Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
bank slip.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\tmp2859.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\mKSjGvfmIulVB.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\GUIVTme.exe.log
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\bank slip.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\mKSjGvfmIulVB.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3oyi5kdz.x4n.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4thuxtx2.vjk.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l3eehkhi.hfv.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m01qiw3h.frr.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pmjzmuuk.i3n.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_trtgj4wc.ynl.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x2slqf4y.gjd.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zs5fnrbp.zom.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp4AB6.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\GUIVTme\GUIVTme.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
modified
|
||
|
C:\Users\user\AppData\Roaming\mKSjGvfmIulVB.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 9 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\bank slip.exe
|
"C:\Users\user\Desktop\bank slip.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\bank slip.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mKSjGvfmIulVB.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mKSjGvfmIulVB" /XML "C:\Users\user\AppData\Local\Temp\tmp2859.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\mKSjGvfmIulVB.exe
|
C:\Users\user\AppData\Roaming\mKSjGvfmIulVB.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mKSjGvfmIulVB" /XML "C:\Users\user\AppData\Local\Temp\tmp4AB6.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\GUIVTme\GUIVTme.exe
|
"C:\Users\user\AppData\Roaming\GUIVTme\GUIVTme.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\GUIVTme\GUIVTme.exe
|
"C:\Users\user\AppData\Roaming\GUIVTme\GUIVTme.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 7 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://account.dyn.com/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://www.chiark.greenend.org.uk/~sgtatham/putty/0
|
unknown
|
||
|
http://mail.vw-rmplcars.co.in
|
unknown
|
||
|
http://vw-rmplcars.co.in
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
vw-rmplcars.co.in
|
111.118.215.27
|
|
|
|
mail.vw-rmplcars.co.in
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
111.118.215.27
|
vw-rmplcars.co.in
|
India
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
GUIVTme
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2FF1000
|
trusted library allocation
|
page read and write
|
|
|
|
3092000
|
trusted library allocation
|
page read and write
|
|
|
|
309A000
|
trusted library allocation
|
page read and write
|
|
|
|
25C1000
|
trusted library allocation
|
page read and write
|
|
|
|
302C000
|
trusted library allocation
|
page read and write
|
|
|
|
304A000
|
trusted library allocation
|
page read and write
|
|
|
|
3001000
|
trusted library allocation
|
page read and write
|
|
|
|
6750000
|
trusted library section
|
page read and write
|
|
|
|
2916000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
3356000
|
trusted library allocation
|
page read and write
|
|
|
|
3042000
|
trusted library allocation
|
page read and write
|
|
|
|
389C000
|
trusted library allocation
|
page read and write
|
|
|
|
42DD000
|
trusted library allocation
|
page read and write
|
|
|
|
59AD000
|
stack
|
page read and write
|
||
|
14B0000
|
heap
|
page read and write
|
||
|
13B2000
|
trusted library allocation
|
page read and write
|
||
|
311B000
|
trusted library allocation
|
page read and write
|
||
|
56A0000
|
trusted library section
|
page readonly
|
||
|
5C97000
|
trusted library allocation
|
page read and write
|
||
|
49D0000
|
heap
|
page execute and read and write
|
||
|
A7E000
|
stack
|
page read and write
|
||
|
56F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F64000
|
trusted library allocation
|
page read and write
|
||
|
5540000
|
heap
|
page read and write
|
||
|
7EE000
|
stack
|
page read and write
|
||
|
5B79000
|
trusted library allocation
|
page read and write
|
||
|
13AA000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A26000
|
trusted library allocation
|
page read and write
|
||
|
56CC000
|
stack
|
page read and write
|
||
|
57D0000
|
heap
|
page read and write
|
||
|
1383000
|
trusted library allocation
|
page execute and read and write
|
||
|
70F000
|
heap
|
