Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
1m181Ru74o.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\remcos\logs.dat
|
data
|
dropped
|
|
|
|
C:\Users\Public\Libraries\Ntmftfld
|
data
|
dropped
|
|
|
|
C:\Users\Public\Libraries\Ntmftfld.PIF
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Ntmftfld.url
|
MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Ntmftfld.PIF">), ASCII text, with CRLF line
terminators
|
dropped
|
|
|
|
C:\Users\Public\Libraries\PNO
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Libraries\dlftfmtN.cmd
|
DOS batch file, Unicode text, UTF-8 text, with very long lines (324), with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\alpha.pif
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\Public\xpha.pif
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with CRLF, CR line terminators
|
dropped
|
||
|
\Device\Null
|
ASCII text, with CRLF, CR line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\1m181Ru74o.exe
|
"C:\Users\user\Desktop\1m181Ru74o.exe"
|
|
|
|
C:\Windows\SysWOW64\esentutl.exe
|
C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /o
|
|
|
|
C:\Windows\SysWOW64\esentutl.exe
|
C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\ping.exe /d C:\\Users\\Public\\xpha.pif /o
|
|
|
|
C:\Windows\SysWOW64\esentutl.exe
|
C:\\Windows\\System32\\esentutl.exe /y C:\Users\user\Desktop\1m181Ru74o.exe /d C:\\Users\\Public\\Libraries\\Ntmftfld.PIF
/o
|
|
|
|
C:\Windows\SysWOW64\SndVol.exe
|
C:\Windows\System32\SndVol.exe
|
|
|
|
C:\Users\Public\Libraries\Ntmftfld.PIF
|
"C:\Users\Public\Libraries\Ntmftfld.PIF"
|
|
|
|
C:\Windows\SysWOW64\colorcpl.exe
|
C:\Windows\System32\colorcpl.exe
|
|
|
|
C:\Users\Public\Libraries\Ntmftfld.PIF
|
"C:\Users\Public\Libraries\Ntmftfld.PIF"
|
|
|
|
C:\Windows\SysWOW64\colorcpl.exe
|
C:\Windows\System32\colorcpl.exe
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\dlftfmtN.cmd" "
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 2 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://aarzoomarine.com/wp-content/plugins/231_Ntmftfldhfc
|
103.101.59.23
|
|
|
|
craekuro.duckdns.org
|
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
|
unknown
|
||
|
http://geoplugin.net/json.gp
|
unknown
|
||
|
http://crl.mJ
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
|
unknown
|
||
|
http://www.microsoft.co
|
unknown
|
||
|
https://aarzoomarine.com:443/wp-content/plugins/231_Ntmftfldhfc
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
|
unknown
|
||
|
http://www.pmail.com
|
unknown
|
||
|
https://aarzoomarine.com/owa
|
unknown
|
||
|
http://ocsp.sectigo.com0C
|
unknown
|
There are 6 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
aarzoomarine.com
|
103.101.59.23
|
|
|
|
craekuro.duckdns.org
|
172.111.212.138
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.111.212.138
|
craekuro.duckdns.org
|
United States
|
|
|
|
103.101.59.23
|
aarzoomarine.com
|
India
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Ntmftfld
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-YHG91Z
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-YHG91Z
|
licence
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%systemroot%\system32\colorui.dll,-1400
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\ProfileAssociations\Print\Fax
|
UsePerUserProfiles
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
6D30000
|
remote allocation
|
page execute and read and write
|
|
|
|
30F9000
|
heap
|
page read and write
|
|
|
|
2ADD000
|
heap
|
page read and write
|
|
|
|
2AC7000
|
heap
|
page read and write
|
|
|
|
305C000
|
heap
|
page read and write
|
|
|
|
48E0000
|
remote allocation
|
page execute and read and write
|
|
|
|
302F000
|
heap
|
page read and write
|
|
|
|
400000
|
direct allocation
|
page execute and read and write
|
|
|
|
25A3F000
|
stack
|
page read and write
|
|
|
|
3062000
|
heap
|
page read and write
|
|
|
|
30F9000
|
heap
|
page read and write
|
|
|
|
2AA7000
|
heap
|
page read and write
|
|
|
|
400000
|
direct allocation
|
page execute and read and write
|
|
|
|
7090000
|
remote allocation
|
page execute and read and write
|
|
|
|
400000
|
direct allocation
|
page execute and read and write
|
|
|
|
1514E000
|
stack
|
page read and write
|
||
|
3B750000
|
trusted library allocation
|
page read and write
|
||
|
2F9D000
|
heap
|
page read and write
|
||
|
2276000
|
direct allocation
|
page read and write
|
||
|
4F3B000
|
heap
|
