Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
tOniaJ21lj.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\ProgramData\UID Finder 6.11.66\UID Finder 6.11.66.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\Qt5OpenGL.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\Qt5WinExtras.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\Qt5Xml.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\QtAVWidgets1.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\avdevice-58.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-0C056.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-6P98M.tmp
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-8ECK7.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-JNDNQ.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-KI2RB.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-O2PKH.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-PRP4U.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-RV2D1.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-UCHQL.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-UTKLG.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-VDBC5.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\libcurl.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\libeay32.dll (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\libmp3lame.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\mousehelper.dll (copy)
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\openh264.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\recordpadsoundrecorder32.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-A11IR.tmp\tOniaJ21lj.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-NO26A.tmp\_isetup\_RegDLL.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-NO26A.tmp\_isetup\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-NO26A.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
C:\ProgramData\uit_66.dat
|
Non-ISO extended-ASCII text, with no line terminators
|
dropped
|
||
C:\ProgramData\urc_66.dat
|
data
|
dropped
|
||
C:\ProgramData\ures-a.dat
|
ASCII text, with no line terminators
|
dropped
|
||
C:\ProgramData\ures-b.dat
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\Qt5Svg.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-BRGIM.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-C4R5U.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-EAHN0.tmp
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-FR4FM.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-K3HBS.tmp
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-KU10K.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-L7B6O.tmp
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-OIVVM.tmp
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\msvcp120.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\msvcp140.dll (copy)
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\msvcp140_1.dll (copy)
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\msvcr120.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\openh264_license.txt (copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\proportions.txt (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\unins000.dat
|
InnoSetup Log RecordPad Sound Recorder, version 0x30, 5453 bytes, 123716\user, "C:\Users\user\AppData\Local\RecordPad Sound
Recorder"
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-NO26A.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
There are 40 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\tOniaJ21lj.exe
|
"C:\Users\user\Desktop\tOniaJ21lj.exe"
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\recordpadsoundrecorder32.exe
|
"C:\Users\user\AppData\Local\RecordPad Sound Recorder\recordpadsoundrecorder32.exe" -i
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\recordpadsoundrecorder32.exe
|
"C:\Users\user\AppData\Local\RecordPad Sound Recorder\recordpadsoundrecorder32.exe" -s
|
||
C:\Users\user\AppData\Local\Temp\is-A11IR.tmp\tOniaJ21lj.tmp
|
"C:\Users\user\AppData\Local\Temp\is-A11IR.tmp\tOniaJ21lj.tmp" /SL5="$10474,4719378,54272,C:\Users\user\Desktop\tOniaJ21lj.exe"
|
||
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://aaxeeeo.ru/search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4fe8889b5e4fa9281ae978f371ea771795af8e05c645db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608ff710c2e8929d3d
|
94.156.8.14
|
||
aaxeeeo.ru
|
|||
http://aaxeeeo.ru/search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86e995874f895a8bbc896c58e713bc90c91a36b5281fc235a925ed3e50d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ee9d9b39ca689110
|
94.156.8.14
|
||
http://www.innosetup.com/
|
unknown
|
||
http://cert.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.cer0
|
unknown
|
||
https://sectigo.com/CPS0
|
unknown
|
||
http://ocsp.sectigo.com0
|
unknown
|
||
http://lame.sf.net32bits64bits
|
unknown
|
||
http://ocsp.thawte.com0
|
unknown
|
||
http://qt-project.org/xml/features/report-whitespace-only-CharData
|
unknown
|
||
http://xml.org/sax/features/namespaces
|
unknown
|
||
http://ocsps.ssl.com0?
