Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\FgasoftFR\FinalRecovery\Preview.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\FgasoftFR\FinalRecovery\finalrecovery.exe
|
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
modified
|
|
|
|
C:\Program Files (x86)\FgasoftFR\FinalRecovery\is-RVFGU.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\FgasoftFR\FinalRecovery\is-U89TP.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\FgasoftFR\FinalRecovery\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-EFH65.tmp\_isetup\_RegDLL.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-EFH65.tmp\_isetup\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-EFH65.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-HGAMR.tmp\file.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\{e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}\6tohc1clzbcir.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\FgasoftFR\FinalRecovery\Readme.txt (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\FgasoftFR\FinalRecovery\data\Config.xml (copy)
|
XML 1.0 document, ASCII text, with very long lines (5978), with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\FgasoftFR\FinalRecovery\data\is-K2TAS.tmp
|
XML 1.0 document, ASCII text, with very long lines (5978), with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\FgasoftFR\FinalRecovery\finalrecovery.chm (copy)
|
MS Windows HtmlHelp Data
|
dropped
|
||
|
C:\Program Files (x86)\FgasoftFR\FinalRecovery\is-05LH6.tmp
|
MS Windows HtmlHelp Data
|
dropped
|
||
|
C:\Program Files (x86)\FgasoftFR\FinalRecovery\is-587OJ.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\FgasoftFR\FinalRecovery\is-8DPO5.tmp
|
data
|
dropped
|
||
|
C:\Program Files (x86)\FgasoftFR\FinalRecovery\unins000.dat
|
InnoSetup Log FgasoftFR FinalRecovery, version 0x30, 4340 bytes, 585948\user, "C:\Program Files (x86)\FgasoftFR\FinalRecovery"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\fuckingdllENCR[1].dll
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\stuk[1].htm
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\dll[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\dll[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\plus[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-EFH65.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
There are 15 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
C:\Users\user\Desktop\file.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-HGAMR.tmp\file.tmp
|
"C:\Users\user\AppData\Local\Temp\is-HGAMR.tmp\file.tmp" /SL5="$4023C,1536639,54272,C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Program Files (x86)\FgasoftFR\FinalRecovery\finalrecovery.exe
|
"C:\Program Files (x86)\FgasoftFR\FinalRecovery\finalrecovery.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\{e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}\6tohc1clzbcir.exe
|
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c taskkill /im "finalrecovery.exe" /f & erase "C:\Program Files (x86)\FgasoftFR\FinalRecovery\finalrecovery.exe"
& exit
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\taskkill.exe
|
taskkill /im "finalrecovery.exe" /f
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://45.12.253.72/default/stuk.php
|
45.12.253.72
|
|
|
|
http://45.12.253.56/advertisting/plus.php?s=NOSUB&str=mixtwo&substr=mixinte
|
45.12.253.56
|
|
|
|
http://45.12.253.72/default/puk.php
|
45.12.253.72
|
|
|
|
http://45.12.253.75/dll.php
|
45.12.253.75
|
|
|
|
http://www.innosetup.com/
|
unknown
|
||
|
http://www.remobjects.com/psU
|
unknown
|
||
|
http://45.12.253.75/dll.phpI
|
unknown
|
||
|
http://45.12.253.72/default/puk.phpk
|
unknown
|
||
|
http://nbafrog.com/b
|
unknown
|
||
|
http://www.finalrecovery.com/buy.htm
|
unknown
|
||
|
http://45.12.253.72/default/stuk.phpE
|
unknown
|
||
|
http://www.remobjects.com/ps
|
unknown
|
||
|
http://nbafrog.com/
|
unknown
|
||
|
http://nbafrog.com/.
