Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
0RWRPBSuDx.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\WWAN_MobileFixup 2.33.197.66\WWAN_MobileFixup 2.33.197.66.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Codec Pack Update\is-06H7C.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Codec Pack Update\is-7NJT9.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Codec Pack Update\is-IQC7T.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Codec Pack Update\is-K5GCJ.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Codec Pack Update\is-K7UM1.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Codec Pack Update\is-MD4P1.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Codec Pack Update\is-MU2B9.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Codec Pack Update\libbz2-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Codec Pack Update\libgcc_s_dw2-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Codec Pack Update\libogg-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Codec Pack Update\libvorbis-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Codec Pack Update\libwinpthread-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Codec Pack Update\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-KVG27.tmp\_isetup\_RegDLL.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-KVG27.tmp\_isetup\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-KVG27.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\rc66.dat
|
data
|
dropped
|
||
|
C:\ProgramData\resource-a.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\resource-b.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\ts66.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Codec Pack Update\is-DUOVK.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Codec Pack Update\unins000.dat
|
InnoSetup Log Codec Pack Update, version 0x30, 4672 bytes, 098239\user, "C:\Users\user\AppData\Local\Codec Pack Update"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-KVG27.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
There are 17 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\0RWRPBSuDx.exe
|
"C:\Users\user\Desktop\0RWRPBSuDx.exe"
|
|
|
|
C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe
|
"C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe" -i
|
|
|
|
C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe
|
"C:\Users\user\AppData\Local\Codec Pack Update\codecpackupdate.exe" -s
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp
|
"C:\Users\user\AppData\Local\Temp\is-EDLGI.tmp\0RWRPBSuDx.tmp" /SL5="$20420,1594531,54272,C:\Users\user\Desktop\0RWRPBSuDx.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bvuppwf.com
|
|
||
|
http://bvuppwf.com/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c645db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608ffe16c1ec909e3b
|
45.142.214.240
|
|
|
|
http://bvuppwf.com/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992824d875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee949d3ace6a9216
|
45.142.214.240
|
|
|
|
http://www.innosetup.com/
|
unknown
|
||
|
http://45.142.214.240/search/?q=67e28dd86d55f128
|
unknown
|
||
|
http://45.142.214.240/search/?q=
|
unknown
|
||
|
http://45.142.214.240/search/?q=67e28dd8
|
unknown
|
||
|
http://45.142.214.240/
|
unknown
|
||
|
http://www.remobjects.com/psU
|
unknown
|
||
|
http://45.142.214.240/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e9
|
unknown
|
||
|
http://vovsoft.com
|
unknown
|
||
|
https://vovsoft.com/newsletter/
|
unknown
|
||
|
http://45.142.214.240/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df
|
unknown
|
||
|
http://mingw-w64.sourceforge.net/X
|
unknown
|
||
|
http://www.openssl.org).
|
unknown
|
||
|
http://45.142.214.240/search/?q=67e28dd86d55f128470aac1a7c27d784
|
unknown
|
||
|
https://vovsoft.com/contact/.
|
unknown
|
||
|
http://www.remobjects.com/ps
|
unknown
|
||
|
http://45.142.214.240/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e99282
|
unknown
|
||
|
http://45.142.214.240/search/?q=67e28dd86d55f128U-~
|
unknown
|
||
|
http://45.142.214.240/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c(
|
unknown
|
||
|
https://vovsoft.com/contact/
|
unknown
|
||
|
http://45.142.214.240/se0-
|
unknown
|
There are 13 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bvuppwf.com
|
45.142.214.240
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.142.214.240
|
bvuppwf.com
|
Russian Federation
|
|
|
|
88.80.148.19
|
unknown
|
Bulgaria
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Update_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Update_is1
|
Inno Setup: App Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Update_is1
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Update_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Update_is1
|
Inno Setup: User
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Update_is1
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Update_is1
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Update_is1
|
QuietUninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Update_is1
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Update_is1
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Update_is1
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Update_is1
