Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
5IRIk4f1PO.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\kat6899.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\HIIEGHJJDGHC\AAAKEB
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8,
version-valid-for 11
|
dropped
|
||
|
C:\ProgramData\HIIEGHJJDGHC\CFIECB
|
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie
0x24, schema 4, UTF-8, version-valid-for 2
|
modified
|
||
|
C:\ProgramData\HIIEGHJJDGHC\DAKJDA
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie
0xb, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\ProgramData\HIIEGHJJDGHC\DBKFHJ
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie
0x21, schema 4, UTF-8, version-valid-for 3
|
dropped
|
||
|
C:\ProgramData\HIIEGHJJDGHC\EBGCBA
|
SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4,
UTF-8, version-valid-for 2
|
dropped
|
||
|
C:\ProgramData\HIIEGHJJDGHC\EBKJDB
|
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie
0xe, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\ProgramData\HIIEGHJJDGHC\GCFHDA
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4,
UTF-8, version-valid-for 4
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\sqlt[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\5IRIk4f1PO.exe
|
"C:\Users\user\Desktop\5IRIk4f1PO.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\kat6899.tmp
|
C:\Users\user\AppData\Local\Temp\kat6899.tmp
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://t.me/
|
unknown
|
|
|
|
https://steamcommunity.com/profiles/76561199707802586
|
|
||
|
https://t.me/g067n
|
149.154.167.99
|
|
|
|
https://duckduckgo.com/chrome_newtab
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/Nhttp://www.borland.com/namespaces/Types
|
unknown
|
||
|
https://195.201.251.214:9000/mozglue.dll
|
unknown
|
||
|
https://195.201.251.214:9000/nss3.dll
|
unknown
|
||
|
https://web.telegram.org
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199707802586hellosqlt.dllsqlite3.dll
|
unknown
|
||
|
https://195.201.251.214:9000/
|
unknown
|
||
|
http://www.borland.com/namespaces/TypesP
|
unknown
|
||
|
https://195.201.251.214:9000/freebl3.dllD
|
unknown
|
||
|
https://195.201.251.214:9000/l
|
unknown
|
||
|
https://195.201.251.214:9000/mozglue.dllge
|
unknown
|
||
|
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/on-c
|
unknown
|
||
|
https://195.201.251.214:9000/k
|
unknown
|
||
|
https://195.201.251.214:9000/Mac
|
unknown
|
||
|
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
|
unknown
|
||
|
https://195.201.251.214:9000/icrosoft
|
unknown
|
||
|
http://www.borland.com/namespaces/Types
|
unknown
|
||
|
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe
|
unknown
|
||
|
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
|
unknown
|
||
|
https://195.201.251.214:9000/sqlt.dllV
|
unknown
|
||
|
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
|
unknown
|
||
|
https://195.201.251.214:900010ale
|
unknown
|
||
|
https://195.201.251.214:9000/0aosoft
|
unknown
|
||
|
https://195.201.251.214:9000/freebl3.dll
|
unknown
|
||
|
https://195.201.251.214:9000/sqlt.dllL
|
unknown
|
||
|
https://t.me/g067nr
|
unknown
|
||
|
https://195.201.251.214:9000/softokn3.dll
|
unknown
|
||
|
https://t.me/g067nry1neMozilla/5.0
|
unknown
|
||
|
http://www.sqlite.org/copyright.html.
