Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Win32.PWSX-gen.25825.12964.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\tmp32DE.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\PUwpftrjIH.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PUwpftrjIH.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.25825.12964.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1vearkbo.2wo.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2d33oyta.of4.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5bol5bhh.5mf.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_k3wtoiv3.ezk.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kl2izffn.tea.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_psj3hk1b.s0t.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rp0pvnzb.zgh.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wvha4chu.ai3.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp4201.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\PUwpftrjIH.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.25825.12964.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.25825.12964.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.25825.12964.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\PUwpftrjIH.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\PUwpftrjIH" /XML "C:\Users\user\AppData\Local\Temp\tmp32DE.tmp"
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.25825.12964.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.25825.12964.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\PUwpftrjIH.exe
|
C:\Users\user\AppData\Roaming\PUwpftrjIH.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\PUwpftrjIH" /XML "C:\Users\user\AppData\Local\Temp\tmp4201.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\PUwpftrjIH.exe
|
"C:\Users\user\AppData\Roaming\PUwpftrjIH.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 3 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.ipify.org/
|
104.26.13.205
|
||
|
https://api.ipify.org
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
https://api.ipify.org/t
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
||
|
http://ip-api.com
|
unknown
|
||
|
http://mail.hoangtruongphat.com
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.hoangtruongphat.com
|
125.212.217.248
|
|
|
|
api.ipify.org
|
104.26.13.205
|
||
|
ip-api.com
|
208.95.112.1
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
125.212.217.248
|
mail.hoangtruongphat.com
|
Viet Nam
|
|
|
|
208.95.112.1
|
ip-api.com
|
United States
|
||
|
104.26.13.205
|
api.ipify.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PUwpftrjIH_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PUwpftrjIH_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PUwpftrjIH_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PUwpftrjIH_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PUwpftrjIH_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PUwpftrjIH_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PUwpftrjIH_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PUwpftrjIH_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PUwpftrjIH_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PUwpftrjIH_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PUwpftrjIH_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PUwpftrjIH_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PUwpftrjIH_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PUwpftrjIH_RASMANCS
|
FileDirectory
|
There are 19 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2FBD000
|
trusted library allocation
|
page read and write
|
|
|
|
332C000
|
trusted library allocation
|
page read and write
|
|
|
|
3305000
|
trusted library allocation
|
page read and write
|
|
|
|
2F94000
|
trusted library allocation
|
page read and write
|
|
|
|
3E49000
|
trusted library allocation
|
page read and write
|
|
|
|
2FC5000
|
trusted library allocation
|
page read and write
|
|
|
|
436000
|
remote allocation
|
page execute and read and write
|
||
|
34AE000
|
stack
|
page read and write
|
||
|
6FA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1855000
|
trusted library allocation
