Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
neo.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44
2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page:
1252, Revision Number: {6C81CEE0-3161-4D91-A688-254B67D7D838}, Number of Words: 10, Subject: 360 Total, Author: HuMaster LLC,
Name of Creating Application: 360 Total, Template: ;1033, Comments: This installer database contains the logic and data required
to install 360 Total., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
|
initial sample
|
 |
|
|
C:\Windows\Installer\MSI1B42.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
:wtfbbq (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Config.Msi\747f70.rbs
|
data
|
modified
|
||
|
C:\System Volume Information\SPP\OnlineMetadataCache\{f14178ee-79d6-4c4a-804e-c18354b90115}_OnDiskSnapshotProp
|
data
|
dropped
|
||
|
C:\System Volume Information\SPP\metadata-2
|
SysEx File - Twister
|
dropped
|
||
|
C:\System Volume Information\SPP\snapshot-2
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI782b9.LOG
|
Unicode text, UTF-16, little-endian text, with very long lines (346), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI825B.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI827B.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI829C.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI82BC.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIADBD.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF675E700E3E268100.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF84AA1769D646EEA7.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFF4C5D3C8AB30DF96.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\sharepoint\360total.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Custom_update\Update_6a61d649.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\747f6e.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44
2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page:
1252, Revision Number: {6C81CEE0-3161-4D91-A688-254B67D7D838}, Number of Words: 10, Subject: 360 Total, Author: HuMaster LLC,
Name of Creating Application: 360 Total, Template: ;1033, Comments: This installer database contains the logic and data required
to install 360 Total., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
|
dropped
|
||
|
C:\Windows\Installer\747f6f.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\MSI19CA.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\MSI8029.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\SourceHash{B135729E-0574-44D1-B7A1-6E44550F506B}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
There are 13 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\msiexec.exe
|
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\neo.msi"
|
|
|
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
|
|
|
C:\Windows\Installer\MSI1B42.tmp
|
"C:\Windows\Installer\MSI1B42.tmp" C:/Windows/System32/rundll32.exe C:\Users\user\AppData\Local\sharepoint\360total.dll, homq
|
|
|
|
C:\Windows\System32\rundll32.exe
|
"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Local\sharepoint\360total.dll, homq
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\AppData\Roaming\Custom_update\Update_6a61d649.dll", homq
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\AppData\Roaming\Custom_update\Update_6a61d649.dll", homq
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding 274E0059499F24D0FC6E34D9DC99A829 C
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding 5FD089C2C199466E3D17DC881ED4AD10
|
||
|
C:\Windows\System32\taskeng.exe
|
taskeng.exe {9EB3A60F-302F-4AB2-B149-897715BB8B05} S-1-5-21-966771315-3019405637-367336477-1006:user-PC\user:Interactive:[1]
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://startmast.shop/live/
|
|
||
|
https://jarinamaers.shop/live/
|
|
||
|
http://pscan.f.360.cn/safe_update.php
|
unknown
|
||
|
https://jarinamaers.shop/O
|
unknown
|
||
|
http://dr.f.360.cn/scanlist
|
unknown
|
||
|
https://www.thawte.com/cps0/
|
unknown
|
||
|
http://pscan.f.360.cn/safe_update.phphttp://pconf.f.360.cn/safe_update.phphttp://sconf.f.360.cn/clie
|
unknown
|
||
|
https://www.thawte.com/repository0W
|
unknown
|
||
|
http://pconf.f.360.cn/safe_update.php
|
unknown
|
||
|
ftp://ftp%2desktop.ini
|
unknown
|
||
|
http://sconf.f.360.cn/client_security_conf
|
unknown
|
||
|
http://dr.f.360.cn/scan
|
unknown
|
||
|
https://www.advancedinstaller.com
|
unknown
|
||
|
https://jarinamaers.shop/G
|
unknown
|
There are 4 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
jarinamaers.shop
|
104.21.46.75
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
IDENTIFY (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
IDENTIFY (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
PREPAREBACKUP (Enter)
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
PREPAREBACKUP (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
GETSTATE (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
GETSTATE (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
DOSNAPSHOT (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
DOSNAPSHOT (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\747f70.rbs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\747f70.rbsLow
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Components\C72CC84B32896524285338B4DFD2D0BB
|
