Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
udVh4Ist4Z.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Remcos\remcos.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Libraries\Xjfxsfmn.PIF
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Libraries\easinvoker.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Libraries\netutils.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Libraries\nmfsxfjX.pif
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Xjfxsfmn.url
|
MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Xjfxsfmn.PIF">), ASCII text, with CRLF line
terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Remcos\remcos.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Remcos\Loader.Log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Libraries\Null
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Libraries\XjfxsfmnO.bat
|
Unicode text, UTF-16, little-endian text, with very long lines (15012), with no line terminators
|
dropped
|
||
|
C:\Users\Public\Libraries\aaa.bat
|
DOS batch file, ASCII text, with very long lines (468), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\VirtualStore\ProgramData\Remcos\Loader.Log
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Roaming\Remcos\Loader.Log
|
ASCII text, with CRLF line terminators
|
modified
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\udVh4Ist4Z.exe
|
"C:\Users\user\Desktop\udVh4Ist4Z.exe"
|
|
|
|
C:\Windows\SysWOW64\extrac32.exe
|
C:\\Windows\\System32\\extrac32.exe /C /Y C:\Users\user\Desktop\udVh4Ist4Z.exe C:\\Users\\Public\\Libraries\\Xjfxsfmn.PIF
|
|
|
|
C:\Users\Public\Libraries\nmfsxfjX.pif
|
C:\Users\Public\Libraries\nmfsxfjX.pif
|
|
|
|
C:\ProgramData\Remcos\remcos.exe
|
"C:\ProgramData\Remcos\remcos.exe"
|
|
|
|
C:\Users\Public\Libraries\Xjfxsfmn.PIF
|
"C:\Users\Public\Libraries\Xjfxsfmn.PIF"
|
|
|
|
C:\Users\Public\Libraries\nmfsxfjX.pif
|
C:\Users\Public\Libraries\nmfsxfjX.pif
|
|
|
|
C:\Users\user\AppData\Roaming\Remcos\remcos.exe
|
"C:\Users\user\AppData\Roaming\Remcos\remcos.exe"
|
|
|
|
C:\ProgramData\Remcos\remcos.exe
|
"C:\ProgramData\Remcos\remcos.exe"
|
|
|
|
C:\ProgramData\Remcos\remcos.exe
|
"C:\ProgramData\Remcos\remcos.exe"
|
|
|
|
C:\Users\Public\Libraries\Xjfxsfmn.PIF
|
"C:\Users\Public\Libraries\Xjfxsfmn.PIF"
|
|
|
|
C:\Users\Public\Libraries\nmfsxfjX.pif
|
C:\Users\Public\Libraries\nmfsxfjX.pif
|
|
|
|
C:\Users\user\AppData\Roaming\Remcos\remcos.exe
|
"C:\Users\user\AppData\Roaming\Remcos\remcos.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\Remcos\remcos.exe
|
"C:\Users\user\AppData\Roaming\Remcos\remcos.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\XjfxsfmnO.bat" "
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 5 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://geoplugin.net/json.gp
|
unknown
|
|
|
|
http://geoplugin.net/json.gp/C
|
unknown
|
|
|
|
kenoss.duckdns.org
|
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
|
unknown
|
||
|
https://xirfeg.sn.files.1drv.com/y4mA7VtsLBctMjPvNeW-nBjYzK-kMyIJaIZdFZhf0ai66qWNCa5Jqdc_iM5uVKa3zxn
|
unknown
|
||
|
https://xirfeg.sn.files.1drv.com/y4mmJkpN2-URpDPce1turH6bNoPZHs8qohGTBPPgUSqUu1WeGjpTknCmr6n8UWtLOer
|
unknown
|
||
|
https://onedrive.live.com/S
|
unknown
|
||
|
https://xirfeg.sn.files.1drv.com:443/y4mA7VtsLBctMjPvNeW-nBjYzK-kMyIJaIZdFZhf0ai66qWNCa5Jqdc_iM5uVKa
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
https://onedrive.live.com/download?resid=9ADCDEDB531E38FE%21107&authkey=!AIYYWqDY10e5-pU
|
13.107.137.11
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
https://xirfeg.sn.files.1drv.com/y4mQLd7Jb4tXEApwTb1qUvLYu4AYaX9rqayqbrqvAn-5-ThXvkZfJF26xlkeR3Ny-gJ
|
unknown
|
||
|
https://live.com/
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
|
unknown
|
||
|
