Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\fnSearcher\fnsearcher68.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Program Files (x86)\fnSearcher\is-6KAKC.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\fnSearcher\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-6LIA6.tmp\_isetup\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-6LIA6.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-VVS8D.tmp\is-SQE6E.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\{e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}\0JzI2az.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\fnSearcher\checksums.txt (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\fnSearcher\completed.wav (copy)
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz
|
dropped
|
||
|
C:\Program Files (x86)\fnSearcher\history.rtf (copy)
|
Rich Text Format data, version 1, ANSI, code page 1251, default middle east language ID 1025
|
dropped
|
||
|
C:\Program Files (x86)\fnSearcher\is-15O1T.tmp
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz
|
dropped
|
||
|
C:\Program Files (x86)\fnSearcher\is-51KLJ.tmp
|
data
|
dropped
|
||
|
C:\Program Files (x86)\fnSearcher\is-7C4Q3.tmp
|
Rich Text Format data, version 1, ANSI, code page 1251, default middle east language ID 1025
|
dropped
|
||
|
C:\Program Files (x86)\fnSearcher\is-8S345.tmp
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\fnSearcher\is-DS22N.tmp
|
MS Windows icon resource - 7 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
|
dropped
|
||
|
C:\Program Files (x86)\fnSearcher\is-E8ARN.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\fnSearcher\is-OS12U.tmp
|
Rich Text Format data, version 1, ANSI, code page 1251, default middle east language ID 1025
|
dropped
|
||
|
C:\Program Files (x86)\fnSearcher\is-S6A9T.tmp
|
Rich Text Format data, version 1, ANSI, code page 1251, default middle east language ID 1025
|
dropped
|
||
|
C:\Program Files (x86)\fnSearcher\license_en.rtf (copy)
|
Rich Text Format data, version 1, ANSI, code page 1251, default middle east language ID 1025
|
dropped
|
||
|
C:\Program Files (x86)\fnSearcher\license_ru.rtf (copy)
|
Rich Text Format data, version 1, ANSI, code page 1251, default middle east language ID 1025
|
dropped
|
||
|
C:\Program Files (x86)\fnSearcher\reset.bat (copy)
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\fnSearcher\unins.ico (copy)
|
MS Windows icon resource - 7 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
|
dropped
|
||
|
C:\Program Files (x86)\fnSearcher\unins000.dat
|
InnoSetup Log FNSearcher {b264a18E-91B4-4910-9006-8bf37124b695}, version 0x2d, 3779 bytes, 367706\user, "C:\Program Files
(x86)\fnSearcher"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ping[1].htm
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\count[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\library[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\fuckingdllENCR[1].dll
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\count[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\library[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-6LIA6.tmp\_isetup\_RegDLL.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-6LIA6.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
There are 22 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
C:\Users\user\Desktop\file.exe
|
|
|
|
C:\Program Files (x86)\fnSearcher\fnsearcher68.exe
|
"C:\Program Files (x86)\fnSearcher\fnsearcher68.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\{e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}\0JzI2az.exe
|
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-VVS8D.tmp\is-SQE6E.tmp
|
"C:\Users\user\AppData\Local\Temp\is-VVS8D.tmp\is-SQE6E.tmp" /SL4 $30224 "C:\Users\user\Desktop\file.exe" 2630911 52736
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c taskkill /im "fnsearcher68.exe" /f & erase "C:\Program Files (x86)\fnSearcher\fnsearcher68.exe"
& exit
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\taskkill.exe
|
taskkill /im "fnsearcher68.exe" /f
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://171.22.30.106/library.php
|
171.22.30.106
|
|
|
|
http://45.139.105.171/itsnotmalware/count.php?sub=NOSUB&stream=start&substream=mixinte
