Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
82xul16VKj.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\kat2B07.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\GHDAAKJEGCFC\BAEBGC
|
SQLite 3.x database, last written using SQLite version 3032001, page size 2048, file counter 10, database pages 37, cookie
0x2f, schema 4, UTF-8, version-valid-for 10
|
dropped
|
||
|
C:\ProgramData\GHDAAKJEGCFC\BGDGHJ
|
SQLite 3.x database, last written using SQLite version 3008001, file counter 13, database pages 30, 1st free page 27, free
pages 1, cookie 0x1e, schema 4, UTF-8, version-valid-for 13
|
dropped
|
||
|
C:\ProgramData\GHDAAKJEGCFC\DGHCBA
|
SQLite 3.x database, last written using SQLite version 3008001, file counter 24, database pages 5, cookie 0xf, schema 4, UTF-8,
version-valid-for 24
|
dropped
|
||
|
C:\ProgramData\GHDAAKJEGCFC\IDHIEG
|
ASCII text, with very long lines (1567), with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\GHDAAKJEGCFC\KKKEBK
|
SQLite 3.x database, last written using SQLite version 3032001, page size 2048, file counter 3, database pages 20, cookie
0x15, schema 4, UTF-8, version-valid-for 3
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\sqlt[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\CabAB7C.tmp
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TarAB7D.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\4N90MZIH.txt
|
ASCII text
|
modified
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\C7GDP0V0.txt
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\FSFIJPYD.txt
|
ASCII text
|
dropped
|
There are 5 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\82xul16VKj.exe
|
"C:\Users\user\Desktop\82xul16VKj.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\kat2B07.tmp
|
C:\Users\user\AppData\Local\Temp\kat2B07.tmp
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\kat2B07.tmp" & rd /s /q "C:\ProgramData\GHDAAKJEGCFC"
& exit
|
||
|
C:\Windows\SysWOW64\timeout.exe
|
timeout /t 10
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://steamcommunity.com/profiles/76561199730044335
|
|
||
|
http://survey-smiles.com/R
|
unknown
|
|
|
|
https://t.me/bu77un
|
149.154.167.99
|
|
|
|
http://survey-smiles.com/
|
199.59.243.226
|
|
|
|
http://survey-smiles.com/z
|
unknown
|
|
|
|
https://duckduckgo.com/chrome_newtab
|
unknown
|
||
|
https://116.202.180.70:5432/
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dwmf%2B5.1%26oq%3Dwmf
|
unknown
|
||
|
https://116.202.180.70:5432/2r
|
unknown
|
||
|
https://web.telegram.org
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
https://116.202.180.70:5432/softokn3.dll%
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://116.202.180.70:5432/msvcp140.dll
|
unknown
|
||
|
http://tea.arpdabl.orgHJK
|
unknown
|
||
|
https://www.google.com/search?q=wmf
|
unknown
|
||
|
http://tea.arpdabl.org5432Content-Disposition:
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199730044335hellosqlt.dllsqlite3.dll
|
unknown
|
||
|
http://tea.arpdabl.org/
|
185.107.56.202
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
http://tea.arpdabl.org/v
|
unknown
|
||
|
http://www.sqlite.org/copyright.html.
|
unknown
|
||
|
https://116.202.180.70/I
|
unknown
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
https://www.google.com/search?q=test&oq=test&aqs=chrome..69i57j46j0l3j46j0.427j0j7&sourceid=chrome&i
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
http://rpi.net.au/~ajohnson/resourcehacker
|
unknown
|
||
|
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
|
unknown
|
||
|
https://116.202.180.70:5432
|
unknown
|
||
|
https://www.google.com/favicon.ico
|
unknown
|
||
|
https://116.202.180.70/2
|
unknown
|
||
|
https://116.202.180.70:5432/vcruntime140.dll
|
unknown
|
||
|
https://ac.ecosia.org/autocomplete?q=
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
https://116.202.180.70:5432/freebl3.dll
|
unknown
|
||
|
https://t.me/bu77unguf_hMozilla/5.0
|
unknown
|
||
|
https://www.google.com/sorry/index
|
unknown
|
||
|
http://tea.arpdabl.org/)
|
unknown
|
||
|
https://116.202.180.70:5432/softokn3.dllP
|
unknown
|
||
|
http://tea.arpdabl.org
|
unknown
|
||
|
https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dtest%26oq%3Dtest%26a
|
unknown
|
||
|
https://116.202.180.70:5432Content-Disposition:
|
unknown
|
