Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
yIF7nMz573.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\62eca45584\bguuwe.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\425620883392
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024,
frames 3
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\110809d565579c\cred.dll
|
HTML document, ASCII text
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\yIF7nMz573.exe
|
"C:\Users\user\Desktop\yIF7nMz573.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\62eca45584\bguuwe.exe
|
"C:\Users\user\AppData\Local\Temp\62eca45584\bguuwe.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN bguuwe.exe /TR "C:\Users\user\AppData\Local\Temp\62eca45584\bguuwe.exe"
/F
|
|
|
|
C:\Windows\SysWOW64\reg.exe
|
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\62eca45584\
|
|
|
|
C:\Users\user\AppData\Local\Temp\62eca45584\bguuwe.exe
|
C:\Users\user\AppData\Local\Temp\62eca45584\bguuwe.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\62eca45584\bguuwe.exe
|
C:\Users\user\AppData\Local\Temp\62eca45584\bguuwe.exe
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /C REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v
Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\62eca45584\
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://185.215.113.15/Lkb2dxj3/cred.dll
|
185.215.113.15
|
|
|
|
http://185.215.113.15/Lkb2dxj3/index.php?scr=1
|
185.215.113.15
|
|
|
|
http://185.215.113.15/Lkb2dxj3/index.php
|
185.215.113.15
|
|
|
|
185.215.113.15/Lkb2dxj3/index.php
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.215.113.15
|
unknown
|
Portugal
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
|
Startup
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
433000
|
unkown
|
page write copy
|
||
|
270E000
|
stack
|
page read and write
|
||
|
171CB400000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
22ABAD13000
|
heap
|
page read and write
|
||
|
1D952A70000
|
trusted library allocation
|
page read and write
|
||
|
22ABAC02000
|
heap
|
page read and write
|
||
|
1B1CBD08000
|
heap
|
page read and write
|
||
|
48C6000
|
trusted library allocation
|
page read and write
|
||
|
171CB450000
|
heap
|
page read and write
|
||
|
36DA000
|
heap
|
page read and write
|
||
|
1E1E5487000
|
heap
|
page read and write
|
||
|
1B0000
|
remote allocation
|
page read and write
|
||
|
2A114E00000
|
trusted library allocation
|
page read and write
|
||
|
1E1E54CC000
|
heap
|
page read and write
|
||
|
312E000
|
stack
|
page read and write
|
||
|
30AF000
|
stack
|
page read and write
|
||
|
2A113A92000
|
heap
|
page read and write
|
||
|
2A118E10000
|
trusted library allocation
|
page read and write
|
||
|
4FDF000
|
trusted library allocation
|
page read and write
|
||
|
108F000
|
stack
|
page read and write
|
||
|
403A000
|
heap
|
page read and write
|
||
|
2A118FA0000
|
trusted library allocation
|
page read and write
|
||
|
198000
|
stack
|
page read and write
|
||
|
367A000
|
heap
|
page read and write
|
||
|
22ABAD02000
|
heap
|
page read and write
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
1B1CBC82000
|
heap
|
page read and write
|
||
|
2A114300000
|
heap
|
page read and write
|
||
|
43C1000
|
trusted library allocation
|
page read and write
|
||
|
6D8DA7F000
|
stack
|
page read and write
|
||
|
2A119015000
|
heap
|
page read and write
|
||
|
B48000
|
unkown
|
page readonly
|
||
|
1B1CBD13000
|
heap
|
page read and write
|
||
|
316E000
|
stack
|
page read and write
|
||
|
1B1CBC5E000
|
heap
|
page read and write
|
||
|
2A1141D0000
|
trusted library section
|
page readonly
|
||
|
30000
|
heap
|
page read and write
|
||
|
E70000
|
heap
|
page read and write
|
||
|
2A113A8D000
|
heap
|
page read and write
|
||
|
1D952413000
|
heap
|
page read and write
