Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
36yjawe0S4.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.chk
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
MPEG-4 LOAS
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0x58f32c8c, page size 16384, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
|
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
|
modified
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32.exe /s C:\Users\user\Desktop\36yjawe0S4.dll
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\36yjawe0S4.dll",#1
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\36yjawe0S4.dll,DllRegisterServer
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\36yjawe0S4.dll,DllUnregisterServer
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\YCpmlPcQEhLz\SNMvZ.dll"
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k NetworkService -p
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k unistacksvcgroup
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k localservice -s W32Time
|
|
|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\36yjawe0S4.dll"
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\36yjawe0S4.dll",#1
|
||
|
C:\Windows\System32\SgrmBroker.exe
|
C:\Windows\system32\SgrmBroker.exe
|
||
|
C:\Program Files\Windows Defender\MpCmdRun.exe
|
"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 8 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://23.239.0.12//
|
unknown
|
|
|
|
https://23.239.0.12/h
|
unknown
|
|
|
|
https://23.239.0.12/
|
23.239.0.12
|
|
|
|
https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Routes/
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/Driving
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Traffic/Incidents/
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Transit/Stops/
|
unknown
|
||
|
https://t0.tiles.ditu.live.com/tiles/gen
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/Walking
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
|
unknown
|
||
|
https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
|
unknown
|
||
|
https://%s.xboxlive.com
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Locations
|
unknown
|
||
|
https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
|
unknown
|
||
|
https://dev.virtualearth.net/mapcontrol/logging.ashx
|
unknown
|
||
|
https://dev.ditu.live.com/mapcontrol/logging.ashx
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
|
unknown
|
||
|
https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Transit/Schedules/
|
unknown
|
||
|
https://dynamic.t
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/Transit
|
unknown
|
||
|
https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
|
unknown
|
||
|
http://www.bingmapsportal.comsv
|
unknown
|
||
|
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
|
unknown
|
||
|
https://activity.windows.com
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Locations
|
unknown
|
||
|
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
|
unknown
|
||
|
https://%s.dnet.xboxlive.com
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
|
unknown
|
||
|
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
|
unknown
|
There are 30 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
time.windows.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
23.239.0.12
|
unknown
|
United States
|
|
|
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
|
cval
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
|
cval
|
|
|
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\System32\ci.dll,-100
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\System32\ci.dll,-101
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\system32\dnsapi.dll,-103
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-843
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-844
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\system32\NgcRecovery.dll,-100