|
45.139.105.171
|
||
|
http://www.innosetup.com/
|
unknown
|
||
|
http://www.n-group.info
|
unknown
|
||
|
http://www.fn-group.info/-http://www.fn-group.info/fnsearcher/help.html1http://www.fn-group.info/fns
|
unknown
|
||
|
http://www.fn-group.info/fnsearcher/help.html1
|
unknown
|
||
|
http://45.139.105.171/itsnotmalware/count.php?sub=NOSUB&stream=mixtwo&substream=mixinte
|
45.139.105.171
|
||
|
http://www.fn-group.info/fnsearcher/help.html
|
unknown
|
||
|
http://www.fn-group.info/
|
unknown
|
||
|
http://www.fn-group.info/fnsearcher/download.html
|
unknown
|
||
|
http://www.fn-group.info/-
|
unknown
|
||
|
http://107.182.129.235/storage/extension.php
|
107.182.129.235
|
||
|
http://www.remobjects.com/?ps
|
unknown
|
||
|
http://www.fn-group.info/fnsearcher/help.htmlB
|
unknown
|
||
|
http://www.kungsoft.com
|
unknown
|
||
|
http://107.182.129.235/storage/ping.php
|
107.182.129.235
|
||
|
http://www.fn-group.info/8
|
unknown
|
||
|
http://www.fn-group.info/fnsearcher/download.htmlw
|
unknown
|
||
|
http://www.remobjects.com/?psU
|
unknown
|
There are 9 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.139.105.1
|
unknown
|
Italy
|
|
|
|
85.31.46.167
|
unknown
|
Germany
|
|
|
|
45.139.105.171
|
unknown
|
Italy
|
||
|
107.182.129.235
|
unknown
|
Reserved
|
||
|
171.22.30.106
|
unknown
|
Germany
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b264a18E-91B4-4910-9006-8bf37124b695}_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b264a18E-91B4-4910-9006-8bf37124b695}_is1
|
Inno Setup: App Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b264a18E-91B4-4910-9006-8bf37124b695}_is1
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b264a18E-91B4-4910-9006-8bf37124b695}_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b264a18E-91B4-4910-9006-8bf37124b695}_is1
|
Inno Setup: User
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b264a18E-91B4-4910-9006-8bf37124b695}_is1
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b264a18E-91B4-4910-9006-8bf37124b695}_is1
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b264a18E-91B4-4910-9006-8bf37124b695}_is1
|
QuietUninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b264a18E-91B4-4910-9006-8bf37124b695}_is1
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b264a18E-91B4-4910-9006-8bf37124b695}_is1
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b264a18E-91B4-4910-9006-8bf37124b695}_is1
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b264a18E-91B4-4910-9006-8bf37124b695}_is1
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b264a18E-91B4-4910-9006-8bf37124b695}_is1
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b264a18E-91B4-4910-9006-8bf37124b695}_is1
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b264a18E-91B4-4910-9006-8bf37124b695}_is1
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b264a18E-91B4-4910-9006-8bf37124b695}_is1
|
InstallDate
|
There are 6 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
37D0000
|
direct allocation
|
page read and write
|
|
|
|
23C17AE2000
|
heap
|
page read and write
|
||
|
1FA2DFE000
|
stack
|
page read and write
|
||
|
11EBA196000
|
heap
|
page read and write
|
||
|
274D452D000
|
heap
|
page read and write
|
||
|
BEFB37D000
|
stack
|
page read and write
|
||
|
23E9A86F000
|
heap
|
page read and write
|
||
|
174B000
|
heap
|
page read and write
|
||
|
98F000
|
stack
|
page read and write
|
||
|
A8F000
|
stack
|
page read and write
|
||
|
274D43E0000
|
remote allocation
|
page read and write
|
||
|
453A000
|
trusted library allocation
|
page read and write
|
||
|
23E9A861000
|
heap
|
page read and write
|
||
|
23C17B02000
|
heap
|
page read and write
|
||
|
10002000
|
unkown
|
page readonly
|
||
|
1C6AB229000
|
heap
|
page read and write
|
||
|
452000
|
unkown
|
page execute and read and write
|
||
|
453A000
|
trusted library allocation
|
page read and write
|
||
|
40B000
|
unkown
|
page write copy
|
||
|
3A6E000
|
stack
|
page read and write
|
||
|
1AF0000
|
trusted library allocation
|
page read and write
|
||
|
23C17ACE000
|
heap
|
page read and write
|
||
|
1C6AB302000
|
heap
|
page read and write
|
||
|
11EBA100000
|
heap
|
page read and write
|
||
|
