Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Win32.PWSX-gen.9317.6656.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.9317.6656.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmpAAF6.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\ZRuVeAoBoxootS.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\ZRuVeAoBoxootS.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ZRuVeAoBoxootS.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1pmywpym.zns.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bf1som1k.bkf.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f3kx0xm0.jis.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hdijaa0z.5td.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hzahx3fj.qhl.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sjw0skxy.dk0.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w2l1vtjz.ivp.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ycpcbrzu.p2t.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpC13D.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
There are 7 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.9317.6656.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.9317.6656.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.9317.6656.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\ZRuVeAoBoxootS.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ZRuVeAoBoxootS" /XML "C:\Users\user\AppData\Local\Temp\tmpAAF6.tmp"
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.9317.6656.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.9317.6656.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\ZRuVeAoBoxootS.exe
|
C:\Users\user\AppData\Roaming\ZRuVeAoBoxootS.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ZRuVeAoBoxootS" /XML "C:\Users\user\AppData\Local\Temp\tmpC13D.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\ZRuVeAoBoxootS.exe
|
"C:\Users\user\AppData\Roaming\ZRuVeAoBoxootS.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\ZRuVeAoBoxootS.exe
|
"C:\Users\user\AppData\Roaming\ZRuVeAoBoxootS.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
127.0.0.1
|
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
http://geoplugin.net/json.gpB
|
unknown
|
||
|
http://geoplugin.net/json.gp8
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
officerem.duckdns.org
|
103.186.116.145
|
|
|
|
geoplugin.net
|
178.237.33.50
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
103.186.116.145
|
officerem.duckdns.org
|
unknown
|
|
|
|
127.0.0.1
|
unknown
|
unknown
|
|
|
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-6GPUH1
|
exepath
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-6GPUH1
|
licence
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
CEB000
|
heap
|
page read and write
|
|
|
|
3F99000
|
trusted library allocation
|
page read and write
|
|
|
|
1017000
|
heap
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
6FAE000
|
stack
|
page read and write
|
||
|
471000
|
remote allocation
|
page execute and read and write
|
||
|
54C2000
|
trusted library allocation
|
page read and write
|
||
|
2730000
|
trusted library allocation
|
page read and write
|
||
|
B70000
|
unkown
|
page readonly
|
||
|
3961000
|
trusted library allocation
|
page read and write
|
||
|
270D000
|
trusted library allocation
|
page execute and read and write
|
||
|
10D0000
|
heap
|
page read and write
|
||
|
5FB0000
|
heap
|
page read and write
|
||
|
5120000
|
trusted library allocation
|
page read and write
|
||
|
2E10000
|
trusted library allocation
|
page execute and read and write
|
||
|
53D0000
|
trusted library allocation
|
page read and write
|
||
|
767E000
|
stack
|
page read and write
|
||
|
28A0000
|
heap
|
page read and write
|
||
|
11D5000
|
heap
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
5610000
|
heap
|
page read and write
|
||
|
C30000
|
trusted library allocation
|
page read and write
|
||
|
2713000
|
trusted library allocation
|
page read and write
|
||
|
144B000
|
trusted library allocation
|
page execute and read and write
