Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
RE [Urgent]Sunny Pharmtech Questionnaire for the Weight Sorting Machine supplier-INOS.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\ProgramData\remcos\logs.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\BeConf.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\bhv4E21.tmp
|
Extensible storage engine DataBase, version 0x620, checksum 0x0770397c, page size 32768, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\immobilism\Sengeforliggerens66\Wynne\Dystrophic.Dia
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\immobilism\Sengeforliggerens66\Wynne\Irritationers212.jpg
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 321x398, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\immobilism\Sengeforliggerens66\Wynne\Nglepositionens.kak
|
DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration:
offset 0.000000, slope 151115727451828646838272.000000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\immobilism\Sengeforliggerens66\Wynne\Prsidiernes.skr
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\immobilism\Sengeforliggerens66\Wynne\acquirers.int
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\immobilism\Sengeforliggerens66\Wynne\emneaften.tog
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\immobilism\Sengeforliggerens66\Wynne\fremdragningers.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsfCAD9.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsoC76D.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\qxzdfiuzuindcswlguzzrrhxv
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmc.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\RE [Urgent]Sunny Pharmtech Questionnaire for the Weight Sorting Machine supplier-INOS.exe
|
"C:\Users\user\Desktop\RE [Urgent]Sunny Pharmtech Questionnaire for the Weight Sorting Machine supplier-INOS.exe"
|
|
|
|
C:\Users\user\Desktop\RE [Urgent]Sunny Pharmtech Questionnaire for the Weight Sorting Machine supplier-INOS.exe
|
"C:\Users\user\Desktop\RE [Urgent]Sunny Pharmtech Questionnaire for the Weight Sorting Machine supplier-INOS.exe"
|
|
|
|
C:\Windows\SysWOW64\recover.exe
|
C:\Windows\SysWOW64\recover.exe /stext "C:\Users\user\AppData\Local\Temp\qxzdfiuzuindcswlguzzrrhxv"
|
|
|
|
C:\Windows\SysWOW64\recover.exe
|
C:\Windows\SysWOW64\recover.exe /stext "C:\Users\user\AppData\Local\Temp\qxzdfiuzuindcswlguzzrrhxv"
|
|
|
|
C:\Windows\SysWOW64\recover.exe
|
C:\Windows\SysWOW64\recover.exe /stext "C:\Users\user\AppData\Local\Temp\arewgbnsqqfimgsxpembbwbgeusgg"
|
|
|
|
C:\Windows\SysWOW64\recover.exe
|
C:\Windows\SysWOW64\recover.exe /stext "C:\Users\user\AppData\Local\Temp\ktrohtyueyxnpmgbypyuejwxfakphdhs"
|
|
|
|
C:\Windows\SysWOW64\recover.exe
|
C:\Windows\SysWOW64\recover.exe /stext "C:\Users\user\AppData\Local\Temp\ktrohtyueyxnpmgbypyuejwxfakphdhs"
|
|
|
|
C:\Windows\SysWOW64\recover.exe
|
C:\Windows\SysWOW64\recover.exe /stext "C:\Users\user\AppData\Local\Temp\ktrohtyueyxnpmgbypyuejwxfakphdhs"
|
|
|
|
C:\Windows\System32\sppsvc.exe
|
C:\Windows\system32\sppsvc.exe
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.office.com/
|
unknown
|
||
|
https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=LO
|
unknown
|
||
|
https://7da35b81493d6264eefb208fce0c5757.azr.footprintdns.com/apc/trans.gif?f343d3a8731ffea490b8b5c3
|
unknown
|
||
|
http://www.imvu.comr
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingth
|
unknown
|
||
|
https://waw02prdapp02-canary.netmon.azure.com/apc/trans.gif?469316a07faf13c962eeef1395652e59
|
unknown
|
||
|
http://www.imvu.com