page read and write
|
||
|
1680000
|
heap
|
page read and write
|
||
|
13B0000
|
trusted library allocation
|
page read and write
|
||
|
6060000
|
heap
|
page read and write
|
||
|
158A000
|
trusted library allocation
|
page execute and read and write
|
||
|
9F0000
|
trusted library allocation
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
1292000
|
trusted library allocation
|
page read and write
|
||
|
A06000
|
trusted library allocation
|
page execute and read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
166C000
|
stack
|
page read and write
|
||
|
30CF000
|
trusted library allocation
|
page read and write
|
||
|
5980000
|
trusted library allocation
|
page read and write
|
||
|
1286000
|
trusted library allocation
|
page execute and read and write
|
||
|
7490000
|
trusted library allocation
|
page read and write
|
||
|
144D000
|
trusted library allocation
|
page execute and read and write
|
||
|
24D8000
|
trusted library allocation
|
page read and write
|
||
|
1155000
|
heap
|
page read and write
|
||
|
1420000
|
trusted library allocation
|
page read and write
|
||
|
54F0000
|
heap
|
page read and write
|
||
|
2D4E000
|
stack
|
page read and write
|
||
|
1390000
|
trusted library allocation
|
page read and write
|
||
|
3040000
|
trusted library allocation
|
page read and write
|
||
|
2341000
|
trusted library allocation
|
page read and write
|
||
|
9850000
|
heap
|
page read and write
|
||
|
9F3000
|
trusted library allocation
|
page read and write
|
||
|
6DDE000
|
stack
|
page read and write
|
||
|
634000
|
trusted library allocation
|
page read and write
|
||
|
14B6000
|
heap
|
page read and write
|
||
|
9B8E000
|
stack
|
page read and write
|
||
|
6403000
|
heap
|
page read and write
|
||
|
10F7000
|
stack
|
page read and write
|
||
|
4BC3000
|
heap
|
page read and write
|
||
|
1420000
|
heap
|
page read and write
|
||
|
3283000
|
trusted library allocation
|
page read and write
|
||
|
1384000
|
trusted library allocation
|
page read and write
|
||
|
67AF000
|
stack
|
page read and write
|
||
|
5E5000
|
heap
|
page read and write
|
||
|
29D0000
|
heap
|
page read and write
|
||
|
54C5000
|
trusted library allocation
|
page read and write
|
||
|
3285000
|
trusted library allocation
|
page read and write
|
||
|
67FE000
|
stack
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
58BE000
|
stack
|
page read and write
|
||
|
784E000
|
stack
|
page read and write
|
||
|
1480000
|
heap
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
119E000
|
heap
|
page read and write
|
||
|
2C5A000
|
heap
|
page read and write
|
||
|
644000
|
trusted library allocation
|
page read and write
|
||
|
2EEE000
|
stack
|
page read and write
|
||
|
1470000
|
trusted library allocation
|
page read and write
|
||
|
25A0000
|
trusted library allocation
|
page read and write
|
||
|
2E80000
|
trusted library allocation
|
page read and write
|
||
|
5750000
|
heap
|
page execute and read and write
|
||
|
5170000
|
trusted library section
|
page read and write
|
||
|
4A2D000
|
trusted library allocation
|
page read and write
|
||
|
5BEE000
|
stack
|
page read and write
|
||
|
13D0000
|
trusted library allocation
|
page read and write
|
||
|
954E000
|
stack
|
page read and write
|
||
|
2E40000
|
heap
|
page read and write
|
||
|
14C0000
|
heap
|
page read and write
|
||
|
9E0F000
|
stack
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
2E60000
|
trusted library allocation
|
page read and write
|
||
|
13A3000
|
heap
|
page read and write
|
||
|
16AB000
|
heap
|
page read and write
|
||
|
A17000
|
trusted library allocation
|
page execute and read and write
|
||
|
14A0000
|
trusted library allocation
|
page read and write
|
||
|
6398000
|
heap
|
page read and write
|
||
|
43F1000
|
trusted library allocation
|
page read and write
|
||
|
A140000
|
heap
|
page read and write
|
||
|
97F000
|
stack
|
page read and write
|
||
|
2FF4000
|
trusted library allocation
|
page read and write
|
||
|
1282000
|
trusted library allocation
|
page read and write
|
||
|
637C000
|
trusted library allocation
|
page read and write
|
||
|
626B000
|
stack
|
page read and write
|
||
|
4A00000
|
trusted library allocation
|
page read and write
|
||
|
11C6000
|
heap
|
page read and write
|
||
|
64D000
|
trusted library allocation
|
page execute and read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
6A10000
|
trusted library allocation
|
page execute and read and write
|
||
|
408B000
|
trusted library allocation
|
page read and write
|
||
|
13A0000
|
trusted library allocation
|
page read and write
|
||
|
A27D000
|
stack
|
page read and write
|
||
