Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, InnoSetup self-extracting archive
|
initial sample
|
 |
|
|
C:\Program Files (x86)\PrintFolders\Russian.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\PrintFolders\is-6TIMV.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\PrintFolders\is-NNEQH.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\PrintFolders\ntFolders.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Program Files (x86)\PrintFolders\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-O82Q5.tmp\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-O82Q5.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-U0OJH.tmp\is-188R9.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\{e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}\LUxJPTIXtIs.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\PrintFolders\Guide.chm (copy)
|
MS Windows HtmlHelp Data
|
dropped
|
||
|
C:\Program Files (x86)\PrintFolders\History.txt (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\PrintFolders\License.txt (copy)
|
RAGE Package Format (RPF),
|
dropped
|
||
|
C:\Program Files (x86)\PrintFolders\is-10I42.tmp
|
RAGE Package Format (RPF),
|
dropped
|
||
|
C:\Program Files (x86)\PrintFolders\is-4GA3L.tmp
|
MS Windows HtmlHelp Data
|
dropped
|
||
|
C:\Program Files (x86)\PrintFolders\is-BNMLH.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\PrintFolders\is-JKI8Q.tmp
|
data
|
dropped
|
||
|
C:\Program Files (x86)\PrintFolders\unins000.dat
|
InnoSetup Log PrintFolders {3C248D7A-78F2-476F-86FF-34610A9B2E85}, version 0x2a, 3804 bytes, 618321\user, "C:\Program Files
(x86)\PrintFolders"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\fuckingdllENCR[1].dll
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ping[1].htm
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\library[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\count[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\library[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-O82Q5.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
There are 14 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\PrintFolders\ntFolders.exe
|
"C:\Program Files (x86)\PrintFolders\ntFolders.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\{e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}\LUxJPTIXtIs.exe
|
|
|
|
|
C:\Users\user\Desktop\file.exe
|
C:\Users\user\Desktop\file.exe
|
||
|
C:\Users\user\AppData\Local\Temp\is-U0OJH.tmp\is-188R9.tmp
|
"C:\Users\user\AppData\Local\Temp\is-U0OJH.tmp\is-188R9.tmp" /SL4 $402C2 "C:\Users\user\Desktop\file.exe" 2023066 96256
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c taskkill /im "ntFolders.exe" /f & erase "C:\Program Files (x86)\PrintFolders\ntFolders.exe"
& exit
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\taskkill.exe
|
taskkill /im "ntFolders.exe" /f
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://171.22.30.106/library.phpY
|
unknown
|
|
|
|
http://45.139.105.171/itsnotmalware/count.php?sub=NOSUB&stream=mixtwo&substream=mixinte
|
45.139.105.171
|
|
|
|
http://107.182.129.235/storage/ping.php
|
107.182.129.235
|
|
|
|
http://171.22.30.106/library.php
|
171.22.30.106
|
|
|
|
http://107.182.129.235/storage/extension.php
|
107.182.129.235
|
|
|
|
http://www.innosetup.com/
|
unknown
|
||
|
http://www.remobjects.com/?ps
|
unknown
|
||
|
http://45.139.10
|
unknown
|
||
|
http://www.innosetup.com
|
unknown
|
||
|
http://www.innosetup.comDVarFileInfo$
|
unknown
|
||
|
http://www.remobjects.com/?psU
|
unknown
|
There are 1 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
windowsupdatebg.s.llnwi.net
|
178.79.242.0
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.139.105.171
|
unknown
|
Italy
|
|
|
|
45.139.105.1
|
unknown
|
Italy
|
|
|
|
85.31.46.167
|
unknown
|
Germany
|
|
|
|
107.182.129.235
|
unknown
|
Reserved
|
|
|
|
171.22.30.106
|
unknown
|
Germany
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Audpoint Software\PrintFolders
