Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
gI5xZdIxUs.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\Microsoft\isqmkp.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\414045e2d09286d5db2581e0d955d358_d06ed635-68f6-4e9a-955c-4899f5f57b9a
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\gI5xZdIxUs.exe
|
"C:\Users\user\Desktop\gI5xZdIxUs.exe"
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup nomoreransom.coin dns1.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup nomoreransom.bit dns1.soprodns.ru
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\isqmkp.exe
|
"C:\Users\user\AppData\Roaming\Microsoft\isqmkp.exe"
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup gandcrab.bit dns2.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup nomoreransom.coin dns2.soprodns.ru
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\isqmkp.exe
|
"C:\Users\user\AppData\Roaming\Microsoft\isqmkp.exe"
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup nomoreransom.bit dns2.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup gandcrab.bit dns1.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup nomoreransom.coin dns1.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup nomoreransom.bit dns1.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup gandcrab.bit dns2.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup nomoreransom.coin dns2.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup nomoreransom.bit dns2.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup gandcrab.bit dns1.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup nomoreransom.coin dns1.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup nomoreransom.bit dns1.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup gandcrab.bit dns2.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup nomoreransom.coin dns2.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup nomoreransom.bit dns2.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup gandcrab.bit dns1.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup nomoreransom.coin dns1.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup nomoreransom.bit dns1.soprodns.ru
|
|
|
|
C:\Windows\SysWOW64\nslookup.exe
|
nslookup gandcrab.bit dns2.soprodns.ru
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 35 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://gdcbghvjyqy7jclk.onion/3a23db8448d3b2b
|
unknown
|
|
|
|
http://ipv4bot.whatismyipaddress.com/a
|
unknown
|
||
|
https://www.torproject.org/
|
unknown
|
||
|
http://ipv4bot.whatismyipaddress.com/4
|
unknown
|
||
|
http://ipv4bot.whatismyipaddress.com/
|
unknown
|
||
|
https://tox.chat/download.html
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
nomoreransom.coin
|
unknown
|
|
|
|
nomoreransom.bit
|
unknown
|
|
|
|
gandcrab.bit
|
unknown
|
|
|
|
dns1.soprodns.ru
|
unknown
|
|
|
|
dns2.soprodns.ru
|
unknown
|
|
|
|
ipv4bot.whatismyipaddress.com
|
unknown
|
||
|
8.8.8.8.in-addr.arpa
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
|
bwduumgtptl
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
F9DA000
|
unkown
|
page readonly
|
|
|
|
F9DA000
|
unkown
|
page readonly
|
|
|
|
F9E2000
|
unkown
|
page write copy
|
|
|
|
FC6A000
|
unkown
|
page readonly
|
|
|
|
F9DA000
|
unkown
|
page readonly
|
|
|
|
F9DA000
|
unkown
|
page readonly
|
|
|
|
FC6A000
|
unkown
|
page readonly
|
|
|
|
F9E2000
|
unkown
|
page write copy
|
|
|
|
F9E2000
|
unkown
|
page write copy
|
|
|
|
F9E2000
|
unkown
|
page write copy
|
|
|
|
FC72000
|
unkown
|
page read and write
|
|
|
|
FC72000
|
unkown
|
page write copy
|
|
|
|
1CB2D813000
|
heap
|
page read and write
|
||
|
1CB2D857000
|
heap
|
page read and write
|
||
|
1EA29502000
|
heap
|
page read and write
|
||
|
5F0000
|
direct allocation
|
page read and write
|
||
|
CF7000
|
heap
|
page read and write
|
||
|
4F0000
|
direct allocation
|
page read and write
|
||
|
AC4000
|
heap
|
page read and write
|
||
|
19C4B88A000
|
heap
|
page read and write
|
||
|
26E26252000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
274E000
|
stack
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
1CB2D863000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
5E0000
|
direct allocation
|
page read and write
|
||
|
FC74000
|
unkown
|
page readonly
|
||
|
26824A3C000
|
heap
|
page read and write
|
||
|
