Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
CHEMICAL SPECIFICATIONS.exe
|
PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_CHEMICAL SPECIFI_278f92060784c2894194ab94c74b6a2b344e382_42837c52_a070d845-8d0a-4a2f-b2b0-36689af5af36\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3D1F.tmp.dmp
|
Mini DuMP crash report, 16 streams, Fri Apr 26 08:06:28 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3EA6.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3ED6.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\CHEMICAL SPECIFICATIONS.exe
|
"C:\Users\user\Desktop\CHEMICAL SPECIFICATIONS.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 6780 -s 1088
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.ipify.org/
|
104.26.13.205
|
||
|
https://api.ipify.org
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
https://api.ipify.org/t
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://ftp.ercolina-usa.com
|
unknown
|
||
|
http://ercolina-usa.com
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
||
|
http://ip-api.com
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ftp.ercolina-usa.com
|
unknown
|
|
|
|
ercolina-usa.com
|
192.254.225.136
|
||
|
api.ipify.org
|
104.26.13.205
|
||
|
ip-api.com
|
208.95.112.1
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.254.225.136
|
ercolina-usa.com
|
United States
|
||
|
208.95.112.1
|
ip-api.com
|
United States
|
||
|
104.26.13.205
|
api.ipify.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASMANCS
|
FileDirectory
|
||
|
\REGISTRY\A\{04d5f55c-bb15-714a-3c06-5744ef65d4c7}\Root\InventoryApplicationFile\chemical specifi|ebc9bfed6d54076f
|
ProgramId
|
||
|
\REGISTRY\A\{04d5f55c-bb15-714a-3c06-5744ef65d4c7}\Root\InventoryApplicationFile\chemical specifi|ebc9bfed6d54076f
|
FileId
|
||
|
\REGISTRY\A\{04d5f55c-bb15-714a-3c06-5744ef65d4c7}\Root\InventoryApplicationFile\chemical specifi|ebc9bfed6d54076f
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{04d5f55c-bb15-714a-3c06-5744ef65d4c7}\Root\InventoryApplicationFile\chemical specifi|ebc9bfed6d54076f
|
LongPathHash
|
||
|
\REGISTRY\A\{04d5f55c-bb15-714a-3c06-5744ef65d4c7}\Root\InventoryApplicationFile\chemical specifi|ebc9bfed6d54076f
|
Name
|
||
|
\REGISTRY\A\{04d5f55c-bb15-714a-3c06-5744ef65d4c7}\Root\InventoryApplicationFile\chemical specifi|ebc9bfed6d54076f
|
OriginalFileName
|
||
|
\REGISTRY\A\{04d5f55c-bb15-714a-3c06-5744ef65d4c7}\Root\InventoryApplicationFile\chemical specifi|ebc9bfed6d54076f
|
Publisher
|
||
|
\REGISTRY\A\{04d5f55c-bb15-714a-3c06-5744ef65d4c7}\Root\InventoryApplicationFile\chemical specifi|ebc9bfed6d54076f
|
Version
|
||
|
\REGISTRY\A\{04d5f55c-bb15-714a-3c06-5744ef65d4c7}\Root\InventoryApplicationFile\chemical specifi|ebc9bfed6d54076f
|
BinFileVersion
|
||
|
\REGISTRY\A\{04d5f55c-bb15-714a-3c06-5744ef65d4c7}\Root\InventoryApplicationFile\chemical specifi|ebc9bfed6d54076f
|
BinaryType
|
||
|
\REGISTRY\A\{04d5f55c-bb15-714a-3c06-5744ef65d4c7}\Root\InventoryApplicationFile\chemical specifi|ebc9bfed6d54076f
|
ProductName
|
||
|
\REGISTRY\A\{04d5f55c-bb15-714a-3c06-5744ef65d4c7}\Root\InventoryApplicationFile\chemical specifi|ebc9bfed6d54076f
|
ProductVersion
|
||
|
\REGISTRY\A\{04d5f55c-bb15-714a-3c06-5744ef65d4c7}\Root\InventoryApplicationFile\chemical specifi|ebc9bfed6d54076f
|
LinkDate
|
||
|
\REGISTRY\A\{04d5f55c-bb15-714a-3c06-5744ef65d4c7}\Root\InventoryApplicationFile\chemical specifi|ebc9bfed6d54076f
|
BinProductVersion
|
||
|
\REGISTRY\A\{04d5f55c-bb15-714a-3c06-5744ef65d4c7}\Root\InventoryApplicationFile\chemical specifi|ebc9bfed6d54076f
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{04d5f55c-bb15-714a-3c06-5744ef65d4c7}\Root\InventoryApplicationFile\chemical specifi|ebc9bfed6d54076f
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{04d5f55c-bb15-714a-3c06-5744ef65d4c7}\Root\InventoryApplicationFile\chemical specifi|ebc9bfed6d54076f
|
Size
|
||
|
\REGISTRY\A\{04d5f55c-bb15-714a-3c06-5744ef65d4c7}\Root\InventoryApplicationFile\chemical specifi|ebc9bfed6d54076f
|
Language
|
||
|
\REGISTRY\A\{04d5f55c-bb15-714a-3c06-5744ef65d4c7}\Root\InventoryApplicationFile\chemical specifi|ebc9bfed6d54076f
|
Usn
|
There are 24 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2CA5000
