Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
7P7cuKWTfN.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\VIVA_01.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\7P7cuKWTfN.dll"
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
regsvr32.exe /s C:\Users\user\Desktop\7P7cuKWTfN.dll
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\7P7cuKWTfN.dll",#1
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\7P7cuKWTfN.dll,DllCanUnloadNow
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\7P7cuKWTfN.dll,DllGetClassObject
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\7P7cuKWTfN.dll,DllRegisterServer
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
"C:\Windows\SysWOW64\rundll32.exe"
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
"C:\Windows\SysWOW64\rundll32.exe"
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
"C:\Windows\SysWOW64\regsvr32.exe"
|
|
|
|
C:\Windows\SysWOW64\reg.exe
|
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*Chrome" /t REG_SZ /d "rundll32.exe C:\Users\user\AppData\Roaming\VIVA_01.dll",EntryPoint
/f
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
"C:\Windows\SysWOW64\rundll32.exe"
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
"C:\Windows\SysWOW64\rundll32.exe"
|
|
|
|
C:\Windows\System32\rundll32.exe
|
"C:\Windows\system32\rundll32.exe" C:\Users\user\AppData\Roaming\VIVA_01.dll,EntryPoint
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
"C:\Windows\system32\rundll32.exe" C:\Users\user\AppData\Roaming\VIVA_01.dll,EntryPoint
|
|
|
|
C:\Windows\System32\rundll32.exe
|
"C:\Windows\system32\rundll32.exe" C:\Users\user\AppData\Roaming\VIVA_01.dll,EntryPoint
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
"C:\Windows\system32\rundll32.exe" C:\Users\user\AppData\Roaming\VIVA_01.dll,EntryPoint
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
"C:\Windows\SysWOW64\rundll32.exe"
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
"C:\Windows\SysWOW64\rundll32.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\7P7cuKWTfN.dll",#1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*Chrome" /t REG_SZ /d "rundll32.exe C:\Users\user\AppData\Roaming\VIVA_01.dll",EntryPoint
/f & exit
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 12 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
goatratedman.com
|
|
||
|
extendedbreakfast.com
|
|
||
|
http://geoplugin.net/json.gp
|
unknown
|
||
|
http://www.openssl.org/support/faq.html.....................
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
http://www.vidsoft.de/xmlns/meetingcontrolprotocol
|
unknown
|
||
|
http://www.gotomeeting.comInetAPI::initializeForG2M()InetAPI::shutdown()..
|
unknown
|
||
|
http://support.gotomeeting.com/ics/support/default.asp?deptID=5641&task=knowledge&questionID=4517Lea
|
unknown
|
||
|
http://www.openssl.org/support/faq.html
|
unknown
|
||
|
https://www.gotomeeting.comhttps://www.gotowebinar.comhttps://www.gototraining.comhwId
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
goatratedman.com
|
193.233.18.18
|
|
|
|
extendedbreakfast.com
|
193.233.18.18
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
193.233.18.18
|
goatratedman.com
|
Russian Federation
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
*Chrome
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\bghtyi-ILS8CA
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\bghtyi-ILS8CA
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\bghtyi-ILS8CA
|
time
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
10EC8000
|
unkown
|
page execute and read and write
|
|
|
|
10EC8000
|
unkown
|
page execute and read and write
