Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Document_a19_79b555791-28h97348k5477-3219g9.js
|
ASCII text, with very long lines (537), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Windows\Installer\MSI3B6A.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
:wtfbbq (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Config.Msi\3b3ac8.rbs
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C5C8CC0A7FE31816B4641D0465402560
|
Certificate, Version=3
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C5C8CC0A7FE31816B4641D0465402560
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\sharepoint\360total.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Custom_update\Update_3b24da5a.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Custom_update\update_data.dat
|
data
|
dropped
|
||
|
C:\Windows\Installer\MSI39EE.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI3A4C.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI3A7C.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI3AAC.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI3AEC.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\MSIAA9D.tmp
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44
2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page:
1252, Revision Number: {805E70A6-23C0-4688-BBAF-6F995BB72730}, Number of Words: 10, Subject: 360 Total, Author: HuMaster LLC,
Name of Creating Application: 360 Total, Template: ;1033, Comments: This installer database contains the logic and data required
to install 360 Total., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
|
dropped
|
||
|
C:\Windows\Installer\inprogressinstallinfo.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF0C3825C8A6AE7DC2.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF1B4ED7FDA427B494.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF22CBD4461B033FB8.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF3025BC11E5C97B03.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF41332C922F5AC300.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF428E4FF550ED71C3.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF6629245EDF63459B.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFAB72B8B8E96537BE.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFB1564F1E3995B003.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFD248A4793ACEF6ED.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFE66F7BB54D4BA8DC.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
There are 19 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Document_a19_79b555791-28h97348k5477-3219g9.js"
|
|
|
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
|
|
|
C:\Windows\Installer\MSI3B6A.tmp
|
"C:\Windows\Installer\MSI3B6A.tmp" C:/Windows/System32/rundll32.exe C:\Users\user\AppData\Local\sharepoint\360total.dll, homq
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Local\sharepoint\360total.dll, homq
|
|
|
|
C:\Windows\System32\rundll32.exe
|
"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Local\sharepoint\360total.dll, homq
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\AppData\Roaming\Custom_update\Update_3b24da5a.dll", homq
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\AppData\Roaming\Custom_update\Update_3b24da5a.dll", homq
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\AppData\Roaming\Custom_update\Update_3b24da5a.dll", homq
|
|
|
|
C:\Windows\System32\cmd.exe
|
/c ipconfig /all
|
|
|
|
C:\Windows\System32\ipconfig.exe
|
ipconfig /all
|
|
|
|
C:\Windows\System32\cmd.exe
|
/c systeminfo
|
|
|
|
C:\Windows\System32\systeminfo.exe
|
systeminfo
|
|
|
|
C:\Windows\System32\cmd.exe
|
/c nltest /domain_trusts
|
|
|
|
C:\Windows\System32\cmd.exe
|
/c nltest /domain_trusts /all_trusts
|
|
|
|
C:\Windows\System32\cmd.exe
|
/c net view /all /domain
|
|
|
|
C:\Windows\System32\net.exe
|
net view /all /domain
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding 3F033F6E254CA40A6D9A0D485CFEA9D1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\nltest.exe