|
trusted library allocation
|
page read and write
|
|
|
|
2CCE000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
2973322C000
|
trusted library allocation
|
page read and write
|
|
|
|
29742FB7000
|
trusted library allocation
|
page read and write
|
|
|
|
68E7000
|
trusted library allocation
|
page read and write
|
||
|
29731231000
|
unkown
|
page readonly
|
||
|
7FFAACB82000
|
trusted library allocation
|
page read and write
|
||
|
2973142E000
|
heap
|
page read and write
|
||
|
680E000
|
stack
|
page read and write
|
||
|
5146000
|
trusted library allocation
|
page read and write
|
||
|
BCF53FD000
|
stack
|
page read and write
|
||
|
2A60000
|
trusted library allocation
|
page read and write
|
||
|
6EE0D000
|
unkown
|
page read and write
|
||
|
29732FA0000
|
heap
|
page execute and read and write
|
||
|
29732F00000
|
trusted library section
|
page read and write
|
||
|
2A90000
|
heap
|
page read and write
|
||
|
7FFB16822000
|
unkown
|
page readonly
|
||
|
7FFAACB93000
|
trusted library allocation
|
page read and write
|
||
|
68B7000
|
trusted library allocation
|
page read and write
|
||
|
29731238000
|
unkown
|
page readonly
|
||
|
29731515000
|
heap
|
page read and write
|
||
|
29731580000
|
heap
|
page read and write
|
||
|
BCF50FE000
|
stack
|
page read and write
|
||
|
2C30000
|
heap
|
page execute and read and write
|
||
|
5184000
|
heap
|
page read and write
|
||
|
3C69000
|
trusted library allocation
|
page read and write
|
||
|
E15000
|
heap
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
106D000
|
trusted library allocation
|
page execute and read and write
|
||
|
29731442000
|
heap
|
page read and write
|
||
|
530C000
|
stack
|
page read and write
|
||
|
2CC8000
|
trusted library allocation
|
page read and write
|
||
|
1050000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD30000
|
trusted library allocation
|
page read and write
|
||
|
29731645000
|
heap
|
page read and write
|
||
|
7FFAACD23000
|
trusted library allocation
|
page read and write
|
||
|
1080000
|
trusted library allocation
|
page read and write
|
||
|
4C48000
|
trusted library allocation
|
page read and write
|
||
|
2CCC000
|
trusted library allocation
|
page read and write
|
||
|
294E000
|
stack
|
page read and write
|
||
|
69A0000
|
heap
|
page read and write
|
||
|
BCF4BFE000
|
stack
|
page read and write
|
||
|
654E000
|
stack
|
page read and write
|
||
|
2ADE000
|
stack
|
page read and write
|
||
|
5F30000
|
heap
|
page read and write
|
||
|
513E000
|
trusted library allocation
|
page read and write
|
||
|
7FFB16800000
|
unkown
|
page readonly
|
||
|
7FFAACD70000
|
trusted library allocation
|
page read and write
|
||
|
2C1C000
|
stack
|
page read and write
|
||
|
BCF51FF000
|
stack
|
page read and write
|
||
|
9F9000
|
stack
|
page read and write
|
||
|
2973140C000
|
heap
|
page read and write
|
||
|
5FDD000
|
heap
|
page read and write
|
||
|
5F38000
|
heap
|
page read and write
|
||
|
1090000
|
trusted library allocation
|
page read and write
|
||
|
7FF4897A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
F9E000
|
heap
|
page read and write
|
||
|
7FFAACC40000
|
trusted library allocation
|
page execute and read and write
|
||
|
29731570000
|
trusted library allocation
|
page read and write
|
||
|
1082000
|
trusted library allocation
|
page read and write
|
||
|
68A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACBA4000
|
trusted library allocation
|
page read and write
|
||
|
29733503000
|
trusted library allocation
|
page read and write
|
||
|
29731440000
|
heap
|
page read and write
|
||
|
2D12000
|
trusted library allocation
|
page read and write
|
||
|
108A000
|
trusted library allocation
|
page execute and read and write
|
||
|
BCF4EFE000
|
stack
|
page read and write
|
||
|
5FEA000
|
heap
|
page read and write
|
||
|
29733095000
|
trusted library allocation
|
page read and write
|
||
|
5F68000
|
heap
|
page read and write
|
||
|
7FFB16801000
|
unkown
|
page execute read
|
||
|
10A6000
|
heap
|
page read and write
|
||
|
F1B000
|
heap
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
540C000
|
stack
|
page read and write
|
||
|
2973142C000
|
heap
|
page read and write
|
||
|
5160000
|