|
|
|
|
2D4A000
|
heap
|
page read and write
|
|
|
|
2B5A000
|
heap
|
page read and write
|
|
|
|
4DF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
520000
|
remote allocation
|
page execute and read and write
|
|
|
|
4E10000
|
direct allocation
|
page execute and read and write
|
|
|
|
2B00000
|
remote allocation
|
page execute and read and write
|
|
|
|
2A90000
|
remote allocation
|
page execute and read and write
|
|
|
|
5330000
|
direct allocation
|
page execute and read and write
|
|
|
|
10EC8000
|
unkown
|
page execute and read and write
|
|
|
|
5990000
|
direct allocation
|
page execute and read and write
|
|
|
|
2C9A000
|
heap
|
page read and write
|
|
|
|
2C7A000
|
heap
|
page read and write
|
|
|
|
308A000
|
heap
|
page read and write
|
|
|
|
10EC8000
|
unkown
|
page execute and read and write
|
|
|
|
10EC8000
|
unkown
|
page execute and read and write
|
|
|
|
4240000
|
direct allocation
|
page execute and read and write
|
|
|
|
2B40000
|
remote allocation
|
page execute and read and write
|
|
|
|
10EC8000
|
unkown
|
page execute and read and write
|
|
|
|
10EC8000
|
unkown
|
page execute and read and write
|
|
|
|
8F0000
|
remote allocation
|
page execute and read and write
|
|
|
|
4830000
|
direct allocation
|
page execute and read and write
|
|
|
|
2E9A000
|
heap
|
page read and write
|
|
|
|
3850000
|
direct allocation
|
page execute and read and write
|
|
|
|
10EC8000
|
unkown
|
page execute and read and write
|
|
|
|
2A40000
|
remote allocation
|
page execute and read and write
|
|
|
|
2A00000
|
remote allocation
|
page execute and read and write
|
|
|
|
2B9A000
|
heap
|
page read and write
|
|
|
|
336D000
|
stack
|
page read and write
|
||
|
5DE7000
|
direct allocation
|
page read and write
|
||
|
604F000
|
direct allocation
|
page read and write
|
||
|
1CCB4E20000
|
heap
|
page read and write
|
||
|
4580000
|
heap
|
page read and write
|
||
|
10A01000
|
unkown
|
page execute read
|
||
|
10A01000
|
unkown
|
page execute read
|
||
|
5E9B000
|
direct allocation
|
page read and write
|
||
|
2FBD000
|
heap
|
page read and write
|
||
|
36C2000
|
heap
|
page read and write
|
||
|
36C4000
|
heap
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
10A01000
|
unkown
|
page execute read
|
||
|
690000
|
heap
|
page read and write
|
||
|
3536000
|
heap
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
10E1C000
|
unkown
|
page write copy
|
||
|
10F5A000
|
unkown
|
page readonly
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
476000
|
stack
|
page read and write
|
||
|
2680000
|
heap
|
page read and write
|
||
|
4EF7000
|
direct allocation
|
page read and write
|
||
|
2B90000
|
heap
|
page read and write
|
||
|
5970000
|
direct allocation
|
page read and write
|
||
|
451D000
|
stack
|
page read and write
|
||
|
2BC0000
|
heap
|
page read and write
|
||
|
3090000
|
direct allocation
|
page read and write
|
||
|
4FB0000
|
heap
|
page read and write
|
||
|
348D000
|
stack
|
page read and write
|
||
|
10BE4000
|
unkown
|
page readonly
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
2BB9000
|
heap
|
page read and write
|
||
|
73C000
|
stack
|
page read and write
|
||
|
3470000
|
heap
|
page read and write
|
||
|
2E10000
|
heap
|
page read and write
|
||
|
2A90000
|
heap
|
page read and write
|
||
|
36C6000
|
heap
|
page read and write
|
||
|
847000
|
heap
|
page read and write
|
||
|
4E68000
|
direct allocation
|
page execute and read and write
|
||
|
1CCB4E30000
|
heap
|
page read and write
|
||
|
10F5A000
|
unkown
|
page readonly
|
||
|
9FC000
|
stack
|
page read and write
|
||
|
2BC7000
|
heap
|
page read and write
|
||
|
223A6548000