|
unknown
|
There are 4 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.12.253.72
|
unknown
|
Germany
|
|
|
|
45.12.253.75
|
unknown
|
Germany
|
|
|
|
45.12.253.98
|
unknown
|
Germany
|
|
|
|
45.12.253.56
|
unknown
|
Germany
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
Inno Setup: App Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
Inno Setup: User
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
Inno Setup: Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
DisplayIcon
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
QuietUninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
EstimatedSize
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3250000
|
direct allocation
|
page read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
29AEB7F000
|
stack
|
page read and write
|
||
|
5970F6B000
|
stack
|
page read and write
|
||
|
182000
|
unkown
|
page read and write
|
||
|
782000
|
heap
|
page read and write
|
||
|
1BBA6BE5000
|
heap
|
page read and write
|
||
|
59715FC000
|
stack
|
page read and write
|
||
|
1E205A13000
|
heap
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
171000
|
unkown
|
page execute read
|
||
|
2121FA70000
|
heap
|
page read and write
|
||
|
E20EFD000
|
stack
|
page read and write
|
||
|
10001000
|
direct allocation
|
page execute read
|
||
|
24CEBC3C000
|
heap
|
page read and write
|
||
|
4A6B000
|
direct allocation
|
page read and write
|
||
|
1AA71930000
|
heap
|
page read and write
|
||
|
1DB7EA02000
|
trusted library allocation
|
page read and write
|
||
|
6EF000
|
stack
|
page read and write
|
||
|
29AE87C000
|
stack
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
255A01B0000
|
heap
|
page read and write
|
||
|
24CEBC02000
|
heap
|
page read and write
|
||
|
2840000
|
trusted library allocation
|
page read and write
|
||
|
1BBA7413000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
341F000
|
stack
|
page read and write
|
||
|
29AE77F000
|
stack
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
1AA71C20000
|
trusted library allocation
|
page read and write
|
||
|
2121FA62000
|
heap
|
page read and write
|
||
|
2121FA3C000
|
heap
|
page read and write
|
||
|
59714FA000
|
stack
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
2121FA25000
|
heap
|
page read and write
|
||
|
1BBA7394000
|
heap
|
page read and write
|
||
|
26497300000
|
heap
|
page read and write
|
||
|
43F7000
|
heap
|
page read and write
|
||
|
1E205A7F000
|
heap
|
page read and write
|
||
|
17D83C20000
|
heap
|
page read and write
|
||
|
22C0000
|
direct allocation
|
page read and write
|
||
|
43F3000
|
heap
|
page read and write
|
||
|
4362000
|
heap
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
199000
|
stack
|
page read and write
|
||
|
255A0513000
|
heap
|
page read and write
|
||
|
1DB7E413000
|
heap
|
page read and write
|
||
|
3161000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
1E205B02000
|
heap
|
page read and write
|
||
|
29AED7F000
|
stack
|
page read and write
|
||
|
2121FA31000
|
heap
|
page read and write
|
||
|
2121FA13000
|
heap
|
page read and write
|
||
|
1BBA73BC000
|
heap
|
page read and write
|
||
|
1BBA6990000
|
trusted library allocation
|
page read and write
|
||
|
3A2E000
|
stack
|
page read and write
|
||
|
2121FA2A000
|
heap
|
page read and write
|
||
|
330F000
|
stack
|
page read and write
|
||
|
43F7000
|
heap
|
page read and write
|
||
|
32B0000
|
direct allocation
|
page read and write
|
||
|
26496B02000
|
heap
|
page read and write
|
||
|
26496B13000
|
heap
|
page read and write
|
||
|
10E4F7B000
|
stack
|
page read and write
|
||
|
2121FA60000
|
heap
|
page read and write
|
||
|
32D0000
|
direct allocation
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
24CEBC29000
|
heap
|
page read and write
|
||
|
41AC000
|
stack
|
page read and write
|
||
|
17D83E75000
|
heap
|
page read and write
|
||
|
17D84402000
|
