Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
UPDATED SSTATEMENT OF ACCOUNT.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\tmpC678.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\TgfQNrhQjjseHY.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\TgfQNrhQjjseHY.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\UPDATED SSTATEMENT OF ACCOUNT.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_caww4iwt.cup.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dnlgrcyq.nbj.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iyunuva1.4cb.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mra1hua4.ssk.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_p3nqfhd4.35i.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q0tc3v3q.egd.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xsh0e31k.x3w.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zzva54p5.5aw.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpD609.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TgfQNrhQjjseHY.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\UPDATED SSTATEMENT OF ACCOUNT.exe
|
"C:\Users\user\Desktop\UPDATED SSTATEMENT OF ACCOUNT.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\UPDATED
SSTATEMENT OF ACCOUNT.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\TgfQNrhQjjseHY.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\TgfQNrhQjjseHY" /XML "C:\Users\user\AppData\Local\Temp\tmpC678.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\TgfQNrhQjjseHY.exe
|
C:\Users\user\AppData\Roaming\TgfQNrhQjjseHY.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\TgfQNrhQjjseHY" /XML "C:\Users\user\AppData\Local\Temp\tmpD609.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 3 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://tempuri.org/x.xsd?MultiGames.Properties.Resources
|
unknown
|
||
|
http://mail.tabcoeng.com
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/zuppao).
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
||
|
http://ip-api.com
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.tabcoeng.com
|
135.181.124.14
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
||
|
ip-api.com
|
208.95.112.1
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.211.108
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
135.181.124.14
|
mail.tabcoeng.com
|
Germany
|
|
|
|
208.95.112.1
|
ip-api.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
2F33000
|
trusted library allocation
|
page read and write
|
|
|
|
509F000
|
trusted library allocation
|
page read and write
|
|
|
|
2F5F000
|
trusted library allocation
|
page read and write
|
|
|
|
2A72000
|
trusted library allocation
|
page read and write
|
|
|
|
4510000
|
trusted library allocation
|
page read and write
|
|
|
|
2A9E000
|
trusted library allocation
|
page read and write
|
|
|
|
740000
|
heap
|
page read and write
|
||
|
5420000
|
heap
|
page read and write
|
||
|
131C000
|
heap
|
page read and write
|
||
|
2EA0000
|
trusted library allocation
|
page read and write
|
||
|
624E000
|
heap
|
page read and write
|
||
|
2B7E000
|
stack
|
page read and write
|
||
|
53F4000
|
trusted library allocation
|
page read and write
|
||
|
B4BE000
|
stack
|
page read and write
|
||
|
5910000
|
trusted library section
|
page read and write
|
||
|
CBFC000
|
stack
|
page read and write
|
||
|
CAFC000
|
stack
|
page read and write
|
||
|
17A5000
|
trusted library allocation
|
page read and write
|
||
|
8C1E000
|
stack
|
page read and write
|
||
|
8C60000
|
heap
|
page read and write
|
||
|
104E000
|
stack
|
page read and write
|
||
|
2F01000
|
trusted library allocation
|
page read and write
|
||
|
3689000
|
trusted library allocation
|
page read and write
|
||
|
575E000
|
stack
|
page read and write
|
||
|
544E000
|
stack
|
page read and write
|
||
|
556E000
|
trusted library allocation
|
page read and write
|
||
|
D10000
|
unkown
|
page readonly
|
||
|
6880000
|
heap
|
page read and write
|
||
|
