Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
proof of paymentt.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\remcos\logs.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmp73D0.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\mQpdTSxCjbPop.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\mQpdTSxCjbPop.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\proof of paymentt.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cpe4xclu.kgj.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r5ngrqsp.o1d.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vfdwbg0o.f2z.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zmrq0dz4.yxp.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\bhv934F.tmp
|
Extensible storage engine DataBase, version 0x620, checksum 0xb20b6b62, page size 32768, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\chp960F.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie
0x21, schema 4, UTF-8, version-valid-for 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\chp964E.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie
0xb, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp7E5F.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\vtvkcyiauscpqjziosjypht
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 3 08:21:11 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 3 08:21:09 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 3 08:21:08 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 3 08:21:10 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 3 08:21:08 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\mQpdTSxCjbPop.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
Chrome Cache Entry: 89
|
ASCII text, with very long lines (714)
|
downloaded
|
There are 15 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\proof of paymentt.exe
|
"C:\Users\user\Desktop\proof of paymentt.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mQpdTSxCjbPop.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mQpdTSxCjbPop" /XML "C:\Users\user\AppData\Local\Temp\tmp73D0.tmp"
|
|
|
|
C:\Users\user\Desktop\proof of paymentt.exe
|
"C:\Users\user\Desktop\proof of paymentt.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\mQpdTSxCjbPop.exe
|
C:\Users\user\AppData\Roaming\mQpdTSxCjbPop.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mQpdTSxCjbPop" /XML "C:\Users\user\AppData\Local\Temp\tmp7E5F.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\mQpdTSxCjbPop.exe
|
"C:\Users\user\AppData\Roaming\mQpdTSxCjbPop.exe"
|
|
|
|
C:\Users\user\Desktop\proof of paymentt.exe
|
"C:\Users\user\Desktop\proof of paymentt.exe" /stext "C:\Users\user\AppData\Local\Temp\vtvkcyiauscpqjziosjypht"
|
|
|
|
C:\Users\user\Desktop\proof of paymentt.exe
|
"C:\Users\user\Desktop\proof of paymentt.exe" /stext "C:\Users\user\AppData\Local\Temp\vtvkcyiauscpqjziosjypht"
|
|
|
|
C:\Users\user\Desktop\proof of paymentt.exe
|
"C:\Users\user\Desktop\proof of paymentt.exe" /stext "C:\Users\user\AppData\Local\Temp\foaddqtciauctxnmgdeaamokiq"
|
|
|
|
C:\Users\user\Desktop\proof of paymentt.exe
|
"C:\Users\user\Desktop\proof of paymentt.exe" /stext "C:\Users\user\AppData\Local\Temp\qqgoejdwwimhddbqpnrbdyitqektl"
|
|
|
|
C:\Users\user\Desktop\proof of paymentt.exe
|
"C:\Users\user\Desktop\proof of paymentt.exe" /stext "C:\Users\user\AppData\Local\Temp\qqgoejdwwimhddbqpnrbdyitqektl"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2492 --field-trial-handle=2368,i,2695784621935690573,1694609991167006164,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
There are 8 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
|
|
|
37.120.235.122
|
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
|
|
|
https://duckduckgo.com/chrome_newtab
|
unknown
|
||
|
http://www.imvu.comr
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
|
unknown
|
||
|
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YOPbGIHZ0rEGIjDiV69rK5qM04HlVCP5HIxKT4yFlyXGN87fd-gxnuiXdKGTW6789z2jSG8fGE3fLfIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
|
142.251.41.4
|
||
|
http://www.imvu.com