1CB2D858000
|
heap
|
page read and write
|
||
|
F8D000
|
stack
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
26E26229000
|
heap
|
page read and write
|
||
|
CC3000
|
heap
|
page read and write
|
||
|
35A7F7F000
|
stack
|
page read and write
|
||
|
F8AE9CC000
|
stack
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
26825343000
|
heap
|
page read and write
|
||
|
D051CFE000
|
stack
|
page read and write
|
||
|
16460C6C000
|
heap
|
page read and write
|
||
|
1CB2D848000
|
heap
|
page read and write
|
||
|
4E367C000
|
stack
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
FE1947F000
|
stack
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
F9D1000
|
unkown
|
page execute read
|
||
|
1EA29400000
|
heap
|
page read and write
|
||
|
16460C00000
|
heap
|
page read and write
|
||
|
16460C77000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
24F17052000
|
heap
|
page read and write
|
||
|
24F17092000
|
heap
|
page read and write
|
||
|
C5B000
|
direct allocation
|
page execute and read and write
|
||
|
26E26110000
|
heap
|
page read and write
|
||
|
A90000
|
direct allocation
|
page execute and read and write
|
||
|
F8AF0FE000
|
stack
|
page read and write
|
||
|
4E327B000
|
stack
|
page read and write
|
||
|
1CB2D680000
|
heap
|
page read and write
|
||
|
A4D000
|
stack
|
page read and write
|
||
|
268253AF000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
26824A87000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
19C4B710000
|
heap
|
page read and write
|
||
|
1CB2D840000
|
heap
|
page read and write
|
||
|
35A7A7E000
|
stack
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
16460C02000
|
heap
|
page read and write
|
||
|
16460C3D000
|
heap
|
page read and write
|
||
|
26825322000
|
heap
|
page read and write
|
||
|
26824810000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
F9D1000
|
unkown
|
page execute read
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
35A787C000
|
stack
|
page read and write
|
||
|
D05156B000
|
stack
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
D05197B000
|
stack
|
page read and write
|
||
|
26824A78000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
BDEB2FB000
|
stack
|
page read and write
|
||
|
FF8000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
4E0000
|
trusted library allocation
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
FE1937E000
|
stack
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
4E3AFE000
|
stack
|
page read and write
|
||
|
20801C13000
|
heap
|
page read and write
|
||
|
C8E000
|
stack
|
page read and write
|
||
|
8E0000
|
direct allocation
|
page execute and read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
DFA000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
26E2624F000
|
heap
|
page read and write
|
||
|
26E26313000
|
heap
|
page read and write
|
||
|
26825427000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
2B341C10000
|
heap
|
page read and write
|
||
|
2820000
|
heap
|
page read and write
|
||
|
20801C2A000
|
heap
|
page read and write
|
||
|
35A7E7E000
|
stack
|
page read and write
|
||
|
BDEBCFF000
|
stack
|
page read and write
|
||
|
26824A85000
|
heap
|
page read and write
|
||
|
19C4B780000
|
heap
|
page read and write
|
||
|
19C4B7B0000
|
trusted library allocation
|
page read and write
|
||
|
1CB2D844000
|
heap
|
page read and write
|
||
|
C4E000
|
stack
|
page read and write
|
||
|
F8AEFFC000
|
stack
|
page read and write
|
||
|
FC9EDFE000
|
stack
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
4E347C000
|
stack
|
page read and write
|
||
|
20801C52000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
1CB2D87E000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
24F17102000
|
heap
|
page read and write
|
||
|
1CB2D690000
|
heap
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
26E26308000
|
heap
|
page read and write
|
||
|
19C4B871000
|
heap
|
page read and write
|
||
|
890000
|
direct allocation
|
page execute and read and write
|
||
|
1EA29B80000
|
remote allocation
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
26824B8E000
|
heap
|
page read and write
|
||
|
2B341E26000
|
heap
|
page read and write
|
||
|
24F1703C000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
F9E4000
|
unkown
|
page readonly
|
||
|
5E0000
|
direct allocation
|
page read and write
|
||
|
FC9E87B000
|
stack
