Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
UC2DFXQIBiE2kQ.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 62919 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
modified
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32.exe /s C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll",#1
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll,ACeujVZMknFDjv
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll,AHuDGMflBfPryOEYjuTfbzJdEM
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\CqZilJuzKBQGflL\PYmtZH.dll"
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll,ATjQPkInxPUGuUu
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe" "C:\Windows\system32\CqZilJuzKBQGflL\PYmtZH.dll
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Users\user\AppData\Local\OKCYiYOFwZjDcIsn\OYsSlVLvWy.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\NzmNpNPvo\tzEWj.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe" "C:\Windows\system32\NzmNpNPvo\tzEWj.dll
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Users\user\AppData\Local\VfjAKsbRVDLoO\aeuwPIzDFvIwK.dll"
|
|
|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\UC2DFXQIBiE2kQ.dll",#1
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://172.105.115.71:8080/s
|
unknown
|
||
|
https://172.105.115.71:8080/qfmakzntwajcoi/xgtrfra/O
|
unknown
|
||
|
https://172.105.115.71:8080/qfmakzntwajcoi/xgtrfra/
|
unknown
|
||
|
https://172.105.115.71:8080/
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
windowsupdatebg.s.llnwi.net
|
95.140.236.0
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.105.115.71
|
unknown
|
United States
|
|
|
|
188.165.79.151
|
unknown
|
France
|
|
|
|
196.44.98.190
|
unknown
|
Ghana
|
|
|
|
174.138.33.49
|
unknown
|
United States
|
|
|
|
36.67.23.59
|
unknown
|
Indonesia
|
|
|
|
103.41.204.169
|
unknown
|
Indonesia
|
|
|
|
85.214.67.203
|
unknown
|
Germany
|
|
|
|
83.229.80.93
|
unknown
|
United Kingdom
|
|
|
|
198.199.70.22
|
unknown
|
United States
|
|
|
|
93.104.209.107
|
unknown
|
Germany
|
|
|
|
186.250.48.5
|
unknown
|
Brazil
|
|
|
|
209.239.112.82
|
unknown
|
United States
|
|
|
|
175.126.176.79
|
unknown
|
Korea Republic of
|
|
|
|
128.199.242.164
|
unknown
|
United Kingdom
|
|
|
|
178.238.225.252
|
unknown
|
Germany
|
|
|
|
46.101.98.60
|
unknown
|
Netherlands
|
|
|
|
190.145.8.4
|
unknown
|
Colombia
|
|
|
|
82.98.180.154
|
unknown
|
Spain
|
|
|
|
103.71.99.57
|
unknown
|
India
|
|
|
|
87.106.97.83
|
unknown
|
Germany
|
|
|
|
103.254.12.236
|
unknown
|
Viet Nam
|
|
|
|
103.85.95.4
|
unknown
|
Indonesia
|
|
|
|
202.134.4.210
|
unknown
|
Indonesia
|
|
|
|
165.22.254.236
|
unknown
|
United States
|
|
|
|
78.47.204.80
|
unknown
|
Germany
|
|
|
|
118.98.72.86
|
unknown
|
Indonesia
|
|
|
|
139.59.80.108
|
unknown
|
Singapore
|
|
|
|
104.244.79.94
|
unknown
|
United States
|
|
|
|
37.44.244.177
|
unknown
|
Germany
|
|
|
|
51.75.33.122
|
unknown
|
France
|
|
|
|
160.16.143.191
|
unknown
|
Japan
|
|
|
|
103.56.149.105
|
unknown
|
Indonesia
|
|
|
|
85.25.120.45
|
unknown
|
Germany
|
|
|
|
139.196.72.155
|
unknown
|
China
|
|
|
|
115.178.55.22
|
unknown
|
Indonesia
|
|
|
|
103.126.216.86
|
unknown
|
Bangladesh
|
|
|
|
128.199.217.206
|
unknown
|
United Kingdom
|
|
|
|
114.79.130.68
|
unknown
|
India
|
|
|
|
103.224.241.74
|
unknown
|
India
|
|
|
|
210.57.209.142
|
unknown
|
Indonesia
|
|
|
|
202.28.34.99
|
unknown
|
Thailand
|
|
|
|
80.211.107.116
|
unknown
|
Italy
|
|
|
|
54.37.228.122
|
unknown
|
France
|
|
|
|
218.38.121.17
|
unknown
|
Korea Republic of
|
|
|
|
185.148.169.10
|
unknown
|
Germany
|
|
|
|
195.77.239.39
|
unknown
|
Spain
|
|
|
|
178.62.112.199
|
unknown
|
European Union
|
|
|
|
62.171.178.147
|
unknown
|
United Kingdom
|
|
|
|
64.227.55.231
|
unknown
|
United States
|
|
There are 39 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
PYmtZH.dll
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
tzEWj.dll
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
24188500000
|
direct allocation
|
page execute and read and write
|
|
|
|
2D51000
|
direct allocation
|
page execute read
|
|
|
|
1B505A51000
|
direct allocation
|
page execute read
|
|
|
|
1220000
|
direct allocation
|
page execute and read and write
|
|
|
|
13D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
1B505730000
|
direct allocation
|
page execute and read and write
|
|
|
|
2080000
|
direct allocation
|
page execute and read and write
|
|
|
|
1DEAC681000
|
direct allocation
|
page execute read
|
|
|
|
21E1000
|
direct allocation
|
page execute read
|
|
|
|
2CD1000
|
direct allocation
|
