Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Win32.PWSX-gen.4960.23508.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\tmp9C71.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\lnYkIr.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.4960.23508.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\lnYkIr.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bzuq32ob.u1b.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fv5xasf4.rpi.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ga4hat10.ybz.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i5tjpzaf.s5s.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nlawgkar.oii.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ny3uspx2.xmw.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rhe4w4cg.g22.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xqq2bpia.wp5.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpADC6.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\lnYkIr.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.4960.23508.exe
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.4960.23508.exe
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.4960.23508.exe
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\lnYkIr.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
C:\Windows\System32\schtasks.exe" /Create /TN "Updates\lnYkIr" /XML "C:\Users\user\AppData\Local\Temp\tmp9C71.tmp
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.4960.23508.exe
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.4960.23508.exe
|
|
|
|
C:\Users\user\AppData\Roaming\lnYkIr.exe
|
C:\Users\user\AppData\Roaming\lnYkIr.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
C:\Windows\System32\schtasks.exe" /Create /TN "Updates\lnYkIr" /XML "C:\Users\user\AppData\Local\Temp\tmpADC6.tmp
|
|
|
|
C:\Users\user\AppData\Roaming\lnYkIr.exe
|
C:\Users\user\AppData\Roaming\lnYkIr.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 3 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
|
unknown
|
||
|
http://ocsp.sectigo.com0A
|
unknown
|
||
|
http://ip-api.com/line/?fields=hostingyi;
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://us2.smtp.mailhostbox.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://ip-api.com/line/?fields=hostingCi
|
unknown
|
||
|
http://crl.usertr
|
unknown
|
||
|
http://ocsp.usertru
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
||
|
http://ip-api.com
|
unknown
|
There are 2 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
us2.smtp.mailhostbox.com
|
208.91.198.143
|
||
|
ip-api.com
|
208.95.112.1
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.211.108
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
208.91.198.143
|
us2.smtp.mailhostbox.com
|
United States
|
||
|
208.95.112.1
|
ip-api.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\lnYkIr_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\lnYkIr_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\lnYkIr_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\lnYkIr_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\lnYkIr_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\lnYkIr_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\lnYkIr_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\lnYkIr_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\lnYkIr_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\lnYkIr_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\lnYkIr_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\lnYkIr_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\lnYkIr_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\lnYkIr_RASMANCS
|
FileDirectory
|
There are 19 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3261000
|
trusted library allocation
|
page read and write
|
|
|
|
32AB000
|
trusted library allocation
|
page read and write
|
|
|
|
3287000
|
trusted library allocation
|
page read and write
|
|
|
|
2C11000
|
trusted library allocation
|
page read and write
|
|
|
|
2C37000
|
trusted library allocation
|
page read and write
|
|
|
|
400E000
|
trusted library allocation
|
page read and write
|
|
|
|
441F000
|
trusted library allocation
|
page read and write
|
|
|
|
2C5B000
|
trusted library allocation
|
page read and write
|
|
|
|
D70000
|
heap
|
page read and write
|
||
|
56C0000
|
trusted library allocation
|
page read and write
|
||
|
E61000
|
heap
|
page read and write
|
||
|
69F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
