Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Win32.Beetle.4.30890.19403.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Uninstall.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pidgenx.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\goopdate.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\client\jvm.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\deploy.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\dtplugin\deployJava1.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\dtplugin\npdeployJava1.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\eula.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\fxplugins.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\glib-lite.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\gstreamer-lite.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\hprof.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\j2gss.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\j2pkcs11.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\java.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\java.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.cpl
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\javafx_font.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\jdwp.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\jfxwebkit.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\jli.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\jp2iexp.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\jp2ssv.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\jsdt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\management.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\plugin2\npjp2.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\splashscreen.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\ssv.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\wsdetect.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\concrt140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\mfc140u.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\msvcr120.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office15\pidgenx.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ACEDAO.DLL
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Appshapi.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\AutoHelper.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\CHART.DLL
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\CONTAB32.DLL
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Cpprest141_2_10.DLL
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DLGSETP.DLL
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\EMSMDB32.DLL
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\EXSEC32.DLL
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\EntityPicker.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\GRAPH.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\IEAWSDC.DLL
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\JitV.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MAPIPH.DLL
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MIMEDIR.DLL
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MLCFG32.CPL
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MSAEXP30.DLL
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MSOARIA.DLL
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MSOARIANEXT.DLL
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSPECTRE.DLL
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MeetingJoinAxOC.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\appsharingmediaprovider.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\appshcom.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\appshvw.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\atl110.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\concrt140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\cpprestsdk.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\excelcnv.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\lync99.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\lyncDesktopViewModel.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\mce.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\mce_office.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\mfc140u.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\mip_pdf_sdk.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\msoadfsb.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\EdgeCore\117.0.2045.47\BHO\ie_to_edge_bho.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\EdgeCore\117.0.2045.47\EBWebView\x86\EmbeddedBrowserWebView.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\BHO\ie_to_edge_bho.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\EBWebView\x86\EmbeddedBrowserWebView.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\msedgeupdate.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\7-Zip\7z.sfx
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\7-Zip\7zCon.sfx
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\7-Zip\Uninstall.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\ACE.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\AGM.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\AIDE.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat32OL.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\BIB.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\BIBUtils.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDFImpl.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Mozilla Firefox\uninstall\helper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpDetours.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpDetoursCopyAccelerator.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpDetours.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpDetoursCopyAccelerator.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\1084.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\1C3C.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\27D5.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\4BD.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\4BE.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\4DC.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\wct425E.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
There are 119 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Beetle.4.30890.19403.dll"
|
|
|
|
C:\Users\user\AppData\Local\Temp\27D5.tmp
|
C:\Users\user\AppData\Local\Temp\27D5.tmp
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Beetle.4.30890.19403.dll",#1
|
||
|
C:\Windows\SysWOW64\regsvr32.exe
|
regsvr32.exe /s C:\Users\user\Desktop\SecuriteInfo.com.Win32.Beetle.4.30890.19403.dll
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Beetle.4.30890.19403.dll,??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Beetle.4.30890.19403.dll",#1
|
||
|
C:\Users\user\AppData\Local\Temp\4BD.tmp
|
C:\Users\user\AppData\Local\Temp\4BD.tmp
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Beetle.4.30890.19403.dll,??4_Init_locks@std@@QAEAAV01@ABV01@@Z
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Beetle.4.30890.19403.dll,DllCanUnloadNow
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://tlu.dl.de
|
unknown
|
||
|
https://login.windows.net/common
|
unknown
|
||
|
https://syncservice.o365syncservice.com/
|
unknown
|
||
|
https://login.microsoftonline.us/common
|
unknown
|
||
|
http://java.oracle.com/java.vendor.url.bughttp://bugreport.sun.com/bugreport/%d.%djava.class.version
|
unknown
|
||
|
http://tlu.dl.delivery.mp.mi
|
unknown
|
||
|
http://bugreport.sun.com/bugreport/
|
unknown
|
||
|
https://login.chinacloudapi.cn/common
|
unknown
|
||
|
http://java.oracle.com/
|
unknown
|
||
|
http://tlu.dl.delivery.mp.microsoft.8com/filestreamingservice/files/1e08863d-491b-4609-a0f8-bd8fb8ab
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV21C:
|
unknown
|
||
|
https://syncservice.o365syncservice.com/https://login.windows.net/commondataservice.protection.outlo
|
unknown
|
||
|
http://tlu.dl.delivery
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2.C:
|
unknown
|
||
|
http://tlu.dl.
|
unknown
|
||
|
http://tlu.dl.delivery.mp.micrBosoft.com/filestreamingservice/files/e5fd51e1-714d-4a9f-ad84-b9c7c9da
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://www.autoitscript.com/autoit3/
|
unknown
|
||
|
http://tlu.dl.delivery.mp.micr
|
unknown
|
||
|
http://tlu.dl.delivery.mp.micraosoft.com/filestreamingservice/files/a730fbc0-b3e6-42bf-9776-5c1a9503
|
unknown
|
||
|
http://tlu.dl.delivery.mp.micros5oft.com/filestreamingservice/files/621f41c6-598e-4516-bb23-be21d146
|
unknown
|
||
|
http://tlu.dl.delivery.mp.microsoft.coEm/filestreamingservice/files/17a1f764-1e22-4005-ad95-0bc97022
|
unknown
|
||
|
https://login.microsoftonline.de/common
|
unknown
|
||
|
http://aka.ms/aippdf)
|
unknown
|
||
|
https://api.Unsupported
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod.C:
|
unknown
|
||
|
http://tlu.dl.delivery.mp.microsLoft.com/filestreamingservice/files/ae12b07d-3012-4812-92a3-bdc1df33
|
unknown
|
||
|
http://tlu.dl.delivery.m
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod1C:
|
unknown
|
||
|
http://tlu.dl.delive
|
unknown
|
||
|
http://tlu.dl.delivery.mp.microsoft.co
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2
|
unknown
|
||
|
http://tlu.dl.delivery.mp.micros
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
|
unknown
|
||
|
https://login.microsoftonline.microsoft.scloud/common
|
unknown
|
||
|
http://tlu.dl.deli
|
unknown
|
||
|
http://tlu.dl.delivery.mp.microsoft.
