IOC Report
SecuriteInfo.com.Trojan.MulDrop13.41595.16600.22629.exe

loading gif

Files

File Path
Type
Category
Malicious
SecuriteInfo.com.Trojan.MulDrop13.41595.16600.22629.exe
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
initial sample
 malicious
C:\Program Files (x86)\webrec\WEB30\WebPlugin\DHSurveillanceDll.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\webrec\WEB30\WebPlugin\FileOperator.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\webrec\WEB30\WebPlugin\FisheyeCtrl.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\webrec\WEB30\WebPlugin\IVSJsonSdk.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\webrec\WEB30\WebPlugin\IvsDrawer.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\webrec\WEB30\WebPlugin\IvsLogic.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\webrec\WEB30\WebPlugin\MCL_FPTZ.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\webrec\WEB30\WebPlugin\StreamConvertor.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\webrec\WEB30\WebPlugin\TimeGridEXE.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\webrec\WEB30\WebPlugin\Version.ini
ASCII text, with no line terminators
dropped
C:\Program Files (x86)\webrec\WEB30\WebPlugin\VideoAnalyse.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\webrec\WEB30\WebPlugin\VideoWindow.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\webrec\WEB30\WebPlugin\WebActiveEXE.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\webrec\WEB30\WebPlugin\aacdec.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\webrec\WEB30\WebPlugin\dhnetsdk.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\webrec\WEB30\WebPlugin\dhplay.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\webrec\WEB30\WebPlugin\fisheye.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\webrec\WEB30\WebPlugin\g7221dec.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\webrec\WEB30\WebPlugin\g729dec.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\webrec\WEB30\WebPlugin\h264dec.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\webrec\WEB30\WebPlugin\hevcdec.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\webrec\WEB30\WebPlugin\mjpegdec.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\webrec\WEB30\WebPlugin\mp2dec.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\webrec\WEB30\WebPlugin\mpeg4dec.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\webrec\WEB30\WebPlugin\npTimeGrid.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\webrec\WEB30\WebPlugin\npmedia.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\webrec\WEB30\WebPlugin\postproc.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\webrec\WEB30\WebPlugin\svac_dec.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\webrec\WEB30\WebPlugin\swscale.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\webrec\WEB30\WebPlugin\timeAxesDll.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\webrec\WEB30\WebPlugin\uninst.exe
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
dropped
C:\Users\user\AppData\Local\Temp\nsbA248.tmp
OpenPGP Public Key
dropped
C:\Users\user\AppData\Local\Temp\nswA2C6.tmp\nsExec.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WebPlugin\Uninstall.lnk
MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
dropped
There are 25 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop13.41595.16600.22629.exe
"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop13.41595.16600.22629.exe"
 malicious
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /F /IM WebActiveEXE.exe
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /F /IM TimeGridEXE.exe
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files (x86)\webrec\WEB30\WebPlugin\WebActiveEXE.exe
"C:\Program Files (x86)\webrec\WEB30\WebPlugin\WebActiveEXE.exe" /regserver
C:\Program Files (x86)\webrec\WEB30\WebPlugin\TimeGridEXE.exe
"C:\Program Files (x86)\webrec\WEB30\WebPlugin\TimeGridEXE.exe" /regserver
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "atl.dll"

URLs

Name
IP
Malicious
http://10.6.5.2/svnpl/CODEC/ARI/AUDIO_CODEC/Audio_G729AB_DEC/Trunklsp_stability
unknown
http://10.6.5.2/svnpl/CODEC/ARI/AUDIO_CODEC/Audio-G7221-DEC/Trunk
unknown
http://10.6.5.2/svnpl/CODEC/ARI/AUDIO_CODEC/Audio-AAC-DEC/Trunkw
unknown
http://10.6.5.2/svnpl/CODEC/ARI/VIDEO_CODEC/H265-DEC/Branches/P_2015.06.15_H265_DEC_OpenHevcDec
unknown
http://nsis.sf.net/NSIS_Error
unknown
http://10.6.5.2/svnpl/CODEC/ARI/AUDIO_CODEC/Audio_Mpeg2l2_Dec/Trunk
unknown
http://10.6.5.2/svnpl/CODEC/ARI/AUDIO_CODEC/Audio-AAC-DEC/Trunk
unknown
http://www.openssl.org/support/faq.html....................
