Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
ShippingOrder_ GSHS2400052.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ShippingOrder_ G_c05f69ea49c545b52540ede261d1523dc0c4da49_19f2bd8d_292068fc-b850-4303-bb11-dec50d1c5818\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER16C2.tmp.dmp
|
Mini DuMP crash report, 16 streams, Sat Apr 20 04:48:00 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER184A.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER18A9.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\ShippingOrder_ GSHS2400052.exe
|
"C:\Users\user\Desktop\ShippingOrder_ GSHS2400052.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
|
|
|
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 6424 -s 2408
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.ipify.org/
|
172.67.74.152
|
||
|
http://playerenterprises.org
|
unknown
|
||
|
https://api.ipify.org
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
https://api.ipify.org/t
|
unknown
|
||
|
https://playerenterprises.org/BaseVirtualEnvironment/6621c520c9ebd.txt0
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://playerenterprises.org
|
unknown
|
||
|
https://playerenterprises.org/BaseVirtualEnvironment/6621c520c9ebd.txt
|
193.222.96.147
|
||
|
http://mail.iaa-airferight.com
|
unknown
|
||
|
https://playerenterprises.org/BaseVirtualEnvironment/yummy.txt
|
193.222.96.147
|
There are 2 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.iaa-airferight.com
|
46.175.148.58
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
|
playerenterprises.org
|
193.222.96.147
|
||
|
api.ipify.org
|
172.67.74.152
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.211.108
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
46.175.148.58
|
mail.iaa-airferight.com
|
Ukraine
|
|
|
|
193.222.96.147
|
playerenterprises.org
|
Germany
|
||
|
172.67.74.152
|
api.ipify.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShippingOrder_ GSHS2400052_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShippingOrder_ GSHS2400052_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShippingOrder_ GSHS2400052_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShippingOrder_ GSHS2400052_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShippingOrder_ GSHS2400052_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShippingOrder_ GSHS2400052_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShippingOrder_ GSHS2400052_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShippingOrder_ GSHS2400052_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShippingOrder_ GSHS2400052_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShippingOrder_ GSHS2400052_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShippingOrder_ GSHS2400052_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShippingOrder_ GSHS2400052_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShippingOrder_ GSHS2400052_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ShippingOrder_ GSHS2400052_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
FileDirectory
|
||
|
\REGISTRY\A\{29f50feb-fe1f-2c2d-8168-6fd953a98fb8}\Root\InventoryApplicationFile\shippingorder_ g|621ac759c2cf60eb
|
ProgramId
|
||
|
\REGISTRY\A\{29f50feb-fe1f-2c2d-8168-6fd953a98fb8}\Root\InventoryApplicationFile\shippingorder_ g|621ac759c2cf60eb
|
FileId
|
||
|
\REGISTRY\A\{29f50feb-fe1f-2c2d-8168-6fd953a98fb8}\Root\InventoryApplicationFile\shippingorder_ g|621ac759c2cf60eb
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{29f50feb-fe1f-2c2d-8168-6fd953a98fb8}\Root\InventoryApplicationFile\shippingorder_ g|621ac759c2cf60eb
|
LongPathHash
|
||
|
\REGISTRY\A\{29f50feb-fe1f-2c2d-8168-6fd953a98fb8}\Root\InventoryApplicationFile\shippingorder_ g|621ac759c2cf60eb
|
Name
|
||
|
\REGISTRY\A\{29f50feb-fe1f-2c2d-8168-6fd953a98fb8}\Root\InventoryApplicationFile\shippingorder_ g|621ac759c2cf60eb
|
OriginalFileName
|
||
|
\REGISTRY\A\{29f50feb-fe1f-2c2d-8168-6fd953a98fb8}\Root\InventoryApplicationFile\shippingorder_ g|621ac759c2cf60eb
|
Publisher
|
||
|
\REGISTRY\A\{29f50feb-fe1f-2c2d-8168-6fd953a98fb8}\Root\InventoryApplicationFile\shippingorder_ g|621ac759c2cf60eb
|
Version
|
||
|
\REGISTRY\A\{29f50feb-fe1f-2c2d-8168-6fd953a98fb8}\Root\InventoryApplicationFile\shippingorder_ g|621ac759c2cf60eb
|
BinFileVersion
|
||
|
\REGISTRY\A\{29f50feb-fe1f-2c2d-8168-6fd953a98fb8}\Root\InventoryApplicationFile\shippingorder_ g|621ac759c2cf60eb
