Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
pDHKarOK2v.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\katC422.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\BGIIDAEBGCAA\AAKEGD
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie
0xe, schema 4, UTF-8, version-valid-for 2
|
dropped
|
||
|
C:\ProgramData\BGIIDAEBGCAA\AECAEC
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie
0xb, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\ProgramData\BGIIDAEBGCAA\BAFBFC
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8,
version-valid-for 6
|
dropped
|
||
|
C:\ProgramData\BGIIDAEBGCAA\DHCFID
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4,
UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\ProgramData\BGIIDAEBGCAA\FCFBFH
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie
0x21, schema 4, UTF-8, version-valid-for 3
|
dropped
|
||
|
C:\ProgramData\BGIIDAEBGCAA\HIDGCF
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie
0x37, schema 4, UTF-8, version-valid-for 8
|
modified
|
||
|
C:\ProgramData\BGIIDAEBGCAA\JEGHDA
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4,
UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\ProgramData\BGIIDAEBGCAA\JJJEGC
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\sqlt[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\pDHKarOK2v.exe
|
"C:\Users\user\Desktop\pDHKarOK2v.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\katC422.tmp
|
C:\Users\user\AppData\Local\Temp\katC422.tmp
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://t.me/
|
unknown
|
|
|
|
https://steamcommunity.com/profiles/76561199707802586
|
|
||
|
https://t.me/g067n
|
149.154.167.99
|
|
|
|
https://49.13.159.121:9000/159.121:9000/freebl3.dll
|
unknown
|
||
|
https://duckduckgo.com/chrome_newtab
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
https://49.13.159.121:9000oaming
|
unknown
|
||
|
https://49.13.159.121:9000ocal
|
unknown
|
||
|
https://web.telegram.org
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199707802586hellosqlt.dllsqlite3.dll
|
unknown
|
||
|
https://49.13.159.121:9000/J0
|
unknown
|
||
|
https://49.13.159.121:9000srss.exe
|
unknown
|
||
|
https://49.13.159.121:9000/softokn3.dllt
|
unknown
|
||
|
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
https://49.13.159.121:9000/nss3.dllhx
|
unknown
|
||
|
https://49.13.159.121:9000/vcruntime140.dllge
|
unknown
|
||
|
https://49.13.159.121/b
|
unknown
|
||
|
https://49.13.159.121:9000/softokn3.dll
|
unknown
|
||
|
https://49.13.159.121:9000/nss3.dlltx
|
unknown
|
||
|
https://49.13.159.121:9000/:0
|
unknown
|
||
|
https://49.13.159.121:9000/B7
|
unknown
|
||
|
https://49.13.159.121:9000/softokn3.dllZL
|
unknown
|
||
|
https://49.13.159.121:9000/mozglue.dllft
|
unknown
|
||
|
https://49.13.159.121:9000
|
unknown
|
||
|
https://49.13.159.121:9000/freebl3.dll
|
unknown
|
||
|
https://49.13.159.121:9000/freebl3.dll)Fqc?
|
unknown
|
||
|
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
|
unknown
|
||
|
https://49.13.159.121/
|
unknown
|
||
|
https://49.13.159.121:9000/freebl3.dllft
|
unknown
|
||
|
https://49.13.159.121:9000/mozglue.dll
|
unknown
|
||
|
https://49.13.159.121:9000/freebl3.dll)MIb
|
unknown
|
||
|
https://t.me/g067nry1neMozilla/5.0
|
unknown
|
||
|
https://49.13.159.121:9000/cal
|
unknown
|
||
|
http://www.sqlite.org/copyright.html.
|
unknown
|
||
|
https://49.13.159.121:9000/D
|
unknown
|
||
|
https://49.13.159.121:9000/nss3.dll
|
unknown
|
||
|
https://49.13.159.121:9000/vcruntime140.dllpet
|
unknown
|
||
|
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
|
unknown
|
||
|
https://49.13.159.121:9000/sqlt.dll
|
unknown
|
||
|
https://49.13.159.121:9000/L
|
unknown
|
||
|
https://49.13.159.121:9000/R
|
unknown
|
||
|
https://49.13.159.121:9000/vcruntime140.dlletsC
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
http://rpi.net.au/~ajohnson/resourcehacker
|
unknown
|
||
|
http://www.microsoft.
