Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
LisectAVT_2403002A_101.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Wausaukee\unnervously.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\unnervously.vbs
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\aka\yes.png
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\anaboly
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\aut287.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\aut2E6.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autB22F.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autB29D.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autC7C1.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autC84E.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autD398.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autD3E7.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\bhvE943.tmp
|
Extensible storage engine DataBase, version 0x620, checksum 0x3decec11, page size 32768, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\caprone
|
Unicode text, UTF-8 text, with very long lines (29698), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\zhxznlyhhoxqew
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
There are 7 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\LisectAVT_2403002A_101.exe
|
"C:\Users\user\Desktop\LisectAVT_2403002A_101.exe"
|
|
|
|
C:\Users\user\AppData\Local\Wausaukee\unnervously.exe
|
"C:\Users\user\Desktop\LisectAVT_2403002A_101.exe"
|
|
|
|
C:\Users\user\AppData\Local\Wausaukee\unnervously.exe
|
"C:\Users\user\AppData\Local\Wausaukee\unnervously.exe"
|
|
|
|
C:\Users\user\AppData\Local\Wausaukee\unnervously.exe
|
C:\Users\user\AppData\Local\Wausaukee\unnervously.exe /stext "C:\Users\user\AppData\Local\Temp\zhxznlyhhoxqew"
|
|
|
|
C:\Users\user\AppData\Local\Wausaukee\unnervously.exe
|
C:\Users\user\AppData\Local\Wausaukee\unnervously.exe /stext "C:\Users\user\AppData\Local\Temp\kcdsoejjvwpvgchse"
|
|
|
|
C:\Users\user\AppData\Local\Wausaukee\unnervously.exe
|
C:\Users\user\AppData\Local\Wausaukee\unnervously.exe /stext "C:\Users\user\AppData\Local\Temp\meicpwucjehhjidwwwibd"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\unnervously.vbs"
|
|
|
|
C:\Users\user\AppData\Local\Wausaukee\unnervously.exe
|
"C:\Users\user\AppData\Local\Wausaukee\unnervously.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
107.175.229.139
|
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
https://www.google.com
|
unknown
|
||
|
http://www.imvu.comr
|
unknown
|
||
|
http://geoplugin.net/
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
http://geoplugin.net/json.gpL
|
unknown
|
||
|
http://www.imvu.com
|
unknown
|
||
|
https://www.google.com/accounts/servicelogin
|
unknown
|
||
|
https://login.yahoo.com/config/login
|
unknown
|
||
|
http://geoplugin.net/json.gp#0lV
|
unknown
|
||
|
http://www.imvu.coma
|
unknown
|
||
|
http://www.nirsoft.net
|
unknown
|
||
|
http://www.nirsoft.net/
|
unknown
|
||
|
http://geoplugin.net/json.gpSystem32
|
unknown
|
||
|
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
|
unknown
|
||
|
http://www.ebuddy.com
|
unknown
|
There are 7 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
183.59.114.20.in-addr.arpa
|
unknown
|
|
|
|
206.23.85.13.in-addr.arpa
|
unknown
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
|
geoplugin.net
|
178.237.33.50
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
107.175.229.139
|
unknown
|
United States
|
|
|
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\jhudguiytgu-AAHEXC
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\jhudguiytgu-AAHEXC
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\jhudguiytgu-AAHEXC
|
time
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
10BA000
|
heap
|
page read and write
|
|
|
|
3AE0000
|
direct allocation
|
page read and write
|
|
|
|
32C0000
|
direct allocation
|
page read and write
|
|
|
|
400000
|
direct allocation
|
page execute and read and write
|
|
|
|
400000
|
direct allocation
|
page execute and read and write
|
|
|
|
3560000
|
direct allocation
|
page read and write
|
|
|
|
2E61000
|
heap
|
page read and write
|
||
|
65AF000
|
stack
|
page read and write
|
||
|
370000
|
unkown
|
page write copy
|
||
|
E0F000
|
heap
|
page read and write
|
||
|
4A86000
|
unclassified section
|
page execute and read and write
|
||
|
2870000
|
heap
|
page read and write
|
||
|
370000
|
unkown
|
page write copy
|
||
|
2888000
|
heap
|
page read and write
|
||
|
4909000
|
heap
|
page read and write
|
||
|
F66000
|
heap
|
page read and write