|
unknown
|
||
|
https://195.201.251.214:9000/freebl3.dllet
|
unknown
|
||
|
https://195.201.251.214:9000/nss3.dllm
|
unknown
|
||
|
https://195.201.251.214:9000g
|
unknown
|
||
|
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
|
unknown
|
||
|
https://195.201.251.214:9000/msvcp140.dll
|
unknown
|
||
|
https://195.201.251.214:9000/vcruntime140.dll/
|
unknown
|
||
|
https://195.201.251.214:9000/C
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
http://rpi.net.au/~ajohnson/resourcehacker
|
unknown
|
||
|
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
|
unknown
|
||
|
https://195.201.251.214:9000/vcruntime140.dllrv:129.0)
|
unknown
|
||
|
https://195.201.251.214:9000/freebl3.dlll
|
unknown
|
||
|
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exe
|
unknown
|
||
|
https://www.ecosia.org/newtab/
|
unknown
|
||
|
https://195.201.251.214:9000/vcruntime140.dller
|
unknown
|
||
|
https://195.201.251.214:9000/vcruntime140.dll
|
unknown
|
||
|
https://ac.ecosia.org/autocomplete?q=
|
unknown
|
||
|
https://195.201.251.214:9000/msvcp140.dlle
|
unknown
|
||
|
https://195.201.251.214:9000/softokn3.dlle
|
unknown
|
||
|
https://195.201.251.214:9000/xg
|
unknown
|
||
|
https://195.201.251.214:9000/d
|
unknown
|
||
|
https://195.201.251.214:9000/freebl3.dllge
|
unknown
|
||
|
http://www.borland.com/namespaces/Types0
|
unknown
|
||
|
http://www.borland.com/namespaces/Types2u.dll
|
unknown
|
||
|
https://195.201.251.214/
|
unknown
|
||
|
http://www.borland.com/namespaces/Typesmmon-c
|
unknown
|
||
|
https://195.201.251.214:9000
|
unknown
|
||
|
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
|
unknown
|
||
|
http://www.borland.com/namespaces/Typesc0da53
|
unknown
|
||
|
http://www.borland.com/namespaces/Typesxt_4
|
unknown
|
||
|
http://www.borland.com/namespaces/TypesStv4
|
unknown
|
||
|
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
|
unknown
|
||
|
https://195.201.251.214:9000/sqlt.dll
|
unknown
|
||
|
https://195.201.251.214:9000ontent-Disposition:
|
unknown
|
||
|
https://195.201.251.214:9000Microsoft
|
unknown
|
There are 59 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
t.me
|
149.154.167.99
|
|
|
|
windowsupdatebg.s.llnwi.net
|
178.79.238.0
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
149.154.167.99
|
t.me
|
United Kingdom
|
|
|
|
195.201.251.214
|
unknown
|
Germany
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
29D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
445000
|
remote allocation
|
page execute and read and write
|
|
|
|
2ADB000
|
direct allocation
|
page execute and read and write
|
|
|
|
40A0000
|
direct allocation
|
page read and write
|
|
|
|
2420000
|
direct allocation
|
page execute and read and write
|
|
|
|
9BD000
|
heap
|
page read and write
|
||
|
A82000
|
heap
|
page read and write
|
||
|
96A000
|
heap
|
page read and write
|
||
|
AEC000
|
heap
|
page read and write
|
||
|
2480000
|
heap
|
page read and write
|
||
|
A82000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
804000
|
heap
|
page read and write
|
||
|
991000
|
heap
|
page read and write
|
||
|
ADD000
|
heap
|
page read and write
|
||
|
9DD000
|
heap
|
page read and write
|
||
|
804000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
99C000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
994000
|
heap
|
page read and write
|
||
|
2BB7B000
|
heap
|
page read and write
|
||
|
ADD000
|
heap
|
page read and write
|
||
|
95A000
|
heap
|
page read and write
|
||
|
994000
|
heap
|
page read and write
|
||
|
1D960000
|
remote allocation
|
page read and write
|
||
|
168AE000
|
stack
|
page read and write
|
||
|
A6D000
|
heap
|
page read and write
|
||
|
ADD000
|
heap
|
page read and write
|
||
|
43F000
|
remote allocation
|
page execute and read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
AD1000
|
heap
|
page read and write
|
||
|
9CD000
|
heap
|
