Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
lem.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\820565\Refugees.pif
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\ProgramData\JKJEHJKJEBGH\CBAKJE
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4,
UTF-8, version-valid-for 4
|
dropped
|
||
|
C:\ProgramData\JKJEHJKJEBGH\DHIEHI
|
SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4,
UTF-8, version-valid-for 2
|
dropped
|
||
|
C:\ProgramData\JKJEHJKJEBGH\ECFCBK
|
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie
0x24, schema 4, UTF-8, version-valid-for 2
|
modified
|
||
|
C:\ProgramData\JKJEHJKJEBGH\FIIEHJ
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8,
version-valid-for 11
|
dropped
|
||
|
C:\ProgramData\JKJEHJKJEBGH\HCAEBF
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie
0x21, schema 4, UTF-8, version-valid-for 3
|
dropped
|
||
|
C:\ProgramData\JKJEHJKJEBGH\JKJEHJ
|
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie
0xe, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\ProgramData\JKJEHJKJEBGH\KEGCBF
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie
0xb, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\sqlt[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\820565\n
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Bbs
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Bind
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Butler
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Darwin
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Dow
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Encounter
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Eos
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Essential
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Framing
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Hierarchy
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Ignored
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Inappropriate
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Jim
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Parker
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Patterns
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Pork
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Regards
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Rh
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Scheme
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Son
|
ASCII text, with very long lines (500), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Son.cmd
|
ASCII text, with very long lines (500), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Specialists
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Spyware
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Story
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Tags
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Teams
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Translation
|
data
|
dropped
|
There are 28 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\lem.exe
|
"C:\Users\user\Desktop\lem.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /k copy Son Son.cmd & Son.cmd & exit
|
|
|
|
C:\Windows\SysWOW64\findstr.exe
|
findstr /I "wrsa.exe opssvc.exe"
|
|
|
|
C:\Windows\SysWOW64\findstr.exe
|
findstr /I "avastui.exe avgui.exe bdservicehost.exe nswscsvc.exe sophoshealth.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd /c md 820565
|
|
|
|
C:\Windows\SysWOW64\findstr.exe
|
findstr /V "StudiedForeignTitansCircles" Eos
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd /c copy /b Bind + Dow 820565\n
|
|
|
|
C:\Users\user\AppData\Local\Temp\820565\Refugees.pif
|
820565\Refugees.pif 820565\n
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\tasklist.exe
|
tasklist
|
||
|
C:\Windows\SysWOW64\tasklist.exe
|
tasklist
|
||
|
C:\Windows\SysWOW64\timeout.exe
|
timeout 5
|
There are 2 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://steamcommunity.com/profiles/76561199730044335
|
|
||
|
https://t.me/bu77un
|
149.154.167.99
|
|
|
|
https://t.me/b
|
unknown
|
|
|
|
https://duckduckgo.com/chrome_newtab
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
https://web.telegram.org
|
unknown
|
||
|
https://5.75.221.27:5432
|
unknown
|
||
|
https://5.75.221.27:5432c4c17bdle
|
unknown
|
||
|
https://5.75.221.27:5432/msvcp140.dll7
|
unknown
|
||
|
https://5.75.221.27:5432/r3
|
unknown
|
||
|
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
|
unknown
|
||
|
https://5.75.221.27:5432/msvcp140.dll
|
unknown
|
||
|
https://t.me/C
|
unknown
|
||
|
https://5.75.221.27/
|
unknown
|
||
|
https://5.75.221.27:5432/v
|
unknown
|
||
|
https://5.75.221.27:5432/r
|
unknown
|
||
|
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe
|
unknown
|
||
|
https://5.75.221.27:5432/vcruntime140.dllll
|
unknown
|
||
|
http://www.autoitscript.com/autoit3/0
|
unknown
|
||
|
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
|
unknown
|
||
|
https://5.75.221.27:5432/mozglue.dll
|
unknown
|
||
|
https://5.75.221.27:5432/softokn3.dll:5432/nss3.dll~
|
unknown
|
||
|
https://5.75.221.27:5432/y
|
unknown
|
||
|
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199730044335hellosqlt.dllsqlite3.dll
|
unknown
|
||
|
https://5.75.221.27:5432/mozglue.dllt
|
unknown
|
||
|
https://5.75.221.27:5432GHl
|
unknown
|
||
|
https://5.75.221.27:5432/key
|
unknown
|
||
|
https://5.75.221.27:5432/p
|
unknown
|
||
|
https://5.75.221.27:5432/softokn3.dll:
|
unknown
|
||
|
https://5.75.221.27:5432/er
|
unknown
|
||
|
http://www.sqlite.org/copyright.html.
