Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\Split Files\HitFiles134.exe
|
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
modified
|
|
|
|
C:\Program Files (x86)\Split Files\is-S7F6P.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Split Files\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-CE3AQ.tmp\_isetup\_RegDLL.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-CE3AQ.tmp\_isetup\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-CE3AQ.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Roaming\{e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}\3JCCsnPwg.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Split Files\ReadMe - EN.txt (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\ReadMe - RU.txt (copy)
|
ISO-8859 text, with very long lines (1053), with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\is-NN8RP.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\is-ULQSL.tmp
|
ISO-8859 text, with very long lines (1053), with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\is-UUBG5.tmp
|
MS Windows 95 Internet shortcut text (URL=<http://www.altarsoft.com/split_files.shtml>), ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\is-VJ0TT.tmp
|
data
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\Arabic.ini (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\Chinese.ini (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\Dutch.ini (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\English.ini (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\French.ini (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\Italian.ini (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\Russian.ini (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\Spanish.ini (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\Turkish.ini (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-3NI9T.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-7O8CS.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-7S1TU.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-A3R8N.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-BVH9M.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-JOJ80.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-L1N1D.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-P2AUO.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-QV8JO.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\unins000.dat
|
InnoSetup Log Split Files, version 0x30, 4866 bytes, 414408\user, "C:\Program Files (x86)\Split Files"
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\webpage.url (copy)
|
MS Windows 95 Internet shortcut text (URL=<http://www.altarsoft.com/split_files.shtml>), ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\ping[1].htm
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\fuckingdllENCR[1].dll
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\count[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\library[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\library[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-CE3AQ.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
There are 31 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
C:\Users\user\Desktop\file.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp
|
"C:\Users\user~1\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp" /SL5="$702C6,1650404,162304,C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Program Files (x86)\Split Files\HitFiles134.exe
|
"C:\Program Files (x86)\Split Files\HitFiles134.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\{e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}\3JCCsnPwg.exe
|
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c taskkill /im "HitFiles134.exe" /f & erase "C:\Program Files (x86)\Split Files\HitFiles134.exe"
& exit
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\taskkill.exe
|
taskkill /im "HitFiles134.exe" /f
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://45.139.105.171/itsnotmalware/count.php?sub=NOSUB&stream=mixtwo&substream=mixinte
|
45.139.105.171
|
|
|
|
http://107.182.129.235/storage/ping.php
|
107.182.129.235
|
|
|
|
http://171.22.30.106/library.php.
|
unknown
|
|
|
|
http://171.22.30.106/library.php4
|
unknown
|
|
|
|
http://171.22.30.106/library.php
|
171.22.30.106
|
|
|
|