page read and write
|
||
|
8F4000
|
heap
|
page read and write
|
||
|
9BD000
|
heap
|
page read and write
|
||
|
9F9000
|
heap
|
page read and write
|
||
|
A23000
|
heap
|
page read and write
|
||
|
9D2000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
200E0000
|
heap
|
page read and write
|
||
|
18E3E000
|
stack
|
page read and write
|
||
|
502000
|
remote allocation
|
page execute and read and write
|
||
|
11D6F000
|
stack
|
page read and write
|
||
|
945000
|
heap
|
page read and write
|
||
|
804000
|
heap
|
page read and write
|
||
|
91F000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
202FF000
|
direct allocation
|
page readonly
|
||
|
20332000
|
direct allocation
|
page read and write
|
||
|
90F0000
|
unclassified section
|
page read and write
|
||
|
9BD000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
9C8000
|
heap
|
page read and write
|
||
|
5C8000
|
remote allocation
|
page execute and read and write
|
||
|
1FF2D000
|
heap
|
page read and write
|
||
|
9D2000
|
heap
|
page read and write
|
||
|
A82000
|
heap
|
page read and write
|
||
|
ADF000
|
heap
|
page read and write
|
||
|
439000
|
remote allocation
|
page execute and read and write
|
||
|
A05000
|
heap
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
A23000
|
heap
|
page read and write
|
||
|
A26000
|
heap
|
page read and write
|
||
|
9EC000
|
heap
|
page read and write
|
||
|
9EB000
|
heap
|
page read and write
|
||
|
9F3000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
A05000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
24A0E000
|
stack
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
142EF000
|
stack
|
page read and write
|
||
|
A16000
|
heap
|
page read and write
|
||
|
4AC000
|
unkown
|
page write copy
|
||
|
430000
|
remote allocation
|
page execute and read and write
|
||
|
99C000
|
heap
|
page read and write
|
||
|
4F1000
|
unkown
|
page read and write
|
||
|
9F3000
|
heap
|
page read and write
|
||
|
988000
|
heap
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
A82000
|
heap
|
page read and write
|
||
|
1D960000
|
remote allocation
|
page read and write
|
||
|
804000
|
heap
|
page read and write
|
||
|
9DD000
|
heap
|
page read and write
|
||
|
804000
|
heap
|
page read and write
|
||
|
200F1000
|
direct allocation
|
page execute read
|
||
|
20308000
|
direct allocation
|
page readonly
|
||
|
A05000
|
heap
|
page read and write
|
||
|
804000
|
heap
|
page read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
1B37D000
|
stack
|
page read and write
|
||
|
A2D000
|
heap
|
page read and write
|
||
|
A22000
|
heap
|
page read and write
|
||
|
2BC22000
|
heap
|
page read and write
|
||
|
18DEF000
|
stack
|
page read and write
|
||
|
ADC000
|
heap
|
page read and write
|
||
|
1FF75000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
804000
|
heap
|
page read and write
|
||
|
9EB000
|
heap
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
11DAE000
|
stack
|
page read and write
|
||
|
A28000
|
heap
|
page read and write
|
||
|
ADC000
|
heap
|
page read and write
|
||
|
9BD000
|
heap
|
page read and write
|
||
|
ADD000
|
heap
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
ADC000
|
heap
|
page read and write
|
||
|
9D2000
|
heap
|
page read and write
|
||
|
9F2000
|
heap
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
9FA000
|
heap
|
page read and write
|
||
|
77E000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
2033D000
|
direct allocation
|
page readonly
|
||
|
A26000
|
heap
|
page read and write
|
||
|
4D1000
|
remote allocation
|
page execute and read and write
|
||
|
804000
|
heap
|
page read and write
|
||
|
9E7000
|
heap
|
page read and write
|
||
|
A56000
|
heap
|
page read and write
|
||
|
AE3000
|
heap
|
page read and write
|
||
|
ADD000
|
heap
|
page read and write
|
||
|
804000
|
heap
|
page read and write
|
||
|
9DD000
|
heap
|
page read and write