page read and write
|
||
|
2F83000
|
heap
|
page read and write
|
||
|
307E000
|
stack
|
page read and write
|
||
|
4D10000
|
direct allocation
|
page read and write
|
||
|
475000
|
unkown
|
page readonly
|
||
|
3024000
|
heap
|
page read and write
|
||
|
2ADD000
|
heap
|
page read and write
|
||
|
7E850000
|
direct allocation
|
page read and write
|
||
|
2FB2000
|
direct allocation
|
page read and write
|
||
|
7E7B0000
|
direct allocation
|
page read and write
|
||
|
93F000
|
stack
|
page read and write
|
||
|
15F0E000
|
heap
|
page read and write
|
||
|
3730F000
|
stack
|
page read and write
|
||
|
24640000
|
trusted library allocation
|
page read and write
|
||
|
2DA0000
|
heap
|
page read and write
|
||
|
4B40000
|
heap
|
page read and write
|
||
|
2321000
|
direct allocation
|
page read and write
|
||
|
30EA000
|
heap
|
page read and write
|
||
|
21C0000
|
heap
|
page read and write
|
||
|
153FE000
|
stack
|
page read and write
|
||
|
7ED20000
|
direct allocation
|
page read and write
|
||
|
2F85000
|
heap
|
page read and write
|
||
|
7FC5F000
|
direct allocation
|
page read and write
|
||
|
4BD0000
|
heap
|
page read and write
|
||
|
2F9E000
|
heap
|
page read and write
|
||
|
2F83000
|
heap
|
page read and write
|
||
|
30F1000
|
heap
|
page read and write
|
||
|
D3E000
|
stack
|
page read and write
|
||
|
1AC0F000
|
stack
|
page read and write
|
||
|
65A000
|
heap
|
page read and write
|
||
|
15510000
|
heap
|
page read and write
|
||
|
7E8D0000
|
direct allocation
|
page read and write
|
||
|
2941000
|
heap
|
page read and write
|
||
|
2EB0000
|
direct allocation
|
page readonly
|
||
|
36F8E000
|
stack
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
2341000
|
direct allocation
|
page read and write
|
||
|
1A49E000
|
stack
|
page read and write
|
||
|
7E8AF000
|
direct allocation
|
page read and write
|
||
|
29A0000
|
heap
|
page read and write
|
||
|
15BC1000
|
heap
|
page read and write
|
||
|
62E000
|
stack
|
page read and write
|
||
|
2995000
|
heap
|
page read and write
|
||
|
1555E000
|
stack
|
page read and write
|
||
|
2D95000
|
heap
|
page read and write
|
||
|
6DB000
|
heap
|
page read and write
|
||
|
2F9D000
|
heap
|
page read and write
|
||
|
2B2F000
|
heap
|
page read and write
|
||
|
1AC20000
|
heap
|
page read and write
|
||
|
2E1F000
|
heap
|
page read and write
|
||
|
4B0B000
|
stack
|
page read and write
|
||
|
4BD4000
|
heap
|
page read and write
|
||
|
4F5C000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
7E860000
|
direct allocation
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
475000
|
direct allocation
|
page execute and read and write
|
||
|
7E490000
|
direct allocation
|
page read and write
|
||
|
2520000
|
heap
|
page read and write
|
||
|
6790000
|
trusted library allocation
|
page read and write
|
||
|
636000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
36F2F000
|
stack
|
page read and write
|
||
|
24F3000
|
heap
|
page read and write
|
||
|
152BE000
|
stack
|
page read and write
|
||
|
7E8D0000
|
direct allocation
|
page read and write
|
||
|
7EE000
|
stack
|
page read and write
|
||
|
1A87E000
|
stack
|
page read and write
|
||
|
461000
|
unkown
|
page read and write
|
||
|
2DCF000
|
unkown
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
461000
|
unkown
|
page read and write
|
||
|
4404000
|
heap
|
page read and write
|
||
|
15B4C000
|
heap
|
page read and write
|
||
|
2F84000
|
heap
|
page read and write
|
||
|
4F55000
|
heap
|
page read and write
|
||
|
3010000
|
heap
|
page read and write
|
||
|
1A59F000
|
stack
|
page read and write
|
||
|
36DFD000
|
direct allocation
|
page read and write
|
||
|
83B000
|
heap
|
page read and write
|
||
|
29CE000
|
stack
|
page read and write
|
||
|
1A9CE000
|
stack
|
page read and write
|
||
|
7FAE0000
|
direct allocation
|
page read and write
|
||
|
1A434000
|
direct allocation
|
page read and write
|
||
|
30A8000
|
heap
|
page read and write
|
||
|
14E01000
|
direct allocation
|
page read and write
|
||
|
2420000
|
heap
|
page read and write
|
||
|
2F84000
|
heap
|
page read and write
|
||
|
3165000
|
heap
|
page read and write
|
||
|
7F230000
|
direct allocation
|
page read and write
|
||
|
65E000
|
heap
|
page read and write
|
||
|
1AC27000
|
heap
|
page read and write
|
||
|
2A3F000
|
stack
|
page read and write
|
||
|
585000
|
unkown
|
page readonly
|
||
|
7F15B000
|
direct allocation
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