|
page execute and read and write
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
334B000
|
trusted library allocation
|
page read and write
|
||
|
14EA000
|
heap
|
page read and write
|
||
|
1256000
|
heap
|
page read and write
|
||
|
C26E000
|
stack
|
page read and write
|
||
|
3949000
|
trusted library allocation
|
page read and write
|
||
|
6B51000
|
heap
|
page read and write
|
||
|
C3AE000
|
stack
|
page read and write
|
||
|
4E2E000
|
trusted library allocation
|
page read and write
|
||
|
28F0000
|
heap
|
page read and write
|
||
|
1230000
|
trusted library allocation
|
page read and write
|
||
|
A9A000
|
heap
|
page read and write
|
||
|
14AB000
|
trusted library allocation
|
page read and write
|
||
|
3A39000
|
trusted library allocation
|
page read and write
|
||
|
14E0000
|
trusted library allocation
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
B93E000
|
stack
|
page read and write
|
||
|
C36E000
|
stack
|
page read and write
|
||
|
34EF000
|
stack
|
page read and write
|
||
|
19AC000
|
stack
|
page read and write
|
||
|
83E0000
|
trusted library allocation
|
page read and write
|
||
|
135F000
|
stack
|
page read and write
|
||
|
5754000
|
trusted library allocation
|
page read and write
|
||
|
27DC000
|
stack
|
page read and write
|
||
|
6D5D000
|
stack
|
page read and write
|
||
|
BD7E000
|
stack
|
page read and write
|
||
|
4821000
|
trusted library allocation
|
page read and write
|
||
|
118D000
|
trusted library allocation
|
page execute and read and write
|
||
|
F4A000
|
trusted library allocation
|
page execute and read and write
|
||
|
FF0000
|
trusted library allocation
|
page read and write
|
||
|
5510000
|
heap
|
page read and write
|
||
|
12BE000
|
heap
|
page read and write
|
||
|
6CEE000
|
stack
|
page read and write
|
||
|
1840000
|
trusted library allocation
|
page read and write
|
||
|
15C8000
|
heap
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
83A000
|
stack
|
page read and write
|
||
|
119A000
|
trusted library allocation
|
page execute and read and write
|
||
|
55B1000
|
heap
|
page read and write
|
||
|
17BE000
|
unkown
|
page read and write
|
||
|
10AE000
|
heap
|
page read and write
|
||
|
F46000
|
trusted library allocation
|
page execute and read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
713D000
|
trusted library allocation
|
page read and write
|
||
|
1830000
|
trusted library allocation
|
page read and write
|
||
|
5756000
|
trusted library allocation
|
page read and write
|
||
|
F57000
|
trusted library allocation
|
page execute and read and write
|
||
|
14DC000
|
stack
|
page read and write
|
||
|
4632000
|
trusted library allocation
|
page read and write
|
||
|
2BDF000
|
stack
|
page read and write
|
||
|
696D000
|
heap
|
page read and write
|
||
|
571B000
|
trusted library allocation
|
page read and write
|
||
|
6D60000
|
heap
|
page read and write
|
||
|
430C000
|
trusted library allocation
|
page read and write
|
||
|
3340000
|
trusted library allocation
|
page read and write
|
||
|
1506000
|
trusted library allocation
|
page read and write
|
||
|
5910000
|
heap
|
page read and write
|
||
|
2F2F000
|
stack
|
page read and write
|
||
|
2F6F000
|
trusted library allocation
|
page read and write
|
||
|
2FB7000
|
trusted library allocation
|
page read and write
|
||
|
2DB5000
|
trusted library allocation
|
page read and write
|
||
|
14E6000
|
trusted library allocation
|
page read and write
|
||
|
1870000
|
heap
|
page read and write
|
||
|
BFFE000
|
stack
|
page read and write
|
||
|
5010000
|
trusted library allocation
|
page read and write
|
||
|
5B1C000
|
stack
|
page read and write
|
||
|
C62C000
|
stack
|
page read and write
|
||
|
6D2E000
|
stack
|
page read and write
|
||
|
14C6000
|
trusted library allocation
|
page read and write
|
||
|
6F4E000
|
stack
|
page read and write
|
||
|
595B000
|
stack
|
page read and write
|
||
|
4E2B000
|
trusted library allocation
|
page read and write
|
||
|
28E0000
|
heap
|
page read and write
|
||
|
459C000
|
trusted library allocation
|
page read and write
|
||
|
83F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
342E000
|
unkown
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
