Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
wcNDx6MT9O.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\remcos\logs.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\wcNDx6MT9O.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmp3326.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\udDHoOiYEFTRf.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\udDHoOiYEFTRf.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\udDHoOiYEFTRf.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1csiev3j.rox.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3fhiftfq.e0t.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d5qkygiv.1ql.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_n3y45qmj.24o.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nh4wtppz.5m4.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pppm342z.1vy.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rtqffylr.zrk.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_spo1y5fs.kzr.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\aavmzypeykbx
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\bhv1B39.tmp
|
Extensible storage engine DataBase, version 0x620, checksum 0x9f59b020, page size 32768, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp496D.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
There are 10 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\wcNDx6MT9O.exe
|
"C:\Users\user\Desktop\wcNDx6MT9O.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\wcNDx6MT9O.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\udDHoOiYEFTRf.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\udDHoOiYEFTRf" /XML "C:\Users\user\AppData\Local\Temp\tmp3326.tmp"
|
|
|
|
C:\Users\user\Desktop\wcNDx6MT9O.exe
|
"C:\Users\user\Desktop\wcNDx6MT9O.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\udDHoOiYEFTRf.exe
|
C:\Users\user\AppData\Roaming\udDHoOiYEFTRf.exe
|
|
|
|
C:\Users\user\Desktop\wcNDx6MT9O.exe
|
C:\Users\user\Desktop\wcNDx6MT9O.exe /stext "C:\Users\user\AppData\Local\Temp\aavmzypeykbx"
|
|
|
|
C:\Users\user\Desktop\wcNDx6MT9O.exe
|
C:\Users\user\Desktop\wcNDx6MT9O.exe /stext "C:\Users\user\AppData\Local\Temp\kciwarigmttcboj"
|
|
|
|
C:\Users\user\Desktop\wcNDx6MT9O.exe
|
C:\Users\user\Desktop\wcNDx6MT9O.exe /stext "C:\Users\user\AppData\Local\Temp\uwopajtzablhlufojfu"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\udDHoOiYEFTRf" /XML "C:\Users\user\AppData\Local\Temp\tmp496D.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\udDHoOiYEFTRf.exe
|
"C:\Users\user\AppData\Roaming\udDHoOiYEFTRf.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 6 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
107.173.4.16
|
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
https://www.google.com
|
unknown
|
||
|
http://www.imvu.comr
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
http://www.imvu.com
|
unknown
|
||
|
https://www.google.com/accounts/servicelogin
|
unknown
|
||
|
https://login.yahoo.com/config/login
|
unknown
|
||
|
http://www.nirsoft.net
|
unknown
|
||
|
http://www.nirsoft.net/
|
unknown
|
||
|
http://geoplugin.net/json.gpONTD~1
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
|
unknown
|
||
|
http://www.ebuddy.com
|
unknown
|
There are 4 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
geoplugin.net
|
178.237.33.50
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
107.173.4.16
|
unknown
|
United States
|
|
|
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-KDW6BI
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-KDW6BI
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-KDW6BI
|
time
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
29BE000
|
stack
|
page read and write
|
|
|
|
D07000
|
heap
|
page read and write
|
|
|
|
D43000
|
heap
|
page read and write
|
|
|
|
424D000
|
trusted library allocation
