Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
ad.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44
2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page:
1252, Revision Number: {805E70A6-23C0-4688-BBAF-6F995BB72730}, Number of Words: 10, Subject: 360 Total, Author: HuMaster LLC,
Name of Creating Application: 360 Total, Template: ;1033, Comments: This installer database contains the logic and data required
to install 360 Total., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
|
initial sample
|
 |
|
|
:wtfbbq (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\MSID3EB.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\MSID498.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\MSID4B9.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\MSID4D9.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\MSID509.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\MSID529.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\sharepoint\360total.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Custom_update\Update_77697333.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSID69B.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSID719.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSID8B1.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Config.Msi\5fd5a2.rbs
|
data
|
modified
|
||
|
C:\Users\user\AppData\Roaming\Custom_update\update_data.dat
|
data
|
dropped
|
||
|
C:\Windows\Installer\5fd5a1.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44
2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page:
1252, Revision Number: {805E70A6-23C0-4688-BBAF-6F995BB72730}, Number of Words: 10, Subject: 360 Total, Author: HuMaster LLC,
Name of Creating Application: 360 Total, Template: ;1033, Comments: This installer database contains the logic and data required
to install 360 Total., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
|
dropped
|
||
|
C:\Windows\Installer\MSID824.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\SourceHash{B135729E-0574-44D1-B7A1-6E44550F506B}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\inprogressinstallinfo.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\~DF119A6BD75A17A3D9.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF1D9EB0A73126B59B.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF20CDAD37B86C29CB.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF2F18E242DA04CE3D.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF53A2555FE1236737.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF57522413105921DA.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF5E2EF32C0856442C.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF753A3FA17D45070A.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF7FB8AB6F2332123C.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFE0DE59643A97ACA1.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFE14153A1C06501E6.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFEE481D50198BBEA6.TMP
|
data
|
dropped
|
There are 22 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\msiexec.exe
|
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\ad.msi"
|
|
|
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
|
|
|
C:\Windows\Installer\MSID8B1.tmp
|
"C:\Windows\Installer\MSID8B1.tmp" C:/Windows/System32/rundll32.exe C:\Users\user\AppData\Local\sharepoint\360total.dll, homq
|
|
|
|
C:\Windows\System32\rundll32.exe
|
"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Local\sharepoint\360total.dll, homq
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\AppData\Roaming\Custom_update\Update_77697333.dll", homq
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\AppData\Roaming\Custom_update\Update_77697333.dll", homq
|
|
|
|
C:\Windows\System32\cmd.exe
|
/c ipconfig /all
|
|
|
|
C:\Windows\System32\ipconfig.exe
