Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\Program Files (x86)\fnSearcher\fnsearcher68.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
||
C:\Program Files (x86)\fnSearcher\is-6KAKC.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\fnSearcher\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-6LIA6.tmp\_isetup\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-6LIA6.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-VVS8D.tmp\is-SQE6E.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Roaming\{e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}\0JzI2az.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\fnSearcher\checksums.txt (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Program Files (x86)\fnSearcher\completed.wav (copy)
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz
|
dropped
|
||
C:\Program Files (x86)\fnSearcher\history.rtf (copy)
|
Rich Text Format data, version 1, ANSI, code page 1251, default middle east language ID 1025
|
dropped
|
||
C:\Program Files (x86)\fnSearcher\is-15O1T.tmp
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz
|
dropped
|
||
C:\Program Files (x86)\fnSearcher\is-51KLJ.tmp
|
data
|
dropped
|
||
C:\Program Files (x86)\fnSearcher\is-7C4Q3.tmp
|
Rich Text Format data, version 1, ANSI, code page 1251, default middle east language ID 1025
|
dropped
|
||
C:\Program Files (x86)\fnSearcher\is-8S345.tmp
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Program Files (x86)\fnSearcher\is-DS22N.tmp
|
MS Windows icon resource - 7 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
|
dropped
|
||
C:\Program Files (x86)\fnSearcher\is-E8ARN.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Program Files (x86)\fnSearcher\is-OS12U.tmp
|
Rich Text Format data, version 1, ANSI, code page 1251, default middle east language ID 1025
|
dropped
|
||
C:\Program Files (x86)\fnSearcher\is-S6A9T.tmp
|
Rich Text Format data, version 1, ANSI, code page 1251, default middle east language ID 1025
|
dropped
|
||
C:\Program Files (x86)\fnSearcher\license_en.rtf (copy)
|
Rich Text Format data, version 1, ANSI, code page 1251, default middle east language ID 1025
|
dropped
|
||
C:\Program Files (x86)\fnSearcher\license_ru.rtf (copy)
|
Rich Text Format data, version 1, ANSI, code page 1251, default middle east language ID 1025
|
dropped
|
||
C:\Program Files (x86)\fnSearcher\reset.bat (copy)
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Program Files (x86)\fnSearcher\unins.ico (copy)
|
MS Windows icon resource - 7 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
|
dropped
|
||
C:\Program Files (x86)\fnSearcher\unins000.dat
|
InnoSetup Log FNSearcher {b264a18E-91B4-4910-9006-8bf37124b695}, version 0x2d, 3779 bytes, 367706\user, "C:\Program Files
(x86)\fnSearcher"
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ping[1].htm
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\count[1].htm
|
very short file (no magic)
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\library[1].htm
|
very short file (no magic)
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\fuckingdllENCR[1].dll
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\count[1].htm
|
very short file (no magic)
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\library[1].htm
|
very short file (no magic)
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-6LIA6.tmp\_isetup\_RegDLL.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-6LIA6.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
There are 22 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\file.exe
|
C:\Users\user\Desktop\file.exe
|
||
C:\Program Files (x86)\fnSearcher\fnsearcher68.exe
|
"C:\Program Files (x86)\fnSearcher\fnsearcher68.exe"
|
||
C:\Users\user\AppData\Roaming\{e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}\0JzI2az.exe
|
|
||
C:\Users\user\AppData\Local\Temp\is-VVS8D.tmp\is-SQE6E.tmp
|
"C:\Users\user\AppData\Local\Temp\is-VVS8D.tmp\is-SQE6E.tmp" /SL4 $30224 "C:\Users\user\Desktop\file.exe" 2630911 52736
|
||
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c taskkill /im "fnsearcher68.exe" /f & erase "C:\Program Files (x86)\fnSearcher\fnsearcher68.exe"
& exit
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\SysWOW64\taskkill.exe
|
taskkill /im "fnsearcher68.exe" /f
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://171.22.30.106/library.php
|
171.22.30.106
|
||