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
4C0A000
|
trusted library allocation
|
page read and write
|
|
|
|
DDA000
|
heap
|
page read and write
|
|
|
|
400000
|
system
|
page execute and read and write
|
||
|
137B000
|
heap
|
page read and write
|
||
|
8C04000
|
heap
|
page read and write
|
||
|
1927000
|
heap
|
page read and write
|
||
|
B120000
|
heap
|
page read and write
|
||
|
14D4000
|
heap
|
page read and write
|
||
|
11A0D000
|
trusted library allocation
|
page read and write
|
||
|
AB04000
|
trusted library allocation
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
1276000
|
trusted library allocation
|
page execute and read and write
|
||
|
31E0000
|
heap
|
page read and write
|
||
|
55B0000
|
heap
|
page read and write
|
||
|
9BE000
|
stack
|
page read and write
|
||
|
7140000
|
heap
|
page read and write
|
||
|
B2FE000
|
stack
|
page read and write
|
||
|
6EDDD000
|
unkown
|
page read and write
|
||
|
8FBD000
|
stack
|
page read and write
|
||
|
36DF000
|
stack
|
page read and write
|
||
|
112E000
|
stack
|
page read and write
|
||
|
2BEF000
|
stack
|
page read and write
|
||
|
59F0000
|
heap
|
page execute and read and write
|
||
|
121E000
|
stack
|
page read and write
|
||
|
59E0000
|
trusted library allocation
|
page read and write
|
||
|
4206000
|
trusted library allocation
|
page read and write
|
||
|
7430000
|
trusted library section
|
page read and write
|
||
|
2FE0000
|
heap
|
page execute and read and write
|
||
|
169E000
|
stack
|
page read and write
|
||
|
149E000
|
stack
|
page read and write
|
||
|
74FE000
|
stack
|
page read and write
|
||
|
471000
|
remote allocation
|
page execute and read and write
|
||
|
14E6000
|
heap
|
page read and write
|
||
|
8DC0000
|
heap
|
page read and write
|
||
|
14E4000
|
heap
|
page read and write
|
||
|
2FFB000
|
trusted library allocation
|
page read and write
|
||
|
1385000
|
heap
|
page read and write
|
||
|
16A0000
|
trusted library allocation
|
page read and write
|
||
|
15FF000
|
heap
|
page read and write
|
||
|
2AB0000
|
heap
|
page read and write
|
||
|
4072000
|
heap
|
page read and write
|
||
|
791E000
|
stack
|
page read and write
|
||
|
E69E000
|
stack
|
page read and write
|
||
|
31CF000
|
stack
|
page read and write
|
||
|
5D37000
|
trusted library allocation
|
page read and write
|
||
|
1570000
|
trusted library allocation
|
page read and write
|
||
|
1590000
|
trusted library allocation
|
page read and write
|
||
|
1280000
|
trusted library allocation
|
page read and write
|
||
|
1880000
|
trusted library allocation
|
page read and write
|
||
|
B4AE000
|
stack
|
page read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
5540000
|
heap
|
page read and write
|
||
|
5770000
|
heap
|
page read and write
|
||
|
8AF000
|
unkown
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
5B20000
|
heap
|
page read and write
|
||
|
56B1000
|
trusted library allocation
|
page read and write
|
||
|
2E5F000
|
stack
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
B3F000
|
stack
|
page read and write
|
||
|
15E8000
|
heap
|
page read and write
|
||
|
30C4000
|
trusted library allocation
|
page read and write
|
||
|
5820000
|
heap
|
page execute and read and write
|
||
|
9FC000
|
stack
|
page read and write
|
||
|
1920000
|
heap
|
page read and write
|
||
|
17D3000
|
trusted library allocation
|
page read and write
|
||
|
301D000
|
trusted library allocation
|
page read and write
|
||
|
4077000
|
heap
|
page read and write
|
||
|
1560000
|
heap
|
page read and write
|
||
|
1250000
|
trusted library allocation
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
2D14000
|
heap
|
page read and write
|
||
|
17CE000
|
stack
|
page read and write
|
||
|
56D0000
|
trusted library allocation
|
page read and write
|
||
|
3525000
|
trusted library allocation
|