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage
|
MonthID
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\Config
|
LastKnownGoodTime
|
There are 3 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
22323800000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
1C182840000
|
direct allocation
|
page execute and read and write
|
|
|
|
960000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
1250000
|
direct allocation
|
page execute and read and write
|
|
|
|
219B6C5A000
|
heap
|
page read and write
|
||
|
23AEB590000
|
heap
|
page read and write
|
||
|
1A1B08D8000
|
heap
|
page read and write
|
||
|
1FFB2857000
|
heap
|
page read and write
|
||
|
2073B110000
|
trusted library allocation
|
page read and write
|
||
|
7FFFEFB51000
|
unkown
|
page execute read
|
||
|
23AEB6C0000
|
heap
|
page read and write
|
||
|
23AEB7E7000
|
heap
|
page read and write
|
||
|
235E0C65000
|
heap
|
page read and write
|
||
|
23AEB7D2000
|
heap
|
page read and write
|
||
|
21D8067C000
|
heap
|
page read and write
|
||
|
7FFFEFBA6000
|
unkown
|
page read and write
|
||
|
8F691FC000
|
stack
|
page read and write
|
||
|
1C181090000
|
heap
|
page read and write
|
||
|
21D80702000
|
heap
|
page read and write
|
||
|
1C181070000
|
direct allocation
|
page execute and read and write
|
||
|
12A0000
|
heap
|
page read and write
|
||
|
1C180F19000
|
heap
|
page read and write
|
||
|
20740910000
|
trusted library allocation
|
page read and write
|
||
|
7FFFEFB50000
|
unkown
|
page readonly
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
7FFFEFBA2000
|
unkown
|
page readonly
|
||
|
110C000
|
heap
|
page read and write
|
||
|
223233F0000
|
heap
|
page read and write
|
||
|
321E000
|
stack
|
page read and write
|
||
|
22325034000
|
heap
|
page read and write
|
||
|
22323855000
|
heap
|
page read and write
|
||
|
1DECF280000
|
remote allocation
|
page read and write
|
||
|
235E0C88000
|
heap
|
page read and write
|
||
|
23AEB7C2000
|
heap
|
page read and write
|
||
|
270F000
|
stack
|
page read and write
|
||
|
D8CC57E000
|
stack
|
page read and write
|
||
|
235E0CBB000
|
heap
|
page read and write
|
||
|
20740AF9000
|
heap
|
page read and write
|
||
|
23AEB7DD000
|
heap
|
page read and write
|
||
|
7FFFEFBA9000
|
unkown
|
page readonly
|
||
|
1A1B0870000
|
trusted library allocation
|
page read and write
|
||
|
2073BA00000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
219B6C13000
|
heap
|
page read and write
|
||
|
23AEE963000
|
heap
|
page read and write
|
||
|
2073B276000
|
heap
|
page read and write
|
||
|
1DECEA13000
|
heap
|
page read and write
|
||
|
20BB1802000
|
heap
|
page read and write
|
||
|
1220000
|
heap
|
page read and write
|
||
|
9B32D7D000
|
stack
|
page read and write
|
||
|
1FFB2840000
|
heap
|
page read and write
|
||
|
1F8E6067000
|
heap
|
page read and write
|
||
|
1FFB2875000
|
heap
|
page read and write
|
||
|
3874FE000
|
stack
|
page read and write
|
||
|
22323480000
|
direct allocation
|
page execute and read and write
|
||
|
21D80480000
|
heap
|
page read and write
|
||
|
20740AA0000
|
heap
|
page read and write
|
||
|
219B6C02000
|
heap
|
page read and write
|
||
|
1F8E6075000
|
heap
|
page read and write
|
||
|
268E000
|
stack
|
page read and write
|
||
|
1000000
|
heap
|
page read and write
|
||
|
1A1B0942000
|
heap
|
page read and write
|
||
|
1F8E6802000
|
trusted library allocation
|
page read and write
|
||
|
1DC677E000
|
stack
|
page read and write
|
||
|
235E1500000
|
heap
|
page read and write
|
||
|
2073B2B0000
|
heap
|
page read and write
|
||
|
1C181095000
|
heap
|
page read and write
|
||
|
D8CC8FF000
|
stack
|
page read and write
|
||
|
1A1B091D000
|
heap
|
page read and write
|
||
|
DD0000
|
remote allocation
|
page read and write
|
||
|
207407E0000
|
trusted library allocation
|
page read and write
|
||
|
AA59DFE000
|
stack
|
page read and write
|
||
|