|
unknown
|
||
|
https://5.75.221.27:5432/freebl3.dll
|
unknown
|
||
|
https://5.75.221.27:5432/al
|
unknown
|
||
|
https://5.75.221.27:5432aming
|
unknown
|
||
|
http://www.autoitscript.com/autoit3/J
|
unknown
|
||
|
https://5.75.221.27:5432/nss3.dll
|
unknown
|
||
|
https://5.75.221.27:5432/crosoft
|
unknown
|
||
|
https://5.75.221.27:5432/sqlt.dll
|
unknown
|
||
|
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
|
unknown
|
||
|
https://5.75.221.27:5432/vcruntime140.dll
|
unknown
|
||
|
https://5.75.221.27:5432/.BAT;.CMD;.VBS;.VBE;.JS;.J
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
https://5.75.221.27:5432/id;
|
unknown
|
||
|
https://5.75.221.27:5432/sqlt.dll2
|
unknown
|
||
|
https://5.75.221.27:5432/vcruntime140.dlltch
|
unknown
|
||
|
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
https://5.75.221.27:5432/softokn3.dll
|
unknown
|
||
|
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exe
|
unknown
|
||
|
https://www.ecosia.org/newtab/
|
unknown
|
||
|
https://5.75.221.27:5432/indows
|
unknown
|
||
|
https://5.75.221.27:5432/vcruntime140.dlle
|
unknown
|
||
|
https://5.75.221.27:5432/softokn3.dlla
|
unknown
|
||
|
https://5.75.221.27:5432/K
|
unknown
|
||
|
https://5.75.221.27:5432/4c17bdosoft
|
unknown
|
||
|
https://ac.ecosia.org/autocomplete?q=
|
unknown
|
||
|
https://5.75.221.27:5432/
|
unknown
|
||
|
https://t.me/bu77unguf_hMozilla/5.0
|
unknown
|
||
|
https://5.75.221.27:5432/r&
|
unknown
|
||
|
https://5.75.221.27:5432/nss3.dllsoft
|
unknown
|
||
|
https://5.75.221.27:5432/vcruntime140.dll15;
|
unknown
|
||
|
https://5.75.221.27:5432/freebl3.dllt
|
unknown
|
||
|
https://5.75.221.27:5432cal
|
unknown
|
||
|
https://5.75.221.27:5432ntel
|
unknown
|
||
|
https://5.75.221.27:5432B
|
unknown
|
||
|
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
|
unknown
|
||
|
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
|
unknown
|
||
|
https://5.75.221.27:5432/)
|
unknown
|
There are 60 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
t.me
|
149.154.167.99
|
|
|
|
aeADchOTjdneRFbvgcniIPnKrpAg.aeADchOTjdneRFbvgcniIPnKrpAg
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
149.154.167.99
|
t.me
|
United Kingdom
|
|
|
|
5.75.221.27
|
unknown
|
Germany
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1928000
|
trusted library allocation
|
page read and write
|
|
|
|
1891000
|
trusted library allocation
|
page read and write
|
|
|
|
1891000
|
trusted library allocation
|
page read and write
|
|
|
|
1AE7000
|
trusted library allocation
|
page read and write
|
|
|
|
1AE7000
|
trusted library allocation
|
page read and write
|
|
|
|
1756000
|
heap
|
page read and write
|
|
|
|
4715000
|
direct allocation
|
page execute and read and write
|
|
|
|
1929000
|
trusted library allocation
|
page read and write
|
|
|
|
17FB000
|
heap
|
page read and write
|
|
|
|
46D8000
|
trusted library allocation
|
page read and write
|
|
|
|
1898000
|
trusted library allocation
|
page read and write
|
|
|
|
46D1000
|
direct allocation
|
page execute and read and write
|
|
|
|
1C6E000
|
trusted library allocation
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
9A0000
|
unkown
|
page readonly
|
||
|
2091000
|
heap
|
page read and write
|
||
|
86D000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
D0D4000
|
trusted library allocation
|
page read and write
|
||
|
28BA000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1D23000
|
trusted library allocation
|
page read and write
|
||
|
B91F000
|
stack
|
page read and write
|
||
|
17FC000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
1AE7000
|
trusted library allocation
|
page read and write
|
||
|
17A2000
|
heap
|
page read and write
|
||
|
1B3F000
|
trusted library allocation
|
page read and write
|
||
|
1991000
|
trusted library allocation
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
41F000
|
unkown
|
page read and write
|
||
|
1FD0000
|
trusted library allocation
|
page read and write
|
||
|
1E67000
|
trusted library allocation
|
page read and write
|
||
|
1846000
|
heap
|
page read and write
|
||
|
9A0000
|
unkown
|
page readonly
|
||
|
2091000
|
heap
|
page read and write
|
||
|
1768000
|
heap
|
page read and write
|
||
|
1480000
|
heap
