Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
OA32chYJ8O.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\ImageGuide 3.1.33.67\ImageGuide 3.1.33.67.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Simple Free Wave Editor\is-1MQDJ.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Simple Free Wave Editor\is-60S6C.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Simple Free Wave Editor\is-M01UV.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Simple Free Wave Editor\is-R13A0.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Simple Free Wave Editor\libeay32.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Simple Free Wave Editor\libssl-1_1.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Simple Free Wave Editor\ssleay32.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Simple Free Wave Editor\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-EE2L6.tmp\_isetup\_RegDLL.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-EE2L6.tmp\_isetup\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-EE2L6.tmp\_isetup\_isdecmp.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-EE2L6.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\ait_67.dat
|
ISO-8859 text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\arc_67.dat
|
data
|
dropped
|
||
|
C:\ProgramData\resource-a.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\resource-b.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Simple Free Wave Editor\is-1HREJ.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Simple Free Wave Editor\is-33DQT.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Simple Free Wave Editor\is-FM08P.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Simple Free Wave Editor\is-HGKV9.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Simple Free Wave Editor\snapshot_blob.bin (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Simple Free Wave Editor\unins000.dat
|
InnoSetup Log Simple Free Wave Editor, version 0x2a, 4038 bytes, 921702\user, "C:\Users\user\AppData\Local\Simple Free Wave
Editor"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Simple Free Wave Editor\v8_context_snapshot.bin (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Simple Free Wave Editor\vk_swiftshader_icd.json (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-EE2L6.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
There are 19 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\OA32chYJ8O.exe
|
"C:\Users\user\Desktop\OA32chYJ8O.exe"
|
|
|
|
C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe
|
"C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe" -i
|
|
|
|
C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe
|
"C:\Users\user\AppData\Local\Simple Free Wave Editor\simplefreewaveeditor.exe" -s
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp
|
"C:\Users\user\AppData\Local\Temp\is-LLJ6V.tmp\is-CK00F.tmp" /SL4 $1048E "C:\Users\user\Desktop\OA32chYJ8O.exe" 3675463 52224
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://bfoubsu.com/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e490854496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4374383ba915d911ec07bb706a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1ec909b38cb6a9e
|
45.88.90.160
|
|
|
|
http://bfoubsu.com/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c644db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608ffc14c1ec939f33
|
45.88.90.160
|
|
|
|
bfoubsu.com
|
|
||
|
http://www.innosetup.com/
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
http://45.88.90.160/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e4908544
|
unknown
|
||
|
http://repository.certum.pl/ctnca.cer09
|
unknown
|
||
|
http://repository.certum.pl/cscasha2.cer0
|
unknown
|
||
|
http://vovsoft.com
|
unknown
|
||
|
https://vovsoft.com/newsletter/
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
http://crl.certum.pl/ctnca.crl0k
|
unknown
|
||
|
http://ocsp.thawte.com0
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
|
unknown
|
||
|
http://www.remobjects.com/?ps
|
unknown
|
||
|
https://vovsoft.com/contact/.
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
|
unknown
|
||
|
https://www.certum.pl/CPS0
|
unknown
|
||
|
http://45.88.90.160/
|
unknown
|
||
|
http://crl.certum.pl/cscasha2.crl0q
|
unknown
|
||
|
https://vovsoft.com/contact/
|
unknown
|
||
|
http://cscasha2.ocsp-certum.com04
|
unknown
|
||
|
http://www.openssl.org/support/faq.html
|
unknown
|
||
|
http://45.88.90.160/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14
|
unknown
|
||
|
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
|
unknown
|
||
|
http://45.88.90.160/l
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
|
unknown
|
||
|
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
|
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
|
unknown
|
||
|
http://www.openssl.org).