|
128A000
|
trusted library allocation
|
page execute and read and write
|
||
|
557E000
|
stack
|
page read and write
|
||
|
4EAD000
|
stack
|
page read and write
|
||
|
716E000
|
heap
|
page read and write
|
||
|
1370000
|
trusted library allocation
|
page read and write
|
||
|
9CCE000
|
stack
|
page read and write
|
||
|
67F0000
|
trusted library allocation
|
page read and write
|
||
|
385B000
|
trusted library allocation
|
page read and write
|
||
|
810000
|
trusted library allocation
|
page read and write
|
||
|
272B000
|
trusted library allocation
|
page read and write
|
||
|
2F85000
|
trusted library allocation
|
page read and write
|
||
|
6880000
|
trusted library allocation
|
page read and write
|
||
|
17BE000
|
stack
|
page read and write
|
||
|
328B000
|
trusted library allocation
|
page read and write
|
||
|
5CBC000
|
trusted library allocation
|
page read and write
|
||
|
3FF9000
|
trusted library allocation
|
page read and write
|
||
|
690000
|
trusted library allocation
|
page execute and read and write
|
||
|
5640000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D3B000
|
stack
|
page read and write
|
||
|
57CE000
|
stack
|
page read and write
|
||
|
556D000
|
trusted library allocation
|
page read and write
|
||
|
A07C000
|
stack
|
page read and write
|
||
|
5B3E000
|
stack
|
page read and write
|
||
|
554B000
|
trusted library allocation
|
page read and write
|
||
|
446E000
|
trusted library allocation
|
page read and write
|
||
|
1756000
|
trusted library allocation
|
page read and write
|
||
|
2E20000
|
trusted library allocation
|
page read and write
|
||
|
2729000
|
trusted library allocation
|
page read and write
|
||
|
30AE000
|
trusted library allocation
|
page read and write
|
||
|
18B0000
|
heap
|
page read and write
|
||
|
5590000
|
trusted library allocation
|
page read and write
|
||
|
4AF0000
|
trusted library allocation
|
page read and write
|
||
|
367B000
|
trusted library allocation
|
page read and write
|
||
|
401E000
|
trusted library allocation
|
page read and write
|
||
|
145C000
|
stack
|
page read and write
|
||
|
569B000
|
stack
|
page read and write
|
||
|
596E000
|
stack
|
page read and write
|
||
|
6070000
|
heap
|
page read and write
|
||
|
A03E000
|
stack
|
page read and write
|
||
|
54F3000
|
heap
|
page read and write
|
||
|
5590000
|
heap
|
page read and write
|
||
|
555A000
|
trusted library allocation
|
page read and write
|
||
|
5720000
|
heap
|
page read and write
|
||
|
156D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1440000
|
trusted library allocation
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
5710000
|
trusted library allocation
|
page read and write
|
||
|
2FF0000
|
trusted library allocation
|
page read and write
|
||
|
749A000
|
trusted library allocation
|
page read and write
|
||
|
141E000
|
stack
|
page read and write
|
||
|
5719000
|
trusted library allocation
|
page read and write
|
||
|
16B7000
|
heap
|
page read and write
|
||
|
1760000
|
heap
|
page read and write
|
||
|
5500000
|
trusted library allocation
|
page read and write
|
||
|
13BB000
|
trusted library allocation
|
page execute and read and write
|
||
|
4109000
|
trusted library allocation
|
page read and write
|
||
|
23C9000
|
heap
|
page read and write
|
||
|
23BC000
|
stack
|
page read and write
|
||
|
5561000
|
trusted library allocation
|
page read and write
|
||
|
1276000
|
heap
|
page read and write
|
||
|
800000
|
trusted library allocation
|
page read and write
|
||
|
1688000
|
heap
|
page read and write
|
||
|
3057000
|
trusted library allocation
|
page read and write
|
||
|
120E000
|
stack
|
page read and write
|
||
|
5470000
|
trusted library allocation
|
page read and write
|
||
|
4049000
|
trusted library allocation
|
page read and write
|
||
|
5550000
|
trusted library allocation
|
page read and write
|
||
|
4C1E000
|
stack
|
page read and write
|
||
|
1264000
|
trusted library allocation
|
page read and write
|
||
|
6730000
|
trusted library allocation
|
page read and write
|
||
|
A9BE000
|
stack
|
page read and write
|
||
|
2FA000
|
stack
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
5990000
|
heap
|
page read and write
|
||
|
2EEB000
|
stack
|
page read and write
|
||
|
29E0000
|
heap
|
page read and write
|
||
|
633000
|
trusted library allocation
|
page execute and read and write
|
||
|
5560000
|
trusted library allocation
|
page execute and read and write
|
||
|
13B7000
|
trusted library allocation
|
page execute and read and write
|
||
|
5492000
|
trusted library allocation
|
page read and write
|
||
|
9D0E000
|
stack
|
page read and write