620177F000
|
stack
|
page read and write
|
||
|
274D4502000
|
heap
|
page read and write
|
||
|
1842B713000
|
heap
|
page read and write
|
||
|
11EB982D000
|
heap
|
page read and write
|
||
|
44C1000
|
trusted library allocation
|
page read and write
|
||
|
1783000
|
heap
|
page read and write
|
||
|
7DF000
|
heap
|
page read and write
|
||
|
274D4484000
|
heap
|
page read and write
|
||
|
841000
|
heap
|
page read and write
|
||
|
7F8B37C000
|
stack
|
page read and write
|
||
|
5C5000
|
heap
|
page read and write
|
||
|
44EE000
|
trusted library allocation
|
page read and write
|
||
|
3F2F000
|
stack
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
1842B460000
|
heap
|
page read and write
|
||
|
23C17A00000
|
heap
|
page read and write
|
||
|
2365000
|
heap
|
page read and write
|
||
|
332E000
|
stack
|
page read and write
|
||
|
1842B613000
|
heap
|
page read and write
|
||
|
23E9A86D000
|
heap
|
page read and write
|
||
|
1629000
|
unkown
|
page execute and write copy
|
||
|
9C000
|
stack
|
page read and write
|
||
|
491000
|
unkown
|
page write copy
|
||
|
BEFAD7B000
|
stack
|
page read and write
|
||
|
1D67FB02000
|
heap
|
page read and write
|
||
|
3470000
|
direct allocation
|
page read and write
|
||
|
48E000
|
unkown
|
page read and write
|
||
|
1D67FA13000
|
heap
|
page read and write
|
||
|
7D1000
|
heap
|
page read and write
|
||
|
BEFB47F000
|
stack
|
page read and write
|
||
|
2350000
|
direct allocation
|
page execute and read and write
|
||
|
2B31C480000
|
heap
|
page read and write
|
||
|
3190000
|
direct allocation
|
page read and write
|
||
|
23E9A839000
|
heap
|
page read and write
|
||
|
4AE000
|
stack
|
page read and write
|
||
|
44EE000
|
trusted library allocation
|
page read and write
|
||
|
1842B65B000
|
heap
|
page read and write
|
||
|
44EE000
|
trusted library allocation
|
page read and write
|
||
|
2B31C600000
|
heap
|
page read and write
|
||
|
1D67FA3E000
|
heap
|
page read and write
|
||
|
1ADF000
|
stack
|
page read and write
|
||
|
3440000
|
direct allocation
|
page read and write
|
||
|
4A0F000
|
stack
|
page read and write
|
||
|
11EB99E5000
|
heap
|
page read and write
|
||
|
11EBA143000
|
heap
|
page read and write
|
||
|
45CB000
|
trusted library allocation
|
page read and write
|
||
|
21C0000
|
direct allocation
|
page read and write
|
||
|
453A000
|
trusted library allocation
|
page read and write
|
||
|
1D67FA02000
|
heap
|
page read and write
|
||
|
3B6F000
|
stack
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
274D43E0000
|
remote allocation
|
page read and write
|
||
|
274D4449000
|
heap
|
page read and write
|
||
|
1D67F980000
|
trusted library allocation
|
page read and write
|
||
|
CD725FE000
|
stack
|
page read and write
|
||
|
1842B666000
|
heap
|
page read and write
|
||
|
EB507F000
|
stack
|
page read and write
|
||
|
45CB000
|
trusted library allocation
|
page read and write
|
||
|
78E000
|
stack
|
page read and write
|
||
|
43BB000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
7D5000
|
heap
|
page read and write
|
||
|
453A000
|
trusted library allocation
|
page read and write
|
||
|
23C18202000
|
heap
|
page read and write
|
||
|
62019FD000
|
stack
|
page read and write
|
||
|
176F000
|
heap
|
page read and write
|
||
|
11EB96C0000
|
heap
|
page read and write
|
||
|
EB4F7E000
|
stack
|
page read and write
|
||
|
665387E000
|
stack
|
page read and write
|
||
|
48E000
|
unkown
|
page write copy
|
||
|
1D67FA36000
|
heap
|
page read and write
|
||
|
1D67FA2F000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
32B0000
|
trusted library allocation
|
page read and write
|
||
|
13CA000
|
unkown
|
page execute and write copy
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
A11000
|
unkown
|
page execute read
|
||
|
2820000
|
trusted library allocation
|
page read and write
|
||
|
11EB9858000
|
heap
|
page read and write
|
||
|
23E9A850000
|
heap
|
page read and write
|
||
|
23E9A844000
|
heap
|
page read and write
|
||
|
3830000
|
direct allocation
|
page read and write
|
||
|
11EB9813000
|
heap
|
page read and write
|
||
|
3F40000
|
heap
|
page read and write
|
||
|
2B31CE02000
|
trusted library allocation
|
page read and write
|
||
|
2B31C628000
|
heap
|
