Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
gunzipped.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\tmpC9C3.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\WiHDtnb.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\WiHDtnb.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\gunzipped.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_a4saqt0i.zdl.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nx3xeap1.mbz.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_v1rg5cf2.b3l.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xe1tyowq.3ch.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpD4BF.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\188E93\31437F.lck
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\89dad5d484a9f889a3a8dfca823edc3e_9e146be9-c76a-4720-bcdb-53011b87bd06
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\WiHDtnb.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\gunzipped.exe
|
"C:\Users\user\Desktop\gunzipped.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\WiHDtnb.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WiHDtnb" /XML "C:\Users\user\AppData\Local\Temp\tmpC9C3.tmp"
|
|
|
|
C:\Users\user\Desktop\gunzipped.exe
|
"C:\Users\user\Desktop\gunzipped.exe"
|
|
|
|
C:\Users\user\Desktop\gunzipped.exe
|
"C:\Users\user\Desktop\gunzipped.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\WiHDtnb.exe
|
C:\Users\user\AppData\Roaming\WiHDtnb.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WiHDtnb" /XML "C:\Users\user\AppData\Local\Temp\tmpD4BF.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\WiHDtnb.exe
|
"C:\Users\user\AppData\Roaming\WiHDtnb.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 2 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://136.244.109.75/index.php/1748937
|
136.244.109.75
|
|
|
|
http://kbfvzoboss.bid/alien/fre.php
|
|
||
|
http://alphastand.win/alien/fre.php
|
|
||
|
http://alphastand.trade/alien/fre.php
|
|
||
|
http://alphastand.top/alien/fre.php
|
|
||
|
http://136.244.109.75/index.php/feed/
|
unknown
|
||
|
http://136.244.109.75/index.php/comments/feed/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.ibsensoftware.com/
|
unknown
|
||
|
http://136.244.109.75/index.php/wp-json/
|
unknown
|
||
|
http://gmpg.org/xfn/11
|
unknown
|
||
|
https://api.w.org/
|
unknown
|
There are 2 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
136.244.109.75
|
unknown
|
United States
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2C8F000
|
trusted library allocation
|
page read and write
|
|
|
|
394E000
|
trusted library allocation
|
page read and write
|
|
|
|
3934000
|
trusted library allocation
|
page read and write
|
|
|
|
2571000
|
trusted library allocation
|
page read and write
|
|
|
|
1008000
|
heap
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
328E000
|
unkown
|
page read and write
|
||
|
4A76000
|
trusted library allocation
|
page read and write
|
||
|
854F000
|
stack
|
page read and write
|
||
|
E1A000
|
heap
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
3C41000
|
trusted library allocation
|
page read and write
|
||
|
10AE000
|
stack
|
page read and write
|
||
|
C9F000
|
unkown
|
page read and write
|
||
|
4A50000
|
trusted library allocation
|
page read and write
|
||
|
AFC000
|
stack
|
page read and write
|
||
|
4C48000
|
trusted library allocation
|
page read and write
|
||
|
52D5000
|
trusted library allocation
|
page read and write
|
||
|
5C6E000
|
stack
|
page read and write
|
||
|
11AE000
|
stack
|
page read and write
|
||
|
1000000
|
heap
|
page read and write
|
||
|
5184000
|
trusted library allocation
|
page read and write
|
||
|
56A0000
|
heap
|
page read and write
|
||
|
9F5000
|
heap
|
page read and write
|
||
|
3D69000
|
trusted library allocation
|
page read and write
|
||
|
5CAE000
|
stack
|
page read and write
|
||
|
864D000
|
stack
|
page read and write
|
||
|
4A6E000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
B7F000
|
stack
|
page read and write
|
||
|
8B3E000
|
stack
|
page read and write
|
||
|
2AA0000
|
heap
|
page read and write
|
||
|
558B000
|
stack
|
page read and write