3038000
|
heap
|
page read and write
|
||
|
25AFC000
|
stack
|
page read and write
|
||
|
7F1AE000
|
direct allocation
|
page read and write
|
||
|
63B000
|
heap
|
page read and write
|
||
|
304B000
|
heap
|
page read and write
|
||
|
7E6B0000
|
direct allocation
|
page read and write
|
||
|
2F9E000
|
heap
|
page read and write
|
||
|
7EF70000
|
direct allocation
|
page read and write
|
||
|
2CCE000
|
unkown
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
24CE000
|
stack
|
page read and write
|
||
|
15AEF000
|
heap
|
page read and write
|
||
|
461000
|
unkown
|
page read and write
|
||
|
2F9D000
|
heap
|
page read and write
|
||
|
15B0F000
|
heap
|
page read and write
|
||
|
15AB1000
|
heap
|
page read and write
|
||
|
303B000
|
heap
|
page read and write
|
||
|
1A418000
|
direct allocation
|
page read and write
|
||
|
63B000
|
heap
|
page read and write
|
||
|
D3E000
|
stack
|
page read and write
|
||
|
3BB000
|
stack
|
page read and write
|
||
|
15B13000
|
heap
|
page read and write
|
||
|
824000
|
heap
|
page read and write
|
||
|
4F55000
|
heap
|
page read and write
|
||
|
2F84000
|
heap
|
page read and write
|
||
|
7E3C0000
|
direct allocation
|
page read and write
|
||
|
2AA4000
|
heap
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
2F85000
|
heap
|
page read and write
|
||
|
2D9F000
|
stack
|
page read and write
|
||
|
7EE30000
|
direct allocation
|
page read and write
|
||
|
4B09000
|
stack
|
page read and write
|
||
|
83D000
|
heap
|
page read and write
|
||
|
46E000
|
unkown
|
page read and write
|
||
|
7FD70000
|
direct allocation
|
page read and write
|
||
|
36E04000
|
direct allocation
|
page read and write
|
||
|
25D10000
|
heap
|
page read and write
|
||
|
2200000
|
heap
|
page read and write
|
||
|
36DEF000
|
direct allocation
|
page read and write
|
||
|
3070000
|
heap
|
page read and write
|
||
|
24F0000
|
heap
|
page read and write
|
||
|
2F7C000
|
heap
|
page read and write
|
||
|
1A5DE000
|
stack
|
page read and write
|
||
|
15BB0000
|
trusted library allocation
|
page read and write
|
||
|
2A8C000
|
stack
|
page read and write
|
||
|
7E940000
|
direct allocation
|
page read and write
|
||
|
502D000
|
stack
|
page read and write
|
||
|
25E40000
|
heap
|
page read and write
|
||
|
2333000
|
direct allocation
|
page read and write
|
||
|
2F9D000
|
heap
|
page read and write
|
||
|
4E7E000
|
direct allocation
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
3100000
|
heap
|
page read and write
|
||
|
9BB000
|
stack
|
page read and write
|
||
|
7F230000
|
direct allocation
|
page read and write
|
||
|
37D000
|
stack
|
page read and write
|
||
|
835000
|
heap
|
page read and write
|
||
|
2B2F000
|
stack
|
page read and write
|
||
|
7E720000
|
direct allocation
|
page read and write
|
||
|
625000
|
heap
|
page read and write
|
||
|
66E000
|
stack
|
page read and write
|
||
|
2F83000
|
heap
|
page read and write
|
||
|
636000
|
heap
|
page read and write
|
||
|
36E13000
|
direct allocation
|
page read and write
|
||
|
2F9D000
|
heap
|
page read and write
|
||
|
7E7D0000
|
direct allocation
|
page read and write
|
||
|
2396000
|
heap
|
page read and write
|
||
|
7E7AF000
|
direct allocation
|
page read and write
|
||
|
2318000
|
direct allocation
|
page read and write
|
||
|
29FE000
|
stack
|
page read and write
|
||
|
2830000
|
heap
|
page read and write
|
||
|
153BF000
|
stack
|
page read and write
|
||
|
21C6000
|
heap
|
page read and write
|
||
|
7FC6F000
|
direct allocation
|
page read and write
|
||
|
1AC10000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
509F000
|
stack
|
page read and write
|
||
|
2F9D000
|
heap
|
page read and write
|
||
|
4F20000
|
heap
|
page read and write
|
||
|
28E0000
|
heap
|
page read and write
|
||
|
2F85000
|
heap
|
page read and write
|
||
|
2CF7000
|
heap
|
page read and write
|
||
|
2324000
|
direct allocation
|
page read and write
|
||
|
4B80000
|
heap
|
page read and write
|
||
|
637000
|
heap
|
page read and write
|
||
|
16580000
|
direct allocation
|
page execute and read and write
|
||
|
2F84000
|
heap
|
page read and write
|
||
|
2340000
|
heap
|
page read and write
|
||
|
30C4000
|
heap
|
page read and write
|
||
|
232C000
|
direct allocation
|
page read and write
|
||
|
7E6A0000
|
direct allocation
|
page read and write
|
||
|
1A3E3000
|
direct allocation
|
page read and write
|
||
|
25B7D000
|
stack
|
page read and write
|
||
|
3770F000
|
stack
|