page execute read
|
|
|
|
24188541000
|
direct allocation
|
page execute read
|
|
|
|
1DEAAE80000
|
direct allocation
|
page execute and read and write
|
|
|
|
7B9000
|
heap
|
page read and write
|
||
|
12CB000
|
heap
|
page read and write
|
||
|
1B5057F0000
|
heap
|
page read and write
|
||
|
7F9000
|
heap
|
page read and write
|
||
|
2388C200000
|
heap
|
page read and write
|
||
|
2AF30058000
|
heap
|
page read and write
|
||
|
1DEAC680000
|
direct allocation
|
page read and write
|
||
|
1F864D50000
|
trusted library allocation
|
page read and write
|
||
|
24188840000
|
heap
|
page read and write
|
||
|
2A4D587D000
|
heap
|
page read and write
|
||
|
24188845000
|
heap
|
page read and write
|
||
|
2AD3BF00000
|
heap
|
page read and write
|
||
|
2564B2FD000
|
heap
|
page read and write
|
||
|
2196000
|
heap
|
page read and write
|
||
|
2418856B000
|
direct allocation
|
page readonly
|
||
|
CD741F9000
|
stack
|
page read and write
|
||
|
1B603200000
|
heap
|
page read and write
|
||
|
1B603A02000
|
trusted library allocation
|
page read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
8C90BFF000
|
stack
|
page read and write
|
||
|
277CFA6C000
|
heap
|
page read and write
|
||
|
7E5000
|
heap
|
page read and write
|
||
|
2AF2FFA0000
|
trusted library allocation
|
page read and write
|
||
|
9889FFC000
|
stack
|
page read and write
|
||
|
18009B000
|
unkown
|
page readonly
|
||
|
277CFA43000
|
heap
|
page read and write
|
||
|
1B5057F8000
|
heap
|
page read and write
|
||
|
988A47F000
|
stack
|
page read and write
|
||
|
CD7417E000
|
stack
|
page read and write
|
||
|
2A4D5720000
|
heap
|
page read and write
|
||
|
2A4D5861000
|
heap
|
page read and write
|
||
|
2564B2CE000
|
heap
|
page read and write
|
||
|
220D000
|
direct allocation
|
page readonly
|
||
|
C3FDBFE000
|
stack
|
page read and write
|
||
|
7CE000
|
heap
|
page read and write
|
||
|
1F864E00000
|
heap
|
page read and write
|
||
|
7A8000
|
heap
|
page read and write
|
||
|
2A4D5842000
|
heap
|
page read and write
|
||
|
2AF30000000
|
heap
|
page read and write
|
||
|
18009B000
|
unkown
|
page readonly
|
||
|
7E8000
|
heap
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
81C000
|
heap
|
page read and write
|
||
|
2564ECC0000
|
heap
|
page read and write
|
||
|
1B5057D9000
|
heap
|
page read and write
|
||
|
17A4D0A0000
|
heap
|
page read and write
|
||
|
1EF3A88B000
|
heap
|
page read and write
|
||
|
1DEAABEA000
|
heap
|
page read and write
|
||
|
D8A83FE000
|
stack
|
page read and write
|
||
|
241885A9000
|
heap
|
page read and write
|
||
|
7DB000
|
heap
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
1DEAC6AB000
|
direct allocation
|
page readonly
|
||
|
17A4D313000
|
heap
|
page read and write
|
||
|
7D6000
|
heap
|
page read and write
|
||
|
7DF000
|
heap
|
page read and write
|
||
|
2AF300A0000
|
heap
|
page read and write
|
||
|
1EF3A900000
|
heap
|
page read and write
|
||
|
20B0000
|
trusted library allocation
|
page read and write
|
||
|
129D000
|
heap
|
page read and write
|
||
|
2A4D5864000
|
heap
|
page read and write
|
||
|
1DEAAD80000
|
heap
|
page read and write
|
||
|
2750000
|
remote allocation
|
page read and write
|
||
|
1EF3C270000
|
trusted library allocation
|
page read and write
|
||
|
1B5057E7000
|
heap
|
page read and write
|
||
|
29A9000
|
heap
|
page read and write
|
||
|
2C3E000
|
stack
|
page read and write
|
||
|
CD73C9B000
|
stack
|
page read and write
|
||
|
2A4D5839000
|
heap
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
2A4D587A000
|
heap
|
page read and write
|
||
|
2AD3BE13000
|
heap
|
page read and write
|
||
|
2A4D5879000
|
heap
|
page read and write
|
||
|
2A4D5882000
|
heap
|
page read and write
|
||
|
1F864C50000
|
heap
|
page read and write
|
||
|
230B000
|
stack
|
page read and write
|
||
|
2AD3BE79000
|
heap
|
page read and write
|
||
|
24188540000
|
direct allocation
|
page read and write
|
||
|
277CF8F0000
|
heap
|
page read and write
|
||
|
20CF17C000
|
stack
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
2A4D5863000
|
heap
|
page read and write
|
||
|
180098000
|
unkown
|
page read and write
|
||
|
1B60323E000
|
heap
|
page read and write
|
||
|
D8A827E000
|
stack
|
page read and write
|
||
|
1425000
|
heap
|
page read and write
|
||
|
220B000
|
direct allocation
|
page readonly
|
||
|
161C000
|
heap
|
page read and write
|
||
|
277CF9F0000
|
trusted library allocation
|
page read and write
|
||
|
1B603213000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
2A4D5874000
|
heap
|
page read and write
|
||
|
241885BF000
|
heap
|
page read and write
|
||
|
854000
