Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, InnoSetup self-extracting archive
|
initial sample
|
 |
|
|
C:\Program Files (x86)\PrintFolders\PrintFolders.exe
|
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
modified
|
|
|
|
C:\Program Files (x86)\PrintFolders\Russian.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\PrintFolders\is-2632S.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\PrintFolders\is-48N1K.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\PrintFolders\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-385TG.tmp\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-385TG.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-KU6HQ.tmp\is-QPTG8.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\{e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}\uywwtiNQ.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\PrintFolders\Guide.chm (copy)
|
MS Windows HtmlHelp Data
|
dropped
|
||
|
C:\Program Files (x86)\PrintFolders\History.txt (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\PrintFolders\License.txt (copy)
|
RAGE Package Format (RPF),
|
dropped
|
||
|
C:\Program Files (x86)\PrintFolders\is-0E5GB.tmp
|
RAGE Package Format (RPF),
|
dropped
|
||
|
C:\Program Files (x86)\PrintFolders\is-5F7BS.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\PrintFolders\is-60UNK.tmp
|
MS Windows HtmlHelp Data
|
dropped
|
||
|
C:\Program Files (x86)\PrintFolders\is-OK1CQ.tmp
|
data
|
dropped
|
||
|
C:\Program Files (x86)\PrintFolders\unins000.dat
|
InnoSetup Log PrintFolders {73D78C7A-78F2-476F-86FF-9025EA410908}, version 0x2a, 3813 bytes, 609290\user, "C:\Program Files
(x86)\PrintFolders"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\fuckingdllENCR[1].dll
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ping[1].htm
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\library[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\count[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\library[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-385TG.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
There are 14 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\PrintFolders\PrintFolders.exe
|
"C:\Program Files (x86)\PrintFolders\PrintFolders.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\{e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}\uywwtiNQ.exe
|
|
|
|
|
C:\Users\user\Desktop\file.exe
|
C:\Users\user\Desktop\file.exe
|
||
|
C:\Users\user\AppData\Local\Temp\is-KU6HQ.tmp\is-QPTG8.tmp
|
"C:\Users\user\AppData\Local\Temp\is-KU6HQ.tmp\is-QPTG8.tmp" /SL4 $40228 "C:\Users\user\Desktop\file.exe" 1252960 51712
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c taskkill /im "PrintFolders.exe" /f & erase "C:\Program Files (x86)\PrintFolders\PrintFolders.exe"
& exit
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\taskkill.exe
|
taskkill /im "PrintFolders.exe" /f
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://171.22.30.106/library.phpXZ
|
unknown
|
|
|
|
http://107.182.129.235/storage/extension.php
|
107.182.129.235
|
|
|
|
http://107.182.129.235/storage/ping.php
|
107.182.129.235
|
|
|
|
http://171.22.30.106/library.phpBZ
|
unknown
|
|
|
|
http://171.22.30.106/library.php
|
171.22.30.106
|
|
|
|
http://pfolders.atopoint.com.
|
unknown
|
||
|
http://www.innosetup.com/
|
unknown
|
||
|
http://www.atopoint.com
|
unknown
|
||
|
http://45.139.105.171/itsnotmalware/count.php?sub=NOSUB&stream=mixtwo&substream=mixinte
|
45.139.105.171
|
||
|
http://www.remobjects.com/?ps
|
unknown
|
||
|
http://pfolders.atopoint.com
|
unknown
|
||
|
http://www.innosetup.com
|
unknown
|
||
|
http://107.182.129.235/storage/extension.phpum
|
unknown
|
||
|
http://www.atopoint.com.
