Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
PO 11072024.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO 11072024.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmp33D1.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\ppUSXdJgAIFILG.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\ppUSXdJgAIFILG.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ppUSXdJgAIFILG.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_12wvsfra.soh.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_el5rygfv.nt1.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mz3xmrjc.nbf.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_spzomboo.xv5.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp3B91.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\PO 11072024.exe
|
"C:\Users\user\Desktop\PO 11072024.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\ppUSXdJgAIFILG.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ppUSXdJgAIFILG" /XML "C:\Users\user\AppData\Local\Temp\tmp33D1.tmp"
|
|
|
|
C:\Users\user\Desktop\PO 11072024.exe
|
"C:\Users\user\Desktop\PO 11072024.exe"
|
|
|
|
C:\Users\user\Desktop\PO 11072024.exe
|
"C:\Users\user\Desktop\PO 11072024.exe"
|
|
|
|
C:\Users\user\Desktop\PO 11072024.exe
|
"C:\Users\user\Desktop\PO 11072024.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\ppUSXdJgAIFILG.exe
|
C:\Users\user\AppData\Roaming\ppUSXdJgAIFILG.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ppUSXdJgAIFILG" /XML "C:\Users\user\AppData\Local\Temp\tmp3B91.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\ppUSXdJgAIFILG.exe
|
"C:\Users\user\AppData\Roaming\ppUSXdJgAIFILG.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 3 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
172.93.218.178
|
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
http://geoplugin.net/json.gpSystem32
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
http://www.typography.netD
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
http://geoplugin.net/
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
http://geoplugin.net/json.gpJ
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://geoplugin.net/json.gpQ
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
There are 23 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
geoplugin.net
|
178.237.33.50
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.93.218.178
|
unknown
|
United States
|
|
|
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\765-XJJE0J
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\765-XJJE0J
|
licence
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
16C7000
|
heap
|
page read and write
|
|
|
|
134B000
|
heap
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
4299000
|
trusted library allocation
|
page read and write
|
|
|
|
2F30000
|
trusted library allocation
|
page read and write
|
||
|
5D80000
|
trusted library section
|
page read and write
|
||
|
148E000
|
stack
|
page read and write
|
||
|
1950000
|
trusted library allocation
|
page read and write
|
||
|
14B0000
|
heap
|
page read and write
|
||
|
2F10000
|
trusted library allocation
|
page read and write
|
||
|
19A0000
|
heap
|
page read and write
|
||
|
1670000
|
trusted library allocation
|
page read and write
|
||
|
35C9000
|
trusted library allocation
|
page read and write
|
||
|
2EF6000
|
trusted library allocation
|
page read and write
|
||
|
160E000
|
stack
|
page read and write
|
||
|
A42E000
|
stack
|
page read and write
|
||
|
1630000
|
trusted library allocation
|
page read and write
|
||
|
639E000
|
heap
|
page read and write
|
||
|
F5C000
|
stack
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
A06E000
|
stack
|
page read and write
|
||
|
167D000
|
stack
|
page read and write
|
||
|
1187000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F71000
|
trusted library allocation
|
page read and write
|
||
|
E39000
|
stack
|
page read and write
|
||
|
1727000
|
heap
|
page read and write
|
||
|
A02E000
|
stack
|
page read and write
|
||
|
9D0E000
|
stack
|
