Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
mU2p71KMss.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\VirtualStore\_README.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\f261f702-1524-4c10-82ff-88b548e0117a\mU2p71KMss.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\EEGWXUHVUG\EEGWXUHVUG.docx
|
data
|
dropped
|
|
|
|
C:\Users\user\Desktop\EIVQSAOTAQ.jpg
|
data
|
dropped
|
|
|
|
C:\Users\user\Desktop\UNKRLCVOHV.mp3
|
data
|
dropped
|
|
|
|
C:\Users\user\Desktop\mU2p71KMss.exe
|
MS-DOS executable
|
dropped
|
|
|
|
C:\Users\user\Desktop\mU2p71KMss.exe.bgzq (copy)
|
MS-DOS executable
|
dropped
|
|
|
|
C:\Users\user\_README.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\SystemID\PersonalID.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\.curlrc
|
data
|
dropped
|
||
|
C:\Users\user\.curlrc.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LocalPrefs.json
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LocalPrefs.json.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000003.log.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000003.log.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\get[1].htm
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\bowsakkdestx.txt
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\f261f702-1524-4c10-82ff-88b548e0117a\mU2p71KMss.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\Desktop\BNAGMGSPLO.docx
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\BNAGMGSPLO.docx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\BNAGMGSPLO\BNAGMGSPLO.docx
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\BNAGMGSPLO\BNAGMGSPLO.docx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\BNAGMGSPLO\EEGWXUHVUG.pdf
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\BNAGMGSPLO\EEGWXUHVUG.pdf.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\BNAGMGSPLO\EFOYFBOLXA.png
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\BNAGMGSPLO\EFOYFBOLXA.png.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\BNAGMGSPLO\GRXZDKKVDB.mp3
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\BNAGMGSPLO\GRXZDKKVDB.mp3.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\BNAGMGSPLO\NVWZAPQSQL.jpg
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\BNAGMGSPLO\NVWZAPQSQL.jpg.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\BNAGMGSPLO\SQSJKEBWDT.xlsx
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\BNAGMGSPLO\SQSJKEBWDT.xlsx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\DUUDTUBZFW.pdf
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\DUUDTUBZFW.pdf.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\EEGWXUHVUG.docx
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\EEGWXUHVUG.docx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\EEGWXUHVUG.pdf
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\EEGWXUHVUG.pdf.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\EEGWXUHVUG\DUUDTUBZFW.pdf
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\EEGWXUHVUG\DUUDTUBZFW.pdf.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\EEGWXUHVUG\EEGWXUHVUG.docx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\EEGWXUHVUG\EIVQSAOTAQ.jpg
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\EEGWXUHVUG\EIVQSAOTAQ.jpg.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\EEGWXUHVUG\GRXZDKKVDB.xlsx
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\EEGWXUHVUG\GRXZDKKVDB.xlsx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\EEGWXUHVUG\KLIZUSIQEN.png
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\EEGWXUHVUG\KLIZUSIQEN.png.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\EEGWXUHVUG\QCOILOQIKC.mp3
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\EEGWXUHVUG\QCOILOQIKC.mp3.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\EFOYFBOLXA.png
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\EFOYFBOLXA.png.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\EIVQSAOTAQ.jpg.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\EIVQSAOTAQ.mp3
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\EIVQSAOTAQ.mp3.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\EIVQSAOTAQ.pdf
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\EIVQSAOTAQ.pdf.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\EOWRVPQCCS.png
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\EOWRVPQCCS.png.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\GRXZDKKVDB.mp3
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\GRXZDKKVDB.mp3.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\GRXZDKKVDB.pdf
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\GRXZDKKVDB.pdf.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\GRXZDKKVDB.xlsx
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\GRXZDKKVDB.xlsx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\KLIZUSIQEN.png
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\KLIZUSIQEN.png.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\NVWZAPQSQL.docx
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\NVWZAPQSQL.docx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\NVWZAPQSQL.jpg
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\NVWZAPQSQL.jpg.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\NVWZAPQSQL.xlsx
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\NVWZAPQSQL.xlsx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\NVWZAPQSQL\EIVQSAOTAQ.pdf
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\NVWZAPQSQL\EIVQSAOTAQ.pdf.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\NVWZAPQSQL\NVWZAPQSQL.docx
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\NVWZAPQSQL\NVWZAPQSQL.docx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\NVWZAPQSQL\PALRGUCVEH.xlsx
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\NVWZAPQSQL\PALRGUCVEH.xlsx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\NVWZAPQSQL\TQDFJHPUIU.jpg