|
unknown
|
||
|
http://download.windowsup
|
unknown
|
||
|
http://www.autoitscript.com/autoit3/8
|
unknown
|
||
|
https://login.microsoftonline.eaglex.ic.gov/common
|
unknown
|
||
|
http://relaxng.org/ns/structure/1.0
|
unknown
|
||
|
http://tlu.dl.delivery.mp.microsof
|
unknown
|
||
|
http://tlu.d
|
unknown
|
||
|
https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
|
unknown
|
||
|
http://tlu.dl.delivery.mp.
|
unknown
|
There are 35 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}
|
DisableLowILProcessIsolation
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}
|
AppID
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}
|
DisplayName
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}\InprocServer32
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}\InprocServer32
|
ThreadingModel
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}
|
DisableLowILProcessIsolation
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}
|
AppID
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}
|
DisplayName
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}\InprocServer32
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}\InprocServer32
|
ThreadingModel
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}\ProgID
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}\VersionIndependentProgID
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}\TypeLib
|
NULL
|
||
|
HKEY_CURRENT_USER_Classes\.pdf
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}\ProgID
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}\VersionIndependentProgID
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{41C5FFFE-36DD-415D-9ED0-2976A342A1C8}\1.0
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{41C5FFFE-36DD-415D-9ED0-2976A342A1C8}\1.0\FLAGS
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{41C5FFFE-36DD-415D-9ED0-2976A342A1C8}\1.0\0\win32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{41C5FFFE-36DD-415D-9ED0-2976A342A1C8}\1.0\HELPDIR
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8D46C1B6-BBAB-450D-A61F-4DDC898B21D4}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8D46C1B6-BBAB-450D-A61F-4DDC898B21D4}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8D46C1B6-BBAB-450D-A61F-4DDC898B21D4}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8D46C1B6-BBAB-450D-A61F-4DDC898B21D4}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17F2E344-8227-4AA7-A25A-E89424566BBA}\InProcServer32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17F2E344-8227-4AA7-A25A-E89424566BBA}\InProcServer32
|
ThreadingModel
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17F2E344-8227-4AA7-A25A-E89424566BBA}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{17F2E344-8227-4AA7-A25A-E89424566BBA}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{17F2E344-8227-4AA7-A25A-E89424566BBA}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{17F2E344-8227-4AA7-A25A-E89424566BBA}\NumMethods
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8D46C1B6-BBAB-450D-A61F-4DDC898B21D4}\ProxyStubClsid32
|
NULL
|
There are 24 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1E06000
|
heap
|
page read and write
|
||
|
1D31000
|
heap
|
page read and write
|
||
|
1D28000
|
heap
|
page read and write
|
||
|
5A6000
|
unkown
|
page readonly
|
||
|
1FFD000
|
heap
|
page read and write
|
||
|
1CB0000
|
heap
|
page read and write
|
||
|
1475000
|
heap
|
page read and write
|
||
|
1C50000
|
heap
|
page read and write
|
||
|
1C5A000
|
heap
|
page read and write
|
||
|
2282000
|
heap
|
page read and write
|
||
|
456E000
|
stack
|
page read and write
|
||
|
14F3000
|
heap
|
page read and write
|
||
|
1CC5000
|
heap
|
page read and write
|
||
|
1C8E000
|
heap
|
page read and write
|
||
|
2001000
|
heap
|
page read and write
|
||
|
20DC000
|
heap
|
page read and write
|
||
|
217A000
|
heap
|
page read and write
|
||
|
1C90000
|
heap
|
page read and write
|
||
|
1D23000
|
heap
|
page read and write
|
||
|
2262000
|
heap
|
page read and write
|
||
|
1C35000
|
heap
|
page read and write
|
||
|
1CFC000
|
heap
|
page read and write
|
||
|
1C8E000
|
heap
|
page read and write
|
||
|
330E000
|
stack
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
581000
|
unkown
|
page execute read
|
||
|
A30000
|
direct allocation
|
page execute and read and write
|
||
|
1C42000
|
heap
|