7449000
|
trusted library allocation
|
page read and write
|
||
|
16D6000
|
trusted library allocation
|
page execute and read and write
|
||
|
692F000
|
stack
|
page read and write
|
||
|
EA0000
|
heap
|
page read and write
|
||
|
416000
|
remote allocation
|
page execute and read and write
|
||
|
1777000
|
heap
|
page read and write
|
||
|
5750000
|
heap
|
page read and write
|
||
|
642E000
|
stack
|
page read and write
|
||
|
8BB7000
|
heap
|
page read and write
|
||
|
188D000
|
trusted library allocation
|
page execute and read and write
|
||
|
576A000
|
trusted library allocation
|
page read and write
|
||
|
E62000
|
trusted library allocation
|
page read and write
|
||
|
2F8F000
|
unkown
|
page read and write
|
||
|
32DB000
|
trusted library allocation
|
page read and write
|
||
|
5080000
|
trusted library allocation
|
page read and write
|
||
|
7680000
|
trusted library allocation
|
page execute and read and write
|
||
|
32E5000
|
trusted library allocation
|
page read and write
|
||
|
9E8E000
|
stack
|
page read and write
|
||
|
2C3F000
|
trusted library allocation
|
page read and write
|
||
|
5350000
|
trusted library section
|
page readonly
|
||
|
2A90000
|
heap
|
page read and write
|
||
|
42D3000
|
trusted library allocation
|
page read and write
|
||
|
16B4000
|
trusted library allocation
|
page read and write
|
||
|
3060000
|
trusted library allocation
|
page read and write
|
||
|
32B4000
|
trusted library allocation
|
page read and write
|
||
|
5042000
|
trusted library allocation
|
page read and write
|
||
|
3FCE000
|
trusted library allocation
|
page read and write
|
||
|
A58E000
|
stack
|
page read and write
|
||
|
429000
|
remote allocation
|
page execute and read and write
|
||
|
6DB7000
|
trusted library allocation
|
page read and write
|
||
|
1495000
|
heap
|
page read and write
|
||
|
5771000
|
trusted library allocation
|
page read and write
|
||
|
3210000
|
trusted library allocation
|
page read and write
|
||
|
B6BD000
|
stack
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
6DE0000
|
trusted library allocation
|
page read and write
|
||
|
A83D000
|
stack
|
page read and write
|
||
|
2C31000
|
trusted library allocation
|
page read and write
|
||
|
E52000
|
trusted library allocation
|
page read and write
|
||
|
5370000
|
heap
|
page read and write
|
||
|
6070000
|
trusted library allocation
|
page read and write
|
||
|
3062000
|
trusted library allocation
|
page read and write
|
||
|
7F320000
|
trusted library allocation
|
page execute and read and write
|
||
|
576E000
|
trusted library allocation
|
page read and write
|
||
|
9C0A000
|
trusted library allocation
|
page read and write
|
||
|
18AA000
|
trusted library allocation
|
page execute and read and write
|
||
|
A20D000
|
stack
|
page read and write
|
||
|
45C8000
|
trusted library allocation
|
page read and write
|
||
|
646D000
|
stack
|
page read and write
|
||
|
632D000
|
stack
|
page read and write
|
||
|
1559000
|
heap
|
page read and write
|
||
|
189D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1347000
|
heap
|
page read and write
|
||
|
70F0000
|
trusted library allocation
|
page read and write
|
||
|
7130000
|
trusted library section
|
page read and write
|
||
|
E65000
|
trusted library allocation
|
page execute and read and write
|
||
|
7760000
|
trusted library allocation
|
page read and write
|
||
|
5900000
|
trusted library allocation
|
page read and write
|
||
|
16D2000
|
trusted library allocation
|
page read and write
|
||
|
EFE000
|
heap
|
page read and write
|
||
|
6F7F000
|
stack
|
page read and write
|
||
|
1380000
|
heap
|
page read and write
|
||
|
7499000
|
heap
|
page read and write
|
||
|
43E000
|
remote allocation
|
page execute and read and write
|
||
|
EC6000
|
heap
|
page read and write
|
||
|
5865000
|
heap
|
page read and write
|
||
|
5076000
|
trusted library allocation
|
page read and write
|
||
|
577D000
|
trusted library allocation
|
page read and write
|
||
|
2B9E000
|
stack
|
page read and write
|
||
|
2C1B000
|
trusted library allocation
|
page read and write
|
||
|
15A0000
|
heap
|
page read and write
|
||
|
6E3E000
|
stack
|
page read and write
|
||
|
3074000
|
trusted library allocation
|
page read and write
|
||
|
15A3000
|
heap
|
page read and write
|
||
|
6CB0000
|
heap
|
page read and write
|
||
|
C39000
|
stack
|
page read and write
|
||
|
1176000
|
trusted library allocation
|
page execute and read and write
|
||