|
||
|
10F1000
|
heap
|
page read and write
|
||
|
CB2000
|
heap
|
page read and write
|
||
|
4891000
|
heap
|
page read and write
|
||
|
374000
|
unkown
|
page readonly
|
||
|
2899000
|
heap
|
page read and write
|
||
|
1AF4000
|
heap
|
page read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
10F1000
|
heap
|
page read and write
|
||
|
4A30000
|
unclassified section
|
page execute and read and write
|
||
|
10DA000
|
heap
|
page read and write
|
||
|
2899000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
BD7000
|
stack
|
page read and write
|
||
|
2E68000
|
heap
|
page read and write
|
||
|
17E0000
|
heap
|
page read and write
|
||
|
2891000
|
heap
|
page read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
2895000
|
heap
|
page read and write
|
||
|
2E85000
|
heap
|
page read and write
|
||
|
288D000
|
heap
|
page read and write
|
||
|
289A000
|
heap
|
page read and write
|
||
|
2A0000
|
unkown
|
page readonly
|
||
|
374000
|
unkown
|
page readonly
|
||
|
221E000
|
stack
|
page read and write
|
||
|
2898000
|
heap
|
page read and write
|
||
|
BBF000
|
stack
|
page read and write
|
||
|
10F1000
|
heap
|
page read and write
|
||
|
5D4000
|
heap
|
page read and write
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
FFC000
|
heap
|
page read and write
|
||
|
F79000
|
heap
|
page read and write
|
||
|
36C000
|
unkown
|
page write copy
|
||
|
319F000
|
heap
|
page read and write
|
||
|
E8B000
|
heap
|
page read and write
|
||
|
103E000
|
stack
|
page read and write
|
||
|
428E000
|
direct allocation
|
page read and write
|
||
|
2884000
|
heap
|
page read and write
|
||
|
2895000
|
heap
|
page read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
15C0000
|
direct allocation
|
page execute and read and write
|
||
|
1169000
|
heap
|
page read and write
|
||
|
2E8C000
|
heap
|
page read and write
|
||
|
2884000
|
heap
|
page read and write
|
||
|
F79000
|
heap
|
page read and write
|
||
|
33C000
|
unkown
|
page readonly
|
||
|
F79000
|
heap
|
page read and write
|
||
|
47BF000
|
stack
|
page read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
287C000
|
heap
|
page read and write
|
||
|
1169000
|
heap
|
page read and write
|
||
|
2881000
|
heap
|
page read and write
|
||
|
C88000
|
heap
|
page read and write
|
||
|
2A0000
|
unkown
|
page readonly
|
||
|
362000
|
unkown
|
page readonly
|
||
|
1A10000
|
heap
|
page read and write
|
||
|
1169000
|
heap
|
page read and write
|
||
|
4AB0000
|
unclassified section
|
page execute and read and write
|
||
|
1658000
|
heap
|
page read and write
|
||
|
36C000
|
unkown
|
page write copy
|
||
|
E0F000
|
heap
|
page read and write
|
||
|
2E8D000
|
heap
|
page read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
374000
|
unkown
|
page readonly
|
||
|
362000
|
unkown
|
page readonly
|
||
|
370000
|
unkown
|
page write copy
|
||
|
2889000
|
heap
|
page read and write
|
||
|
2898000
|
heap
|
page read and write
|
||
|
2D64000
|
heap
|
page read and write
|
||
|
2898000
|
heap
|
page read and write
|
||
|
362000
|
unkown
|
page readonly
|
||
|
243F3656000
|
heap
|
page read and write
|
||
|
3B5E000
|
stack
|
page read and write
|
||
|
10F1000
|
heap
|
page read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
48FA000
|
heap
|
page read and write
|
||
|
2891000
|
heap
|
page read and write
|
||
|
FD8000
|
heap
|
page read and write
|
||
|
5EA000
|
stack
|
page read and write
|
||
|
10BE000
|
heap
|
page read and write
|
||
|
2A0000
|
unkown
|
page readonly
|
||
|
2A1000
|
unkown
|
page execute read
|
||
|
EC8000
|
heap
|
page read and write
|
||
|
A1C000
|
stack
|
page read and write
|
||
|
243F38D5000
|
heap
|
page read and write
|
||
|
2895000
|
heap
|
page read and write
|
||
|
3195000
|
heap
|
page read and write
|
||
|
F6B000
|
heap
|
page read and write
|
||
|
2891000
|
heap
|
page read and write
|
||
|
10F1000
|
heap
|
page read and write
|
||
|
FFB000
|
heap
|
page read and write
|
||
|
D35000
|
heap
|
page read and write
|
||
|
4A8C000
|
unclassified section
|
page execute and read and write
|
||
|
F8F000
|
heap
|
page read and write
|
||
|
F8A000
|
heap
|
page read and write
|
||
|
135F000
|
stack
|
page read and write
|
||
|
2895000
|
heap
|
page read and write
|
||
|
2D8F000
|
stack
|
page read and write
|
||
|
BCE000
|
stack
|
page read and write
|
||
|
2860000
|
heap
|
page read and write
|
||
|
2891000
|
heap
|
page read and write
|
||
|
17CE000
|
heap
|
page read and write
|
||
|
2CA1000
|
heap
|
page read and write
|
||
|
288C000
|
heap
|
page read and write
|
||
|
F8A000
|
heap
|
page read and write