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\NVWZAPQSQL\TQDFJHPUIU.jpg.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\NVWZAPQSQL\UNKRLCVOHV.mp3
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\NVWZAPQSQL\UNKRLCVOHV.mp3.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\NVWZAPQSQL\ZIPXYXWIOY.png
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\NVWZAPQSQL\ZIPXYXWIOY.png.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\PALRGUCVEH.jpg
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\PALRGUCVEH.jpg.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\PALRGUCVEH.xlsx
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\PALRGUCVEH.xlsx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\QCOILOQIKC.mp3
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\QCOILOQIKC.mp3.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\SQSJKEBWDT.docx
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\SQSJKEBWDT.docx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\SQSJKEBWDT.xlsx
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\SQSJKEBWDT.xlsx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\SQSJKEBWDT\EIVQSAOTAQ.mp3
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\SQSJKEBWDT\EIVQSAOTAQ.mp3.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\SQSJKEBWDT\EOWRVPQCCS.png
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\SQSJKEBWDT\EOWRVPQCCS.png.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\SQSJKEBWDT\GRXZDKKVDB.pdf
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\SQSJKEBWDT\GRXZDKKVDB.pdf.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\SQSJKEBWDT\NVWZAPQSQL.xlsx
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\SQSJKEBWDT\NVWZAPQSQL.xlsx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\SQSJKEBWDT\PALRGUCVEH.jpg
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\SQSJKEBWDT\PALRGUCVEH.jpg.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\SQSJKEBWDT\SQSJKEBWDT.docx
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\SQSJKEBWDT\SQSJKEBWDT.docx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\TQDFJHPUIU.jpg
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\TQDFJHPUIU.jpg.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\UNKRLCVOHV.mp3.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\ZIPXYXWIOY.png
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\ZIPXYXWIOY.png.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\BNAGMGSPLO.docx
|
data
|
dropped
|
||
|
C:\Users\user\Documents\BNAGMGSPLO.docx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\BNAGMGSPLO\BNAGMGSPLO.docx
|
data
|
dropped
|
||
|
C:\Users\user\Documents\BNAGMGSPLO\BNAGMGSPLO.docx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\BNAGMGSPLO\EEGWXUHVUG.pdf
|
data
|
dropped
|
||
|
C:\Users\user\Documents\BNAGMGSPLO\EEGWXUHVUG.pdf.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\BNAGMGSPLO\EFOYFBOLXA.png
|
data
|
dropped
|
||
|
C:\Users\user\Documents\BNAGMGSPLO\EFOYFBOLXA.png.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\BNAGMGSPLO\GRXZDKKVDB.mp3
|
data
|
dropped
|
||
|
C:\Users\user\Documents\BNAGMGSPLO\GRXZDKKVDB.mp3.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\BNAGMGSPLO\NVWZAPQSQL.jpg
|
data
|
dropped
|
||
|
C:\Users\user\Documents\BNAGMGSPLO\NVWZAPQSQL.jpg.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\BNAGMGSPLO\SQSJKEBWDT.xlsx
|
data
|
dropped
|
||
|
C:\Users\user\Documents\BNAGMGSPLO\SQSJKEBWDT.xlsx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\DUUDTUBZFW.pdf
|
data
|
dropped
|
||
|
C:\Users\user\Documents\DUUDTUBZFW.pdf.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\EEGWXUHVUG.docx
|
data
|
dropped
|
||
|
C:\Users\user\Documents\EEGWXUHVUG.docx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\EEGWXUHVUG.pdf
|
data
|
dropped
|
||
|
C:\Users\user\Documents\EEGWXUHVUG.pdf.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\EEGWXUHVUG\DUUDTUBZFW.pdf
|
data
|
dropped
|
||
|
C:\Users\user\Documents\EEGWXUHVUG\DUUDTUBZFW.pdf.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\EEGWXUHVUG\EEGWXUHVUG.docx
|
data
|
dropped
|
||
|
C:\Users\user\Documents\EEGWXUHVUG\EEGWXUHVUG.docx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\EEGWXUHVUG\EIVQSAOTAQ.jpg
|
data
|
dropped
|
||
|
C:\Users\user\Documents\EEGWXUHVUG\EIVQSAOTAQ.jpg.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\EEGWXUHVUG\GRXZDKKVDB.xlsx
|
data
|
modified
|
||
|
C:\Users\user\Documents\EEGWXUHVUG\GRXZDKKVDB.xlsx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\EEGWXUHVUG\KLIZUSIQEN.png
|
data
|
dropped
|
||
|
C:\Users\user\Documents\EEGWXUHVUG\KLIZUSIQEN.png.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\EEGWXUHVUG\QCOILOQIKC.mp3
|
data
|
dropped
|
||
|
C:\Users\user\Documents\EEGWXUHVUG\QCOILOQIKC.mp3.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\EFOYFBOLXA.png
|
data
|
dropped
|
||
|
C:\Users\user\Documents\EFOYFBOLXA.png.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\EIVQSAOTAQ.jpg
|
data
|
dropped
|
||
|
C:\Users\user\Documents\EIVQSAOTAQ.jpg.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\EIVQSAOTAQ.mp3
|
data
|
dropped
|
||
|
C:\Users\user\Documents\EIVQSAOTAQ.mp3.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\EIVQSAOTAQ.pdf
|
data
|
dropped
|
||
|
C:\Users\user\Documents\EIVQSAOTAQ.pdf.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\EOWRVPQCCS.png
|
data
|
dropped
|
||
|
C:\Users\user\Documents\EOWRVPQCCS.png.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\GRXZDKKVDB.mp3
|
data
|
dropped
|
||
|
C:\Users\user\Documents\GRXZDKKVDB.mp3.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\GRXZDKKVDB.pdf
|
data
|
dropped
|
||
|
C:\Users\user\Documents\GRXZDKKVDB.pdf.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\GRXZDKKVDB.xlsx