page read and write
|
||
|
41B000
|
system
|
page execute and read and write
|
||
|
352D000
|
trusted library allocation
|
page read and write
|
||
|
DC7000
|
heap
|
page read and write
|
||
|
5BA000
|
stack
|
page read and write
|
||
|
2CEF000
|
heap
|
page read and write
|
||
|
33A6000
|
trusted library allocation
|
page read and write
|
||
|
1518000
|
heap
|
page read and write
|
||
|
2CEC000
|
heap
|
page read and write
|
||
|
16B0000
|
trusted library allocation
|
page read and write
|
||
|
12C0000
|
trusted library allocation
|
page read and write
|
||
|
EE0000
|
unkown
|
page readonly
|
||
|
3F99000
|
heap
|
page read and write
|
||
|
17F7000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D5E000
|
stack
|
page read and write
|
||
|
122ED000
|
stack
|
page read and write
|
||
|
524C000
|
stack
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
5B15000
|
heap
|
page read and write
|
||
|
31F0000
|
trusted library allocation
|
page read and write
|
||
|
58A000
|
stack
|
page read and write
|
||
|
D6F000
|
heap
|
page read and write
|
||
|
185E000
|
stack
|
page read and write
|
||
|
33B1000
|
trusted library allocation
|
page read and write
|
||
|
6EDC1000
|
unkown
|
page execute read
|
||
|
10EC000
|
heap
|
page read and write
|
||
|
17F0000
|
trusted library allocation
|
page read and write
|
||
|
1580000
|
trusted library allocation
|
page execute and read and write
|
||
|
396F000
|
stack
|
page read and write
|
||
|
125D000
|
trusted library allocation
|
page execute and read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
14CF000
|
stack
|
page read and write
|
||
|
57C3000
|
heap
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
300E000
|
trusted library allocation
|
page read and write
|
||
|
954B000
|
stack
|
page read and write
|
||
|
150E000
|
stack
|
page read and write
|
||
|
968E000
|
stack
|
page read and write
|
||
|
134D000
|
stack
|
page read and write
|
||
|
DF0000
|
unkown
|
page readonly
|
||
|
153E000
|
stack
|
page read and write
|
||
|
E65F000
|
stack
|
page read and write
|
||
|
55A0000
|
trusted library section
|
page readonly
|
||
|
134F000
|
stack
|
page read and write
|
||
|
157E000
|
trusted library allocation
|
page read and write
|
||
|
1150000
|
heap
|
page read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
57C0000
|
heap
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
10F7000
|
stack
|
page read and write
|
||
|
1030000
|
heap
|
page read and write
|
||
|
12F7000
|
stack
|
page read and write
|
||
|
BE8000
|
heap
|
page read and write
|
||
|
5780000
|
trusted library allocation
|
page read and write
|
||
|
3123000
|
trusted library allocation
|
page read and write
|
||
|
313E000
|
stack
|
page read and write
|
||
|
11DE000
|
stack
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
75DD000
|
stack
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
2FB6000
|
trusted library allocation
|
page read and write
|
||
|
91BE000
|
stack
|
page read and write
|
||
|
5B10000
|
heap
|
page read and write
|
||
|
7440000
|
trusted library allocation
|
page read and write
|
||
|
E8E0000
|
trusted library section
|
page read and write
|
||
|
57A0000
|
trusted library allocation
|
page read and write
|
||
|
28B0000
|
heap
|
page read and write
|
||
|
35DF000
|
stack
|
page read and write
|
||
|
3313000
|
trusted library allocation
|
page read and write
|
||
|
12D8000
|
heap
|
page read and write
|
||
|
CFD000
|
stack
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
B5C000
|
stack
|
page read and write
|
||
|
16B4000
|
trusted library allocation
|
page read and write
|
||
|
EF3000
|
stack
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
2C2E000
|
stack
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
33AD000
|
trusted library allocation
|
page read and write
|
||
|
83C000
|
stack
|
page read and write