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
2BD8000
|
heap
|
page read and write
|
||
|
A0A000
|
trusted library allocation
|
page execute and read and write
|
||
|
6A80000
|
trusted library section
|
page read and write
|
||
|
F5C000
|
stack
|
page read and write
|
||
|
327A000
|
trusted library allocation
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
1433000
|
trusted library allocation
|
page execute and read and write
|
||
|
1380000
|
trusted library allocation
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
162E000
|
stack
|
page read and write
|
||
|
2F54000
|
trusted library allocation
|
page read and write
|
||
|
4A70000
|
trusted library allocation
|
page read and write
|
||
|
27CD000
|
stack
|
page read and write
|
||
|
D17000
|
heap
|
page read and write
|
||
|
2835000
|
trusted library allocation
|
page read and write
|
||
|
3000000
|
trusted library allocation
|
page read and write
|
||
|
5BA0000
|
trusted library allocation
|
page read and write
|
||
|
6BB0000
|
heap
|
page read and write
|
||
|
1488000
|
heap
|
page read and write
|
||
|
2FEE000
|
stack
|
page read and write
|
||
|
4A32000
|
trusted library allocation
|
page read and write
|
||
|
A5FE000
|
stack
|
page read and write
|
||
|
1460000
|
trusted library allocation
|
page read and write
|
||
|
14E0000
|
heap
|
page read and write
|
||
|
6760000
|
trusted library allocation
|
page read and write
|
||
|
155E000
|
stack
|
page read and write
|
||
|
43E000
|
remote allocation
|
page execute and read and write
|
||
|
4A21000
|
trusted library allocation
|
page read and write
|
||
|
3FF5000
|
trusted library allocation
|
page read and write
|
||
|
2E45000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A30000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
1434000
|
trusted library allocation
|
page read and write
|
||
|
54A4000
|
trusted library allocation
|
page read and write
|
||
|
5A3E000
|
stack
|
page read and write
|
||
|
6BE000
|
stack
|
page read and write
|
||
|
6740000
|
heap
|
page read and write
|
||
|
9FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
157D000
|
trusted library allocation
|
page execute and read and write
|
||
|
9A8D000
|
stack
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
24CE000
|
stack
|
page read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
54D0000
|
trusted library allocation
|
page read and write
|
||
|
129B000
|
trusted library allocation
|
page execute and read and write
|
||
|
54A0000
|
trusted library allocation
|
page read and write
|
||
|
113E000
|
stack
|
page read and write
|
||
|
574E000
|
stack
|
page read and write
|
||
|
974E000
|
stack
|
page read and write
|
||
|
2D8F000
|
stack
|
page read and write
|
||
|
11B8000
|
heap
|
page read and write
|
||
|
6BBE000
|
stack
|
page read and write
|
||
|
4BDE000
|
stack
|
page read and write
|
||
|
667E000
|
stack
|
page read and write
|
||
|
6B90000
|
heap
|
page read and write
|
||
|
5552000
|
trusted library allocation
|
page read and write
|
||
|
554E000
|
trusted library allocation
|
page read and write
|
||
|
14F6000
|
heap
|
page read and write
|
||
|
1B0000
|
unkown
|
page readonly
|
||
|
4FA000
|
stack
|
page read and write
|
||
|
5AAF000
|
stack
|
page read and write
|
||
|
5AEE000
|
stack
|
page read and write
|
||
|
585C000
|
stack
|
page read and write
|
||
|
3287000
|
trusted library allocation
|
page read and write
|
||
|
1480000
|
trusted library allocation
|
page read and write
|
||
|
56DD000
|
trusted library allocation
|
page read and write
|
||
|
1393000
|
trusted library allocation
|
page read and write
|
||
|
5481000
|
trusted library allocation
|
page read and write
|
||
|
4BB0000
|
trusted library allocation
|
page read and write
|
||
|
12FA000
|
stack
|
page read and write
|
||
|
10F9000
|
stack
|
page read and write
|
||
|
80D000
|
trusted library allocation
|
page execute and read and write
|
||
|
AABE000
|
stack
|
page read and write
|
||
|
A12000
|
trusted library allocation
|
page read and write
|
||
|
735F000
|
stack
|
page read and write
|
||
|
5440000
|
trusted library allocation
|
page execute and read and write
|
||
|
6770000
|
trusted library allocation
|
page read and write
|
||
|
6390000
|
trusted library allocation
|
page execute and read and write
|
||
|
2330000
|
trusted library allocation
|
page read and write
|
||
|
67BF000
|
stack
|
page read and write
|
||
|
2EA0000
|
heap
|
page execute and read and write
|
||
|
63B0000
|
heap
|
page read and write
|
||
|
14B4000
|
heap
|
page read and write
|
||
|
1670000
|
trusted library allocation
|
page read and write