|
||
|
B82000
|
trusted library allocation
|
page read and write
|
||
|
94B000
|
heap
|
page read and write
|
||
|
5F84000
|
trusted library allocation
|
page read and write
|
||
|
52B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E1C000
|
stack
|
page read and write
|
||
|
8A90000
|
heap
|
page read and write
|
||
|
BFE000
|
stack
|
page read and write
|
||
|
CF7000
|
stack
|
page read and write
|
||
|
E95000
|
heap
|
page read and write
|
||
|
963000
|
trusted library allocation
|
page execute and read and write
|
||
|
E90000
|
heap
|
page read and write
|
||
|
DB9000
|
heap
|
page read and write
|
||
|
925D000
|
stack
|
page read and write
|
||
|
D55000
|
heap
|
page read and write
|
||
|
FAE000
|
stack
|
page read and write
|
||
|
50F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
8D7E000
|
stack
|
page read and write
|
||
|
3571000
|
trusted library allocation
|
page read and write
|
||
|
30BF000
|
stack
|
page read and write
|
||
|
4578000
|
trusted library allocation
|
page read and write
|
||
|
255F000
|
trusted library allocation
|
page read and write
|
||
|
51A6000
|
trusted library allocation
|
page read and write
|
||
|
3CEC000
|
trusted library allocation
|
page read and write
|
||
|
5AAF000
|
stack
|
page read and write
|
||
|
56E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
D9B000
|
heap
|
page read and write
|
||
|
4004000
|
trusted library allocation
|
page read and write
|
||
|
D97000
|
heap
|
page read and write
|
||
|
52F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
9B5000
|
heap
|
page read and write
|
||
|
4A54000
|
trusted library allocation
|
page read and write
|
||
|
1052000
|
trusted library allocation
|
page read and write
|
||
|
2530000
|
heap
|
page execute and read and write
|
||
|
D10000
|
trusted library allocation
|
page read and write
|
||
|
96D000
|
stack
|
page read and write
|
||
|
5D5E000
|
stack
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
8A3F000
|
stack
|
page read and write
|
||
|
844E000
|
stack
|
page read and write
|
||
|
58B0000
|
heap
|
page read and write
|
||
|
5754000
|
heap
|
page read and write
|
||
|
636E000
|
stack
|
page read and write
|
||
|
8D4C000
|
stack
|
page read and write
|
||
|
6F7000
|
stack
|
page read and write
|
||
|
51A1000
|
trusted library allocation
|
page read and write
|
||
|
50E0000
|
trusted library allocation
|
page read and write
|
||
|
352E000
|
stack
|
page read and write
|
||
|
E07000
|
heap
|
page read and write
|
||
|
5850000
|
trusted library allocation
|
page execute and read and write
|
||
|
222000
|
unkown
|
page readonly
|
||
|
C10000
|
heap
|
page read and write
|
||
|
8650000
|
heap
|
page read and write
|
||
|
3D0D000
|
trusted library allocation
|
page read and write
|
||
|
2C3E000
|
stack
|
page read and write
|
||
|
1340000
|
heap
|
page execute and read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
8E8E000
|
stack
|
page read and write
|
||
|
4D40000
|
heap
|
page execute and read and write
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
1396000
|
heap
|
page read and write
|
||
|
D95000
|
heap
|
page read and write
|
||
|
8E7E000
|
stack
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
3E0F000
|
trusted library allocation
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
24AE000
|
stack
|
page read and write
|
||
|
2F9D000
|
stack
|
page read and write
|
||
|
12EE000
|
stack
|
page read and write
|
||
|
D63000
|
heap
|
page read and write
|
||
|
2E7E000
|
stack
|
page read and write
|
||
|
A0B000
|
heap
|
page read and write
|
||
|
627E000
|
stack
|
page read and write
|
||
|
3829000
|
trusted library allocation
|
page read and write
|
||
|
9A7000
|
heap
|
page read and write
|
||
|
470C000
|
stack
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
51FA000
|
trusted library allocation
|
page read and write
|
||
|
2A9F000
|
stack
|
page read and write
|
||
|
574C000
|
heap
|
page read and write
|
||
|
409B000
|
trusted library allocation
|
page read and write
|
||
|
BFB000
|
stack
|
page read and write
|
||
|
37DB000
|
trusted library allocation
|
page read and write
|
||
|
51C4000
|