|
||
|
C05000
|
heap
|
page read and write
|
||
|
33DF000
|
stack
|
page read and write
|
||
|
97CE000
|
stack
|
page read and write
|
||
|
16C0000
|
heap
|
page read and write
|
||
|
DBD000
|
stack
|
page read and write
|
||
|
11C0000
|
heap
|
page read and write
|
||
|
8BB0000
|
heap
|
page read and write
|
||
|
534C000
|
stack
|
page read and write
|
||
|
124EE000
|
stack
|
page read and write
|
||
|
8E0E000
|
stack
|
page read and write
|
||
|
15A0000
|
trusted library allocation
|
page read and write
|
||
|
1254000
|
trusted library allocation
|
page read and write
|
||
|
F8A000
|
stack
|
page read and write
|
||
|
5817000
|
trusted library allocation
|
page read and write
|
||
|
13A1000
|
heap
|
page read and write
|
||
|
2CA0000
|
heap
|
page read and write
|
||
|
16BE000
|
stack
|
page read and write
|
||
|
4F6F000
|
trusted library allocation
|
page read and write
|
||
|
6EDDD000
|
unkown
|
page read and write
|
||
|
17FB000
|
trusted library allocation
|
page execute and read and write
|
||
|
285B000
|
stack
|
page read and write
|
||
|
D17F000
|
stack
|
page read and write
|
||
|
289C000
|
stack
|
page read and write
|
||
|
108E000
|
stack
|
page read and write
|
||
|
17DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
54A0000
|
trusted library allocation
|
page read and write
|
||
|
17E0000
|
trusted library allocation
|
page read and write
|
||
|
1300000
|
heap
|
page read and write
|
||
|
569B000
|
trusted library allocation
|
page read and write
|
||
|
DF2000
|
unkown
|
page readonly
|
||
|
102E000
|
stack
|
page read and write
|
||
|
10001000
|
direct allocation
|
page execute and read and write
|
||
|
56F0000
|
trusted library allocation
|
page read and write
|
||
|
7340000
|
trusted library allocation
|
page execute and read and write
|
||
|
3D80000
|
heap
|
page read and write
|
||
|
1870000
|
trusted library allocation
|
page read and write
|
||
|
10E0000
|
heap
|
page read and write
|
||
|
A5C000
|
stack
|
page read and write
|
||
|
1270000
|
trusted library allocation
|
page read and write
|
||
|
136E000
|
heap
|
page read and write
|
||
|
17E2000
|
trusted library allocation
|
page read and write
|
||
|
126D000
|
trusted library allocation
|
page execute and read and write
|
||
|
474000
|
remote allocation
|
page execute and read and write
|
||
|
1591000
|
heap
|
page read and write
|
||
|
54F2000
|
trusted library allocation
|
page read and write
|
||
|
7161000
|
heap
|
page read and write
|
||
|
2FD5000
|
trusted library allocation
|
page read and write
|
||
|
2FAF000
|
stack
|
page read and write
|
||
|
5790000
|
trusted library allocation
|
page execute and read and write
|
||
|
5782000
|
trusted library allocation
|
page read and write
|
||
|
1810000
|
trusted library allocation
|
page read and write
|
||
|
459000
|
system
|
page execute and read and write
|
||
|
57D0000
|
heap
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
E79E000
|
stack
|
page read and write
|
||
|
3177000
|
trusted library allocation
|
page read and write
|
||
|
5690000
|
trusted library allocation
|
page read and write
|
||
|
4041000
|
trusted library allocation
|
page read and write
|
||
|
33A9000
|
trusted library allocation
|
page read and write
|
||
|
33B7000
|
trusted library allocation
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
2ABF000
|
stack
|
page read and write
|
||
|
5D50000
|
trusted library section
|
page read and write
|
||
|
14FA000
|
stack
|
page read and write
|
||
|
1860000
|
trusted library allocation
|
page read and write
|
||
|
281E000
|
stack
|
page read and write
|
||
|
3211000
|
trusted library allocation
|
page read and write
|
||
|
1373000
|
heap
|
page read and write
|
||
|
1380000
|
heap
|
page read and write
|
||
|
2BBF000
|
stack
|
page read and write
|
||
|
1240000
|
trusted library allocation
|