|
||
|
1B1CBC00000
|
heap
|
page read and write
|
||
|
FFB0BB000
|
stack
|
page read and write
|
||
|
1100000
|
heap
|
page read and write
|
||
|
404A000
|
heap
|
page read and write
|
||
|
433000
|
unkown
|
page write copy
|
||
|
2A118E00000
|
trusted library allocation
|
page read and write
|
||
|
5EC377E000
|
stack
|
page read and write
|
||
|
2220E065000
|
heap
|
page read and write
|
||
|
C5E000
|
stack
|
page read and write
|
||
|
2A118FE0000
|
trusted library allocation
|
page read and write
|
||
|
2220E802000
|
trusted library allocation
|
page read and write
|
||
|
171CB442000
|
heap
|
page read and write
|
||
|
2A113AFD000
|
heap
|
page read and write
|
||
|
280F000
|
stack
|
page read and write
|
||
|
1B1CBC13000
|
heap
|
page read and write
|
||
|
3360000
|
heap
|
page read and write
|
||
|
9D000
|
stack
|
page read and write
|
||
|
B48000
|
unkown
|
page readonly
|
||
|
22ABABD0000
|
trusted library allocation
|
page read and write
|
||
|
1D952429000
|
heap
|
page read and write
|
||
|
2A113A79000
|
heap
|
page read and write
|
||
|
36EA000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1B1CBD00000
|
heap
|
page read and write
|
||
|
22ABAC00000
|
heap
|
page read and write
|
||
|
36D0000
|
heap
|
page read and write
|
||
|
36BA000
|
heap
|
page read and write
|
||
|
35AE000
|
stack
|
page read and write
|
||
|
2A114358000
|
heap
|
page read and write
|
||
|
305D000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2A113A3D000
|
heap
|
page read and write
|
||
|
2A119087000
|
heap
|
page read and write
|
||
|
E7E000
|
stack
|
page read and write
|
||
|
1F0000
|
trusted library allocation
|
page read and write
|
||
|
48C9000
|
trusted library allocation
|
page read and write
|
||
|
171CB46D000
|
heap
|
page read and write
|
||
|
205FD909000
|
heap
|
page read and write
|
||
|
1B0000
|
remote allocation
|
page read and write
|
||
|
277457F000
|
stack
|
page read and write
|
||
|
1D952310000
|
heap
|
page read and write
|
||
|
CA0000
|
direct allocation
|
page execute and read and write
|
||
|
2A113A13000
|
heap
|
page read and write
|
||
|
2A119000000
|
heap
|
page read and write
|
||
|
E90000
|
heap
|
page read and write
|
||
|
36E0000
|
heap
|
page read and write
|
||
|
2A118E80000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
4030000
|
heap
|
page read and write
|
||
|
1B1CBB50000
|
trusted library allocation
|
page read and write
|
||
|
171CB2C0000
|
heap
|
page read and write
|
||
|
1B1CBC55000
|
heap
|
page read and write
|
||
|
48C6000
|
trusted library allocation
|
page read and write
|
||
|
690F8FE000
|
stack
|
page read and write
|
||
|
2680000
|
direct allocation
|
page read and write
|
||
|
B48000
|
unkown
|
page readonly
|
||
|
1D952AA0000
|
remote allocation
|
page read and write
|
||
|
1E1E54E1000
|
heap
|
page read and write
|
||
|
DC0000
|
direct allocation
|
page execute and read and write
|
||
|
2220E06A000
|
heap
|
page read and write
|
||
|
B43000
|
unkown
|
page read and write
|
||
|
433000
|
unkown
|
page write copy
|
||
|
2A114202000
|
heap
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
455000
|
unkown
|
page read and write
|
||
|
EEF000
|
heap
|
page read and write
|
||
|
1D952502000
|
heap
|
page read and write
|
||
|
332E000
|
stack
|
page read and write
|
||
|
443000
|
unkown
|
page execute and read and write
|
||
|
2A119300000
|
remote allocation
|
page read and write
|
||
|
2220E056000
|
heap
|
page read and write
|
||
|
433000
|
unkown
|
page write copy
|
||
|
400000
|
unkown
|
page readonly
|
||
|
5EC32AB000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
30000
|
heap
|
page read and write
|
||
|
22ABABA0000
|
heap
|
page read and write
|
||
|
205FD874000
|
heap
|
page read and write
|
||
|
690F7FE000
|
stack
|
page read and write
|
||
|
2A1141F3000