trusted library allocation
|
page read and write
|
||
|
59717F9000
|
stack
|
page read and write
|
||
|
26497314000
|
heap
|
page read and write
|
||
|
1AA719B0000
|
heap
|
page read and write
|
||
|
26496A00000
|
heap
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
331D000
|
stack
|
page read and write
|
||
|
12BD000
|
unkown
|
page execute and write copy
|
||
|
255A045B000
|
heap
|
page read and write
|
||
|
9F58479000
|
stack
|
page read and write
|
||
|
2470000
|
heap
|
page read and write
|
||
|
2267000
|
direct allocation
|
page read and write
|
||
|
43F3000
|
heap
|
page read and write
|
||
|
1DB7E429000
|
heap
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1BBA7423000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
2121FA7F000
|
heap
|
page read and write
|
||
|
4FD000
|
stack
|
page read and write
|
||
|
1BBA7402000
|
heap
|
page read and write
|
||
|
4970000
|
direct allocation
|
page read and write
|
||
|
2121FA64000
|
heap
|
page read and write
|
||
|
1BBA6A77000
|
heap
|
page read and write
|
||
|
791000
|
heap
|
page read and write
|
||
|
43F7000
|
heap
|
page read and write
|
||
|
1AA72810000
|
trusted library allocation
|
page read and write
|
||
|
243DAFE000
|
stack
|
page read and write
|
||
|
243DA7E000
|
stack
|
page read and write
|
||
|
26496980000
|
heap
|
page read and write
|
||
|
228F000
|
direct allocation
|
page read and write
|
||
|
1AA71C10000
|
heap
|
page read and write
|
||
|
79D000
|
heap
|
page read and write
|
||
|
1BBA6A6F000
|
heap
|
page read and write
|
||
|
B5541FE000
|
stack
|
page read and write
|
||
|
255A0310000
|
trusted library allocation
|
page read and write
|
||
|
1E206202000
|
trusted library allocation
|
page read and write
|
||
|
2121FA7C000
|
heap
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
1AA719A0000
|
trusted library allocation
|
page read and write
|
||
|
184000
|
unkown
|
page readonly
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
10002000
|
unkown
|
page readonly
|
||
|
1860000
|
direct allocation
|
page read and write
|
||
|
43F3000
|
heap
|
page read and write
|
||
|
37B0000
|
heap
|
page read and write
|
||
|
BCAC27F000
|
stack
|
page read and write
|
||
|
1BBA6A5E000
|
heap
|
page read and write
|
||
|
1DB7E990000
|
remote allocation
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
4670000
|
heap
|
page read and write
|
||
|
1BBA6A29000
|
heap
|
page read and write
|
||
|
182E000
|
stack
|
page read and write
|
||
|
26497150000
|
trusted library allocation
|
page read and write
|
||
|
2260000
|
direct allocation
|
page read and write
|
||
|
49A000
|
unkown
|
page read and write
|
||
|
1BBA6B8E000
|
heap
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
2259000
|
heap
|
page read and write
|
||
|
1BBA6A41000
|
heap
|
page read and write
|
||
|
43F3000
|
heap
|
page read and write
|
||
|
18A0000
|
heap
|
page read and write
|
||
|
1E205870000
|
heap
|
page read and write
|
||
|
1DB7E502000
|
heap
|
page read and write
|
||
|
43F3000
|
heap
|
page read and write
|
||
|
1BBA68E0000
|
heap
|
page read and write
|
||
|
1BBA6A66000
|
heap
|
page read and write
|
||
|
255A03E0000
|
remote allocation
|
page read and write
|
||
|
94F000
|
stack
|
page read and write
|
||
|
40AE000
|
stack
|
page read and write
|
||
|
17D83F02000
|
heap
|
page read and write
|
||
|
1BBA6940000
|
heap
|
page read and write
|
||
|
1BBA6A67000
|
heap
|
page read and write
|
||
|
334E000
|
stack
|
page read and write
|
||
|
1E205A29000
|
heap
|
page read and write
|
||
|
26496A70000
|
heap
|
page read and write
|
||
|
799000
|
heap
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
170000
|
unkown
|
page readonly
|
||
|
1E205B00000
|
heap
|
page read and write
|
||
|
17D83E00000
|
heap
|
page read and write
|
||
|
255A0500000
|
heap
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
31A0000
|
direct allocation
|
page read and write
|
||