|
||
|
1280000
|
trusted library allocation
|
page read and write
|
||
|
9D7E000
|
stack
|
page read and write
|
||
|
2DB0000
|
heap
|
page read and write
|
||
|
767E000
|
stack
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
237E000
|
stack
|
page read and write
|
||
|
55FE000
|
stack
|
page read and write
|
||
|
6717000
|
trusted library allocation
|
page read and write
|
||
|
1590000
|
heap
|
page read and write
|
||
|
5450000
|
trusted library allocation
|
page read and write
|
||
|
5987000
|
trusted library allocation
|
page read and write
|
||
|
9950000
|
heap
|
page read and write
|
||
|
A5BE000
|
stack
|
page read and write
|
||
|
54A6000
|
trusted library allocation
|
page read and write
|
||
|
2E40000
|
trusted library allocation
|
page read and write
|
||
|
5490000
|
trusted library allocation
|
page read and write
|
||
|
2FCC000
|
stack
|
page read and write
|
||
|
9F3E000
|
stack
|
page read and write
|
||
|
620000
|
trusted library allocation
|
page read and write
|
||
|
3000000
|
heap
|
page read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
670E000
|
stack
|
page read and write
|
||
|
5540000
|
trusted library allocation
|
page read and write
|
||
|
66BE000
|
stack
|
page read and write
|
||
|
5CA0000
|
trusted library allocation
|
page read and write
|
||
|
2FFE000
|
stack
|
page read and write
|
||
|
2ECE000
|
stack
|
page read and write
|
||
|
1860000
|
trusted library allocation
|
page execute and read and write
|
||
|
1564000
|
trusted library allocation
|
page read and write
|
||
|
146B000
|
trusted library allocation
|
page execute and read and write
|
||
|
44DE000
|
stack
|
page read and write
|
||
|
6292000
|
heap
|
page read and write
|
||
|
1338000
|
heap
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
2E70000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F60000
|
trusted library allocation
|
page read and write
|
||
|
4001000
|
trusted library allocation
|
page read and write
|
||
|
16A4000
|
heap
|
page read and write
|
||
|
555E000
|
trusted library allocation
|
page read and write
|
||
|
57BE000
|
stack
|
page read and write
|
||
|
683F000
|
stack
|
page read and write
|
||
|
5464000
|
trusted library allocation
|
page read and write
|
||
|
50FC000
|
stack
|
page read and write
|
||
|
1530000
|
heap
|
page read and write
|
||
|
4019000
|
trusted library allocation
|
page read and write
|
||
|
1467000
|
trusted library allocation
|
page execute and read and write
|
||
|
126D000
|
trusted library allocation
|
page execute and read and write
|
||
|
552E000
|
stack
|
page read and write
|
||
|
6ABE000
|
stack
|
page read and write
|
||
|
12D5000
|
heap
|
page read and write
|
||
|
7FAA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1297000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D70000
|
heap
|
page read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
5600000
|
heap
|
page read and write
|
||
|
1561000
|
heap
|
page read and write
|
||
|
2F4E000
|
stack
|
page read and write
|
||
|
6A20000
|
trusted library allocation
|
page read and write
|
||
|
3241000
|
trusted library allocation
|
page read and write
|
||
|
117E000
|
stack
|
page read and write
|
||
|
174E000
|
stack
|
page read and write
|
||
|
5030000
|
heap
|
page read and write
|
||
|
A97C000
|
stack
|
page read and write
|
||
|
A4BD000
|
stack
|
page read and write
|
||
|
EC0000
|
unkown
|
page readonly
|
||
|
667000
|
trusted library allocation
|
page execute and read and write
|
||
|
7630000
|
trusted library allocation
|
page read and write
|
||
|
D95000
|
heap
|
page read and write
|
||
|
51FE000
|
stack
|
page read and write
|
||
|
2D8F000
|
unkown
|
page read and write
|
||
|
4A65000
|
trusted library allocation
|
page read and write
|
||
|
30A7000
|
trusted library allocation
|
page read and write
|
||
|
2FE0000
|
heap
|
page execute and read and write
|
||
|
5566000
|
trusted library allocation
|
page read and write
|
||
|
A380000
|
heap
|
page read and write
|
||
|
5CC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
12D0000
|
heap
|
page read and write
|
||
|
46BC000
|
stack
|
page read and write
|
||
|
14E5000
|
heap
|
page read and write
|
||
|
2C50000
|
heap
|
page read and write
|
||
|
140E000
|
heap
|
page read and write
|
||
|
1220000
|
heap
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
5486000
|
trusted library allocation
|
page read and write
|
||
|
5130000
|
trusted library allocation
|
page execute and read and write
|
||
|
54C0000
|
trusted library allocation
|
page read and write
|
||
|
6270000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