|
unknown
|
||
http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0
|
unknown
|
||
http://xml.org/sax/features/namespaceshttp://xml.org/sax/features/namespace-prefixeshttp://trolltech
|
unknown
|
||
http://94.156.8.14/search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d
|
unknown
|
||
http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q
|
unknown
|
||
http://lame.sf.netB
|
unknown
|
||
http://ocsps.ssl.com0
|
unknown
|
||
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
|
unknown
|
||
http://xml.org/sax/features/namespace-prefixes
|
unknown
|
||
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
|
unknown
|
||
http://qtav.org2
|
unknown
|
||
http://94.156.8.14/search/?q=67e28dd83d0ea62c110ba8177c27d78406abdd88be4b12eab517aa5c96bd86e995874f8
|
unknown
|
||
https://curl.haxx.se/docs/http-cookies.html
|
unknown
|
||
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
|
unknown
|
||
http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
|
unknown
|
||
http://www.remobjects.com/psU
|
unknown
|
||
http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0
|
unknown
|
||
http://lame.sf.net
|
unknown
|
||
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
https://www.thawte.com/cps0/
|
unknown
|
||
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
|
unknown
|
||
https://www.thawte.com/repository0W
|
unknown
|
||
http://qt-project.org/xml/features/report-start-end-entity
|
unknown
|
||
https://curl.haxx.se/docs/copyright.htmlD
|
unknown
|
||
https://curl.haxx.se/V
|
unknown
|
||
https://www.ssl.com/repository0
|
unknown
|
||
http://trolltech.com/xml/features/report-start-end-entity
|
unknown
|
||
http://www.mpegla.com
|
unknown
|
||
http://www.remobjects.com/ps
|
unknown
|
||
http://trolltech.com/xml/features/report-whitespace-only-CharData
|
unknown
|
||
http://crls.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.crl0
|
unknown
|
||
http://ocsps.ssl.com0Q
|
unknown
|
There are 33 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
aaxeeeo.ru
|
94.156.8.14
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
94.156.8.14
|
aaxeeeo.ru
|
Bulgaria
|
||
194.59.31.219
|
unknown
|
Germany
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
Inno Setup: Setup Version
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
Inno Setup: App Path
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
InstallLocation
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
Inno Setup: Icon Group
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
Inno Setup: User
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
DisplayName
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
UninstallString
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
QuietUninstallString
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
NoModify
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
NoRepair
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
InstallDate
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SVGALabel
|
uidf_i66_0
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SVGALabel
|
uidf_s66_11
|
There are 3 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
2601000
|
direct allocation
|
page execute and read and write
|
||
97E000
|
heap
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
355F000
|
stack
|
page read and write
|
||
BD0000
|
heap
|
page read and write
|
||
494000
|
unkown
|
page write copy
|
||
21635C02000
|
heap
|
page read and write
|
||
BC0000
|
heap
|
page read and write
|
||
BC0000
|
direct allocation
|
page read and write
|
||
BA0000
|
direct allocation
|
page read and write
|
||
5F0000
|
direct allocation
|
page execute and read and write
|
||
4C3000
|
unkown
|
page write copy
|
||
401000
|
unkown
|
page execute read
|
||
297F000
|
heap
|
page read and write
|
||
2144000
|
direct allocation
|
page read and write
|
||
400000
|
unkown
|
page execute and read and write
|
||
3310000
|
heap
|
page read and write
|
||
620000
|
heap
|
page read and write
|
||
496000
|
unkown
|
page read and write
|
||
10002000
|
unkown
|
page readonly
|
