Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Payment-Inv.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\flakeboard.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\9Ma02192
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF34BE4CFDAFAB0A23.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF9E25A5C2171C8FFA.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFCA7464F4475610C9.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files.zip
|
Zip archive data (empty)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files.zip~RF4259f6.TMP (copy)
|
Zip archive data (empty)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files.zip~RF42dffe.TMP (copy)
|
Zip archive data (empty)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files.zip~RF42e27f.TMP (copy)
|
Zip archive data (empty)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\BNAGMGSPLO.xlsx
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\CZQKSDDMWR.docx
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\EEGWXUHVUG.docx
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\EIVQSAOTAQ.xlsx
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\EWZCVGNOWT.docx
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\GAOBCVIQIJ.docx
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\GJBHWQDROJ.pdf
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\GJBHWQDROJ.xlsx
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\MNKQCGFJDG.pdf
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\NVWZAPQSQL.pdf
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\NWCXBPIUYI.pdf
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\PIVFAGEAAV.pdf
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\PWCCAWLGRE.docx
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\PWCCAWLGRE.xlsx
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\QCFWYSKMHA.pdf
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\QFAPOWPAFG.xlsx
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\QNCYCDFIJJ.docx
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\QNCYCDFIJJ.xlsx
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataBBRsfOhu.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataCgXmRCfR.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataDlrbxGcx.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataFUSZjHmZ.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataGsWkhXPa.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataISIBMHvc.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataKChoLUgE.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataMQlttXNj.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataMmCIdyxm.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataOkriMQol.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataPrAZkwrp.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataQIppfjMl.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataQOFChUkf.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataRijzbbxq.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataRvEPRFMu.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataTHceNsVF.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataUJDCxaHw.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataVfLQtXHS.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataVrtGDMwf.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataYJSXxvhF.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataZwACwHFD.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataaddZiUeO.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataakkZbIPL.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDatacUOurcvr.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDatagPlbcKPT.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDatagTihpzgf.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDatahDXtWHIF.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataiUKSsPPq.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDatajtFYBWIb.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDatamKqXjagA.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDatamjmXVLtG.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDatangwpWqBp.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDatapGmcjeKt.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDatasWOfgWdx.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDatatLWWKhNx.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDatatWBDPZVd.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDatatagjEEnD.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataudGJeilF.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDatauxmCqTJs.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDatawILQtceu.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDatawkqkJSHN.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDatawqJiNLOm.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataxDaWdSfU.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDatayHwISEIh.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDatazaftBmSg.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\LogabacusesxBGTaeIfvTUzjaQgHAWxNnWeaZsQuFodevotionality