138D000
|
trusted library allocation
|
page execute and read and write
|
||
|
733000
|
heap
|
page read and write
|
||
|
2D88000
|
trusted library allocation
|
page read and write
|
||
|
647E000
|
stack
|
page read and write
|
||
|
429B000
|
trusted library allocation
|
page read and write
|
||
|
405C000
|
trusted library allocation
|
page read and write
|
||
|
D5B000
|
stack
|
page read and write
|
||
|
11D4000
|
heap
|
page read and write
|
||
|
12C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
9860000
|
heap
|
page read and write
|
||
|
13A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
804000
|
trusted library allocation
|
page read and write
|
||
|
12B0000
|
trusted library allocation
|
page read and write
|
||
|
49BE000
|
stack
|
page read and write
|
||
|
4A90000
|
trusted library allocation
|
page read and write
|
||
|
5610000
|
heap
|
page read and write
|
||
|
5AA0000
|
heap
|
page read and write
|
||
|
9BCD000
|
stack
|
page read and write
|
||
|
122D000
|
heap
|
page read and write
|
||
|
6890000
|
trusted library allocation
|
page read and write
|
||
|
56B0000
|
heap
|
page read and write
|
||
|
4A50000
|
trusted library allocation
|
page read and write
|
||
|
A1B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1450000
|
heap
|
page read and write
|
||
|
50FC000
|
stack
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
AAFE000
|
stack
|
page read and write
|
||
|
15EF000
|
stack
|
page read and write
|
||
|
6370000
|
trusted library allocation
|
page read and write
|
||
|
327D000
|
trusted library allocation
|
page read and write
|
||
|
2F0F000
|
stack
|
page read and write
|
||
|
4241000
|
trusted library allocation
|
page read and write
|
||
|
2E42000
|
trusted library allocation
|
page read and write
|
||
|
7160000
|
heap
|
page read and write
|
||
|
1563000
|
trusted library allocation
|
page execute and read and write
|
||
|
11D1000
|
heap
|
page read and write
|
||
|
2F79000
|
trusted library allocation
|
page read and write
|
||
|
3289000
|
trusted library allocation
|
page read and write
|
||
|
7380000
|
trusted library allocation
|
page read and write
|
||
|
63DD000
|
stack
|
page read and write
|
||
|
EC2000
|
unkown
|
page readonly
|
||
|
1430000
|
heap
|
page read and write
|
||
|
64BE000
|
stack
|
page read and write
|
||
|
58FE000
|
stack
|
page read and write
|
||
|
5A5F000
|
stack
|
page read and write
|
||
|
69BE000
|
stack
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
4D60000
|
heap
|
page read and write
|
||
|
37B3000
|
trusted library allocation
|
page read and write
|
||
|
13A2000
|
trusted library allocation
|
page read and write
|
||
|
688A000
|
trusted library allocation
|
page read and write
|
||
|
3130000
|
heap
|
page execute and read and write
|
||
|
5460000
|
trusted library allocation
|
page read and write
|
||
|
A14E000
|
heap
|
page read and write
|
||
|
6E6000
|
heap
|
page read and write
|
||
|
1550000
|
trusted library allocation
|
page read and write
|
||
|
9EE000
|
stack
|
page read and write
|
||
|
54B0000
|
trusted library allocation
|
page read and write
|
||
|
5995000
|
heap
|
page read and write
|
||
|
9F0000
|
heap
|
page execute and read and write
|
||
|
547E000
|
trusted library allocation
|
page read and write
|
||
|
1368000
|
heap
|
page read and write
|
||
|
66B000
|
trusted library allocation
|
page execute and read and write
|
||
|
6D9E000
|
stack
|
page read and write
|
||
|
149E000
|
heap
|
page read and write
|
||
|
296A000
|
stack
|
page read and write
|
||
|
595E000
|
stack
|
page read and write
|
||
|
B6E000
|
stack
|
page read and write
|
||
|
5CB0000
|
trusted library allocation
|
page read and write
|
||
|
56C0000
|
heap
|
page read and write
|
||
|
6710000
|
trusted library allocation
|
page read and write
|
||
|
6800000
|
trusted library allocation
|
page read and write
|
||
|
9D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
63D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5B70000
|
trusted library allocation
|
page read and write
|
||
|
141E000
|
stack
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
1FE000
|
stack
|
page read and write
|
||
|
36C9000
|
trusted library allocation
|
page read and write
|
||
|
5570000
|
trusted library allocation
|
page read and write
|
||
|
3281000
|
trusted library allocation
|
page read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
A6E000
|
stack
|
page read and write
|
||
|
4AE0000
|
heap
|
page execute and read and write
|
||
|
4A0B000
|
trusted library allocation
|
page read and write
|
||
|
323F000
|
stack
|
page read and write
|
||
|
ECA000
|
unkown
