Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
New DHL Shipment Document Arrival Notice.pdf.exe
|
PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_New DHL Shipment_2fb9a779aae7560f97a236ac8a8e38ee4627e80_832b6b58_d4673f3b-6d65-4ce4-a848-6247b28a8c7d\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER592E.tmp.dmp
|
Mini DuMP crash report, 16 streams, Wed Apr 24 05:15:12 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5B03.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5B33.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\New DHL Shipment Document Arrival Notice.pdf.exe
|
"C:\Users\user\Desktop\New DHL Shipment Document Arrival Notice.pdf.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe"
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 6500 -s 1092
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.ipify.org/
|
104.26.13.205
|
||
|
https://api.ipify.org
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
https://api.ipify.org/t
|
unknown
|
||
|
http://smtp.prestamp.in
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
smtp.prestamp.in
|
8.38.89.60
|
|
|
|
api.ipify.org
|
104.26.13.205
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.211.108
|
||
|
windowsupdatebg.s.llnwi.net
|
68.142.107.4
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
8.38.89.60
|
smtp.prestamp.in
|
United States
|
|
|
|
104.26.13.205
|
api.ipify.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASMANCS
|
FileDirectory
|
||
|
\REGISTRY\A\{54be0a4d-789f-bcc0-a62e-4a7e955fdcc3}\Root\InventoryApplicationFile\new dhl shipment|5917b46d2f048bcb
|
ProgramId
|
||
|
\REGISTRY\A\{54be0a4d-789f-bcc0-a62e-4a7e955fdcc3}\Root\InventoryApplicationFile\new dhl shipment|5917b46d2f048bcb
|
FileId
|
||
|
\REGISTRY\A\{54be0a4d-789f-bcc0-a62e-4a7e955fdcc3}\Root\InventoryApplicationFile\new dhl shipment|5917b46d2f048bcb
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{54be0a4d-789f-bcc0-a62e-4a7e955fdcc3}\Root\InventoryApplicationFile\new dhl shipment|5917b46d2f048bcb
|
LongPathHash
|
||
|
\REGISTRY\A\{54be0a4d-789f-bcc0-a62e-4a7e955fdcc3}\Root\InventoryApplicationFile\new dhl shipment|5917b46d2f048bcb
|
Name
|
||
|
\REGISTRY\A\{54be0a4d-789f-bcc0-a62e-4a7e955fdcc3}\Root\InventoryApplicationFile\new dhl shipment|5917b46d2f048bcb
|
OriginalFileName
|
||
|
\REGISTRY\A\{54be0a4d-789f-bcc0-a62e-4a7e955fdcc3}\Root\InventoryApplicationFile\new dhl shipment|5917b46d2f048bcb
|
Publisher
|
||
|
\REGISTRY\A\{54be0a4d-789f-bcc0-a62e-4a7e955fdcc3}\Root\InventoryApplicationFile\new dhl shipment|5917b46d2f048bcb
|
Version
|
||
|
\REGISTRY\A\{54be0a4d-789f-bcc0-a62e-4a7e955fdcc3}\Root\InventoryApplicationFile\new dhl shipment|5917b46d2f048bcb
|
BinFileVersion
|
||
|
\REGISTRY\A\{54be0a4d-789f-bcc0-a62e-4a7e955fdcc3}\Root\InventoryApplicationFile\new dhl shipment|5917b46d2f048bcb
|
BinaryType
|
||
|
\REGISTRY\A\{54be0a4d-789f-bcc0-a62e-4a7e955fdcc3}\Root\InventoryApplicationFile\new dhl shipment|5917b46d2f048bcb
|
ProductName
|
||
|
\REGISTRY\A\{54be0a4d-789f-bcc0-a62e-4a7e955fdcc3}\Root\InventoryApplicationFile\new dhl shipment|5917b46d2f048bcb
|
ProductVersion
|
||
|
\REGISTRY\A\{54be0a4d-789f-bcc0-a62e-4a7e955fdcc3}\Root\InventoryApplicationFile\new dhl shipment|5917b46d2f048bcb
|
LinkDate
|
||
|
\REGISTRY\A\{54be0a4d-789f-bcc0-a62e-4a7e955fdcc3}\Root\InventoryApplicationFile\new dhl shipment|5917b46d2f048bcb
|
BinProductVersion
|
||
|
\REGISTRY\A\{54be0a4d-789f-bcc0-a62e-4a7e955fdcc3}\Root\InventoryApplicationFile\new dhl shipment|5917b46d2f048bcb
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{54be0a4d-789f-bcc0-a62e-4a7e955fdcc3}\Root\InventoryApplicationFile\new dhl shipment|5917b46d2f048bcb
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{54be0a4d-789f-bcc0-a62e-4a7e955fdcc3}\Root\InventoryApplicationFile\new dhl shipment|5917b46d2f048bcb
|
Size
|
||
|
\REGISTRY\A\{54be0a4d-789f-bcc0-a62e-4a7e955fdcc3}\Root\InventoryApplicationFile\new dhl shipment|5917b46d2f048bcb
|
Language
|
||
|
\REGISTRY\A\{54be0a4d-789f-bcc0-a62e-4a7e955fdcc3}\Root\InventoryApplicationFile\new dhl shipment|5917b46d2f048bcb
|
Usn
|
There are 24 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
161645D8000
|
trusted library allocation
|
page read and write
|
|
|
|
16164089000
|
trusted library allocation
|
page read and write
|
|
|
|
16174037000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
