Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Order 0230006 - Mexpol S.A.pdf.exe
|
PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Order 0230006 - _c4bb2b7d5e13676ace823194632f96329bdedfe8_62ec75d2_e66e5ac5-54e0-4075-8878-d7340fd8ae44\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1545.tmp.dmp
|
Mini DuMP crash report, 16 streams, Tue Apr 16 09:41:14 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1778.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER17A8.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_130yyftn.cr4.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cexxbmu3.nhq.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jh1posqu.xrm.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mfvdn1m5.ha0.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Order 0230006 - Mexpol S.A.pdf.exe
|
"C:\Users\user\Desktop\Order 0230006 - Mexpol S.A.pdf.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Order 0230006
- Mexpol S.A.pdf.exe" -Force
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 5040 -s 1104
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
https://api.telegram.org
|
unknown
|
||
|
http://api.telegram.org
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://api.telegram.org/bot6369080394:AAFEItWVNdHHyWWLHTZ_gGRSeWMYewCCU2w/sendDocument
|
149.154.167.220
|
||
|
https://api.telegram.org/bot6369080394:AAFEItWVNdHHyWWLHTZ_gGRSeWMYewCCU2w/
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
api.telegram.org
|
149.154.167.220
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
149.154.167.220
|
api.telegram.org
|
United Kingdom
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
|
EnableLUA
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance
|
Enabled
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
FileDirectory
|
||
|
\REGISTRY\A\{89afb7d6-4a39-fac5-f8ce-57a2bb47e4ad}\Root\InventoryApplicationFile\order 0230006 - |cbdd270d7f7c9431
|
ProgramId
|
||
|
\REGISTRY\A\{89afb7d6-4a39-fac5-f8ce-57a2bb47e4ad}\Root\InventoryApplicationFile\order 0230006 - |cbdd270d7f7c9431
|
FileId
|
||
|
\REGISTRY\A\{89afb7d6-4a39-fac5-f8ce-57a2bb47e4ad}\Root\InventoryApplicationFile\order 0230006 - |cbdd270d7f7c9431
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{89afb7d6-4a39-fac5-f8ce-57a2bb47e4ad}\Root\InventoryApplicationFile\order 0230006 - |cbdd270d7f7c9431
|
LongPathHash
|
||
|
\REGISTRY\A\{89afb7d6-4a39-fac5-f8ce-57a2bb47e4ad}\Root\InventoryApplicationFile\order 0230006 - |cbdd270d7f7c9431
|
Name
|
||
|
\REGISTRY\A\{89afb7d6-4a39-fac5-f8ce-57a2bb47e4ad}\Root\InventoryApplicationFile\order 0230006 - |cbdd270d7f7c9431
|
OriginalFileName
|
||
|
\REGISTRY\A\{89afb7d6-4a39-fac5-f8ce-57a2bb47e4ad}\Root\InventoryApplicationFile\order 0230006 - |cbdd270d7f7c9431
|
Publisher
|
||
|
\REGISTRY\A\{89afb7d6-4a39-fac5-f8ce-57a2bb47e4ad}\Root\InventoryApplicationFile\order 0230006 - |cbdd270d7f7c9431
|
Version
|
||
|
\REGISTRY\A\{89afb7d6-4a39-fac5-f8ce-57a2bb47e4ad}\Root\InventoryApplicationFile\order 0230006 - |cbdd270d7f7c9431
|
BinFileVersion
|
||
|
\REGISTRY\A\{89afb7d6-4a39-fac5-f8ce-57a2bb47e4ad}\Root\InventoryApplicationFile\order 0230006 - |cbdd270d7f7c9431
|
BinaryType
|
||
|
\REGISTRY\A\{89afb7d6-4a39-fac5-f8ce-57a2bb47e4ad}\Root\InventoryApplicationFile\order 0230006 - |cbdd270d7f7c9431
|
ProductName
|
||
|
\REGISTRY\A\{89afb7d6-4a39-fac5-f8ce-57a2bb47e4ad}\Root\InventoryApplicationFile\order 0230006 - |cbdd270d7f7c9431
|
ProductVersion
|
||
|
\REGISTRY\A\{89afb7d6-4a39-fac5-f8ce-57a2bb47e4ad}\Root\InventoryApplicationFile\order 0230006 - |cbdd270d7f7c9431
|
LinkDate
|
||
|
\REGISTRY\A\{89afb7d6-4a39-fac5-f8ce-57a2bb47e4ad}\Root\InventoryApplicationFile\order 0230006 - |cbdd270d7f7c9431
|
BinProductVersion
|
||
|
\REGISTRY\A\{89afb7d6-4a39-fac5-f8ce-57a2bb47e4ad}\Root\InventoryApplicationFile\order 0230006 - |cbdd270d7f7c9431
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{89afb7d6-4a39-fac5-f8ce-57a2bb47e4ad}\Root\InventoryApplicationFile\order 0230006 - |cbdd270d7f7c9431
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{89afb7d6-4a39-fac5-f8ce-57a2bb47e4ad}\Root\InventoryApplicationFile\order 0230006 - |cbdd270d7f7c9431
|
Size
|
||
|
\REGISTRY\A\{89afb7d6-4a39-fac5-f8ce-57a2bb47e4ad}\Root\InventoryApplicationFile\order 0230006 - |cbdd270d7f7c9431
|
Language
|
||
|