|
page readonly
|
||
|
1570000
|
trusted library allocation
|
page read and write
|
||
|
7620000
|
trusted library allocation
|
page execute and read and write
|
||
|
546B000
|
trusted library allocation
|
page read and write
|
||
|
3010000
|
heap
|
page execute and read and write
|
||
|
74A0000
|
trusted library allocation
|
page read and write
|
||
|
5723000
|
heap
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
103A000
|
stack
|
page read and write
|
||
|
6B3E000
|
stack
|
page read and write
|
||
|
A37D000
|
stack
|
page read and write
|
||
|
4EC0000
|
heap
|
page read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
362D000
|
trusted library allocation
|
page read and write
|
||
|
311D000
|
trusted library allocation
|
page read and write
|
||
|
3FF1000
|
trusted library allocation
|
page read and write
|
||
|
582C000
|
stack
|
page read and write
|
||
|
A0BD000
|
stack
|
page read and write
|
||
|
2C3E000
|
unkown
|
page read and write
|
||
|
155F000
|
heap
|
page read and write
|
||
|
586E000
|
stack
|
page read and write
|
||
|
143D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1750000
|
trusted library allocation
|
page read and write
|
||
|
A00000
|
trusted library allocation
|
page read and write
|
||
|
56D0000
|
trusted library allocation
|
page read and write
|
||
|
1263000
|
trusted library allocation
|
page execute and read and write
|
||
|
716000
|
heap
|
page read and write
|
||
|
5546000
|
trusted library allocation
|
page read and write
|
||
|
6A6E000
|
stack
|
page read and write
|
||
|
55BE000
|
stack
|
page read and write
|
||
|
5160000
|
trusted library allocation
|
page execute and read and write
|
||
|
7370000
|
trusted library allocation
|
page read and write
|
||
|
1216000
|
heap
|
page read and write
|
||
|
5700000
|
heap
|
page execute and read and write
|
||
|
491F000
|
stack
|
page read and write
|
||
|
327F000
|
trusted library allocation
|
page read and write
|
||
|
4D50000
|
heap
|
page read and write
|
||
|
2E4B000
|
trusted library allocation
|
page execute and read and write
|
||
|
774E000
|
stack
|
page read and write
|
||
|
6B8000
|
heap
|
page read and write
|
||
|
A1BE000
|
stack
|
page read and write
|
||
|
4D40000
|
trusted library section
|
page readonly
|
||
|
D5A000
|
stack
|
page read and write
|
||
|
5BA7000
|
trusted library allocation
|
page read and write
|
||
|
23C0000
|
heap
|
page read and write
|
||
|
4A1E000
|
trusted library allocation
|
page read and write
|
||
|
283A000
|
trusted library allocation
|
page read and write
|
||
|
A13F000
|
stack
|
page read and write
|
||
|
5C90000
|
trusted library allocation
|
page read and write
|
||
|
3275000
|
trusted library allocation
|
page read and write
|
||
|
2B9E000
|
unkown
|
page read and write
|
||
|
6A0000
|
trusted library allocation
|
page read and write
|
||
|
726000
|
heap
|
page read and write
|
||
|
4A04000
|
trusted library allocation
|
page read and write
|
||
|
150F000
|
heap
|
page read and write
|
||
|
1250000
|
trusted library allocation
|
page read and write
|
||
|
50ED000
|
stack
|
page read and write
|
||
|
18A0000
|
heap
|
page execute and read and write
|
||
|
12D0000
|
heap
|
page read and write
|
||
|
5B5E000
|
stack
|
page read and write
|
||
|
4A60000
|
trusted library allocation
|
page read and write
|
||
|
1586000
|
trusted library allocation
|
page execute and read and write
|
||
|
233F000
|
stack
|
page read and write
|
||
|
3090000
|
trusted library allocation
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
713000
|
heap
|
page read and write
|
||
|
1190000
|
heap
|
page read and write
|
||
|
5CD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1582000
|
trusted library allocation
|
page read and write
|
||
|
2E08000
|
trusted library allocation
|
page read and write
|
||
|
35C1000
|
trusted library allocation
|
page read and write
|
||
|
548D000
|
trusted library allocation
|
page read and write
|
||
|
4D80000
|
trusted library allocation
|
page read and write
|
||
|
2E90000
|
trusted library allocation
|
page read and write
|
||
|
6390000
|
heap
|
page read and write
|
||
|
4AD0000
|
heap
|
page read and write
|
||
|
5544000
|
trusted library allocation
|
page read and write
|
||
|
1285000
|
heap
|
page read and write
|
||
|
1754000
|
trusted library allocation
|
page read and write
|
||
|
41F3000
|
trusted library allocation
|
page read and write
|
||
|
165F000
|
stack
|
page read and write
|
||
|
59FE000
|
stack
|
page read and write
|
||
|
2E47000
|
trusted library allocation
|
page execute and read and write
|
||
|
1548000
|
heap
|
page read and write