http://107.182.129.235/storage/extension.php
|
107.182.129.235
|
|
|
|
http://www.innosetup.com/
|
unknown
|
||
|
http://rus.altarsoft.com/split_files.shtml
|
unknown
|
||
|
http://www.remobjects.com/psU
|
unknown
|
||
|
http://www.remobjects.com/ps
|
unknown
|
||
|
http://www.altarsoft.com/split_files.shtml
|
unknown
|
There are 1 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.139.105.171
|
unknown
|
Italy
|
|
|
|
45.139.105.1
|
unknown
|
Italy
|
|
|
|
85.31.46.167
|
unknown
|
Germany
|
|
|
|
107.182.129.235
|
unknown
|
Reserved
|
|
|
|
171.22.30.106
|
unknown
|
Germany
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Avhpoint Software\HitFiles134
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Split Files_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Split Files_is1
|
Inno Setup: App Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Split Files_is1
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Split Files_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Split Files_is1
|
Inno Setup: User
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Split Files_is1
|
Inno Setup: Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Split Files_is1
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Split Files_is1
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Split Files_is1
|
QuietUninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Split Files_is1
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Split Files_is1
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Split Files_is1
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Split Files_is1
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Split Files_is1
|
MajorVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Split Files_is1
|
MinorVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Split Files_is1
|
EstimatedSize
|
There are 7 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3330000
|
direct allocation
|
page read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
32D0000
|
direct allocation
|
page read and write
|
|
|
|
ACF000
|
stack
|
page read and write
|
||
|
17BC000
|
heap
|
page read and write
|
||
|
1E14E227000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
3198E7E000
|
stack
|
page read and write
|
||
|
3950000
|
trusted library allocation
|
page read and write
|
||
|
424000
|
unkown
|
page readonly
|
||
|
5001DEB000
|
stack
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
29B0000
|
direct allocation
|
page read and write
|
||
|
98387C000
|
stack
|
page read and write
|
||
|
452000
|
unkown
|
page execute and read and write
|
||
|
43EB000
|
trusted library allocation
|
page read and write
|
||
|
17B2F840000
|
heap
|
page read and write
|
||
|
17B2F87B000
|
heap
|
page read and write
|
||
|
2360000
|
direct allocation
|
page read and write
|
||
|
1A9CEAE5000
|
heap
|
page read and write
|
||
|
8505FFC000
|
stack
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
1E14D713000
|
heap
|
page read and write
|
||
|
44AA000
|
trusted library allocation
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
43CD000
|
trusted library allocation
|
page read and write
|
||
|
17B2F832000
|
heap
|
page read and write
|
||
|
2331000
|
direct allocation
|
page read and write
|
||
|
1C6EC400000
|
heap
|
page read and write
|
||
|
17B2F680000
|
heap
|
page read and write
|
||
|
13EF2402000
|
heap
|
page read and write
|
||
|
1E14D693000
|
heap
|
page read and write
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
43EB000
|
trusted library allocation
|
page read and write
|
||
|
17B2F860000
|
heap
|
page read and write
|
||
|
9841FE000
|
stack
|
page read and write
|
||
|
13EF23E0000
|
remote allocation
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
8505F7F000
|
stack
|
page read and write
|
||
|
44AA000
|
trusted library allocation
|
page read and write
|
||
|
1E14E213000
|
heap
|
page read and write
|
||
|
1C6EC280000
|
heap
|
page read and write
|
||
|
C81E49B000
|
stack
|
page read and write
|
||
|
17B2F846000
|
heap
|
page read and write
|
||
|
13EF2250000
|
heap
|
page read and write
|
||
|
85060FD000
|
stack
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
3360000
|
direct allocation
|
page read and write
|
||
|
18F000
|
stack
|
page read and write
|
||
|
43CD000
|
trusted library allocation
|
page read and write
|