trusted library allocation
|
page read and write
|
||
|
3CD6000
|
trusted library allocation
|
page read and write
|
||
|
4DDE000
|
stack
|
page read and write
|
||
|
52C0000
|
heap
|
page execute and read and write
|
||
|
FE1000
|
heap
|
page read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
2C20000
|
trusted library allocation
|
page read and write
|
||
|
5132000
|
trusted library allocation
|
page read and write
|
||
|
29742FB1000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB8D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1092000
|
trusted library allocation
|
page read and write
|
||
|
3C41000
|
trusted library allocation
|
page read and write
|
||
|
BCF4DFE000
|
stack
|
page read and write
|
||
|
7FFAACD50000
|
trusted library allocation
|
page read and write
|
||
|
688F000
|
stack
|
page read and write
|
||
|
297311D2000
|
unkown
|
page readonly
|
||
|
1070000
|
trusted library allocation
|
page read and write
|
||
|
1064000
|
trusted library allocation
|
page read and write
|
||
|
684E000
|
stack
|
page read and write
|
||
|
29731640000
|
heap
|
page read and write
|
||
|
29731469000
|
heap
|
page read and write
|
||
|
2974B710000
|
heap
|
page execute and read and write
|
||
|
6898000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACBAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACD76000
|
trusted library allocation
|
page read and write
|
||
|
10A0000
|
heap
|
page read and write
|
||
|
2C76000
|
trusted library allocation
|
page read and write
|
||
|
2C91000
|
trusted library allocation
|
page read and write
|
||
|
BCF4FFC000
|
stack
|
page read and write
|
||
|
7F370000
|
trusted library allocation
|
page execute and read and write
|
||
|
109B000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACD80000
|
trusted library allocation
|
page execute and read and write
|
||
|
DFE000
|
stack
|
page read and write
|
||
|
5F50000
|
heap
|
page read and write
|
||
|
7FFAACD60000
|
trusted library allocation
|
page read and write
|
||
|
1063000
|
trusted library allocation
|
page execute and read and write
|
||
|
297313B0000
|
heap
|
page read and write
|
||
|
440000
|
remote allocation
|
page execute and read and write
|
||
|
668D000
|
stack
|
page read and write
|
||
|
5152000
|
trusted library allocation
|
page read and write
|
||
|
5FDF000
|
heap
|
page read and write
|
||
|
5F36000
|
heap
|
page read and write
|
||
|
7FFB16816000
|
unkown
|
page readonly
|
||
|
BCF55FE000
|
stack
|
page read and write
|
||
|
63EE000
|
stack
|
page read and write
|
||
|
F4E000
|
heap
|
page read and write
|
||
|
2973122E000
|
unkown
|
page readonly
|
||
|
7FFAACC36000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACBAB000
|
trusted library allocation
|
page execute and read and write
|
||
|
6A1E000
|
stack
|
page read and write
|
||
|
68C0000
|
trusted library allocation
|
page read and write
|
||
|
297312D0000
|
heap
|
page read and write
|
||
|
2C7F000
|
trusted library allocation
|
page read and write
|
||
|
29732DF0000
|
heap
|
page read and write
|
||
|
2974B761000
|
heap
|
page read and write
|
||
|
6D4D000
|
stack
|
page read and write
|
||
|
BCF52FE000
|
stack
|
page read and write
|
||
|
CF8000
|
stack
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
29732FB1000
|
trusted library allocation
|
page read and write
|
||
|
BCF54FA000
|
stack
|
page read and write
|
||
|
7FFAACB80000
|
trusted library allocation
|
page read and write
|
||
|
1097000
|
trusted library allocation
|
page execute and read and write
|
||
|
68E0000
|
trusted library allocation
|
page read and write
|
||
|
6EDF0000
|
unkown
|
page readonly
|
||
|
6900000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
6990000
|
trusted library allocation
|
page read and write
|
||
|
62AD000
|
stack
|
page read and write
|
||
|
2D59000
|
trusted library allocation
|
page read and write
|
||
|
512B000
|
trusted library allocation
|
page read and write
|
||
|
63AE000
|
stack
|
page read and write
|
||
|
5180000
|
heap
|
page read and write
|
||
|
6EDF1000
|
unkown
|
page execute read
|
||
|
7FFAACBA0000
|
trusted library allocation
|
page read and write
|
||
|
2C81000
|
trusted library allocation
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