page read and write
|
||
|
14F3000
|
heap
|
page read and write
|
||
|
2601000
|
heap
|
page read and write
|
||
|
1C9F000
|
heap
|
page read and write
|
||
|
1476000
|
heap
|
page read and write
|
||
|
1C54000
|
heap
|
page read and write
|
||
|
1C41000
|
heap
|
page read and write
|
||
|
1C80000
|
heap
|
page read and write
|
||
|
1C4E000
|
heap
|
page read and write
|
||
|
1CD9000
|
heap
|
page read and write
|
||
|
1CAA000
|
heap
|
page read and write
|
||
|
1C36000
|
heap
|
page read and write
|
||
|
1476000
|
heap
|
page read and write
|
||
|
20E7000
|
heap
|
page read and write
|
||
|
2082000
|
heap
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
2011000
|
heap
|
page read and write
|
||
|
1C83000
|
heap
|
page read and write
|
||
|
2582000
|
heap
|
page read and write
|
||
|
21CA000
|
heap
|
page read and write
|
||
|
1CB5000
|
heap
|
page read and write
|
||
|
9A1000
|
stack
|
page read and write
|
||
|
1476000
|
heap
|
page read and write
|
||
|
1CE0000
|
heap
|
page read and write
|
||
|
1C3A000
|
heap
|
page read and write
|
||
|
1464000
|
heap
|
page read and write
|
||
|
1C85000
|
heap
|
page read and write
|
||
|
2015000
|
heap
|
page read and write
|
||
|
CBB000
|
stack
|
page read and write
|
||
|
1C98000
|
heap
|
page read and write
|
||
|
1C59000
|
heap
|
page read and write
|
||
|
1C4B000
|
heap
|
page read and write
|
||
|
BDF000
|
stack
|
page read and write
|
||
|
1D2A000
|
heap
|
page read and write
|
||
|
3E9000
|
stack
|
page read and write
|
||
|
1CCB000
|
heap
|
page read and write
|
||
|
1476000
|
heap
|
page read and write
|
||
|
1D28000
|
heap
|
page read and write
|
||
|
1C85000
|
heap
|
page read and write
|
||
|
2671000
|
heap
|
page read and write
|
||
|
31D0000
|
heap
|
page read and write
|
||
|
1CA2000
|
heap
|
page read and write
|
||
|
1476000
|
heap
|
page read and write
|
||
|
2192000
|
heap
|
page read and write
|
||
|
1F7A000
|
heap
|
page read and write
|
||
|
AFA000
|
heap
|
page read and write
|
||
|
2339000
|
heap
|
page read and write
|
||
|
1476000
|
heap
|
page read and write
|
||
|
1481000
|
heap
|
page read and write
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
1475000
|
heap
|
page read and write
|
||
|
1C85000
|
heap
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
2DFE000
|
stack
|
page read and write
|
||
|
1C48000
|
heap
|
page read and write
|
||
|
1C33000
|
heap
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
1FCA000
|
heap
|
page read and write
|
||
|
1C5A000
|
heap
|
page read and write
|
||
|
1CAA000
|
heap
|
page read and write
|
||
|
1491000
|
heap
|
page read and write
|
||
|
1CB4000
|
heap
|
page read and write
|
||
|
246A000
|
heap
|
page read and write
|
||
|
20E2000
|
heap
|
page read and write
|
||
|
1D92000
|
heap
|
page read and write
|
||
|
110E000
|
stack
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
1CB1000
|
heap
|
page read and write
|
||
|
1C4E000
|
heap
|
page read and write
|
||
|
1C63000
|
heap
|
page read and write
|
||
|
2381000
|
heap
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
1FF5000
|
heap
|
page read and write
|
||
|
20EA000
|
heap
|
page read and write
|
||
|
E8E000
|
stack
|
page read and write
|
||
|
21BA000
|
heap
|
page read and write
|
||
|
1C57000
|
heap
|
page read and write
|
||
|
214A000
|
heap
|
page read and write
|
||
|
1C99000
|
heap
|
page read and write
|
||
|
1FF7000
|
heap
|
page read and write
|
||
|
C3C000
|
stack
|
page read and write
|
||
|
B1E000
|
stack
|
page read and write
|
||
|
1D9A000
|
heap
|
page read and write
|
||
|
99D000
|
stack
|
page read and write
|
||
|
1D10000
|
heap
|
page read and write
|
||
|
1DDA000
|
heap
|
page read and write
|
||
|
2311000
|
heap
|
page read and write
|
||
|
A1F000
|
stack
|
page read and write
|
||
|
588000
|
unkown
|
page readonly
|
||
|
1C62000
|
heap
|
page read and write
|
||
|
1D8D000
|
heap
|
page read and write
|
||
|
1C5C000
|
heap
|
page read and write
|
||
|
1D3A000
|
heap
|
page read and write
|
||
|
45F0000
|
heap
|
page read and write
|
||
|
1C4D000
|
heap
|
page read and write
|
||
|
1C33000
|
heap
|
page read and write
|
||
|
2542000
|
heap
|
page read and write
|
||
|
1C6D000
|
heap
|
page read and write
|
||
|
1D29000
|
heap
|
page read and write
|
||
|
1465000
|
heap
|
page read and write
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
1CC9000
|