|
unknown
|
||
|
https://49.13.159.121:9000/msvcp140.dll
|
unknown
|
||
|
https://49.13.159.121:9000/X
|
unknown
|
||
|
https://www.ecosia.org/newtab/
|
unknown
|
||
|
https://49.13.159.121:9000/mozglue.dllposition:
|
unknown
|
||
|
https://49.13.159.121:90000c530oogle
|
unknown
|
||
|
https://49.1
|
unknown
|
||
|
https://49.13.159.121:9000/soft
|
unknown
|
||
|
https://ac.ecosia.org/autocomplete?q=
|
unknown
|
||
|
https://49.13.159.121:9000/nss3.dllosoft
|
unknown
|
||
|
https://49.13.159.121:9000/lowedCert_AutoUpdate_1
|
unknown
|
||
|
https://49.13.159.121:9000/
|
unknown
|
||
|
https://49.13.159.121:9000/mozglue.dll4
|
unknown
|
||
|
https://49.13.159.121:9000/159.121:9000/msvcp140.dll
|
unknown
|
||
|
https://49.13.159.121:9000/r
|
unknown
|
||
|
https://49.13.159.121:9000/r0(b
|
unknown
|
||
|
https://49.13.159.121:9000el
|
unknown
|
||
|
https://49.13.159.121:9000/c530icrosoft
|
unknown
|
||
|
https://49.13.159.121:9000/msvcp140.dllt
|
unknown
|
||
|
https://49.13.159.121:9000/vcruntime140.dll
|
unknown
|
||
|
https://49.13.159.121:9000/j00b
|
unknown
|
||
|
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
|
unknown
|
||
|
https://49.13.159.121:9000/freebl3.dllmFMc5
|
unknown
|
There are 57 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
t.me
|
149.154.167.99
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
149.154.167.99
|
t.me
|
United Kingdom
|
|
|
|
49.13.159.121
|
unknown
|
Germany
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
28F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
445000
|
remote allocation
|
page execute and read and write
|
|
|
|
29FB000
|
direct allocation
|
page execute and read and write
|
|
|
|
2BC0000
|
direct allocation
|
page execute and read and write
|
|
|
|
3FB0000
|
direct allocation
|
page read and write
|
|
|
|
20120000
|
heap
|
page read and write
|
||
|
1B37E000
|
stack
|
page read and write
|
||
|
817000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
8A4000
|
heap
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
7F7000
|
heap
|
page read and write
|
||
|
1FEF0000
|
heap
|
page read and write
|
||
|
993000
|
heap
|
page read and write
|
||
|
897000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
899000
|
heap
|
page read and write
|
||
|
2320000
|
heap
|
page read and write
|
||
|
2004C000
|
stack
|
page read and write
|
||
|
8A7000
|
heap
|
page read and write
|
||
|
9D9000
|
heap
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
87C000
|
heap
|
page read and write
|
||
|
18DFF000
|
stack
|
page read and write
|
||
|
1FF0C000
|
heap
|
page read and write
|
||
|
87A000
|
heap
|
page read and write
|
||
|
1FF2D000
|
heap
|
page read and write
|
||
|
9D6000
|
heap
|
page read and write
|
||
|
5C8000
|
remote allocation
|
page execute and read and write
|
||
|
537E000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
43F000
|
remote allocation
|
page execute and read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
81F000
|
heap
|
page read and write
|
||
|
87A000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
8DF000
|
heap
|
page read and write
|
||
|
2033D000
|
direct allocation
|
page execute read
|
||
|
8B4000
|
heap
|
page read and write
|
||
|
915000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
954000
|
heap
|
page read and write
|
||
|
8D3000
|
heap
|
page read and write
|
||
|
2BC1F000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
20296000
|
direct allocation
|
page execute read
|
||
|
885000
|
heap
|
page read and write
|
||
|
80B000
|
heap
|
page read and write
|
||
|
906F000
|
heap
|
page read and write
|
||
|
80A000
|
heap
|
page read and write
|
||
|
9C3000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
994000
|
heap
|
page read and write
|
||
|
50E000
|
remote allocation
|
page execute and read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
26F8E000
|
stack
|
page read and write
|
||
|
96A000
|
heap
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
954000
|
heap
|
page read and write
|
||
|
9C3000
|
heap
|
page read and write
|
||
|
1D99E000
|
stack
|
page read and write
|
||
|
86A000
|
heap
|
page read and write
|
||
|
804000
|
