IOC Report
SecuriteInfo.com.Trojan.MulDrop6.37997.13737.11745.exe

loading gifFilesProcessesURLsRegistryMemdumps8642010010Label

Files

File Path
Type
Category
Malicious
Download
SecuriteInfo.com.Trojan.MulDrop6.37997.13737.11745.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\Desktop\superec.ProcessMemory.sys
PE32 executable (native) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\USOShared\Logs\System\UpdateSessionOrchestration.969f2df2-1619-4b94-ac55-63d622aba98a.1.etl
data
dropped
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
Unicode text, UTF-16, little-endian text, with CRLF line terminators
modified

Processes

Path
Cmdline
Malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p
 malicious
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop6.37997.13737.11745.exe
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop6.37997.13737.11745.exe
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k wsappx -p -s ClipSVC
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
 malicious
C:\Windows\System32\SgrmBroker.exe
C:\Windows\system32\SgrmBroker.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 1 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://login.microsoftonline.com/ppsecure/deviceremovecredential.srfen
unknown
http://schemas.mi
unknown
http://schemas.xmlsoap.org/ws/2005/02/screset
unknown
https://dev.ditu.live.com/REST/v1/Routes/
unknown
https://dev.virtualearth.net/REST/v1/Routes/Driving
unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
unknown
https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf:CLSID
unknown
https://login.microsoftonline.com/ppsecure/deviceremovecredential.srf
unknown
https://login.microsoftonline.com/ppsecure/DeviceQuery.srf
unknown
http://www.360.cn/
unknown
https://dev.virtualearth.net/REST/v1/Routes/Walking
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust
unknown
https://login.microsoftonline.com/ppsecure/ResolveUser.srf
unknown
http://schemas.xmlsoap.org/ws/2005/02/scf
unknown
http://schemas.xmlsoap.org/ws/2005/02/scult
unknown
https://login.microsoftonline.com/MSARST2.srf
unknown
http://standards.iso.org/iso/19770/-2/2009/schema.xsd
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdA
unknown
https://dev.ditu.live.com/mapcontrol/logging.ashx
unknown
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
unknown
https://login.microsoftonline.com/ppsecure/DeviceQuery.srf-
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
unknown
https://dev.virtualearth.net/REST/v1/Transit/Schedules/
unknown
http://Passport.NET/STS</ds:KeyName></ds:KeyInfo><CipherDa
unknown
https://login.microsoftonline.com/ppsecure/devicechangecredential.srf
unknown
https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf.
unknown
https://login.microsoftonline.com/ppsecure/EnumerateDevices.srf
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
unknown
http://www.super-ec.cnhttp://wghai.com/echttp://qsyou.com/echttp://www.wghai.comhttp://bbs.wghai.com
unknown
https://account.live.com/InlineSignup.aspx?iww=1&id=80502
unknown
https://login.microsoftonline.com/ppsecure/devicechangecredential.srfMM
unknown
http://www.bingmapsportal.com
unknown
https://dev.virtualearth.net/REST/v1/Imagery/Copyright/
unknown
https://signup.live.com/signup.aspx
unknown
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80601
unknown
https://account.live.com/msangcwamwork
unknown
https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80603
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdst=
unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
unknown
http://schemas.xmlsoap.org/ws/2004/09/policy
unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
unknown
https://dev.ditu.live.com/REST/v1/Transit/Stops/
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80605
unknown
https://dev.virtualearth.net/REST/v1/Routes/
unknown
https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
unknown
https://login.microsoftonline.com/ppsecure/DeviceAssociate.srfJ
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80604
unknown
https://account.live.com/msangcwam
unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
unknown
https://dynamic.api.tiles.ditu.live.com/odvs/gri?pv=1&r=
unknown
https://login.microsoftonline.com/ppsecure/deviceaddmsacredential.srf
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdcuri
unknown
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
unknown
http://passport.net/tb
unknown
http://www.super-ec.cn
unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
unknown
https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf
unknown
https://dev.virtualearth.net/REST/v1/Locations
unknown
https://dev.ditu.live.com/REST/V1/MapControlConfiguration/native/
unknown
https://dev.virtualearth.net/mapcontrol/logging.ashx
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdxmlns:
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
unknown
https://login.microsoftonline.com/ppsecure/DeviceAssociate.srf
unknown
https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
unknown
https://account.live.com/Wizard/Password/Change?id=80601
unknown
http://schemas.xmlsoap.org/ws/2005/02/sc
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80601
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80600
unknown
https://dynamic.t
unknown
https://dev.virtualearth.net/REST/v1/Routes/Transit
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAA
unknown
https://login.microsoftonline.com/ppsecure/DeviceUpdate.srf
unknown
https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
unknown
https://tiles.virtualearth.net/tiles/cmd/StreetSideBubbleMetaData?north=
unknown
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
unknown
http://www.360.cn
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80605
unknown
https://login.microsoftonline.com/ppsecure/deviceremovecredential.srfRE
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80603
unknown
https://dev.ditu.live.com/REST/v1/Locations
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80604
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
unknown
https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
unknown
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
unknown
There are 78 hidden URLs, click here to show them.