|
trusted library allocation
|
page read and write
|
||
|
40A0000
|
heap
|
page read and write
|
||
|
2980000
|
heap
|
page read and write
|
||
|
171CB44A000
|
heap
|
page read and write
|
||
|
48CC000
|
trusted library allocation
|
page read and write
|
||
|
5EC3B7D000
|
stack
|
page read and write
|
||
|
171CB47C000
|
heap
|
page read and write
|
||
|
6D8D47C000
|
stack
|
page read and write
|
||
|
32CF000
|
stack
|
page read and write
|
||
|
2A119270000
|
trusted library allocation
|
page read and write
|
||
|
1E1E546E000
|
heap
|
page read and write
|
||
|
2A1190D9000
|
heap
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
2A113A00000
|
heap
|
page read and write
|
||
|
2220E100000
|
heap
|
page read and write
|
||
|
2A1192C0000
|
trusted library allocation
|
page read and write
|
||
|
443000
|
unkown
|
page execute and read and write
|
||
|
356F000
|
stack
|
page read and write
|
||
|
DA09A7A000
|
stack
|
page read and write
|
||
|
171CBC02000
|
trusted library allocation
|
page read and write
|
||
|
C86000
|
heap
|
page read and write
|
||
|
205FD869000
|
heap
|
page read and write
|
||
|
31B0000
|
heap
|
page read and write
|
||
|
2A1190F8000
|
heap
|
page read and write
|
||
|
205FD813000
|
heap
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
205FD630000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
EC4000
|
heap
|
page read and write
|
||
|
3D7A000
|
heap
|
page read and write
|
||
|
48C4000
|
trusted library allocation
|
page read and write
|
||
|
14B8EFC000
|
stack
|
page read and write
|
||
|
14B907B000
|
stack
|
page read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
DA0947B000
|
stack
|
page read and write
|
||
|
6D8D37F000
|
stack
|
page read and write
|
||
|
DA09D7F000
|
stack
|
page read and write
|
||
|
1D952400000
|
heap
|
page read and write
|
||
|
FFB67E000
|
stack
|
page read and write
|
||
|
2A1138E0000
|
heap
|
page read and write
|
||
|
22ABB402000
|
trusted library allocation
|
page read and write
|
||
|
433000
|
unkown
|
page write copy
|
||
|
ABDF2FA000
|
stack
|
page read and write
|
||
|
1D952455000
|
heap
|
page read and write
|
||
|
277467F000
|
stack
|
page read and write
|
||
|
2A113A9E000
|
heap
|
page read and write
|
||
|
2A113A77000
|
heap
|
page read and write
|
||
|
4040000
|
heap
|
page read and write
|
||
|
2A1192B0000
|
trusted library allocation
|
page read and write
|
||
|
171CB439000
|
heap
|
page read and write
|
||
|
2220DF60000
|
heap
|
page read and write
|
||
|
1E1E5390000
|
trusted library allocation
|
page read and write
|
||
|
2E6E000
|
stack
|
page read and write
|
||
|
2A113A29000
|
heap
|
page read and write
|
||
|
ABDF0FE000
|
stack
|
page read and write
|
||
|
1B1CBC6E000
|
heap
|
page read and write
|
||
|
2A1190E9000
|
heap
|
page read and write
|
||
|
35F0000
|
heap
|
page read and write
|
||
|
2A119200000
|
trusted library allocation
|
page read and write
|
||
|
B48000
|
unkown
|
page readonly
|
||
|
ABDF4FF000
|
stack
|
page read and write
|
||
|
DA0977C000
|
stack
|
page read and write
|
||
|
171CB447000
|
heap
|
page read and write
|
||
|
D05000
|
heap
|
page read and write
|
||
|
205FE002000
|
trusted library allocation
|
page read and write
|
||
|
171CB430000
|
heap
|
page read and write
|
||
|
36B0000
|
heap
|
page read and write
|
||
|
2A118FB0000
|
trusted library allocation
|
page read and write
|
||
|
2A119300000
|
remote allocation
|
page read and write
|
||
|
346E000
|
stack
|
page read and write
|
||
|
40AA000
|
heap
|
page read and write
|
||
|
2A1141F0000
|
trusted library allocation
|
page read and write
|
||
|
1E1E54E9000
|
heap
|
page read and write
|
||
|
2A114318000
|
heap
|
page read and write
|
||
|
171CB452000
|
heap
|
page read and write
|
||
|
404A000
|
heap
|
page read and write
|
||
|
205FD854000
|
heap
