Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
yoyrJ.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\Windows\System32\wbem\Performance\WmiApRpl_new.h
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\system32\wbem\Performance\WmiApRpl.h (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\yoyrJ.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32.exe /s C:\Users\user\Desktop\yoyrJ.dll
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\yoyrJ.dll",#1
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\yoyrJ.dll,DllRegisterServer
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\RPhOZPFULSaJ\nMwLrZYwR.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\UgFJoEzLBQVtMeg\qohQcmrlRynEDAUP.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\YbSMYJyTdzumryV\WWgeEzfCEnB.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\OGxcy\dYkxHTuA.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe" "C:\Windows\system32\UgFJoEzLBQVtMeg\qohQcmrlRynEDAUP.dll
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Users\user\AppData\Local\ArkmTuxCaKyXkTDZ\fBEZnVEOT.dll"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\yoyrJ.dll",#1
|
||
|
C:\Windows\System32\wbem\WMIADAP.exe
|
wmiadap.exe /F /T /R
|
There are 3 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://182.162.143.56/ltqyvaphgamn/iuduszibmmiode/zgmecigm/lvlmwwim/
|
182.162.143.56
|
|
|
|
https://45.63.99.23:7080/ltqyvaphgamn/iuduszibmmiode/zgmecigm/lvlmwwim/
|
unknown
|
||
|
https://182.162.143.56/
|
unknown
|
||
|
https://17.63.99.23:7080/
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
110.232.117.186
|
unknown
|
Australia
|
|
|
|
103.132.242.26
|
unknown
|
India
|
|
|
|
104.168.155.143
|
unknown
|
United States
|
|
|
|
79.137.35.198
|
unknown
|
France
|
|
|
|
45.118.115.99
|
unknown
|
Indonesia
|
|
|
|
172.104.251.154
|
unknown
|
United States
|
|
|
|
115.68.227.76
|
unknown
|
Korea Republic of
|
|
|
|
163.44.196.120
|
unknown
|
Singapore
|
|
|
|
206.189.28.199
|
unknown
|
United States
|
|
|
|
45.63.99.23
|
unknown
|
United States
|
|
|
|
107.170.39.149
|
unknown
|
United States
|
|
|
|
197.242.150.244
|
unknown
|
South Africa
|
|
|
|
185.4.135.165
|
unknown
|
Greece
|
|
|
|
183.111.227.137
|
unknown
|
Korea Republic of
|
|
|
|
45.176.232.124
|
unknown
|
Colombia
|
|
|
|
139.59.56.73
|
unknown
|
Singapore
|
|
|
|
169.57.156.166
|
unknown
|
United States
|
|
|
|
164.68.99.3
|
unknown
|
Germany
|
|
|
|
139.59.126.41
|
unknown
|
Singapore
|
|
|
|
167.172.253.162
|
unknown
|
United States
|
|
|
|
147.139.166.154
|
unknown
|
United States
|
|
|
|
202.129.205.3
|
unknown
|
Thailand
|
|
|
|
167.172.199.165
|
unknown
|
United States
|
|
|
|
153.92.5.27
|
unknown
|
Germany
|
|
|
|
159.65.140.115
|
unknown
|
United States
|
|
|
|
159.65.88.10
|
unknown
|
United States
|
|
|
|
172.105.226.75
|
unknown
|
United States
|
|
|
|
164.90.222.65
|
unknown
|
United States
|
|
|
|
213.239.212.5
|
unknown
|
Germany
|
|
|
|
5.135.159.50
|
unknown
|
France
|
|
|
|
173.255.211.88
|
unknown
|
United States
|
|
|
|
212.24.98.99
|
unknown
|
Lithuania
|
|
|
|
186.194.240.217
|
unknown
|
Brazil
|
|
|
|
91.187.140.35
|
unknown
|
Serbia
|
|
|
|
119.59.103.152
|
unknown
|
Thailand
|
|
|
|
159.89.202.34
|
unknown
|
United States
|
|
|
|
201.94.166.162
|
unknown
|
Brazil
|
|
|
|
160.16.142.56
|
unknown
|
Japan
|
|
|
|
103.75.201.2
|
unknown
|
Thailand
|
|
|
|
91.207.28.33
|
unknown
|
Kyrgyzstan
|
|
|
|
103.43.75.120
|
unknown
|
Japan
|
|
|
|
188.44.20.25
|
unknown
|
Macedonia
|
|
|
|
45.235.8.30
|
unknown
|
Brazil
|
|
|
|
153.126.146.25
|
unknown
|
Japan
|
|
|
|
72.15.201.15
|
unknown
|
United States
|
|
|
|
82.223.21.224
|
unknown
|
Spain
|
|
|
|
173.212.193.249
|
unknown
|
Germany
|
|
|
|
95.217.221.146
|
unknown
|
Germany
|
|
|
|
149.56.131.28
|
unknown
|
Canada
|
|
|
|
209.97.163.214
|
unknown
|