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=wsb
|
unknown
|
||
|
http://c.pki.goog/r/gsr1.crl0
|
unknown
|
||
|
http://www.nirsoft.net
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingaotak
|
unknown
|
||
|
https://deff.nelreports.net/api/report?cat=msn
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://c.pki.goog/we2/64OUIVzpZV4.crl0
|
unknown
|
||
|
http://i.pki.goog/we2.crt0
|
unknown
|
||
|
http://o.pki.goog/we20%
|
unknown
|
||
|
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
|
unknown
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
https://www.google.com
|
unknown
|
||
|
http://192.159.99.27/rrzogcvDo253.bin
|
192.159.99.27
|
||
|
https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=MIRA-WW-PH7&FrontEn
|
unknown
|
||
|
http://nsis.sf.net/NSIS_Error
|
unknown
|
||
|
https://dl.google.com/update2/installers/icons/%7B8a69d345-d564-463c-aff1-a69d9e530f96%7D.bmp?lang=e
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingaot
|
unknown
|
||
|
https://07ab41ecf42bc570255fdecc8dea3fa9.azr.footprintdns.com/apc/trans.gif?f0f7e1407b69bd65640be717
|
unknown
|
||
|
https://maps.windows.com/windows-app-web-link
|
unknown
|
||
|
http://i.pki.goog/gsr1.crt0-
|
unknown
|
||
|
https://cxcs.microsoft.net/api/settings/en-GB/xml/settings-tipset?release=20h1&sku=Professional&plat
|
unknown
|
||
|
http://c.pki.goog/r/r4.crl0
|
unknown
|
||
|
https://waw02prdapp02-canary.netmon.azure.com/apc/trans.gif?407dab52f7bc43350b5cde12afe93269
|
unknown
|
||
|
http://i.pki.goog/r4.crt0
|
unknown
|
||
|
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/MostlyClearNight.svg
|
unknown
|
||
|
https://07ab41ecf42bc570255fdecc8dea3fa9.azr.footprintdns.com/apc/trans.gif?5b3bec92835bc024c52f96dd
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingrms
|
unknown
|
||
|
https://www.google.com/accounts/servicelogin
|
unknown
|
||
|
https://7da35b81493d6264eefb208fce0c5757.azr.footprintdns.com/apc/trans.gif?f92d19bcbba8eb1999dabbc8
|
unknown
|
||
|
https://login.yahoo.com/config/login
|
unknown
|
||
|
http://www.nirsoft.net/
|
unknown
|
||
|
http://www.imvu.comata
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=wsb&ndcParam=QWthbWFp
|
unknown
|
||
|
http://www.ebuddy.com
|
unknown
|
||
|
https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-LAX31r5a&
|
unknown
|
There are 32 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
geoplugin.net
|
178.237.33.50
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
64.23.171.108
|
unknown
|
United States
|
|
|
|
192.159.99.27
|
unknown
|
United Kingdom
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-VFJHJY
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-VFJHJY
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-VFJHJY
|
time
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-VFJHJY
|
UID
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform
|
ServiceSessionId
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3701C000
|
heap
|
page read and write
|
|
|
|
6749000
|
heap
|
page read and write
|
|
|
|
370B2000
|
heap
|
page read and write
|
|
|
|
37194000
|
heap
|
page read and write
|
|
|
|
374E3000
|
heap
|
page read and write
|
|
|
|
36F3A000
|
heap
|
page read and write
|
|
|
|
400000
|
system
|
page execute and read and write
|
|
|
|
37010000
|
unclassified section
|
page execute and read and write
|
|
|
|
676A000
|
heap
|
page read and write
|
|
|
|
37245000
|
heap
|
page read and write
|
|
|
|
36F3B000
|
heap
|
page read and write
|
|
|
|
6739000
|
heap
|
page read and write
|
|
|
|
373CE000
|
heap
|
page read and write
|
|
|
|
37305000
|
heap
|
page read and write
