Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
HOU3ED3EDRFQ.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\remcos\logs.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\HOU3ED3EDRFQ.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmpFE55.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\LDrvERevBZJN.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\LDrvERevBZJN.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\LDrvERevBZJN.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2wnsfygh.vus.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3azngg0p.xd5.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5kt3pcvv.kpt.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bszyaidt.zcl.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cj3w0flg.4hw.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lge4uoef.1rx.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uj31u4sw.ysq.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y2zvglcw.0kq.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpB84.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\HOU3ED3EDRFQ.exe
|
"C:\Users\user\Desktop\HOU3ED3EDRFQ.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\HOU3ED3EDRFQ.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LDrvERevBZJN.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LDrvERevBZJN" /XML "C:\Users\user\AppData\Local\Temp\tmpFE55.tmp"
|
|
|
|
C:\Users\user\Desktop\HOU3ED3EDRFQ.exe
|
"C:\Users\user\Desktop\HOU3ED3EDRFQ.exe"
|
|
|
|
C:\Users\user\Desktop\HOU3ED3EDRFQ.exe
|
"C:\Users\user\Desktop\HOU3ED3EDRFQ.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\LDrvERevBZJN.exe
|
C:\Users\user\AppData\Roaming\LDrvERevBZJN.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LDrvERevBZJN" /XML "C:\Users\user\AppData\Local\Temp\tmpB84.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\LDrvERevBZJN.exe
|
"C:\Users\user\AppData\Roaming\LDrvERevBZJN.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
45.66.231.218
|
|
||
|
http://geoplugin.net/json.gpc
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
http://geoplugin.net/json.gph
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
http://geoplugin.net/json.gp:
|
unknown
|
||
|
http://geoplugin.net/json.gpz
|
unknown
|
||
|
http://geoplugin.net/json.gpSystem32
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
http://www.typography.netD
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
There are 24 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
geoplugin.net
|
178.237.33.50
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.66.231.218
|
unknown
|
Germany
|
|
|
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-UII1DP
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-UII1DP
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-UII1DP
|
time
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1547000
|
heap
|
page read and write
|
|
|
|
455A000
|
trusted library allocation
|
page read and write
|
|
|
|
158F000
|
heap
|
page read and write
|
|
|
|
315F000
|
stack
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
37FA000
|
trusted library allocation
|
page read and write
|
|
|
|
BB7000
|
heap
|
page read and write
|
|
|
|
9F0000
|
heap
|
page read and write
|
||
|
69E0000
|
heap
|
page read and write
|
||
|
169D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F4E000
|
stack
|
page read and write
|
||
|
3462000
|
trusted library allocation
|
page read and write
|
||
|
4CD0000
|
trusted library allocation
|
page read and write
|
||
|
59C0000
|
heap
|
page read and write
|
||
|
867000
|
heap
|
page read and write
|
||
|
98E000
|
stack
|
page read and write
|
||
|
7C3F000
|
stack
|
page read and write
|
||
|
1602000
|
heap
|
page read and write
|
||
|
5C70000
|
heap
|
page execute and read and write
|
||
|
801E000
|
stack
|
page read and write
|
||
|
4EFC000
|
stack
|
page read and write
|
||
|
343B000
|
trusted library allocation
|
page read and write
|
||
|
1830000
|
heap
|
page read and write
|
||
|
6D3D000
|
stack
|
page read and write
|
||
|
1A3E000
|
stack
|
page read and write
|
||
|
5E39000
|
heap
|
page read and write
|
||
|
99F0000
|
heap
|
page read and write
|
||
|
3240000
|
heap
|
page read and write
|
||
|
471000
|
remote allocation
|