|
||
|
49FD000
|
unclassified section
|
page execute and read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
1044000
|
heap
|
page read and write
|
||
|
DED000
|
heap
|
page read and write
|
||
|
F8F000
|
heap
|
page read and write
|
||
|
2898000
|
heap
|
page read and write
|
||
|
17C0000
|
heap
|
page read and write
|
||
|
2E68000
|
heap
|
page read and write
|
||
|
243F3470000
|
heap
|
page read and write
|
||
|
2898000
|
heap
|
page read and write
|
||
|
1169000
|
heap
|
page read and write
|
||
|
51A000
|
stack
|
page read and write
|
||
|
2898000
|
heap
|
page read and write
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
D38000
|
heap
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
10EE000
|
heap
|
page read and write
|
||
|
DED000
|
stack
|
page read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
2892000
|
heap
|
page read and write
|
||
|
2A0000
|
unkown
|
page readonly
|
||
|
568E000
|
direct allocation
|
page read and write
|
||
|
3414000
|
heap
|
page read and write
|
||
|
2E69000
|
heap
|
page read and write
|
||
|
BBE000
|
stack
|
page read and write
|
||
|
866E3FE000
|
stack
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
2881000
|
heap
|
page read and write
|
||
|
2EA3000
|
heap
|
page read and write
|
||
|
2899000
|
heap
|
page read and write
|
||
|
BFF000
|
stack
|
page read and write
|
||
|
1169000
|
heap
|
page read and write
|
||
|
F9D000
|
heap
|
page read and write
|
||
|
E0E000
|
heap
|
page read and write
|
||
|
F6B000
|
heap
|
page read and write
|
||
|
2A0000
|
unkown
|
page readonly
|
||
|
2889000
|
heap
|
page read and write
|
||
|
F6B000
|
heap
|
page read and write
|
||
|
FB3000
|
heap
|
page read and write
|
||
|
EF0000
|
direct allocation
|
page execute and read and write
|
||
|
2E8B000
|
heap
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
1044000
|
heap
|
page read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
5D5000
|
heap
|
page read and write
|
||
|
10DA000
|
heap
|
page read and write
|
||
|
2E8C000
|
heap
|
page read and write
|
||
|
54C000
|
stack
|
page read and write
|
||
|
FE2000
|
heap
|
page read and write
|
||
|
BFB000
|
stack
|
page read and write
|
||
|
5D4000
|
heap
|
page read and write
|
||
|
DBA000
|
heap
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
10D8000
|
heap
|
page read and write
|
||
|
33C000
|
unkown
|
page readonly
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
2895000
|
heap
|
page read and write
|
||
|
E2E000
|
heap
|
page read and write
|
||
|
F8F000
|
heap
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
1654000
|
heap
|
page read and write
|
||
|
E3C000
|
heap
|
page read and write
|
||
|
1169000
|
heap
|
page read and write
|
||
|
7E8E000
|
direct allocation
|
page read and write
|
||
|
243F3620000
|
heap
|
page read and write
|
||
|
2A0000
|
unkown
|
page readonly
|
||
|
BFF000
|
stack
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
119F000
|
heap
|
page read and write
|
||
|
117A000
|
heap
|
page read and write
|
||
|
D39000
|
heap
|
page read and write
|
||
|
474000
|
direct allocation
|
page execute and read and write
|
||
|
45D000
|
system
|
page execute and read and write
|
||
|
1190000
|
heap
|
page read and write
|
||
|
FA9000
|
heap
|
page read and write
|
||
|
2E66000
|
heap
|
page read and write
|
||
|
10F1000
|
heap
|
page read and write
|
||
|
2898000
|
heap
|
page read and write
|
||
|
2898000
|
heap
|
page read and write
|
||
|
F97000
|
heap
|
page read and write
|
||
|
17C1000
|
heap
|
page read and write
|
||
|
49A0000
|
unclassified section
|
page execute and read and write
|
||
|
FE3000
|
heap
|
page read and write
|
||
|
3881000
|
direct allocation
|
page read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
5D4000
|
heap
|
page read and write
|
||
|
2330000
|
heap
|
page read and write
|
||
|
6A8E000
|
direct allocation
|
page read and write
|
||
|
F99000
|
heap
|
page read and write
|
||
|
30A4000
|
heap
|
page read and write
|
||
|
2CA0000
|
heap
|
page read and write
|
||
|
187F000
|
stack
|
page read and write
|
||
|
2CAA000
|
heap
|
page read and write
|
||
|
362000
|
unkown
|
page readonly
|
||
|
FFC000
|
heap
|
page read and write
|
||
|
36C000
|
unkown
|
page write copy
|
||
|
33C0000
|
heap
|
page read and write
|
||
|
114C000
|
heap
|
page read and write
|
||
|
41B000
|
system
|
page execute and read and write
|
||
|
16D3000
|
heap
|
page read and write
|
||
|
4C8E000
|
direct allocation
|
page read and write
|
||
|
2E68000
|
heap
|
page read and write
|
||
|
13CF000
|
stack
|
page read and write
|
||