|
||
|
29C7000
|
trusted library allocation
|
page read and write
|
||
|
7DDF000
|
stack
|
page read and write
|
||
|
4516000
|
trusted library allocation
|
page read and write
|
||
|
2700000
|
trusted library allocation
|
page read and write
|
||
|
54D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2750000
|
trusted library allocation
|
page read and write
|
||
|
543E000
|
heap
|
page read and write
|
||
|
7B9E000
|
stack
|
page read and write
|
||
|
292E000
|
trusted library allocation
|
page read and write
|
||
|
1182000
|
heap
|
page read and write
|
||
|
2A70000
|
heap
|
page read and write
|
||
|
5F80000
|
heap
|
page read and write
|
||
|
2703000
|
trusted library allocation
|
page execute and read and write
|
||
|
30AF000
|
stack
|
page read and write
|
||
|
2726000
|
trusted library allocation
|
page execute and read and write
|
||
|
475000
|
remote allocation
|
page execute and read and write
|
||
|
33BB000
|
stack
|
page read and write
|
||
|
9FAE000
|
stack
|
page read and write
|
||
|
3CD5000
|
trusted library allocation
|
page read and write
|
||
|
4F70000
|
heap
|
page read and write
|
||
|
2950000
|
heap
|
page execute and read and write
|
||
|
54C8000
|
trusted library allocation
|
page read and write
|
||
|
272A000
|
trusted library allocation
|
page execute and read and write
|
||
|
CE9000
|
stack
|
page read and write
|
||
|
53D4000
|
trusted library allocation
|
page read and write
|
||
|
5420000
|
trusted library allocation
|
page read and write
|
||
|
2E7C000
|
stack
|
page read and write
|
||
|
7050000
|
trusted library allocation
|
page read and write
|
||
|
54C0000
|
trusted library allocation
|
page read and write
|
||
|
D6E000
|
heap
|
page read and write
|
||
|
7180000
|
heap
|
page read and write
|
||
|
A3C000
|
stack
|
page read and write
|
||
|
2710000
|
trusted library allocation
|
page read and write
|
||
|
2E30000
|
heap
|
page execute and read and write
|
||
|
6B1E000
|
stack
|
page read and write
|
||
|
357F000
|
stack
|
page read and write
|
||
|
AE1E000
|
stack
|
page read and write
|
||
|
54B0000
|
heap
|
page read and write
|
||
|
DE7000
|
stack
|
page read and write
|
||
|
7FDE000
|
stack
|
page read and write
|
||
|
2A6F000
|
stack
|
page read and write
|
||
|
AC3E000
|
stack
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
279E000
|
stack
|
page read and write
|
||
|
2D78000
|
trusted library allocation
|
page read and write
|
||
|
5850000
|
heap
|
page read and write
|
||
|
108A000
|
heap
|
page read and write
|
||
|
4E60000
|
trusted library allocation
|
page read and write
|
||
|
46E000
|
remote allocation
|
page execute and read and write
|
||
|
1430000
|
trusted library allocation
|
page read and write
|
||
|
2737000
|
trusted library allocation
|
page execute and read and write
|
||
|
52A0000
|
heap
|
page read and write
|
||
|
E15000
|
heap
|
page read and write
|
||
|
E5D000
|
stack
|
page read and write
|
||
|
85F000
|
unkown
|
page read and write
|
||
|
1432000
|
trusted library allocation
|
page read and write
|
||
|
3F91000
|
trusted library allocation
|
page read and write
|
||
|
6D5E000
|
stack
|
page read and write
|
||
|
53F1000
|
trusted library allocation
|
page read and write
|
||
|
1130000
|
trusted library allocation
|
page read and write
|
||
|
ECF000
|
stack
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
80E0000
|
heap
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
EB5000
|
heap
|
page read and write
|
||
|
71B0000
|
trusted library allocation
|
page read and write
|
||
|
55FC000
|
stack
|
page read and write
|
||
|
6C1F000
|
stack
|
page read and write
|
||
|
5280000
|
trusted library allocation
|
page read and write
|
||
|
367F000
|
unkown
|
page read and write
|
||
|
6F60000
|
trusted library allocation
|
page read and write
|
||
|
3CE000
|
unkown
|
page read and write
|
||
|
27E0000
|
heap
|
page read and write
|
||
|
6F50000
|
trusted library allocation
|
page read and write
|
||
|
508C000
|
stack
|
page read and write
|
||
|
3969000
|
trusted library allocation