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3C248D7A-78F2-476F-86FF-34610A9B2E85}}_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3C248D7A-78F2-476F-86FF-34610A9B2E85}}_is1
|
Inno Setup: App Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3C248D7A-78F2-476F-86FF-34610A9B2E85}}_is1
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3C248D7A-78F2-476F-86FF-34610A9B2E85}}_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3C248D7A-78F2-476F-86FF-34610A9B2E85}}_is1
|
Inno Setup: User
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3C248D7A-78F2-476F-86FF-34610A9B2E85}}_is1
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3C248D7A-78F2-476F-86FF-34610A9B2E85}}_is1
|
DisplayIcon
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3C248D7A-78F2-476F-86FF-34610A9B2E85}}_is1
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3C248D7A-78F2-476F-86FF-34610A9B2E85}}_is1
|
QuietUninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3C248D7A-78F2-476F-86FF-34610A9B2E85}}_is1
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3C248D7A-78F2-476F-86FF-34610A9B2E85}}_is1
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3C248D7A-78F2-476F-86FF-34610A9B2E85}}_is1
|
NoRepair
|
There are 3 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
31D0000
|
direct allocation
|
page read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
3330000
|
direct allocation
|
page read and write
|
|
|
|
237F9AE0000
|
heap
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
1640000
|
trusted library allocation
|
page read and write
|
||
|
153B000
|
unkown
|
page execute and write copy
|
||
|
1D322229000
|
heap
|
page read and write
|
||
|
2F30000
|
direct allocation
|
page read and write
|
||
|
FA8AFF000
|
stack
|
page read and write
|
||
|
28B455B0000
|
heap
|
page read and write
|
||
|
19F42241000
|
heap
|
page read and write
|
||
|
65A000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
D10000
|
unkown
|
page readonly
|
||
|
43A0000
|
trusted library allocation
|
page read and write
|
||
|
5D0000
|
trusted library allocation
|
page read and write
|
||
|
1D322A02000
|
trusted library allocation
|
page read and write
|
||
|
19F42070000
|
heap
|
page read and write
|
||
|
2E82704B000
|
heap
|
page read and write
|
||
|
F3AB47C000
|
stack
|
page read and write
|
||
|
19F42200000
|
heap
|
page read and write
|
||
|
44F2000
|
trusted library allocation
|
page read and write
|
||
|
289CCE52000
|
heap
|
page read and write
|
||
|
D22000
|
unkown
|
page write copy
|
||
|
31EF000
|
stack
|
page read and write
|
||
|
28B44D8E000
|
heap
|
page read and write
|
||
|
4382000
|
trusted library allocation
|
page read and write
|
||
|
D619BBB000
|
stack
|
page read and write
|
||
|
B217D2C000
|
stack
|
page read and write
|
||
|
28B44B80000
|
heap
|
page read and write
|
||
|
15126858000
|
heap
|
page read and write
|
||
|
D61A7FF000
|
stack
|
page read and write
|
||
|
656000
|
heap
|
page read and write
|
||
|
268FB7D0000
|
heap
|
page read and write
|
||
|
1655000
|
heap
|
page read and write
|
||
|
268FBA02000
|
heap
|
page read and write
|
||
|
268FBA13000
|
heap
|
page read and write
|
||
|
418E000
|
stack
|
page read and write
|
||
|
4AF000
|
unkown
|
page write copy
|
||
|
21A4000
|
direct allocation
|
page read and write
|
||
|
3FFC000
|
stack
|
page read and write
|
||
|
28B45522000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
C6E4CFF000
|
stack
|
page read and write
|
||
|
1512686E000
|
heap
|
page read and write
|
||
|
21E5000
|
direct allocation
|
page read and write
|
||
|
76F000
|
stack
|
page read and write
|
||
|
FA8BFF000
|
stack
|
page read and write
|
||
|
44F2000
|
trusted library allocation
|
page read and write
|
||
|
1D322255000
|
heap
|
page read and write
|
||
|
268FBA20000
|
heap
|
page read and write
|
||
|
336F000
|
stack
|
page read and write
|
||
|
289CCF00000
|
heap
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
76D000
|
stack
|
page read and write
|
||
|
