Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\WWAN_MobileFixup 2.33.197.66\WWAN_MobileFixup 2.33.197.66.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Metatogger Music Collection\is-2EOVT.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Metatogger Music Collection\is-6VPG9.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Metatogger Music Collection\is-7CP2O.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Metatogger Music Collection\is-B2M6R.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Metatogger Music Collection\is-JTEEN.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Metatogger Music Collection\is-OSHRA.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Metatogger Music Collection\is-QO8P8.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Metatogger Music Collection\libbz2-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Metatogger Music Collection\libgcc_s_dw2-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Metatogger Music Collection\libogg-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Metatogger Music Collection\libvorbis-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Metatogger Music Collection\libwinpthread-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Metatogger Music Collection\metatoggermusiccollection.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Metatogger Music Collection\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-4BCG1.tmp\file.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-N32CN.tmp\_isetup\_RegDLL.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-N32CN.tmp\_isetup\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-N32CN.tmp\_isetup\_isdecmp.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-N32CN.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\rc66.dat
|
data
|
dropped
|
||
|
C:\ProgramData\resource-a.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\resource-b.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\ts66.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Metatogger Music Collection\is-7EQGF.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Metatogger Music Collection\unins000.dat
|
InnoSetup Log Metatogger Music Collection, version 0x30, 4833 bytes, 648351\user, "C:\Users\user\AppData\Local\Metatogger
Music Collection"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-N32CN.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
There are 18 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Users\user\AppData\Local\Metatogger Music Collection\metatoggermusiccollection.exe
|
"C:\Users\user\AppData\Local\Metatogger Music Collection\metatoggermusiccollection.exe" -i
|
|
|
|
C:\Users\user\AppData\Local\Metatogger Music Collection\metatoggermusiccollection.exe
|
"C:\Users\user\AppData\Local\Metatogger Music Collection\metatoggermusiccollection.exe" -s
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-4BCG1.tmp\file.tmp
|
"C:\Users\user\AppData\Local\Temp\is-4BCG1.tmp\file.tmp" /SL5="$20446,1681617,54272,C:\Users\user\Desktop\file.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://csoodgx.net/search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86e9958648875a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3acd6a9f14
|
45.142.214.240
|
|
|
|
http://csoodgx.net/search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4fe8889b5e4fa9281ae978f371ea771795af8e05c645db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608ffe16c1ef909339
|
45.142.214.240
|
|
|
|
http://www.innosetup.com/
|
unknown
|
||
|
http://45.142.214.240/
|
unknown
|
||
|
http://www.remobjects.com/psU
|
unknown
|
||
|
http://vovsoft.com
|
unknown
|
||
|
https://vovsoft.com/newsletter/
|
unknown
|
||
|
http://mingw-w64.sourceforge.net/X
|
unknown
|
||
|
http://www.openssl.org).
|
unknown
|
||
|
https://vovsoft.com/contact/.
|
unknown
|
||
|
http://www.remobjects.com/ps
|
unknown
|
||
|
http://45.142.214.240/search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86e99586
|
unknown
|
||
|
https://vovsoft.com/contact/
|
unknown
|
||
|
http://45.142.214.240/search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12ebb517aa5c96bd86ed82df
|
unknown
|
There are 4 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
csoodgx.net
|
45.142.214.240
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.142.214.240
|
csoodgx.net
|
Russian Federation
|
|
|
|
89.105.201.183
|
unknown
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Metatogger Music Collection_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Metatogger Music Collection_is1
|
Inno Setup: App Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Metatogger Music Collection_is1
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Metatogger Music Collection_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Metatogger Music Collection_is1
|
Inno Setup: User
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Metatogger Music Collection_is1
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Metatogger Music Collection_is1
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Metatogger Music Collection_is1
|
QuietUninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Metatogger Music Collection_is1
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Metatogger Music Collection_is1
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Metatogger Music Collection_is1
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Metatogger Music Collection_is1
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Metatogger Music Collection_is1
|
MajorVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Metatogger Music Collection_is1
|
MinorVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SVGALabel
|
wwmfi66_3
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SVGALabel
|
wwmfs66_15
|
There are 6 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
25B9000
|
heap
|
page read and write
|
|
|
|
2AD1000
|
direct allocation
|
page execute and read and write
|
|
|
|
400000
|
unkown
|
page readonly
|
||
|
33CF000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page write copy
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
74E000
|
heap
|
page read and write
|
||
|
6E4000
|
heap
|
page read and write
|
||
|
A5F000
|
stack
|
page read and write
|
||
|
324E000
|
stack
|
page read and write
|
||
|
33EE000
|
heap
|
page read and write
|
||
|
79D000
|
heap
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
3325000
|
heap
|
page read and write
|
||
|
3320000
|
heap
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
332B000
|
heap
|
page read and write
|
||
|
4C2000
|
unkown
|
page write copy
|
||
|
400000
|
unkown
|
page readonly
|
||
|
B22000
|
direct allocation
|
page read and write
|
||
|
2110000
|
heap
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
B30000
|
direct allocation
|
page read and write
|
||
|
30BE000
|
stack
|
page read and write
|
||
|
4D46000
|
direct allocation
|
page read and write
|
||
|
2F3F000
|
stack
|
page read and write
|
||
|
222E000
|
direct allocation
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
2680000
|
heap
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
4BF000
|
unkown
|
page readonly
|
||
|
2204000
|
direct allocation
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
879000
|
heap
|
page read and write
|
||
|
74A000
|
heap
|
page read and write
|
||
|
789000
|
heap
|
page read and write
|
||
|
493000
|
unkown
|
page write copy
|
||
|
77D000
|
heap
|
page read and write
|
||
|
332B000
|
heap
|
page read and write
|
||
|
33E8000
|
heap
|
page read and write
|
||
|
2600000
|
heap
|
page read and write
|
||
|
348C000
|
heap
|
page read and write
|
||
|
2E3E000
|
stack
|
page read and write
|
||
|
3110000
|
direct allocation
|
page read and write
|
||
|
33DA000
|
heap
|
page read and write
|
||
|
4C2000
|
unkown
|
page write copy
|
||
|
7AD000
|
heap
|
page read and write
|
||
|
37E8000
|
heap
|
page read and write
|
||
|
23F0000
|
direct allocation
|
page read and write
|
||
|
2470000
|
direct allocation
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
4C8000
|
unkown
|
page readonly
|
||
|
33BB000
|
heap
|
page read and write
|
||
|
3324000
|
heap
|
page read and write
|
||
|
411000
|
unkown
|
page readonly
|
||
|
345D000
|
heap
|
page read and write
|
||
|
4C8000
|
unkown
|
page readonly
|
||
|
2211000
|
direct allocation
|
page read and write
|
||
|
2213000
|
direct allocation
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
4A4000
|
unkown
|
page readonly
|
||
|
23E0000
|
heap
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
25AE000
|
stack
|
page read and write
|
||
|
33BB000
|
heap
|
page read and write
|
||
|
4D4A000
|
direct allocation
|
page read and write
|
||
|
2470000
|
direct allocation
|
page read and write
|
||
|
2460000
|
heap
|
page read and write
|
||
|
680000
|
direct allocation
|
page execute and read and write
|
||
|
332F000
|
heap
|
page read and write
|
||
|
2130000
|
direct allocation
|
page read and write
|
||
|
4D40000
|
direct allocation
|
page read and write
|
||
|
6AF000
|
heap
|
page read and write
|
||
|
496000
|
unkown
|
page write copy
|
||
|
2B0A000
|
direct allocation
|
page execute and read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
78C000
|
heap
|
page read and write
|
||
|
2ACF000
|
stack
|
page read and write
|
||
|
76A000
|
heap
|
page read and write
|
||
|
346D000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
2360000
|
direct allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
797000
|
heap
|
page read and write
|
||
|
31FE000
|
stack
|
page read and write
|
||
|
33D0000
|
heap
|
page read and write
|
||
|
347F000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
6B2000
|
heap
|
page read and write
|
||
|
2479000
|
direct allocation
|
page read and write
|
||
|
36DF000
|
stack
|
page read and write
|
||
|
411000
|
unkown
|
page readonly
|
||
|
21E4000
|
direct allocation
|
page read and write
|
||
|
7CF000
|
heap
|
page read and write
|
||
|
31BF000
|
stack
|
page read and write
|
||
|
3326000
|
heap
|
page read and write
|
||
|
21E0000
|
direct allocation
|
page read and write
|
||
|
409000
|
unkown
|
page execute and read and write
|
||
|
21EC000
|
direct allocation
|
page read and write
|
||
|
338F000
|
stack
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