heap
|
page read and write
|
||
|
1C89000
|
heap
|
page read and write
|
||
|
1EFA000
|
heap
|
page read and write
|
||
|
1C49000
|
heap
|
page read and write
|
||
|
120000
|
unkown
|
page readonly
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
3120000
|
direct allocation
|
page execute and read and write
|
||
|
1D1D000
|
heap
|
page read and write
|
||
|
1CB5000
|
heap
|
page read and write
|
||
|
1C9B000
|
heap
|
page read and write
|
||
|
1C92000
|
heap
|
page read and write
|
||
|
4600000
|
heap
|
page read and write
|
||
|
2639000
|
heap
|
page read and write
|
||
|
14F3000
|
heap
|
page read and write
|
||
|
BFB000
|
stack
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
1CB9000
|
heap
|
page read and write
|
||
|
1E02000
|
heap
|
page read and write
|
||
|
1C9D000
|
heap
|
page read and write
|
||
|
1CC8000
|
heap
|
page read and write
|
||
|
221A000
|
heap
|
page read and write
|
||
|
45AE000
|
stack
|
page read and write
|
||
|
1C34000
|
heap
|
page read and write
|
||
|
255A000
|
heap
|
page read and write
|
||
|
6DB000
|
stack
|
page read and write
|
||
|
1C57000
|
heap
|
page read and write
|
||
|
215A000
|
heap
|
page read and write
|
||
|
2C20000
|
heap
|
page read and write
|
||
|
310E000
|
stack
|
page read and write
|
||
|
1C74000
|
heap
|
page read and write
|
||
|
1CF8000
|
heap
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
1D34000
|
heap
|
page read and write
|
||
|
1D11000
|
heap
|
page read and write
|
||
|
1C65000
|
heap
|
page read and write
|
||
|
1CCE000
|
heap
|
page read and write
|
||
|
1DE9000
|
heap
|
page read and write
|
||
|
1C3F000
|
heap
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
4C40000
|
heap
|
page read and write
|
||
|
1C75000
|
heap
|
page read and write
|
||
|
33A0000
|
heap
|
page read and write
|
||
|
1CAA000
|
heap
|
page read and write
|
||
|
1C3A000
|
heap
|
page read and write
|
||
|
1CFF000
|
heap
|
page read and write
|
||
|
1C61000
|
heap
|
page read and write
|
||
|
3A37000
|
heap
|
page read and write
|
||
|
2032000
|
heap
|
page read and write
|
||
|
1D32000
|
heap
|
page read and write
|
||
|
1CE7000
|
heap
|
page read and write
|
||
|
1F3A000
|
heap
|
page read and write
|
||
|
580000
|
unkown
|
page readonly
|
||
|
2252000
|
heap
|
page read and write
|
||
|
2047000
|
heap
|
page read and write
|
||
|
1F69000
|
heap
|
page read and write
|
||
|
1DB1000
|
heap
|
page read and write
|
||
|
310F000
|
stack
|
page read and write
|
||
|
22F1000
|
heap
|
page read and write
|
||
|
1CF6000
|
heap
|
page read and write
|
||
|
2561000
|
heap
|
page read and write
|
||
|
1D29000
|
heap
|
page read and write
|
||
|
1D35000
|
heap
|
page read and write
|
||
|
1F22000
|
heap
|
page read and write
|
||
|
1CDB000
|
heap
|
page read and write
|
||
|
147A000
|
heap
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
3110000
|
heap
|
page read and write
|
||
|
F27000
|
heap
|
page read and write
|
||
|
1D2C000
|
heap
|
page read and write
|
||
|
1CF8000
|
heap
|
page read and write
|
||
|
25E9000
|
heap
|
page read and write
|
||
|
20C2000
|
heap
|
page read and write
|
||
|
1CA8000
|
heap
|
page read and write
|
||
|
3DC000
|
stack
|
page read and write
|
||
|
2035000
|
heap
|
page read and write
|
||
|
1D1C000
|
heap
|
page read and write
|
||
|
CFE000
|
stack
|
page read and write
|
||
|
210A000
|
heap
|
page read and write
|
||
|
216A000
|
heap
|
page read and write
|
||
|
1C73000
|
heap
|
page read and write
|
||
|
23E2000
|
heap
|
page read and write
|
||
|
2611000
|
heap
|
page read and write
|
||
|
1C58000
|
heap
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
1C62000
|
heap
|
page read and write
|
||
|
1D26000
|
heap
|
page read and write
|
||
|
22BA000
|
heap
|
page read and write
|
||
|
1463000
|
heap
|
page read and write
|
||
|
22AA000
|
heap
|
page read and write
|
||
|
1CCE000
|
heap
|
page read and write
|
||
|
6237000
|
heap
|
page read and write
|
||
|
25F9000
|
heap
|
page read and write
|
||
|
1C92000
|
heap
|
page read and write
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
1475000
|
heap
|
page read and write
|
||
|
4605000
|
heap
|
page read and write
|
||
|
1C50000
|
heap
|
page read and write
|
||
|
1CA0000
|
heap
|
page read and write
|
||
|
B9E000
|
stack
|
page read and write
|
||
|
1CF7000
|
heap
|
page read and write
|
||
|
E4D000
|
stack
|
page read and write