http://45.139.105.171/itsnotmalware/count.php?sub=NOSUB&stream=start&substream=mixinte
|
45.139.105.171
|
||
http://www.innosetup.com/
|
unknown
|
||
http://www.n-group.info
|
unknown
|
||
http://www.fn-group.info/-http://www.fn-group.info/fnsearcher/help.html1http://www.fn-group.info/fns
|
unknown
|
||
http://www.fn-group.info/fnsearcher/help.html1
|
unknown
|
||
http://45.139.105.171/itsnotmalware/count.php?sub=NOSUB&stream=mixtwo&substream=mixinte
|
45.139.105.171
|
||
http://www.fn-group.info/fnsearcher/help.html
|
unknown
|
||
http://www.fn-group.info/
|
unknown
|
||
http://www.fn-group.info/fnsearcher/download.html
|
unknown
|
||
http://www.fn-group.info/-
|
unknown
|
||
http://107.182.129.235/storage/extension.php
|
107.182.129.235
|
||
http://www.remobjects.com/?ps
|
unknown
|
||
http://www.fn-group.info/fnsearcher/help.htmlB
|
unknown
|
||
http://www.kungsoft.com
|
unknown
|
||
http://107.182.129.235/storage/ping.php
|
107.182.129.235
|
||
http://www.fn-group.info/8
|
unknown
|
||
http://www.fn-group.info/fnsearcher/download.htmlw
|
unknown
|
||
http://www.remobjects.com/?psU
|
unknown
|
There are 9 hidden URLs, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
45.139.105.1
|
unknown
|
Italy
|
||
85.31.46.167
|
unknown
|
Germany
|
||
45.139.105.171
|
unknown
|
Italy
|
||
107.182.129.235
|
unknown
|
Reserved
|
||
171.22.30.106
|
unknown
|
Germany
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b264a18E-91B4-4910-9006-8bf37124b695}_is1
|
Inno Setup: Setup Version
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b264a18E-91B4-4910-9006-8bf37124b695}_is1
|
Inno Setup: App Path
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b264a18E-91B4-4910-9006-8bf37124b695}_is1
|
InstallLocation
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b264a18E-91B4-4910-9006-8bf37124b695}_is1
|
Inno Setup: Icon Group
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b264a18E-91B4-4910-9006-8bf37124b695}_is1
|
Inno Setup: User
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b264a18E-91B4-4910-9006-8bf37124b695}_is1
|
DisplayName
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b264a18E-91B4-4910-9006-8bf37124b695}_is1
|
UninstallString
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b264a18E-91B4-4910-9006-8bf37124b695}_is1
|
QuietUninstallString
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b264a18E-91B4-4910-9006-8bf37124b695}_is1
|
DisplayVersion
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b264a18E-91B4-4910-9006-8bf37124b695}_is1
|
Publisher
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b264a18E-91B4-4910-9006-8bf37124b695}_is1
|
URLInfoAbout
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b264a18E-91B4-4910-9006-8bf37124b695}_is1
|
HelpLink
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b264a18E-91B4-4910-9006-8bf37124b695}_is1
|
URLUpdateInfo
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b264a18E-91B4-4910-9006-8bf37124b695}_is1
|
NoModify
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b264a18E-91B4-4910-9006-8bf37124b695}_is1
|
NoRepair
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b264a18E-91B4-4910-9006-8bf37124b695}_is1
|
InstallDate
|
There are 6 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
400000
|
unkown
|
page execute and read and write
|
||
37D0000
|
direct allocation
|
page read and write
|
||
23C17AE2000
|
heap
|
page read and write
|
||
1FA2DFE000
|
stack
|
page read and write
|
||
11EBA196000
|
heap
|
page read and write
|
||
274D452D000
|
heap
|
page read and write
|
||
BEFB37D000
|
stack
|
page read and write
|
||
23E9A86F000
|
heap
|
page read and write
|
||
174B000
|
heap
|
page read and write
|
||
98F000
|
stack
|
page read and write
|
||
A8F000
|
stack
|
page read and write
|
||
274D43E0000
|
remote allocation
|
page read and write
|
||
453A000
|
trusted library allocation
|
page read and write
|
||
23E9A861000
|
heap
|
page read and write
|
||
23C17B02000
|
heap
|
page read and write
|
||
10002000
|
unkown
|
page readonly
|
||
1C6AB229000
|
heap
|
page read and write
|
||
452000
|
unkown
|
page execute and read and write
|
||
453A000
|
trusted library allocation
|
page read and write
|
||
40B000
|
unkown
|
page write copy
|
||
3A6E000
|
stack
|
page read and write
|
||
1AF0000
|
trusted library allocation
|
page read and write
|
||
23C17ACE000
|
heap
|
page read and write
|
||
1C6AB302000
|
heap
|
page read and write
|
||
11EBA100000