page read and write
|
||
|
2F15000
|
heap
|
page read and write
|
||
|
835000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
7E620000
|
direct allocation
|
page read and write
|
||
|
4F45000
|
heap
|
page read and write
|
||
|
4F5C000
|
heap
|
page read and write
|
||
|
4400000
|
heap
|
page read and write
|
||
|
2F9D000
|
heap
|
page read and write
|
||
|
69D000
|
heap
|
page read and write
|
||
|
37820000
|
trusted library allocation
|
page read and write
|
||
|
7EE50000
|
direct allocation
|
page read and write
|
||
|
2470000
|
direct allocation
|
page execute and read and write
|
||
|
4F5C000
|
heap
|
page read and write
|
||
|
290C000
|
heap
|
page read and write
|
||
|
4E10000
|
direct allocation
|
page read and write
|
||
|
7EE50000
|
direct allocation
|
page read and write
|
||
|
81A000
|
heap
|
page read and write
|
||
|
3034000
|
heap
|
page read and write
|
||
|
7F14D000
|
direct allocation
|
page read and write
|
||
|
14DDD000
|
direct allocation
|
page read and write
|
||
|
4F3A000
|
heap
|
page read and write
|
||
|
2F31000
|
direct allocation
|
page execute read
|
||
|
30DD000
|
heap
|
page read and write
|
||
|
2F9D000
|
heap
|
page read and write
|
||
|
2F6F000
|
stack
|
page read and write
|
||
|
2F85000
|
direct allocation
|
page read and write
|
||
|
2F83000
|
heap
|
page read and write
|
||
|
4E8C000
|
direct allocation
|
page read and write
|
||
|
2304000
|
direct allocation
|
page read and write
|
||
|
22E0000
|
direct allocation
|
page read and write
|
||
|
7EEB0000
|
direct allocation
|
page read and write
|
||
|
302E000
|
direct allocation
|
page read and write
|
||
|
6D5000
|
heap
|
page read and write
|
||
|
294E000
|
stack
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
824000
|
heap
|
page read and write
|
||
|
46E000
|
stack
|
page read and write
|
||
|
4F55000
|
heap
|
page read and write
|
||
|
2F9D000
|
heap
|
page read and write
|
||
|
15690000
|
remote allocation
|
page read and write
|
||
|
4F29000
|
heap
|
page read and write
|
||
|
310E000
|
heap
|
page read and write
|
||
|
7F830000
|
direct allocation
|
page read and write
|
||
|
61A000
|
heap
|
page read and write
|
||
|
4BBE000
|
stack
|
page read and write
|
||
|
24EC000
|
stack
|
page read and write
|
||
|
471000
|
direct allocation
|
page execute and read and write
|
||
|
31A0000
|
heap
|
page read and write
|
||
|
2F5E000
|
direct allocation
|
page read and write
|
||
|
4B90000
|
heap
|
page read and write
|
||
|
2F83000
|
heap
|
page read and write
|
||
|
7EEB0000
|
direct allocation
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
36F2A000
|
stack
|
page read and write
|
||
|
2F9E000
|
heap
|
page read and write
|
||
|
C8B000
|
stack
|
page read and write
|
||
|
156DE000
|
stack
|
page read and write
|
||
|
7FBC0000
|
direct allocation
|
page read and write
|
||
|
437B000
|
stack
|
page read and write
|
||
|
7F9B0000
|
direct allocation
|
page read and write
|
||
|
63B000
|
heap
|
page read and write
|
||
|
2B2E000
|
stack
|
page execute and read and write
|
||
|
471000
|
direct allocation
|
page execute and read and write
|
||
|
1A42D000
|
direct allocation
|
page read and write
|
||
|
14DD6000
|
direct allocation
|
page read and write
|
||
|
7E990000
|
direct allocation
|
page read and write
|
||
|
3008000
|
heap
|
page read and write
|
||
|
1500F000
|
stack
|
page read and write
|
||
|
1A44A000
|
direct allocation
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
37720000
|
heap
|
page read and write
|
||
|
7E68F000
|
direct allocation
|
page read and write
|
||
|
4EE000
|
stack
|
page read and write
|
||
|
22C5000
|
direct allocation
|
page read and write
|
||
|
475000
|
direct allocation
|
page execute and read and write
|
||
|
30C4000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
15B1E000
|
heap
|
page read and write
|
||
|
1AD20000
|
trusted library allocation
|
page read and write
|
||
|
2CFC000
|
heap
|
page read and write
|
||
|
3771F000
|
trusted library allocation
|
page read and write
|
||
|
1F5000
|
heap
|
page read and write
|
||
|
2F9D000
|
heap
|
page read and write
|
||
|
2313000
|
direct allocation
|
page read and write
|
||
|
7E940000
|
direct allocation
|
page read and write
|
||
|
7FC10000
|
direct allocation
|
page read and write
|
||
|
7EC90000
|
direct allocation
|
page read and write
|
||
|
15BC5000
|
heap
|
page read and write
|
||
|
5120000
|
trusted library allocation
|
page read and write
|
||
