Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
REMITTANCE COPY.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\tmpEBC.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\CNqCubHKvlzbGo.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\CNqCubHKvlzbGo.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\REMITTANCE COPY.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1bm1gfd0.v4w.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b35eofy5.2rh.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_h0j0r0ga.coo.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hwkahjeg.gvv.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mafaltug.kxg.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ucxesdxz.ono.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vcz4ovjx.hcb.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zghntjoj.vi5.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp20AE.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\CNqCubHKvlzbGo.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\REMITTANCE COPY.exe
|
"C:\Users\user\Desktop\REMITTANCE COPY.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\REMITTANCE
COPY.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\CNqCubHKvlzbGo.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CNqCubHKvlzbGo" /XML "C:\Users\user\AppData\Local\Temp\tmpEBC.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\CNqCubHKvlzbGo.exe
|
C:\Users\user\AppData\Roaming\CNqCubHKvlzbGo.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CNqCubHKvlzbGo" /XML "C:\Users\user\AppData\Local\Temp\tmp20AE.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 3 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://tempuri.org/x.xsd?MultiGames.Properties.Resources
|
unknown
|
||
|
http://mail.tabcoeng.com
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/zuppao).
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
||
|
http://ip-api.com
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.tabcoeng.com
|
135.181.124.14
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
||
|
ip-api.com
|
208.95.112.1
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.211.108
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
135.181.124.14
|
mail.tabcoeng.com
|
Germany
|
|
|
|
208.95.112.1
|
ip-api.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2FC6000
|
trusted library allocation
|
page read and write
|
|
|
|
3CC6000
|
trusted library allocation
|
page read and write
|
|
|
|
2F64000
|
trusted library allocation
|
page read and write
|
|
|
|
2FC0000
|
trusted library allocation
|
page read and write
|
|
|
|
2F94000
|
trusted library allocation
|
page read and write
|
|
|
|
2F32000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
2F5E000
|
trusted library allocation
|
page read and write
|
|
|
|
3A75000
|
trusted library allocation
|
page read and write
|
|
|
|
54AB000
|
trusted library allocation
|
page read and write
|
||
|
D30000
|
trusted library allocation
|
page read and write
|
||
|
134C000
|
heap
|
page read and write
|
||
|
5A30000
|
heap
|
page read and write
|
||
|
D5D000
|
trusted library allocation
|
page execute and read and write
|
||
|
492F000
|
trusted library allocation
|
page read and write
|
||
|
1492000
|
trusted library allocation
|
page read and write
|
||
|
3F61000
|
trusted library allocation
|
page read and write
|
||
|
2910000
|
heap
|
page read and write
|
||
|
2E98000
|
trusted library allocation
|
page read and write
|
||
|
2E0B000
|
trusted library allocation
|
page read and write
|
||
|
15CE000
|
stack
|
page read and write
|
||
|
E87000
|
trusted library allocation
|
page execute and read and write
|
||
|
59F0000
|
trusted library allocation
|
page read and write
|
||
|
7F210000
|
trusted library allocation
|
page execute and read and write
|
||
|
E30000
|
trusted library allocation
|
page read and write
|
||
|
2960000
|
heap
|
page read and write
|
||
|
8050000
|
trusted library allocation