United States
|
|
|
|
182.162.143.56
|
unknown
|
Korea Republic of
|
|
|
|
1.234.2.232
|
unknown
|
Korea Republic of
|
|
|
|
129.232.188.93
|
unknown
|
South Africa
|
|
|
|
94.23.45.86
|
unknown
|
France
|
|
There are 44 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
qohQcmrlRynEDAUP.dll
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
D20000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
A90000
|
direct allocation
|
page execute and read and write
|
|
|
|
1BBC5810000
|
direct allocation
|
page execute and read and write
|
|
|
|
1EBD2220000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
BA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
C38000
|
heap
|
page read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
141AEEA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
BED000
|
heap
|
page read and write
|
||
|
29FB000
|
stack
|
page read and write
|
||
|
BED000
|
heap
|
page read and write
|
||
|
CAE000
|
heap
|
page read and write
|
||
|
2ECF000
|
stack
|
page read and write
|
||
|
1EBD211F000
|
heap
|
page read and write
|
||
|
1063000
|
heap
|
page read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
2650000
|
remote allocation
|
page read and write
|
||
|
1BBC6ED0000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
C81000
|
heap
|
page read and write
|
||
|
759000
|
stack
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
1EBD3B1D000
|
heap
|
page read and write
|
||
|
5B40000
|
trusted library allocation
|
page read and write
|
||
|
26AE000
|
stack
|
page read and write
|
||
|
2F7E000
|
stack
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
7FF88C36A000
|
unkown
|
page readonly
|
||
|
7FF88C300000
|
unkown
|
page readonly
|
||
|
7FF88C36C000
|
unkown
|
page execute
|
||
|
24FBA530000
|
heap
|
page read and write
|
||
|
3FA60FE000
|
stack
|
page read and write
|
||
|
7FF88C301000
|
unkown
|
page execute read
|
||
|
C87000
|
heap
|
page read and write
|
||
|
3D70C7E000
|
stack
|
page read and write
|
||
|
102E000
|
stack
|
page read and write
|
||
|
24FBA57D000
|
heap
|
page read and write
|
||
|
272C000
|
stack
|
page read and write
|
||
|
55AC57E000
|
stack
|
page read and write
|
||
|
141B10C0000
|
heap
|
page read and write
|
||
|
D11000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
24FBA830000
|
trusted library allocation
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
43D000
|
heap
|
page read and write
|
||
|
2670000
|
heap
|
page read and write
|
||
|
7FF88C36A000
|
unkown
|
page readonly
|
||
|
DD0319C000
|
stack
|
page read and write
|
||
|
E65000
|
heap
|
page read and write
|
||
|
141AEF45000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
CCD000
|
heap
|
page read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
DD0377F000
|
stack
|
page read and write
|
||
|
7FF88C36D000
|
unkown
|
page readonly
|
||
|
1EBD2116000
|
heap
|
page read and write
|
||
|
E55000
|
heap
|
page read and write
|
||
|
CA8000
|
heap
|
page read and write
|
||
|
7FF88C36D000
|
unkown
|
page readonly
|
||
|
1BBC53D0000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
2830000
|
heap
|
page read and write
|
||
|
7FF88C36C000
|
unkown
|
page execute
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
7FF88C36A000
|
unkown
|
page readonly
|
||
|
CBE000
|
heap
|
page read and write
|
||
|
2F5C000
|
heap
|
page read and write
|
||
|
3FA5EFD000
|
stack
|
page read and write
|
||
|
1EBD22B0000
|
trusted library allocation
|
page read and write
|
||
|
434000
|
heap
|
page read and write
|
||
|
C05000
|
heap
|
page read and write
|
||
|
BDF000
|
heap
|
page read and write
|
||
|
1EBD3AE0000
|
heap
|
page read and write
|
||
|
1EBD2117000
|
heap
|
page read and write
|
||
|
896000
|
heap
|
page read and write
|
||
|
C98000
|
heap
|
page read and write
|
||
|
8B1000
|
heap
|
page read and write
|
||
|
B5E000
|