https://xirfeg.sn.files.1drv.com/y4mf57oWea_lC5UFEW7heHii22ItiVRqzOkuZoz6yyafu_P62cjXQyR0S8WE0jPq8Gh
|
unknown
|
||
|
https://xirfeg.sn.files.1drv.com/
|
unknown
|
||
|
https://xirfeg.sn.files.1drv.com:443/y4mmJkpN2-URpDPce1turH6bNoPZHs8qohGTBPPgUSqUu1WeGjpTknCmr6n8UWt
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
|
unknown
|
||
|
http://www.pmail.com
|
unknown
|
||
|
http://ocsp.sectigo.com0C
|
unknown
|
||
|
https://onedrive.live.com/download?resid=9ADCDEDB531E38FE%21107&authkey=
|
unknown
|
||
|
https://xirfeg.sn.files.1drv.com:443/y4mQLd7Jb4tXEApwTb1qUvLYu4AYaX9rqayqbrqvAn-5-ThXvkZfJF26xlkeR3N
|
unknown
|
||
|
https://onedrive.live.com/
|
unknown
|
There are 14 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
dual-spov-0006.spov-msedge.net
|
13.107.137.11
|
|
|
|
onedrive.live.com
|
unknown
|
||
|
xirfeg.sn.files.1drv.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
13.107.137.11
|
dual-spov-0006.spov-msedge.net
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Xjfxsfmn
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Rmc-L24XL1
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Rmc-L24XL1
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
|
Rmc-L24XL1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
|
Rmc-L24XL1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
|
Rmc-L24XL1
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7E9D0000
|
direct allocation
|
page read and write
|
|
|
|
2E21000
|
direct allocation
|
page execute read
|
|
|
|
2C60000
|
direct allocation
|
page read and write
|
|
|
|
2D91000
|
direct allocation
|
page execute read
|
|
|
|
AC0000
|
unkown
|
page execute and read and write
|
|
|
|
490000
|
unkown
|
page execute and read and write
|
|
|
|
7EA60000
|
direct allocation
|
page read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
490000
|
unkown
|
page execute and read and write
|
|
|
|
AC0000
|
unkown
|
page execute and read and write
|
|
|
|
2D61000
|
direct allocation
|
page execute read
|
|
|
|
490000
|
unkown
|
page execute and read and write
|
|
|
|
CE8000
|
unkown
|
page execute and read and write
|
||
|
56D000
|
unkown
|
page read and write
|
||
|
8EE000
|
heap
|
page read and write
|
||
|
416000
|
unkown
|
page readonly
|
||
|
416000
|
unkown
|
page readonly
|
||
|
416000
|
unkown
|
page readonly
|
||
|
1470E000
|
stack
|
page read and write
|
||
|
5DC000
|
stack
|
page read and write
|
||
|
2A87000
|
direct allocation
|
page read and write
|
||
|
416000
|
unkown
|
page readonly
|
||
|
6EE000
|
heap
|
page read and write
|
||
|
785000
|
heap
|
page read and write
|
||
|
7EA40000
|
direct allocation
|
page read and write
|
||
|
2CEE000
|
direct allocation
|
page read and write
|
||
|
141A6000
|
direct allocation
|
page read and write
|
||
|
142C0000
|
heap
|
page read and write
|
||
|
2BE8000
|
direct allocation
|
page read and write
|
||
|
2D60000
|
direct allocation
|
page readonly
|
||
|
460000
|
heap
|
page read and write
|
||
|
56E000
|
unkown
|
page write copy
|
||
|
5A0000
|
unkown
|
page execute and read and write
|
||
|
150D5000
|
heap
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
141FA000
|
direct allocation
|
page read and write
|
||
|
1459E000
|
stack
|
page read and write
|
||
|
14D6E000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2B20000
|
direct allocation
|
page read and write
|
||
|
728000
|
heap
|
page read and write
|
||
|
2A5E000
|
unkown
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
97000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1F70000
|
direct allocation
|
page read and write
|
||
|
2A60000
|
direct allocation
|
page read and write
|
||
|
52E000
|
stack
|
page read and write
|
||
|
2BB8000
|
direct allocation
|
page read and write
|
||
|
1418C000
|
stack
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
7F100000
|
direct allocation
|
page read and write
|
||