|
BinaryType
|
||
|
\REGISTRY\A\{29f50feb-fe1f-2c2d-8168-6fd953a98fb8}\Root\InventoryApplicationFile\shippingorder_ g|621ac759c2cf60eb
|
ProductName
|
||
|
\REGISTRY\A\{29f50feb-fe1f-2c2d-8168-6fd953a98fb8}\Root\InventoryApplicationFile\shippingorder_ g|621ac759c2cf60eb
|
ProductVersion
|
||
|
\REGISTRY\A\{29f50feb-fe1f-2c2d-8168-6fd953a98fb8}\Root\InventoryApplicationFile\shippingorder_ g|621ac759c2cf60eb
|
LinkDate
|
||
|
\REGISTRY\A\{29f50feb-fe1f-2c2d-8168-6fd953a98fb8}\Root\InventoryApplicationFile\shippingorder_ g|621ac759c2cf60eb
|
BinProductVersion
|
||
|
\REGISTRY\A\{29f50feb-fe1f-2c2d-8168-6fd953a98fb8}\Root\InventoryApplicationFile\shippingorder_ g|621ac759c2cf60eb
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{29f50feb-fe1f-2c2d-8168-6fd953a98fb8}\Root\InventoryApplicationFile\shippingorder_ g|621ac759c2cf60eb
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{29f50feb-fe1f-2c2d-8168-6fd953a98fb8}\Root\InventoryApplicationFile\shippingorder_ g|621ac759c2cf60eb
|
Size
|
||
|
\REGISTRY\A\{29f50feb-fe1f-2c2d-8168-6fd953a98fb8}\Root\InventoryApplicationFile\shippingorder_ g|621ac759c2cf60eb
|
Language
|
||
|
\REGISTRY\A\{29f50feb-fe1f-2c2d-8168-6fd953a98fb8}\Root\InventoryApplicationFile\shippingorder_ g|621ac759c2cf60eb
|
Usn
|
There are 38 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
13AA1000
|
trusted library allocation
|
page read and write
|
|
|
|
13031000
|
trusted library allocation
|
page read and write
|
|
|
|
13382000
|
trusted library allocation
|
page read and write
|
|
|
|
2B51000
|
trusted library allocation
|
page read and write
|
|
|
|
13011000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
1B960000
|
trusted library section
|
page read and write
|
|
|
|
2B7C000
|
trusted library allocation
|
page read and write
|
|
|
|
3050000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page read and write
|
||
|
1333000
|
heap
|
page read and write
|
||
|
E28000
|
heap
|
page read and write
|
||
|
3001000
|
trusted library allocation
|
page read and write
|
||
|
68E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
7FFD9B7AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
51AC000
|
stack
|
page read and write
|
||
|
1150000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B76000
|
trusted library allocation
|
page read and write
|
||
|
1020000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1030000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7A4000
|
trusted library allocation
|
page read and write
|
||
|
3B01000
|
trusted library allocation
|
page read and write
|
||
|
CEE000
|
stack
|
page read and write
|
||
|
1B58D000
|
stack
|
page read and write
|
||
|
1C4CD000
|
stack
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
67CE000
|
stack
|
page read and write
|
||
|
4FA0000
|
heap
|
page execute and read and write
|
||
|
7FFD9B924000
|
trusted library allocation
|
page read and write
|
||
|
2B41000
|
trusted library allocation
|
page read and write
|
||
|
6930000
|
heap
|
page read and write
|
||
|
1BDCF000
|
stack
|
page read and write
|
||
|
6420000
|
trusted library allocation
|
page read and write
|
||
|
2AB1000
|
trusted library allocation
|
page read and write
|
||
|
614E000
|
stack
|
page read and write
|
||
|
131A000
|
heap
|
page read and write
|
||
|
E56000
|
heap
|
page read and write
|
||
|
5550000
|
heap
|
page read and write
|
||
|
10F4000
|
stack
|
page read and write
|
||
|
1BFCD000
|
stack
|
page read and write
|
||
|
1C1D8000
|
heap
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
160F000
|
stack
|
page read and write
|
||
|
10B8000
|
trusted library allocation
|
page read and write
|
||
|
2F0F000
|
stack
|
page read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
6400000
|
trusted library allocation
|
page read and write
|
||
|
5D30000
|
heap
|
page read and write
|
||
|
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
|
63EF000
|
stack
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
2B84000
|
trusted library allocation
|
page read and write
|
||
|
2A9B000
|
trusted library allocation
|
page read and write
|
||
|
DF0000
|
trusted library allocation
|
page read and write
|
||
|
135B000
|
heap
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B83C000
|
trusted library allocation
|
page execute and read and write
|
||
|
C25000