page read and write
|
||
|
3250000
|
trusted library allocation
|
page read and write
|
||
|
13A3000
|
heap
|
page read and write
|
||
|
CF7E000
|
stack
|
page read and write
|
||
|
1287000
|
trusted library allocation
|
page execute and read and write
|
||
|
45D000
|
system
|
page execute and read and write
|
||
|
56B6000
|
trusted library allocation
|
page read and write
|
||
|
2CC0000
|
heap
|
page read and write
|
||
|
56E0000
|
trusted library allocation
|
page read and write
|
||
|
94F000
|
unkown
|
page read and write
|
||
|
15B0000
|
heap
|
page read and write
|
||
|
2FF0000
|
trusted library allocation
|
page read and write
|
||
|
964C000
|
stack
|
page read and write
|
||
|
14A0000
|
heap
|
page read and write
|
||
|
EEF000
|
stack
|
page read and write
|
||
|
8DBE000
|
stack
|
page read and write
|
||
|
4B20000
|
trusted library allocation
|
page read and write
|
||
|
1546000
|
heap
|
page read and write
|
||
|
59D0000
|
heap
|
page read and write
|
||
|
18AF000
|
stack
|
page read and write
|
||
|
17EA000
|
trusted library allocation
|
page execute and read and write
|
||
|
1558000
|
heap
|
page read and write
|
||
|
59C0000
|
heap
|
page read and write
|
||
|
1599000
|
trusted library allocation
|
page read and write
|
||
|
386E000
|
stack
|
page read and write
|
||
|
D7A000
|
heap
|
page read and write
|
||
|
2FF4000
|
trusted library allocation
|
page read and write
|
||
|
2BFD000
|
stack
|
page read and write
|
||
|
1523000
|
heap
|
page read and write
|
||
|
1890000
|
heap
|
page read and write
|
||
|
1306000
|
heap
|
page read and write
|
||
|
1282000
|
trusted library allocation
|
page read and write
|
||
|
59AB000
|
stack
|
page read and write
|
||
|
31D0000
|
heap
|
page execute and read and write
|
||
|
72BE000
|
stack
|
page read and write
|
||
|
513C000
|
stack
|
page read and write
|
||
|
1253000
|
trusted library allocation
|
page execute and read and write
|
||
|
10000000
|
direct allocation
|
page read and write
|
||
|
3041000
|
trusted library allocation
|
page read and write
|
||
|
DEE000
|
stack
|
page read and write
|
||
|
86E000
|
unkown
|
page read and write
|
||
|
10CE000
|
stack
|
page read and write
|
||
|
154A000
|
heap
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
31E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CB0000
|
heap
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
188C000
|
stack
|
page read and write
|
||
|
1560000
|
trusted library allocation
|
page read and write
|
||
|
B3FE000
|
stack
|
page read and write
|
||
|
473000
|
system
|
page execute and read and write
|
||
|
5760000
|
heap
|
page read and write
|
||
|
8CCE000
|
stack
|
page read and write
|
||
|
8F0E000
|
stack
|
page read and write
|
||
|
1272000
|
trusted library allocation
|
page read and write
|
||
|
1260000
|
trusted library allocation
|
page read and write
|
||
|
34A0000
|
heap
|
page read and write
|
||
|
9FF000
|
stack
|
page read and write
|
||
|
32C3000
|
trusted library allocation
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
1263000
|
trusted library allocation
|
page read and write
|
||
|
54D000
|
stack
|
page read and write
|
||
|
3011000
|
trusted library allocation
|
page read and write
|
||
|
55B3000
|
heap
|
page read and write
|
||
|
5A30000
|
heap
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
1315000
|
heap
|
page read and write
|
||
|
12B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4065000
|
trusted library allocation
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
1900000
|
heap
|
page read and write
|
||
|
950E000
|
stack
|
page read and write
|
||
|
EDC000
|
stack
|
page read and write
|
||
|
BAC000
|
stack
|
page read and write
|
||
|
D86000
|
heap
|
page read and write
|
||
|
D2A000
|
stack
|
page read and write
|
||
|
1085000
|
heap
|
page read and write
|
||
|
4049000
|