|
heap
|
page read and write
|
||
|
2A4D5830000
|
heap
|
page read and write
|
||
|
1C777FC000
|
stack
|
page read and write
|
||
|
8C90A7E000
|
stack
|
page read and write
|
||
|
180098000
|
unkown
|
page read and write
|
||
|
1280000
|
heap
|
page read and write
|
||
|
2188000
|
heap
|
page read and write
|
||
|
2AD3BF13000
|
heap
|
page read and write
|
||
|
277D0322000
|
heap
|
page read and write
|
||
|
24189E8C000
|
heap
|
page read and write
|
||
|
1B603229000
|
heap
|
page read and write
|
||
|
1EF3A84A000
|
heap
|
page read and write
|
||
|
7AE000
|
heap
|
page read and write
|
||
|
C1B5FCD000
|
stack
|
page read and write
|
||
|
7AA000
|
heap
|
page read and write
|
||
|
17A4D200000
|
heap
|
page read and write
|
||
|
C3FDB7B000
|
stack
|
page read and write
|
||
|
1415000
|
heap
|
page read and write
|
||
|
1EF3A85A000
|
heap
|
page read and write
|
||
|
13CE000
|
stack
|
page read and write
|
||
|
17A4D040000
|
heap
|
page read and write
|
||
|
1EF3A913000
|
heap
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
2D50000
|
direct allocation
|
page read and write
|
||
|
84F000
|
heap
|
page read and write
|
||
|
2BD0000
|
heap
|
page read and write
|
||
|
1F864E89000
|
heap
|
page read and write
|
||
|
7CE000
|
heap
|
page read and write
|
||
|
277D0300000
|
heap
|
page read and write
|
||
|
129B000
|
heap
|
page read and write
|
||
|
7AE000
|
heap
|
page read and write
|
||
|
1B50581C000
|
heap
|
page read and write
|
||
|
8C9097E000
|
stack
|
page read and write
|
||
|
1EF3A874000
|
heap
|
page read and write
|
||
|
2564B2B3000
|
heap
|
page read and write
|
||
|
2564B2EC000
|
heap
|
page read and write
|
||
|
CD740F9000
|
stack
|
page read and write
|
||
|
1DEAABD9000
|
heap
|
page read and write
|
||
|
1C773FF000
|
stack
|
page read and write
|
||
|
2989000
|
heap
|
page read and write
|
||
|
338E000
|
stack
|
page read and write
|
||
|
17A4D030000
|
heap
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
3A5000
|
heap
|
page read and write
|
||
|
1EF3A902000
|
heap
|
page read and write
|
||
|
1257000
|
heap
|
page read and write
|
||
|
2A4D5844000
|
heap
|
page read and write
|
||
|
1EF3C360000
|
remote allocation
|
page read and write
|
||
|
2A4D5841000
|
heap
|
page read and write
|
||
|
24188490000
|
heap
|
page read and write
|
||
|
1270000
|
heap
|
page read and write
|
||
|
2564B2F9000
|
heap
|
page read and write
|
||
|
84B000
|
heap
|
page read and write
|
||
|
228E000
|
stack
|
page read and write
|
||
|
768000
|
heap
|
page read and write
|
||
|
7D9000
|
heap
|
page read and write
|
||
|
84F000
|
heap
|
page read and write
|
||
|
1238000
|
heap
|
page read and write
|
||
|
128C000
|
heap
|
page read and write
|
||
|
D8A7FFE000
|
stack
|
page read and write
|
||
|
1F864E68000
|
heap
|
page read and write
|
||
|
1EF3A85A000
|
heap
|
page read and write
|
||
|
1F864E76000
|
heap
|
page read and write
|
||
|
2E8E000
|
stack
|
page read and write
|
||
|
1420000
|
heap
|
page read and write
|
||
|
7A7000
|
heap
|
page read and write
|
||
|
988A3FF000
|
stack
|
page read and write
|
||
|
7D1000
|
heap
|
page read and write
|
||
|
1B505AD0000
|
heap
|
page read and write
|
||
|
7C9000
|
heap
|
page read and write
|
||
|
32BE000
|
stack
|
page read and write
|
||
|
2388CA02000
|
trusted library allocation
|
page read and write
|
||
|
277CFA29000
|
heap
|
page read and write
|
||
|
75D777F000
|
stack
|
page read and write
|
||
|
D8A7F7B000
|
stack
|
page read and write
|
||
|
45E14FF000
|
stack
|
page read and write
|
||
|
2388C970000
|
remote allocation
|
page read and write
|
||
|
12B1000
|
heap
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
2388C970000
|
remote allocation
|
page read and write
|
||
|
1DEAAEC0000
|
heap
|
page readonly
|
||
|
2AD3BE00000
|
heap
|
page read and write
|
||
|
1B505760000
|
direct allocation
|
page execute and read and write
|
||
|
2A4D5780000
|
heap
|
page read and write
|
||
|
17A4D1A0000
|
trusted library allocation
|
page read and write
|
||
|
17A4D2C0000
|
heap
|
page read and write
|
||
|
84F000
|
heap
|
page read and write
|
||
|
988A079000
|
stack
|
page read and write
|
||
|
2564B2C0000
|
heap
|
page read and write
|
||
|
128D000
|
heap
|
page read and write
|
||
|
2A4D5848000
|
heap
|
page read and write
|
||
|
1238000
|
heap
|
page read and write
|
||
|
7E6000
|
heap
|
page read and write
|
||
|
32B000
|
stack
|
page read and write
|
||
|
1278000
|
heap
|
page read and write
|
||
|
2161000
|
heap
|
page read and write
|
||
|
7C9000
|
heap
|
page read and write
|
||
|
1B603259000
|
heap
|
page read and write
|
||
|
20CF47F000