|
unknown
|
||
|
http://www.innosetup.comDVarFileInfo$
|
unknown
|
||
|
http://www.remobjects.com/?psU
|
unknown
|
There are 6 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.139.105.1
|
unknown
|
Italy
|
|
|
|
85.31.46.167
|
unknown
|
Germany
|
|
|
|
107.182.129.235
|
unknown
|
Reserved
|
|
|
|
171.22.30.106
|
unknown
|
Germany
|
|
|
|
45.139.105.171
|
unknown
|
Italy
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Atopoint Software\PrintFolders
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{73D78C7A-78F2-476F-86FF-9025EA410908}}_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{73D78C7A-78F2-476F-86FF-9025EA410908}}_is1
|
Inno Setup: App Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{73D78C7A-78F2-476F-86FF-9025EA410908}}_is1
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{73D78C7A-78F2-476F-86FF-9025EA410908}}_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{73D78C7A-78F2-476F-86FF-9025EA410908}}_is1
|
Inno Setup: User
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{73D78C7A-78F2-476F-86FF-9025EA410908}}_is1
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{73D78C7A-78F2-476F-86FF-9025EA410908}}_is1
|
DisplayIcon
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{73D78C7A-78F2-476F-86FF-9025EA410908}}_is1
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{73D78C7A-78F2-476F-86FF-9025EA410908}}_is1
|
QuietUninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{73D78C7A-78F2-476F-86FF-9025EA410908}}_is1
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{73D78C7A-78F2-476F-86FF-9025EA410908}}_is1
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{73D78C7A-78F2-476F-86FF-9025EA410908}}_is1
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{73D78C7A-78F2-476F-86FF-9025EA410908}}_is1
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{73D78C7A-78F2-476F-86FF-9025EA410908}}_is1
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{73D78C7A-78F2-476F-86FF-9025EA410908}}_is1
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{73D78C7A-78F2-476F-86FF-9025EA410908}}_is1
|
NoRepair
|
There are 7 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
33A0000
|
direct allocation
|
page read and write
|
|
|
|
1660000
|
direct allocation
|
page read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
2200000
|
direct allocation
|
page read and write
|
||
|
1DFBAA48000
|
heap
|
page read and write
|
||
|
710000
|
trusted library allocation
|
page read and write
|
||
|
1C910900000
|
heap
|
page read and write
|
||
|
1DFBA920000
|
trusted library allocation
|
page read and write
|
||
|
75B4EFB000
|
stack
|
page read and write
|
||
|
1396000
|
unkown
|
page execute and write copy
|
||
|
622000
|
heap
|
page read and write
|
||
|
426D000
|
trusted library allocation
|
page read and write
|
||
|
612000
|
heap
|
page read and write
|
||
|
1D2B682F000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
4222000
|
trusted library allocation
|
page read and write
|
||
|
1D7C9302000
|
heap
|
page read and write
|
||
|
1D7C9313000
|
heap
|
page read and write
|
||
|
1C910B02000
|
heap
|
page read and write
|
||
|
10017000
|
direct allocation
|
page read and write
|
||
|
4AE000
|
unkown
|
page read and write
|
||
|
B279AFF000
|
stack
|
page read and write
|
||
|
75B537F000
|
stack
|
page read and write
|
||
|
23A9E970000
|
trusted library allocation
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
23A9E950000
|
trusted library allocation
|
page read and write
|
||
|
1C910AB9000
|
heap
|
page read and write
|
||
|
188F2843000
|
heap
|
page read and write
|
||
|
2070000
|
trusted library allocation
|
page read and write
|
||
|
FB543FF000
|
stack
|
page read and write
|
||
|
BD4000
|
unkown
|
page readonly
|
||
|
278E000
|
stack
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
424F000
|
trusted library allocation
|
page read and write
|
||
|
4BC000
|
unkown
|
page readonly
|
||
|
1BE07B000
|
stack
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
75B4C7A000
|
stack
|
page read and write