||
411000
|
unkown
|
page readonly
|
||
94A000
|
heap
|
page read and write
|
||
10000000
|
unkown
|
page readonly
|
||
263A000
|
direct allocation
|
page execute and read and write
|
||
25B0000
|
direct allocation
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
6EE000
|
heap
|
page read and write
|
||
5AA000
|
unkown
|
page execute and write copy
|
||
93E000
|
stack
|
page read and write
|
||
2530000
|
direct allocation
|
page read and write
|
||
91C000
|
heap
|
page read and write
|
||
420000
|
heap
|
page read and write
|
||
2830000
|
heap
|
page read and write
|
||
369F000
|
stack
|
page read and write
|
||
21635A20000
|
heap
|
page read and write
|
||
345E000
|
stack
|
page read and write
|
||
40B000
|
unkown
|
page execute and read and write
|
||
4C90000
|
heap
|
page read and write
|
||
4C0000
|
unkown
|
page readonly
|
||
922000
|
heap
|
page read and write
|
||
B80000
|
direct allocation
|
page read and write
|
||
21635D02000
|
heap
|
page read and write
|
||
5AA000
|
unkown
|
page execute and write copy
|
||
F7800FE000
|
unkown
|
page readonly
|
||
A7E000
|
stack
|
page read and write
|
||
25B4000
|
heap
|
page read and write
|
||
6CC000
|
heap
|
page read and write
|
||
4B1E000
|
stack
|
page read and write
|
||
F7801FE000
|
stack
|
page read and write
|
||
810000
|
heap
|
page read and write
|
||
6E8000
|
heap
|
page read and write
|
||
700000
|
heap
|
page read and write
|
||
BA2000
|
direct allocation
|
page read and write
|
||
2310000
|
direct allocation
|
page read and write
|
||
21635C24000
|
heap
|
page read and write
|
||
21635B00000
|
heap
|
page read and write
|
||
40B000
|
unkown
|
page write copy
|
||
306E000
|
stack
|
page read and write
|
||
B90000
|
direct allocation
|
page read and write
|
||
253B000
|
direct allocation
|
page read and write
|
||
B80000
|
direct allocation
|
page read and write
|
||
2328000
|
direct allocation
|
page read and write
|
||
400000
|
unkown
|
page execute and read and write
|
||
359E000
|
stack
|
page read and write
|
||
32BE000
|
stack
|
page read and write
|
||
4D90000
|
direct allocation
|
page read and write
|
||
878000
|
heap
|
page read and write
|
||
F7FFA7D000
|
stack
|
page read and write
|
||
4A1E000
|
stack
|
page read and write
|
||
669000
|
heap
|
page read and write
|
||
969000
|
heap
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
2C9E000
|
stack
|
page read and write
|
||
C80000
|
heap
|
page read and write
|
||
498000
|
unkown
|
page write copy
|
||
4C5000
|
unkown
|
page write copy
|
||
B90000
|
heap
|
page read and write
|
||
9B000
|
stack
|
page read and write
|
||
2B1B000
|
stack
|
page read and write
|
||
4C9000
|
unkown
|
page readonly
|
||
2098000
|
direct allocation
|
page read and write
|
||
21635A00000
|
heap
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
4C9000
|
unkown
|
page readonly
|
||
2342000
|
direct allocation
|
page read and write
|
||
6E0000
|
heap
|
page read and write
|
||
2318000
|
direct allocation
|
page read and write
|
||
756000
|
heap
|
page read and write
|
||
2580000
|
direct allocation
|
page read and write
|
||
19D000
|
stack
|
page read and write
|
||
2D9E000
|
stack
|
page read and write
|
||
2328000
|
direct allocation
|
page read and write
|
||
2310000
|
direct allocation
|
page read and write
|
||
4D90000
|
trusted library allocation
|
page read and write
|
||
2900000
|
trusted library allocation
|
page read and write
|
||
2091000
|
direct allocation
|
page read and write
|
||
36A0000
|
heap
|
page read and write
|
||
21636190000
|
trusted library allocation
|
page read and write
|
||
25B0000
|
heap
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
BB0000
|
direct allocation
|
page read and write
|
||
6E0000
|
heap
|
page read and write
|
||
7F0000
|
heap
|
page read and write
|
||
B7E000
|
stack
|
page read and write
|
||
332D000
|
heap
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
9C000
|
stack
|
page read and write
|
||
2480000
|
direct allocation
|
page read and write
|
||
590000
|
heap
|
page read and write
|
||
40D000
|
unkown
|
page write copy
|
||