|
ipconfig /all
|
|
|
|
C:\Windows\System32\cmd.exe
|
/c systeminfo
|
|
|
|
C:\Windows\System32\systeminfo.exe
|
systeminfo
|
|
|
|
C:\Windows\System32\cmd.exe
|
/c nltest /domain_trusts
|
|
|
|
C:\Windows\System32\cmd.exe
|
/c nltest /domain_trusts /all_trusts
|
|
|
|
C:\Windows\System32\cmd.exe
|
/c net view /all /domain
|
|
|
|
C:\Windows\System32\net.exe
|
net view /all /domain
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding E4F2088FE7B6F79163C652AEB7DCBA5B C
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding 2B25E5241F8800AB2020C808DD90D583
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\nltest.exe
|
nltest /domain_trusts
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\nltest.exe
|
nltest /domain_trusts /all_trusts
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 14 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://wrankaget.site/live/
|
|
||
|
https://jarinamaers.shop/
|
unknown
|
|
|
|
https://grizmotras.com/live/
|
172.67.219.28
|
|
|
|
https://jarinamaers.shop/live/
|
104.21.46.75
|
|
|
|
https://jarinamaers.shop/1
|
unknown
|
||
|
https://grizmotras.com/videri
|
unknown
|
||
|
https://grizmotras.com/vider
|
unknown
|
||
|
http://pconf.f.360.cn/safe_update.php
|
unknown
|
||
|
https://jarinamaers.shop/live/l
|
unknown
|
||
|
ftp://ftp%2desktop.ini
|
unknown
|
||
|
https://grizmotras.com/
|
unknown
|
||
|
https://jarinamaers.shop/G
|
unknown
|
||
|
https://pewwhranet.com/live/
|
unknown
|
||
|
http://pscan.f.360.cn/safe_update.php
|
unknown
|
||
|
http://dr.f.360.cn/scanlist
|
unknown
|
||
|
https://www.thawte.com/cps0/
|
unknown
|
||
|
https://grizmotras.com/live/p
|
unknown
|
||
|
https://jarinamaers.shop/Y
|
unknown
|
||
|
http://pscan.f.360.cn/safe_update.phphttp://pconf.f.360.cn/safe_update.phphttp://sconf.f.360.cn/clie
|
unknown
|
||
|
https://www.thawte.com/repository0W
|
unknown
|
||
|
https://grizmotras.com/live/xe
|
unknown
|
||
|
http://sconf.f.360.cn/client_security_conf
|
unknown
|
||
|
https://jarinamaers.shop/live/K
|
unknown
|
||
|
http://dr.f.360.cn/scan
|
unknown
|
||
|
https://www.advancedinstaller.com
|
unknown
|
||
|
https://grizmotras.com/live/URLS1https://pewwhranet.com/live/COMMAND4front://sysinfo.bin
|
unknown
|
There are 16 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
jarinamaers.shop
|
104.21.46.75
|
|
|
|
grizmotras.com
|
172.67.219.28
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.21.46.75
|
jarinamaers.shop
|
United States
|
|
|
|
172.67.219.28
|
grizmotras.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Config.Msi\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\5fd5a2.rbs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\5fd5a2.rbsLow
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Microsoft\Installer\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\C72CC84B32896524285338B4DFD2D0BB
|
E927531B47501D447B1AE64455F005B6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\F5D323A437D662C4E893EB9882AD31BE
|
E927531B47501D447B1AE64455F005B6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\895F9FDA48B79C541BAC8E90865A83AB
|
E927531B47501D447B1AE64455F005B6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\HuMaster LLC\360 Total\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\HuMaster LLC\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Local\sharepoint\
|
||
|
HKEY_CURRENT_USER\SOFTWARE\HuMaster LLC\360 Total
|
Version
|
||
|
HKEY_CURRENT_USER\SOFTWARE\HuMaster LLC\360 Total
|
Path
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\system32\mlang.dll,-4387
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\system32\mlang.dll,-4407
|
There are 7 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2473B520000
|
direct allocation
|
page execute and read and write
|
|
|
|
5536378000
|
stack
|
page read and write
|
|
|
|
