Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\Program Files (x86)\FgasoftFR\FinalRecovery\Preview.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\FgasoftFR\FinalRecovery\finalrecovery.exe
|
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
modified
|
||
C:\Program Files (x86)\FgasoftFR\FinalRecovery\is-H9OSH.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\FgasoftFR\FinalRecovery\is-J1RPT.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\FgasoftFR\FinalRecovery\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-J872N.tmp\_isetup\_RegDLL.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-J872N.tmp\_isetup\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-J872N.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-P0SS2.tmp\file.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Roaming\{e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}\wEQg8.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\FgasoftFR\FinalRecovery\Readme.txt (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Program Files (x86)\FgasoftFR\FinalRecovery\data\Config.xml (copy)
|
XML 1.0 document, ASCII text, with very long lines (5978), with CRLF line terminators
|
dropped
|
||
C:\Program Files (x86)\FgasoftFR\FinalRecovery\data\is-CFA7P.tmp
|
XML 1.0 document, ASCII text, with very long lines (5978), with CRLF line terminators
|
dropped
|
||
C:\Program Files (x86)\FgasoftFR\FinalRecovery\finalrecovery.chm (copy)
|
MS Windows HtmlHelp Data
|
dropped
|
||
C:\Program Files (x86)\FgasoftFR\FinalRecovery\is-13C1Q.tmp
|
data
|
dropped
|
||
C:\Program Files (x86)\FgasoftFR\FinalRecovery\is-6R8AD.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Program Files (x86)\FgasoftFR\FinalRecovery\is-I8MHH.tmp
|
MS Windows HtmlHelp Data
|
dropped
|
||
C:\Program Files (x86)\FgasoftFR\FinalRecovery\unins000.dat
|
InnoSetup Log FgasoftFR FinalRecovery, version 0x30, 4340 bytes, 701188\user, "C:\Program Files (x86)\FgasoftFR\FinalRecovery"
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\fuckingdllENCR[1].dll
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\stuk[1].htm
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\dll[1].htm
|
very short file (no magic)
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\dll[1].htm
|
very short file (no magic)
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\plus[1].htm
|
very short file (no magic)
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-J872N.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
There are 15 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\file.exe
|
C:\Users\user\Desktop\file.exe
|
||
C:\Users\user\AppData\Local\Temp\is-P0SS2.tmp\file.tmp
|
"C:\Users\user\AppData\Local\Temp\is-P0SS2.tmp\file.tmp" /SL5="$4025C,1578849,54272,C:\Users\user\Desktop\file.exe"
|
||
C:\Program Files (x86)\FgasoftFR\FinalRecovery\finalrecovery.exe
|
"C:\Program Files (x86)\FgasoftFR\FinalRecovery\finalrecovery.exe"
|
||
C:\Users\user\AppData\Roaming\{e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}\wEQg8.exe
|
|
||
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c taskkill /im "finalrecovery.exe" /f & erase "C:\Program Files (x86)\FgasoftFR\FinalRecovery\finalrecovery.exe"
& exit
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\SysWOW64\taskkill.exe
|
taskkill /im "finalrecovery.exe" /f
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://45.12.253.72/default/stuk.php
|
45.12.253.72
|
||
http://45.12.253.56/advertisting/plus.php?s=NOSUB&str=mixtwo&substr=mixinte
|
45.12.253.56
|
||
http://45.12.253.72/default/puk.php
|
45.12.253.72
|
||
http://45.12.253.75/dll.php
|
45.12.253.75
|
||
http://45.12.253.75/dll.phpc
|
unknown
|
||
http://www.innosetup.com/
|
unknown
|
||
http://45.12.253.75/dll.phpd
|
unknown
|
||
http://www.remobjects.com/psU
|
unknown
|
||
http://45.12.253.75/dll.phpK
|
unknown
|
||
http://45.12.253.75/dll.phpL
|
unknown
|
||
http://45.12
|
unknown
|
||
http://45.12.253.75/dll.phpi
|
unknown
|
||
http://45.12.253.75/dll.phpQ
|
unknown
|
||
http://45.12.253.75/dll.phprl
|
unknown
|
||
http://www.finalrecovery.com/buy.htm
|
unknown
|
||
http://45.12.253.56/advertisting/plus.php?s=NOSUB&str=mixtwo&substr=mixinteY
|
unknown
|
||
http://45.12.253.75/dll.phpr
|
unknown
|
||
http://www.remobjects.com/ps
|
unknown
|
||
http://nbafrog.com/
|
unknown
|
||
http://nbafrog.com/.