698000
|
heap
|
page read and write
|
||
|
770000
|
direct allocation
|
page read and write
|
||
|
2BBC000
|
stack
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page execute and read and write
|
||
|
87D000
|
heap
|
page read and write
|
||
|
4D4D000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3350000
|
heap
|
page read and write
|
||
|
335E000
|
heap
|
page read and write
|
||
|
3363000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
85A000
|
heap
|
page read and write
|
||
|
2479000
|
direct allocation
|
page read and write
|
||
|
4E7000
|
unkown
|
page execute and write copy
|
||
|
3390000
|
heap
|
page read and write
|
||
|
A70000
|
direct allocation
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
2204000
|
direct allocation
|
page read and write
|
||
|
24F0000
|
direct allocation
|
page read and write
|
||
|
2124000
|
direct allocation
|
page read and write
|
||
|
3328000
|
heap
|
page read and write
|
||
|
2291000
|
heap
|
page read and write
|
||
|
4BA000
|
heap
|
page read and write
|
||
|
36E0000
|
heap
|
page read and write
|
||
|
716000
|
heap
|
page read and write
|
||
|
21E8000
|
direct allocation
|
page read and write
|
||
|
493000
|
unkown
|
page read and write
|
||
|
4BF000
|
unkown
|
page readonly
|
||
|
341C000
|
heap
|
page read and write
|
||
|
22E7000
|
unkown
|
page readonly
|
||
|
4E7000
|
unkown
|
page execute and write copy
|
||
|
3320000
|
heap
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
780000
|
heap
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
3356000
|
heap
|
page read and write
|
||
|
24F0000
|
direct allocation
|
page read and write
|
||
|
4A4000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
62E000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
871000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2310000
|
heap
|
page read and write
|
||
|
B30000
|
direct allocation
|
page read and write
|
||
|
32FD000
|
stack
|
page read and write
|
||
|
2CBB000
|
stack
|
page read and write
|
||
|
33D7000
|
heap
|
page read and write
|
||
|
2315000
|
heap
|
page read and write
|
||
|
22E1000
|
unkown
|
page execute read
|
||
|
B10000
|
direct allocation
|
page read and write
|
||
|
6A9000
|
heap
|
page read and write
|
||
|
7D2000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
3110000
|
direct allocation
|
page read and write
|
||
|
349E000
|
stack
|
page read and write
|
||
|
332A000
|
heap
|
page read and write
|
||
|
23B0000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
348D000
|
heap
|
page read and write
|
||
|
788000
|
heap
|
page read and write
|
||
|
82C000
|
heap
|
page read and write
|
||
|
10002000
|
unkown
|
page readonly
|
||
|
33E8000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
33DA000
|
heap
|
page read and write
|
||
|
33C1000
|
heap
|
page read and write
|
||
|
B20000
|
direct allocation
|
page read and write
|
||
|
40B000
|
unkown
|
page read and write
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
B22000
|
direct allocation
|
page read and write
|
||
|
359F000
|
stack
|
page read and write
|
||
|
2138000
|
direct allocation
|
page read and write
|
||
|
2360000
|
direct allocation
|
page read and write
|
||
|
2760000
|
heap
|
page read and write
|
||
|
2DFE000
|
stack
|
page read and write
|
||
|
328E000
|
stack
|
page read and write
|
||
|
3327000
|
heap
|
page read and write
|
||
|
4C4000
|
unkown
|
page write copy
|
||
|
22E5000
|
unkown
|
page readonly
|
||
|
21F8000
|
direct allocation
|
page read and write
|
||
|
4D40000
|
trusted library allocation
|
page read and write
|
||
|
95F000
|
stack
|
page read and write
|
||
|
480000
|
heap
|
page read and write
|
||
|
2F7E000
|
stack
|
page read and write
|
||
|
2120000
|
direct allocation
|
page read and write
|
||
|
35DE000
|
stack
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
2CFE000
|
stack
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
2319000
|
heap
|
page read and write
|
||
|
832000
|
heap
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
66E000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
18D000
|
stack
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
22E0000
|
unkown
|
page readonly
|
||
|
B10000
|
direct allocation
|
page read and write
|
||
|
AF0000
|
direct allocation
|
page read and write
|
||
|
3458000
|
heap
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
33E6000
|
heap
|
page read and write
|
||
|
21E7000
|
direct allocation
|
page read and write
|
||
|
27D0000
|
trusted library allocation
|
page read and write
|
||
|
B20000
|
direct allocation
|
page read and write
|
||
|
4BE000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
336B000
|
heap
|
page read and write
|
||
|
314E000
|
stack
|
page read and write
|
||
|
33B9000
|
heap
|
page read and write
|
||
|
307E000
|
stack
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
3329000
|
heap
|
page read and write
|
||
|
2380000
|
heap
|
page read and write
|
||
|
22E6000
|
unkown
|
page write copy
|
||
|
4C4000
|
unkown
|
page write copy
|
||
|
9C000
|
stack
|
page read and write
|
There are 218 hidden memdumps, click here to show them.