unknown
http://10.6.5.2/svnpl/CODEC/ARI/VIDEO_CODEC/H265-DEC/Branches/P_2015.06.15_H265_DEC_OpenHevcDecCould
unknown
http://www.audiocoding.com/)
unknown
http://10.6.5.2/svnpl/CODEC/ARI/AUDIO_CODEC/Audio_Mpeg2l2_Dec/TrunkCorExitProcessmscoree.dllruntime
unknown
http://10.6.5.2/svnpl/CODEC/PC/MPEG4_DEC_FAST/Trunk/PC_Mpeg4_DEC_Windows(null)(null)
unknown
http://10.6.5.2/svnpl/CODEC/PC/ENC_AAC/Trunk
unknown
http://10.6.5.2/svnpl/CODEC/ARI/AUDIO_CODEC/Audio-G7221-DEC/Trunk8
unknown
http://10.6.5.2/svnpl/CODEC/VIDEO_ARITH/PTZ/MTracking_PTZ/Trunk/SIML_PTZ/MS_zhucong
unknown
http://10.6.5.2/svnpl/CODEC/ARI/VIDEO_CODEC/JPEG-DEC/TrunkX
unknown
http://10.6.5.2/svnpl/CODEC/ARI/VIDEO_CODEC/TOOLS/bilinear_scale/Trunk
unknown
http://10.6.5.2/svnpl/CODEC/ARI/BaseAlg/ImageProcess/FishEye/Trunk/fish_eye_from_wangsong
unknown
http://nsis.sf.net/NSIS_ErrorError
unknown
http://10.6.5.2/svnpl/CODEC/ARI/AUDIO_CODEC/Audio_G729AB_DEC/Trunk
unknown
http://10.6.5.2/svnpl/CODEC/PC/MPEG4_DEC_FAST/Trunk/PC_Mpeg4_DEC_Windows
unknown
http://www.openssl.org/support/faq.html
unknown
http://10.6.5.2/svnpl/CODEC/ARI/VIDEO_CODEC/JPEG-DEC/Trunk
unknown
http://10.6.5.2/svnpl/CODEC/PC/ENC_AAC/Trunkknipsycho
unknown
There are 14 hidden URLs, click here to show them.

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\MozillaPlugins\@DVR/npmedia,version=3.1.0.4
Path
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\MozillaPlugins\@DVR/npTimeGrid,version=3.1.0.4
Path
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
C:\Program Files (x86)\webrec\WEB30\WebPlugin\WebActiveEXE.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
C:\Program Files (x86)\webrec\WEB30\WebPlugin\TimeGridEXE.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{14E214D7-AAF0-4E41-9203-443828953DB8}
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\WebActiveEXE.EXE
AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebActiveEXE.Plugin.1
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebActiveEXE.Plugin.1\CLSID
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebActiveEXE.Plugin
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebActiveEXE.Plugin\CLSID
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebActiveEXE.Plugin\CurVer
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F9063B6-E081-49DB-9FEC-D72422F2727F}
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F9063B6-E081-49DB-9FEC-D72422F2727F}\ProgID
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F9063B6-E081-49DB-9FEC-D72422F2727F}\VersionIndependentProgID
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F9063B6-E081-49DB-9FEC-D72422F2727F}\LocalServer32
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F9063B6-E081-49DB-9FEC-D72422F2727F}
AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F9063B6-E081-49DB-9FEC-D72422F2727F}\ToolboxBitmap32
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F9063B6-E081-49DB-9FEC-D72422F2727F}\MiscStatus
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F9063B6-E081-49DB-9FEC-D72422F2727F}\MiscStatus\1
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F9063B6-E081-49DB-9FEC-D72422F2727F}\TypeLib
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F9063B6-E081-49DB-9FEC-D72422F2727F}\Version
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DD09A797-F29F-453D-BA05-43E3A7BCC433}\1.0
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DD09A797-F29F-453D-BA05-43E3A7BCC433}\1.0\FLAGS
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DD09A797-F29F-453D-BA05-43E3A7BCC433}\1.0\0\win32
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DD09A797-F29F-453D-BA05-43E3A7BCC433}\1.0\HELPDIR
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BEDCA323-84CC-4294-8C8A-866137D44A02}
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BEDCA323-84CC-4294-8C8A-866137D44A02}\ProxyStubClsid32
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BEDCA323-84CC-4294-8C8A-866137D44A02}\TypeLib
