Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
MT103 CIBC Ref No EBOTT40930537914.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\remcos\logs.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MT103 CIBC Ref No EBOTT40930537914.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmp5126.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\pvTSOIBBT.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\pvTSOIBBT.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\pvTSOIBBT.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1gnhattc.lpu.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eqo5ikxu.bee.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_estiouoz.jcb.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fwbtibzr.o3u.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r2exrhyi.rrv.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w345e04a.wea.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xcuqpupt.lvc.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zemioemd.sf2.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp6058.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\MT103 CIBC Ref No EBOTT40930537914.exe
|
"C:\Users\user\Desktop\MT103 CIBC Ref No EBOTT40930537914.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\MT103 CIBC
Ref No EBOTT40930537914.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\pvTSOIBBT.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\pvTSOIBBT" /XML "C:\Users\user\AppData\Local\Temp\tmp5126.tmp"
|
|
|
|
C:\Users\user\Desktop\MT103 CIBC Ref No EBOTT40930537914.exe
|
"C:\Users\user\Desktop\MT103 CIBC Ref No EBOTT40930537914.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\pvTSOIBBT.exe
|
C:\Users\user\AppData\Roaming\pvTSOIBBT.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\pvTSOIBBT" /XML "C:\Users\user\AppData\Local\Temp\tmp6058.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\pvTSOIBBT.exe
|
"C:\Users\user\AppData\Roaming\pvTSOIBBT.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\pvTSOIBBT.exe
|
"C:\Users\user\AppData\Roaming\pvTSOIBBT.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
milliondollar23.duckdns.org
|
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
http://geoplugin.net/json.gpSystem32
|
unknown
|
||
|
http://geoplugin.net/json.gpbb
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
http://www.typography.netD
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://geoplugin.net/json.gp:b4
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://geoplugin.net/json.gpYbQ
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
There are 23 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
milliondollar23.duckdns.org
|
176.9.23.58
|
|
|
|
geoplugin.net
|
178.237.33.50
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
176.9.23.58
|
milliondollar23.duckdns.org
|
Germany
|
|
|
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-3XAFQF
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-3XAFQF
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-3XAFQF
|
time
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
33EF000
|
stack
|
page read and write
|
|
|
|
E07000
|
heap
|
page read and write
|
|
|
|
3609000
|
trusted library allocation
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
1867000
|
heap
|
page read and write
|
|
|
|
D60000
|
heap
|
page read and write
|
||
|
7303000
|
heap
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
4D70000
|
heap
|
page execute and read and write
|
||
|
A85E000
|
stack
|
page read and write
|
||
|
51B0000
|
heap
|
page read and write
|
||
|
24C0000
|
heap
|
page read and write
|
||
|
A41B000
|
stack
|
page read and write
|
||
|
4AE0000
|
heap
|
page read and write
|
||
|
7EE10000
|
trusted library allocation
|
page execute and read and write
|
||
|
DAE000
|
stack
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
2408000
|
trusted library allocation
|
page read and write
|
||
|
5170000
|
trusted library allocation
|
page read and write
|
||
|
7F120000
|
trusted library allocation
|
page execute and read and write
|
||
|
72E0000
|
heap
|
page read and write
|
||
|
32CE000
|
stack
|
page read and write
|
||
|
C30000
|
trusted library allocation
|
page read and write
|
||
|
A99E000
|
stack
|
page read and write
|
||
|
5280000
|
trusted library allocation
|
page read and write