|
7E910000
|
direct allocation
|
page read and write
|
||
|
14CD0000
|
direct allocation
|
page read and write
|
||
|
637000
|
heap
|
page read and write
|
||
|
2380000
|
direct allocation
|
page execute and read and write
|
||
|
15690000
|
remote allocation
|
page read and write
|
||
|
22ED000
|
direct allocation
|
page read and write
|
||
|
7FA50000
|
direct allocation
|
page read and write
|
||
|
7E740000
|
direct allocation
|
page read and write
|
||
|
2F83000
|
heap
|
page read and write
|
||
|
635000
|
heap
|
page read and write
|
||
|
15AEC000
|
heap
|
page read and write
|
||
|
5FE000
|
stack
|
page read and write
|
||
|
15AB0000
|
heap
|
page read and write
|
||
|
2303000
|
direct allocation
|
page read and write
|
||
|
4D79000
|
direct allocation
|
page read and write
|
||
|
2360000
|
heap
|
page read and write
|
||
|
7F899000
|
direct allocation
|
page read and write
|
||
|
293F000
|
stack
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
3100000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
2E1C000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
3068000
|
heap
|
page read and write
|
||
|
2F9D000
|
heap
|
page read and write
|
||
|
30CF000
|
heap
|
page read and write
|
||
|
2E2F000
|
stack
|
page read and write
|
||
|
374BE000
|
stack
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
1A41F000
|
direct allocation
|
page read and write
|
||
|
2348000
|
direct allocation
|
page read and write
|
||
|
2B2F000
|
heap
|
page read and write
|
||
|
2FB7000
|
direct allocation
|
page execute and read and write
|
||
|
2AD6000
|
heap
|
page read and write
|
||
|
14DF3000
|
direct allocation
|
page read and write
|
||
|
2F83000
|
heap
|
page read and write
|
||
|
2F9D000
|
heap
|
page read and write
|
||
|
286A000
|
heap
|
page read and write
|
||
|
230A000
|
direct allocation
|
page read and write
|
||
|
16260000
|
trusted library allocation
|
page read and write
|
||
|
2311000
|
direct allocation
|
page read and write
|
||
|
259BB000
|
stack
|
page read and write
|
||
|
2DEE000
|
stack
|
page read and write
|
||
|
46C000
|
unkown
|
page read and write
|
||
|
4B70000
|
heap
|
page read and write
|
||
|
83B000
|
heap
|
page read and write
|
||
|
36E21000
|
direct allocation
|
page read and write
|
||
|
305A000
|
heap
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
36DF6000
|
direct allocation
|
page read and write
|
||
|
2F9D000
|
heap
|
page read and write
|
||
|
297B000
|
heap
|
page read and write
|
||
|
25B3F000
|
stack
|
page read and write
|
||
|
233A000
|
direct allocation
|
page read and write
|
||
|
2423000
|
heap
|
page read and write
|
||
|
6F90000
|
heap
|
page read and write
|
||
|
C45000
|
stack
|
page read and write
|
||
|
2AA0000
|
heap
|
page read and write
|
||
|
7E860000
|
direct allocation
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
4BC0000
|
heap
|
page read and write
|
||
|
43A0000
|
heap
|
page read and write
|
||
|
15BC0000
|
heap
|
page read and write
|
||
|
2F9D000
|
heap
|
page read and write
|
||
|
22FC000
|
direct allocation
|
page read and write
|
||
|
2990000
|
heap
|
page read and write
|
||
|
2300000
|
direct allocation
|
page read and write
|
||
|
7AE000
|
stack
|
page read and write
|
||
|
1F7000
|
heap
|
page read and write
|
||
|
83B000
|
heap
|
page read and write
|
||
|
2F9E000
|
heap
|
page read and write
|
||
|
14DEC000
|
direct allocation
|
page read and write
|
||
|
14F0A000
|
stack
|
page read and write
|
||
|
2E0E000
|
stack
|
page read and write
|
||
|
1A458000
|
direct allocation
|
page read and write
|
||
|
14F0F000
|
stack
|
page read and write
|
||
|
302B000
|
direct allocation
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
2EDE000
|
direct allocation
|
page read and write
|
||
|
7F230000
|
direct allocation
|
page read and write
|
||
|
303D000
|
heap
|
page read and write
|
||
|
22C2000
|
direct allocation
|
page read and write
|
||
|
2328000
|
direct allocation
|
page read and write
|
||
|
14D07000
|
direct allocation
|
page read and write
|
||
|
3B75F000
|
trusted library allocation
|
page read and write
|
||
|
2BDE000
|
heap
|
page read and write
|
||
|
30D7000
|
heap
|
page read and write
|
||
|
60E000
|
heap
|
page read and write
|
||
|
2F83000
|
heap
|
page read and write
|
||
|
2904000
|
heap
|
page read and write
|
||
|
1A426000
|
direct allocation
|
page read and write
|
||
|
1524F000
|
stack
|
page read and write
|
||
|
1510F000
|
stack
|