|
unknown
|
||
http://45.12.253.56/advertisting/plus.php?s=NOSUB&str=mixtwo&substr=mixinteeF
|
unknown
|
||
http://45.12.253.72/default/stuk.php2N
|
unknown
|
||
http://45.12.253.75/dll.phpx
|
unknown
|
There are 13 hidden URLs, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
45.12.253.72
|
unknown
|
Germany
|
||
45.12.253.75
|
unknown
|
Germany
|
||
45.12.253.98
|
unknown
|
Germany
|
||
45.12.253.56
|
unknown
|
Germany
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
Inno Setup: Setup Version
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
Inno Setup: App Path
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
InstallLocation
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
Inno Setup: Icon Group
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
Inno Setup: User
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
Inno Setup: Language
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
DisplayName
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
DisplayIcon
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
UninstallString
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
QuietUninstallString
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
Publisher
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
URLInfoAbout
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
HelpLink
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
URLUpdateInfo
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
NoModify
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
NoRepair
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
InstallDate
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
|
EstimatedSize
|
There are 8 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
19A0000
|
direct allocation
|
page read and write
|
||
400000
|
unkown
|
page execute and read and write
|
||
14A4000
|
heap
|
page read and write
|
||
2213BE76000
|
heap
|
page read and write
|
||
15EE000
|
stack
|
page read and write
|
||
3B6E000
|
stack
|
page read and write
|
||
3F1C000
|
stack
|
page read and write
|
||
1CE0D413000
|
heap
|
page read and write
|
||
1F7BD918000
|
heap
|
page read and write
|
||
2B0EFB02000
|
heap
|
page read and write
|
||
54F000
|
heap
|
page read and write
|
||
4F0000
|
heap
|
page read and write
|
||
4EDD000
|
direct allocation
|
page read and write
|
||
5B0000
|
heap
|
page read and write
|
||
531000
|
heap
|
page read and write
|
||
18F000
|
stack
|
page read and write
|
||
547000
|
heap
|
page read and write
|
||
38A0000
|
trusted library allocation
|
page read and write
|
||
1F7BF440000
|
trusted library allocation
|
page read and write
|
||
2B0EFA49000
|
heap
|
page read and write
|
||
498000
|
unkown
|
page read and write
|
||
2203C675000
|
heap
|
page read and write
|
||
A80000
|
heap
|
page read and write
|
||
2B0EFA7A000
|
heap
|
page read and write
|
||
2B0EF7D0000
|
heap
|
page read and write
|
||
14A4000
|
heap
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
2F1000
|
unkown
|
page execute read
|
||
2203C613000
|
heap
|
page read and write
|
||
1857AA00000
|
heap
|
page read and write
|
||
37B0000
|
heap
|
page read and write
|
||
2E9037E000
|
stack
|
page read and write
|
||
179B000
|
heap
|
page read and write
|
||
1F7BD85F000
|
heap
|
page read and write
|
||
179D000
|
heap
|
page read and write
|
||
2F1000
|
unkown
|
page execute read
|
||
37A1000
|
heap
|
page read and write
|
||
235C5400000
|
heap
|
page read and write
|
||
2213BD00000
|
heap
|
page read and write
|
||
2B0EFA40000
|
heap
|
page read and write
|
||
12B5000
|
unkown
|
page execute and write copy
|
||
235C5424000
|
heap
|
page read and write
|
||
20883E57000
|
heap
|
page read and write
|
||
52D000
|
heap
|
page read and write
|
||
2B0EFA76000
|
heap
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