|
heap
|
page read and write
|
||
|
6437000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
2AA2000
|
trusted library allocation
|
page read and write
|
||
|
162A000
|
heap
|
page read and write
|
||
|
6557000
|
trusted library allocation
|
page read and write
|
||
|
1C0CE000
|
stack
|
page read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
7FFD9B836000
|
trusted library allocation
|
page read and write
|
||
|
130F000
|
heap
|
page read and write
|
||
|
2ABD000
|
trusted library allocation
|
page read and write
|
||
|
2AC2000
|
trusted library allocation
|
page read and write
|
||
|
FF2D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1186000
|
heap
|
page read and write
|
||
|
642D000
|
trusted library allocation
|
page read and write
|
||
|
135D000
|
heap
|
page read and write
|
||
|
101E000
|
stack
|
page read and write
|
||
|
1C245000
|
heap
|
page read and write
|
||
|
13001000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B783000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B95E000
|
stack
|
page read and write
|
||
|
103A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B90000
|
trusted library allocation
|
page read and write
|
||
|
2A90000
|
trusted library allocation
|
page read and write
|
||
|
2B37000
|
trusted library allocation
|
page read and write
|
||
|
2A70000
|
heap
|
page execute and read and write
|
||
|
4F8C000
|
stack
|
page read and write
|
||
|
2B92000
|
trusted library allocation
|
page read and write
|
||
|
1C3CB000
|
stack
|
page read and write
|
||
|
2FD0000
|
trusted library allocation
|
page read and write
|
||
|
14F0000
|
heap
|
page read and write
|
||
|
647D000
|
stack
|
page read and write
|
||
|
1BECE000
|
stack
|
page read and write
|
||
|
12D5000
|
heap
|
page read and write
|
||
|
305E000
|
trusted library allocation
|
page read and write
|
||
|
4987000
|
trusted library allocation
|
page read and write
|
||
|
1C252000
|
heap
|
page read and write
|
||
|
1045000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AF0000
|
heap
|
page read and write
|
||
|
10AE000
|
stack
|
page read and write
|
||
|
2AAE000
|
trusted library allocation
|
page read and write
|
||
|
68DB000
|
trusted library allocation
|
page read and write
|
||
|
6560000
|
trusted library allocation
|
page read and write
|
||
|
E03000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F10000
|
trusted library allocation
|
page read and write
|
||
|
2E00000
|
trusted library allocation
|
page read and write
|
||
|
2F13000
|
trusted library allocation
|
page read and write
|
||
|
3063000
|
trusted library allocation
|
page read and write
|
||
|
1CACD000
|
stack
|
page read and write
|
||
|
14EE000
|
stack
|
page read and write
|
||
|
6410000
|
trusted library allocation
|
page execute and read and write
|
||
|
6408000
|
trusted library allocation
|
page read and write
|
||
|
6910000
|
trusted library allocation
|
page read and write
|
||
|
1C227000
|
heap
|
page read and write
|
||
|
3B67000
|
trusted library allocation
|
page read and write
|
||
|
2B94000
|
trusted library allocation
|
page read and write
|
||
|
E04000
|
trusted library allocation
|
page read and write
|
||
|
E54000
|
heap
|
page read and write
|
||
|
2B78000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B793000
|
trusted library allocation
|
page read and write
|
||
|
1C9CE000
|
stack
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
D02000
|
unkown
|
page readonly
|
||
|
E0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6550000
|
trusted library allocation
|
page read and write
|
||
|
1B030000
|
trusted library allocation
|
page read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
654E000
|
stack
|
page read and write
|
||
|
7FFD9B782000
|
trusted library allocation
|
page read and write
|
||
|
1174000
|
heap
|
page read and write
|
||
|
1C225000
|
heap
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page execute and read and write
|
||
|
1367000
|
heap
|
page read and write
|
||
|
2A6C000
|
stack
|
page read and write
|
||
|
12CE000
|
stack
|
page read and write
|
||
|
2DE0000
|
trusted library allocation
|
page read and write
|
||
|
12FC000
|
heap
|
page read and write
|
||
|
6920000
|
trusted library allocation
|
page execute and read and write
|
||
|
102D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6CC0000
|
heap
|
page read and write
|
||
|
5387000