page read and write
|
||
|
7ECF0000
|
direct allocation
|
page read and write
|
||
|
22F2000
|
direct allocation
|
page read and write
|
||
|
7EEB0000
|
direct allocation
|
page read and write
|
||
|
15CEE000
|
heap
|
page read and write
|
||
|
63B000
|
heap
|
page read and write
|
||
|
60A000
|
heap
|
page read and write
|
||
|
15B42000
|
heap
|
page read and write
|
||
|
15AB1000
|
heap
|
page read and write
|
||
|
46B000
|
unkown
|
page write copy
|
||
|
577000
|
unkown
|
page readonly
|
||
|
4FEB000
|
stack
|
page read and write
|
||
|
505E000
|
stack
|
page read and write
|
||
|
81C000
|
heap
|
page read and write
|
||
|
15AB4000
|
heap
|
page read and write
|
||
|
16264000
|
heap
|
page read and write
|
||
|
1AB0E000
|
stack
|
page read and write
|
||
|
3160000
|
heap
|
page read and write
|
||
|
1A71E000
|
stack
|
page read and write
|
||
|
7E940000
|
direct allocation
|
page read and write
|
||
|
37710000
|
trusted library allocation
|
page read and write
|
||
|
15B46000
|
heap
|
page read and write
|
||
|
625000
|
heap
|
page read and write
|
||
|
659000
|
heap
|
page read and write
|
||
|
7EDC0000
|
direct allocation
|
page read and write
|
||
|
835000
|
heap
|
page read and write
|
||
|
4380000
|
heap
|
page read and write
|
||
|
93F000
|
stack
|
page read and write
|
||
|
53E0000
|
direct allocation
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
2F83000
|
heap
|
page read and write
|
||
|
154FD000
|
stack
|
page read and write
|
||
|
7F048000
|
direct allocation
|
page read and write
|
||
|
775000
|
heap
|
page read and write
|
||
|
1BB000
|
stack
|
page read and write
|
||
|
2370000
|
direct allocation
|
page execute and read and write
|
||
|
3760E000
|
stack
|
page read and write
|
||
|
7F8A0000
|
direct allocation
|
page read and write
|
||
|
7ECFF000
|
direct allocation
|
page read and write
|
||
|
7FC20000
|
direct allocation
|
page read and write
|
||
|
7EE50000
|
direct allocation
|
page read and write
|
||
|
7EC30000
|
direct allocation
|
page read and write
|
||
|
2440000
|
heap
|
page read and write
|
||
|
30CF000
|
heap
|
page read and write
|
||
|
748000
|
heap
|
page read and write
|
||
|
4ACD000
|
stack
|
page read and write
|
||
|
2860000
|
heap
|
page read and write
|
||
|
375C0000
|
heap
|
page read and write
|
||
|
8CF000
|
stack
|
page read and write
|
||
|
7F830000
|
direct allocation
|
page read and write
|
||
|
808000
|
heap
|
page read and write
|
||
|
7E910000
|
direct allocation
|
page read and write
|
||
|
7ECEF000
|
direct allocation
|
page read and write
|
||
|
287A000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
3B9000
|
stack
|
page read and write
|
||
|
163F0000
|
heap
|
page read and write
|
||
|
5EE000
|
stack
|
page read and write
|
||
|
14DC8000
|
direct allocation
|
page read and write
|
||
|
7EF20000
|
direct allocation
|
page read and write
|
||
|
1591E000
|
stack
|
page read and write
|
||
|
2F9D000
|
heap
|
page read and write
|
||
|
30F1000
|
heap
|
page read and write
|
||
|
7E5A0000
|
direct allocation
|
page read and write
|
||
|
7F1BC000
|
direct allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
7E550000
|
direct allocation
|
page read and write
|
||
|
2F10000
|
heap
|
page read and write
|
||
|
313E000
|
stack
|
page read and write
|
||
|
609000
|
heap
|
page read and write
|
||
|
61A000
|
heap
|
page read and write
|
||
|
693000
|
heap
|
page read and write
|
||
|
44A6000
|
heap
|
page read and write
|
||
|
2AA4000
|
heap
|
page read and write
|
||
|
4B60000
|
heap
|
page read and write
|
||
|
7EEB0000
|
direct allocation
|
page read and write
|
||
|
3720E000
|
stack
|
page read and write
|
||
|
2F9D000
|
heap
|
page read and write
|
||
|
461000
|
unkown
|
page write copy
|
||
|
370CE000
|
stack
|
page read and write
|
||
|
15BD0000
|
heap
|
page read and write
|
||
|
7E71F000
|
direct allocation
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
2F9D000
|
heap
|
page read and write
|
||
|
302F000
|
heap
|
page read and write
|
||
|
30AB000
|
direct allocation
|
page read and write
|
||
|
AFC000
|
stack
|
page read and write
|
||
|
2F84000
|
heap
|
page read and write
|
||
|
30DA000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
3107000
|
heap
|
page read and write
|
||
|
46C000
|
unkown
|
page read and write
|
||
|
14D37000
|
direct allocation
|
page read and write
|
||
|
4BF0000
|
heap
|
page read and write
|
||
|
2F5E000
|
direct allocation
|
page read and write