99B7B7D000
|
stack
|
page read and write
|
||
14A4000
|
heap
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
1F7BD902000
|
heap
|
page read and write
|
||
718D96B000
|
stack
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
4C0000
|
heap
|
page read and write
|
||
2E9057C000
|
stack
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
1857A950000
|
heap
|
page read and write
|
||
2213BE59000
|
heap
|
page read and write
|
||
30000
|
heap
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
99B7D7F000
|
stack
|
page read and write
|
||
14A4000
|
heap
|
page read and write
|
||
22EF000
|
direct allocation
|
page read and write
|
||
2E8FF7F000
|
stack
|
page read and write
|
||
199F000
|
stack
|
page read and write
|
||
43F3000
|
heap
|
page read and write
|
||
AAF000
|
stack
|
page read and write
|
||
531000
|
heap
|
page read and write
|
||
52A000
|
heap
|
page read and write
|
||
86E000
|
stack
|
page read and write
|
||
2203C702000
|
heap
|
page read and write
|
||
2B0EFA13000
|
heap
|
page read and write
|
||
14A4000
|
heap
|
page read and write
|
||
1CE0D300000
|
heap
|
page read and write
|
||
2F0000
|
unkown
|
page readonly
|
||
DDC447F000
|
stack
|
page read and write
|
||
14A4000
|
heap
|
page read and write
|
||
49C000
|
unkown
|
page write copy
|
||
1CE0D400000
|
heap
|
page read and write
|
||
1746000
|
heap
|
page read and write
|
||
10000000
|
direct allocation
|
page read and write
|
||
1CE0D444000
|
heap
|
page read and write
|
||
2B0EFA58000
|
heap
|
page read and write
|
||
718DD7B000
|
stack
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
2213C7BE000
|
heap
|
page read and write
|
||
82F000
|
stack
|
page read and write
|
||
1857AABE000
|
heap
|
page read and write
|
||
EDD007F000
|
stack
|
page read and write
|
||
650000
|
heap
|
page read and write
|
||
2B0EF7E0000
|
heap
|
page read and write
|
||
2213C700000
|
heap
|
page read and write
|
||
2B0EFA5A000
|
heap
|
page read and write
|
||
2203C5D0000
|
trusted library allocation
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
14A4000
|
heap
|
page read and write
|
||
1690000
|
direct allocation
|
page read and write
|
||
2213C722000
|
heap
|
page read and write
|
||
10001000
|
unkown
|
page execute read
|
||
179A000
|
heap
|
page read and write
|
||
235C5A80000
|
trusted library allocation
|
page read and write
|
||
179D000
|
heap
|
page read and write
|
||
2213C792000
|
heap
|
page read and write
|
||
179D000
|
heap
|
page read and write
|
||
2FC000
|
unkown
|
page readonly
|
||
37A1000
|
heap
|
page read and write
|
||
1420000
|
heap
|
page read and write
|
||
DDC44FF000
|
stack
|
page read and write
|
||
235C5320000
|
heap
|
page read and write
|
||
BB0000
|
heap
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
2213BE92000
|
heap
|
page read and write
|
||
235C5AB0000
|
remote allocation
|
page read and write
|
||
DDC4AFE000
|
stack
|
page read and write
|
||
1857B202000
|
heap
|
page read and write
|
||
1857AA24000
|
heap
|
page read and write
|
||
1857AA86000
|
heap
|
page read and write
|
||
2203C713000
|
heap
|
page read and write
|
||
1490000
|
direct allocation
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
2B0EFA7D000
|
heap
|
page read and write
|
||
1CE0DC02000
|
trusted library allocation
|
page read and write
|
||
52934FB000
|
stack
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
2213BD10000
|
heap
|
page read and write
|
||
42E6000
|
heap
|
page read and write
|
||
1CE0D43A000
|
heap
|
page read and write
|
||
4362000
|
heap
|
page read and write
|
||
51F69FF000
|
stack
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
1CE0D402000
|
heap
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
718DEFE000
|
stack
|
page read and write
|
||
2213C827000
|
heap
|