page execute and read and write
|
||
|
3430000
|
trusted library allocation
|
page read and write
|
||
|
1540000
|
heap
|
page read and write
|
||
|
B7D000
|
stack
|
page read and write
|
||
|
1B70000
|
heap
|
page execute and read and write
|
||
|
84A000
|
heap
|
page read and write
|
||
|
137C000
|
stack
|
page read and write
|
||
|
1650000
|
heap
|
page read and write
|
||
|
4F00000
|
heap
|
page read and write
|
||
|
5D7D000
|
stack
|
page read and write
|
||
|
8EA000
|
heap
|
page read and write
|
||
|
5A80000
|
trusted library allocation
|
page read and write
|
||
|
1640000
|
heap
|
page read and write
|
||
|
179A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A73000
|
trusted library allocation
|
page read and write
|
||
|
79C000
|
stack
|
page read and write
|
||
|
2DED000
|
stack
|
page read and write
|
||
|
6C0A000
|
trusted library allocation
|
page read and write
|
||
|
884000
|
heap
|
page read and write
|
||
|
500D000
|
stack
|
page read and write
|
||
|
6040000
|
trusted library allocation
|
page read and write
|
||
|
178D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1693000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B30000
|
trusted library allocation
|
page execute and read and write
|
||
|
A1F0000
|
trusted library allocation
|
page read and write
|
||
|
A79000
|
stack
|
page read and write
|
||
|
6AF5000
|
trusted library allocation
|
page read and write
|
||
|
50E0000
|
heap
|
page read and write
|
||
|
C4A000
|
trusted library allocation
|
page execute and read and write
|
||
|
7C7D000
|
stack
|
page read and write
|
||
|
16A0000
|
heap
|
page read and write
|
||
|
CA4000
|
heap
|
page read and write
|
||
|
9BEE000
|
stack
|
page read and write
|
||
|
5E20000
|
heap
|
page read and write
|
||
|
5E30000
|
heap
|
page read and write
|
||
|
C00000
|
trusted library allocation
|
page read and write
|
||
|
4D10000
|
heap
|
page execute and read and write
|
||
|
1088000
|
unkown
|
page readonly
|
||
|
25CC000
|
stack
|
page read and write
|
||
|
B23C000
|
stack
|
page read and write
|
||
|
7AF0000
|
trusted library allocation
|
page read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
69F5000
|
heap
|
page read and write
|
||
|
4CA000
|
stack
|
page read and write
|
||
|
180E000
|
stack
|
page read and write
|
||
|
2DEF000
|
stack
|
page read and write
|
||
|
15E8000
|
heap
|
page read and write
|
||
|
67A0000
|
heap
|
page read and write
|
||
|
2C9E000
|
stack
|
page read and write
|
||
|
1680000
|
trusted library allocation
|
page read and write
|
||
|
5C61000
|
trusted library allocation
|
page read and write
|
||
|
C13000
|
trusted library allocation
|
page execute and read and write
|
||
|
6030000
|
trusted library allocation
|
page execute and read and write
|
||
|
1780000
|
trusted library allocation
|
page read and write
|
||
|
50B0000
|
heap
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
DAE000
|
stack
|
page read and write
|
||
|
815E000
|
stack
|
page read and write
|
||
|
345D000
|
trusted library allocation
|
page read and write
|
||
|
7A30000
|
trusted library section
|
page read and write
|
||
|
3749000
|
trusted library allocation
|
page read and write
|
||
|
829E000
|
stack
|
page read and write
|
||
|
7ECE000
|
stack
|
page read and write
|
||
|
474000
|
remote allocation
|
page execute and read and write
|
||
|
5F20000
|
heap
|
page read and write
|
||
|
1B65000
|
trusted library allocation
|
page read and write
|
||
|
17A2000
|
trusted library allocation
|
page read and write
|
||
|
1B80000
|
trusted library allocation
|
page read and write
|
||
|
6C8D000
|
stack
|
page read and write
|
||
|
282A000
|
trusted library allocation
|
page read and write
|
||
|
C14000
|
trusted library allocation
|
page read and write
|
||
|
3451000
|
trusted library allocation
|
page read and write
|
||
|
811F000
|
stack
|
page read and write
|
||
|
39C4000
|
trusted library allocation
|
page read and write
|
||
|
4CE0000
|
trusted library allocation
|
page read and write
|
||
|
4D00000
|
trusted library allocation
|
page execute and read and write
|
||
|
C52000
|
trusted library allocation
|
page read and write
|
||
|
3B3A000
|
trusted library allocation
|
page read and write
|
||
|
6CE0000
|
trusted library allocation
|
page read and write