210FE9F0000
|
direct allocation
|
page read and write
|
|
|
|
210FEA00000
|
direct allocation
|
page execute and read and write
|
|
|
|
2473B890000
|
direct allocation
|
page execute and read and write
|
|
|
|
24739A40000
|
direct allocation
|
page execute and read and write
|
|
|
|
2473B4C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
24739A10000
|
direct allocation
|
page read and write
|
|
|
|
1FB3AB60000
|
direct allocation
|
page read and write
|
|
|
|
2473B4C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
2473B4C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
1FB3AB70000
|
direct allocation
|
page execute and read and write
|
|
|
|
1ED8018B000
|
heap
|
page read and write
|
||
|
1ED80164000
|
heap
|
page read and write
|
||
|
1ED80176000
|
heap
|
page read and write
|
||
|
10FE000
|
stack
|
page read and write
|
||
|
1ED80355000
|
heap
|
page read and write
|
||
|
1ED8018B000
|
heap
|
page read and write
|
||
|
202BC310000
|
heap
|
page read and write
|
||
|
AFC000
|
stack
|
page read and write
|
||
|
1FB3C530000
|
direct allocation
|
page execute and read and write
|
||
|
2473B974000
|
heap
|
page read and write
|
||
|
F00000
|
heap
|
page read and write
|
||
|
26B557E0000
|
heap
|
page read and write
|
||
|
1B3368D0000
|
heap
|
page read and write
|
||
|
210FEEE0000
|
trusted library allocation
|
page read and write
|
||
|
1ED80190000
|
heap
|
page read and write
|
||
|
2473BBC0000
|
direct allocation
|
page execute and read and write
|
||
|
2473BB40000
|
direct allocation
|
page execute and read and write
|
||
|
1ED80177000
|
heap
|
page read and write
|
||
|
B21000
|
unkown
|
page execute read
|
||
|
2136C8A6000
|
heap
|
page read and write
|
||
|
2473BA70000
|
direct allocation
|
page execute and read and write
|
||
|
1ED8018B000
|
heap
|
page read and write
|
||
|
D7835FF000
|
stack
|
page read and write
|
||
|
6BDCCFE000
|
stack
|
page read and write
|
||
|
24739B54000
|
heap
|
page read and write
|
||
|
2473B970000
|
heap
|
page read and write
|
||
|
2473B4B0000
|
heap
|
page read and write
|
||
|
247399B0000
|
heap
|
page read and write
|
||
|
B80000
|
unkown
|
page readonly
|
||
|
21649C38000
|
heap
|
page read and write
|
||
|
1CF92D90000
|
heap
|
page read and write
|
||
|
210FE790000
|
heap
|
page read and write
|
||
|
1FB3C580000
|
direct allocation
|
page execute and read and write
|
||
|
24739B18000
|
heap
|
page read and write
|
||
|
1FB3A9E0000
|
heap
|
page read and write
|
||
|
E7D8DAC000
|
stack
|
page read and write
|
||
|
24739A35000
|
heap
|
page read and write
|
||
|
202BC355000
|
heap
|
page read and write
|
||
|
2473BAF0000
|
direct allocation
|
page execute and read and write
|
||
|
2473B960000
|
remote allocation
|
page read and write
|
||
|
1ED80240000
|
heap
|
page read and write
|
||
|
CDE000
|
stack
|
page read and write
|
||
|
C33287E000
|
stack
|
page read and write
|
||
|
9977FCB000
|
stack
|
page read and write
|
||
|
6BDCDFE000
|
stack
|
page read and write
|
||
|
55365FD000
|
stack
|
page read and write
|
||
|
6BDCEFE000
|
stack
|
page read and write
|
||
|
24739B23000
|
heap
|
page read and write
|
||
|
202BC430000
|
heap
|
page read and write
|
||
|
1B336AB5000
|
heap
|
page read and write
|
||
|
1FB3ABE0000
|
heap
|
page read and write
|
||
|
1B336800000
|
heap
|
page read and write
|
||
|
B7C000
|
unkown
|
page read and write
|
||
|
E7D90FE000
|
stack
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
2473BB10000
|
direct allocation
|
page execute and read and write
|
||
|
E9226FE000
|
unkown
|
page read and write
|
||
|
3050000
|
trusted library allocation
|
page read and write
|
||
|
1800C6000
|
unkown
|
page write copy
|
||
|
D78311C000
|
stack
|
page read and write
|
||
|
210FE7C8000
|
heap
|
page read and write
|
||
|
21649F05000
|
heap
|
page read and write
|
||
|
1800C5000
|
unkown