|
page read and write
|
||
|
1B1CB9E0000
|
heap
|
page read and write
|
||
|
1B1CBA50000
|
heap
|
page read and write
|
||
|
1D952402000
|
heap
|
page read and write
|
||
|
35FA000
|
heap
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
2A113A74000
|
heap
|
page read and write
|
||
|
2A119102000
|
heap
|
page read and write
|
||
|
1D952AA0000
|
remote allocation
|
page read and write
|
||
|
2A119208000
|
trusted library allocation
|
page read and write
|
||
|
2A118FB0000
|
trusted library allocation
|
page read and write
|
||
|
36AC000
|
stack
|
page read and write
|
||
|
455000
|
unkown
|
page read and write
|
||
|
1F0000
|
trusted library allocation
|
page read and write
|
||
|
36B0000
|
heap
|
page read and write
|
||
|
3640000
|
heap
|
page read and write
|
||
|
277407E000
|
stack
|
page read and write
|
||
|
6D8D87F000
|
stack
|
page read and write
|
||
|
B48000
|
unkown
|
page readonly
|
||
|
10D0000
|
heap
|
page read and write
|
||
|
EE2000
|
heap
|
page read and write
|
||
|
205FD902000
|
heap
|
page read and write
|
||
|
2A114318000
|
heap
|
page read and write
|
||
|
4040000
|
heap
|
page read and write
|
||
|
27741FB000
|
stack
|
page read and write
|
||
|
2A118FA0000
|
trusted library allocation
|
page read and write
|
||
|
409A000
|
heap
|
page read and write
|
||
|
1B1CC402000
|
trusted library allocation
|
page read and write
|
||
|
1D952AA0000
|
remote allocation
|
page read and write
|
||
|
2220E000000
|
heap
|
page read and write
|
||
|
1B1CBD02000
|
heap
|
page read and write
|
||
|
171CB43E000
|
heap
|
page read and write
|
||
|
1D95243D000
|
heap
|
page read and write
|
||
|
DA09DFE000
|
stack
|
page read and write
|
||
|
2A118FD0000
|
trusted library allocation
|
page read and write
|
||
|
2A114215000
|
heap
|
page read and write
|
||
|
32D0000
|
trusted library allocation
|
page read and write
|
||
|
171CB3C0000
|
trusted library allocation
|
page read and write
|
||
|
2880000
|
heap
|
page read and write
|
||
|
1B1CBC78000
|
heap
|
page read and write
|
||
|
205FD640000
|
heap
|
page read and write
|
||
|
1010000
|
direct allocation
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
2A114313000
|
heap
|
page read and write
|
||
|
277437B000
|
stack
|
page read and write
|
||
|
6D8D97F000
|
stack
|
page read and write
|
||
|
1E1E5D00000
|
heap
|
page read and write
|
||
|
2A1139E1000
|
trusted library allocation
|
page read and write
|
||
|
2A119061000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
447000
|
unkown
|
page write copy
|
||
|
14B8D7F000
|
stack
|
page read and write
|
||
|
447000
|
unkown
|
page write copy
|
||
|
14B87DB000
|
stack
|
page read and write
|
||
|
1D9522B0000
|
heap
|
page read and write
|
||
|
22ABAC41000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
2A1141B0000
|
trusted library section
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
100F000
|
stack
|
page read and write
|
||
|
22ABAC29000
|
heap
|
page read and write
|
||
|
48C0000
|
trusted library allocation
|
page read and write
|
||
|
48C1000
|
trusted library allocation
|
page read and write
|
||
|
2A114190000
|
trusted library section
|
page readonly
|
||
|
EBA000
|
heap
|
page read and write
|
||
|
6D8D1FB000
|
stack
|
page read and write
|
||
|
5EC3A7F000
|
stack
|
page read and write
|
||
|
2A1190F7000
|
heap
|
page read and write
|
||
|
171CB413000
|
heap
|
page read and write
|
||
|
B48000
|
unkown
|
page readonly
|
||
|
397A000
|
heap
|
page read and write
|
||
|
DAF000
|
stack
|
page read and write
|
||
|
4050000
|
heap
|
page read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
171CB46F000
|
heap
|
page read and write
|
||
|
205FD924000
|
heap
|
page read and write
|
||
|
2220E040000
|
heap
|
page read and write
|
||
|
6D8D77E000
|
stack
|
page read and write
|
||
|