|
unknown
|
||
|
http://subca.ocsp-certum.com01
|
unknown
|
||
|
https://www.openssl.org/H
|
unknown
|
||
|
http://www.innosetup.com
|
unknown
|
||
|
http://www.openssl.org/f
|
unknown
|
||
|
http://www.certum.pl/CPS0
|
unknown
|
||
|
http://www.remobjects.com/?psU
|
unknown
|
There are 27 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bfoubsu.com
|
45.88.90.160
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.88.90.160
|
bfoubsu.com
|
Bulgaria
|
|
|
|
88.80.148.19
|
unknown
|
Bulgaria
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Simple Free Wave Editor_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Simple Free Wave Editor_is1
|
Inno Setup: App Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Simple Free Wave Editor_is1
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Simple Free Wave Editor_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Simple Free Wave Editor_is1
|
Inno Setup: User
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Simple Free Wave Editor_is1
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Simple Free Wave Editor_is1
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Simple Free Wave Editor_is1
|
QuietUninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Simple Free Wave Editor_is1
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Simple Free Wave Editor_is1
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SmartCD
|
ig_i67_6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SmartCD
|
ig_s67_0
|
There are 2 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
963000
|
heap
|
page read and write
|
|
|
|
23A1000
|
direct allocation
|
page execute and read and write
|
|
|
|
770000
|
unkown
|
page execute and write copy
|
||
|
2F6D000
|
stack
|
page read and write
|
||
|
3103000
|
unkown
|
page readonly
|
||
|
800000
|
heap
|
page read and write
|
||
|
342E000
|
stack
|
page read and write
|
||
|
548000
|
unkown
|
page execute and write copy
|
||
|
2520000
|
heap
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
602000
|
heap
|
page read and write
|
||
|
20BAD802000
|
trusted library allocation
|
page read and write
|
||
|
3430000
|
heap
|
page read and write
|
||
|
279E000
|
stack
|
page read and write
|
||
|
4F3000
|
unkown
|
page readonly
|
||
|
18D000
|
stack
|
page read and write
|
||
|
410000
|
unkown
|
page readonly
|
||
|
30E0000
|
direct allocation
|
page read and write
|
||
|
BBA000
|
heap
|
page read and write
|
||
|
FD5157E000
|
unkown
|
page readonly
|
||
|
366E000
|
stack
|
page read and write
|
||
|
20BAD2D0000
|
heap
|
page read and write
|
||
|
A4C000
|
stack
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
23E9000
|
direct allocation
|
page read and write
|
||
|
BCB000
|
heap
|
page read and write
|
||
|
32FB000
|
heap
|
page read and write
|
||
|
782000
|
unkown
|
page execute and write copy
|
||
|
2350000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2767000
|
heap
|
page read and write
|
||
|
77E000
|
unkown
|
page execute and write copy
|
||
|
400000
|
unkown
|
page readonly
|
||
|
920000
|
heap
|
page read and write
|
||
|
24C4000
|
heap
|
page read and write
|
||
|
26F0000
|
direct allocation
|
page read and write
|
||
|
409000
|
unkown
|
page execute and read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
27CF000
|
heap
|
page read and write
|
||
|
5BA000
|
heap
|
page read and write
|
||
|
376F000
|
stack
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
33A1000
|
heap
|
page read and write
|
||
|
3380000
|
heap
|
page read and write
|
||
|
4BD000
|
unkown
|
page readonly
|
||
|
27DD000
|
heap
|
page read and write
|
||
|
780000
|
unkown
|
page execute and write copy
|
||
|
49E000
|
unkown
|
page readonly
|
||
|
32F4000
|
heap
|
page read and write
|
||
|
4BD000
|
unkown
|
page readonly
|
||
|
2539000
|
direct allocation
|
page read and write
|
||
|
356E000
|
stack
|
page read and write
|
||
|
347C000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
4C2000
|
unkown
|
page write copy
|
||
|
23C0000
|
direct allocation
|
page read and write
|
||
|
530000
|
direct allocation
|
page execute and read and write
|
||
|
339F000
|
heap
|
page read and write
|
||
|
788000
|
unkown
|
page execute and write copy
|
||
|
48D000
|
unkown
|
page read and write
|
||
|
2470000
|
direct allocation
|
page read and write