|
page read and write
|
||
|
5160000
|
trusted library allocation
|
page read and write
|
||
|
4EC3000
|
heap
|
page read and write
|
||
|
2C21000
|
trusted library allocation
|
page read and write
|
||
|
2DDF000
|
stack
|
page read and write
|
||
|
2A3D000
|
stack
|
page read and write
|
||
|
11B5000
|
heap
|
page read and write
|
||
|
1133000
|
trusted library allocation
|
page execute and read and write
|
||
|
290E000
|
stack
|
page read and write
|
||
|
5121000
|
trusted library allocation
|
page read and write
|
||
|
A1F000
|
heap
|
page read and write
|
||
|
2970000
|
trusted library allocation
|
page read and write
|
||
|
B0A000
|
stack
|
page read and write
|
||
|
5FAE000
|
stack
|
page read and write
|
||
|
60B2000
|
heap
|
page read and write
|
||
|
6C6E000
|
stack
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
6850000
|
trusted library allocation
|
page read and write
|
||
|
7BE0000
|
heap
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
54BE000
|
trusted library allocation
|
page read and write
|
||
|
6870000
|
trusted library allocation
|
page read and write
|
||
|
626C000
|
stack
|
page read and write
|
||
|
69C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
12D7000
|
heap
|
page read and write
|
||
|
627E000
|
heap
|
page read and write
|
||
|
2CC0000
|
trusted library allocation
|
page read and write
|
||
|
434A000
|
trusted library allocation
|
page read and write
|
||
|
5443000
|
heap
|
page read and write
|
||
|
E10000
|
trusted library allocation
|
page read and write
|
||
|
54A6000
|
trusted library allocation
|
page read and write
|
||
|
422000
|
unkown
|
page readonly
|
||
|
488A000
|
trusted library allocation
|
page read and write
|
||
|
510B000
|
trusted library allocation
|
page read and write
|
||
|
149A000
|
trusted library allocation
|
page execute and read and write
|
||
|
59DE000
|
stack
|
page read and write
|
||
|
120D000
|
heap
|
page read and write
|
||
|
E23000
|
trusted library allocation
|
page read and write
|
||
|
1473000
|
trusted library allocation
|
page execute and read and write
|
||
|
707E000
|
stack
|
page read and write
|
||
|
4E70000
|
trusted library allocation
|
page read and write
|
||
|
4F00000
|
trusted library allocation
|
page execute and read and write
|
||
|
15D0000
|
trusted library allocation
|
page read and write
|
||
|
678B000
|
trusted library allocation
|
page read and write
|
||
|
24FA000
|
stack
|
page read and write
|
||
|
A6A000
|
heap
|
page read and write
|
||
|
54C8000
|
trusted library allocation
|
page read and write
|
||
|
43E000
|
remote allocation
|
page execute and read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
3F67000
|
trusted library allocation
|
page read and write
|
||
|
1474000
|
trusted library allocation
|
page read and write
|
||
|
549C000
|
stack
|
page read and write
|
||
|
4435000
|
trusted library allocation
|
page read and write
|
||
|
E96000
|
heap
|
page read and write
|
||
|
2F5C000
|
trusted library allocation
|
page read and write
|
||
|
F4A000
|
heap
|
page read and write
|
||
|
117E000
|
stack
|
page read and write
|
||
|
670F000
|
stack
|
page read and write
|
||
|
145F000
|
stack
|
page read and write
|
||
|
1130000
|
trusted library allocation
|
page read and write
|
||
|
1250000
|
heap
|
page read and write
|
||
|
F2C000
|
stack
|
page read and write
|
||
|
150E000
|
stack
|
page read and write
|
||
|
7FE0000
|
trusted library allocation
|
page read and write
|
||
|
14A7000
|
trusted library allocation
|
page execute and read and write
|
||
|
2976000
|
trusted library allocation
|
page read and write
|
||
|
DE5000
|
heap
|
page read and write
|
||
|
E8B000
|
trusted library allocation
|
page execute and read and write
|
||
|
FF5A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5620000
|
heap
|
page read and write
|
||
|
6883000
|
trusted library allocation
|
page read and write
|
||
|
5100000
|
heap
|
page execute and read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