|
||
|
2E36000
|
heap
|
page read and write
|
||
|
2F9D000
|
heap
|
page read and write
|
||
|
7E850000
|
direct allocation
|
page read and write
|
||
|
7EEA0000
|
direct allocation
|
page read and write
|
||
|
16260000
|
direct allocation
|
page execute and read and write
|
||
|
7EE50000
|
direct allocation
|
page read and write
|
||
|
2523000
|
heap
|
page read and write
|
||
|
2A0E000
|
stack
|
page read and write
|
||
|
1AACE000
|
stack
|
page read and write
|
||
|
2585000
|
stack
|
page read and write
|
||
|
375BE000
|
stack
|
page read and write
|
||
|
2206000
|
heap
|
page read and write
|
||
|
475000
|
direct allocation
|
page execute and read and write
|
||
|
32A6000
|
heap
|
page read and write
|
||
|
6AB000
|
heap
|
page read and write
|
||
|
7F890000
|
direct allocation
|
page read and write
|
||
|
3030000
|
heap
|
page read and write
|
||
|
5110000
|
heap
|
page read and write
|
||
|
7FA30000
|
direct allocation
|
page read and write
|
||
|
975000
|
stack
|
page read and write
|
||
|
2F9D000
|
heap
|
page read and write
|
||
|
73E000
|
stack
|
page read and write
|
||
|
44A0000
|
heap
|
page read and write
|
||
|
72E000
|
stack
|
page read and write
|
||
|
2D9F000
|
stack
|
page read and write
|
||
|
7FC00000
|
direct allocation
|
page read and write
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
4F55000
|
heap
|
page read and write
|
||
|
25D00000
|
heap
|
page read and write
|
||
|
4E8E000
|
stack
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
1A81F000
|
stack
|
page read and write
|
||
|
825000
|
heap
|
page read and write
|
||
|
298F000
|
stack
|
page read and write
|
||
|
1A6DF000
|
stack
|
page read and write
|
||
|
4F20000
|
trusted library allocation
|
page read and write
|
||
|
14DC0000
|
direct allocation
|
page read and write
|
||
|
25BBF000
|
stack
|
page read and write
|
||
|
4F45000
|
heap
|
page read and write
|
||
|
7E846000
|
direct allocation
|
page read and write
|
||
|
2EB1000
|
direct allocation
|
page execute read
|
||
|
7E840000
|
direct allocation
|
page read and write
|
||
|
7DD000
|
stack
|
page read and write
|
||
|
2908000
|
heap
|
page read and write
|
||
|
1581E000
|
stack
|
page read and write
|
||
|
470000
|
unkown
|
page write copy
|
||
|
25A40000
|
heap
|
page read and write
|
||
|
30AB000
|
direct allocation
|
page execute and read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
2597D000
|
stack
|
page read and write
|
||
|
4E4B000
|
stack
|
page read and write
|
||
|
159A4000
|
heap
|
page read and write
|
||
|
81A000
|
heap
|
page read and write
|
||
|
2DA0000
|
heap
|
page read and write
|
||
|
7E91A000
|
direct allocation
|
page read and write
|
||
|
64AF000
|
stack
|
page read and write
|
||
|
1A97F000
|
stack
|
page read and write
|
||
|
7E8AF000
|
direct allocation
|
page read and write
|
||
|
36D7A000
|
direct allocation
|
page read and write
|
||
|
6530000
|
trusted library allocation
|
page read and write
|
||
|
2ADD000
|
heap
|
page read and write
|
||
|
5D7000
|
heap
|
page read and write
|
||
|
2350000
|
heap
|
page read and write
|
||
|
7E8C0000
|
direct allocation
|
page read and write
|
||
|
14DFA000
|
direct allocation
|
page read and write
|
||
|
2F84000
|
heap
|
page read and write
|
||
|
231D000
|
direct allocation
|
page read and write
|
||
|
636000
|
heap
|
page read and write
|
||
|
23FC000
|
stack
|
page read and write
|
||
|
7F8EF000
|
direct allocation
|
page read and write
|
||
|
22FD000
|
direct allocation
|
page read and write
|
||
|
28E4000
|
heap
|
page read and write
|
||
|
2A19000
|
heap
|
page read and write
|
||
|
7FABF000
|
direct allocation
|
page read and write
|
||
|
A1F000
|
stack
|
page read and write
|
||
|
22D0000
|
direct allocation
|
page read and write
|
||
|
2F9E000
|
heap
|
page read and write
|
||
|
2B2A000
|
stack
|
page read and write
|
||
|
2460000
|
heap
|
page read and write
|
||
|
471000
|
direct allocation
|
page execute and read and write
|
||
|
14DCF000
|
direct allocation
|
page read and write
|
||
|
7E8AF000
|
direct allocation
|
page read and write
|
||
|
15CE0000
|
heap
|
page read and write
|
||
|
7EEF0000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
46C000
|
unkown
|
page read and write
|
||
|
2866000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
1A451000
|
direct allocation
|
page read and write
|
||
|
7F1C0000
|
direct allocation
|
page read and write
|
||
|
14E08000
|
direct allocation
|