trusted library allocation
|
page read and write
|
||
|
1100000
|
heap
|
page read and write
|
||
|
8EA0000
|
trusted library allocation
|
page read and write
|
||
|
51AD000
|
trusted library allocation
|
page read and write
|
||
|
877D000
|
stack
|
page read and write
|
||
|
51C0000
|
trusted library allocation
|
page read and write
|
||
|
A51000
|
heap
|
page read and write
|
||
|
2F7F000
|
stack
|
page read and write
|
||
|
8790000
|
trusted library allocation
|
page read and write
|
||
|
2550000
|
trusted library allocation
|
page read and write
|
||
|
52A3000
|
heap
|
page read and write
|
||
|
950000
|
trusted library allocation
|
page read and write
|
||
|
5F80000
|
trusted library allocation
|
page read and write
|
||
|
5840000
|
trusted library allocation
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
1300000
|
trusted library allocation
|
page read and write
|
||
|
1042000
|
trusted library allocation
|
page read and write
|
||
|
E1C000
|
heap
|
page read and write
|
||
|
4038000
|
trusted library allocation
|
page read and write
|
||
|
11EE000
|
stack
|
page read and write
|
||
|
62FA000
|
trusted library allocation
|
page read and write
|
||
|
5FCE000
|
stack
|
page read and write
|
||
|
2560000
|
heap
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
CC7000
|
heap
|
page read and write
|
||
|
2E07000
|
trusted library allocation
|
page read and write
|
||
|
B92000
|
trusted library allocation
|
page read and write
|
||
|
94A000
|
stack
|
page read and write
|
||
|
B9B000
|
trusted library allocation
|
page execute and read and write
|
||
|
911B000
|
stack
|
page read and write
|
||
|
5180000
|
heap
|
page read and write
|
||
|
32E0000
|
heap
|
page read and write
|
||
|
51C6000
|
trusted library allocation
|
page read and write
|
||
|
138E000
|
stack
|
page read and write
|
||
|
4F50000
|
trusted library allocation
|
page execute and read and write
|
||
|
884E000
|
stack
|
page read and write
|
||
|
3EF9000
|
trusted library allocation
|
page read and write
|
||
|
825000
|
heap
|
page read and write
|
||
|
51B2000
|
trusted library allocation
|
page read and write
|
||
|
104A000
|
trusted library allocation
|
page execute and read and write
|
||
|
B8A000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D2B000
|
stack
|
page read and write
|
||
|
4FDA000
|
heap
|
page read and write
|
||
|
E2E000
|
stack
|
page read and write
|
||
|
DF9000
|
heap
|
page read and write
|
||
|
4A71000
|
trusted library allocation
|
page read and write
|
||
|
DA5000
|
heap
|
page read and write
|
||
|
970000
|
trusted library allocation
|
page read and write
|
||
|
4A90000
|
trusted library allocation
|
page read and write
|
||
|
5120000
|
trusted library allocation
|
page read and write
|
||
|
1030000
|
trusted library allocation
|
page read and write
|
||
|
4B80000
|
heap
|
page read and write
|
||
|
4C6E000
|
stack
|
page read and write
|
||
|
251E000
|
stack
|
page read and write
|
||
|
50D0000
|
trusted library allocation
|
page read and write
|
||
|
4F60000
|
heap
|
page read and write
|
||
|
5740000
|
heap
|
page read and write
|
||
|
103D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5290000
|
trusted library section
|
page read and write
|
||
|
1390000
|
heap
|
page read and write
|
||
|
A2E000
|
stack
|
page read and write
|
||
|
26CE000
|
stack
|
page read and write
|
||
|
5690000
|
trusted library allocation
|
page read and write
|
||
|
A48000
|
heap
|
page read and write
|
||
|
7F780000
|
trusted library allocation
|
page execute and read and write
|
||
|
52D0000
|
trusted library allocation
|
page read and write
|
||
|
5710000
|
heap
|
page read and write
|
||
|
5B2E000
|
stack
|
page read and write
|
||
|
DED000
|
heap
|
page read and write
|
||
|
5F20000
|
trusted library allocation
|
page read and write
|
||
|
51EF000
|
trusted library allocation
|
page read and write
|
||
|
8C3D000
|
stack
|
page read and write
|
||
|
516E000
|
stack
|
page read and write
|
||
|
390000
|
heap
|
page read and write
|
||
|
92E000
|
stack
|
page read and write
|
||
|
960000
|
trusted library allocation
|
page read and write
|
||
|
5C2E000
|
stack
