Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, InnoSetup self-extracting archive
|
initial sample
|
 |
|
|
C:\Program Files (x86)\Split Files\SplitFiles131.exe
|
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
modified
|
|
|
|
C:\Program Files (x86)\Split Files\is-AGVDF.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Split Files\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-D5FV2.tmp\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-D5FV2.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-LMEP0.tmp\is-DTRND.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\{e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}\KN38AzDG.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Split Files\ReadMe - EN.txt (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\ReadMe - RU.txt (copy)
|
ISO-8859 text, with very long lines (1053), with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\is-3OAED.tmp
|
ISO-8859 text, with very long lines (1053), with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\is-6QN6Q.tmp
|
data
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\is-JSP8F.tmp
|
MS Windows 95 Internet shortcut text (URL=<http://www.altarsoft.com/split_files.shtml>), ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\is-UJJ0L.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\Arabic.ini (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\Chinese.ini (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\Dutch.ini (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\English.ini (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\French.ini (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\Italian.ini (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\Russian.ini (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\Spanish.ini (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\Turkish.ini (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-79U67.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-7L4JB.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-7O3KV.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-8E2LT.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-APJVT.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-B20UO.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-FBKGV.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-JMARM.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-R2P47.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\unins000.dat
|
InnoSetup Log Split Files {215D64A9-0240-4952-9F4D-4D0A65391F2C}, version 0x2a, 4441 bytes, 927537\user, "C:\Program Files
(x86)\Split Files"
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\webpage.url (copy)
|
MS Windows 95 Internet shortcut text (URL=<http://www.altarsoft.com/split_files.shtml>), ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\fuckingdllENCR[1].dll
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\count[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\library[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\library[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\ping[1].htm
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-D5FV2.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
There are 30 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Split Files\SplitFiles131.exe
|
"C:\Program Files (x86)\Split Files\SplitFiles131.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\{e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}\KN38AzDG.exe
|
|
|
|
|
C:\Users\user\Desktop\file.exe
|
C:\Users\user\Desktop\file.exe
|
||
|
C:\Users\user\AppData\Local\Temp\is-LMEP0.tmp\is-DTRND.tmp
|
"C:\Users\user\AppData\Local\Temp\is-LMEP0.tmp\is-DTRND.tmp" /SL4 $902D6 "C:\Users\user\Desktop\file.exe" 1818498 170496
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c taskkill /im "SplitFiles131.exe" /f & erase "C:\Program Files (x86)\Split Files\SplitFiles131.exe"
& exit
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\taskkill.exe
|
taskkill /im "SplitFiles131.exe" /f
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://45.139.105.171/itsnotmalware/count.php?sub=NOSUB&stream=mixtwo&substream=mixinte
|
45.139.105.171
|
|
|
|
http://171.22.30.106/library.phpch
|
unknown
|
|
|
|