|
||
|
21D0000
|
direct allocation
|
page read and write
|
||
|
24FFF990000
|
trusted library allocation
|
page read and write
|
||
|
10010000
|
direct allocation
|
page readonly
|
||
|
3891000
|
heap
|
page read and write
|
||
|
59CF7FE000
|
stack
|
page read and write
|
||
|
24FFF8F0000
|
heap
|
page read and write
|
||
|
23A9EA78000
|
heap
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
415E000
|
stack
|
page read and write
|
||
|
424F000
|
trusted library allocation
|
page read and write
|
||
|
2C9CCFE000
|
stack
|
page read and write
|
||
|
23A9F430000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
1C910990000
|
trusted library allocation
|
page read and write
|
||
|
2C9CEFE000
|
stack
|
page read and write
|
||
|
1D7C925A000
|
heap
|
page read and write
|
||
|
1DFBA990000
|
trusted library allocation
|
page read and write
|
||
|
24FFFA13000
|
heap
|
page read and write
|
||
|
2090000
|
heap
|
page read and write
|
||
|
426D000
|
trusted library allocation
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
5B5000
|
heap
|
page read and write
|
||
|
343D000
|
stack
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
1D2B67E0000
|
trusted library allocation
|
page read and write
|
||
|
24FFFA7A000
|
heap
|
page read and write
|
||
|
452000
|
unkown
|
page execute and read and write
|
||
|
410000
|
unkown
|
page readonly
|
||
|
43C2000
|
trusted library allocation
|
page read and write
|
||
|
21D4000
|
direct allocation
|
page read and write
|
||
|
1DFBA900000
|
trusted library allocation
|
page read and write
|
||
|
426D000
|
trusted library allocation
|
page read and write
|
||
|
23A9EA13000
|
heap
|
page read and write
|
||
|
23A9F322000
|
heap
|
page read and write
|
||
|
1DFBA7A0000
|
heap
|
page read and write
|
||
|
3C1F000
|
stack
|
page read and write
|
||
|
188F2846000
|
heap
|
page read and write
|
||
|
23A9F3C7000
|
heap
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
1DFBA9D0000
|
remote allocation
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
23A9F402000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
1392000
|
unkown
|
page execute and write copy
|
||
|
23A9EA29000
|
heap
|
page read and write
|
||
|
24FFFA55000
|
heap
|
page read and write
|
||
|
23A9F413000
|
heap
|
page read and write
|
||
|
1630000
|
direct allocation
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
2C9CDFE000
|
stack
|
page read and write
|
||
|
43C2000
|
trusted library allocation
|
page read and write
|
||
|
75B4F79000
|
stack
|
page read and write
|
||
|
59CF3FF000
|
stack
|
page read and write
|
||
|
23A9EA3D000
|
heap
|
page read and write
|
||
|
24FFF900000
|
heap
|
page read and write
|
||
|
622000
|
heap
|
page read and write
|
||
|
1DFBAA8C000
|
heap
|
page read and write
|
||
|
188F2839000
|
heap
|
page read and write
|
||
|
426D000
|
trusted library allocation
|
page read and write
|
||
|
13A4000
|
unkown
|
page execute and write copy
|
||
|
424F000
|
trusted library allocation
|
page read and write
|
||
|
188F286E000
|
heap
|
page read and write
|
||
|
1DFBAB00000
|
heap
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
1398000
|
unkown
|
page execute and write copy
|
||
|
61B000
|
heap
|
page read and write
|
||
|
3890000
|
heap
|
page read and write
|
||
|
23A9F302000
|
heap
|
page read and write
|
||
|
1D2B6800000
|
heap
|
page read and write
|
||
|
40C000
|
unkown
|
page write copy
|
||
|
24FFFA36000
|
heap
|
page read and write
|
||
|
21A0000
|
direct allocation
|
page read and write
|
||
|
1DFBAB13000
|
heap
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
1625000
|
heap
|
page read and write
|
||
|
288F000
|
stack
|
page read and write
|
||
|
43C2000
|
trusted library allocation
|
page read and write
|
||
|
464E000
|
stack
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
47DE77E000
|
stack
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
2E47A650000
|
heap
|
page read and write
|
||
|
23A9E7F0000
|
heap
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
BCC000
|
unkown
|