|
7A8000
|
heap
|
page read and write
|
||
|
29AEF7F000
|
stack
|
page read and write
|
||
|
2280000
|
direct allocation
|
page read and write
|
||
|
2121FA46000
|
heap
|
page read and write
|
||
|
BCAC17F000
|
stack
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
1830000
|
direct allocation
|
page read and write
|
||
|
1AA71A12000
|
heap
|
page read and write
|
||
|
26497202000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
1BBA6A75000
|
heap
|
page read and write
|
||
|
24CEBD02000
|
heap
|
page read and write
|
||
|
17D83E5C000
|
heap
|
page read and write
|
||
|
255A0413000
|
heap
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
255A0330000
|
trusted library allocation
|
page read and write
|
||
|
46E000
|
unkown
|
page readonly
|
||
|
12EB000
|
unkown
|
page execute and write copy
|
||
|
17D83E69000
|
heap
|
page read and write
|
||
|
674D1EC000
|
stack
|
page read and write
|
||
|
59716FF000
|
stack
|
page read and write
|
||
|
12B7000
|
unkown
|
page execute and write copy
|
||
|
3CAE000
|
stack
|
page read and write
|
||
|
2198000
|
direct allocation
|
page read and write
|
||
|
2121FA43000
|
heap
|
page read and write
|
||
|
2121FA85000
|
heap
|
page read and write
|
||
|
17D83E56000
|
heap
|
page read and write
|
||
|
1DB7E44F000
|
heap
|
page read and write
|
||
|
A8F000
|
stack
|
page read and write
|
||
|
1AA718B0000
|
trusted library allocation
|
page read and write
|
||
|
2121FA4D000
|
heap
|
page read and write
|
||
|
17D83E54000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
255A049C000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
30000
|
heap
|
page read and write
|
||
|
1AA71910000
|
heap
|
page read and write
|
||
|
29AE1CC000
|
stack
|
page read and write
|
||
|
26496A13000
|
heap
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
1BBA7302000
|
heap
|
page read and write
|
||
|
243DD7E000
|
stack
|
page read and write
|
||
|
498000
|
unkown
|
page write copy
|
||
|
30000
|
heap
|
page read and write
|
||
|
168A000
|
heap
|
page read and write
|
||
|
15BA000
|
heap
|
page read and write
|
||
|
10017000
|
direct allocation
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
2250000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
255A043D000
|
heap
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
29AEE7E000
|
stack
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
255A0518000
|
heap
|
page read and write
|
||
|
47BC000
|
stack
|
page read and write
|
||
|
2121FA69000
|
heap
|
page read and write
|
||
|
5EE000
|
stack
|
page read and write
|
||
|
1272000
|
unkown
|
page readonly
|
||
|
17D83E70000
|
heap
|
page read and write
|
||
|
4308000
|
heap
|
page read and write
|
||
|
7AD000
|
heap
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
12C2000
|
unkown
|
page execute and write copy
|
||
|
29AEC7F000
|
stack
|
page read and write
|
||
|
26496ABC000
|
heap
|
page read and write
|
||
|
9F584F9000
|
stack
|
page read and write
|
||
|
411000
|
unkown
|
page readonly
|
||
|
1BBA7400000
|
heap
|
page read and write
|
||
|
7AC000
|
heap
|
page read and write
|
||
|
78D000
|
heap
|
page read and write
|
||
|
17D83E02000
|
heap
|
page read and write
|
||
|
17D83E29000
|
heap
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
29AE5FB000
|
stack
|
page read and write
|
||
|
1E205A00000
|
heap
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
1BBA7322000
|
heap
|
page read and write
|
||
|
2121FA42000
|
heap
|
page read and write
|
||
|
23A0000
|
heap
|
page read and write
|
||
|
17D83E13000
|
heap
|
page read and write
|
||
|
15A0000
|
direct allocation
|
page read and write
|
||
|
255A0210000
|
heap
|
page read and write
|
||
|
26496A89000
|
heap
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
255A045A000
|
heap
|
page read and write
|
||
|
7A2000
|
heap
|
page read and write
|
||
|
1DB7E402000
|
heap
|
page read and write
|
||
|
7A2000
|