\REGISTRY\A\{89afb7d6-4a39-fac5-f8ce-57a2bb47e4ad}\Root\InventoryApplicationFile\order 0230006 - |cbdd270d7f7c9431
|
Usn
|
There are 26 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
298B000
|
trusted library allocation
|
page read and write
|
|
|
|
2921000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
29AD000
|
trusted library allocation
|
page read and write
|
|
|
|
20890069000
|
trusted library allocation
|
page read and write
|
|
|
|
2971000
|
trusted library allocation
|
page read and write
|
|
|
|
208800B0000
|
trusted library allocation
|
page read and write
|
|
|
|
4DED000
|
trusted library allocation
|
page read and write
|
||
|
6EA4CFE000
|
stack
|
page read and write
|
||
|
208E664B000
|
heap
|
page read and write
|
||
|
208E89FC000
|
heap
|
page read and write
|
||
|
F05000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AF3000
|
trusted library allocation
|
page read and write
|
||
|
208E64A0000
|
heap
|
page read and write
|
||
|
208E6740000
|
trusted library allocation
|
page read and write
|
||
|
BA4000
|
heap
|
page read and write
|
||
|
2979000
|
trusted library allocation
|
page read and write
|
||
|
7FF84900E000
|
trusted library allocation
|
page read and write
|
||
|
5CA0000
|
trusted library allocation
|
page read and write
|
||
|
20880001000
|
trusted library allocation
|
page read and write
|
||
|
B47000
|
heap
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
208E8980000
|
heap
|
page read and write
|
||
|
B2F000
|
heap
|
page read and write
|
||
|
D1E000
|
unkown
|
page read and write
|
||
|
7FF848E30000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page read and write
|
||
|
5DDC000
|
trusted library allocation
|
page read and write
|
||
|
29A9000
|
trusted library allocation
|
page read and write
|
||
|
642F000
|
stack
|
page read and write
|
||
|
4DCB000
|
trusted library allocation
|
page read and write
|
||
|
6EA50FE000
|
stack
|
page read and write
|
||
|
EFA000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E3B000
|
trusted library allocation
|
page execute and read and write
|
||
|
208E67D0000
|
heap
|
page read and write
|
||
|
2B98000
|
trusted library allocation
|
page read and write
|
||
|
208E8970000
|
heap
|
page execute and read and write
|
||
|
271E000
|
stack
|
page read and write
|
||
|
7FF849036000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E13000
|
trusted library allocation
|
page execute and read and write
|
||
|
6436000
|
trusted library allocation
|
page read and write
|
||
|
208E67D5000
|
heap
|
page read and write
|
||
|
208E6605000
|
heap
|
page read and write
|
||
|
20890012000
|
trusted library allocation
|
page read and write
|
||
|
2B43000
|
trusted library allocation
|
page read and write
|
||
|
5F2E000
|
stack
|
page read and write
|
||
|
AA0000
|
trusted library allocation
|
page read and write
|
||
|
622E000
|
stack
|
page read and write
|
||
|
208E6730000
|
trusted library allocation
|
page read and write
|
||
|
6EA57FD000
|
stack
|
page read and write
|
||
|
6439000
|
trusted library allocation
|
page read and write
|
||
|
6EA58FE000
|
stack
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
4DE6000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FF0000
|
trusted library allocation
|
page read and write
|
||
|
208E63A2000
|
unkown
|
page readonly
|
||
|
7FF849014000
|
trusted library allocation
|
page read and write
|
||
|
208E8880000
|
trusted library section
|
page read and write
|
||
|
5F40000
|
trusted library allocation
|
page read and write
|
||
|
6690000
|
trusted library allocation
|
page read and write
|
||
|
5DE0000
|
heap
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
509C000
|
stack
|
page read and write
|
||
|
2B94000
|
trusted library allocation
|
page read and write
|
||
|
208E6750000
|
heap
|
page read and write
|
||
|
7FF848E3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6EA54FE000
|
stack
|
page read and write
|
||
|
650E000
|
unkown
|
page read and write
|
||
|
440000
|
remote allocation
|
page execute and read and write
|
||
|
2B90000
|
trusted library allocation
|
page read and write
|
||
|
EF2000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EC6000
|
trusted library allocation
|
page read and write
|
||
|
F0B000
|
trusted library allocation
|
page execute and read and write
|
||
|
6430000
|
trusted library allocation
|
page read and write
|
||
|
B18000
|
heap
|
page read and write