|
nltest /domain_trusts
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\nltest.exe
|
nltest /domain_trusts /all_trusts
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 15 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://wrankaget.site/live/
|
|
||
|
https://jarinamaers.shop/
|
unknown
|
|
|
|
https://grizmotras.com/live/
|
104.21.59.82
|
|
|
|
https://jarinamaers.shop/live/
|
172.67.136.103
|
|
|
|
http://cacerts.dig
|
unknown
|
||
|
http://crl3.digice7
|
unknown
|
||
|
http://45.95.11.217/ad.msiLin
|
unknown
|
||
|
http://pconf.f.360.cn/safe_update.php
|
unknown
|
||
|
ftp://ftp%2desktop.ini
|
unknown
|
||
|
https://grizmotras.com/
|
unknown
|
||
|
https://grizmotras.com/Qc-
|
unknown
|
||
|
http://45.95.11.217/ad.msi0
|
unknown
|
||
|
https://jarinamaers.shop/live/zedv5
|
unknown
|
||
|
https://jarinamaers.shop/live/onsG
|
unknown
|
||
|
https://grizmotras.com/live/ll
|
unknown
|
||
|
http://45.95.11.217/ad.msi-1780707424311028180
|
unknown
|
||
|
https://pewwhranet.com/live/
|
unknown
|
||
|
https://grizmotras.com/live/)
|
unknown
|
||
|
http://45.95.11.217/ad.msi
|
45.95.11.217
|
||
|
http://45.95.11.217/ad.msi%
|
unknown
|
||
|
http://pscan.f.360.cn/safe_update.php
|
unknown
|
||
|
http://dr.f.360.cn/scanlist
|
unknown
|
||
|
https://www.thawte.com/cps0/
|
unknown
|
||
|
http://pscan.f.360.cn/safe_update.phphttp://pconf.f.360.cn/safe_update.phphttp://sconf.f.360.cn/clie
|
unknown
|
||
|
https://jarinamaers.shop/live/7aB
|
unknown
|
||
|
https://www.thawte.com/repository0W
|
unknown
|
||
|
http://45.95.11.217/ad.msiV
|
unknown
|
||
|
https://jarinamaers.shop/W
|
unknown
|
||
|
http://sconf.f.360.cn/client_security_conf
|
unknown
|
||
|
http://dr.f.360.cn/scan
|
unknown
|
||
|
https://www.advancedinstaller.com
|
unknown
|
||
|
https://jarinamaers.shop/live/D
|
unknown
|
||
|
http://secure.globalsign
|
unknown
|
||
|
https://grizmotras.com//-cY
|
unknown
|
||
|
https://jarinamaers.shop/live/g5
|
unknown
|
||
|
https://jarinamaers.shop/live/7
|
unknown
|
||
|
https://grizmotras.com/Ep
|
unknown
|
||
|
https://grizmotras.com/live/URLS1https://pewwhranet.com/live/COMMAND4front://sysinfo.bin
|
unknown
|
There are 28 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
jarinamaers.shop
|
172.67.136.103
|
|
|
|
grizmotras.com
|
104.21.59.82
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
||
|
prod.globalsign.map.fastly.net
|
151.101.2.133
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.21.59.82
|
grizmotras.com
|
United States
|
|
|
|
172.67.136.103
|
jarinamaers.shop
|
United States
|
|
|
|
45.95.11.217
|
unknown
|
Italy
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
|
JScriptSetScriptStateStarted
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Config.Msi\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\3b3ac8.rbs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\3b3ac8.rbsLow
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Microsoft\Installer\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\C72CC84B32896524285338B4DFD2D0BB
|
E927531B47501D447B1AE64455F005B6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\F5D323A437D662C4E893EB9882AD31BE
|
E927531B47501D447B1AE64455F005B6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\895F9FDA48B79C541BAC8E90865A83AB
|
E927531B47501D447B1AE64455F005B6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\HuMaster LLC\360 Total\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\HuMaster LLC\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Local\sharepoint\
|
||
|
HKEY_CURRENT_USER\SOFTWARE\HuMaster LLC\360 Total
|
Version
|
||
|
HKEY_CURRENT_USER\SOFTWARE\HuMaster LLC\360 Total
|
Path
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\system32\mlang.dll,-4387
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\system32\mlang.dll,-4407
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
201DC470000
|
direct allocation
|
page execute and read and write
|
|
|
|
201DAAE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