page read and write
|
||
|
F37000
|
stack
|
page read and write
|
||
|
17D0000
|
heap
|
page read and write
|
||
|
732E000
|
stack
|
page read and write
|
||
|
5420000
|
heap
|
page execute and read and write
|
||
|
1981000
|
trusted library allocation
|
page read and write
|
||
|
3F79000
|
trusted library allocation
|
page read and write
|
||
|
1646000
|
trusted library allocation
|
page execute and read and write
|
||
|
446E000
|
trusted library allocation
|
page read and write
|
||
|
5D60000
|
trusted library allocation
|
page read and write
|
||
|
15DC000
|
stack
|
page read and write
|
||
|
16A0000
|
heap
|
page read and write
|
||
|
1623000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EDB000
|
trusted library allocation
|
page read and write
|
||
|
7DB0000
|
trusted library allocation
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
1635000
|
heap
|
page read and write
|
||
|
315F000
|
stack
|
page read and write
|
||
|
1060000
|
heap
|
page read and write
|
||
|
5802000
|
trusted library allocation
|
page read and write
|
||
|
76E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EFD000
|
trusted library allocation
|
page read and write
|
||
|
57C0000
|
heap
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
7A74000
|
heap
|
page read and write
|
||
|
12F7000
|
stack
|
page read and write
|
||
|
4291000
|
trusted library allocation
|
page read and write
|
||
|
5770000
|
trusted library allocation
|
page read and write
|
||
|
174C000
|
heap
|
page read and write
|
||
|
17C0000
|
heap
|
page read and write
|
||
|
1182000
|
trusted library allocation
|
page read and write
|
||
|
5409000
|
trusted library allocation
|
page read and write
|
||
|
7A80000
|
heap
|
page read and write
|
||
|
5D90000
|
trusted library allocation
|
page read and write
|
||
|
161E000
|
stack
|
page read and write
|
||
|
2ECF000
|
stack
|
page read and write
|
||
|
53B0000
|
trusted library allocation
|
page read and write
|
||
|
1160000
|
trusted library allocation
|
page read and write
|
||
|
5CD0000
|
heap
|
page read and write
|
||
|
811E000
|
stack
|
page read and write
|
||
|
112D000
|
stack
|
page read and write
|
||
|
7810000
|
trusted library allocation
|
page execute and read and write
|
||
|
3270000
|
heap
|
page read and write
|
||
|
16E1000
|
heap
|
page read and write
|
||
|
141A000
|
heap
|
page read and write
|
||
|
1453000
|
heap
|
page read and write
|
||
|
3280000
|
heap
|
page execute and read and write
|
||
|
7FDD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
303D000
|
stack
|
page read and write
|
||
|
70CE000
|
stack
|
page read and write
|
||
|
7E5E000
|
stack
|
page read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
7540000
|
trusted library allocation
|
page execute and read and write
|
||
|
AE8C000
|
stack
|
page read and write
|
||
|
588B000
|
stack
|
page read and write
|
||
|
32BE000
|
stack
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
3291000
|
trusted library allocation
|
page read and write
|
||
|
162D000
|
trusted library allocation
|
page execute and read and write
|
||
|
319E000
|
stack
|
page read and write
|
||
|
4064000
|
trusted library allocation
|
page read and write
|
||
|
1680000
|
trusted library allocation
|
page execute and read and write
|
||
|
5554000
|
trusted library section
|
page readonly
|
||
|
3C8E000
|
stack
|
page read and write
|
||
|
5430000
|
trusted library allocation
|
page read and write
|
||
|
1652000
|
trusted library allocation
|
page read and write
|
||
|
1450000
|
heap
|
page read and write
|
||
|
5298000
|
trusted library allocation
|
page read and write
|
||
|
13E5000
|
heap
|
page read and write
|
||
|
A2EC000
|
stack
|
page read and write
|
||
|
3FEE000
|
trusted library allocation
|
page read and write
|
||
|
FF9000
|
stack
|
page read and write
|
||
|
298A000
|
stack
|
page read and write
|
||
|
7B90000
|
trusted library section
|
page read and write
|
||
|
128A000
|
heap
|
page read and write
|
||
|
1624000
|
trusted library allocation
|
page read and write
|
||
|
324E000
|
