Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
BiiRGnhWx8.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 62919 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
modified
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\BiiRGnhWx8.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32.exe /s C:\Users\user\Desktop\BiiRGnhWx8.dll
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\BiiRGnhWx8.dll",#1
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\BiiRGnhWx8.dll,DllRegisterServer
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\JEHCjtepagfsrQz\jHBB.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\HdSKRzl\HIWJamnkzbbhMRYe.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\IDqnZePrFBC\qFcZEWbJbr.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\FTRWInMVKbBAM\OqXi.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe" "C:\Windows\system32\JEHCjtepagfsrQz\jHBB.dll
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Users\user\AppData\Local\CFQcAaf\alGqQjfnqeipsC.dll"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\BiiRGnhWx8.dll",#1
|
There are 2 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://112.105.115.71:8080/
|
unknown
|
||
|
https://172.105.115.71:8080/s.dll
|
unknown
|
||
|
https://172.105.115.71:8080/fhbapco/qwoqdrltpngtcons/xmltlyltysiyxdbk/rxucyoknpgrotxw/
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.105.115.71
|
unknown
|
United States
|
|
|
|
188.165.79.151
|
unknown
|
France
|
|
|
|
196.44.98.190
|
unknown
|
Ghana
|
|
|
|
174.138.33.49
|
unknown
|
United States
|
|
|
|
36.67.23.59
|
unknown
|
Indonesia
|
|
|
|
103.41.204.169
|
unknown
|
Indonesia
|
|
|
|
85.214.67.203
|
unknown
|
Germany
|
|
|
|
83.229.80.93
|
unknown
|
United Kingdom
|
|
|
|
198.199.70.22
|
unknown
|
United States
|
|
|
|
93.104.209.107
|
unknown
|
Germany
|
|
|
|
186.250.48.5
|
unknown
|
Brazil
|
|
|
|
209.239.112.82
|
unknown
|
United States
|
|
|
|
175.126.176.79
|
unknown
|
Korea Republic of
|
|
|
|
128.199.242.164
|
unknown
|
United Kingdom
|
|
|
|
178.238.225.252
|
unknown
|
Germany
|
|
|
|
46.101.98.60
|
unknown
|
Netherlands
|
|
|
|
190.145.8.4
|
unknown
|
Colombia
|
|
|
|
82.98.180.154
|
unknown
|
Spain
|
|
|
|
103.71.99.57
|
unknown
|
India
|
|
|
|
87.106.97.83
|
unknown
|
Germany
|
|
|
|
103.254.12.236
|
unknown
|
Viet Nam
|
|
|
|
103.85.95.4
|
unknown
|
Indonesia
|
|
|
|
202.134.4.210
|
unknown
|
Indonesia
|
|
|
|
165.22.254.236
|
unknown
|
United States
|
|
|
|
78.47.204.80
|
unknown
|
Germany
|
|
|
|
118.98.72.86
|
unknown
|
Indonesia
|
|
|
|
139.59.80.108
|
unknown
|
Singapore
|
|
|
|
104.244.79.94
|
unknown
|
United States
|
|
|
|
37.44.244.177
|
unknown
|
Germany
|
|
|
|
51.75.33.122
|
unknown
|
France
|
|
|
|
160.16.143.191
|
unknown
|
Japan
|
|
|
|
103.56.149.105
|
unknown
|
Indonesia
|
|
|
|
85.25.120.45
|
unknown
|
Germany
|
|
|
|
139.196.72.155
|
unknown
|
China
|
|
|
|
115.178.55.22
|
unknown
|
Indonesia
|
|
|
|
103.126.216.86
|
unknown
|
Bangladesh
|
|
|
|
128.199.217.206
|
unknown
|
United Kingdom
|
|
|
|
114.79.130.68
|
unknown
|
India
|
|
|
|
103.224.241.74
|
unknown
|
India
|
|
|
|
210.57.209.142
|
unknown
|
Indonesia
|
|
|
|
202.28.34.99
|
unknown
|
Thailand
|
|
|
|
80.211.107.116
|
unknown
|
Italy
|
|
|
|
54.37.228.122
|
unknown
|
France
|
|
|
|
218.38.121.17
|
unknown
|
Korea Republic of
|
|
|
|
185.148.169.10
|
unknown
|
Germany
|
|
|
|
195.77.239.39
|
unknown
|
Spain
|
|
|
|
178.62.112.199
|
unknown
|
European Union
|
|
|
|
62.171.178.147
|
unknown
|
United Kingdom
|
|
|
|
64.227.55.231
|
unknown
|
United States
|
|
There are 39 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
jHBB.dll