|
F79000
|
heap
|
page read and write
|
||
|
374000
|
unkown
|
page readonly
|
||
|
F89000
|
heap
|
page read and write
|
||
|
17E0000
|
heap
|
page read and write
|
||
|
10F1000
|
heap
|
page read and write
|
||
|
287C000
|
heap
|
page read and write
|
||
|
1044000
|
heap
|
page read and write
|
||
|
FFA000
|
stack
|
page read and write
|
||
|
116A000
|
heap
|
page read and write
|
||
|
2881000
|
heap
|
page read and write
|
||
|
D43000
|
heap
|
page read and write
|
||
|
EE1000
|
heap
|
page read and write
|
||
|
30D1000
|
heap
|
page read and write
|
||
|
866DFBA000
|
stack
|
page read and write
|
||
|
D42000
|
heap
|
page read and write
|
||
|
17B0000
|
heap
|
page read and write
|
||
|
362000
|
unkown
|
page readonly
|
||
|
F97000
|
heap
|
page read and write
|
||
|
866E8FE000
|
stack
|
page read and write
|
||
|
370000
|
unkown
|
page write copy
|
||
|
243F38D0000
|
heap
|
page read and write
|
||
|
33C000
|
unkown
|
page readonly
|
||
|
10F1000
|
heap
|
page read and write
|
||
|
10B0000
|
heap
|
page read and write
|
||
|
362000
|
unkown
|
page readonly
|
||
|
2898000
|
heap
|
page read and write
|
||
|
F53000
|
heap
|
page read and write
|
||
|
98C000
|
stack
|
page read and write
|
||
|
1120000
|
heap
|
page read and write
|
||
|
2A0000
|
unkown
|
page readonly
|
||
|
FFB000
|
heap
|
page read and write
|
||
|
FA5000
|
heap
|
page read and write
|
||
|
2E85000
|
heap
|
page read and write
|
||
|
2898000
|
heap
|
page read and write
|
||
|
100C000
|
heap
|
page read and write
|
||
|
2881000
|
heap
|
page read and write
|
||
|
F2E000
|
stack
|
page read and write
|
||
|
100C000
|
heap
|
page read and write
|
||
|
F5C000
|
heap
|
page read and write
|
||
|
F89000
|
heap
|
page read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
F79000
|
heap
|
page read and write
|
||
|
374000
|
unkown
|
page readonly
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
5D5000
|
heap
|
page read and write
|
||
|
370000
|
unkown
|
page write copy
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
288C000
|
heap
|
page read and write
|
||
|
928E000
|
direct allocation
|
page read and write
|
||
|
243F3550000
|
heap
|
page read and write
|
||
|
F6E000
|
stack
|
page read and write
|
||
|
118F000
|
heap
|
page read and write
|
||
|
E82000
|
heap
|
page read and write
|
||
|
1044000
|
heap
|
page read and write
|
||
|
1168000
|
heap
|
page read and write
|
||
|
866E5FE000
|
stack
|
page read and write
|
||
|
2881000
|
heap
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
5D5000
|
heap
|
page read and write
|
||
|
1044000
|
heap
|
page read and write
|
||
|
2E6F000
|
heap
|
page read and write
|
||
|
16C000
|
unkown
|
page read and write
|
||
|
1652000
|
heap
|
page read and write
|
||
|
370000
|
unkown
|
page write copy
|
||
|
2E96000
|
heap
|
page read and write
|
||
|
2891000
|
heap
|
page read and write
|
||
|
2E61000
|
heap
|
page read and write
|
||
|
2889000
|
heap
|
page read and write
|
||
|
3196000
|
heap
|
page read and write
|
||
|
243F4FC0000
|
heap
|
page read and write
|
||
|
125C000
|
heap
|
page read and write
|
||
|
36C000
|
unkown
|
page write copy
|
||
|
13EF000
|
stack
|
page read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
1658000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
10F1000
|
heap
|
page read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
4A13000
|
unclassified section
|
page execute and read and write
|
||
|
FB3000
|
heap
|
page read and write
|
||
|
5D4000
|
heap
|
page read and write
|
||
|
3060000
|
trusted library allocation
|
page read and write
|
||
|
F79000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
4800000
|
heap
|
page read and write
|
||
|
17CF000
|
heap
|
page read and write
|
||
|
58BB000
|
stack
|
page read and write
|
||
|
2898000
|
heap
|
page read and write
|
||
|
F97000
|
heap
|
page read and write
|
||
|
374000
|
unkown
|
page readonly
|
||
|
1785000
|
heap
|
page read and write
|
||
|
5D4000
|
heap
|
page read and write
|
||
|
F8F000
|
heap
|
page read and write
|
||
|
1044000
|
heap
|
page read and write
|
||
|
E8C000
|
heap
|
page read and write
|
||
|
E8C000
|
heap
|
page read and write
|
||
|
FEC000
|
heap
|
page read and write
|
||
|
2898000
|
heap
|
page read and write
|
||
|
1143000
|
heap
|
page read and write
|
||
|
1533000
|
heap
|
page read and write
|
||
|
2E67000
|
heap
|
page read and write
|
||
|
3C60000
|
heap
|
page read and write
|
||
|
10CA000
|
heap
|
page read and write
|
||
|
E4E000
|
stack
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
CB7000
|
heap
|
page read and write