stack
|
page read and write
|
||
|
5550000
|
trusted library section
|
page readonly
|
||
|
1176000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EC0000
|
trusted library allocation
|
page read and write
|
||
|
138F000
|
stack
|
page read and write
|
||
|
4211000
|
trusted library allocation
|
page read and write
|
||
|
3250000
|
trusted library allocation
|
page read and write
|
||
|
167E000
|
stack
|
page read and write
|
||
|
A2AF000
|
stack
|
page read and write
|
||
|
2E8E000
|
stack
|
page read and write
|
||
|
2C3E000
|
unkown
|
page read and write
|
||
|
542C000
|
stack
|
page read and write
|
||
|
1657000
|
trusted library allocation
|
page execute and read and write
|
||
|
3270000
|
trusted library allocation
|
page read and write
|
||
|
14FE000
|
stack
|
page read and write
|
||
|
414E000
|
trusted library allocation
|
page read and write
|
||
|
7DB4000
|
trusted library allocation
|
page read and write
|
||
|
506C000
|
stack
|
page read and write
|
||
|
5402000
|
trusted library allocation
|
page read and write
|
||
|
5800000
|
trusted library allocation
|
page read and write
|
||
|
7533000
|
trusted library allocation
|
page read and write
|
||
|
786E000
|
heap
|
page read and write
|
||
|
2E8E000
|
stack
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
171E000
|
heap
|
page read and write
|
||
|
116D000
|
trusted library allocation
|
page execute and read and write
|
||
|
115D000
|
trusted library allocation
|
page execute and read and write
|
||
|
E70000
|
unkown
|
page readonly
|
||
|
153E000
|
stack
|
page read and write
|
||
|
581D000
|
stack
|
page read and write
|
||
|
1209000
|
heap
|
page read and write
|
||
|
57E0000
|
heap
|
page read and write
|
||
|
9DEE000
|
stack
|
page read and write
|
||
|
165B000
|
trusted library allocation
|
page execute and read and write
|
||
|
5820000
|
heap
|
page read and write
|
||
|
1620000
|
trusted library allocation
|
page read and write
|
||
|
59F0000
|
trusted library allocation
|
page read and write
|
||
|
5920000
|
heap
|
page read and write
|
||
|
AD8C000
|
stack
|
page read and write
|
||
|
5700000
|
trusted library allocation
|
page execute and read and write
|
||
|
57F3000
|
heap
|
page read and write
|
||
|
16FF000
|
heap
|
page read and write
|
||
|
1630000
|
heap
|
page read and write
|
||
|
1400000
|
trusted library allocation
|
page read and write
|
||
|
119E000
|
heap
|
page read and write
|
||
|
71E0000
|
trusted library allocation
|
page read and write
|
||
|
307A000
|
stack
|
page read and write
|
||
|
76D0000
|
trusted library allocation
|
page read and write
|
||
|
5D70000
|
trusted library allocation
|
page execute and read and write
|
||
|
A85F000
|
stack
|
page read and write
|
||
|
14FC000
|
stack
|
page read and write
|
||
|
3D8F000
|
stack
|
page read and write
|
||
|
2C7F000
|
unkown
|
page read and write
|
||
|
32A9000
|
trusted library allocation
|
page read and write
|
||
|
E72000
|
unkown
|
page readonly
|
||
|
7A60000
|
heap
|
page read and write
|
||
|
16C0000
|
heap
|
page read and write
|
||
|
57F0000
|
heap
|
page read and write
|
||
|
59D0000
|
heap
|
page read and write
|
||
|
3260000
|
trusted library allocation
|
page read and write
|
||
|
471000
|
remote allocation
|
page execute and read and write
|
||
|
2EF1000
|
trusted library allocation
|
page read and write
|
||
|
1227000
|
heap
|
page read and write
|
||
|
177F000
|
stack
|
page read and write
|
||
|
7C50000
|
trusted library allocation
|
page read and write
|
||
|
7860000
|
heap
|
page read and write
|
||
|
16C0000
|
heap
|
page read and write
|
||
|
12FC000
|
stack
|
page read and write
|
||
|
554B000
|
stack
|
page read and write
|
||
|
2F20000
|
trusted library allocation
|
page read and write
|
||
|
AB0E000
|
stack
|
page read and write
|
||
|
5570000
|
heap
|
page read and write
|
||
|
71E9000
|
trusted library allocation
|
page read and write
|
||
|
11B9000
|
heap
|
page read and write
|
||
|
1198000
|
heap
|
page read and write
|
||
|
1172000
|
trusted library allocation
|
page read and write