|
trusted library allocation
|
page read and write
|
||
|
2B4D000
|
trusted library allocation
|
page read and write
|
||
|
2AB6000
|
trusted library allocation
|
page read and write
|
||
|
1170000
|
heap
|
page read and write
|
||
|
4472000
|
trusted library allocation
|
page read and write
|
||
|
3043000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
|
E00000
|
trusted library allocation
|
page read and write
|
||
|
7FB1000
|
trusted library allocation
|
page read and write
|
||
|
5D87000
|
trusted library allocation
|
page read and write
|
||
|
2F60000
|
heap
|
page execute and read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
4FB0000
|
heap
|
page read and write
|
||
|
1C1D0000
|
heap
|
page read and write
|
||
|
1313000
|
heap
|
page read and write
|
||
|
EF6000
|
heap
|
page read and write
|
||
|
C6E000
|
stack
|
page read and write
|
||
|
628E000
|
stack
|
page read and write
|
||
|
670E000
|
stack
|
page read and write
|
||
|
6430000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B929000
|
trusted library allocation
|
page read and write
|
||
|
68CD000
|
stack
|
page read and write
|
||
|
D2E000
|
stack
|
page read and write
|
||
|
2B8A000
|
trusted library allocation
|
page read and write
|
||
|
2A2F000
|
stack
|
page read and write
|
||
|
4BFE000
|
stack
|
page read and write
|
||
|
554E000
|
stack
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
1047000
|
trusted library allocation
|
page execute and read and write
|
||
|
12D0000
|
heap
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
1060000
|
trusted library allocation
|
page read and write
|
||
|
1C8CC000
|
stack
|
page read and write
|
||
|
1036000
|
trusted library allocation
|
page execute and read and write
|
||
|
CAF000
|
stack
|
page read and write
|
||
|
3B29000
|
trusted library allocation
|
page read and write
|
||
|
EB8000
|
heap
|
page read and write
|
||
|
68D0000
|
trusted library allocation
|
page read and write
|
||
|
2AE0000
|
trusted library allocation
|
page read and write
|
||
|
1C208000
|
heap
|
page read and write
|
||
|
5D10000
|
heap
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
3A63000
|
trusted library allocation
|
page read and write
|
||
|
618E000
|
stack
|
page read and write
|
||
|
62EE000
|
stack
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
1C24F000
|
heap
|
page read and write
|
||
|
1620000
|
heap
|
page read and write
|
||
|
1B980000
|
heap
|
page execute and read and write
|
||
|
2AD0000
|
trusted library allocation
|
page read and write
|
||
|
6787000
|
trusted library allocation
|
page read and write
|
||
|
2FAF000
|
stack
|
page read and write
|
||
|
2B3F000
|
trusted library allocation
|
page read and write
|
||
|
1625000
|
heap
|
page read and write
|
||
|
1BA8E000
|
stack
|
page read and write
|
||
|
D00000
|
unkown
|
page readonly
|
||
|
7187000
|
trusted library allocation
|
page read and write
|
||
|
7FF4D9FF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
104B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B7A000
|
trusted library allocation
|
page read and write
|
||
|
1032000
|
trusted library allocation
|
page read and write
|
||
|
2B01000
|
trusted library allocation
|
page read and write
|
||
|
2A9E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C1E1000
|
heap
|
page read and write
|
||
|
1160000
|
trusted library allocation
|
page read and write
|
||
|
1C1C9000
|
stack
|
page read and write
|
||
|
1040000
|
trusted library allocation
|
page read and write
|
||
|
2A80000
|
trusted library allocation
|
page read and write
|
||
|
75B1000
|
trusted library allocation
|
page read and write
|
||
|
5D14000
|
heap
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
D00000
|
unkown
|
page readonly
|
||
|
4462000
|
trusted library allocation
|
page read and write
|
||
|
1BB8E000
|
stack
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
7BA000
|
stack
|
page read and write
|
||
|
7FFD9B866000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
52BE000
|
stack
|
page read and write
|
||
|
AF8000
|
stack
|
page read and write
|
||
|
E4A000
|
heap
|
page read and write
|
||
|
1042000
|
trusted library allocation
|
page read and write
|
||
|
650E000
|
stack
|
page read and write
|
||
|
1B38E000
|
heap
|
page read and write
|
||
|
EAA000
|
heap
|
page read and write
|
There are 222 hidden memdumps, click here to show them.