|
|
|
|
37481000
|
heap
|
page read and write
|
|
|
|
63DF000
|
stack
|
page read and write
|
|
|
|
676A000
|
heap
|
page read and write
|
|
|
|
90F8000
|
direct allocation
|
page execute and read and write
|
|
|
|
676A000
|
heap
|
page read and write
|
|
|
|
37190000
|
heap
|
page read and write
|
|
|
|
3370000
|
trusted library allocation
|
page read and write
|
||
|
40C000
|
unkown
|
page read and write
|
||
|
55B3000
|
heap
|
page read and write
|
||
|
3310000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
456000
|
system
|
page execute and read and write
|
||
|
4DA5000
|
heap
|
page read and write
|
||
|
82F000
|
stack
|
page read and write
|
||
|
36F77000
|
heap
|
page read and write
|
||
|
29A0000
|
heap
|
page read and write
|
||
|
36F88000
|
heap
|
page read and write
|
||
|
4DA1000
|
heap
|
page read and write
|
||
|
6AE000
|
heap
|
page read and write
|
||
|
3657F000
|
stack
|
page read and write
|
||
|
80C0000
|
direct allocation
|
page read and write
|
||
|
292B000
|
stack
|
page read and write
|
||
|
2E34000
|
heap
|
page read and write
|
||
|
588B000
|
heap
|
page read and write
|
||
|
6779000
|
heap
|
page read and write
|
||
|
2C48000
|
remote allocation
|
page execute and read and write
|
||
|
2EDC000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
4D88000
|
heap
|
page read and write
|
||
|
4D81000
|
heap
|
page read and write
|
||
|
66E8000
|
heap
|
page read and write
|
||
|
32D0000
|
direct allocation
|
page read and write
|
||
|
5310000
|
heap
|
page read and write
|
||
|
32A0000
|
trusted library allocation
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
31DD000
|
heap
|
page read and write
|
||
|
80B0000
|
direct allocation
|
page read and write
|
||
|
2F12000
|
stack
|
page read and write
|
||
|
32A0000
|
trusted library allocation
|
page read and write
|
||
|
409000
|
unkown
|
page read and write
|
||
|
68DF000
|
stack
|
page read and write
|
||
|
4D9D000
|
heap
|
page read and write
|
||
|
5745000
|
heap
|
page read and write
|
||
|
8080000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
32A0000
|
trusted library allocation
|
page read and write
|
||
|
33C0000
|
heap
|
page read and write
|
||
|
31AF000
|
stack
|
page read and write
|
||
|
68F8000
|
direct allocation
|
page execute and read and write
|
||
|
5EE000
|
stack
|
page read and write
|
||
|
369BF000
|
stack
|
page read and write
|
||
|
62DE000
|
stack
|
page read and write
|
||
|
6788000
|
heap
|
page read and write
|
||
|
2F83000
|
heap
|
page read and write
|
||
|
36590000
|
heap
|
page read and write
|
||
|
2E34000
|
heap
|
page read and write
|
||
|
37091000
|
direct allocation
|
page execute and read and write
|
||
|
4D81000
|
heap
|
page read and write
|
||
|
474000
|
system
|
page execute and read and write
|
||
|
2D98000
|
heap
|
page read and write
|
||
|
6730000
|
heap
|
page read and write
|
||
|
6779000
|
heap
|
page read and write
|
||
|
220E000
|
stack
|
page read and write
|
||
|
6550000
|
heap
|
page read and write
|
||
|
2E34000
|
heap
|
page read and write
|
||
|
6788000
|
heap
|
page read and write
|
||
|
4D95000
|
heap
|
page read and write
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
2F0F000
|
stack
|
page read and write
|
||
|
4DA4000
|
heap
|
page read and write
|
||
|
37090000
|
direct allocation
|
page read and write
|
||
|
312C000
|
heap
|
page read and write
|
||
|
215E000
|
stack
|
page read and write
|
||
|
32F0000
|
direct allocation
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
5549000
|
heap
|
page read and write
|
||
|
37416000
|
unclassified section
|
page execute and read and write