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
https://www.google.com/async/newtab_promos
|
142.251.41.4
|
||
|
http://geoplugin.net/json.gpx
|
unknown
|
||
|
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
http://www.nirsoft.net
|
unknown
|
||
|
http://geoplugin.net/json.gp6
|
unknown
|
||
|
http://geoplugin.net/json.gpv
|
unknown
|
||
|
https://www.ecosia.org/newtab/
|
unknown
|
||
|
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
|
unknown
|
||
|
https://ac.ecosia.org/autocomplete?q=
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://www.google.com/async/ddljson?async=ntp:2
|
142.251.41.4
|
||
|
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
|
142.251.41.4
|
||
|
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
|
unknown
|
||
|
https://www.google.com/accounts/servicelogin
|
unknown
|
||
|
https://login.yahoo.com/config/login
|
unknown
|
||
|
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
|
142.251.41.4
|
||
|
http://www.nirsoft.net/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
|
unknown
|
||
|
http://www.ebuddy.com
|
unknown
|
There are 20 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
geoplugin.net
|
178.237.33.50
|
||
|
www.google.com
|
142.251.41.4
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
37.120.235.122
|
unknown
|
Romania
|
|
|
|
192.168.2.9
|
unknown
|
unknown
|
||
|
192.168.2.4
|
unknown
|
unknown
|
||
|
192.168.2.5
|
unknown
|
unknown
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
||
|
142.251.41.4
|
www.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-F9KCYW
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-F9KCYW
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-F9KCYW
|
time
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
498E000
|
trusted library allocation
|
page read and write
|
|
|
|
D9B000
|
heap
|
page read and write
|
|
|
|
3F02000
|
trusted library allocation
|
page read and write
|
|
|
|
6DA0000
|
trusted library section
|
page read and write
|
|
|
|
2EE1000
|
trusted library allocation
|
page read and write
|
|
|
|
2C01000
|
trusted library allocation
|
page read and write
|
|
|
|
1320000
|
heap
|
page read and write
|
|
|
|
2EDF000
|
stack
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
12C7000
|
heap
|
page read and write
|
|
|
|
739A000
|
trusted library allocation
|
page read and write
|
||
|
10001000
|
direct allocation
|
page execute and read and write
|
||
|
D48000
|
heap
|
page read and write
|
||
|
AA0B000
|
stack
|
page read and write
|
||
|
10FC000
|
stack
|
page read and write
|
||
|
C95000
|
heap
|
page read and write
|
||
|
7BD000
|
stack
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
A41D000
|
stack
|
page read and write
|
||
|
1080000
|
heap
|
page read and write
|
||
|
7C3E000
|
stack
|
page read and write
|
||
|
5080000
|
trusted library allocation
|
page read and write
|
||
|
13A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
5830000
|
heap
|
page read and write
|
||
|
1407000
|
heap
|
page read and write
|
||
|
C97000
|
trusted library allocation
|
page execute and read and write
|
||
|
2801000
|
heap
|
page read and write
|
||
|
10016000
|
direct allocation
|
page execute and read and write
|
||
|
A76D000
|
stack
|
page read and write
|
||
|
1390000
|
trusted library allocation
|
page read and write
|
||
|
2B7E000
|
unkown
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
13A0000
|
trusted library allocation
|
page read and write
|
||
|
D0D000
|
heap
|
page read and write
|
||
|
AD91000
|
trusted library allocation
|
page read and write
|
||
|
2D00000
|
trusted library allocation
|
page read and write
|
||
|
3FD3000
|
trusted library allocation
|
page read and write
|
||
|
A86E000
|
stack
|
page read and write
|
||
|
70A000
|
stack
|
page read and write
|
||
|
DAF000
|
heap
|
page read and write
|
||
|
4CFC000
|
stack
|
page read and write
|
||
|
6E5E000
|
stack
|
page read and write
|
||
|
A65E000
|
stack
|
page read and write
|
||
|
4373000
|
trusted library allocation
|
page read and write
|
||
|
2827000
|
heap
|
page read and write
|
||
|