||
|
https://www.google.com/search?q=net
|
unknown
|
||
|
https://www.google.com/sorry/indextest
|
unknown
|
||
|
https://116.202.180.70:5432/sqlt.dll
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
https://116.202.180.70:5432/mozglue.dll
|
unknown
|
||
|
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
||
|
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
https://116.202.180.70:5432/nss3.dll
|
unknown
|
There are 44 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
t.me
|
149.154.167.99
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
||
|
tea.arpdabl.org
|
185.107.56.202
|
||
|
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
|
217.20.58.23
|
||
|
survey-smiles.com
|
199.59.243.226
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
149.154.167.99
|
t.me
|
United Kingdom
|
|
|
|
185.107.56.202
|
tea.arpdabl.org
|
Netherlands
|
||
|
116.202.180.70
|
unknown
|
Germany
|
||
|
199.59.243.226
|
survey-smiles.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
|
{40DD6E20-7C17-11CE-A804-00AA003CA9F6} {000214EF-0000-0000-C000-000000000046} 0xFFFF
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3080000
|
trusted library allocation
|
page read and write
|
|
|
|
2A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
2EEB000
|
direct allocation
|
page execute and read and write
|
|
|
|
2DE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
8DC000
|
heap
|
page read and write
|
||
|
5F7000
|
heap
|
page read and write
|
||
|
439000
|
remote allocation
|
page execute and read and write
|
||
|
D04E000
|
stack
|
page read and write
|
||
|
2CC0000
|
direct allocation
|
page execute and read and write
|
||
|
1676F000
|
stack
|
page read and write
|
||
|
4DD000
|
remote allocation
|
page execute and read and write
|
||
|
4B4000
|
unkown
|
page readonly
|
||
|
800000
|
heap
|
page read and write
|
||
|
969000
|
heap
|
page read and write
|
||
|
259000
|
heap
|
page read and write
|
||
|
9B1000
|
heap
|
page read and write
|
||
|
1DFDD000
|
stack
|
page read and write
|
||
|
96B000
|
heap
|
page read and write
|
||
|
D087000
|
heap
|
page read and write
|
||
|
F65E000
|
stack
|
page read and write
|
||
|
A59000
|
heap
|
page read and write
|
||
|
2088000
|
heap
|
page read and write
|
||
|
F760000
|
remote allocation
|
page read and write
|
||
|
50E000
|
remote allocation
|
page execute and read and write
|
||
|
2F7000
|
heap
|
page read and write
|
||
|
2481B000
|
stack
|
page read and write
|
||
|
946000
|
heap
|
page read and write
|
||
|
9D3000
|
heap
|
page read and write
|
||
|
1D972000
|
direct allocation
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
2080000
|
heap
|
page read and write
|
||
|
45D000
|
unkown
|
page readonly
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
26EC2000
|
heap
|
page read and write
|
||
|
A5E000
|
heap
|
page read and write
|
||
|
902000
|
heap
|
page read and write
|
||
|
8DE000
|
heap
|
page read and write
|
||
|
1DF3E000
|
stack
|
page read and write
|
||
|
984000
|
heap
|
page read and write
|
||
|
1D990000
|
heap
|
page read and write
|
||
|
9FF000
|
heap
|
page read and write
|
||
|
2476F000
|
stack
|
page read and write
|
||
|
26EA0000
|
heap
|
page read and write
|
||
|
18D000
|
stack
|
page read and write
|
||
|
18CAF000
|
stack
|
page read and write
|
||
|
9FF000
|
heap
|
page read and write
|
||
|
F5DE000
|
stack
|
page read and write
|
||
|
8F3000
|
heap
|
page read and write
|
||
|
9D7000
|
heap
|
page read and write
|
||
|
52D000
|
remote allocation
|
page execute and read and write
|
||
|
9FF000
|
heap
|
page read and write
|
||
|
8D7000
|
heap
|
page read and write
|
||
|
24780000
|
trusted library allocation
|
page read and write
|
||
|
1D72F000
|
stack
|
page read and write
|
||
|
88000
|
stack
|
page read and write
|
||
|
630000
|
remote allocation
|
page execute and read and write
|
||
|
330000
|
trusted library allocation
|
page read and write
|
||
|
908000
|
heap
|
page read and write
|
||
|
A59000
|
heap
|
page read and write
|
||
|
983000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
993000
|
heap
|
page read and write
|
||
|
1DC74000
|
heap
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
430000
|
remote allocation
|
page execute and read and write
|
||
|
947000
|
heap
|
page read and write
|
||
|
17C000
|
stack
|