21D8066E000
|
heap
|
page read and write
|
||
|
21D8066C000
|
heap
|
page read and write
|
||
|
1A1B0BC9000
|
heap
|
page read and write
|
||
|
A23027F000
|
stack
|
page read and write
|
||
|
110C000
|
heap
|
page read and write
|
||
|
21D80E02000
|
trusted library allocation
|
page read and write
|
||
|
219B6BB0000
|
trusted library allocation
|
page read and write
|
||
|
1082000
|
heap
|
page read and write
|
||
|
A23017E000
|
stack
|
page read and write
|
||
|
235E0CC2000
|
heap
|
page read and write
|
||
|
3C896FF000
|
stack
|
page read and write
|
||
|
329B000
|
stack
|
page read and write
|
||
|
1DECE940000
|
heap
|
page read and write
|
||
|
1A1B17B0000
|
trusted library allocation
|
page read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
1FFB2800000
|
heap
|
page read and write
|
||
|
AA59E7C000
|
stack
|
page read and write
|
||
|
1C181080000
|
heap
|
page readonly
|
||
|
207408D0000
|
trusted library allocation
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
21D80668000
|
heap
|
page read and write
|
||
|
20BB184B000
|
heap
|
page read and write
|
||
|
219B6A20000
|
heap
|
page read and write
|
||
|
2073B23D000
|
heap
|
page read and write
|
||
|
1DC667B000
|
stack
|
page read and write
|
||
|
21D80640000
|
heap
|
page read and write
|
||
|
219B6C59000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
CFF3AFC000
|
stack
|
page read and write
|
||
|
12B0000
|
trusted library allocation
|
page read and write
|
||
|
110A000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
207407D4000
|
trusted library allocation
|
page read and write
|
||
|
20740AF9000
|
heap
|
page read and write
|
||
|
20740A16000
|
heap
|
page read and write
|
||
|
23AEB7CC000
|
heap
|
page read and write
|
||
|
23AEB7C2000
|
heap
|
page read and write
|
||
|
1FDB8D0D000
|
heap
|
page read and write
|
||
|
23AEB580000
|
heap
|
page read and write
|
||
|
1FFB2710000
|
heap
|
page read and write
|
||
|
20BB1740000
|
heap
|
page read and write
|
||
|
219B6BE0000
|
remote allocation
|
page read and write
|
||
|
CFF37FF000
|
stack
|
page read and write
|
||
|
10AF000
|
heap
|
page read and write
|
||
|
21D80646000
|
heap
|
page read and write
|
||
|
1F8E605B000
|
heap
|
page read and write
|
||
|
2073B1E1000
|
trusted library allocation
|
page read and write
|
||
|
A22FDD6000
|
stack
|
page read and write
|
||
|
12E5000
|
heap
|
page read and write
|
||
|
7FFFEFBA9000
|
unkown
|
page readonly
|
||
|
1F8E6041000
|
heap
|
page read and write
|
||
|
20740ABD000
|
heap
|
page read and write
|
||
|
8AD6F7E000
|
stack
|
page read and write
|
||
|
21D8063A000
|
heap
|
page read and write
|
||
|
23AEE960000
|
heap
|
page read and write
|
||
|
38757E000
|
stack
|
page read and write
|
||
|
20740B02000
|
heap
|
page read and write
|
||
|
224E000
|
stack
|
page read and write
|
||
|
20BB1870000
|
heap
|
page read and write
|
||
|
2232351D000
|
heap
|
page read and write
|
||
|
7FFFEFB51000
|
unkown
|
page execute read
|
||
|
1C180F10000
|
heap
|
page read and write
|
||
|
9B32FFF000
|
stack
|
page read and write
|
||
|
7FFFEFBA9000
|
unkown
|
page readonly
|
||
|
1A1B06A0000
|
heap
|
page read and write
|
||
|
8AD6FF9000
|
stack
|
page read and write
|
||
|
21D80663000
|
heap
|
page read and write
|
||
|
235E0A80000
|
heap
|
page read and write
|
||
|
2073B2B0000
|
heap
|
page read and write
|
||
|
A2301FC000
|
stack
|
page read and write
|
||
|
21D80670000
|
heap
|
page read and write
|
||
|
8F69E7A000
|
stack
|
page read and write
|
||
|
207406A0000
|
trusted library allocation
|
page read and write
|
||
|
8F6977C000
|
stack
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
219B6C40000
|
heap
|
page read and write
|
||
|
331E000
|
stack
|
page read and write
|
||
|
7FFFEFBA6000
|
unkown
|
page read and write
|
||
|
3320000
|
heap
|
page read and write
|
||
|
1240000
|
direct allocation
|
page execute and read and write
|
||
|
23AEB7B6000
