Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
PO_287104.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PO_287104.exe_41d43b594d7cb5ea74a54d3af42e9753d59ab813_4299c286_754bdea6-dd56-46d5-91b0-ccfe1137052e\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1D13.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu May 2 06:06:04 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1F27.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1F67.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO_287104.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu May 2 05:06:03 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu May 2 05:06:03 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu May 2 05:06:03 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu May 2 05:06:03 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu May 2 05:06:03 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
Chrome Cache Entry: 71
|
ASCII text, with very long lines (797)
|
downloaded
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\PO_287104.exe
|
"C:\Users\user\Desktop\PO_287104.exe"
|
|
|
|
C:\Users\user\Desktop\PO_287104.exe
|
"C:\Users\user\Desktop\PO_287104.exe"
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2056,i,8737495624509298634,17865193719586568122,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6196 -s 1516
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.google.com/async/ddljson?async=ntp:2
|
142.251.35.164
|
||
|
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YJbhGMrazLEGIjBZUN1Vqkwi12TG-vYHko3v5bGLhfMhQg1bQ3rJ4hZy5IkSprSYJZZ7YfDKBTYYOVsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
|
142.251.35.164
|
||
|
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
|
142.251.35.164
|
||
|
http://checkip.dyndns.org/
|
193.122.130.0
|
||
|
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS_YJbhGMrazLEGIjAtDLKtaW7imy5MSBR16Nr2fdKnHvcFaleWOY1c1TY4DlJgIX8p-mGA1aAPz9kdujYyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
|
142.251.35.164
|
||
|
http://checkip.dyndns.org/q
|
unknown
|
||
|
https://scratchdreams.tk
|
unknown
|
||
|
https://www.google.com/async/newtab_promos
|
142.251.35.164
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://checkip.dyndns.org
|
unknown
|
||
|
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
|
142.251.35.164
|
||
|
http://checkip.dyndns.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/
|
unknown
|
There are 4 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
checkip.dyndns.org
|
unknown
|
|
|
|
www.google.com
|
142.251.35.164
|
||
|
checkip.dyndns.com
|
193.122.130.0
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
193.122.130.0
|
checkip.dyndns.com
|
United States
|
||
|
192.168.2.4
|
unknown
|
unknown
|
||
|
192.168.2.6
|
unknown
|
unknown
|
||
|
192.168.2.5
|
unknown
|
unknown
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
142.251.35.164
|
www.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PO_287104_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PO_287104_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PO_287104_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PO_287104_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PO_287104_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PO_287104_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PO_287104_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PO_287104_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PO_287104_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PO_287104_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PO_287104_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PO_287104_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PO_287104_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PO_287104_RASMANCS
|
FileDirectory
|
||
|
\REGISTRY\A\{7ff7d681-bc71-2da7-4909-65182490bdc8}\Root\InventoryApplicationFile\po_287104.exe|530db9ce0969727a
|
ProgramId
|
||
|
\REGISTRY\A\{7ff7d681-bc71-2da7-4909-65182490bdc8}\Root\InventoryApplicationFile\po_287104.exe|530db9ce0969727a
|
FileId
|
||
|
\REGISTRY\A\{7ff7d681-bc71-2da7-4909-65182490bdc8}\Root\InventoryApplicationFile\po_287104.exe|530db9ce0969727a
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{7ff7d681-bc71-2da7-4909-65182490bdc8}\Root\InventoryApplicationFile\po_287104.exe|530db9ce0969727a
|