heap
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
411000
|
unkown
|
page readonly
|
||
|
2121FA6B000
|
heap
|
page read and write
|
||
|
8CA000
|
heap
|
page read and write
|
||
|
24CEC402000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
20E8000
|
direct allocation
|
page read and write
|
||
|
2121FA63000
|
heap
|
page read and write
|
||
|
24CEBC00000
|
heap
|
page read and write
|
||
|
E2107D000
|
stack
|
page read and write
|
||
|
24CEBAA0000
|
heap
|
page read and write
|
||
|
18E000
|
stack
|
page read and write
|
||
|
499000
|
unkown
|
page write copy
|
||
|
781000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1AA71C00000
|
trusted library allocation
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
1470000
|
heap
|
page read and write
|
||
|
782000
|
heap
|
page read and write
|
||
|
146E000
|
stack
|
page read and write
|
||
|
29AEA7D000
|
stack
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
B553EF9000
|
stack
|
page read and write
|
||
|
1E205A57000
|
heap
|
page read and write
|
||
|
3F6E000
|
stack
|
page read and write
|
||
|
9F5857E000
|
stack
|
page read and write
|
||
|
406A000
|
stack
|
page read and write
|
||
|
1BBA6BB9000
|
heap
|
page read and write
|
||
|
255A046A000
|
heap
|
page read and write
|
||
|
2121FA3A000
|
heap
|
page read and write
|
||
|
2121FA56000
|
heap
|
page read and write
|
||
|
1E205A3C000
|
heap
|
page read and write
|
||
|
2121FA61000
|
heap
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page read and write
|
||
|
1DB7E400000
|
heap
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
171000
|
unkown
|
page execute read
|
||
|
674DC7E000
|
stack
|
page read and write
|
||
|
1BBA7354000
|
heap
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
2121F960000
|
heap
|
page read and write
|
||
|
10019000
|
direct allocation
|
page read and write
|
||
|
BCAC47C000
|
stack
|
page read and write
|
||
|
54E000
|
stack
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
24CEBC52000
|
heap
|
page read and write
|
||
|
24CEBC24000
|
heap
|
page read and write
|
||
|
255A046B000
|
heap
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1AA719FE000
|
heap
|
page read and write
|
||
|
BCABEFC000
|
stack
|
page read and write
|
||
|
1AA72870000
|
trusted library allocation
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
24CEBAF0000
|
heap
|
page read and write
|
||
|
1E205B13000
|
heap
|
page read and write
|
||
|
3C6F000
|
stack
|
page read and write
|
||
|
1E205A86000
|
heap
|
page read and write
|
||
|
82F000
|
stack
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
3F1E000
|
stack
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
1BBA7430000
|
heap
|
page read and write
|
||
|
20E1000
|
direct allocation
|
page read and write
|
||
|
21220202000
|
trusted library allocation
|
page read and write
|
||
|
674DE7F000
|
stack
|
page read and write
|
||
|
1BBA7202000
|
heap
|
page read and write
|
||
|
4AA000
|
unkown
|
page readonly
|
||
|
24CEBC13000
|
heap
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
255A046B000
|
heap
|
page read and write
|
||
|
1AA719FE000
|
heap
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
1AA71BE0000
|
trusted library allocation
|
page read and write
|
||
|
20D0000
|
direct allocation
|
page read and write
|
||
|
1BBA6A67000
|
heap
|
page read and write
|
||
|
1AA719B8000
|
heap
|
page read and write
|
||
|
10E517E000
|
stack
|
page read and write
|
||
|
255A0424000
|
heap
|
page read and write
|
||
|
1AA725D6000
|
trusted library allocation
|
page read and write
|
||
|
1BBA7343000
|
heap
|
page read and write
|
||
|
E20C7E000
|
stack
|
page read and write
|
||
|
B5540FF000
|
stack
|
page read and write
|
||
|
255A0360000
|
trusted library allocation
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
314F000
|
stack
|
page read and write
|
||
|
674D77E000
|
stack
|
page read and write
|
||