|
heap
|
page read and write
|
||
|
6CD000
|
heap
|
page read and write
|
||
|
2B20000
|
heap
|
page read and write
|
||
|
68F000
|
stack
|
page read and write
|
||
|
2A74000
|
remote allocation
|
page execute and read and write
|
||
|
B2E000
|
stack
|
page read and write
|
||
|
6C5000
|
heap
|
page read and write
|
||
|
4F60000
|
heap
|
page read and write
|
||
|
2B8A000
|
heap
|
page read and write
|
||
|
3260000
|
heap
|
page read and write
|
||
|
37DF000
|
unkown
|
page read and write
|
||
|
10E28000
|
unkown
|
page write copy
|
||
|
325B000
|
stack
|
page read and write
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
10BE4000
|
unkown
|
page readonly
|
||
|
2A65000
|
heap
|
page read and write
|
||
|
498F000
|
stack
|
page read and write
|
||
|
44DE000
|
stack
|
page read and write
|
||
|
33F2000
|
heap
|
page read and write
|
||
|
40C0000
|
heap
|
page read and write
|
||
|
2A7C000
|
stack
|
page read and write
|
||
|
464F000
|
stack
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
33C0000
|
heap
|
page read and write
|
||
|
2A9C000
|
stack
|
page read and write
|
||
|
4FAB000
|
direct allocation
|
page read and write
|
||
|
49B0000
|
heap
|
page read and write
|
||
|
343F000
|
stack
|
page read and write
|
||
|
40D0000
|
direct allocation
|
page read and write
|
||
|
A06000
|
stack
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
5170000
|
heap
|
page read and write
|
||
|
BCC000
|
heap
|
page read and write
|
||
|
49C0000
|
direct allocation
|
page read and write
|
||
|
2B04000
|
remote allocation
|
page execute and read and write
|
||
|
2B74000
|
remote allocation
|
page execute and read and write
|
||
|
69A000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
560B000
|
direct allocation
|
page read and write
|
||
|
33D0000
|
heap
|
page read and write
|
||
|
64E000
|
stack
|
page read and write
|
||
|
968000
|
remote allocation
|
page execute and read and write
|
||
|
2FC4000
|
heap
|
page read and write
|
||
|
2EBF000
|
stack
|
page read and write
|
||
|
42B8000
|
direct allocation
|
page execute and read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
2B25000
|
heap
|
page read and write
|
||
|
4790000
|
heap
|
page read and write
|
||
|
2FF6000
|
stack
|
page read and write
|
||
|
33C0000
|
heap
|
page read and write
|
||
|
4300000
|
heap
|
page read and write
|
||
|
34B7000
|
direct allocation
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
2A78000
|
remote allocation
|
page execute and read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
8B2000
|
heap
|
page read and write
|
||
|
338D000
|
stack
|
page read and write
|
||
|
73848FF000
|
stack
|
page read and write
|
||
|
33EC000
|
heap
|
page read and write
|
||
|
2FBF000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
2BB4000
|
heap
|
page read and write
|
||
|
2BB6000
|
heap
|
page read and write
|
||
|
82D000
|
stack
|
page read and write
|
||
|
2BBA000
|
heap
|
page read and write
|
||
|
2B1E000
|
stack
|
page read and write
|
||
|
3910000
|
heap
|
page read and write
|
||
|
2E40000
|
heap
|
page read and write
|
||
|
8C3000
|
heap
|
page read and write
|
||
|
1CCB4E25000
|
heap
|
page read and write
|
||
|
10BE4000
|
unkown
|
page readonly
|
||
|
2F87000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
2AB4000
|
remote allocation
|
page execute and read and write
|
||
|
2BC5000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
10BE4000
|
unkown
|
page readonly
|
||
|
2E10000
|
heap
|
page readonly
|
||
|
4E88000
|
direct allocation
|
page execute and read and write
|
||
|
2FBB000
|
stack
|
page read and write
|
||
|
4F9F000
|
direct allocation
|