1060000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC30000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD49000
|
trusted library allocation
|
page read and write
|
||
|
FDC000
|
heap
|
page read and write
|
||
|
2C41000
|
trusted library allocation
|
page read and write
|
||
|
68D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACBDC000
|
trusted library allocation
|
page execute and read and write
|
||
|
64EE000
|
stack
|
page read and write
|
||
|
107D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5860000
|
heap
|
page read and write
|
||
|
1095000
|
trusted library allocation
|
page execute and read and write
|
||
|
F51000
|
heap
|
page read and write
|
||
|
7FFAACCA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
68AD000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC66000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CCA000
|
trusted library allocation
|
page read and write
|
||
|
297313D0000
|
heap
|
page read and write
|
||
|
514D000
|
trusted library allocation
|
page read and write
|
||
|
29731593000
|
trusted library allocation
|
page read and write
|
||
|
2D40000
|
trusted library allocation
|
page read and write
|
||
|
2974AFE0000
|
trusted library allocation
|
page read and write
|
||
|
29731550000
|
trusted library allocation
|
page read and write
|
||
|
51A0000
|
heap
|
page read and write
|
||
|
1086000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C8D000
|
trusted library allocation
|
page read and write
|
||
|
5141000
|
trusted library allocation
|
page read and write
|
||
|
EF0000
|
heap
|
page read and write
|
||
|
BCF4CFF000
|
stack
|
page read and write
|
||
|
7FFAACD40000
|
trusted library allocation
|
page read and write
|
||
|
5170000
|
trusted library allocation
|
page read and write
|
||
|
2CDD000
|
trusted library allocation
|
page read and write
|
||
|
68B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC3C000
|
trusted library allocation
|
page execute and read and write
|
||
|
29731520000
|
heap
|
page read and write
|
||
|
F44000
|
heap
|
page read and write
|
||
|
670E000
|
stack
|
page read and write
|
||
|
2BDE000
|
stack
|
page read and write
|
||
|
512E000
|
trusted library allocation
|
page read and write
|
||
|
7FFB16820000
|
unkown
|
page read and write
|
||
|
690B000
|
trusted library allocation
|
page read and write
|
||
|
6E10000
|
heap
|
page read and write
|
||
|
7FFAACB84000
|
trusted library allocation
|
page read and write
|
||
|
6890000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD20000
|
trusted library allocation
|
page read and write
|
||
|
68F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACD44000
|
trusted library allocation
|
page read and write
|
||
|
66CE000
|
stack
|
page read and write
|
||
|
69B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
29731590000
|
trusted library allocation
|
page read and write
|
||
|
6EE0F000
|
unkown
|
page readonly
|
||
|
29732FD7000
|
trusted library allocation
|
page read and write
|
||
|
2D1F000
|
trusted library allocation
|
page read and write
|
||
|
2974B720000
|
heap
|
page read and write
|
||
|
2A80000
|
trusted library allocation
|
page read and write
|
||
|
29731220000
|
unkown
|
page readonly
|
||
|
297311D0000
|
unkown
|
page readonly
|
||
|
7FFAACB83000
|
trusted library allocation
|
page execute and read and write
|
||
|
3CAD000
|
trusted library allocation
|
page read and write
|
||
|
6EE06000
|
unkown
|
page readonly
|
||
|
2973146B000
|
heap
|
page read and write
|
||
|
7FFB16825000
|
unkown
|
page readonly
|
||
|
29731400000
|
heap
|
page read and write
|
||
|
FDF000
|
heap
|
page read and write
|
||
|
5120000
|
trusted library allocation
|
page read and write
|
||
|
29731510000
|
heap
|
page read and write
|
||
|
6920000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A70000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACB9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
FE6000
|
heap
|
page read and write
|
||
|
BCF4AF3000
|
stack
|
page read and write
|
||
|
2CD4000
|
trusted library allocation
|
page read and write
|
||
|
664E000
|
stack
|
page read and write
|
There are 216 hidden memdumps, click here to show them.