|
||
|
4B00000
|
trusted library allocation
|
page read and write
|
||
|
FEA000
|
heap
|
page read and write
|
||
|
1020000
|
heap
|
page read and write
|
||
|
A13E000
|
stack
|
page read and write
|
||
|
A0B000
|
heap
|
page read and write
|
||
|
184D000
|
stack
|
page read and write
|
||
|
18C4000
|
heap
|
page read and write
|
||
|
BC0000
|
trusted library allocation
|
page read and write
|
||
|
113C000
|
stack
|
page read and write
|
||
|
314F000
|
trusted library allocation
|
page read and write
|
||
|
5420000
|
heap
|
page read and write
|
||
|
7270000
|
trusted library allocation
|
page read and write
|
||
|
70BD000
|
stack
|
page read and write
|
||
|
A64D000
|
stack
|
page read and write
|
||
|
703E000
|
stack
|
page read and write
|
||
|
1190000
|
heap
|
page read and write
|
||
|
54C0000
|
heap
|
page read and write
|
||
|
5140000
|
trusted library allocation
|
page read and write
|
||
|
35EF000
|
stack
|
page read and write
|
||
|
16C5000
|
heap
|
page read and write
|
||
|
4F52000
|
heap
|
page read and write
|
||
|
B8E000
|
stack
|
page read and write
|
||
|
A27E000
|
stack
|
page read and write
|
||
|
FAE000
|
stack
|
page read and write
|
||
|
3660000
|
heap
|
page read and write
|
||
|
97A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D32000
|
trusted library allocation
|
page read and write
|
||
|
31A000
|
stack
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
121E000
|
stack
|
page read and write
|
||
|
4A80000
|
trusted library allocation
|
page read and write
|
||
|
6BF0000
|
trusted library allocation
|
page read and write
|
||
|
4AA6000
|
trusted library allocation
|
page read and write
|
||
|
7275000
|
trusted library allocation
|
page read and write
|
||
|
5090000
|
trusted library allocation
|
page read and write
|
||
|
972000
|
trusted library allocation
|
page read and write
|
||
|
50B0000
|
trusted library allocation
|
page read and write
|
||
|
9EFD000
|
stack
|
page read and write
|
||
|
BA0000
|
trusted library allocation
|
page read and write
|
||
|
6E0E000
|
stack
|
page read and write
|
||
|
4E7D000
|
stack
|
page read and write
|
||
|
531B000
|
stack
|
page read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
5150000
|
trusted library allocation
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
9EBE000
|
stack
|
page read and write
|
||
|
2CB1000
|
trusted library allocation
|
page read and write
|
||
|
37EF000
|
stack
|
page read and write
|
||
|
6AF0000
|
heap
|
page read and write
|
||
|
1088000
|
heap
|
page read and write
|
||
|
471000
|
remote allocation
|
page execute and read and write
|
||
|
9D6000
|
heap
|
page read and write
|
||
|
2CD4000
|
trusted library allocation
|
page read and write
|
||
|
C20000
|
trusted library allocation
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
124A000
|
trusted library allocation
|
page execute and read and write
|
||
|
A520000
|
heap
|
page read and write
|
||
|
EA5000
|
heap
|
page read and write
|
||
|
9DFD000
|
stack
|
page read and write
|
||
|
1410000
|
trusted library allocation
|
page read and write
|
||
|
A0FE000
|
stack
|
page read and write
|
||
|
1220000
|
trusted library allocation
|
page read and write
|
||
|
5290000
|
trusted library allocation
|
page read and write
|
||
|
57E0000
|
trusted library allocation
|
page read and write
|
||
|
307A000
|
stack
|
page read and write
|
||
|
FD0000
|
trusted library allocation
|
page read and write
|
||
|
5430000
|
trusted library section
|
page readonly
|
||
|
970000
|
trusted library allocation
|
page read and write
|
||
|
3E02000
|
trusted library allocation
|
page read and write
|
||
|
5434000
|
trusted library section
|
page readonly
|
||
|
32E0000
|
heap
|
page read and write
|
||
|
700A000
|
heap
|
page read and write
|
||
|
2AC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3601000
|
trusted library allocation
|
page read and write
|
||
|
2601000
|
trusted library allocation
|
page read and write
|
||
|
1464000
|
heap
|
page read and write
|
||
|
7280000
|
trusted library allocation
|
page read and write
|
||
|
33F0000
|
heap
|
page read and write
|
||
|
55D0000
|
heap
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
735E000
|
heap
|
page read and write
|
||
|
50F5000
|
heap
|
page read and write
|
||
|
98B000
|
trusted library allocation
|
page execute and read and write
|