187EC840000
|
direct allocation
|
page read and write
|
|
|
|
1A379500000
|
direct allocation
|
page execute and read and write
|
|
|
|
201DA900000
|
direct allocation
|
page read and write
|
|
|
|
201DC470000
|
direct allocation
|
page execute and read and write
|
|
|
|
187EC850000
|
direct allocation
|
page execute and read and write
|
|
|
|
201DC500000
|
direct allocation
|
page execute and read and write
|
|
|
|
1FFB4F00000
|
direct allocation
|
page execute and read and write
|
|
|
|
201DC470000
|
direct allocation
|
page execute and read and write
|
|
|
|
201DC470000
|
direct allocation
|
page execute and read and write
|
|
|
|
1FFB4EF0000
|
direct allocation
|
page read and write
|
|
|
|
1A3794F0000
|
direct allocation
|
page read and write
|
|
|
|
D2043F8000
|
stack
|
page read and write
|
|
|
|
148F6774000
|
heap
|
page read and write
|
||
|
201DC920000
|
remote allocation
|
page read and write
|
||
|
3ABC000
|
stack
|
page read and write
|
||
|
F359FF000
|
stack
|
page read and write
|
||
|
230DCBF0000
|
heap
|
page read and write
|
||
|
201DAC55000
|
heap
|
page read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
2B161A10000
|
heap
|
page read and write
|
||
|
207B503D000
|
heap
|
page read and write
|
||
|
1B54D160000
|
heap
|
page read and write
|
||
|
8F3D97E000
|
stack
|
page read and write
|
||
|
187EC870000
|
heap
|
page read and write
|
||
|
2B161C80000
|
heap
|
page read and write
|
||
|
3140000
|
heap
|
page read and write
|
||
|
1FFB6930000
|
heap
|
page read and write
|
||
|
1B54D1F6000
|
heap
|
page read and write
|
||
|
1DE937E000
|
stack
|
page read and write
|
||
|
207B5498000
|
heap
|
page read and write
|
||
|
1B54D1D0000
|
heap
|
page read and write
|
||
|
207B2F60000
|
remote allocation
|
page read and write
|
||
|
207B2F60000
|
remote allocation
|
page read and write
|
||
|
207B4D07000
|
heap
|
page read and write
|
||
|
201DC920000
|
remote allocation
|
page read and write
|
||
|
28D757A0000
|
heap
|
page read and write
|
||
|
737000
|
unkown
|
page readonly
|
||
|
2B161ABD000
|
heap
|
page read and write
|
||
|
1FFB68F0000
|
trusted library allocation
|
page read and write
|
||
|
207B4E01000
|
heap
|
page read and write
|
||
|
1A379640000
|
direct allocation
|
page execute and read and write
|
||
|
D20437E000
|
stack
|
page read and write
|
||
|
207B5459000
|
heap
|
page read and write
|
||
|
207B2E83000
|
heap
|
page read and write
|
||
|
2FCE000
|
stack
|
page read and write
|
||
|
C2EFEFE000
|
stack
|
page read and write
|
||
|
F358FE000
|
stack
|
page read and write
|
||
|
229AA0D7000
|
heap
|
page read and write
|
||
|
207B2E83000
|
heap
|
page read and write
|
||
|
1FFB68F0000
|
trusted library allocation
|
page read and write
|
||
|
28D75670000
|
heap
|
page read and write
|
||
|
201DC510000
|
direct allocation
|
page execute and read and write
|
||
|
201DAA0A000
|
heap
|
page read and write
|
||
|
201DC4A0000
|
direct allocation
|
page execute and read and write
|
||
|
D20467D000
|
stack
|
page read and write
|
||
|
207B5459000
|
heap
|
page read and write
|
||
|
242C06C8000
|
heap
|
page read and write
|
||
|
1FFB4F35000
|
heap
|
page read and write
|
||
|
187EE300000
|
direct allocation
|
page execute and read and write
|
||
|
2B1619F0000
|
heap
|
page read and write
|
||
|
1FFB4F40000
|
heap
|
page read and write
|
||
|
207B5446000
|
heap
|
page read and write
|
||
|
74C000
|
unkown
|
page write copy
|
||
|
1800C5000
|
unkown
|
page read and write
|
||
|
8F3D87B000
|
stack
|
page read and write
|
||
|
207B53D0000
|
heap
|
page read and write
|
||
|
207B4CEA000
|
heap
|
page read and write
|
||
|
207B2E94000
|
heap
|
page read and write
|
||
|
6F1000
|
unkown
|
page execute read
|
||
|
D5920FE000
|
unkown
|
page read and write
|
||
|
207B508D000
|
heap
|
page read and write
|
||
|
379E000
|
stack
|
page read and write
|
||
|
201DCAB0000
|
direct allocation
|
page execute and read and write
|
||
|
207B542C000
|
heap
|
page read and write
|
||
|
207B2E0C000
|
heap
|