|
heap
|
page read and write
|
||
|
20740620000
|
trusted library allocation
|
page read and write
|
||
|
1C180F70000
|
heap
|
page read and write
|
||
|
D8CC9FA000
|
stack
|
page read and write
|
||
|
1A1B092E000
|
heap
|
page read and write
|
||
|
1DC6BFE000
|
stack
|
page read and write
|
||
|
AA5A07E000
|
stack
|
page read and write
|
||
|
20BB1853000
|
heap
|
page read and write
|
||
|
8AD6E79000
|
stack
|
page read and write
|
||
|
7FFFEFBA2000
|
unkown
|
page readonly
|
||
|
20740A3F000
|
heap
|
page read and write
|
||
|
1F8E5F00000
|
heap
|
page read and write
|
||
|
20BB1750000
|
heap
|
page read and write
|
||
|
207408F0000
|
trusted library allocation
|
page read and write
|
||
|
110A000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
219B6C5A000
|
heap
|
page read and write
|
||
|
8F6A07D000
|
stack
|
page read and write
|
||
|
23AEB7BE000
|
heap
|
page read and write
|
||
|
7FFFEFBA6000
|
unkown
|
page read and write
|
||
|
21D80641000
|
heap
|
page read and write
|
||
|
8AD6EFA000
|
stack
|
page read and write
|
||
|
235E1402000
|
heap
|
page read and write
|
||
|
A25000
|
heap
|
page read and write
|
||
|
21D80632000
|
heap
|
page read and write
|
||
|
207407B8000
|
trusted library allocation
|
page read and write
|
||
|
10DB000
|
heap
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
1A1B0BB0000
|
trusted library allocation
|
page read and write
|
||
|
3FDFFFF000
|
stack
|
page read and write
|
||
|
21D8063D000
|
heap
|
page read and write
|
||
|
9B32BFF000
|
stack
|
page read and write
|
||
|
20740610000
|
trusted library allocation
|
page read and write
|
||
|
207407B0000
|
trusted library allocation
|
page read and write
|
||
|
20BB1800000
|
heap
|
page read and write
|
||
|
2073AFA0000
|
heap
|
page read and write
|
||
|
235E0A10000
|
heap
|
page read and write
|
||
|
2073C600000
|
trusted library allocation
|
page read and write
|
||
|
12B0000
|
trusted library allocation
|
page read and write
|
||
|
2073B302000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
21D80664000
|
heap
|
page read and write
|
||
|
7FFFEFBA2000
|
unkown
|
page readonly
|
||
|
20740C20000
|
trusted library allocation
|
page read and write
|
||
|
22325030000
|
heap
|
page read and write
|
||
|
1C182960000
|
heap
|
page read and write
|
||
|
1FDB8D13000
|
heap
|
page read and write
|
||
|
2073B28A000
|
heap
|
page read and write
|
||
|
7FFFEFB51000
|
unkown
|
page execute read
|
||
|
21D8064D000
|
heap
|
page read and write
|
||
|
1DECEB02000
|
heap
|
page read and write
|
||
|
319E000
|
stack
|
page read and write
|
||
|
23AEB7CC000
|
heap
|
page read and write
|
||
|
2073B2F9000
|
heap
|
page read and write
|
||
|
219B6A30000
|
heap
|
page read and write
|
||
|
20740A2B000
|
heap
|
page read and write
|
||
|
2073B2A8000
|
heap
|
page read and write
|
||
|
1DC69FE000
|
stack
|
page read and write
|
||
|
1A1B1530000
|
trusted library allocation
|
page read and write
|
||
|
219B6C60000
|
heap
|
page read and write
|
||
|
9B32EFD000
|
stack
|
page read and write
|
||
|
20740A00000
|
heap
|
page read and write
|
||
|
20740AE5000
|
heap
|
page read and write
|
||
|
7FFFEFB50000
|
unkown
|
page readonly
|
||
|
1DECEA3D000
|
heap
|
page read and write
|
||
|
E67ADEE000
|
stack
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
23AEB7C8000
|
heap
|
page read and write
|
||
|
20740880000
|
trusted library allocation
|
page read and write
|
||
|
1A1B091D000
|
heap
|
page read and write
|
||
|
2073C1E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFFEFB50000
|
unkown
|
page readonly
|
||
|
23AEB7A9000
|
heap
|
page read and write
|
||
|
1FDB8C90000
|
heap
|
page read and write
|
||
|
8F695F7000
|
stack
|
page read and write
|
||
|
21D8066A000
|
heap
|
page read and write
|
||
|
7FFFEFBA9000
|
unkown
|
page readonly
|
||
|
21D80600000
|
heap
|
page read and write
|
||
|
70B000
|
heap
|
page read and write
|
||
|
1F8E6102000