|
||
|
35FA000
|
trusted library allocation
|
page read and write
|
||
|
1796000
|
trusted library allocation
|
page execute and read and write
|
||
|
156A000
|
heap
|
page read and write
|
||
|
330C000
|
stack
|
page read and write
|
||
|
C5B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1820000
|
trusted library allocation
|
page read and write
|
||
|
7B3E000
|
stack
|
page read and write
|
||
|
4C33000
|
heap
|
page read and write
|
||
|
5E5E000
|
heap
|
page read and write
|
||
|
5C7000
|
stack
|
page read and write
|
||
|
1BA7000
|
heap
|
page read and write
|
||
|
34E0000
|
heap
|
page read and write
|
||
|
F80000
|
unkown
|
page readonly
|
||
|
44F1000
|
trusted library allocation
|
page read and write
|
||
|
5A70000
|
heap
|
page read and write
|
||
|
344E000
|
stack
|
page read and write
|
||
|
46CE000
|
trusted library allocation
|
page read and write
|
||
|
C40000
|
trusted library allocation
|
page read and write
|
||
|
1792000
|
trusted library allocation
|
page read and write
|
||
|
68DE000
|
stack
|
page read and write
|
||
|
6F8E000
|
stack
|
page read and write
|
||
|
48BC000
|
stack
|
page read and write
|
||
|
15B1000
|
heap
|
page read and write
|
||
|
5101000
|
heap
|
page read and write
|
||
|
9F5000
|
heap
|
page read and write
|
||
|
7C86000
|
trusted library allocation
|
page read and write
|
||
|
A0AE000
|
stack
|
page read and write
|
||
|
7600000
|
trusted library allocation
|
page read and write
|
||
|
ACCE000
|
stack
|
page read and write
|
||
|
C57000
|
trusted library allocation
|
page execute and read and write
|
||
|
A1EF000
|
stack
|
page read and write
|
||
|
3729000
|
trusted library allocation
|
page read and write
|
||
|
50F0000
|
heap
|
page read and write
|
||
|
2700000
|
trusted library allocation
|
page read and write
|
||
|
31C0000
|
heap
|
page read and write
|
||
|
4C61000
|
trusted library allocation
|
page read and write
|
||
|
13E5000
|
heap
|
page read and write
|
||
|
6CD0000
|
trusted library allocation
|
page read and write
|
||
|
25D0000
|
trusted library allocation
|
page read and write
|
||
|
30DE000
|
unkown
|
page read and write
|
||
|
311F000
|
unkown
|
page read and write
|
||
|
14F7000
|
stack
|
page read and write
|
||
|
BCF000
|
stack
|
page read and write
|
||
|
161B000
|
heap
|
page read and write
|
||
|
3CAE000
|
trusted library allocation
|
page read and write
|
||
|
157F000
|
heap
|
page read and write
|
||
|
7622000
|
trusted library allocation
|
page read and write
|
||
|
17A0000
|
trusted library allocation
|
page read and write
|
||
|
4C66000
|
trusted library allocation
|
page read and write
|
||
|
DAE000
|
stack
|
page read and write
|
||
|
855F000
|
stack
|
page read and write
|
||
|
33BF000
|
stack
|
page read and write
|
||
|
5024000
|
trusted library section
|
page readonly
|
||
|
2CA0000
|
heap
|
page read and write
|
||
|
2721000
|
trusted library allocation
|
page read and write
|
||
|
5A90000
|
heap
|
page read and write
|
||
|
26F0000
|
trusted library allocation
|
page read and write
|
||
|
3120000
|
heap
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
4C30000
|
heap
|
page read and write
|
||
|
324B000
|
heap
|
page read and write
|
||
|
319C000
|
stack
|
page read and write
|
||
|
839E000
|
stack
|
page read and write
|
||
|
17AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
15B8000
|
heap
|
page read and write
|
||
|
11A0000
|
heap
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
3A80000
|
trusted library allocation
|
page read and write
|
||
|
32CF000
|
stack
|
page read and write
|
||
|
F82000
|
unkown
|
page readonly
|
||
|
2A61000
|
trusted library allocation
|
page read and write
|
||
|
1600000
|
heap
|
page read and write
|
||
|
25E0000
|
heap
|
page execute and read and write
|
||
|
3843000
|
trusted library allocation
|
page read and write
|
||
|
3721000
|
trusted library allocation
|
page read and write
|
||
|
127C000
|
stack
|
page read and write
|
||
|
825F000
|
stack
|
page read and write
|
||
|
1BA0000
|
heap
|
page read and write
|
||
|
6A12000
|
heap
|
page read and write
|
||
|
368F000
|
stack
|
page read and write
|
||
|
6CE4000
|
trusted library allocation
|
page read and write
|
||
|
44F9000
|
trusted library allocation
|
page read and write