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
STATE
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
cval
 malicious
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Security
c688cf83-9945-5ff6-0e1e-1ff1f8a2ec9a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator
StartWorkerOnServiceStart
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator\Scheduler
Checking to see if mostack override has changed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator\Scheduler
CleanupUsoLogs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator\Scheduler
UsoCrmScan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates\2C85006A1A028BCC349DF23C474724C055FDE8B6
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates\B68D8F953E551914324E557E6164D68B9926650C
Blob
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
C:\Windows\system32,@elscore.dll,-2
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
C:\Windows\system32,@elscore.dll,-5
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
C:\Windows\system32,@elscore.dll,-4
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
C:\Windows\system32,@elscore.dll,-6
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
C:\Windows\system32,@elscore.dll,-10
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
C:\Windows\system32,@elscore.dll,-3
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
C:\Windows\system32,@elscore.dll,-7
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
C:\Windows\system32,@elscore.dll,-8
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
C:\Windows\system32,@elscore.dll,-9
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
C:\Windows\system32,@elscore.dll,-1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
Data
There are 12 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
Download
750000
heap
page read and write
1A658113000
heap
page read and write
BB305FE000
unkown
page readonly
24043928000
heap
page read and write
1A658176000
heap
page read and write
34561FE000
stack
page read and write
1A658159000
heap
page read and write
22054625000
heap
page read and write
2413E602000
heap
page read and write
1A6577C0000
trusted library allocation
page read and write
BB303FE000
unkown
page readonly
188FD66E000
heap
page read and write
1A6578E5000
heap
page read and write
2413E600000
heap
page read and write
24043650000
heap
page read and write
1A658611000
heap
page read and write
1A658155000
heap
page read and write
784A37B000
stack
page read and write
1C0000
unclassified section
page readonly
1A65815B000
heap
page read and write
240437B0000
remote allocation
page read and write
2314DC46000
heap
page read and write
24043813000
heap
page read and write
188FD636000
heap
page read and write
188FD64C000
heap
page read and write
1DCA8BA0000
heap
page read and write
188FD64E000
heap
page read and write
1A658000000
heap
page read and write
2314E402000
trusted library allocation
page read and write
2E0F000
stack
page read and write
24045202000
trusted library allocation
page read and write
188FD661000
heap
page read and write
188FD642000
heap
page read and write
AEF000
stack
page read and write
7849E7E000
unkown
page readonly
26C0000
heap
page read and write
DC5BB9C000
stack
page read and write
2C10000
heap
page read and write
1A658655000
heap
page read and write
2314DB20000
heap
page read and write
619F7FE000
unkown
page readonly
3455FFE000
stack
page read and write
1A658174000
heap
page read and write
61A01FE000
stack
page read and write
24043760000
trusted library allocation
page read and write
188FD641000
heap
page read and write
61A03FD000
stack
page read and write
188FD68E000
heap
page read and write
784A97C000
stack
page read and write
1A658666000
heap
page read and write
2413E550000
trusted library allocation
page read and write
1A658132000
heap
page read and write
34560FE000
unkown
page readonly
1A658156000
heap
page read and write
BB304FC000
stack
page read and write
1A658167000
heap
page read and write
2205468D000
heap
page read and write
784A67E000
unkown
page readonly