54CD000
|
trusted library allocation
|
page read and write
|
||
|
25F0000
|
heap
|
page read and write
|
||
|
558E000
|
stack
|
page read and write
|
||
|
6660000
|
trusted library allocation
|
page read and write
|
||
|
295F000
|
stack
|
page read and write
|
||
|
2F30000
|
trusted library allocation
|
page read and write
|
||
|
F2B000
|
heap
|
page read and write
|
||
|
1377000
|
heap
|
page read and write
|
||
|
122E000
|
heap
|
page read and write
|
||
|
296A000
|
heap
|
page read and write
|
||
|
805A000
|
trusted library allocation
|
page read and write
|
||
|
4735000
|
trusted library allocation
|
page read and write
|
||
|
E76000
|
trusted library allocation
|
page execute and read and write
|
||
|
1165000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EBC000
|
stack
|
page read and write
|
||
|
2AAF000
|
stack
|
page read and write
|
||
|
2CA1000
|
trusted library allocation
|
page read and write
|
||
|
770D000
|
stack
|
page read and write
|
||
|
5450000
|
heap
|
page execute and read and write
|
||
|
2B90000
|
heap
|
page read and write
|
||
|
3F89000
|
trusted library allocation
|
page read and write
|
||
|
54D5000
|
trusted library allocation
|
page read and write
|
||
|
29C0000
|
heap
|
page read and write
|
||
|
14A2000
|
trusted library allocation
|
page read and write
|
||
|
EA0000
|
trusted library allocation
|
page read and write
|
||
|
5E1F000
|
heap
|
page read and write
|
||
|
5440000
|
heap
|
page read and write
|
||
|
15D4000
|
trusted library allocation
|
page read and write
|
||
|
1496000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E10000
|
trusted library allocation
|
page read and write
|
||
|
D2E000
|
stack
|
page read and write
|
||
|
5510000
|
heap
|
page read and write
|
||
|
EEE000
|
stack
|
page read and write
|
||
|
6650000
|
trusted library allocation
|
page execute and read and write
|
||
|
71BD000
|
stack
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
54A2000
|
trusted library allocation
|
page read and write
|
||
|
134F000
|
heap
|
page read and write
|
||
|
5DF9000
|
heap
|
page read and write
|
||
|
54F0000
|
heap
|
page execute and read and write
|
||
|
6890000
|
trusted library allocation
|
page read and write
|
||
|
787D000
|
stack
|
page read and write
|
||
|
3C29000
|
trusted library allocation
|
page read and write
|
||
|
52D0000
|
trusted library section
|
page read and write
|
||
|
748F000
|
stack
|
page read and write
|
||
|
4E3D000
|
trusted library allocation
|
page read and write
|
||
|
120A000
|
heap
|
page read and write
|
||
|
4CA0000
|
trusted library allocation
|
page read and write
|
||
|
57FA000
|
trusted library allocation
|
page read and write
|
||
|
7BDE000
|
stack
|
page read and write
|
||
|
29A0000
|
trusted library allocation
|
page read and write
|
||
|
D53000
|
trusted library allocation
|
page read and write
|
||
|
6786000
|
trusted library allocation
|
page read and write
|
||
|
662E000
|
stack
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
CF7000
|
stack
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
E42000
|
trusted library allocation
|
page read and write
|
||
|
7DC1000
|
trusted library allocation
|
page read and write
|
||
|
FEE40000
|
trusted library allocation
|
page execute and read and write
|
||
|
128A000
|
heap
|
page read and write
|
||
|
616E000
|
stack
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
6BC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E0E000
|
trusted library allocation
|
page read and write
|
||
|
E3A000
|
trusted library allocation
|
page execute and read and write
|
||
|
9EE000
|
heap
|
page read and write
|
||
|
512D000
|
trusted library allocation
|
page read and write
|
||
|
1279000
|
heap
|
page read and write
|
||
|
1260000
|
heap
|
page read and write
|
||
|
6CAE000
|
stack
|
page read and write
|
||
|
54A4000
|
trusted library allocation
|
page read and write
|
||
|
4EC0000
|
heap
|
page read and write
|
||
|
576E000
|
stack
|