page read and write
|
||
|
207B5453000
|
heap
|
page read and write
|
||
|
148F6730000
|
heap
|
page read and write
|
||
|
1B54D223000
|
heap
|
page read and write
|
||
|
187EE360000
|
direct allocation
|
page execute and read and write
|
||
|
242C06AB000
|
heap
|
page read and write
|
||
|
207B544B000
|
heap
|
page read and write
|
||
|
1788D907000
|
heap
|
page read and write
|
||
|
2228C2F8000
|
heap
|
page read and write
|
||
|
1A37AE20000
|
trusted library allocation
|
page read and write
|
||
|
750000
|
unkown
|
page readonly
|
||
|
321DAFE000
|
stack
|
page read and write
|
||
|
187EE330000
|
heap
|
page read and write
|
||
|
8F3DA7F000
|
stack
|
page read and write
|
||
|
F3587B000
|
stack
|
page read and write
|
||
|
1B54D219000
|
heap
|
page read and write
|
||
|
148F6920000
|
heap
|
page read and write
|
||
|
207B53F5000
|
heap
|
page read and write
|
||
|
1B54D22F000
|
heap
|
page read and write
|
||
|
201DAA07000
|
heap
|
page read and write
|
||
|
201DA9A5000
|
heap
|
page read and write
|
||
|
201DA9E7000
|
heap
|
page read and write
|
||
|
207B54AA000
|
heap
|
page read and write
|
||
|
187EE240000
|
trusted library allocation
|
page read and write
|
||
|
28D75570000
|
heap
|
page read and write
|
||
|
C743CFF000
|
stack
|
page read and write
|
||
|
207B549C000
|
heap
|
page read and write
|
||
|
187EE260000
|
direct allocation
|
page execute and read and write
|
||
|
207B2E33000
|
heap
|
page read and write
|
||
|
207B5446000
|
heap
|
page read and write
|
||
|
DE247FF000
|
stack
|
page read and write
|
||
|
1B54D535000
|
heap
|
page read and write
|
||
|
1A379640000
|
trusted library allocation
|
page read and write
|
||
|
DE243EC000
|
stack
|
page read and write
|
||
|
207B4E01000
|
heap
|
page read and write
|
||
|
207B508D000
|
heap
|
page read and write
|
||
|
915856C000
|
stack
|
page read and write
|
||
|
207B2DF0000
|
heap
|
page read and write
|
||
|
201DA9E7000
|
heap
|
page read and write
|
||
|
207B2E7B000
|
heap
|
page read and write
|
||
|
28D756AD000
|
heap
|
page read and write
|
||
|
6F1000
|
unkown
|
page execute read
|
||
|
230DCC18000
|
heap
|
page read and write
|
||
|
242C06A0000
|
heap
|
page read and write
|
||
|
207B5460000
|
heap
|
page read and write
|
||
|
D2042FF000
|
stack
|
page read and write
|
||
|
207B2E2F000
|
heap
|
page read and write
|
||
|
1453000
|
heap
|
page read and write
|
||
|
57C40FE000
|
stack
|
page read and write
|
||
|
201DC4F0000
|
direct allocation
|
page execute and read and write
|
||
|
207B4D01000
|
heap
|
page read and write
|
||
|
201DAC20000
|
trusted library allocation
|
page read and write
|
||
|
207B2E18000
|
heap
|
page read and write
|
||
|
18016C000
|
unkown
|
page readonly
|
||
|
201DA9B8000
|
heap
|
page read and write
|
||
|
2B161AD6000
|
heap
|
page read and write
|
||
|
207B503D000
|
heap
|
page read and write
|
||
|
28D756C8000
|
heap
|
page read and write
|
||
|
1FFB4F30000
|
heap
|
page read and write
|
||
|
207B549E000
|
heap
|
page read and write
|
||
|
1B54D170000
|
heap
|
page read and write
|
||
|
207B5459000
|
heap
|
page read and write
|
||
|
2B1619E0000
|
heap
|
page read and write
|
||
|
1FFB4F72000
|
heap
|
page read and write
|
||
|
1B54D217000
|
heap
|
page read and write
|
||
|
1B54D1F5000
|
heap
|
page read and write
|
||
|
207B2E19000
|
heap
|
page read and write
|
||
|
6F0000
|
unkown
|
page readonly
|
||
|
148F6750000
|
heap
|
page read and write
|
||
|
207B2E7B000
|
heap
|
page read and write
|
||
|
207B2EE4000
|
heap
|
page read and write
|
||
|
201DC540000
|
heap
|
page read and write
|
||
|
201DC4E0000
|
direct allocation
|
page execute and read and write
|
||
|
3BBC000
|
stack
|
page read and write
|
||
|
28D756A0000
|
heap
|
page read and write
|
||
|
242C0920000
|
heap
|
page read and write
|
||
|
230DCC15000
|
heap
|
page read and write
|
||
|
D20477C000
|
stack
|
page read and write
|
||
|
201DC4E0000
|
direct allocation
|
page execute and read and write
|
||
|
201DC4D0000
|
direct allocation
|
page execute and read and write