page read and write
|
||
|
2CD000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
8D8000
|
heap
|
page read and write
|
||
|
A5E000
|
heap
|
page read and write
|
||
|
A5E000
|
heap
|
page read and write
|
||
|
1E010000
|
heap
|
page read and write
|
||
|
948000
|
heap
|
page read and write
|
||
|
1D896000
|
direct allocation
|
page execute read
|
||
|
1D730000
|
direct allocation
|
page execute and read and write
|
||
|
993000
|
heap
|
page read and write
|
||
|
29540000
|
heap
|
page read and write
|
||
|
9FF000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
1D731000
|
direct allocation
|
page execute read
|
||
|
A5E000
|
heap
|
page read and write
|
||
|
614000
|
heap
|
page read and write
|
||
|
360000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
32C3000
|
trusted library allocation
|
page read and write
|
||
|
18C000
|
stack
|
page read and write
|
||
|
F740000
|
trusted library allocation
|
page read and write
|
||
|
1D93D000
|
direct allocation
|
page execute read
|
||
|
4D1000
|
remote allocation
|
page execute and read and write
|
||
|
1EA2000
|
heap
|
page read and write
|
||
|
8D4000
|
heap
|
page read and write
|
||
|
4A9000
|
remote allocation
|
page execute and read and write
|
||
|
8E6000
|
heap
|
page read and write
|
||
|
4380000
|
heap
|
page read and write
|
||
|
8F6000
|
heap
|
page read and write
|
||
|
1D97F000
|
direct allocation
|
page readonly
|
||
|
940000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2F0000
|
heap
|
page read and write
|
||
|
11CEF000
|
stack
|
page read and write
|
||
|
1D97A000
|
direct allocation
|
page readonly
|
||
|
9C9000
|
heap
|
page read and write
|
||
|
4B1000
|
remote allocation
|
page execute and read and write
|
||
|
B0F000
|
heap
|
page read and write
|
||
|
903000
|
heap
|
page read and write
|
||
|
D060000
|
heap
|
page read and write
|
||
|
294FC000
|
stack
|
page read and write
|
||
|
36000
|
heap
|
page read and write
|
||
|
F6DF000
|
stack
|
page read and write
|
||
|
26E60000
|
heap
|
page read and write
|
||
|
F61E000
|
stack
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
210000
|
heap
|
page read and write
|
||
|
539000
|
remote allocation
|
page execute and read and write
|
||
|
1E84000
|
heap
|
page read and write
|
||
|
1B0000
|
direct allocation
|
page execute and read and write
|
||
|
993000
|
heap
|
page read and write
|
||
|
183000
|
stack
|
page read and write
|
||
|
459000
|
unkown
|
page write copy
|
||
|
970000
|
heap
|
page read and write
|
||
|
247A0000
|
heap
|
page read and write
|
||
|
29687000
|
heap
|
page read and write
|
||
|
1D738000
|
direct allocation
|
page execute read
|
||
|
8FD000
|
heap
|
page read and write
|
||
|
4A6000
|
remote allocation
|
page execute and read and write
|
||
|
1E000000
|
trusted library allocation
|
page read and write
|
||
|
9FF000
|
heap
|
page read and write
|
||
|
26EA4000
|
heap
|
page read and write
|
||
|
25F000
|
heap
|
page read and write
|
||
|
456000
|
unkown
|
page write copy
|
||
|
314000
|
heap
|
page read and write
|
||
|
CFCF000
|
stack
|
page read and write
|
||
|
D069000
|
heap
|
page read and write
|
||
|
918000
|
heap
|
page read and write
|
||
|
A59000
|
heap
|
page read and write
|
||
|
330000
|
heap
|
page read and write
|
||
|
4AF000
|
unkown
|
page write copy
|
||
|
F760000
|
remote allocation
|
page read and write
|
||
|
9C1000
|
heap
|
page read and write
|
||
|
324000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
F6E0000
|
heap
|
page read and write
|
||
|
8FF000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
425000
|
remote allocation
|
page execute and read and write
|
||
|
983000
|
heap
|
page read and write
|
||
|
24D000
|
heap
|
page read and write
|
||
|
9D3000
|
heap
|
page read and write
|
||
|
A87000
|
heap
|
page read and write
|
||
|
CD000
|
stack
|
page read and write
|
||
|
947000
|
heap
|
page read and write
|
||
|
8ED000
|
heap
|
page read and write
|
||
|
A5A000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
502000
|
remote allocation
|
page execute and read and write
|
||
|
8ED000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
2974C000
|
heap
|
page read and write
|
||
|
1D948000
|
direct allocation
|
page readonly
|
||
|
641000
|
remote allocation
|
page execute and read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