|
page read and write
|
||
|
964000
|
trusted library allocation
|
page read and write
|
||
|
356F000
|
stack
|
page read and write
|
||
|
539E000
|
stack
|
page read and write
|
||
|
4A82000
|
trusted library allocation
|
page read and write
|
||
|
549E000
|
stack
|
page read and write
|
||
|
3240000
|
heap
|
page read and write
|
||
|
52CA000
|
trusted library allocation
|
page read and write
|
||
|
A76000
|
heap
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
220000
|
unkown
|
page readonly
|
||
|
262C000
|
trusted library allocation
|
page read and write
|
||
|
7F6B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1040000
|
trusted library allocation
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
5110000
|
trusted library section
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
5FF0000
|
heap
|
page read and write
|
||
|
C5E000
|
unkown
|
page read and write
|
||
|
2520000
|
heap
|
page read and write
|
||
|
2F9F000
|
stack
|
page read and write
|
||
|
5F60000
|
trusted library allocation
|
page read and write
|
||
|
4D1B000
|
stack
|
page read and write
|
||
|
6320000
|
trusted library allocation
|
page execute and read and write
|
||
|
32DF000
|
unkown
|
page read and write
|
||
|
D65000
|
heap
|
page read and write
|
||
|
5180000
|
trusted library allocation
|
page read and write
|
||
|
97D000
|
trusted library allocation
|
page execute and read and write
|
||
|
8C4C000
|
stack
|
page read and write
|
||
|
51F5000
|
trusted library allocation
|
page read and write
|
||
|
5011000
|
heap
|
page read and write
|
||
|
4A0000
|
remote allocation
|
page execute and read and write
|
||
|
893F000
|
stack
|
page read and write
|
||
|
5E5E000
|
stack
|
page read and write
|
||
|
5F70000
|
trusted library allocation
|
page execute and read and write
|
||
|
3290000
|
heap
|
page read and write
|
||
|
98D000
|
stack
|
page read and write
|
||
|
988000
|
heap
|
page read and write
|
||
|
2FBE000
|
stack
|
page read and write
|
||
|
50C0000
|
heap
|
page read and write
|
||
|
B65000
|
heap
|
page read and write
|
||
|
2D52000
|
trusted library allocation
|
page read and write
|
||
|
519E000
|
trusted library allocation
|
page read and write
|
||
|
949E000
|
stack
|
page read and write
|
||
|
1057000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E4F000
|
stack
|
page read and write
|
||
|
102E000
|
stack
|
page read and write
|
||
|
403F000
|
trusted library allocation
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
3C47000
|
trusted library allocation
|
page read and write
|
||
|
36E0000
|
heap
|
page read and write
|
||
|
4A0000
|
remote allocation
|
page execute and read and write
|
||
|
873E000
|
stack
|
page read and write
|
||
|
52C0000
|
trusted library allocation
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
52A0000
|
trusted library allocation
|
page read and write
|
||
|
62F0000
|
trusted library allocation
|
page read and write
|
||
|
A62000
|
heap
|
page read and write
|
||
|
D14000
|
trusted library allocation
|
page read and write
|
||
|
339000
|
stack
|
page read and write
|
||
|
9A9000
|
stack
|
page read and write
|
||
|
B86000
|
trusted library allocation
|
page execute and read and write
|
||
|
D00000
|
trusted library allocation
|
page read and write
|
||
|
2FDA000
|
stack
|
page read and write
|
||
|
52A0000
|
heap
|
page read and write
|
||
|
5FE0000
|
heap
|
page read and write
|
||
|
9C2000
|
heap
|
page read and write
|
||
|
8B0D000
|
stack
|
page read and write
|
||
|
4A95000
|
trusted library allocation
|
page read and write
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
2678000
|
trusted library allocation
|
page read and write
|
||
|
939E000
|
stack
|
page read and write
|
||
|
24F0000
|
heap
|
page read and write
|
||
|
332A000
|
heap
|
page read and write
|
||
|
888E000
|
stack
|
page read and write
|
||
|
3DC4000
|
trusted library allocation
|
page read and write
|
||
|
D2A000
|
heap
|
page read and write
|
||
|
2510000
|
trusted library allocation
|
page execute and read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
1310000
|
trusted library allocation
|
page execute and read and write