1A6578C6000
heap
page read and write
2314DC00000
heap
page read and write
99000
stack
page read and write
22054E15000
heap
page read and write
569000
unkown
page execute and write copy
1DCA8C85000
heap
page read and write
220545E0000
heap
page read and write
1DCA9402000
heap
page read and write
4B804AB000
stack
page read and write
1A65792B000
heap
page read and write
188FD631000
heap
page read and write
2500000
heap
page read and write
784A57A000
stack
page read and write
1A658655000
heap
page read and write
22054700000
heap
page read and write
24043841000
heap
page read and write
388A67B000
stack
page read and write
188FD64B000
heap
page read and write
22054600000
heap
page read and write
188FD660000
heap
page read and write
188FD4E0000
heap
page read and write
1DCA8B90000
heap
page read and write
2B0F000
stack
page read and write
24043860000
heap
page read and write
1DCA8C68000
heap
page read and write
24043800000
heap
page read and write
1A6578BA000
heap
page read and write
1DCA8BD0000
trusted library allocation
page read and write
188FD68E000
heap
page read and write
784A27E000
unkown
page readonly
DC5BFFF000
stack
page read and write
400000
unkown
page readonly
61A07FE000
unkown
page readonly
BB308FE000
unkown
page readonly
1A6578EB000
heap
page read and write
1A657880000
heap
page read and write
345557B000
stack
page read and write
1A658152000
heap
page read and write
1A658127000
heap
page read and write
BB30BFE000
unkown
page readonly
DC5C17E000
stack
page read and write
188FD66C000
heap
page read and write
C29000
heap
page read and write
1A65864C000
heap
page read and write
619F77E000
stack
page read and write
188FD6AA000
heap
page read and write
1DCA8C13000
heap
page read and write
188FD65B000
heap
page read and write
1A657790000
heap
page read and write
22054602000
heap
page read and write
1A65815A000
heap
page read and write
345597E000
stack
page read and write
55F000
unkown
page execute and write copy
1A65785F000
heap
page read and write
24043872000
heap
page read and write
1A657873000
heap
page read and write
188FD653000
heap
page read and write
34562FE000
unkown
page readonly
22054702000
heap
page read and write
7849EFE000
stack
page read and write
20000
unclassified section
page readonly
2404382A000
heap
page read and write
C25000
heap
page read and write
1A657800000
heap
page read and write
4A9000
unkown
page read and write
833000
heap
page read and write
BB30AFE000
unkown
page readonly
26B4000
heap
page read and write
2314DA20000
heap
page read and write
1A658157000
heap
page read and write
2413EE02000
trusted library allocation
page read and write
2510000
heap
page read and write
756000
heap
page read and write
2314DC28000
heap
page read and write
22054664000
heap
page read and write
188FD613000
heap
page read and write
1DCA8C7F000
heap
page read and write
188FD697000
heap
page read and write
188FD65C000
heap
page read and write
24043878000
heap
page read and write
1A658156000
heap
page read and write
24043902000
heap
page read and write
10000
unclassified section
page readonly
7E0000
heap
page read and write
24043630000
heap
page read and write
1A657898000
heap
page read and write
2413E702000
heap
page read and write
DC5BEFF000
stack
page read and write
619FBFD000
stack
page read and write
26C4000
heap
page read and write
345587E000
stack
page read and write
BB307FE000
stack
page read and write
4DB000
unkown
page read and write
1A65863F000
heap
page read and write
1A657872000
heap
page read and write
2413E657000
heap
page read and write
24043730000
heap
page read and write
2314DA40000
heap
page read and write
2413E520000
heap
page read and write
3455CFE000
unkown
page readonly
2413E666000
heap
page read and write
824000
heap
page read and write
4DF000
unkown
page readonly
1A65815D000
heap
page read and write
188FD64A000
heap
page read and write
1A65789B000
heap
page read and write
2314DC2B000
heap
page read and write
1A658100000
heap
page read and write
1A6576B0000
heap
page read and write
490000
unkown
page readonly
73E000
stack
page read and write