|
305B000
|
stack
|
page read and write
|
||
|
1172000
|
trusted library allocation
|
page read and write
|
||
|
43DE000
|
trusted library allocation
|
page read and write
|
||
|
30C0000
|
trusted library allocation
|
page read and write
|
||
|
540D000
|
stack
|
page read and write
|
||
|
5F4E000
|
stack
|
page read and write
|
||
|
55CE000
|
stack
|
page read and write
|
||
|
5E4E000
|
stack
|
page read and write
|
||
|
2C3D000
|
trusted library allocation
|
page read and write
|
||
|
743E000
|
stack
|
page read and write
|
||
|
747F000
|
stack
|
page read and write
|
||
|
732E000
|
heap
|
page read and write
|
||
|
16DA000
|
trusted library allocation
|
page execute and read and write
|
||
|
6FB0000
|
heap
|
page read and write
|
||
|
BE2C000
|
stack
|
page read and write
|
||
|
5910000
|
heap
|
page execute and read and write
|
||
|
57C0000
|
heap
|
page read and write
|
||
|
505D000
|
trusted library allocation
|
page read and write
|
||
|
2DC0000
|
heap
|
page execute and read and write
|
||
|
3228000
|
trusted library allocation
|
page read and write
|
||
|
6706000
|
heap
|
page read and write
|
||
|
329A000
|
trusted library allocation
|
page read and write
|
||
|
5770000
|
trusted library allocation
|
page read and write
|
||
|
2C35000
|
trusted library allocation
|
page read and write
|
||
|
1550000
|
heap
|
page read and write
|
||
|
575B000
|
trusted library allocation
|
page read and write
|
||
|
B83D000
|
stack
|
page read and write
|
||
|
6E40000
|
heap
|
page read and write
|
||
|
BF2E000
|
stack
|
page read and write
|
||
|
70C0000
|
trusted library section
|
page read and write
|
||
|
52B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
BA7E000
|
stack
|
page read and write
|
||
|
2BE1000
|
trusted library allocation
|
page read and write
|
||
|
66AE000
|
stack
|
page read and write
|
||
|
402000
|
remote allocation
|
page execute and read and write
|
||
|
765F000
|
stack
|
page read and write
|
||
|
31DF000
|
stack
|
page read and write
|
||
|
3070000
|
trusted library allocation
|
page read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
3040000
|
trusted library allocation
|
page read and write
|
||
|
30CE000
|
stack
|
page read and write
|
||
|
54F0000
|
heap
|
page read and write
|
||
|
13C5000
|
heap
|
page read and write
|
||
|
6A2F000
|
stack
|
page read and write
|
||
|
5762000
|
trusted library allocation
|
page read and write
|
||
|
2C00000
|
trusted library allocation
|
page read and write
|
||
|
2C8E000
|
unkown
|
page read and write
|
||
|
2C57000
|
trusted library allocation
|
page read and write
|
||
|
E67000
|
trusted library allocation
|
page execute and read and write
|
||
|
5BCC000
|
stack
|
page read and write
|
||
|
ED6000
|
heap
|
page read and write
|
||
|
8D8F000
|
stack
|
page read and write
|
||
|
6C5E000
|
stack
|
page read and write
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
5E0F000
|
stack
|
page read and write
|
||
|
656D000
|
stack
|
page read and write
|
||
|
1555000
|
heap
|
page read and write
|
||
|
2D10000
|
trusted library allocation
|
page read and write
|
||
|
18A0000
|
trusted library allocation
|
page read and write
|
||
|
D37000
|
stack
|
page read and write
|
||
|
2E70000
|
heap
|
page read and write
|
||
|
14F0000
|
heap
|
page read and write
|
||
|
1153000
|
trusted library allocation
|
page execute and read and write
|
||
|
6CBC000
|
heap
|
page read and write
|
||
|
13AE000
|
heap
|
page read and write
|
||
|
31EE000
|
stack
|
page read and write
|
||
|
7590000
|
heap
|
page read and write
|
||
|
5070000
|
trusted library allocation
|
page read and write
|
||
|
16B0000
|
trusted library allocation
|
page read and write
|
||
|
31E1000
|
trusted library allocation
|
page read and write
|
||
|
1870000
|
trusted library allocation
|
page read and write
|
||
|
1890000
|
trusted library allocation
|
page read and write
|
||
|
6B6E000
|
stack
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
525E000
|
stack
|
page read and write
|
||
|
5776000
|
trusted library allocation
|
page read and write
|
||
|
454B000
|
trusted library allocation
|
page read and write
|
||
|
ED7000
|
heap
|
page read and write
|
||
|
3BE1000
|
trusted library allocation
|
page read and write
|
||
|
6BAD000
|
stack
|
page read and write
|
||
|
16CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
13B5000
|
heap
|
page read and write
|
||
|
10EE000
|
stack
|
page read and write
|
||
|
F69000
|
heap