http://107.182.129.235/storage/extension.php
|
107.182.129.235
|
|
|
|
http://107.182.129.235/storage/ping.php
|
107.182.129.235
|
|
|
|
http://171.22.30.106/library.phpYQ
|
unknown
|
|
|
|
http://171.22.30.106/library.php4
|
unknown
|
|
|
|
http://171.22.30.106/library.php
|
171.22.30.106
|
|
|
|
http://www.innosetup.com/
|
unknown
|
||
|
http://www.altarsoft.com/split_files.shtml
|
unknown
|
||
|
http://www.remobjects.com/?ps
|
unknown
|
||
|
http://rus.altarsoft.com/split_files.shtml
|
unknown
|
||
|
http://www.innosetup.com
|
unknown
|
||
|
http://www.innosetup.comDVarFileInfo$
|
unknown
|
||
|
http://www.remobjects.com/?psU
|
unknown
|
There are 4 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.139.105.171
|
unknown
|
Italy
|
|
|
|
45.139.105.1
|
unknown
|
Italy
|
|
|
|
85.31.46.167
|
unknown
|
Germany
|
|
|
|
107.182.129.235
|
unknown
|
Reserved
|
|
|
|
171.22.30.106
|
unknown
|
Germany
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Avepoint Software\SplitFiles131
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{215D64A9-0240-4952-9F4D-4D0A65391F2C}}_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{215D64A9-0240-4952-9F4D-4D0A65391F2C}}_is1
|
Inno Setup: App Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{215D64A9-0240-4952-9F4D-4D0A65391F2C}}_is1
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{215D64A9-0240-4952-9F4D-4D0A65391F2C}}_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{215D64A9-0240-4952-9F4D-4D0A65391F2C}}_is1
|
Inno Setup: User
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{215D64A9-0240-4952-9F4D-4D0A65391F2C}}_is1
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{215D64A9-0240-4952-9F4D-4D0A65391F2C}}_is1
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{215D64A9-0240-4952-9F4D-4D0A65391F2C}}_is1
|
QuietUninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{215D64A9-0240-4952-9F4D-4D0A65391F2C}}_is1
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{215D64A9-0240-4952-9F4D-4D0A65391F2C}}_is1
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{215D64A9-0240-4952-9F4D-4D0A65391F2C}}_is1
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{215D64A9-0240-4952-9F4D-4D0A65391F2C}}_is1
|
NoRepair
|
There are 3 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
3340000
|
direct allocation
|
page read and write
|
|
|
|
30C0000
|
direct allocation
|
page read and write
|
|
|
|
1734000
|
heap
|
page read and write
|
||
|
2256D200000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
39A0000
|
trusted library allocation
|
page read and write
|
||
|
22572030000
|
trusted library allocation
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
43C6000
|
trusted library allocation
|
page read and write
|
||
|
439A000
|
trusted library allocation
|
page read and write
|
||
|
69B000
|
heap
|
page read and write
|
||
|
1416A600000
|
heap
|
page read and write
|
||
|
2256CA58000
|
heap
|
page read and write
|
||
|
589A5FF000
|
stack
|
page read and write
|
||
|
6DBA87A000
|
stack
|
page read and write
|
||
|
43C6000
|
trusted library allocation
|
page read and write
|
||
|
1734000
|
heap
|
page read and write
|
||
|
4513000
|
trusted library allocation
|
page read and write
|
||
|
43C6000
|
trusted library allocation
|
page read and write
|
||
|
357C1FE000
|
stack
|
page read and write
|
||
|
1D334C02000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
1416A667000
|
heap
|
page read and write
|
||
|
22572040000
|
trusted library allocation
|
page read and write
|
||
|
43E0000
|
trusted library allocation
|
page read and write
|
||
|
1D334C29000
|
heap
|
page read and write
|
||
|
1734000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
1734000
|
heap
|
page read and write
|
||
|
145B000
|
unkown
|
page execute and write copy
|
||
|
4BC000
|
unkown
|
page readonly
|
||
|
43E0000
|
trusted library allocation
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
1D334A20000
|
heap
|
page read and write
|
||
|
891A7F000
|
stack
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
589A2FC000
|
stack
|
page read and write
|
||
|
1416A656000
|
heap
|
page read and write
|
||
|
891CFA000
|
stack
|
page read and write
|
||
|
1416ADA0000
|
trusted library allocation
|
page read and write
|
||
|
122A000
|
heap
|