|
||
|
1270000
|
trusted library allocation
|
page read and write
|
||
|
9F7B000
|
stack
|
page read and write
|
||
|
503E000
|
heap
|
page read and write
|
||
|
3F7000
|
stack
|
page read and write
|
||
|
4D65000
|
heap
|
page read and write
|
||
|
6B7E000
|
stack
|
page read and write
|
||
|
A02000
|
trusted library allocation
|
page read and write
|
||
|
56E0000
|
heap
|
page execute and read and write
|
||
|
76B000
|
heap
|
page read and write
|
||
|
1460000
|
trusted library allocation
|
page read and write
|
||
|
1810000
|
heap
|
page read and write
|
||
|
1139000
|
stack
|
page read and write
|
||
|
7F0000
|
trusted library allocation
|
page read and write
|
||
|
A87C000
|
stack
|
page read and write
|
||
|
14AA000
|
heap
|
page read and write
|
||
|
74B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1295000
|
trusted library allocation
|
page execute and read and write
|
||
|
262000
|
unkown
|
page readonly
|
||
|
1577000
|
heap
|
page read and write
|
||
|
6BFD000
|
stack
|
page read and write
|
||
|
86C000
|
stack
|
page read and write
|
||
|
67EE000
|
stack
|
page read and write
|
||
|
1198000
|
heap
|
page read and write
|
||
|
1560000
|
trusted library allocation
|
page read and write
|
||
|
135A000
|
heap
|
page read and write
|
||
|
13E4000
|
heap
|
page read and write
|
||
|
4ADE000
|
stack
|
page read and write
|
||
|
4EB0000
|
heap
|
page read and write
|
||
|
4CE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4BC0000
|
heap
|
page read and write
|
||
|
2BD0000
|
heap
|
page read and write
|
||
|
984D000
|
stack
|
page read and write
|
||
|
3021000
|
trusted library allocation
|
page read and write
|
||
|
803000
|
trusted library allocation
|
page execute and read and write
|
||
|
13DF000
|
stack
|
page read and write
|
||
|
5140000
|
trusted library section
|
page read and write
|
||
|
7F920000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A9E000
|
stack
|
page read and write
|
||
|
3341000
|
trusted library allocation
|
page read and write
|
||
|
640000
|
trusted library allocation
|
page read and write
|
||
|
4D1E000
|
stack
|
page read and write
|
||
|
1444000
|
trusted library allocation
|
page read and write
|
||
|
139D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F10000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
1427000
|
heap
|
page read and write
|
||
|
5572000
|
trusted library allocation
|
page read and write
|
||
|
68A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
9D3E000
|
stack
|
page read and write
|
||
|
2A80000
|
heap
|
page read and write
|
||
|
4A40000
|
trusted library allocation
|
page read and write
|
||
|
1260000
|
trusted library allocation
|
page read and write
|
||
|
2A39000
|
stack
|
page read and write
|
||
|
795000
|
heap
|
page read and write
|
||
|
4021000
|
trusted library allocation
|
page read and write
|
||
|
5960000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D0F000
|
unkown
|
page read and write
|
||
|
2570000
|
heap
|
page read and write
|
||
|
4BA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5028000
|
trusted library allocation
|
page read and write
|
||
|
6EDE000
|
stack
|
page read and write
|
||
|
497E000
|
stack
|
page read and write
|
||
|
292D000
|
stack
|
page read and write
|
||
|
6FE000
|
heap
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
9869000
|
heap
|
page read and write
|
||
|
1490000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B2000
|
unkown
|
page readonly
|
||
|
533E000
|
stack
|
page read and write
|
||
|
2590000
|
trusted library allocation
|
page execute and read and write
|
||
|
427B000
|
trusted library allocation
|
page read and write
|
||
|
964E000
|
stack
|
page read and write
|
||
|
1580000
|
trusted library allocation
|
page read and write
|
||
|
ABFE000
|
stack
|
page read and write
|
||
|
12A0000
|
heap
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
6BA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
140E000
|
stack
|
page read and write
|
||
|
1290000
|
trusted library allocation
|
page read and write
|
||
|
69AE000
|
stack
|
page read and write
|
||
|
577F000
|
stack
|
page read and write
|
||
|
1150000
|
heap
|
page read and write
|
||
|
25B0000
|
heap
|
page execute and read and write
|
||
|
4CD0000
|
trusted library allocation
|
page read and write
|
||
|
1365000
|
heap
|
page read and write
|
||
|
6F8000
|
heap
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
14C000
|
stack
|
page read and write
|
||
|
A6FE000
|
stack
|
page read and write
|
||
|
2EF9000
|
heap
|
page read and write
|
There are 624 hidden memdumps, click here to show them.