2E0E000
|
stack
|
page read and write
|
||
|
9B6000
|
stack
|
page read and write
|
||
|
2BF0000
|
heap
|
page execute and read and write
|
||
|
CDE000
|
stack
|
page read and write
|
||
|
2821000
|
heap
|
page read and write
|
||
|
2D7E000
|
stack
|
page read and write
|
||
|
7A70000
|
trusted library allocation
|
page execute and read and write
|
||
|
C50000
|
trusted library allocation
|
page read and write
|
||
|
53C0000
|
trusted library allocation
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
C63000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FDE000
|
trusted library allocation
|
page read and write
|
||
|
3740000
|
heap
|
page read and write
|
||
|
78EF000
|
heap
|
page read and write
|
||
|
478000
|
remote allocation
|
page execute and read and write
|
||
|
545E000
|
trusted library allocation
|
page read and write
|
||
|
310F000
|
unkown
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
12C0000
|
heap
|
page read and write
|
||
|
2BC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B18000
|
trusted library allocation
|
page read and write
|
||
|
13C0000
|
heap
|
page read and write
|
||
|
2B30000
|
heap
|
page read and write
|
||
|
7392000
|
trusted library allocation
|
page read and write
|
||
|
6CA0000
|
heap
|
page read and write
|
||
|
D87000
|
heap
|
page read and write
|
||
|
5827000
|
trusted library allocation
|
page read and write
|
||
|
C90000
|
heap
|
page read and write
|
||
|
5820000
|
trusted library allocation
|
page read and write
|
||
|
138D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5644000
|
trusted library allocation
|
page read and write
|
||
|
2ECA000
|
heap
|
page read and write
|
||
|
4C6E000
|
trusted library allocation
|
page read and write
|
||
|
2FDF000
|
stack
|
page read and write
|
||
|
1183000
|
heap
|
page read and write
|
||
|
41A5000
|
trusted library allocation
|
page read and write
|
||
|
C60000
|
trusted library allocation
|
page read and write
|
||
|
A8C000
|
stack
|
page read and write
|
||
|
56D0000
|
trusted library allocation
|
page read and write
|
||
|
7390000
|
trusted library allocation
|
page read and write
|
||
|
13AA000
|
trusted library allocation
|
page execute and read and write
|
||
|
A3EE000
|
stack
|
page read and write
|
||
|
11C2000
|
trusted library allocation
|
page read and write
|
||
|
AAF0000
|
heap
|
page read and write
|
||
|
D1E000
|
stack
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
2DC0000
|
trusted library allocation
|
page read and write
|
||
|
11D7000
|
heap
|
page read and write
|
||
|
5430000
|
trusted library allocation
|
page execute and read and write
|
||
|
45C000
|
system
|
page execute and read and write
|
||
|
C92000
|
trusted library allocation
|
page read and write
|
||
|
118E000
|
stack
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
A42A000
|
heap
|
page read and write
|
||
|
B6C000
|
stack
|
page read and write
|
||
|
405E000
|
stack
|
page read and write
|
||
|
2DBE000
|
stack
|
page read and write
|
||
|
3140000
|
heap
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
D98000
|
heap
|
page read and write
|
||
|
133C000
|
heap
|
page read and write
|
||
|
5392000
|
trusted library allocation
|
page read and write
|
||
|
55BE000
|
stack
|
page read and write
|
||
|
2A00000
|
heap
|
page read and write
|
||
|
C8A000
|
trusted library allocation
|
page execute and read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
7320000
|
trusted library allocation
|
page execute and read and write
|
||
|
568B000
|
stack
|
page read and write
|
||
|
1379000
|
heap
|
page read and write
|
||
|
73A2000
|
trusted library allocation
|
page read and write
|
||
|
114E000
|
heap
|
page read and write
|
||
|
5690000
|
heap
|
page read and write
|
||
|
474000
|
remote allocation
|
page execute and read and write
|
||
|
10CE000
|
stack
|
page read and write
|
||
|
A4EF000
|
stack
|
page read and write
|
||
|
6CAE000
|
heap
|
page read and write
|
||
|
2B0E000
|
stack
|
page read and write
|
||
|
42FA000
|
trusted library allocation
|
page read and write
|
||
|
11CE000
|
heap
|
page read and write