|
||
|
4D88000
|
heap
|
page read and write
|
||
|
4D7C000
|
heap
|
page read and write
|
||
|
4D91000
|
heap
|
page read and write
|
||
|
29FE000
|
stack
|
page read and write
|
||
|
66E0000
|
heap
|
page read and write
|
||
|
3677C000
|
stack
|
page read and write
|
||
|
37430000
|
unclassified section
|
page execute and read and write
|
||
|
2E34000
|
heap
|
page read and write
|
||
|
1848000
|
remote allocation
|
page execute and read and write
|
||
|
2FF4000
|
heap
|
page read and write
|
||
|
80A0000
|
direct allocation
|
page read and write
|
||
|
2190000
|
unkown
|
page readonly
|
||
|
63A000
|
heap
|
page read and write
|
||
|
2170000
|
heap
|
page read and write
|
||
|
5EF8000
|
direct allocation
|
page execute and read and write
|
||
|
2FF4000
|
heap
|
page read and write
|
||
|
2F90000
|
heap
|
page readonly
|
||
|
4D8A000
|
heap
|
page read and write
|
||
|
4D9B000
|
heap
|
page read and write
|
||
|
54F8000
|
direct allocation
|
page execute and read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
4DBD000
|
heap
|
page read and write
|
||
|
242C000
|
stack
|
page read and write
|
||
|
2E2E000
|
stack
|
page read and write
|
||
|
36F3B000
|
heap
|
page read and write
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
4DDA000
|
heap
|
page read and write
|
||
|
66B0000
|
direct allocation
|
page read and write
|
||
|
675E000
|
heap
|
page read and write
|
||
|
4DB8000
|
heap
|
page read and write
|
||
|
9AF8000
|
direct allocation
|
page execute and read and write
|
||
|
2F80000
|
heap
|
page read and write
|
||
|
4D9D000
|
heap
|
page read and write
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
29B0000
|
heap
|
page readonly
|
||
|
2F68000
|
heap
|
page read and write
|
||
|
32A0000
|
trusted library allocation
|
page read and write
|
||
|
37480000
|
heap
|
page read and write
|
||
|
373C0000
|
unclassified section
|
page execute and read and write
|
||
|
2FF5000
|
heap
|
page read and write
|
||
|
679000
|
heap
|
page read and write
|
||
|
4DB8000
|
heap
|
page read and write
|
||
|
28EC000
|
stack
|
page read and write
|
||
|
8090000
|
direct allocation
|
page read and write
|
||
|
4D95000
|
heap
|
page read and write
|
||
|
4D9D000
|
heap
|
page read and write
|
||
|
4D8F000
|
heap
|
page read and write
|
||
|
4DA5000
|
heap
|
page read and write
|
||
|
4D90000
|
heap
|
page read and write
|
||
|
36EC1000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
4DDD000
|
heap
|
page read and write
|
||
|
32EE000
|
heap
|
page read and write
|
||
|
2EFB000
|
stack
|
page read and write
|
||
|
553F000
|
stack
|
page read and write
|
||
|
5740000
|
trusted library allocation
|
page read and write
|
||
|
67BC000
|
heap
|
page read and write
|
||
|
2FF4000
|
heap
|
page read and write
|
||
|
5875000
|
heap
|
page read and write
|
||
|
370A6000
|
direct allocation
|
page execute and read and write
|
||
|
2FF5000
|
heap
|
page read and write
|
||
|
35BF000
|
stack
|
page read and write
|
||
|
5740000
|
trusted library allocation
|
page read and write
|
||
|
4DAE000
|
heap
|
page read and write
|
||
|
4D95000
|
heap
|
page read and write
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
32A0000
|
trusted library allocation
|
page read and write
|
||
|
4A48000
|
remote allocation
|
page execute and read and write
|
||
|
412000
|
unkown
|
page read and write
|
||
|
4E31000
|
heap
|
page read and write
|
||
|
2FF5000
|
heap
|
page read and write
|
||
|
3647E000
|
stack
|
page read and write
|
||
|
2F8F000
|
stack
|
page read and write
|
||
|
31D3000
|
heap
|
page read and write
|
||
|
6A6000
|
heap