18CE000
|
stack
|
page read and write
|
||
|
5285000
|
heap
|
page read and write
|
||
|
182D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E24000
|
trusted library allocation
|
page read and write
|
||
|
3E41000
|
trusted library allocation
|
page read and write
|
||
|
E70000
|
heap
|
page read and write
|
||
|
689E000
|
stack
|
page read and write
|
||
|
14E0000
|
heap
|
page read and write
|
||
|
4EE0000
|
trusted library allocation
|
page read and write
|
||
|
10C0000
|
heap
|
page read and write
|
||
|
47D3000
|
trusted library allocation
|
page read and write
|
||
|
F8E000
|
stack
|
page read and write
|
||
|
56E0000
|
heap
|
page read and write
|
||
|
6EB0000
|
trusted library allocation
|
page read and write
|
||
|
C4EE000
|
stack
|
page read and write
|
||
|
BFFE000
|
stack
|
page read and write
|
||
|
5690000
|
heap
|
page execute and read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
14C1000
|
trusted library allocation
|
page read and write
|
||
|
844E000
|
stack
|
page read and write
|
||
|
8780000
|
trusted library section
|
page read and write
|
||
|
C0FE000
|
stack
|
page read and write
|
||
|
42C9000
|
trusted library allocation
|
page read and write
|
||
|
C37E000
|
stack
|
page read and write
|
||
|
2A4F000
|
unkown
|
page read and write
|
||
|
6EA000
|
stack
|
page read and write
|
||
|
434000
|
remote allocation
|
page execute and read and write
|
||
|
FFA000
|
stack
|
page read and write
|
||
|
1214000
|
trusted library allocation
|
page read and write
|
||
|
6EE0000
|
trusted library allocation
|
page read and write
|
||
|
150E000
|
stack
|
page read and write
|
||
|
F3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
309C000
|
trusted library allocation
|
page read and write
|
||
|
55F5000
|
heap
|
page read and write
|
||
|
2E38000
|
heap
|
page read and write
|
||
|
7133000
|
trusted library allocation
|
page read and write
|
||
|
7250000
|
trusted library allocation
|
page read and write
|
||
|
1212000
|
trusted library allocation
|
page read and write
|
||
|
10B2000
|
heap
|
page read and write
|
||
|
19F0000
|
heap
|
page read and write
|
||
|
2E20000
|
heap
|
page execute and read and write
|
||
|
46C7000
|
trusted library allocation
|
page read and write
|
||
|
346F000
|
unkown
|
page read and write
|
||
|
1810000
|
trusted library allocation
|
page read and write
|
||
|
8011000
|
trusted library allocation
|
page read and write
|
||
|
4948000
|
trusted library allocation
|
page read and write
|
||
|
6D93000
|
trusted library allocation
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
E0E000
|
stack
|
page read and write
|
||
|
F23000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E41000
|
trusted library allocation
|
page read and write
|
||
|
7350000
|
trusted library allocation
|
page execute and read and write
|
||
|
438000
|
remote allocation
|
page execute and read and write
|
||
|
4F38000
|
trusted library allocation
|
page read and write
|
||
|
2BEF000
|
trusted library allocation
|
page read and write
|
||
|
FFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
19B0000
|
heap
|
page execute and read and write
|
||
|
1633000
|
heap
|
page read and write
|
||
|
6D84000
|
trusted library allocation
|
page read and write
|
||
|
57FE000
|
stack
|
page read and write
|
||
|
7270000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DDF000
|
stack
|
page read and write
|
||
|
1850000
|
trusted library allocation
|
page read and write
|
||
|
6F50000
|
heap
|
page read and write
|
||
|
100E000
|
heap
|
page read and write
|
||
|
5410000
|
heap
|
page read and write
|
||
|
56DC000
|
stack
|
page read and write
|
||
|
6EBE000
|
stack
|
page read and write
|
||
|
1190000
|
trusted library allocation
|
page read and write
|
||
|
C27D000
|
stack
|
page read and write
|
||
|
36C0000
|
heap
|
page read and write
|
||
|
27E6000
|
trusted library allocation
|
page read and write
|
||
|
6DBE000
|
stack
|
page read and write
|
||
|
5470000
|
heap
|
page read and write
|
||
|
3941000
|
trusted library allocation
|
page read and write
|
||
|
13DB000
|
stack
|
page read and write
|
||
|
495A000
|
trusted library allocation