|
||
|
9FC000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
4F5000
|
unkown
|
page write copy
|
||
|
AE3000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
966000
|
heap
|
page read and write
|
||
|
A0B000
|
heap
|
page read and write
|
||
|
804000
|
heap
|
page read and write
|
||
|
4B1000
|
remote allocation
|
page execute and read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
A05000
|
heap
|
page read and write
|
||
|
1FF00000
|
heap
|
page read and write
|
||
|
9C1000
|
heap
|
page read and write
|
||
|
95A000
|
heap
|
page read and write
|
||
|
86E000
|
stack
|
page read and write
|
||
|
804000
|
heap
|
page read and write
|
||
|
AC7000
|
heap
|
page read and write
|
||
|
A0C000
|
heap
|
page read and write
|
||
|
A1A000
|
heap
|
page read and write
|
||
|
7EE000
|
heap
|
page read and write
|
||
|
98B000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
A05000
|
heap
|
page read and write
|
||
|
A1C000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
7EB000
|
heap
|
page read and write
|
||
|
A6D000
|
heap
|
page read and write
|
||
|
20060000
|
trusted library allocation
|
page read and write
|
||
|
B0F000
|
heap
|
page read and write
|
||
|
AB1000
|
heap
|
page read and write
|
||
|
924000
|
heap
|
page read and write
|
||
|
9CE000
|
heap
|
page read and write
|
||
|
2BC24000
|
heap
|
page read and write
|
||
|
9E2000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
95A000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
982000
|
heap
|
page read and write
|
||
|
ADC000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
A06000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
9C6000
|
heap
|
page read and write
|
||
|
8F7000
|
heap
|
page read and write
|
||
|
A22000
|
heap
|
page read and write
|
||
|
A28000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
988000
|
heap
|
page read and write
|
||
|
983000
|
heap
|
page read and write
|
||
|
9E7000
|
heap
|
page read and write
|
||
|
2BA16000
|
heap
|
page read and write
|
||
|
AE2000
|
heap
|
page read and write
|
||
|
7A9000
|
heap
|
page read and write
|
||
|
224CE000
|
stack
|
page read and write
|
||
|
2BB5D000
|
heap
|
page read and write
|
||
|
1FF6D000
|
heap
|
page read and write
|
||
|
933000
|
heap
|
page read and write
|
||
|
90C000
|
heap
|
page read and write
|
||
|
A26000
|
heap
|
page read and write
|
||
|
AC7000
|
heap
|
page read and write
|
||
|
A26000
|
heap
|
page read and write
|
||
|
89E000
|
heap
|
page read and write
|
||
|
987000
|
heap
|
page read and write
|
||
|
A0D000
|
heap
|
page read and write
|
||
|
A0C000
|
heap
|
page read and write
|
||
|
ADF000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
AF5000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
A82000
|
heap
|
page read and write
|
||
|
97000
|
stack
|
page read and write
|
||
|
ADD000
|
heap
|
page read and write
|
||
|
52D000
|
remote allocation
|
page execute and read and write
|
||
|
1B3BE000
|
stack
|
page read and write
|
||
|
9E5000
|
heap
|
page read and write
|
||
|
1D960000
|
remote allocation
|
page read and write
|
||
|
B0F000
|
heap
|
page read and write
|
||
|
4A9000
|
remote allocation
|
page execute and read and write
|
||
|
50E000
|
remote allocation
|
page execute and read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
9F3000
|
heap
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
9DC000
|
heap
|
page read and write
|
||
|
991000
|
heap
|
page read and write
|
||
|
804000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
9E1000
|
heap
|
page read and write
|
||
|
96A000
|
heap
|
page read and write
|
||
|
9DD000
|
heap
|
page read and write
|
||
|
99C000
|
heap
|
page read and write
|
||
|
202FD000
|
direct allocation
|
page execute read
|
||
|
A2B000
|
heap
|
page read and write
|
||
|
2280000
|
heap
|
page read and write
|
||
|
A27000
|
heap
|
page read and write