|
||
|
5950000
|
trusted library allocation
|
page execute and read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
C46000
|
trusted library allocation
|
page execute and read and write
|
||
|
1560000
|
heap
|
page read and write
|
||
|
193E000
|
stack
|
page read and write
|
||
|
7CB0000
|
trusted library allocation
|
page read and write
|
||
|
5930000
|
trusted library allocation
|
page read and write
|
||
|
1540000
|
heap
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
1B40000
|
trusted library allocation
|
page read and write
|
||
|
1580000
|
heap
|
page read and write
|
||
|
3434000
|
trusted library allocation
|
page read and write
|
||
|
1B50000
|
trusted library allocation
|
page read and write
|
||
|
9F6C000
|
stack
|
page read and write
|
||
|
15A2000
|
heap
|
page read and write
|
||
|
5E15000
|
heap
|
page read and write
|
||
|
3BF4000
|
trusted library allocation
|
page read and write
|
||
|
B33E000
|
stack
|
page read and write
|
||
|
34C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
153E000
|
stack
|
page read and write
|
||
|
354F000
|
stack
|
page read and write
|
||
|
150E000
|
stack
|
page read and write
|
||
|
C2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
69C000
|
stack
|
page read and write
|
||
|
A4E000
|
stack
|
page read and write
|
||
|
6C4E000
|
stack
|
page read and write
|
||
|
5E70000
|
heap
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
2800000
|
heap
|
page read and write
|
||
|
4CC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
50E5000
|
heap
|
page read and write
|
||
|
378B000
|
trusted library allocation
|
page read and write
|
||
|
AB90000
|
heap
|
page read and write
|
||
|
34B0000
|
heap
|
page read and write
|
||
|
6AF9000
|
trusted library allocation
|
page read and write
|
||
|
B43E000
|
stack
|
page read and write
|
||
|
1190000
|
heap
|
page read and write
|
||
|
9E6B000
|
stack
|
page read and write
|
||
|
6D7E000
|
stack
|
page read and write
|
||
|
3090000
|
heap
|
page read and write
|
||
|
474000
|
remote allocation
|
page execute and read and write
|
||
|
6AF1000
|
trusted library allocation
|
page read and write
|
||
|
6020000
|
trusted library section
|
page read and write
|
||
|
3F4E000
|
stack
|
page read and write
|
||
|
59AB000
|
stack
|
page read and write
|
||
|
107A000
|
unkown
|
page readonly
|
||
|
6E4E000
|
stack
|
page read and write
|
||
|
8560000
|
heap
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
164B000
|
heap
|
page read and write
|
||
|
EAF000
|
stack
|
page read and write
|
||
|
1810000
|
trusted library allocation
|
page execute and read and write
|
||
|
305D000
|
stack
|
page read and write
|
||
|
107F000
|
unkown
|
page readonly
|
||
|
C70000
|
trusted library allocation
|
page read and write
|
||
|
303A000
|
stack
|
page read and write
|
||
|
5010000
|
heap
|
page read and write
|
||
|
4C5E000
|
trusted library allocation
|
page read and write
|
||
|
B13C000
|
stack
|
page read and write
|
||
|
35FC000
|
trusted library allocation
|
page read and write
|
||
|
7E7D000
|
stack
|
page read and write
|
||
|
404F000
|
stack
|
page read and write
|
||
|
736E000
|
stack
|
page read and write
|
||
|
1690000
|
trusted library allocation
|
page read and write
|
||
|
11EE000
|
stack
|
page read and write
|
||
|
1790000
|
trusted library allocation
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
4CB0000
|
heap
|
page read and write
|
||
|
2F60000
|
heap
|
page read and write
|
||
|
1612000
|
heap
|
page read and write
|
||
|
344E000
|
trusted library allocation
|
page read and write
|
||
|
16A5000
|
heap
|
page read and write
|
||
|
13F0000
|
heap
|
page read and write
|
||
|
478000
|
remote allocation
|
page execute and read and write
|
||
|
17C0000
|
trusted library allocation
|
page read and write
|
||
|
71CF000
|
stack
|
page read and write
|
||
|
845E000
|
stack
|
page read and write
|
||
|
9DF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C5F000
|
unkown
|
page read and write
|
||
|
90A000
|
heap
|
page read and write
|
||
|
112A000
|
stack
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
5020000
|
trusted library section
|
page readonly
|
||
|
17A7000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A93000
|
heap
|
page read and write
|
||
|