stack
|
page read and write
|
||
|
550000
|
remote allocation
|
page read and write
|
||
|
2BEF000
|
stack
|
page read and write
|
||
|
2681000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
55AC67E000
|
stack
|
page read and write
|
||
|
99B000
|
heap
|
page read and write
|
||
|
297E000
|
stack
|
page read and write
|
||
|
2FFF000
|
stack
|
page read and write
|
||
|
1BBC550C000
|
heap
|
page read and write
|
||
|
CD5000
|
heap
|
page read and write
|
||
|
88E000
|
heap
|
page read and write
|
||
|
C0C000
|
heap
|
page read and write
|
||
|
1EBD20EB000
|
heap
|
page read and write
|
||
|
DD0367E000
|
stack
|
page read and write
|
||
|
D11000
|
heap
|
page read and write
|
||
|
7FF88C36C000
|
unkown
|
page execute
|
||
|
1EBD1F70000
|
heap
|
page read and write
|
||
|
C81000
|
heap
|
page read and write
|
||
|
141B098B000
|
heap
|
page read and write
|
||
|
D50000
|
direct allocation
|
page execute and read and write
|
||
|
7C5000
|
heap
|
page read and write
|
||
|
B40000
|
trusted library allocation
|
page read and write
|
||
|
896000
|
heap
|
page read and write
|
||
|
7FF88C322000
|
unkown
|
page readonly
|
||
|
24A0000
|
heap
|
page read and write
|
||
|
268D000
|
heap
|
page read and write
|
||
|
D70000
|
trusted library allocation
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
1BBC6E70000
|
heap
|
page readonly
|
||
|
C91000
|
heap
|
page read and write
|
||
|
141AEF4A000
|
heap
|
page read and write
|
||
|
1C0000
|
remote allocation
|
page read and write
|
||
|
236A000
|
heap
|
page read and write
|
||
|
CCD000
|
heap
|
page read and write
|
||
|
28DE000
|
stack
|
page read and write
|
||
|
C91000
|
heap
|
page read and write
|
||
|
1BBC7290000
|
trusted library allocation
|
page read and write
|
||
|
E81000
|
heap
|
page read and write
|
||
|
1BBC6FD1000
|
heap
|
page read and write
|
||
|
43D000
|
heap
|
page read and write
|
||
|
418000
|
heap
|
page read and write
|
||
|
24FBA490000
|
trusted library allocation
|
page read and write
|
||
|
CA8000
|
heap
|
page read and write
|
||
|
24FBA480000
|
heap
|
page read and write
|
||
|
868000
|
heap
|
page read and write
|
||
|
22B0000
|
heap
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
E65000
|
heap
|
page read and write
|
||
|
250D000
|
heap
|
page read and write
|
||
|
CC7000
|
heap
|
page read and write
|
||
|
293B000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
C86000
|
heap
|
page read and write
|
||
|
C91000
|
heap
|
page read and write
|
||
|
88E000
|
heap
|
page read and write
|
||
|
7C0000
|
remote allocation
|
page read and write
|
||
|
55AC5F9000
|
stack
|
page read and write
|
||
|
7FF88C300000
|
unkown
|
page readonly
|
||
|
141B0985000
|
heap
|
page read and write
|
||
|
7FF88C36D000
|
unkown
|
page readonly
|
||
|
27DF000
|
stack
|
page read and write
|
||
|
980000
|
heap
|
page readonly
|
||
|
24FBA800000
|
trusted library allocation
|
page read and write
|
||
|
7C0000
|
remote allocation
|
page read and write
|
||
|
2B6E000
|
stack
|
page read and write
|
||
|
1BBC5460000
|
heap
|
page read and write
|
||
|
141B0983000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
1BBC54B8000
|
heap
|
page read and write
|
||
|
2BB7000
|
stack
|
page read and write
|
||
|
C86000
|
heap
|
page read and write
|
||
|
52CF000
|
stack
|
page read and write
|
||
|
896000
|
heap
|
page read and write
|
||
|
B55000
|
heap
|
page read and write
|
||
|
2400000
|
trusted library allocation
|
page read and write
|
||
|
24FBA810000
|
heap
|
page readonly
|
||
|
1EBD3F00000
|
heap
|
page read and write
|
||
|
1FA3000
|
heap
|
page read and write
|
||
|
1BBC6F3A000
|
heap
|
page read and write
|
||
|
52A000
|
stack
|
page read and write
|
||
|
2430000
|
heap
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
E65000
|
heap
|
page read and write
|
||
|
1EBD22A0000
|
heap
|