page readonly
|
||
|
1BE27D000
|
stack
|
page read and write
|
||
|
59CF8FD000
|
stack
|
page read and write
|
||
|
B2797FD000
|
stack
|
page read and write
|
||
|
24FFFA6E000
|
heap
|
page read and write
|
||
|
23A9EA4D000
|
heap
|
page read and write
|
||
|
188F3002000
|
trusted library allocation
|
page read and write
|
||
|
188F283C000
|
heap
|
page read and write
|
||
|
23A9EBB9000
|
heap
|
page read and write
|
||
|
2AF0000
|
direct allocation
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
1DFBAA72000
|
heap
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
1394000
|
unkown
|
page execute and write copy
|
||
|
2E47A85C000
|
heap
|
page read and write
|
||
|
3ADF000
|
stack
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
43C5000
|
trusted library allocation
|
page read and write
|
||
|
1DFBAA4B000
|
heap
|
page read and write
|
||
|
626000
|
heap
|
page read and write
|
||
|
426D000
|
trusted library allocation
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
188F285B000
|
heap
|
page read and write
|
||
|
BC1000
|
unkown
|
page execute read
|
||
|
23A9EA3C000
|
heap
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
1D7C9200000
|
heap
|
page read and write
|
||
|
1762000
|
heap
|
page read and write
|
||
|
FB540FB000
|
stack
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
BC1000
|
unkown
|
page execute read
|
||
|
13AA000
|
unkown
|
page execute and write copy
|
||
|
23A9EA91000
|
heap
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
1D7C9000000
|
heap
|
page read and write
|
||
|
188F2861000
|
heap
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
E58697D000
|
stack
|
page read and write
|
||
|
1C910A86000
|
heap
|
page read and write
|
||
|
329F000
|
stack
|
page read and write
|
||
|
1D2B7002000
|
trusted library allocation
|
page read and write
|
||
|
188F2863000
|
heap
|
page read and write
|
||
|
603000
|
heap
|
page read and write
|
||
|
1500000
|
heap
|
page read and write
|
||
|
2E47A813000
|
heap
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
24FFFB02000
|
heap
|
page read and write
|
||
|
1C911300000
|
heap
|
page read and write
|
||
|
61A000
|
heap
|
page read and write
|
||
|
426D000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
70E000
|
stack
|
page read and write
|
||
|
209F000
|
stack
|
page read and write
|
||
|
1D2B6829000
|
heap
|
page read and write
|
||
|
23A9F202000
|
heap
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
1DFBAA58000
|
heap
|
page read and write
|
||
|
30000
|
trusted library allocation
|
page read and write
|
||
|
10001000
|
direct allocation
|
page execute read
|
||
|
5DA000
|
heap
|
page read and write
|
||
|
10002000
|
unkown
|
page readonly
|
||
|
1D7C9070000
|
heap
|
page read and write
|
||
|
1D2B683E000
|
heap
|
page read and write
|
||
|
3D9E000
|
stack
|
page read and write
|
||
|
1BE37E000
|
stack
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
1C910AC2000
|
heap
|
page read and write
|
||
|
2E47A7E0000
|
remote allocation
|
page read and write
|
||
|
1C9108F0000
|
heap
|
page read and write
|
||
|
75B527F000
|
stack
|
page read and write
|
||
|
1DFBAA4B000
|
heap
|
page read and write
|
||
|
188F2847000
|
heap
|
page read and write
|
||
|
23A9E850000
|
heap
|
page read and write
|
||
|
1D2B66E0000
|
heap
|
page read and write
|
||
|
188F2858000
|
heap
|
page read and write
|
||
|
424F000
|
trusted library allocation
|
page read and write
|
||
|
188F2848000
|
heap
|
page read and write
|
||
|
23A9EA00000
|
heap
|
page read and write
|
||
|
15FE000
|
stack
|
page read and write
|
||
|
59CF17E000
|
stack
|
page read and write
|
||
|
20B4000
|
direct allocation
|
page read and write
|
||
|
188F2830000
|
heap
|
page read and write
|
||
|
1C910ACA000
|
heap
|
page read and write
|
||
|
426D000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
23A9F354000
|
heap
|
page read and write
|
||
|
E58647E000
|
stack
|
page read and write
|
||
|
188F2866000
|
heap
|
page read and write
|
||
|
199000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