|
page read and write
|
||
|
7300000
|
heap
|
page read and write
|
||
|
2F7D000
|
trusted library allocation
|
page read and write
|
||
|
2800000
|
trusted library allocation
|
page read and write
|
||
|
53C3000
|
heap
|
page read and write
|
||
|
6B4A000
|
heap
|
page read and write
|
||
|
53F0000
|
trusted library allocation
|
page read and write
|
||
|
6D9E000
|
trusted library allocation
|
page read and write
|
||
|
6D6E000
|
stack
|
page read and write
|
||
|
F78000
|
stack
|
page read and write
|
||
|
5210000
|
heap
|
page read and write
|
||
|
6B67000
|
heap
|
page read and write
|
||
|
BEBE000
|
stack
|
page read and write
|
||
|
2FB9000
|
trusted library allocation
|
page read and write
|
||
|
571E000
|
trusted library allocation
|
page read and write
|
||
|
4E20000
|
trusted library allocation
|
page read and write
|
||
|
2805000
|
trusted library allocation
|
page read and write
|
||
|
145E000
|
stack
|
page read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
573D000
|
trusted library allocation
|
page read and write
|
||
|
8400000
|
trusted library allocation
|
page execute and read and write
|
||
|
10D0000
|
heap
|
page read and write
|
||
|
800E000
|
stack
|
page read and write
|
||
|
19F7000
|
heap
|
page read and write
|
||
|
7F990000
|
trusted library allocation
|
page execute and read and write
|
||
|
1649000
|
heap
|
page read and write
|
||
|
1220000
|
heap
|
page read and write
|
||
|
1490000
|
trusted library allocation
|
page read and write
|
||
|
279E000
|
stack
|
page read and write
|
||
|
1210000
|
trusted library allocation
|
page read and write
|
||
|
572E000
|
trusted library allocation
|
page read and write
|
||
|
18D8000
|
trusted library allocation
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
39C0000
|
trusted library allocation
|
page read and write
|
||
|
BCFE000
|
stack
|
page read and write
|
||
|
67CE000
|
stack
|
page read and write
|
||
|
68CD000
|
stack
|
page read and write
|
||
|
53C0000
|
heap
|
page read and write
|
||
|
679D000
|
stack
|
page read and write
|
||
|
32F0000
|
heap
|
page read and write
|
||
|
27FF000
|
trusted library allocation
|
page read and write
|
||
|
6DFE000
|
stack
|
page read and write
|
||
|
15F3000
|
heap
|
page read and write
|
||
|
F2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
139E000
|
stack
|
page read and write
|
||
|
6916000
|
heap
|
page read and write
|
||
|
6BEE000
|
stack
|
page read and write
|
||
|
BE7F000
|
stack
|
page read and write
|
||
|
7360000
|
heap
|
page read and write
|
||
|
1823000
|
trusted library allocation
|
page execute and read and write
|
||
|
1028000
|
heap
|
page read and write
|
||
|
A9E000
|
heap
|
page read and write
|
||
|
F20000
|
trusted library allocation
|
page read and write
|
||
|
1254000
|
heap
|
page read and write
|
||
|
11E0000
|
heap
|
page read and write
|
||
|
422000
|
remote allocation
|
page execute and read and write
|
||
|
1445000
|
heap
|
page read and write
|
||
|
4E46000
|
trusted library allocation
|
page read and write
|
||
|
5731000
|
trusted library allocation
|
page read and write
|
||
|
1820000
|
trusted library allocation
|
page read and write
|
||
|
6F0D000
|
stack
|
page read and write
|
||
|
DCE000
|
stack
|
page read and write
|
||
|
2DF0000
|
trusted library allocation
|
page read and write
|
||
|
150D000
|
trusted library allocation
|
page read and write
|
||
|
44FB000
|
trusted library allocation
|
page read and write
|
||
|
7140000
|
trusted library allocation
|
page read and write
|
||
|
3F59000
|
trusted library allocation
|
page read and write
|
||
|
120A000
|
trusted library allocation
|
page execute and read and write
|
||
|
11FE000
|
stack
|
page read and write
|
||
|
3A85000
|
trusted library allocation
|
page read and write
|
||
|
5700000
|
trusted library allocation
|
page read and write
|
||
|
6D70000
|
trusted library allocation
|
page read and write
|
||
|
51F0000
|
trusted library allocation
|
page read and write
|
||
|
1200000
|
trusted library allocation
|
page read and write
|
||
|
19C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B3C000
|
heap
|
page read and write
|
||
|
57DC000
|