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BEDCA323-84CC-4294-8C8A-866137D44A02}\TypeLib
Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BEDCA323-84CC-4294-8C8A-866137D44A02}
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BEDCA323-84CC-4294-8C8A-866137D44A02}\ProxyStubClsid32
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BEDCA323-84CC-4294-8C8A-866137D44A02}\TypeLib
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BEDCA323-84CC-4294-8C8A-866137D44A02}\TypeLib
Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EE2DC66D-C162-496D-953C-C378F8B9B43F}
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EE2DC66D-C162-496D-953C-C378F8B9B43F}\ProxyStubClsid32
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EE2DC66D-C162-496D-953C-C378F8B9B43F}
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EE2DC66D-C162-496D-953C-C378F8B9B43F}\ProxyStubClsid32
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EE2DC66D-C162-496D-953C-C378F8B9B43F}\TypeLib
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EE2DC66D-C162-496D-953C-C378F8B9B43F}\TypeLib
Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{56422B45-FCAD-4B20-9C5A-A72686EE43F6}
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\TimeGridEXE.EXE
AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TimeGridEXE.Plugin.1
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TimeGridEXE.Plugin.1\CLSID
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TimeGridEXE.Plugin
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TimeGridEXE.Plugin\CLSID
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TimeGridEXE.Plugin\CurVer
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{15EF48B3-D5CA-4321-A186-EBE7B15392F1}
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{15EF48B3-D5CA-4321-A186-EBE7B15392F1}\ProgID
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{15EF48B3-D5CA-4321-A186-EBE7B15392F1}\VersionIndependentProgID
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{15EF48B3-D5CA-4321-A186-EBE7B15392F1}\LocalServer32
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{15EF48B3-D5CA-4321-A186-EBE7B15392F1}
AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{15EF48B3-D5CA-4321-A186-EBE7B15392F1}\ToolboxBitmap32
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{15EF48B3-D5CA-4321-A186-EBE7B15392F1}\MiscStatus
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{15EF48B3-D5CA-4321-A186-EBE7B15392F1}\MiscStatus\1
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{15EF48B3-D5CA-4321-A186-EBE7B15392F1}\TypeLib
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{15EF48B3-D5CA-4321-A186-EBE7B15392F1}\Version
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4825A5A4-6D6F-4852-86AC-296295CB3A01}\1.0
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4825A5A4-6D6F-4852-86AC-296295CB3A01}\1.0\FLAGS
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4825A5A4-6D6F-4852-86AC-296295CB3A01}\1.0\0\win32
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4825A5A4-6D6F-4852-86AC-296295CB3A01}\1.0\HELPDIR
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EC76FFFE-A40A-4DAA-BC51-CAEBD5B5434C}
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EC76FFFE-A40A-4DAA-BC51-CAEBD5B5434C}\ProxyStubClsid32
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EC76FFFE-A40A-4DAA-BC51-CAEBD5B5434C}\TypeLib
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EC76FFFE-A40A-4DAA-BC51-CAEBD5B5434C}\TypeLib
Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EC76FFFE-A40A-4DAA-BC51-CAEBD5B5434C}
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EC76FFFE-A40A-4DAA-BC51-CAEBD5B5434C}\ProxyStubClsid32
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EC76FFFE-A40A-4DAA-BC51-CAEBD5B5434C}\TypeLib
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EC76FFFE-A40A-4DAA-BC51-CAEBD5B5434C}\TypeLib
Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{42D32C3C-E614-422E-A061-6BDB18A7165D}