|
page read and write
|
||
|
5740000
|
trusted library allocation
|
page read and write
|
||
|
4E90000
|
trusted library allocation
|
page read and write
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
111E000
|
stack
|
page read and write
|
||
|
2910000
|
trusted library allocation
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
7FB000
|
heap
|
page read and write
|
||
|
517B000
|
stack
|
page read and write
|
||
|
3C5F000
|
trusted library allocation
|
page read and write
|
||
|
100F000
|
stack
|
page read and write
|
||
|
53F6000
|
trusted library allocation
|
page read and write
|
||
|
8BE000
|
stack
|
page read and write
|
||
|
117F000
|
heap
|
page read and write
|
||
|
5445000
|
trusted library allocation
|
page read and write
|
||
|
327E000
|
stack
|
page read and write
|
||
|
6D9E000
|
stack
|
page read and write
|
||
|
5730000
|
trusted library allocation
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
1174000
|
heap
|
page read and write
|
||
|
5470000
|
trusted library allocation
|
page read and write
|
||
|
3A2D000
|
trusted library allocation
|
page read and write
|
||
|
71C0000
|
heap
|
page read and write
|
||
|
4EFB000
|
trusted library allocation
|
page read and write
|
||
|
273B000
|
trusted library allocation
|
page execute and read and write
|
||
|
4EF8000
|
trusted library allocation
|
page read and write
|
||
|
E0C000
|
stack
|
page read and write
|
||
|
775E000
|
stack
|
page read and write
|
||
|
5710000
|
heap
|
page read and write
|
||
|
5402000
|
trusted library allocation
|
page read and write
|
||
|
2732000
|
trusted library allocation
|
page read and write
|
||
|
7F410000
|
trusted library allocation
|
page execute and read and write
|
||
|
F5F000
|
stack
|
page read and write
|
||
|
3160000
|
heap
|
page read and write
|
||
|
63D000
|
stack
|
page read and write
|
||
|
1442000
|
trusted library allocation
|
page read and write
|
||
|
2914000
|
trusted library allocation
|
page read and write
|
||
|
71C0000
|
trusted library allocation
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
3AE4000
|
trusted library allocation
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
57F0000
|
trusted library allocation
|
page read and write
|
||
|
2720000
|
trusted library allocation
|
page read and write
|
||
|
C47000
|
heap
|
page read and write
|
||
|
4F10000
|
trusted library allocation
|
page read and write
|
||
|
2960000
|
heap
|
page read and write
|
||
|
2900000
|
trusted library allocation
|
page read and write
|
||
|
4968000
|
trusted library allocation
|
page read and write
|
||
|
A45D000
|
stack
|
page read and write
|
||
|
5580000
|
trusted library allocation
|
page read and write
|
||
|
E03000
|
heap
|
page read and write
|
||
|
1010000
|
heap
|
page read and write
|
||
|
A55E000
|
stack
|
page read and write
|
||
|
5720000
|
heap
|
page read and write
|
||
|
4F00000
|
trusted library allocation
|
page execute and read and write
|
||
|
74F000
|
stack
|
page read and write
|
||
|
E24000
|
heap
|
page read and write
|
||
|
A31C000
|
stack
|
page read and write
|
||
|
5760000
|
heap
|
page execute and read and write
|
||
|
2931000
|
trusted library allocation
|
page read and write
|
||
|
2F8F000
|
stack
|
page read and write
|
||
|
81E000
|
unkown
|
page read and write
|
||
|
2D6E000
|
stack
|
page read and write
|
||
|
AE5C000
|
stack
|
page read and write
|
||
|
1707000
|
heap
|
page read and write
|
||
|
2CEC000
|
trusted library allocation
|
page read and write
|
||
|
1083000
|
heap
|
page read and write
|
||
|
5413000
|
heap
|
page read and write
|
||
|
FBE000
|
stack
|
page read and write
|
||
|
5855000
|
heap
|
page read and write
|
||
|
4E44000
|
trusted library allocation
|
page read and write
|
||
|
1420000
|
trusted library allocation
|
page read and write
|
||
|
53EE000
|
trusted library allocation
|
page read and write
|
||
|
71A000
|
stack
|
page read and write
|
||
|
6F6A000
|
trusted library allocation
|
page read and write
|
||
|
2A80000
|
heap
|
page read and write
|
||
|
7080000
