
|
EAE000
|
stack
|
page read and write
|
||
|
88BE000
|
stack
|
page read and write
|
||
|
4E60000
|
trusted library allocation
|
page execute and read and write
|
||
|
5110000
|
trusted library allocation
|
page read and write
|
||
|
92FF000
|
stack
|
page read and write
|
||
|
86B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1030000
|
trusted library allocation
|
page execute and read and write
|
||
|
4AE0000
|
trusted library allocation
|
page read and write
|
||
|
89AE000
|
stack
|
page read and write
|
||
|
6EE0000
|
trusted library allocation
|
page read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
4FD3000
|
heap
|
page read and write
|
||
|
898000
|
heap
|
page read and write
|
||
|
39C1000
|
trusted library allocation
|
page read and write
|
||
|
8D7000
|
heap
|
page read and write
|
||
|
290E000
|
stack
|
page read and write
|
||
|
8B3E000
|
stack
|
page read and write
|
||
|
3A17000
|
trusted library allocation
|
page read and write
|
||
|
517B000
|
stack
|
page read and write
|
||
|
4A31000
|
trusted library allocation
|
page read and write
|
||
|
FAF000
|
stack
|
page read and write
|
||
|
6B4E000
|
heap
|
page read and write
|
||
|
5120000
|
trusted library allocation
|
page read and write
|
||
|
2360000
|
heap
|
page read and write
|
||
|
6EC0000
|
trusted library allocation
|
page read and write
|
||
|
4CE0000
|
heap
|
page execute and read and write
|
||
|
45CC000
|
stack
|
page read and write
|
||
|
88FE000
|
stack
|
page read and write
|
||
|
4EA0000
|
trusted library allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
6881000
|
trusted library allocation
|
page read and write
|
||
|
75B0000
|
trusted library section
|
page read and write
|
||
|
3700000
|
heap
|
page read and write
|
||
|
33F0000
|
heap
|
page read and write
|
||
|
6ED0000
|
trusted library section
|
page read and write
|
||
|
929000
|
heap
|
page read and write
|
||
|
7DB6000
|
trusted library allocation
|
page read and write
|
||
|
4F22000
|
trusted library allocation
|
page read and write
|
||
|
4AD2000
|
trusted library allocation
|
page read and write
|
||
|
6B40000
|
heap
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
4E66000
|
trusted library allocation
|
page read and write
|
||
|
D61000
|
heap
|
page read and write
|
||
|
50E0000
|
trusted library allocation
|
page read and write
|
||
|
945C000
|
stack
|
page read and write
|
||
|
529E000
|
stack
|
page read and write
|
||
|
82CE000
|
stack
|
page read and write
|
||
|
8AF000
|
heap
|
page read and write
|
||
|
8C3E000
|
stack
|
page read and write
|
||
|
6EB0000
|
trusted library section
|
page read and write
|
||
|
6840000
|
trusted library allocation
|
page read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
893E000
|
stack
|
page read and write
|
||
|
955C000
|
stack
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
4E72000
|
trusted library allocation
|
page read and write
|
||
|
34BE000
|
stack
|
page read and write
|
||
|
4BC3000
|
heap
|
page read and write
|
||
|
89E000
|
heap
|
page read and write
|
||
|
4A42000
|
trusted library allocation
|
page read and write
|
||
|
4E40000
|
heap
|
page read and write
|
||
|
2370000
|
trusted library allocation
|
page read and write
|
||
|
860D000
|
stack
|
page read and write
|
||
|
5AB000
|
heap
|
page read and write
|
||
|
29B0000
|
heap
|
page execute and read and write
|
||
|
53E1000
|
heap
|
page read and write
|
||
|
6CBE000
|
heap
|
page read and write
|
||
|
4E80000
|
trusted library allocation
|
page read and write
|
||
|
24EF000
|
stack
|
page read and write
|
||
|
CF1000
|
heap
|
page read and write
|
||
|
6850000
|
trusted library allocation
|
page execute and read and write
|
||
|
91BE000
|
stack
|
page read and write
|
||
|
90BE000
|
stack
|
page read and write
|
||
|
81CE000
|
stack
|
page read and write
|
||
|
3300000
|
heap
|
page read and write
|
||
|
4A1B000
|
trusted library allocation
|
page read and write
|
||
|
2390000
|
trusted library allocation
|
page read and write
|
||
|
5070000
|
heap
|
page read and write
|
||
|
965E000
|
stack
|
page read and write
|
||
|
325D000
|
stack
|
page read and write
|
||
|
4ADA000
|
trusted library allocation
|
page read and write
|
||
|
6DE8000
|
heap
|
page read and write
|
||
|
102E000
|
stack
|
page read and write
|
||
|
34FF000
|
stack
|
page read and write
|
||
|
1060000
|
heap
|
page read and write
|
||
|
4A40000
|
trusted library allocation
|
page read and write
|
||
|
2376000
|
trusted library allocation
|
page read and write
|
||
|
4EA0000
|
heap
|
page read and write
|
||
|
43E000
|
unkown
|
page read and write
|
||
|
8D9000
|
heap
|
page read and write
|
||
|
2340000
|
trusted library allocation
|
page execute and read and write
|
||
|
23EE000
|
stack
|
page read and write
|
||
|
6BEE000
|
stack
|
page read and write
|
||
|
329A000
|
stack
|
page read and write
|
||
|
29C1000
|
trusted library allocation
|