||
|
2840000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1A9CEA3E000
|
heap
|
page read and write
|
||
|
1E14D78C000
|
heap
|
page read and write
|
||
|
2320000
|
direct allocation
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
10010000
|
direct allocation
|
page readonly
|
||
|
2500000
|
trusted library allocation
|
page read and write
|
||
|
10017000
|
direct allocation
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
17B2F862000
|
heap
|
page read and write
|
||
|
983BFD000
|
stack
|
page read and write
|
||
|
46B9000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
17B2F832000
|
heap
|
page read and write
|
||
|
13EF2424000
|
heap
|
page read and write
|
||
|
13EF23B0000
|
trusted library allocation
|
page read and write
|
||
|
CC4000
|
unkown
|
page readonly
|
||
|
50028FE000
|
stack
|
page read and write
|
||
|
401E000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
4419000
|
trusted library allocation
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
4AE000
|
unkown
|
page readonly
|
||
|
31989CC000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
33CD000
|
stack
|
page read and write
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
17B2F830000
|
heap
|
page read and write
|
||
|
1275000
|
unkown
|
page readonly
|
||
|
3ADE000
|
stack
|
page read and write
|
||
|
1E14D665000
|
heap
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
21AAEE3C000
|
heap
|
page read and write
|
||
|
3950000
|
trusted library allocation
|
page read and write
|
||
|
1E14DEA0000
|
trusted library allocation
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
CB1000
|
unkown
|
page execute read
|
||
|
44AA000
|
trusted library allocation
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
850637E000
|
stack
|
page read and write
|
||
|
3850000
|
heap
|
page read and write
|
||
|
17B2F82E000
|
heap
|
page read and write
|
||
|
1E14E230000
|
heap
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
C81E8FE000
|
stack
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
CB0000
|
unkown
|
page readonly
|
||
|
43EB000
|
trusted library allocation
|
page read and write
|
||
|
4419000
|
trusted library allocation
|
page read and write
|
||
|
1C6EC441000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
17B2F7F0000
|
trusted library allocation
|
page read and write
|
||
|
2337000
|
direct allocation
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1E14D5E0000
|
heap
|
page read and write
|
||
|
9842FF000
|
stack
|
page read and write
|
||
|
7DA000
|
heap
|
page read and write
|
||
|
1E14E1C1000
|
heap
|
page read and write
|
||
|
983EFD000
|
stack
|
page read and write
|
||
|
C81EAFF000
|
stack
|
page read and write
|
||
|
1A9CEB13000
|
heap
|
page read and write
|
||
|
850647E000
|
stack
|
page read and write
|
||
|
4419000
|
trusted library allocation
|
page read and write
|
||
|
983A7A000
|
stack
|
page read and write
|
||
|
21AAEC70000
|
heap
|
page read and write
|
||
|
7D6000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
43CD000
|
trusted library allocation
|
page read and write
|
||
|
10000000
|
direct allocation
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
17B2F845000
|
heap
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
44AA000
|
trusted library allocation
|
page read and write
|
||
|
2330000
|
direct allocation
|
page read and write
|
||
|
7E8000
|
heap
|
page read and write
|
||
|
43CD000
|
trusted library allocation
|
page read and write
|
||
|
1A9CEA29000
|
heap
|
page read and write
|
||
|
1A9CEAE2000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
3950000
|
trusted library allocation
|
page read and write
|
||
|
43EB000
|
trusted library allocation
|
page read and write
|
||
|
17B2F877000
|
heap
|
page read and write
|
||
|
216BBBE000
|
stack
|
page read and write
|
||
|
17B2F84E000
|
heap
|
page read and write
|
||
|
17B2F86D000
|
heap
|
page read and write
|
||
|
24D1000
|
direct allocation
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
43CD000
|
trusted library allocation
|
page read and write
|
||
|
43EB000
|
trusted library allocation
|
page read and write
|
||
|
54E000
|
stack
|
page read and write
|
||
|
500000
|
trusted library allocation
|
page read and write
|
||
|
43CD000
|
trusted library allocation
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
9CE000