|
page read and write
|
||
|
16460C29000
|
heap
|
page read and write
|
||
|
1CB2D86B000
|
heap
|
page read and write
|
||
|
26824A52000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
2682536D000
|
heap
|
page read and write
|
||
|
16460B30000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
26824880000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
26824A76000
|
heap
|
page read and write
|
||
|
BDEB7FE000
|
stack
|
page read and write
|
||
|
1EA29390000
|
heap
|
page read and write
|
||
|
870000
|
direct allocation
|
page read and write
|
||
|
24F17000000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
1CB2D902000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
651EC7E000
|
stack
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
26E26264000
|
heap
|
page read and write
|
||
|
24F17077000
|
heap
|
page read and write
|
||
|
19C4B8E1000
|
heap
|
page read and write
|
||
|
27CE000
|
stack
|
page read and write
|
||
|
1CB2D84E000
|
heap
|
page read and write
|
||
|
2B341E2E000
|
heap
|
page read and write
|
||
|
CD6000
|
heap
|
page read and write
|
||
|
FC9EEFF000
|
stack
|
page read and write
|
||
|
2B8D000
|
stack
|
page read and write
|
||
|
24F16DD0000
|
heap
|
page read and write
|
||
|
26824A5B000
|
heap
|
page read and write
|
||
|
26824A69000
|
heap
|
page read and write
|
||
|
FC61000
|
unkown
|
page execute read
|
||
|
1CB2D842000
|
heap
|
page read and write
|
||
|
1EA29413000
|
heap
|
page read and write
|
||
|
16460D13000
|
heap
|
page read and write
|
||
|
16460C75000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
26825430000
|
heap
|
page read and write
|
||
|
1CB2D884000
|
heap
|
page read and write
|
||
|
26825322000
|
heap
|
page read and write
|
||
|
4E33FE000
|
stack
|
page read and write
|
||
|
26824A91000
|
heap
|
page read and write
|
||
|
D3E000
|
stack
|
page read and write
|
||
|
2B341E54000
|
heap
|
page read and write
|
||
|
20801D02000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
20801C00000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
2800000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
651EA77000
|
stack
|
page read and write
|
||
|
EE0000
|
trusted library allocation
|
page read and write
|
||
|
20801C02000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
16460AC0000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
1CB2D83D000
|
heap
|
page read and write
|
||
|
BDEB77E000
|
stack
|
page read and write
|
||
|
5F0000
|
direct allocation
|
page read and write
|
||
|
20801C5C000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
270C000
|
stack
|
page read and write
|
||
|
FC9EBFF000
|
stack
|
page read and write
|
||
|
FC9EA7B000
|
stack
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
35A807F000
|
stack
|
page read and write
|
||
|
26824A54000
|
heap
|
page read and write
|
||
|
CEF000
|
heap
|
page read and write
|
||
|
BDEBA7E000
|
stack
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
2B341E3A000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
26E260A0000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
F9D0000
|
unkown
|
page readonly
|
||
|
1CB2D875000
|
heap
|
page read and write
|
||
|
F9E4000
|
unkown
|
page readonly
|
||
|
2811000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
26824BE5000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
268253C8000
|
heap
|
page read and write
|
||
|
26825302000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
1CB2D877000
|
heap
|
page read and write
|
||
|
26824A43000
|
heap
|
page read and write
|
||
|
26824A00000
|
heap
|
page read and write
|
||
|
26E2624A000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
268249A0000
|
trusted library allocation
|
page read and write
|
||
|
35A7D7E000
|
stack
|
page read and write
|
||
|
651EB7E000
|
stack
|
page read and write
|
||
|
26824980000
|
trusted library allocation
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
1CB2D83A000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
1EA29429000
|
heap
|
page read and write
|
||
|
19C4B8BC000
|
heap
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
A3A90FE000
|
stack
|
page read and write
|
||
|
570000
|
trusted library allocation
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
26824BB9000
|
heap
|
page read and write
|
||
|
2B341BB0000
|
heap
|
page read and write
|
||
|
F9D0000