|
page read and write
|
||
|
17A4000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
42CC000
|
stack
|
page read and write
|
||
|
1A4C000
|
trusted library allocation
|
page read and write
|
||
|
A55000
|
unkown
|
page readonly
|
||
|
1B91000
|
trusted library allocation
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
11FC000
|
stack
|
page read and write
|
||
|
1498000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
BC0000
|
direct allocation
|
page execute and read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
1768000
|
heap
|
page read and write
|
||
|
4FC0000
|
heap
|
page read and write
|
||
|
85A000
|
heap
|
page read and write
|
||
|
EAE000
|
stack
|
page read and write
|
||
|
35AC000
|
stack
|
page read and write
|
||
|
863000
|
heap
|
page read and write
|
||
|
A68000
|
unkown
|
page readonly
|
||
|
1C57000
|
trusted library allocation
|
page read and write
|
||
|
CCC6000
|
direct allocation
|
page execute read
|
||
|
95E000
|
stack
|
page read and write
|
||
|
A63000
|
unkown
|
page write copy
|
||
|
A3F000
|
stack
|
page read and write
|
||
|
74D000
|
heap
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
1460000
|
heap
|
page read and write
|
||
|
2320000
|
heap
|
page read and write
|
||
|
1C62000
|
trusted library allocation
|
page read and write
|
||
|
74D000
|
heap
|
page read and write
|
||
|
AA7000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
17B2000
|
heap
|
page read and write
|
||
|
17F0000
|
heap
|
page read and write
|
||
|
1513000
|
heap
|
page read and write
|
||
|
206E000
|
stack
|
page read and write
|
||
|
3310000
|
heap
|
page read and write
|
||
|
CA0F000
|
stack
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
EA0000
|
heap
|
page read and write
|
||
|
1E3D000
|
trusted library allocation
|
page read and write
|
||
|
2FB5000
|
heap
|
page read and write
|
||
|
17A7000
|
heap
|
page read and write
|
||
|
C5D0000
|
remote allocation
|
page read and write
|
||
|
1490000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
1991000
|
trusted library allocation
|
page read and write
|
||
|
183E000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
1976000
|
trusted library allocation
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
1A66000
|
trusted library allocation
|
page read and write
|
||
|
28BB000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
28B7000
|
heap
|
page read and write
|
||
|
14B4000
|
heap
|
page read and write
|
||
|
28B4000
|
heap
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
2FAC000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
470F000
|
direct allocation
|
page execute and read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
11DB000
|
stack
|
page read and write
|
||
|
1AD0000
|
trusted library allocation
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
17FC000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
E7F000
|
stack
|
page read and write
|
||
|
CA2F000
|
trusted library allocation
|
page read and write
|
||
|
11DD000
|
stack
|
page read and write
|
||
|
2FA9000
|
heap
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
2770000
|
heap
|
page read and write
|
||
|
4781000
|
direct allocation
|
page execute and read and write
|
||
|
4EDF000
|
stack
|
page read and write
|
||
|
4E9E000
|
stack
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
1378000
|
heap
|
page read and write
|
||
|
98A000
|
stack
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
1CE000
|
stack
|
page read and write
|
||
|
1B90000
|
trusted library allocation
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
1E3C000
|
trusted library allocation
|
page read and write
|
||
|
28BA000
|
heap
|
page read and write
|
||
|
17FC000
|
heap
|
page read and write
|
||
|
1ED5000
|
trusted library allocation
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
3CA0000
|
trusted library allocation
|
page read and write
|
||
|
1D55000
|
trusted library allocation
|
page read and write
|
||
|
62E000
|
stack
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
3DC000
|
stack
|
page read and write
|
||
|
868000
|
heap
|
page read and write
|
||
|
1A57000
|
trusted library allocation
|
page read and write
|
||
|
CA40000
|
trusted library allocation