||
|
168C000
|
stack
|
page read and write
|
||
|
3CF1000
|
trusted library allocation
|
page read and write
|
||
|
3FAD000
|
trusted library allocation
|
page read and write
|
||
|
316F000
|
unkown
|
page read and write
|
||
|
C1E000
|
stack
|
page read and write
|
||
|
C50000
|
heap
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
72D0000
|
heap
|
page read and write
|
||
|
A75E000
|
stack
|
page read and write
|
||
|
4F10000
|
heap
|
page read and write
|
||
|
6FBF000
|
heap
|
page read and write
|
||
|
312E000
|
unkown
|
page read and write
|
||
|
2CB6000
|
trusted library allocation
|
page read and write
|
||
|
16C0000
|
heap
|
page read and write
|
||
|
18CD000
|
heap
|
page read and write
|
||
|
9D4000
|
heap
|
page read and write
|
||
|
370000
|
heap
|
page read and write
|
||
|
3F4C000
|
trusted library allocation
|
page read and write
|
||
|
1230000
|
trusted library allocation
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
72CF000
|
stack
|
page read and write
|
||
|
2C9B000
|
trusted library allocation
|
page read and write
|
||
|
25CE000
|
stack
|
page read and write
|
||
|
52C3000
|
heap
|
page read and write
|
||
|
2C90000
|
trusted library allocation
|
page read and write
|
||
|
1246000
|
trusted library allocation
|
page execute and read and write
|
||
|
9AC000
|
stack
|
page read and write
|
||
|
2BF8000
|
trusted library allocation
|
page read and write
|
||
|
70C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
11DE000
|
stack
|
page read and write
|
||
|
50B5000
|
trusted library allocation
|
page read and write
|
||
|
9FBF000
|
stack
|
page read and write
|
||
|
145E000
|
stack
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
3CF9000
|
trusted library allocation
|
page read and write
|
||
|
2ECD000
|
stack
|
page read and write
|
||
|
BD7000
|
heap
|
page read and write
|
||
|
122D000
|
trusted library allocation
|
page execute and read and write
|
||
|
25D0000
|
trusted library allocation
|
page read and write
|
||
|
2E37000
|
trusted library allocation
|
page read and write
|
||
|
3F6C000
|
trusted library allocation
|
page read and write
|
||
|
338F000
|
stack
|
page read and write
|
||
|
337A000
|
heap
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
1014000
|
heap
|
page read and write
|
||
|
940000
|
trusted library allocation
|
page read and write
|
||
|
2CBD000
|
trusted library allocation
|
page read and write
|
||
|
1260000
|
heap
|
page read and write
|
||
|
D37000
|
stack
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
4B83000
|
heap
|
page read and write
|
||
|
4B70000
|
heap
|
page read and write
|
||
|
4F50000
|
heap
|
page read and write
|
||
|
982000
|
trusted library allocation
|
page read and write
|
||
|
1250000
|
trusted library allocation
|
page read and write
|
||
|
6C10000
|
trusted library section
|
page read and write
|
||
|
334E000
|
stack
|
page read and write
|
||
|
6712000
|
trusted library allocation
|
page read and write
|
||
|
4F54000
|
heap
|
page read and write
|
||
|
4A8B000
|
trusted library allocation
|
page read and write
|
||
|
9C7F000
|
stack
|
page read and write
|
||
|
73E0000
|
trusted library allocation
|
page read and write
|
||
|
9C6000
|
heap
|
page read and write
|
||
|
7D5000
|
heap
|
page read and write
|
||
|
1240000
|
trusted library allocation
|
page read and write
|
||
|
1061000
|
heap
|
page read and write
|
||
|
6AFE000
|
heap
|
page read and write
|
||
|
C45000
|
trusted library allocation
|
page read and write
|
||
|
73D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D60000
|
trusted library allocation
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
34EF000
|
stack
|
page read and write
|
||
|
9FFE000
|
stack
|
page read and write
|
||
|
A74E000
|
stack
|
page read and write
|
||
|
4F3E000
|
heap
|
page read and write
|
||
|
4014000
|
trusted library allocation
|
page read and write
|
||
|
4F00000
|
heap
|
page read and write
|
||
|
18D8000
|
heap
|
page read and write
|
||
|
A60C000
|
stack
|
page read and write
|
||
|
9D7D000
|
stack
|
page read and write
|
||
|
323E000
|
stack
|
page read and write
|
||
|
31FF000
|
stack
|
page read and write
|
||
|
A4CE000
|
stack
|
page read and write
|
||
|
960000
|
trusted library allocation
|
page read and write
|
||
|
478000
|
remote allocation
|
page execute and read and write
|
||
|
57E7000