stack
|
page read and write
|
||
|
1250000
|
heap
|
page read and write
|
||
|
1228000
|
heap
|
page read and write
|
||
|
1440000
|
heap
|
page read and write
|
||
|
F0E000
|
stack
|
page read and write
|
||
|
1240000
|
trusted library allocation
|
page execute and read and write
|
||
|
5523000
|
heap
|
page read and write
|
||
|
15F6000
|
heap
|
page read and write
|
||
|
27F0000
|
trusted library allocation
|
page read and write
|
||
|
719E000
|
stack
|
page read and write
|
||
|
1877000
|
heap
|
page read and write
|
||
|
1000000
|
heap
|
page read and write
|
||
|
71A0000
|
heap
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
3328000
|
trusted library allocation
|
page read and write
|
||
|
6C5E000
|
stack
|
page read and write
|
||
|
5040000
|
trusted library allocation
|
page read and write
|
||
|
5272000
|
heap
|
page read and write
|
||
|
1170000
|
trusted library allocation
|
page read and write
|
||
|
2930000
|
heap
|
page read and write
|
||
|
5570000
|
heap
|
page read and write
|
||
|
531E000
|
stack
|
page read and write
|
||
|
F5B000
|
trusted library allocation
|
page execute and read and write
|
||
|
32F7000
|
heap
|
page read and write
|
||
|
11A2000
|
trusted library allocation
|
page read and write
|
||
|
FE4000
|
trusted library allocation
|
page read and write
|
||
|
6F60000
|
trusted library allocation
|
page read and write
|
||
|
423000
|
remote allocation
|
page execute and read and write
|
||
|
2938000
|
heap
|
page read and write
|
||
|
B02000
|
heap
|
page read and write
|
||
|
2DC0000
|
trusted library allocation
|
page read and write
|
||
|
1160000
|
trusted library allocation
|
page read and write
|
||
|
7F060000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D8E000
|
stack
|
page read and write
|
||
|
1192000
|
trusted library allocation
|
page read and write
|
||
|
72F0000
|
heap
|
page read and write
|
||
|
124A000
|
heap
|
page read and write
|
||
|
13E0000
|
heap
|
page execute and read and write
|
||
|
19E0000
|
heap
|
page read and write
|
||
|
6B30000
|
heap
|
page read and write
|
||
|
148E000
|
stack
|
page read and write
|
||
|
14BE000
|
trusted library allocation
|
page read and write
|
||
|
5266000
|
heap
|
page read and write
|
||
|
5736000
|
trusted library allocation
|
page read and write
|
||
|
32D5000
|
trusted library allocation
|
page read and write
|
||
|
5FD000
|
stack
|
page read and write
|
||
|
5773000
|
heap
|
page read and write
|
||
|
5716000
|
trusted library allocation
|
page read and write
|
||
|
55E5000
|
heap
|
page read and write
|
||
|
C13C000
|
stack
|
page read and write
|
||
|
12F9000
|
stack
|
page read and write
|
||
|
14AE000
|
trusted library allocation
|
page read and write
|
||
|
27E4000
|
trusted library allocation
|
page read and write
|
||
|
2B9C000
|
trusted library allocation
|
page read and write
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
5710000
|
trusted library allocation
|
page read and write
|
||
|
E7A000
|
stack
|
page read and write
|
||
|
7124000
|
trusted library allocation
|
page read and write
|
||
|
8472000
|
trusted library allocation
|
page read and write
|
||
|
5790000
|
trusted library allocation
|
page read and write
|
||
|
6DA0000
|
trusted library allocation
|
page read and write
|
||
|
4E70000
|
heap
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
475D000
|
trusted library allocation
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
165D000
|
heap
|
page read and write
|
||
|
5A1C000
|
stack
|
page read and write
|
||
|
445A000
|
trusted library allocation
|
page read and write
|
||
|
32F1000
|
trusted library allocation
|
page read and write
|
||
|
6E00000
|
heap
|
page read and write
|
||
|
402000
|
remote allocation
|
page execute and read and write
|
||
|
2F71000
|
trusted library allocation
|
page read and write
|
||
|
4370000
|
trusted library allocation
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
68F0000
|
heap
|
page read and write
|
||
|
6EE6000
|
trusted library allocation
|
page read and write
|
||
|
1846000
|
trusted library allocation
|
page execute and read and write
|
||
|
11D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