|
||
|
557E000
|
stack
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
73B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
52D0000
|
trusted library section
|
page read and write
|
||
|
2990000
|
trusted library allocation
|
page read and write
|
||
|
1010000
|
heap
|
page read and write
|
||
|
5460000
|
heap
|
page execute and read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
582000
|
unkown
|
page readonly
|
||
|
D58000
|
heap
|
page read and write
|
||
|
CFE000
|
stack
|
page read and write
|
||
|
7A80000
|
trusted library section
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
5630000
|
trusted library section
|
page readonly
|
||
|
56A0000
|
heap
|
page read and write
|
||
|
53A0000
|
trusted library allocation
|
page read and write
|
||
|
55C0000
|
heap
|
page read and write
|
||
|
9F5E000
|
stack
|
page read and write
|
||
|
100F000
|
stack
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
27DC000
|
heap
|
page read and write
|
||
|
31DF000
|
stack
|
page read and write
|
||
|
DD1000
|
heap
|
page read and write
|
||
|
1167000
|
heap
|
page read and write
|
||
|
5070000
|
trusted library section
|
page readonly
|
||
|
32BF000
|
stack
|
page read and write
|
||
|
E3A000
|
stack
|
page read and write
|
||
|
7880000
|
heap
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
4F1C000
|
stack
|
page read and write
|
||
|
27F2000
|
heap
|
page read and write
|
||
|
5230000
|
trusted library allocation
|
page read and write
|
||
|
5200000
|
heap
|
page read and write
|
||
|
C70000
|
trusted library allocation
|
page read and write
|
||
|
A420000
|
heap
|
page read and write
|
||
|
6FF0000
|
heap
|
page read and write
|
||
|
3330000
|
heap
|
page read and write
|
||
|
2D4A000
|
trusted library allocation
|
page read and write
|
||
|
44F0000
|
heap
|
page read and write
|
||
|
32FE000
|
stack
|
page read and write
|
||
|
3EC5000
|
trusted library allocation
|
page read and write
|
||
|
2DDE000
|
stack
|
page read and write
|
||
|
D00000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EC0000
|
heap
|
page read and write
|
||
|
787E000
|
stack
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
4240000
|
trusted library allocation
|
page read and write
|
||
|
538D000
|
trusted library allocation
|
page read and write
|
||
|
C7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
AAEF000
|
stack
|
page read and write
|
||
|
41E3000
|
trusted library allocation
|
page read and write
|
||
|
473000
|
system
|
page execute and read and write
|
||
|
5250000
|
heap
|
page read and write
|
||
|
7FE000
|
stack
|
page read and write
|
||
|
78D8000
|
heap
|
page read and write
|
||
|
670000
|
unkown
|
page readonly
|
||
|
7980000
|
trusted library section
|
page read and write
|
||
|
13BB000
|
trusted library allocation
|
page execute and read and write
|
||
|
5640000
|
trusted library allocation
|
page read and write
|
||
|
582C000
|
trusted library allocation
|
page read and write
|
||
|
5BD0000
|
heap
|
page read and write
|
||
|
2CFF000
|
stack
|
page read and write
|
||
|
1389000
|
heap
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
2985000
|
trusted library allocation
|
page read and write
|
||
|
AF6000
|
stack
|
page read and write
|
||
|
13B2000
|
trusted library allocation
|
page read and write
|
||
|
5390000
|
trusted library allocation
|
page read and write
|
||
|
F8E000
|
stack
|
page read and write
|
||
|
580000
|
unkown
|
page readonly
|
||
|
337F000
|
stack
|
page read and write
|
||
|
D6F000
|
heap
|
page read and write
|
||
|
134D000
|
heap
|
page read and write
|
||
|
A62D000
|
stack
|
page read and write
|
||
|
110E000
|
stack
|
page read and write
|
||
|
D20000
|
trusted library allocation
|
page read and write
|
||
|
5410000
|
heap
|
page read and write
|
||
|
50D0000
|
heap
|
page read and write
|
||
|
A79E000
|
stack
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
13B0000
|
trusted library allocation
|
page read and write
|
||
|
7350000
|
trusted library allocation
|
page read and write
|
||
|
D80000
|
trusted library allocation
|
page read and write