|
||
|
27DF000
|
heap
|
page read and write
|
||
|
2175000
|
direct allocation
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
80A000
|
heap
|
page read and write
|
||
|
32FA000
|
heap
|
page read and write
|
||
|
32FA000
|
heap
|
page read and write
|
||
|
ADA000
|
heap
|
page read and write
|
||
|
780000
|
unkown
|
page execute and write copy
|
||
|
366F000
|
stack
|
page read and write
|
||
|
27E1000
|
heap
|
page read and write
|
||
|
2170000
|
direct allocation
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
2480000
|
direct allocation
|
page read and write
|
||
|
20BAD028000
|
heap
|
page read and write
|
||
|
FD5147D000
|
stack
|
page read and write
|
||
|
325F000
|
stack
|
page read and write
|
||
|
3471000
|
heap
|
page read and write
|
||
|
FD5167E000
|
stack
|
page read and write
|
||
|
20BAD760000
|
trusted library allocation
|
page read and write
|
||
|
24D0000
|
direct allocation
|
page read and write
|
||
|
786000
|
unkown
|
page execute and write copy
|
||
|
36AE000
|
stack
|
page read and write
|
||
|
31AF000
|
stack
|
page read and write
|
||
|
32F0000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
20BAD002000
|
heap
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
3101000
|
unkown
|
page execute read
|
||
|
19C000
|
stack
|
page read and write
|
||
|
32FE000
|
heap
|
page read and write
|
||
|
2360000
|
heap
|
page read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
5CE000
|
heap
|
page read and write
|
||
|
490000
|
unkown
|
page write copy
|
||
|
20BAD02B000
|
heap
|
page read and write
|
||
|
FD5197E000
|
unkown
|
page readonly
|
||
|
23D0000
|
heap
|
page read and write
|
||
|
34F9000
|
heap
|
page read and write
|
||
|
2762000
|
heap
|
page read and write
|
||
|
38FC000
|
heap
|
page read and write
|
||
|
52F000
|
unkown
|
page readonly
|
||
|
32FA000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
2340000
|
direct allocation
|
page read and write
|
||
|
AB0000
|
direct allocation
|
page read and write
|
||
|
25E0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
20BACFD0000
|
heap
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
32F1000
|
heap
|
page read and write
|
||
|
FD51D7E000
|
unkown
|
page readonly
|
||
|
2C6B000
|
stack
|
page read and write
|
||
|
20E8000
|
direct allocation
|
page read and write
|
||
|
4C4000
|
unkown
|
page write copy
|
||
|
401000
|
unkown
|
page execute read
|
||
|
410000
|
unkown
|
page readonly
|
||
|
77E000
|
unkown
|
page execute and write copy
|
||
|
531000
|
unkown
|
page readonly
|
||
|
2740000
|
trusted library allocation
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
24C0000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
FD51C7E000
|
stack
|
page read and write
|
||
|
782000
|
unkown
|
page execute and write copy
|
||
|
885000
|
heap
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
332E000
|
stack
|
page read and write
|
||
|
88A000
|
heap
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
30E0000
|
heap
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
770000
|
unkown
|
page execute and write copy
|
||
|
520000
|
heap
|
page read and write
|
||
|
37AF000
|
stack
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
2602000
|
heap
|
page read and write
|
||
|
524000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
FD51B7E000
|
unkown
|
page readonly
|
||
|
21A1000
|
direct allocation
|
page read and write
|
||
|
4F3000
|
unkown
|
page readonly
|
||
|
2765000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
32FD000
|
heap
|
page read and write
|
||
|
940000
|
direct allocation
|
page read and write
|
||
|
605000
|
heap
|
page read and write
|
||
|
338B000
|
heap
|
page read and write
|
||
|
4C8000
|
unkown
|
page readonly
|
||
|
23DA000
|
direct allocation
|
page execute and read and write
|
||
|
48D000
|
unkown
|
page write copy
|
||
|
338E000
|
heap
|
page read and write
|
||
|
FD5187E000
|
stack
|
page read and write
|
||
|
FD51A7C000
|
stack
|
page read and write
|
||
|
5CA000
|
heap
|
page read and write
|
||
|
3419000
|
heap
|
page read and write
|
||
|
20BAD102000
|
heap
|
page read and write
|
||
|
33BE000
|
heap
|
page read and write
|
||
|
306F000
|
stack
|
page read and write
|
||
|
3424000
|
heap
|
page read and write
|
||
|
33B0000
|
heap
|
page read and write
|
||
|
20BAD000000