page read and write
|
||
|
BF5000
|
heap
|
page read and write
|
||
|
C80000
|
remote allocation
|
page read and write
|
||
|
24FBA575000
|
heap
|
page read and write
|
||
|
CA8000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
410000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
1030000
|
heap
|
page read and write
|
||
|
88E000
|
heap
|
page read and write
|
||
|
CAE000
|
heap
|
page read and write
|
||
|
780000
|
remote allocation
|
page read and write
|
||
|
D13000
|
heap
|
page read and write
|
||
|
24FBA880000
|
heap
|
page read and write
|
||
|
B95000
|
heap
|
page read and write
|
||
|
2650000
|
remote allocation
|
page read and write
|
||
|
BCB000
|
heap
|
page read and write
|
||
|
7FF88C36A000
|
unkown
|
page readonly
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
C13000
|
heap
|
page read and write
|
||
|
E68000
|
heap
|
page read and write
|
||
|
243B000
|
heap
|
page read and write
|
||
|
886000
|
heap
|
page read and write
|
||
|
D13000
|
heap
|
page read and write
|
||
|
107C000
|
heap
|
page read and write
|
||
|
CAE000
|
heap
|
page read and write
|
||
|
FAE000
|
stack
|
page read and write
|
||
|
E5D000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
141B08C0000
|
trusted library allocation
|
page read and write
|
||
|
DD03579000
|
stack
|
page read and write
|
||
|
1BBC54B0000
|
heap
|
page read and write
|
||
|
C97000
|
heap
|
page read and write
|
||
|
2A00000
|
trusted library allocation
|
page read and write
|
||
|
C7E000
|
heap
|
page read and write
|
||
|
1BBC5840000
|
direct allocation
|
page execute and read and write
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
1BBC6ECB000
|
heap
|
page read and write
|
||
|
24D0000
|
heap
|
page read and write
|
||
|
7FF88C301000
|
unkown
|
page execute read
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
261F000
|
stack
|
page read and write
|
||
|
BF6000
|
heap
|
page read and write
|
||
|
1070000
|
heap
|
page read and write
|
||
|
E6B000
|
heap
|
page read and write
|
||
|
9F3000
|
heap
|
page read and write
|
||
|
7FF88C367000
|
unkown
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
E5D000
|
heap
|
page read and write
|
||
|
CD5000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
141AEF38000
|
heap
|
page read and write
|
||
|
1EBD2330000
|
heap
|
page read and write
|
||
|
141B0980000
|
heap
|
page read and write
|
||
|
E65000
|
heap
|
page read and write
|
||
|
24FBA4F0000
|
heap
|
page read and write
|
||
|
1C0000
|
remote allocation
|
page read and write
|
||
|
24FBA750000
|
trusted library allocation
|
page read and write
|
||
|
2750000
|
heap
|
page read and write
|
||
|
E65000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
DD036F9000
|
stack
|
page read and write
|
||
|
7FF88C36A000
|
unkown
|
page readonly
|
||
|
3FA5DFE000
|
stack
|
page read and write
|
||
|
7FF88C36C000
|
unkown
|
page execute
|
||
|
DD035F9000
|
stack
|
page read and write
|
||
|
CB9000
|
heap
|
page read and write
|
||
|
2F4E000
|
stack
|
page read and write
|
||
|
253A000
|
heap
|
page read and write
|
||
|
1EBD3B36000
|
heap
|
page read and write
|
||
|
896000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
CCD000
|
heap
|
page read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
CD5000
|
heap
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
E55000
|
heap
|
page read and write
|
||
|
881000
|
heap
|
page read and write
|
||
|
7FF88C301000
|
unkown
|
page execute read
|
||
|
BED000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
7FF88C300000
|
unkown
|
page readonly
|
||
|
2E3D000
|
stack
|
page read and write
|
||
|
1EBD3B54000
|
heap
|
page read and write
|
||
|
446000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
7FF88C300000
|
unkown
|
page readonly
|
||
|
BF0000
|
trusted library allocation
|
page read and write
|
||
|
886000
|
heap
|