|
||
|
28D756C5000
|
heap
|
page read and write
|
||
|
207B2E83000
|
heap
|
page read and write
|
||
|
C7439FE000
|
stack
|
page read and write
|
||
|
8F3D8FE000
|
stack
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
C2EFFFE000
|
stack
|
page read and write
|
||
|
321DB7F000
|
stack
|
page read and write
|
||
|
207B2C80000
|
heap
|
page read and write
|
||
|
201DC490000
|
direct allocation
|
page execute and read and write
|
||
|
207B2FA0000
|
heap
|
page read and write
|
||
|
207B2FA5000
|
heap
|
page read and write
|
||
|
207B544B000
|
heap
|
page read and write
|
||
|
230DCBE0000
|
heap
|
page read and write
|
||
|
207B4D00000
|
heap
|
page read and write
|
||
|
1A37AE20000
|
trusted library allocation
|
page read and write
|
||
|
91589FE000
|
stack
|
page read and write
|
||
|
201DC4E0000
|
direct allocation
|
page execute and read and write
|
||
|
750000
|
unkown
|
page readonly
|
||
|
17CF000
|
stack
|
page read and write
|
||
|
187EC6E0000
|
heap
|
page read and write
|
||
|
C7436FE000
|
stack
|
page read and write
|
||
|
207B5460000
|
heap
|
page read and write
|
||
|
D2044FE000
|
stack
|
page read and write
|
||
|
2B161ABB000
|
heap
|
page read and write
|
||
|
207B4D0A000
|
heap
|
page read and write
|
||
|
229A9F00000
|
heap
|
page read and write
|
||
|
D5921FF000
|
stack
|
page read and write
|
||
|
207B4D08000
|
heap
|
page read and write
|
||
|
230DCEA0000
|
heap
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
16CF000
|
stack
|
page read and write
|
||
|
201DC4C0000
|
direct allocation
|
page execute and read and write
|
||
|
201DC470000
|
direct allocation
|
page execute and read and write
|
||
|
201DA918000
|
heap
|
page read and write
|
||
|
187EC8B0000
|
heap
|
page read and write
|
||
|
141B000
|
heap
|
page read and write
|
||
|
242C0930000
|
heap
|
page read and write
|
||
|
37B0000
|
heap
|
page read and write
|
||
|
201DA9B8000
|
heap
|
page read and write
|
||
|
BAC000
|
stack
|
page read and write
|
||
|
201DCA70000
|
direct allocation
|
page execute and read and write
|
||
|
207B5460000
|
heap
|
page read and write
|
||
|
242C06C7000
|
heap
|
page read and write
|
||
|
2228C5D0000
|
heap
|
page read and write
|
||
|
C7434F7000
|
stack
|
page read and write
|
||
|
180086000
|
unkown
|
page readonly
|
||
|
207B5463000
|
heap
|
page read and write
|
||
|
1B54D224000
|
heap
|
page read and write
|
||
|
1DE92FE000
|
stack
|
page read and write
|
||
|
1FFB68F0000
|
trusted library allocation
|
page read and write
|
||
|
207B5459000
|
heap
|
page read and write
|
||
|
207B2F60000
|
remote allocation
|
page read and write
|
||
|
207B5460000
|
heap
|
page read and write
|
||
|
1FFB68F0000
|
direct allocation
|
page execute and read and write
|
||
|
207B5463000
|
heap
|
page read and write
|
||
|
207B4D09000
|
heap
|
page read and write
|
||
|
1800C6000
|
unkown
|
page write copy
|
||
|
207B2E94000
|
heap
|
page read and write
|
||
|
148F675B000
|
heap
|
page read and write
|
||
|
1B54D22F000
|
heap
|
page read and write
|
||
|
201DC4D0000
|
direct allocation
|
page execute and read and write
|
||
|
201DA9B8000
|
heap
|
page read and write
|
||
|
180086000
|
unkown
|
page readonly
|
||
|
207B2E10000
|
heap
|
page read and write
|
||
|
1A37AF60000
|
heap
|
page read and write
|
||
|
207B5455000
|
heap
|
page read and write
|
||
|
201DA9B0000
|
heap
|
page read and write
|
||
|
C743BFB000
|
stack
|
page read and write
|
||
|
207B2E94000
|
heap
|
page read and write
|
||
|
201DA9B8000
|
heap
|
page read and write
|
||
|
201DA910000
|
heap
|
page read and write
|
||
|
1B54D219000
|
heap
|
page read and write
|
||
|
201DCAD0000
|
direct allocation
|
page execute and read and write
|
||
|
D20427C000
|
stack
|
page read and write
|
||
|
1788D860000
|
heap
|
page read and write
|
||
|
201DAC40000
|
direct allocation
|
page execute and read and write
|
||
|
207B2E94000
|
heap
|
page read and write
|
||
|
207B544C000
|
heap
|
page read and write
|
||
|
201DAC50000
|
heap
|
page read and write
|
||
|
74C000