1220000
|
trusted library allocation
|
page read and write
|
||
|
A3F000
|
stack
|
page read and write
|
||
|
4FC3000
|
heap
|
page read and write
|
||
|
555C000
|
stack
|
page read and write
|
||
|
C90000
|
trusted library allocation
|
page execute and read and write
|
||
|
24FB000
|
trusted library allocation
|
page read and write
|
||
|
509E000
|
stack
|
page read and write
|
||
|
C3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
31D0000
|
trusted library allocation
|
page read and write
|
||
|
24F0000
|
trusted library allocation
|
page read and write
|
||
|
6240000
|
heap
|
page read and write
|
||
|
67C3000
|
trusted library allocation
|
page read and write
|
||
|
3AA7000
|
trusted library allocation
|
page read and write
|
||
|
53FE000
|
trusted library allocation
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
247F000
|
trusted library allocation
|
page read and write
|
||
|
A44000
|
trusted library allocation
|
page read and write
|
||
|
4B10000
|
heap
|
page read and write
|
||
|
CBF000
|
heap
|
page read and write
|
||
|
1147000
|
heap
|
page read and write
|
||
|
3F7000
|
stack
|
page read and write
|
||
|
40E5000
|
trusted library allocation
|
page read and write
|
||
|
BA3E000
|
stack
|
page read and write
|
||
|
927000
|
heap
|
page read and write
|
||
|
B5BE000
|
stack
|
page read and write
|
||
|
5140000
|
heap
|
page execute and read and write
|
||
|
6BAE000
|
stack
|
page read and write
|
||
|
8A5E000
|
stack
|
page read and write
|
||
|
442E000
|
trusted library allocation
|
page read and write
|
||
|
4DF9000
|
trusted library allocation
|
page read and write
|
||
|
27D0000
|
heap
|
page read and write
|
||
|
53E6000
|
trusted library allocation
|
page read and write
|
||
|
1502000
|
trusted library allocation
|
page read and write
|
||
|
5B8E000
|
stack
|
page read and write
|
||
|
4DF0000
|
trusted library allocation
|
page read and write
|
||
|
C67000
|
trusted library allocation
|
page execute and read and write
|
||
|
51BE000
|
stack
|
page read and write
|
||
|
5930000
|
heap
|
page execute and read and write
|
||
|
1000000
|
heap
|
page read and write
|
||
|
1520000
|
trusted library allocation
|
page read and write
|
||
|
4B8A000
|
trusted library allocation
|
page read and write
|
||
|
4F4E000
|
stack
|
page read and write
|
||
|
D12000
|
unkown
|
page readonly
|
||
|
667E000
|
stack
|
page read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
23EA000
|
trusted library allocation
|
page read and write
|
||
|
59EE000
|
stack
|
page read and write
|
||
|
8B4000
|
heap
|
page read and write
|
||
|
2B3F000
|
unkown
|
page read and write
|
||
|
61CB000
|
trusted library allocation
|
page read and write
|
||
|
130C000
|
heap
|
page read and write
|
||
|
881000
|
heap
|
page read and write
|
||
|
1120000
|
trusted library allocation
|
page read and write
|
||
|
5DAE000
|
stack
|
page read and write
|
||
|
B7FD000
|
stack
|
page read and write
|
||
|
53F0000
|
trusted library allocation
|
page read and write
|
||
|
EAA000
|
stack
|
page read and write
|
||
|
BF1F000
|
stack
|
page read and write
|
||
|
D34000
|
heap
|
page read and write
|
||
|
53E0000
|
trusted library allocation
|
page read and write
|
||
|
8F9000
|
stack
|
page read and write
|
||
|
504E000
|
stack
|
page read and write
|
||
|
57C0000
|
heap
|
page execute and read and write
|
||
|
883000
|
heap
|
page read and write
|
||
|
55BE000
|
stack
|
page read and write
|
||
|
14F0000
|
trusted library allocation
|
page read and write
|
||
|
243E000
|
stack
|
page read and write
|
||
|
5C20000
|
heap
|
page read and write
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
A53000
|
trusted library allocation
|
page read and write
|
||
|
284C000
|
stack
|
page read and write
|
||
|
24EB000
|
stack
|
page read and write
|
||
|
2AA0000
|
heap
|
page read and write
|
||
|
5050000
|
heap
|
page read and write
|
||
|
295F000
|
stack
|
page read and write
|
||
|
3681000
|
trusted library allocation
