Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, InnoSetup self-extracting archive
|
initial sample
|
 |
|
|
C:\Program Files (x86)\PrintFolders\Russian.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\PrintFolders\is-K96P8.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\PrintFolders\is-RBTTG.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\PrintFolders\ntFolders.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Program Files (x86)\PrintFolders\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-2JDIE.tmp\is-I19BM.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-SBKH0.tmp\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-SBKH0.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\{e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}\karcA17.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\PrintFolders\Guide.chm (copy)
|
MS Windows HtmlHelp Data
|
dropped
|
||
|
C:\Program Files (x86)\PrintFolders\History.txt (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\PrintFolders\License.txt (copy)
|
RAGE Package Format (RPF),
|
dropped
|
||
|
C:\Program Files (x86)\PrintFolders\is-E7A00.tmp
|
data
|
dropped
|
||
|
C:\Program Files (x86)\PrintFolders\is-F5ERM.tmp
|
MS Windows HtmlHelp Data
|
dropped
|
||
|
C:\Program Files (x86)\PrintFolders\is-HN0H8.tmp
|
RAGE Package Format (RPF),
|
dropped
|
||
|
C:\Program Files (x86)\PrintFolders\is-VTV62.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\PrintFolders\unins000.dat
|
InnoSetup Log PrintFolders {3C248D7A-78F2-476F-86FF-34610A9B2E85}, version 0x2a, 3804 bytes, 320366\user, "C:\Program Files
(x86)\PrintFolders"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\count[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\fuckingdllENCR[1].dll
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\library[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ping[1].htm
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\library[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-SBKH0.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
There are 14 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\PrintFolders\ntFolders.exe
|
"C:\Program Files (x86)\PrintFolders\ntFolders.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\{e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}\karcA17.exe
|
|
|
|
|
C:\Users\user\Desktop\file.exe
|
C:\Users\user\Desktop\file.exe
|
||
|
C:\Users\user\AppData\Local\Temp\is-2JDIE.tmp\is-I19BM.tmp
|
"C:\Users\user\AppData\Local\Temp\is-2JDIE.tmp\is-I19BM.tmp" /SL4 $30366 "C:\Users\user\Desktop\file.exe" 2214542 96256
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c taskkill /im "ntFolders.exe" /f & erase "C:\Program Files (x86)\PrintFolders\ntFolders.exe"
& exit
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\taskkill.exe
|
taskkill /im "ntFolders.exe" /f
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://171.22.30.106/library.phpH
|
unknown
|
|
|
|
http://45.139.105.171/itsnotmalware/count.php?sub=NOSUB&stream=mixtwo&substream=mixinte
|
45.139.105.171
|
|
|
|
http://107.182.129.235/storage/ping.php
|
107.182.129.235
|
|
|
|
http://171.22.30.106/library.php
|
171.22.30.106
|
|
|
|
http://107.182.129.235/storage/extension.php
|
107.182.129.235
|
|
|
|
http://www.innosetup.com/
|
unknown
|
||
|
http://www.remobjects.com/?ps
|
unknown
|
||
|
http://www.innosetup.com
|
unknown
|
||
|
http://www.innosetup.comDVarFileInfo$
|
unknown
|
||
|
http://www.remobjects.com/?psU
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.139.105.171
|
unknown
|
Italy
|
|
|
|
45.139.105.1
|
unknown
|
Italy
|
|
|
|
85.31.46.167
|
unknown
|
Germany
|
|
|
|
107.182.129.235
|
unknown
|
Reserved
|
|
|
|
171.22.30.106
|
unknown
|
Germany
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Audpoint Software\PrintFolders
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3C248D7A-78F2-476F-86FF-34610A9B2E85}}_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3C248D7A-78F2-476F-86FF-34610A9B2E85}}_is1
|
Inno Setup: App Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3C248D7A-78F2-476F-86FF-34610A9B2E85}}_is1
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3C248D7A-78F2-476F-86FF-34610A9B2E85}}_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3C248D7A-78F2-476F-86FF-34610A9B2E85}}_is1
|
Inno Setup: User
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3C248D7A-78F2-476F-86FF-34610A9B2E85}}_is1
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3C248D7A-78F2-476F-86FF-34610A9B2E85}}_is1
|
DisplayIcon
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3C248D7A-78F2-476F-86FF-34610A9B2E85}}_is1