23A9F400000
|
heap
|
page read and write
|
||
|
3F0E000
|
stack
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
1773000
|
heap
|
page read and write
|
||
|
188F2827000
|
heap
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
1C911332000
|
heap
|
page read and write
|
||
|
1DFBAA5B000
|
heap
|
page read and write
|
||
|
B2799FC000
|
stack
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
1C910A13000
|
heap
|
page read and write
|
||
|
2E47A7E0000
|
remote allocation
|
page read and write
|
||
|
E5867FD000
|
stack
|
page read and write
|
||
|
B2793FF000
|
stack
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
23A9EA86000
|
heap
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
59CED5B000
|
stack
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
3EB0000
|
heap
|
page read and write
|
||
|
1D7C922A000
|
heap
|
page read and write
|
||
|
424F000
|
trusted library allocation
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
426D000
|
trusted library allocation
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
1DFBA9D0000
|
remote allocation
|
page read and write
|
||
|
1BDF7F000
|
stack
|
page read and write
|
||
|
424F000
|
trusted library allocation
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
43C2000
|
trusted library allocation
|
page read and write
|
||
|
20C0000
|
heap
|
page read and write
|
||
|
1BE77F000
|
stack
|
page read and write
|
||
|
3C5E000
|
stack
|
page read and write
|
||
|
23A9F3BC000
|
heap
|
page read and write
|
||
|
39DE000
|
stack
|
page read and write
|
||
|
23A9EA54000
|
heap
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
B27967C000
|
stack
|
page read and write
|
||
|
2B30000
|
trusted library allocation
|
page read and write
|
||
|
1D7C9A02000
|
trusted library allocation
|
page read and write
|
||
|
188F287C000
|
heap
|
page read and write
|
||
|
1530000
|
heap
|
page read and write
|
||
|
2E47A802000
|
heap
|
page read and write
|
||
|
400A000
|
stack
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
3090000
|
heap
|
page read and write
|
||
|
1C910A00000
|
heap
|
page read and write
|
||
|
410000
|
unkown
|
page readonly
|
||
|
3D5F000
|
stack
|
page read and write
|
||
|
1BDE7B000
|
stack
|
page read and write
|
||
|
47DE57A000
|
stack
|
page read and write
|
||
|
424F000
|
trusted library allocation
|
page read and write
|
||
|
1DFBAA2A000
|
heap
|
page read and write
|
||
|
15BE000
|
stack
|
page read and write
|
||
|
23A9EBE5000
|
heap
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
2E47A7B0000
|
trusted library allocation
|
page read and write
|
||
|
188F2800000
|
heap
|
page read and write
|
||
|
188F2902000
|
heap
|
page read and write
|
||
|
1BE17E000
|
stack
|
page read and write
|
||
|
E585F4B000
|
stack
|
page read and write
|
||
|
1C910A3D000
|
heap
|
page read and write
|
||
|
2E47A83D000
|
heap
|
page read and write
|
||
|
424F000
|
trusted library allocation
|
page read and write
|
||
|
1DFBAA02000
|
heap
|
page read and write
|
||
|
188F282A000
|
heap
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
24FFFA00000
|
heap
|
page read and write
|
||
|
426D000
|
trusted library allocation
|
page read and write
|
||
|
21A0000
|
direct allocation
|
page read and write
|
||
|
726000
|
heap
|
page read and write
|
||
|
1DFBAB18000
|
heap
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
BD2000
|
unkown
|
page write copy
|
||
|
304F000
|
stack
|
page read and write
|
||
|
426D000
|
trusted library allocation
|
page read and write
|
||
|
426D000
|
trusted library allocation
|
page read and write
|
||
|
2C9CFFF000
|
stack
|
page read and write
|
||
|
1510000
|
trusted library allocation
|
page read and write
|
||
|
1D7C9170000
|
trusted library allocation
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
1D2B6680000
|
heap
|
page read and write
|
||
|
47DE47F000
|
stack
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
188F284F000
|
heap
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
3B1E000
|
stack
|