heap
|
page read and write
|
||
|
86C000
|
heap
|
page read and write
|
||
|
8A6000
|
heap
|
page read and write
|
||
|
8B1000
|
heap
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
92E000
|
stack
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
80A000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
819000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
655000
|
heap
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
8D3000
|
heap
|
page read and write
|
||
|
817000
|
heap
|
page read and write
|
||
|
891000
|
heap
|
page read and write
|
||
|
915000
|
heap
|
page read and write
|
||
|
899000
|
heap
|
page read and write
|
||
|
9C3000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
89A000
|
heap
|
page read and write
|
||
|
9D1000
|
heap
|
page read and write
|
||
|
86B000
|
heap
|
page read and write
|
||
|
891000
|
heap
|
page read and write
|
||
|
8DB000
|
heap
|
page read and write
|
||
|
89B000
|
heap
|
page read and write
|
||
|
62E000
|
heap
|
page read and write
|
||
|
87A000
|
heap
|
page read and write
|
||
|
86E000
|
heap
|
page read and write
|
||
|
86B000
|
heap
|
page read and write
|
||
|
8D6000
|
heap
|
page read and write
|
||
|
7E2000
|
heap
|
page read and write
|
||
|
86E000
|
heap
|
page read and write
|
||
|
4AF000
|
unkown
|
page write copy
|
||
|
86E000
|
heap
|
page read and write
|
||
|
9D8000
|
heap
|
page read and write
|
||
|
8A8000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
983000
|
heap
|
page read and write
|
||
|
8D6000
|
heap
|
page read and write
|
||
|
883000
|
heap
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
965000
|
heap
|
page read and write
|
||
|
8AC000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
87D000
|
heap
|
page read and write
|
||
|
89B000
|
heap
|
page read and write
|
||
|
9D5000
|
heap
|
page read and write
|
||
|
21E4000
|
direct allocation
|
page read and write
|
||
|
193000
|
stack
|
page read and write
|
||
|
816000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
858000
|
heap
|
page read and write
|
||
|
89B000
|
heap
|
page read and write
|
||
|
8A6000
|
heap
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
439000
|
remote allocation
|
page execute and read and write
|
||
|
8D3000
|
heap
|
page read and write
|
||
|
9065000
|
heap
|
page read and write
|
||
|
8A2000
|
heap
|
page read and write
|
||
|
52EE000
|
stack
|
page read and write
|
||
|
9C1000
|
heap
|
page read and write
|
||
|
2393000
|
heap
|
page read and write
|
||
|
8ED000
|
heap
|
page read and write
|
||
|
8D6000
|
heap
|
page read and write
|
||
|
829000
|
heap
|
page read and write
|
||
|
8B3000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
8B4000
|
heap
|
page read and write
|
||
|
1FF1D000
|
heap
|
page read and write
|
||
|
9D8000
|
heap
|
page read and write
|
||
|
700000
|
trusted library allocation
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
4DD000
|
remote allocation
|
page execute and read and write
|
||
|
891000
|
heap
|
page read and write
|
||
|
8BA000
|
heap
|
page read and write
|
||
|
8B5000
|
heap
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
425000
|
remote allocation
|
page execute and read and write
|
||
|
9D9000
|
heap
|
page read and write
|
||
|
5370000
|
heap
|
page read and write
|
||
|
881000
|
heap
|
page read and write
|
||
|
1D960000
|
remote allocation
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
9D6000
|
heap
|
page read and write
|
||
|
2BA13000
|
heap
|
page read and write
|
||
|
7FD000
|
heap
|
page read and write
|
||
|
80C000
|
heap
|
page read and write
|
||
|
812000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
9CD000
|
heap
|
page read and write
|
||
|
8AD000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
532E000
|
stack
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
8E8000
|
heap
|
page read and write
|
||
|
8DF000
|
heap
|
page read and write
|
||
|
94E000
|
heap
|
page read and write
|
||
|
87A000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
9060000
|
heap
|
page read and write
|
||
|
82C000
|
heap
|
page read and write
|
||
|
2390000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