LongPathHash
|
||
|
\REGISTRY\A\{7ff7d681-bc71-2da7-4909-65182490bdc8}\Root\InventoryApplicationFile\po_287104.exe|530db9ce0969727a
|
Name
|
||
|
\REGISTRY\A\{7ff7d681-bc71-2da7-4909-65182490bdc8}\Root\InventoryApplicationFile\po_287104.exe|530db9ce0969727a
|
OriginalFileName
|
||
|
\REGISTRY\A\{7ff7d681-bc71-2da7-4909-65182490bdc8}\Root\InventoryApplicationFile\po_287104.exe|530db9ce0969727a
|
Publisher
|
||
|
\REGISTRY\A\{7ff7d681-bc71-2da7-4909-65182490bdc8}\Root\InventoryApplicationFile\po_287104.exe|530db9ce0969727a
|
Version
|
||
|
\REGISTRY\A\{7ff7d681-bc71-2da7-4909-65182490bdc8}\Root\InventoryApplicationFile\po_287104.exe|530db9ce0969727a
|
BinFileVersion
|
||
|
\REGISTRY\A\{7ff7d681-bc71-2da7-4909-65182490bdc8}\Root\InventoryApplicationFile\po_287104.exe|530db9ce0969727a
|
BinaryType
|
||
|
\REGISTRY\A\{7ff7d681-bc71-2da7-4909-65182490bdc8}\Root\InventoryApplicationFile\po_287104.exe|530db9ce0969727a
|
ProductName
|
||
|
\REGISTRY\A\{7ff7d681-bc71-2da7-4909-65182490bdc8}\Root\InventoryApplicationFile\po_287104.exe|530db9ce0969727a
|
ProductVersion
|
||
|
\REGISTRY\A\{7ff7d681-bc71-2da7-4909-65182490bdc8}\Root\InventoryApplicationFile\po_287104.exe|530db9ce0969727a
|
LinkDate
|
||
|
\REGISTRY\A\{7ff7d681-bc71-2da7-4909-65182490bdc8}\Root\InventoryApplicationFile\po_287104.exe|530db9ce0969727a
|
BinProductVersion
|
||
|
\REGISTRY\A\{7ff7d681-bc71-2da7-4909-65182490bdc8}\Root\InventoryApplicationFile\po_287104.exe|530db9ce0969727a
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{7ff7d681-bc71-2da7-4909-65182490bdc8}\Root\InventoryApplicationFile\po_287104.exe|530db9ce0969727a
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{7ff7d681-bc71-2da7-4909-65182490bdc8}\Root\InventoryApplicationFile\po_287104.exe|530db9ce0969727a
|
Size
|
||
|
\REGISTRY\A\{7ff7d681-bc71-2da7-4909-65182490bdc8}\Root\InventoryApplicationFile\po_287104.exe|530db9ce0969727a
|
Language
|
||
|
\REGISTRY\A\{7ff7d681-bc71-2da7-4909-65182490bdc8}\Root\InventoryApplicationFile\po_287104.exe|530db9ce0969727a
|
Usn
|
There are 24 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
2DB1000
|
trusted library allocation
|
page read and write
|
|
|
|
390E000
|
trusted library allocation
|
page read and write
|
|
|
|
2C05000
|
trusted library allocation
|
page read and write
|
|
|
|
5310000
|
trusted library section
|
page read and write
|
|
|
|
4D00000
|
trusted library allocation
|
page execute and read and write
|
||
|
C04000
|
trusted library allocation
|
page read and write
|
||
|
6E4E000
|
stack
|
page read and write
|
||
|
3787000
|
trusted library allocation
|
page read and write
|
||
|
4C06000
|
trusted library allocation
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
4CC0000
|
trusted library allocation
|
page read and write
|
||
|
E3E000
|
stack
|
page read and write
|
||
|
4BEB000
|
trusted library allocation
|
page read and write
|
||
|
6BF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
15B0000
|
heap
|
page read and write
|
||
|
835000
|
heap
|
page read and write
|
||
|
13B0000
|
trusted library allocation
|
page read and write
|
||
|
270F000
|
stack
|
page read and write
|
||
|
9D5000
|
heap
|
page read and write
|
||
|
10C0000
|
trusted library allocation
|
page read and write
|
||
|
6BE0000
|
trusted library allocation
|
page read and write
|
||
|
12D6000
|
trusted library allocation
|
page execute and read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
C13000
|
trusted library allocation
|
page read and write
|
||
|
A1D000
|
heap
|
page read and write
|
||
|
BF0000
|
trusted library allocation
|
page read and write
|
||
|
10D0000
|
heap
|
page read and write
|
||
|
C32000
|
trusted library allocation
|
page read and write
|
||
|
4F3C000
|
stack
|
page read and write
|
||
|
C50000
|
heap
|
page read and write
|
||
|
2D45000
|
trusted library allocation
|
page read and write
|
||
|
6C10000
|
trusted library section
|
page read and write
|
||
|
52C0000
|
trusted library section
|
page read and write
|
||
|
9E6000
|
heap
|
page read and write
|
||
|
2E5B000
|
trusted library allocation
|
page read and write
|
||
|
6AE0000
|
heap
|
page read and write
|
||
|
4C20000
|
trusted library allocation
|
page read and write
|
||
|
632E000
|
stack
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
C37000
|
trusted library allocation
|
page execute and read and write
|
||
|