|
||
|
2072000
|
heap
|
page read and write
|
||
|
1C37000
|
heap
|
page read and write
|
||
|
1C91000
|
heap
|
page read and write
|
||
|
1CCD000
|
heap
|
page read and write
|
||
|
1C60000
|
heap
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
1C7B000
|
heap
|
page read and write
|
||
|
14F3000
|
heap
|
page read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
4880000
|
heap
|
page read and write
|
||
|
B5F000
|
stack
|
page read and write
|
||
|
2041000
|
heap
|
page read and write
|
||
|
2379000
|
heap
|
page read and write
|
||
|
319E000
|
stack
|
page read and write
|
||
|
D3E000
|
stack
|
page read and write
|
||
|
71C000
|
stack
|
page read and write
|
||
|
2045000
|
heap
|
page read and write
|
||
|
3E2000
|
stack
|
page read and write
|
||
|
264A000
|
heap
|
page read and write
|
||
|
F1F000
|
heap
|
page read and write
|
||
|
1D1D000
|
heap
|
page read and write
|
||
|
1C96000
|
heap
|
page read and write
|
||
|
2005000
|
heap
|
page read and write
|
||
|
1CD0000
|
heap
|
page read and write
|
||
|
1E92000
|
heap
|
page read and write
|
||
|
2F10000
|
heap
|
page read and write
|
||
|
23F2000
|
heap
|
page read and write
|
||
|
2D80000
|
direct allocation
|
page execute and read and write
|
||
|
241A000
|
heap
|
page read and write
|
||
|
1C32000
|
heap
|
page read and write
|
||
|
25E1000
|
heap
|
page read and write
|
||
|
147A000
|
heap
|
page read and write
|
||
|
581000
|
unkown
|
page execute read
|
||
|
20F2000
|
heap
|
page read and write
|
||
|
2636000
|
heap
|
page read and write
|
||
|
1C7F000
|
heap
|
page read and write
|
||
|
1CED000
|
heap
|
page read and write
|
||
|
25CA000
|
heap
|
page read and write
|
||
|
2029000
|
heap
|
page read and write
|
||
|
3225000
|
heap
|
page read and write
|
||
|
1D13000
|
heap
|
page read and write
|
||
|
2202000
|
heap
|
page read and write
|
||
|
2301000
|
heap
|
page read and write
|
||
|
1C35000
|
heap
|
page read and write
|
||
|
1D7A000
|
heap
|
page read and write
|
||
|
1C7A000
|
heap
|
page read and write
|
||
|
1CB9000
|
heap
|
page read and write
|
||
|
86A000
|
heap
|
page read and write
|
||
|
2631000
|
heap
|
page read and write
|
||
|
1464000
|
heap
|
page read and write
|
||
|
25C2000
|
heap
|
page read and write
|
||
|
1464000
|
heap
|
page read and write
|
||
|
1475000
|
heap
|
page read and write
|
||
|
1C8C000
|
heap
|
page read and write
|
||
|
1C4B000
|
heap
|
page read and write
|
||
|
212A000
|
heap
|
page read and write
|
||
|
580000
|
unkown
|
page readonly
|
||
|
22F9000
|
heap
|
page read and write
|
||
|
1FF2000
|
heap
|
page read and write
|
||
|
1D1E000
|
heap
|
page read and write
|
||
|
31DA000
|
heap
|
page read and write
|
||
|
1C63000
|
heap
|
page read and write
|
||
|
1CE8000
|
heap
|
page read and write
|
||
|
314F000
|
stack
|
page read and write
|
||
|
2659000
|
heap
|
page read and write
|
||
|
1CCF000
|
heap
|
page read and write
|
||
|
1C3C000
|
heap
|
page read and write
|
||
|
EC0000
|
direct allocation
|
page execute and read and write
|
||
|
20DA000
|
heap
|
page read and write
|
||
|
128000
|
unkown
|
page readonly
|
||
|
1C83000
|
heap
|
page read and write
|
||
|
20D2000
|
heap
|
page read and write
|
||
|
83E000
|
stack
|
page read and write
|
||
|
1D90000
|
heap
|
page read and write
|
||
|
1C82000
|
heap
|
page read and write
|
||
|
1C3A000
|
heap
|
page read and write
|
||
|
1CE4000
|
heap
|
page read and write
|
||
|
1CBB000
|
heap
|
page read and write
|
||
|
1D0C000
|
heap
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
D50000
|
heap
|
page read and write
|
||
|
224A000
|
heap
|
page read and write
|
||
|
1476000
|
heap
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
1CF2000
|
heap
|
page read and write
|
||
|
267A000
|
heap
|
page read and write
|
||
|
1C8B000
|
heap
|
page read and write
|
||
|
1C4D000
|
heap
|
page read and write
|
||
|
1D02000
|
heap
|
page read and write
|
||
|
1475000
|
heap
|
page read and write
|
||
|
1F42000
|
heap
|
page read and write
|
||
|
147B000
|
heap
|
page read and write
|
||
|
2572000
|
heap
|
page read and write
|
||
|
1C36000
|
heap
|
page read and write
|
||
|
1C92000
|
heap
|
page read and write
|
||
|
23FA000
|
heap
|
page read and write
|
||
|
147D000
|
heap
|
page read and write
|
||
|
1C5C000
|
heap
|
page read and write
|
||
|
1E4A000
|
heap
|
page read and write
|
||
|