|
heap
|
page read and write
|
||
|
2073C603000
|
trusted library allocation
|
page read and write
|
||
|
21D80685000
|
heap
|
page read and write
|
||
|
207407B0000
|
trusted library allocation
|
page read and write
|
||
|
235E0A20000
|
heap
|
page read and write
|
||
|
2073B257000
|
heap
|
page read and write
|
||
|
1082000
|
heap
|
page read and write
|
||
|
2073B314000
|
heap
|
page read and write
|
||
|
2073BB58000
|
heap
|
page read and write
|
||
|
219B6BE0000
|
remote allocation
|
page read and write
|
||
|
235E0C13000
|
heap
|
page read and write
|
||
|
1DECF280000
|
remote allocation
|
page read and write
|
||
|
219B6D02000
|
heap
|
page read and write
|
||
|
21D80662000
|
heap
|
page read and write
|
||
|
8F6997E000
|
stack
|
page read and write
|
||
|
1FFB2FB0000
|
trusted library allocation
|
page read and write
|
||
|
279E000
|
stack
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
219B85A0000
|
trusted library allocation
|
page read and write
|
||
|
219B8702000
|
heap
|
page read and write
|
||
|
E67ACEB000
|
stack
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
10DB000
|
heap
|
page read and write
|
||
|
2073BB59000
|
heap
|
page read and write
|
||
|
207407D1000
|
trusted library allocation
|
page read and write
|
||
|
764000
|
heap
|
page read and write
|
||
|
235E0C67000
|
heap
|
page read and write
|
||
|
207408A0000
|
trusted library allocation
|
page read and write
|
||
|
1DECE950000
|
heap
|
page read and write
|
||
|
1C181010000
|
heap
|
page read and write
|
||
|
2073B287000
|
heap
|
page read and write
|
||
|
20740B00000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
1DECEA02000
|
heap
|
page read and write
|
||
|
2BC0000
|
remote allocation
|
page read and write
|
||
|
22323490000
|
heap
|
page readonly
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
1DECE9E0000
|
trusted library allocation
|
page read and write
|
||
|
2BD4000
|
heap
|
page read and write
|
||
|
990000
|
heap
|
page readonly
|
||
|
23AEB7B9000
|
heap
|
page read and write
|
||
|
20BB183F000
|
heap
|
page read and write
|
||
|
1F8E6013000
|
heap
|
page read and write
|
||
|
22323500000
|
heap
|
page read and write
|
||
|
1C181050000
|
heap
|
page read and write
|
||
|
22CE000
|
stack
|
page read and write
|
||
|
3FE01FE000
|
stack
|
page read and write
|
||
|
1DECEA53000
|
heap
|
page read and write
|
||
|
21D80420000
|
heap
|
page read and write
|
||
|
21D8065A000
|
heap
|
page read and write
|
||
|
D8CCCFE000
|
stack
|
page read and write
|
||
|
3FDFEFB000
|
stack
|
page read and write
|
||
|
21D80675000
|
heap
|
page read and write
|
||
|
9B32C7C000
|
stack
|
page read and write
|
||
|
1FFB2802000
|
heap
|
page read and write
|
||
|
219B6D29000
|
heap
|
page read and write
|
||
|
1DECEA00000
|
heap
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
223234A0000
|
heap
|
page read and write
|
||
|
D8CC4FC000
|
stack
|
page read and write
|
||
|
2BD0000
|
heap
|
page read and write
|
||
|
22323460000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
2073B307000
|
heap
|
page read and write
|
||
|
1DECEA4D000
|
heap
|
page read and write
|
||
|
20BB17B0000
|
heap
|
page read and write
|
||
|
219B6D00000
|
heap
|
page read and write
|
||
|
20BB1902000
|
heap
|
page read and write
|
||
|
20BB1857000
|
heap
|
page read and write
|
||
|
235E0C00000
|
heap
|
page read and write
|
||
|
23AEB770000
|
heap
|
page read and write
|
||
|
21D80658000
|
heap
|
page read and write
|
||
|
1F8E6000000
|
heap
|
page read and write
|
||
|
3C899FF000
|
stack
|
page read and write
|
||
|
7FFFEFBA2000
|
unkown
|
page readonly
|
||
|
1A1B1760000
|
trusted library allocation
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
21D80629000
|
heap
|
page read and write
|
||
|
20740880000
|
trusted library allocation
|
page read and write
|
||
|
1FFB26A0000
|
heap
|
page read and write
|
||
|
23AEB7A0000
|
heap
|
page read and write