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
244E2B30000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
190E8B40000
|
direct allocation
|
page execute and read and write
|
|
|
|
239F3890000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
3B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
21D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
880000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
3AA60FE000
|
stack
|
page read and write
|
||
|
8EE000
|
stack
|
page read and write
|
||
|
2730000
|
heap
|
page read and write
|
||
|
190E8B7E000
|
heap
|
page read and write
|
||
|
18002C000
|
direct allocation
|
page read and write
|
||
|
625000
|
heap
|
page read and write
|
||
|
7FFA0AEE7000
|
unkown
|
page readonly
|
||
|
7D7000
|
heap
|
page read and write
|
||
|
244E28F3000
|
heap
|
page read and write
|
||
|
8C5000
|
heap
|
page read and write
|
||
|
7FF000
|
heap
|
page read and write
|
||
|
DB5000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
5280000
|
trusted library allocation
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
7FFA0AE98000
|
unkown
|
page readonly
|
||
|
6C5000
|
heap
|
page read and write
|
||
|
239F38D0000
|
heap
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
6C5000
|
heap
|
page read and write
|
||
|
645000
|
heap
|
page read and write
|
||
|
676000
|
heap
|
page read and write
|
||
|
190E8E50000
|
heap
|
page readonly
|
||
|
239F3927000
|
heap
|
page read and write
|
||
|
244E2780000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
7FFA0AE60000
|
unkown
|
page readonly
|
||
|
6DA000
|
heap
|
page read and write
|
||
|
7FFA0AE60000
|
unkown
|
page readonly
|
||
|
DB5000
|
heap
|
page read and write
|
||
|
244E2BA0000
|
heap
|
page read and write
|
||
|
28A6000
|
heap
|
page read and write
|
||
|
239F5460000
|
heap
|
page read and write
|
||
|
7D7000
|
heap
|
page read and write
|
||
|
679000
|
heap
|
page read and write
|
||
|
C6F000
|
heap
|
page read and write
|
||
|
7FFA0AEE5000
|
unkown
|
page readonly
|
||
|
A30000
|
heap
|
page read and write
|
||
|
6D8000
|
heap
|
page read and write
|
||
|
6C7000
|
heap
|
page read and write
|
||
|
560E000
|
stack
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
2711000
|
heap
|
page read and write
|
||
|
239F390D000
|
heap
|
page read and write
|
||
|
B9A3E7E000
|
stack
|
page read and write
|
||
|
2000000
|
remote allocation
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
6DF000
|
heap
|
page read and write
|
||
|
B9A3B4E000
|
stack
|
page read and write
|
||
|
DA5000
|
heap
|
page read and write
|
||
|
EB5000
|
heap
|
page read and write
|
||
|
6BC000
|
heap
|
page read and write
|
||
|
2731000
|
heap
|
page read and write
|
||
|
699000
|
heap
|
page read and write
|
||
|
EB5000
|
heap
|
page read and write
|
||
|
67F000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
269C000
|
stack
|
page read and write
|
||
|
645000
|
heap
|
page read and write
|
||
|
7FFA0AEE2000
|
unkown
|
page readonly
|
||
|
676000
|
heap
|
page read and write
|
||
|
18002B000
|
direct allocation
|
page readonly
|
||
|
672000
|
heap
|
page read and write
|
||
|
676000
|
heap
|
page read and write
|
||
|
244E4450000
|
heap
|
page read and write
|
||
|
180000
|
remote allocation
|
page read and write
|
||
|
634000
|
heap
|
page read and write
|
||
|
7FFA0AE98000
|
unkown
|
page readonly
|
||
|
190E8B79000
|
heap
|
page read and write
|
||
|
38B000
|
stack
|
page read and write
|
||
|
18002B000
|
direct allocation
|
page readonly
|
||
|
250000
|
heap
|
page read and write
|
||
|
B9A3EF9000
|
stack
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
B10000
|
remote allocation
|