page read and write
|
||
|
58DE000
|
stack
|
page read and write
|
||
|
F5D000
|
heap
|
page read and write
|
||
|
1120000
|
trusted library allocation
|
page read and write
|
||
|
745D000
|
stack
|
page read and write
|
||
|
12FC000
|
heap
|
page read and write
|
||
|
6B80000
|
trusted library allocation
|
page read and write
|
||
|
14C0000
|
trusted library allocation
|
page read and write
|
||
|
2990000
|
heap
|
page execute and read and write
|
||
|
1470000
|
trusted library allocation
|
page read and write
|
||
|
5DC5000
|
heap
|
page read and write
|
||
|
E2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1370000
|
heap
|
page read and write
|
||
|
7D9D000
|
stack
|
page read and write
|
||
|
3C89000
|
trusted library allocation
|
page read and write
|
||
|
F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
EA3000
|
heap
|
page read and write
|
||
|
7C5C000
|
stack
|
page read and write
|
||
|
57F0000
|
trusted library allocation
|
page read and write
|
||
|
51C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5240000
|
heap
|
page read and write
|
||
|
147D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E60000
|
trusted library allocation
|
page read and write
|
||
|
2FBE000
|
trusted library allocation
|
page read and write
|
||
|
4E5F000
|
trusted library allocation
|
page read and write
|
||
|
1290000
|
trusted library allocation
|
page read and write
|
||
|
51A0000
|
heap
|
page read and write
|
||
|
69D0000
|
trusted library allocation
|
page read and write
|
||
|
1170000
|
heap
|
page read and write
|
||
|
2C54000
|
trusted library allocation
|
page read and write
|
||
|
2E70000
|
heap
|
page execute and read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
2BFF000
|
trusted library allocation
|
page read and write
|
||
|
E72000
|
trusted library allocation
|
page read and write
|
||
|
E20000
|
trusted library allocation
|
page read and write
|
||
|
511E000
|
trusted library allocation
|
page read and write
|
||
|
4DBC000
|
stack
|
page read and write
|
||
|
674E000
|
stack
|
page read and write
|
||
|
4E90000
|
trusted library allocation
|
page read and write
|
||
|
560D000
|
stack
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
2F5A000
|
trusted library allocation
|
page read and write
|
||
|
A4F000
|
heap
|
page read and write
|
||
|
2E12000
|
trusted library allocation
|
page read and write
|
||
|
39D9000
|
trusted library allocation
|
page read and write
|
||
|
2B8E000
|
stack
|
page read and write
|
||
|
1320000
|
trusted library allocation
|
page execute and read and write
|
||
|
51B0000
|
trusted library allocation
|
page read and write
|
||
|
5460000
|
trusted library section
|
page read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
663D000
|
trusted library allocation
|
page read and write
|
||
|
28EE000
|
stack
|
page read and write
|
||
|
67CD000
|
stack
|
page read and write
|
||
|
6633000
|
trusted library allocation
|
page read and write
|
||
|
5A54000
|
heap
|
page read and write
|
||
|
59F3000
|
trusted library allocation
|
page read and write
|
||
|
52BD000
|
stack
|
page read and write
|
||
|
7B2E000
|
stack
|
page read and write
|
||
|
688D000
|
trusted library allocation
|
page read and write
|
||
|
5C6E000
|
stack
|
page read and write
|
||
|
4E2E000
|
trusted library allocation
|
page read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
5B6E000
|
stack
|
page read and write
|
||
|
5210000
|
trusted library allocation
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
2AB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F61000
|
trusted library allocation
|
page read and write
|
||
|
1160000
|
trusted library allocation
|
page read and write
|
||
|
1188000
|
heap
|
page read and write
|
||
|
7EDE000
|
stack
|
page read and write
|
||
|
5104000
|
trusted library allocation
|
page read and write
|
||
|
60FB000
|
heap
|
page read and write
|
||
|
116B000
|
trusted library allocation
|
page execute and read and write
|
||
