Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
9MgoW3Y1ti.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\ProgramData\UID Finder 6.11.66\UID Finder 6.11.66.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\Qt5OpenGL.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\Qt5WinExtras.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\Qt5Xml.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\QtAVWidgets1.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\avdevice-58.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-1KIT8.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-39U3O.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-3D4M0.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-4KSHT.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-823LG.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-EMQ3A.tmp
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-J8S40.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-PU0LK.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-TTPUD.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-U97AK.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-VS29P.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\libcurl.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\libeay32.dll (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\libmp3lame.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\mousehelper.dll (copy)
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\openh264.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\recordpadsoundrecorder32.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-M9SH4.tmp\_isetup\_RegDLL.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-M9SH4.tmp\_isetup\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-M9SH4.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-O879I.tmp\9MgoW3Y1ti.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\ProgramData\uit_66.dat
|
Non-ISO extended-ASCII text, with no line terminators
|
dropped
|
||
C:\ProgramData\urc_66.dat
|
data
|
dropped
|
||
C:\ProgramData\ures-a.dat
|
ASCII text, with no line terminators
|
dropped
|
||
C:\ProgramData\ures-b.dat
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\Qt5Svg.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-377H9.tmp
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-3VSKS.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-DL0CV.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-G6H1M.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-HD7FV.tmp
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-J8GD3.tmp
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-MH9PV.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\is-S4BNJ.tmp
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\msvcp120.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\msvcp140.dll (copy)
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\msvcp140_1.dll (copy)
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\msvcr120.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\openh264_license.txt (copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\proportions.txt (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\unins000.dat
|
InnoSetup Log RecordPad Sound Recorder, version 0x30, 5497 bytes, 648351\user, "C:\Users\user\AppData\Local\RecordPad Sound
Recorder"
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-M9SH4.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
There are 40 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\9MgoW3Y1ti.exe
|
"C:\Users\user\Desktop\9MgoW3Y1ti.exe"
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\recordpadsoundrecorder32.exe
|
"C:\Users\user\AppData\Local\RecordPad Sound Recorder\recordpadsoundrecorder32.exe" -i
|
||
C:\Users\user\AppData\Local\RecordPad Sound Recorder\recordpadsoundrecorder32.exe
|
"C:\Users\user\AppData\Local\RecordPad Sound Recorder\recordpadsoundrecorder32.exe" -s
|
||
C:\Users\user\AppData\Local\Temp\is-O879I.tmp\9MgoW3Y1ti.tmp
|
"C:\Users\user\AppData\Local\Temp\is-O879I.tmp\9MgoW3Y1ti.tmp" /SL5="$203EC,4916934,54272,C:\Users\user\Desktop\9MgoW3Y1ti.exe"
|
||
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://aadolui.ru/search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978fe71ea771795af8e05c645db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608ff710c2e79c923c
|
94.156.8.14
|
||
aadolui.ru
|
|||
http://aadolui.ru/search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e4908f4996148ab2865b77f80ebad9c40f7cb63037ed2ab423a43b4383ba915d911ec07bb606a0708727e40ea678c45abbe74bfb0e2807e12571c17f3e83fe16c1e7949833c46791
|
94.156.8.14
|
||
http://www.innosetup.com/
|
unknown
|
||
http://cert.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.cer0
|
unknown
|
||
https://sectigo.com/CPS0
|
unknown
|
||
http://ocsp.sectigo.com0
|
unknown
|
||
http://lame.sf.net32bits64bits
|
unknown
|
||
http://ocsp.thawte.com0
|
unknown
|
||
http://qt-project.org/xml/features/report-whitespace-only-CharData
|
unknown
|
||
http://xml.org/sax/features/namespaces
|
unknown
|
||
http://ocsps.ssl.com0?