page read and write
|
||
|
33A0000
|
heap
|
page read and write
|
||
|
37CE000
|
stack
|
page read and write
|
||
|
10E1C000
|
unkown
|
page write copy
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
10A01000
|
unkown
|
page execute read
|
||
|
BC5000
|
heap
|
page read and write
|
||
|
3510000
|
heap
|
page read and write
|
||
|
2690000
|
direct allocation
|
page read and write
|
||
|
10E28000
|
unkown
|
page write copy
|
||
|
2F8B000
|
stack
|
page read and write
|
||
|
421F000
|
stack
|
page read and write
|
||
|
1CCB4E00000
|
heap
|
page read and write
|
||
|
2E20000
|
heap
|
page read and write
|
||
|
2AA0000
|
heap
|
page read and write
|
||
|
607000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
6BD000
|
heap
|
page read and write
|
||
|
36C4000
|
heap
|
page read and write
|
||
|
9BE000
|
stack
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
2CA5000
|
heap
|
page read and write
|
||
|
B7D000
|
stack
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
3531000
|
heap
|
page read and write
|
||
|
33EB000
|
heap
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
3810000
|
heap
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
10E28000
|
unkown
|
page write copy
|
||
|
594000
|
remote allocation
|
page execute and read and write
|
||
|
4D10000
|
direct allocation
|
page read and write
|
||
|
2BB9000
|
heap
|
page read and write
|
||
|
8AE000
|
heap
|
page read and write
|
||
|
738487F000
|
stack
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
7F0000
|
heap
|
page readonly
|
||
|
36C1000
|
heap
|
page read and write
|
||
|
2A30000
|
heap
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
10F42000
|
unkown
|
page readonly
|
||
|
2BB2000
|
heap
|
page read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
2BC0000
|
heap
|
page read and write
|
||
|
3300000
|
heap
|
page read and write
|
||
|
8B3000
|
heap
|
page read and write
|
||
|
37F0000
|
heap
|
page read and write
|
||
|
3550000
|
heap
|
page read and write
|
||
|
2C90000
|
heap
|
page read and write
|
||
|
274C000
|
stack
|
page read and write
|
||
|
A3E000
|
stack
|
page read and write
|
||
|
A3D000
|
stack
|
page read and write
|
||
|
5E8F000
|
direct allocation
|
page read and write
|
||
|
3579000
|
heap
|
page read and write
|
||
|
3230000
|
heap
|
page read and write
|
||
|
B9B000
|
heap
|
page read and write
|
||
|
10F5A000
|
unkown
|
page readonly
|
||
|
4DEF000
|
stack
|
page read and write
|
||
|
223A6510000
|
heap
|
page read and write
|
||
|
2B70000
|
heap
|
page read and write
|
||
|
3230000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page readonly
|
||
|
BDB000
|
heap
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
10F5A000
|
unkown
|
page readonly
|
||
|
478F000
|
stack
|
page read and write
|
||
|
33F0000
|
heap
|
page read and write
|
||
|
223A64F0000
|
heap
|
page read and write
|
||
|
468E000
|
stack
|
page read and write
|
||
|
9CB000
|
stack
|
page read and write
|
||
|
77C000
|
stack
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
33F3000
|
heap
|
page read and write
|
||
|
10DA4000
|
unkown
|
page readonly
|
||
|
2E7E000
|
stack
|
page read and write
|
||
|
BDE000
|
stack
|
page read and write
|
||
|
5557000
|
direct allocation
|
page read and write
|
||
|
5180000
|
direct allocation
|
page read and write
|
||
|
598000
|
remote allocation
|
page execute and read and write
|
||
|
D8E000
|
stack
|
page read and write
|
||
|
278C000
|
stack
|
page read and write
|
||
|
36BD000
|
heap
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
36D3000
|
heap
|
page read and write
|
||
|
5137000
|
direct allocation
|
page read and write
|
||
|