|
unkown
|
page readonly
|
||
|
2811000
|
heap
|
page read and write
|
||
|
880000
|
direct allocation
|
page read and write
|
||
|
26825400000
|
heap
|
page read and write
|
||
|
24F1706D000
|
heap
|
page read and write
|
||
|
1EA29402000
|
heap
|
page read and write
|
||
|
1CB2D800000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
1CB2D845000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
C40000
|
direct allocation
|
page read and write
|
||
|
FE18E7E000
|
stack
|
page read and write
|
||
|
1CB2D86A000
|
heap
|
page read and write
|
||
|
16460D02000
|
heap
|
page read and write
|
||
|
24F17108000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
5E0000
|
direct allocation
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
19C4B8CD000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
20801C3C000
|
heap
|
page read and write
|
||
|
D051AFF000
|
stack
|
page read and write
|
||
|
C30000
|
trusted library allocation
|
page read and write
|
||
|
20801B80000
|
heap
|
page read and write
|
||
|
1EA293F0000
|
heap
|
page read and write
|
||
|
16460C65000
|
heap
|
page read and write
|
||
|
24F17029000
|
heap
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
26825402000
|
heap
|
page read and write
|
||
|
A3A917E000
|
stack
|
page read and write
|
||
|
26E26274000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
26E2629E000
|
heap
|
page read and write
|
||
|
19C4C100000
|
heap
|
page read and write
|
||
|
24F1704F000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
2B341E02000
|
heap
|
page read and write
|
||
|
26E26270000
|
heap
|
page read and write
|
||
|
19C4B813000
|
heap
|
page read and write
|
||
|
F9E4000
|
unkown
|
page readonly
|
||
|
5E0000
|
direct allocation
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
20801B20000
|
heap
|
page read and write
|
||
|
2B341BC0000
|
heap
|
page read and write
|
||
|
4E387D000
|
stack
|
page read and write
|
||
|
20801B10000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
298D000
|
stack
|
page read and write
|
||
|
F3E000
|
stack
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
24F17100000
|
heap
|
page read and write
|
||
|
24F17070000
|
heap
|
page read and write
|
||
|
11EF000
|
stack
|
page read and write
|
||
|
2B341E3D000
|
heap
|
page read and write
|
||
|
C0E000
|
stack
|
page read and write
|
||
|
1EA29B50000
|
trusted library allocation
|
page read and write
|
||
|
FE1917E000
|
stack
|
page read and write
|
||
|
EDE000
|
stack
|
page read and write
|
||
|
26E26870000
|
trusted library allocation
|
page read and write
|
||
|
24F17075000
|
heap
|
page read and write
|
||
|
1CB2D867000
|
heap
|
page read and write
|
||
|
1CB2D846000
|
heap
|
page read and write
|
||
|
C50000
|
direct allocation
|
page read and write
|
||
|
35A7B7D000
|
stack
|
page read and write
|
||
|
16460C5A000
|
heap
|
page read and write
|
||
|
D0515EE000
|
stack
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
20801C28000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
1CB2E002000
|
trusted library allocation
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
FC74000
|
unkown
|
page readonly
|
||
|
26E2623C000
|
heap
|
page read and write
|
||
|
19C4B8C4000
|
heap
|
page read and write
|
||
|
19C4B800000
|
heap
|
page read and write
|
||
|
FC9E67B000
|
stack
|
page read and write
|
||
|
26825300000
|
heap
|
page read and write
|
||
|
19C4B720000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
651E67B000
|
stack
|
page read and write
|
||
|
26E26264000
|
heap
|
page read and write
|
||
|
1CB2D87B000
|
heap
|
page read and write
|
||
|
2B341DE0000
|
trusted library allocation
|
page read and write
|
||
|
500000
|
direct allocation
|
page read and write
|
||
|
20801C8A000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
BDEB9FD000
|
stack
|
page read and write
|
||
|
1CB2D6F0000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
CE5000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
FC60000
|
unkown
|
page readonly
|
||
|
324E000
|
stack
|
page read and write
|
||
|
304F000
|
stack
|
page read and write
|
||
|
26E26266000
|
heap
|
page read and write
|
||
|
19C4B913000
|
heap
|
page read and write
|
||
|
26825354000
|
heap
|
page read and write
|
||
|
20801D08000
|
heap
|
page read and write
|
||
|
1CB2D860000
|
heap
|
page read and write
|
||
|
20801BB0000
|