page read and write
|
||
|
244E4420000
|
trusted library allocation
|
page read and write
|
||
|
18002C000
|
direct allocation
|
page read and write
|
||
|
6AB000
|
heap
|
page read and write
|
||
|
20CE000
|
stack
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
340000
|
heap
|
page read and write
|
||
|
3AA61FF000
|
stack
|
page read and write
|
||
|
239F37F0000
|
heap
|
page read and write
|
||
|
995000
|
heap
|
page read and write
|
||
|
597E000
|
stack
|
page read and write
|
||
|
C79000
|
stack
|
page read and write
|
||
|
2D0000
|
heap
|
page read and write
|
||
|
239F3962000
|
heap
|
page read and write
|
||
|
7FFA0AEE7000
|
unkown
|
page readonly
|
||
|
C7D000
|
heap
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
C15000
|
heap
|
page read and write
|
||
|
3AA64FE000
|
stack
|
page read and write
|
||
|
239F38C0000
|
direct allocation
|
page execute and read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
6734B4E000
|
stack
|
page read and write
|
||
|
239F392E000
|
heap
|
page read and write
|
||
|
239F5465000
|
heap
|
page read and write
|
||
|
679000
|
heap
|
page read and write
|
||
|
18002C000
|
direct allocation
|
page read and write
|
||
|
7FFA0AEDE000
|
unkown
|
page read and write
|
||
|
1F19000
|
heap
|
page read and write
|
||
|
7E8000
|
heap
|
page read and write
|
||
|
EB5000
|
heap
|
page read and write
|
||
|
2711000
|
heap
|
page read and write
|
||
|
3AA5DDC000
|
stack
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
7FFA0AE61000
|
unkown
|
page execute read
|
||
|
63F000
|
heap
|
page read and write
|
||
|
190EA740000
|
trusted library allocation
|
page read and write
|
||
|
61E000
|
heap
|
page read and write
|
||
|
239F529C000
|
heap
|
page read and write
|
||
|
239F3947000
|
heap
|
page read and write
|
||
|
CA1000
|
heap
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
8CD000
|
heap
|
page read and write
|
||
|
244E28F6000
|
heap
|
page read and write
|
||
|
190E8B8F000
|
heap
|
page read and write
|
||
|
27BB000
|
stack
|
page read and write
|
||
|
1F92000
|
heap
|
page read and write
|
||
|
63E000
|
heap
|
page read and write
|
||
|
244E28E6000
|
heap
|
page read and write
|
||
|
667000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
239F5370000
|
trusted library allocation
|
page read and write
|
||
|
2A8F000
|
stack
|
page read and write
|
||
|
244E2918000
|
heap
|
page read and write
|
||
|
63F000
|
heap
|
page read and write
|
||
|
239F529C000
|
heap
|
page read and write
|
||
|
244E28E5000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
E9F000
|
heap
|
page read and write
|
||
|
1F61000
|
heap
|
page read and write
|
||
|
7FFA0AEE5000
|
unkown
|
page readonly
|
||
|
668000
|
heap
|
page read and write
|
||
|
673507B000
|
stack
|
page read and write
|
||
|
7FFA0AE98000
|
unkown
|
page readonly
|
||
|
658000
|
heap
|
page read and write
|
||
|
568E000
|
stack
|
page read and write
|
||
|
6C7000
|
heap
|
page read and write
|
||
|
7FFA0AEE7000
|
unkown
|
page readonly
|
||
|
800000
|
heap
|
page read and write
|
||
|
8A8000
|
heap
|
page read and write
|
||
|
5800000
|
trusted library allocation
|
page read and write
|
||
|
7FFA0AEDE000
|
unkown
|
page read and write
|
||
|
63B000
|
heap
|
page read and write
|
||
|
190E8E40000
|
direct allocation
|
page execute and read and write
|
||
|
500000
|
remote allocation
|
page read and write
|
||
|
7FFA0AE61000
|
unkown
|
page execute read
|
||
|
7FFA0AEE5000
|
unkown
|
page readonly
|
||
|
2731000
|
heap
|
page read and write
|
||
|
6734ACC000
|
stack
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
D50000
|
heap
|
page read and write
|
||
|
63F000
|
heap
|
page read and write