|
2960000
|
direct allocation
|
page read and write
|
||
|
46E000
|
stack
|
page read and write
|
||
|
7F400000
|
direct allocation
|
page read and write
|
||
|
416000
|
unkown
|
page readonly
|
||
|
14AA0000
|
heap
|
page read and write
|
||
|
3BDF0000
|
heap
|
page read and write
|
||
|
147DF000
|
stack
|
page read and write
|
||
|
14AB0000
|
heap
|
page read and write
|
||
|
141DD000
|
direct allocation
|
page read and write
|
||
|
2DBB000
|
direct allocation
|
page read and write
|
||
|
AA7000
|
heap
|
page read and write
|
||
|
7EA40000
|
direct allocation
|
page read and write
|
||
|
A4E000
|
stack
|
page read and write
|
||
|
7EBE0000
|
direct allocation
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
77D000
|
heap
|
page read and write
|
||
|
7F478000
|
direct allocation
|
page read and write
|
||
|
14B1E000
|
stack
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
6BF000
|
stack
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
8CF000
|
stack
|
page read and write
|
||
|
7F400000
|
direct allocation
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
7F110000
|
direct allocation
|
page read and write
|
||
|
7EB50000
|
direct allocation
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
2A1D000
|
direct allocation
|
page read and write
|
||
|
14F92000
|
heap
|
page read and write
|
||
|
14F00000
|
heap
|
page read and write
|
||
|
14C1F000
|
stack
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2C4F000
|
direct allocation
|
page read and write
|
||
|
14E7D000
|
heap
|
page read and write
|
||
|
1455F000
|
stack
|
page read and write
|
||
|
97000
|
stack
|
page read and write
|
||
|
14F72000
|
heap
|
page read and write
|
||
|
2140000
|
direct allocation
|
page read and write
|
||
|
1431E000
|
stack
|
page read and write
|
||
|
14B1E000
|
stack
|
page read and write
|
||
|
14C6E000
|
stack
|
page read and write
|
||
|
5DE000
|
stack
|
page read and write
|
||
|
2E5C000
|
direct allocation
|
page read and write
|
||
|
2300000
|
heap
|
page read and write
|
||
|
2DF1000
|
direct allocation
|
page read and write
|
||
|
14D6D000
|
stack
|
page read and write
|
||
|
6FE000
|
heap
|
page read and write
|
||
|
8C8000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1484E000
|
stack
|
page read and write
|
||
|
6D8000
|
heap
|
page read and write
|
||
|
29EF000
|
direct allocation
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
571000
|
unkown
|
page readonly
|
||
|
1455F000
|
stack
|
page read and write
|
||
|
2A13000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2523000
|
heap
|
page read and write
|
||
|
7FCB0000
|
direct allocation
|
page read and write
|
||
|
14C6E000
|
stack
|
page read and write
|
||
|
14EC0000
|
heap
|
page read and write
|
||
|
B8F000
|
stack
|
page read and write
|
||
|
78A000
|
heap
|
page read and write
|
||
|
14AD0000
|
remote allocation
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
1459E000
|
stack
|
page read and write
|
||
|
8AE000
|
heap
|
page read and write
|
||
|
7F130000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
60A000
|
heap
|
page read and write
|
||
|
1412C000
|
direct allocation
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
14E81000
|
heap
|
page read and write
|
||
|
1414D000
|
direct allocation
|
page read and write
|
||
|
7F480000
|
direct allocation
|
page read and write
|
||
|
71C000
|
heap
|
page read and write
|
||
|
1517D000
|
direct allocation
|
page read and write
|
||
|
14D7A000
|
heap
|
page read and write
|
||
|
246F000
|
stack
|
page read and write
|
||
|
C10000
|
unkown
|
page execute and read and write
|
||
|
922000
|
heap
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
76C000
|
heap
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
4BE000
|
stack
|
page read and write
|
||
|
22BE000
|
direct allocation
|