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
32BB000
|
trusted library allocation
|
page read and write
|
||
|
67D7000
|
trusted library allocation
|
page read and write
|
||
|
2D25000
|
trusted library allocation
|
page read and write
|
||
|
5CCF000
|
stack
|
page read and write
|
||
|
66B0000
|
heap
|
page read and write
|
||
|
532C000
|
stack
|
page read and write
|
||
|
B47E000
|
stack
|
page read and write
|
||
|
1594000
|
heap
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
530C000
|
stack
|
page read and write
|
||
|
E90000
|
trusted library allocation
|
page read and write
|
||
|
62EE000
|
stack
|
page read and write
|
||
|
1259000
|
stack
|
page read and write
|
||
|
13BA000
|
heap
|
page read and write
|
||
|
8B90000
|
heap
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
6860000
|
heap
|
page read and write
|
||
|
6D5E000
|
stack
|
page read and write
|
||
|
300F000
|
stack
|
page read and write
|
||
|
5074000
|
trusted library allocation
|
page read and write
|
||
|
3090000
|
heap
|
page read and write
|
||
|
E4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1187000
|
trusted library allocation
|
page execute and read and write
|
||
|
14BA000
|
heap
|
page read and write
|
||
|
4645000
|
trusted library allocation
|
page read and write
|
||
|
2BD0000
|
heap
|
page execute and read and write
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
3438000
|
trusted library allocation
|
page read and write
|
||
|
2CDE000
|
stack
|
page read and write
|
||
|
61ED000
|
stack
|
page read and write
|
||
|
3093000
|
heap
|
page read and write
|
||
|
6815000
|
trusted library allocation
|
page read and write
|
||
|
6DCD000
|
trusted library allocation
|
page read and write
|
||
|
3488000
|
trusted library allocation
|
page read and write
|
||
|
558E000
|
stack
|
page read and write
|
||
|
E50000
|
trusted library allocation
|
page read and write
|
||
|
56F0000
|
trusted library allocation
|
page read and write
|
||
|
E54000
|
heap
|
page read and write
|
||
|
7420000
|
heap
|
page read and write
|
||
|
1390000
|
heap
|
page read and write
|
||
|
2CAA000
|
stack
|
page read and write
|
||
|
2C6B000
|
trusted library allocation
|
page read and write
|
||
|
504A000
|
trusted library allocation
|
page read and write
|
||
|
B6D9000
|
heap
|
page read and write
|
||
|
560E000
|
stack
|
page read and write
|
||
|
6FD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
29A8000
|
trusted library allocation
|
page read and write
|
||
|
8C8E000
|
stack
|
page read and write
|
||
|
1760000
|
trusted library allocation
|
page execute and read and write
|
||
|
6220000
|
heap
|
page read and write
|
||
|
A7FC000
|
stack
|
page read and write
|
||
|
8E2000
|
unkown
|
page readonly
|
||
|
3DD1000
|
trusted library allocation
|
page read and write
|
||
|
E56000
|
trusted library allocation
|
page execute and read and write
|
||
|
14D7000
|
heap
|
page read and write
|
||
|
548E000
|
stack
|
page read and write
|
||
|
542B000
|
stack
|
page read and write
|
||
|
5A9E000
|
stack
|
page read and write
|
||
|
E5F000
|
heap
|
page read and write
|
||
|
786E000
|
stack
|
page read and write
|
||
|
32DF000
|
trusted library allocation
|
page read and write
|
||
|
1880000
|
trusted library allocation
|
page read and write
|
||
|
1330000
|
trusted library allocation
|
page execute and read and write
|
||
|
5238000
|
trusted library allocation
|
page read and write
|
||
|
DFE000
|
stack
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
58C3000
|
heap
|
page read and write
|
||
|
2FCE000
|
stack
|
page read and write
|
||
|
EFC000
|
heap
|
page read and write
|
||
|
58E0000
|
heap
|
page read and write
|
||
|
2F5E000
|
stack
|
page read and write
|
||
|
437000
|
remote allocation
|
page execute and read and write
|
||
|
57B0000
|
heap
|
page read and write
|
||
|
13B0000
|
heap
|
page read and write
|
||
|
1150000
|
trusted library allocation
|
page read and write
|
||
|
1163000
|
trusted library allocation
|
page read and write
|
||
|
2A7C000
|
stack
|
page read and write
|
||
|
299E000
|
stack
|
page read and write
|
||
|
69E6000
|
trusted library allocation
|
page read and write
|
||
|
30A0000
|
heap
|
page execute and read and write
|
||
|
E5A000
|
trusted library allocation
|
page execute and read and write
|
||
|
A93F000
|
stack
|
page read and write
|
||
|
E3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
56A0000
|
heap
|
page read and write
|
||
|
78EE000
|
stack
|