|
stack
|
page read and write
|
||
|
10019000
|
direct allocation
|
page readonly
|
||
|
43EB000
|
trusted library allocation
|
page read and write
|
||
|
216C1FE000
|
stack
|
page read and write
|
||
|
17B2F864000
|
heap
|
page read and write
|
||
|
17B2F850000
|
heap
|
page read and write
|
||
|
23E5000
|
direct allocation
|
page read and write
|
||
|
1001A000
|
direct allocation
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
17B2F84B000
|
heap
|
page read and write
|
||
|
50021FB000
|
stack
|
page read and write
|
||
|
4419000
|
trusted library allocation
|
page read and write
|
||
|
411C000
|
stack
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
1A9CE950000
|
heap
|
page read and write
|
||
|
31990FD000
|
stack
|
page read and write
|
||
|
319927D000
|
stack
|
page read and write
|
||
|
17B2F83A000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
439D000
|
trusted library allocation
|
page read and write
|
||
|
4BD000
|
unkown
|
page readonly
|
||
|
17B2F844000
|
heap
|
page read and write
|
||
|
17F3000
|
heap
|
page read and write
|
||
|
1BA0000
|
heap
|
page read and write
|
||
|
2338000
|
direct allocation
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
17B2F84F000
|
heap
|
page read and write
|
||
|
1E14E143000
|
heap
|
page read and write
|
||
|
C0F000
|
stack
|
page read and write
|
||
|
17B2F800000
|
heap
|
page read and write
|
||
|
4419000
|
trusted library allocation
|
page read and write
|
||
|
43EB000
|
trusted library allocation
|
page read and write
|
||
|
190E000
|
stack
|
page read and write
|
||
|
1C6EC513000
|
heap
|
page read and write
|
||
|
10002000
|
unkown
|
page readonly
|
||
|
850627C000
|
stack
|
page read and write
|
||
|
44AA000
|
trusted library allocation
|
page read and write
|
||
|
1C6EC210000
|
heap
|
page read and write
|
||
|
2420000
|
direct allocation
|
page read and write
|
||
|
C81E9F9000
|
stack
|
page read and write
|
||
|
17B2F86B000
|
heap
|
page read and write
|
||
|
4620000
|
direct allocation
|
page read and write
|
||
|
13EF22B0000
|
heap
|
page read and write
|
||
|
1C6EC220000
|
heap
|
page read and write
|
||
|
43EB000
|
trusted library allocation
|
page read and write
|
||
|
17B2F849000
|
heap
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
17B2F829000
|
heap
|
page read and write
|
||
|
13EF2400000
|
heap
|
page read and write
|
||
|
1E14E122000
|
heap
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
9840FF000
|
stack
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
17B2F839000
|
heap
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
21AAEE47000
|
heap
|
page read and write
|
||
|
7EA000
|
heap
|
page read and write
|
||
|
497000
|
unkown
|
page write copy
|
||
|
3851000
|
heap
|
page read and write
|
||
|
13EF2413000
|
heap
|
page read and write
|
||
|
1710000
|
heap
|
page read and write
|
||
|
411000
|
unkown
|
page readonly
|
||
|
4700000
|
heap
|
page read and write
|
||
|
216C0FE000
|
stack
|
page read and write
|
||
|
16F0000
|
direct allocation
|
page read and write
|
||
|
1A9CF500000
|
heap
|
page read and write
|
||
|
44AA000
|
trusted library allocation
|
page read and write
|
||
|
3860000
|
heap
|
page read and write
|
||
|
17B2F841000
|
heap
|
page read and write
|
||
|
216BB3B000
|
stack
|
page read and write
|
||
|
46AB000
|
direct allocation
|
page read and write
|
||
|
1A9CEA13000
|
heap
|
page read and write
|
||
|
1C6EC48B000
|
heap
|
page read and write
|
||
|
399E000
|
stack
|
page read and write
|
||
|
1A9CEB02000
|
heap
|
page read and write
|
||
|
3198FFE000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
44AA000
|
trusted library allocation
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
780000
|
direct allocation
|
page read and write
|
||
|
1700000
|
direct allocation
|
page read and write
|
||
|
49B000
|
unkown
|
page write copy
|
||
|
695000
|
heap
|
page read and write
|
||
|
17B2F842000
|
heap
|
page read and write
|
||
|
68A000
|
heap
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
13EF2C02000
|
trusted library allocation
|
page read and write
|
||
|
7CE000
|
heap
|
page read and write
|
||
|
3A9F000
|
stack
|
page read and write
|
||
|
44AA000
|
trusted library allocation
|
page read and write
|
||
|
13EF2451000
|
heap
|
page read and write
|
||
|
2A30000
|
direct allocation
|
page read and write
|