|
3B2F000
|
stack
|
page read and write
|
||
|
46BE000
|
stack
|
page read and write
|
||
|
B553E7B000
|
stack
|
page read and write
|
||
|
12F7000
|
unkown
|
page execute and write copy
|
||
|
674DA7B000
|
stack
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
1AA71C15000
|
heap
|
page read and write
|
||
|
255A03A0000
|
trusted library allocation
|
page read and write
|
||
|
787000
|
heap
|
page read and write
|
||
|
43F7000
|
heap
|
page read and write
|
||
|
1BBA6B13000
|
heap
|
page read and write
|
||
|
24CEBC59000
|
heap
|
page read and write
|
||
|
79D000
|
heap
|
page read and write
|
||
|
2121FA5D000
|
heap
|
page read and write
|
||
|
243D7DB000
|
stack
|
page read and write
|
||
|
43F3000
|
heap
|
page read and write
|
||
|
17C000
|
unkown
|
page readonly
|
||
|
1BBA7300000
|
heap
|
page read and write
|
||
|
1AA719C0000
|
heap
|
page read and write
|
||
|
16A5000
|
heap
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
9F5867F000
|
stack
|
page read and write
|
||
|
1658000
|
heap
|
page read and write
|
||
|
26F0000
|
heap
|
page read and write
|
||
|
2121FA5A000
|
heap
|
page read and write
|
||
|
320E000
|
stack
|
page read and write
|
||
|
2121FB02000
|
heap
|
page read and write
|
||
|
426A000
|
heap
|
page read and write
|
||
|
638000
|
heap
|
page read and write
|
||
|
2121FA41000
|
heap
|
page read and write
|
||
|
23A4000
|
heap
|
page read and write
|
||
|
157F000
|
stack
|
page read and write
|
||
|
243DE7F000
|
stack
|
page read and write
|
||
|
255A045B000
|
heap
|
page read and write
|
||
|
255A03E0000
|
remote allocation
|
page read and write
|
||
|
452000
|
unkown
|
page execute and read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
26496ACA000
|
heap
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
1BBA6A13000
|
heap
|
page read and write
|
||
|
10E527E000
|
stack
|
page read and write
|
||
|
24CEBA90000
|
heap
|
page read and write
|
||
|
26496990000
|
heap
|
page read and write
|
||
|
2390000
|
heap
|
page read and write
|
||
|
1DB7E458000
|
heap
|
page read and write
|
||
|
2285000
|
direct allocation
|
page read and write
|
||
|
97000
|
stack
|
page read and write
|
||
|
597137F000
|
stack
|
page read and write
|
||
|
38EE000
|
stack
|
page read and write
|
||
|
228C000
|
direct allocation
|
page read and write
|
||
|
16EE000
|
stack
|
page read and write
|
||
|
17D83F13000
|
heap
|
page read and write
|
||
|
10010000
|
direct allocation
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
1AA71C19000
|
heap
|
page read and write
|
||
|
72E000
|
stack
|
page read and write
|
||
|
1BBA6A3C000
|
heap
|
page read and write
|
||
|
1BBA73CB000
|
heap
|
page read and write
|
||
|
17D83BC0000
|
heap
|
page read and write
|
||
|
264969F0000
|
heap
|
page read and write
|
||
|
1AA718A0000
|
heap
|
page read and write
|
||
|
1BBA7322000
|
heap
|
page read and write
|
||
|
43F7000
|
heap
|
page read and write
|
||
|
BCAC37C000
|
stack
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
787000
|
heap
|
page read and write
|
||
|
1E205860000
|
heap
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
10E49AC000
|
stack
|
page read and write
|
||
|
1BBA68D0000
|
heap
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
799000
|
heap
|
page read and write
|
||
|
4A77000
|
direct allocation
|
page read and write
|
||
|
2255000
|
heap
|
page read and write
|
||
|
169C000
|
heap
|
page read and write
|
||
|
3190000
|
direct allocation
|
page read and write
|
||
|
2121FA5B000
|
heap
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
1BBA73B2000
|
heap
|
page read and write
|
||
|
24CEBC2F000
|
heap
|
page read and write
|
||
|
E20CFE000
|
stack
|
page read and write
|
||
|
24CEBC38000
|
heap
|
page read and write
|
||
|
2268000
|
direct allocation
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
255A0502000
|
heap
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