87A000
|
heap
|
page read and write
|
||
|
11DDF000
|
stack
|
page read and write
|
||
|
7E9000
|
heap
|
page read and write
|
||
|
475000
|
unkown
|
page readonly
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
62A000
|
heap
|
page read and write
|
||
|
839000
|
heap
|
page read and write
|
||
|
9C6000
|
heap
|
page read and write
|
||
|
76A000
|
heap
|
page read and write
|
||
|
864000
|
heap
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
27D0000
|
direct allocation
|
page execute and read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
9C6000
|
heap
|
page read and write
|
||
|
20348000
|
direct allocation
|
page readonly
|
||
|
8B4000
|
heap
|
page read and write
|
||
|
21D0000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
871000
|
heap
|
page read and write
|
||
|
834000
|
heap
|
page read and write
|
||
|
8AA000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
8D1000
|
heap
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
88A000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
294CC000
|
stack
|
page read and write
|
||
|
9C3000
|
heap
|
page read and write
|
||
|
52D000
|
remote allocation
|
page execute and read and write
|
||
|
8E8000
|
heap
|
page read and write
|
||
|
899000
|
heap
|
page read and write
|
||
|
87A000
|
heap
|
page read and write
|
||
|
7ED000
|
heap
|
page read and write
|
||
|
86E000
|
heap
|
page read and write
|
||
|
88A000
|
heap
|
page read and write
|
||
|
7E9000
|
heap
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
9D9000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
87E000
|
heap
|
page read and write
|
||
|
8AA000
|
heap
|
page read and write
|
||
|
9C9000
|
heap
|
page read and write
|
||
|
894000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
8D6000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
1431F000
|
stack
|
page read and write
|
||
|
8BA000
|
heap
|
page read and write
|
||
|
41F3000
|
direct allocation
|
page read and write
|
||
|
8A7000
|
heap
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
7F5000
|
heap
|
page read and write
|
||
|
871000
|
heap
|
page read and write
|
||
|
97000
|
stack
|
page read and write
|
||
|
816000
|
heap
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
86A000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
8EA000
|
heap
|
page read and write
|
||
|
9CD000
|
heap
|
page read and write
|
||
|
1685F000
|
stack
|
page read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
7E2000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
9160000
|
unclassified section
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
8D6000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
9C3000
|
heap
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
21E0000
|
direct allocation
|
page read and write
|
||
|
856000
|
heap
|
page read and write
|
||
|
87A000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
87D000
|
heap
|
page read and write
|
||
|
8BA000
|
heap
|
page read and write
|
||
|
4A6000
|
remote allocation
|
page execute and read and write
|
||
|
982000
|
heap
|
page read and write
|
||
|
9070000
|
heap
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
9C9000
|
heap
|
page read and write
|
||
|
834000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
855000
|
heap
|
page read and write
|
||
|
855000
|
heap
|
page read and write
|
||
|
8CC000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
8D6000
|
heap
|
page read and write
|
||
|
8CC000
|
heap
|
page read and write
|
||
|
9D1000
|
heap
|
page read and write
|
||
|
881000
|
heap
|
page read and write
|
||
|
2310000
|
heap
|
page read and write
|
||
|
864000
|
heap
|
page read and write
|
||
|
885000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
9CA000
|
heap
|
page read and write
|
||
|
80C000
|
heap
|
page read and write
|
||
|
982000
|
heap
|
page read and write
|
||
|
1FF6D000
|
heap
|
page read and write
|
||
|
8D3000
|
heap
|
page read and write
|
||
|
76E000
|
heap
|
page read and write
|
||
|
94D000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
8B1000
|
heap
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
89D000
|
heap
|
page read and write