|
||
|
22323410000
|
heap
|
page read and write
|
||
|
20740ABE000
|
heap
|
page read and write
|
||
|
8AD6C7B000
|
stack
|
page read and write
|
||
|
21D80659000
|
heap
|
page read and write
|
||
|
D8CCBFE000
|
stack
|
page read and write
|
||
|
223234A8000
|
heap
|
page read and write
|
||
|
D8CC5FE000
|
stack
|
page read and write
|
||
|
3C893FD000
|
stack
|
page read and write
|
||
|
E67AD6D000
|
stack
|
page read and write
|
||
|
219B6C84000
|
heap
|
page read and write
|
||
|
20BB2070000
|
remote allocation
|
page read and write
|
||
|
23AEB6E0000
|
heap
|
page read and write
|
||
|
1C180DA0000
|
heap
|
page read and write
|
||
|
1FFB2902000
|
heap
|
page read and write
|
||
|
20740A62000
|
heap
|
page read and write
|
||
|
20740AF5000
|
heap
|
page read and write
|
||
|
1FFB26B0000
|
heap
|
page read and write
|
||
|
20BB1859000
|
heap
|
page read and write
|
||
|
1A1B08D0000
|
heap
|
page read and write
|
||
|
207407F4000
|
trusted library allocation
|
page read and write
|
||
|
3C8917B000
|
stack
|
page read and write
|
||
|
9B331FF000
|
stack
|
page read and write
|
||
|
AA5A0FE000
|
stack
|
page read and write
|
||
|
2073BB13000
|
heap
|
page read and write
|
||
|
21D8065C000
|
heap
|
page read and write
|
||
|
20BB2202000
|
trusted library allocation
|
page read and write
|
||
|
2073B273000
|
heap
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
219B6B90000
|
trusted library allocation
|
page read and write
|
||
|
1DC66FE000
|
stack
|
page read and write
|
||
|
21D8067E000
|
heap
|
page read and write
|
||
|
207407E0000
|
trusted library allocation
|
page read and write
|
||
|
219B6C4A000
|
heap
|
page read and write
|
||
|
23AEB7B9000
|
heap
|
page read and write
|
||
|
21D80647000
|
heap
|
page read and write
|
||
|
2073B29D000
|
heap
|
page read and write
|
||
|
281B000
|
stack
|
page read and write
|
||
|
1F8E6002000
|
heap
|
page read and write
|
||
|
235E0C43000
|
heap
|
page read and write
|
||
|
1DECF280000
|
remote allocation
|
page read and write
|
||
|
1A1B0880000
|
trusted library allocation
|
page read and write
|
||
|
387186000
|
stack
|
page read and write
|
||
|
20740C00000
|
trusted library allocation
|
page read and write
|
||
|
219B6C49000
|
heap
|
page read and write
|
||
|
1A1B0BC0000
|
heap
|
page read and write
|
||
|
1DECF402000
|
trusted library allocation
|
page read and write
|
||
|
1280000
|
heap
|
page readonly
|
||
|
2BC0000
|
remote allocation
|
page read and write
|
||
|
219B8602000
|
heap
|
page read and write
|
||
|
3C897FF000
|
stack
|
page read and write
|
||
|
2073B325000
|
heap
|
page read and write
|
||
|
22323538000
|
heap
|
page read and write
|
||
|
301C000
|
stack
|
page read and write
|
||
|
1A1B0800000
|
heap
|
page read and write
|
||
|
20740900000
|
trusted library allocation
|
page read and write
|
||
|
8F6987A000
|
stack
|
page read and write
|
||
|
6B5000
|
stack
|
page read and write
|
||
|
20BB1828000
|
heap
|
page read and write
|
||
|
2073BB04000
|
heap
|
page read and write
|
||
|
223234E2000
|
heap
|
page read and write
|
||
|
20740910000
|
remote allocation
|
page read and write
|
||
|
235E0CCC000
|
heap
|
page read and write
|
||
|
2073B200000
|
heap
|
page read and write
|
||
|
219B6BE0000
|
remote allocation
|
page read and write
|
||
|
2073B213000
|
heap
|
page read and write
|
||
|
9B324DB000
|
stack
|
page read and write
|
||
|
219B6D13000
|
heap
|
page read and write
|
||
|
2073BB00000
|
heap
|
page read and write
|
||
|
10CF000
|
heap
|
page read and write
|
||
|
3C88D7B000
|
stack
|
page read and write
|
||
|
21D8065F000
|
heap
|
page read and write
|
||
|
725000
|
heap
|
page read and write
|
||
|
235E0CE2000
|
heap
|
page read and write
|
||
|
20740AD5000
|
heap
|
page read and write
|
||
|
2073B2F9000
|
heap
|
page read and write
|
||
|
7FFFEFB51000
|
unkown
|
page execute read
|
||
|
110A000
|
heap
|
page read and write
|
||
|
