Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
9MgoW3Y1ti.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\UID Finder 6.11.66\UID Finder 6.11.66.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\Qt5OpenGL.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\Qt5WinExtras.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\Qt5Xml.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\QtAVWidgets1.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\avdevice-58.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-1KIT8.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-39U3O.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-3D4M0.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-4KSHT.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-823LG.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-EMQ3A.tmp
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-J8S40.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-PU0LK.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-TTPUD.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-U97AK.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-VS29P.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\libcurl.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\libeay32.dll (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\libmp3lame.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\mousehelper.dll (copy)
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\openh264.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\recordpadsoundrecorder32.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-M9SH4.tmp\_isetup\_RegDLL.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-M9SH4.tmp\_isetup\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-M9SH4.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-O879I.tmp\9MgoW3Y1ti.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\uit_66.dat
|
Non-ISO extended-ASCII text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\urc_66.dat
|
data
|
dropped
|
||
|
C:\ProgramData\ures-a.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\ures-b.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\Qt5Svg.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-377H9.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-3VSKS.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-DL0CV.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-G6H1M.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-HD7FV.tmp
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-J8GD3.tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-MH9PV.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-S4BNJ.tmp
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\msvcp120.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\msvcp140.dll (copy)
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\msvcp140_1.dll (copy)
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\msvcr120.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\openh264_license.txt (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\proportions.txt (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\unins000.dat
|
InnoSetup Log RecordPad Sound Recorder, version 0x30, 5497 bytes, 648351\user, "C:\Users\user\AppData\Local\RecordPad Sound
Recorder"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-M9SH4.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
There are 40 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\9MgoW3Y1ti.exe
|
"C:\Users\user\Desktop\9MgoW3Y1ti.exe"
|
|
|
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\recordpadsoundrecorder32.exe
|
"C:\Users\user\AppData\Local\RecordPad Sound Recorder\recordpadsoundrecorder32.exe" -i
|
|
|
|
C:\Users\user\AppData\Local\RecordPad Sound Recorder\recordpadsoundrecorder32.exe
|
"C:\Users\user\AppData\Local\RecordPad Sound Recorder\recordpadsoundrecorder32.exe" -s
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-O879I.tmp\9MgoW3Y1ti.tmp
|
"C:\Users\user\AppData\Local\Temp\is-O879I.tmp\9MgoW3Y1ti.tmp" /SL5="$203EC,4916934,54272,C:\Users\user\Desktop\9MgoW3Y1ti.exe"
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://aadolui.ru/search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978fe71ea771795af8e05c645db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608ff710c2e79c923c
|
94.156.8.14
|
|
|
|
aadolui.ru
|
|
||
|
http://aadolui.ru/search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e4908f4996148ab2865b77f80ebad9c40f7cb63037ed2ab423a43b4383ba915d911ec07bb606a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1e7949833c46791
|
94.156.8.14
|
|
|
|
http://www.innosetup.com/
|
unknown
|
||
|
http://cert.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.cer0
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
http://lame.sf.net32bits64bits
|
unknown
|
||
|
http://ocsp.thawte.com0
|
unknown
|
||
|
http://qt-project.org/xml/features/report-whitespace-only-CharData
|
unknown
|
||
|
http://xml.org/sax/features/namespaces
|
unknown
|
||
|
http://ocsps.ssl.com0?