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie
0xb, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotBAsPgoGG.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotBNXgbVJH.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotBVbkItmY.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotCTaEFokY.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotDVFRQMDP.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotFxyZxYUq.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotGEjoTwTG.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotGeWhZVbr.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotHSmxiVpK.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotIRibAROJ.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotKPdUlRrk.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotLqQOnJYX.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotMBXNJWnq.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotOKZuUfEp.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotOPrtVqjP.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotPbLXeZEw.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotPbMTuWma.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotTrlgxnDf.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotWtxsXqVr.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotXUlnLBRl.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotYmTeTliO.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotZkaEGmlh.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotbZXXYTxo.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotbkKAVhjo.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotboihXiTg.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotdbnMCvYg.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotgLFxbQoO.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotiLsRSzMZ.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotkJljhKUe.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotlCTCfGHs.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotmOlmSXgF.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotmjMxQlOj.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotnhUXDmSD.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotottVtGkY.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotpgGLndDU.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotqNIRrFHB.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotqSfmVIpc.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotqYvoMlpW.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotsJVaWCOn.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshottXeFZYIf.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
modified
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotvKfMYQMc.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotwNDtaRvU.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotwwxURnpE.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotxDCnOlcx.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotxmuWgfIX.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotyjJMNgQK.BMP
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\WebData
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie
0x21, schema 4, UTF-8, version-valid-for 3
|
dropped
|
There are 111 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Payment-Inv.exe
|
"C:\Users\user\Desktop\Payment-Inv.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\flakeboard.exe
|
"C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\flakeboard.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\flakeboard.exe
|
"C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\flakeboard.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://duckduckgo.com/chrome_newtab
|
unknown
|
||
|
http://showip.netll/
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
https://fundingchoicesmessages.google.com/i/pub-8790158038613050?ers=1
|
unknown
|
||
|
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
|
unknown
|
||
|
https://showip.net/
|
unknown
|
||
|
http://showip.net/y
|
unknown
|
||
|
http://showip.net/%=
|
unknown
|
||
|
https://unpkg.com/leaflet
|
unknown
|
||
|
http://showip.net/A
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
http://showip.net/TZG
|
unknown
|
||
|
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
https://showip.net/?checkip=
|
unknown
|
||
|
https://www.ecosia.org/newtab/
|
unknown
|
||
|
http://showip.net/
|
unknown
|
||
|
http://showip.net
|
unknown
|
||
|
https://ac.ecosia.org/autocomplete?q=