D24000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
152B000
|
unkown
|
page execute and write copy
|
||
|
D1C000
|
unkown
|
page readonly
|
||
|
28B45512000
|
heap
|
page read and write
|
||
|
520000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
D1C000
|
unkown
|
page readonly
|
||
|
2E82703E000
|
heap
|
page read and write
|
||
|
15126800000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
43A0000
|
trusted library allocation
|
page read and write
|
||
|
1512685A000
|
heap
|
page read and write
|
||
|
175A000
|
heap
|
page read and write
|
||
|
28B44C3C000
|
heap
|
page read and write
|
||
|
A9D17FE000
|
stack
|
page read and write
|
||
|
43A0000
|
trusted library allocation
|
page read and write
|
||
|
28B45613000
|
heap
|
page read and write
|
||
|
15126860000
|
heap
|
page read and write
|
||
|
12B5000
|
unkown
|
page execute and write copy
|
||
|
44F2000
|
trusted library allocation
|
page read and write
|
||
|
237F9CC6000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
28B455BC000
|
heap
|
page read and write
|
||
|
1460000
|
unkown
|
page execute and write copy
|
||
|
268FBFD0000
|
remote allocation
|
page read and write
|
||
|
19F42229000
|
heap
|
page read and write
|
||
|
FA86FF000
|
stack
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
289CCD70000
|
trusted library allocation
|
page read and write
|
||
|
19F42A02000
|
trusted library allocation
|
page read and write
|
||
|
2054000
|
direct allocation
|
page read and write
|
||
|
151267C0000
|
trusted library allocation
|
page read and write
|
||
|
28B45370000
|
trusted library allocation
|
page read and write
|
||
|
B21837C000
|
stack
|
page read and write
|
||
|
18F000
|
stack
|
page read and write
|
||
|
A9D14F9000
|
stack
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
4372000
|
trusted library allocation
|
page read and write
|
||
|
4382000
|
trusted library allocation
|
page read and write
|
||
|
1FA4000
|
direct allocation
|
page read and write
|
||
|
4382000
|
trusted library allocation
|
page read and write
|
||
|
D61A1FF000
|
stack
|
page read and write
|
||
|
1476000
|
unkown
|
page execute and write copy
|
||
|
1D32221F000
|
heap
|
page read and write
|
||
|
477E000
|
stack
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
3881000
|
heap
|
page read and write
|
||
|
7D0000
|
trusted library allocation
|
page read and write
|
||
|
19F42213000
|
heap
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
2E827000000
|
heap
|
page read and write
|
||
|
44F2000
|
trusted library allocation
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
1650000
|
heap
|
page read and write
|
||
|
43A0000
|
trusted library allocation
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
D63DFE000
|
stack
|
page read and write
|
||
|
19F4225B000
|
heap
|
page read and write
|
||
|
75C000
|
heap
|
page read and write
|
||
|
FA85FC000
|
stack
|
page read and write
|
||
|
237F9C29000
|
heap
|
page read and write
|
||
|
31CF000
|
stack
|
page read and write
|
||
|
2E827013000
|
heap
|
page read and write
|
||
|
3220000
|
heap
|
page read and write
|
||
|
2E82704C000
|
heap
|
page read and write
|
||
|
1519000
|
unkown
|
page execute and write copy
|
||
|
3B0E000
|
stack
|
page read and write
|
||
|
B2185FF000
|
stack
|
page read and write
|
||
|
3D8E000
|
stack
|
page read and write
|
||
|
176B000
|
heap
|
page read and write
|
||
|
19F42202000
|
heap
|
page read and write
|
||
|
620000
|
direct allocation
|
page execute and read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
1276000
|
unkown
|
page readonly
|
||
|
2720000
|
trusted library allocation
|
page read and write
|
||
|
2090000
|
direct allocation
|
page read and write
|
||
|
237F9B70000
|
trusted library allocation
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
21B4000
|
direct allocation
|
page read and write
|
||
|
6DE000
|
stack
|
page read and write
|
||
|
28B45630000
|
heap
|
page read and write
|
||
|
289CCE29000
|
heap
|
page read and write
|
||
|
289CCE67000