trusted library allocation
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
F8AEDFE000
|
stack
|
page read and write
|
||
|
FE18BFB000
|
stack
|
page read and write
|
||
|
651E77E000
|
stack
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
26E26292000
|
heap
|
page read and write
|
||
|
26E26300000
|
heap
|
page read and write
|
||
|
1CB2D864000
|
heap
|
page read and write
|
||
|
2B341F02000
|
heap
|
page read and write
|
||
|
5E0000
|
direct allocation
|
page read and write
|
||
|
2B341E4C000
|
heap
|
page read and write
|
||
|
4E39FA000
|
stack
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
24F16E30000
|
heap
|
page read and write
|
||
|
5E0000
|
direct allocation
|
page execute and read and write
|
||
|
26E26302000
|
heap
|
page read and write
|
||
|
EF0000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
2E4F000
|
stack
|
page read and write
|
||
|
20802402000
|
trusted library allocation
|
page read and write
|
||
|
1CB2D85F000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
651E97B000
|
stack
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
1CB2D85C000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
CCE000
|
stack
|
page read and write
|
||
|
24F1704B000
|
heap
|
page read and write
|
||
|
2B341E37000
|
heap
|
page read and write
|
||
|
26825413000
|
heap
|
page read and write
|
||
|
5F0000
|
direct allocation
|
page read and write
|
||
|
FC9E97E000
|
stack
|
page read and write
|
||
|
24F1704C000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
F9D1000
|
unkown
|
page execute read
|
||
|
19C4B902000
|
heap
|
page read and write
|
||
|
D051A7B000
|
stack
|
page read and write
|
||
|
20801C61000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
10EE000
|
stack
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
FC9ECFA000
|
stack
|
page read and write
|
||
|
CAD000
|
heap
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
1CB2D862000
|
heap
|
page read and write
|
||
|
24F17013000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
19C4C002000
|
heap
|
page read and write
|
||
|
F9D0000
|
unkown
|
page readonly
|
||
|
A20000
|
direct allocation
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
5F0000
|
direct allocation
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
FC60000
|
unkown
|
page readonly
|
||
|
26E26200000
|
heap
|
page read and write
|
||
|
CCB000
|
heap
|
page read and write
|
||
|
2BC0000
|
heap
|
page read and write
|
||
|
35A72FC000
|
stack
|
page read and write
|
||
|
C50000
|
direct allocation
|
page execute and read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
A8E000
|
stack
|
page read and write
|
||
|
FC9EE7E000
|
stack
|
page read and write
|
||
|
2810000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
BDEB8FF000
|
stack
|
page read and write
|
||
|
A3A94FF000
|
stack
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
26824A13000
|
heap
|
page read and write
|
||
|
24F16DC0000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
1CB2D7F0000
|
trusted library allocation
|
page read and write
|
||
|
1CB2D859000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
20801C81000
|
heap
|
page read and write
|
||
|
24F1704A000
|
heap
|
page read and write
|
||
|
A3A95FE000
|
stack
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
AC4000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
D051BF7000
|
stack
|
page read and write
|
||
|
5E0000
|
direct allocation
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
26E26A02000
|
trusted library allocation
|
page read and write
|
||
|
1CB2D865000
|
heap
|
page read and write
|
||
|
1EA29B80000
|
remote allocation
|
page read and write
|
||
|
1EA29B80000
|
remote allocation
|
page read and write
|
||
|
2682538F000
|
heap
|
page read and write
|
||
|
16460B60000
|
trusted library allocation
|
page read and write
|
||
|
35A797D000
|
stack
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
F8AEEFA000
|
stack
|
page read and write
|
||
|
35A76FA000
|
stack
|
page read and write
|
||
|
24F17590000
|
trusted library allocation
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
1CB2D861000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
4F0000
|
direct allocation
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
26824A8A000
|
heap
|
page read and write
|
||
|
F9E4000
|
unkown
|
page readonly
|
||
|
D05187F000
|