|
page read and write
|
||
|
53E2000
|
trusted library allocation
|
page read and write
|
||
|
59CE000
|
stack
|
page read and write
|
||
|
4B50000
|
trusted library allocation
|
page read and write
|
||
|
31B0000
|
trusted library allocation
|
page read and write
|
||
|
AD5000
|
heap
|
page read and write
|
||
|
CD7000
|
heap
|
page read and write
|
||
|
2A9C000
|
trusted library allocation
|
page read and write
|
||
|
5EA000
|
stack
|
page read and write
|
||
|
3196000
|
trusted library allocation
|
page read and write
|
||
|
2490000
|
trusted library allocation
|
page read and write
|
||
|
FF940000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A9A000
|
trusted library allocation
|
page read and write
|
||
|
58F0000
|
trusted library allocation
|
page read and write
|
||
|
3F01000
|
trusted library allocation
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
4AE0000
|
trusted library allocation
|
page read and write
|
||
|
28EA000
|
trusted library allocation
|
page read and write
|
||
|
A43000
|
trusted library allocation
|
page execute and read and write
|
||
|
13F5000
|
heap
|
page read and write
|
||
|
23D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E80000
|
heap
|
page read and write
|
||
|
18CA000
|
heap
|
page read and write
|
||
|
1300000
|
heap
|
page read and write
|
||
|
5554000
|
trusted library allocation
|
page read and write
|
||
|
6790000
|
heap
|
page read and write
|
||
|
8FE000
|
heap
|
page read and write
|
||
|
251D000
|
trusted library allocation
|
page read and write
|
||
|
5110000
|
trusted library allocation
|
page read and write
|
||
|
8A1E000
|
stack
|
page read and write
|
||
|
6244000
|
heap
|
page read and write
|
||
|
1200000
|
trusted library allocation
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
147F000
|
stack
|
page read and write
|
||
|
57D0000
|
trusted library allocation
|
page read and write
|
||
|
FA7000
|
stack
|
page read and write
|
||
|
4F08000
|
trusted library allocation
|
page read and write
|
||
|
5120000
|
heap
|
page read and write
|
||
|
5D5E000
|
stack
|
page read and write
|
||
|
2D1F000
|
stack
|
page read and write
|
||
|
508C000
|
heap
|
page read and write
|
||
|
4AF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
C50000
|
trusted library allocation
|
page read and write
|
||
|
677E000
|
stack
|
page read and write
|
||
|
2ABB000
|
heap
|
page read and write
|
||
|
18B0000
|
trusted library allocation
|
page read and write
|
||
|
530C000
|
stack
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
B6FD000
|
stack
|
page read and write
|
||
|
67B0000
|
trusted library allocation
|
page read and write
|
||
|
1393000
|
heap
|
page read and write
|
||
|
23F5000
|
trusted library allocation
|
page read and write
|
||
|
14D4000
|
trusted library allocation
|
page read and write
|
||
|
C56000
|
trusted library allocation
|
page execute and read and write
|
||
|
67D0000
|
trusted library allocation
|
page read and write
|
||
|
27CE000
|
unkown
|
page read and write
|
||
|
36C9000
|
trusted library allocation
|
page read and write
|
||
|
4B30000
|
trusted library allocation
|
page execute and read and write
|
||
|
185C000
|
stack
|
page read and write
|
||
|
4194000
|
trusted library allocation
|
page read and write
|
||
|
23E0000
|
trusted library allocation
|
page read and write
|
||
|
67A1000
|
trusted library allocation
|
page read and write
|
||
|
C5A000
|
trusted library allocation
|
page execute and read and write
|
||
|
279C000
|
stack
|
page read and write
|
||
|
4B3D000
|
stack
|
page read and write
|
||
|
67B0000
|
trusted library allocation
|
page read and write
|
||
|
2CFF000
|
unkown
|
page read and write
|
||
|
C62000
|
trusted library allocation
|
page read and write
|
||
|
5C28000
|
heap
|
page read and write
|
||
|
319D000
|
trusted library allocation
|
page read and write
|
||
|
51CB000
|
trusted library allocation
|
page read and write
|
||
|
4FBD000
|
stack
|
page read and write