page read and write
|
||
2213BE00000
|
heap
|
page read and write
|
||
14A4000
|
heap
|
page read and write
|
||
2213C802000
|
heap
|
page read and write
|
||
14A4000
|
heap
|
page read and write
|
||
331D000
|
stack
|
page read and write
|
||
539000
|
heap
|
page read and write
|
||
498000
|
unkown
|
page write copy
|
||
10017000
|
direct allocation
|
page read and write
|
||
4AA000
|
unkown
|
page readonly
|
||
718E1FB000
|
stack
|
page read and write
|
||
1CE0D426000
|
heap
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
EDCF99E000
|
stack
|
page read and write
|
||
1546F79000
|
stack
|
page read and write
|
||
1771000
|
heap
|
page read and write
|
||
1F7BD83D000
|
heap
|
page read and write
|
||
5E0000
|
heap
|
page read and write
|
||
4308000
|
heap
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
3A2E000
|
stack
|
page read and write
|
||
1F7BF400000
|
trusted library allocation
|
page read and write
|
||
2280000
|
heap
|
page read and write
|
||
1F7BD85C000
|
heap
|
page read and write
|
||
10001000
|
direct allocation
|
page execute read
|
||
2213BE6E000
|
heap
|
page read and write
|
||
54F000
|
heap
|
page read and write
|
||
14A4000
|
heap
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
2B0F0002000
|
trusted library allocation
|
page read and write
|
||
406A000
|
stack
|
page read and write
|
||
99B7A7E000
|
stack
|
page read and write
|
||
718E17C000
|
stack
|
page read and write
|
||
2510000
|
direct allocation
|
page read and write
|
||
2213BE8C000
|
heap
|
page read and write
|
||
14A4000
|
heap
|
page read and write
|
||
DDC4BFA000
|
stack
|
page read and write
|
||
1F7BD710000
|
heap
|
page read and write
|
||
39EF000
|
stack
|
page read and write
|
||
2213BE65000
|
heap
|
page read and write
|
||
54C000
|
heap
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
53D000
|
heap
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
12AE000
|
unkown
|
page execute and write copy
|
||
2510000
|
direct allocation
|
page read and write
|
||
14A4000
|
heap
|
page read and write
|
||
2870000
|
trusted library allocation
|
page read and write
|
||
2213C702000
|
heap
|
page read and write
|
||
426A000
|
heap
|
page read and write
|
||
2E8FDFD000
|
stack
|
page read and write
|
||
51F6BFD000
|
stack
|
page read and write
|
||
20883DF0000
|
trusted library allocation
|
page read and write
|
||
2B0EFA2D000
|
heap
|
page read and write
|
||
341F000
|
stack
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
1F7BD86F000
|
heap
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
22EC000
|
direct allocation
|
page read and write
|
||
22E0000
|
direct allocation
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
1F7BD885000
|
heap
|
page read and write
|
||
2B0EFA2F000
|
heap
|
page read and write
|
||
2120000
|
direct allocation
|
page read and write
|
||
2B0EFA3D000
|
heap
|
page read and write
|
||
22E0000
|
direct allocation
|
page read and write
|
||
1857B313000
|
heap
|
page read and write
|
||
1F7BD8A0000
|
heap
|
page read and write
|
||
14A4000
|
heap
|
page read and write
|
||
20883E00000
|
heap
|
page read and write
|
||
14A4000
|
heap
|
page read and write
|
||
20883E76000
|
heap
|
page read and write
|
||
1857A8E0000
|
heap
|
page read and write
|
||
1F7BD6A0000
|
heap
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
20883E24000
|
heap
|
page read and write
|
||
235C5AB0000
|
remote allocation
|
page read and write
|
||
2203C600000
|
heap
|
page read and write
|
||
1857AA3E000
|
heap
|
page read and write
|
||
30000
|
heap
|
page read and write
|
||
3DC0000
|
heap
|
page read and write
|
||
1CE0D452000
|
heap
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
2B0EFA82000
|
heap
|
page read and write
|
||
4333000
|
heap
|
page read and write
|
||
10010000
|
direct allocation
|