|
||
|
62B000
|
heap
|
page read and write
|
||
|
190E8EA0000
|
heap
|
page read and write
|
||
|
DD1000
|
heap
|
page read and write
|
||
|
244E2B70000
|
heap
|
page readonly
|
||
|
244E2BA5000
|
heap
|
page read and write
|
||
|
190E8BC9000
|
heap
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
239F3927000
|
heap
|
page read and write
|
||
|
2040000
|
heap
|
page read and write
|
||
|
273F000
|
stack
|
page read and write
|
||
|
244E28EF000
|
heap
|
page read and write
|
||
|
190E8AD0000
|
heap
|
page read and write
|
||
|
668000
|
heap
|
page read and write
|
||
|
8D5000
|
heap
|
page read and write
|
||
|
18002B000
|
direct allocation
|
page readonly
|
||
|
699000
|
heap
|
page read and write
|
||
|
267E000
|
stack
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
8D6000
|
heap
|
page read and write
|
||
|
7FFA0AEE2000
|
unkown
|
page readonly
|
||
|
CA1000
|
heap
|
page read and write
|
||
|
190E8D40000
|
heap
|
page read and write
|
||
|
7FFA0AEDE000
|
unkown
|
page read and write
|
||
|
DAD000
|
heap
|
page read and write
|
||
|
EAD000
|
heap
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
2310000
|
trusted library allocation
|
page read and write
|
||
|
DA9000
|
heap
|
page read and write
|
||
|
2000000
|
remote allocation
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
7F5000
|
heap
|
page read and write
|
||
|
7FFA0AEE2000
|
unkown
|
page readonly
|
||
|
7FFA0AE60000
|
unkown
|
page readonly
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
63A000
|
heap
|
page read and write
|
||
|
65F000
|
heap
|
page read and write
|
||
|
7FFA0AE61000
|
unkown
|
page execute read
|
||
|
C74000
|
heap
|
page read and write
|
||
|
686000
|
heap
|
page read and write
|
||
|
2C50000
|
heap
|
page read and write
|
||
|
1F97000
|
heap
|
page read and write
|
||
|
1F92000
|
heap
|
page read and write
|
||
|
7F7000
|
heap
|
page read and write
|
||
|
676000
|
heap
|
page read and write
|
||
|
6734F7E000
|
stack
|
page read and write
|
||
|
4DA000
|
stack
|
page read and write
|
||
|
244E292A000
|
heap
|
page read and write
|
||
|
D88000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
EAD000
|
heap
|
page read and write
|
||
|
1F40000
|
heap
|
page read and write
|
||
|
7FFA0AE98000
|
unkown
|
page readonly
|
||
|
65F000
|
heap
|
page read and write
|
||
|
244E28C0000
|
heap
|
page read and write
|
||
|
DA5000
|
heap
|
page read and write
|
||
|
A0000
|
heap
|
page read and write
|
||
|
3AA62FE000
|
stack
|
page read and write
|
||
|
EAD000
|
heap
|
page read and write
|
||
|
6DA000
|
heap
|
page read and write
|
||
|
1F88000
|
heap
|
page read and write
|
||
|
E88000
|
heap
|
page read and write
|
||
|
30B000
|
stack
|
page read and write
|
||
|
8CD000
|
heap
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
239F393E000
|
heap
|
page read and write
|
||
|
671000
|
heap
|
page read and write
|
||
|
190E8A60000
|
heap
|
page read and write
|
||
|
251C000
|
stack
|
page read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
C7D000
|
heap
|
page read and write
|
||
|
18002B000
|
direct allocation
|
page readonly
|
||
|
360000
|
heap
|
page read and write
|
||
|
6DE000
|
heap
|
page read and write
|
||
|
190E8AF0000
|
heap
|
page read and write
|
||
|
1FE0000
|
trusted library allocation
|
page read and write
|
||
|
7A1000
|
heap
|
page read and write
|
||
|
1020000
|
heap
|
page read and write
|
||
|
C7D000
|
heap
|
page read and write
|
||
|
244E29E0000
|
heap
|
page read and write
|
||
|
2840000
|
heap
|
page read and write
|
||
|
190E8BC9000
|
heap
|
page read and write
|
||
|
668000
|
heap
|
page read and write
|
||
|
5D0000
|
direct allocation