page read and write
|
||
|
23A9E7E0000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
61E000
|
heap
|
page read and write
|
||
|
24FFFA29000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
75B547F000
|
stack
|
page read and write
|
||
|
188F287B000
|
heap
|
page read and write
|
||
|
43C5000
|
trusted library allocation
|
page read and write
|
||
|
16B0000
|
heap
|
page read and write
|
||
|
1DFBAA00000
|
heap
|
page read and write
|
||
|
157E000
|
stack
|
page read and write
|
||
|
3990000
|
trusted library allocation
|
page read and write
|
||
|
1C910A29000
|
heap
|
page read and write
|
||
|
23A9EA46000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
FB541FB000
|
stack
|
page read and write
|
||
|
188F287F000
|
heap
|
page read and write
|
||
|
38A2000
|
heap
|
page read and write
|
||
|
E58687F000
|
stack
|
page read and write
|
||
|
75B4DFF000
|
stack
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
1D2B6836000
|
heap
|
page read and write
|
||
|
10019000
|
direct allocation
|
page readonly
|
||
|
139A000
|
unkown
|
page execute and write copy
|
||
|
3891000
|
heap
|
page read and write
|
||
|
E58667D000
|
stack
|
page read and write
|
||
|
188F282C000
|
heap
|
page read and write
|
||
|
431A000
|
trusted library allocation
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
1273000
|
unkown
|
page readonly
|
||
|
2C9CA7B000
|
stack
|
page read and write
|
||
|
2040000
|
direct allocation
|
page execute and read and write
|
||
|
25000002000
|
trusted library allocation
|
page read and write
|
||
|
E5866FF000
|
stack
|
page read and write
|
||
|
23A9EA7A000
|
heap
|
page read and write
|
||
|
2E47A6B0000
|
heap
|
page read and write
|
||
|
E5863FE000
|
stack
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
B27957C000
|
stack
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
BD2000
|
unkown
|
page read and write
|
||
|
24FFFA40000
|
heap
|
page read and write
|
||
|
12B9000
|
unkown
|
page readonly
|
||
|
23A9F3CF000
|
heap
|
page read and write
|
||
|
28DE000
|
stack
|
page read and write
|
||
|
2750000
|
direct allocation
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
10000000
|
direct allocation
|
page read and write
|
||
|
188F282E000
|
heap
|
page read and write
|
||
|
12BA000
|
unkown
|
page execute and write copy
|
||
|
622000
|
heap
|
page read and write
|
||
|
424F000
|
trusted library allocation
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
E58657E000
|
stack
|
page read and write
|
||
|
23A9F300000
|
heap
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
48C000
|
unkown
|
page read and write
|
||
|
1DFBA950000
|
trusted library allocation
|
page read and write
|
||
|
423C000
|
trusted library allocation
|
page read and write
|
||
|
23A9F3D2000
|
heap
|
page read and write
|
||
|
23A9F36D000
|
heap
|
page read and write
|
||
|
B2798FE000
|
stack
|
page read and write
|
||
|
43C2000
|
trusted library allocation
|
page read and write
|
||
|
23A9EA6B000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
47DE67F000
|
stack
|
page read and write
|
||
|
21E4000
|
direct allocation
|
page read and write
|
||
|
188F285D000
|
heap
|
page read and write
|
||
|
B27907B000
|
stack
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
1DFBAA5B000
|
heap
|
page read and write
|
||
|
1600000
|
direct allocation
|
page read and write
|
||
|
424F000
|
trusted library allocation
|
page read and write
|
||
|
2E47A902000
|
heap
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
23A9F3AC000
|
heap
|
page read and write
|
||
|
3990000
|
trusted library allocation
|
page read and write
|
||
|
2E47A800000
|
heap
|
page read and write
|
||
|
1C911202000
|
heap
|
page read and write
|
||
|
29DF000
|
stack
|
page read and write
|
||
|
21FC000
|
direct allocation
|
page read and write
|
||
|
23A9EA8F000
|
heap
|
page read and write
|
||
|
424F000
|
trusted library allocation
|
page read and write
|
||
|
13B0000
|
unkown
|
page execute and write copy
|
||
|
24FFFB13000
|
heap
|
page read and write
|
||
|
560000