||
|
73C000
|
stack
|
page read and write
|
||
|
1E14D643000
|
heap
|
page read and write
|
||
|
198000
|
stack
|
page read and write
|
||
|
9843FE000
|
stack
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
1C6EC475000
|
heap
|
page read and write
|
||
|
497000
|
unkown
|
page read and write
|
||
|
1E14D580000
|
heap
|
page read and write
|
||
|
128B000
|
unkown
|
page readonly
|
||
|
8505CFC000
|
stack
|
page read and write
|
||
|
498000
|
unkown
|
page write copy
|
||
|
1E14E100000
|
heap
|
page read and write
|
||
|
B8F000
|
stack
|
page read and write
|
||
|
1C6EC402000
|
heap
|
page read and write
|
||
|
6E0000
|
direct allocation
|
page execute and read and write
|
||
|
17B2F847000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
85058AB000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1E14D613000
|
heap
|
page read and write
|
||
|
3FCA000
|
stack
|
page read and write
|
||
|
2348000
|
direct allocation
|
page read and write
|
||
|
13EF243D000
|
heap
|
page read and write
|
||
|
CBC000
|
unkown
|
page readonly
|
||
|
1A9CE9F0000
|
trusted library allocation
|
page read and write
|
||
|
1E14E102000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
31D1000
|
trusted library allocation
|
page read and write
|
||
|
44AB000
|
trusted library allocation
|
page read and write
|
||
|
CC4000
|
unkown
|
page readonly
|
||
|
710000
|
trusted library allocation
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
7CE000
|
heap
|
page read and write
|
||
|
13EF23E0000
|
remote allocation
|
page read and write
|
||
|
216BE7E000
|
stack
|
page read and write
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
415E000
|
stack
|
page read and write
|
||
|
431A000
|
trusted library allocation
|
page read and write
|
||
|
24F4000
|
heap
|
page read and write
|
||
|
983FFF000
|
stack
|
page read and write
|
||
|
43CD000
|
trusted library allocation
|
page read and write
|
||
|
44AA000
|
trusted library allocation
|
page read and write
|
||
|
40B000
|
unkown
|
page read and write
|
||
|
199000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
10001000
|
direct allocation
|
page execute read
|
||
|
485C000
|
stack
|
page read and write
|
||
|
21AAEC10000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
7D3000
|
heap
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
50027FF000
|
stack
|
page read and write
|
||
|
780000
|
direct allocation
|
page read and write
|
||
|
1C6EC380000
|
trusted library allocation
|
page read and write
|
||
|
2404000
|
direct allocation
|
page read and write
|
||
|
4419000
|
trusted library allocation
|
page read and write
|
||
|
4695000
|
direct allocation
|
page read and write
|
||
|
1E14D7B9000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
1C6EC46B000
|
heap
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
21AAEE13000
|
heap
|
page read and write
|
||
|
1A9CEA86000
|
heap
|
page read and write
|
||
|
17B2F861000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
4419000
|
trusted library allocation
|
page read and write
|
||
|
40B000
|
unkown
|
page write copy
|
||
|
3851000
|
heap
|
page read and write
|
||
|
17B2F863000
|
heap
|
page read and write
|
||
|
411000
|
unkown
|
page readonly
|
||
|
CB1000
|
unkown
|
page execute read
|
||
|
3198EFE000
|
stack
|
page read and write
|
||
|
1A0E000
|
stack
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
1E14E200000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
3851000
|
heap
|
page read and write
|
||
|
7E8000
|
heap
|
page read and write
|
||
|
21AAEE00000
|
heap
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
7D2000
|
heap
|
page read and write
|
||
|
CC2000
|
unkown
|
page write copy
|
||
|
3851000
|
heap
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
1A9CE9C0000
|
heap
|
page read and write
|
||
|
1E14D629000
|
heap
|
page read and write
|
||
|
1E14D570000
|
heap
|
page read and write
|
||
|
1805000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1A9CE960000
|
heap
|
page read and write
|
||
|
1E14DE80000
|
trusted library allocation
|
page read and write
|
||
|
1E14D691000
|
heap
|
page read and write
|
||
|
17B2F83D000
|
heap
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
63D000
|
stack
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
171A000
|
heap
|
page read and write
|
||
|
16C0000
|
direct allocation