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
47DF000
|
stack
|
page read and write
|
||
|
4776000
|
direct allocation
|
page execute and read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
182F000
|
heap
|
page read and write
|
||
|
1768000
|
heap
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
A30000
|
unkown
|
page readonly
|
||
|
2091000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
47AD000
|
direct allocation
|
page execute and read and write
|
||
|
25AF000
|
stack
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
2FB2000
|
heap
|
page read and write
|
||
|
46CD000
|
stack
|
page read and write
|
||
|
171D000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
17A8000
|
heap
|
page read and write
|
||
|
A7E000
|
stack
|
page read and write
|
||
|
85A000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
1B91000
|
trusted library allocation
|
page read and write
|
||
|
276F000
|
stack
|
page read and write
|
||
|
CB40000
|
trusted library allocation
|
page read and write
|
||
|
DC000
|
stack
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
1768000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
83E000
|
heap
|
page read and write
|
||
|
86D000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
9A1000
|
unkown
|
page execute read
|
||
|
2091000
|
heap
|
page read and write
|
||
|
C19D000
|
stack
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
E56000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
2F78000
|
heap
|
page read and write
|
||
|
2FA9000
|
heap
|
page read and write
|
||
|
665000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
755000
|
heap
|
page read and write
|
||
|
11C000
|
stack
|
page read and write
|
||
|
2FB6000
|
heap
|
page read and write
|
||
|
1484000
|
heap
|
page read and write
|
||
|
83F000
|
heap
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
3E50000
|
trusted library allocation
|
page read and write
|
||
|
1891000
|
trusted library allocation
|
page read and write
|
||
|
CF8D000
|
trusted library allocation
|
page read and write
|
||
|
17E7000
|
heap
|
page read and write
|
||
|
18DE000
|
trusted library allocation
|
page read and write
|
||
|
1630000
|
heap
|
page read and write
|
||
|
47D2000
|
direct allocation
|
page execute and read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
17F2000
|
heap
|
page read and write
|
||
|
A5F000
|
unkown
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
862000
|
heap
|
page read and write
|
||
|
1B2E000
|
trusted library allocation
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
1A36000
|
trusted library allocation
|
page read and write
|
||
|
2FBA000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
1D08000
|
trusted library allocation
|
page read and write
|
||
|
317E000
|
stack
|
page read and write
|
||
|
28B1000
|
heap
|
page read and write
|
||
|
1A2E000
|
trusted library allocation
|
page read and write
|
||
|
256E000
|
stack
|
page read and write
|
||
|
2F0F000
|
stack
|
page read and write
|
||
|
2FAD000
|
heap
|
page read and write
|
||
|
16E8000
|
heap
|
page read and write
|
||
|
1C7E000
|
trusted library allocation
|
page read and write
|
||
|
4F1E000
|
stack
|
page read and write
|
||
|
1768000
|
heap
|
page read and write
|
||
|
2F9D000
|
heap
|
page read and write
|
||
|
1690000
|
heap
|
page read and write
|
||
|
84C000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
C5D0000
|
remote allocation
|
page read and write
|
||
|
28B2000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
828000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
18DE000
|
trusted library allocation
|
page read and write
|
||
|
47A1000
|
direct allocation
|
page execute and read and write
|
||
|
9FE000
|
stack
|
page read and write
|
||
|
C5D0000
|
remote allocation
|
page read and write
|
||
|
1891000
|
trusted library allocation
|
page read and write
|
||
|
D0F2000
|
trusted library allocation
|
page read and write
|
||
|
1F42000
|
trusted library allocation
|
page read and write
|
||
|
1AE7000
|
trusted library allocation
|
page read and write
|
||
|
2F92000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2091000
|
heap
|
page read and write
|
||
|
C60E000
|