4980000
|
direct allocation
|
page read and write
|
||
|
184000
|
unkown
|
page readonly
|
||
|
2278000
|
direct allocation
|
page read and write
|
||
|
24CEBBF0000
|
trusted library allocation
|
page read and write
|
||
|
255A0482000
|
heap
|
page read and write
|
||
|
1BBA6A91000
|
heap
|
page read and write
|
||
|
24CEBC64000
|
heap
|
page read and write
|
||
|
1DB7E200000
|
heap
|
page read and write
|
||
|
1AA72820000
|
trusted library allocation
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
42E5000
|
heap
|
page read and write
|
||
|
29AE97F000
|
stack
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
2121F8F0000
|
heap
|
page read and write
|
||
|
255A0400000
|
heap
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
9F580EB000
|
stack
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
B5542FF000
|
stack
|
page read and write
|
||
|
BCAC07F000
|
stack
|
page read and write
|
||
|
43F7000
|
heap
|
page read and write
|
||
|
43F7000
|
heap
|
page read and write
|
||
|
B553BFA000
|
stack
|
page read and write
|
||
|
B553FFA000
|
stack
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
1BBA6A90000
|
heap
|
page read and write
|
||
|
31A0000
|
direct allocation
|
page read and write
|
||
|
255A01A0000
|
heap
|
page read and write
|
||
|
43F7000
|
heap
|
page read and write
|
||
|
2121FA57000
|
heap
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page write copy
|
||
|
98E000
|
stack
|
page read and write
|
||
|
26496A3D000
|
heap
|
page read and write
|
||
|
7AF000
|
heap
|
page read and write
|
||
|
B5537DC000
|
stack
|
page read and write
|
||
|
3B6E000
|
stack
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
22C0000
|
direct allocation
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
38A0000
|
trusted library allocation
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
4362000
|
heap
|
page read and write
|
||
|
E20DFE000
|
stack
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
1E2059D0000
|
trusted library allocation
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
2280000
|
direct allocation
|
page read and write
|
||
|
1AA71B80000
|
trusted library allocation
|
page read and write
|
||
|
42F0000
|
heap
|
page read and write
|
||
|
10000000
|
direct allocation
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
674D8FC000
|
stack
|
page read and write
|
||
|
674D5FB000
|
stack
|
page read and write
|
||
|
17D83E3F000
|
heap
|
page read and write
|
||
|
255A1E02000
|
trusted library allocation
|
page read and write
|
||
|
1DB7E1A0000
|
heap
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
2121FA66000
|
heap
|
page read and write
|
||
|
2121F900000
|
heap
|
page read and write
|
||
|
1DB7E990000
|
remote allocation
|
page read and write
|
||
|
674D87F000
|
stack
|
page read and write
|
||
|
43F7000
|
heap
|
page read and write
|
||
|
15B0000
|
heap
|
page read and write
|
||
|
4333000
|
heap
|
page read and write
|
||
|
498000
|
unkown
|
page read and write
|
||
|
1890000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
26496A24000
|
heap
|
page read and write
|
||
|
9F585F9000
|
stack
|
page read and write
|
||
|
243DC7E000
|
stack
|
page read and write
|
||
|
182000
|
unkown
|
page write copy
|
||
|
12AE000
|
unkown
|
page execute and write copy
|
||
|
43F5000
|
heap
|
page read and write
|
||
|
1BBA6A55000
|
heap
|
page read and write
|
||
|
B553D7F000
|
stack
|
page read and write
|
||
|
38A0000
|
trusted library allocation
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
674DD7D000
|
stack
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
43F7000
|
heap
|
page read and write
|
||
|
674D9FE000
|
stack
|
page read and write
|
||
|
17EF000
|
stack
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
37A0000
|
heap
|
page read and write
|
||
|
2121F990000
|
trusted library allocation
|
page read and write
|
||
|
1BBA6A00000
|
heap
|