page read and write
|
||
|
24FBA760000
|
trusted library allocation
|
page read and write
|
||
|
E68000
|
heap
|
page read and write
|
||
|
CA8000
|
heap
|
page read and write
|
||
|
1BBC6EC5000
|
heap
|
page read and write
|
||
|
96F000
|
stack
|
page read and write
|
||
|
88E000
|
heap
|
page read and write
|
||
|
1035000
|
heap
|
page read and write
|
||
|
C86000
|
heap
|
page read and write
|
||
|
7FF88C322000
|
unkown
|
page readonly
|
||
|
141B07DD000
|
heap
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
E0000
|
heap
|
page read and write
|
||
|
24B1000
|
heap
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
E5D000
|
heap
|
page read and write
|
||
|
D13000
|
heap
|
page read and write
|
||
|
233D000
|
heap
|
page read and write
|
||
|
28E0000
|
trusted library allocation
|
page read and write
|
||
|
C15000
|
heap
|
page read and write
|
||
|
1BBC6F0D000
|
heap
|
page read and write
|
||
|
C8D000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
8AF000
|
heap
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
141AEE70000
|
heap
|
page read and write
|
||
|
1BBC5440000
|
heap
|
page read and write
|
||
|
524E000
|
stack
|
page read and write
|
||
|
D13000
|
heap
|
page read and write
|
||
|
445000
|
heap
|
page read and write
|
||
|
2620000
|
heap
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
88A000
|
heap
|
page read and write
|
||
|
2DBC000
|
stack
|
page read and write
|
||
|
7FF88C322000
|
unkown
|
page readonly
|
||
|
D60000
|
heap
|
page readonly
|
||
|
3B20000
|
heap
|
page read and write
|
||
|
1EBD22A3000
|
heap
|
page read and write
|
||
|
2130000
|
heap
|
page read and write
|
||
|
55E0000
|
trusted library allocation
|
page read and write
|
||
|
2433000
|
heap
|
page read and write
|
||
|
780000
|
remote allocation
|
page read and write
|
||
|
1EBD211D000
|
heap
|
page read and write
|
||
|
1EBD3B2E000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
7FF88C300000
|
unkown
|
page readonly
|
||
|
1EBD20B0000
|
heap
|
page read and write
|
||
|
26BA000
|
heap
|
page read and write
|
||
|
141AEF00000
|
heap
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
141AEF3E000
|
heap
|
page read and write
|
||
|
1EBD2335000
|
heap
|
page read and write
|
||
|
891000
|
heap
|
page read and write
|
||
|
1EBD3B42000
|
heap
|
page read and write
|
||
|
CB9000
|
heap
|
page read and write
|
||
|
CA8000
|
heap
|
page read and write
|
||
|
CCD000
|
heap
|
page read and write
|
||
|
57B000
|
stack
|
page read and write
|
||
|
24FBA820000
|
trusted library allocation
|
page read and write
|
||
|
22B3000
|
heap
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
1EBD2260000
|
heap
|
page readonly
|
||
|
CC8000
|
heap
|
page read and write
|
||
|
CC8000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
9E2000
|
heap
|
page read and write
|
||
|
25F0000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
1BBC5850000
|
heap
|
page read and write
|
||
|
141B0990000
|
heap
|
page read and write
|
||
|
1BBC7290000
|
trusted library allocation
|
page read and write
|
||
|
141AEEE5000
|
heap
|
page read and write
|
||
|
141B08A0000
|
heap
|
page read and write
|
||
|
BF5000
|
heap
|
page read and write
|
||
|
3D70CFE000
|
stack
|
page read and write
|
||
|
3D70D7C000
|
stack
|
page read and write
|
||
|
1EBD3B31000
|
heap
|
page read and write
|
||
|
445000
|
heap
|
page read and write
|
||
|
CCD000
|
heap
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
7FF88C300000
|
unkown
|
page readonly
|
||
|
285F000
|
stack
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
7FF88C36D000
|
unkown
|
page readonly
|
||
|
CA8000
|
heap
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
C98000
|
heap
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
2933000
|
heap
|
page read and write
|
||
|
3D70BF7000
|
stack
|
page read and write
|