page read and write
|
||
|
11EB986F000
|
heap
|
page read and write
|
||
|
3DEF000
|
stack
|
page read and write
|
||
|
450C000
|
trusted library allocation
|
page read and write
|
||
|
274D4449000
|
heap
|
page read and write
|
||
|
274D41E0000
|
heap
|
page read and write
|
||
|
23E9A87B000
|
heap
|
page read and write
|
||
|
47DE000
|
stack
|
page read and write
|
||
|
23C17A2A000
|
heap
|
page read and write
|
||
|
3341000
|
trusted library allocation
|
page read and write
|
||
|
11EB988F000
|
heap
|
page read and write
|
||
|
23E9A84E000
|
heap
|
page read and write
|
||
|
3860000
|
direct allocation
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
11EB983C000
|
heap
|
page read and write
|
||
|
60E000
|
stack
|
page read and write
|
||
|
23E9A849000
|
heap
|
page read and write
|
||
|
13B4000
|
unkown
|
page execute and write copy
|
||
|
21C1000
|
direct allocation
|
page read and write
|
||
|
11EBA102000
|
heap
|
page read and write
|
||
|
23E9A865000
|
heap
|
page read and write
|
||
|
162D000
|
unkown
|
page execute and write copy
|
||
|
10001000
|
direct allocation
|
page execute read
|
||
|
31DE000
|
stack
|
page read and write
|
||
|
81A000
|
heap
|
page read and write
|
||
|
274D4402000
|
heap
|
page read and write
|
||
|
465E4F9000
|
stack
|
page read and write
|
||
|
2256000
|
direct allocation
|
page read and write
|
||
|
A10000
|
unkown
|
page readonly
|
||
|
10000000
|
direct allocation
|
page read and write
|
||
|
1C6AB202000
|
heap
|
page read and write
|
||
|
2279000
|
direct allocation
|
page read and write
|
||
|
23F0000
|
direct allocation
|
page read and write
|
||
|
97000
|
stack
|
page read and write
|
||
|
23E9A840000
|
heap
|
page read and write
|
||
|
49F000
|
unkown
|
page readonly
|
||
|
1B00000
|
heap
|
page read and write
|
||
|
1FA24FB000
|
stack
|
page read and write
|
||
|
11EB99B9000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
BEFAEFC000
|
stack
|
page read and write
|
||
|
11EB9829000
|
heap
|
page read and write
|
||
|
450C000
|
trusted library allocation
|
page read and write
|
||
|
274D4459000
|
heap
|
page read and write
|
||
|
274D4250000
|
heap
|
page read and write
|
||
|
450C000
|
trusted library allocation
|
page read and write
|
||
|
1842B4C0000
|
heap
|
page read and write
|
||
|
4EE000
|
stack
|
page read and write
|
||
|
274D4473000
|
heap
|
page read and write
|
||
|
178E000
|
heap
|
page read and write
|
||
|
11EBA002000
|
heap
|
page read and write
|
||
|
1842B600000
|
heap
|
page read and write
|
||
|
274D41F0000
|
heap
|
page read and write
|
||
|
7F8000
|
heap
|
page read and write
|
||
|
70A000
|
heap
|
page read and write
|
||
|
45CB000
|
trusted library allocation
|
page read and write
|
||
|
16FE000
|
stack
|
page read and write
|
||
|
450C000
|
trusted library allocation
|
page read and write
|
||
|
1842B629000
|
heap
|
page read and write
|
||
|
4240000
|
heap
|
page read and write
|
||
|
274D448A000
|
heap
|
page read and write
|
||
|
1677000
|
heap
|
page read and write
|
||
|
1C6AB860000
|
remote allocation
|
page read and write
|
||
|
40EE000
|
stack
|
page read and write
|
||
|
EB4AF9000
|
stack
|
page read and write
|
||
|
274D4413000
|
heap
|
page read and write
|
||
|
19DF000
|
stack
|
page read and write
|
||
|
274D5E02000
|
trusted library allocation
|
page read and write
|
||
|
177F000
|
heap
|
page read and write
|
||
|
11EB9913000
|
heap
|
page read and write
|
||
|
1842B450000
|
heap
|
page read and write
|
||
|
23C17A70000
|
heap
|
page read and write
|
||
|
465E3FE000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
CD71D9C000
|
stack
|
page read and write
|
||
|
2B31C702000
|
heap
|
page read and write
|
||
|
4340000
|
trusted library allocation
|
page read and write
|
||
|
BEFB27F000
|
stack
|
page read and write
|
||
|
230000
|
heap
|
page read and write
|
||
|
409C000
|
stack
|
page read and write
|
||
|
11EB9E80000
|
trusted library allocation
|
page read and write
|
||
|
620167E000
|
stack
|
page read and write
|
||
|
1C6AB070000
|
heap
|
page read and write
|
||
|
2B31C679000
|
heap
|
page read and write
|
||
|
3E2E000
|
stack
|
page read and write
|
||
|
1FA2AFF000
|
stack
|
page read and write
|
||
|
3BAE000
|
stack
|
page read and write