|
||
|
150B000
|
trusted library allocation
|
page execute and read and write
|
||
|
6340000
|
heap
|
page read and write
|
||
|
14E3000
|
trusted library allocation
|
page read and write
|
||
|
2480000
|
trusted library allocation
|
page read and write
|
||
|
120B000
|
trusted library allocation
|
page execute and read and write
|
||
|
A5D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A90000
|
heap
|
page read and write
|
||
|
C40000
|
trusted library allocation
|
page read and write
|
||
|
B93E000
|
stack
|
page read and write
|
||
|
2EB4000
|
trusted library allocation
|
page read and write
|
||
|
347A000
|
trusted library allocation
|
page read and write
|
||
|
4243000
|
trusted library allocation
|
page read and write
|
||
|
67CD000
|
trusted library allocation
|
page read and write
|
||
|
7F540000
|
trusted library allocation
|
page execute and read and write
|
||
|
12AA000
|
heap
|
page read and write
|
||
|
1368000
|
heap
|
page read and write
|
||
|
2F5D000
|
trusted library allocation
|
page read and write
|
||
|
1288000
|
heap
|
page read and write
|
||
|
14F2000
|
trusted library allocation
|
page read and write
|
||
|
3211000
|
trusted library allocation
|
page read and write
|
||
|
2511000
|
trusted library allocation
|
page read and write
|
||
|
5408000
|
trusted library allocation
|
page read and write
|
||
|
2516000
|
trusted library allocation
|
page read and write
|
||
|
AA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
23E5000
|
trusted library allocation
|
page read and write
|
||
|
26C1000
|
trusted library allocation
|
page read and write
|
||
|
3174000
|
trusted library allocation
|
page read and write
|
||
|
5570000
|
trusted library allocation
|
page read and write
|
||
|
D99000
|
stack
|
page read and write
|
||
|
5C75000
|
heap
|
page read and write
|
||
|
5071000
|
heap
|
page read and write
|
||
|
1207000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D50000
|
heap
|
page read and write
|
||
|
1507000
|
trusted library allocation
|
page execute and read and write
|
||
|
EE8000
|
trusted library allocation
|
page read and write
|
||
|
177E000
|
stack
|
page read and write
|
||
|
3F05000
|
trusted library allocation
|
page read and write
|
||
|
6910000
|
trusted library allocation
|
page read and write
|
||
|
56B0000
|
trusted library allocation
|
page read and write
|
||
|
BD4000
|
trusted library allocation
|
page read and write
|
||
|
56A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
B800000
|
heap
|
page read and write
|
||
|
7FE000
|
stack
|
page read and write
|
||
|
505B000
|
heap
|
page read and write
|
||
|
C20000
|
trusted library allocation
|
page read and write
|
||
|
14DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
13F1000
|
heap
|
page read and write
|
||
|
5EED000
|
stack
|
page read and write
|
||
|
A72000
|
trusted library allocation
|
page read and write
|
||
|
14C0000
|
trusted library allocation
|
page read and write
|
||
|
58DF000
|
stack
|
page read and write
|
||
|
CCB000
|
heap
|
page read and write
|
||
|
31A2000
|
trusted library allocation
|
page read and write
|
||
|
2C5B000
|
heap
|
page read and write
|
||
|
2FA000
|
stack
|
page read and write
|
||
|
2C50000
|
heap
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
2BB0000
|
trusted library allocation
|
page read and write
|
||
|
540D000
|
trusted library allocation
|
page read and write
|
||
|
2D4E000
|
stack
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
CD5E000
|
stack
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
26DD000
|
stack
|
page read and write
|
||
|
84E000
|
heap
|
page read and write
|
||
|
27BA000
|
trusted library allocation
|
page read and write
|
||
|
6780000
|
trusted library allocation
|
page read and write
|
||
|
EDE000
|
stack
|
page read and write
|
||
|
C52000
|
trusted library allocation
|
page read and write
|
||
|
A62000
|
trusted library allocation
|
page read and write
|
||
|
11F0000
|