|
unkown
|
page read and write
|
||
|
1B54D1FB000
|
heap
|
page read and write
|
||
|
1FFB4E90000
|
heap
|
page read and write
|
||
|
229AA0D0000
|
heap
|
page read and write
|
||
|
207B5203000
|
heap
|
page read and write
|
||
|
207B2F20000
|
heap
|
page read and write
|
||
|
2228C4C0000
|
heap
|
page read and write
|
||
|
201DCAB0000
|
direct allocation
|
page execute and read and write
|
||
|
201DCAC0000
|
direct allocation
|
page execute and read and write
|
||
|
D591DEC000
|
stack
|
page read and write
|
||
|
187EE240000
|
direct allocation
|
page execute and read and write
|
||
|
1B54D22A000
|
heap
|
page read and write
|
||
|
314E000
|
stack
|
page read and write
|
||
|
F3597E000
|
stack
|
page read and write
|
||
|
207B4E76000
|
heap
|
page read and write
|
||
|
C743DFC000
|
stack
|
page read and write
|
||
|
1B54D204000
|
heap
|
page read and write
|
||
|
201DCA70000
|
direct allocation
|
page execute and read and write
|
||
|
1800C6000
|
unkown
|
page write copy
|
||
|
201DA979000
|
heap
|
page read and write
|
||
|
8F3D9FF000
|
stack
|
page read and write
|
||
|
1B54D205000
|
heap
|
page read and write
|
||
|
2B161AB0000
|
heap
|
page read and write
|
||
|
BEC000
|
stack
|
page read and write
|
||
|
207B5000000
|
heap
|
page read and write
|
||
|
207B2E54000
|
heap
|
page read and write
|
||
|
1B54D223000
|
heap
|
page read and write
|
||
|
207B542C000
|
heap
|
page read and write
|
||
|
230DCEB0000
|
heap
|
page read and write
|
||
|
30AF000
|
stack
|
page read and write
|
||
|
1B54D205000
|
heap
|
page read and write
|
||
|
1FFB4F49000
|
heap
|
page read and write
|
||
|
1B54D219000
|
heap
|
page read and write
|
||
|
207B5463000
|
heap
|
page read and write
|
||
|
207B2E80000
|
heap
|
page read and write
|
||
|
C2EFF7E000
|
stack
|
page read and write
|
||
|
2228C2B0000
|
heap
|
page read and write
|
||
|
1315000
|
heap
|
page read and write
|
||
|
230DCDC0000
|
heap
|
page read and write
|
||
|
148F6940000
|
heap
|
page read and write
|
||
|
1A379321000
|
heap
|
page read and write
|
||
|
207B5459000
|
heap
|
page read and write
|
||
|
230DCDE0000
|
heap
|
page read and write
|
||
|
13BE000
|
stack
|
page read and write
|
||
|
321DA7D000
|
stack
|
page read and write
|
||
|
201DA9E7000
|
heap
|
page read and write
|
||
|
D2045FE000
|
stack
|
page read and write
|
||
|
1788DB55000
|
heap
|
page read and write
|
||
|
201DC4D0000
|
direct allocation
|
page execute and read and write
|
||
|
207B5459000
|
heap
|
page read and write
|
||
|
148F675D000
|
heap
|
page read and write
|
||
|
207B2D80000
|
heap
|
page read and write
|
||
|
187EE240000
|
trusted library allocation
|
page read and write
|
||
|
187EC8F0000
|
heap
|
page read and write
|
||
|
207B4D03000
|
heap
|
page read and write
|
||
|
201DAC20000
|
direct allocation
|
page execute and read and write
|
||
|
207B2EC1000
|
heap
|
page read and write
|
||
|
187EC875000
|
heap
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
3A7F000
|
stack
|
page read and write
|
||
|
201DA9B6000
|
heap
|
page read and write
|
||
|
187EE240000
|
trusted library allocation
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
1B54D1D8000
|
heap
|
page read and write
|
||
|
1B54D1F4000
|
heap
|
page read and write
|
||
|
1B54D530000
|
heap
|
page read and write
|
||
|
37A0000
|
heap
|
page read and write
|
||
|
201DA9B0000
|
heap
|
page read and write
|
||
|
207B2D60000
|
heap
|
page read and write
|
||
|
737000
|
unkown
|
page readonly
|
||
|
207B5449000
|
heap
|
page read and write
|
||
|
207B503C000
|
heap
|
page read and write
|
||
|
C7438FF000
|
stack
|
page read and write
|
||
|
207B5494000
|
heap
|
page read and write
|
||
|
187EE2E0000
|
direct allocation
|
page execute and read and write
|
||
|
229AA000000
|
heap
|
page read and write
|
||
|
187EC8B7000
|
heap
|
page read and write
|
||
|
1FFB4E70000
|
heap
|
page read and write
|
||
|
207B5463000
|
heap
|
page read and write
|
||
|
207B544B000
|
heap
|
page read and write
|
||
|
8F3DAFF000
|
stack
|
page read and write