699E000
|
heap
|
page read and write
|
||
|
5970000
|
trusted library allocation
|
page read and write
|
||
|
7310000
|
trusted library allocation
|
page read and write
|
||
|
2920000
|
trusted library allocation
|
page read and write
|
||
|
F33000
|
trusted library allocation
|
page read and write
|
||
|
BD00000
|
heap
|
page read and write
|
||
|
83AE000
|
stack
|
page read and write
|
||
|
534E000
|
stack
|
page read and write
|
||
|
184A000
|
trusted library allocation
|
page execute and read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
32A1000
|
trusted library allocation
|
page read and write
|
||
|
ABA000
|
stack
|
page read and write
|
||
|
11A7000
|
trusted library allocation
|
page execute and read and write
|
||
|
4ED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E52000
|
trusted library allocation
|
page read and write
|
||
|
2F31000
|
trusted library allocation
|
page read and write
|
||
|
8470000
|
trusted library allocation
|
page read and write
|
||
|
10C0000
|
heap
|
page read and write
|
||
|
183D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6BE3000
|
heap
|
page read and write
|
||
|
FED000
|
trusted library allocation
|
page execute and read and write
|
||
|
141E000
|
stack
|
page read and write
|
||
|
68D0000
|
heap
|
page read and write
|
||
|
1530000
|
heap
|
page read and write
|
||
|
5760000
|
trusted library allocation
|
page read and write
|
||
|
1537000
|
heap
|
page read and write
|
||
|
C9E000
|
stack
|
page read and write
|
||
|
B8FE000
|
stack
|
page read and write
|
||
|
F40000
|
trusted library allocation
|
page read and write
|
||
|
FD0000
|
trusted library allocation
|
page read and write
|
||
|
6997000
|
heap
|
page read and write
|
||
|
30EF000
|
trusted library allocation
|
page read and write
|
||
|
1590000
|
heap
|
page read and write
|
||
|
1842000
|
trusted library allocation
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
717E000
|
stack
|
page read and write
|
||
|
1042000
|
heap
|
page read and write
|
||
|
7120000
|
trusted library allocation
|
page read and write
|
||
|
BFBE000
|
stack
|
page read and write
|
||
|
F52000
|
trusted library allocation
|
page read and write
|
||
|
32ED000
|
trusted library allocation
|
page read and write
|
||
|
1196000
|
trusted library allocation
|
page execute and read and write
|
||
|
576E000
|
stack
|
page read and write
|
||
|
329E000
|
stack
|
page read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
4E3E000
|
trusted library allocation
|
page read and write
|
||
|
5960000
|
trusted library allocation
|
page read and write
|
||
|
539D000
|
stack
|
page read and write
|
||
|
C5EE000
|
stack
|
page read and write
|
||
|
FE0000
|
trusted library allocation
|
page read and write
|
||
|
14EB000
|
trusted library allocation
|
page read and write
|
||
|
4EC0000
|
heap
|
page read and write
|
||
|
11AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1173000
|
trusted library allocation
|
page execute and read and write
|
||
|
2810000
|
heap
|
page execute and read and write
|
||
|
6EEB000
|
trusted library allocation
|
page read and write
|
||
|
435000
|
remote allocation
|
page execute and read and write
|
||
|
58FF000
|
stack
|
page read and write
|
||
|
2DAF000
|
trusted library allocation
|
page read and write
|
||
|
2F66000
|
trusted library allocation
|
page read and write
|
||
|
2FDD000
|
trusted library allocation
|
page read and write
|
||
|
14FA000
|
trusted library allocation
|
page read and write
|
||
|
53CC000
|
stack
|
page read and write
|
||
|
5750000
|
trusted library allocation
|
page read and write
|
||
|
185B000
|
trusted library allocation
|
page execute and read and write
|
||
|
5200000
|
heap
|
page read and write
|
||
|
69D0000
|
trusted library allocation
|
page read and write
|
||
|
11A0000
|
trusted library allocation
|
page read and write
|
||
|
1501000
|
trusted library allocation
|
page read and write
|
||
|
2941000
|
trusted library allocation
|
page read and write
|
||
|
14F2000
|
trusted library allocation
|
page read and write
|
||
|
572A000
|
trusted library allocation
|
page read and write
|
||
|
F24000
|
trusted library allocation
|