|
D50000
|
trusted library allocation
|
page read and write
|
||
|
59D0000
|
trusted library allocation
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
6780000
|
trusted library allocation
|
page read and write
|
||
|
4CA5000
|
trusted library allocation
|
page read and write
|
||
|
543F000
|
stack
|
page read and write
|
||
|
39D1000
|
trusted library allocation
|
page read and write
|
||
|
54A0000
|
trusted library allocation
|
page read and write
|
||
|
47E5000
|
trusted library allocation
|
page read and write
|
||
|
4E42000
|
trusted library allocation
|
page read and write
|
||
|
9CA000
|
stack
|
page read and write
|
||
|
590E000
|
stack
|
page read and write
|
||
|
12F4000
|
heap
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
5BA000
|
stack
|
page read and write
|
||
|
5126000
|
trusted library allocation
|
page read and write
|
||
|
2AA5000
|
trusted library allocation
|
page read and write
|
||
|
5500000
|
heap
|
page read and write
|
||
|
3F29000
|
trusted library allocation
|
page read and write
|
||
|
2C05000
|
trusted library allocation
|
page read and write
|
||
|
4F60000
|
trusted library allocation
|
page read and write
|
||
|
8040000
|
trusted library allocation
|
page execute and read and write
|
||
|
72D0000
|
heap
|
page read and write
|
||
|
5DB9000
|
heap
|
page read and write
|
||
|
57CE000
|
stack
|
page read and write
|
||
|
1490000
|
trusted library allocation
|
page read and write
|
||
|
15D6000
|
trusted library allocation
|
page read and write
|
||
|
EA1000
|
heap
|
page read and write
|
||
|
2DFE000
|
stack
|
page read and write
|
||
|
9BE000
|
stack
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
54C6000
|
trusted library allocation
|
page read and write
|
||
|
5A50000
|
heap
|
page read and write
|
||
|
113D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A5E000
|
stack
|
page read and write
|
||
|
1510000
|
trusted library allocation
|
page execute and read and write
|
||
|
533E000
|
stack
|
page read and write
|
||
|
A07000
|
heap
|
page read and write
|
||
|
E82000
|
trusted library allocation
|
page read and write
|
||
|
EF9000
|
stack
|
page read and write
|
||
|
2E26000
|
trusted library allocation
|
page read and write
|
||
|
1294000
|
heap
|
page read and write
|
||
|
54B0000
|
trusted library allocation
|
page read and write
|
||
|
579E000
|
stack
|
page read and write
|
||
|
2B4F000
|
unkown
|
page read and write
|
||
|
68A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
52F0000
|
heap
|
page read and write
|
||
|
125C000
|
heap
|
page read and write
|
||
|
E6E000
|
heap
|
page read and write
|
||
|
738E000
|
stack
|
page read and write
|
||
|
760D000
|
stack
|
page read and write
|
||
|
2EFC000
|
trusted library allocation
|
page read and write
|
||
|
57CF000
|
stack
|
page read and write
|
||
|
5440000
|
trusted library allocation
|
page read and write
|
||
|
E68000
|
heap
|
page read and write
|
||
|
1300000
|
heap
|
page read and write
|
||
|
2BDE000
|
stack
|
page read and write
|
||
|
5A1D000
|
stack
|
page read and write
|
||
|
2A5D000
|
trusted library allocation
|
page read and write
|
||
|
652E000
|
stack
|
page read and write
|
||
|
E6E000
|
stack
|
page read and write
|
||
|
4E36000
|
trusted library allocation
|
page read and write
|
||
|
D40000
|
trusted library allocation
|
page read and write
|
||
|
580D000
|
stack
|
page read and write
|
||
|
1460000
|
trusted library allocation
|
page read and write
|
||
|
703E000
|
stack
|
page read and write
|
||
|
7470000
|
trusted library allocation
|
page read and write
|
||
|
112E000
|
stack
|
page read and write
|
||
|
5AAE000
|
stack
|
page read and write
|
||
|
6770000
|
trusted library allocation
|
page execute and read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
49D3000
|
trusted library allocation
|
page read and write
|
||
|
1134000
|
trusted library allocation
|
page read and write
|
||
|
2FCF000
|
trusted library allocation
|
page read and write
|
||