|
heap
|
page read and write
|
||
|
2E827113000
|
heap
|
page read and write
|
||
|
E128C7E000
|
stack
|
page read and write
|
||
|
428000
|
heap
|
page read and write
|
||
|
237FA513000
|
heap
|
page read and write
|
||
|
28B44BF0000
|
heap
|
page read and write
|
||
|
2E828C02000
|
trusted library allocation
|
page read and write
|
||
|
2E826F70000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
1512682D000
|
heap
|
page read and write
|
||
|
28B45630000
|
heap
|
page read and write
|
||
|
10001000
|
direct allocation
|
page execute read
|
||
|
268FBA75000
|
heap
|
page read and write
|
||
|
B2187FE000
|
stack
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
28B44C5A000
|
heap
|
page read and write
|
||
|
15126839000
|
heap
|
page read and write
|
||
|
15126873000
|
heap
|
page read and write
|
||
|
28B45402000
|
heap
|
page read and write
|
||
|
30C0000
|
heap
|
page read and write
|
||
|
237FA402000
|
heap
|
page read and write
|
||
|
2E827118000
|
heap
|
page read and write
|
||
|
237F9C00000
|
heap
|
page read and write
|
||
|
15126867000
|
heap
|
page read and write
|
||
|
308F000
|
stack
|
page read and write
|
||
|
1D322200000
|
heap
|
page read and write
|
||
|
AFC000
|
stack
|
page read and write
|
||
|
44F2000
|
trusted library allocation
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
1537000
|
unkown
|
page execute and write copy
|
||
|
D22000
|
unkown
|
page read and write
|
||
|
2E82702A000
|
heap
|
page read and write
|
||
|
237F9CCB000
|
heap
|
page read and write
|
||
|
2F30000
|
direct allocation
|
page read and write
|
||
|
289CCF02000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
43A0000
|
trusted library allocation
|
page read and write
|
||
|
19F42275000
|
heap
|
page read and write
|
||
|
B2184FA000
|
stack
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
1724000
|
heap
|
page read and write
|
||
|
268FB840000
|
heap
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
2E827026000
|
heap
|
page read and write
|
||
|
A9D15FE000
|
stack
|
page read and write
|
||
|
10017000
|
direct allocation
|
page read and write
|
||
|
268FBA00000
|
heap
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
1670000
|
heap
|
page read and write
|
||
|
15126839000
|
heap
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
3880000
|
heap
|
page read and write
|
||
|
153D000
|
unkown
|
page execute and write copy
|
||
|
FA89FF000
|
stack
|
page read and write
|
||
|
44F2000
|
trusted library allocation
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
237F9CBA000
|
heap
|
page read and write
|
||
|
D61A47D000
|
stack
|
page read and write
|
||
|
1D322190000
|
trusted library allocation
|
page read and write
|
||
|
E12887B000
|
stack
|
page read and write
|
||
|
19F42010000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
28B45602000
|
heap
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
19F4226A000
|
heap
|
page read and write
|
||
|
167A000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
268FBA29000
|
heap
|
page read and write
|
||
|
758000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
3892000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
410000
|
unkown
|
page readonly
|
||
|
28B45623000
|
heap
|
page read and write
|
||
|
C6E4EFD000
|
stack
|
page read and write
|
||
|
FA83FB000
|
stack
|
page read and write
|
||
|
174F000
|
heap
|
page read and write
|
||
|
C6E4C7E000
|
stack
|
page read and write
|
||
|
28B45543000
|
heap
|
page read and write
|
||
|
308E000
|
stack
|
page read and write
|
||
|
1D322247000
|
heap
|
page read and write
|
||
|
28B45600000
|
heap
|
page read and write
|
||
|
70A000
|
heap
|
page read and write
|
||
|
1462000
|
unkown
|
page execute and write copy
|
||
|
D63AFE000
|
stack
|
page read and write
|
||
|
434A000
|
trusted library allocation
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
FA84FE000
|
stack
|
page read and write
|
||
|
1512687C000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
43A0000