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{42D32C3C-E614-422E-A061-6BDB18A7165D}\ProxyStubClsid32
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{42D32C3C-E614-422E-A061-6BDB18A7165D}\TypeLib
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{42D32C3C-E614-422E-A061-6BDB18A7165D}\TypeLib
Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{42D32C3C-E614-422E-A061-6BDB18A7165D}
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{42D32C3C-E614-422E-A061-6BDB18A7165D}\ProxyStubClsid32
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{42D32C3C-E614-422E-A061-6BDB18A7165D}\TypeLib
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{42D32C3C-E614-422E-A061-6BDB18A7165D}\TypeLib
Version
There are 66 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
4D00000
heap
page read and write
2F0F000
stack
page read and write
2F5B000
stack
page read and write
21C0000
heap
page read and write
400000
unkown
page readonly
18E000
unkown
page read and write
1E0000
heap
page read and write
2400000
heap
page read and write
2420000
heap
page read and write
140000
heap
page read and write
339E000
stack
page read and write
3210000
heap
page read and write
430000
heap
page read and write
29F0000
heap
page read and write
9B000
stack
page read and write
2E1E000
heap
page read and write
4480000
heap
page read and write
29AF000
stack
page read and write
401000
unkown
page execute read
41A000
unkown
page read and write
2DAE000
stack
page read and write
408000
unkown
page readonly
5E0000
heap
page read and write
326A000
heap
page read and write
530000
heap
page read and write
A1F000
stack
page read and write
2350000
heap
page read and write
10011000
unkown
page readonly
2E1C000
heap
page read and write
2E21000
heap
page read and write
2DFD000
heap
page read and write
2719000
heap
page read and write
6B0000
heap
page read and write
4F40000
heap
page read and write
2E7E000
heap
page read and write
26FD000
heap
page read and write
737000
heap
page read and write
431000
unkown
page readonly
269F000
stack
page read and write
416000
unkown
page readonly
2414000
heap
page read and write
400000
unkown
page readonly
6C0000
heap
page read and write
353F000
stack
page read and write
2719000
heap
page read and write
4CEF000
stack
page read and write
2730000
heap
page read and write
ADF000
stack
page read and write
289F000
stack
page read and write
2DEB000
heap
page read and write
2A7E000
heap
page read and write
4C6F000
stack
page read and write
2010000
heap
page read and write
2E16000
heap
page read and write
2CE5000
heap
page read and write
62E000
stack
page read and write
2E07000
heap
page read and write
5E6000
heap
page read and write
2D55000
heap
page read and write
510000
heap
page read and write
19D000
stack
page read and write
2CBA000
heap
page read and write
19A000
stack
page read and write
293C000
stack
page read and write
742000
heap
page read and write
2CE0000
heap
page read and write
820000
heap
page read and write
431000
unkown
page readonly
66E000
stack
page read and write
26E8000
heap
page read and write
2410000
heap
page read and write
737000
heap
page read and write
10000000
unkown
page readonly
75C000
heap
page read and write
400000
unkown
page readonly
726000
heap
page read and write
3200000
heap
page read and write
4C2E000
stack
page read and write
409000
unkown
page write copy
2E1D000
heap
page read and write
2018000
heap
page read and write
2E17000
heap
page read and write
261F000
stack
page read and write
42D000
unkown
page readonly
2D6E000
unkown
page read and write
400000
unkown
page readonly
2D2E000
unkown
page read and write
40A000
unkown
page write copy
211F000
stack
page read and write
728000
heap
page read and write
400000
unkown
page readonly
68E000
stack
page read and write
10016000
unkown
page readonly
22D0000
heap
page read and write
726000
heap
page read and write
401000
unkown
page execute read
29E0000
heap
page read and write