page read and write
|
||
|
118B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1182000
|
trusted library allocation
|
page read and write
|
||
|
30B5000
|
trusted library allocation
|
page read and write
|
||
|
6E60000
|
heap
|
page read and write
|
||
|
7320000
|
heap
|
page read and write
|
||
|
56A5000
|
heap
|
page read and write
|
||
|
71DB000
|
trusted library allocation
|
page read and write
|
||
|
12F7000
|
stack
|
page read and write
|
||
|
8B50000
|
heap
|
page read and write
|
||
|
699E000
|
stack
|
page read and write
|
||
|
EC9000
|
heap
|
page read and write
|
||
|
175E000
|
stack
|
page read and write
|
||
|
7482000
|
trusted library allocation
|
page read and write
|
||
|
14A0000
|
trusted library allocation
|
page read and write
|
||
|
3285000
|
trusted library allocation
|
page read and write
|
||
|
16C3000
|
trusted library allocation
|
page read and write
|
||
|
6800000
|
trusted library allocation
|
page read and write
|
||
|
3200000
|
trusted library allocation
|
page read and write
|
||
|
16B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
6230000
|
heap
|
page read and write
|
||
|
6DF0000
|
trusted library allocation
|
page read and write
|
||
|
4259000
|
trusted library allocation
|
page read and write
|
||
|
2DB0000
|
trusted library allocation
|
page read and write
|
||
|
5051000
|
trusted library allocation
|
page read and write
|
||
|
521E000
|
stack
|
page read and write
|
||
|
11A0000
|
trusted library allocation
|
page read and write
|
||
|
9FCF000
|
stack
|
page read and write
|
||
|
16FB000
|
trusted library allocation
|
page execute and read and write
|
||
|
133C000
|
stack
|
page read and write
|
||
|
6CAD000
|
stack
|
page read and write
|
||
|
2E18000
|
trusted library allocation
|
page read and write
|
||
|
1140000
|
trusted library allocation
|
page read and write
|
||
|
116D000
|
trusted library allocation
|
page execute and read and write
|
||
|
112D000
|
stack
|
page read and write
|
||
|
6F60000
|
trusted library allocation
|
page read and write
|
||
|
3283000
|
trusted library allocation
|
page read and write
|
||
|
58C0000
|
trusted library section
|
page readonly
|
||
|
5BAD000
|
stack
|
page read and write
|
||
|
32DD000
|
trusted library allocation
|
page read and write
|
||
|
5860000
|
heap
|
page read and write
|
||
|
6FAE000
|
stack
|
page read and write
|
||
|
30D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5AB0000
|
heap
|
page read and write
|
||
|
A680000
|
trusted library allocation
|
page execute and read and write
|
||
|
E30000
|
trusted library allocation
|
page read and write
|
||
|
5750000
|
trusted library allocation
|
page read and write
|
||
|
18A2000
|
trusted library allocation
|
page read and write
|
||
|
1160000
|
trusted library allocation
|
page read and write
|
||
|
58F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
344F000
|
trusted library allocation
|
page read and write
|
||
|
670E000
|
heap
|
page read and write
|
||
|
E47000
|
heap
|
page read and write
|
||
|
16BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
575E000
|
trusted library allocation
|
page read and write
|
||
|
299D000
|
stack
|
page read and write
|
||
|
98C000
|
unkown
|
page readonly
|
||
|
2C9E000
|
stack
|
page read and write
|
||
|
13FE000
|
heap
|
page read and write
|
||
|
5A4C000
|
stack
|
page read and write
|
||
|
2D6A000
|
heap
|
page read and write
|
||
|
E40000
|
trusted library allocation
|
page read and write
|
||
|
5D0E000
|
stack
|
page read and write
|
||
|
32E3000
|
trusted library allocation
|
page read and write
|
||
|
E2B000
|
heap
|
page read and write
|
||
|
3E27000
|
trusted library allocation
|
page read and write
|
||
|
4CDE000
|
stack
|
page read and write
|
||
|
747E000
|
heap
|
page read and write
|
||
|
117A000
|
trusted library allocation
|
page execute and read and write
|
||
|
56E1000
|
trusted library allocation
|
page read and write
|
||
|
78AE000
|
stack
|
page read and write
|
||
|
56C4000
|
trusted library allocation
|
page read and write
|
||
|
14BE000
|
heap
|
page read and write
|
||
|
2C36000
|
trusted library allocation
|
page read and write
|
||
|
8E0000
|
unkown
|
page readonly
|
||
|
EBF000
|
heap
|
page read and write
|
||
|
2C6D000
|
stack
|
page read and write
|
||
|
BD2C000
|
stack
|
page read and write
|
||
|
A0CF000
|
stack
|
page read and write
|
||
|
75B0000
|
heap
|
page read and write
|
||
|
56DE000
|
trusted library allocation
|
page read and write