page readonly
|
||
51F6AFD000
|
stack
|
page read and write
|
||
31A0000
|
heap
|
page read and write
|
||
2B0EFA64000
|
heap
|
page read and write
|
||
3CAE000
|
stack
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
2320000
|
direct allocation
|
page read and write
|
||
41AE000
|
stack
|
page read and write
|
||
235C5402000
|
heap
|
page read and write
|
||
2B0EFA79000
|
heap
|
page read and write
|
||
235C52C0000
|
heap
|
page read and write
|
||
14A4000
|
heap
|
page read and write
|
||
1F7BD82A000
|
heap
|
page read and write
|
||
3F6E000
|
stack
|
page read and write
|
||
DDC467F000
|
stack
|
page read and write
|
||
4333000
|
heap
|
page read and write
|
||
1A00000
|
direct allocation
|
page read and write
|
||
EDCFC7E000
|
stack
|
page read and write
|
||
2213C754000
|
heap
|
page read and write
|
||
2750000
|
heap
|
page read and write
|
||
52935FB000
|
stack
|
page read and write
|
||
96F000
|
stack
|
page read and write
|
||
BBA000
|
heap
|
page read and write
|
||
40AE000
|
stack
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
4315000
|
heap
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
14A4000
|
heap
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
2213BDA0000
|
trusted library allocation
|
page read and write
|
||
52933FB000
|
stack
|
page read and write
|
||
2B0EFA26000
|
heap
|
page read and write
|
||
411000
|
unkown
|
page readonly
|
||
20883E13000
|
heap
|
page read and write
|
||
2213C830000
|
heap
|
page read and write
|
||
AF0000
|
heap
|
page read and write
|
||
10019000
|
direct allocation
|
page read and write
|
||
189F000
|
stack
|
page read and write
|
||
2220000
|
heap
|
page read and write
|
||
2213BE13000
|
heap
|
page read and write
|
||
1F7BD86F000
|
heap
|
page read and write
|
||
51F66FE000
|
stack
|
page read and write
|
||
2213C7B0000
|
heap
|
page read and write
|
||
2203C63F000
|
heap
|
page read and write
|
||
22B9000
|
heap
|
page read and write
|
||
51F677E000
|
stack
|
page read and write
|
||
2213BE43000
|
heap
|
page read and write
|
||
1F7BF800000
|
remote allocation
|
page read and write
|
||
1272000
|
unkown
|
page readonly
|
||
1F7BF800000
|
remote allocation
|
page read and write
|
||
1857AA13000
|
heap
|
page read and write
|
||
4F0000
|
heap
|
page read and write
|
||
16AA000
|
heap
|
page read and write
|
||
2213C722000
|
heap
|
page read and write
|
||
20883F02000
|
heap
|
page read and write
|
||
154717F000
|
stack
|
page read and write
|
||
43F4000
|
heap
|
page read and write
|
||
2B0EFA00000
|
heap
|
page read and write
|
||
31E1000
|
heap
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
31A0000
|
direct allocation
|
page read and write
|
||
43F3000
|
heap
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
2B0EFA5C000
|
heap
|
page read and write
|
||
1857AA8B000
|
heap
|
page read and write
|
||
95D000
|
stack
|
page read and write
|
||
2213BDC0000
|
trusted library allocation
|
page read and write
|
||
1857AACD000
|
heap
|
page read and write
|
||
43F3000
|
heap
|
page read and write
|
||
51F647B000
|
stack
|
page read and write
|
||
B40000
|
heap
|
page read and write
|
||
20883DC0000
|
heap
|
page read and write
|
||
2203C65A000
|
heap
|
page read and write
|
||
5292E9B000
|
stack
|
page read and write
|
||
14A4000
|
heap
|
page read and write
|
||
EDCF91B000
|
stack
|
page read and write
|
||
2213C800000
|
heap
|
page read and write
|
||
2213BE74000
|
heap
|
page read and write
|
||
10000000
|
unkown
|
page readonly
|
||
2290000
|
heap
|
page read and write
|
||
14A4000
|
heap
|
page read and write
|
||
235C5502000
|
heap
|
page read and write
|
||
235C5440000
|
heap
|
page read and write
|
||
DDC477B000
|
stack
|
page read and write
|
||
2213BD70000
|
heap
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
99B807E000
|