1510000
|
heap
|
page read and write
|
||
|
5E10000
|
heap
|
page read and write
|
||
|
C80000
|
trusted library allocation
|
page execute and read and write
|
||
|
4519000
|
trusted library allocation
|
page read and write
|
||
|
A0ED000
|
stack
|
page read and write
|
||
|
4C4B000
|
trusted library allocation
|
page read and write
|
||
|
4728000
|
trusted library allocation
|
page read and write
|
||
|
69DE000
|
stack
|
page read and write
|
||
|
9FAD000
|
stack
|
page read and write
|
||
|
4C6D000
|
trusted library allocation
|
page read and write
|
||
|
C20000
|
trusted library allocation
|
page read and write
|
||
|
55EC000
|
stack
|
page read and write
|
||
|
AFCE000
|
stack
|
page read and write
|
||
|
71D0000
|
trusted library allocation
|
page read and write
|
||
|
1A3F000
|
stack
|
page read and write
|
||
|
6C00000
|
trusted library allocation
|
page read and write
|
||
|
2CB0000
|
heap
|
page read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
5E00000
|
trusted library section
|
page read and write
|
||
|
15A0000
|
heap
|
page read and write
|
||
|
AD0D000
|
stack
|
page read and write
|
||
|
5C10000
|
heap
|
page read and write
|
||
|
3358000
|
trusted library allocation
|
page read and write
|
||
|
708E000
|
stack
|
page read and write
|
||
|
2B00000
|
heap
|
page read and write
|
||
|
1B3E000
|
stack
|
page read and write
|
||
|
342B000
|
stack
|
page read and write
|
||
|
5C50000
|
trusted library section
|
page read and write
|
||
|
25D4000
|
trusted library allocation
|
page read and write
|
||
|
2CBB000
|
heap
|
page read and write
|
||
|
3470000
|
trusted library allocation
|
page read and write
|
||
|
258E000
|
stack
|
page read and write
|
||
|
9CD000
|
stack
|
page read and write
|
||
|
4C20000
|
trusted library allocation
|
page read and write
|
||
|
882000
|
heap
|
page read and write
|
||
|
34F1000
|
trusted library allocation
|
page read and write
|
||
|
C42000
|
trusted library allocation
|
page read and write
|
||
|
1589000
|
heap
|
page read and write
|
||
|
358E000
|
stack
|
page read and write
|
||
|
15A3000
|
heap
|
page read and write
|
||
|
8DA000
|
heap
|
page read and write
|
||
|
C90000
|
trusted library allocation
|
page read and write
|
||
|
1B60000
|
trusted library allocation
|
page read and write
|
||
|
3456000
|
trusted library allocation
|
page read and write
|
||
|
C22000
|
trusted library allocation
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
34D0000
|
trusted library allocation
|
page read and write
|
||
|
3130000
|
heap
|
page read and write
|
||
|
31A0000
|
heap
|
page read and write
|
||
|
337E000
|
stack
|
page read and write
|
||
|
7AFA000
|
trusted library allocation
|
page read and write
|
||
|
99ED000
|
stack
|
page read and write
|
||
|
7C80000
|
trusted library allocation
|
page read and write
|
||
|
156E000
|
heap
|
page read and write
|
||
|
38FE000
|
trusted library allocation
|
page read and write
|
||
|
84E000
|
heap
|
page read and write
|
||
|
340F000
|
stack
|
page read and write
|
||
|
3510000
|
heap
|
page read and write
|
||
|
7C90000
|
trusted library allocation
|
page execute and read and write
|
||
|
2710000
|
heap
|
page read and write
|
||
|
2C1E000
|
unkown
|
page read and write
|
||
|
4C00000
|
trusted library allocation
|
page read and write
|
||
|
2AE0000
|
heap
|
page read and write
|
||
|
874000
|
heap
|
page read and write
|
||
|
C1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2705000
|
trusted library allocation
|
page read and write
|
||
|
25D6000
|
trusted library allocation
|
page read and write
|
||
|
AECE000
|
stack
|
page read and write
|
||
|
C10000
|
trusted library allocation
|
page read and write
|
||
|
4C44000
|
trusted library allocation
|
page read and write
|
||
|
8573000
|
heap
|
page read and write
|
||
|
AE8E000
|
stack
|
page read and write
|
||
|
1694000
|
trusted library allocation
|
page read and write
|
||
|
70CE000
|
stack
|
page read and write
|
||
|
4C40000
|
trusted library allocation
|
page read and write
|
||
|
26EE000
|
stack
|
page read and write
|
||
|
59B0000
|
trusted library section
|
page readonly
|
||
|
A3D000
|
stack
|
page read and write
|
||
|
9CEE000
|
stack
|
page read and write
|
There are 343 hidden memdumps, click here to show them.