trusted library allocation
|
page read and write
|
||
|
4AD0000
|
heap
|
page read and write
|
||
|
5563000
|
trusted library allocation
|
page read and write
|
||
|
5C1E000
|
stack
|
page read and write
|
||
|
1346000
|
heap
|
page read and write
|
||
|
5D60000
|
trusted library section
|
page read and write
|
||
|
1270000
|
trusted library allocation
|
page read and write
|
||
|
4219000
|
trusted library allocation
|
page read and write
|
||
|
14E0000
|
trusted library allocation
|
page read and write
|
||
|
18C0000
|
heap
|
page read and write
|
||
|
1790000
|
trusted library allocation
|
page read and write
|
||
|
2A41000
|
trusted library allocation
|
page read and write
|
||
|
B310000
|
heap
|
page read and write
|
||
|
44D1000
|
trusted library allocation
|
page read and write
|
||
|
2767000
|
trusted library allocation
|
page read and write
|
||
|
11D3000
|
trusted library allocation
|
page execute and read and write
|
||
|
27AE000
|
trusted library allocation
|
page read and write
|
||
|
7C70000
|
trusted library allocation
|
page read and write
|
||
|
67A7000
|
trusted library allocation
|
page read and write
|
||
|
148E000
|
stack
|
page read and write
|
||
|
1202000
|
trusted library allocation
|
page read and write
|
||
|
3A41000
|
trusted library allocation
|
page read and write
|
||
|
42E8000
|
trusted library allocation
|
page read and write
|
||
|
8930000
|
trusted library section
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
1391000
|
heap
|
page read and write
|
||
|
4E91000
|
heap
|
page read and write
|
||
|
C34000
|
trusted library allocation
|
page read and write
|
||
|
27E4000
|
trusted library allocation
|
page read and write
|
||
|
BD0000
|
trusted library allocation
|
page read and write
|
||
|
7A31000
|
trusted library allocation
|
page read and write
|
||
|
B6BE000
|
stack
|
page read and write
|
||
|
17EE000
|
stack
|
page read and write
|
||
|
67B4000
|
trusted library allocation
|
page read and write
|
||
|
24F4000
|
trusted library allocation
|
page read and write
|
||
|
2485000
|
trusted library allocation
|
page read and write
|
||
|
27ED000
|
stack
|
page read and write
|
||
|
32F9000
|
trusted library allocation
|
page read and write
|
||
|
31F0000
|
trusted library allocation
|
page read and write
|
||
|
5A10000
|
heap
|
page read and write
|
||
|
317B000
|
trusted library allocation
|
page read and write
|
||
|
D7C000
|
heap
|
page read and write
|
||
|
2540000
|
trusted library allocation
|
page read and write
|
||
|
1880000
|
heap
|
page read and write
|
||
|
4AE2000
|
trusted library allocation
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
51C0000
|
trusted library allocation
|
page read and write
|
||
|
11BE000
|
stack
|
page read and write
|
||
|
5C70000
|
heap
|
page read and write
|
||
|
1343000
|
heap
|
page read and write
|
||
|
14FA000
|
trusted library allocation
|
page execute and read and write
|
||
|
129E000
|
heap
|
page read and write
|
||
|
58CF000
|
stack
|
page read and write
|
||
|
4F0E000
|
stack
|
page read and write
|
||
|
A66000
|
trusted library allocation
|
page execute and read and write
|
||
|
53E4000
|
trusted library allocation
|
page read and write
|
||
|
1066000
|
heap
|
page read and write
|
||
|
11D0000
|
trusted library allocation
|
page read and write
|
||
|
53F8000
|
trusted library allocation
|
page read and write
|
||
|
C2DE000
|
stack
|
page read and write
|
||
|
173E000
|
stack
|
page read and write
|
||
|
A90000
|
trusted library allocation
|
page read and write
|
||
|
27A0000
|
trusted library allocation
|
page read and write
|
||
|
438B000
|
trusted library allocation
|
page read and write
|
||
|
876000
|
heap
|
page read and write
|
||
|
FF250000
|
trusted library allocation
|
page execute and read and write
|
||
|
BD6000
|
trusted library allocation
|
page read and write
|
||
|
5B0E000
|
stack
|
page read and write
|
||
|
A4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
14F6000
|