|
data
|
dropped
|
||
|
C:\Users\user\Documents\GRXZDKKVDB.xlsx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\KLIZUSIQEN.png
|
data
|
dropped
|
||
|
C:\Users\user\Documents\KLIZUSIQEN.png.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\NVWZAPQSQL.docx
|
data
|
dropped
|
||
|
C:\Users\user\Documents\NVWZAPQSQL.docx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\NVWZAPQSQL.jpg
|
data
|
dropped
|
||
|
C:\Users\user\Documents\NVWZAPQSQL.jpg.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\NVWZAPQSQL.xlsx
|
data
|
dropped
|
||
|
C:\Users\user\Documents\NVWZAPQSQL.xlsx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\NVWZAPQSQL\EIVQSAOTAQ.pdf
|
data
|
dropped
|
||
|
C:\Users\user\Documents\NVWZAPQSQL\EIVQSAOTAQ.pdf.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\NVWZAPQSQL\NVWZAPQSQL.docx
|
data
|
dropped
|
||
|
C:\Users\user\Documents\NVWZAPQSQL\NVWZAPQSQL.docx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\NVWZAPQSQL\PALRGUCVEH.xlsx
|
data
|
dropped
|
||
|
C:\Users\user\Documents\NVWZAPQSQL\PALRGUCVEH.xlsx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\NVWZAPQSQL\TQDFJHPUIU.jpg
|
data
|
dropped
|
||
|
C:\Users\user\Documents\NVWZAPQSQL\TQDFJHPUIU.jpg.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\NVWZAPQSQL\UNKRLCVOHV.mp3
|
data
|
dropped
|
||
|
C:\Users\user\Documents\NVWZAPQSQL\UNKRLCVOHV.mp3.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\NVWZAPQSQL\ZIPXYXWIOY.png
|
data
|
dropped
|
||
|
C:\Users\user\Documents\NVWZAPQSQL\ZIPXYXWIOY.png.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\PALRGUCVEH.jpg
|
data
|
dropped
|
||
|
C:\Users\user\Documents\PALRGUCVEH.jpg.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\PALRGUCVEH.xlsx
|
data
|
dropped
|
||
|
C:\Users\user\Documents\PALRGUCVEH.xlsx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\QCOILOQIKC.mp3
|
data
|
dropped
|
||
|
C:\Users\user\Documents\QCOILOQIKC.mp3.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\SQSJKEBWDT.docx
|
data
|
dropped
|
||
|
C:\Users\user\Documents\SQSJKEBWDT.docx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\SQSJKEBWDT.xlsx
|
data
|
dropped
|
||
|
C:\Users\user\Documents\SQSJKEBWDT.xlsx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\SQSJKEBWDT\EIVQSAOTAQ.mp3
|
data
|
dropped
|
||
|
C:\Users\user\Documents\SQSJKEBWDT\EIVQSAOTAQ.mp3.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\SQSJKEBWDT\EOWRVPQCCS.png
|
data
|
dropped
|
||
|
C:\Users\user\Documents\SQSJKEBWDT\EOWRVPQCCS.png.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\SQSJKEBWDT\GRXZDKKVDB.pdf
|
data
|
dropped
|
||
|
C:\Users\user\Documents\SQSJKEBWDT\GRXZDKKVDB.pdf.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\SQSJKEBWDT\NVWZAPQSQL.xlsx
|
data
|
dropped
|
||
|
C:\Users\user\Documents\SQSJKEBWDT\NVWZAPQSQL.xlsx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\SQSJKEBWDT\PALRGUCVEH.jpg
|
data
|
dropped
|
||
|
C:\Users\user\Documents\SQSJKEBWDT\PALRGUCVEH.jpg.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\SQSJKEBWDT\SQSJKEBWDT.docx
|
data
|
dropped
|
||
|
C:\Users\user\Documents\SQSJKEBWDT\SQSJKEBWDT.docx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\TQDFJHPUIU.jpg
|
data
|
dropped
|
||
|
C:\Users\user\Documents\TQDFJHPUIU.jpg.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\UNKRLCVOHV.mp3
|
data
|
dropped
|
||
|
C:\Users\user\Documents\UNKRLCVOHV.mp3.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\ZIPXYXWIOY.png
|
data
|
dropped
|
||
|
C:\Users\user\Documents\ZIPXYXWIOY.png.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\BNAGMGSPLO.docx
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\BNAGMGSPLO.docx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\DUUDTUBZFW.pdf
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\DUUDTUBZFW.pdf.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\EEGWXUHVUG.docx
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\EEGWXUHVUG.docx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\EEGWXUHVUG.pdf
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\EEGWXUHVUG.pdf.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\EFOYFBOLXA.png
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\EFOYFBOLXA.png.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\EIVQSAOTAQ.jpg
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\EIVQSAOTAQ.jpg.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\EIVQSAOTAQ.mp3
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\EIVQSAOTAQ.mp3.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\EIVQSAOTAQ.pdf
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\EIVQSAOTAQ.pdf.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\EOWRVPQCCS.png
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\EOWRVPQCCS.png.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\GRXZDKKVDB.mp3
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\GRXZDKKVDB.mp3.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\GRXZDKKVDB.pdf
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\GRXZDKKVDB.pdf.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\GRXZDKKVDB.xlsx
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\GRXZDKKVDB.xlsx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\KLIZUSIQEN.png
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\KLIZUSIQEN.png.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\NVWZAPQSQL.docx
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\NVWZAPQSQL.docx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\NVWZAPQSQL.jpg
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\NVWZAPQSQL.jpg.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\NVWZAPQSQL.xlsx
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\NVWZAPQSQL.xlsx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\PALRGUCVEH.jpg