200D000
|
heap
|
page read and write
|
||
|
324A000
|
heap
|
page read and write
|
||
|
1CF3000
|
heap
|
page read and write
|
||
|
147A000
|
heap
|
page read and write
|
||
|
1464000
|
heap
|
page read and write
|
||
|
4B5E000
|
stack
|
page read and write
|
||
|
1C71000
|
heap
|
page read and write
|
||
|
1D81000
|
heap
|
page read and write
|
||
|
D3F000
|
stack
|
page read and write
|
||
|
1F32000
|
heap
|
page read and write
|
||
|
1E9A000
|
heap
|
page read and write
|
||
|
1E8A000
|
heap
|
page read and write
|
||
|
1D31000
|
heap
|
page read and write
|
||
|
1E7A000
|
heap
|
page read and write
|
||
|
461F000
|
stack
|
page read and write
|
||
|
1F2A000
|
heap
|
page read and write
|
||
|
148E000
|
heap
|
page read and write
|
||
|
D50000
|
heap
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
1CA5000
|
heap
|
page read and write
|
||
|
F3C000
|
heap
|
page read and write
|
||
|
1C3D000
|
heap
|
page read and write
|
||
|
1C6A000
|
heap
|
page read and write
|
||
|
1CFA000
|
heap
|
page read and write
|
||
|
CFC000
|
stack
|
page read and write
|
||
|
20FA000
|
heap
|
page read and write
|
||
|
1476000
|
heap
|
page read and write
|
||
|
1FB2000
|
heap
|
page read and write
|
||
|
1C35000
|
heap
|
page read and write
|
||
|
1D1E000
|
heap
|
page read and write
|
||
|
1CD6000
|
heap
|
page read and write
|
||
|
2621000
|
heap
|
page read and write
|
||
|
129000
|
unkown
|
page write copy
|
||
|
14F3000
|
heap
|
page read and write
|
||
|
202F000
|
heap
|
page read and write
|
||
|
1ED2000
|
heap
|
page read and write
|
||
|
E4F000
|
stack
|
page read and write
|
||
|
1CA7000
|
heap
|
page read and write
|
||
|
1465000
|
heap
|
page read and write
|
||
|
2669000
|
heap
|
page read and write
|
||
|
2017000
|
heap
|
page read and write
|
||
|
1C39000
|
heap
|
page read and write
|
||
|
1CBF000
|
heap
|
page read and write
|
||
|
1CFA000
|
heap
|
page read and write
|
||
|
203D000
|
heap
|
page read and write
|
||
|
202D000
|
heap
|
page read and write
|
||
|
1E72000
|
heap
|
page read and write
|
||
|
1CC8000
|
heap
|
page read and write
|
||
|
4B1F000
|
stack
|
page read and write
|
||
|
240A000
|
heap
|
page read and write
|
||
|
2019000
|
heap
|
page read and write
|
||
|
1DA9000
|
heap
|
page read and write
|
||
|
1C46000
|
heap
|
page read and write
|
||
|
1465000
|
heap
|
page read and write
|
||
|
2641000
|
heap
|
page read and write
|
||
|
22CA000
|
heap
|
page read and write
|
||
|
1EE2000
|
heap
|
page read and write
|
||
|
1483000
|
heap
|
page read and write
|
||
|
1C9C000
|
heap
|
page read and write
|
||
|
22B2000
|
heap
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
589000
|
unkown
|
page write copy
|
||
|
1CF4000
|
heap
|
page read and write
|
||
|
A3C000
|
stack
|
page read and write
|
||
|
1C31000
|
heap
|
page read and write
|
||
|
2DBF000
|
stack
|
page read and write
|
||
|
8AC000
|
stack
|
page read and write
|
||
|
259A000
|
heap
|
page read and write
|
||
|
200F000
|
heap
|
page read and write
|
||
|
1CAC000
|
heap
|
page read and write
|
||
|
1476000
|
heap
|
page read and write
|
||
|
3220000
|
heap
|
page read and write
|
||
|
1DE2000
|
heap
|
page read and write
|
||
|
1C3E000
|
heap
|
page read and write
|
||
|
1D15000
|
heap
|
page read and write
|
||
|
C4A000
|
heap
|
page read and write
|
||
|
589000
|
unkown
|
page write copy
|
||
|
23DA000
|
heap
|
page read and write
|
||
|
F1B000
|
heap
|
page read and write
|
||
|
1463000
|
heap
|
page read and write
|
||
|
121000
|
unkown
|
page execute read
|
||
|
588000
|
unkown
|
page readonly
|
||
|
1CDB000
|
heap
|
page read and write
|
||
|
1D2C000
|
heap
|
page read and write
|
||
|
1475000
|
heap
|
page read and write
|
||
|
1CA5000
|
heap
|
page read and write
|
||
|
148E000
|
heap
|
page read and write
|
||
|
1475000
|
heap
|
page read and write
|
||
|
1FFF000
|
heap
|
page read and write
|
||
|
9DE000
|
stack
|
page read and write
|
||
|
1CDD000
|
heap
|
page read and write
|
||
|
2402000
|
heap
|
page read and write
|
||
|
252A000
|
heap
|
page read and write
|
||
|
1D4A000
|
heap
|
page read and write
|
||
|
1CD8000
|
heap
|
page read and write
|
||
|
1463000
|
heap
|
page read and write
|
||
|
2021000
|
heap
|
page read and write
|
||
|
4E37000
|
heap
|
page read and write
|
||
|
1C9E000
|
heap
|
page read and write
|
||
|
1CF0000
|
heap
|
page read and write
|
||