|
||
|
4DCE000
|
trusted library allocation
|
page read and write
|
||
|
66A0000
|
trusted library allocation
|
page read and write
|
||
|
208E6621000
|
heap
|
page read and write
|
||
|
4DB0000
|
heap
|
page read and write
|
||
|
5E00000
|
trusted library allocation
|
page execute and read and write
|
||
|
6440000
|
trusted library allocation
|
page execute and read and write
|
||
|
208E65E0000
|
heap
|
page read and write
|
||
|
6EA4AFE000
|
stack
|
page read and write
|
||
|
6EA53FA000
|
stack
|
page read and write
|
||
|
2B88000
|
trusted library allocation
|
page read and write
|
||
|
EF0000
|
trusted library allocation
|
page read and write
|
||
|
208E67A0000
|
heap
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
4DF2000
|
trusted library allocation
|
page read and write
|
||
|
2778000
|
trusted library allocation
|
page read and write
|
||
|
F20000
|
trusted library allocation
|
page read and write
|
||
|
3921000
|
trusted library allocation
|
page read and write
|
||
|
296F000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
|
66E0000
|
heap
|
page read and write
|
||
|
20880374000
|
trusted library allocation
|
page read and write
|
||
|
208E6400000
|
unkown
|
page readonly
|
||
|
4D70000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FCF000
|
trusted library allocation
|
page read and write
|
||
|
AB0000
|
trusted library allocation
|
page read and write
|
||
|
208E6870000
|
heap
|
page read and write
|
||
|
BD2000
|
heap
|
page read and write
|
||
|
29A5000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FB4000
|
trusted library allocation
|
page read and write
|
||
|
7FF849010000
|
trusted library allocation
|
page read and write
|
||
|
AB3000
|
trusted library allocation
|
page execute and read and write
|
||
|
5DF6000
|
trusted library allocation
|
page read and write
|
||
|
A4E000
|
stack
|
page read and write
|
||
|
BDB000
|
heap
|
page read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
208E65C0000
|
heap
|
page read and write
|
||
|
B0E000
|
stack
|
page read and write
|
||
|
6EA4BFE000
|
stack
|
page read and write
|
||
|
7FF848F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
648D000
|
stack
|
page read and write
|
||
|
BDE000
|
heap
|
page read and write
|
||
|
4F9C000
|
stack
|
page read and write
|
||
|
4D80000
|
heap
|
page read and write
|
||
|
6EA59FB000
|
stack
|
page read and write
|
||
|
5F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
208E802A000
|
heap
|
page read and write
|
||
|
7F4E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
2989000
|
trusted library allocation
|
page read and write
|
||
|
208E81F0000
|
trusted library allocation
|
page read and write
|
||
|
5DF0000
|
trusted library allocation
|
page read and write
|
||
|
660E000
|
stack
|
page read and write
|
||
|
208E664D000
|
heap
|
page read and write
|
||
|
4E50000
|
heap
|
page execute and read and write
|
||
|
BEF000
|
heap
|
page read and write
|
||
|
275C000
|
stack
|
page read and write
|
||
|
5CA8000
|
trusted library allocation
|
page read and write
|
||
|
29B8000
|
trusted library allocation
|
page read and write
|
||
|
208E89DB000
|
heap
|
page read and write
|
||
|
20890008000
|
trusted library allocation
|
page read and write
|
||
|
5CB0000
|
heap
|
page read and write
|
||
|
7FF849030000
|
trusted library allocation
|
page read and write
|
||
|
208E6743000
|
trusted library allocation
|
page read and write
|
||
|
208E6412000
|
unkown
|
page readonly
|
||
|
AC5000
|
heap
|
page read and write
|
||
|
7FF848E12000
|
trusted library allocation
|
page read and write
|
||
|
4DC0000
|
trusted library allocation
|
page read and write
|
||
|
2B8E000
|
trusted library allocation
|
page read and write
|
||
|
EED000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D60000
|
trusted library allocation
|
page execute and read and write
|
||
|
3949000
|
trusted library allocation
|
page read and write
|
||
|
2975000
|
trusted library allocation
|
page read and write
|
||
|
4E10000
|
trusted library allocation
|
page read and write
|
||
|
F36000
|
heap
|
page read and write
|
||
|
7FF848ECC000
|
trusted library allocation
|
page execute and read and write
|
||
|
208E660D000
|
heap
|
page read and write
|
||
|
4DA0000
|
trusted library allocation
|
page read and write
|
||
|
2B9A000
|
trusted library allocation
|
page read and write
|
||
|
208E6657000