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Update_is1
|
MajorVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Update_is1
|
MinorVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SVGALabel
|
wwmfi66_11
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SVGALabel
|
wwmfs66_8
|
There are 6 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
9F1000
|
direct allocation
|
page execute and read and write
|
|
|
|
731000
|
heap
|
page read and write
|
|
|
|
6BC000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
3465000
|
heap
|
page read and write
|
||
|
493000
|
unkown
|
page write copy
|
||
|
23A1000
|
heap
|
page read and write
|
||
|
9A0000
|
direct allocation
|
page read and write
|
||
|
B70000
|
direct allocation
|
page read and write
|
||
|
3682000
|
heap
|
page read and write
|
||
|
347C000
|
heap
|
page read and write
|
||
|
2134000
|
direct allocation
|
page read and write
|
||
|
2279000
|
heap
|
page read and write
|
||
|
8F8000
|
heap
|
page read and write
|
||
|
725000
|
heap
|
page read and write
|
||
|
327E000
|
stack
|
page read and write
|
||
|
237F000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
430000
|
heap
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
2110000
|
direct allocation
|
page read and write
|
||
|
562000
|
unkown
|
page execute and write copy
|
||
|
3313000
|
heap
|
page read and write
|
||
|
63A000
|
heap
|
page read and write
|
||
|
2434000
|
heap
|
page read and write
|
||
|
2134000
|
direct allocation
|
page read and write
|
||
|
66D000
|
heap
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
35F7000
|
heap
|
page read and write
|
||
|
278E000
|
stack
|
page read and write
|
||
|
4BF000
|
unkown
|
page readonly
|
||
|
409000
|
unkown
|
page execute and read and write
|
||
|
2074000
|
direct allocation
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
31FF000
|
stack
|
page read and write
|
||
|
4C4000
|
unkown
|
page write copy
|
||
|
564000
|
unkown
|
page execute and write copy
|
||
|
3316000
|
heap
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
3317000
|
heap
|
page read and write
|
||
|
9A4000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
34BE000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2118000
|
direct allocation
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
273E000
|
stack
|
page read and write
|
||
|
33C4000
|
heap
|
page read and write
|
||
|
2070000
|
direct allocation
|
page read and write
|
||
|
9ED000
|
heap
|
page read and write
|
||
|
A2A000
|
direct allocation
|
page execute and read and write
|
||
|
9C9000
|
heap
|
page read and write
|
||
|
337E000
|
stack
|
page read and write
|
||
|
4E9000
|
unkown
|
page execute and write copy
|
||
|
255E000
|
stack
|
page read and write
|
||
|
574000
|
unkown
|
page execute and write copy
|
||
|
3100000
|
direct allocation
|
page read and write
|
||
|
40B000
|
unkown
|
page read and write
|
||
|
3310000
|
heap
|
page read and write
|
||
|
2EFE000
|
stack
|
page read and write
|
||
|
566000
|
unkown
|
page execute and write copy
|
||
|
2400000
|
direct allocation
|
page read and write
|
||
|
259E000
|
stack
|
page read and write
|
||
|
3486000
|
heap
|
page read and write
|
||
|
3390000
|
direct allocation
|
page read and write
|
||
|
2250000
|
heap
|
page read and write
|
||
|
24A0000
|
direct allocation
|
page read and write
|
||
|
2170000
|
heap
|
page read and write
|
||
|
34A9000
|
heap
|
page read and write
|
||
|
26FE000
|
stack
|
page read and write
|
||
|
35CC000
|
heap
|
page read and write
|
||
|
570000
|
unkown
|
page execute and write copy
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2134000
|
direct allocation
|
page read and write
|
||
|
27B0000
|
heap
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
B80000
|
direct allocation
|
page read and write
|
||
|
33CC000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
3100000
|
direct allocation
|
page read and write
|
||
|
562000
|
unkown
|
page execute and write copy
|
||
|
30FD000
|
stack
|
page read and write
|
||
|
4C9000
|
heap
|
page read and write
|
||
|
608000
|
heap
|
page read and write
|
||
|
4E9000
|
unkown
|
page execute and write copy
|
||
|
54F000
|
unkown
|
page execute and write copy
|
||
|
33B8000
|
heap
|
page read and write
|
||
|
18D000
|
stack
|
page read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
740000
|
direct allocation
|
page read and write
|
||
|
347F000
|
stack
|
page read and write
|
||
|
33DD000
|
heap
|
page read and write
|
||
|
2409000
|
direct allocation
|
page read and write
|
||
|
4A4000
|
unkown
|
page readonly
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
2143000
|
direct allocation
|
page read and write
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
55C000
|
unkown
|
page execute and write copy
|
||
|
2141000
|
direct allocation
|
page read and write
|
||
|
331D000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
217C000
|
direct allocation
|
page read and write
|
||
|
2710000
|
heap
|
page read and write
|
||
|
4C4000
|
unkown
|
page write copy
|
||
|
33AC000
|
heap
|
page read and write
|
||
|
331D000
|
heap
|
page read and write
|
||
|
760000
|
direct allocation
|
page read and write
|
||
|
2275000
|
heap
|
page read and write
|
||
|
3312000
|
heap
|
page read and write