stack
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
85D000
|
stack
|
page read and write
|
||
2203C629000
|
heap
|
page read and write
|
||
38A0000
|
trusted library allocation
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
16A0000
|
heap
|
page read and write
|
||
1F7BF1B0000
|
trusted library allocation
|
page read and write
|
||
1F7BF1D0000
|
trusted library allocation
|
page read and write
|
||
41AC000
|
stack
|
page read and write
|
||
1CE0D447000
|
heap
|
page read and write
|
||
22E0000
|
direct allocation
|
page read and write
|
||
99B7F7F000
|
stack
|
page read and write
|
||
57E000
|
stack
|
page read and write
|
||
688000
|
heap
|
page read and write
|
||
99B7C7E000
|
stack
|
page read and write
|
||
2213BE92000
|
heap
|
page read and write
|
||
1CE0D42A000
|
heap
|
page read and write
|
||
46E000
|
unkown
|
page readonly
|
||
154707E000
|
stack
|
page read and write
|
||
551000
|
heap
|
page read and write
|
||
1CE0D43C000
|
heap
|
page read and write
|
||
162E000
|
stack
|
page read and write
|
||
337F000
|
stack
|
page read and write
|
||
99B7E7F000
|
stack
|
page read and write
|
||
3F1E000
|
stack
|
page read and write
|
||
718E3FE000
|
stack
|
page read and write
|
||
99B734C000
|
stack
|
page read and write
|
||
97F000
|
stack
|
page read and write
|
||
1857AB02000
|
heap
|
page read and write
|
||
3DAF000
|
stack
|
page read and write
|
||
1857AA70000
|
heap
|
page read and write
|
||
3E1E000
|
stack
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
179D000
|
heap
|
page read and write
|
||
2203C460000
|
heap
|
page read and write
|
||
2B0EFA57000
|
heap
|
page read and write
|
||
43F3000
|
heap
|
page read and write
|
||
1782000
|
heap
|
page read and write
|
||
20883F00000
|
heap
|
page read and write
|
||
2F0000
|
unkown
|
page readonly
|
||
1F7BD85F000
|
heap
|
page read and write
|
||
43F3000
|
heap
|
page read and write
|
||
2FC000
|
unkown
|
page readonly
|
||
51F697D000
|
stack
|
page read and write
|
||
22B0000
|
heap
|
page read and write
|
||
2213BE3C000
|
heap
|
page read and write
|
||
1790000
|
heap
|
page read and write
|
||
1F7BD87C000
|
heap
|
page read and write
|
||
179D000
|
heap
|
page read and write
|
||
2B0EFA7C000
|
heap
|
page read and write
|
||
522000
|
heap
|
page read and write
|
||
42F0000
|
heap
|
page read and write
|
||
20883D60000
|
heap
|
page read and write
|
||
718DFFF000
|
stack
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
1F7BF202000
|
trusted library allocation
|
page read and write
|
||
52936FE000
|
stack
|
page read and write
|
||
2213C743000
|
heap
|
page read and write
|
||
2213BFB9000
|
heap
|
page read and write
|
||
304000
|
unkown
|
page readonly
|
||
40D000
|
unkown
|
page write copy
|
||
33BE000
|
stack
|
page read and write
|
||
2E9017E000
|
stack
|
page read and write
|
||
455E000
|
stack
|
page read and write
|
||
2213BE22000
|
heap
|
page read and write
|
||
3C6F000
|
stack
|
page read and write
|
||
EDCFF7F000
|
stack
|
page read and write
|
||
22C0000
|
direct allocation
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
2213C813000
|
heap
|
page read and write
|
||
327E000
|
stack
|
page read and write
|
||
2138000
|
direct allocation
|
page read and write
|
||
235C5451000
|
heap
|
page read and write
|
||
2B0EF840000
|
heap
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
37A1000
|
heap
|
page read and write
|
||
2B0EFA4E000
|
heap
|
page read and write
|
||
14A4000
|
heap
|
page read and write
|
||
2320000
|
direct allocation
|
page read and write
|
||
2213BFE5000
|
heap
|
page read and write
|
||
718E5FF000
|
stack
|
page read and write
|
||
2203C470000
|
heap
|
page read and write
|
||
19C000
|
stack
|
page read and write
|
||
1857AA2A000
|
heap
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
1660000