page read and write
|
||
|
AA7000
|
heap
|
page read and write
|
||
|
5070000
|
heap
|
page read and write
|
||
|
870000
|
direct allocation
|
page execute and read and write
|
||
|
14010000
|
direct allocation
|
page read and write
|
||
|
7F110000
|
direct allocation
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
1413A000
|
direct allocation
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
8CF000
|
stack
|
page read and write
|
||
|
7AB000
|
heap
|
page read and write
|
||
|
14087000
|
direct allocation
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
7EB70000
|
direct allocation
|
page read and write
|
||
|
140D2000
|
direct allocation
|
page read and write
|
||
|
14201000
|
direct allocation
|
page read and write
|
||
|
7EBDF000
|
direct allocation
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
19D000
|
stack
|
page read and write
|
||
|
90E000
|
stack
|
page read and write
|
||
|
7F130000
|
direct allocation
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
2BE1000
|
direct allocation
|
page read and write
|
||
|
2A1C000
|
direct allocation
|
page read and write
|
||
|
146DE000
|
stack
|
page read and write
|
||
|
2B23000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
CE8000
|
unkown
|
page execute and read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
7AB000
|
heap
|
page read and write
|
||
|
150D2000
|
heap
|
page read and write
|
||
|
152DE000
|
heap
|
page read and write
|
||
|
A7B000
|
heap
|
page read and write
|
||
|
B40000
|
unkown
|
page execute and read and write
|
||
|
478000
|
unkown
|
page execute and read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1441F000
|
stack
|
page read and write
|
||
|
14163000
|
direct allocation
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
1440F000
|
stack
|
page read and write
|
||
|
40D000
|
unkown
|
page read and write
|
||
|
1484E000
|
stack
|
page read and write
|
||
|
510000
|
unkown
|
page execute and read and write
|
||
|
1498E000
|
stack
|
page read and write
|
||
|
8DD000
|
heap
|
page read and write
|
||
|
458000
|
unkown
|
page read and write
|
||
|
7F010000
|
direct allocation
|
page read and write
|
||
|
97000
|
stack
|
page read and write
|
||
|
92E000
|
stack
|
page read and write
|
||
|
7EC30000
|
direct allocation
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
7EAD0000
|
direct allocation
|
page read and write
|
||
|
7F18F000
|
direct allocation
|
page read and write
|
||
|
7F4C1000
|
direct allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
14027000
|
direct allocation
|
page read and write
|
||
|
14D1F000
|
stack
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
3BF43000
|
heap
|
page read and write
|
||
|
14162000
|
direct allocation
|
page read and write
|
||
|
14208000
|
direct allocation
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
14F01000
|
heap
|
page read and write
|
||
|
23F0000
|
heap
|
page read and write
|
||
|
AC3000
|
heap
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
568000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
14133000
|
direct allocation
|
page read and write
|
||
|
21BE000
|
direct allocation
|
page read and write
|
||
|
2954000
|
direct allocation
|
page read and write
|
||
|
2200000
|
heap
|
page read and write
|
||
|
97E000
|
heap
|
page read and write
|
||
|
1498E000
|
stack
|
page read and write
|
||
|
C94000
|
heap
|
page read and write
|
||
|
7F410000
|
direct allocation
|
page read and write
|
||
|
99F000
|
stack
|
page read and write
|
||
|
20CF000
|
stack
|
page read and write
|
||
|
A0F000
|
stack
|
page read and write
|
||
|
7F100000
|
direct allocation
|
page read and write
|
||
|
2DE2000
|
direct allocation
|
page read and write
|
||
|
14116000
|
direct allocation
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
75F000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