|
trusted library allocation
|
page read and write
|
||
|
4EF0000
|
heap
|
page read and write
|
||
|
24A0000
|
trusted library allocation
|
page read and write
|
||
|
36EF000
|
stack
|
page read and write
|
||
|
1690000
|
heap
|
page read and write
|
||
|
1022000
|
heap
|
page read and write
|
||
|
954000
|
trusted library allocation
|
page read and write
|
||
|
56D0000
|
heap
|
page read and write
|
||
|
A51C000
|
stack
|
page read and write
|
||
|
5320000
|
heap
|
page read and write
|
||
|
9DBE000
|
stack
|
page read and write
|
||
|
3370000
|
heap
|
page read and write
|
||
|
4B60000
|
heap
|
page read and write
|
||
|
9F00000
|
heap
|
page read and write
|
||
|
4AA1000
|
trusted library allocation
|
page read and write
|
||
|
4AAD000
|
trusted library allocation
|
page read and write
|
||
|
192000
|
unkown
|
page readonly
|
||
|
96D000
|
trusted library allocation
|
page execute and read and write
|
||
|
D50000
|
heap
|
page read and write
|
||
|
14FB000
|
stack
|
page read and write
|
||
|
6F9E000
|
stack
|
page read and write
|
||
|
2642000
|
trusted library allocation
|
page read and write
|
||
|
25F0000
|
heap
|
page execute and read and write
|
||
|
987000
|
trusted library allocation
|
page execute and read and write
|
||
|
8DE000
|
stack
|
page read and write
|
||
|
16D0000
|
heap
|
page read and write
|
||
|
3CE000
|
stack
|
page read and write
|
||
|
288000
|
unkown
|
page readonly
|
||
|
9B7F000
|
stack
|
page read and write
|
||
|
72FD000
|
heap
|
page read and write
|
||
|
10B2000
|
heap
|
page read and write
|
||
|
707E000
|
stack
|
page read and write
|
||
|
303D000
|
stack
|
page read and write
|
||
|
72F5000
|
heap
|
page read and write
|
||
|
18DF000
|
heap
|
page read and write
|
||
|
9A7E000
|
stack
|
page read and write
|
||
|
463B000
|
stack
|
page read and write
|
||
|
C3A000
|
stack
|
page read and write
|
||
|
164E000
|
stack
|
page read and write
|
||
|
125B000
|
trusted library allocation
|
page execute and read and write
|
||
|
A23E000
|
stack
|
page read and write
|
||
|
513E000
|
stack
|
page read and write
|
||
|
FEE000
|
heap
|
page read and write
|
||
|
2ABB000
|
stack
|
page read and write
|
||
|
6FA0000
|
heap
|
page read and write
|
||
|
9B9000
|
heap
|
page read and write
|
||
|
5860000
|
trusted library allocation
|
page read and write
|
||
|
2DE1000
|
trusted library allocation
|
page read and write
|
||
|
BB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
9CBE000
|
stack
|
page read and write
|
||
|
A50C000
|
stack
|
page read and write
|
||
|
99BE000
|
stack
|
page read and write
|
||
|
3D72000
|
trusted library allocation
|
page read and write
|
||
|
A17D000
|
stack
|
page read and write
|
||
|
6E45000
|
trusted library allocation
|
page read and write
|
||
|
1223000
|
trusted library allocation
|
page execute and read and write
|
||
|
6C00000
|
trusted library allocation
|
page read and write
|
||
|
5145000
|
trusted library allocation
|
page read and write
|
||
|
D4E000
|
stack
|
page read and write
|
||
|
95D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6E4F000
|
trusted library allocation
|
page read and write
|
||
|
727D000
|
trusted library allocation
|
page read and write
|
||
|
4B80000
|
heap
|
page read and write
|
||
|
2CD0000
|
trusted library allocation
|
page read and write
|
||
|
123D000
|
trusted library allocation
|
page execute and read and write
|
||
|
9D80000
|
heap
|
page read and write
|
||
|
4B30000
|
trusted library allocation
|
page execute and read and write
|
||
|
E8E000
|
stack
|
page read and write
|
||
|
738E000
|
stack
|
page read and write
|
||
|
997E000
|
stack
|
page read and write
|
||
|
A4C000
|
heap
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
A3CE000
|
stack
|
page read and write
|
||
|
C40000
|
trusted library allocation
|
page read and write
|
||
|
1460000
|
heap
|
page read and write
|
||
|
9B7E000
|
stack
|
page read and write
|
||
|
2AE0000
|
heap
|
page read and write
|
||
|
38BD000
|
trusted library allocation
|
page read and write
|
||
|
11CE000
|
stack
|
page read and write
|
||
|
26F9000
|
trusted library allocation
|
page read and write
|
||
|
474000
|
remote allocation
|
page execute and read and write
|
||
|
2F0A000
|
stack
|
page read and write
|
||
|
1242000
|
trusted library allocation
|
page read and write
|
||
|
A89E000
|
stack
|