|
1C86000
|
heap
|
page read and write
|
||
|
21F2000
|
heap
|
page read and write
|
||
|
1C52000
|
heap
|
page read and write
|
||
|
22DA000
|
heap
|
page read and write
|
||
|
5837000
|
heap
|
page read and write
|
||
|
1D1B000
|
heap
|
page read and write
|
||
|
1476000
|
heap
|
page read and write
|
||
|
1D8A000
|
heap
|
page read and write
|
||
|
1CF9000
|
heap
|
page read and write
|
||
|
1C31000
|
heap
|
page read and write
|
||
|
1C6B000
|
heap
|
page read and write
|
||
|
1480000
|
heap
|
page read and write
|
||
|
1C4B000
|
heap
|
page read and write
|
||
|
1CD3000
|
heap
|
page read and write
|
||
|
2232000
|
heap
|
page read and write
|
||
|
1C77000
|
heap
|
page read and write
|
||
|
1CA4000
|
heap
|
page read and write
|
||
|
1464000
|
heap
|
page read and write
|
||
|
1FE2000
|
heap
|
page read and write
|
||
|
1CC9000
|
heap
|
page read and write
|
||
|
99F000
|
stack
|
page read and write
|
||
|
1C3B000
|
heap
|
page read and write
|
||
|
1E52000
|
heap
|
page read and write
|
||
|
1C38000
|
heap
|
page read and write
|
||
|
1C37000
|
heap
|
page read and write
|
||
|
1D29000
|
heap
|
page read and write
|
||
|
1CB3000
|
heap
|
page read and write
|
||
|
46E5000
|
heap
|
page read and write
|
||
|
1C37000
|
heap
|
page read and write
|
||
|
1C7B000
|
heap
|
page read and write
|
||
|
1D26000
|
heap
|
page read and write
|
||
|
1DFA000
|
heap
|
page read and write
|
||
|
1FF9000
|
heap
|
page read and write
|
||
|
1D2B000
|
heap
|
page read and write
|
||
|
2522000
|
heap
|
page read and write
|
||
|
33C5000
|
heap
|
page read and write
|
||
|
25D9000
|
heap
|
page read and write
|
||
|
1CBB000
|
heap
|
page read and write
|
||
|
2007000
|
heap
|
page read and write
|
||
|
11C6000
|
heap
|
page read and write
|
||
|
1CB2000
|
heap
|
page read and write
|
||
|
21A2000
|
heap
|
page read and write
|
||
|
1D37000
|
heap
|
page read and write
|
||
|
249A000
|
heap
|
page read and write
|
||
|
7DB000
|
stack
|
page read and write
|
||
|
1E82000
|
heap
|
page read and write
|
||
|
1D20000
|
heap
|
page read and write
|
||
|
1CB8000
|
heap
|
page read and write
|
||
|
1476000
|
heap
|
page read and write
|
||
|
1475000
|
heap
|
page read and write
|
||
|
1C78000
|
heap
|
page read and write
|
||
|
1E32000
|
heap
|
page read and write
|
||
|
31EE000
|
stack
|
page read and write
|
||
|
3160000
|
heap
|
page read and write
|
||
|
1C8B000
|
heap
|
page read and write
|
||
|
1476000
|
heap
|
page read and write
|
||
|
146000
|
unkown
|
page readonly
|
||
|
1D1F000
|
heap
|
page read and write
|
||
|
4B9F000
|
stack
|
page read and write
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
1D2C000
|
heap
|
page read and write
|
||
|
99F000
|
stack
|
page read and write
|
||
|
1D38000
|
heap
|
page read and write
|
||
|
1CA2000
|
heap
|
page read and write
|
||
|
2569000
|
heap
|
page read and write
|
||
|
2025000
|
heap
|
page read and write
|
||
|
1CAF000
|
heap
|
page read and write
|
||
|
1D25000
|
heap
|
page read and write
|
||
|
147E000
|
heap
|
page read and write
|
||
|
D2E000
|
stack
|
page read and write
|
||
|
25D2000
|
heap
|
page read and write
|
||
|
1D19000
|
heap
|
page read and write
|
||
|
1C46000
|
heap
|
page read and write
|
||
|
1CF1000
|
heap
|
page read and write
|
||
|
2331000
|
heap
|
page read and write
|
||
|
4437000
|
heap
|
page read and write
|
||
|
2309000
|
heap
|
page read and write
|
||
|
2692000
|
heap
|
page read and write
|
||
|
2681000
|
heap
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
1CD8000
|
heap
|
page read and write
|
||
|
1C72000
|
heap
|
page read and write
|
||
|
1476000
|
heap
|
page read and write
|
||
|
1D1A000
|
heap
|
page read and write
|
||
|
1CBD000
|
heap
|
page read and write
|
||
|
1475000
|
heap
|
page read and write
|
||
|
2E1E000
|
stack
|
page read and write
|
||
|
1476000
|
heap
|
page read and write
|
||
|
7BD000
|
stack
|
page read and write
|
||
|
25AA000
|
heap
|
page read and write
|
||
|
1C3A000
|
heap
|
page read and write
|
||
|
1C98000
|
heap
|
page read and write
|
||
|
1CA0000
|
heap
|
page read and write
|
||
|
2652000
|
heap
|
page read and write
|
||
|
1476000
|
heap
|
page read and write
|
||
|
1C44000
|
heap
|
page read and write
|
||
|
1EAA000
|
heap
|
page read and write
|
||
|
2319000
|
heap
|
page read and write
|
||
|
1C6D000
|
heap
|
page read and write
|
||
|
1C88000