|
||
|
119B000
|
trusted library allocation
|
page read and write
|
||
|
1070000
|
heap
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
2DA6000
|
trusted library allocation
|
page read and write
|
||
|
AB0C000
|
stack
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
5940000
|
heap
|
page read and write
|
||
|
317F000
|
stack
|
page read and write
|
||
|
13B7000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DB0000
|
trusted library allocation
|
page read and write
|
||
|
AD8F000
|
stack
|
page read and write
|
||
|
AD8C000
|
stack
|
page read and write
|
||
|
2EB0000
|
heap
|
page read and write
|
||
|
133F000
|
stack
|
page read and write
|
||
|
1150000
|
heap
|
page read and write
|
||
|
2F79000
|
trusted library allocation
|
page read and write
|
||
|
2D08000
|
trusted library allocation
|
page read and write
|
||
|
A2DE000
|
stack
|
page read and write
|
||
|
A52D000
|
stack
|
page read and write
|
||
|
504E000
|
trusted library allocation
|
page read and write
|
||
|
5364000
|
trusted library allocation
|
page read and write
|
||
|
1110000
|
heap
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
3269000
|
trusted library allocation
|
page read and write
|
||
|
446E000
|
trusted library allocation
|
page read and write
|
||
|
10D0000
|
heap
|
page read and write
|
||
|
3267000
|
trusted library allocation
|
page read and write
|
||
|
8DC000
|
stack
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
37B9000
|
heap
|
page read and write
|
||
|
A9A000
|
stack
|
page read and write
|
||
|
A2AE000
|
stack
|
page read and write
|
||
|
E0F000
|
heap
|
page read and write
|
||
|
564B000
|
trusted library allocation
|
page read and write
|
||
|
314E000
|
stack
|
page read and write
|
||
|
45D000
|
system
|
page execute and read and write
|
||
|
30DF000
|
stack
|
page read and write
|
||
|
1175000
|
heap
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
C9B000
|
trusted library allocation
|
page execute and read and write
|
||
|
C90000
|
heap
|
page read and write
|
||
|
139D000
|
trusted library allocation
|
page execute and read and write
|
||
|
9CF000
|
stack
|
page read and write
|
||
|
13F0000
|
trusted library allocation
|
page read and write
|
||
|
73A0000
|
trusted library allocation
|
page read and write
|
||
|
537E000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
28D0000
|
heap
|
page read and write
|
||
|
DBA000
|
stack
|
page read and write
|
||
|
50CC000
|
stack
|
page read and write
|
||
|
1306000
|
heap
|
page read and write
|
||
|
DFC000
|
stack
|
page read and write
|
||
|
AC4E000
|
stack
|
page read and write
|
||
|
2EDF000
|
stack
|
page read and write
|
||
|
2DBF000
|
stack
|
page read and write
|
||
|
459000
|
system
|
page execute and read and write
|
||
|
5420000
|
trusted library allocation
|
page execute and read and write
|
||
|
5BB0000
|
heap
|
page read and write
|
||
|
134B000
|
heap
|
page read and write
|
||
|
A05E000
|
stack
|
page read and write
|
||
|
C64000
|
trusted library allocation
|
page read and write
|
||
|
DC9000
|
heap
|
page read and write
|
||
|
11AE000
|
trusted library allocation
|
page read and write
|
||
|
501C000
|
stack
|
page read and write
|
||
|
41B000
|
system
|
page execute and read and write
|
||
|
11BD000
|
trusted library allocation
|
page read and write
|
||
|
33FF000
|
stack
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
55D0000
|
trusted library allocation
|
page read and write
|
||
|
B8B000
|
stack
|
page read and write
|
||
|
DD4000
|
heap
|
page read and write
|
||
|
13A2000
|
trusted library allocation
|
page read and write
|
||
|
D93000
|
heap
|
page read and write
|
||
|
C0E000
|
stack
|
page read and write
|
||
|
5825000
|
trusted library allocation
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
1332000
|
heap
|
page read and write
|
||
|
AEE1000
|
trusted library allocation
|
page read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
3C01000
|
trusted library allocation
|
page read and write
|
||
|
DC5000
|
heap
|
page read and write
|
||
|
AECE000
|
stack
|
page read and write
|
||
|
37E1000