|
unknown
|
||
|
http://94.156.8.14/search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d
|
unknown
|
||
|
http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0
|
unknown
|
||
|
http://xml.org/sax/features/namespaceshttp://xml.org/sax/features/namespace-prefixeshttp://trolltech
|
unknown
|
||
|
http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q
|
unknown
|
||
|
http://lame.sf.netB
|
unknown
|
||
|
http://ocsps.ssl.com0
|
unknown
|
||
|
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
|
unknown
|
||
|
http://xml.org/sax/features/namespace-prefixes
|
unknown
|
||
|
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
|
unknown
|
||
|
http://qtav.org2
|
unknown
|
||
|
https://curl.haxx.se/docs/http-cookies.html
|
unknown
|
||
|
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
|
unknown
|
||
|
http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
|
unknown
|
||
|
http://www.remobjects.com/psU
|
unknown
|
||
|
http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0
|
unknown
|
||
|
http://lame.sf.net
|
unknown
|
||
|
http://94.156.8.14/
|
unknown
|
||
|
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
|
https://www.thawte.com/cps0/
|
unknown
|
||
|
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
|
unknown
|
||
|
https://www.thawte.com/repository0W
|
unknown
|
||
|
http://qt-project.org/xml/features/report-start-end-entity
|
unknown
|
||
|
https://curl.haxx.se/docs/copyright.htmlD
|
unknown
|
||
|
https://curl.haxx.se/V
|
unknown
|
||
|
https://www.ssl.com/repository0
|
unknown
|
||
|
http://trolltech.com/xml/features/report-start-end-entity
|
unknown
|
||
|
http://www.mpegla.com
|
unknown
|
||
|
http://www.remobjects.com/ps
|
unknown
|
||
|
http://trolltech.com/xml/features/report-whitespace-only-CharData
|
unknown
|
||
|
http://crls.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.crl0
|
unknown
|
||
|
http://ocsps.ssl.com0Q
|
unknown
|
||
|
http://94.156.8.14/search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e4908f499
|
unknown
|
There are 34 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
aadolui.ru
|
94.156.8.14
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
94.156.8.14
|
aadolui.ru
|
Bulgaria
|
|
|
|
194.59.31.219
|
unknown
|
Germany
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
Inno Setup: App Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
Inno Setup: User
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
QuietUninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SVGALabel
|
uidf_i66_7
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SVGALabel
|
uidf_s66_2
|
There are 3 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
8B9000
|
heap
|
page read and write
|
|
|
|
B41000
|
direct allocation
|
page execute and read and write
|
|
|
|
B2D000
|
heap
|
page read and write
|
||
|
4D33000
|
direct allocation
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
B19000
|
heap
|
page read and write
|
||
|
4D27000
|
direct allocation
|
page read and write
|
||
|
9B0000
|
direct allocation
|
page read and write
|
||
|
695000
|
unkown
|
page execute and write copy
|
||
|
2094000
|
direct allocation
|
page read and write
|
||
|
B50E8F4000
|
stack
|
page read and write
|
||
|
B50EEFE000
|
stack
|
page read and write
|
||
|
B50EAF3000
|
stack
|
page read and write
|
||
|
31AF000
|
stack
|
page read and write
|
||
|
20A1000
|
direct allocation
|
page read and write
|
||
|
29EE000
|
heap
|
page read and write
|
||
|
2850000
|
heap
|
page read and write
|
||
|
36CF000
|
stack
|
page read and write
|
||
|
B50E7FE000
|
unkown
|
page readonly
|
||
|
CD4000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
69B000
|
unkown
|
page execute and write copy
|
||
|
AEA000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
83E000
|
stack
|
page read and write
|
||
|
26902427000
|
heap
|
page read and write
|
||
|
280E000
|
stack
|
page read and write
|
||
|
348E000
|
stack
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
2B70000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2690245A000
|
heap
|
page read and write
|
||
|
8C0000
|
direct allocation
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
710000
|
heap
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
B50E2FD000
|
stack
|
page read and write
|
||
|
C40000
|
direct allocation
|
page read and write
|
||
|
B50E5FE000
|
unkown
|
page readonly
|
||
|
26902C02000
|
trusted library allocation
|
page read and write
|
||
|
CF0000
|
direct allocation
|
page read and write
|
||
|
4D31000
|
direct allocation
|
page read and write
|
||
|
29E6000
|