|
heap
|
page read and write
|
||
|
208E6624000
|
heap
|
page read and write
|
||
|
208E81B0000
|
heap
|
page execute and read and write
|
||
|
ABD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF849000000
|
trusted library allocation
|
page read and write
|
||
|
4E00000
|
trusted library allocation
|
page read and write
|
||
|
E5E000
|
stack
|
page read and write
|
||
|
F02000
|
trusted library allocation
|
page read and write
|
||
|
208E63A0000
|
unkown
|
page readonly
|
||
|
7FF848E14000
|
trusted library allocation
|
page read and write
|
||
|
6EA4DFE000
|
stack
|
page read and write
|
||
|
519E000
|
unkown
|
page read and write
|
||
|
2088002E000
|
trusted library allocation
|
page read and write
|
||
|
2B32000
|
trusted library allocation
|
page read and write
|
||
|
4DE1000
|
trusted library allocation
|
page read and write
|
||
|
20890001000
|
trusted library allocation
|
page read and write
|
||
|
4DDE000
|
trusted library allocation
|
page read and write
|
||
|
208E6404000
|
unkown
|
page readonly
|
||
|
291E000
|
stack
|
page read and write
|
||
|
EF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
5DD0000
|
trusted library allocation
|
page read and write
|
||
|
208800E8000
|
trusted library allocation
|
page read and write
|
||
|
20890356000
|
trusted library allocation
|
page read and write
|
||
|
398A000
|
trusted library allocation
|
page read and write
|
||
|
4DB3000
|
heap
|
page read and write
|
||
|
69A000
|
stack
|
page read and write
|
||
|
2B84000
|
trusted library allocation
|
page read and write
|
||
|
4DC6000
|
trusted library allocation
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4DDA000
|
trusted library allocation
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
208E6580000
|
heap
|
page read and write
|
||
|
208E6710000
|
trusted library allocation
|
page read and write
|
||
|
798000
|
stack
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
F07000
|
trusted library allocation
|
page execute and read and write
|
||
|
64CE000
|
unkown
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
AB4000
|
trusted library allocation
|
page read and write
|
||
|
6700000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B21000
|
trusted library allocation
|
page read and write
|
||
|
208E65EC000
|
heap
|
page read and write
|
||
|
208E6875000
|
heap
|
page read and write
|
||
|
4A1E000
|
stack
|
page read and write
|
||
|
7FF848FCA000
|
trusted library allocation
|
page read and write
|
||
|
20880102000
|
trusted library allocation
|
page read and write
|
||
|
6EA4FFE000
|
stack
|
page read and write
|
||
|
2B2E000
|
trusted library allocation
|
page read and write
|
||
|
4E60000
|
heap
|
page read and write
|
||
|
69FE000
|
stack
|
page read and write
|
||
|
E1E000
|
stack
|
page read and write
|
||
|
66B0000
|
heap
|
page read and write
|
||
|
208E660F000
|
heap
|
page read and write
|
||
|
6EA51FE000
|
stack
|
page read and write
|
||
|
B4A000
|
heap
|
page read and write
|
||
|
7FF4B6A30000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF849020000
|
trusted library allocation
|
page execute and read and write
|
||
|
208E89CF000
|
heap
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
7FF848E6C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2760000
|
heap
|
page read and write
|
||
|
EE0000
|
trusted library allocation
|
page read and write
|
||
|
6EA52FD000
|
stack
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
2BA6000
|
trusted library allocation
|
page read and write
|
||
|
5E4D000
|
stack
|
page read and write
|
||
|
7FF848E2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4DD2000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E23000
|
trusted library allocation
|
page read and write
|
||
|
6EA47F1000
|
stack
|
page read and write
|
||
|
2B00000
|
trusted library allocation
|
page read and write
|
||
|
6EA4EFC000
|
stack
|
page read and write
|
||
|
3AB8000
|
trusted library allocation
|
page read and write
|
||
|
20880096000
|
trusted library allocation
|
page read and write
|
||
|
2810000
|
heap
|
page execute and read and write
|
||
|
208E65A0000
|
heap
|
page read and write
|
||
|
68FE000
|
stack
|
page read and write
|
||
|
299C000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E34000
|
trusted library allocation
|
page read and write
|
There are 224 hidden memdumps, click here to show them.