|
64EE000
|
stack
|
page read and write
|
||
|
14A5000
|
trusted library allocation
|
page execute and read and write
|
||
|
119E000
|
heap
|
page read and write
|
||
|
764E000
|
stack
|
page read and write
|
||
|
51BB000
|
stack
|
page read and write
|
||
|
54DE000
|
stack
|
page read and write
|
||
|
4E50000
|
trusted library allocation
|
page read and write
|
||
|
2E1A000
|
trusted library allocation
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
1540000
|
heap
|
page read and write
|
||
|
14A0000
|
trusted library allocation
|
page read and write
|
||
|
12DE000
|
stack
|
page read and write
|
||
|
5500000
|
heap
|
page read and write
|
||
|
4ACB000
|
stack
|
page read and write
|
||
|
754E000
|
stack
|
page read and write
|
||
|
6AAE000
|
stack
|
page read and write
|
||
|
2E21000
|
trusted library allocation
|
page read and write
|
||
|
7F5F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
56CD000
|
stack
|
page read and write
|
||
|
E7A000
|
trusted library allocation
|
page execute and read and write
|
||
|
68EE000
|
stack
|
page read and write
|
||
|
D4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6861000
|
trusted library allocation
|
page read and write
|
||
|
14AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1152000
|
trusted library allocation
|
page read and write
|
||
|
2E2D000
|
trusted library allocation
|
page read and write
|
||
|
51F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7E9E000
|
stack
|
page read and write
|
||
|
797E000
|
stack
|
page read and write
|
||
|
3FC6000
|
trusted library allocation
|
page read and write
|
||
|
D50000
|
heap
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
5230000
|
trusted library allocation
|
page read and write
|
||
|
1274000
|
heap
|
page read and write
|
||
|
75CF000
|
stack
|
page read and write
|
||
|
2CAC000
|
trusted library allocation
|
page read and write
|
||
|
4E31000
|
trusted library allocation
|
page read and write
|
||
|
3C21000
|
trusted library allocation
|
page read and write
|
||
|
132E000
|
heap
|
page read and write
|
||
|
10F9000
|
stack
|
page read and write
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
792B000
|
stack
|
page read and write
|
||
|
E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
E4B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CF0000
|
heap
|
page read and write
|
||
|
1150000
|
trusted library allocation
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
768E000
|
stack
|
page read and write
|
||
|
1520000
|
trusted library allocation
|
page read and write
|
||
|
60D0000
|
heap
|
page read and write
|
||
|
2BE0000
|
trusted library allocation
|
page read and write
|
||
|
8212000
|
trusted library allocation
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
4EE0000
|
heap
|
page read and write
|
||
|
CEE000
|
stack
|
page read and write
|
||
|
2AC0000
|
trusted library allocation
|
page read and write
|
||
|
29B0000
|
trusted library allocation
|
page read and write
|
||
|
25EF000
|
unkown
|
page read and write
|
||
|
72BD000
|
stack
|
page read and write
|
||
|
59CD000
|
stack
|
page read and write
|
||
|
7C2E000
|
stack
|
page read and write
|
||
|
8000000
|
trusted library allocation
|
page read and write
|
||
|
F05000
|
heap
|
page read and write
|
||
|
131C000
|
stack
|
page read and write
|
||
|
420000
|
unkown
|
page readonly
|
||
|
2E1E000
|
trusted library allocation
|
page read and write
|
||
|
589E000
|
stack
|
page read and write
|
||
|
DC5000
|
heap
|
page read and write
|
||
|
4F40000
|
trusted library allocation
|
page execute and read and write
|
||
|
29D1000
|
trusted library allocation
|
page read and write
|
||
|
E00000
|
trusted library allocation
|
page read and write
|
||
|
5DB0000
|
heap
|
page read and write
|
||
|
1480000
|
trusted library allocation
|
page read and write
|
||
|
5100000
|
trusted library allocation
|
page read and write
|
||
|
1130000
|
trusted library allocation
|
page read and write
|
||
|