trusted library allocation
|
page read and write
|
||
|
74BE000
|
stack
|
page read and write
|
||
|
18EE000
|
stack
|
page read and write
|
||
|
365B000
|
trusted library allocation
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
90E000
|
unkown
|
page read and write
|
||
|
592E000
|
stack
|
page read and write
|
||
|
56F5000
|
trusted library allocation
|
page read and write
|
||
|
98CE000
|
stack
|
page read and write
|
||
|
1090000
|
heap
|
page read and write
|
||
|
115C000
|
stack
|
page read and write
|
||
|
E51E000
|
stack
|
page read and write
|
||
|
12A0000
|
trusted library allocation
|
page read and write
|
||
|
2CE0000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
7F060000
|
trusted library allocation
|
page execute and read and write
|
||
|
AEB000
|
heap
|
page read and write
|
||
|
93B000
|
stack
|
page read and write
|
||
|
D07E000
|
stack
|
page read and write
|
||
|
7180000
|
heap
|
page read and write
|
||
|
15AE000
|
stack
|
page read and write
|
||
|
4211000
|
trusted library allocation
|
page read and write
|
||
|
5D30000
|
trusted library allocation
|
page read and write
|
||
|
2FC0000
|
trusted library allocation
|
page read and write
|
||
|
5694000
|
trusted library allocation
|
page read and write
|
||
|
2CFF000
|
stack
|
page read and write
|
||
|
10EE000
|
heap
|
page read and write
|
||
|
57F0000
|
trusted library allocation
|
page read and write
|
||
|
FFF000
|
stack
|
page read and write
|
||
|
5700000
|
trusted library allocation
|
page read and write
|
||
|
17D0000
|
trusted library allocation
|
page read and write
|
||
|
456000
|
system
|
page execute and read and write
|
||
|
10DE000
|
stack
|
page read and write
|
||
|
6EDDF000
|
unkown
|
page readonly
|
||
|
3F20000
|
heap
|
page read and write
|
||
|
15E0000
|
heap
|
page read and write
|
||
|
128B000
|
trusted library allocation
|
page execute and read and write
|
||
|
761D000
|
stack
|
page read and write
|
||
|
8DCE000
|
stack
|
page read and write
|
||
|
72FE000
|
stack
|
page read and write
|
||
|
4219000
|
trusted library allocation
|
page read and write
|
||
|
12DE000
|
heap
|
page read and write
|
||
|
5B00000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CFA000
|
heap
|
page read and write
|
||
|
B46B000
|
stack
|
page read and write
|
||
|
4F2C000
|
trusted library allocation
|
page read and write
|
||
|
2D01000
|
heap
|
page read and write
|
||
|
154E000
|
stack
|
page read and write
|
||
|
54F0000
|
trusted library allocation
|
page read and write
|
||
|
478000
|
remote allocation
|
page execute and read and write
|
||
|
34DF000
|
stack
|
page read and write
|
||
|
34A2000
|
trusted library allocation
|
page read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
5940000
|
heap
|
page read and write
|
||
|
1080000
|
heap
|
page read and write
|
||
|
17E6000
|
trusted library allocation
|
page execute and read and write
|
||
|
30A4000
|
trusted library allocation
|
page read and write
|
||
|
E550000
|
trusted library allocation
|
page execute and read and write
|
||
|
6EDD6000
|
unkown
|
page readonly
|
||
|
1158000
|
heap
|
page read and write
|
||
|
15B0000
|
heap
|
page read and write
|
||
|
6EDC0000
|
unkown
|
page readonly
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
4AD2000
|
trusted library allocation
|
page read and write
|
||
|
5D70000
|
trusted library section
|
page read and write
|
||
|
10016000
|
direct allocation
|
page execute and read and write
|
||
|
16B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
54E0000
|
heap
|
page read and write
|
||
|
33AB000
|
trusted library allocation
|
page read and write
|
||
|
5AFE000
|
stack
|
page read and write
|
||
|
57D000
|
stack
|
page read and write
|
||
|
12D0000
|
heap
|
page read and write
|
||
|
3315000
|
trusted library allocation
|
page read and write
|
||
|
1568000
|