page read and write
|
||
|
4F5C000
|
heap
|
page read and write
|
||
|
371CF000
|
stack
|
page read and write
|
||
|
7E860000
|
direct allocation
|
page read and write
|
||
|
3708F000
|
stack
|
page read and write
|
||
|
3101000
|
heap
|
page read and write
|
||
|
15690000
|
remote allocation
|
page read and write
|
||
|
15BBF000
|
trusted library allocation
|
page read and write
|
||
|
2908000
|
heap
|
page read and write
|
||
|
37721000
|
heap
|
page read and write
|
||
|
2C60000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
15B17000
|
heap
|
page read and write
|
||
|
2DEE000
|
stack
|
page read and write
|
||
|
6C3000
|
heap
|
page read and write
|
||
|
2F9E000
|
heap
|
page read and write
|
||
|
22F4000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2F9D000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
6EE000
|
stack
|
page read and write
|
||
|
824000
|
heap
|
page read and write
|
||
|
1B9000
|
stack
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
1AC21000
|
heap
|
page read and write
|
||
|
5D5000
|
heap
|
page read and write
|
||
|
625000
|
heap
|
page read and write
|
||
|
4D10000
|
heap
|
page read and write
|
||
|
16226000
|
direct allocation
|
page read and write
|
||
|
30F8000
|
heap
|
page read and write
|
||
|
46E000
|
unkown
|
page read and write
|
||
|
157DF000
|
stack
|
page read and write
|
||
|
679000
|
heap
|
page read and write
|
||
|
2F9D000
|
heap
|
page read and write
|
||
|
2FB4000
|
direct allocation
|
page read and write
|
||
|
15B3E000
|
heap
|
page read and write
|
||
|
32A0000
|
heap
|
page read and write
|
||
|
1A443000
|
direct allocation
|
page read and write
|
||
|
7E620000
|
direct allocation
|
page read and write
|
||
|
90E000
|
stack
|
page read and write
|
||
|
A0F000
|
stack
|
page read and write
|
||
|
7FC90000
|
direct allocation
|
page read and write
|
||
|
2E3A000
|
heap
|
page read and write
|
||
|
2B3E000
|
heap
|
page read and write
|
||
|
2F9E000
|
heap
|
page read and write
|
||
|
3737E000
|
stack
|
page read and write
|
||
|
231A000
|
direct allocation
|
page read and write
|
||
|
7EF3F000
|
direct allocation
|
page read and write
|
||
|
25CC000
|
stack
|
page read and write
|
||
|
36E28000
|
direct allocation
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
7E8D0000
|
direct allocation
|
page read and write
|
||
|
1565E000
|
stack
|
page read and write
|
||
|
3100000
|
heap
|
page read and write
|
||
|
2F9D000
|
heap
|
page read and write
|
||
|
2F9D000
|
heap
|
page read and write
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
4B40000
|
direct allocation
|
page read and write
|
||
|
2F9D000
|
heap
|
page read and write
|
||
|
259FD000
|
stack
|
page read and write
|
||
|
32AA000
|
heap
|
page read and write
|
||
|
36E1A000
|
direct allocation
|
page read and write
|
||
|
3747F000
|
stack
|
page read and write
|
||
|
81C000
|
heap
|
page read and write
|
||
|
7EEFF000
|
direct allocation
|
page read and write
|
||
|
30FB000
|
heap
|
page read and write
|
||
|
78A000
|
heap
|
page read and write
|
||
|
91F000
|
stack
|
page read and write
|
||
|
3024000
|
heap
|
page read and write
|
||
|
2F85000
|
direct allocation
|
page read and write
|
||
|
7EF70000
|
direct allocation
|
page read and write
|
||
|
2F83000
|
heap
|
page read and write
|
||
|
7E520000
|
direct allocation
|
page read and write
|
||
|
2F9D000
|
heap
|
page read and write
|
||
|
2390000
|
heap
|
page read and write
|
||
|
4F5C000
|
heap
|
page read and write
|
||
|
14F0E000
|
stack
|
page execute and read and write
|
||
|
36F2E000
|
stack
|
page execute and read and write
|
||
|
43ED000
|
stack
|
page read and write
|
||
|
5830000
|
trusted library allocation
|
page read and write
|
||
|
17D000
|
stack
|
page read and write
|
||
|
4AF000
|
stack
|
page read and write
|
||
|
A3F000
|
stack
|
page read and write
|
||
|
3000000
|
heap
|
page read and write
|
||
|
294F000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
230C000
|
direct allocation
|
page read and write
|
||
|
14D7E000
|
direct allocation
|
page read and write
|
||
|
4F0F000
|
stack
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
7E8D0000
|
direct allocation
|
page read and write
|
||
|
3070000
|
heap
|
page read and write
|
||
|
14DE4000
|
direct allocation
|
page read and write
|
||
|
2370000
|
heap
|
page read and write
|
||
|
83B000
|
heap
|
page read and write
|
There are 664 hidden memdumps, click here to show them.