|
trusted library allocation
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
3EA0000
|
heap
|
page read and write
|
||
|
F3AB6FF000
|
stack
|
page read and write
|
||
|
44F2000
|
trusted library allocation
|
page read and write
|
||
|
289CCE64000
|
heap
|
page read and write
|
||
|
2E826F80000
|
heap
|
page read and write
|
||
|
146C000
|
unkown
|
page execute and write copy
|
||
|
237F9D13000
|
heap
|
page read and write
|
||
|
1470000
|
unkown
|
page execute and write copy
|
||
|
4382000
|
trusted library allocation
|
page read and write
|
||
|
1F90000
|
direct allocation
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
B21817A000
|
stack
|
page read and write
|
||
|
19F42277000
|
heap
|
page read and write
|
||
|
1FA8000
|
direct allocation
|
page read and write
|
||
|
33AE000
|
stack
|
page read and write
|
||
|
15126861000
|
heap
|
page read and write
|
||
|
28B4556D000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
26A0000
|
trusted library allocation
|
page read and write
|
||
|
1512686C000
|
heap
|
page read and write
|
||
|
FA87FD000
|
stack
|
page read and write
|
||
|
4382000
|
trusted library allocation
|
page read and write
|
||
|
3EFE000
|
stack
|
page read and write
|
||
|
43A0000
|
trusted library allocation
|
page read and write
|
||
|
237F9B40000
|
heap
|
page read and write
|
||
|
268FBFD0000
|
remote allocation
|
page read and write
|
||
|
33B0000
|
direct allocation
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
4382000
|
trusted library allocation
|
page read and write
|
||
|
237F9D02000
|
heap
|
page read and write
|
||
|
33FD000
|
stack
|
page read and write
|
||
|
2E827059000
|
heap
|
page read and write
|
||
|
21CC000
|
direct allocation
|
page read and write
|
||
|
4382000
|
trusted library allocation
|
page read and write
|
||
|
FA7FAC000
|
stack
|
page read and write
|
||
|
FA8CFF000
|
stack
|
page read and write
|
||
|
268FBA3C000
|
heap
|
page read and write
|
||
|
2700000
|
heap
|
page read and write
|
||
|
D61A4FB000
|
stack
|
page read and write
|
||
|
3ACF000
|
stack
|
page read and write
|
||
|
2F8E000
|
stack
|
page read and write
|
||
|
3390000
|
direct allocation
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
2E828A80000
|
trusted library allocation
|
page read and write
|
||
|
B2183F9000
|
stack
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
2E827065000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
414A000
|
stack
|
page read and write
|
||
|
28B44C00000
|
heap
|
page read and write
|
||
|
2090000
|
direct allocation
|
page read and write
|
||
|
F3ABAFE000
|
stack
|
page read and write
|
||
|
2E828B10000
|
trusted library allocation
|
page read and write
|
||
|
D63EFF000
|
stack
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
289CCE79000
|
heap
|
page read and write
|
||
|
44F2000
|
trusted library allocation
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
145C000
|
unkown
|
page execute and write copy
|
||
|
237F9AD0000
|
heap
|
page read and write
|
||
|
289CD602000
|
trusted library allocation
|
page read and write
|
||
|
28B45350000
|
trusted library allocation
|
page read and write
|
||
|
15126802000
|
heap
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
19F42302000
|
heap
|
page read and write
|
||
|
2E827100000
|
heap
|
page read and write
|
||
|
4355000
|
trusted library allocation
|
page read and write
|
||
|
1539000
|
unkown
|
page execute and write copy
|
||
|
D61A37C000
|
stack
|
page read and write
|
||
|
39CE000
|
stack
|
page read and write
|
||
|
4382000
|
trusted library allocation
|
page read and write
|
||
|
237FA537000
|
heap
|
page read and write
|
||
|
31F0000
|
direct allocation
|
page read and write
|
||
|
1512684D000
|
heap
|
page read and write
|
||
|
28B45627000
|
heap
|
page read and write
|
||
|
28B44D13000
|
heap
|
page read and write
|
||
|
15126650000
|
heap
|
page read and write
|
||
|
4AE000
|
unkown
|
page read and write
|
||
|
2E827049000
|
heap
|
page read and write
|