|
heap
|
page read and write
|
||
620177F000
|
stack
|
page read and write
|
||
274D4502000
|
heap
|
page read and write
|
||
1842B713000
|
heap
|
page read and write
|
||
11EB982D000
|
heap
|
page read and write
|
||
44C1000
|
trusted library allocation
|
page read and write
|
||
1783000
|
heap
|
page read and write
|
||
7DF000
|
heap
|
page read and write
|
||
274D4484000
|
heap
|
page read and write
|
||
841000
|
heap
|
page read and write
|
||
7F8B37C000
|
stack
|
page read and write
|
||
5C5000
|
heap
|
page read and write
|
||
44EE000
|
trusted library allocation
|
page read and write
|
||
3F2F000
|
stack
|
page read and write
|
||
40D000
|
unkown
|
page write copy
|
||
1842B460000
|
heap
|
page read and write
|
||
23C17A00000
|
heap
|
page read and write
|
||
2365000
|
heap
|
page read and write
|
||
332E000
|
stack
|
page read and write
|
||
1842B613000
|
heap
|
page read and write
|
||
23E9A86D000
|
heap
|
page read and write
|
||
1629000
|
unkown
|
page execute and write copy
|
||
9C000
|
stack
|
page read and write
|
||
491000
|
unkown
|
page write copy
|
||
BEFAD7B000
|
stack
|
page read and write
|
||
1D67FB02000
|
heap
|
page read and write
|
||
3470000
|
direct allocation
|
page read and write
|
||
48E000
|
unkown
|
page read and write
|
||
1D67FA13000
|
heap
|
page read and write
|
||
7D1000
|
heap
|
page read and write
|
||
BEFB47F000
|
stack
|
page read and write
|
||
2350000
|
direct allocation
|
page execute and read and write
|
||
2B31C480000
|
heap
|
page read and write
|
||
3190000
|
direct allocation
|
page read and write
|
||
23E9A839000
|
heap
|
page read and write
|
||
4AE000
|
stack
|
page read and write
|
||
44EE000
|
trusted library allocation
|
page read and write
|
||
1842B65B000
|
heap
|
page read and write
|
||
44EE000
|
trusted library allocation
|
page read and write
|
||
2B31C600000
|
heap
|
page read and write
|
||
1D67FA3E000
|
heap
|
page read and write
|
||
1ADF000
|
stack
|
page read and write
|
||
3440000
|
direct allocation
|
page read and write
|
||
4A0F000
|
stack
|
page read and write
|
||
11EB99E5000
|
heap
|
page read and write
|
||
11EBA143000
|
heap
|
page read and write
|
||
45CB000
|
trusted library allocation
|
page read and write
|
||
21C0000
|
direct allocation
|
page read and write
|
||
453A000
|
trusted library allocation
|
page read and write
|
||
1D67FA02000
|
heap
|
page read and write
|
||
3B6F000
|
stack
|
page read and write
|
||
815000
|
heap
|
page read and write
|
||
420000
|
trusted library allocation
|
page read and write
|
||
274D43E0000
|
remote allocation
|
page read and write
|
||
274D4449000
|
heap
|
page read and write
|
||
1D67F980000
|
trusted library allocation
|
page read and write
|
||
CD725FE000
|
stack
|
page read and write
|
||
1842B666000
|
heap
|
page read and write
|
||
EB507F000
|
stack
|
page read and write
|
||
45CB000
|
trusted library allocation
|
page read and write
|
||
78E000
|
stack
|
page read and write
|
||
43BB000
|
trusted library allocation
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
7D5000
|
heap
|
page read and write
|
||
453A000
|
trusted library allocation
|
page read and write
|
||
23C18202000
|
heap
|
page read and write
|
||
62019FD000
|
stack
|
page read and write
|
||
176F000
|
heap
|
page read and write
|
||
11EB96C0000
|
heap
|
page read and write
|
||
EB4F7E000
|
stack
|
page read and write
|
||
665387E000
|
stack
|
page read and write
|
||
48E000
|
unkown
|
page write copy
|
||
1D67FA36000
|
heap
|
page read and write
|
||
1D67FA2F000
|
heap
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
32B0000
|
trusted library allocation
|
page read and write
|
||
13CA000
|
unkown
|
page execute and write copy
|
||
5C0000
|
heap
|
page read and write
|
||
A11000
|
unkown
|
page execute read
|
||
2820000
|
trusted library allocation
|
page read and write
|
||
11EB9858000
|
heap
|
page read and write
|
||
23E9A850000
|
heap
|
page read and write
|
||
23E9A844000
|
heap
|
page read and write
|
||
3830000
|
direct allocation
|
page read and write
|
||
11EB9813000
|
heap
|
page read and write
|
||
3F40000
|
heap
|
page read and write
|
||
2B31CE02000
|
trusted library allocation
|
page read and write
|
||
2B31C628000
|
heap
|
page read and write
|
||
11EB986F000
|
heap
|
page read and write
|
||
3DEF000
|
stack
|
page read and write
|
||
450C000
|
trusted library allocation
|
page read and write
|
||
274D4449000