|
unknown
|
||
|
http://schema.org
|
unknown
|
||
|
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
|
unknown
|
||
|
https://www.openstreetmap.org/copyright
|
unknown
|
||
|
http://showip.net/4b
|
unknown
|
||
|
http://www.maxmind.com
|
unknown
|
||
|
http://showip.net/rc
|
unknown
|
||
|
https://fundingchoicesmessages.google.com9x
|
unknown
|
||
|
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
|
unknown
|
||
|
http://showip.netl?
|
unknown
|
There are 17 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
showip.net
|
162.55.60.2
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
162.55.60.2
|
showip.net
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
|
{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31} {000214E6-0000-0000-C000-000000000046} 0xFFFF
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
|
customariness
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4F11000
|
heap
|
page read and write
|
|
|
|
401000
|
unkown
|
page execute read
|
|
|
|
401000
|
unkown
|
page execute read
|
|
|
|
401000
|
unkown
|
page execute read
|
|
|
|
401000
|
unkown
|
page execute read
|
|
|
|
401000
|
unkown
|
page execute read
|
|
|
|
3A81000
|
heap
|
page read and write
|
||
|
79E000
|
heap
|
page read and write
|
||
|
3BE1000
|
heap
|
page read and write
|
||
|
3A7D000
|
heap
|
page read and write
|
||
|
78F000
|
heap
|
page read and write
|
||
|
768000
|
heap
|
page read and write
|
||
|
2187000
|
heap
|
page read and write
|
||
|
3A76000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
74A000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
38A6000
|
heap
|
page read and write
|
||
|
73D000
|
heap
|
page read and write
|
||
|
7CF000
|
heap
|
page read and write
|
||
|
5B1000
|
heap
|
page read and write
|
||
|
3A6D000
|
heap
|
page read and write
|
||
|
7B7000
|
heap
|
page read and write
|
||
|
329F000
|
stack
|
page read and write
|
||
|
7EE000
|
heap
|
page read and write
|
||
|
73C000
|
heap
|
page read and write
|
||
|
7C5000
|
heap
|
page read and write
|
||
|
6B8E000
|
heap
|
page read and write
|
||
|
7CF000
|
heap
|
page read and write
|
||
|
763000
|
heap
|
page read and write
|
||
|
3BE1000
|
heap
|
page read and write
|
||
|
6682000
|
heap
|
page read and write
|
||
|
3AB9000
|
heap
|
page read and write
|
||
|
668D000
|
heap
|
page read and write
|
||
|
6682000
|
heap
|
page read and write
|
||
|
59B000
|
heap
|
page read and write
|
||
|
75F000
|
heap
|
page read and write
|
||
|
3A6E000
|
heap
|
page read and write
|
||
|
2130000
|
trusted library allocation
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
5FB000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
3AD9000
|
heap
|
page read and write
|
||
|
447000
|
unkown
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
20F9000
|
heap
|
page read and write
|
||
|
383A000
|
heap
|
page read and write
|
||
|
6B8E000
|
heap
|
page read and write
|
||
|
3D31000
|
heap
|
page read and write
|
||
|
73E000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
3A7A000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
786000
|
heap
|
page read and write
|
||
|
21B3000
|
heap
|
page read and write
|
||
|
3BF1000
|
heap
|
page read and write
|
||
|
3AA8000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
5E3000
|
heap
|
page read and write
|
||
|
6688000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
3A4E000
|
stack
|
page read and write
|
||
|
355D000
|
stack
|
page read and write
|
||
|
79F000
|
heap
|
page read and write
|
||
|
3AD9000
|
heap
|
page read and write
|
||
|
3A7A000
|
heap
|
page read and write
|
||
|
3BDD000
|
heap
|
page read and write
|
||
|
3A71000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
3C20000
|
heap
|
page read and write
|
||
|
2A10000
|
heap
|
page read and write
|
||
|
28D0000
|
trusted library allocation
|
page read and write
|
||
|
6B8D000
|
heap
|
page read and write
|
||
|
6B83000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
6B89000
|
heap
|
page read and write
|
||
|
6B83000
|
heap
|
page read and write
|
||
|
2970000
|
heap
|
page read and write
|
||
|
3A6E000
|
heap
|
page read and write
|
||
|
3930000
|
heap
|
page read and write
|
||
|
3AA8000
|
heap
|
page read and write
|
||
|
766000
|
heap
|
page read and write
|
||
|
3A75000
|
heap
|
page read and write
|
||
|
3ACF000
|
heap
|
page read and write
|
||
|
351D000
|
stack
|
page read and write
|
||
|
6B8B000
|
heap
|
page read and write
|
||
|
7AE000
|
heap
|
page read and write
|
||
|
6541000
|
heap
|
page read and write
|
||
|
74A000
|
heap
|
page read and write
|
||
|
305E000
|
stack
|
page read and write
|
||
|
3810000
|
heap
|
page read and write
|
||
|
7C1000
|
heap
|
page read and write
|
||
|
3D31000
|
heap
|
page read and write
|
||
|
74D000
|
heap
|
page read and write
|
||
|
447000