1A6578D5000
heap
page read and write
1A6578F2000
heap
page read and write
61D000
unkown
page execute and write copy
188FD62B000
heap
page read and write
55F000
unkown
page execute and write copy
1A658178000
heap
page read and write
1A658172000
heap
page read and write
619F67B000
stack
page read and write
1DCA8C00000
heap
page read and write
81F000
heap
page read and write
188FD668000
heap
page read and write
2413E420000
heap
page read and write
188FD684000
heap
page read and write
61A06FE000
stack
page read and write
1DCA9500000
heap
page read and write
24043913000
heap
page read and write
7849AEB000
stack
page read and write
188FD649000
heap
page read and write
22054E02000
heap
page read and write
1A658154000
heap
page read and write
784AB7E000
stack
page read and write
1A657847000
heap
page read and write
188FD692000
heap
page read and write
784A87E000
unkown
page readonly
61A02FE000
unkown
page readonly
188FD657000
heap
page read and write
5C4000
unkown
page execute and read and write
22054640000
heap
page read and write
2314DB50000
trusted library allocation
page read and write
1A6578B3000
heap
page read and write
188FD64D000
heap
page read and write
1A65816E000
heap
page read and write
24DE000
stack
page read and write
3455C7E000
stack
page read and write
22054E00000
heap
page read and write
1A657882000
heap
page read and write
1A65867A000
heap
page read and write
188FD65E000
heap
page read and write
61A05FE000
unkown
page readonly
BEF000
stack
page read and write
83B000
heap
page read and write
619F9FE000
stack
page readonly
22054800000
heap
page read and write
1A658159000
heap
page read and write
1A657888000
heap
page read and write
83B000
heap
page read and write
1A6578CF000
heap
page read and write
1A658668000
heap
page read and write
1A65815B000
heap
page read and write
1A65812C000
heap
page read and write
188FD702000
heap
page read and write
1DCA9502000
heap
page read and write
2314DC61000
heap
page read and write
1A658015000
heap
page read and write
BB302FA000
stack
page read and write
1A658153000
heap
page read and write
1A657825000
heap
page read and write
188FD662000
heap
page read and write
1A657FE0000
remote allocation
page read and write
3455DFE000
stack
page read and write
22054638000
heap
page read and write
784A079000
stack
page read and write
1DCA8C16000
heap
page read and write
188FD64F000
heap
page read and write
2413E440000
heap
page read and write
24043780000
trusted library allocation
page read and write
22054613000
heap
page read and write
2530000
heap
page read and write
188FD5F0000
trusted library allocation
page read and write
2314DC02000
heap
page read and write
BB309FB000
stack
page read and write
2205462B000
heap
page read and write
1A658540000
remote allocation
page read and write
249E000
stack
page read and write
7F0000
heap
page read and write
4FD000
unkown
page execute read
BB3067E000
stack
page read and write
1A658163000
heap
page read and write
400000
unkown
page readonly
1A658152000
heap
page read and write
1A658662000
heap
page read and write
1A657813000
heap
page read and write
4DF000
unkown
page readonly
1A657902000
heap
page read and write
2205464D000
heap
page read and write
BB30CFE000
unkown
page readonly
22054660000
heap
page read and write
6F0000
heap
page read and write
1A658655000
heap
page read and write
784A17E000
unkown
page readonly
BB2FF4B000
stack
page read and write
1A658613000
heap
page read and write
BB30FFE000
stack
page read and write
401000
unkown
page execute read
1A658540000
remote allocation
page read and write
1A657883000
heap
page read and write
1A65813B000
heap
page read and write
BB306FE000
unkown
page readonly
1A65794C000
heap
page read and write
784AC7E000
unkown
page readonly
7849F7E000
unkown
page readonly
1A658672000
heap
page read and write
188FD670000
heap
page read and write
26B0000
heap
page read and write
22054713000
heap
page read and write
7DE000
stack
page read and write
826000
heap
page read and write
BB30C7E000
stack
page read and write
1A658602000
heap
page read and write
1DCA8D02000
heap