|
||
|
3080000
|
trusted library allocation
|
page read and write
|
||
|
B37E000
|
stack
|
page read and write
|
||
|
16D0000
|
trusted library allocation
|
page read and write
|
||
|
2C64000
|
trusted library allocation
|
page read and write
|
||
|
5756000
|
trusted library allocation
|
page read and write
|
||
|
3EC3000
|
trusted library allocation
|
page read and write
|
||
|
2C4A000
|
trusted library allocation
|
page read and write
|
||
|
16AF000
|
stack
|
page read and write
|
||
|
3231000
|
trusted library allocation
|
page read and write
|
||
|
3C4A000
|
trusted library allocation
|
page read and write
|
||
|
503B000
|
trusted library allocation
|
page read and write
|
||
|
2C40000
|
trusted library allocation
|
page read and write
|
||
|
6DF5000
|
trusted library allocation
|
page read and write
|
||
|
F95000
|
heap
|
page read and write
|
||
|
3079000
|
trusted library allocation
|
page read and write
|
||
|
41E9000
|
trusted library allocation
|
page read and write
|
||
|
B57E000
|
stack
|
page read and write
|
||
|
5062000
|
trusted library allocation
|
page read and write
|
||
|
67F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1154000
|
trusted library allocation
|
page read and write
|
||
|
685D000
|
stack
|
page read and write
|
||
|
6DB0000
|
trusted library allocation
|
page read and write
|
||
|
141B000
|
heap
|
page read and write
|
||
|
18B7000
|
heap
|
page read and write
|
||
|
E6B000
|
trusted library allocation
|
page execute and read and write
|
||
|
30D0000
|
heap
|
page read and write
|
||
|
BB80000
|
heap
|
page read and write
|
||
|
E20000
|
trusted library allocation
|
page read and write
|
||
|
737E000
|
stack
|
page read and write
|
||
|
57B0000
|
heap
|
page read and write
|
||
|
E34000
|
trusted library allocation
|
page read and write
|
||
|
12FE000
|
stack
|
page read and write
|
||
|
56ED000
|
trusted library allocation
|
page read and write
|
||
|
90A000
|
stack
|
page read and write
|
||
|
F6A000
|
stack
|
page read and write
|
||
|
5AC0000
|
heap
|
page execute and read and write
|
||
|
14C0000
|
heap
|
page read and write
|
||
|
6FC6000
|
trusted library allocation
|
page read and write
|
||
|
2D5E000
|
unkown
|
page read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
504E000
|
trusted library allocation
|
page read and write
|
||
|
537C000
|
stack
|
page read and write
|
||
|
2D30000
|
trusted library allocation
|
page read and write
|
||
|
606D000
|
stack
|
page read and write
|
||
|
57E0000
|
heap
|
page read and write
|
||
|
2A80000
|
trusted library allocation
|
page read and write
|
||
|
2DA0000
|
heap
|
page execute and read and write
|
||
|
3214000
|
trusted library allocation
|
page read and write
|
||
|
6DC0000
|
trusted library allocation
|
page read and write
|
||
|
2D20000
|
trusted library allocation
|
page read and write
|
||
|
EA8000
|
heap
|
page read and write
|
||
|
67D0000
|
trusted library allocation
|
page read and write
|
||
|
31F0000
|
trusted library allocation
|
page read and write
|
||
|
5790000
|
trusted library allocation
|
page read and write
|
||
|
29DA000
|
stack
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
73FE000
|
stack
|
page read and write
|
||
|
B6C0000
|
heap
|
page read and write
|
||
|
3080000
|
trusted library allocation
|
page read and write
|
||
|
50A0000
|
heap
|
page read and write
|
||
|
2BC0000
|
trusted library allocation
|
page read and write
|
||
|
2BF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
158B000
|
heap
|
page read and write
|
||
|
F9A000
|
heap
|
page read and write
|
||
|
1180000
|
trusted library allocation
|
page read and write
|
||
|
A6FC000
|
stack
|
page read and write
|
||
|
56CB000
|
trusted library allocation
|
page read and write
|
||
|
D76000
|
heap
|
page read and write
|
||
|
5850000
|
trusted library allocation
|
page read and write
|
||
|
2E1E000
|
stack
|
page read and write
|
||
|
503E000
|
trusted library allocation
|
page read and write
|
||
|
70AE000
|
stack
|
page read and write
|
||
|
F13000
|
heap
|
page read and write
|
||
|
F5D000
|
heap
|
page read and write
|
||
|
12BE000
|
stack
|
page read and write
|
||
|
8BE9000
|
heap
|
page read and write
|
||
|
755E000
|
stack
|
page read and write
|
||
|
5360000
|
heap
|
page read and write
|
||
|
E2E000
|
heap
|
page read and write
|
||
|
16C0000
|
trusted library allocation
|
page read and write
|
||
|
2E20000
|
heap
|
page read and write
|
||
|
32E7000
|
trusted library allocation