heap
|
page read and write
|
||
|
14AE000
|
heap
|
page read and write
|
||
|
56BD000
|
trusted library allocation
|
page read and write
|
||
|
16BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
4950000
|
trusted library allocation
|
page read and write
|
||
|
1560000
|
heap
|
page read and write
|
||
|
5720000
|
trusted library allocation
|
page read and write
|
||
|
33B9000
|
trusted library allocation
|
page read and write
|
||
|
ED7000
|
stack
|
page read and write
|
||
|
A00E000
|
stack
|
page read and write
|
||
|
5510000
|
trusted library allocation
|
page read and write
|
||
|
57E0000
|
heap
|
page read and write
|
||
|
940E000
|
stack
|
page read and write
|
||
|
92BE000
|
stack
|
page read and write
|
||
|
D6A000
|
heap
|
page read and write
|
||
|
759F000
|
stack
|
page read and write
|
||
|
5800000
|
trusted library allocation
|
page execute and read and write
|
||
|
5550000
|
heap
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
978E000
|
stack
|
page read and write
|
||
|
5B30000
|
heap
|
page read and write
|
||
|
B130000
|
heap
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
123EC000
|
stack
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
45C000
|
system
|
page execute and read and write
|
||
|
18A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5810000
|
trusted library allocation
|
page read and write
|
||
|
1897000
|
heap
|
page read and write
|
||
|
1312000
|
heap
|
page read and write
|
||
|
93B000
|
heap
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
5930000
|
heap
|
page read and write
|
||
|
BFE000
|
stack
|
page read and write
|
||
|
2FB4000
|
trusted library allocation
|
page read and write
|
||
|
56AE000
|
trusted library allocation
|
page read and write
|
||
|
33AF000
|
trusted library allocation
|
page read and write
|
||
|
127A000
|
trusted library allocation
|
page execute and read and write
|
||
|
474000
|
remote allocation
|
page execute and read and write
|
||
|
8FC1000
|
heap
|
page read and write
|
||
|
739E000
|
stack
|
page read and write
|
||
|
3030000
|
heap
|
page read and write
|
||
|
D8F000
|
heap
|
page read and write
|
||
|
7EEC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
186E000
|
trusted library allocation
|
page read and write
|
||
|
59B0000
|
trusted library section
|
page readonly
|
||
|
8B90000
|
heap
|
page read and write
|
||
|
1060000
|
heap
|
page read and write
|
||
|
5480000
|
trusted library allocation
|
page read and write
|
||
|
91E000
|
stack
|
page read and write
|
||
|
348B000
|
trusted library allocation
|
page read and write
|
||
|
E7DE000
|
stack
|
page read and write
|
||
|
56C2000
|
trusted library allocation
|
page read and write
|
||
|
5500000
|
trusted library allocation
|
page execute and read and write
|
||
|
559B000
|
stack
|
page read and write
|
||
|
369F000
|
stack
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
7330000
|
heap
|
page read and write
|
||
|
749F000
|
stack
|
page read and write
|
||
|
33B3000
|
trusted library allocation
|
page read and write
|
||
|
3016000
|
trusted library allocation
|
page read and write
|
||
|
727E000
|
stack
|
page read and write
|
||
|
2C6E000
|
stack
|
page read and write
|
||
|
B100000
|
heap
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
8C2E000
|
heap
|
page read and write
|
||
|
2FB0000
|
trusted library allocation
|
page read and write
|
||
|
5545000
|
heap
|
page read and write
|
||
|
2FD0000
|
trusted library allocation
|
page read and write
|
||
|
E8DE000
|
stack
|
page read and write
|
||
|
3E72000
|
heap
|
page read and write
|
||
|
8FD1000
|
heap
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
33B5000
|
trusted library allocation
|
page read and write
|
||
|
17F2000
|
trusted library allocation
|
page read and write
|
There are 449 hidden memdumps, click here to show them.