|
heap
|
page read and write
|
||
|
4E50000
|
trusted library allocation
|
page read and write
|
||
|
67A000
|
stack
|
page read and write
|
||
|
2D20000
|
trusted library allocation
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
52B0000
|
heap
|
page read and write
|
||
|
1050000
|
heap
|
page read and write
|
||
|
763D000
|
stack
|
page read and write
|
||
|
27DB000
|
stack
|
page read and write
|
||
|
CFB000
|
stack
|
page read and write
|
||
|
155E000
|
stack
|
page read and write
|
||
|
5840000
|
trusted library allocation
|
page read and write
|
||
|
7CDE000
|
stack
|
page read and write
|
||
|
28F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F50000
|
trusted library section
|
page readonly
|
||
|
4E46000
|
trusted library allocation
|
page read and write
|
||
|
4AFC000
|
stack
|
page read and write
|
||
|
3CEC000
|
trusted library allocation
|
page read and write
|
||
|
737E000
|
stack
|
page read and write
|
||
|
9DAD000
|
stack
|
page read and write
|
||
|
471000
|
remote allocation
|
page execute and read and write
|
||
|
CCE000
|
stack
|
page read and write
|
||
|
3BA8000
|
trusted library allocation
|
page read and write
|
||
|
785E000
|
stack
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
AF7000
|
stack
|
page read and write
|
||
|
A0AF000
|
stack
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
271D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1423000
|
trusted library allocation
|
page read and write
|
||
|
7C9E000
|
stack
|
page read and write
|
||
|
55A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
36E0000
|
heap
|
page read and write
|
||
|
1436000
|
trusted library allocation
|
page execute and read and write
|
||
|
3170000
|
heap
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
4B46000
|
trusted library allocation
|
page read and write
|
||
|
5440000
|
trusted library allocation
|
page read and write
|
||
|
7150000
|
trusted library allocation
|
page execute and read and write
|
||
|
143A000
|
trusted library allocation
|
page execute and read and write
|
||
|
C0E000
|
stack
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
29D000
|
stack
|
page read and write
|
||
|
52A5000
|
heap
|
page read and write
|
||
|
D87000
|
heap
|
page read and write
|
||
|
4F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
36D0000
|
heap
|
page read and write
|
||
|
5430000
|
heap
|
page read and write
|
||
|
1055000
|
heap
|
page read and write
|
||
|
7782000
|
trusted library allocation
|
page read and write
|
||
|
1700000
|
heap
|
page read and write
|
||
|
80DF000
|
stack
|
page read and write
|
||
|
6F40000
|
trusted library allocation
|
page read and write
|
||
|
81E0000
|
trusted library section
|
page read and write
|
||
|
4E40000
|
trusted library allocation
|
page read and write
|
||
|
722E000
|
stack
|
page read and write
|
||
|
4E65000
|
trusted library allocation
|
page read and write
|
||
|
B3C000
|
stack
|
page read and write
|
||
|
347E000
|
stack
|
page read and write
|
||
|
340000
|
heap
|
page read and write
|
||
|
3D16000
|
trusted library allocation
|
page read and write
|
||
|
5130000
|
heap
|
page read and write
|
||
|
4EC0000
|
heap
|
page execute and read and write
|
||
|
D68000
|
heap
|
page read and write
|
||
|
1413000
|
trusted library allocation
|
page execute and read and write
|
||
|
5830000
|
trusted library section
|
page read and write
|
||
|
5F90000
|
heap
|
page read and write
|
||
|
5750000
|
trusted library allocation
|
page execute and read and write
|
||
|
CD7000
|
heap
|
page read and write
|
||
|
4E70000
|
trusted library allocation
|
page read and write
|
||
|
D94000
|
heap
|
page read and write
|
||
|
5290000
|
trusted library allocation
|
page execute and read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
1060000
|
heap
|
page read and write
|
||
|
2C6F000
|
stack
|
page read and write
|
||
|
1410000
|
trusted library allocation
|
page read and write
|
||
|
527E000
|
stack
|
page read and write
|
||
|
140E000
|
stack
|
page read and write
|
||
|