|
stack
|
page read and write
|
||
|
24188570000
|
heap
|
page readonly
|
||
|
1EF3A750000
|
heap
|
page read and write
|
||
|
2DFE000
|
stack
|
page read and write
|
||
|
2A4D5840000
|
heap
|
page read and write
|
||
|
1C775FF000
|
stack
|
page read and write
|
||
|
B2B0FF000
|
stack
|
page read and write
|
||
|
270000
|
heap
|
page read and write
|
||
|
277D03AE000
|
heap
|
page read and write
|
||
|
2E7C000
|
stack
|
page read and write
|
||
|
26CC000
|
stack
|
page read and write
|
||
|
28EB000
|
stack
|
page read and write
|
||
|
1EF3A800000
|
heap
|
page read and write
|
||
|
1C774FF000
|
stack
|
page read and write
|
||
|
213D2F90000
|
heap
|
page read and write
|
||
|
45E0E8B000
|
stack
|
page read and write
|
||
|
241885F9000
|
heap
|
page read and write
|
||
|
1B505AD5000
|
heap
|
page read and write
|
||
|
17A4D23E000
|
heap
|
page read and write
|
||
|
2564B2D9000
|
heap
|
page read and write
|
||
|
9889DFB000
|
stack
|
page read and write
|
||
|
84B000
|
heap
|
page read and write
|
||
|
CD74079000
|
stack
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
1F864F02000
|
heap
|
page read and write
|
||
|
12A2000
|
heap
|
page read and write
|
||
|
2A4D5873000
|
heap
|
page read and write
|
||
|
2388C229000
|
heap
|
page read and write
|
||
|
277CFA93000
|
heap
|
page read and write
|
||
|
18009B000
|
unkown
|
page readonly
|
||
|
3E0000
|
direct allocation
|
page execute and read and write
|
||
|
2A4D6002000
|
trusted library allocation
|
page read and write
|
||
|
17A4D213000
|
heap
|
page read and write
|
||
|
27DD000
|
stack
|
page read and write
|
||
|
24188350000
|
heap
|
page read and write
|
||
|
21A2000
|
heap
|
page read and write
|
||
|
2D00000
|
heap
|
page readonly
|
||
|
1B5057EA000
|
heap
|
page read and write
|
||
|
7AA000
|
heap
|
page read and write
|
||
|
1F864E2A000
|
heap
|
page read and write
|
||
|
1DEAAEB0000
|
direct allocation
|
page execute and read and write
|
||
|
2AF30EF0000
|
heap
|
page readonly
|
||
|
1B603247000
|
heap
|
page read and write
|
||
|
7C9000
|
heap
|
page read and write
|
||
|
1EF3C360000
|
remote allocation
|
page read and write
|
||
|
241885F9000
|
heap
|
page read and write
|
||
|
213D2FF0000
|
heap
|
page read and write
|
||
|
2388C302000
|
heap
|
page read and write
|
||
|
2AFF000
|
heap
|
page read and write
|
||
|
D8A85FE000
|
stack
|
page read and write
|
||
|
2A4D584D000
|
heap
|
page read and write
|
||
|
2A4D5824000
|
heap
|
page read and write
|
||
|
2EF7000
|
stack
|
page read and write
|
||
|
2AD3BE77000
|
heap
|
page read and write
|
||
|
1B5057D9000
|
heap
|
page read and write
|
||
|
277CFA88000
|
heap
|
page read and write
|
||
|
2A4D582D000
|
heap
|
page read and write
|
||
|
45E1BFF000
|
stack
|
page read and write
|
||
|
7F9000
|
heap
|
page read and write
|
||
|
2196000
|
heap
|
page read and write
|
||
|
7C9000
|
heap
|
page read and write
|
||
|
2564B2D6000
|
heap
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
1610000
|
heap
|
page read and write
|
||
|
2AD3BD60000
|
heap
|
page read and write
|
||
|
2A4D5849000
|
heap
|
page read and write
|
||
|
2AF30050000
|
heap
|
page read and write
|
||
|
7AA000
|
heap
|
page read and write
|
||
|
20E0000
|
heap
|
page read and write
|
||
|
12AE000
|
heap
|
page read and write
|
||
|
277D0391000
|
heap
|
page read and write
|
||
|
277D0427000
|
heap
|
page read and write
|
||
|
1B50579F000
|
heap
|
page read and write
|
||
|
2CFC000
|
direct allocation
|
page read and write
|
||
|
2388C240000
|
heap
|
page read and write
|
||
|
C3FDE7D000
|
stack
|
page read and write
|
||
|
277CFB13000
|
heap
|
page read and write
|
||
|
7A7000
|
heap
|
page read and write
|
||
|
E6843FB000
|
stack
|
page read and write
|
||
|
12D7000
|
heap
|
page read and write
|
||
|
2A4D5847000
|
heap
|
page read and write
|
||
|
2AD3BF02000
|
heap
|
page read and write
|
||
|
2AD3C602000
|
trusted library allocation
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
D8A84FE000
|
stack
|
page read and write
|
||
|
1EF3A840000
|
heap
|
page read and write
|
||
|
2AF2FF90000
|
heap
|
page read and write
|
||
|
17A4DB12000
|
heap
|
page read and write
|
||
|
84F000
|
heap
|
page read and write
|
||
|
2388C180000
|
heap
|
page read and write
|
||
|
213D3007000
|
heap
|
page read and write
|
||
|
18004C000
|
unkown
|
page readonly
|
||
|
2119000
|
heap
|
page read and write
|
||
|
CD73D1E000
|
stack
|
page read and write
|
||
|
2AF300A0000
|
heap
|
page read and write
|
||
|
1295000
|
heap
|
page read and write
|
||
|
2E10000
|
trusted library allocation
|
page read and write
|
||
|
2D7C000
|