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\PALRGUCVEH.jpg.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\PALRGUCVEH.xlsx
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\PALRGUCVEH.xlsx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\QCOILOQIKC.mp3
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\QCOILOQIKC.mp3.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\SQSJKEBWDT.docx
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\SQSJKEBWDT.docx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\SQSJKEBWDT.xlsx
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\SQSJKEBWDT.xlsx.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\TQDFJHPUIU.jpg
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\TQDFJHPUIU.jpg.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\UNKRLCVOHV.mp3
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\UNKRLCVOHV.mp3.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\ZIPXYXWIOY.png
|
data
|
dropped
|
||
|
C:\Users\user\Downloads\ZIPXYXWIOY.png.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Favorites\Amazon.url
|
data
|
dropped
|
||
|
C:\Users\user\Favorites\Amazon.url.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Favorites\Bing.url
|
data
|
dropped
|
||
|
C:\Users\user\Favorites\Bing.url.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Favorites\Facebook.url
|
data
|
dropped
|
||
|
C:\Users\user\Favorites\Facebook.url.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Favorites\Google.url
|
data
|
dropped
|
||
|
C:\Users\user\Favorites\Google.url.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Favorites\Live.url
|
data
|
dropped
|
||
|
C:\Users\user\Favorites\Live.url.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Favorites\NYTimes.url
|
data
|
dropped
|
||
|
C:\Users\user\Favorites\NYTimes.url.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Favorites\Reddit.url
|
data
|
dropped
|
||
|
C:\Users\user\Favorites\Reddit.url.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Favorites\Twitter.url
|
data
|
dropped
|
||
|
C:\Users\user\Favorites\Twitter.url.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Favorites\Wikipedia.url
|
data
|
dropped
|
||
|
C:\Users\user\Favorites\Wikipedia.url.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Favorites\Youtube.url
|
data
|
dropped
|
||
|
C:\Users\user\Favorites\Youtube.url.bgzq (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1003}-.searchconnector-ms
|
data
|
dropped
|
||
|
C:\Users\user\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1003}-.searchconnector-ms.bgzq (copy)
|
data
|
dropped
|
There are 278 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\mU2p71KMss.exe
|
"C:\Users\user\Desktop\mU2p71KMss.exe"
|
|
|
|
C:\Users\user\Desktop\mU2p71KMss.exe
|
"C:\Users\user\Desktop\mU2p71KMss.exe"
|
|
|
|
C:\Users\user\Desktop\mU2p71KMss.exe
|
"C:\Users\user\Desktop\mU2p71KMss.exe" --Admin IsNotAutoStart IsNotTask
|
|
|
|
C:\Users\user\Desktop\mU2p71KMss.exe
|
"C:\Users\user\Desktop\mU2p71KMss.exe" --Admin IsNotAutoStart IsNotTask
|
|
|
|
C:\Users\user\AppData\Local\f261f702-1524-4c10-82ff-88b548e0117a\mU2p71KMss.exe
|
C:\Users\user\AppData\Local\f261f702-1524-4c10-82ff-88b548e0117a\mU2p71KMss.exe --Task
|
|
|
|
C:\Users\user\AppData\Local\f261f702-1524-4c10-82ff-88b548e0117a\mU2p71KMss.exe
|
C:\Users\user\AppData\Local\f261f702-1524-4c10-82ff-88b548e0117a\mU2p71KMss.exe --Task
|
|
|
|
C:\Users\user\AppData\Local\f261f702-1524-4c10-82ff-88b548e0117a\mU2p71KMss.exe
|
"C:\Users\user\AppData\Local\f261f702-1524-4c10-82ff-88b548e0117a\mU2p71KMss.exe" --AutoStart
|
|
|
|
C:\Users\user\AppData\Local\f261f702-1524-4c10-82ff-88b548e0117a\mU2p71KMss.exe
|
"C:\Users\user\AppData\Local\f261f702-1524-4c10-82ff-88b548e0117a\mU2p71KMss.exe" --AutoStart
|
|
|
|
C:\Users\user\AppData\Local\f261f702-1524-4c10-82ff-88b548e0117a\mU2p71KMss.exe
|
"C:\Users\user\AppData\Local\f261f702-1524-4c10-82ff-88b548e0117a\mU2p71KMss.exe" --AutoStart
|
|
|
|
C:\Users\user\AppData\Local\f261f702-1524-4c10-82ff-88b548e0117a\mU2p71KMss.exe
|
"C:\Users\user\AppData\Local\f261f702-1524-4c10-82ff-88b548e0117a\mU2p71KMss.exe" --AutoStart
|
|
|
|
C:\Windows\SysWOW64\icacls.exe
|
icacls "C:\Users\user\AppData\Local\f261f702-1524-4c10-82ff-88b548e0117a" /deny *S-1-1-0:(OI)(CI)(DE,DC)
|
There are 1 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://cajgtus.com/test2/get.php?pid=903E7F261711F85395E5CEFBF4173C54
|
62.150.232.50
|
|
|
|
http://cajgtus.com/test2/get.php
|
|
||
|
http://cajgtus.com/test2/get.phprk
|
unknown
|
||
|
http://www.nytimes.com/
|
unknown
|
||
|
https://api.2ip.ua/
|
unknown
|
||
|
https://wetransfer.com/downloadsVn
|
unknown
|
||
|
https://api.2ip.ua/a
|
unknown
|
||
|
https://api.2ip.ua/geo.jsonhy
|
unknown
|
||
|
https://api.2ip.ua/geo.jsonpTf
|
unknown
|
||
|
https://api.2ip.ua/K
|
unknown
|
||
|
http://www.amazon.com/
|
unknown
|
||
|
http://www.twitter.com/
|
unknown
|
||
|
https://api.2ip.ua/geo.json
|
104.21.65.24
|
||
|
http://www.openssl.org/support/faq.html
|
unknown
|
||
|
https://api.2ip.ua/geo.jsonmp
|
unknown
|
||
|
https://api.2ip.ua/geo.jsonb
|
unknown
|
||
|
https://api.2ip.ua/geo.json=
|
unknown
|
||
|
http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/Error
|
unknown
|
||
|
https://api.2ip.ua/geo.json9
|
unknown
|
||
|
https://api.2ip.ua/geo.jsonyS
|
unknown
|
||
|
https://api.2ip.ua/D
|
unknown
|
||
|
https://api.2ip.ua/geo.jsont
|
unknown
|
||
|
http://www.youtube.com/
|
unknown
|
||
|
https://wetransfer.com/downloads/54cdfd152fe98eedb628a1f4ddb7076420240421150208/403a27
|
unknown
|
||
|
https://api.2ip.ua/geo.jsonSf
|
unknown
|
||
|
https://api.2ip.ua/geo.jsons
|
unknown
|
||
|
https://api.2ip.ua/geo.jsonM
|
unknown
|
||
|
https://api.2ip.ua/geo.jsons:$
|
unknown
|
||
|
http://www.wikipedia.com/
|
unknown
|
||
|
https://api.2ip.ua/.
