Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
z71htmivzKAUpOkr2J.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\z71htmivzKAUpOkr2J.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3efkhjvs.p3h.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5ksw4tic.4jw.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oxo5ki1p.psn.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t1dnxjyq.zgz.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\z71htmivzKAUpOkr2J.exe
|
"C:\Users\user\Desktop\z71htmivzKAUpOkr2J.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\z71htmivzKAUpOkr2J.exe"
|
|
|
|
C:\Users\user\Desktop\z71htmivzKAUpOkr2J.exe
|
"C:\Users\user\Desktop\z71htmivzKAUpOkr2J.exe"
|
|
|
|
C:\Users\user\Desktop\z71htmivzKAUpOkr2J.exe
|
"C:\Users\user\Desktop\z71htmivzKAUpOkr2J.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://account.dyn.com/
|
unknown
|
||
|
http://mail.apexrnun.com
|
unknown
|
||
|
http://r11.o.lencr.org0#
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://x1.c.lencr.org/0
|
unknown
|
||
|
http://x1.i.lencr.org/0
|
unknown
|
||
|
http://r11.i.lencr.org/02
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
||
|
http://ip-api.com
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ip-api.com
|
208.95.112.1
|
|
|
|
mail.apexrnun.com
|
185.196.9.150
|
|
|
|
s-part-0017.t-0009.t-msedge.net
|
13.107.246.45
|
||
|
241.42.69.40.in-addr.arpa
|
unknown
|
||
|
212.20.149.52.in-addr.arpa
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
208.95.112.1
|
ip-api.com
|
United States
|
|
|
|
185.196.9.150
|
mail.apexrnun.com
|
Switzerland
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z71htmivzKAUpOkr2J_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z71htmivzKAUpOkr2J_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z71htmivzKAUpOkr2J_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z71htmivzKAUpOkr2J_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z71htmivzKAUpOkr2J_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z71htmivzKAUpOkr2J_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z71htmivzKAUpOkr2J_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z71htmivzKAUpOkr2J_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z71htmivzKAUpOkr2J_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z71htmivzKAUpOkr2J_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z71htmivzKAUpOkr2J_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z71htmivzKAUpOkr2J_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z71htmivzKAUpOkr2J_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\z71htmivzKAUpOkr2J_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3CED000
|
trusted library allocation
|
page read and write
|
|
|
|
34D1000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
34AD000
|
trusted library allocation
|
page read and write
|
|
|
|
3AC9000
|
trusted library allocation
|
page read and write
|
|
|
|
3481000
|
trusted library allocation
|
page read and write
|
|
|
|
72F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5480000
|
heap
|
page read and write
|
||
|
CA9000
|
heap
|
page read and write
|
||
|
A0D9000
|
heap
|
page read and write
|
||
|
2A80000
|
trusted library allocation
|
page read and write
|
||
|
2E38000
|
trusted library allocation
|
page read and write
|
||
|
34CD000
|
trusted library allocation
|
page read and write
|
||
|
A0B2000
|
heap
|
page read and write
|
||
|
2AB0000
|
heap
|
page execute and read and write
|
||
|
4AC8000
|
trusted library allocation
|
page read and write
|
||
|
9E7E000
|
stack
|
page read and write
|
||
|
2B20000
|
trusted library allocation
|
page read and write
|
||
|
4C5C000
|
stack
|
page read and write
|
||
|
6C80000
|
trusted library allocation
|
page read and write
|
||
|
2FEB000
|
trusted library allocation
|
page read and write
|
||
|
1612000
|
trusted library allocation