|
heap
|
page read and write
|
||
|
37B0000
|
heap
|
page read and write
|
||
|
32F1000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
24A0000
|
direct allocation
|
page read and write
|
||
|
20BAD03F000
|
heap
|
page read and write
|
||
|
32EF000
|
stack
|
page read and write
|
||
|
21A0000
|
direct allocation
|
page read and write
|
||
|
2350000
|
direct allocation
|
page read and write
|
||
|
277C000
|
heap
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
33C9000
|
heap
|
page read and write
|
||
|
788000
|
unkown
|
page execute and write copy
|
||
|
20BAD045000
|
heap
|
page read and write
|
||
|
3834000
|
heap
|
page read and write
|
||
|
5DD000
|
heap
|
page read and write
|
||
|
344D000
|
heap
|
page read and write
|
||
|
95E000
|
stack
|
page read and write
|
||
|
2184000
|
direct allocation
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
49E000
|
unkown
|
page readonly
|
||
|
38AF000
|
stack
|
page read and write
|
||
|
79D000
|
unkown
|
page execute and write copy
|
||
|
2370000
|
heap
|
page read and write
|
||
|
20D0000
|
direct allocation
|
page read and write
|
||
|
20BACFF0000
|
heap
|
page read and write
|
||
|
37AE000
|
stack
|
page read and write
|
||
|
20D4000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
FD5177E000
|
unkown
|
page readonly
|
||
|
10002000
|
unkown
|
page readonly
|
||
|
34BF000
|
stack
|
page read and write
|
||
|
27EE000
|
stack
|
page read and write
|
||
|
409000
|
unkown
|
page execute and read and write
|
||
|
339B000
|
heap
|
page read and write
|
||
|
786000
|
unkown
|
page execute and write copy
|
||
|
401000
|
unkown
|
page execute read
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
BAC000
|
heap
|
page read and write
|
||
|
30AE000
|
stack
|
page read and write
|
||
|
31EE000
|
stack
|
page read and write
|
||
|
23E0000
|
direct allocation
|
page read and write
|
||
|
2550000
|
heap
|
page read and write
|
||
|
79D000
|
unkown
|
page execute and write copy
|
||
|
40C000
|
unkown
|
page write copy
|
||
|
531000
|
unkown
|
page readonly
|
||
|
20BAD022000
|
heap
|
page read and write
|
||
|
3435000
|
heap
|
page read and write
|
||
|
548000
|
unkown
|
page execute and write copy
|
||
|
233E000
|
stack
|
page read and write
|
||
|
27A4000
|
heap
|
page read and write
|
||
|
3940000
|
heap
|
page read and write
|
||
|
27A0000
|
heap
|
page read and write
|
||
|
22EF000
|
stack
|
page read and write
|
||
|
33B0000
|
heap
|
page read and write
|
||
|
33A8000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
20E0000
|
direct allocation
|
page read and write
|
||
|
32AE000
|
stack
|
page read and write
|
||
|
32F5000
|
heap
|
page read and write
|
||
|
30E0000
|
direct allocation
|
page read and write
|
||
|
3610000
|
trusted library allocation
|
page read and write
|
||
|
2460000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2472000
|
direct allocation
|
page read and write
|
||
|
2178000
|
direct allocation
|
page read and write
|
||
|
32F0000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
4C8000
|
unkown
|
page readonly
|
||
|
32F3000
|
heap
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
4C2000
|
unkown
|
page write copy
|
||
|
2820000
|
heap
|
page read and write
|
||
|
609000
|
heap
|
page read and write
|
||
|
546000
|
heap
|
page read and write
|
||
|
4C4000
|
unkown
|
page write copy
|
||
|
20BAD013000
|
heap
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
275F000
|
stack
|
page read and write
|
||
|
616000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
5F6000
|
heap
|
page read and write
|
||
|
218C000
|
direct allocation
|
page read and write
|
||
|
D84000
|
heap
|
page read and write
|
||
|
3382000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
B8A000
|
heap
|
page read and write
|
||
|
315E000
|
stack
|
page read and write
|
||
|
52F000
|
unkown
|
page readonly
|
||
|
AC0000
|
direct allocation
|
page read and write
|
||
|
AB2000
|
direct allocation
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
FD50EAB000
|
stack
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2530000
|
direct allocation
|
page read and write
|
||
|
345E000
|
heap
|
page read and write
|
||
|
82F000
|
heap
|
page read and write
|
||
|
3100000
|
unkown
|
page readonly
|
There are 260 hidden memdumps, click here to show them.