page read and write
|
||
|
6AC000
|
heap
|
page read and write
|
||
|
1734000
|
heap
|
page read and write
|
||
|
43A8000
|
trusted library allocation
|
page read and write
|
||
|
43E0000
|
trusted library allocation
|
page read and write
|
||
|
43A8000
|
trusted library allocation
|
page read and write
|
||
|
489C000
|
stack
|
page read and write
|
||
|
1734000
|
heap
|
page read and write
|
||
|
22571E70000
|
trusted library allocation
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
10001000
|
direct allocation
|
page execute read
|
||
|
3D6F000
|
stack
|
page read and write
|
||
|
1D3349D0000
|
heap
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
1734000
|
heap
|
page read and write
|
||
|
21076E00000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
2058000
|
direct allocation
|
page read and write
|
||
|
4498000
|
trusted library allocation
|
page read and write
|
||
|
6A8000
|
heap
|
page read and write
|
||
|
2051000
|
direct allocation
|
page read and write
|
||
|
196000
|
stack
|
page read and write
|
||
|
43A8000
|
trusted library allocation
|
page read and write
|
||
|
5C0000
|
trusted library allocation
|
page read and write
|
||
|
2256CA13000
|
heap
|
page read and write
|
||
|
4513000
|
trusted library allocation
|
page read and write
|
||
|
3AEF000
|
stack
|
page read and write
|
||
|
43C6000
|
trusted library allocation
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
1416A692000
|
heap
|
page read and write
|
||
|
1416A65B000
|
heap
|
page read and write
|
||
|
22572010000
|
trusted library allocation
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
1416A63C000
|
heap
|
page read and write
|
||
|
410000
|
unkown
|
page readonly
|
||
|
1416AF00000
|
heap
|
page read and write
|
||
|
452000
|
unkown
|
page execute and read and write
|
||
|
401E000
|
stack
|
page read and write
|
||
|
1416AFB2000
|
heap
|
page read and write
|
||
|
1416A664000
|
heap
|
page read and write
|
||
|
1416A68B000
|
heap
|
page read and write
|
||
|
2256DAE0000
|
trusted library section
|
page readonly
|
||
|
1734000
|
heap
|
page read and write
|
||
|
3EAF000
|
stack
|
page read and write
|
||
|
4513000
|
trusted library allocation
|
page read and write
|
||
|
1D3349C0000
|
heap
|
page read and write
|
||
|
1416ADC0000
|
trusted library allocation
|
page read and write
|
||
|
500E000
|
direct allocation
|
page read and write
|
||
|
4371000
|
trusted library allocation
|
page read and write
|
||
|
22572040000
|
trusted library allocation
|
page read and write
|
||
|
43C6000
|
trusted library allocation
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
65A000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
3C6E000
|
stack
|
page read and write
|
||
|
39A0000
|
trusted library allocation
|
page read and write
|
||
|
1512000
|
unkown
|
page execute and write copy
|
||
|
610000
|
heap
|
page read and write
|
||
|
4513000
|
trusted library allocation
|
page read and write
|
||
|
2256C980000
|
trusted library section
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
33D0000
|
direct allocation
|
page read and write
|
||
|
1D334C3E000
|
heap
|
page read and write
|
||
|
1734000
|
heap
|
page read and write
|
||
|
2256CAFF000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2256CA3F000
|
heap
|
page read and write
|
||
|
10C000
|
unkown
|
page readonly
|
||
|
1416A678000
|
heap
|
page read and write
|
||
|
43E0000
|
trusted library allocation
|
page read and write
|
||
|
4513000
|
trusted library allocation
|
page read and write
|
||
|
EFB000
|
stack
|
page read and write
|
||
|
4C4000
|
unkown
|
page readonly
|
||
|
4F80000
|
direct allocation
|
page read and write
|
||
|
2256D9E0000
|
trusted library allocation
|
page read and write
|
||
|
1416A63C000
|
heap
|
page read and write
|
||
|
30F0000
|
heap
|
page read and write
|
||
|
21076DC0000
|
heap
|
page read and write
|
||
|
43E0000
|
trusted library allocation
|
page read and write
|
||
|
2256CA56000
|
heap
|
page read and write
|
||
|
43C6000
|
trusted library allocation
|
page read and write
|
||
|
2256CAFD000
|
heap
|
page read and write
|
||
|
1416A7E5000
|
heap
|
page read and write
|
||
|
1734000
|
heap
|
page read and write
|
||
|
891BF9000
|
stack
|
page read and write
|
||
|