|
direct allocation
|
page read and write
|
||
DDC49FF000
|
stack
|
page read and write
|
||
235C5C02000
|
trusted library allocation
|
page read and write
|
||
199000
|
stack
|
page read and write
|
||
99B777B000
|
stack
|
page read and write
|
||
2213BE6A000
|
heap
|
page read and write
|
||
2213BF13000
|
heap
|
page read and write
|
||
2B0EFA5E000
|
heap
|
page read and write
|
||
235C5AB0000
|
remote allocation
|
page read and write
|
||
34BF000
|
stack
|
page read and write
|
||
680000
|
heap
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
20883E02000
|
heap
|
page read and write
|
||
1857B300000
|
heap
|
page read and write
|
||
2B0EFA45000
|
heap
|
page read and write
|
||
1CE0D42E000
|
heap
|
page read and write
|
||
235C5413000
|
heap
|
page read and write
|
||
539000
|
heap
|
page read and write
|
||
2B0EFA46000
|
heap
|
page read and write
|
||
411000
|
unkown
|
page readonly
|
||
718E4FD000
|
stack
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
2203CE02000
|
trusted library allocation
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
20883D50000
|
heap
|
page read and write
|
||
2203C602000
|
heap
|
page read and write
|
||
1546C7B000
|
stack
|
page read and write
|
||
3220000
|
direct allocation
|
page read and write
|
||
43F3000
|
heap
|
page read and write
|
||
302000
|
unkown
|
page read and write
|
||
38A0000
|
trusted library allocation
|
page read and write
|
||
1F7BF800000
|
remote allocation
|
page read and write
|
||
22E5000
|
direct allocation
|
page read and write
|
||
99B787F000
|
stack
|
page read and write
|
||
2E8F9AB000
|
stack
|
page read and write
|
||
14A4000
|
heap
|
page read and write
|
||
DDC47F9000
|
stack
|
page read and write
|
||
9AE000
|
stack
|
page read and write
|
||
2B0EFFA0000
|
trusted library allocation
|
page read and write
|
||
302000
|
unkown
|
page write copy
|
||
2B0EFA73000
|
heap
|
page read and write
|
||
2203C677000
|
heap
|
page read and write
|
||
DDC40FC000
|
stack
|
page read and write
|
||
2213C76F000
|
heap
|
page read and write
|
||
179D000
|
heap
|
page read and write
|
||
2520000
|
heap
|
page read and write
|
||
14A4000
|
heap
|
page read and write
|
||
2213BE2A000
|
heap
|
page read and write
|
||
2131000
|
direct allocation
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
20883E3C000
|
heap
|
page read and write
|
||
2B0EFA42000
|
heap
|
page read and write
|
||
20884602000
|
trusted library allocation
|
page read and write
|
||
43F3000
|
heap
|
page read and write
|
||
2B0EFA29000
|
heap
|
page read and write
|
||
14A4000
|
heap
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
718E07C000
|
stack
|
page read and write
|
||
179D000
|
heap
|
page read and write
|
||
20883F13000
|
heap
|
page read and write
|
||
9C000
|
stack
|
page read and write
|
||
2203C4D0000
|
heap
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
2213C602000
|
heap
|
page read and write
|
||
4E10000
|
direct allocation
|
page read and write
|
||
DDC48FA000
|
stack
|
page read and write
|
||
43F3000
|
heap
|
page read and write
|
||
1630000
|
direct allocation
|
page read and write
|
||
2524000
|
heap
|
page read and write
|
||
2E9027C000
|
stack
|
page read and write
|
||
1857AACF000
|
heap
|
page read and write
|
||
14A4000
|
heap
|
page read and write
|
||
30000
|
heap
|
page read and write
|
||
51F6C7F000
|
stack
|
page read and write
|
||
32D0000
|
direct allocation
|
page read and write
|
||
22D8000
|
direct allocation
|
page read and write
|
||
1CE0D502000
|
heap
|
page read and write
|
||
37A0000
|
heap
|
page read and write
|
||
43F3000
|
heap
|
page read and write
|
||
452000
|
unkown
|
page execute and read and write
|
||
1CE0D390000
|
trusted library allocation
|
page read and write
|
||
14A4000
|
heap
|
page read and write
|
||
1F7BD86C000