|
page read and write
|
||
|
4ECC000
|
stack
|
page read and write
|
||
|
66C0000
|
heap
|
page read and write
|
||
|
7F230000
|
trusted library allocation
|
page execute and read and write
|
||
|
E69000
|
heap
|
page read and write
|
||
|
142D000
|
heap
|
page read and write
|
||
|
70E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
115D000
|
trusted library allocation
|
page execute and read and write
|
||
|
187F000
|
stack
|
page read and write
|
||
|
52F3000
|
heap
|
page read and write
|
||
|
65AE000
|
stack
|
page read and write
|
||
|
7750000
|
trusted library allocation
|
page read and write
|
||
|
1552000
|
heap
|
page read and write
|
||
|
5690000
|
trusted library allocation
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
52F0000
|
heap
|
page read and write
|
||
|
2C10000
|
trusted library allocation
|
page read and write
|
||
|
CF9000
|
stack
|
page read and write
|
||
|
5D0E000
|
stack
|
page read and write
|
||
|
16F7000
|
trusted library allocation
|
page execute and read and write
|
||
|
A210000
|
heap
|
page read and write
|
||
|
3DD9000
|
trusted library allocation
|
page read and write
|
||
|
1340000
|
heap
|
page read and write
|
||
|
32A7000
|
trusted library allocation
|
page read and write
|
||
|
8B89000
|
heap
|
page read and write
|
||
|
133E000
|
stack
|
page read and write
|
||
|
A34E000
|
stack
|
page read and write
|
||
|
154C000
|
heap
|
page read and write
|
||
|
429B000
|
trusted library allocation
|
page read and write
|
||
|
B93D000
|
stack
|
page read and write
|
||
|
427000
|
remote allocation
|
page execute and read and write
|
||
|
58BB000
|
stack
|
page read and write
|
||
|
7478000
|
heap
|
page read and write
|
||
|
67ED000
|
trusted library allocation
|
page read and write
|
||
|
2BEE000
|
stack
|
page read and write
|
||
|
5710000
|
trusted library allocation
|
page read and write
|
||
|
5036000
|
trusted library allocation
|
page read and write
|
||
|
1710000
|
trusted library allocation
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
1340000
|
heap
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
16F2000
|
trusted library allocation
|
page read and write
|
||
|
A44E000
|
stack
|
page read and write
|
||
|
57AD000
|
stack
|
page read and write
|
||
|
2C2E000
|
trusted library allocation
|
page read and write
|
||
|
2C14000
|
trusted library allocation
|
page read and write
|
||
|
3C09000
|
trusted library allocation
|
page read and write
|
||
|
3E75000
|
trusted library allocation
|
page read and write
|
||
|
137E000
|
stack
|
page read and write
|
||
|
BA3E000
|
stack
|
page read and write
|
||
|
5020000
|
heap
|
page execute and read and write
|
||
|
75A0000
|
trusted library allocation
|
page read and write
|
||
|
6734000
|
heap
|
page read and write
|
||
|
67C0000
|
trusted library allocation
|
page read and write
|
||
|
6D03000
|
heap
|
page read and write
|
||
|
2C42000
|
trusted library allocation
|
page read and write
|
||
|
602D000
|
stack
|
page read and write
|
||
|
F02000
|
heap
|
page read and write
|
||
|
1490000
|
heap
|
page read and write
|
||
|
1770000
|
heap
|
page read and write
|
||
|
1398000
|
heap
|
page read and write
|
||
|
A97E000
|
stack
|
page read and write
|
||
|
5E0E000
|
stack
|
page read and write
|
||
|
16F0000
|
heap
|
page read and write
|
||
|
534B000
|
stack
|
page read and write
|
||
|
50B0000
|
heap
|
page read and write
|
||
|
30E0000
|
heap
|
page read and write
|
||
|
585A000
|
trusted library allocation
|
page read and write
|
||
|
2D50000
|
trusted library allocation
|
page read and write
|
||
|
69E0000
|
trusted library allocation
|
page read and write
|
||
|
3076000
|
trusted library allocation
|
page read and write
|
||
|
1884000
|
trusted library allocation
|
page read and write
|
||
|
7690000
|
trusted library allocation
|
page read and write
|
||
|
995000
|
heap
|
page read and write
|
||
|
52E0000
|
trusted library allocation
|
page read and write
|
||
|
7768000
|
trusted library allocation
|
page read and write
|
||
|
417000
|
remote allocation
|
page execute and read and write
|
||
|
415000
|
remote allocation
|
page execute and read and write
|
||
|
B87E000
|
stack
|
page read and write
|
||
|
5056000
|
trusted library allocation
|
page read and write
|
||
|
14F2000
|
heap
|
page read and write
|
||
|
67E0000
|
trusted library allocation
|
page read and write
|
||
|
3220000
|
heap
|
page execute and read and write
|
||
|