stack
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
1B91000
|
trusted library allocation
|
page read and write
|
||
|
1B3F000
|
trusted library allocation
|
page read and write
|
||
|
18DE000
|
trusted library allocation
|
page read and write
|
||
|
4120000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
9A1000
|
unkown
|
page execute read
|
||
|
CDAD000
|
direct allocation
|
page readonly
|
||
|
CDAF000
|
direct allocation
|
page readonly
|
||
|
2FBC000
|
heap
|
page read and write
|
||
|
1768000
|
heap
|
page read and write
|
||
|
200E000
|
stack
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
CB60000
|
direct allocation
|
page execute and read and write
|
||
|
CA50000
|
trusted library allocation
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
428E000
|
stack
|
page read and write
|
||
|
1681000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
47FD000
|
direct allocation
|
page execute and read and write
|
||
|
72A000
|
heap
|
page read and write
|
||
|
A55000
|
unkown
|
page readonly
|
||
|
2FBC000
|
heap
|
page read and write
|
||
|
1891000
|
trusted library allocation
|
page read and write
|
||
|
336E000
|
stack
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
1846000
|
heap
|
page read and write
|
||
|
1890000
|
trusted library allocation
|
page read and write
|
||
|
1AE6000
|
trusted library allocation
|
page read and write
|
||
|
2F4E000
|
stack
|
page read and write
|
||
|
842000
|
heap
|
page read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
28BD000
|
heap
|
page read and write
|
||
|
1A44000
|
trusted library allocation
|
page read and write
|
||
|
CB68000
|
direct allocation
|
page execute read
|
||
|
7AE000
|
stack
|
page read and write
|
||
|
1A38000
|
trusted library allocation
|
page read and write
|
||
|
21B0000
|
heap
|
page read and write
|
||
|
6AE000
|
stack
|
page read and write
|
||
|
8EF000
|
stack
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
1C70000
|
trusted library allocation
|
page read and write
|
||
|
1B91000
|
trusted library allocation
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
1846000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page write copy
|
||
|
1A8B000
|
trusted library allocation
|
page read and write
|
||
|
28B6000
|
heap
|
page read and write
|
||
|
1B3F000
|
trusted library allocation
|
page read and write
|
||
|
28BB000
|
heap
|
page read and write
|
||
|
CD6D000
|
direct allocation
|
page execute read
|
||
|
11BE000
|
stack
|
page read and write
|
||
|
196B000
|
trusted library allocation
|
page read and write
|
||
|
63C000
|
stack
|
page read and write
|
||
|
1734000
|
heap
|
page read and write
|
||
|
28BB000
|
heap
|
page read and write
|
||
|
4F4000
|
unkown
|
page readonly
|
||
|
4F5F000
|
stack
|
page read and write
|
||
|
BEC000
|
stack
|
page read and write
|
||
|
CA90000
|
trusted library allocation
|
page read and write
|
||
|
86E000
|
heap
|
page read and write
|
||
|
1B91000
|
trusted library allocation
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
CD6F000
|
direct allocation
|
page readonly
|
||
|
19A000
|
stack
|
page read and write
|
||
|
182F000
|
heap
|
page read and write
|
||
|
1B91000
|
trusted library allocation
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
867000
|
heap
|
page read and write
|
||
|
17B2000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
21BA000
|
heap
|
page read and write
|
||
|
164E000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page read and write
|
||
|
BAC000
|
stack
|
page read and write
|
||
|
461000
|
unkown
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
2FB1000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
84D000
|
heap
|
page read and write
|
||
|
1AA0000
|
trusted library allocation
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
19EA000
|
trusted library allocation
|
page read and write
|
||
|
CA25000
|
trusted library allocation
|
page read and write
|
||
|
34AC000
|
stack
|
page read and write
|
||
|
17F6000
|
heap
|
page read and write
|
||
|
1786000
|
heap
|
page read and write
|
||
|
A68000
|
unkown
|
page readonly
|
||
|
1929000
|
trusted library allocation
|
page read and write
|
||
|
C15C000
|
stack
|
page read and write