|
heap
|
page read and write
|
||
235C542A000
|
heap
|
page read and write
|
||
20883E68000
|
heap
|
page read and write
|
||
2B0EFA32000
|
heap
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
31A0000
|
direct allocation
|
page read and write
|
||
2213BF8E000
|
heap
|
page read and write
|
||
1CE0D310000
|
heap
|
page read and write
|
||
2213BE2C000
|
heap
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
4311000
|
heap
|
page read and write
|
||
20883E7A000
|
heap
|
page read and write
|
||
1857A980000
|
trusted library allocation
|
page read and write
|
||
14A4000
|
heap
|
page read and write
|
||
4640000
|
heap
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
2B0EFA78000
|
heap
|
page read and write
|
||
14A4000
|
heap
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
51F687E000
|
stack
|
page read and write
|
||
655000
|
heap
|
page read and write
|
||
38EE000
|
stack
|
page read and write
|
||
53D000
|
heap
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
179D000
|
heap
|
page read and write
|
||
1CE0D360000
|
heap
|
page read and write
|
||
14A4000
|
heap
|
page read and write
|
||
2131000
|
direct allocation
|
page read and write
|
||
14A0000
|
heap
|
page read and write
|
||
2B0EFA67000
|
heap
|
page read and write
|
||
14A4000
|
heap
|
page read and write
|
||
718E2FD000
|
stack
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
2B0EFA74000
|
heap
|
page read and write
|
||
97000
|
stack
|
page read and write
|
||
2250000
|
direct allocation
|
page execute and read and write
|
||
2213C7C6000
|
heap
|
page read and write
|
||
2B0EFA60000
|
heap
|
page read and write
|
||
99B797C000
|
stack
|
page read and write
|
||
EDCFE7E000
|
stack
|
page read and write
|
||
2213C823000
|
heap
|
page read and write
|
||
1F7BD813000
|
heap
|
page read and write
|
||
1F7BD84E000
|
heap
|
page read and write
|
||
1F7BD800000
|
heap
|
page read and write
|
||
1F7BD6B0000
|
heap
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
9C000
|
stack
|
page read and write
|
||
1F7BD913000
|
heap
|
page read and write
|
||
37A1000
|
heap
|
page read and write
|
||
1A20000
|
heap
|
page read and write
|
||
2B0EFA6B000
|
heap
|
page read and write
|
||
4362000
|
heap
|
page read and write
|
||
4AA000
|
unkown
|
page readonly
|
||
12CD000
|
unkown
|
page execute and write copy
|
||
2B0EFA5F000
|
heap
|
page read and write
|
||
474C000
|
stack
|
page read and write
|
||
2E9007E000
|
stack
|
page read and write
|
||
179D000
|
heap
|
page read and write
|
||
62E000
|
stack
|
page read and write
|
||
40B000
|
unkown
|
page write copy
|
||
21E8000
|
direct allocation
|
page read and write
|
||
499000
|
unkown
|
page write copy
|
||
22C8000
|
direct allocation
|
page read and write
|
||
40B000
|
unkown
|
page read and write
|
||
1857A8F0000
|
heap
|
page read and write
|
||
235C52B0000
|
heap
|
page read and write
|
||
49A000
|
unkown
|
page read and write
|
||
2B0EFA3B000
|
heap
|
page read and write
|
||
3B2F000
|
stack
|
page read and write
|
||
43F3000
|
heap
|
page read and write
|
||
304000
|
unkown
|
page readonly
|
||
1857AB13000
|
heap
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
1857AAE2000
|
heap
|
page read and write
|
||
14A4000
|
heap
|
page read and write
|
||
22C7000
|
direct allocation
|
page read and write
|
||
22B5000
|
heap
|
page read and write
|
||
4FA000
|
heap
|
page read and write
|
||
10002000
|
unkown
|
page readonly
|
||
14A4000
|
heap
|
page read and write
|
||
2E9047E000
|
stack
|
page read and write
|
||
1F7BD900000
|
heap
|
page read and write
|
||
2213BE89000
|
heap
|
page read and write
|
||
551000
|
heap
|
page read and write
|
||
2B0EFA62000
|
heap
|
page read and write
|
||
551000
|
heap
|
page read and write
|
There are 551 hidden memdumps, click here to show them.