72B000
heap
page read and write
2F5E000
stack
page read and write
610000
heap
page read and write
2C53000
heap
page read and write
2BD5000
heap
page read and write
2358000
heap
page read and write
DC000
stack
page read and write
2727000
heap
page read and write
2016000
heap
page read and write
2455000
heap
page read and write
630000
heap
page read and write
6EE000
heap
page read and write
72B000
heap
page read and write
65E000
stack
page read and write
2356000
heap
page read and write
2DEC000
heap
page read and write
2E18000
heap
page read and write
416000
unkown
page readonly
33E0000
heap
page read and write
737000
heap
page read and write
26FC000
heap
page read and write
421000
unkown
page read and write
1F0000
heap
page read and write
4FC000
unkown
page readonly
734000
heap
page read and write
4FC000
unkown
page readonly
401000
unkown
page execute read
407000
unkown
page readonly
2F80000
heap
page read and write
29D0000
heap
page read and write
42D000
unkown
page readonly
42B000
unkown
page readonly
4CAE000
stack
page read and write
3600000
heap
page read and write
2DEB000
heap
page read and write
2700000
heap
page read and write
10001000
unkown
page execute read
2732000
heap
page read and write
2B15000
heap
page read and write
2DD0000
heap
page read and write
26DE000
stack
page read and write
28A0000
heap
page read and write
2719000
heap
page read and write
272B000
heap
page read and write
401000
unkown
page execute read
8DF000
stack
page read and write
73F000
heap
page read and write
9DF000
stack
page read and write
2730000
heap
page read and write
98000
stack
page read and write
707000
heap
page read and write
34FE000
stack
page read and write
2450000
heap
page read and write
1FEE000
stack
page read and write
2DEF000
heap
page read and write
2DD8000
heap
page read and write
400000
unkown
page readonly
738000
heap
page read and write
62E000
stack
page read and write
408000
unkown
page readonly
42B000
unkown
page readonly
5BE000
stack
page read and write
520000
heap
page read and write
401000
unkown
page execute read
407000
unkown
page readonly
9B000
stack
page read and write
19D000
stack
page read and write
10014000
unkown
page read and write
409000
unkown
page read and write
2E07000
heap
page read and write
2210000
heap
page read and write
6E0000
heap
page read and write
74A000
heap
page read and write
237E000
stack
page read and write
2A1B000
heap
page read and write
26FC000
heap
page read and write
2F9F000
stack
page read and write
2E07000
heap
page read and write
3260000
heap
page read and write
754000
heap
page read and write
82E000
heap
page read and write
36A0000
trusted library allocation
page read and write
6EA000
heap
page read and write
56E000
stack
page read and write
2DFD000
heap
page read and write
297C000
stack
page read and write
50E000
stack
page read and write
401000
unkown
page execute read
535000
heap
page read and write
1CF000
unkown
page read and write
2F4F000
heap
page read and write
2DFD000
heap
page read and write
704000
heap
page read and write
51E000
heap
page read and write
5E0000
heap
page read and write
5AE000
stack
page read and write
429000
unkown
page read and write
265E000
stack
page read and write
57E000
stack
page read and write
272F000
heap
page read and write
33DF000
stack
page read and write
440000
heap
page read and write
272B000
heap
page read and write
75F000
stack
page read and write
26E0000
heap
page read and write
2E1F000
heap
page read and write
2DEB000
heap
page read and write
2FC0000
heap
page read and write
40A000
unkown
page read and write
7CF000
stack
page read and write
9C000
stack
page read and write
82A000
heap
page read and write
41A000
unkown
page write copy
6DE000
stack
page read and write
2E1B000
heap
page read and write
2BCF000
heap
page read and write
1D0000
heap
page read and write
2F9C000
stack
page read and write
51A000
heap
page read and write
There are 206 hidden memdumps, click here to show them.