page read and write
|
||
|
1860000
|
heap
|
page read and write
|
||
|
99E000
|
heap
|
page read and write
|
||
|
748F000
|
stack
|
page read and write
|
||
|
1007000
|
heap
|
page read and write
|
||
|
66F0000
|
trusted library allocation
|
page read and write
|
||
|
18EA000
|
heap
|
page read and write
|
||
|
11E0000
|
heap
|
page read and write
|
||
|
72ED000
|
heap
|
page read and write
|
||
|
950000
|
trusted library allocation
|
page read and write
|
||
|
6D0E000
|
stack
|
page read and write
|
||
|
EA0000
|
heap
|
page read and write
|
||
|
190000
|
unkown
|
page readonly
|
||
|
A03D000
|
stack
|
page read and write
|
||
|
54C5000
|
heap
|
page read and write
|
||
|
3E92000
|
trusted library allocation
|
page read and write
|
||
|
50D0000
|
trusted library section
|
page read and write
|
||
|
5870000
|
trusted library allocation
|
page read and write
|
||
|
55CE000
|
stack
|
page read and write
|
||
|
18A7000
|
heap
|
page read and write
|
||
|
4AF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
16E0000
|
heap
|
page read and write
|
||
|
330F000
|
stack
|
page read and write
|
||
|
5130000
|
trusted library allocation
|
page read and write
|
||
|
56E0000
|
heap
|
page read and write
|
||
|
105D000
|
heap
|
page read and write
|
||
|
3170000
|
heap
|
page read and write
|
||
|
50F0000
|
heap
|
page read and write
|
||
|
4B10000
|
trusted library allocation
|
page read and write
|
||
|
30E0000
|
heap
|
page read and write
|
||
|
CFC000
|
stack
|
page read and write
|
||
|
7343000
|
heap
|
page read and write
|
||
|
50A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CF1000
|
trusted library allocation
|
page read and write
|
||
|
91E000
|
stack
|
page read and write
|
||
|
10CE000
|
stack
|
page read and write
|
||
|
99A000
|
heap
|
page read and write
|
||
|
473D000
|
stack
|
page read and write
|
||
|
40FF000
|
stack
|
page read and write
|
||
|
953000
|
trusted library allocation
|
page execute and read and write
|
||
|
52C0000
|
heap
|
page read and write
|
||
|
6E9E000
|
stack
|
page read and write
|
||
|
31B0000
|
heap
|
page read and write
|
||
|
1252000
|
trusted library allocation
|
page read and write
|
||
|
2CAE000
|
trusted library allocation
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
387C000
|
trusted library allocation
|
page read and write
|
||
|
6FFE000
|
stack
|
page read and write
|
||
|
3FFE000
|
stack
|
page read and write
|
||
|
51D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3DEB000
|
trusted library allocation
|
page read and write
|
||
|
4B50000
|
trusted library section
|
page readonly
|
||
|
6E30000
|
trusted library allocation
|
page execute and read and write
|
||
|
7028000
|
heap
|
page read and write
|
||
|
33F8000
|
heap
|
page read and write
|
||
|
9CA000
|
heap
|
page read and write
|
||
|
474000
|
remote allocation
|
page execute and read and write
|
||
|
52B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F7000
|
stack
|
page read and write
|
||
|
51C0000
|
heap
|
page execute and read and write
|
||
|
A13E000
|
stack
|
page read and write
|
||
|
1257000
|
trusted library allocation
|
page execute and read and write
|
||
|
A7F000
|
heap
|
page read and write
|
||
|
1224000
|
trusted library allocation
|
page read and write
|
||
|
976000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A9E000
|
trusted library allocation
|
page read and write
|
||
|
4D5B000
|
stack
|
page read and write
|
||
|
7031000
|
heap
|
page read and write
|
||
|
111D000
|
stack
|
page read and write
|
||
|
9C7E000
|
stack
|
page read and write
|
||
|
35E0000
|
heap
|
page read and write
|
||
|
2AD0000
|
trusted library allocation
|
page read and write
|
||
|
2CD6000
|
trusted library allocation
|
page read and write
|
||
|
55E1000
|
heap
|
page read and write
|
||
|
2BEE000
|
stack
|
page read and write
|
||
|
5080000
|
trusted library allocation
|
page read and write
|
||
|
180C000
|
stack
|
page read and write
|
||
|
2CE0000
|
heap
|
page execute and read and write
|
||
|
A3F000
|
heap
|
page read and write
|
||
|
6E40000
|
trusted library allocation
|
page read and write
|
||
|
4DEC000
|
stack
|
page read and write
|
||
|
2FBE000
|
unkown
|
page read and write
|
||
|
330F000
|
unkown
|
page read and write
|
||
|
56F8000
|
heap
|
page read and write
|
There are 351 hidden memdumps, click here to show them.