direct allocation
|
page read and write
|
||
|
20CF37D000
|
stack
|
page read and write
|
||
|
2939000
|
heap
|
page read and write
|
||
|
62B0000
|
trusted library allocation
|
page read and write
|
||
|
277CFA58000
|
heap
|
page read and write
|
||
|
1DEAAB80000
|
heap
|
page read and write
|
||
|
2CD0000
|
direct allocation
|
page read and write
|
||
|
20CF77E000
|
stack
|
page read and write
|
||
|
241885BF000
|
heap
|
page read and write
|
||
|
2564B505000
|
heap
|
page read and write
|
||
|
2AF30F00000
|
trusted library allocation
|
page read and write
|
||
|
A70587E000
|
stack
|
page read and write
|
||
|
2196000
|
heap
|
page read and write
|
||
|
2CFB000
|
direct allocation
|
page readonly
|
||
|
1257000
|
heap
|
page read and write
|
||
|
241885BF000
|
heap
|
page read and write
|
||
|
1EF3A802000
|
heap
|
page read and write
|
||
|
2AF30098000
|
heap
|
page read and write
|
||
|
1B505770000
|
heap
|
page readonly
|
||
|
2A4D584E000
|
heap
|
page read and write
|
||
|
1000000
|
heap
|
page read and write
|
||
|
277CFA00000
|
heap
|
page read and write
|
||
|
1238000
|
heap
|
page read and write
|
||
|
1B5057D9000
|
heap
|
page read and write
|
||
|
1B603100000
|
heap
|
page read and write
|
||
|
15C0000
|
heap
|
page read and write
|
||
|
2AF30F10000
|
trusted library allocation
|
page read and write
|
||
|
277CFA43000
|
heap
|
page read and write
|
||
|
2918000
|
heap
|
page read and write
|
||
|
1DEAAB8E000
|
heap
|
page read and write
|
||
|
2A4D5813000
|
heap
|
page read and write
|
||
|
2AF30240000
|
trusted library allocation
|
page read and write
|
||
|
1B603256000
|
heap
|
page read and write
|
||
|
277D036F000
|
heap
|
page read and write
|
||
|
12BC000
|
heap
|
page read and write
|
||
|
1250000
|
direct allocation
|
page execute and read and write
|
||
|
17A4DB00000
|
heap
|
page read and write
|
||
|
2564B2E8000
|
heap
|
page read and write
|
||
|
7CE000
|
heap
|
page read and write
|
||
|
1285000
|
heap
|
page read and write
|
||
|
1B50597C000
|
heap
|
page read and write
|
||
|
2140000
|
heap
|
page read and write
|
||
|
8C90CFD000
|
stack
|
page read and write
|
||
|
20CF07F000
|
stack
|
page read and write
|
||
|
98899BB000
|
stack
|
page read and write
|
||
|
2564B2EC000
|
heap
|
page read and write
|
||
|
75D738C000
|
stack
|
page read and write
|
||
|
1EF3A813000
|
heap
|
page read and write
|
||
|
2C40000
|
heap
|
page read and write
|
||
|
277D0354000
|
heap
|
page read and write
|
||
|
1B6030F0000
|
heap
|
page read and write
|
||
|
7C9000
|
heap
|
page read and write
|
||
|
1F864E13000
|
heap
|
page read and write
|
||
|
1B5057F8000
|
heap
|
page read and write
|
||
|
45AE000
|
stack
|
page read and write
|
||
|
2960000
|
heap
|
page read and write
|
||
|
2AF30035000
|
heap
|
page read and write
|
||
|
2D8E000
|
stack
|
page read and write
|
||
|
2AF30F60000
|
trusted library allocation
|
page read and write
|
||
|
988A17A000
|
stack
|
page read and write
|
||
|
219B000
|
heap
|
page read and write
|
||
|
2564B2B0000
|
heap
|
page read and write
|
||
|
20CF67F000
|
stack
|
page read and write
|
||
|
988A27F000
|
stack
|
page read and write
|
||
|
2AF30C90000
|
trusted library allocation
|
page read and write
|
||
|
2AF300A0000
|
heap
|
page read and write
|
||
|
21AB000
|
heap
|
page read and write
|
||
|
2564B2F8000
|
heap
|
page read and write
|
||
|
1B50580A000
|
heap
|
page read and write
|
||
|
8C90D7D000
|
stack
|
page read and write
|
||
|
107B000
|
stack
|
page read and write
|
||
|
12E9000
|
heap
|
page read and write
|
||
|
129F000
|
heap
|
page read and write
|
||
|
B2ACCB000
|
stack
|
page read and write
|
||
|
348B000
|
stack
|
page read and write
|
||
|
2388C213000
|
heap
|
page read and write
|
||
|
2418856D000
|
direct allocation
|
page readonly
|
||
|
2A4D5846000
|
heap
|
page read and write
|
||
|
350000
|
remote allocation
|
page read and write
|
||
|
1F864E5B000
|
heap
|
page read and write
|
||
|
45E1AFC000
|
stack
|
page read and write
|
||
|
2AD3BE28000
|
heap
|
page read and write
|
||
|
7E5000
|
heap
|
page read and write
|
||
|
1260000
|
heap
|
page read and write
|
||
|
277D0402000
|
heap
|
page read and write
|
||
|
79C000
|
heap
|
page read and write
|
||
|
2AF300B9000
|
heap
|
page read and write
|
||
|
2A4D5902000
|
heap
|
page read and write
|
||
|
45E19FF000
|
stack
|
page read and write
|
||
|
32CE000
|
stack
|
page read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
1DEAADAC000
|
heap
|
page read and write
|
||
|
1DEAAB9F000
|
heap
|
page read and write
|
||
|
1269000
|
heap
|
page read and write
|
||
|
2188000
|
heap
|