|
unknown
|
||
|
https://api.2ip.ua/geo.json.7
|
unknown
|
||
|
http://www.live.com/
|
unknown
|
||
|
https://api.2ip.ua/2
|
unknown
|
||
|
http://www.reddit.com/
|
unknown
|
||
|
http://www.google.com/
|
unknown
|
||
|
https://api.2ip.ua/geo.jsonqS
|
unknown
|
There are 26 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
cajgtus.com
|
62.150.232.50
|
|
|
|
api.2ip.ua
|
104.21.65.24
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
62.150.232.50
|
cajgtus.com
|
Kuwait
|
|
|
|
104.21.65.24
|
api.2ip.ua
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
SysHelper
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion
|
SysHelper
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
5DC0000
|
direct allocation
|
page execute and read and write
|
|
|
|
5C80000
|
direct allocation
|
page execute and read and write
|
|
|
|
5DE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
5DD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
5E10000
|
direct allocation
|
page execute and read and write
|
|
|
|
7BB000
|
heap
|
page read and write
|
||
|
40A1000
|
unkown
|
page readonly
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
41CE000
|
stack
|
page read and write
|
||
|
442F000
|
stack
|
page read and write
|
||
|
412000
|
unkown
|
page readonly
|
||
|
19B000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
412000
|
unkown
|
page readonly
|
||
|
9B000
|
stack
|
page read and write
|
||
|
19E000
|
stack
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
4250000
|
direct allocation
|
page read and write
|
||
|
412000
|
unkown
|
page readonly
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
423A000
|
heap
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
445F000
|
stack
|
page read and write
|
||
|
28FE000
|
stack
|
page read and write
|
||
|
4430000
|
heap
|
page read and write
|
||
|
197000
|
stack
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
4130000
|
heap
|
page read and write
|
||
|
279E000
|
stack
|
page read and write
|
||
|
2FB0000
|
remote allocation
|
page read and write
|
||
|
2D70000
|
heap
|
page read and write
|
||
|
6BE000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2DFE000
|
stack
|
page read and write
|
||
|
423E000
|
heap
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
43CF000
|
stack
|
page read and write
|
||
|
421000
|
unkown
|
page write copy
|
||
|
4270000
|
heap
|
page read and write
|
||
|
4B3000
|
unkown
|
page read and write
|
||
|
197000
|
stack
|
page read and write
|
||
|
412000
|
unkown
|
page readonly
|
||
|
4410000
|
heap
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
4B3000
|
unkown
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
4238000
|
heap
|
page read and write
|
||
|
45F0000
|
direct allocation
|
page read and write
|
||
|
2CB0000
|
heap
|
page read and write
|
||
|
41B000
|
unkown
|
page write copy
|
||
|
529000
|
remote allocation
|
page execute and read and write
|
||
|
421000
|
unkown
|
page write copy
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
8B8000
|
heap
|
page read and write
|
||
|
88E000
|
stack
|
page read and write
|
||
|
349C000
|
stack
|
page read and write
|
||
|
688000
|
heap
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
40F0000
|
heap
|
page read and write
|
||
|
41B000
|
unkown
|
page write copy
|
||
|
400000
|
unkown
|
page readonly
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
412000
|
unkown
|
page readonly
|
||
|
19B000
|
stack
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
731000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2CEE000
|
stack
|
page read and write
|
||
|
7B6000
|
heap
|
page read and write
|
||
|
789000
|
heap
|
page read and write
|
||
|
5E7000
|
heap
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
29CD000
|
stack
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
421000
|
unkown
|
page write copy
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
714000
|
heap
|
page read and write
|
||
|
2D50000
|
heap
|
page read and write
|
||
|
7CF000
|
stack
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
412000
|
unkown
|
page readonly
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
40F0000
|
heap
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
785000
|
heap
|
page read and write
|
||
|
276F000
|
stack
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
2FB0000
|
remote allocation
|
page read and write
|
||
|
421000
|
unkown
|
page write copy
|
||
|
76C000
|
heap
|
page read and write
|
||
|
2CAF000
|
stack
|
page read and write
|
||
|
31EC000
|
stack
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
412000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
41D0000
|
heap
|
page read and write
|
||
|
30B1000
|
heap
|
page read and write
|
||
|
78B000
|
heap
|
page read and write
|
||
|
7B6000
|
heap
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
2DBF000
|
stack
|
page read and write
|
||
|
2E9E000
|
stack
|
page read and write
|
||
|
193000
|
stack
|
page read and write
|
||
|
29FF000
|
stack
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
412000
|
unkown
|
page readonly
|
||
|
7A3000
|
heap
|
page read and write
|
||
|
409F000
|
unkown
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
71A000
|
heap
|
page read and write
|
||
|
755000
|
heap
|
page read and write
|
||
|
421000
|
unkown
|
page write copy
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
4B3000
|
unkown
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
40A1000
|
unkown
|
page readonly
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
2BAE000
|
stack
|
page read and write
|
||
|
63E000
|
stack
|
page read and write
|
||
|
4230000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
28AF000
|
stack
|