|
unknown
|
||
http://94.156.8.14/search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d
|
unknown
|
||
http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0
|
unknown
|
||
http://xml.org/sax/features/namespaceshttp://xml.org/sax/features/namespace-prefixeshttp://trolltech
|
unknown
|
||
http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q
|
unknown
|
||
http://lame.sf.netB
|
unknown
|
||
http://ocsps.ssl.com0
|
unknown
|
||
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
|
unknown
|
||
http://xml.org/sax/features/namespace-prefixes
|
unknown
|
||
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
|
unknown
|
||
http://qtav.org2
|
unknown
|
||
https://curl.haxx.se/docs/http-cookies.html
|
unknown
|
||
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
|
unknown
|
||
http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
|
unknown
|
||
http://www.remobjects.com/psU
|
unknown
|
||
http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0
|
unknown
|
||
http://lame.sf.net
|
unknown
|
||
http://94.156.8.14/
|
unknown
|
||
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
https://www.thawte.com/cps0/
|
unknown
|
||
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
|
unknown
|
||
https://www.thawte.com/repository0W
|
unknown
|
||
http://qt-project.org/xml/features/report-start-end-entity
|
unknown
|
||
https://curl.haxx.se/docs/copyright.htmlD
|
unknown
|
||
https://curl.haxx.se/V
|
unknown
|
||
https://www.ssl.com/repository0
|
unknown
|
||
http://trolltech.com/xml/features/report-start-end-entity
|
unknown
|
||
http://www.mpegla.com
|
unknown
|
||
http://www.remobjects.com/ps
|
unknown
|
||
http://trolltech.com/xml/features/report-whitespace-only-CharData
|
unknown
|
||
http://crls.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.crl0
|
unknown
|
||
http://ocsps.ssl.com0Q
|
unknown
|
||
http://94.156.8.14/search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12eab517aa5c96bd86e4908f499
|
unknown
|
There are 34 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
aadolui.ru
|
94.156.8.14
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
94.156.8.14
|
aadolui.ru
|
Bulgaria
|
||
194.59.31.219
|
unknown
|
Germany
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
Inno Setup: Setup Version
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
Inno Setup: App Path
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
InstallLocation
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
Inno Setup: Icon Group
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
Inno Setup: User
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
DisplayName
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
UninstallString
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
QuietUninstallString
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
NoModify
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
NoRepair
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RecordPad Sound Recorder_is1
|
InstallDate
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SVGALabel
|
uidf_i66_7
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SVGALabel
|
uidf_s66_2
|
There are 3 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
8B9000
|
heap
|
page read and write
|
||
B41000
|
direct allocation
|
page execute and read and write
|
||
B2D000
|
heap
|
page read and write
|
||
4D33000
|
direct allocation
|
page read and write
|
||
40D000
|
unkown
|
page write copy
|
||
B19000
|
heap
|
page read and write
|
||
4D27000
|
direct allocation
|
page read and write
|
||
9B0000
|
direct allocation
|
page read and write
|
||
695000
|
unkown
|
page execute and write copy
|
||
2094000