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3C248D7A-78F2-476F-86FF-34610A9B2E85}}_is1
|
QuietUninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3C248D7A-78F2-476F-86FF-34610A9B2E85}}_is1
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3C248D7A-78F2-476F-86FF-34610A9B2E85}}_is1
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3C248D7A-78F2-476F-86FF-34610A9B2E85}}_is1
|
NoRepair
|
There are 3 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
1740000
|
direct allocation
|
page read and write
|
|
|
|
3160000
|
direct allocation
|
page read and write
|
|
|
|
1614000
|
heap
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
43B2000
|
trusted library allocation
|
page read and write
|
||
|
3210000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
43B2000
|
trusted library allocation
|
page read and write
|
||
|
3351000
|
trusted library allocation
|
page read and write
|
||
|
417E000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
43A4000
|
trusted library allocation
|
page read and write
|
||
|
1710000
|
direct allocation
|
page read and write
|
||
|
680000
|
trusted library allocation
|
page read and write
|
||
|
48C000
|
unkown
|
page read and write
|
||
|
54E000
|
stack
|
page read and write
|
||
|
225C000
|
direct allocation
|
page read and write
|
||
|
4522000
|
trusted library allocation
|
page read and write
|
||
|
20FF000
|
stack
|
page read and write
|
||
|
4522000
|
trusted library allocation
|
page read and write
|
||
|
43D0000
|
trusted library allocation
|
page read and write
|
||
|
2230000
|
direct allocation
|
page read and write
|
||
|
590000
|
trusted library allocation
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
39B0000
|
trusted library allocation
|
page read and write
|
||
|
3AFF000
|
stack
|
page read and write
|
||
|
43D0000
|
trusted library allocation
|
page read and write
|
||
|
7FA000
|
heap
|
page read and write
|
||
|
38B3000
|
heap
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
31C0000
|
direct allocation
|
page read and write
|
||
|
2F9E000
|
stack
|
page read and write
|
||
|
39FE000
|
stack
|
page read and write
|
||
|
1570000
|
trusted library allocation
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
55C000
|
stack
|
page read and write
|
||
|
30DE000
|
stack
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
10017000
|
direct allocation
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
5FC000
|
heap
|
page read and write
|
||
|
86F000
|
stack
|
page read and write
|
||
|
315F000
|
stack
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
11E4000
|
unkown
|
page readonly
|
||
|
30000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
2350000
|
trusted library allocation
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
4522000
|
trusted library allocation
|
page read and write
|
||
|
1A20000
|
direct allocation
|
page read and write
|
||
|
3DBE000
|
stack
|
page read and write
|
||
|
11E2000
|
unkown
|
page write copy
|
||
|
38C0000
|
heap
|
page read and write
|
||
|
43B2000
|
trusted library allocation
|
page read and write
|
||
|
215F000
|
stack
|
page read and write
|
||
|
437A000
|
trusted library allocation
|
page read and write
|
||
|
337E000
|
stack
|
page read and write
|
||
|
12B5000
|
unkown
|
page execute and write copy
|
||
|
400000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2200000
|
direct allocation
|
page read and write
|
||
|
4385000
|
trusted library allocation
|
page read and write
|
||
|
4AE000
|
unkown
|
page read and write
|
||
|
2111000
|
direct allocation
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
11E2000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
225D000
|
direct allocation
|
page read and write
|
||
|
1790000
|
heap
|
page read and write
|
||
|
309F000
|
stack
|
page read and write
|
||
|
4523000
|
trusted library allocation
|
page read and write
|
||
|
145A000
|
unkown
|
page execute and write copy
|
||
|
320D000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1780000
|
direct allocation
|
page read and write
|
||
|
8BA000
|
heap
|
page read and write
|
||
|
43D0000
|
trusted library allocation
|
page read and write
|
||
|
489D000
|
stack
|
page read and write
|
||
|
21C4000
|
direct allocation
|
page read and write
|
||
|
5F4000
|
heap
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
33BE000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
146D000
|
unkown
|
page execute and write copy
|
||
|
1614000
|
heap
|
page read and write
|
||
|
188D000
|
heap
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
10000000
|
direct allocation
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