|
page read and write
|
||
|
36F9C000
|
heap
|
page read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
4D89000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
2F14000
|
stack
|
page read and write
|
||
|
4D81000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
66C0000
|
direct allocation
|
page read and write
|
||
|
2FF4000
|
heap
|
page read and write
|
||
|
32E0000
|
direct allocation
|
page read and write
|
||
|
36C7E000
|
stack
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
3120000
|
heap
|
page read and write
|
||
|
598F000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
676C000
|
heap
|
page read and write
|
||
|
2FF4000
|
heap
|
page read and write
|
||
|
7CF8000
|
direct allocation
|
page execute and read and write
|
||
|
4DA1000
|
heap
|
page read and write
|
||
|
4D90000
|
heap
|
page read and write
|
||
|
41B000
|
system
|
page execute and read and write
|
||
|
66A0000
|
direct allocation
|
page read and write
|
||
|
556000
|
heap
|
page read and write
|
||
|
4D8C000
|
heap
|
page read and write
|
||
|
2C9A000
|
stack
|
page read and write
|
||
|
2E34000
|
heap
|
page read and write
|
||
|
2FF5000
|
heap
|
page read and write
|
||
|
37546000
|
heap
|
page read and write
|
||
|
32A0000
|
trusted library allocation
|
page read and write
|
||
|
5541000
|
heap
|
page read and write
|
||
|
4DBD000
|
heap
|
page read and write
|
||
|
3744B000
|
unclassified section
|
page execute and read and write
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
2E34000
|
heap
|
page read and write
|
||
|
2FF4000
|
heap
|
page read and write
|
||
|
36AFF000
|
stack
|
page read and write
|
||
|
236E000
|
stack
|
page read and write
|
||
|
4800000
|
heap
|
page read and write
|
||
|
32B0000
|
direct allocation
|
page read and write
|
||
|
2269000
|
heap
|
page read and write
|
||
|
4DB8000
|
heap
|
page read and write
|
||
|
4D91000
|
heap
|
page read and write
|
||
|
5548000
|
heap
|
page read and write
|
||
|
32ED000
|
heap
|
page read and write
|
||
|
49E0000
|
heap
|
page read and write
|
||
|
32A0000
|
trusted library allocation
|
page read and write
|
||
|
4E31000
|
heap
|
page read and write
|
||
|
4DBD000
|
heap
|
page read and write
|
||
|
4D8C000
|
heap
|
page read and write
|
||
|
4D81000
|
heap
|
page read and write
|
||
|
4D93000
|
heap
|
page read and write
|
||
|
36F69000
|
heap
|
page read and write
|
||
|
4D81000
|
heap
|
page read and write
|
||
|
2265000
|
heap
|
page read and write
|
||
|
2DE0000
|
heap
|
page readonly
|
||
|
4D98000
|
heap
|
page read and write
|
||
|
4DB8000
|
heap
|
page read and write
|
||
|
4DFF000
|
heap
|
page read and write
|
||
|
2FDE000
|
stack
|
page read and write
|
||
|
2EF6000
|
stack
|
page read and write
|
||
|
4DA1000
|
heap
|
page read and write
|
||
|
4D93000
|
heap
|
page read and write
|
||
|
4D89000
|
heap
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
4D89000
|
heap
|
page read and write
|
||
|
36F88000
|
heap
|
page read and write
|
||
|
675A000
|
heap
|
page read and write
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
4D90000
|
heap
|
page read and write
|
||
|
4DB8000
|
heap
|
page read and write
|
||
|
2FF4000
|
heap
|
page read and write
|
||
|
5740000
|
trusted library allocation
|
page read and write
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
32C0000
|
direct allocation
|
page read and write
|
||
|
5740000
|
trusted library allocation
|
page read and write
|
||
|
4DAA000
|
heap
|
page read and write
|
||
|
289F000
|
stack
|
page read and write
|
||
|
312C000
|
heap
|
page read and write
|
||
|
32EE000
|
heap
|
page read and write