||
|
2930000
|
heap
|
page read and write
|
||
|
7FF88C36A000
|
unkown
|
page readonly
|
||
|
1BBC6EB0000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
24FBA889000
|
heap
|
page read and write
|
||
|
43D000
|
heap
|
page read and write
|
||
|
1EBD3BE0000
|
heap
|
page read and write
|
||
|
E59000
|
heap
|
page read and write
|
||
|
24FBB590000
|
trusted library allocation
|
page read and write
|
||
|
141B080A000
|
heap
|
page read and write
|
||
|
52D0000
|
trusted library allocation
|
page read and write
|
||
|
C77000
|
heap
|
page read and write
|
||
|
C79000
|
stack
|
page read and write
|
||
|
7FF88C301000
|
unkown
|
page execute read
|
||
|
3D70A7F000
|
stack
|
page read and write
|
||
|
E5D000
|
heap
|
page read and write
|
||
|
CC8000
|
heap
|
page read and write
|
||
|
3D7079E000
|
stack
|
page read and write
|
||
|
9AB000
|
stack
|
page read and write
|
||
|
3FA5BFE000
|
stack
|
page read and write
|
||
|
1EBD20E0000
|
heap
|
page read and write
|
||
|
141AEF13000
|
heap
|
page read and write
|
||
|
229E000
|
stack
|
page read and write
|
||
|
1BBC5855000
|
heap
|
page read and write
|
||
|
7FF88C322000
|
unkown
|
page readonly
|
||
|
1BBC54FE000
|
heap
|
page read and write
|
||
|
1FA0000
|
heap
|
page read and write
|
||
|
D11000
|
heap
|
page read and write
|
||
|
E6F000
|
heap
|
page read and write
|
||
|
55AC47F000
|
stack
|
page read and write
|
||
|
7FF88C322000
|
unkown
|
page readonly
|
||
|
7FF88C36D000
|
unkown
|
page readonly
|
||
|
141AEED0000
|
direct allocation
|
page execute and read and write
|
||
|
27A7000
|
stack
|
page read and write
|
||
|
1EBD22B0000
|
trusted library allocation
|
page read and write
|
||
|
7FF88C367000
|
unkown
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
CC8000
|
heap
|
page read and write
|
||
|
2D40000
|
trusted library allocation
|
page read and write
|
||
|
A7B000
|
stack
|
page read and write
|
||
|
24FBA7C0000
|
trusted library allocation
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
C91000
|
heap
|
page read and write
|
||
|
2623000
|
heap
|
page read and write
|
||
|
1EBD3B25000
|
heap
|
page read and write
|
||
|
1EBD3B1D000
|
heap
|
page read and write
|
||
|
E65000
|
heap
|
page read and write
|
||
|
CB9000
|
heap
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
C86000
|
heap
|
page read and write
|
||
|
1EBD22AB000
|
heap
|
page read and write
|
||
|
89C000
|
heap
|
page read and write
|
||
|
896000
|
heap
|
page read and write
|
||
|
1060000
|
heap
|
page read and write
|
||
|
C77000
|
heap
|
page read and write
|
||
|
E68000
|
heap
|
page read and write
|
||
|
3D70B7E000
|
stack
|
page read and write
|
||
|
24FBA57D000
|
heap
|
page read and write
|
||
|
B6C000
|
heap
|
page read and write
|
||
|
B3F000
|
stack
|
page read and write
|
||
|
7FF88C367000
|
unkown
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
141AED30000
|
heap
|
page read and write
|
||
|
42F000
|
heap
|
page read and write
|
||
|
1BBC6EC3000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
CB6000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page readonly
|
||
|
247E000
|
stack
|
page read and write
|
||
|
2680000
|
heap
|
page read and write
|
||
|
24FBA596000
|
heap
|
page read and write
|
||
|
7FF88C36D000
|
unkown
|
page readonly
|
||
|
1EBD2113000
|
heap
|
page read and write
|
||
|
199000
|
stack
|
page read and write
|
||
|
C91000
|
heap
|
page read and write
|
||
|
1EBD21E0000
|
heap
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
2941000
|
heap
|
page read and write
|
||
|
3D7071C000
|
stack
|
page read and write
|
||
|
C73000
|
heap
|
page read and write
|
||
|
3FA5CFF000
|
stack
|
page read and write
|
||
|
CD1000
|
heap
|
page read and write
|
||
|
7FF88C36C000
|
unkown
|
page execute
|
||
|
1BBC6FD0000
|
heap
|
page read and write
|
||
|
24FBA57D000
|
heap
|
page read and write