|
page read and write
|
||
|
553667F000
|
stack
|
page read and write
|
||
|
1ED80177000
|
heap
|
page read and write
|
||
|
1800C6000
|
unkown
|
page write copy
|
||
|
2136C830000
|
heap
|
page read and write
|
||
|
1FB3AA7F000
|
heap
|
page read and write
|
||
|
87AEFFF000
|
unkown
|
page read and write
|
||
|
87AEEFC000
|
stack
|
page read and write
|
||
|
7AB000
|
stack
|
page read and write
|
||
|
553657F000
|
stack
|
page read and write
|
||
|
1ED8018E000
|
heap
|
page read and write
|
||
|
1ED8016B000
|
heap
|
page read and write
|
||
|
E7D907F000
|
stack
|
page read and write
|
||
|
2136C8A4000
|
heap
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
6BDCC7B000
|
stack
|
page read and write
|
||
|
2473B890000
|
direct allocation
|
page execute and read and write
|
||
|
6BDCE7E000
|
stack
|
page read and write
|
||
|
B21000
|
unkown
|
page execute read
|
||
|
1CF92D60000
|
heap
|
page read and write
|
||
|
26B55740000
|
heap
|
page read and write
|
||
|
B20000
|
unkown
|
page readonly
|
||
|
202BC210000
|
heap
|
page read and write
|
||
|
24739B27000
|
heap
|
page read and write
|
||
|
210FE7A0000
|
heap
|
page read and write
|
||
|
28F2B580000
|
heap
|
page read and write
|
||
|
2473BAF0000
|
direct allocation
|
page execute and read and write
|
||
|
21649B90000
|
heap
|
page read and write
|
||
|
24739B54000
|
heap
|
page read and write
|
||
|
1ED8016B000
|
heap
|
page read and write
|
||
|
2136C880000
|
heap
|
page read and write
|
||
|
E0F000
|
stack
|
page read and write
|
||
|
1ED80140000
|
heap
|
page read and write
|
||
|
2473BAB0000
|
direct allocation
|
page execute and read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
1FB3AA48000
|
heap
|
page read and write
|
||
|
D7834FE000
|
unkown
|
page read and write
|
||
|
B8697FF000
|
stack
|
page read and write
|
||
|
C3325EC000
|
stack
|
page read and write
|
||
|
1FB3AA00000
|
heap
|
page read and write
|
||
|
28DD9CE000
|
stack
|
page read and write
|
||
|
1ED80350000
|
heap
|
page read and write
|
||
|
1CF92D50000
|
heap
|
page read and write
|
||
|
2136C850000
|
heap
|
page read and write
|
||
|
2BEF000
|
stack
|
page read and write
|
||
|
2473BB20000
|
direct allocation
|
page execute and read and write
|
||
|
2473B430000
|
direct allocation
|
page execute and read and write
|
||
|
1ED8019B000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
C3328FE000
|
stack
|
page read and write
|
||
|
B67000
|
unkown
|
page readonly
|
||
|
2473B510000
|
direct allocation
|
page execute and read and write
|
||
|
2473B520000
|
direct allocation
|
page execute and read and write
|
||
|
1FB3C560000
|
direct allocation
|
page execute and read and write
|
||
|
55363FF000
|
stack
|
page read and write
|
||
|
B67000
|
unkown
|
page readonly
|
||
|
2473B880000
|
direct allocation
|
page execute and read and write
|
||
|
B8696FF000
|
unkown
|
page read and write
|
||
|
2136C88B000
|
heap
|
page read and write
|
||
|
2136C820000
|
heap
|
page read and write
|
||
|
5D1E27F000
|
stack
|
page read and write
|
||
|
2473B410000
|
trusted library allocation
|
page read and write
|
||
|
210FEA20000
|
heap
|
page read and write
|
||
|
2473B520000
|
direct allocation
|
page execute and read and write
|
||
|
B80000
|
unkown
|
page readonly
|
||
|
1ED80147000
|
heap
|
page read and write
|
||
|
202BC330000
|
heap
|
page read and write
|
||
|
2473B530000
|
direct allocation
|
page execute and read and write
|
||
|
2473B4C0000
|
direct allocation
|
page execute and read and write
|
||
|
55364FE000
|
stack
|
page read and write
|
||
|
28F2B270000
|
heap
|
page read and write
|
||
|
2136CA50000
|
heap
|
page read and write
|
||
|
21649F00000
|
heap
|
page read and write
|
||
|
24739B56000
|
heap
|
page read and write
|
||
|
1ED80110000
|
heap
|
page read and write
|
||
|
26B55AF0000
|
heap
|
page read and write