357C27E000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
43A8000
|
trusted library allocation
|
page read and write
|
||
|
1416AF94000
|
heap
|
page read and write
|
||
|
22572160000
|
trusted library allocation
|
page read and write
|
||
|
589A47E000
|
stack
|
page read and write
|
||
|
4AF000
|
unkown
|
page write copy
|
||
|
34CF000
|
stack
|
page read and write
|
||
|
891EFF000
|
stack
|
page read and write
|
||
|
19A5000
|
heap
|
page read and write
|
||
|
21076E40000
|
heap
|
page read and write
|
||
|
21076D60000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
1416A676000
|
heap
|
page read and write
|
||
|
930000
|
trusted library allocation
|
page read and write
|
||
|
1416B223000
|
heap
|
page read and write
|
||
|
38B0000
|
heap
|
page read and write
|
||
|
2256DB00000
|
trusted library section
|
page readonly
|
||
|
1416A7B9000
|
heap
|
page read and write
|
||
|
357BDFB000
|
stack
|
page read and write
|
||
|
2256CA7B000
|
heap
|
page read and write
|
||
|
350E000
|
stack
|
page read and write
|
||
|
3B2E000
|
stack
|
page read and write
|
||
|
6AC000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
22572050000
|
trusted library allocation
|
page read and write
|
||
|
357BCFF000
|
stack
|
page read and write
|
||
|
129C000
|
unkown
|
page execute and write copy
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1734000
|
heap
|
page read and write
|
||
|
43A8000
|
trusted library allocation
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
3DAE000
|
stack
|
page read and write
|
||
|
1416AF54000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
891DFE000
|
stack
|
page read and write
|
||
|
10002000
|
unkown
|
page readonly
|
||
|
470000
|
unkown
|
page readonly
|
||
|
417000
|
unkown
|
page readonly
|
||
|
4BC000
|
unkown
|
page readonly
|
||
|
4F6E000
|
direct allocation
|
page read and write
|
||
|
1734000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
33A0000
|
direct allocation
|
page read and write
|
||
|
1734000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
7AA000
|
heap
|
page read and write
|
||
|
437B000
|
trusted library allocation
|
page read and write
|
||
|
4513000
|
trusted library allocation
|
page read and write
|
||
|
6B5000
|
heap
|
page read and write
|
||
|
2256D202000
|
heap
|
page read and write
|
||
|
4515000
|
trusted library allocation
|
page read and write
|
||
|
313E000
|
stack
|
page read and write
|
||
|
4513000
|
trusted library allocation
|
page read and write
|
||
|
39EE000
|
stack
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
1416B227000
|
heap
|
page read and write
|
||
|
33C0000
|
direct allocation
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
15BA000
|
heap
|
page read and write
|
||
|
15B0000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
4513000
|
trusted library allocation
|
page read and write
|
||
|
41AE000
|
stack
|
page read and write
|
||
|
1416AE02000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
1416B230000
|
heap
|
page read and write
|
||
|
357BBF8000
|
stack
|
page read and write
|
||
|
1734000
|
heap
|
page read and write
|
||
|
580000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1734000
|
heap
|
page read and write
|
||
|
2256CA29000
|
heap
|
page read and write
|
||
|
589A37F000
|
stack
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
8918FA000
|
stack
|
page read and write
|
||
|
4F5D000
|
direct allocation
|
page read and write
|
||
|
114000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1D334B20000
|
trusted library allocation
|
page read and write
|
||
|
43C6000
|
trusted library allocation
|
page read and write
|
||
|
21076E02000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
2256CA74000
|
heap
|
page read and write
|
||
|
91E000
|
stack
|
page read and write
|
||
|
21E0000
|
direct allocation
|
page read and write
|
||
|
446A000
|
trusted library allocation
|
page read and write
|
||
|
43E0000
|
trusted library allocation
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
22572037000
|
trusted library allocation
|
page read and write
|
||
|
21077690000
|
remote allocation
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
40C000
|
unkown
|
page write copy
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
1734000
|
heap
|
page read and write
|