page read and write
1A657690000
heap
page read and write
7849BEE000
stack
page read and write
1DCA8CB0000
heap
page read and write
1A657866000
heap
page read and write
1DCA8C48000
heap
page read and write
240437B0000
remote allocation
page read and write
2C0F000
stack
page read and write
1A65794C000
heap
page read and write
188FD68B000
heap
page read and write
188FD648000
heap
page read and write
1F0000
heap
page read and write
19C000
stack
page read and write
4C5000
unkown
page read and write
1A658110000
heap
page read and write
1A658662000
heap
page read and write
1A6578DC000
heap
page read and write
1A65812A000
heap
page read and write
5C5000
unkown
page execute and write copy
1DCA8B70000
heap
page read and write
784A77E000
stack
page read and write
188FD667000
heap
page read and write
188FD4C0000
heap
page read and write
1DCA8C37000
heap
page read and write
2314DC40000
heap
page read and write
240437B0000
remote allocation
page read and write
4470000
trusted library allocation
page read and write
1A6578BA000
heap
page read and write
188FD5C0000
heap
page read and write
220548E0000
heap
page read and write
619FCFE000
unkown
page readonly
619F97C000
stack
page read and write
BF0000
heap
page read and write
784AA7E000
unkown
page readonly
188FD658000
heap
page read and write
188FD68F000
heap
page read and write
784A1FE000
stack
page read and write
188FD665000
heap
page read and write
C20000
heap
page read and write
1A657913000
heap
page read and write
188FD65D000
heap
page read and write
82F000
heap
page read and write
1A657893000
heap
page read and write
1A658600000
heap
page read and write
1A658140000
heap
page read and write
61A057E000
stack
page read and write
568000
unkown
page execute and read and write
BB30DFE000
stack
page read and write
1A658157000
heap
page read and write
1A658192000
heap
page read and write
1DCA8C48000
heap
page read and write
1A65781C000
heap
page read and write
1A658154000
heap
page read and write
188FD600000
heap
page read and write
1A65816B000
heap
page read and write
619FDFE000
stack
page read and write
784A47E000
unkown
page readonly
61C000
unkown
page execute and read and write
266F000
stack
page read and write
7FE000
heap
page read and write
22054D70000
trusted library allocation
page read and write
188FD65A000
heap
page read and write
BB30EFE000
unkown
page readonly
34558FE000
unkown
page readonly
833000
heap
page read and write
188FD651000
heap
page read and write
1A65862F000
heap
page read and write
821000
heap
page read and write
2413E637000
heap
page read and write
619FEFE000
unkown
page readonly
4DD000
unkown
page read and write
1A658172000
heap
page read and write
1A65815B000
heap
page read and write
1DCA9526000
heap
page read and write
79E000
stack
page read and write
24043900000
heap
page read and write
1A65812D000
heap
page read and write
61A04FE000
unkown
page readonly
2413E613000
heap
page read and write
1A658540000
remote allocation
page read and write
1A658137000
heap
page read and write
22054690000
heap
page read and write
9EF000
stack
page read and write
BB30B7E000
stack
page read and write
34559FE000
unkown
page readonly
7FA000
heap
page read and write
2314DC13000
heap
page read and write
3455EFE000
unkown
page readonly
83B000
heap
page read and write
22054681000
heap
page read and write
BB310FE000
unkown
page readonly
1A65815F000
heap
page read and write
188FD659000
heap
page read and write
24043802000
heap
page read and write
2314DB60000
trusted library allocation
page read and write
2314DD02000
heap
page read and write
1DCA951C000
heap
page read and write
2413E616000
heap
page read and write
188FDE02000
trusted library allocation
page read and write
1A658002000
heap
page read and write
2205464B000
heap
page read and write
838000
heap
page read and write
1A65818E000
heap
page read and write
83C000
heap
page read and write
4B8000
unkown
page read and write
2404387D000
heap
page read and write
1A658152000
heap
page read and write
2413E648000
heap
page read and write
There are 376 hidden memdumps, click here to show them.