|
||
|
24739A30000
|
heap
|
page read and write
|
||
|
5D1DF6E000
|
stack
|
page read and write
|
||
|
21649C30000
|
heap
|
page read and write
|
||
|
24739AEE000
|
heap
|
page read and write
|
||
|
1FB3C540000
|
direct allocation
|
page execute and read and write
|
||
|
29A0000
|
heap
|
page read and write
|
||
|
202BC354000
|
heap
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
2473B4C0000
|
direct allocation
|
page execute and read and write
|
||
|
1FB3C5A0000
|
direct allocation
|
page execute and read and write
|
||
|
E9223EC000
|
stack
|
page read and write
|
||
|
B86931C000
|
stack
|
page read and write
|
||
|
210FEF30000
|
heap
|
page read and write
|
||
|
1ED80166000
|
heap
|
page read and write
|
||
|
202BC5F0000
|
heap
|
page read and write
|
||
|
21A13850000
|
heap
|
page read and write
|
||
|
6BDCD7F000
|
stack
|
page read and write
|
||
|
210FEEE0000
|
trusted library allocation
|
page read and write
|
||
|
24739B18000
|
heap
|
page read and write
|
||
|
2473B530000
|
direct allocation
|
page execute and read and write
|
||
|
2473B960000
|
remote allocation
|
page read and write
|
||
|
E6E000
|
stack
|
page read and write
|
||
|
D05000
|
heap
|
page read and write
|
||
|
2473B410000
|
trusted library allocation
|
page read and write
|
||
|
272DC7B000
|
stack
|
page read and write
|
||
|
2AAF000
|
stack
|
page read and write
|
||
|
1FB3C5E0000
|
direct allocation
|
page execute and read and write
|
||
|
21649BA0000
|
heap
|
page read and write
|
||
|
55366FD000
|
stack
|
page read and write
|
||
|
2473B520000
|
direct allocation
|
page execute and read and write
|
||
|
24739AE8000
|
heap
|
page read and write
|
||
|
24739A80000
|
heap
|
page read and write
|
||
|
24739B23000
|
heap
|
page read and write
|
||
|
21A13B05000
|
heap
|
page read and write
|
||
|
1FB3ABC0000
|
trusted library allocation
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
28F2B250000
|
heap
|
page read and write
|
||
|
1FB3ABC0000
|
trusted library allocation
|
page read and write
|
||
|
1FB3A900000
|
heap
|
page read and write
|
||
|
1FB3C480000
|
trusted library allocation
|
page read and write
|
||
|
5D1DEEC000
|
stack
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
21649BC0000
|
heap
|
page read and write
|
||
|
1FB3C5C0000
|
direct allocation
|
page execute and read and write
|
||
|
28DDC7E000
|
stack
|
page read and write
|
||
|
B20000
|
unkown
|
page readonly
|
||
|
28F2B294000
|
heap
|
page read and write
|
||
|
C33297E000
|
stack
|
page read and write
|
||
|
1FB3C500000
|
direct allocation
|
page execute and read and write
|
||
|
21A138A0000
|
heap
|
page read and write
|
||
|
210FE7C0000
|
heap
|
page read and write
|
||
|
21A13B00000
|
heap
|
page read and write
|
||
|
202BC2F0000
|
heap
|
page read and write
|
||
|
99783FE000
|
stack
|
page read and write
|
||
|
1B336700000
|
heap
|
page read and write
|
||
|
24739B28000
|
heap
|
page read and write
|
||
|
B7C000
|
unkown
|
page write copy
|
||
|
210FEEE0000
|
direct allocation
|
page execute and read and write
|
||
|
24739B54000
|
heap
|
page read and write
|
||
|
21A13840000
|
heap
|
page read and write
|
||
|
24739B54000
|
heap
|
page read and write
|
||
|
24739990000
|
heap
|
page read and write
|
||
|
87AF0FF000
|
stack
|
page read and write
|
||
|
1ED801A1000
|
heap
|
page read and write
|
||
|
F1B000
|
heap
|
page read and write
|
||
|
553647A000
|
stack
|
page read and write
|
||
|
299F000
|
stack
|
page read and write
|
||
|
1ED80030000
|
heap
|
page read and write
|
||
|
1B3367E0000
|
heap
|
page read and write
|
||
|
24739B28000
|
heap
|
page read and write
|
||
|
210FEEE0000
|
trusted library allocation
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
2473B410000
|
direct allocation
|
page execute and read and write
|
||
|
2473B8A0000
|
direct allocation
|
page execute and read and write