||
|
2E828AD0000
|
trusted library allocation
|
page read and write
|
||
|
F3AB5FF000
|
stack
|
page read and write
|
||
|
43A0000
|
trusted library allocation
|
page read and write
|
||
|
2E828B90000
|
remote allocation
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
268FBB02000
|
heap
|
page read and write
|
||
|
19F42000000
|
heap
|
page read and write
|
||
|
1D322110000
|
heap
|
page read and write
|
||
|
D11000
|
unkown
|
page execute read
|
||
|
15126841000
|
heap
|
page read and write
|
||
|
19F42273000
|
heap
|
page read and write
|
||
|
28B44C95000
|
heap
|
page read and write
|
||
|
FA88FF000
|
stack
|
page read and write
|
||
|
D61A2FE000
|
stack
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
452000
|
unkown
|
page execute and read and write
|
||
|
28B45522000
|
heap
|
page read and write
|
||
|
F3AB8FC000
|
stack
|
page read and write
|
||
|
1512682F000
|
heap
|
page read and write
|
||
|
EEA000
|
heap
|
page read and write
|
||
|
304F000
|
stack
|
page read and write
|
||
|
43A0000
|
trusted library allocation
|
page read and write
|
||
|
1472000
|
unkown
|
page execute and write copy
|
||
|
237FA500000
|
heap
|
page read and write
|
||
|
28B45502000
|
heap
|
page read and write
|
||
|
28B44C43000
|
heap
|
page read and write
|
||
|
C6E507D000
|
stack
|
page read and write
|
||
|
30EE000
|
stack
|
page read and write
|
||
|
28B45554000
|
heap
|
page read and write
|
||
|
C6E50FE000
|
stack
|
page read and write
|
||
|
15126832000
|
heap
|
page read and write
|
||
|
15126847000
|
heap
|
page read and write
|
||
|
28B44C43000
|
heap
|
page read and write
|
||
|
404E000
|
stack
|
page read and write
|
||
|
D63A7E000
|
stack
|
page read and write
|
||
|
3090000
|
direct allocation
|
page read and write
|
||
|
C6E4F7F000
|
stack
|
page read and write
|
||
|
47AF000
|
stack
|
page read and write
|
||
|
E128B7B000
|
stack
|
page read and write
|
||
|
43A0000
|
trusted library allocation
|
page read and write
|
||
|
237F9CE0000
|
heap
|
page read and write
|
||
|
237F9C44000
|
heap
|
page read and write
|
||
|
15126830000
|
heap
|
page read and write
|
||
|
4BC000
|
unkown
|
page readonly
|
||
|
43A0000
|
trusted library allocation
|
page read and write
|
||
|
1512685E000
|
heap
|
page read and write
|
||
|
28B45590000
|
heap
|
page read and write
|
||
|
10002000
|
unkown
|
page readonly
|
||
|
48C000
|
unkown
|
page write copy
|
||
|
15126883000
|
heap
|
page read and write
|
||
|
15126857000
|
heap
|
page read and write
|
||
|
28B45636000
|
heap
|
page read and write
|
||
|
3D4F000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
15126832000
|
heap
|
page read and write
|
||
|
15126660000
|
heap
|
page read and write
|
||
|
28B44DE5000
|
heap
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
15126864000
|
heap
|
page read and write
|
||
|
3241000
|
trusted library allocation
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
3FFE000
|
stack
|
page read and write
|
||
|
1FA1000
|
direct allocation
|
page read and write
|
||
|
145A000
|
unkown
|
page execute and write copy
|
||
|
1001A000
|
direct allocation
|
page read and write
|
||
|
19F42170000
|
trusted library allocation
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
15126869000
|
heap
|
page read and write
|
||
|
C6E51FD000
|
stack
|
page read and write
|
||
|
21CD000
|
direct allocation
|
page read and write
|
||
|
B2186FE000
|
stack
|
page read and write
|
||
|
219F000
|
stack
|
page read and write
|
||
|
28B44C7A000
|
heap
|
page read and write
|
||
|
15126863000
|
heap
|
page read and write
|
||
|
289CCE00000
|
heap
|
page read and write
|
||
|
D61A6FE000
|
stack
|
page read and write
|
||
|
3C4E000
|
stack
|
page read and write
|
||
|
1512685C000
|
heap
|
page read and write
|
||
|
2E828AA0000
|
trusted library allocation
|
page read and write
|
||
|
15126813000
|
heap
|
page read and write
|
||
|
28B45508000
|
heap
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
237F9C6E000
|
heap
|
page read and write
|
||