|
page read and write
|
||
|
1090000
|
trusted library allocation
|
page read and write
|
||
|
A31E000
|
stack
|
page read and write
|
||
|
1F20000
|
trusted library allocation
|
page read and write
|
||
|
1606000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AAE000
|
trusted library allocation
|
page read and write
|
||
|
3071000
|
trusted library allocation
|
page read and write
|
||
|
6D02000
|
trusted library allocation
|
page read and write
|
||
|
12D2000
|
heap
|
page read and write
|
||
|
3451000
|
trusted library allocation
|
page read and write
|
||
|
15E0000
|
trusted library allocation
|
page read and write
|
||
|
6C70000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E1C000
|
stack
|
page read and write
|
||
|
2FAD000
|
trusted library allocation
|
page read and write
|
||
|
2D29000
|
trusted library allocation
|
page read and write
|
||
|
15ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
6A2E000
|
stack
|
page read and write
|
||
|
168E000
|
stack
|
page read and write
|
||
|
1AB2000
|
trusted library allocation
|
page read and write
|
||
|
F60000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
7FBA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1ABA000
|
trusted library allocation
|
page read and write
|
||
|
50E0000
|
trusted library allocation
|
page read and write
|
||
|
1ACD000
|
trusted library allocation
|
page read and write
|
||
|
2D6A000
|
trusted library allocation
|
page read and write
|
||
|
15D0000
|
trusted library allocation
|
page read and write
|
||
|
5D10000
|
heap
|
page read and write
|
||
|
16D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FF0000
|
heap
|
page read and write
|
||
|
5D0E000
|
stack
|
page read and write
|
||
|
CB6000
|
heap
|
page read and write
|
||
|
16E0000
|
heap
|
page read and write
|
||
|
7B2000
|
unkown
|
page readonly
|
||
|
3044000
|
trusted library allocation
|
page read and write
|
||
|
1615000
|
trusted library allocation
|
page execute and read and write
|
||
|
1630000
|
heap
|
page read and write
|
||
|
2AC1000
|
trusted library allocation
|
page read and write
|
||
|
3029000
|
trusted library allocation
|
page read and write
|
||
|
1E60000
|
heap
|
page execute and read and write
|
||
|
6DD0000
|
trusted library allocation
|
page read and write
|
||
|
6BB2000
|
heap
|
page read and write
|
||
|
12E7000
|
heap
|
page read and write
|
||
|
5CCF000
|
stack
|
page read and write
|
||
|
1AAB000
|
trusted library allocation
|
page read and write
|
||
|
A0A0000
|
heap
|
page read and write
|
||
|
CC1000
|
heap
|
page read and write
|
||
|
B57000
|
stack
|
page read and write
|
||
|
2D41000
|
trusted library allocation
|
page read and write
|
||
|
1C30000
|
heap
|
page read and write
|
||
|
3C92000
|
trusted library allocation
|
page read and write
|
||
|
F7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A40000
|
trusted library allocation
|
page read and write
|
||
|
544E000
|
stack
|
page read and write
|
||
|
10B0000
|
trusted library allocation
|
page read and write
|
||
|
1AA0000
|
trusted library allocation
|
page read and write
|
||
|
6B70000
|
heap
|
page read and write
|
||
|
51A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
A0DB000
|
heap
|
page read and write
|
||
|
1610000
|
trusted library allocation
|
page read and write
|
||
|
2DBD000
|
trusted library allocation
|
page read and write
|
||
|
2E8B000
|
trusted library allocation
|
page read and write
|
||
|
C8A000
|
heap
|
page read and write
|
||
|
2D2C000
|
trusted library allocation
|
page read and write
|
||
|
A1DE000
|
stack
|
page read and write
|
||
|
15F0000
|
trusted library allocation
|
page read and write
|
||
|
A0AB000
|
heap
|
page read and write
|
||
|
1F10000
|
heap
|
page read and write
|
||
|
303E000
|
trusted library allocation
|
page read and write
|
||
|
728F000
|
stack
|
page read and write
|
||
|
FB8000