E927531B47501D447B1AE64455F005B6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Components\F5D323A437D662C4E893EB9882AD31BE
|
E927531B47501D447B1AE64455F005B6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Components\895F9FDA48B79C541BAC8E90865A83AB
|
E927531B47501D447B1AE64455F005B6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\HuMaster LLC\360 Total\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\HuMaster LLC\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Local\sharepoint\
|
||
|
HKEY_CURRENT_USER\Software\HuMaster LLC\360 Total
|
Version
|
||
|
HKEY_CURRENT_USER\Software\HuMaster LLC\360 Total
|
Path
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
|
SrCreateRp (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppCreate (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
|
LastIndex
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppGatherWriterMetadata (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppGatherWriterMetadata (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppAddInterestingComponents (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppAddInterestingComponents (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppCreate (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
|
SrCreateRp (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
|
SrCreateRp (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppCreate (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
|
LastIndex
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppGatherWriterMetadata (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
IDENTIFY (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
IDENTIFY (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppGatherWriterMetadata (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppAddInterestingComponents (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppAddInterestingComponents (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
PREPAREBACKUP (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
PREPAREBACKUP (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppCreate (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
|
SrCreateRp (Leave)
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{9EB3A60F-302F-4AB2-B149-897715BB8B05}
|
data
|
There are 36 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
A0000
|
direct allocation
|
page read and write
|
|
|
|
470000
|
direct allocation
|
page execute and read and write
|
|
|
|
1E80000
|
direct allocation
|
page execute and read and write
|
|
|
|
2A0000
|
direct allocation
|
page read and write
|
|
|
|
130000
|
direct allocation
|
page execute and read and write
|
|
|
|
1AD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
110000
|
direct allocation
|
page read and write
|
|
|
|
1F0A000
|
stack
|
page read and write
|
|
|
|
1C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
10000
|
heap
|
page read and write
|
||
|
261C000
|
stack
|
page read and write
|
||
|
274000
|
heap
|
page read and write
|
||
|
150000
|
trusted library allocation
|
page read and write
|
||
|
E4000
|
heap
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
480000
|
heap
|
page read and write
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
1AE000
|
heap
|
page read and write
|
||
|
D70000
|
unkown
|
page readonly
|
||
|
1B70000
|
heap
|
page read and write
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
18016C000
|
unkown
|
page readonly
|
||
|
2A0000
|
heap
|
page read and write
|
||
|
18016C000
|
unkown
|
page readonly
|
||
|
D70000
|
unkown
|
page readonly
|
||
|
2C1F000
|
stack
|
page read and write
|
||
|
1E0000
|
trusted library allocation
|
page read and write
|
||
|
170000
|
heap
|
page read and write
|
||
|
1DA0000
|
direct allocation
|
page execute and read and write
|
||
|
BBE000
|
stack
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
1800C5000
|
unkown
|
page write copy
|
||
|
2BE000
|
heap
|
page read and write
|
||
|
1FC0000
|
direct allocation
|
page execute and read and write
|
||
|
487000
|
heap
|
page read and write
|
||
|
1DEF000
|
stack
|
page read and write
|
||
|
231C000
|
stack
|
page read and write
|
||
|
1CD0000
|
heap
|
page read and write
|
||
|
3CD000
|
stack
|
page read and write
|
||
|
2455000
|
heap
|
page read and write
|
||
|
1DC0000
|
direct allocation
|
page execute and read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
1DF0000
|
heap
|
page read and write
|
||
|
1D4F000
|
stack
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
2E8000
|
heap
|
page read and write
|
||
|
130000
|
direct allocation
|
page execute and read and write
|
||
|
245E000
|
stack
|
page read and write
|
||
|
1E50000
|
direct allocation
|
page execute and read and write
|
||
|
1E70000
|
direct allocation
|
page execute and read and write
|
||
|
4F3000
|
heap
|
page read and write
|
||
|
2710000
|
heap
|
page read and write
|
||
|
1F0000
|
trusted library allocation
|
page execute read
|
||
|
140000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
180086000
|
unkown
|
page readonly
|
||
|
503000
|
heap
|
page read and write
|
||
|
1EA0000
|
heap
|
page read and write
|
||
|
D11000
|
unkown
|
page execute read
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
24FC000
|
stack
|
page read and write
|
||
|
1800C5000
|
unkown
|
page write copy
|
||
|
1C50000
|
heap
|
page read and write
|
||
|
120000
|
heap
|
page read and write
|
||
|
4AC000