2C10000
|
heap
|
page execute and read and write
|
||
|
2BE6000
|
trusted library allocation
|
page read and write
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
3A39000
|
trusted library allocation
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
158C000
|
stack
|
page read and write
|
||
|
15E0000
|
heap
|
page read and write
|
||
|
57D0000
|
trusted library allocation
|
page read and write
|
||
|
9EA000
|
heap
|
page read and write
|
||
|
7FDE000
|
stack
|
page read and write
|
||
|
2560000
|
heap
|
page read and write
|
||
|
104E000
|
stack
|
page read and write
|
||
|
8430000
|
trusted library section
|
page read and write
|
||
|
6820000
|
heap
|
page read and write
|
||
|
2E00000
|
trusted library allocation
|
page read and write
|
||
|
1530000
|
trusted library allocation
|
page read and write
|
||
|
A21000
|
heap
|
page read and write
|
||
|
2CAD000
|
trusted library allocation
|
page read and write
|
||
|
6F3E000
|
stack
|
page read and write
|
||
|
6CEF000
|
stack
|
page read and write
|
||
|
D44000
|
trusted library allocation
|
page read and write
|
||
|
121E000
|
heap
|
page read and write
|
||
|
59E7000
|
trusted library allocation
|
page read and write
|
||
|
EF5000
|
heap
|
page read and write
|
||
|
127E000
|
heap
|
page read and write
|
||
|
E70000
|
trusted library allocation
|
page read and write
|
||
|
3F01000
|
trusted library allocation
|
page read and write
|
||
|
646D000
|
stack
|
page read and write
|
||
|
5DCE000
|
heap
|
page read and write
|
||
|
680E000
|
stack
|
page read and write
|
||
|
6640000
|
trusted library allocation
|
page read and write
|
||
|
24BD000
|
stack
|
page read and write
|
||
|
2F01000
|
trusted library allocation
|
page read and write
|
||
|
2AD0000
|
heap
|
page read and write
|
||
|
4C5E000
|
stack
|
page read and write
|
||
|
564C000
|
stack
|
page read and write
|
||
|
5140000
|
trusted library allocation
|
page read and write
|
||
|
4E14000
|
trusted library allocation
|
page read and write
|
||
|
2BE4000
|
trusted library allocation
|
page read and write
|
||
|
549F000
|
stack
|
page read and write
|
||
|
505E000
|
stack
|
page read and write
|
||
|
114D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6270000
|
heap
|
page read and write
|
||
|
2B0E000
|
unkown
|
page read and write
|
||
|
E32000
|
trusted library allocation
|
page read and write
|
||
|
6A6E000
|
stack
|
page read and write
|
||
|
51D0000
|
trusted library allocation
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
135A000
|
heap
|
page read and write
|
||
|
4F30000
|
heap
|
page read and write
|
||
|
E13000
|
trusted library allocation
|
page execute and read and write
|
||
|
5340000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
5239000
|
trusted library allocation
|
page read and write
|
||
|
574C000
|
stack
|
page read and write
|
||
|
1156000
|
trusted library allocation
|
page execute and read and write
|
||
|
1360000
|
trusted library allocation
|
page read and write
|
||
|
1297000
|
heap
|
page read and write
|
||
|
3F65000
|
trusted library allocation
|
page read and write
|
||
|
8F7000
|
stack
|
page read and write
|
||
|
6873000
|
trusted library allocation
|
page read and write
|
||
|
741D000
|
stack
|
page read and write
|
||
|
4C9E000
|
stack
|
page read and write
|
||
|
15E7000
|
heap
|
page read and write
|
||
|
6290000
|
heap
|
page read and write
|
||
|
62BB000
|
heap
|
page read and write
|
||
|
11FA000
|
heap
|
page read and write
|
||
|
11BE000
|
stack
|
page read and write
|
||
|
4685000
|
trusted library allocation
|
page read and write
|
||
|
4F10000
|
trusted library allocation
|
page read and write
|
||
|
2C00000
|
trusted library allocation
|
page read and write
|
||
|
1340000
|
heap
|
page read and write
|
||
|
2C28000
|
trusted library allocation
|
page read and write
|
||
|
3C69000
|
trusted library allocation
|
page read and write
|
||
|
11AA000
|
heap
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
4EF2000
|