6DD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
414000
|
remote allocation
|
page execute and read and write
|
||
|
B7F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1170000
|
trusted library allocation
|
page read and write
|
||
|
306B000
|
trusted library allocation
|
page execute and read and write
|
||
|
52C0000
|
trusted library allocation
|
page read and write
|
||
|
6810000
|
trusted library allocation
|
page read and write
|
||
|
2C50000
|
heap
|
page read and write
|
||
|
2CCF000
|
unkown
|
page read and write
|
||
|
AA7F000
|
stack
|
page read and write
|
||
|
412000
|
remote allocation
|
page execute and read and write
|
||
|
3425000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
14B0000
|
heap
|
page read and write
|
||
|
3065000
|
trusted library allocation
|
page execute and read and write
|
||
|
428000
|
remote allocation
|
page execute and read and write
|
||
|
14E4000
|
heap
|
page read and write
|
||
|
58C0000
|
heap
|
page read and write
|
||
|
E3F000
|
heap
|
page read and write
|
||
|
71B0000
|
trusted library allocation
|
page read and write
|
||
|
3060000
|
trusted library allocation
|
page read and write
|
||
|
A48E000
|
stack
|
page read and write
|
||
|
5790000
|
trusted library allocation
|
page read and write
|
||
|
2DD1000
|
trusted library allocation
|
page read and write
|
||
|
3067000
|
trusted library allocation
|
page execute and read and write
|
||
|
5780000
|
trusted library allocation
|
page execute and read and write
|
||
|
32D9000
|
trusted library allocation
|
page read and write
|
||
|
5760000
|
heap
|
page read and write
|
||
|
6A6D000
|
stack
|
page read and write
|
||
|
1883000
|
trusted library allocation
|
page execute and read and write
|
||
|
F97000
|
heap
|
page read and write
|
||
|
B5BE000
|
stack
|
page read and write
|
||
|
18B0000
|
heap
|
page read and write
|
||
|
1347000
|
heap
|
page read and write
|
||
|
16F0000
|
trusted library allocation
|
page read and write
|
||
|
6D0A000
|
heap
|
page read and write
|
||
|
E33000
|
trusted library allocation
|
page execute and read and write
|
||
|
9ECE000
|
stack
|
page read and write
|
||
|
3015000
|
trusted library allocation
|
page read and write
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
70D0000
|
trusted library section
|
page read and write
|
||
|
158D000
|
heap
|
page read and write
|
||
|
C02E000
|
stack
|
page read and write
|
||
|
5C50000
|
trusted library allocation
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
ED3000
|
heap
|
page read and write
|
||
|
32D7000
|
trusted library allocation
|
page read and write
|
||
|
13C8000
|
heap
|
page read and write
|
||
|
56F2000
|
trusted library allocation
|
page read and write
|
||
|
5782000
|
trusted library allocation
|
page read and write
|
||
|
E93000
|
heap
|
page read and write
|
||
|
6702000
|
heap
|
page read and write
|
||
|
18A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
8B40000
|
trusted library section
|
page read and write
|
||
|
3028000
|
trusted library allocation
|
page read and write
|
||
|
50A3000
|
heap
|
page read and write
|
||
|
6FC0000
|
trusted library allocation
|
page read and write
|
||
|
2C40000
|
heap
|
page read and write
|
||
|
2E28000
|
heap
|
page read and write
|
||
|
2C33000
|
trusted library allocation
|
page read and write
|
||
|
5500000
|
trusted library allocation
|
page execute and read and write
|
||
|
7040000
|
heap
|
page read and write
|
||
|
413000
|
remote allocation
|
page execute and read and write
|
||
|
32E1000
|
trusted library allocation
|
page read and write
|
||
|
58D0000
|
heap
|
page read and write
|
||
|
6FC0000
|
trusted library allocation
|
page read and write
|
||
|
41E1000
|
trusted library allocation
|
page read and write
|
||
|
1358000
|
stack
|
page read and write
|
||
|
6CF6000
|
heap
|
page read and write
|
||
|
7440000
|
trusted library allocation
|
page read and write
|
||
|
328D000
|
trusted library allocation
|
page read and write
|
||
|
F5A000
|
heap
|
page read and write
|
||
|
5030000
|
trusted library allocation
|
page read and write
|
||
|
A10D000
|
stack
|
page read and write
|
||
|
4231000
|
trusted library allocation
|
page read and write
|
||
|
56E6000
|
trusted library allocation
|
page read and write
|
||
|
BB7E000
|
stack
|
page read and write
|
||
|
16E0000
|
heap
|
page read and write
|
||
|
2D00000
|
trusted library allocation
|
page read and write
|
There are 576 hidden memdumps, click here to show them.