|
||
|
16D5000
|
heap
|
page read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
2881000
|
heap
|
page read and write
|
||
|
FB3000
|
heap
|
page read and write
|
||
|
10F1000
|
heap
|
page read and write
|
||
|
1044000
|
heap
|
page read and write
|
||
|
5D4000
|
heap
|
page read and write
|
||
|
10CA000
|
heap
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
2898000
|
heap
|
page read and write
|
||
|
F5C000
|
heap
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
2E68000
|
heap
|
page read and write
|
||
|
478000
|
direct allocation
|
page execute and read and write
|
||
|
547F000
|
stack
|
page read and write
|
||
|
2E66000
|
heap
|
page read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
61AE000
|
stack
|
page read and write
|
||
|
13DC000
|
stack
|
page read and write
|
||
|
36C000
|
unkown
|
page read and write
|
||
|
866EBFF000
|
stack
|
page read and write
|
||
|
287C000
|
heap
|
page read and write
|
||
|
10B6000
|
heap
|
page read and write
|
||
|
1070000
|
trusted library allocation
|
page read and write
|
||
|
866ECFB000
|
stack
|
page read and write
|
||
|
13FF000
|
stack
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
288D000
|
heap
|
page read and write
|
||
|
5D5000
|
heap
|
page read and write
|
||
|
243F38DE000
|
heap
|
page read and write
|
||
|
BEF000
|
stack
|
page read and write
|
||
|
33C000
|
unkown
|
page readonly
|
||
|
5D5000
|
heap
|
page read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
5CFE000
|
stack
|
page read and write
|
||
|
337D000
|
stack
|
page read and write
|
||
|
D0E000
|
stack
|
page read and write
|
||
|
2E61000
|
heap
|
page read and write
|
||
|
288D000
|
heap
|
page read and write
|
||
|
1044000
|
heap
|
page read and write
|
||
|
2E85000
|
heap
|
page read and write
|
||
|
E28000
|
heap
|
page read and write
|
||
|
13BF000
|
stack
|
page read and write
|
||
|
2E61000
|
heap
|
page read and write
|
||
|
F6B000
|
heap
|
page read and write
|
||
|
F79000
|
heap
|
page read and write
|
||
|
2898000
|
heap
|
page read and write
|
||
|
1044000
|
heap
|
page read and write
|
||
|
F6B000
|
heap
|
page read and write
|
||
|
47CF000
|
heap
|
page read and write
|
||
|
32AE000
|
heap
|
page read and write
|
||
|
F32000
|
heap
|
page read and write
|
||
|
54C000
|
stack
|
page read and write
|
||
|
866E2FE000
|
stack
|
page read and write
|
||
|
A0000
|
unkown
|
page readonly
|
||
|
5D5000
|
heap
|
page read and write
|
||
|
3410000
|
heap
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
2E6F000
|
heap
|
page read and write
|
||
|
2E85000
|
heap
|
page read and write
|
||
|
2A1000
|
unkown
|
page execute read
|
||
|
5D4000
|
heap
|
page read and write
|
||
|
F13000
|
heap
|
page read and write
|
||
|
BCF000
|
stack
|
page read and write
|
||
|
16C000
|
unkown
|
page write copy
|
||
|
B20000
|
heap
|
page read and write
|
||
|
F99000
|
heap
|
page read and write
|
||
|
FED000
|
heap
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
2A1000
|
unkown
|
page execute read
|
||
|
BDC000
|
stack
|
page read and write
|
||
|
2E69000
|
heap
|
page read and write
|
||
|
54BE000
|
stack
|
page read and write
|
||
|
2E68000
|
heap
|
page read and write
|
||
|
507E000
|
stack
|
page read and write
|
||
|
162000
|
unkown
|
page readonly
|
||
|
888E000
|
direct allocation
|
page read and write
|
||
|
5D5E000
|
stack
|
page read and write
|
||
|
F9B000
|
heap
|
page read and write
|
||
|
2898000
|
heap
|
page read and write
|
||
|
E2E000
|
heap
|
page read and write
|
||
|
2895000
|
heap
|
page read and write
|
||
|
374000
|
unkown
|
page readonly
|
||
|
FDC000
|
heap
|
page read and write
|
||
|
2E6C000
|
heap
|
page read and write
|
||
|
2899000
|
heap
|
page read and write
|
||
|
2A1000
|
unkown
|
page execute read
|
||
|
2895000
|
heap
|
page read and write
|
||
|
F28000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
F07000
|
heap
|
page read and write
|
||
|
11A0000
|
heap
|
page read and write
|
||
|
2898000
|
heap
|
page read and write
|
||
|
F6B000
|
heap
|
page read and write
|
||
|
B1E000
|
stack
|
page read and write
|
||
|
36C000
|
unkown
|
page write copy
|
||
|
E10000
|
heap
|
page read and write
|
||
|
BEF000
|
stack
|
page read and write
|
||
|
33C000
|
unkown
|
page readonly
|
||
|
FCB000
|
heap
|
page read and write
|
||
|
5FE000
|
stack
|
page read and write
|
||
|
362000
|
unkown
|
page readonly
|
||
|
1703000
|
heap
|
page read and write
|
||
|
D9D000
|
stack
|
page read and write
|
||
|
2EA3000
|
heap
|
page read and write
|
||
|
E2E000
|
heap
|
page read and write
|
||
|
2E66000
|
heap