40D000
|
unkown
|
page read and write
|
||
|
14C1E000
|
stack
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
67A000
|
heap
|
page read and write
|
||
|
150BD000
|
heap
|
page read and write
|
||
|
2D19000
|
direct allocation
|
page read and write
|
||
|
1469F000
|
stack
|
page read and write
|
||
|
8E3000
|
heap
|
page read and write
|
||
|
1445E000
|
stack
|
page read and write
|
||
|
14F72000
|
heap
|
page read and write
|
||
|
141BC000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
780000
|
heap
|
page read and write
|
||
|
7F3F0000
|
direct allocation
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
14F94000
|
heap
|
page read and write
|
||
|
2A84000
|
direct allocation
|
page read and write
|
||
|
2130000
|
direct allocation
|
page read and write
|
||
|
2E0F000
|
stack
|
page read and write
|
||
|
14F21000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
146FE000
|
stack
|
page read and write
|
||
|
7AE000
|
stack
|
page read and write
|
||
|
6C5000
|
heap
|
page read and write
|
||
|
78C000
|
heap
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
6A0000
|
direct allocation
|
page execute and read and write
|
||
|
141C0000
|
direct allocation
|
page read and write
|
||
|
7EC90000
|
direct allocation
|
page read and write
|
||
|
8D3000
|
heap
|
page read and write
|
||
|
7EC90000
|
direct allocation
|
page read and write
|
||
|
60E000
|
heap
|
page read and write
|
||
|
245F000
|
stack
|
page read and write
|
||
|
68A000
|
heap
|
page read and write
|
||
|
726000
|
heap
|
page read and write
|
||
|
416000
|
unkown
|
page readonly
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
401000
|
unkown
|
page execute read
|
||
|
400000
|
unkown
|
page readonly
|
||
|
14E9D000
|
heap
|
page read and write
|
||
|
2240000
|
direct allocation
|
page read and write
|
||
|
142C0000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
7EAE0000
|
direct allocation
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
2BFF000
|
unkown
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
4D2000
|
unkown
|
page write copy
|
||
|
7CF000
|
stack
|
page read and write
|
||
|
22F0000
|
heap
|
page read and write
|
||
|
416000
|
unkown
|
page readonly
|
||
|
9D0000
|
unkown
|
page execute and read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1469F000
|
stack
|
page read and write
|
||
|
7F22F000
|
direct allocation
|
page read and write
|
||
|
985000
|
heap
|
page read and write
|
||
|
79E000
|
stack
|
page read and write
|
||
|
7F250000
|
direct allocation
|
page read and write
|
||
|
7F130000
|
direct allocation
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
243C000
|
stack
|
page read and write
|
||
|
977000
|
heap
|
page read and write
|
||
|
14C20000
|
heap
|
page read and write
|
||
|
14A8D000
|
stack
|
page read and write
|
||
|
80E000
|
stack
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
40D000
|
unkown
|
page read and write
|
||
|
4870000
|
trusted library allocation
|
page read and write
|
||
|
988000
|
heap
|
page read and write
|
||
|
7CE000
|
stack
|
page read and write
|
||
|
40D000
|
unkown
|
page read and write
|
||
|
14146000
|
direct allocation
|
page read and write
|
||
|
AC2000
|
heap
|
page read and write
|
||
|
7EC90000
|
direct allocation
|
page read and write
|
||
|
141F3000
|
direct allocation
|
page read and write
|
||
|
2D7E000
|
direct allocation
|
page read and write
|
||
|
5A0000
|
unkown
|
page execute and read and write
|
||
|
29EC000
|
direct allocation
|
page read and write
|
||
|
2C24000
|
direct allocation
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
68E000
|
stack
|
page read and write
|
||
|
645000
|
heap
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
14178000
|
direct allocation
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