|
unkown
|
page read and write
|
||
|
6540000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
3ADB000
|
heap
|
page read and write
|
||
|
5E3000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
793000
|
heap
|
page read and write
|
||
|
3AE5000
|
heap
|
page read and write
|
||
|
78E000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
7A3000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
32DE000
|
stack
|
page read and write
|
||
|
6680000
|
heap
|
page read and write
|
||
|
6548000
|
heap
|
page read and write
|
||
|
20B0000
|
trusted library allocation
|
page execute read
|
||
|
448000
|
unkown
|
page readonly
|
||
|
6688000
|
heap
|
page read and write
|
||
|
3AA6000
|
heap
|
page read and write
|
||
|
2AA4000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
3AEE000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
3AA6000
|
heap
|
page read and write
|
||
|
3A7A000
|
heap
|
page read and write
|
||
|
2BB0000
|
trusted library section
|
page read and write
|
||
|
668C000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
766000
|
heap
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
654D000
|
heap
|
page read and write
|
||
|
6546000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
21B7000
|
heap
|
page read and write
|
||
|
3882000
|
heap
|
page read and write
|
||
|
3ADC000
|
heap
|
page read and write
|
||
|
6B83000
|
heap
|
page read and write
|
||
|
3AAC000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
199000
|
stack
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
5EA000
|
heap
|
page read and write
|
||
|
3AE7000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
3A7D000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
752000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
3ADA000
|
heap
|
page read and write
|
||
|
668F000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
3AEE000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
6683000
|
heap
|
page read and write
|
||
|
6B81000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
2180000
|
heap
|
page read and write
|
||
|
797000
|
heap
|
page read and write
|
||
|
600000
|
trusted library allocation
|
page execute read
|
||
|
6B8B000
|
heap
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
4D90000
|
heap
|
page read and write
|
||
|
7B3000
|
heap
|
page read and write
|
||
|
341E000
|
stack
|
page read and write
|
||
|
654F000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
38C2000
|
heap
|
page read and write
|
||
|
668D000
|
heap
|
page read and write
|
||
|
82C000
|
heap
|
page read and write
|
||
|
3BDD000
|
heap
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
3AAE000
|
heap
|
page read and write
|
||
|
7A2000
|
heap
|
page read and write
|
||
|
654D000
|
heap
|
page read and write
|
||
|
3871000
|
heap
|
page read and write
|
||
|
38D6000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
3ACE000
|
heap
|
page read and write
|
||
|
762000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
3AAA000
|
heap
|
page read and write
|
||
|
74E000
|
heap
|
page read and write
|
||
|
3BDD000
|
heap
|
page read and write
|
||
|
3D21000
|
heap
|
page read and write
|
||
|
7CE000
|
heap
|
page read and write
|
||
|
7C2000
|
heap
|
page read and write
|
||
|
6B82000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
6B83000
|
heap
|
page read and write
|
||
|
5CD000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
3C00000
|
heap
|
page read and write
|
||
|
3A74000
|
heap
|
page read and write
|
||
|
668D000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
5EA000
|
heap
|
page read and write
|
||
|
3BE1000
|
heap
|
page read and write
|
||
|
5CD000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
752000
|
heap
|
page read and write
|
||
|
2120000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
6B83000
|
heap
|
page read and write
|
||
|
5B1000
|
heap
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
3AD9000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
5A3000
|
heap
|
page read and write
|
||
|
3AE5000
|
heap
|
page read and write
|
||
|
74D000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
3AE5000
|
heap
|
page read and write
|
||
|
5A9000
|
heap
|
page read and write
|
||
|
6B80000
|
heap
|
page read and write
|
||
|
6B82000
|
heap
|
page read and write
|
||
|
6B8C000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
654B000
|
heap
|
page read and write
|
||
|
38D6000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
3AE3000
|
heap
|
page read and write
|
||
|
3D41000
|
heap
|
page read and write
|
||
|
4F58000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
596000
|
heap
|
page read and write
|
||
|
3ACB000
|
heap
|
page read and write
|
||
|
2183000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
5B5000
|
heap
|
page read and write