2F91000
|
trusted library allocation
|
page read and write
|
||
|
7F210000
|
trusted library allocation
|
page execute and read and write
|
||
|
53FD000
|
trusted library allocation
|
page read and write
|
||
|
28C0000
|
heap
|
page read and write
|
||
|
A21C000
|
stack
|
page read and write
|
||
|
2936000
|
trusted library allocation
|
page read and write
|
||
|
D5E000
|
stack
|
page read and write
|
||
|
D9F000
|
heap
|
page read and write
|
||
|
DA1000
|
heap
|
page read and write
|
||
|
FFE000
|
stack
|
page read and write
|
||
|
2DA000
|
stack
|
page read and write
|
||
|
2942000
|
trusted library allocation
|
page read and write
|
||
|
2722000
|
trusted library allocation
|
page read and write
|
||
|
70E000
|
stack
|
page read and write
|
||
|
291B000
|
trusted library allocation
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
38E000
|
unkown
|
page read and write
|
||
|
AF5C000
|
stack
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
30EC000
|
stack
|
page read and write
|
||
|
7FE000
|
stack
|
page read and write
|
||
|
5110000
|
heap
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
A320000
|
heap
|
page read and write
|
||
|
9DED000
|
stack
|
page read and write
|
||
|
293D000
|
trusted library allocation
|
page read and write
|
||
|
2E20000
|
trusted library allocation
|
page read and write
|
||
|
2E80000
|
heap
|
page read and write
|
||
|
142D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F73000
|
heap
|
page read and write
|
||
|
C56000
|
heap
|
page read and write
|
||
|
4F5F000
|
trusted library section
|
page readonly
|
||
|
B72000
|
unkown
|
page readonly
|
||
|
114E000
|
heap
|
page read and write
|
||
|
1440000
|
trusted library allocation
|
page read and write
|
||
|
5410000
|
heap
|
page read and write
|
||
|
80E7000
|
heap
|
page read and write
|
||
|
317B000
|
heap
|
page read and write
|
||
|
11C0000
|
heap
|
page read and write
|
||
|
53DB000
|
trusted library allocation
|
page read and write
|
||
|
1414000
|
trusted library allocation
|
page read and write
|
||
|
6C5E000
|
stack
|
page read and write
|
||
|
6E9E000
|
stack
|
page read and write
|
||
|
5450000
|
trusted library allocation
|
page read and write
|
||
|
141D000
|
trusted library allocation
|
page execute and read and write
|
||
|
C50000
|
heap
|
page read and write
|
||
|
595E000
|
stack
|
page read and write
|
||
|
1450000
|
heap
|
page read and write
|
||
|
1073000
|
heap
|
page read and write
|
||
|
3B59000
|
trusted library allocation
|
page read and write
|
||
|
2961000
|
trusted library allocation
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
1065000
|
heap
|
page read and write
|
||
|
AD1E000
|
stack
|
page read and write
|
||
|
AB3E000
|
stack
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
52C0000
|
heap
|
page read and write
|
||
|
293E000
|
stack
|
page read and write
|
||
|
2FF7000
|
trusted library allocation
|
page read and write
|
||
|
1447000
|
trusted library allocation
|
page execute and read and write
|
||
|
7E1E000
|
stack
|
page read and write
|
||
|
4EE0000
|
heap
|
page read and write
|
||
|
839F000
|
stack
|
page read and write
|
||
|
F0E000
|
stack
|
page read and write
|
||
|
7F1E000
|
stack
|
page read and write
|
||
|
5430000
|
trusted library allocation
|
page read and write
|
||
|
7196000
|
heap
|
page read and write
|
||
|
11D7000
|
heap
|
page read and write
|
||
|
5600000
|
trusted library section
|
page readonly
|
||
|
28EE000
|
stack
|
page read and write
|
||
|
71E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F60000
|
heap
|
page read and write
|
||
|
8FF000
|
stack
|
page read and write
|
||
|
1167000
|
heap
|
page read and write
|
||
|
99A000
|
heap
|
page read and write
|
||
|
4EF2000
|
trusted library allocation
|
page read and write
|
||
|
2704000
|
trusted library allocation
|
page read and write
|
||
|
10AE000
|
stack
|
page read and write
|
||
|
2966000
|
heap
|
page read and write
|
||
|
97C000
|
stack
|
page read and write
|
There are 327 hidden memdumps, click here to show them.