|
trusted library allocation
|
page read and write
|
||
|
1FCF000
|
stack
|
page read and write
|
||
|
353F000
|
stack
|
page read and write
|
||
|
2E47A640000
|
heap
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
75B507E000
|
stack
|
page read and write
|
||
|
188F2780000
|
heap
|
page read and write
|
||
|
424C000
|
trusted library allocation
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
1D2B6849000
|
heap
|
page read and write
|
||
|
1D7C9213000
|
heap
|
page read and write
|
||
|
1D2B6853000
|
heap
|
page read and write
|
||
|
24FFFB00000
|
heap
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
426D000
|
trusted library allocation
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
23A9F343000
|
heap
|
page read and write
|
||
|
405E000
|
stack
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
24FFF960000
|
heap
|
page read and write
|
||
|
188F283A000
|
heap
|
page read and write
|
||
|
4BC000
|
unkown
|
page readonly
|
||
|
43C2000
|
trusted library allocation
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
188F286B000
|
heap
|
page read and write
|
||
|
200E000
|
stack
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
179B000
|
heap
|
page read and write
|
||
|
708000
|
heap
|
page read and write
|
||
|
46F000
|
unkown
|
page readonly
|
||
|
DAA000
|
heap
|
page read and write
|
||
|
2E47A824000
|
heap
|
page read and write
|
||
|
3E9F000
|
stack
|
page read and write
|
||
|
188F2F40000
|
trusted library allocation
|
page read and write
|
||
|
1DFBAB02000
|
heap
|
page read and write
|
||
|
75B517A000
|
stack
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
2750000
|
direct allocation
|
page read and write
|
||
|
59CF5FC000
|
stack
|
page read and write
|
||
|
B2794FF000
|
stack
|
page read and write
|
||
|
18F000
|
stack
|
page read and write
|
||
|
188F2770000
|
heap
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
1BE47F000
|
stack
|
page read and write
|
||
|
1D7C9270000
|
heap
|
page read and write
|
||
|
1001A000
|
direct allocation
|
page read and write
|
||
|
215C000
|
direct allocation
|
page read and write
|
||
|
2C9CAFE000
|
stack
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
97000
|
stack
|
page read and write
|
||
|
1DFBAA25000
|
heap
|
page read and write
|
||
|
1D2B6813000
|
heap
|
page read and write
|
||
|
1610000
|
direct allocation
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
23A9EA8B000
|
heap
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
23A9F38E000
|
heap
|
page read and write
|
||
|
43C2000
|
trusted library allocation
|
page read and write
|
||
|
24FFFA02000
|
heap
|
page read and write
|
||
|
1C910960000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
5A0000
|
trusted library allocation
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
188F2859000
|
heap
|
page read and write
|
||
|
20C4000
|
heap
|
page read and write
|
||
|
1DFBAA3D000
|
heap
|
page read and write
|
||
|
FB53BCC000
|
stack
|
page read and write
|
||
|
1620000
|
heap
|
page read and write
|
||
|
1D7C9278000
|
heap
|
page read and write
|
||
|
75B4A7B000
|
stack
|
page read and write
|
||
|
1D2B6844000
|
heap
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
BD4000
|
unkown
|
page readonly
|
||
|
1DFBAA13000
|
heap
|
page read and write
|
||
|
2E47B002000
|
trusted library allocation
|
page read and write
|
||
|
1C910A6D000
|
heap
|
page read and write
|
||
|
43C2000
|
trusted library allocation
|
page read and write
|
||
|
20A0000
|
direct allocation
|
page read and write
|
||
|
23A9EA2C000
|
heap
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
23A9F427000
|
heap
|
page read and write
|
||
|
1D2B6802000
|
heap
|
page read and write
|
||
|
3990000
|
trusted library allocation
|
page read and write
|
||
|
1D7C9262000
|
heap
|
page read and write
|
||
|
1D2B6690000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
8FC000
|
stack
|
page read and write
|
||
|
1690000
|
direct allocation
|
page read and write
|
||
|
1DFBA790000
|
heap