|
||
|
141AEF45000
|
heap
|
page read and write
|
||
|
E38000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
9B5000
|
heap
|
page read and write
|
||
|
55AC4FF000
|
stack
|
page read and write
|
||
|
1075000
|
heap
|
page read and write
|
||
|
CB9000
|
heap
|
page read and write
|
||
|
C91000
|
heap
|
page read and write
|
||
|
141AEF0D000
|
heap
|
page read and write
|
||
|
141AEEF0000
|
trusted library allocation
|
page read and write
|
||
|
BF5000
|
heap
|
page read and write
|
||
|
896000
|
heap
|
page read and write
|
||
|
B65000
|
heap
|
page read and write
|
||
|
1EBD210D000
|
heap
|
page read and write
|
||
|
3FA5AFC000
|
stack
|
page read and write
|
||
|
1BBC6EC0000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
24FBA890000
|
trusted library allocation
|
page read and write
|
||
|
1EBD2250000
|
direct allocation
|
page execute and read and write
|
||
|
970000
|
direct allocation
|
page execute and read and write
|
||
|
7CC000
|
heap
|
page read and write
|
||
|
CAE000
|
heap
|
page read and write
|
||
|
1F9F000
|
stack
|
page read and write
|
||
|
141B0991000
|
heap
|
page read and write
|
||
|
C98000
|
heap
|
page read and write
|
||
|
7FF88C301000
|
unkown
|
page execute read
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
550000
|
remote allocation
|
page read and write
|
||
|
C80000
|
remote allocation
|
page read and write
|
||
|
C00000
|
trusted library allocation
|
page read and write
|
||
|
1EBD2113000
|
heap
|
page read and write
|
||
|
7FF88C367000
|
unkown
|
page read and write
|
||
|
C86000
|
heap
|
page read and write
|
||
|
BD0000
|
direct allocation
|
page execute and read and write
|
||
|
D88000
|
heap
|
page read and write
|
||
|
2C6B000
|
stack
|
page read and write
|
||
|
24FBB380000
|
trusted library allocation
|
page read and write
|
||
|
3D70AFF000
|
stack
|
page read and write
|
||
|
24FBA510000
|
heap
|
page read and write
|
||
|
5810000
|
trusted library allocation
|
page read and write
|
||
|
BE5000
|
heap
|
page read and write
|
||
|
D1E000
|
heap
|
page read and write
|
||
|
1EBD3B26000
|
heap
|
page read and write
|
||
|
CB8000
|
heap
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
141B07A0000
|
heap
|
page read and write
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
55AC1AC000
|
stack
|
page read and write
|
||
|
29DE000
|
stack
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
CD5000
|
heap
|
page read and write
|
||
|
7FF88C36C000
|
unkown
|
page execute
|
||
|
3FA5FF9000
|
stack
|
page read and write
|
||
|
7FF88C322000
|
unkown
|
page readonly
|
||
|
2435000
|
heap
|
page read and write
|
||
|
CCD000
|
heap
|
page read and write
|
||
|
1EBD3B1D000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
445000
|
heap
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
C8D000
|
heap
|
page read and write
|
||
|
C1B000
|
heap
|
page read and write
|
||
|
24B0000
|
heap
|
page read and write
|
||
|
CAB000
|
heap
|
page read and write
|
||
|
24FBA885000
|
heap
|
page read and write
|
||
|
2300000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
141AEEE0000
|
heap
|
page read and write
|
||
|
C77000
|
heap
|
page read and write
|
||
|
2935000
|
heap
|
page read and write
|
||
|
24FBA539000
|
heap
|
page read and write
|
||
|
7FF88C301000
|
unkown
|
page execute read
|
||
|
896000
|
heap
|
page read and write
|
||
|
7FF88C367000
|
unkown
|
page read and write
|
||
|
2650000
|
remote allocation
|
page read and write
|
||
|
D11000
|
heap
|
page read and write
|
||
|
CB1000
|
heap
|
page read and write
|
||
|
307B000
|
stack
|
page read and write
|
||
|
CCD000
|
heap
|
page read and write
|
||
|
7FF88C367000
|
unkown
|
page read and write
|
||
|
CBA000
|
heap
|
page read and write
|
||
|
2650000
|
heap
|
page read and write
|
There are 510 hidden memdumps, click here to show them.