|
||
|
2473B960000
|
remote allocation
|
page read and write
|
||
|
1CF92FD0000
|
heap
|
page read and write
|
||
|
202BC33B000
|
heap
|
page read and write
|
||
|
2473B410000
|
trusted library allocation
|
page read and write
|
||
|
247398B0000
|
heap
|
page read and write
|
||
|
2473B410000
|
trusted library allocation
|
page read and write
|
||
|
26B559B0000
|
heap
|
page read and write
|
||
|
210FEA25000
|
heap
|
page read and write
|
||
|
180086000
|
unkown
|
page readonly
|
||
|
1ED8018B000
|
heap
|
page read and write
|
||
|
18016C000
|
unkown
|
page readonly
|
||
|
1CF92E24000
|
heap
|
page read and write
|
||
|
28F2B296000
|
heap
|
page read and write
|
||
|
99782FF000
|
unkown
|
page read and write
|
||
|
210FE990000
|
heap
|
page read and write
|
||
|
2473B530000
|
direct allocation
|
page execute and read and write
|
||
|
1CF92E25000
|
heap
|
page read and write
|
||
|
2AEE000
|
stack
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
EAE000
|
stack
|
page read and write
|
||
|
272DD7E000
|
stack
|
page read and write
|
||
|
1FB3C510000
|
heap
|
page read and write
|
||
|
E9227FF000
|
stack
|
page read and write
|
||
|
26B55807000
|
heap
|
page read and write
|
||
|
24739A88000
|
heap
|
page read and write
|
||
|
24739B56000
|
heap
|
page read and write
|
||
|
28DD94C000
|
stack
|
page read and write
|
||
|
210FE7F1000
|
heap
|
page read and write
|
||
|
18016C000
|
unkown
|
page readonly
|
||
|
1CF92E00000
|
heap
|
page read and write
|
||
|
180086000
|
unkown
|
page readonly
|
||
|
1FB3C480000
|
trusted library allocation
|
page read and write
|
||
|
28F2B440000
|
heap
|
page read and write
|
||
|
26B55770000
|
heap
|
page read and write
|
||
|
210FEEE0000
|
trusted library allocation
|
page read and write
|
||
|
1CF92D70000
|
heap
|
page read and write
|
||
|
1FB3C480000
|
direct allocation
|
page execute and read and write
|
||
|
21A138A8000
|
heap
|
page read and write
|
||
|
272DCFE000
|
stack
|
page read and write
|
||
|
C9E000
|
stack
|
page read and write
|
||
|
1FB3C500000
|
direct allocation
|
page execute and read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
1ED80164000
|
heap
|
page read and write
|
||
|
5535FEC000
|
stack
|
page read and write
|
||
|
1FB3ABC0000
|
direct allocation
|
page execute and read and write
|
||
|
2473BA70000
|
direct allocation
|
page execute and read and write
|
||
|
1B336AB0000
|
heap
|
page read and write
|
||
|
2473B4F0000
|
direct allocation
|
page execute and read and write
|
||
|
1FB3AA40000
|
heap
|
page read and write
|
||
|
1CF92E0B000
|
heap
|
page read and write
|
||
|
24739B23000
|
heap
|
page read and write
|
||
|
28F2B230000
|
heap
|
page read and write
|
||
|
26B557EB000
|
heap
|
page read and write
|
||
|
1ED8018B000
|
heap
|
page read and write
|
||
|
1FB3ABE5000
|
heap
|
page read and write
|
||
|
5D1DFEF000
|
stack
|
page read and write
|
||
|
21A13870000
|
heap
|
page read and write
|
||
|
26B55750000
|
heap
|
page read and write
|
||
|
2136CC10000
|
heap
|
page read and write
|
||
|
2473B4E0000
|
direct allocation
|
page execute and read and write
|
||
|
24739B56000
|
heap
|
page read and write
|
||
|
28F2B27B000
|
heap
|
page read and write
|
||
|
1ED8018B000
|
heap
|
page read and write
|
||
|
1FB3C5F0000
|
direct allocation
|
page execute and read and write
|
||
|
1800C5000
|
unkown
|
page read and write
|
||
|
26B55805000
|
heap
|
page read and write
|
||
|
1B3368D9000
|
heap
|
page read and write
|
||
|
272DC7F000
|
stack
|
page read and write
|
||
|
24739B56000
|
heap
|
page read and write
|
||
|
28F2B220000
|
heap
|
page read and write
|
||
|
2473BAB0000
|
direct allocation
|
page execute and read and write
|
||
|
21A138B0000
|
heap
|
page read and write
|
||
|
F08000
|
heap
|
page read and write
|
There are 287 hidden memdumps, click here to show them.