|
||
|
6670000
|
direct allocation
|
page read and write
|
||
|
2FF4000
|
heap
|
page read and write
|
||
|
2240000
|
heap
|
page read and write
|
||
|
4D90000
|
heap
|
page read and write
|
||
|
4D60000
|
heap
|
page read and write
|
||
|
2E34000
|
heap
|
page read and write
|
||
|
3340000
|
direct allocation
|
page read and write
|
||
|
4D90000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
436000
|
unkown
|
page readonly
|
||
|
436000
|
unkown
|
page readonly
|
||
|
5740000
|
trusted library allocation
|
page read and write
|
||
|
49F8000
|
heap
|
page read and write
|
||
|
5247000
|
heap
|
page read and write
|
||
|
64FE000
|
stack
|
page read and write
|
||
|
32ED000
|
heap
|
page read and write
|
||
|
5540000
|
heap
|
page read and write
|
||
|
66D0000
|
direct allocation
|
page read and write
|
||
|
63E0000
|
heap
|
page read and write
|
||
|
32A0000
|
trusted library allocation
|
page read and write
|
||
|
36F98000
|
heap
|
page read and write
|
||
|
3320000
|
direct allocation
|
page read and write
|
||
|
676A000
|
heap
|
page read and write
|
||
|
6690000
|
heap
|
page read and write
|
||
|
368BC000
|
stack
|
page read and write
|
||
|
67BC000
|
heap
|
page read and write
|
||
|
5AA2000
|
heap
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
4D93000
|
heap
|
page read and write
|
||
|
434000
|
unkown
|
page read and write
|
||
|
4DA1000
|
heap
|
page read and write
|
||
|
36F82000
|
heap
|
page read and write
|
||
|
36B3E000
|
stack
|
page read and write
|
||
|
4DAA000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
45C000
|
system
|
page execute and read and write
|
||
|
33C8000
|
heap
|
page read and write
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
2F60000
|
heap
|
page read and write
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
4DA1000
|
heap
|
page read and write
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
2E34000
|
heap
|
page read and write
|
||
|
4048000
|
remote allocation
|
page execute and read and write
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
2454000
|
heap
|
page read and write
|
||
|
4E30000
|
heap
|
page read and write
|
||
|
676C000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
671000
|
heap
|
page read and write
|
||
|
36EC0000
|
heap
|
page read and write
|
||
|
5448000
|
remote allocation
|
page execute and read and write
|
||
|
210E000
|
stack
|
page read and write
|
||
|
4D84000
|
heap
|
page read and write
|
||
|
2E34000
|
heap
|
page read and write
|
||
|
5549000
|
heap
|
page read and write
|
||
|
4D8A000
|
heap
|
page read and write
|
||
|
4D81000
|
heap
|
page read and write
|
||
|
63E000
|
heap
|
page read and write
|
||
|
2FF4000
|
heap
|
page read and write
|
||
|
4D7C000
|
heap
|
page read and write
|
||
|
3123000
|
heap
|
page read and write
|
||
|
4DC3000
|
heap
|
page read and write
|
||
|
2E34000
|
heap
|
page read and write
|
||
|
4DA5000
|
heap
|
page read and write
|
||
|
2FF4000
|
heap
|
page read and write
|
||
|
2E34000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
694000
|
heap
|
page read and write
|
||
|
2E34000
|
heap
|
page read and write
|
||
|
5995000
|
heap
|
page read and write
|
||
|
2FF4000
|
heap
|
page read and write
|
||
|
4D80000
|
heap
|
page read and write
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
4D91000
|
heap
|
page read and write
|
||
|
676A000
|
heap
|
page read and write
|
||
|
5311000
|
heap
|
page read and write
|
||
|
36F97000
|
heap
|
page read and write
|
||
|
2E34000
|
heap
|
page read and write
|
||
|
2E34000
|
heap
|
page read and write
|
||
|
5AA4000
|
heap
|