|
direct allocation
|
page read and write
|
||
B50E8F4000
|
stack
|
page read and write
|
||
B50EEFE000
|
stack
|
page read and write
|
||
B50EAF3000
|
stack
|
page read and write
|
||
31AF000
|
stack
|
page read and write
|
||
20A1000
|
direct allocation
|
page read and write
|
||
29EE000
|
heap
|
page read and write
|
||
2850000
|
heap
|
page read and write
|
||
36CF000
|
stack
|
page read and write
|
||
B50E7FE000
|
unkown
|
page readonly
|
||
CD4000
|
heap
|
page read and write
|
||
19D000
|
stack
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
69B000
|
unkown
|
page execute and write copy
|
||
AEA000
|
heap
|
page read and write
|
||
400000
|
unkown
|
page execute and read and write
|
||
83E000
|
stack
|
page read and write
|
||
26902427000
|
heap
|
page read and write
|
||
280E000
|
stack
|
page read and write
|
||
348E000
|
stack
|
page read and write
|
||
8E0000
|
heap
|
page read and write
|
||
2B70000
|
heap
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
2690245A000
|
heap
|
page read and write
|
||
8C0000
|
direct allocation
|
page read and write
|
||
9C000
|
stack
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
710000
|
heap
|
page read and write
|
||
A40000
|
heap
|
page read and write
|
||
B50E2FD000
|
stack
|
page read and write
|
||
C40000
|
direct allocation
|
page read and write
|
||
B50E5FE000
|
unkown
|
page readonly
|
||
26902C02000
|
trusted library allocation
|
page read and write
|
||
CF0000
|
direct allocation
|
page read and write
|
||
4D31000
|
direct allocation
|
page read and write
|
||
29E6000
|
heap
|
page read and write
|
||
69D000
|
unkown
|
page execute and write copy
|
||
9B000
|
stack
|
page read and write
|
||
720000
|
heap
|
page read and write
|
||
2690246F000
|
heap
|
page read and write
|
||
49BE000
|
stack
|
page read and write
|
||
2F6F000
|
stack
|
page read and write
|
||
2220000
|
direct allocation
|
page execute and read and write
|
||
411000
|
unkown
|
page readonly
|
||
3100000
|
direct allocation
|
page read and write
|
||
8D0000
|
direct allocation
|
page read and write
|
||
AF0000
|
heap
|
page read and write
|
||
21C0000
|
heap
|
page read and write
|
||
4D2B000
|
direct allocation
|
page read and write
|
||
B7A000
|
direct allocation
|
page execute and read and write
|
||
4A6000
|
unkown
|
page readonly
|
||
26902485000
|
heap
|
page read and write
|
||
10002000
|
unkown
|
page readonly
|
||
4C0000
|
heap
|
page read and write
|
||
697000
|
unkown
|
page execute and write copy
|
||
B50DD6C000
|
stack
|
page read and write
|
||
3388000
|
heap
|
page read and write
|
||
2490000
|
direct allocation
|
page read and write
|
||
40B000
|
unkown
|
page write copy
|
||
2690242B000
|
heap
|
page read and write
|
||
19C000
|
stack
|
page read and write
|
||
49FE000
|
stack
|
page read and write
|
||
2690247E000
|
heap
|
page read and write
|
||
8D2000
|
direct allocation
|
page read and write
|
||
4C9000
|
unkown
|
page readonly
|
||
5FE000
|
heap
|
page read and write
|
||
400000
|
unkown
|
page execute and read and write
|
||
26902340000
|
heap
|
page read and write
|
||
B50ECF4000
|
stack
|
page read and write
|
||
2530000
|
direct allocation
|
page read and write
|
||
3100000
|
direct allocation
|
page read and write
|
||
59E000
|
heap
|
page read and write
|
||
26902413000
|
heap
|
page read and write
|
||
800000
|
heap
|
page read and write
|
||
2128000
|
direct allocation
|
page read and write
|
||
B50E3FE000
|
unkown
|
page readonly
|
||
59A000
|
heap
|
page read and write
|
||
6A1000
|
unkown
|
page execute and write copy
|
||
29F2000
|
heap
|
page read and write
|
||
494000
|
unkown
|
page write copy
|
||
26902240000
|
heap
|