trusted library allocation
|
page execute and read and write
|
||
|
27BE000
|
trusted library allocation
|
page read and write
|
||
|
5C43000
|
heap
|
page read and write
|
||
|
6287000
|
heap
|
page read and write
|
||
|
5130000
|
trusted library allocation
|
page read and write
|
||
|
347E000
|
trusted library allocation
|
page read and write
|
||
|
24A0000
|
heap
|
page execute and read and write
|
||
|
A6A000
|
trusted library allocation
|
page execute and read and write
|
||
|
27C6000
|
trusted library allocation
|
page read and write
|
||
|
1352000
|
heap
|
page read and write
|
||
|
A77000
|
trusted library allocation
|
page execute and read and write
|
||
|
31BF000
|
trusted library allocation
|
page read and write
|
||
|
56D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
C61E000
|
stack
|
page read and write
|
||
|
5C82000
|
heap
|
page read and write
|
||
|
C85E000
|
stack
|
page read and write
|
||
|
8C70000
|
trusted library allocation
|
page read and write
|
||
|
69AE000
|
stack
|
page read and write
|
||
|
5B1D000
|
stack
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
2E5E000
|
stack
|
page read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
617D000
|
stack
|
page read and write
|
||
|
1870000
|
heap
|
page execute and read and write
|
||
|
6350000
|
trusted library allocation
|
page execute and read and write
|
||
|
11C0000
|
trusted library allocation
|
page read and write
|
||
|
A60000
|
trusted library allocation
|
page read and write
|
||
|
5401000
|
trusted library allocation
|
page read and write
|
||
|
1374000
|
heap
|
page read and write
|
||
|
2AAE000
|
trusted library allocation
|
page read and write
|
||
|
134E000
|
stack
|
page read and write
|
||
|
3191000
|
trusted library allocation
|
page read and write
|
||
|
CD4000
|
heap
|
page read and write
|
||
|
4279000
|
trusted library allocation
|
page read and write
|
||
|
4211000
|
trusted library allocation
|
page read and write
|
||
|
C9BE000
|
stack
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
23CE000
|
stack
|
page read and write
|
||
|
2780000
|
heap
|
page read and write
|
||
|
11DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
23F0000
|
trusted library allocation
|
page read and write
|
||
|
31C0000
|
trusted library allocation
|
page read and write
|
||
|
602E000
|
stack
|
page read and write
|
||
|
31C5000
|
trusted library allocation
|
page read and write
|
||
|
2EB0000
|
trusted library allocation
|
page read and write
|
||
|
4E00000
|
heap
|
page read and write
|
||
|
1370000
|
heap
|
page read and write
|
||
|
571E000
|
stack
|
page read and write
|
||
|
C30000
|
trusted library allocation
|
page read and write
|
||
|
17A0000
|
trusted library allocation
|
page read and write
|
||
|
27CD000
|
trusted library allocation
|
page read and write
|
||
|
643D000
|
stack
|
page read and write
|
||
|
67E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6260000
|
heap
|
page read and write
|
||
|
6900000
|
trusted library allocation
|
page execute and read and write
|
||
|
3F68000
|
trusted library allocation
|
page read and write
|
||
|
1860000
|
trusted library allocation
|
page execute and read and write
|
||
|
D6D000
|
heap
|
page read and write
|
||
|
3170000
|
trusted library allocation
|
page read and write
|
||
|
2ED0000
|
trusted library allocation
|
page read and write
|
||
|
12F5000
|
heap
|
page read and write
|
||
|
524F000
|
stack
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
27D2000
|
trusted library allocation
|
page read and write
|
||
|
C65000
|
trusted library allocation
|
page execute and read and write
|
||
|
477B000
|
stack
|
page read and write
|
||
|
A40000
|
trusted library allocation
|
page read and write
|
||
|
2E9C000
|
stack
|
page read and write
|
||
|
2EB6000
|
trusted library allocation
|
page read and write
|
||
|
BDDC000
|
stack
|
page read and write
|
||
|
2850000
|
heap
|
page read and write
|
||
|
5412000
|
trusted library allocation