||
|
1560000
|
trusted library allocation
|
page read and write
|
||
|
143A000
|
unkown
|
page execute and write copy
|
||
|
21076E29000
|
heap
|
page read and write
|
||
|
1416AF43000
|
heap
|
page read and write
|
||
|
101000
|
unkown
|
page execute read
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
20DF000
|
stack
|
page read and write
|
||
|
406E000
|
stack
|
page read and write
|
||
|
341D000
|
stack
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
891B7C000
|
stack
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
2230000
|
direct allocation
|
page read and write
|
||
|
225720E0000
|
trusted library allocation
|
page read and write
|
||
|
4F5F000
|
direct allocation
|
page read and write
|
||
|
3090000
|
direct allocation
|
page read and write
|
||
|
589A07B000
|
stack
|
page read and write
|
||
|
1734000
|
heap
|
page read and write
|
||
|
21077802000
|
trusted library allocation
|
page read and write
|
||
|
1FD4000
|
heap
|
page read and write
|
||
|
1416A62C000
|
heap
|
page read and write
|
||
|
43E0000
|
trusted library allocation
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
1D334D02000
|
heap
|
page read and write
|
||
|
3090000
|
heap
|
page read and write
|
||
|
20FD000
|
direct allocation
|
page read and write
|
||
|
15A0000
|
direct allocation
|
page read and write
|
||
|
43E0000
|
trusted library allocation
|
page read and write
|
||
|
1FD0000
|
heap
|
page read and write
|
||
|
101000
|
unkown
|
page execute read
|
||
|
22571F00000
|
trusted library allocation
|
page read and write
|
||
|
891FFF000
|
stack
|
page read and write
|
||
|
6DBA979000
|
stack
|
page read and write
|
||
|
2256D313000
|
heap
|
page read and write
|
||
|
479E000
|
stack
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
946000
|
heap
|
page read and write
|
||
|
4C4000
|
unkown
|
page readonly
|
||
|
19C000
|
stack
|
page read and write
|
||
|
2256C9E1000
|
trusted library allocation
|
page read and write
|
||
|
589A57D000
|
stack
|
page read and write
|
||
|
21E4000
|
direct allocation
|
page read and write
|
||
|
439A000
|
trusted library allocation
|
page read and write
|
||
|
4F76000
|
direct allocation
|
page read and write
|
||
|
21076E5C000
|
heap
|
page read and write
|
||
|
2256C870000
|
heap
|
page read and write
|
||
|
6DBA6FE000
|
stack
|
page read and write
|
||
|
112000
|
unkown
|
page read and write
|
||
|
43C6000
|
trusted library allocation
|
page read and write
|
||
|
1416A78E000
|
heap
|
page read and write
|
||
|
22571E80000
|
trusted library allocation
|
page read and write
|
||
|
1D334C54000
|
heap
|
page read and write
|
||
|
94A000
|
heap
|
page read and write
|
||
|
4AE000
|
unkown
|
page read and write
|
||
|
357C0FB000
|
stack
|
page read and write
|
||
|
2256CB02000
|
heap
|
page read and write
|
||
|
1D335402000
|
trusted library allocation
|
page read and write
|
||
|
43E0000
|
trusted library allocation
|
page read and write
|
||
|
21077690000
|
remote allocation
|
page read and write
|
||
|
2256C810000
|
heap
|
page read and write
|
||
|
357BFFF000
|
stack
|
page read and write
|
||
|
21DF000
|
stack
|
page read and write
|
||
|
1D334C37000
|
heap
|
page read and write
|
||
|
1416AFC0000
|
heap
|
page read and write
|
||
|
4513000
|
trusted library allocation
|
page read and write
|
||
|
1416AF71000
|
heap
|
page read and write
|
||
|
4F3E000
|
direct allocation
|
page read and write
|
||
|
30BF000
|
stack
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
19A0000
|
heap
|
page read and write
|
||
|
43A8000
|
trusted library allocation
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
43A8000
|
trusted library allocation
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
1734000
|
heap
|
page read and write
|
||
|
2256D302000
|
heap
|
page read and write
|
||
|
1734000
|
heap
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
2256CA6F000
|
heap
|
page read and write
|
||
|
97000
|
stack
|
page read and write
|
||
|
338F000
|
stack
|
page read and write
|
||
|
630000
|
direct allocation
|
page execute and read and write
|
||
|
1416A713000
|
heap
|
page read and write
|
||
|
1734000
|
heap
|
page read and write
|
||
|
1D334C13000
|
heap
|
page read and write
|
||
|
1734000
|
heap
|
page read and write
|
||
|
1416A4A0000