|
||
|
A11000
|
unkown
|
page execute read
|
||
|
11EBA122000
|
heap
|
page read and write
|
||
|
2254000
|
direct allocation
|
page read and write
|
||
|
EB487A000
|
stack
|
page read and write
|
||
|
453A000
|
trusted library allocation
|
page read and write
|
||
|
1842B669000
|
heap
|
page read and write
|
||
|
23E9A83D000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
BEFAFFE000
|
stack
|
page read and write
|
||
|
11EBA1BF000
|
heap
|
page read and write
|
||
|
450C000
|
trusted library allocation
|
page read and write
|
||
|
2B31C602000
|
heap
|
page read and write
|
||
|
23E9A590000
|
heap
|
page read and write
|
||
|
1C6AB251000
|
heap
|
page read and write
|
||
|
1FA208B000
|
stack
|
page read and write
|
||
|
3480000
|
trusted library allocation
|
page read and write
|
||
|
45CB000
|
trusted library allocation
|
page read and write
|
||
|
23E9A87D000
|
heap
|
page read and write
|
||
|
29D000
|
stack
|
page read and write
|
||
|
274D5DA0000
|
trusted library allocation
|
page read and write
|
||
|
1FA2BFE000
|
stack
|
page read and write
|
||
|
1784000
|
heap
|
page read and write
|
||
|
23E9A856000
|
heap
|
page read and write
|
||
|
18F000
|
stack
|
page read and write
|
||
|
162B000
|
unkown
|
page execute and write copy
|
||
|
1C6AB213000
|
heap
|
page read and write
|
||
|
44EE000
|
trusted library allocation
|
page read and write
|
||
|
453A000
|
trusted library allocation
|
page read and write
|
||
|
23C179C0000
|
trusted library allocation
|
page read and write
|
||
|
EB4EFE000
|
stack
|
page read and write
|
||
|
23E9A841000
|
heap
|
page read and write
|
||
|
23E9A875000
|
heap
|
page read and write
|
||
|
1842BE02000
|
trusted library allocation
|
page read and write
|
||
|
492C000
|
stack
|
page read and write
|
||
|
1D67FA00000
|
heap
|
page read and write
|
||
|
21C8000
|
direct allocation
|
page read and write
|
||
|
7F8B47F000
|
stack
|
page read and write
|
||
|
7F8ADFE000
|
stack
|
page read and write
|
||
|
23E9A600000
|
heap
|
page read and write
|
||
|
2248000
|
direct allocation
|
page read and write
|
||
|
44EE000
|
trusted library allocation
|
page read and write
|
||
|
1D680002000
|
trusted library allocation
|
page read and write
|
||
|
23E9A862000
|
heap
|
page read and write
|
||
|
1C6AB860000
|
remote allocation
|
page read and write
|
||
|
2B31C700000
|
heap
|
page read and write
|
||
|
23C17B13000
|
heap
|
page read and write
|
||
|
CD723FB000
|
stack
|
page read and write
|
||
|
11EB9800000
|
heap
|
page read and write
|
||
|
274D443D000
|
heap
|
page read and write
|
||
|
11EB998C000
|
heap
|
page read and write
|
||
|
EB467B000
|
stack
|
page read and write
|
||
|
178E000
|
heap
|
page read and write
|
||
|
1783000
|
heap
|
page read and write
|
||
|
23C17ABD000
|
heap
|
page read and write
|
||
|
7C8000
|
heap
|
page read and write
|
||
|
4340000
|
trusted library allocation
|
page read and write
|
||
|
11EBA202000
|
heap
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
23E9A863000
|
heap
|
page read and write
|
||
|
178E000
|
heap
|
page read and write
|
||
|
171A000
|
heap
|
page read and write
|
||
|
23E9A855000
|
heap
|
page read and write
|
||
|
1FA25FC000
|
stack
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
23E9A902000
|
heap
|
page read and write
|
||
|
23C18300000
|
heap
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
1749000
|
heap
|
page read and write
|
||
|
11EB9892000
|
heap
|
page read and write
|
||
|
11EBA200000
|
heap
|
page read and write
|
||
|
11EB9888000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
4241000
|
heap
|
page read and write
|
||
|
7D9000
|
heap
|
page read and write
|
||
|
1D67F880000
|
heap
|
page read and write
|
||
|
841000
|
heap
|
page read and write
|
||
|
7C8000
|
heap
|
page read and write
|
||
|
7F8A9EB000
|
stack
|
page read and write
|
||
|
2B31C713000
|
heap
|
page read and write
|
||
|
23F0000
|
direct allocation
|
page read and write
|
||
|
1842B702000
|
heap
|
page read and write
|
||
|
3CEE000
|
stack
|
page read and write
|
||
|
1C6AB0D0000
|
heap
|
page read and write
|
||
|
1842B5C0000
|
trusted library allocation
|
page read and write
|
||
|
23E9A829000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