407E000
|
stack
|
page read and write
|
||
|
11D1000
|
unkown
|
page execute read
|
||
|
1770000
|
direct allocation
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1276000
|
unkown
|
page readonly
|
||
|
2275000
|
direct allocation
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
1454000
|
unkown
|
page execute and write copy
|
||
|
4523000
|
trusted library allocation
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
4522000
|
trusted library allocation
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
4522000
|
trusted library allocation
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
199000
|
stack
|
page read and write
|
||
|
452000
|
unkown
|
page execute and read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
8A0000
|
direct allocation
|
page execute and read and write
|
||
|
188B000
|
heap
|
page read and write
|
||
|
1001A000
|
direct allocation
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
11DC000
|
unkown
|
page readonly
|
||
|
58E000
|
stack
|
page read and write
|
||
|
18F000
|
stack
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
2224000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
48AF000
|
stack
|
page read and write
|
||
|
188D000
|
heap
|
page read and write
|
||
|
38C9000
|
heap
|
page read and write
|
||
|
188D000
|
heap
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
43D0000
|
trusted library allocation
|
page read and write
|
||
|
2111000
|
direct allocation
|
page read and write
|
||
|
11D0000
|
unkown
|
page readonly
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
1468000
|
unkown
|
page execute and write copy
|
||
|
1614000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
3C3F000
|
stack
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
4522000
|
trusted library allocation
|
page read and write
|
||
|
4522000
|
trusted library allocation
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
2720000
|
trusted library allocation
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
1844000
|
heap
|
page read and write
|
||
|
43D0000
|
trusted library allocation
|
page read and write
|
||
|
2F30000
|
direct allocation
|
page read and write
|
||
|
188D000
|
heap
|
page read and write
|
||
|
11D0000
|
unkown
|
page readonly
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
43B2000
|
trusted library allocation
|
page read and write
|
||
|
333F000
|
stack
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
4F5000
|
heap
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
43B2000
|
trusted library allocation
|
page read and write
|
||
|
43D0000
|
trusted library allocation
|
page read and write
|
||
|
1A40000
|
heap
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
410000
|
unkown
|
page readonly
|
||
|
4523000
|
trusted library allocation
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
43B2000
|
trusted library allocation
|
page read and write
|
||
|
10019000
|
direct allocation
|
page readonly
|
||
|
3EBF000
|
stack
|
page read and write
|
||
|
603000
|
heap
|
page read and write
|
||
|
447A000
|
trusted library allocation
|
page read and write
|
||
|
43B2000
|
trusted library allocation
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
43B2000
|
trusted library allocation
|
page read and write
|
||
|
1533000
|
unkown
|
page execute and write copy
|
||
|
97000
|
stack
|
page read and write
|
||
|
15CE000
|
stack
|
page read and write
|
||
|
11E4000
|
unkown
|
page readonly
|
||
|
4E0000
|
trusted library allocation
|
page read and write
|
||
|
43B2000
|
trusted library allocation
|
page read and write
|
||
|
197000
|
stack
|
page read and write
|
||
|
4523000
|
trusted library allocation
|
page read and write
|
||
|
353F000
|
stack
|
page read and write
|
||
|
10010000
|
direct allocation
|
page readonly
|
||
|
4523000
|
trusted library allocation
|
page read and write
|
||
|
4522000
|
trusted library allocation
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
2244000
|
direct allocation
|
page read and write
|
||
|
2260000
|
direct allocation
|
page read and write
|
||
|
4523000
|
trusted library allocation
|
page read and write
|
||
|
2118000
|
direct allocation
|
page read and write
|
||
|
10002000
|
unkown
|
page readonly
|
||
|
1614000
|
heap
|
page read and write
|
||
|
3330000
|
trusted library allocation
|
page read and write
|
||
|
195000
|
stack
|
page read and write
|
||
|
4522000
|
trusted library allocation
|
page read and write
|
||
|
188D000
|
heap
|
page read and write
|
||
|
43B2000
|
trusted library allocation
|
page read and write
|
||
|
4523000
|
trusted library allocation