|
||
|
187EE3C0000
|
direct allocation
|
page execute and read and write
|
||
|
3590000
|
heap
|
page read and write
|
||
|
201DC470000
|
direct allocation
|
page execute and read and write
|
||
|
1B54D1FB000
|
heap
|
page read and write
|
||
|
207B5463000
|
heap
|
page read and write
|
||
|
1B54D226000
|
heap
|
page read and write
|
||
|
148F6720000
|
heap
|
page read and write
|
||
|
1A379675000
|
heap
|
page read and write
|
||
|
207B4D06000
|
heap
|
page read and write
|
||
|
207B4E00000
|
heap
|
page read and write
|
||
|
242C0890000
|
heap
|
page read and write
|
||
|
207B544B000
|
heap
|
page read and write
|
||
|
207B4C00000
|
heap
|
page read and write
|
||
|
143A000
|
heap
|
page read and write
|
||
|
28D75650000
|
heap
|
page read and write
|
||
|
2B362FB000
|
stack
|
page read and write
|
||
|
207B5069000
|
heap
|
page read and write
|
||
|
207B5460000
|
heap
|
page read and write
|
||
|
201DC4D0000
|
direct allocation
|
page execute and read and write
|
||
|
207B5459000
|
heap
|
page read and write
|
||
|
207B4C01000
|
heap
|
page read and write
|
||
|
1DE8F9C000
|
stack
|
page read and write
|
||
|
207B2E1E000
|
heap
|
page read and write
|
||
|
DE246FE000
|
unkown
|
page read and write
|
||
|
D2E62FE000
|
stack
|
page read and write
|
||
|
148F6776000
|
heap
|
page read and write
|
||
|
1A3792A0000
|
heap
|
page read and write
|
||
|
369E000
|
stack
|
page read and write
|
||
|
207B2E33000
|
heap
|
page read and write
|
||
|
FBC000
|
stack
|
page read and write
|
||
|
201DAC20000
|
trusted library allocation
|
page read and write
|
||
|
201DA956000
|
heap
|
page read and write
|
||
|
1A3792F8000
|
heap
|
page read and write
|
||
|
207B4EEC000
|
heap
|
page read and write
|
||
|
207B5455000
|
heap
|
page read and write
|
||
|
207B2E1D000
|
heap
|
page read and write
|
||
|
207B5495000
|
heap
|
page read and write
|
||
|
201DA870000
|
heap
|
page read and write
|
||
|
57C3FFF000
|
unkown
|
page read and write
|
||
|
1FFB68F0000
|
trusted library allocation
|
page read and write
|
||
|
1788D870000
|
heap
|
page read and write
|
||
|
6F0000
|
unkown
|
page readonly
|
||
|
137E000
|
stack
|
page read and write
|
||
|
1407000
|
heap
|
page read and write
|
||
|
229A9FE0000
|
heap
|
page read and write
|
||
|
310E000
|
stack
|
page read and write
|
||
|
207B5497000
|
heap
|
page read and write
|
||
|
2B363FE000
|
unkown
|
page read and write
|
||
|
1B54D219000
|
heap
|
page read and write
|
||
|
201DCA30000
|
direct allocation
|
page execute and read and write
|
||
|
242C06C5000
|
heap
|
page read and write
|
||
|
D2046FE000
|
stack
|
page read and write
|
||
|
C7435FE000
|
stack
|
page read and write
|
||
|
207B5069000
|
heap
|
page read and write
|
||
|
201DC400000
|
trusted library allocation
|
page read and write
|
||
|
207B2E57000
|
heap
|
page read and write
|
||
|
F3587F000
|
stack
|
page read and write
|
||
|
38DD7DF000
|
stack
|
page read and write
|
||
|
187EE310000
|
direct allocation
|
page execute and read and write
|
||
|
1A3792F0000
|
heap
|
page read and write
|
||
|
187EE3A0000
|
direct allocation
|
page execute and read and write
|
||
|
1788D890000
|
heap
|
page read and write
|
||
|
187EE2E0000
|
direct allocation
|
page execute and read and write
|
||
|
207B4D01000
|
heap
|
page read and write
|
||
|
1FFB4D90000
|
heap
|
page read and write
|
||
|
207B5463000
|
heap
|
page read and write
|
||
|
187EE380000
|
direct allocation
|
page execute and read and write
|
||
|
1B54D190000
|
heap
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
187EE3D0000
|
direct allocation
|
page execute and read and write
|
||
|
207B5427000
|
heap
|
page read and write
|
||
|
2228C2C0000
|
heap
|
page read and write
|
||
|
300F000
|
stack
|
page read and write
|
||
|
187EC7E0000
|
heap
|
page read and write
|
||
|
306E000
|
stack
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
1B54D21C000
|
heap
|
page read and write
|
||
|
1A3792D0000
|
heap
|
page read and write
|
||
|
207B5463000
|
heap
|
page read and write
|
||