|
||
|
20256000
|
direct allocation
|
page execute read
|
||
|
A1D000
|
heap
|
page read and write
|
||
|
A06000
|
heap
|
page read and write
|
||
|
810000
|
trusted library allocation
|
page read and write
|
||
|
9F2000
|
heap
|
page read and write
|
||
|
AE9000
|
heap
|
page read and write
|
||
|
9E5000
|
heap
|
page read and write
|
||
|
4F1000
|
unkown
|
page write copy
|
||
|
917000
|
heap
|
page read and write
|
||
|
9EF000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
995000
|
heap
|
page read and write
|
||
|
539000
|
remote allocation
|
page execute and read and write
|
||
|
89A000
|
heap
|
page read and write
|
||
|
1432E000
|
stack
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
4AF000
|
unkown
|
page write copy
|
||
|
2483000
|
heap
|
page read and write
|
||
|
A0A000
|
heap
|
page read and write
|
||
|
944000
|
heap
|
page read and write
|
||
|
A16000
|
heap
|
page read and write
|
||
|
1FF0C000
|
heap
|
page read and write
|
||
|
22F0000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
200F8000
|
direct allocation
|
page execute read
|
||
|
A08000
|
heap
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
804000
|
heap
|
page read and write
|
||
|
9FA000
|
heap
|
page read and write
|
||
|
962000
|
heap
|
page read and write
|
||
|
9D8000
|
heap
|
page read and write
|
||
|
ADC000
|
heap
|
page read and write
|
||
|
987000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
804000
|
heap
|
page read and write
|
||
|
ADD000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
42E3000
|
direct allocation
|
page read and write
|
||
|
A28000
|
heap
|
page read and write
|
||
|
9EA000
|
heap
|
page read and write
|
||
|
24A4E000
|
stack
|
page read and write
|
||
|
AFC000
|
heap
|
page read and write
|
||
|
AAF000
|
stack
|
page read and write
|
||
|
4F4000
|
unkown
|
page read and write
|
||
|
9DD000
|
heap
|
page read and write
|
||
|
A24000
|
heap
|
page read and write
|
||
|
A9A000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
1D8FE000
|
stack
|
page read and write
|
||
|
9D2000
|
heap
|
page read and write
|
||
|
2BA1D000
|
heap
|
page read and write
|
||
|
94E000
|
heap
|
page read and write
|
||
|
1FEF0000
|
heap
|
page read and write
|
||
|
2004C000
|
stack
|
page read and write
|
||
|
9E4000
|
heap
|
page read and write
|
||
|
26F8E000
|
stack
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
ADF000
|
heap
|
page read and write
|
||
|
2300000
|
direct allocation
|
page read and write
|
||
|
A0A000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
9EC000
|
heap
|
page read and write
|
||
|
1FEDF000
|
stack
|
page read and write
|
||
|
9D2000
|
heap
|
page read and write
|
||
|
A05000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
A1F000
|
heap
|
page read and write
|
||
|
97E000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
A0A000
|
heap
|
page read and write
|
||
|
933000
|
heap
|
page read and write
|
||
|
9E4000
|
heap
|
page read and write
|
||
|
A28000
|
heap
|
page read and write
|
||
|
1686F000
|
stack
|
page read and write
|
||
|
A83000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
A5B000
|
heap
|
page read and write
|
||
|
2033A000
|
direct allocation
|
page readonly
|
||
|
A9B000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
76E000
|
stack
|
page read and write
|
||
|
92D000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
9F3000
|
heap
|
page read and write
|
||
|
A1F000
|
heap
|
page read and write
|
||
|
804000
|
heap
|
page read and write
|
||
|
A22000
|
heap
|
page read and write
|
||
|
4B4000
|
unkown
|
page readonly
|
||
|
9CB000
|
heap
|
page read and write
|
||
|
96F000
|
stack
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
804000
|
heap
|
page read and write
|
||
|
AC7000
|
heap
|
page read and write
|
||
|
982000
|
heap
|
page read and write
|
||
|
804000
|
heap
|
page read and write