|
stack
|
page read and write
|
||
|
1E80000
|
heap
|
page read and write
|
||
|
2E4D000
|
trusted library allocation
|
page read and write
|
||
|
1218000
|
heap
|
page read and write
|
||
|
6C97000
|
trusted library allocation
|
page read and write
|
||
|
2A61000
|
trusted library allocation
|
page read and write
|
||
|
6D8E000
|
stack
|
page read and write
|
||
|
2EC9000
|
trusted library allocation
|
page read and write
|
||
|
66AD000
|
stack
|
page read and write
|
||
|
10A2000
|
trusted library allocation
|
page read and write
|
||
|
5460000
|
heap
|
page read and write
|
||
|
12CE000
|
heap
|
page read and write
|
||
|
44BB000
|
trusted library allocation
|
page read and write
|
||
|
2F98000
|
trusted library allocation
|
page read and write
|
||
|
F73000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DA8000
|
trusted library allocation
|
page read and write
|
||
|
68EE000
|
stack
|
page read and write
|
||
|
2F45000
|
trusted library allocation
|
page read and write
|
||
|
1F0E000
|
stack
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
F70000
|
trusted library allocation
|
page read and write
|
||
|
A09E000
|
stack
|
page read and write
|
||
|
C0E000
|
stack
|
page read and write
|
||
|
2F1C000
|
trusted library allocation
|
page read and write
|
||
|
728E000
|
stack
|
page read and write
|
||
|
1617000
|
trusted library allocation
|
page execute and read and write
|
||
|
10BB000
|
trusted library allocation
|
page execute and read and write
|
||
|
6CA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
718D000
|
stack
|
page read and write
|
||
|
7F650000
|
trusted library allocation
|
page execute and read and write
|
||
|
1ECE000
|
stack
|
page read and write
|
||
|
15E4000
|
trusted library allocation
|
page read and write
|
||
|
3058000
|
trusted library allocation
|
page read and write
|
||
|
3079000
|
trusted library allocation
|
page read and write
|
||
|
1AC6000
|
trusted library allocation
|
page read and write
|
||
|
A69C000
|
stack
|
page read and write
|
||
|
2D93000
|
trusted library allocation
|
page read and write
|
||
|
712000
|
unkown
|
page readonly
|
||
|
15FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
112E000
|
stack
|
page read and write
|
||
|
75BD000
|
stack
|
page read and write
|
||
|
775E000
|
stack
|
page read and write
|
||
|
2EDE000
|
trusted library allocation
|
page read and write
|
||
|
7180000
|
trusted library section
|
page read and write
|
||
|
C8E000
|
heap
|
page read and write
|
||
|
EBA000
|
stack
|
page read and write
|
||
|
2F6F000
|
trusted library allocation
|
page read and write
|
||
|
306D000
|
trusted library allocation
|
page read and write
|
||
|
1320000
|
heap
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
2F5A000
|
trusted library allocation
|
page read and write
|
||
|
5220000
|
heap
|
page read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
2FC2000
|
trusted library allocation
|
page read and write
|
||
|
1B10000
|
heap
|
page execute and read and write
|
||
|
2FD6000
|
trusted library allocation
|
page read and write
|
||
|
116B000
|
stack
|
page read and write
|
||
|
4FA0000
|
trusted library allocation
|
page read and write
|
||
|
C7E000
|
stack
|
page read and write
|
||
|
5030000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E24000
|
trusted library allocation
|
page read and write
|
||
|
C35000
|
heap
|
page read and write
|
||
|
34BF000
|
trusted library allocation
|
page read and write
|
||
|
2E62000
|
trusted library allocation
|
page read and write
|
||
|
123A000
|
heap
|
page read and write
|
||
|
3074000
|
trusted library allocation
|
page read and write
|
||
|
1C48000
|
trusted library allocation
|
page read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
1245000
|
heap
|
page read and write
|
||
|
2D7F000
|
trusted library allocation
|
page read and write
|
||
|
1DDD000
|