318C000
|
trusted library allocation
|
page read and write
|
|
|
|
3161000
|
trusted library allocation
|
page read and write
|
|
|
|
3194000
|
trusted library allocation
|
page read and write
|
|
|
|
16164297000
|
trusted library allocation
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
161624AC000
|
heap
|
page read and write
|
||
|
16163EDA000
|
heap
|
page read and write
|
||
|
3000000
|
heap
|
page execute and read and write
|
||
|
7FF848EA0000
|
trusted library allocation
|
page read and write
|
||
|
1616427F000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E14000
|
trusted library allocation
|
page read and write
|
||
|
2E78000
|
trusted library allocation
|
page read and write
|
||
|
1380000
|
trusted library allocation
|
page execute and read and write
|
||
|
27781FE000
|
stack
|
page read and write
|
||
|
27784FF000
|
stack
|
page read and write
|
||
|
7FF848FAF000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
2FC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EAC000
|
trusted library allocation
|
page execute and read and write
|
||
|
12E6000
|
heap
|
page read and write
|
||
|
7190000
|
heap
|
page read and write
|
||
|
7FF848F10000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FD0000
|
trusted library allocation
|
page read and write
|
||
|
2F9E000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E03000
|
trusted library allocation
|
page read and write
|
||
|
32DE000
|
trusted library allocation
|
page read and write
|
||
|
7FF849000000
|
trusted library allocation
|
page execute and read and write
|
||
|
161624E2000
|
heap
|
page read and write
|
||
|
1330000
|
trusted library allocation
|
page read and write
|
||
|
2777FFE000
|
stack
|
page read and write
|
||
|
16164020000
|
heap
|
page read and write
|
||
|
3331000
|
trusted library allocation
|
page read and write
|
||
|
13CF000
|
heap
|
page read and write
|
||
|
6320000
|
heap
|
page read and write
|
||
|
319A000
|
trusted library allocation
|
page read and write
|
||
|
5B8E000
|
stack
|
page read and write
|
||
|
69FE000
|
stack
|
page read and write
|
||
|
57EE000
|
stack
|
page read and write
|
||
|
6F40000
|
heap
|
page read and write
|
||
|
16162410000
|
heap
|
page read and write
|
||
|
3147000
|
trusted library allocation
|
page read and write
|
||
|
6B80000
|
trusted library allocation
|
page read and write
|
||
|
161625A0000
|
trusted library allocation
|
page read and write
|
||
|
5A8D000
|
stack
|
page read and write
|
||
|
161622A6000
|
unkown
|
page readonly
|
||
|
7FF848DF4000
|
trusted library allocation
|
page read and write
|
||
|
579C000
|
stack
|
page read and write
|
||
|
7FD70000
|
trusted library allocation
|
page execute and read and write
|
||
|
32EA000
|
trusted library allocation
|
page read and write
|
||
|
6EF8000
|
trusted library allocation
|
page read and write
|
||
|
315D000
|
trusted library allocation
|
page read and write
|
||
|
161626A5000
|
heap
|
page read and write
|
||
|
16164259000
|
trusted library allocation
|
page read and write
|
||
|
2F80000
|
trusted library allocation
|
page read and write
|
||
|
1616429F000
|
trusted library allocation
|
page read and write
|
||
|
16162690000
|
heap
|
page execute and read and write
|
||
|
31A2000
|
trusted library allocation
|
page read and write
|
||
|
16162570000
|
heap
|
page read and write
|
||
|
16164262000
|
trusted library allocation
|
page read and write
|
||
|
630A000
|
heap
|
page read and write
|
||
|
7FF848FED000
|
trusted library allocation
|
page read and write
|
||
|
2777EFE000
|
stack
|
page read and write
|
||
|
1332000
|
trusted library allocation
|
page read and write
|
||
|
142F000
|
heap
|
page read and write
|
||
|
1322000
|
trusted library allocation
|
page read and write
|
||
|
6F00000
|
trusted library allocation
|
page read and write
|
||
|
632F000
|
heap
|
page read and write
|
||
|
68FE000
|
stack
|
page read and write
|
||
|
7FF848DF2000
|
trusted library allocation
|
page read and write
|
||
|
16164251000
|
trusted library allocation
|
page read and write
|
||
|
331D000
|
trusted library allocation
|
page read and write
|
||
|
13D1000
|
heap
|
page read and write
|
||
|
5693000
|
heap
|
page read and write
|
||
|
667E000
|
stack
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
16162725000
|
heap
|
page read and write
|
||
|
16162512000