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
188D000
|
heap
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
5D4000
|
heap
|
page read and write
|
||
|
2F30000
|
direct allocation
|
page read and write
|
||
|
2234000
|
direct allocation
|
page read and write
|
||
|
4AF000
|
unkown
|
page write copy
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
2220000
|
heap
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
4B8000
|
heap
|
page read and write
|
||
|
26A0000
|
trusted library allocation
|
page read and write
|
||
|
188D000
|
heap
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
11D1000
|
unkown
|
page execute read
|
||
|
1456000
|
unkown
|
page execute and write copy
|
||
|
1EF0000
|
heap
|
page read and write
|
||
|
43D0000
|
trusted library allocation
|
page read and write
|
||
|
43D0000
|
trusted library allocation
|
page read and write
|
||
|
43D0000
|
trusted library allocation
|
page read and write
|
||
|
410000
|
unkown
|
page readonly
|
||
|
38B0000
|
heap
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
3230000
|
heap
|
page read and write
|
||
|
40C000
|
unkown
|
page write copy
|
||
|
1614000
|
heap
|
page read and write
|
||
|
48C000
|
unkown
|
page write copy
|
||
|
1610000
|
heap
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
4523000
|
trusted library allocation
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
417C000
|
stack
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
84E000
|
stack
|
page read and write
|
||
|
41BE000
|
stack
|
page read and write
|
||
|
3D7F000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
2244000
|
direct allocation
|
page read and write
|
||
|
3330000
|
direct allocation
|
page read and write
|
||
|
2100000
|
direct allocation
|
page read and write
|
||
|
479E000
|
stack
|
page read and write
|
||
|
43D0000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3F2E000
|
stack
|
page read and write
|
||
|
3C7E000
|
stack
|
page read and write
|
||
|
4BC000
|
unkown
|
page readonly
|
||
|
1614000
|
heap
|
page read and write
|
||
|
4522000
|
trusted library allocation
|
page read and write
|
||
|
4E1000
|
heap
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1517000
|
unkown
|
page execute and write copy
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
188D000
|
heap
|
page read and write
|
||
|
2114000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
42BA000
|
stack
|
page read and write
|
||
|
43D0000
|
trusted library allocation
|
page read and write
|
||
|
2200000
|
direct allocation
|
page read and write
|
||
|
4523000
|
trusted library allocation
|
page read and write
|
||
|
179A000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
45C000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
3B3E000
|
stack
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
4BC000
|
unkown
|
page readonly
|
||
|
43D0000
|
trusted library allocation
|
page read and write
|
||
|
4522000
|
trusted library allocation
|
page read and write
|
||
|
160E000
|
stack
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
4523000
|
trusted library allocation
|
page read and write
|
||
|
470000
|
unkown
|
page readonly
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
1452000
|
unkown
|
page execute and write copy
|
||
|
47AF000
|
stack
|
page read and write
|
||
|
10001000
|
direct allocation
|
page execute read
|
||
|
43A0000
|
trusted library allocation
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
8B6000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
11DC000
|
unkown
|
page readonly
|
||
|
1614000
|
heap
|
page read and write
|
||
|
4E4000
|
heap
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
31DF000
|
stack
|
page read and write
|
||
|
188D000
|
heap
|
page read and write
|
||
|
4522000
|
trusted library allocation
|
page read and write
|
||
|
187A000
|
heap
|
page read and write
|
||
|
3ED0000
|
heap
|
page read and write
|
||
|
5AA000
|
heap
|
page read and write
|
||
|
39B0000
|
trusted library allocation
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
490000
|
trusted library allocation
|
page read and write
|
||
|
39B0000
|
trusted library allocation
|
page read and write
|
||
|
16F0000
|
trusted library allocation
|
page read and write
|
||
|
5F8000
|
heap
|
page read and write
|
||
|
5FC000
|
heap
|
page read and write
|
||
|
43B2000
|
trusted library allocation
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
1A45000
|
heap
|
page read and write
|
||
|
188D000
|
heap
|
page read and write
|
||
|
402E000
|
stack
|
page read and write
|
||
|
38B1000
|
heap
|
page read and write
|
There are 310 hidden memdumps, click here to show them.