page read and write
|
||
|
BCAC57E000
|
stack
|
page read and write
|
||
|
1BBA6A89000
|
heap
|
page read and write
|
||
|
B55427E000
|
stack
|
page read and write
|
||
|
17C000
|
unkown
|
page readonly
|
||
|
20E1000
|
direct allocation
|
page read and write
|
||
|
170000
|
unkown
|
page readonly
|
||
|
4AA000
|
unkown
|
page readonly
|
||
|
26496ACD000
|
heap
|
page read and write
|
||
|
1DB7E990000
|
remote allocation
|
page read and write
|
||
|
1AA719F7000
|
heap
|
page read and write
|
||
|
2121FA7E000
|
heap
|
page read and write
|
||
|
38A0000
|
trusted library allocation
|
page read and write
|
||
|
E2117D000
|
stack
|
page read and write
|
||
|
1DB7E190000
|
heap
|
page read and write
|
||
|
4333000
|
heap
|
page read and write
|
||
|
595000
|
heap
|
page read and write
|
||
|
26496A2A000
|
heap
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
255A044E000
|
heap
|
page read and write
|
||
|
3190000
|
direct allocation
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
1DB7E3D0000
|
trusted library allocation
|
page read and write
|
||
|
2121FA6E000
|
heap
|
page read and write
|
||
|
1BBA73C7000
|
heap
|
page read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
3DAF000
|
stack
|
page read and write
|
||
|
344F000
|
stack
|
page read and write
|
||
|
1BBA6970000
|
trusted library allocation
|
page read and write
|
||
|
49C000
|
unkown
|
page write copy
|
||
|
1BBA7427000
|
heap
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
3E1E000
|
stack
|
page read and write
|
||
|
1665000
|
heap
|
page read and write
|
||
|
1AA72800000
|
heap
|
page readonly
|
||
|
9C000
|
stack
|
page read and write
|
||
|
255A0475000
|
heap
|
page read and write
|
||
|
255A03E0000
|
remote allocation
|
page read and write
|
||
|
E20F7E000
|
stack
|
page read and write
|
||
|
1BBA6A84000
|
heap
|
page read and write
|
||
|
43F3000
|
heap
|
page read and write
|
||
|
1BBA736F000
|
heap
|
page read and write
|
||
|
2121FA65000
|
heap
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
1420000
|
heap
|
page read and write
|
||
|
43F3000
|
heap
|
page read and write
|
||
|
2121FA6C000
|
heap
|
page read and write
|
||
|
1E2058D0000
|
heap
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
E2079C000
|
stack
|
page read and write
|
||
|
2121FA59000
|
heap
|
page read and write
|
||
|
43F3000
|
heap
|
page read and write
|
||
|
1DB7E440000
|
heap
|
page read and write
|
||
|
78A000
|
heap
|
page read and write
|
||
|
39EF000
|
stack
|
page read and write
|
||
|
2360000
|
direct allocation
|
page execute and read and write
|
||
|
243DF7F000
|
stack
|
page read and write
|
||
|
1AA725D0000
|
trusted library allocation
|
page read and write
|
||
|
1AA719FF000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
43F3000
|
heap
|
page read and write
|
||
|
1E205A8A000
|
heap
|
page read and write
|
||
|
674DB7C000
|
stack
|
page read and write
|
||
|
17D83DF0000
|
trusted library allocation
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
3DC0000
|
heap
|
page read and write
|
||
|
43F3000
|
heap
|
page read and write
|
||
|
10E507E000
|
stack
|
page read and write
|
||
|
787000
|
heap
|
page read and write
|
||
|
41AE000
|
stack
|
page read and write
|
||
|
1ED000
|
stack
|
page read and write
|
||
|
17D83BB0000
|
heap
|
page read and write
|
||
|
BCAC67D000
|
stack
|
page read and write
|
||
|
2121FA76000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
2121FA75000
|
heap
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
43F7000
|
heap
|
page read and write
|
||
|
37A1000
|
heap
|
page read and write
|
||
|
2121FA58000
|
heap
|
page read and write
|
||
|
BCABAFB000
|
stack
|
page read and write
|
||
|
2121FA00000
|
heap
|
page read and write
|
||
|
791000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
2280000
|
direct allocation
|
page read and write
|
There are 593 hidden memdumps, click here to show them.