page read and write
|
||
500000
|
heap
|
page read and write
|
||
695000
|
unkown
|
page execute and write copy
|
||
61D000
|
heap
|
page read and write
|
||
24A0000
|
heap
|
page read and write
|
||
25D0000
|
direct allocation
|
page read and write
|
||
215C000
|
direct allocation
|
page read and write
|
||
2BB2000
|
heap
|
page read and write
|
||
4C90000
|
trusted library allocation
|
page read and write
|
||
274B000
|
stack
|
page read and write
|
||
2680000
|
heap
|
page read and write
|
||
358F000
|
stack
|
page read and write
|
||
278E000
|
stack
|
page read and write
|
||
4D0000
|
heap
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
306D000
|
stack
|
page read and write
|
||
BDF000
|
stack
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
699000
|
unkown
|
page execute and write copy
|
||
586000
|
heap
|
page read and write
|
||
580000
|
heap
|
page read and write
|
||
B50E4FE000
|
stack
|
page read and write
|
||
2A02000
|
heap
|
page read and write
|
||
B50EBFE000
|
unkown
|
page readonly
|
||
B50F1FE000
|
unkown
|
page readonly
|
||
10001000
|
unkown
|
page execute read
|
||
2110000
|
direct allocation
|
page read and write
|
||
2090000
|
direct allocation
|
page read and write
|
||
26902400000
|
heap
|
page read and write
|
||
2250000
|
heap
|
page read and write
|
||
10000000
|
unkown
|
page readonly
|
||
496000
|
unkown
|
page read and write
|
||
4D2D000
|
direct allocation
|
page read and write
|
||
96000
|
stack
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
1F0000
|
heap
|
page read and write
|
||
40B000
|
unkown
|
page read and write
|
||
31EE000
|
stack
|
page read and write
|
||
6A1000
|
unkown
|
page execute and write copy
|
||
870000
|
heap
|
page read and write
|
||
3410000
|
heap
|
page read and write
|
||
69F000
|
unkown
|
page execute and write copy
|
||
22A0000
|
heap
|
page read and write
|
||
4C3000
|
unkown
|
page write copy
|
||
22A5000
|
heap
|
page read and write
|
||
CE0000
|
direct allocation
|
page read and write
|
||
5BD000
|
heap
|
page read and write
|
||
A30000
|
direct allocation
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
29E8000
|
heap
|
page read and write
|
||
A48000
|
heap
|
page read and write
|
||
4A6000
|
unkown
|
page readonly
|
||
26902370000
|
trusted library allocation
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
4AFF000
|
stack
|
page read and write
|
||
85C000
|
stack
|
page read and write
|
||
8A0000
|
heap
|
page read and write
|
||
22A9000
|
heap
|
page read and write
|
||
4D29000
|
direct allocation
|
page read and write
|
||
880000
|
heap
|
page read and write
|
||
D70000
|
heap
|
page read and write
|
||
26902502000
|
heap
|
page read and write
|
||
18E000
|
stack
|
page read and write
|
||
2154000
|
direct allocation
|
page read and write
|
||
6A3000
|
unkown
|
page execute and write copy
|
||
4C0000
|
unkown
|
page readonly
|
||
2128000
|
direct allocation
|
page read and write
|
||
4D45000
|
direct allocation
|
page read and write
|
||
4D2F000
|
direct allocation
|
page read and write
|
||
D20000
|
heap
|
page read and write
|
||
494000
|
unkown
|
page read and write
|
||
2118000
|
direct allocation
|
page read and write
|
||
30AE000
|
stack
|
page read and write
|
||
498000
|
unkown
|
page write copy
|
||
5FA000
|
heap
|
page read and write
|
||
B37000
|
heap
|
page read and write
|
||
48BE000
|
stack
|
page read and write
|
||
4C5000
|
unkown
|
page write copy
|
||
2350000
|
direct allocation
|
page read and write
|
||
697000
|
unkown
|
page execute and write copy
|
||
26902402000
|
heap
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
411000
|
unkown
|
page readonly
|
||
2260000
|
heap
|
page read and write