page read and write
|
||
|
78C000
|
heap
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
758000
|
heap
|
page read and write
|
||
|
3300000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2A10000
|
heap
|
page read and write
|
||
|
9CE000
|
stack
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
443A000
|
heap
|
page read and write
|
||
|
4100000
|
heap
|
page read and write
|
||
|
6070000
|
heap
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
2F5F000
|
stack
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
19B000
|
stack
|
page read and write
|
||
|
40B0000
|
heap
|
page read and write
|
||
|
6EB000
|
heap
|
page read and write
|
||
|
421000
|
unkown
|
page write copy
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
52B000
|
remote allocation
|
page execute and read and write
|
||
|
193000
|
stack
|
page read and write
|
||
|
729000
|
heap
|
page read and write
|
||
|
766000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
8F7000
|
heap
|
page read and write
|
||
|
A4F000
|
stack
|
page read and write
|
||
|
2FB1000
|
heap
|
page read and write
|
||
|
57E000
|
stack
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
2A6E000
|
stack
|
page read and write
|
||
|
6DE000
|
stack
|
page read and write
|
||
|
6D8000
|
heap
|
page read and write
|
||
|
2E60000
|
remote allocation
|
page read and write
|
||
|
4490000
|
heap
|
page read and write
|
||
|
275F000
|
stack
|
page read and write
|
||
|
2FB0000
|
remote allocation
|
page read and write
|
||
|
30B0000
|
remote allocation
|
page read and write
|
||
|
466F000
|
stack
|
page read and write
|
||
|
906000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
768000
|
heap
|
page read and write
|
||
|
32EA000
|
stack
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
2B6D000
|
stack
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
5FC0000
|
heap
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
727000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
4610000
|
heap
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
27AE000
|
stack
|
page read and write
|
||
|
26BF000
|
stack
|
page read and write
|
||
|
3420000
|
heap
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
2A10000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
5F5000
|
heap
|
page read and write
|
||
|
19B000
|
stack
|
page read and write
|
||
|
637000
|
heap
|
page read and write
|
||
|
769000
|
heap
|
page read and write
|
||
|
40EE000
|
stack
|
page read and write
|
||
|
7B1000
|
heap
|
page read and write
|
||
|
52B000
|
remote allocation
|
page execute and read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
5CE000
|
stack
|
page read and write
|
||
|
726000
|
heap
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
40A1000
|
unkown
|
page readonly
|
||
|
193000
|
stack
|
page read and write
|
||
|
2CB9000
|
heap
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
2DFE000
|
stack
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
2E5E000
|
stack
|
page read and write
|
||
|
41B000
|
unkown
|
page write copy
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
30B0000
|
remote allocation
|
page read and write
|
||
|
781000
|
heap
|
page read and write
|
||
|
706000
|
heap
|
page read and write
|
||
|
41B000
|
unkown
|
page write copy
|
||
|
2F5F000
|
stack
|
page read and write
|
||
|
41B000
|
unkown
|
page read and write
|
||
|
7BF000
|
heap
|
page read and write
|
||
|
4B3000
|
unkown
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
6000000
|
heap
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
4180000
|
heap
|
page read and write
|
||
|
28FE000
|
stack
|
page read and write
|
||
|
197000
|
stack
|
page read and write
|
||
|
529000
|
remote allocation
|
page execute and read and write
|
||
|
263F000
|
stack
|
page read and write
|
||
|
30EA000
|
heap
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
30B1000
|
heap
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
92D000
|
heap
|
page read and write
|
||
|
29FF000
|
stack
|
page read and write
|
||
|
2F5E000
|
stack
|
page read and write
|
||
|
2DFE000
|
stack
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
4430000
|
heap
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
915000
|
heap
|
page read and write
|
||
|
4420000
|
direct allocation
|
page read and write
|
||
|
769000
|
heap
|
page read and write
|
||
|
7A1000
|
heap
|
page read and write
|
||
|
40A1000
|
unkown
|
page readonly
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
277F000
|
stack
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
412000
|
unkown
|
page readonly
|
||
|
19E000
|
stack
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
ADE000
|
stack
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
6C8000
|
heap
|
page read and write
|
||
|
27BF000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
930000
|
heap
|
page read and write
|
||
|
67E000
|
stack
|
page read and write
|
||
|
90F000
|
stack
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
2FB0000
|
remote allocation
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
421000
|
unkown
|
page write copy
|
||
|
28FE000
|
stack
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
41CE000
|
stack
|
page read and write
|
||
|
732000
|
heap
|
page read and write
|
||
|
26BF000
|
stack
|
page read and write
|
||
|
40A1000
|
unkown
|
page readonly
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
2A6E000
|
stack
|
page read and write
|
||
|
41F0000
|
heap
|
page read and write
|
||
|
2DFE000
|
stack
|
page read and write
|
||
|
2FB0000
|
remote allocation
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
41B000
|
unkown
|
page write copy
|
||
|
412000
|
unkown
|
page readonly
|
||
|
8CF000