|
||
|
96E000
|
heap
|
page read and write
|
||
|
A1A000
|
heap
|
page read and write
|
||
|
98F000
|
heap
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
96E000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
99C000
|
heap
|
page read and write
|
||
|
98F000
|
heap
|
page read and write
|
||
|
A1C000
|
heap
|
page read and write
|
||
|
7AD000
|
heap
|
page read and write
|
||
|
8FF0000
|
heap
|
page read and write
|
||
|
9F4000
|
heap
|
page read and write
|
||
|
982000
|
heap
|
page read and write
|
||
|
A44000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
95C000
|
heap
|
page read and write
|
||
|
A22000
|
heap
|
page read and write
|
||
|
99A000
|
heap
|
page read and write
|
||
|
641000
|
remote allocation
|
page execute and read and write
|
||
|
A0C000
|
heap
|
page read and write
|
||
|
9C9000
|
heap
|
page read and write
|
||
|
9D7000
|
heap
|
page read and write
|
||
|
A0D000
|
heap
|
page read and write
|
||
|
9000000
|
heap
|
page read and write
|
||
|
ADC000
|
heap
|
page read and write
|
||
|
4DD000
|
remote allocation
|
page execute and read and write
|
||
|
22B0000
|
direct allocation
|
page execute and read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
A6D000
|
heap
|
page read and write
|
||
|
9C6000
|
heap
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
99C000
|
heap
|
page read and write
|
||
|
8E2000
|
heap
|
page read and write
|
||
|
294CC000
|
stack
|
page read and write
|
||
|
22A0000
|
heap
|
page read and write
|
||
|
994000
|
heap
|
page read and write
|
||
|
91E000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
7E7000
|
heap
|
page read and write
|
||
|
9FA000
|
heap
|
page read and write
|
||
|
4FA000
|
unkown
|
page readonly
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
425000
|
remote allocation
|
page execute and read and write
|
||
|
1D99E000
|
stack
|
page read and write
|
||
|
A22000
|
heap
|
page read and write
|
||
|
9E4000
|
heap
|
page read and write
|
||
|
9C6000
|
heap
|
page read and write
|
||
|
9F5000
|
heap
|
page read and write
|
||
|
9D9000
|
heap
|
page read and write
|
||
|
9CB000
|
heap
|
page read and write
|
||
|
9BF000
|
heap
|
page read and write
|
||
|
804000
|
heap
|
page read and write
|
||
|
95F000
|
heap
|
page read and write
|
||
|
963000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
99C000
|
heap
|
page read and write
|
||
|
A23000
|
heap
|
page read and write
|
||
|
991000
|
heap
|
page read and write
|
||
|
9C3000
|
heap
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
28C0000
|
direct allocation
|
page execute and read and write
|
||
|
4A6000
|
remote allocation
|
page execute and read and write
|
||
|
193000
|
stack
|
page read and write
|
||
|
A44000
|
heap
|
page read and write
|
||
|
962000
|
heap
|
page read and write
|
||
|
98C000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
AE2000
|
heap
|
page read and write
|
||
|
A5B000
|
heap
|
page read and write
|
||
|
9CB000
|
heap
|
page read and write
|
||
|
9C6000
|
heap
|
page read and write
|
||
|
8FF1000
|
heap
|
page read and write
|
||
|
9AE000
|
stack
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
1FF1D000
|
heap
|
page read and write
|
||
|
996000
|
heap
|
page read and write
|
||
|
A27000
|
heap
|
page read and write
|
||
|
20355000
|
heap
|
page read and write
|
||
|
9EA000
|
heap
|
page read and write
|
||
|
96A000
|
heap
|
page read and write
|
||
|
ADC000
|
heap
|
page read and write
|
||
|
200F0000
|
direct allocation
|
page execute and read and write
|
||
|
A24000
|
heap
|
page read and write
|
||
|
A26000
|
heap
|
page read and write
|
||
|
96A000
|
heap
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
AE1000
|
heap
|
page read and write
|
||
|
2033F000
|
direct allocation
|
page readonly
|
||
|
9F8000
|
heap
|
page read and write
|
There are 409 hidden memdumps, click here to show them.