|
heap
|
page read and write
|
||
|
615000
|
heap
|
page read and write
|
||
|
1734000
|
heap
|
page read and write
|
||
|
2256C970000
|
trusted library allocation
|
page read and write
|
||
|
6DBA36B000
|
stack
|
page read and write
|
||
|
21076E13000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
2205000
|
direct allocation
|
page read and write
|
||
|
39A0000
|
trusted library allocation
|
page read and write
|
||
|
10019000
|
direct allocation
|
page readonly
|
||
|
22572010000
|
trusted library allocation
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
22571EF0000
|
trusted library allocation
|
page read and write
|
||
|
1734000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
26E0000
|
trusted library allocation
|
page read and write
|
||
|
2256CA77000
|
heap
|
page read and write
|
||
|
1416AFC6000
|
heap
|
page read and write
|
||
|
B2C000
|
stack
|
page read and write
|
||
|
1734000
|
heap
|
page read and write
|
||
|
3090000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
22572031000
|
trusted library allocation
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
2BF0000
|
heap
|
page read and write
|
||
|
89149C000
|
stack
|
page read and write
|
||
|
416A000
|
stack
|
page read and write
|
||
|
328E000
|
stack
|
page read and write
|
||
|
30EE000
|
stack
|
page read and write
|
||
|
16F0000
|
direct allocation
|
page read and write
|
||
|
2256CA00000
|
heap
|
page read and write
|
||
|
2256CA79000
|
heap
|
page read and write
|
||
|
3F1E000
|
stack
|
page read and write
|
||
|
1416A613000
|
heap
|
page read and write
|
||
|
1D334C00000
|
heap
|
page read and write
|
||
|
22572034000
|
trusted library allocation
|
page read and write
|
||
|
1416A690000
|
heap
|
page read and write
|
||
|
323F000
|
stack
|
page read and write
|
||
|
589A6FD000
|
stack
|
page read and write
|
||
|
2230000
|
direct allocation
|
page read and write
|
||
|
357B7BB000
|
stack
|
page read and write
|
||
|
4D96000
|
direct allocation
|
page read and write
|
||
|
1734000
|
heap
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
1416A686000
|
heap
|
page read and write
|
||
|
22572050000
|
trusted library allocation
|
page read and write
|
||
|
1416A490000
|
heap
|
page read and write
|
||
|
1664000
|
heap
|
page read and write
|
||
|
100000
|
unkown
|
page readonly
|
||
|
3EC0000
|
heap
|
page read and write
|
||
|
43C6000
|
trusted library allocation
|
page read and write
|
||
|
22572202000
|
heap
|
page read and write
|
||
|
169B000
|
heap
|
page read and write
|
||
|
150A000
|
unkown
|
page execute and write copy
|
||
|
2256CA8D000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
43A8000
|
trusted library allocation
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
1416AF22000
|
heap
|
page read and write
|
||
|
5E0000
|
trusted library allocation
|
page read and write
|
||
|
199000
|
stack
|
page read and write
|
||
|
1416A500000
|
heap
|
page read and write
|
||
|
1734000
|
heap
|
page read and write
|
||
|
21FC000
|
direct allocation
|
page read and write
|
||
|
2256CA9E000
|
heap
|
page read and write
|
||
|
1416A62A000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
1416B213000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
43E0000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1D334C41000
|
heap
|
page read and write
|
||
|
4F6A000
|
direct allocation
|
page read and write
|
||
|
357BAFE000
|
stack
|
page read and write
|
||
|
1734000
|
heap
|
page read and write
|
||
|
500000
|
trusted library allocation
|
page read and write
|
||
|
43E0000
|
trusted library allocation
|
page read and write
|
||
|
410000
|
unkown
|
page readonly
|
||
|
10C000
|
unkown
|
page readonly
|
||
|
2256CA93000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
2256C800000
|
heap
|
page read and write
|
||
|
43C6000
|
trusted library allocation
|
page read and write
|
||
|
22572054000
|
trusted library allocation
|
page read and write
|
||
|
1D334C31000
|
heap
|
page read and write
|
||
|
1416A683000
|
heap
|
page read and write
|
||
|
2118000
|
direct allocation
|
page read and write
|
||
|
1734000
|
heap
|
page read and write
|
||
|
3251000
|
trusted library allocation
|
page read and write
|
||
|
22572170000
|
trusted library allocation
|
page read and write