|
stack
|
page read and write
|
||
|
2BAE000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2A6E000
|
stack
|
page read and write
|
||
|
40A1000
|
unkown
|
page readonly
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
2B6D000
|
stack
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
40A1000
|
unkown
|
page readonly
|
||
|
40A1000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
41B000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
720000
|
heap
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
90E000
|
stack
|
page read and write
|
||
|
30D3000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
64E000
|
stack
|
page read and write
|
||
|
29FF000
|
stack
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
52B000
|
remote allocation
|
page execute and read and write
|
||
|
19B000
|
stack
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
28FE000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2B6E000
|
stack
|
page read and write
|
||
|
635000
|
heap
|
page read and write
|
||
|
529000
|
remote allocation
|
page execute and read and write
|
||
|
30B1000
|
heap
|
page read and write
|
||
|
25BF000
|
stack
|
page read and write
|
||
|
94F000
|
stack
|
page read and write
|
||
|
305F000
|
stack
|
page read and write
|
||
|
41C000
|
unkown
|
page write copy
|
||
|
401000
|
unkown
|
page execute read
|
||
|
93F0000
|
heap
|
page read and write
|
||
|
2A6E000
|
stack
|
page read and write
|
||
|
2FB1000
|
heap
|
page read and write
|
||
|
731000
|
heap
|
page read and write
|
||
|
2CFE000
|
stack
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
3112000
|
heap
|
page read and write
|
||
|
94E000
|
stack
|
page read and write
|
||
|
529000
|
remote allocation
|
page execute and read and write
|
||
|
77A000
|
heap
|
page read and write
|
||
|
30D0000
|
heap
|
page read and write
|
||
|
197000
|
stack
|
page read and write
|
||
|
2B6D000
|
stack
|
page read and write
|
||
|
2DED000
|
stack
|
page read and write
|
||
|
289F000
|
stack
|
page read and write
|
||
|
4431000
|
heap
|
page execute and read and write
|
||
|
4230000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
298D000
|
stack
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
421000
|
unkown
|
page write copy
|
||
|
421000
|
unkown
|
page write copy
|
||
|
2CAF000
|
stack
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
2FB0000
|
remote allocation
|
page read and write
|
||
|
413E000
|
stack
|
page read and write
|
||
|
442F000
|
stack
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2C30000
|
heap
|
page read and write
|
||
|
771000
|
heap
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
359D000
|
stack
|
page read and write
|
||
|
4108000
|
heap
|
page read and write
|
||
|
421E000
|
stack
|
page read and write
|
||
|
788000
|
heap
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
57E000
|
stack
|
page read and write
|
||
|
5DDE000
|
stack
|
page read and write
|
||
|
2CAF000
|
stack
|
page read and write
|
||
|
41C000
|
unkown
|
page write copy
|
||
|
727000
|
heap
|
page read and write
|
||
|
2FB0000
|
remote allocation
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
32C0000
|
heap
|
page read and write
|
||
|
5EDF000
|
stack
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
75F000
|
heap
|
page read and write
|
||
|
2BAE000
|
stack
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
4140000
|
heap
|
page read and write
|
||
|
3590000
|
trusted library allocation
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
4268000
|
heap
|
page read and write
|
||
|
57E000
|
stack
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
28FE000
|
stack
|
page read and write
|
||
|
2CFE000
|
stack
|
page read and write
|
||
|
412000
|
unkown
|
page readonly
|
||
|
2A10000
|
heap
|
page read and write
|
||
|
637000
|
heap
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
707000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
357F000
|
direct allocation
|
page read and write
|
||
|
2DFE000
|
stack
|
page read and write
|
||
|
41C000
|
unkown
|
page write copy
|
||
|
2E5E000
|
stack
|
page read and write
|
||
|
40A1000
|
unkown
|
page readonly
|
||
|
421000
|
unkown
|
page write copy
|
||
|
5E5000
|
heap
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
421000
|
unkown
|
page write copy
|
||
|
9C000
|
stack
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
2F9F000
|
stack
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
2F89000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
25BF000
|
stack
|
page read and write
|
||
|
41B000
|
unkown
|
page write copy
|
||
|
4388000
|
heap
|
page execute and read and write
|
||
|
443E000
|
heap
|
page read and write
|
||
|
41B000
|
unkown
|
page read and write
|
||
|
4B3000
|
unkown
|
page read and write
|
||
|
746000
|
heap
|
page read and write
|
||
|
2FB1000
|
heap
|
page read and write
|
||
|
98E000
|
stack
|
page read and write
|
||
|
424E000
|
stack
|
page read and write
|
||
|
41B000
|
unkown
|
page write copy
|
||
|
769000
|
heap
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
444D000
|
heap
|
page execute and read and write
|
||
|
30ED000
|
heap
|
page read and write
|
||
|
28BF000
|
stack
|
page read and write
|
||
|
30BA000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
781000
|
heap
|
page read and write
|
||
|
40A1000
|
unkown
|
page readonly
|
||
|
529000
|
remote allocation
|
page execute and read and write
|
||
|
437F000
|
stack
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
80E000
|
stack
|
page read and write
|
||
|
41B000
|
unkown
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
5F7000
|
heap
|
page read and write
|
||
|
7BB000
|
heap
|
page read and write
|
||
|
44C0000
|