ABDF07F000
|
stack
|
page read and write
|
||
|
171CB480000
|
heap
|
page read and write
|
||
|
ABDED8C000
|
stack
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
2220E029000
|
heap
|
page read and write
|
||
|
14B917E000
|
stack
|
page read and write
|
||
|
C9E000
|
stack
|
page read and write
|
||
|
48CF000
|
trusted library allocation
|
page read and write
|
||
|
1E1E5230000
|
heap
|
page read and write
|
||
|
2A11902E000
|
heap
|
page read and write
|
||
|
1E1E54BF000
|
heap
|
page read and write
|
||
|
2220E07B000
|
heap
|
page read and write
|
||
|
1E1E5290000
|
heap
|
page read and write
|
||
|
B43000
|
unkown
|
page read and write
|
||
|
433000
|
unkown
|
page write copy
|
||
|
EA1000
|
heap
|
page execute and read and write
|
||
|
E7A000
|
heap
|
page read and write
|
||
|
E0F000
|
stack
|
page read and write
|
||
|
2A11904A000
|
heap
|
page read and write
|
||
|
2A1149E0000
|
trusted library allocation
|
page read and write
|
||
|
2220E002000
|
heap
|
page read and write
|
||
|
1D952426000
|
heap
|
page read and write
|
||
|
5EC37FE000
|
stack
|
page read and write
|
||
|
ABDF5FD000
|
stack
|
page read and write
|
||
|
205FD878000
|
heap
|
page read and write
|
||
|
2A113A57000
|
heap
|
page read and write
|
||
|
171CB44D000
|
heap
|
page read and write
|
||
|
48C7000
|
trusted library allocation
|
page read and write
|
||
|
14B927F000
|
stack
|
page read and write
|
||
|
1E1E5400000
|
heap
|
page read and write
|
||
|
B48000
|
unkown
|
page readonly
|
||
|
ABDF3F7000
|
stack
|
page read and write
|
||
|
2774477000
|
stack
|
page read and write
|
||
|
2A1141E0000
|
trusted library section
|
page readonly
|
||
|
2220DFD0000
|
heap
|
page read and write
|
||
|
443000
|
unkown
|
page execute and read and write
|
||
|
35DA000
|
heap
|
page read and write
|
||
|
2A119100000
|
heap
|
page read and write
|
||
|
48C9000
|
trusted library allocation
|
page read and write
|
||
|
14B8BFC000
|
stack
|
page read and write
|
||
|
FFB87E000
|
stack
|
page read and write
|
||
|
22ABAC13000
|
heap
|
page read and write
|
||
|
2A1190EF000
|
heap
|
page read and write
|
||
|
455000
|
unkown
|
page read and write
|
||
|
E3D000
|
heap
|
page read and write
|
||
|
171CB449000
|
heap
|
page read and write
|
||
|
342F000
|
stack
|
page read and write
|
||
|
2A119221000
|
trusted library allocation
|
page read and write
|
||
|
36D0000
|
heap
|
page read and write
|
||
|
C98000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
DA0987A000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
22ABAC5B000
|
heap
|
page read and write
|
||
|
3970000
|
heap
|
page read and write
|
||
|
2A113A5A000
|
heap
|
page read and write
|
||
|
1E1E5220000
|
heap
|
page read and write
|
||
|
22ABAB40000
|
heap
|
page read and write
|
||
|
E36000
|
heap
|
page read and write
|
||
|
C83000
|
heap
|
page read and write
|
||
|
2A119224000
|
trusted library allocation
|
page read and write
|
||
|
690F6FE000
|
stack
|
page read and write
|
||
|
2A11920E000
|
trusted library allocation
|
page read and write
|
||
|
BC6000
|
heap
|
page read and write
|
||
|
48C1000
|
trusted library allocation
|
page read and write
|
||
|
5EC38FF000
|
stack
|
page read and write
|
||
|
3D70000
|
heap
|
page read and write
|
||
|
205FD87C000
|
heap
|
page read and write
|
||
|
1E1E54C4000
|
heap
|
page read and write
|
||
|
433000
|
unkown
|
page write copy
|
||
|
400000
|
unkown
|
page readonly
|
||
|
205FD87A000
|
heap
|
page read and write
|
||
|
205FD900000
|
heap
|
page read and write
|
||
|
171CB441000
|
heap
|
page read and write
|
||
|
26C0000
|
heap
|
page read and write
|
||
|
171CB448000
|
heap
|
page read and write
|
||
|
2A1141C0000
|
trusted library section
|
page readonly
|
||
|
2A113A8B000
|
heap
|
page read and write
|
||
|
14B8FFD000
|
stack
|
page read and write