|
||
|
3A58000
|
heap
|
page read and write
|
||
|
2A24000
|
heap
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
746000
|
heap
|
page read and write
|
||
|
798000
|
heap
|
page read and write
|
||
|
7A9000
|
heap
|
page read and write
|
||
|
6545000
|
heap
|
page read and write
|
||
|
383F000
|
heap
|
page read and write
|
||
|
7AA000
|
heap
|
page read and write
|
||
|
756000
|
heap
|
page read and write
|
||
|
3ACC000
|
heap
|
page read and write
|
||
|
5A5000
|
heap
|
page read and write
|
||
|
3A71000
|
heap
|
page read and write
|
||
|
3BE1000
|
heap
|
page read and write
|
||
|
3D1D000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
3B02000
|
heap
|
page read and write
|
||
|
448000
|
unkown
|
page readonly
|
||
|
597000
|
heap
|
page read and write
|
||
|
33DF000
|
stack
|
page read and write
|
||
|
756000
|
heap
|
page read and write
|
||
|
5AF000
|
heap
|
page read and write
|
||
|
73D000
|
heap
|
page read and write
|
||
|
38B8000
|
heap
|
page read and write
|
||
|
2129000
|
heap
|
page read and write
|
||
|
3A6B000
|
heap
|
page read and write
|
||
|
30FF000
|
stack
|
page read and write
|
||
|
73D000
|
heap
|
page read and write
|
||
|
587000
|
heap
|
page read and write
|
||
|
791000
|
heap
|
page read and write
|
||
|
3A50000
|
heap
|
page read and write
|
||
|
3A7D000
|
heap
|
page read and write
|
||
|
3BF1000
|
heap
|
page read and write
|
||
|
766000
|
heap
|
page read and write
|
||
|
6B8A000
|
heap
|
page read and write
|
||
|
6B82000
|
heap
|
page read and write
|
||
|
3AD5000
|
heap
|
page read and write
|
||
|
2980000
|
heap
|
page read and write
|
||
|
2AA0000
|
heap
|
page read and write
|
||
|
738000
|
heap
|
page read and write
|
||
|
313E000
|
stack
|
page read and write
|
||
|
6685000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
3A7D000
|
heap
|
page read and write
|
||
|
6B8F000
|
heap
|
page read and write
|
||
|
3871000
|
heap
|
page read and write
|
||
|
59E000
|
heap
|
page read and write
|
||
|
7E6000
|
heap
|
page read and write
|
||
|
3A7A000
|
heap
|
page read and write
|
||
|
3BF1000
|
heap
|
page read and write
|
||
|
3BDD000
|
heap
|
page read and write
|
||
|
3BE1000
|
heap
|
page read and write
|
||
|
3D10000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
83E000
|
heap
|
page read and write
|
||
|
337F000
|
stack
|
page read and write
|
||
|
3D41000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
6687000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
5F9000
|
heap
|
page read and write
|
||
|
3BDD000
|
heap
|
page read and write
|
||
|
2AB0000
|
trusted library section
|
page read and write
|
||
|
38B8000
|
heap
|
page read and write
|
||
|
2900000
|
heap
|
page read and write
|
||
|
6B8F000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
3AA6000
|
heap
|
page read and write
|
||
|
3ABB000
|
heap
|
page read and write
|
||
|
3AFB000
|
heap
|
page read and write
|
||
|
7D6000
|
heap
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
3ADC000
|
heap
|
page read and write
|
||
|
78E000
|
heap
|
page read and write
|
||
|
3837000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
37B0000
|
heap
|
page read and write
|
||
|
668A000
|
heap
|
page read and write
|
||
|
78A000
|
heap
|
page read and write
|
||
|
6682000
|
heap
|
page read and write
|
||
|
7A2000
|
heap
|
page read and write
|
||
|
7A7000
|
heap
|
page read and write
|
||
|
797000
|
heap
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
199000
|
stack
|
page read and write
|
||
|
6686000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
6540000
|
heap
|
page read and write
|
||
|
315F000
|
stack
|
page read and write
|
||
|
6B88000
|
heap
|
page read and write
|
||
|
341E000
|
stack
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
379F000
|
stack
|
page read and write
|
||
|
587000
|
heap
|
page read and write
|
||
|
3A73000
|
heap
|
page read and write
|
||
|
3AAA000
|
heap
|
page read and write
|
||
|
774000
|
heap
|
page read and write
|
||
|
6543000
|
heap
|
page read and write
|
||
|
6545000
|
heap
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
654A000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
58C000
|
heap
|
page read and write
|
||
|
787000
|
heap
|
page read and write
|
||
|
394E000
|
stack
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
6686000
|
heap
|
page read and write
|
||
|
668D000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
592000
|
heap
|
page read and write
|
||
|
3BF1000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
6687000
|
heap
|
page read and write
|
||
|
74A000
|
heap
|
page read and write
|
||
|
668A000
|
heap
|
page read and write
|
||
|
5A3000
|
heap
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
599000
|
heap
|
page read and write
|
||
|
3A7A000
|
heap
|
page read and write
|
||
|
615000