|
heap
|
page read and write
|
||
|
13E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
1190000
|
trusted library allocation
|
page read and write
|
||
|
7A3E000
|
stack
|
page read and write
|
||
|
A3AF000
|
stack
|
page read and write
|
||
|
134F000
|
stack
|
page read and write
|
||
|
2DA4000
|
trusted library allocation
|
page read and write
|
||
|
1370000
|
trusted library allocation
|
page read and write
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
A9AE000
|
stack
|
page read and write
|
||
|
A75E000
|
stack
|
page read and write
|
||
|
728E000
|
stack
|
page read and write
|
||
|
3CA5000
|
trusted library allocation
|
page read and write
|
||
|
A5D000
|
stack
|
page read and write
|
||
|
139E000
|
stack
|
page read and write
|
||
|
2F1B000
|
stack
|
page read and write
|
||
|
2F80000
|
heap
|
page read and write
|
||
|
13D0000
|
trusted library allocation
|
page read and write
|
||
|
3330000
|
heap
|
page read and write
|
||
|
AC8B000
|
stack
|
page read and write
|
||
|
712E000
|
stack
|
page read and write
|
||
|
C80000
|
trusted library allocation
|
page read and write
|
||
|
55E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
9BB000
|
stack
|
page read and write
|
||
|
C86000
|
trusted library allocation
|
page execute and read and write
|
||
|
3EE1000
|
trusted library allocation
|
page read and write
|
||
|
415F000
|
stack
|
page read and write
|
||
|
5480000
|
heap
|
page read and write
|
||
|
A9EE000
|
stack
|
page read and write
|
||
|
456000
|
system
|
page execute and read and write
|
||
|
ADCD000
|
stack
|
page read and write
|
||
|
5040000
|
trusted library allocation
|
page read and write
|
||
|
2BD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
52E0000
|
heap
|
page execute and read and write
|
||
|
40BE000
|
trusted library allocation
|
page read and write
|
||
|
27EC000
|
heap
|
page read and write
|
||
|
39C0000
|
heap
|
page read and write
|
||
|
6E00000
|
trusted library allocation
|
page read and write
|
||
|
1347000
|
heap
|
page read and write
|
||
|
C73000
|
trusted library allocation
|
page read and write
|
||
|
73FE000
|
stack
|
page read and write
|
||
|
2E4F000
|
stack
|
page read and write
|
||
|
1120000
|
heap
|
page read and write
|
||
|
2CEE000
|
stack
|
page read and write
|
||
|
1380000
|
trusted library allocation
|
page read and write
|
||
|
D9E000
|
heap
|
page read and write
|
||
|
127E000
|
stack
|
page read and write
|
||
|
5835000
|
heap
|
page read and write
|
||
|
C7E000
|
stack
|
page read and write
|
||
|
D10000
|
trusted library allocation
|
page read and write
|
||
|
5BA0000
|
heap
|
page read and write
|
||
|
722E000
|
stack
|
page read and write
|
||
|
1100000
|
heap
|
page read and write
|
||
|
29B0000
|
trusted library allocation
|
page read and write
|
||
|
A89E000
|
stack
|
page read and write
|
||
|
3CF3000
|
trusted library allocation
|
page read and write
|
||
|
5483000
|
heap
|
page read and write
|
||
|
43B4000
|
trusted library allocation
|
page read and write
|
||
|
4185000
|
trusted library allocation
|
page read and write
|
||
|
2F9A000
|
trusted library allocation
|
page read and write
|
||
|
303F000
|
stack
|
page read and write
|
||
|
10000000
|
direct allocation
|
page read and write
|
||
|
27EF000
|
heap
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
AC8E000
|
stack
|
page read and write
|
||
|
7330000
|
trusted library allocation
|
page execute and read and write
|
||
|
C82000
|
trusted library allocation
|
page read and write
|
||
|
3DDE000
|
trusted library allocation
|
page read and write
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
5381000
|
trusted library allocation
|
page read and write
|
||
|
6DF0000
|
trusted library allocation
|
page read and write
|
||
|
1340000
|
heap
|
page read and write
|
||
|
CB0000
|
trusted library allocation
|
page read and write
|
||
|
7891000
|
heap
|
page read and write
|
||
|
331F000
|
stack
|
page read and write
|
||
|
1314000
|
heap
|
page read and write
|
||
|
C6D000
|
trusted library allocation
|
page execute and read and write
|
||
|
A19F000
|
stack