|
||
|
6D9000
|
heap
|
page read and write
|
||
|
411000
|
unkown
|
page readonly
|
||
|
55C000
|
unkown
|
page execute and write copy
|
||
|
61A000
|
heap
|
page read and write
|
||
|
57A000
|
unkown
|
page execute and write copy
|
||
|
19D000
|
stack
|
page read and write
|
||
|
6BF000
|
heap
|
page read and write
|
||
|
56A000
|
unkown
|
page execute and write copy
|
||
|
56A000
|
unkown
|
page execute and write copy
|
||
|
4C8000
|
unkown
|
page readonly
|
||
|
661000
|
heap
|
page read and write
|
||
|
2088000
|
direct allocation
|
page read and write
|
||
|
3688000
|
heap
|
page read and write
|
||
|
2FFF000
|
stack
|
page read and write
|
||
|
3319000
|
heap
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
323E000
|
stack
|
page read and write
|
||
|
B90000
|
direct allocation
|
page read and write
|
||
|
63E000
|
heap
|
page read and write
|
||
|
56C000
|
unkown
|
page execute and write copy
|
||
|
574000
|
unkown
|
page execute and write copy
|
||
|
2300000
|
direct allocation
|
page read and write
|
||
|
992000
|
direct allocation
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
2380000
|
direct allocation
|
page read and write
|
||
|
3314000
|
heap
|
page read and write
|
||
|
57A000
|
unkown
|
page execute and write copy
|
||
|
850000
|
heap
|
page read and write
|
||
|
2270000
|
heap
|
page read and write
|
||
|
2260000
|
heap
|
page read and write
|
||
|
2490000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
70C000
|
stack
|
page read and write
|
||
|
653000
|
heap
|
page read and write
|
||
|
AF9000
|
direct allocation
|
page read and write
|
||
|
94F000
|
stack
|
page read and write
|
||
|
4BF000
|
unkown
|
page readonly
|
||
|
36C0000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
2220000
|
direct allocation
|
page execute and read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
54F000
|
unkown
|
page execute and write copy
|
||
|
68F000
|
heap
|
page read and write
|
||
|
3317000
|
heap
|
page read and write
|
||
|
4DD0000
|
trusted library allocation
|
page read and write
|
||
|
4C2000
|
unkown
|
page write copy
|
||
|
622000
|
heap
|
page read and write
|
||
|
4CE000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
4C8000
|
unkown
|
page readonly
|
||
|
25E0000
|
heap
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
566000
|
unkown
|
page execute and write copy
|
||
|
337F000
|
stack
|
page read and write
|
||
|
363E000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page write copy
|
||
|
2780000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
493000
|
unkown
|
page read and write
|
||
|
9E6000
|
heap
|
page read and write
|
||
|
3319000
|
heap
|
page read and write
|
||
|
6A3000
|
heap
|
page read and write
|
||
|
6BF000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
211C000
|
direct allocation
|
page read and write
|
||
|
26BF000
|
stack
|
page read and write
|
||
|
990000
|
direct allocation
|
page read and write
|
||
|
BDE000
|
stack
|
page read and write
|
||
|
99E000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
35C0000
|
heap
|
page read and write
|
||
|
98E000
|
stack
|
page read and write
|
||
|
2300000
|
direct allocation
|
page read and write
|
||
|
4C2000
|
unkown
|
page write copy
|
||
|
3310000
|
heap
|
page read and write
|
||
|
2BFB000
|
stack
|
page read and write
|
||
|
33BD000
|
heap
|
page read and write
|
||
|
411000
|
unkown
|
page readonly
|
||
|
AF0000
|
direct allocation
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
33B2000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
2480000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3786000
|
heap
|
page read and write
|
||
|
2128000
|
direct allocation
|
page read and write
|
||
|
860000
|
direct allocation
|
page read and write
|
||
|
343E000
|
heap
|
page read and write
|
||
|
73E000
|
stack
|
page read and write
|
||
|
56C000
|
unkown
|
page execute and write copy
|
||
|
564000
|
unkown
|
page execute and write copy
|
||
|
33DC000
|
heap
|
page read and write
|
||
|
B82000
|
direct allocation
|
page read and write
|
||
|
25B0000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
8E0000
|
direct allocation
|
page read and write
|
||
|
496000
|
unkown
|
page write copy
|
||
|
37CA000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
32FE000
|
stack
|
page read and write
|
||
|
6CA000
|
heap
|
page read and write
|
||
|
570000
|
unkown
|
page execute and write copy
|
||
|
35BF000
|
stack
|
page read and write
|
||
|
409000
|
unkown
|
page execute and read and write
|
||
|
659000
|
heap
|
page read and write
|
||
|
313E000
|
stack
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
33B4000
|
heap
|
page read and write
|
||
|
4A4000
|
unkown
|
page readonly
|
||
|
620000
|
heap
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
345C000
|
heap
|
page read and write
|
||
|
689000
|
heap
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
2430000
|
heap
|
page read and write
|
||
|
10002000
|
unkown
|
page readonly
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
33DF000
|
heap
|
page read and write
|
||
|
2080000
|
direct allocation
|
page read and write
|
||
|
33CC000
|
heap
|
page read and write
|
||
|
2117000
|
direct allocation
|
page read and write
|
There are 230 hidden memdumps, click here to show them.