|
heap
|
page read and write
|
||
|
369E000
|
stack
|
page read and write
|
||
|
5E3000
|
heap
|
page read and write
|
||
|
6543000
|
heap
|
page read and write
|
||
|
3D21000
|
heap
|
page read and write
|
||
|
3A7A000
|
heap
|
page read and write
|
||
|
7AC000
|
heap
|
page read and write
|
||
|
7B3000
|
heap
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
6B81000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
3B80000
|
heap
|
page read and write
|
||
|
3AAA000
|
heap
|
page read and write
|
||
|
2A20000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
7D5000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
3940000
|
heap
|
page read and write
|
||
|
5A5000
|
heap
|
page read and write
|
||
|
6686000
|
heap
|
page read and write
|
||
|
2120000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
611000
|
heap
|
page read and write
|
||
|
7B9000
|
heap
|
page read and write
|
||
|
668D000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
6684000
|
heap
|
page read and write
|
||
|
3ADD000
|
heap
|
page read and write
|
||
|
708000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
76C000
|
heap
|
page read and write
|
||
|
7A8000
|
heap
|
page read and write
|
||
|
38D6000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
58C000
|
heap
|
page read and write
|
||
|
6B8D000
|
heap
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
448000
|
unkown
|
page readonly
|
||
|
5B5000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
3AE5000
|
heap
|
page read and write
|
||
|
6541000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
3831000
|
heap
|
page read and write
|
||
|
7BA000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
787000
|
heap
|
page read and write
|
||
|
6B8F000
|
heap
|
page read and write
|
||
|
5AC000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
78F000
|
heap
|
page read and write
|
||
|
5E3000
|
heap
|
page read and write
|
||
|
3AD9000
|
heap
|
page read and write
|
||
|
7B5000
|
heap
|
page read and write
|
||
|
6B8E000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
3BDD000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
327E000
|
stack
|
page read and write
|
||
|
6682000
|
heap
|
page read and write
|
||
|
3AD5000
|
heap
|
page read and write
|
||
|
7A5000
|
heap
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
7A5000
|
heap
|
page read and write
|
||
|
3AB0000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
3D1D000
|
heap
|
page read and write
|
||
|
78D000
|
heap
|
page read and write
|
||
|
2170000
|
heap
|
page read and write
|
||
|
5A1000
|
heap
|
page read and write
|
||
|
3D21000
|
heap
|
page read and write
|
||
|
4ED0000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
3AA8000
|
heap
|
page read and write
|
||
|
79C000
|
heap
|
page read and write
|
||
|
74E000
|
heap
|
page read and write
|
||
|
592000
|
heap
|
page read and write
|
||
|
79E000
|
heap
|
page read and write
|
||
|
2130000
|
heap
|
page read and write
|
||
|
20E0000
|
heap
|
page read and write
|
||
|
776000
|
heap
|
page read and write
|
||
|
21B0000
|
heap
|
page read and write
|
||
|
3A6B000
|
heap
|
page read and write
|
||
|
5D1000
|
heap
|
page read and write
|
||
|
6B8F000
|
heap
|
page read and write
|
||
|
654D000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
2150000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
6685000
|
heap
|
page read and write
|
||
|
3ADC000
|
heap
|
page read and write
|
||
|
6B88000
|
heap
|
page read and write
|
||
|
3A76000
|
heap
|
page read and write
|
||
|
3A5B000
|
heap
|
page read and write
|
||
|
3AE4000
|
heap
|
page read and write
|
||
|
3ACF000
|
heap
|
page read and write
|
||
|
3AA6000
|
heap
|
page read and write
|
||
|
3A7D000
|
heap
|
page read and write
|
||
|
742000
|
heap
|
page read and write
|
||
|
3BF1000
|
heap
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
3B83000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
791000
|
heap
|
page read and write
|
||
|
6549000
|
heap
|
page read and write
|
||
|
765000
|
heap
|
page read and write
|
||
|
79B000
|
heap
|
page read and write
|
||
|
5C8000
|
heap
|
page read and write
|
||
|
7B6000
|
heap
|
page read and write
|
||
|
3871000
|
heap
|
page read and write
|
||
|
5AC000
|
heap
|
page read and write
|
||
|
3AA6000
|
heap
|
page read and write
|
||
|
756000
|
heap
|
page read and write
|
||
|
3AD5000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
3BD0000
|
heap
|
page read and write
|
||
|
3AA8000
|
heap
|
page read and write
|
||
|
7AE000
|
heap
|
page read and write
|
||
|
21BB000
|
heap
|
page read and write
|
||
|
3AD5000
|
heap
|
page read and write
|
||
|
20F0000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
6547000
|
heap
|
page read and write
|
||
|
3ADA000
|
heap
|
page read and write
|
||
|
5CD000
|
heap
|