|
||
|
99F000
|
stack
|
page read and write
|
||
|
28BC000
|
heap
|
page read and write
|
||
|
1B91000
|
trusted library allocation
|
page read and write
|
||
|
4E1E000
|
stack
|
page read and write
|
||
|
1A45000
|
trusted library allocation
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
1ED4000
|
trusted library allocation
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
18DE000
|
trusted library allocation
|
page read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
1846000
|
heap
|
page read and write
|
||
|
3317000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
179B000
|
heap
|
page read and write
|
||
|
479E000
|
stack
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
1846000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
1C7F000
|
trusted library allocation
|
page read and write
|
||
|
28B9000
|
heap
|
page read and write
|
||
|
18DE000
|
trusted library allocation
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
1B91000
|
trusted library allocation
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
28B4000
|
heap
|
page read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
9EF000
|
stack
|
page read and write
|
||
|
18DE000
|
trusted library allocation
|
page read and write
|
||
|
CDAA000
|
direct allocation
|
page readonly
|
||
|
28B9000
|
heap
|
page read and write
|
||
|
4898000
|
direct allocation
|
page execute and read and write
|
||
|
3E8D000
|
stack
|
page read and write
|
||
|
CF94000
|
trusted library allocation
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
83E000
|
heap
|
page read and write
|
||
|
28B6000
|
heap
|
page read and write
|
||
|
28BB000
|
heap
|
page read and write
|
||
|
5120000
|
unclassified section
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
1A5F000
|
trusted library allocation
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
BD1F000
|
stack
|
page read and write
|
||
|
C59D000
|
stack
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
28BA000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
86D000
|
heap
|
page read and write
|
||
|
1C7F000
|
trusted library allocation
|
page read and write
|
||
|
195B000
|
trusted library allocation
|
page read and write
|
||
|
179E000
|
heap
|
page read and write
|
||
|
28BD000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
2FBC000
|
heap
|
page read and write
|
||
|
1747000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
18DE000
|
trusted library allocation
|
page read and write
|
||
|
74D000
|
heap
|
page read and write
|
||
|
1991000
|
trusted library allocation
|
page read and write
|
||
|
1990000
|
trusted library allocation
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
230E000
|
stack
|
page read and write
|
||
|
D199000
|
trusted library allocation
|
page read and write
|
||
|
1EB2000
|
trusted library allocation
|
page read and write
|
||
|
43F000
|
stack
|
page read and write
|
||
|
CDA2000
|
direct allocation
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
1991000
|
trusted library allocation
|
page read and write
|
||
|
14C5000
|
heap
|
page read and write
|
||
|
21B5000
|
heap
|
page read and write
|
||
|
11D2000
|
stack
|
page read and write
|
||
|
2FA9000
|
heap
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
1991000
|
trusted library allocation
|
page read and write
|
||
|
28B4000
|
heap
|
page read and write
|
||
|
1DFA000
|
trusted library allocation
|
page read and write
|
||
|
1558000
|
heap
|
page read and write
|
||
|
1991000
|
trusted library allocation
|
page read and write
|
||
|
46D0000
|
direct allocation
|
page read and write
|
||
|
A30000
|
unkown
|
page readonly
|
||
|
2091000
|
heap
|
page read and write
|
||
|
22CE000
|
stack
|
page read and write
|
||
|
2090000
|
heap
|
page read and write
|
||
|
6F8000
|
heap
|
page read and write
|
||
|
1891000
|
trusted library allocation
|
page read and write
|
||
|
20A0000
|
heap
|
page read and write
|
||
|
1532000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
2718000
|
heap
|
page read and write
|
||
|
A5F000
|
unkown
|
page write copy
|
||
|
2091000
|
heap
|
page read and write
|
||
|
866000
|
heap
|
page read and write
|
||
|
1786000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