page read and write
|
||
|
2E20000
|
heap
|
page execute and read and write
|
||
|
1174000
|
trusted library allocation
|
page read and write
|
||
|
4E50000
|
trusted library allocation
|
page read and write
|
||
|
14EE000
|
trusted library allocation
|
page read and write
|
||
|
4870000
|
trusted library allocation
|
page read and write
|
||
|
C23C000
|
stack
|
page read and write
|
||
|
FCE000
|
stack
|
page read and write
|
||
|
2F81000
|
trusted library allocation
|
page read and write
|
||
|
57A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5780000
|
trusted library section
|
page read and write
|
||
|
4E80000
|
trusted library allocation
|
page read and write
|
||
|
291F000
|
stack
|
page read and write
|
||
|
BBEE000
|
stack
|
page read and write
|
||
|
BEFE000
|
stack
|
page read and write
|
||
|
14FE000
|
trusted library allocation
|
page read and write
|
||
|
50CE000
|
stack
|
page read and write
|
||
|
15E9000
|
heap
|
page read and write
|
||
|
5380000
|
heap
|
page read and write
|
||
|
BAEE000
|
stack
|
page read and write
|
||
|
3F9D000
|
trusted library allocation
|
page read and write
|
||
|
7117000
|
trusted library allocation
|
page read and write
|
||
|
2DA0000
|
trusted library allocation
|
page read and write
|
||
|
960000
|
unkown
|
page readonly
|
||
|
14CE000
|
stack
|
page read and write
|
||
|
C4AE000
|
stack
|
page read and write
|
||
|
5742000
|
trusted library allocation
|
page read and write
|
||
|
7150000
|
trusted library allocation
|
page execute and read and write
|
||
|
52B0000
|
trusted library allocation
|
page read and write
|
||
|
19D0000
|
trusted library allocation
|
page read and write
|
||
|
1852000
|
trusted library allocation
|
page read and write
|
||
|
C72C000
|
stack
|
page read and write
|
||
|
5050000
|
trusted library allocation
|
page execute and read and write
|
||
|
27E0000
|
trusted library allocation
|
page read and write
|
||
|
117D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5060000
|
heap
|
page execute and read and write
|
||
|
2E41000
|
trusted library allocation
|
page read and write
|
||
|
4E4D000
|
trusted library allocation
|
page read and write
|
||
|
6D77000
|
trusted library allocation
|
page read and write
|
||
|
6B24000
|
heap
|
page read and write
|
||
|
FF3000
|
trusted library allocation
|
page read and write
|
||
|
57A0000
|
heap
|
page read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
80B0000
|
trusted library allocation
|
page read and write
|
||
|
168E000
|
heap
|
page read and write
|
||
|
5290000
|
heap
|
page read and write
|
||
|
BD3E000
|
stack
|
page read and write
|
||
|
14D2000
|
trusted library allocation
|
page read and write
|
||
|
83D0000
|
trusted library allocation
|
page read and write
|
||
|
1880000
|
trusted library allocation
|
page read and write
|
||
|
6D80000
|
trusted library allocation
|
page read and write
|
||
|
10C7000
|
heap
|
page read and write
|
||
|
12F1000
|
heap
|
page read and write
|
||
|
6B94000
|
heap
|
page read and write
|
||
|
6ED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
4ADC000
|
stack
|
page read and write
|
||
|
11A5000
|
trusted library allocation
|
page execute and read and write
|
||
|
15C0000
|
heap
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
1210000
|
trusted library allocation
|
page read and write
|
||
|
751E000
|
stack
|
page read and write
|
||
|
121B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1180000
|
trusted library allocation
|
page read and write
|
||
|
2A5A000
|
heap
|
page read and write
|
||
|
6A1E000
|
stack
|
page read and write
|
||
|
3984000
|
trusted library allocation
|
page read and write
|
||
|
1200000
|
trusted library allocation
|
page read and write
|
||
|
149E000
|
stack
|
page read and write
|
||
|
1857000
|
trusted library allocation
|
page execute and read and write
|
||
|
F30000
|
trusted library allocation
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
2F2D000
|
stack
|
page read and write
|
||
|
6B26000
|
heap
|
page read and write
|
||
|
1824000
|
trusted library allocation
|
page read and write
|
||
|
B3F000
|
heap
|
page read and write
|
||
|
14CD000
|
trusted library allocation