stack
|
page read and write
|
||
|
1EA29458000
|
heap
|
page read and write
|
||
|
2B341E45000
|
heap
|
page read and write
|
||
|
BDEBB7D000
|
stack
|
page read and write
|
||
|
268253BC000
|
heap
|
page read and write
|
||
|
24F17602000
|
trusted library allocation
|
page read and write
|
||
|
1CB2D829000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
26824B13000
|
heap
|
page read and write
|
||
|
19C4B841000
|
heap
|
page read and write
|
||
|
26824A6C000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
24F17113000
|
heap
|
page read and write
|
||
|
26825423000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
16460C13000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
FEF000
|
stack
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
2D4F000
|
stack
|
page read and write
|
||
|
20801D00000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
A3A907B000
|
stack
|
page read and write
|
||
|
2B341E00000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
19C4B829000
|
heap
|
page read and write
|
||
|
5F0000
|
direct allocation
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
FE18FFB000
|
stack
|
page read and write
|
||
|
16460AD0000
|
heap
|
page read and write
|
||
|
26824A92000
|
heap
|
page read and write
|
||
|
4E3BFF000
|
stack
|
page read and write
|
||
|
FE190FB000
|
stack
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
2B342402000
|
trusted library allocation
|
page read and write
|
||
|
4E38FB000
|
stack
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
26824A29000
|
heap
|
page read and write
|
||
|
35A7C7F000
|
stack
|
page read and write
|
||
|
2B341E13000
|
heap
|
page read and write
|
||
|
26825202000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
4E0000
|
direct allocation
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
26824820000
|
heap
|
page read and write
|
||
|
890000
|
trusted library allocation
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
20801D13000
|
heap
|
page read and write
|
||
|
26E26213000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
278D000
|
stack
|
page read and write
|
||
|
1CB2D841000
|
heap
|
page read and write
|
||
|
A10000
|
direct allocation
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
C7A000
|
heap
|
page read and write
|
||
|
26E2624D000
|
heap
|
page read and write
|
||
|
FC61000
|
unkown
|
page execute read
|
||
|
5E0000
|
direct allocation
|
page read and write
|
||
|
D051DFF000
|
stack
|
page read and write
|
||
|
1CB2D831000
|
heap
|
page read and write
|
||
|
1EA29440000
|
heap
|
page read and write
|
||
|
FE19277000
|
stack
|
page read and write
|
||
|
1CB2D874000
|
heap
|
page read and write
|
||
|
651E6FE000
|
stack
|
page read and write
|
||
|
1EA29380000
|
heap
|
page read and write
|
||
|
314A000
|
stack
|
page read and write
|
||
|
1CB2D86D000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
C96000
|
heap
|
page read and write
|
||
|
FE18EFE000
|
stack
|
page read and write
|
||
|
BDEBC7D000
|
stack
|
page read and write
|
||
|
24F1706D000
|
heap
|
page read and write
|
||
|
16461402000
|
trusted library allocation
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
1CB2D868000
|
heap
|
page read and write
|
||
|
20801C67000
|
heap
|
page read and write
|
||
|
F8AF1F9000
|
stack
|
page read and write
|
||
|
2B341E52000
|
heap
|
page read and write
|
||
|
F9D1000
|
unkown
|
page execute read
|
||
|
26824A43000
|
heap
|
page read and write
|
||
|
CA2000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
A3A92FE000
|
stack
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
2F4F000
|
stack
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
4E377E000
|
stack
|
page read and write
|
||
|
A3A93FE000
|
stack
|
page read and write
|
||
|
5F0000
|
direct allocation
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
FC9EAF9000
|
stack
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
1EA29C02000
|
trusted library allocation
|
page read and write
|
||
|
12EF000
|
stack
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
F9D0000
|
unkown
|
page readonly
|
||
|
1CB2D85A000
|
heap
|
page read and write
|
||
|
26E260B0000
|
heap
|
page read and write
|
||
|
1CB2D87A000
|
heap
|
page read and write
|
||
|
2B341E2A000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
There are 600 hidden memdumps, click here to show them.