|
page execute and read and write
|
||
|
1FE0000
|
trusted library allocation
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
21E0000
|
heap
|
page read and write
|
||
|
5FA000
|
heap
|
page read and write
|
||
|
C85000
|
heap
|
page read and write
|
||
|
8BF000
|
heap
|
page read and write
|
||
|
7FFA0AE61000
|
unkown
|
page execute read
|
||
|
1F88000
|
heap
|
page read and write
|
||
|
6C5000
|
heap
|
page read and write
|
||
|
18002B000
|
direct allocation
|
page readonly
|
||
|
1F0C000
|
heap
|
page read and write
|
||
|
1025000
|
heap
|
page read and write
|
||
|
259D000
|
stack
|
page read and write
|
||
|
500000
|
remote allocation
|
page read and write
|
||
|
C50000
|
heap
|
page read and write
|
||
|
190E8B8F000
|
heap
|
page read and write
|
||
|
668000
|
heap
|
page read and write
|
||
|
2200000
|
heap
|
page readonly
|
||
|
808000
|
heap
|
page read and write
|
||
|
7EE000
|
heap
|
page read and write
|
||
|
25D3000
|
heap
|
page read and write
|
||
|
2A0E000
|
stack
|
page read and write
|
||
|
7FFA0AEDE000
|
unkown
|
page read and write
|
||
|
15B000
|
stack
|
page read and write
|
||
|
8CD000
|
heap
|
page read and write
|
||
|
244E29C0000
|
heap
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
190E8E90000
|
trusted library allocation
|
page read and write
|
||
|
239F3913000
|
heap
|
page read and write
|
||
|
21E3000
|
heap
|
page read and write
|
||
|
8B0000
|
trusted library allocation
|
page read and write
|
||
|
230D000
|
stack
|
page read and write
|
||
|
96E000
|
stack
|
page read and write
|
||
|
190E8BC4000
|
heap
|
page read and write
|
||
|
1F92000
|
heap
|
page read and write
|
||
|
2780000
|
heap
|
page read and write
|
||
|
B9A3ACC000
|
stack
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
1F97000
|
heap
|
page read and write
|
||
|
190E8EA5000
|
heap
|
page read and write
|
||
|
7FFA0AE98000
|
unkown
|
page readonly
|
||
|
239F3927000
|
heap
|
page read and write
|
||
|
A80000
|
remote allocation
|
page read and write
|
||
|
244E2A30000
|
heap
|
page read and write
|
||
|
5B70000
|
trusted library allocation
|
page read and write
|
||
|
6734FFF000
|
stack
|
page read and write
|
||
|
5E0000
|
heap
|
page readonly
|
||
|
2050000
|
heap
|
page read and write
|
||
|
2310000
|
trusted library allocation
|
page read and write
|
||
|
203E000
|
stack
|
page read and write
|
||
|
244E28EB000
|
heap
|
page read and write
|
||
|
A80000
|
remote allocation
|
page read and write
|
||
|
244E2918000
|
heap
|
page read and write
|
||
|
7FFA0AEE5000
|
unkown
|
page readonly
|
||
|
2843000
|
heap
|
page read and write
|
||
|
687000
|
heap
|
page read and write
|
||
|
239F3933000
|
heap
|
page read and write
|
||
|
190E8BDB000
|
heap
|
page read and write
|
||
|
1EE0000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
65F000
|
heap
|
page read and write
|
||
|
67C000
|
heap
|
page read and write
|
||
|
800000
|
direct allocation
|
page execute and read and write
|
||
|
190EA730000
|
heap
|
page read and write
|
||
|
DB5000
|
heap
|
page read and write
|
||
|
6C5000
|
heap
|
page read and write
|
||
|
2783000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page readonly
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
DAD000
|
heap
|
page read and write
|
||
|
6734BCF000
|
stack
|
page read and write
|
||
|
662000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
239F392B000
|
heap
|
page read and write
|
||
|
66A000
|
heap
|
page read and write
|
||
|
18002B000
|
direct allocation
|
page readonly
|
||
|
DB5000
|
heap
|
page read and write
|
||
|
C85000
|
heap
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
B10000
|
remote allocation