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
FB542FE000
|
stack
|
page read and write
|
||
|
23A9EB13000
|
heap
|
page read and write
|
||
|
59CF4FF000
|
stack
|
page read and write
|
||
|
2390000
|
trusted library allocation
|
page read and write
|
||
|
415C000
|
stack
|
page read and write
|
||
|
188F286C000
|
heap
|
page read and write
|
||
|
BCC000
|
unkown
|
page readonly
|
||
|
32B1000
|
trusted library allocation
|
page read and write
|
||
|
1BE57F000
|
stack
|
page read and write
|
||
|
23A9F322000
|
heap
|
page read and write
|
||
|
188F2841000
|
heap
|
page read and write
|
||
|
21CF000
|
stack
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
21E4000
|
direct allocation
|
page read and write
|
||
|
1DFBA9D0000
|
remote allocation
|
page read and write
|
||
|
1DFBC402000
|
trusted library allocation
|
page read and write
|
||
|
1BDC7B000
|
stack
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
2E47A857000
|
heap
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
2E47A7E0000
|
remote allocation
|
page read and write
|
||
|
75B53FF000
|
stack
|
page read and write
|
||
|
4242000
|
trusted library allocation
|
page read and write
|
||
|
1C910AE0000
|
heap
|
page read and write
|
||
|
21FD000
|
direct allocation
|
page read and write
|
||
|
1DFBAA66000
|
heap
|
page read and write
|
||
|
43C2000
|
trusted library allocation
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
188F27E0000
|
heap
|
page read and write
|
||
|
1D7C9010000
|
heap
|
page read and write
|
||
|
B2796FC000
|
stack
|
page read and write
|
||
|
23A9EB8C000
|
heap
|
page read and write
|
||
|
421A000
|
trusted library allocation
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
319F000
|
stack
|
page read and write
|
||
|
23A9F423000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
48C000
|
unkown
|
page write copy
|
||
|
1C910AE2000
|
heap
|
page read and write
|
||
|
17AB000
|
heap
|
page read and write
|
||
|
2C9CB7E000
|
stack
|
page read and write
|
||
|
4AF000
|
unkown
|
page write copy
|
||
|
1534000
|
heap
|
page read and write
|
||
|
188F2813000
|
heap
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
BC0000
|
unkown
|
page readonly
|
||
|
47DDF3B000
|
stack
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
20B8000
|
direct allocation
|
page read and write
|
||
|
1D2B6902000
|
heap
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
474C000
|
stack
|
page read and write
|
||
|
13B2000
|
unkown
|
page execute and write copy
|
||
|
1D7C923C000
|
heap
|
page read and write
|
||
|
59CF6FC000
|
stack
|
page read and write
|
||
|
23A9EA6D000
|
heap
|
page read and write
|
||
|
188F2878000
|
heap
|
page read and write
|
||
|
188F2864000
|
heap
|
page read and write
|
||
|
13AC000
|
unkown
|
page execute and write copy
|
||
|
626000
|
heap
|
page read and write
|
||
|
626000
|
heap
|
page read and write
|
||
|
188F2868000
|
heap
|
page read and write
|
||
|
20B1000
|
direct allocation
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
B27927B000
|
stack
|
page read and write
|
||
|
51D000
|
stack
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
20B1000
|
direct allocation
|
page read and write
|
||
|
1DFBA800000
|
heap
|
page read and write
|
||
|
59CF2FE000
|
stack
|
page read and write
|
||
|
1BE67F000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3891000
|
heap
|
page read and write
|
||
|
16BA000
|
heap
|
page read and write
|
||
|
3050000
|
direct allocation
|
page read and write
|
||
|
188F2885000
|
heap
|
page read and write
|
||
|
43C2000
|
trusted library allocation
|
page read and write
|
||
|
580000
|
trusted library allocation
|
page read and write
|
||
|
62C000
|
heap
|
page read and write
|
||
|
5CE000
|
stack
|
page read and write
|
||
|
2E47A81F000
|
heap
|
page read and write
|
||
|
1C910B13000
|
heap
|
page read and write
|
||
|
BC0000
|
unkown
|
page readonly
|
||
|
1D7C9202000
|
heap
|
page read and write
|
||
|
188F2860000
|
heap
|
page read and write
|
There are 562 hidden memdumps, click here to show them.