|
||
|
5830000
|
heap
|
page read and write
|
||
|
3210000
|
heap
|
page read and write
|
||
|
2F35000
|
trusted library allocation
|
page read and write
|
||
|
9F2E000
|
stack
|
page read and write
|
||
|
7C9E000
|
stack
|
page read and write
|
||
|
117A000
|
trusted library allocation
|
page execute and read and write
|
||
|
17CE000
|
stack
|
page read and write
|
||
|
A52E000
|
stack
|
page read and write
|
||
|
10E5000
|
heap
|
page read and write
|
||
|
198D000
|
trusted library allocation
|
page read and write
|
||
|
10BE000
|
stack
|
page read and write
|
||
|
1245000
|
heap
|
page read and write
|
||
|
1986000
|
trusted library allocation
|
page read and write
|
||
|
1154000
|
trusted library allocation
|
page read and write
|
||
|
29E0000
|
heap
|
page read and write
|
||
|
1153000
|
trusted library allocation
|
page execute and read and write
|
||
|
5CD5000
|
heap
|
page read and write
|
||
|
76F0000
|
heap
|
page read and write
|
||
|
AC4E000
|
stack
|
page read and write
|
||
|
5D50000
|
trusted library section
|
page read and write
|
||
|
722E000
|
stack
|
page read and write
|
||
|
7530000
|
trusted library allocation
|
page read and write
|
||
|
1150000
|
trusted library allocation
|
page read and write
|
||
|
7C59000
|
trusted library allocation
|
page read and write
|
||
|
5790000
|
trusted library allocation
|
page read and write
|
||
|
1725000
|
heap
|
page read and write
|
||
|
13BE000
|
stack
|
page read and write
|
||
|
1180000
|
trusted library allocation
|
page read and write
|
||
|
1499000
|
heap
|
page read and write
|
||
|
141E000
|
heap
|
page read and write
|
||
|
7800000
|
trusted library allocation
|
page read and write
|
||
|
163D000
|
trusted library allocation
|
page execute and read and write
|
||
|
19A7000
|
heap
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
2E90000
|
heap
|
page read and write
|
||
|
122D000
|
heap
|
page read and write
|
||
|
197E000
|
trusted library allocation
|
page read and write
|
||
|
1170000
|
trusted library allocation
|
page read and write
|
||
|
163E000
|
stack
|
page read and write
|
||
|
6379000
|
heap
|
page read and write
|
||
|
1508000
|
trusted library allocation
|
page read and write
|
||
|
5560000
|
heap
|
page read and write
|
||
|
5710000
|
heap
|
page read and write
|
||
|
11D2000
|
heap
|
page read and write
|
||
|
5810000
|
trusted library allocation
|
page execute and read and write
|
||
|
AF8E000
|
stack
|
page read and write
|
||
|
2F60000
|
heap
|
page execute and read and write
|
||
|
1140000
|
trusted library allocation
|
page read and write
|
||
|
1620000
|
heap
|
page read and write
|
||
|
31CE000
|
unkown
|
page read and write
|
||
|
46E000
|
remote allocation
|
page execute and read and write
|
||
|
14A0000
|
trusted library allocation
|
page read and write
|
||
|
5DA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F16000
|
trusted library allocation
|
page read and write
|
||
|
11E0000
|
heap
|
page read and write
|
||
|
2EEE000
|
trusted library allocation
|
page read and write
|
||
|
1650000
|
trusted library allocation
|
page read and write
|
||
|
53F0000
|
heap
|
page read and write
|
||
|
18CE000
|
stack
|
page read and write
|
||
|
40B8000
|
trusted library allocation
|
page read and write
|
||
|
9EEE000
|
stack
|
page read and write
|
||
|
71E4000
|
trusted library allocation
|
page read and write
|
||
|
5715000
|
heap
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
A1AE000
|
stack
|
page read and write
|
||
|
7560000
|
trusted library allocation
|
page read and write
|
||
|
10E0000
|
heap
|
page read and write
|
||
|
11F0000
|
heap
|
page read and write
|
||
|
7460000
|
trusted library allocation
|
page read and write
|
||
|
A16F000
|
stack
|
page read and write
|
||
|
475000
|
remote allocation
|
page execute and read and write
|
||
|
1190000
|
heap
|
page read and write
|
||
|
7FA00000
|
trusted library allocation
|
page execute and read and write
|
||
|
173E000
|
heap
|
page read and write
|
||
|
63B0000
|
heap
|
page read and write
|
||