|
page read and write
|
||
|
DA5000
|
heap
|
page read and write
|
||
|
2807000
|
heap
|
page read and write
|
||
|
3C57000
|
trusted library allocation
|
page read and write
|
||
|
2C6F000
|
stack
|
page read and write
|
||
|
9D2000
|
stack
|
page read and write
|
||
|
C2E000
|
stack
|
page read and write
|
||
|
30CE000
|
unkown
|
page read and write
|
||
|
F36000
|
stack
|
page read and write
|
||
|
536B000
|
trusted library allocation
|
page read and write
|
||
|
D9E000
|
heap
|
page read and write
|
||
|
108F000
|
stack
|
page read and write
|
||
|
2C0B000
|
heap
|
page read and write
|
||
|
F7F000
|
stack
|
page read and write
|
||
|
53E0000
|
heap
|
page read and write
|
||
|
2BED000
|
stack
|
page read and write
|
||
|
150E000
|
stack
|
page read and write
|
||
|
5950000
|
heap
|
page read and write
|
||
|
2CF0000
|
heap
|
page execute and read and write
|
||
|
11B1000
|
trusted library allocation
|
page read and write
|
||
|
2DC5000
|
trusted library allocation
|
page read and write
|
||
|
31BE000
|
stack
|
page read and write
|
||
|
474000
|
remote allocation
|
page execute and read and write
|
||
|
321E000
|
stack
|
page read and write
|
||
|
2BEE000
|
unkown
|
page read and write
|
||
|
5450000
|
trusted library allocation
|
page read and write
|
||
|
1148000
|
heap
|
page read and write
|
||
|
27FB000
|
heap
|
page read and write
|
||
|
14BF000
|
stack
|
page read and write
|
||
|
471000
|
remote allocation
|
page execute and read and write
|
||
|
307C000
|
stack
|
page read and write
|
||
|
29D3000
|
heap
|
page read and write
|
||
|
2B80000
|
heap
|
page read and write
|
||
|
13AD000
|
heap
|
page read and write
|
||
|
11CB000
|
heap
|
page read and write
|
||
|
E4B000
|
heap
|
page read and write
|
||
|
A31D000
|
stack
|
page read and write
|
||
|
2E3A000
|
stack
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
CBC000
|
stack
|
page read and write
|
||
|
A8AE000
|
stack
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
101E000
|
stack
|
page read and write
|
||
|
27F8000
|
heap
|
page read and write
|
||
|
E8E000
|
heap
|
page read and write
|
||
|
5050000
|
trusted library allocation
|
page read and write
|
||
|
1280000
|
heap
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
5470000
|
trusted library allocation
|
page read and write
|
||
|
438A000
|
trusted library allocation
|
page read and write
|
||
|
2D3E000
|
stack
|
page read and write
|
||
|
A09E000
|
stack
|
page read and write
|
||
|
27C0000
|
heap
|
page read and write
|
||
|
A6C000
|
stack
|
page read and write
|
||
|
AB4E000
|
stack
|
page read and write
|
||
|
DAA000
|
heap
|
page read and write
|
||
|
D50000
|
heap
|
page read and write
|
||
|
1384000
|
trusted library allocation
|
page read and write
|
||
|
1383000
|
trusted library allocation
|
page execute and read and write
|
||
|
5386000
|
trusted library allocation
|
page read and write
|
||
|
1118000
|
heap
|
page read and write
|
||
|
6DB0000
|
trusted library allocation
|
page read and write
|
||
|
29D0000
|
heap
|
page read and write
|
||
|
5360000
|
trusted library allocation
|
page read and write
|
||
|
2980000
|
trusted library allocation
|
page read and write
|
||
|
D4E000
|
stack
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
1393000
|
trusted library allocation
|
page read and write
|
||
|
D7C000
|
stack
|
page read and write
|
||
|
6E10000
|
trusted library allocation
|
page execute and read and write
|
||
|
E5F000
|
heap
|
page read and write
|
||
|
1194000
|
trusted library allocation
|
page read and write
|
||
|
2DA0000
|
trusted library allocation
|
page read and write
|
||
|
A520000
|
heap
|
page read and write
|
||
|
A1DE000
|
stack
|
page read and write
|
||
|
1075000
|
heap
|
page read and write
|
||
|
124E000
|
stack
|
page read and write
|
||
|
A26E000
|
stack
|
page read and write
|
||
|
A631000
|
heap
|
page read and write
|
||
|
55C5000
|
heap
|
page read and write
|
||
|
11B6000
|
trusted library allocation
|
page read and write
|
||
|
593D000
|
stack
|
page read and write
|
There are 443 hidden memdumps, click here to show them.