|
||
|
6D8DB7E000
|
stack
|
page read and write
|
||
|
ABDF1FB000
|
stack
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
22ABAB30000
|
heap
|
page read and write
|
||
|
FFB1BE000
|
stack
|
page read and write
|
||
|
205FD6A0000
|
heap
|
page read and write
|
||
|
6D8D67E000
|
stack
|
page read and write
|
||
|
2A1138D0000
|
heap
|
page read and write
|
||
|
E40000
|
direct allocation
|
page read and write
|
||
|
1E1E5513000
|
heap
|
page read and write
|
||
|
B48000
|
unkown
|
page readonly
|
||
|
1B1CBC3C000
|
heap
|
page read and write
|
||
|
205FD7A0000
|
trusted library allocation
|
page read and write
|
||
|
2A113940000
|
heap
|
page read and write
|
||
|
DA09678000
|
stack
|
page read and write
|
||
|
9D000
|
stack
|
page read and write
|
||
|
171CB429000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
BCC000
|
heap
|
page read and write
|
||
|
277427E000
|
stack
|
page read and write
|
||
|
171CB260000
|
heap
|
page read and write
|
||
|
1E1E542A000
|
heap
|
page read and write
|
||
|
1E1E5C02000
|
heap
|
page read and write
|
||
|
E6A000
|
heap
|
page read and write
|
||
|
1E1E543E000
|
heap
|
page read and write
|
||
|
1D95245C000
|
heap
|
page read and write
|
||
|
DA09C7F000
|
stack
|
page read and write
|
||
|
2A113970000
|
trusted library allocation
|
page read and write
|
||
|
309C000
|
stack
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
3368000
|
heap
|
page read and write
|
||
|
36BA000
|
heap
|
page read and write
|
||
|
2A119300000
|
remote allocation
|
page read and write
|
||
|
2A1190DE000
|
heap
|
page read and write
|
||
|
205FD829000
|
heap
|
page read and write
|
||
|
2A114200000
|
heap
|
page read and write
|
||
|
2A113B02000
|
heap
|
page read and write
|
||
|
2A113980000
|
trusted library section
|
page read and write
|
||
|
48C9000
|
trusted library allocation
|
page read and write
|
||
|
F10000
|
direct allocation
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
292F000
|
stack
|
page read and write
|
||
|
2A1192D0000
|
trusted library allocation
|
page read and write
|
||
|
1B1CBC29000
|
heap
|
page read and write
|
||
|
DA09CFF000
|
stack
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
DA0997E000
|
stack
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
48C0000
|
trusted library allocation
|
page read and write
|
||
|
2950000
|
heap
|
page read and write
|
||
|
2A118FD0000
|
trusted library allocation
|
page read and write
|
||
|
DA0A0FF000
|
stack
|
page read and write
|
||
|
171CB250000
|
heap
|
page read and write
|
||
|
2A20000
|
heap
|
page read and write
|
||
|
31EE000
|
stack
|
page read and write
|
||
|
455000
|
unkown
|
page read and write
|
||
|
171CB466000
|
heap
|
page read and write
|
||
|
1B1CBC64000
|
heap
|
page read and write
|
||
|
2A11903D000
|
heap
|
page read and write
|
||
|
5EC39FD000
|
stack
|
page read and write
|
||
|
BA4000
|
heap
|
page execute and read and write
|
||
|
1E1E5502000
|
heap
|
page read and write
|
||
|
171CB446000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
171CB468000
|
heap
|
page read and write
|
||
|
CB0000
|
direct allocation
|
page execute and read and write
|
||
|
171CB502000
|
heap
|
page read and write
|
||
|
2A1192E0000
|
trusted library allocation
|
page read and write
|
||
|
2A11A000000
|
heap
|
page read and write
|
||
|
35D0000
|
heap
|
page read and write
|
||
|
B48000
|
unkown
|
page readonly
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
1F0000
|
trusted library allocation
|
page read and write
|
||
|
2A1190F3000
|
heap
|
page read and write
|
||
|
22ABAC68000
|
heap
|
page read and write
|
||
|
36DA000
|
heap
|
page read and write
|
||
|
E14000
|
heap
|
page execute and read and write
|
||
|
22ABAC6D000
|
heap
|
page read and write
|
||
|
171CB445000
|
heap
|
page read and write