|
||
|
891000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
46D000
|
unkown
|
page read and write
|
||
|
8D1000
|
heap
|
page read and write
|
||
|
9C6000
|
heap
|
page read and write
|
||
|
24A0E000
|
stack
|
page read and write
|
||
|
8A9000
|
heap
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
954000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
9CD000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
8A6000
|
heap
|
page read and write
|
||
|
9D9000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
20060000
|
trusted library allocation
|
page read and write
|
||
|
9D6000
|
heap
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
4A9000
|
remote allocation
|
page execute and read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
871000
|
heap
|
page read and write
|
||
|
1FEDF000
|
stack
|
page read and write
|
||
|
9CB000
|
heap
|
page read and write
|
||
|
470000
|
unkown
|
page write copy
|
||
|
1FF00000
|
heap
|
page read and write
|
||
|
891000
|
heap
|
page read and write
|
||
|
9D5000
|
heap
|
page read and write
|
||
|
5377000
|
heap
|
page read and write
|
||
|
834000
|
heap
|
page read and write
|
||
|
9C3000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
834000
|
heap
|
page read and write
|
||
|
8D6000
|
heap
|
page read and write
|
||
|
899000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
1D960000
|
remote allocation
|
page read and write
|
||
|
7E9000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
86B000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
891000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
8A7000
|
heap
|
page read and write
|
||
|
8B1000
|
heap
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
802000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
2330000
|
direct allocation
|
page execute and read and write
|
||
|
46D000
|
unkown
|
page write copy
|
||
|
893000
|
heap
|
page read and write
|
||
|
8CC000
|
heap
|
page read and write
|
||
|
955000
|
heap
|
page read and write
|
||
|
8A1000
|
heap
|
page read and write
|
||
|
828000
|
heap
|
page read and write
|
||
|
18E3E000
|
stack
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
20138000
|
direct allocation
|
page execute read
|
||
|
8AC000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
954000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
8A7000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
9061000
|
heap
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
87A000
|
heap
|
page read and write
|
||
|
8A1000
|
heap
|
page read and write
|
||
|
9CF000
|
heap
|
page read and write
|
||
|
8B1000
|
heap
|
page read and write
|
||
|
883000
|
heap
|
page read and write
|
||
|
885000
|
heap
|
page read and write
|
||
|
2BA1A000
|
heap
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
1B3BE000
|
stack
|
page read and write
|
||
|
885000
|
heap
|
page read and write
|
||
|
9C3000
|
heap
|
page read and write
|
||
|
891000
|
heap
|
page read and write
|
||
|
8B3000
|
heap
|
page read and write
|
||
|
9CE000
|
heap
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
8D6000
|
heap
|
page read and write
|
||
|
8CF000
|
heap
|
page read and write
|
||
|
8AA000
|
heap
|
page read and write
|
||
|
641000
|
remote allocation
|
page execute and read and write
|
||
|
899000
|
heap
|
page read and write
|
||
|
8A3000
|
heap
|
page read and write
|
||
|
7B5000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
8EF000
|
stack
|
page read and write
|
||
|
7EE000
|
heap
|
page read and write
|
||
|
961000
|
heap
|
page read and write
|
||
|
8A4000
|
heap
|
page read and write
|
||
|
A2F000
|
stack
|
page read and write
|
||
|
7E5000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
87A000
|
heap
|
page read and write
|
||
|
8D2000
|
heap
|
page read and write
|
||
|
8B3000
|
heap
|
page read and write
|
||
|
86B000
|
heap
|
page read and write
|
||
|
8B1000
|
heap
|
page read and write
|
||
|
865000
|
heap
|
page read and write
|
||
|
8C5000
|
heap
|
page read and write
|
||
|
2BC21000
|
heap
|
page read and write
|
||
|
823000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
20131000
|
direct allocation