page read and write
|
||
|
277CF890000
|
heap
|
page read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
277CFA13000
|
heap
|
page read and write
|
||
|
2564B2DE000
|
heap
|
page read and write
|
||
|
1B60322F000
|
heap
|
page read and write
|
||
|
350000
|
remote allocation
|
page read and write
|
||
|
530E3CF000
|
stack
|
page read and write
|
||
|
2E10000
|
trusted library allocation
|
page read and write
|
||
|
1B5057D9000
|
heap
|
page read and write
|
||
|
2D7B000
|
direct allocation
|
page readonly
|
||
|
21AD000
|
heap
|
page read and write
|
||
|
12AB000
|
heap
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
2A4D5831000
|
heap
|
page read and write
|
||
|
277D0343000
|
heap
|
page read and write
|
||
|
2AF30220000
|
heap
|
page read and write
|
||
|
622E000
|
stack
|
page read and write
|
||
|
1B603302000
|
heap
|
page read and write
|
||
|
2564B50B000
|
heap
|
page read and write
|
||
|
530E2CC000
|
stack
|
page read and write
|
||
|
129D000
|
heap
|
page read and write
|
||
|
1B505780000
|
heap
|
page read and write
|
||
|
1B603150000
|
heap
|
page read and write
|
||
|
1B505A7D000
|
direct allocation
|
page readonly
|
||
|
277CFBE5000
|
heap
|
page read and write
|
||
|
2564B1E0000
|
heap
|
page read and write
|
||
|
134E000
|
stack
|
page read and write
|
||
|
7AE000
|
heap
|
page read and write
|
||
|
2A4D586B000
|
heap
|
page read and write
|
||
|
340F000
|
stack
|
page read and write
|
||
|
E6845FE000
|
stack
|
page read and write
|
||
|
E683D9B000
|
stack
|
page read and write
|
||
|
20CEF7B000
|
stack
|
page read and write
|
||
|
2AD3BE64000
|
heap
|
page read and write
|
||
|
1203000
|
heap
|
page read and write
|
||
|
1B505A7B000
|
direct allocation
|
page readonly
|
||
|
1DEAAED0000
|
heap
|
page read and write
|
||
|
2AF30EE0000
|
trusted library allocation
|
page read and write
|
||
|
1F864BE0000
|
heap
|
page read and write
|
||
|
B2B2FF000
|
stack
|
page read and write
|
||
|
213D2FF8000
|
heap
|
page read and write
|
||
|
277CFA55000
|
heap
|
page read and write
|
||
|
20CEB5B000
|
stack
|
page read and write
|
||
|
A7058FF000
|
stack
|
page read and write
|
||
|
1DEAAB40000
|
heap
|
page read and write
|
||
|
2F00000
|
trusted library allocation
|
page read and write
|
||
|
1B505A50000
|
direct allocation
|
page read and write
|
||
|
2564B2DD000
|
heap
|
page read and write
|
||
|
1260000
|
heap
|
page read and write
|
||
|
1EF3A918000
|
heap
|
page read and write
|
||
|
13F0000
|
trusted library allocation
|
page read and write
|
||
|
2A4D5710000
|
heap
|
page read and write
|
||
|
2960000
|
heap
|
page read and write
|
||
|
277D0400000
|
heap
|
page read and write
|
||
|
1289000
|
heap
|
page read and write
|
||
|
2418860B000
|
heap
|
page read and write
|
||
|
2A4D5831000
|
heap
|
page read and write
|
||
|
2989000
|
heap
|
page read and write
|
||
|
1268000
|
heap
|
page read and write
|
||
|
2A4D5867000
|
heap
|
page read and write
|
||
|
1EF3C402000
|
trusted library allocation
|
page read and write
|
||
|
45E167C000
|
stack
|
page read and write
|
||
|
277D0322000
|
heap
|
page read and write
|
||
|
7C9000
|
heap
|
page read and write
|
||
|
129D000
|
heap
|
page read and write
|
||
|
1F864BF0000
|
heap
|
page read and write
|
||
|
1EF3A859000
|
heap
|
page read and write
|
||
|
274D000
|
stack
|
page read and write
|
||
|
1EF3C360000
|
remote allocation
|
page read and write
|
||
|
8C9067C000
|
stack
|
page read and write
|
||
|
2564B0A0000
|
heap
|
page read and write
|
||
|
1400000
|
direct allocation
|
page execute and read and write
|
||
|
2AF30C20000
|
trusted library allocation
|
page read and write
|
||
|
24188530000
|
direct allocation
|
page execute and read and write
|
||
|
85C000
|
heap
|
page read and write
|
||
|
12D7000
|
heap
|
page read and write
|
||
|
7E5000
|
heap
|
page read and write
|
||
|
24189E60000
|
heap
|
page read and write
|
||
|
1B5057F7000
|
heap
|
page read and write
|
||
|
277CFA8B000
|
heap
|
page read and write
|
||
|
2564B2C9000
|
heap
|
page read and write
|
||
|
1226000
|
heap
|
page read and write
|
||
|
1EF3A864000
|
heap
|
page read and write
|
||
|
277CFA6E000
|
heap
|
page read and write
|
||
|
17A4DA02000
|
heap
|
page read and write
|
||
|
45E12FB000
|
stack
|
page read and write
|
||
|
1285000
|
heap
|
page read and write
|
||
|
277CFB8E000
|
heap
|
page read and write
|
||
|
2388C970000
|
remote allocation
|
page read and write
|
||
|
2564E4C0000
|
trusted library allocation
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
2196000
|
heap
|
page read and write
|
||
|
17A4D2B9000
|
heap
|
page read and write