730000
|
heap
|
page read and write
|
||
F7FFD7E000
|
stack
|
page read and write
|
||
2317000
|
direct allocation
|
page read and write
|
||
9C000
|
stack
|
page read and write
|
||
2290000
|
heap
|
page read and write
|
||
B70000
|
heap
|
page read and write
|
||
21635C13000
|
heap
|
page read and write
|
||
2091000
|
direct allocation
|
page read and write
|
||
21635C43000
|
heap
|
page read and write
|
||
331E000
|
heap
|
page read and write
|
||
4B5E000
|
stack
|
page read and write
|
||
BB2000
|
direct allocation
|
page read and write
|
||
10001000
|
unkown
|
page execute read
|
||
F7FFF7C000
|
stack
|
page read and write
|
||
BF0000
|
direct allocation
|
page read and write
|
||
A3F000
|
stack
|
page read and write
|
||
BA0000
|
direct allocation
|
page read and write
|
||
62A000
|
heap
|
page read and write
|
||
A5C000
|
stack
|
page read and write
|
||
3314000
|
heap
|
page read and write
|
||
F7FFB7E000
|
unkown
|
page readonly
|
||
4D0000
|
heap
|
page read and write
|
||
2340000
|
direct allocation
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
6AD000
|
heap
|
page read and write
|
||
3351000
|
heap
|
page read and write
|
||
231C000
|
direct allocation
|
page read and write
|
||
2309000
|
heap
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
22A0000
|
heap
|
page read and write
|
||
F7FFE7E000
|
unkown
|
page readonly
|
||
4C5000
|
unkown
|
page write copy
|
||
500000
|
heap
|
page read and write
|
||
820000
|
heap
|
page read and write
|
||
595000
|
heap
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
6AC000
|
heap
|
page read and write
|
||
4A6000
|
unkown
|
page readonly
|
||
2DDE000
|
stack
|
page read and write
|
||
2EDF000
|
stack
|
page read and write
|
||
4C3000
|
unkown
|
page write copy
|
||
22E0000
|
heap
|
page read and write
|
||
235C000
|
direct allocation
|
page read and write
|
||
6EA000
|
heap
|
page read and write
|
||
250B000
|
direct allocation
|
page read and write
|
||
411000
|
unkown
|
page readonly
|
||
BE0000
|
heap
|
page read and write
|
||
19C000
|
stack
|
page read and write
|
||
2391000
|
heap
|
page read and write
|
||
2300000
|
heap
|
page read and write
|
||
BB0000
|
direct allocation
|
page read and write
|
||
3280000
|
direct allocation
|
page read and write
|
||
95F000
|
heap
|
page read and write
|
||
6E0000
|
heap
|
page read and write
|
||
6AC000
|
heap
|
page read and write
|
||
33D8000
|
heap
|
page read and write
|
||
2084000
|
direct allocation
|
page read and write
|
||
96000
|
stack
|
page read and write
|
||
2305000
|
heap
|
page read and write
|
||
316F000
|
stack
|
page read and write
|
||
494000
|
unkown
|
page read and write
|
||
19D000
|
stack
|
page read and write
|
||
40B000
|
unkown
|
page read and write
|
||
3280000
|
direct allocation
|
page read and write
|
||
66F000
|
heap
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
2F1E000
|
stack
|
page read and write
|
||
750000
|
heap
|
page read and write
|
||
7E0000
|
heap
|
page read and write
|
||
40B000
|
unkown
|
page execute and read and write
|
||
21635C55000
|
heap
|
page read and write
|
||
F7802FE000
|
unkown
|
page readonly
|
||
870000
|
heap
|
page read and write
|
||
301D000
|
stack
|
page read and write
|
||
4C0000
|
heap
|
page read and write
|
||
26D0000
|
heap
|
page read and write
|
||
31BE000
|
stack
|
page read and write
|
||
F7FF4AB000
|
stack
|
page read and write
|
||
570000
|
heap
|
page read and write
|
||
36E2000
|
heap
|
page read and write
|
||
18D000
|
stack
|
page read and write
|
||
4A6000
|
unkown
|
page readonly
|
||
2310000
|
direct allocation
|
page read and write
|
||
2500000
|
direct allocation
|
page read and write
|
||
4C0000
|
unkown
|
page readonly
|
||
4C5F000
|
stack
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
21636202000
|
trusted library allocation
|
page read and write
|
||
62E000
|
heap
|
page read and write
|
||
2180000
|
heap
|
page read and write
|
||
2080000
|
direct allocation
|
page read and write
|
||
21635C00000
|
heap
|
page read and write
|
There are 192 hidden memdumps, click here to show them.