|
page read and write
|
||
|
B9A3BCE000
|
stack
|
page read and write
|
||
|
E45000
|
heap
|
page read and write
|
||
|
6DF000
|
heap
|
page read and write
|
||
|
244E2B60000
|
direct allocation
|
page execute and read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
668000
|
heap
|
page read and write
|
||
|
7FFA0AE60000
|
unkown
|
page readonly
|
||
|
7FFA0AE98000
|
unkown
|
page readonly
|
||
|
DB5000
|
heap
|
page read and write
|
||
|
B9A3F7E000
|
stack
|
page read and write
|
||
|
CA1000
|
heap
|
page read and write
|
||
|
8D5000
|
heap
|
page read and write
|
||
|
82B000
|
heap
|
page read and write
|
||
|
622000
|
heap
|
page read and write
|
||
|
239F3935000
|
heap
|
page read and write
|
||
|
C85000
|
heap
|
page read and write
|
||
|
22C0000
|
trusted library allocation
|
page read and write
|
||
|
6C5000
|
heap
|
page read and write
|
||
|
7FFA0AEE5000
|
unkown
|
page readonly
|
||
|
6734EF7000
|
stack
|
page read and write
|
||
|
6C5000
|
heap
|
page read and write
|
||
|
6C7000
|
heap
|
page read and write
|
||
|
7FFA0AE60000
|
unkown
|
page readonly
|
||
|
5AF0000
|
trusted library allocation
|
page read and write
|
||
|
7D7000
|
heap
|
page read and write
|
||
|
B45000
|
heap
|
page read and write
|
||
|
667000
|
heap
|
page read and write
|
||
|
6000000
|
heap
|
page read and write
|
||
|
190E8BA0000
|
heap
|
page read and write
|
||
|
7FFA0AEE2000
|
unkown
|
page readonly
|
||
|
970000
|
heap
|
page read and write
|
||
|
7FFA0AE60000
|
unkown
|
page readonly
|
||
|
600000
|
heap
|
page read and write
|
||
|
273E000
|
stack
|
page read and write
|
||
|
DAD000
|
heap
|
page read and write
|
||
|
6DA000
|
heap
|
page read and write
|
||
|
687000
|
heap
|
page read and write
|
||
|
261E000
|
stack
|
page read and write
|
||
|
778000
|
heap
|
page read and write
|
||
|
62F000
|
heap
|
page read and write
|
||
|
244E4420000
|
trusted library allocation
|
page read and write
|
||
|
239F3973000
|
heap
|
page read and write
|
||
|
7FFA0AEE7000
|
unkown
|
page readonly
|
||
|
3AA63F9000
|
stack
|
page read and write
|
||
|
81A000
|
heap
|
page read and write
|
||
|
180000
|
remote allocation
|
page read and write
|
||
|
63F000
|
heap
|
page read and write
|
||
|
20D0000
|
heap
|
page read and write
|
||
|
61E000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
7E5000
|
heap
|
page read and write
|
||
|
808000
|
heap
|
page read and write
|
||
|
1F92000
|
heap
|
page read and write
|
||
|
239F38F0000
|
trusted library allocation
|
page read and write
|
||
|
74E000
|
stack
|
page read and write
|
||
|
239F3860000
|
heap
|
page read and write
|
||
|
65F000
|
heap
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
6DA000
|
heap
|
page read and write
|
||
|
7FFA0AEE7000
|
unkown
|
page readonly
|
||
|
21DE000
|
stack
|
page read and write
|
||
|
7D7000
|
heap
|
page read and write
|
||
|
EB6000
|
heap
|
page read and write
|
||
|
2289000
|
stack
|
page read and write
|
||
|
61E000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
62C000
|
heap
|
page read and write
|
||
|
27CE000
|
stack
|
page read and write
|
||
|
DBF000
|
heap
|
page read and write
|
||
|
256D000
|
stack
|
page read and write
|
||
|
C1C000
|
heap
|
page read and write
|
||
|
9D0000
|
remote allocation
|
page read and write
|
||
|
3E0000
|
direct allocation
|
page execute and read and write
|
||
|
667000
|
heap
|
page read and write
|
||
|
760000
|
trusted library allocation
|
page read and write
|
||
|
6C7000
|
heap
|
page read and write
|
||
|
EA4000
|
heap
|
page read and write
|
||
|
676000
|
heap
|
page read and write
|
||
|
7D7000
|
heap
|
page read and write
|
||
|
CA1000
|
heap
|