6D8F000
|
stack
|
page read and write
|
||
|
2CFB000
|
trusted library allocation
|
page read and write
|
||
|
2E56000
|
trusted library allocation
|
page read and write
|
||
|
E67000
|
heap
|
page read and write
|
||
|
10B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
642E000
|
stack
|
page read and write
|
||
|
DF5000
|
trusted library allocation
|
page read and write
|
||
|
C20000
|
trusted library allocation
|
page read and write
|
||
|
4D50000
|
heap
|
page read and write
|
||
|
656E000
|
stack
|
page read and write
|
||
|
4CB0000
|
heap
|
page read and write
|
||
|
F05000
|
heap
|
page read and write
|
||
|
4EA000
|
stack
|
page read and write
|
||
|
4C50000
|
trusted library allocation
|
page read and write
|
||
|
C1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4BD0000
|
trusted library allocation
|
page read and write
|
||
|
4BFE000
|
trusted library allocation
|
page read and write
|
||
|
4C01000
|
trusted library allocation
|
page read and write
|
||
|
C3B000
|
trusted library allocation
|
page execute and read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
5E7000
|
stack
|
page read and write
|
||
|
4CE0000
|
trusted library allocation
|
page read and write
|
||
|
12EB000
|
trusted library allocation
|
page execute and read and write
|
||
|
9A4E000
|
stack
|
page read and write
|
||
|
12D0000
|
trusted library allocation
|
page read and write
|
||
|
5300000
|
trusted library section
|
page read and write
|
||
|
2720000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
15A6000
|
trusted library allocation
|
page read and write
|
||
|
1060000
|
heap
|
page read and write
|
||
|
10BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FD0000
|
trusted library allocation
|
page read and write
|
||
|
2E5E000
|
trusted library allocation
|
page read and write
|
||
|
C0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
C26000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D20000
|
trusted library section
|
page readonly
|
||
|
58CE000
|
stack
|
page read and write
|
||
|
6ACF000
|
stack
|
page read and write
|
||
|
4CC2000
|
trusted library allocation
|
page read and write
|
||
|
6AEF000
|
heap
|
page read and write
|
||
|
2731000
|
trusted library allocation
|
page read and write
|
||
|
138E000
|
stack
|
page read and write
|
||
|
E50000
|
heap
|
page execute and read and write
|
||
|
10A0000
|
trusted library allocation
|
page read and write
|
||
|
4C40000
|
trusted library allocation
|
page read and write
|
||
|
4BE0000
|
trusted library allocation
|
page read and write
|
||
|
15A0000
|
trusted library allocation
|
page read and write
|
||
|
27A7000
|
trusted library allocation
|
page read and write
|
||
|
13A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5160000
|
heap
|
page read and write
|
||
|
97E000
|
stack
|
page read and write
|
||
|
52E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CCE000
|
stack
|
page read and write
|
||
|
564E000
|
stack
|
page read and write
|
||
|
2E77000
|
trusted library allocation
|
page read and write
|
||
|
27AE000
|
trusted library allocation
|
page read and write
|
||
|
5680000
|
heap
|
page execute and read and write
|
||
|
13C0000
|
heap
|
page read and write
|
||
|
61EE000
|
stack
|
page read and write
|
||
|
646E000
|
stack
|
page read and write
|
||
|
4F4E000
|
stack
|
page read and write
|
||
|
12CF000
|
stack
|
page read and write
|
||
|
279D000
|
trusted library allocation
|
page read and write
|
||
|
2E63000
|
trusted library allocation
|
page read and write
|
||
|
9A8000
|
heap
|
page read and write
|
||
|
C2A000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F40000
|
heap
|
page execute and read and write
|
||
|
A32000
|
heap
|
page read and write
|
||
|
10FA000
|
heap
|
page read and write
|
||
|
11C6000
|
heap
|
page read and write
|
||
|
53CD000
|
stack
|
page read and write
|
||
|
476C000
|
stack
|
page read and write
|
||
|
5150000
|
heap
|
page read and write
|
||
|
1182000
|
heap
|
page read and write
|
||
|
60EE000
|
stack
|
page read and write
|
||
|
4D40000
|
heap
|
page read and write
|
||
|
362000
|
unkown
|
page readonly
|
||
|
105E000
|
stack
|
page read and write
|
||
|
6AE7000
|
heap
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
9B4E000
|
stack
|
page read and write
|
||
|
A62000
|
heap
|
page read and write
|
||
|
12E0000
|
trusted library allocation