stack
|
page read and write
|
||
|
7209000
|
trusted library allocation
|
page read and write
|
||
|
34AB000
|
trusted library allocation
|
page read and write
|
||
|
A2DE000
|
stack
|
page read and write
|
||
|
4FC0000
|
trusted library allocation
|
page read and write
|
||
|
5020000
|
trusted library allocation
|
page read and write
|
||
|
A59000
|
stack
|
page read and write
|
||
|
7860000
|
trusted library section
|
page read and write
|
||
|
7200000
|
trusted library allocation
|
page read and write
|
||
|
15E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
5010000
|
heap
|
page read and write
|
||
|
160A000
|
trusted library allocation
|
page execute and read and write
|
||
|
A55F000
|
stack
|
page read and write
|
||
|
5465000
|
heap
|
page read and write
|
||
|
5200000
|
trusted library section
|
page readonly
|
||
|
1A80000
|
trusted library allocation
|
page read and write
|
||
|
6BDF000
|
heap
|
page read and write
|
||
|
2EB4000
|
trusted library allocation
|
page read and write
|
||
|
1F30000
|
trusted library allocation
|
page read and write
|
||
|
2EA0000
|
trusted library allocation
|
page read and write
|
||
|
5D30000
|
heap
|
page read and write
|
||
|
5170000
|
heap
|
page read and write
|
||
|
738F000
|
stack
|
page read and write
|
||
|
785E000
|
stack
|
page read and write
|
||
|
7880000
|
trusted library allocation
|
page read and write
|
||
|
55F0000
|
heap
|
page read and write
|
||
|
3000000
|
trusted library allocation
|
page read and write
|
||
|
10A0000
|
trusted library allocation
|
page read and write
|
||
|
2A44000
|
trusted library allocation
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
51FB000
|
stack
|
page read and write
|
||
|
5BCE000
|
stack
|
page read and write
|
||
|
6BCA000
|
heap
|
page read and write
|
||
|
2E0F000
|
trusted library allocation
|
page read and write
|
||
|
1187000
|
heap
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
3077000
|
trusted library allocation
|
page read and write
|
||
|
6CF0000
|
trusted library allocation
|
page read and write
|
||
|
1AA6000
|
trusted library allocation
|
page read and write
|
||
|
5791000
|
heap
|
page read and write
|
||
|
108E000
|
stack
|
page read and write
|
||
|
5173000
|
heap
|
page read and write
|
||
|
5720000
|
trusted library allocation
|
page read and write
|
||
|
1E83000
|
heap
|
page read and write
|
||
|
2F07000
|
trusted library allocation
|
page read and write
|
||
|
2A90000
|
trusted library allocation
|
page read and write
|
||
|
7140000
|
trusted library allocation
|
page read and write
|
||
|
34D9000
|
trusted library allocation
|
page read and write
|
||
|
6A6E000
|
stack
|
page read and write
|
||
|
74D0000
|
heap
|
page read and write
|
||
|
2A30000
|
trusted library allocation
|
page read and write
|
||
|
2A66000
|
trusted library allocation
|
page read and write
|
||
|
3015000
|
trusted library allocation
|
page read and write
|
||
|
2AA0000
|
trusted library allocation
|
page read and write
|
||
|
549E000
|
heap
|
page read and write
|
||
|
2A6D000
|
trusted library allocation
|
page read and write
|
||
|
1AC1000
|
trusted library allocation
|
page read and write
|
||
|
1170000
|
trusted library allocation
|
page execute and read and write
|
||
|
1093000
|
trusted library allocation
|
page read and write
|
||
|
7240000
|
trusted library allocation
|
page execute and read and write
|
||
|
43E000
|
remote allocation
|
page execute and read and write
|
||
|
5250000
|
heap
|
page execute and read and write
|
||
|
A41F000
|
stack
|
page read and write
|
||
|
5ACC000
|
stack
|
page read and write
|
||
|
1AE0000
|
trusted library allocation
|
page read and write
|
||
|
1E70000
|
trusted library allocation
|
page read and write
|
||
|
72A0000
|
heap
|
page read and write
|
||
|
2A4B000
|
trusted library allocation
|
page read and write
|
||
|
9C80000
|
heap
|