|
page read and write
|
||
|
2F65000
|
trusted library allocation
|
page read and write
|
||
|
BCDC000
|
stack
|
page read and write
|
||
|
318E000
|
trusted library allocation
|
page read and write
|
||
|
612E000
|
stack
|
page read and write
|
||
|
10A5000
|
heap
|
page read and write
|
||
|
2AA6000
|
trusted library allocation
|
page read and write
|
||
|
2470000
|
trusted library allocation
|
page read and write
|
||
|
BA7E000
|
stack
|
page read and write
|
||
|
2CBE000
|
unkown
|
page read and write
|
||
|
1250000
|
heap
|
page read and write
|
||
|
61C6000
|
trusted library allocation
|
page read and write
|
||
|
5415000
|
trusted library allocation
|
page read and write
|
||
|
5406000
|
trusted library allocation
|
page read and write
|
||
|
A50000
|
trusted library allocation
|
page read and write
|
||
|
27C1000
|
trusted library allocation
|
page read and write
|
||
|
BB7F000
|
stack
|
page read and write
|
||
|
12B6000
|
heap
|
page read and write
|
||
|
18A0000
|
trusted library allocation
|
page read and write
|
||
|
830000
|
trusted library allocation
|
page read and write
|
||
|
4FC0000
|
heap
|
page read and write
|
||
|
2A3A000
|
stack
|
page read and write
|
||
|
135E000
|
heap
|
page read and write
|
||
|
7BE000
|
stack
|
page read and write
|
||
|
682E000
|
stack
|
page read and write
|
||
|
5FEF000
|
stack
|
page read and write
|
||
|
BEA000
|
heap
|
page read and write
|
||
|
1530000
|
heap
|
page read and write
|
||
|
2AF0000
|
heap
|
page read and write
|
||
|
D48000
|
heap
|
page read and write
|
||
|
C6B000
|
trusted library allocation
|
page execute and read and write
|
||
|
6130000
|
trusted library allocation
|
page execute and read and write
|
||
|
1780000
|
trusted library allocation
|
page execute and read and write
|
||
|
3FFA000
|
trusted library allocation
|
page read and write
|
||
|
2EC0000
|
heap
|
page execute and read and write
|
||
|
C33000
|
trusted library allocation
|
page execute and read and write
|
||
|
11D4000
|
trusted library allocation
|
page read and write
|
||
|
4C75000
|
trusted library allocation
|
page read and write
|
||
|
11E0000
|
trusted library allocation
|
page read and write
|
||
|
28EE000
|
trusted library allocation
|
page read and write
|
||
|
623C000
|
stack
|
page read and write
|
||
|
1385000
|
heap
|
page read and write
|
||
|
1280000
|
heap
|
page read and write
|
||
|
267E000
|
stack
|
page read and write
|
||
|
7EF10000
|
trusted library allocation
|
page execute and read and write
|
||
|
1205000
|
trusted library allocation
|
page execute and read and write
|
||
|
53EB000
|
trusted library allocation
|
page read and write
|
||
|
5692000
|
trusted library allocation
|
page read and write
|
||
|
2BEE000
|
stack
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
1349000
|
heap
|
page read and write
|
||
|
43E000
|
remote allocation
|
page execute and read and write
|
||
|
2AB0000
|
heap
|
page read and write
|
||
|
56DC000
|
stack
|
page read and write
|
||
|
1350000
|
heap
|
page read and write
|
||
|
B2BE000
|
stack
|
page read and write
|
||
|
BC0000
|
trusted library allocation
|
page read and write
|
||
|
1260000
|
trusted library allocation
|
page execute and read and write
|
||
|
6BEE000
|
stack
|
page read and write
|
||
|
88F0000
|
trusted library allocation
|
page read and write
|
||
|
5A00000
|
trusted library section
|
page read and write
|
||
|
C9B000
|
stack
|
page read and write
|
||
|
6180000
|
trusted library allocation
|
page read and write
|
||
|
B2FE000
|
stack
|
page read and write
|
||
|
61B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
C75E000
|
stack
|
page read and write
|
||
|
11F6000
|
trusted library allocation
|
page execute and read and write
|
||
|
E0E000
|
unkown
|
page readonly
|
||
|
2D5E000
|
stack
|
page read and write
|
||
|
27E0000
|
trusted library allocation
|
page read and write
|
||
|
5137000
|
trusted library allocation
|
page read and write
|
||
|
14ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
2681000
|
trusted library allocation
|
page read and write
|
||
|
14D0000
|
trusted library allocation
|
page read and write
|
||
|
50CC000
|
stack
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
27AB000
|
trusted library allocation
|
page read and write
|
||
|
27F0000
|
trusted library allocation
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
62FF000
|
stack
|
page read and write
|
||
|
11FA000
|
trusted library allocation
|
page execute and read and write
|
||
|
5550000
|
trusted library allocation
|
page read and write
|
||
|
3F29000
|
trusted library allocation
|
page read and write
|
||
|
5900000
|
heap
|
page read and write
|
||
|
C4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D9F000
|
stack
|
page read and write
|
||
|
CABF000
|
stack
|
page read and write
|
||
|
1060000
|
heap
|
page read and write
|
||
|
CC5E000
|
stack
|
page read and write
|
||
|
8C5D000
|
stack
|
page read and write
|
||
|
C4E0000
|
heap
|
page read and write
|
||
|
62C7000
|
heap
|
page read and write
|
||
|
10A0000
|
heap
|
page read and write
|
||
|
BF5E000
|
stack
|
page read and write
|
||
|
6C2F000
|
stack
|
page read and write
|
||
|
645F000
|
stack
|
page read and write
|
||
|
27B2000
|
trusted library allocation
|
page read and write
|
||
|
2570000
|
heap
|
page read and write
|
||
|
29FE000
|
stack
|
page read and write
|
||
|
655E000
|
stack
|
page read and write
|
||
|
29BE000
|
stack
|
page read and write
|
||
|
271A000
|
stack
|
page read and write
|
||
|
C05E000
|
stack
|
page read and write
|
||
|
BBE000
|
stack
|
page read and write
|
||
|
BE1D000
|
stack
|
page read and write
|
||
|
61C0000
|
trusted library allocation
|
page read and write
|
||
|
57CB000
|
stack
|
page read and write
|
||
|
1500000
|
trusted library allocation
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
1419000
|
heap
|
page read and write
|
||
|
C4DD000
|
stack
|
page read and write
|
||
|
36E9000
|
trusted library allocation
|
page read and write
|
||
|
163E000
|
stack
|
page read and write
|
||
|
5ACE000
|
stack
|
page read and write
|
||
|
C80000
|
trusted library allocation
|
page read and write
|
||
|
11F2000
|
trusted library allocation
|
page read and write
|
||
|
57F3000
|
heap
|
page read and write
|
||
|
1050000
|
heap
|
page read and write
|
||
|
4DAB000
|
stack
|
page read and write
|
||
|
1130000
|
trusted library allocation
|
page read and write
|
||
|
A7B000
|
trusted library allocation
|
page execute and read and write
|
||
|
5B4D000
|
stack
|
page read and write
|
||
|
69EE000
|
stack
|
page read and write
|
||
|
4DB0000
|
heap
|
page execute and read and write
|
||
|
534E000
|
stack
|
page read and write
|
||
|
55D0000
|
heap
|
page read and write
|
||
|
62AC000
|
heap
|
page read and write
|
||
|
775000
|
heap
|
page read and write
|
||
|
C71E000
|
stack
|
page read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
86B1000
|
trusted library allocation
|
page read and write
|
||
|
848000
|
heap
|
page read and write
|
||
|
579D000
|
stack
|
page read and write
|
||
|
179A000
|
trusted library allocation
|
page read and write
|
||
|
5690000
|
trusted library allocation
|
page read and write
|
||
|
4B00000
|
trusted library allocation
|
page read and write
|
||
|
2A30000
|
heap
|
page execute and read and write
|
||
|
C3DE000
|
stack
|
page read and write
|
||
|
14D3000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C73000
|
heap
|
page read and write
|
||
|
3A69000
|
trusted library allocation
|
page read and write
|
||
|
CA8000
|
heap
|
page read and write
|
||
|
250E000
|
trusted library allocation
|
page read and write
|
||
|
316E000
|
stack
|
page read and write
|
||
|
5680000
|
heap
|
page read and write
|
||
|
3251000
|
trusted library allocation
|
page read and write
|
||
|
57F0000
|
heap
|
page read and write
|
||
|
4C70000
|
heap
|
page read and write
|
There are 526 hidden memdumps, click here to show them.