63E000
|
stack
|
page read and write
|
||
|
150B9000
|
heap
|
page read and write
|
||
|
510000
|
unkown
|
page execute and read and write
|
||
|
902000
|
heap
|
page read and write
|
||
|
14D7F000
|
heap
|
page read and write
|
||
|
6E4000
|
heap
|
page read and write
|
||
|
24C0000
|
heap
|
page read and write
|
||
|
14E6E000
|
stack
|
page read and write
|
||
|
764000
|
heap
|
page read and write
|
||
|
2C89000
|
direct allocation
|
page read and write
|
||
|
7F0CF000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
14171000
|
direct allocation
|
page read and write
|
||
|
2B51000
|
direct allocation
|
page read and write
|
||
|
2250000
|
heap
|
page read and write
|
||
|
478000
|
unkown
|
page execute and read and write
|
||
|
6A8000
|
heap
|
page read and write
|
||
|
458000
|
unkown
|
page read and write
|
||
|
45E000
|
stack
|
page read and write
|
||
|
21D3000
|
heap
|
page read and write
|
||
|
C10000
|
unkown
|
page execute and read and write
|
||
|
2E4B000
|
direct allocation
|
page read and write
|
||
|
14A8E000
|
stack
|
page read and write
|
||
|
73F000
|
stack
|
page read and write
|
||
|
24C3000
|
heap
|
page read and write
|
||
|
14141000
|
direct allocation
|
page read and write
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
7F130000
|
direct allocation
|
page read and write
|
||
|
7F100000
|
direct allocation
|
page read and write
|
||
|
14E81000
|
heap
|
page read and write
|
||
|
6F8000
|
heap
|
page read and write
|
||
|
574000
|
unkown
|
page readonly
|
||
|
9C000
|
stack
|
page read and write
|
||
|
56D000
|
unkown
|
page read and write
|
||
|
141C8000
|
direct allocation
|
page read and write
|
||
|
7F110000
|
direct allocation
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
40D000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
400000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2840000
|
direct allocation
|
page read and write
|
||
|
953000
|
heap
|
page read and write
|
||
|
1454F000
|
stack
|
page read and write
|
||
|
20C0000
|
direct allocation
|
page read and write
|
||
|
9D0000
|
unkown
|
page execute and read and write
|
||
|
24BF000
|
stack
|
page read and write
|
||
|
1494D000
|
stack
|
page read and write
|
||
|
416000
|
unkown
|
page readonly
|
||
|
690000
|
heap
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
2983000
|
direct allocation
|
page read and write
|
||
|
147FF000
|
stack
|
page read and write
|
||
|
58E000
|
stack
|
page read and write
|
||
|
2BE0000
|
direct allocation
|
page read and write
|
||
|
7A8000
|
heap
|
page read and write
|
||
|
2C78000
|
direct allocation
|
page read and write
|
||
|
1480F000
|
stack
|
page read and write
|
||
|
72A000
|
heap
|
page read and write
|
||
|
20D0000
|
direct allocation
|
page read and write
|
||
|
438000
|
heap
|
page read and write
|
||
|
AAE000
|
heap
|
page read and write
|
||
|
8AA000
|
heap
|
page read and write
|
||
|
630000
|
unkown
|
page execute and read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
7EAD0000
|
direct allocation
|
page read and write
|
||
|
14130000
|
direct allocation
|
page read and write
|
||
|
67E000
|
heap
|
page read and write
|
||
|
416000
|
unkown
|
page readonly
|
||
|
6F6000
|
heap
|
page read and write
|
||
|
2D52000
|
direct allocation
|
page read and write
|
||
|
147F0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
7ECDF000
|
direct allocation
|
page read and write
|
||
|
2210000
|
direct allocation
|
page execute and read and write
|
||
|
7ECDF000
|
direct allocation
|
page read and write
|
||
|
599000
|
stack
|
page read and write
|
||
|
2AF0000
|
heap
|
page read and write
|
||
|
1431E000
|
stack
|
page read and write
|
||
|
769000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
7F110000
|
direct allocation
|
page read and write
|
||
|
416000
|
unkown
|
page readonly