|
page read and write
|
||
|
4D63000
|
heap
|
page read and write
|
||
|
6BD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
C03000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D00000
|
heap
|
page execute and read and write
|
||
|
54D0000
|
heap
|
page read and write
|
||
|
6FD2000
|
trusted library allocation
|
page read and write
|
||
|
538F000
|
stack
|
page read and write
|
||
|
12E7000
|
trusted library allocation
|
page execute and read and write
|
||
|
4CD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3823000
|
trusted library allocation
|
page read and write
|
||
|
3DB1000
|
trusted library allocation
|
page read and write
|
||
|
4D30000
|
heap
|
page read and write
|
||
|
4D60000
|
heap
|
page read and write
|
||
|
9AE000
|
heap
|
page read and write
|
||
|
1390000
|
heap
|
page read and write
|
||
|
37D5000
|
trusted library allocation
|
page read and write
|
||
|
159E000
|
stack
|
page read and write
|
||
|
360000
|
unkown
|
page readonly
|
||
|
F40000
|
heap
|
page read and write
|
||
|
4BB0000
|
heap
|
page read and write
|
||
|
DAE000
|
stack
|
page read and write
|
||
|
5045000
|
heap
|
page read and write
|
||
|
F00000
|
heap
|
page read and write
|
||
|
1106000
|
heap
|
page read and write
|
||
|
BDE000
|
stack
|
page read and write
|
||
|
B9F000
|
stack
|
page read and write
|
||
|
2DA0000
|
heap
|
page read and write
|
||
|
9C4E000
|
stack
|
page read and write
|
||
|
A4E000
|
heap
|
page read and write
|
||
|
4C70000
|
trusted library allocation
|
page read and write
|
||
|
6C80000
|
trusted library allocation
|
page read and write
|
||
|
486C000
|
stack
|
page read and write
|
||
|
3739000
|
trusted library allocation
|
page read and write
|
||
|
83C7000
|
trusted library allocation
|
page read and write
|
||
|
68D0000
|
heap
|
page read and write
|
||
|
3731000
|
trusted library allocation
|
page read and write
|
||
|
12DA000
|
trusted library allocation
|
page execute and read and write
|
||
|
C00000
|
trusted library allocation
|
page read and write
|
||
|
2710000
|
trusted library allocation
|
page execute and read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
5040000
|
heap
|
page read and write
|
||
|
134E000
|
stack
|
page read and write
|
||
|
D60000
|
trusted library allocation
|
page read and write
|
||
|
2CF0000
|
trusted library allocation
|
page read and write
|
||
|
DF0000
|
trusted library allocation
|
page read and write
|
||
|
560D000
|
stack
|
page read and write
|
||
|
10B4000
|
trusted library allocation
|
page read and write
|
||
|
4C10000
|
trusted library allocation
|
page read and write
|
||
|
3DD9000
|
trusted library allocation
|
page read and write
|
||
|
BDB000
|
stack
|
page read and write
|
||
|
5FEF000
|
stack
|
page read and write
|
||
|
5180000
|
heap
|
page read and write
|
||
|
540E000
|
stack
|
page read and write
|
||
|
62EF000
|
stack
|
page read and write
|
||
|
2D60000
|
trusted library allocation
|
page read and write
|
||
|
DEE000
|
stack
|
page read and write
|
||
|
6C00000
|
trusted library allocation
|
page read and write
|
||
|
D5F000
|
stack
|
page read and write
|
||
|
4BE4000
|
trusted library allocation
|
page read and write
|
||
|
4C30000
|
trusted library allocation
|
page read and write
|
||
|
502E000
|
stack
|
page read and write
|
||
|
DFE000
|
trusted library allocation
|
page read and write
|
||
|
40C000
|
unkown
|
page readonly
|
||
|
10D8000
|
heap
|
page read and write
|
||
|
12E2000
|
trusted library allocation
|
page read and write
|
||
|
514D000
|
stack
|
page read and write
|
||
|
6DCE000
|
stack
|
page read and write
|
||
|
590E000
|
stack
|
page read and write
|
||
|
4C0D000
|
trusted library allocation
|
page read and write
|
||
|
C10000
|
trusted library allocation
|
page read and write
|
||
|
4C12000
|
trusted library allocation
|
page read and write
|
||
|
9E8000
|
heap
|
page read and write
|
||
|
15A4000
|
trusted library allocation
|
page read and write
|
||
|
11BB000
|
heap
|
page read and write
|
||
|
C22000
|
trusted library allocation
|
page read and write
|
||
|
3DB7000
|
trusted library allocation
|
page read and write
|
||
|
5030000
|
trusted library allocation
|
page read and write
|
||
|
1300000
|
trusted library allocation
|
page read and write
|
||
|
EF7000
|
stack
|
page read and write
|
There are 194 hidden memdumps, click here to show them.