|
page execute read
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
8B4000
|
heap
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
958000
|
heap
|
page read and write
|
||
|
8A6000
|
heap
|
page read and write
|
||
|
2037D000
|
direct allocation
|
page readonly
|
||
|
9DD000
|
heap
|
page read and write
|
||
|
24A4E000
|
stack
|
page read and write
|
||
|
2037A000
|
direct allocation
|
page readonly
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
8B1000
|
heap
|
page read and write
|
||
|
9D8000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
8A1000
|
heap
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
8AA000
|
heap
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
89A000
|
heap
|
page read and write
|
||
|
8A1000
|
heap
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
4B4000
|
unkown
|
page readonly
|
||
|
2033F000
|
direct allocation
|
page readonly
|
||
|
897000
|
heap
|
page read and write
|
||
|
20372000
|
direct allocation
|
page read and write
|
||
|
834000
|
heap
|
page read and write
|
||
|
4AC000
|
unkown
|
page write copy
|
||
|
8D6000
|
heap
|
page read and write
|
||
|
8BA000
|
heap
|
page read and write
|
||
|
7FC000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
2039A000
|
heap
|
page read and write
|
||
|
2BB78000
|
heap
|
page read and write
|
||
|
9CE000
|
heap
|
page read and write
|
||
|
899000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
878000
|
heap
|
page read and write
|
||
|
1D960000
|
remote allocation
|
page read and write
|
||
|
9C6000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
87A000
|
heap
|
page read and write
|
||
|
539000
|
remote allocation
|
page execute and read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
8E8000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
2037F000
|
direct allocation
|
page readonly
|
||
|
9CA000
|
heap
|
page read and write
|
||
|
224CE000
|
stack
|
page read and write
|
||
|
2BB5A000
|
heap
|
page read and write
|
||
|
9C6000
|
heap
|
page read and write
|
||
|
94D000
|
heap
|
page read and write
|
||
|
882000
|
heap
|
page read and write
|
||
|
86E000
|
heap
|
page read and write
|
||
|
86B000
|
heap
|
page read and write
|
||
|
889000
|
heap
|
page read and write
|
||
|
1D8FD000
|
stack
|
page read and write
|
||
|
430000
|
remote allocation
|
page execute and read and write
|
||
|
20130000
|
direct allocation
|
page execute and read and write
|
||
|
7D6000
|
heap
|
page read and write
|
||
|
4D1000
|
remote allocation
|
page execute and read and write
|
||
|
87D000
|
heap
|
page read and write
|
||
|
5FE000
|
stack
|
page read and write
|
||
|
9C6000
|
heap
|
page read and write
|
||
|
862000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
7E9000
|
heap
|
page read and write
|
||
|
881000
|
heap
|
page read and write
|
||
|
927000
|
heap
|
page read and write
|
||
|
9C6000
|
heap
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
8A6000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
802000
|
heap
|
page read and write
|
||
|
9C1000
|
heap
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
4B1000
|
remote allocation
|
page execute and read and write
|
||
|
502000
|
remote allocation
|
page execute and read and write
|
||
|
953000
|
heap
|
page read and write
|
||
|
168BE000
|
stack
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
9DC000
|
heap
|
page read and write
|
||
|
899000
|
heap
|
page read and write
|
||
|
8AD000
|
heap
|
page read and write
|
||
|
9063000
|
heap
|
page read and write
|
||
|
8D7000
|
heap
|
page read and write
|
||
|
9061000
|
heap
|
page read and write
|
||
|
9CE000
|
heap
|
page read and write
|
||
|
86E000
|
heap
|
page read and write
|
||
|
7F5000
|
heap
|
page read and write
|
||
|
87A000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
8AA000
|
heap
|
page read and write
|
||
|
536E000
|
stack
|
page read and write
|
||
|
8AA000
|
heap
|
page read and write
|
||
|
8A5000
|
heap
|
page read and write
|
||
|
8D3000
|
heap
|
page read and write
|
||
|
894000
|
heap
|
page read and write
|
||
|
8A3000
|
heap
|
page read and write
|
There are 489 hidden memdumps, click here to show them.