21D80676000
|
heap
|
page read and write
|
||
|
235E0C6E000
|
heap
|
page read and write
|
||
|
235E0D02000
|
heap
|
page read and write
|
||
|
20740A20000
|
heap
|
page read and write
|
||
|
8F69B7B000
|
stack
|
page read and write
|
||
|
2073C610000
|
trusted library allocation
|
page read and write
|
||
|
23AEEA30000
|
trusted library allocation
|
page read and write
|
||
|
110C000
|
heap
|
page read and write
|
||
|
219B6C2A000
|
heap
|
page read and write
|
||
|
1C182964000
|
heap
|
page read and write
|
||
|
1048000
|
heap
|
page read and write
|
||
|
207408C0000
|
trusted library allocation
|
page read and write
|
||
|
20BB2070000
|
remote allocation
|
page read and write
|
||
|
23AEB7E7000
|
heap
|
page read and write
|
||
|
3875FE000
|
stack
|
page read and write
|
||
|
23AEF230000
|
heap
|
page read and write
|
||
|
20740A87000
|
heap
|
page read and write
|
||
|
10DB000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
23AEB59B000
|
heap
|
page read and write
|
||
|
2073B26E000
|
heap
|
page read and write
|
||
|
20BB1813000
|
heap
|
page read and write
|
||
|
1F8E67A0000
|
trusted library allocation
|
page read and write
|
||
|
9B32AFF000
|
stack
|
page read and write
|
||
|
CFF38FE000
|
stack
|
page read and write
|
||
|
219B6C4A000
|
heap
|
page read and write
|
||
|
235E0C29000
|
heap
|
page read and write
|
||
|
3876FB000
|
stack
|
page read and write
|
||
|
9B328FC000
|
stack
|
page read and write
|
||
|
DA4000
|
stack
|
page read and write
|
||
|
CFF39FE000
|
stack
|
page read and write
|
||
|
3C898FF000
|
stack
|
page read and write
|
||
|
AA5A1FD000
|
stack
|
page read and write
|
||
|
1DC6AFF000
|
stack
|
page read and write
|
||
|
D8CCAFF000
|
stack
|
page read and write
|
||
|
1DECE9B0000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
207407BE000
|
trusted library allocation
|
page read and write
|
||
|
22323380000
|
heap
|
page read and write
|
||
|
1A1B1740000
|
heap
|
page readonly
|
||
|
CFF3DFD000
|
stack
|
page read and write
|
||
|
2073BB18000
|
heap
|
page read and write
|
||
|
D8CCDFA000
|
stack
|
page read and write
|
||
|
AA5997B000
|
stack
|
page read and write
|
||
|
22324ED0000
|
heap
|
page read and write
|
||
|
3C892FE000
|
stack
|
page read and write
|
||
|
207407F0000
|
trusted library allocation
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
1F8E5E90000
|
heap
|
page read and write
|
||
|
38767F000
|
stack
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
A2302FB000
|
stack
|
page read and write
|
||
|
7FFFEFB50000
|
unkown
|
page readonly
|
||
|
A23007F000
|
stack
|
page read and write
|
||
|
950000
|
direct allocation
|
page execute and read and write
|
||
|
9B330FC000
|
stack
|
page read and write
|
||
|
207408E0000
|
trusted library allocation
|
page read and write
|
||
|
2073B229000
|
heap
|
page read and write
|
||
|
22323850000
|
heap
|
page read and write
|
||
|
1FDB8B50000
|
heap
|
page read and write
|
||
|
2073AFB0000
|
heap
|
page read and write
|
||
|
21D80644000
|
heap
|
page read and write
|
||
|
219B8800000
|
trusted library allocation
|
page read and write
|
||
|
207407D0000
|
trusted library allocation
|
page read and write
|
||
|
21D80631000
|
heap
|
page read and write
|
||
|
10D7000
|
heap
|
page read and write
|
||
|
2073B010000
|
heap
|
page read and write
|
||
|
2073B302000
|
heap
|
page read and write
|
||
|
20740AF3000
|
heap
|
page read and write
|
||
|
23AEB595000
|
heap
|
page read and write
|
||
|
20740910000
|
remote allocation
|
page read and write
|
||
|
12E0000
|
heap
|
page read and write
|
||
|
3C89AFF000
|
stack
|
page read and write
|
||
|
21D80642000
|
heap
|
page read and write
|
||
|
20740AD5000
|
heap
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
1F8E6029000
|
heap
|
page read and write
|
||
|
235E0B80000
|
trusted library allocation
|
page read and write
|
||
|
235E0D13000
|
heap
|
page read and write
|
||
|
1FFB2828000