|
page read and write
|
||
|
1044000
|
heap
|
page read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
2895000
|
heap
|
page read and write
|
||
|
E0A000
|
heap
|
page read and write
|
||
|
BDC000
|
stack
|
page read and write
|
||
|
F5B000
|
heap
|
page read and write
|
||
|
2895000
|
heap
|
page read and write
|
||
|
ADE000
|
stack
|
page read and write
|
||
|
1044000
|
heap
|
page read and write
|
||
|
1530000
|
heap
|
page read and write
|
||
|
748E000
|
direct allocation
|
page read and write
|
||
|
15B0000
|
heap
|
page read and write
|
||
|
33C000
|
unkown
|
page readonly
|
||
|
9FF000
|
stack
|
page read and write
|
||
|
2880000
|
heap
|
page read and write
|
||
|
2A1000
|
unkown
|
page execute read
|
||
|
2889000
|
heap
|
page read and write
|
||
|
F99000
|
heap
|
page read and write
|
||
|
2E8E000
|
heap
|
page read and write
|
||
|
CE9000
|
stack
|
page read and write
|
||
|
12D5000
|
heap
|
page read and write
|
||
|
866E9FE000
|
stack
|
page read and write
|
||
|
E2F000
|
heap
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
2881000
|
heap
|
page read and write
|
||
|
2E66000
|
heap
|
page read and write
|
||
|
2881000
|
heap
|
page read and write
|
||
|
5D4000
|
heap
|
page read and write
|
||
|
2898000
|
heap
|
page read and write
|
||
|
A0000
|
unkown
|
page readonly
|
||
|
2898000
|
heap
|
page read and write
|
||
|
45C000
|
system
|
page execute and read and write
|
||
|
2898000
|
heap
|
page read and write
|
||
|
608E000
|
direct allocation
|
page read and write
|
||
|
FD7000
|
heap
|
page read and write
|
||
|
147E000
|
stack
|
page read and write
|
||
|
10001000
|
direct allocation
|
page execute and read and write
|
||
|
374000
|
unkown
|
page readonly
|
||
|
4891000
|
heap
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
3060000
|
trusted library allocation
|
page read and write
|
||
|
2A1000
|
unkown
|
page execute read
|
||
|
2898000
|
heap
|
page read and write
|
||
|
E1F000
|
heap
|
page read and write
|
||
|
2895000
|
heap
|
page read and write
|
||
|
16E3000
|
heap
|
page read and write
|
||
|
FFA000
|
heap
|
page read and write
|
||
|
288C000
|
heap
|
page read and write
|
||
|
473000
|
system
|
page execute and read and write
|
||
|
100A000
|
heap
|
page read and write
|
||
|
D62000
|
heap
|
page read and write
|
||
|
A3F000
|
stack
|
page read and write
|
||
|
4890000
|
heap
|
page read and write
|
||
|
5D4000
|
heap
|
page read and write
|
||
|
1320000
|
heap
|
page read and write
|
||
|
1044000
|
heap
|
page read and write
|
||
|
1169000
|
heap
|
page read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
10CA000
|
heap
|
page read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
2EA9000
|
heap
|
page read and write
|
||
|
2E79000
|
heap
|
page read and write
|
||
|
F89000
|
heap
|
page read and write
|
||
|
17DE000
|
heap
|
page read and write
|
||
|
243F3685000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
2895000
|
heap
|
page read and write
|
||
|
D32000
|
heap
|
page read and write
|
||
|
17D0000
|
heap
|
page read and write
|
||
|
1169000
|
heap
|
page read and write
|
||
|
3063000
|
heap
|
page read and write
|
||
|
288D000
|
heap
|
page read and write
|
||
|
2A1000
|
unkown
|
page execute read
|
||
|
374000
|
unkown
|
page readonly
|
||
|
48C0000
|
heap
|
page read and write
|
||
|
3060000
|
trusted library allocation
|
page read and write
|
||
|
118F000
|
heap
|
page read and write
|
||
|
33C000
|
unkown
|
page readonly
|
||
|
E40000
|
direct allocation
|
page execute and read and write
|
||
|
4913000
|
heap
|
page read and write
|
||
|
1169000
|
heap
|
page read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
1306000
|
heap
|
page read and write
|
||
|
1AF0000
|
heap
|
page read and write
|
||
|
E2D000
|
heap
|
page read and write
|
||
|
2898000
|
heap
|
page read and write
|
||
|
105A000
|
heap
|
page read and write
|
||
|
2895000
|
heap
|
page read and write
|
||
|
10BF000
|
stack
|
page read and write
|
||
|
F52000
|
heap
|
page read and write
|
||
|
2A0000
|
unkown
|
page readonly
|
||
|
2895000
|
heap
|
page read and write
|
||
|
374000
|
unkown
|
page readonly
|
||
|
17B1000
|
heap
|
page read and write
|
||
|
2881000
|
heap
|
page read and write
|
||
|
288F000
|
heap
|
page read and write
|
||
|
E3E000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
F8F000
|
heap
|
page read and write
|
||
|
2898000
|
heap
|
page read and write
|
||
|
36C000
|
unkown
|
page write copy
|
||
|
1040000
|
heap
|
page read and write
|
||
|
1044000
|
heap
|
page read and write
|
||
|
36C000
|
unkown
|
page write copy