heap
|
page read and write
|
||
|
69D000
|
unkown
|
page execute and write copy
|
||
|
9B000
|
stack
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
2690246F000
|
heap
|
page read and write
|
||
|
49BE000
|
stack
|
page read and write
|
||
|
2F6F000
|
stack
|
page read and write
|
||
|
2220000
|
direct allocation
|
page execute and read and write
|
||
|
411000
|
unkown
|
page readonly
|
||
|
3100000
|
direct allocation
|
page read and write
|
||
|
8D0000
|
direct allocation
|
page read and write
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
21C0000
|
heap
|
page read and write
|
||
|
4D2B000
|
direct allocation
|
page read and write
|
||
|
B7A000
|
direct allocation
|
page execute and read and write
|
||
|
4A6000
|
unkown
|
page readonly
|
||
|
26902485000
|
heap
|
page read and write
|
||
|
10002000
|
unkown
|
page readonly
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
697000
|
unkown
|
page execute and write copy
|
||
|
B50DD6C000
|
stack
|
page read and write
|
||
|
3388000
|
heap
|
page read and write
|
||
|
2490000
|
direct allocation
|
page read and write
|
||
|
40B000
|
unkown
|
page write copy
|
||
|
2690242B000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
49FE000
|
stack
|
page read and write
|
||
|
2690247E000
|
heap
|
page read and write
|
||
|
8D2000
|
direct allocation
|
page read and write
|
||
|
4C9000
|
unkown
|
page readonly
|
||
|
5FE000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
26902340000
|
heap
|
page read and write
|
||
|
B50ECF4000
|
stack
|
page read and write
|
||
|
2530000
|
direct allocation
|
page read and write
|
||
|
3100000
|
direct allocation
|
page read and write
|
||
|
59E000
|
heap
|
page read and write
|
||
|
26902413000
|
heap
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
2128000
|
direct allocation
|
page read and write
|
||
|
B50E3FE000
|
unkown
|
page readonly
|
||
|
59A000
|
heap
|
page read and write
|
||
|
6A1000
|
unkown
|
page execute and write copy
|
||
|
29F2000
|
heap
|
page read and write
|
||
|
494000
|
unkown
|
page write copy
|
||
|
26902240000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
695000
|
unkown
|
page execute and write copy
|
||
|
61D000
|
heap
|
page read and write
|
||
|
24A0000
|
heap
|
page read and write
|
||
|
25D0000
|
direct allocation
|
page read and write
|
||
|
215C000
|
direct allocation
|
page read and write
|
||
|
2BB2000
|
heap
|
page read and write
|
||
|
4C90000
|
trusted library allocation
|
page read and write
|
||
|
274B000
|
stack
|
page read and write
|
||
|
2680000
|
heap
|
page read and write
|
||
|
358F000
|
stack
|
page read and write
|
||
|
278E000
|
stack
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
306D000
|
stack
|
page read and write
|
||
|
BDF000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
699000
|
unkown
|
page execute and write copy
|
||
|
586000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
B50E4FE000
|
stack
|
page read and write
|
||
|
2A02000
|
heap
|
page read and write
|
||
|
B50EBFE000
|
unkown
|
page readonly
|
||
|
B50F1FE000
|
unkown
|
page readonly
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
2110000
|
direct allocation
|
page read and write
|
||
|
2090000
|
direct allocation
|
page read and write
|
||
|
26902400000
|
heap
|
page read and write
|
||
|
2250000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
496000
|
unkown
|
page read and write
|
||
|
4D2D000
|
direct allocation
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page read and write
|
||
|
31EE000
|
stack
|
page read and write
|
||
|
6A1000
|
unkown
|
page execute and write copy
|
||
|
870000
|
heap
|
page read and write
|
||
|
3410000
|
heap
|
page read and write
|
||
|
69F000
|
unkown
|
page execute and write copy
|
||
|
22A0000
|
heap
|
page read and write
|
||
|
4C3000
|
unkown
|
page write copy
|
||
|
22A5000
|
heap
|
page read and write
|
||
|
CE0000
|
direct allocation
|
page read and write
|
||
|
5BD000
|
heap
|
page read and write
|
||
|
A30000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
29E8000
|
heap
|
page read and write
|
||
|
A48000
|
heap
|
page read and write
|
||
|
4A6000
|
unkown
|
page readonly
|
||
|
26902370000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
4AFF000
|
stack
|
page read and write
|
||
|
85C000
|
stack
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
22A9000
|
heap
|
page read and write
|
||
|
4D29000
|
direct allocation
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
26902502000
|
heap
|
page read and write
|
||
|
18E000
|
stack
|
page read and write
|
||
|
2154000