|
page read and write
|
||
|
7ED000
|
heap
|
page read and write
|
||
|
4AE000
|
unkown
|
page readonly
|
||
|
3851000
|
heap
|
page read and write
|
||
|
32C0000
|
heap
|
page read and write
|
||
|
424000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
470000
|
unkown
|
page readonly
|
||
|
415000
|
unkown
|
page readonly
|
||
|
1A9CEA6E000
|
heap
|
page read and write
|
||
|
1E14D653000
|
heap
|
page read and write
|
||
|
29B0000
|
direct allocation
|
page read and write
|
||
|
17B2F848000
|
heap
|
page read and write
|
||
|
2400000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1E14D7E5000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
13EF2240000
|
heap
|
page read and write
|
||
|
63E000
|
stack
|
page read and write
|
||
|
7DA000
|
heap
|
page read and write
|
||
|
7BE000
|
heap
|
page read and write
|
||
|
17B2F884000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
17B2F902000
|
heap
|
page read and write
|
||
|
3E5F000
|
stack
|
page read and write
|
||
|
1E14D676000
|
heap
|
page read and write
|
||
|
97000
|
stack
|
page read and write
|
||
|
475E000
|
stack
|
page read and write
|
||
|
5B0000
|
trusted library allocation
|
page read and write
|
||
|
A8F000
|
stack
|
page read and write
|
||
|
1E14D600000
|
heap
|
page read and write
|
||
|
1A9CF402000
|
heap
|
page read and write
|
||
|
1A9CEABC000
|
heap
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
43CD000
|
trusted library allocation
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
216C2FE000
|
stack
|
page read and write
|
||
|
17B2F87A000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
7D6000
|
heap
|
page read and write
|
||
|
17B2F813000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
5EE000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
17B2F868000
|
heap
|
page read and write
|
||
|
43CD000
|
trusted library allocation
|
page read and write
|
||
|
B0E000
|
stack
|
page read and write
|
||
|
2420000
|
direct allocation
|
page read and write
|
||
|
79A000
|
heap
|
page read and write
|
||
|
1E14E171000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
850617B000
|
stack
|
page read and write
|
||
|
3BDF000
|
stack
|
page read and write
|
||
|
983DFE000
|
stack
|
page read and write
|
||
|
7C1000
|
heap
|
page read and write
|
||
|
3D1F000
|
stack
|
page read and write
|
||
|
50025FF000
|
stack
|
page read and write
|
||
|
13EF2502000
|
heap
|
page read and write
|
||
|
1299000
|
unkown
|
page readonly
|
||
|
43BF000
|
trusted library allocation
|
page read and write
|
||
|
1A9CEAC4000
|
heap
|
page read and write
|
||
|
1E14E223000
|
heap
|
page read and write
|
||
|
A7F000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
4419000
|
trusted library allocation
|
page read and write
|
||
|
3E70000
|
heap
|
page read and write
|
||
|
2331000
|
direct allocation
|
page read and write
|
||
|
1E14E002000
|
heap
|
page read and write
|
||
|
50024F9000
|
stack
|
page read and write
|
||
|
13EF2429000
|
heap
|
page read and write
|
||
|
319937D000
|
stack
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
17B30002000
|
trusted library allocation
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
1C6EC502000
|
heap
|
page read and write
|
||
|
3C1E000
|
stack
|
page read and write
|
||
|
4BD000
|
unkown
|
page readonly
|
||
|
1E14E196000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
500237F000
|
stack
|
page read and write
|
||
|
192000
|
stack
|
page read and write
|
||
|
2338000
|
direct allocation
|
page read and write
|
||
|
2310000
|
heap
|
page read and write
|
||
|
4419000
|
trusted library allocation
|
page read and write
|
||
|
21AAEE52000
|
heap
|
page read and write
|
||
|
17B2F87E000
|
heap
|
page read and write
|
||
|
43CD000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1E14E202000
|
heap
|
page read and write
|
||
|
1E14D679000
|
heap
|
page read and write
|
||
|
43EB000
|
trusted library allocation
|
page read and write
|
||
|
1E14E1C9000
|
heap
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
1E14D684000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
7E8000
|
heap
|
page read and write
|
||
|
43EB000
|
trusted library allocation
|
page read and write
|
||
|
4A9000
|
unkown
|
page readonly
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
13EF23E0000
|
remote allocation
|