|
||
|
F5C000
|
heap
|
page read and write
|
||
|
CB3000
|
heap
|
page read and write
|
||
|
10F1000
|
heap
|
page read and write
|
||
|
170000
|
unkown
|
page write copy
|
||
|
106E000
|
stack
|
page read and write
|
||
|
1590000
|
heap
|
page read and write
|
||
|
58FD000
|
stack
|
page read and write
|
||
|
3030000
|
direct allocation
|
page execute and read and write
|
||
|
1044000
|
heap
|
page read and write
|
||
|
2E8E000
|
heap
|
page read and write
|
||
|
2EA1000
|
heap
|
page read and write
|
||
|
2A1000
|
unkown
|
page execute read
|
||
|
435F000
|
stack
|
page read and write
|
||
|
153D000
|
heap
|
page read and write
|
||
|
5D5000
|
heap
|
page read and write
|
||
|
16E4000
|
heap
|
page read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
1737000
|
heap
|
page read and write
|
||
|
1085000
|
heap
|
page read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
174000
|
unkown
|
page readonly
|
||
|
11F0000
|
heap
|
page read and write
|
||
|
F7F000
|
heap
|
page read and write
|
||
|
2D61000
|
heap
|
page read and write
|
||
|
BDC000
|
stack
|
page read and write
|
||
|
288F000
|
heap
|
page read and write
|
||
|
33C000
|
unkown
|
page readonly
|
||
|
456000
|
system
|
page execute and read and write
|
||
|
2A1000
|
unkown
|
page execute read
|
||
|
1044000
|
heap
|
page read and write
|
||
|
2E69000
|
heap
|
page read and write
|
||
|
F5C000
|
heap
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
2E6F000
|
heap
|
page read and write
|
||
|
36C000
|
unkown
|
page write copy
|
||
|
2C8E000
|
stack
|
page read and write
|
||
|
4ACB000
|
unclassified section
|
page execute and read and write
|
||
|
2A1000
|
unkown
|
page execute read
|
||
|
13C000
|
unkown
|
page readonly
|
||
|
2898000
|
heap
|
page read and write
|
||
|
33C000
|
unkown
|
page readonly
|
||
|
2A0000
|
unkown
|
page readonly
|
||
|
2A0000
|
unkown
|
page readonly
|
||
|
639000
|
stack
|
page read and write
|
||
|
288D000
|
heap
|
page read and write
|
||
|
288C000
|
heap
|
page read and write
|
||
|
2E68000
|
heap
|
page read and write
|
||
|
5D4000
|
heap
|
page read and write
|
||
|
33FC000
|
stack
|
page read and write
|
||
|
4909000
|
heap
|
page read and write
|
||
|
33CA000
|
heap
|
page read and write
|
||
|
2D61000
|
heap
|
page read and write
|
||
|
49F9000
|
unclassified section
|
page execute and read and write
|
||
|
362000
|
unkown
|
page readonly
|
||
|
1070000
|
trusted library allocation
|
page read and write
|
||
|
1169000
|
heap
|
page read and write
|
||
|
1044000
|
heap
|
page read and write
|
||
|
2881000
|
heap
|
page read and write
|
||
|
2A1000
|
unkown
|
page execute read
|
||
|
10F1000
|
heap
|
page read and write
|
||
|
5D4000
|
heap
|
page read and write
|
||
|
BEF000
|
stack
|
page read and write
|
||
|
3050000
|
direct allocation
|
page read and write
|
||
|
1044000
|
heap
|
page read and write
|
||
|
5D4000
|
heap
|
page read and write
|
||
|
2898000
|
heap
|
page read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
119F000
|
heap
|
page read and write
|
||
|
9C8E000
|
direct allocation
|
page read and write
|
||
|
30D0000
|
heap
|
page read and write
|
||
|
243F3628000
|
heap
|
page read and write
|
||
|
43BE000
|
stack
|
page read and write
|
||
|
362000
|
unkown
|
page readonly
|
||
|
2B58000
|
heap
|
page read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
1620000
|
heap
|
page read and write
|
||
|
2891000
|
heap
|
page read and write
|
||
|
3F5F000
|
stack
|
page read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
478000
|
direct allocation
|
page execute and read and write
|
||
|
10F1000
|
heap
|
page read and write
|
||
|
474000
|
direct allocation
|
page execute and read and write
|
||
|
A1000
|
unkown
|
page execute read
|
||
|
D50000
|
heap
|
page read and write
|
||
|
2D61000
|
heap
|
page read and write
|
||
|
2A1000
|
unkown
|
page execute read
|
||
|
2E6C000
|
heap
|
page read and write
|
||
|
10F1000
|
heap
|
page read and write
|
||
|
3060000
|
trusted library allocation
|
page read and write
|
||
|
2881000
|
heap
|
page read and write
|
||
|
FA2000
|
heap
|
page read and write
|
||
|
243F3570000
|
heap
|
page read and write
|
||
|
3199000
|
heap
|
page read and write
|
||
|
17D0000
|
heap
|
page read and write
|
||
|
5D5000
|
heap
|
page read and write
|
||
|
2888000
|
heap
|
page read and write
|
||
|
E58000
|
heap
|
page read and write
|
||
|
5D4000
|
heap
|
page read and write
|
||
|
E83000
|
heap
|
page read and write
|
||
|
362000
|
unkown
|
page readonly
|
||
|
5D4000
|
heap
|
page read and write
|
||
|
33BD000
|