|
heap
|
page read and write
|
||
|
223234D0000
|
heap
|
page read and write
|
||
|
1FFB2900000
|
heap
|
page read and write
|
||
|
21D80410000
|
heap
|
page read and write
|
||
|
21D80613000
|
heap
|
page read and write
|
||
|
21D8067F000
|
heap
|
page read and write
|
||
|
1FFB2813000
|
heap
|
page read and write
|
||
|
20740910000
|
remote allocation
|
page read and write
|
||
|
20BB2070000
|
remote allocation
|
page read and write
|
||
|
20740690000
|
trusted library allocation
|
page read and write
|
||
|
223234F2000
|
heap
|
page read and write
|
||
|
10CF000
|
heap
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
1F8E5EA0000
|
heap
|
page read and write
|
||
|
10C8000
|
heap
|
page read and write
|
||
|
309D000
|
stack
|
page read and write
|
||
|
20BB17E0000
|
trusted library allocation
|
page read and write
|
||
|
3FDF9FB000
|
stack
|
page read and write
|
||
|
2073BB18000
|
heap
|
page read and write
|
||
|
21D80660000
|
heap
|
page read and write
|
||
|
3FE00FB000
|
stack
|
page read and write
|
||
|
9B32DFB000
|
stack
|
page read and write
|
||
|
7FFFEFBA6000
|
unkown
|
page read and write
|
||
|
20740AED000
|
heap
|
page read and write
|
||
|
219B6A90000
|
heap
|
page read and write
|
||
|
2073B291000
|
heap
|
page read and write
|
||
|
1A1B07E0000
|
heap
|
page read and write
|
||
|
CFF347C000
|
stack
|
page read and write
|
||
|
23AEB7BD000
|
heap
|
page read and write
|
||
|
21D80657000
|
heap
|
page read and write
|
||
|
1A1B06B0000
|
trusted library allocation
|
page read and write
|
||
|
1FFB3002000
|
trusted library allocation
|
page read and write
|
||
|
1DECEA29000
|
heap
|
page read and write
|
||
|
8F6947F000
|
stack
|
page read and write
|
||
|
1C180EE0000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
1C180F51000
|
heap
|
page read and write
|
||
|
2073BB02000
|
heap
|
page read and write
|
||
|
1FFB2913000
|
heap
|
page read and write
|
||
|
1A1B1750000
|
trusted library allocation
|
page read and write
|
||
|
20740A4C000
|
heap
|
page read and write
|
||
|
1FDB8D00000
|
heap
|
page read and write
|
||
|
20BB182A000
|
heap
|
page read and write
|
||
|
2BC0000
|
remote allocation
|
page read and write
|
||
|
1FFB2871000
|
heap
|
page read and write
|
||
|
21D80645000
|
heap
|
page read and write
|
||
|
643E0FD000
|
stack
|
page read and write
|
||
|
1FFB2879000
|
heap
|
page read and write
|
||
|
21D80665000
|
heap
|
page read and write
|
||
|
219B6C76000
|
heap
|
page read and write
|
||
|
9A4000
|
heap
|
page read and write
|
||
|
2073BA15000
|
heap
|
page read and write
|
||
|
20BB185B000
|
heap
|
page read and write
|
||
|
219B6C00000
|
heap
|
page read and write
|
||
|
3C895FD000
|
stack
|
page read and write
|
||
|
20740880000
|
trusted library allocation
|
page read and write
|
||
|
21D80580000
|
trusted library allocation
|
page read and write
|
||
|
1A1B0890000
|
trusted library allocation
|
page read and write
|
||
|
21D80661000
|
heap
|
page read and write
|
||
|
2F9F000
|
stack
|
page read and write
|
||
|
AA59CFE000
|
stack
|
page read and write
|
||
|
DD0000
|
remote allocation
|
page read and write
|
||
|
1082000
|
heap
|
page read and write
|
||
|
1A1B0BD0000
|
trusted library allocation
|
page read and write
|
||
|
8F6A27E000
|
stack
|
page read and write
|
||
|
1DC68FE000
|
stack
|
page read and write
|
||
|
2073BA02000
|
heap
|
page read and write
|
||
|
8AD707F000
|
stack
|
page read and write
|
||
|
1A1B091D000
|
heap
|
page read and write
|
||
|
8F69A7A000
|
stack
|
page read and write
|
||
|
10AD000
|
heap
|
page read and write
|
||
|
38747E000
|
stack
|
page read and write
|
||
|
1C182B30000
|
heap
|
page read and write
|
||
|
A2300FF000
|
stack
|
page read and write
|
||
|
1A1B0BC5000
|
heap
|
page read and write
|
||
|
1F8E6113000
|
heap
|
page read and write
|
||
|
CFF3BFC000
|
stack
|
page read and write
|
There are 540 hidden memdumps, click here to show them.