page read and write
|
||
|
3360000
|
trusted library allocation
|
page read and write
|
||
|
36F82000
|
heap
|
page read and write
|
||
|
4DA1000
|
heap
|
page read and write
|
||
|
675000
|
heap
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
2FF4000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page write copy
|
||
|
36D7F000
|
stack
|
page read and write
|
||
|
67BD000
|
heap
|
page read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
2248000
|
remote allocation
|
page execute and read and write
|
||
|
5E48000
|
remote allocation
|
page execute and read and write
|
||
|
4DB8000
|
heap
|
page read and write
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
319F000
|
stack
|
page read and write
|
||
|
6A3000
|
heap
|
page read and write
|
||
|
5AE000
|
stack
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
37084000
|
unclassified section
|
page execute and read and write
|
||
|
4D9D000
|
heap
|
page read and write
|
||
|
309E000
|
stack
|
page read and write
|
||
|
45E000
|
system
|
page execute and read and write
|
||
|
5380000
|
direct allocation
|
page execute and read and write
|
||
|
4DA1000
|
heap
|
page read and write
|
||
|
369FC000
|
stack
|
page read and write
|
||
|
5311000
|
heap
|
page read and write
|
||
|
36F88000
|
heap
|
page read and write
|
||
|
36F97000
|
heap
|
page read and write
|
||
|
2FF4000
|
heap
|
page read and write
|
||
|
574E000
|
heap
|
page read and write
|
||
|
428000
|
unkown
|
page read and write
|
||
|
4D93000
|
heap
|
page read and write
|
||
|
524E000
|
heap
|
page read and write
|
||
|
421000
|
unkown
|
page read and write
|
||
|
67BC000
|
heap
|
page read and write
|
||
|
86F8000
|
direct allocation
|
page execute and read and write
|
||
|
2FF5000
|
heap
|
page read and write
|
||
|
425000
|
unkown
|
page read and write
|
||
|
436000
|
unkown
|
page readonly
|
||
|
5311000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
2FF4000
|
heap
|
page read and write
|
||
|
4D95000
|
heap
|
page read and write
|
||
|
4D70000
|
heap
|
page read and write
|
||
|
409D000
|
stack
|
page read and write
|
||
|
4D89000
|
heap
|
page read and write
|
||
|
55B2000
|
heap
|
page read and write
|
||
|
4D90000
|
heap
|
page read and write
|
||
|
3706E000
|
unclassified section
|
page execute and read and write
|
||
|
36F3A000
|
heap
|
page read and write
|
||
|
3741C000
|
unclassified section
|
page execute and read and write
|
||
|
2E34000
|
heap
|
page read and write
|
||
|
31D0000
|
heap
|
page read and write
|
||
|
6763000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
6680000
|
direct allocation
|
page read and write
|
||
|
6546000
|
heap
|
page read and write
|
||
|
2FF4000
|
heap
|
page read and write
|
||
|
2FF5000
|
heap
|
page read and write
|
||
|
4D9B000
|
heap
|
page read and write
|
||
|
5879000
|
heap
|
page read and write
|
||
|
37A0000
|
trusted library allocation
|
page read and write
|
||
|
6721000
|
heap
|
page read and write
|
||
|
36C3F000
|
stack
|
page read and write
|
||
|
4D7C000
|
heap
|
page read and write
|
||
|
6A9000
|
heap
|
page read and write
|
||
|
2FF4000
|
heap
|
page read and write
|
||
|
4DA5000
|
heap
|
page read and write
|
||
|
4D91000
|
heap
|
page read and write
|
||
|
80D0000
|
direct allocation
|
page read and write
|
||
|
2450000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
36F74000
|
heap
|
page read and write
|
||
|
3300000
|
direct allocation
|
page read and write
|
||
|
2DB9000
|
heap
|
page read and write
|
||
|
5740000
|
trusted library allocation
|
page read and write
|
||
|
36EC1000
|
heap
|
page read and write
|
||
|