8B5000
|
heap
|
page read and write
|
||
|
357D000
|
heap
|
page read and write
|
||
|
6BB000
|
heap
|
page read and write
|
||
|
626000
|
stack
|
page read and write
|
||
|
10E1C000
|
unkown
|
page write copy
|
||
|
5F0000
|
heap
|
page readonly
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
449E000
|
stack
|
page read and write
|
||
|
277B000
|
stack
|
page read and write
|
||
|
2BDE000
|
stack
|
page read and write
|
||
|
3970000
|
heap
|
page read and write
|
||
|
3583000
|
heap
|
page read and write
|
||
|
6CE000
|
heap
|
page read and write
|
||
|
2BF0000
|
heap
|
page read and write
|
||
|
341E000
|
unkown
|
page read and write
|
||
|
5D97000
|
direct allocation
|
page read and write
|
||
|
2B20000
|
heap
|
page read and write
|
||
|
87C000
|
stack
|
page read and write
|
||
|
1CCB4F08000
|
heap
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
33C7000
|
heap
|
page read and write
|
||
|
5A08000
|
direct allocation
|
page execute and read and write
|
||
|
88A000
|
heap
|
page read and write
|
||
|
DFF000
|
stack
|
page read and write
|
||
|
BCA000
|
heap
|
page read and write
|
||
|
47A0000
|
heap
|
page read and write
|
||
|
2E3F000
|
stack
|
page read and write
|
||
|
401F000
|
stack
|
page read and write
|
||
|
2E20000
|
heap
|
page read and write
|
||
|
10F5A000
|
unkown
|
page readonly
|
||
|
10A01000
|
unkown
|
page execute read
|
||
|
9BC692C000
|
stack
|
page read and write
|
||
|
36D1000
|
heap
|
page read and write
|
||
|
33EF000
|
heap
|
page read and write
|
||
|
2C70000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
347D000
|
stack
|
page read and write
|
||
|
2ACC000
|
stack
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
346E000
|
stack
|
page read and write
|
||
|
33F2000
|
heap
|
page read and write
|
||
|
8C2000
|
heap
|
page read and write
|
||
|
51DF000
|
direct allocation
|
page read and write
|
||
|
2F9A000
|
heap
|
page read and write
|
||
|
4560000
|
heap
|
page read and write
|
||
|
2A20000
|
heap
|
page read and write
|
||
|
2B78000
|
remote allocation
|
page execute and read and write
|
||
|
2FCE000
|
heap
|
page read and write
|
||
|
3340000
|
heap
|
page read and write
|
||
|
48A8000
|
direct allocation
|
page execute and read and write
|
||
|
6BF000
|
heap
|
page read and write
|
||
|
10E28000
|
unkown
|
page write copy
|
||
|
10BE4000
|
unkown
|
page readonly
|
||
|
2FC6000
|
stack
|
page read and write
|
||
|
5130000
|
direct allocation
|
page read and write
|
||
|
10E1C000
|
unkown
|
page write copy
|
||
|
355F000
|
direct allocation
|
page read and write
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
10E28000
|
unkown
|
page write copy
|
||
|
4FC0000
|
direct allocation
|
page read and write
|
||
|
BF8000
|
heap
|
page read and write
|
||
|
2E00000
|
heap
|
page read and write
|
||
|
10A01000
|
unkown
|
page execute read
|
||
|
4730000
|
direct allocation
|
page read and write
|
||
|
3296000
|
stack
|
page read and write
|
||
|
2BB6000
|
heap
|
page read and write
|
||
|
334E000
|
stack
|
page read and write
|
||
|
59C0000
|
direct allocation
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
10F42000
|
unkown
|
page readonly
|
||
|
10E28000
|
unkown
|
page write copy
|
||
|
223A6755000
|
heap
|
page read and write
|
||
|
2B80000
|
heap
|
page read and write
|
||
|
10F42000
|
unkown
|
page readonly
|
||
|
B6F000
|
stack
|
page read and write
|
||
|
B9F000
|
heap
|
page read and write
|
||
|
2CC0000
|
heap
|
page read and write
|
||
|
355A000
|
heap
|
page read and write
|
||
|
223A6750000
|
heap
|
page read and write
|
||
|
5FA7000
|
direct allocation
|
page read and write
|
||
|
605B000
|