1C4A000
|
trusted library allocation
|
page read and write
|
||
|
4F90000
|
heap
|
page read and write
|
||
|
28B0000
|
heap
|
page read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
1364000
|
heap
|
page read and write
|
||
|
4779000
|
direct allocation
|
page execute and read and write
|
||
|
1A78000
|
trusted library allocation
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
1B3F000
|
trusted library allocation
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
1768000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
28B7000
|
heap
|
page read and write
|
||
|
17A0000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
11CE000
|
stack
|
page read and write
|
||
|
17B2000
|
heap
|
page read and write
|
||
|
2F9C000
|
heap
|
page read and write
|
||
|
16FF000
|
heap
|
page read and write
|
||
|
4809000
|
direct allocation
|
page execute and read and write
|
||
|
7EF000
|
stack
|
page read and write
|
||
|
21CE000
|
stack
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
1768000
|
heap
|
page read and write
|
||
|
2FA9000
|
heap
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
BD5E000
|
stack
|
page read and write
|
||
|
17B2000
|
heap
|
page read and write
|
||
|
CDC3000
|
trusted library allocation
|
page read and write
|
||
|
1976000
|
trusted library allocation
|
page read and write
|
||
|
1894000
|
trusted library allocation
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
4709000
|
direct allocation
|
page execute and read and write
|
||
|
1CF6000
|
trusted library allocation
|
page read and write
|
||
|
6FE000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
346F000
|
stack
|
page read and write
|
||
|
3E50000
|
trusted library allocation
|
page read and write
|
||
|
28BE000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
2710000
|
heap
|
page read and write
|
||
|
2620000
|
heap
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
17EB000
|
heap
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
2F8E000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
17B2000
|
heap
|
page read and write
|
||
|
17A6000
|
heap
|
page read and write
|
||
|
4F4000
|
unkown
|
page readonly
|
||
|
2091000
|
heap
|
page read and write
|
||
|
28B9000
|
heap
|
page read and write
|
||
|
28B1000
|
heap
|
page read and write
|
||
|
1364000
|
heap
|
page read and write
|
||
|
4913000
|
direct allocation
|
page execute and read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
74D000
|
heap
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
4911000
|
direct allocation
|
page execute and read and write
|
||
|
D19B000
|
trusted library allocation
|
page read and write
|
||
|
28B1000
|
heap
|
page read and write
|
||
|
869000
|
heap
|
page read and write
|
||
|
1A92000
|
trusted library allocation
|
page read and write
|
||
|
1840000
|
heap
|
page read and write
|
||
|
179C000
|
heap
|
page read and write
|
||
|
BD0000
|
trusted library allocation
|
page read and write
|
||
|
85A000
|
heap
|
page read and write
|
||
|
18D4000
|
trusted library allocation
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
4E5F000
|
stack
|
page read and write
|
||
|
1B91000
|
trusted library allocation
|
page read and write
|
||
|
18DE000
|
trusted library allocation
|
page read and write
|
||
|
47DE000
|
direct allocation
|
page execute and read and write
|
||
|
CA20000
|
trusted library allocation
|
page read and write
|
||
|
CD78000
|
direct allocation
|
page readonly
|
||
|
1B91000
|
trusted library allocation
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
771000
|
heap
|
page read and write
|
||
|
75D000
|
heap
|
page read and write
|
||
|
1846000
|
heap
|
page read and write
|
||
|
2FBC000
|
heap
|
page read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
2F8E000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
30DF000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
30DF000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
2091000
|
heap
|
page read and write
|
||
|
1B91000
|
trusted library allocation
|
page read and write
|
||
|
85A000
|
heap
|
page read and write
|
||
|
CB61000
|
direct allocation
|
page execute read
|
There are 545 hidden memdumps, click here to show them.