|
||
B50EFFE000
|
unkown
|
page readonly
|
||
20A8000
|
direct allocation
|
page read and write
|
||
890000
|
heap
|
page read and write
|
||
2142000
|
direct allocation
|
page read and write
|
||
4C90000
|
direct allocation
|
page read and write
|
||
24E1000
|
heap
|
page read and write
|
||
61D000
|
heap
|
page read and write
|
||
B50EDFE000
|
unkown
|
page readonly
|
||
400000
|
unkown
|
page readonly
|
||
25B0000
|
direct allocation
|
page read and write
|
||
3364000
|
heap
|
page read and write
|
||
87E000
|
stack
|
page read and write
|
||
211C000
|
direct allocation
|
page read and write
|
||
590000
|
heap
|
page read and write
|
||
3354000
|
heap
|
page read and write
|
||
5F0000
|
heap
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
27CE000
|
stack
|
page read and write
|
||
B50F0FE000
|
stack
|
page read and write
|
||
69B000
|
unkown
|
page execute and write copy
|
||
540000
|
heap
|
page read and write
|
||
2E6E000
|
stack
|
page read and write
|
||
4D35000
|
direct allocation
|
page read and write
|
||
8B0000
|
direct allocation
|
page read and write
|
||
621000
|
heap
|
page read and write
|
||
CC0000
|
direct allocation
|
page read and write
|
||
9C000
|
stack
|
page read and write
|
||
B50F2FE000
|
unkown
|
page readonly
|
||
253B000
|
direct allocation
|
page read and write
|
||
69F000
|
unkown
|
page execute and write copy
|
||
4C9000
|
unkown
|
page readonly
|
||
C4B000
|
direct allocation
|
page read and write
|
||
B50E6F4000
|
stack
|
page read and write
|
||
5AA000
|
unkown
|
page execute and write copy
|
||
8A6000
|
heap
|
page read and write
|
||
2780000
|
trusted library allocation
|
page read and write
|
||
5E0000
|
heap
|
page read and write
|
||
699000
|
unkown
|
page execute and write copy
|
||
6A3000
|
unkown
|
page execute and write copy
|
||
69D000
|
unkown
|
page execute and write copy
|
||
2140000
|
direct allocation
|
page read and write
|
||
26902468000
|
heap
|
page read and write
|
||
24B0000
|
direct allocation
|
page read and write
|
||
ADE000
|
stack
|
page read and write
|
||
29EC000
|
heap
|
page read and write
|
||
CD0000
|
heap
|
page read and write
|
||
CE2000
|
direct allocation
|
page read and write
|
||
5AA000
|
unkown
|
page execute and write copy
|
||
6B3000
|
unkown
|
page execute and write copy
|
||
6B3000
|
unkown
|
page execute and write copy
|
||
19D000
|
stack
|
page read and write
|
||
4C0000
|
unkown
|
page readonly
|
||
420000
|
heap
|
page read and write
|
||
B50F27E000
|
stack
|
page read and write
|
||
4C5000
|
unkown
|
page write copy
|
||
4C3000
|
unkown
|
page write copy
|
||
35CE000
|
stack
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
29D1000
|
heap
|
page read and write
|
||
8A0000
|
heap
|
page read and write
|
||
B50E9FE000
|
unkown
|
page readonly
|
||
24A4000
|
heap
|
page read and write
|
||
26902260000
|
heap
|
page read and write
|
||
26902440000
|
heap
|
page read and write
|
||
29E4000
|
heap
|
page read and write
|
||
2117000
|
direct allocation
|
page read and write
|
||
40B000
|
unkown
|
page execute and read and write
|
||
3359000
|
heap
|
page read and write
|
||
2820000
|
heap
|
page read and write
|
||
20A1000
|
direct allocation
|
page read and write
|
||
2430000
|
heap
|
page read and write
|
||
32EF000
|
stack
|
page read and write
|
||
4860000
|
heap
|
page read and write
|
||
29F0000
|
heap
|
page read and write
|
||
2350000
|
direct allocation
|
page read and write
|
||
29EA000
|
heap
|
page read and write
|
||
2434000
|
heap
|
page read and write
|
||
40B000
|
unkown
|
page execute and read and write
|
||
8E8000
|
heap
|
page read and write
|
There are 242 hidden memdumps, click here to show them.