3480000
|
heap
|
page read and write
|
||
|
453A000
|
trusted library allocation
|
page read and write
|
||
|
177B000
|
heap
|
page read and write
|
||
|
23E9A846000
|
heap
|
page read and write
|
||
|
1700000
|
trusted library allocation
|
page read and write
|
||
|
1670000
|
heap
|
page read and write
|
||
|
11EB9876000
|
heap
|
page read and write
|
||
|
1FA27FF000
|
stack
|
page read and write
|
||
|
11EBA230000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
411000
|
unkown
|
page readonly
|
||
|
1B05000
|
heap
|
page read and write
|
||
|
EB4DFF000
|
stack
|
page read and write
|
||
|
7CF000
|
stack
|
page read and write
|
||
|
450C000
|
trusted library allocation
|
page read and write
|
||
|
7CE000
|
heap
|
page read and write
|
||
|
23E9A845000
|
heap
|
page read and write
|
||
|
465E2FC000
|
stack
|
page read and write
|
||
|
23E9A7D0000
|
trusted library allocation
|
page read and write
|
||
|
470000
|
unkown
|
page readonly
|
||
|
23E9A84B000
|
heap
|
page read and write
|
||
|
450C000
|
trusted library allocation
|
page read and write
|
||
|
465E1FA000
|
stack
|
page read and write
|
||
|
2B31C66B000
|
heap
|
page read and write
|
||
|
23E9A848000
|
heap
|
page read and write
|
||
|
66532BC000
|
stack
|
page read and write
|
||
|
23C17850000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
11EB9720000
|
heap
|
page read and write
|
||
|
23E9A868000
|
heap
|
page read and write
|
||
|
2245000
|
direct allocation
|
page read and write
|
||
|
7F8000
|
heap
|
page read and write
|
||
|
28A0000
|
trusted library allocation
|
page read and write
|
||
|
1710000
|
heap
|
page read and write
|
||
|
BEFAE7F000
|
stack
|
page read and write
|
||
|
11EB9854000
|
heap
|
page read and write
|
||
|
409E000
|
stack
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
23E9A84F000
|
heap
|
page read and write
|
||
|
508000
|
heap
|
page read and write
|
||
|
178E000
|
heap
|
page read and write
|
||
|
23C17A13000
|
heap
|
page read and write
|
||
|
11EBA1CB000
|
heap
|
page read and write
|
||
|
EB4CFA000
|
stack
|
page read and write
|
||
|
41EA000
|
stack
|
page read and write
|
||
|
7D1000
|
heap
|
page read and write
|
||
|
23C17AC4000
|
heap
|
page read and write
|
||
|
274D4350000
|
trusted library allocation
|
page read and write
|
||
|
1675000
|
heap
|
page read and write
|
||
|
A10000
|
unkown
|
page readonly
|
||
|
11EB96B0000
|
heap
|
page read and write
|
||
|
45CB000
|
trusted library allocation
|
page read and write
|
||
|
23E9A86B000
|
heap
|
page read and write
|
||
|
227C000
|
direct allocation
|
page read and write
|
||
|
2B31C613000
|
heap
|
page read and write
|
||
|
2278000
|
direct allocation
|
page read and write
|
||
|
2369000
|
heap
|
page read and write
|
||
|
BEFB07B000
|
stack
|
page read and write
|
||
|
1809000
|
heap
|
page read and write
|
||
|
450C000
|
trusted library allocation
|
page read and write
|
||
|
62015FF000
|
stack
|
page read and write
|
||
|
45CB000
|
trusted library allocation
|
page read and write
|
||
|
EB4A7B000
|
stack
|
page read and write
|
||
|
66533BE000
|
stack
|
page read and write
|
||
|
1C6AB200000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
411000
|
unkown
|
page readonly
|
||
|
8CF000
|
stack
|
page read and write
|
||
|
A1C000
|
unkown
|
page readonly
|
||
|
44EE000
|
trusted library allocation
|
page read and write
|
||
|
453A000
|
trusted library allocation
|
page read and write
|
||
|
1FA28FD000
|
stack
|
page read and write
|
||
|
2B31C580000
|
trusted library allocation
|
page read and write
|
||
|
1842B63D000
|
heap
|
page read and write
|
||
|
23A0000
|
trusted library allocation
|
page read and write
|
||
|
7F8000
|
heap
|
page read and write
|
||
|
274D4465000
|
heap
|
page read and write
|
||
|
3890000
|
direct allocation
|
page read and write
|
||
|
6201B7E000
|
stack
|
page read and write
|
||
|
23E9A813000
|
heap
|
page read and write
|
||
|
32DF000
|
stack
|
page read and write
|
||
|
44EE000
|
trusted library allocation
|
page read and write
|
||
|
274D4513000
|
heap
|
page read and write
|
||
|
44EE000
|
trusted library allocation
|
page read and write
|
||
|
11EBA227000
|
heap
|
page read and write
|
||
|
EB4BFE000
|
stack
|
page read and write
|