trusted library allocation
|
page read and write
|
||
|
2CD0000
|
trusted library allocation
|
page read and write
|
||
|
2A04000
|
trusted library allocation
|
page read and write
|
||
|
2CC4000
|
trusted library allocation
|
page read and write
|
||
|
54C1000
|
trusted library allocation
|
page read and write
|
||
|
1167000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BD0000
|
heap
|
page read and write
|
||
|
7D5C000
|
stack
|
page read and write
|
||
|
E36000
|
trusted library allocation
|
page execute and read and write
|
||
|
7A2C000
|
stack
|
page read and write
|
||
|
2A7A000
|
stack
|
page read and write
|
||
|
627C000
|
heap
|
page read and write
|
||
|
25AE000
|
unkown
|
page read and write
|
||
|
5A4A000
|
heap
|
page read and write
|
||
|
778E000
|
stack
|
page read and write
|
||
|
2F6C000
|
trusted library allocation
|
page read and write
|
||
|
6867000
|
trusted library allocation
|
page read and write
|
||
|
62E7000
|
heap
|
page read and write
|
||
|
1162000
|
trusted library allocation
|
page read and write
|
||
|
54B8000
|
trusted library allocation
|
page read and write
|
||
|
FD5000
|
heap
|
page read and write
|
||
|
E14000
|
trusted library allocation
|
page read and write
|
||
|
2E8E000
|
stack
|
page read and write
|
||
|
7730000
|
heap
|
page read and write
|
||
|
E47000
|
trusted library allocation
|
page execute and read and write
|
||
|
54D2000
|
trusted library allocation
|
page read and write
|
||
|
6C70000
|
heap
|
page read and write
|
||
|
60AE000
|
stack
|
page read and write
|
||
|
684E000
|
stack
|
page read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
5AB0000
|
heap
|
page read and write
|
||
|
D43000
|
trusted library allocation
|
page execute and read and write
|
||
|
D9E000
|
stack
|
page read and write
|
||
|
5243000
|
heap
|
page read and write
|
||
|
5470000
|
trusted library section
|
page read and write
|
||
|
4E1B000
|
trusted library allocation
|
page read and write
|
||
|
7ADE000
|
stack
|
page read and write
|
||
|
115A000
|
trusted library allocation
|
page execute and read and write
|
||
|
74CE000
|
stack
|
page read and write
|
||
|
2EF0000
|
heap
|
page execute and read and write
|
||
|
2CF5000
|
trusted library allocation
|
page read and write
|
||
|
54B4000
|
trusted library allocation
|
page read and write
|
||
|
2CF3000
|
trusted library allocation
|
page read and write
|
||
|
57E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
292E000
|
stack
|
page read and write
|
||
|
1268000
|
heap
|
page read and write
|
||
|
2AC0000
|
heap
|
page read and write
|
||
|
554C000
|
stack
|
page read and write
|
||
|
51B2000
|
trusted library allocation
|
page read and write
|
||
|
78B0000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page execute and read and write
|
||
|
60B0000
|
heap
|
page read and write
|
||
|
D5B000
|
stack
|
page read and write
|
||
|
59E0000
|
trusted library allocation
|
page read and write
|
||
|
5132000
|
trusted library allocation
|
page read and write
|
||
|
459A000
|
trusted library allocation
|
page read and write
|
||
|
2BF0000
|
trusted library allocation
|
page read and write
|
||
|
296E000
|
stack
|
page read and write
|
||
|
572E000
|
stack
|
page read and write
|
||
|
11B8000
|
heap
|
page read and write
|
||
|
11FB000
|
stack
|
page read and write
|
||
|
4E65000
|
trusted library allocation
|
page read and write
|
||
|
60B6000
|
heap
|
page read and write
|
||
|
568F000
|
stack
|
page read and write
|
||
|
660E000
|
stack
|
page read and write
|
||
|
120E000
|
stack
|
page read and write
|
||
|
717E000
|
stack
|
page read and write
|
||
|
72C0000
|
heap
|
page read and write
|
||
|
CAE000
|
stack
|
page read and write
|
||
|
4FFD000
|
stack
|
page read and write
|
||
|
2BDB000
|
heap
|
page read and write
|
||
|
1330000
|
trusted library allocation
|
page read and write
|
||
|
1140000
|
trusted library allocation
|
page read and write
|
There are 535 hidden memdumps, click here to show them.