|
page read and write
|
||
|
640D000
|
stack
|
page read and write
|
||
|
2DB0000
|
trusted library allocation
|
page read and write
|
||
|
4F3C000
|
stack
|
page read and write
|
||
|
6B6D000
|
stack
|
page read and write
|
||
|
2D90000
|
trusted library allocation
|
page read and write
|
||
|
F93000
|
heap
|
page read and write
|
||
|
3A3F000
|
trusted library allocation
|
page read and write
|
||
|
32DF000
|
trusted library allocation
|
page read and write
|
||
|
11C0000
|
trusted library allocation
|
page read and write
|
||
|
650E000
|
stack
|
page read and write
|
||
|
5A7E000
|
stack
|
page read and write
|
||
|
5B7E000
|
stack
|
page read and write
|
||
|
55A9000
|
heap
|
page read and write
|
||
|
FE3000
|
trusted library allocation
|
page execute and read and write
|
||
|
110E000
|
stack
|
page read and write
|
||
|
F10000
|
trusted library allocation
|
page read and write
|
||
|
6F8E000
|
stack
|
page read and write
|
||
|
6BAF000
|
stack
|
page read and write
|
||
|
39FE000
|
trusted library allocation
|
page read and write
|
||
|
962000
|
unkown
|
page readonly
|
||
|
2FD0000
|
trusted library allocation
|
page read and write
|
||
|
2F6A000
|
stack
|
page read and write
|
||
|
2A0E000
|
unkown
|
page read and write
|
||
|
5780000
|
heap
|
page execute and read and write
|
||
|
403000
|
remote allocation
|
page execute and read and write
|
||
|
4FEE000
|
stack
|
page read and write
|
||
|
332A000
|
trusted library allocation
|
page read and write
|
||
|
11F0000
|
trusted library allocation
|
page read and write
|
||
|
6B1F000
|
stack
|
page read and write
|
||
|
1125000
|
heap
|
page read and write
|
||
|
42A1000
|
trusted library allocation
|
page read and write
|
||
|
AC4000
|
heap
|
page read and write
|
||
|
13F8000
|
trusted library allocation
|
page read and write
|
||
|
1120000
|
heap
|
page read and write
|
||
|
3F31000
|
trusted library allocation
|
page read and write
|
||
|
5722000
|
trusted library allocation
|
page read and write
|
||
|
FA0000
|
trusted library allocation
|
page read and write
|
||
|
14A4000
|
trusted library allocation
|
page read and write
|
||
|
55CF000
|
heap
|
page read and write
|
||
|
6B20000
|
heap
|
page read and write
|
||
|
6DB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7110000
|
trusted library allocation
|
page read and write
|
||
|
5770000
|
heap
|
page read and write
|
||
|
5230000
|
heap
|
page read and write
|
||
|
7F2A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6965000
|
heap
|
page read and write
|
||
|
C0FE000
|
stack
|
page read and write
|
||
|
1206000
|
trusted library allocation
|
page execute and read and write
|
||
|
FB9000
|
heap
|
page read and write
|
||
|
C1F0000
|
heap
|
page read and write
|
||
|
7280000
|
trusted library allocation
|
page read and write
|
||
|
1520000
|
trusted library allocation
|
page read and write
|
||
|
433000
|
remote allocation
|
page execute and read and write
|
||
|
14A0000
|
trusted library allocation
|
page read and write
|
||
|
AD2000
|
heap
|
page read and write
|
||
|
6D70000
|
trusted library allocation
|
page read and write
|
||
|
57B0000
|
trusted library section
|
page read and write
|
||
|
43E000
|
remote allocation
|
page execute and read and write
|
||
|
BB7000
|
stack
|
page read and write
|
||
|
437000
|
remote allocation
|
page execute and read and write
|
||
|
1217000
|
trusted library allocation
|
page execute and read and write
|
||
|
5520000
|
heap
|
page read and write
|
||
|
2B9E000
|
stack
|
page read and write
|
||
|
708E000
|
stack
|
page read and write
|
||
|
1110000
|
heap
|
page read and write
|
||
|
6BEA000
|
heap
|
page read and write
|
||
|
F70000
|
trusted library allocation
|
page read and write
|
||
|
52A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7F700000
|
trusted library allocation
|
page execute and read and write
|
||
|
53D0000
|
trusted library section
|
page read and write
|
||
|
2FBB000
|
trusted library allocation
|
page read and write
|
||
|
F80000
|
trusted library allocation
|
page execute and read and write
|
||
|
7E7000
|
stack
|
page read and write
|
There are 529 hidden memdumps, click here to show them.