||
|
45CB000
|
trusted library allocation
|
page read and write
|
||
|
23E9A87E000
|
heap
|
page read and write
|
||
|
450C000
|
trusted library allocation
|
page read and write
|
||
|
465DCFC000
|
stack
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
BEFB17C000
|
stack
|
page read and write
|
||
|
274D43E0000
|
remote allocation
|
page read and write
|
||
|
274D43A0000
|
trusted library allocation
|
page read and write
|
||
|
1C6AB1D0000
|
trusted library allocation
|
page read and write
|
||
|
620187D000
|
stack
|
page read and write
|
||
|
7F8AF7E000
|
stack
|
page read and write
|
||
|
620117B000
|
stack
|
page read and write
|
||
|
1D67FA3B000
|
heap
|
page read and write
|
||
|
7F8B07F000
|
stack
|
page read and write
|
||
|
45CB000
|
trusted library allocation
|
page read and write
|
||
|
443D000
|
trusted library allocation
|
page read and write
|
||
|
45CB000
|
trusted library allocation
|
page read and write
|
||
|
45CB000
|
trusted library allocation
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
7C2000
|
heap
|
page read and write
|
||
|
274D4529000
|
heap
|
page read and write
|
||
|
23E9A86A000
|
heap
|
page read and write
|
||
|
1D67FA55000
|
heap
|
page read and write
|
||
|
23A0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
70F000
|
stack
|
page read and write
|
||
|
274D4449000
|
heap
|
page read and write
|
||
|
274D445F000
|
heap
|
page read and write
|
||
|
1D67F830000
|
heap
|
page read and write
|
||
|
11EBA122000
|
heap
|
page read and write
|
||
|
A22000
|
unkown
|
page write copy
|
||
|
665377E000
|
stack
|
page read and write
|
||
|
23C17860000
|
heap
|
page read and write
|
||
|
CD722FB000
|
stack
|
page read and write
|
||
|
BEFA77B000
|
stack
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
274D4459000
|
heap
|
page read and write
|
||
|
11EB9865000
|
heap
|
page read and write
|
||
|
6201AFD000
|
stack
|
page read and write
|
||
|
665333E000
|
stack
|
page read and write
|
||
|
23E9A842000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
23E9A847000
|
heap
|
page read and write
|
||
|
453A000
|
trusted library allocation
|
page read and write
|
||
|
23C17A8A000
|
heap
|
page read and write
|
||
|
3CAF000
|
stack
|
page read and write
|
||
|
7F8B57D000
|
stack
|
page read and write
|
||
|
44E1000
|
trusted library allocation
|
page read and write
|
||
|
83F000
|
heap
|
page read and write
|
||
|
11EB9843000
|
heap
|
page read and write
|
||
|
BEFAB7F000
|
stack
|
page read and write
|
||
|
2790000
|
heap
|
page read and write
|
||
|
CD724FB000
|
stack
|
page read and write
|
||
|
342F000
|
stack
|
page read and write
|
||
|
2290000
|
direct allocation
|
page read and write
|
||
|
7F8B17F000
|
stack
|
page read and write
|
||
|
274D4400000
|
heap
|
page read and write
|
||
|
1779000
|
heap
|
page read and write
|
||
|
453A000
|
trusted library allocation
|
page read and write
|
||
|
23E9A884000
|
heap
|
page read and write
|
||
|
1FA2CFF000
|
stack
|
page read and write
|
||
|
23C17A45000
|
heap
|
page read and write
|
||
|
1D67FA51000
|
heap
|
page read and write
|
||
|
11EBA1B1000
|
heap
|
page read and write
|
||
|
665397E000
|
stack
|
page read and write
|
||
|
2B31C410000
|
heap
|
page read and write
|
||
|
1640000
|
trusted library allocation
|
page read and write
|
||
|
A24000
|
unkown
|
page readonly
|
||
|
4241000
|
heap
|
page read and write
|
||
|
11EBA173000
|
heap
|
page read and write
|
||
|
74E000
|
stack
|
page read and write
|
||
|
10017000
|
direct allocation
|
page read and write
|
||
|
4340000
|
trusted library allocation
|
page read and write
|
||
|
7F8000
|
heap
|
page read and write
|
||
|
10010000
|
direct allocation
|
page readonly
|
||
|
2390000
|
trusted library allocation
|
page read and write
|
||
|
11EBA154000
|
heap
|
page read and write
|
||
|
3190000
|
direct allocation
|
page read and write
|
||
|
7D9000
|
heap
|
page read and write
|
||
|
3880000
|
direct allocation
|
page read and write
|
||
|
62018FF000
|
stack
|
page read and write
|
||
|
1C6AB237000
|
heap
|
page read and write
|
||
|
274D442A000
|
heap
|
page read and write
|
||
|
79A000
|
heap
|
page read and write
|
||
|
600000
|
trusted library allocation
|
page read and write
|
||
|
199000