page read and write
|
||
|
239F5270000
|
heap
|
page read and write
|
||
|
658000
|
heap
|
page read and write
|
||
|
190E8B70000
|
heap
|
page read and write
|
||
|
18002C000
|
direct allocation
|
page read and write
|
||
|
279E000
|
stack
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
6C7000
|
heap
|
page read and write
|
||
|
8D5000
|
heap
|
page read and write
|
||
|
22B7000
|
stack
|
page read and write
|
||
|
6C7000
|
heap
|
page read and write
|
||
|
AE9000
|
stack
|
page read and write
|
||
|
1FE0000
|
trusted library allocation
|
page read and write
|
||
|
20DD000
|
stack
|
page read and write
|
||
|
E4C000
|
heap
|
page read and write
|
||
|
2711000
|
heap
|
page read and write
|
||
|
667000
|
heap
|
page read and write
|
||
|
7D7000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
65F000
|
heap
|
page read and write
|
||
|
2720000
|
heap
|
page read and write
|
||
|
7FFA0AEE2000
|
unkown
|
page readonly
|
||
|
7FFA0AEE7000
|
unkown
|
page readonly
|
||
|
7FFA0AE61000
|
unkown
|
page execute read
|
||
|
2140000
|
heap
|
page read and write
|
||
|
6E5000
|
heap
|
page read and write
|
||
|
A7A000
|
stack
|
page read and write
|
||
|
239F5970000
|
heap
|
page read and write
|
||
|
6DF000
|
heap
|
page read and write
|
||
|
62F000
|
heap
|
page read and write
|
||
|
C86000
|
heap
|
page read and write
|
||
|
6D5000
|
heap
|
page read and write
|
||
|
7FFA0AEDE000
|
unkown
|
page read and write
|
||
|
65F000
|
heap
|
page read and write
|
||
|
6734E7C000
|
stack
|
page read and write
|
||
|
6C7000
|
heap
|
page read and write
|
||
|
2000000
|
remote allocation
|
page read and write
|
||
|
9D0000
|
remote allocation
|
page read and write
|
||
|
67D000
|
heap
|
page read and write
|
||
|
7F7000
|
heap
|
page read and write
|
||
|
7FFA0AEE5000
|
unkown
|
page readonly
|
||
|
18002C000
|
direct allocation
|
page read and write
|
||
|
DBB000
|
heap
|
page read and write
|
||
|
239F3900000
|
heap
|
page read and write
|
||
|
18002C000
|
direct allocation
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
244E2A5C000
|
heap
|
page read and write
|
||
|
190E8D6C000
|
heap
|
page read and write
|
||
|
25D0000
|
heap
|
page read and write
|
||
|
27D0000
|
heap
|
page read and write
|
||
|
63B000
|
heap
|
page read and write
|
||
|
B4C000
|
heap
|
page read and write
|
||
|
60B000
|
heap
|
page read and write
|
||
|
6C5000
|
heap
|
page read and write
|
||
|
DB5000
|
heap
|
page read and write
|
||
|
7FFA0AEDE000
|
unkown
|
page read and write
|
||
|
244E28C7000
|
heap
|
page read and write
|
||
|
215B000
|
stack
|
page read and write
|
||
|
281E000
|
stack
|
page read and write
|
||
|
190E8B8F000
|
heap
|
page read and write
|
||
|
6DA000
|
heap
|
page read and write
|
||
|
667000
|
heap
|
page read and write
|
||
|
C58000
|
heap
|
page read and write
|
||
|
7FFA0AEE2000
|
unkown
|
page readonly
|
||
|
239F3962000
|
heap
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
645000
|
heap
|
page read and write
|
||
|
DAD000
|
heap
|
page read and write
|
||
|
244E28DE000
|
heap
|
page read and write
|
||
|
26A0000
|
heap
|
page read and write
|
||
|
62F000
|
heap
|
page read and write
|
||
|
67C000
|
heap
|
page read and write
|
||
|
5A80000
|
heap
|
page read and write
|
||
|
102C000
|
heap
|
page read and write
|
||
|
7B9000
|
heap
|
page read and write
|
||
|
7FFA0AE61000
|
unkown
|
page execute read
|
||
|
667000
|
heap
|
page read and write
|
||
|
63A000
|
heap
|
page read and write
|
||
|
668000
|
heap
|
page read and write
|
||
|
244E28DE000
|
heap
|
page read and write
|
||
|
7C7000
|
heap
|
page read and write
|
There are 487 hidden memdumps, click here to show them.