|
1310000
|
heap
|
page read and write
|
||
|
207B5011000
|
heap
|
page read and write
|
||
|
207B2E23000
|
heap
|
page read and write
|
||
|
229AA3C0000
|
heap
|
page read and write
|
||
|
229AA3C5000
|
heap
|
page read and write
|
||
|
38DDA7F000
|
stack
|
page read and write
|
||
|
1A379670000
|
heap
|
page read and write
|
||
|
2B161E50000
|
heap
|
page read and write
|
||
|
201DA9E7000
|
heap
|
page read and write
|
||
|
207B546C000
|
heap
|
page read and write
|
||
|
1800C5000
|
unkown
|
page read and write
|
||
|
187EE340000
|
direct allocation
|
page execute and read and write
|
||
|
207B5011000
|
heap
|
page read and write
|
||
|
2B161AD4000
|
heap
|
page read and write
|
||
|
201DC400000
|
trusted library allocation
|
page read and write
|
||
|
207B5208000
|
heap
|
page read and write
|
||
|
201DAA07000
|
heap
|
page read and write
|
||
|
13C0000
|
heap
|
page read and write
|
||
|
207B5460000
|
heap
|
page read and write
|
||
|
187EE240000
|
trusted library allocation
|
page read and write
|
||
|
1788D900000
|
heap
|
page read and write
|
||
|
12FD000
|
stack
|
page read and write
|
||
|
314A000
|
heap
|
page read and write
|
||
|
207B5001000
|
heap
|
page read and write
|
||
|
201DA8A0000
|
heap
|
page read and write
|
||
|
201DCB00000
|
direct allocation
|
page execute and read and write
|
||
|
148F6A70000
|
heap
|
page read and write
|
||
|
91588FF000
|
unkown
|
page read and write
|
||
|
1B54D219000
|
heap
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
1B54D21E000
|
heap
|
page read and write
|
||
|
C743AFD000
|
stack
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
28D756AB000
|
heap
|
page read and write
|
||
|
1788DB50000
|
heap
|
page read and write
|
||
|
207B53D2000
|
heap
|
page read and write
|
||
|
201DA98F000
|
heap
|
page read and write
|
||
|
207B2E7B000
|
heap
|
page read and write
|
||
|
242C08B0000
|
heap
|
page read and write
|
||
|
C2EFE7C000
|
stack
|
page read and write
|
||
|
28D75930000
|
heap
|
page read and write
|
||
|
D20447E000
|
stack
|
page read and write
|
||
|
187EC7C0000
|
heap
|
page read and write
|
||
|
207B53F7000
|
heap
|
page read and write
|
||
|
1A3792B0000
|
heap
|
page read and write
|
||
|
397E000
|
stack
|
page read and write
|
||
|
2B364FF000
|
stack
|
page read and write
|
||
|
242C06AD000
|
heap
|
page read and write
|
||
|
201DC510000
|
direct allocation
|
page execute and read and write
|
||
|
201DA9B0000
|
heap
|
page read and write
|
||
|
D20457A000
|
stack
|
page read and write
|
||
|
207B4CFB000
|
heap
|
page read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
2228C5D5000
|
heap
|
page read and write
|
||
|
207B4E01000
|
heap
|
page read and write
|
||
|
207B546C000
|
heap
|
page read and write
|
||
|
D2E627C000
|
stack
|
page read and write
|
||
|
2228C2F0000
|
heap
|
page read and write
|
||
|
D2E637E000
|
stack
|
page read and write
|
||
|
230DCBFB000
|
heap
|
page read and write
|
||
|
57C3EFB000
|
stack
|
page read and write
|
||
|
207B4CFC000
|
heap
|
page read and write
|
||
|
18016C000
|
unkown
|
page readonly
|
||
|
207B5459000
|
heap
|
page read and write
|
||
|
201DA9E7000
|
heap
|
page read and write
|
||
|
242C07B0000
|
heap
|
page read and write
|
||
|
207B4E01000
|
heap
|
page read and write
|
||
|
207B4D03000
|
heap
|
page read and write
|
||
|
1DE927E000
|
stack
|
page read and write
|
||
|
33C0000
|
heap
|
page read and write
|
||
|
1B54D1F4000
|
heap
|
page read and write
|
||
|
1B54D219000
|
heap
|
page read and write
|
||
|
321DBFE000
|
stack
|
page read and write
|
||
|
201DC920000
|
remote allocation
|
page read and write
|
||
|
201DA880000
|
heap
|
page read and write
|
||
|
207B5463000
|
heap
|
page read and write
|
||
|
207B4D05000
|
heap
|
page read and write
|
||
|
1A379640000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
38DD75C000
|
stack
|
page read and write
|
||
|
207B2E24000
|
heap
|
page read and write
|
||
|
230DCBFD000
|
heap
|
page read and write
|
There are 467 hidden memdumps, click here to show them.