9C1000
|
heap
|
page read and write
|
||
|
969000
|
heap
|
page read and write
|
||
|
43F000
|
remote allocation
|
page execute and read and write
|
||
|
947000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
1E10000
|
heap
|
page read and write
|
||
|
4AC000
|
unkown
|
page write copy
|
||
|
947000
|
heap
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
983000
|
heap
|
page read and write
|
||
|
A59000
|
heap
|
page read and write
|
||
|
2974E000
|
heap
|
page read and write
|
||
|
983000
|
heap
|
page read and write
|
||
|
A2D000
|
heap
|
page read and write
|
||
|
445000
|
remote allocation
|
page execute and read and write
|
||
|
942000
|
heap
|
page read and write
|
||
|
434E000
|
stack
|
page read and write
|
||
|
2084000
|
heap
|
page read and write
|
||
|
844000
|
heap
|
page read and write
|
||
|
1D93F000
|
direct allocation
|
page readonly
|
||
|
1D50000
|
direct allocation
|
page read and write
|
||
|
8F6000
|
heap
|
page read and write
|
||
|
971000
|
heap
|
page read and write
|
||
|
1E00B000
|
heap
|
page read and write
|
||
|
969000
|
heap
|
page read and write
|
||
|
18C000
|
stack
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
D00E000
|
stack
|
page read and write
|
||
|
221ED000
|
stack
|
page read and write
|
||
|
29547000
|
heap
|
page read and write
|
||
|
8F8000
|
heap
|
page read and write
|
||
|
969000
|
heap
|
page read and write
|
||
|
8DE000
|
heap
|
page read and write
|
||
|
B19000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
367000
|
heap
|
page read and write
|
||
|
26F000
|
heap
|
page read and write
|
||
|
93D000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
1422F000
|
stack
|
page read and write
|
||
|
8C000
|
stack
|
page read and write
|
||
|
208B000
|
heap
|
page read and write
|
||
|
9B8000
|
heap
|
page read and write
|
||
|
A59000
|
heap
|
page read and write
|
||
|
2C4000
|
heap
|
page read and write
|
||
|
296A5000
|
heap
|
page read and write
|
||
|
319DC000
|
stack
|
page read and write
|
||
|
983000
|
heap
|
page read and write
|
||
|
430F000
|
stack
|
page read and write
|
||
|
807000
|
heap
|
page read and write
|
||
|
824000
|
heap
|
page read and write
|
||
|
43C0000
|
unclassified section
|
page read and write
|
||
|
F770000
|
heap
|
page read and write
|
||
|
B17000
|
heap
|
page read and write
|
||
|
F6F2000
|
heap
|
page read and write
|
||
|
1B1ED000
|
stack
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
9B3000
|
heap
|
page read and write
|
||
|
8E6000
|
heap
|
page read and write
|
||
|
942000
|
heap
|
page read and write
|
||
|
26D7E000
|
stack
|
page read and write
|
||
|
5C8000
|
remote allocation
|
page execute and read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
983000
|
heap
|
page read and write
|
||
|
1D97D000
|
direct allocation
|
page readonly
|
||
|
983000
|
heap
|
page read and write
|
||
|
944000
|
heap
|
page read and write
|
||
|
A7E000
|
heap
|
page read and write
|
||
|
9FF000
|
heap
|
page read and write
|
||
|
8E6000
|
heap
|
page read and write
|
||
|
A59000
|
heap
|
page read and write
|
||
|
2222F000
|
stack
|
page read and write
|
||
|
B1C000
|
heap
|
page read and write
|
||
|
1DA90000
|
trusted library allocation
|
page read and write
|
||
|
263000
|
heap
|
page read and write
|
||
|
983000
|
heap
|
page read and write
|
||
|
969000
|
heap
|
page read and write
|
||
|
969000
|
heap
|
page read and write
|
||
|
3B000
|
heap
|
page read and write
|
||
|
969000
|
heap
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
8E6000
|
heap
|
page read and write
|
||
|
456000
|
unkown
|
page read and write
|
||
|
A5E000
|
heap
|
page read and write
|
||
|
1FCAC000
|
stack
|
page read and write
|
||
|
284000
|
heap
|
page read and write
|
||
|
230000
|
heap
|
page read and write
|
||
|
8FD000
|
heap
|
page read and write
|
||
|
8FF000
|
heap
|
page read and write
|
||
|
8DF000
|
heap
|
page read and write
|
||
|
A5E000
|
heap
|
page read and write
|
||
|
A59000
|
heap
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
F69C000
|
stack
|
page read and write
|
||
|
1E000000
|
heap
|
page read and write
|
||
|
24830000
|
heap
|
page read and write
|
||
|
1E80000
|
heap
|
page read and write
|
||
|
8F3000
|
heap
|
page read and write
|
There are 255 hidden memdumps, click here to show them.