|
heap
|
page read and write
|
||
|
1AF0000
|
direct allocation
|
page execute and read and write
|
||
|
528000
|
heap
|
page read and write
|
||
|
1EDB000
|
heap
|
page read and write
|
||
|
150000
|
direct allocation
|
page execute and read and write
|
||
|
1AF0000
|
trusted library allocation
|
page read and write
|
||
|
1E20000
|
direct allocation
|
page execute and read and write
|
||
|
2EE000
|
heap
|
page read and write
|
||
|
1D7000
|
heap
|
page read and write
|
||
|
42B000
|
heap
|
page read and write
|
||
|
21F000
|
stack
|
page read and write
|
||
|
1AF0000
|
trusted library allocation
|
page read and write
|
||
|
287000
|
heap
|
page read and write
|
||
|
470000
|
direct allocation
|
page execute and read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
1E0000
|
trusted library allocation
|
page read and write
|
||
|
1C30000
|
heap
|
page read and write
|
||
|
280000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
180086000
|
unkown
|
page readonly
|
||
|
124000
|
heap
|
page read and write
|
||
|
DB000
|
stack
|
page read and write
|
||
|
291F000
|
stack
|
page read and write
|
||
|
270000
|
heap
|
page read and write
|
||
|
1F45000
|
heap
|
page read and write
|
||
|
232000
|
heap
|
page read and write
|
||
|
1EA5000
|
heap
|
page read and write
|
||
|
D11000
|
unkown
|
page execute read
|
||
|
380000
|
direct allocation
|
page execute and read and write
|
||
|
3A4000
|
heap
|
page read and write
|
||
|
2580000
|
heap
|
page read and write
|
||
|
281F000
|
stack
|
page read and write
|
||
|
150000
|
trusted library allocation
|
page read and write
|
||
|
360000
|
direct allocation
|
page execute and read and write
|
||
|
1D80000
|
direct allocation
|
page execute and read and write
|
||
|
1EAE000
|
stack
|
page read and write
|
||
|
1C34000
|
heap
|
page read and write
|
||
|
2F8000
|
heap
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
2B3E000
|
stack
|
page read and write
|
||
|
2270000
|
heap
|
page read and write
|
||
|
29C000
|
stack
|
page read and write
|
||
|
150000
|
trusted library allocation
|
page read and write
|
||
|
4BE000
|
heap
|
page read and write
|
||
|
12C000
|
stack
|
page read and write
|
||
|
508000
|
heap
|
page read and write
|
||
|
360000
|
direct allocation
|
page execute and read and write
|
||
|
99E000
|
stack
|
page read and write
|
||
|
177000
|
heap
|
page read and write
|
||
|
2B7000
|
heap
|
page read and write
|
||
|
2FD000
|
heap
|
page read and write
|
||
|
E0000
|
heap
|
page read and write
|
||
|
2450000
|
heap
|
page read and write
|
||
|
23CF000
|
stack
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
210000
|
heap
|
page read and write
|
||
|
250000
|
trusted library allocation
|
page read and write
|
||
|
D57000
|
unkown
|
page readonly
|
||
|
26DC000
|
stack
|
page read and write
|
||
|
3F5000
|
heap
|
page read and write
|
||
|
1C6B000
|
heap
|
page read and write
|
||
|
1E10000
|
direct allocation
|
page execute and read and write
|
||
|
2B0000
|
heap
|
page read and write
|
||
|
D6C000
|
unkown
|
page read and write
|
||
|
12F000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
534000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
1F40000
|
heap
|
page read and write
|
||
|
2A2F000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
214000
|
heap
|
page read and write
|
||
|
A2E000
|
stack
|
page read and write
|
||
|
1F0000
|
direct allocation
|
page execute and read and write
|
||
|
1AF0000
|
trusted library allocation
|
page read and write
|
||
|
2E0000
|
direct allocation
|
page execute and read and write
|
||
|
130000
|
trusted library allocation
|
page read and write
|
||
|
D10000
|
unkown
|
page readonly
|
||
|
3E6000
|
heap
|
page read and write
|
||
|
1AF0000
|
trusted library allocation
|
page read and write
|
||
|
2D6000
|
heap
|
page read and write
|
||
|
56B000
|
heap
|
page read and write
|
||
|
1B6000
|
heap
|
page read and write
|
||
|
A6E000
|
stack
|
page read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
248B000
|
heap
|
page read and write
|
||
|
474000
|
heap
|
page read and write
|
||
|
1E40000
|
direct allocation
|
page execute and read and write
|
||
|
2BE000
|
stack
|
page read and write
|
||
|
1D90000
|
heap
|
page read and write
|
||
|
2A7F000
|
stack
|
page read and write
|
||
|
3B6000
|
heap
|
page read and write
|
||
|
470000
|
direct allocation
|
page execute and read and write
|
||
|
D57000
|
unkown
|
page readonly
|
||
|
17C000
|
stack
|
page read and write
|
||
|
273F000
|
stack
|
page read and write
|
||
|
1F7B000
|
heap
|
page read and write
|
||
|
299E000
|
stack
|
page read and write
|
||
|
150000
|
trusted library allocation
|
page read and write
|
||
|
457000
|
heap
|
page read and write
|
||
|
290E000
|
stack
|
page read and write
|
||
|
1CC0000
|
direct allocation
|
page execute and read and write
|
||
|
130000
|
trusted library allocation
|
page read and write
|
||
|
2D8000
|
heap
|
page read and write
|
||
|
390000
|
direct allocation
|
page execute and read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
B6F000
|
stack
|
page read and write
|
||
|
D10000
|
unkown
|
page readonly
|
||
|
CFF000
|
stack
|
page read and write
|
||
|
D6C000
|
unkown
|
page write copy
|
||
|
483000
|
heap
|
page read and write
|
||
|
1D60000
|
direct allocation
|
page execute and read and write
|
There are 167 hidden memdumps, click here to show them.