|
heap
|
page read and write
|
||
|
5840000
|
heap
|
page execute and read and write
|
||
|
63A8000
|
heap
|
page read and write
|
||
|
10F9000
|
stack
|
page read and write
|
||
|
1616422F000
|
trusted library allocation
|
page read and write
|
||
|
27788FD000
|
stack
|
page read and write
|
||
|
67BE000
|
stack
|
page read and write
|
||
|
16162430000
|
heap
|
page read and write
|
||
|
16164275000
|
trusted library allocation
|
page read and write
|
||
|
2FA6000
|
trusted library allocation
|
page read and write
|
||
|
16162720000
|
heap
|
page read and write
|
||
|
131D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B2F000
|
stack
|
page read and write
|
||
|
2F9A000
|
trusted library allocation
|
page read and write
|
||
|
63B4000
|
heap
|
page read and write
|
||
|
6A00000
|
trusted library allocation
|
page read and write
|
||
|
16164240000
|
trusted library allocation
|
page read and write
|
||
|
3336000
|
trusted library allocation
|
page read and write
|
||
|
6F60000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F70000
|
trusted library allocation
|
page read and write
|
||
|
330C000
|
trusted library allocation
|
page read and write
|
||
|
2FAD000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
11F0000
|
heap
|
page read and write
|
||
|
161624CB000
|
heap
|
page read and write
|
||
|
161626A0000
|
heap
|
page read and write
|
||
|
161624A0000
|
heap
|
page read and write
|
||
|
1616250C000
|
heap
|
page read and write
|
||
|
1417000
|
heap
|
page read and write
|
||
|
27786FD000
|
stack
|
page read and write
|
||
|
1421000
|
heap
|
page read and write
|
||
|
2FA1000
|
trusted library allocation
|
page read and write
|
||
|
582E000
|
stack
|
page read and write
|
||
|
16162242000
|
unkown
|
page readonly
|
||
|
6308000
|
heap
|
page read and write
|
||
|
1617C060000
|
trusted library allocation
|
page read and write
|
||
|
1617C6F0000
|
trusted library section
|
page read and write
|
||
|
DAA000
|
stack
|
page read and write
|
||
|
633C000
|
heap
|
page read and write
|
||
|
1617C8C0000
|
heap
|
page execute and read and write
|
||
|
16162330000
|
heap
|
page read and write
|
||
|
310E000
|
stack
|
page read and write
|
||
|
161642B1000
|
trusted library allocation
|
page read and write
|
||
|
6A1D000
|
trusted library allocation
|
page read and write
|
||
|
6F10000
|
trusted library allocation
|
page read and write
|
||
|
635C000
|
heap
|
page read and write
|
||
|
16164119000
|
trusted library allocation
|
page read and write
|
||
|
3111000
|
trusted library allocation
|
page read and write
|
||
|
6B70000
|
trusted library allocation
|
page execute and read and write
|
||
|
133B000
|
trusted library allocation
|
page execute and read and write
|
||
|
161642A9000
|
trusted library allocation
|
page read and write
|
||
|
161624E0000
|
heap
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F94000
|
trusted library allocation
|
page read and write
|
||
|
68BE000
|
stack
|
page read and write
|
||
|
1326000
|
trusted library allocation
|
page execute and read and write
|
||
|
27787FA000
|
stack
|
page read and write
|
||
|
1337000
|
trusted library allocation
|
page execute and read and write
|
||
|
132A000
|
trusted library allocation
|
page execute and read and write
|
||
|
16162595000
|
heap
|
page read and write
|
||
|
677E000
|
stack
|
page read and write
|
||
|
27782FB000
|
stack
|
page read and write
|
||
|
1616250A000
|
heap
|
page read and write
|
||
|
2E6E000
|
stack
|
page read and write
|
||
|
1350000
|
trusted library allocation
|
page read and write
|
||
|
3326000
|
trusted library allocation
|
page read and write
|
||
|
27780FE000
|
stack
|
page read and write
|
||
|
3188000
|
trusted library allocation
|
page read and write
|
||
|
2F5C000
|
stack
|
page read and write
|
||
|
6A6D000
|
stack
|
page read and write
|
||
|
7FF849010000
|
trusted library allocation
|
page read and write
|
||
|
568C000
|
stack
|
page read and write
|
||
|
161625D0000
|
trusted library allocation
|
page read and write
|
||
|
2F60000
|
trusted library allocation
|
page read and write
|
||
|
16162450000
|
heap
|
page read and write
|
||
|
16174031000
|
trusted library allocation
|
page read and write
|
||
|
5550000
|
heap
|
page read and write
|
||
|
2777B72000
|
stack
|
page read and write
|
||
|
1250000
|
heap
|
page read and write
|
||
|
594E000
|