stack
|
page read and write
|
||
|
E0F000
|
stack
|
page read and write
|
||
|
388E000
|
direct allocation
|
page read and write
|
||
|
2EA9000
|
heap
|
page read and write
|
||
|
33C000
|
unkown
|
page readonly
|
||
|
10F1000
|
heap
|
page read and write
|
||
|
2A0000
|
unkown
|
page readonly
|
||
|
A2F000
|
stack
|
page read and write
|
||
|
CB7000
|
heap
|
page read and write
|
||
|
362000
|
unkown
|
page readonly
|
||
|
174000
|
unkown
|
page readonly
|
||
|
17B1000
|
heap
|
page read and write
|
||
|
E1F000
|
heap
|
page read and write
|
||
|
10000000
|
direct allocation
|
page read and write
|
||
|
A0E000
|
stack
|
page read and write
|
||
|
F8F000
|
heap
|
page read and write
|
||
|
2895000
|
heap
|
page read and write
|
||
|
288F000
|
heap
|
page read and write
|
||
|
2899000
|
heap
|
page read and write
|
||
|
FA9000
|
heap
|
page read and write
|
||
|
11F0000
|
heap
|
page read and write
|
||
|
3060000
|
trusted library allocation
|
page read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
2898000
|
heap
|
page read and write
|
||
|
FA2000
|
heap
|
page read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
178F000
|
heap
|
page read and write
|
||
|
3C64000
|
heap
|
page read and write
|
||
|
1B60000
|
heap
|
page read and write
|
||
|
17AC000
|
heap
|
page read and write
|
||
|
866E6FF000
|
stack
|
page read and write
|
||
|
36C000
|
unkown
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
FDD000
|
heap
|
page read and write
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
370000
|
unkown
|
page write copy
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
33C000
|
unkown
|
page readonly
|
||
|
2895000
|
heap
|
page read and write
|
||
|
4360000
|
heap
|
page read and write
|
||
|
10BB000
|
heap
|
page read and write
|
||
|
33C000
|
unkown
|
page readonly
|
||
|
CB6000
|
heap
|
page read and write
|
||
|
1002000
|
heap
|
page read and write
|
||
|
10AB000
|
heap
|
page read and write
|
||
|
2E61000
|
heap
|
page read and write
|
||
|
37C0000
|
direct allocation
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
C50000
|
heap
|
page read and write
|
||
|
108F000
|
heap
|
page read and write
|
||
|
5D4000
|
heap
|
page read and write
|
||
|
459000
|
system
|
page execute and read and write
|
||
|
10AB000
|
heap
|
page read and write
|
||
|
F8F000
|
heap
|
page read and write
|
||
|
2898000
|
heap
|
page read and write
|
||
|
162000
|
unkown
|
page readonly
|
||
|
374000
|
unkown
|
page readonly
|
||
|
2E85000
|
heap
|
page read and write
|
||
|
5D4000
|
heap
|
page read and write
|
||
|
3740000
|
direct allocation
|
page read and write
|
||
|
3060000
|
trusted library allocation
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
2E68000
|
heap
|
page read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
10BE000
|
heap
|
page read and write
|
||
|
370000
|
unkown
|
page write copy
|
||
|
13C000
|
unkown
|
page readonly
|
||
|
A1000
|
unkown
|
page execute read
|
||
|
36C000
|
unkown
|
page write copy
|
||
|
2890000
|
heap
|
page read and write
|
||
|
4913000
|
heap
|
page read and write
|
||
|
374000
|
unkown
|
page readonly
|
||
|
1628000
|
heap
|
page read and write
|
||
|
2E79000
|
heap
|
page read and write
|
||
|
F6B000
|
heap
|
page read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
4909000
|
heap
|
page read and write
|
||
|
30D1000
|
heap
|
page read and write
|
||
|
2E69000
|
heap
|
page read and write
|
||
|
2870000
|
heap
|
page read and write
|
||
|
2E71000
|
heap
|
page read and write
|
||
|
10BD000
|
heap
|
page read and write
|
||
|
2881000
|
heap
|
page read and write
|
||
|
2EC6000
|
heap
|
page read and write
|
||
|
2E69000
|
heap
|
page read and write
|
||
|
370000
|
unkown
|
page write copy
|
||
|
F12000
|
heap
|
page read and write
|
||
|
2891000
|
heap
|
page read and write
|
||
|
10016000
|
direct allocation
|
page execute and read and write
|
||
|
17D0000
|
heap
|
page read and write
|
||
|
36C000
|
unkown
|
page read and write
|
||
|
32B5000
|
heap
|
page read and write
|
||
|
866EAFE000
|
stack
|
page read and write
|
||
|
615F000
|
stack
|
page read and write
|
||
|
2A0000
|
unkown
|
page readonly
|
||
|
580000
|
heap
|
page read and write
|
||
|
362000
|
unkown
|
page readonly
|
||
|
2E71000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
10CA000
|
heap
|
page read and write
|
||
|
E3E000
|
heap
|
page read and write
|
||
|
1E1E000
|
stack
|
page read and write
|
||
|
F8F000
|
heap
|
page read and write
|
||
|
3062000
|
heap
|
page read and write
|
There are 741 hidden memdumps, click here to show them.