direct allocation
|
page read and write
|
||
|
8B5000
|
heap
|
page read and write
|
||
|
33BE000
|
stack
|
page read and write
|
||
|
63B000
|
stack
|
page read and write
|
||
|
358F000
|
heap
|
page read and write
|
||
|
2BB4000
|
remote allocation
|
page execute and read and write
|
||
|
2BB8000
|
remote allocation
|
page execute and read and write
|
||
|
10E1C000
|
unkown
|
page write copy
|
||
|
10DA4000
|
unkown
|
page readonly
|
||
|
357F000
|
heap
|
page read and write
|
||
|
8B3000
|
heap
|
page read and write
|
||
|
964000
|
remote allocation
|
page execute and read and write
|
||
|
32BE000
|
stack
|
page read and write
|
||
|
2CB0000
|
heap
|
page readonly
|
||
|
4AC000
|
stack
|
page read and write
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
EA0000
|
heap
|
page read and write
|
||
|
1CCB4D20000
|
heap
|
page read and write
|
||
|
2C40000
|
heap
|
page read and write
|
||
|
10BE4000
|
unkown
|
page readonly
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
2E90000
|
heap
|
page read and write
|
||
|
34B5000
|
heap
|
page read and write
|
||
|
10DA4000
|
unkown
|
page readonly
|
||
|
4630000
|
heap
|
page read and write
|
||
|
3977000
|
heap
|
page read and write
|
||
|
2BB6000
|
heap
|
page read and write
|
||
|
351B000
|
heap
|
page read and write
|
||
|
A0E000
|
stack
|
page read and write
|
||
|
38C8000
|
direct allocation
|
page execute and read and write
|
||
|
2CA0000
|
heap
|
page read and write
|
||
|
5B80000
|
direct allocation
|
page read and write
|
||
|
2B60000
|
heap
|
page readonly
|
||
|
462F000
|
stack
|
page read and write
|
||
|
2B70000
|
heap
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
369A000
|
heap
|
page read and write
|
||
|
303E000
|
stack
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
10E1C000
|
unkown
|
page write copy
|
||
|
33D0000
|
heap
|
page read and write
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
357E000
|
heap
|
page read and write
|
||
|
8B5000
|
heap
|
page read and write
|
||
|
2F00000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
344E000
|
stack
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
10F42000
|
unkown
|
page readonly
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
10F42000
|
unkown
|
page readonly
|
||
|
8B6000
|
heap
|
page read and write
|
||
|
589B000
|
direct allocation
|
page read and write
|
||
|
10DA4000
|
unkown
|
page readonly
|
||
|
3240000
|
heap
|
page read and write
|
||
|
368E000
|
stack
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
33FD000
|
heap
|
page read and write
|
||
|
10E1C000
|
unkown
|
page write copy
|
||
|
38DF000
|
stack
|
page read and write
|
||
|
2F80000
|
heap
|
page read and write
|
||
|
34BE000
|
stack
|
page read and write
|
||
|
10BE4000
|
unkown
|
page readonly
|
||
|
676000
|
stack
|
page read and write
|
||
|
223A6540000
|
heap
|
page read and write
|
||
|
356B000
|
direct allocation
|
page read and write
|
||
|
223A6410000
|
heap
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
2B60000
|
heap
|
page readonly
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
BDC000
|
heap
|
page read and write
|
||
|
BCA000
|
heap
|
page read and write
|
||
|
588F000
|
direct allocation
|
page read and write
|
||
|
10DA4000
|
unkown
|
page readonly
|
||
|
4A1F000
|
stack
|
page read and write
|
||
|
4EC000
|
stack
|
page read and write
|
||
|
2BB9000
|
heap
|
page read and write
|
||
|
2B08000
|
remote allocation
|
page execute and read and write
|
||
|
33EB000
|
heap
|
page read and write
|
||
|
4DAE000
|
stack
|
page read and write
|
||
|
5E3F000
|
direct allocation
|
page read and write
|
||
|
4D6E000
|
stack