|
stack
|
page read and write
|
||
|
48F0000
|
heap
|
page read and write
|
||
|
453A000
|
trusted library allocation
|
page read and write
|
||
|
7F8B27C000
|
stack
|
page read and write
|
||
|
23E9A864000
|
heap
|
page read and write
|
||
|
274D4459000
|
heap
|
page read and write
|
||
|
23E9A874000
|
heap
|
page read and write
|
||
|
39DF000
|
stack
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
23E9AE02000
|
trusted library allocation
|
page read and write
|
||
|
21B4000
|
direct allocation
|
page read and write
|
||
|
23E9A830000
|
heap
|
page read and write
|
||
|
11EBA223000
|
heap
|
page read and write
|
||
|
1001A000
|
direct allocation
|
page read and write
|
||
|
10019000
|
direct allocation
|
page readonly
|
||
|
11EB9891000
|
heap
|
page read and write
|
||
|
2410000
|
heap
|
page read and write
|
||
|
1276000
|
unkown
|
page readonly
|
||
|
2B31C65A000
|
heap
|
page read and write
|
||
|
2B31C640000
|
heap
|
page read and write
|
||
|
44EE000
|
trusted library allocation
|
page read and write
|
||
|
590000
|
trusted library allocation
|
page read and write
|
||
|
6653A7F000
|
stack
|
page read and write
|
||
|
2B31C420000
|
heap
|
page read and write
|
||
|
16BE000
|
stack
|
page read and write
|
||
|
4820000
|
heap
|
page read and write
|
||
|
A24000
|
unkown
|
page readonly
|
||
|
49F000
|
unkown
|
page readonly
|
||
|
1C6AB060000
|
heap
|
page read and write
|
||
|
A1C000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
45CB000
|
trusted library allocation
|
page read and write
|
||
|
2414000
|
heap
|
page read and write
|
||
|
38DD000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1D67FA46000
|
heap
|
page read and write
|
||
|
23E9A5A0000
|
heap
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
1D67FA2A000
|
heap
|
page read and write
|
||
|
3440000
|
direct allocation
|
page read and write
|
||
|
11EB9EA0000
|
trusted library allocation
|
page read and write
|
||
|
1FA26FD000
|
stack
|
page read and write
|
||
|
274D4370000
|
trusted library allocation
|
page read and write
|
||
|
11EBA230000
|
heap
|
page read and write
|
||
|
11EB9873000
|
heap
|
page read and write
|
||
|
450C000
|
trusted library allocation
|
page read and write
|
||
|
A22000
|
unkown
|
page read and write
|
||
|
31C8000
|
direct allocation
|
page read and write
|
||
|
23C17AE8000
|
heap
|
page read and write
|
||
|
44EE000
|
trusted library allocation
|
page read and write
|
||
|
1630000
|
unkown
|
page execute and write copy
|
||
|
400000
|
unkown
|
page readonly
|
||
|
274D4500000
|
heap
|
page read and write
|
||
|
1FA29FF000
|
stack
|
page read and write
|
||
|
21B0000
|
direct allocation
|
page read and write
|
||
|
3F9E000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
450C000
|
trusted library allocation
|
page read and write
|
||
|
23E9A860000
|
heap
|
page read and write
|
||
|
465E0FE000
|
stack
|
page read and write
|
||
|
450C000
|
trusted library allocation
|
page read and write
|
||
|
453A000
|
trusted library allocation
|
page read and write
|
||
|
31AA000
|
direct allocation
|
page read and write
|
||
|
1C6AB860000
|
remote allocation
|
page read and write
|
||
|
23C178C0000
|
heap
|
page read and write
|
||
|
21D4000
|
direct allocation
|
page read and write
|
||
|
1C6ABA02000
|
trusted library allocation
|
page read and write
|
||
|
1842B677000
|
heap
|
page read and write
|
||
|
11EBA1C7000
|
heap
|
page read and write
|
||
|
843000
|
heap
|
page read and write
|
||
|
7D9000
|
heap
|
page read and write
|
||
|
2360000
|
heap
|
page read and write
|
||
|
35CE000
|
stack
|
page read and write
|
||
|
11EBA213000
|
heap
|
page read and write
|
||
|
1842B602000
|
heap
|
page read and write
|
||
|
1D67F820000
|
heap
|
page read and write
|
||
|
39C000
|
stack
|
page read and write
|
||
|
23E9A800000
|
heap
|
page read and write
|
||
|
1C6AB240000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page read and write
|
||
|
2240000
|
direct allocation
|
page read and write
|
||
|
EB497F000
|
stack
|
page read and write
|
||
|
44EE000
|
trusted library allocation
|
page read and write
|
||
|
45CB000
|
trusted library allocation
|
page read and write
|
There are 529 hidden memdumps, click here to show them.