|
||
|
6E8000
|
heap
|
page read and write
|
||
|
25DD000
|
stack
|
page read and write
|
||
|
238E000
|
direct allocation
|
page read and write
|
||
|
140F4000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
93F000
|
heap
|
page read and write
|
||
|
14D20000
|
heap
|
page read and write
|
||
|
14A8E000
|
stack
|
page read and write
|
||
|
14AD0000
|
remote allocation
|
page read and write
|
||
|
7F130000
|
direct allocation
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
2B21000
|
direct allocation
|
page read and write
|
||
|
141E4000
|
direct allocation
|
page read and write
|
||
|
1411D000
|
direct allocation
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
7F180000
|
direct allocation
|
page read and write
|
||
|
474000
|
unkown
|
page execute and read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
45E000
|
stack
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
711000
|
heap
|
page read and write
|
||
|
7F130000
|
direct allocation
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
1FC0000
|
direct allocation
|
page read and write
|
||
|
56D000
|
unkown
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
7F590000
|
direct allocation
|
page read and write
|
||
|
764000
|
heap
|
page read and write
|
||
|
1468F000
|
stack
|
page read and write
|
||
|
510000
|
unkown
|
page execute and read and write
|
||
|
2AA0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
28B9000
|
direct allocation
|
page read and write
|
||
|
14138000
|
direct allocation
|
page read and write
|
||
|
2C1C000
|
heap
|
page read and write
|
||
|
7EC00000
|
direct allocation
|
page read and write
|
||
|
2AAC000
|
direct allocation
|
page read and write
|
||
|
14154000
|
direct allocation
|
page read and write
|
||
|
2CDF000
|
direct allocation
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
B40000
|
unkown
|
page execute and read and write
|
||
|
458000
|
unkown
|
page read and write
|
||
|
14108000
|
direct allocation
|
page read and write
|
||
|
151C0000
|
heap
|
page read and write
|
||
|
416000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
AB2000
|
heap
|
page read and write
|
||
|
2D8B000
|
direct allocation
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
7EA48000
|
direct allocation
|
page read and write
|
||
|
742000
|
heap
|
page read and write
|
||
|
A9F000
|
stack
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1C5000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
1430A000
|
stack
|
page read and write
|
||
|
7F1C0000
|
direct allocation
|
page read and write
|
||
|
936000
|
heap
|
page read and write
|
||
|
416000
|
unkown
|
page readonly
|
||
|
14E82000
|
heap
|
page read and write
|
||
|
7EB50000
|
direct allocation
|
page read and write
|
||
|
248E000
|
stack
|
page read and write
|
||
|
416000
|
unkown
|
page readonly
|
||
|
7F328000
|
direct allocation
|
page read and write
|
||
|
72A000
|
heap
|
page read and write
|
||
|
14E80000
|
heap
|
page read and write
|
||
|
A98000
|
heap
|
page read and write
|
||
|
728000
|
heap
|
page read and write
|
||
|
1441F000
|
stack
|
page read and write
|
||
|
416000
|
unkown
|
page readonly
|
||
|
14154000
|
direct allocation
|
page read and write
|
||
|
2520000
|
heap
|
page read and write
|
||
|
40D000
|
unkown
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
19C000
|
stack
|
page read and write
|
||
|
14148000
|
direct allocation
|
page read and write
|
||
|
7EC6F000
|
direct allocation
|
page read and write
|
||
|
767000
|
heap
|
page read and write
|
||
|
416000
|
unkown
|
page readonly
|
||
|
66F000
|
stack
|
page read and write
|
||
|
1498E000
|
stack
|
page read and write
|
||
|
1494E000
|
stack
|
page read and write
|
||
|
6F6000
|
heap
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
14C20000
|
heap
|
page read and write
|
||
|