heap
|
page read and write
|
||
|
924000
|
heap
|
page read and write
|
||
|
52B000
|
remote allocation
|
page execute and read and write
|
||
|
2FB0000
|
remote allocation
|
page read and write
|
||
|
41C000
|
unkown
|
page write copy
|
||
|
41B000
|
unkown
|
page write copy
|
||
|
4260000
|
heap
|
page read and write
|
||
|
27BE000
|
stack
|
page read and write
|
||
|
764000
|
heap
|
page read and write
|
||
|
421000
|
unkown
|
page write copy
|
||
|
29FF000
|
stack
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
412000
|
unkown
|
page readonly
|
||
|
7A4000
|
heap
|
page read and write
|
||
|
2A10000
|
heap
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
423E000
|
stack
|
page read and write
|
||
|
40A1000
|
unkown
|
page readonly
|
||
|
788000
|
heap
|
page read and write
|
||
|
421000
|
unkown
|
page write copy
|
||
|
2D4E000
|
stack
|
page read and write
|
||
|
462F000
|
stack
|
page read and write
|
||
|
40FE000
|
stack
|
page read and write
|
||
|
41B000
|
unkown
|
page read and write
|
||
|
6C9000
|
heap
|
page read and write
|
||
|
45CF000
|
stack
|
page read and write
|
||
|
789000
|
heap
|
page read and write
|
||
|
2F5F000
|
stack
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
A0E000
|
stack
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
267E000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
7BB000
|
heap
|
page read and write
|
||
|
2CAF000
|
stack
|
page read and write
|
||
|
28BF000
|
stack
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
40A1000
|
unkown
|
page readonly
|
||
|
41C000
|
unkown
|
page write copy
|
||
|
711000
|
heap
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
409F000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
51A000
|
remote allocation
|
page execute and read and write
|
||
|
262F000
|
stack
|
page read and write
|
||
|
409F000
|
unkown
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
915000
|
heap
|
page read and write
|
||
|
421000
|
unkown
|
page write copy
|
||
|
266E000
|
stack
|
page read and write
|
||
|
30E3000
|
heap
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
2CFE000
|
stack
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2F00000
|
heap
|
page read and write
|
||
|
409F000
|
unkown
|
page read and write
|
||
|
2E3F000
|
stack
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
2E60000
|
remote allocation
|
page read and write
|
||
|
6B7000
|
heap
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
2FB1000
|
heap
|
page read and write
|
||
|
193000
|
stack
|
page read and write
|
||
|
A46000
|
heap
|
page read and write
|
||
|
2FB0000
|
remote allocation
|
page read and write
|
||
|
966000
|
heap
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
43D0000
|
heap
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
2E5E000
|
stack
|
page read and write
|
||
|
4B3000
|
unkown
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
6060000
|
heap
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
28BF000
|
stack
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
B67000
|
heap
|
page read and write
|
||
|
2F78000
|
heap
|
page read and write
|
||
|
463F000
|
stack
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
84E000
|
stack
|
page read and write
|
||
|
197000
|
stack
|
page read and write
|
||
|
40A1000
|
unkown
|
page readonly
|
||
|
6C5000
|
heap
|
page read and write
|
||
|
4180000
|
heap
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
40A1000
|
unkown
|
page readonly
|
||
|
2A10000
|
heap
|
page read and write
|
||
|
421000
|
unkown
|
page write copy
|
||
|
2BAE000
|
stack
|
page read and write
|
||
|
2B6D000
|
stack
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
52B000
|
remote allocation
|
page execute and read and write
|
||
|
92A000
|
heap
|
page read and write
|
||
|
27BF000
|
stack
|
page read and write
|
||
|
19E000
|
stack
|
page read and write
|
||
|
41B000
|
unkown
|
page write copy
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
265F000
|
stack
|
page read and write
|
||
|
5C6000
|
heap
|
page read and write
|
||
|
409F000
|
unkown
|
page read and write
|
||
|
44D6000
|
heap
|
page execute and read and write
|
||
|
40A1000
|
unkown
|
page readonly
|
||
|
412000
|
unkown
|
page readonly
|
||
|
2CAF000
|
stack
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
30B0000
|
remote allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
7A8000
|
heap
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
6C7000
|
heap
|
page read and write
|
||
|
732000
|
heap
|
page read and write
|
||
|
40EE000
|
stack
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
7BB000
|
heap
|
page read and write
|
||
|
44A7000
|
heap
|
page execute and read and write
|
||
|
193000
|
stack
|
page read and write
|
||
|
412000
|
unkown
|
page readonly
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
41B000
|
unkown
|
page write copy
|
||
|
788000
|
heap
|
page read and write
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
2A6D000
|
stack
|
page read and write
|
||
|
2FB1000
|
heap
|
page read and write
|
||
|
2BAE000
|
stack
|
page read and write
|
||
|
7A4000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
3560000
|
direct allocation
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
2EFE000
|
stack
|
page read and write
|
||
|
253F000
|
stack
|
page read and write
|
||
|
412000
|
unkown
|
page readonly
|
||
|
783000
|
heap
|
page read and write
|
||
|
766000
|
heap
|
page read and write
|
||
|
30BC000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
29FF000
|
stack
|
page read and write
|
||
|
76C000
|
heap
|
page read and write
|
||
|
2E60000
|
remote allocation
|
page read and write
|
There are 594 hidden memdumps, click here to show them.