stack
|
page read and write
|
||
|
27785FF000
|
stack
|
page read and write
|
||
|
2F92000
|
trusted library allocation
|
page read and write
|
||
|
1404000
|
heap
|
page read and write
|
||
|
6A70000
|
trusted library allocation
|
page execute and read and write
|
||
|
16164287000
|
trusted library allocation
|
page read and write
|
||
|
3151000
|
trusted library allocation
|
page read and write
|
||
|
5A4E000
|
stack
|
page read and write
|
||
|
318A000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
27783FE000
|
stack
|
page read and write
|
||
|
314F000
|
trusted library allocation
|
page read and write
|
||
|
16174312000
|
trusted library allocation
|
page read and write
|
||
|
332B000
|
trusted library allocation
|
page read and write
|
||
|
16162240000
|
unkown
|
page readonly
|
||
|
4176000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FF0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848ED6000
|
trusted library allocation
|
page execute and read and write
|
||
|
6300000
|
heap
|
page read and write
|
||
|
7FF848F90000
|
trusted library allocation
|
page read and write
|
||
|
1390000
|
heap
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
520E000
|
stack
|
page read and write
|
||
|
16164248000
|
trusted library allocation
|
page read and write
|
||
|
11F5000
|
heap
|
page read and write
|
||
|
6A90000
|
trusted library allocation
|
page execute and read and write
|
||
|
4111000
|
trusted library allocation
|
page read and write
|
||
|
6A08000
|
trusted library allocation
|
page read and write
|
||
|
139B000
|
heap
|
page read and write
|
||
|
1616426C000
|
trusted library allocation
|
page read and write
|
||
|
1335000
|
trusted library allocation
|
page execute and read and write
|
||
|
16164031000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EA6000
|
trusted library allocation
|
page read and write
|
||
|
161640FF000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
7FF848DF3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F8B000
|
trusted library allocation
|
page read and write
|
||
|
3319000
|
trusted library allocation
|
page read and write
|
||
|
6A80000
|
heap
|
page read and write
|
||
|
16164237000
|
trusted library allocation
|
page read and write
|
||
|
1412000
|
heap
|
page read and write
|
||
|
1304000
|
trusted library allocation
|
page read and write
|
||
|
12E0000
|
heap
|
page read and write
|
||
|
4139000
|
trusted library allocation
|
page read and write
|
||
|
1310000
|
trusted library allocation
|
page read and write
|
||
|
7FF40E4C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6A10000
|
trusted library allocation
|
page read and write
|
||
|
6A20000
|
trusted library allocation
|
page read and write
|
||
|
1300000
|
trusted library allocation
|
page read and write
|
||
|
130D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848DF0000
|
trusted library allocation
|
page read and write
|
||
|
1303000
|
trusted library allocation
|
page execute and read and write
|
||
|
161625C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1320000
|
trusted library allocation
|
page read and write
|
||
|
2F10000
|
heap
|
page read and write
|
||
|
1617C790000
|
heap
|
page read and write
|
||
|
7FF848FAA000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1110000
|
heap
|
page read and write
|
||
|
7FF848E4C000
|
trusted library allocation
|
page execute and read and write
|
||
|
161642CC000
|
trusted library allocation
|
page read and write
|
||
|
5690000
|
heap
|
page read and write
|
||
|
42A4000
|
trusted library allocation
|
page read and write
|
||
|
5C10000
|
heap
|
page read and write
|
||
|
6EF0000
|
trusted library allocation
|
page read and write
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E1B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F86000
|
trusted library allocation
|
page read and write
|
||
|
146D000
|
heap
|
page read and write
|
||
|
161645DC000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FA0000
|
trusted library allocation
|
page read and write
|
||
|
6A27000
|
trusted library allocation
|
page read and write
|
||
|
161625D3000
|
trusted library allocation
|
page read and write
|
||
|
12F0000
|
trusted library allocation
|
page read and write
|
||
|
2F8E000
|
trusted library allocation
|
page read and write
|
There are 227 hidden memdumps, click here to show them.