|
5D4E000
|
stack
|
page read and write
|
||
|
7482000
|
trusted library allocation
|
page read and write
|
||
|
1747000
|
heap
|
page read and write
|
||
|
2F10000
|
heap
|
page read and write
|
||
|
4437000
|
trusted library allocation
|
page read and write
|
||
|
76BE000
|
stack
|
page read and write
|
||
|
32AE000
|
trusted library allocation
|
page read and write
|
||
|
4380000
|
trusted library allocation
|
page read and write
|
||
|
15E0000
|
heap
|
page read and write
|
||
|
59C0000
|
heap
|
page read and write
|
||
|
2ED0000
|
heap
|
page read and write
|
||
|
33D0000
|
heap
|
page read and write
|
||
|
471000
|
remote allocation
|
page execute and read and write
|
||
|
42C9000
|
trusted library allocation
|
page read and write
|
||
|
1680000
|
heap
|
page read and write
|
||
|
2ED0000
|
trusted library allocation
|
page read and write
|
||
|
164A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F14000
|
trusted library allocation
|
page read and write
|
||
|
5820000
|
trusted library allocation
|
page read and write
|
||
|
118B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
339F000
|
stack
|
page read and write
|
||
|
5410000
|
trusted library allocation
|
page execute and read and write
|
||
|
11D4000
|
heap
|
page read and write
|
||
|
2F80000
|
heap
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
7060000
|
trusted library allocation
|
page read and write
|
||
|
7DFD000
|
stack
|
page read and write
|
||
|
3670000
|
heap
|
page read and write
|
||
|
7DA0000
|
trusted library allocation
|
page read and write
|
||
|
1070000
|
heap
|
page read and write
|
||
|
5400000
|
trusted library allocation
|
page read and write
|
||
|
1960000
|
trusted library allocation
|
page read and write
|
||
|
54F0000
|
heap
|
page read and write
|
||
|
1370000
|
heap
|
page read and write
|
||
|
5BFD000
|
stack
|
page read and write
|
||
|
1690000
|
heap
|
page read and write
|
||
|
A3EC000
|
stack
|
page read and write
|
||
|
40CF000
|
trusted library allocation
|
page read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
190E000
|
stack
|
page read and write
|
||
|
54F3000
|
heap
|
page read and write
|
||
|
3275000
|
trusted library allocation
|
page read and write
|
||
|
15E7000
|
heap
|
page read and write
|
||
|
3F71000
|
trusted library allocation
|
page read and write
|
||
|
A9CE000
|
stack
|
page read and write
|
||
|
7A5F000
|
stack
|
page read and write
|
||
|
32FF000
|
stack
|
page read and write
|
||
|
1640000
|
trusted library allocation
|
page read and write
|
||
|
592E000
|
heap
|
page read and write
|
||
|
AACE000
|
stack
|
page read and write
|
||
|
33DB000
|
heap
|
page read and write
|
||
|
2C8B000
|
heap
|
page read and write
|
||
|
1337000
|
heap
|
page read and write
|
||
|
AD4E000
|
stack
|
page read and write
|
||
|
5580000
|
heap
|
page read and write
|
||
|
194B000
|
stack
|
page read and write
|
||
|
75BE000
|
stack
|
page read and write
|
||
|
11C7000
|
heap
|
page read and write
|
||
|
59E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6360000
|
heap
|
page read and write
|
||
|
196B000
|
trusted library allocation
|
page read and write
|
||
|
2F40000
|
trusted library allocation
|
page read and write
|
||
|
5A00000
|
heap
|
page execute and read and write
|
||
|
6370000
|
heap
|
page read and write
|
||
|
7726000
|
heap
|
page read and write
|
||
|
AC0E000
|
stack
|
page read and write
|
||
|
A75E000
|
stack
|
page read and write
|
||
|
7D9E000
|
stack
|
page read and write
|
||
|
7FE0000
|
heap
|
page read and write
|
||
|
AFA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1642000
|
trusted library allocation
|
page read and write
|
||
|
294D000
|
stack
|
page read and write
|
||
|
320F000
|
unkown
|
page read and write
|
||
|
14D3000
|
heap
|
page read and write
|
||
|
5890000
|
trusted library section
|
page readonly
|
||
|
329F000
|
stack
|
page read and write
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
117C000
|
stack
|
page read and write
|
There are 323 hidden memdumps, click here to show them.