|
||
|
1001A000
|
direct allocation
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
18F000
|
stack
|
page read and write
|
||
|
42AC000
|
stack
|
page read and write
|
||
|
21077690000
|
remote allocation
|
page read and write
|
||
|
1416AF02000
|
heap
|
page read and write
|
||
|
2256DAF0000
|
trusted library section
|
page readonly
|
||
|
21FC000
|
direct allocation
|
page read and write
|
||
|
3C2F000
|
stack
|
page read and write
|
||
|
48C000
|
unkown
|
page write copy
|
||
|
112000
|
unkown
|
page write copy
|
||
|
21076F02000
|
heap
|
page read and write
|
||
|
38A0000
|
heap
|
page read and write
|
||
|
2256DAD0000
|
trusted library section
|
page readonly
|
||
|
21076DF0000
|
trusted library allocation
|
page read and write
|
||
|
43C6000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
4513000
|
trusted library allocation
|
page read and write
|
||
|
589A1FE000
|
stack
|
page read and write
|
||
|
1720000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
21076D50000
|
heap
|
page read and write
|
||
|
1416B200000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
4D78000
|
direct allocation
|
page read and write
|
||
|
2051000
|
direct allocation
|
page read and write
|
||
|
55E000
|
stack
|
page read and write
|
||
|
21FC000
|
direct allocation
|
page read and write
|
||
|
2256CAA0000
|
heap
|
page read and write
|
||
|
891F7F000
|
stack
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
100000
|
unkown
|
page readonly
|
||
|
1730000
|
heap
|
page read and write
|
||
|
4513000
|
trusted library allocation
|
page read and write
|
||
|
357BEFE000
|
stack
|
page read and write
|
||
|
1416A66F000
|
heap
|
page read and write
|
||
|
1734000
|
heap
|
page read and write
|
||
|
16EE000
|
stack
|
page read and write
|
||
|
2257201E000
|
trusted library allocation
|
page read and write
|
||
|
43A8000
|
trusted library allocation
|
page read and write
|
||
|
4D00000
|
direct allocation
|
page read and write
|
||
|
33CE000
|
stack
|
page read and write
|
||
|
220C000
|
direct allocation
|
page read and write
|
||
|
10010000
|
direct allocation
|
page readonly
|
||
|
1F9E000
|
stack
|
page read and write
|
||
|
31EF000
|
stack
|
page read and write
|
||
|
1416AF22000
|
heap
|
page read and write
|
||
|
21FC000
|
direct allocation
|
page read and write
|
||
|
2256DAC0000
|
trusted library section
|
page readonly
|
||
|
48C000
|
unkown
|
page read and write
|
||
|
1275000
|
unkown
|
page readonly
|
||
|
42AE000
|
stack
|
page read and write
|
||
|
43A8000
|
trusted library allocation
|
page read and write
|
||
|
20EE000
|
direct allocation
|
page read and write
|
||
|
2256D215000
|
heap
|
page read and write
|
||
|
1580000
|
trusted library allocation
|
page read and write
|
||
|
10017000
|
direct allocation
|
page read and write
|
||
|
1416B202000
|
heap
|
page read and write
|
||
|
1220000
|
heap
|
page read and write
|
||
|
6AF000
|
stack
|
page read and write
|
||
|
693000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
21F4000
|
direct allocation
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
43C6000
|
trusted library allocation
|
page read and write
|
||
|
5016000
|
direct allocation
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
1D334C4F000
|
heap
|
page read and write
|
||
|
43A8000
|
trusted library allocation
|
page read and write
|
||
|
2256DB10000
|
trusted library section
|
page readonly
|
||
|
114000
|
unkown
|
page readonly
|
||
|
2760000
|
trusted library allocation
|
page read and write
|
||
|
1459000
|
unkown
|
page execute and write copy
|
||
|
48FF000
|
stack
|
page read and write
|
||
|
1734000
|
heap
|
page read and write
|
||
|
22D9000
|
direct allocation
|
page read and write
|
||
|
6DBAA7E000
|
stack
|
page read and write
|
||
|
10000000
|
direct allocation
|
page read and write
|
||
|
2040000
|
direct allocation
|
page read and write
|
||
|
351F000
|
stack
|
page read and write
|
||
|
417000
|
unkown
|
page readonly
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
16A6000
|
heap
|
page read and write
|
||
|
357BA7F000
|
stack
|
page read and write
|
||
|
357C17E000
|
stack
|
page read and write
|
||
|
22572018000
|
trusted library allocation
|
page read and write
|
There are 480 hidden memdumps, click here to show them.