|
direct allocation
|
page read and write
|
||
|
6A3000
|
unkown
|
page execute and write copy
|
||
|
4C0000
|
unkown
|
page readonly
|
||
|
2128000
|
direct allocation
|
page read and write
|
||
|
4D45000
|
direct allocation
|
page read and write
|
||
|
4D2F000
|
direct allocation
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
494000
|
unkown
|
page read and write
|
||
|
2118000
|
direct allocation
|
page read and write
|
||
|
30AE000
|
stack
|
page read and write
|
||
|
498000
|
unkown
|
page write copy
|
||
|
5FA000
|
heap
|
page read and write
|
||
|
B37000
|
heap
|
page read and write
|
||
|
48BE000
|
stack
|
page read and write
|
||
|
4C5000
|
unkown
|
page write copy
|
||
|
2350000
|
direct allocation
|
page read and write
|
||
|
697000
|
unkown
|
page execute and write copy
|
||
|
26902402000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
411000
|
unkown
|
page readonly
|
||
|
2260000
|
heap
|
page read and write
|
||
|
B50EFFE000
|
unkown
|
page readonly
|
||
|
20A8000
|
direct allocation
|
page read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
2142000
|
direct allocation
|
page read and write
|
||
|
4C90000
|
direct allocation
|
page read and write
|
||
|
24E1000
|
heap
|
page read and write
|
||
|
61D000
|
heap
|
page read and write
|
||
|
B50EDFE000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
25B0000
|
direct allocation
|
page read and write
|
||
|
3364000
|
heap
|
page read and write
|
||
|
87E000
|
stack
|
page read and write
|
||
|
211C000
|
direct allocation
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
3354000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
27CE000
|
stack
|
page read and write
|
||
|
B50F0FE000
|
stack
|
page read and write
|
||
|
69B000
|
unkown
|
page execute and write copy
|
||
|
540000
|
heap
|
page read and write
|
||
|
2E6E000
|
stack
|
page read and write
|
||
|
4D35000
|
direct allocation
|
page read and write
|
||
|
8B0000
|
direct allocation
|
page read and write
|
||
|
621000
|
heap
|
page read and write
|
||
|
CC0000
|
direct allocation
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
B50F2FE000
|
unkown
|
page readonly
|
||
|
253B000
|
direct allocation
|
page read and write
|
||
|
69F000
|
unkown
|
page execute and write copy
|
||
|
4C9000
|
unkown
|
page readonly
|
||
|
C4B000
|
direct allocation
|
page read and write
|
||
|
B50E6F4000
|
stack
|
page read and write
|
||
|
5AA000
|
unkown
|
page execute and write copy
|
||
|
8A6000
|
heap
|
page read and write
|
||
|
2780000
|
trusted library allocation
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
699000
|
unkown
|
page execute and write copy
|
||
|
6A3000
|
unkown
|
page execute and write copy
|
||
|
69D000
|
unkown
|
page execute and write copy
|
||
|
2140000
|
direct allocation
|
page read and write
|
||
|
26902468000
|
heap
|
page read and write
|
||
|
24B0000
|
direct allocation
|
page read and write
|
||
|
ADE000
|
stack
|
page read and write
|
||
|
29EC000
|
heap
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
CE2000
|
direct allocation
|
page read and write
|
||
|
5AA000
|
unkown
|
page execute and write copy
|
||
|
6B3000
|
unkown
|
page execute and write copy
|
||
|
6B3000
|
unkown
|
page execute and write copy
|
||
|
19D000
|
stack
|
page read and write
|
||
|
4C0000
|
unkown
|
page readonly
|
||
|
420000
|
heap
|
page read and write
|
||
|
B50F27E000
|
stack
|
page read and write
|
||
|
4C5000
|
unkown
|
page write copy
|
||
|
4C3000
|
unkown
|
page write copy
|
||
|
35CE000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
29D1000
|
heap
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
B50E9FE000
|
unkown
|
page readonly
|
||
|
24A4000
|
heap
|
page read and write
|
||
|
26902260000
|
heap
|
page read and write
|
||
|
26902440000
|
heap
|
page read and write
|
||
|
29E4000
|
heap
|
page read and write
|
||
|
2117000
|
direct allocation
|
page read and write
|
||
|
40B000
|
unkown
|
page execute and read and write
|
||
|
3359000
|
heap
|
page read and write
|
||
|
2820000
|
heap
|
page read and write
|
||
|
20A1000
|
direct allocation
|
page read and write
|
||
|
2430000
|
heap
|
page read and write
|
||
|
32EF000
|
stack
|
page read and write
|
||
|
4860000
|
heap
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
2350000
|
direct allocation
|
page read and write
|
||
|
29EA000
|
heap
|
page read and write
|
||
|
2434000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page execute and read and write
|
||
|
8E8000
|
heap
|
page read and write
|
There are 242 hidden memdumps, click here to show them.