page read and write
|
||
|
17B2F82D000
|
heap
|
page read and write
|
||
|
CBC000
|
unkown
|
page readonly
|
||
|
1E14D68B000
|
heap
|
page read and write
|
||
|
425F000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
CC2000
|
unkown
|
page read and write
|
||
|
4419000
|
trusted library allocation
|
page read and write
|
||
|
C81EBFE000
|
stack
|
page read and write
|
||
|
499000
|
unkown
|
page read and write
|
||
|
43A0000
|
trusted library allocation
|
page read and write
|
||
|
169E000
|
stack
|
page read and write
|
||
|
4A9000
|
unkown
|
page readonly
|
||
|
1610000
|
heap
|
page read and write
|
||
|
2350000
|
direct allocation
|
page read and write
|
||
|
43EB000
|
trusted library allocation
|
page read and write
|
||
|
7E5000
|
heap
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
17B2F86A000
|
heap
|
page read and write
|
||
|
44AA000
|
trusted library allocation
|
page read and write
|
||
|
1E14D63C000
|
heap
|
page read and write
|
||
|
21AAEE29000
|
heap
|
page read and write
|
||
|
1E14E1B3000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1E14D686000
|
heap
|
page read and write
|
||
|
1A9CEA00000
|
heap
|
page read and write
|
||
|
3380000
|
direct allocation
|
page read and write
|
||
|
21AAEE43000
|
heap
|
page read and write
|
||
|
17B2F856000
|
heap
|
page read and write
|
||
|
34CF000
|
stack
|
page read and write
|
||
|
500247B000
|
stack
|
page read and write
|
||
|
983CFE000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
98F000
|
stack
|
page read and write
|
||
|
21AAEE2E000
|
heap
|
page read and write
|
||
|
21AAEE02000
|
heap
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
21AAF602000
|
trusted library allocation
|
page read and write
|
||
|
21AAEF02000
|
heap
|
page read and write
|
||
|
1600000
|
trusted library allocation
|
page read and write
|
||
|
5FE000
|
stack
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
7F4000
|
heap
|
page read and write
|
||
|
17B2F690000
|
heap
|
page read and write
|
||
|
17B2F6F0000
|
heap
|
page read and write
|
||
|
3ECE000
|
stack
|
page read and write
|
||
|
12A3000
|
unkown
|
page execute and write copy
|
||
|
415000
|
unkown
|
page readonly
|
||
|
50026FA000
|
stack
|
page read and write
|
||
|
500287E000
|
stack
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
1E14E154000
|
heap
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
67E000
|
stack
|
page read and write
|
||
|
165E000
|
stack
|
page read and write
|
||
|
17B2F865000
|
heap
|
page read and write
|
||
|
1C6EC45A000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1C6ECC02000
|
trusted library allocation
|
page read and write
|
||
|
CB0000
|
unkown
|
page readonly
|
||
|
216BFFE000
|
stack
|
page read and write
|
||
|
1806000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
2350000
|
direct allocation
|
page read and write
|
||
|
1C6EC413000
|
heap
|
page read and write
|
||
|
21AAEC20000
|
heap
|
page read and write
|
||
|
411E000
|
stack
|
page read and write
|
||
|
1E14E122000
|
heap
|
page read and write
|
||
|
1A9CEACD000
|
heap
|
page read and write
|
||
|
790000
|
trusted library allocation
|
page read and write
|
||
|
23D7000
|
direct allocation
|
page read and write
|
||
|
3198D7E000
|
stack
|
page read and write
|
||
|
2361000
|
direct allocation
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
21AAEE49000
|
heap
|
page read and write
|
||
|
21AAED70000
|
trusted library allocation
|
page read and write
|
||
|
24F0000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
319917E000
|
stack
|
page read and write
|
||
|
1A9CF532000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
1C6EC429000
|
heap
|
page read and write
|
||
|
8505E7F000
|
stack
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
87F000
|
stack
|
page read and write
|
||
|
24C3000
|
direct allocation
|
page read and write
|
||
|
3D5E000
|
stack
|
page read and write
|
||
|
1E14D658000
|
heap
|
page read and write
|
||
|
2348000
|
direct allocation
|
page read and write
|
||
|
17F0000
|
heap
|
page read and write
|
||
|
1A9CEA88000
|
heap
|
page read and write
|
||
|
7CA000
|
heap
|
page read and write
|
||
|
4419000
|
trusted library allocation
|
page read and write
|
||
|
1E14D669000
|
heap
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
There are 525 hidden memdumps, click here to show them.