|
||
|
2220E113000
|
heap
|
page read and write
|
||
|
2A113A6F000
|
heap
|
page read and write
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
2A118E90000
|
trusted library allocation
|
page read and write
|
||
|
F1A000
|
heap
|
page read and write
|
||
|
14B947F000
|
stack
|
page read and write
|
||
|
2220E730000
|
trusted library allocation
|
page read and write
|
||
|
690F0EC000
|
stack
|
page read and write
|
||
|
2773DFB000
|
stack
|
page read and write
|
||
|
E9A000
|
heap
|
page read and write
|
||
|
405A000
|
heap
|
page read and write
|
||
|
2220E013000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
1D952C02000
|
trusted library allocation
|
page read and write
|
||
|
C5E000
|
stack
|
page read and write
|
||
|
48CC000
|
trusted library allocation
|
page read and write
|
||
|
1B1CBC6E000
|
heap
|
page read and write
|
||
|
205FD913000
|
heap
|
page read and write
|
||
|
FFB13E000
|
stack
|
page read and write
|
||
|
1B1CB9F0000
|
heap
|
page read and write
|
||
|
2A1190AF000
|
heap
|
page read and write
|
||
|
B48000
|
unkown
|
page readonly
|
||
|
1B0000
|
remote allocation
|
page read and write
|
||
|
690F5FB000
|
stack
|
page read and write
|
||
|
14B8E7F000
|
stack
|
page read and write
|
||
|
171CB44C000
|
heap
|
page read and write
|
||
|
43C7000
|
trusted library allocation
|
page read and write
|
||
|
2A118FE4000
|
trusted library allocation
|
page read and write
|
||
|
205FD800000
|
heap
|
page read and write
|
||
|
27740FE000
|
stack
|
page read and write
|
||
|
171CB451000
|
heap
|
page read and write
|
||
|
2A113B13000
|
heap
|
page read and write
|
||
|
5EC367F000
|
stack
|
page read and write
|
||
|
171CB47D000
|
heap
|
page read and write
|
||
|
1E1E5413000
|
heap
|
page read and write
|
||
|
447000
|
unkown
|
page write copy
|
||
|
2A119020000
|
heap
|
page read and write
|
||
|
171CB486000
|
heap
|
page read and write
|
||
|
2220DF70000
|
heap
|
page read and write
|
||
|
FFB77F000
|
stack
|
page read and write
|
||
|
6D8D57F000
|
stack
|
page read and write
|
||
|
32EF000
|
stack
|
page read and write
|
||
|
4090000
|
heap
|
page read and write
|
||
|
6D8CDBB000
|
stack
|
page read and write
|
||
|
205FD83C000
|
heap
|
page read and write
|
||
|
5EC3C7D000
|
stack
|
page read and write
|
||
|
48C9000
|
trusted library allocation
|
page read and write
|
||
|
171CB479000
|
heap
|
page read and write
|
||
|
C9E000
|
stack
|
page read and write
|
||
|
22ABAC75000
|
heap
|
page read and write
|
||
|
2FAE000
|
stack
|
page read and write
|
||
|
14B937C000
|
stack
|
page read and write
|
||
|
2A1141A0000
|
trusted library section
|
page readonly
|
||
|
DA09EFE000
|
stack
|
page read and write
|
||
|
3670000
|
heap
|
page read and write
|
||
|
48C6000
|
trusted library allocation
|
page read and write
|
||
|
DA09E7E000
|
stack
|
page read and write
|
||
|
B8E000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2A1190AB000
|
heap
|
page read and write
|
||
|
1D9522A0000
|
heap
|
page read and write
|
||
|
171CB44E000
|
heap
|
page read and write
|
||
|
B43000
|
unkown
|
page read and write
|
||
|
2A114302000
|
heap
|
page read and write
|
||
|
1E1E54BC000
|
heap
|
page read and write
|
||
|
31AE000
|
stack
|
page read and write
|
||
|
171CB443000
|
heap
|
page read and write
|
||
|
2220E102000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2A113AB2000
|
heap
|
page read and write
|
||
|
48CE000
|
trusted library allocation
|
page read and write
|
||
|
FFB57E000
|
stack
|
page read and write
|
||
|
2F6F000
|
stack
|
page read and write
|
||
|
ECF000
|
stack
|
page read and write
|
||
|
DA09B7B000
|
stack
|
page read and write
|
||
|
ABDF67E000
|
stack
|
page read and write
|
||
|
171CB46B000
|
heap
|
page read and write
|
There are 499 hidden memdumps, click here to show them.