|
||
|
2A4D57B0000
|
trusted library allocation
|
page read and write
|
||
|
75D767E000
|
stack
|
page read and write
|
||
|
12B9000
|
heap
|
page read and write
|
||
|
7DD000
|
heap
|
page read and write
|
||
|
1256000
|
heap
|
page read and write
|
||
|
2564B270000
|
heap
|
page read and write
|
||
|
277D0070000
|
trusted library allocation
|
page read and write
|
||
|
277D03C7000
|
heap
|
page read and write
|
||
|
277CFA64000
|
heap
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
84F000
|
heap
|
page read and write
|
||
|
1B60323B000
|
heap
|
page read and write
|
||
|
28F1000
|
heap
|
page read and write
|
||
|
1B5056E0000
|
heap
|
page read and write
|
||
|
1238000
|
heap
|
page read and write
|
||
|
17A4D2CA000
|
heap
|
page read and write
|
||
|
2388C258000
|
heap
|
page read and write
|
||
|
1B5057D9000
|
heap
|
page read and write
|
||
|
1DEAABD9000
|
heap
|
page read and write
|
||
|
2564B200000
|
heap
|
page read and write
|
||
|
1B5056C0000
|
heap
|
page read and write
|
||
|
1B505801000
|
heap
|
page read and write
|
||
|
D8A86FE000
|
stack
|
page read and write
|
||
|
988A37E000
|
stack
|
page read and write
|
||
|
2A4D5860000
|
heap
|
page read and write
|
||
|
1DEAAB60000
|
heap
|
page read and write
|
||
|
9889EFF000
|
stack
|
page read and write
|
||
|
84E000
|
heap
|
page read and write
|
||
|
2564B2E2000
|
heap
|
page read and write
|
||
|
1F864E3F000
|
heap
|
page read and write
|
||
|
1238000
|
heap
|
page read and write
|
||
|
1260000
|
heap
|
page readonly
|
||
|
CD73D9F000
|
stack
|
page read and write
|
||
|
2AF30030000
|
heap
|
page read and write
|
||
|
2A4D5856000
|
heap
|
page read and write
|
||
|
75D76FE000
|
stack
|
page read and write
|
||
|
1B603202000
|
heap
|
page read and write
|
||
|
2AF30060000
|
heap
|
page read and write
|
||
|
80B000
|
heap
|
page read and write
|
||
|
7AF000
|
heap
|
page read and write
|
||
|
7F1000
|
heap
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
1DEAAAD0000
|
heap
|
page read and write
|
||
|
2564B500000
|
heap
|
page read and write
|
||
|
2AD3BD50000
|
heap
|
page read and write
|
||
|
277CF880000
|
heap
|
page read and write
|
||
|
2388C170000
|
heap
|
page read and write
|
||
|
1EF3C2A0000
|
trusted library allocation
|
page read and write
|
||
|
21AB000
|
heap
|
page read and write
|
||
|
1C778FE000
|
stack
|
page read and write
|
||
|
1EF3A7E0000
|
trusted library allocation
|
page read and write
|
||
|
2418A090000
|
heap
|
page read and write
|
||
|
2310000
|
trusted library allocation
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
2A4D582E000
|
heap
|
page read and write
|
||
|
2A4D583A000
|
heap
|
page read and write
|
||
|
286E000
|
stack
|
page read and write
|
||
|
7D5000
|
heap
|
page read and write
|
||
|
E6844FB000
|
stack
|
page read and write
|
||
|
7E8000
|
heap
|
page read and write
|
||
|
8C908FF000
|
stack
|
page read and write
|
||
|
128D000
|
heap
|
page read and write
|
||
|
28F0000
|
heap
|
page read and write
|
||
|
1EF3A82A000
|
heap
|
page read and write
|
||
|
277D03BD000
|
heap
|
page read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
2A4D584B000
|
heap
|
page read and write
|
||
|
E6842FB000
|
stack
|
page read and write
|
||
|
128D000
|
heap
|
page read and write
|
||
|
2AD3BE56000
|
heap
|
page read and write
|
||
|
FA0000
|
remote allocation
|
page read and write
|
||
|
241885A0000
|
heap
|
page read and write
|
||
|
1B505950000
|
heap
|
page read and write
|
||
|
2AF30C30000
|
trusted library allocation
|
page read and write
|
||
|
1238000
|
heap
|
page read and write
|
||
|
1B505650000
|
heap
|
page read and write
|
||
|
1EF3A84A000
|
heap
|
page read and write
|
||
|
2564B2E2000
|
heap
|
page read and write
|
||
|
1EF3A849000
|
heap
|
page read and write
|
||
|
2388C940000
|
trusted library allocation
|
page read and write
|
||
|
21E0000
|
direct allocation
|
page read and write
|
||
|
7AA000
|
heap
|
page read and write
|
||
|
7CE000
|
heap
|
page read and write
|
||
|
1C779FC000
|
stack
|
page read and write
|
||
|
1C7707C000
|
stack
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
2A4D5845000
|
heap
|
page read and write
|
||
|
2A4D583D000
|
heap
|
page read and write
|
||
|
277D0202000
|
heap
|
page read and write
|
||
|
2961000
|
heap
|
page read and write
|
||
|
17A4D229000
|
heap
|
page read and write
|
||
|
277D0430000
|
heap
|
page read and write
|
||
|
2C93000
|
heap
|
page read and write
|
||
|
277CFBB9000
|
heap
|
page read and write
|
||
|
333B000
|
stack
|
page read and write
|
||
|
2AD3BDF0000
|
trusted library allocation
|
page read and write