page read and write
|
||
|
C60000
|
heap
|
page read and write
|
||
|
840000
|
trusted library allocation
|
page read and write
|
||
|
8D3D000
|
stack
|
page read and write
|
||
|
4A36000
|
trusted library allocation
|
page read and write
|
||
|
C53000
|
trusted library allocation
|
page execute and read and write
|
||
|
830000
|
trusted library allocation
|
page read and write
|
||
|
2EA000
|
stack
|
page read and write
|
||
|
6CA0000
|
heap
|
page read and write
|
||
|
4A10000
|
trusted library allocation
|
page read and write
|
||
|
887000
|
heap
|
page read and write
|
||
|
820000
|
trusted library allocation
|
page read and write
|
||
|
4E30000
|
trusted library section
|
page readonly
|
||
|
504E000
|
stack
|
page read and write
|
||
|
3869000
|
trusted library allocation
|
page read and write
|
||
|
34F1000
|
trusted library allocation
|
page read and write
|
||
|
73A000
|
stack
|
page read and write
|
||
|
12D000
|
stack
|
page read and write
|
||
|
6CAD000
|
heap
|
page read and write
|
||
|
38CB000
|
trusted library allocation
|
page read and write
|
||
|
8F40000
|
trusted library allocation
|
page execute and read and write
|
||
|
8F8D000
|
stack
|
page read and write
|
||
|
53C0000
|
heap
|
page read and write
|
||
|
5215000
|
heap
|
page read and write
|
||
|
97F000
|
heap
|
page read and write
|
||
|
52A0000
|
heap
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
2534000
|
trusted library allocation
|
page read and write
|
||
|
6DB0000
|
heap
|
page read and write
|
||
|
4BB0000
|
trusted library allocation
|
page read and write
|
||
|
7D5000
|
heap
|
page read and write
|
||
|
C86000
|
trusted library allocation
|
page execute and read and write
|
||
|
39C9000
|
trusted library allocation
|
page read and write
|
||
|
3739000
|
trusted library allocation
|
page read and write
|
||
|
D84000
|
heap
|
page read and write
|
||
|
6C5000
|
heap
|
page read and write
|
||
|
8D3000
|
heap
|
page read and write
|
||
|
84CD000
|
stack
|
page read and write
|
||
|
867000
|
trusted library allocation
|
page execute and read and write
|
||
|
343E000
|
unkown
|
page read and write
|
||
|
452E000
|
stack
|
page read and write
|
||
|
6890000
|
trusted library allocation
|
page read and write
|
||
|
6F00000
|
trusted library allocation
|
page execute and read and write
|
||
|
8637000
|
trusted library allocation
|
page read and write
|
||
|
8AFE000
|
stack
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
4EC0000
|
trusted library allocation
|
page read and write
|
||
|
37BB000
|
trusted library allocation
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
833000
|
trusted library allocation
|
page execute and read and write
|
||
|
C5D000
|
trusted library allocation
|
page execute and read and write
|
||
|
8FA0000
|
trusted library allocation
|
page read and write
|
||
|
5210000
|
heap
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
83D000
|
trusted library allocation
|
page execute and read and write
|
||
|
8C6000
|
heap
|
page read and write
|
||
|
C9B000
|
trusted library allocation
|
page execute and read and write
|
||
|
852000
|
trusted library allocation
|
page read and write
|
||
|
4E70000
|
trusted library allocation
|
page read and write
|
||
|
88AE000
|
stack
|
page read and write
|
||
|
A8E000
|
stack
|
page read and write
|
||
|
6EF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
379B000
|
trusted library allocation
|
page read and write
|
||
|
83CE000
|
stack
|
page read and write
|
||
|
7F0000
|
trusted library allocation
|
page read and write
|
||
|
456E000
|
stack
|
page read and write
|
||
|
5075000
|
heap
|
page read and write
|
||
|
C7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
5240000
|
trusted library allocation
|
page execute and read and write
|
||
|
850000
|
trusted library allocation
|
page read and write
|
||
|
6F20000
|
trusted library allocation
|
page read and write
|
||
|
4E80000
|
heap
|
page read and write
|
||
|
4A2E000
|
trusted library allocation
|
page read and write
|
||
|
4A70000
|
trusted library allocation
|
page read and write
|
||
|
4E50000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
294E000
|
stack
|
page read and write
|
||
|
36CE000
|
trusted library allocation
|
page read and write
|
||
|
682F000
|
stack
|
page read and write
|
||
|
C82000
|
trusted library allocation
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
8AEC000
|
stack
|
page read and write
|
||
|
C4D000
|
stack
|
page read and write
|
||
|
8CFE000
|
stack
|
page read and write
|
||
|
4E61000
|
trusted library allocation
|
page read and write
|
||
|
4E4B000
|
trusted library allocation
|
page read and write
|
||
|
5060000
|
trusted library allocation
|
page read and write
|
||
|
802E000
|
stack
|
page read and write
|
||
|
16A000
|
stack
|
page read and write
|
||
|
350B000
|
heap
|
page read and write
|
There are 290 hidden memdumps, click here to show them.