|
||
|
3EE000
|
stack
|
page read and write
|
||
|
5AEE000
|
stack
|
page read and write
|
||
|
D1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FB0000
|
heap
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
898E000
|
stack
|
page read and write
|
||
|
96D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A9A000
|
trusted library allocation
|
page read and write
|
||
|
39C8000
|
trusted library allocation
|
page read and write
|
||
|
105B000
|
trusted library allocation
|
page execute and read and write
|
||
|
D2E000
|
heap
|
page read and write
|
||
|
568D000
|
stack
|
page read and write
|
||
|
921C000
|
stack
|
page read and write
|
||
|
4B50000
|
trusted library allocation
|
page read and write
|
||
|
1046000
|
trusted library allocation
|
page execute and read and write
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
8EBD000
|
stack
|
page read and write
|
||
|
4C70000
|
trusted library section
|
page read and write
|
||
|
4AA0000
|
trusted library allocation
|
page read and write
|
||
|
2C41000
|
trusted library allocation
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
5714000
|
heap
|
page read and write
|
||
|
518B000
|
trusted library allocation
|
page read and write
|
||
|
5730000
|
heap
|
page read and write
|
||
|
51D0000
|
heap
|
page execute and read and write
|
||
|
1110000
|
heap
|
page read and write
|
||
|
D3F000
|
stack
|
page read and write
|
||
|
8C40000
|
heap
|
page read and write
|
||
|
5520000
|
trusted library allocation
|
page read and write
|
||
|
2540000
|
trusted library allocation
|
page read and write
|
||
|
2737000
|
trusted library allocation
|
page read and write
|
||
|
646E000
|
stack
|
page read and write
|
||
|
5820000
|
heap
|
page read and write
|
||
|
5830000
|
trusted library allocation
|
page read and write
|
||
|
8FBE000
|
stack
|
page read and write
|
||
|
4A5B000
|
trusted library allocation
|
page read and write
|
||
|
5200000
|
trusted library allocation
|
page read and write
|
||
|
D13000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A7D000
|
trusted library allocation
|
page read and write
|
||
|
3968000
|
trusted library allocation
|
page read and write
|
||
|
401E000
|
trusted library allocation
|
page read and write
|
||
|
3577000
|
trusted library allocation
|
page read and write
|
||
|
3320000
|
heap
|
page read and write
|
||
|
24EC000
|
stack
|
page read and write
|
||
|
88C000
|
stack
|
page read and write
|
||
|
5CC0000
|
trusted library section
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
2AF0000
|
heap
|
page read and write
|
||
|
4D30000
|
trusted library allocation
|
page read and write
|
||
|
8C0E000
|
stack
|
page read and write
|
||
|
361B000
|
trusted library allocation
|
page read and write
|
||
|
2520000
|
trusted library allocation
|
page read and write
|
||
|
4B83000
|
heap
|
page read and write
|
||
|
2D06000
|
trusted library allocation
|
page read and write
|
||
|
4F4D000
|
stack
|
page read and write
|
||
|
B97000
|
trusted library allocation
|
page execute and read and write
|
||
|
F2E000
|
stack
|
page read and write
|
||
|
5160000
|
heap
|
page read and write
|
||
|
BB0000
|
trusted library allocation
|
page read and write
|
||
|
3CAB000
|
trusted library allocation
|
page read and write
|
||
|
378D000
|
trusted library allocation
|
page read and write
|
||
|
5280000
|
trusted library section
|
page read and write
|
||
|
98E000
|
heap
|
page read and write
|
||
|
25C0000
|
heap
|
page read and write
|
||
|
1320000
|
heap
|
page read and write
|
||
|
80E000
|
stack
|
page read and write
|
||
|
1330000
|
trusted library allocation
|
page read and write
|
||
|
51F0000
|
trusted library allocation
|
page read and write
|
||
|
935E000
|
stack
|
page read and write
|
||
|
51E0000
|
trusted library allocation
|
page read and write
|
||
|
1050000
|
trusted library allocation
|
page read and write
|
||
|
834E000
|
stack
|
page read and write
|
||
|
1060000
|
heap
|
page read and write
|
||
|
8D8D000
|
stack
|
page read and write
|
||
|
5700000
|
heap
|
page read and write
|
There are 337 hidden memdumps, click here to show them.