page read and write
|
||
|
5AE000
|
heap
|
page read and write
|
||
|
383F000
|
heap
|
page read and write
|
||
|
654F000
|
heap
|
page read and write
|
||
|
6B80000
|
heap
|
page read and write
|
||
|
3A51000
|
heap
|
page read and write
|
||
|
6540000
|
heap
|
page read and write
|
||
|
3AD5000
|
heap
|
page read and write
|
||
|
79E000
|
heap
|
page read and write
|
||
|
365D000
|
stack
|
page read and write
|
||
|
6B87000
|
heap
|
page read and write
|
||
|
7EE000
|
heap
|
page read and write
|
||
|
761000
|
heap
|
page read and write
|
||
|
5EA000
|
heap
|
page read and write
|
||
|
6B88000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
3A75000
|
heap
|
page read and write
|
||
|
448000
|
unkown
|
page readonly
|
||
|
379F000
|
stack
|
page read and write
|
||
|
747000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
3AA8000
|
heap
|
page read and write
|
||
|
5FE000
|
heap
|
page read and write
|
||
|
746000
|
heap
|
page read and write
|
||
|
3A6C000
|
heap
|
page read and write
|
||
|
3BF1000
|
heap
|
page read and write
|
||
|
383A000
|
heap
|
page read and write
|
||
|
3811000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
768000
|
heap
|
page read and write
|
||
|
802000
|
heap
|
page read and write
|
||
|
7EE000
|
heap
|
page read and write
|
||
|
7D6000
|
heap
|
page read and write
|
||
|
654F000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
6B84000
|
heap
|
page read and write
|
||
|
5A5000
|
heap
|
page read and write
|
||
|
3D31000
|
heap
|
page read and write
|
||
|
3D1D000
|
heap
|
page read and write
|
||
|
5F7000
|
heap
|
page read and write
|
||
|
3BDD000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
2190000
|
trusted library allocation
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
20E0000
|
heap
|
page read and write
|
||
|
3BE1000
|
heap
|
page read and write
|
||
|
319E000
|
stack
|
page read and write
|
||
|
782000
|
heap
|
page read and write
|
||
|
3ADC000
|
heap
|
page read and write
|
||
|
351D000
|
stack
|
page read and write
|
||
|
3ADC000
|
heap
|
page read and write
|
||
|
7B6000
|
heap
|
page read and write
|
||
|
668D000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
654E000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
6B84000
|
heap
|
page read and write
|
||
|
3875000
|
heap
|
page read and write
|
||
|
6B87000
|
heap
|
page read and write
|
||
|
33B0000
|
heap
|
page read and write
|
||
|
3AC0000
|
heap
|
page read and write
|
||
|
323F000
|
stack
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
6545000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
7AC000
|
heap
|
page read and write
|
||
|
3A7A000
|
heap
|
page read and write
|
||
|
21C0000
|
trusted library allocation
|
page read and write
|
||
|
74D000
|
heap
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
3834000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
3AD2000
|
heap
|
page read and write
|
||
|
3BE1000
|
heap
|
page read and write
|
||
|
592000
|
heap
|
page read and write
|
||
|
5CB000
|
heap
|
page read and write
|
||
|
75D000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
2FFE000
|
stack
|
page read and write
|
||
|
365D000
|
stack
|
page read and write
|
||
|
3D41000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
369E000
|
stack
|
page read and write
|
||
|
3834000
|
heap
|
page read and write
|
||
|
6541000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
7BB000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
6544000
|
heap
|
page read and write
|
||
|
355D000
|
stack
|
page read and write
|
||
|
654E000
|
heap
|
page read and write
|
||
|
218C000
|
heap
|
page read and write
|
||
|
3ADC000
|
heap
|
page read and write
|
||
|
37C9000
|
heap
|
page read and write
|
||
|
654C000
|
heap
|
page read and write
|
||
|
6543000
|
heap
|
page read and write
|
||
|
3ACD000
|
heap
|
page read and write
|
||
|
3C23000
|
heap
|
page read and write
|
||
|
7ED000
|
heap
|
page read and write
|
||
|
6B84000
|
heap
|
page read and write
|
||
|
7AA000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
597000
|
heap
|
page read and write
|
||
|
5EA000
|
heap
|
page read and write
|
||
|
3AD5000
|
heap
|
page read and write
|
||
|
7B1000
|
heap
|
page read and write
|
||
|
448000
|
unkown
|
page readonly
|
||
|
6681000
|
heap
|
page read and write
|
||
|
5EA000
|
heap
|
page read and write
|
||
|
3ADB000
|
heap
|
page read and write
|
||
|
38B0000
|
heap
|
page read and write
|
||
|
74E000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
59C000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
5E2000
|
heap
|
page read and write
|
||
|
599000
|
heap
|
page read and write
|
||
|
746000
|
heap
|
page read and write
|
||
|
766000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
There are 607 hidden memdumps, click here to show them.