141D6000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
14AD0000
|
remote allocation
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
88E000
|
stack
|
page read and write
|
||
|
1458E000
|
stack
|
page read and write
|
||
|
A77000
|
heap
|
page read and write
|
||
|
14100000
|
direct allocation
|
page read and write
|
||
|
68E000
|
heap
|
page read and write
|
||
|
6FF000
|
stack
|
page read and write
|
||
|
14E9E000
|
heap
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
458000
|
unkown
|
page write copy
|
||
|
401000
|
unkown
|
page execute read
|
||
|
21D0000
|
heap
|
page read and write
|
||
|
142BA000
|
stack
|
page read and write
|
||
|
474000
|
unkown
|
page execute and read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
751000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
92C000
|
heap
|
page read and write
|
||
|
141B2000
|
direct allocation
|
page read and write
|
||
|
1F60000
|
direct allocation
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
7FCB0000
|
direct allocation
|
page read and write
|
||
|
140C4000
|
direct allocation
|
page read and write
|
||
|
474000
|
unkown
|
page execute and read and write
|
||
|
7F3F8000
|
direct allocation
|
page read and write
|
||
|
23FF000
|
stack
|
page read and write
|
||
|
A0E000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
28FC000
|
stack
|
page read and write
|
||
|
984000
|
heap
|
page read and write
|
||
|
939000
|
heap
|
page read and write
|
||
|
95C000
|
heap
|
page read and write
|
||
|
6BE000
|
stack
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
2310000
|
direct allocation
|
page read and write
|
||
|
7B1000
|
heap
|
page read and write
|
||
|
2DCC000
|
direct allocation
|
page read and write
|
||
|
7FCB0000
|
direct allocation
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
151C9000
|
heap
|
page read and write
|
||
|
14E93000
|
heap
|
page read and write
|
||
|
2C3F000
|
heap
|
page read and write
|
||
|
478000
|
unkown
|
page execute and read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
7EC70000
|
direct allocation
|
page read and write
|
||
|
1484E000
|
stack
|
page read and write
|
||
|
2AB4000
|
direct allocation
|
page read and write
|
||
|
14F00000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
2B50000
|
direct allocation
|
page read and write
|
||
|
702000
|
heap
|
page read and write
|
||
|
2E81000
|
direct allocation
|
page read and write
|
||
|
14064000
|
direct allocation
|
page read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
14E9A000
|
heap
|
page read and write
|
||
|
2B44000
|
direct allocation
|
page read and write
|
||
|
772000
|
heap
|
page read and write
|
||
|
7ECDF000
|
direct allocation
|
page read and write
|
||
|
5A0000
|
unkown
|
page execute and read and write
|
||
|
C90000
|
heap
|
page read and write
|
||
|
1445E000
|
stack
|
page read and write
|
||
|
14116000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2C10000
|
heap
|
page read and write
|
||
|
630000
|
unkown
|
page execute and read and write
|
||
|
1444E000
|
stack
|
page read and write
|
||
|
2A9E000
|
stack
|
page read and write
|
||
|
2AAD000
|
direct allocation
|
page read and write
|
||
|
2B60000
|
direct allocation
|
page read and write
|
||
|
630000
|
unkown
|
page execute and read and write
|
||
|
1416A000
|
direct allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
1494D000
|
stack
|
page read and write
|
||
|
14124000
|
direct allocation
|
page read and write
|
||
|
14C1F000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
75F000
|
stack
|
page read and write
|
||
|
1428A000
|
stack
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
14D6E000
|
stack
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
14F39000
|
heap
|
page read and write
|
There are 568 hidden memdumps, click here to show them.