|
15126902000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
6F0000
|
trusted library allocation
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
D10000
|
unkown
|
page readonly
|
||
|
40C000
|
unkown
|
page write copy
|
||
|
3881000
|
heap
|
page read and write
|
||
|
3230000
|
trusted library allocation
|
page read and write
|
||
|
4BC000
|
unkown
|
page readonly
|
||
|
D61A5FD000
|
stack
|
page read and write
|
||
|
F3AB9FC000
|
stack
|
page read and write
|
||
|
2F4E000
|
stack
|
page read and write
|
||
|
4382000
|
trusted library allocation
|
page read and write
|
||
|
268FBA5C000
|
heap
|
page read and write
|
||
|
21B4000
|
direct allocation
|
page read and write
|
||
|
21D0000
|
direct allocation
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
199000
|
stack
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
268FB7E0000
|
heap
|
page read and write
|
||
|
69E000
|
stack
|
page read and write
|
||
|
44F2000
|
trusted library allocation
|
page read and write
|
||
|
97000
|
stack
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
15126862000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
28B45500000
|
heap
|
page read and write
|
||
|
1D32224C000
|
heap
|
page read and write
|
||
|
C6E47BB000
|
stack
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
763000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
F3AB7FE000
|
stack
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
B21827F000
|
stack
|
page read and write
|
||
|
28B44C8E000
|
heap
|
page read and write
|
||
|
289CCF13000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
1D322302000
|
heap
|
page read and write
|
||
|
15126829000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
1521000
|
unkown
|
page execute and write copy
|
||
|
3881000
|
heap
|
page read and write
|
||
|
15126866000
|
heap
|
page read and write
|
||
|
D11000
|
unkown
|
page execute read
|
||
|
1FA1000
|
direct allocation
|
page read and write
|
||
|
4382000
|
trusted library allocation
|
page read and write
|
||
|
75C000
|
heap
|
page read and write
|
||
|
2E827102000
|
heap
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
10019000
|
direct allocation
|
page readonly
|
||
|
F3AB27B000
|
stack
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
19F42313000
|
heap
|
page read and write
|
||
|
3200000
|
direct allocation
|
page read and write
|
||
|
237F9CBC000
|
heap
|
page read and write
|
||
|
326E000
|
stack
|
page read and write
|
||
|
D63CFF000
|
stack
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
3210000
|
direct allocation
|
page read and write
|
||
|
734000
|
heap
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
268FC002000
|
trusted library allocation
|
page read and write
|
||
|
3E8F000
|
stack
|
page read and write
|
||
|
2E827084000
|
heap
|
page read and write
|
||
|
15127002000
|
trusted library allocation
|
page read and write
|
||
|
151B000
|
unkown
|
page execute and write copy
|
||
|
580000
|
trusted library allocation
|
page read and write
|
||
|
1D322202000
|
heap
|
page read and write
|
||
|
3980000
|
trusted library allocation
|
page read and write
|
||
|
F3ABBFF000
|
stack
|
page read and write
|
||
|
410000
|
unkown
|
page readonly
|
||
|
28B44DB9000
|
heap
|
page read and write
|
||
|
2E82705C000
|
heap
|
page read and write
|
||
|
3980000
|
trusted library allocation
|
page read and write
|
||
|
3C0F000
|
stack
|
page read and write
|
||
|
28B44C13000
|
heap
|
page read and write
|
||
|
2E826FE0000
|
heap
|
page read and write
|
||
|
15126842000
|
heap
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
21A0000
|
direct allocation
|
page read and write
|
||
|
4382000
|
trusted library allocation
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
1620000
|
trusted library allocation
|
page read and write
|
||
|
57E000
|
stack
|
page read and write
|
||
|
209F000
|
stack
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
151266C0000
|
heap
|
page read and write
|
||
|
D619FFC000
|