page read and write
|
||
|
F74000
|
trusted library allocation
|
page read and write
|
||
|
A6A0000
|
trusted library allocation
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
2B15000
|
trusted library allocation
|
page read and write
|
||
|
757E000
|
stack
|
page read and write
|
||
|
10B2000
|
trusted library allocation
|
page read and write
|
||
|
1E79000
|
trusted library allocation
|
page read and write
|
||
|
67EE000
|
stack
|
page read and write
|
||
|
10A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B6D000
|
stack
|
page read and write
|
||
|
10B7000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A2F000
|
stack
|
page read and write
|
||
|
2DD1000
|
trusted library allocation
|
page read and write
|
||
|
1C1E000
|
stack
|
page read and write
|
||
|
6CED000
|
stack
|
page read and write
|
||
|
10AA000
|
trusted library allocation
|
page execute and read and write
|
||
|
6BC3000
|
heap
|
page read and write
|
||
|
A59B000
|
stack
|
page read and write
|
||
|
6BB8000
|
heap
|
page read and write
|
||
|
6C90000
|
trusted library allocation
|
page read and write
|
||
|
2F83000
|
trusted library allocation
|
page read and write
|
||
|
CC3000
|
heap
|
page read and write
|
||
|
2E76000
|
trusted library allocation
|
page read and write
|
||
|
2DFA000
|
trusted library allocation
|
page read and write
|
||
|
1F2D000
|
trusted library allocation
|
page read and write
|
||
|
161B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EF2000
|
trusted library allocation
|
page read and write
|
||
|
1A90000
|
trusted library allocation
|
page read and write
|
||
|
692D000
|
stack
|
page read and write
|
||
|
109D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3AC1000
|
trusted library allocation
|
page read and write
|
||
|
710000
|
unkown
|
page readonly
|
||
|
D18000
|
heap
|
page read and write
|
||
|
63EF000
|
stack
|
page read and write
|
||
|
2F31000
|
trusted library allocation
|
page read and write
|
||
|
1AE4000
|
trusted library allocation
|
page read and write
|
||
|
2D55000
|
trusted library allocation
|
page read and write
|
||
|
7210000
|
trusted library allocation
|
page read and write
|
||
|
1247000
|
heap
|
page read and write
|
||
|
A7AE000
|
stack
|
page read and write
|
||
|
67AE000
|
stack
|
page read and write
|
||
|
10D0000
|
trusted library allocation
|
page read and write
|
||
|
16E7000
|
heap
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
1ABE000
|
trusted library allocation
|
page read and write
|
||
|
D67000
|
heap
|
page read and write
|
||
|
A45E000
|
stack
|
page read and write
|
||
|
1AF0000
|
trusted library allocation
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
4451000
|
trusted library allocation
|
page read and write
|
||
|
1640000
|
trusted library allocation
|
page read and write
|
||
|
6B7C000
|
heap
|
page read and write
|
||
|
4479000
|
trusted library allocation
|
page read and write
|
||
|
2DE6000
|
trusted library allocation
|
page read and write
|
||
|
5022000
|
trusted library allocation
|
page read and write
|
||
|
1370000
|
heap
|
page read and write
|
||
|
F4F000
|
stack
|
page read and write
|
||
|
12A7000
|
heap
|
page read and write
|
||
|
16CC000
|
stack
|
page read and write
|
||
|
34E0000
|
trusted library allocation
|
page read and write
|
||
|
10E0000
|
heap
|
page read and write
|
||
|
5470000
|
heap
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
1F37000
|
trusted library allocation
|
page read and write
|
||
|
9F9D000
|
stack
|
page read and write
|
||
|
5210000
|
heap
|
page read and write
|
||
|
2AA5000
|
trusted library allocation
|
page read and write
|
||
|
1602000
|
trusted library allocation
|
page read and write
|
||
|
1600000
|
trusted library allocation
|
page read and write
|
||
|
2A5E000
|
trusted library allocation
|
page read and write
|
There are 290 hidden memdumps, click here to show them.