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
6C2000
|
heap
|
page read and write
|
||
|
BCF000
|
heap
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
33FE000
|
heap
|
page read and write
|
||
|
4AD0000
|
direct allocation
|
page read and write
|
||
|
10E28000
|
unkown
|
page write copy
|
||
|
2BB9000
|
heap
|
page read and write
|
||
|
A7D000
|
stack
|
page read and write
|
||
|
3690000
|
heap
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
B3F000
|
stack
|
page read and write
|
||
|
8BC000
|
stack
|
page read and write
|
||
|
10BE4000
|
unkown
|
page readonly
|
||
|
1CCB4F00000
|
heap
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
57E7000
|
direct allocation
|
page read and write
|
||
|
32F0000
|
heap
|
page read and write
|
||
|
52B000
|
stack
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
474D000
|
stack
|
page read and write
|
||
|
2A60000
|
heap
|
page read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
2AB8000
|
remote allocation
|
page execute and read and write
|
||
|
10F42000
|
unkown
|
page readonly
|
||
|
10F42000
|
unkown
|
page readonly
|
||
|
43B000
|
stack
|
page read and write
|
||
|
10F5A000
|
unkown
|
page readonly
|
||
|
3912000
|
heap
|
page read and write
|
||
|
4633000
|
heap
|
page read and write
|
||
|
10DA4000
|
unkown
|
page readonly
|
||
|
51EB000
|
direct allocation
|
page read and write
|
||
|
3420000
|
heap
|
page read and write
|
||
|
10E1C000
|
unkown
|
page write copy
|
||
|
10F5A000
|
unkown
|
page readonly
|
||
|
53A8000
|
direct allocation
|
page execute and read and write
|
||
|
2C0E000
|
stack
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
33CA000
|
heap
|
page read and write
|
||
|
326D000
|
stack
|
page read and write
|
||
|
455E000
|
stack
|
page read and write
|
||
|
10DA4000
|
unkown
|
page readonly
|
||
|
10E28000
|
unkown
|
page write copy
|
||
|
2B0C000
|
stack
|
page read and write
|
||
|
42D0000
|
heap
|
page read and write
|
||
|
55FF000
|
direct allocation
|
page read and write
|
||
|
34B0000
|
heap
|
page read and write
|
||
|
9BC6C7F000
|
stack
|
page read and write
|
||
|
10A01000
|
unkown
|
page execute read
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
358D000
|
heap
|
page read and write
|
||
|
BDC000
|
heap
|
page read and write
|
||
|
32D7000
|
heap
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
10DA4000
|
unkown
|
page readonly
|
||
|
5E4B000
|
direct allocation
|
page read and write
|
||
|
2FEF000
|
stack
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
10F42000
|
unkown
|
page readonly
|
||
|
2FBD000
|
heap
|
page read and write
|
||
|
2BB6000
|
heap
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
6B7000
|
heap
|
page read and write
|
||
|
9BC69AF000
|
stack
|
page read and write
|
||
|
2ADC000
|
stack
|
page read and write
|
||
|
4310000
|
direct allocation
|
page read and write
|
||
|
34E0000
|
heap
|
page read and write
|
||
|
2E47000
|
heap
|
page read and write
|
||
|
2BC7000
|
heap
|
page read and write
|
||
|
9FE000
|
stack
|
page read and write
|
||
|
10F5A000
|
unkown
|
page readonly
|
||
|
10A01000
|
unkown
|
page execute read
|
||
|
36C4000
|
heap
|
page read and write
|
||
|
6BC000
|
heap
|
page read and write
|
||
|
4F70000
|
direct allocation
|
page read and write
|
||
|
6BB000
|
heap
|
page read and write
|
||
|
53C0000
|
direct allocation
|
page read and write
|
||
|
73845AB000
|
stack
|
page read and write
|
||
|
27B5000
|
stack
|
page read and write
|
||
|
2D2E000
|
stack
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
357E000
|
heap
|
page read and write
|
There are 476 hidden memdumps, click here to show them.