4D9D000
|
heap
|
page read and write
|
||
|
2430000
|
direct allocation
|
page read and write
|
||
|
2D5E000
|
stack
|
page read and write
|
||
|
675A000
|
heap
|
page read and write
|
||
|
4DA3000
|
heap
|
page read and write
|
||
|
67BC000
|
heap
|
page read and write
|
||
|
6650000
|
heap
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
4DB2000
|
heap
|
page read and write
|
||
|
676A000
|
heap
|
page read and write
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
2FF5000
|
heap
|
page read and write
|
||
|
4D8C000
|
heap
|
page read and write
|
||
|
4DA5000
|
heap
|
page read and write
|
||
|
36EC1000
|
heap
|
page read and write
|
||
|
32A0000
|
trusted library allocation
|
page read and write
|
||
|
4DFF000
|
heap
|
page read and write
|
||
|
36F97000
|
heap
|
page read and write
|
||
|
2260000
|
heap
|
page read and write
|
||
|
3330000
|
direct allocation
|
page read and write
|
||
|
2F80000
|
heap
|
page read and write
|
||
|
36F82000
|
heap
|
page read and write
|
||
|
6540000
|
heap
|
page read and write
|
||
|
4D4F000
|
stack
|
page read and write
|
||
|
2FF4000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page write copy
|
||
|
436000
|
unkown
|
page readonly
|
||
|
4D81000
|
heap
|
page read and write
|
||
|
36F3A000
|
heap
|
page read and write
|
||
|
5885000
|
heap
|
page read and write
|
||
|
32A0000
|
direct allocation
|
page read and write
|
||
|
92F000
|
stack
|
page read and write
|
||
|
4EF0000
|
heap
|
page read and write
|
||
|
16D0000
|
remote allocation
|
page execute and read and write
|
||
|
67BC000
|
heap
|
page read and write
|
||
|
4D8C000
|
heap
|
page read and write
|
||
|
2E34000
|
heap
|
page read and write
|
||
|
10012000
|
trusted library allocation
|
page read and write
|
||
|
4DA1000
|
heap
|
page read and write
|
||
|
4DAA000
|
heap
|
page read and write
|
||
|
32E0000
|
heap
|
page read and write
|
||
|
5249000
|
heap
|
page read and write
|
||
|
32E6000
|
heap
|
page read and write
|
||
|
2C5C000
|
stack
|
page read and write
|
||
|
3648000
|
remote allocation
|
page execute and read and write
|
||
|
3360000
|
heap
|
page read and write
|
||
|
10005000
|
unkown
|
page readonly
|
||
|
4D9D000
|
heap
|
page read and write
|
||
|
36F88000
|
heap
|
page read and write
|
||
|
72F8000
|
direct allocation
|
page execute and read and write
|
||
|
98000
|
stack
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
8140000
|
heap
|
page read and write
|
||
|
335E000
|
stack
|
page read and write
|
||
|
4DB9000
|
heap
|
page read and write
|
||
|
36F9C000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page write copy
|
||
|
2230000
|
heap
|
page read and write
|
||
|
21A1000
|
unkown
|
page readonly
|
||
|
10003000
|
unkown
|
page readonly
|
||
|
55B2000
|
heap
|
page read and write
|
||
|
3687D000
|
stack
|
page read and write
|
||
|
4DB2000
|
heap
|
page read and write
|
||
|
4DA5000
|
heap
|
page read and write
|
||
|
2F3F000
|
stack
|
page read and write
|
||
|
6560000
|
heap
|
page read and write
|
||
|
4DBD000
|
heap
|
page read and write
|
||
|
55B3000
|
heap
|
page read and write
|
||
|
2E34000
|
heap
|
page read and write
|
||
|
4D89000
|
heap
|
page read and write
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
2990000
|
heap
|
page read and write
|
||
|
32EE000
|
heap
|
page read and write
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
5310000
|
heap
|
page read and write
|
||
|
4D8C000
|
heap
|
page read and write
|
||
|
4D7C000
|
heap
|
page read and write
|
||
|
31DD000
|
heap
|
page read and write
|
There are 476 hidden memdumps, click here to show them.