|
||
|
277CFA3C000
|
heap
|
page read and write
|
||
|
3F0000
|
heap
|
page readonly
|
||
|
2AD3BE40000
|
heap
|
page read and write
|
||
|
1DEAC8B0000
|
heap
|
page read and write
|
||
|
124F000
|
heap
|
page read and write
|
||
|
2388C202000
|
heap
|
page read and write
|
||
|
180098000
|
unkown
|
page read and write
|
||
|
2141000
|
heap
|
page read and write
|
||
|
277D0302000
|
heap
|
page read and write
|
||
|
2A4D5850000
|
heap
|
page read and write
|
||
|
277D0423000
|
heap
|
page read and write
|
||
|
8C90B7D000
|
stack
|
page read and write
|
||
|
1B603180000
|
trusted library allocation
|
page read and write
|
||
|
2750000
|
remote allocation
|
page read and write
|
||
|
2AF30CA0000
|
trusted library allocation
|
page read and write
|
||
|
1EF3A7B0000
|
heap
|
page read and write
|
||
|
1269000
|
heap
|
page read and write
|
||
|
1246000
|
heap
|
page read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
18004C000
|
unkown
|
page readonly
|
||
|
45E17FB000
|
stack
|
page read and write
|
||
|
20D0000
|
heap
|
page read and write
|
||
|
17A4D2E4000
|
heap
|
page read and write
|
||
|
A7055FC000
|
stack
|
page read and write
|
||
|
277D0413000
|
heap
|
page read and write
|
||
|
1249000
|
heap
|
page read and write
|
||
|
2D7D000
|
direct allocation
|
page readonly
|
||
|
1DEAABAF000
|
heap
|
page read and write
|
||
|
F7A000
|
stack
|
page read and write
|
||
|
750000
|
trusted library allocation
|
page read and write
|
||
|
2564B2F2000
|
heap
|
page read and write
|
||
|
2388C1E0000
|
heap
|
page read and write
|
||
|
1F864E02000
|
heap
|
page read and write
|
||
|
2A4D5862000
|
heap
|
page read and write
|
||
|
2AD3BDC0000
|
heap
|
page read and write
|
||
|
241884B0000
|
heap
|
page read and write
|
||
|
530E34F000
|
stack
|
page read and write
|
||
|
45E18FD000
|
stack
|
page read and write
|
||
|
FA0000
|
remote allocation
|
page read and write
|
||
|
1DEAAED5000
|
heap
|
page read and write
|
||
|
1B505788000
|
heap
|
page read and write
|
||
|
2CFD000
|
direct allocation
|
page readonly
|
||
|
2650000
|
trusted library allocation
|
page read and write
|
||
|
1DEAAB9F000
|
heap
|
page read and write
|
||
|
127B000
|
heap
|
page read and write
|
||
|
2AF30039000
|
heap
|
page read and write
|
||
|
128D000
|
heap
|
page read and write
|
||
|
7B8000
|
heap
|
page read and write
|
||
|
10BB000
|
stack
|
page read and write
|
||
|
360000
|
heap
|
page read and write
|
||
|
1DEAC6AD000
|
direct allocation
|
page readonly
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
11D8000
|
heap
|
page read and write
|
||
|
17A4D26F000
|
heap
|
page read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
2564B2D9000
|
heap
|
page read and write
|
||
|
1F865602000
|
trusted library allocation
|
page read and write
|
||
|
13EE000
|
stack
|
page read and write
|
||
|
45E177D000
|
stack
|
page read and write
|
||
|
62AE000
|
stack
|
page read and write
|
||
|
7EB000
|
heap
|
page read and write
|
||
|
2750000
|
remote allocation
|
page read and write
|
||
|
17A4D2C8000
|
heap
|
page read and write
|
||
|
2C6C000
|
heap
|
page read and write
|
||
|
1615000
|
heap
|
page read and write
|
||
|
45E15FF000
|
stack
|
page read and write
|
||
|
17A4DB3A000
|
heap
|
page read and write
|
||
|
1EF3A740000
|
heap
|
page read and write
|
||
|
7CE000
|
heap
|
page read and write
|
||
|
1295000
|
heap
|
page read and write
|
||
|
277CFA91000
|
heap
|
page read and write
|
||
|
7AE000
|
heap
|
page read and write
|
||
|
2564B305000
|
heap
|
page read and write
|
||
|
18004C000
|
unkown
|
page readonly
|
||
|
2A4D5876000
|
heap
|
page read and write
|
||
|
2C90000
|
heap
|
page read and write
|
||
|
17A4D302000
|
heap
|
page read and write
|
||
|
20CF57E000
|
stack
|
page read and write
|
||
|
2E07000
|
stack
|
page read and write
|
||
|
1C776FC000
|
stack
|
page read and write
|
||
|
2A4D5839000
|
heap
|
page read and write
|
||
|
1EF3C2E0000
|
trusted library allocation
|
page read and write
|
||
|
20CF87F000
|
stack
|
page read and write
|
||
|
2AD3BE02000
|
heap
|
page read and write
|
||
|
1B5073F0000
|
heap
|
page read and write
|
||
|
220C000
|
direct allocation
|
page read and write
|
||
|
B2B3FF000
|
stack
|
page read and write
|
||
|
B2B1F9000
|
stack
|
page read and write
|
||
|
241885D0000
|
heap
|
page read and write
|
||
|
1F864F13000
|
heap
|
page read and write
|
||
|
2A4D5800000
|
heap
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
1DEAAB9F000
|
heap
|
page read and write
|
||
|
213D2E50000
|
heap
|
page read and write
|
There are 670 hidden memdumps, click here to show them.