stack
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
237F9C13000
|
heap
|
page read and write
|
||
|
3980000
|
trusted library allocation
|
page read and write
|
||
|
289CCC70000
|
heap
|
page read and write
|
||
|
10000000
|
direct allocation
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
B21877F000
|
stack
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
1D32223E000
|
heap
|
page read and write
|
||
|
48C000
|
unkown
|
page read and write
|
||
|
5B0000
|
trusted library allocation
|
page read and write
|
||
|
289CCE13000
|
heap
|
page read and write
|
||
|
44F2000
|
trusted library allocation
|
page read and write
|
||
|
44F4000
|
trusted library allocation
|
page read and write
|
||
|
2E828B90000
|
remote allocation
|
page read and write
|
||
|
1D322100000
|
heap
|
page read and write
|
||
|
15126859000
|
heap
|
page read and write
|
||
|
2E827060000
|
heap
|
page read and write
|
||
|
2E827073000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
268FBFD0000
|
remote allocation
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
43A0000
|
trusted library allocation
|
page read and write
|
||
|
C6E4DFE000
|
stack
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
289CCC00000
|
heap
|
page read and write
|
||
|
1D32222F000
|
heap
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
268FBFA0000
|
trusted library allocation
|
page read and write
|
||
|
1535000
|
unkown
|
page execute and write copy
|
||
|
28B44B90000
|
heap
|
page read and write
|
||
|
44F2000
|
trusted library allocation
|
page read and write
|
||
|
1D32223B000
|
heap
|
page read and write
|
||
|
487C000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3881000
|
heap
|
page read and write
|
||
|
A9D0FBC000
|
stack
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
1D322160000
|
heap
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
28B44C76000
|
heap
|
page read and write
|
||
|
1512683C000
|
heap
|
page read and write
|
||
|
2E828B90000
|
remote allocation
|
page read and write
|
||
|
2E827002000
|
heap
|
page read and write
|
||
|
151D000
|
unkown
|
page execute and write copy
|
||
|
1512687A000
|
heap
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
470000
|
unkown
|
page readonly
|
||
|
E128D7B000
|
stack
|
page read and write
|
||
|
151F000
|
unkown
|
page execute and write copy
|
||
|
4374000
|
trusted library allocation
|
page read and write
|
||
|
605000
|
heap
|
page read and write
|
||
|
1512686A000
|
heap
|
page read and write
|
||
|
428F000
|
stack
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
1512687D000
|
heap
|
page read and write
|
||
|
15126874000
|
heap
|
page read and write
|
||
|
1540000
|
heap
|
page read and write
|
||
|
10010000
|
direct allocation
|
page readonly
|
||
|
3881000
|
heap
|
page read and write
|
||
|
28B44C29000
|
heap
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
15126855000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
146E000
|
unkown
|
page execute and write copy
|
||
|
15126856000
|
heap
|
page read and write
|
||
|
28B44C95000
|
heap
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
D637DB000
|
stack
|
page read and write
|
||
|
1512685F000
|
heap
|
page read and write
|
||
|
289CCE3C000
|
heap
|
page read and write
|
||
|
34FF000
|
stack
|
page read and write
|
||
|
1D322213000
|
heap
|
page read and write
|
||
|
289CCE02000
|
heap
|
page read and write
|
||
|
E128E7E000
|
stack
|
page read and write
|
||
|
289CCC10000
|
heap
|
page read and write
|
||
|
1464000
|
unkown
|
page execute and write copy
|
||
|
D24000
|
unkown
|
page readonly
|
||
|
1544000
|
heap
|
page read and write
|
||
|
444A000
|
trusted library allocation
|
page read and write
|
||
|
15126840000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
237F9C87000
|
heap
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
2E82705B000
|
heap
|
page read and write
|
||
|
A9D16FF000
|
stack
|
page read and write
|
There are 574 hidden memdumps, click here to show them.