|
heap
|
page read and write
|
||
|
147F000
|
heap
|
page read and write
|
||
|
1D1D000
|
heap
|
page read and write
|
||
|
1C9A000
|
heap
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
1CDB000
|
heap
|
page read and write
|
||
|
2037000
|
heap
|
page read and write
|
||
|
1C78000
|
heap
|
page read and write
|
||
|
1D19000
|
heap
|
page read and write
|
||
|
1CE9000
|
heap
|
page read and write
|
||
|
1F4A000
|
heap
|
page read and write
|
||
|
1CD9000
|
heap
|
page read and write
|
||
|
263A000
|
heap
|
page read and write
|
||
|
3DE000
|
stack
|
page read and write
|
||
|
25F1000
|
heap
|
page read and write
|
||
|
1D1E000
|
heap
|
page read and write
|
||
|
1CCB000
|
heap
|
page read and write
|
||
|
229A000
|
heap
|
page read and write
|
||
|
1D01000
|
heap
|
page read and write
|
||
|
1491000
|
heap
|
page read and write
|
||
|
1C44000
|
heap
|
page read and write
|
||
|
1D62000
|
heap
|
page read and write
|
||
|
1C8D000
|
heap
|
page read and write
|
||
|
2102000
|
heap
|
page read and write
|
||
|
1476000
|
heap
|
page read and write
|
||
|
203F000
|
heap
|
page read and write
|
||
|
4540000
|
heap
|
page read and write
|
||
|
1C62000
|
heap
|
page read and write
|
||
|
14F3000
|
heap
|
page read and write
|
||
|
1CC6000
|
heap
|
page read and write
|
||
|
1C6B000
|
heap
|
page read and write
|
||
|
E8E000
|
stack
|
page read and write
|
||
|
855000
|
heap
|
page read and write
|
||
|
1C9B000
|
heap
|
page read and write
|
||
|
20CA000
|
heap
|
page read and write
|
||
|
1C46000
|
heap
|
page read and write
|
||
|
33C0000
|
heap
|
page read and write
|
||
|
1C3B000
|
heap
|
page read and write
|
||
|
1C37000
|
heap
|
page read and write
|
||
|
1C39000
|
heap
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
469E000
|
stack
|
page read and write
|
||
|
245A000
|
heap
|
page read and write
|
||
|
1D10000
|
heap
|
page read and write
|
||
|
242A000
|
heap
|
page read and write
|
||
|
BE0000
|
direct allocation
|
page execute and read and write
|
||
|
1D23000
|
heap
|
page read and write
|
||
|
1D1B000
|
heap
|
page read and write
|
||
|
11C0000
|
heap
|
page read and write
|
||
|
1D0B000
|
heap
|
page read and write
|
||
|
1D20000
|
heap
|
page read and write
|
||
|
1C35000
|
heap
|
page read and write
|
||
|
1D0F000
|
heap
|
page read and write
|
||
|
1CBE000
|
heap
|
page read and write
|
||
|
1476000
|
heap
|
page read and write
|
||
|
1478000
|
heap
|
page read and write
|
||
|
220A000
|
heap
|
page read and write
|
||
|
1C78000
|
heap
|
page read and write
|
||
|
33F0000
|
heap
|
page read and write
|
||
|
1C3D000
|
heap
|
page read and write
|
||
|
1F0A000
|
heap
|
page read and write
|
||
|
7FF000
|
stack
|
page read and write
|
||
|
1CC4000
|
heap
|
page read and write
|
||
|
2122000
|
heap
|
page read and write
|
||
|
1CA5000
|
heap
|
page read and write
|
||
|
207A000
|
heap
|
page read and write
|
||
|
1CC1000
|
heap
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
1C36000
|
heap
|
page read and write
|
||
|
1CF5000
|
heap
|
page read and write
|
||
|
1DDD000
|
heap
|
page read and write
|
||
|
2637000
|
heap
|
page read and write
|
||
|
1CC3000
|
heap
|
page read and write
|
||
|
3170000
|
direct allocation
|
page execute and read and write
|
||
|
1C98000
|
heap
|
page read and write
|
||
|
1475000
|
heap
|
page read and write
|
||
|
1FBA000
|
heap
|
page read and write
|
||
|
3E0000
|
stack
|
page read and write
|
||
|
1D27000
|
heap
|
page read and write
|
||
|
1CC7000
|
heap
|
page read and write
|
||
|
201D000
|
heap
|
page read and write
|
||
|
3240000
|
heap
|
page read and write
|
||
|
1C82000
|
heap
|
page read and write
|
||
|
254A000
|
heap
|
page read and write
|
||
|
1C40000
|
heap
|
page read and write
|
||
|
1C9D000
|
heap
|
page read and write
|
||
|
1D1A000
|
heap
|
page read and write
|
||
|
3037000
|
heap
|
page read and write
|
||
|
46E0000
|
heap
|
page read and write
|
||
|
2027000
|
heap
|
page read and write
|
||
|
1C57000
|
heap
|
page read and write
|
||
|
5A6000
|
unkown
|
page readonly
|
||
|
3AB000
|
stack
|
page read and write
|
||
|
20CC000
|
heap
|
page read and write
|
||
|
1C38000
|
heap
|
page read and write
|
||
|
465E000
|
stack
|
page read and write
|
||
|
1C9B000
|
heap
|
page read and write
|
||
|
1CB7000
|
heap
|
page read and write
|
There are 618 hidden memdumps, click here to show them.