|
heap
|
page read and write
|
||
274D41E0000
|
heap
|
page read and write
|
||
23E9A87B000
|
heap
|
page read and write
|
||
47DE000
|
stack
|
page read and write
|
||
23C17A2A000
|
heap
|
page read and write
|
||
3341000
|
trusted library allocation
|
page read and write
|
||
11EB988F000
|
heap
|
page read and write
|
||
23E9A84E000
|
heap
|
page read and write
|
||
3860000
|
direct allocation
|
page read and write
|
||
815000
|
heap
|
page read and write
|
||
11EB983C000
|
heap
|
page read and write
|
||
60E000
|
stack
|
page read and write
|
||
23E9A849000
|
heap
|
page read and write
|
||
13B4000
|
unkown
|
page execute and write copy
|
||
21C1000
|
direct allocation
|
page read and write
|
||
11EBA102000
|
heap
|
page read and write
|
||
23E9A865000
|
heap
|
page read and write
|
||
162D000
|
unkown
|
page execute and write copy
|
||
10001000
|
direct allocation
|
page execute read
|
||
31DE000
|
stack
|
page read and write
|
||
81A000
|
heap
|
page read and write
|
||
274D4402000
|
heap
|
page read and write
|
||
465E4F9000
|
stack
|
page read and write
|
||
2256000
|
direct allocation
|
page read and write
|
||
A10000
|
unkown
|
page readonly
|
||
10000000
|
direct allocation
|
page read and write
|
||
1C6AB202000
|
heap
|
page read and write
|
||
2279000
|
direct allocation
|
page read and write
|
||
23F0000
|
direct allocation
|
page read and write
|
||
97000
|
stack
|
page read and write
|
||
23E9A840000
|
heap
|
page read and write
|
||
49F000
|
unkown
|
page readonly
|
||
1B00000
|
heap
|
page read and write
|
||
1FA24FB000
|
stack
|
page read and write
|
||
11EB99B9000
|
heap
|
page read and write
|
||
500000
|
heap
|
page read and write
|
||
BEFAEFC000
|
stack
|
page read and write
|
||
11EB9829000
|
heap
|
page read and write
|
||
450C000
|
trusted library allocation
|
page read and write
|
||
274D4459000
|
heap
|
page read and write
|
||
274D4250000
|
heap
|
page read and write
|
||
450C000
|
trusted library allocation
|
page read and write
|
||
1842B4C0000
|
heap
|
page read and write
|
||
4EE000
|
stack
|
page read and write
|
||
274D4473000
|
heap
|
page read and write
|
||
178E000
|
heap
|
page read and write
|
||
11EBA002000
|
heap
|
page read and write
|
||
1842B600000
|
heap
|
page read and write
|
||
274D41F0000
|
heap
|
page read and write
|
||
7F8000
|
heap
|
page read and write
|
||
70A000
|
heap
|
page read and write
|
||
45CB000
|
trusted library allocation
|
page read and write
|
||
16FE000
|
stack
|
page read and write
|
||
450C000
|
trusted library allocation
|
page read and write
|
||
1842B629000
|
heap
|
page read and write
|
||
4240000
|
heap
|
page read and write
|
||
274D448A000
|
heap
|
page read and write
|
||
1677000
|
heap
|
page read and write
|
||
1C6AB860000
|
remote allocation
|
page read and write
|
||
40EE000
|
stack
|
page read and write
|
||
EB4AF9000
|
stack
|
page read and write
|
||
274D4413000
|
heap
|
page read and write
|
||
19DF000
|
stack
|
page read and write
|
||
274D5E02000
|
trusted library allocation
|
page read and write
|
||
177F000
|
heap
|
page read and write
|
||
11EB9913000
|
heap
|
page read and write
|
||
1842B450000
|
heap
|
page read and write
|
||
23C17A70000
|
heap
|
page read and write
|
||
465E3FE000
|
stack
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
CD71D9C000
|
stack
|
page read and write
|
||
2B31C702000
|
heap
|
page read and write
|
||
4340000
|
trusted library allocation
|
page read and write
|
||
BEFB27F000
|
stack
|
page read and write
|
||
230000
|
heap
|
page read and write
|
||
409C000
|
stack
|
page read and write
|
||
11EB9E80000
|
trusted library allocation
|
page read and write
|
||
620167E000
|
stack
|
page read and write
|
||
1C6AB070000
|
heap
|
page read and write
|
||
2B31C679000
|
heap
|
page read and write
|
||
3E2E000
|
stack
|
page read and write
|
||
1FA2AFF000
|
stack
|
page read and write
|
||
3BAE000
|
stack
|
page read and write
|
||
A11000
|
unkown
|
page execute read
|
||
11EBA122000
|
heap
|
page read and write
|
||
2254000
|
direct allocation
|
page read and write
|
||
EB487A000
|
stack
|
page read and write
|
||
453A000
|
trusted library allocation
|
page read and write
|
||
1842B669000
|
heap
|
page read and write
|
||
23E9A83D000
|
heap
|
page read and write
|
||
10000000
|
unkown
|
page readonly
|
||
BEFAFFE000
|
stack
|
page read and write
|
||
11EBA1BF000
|
heap
|
page read and write
|
||
450C000
|
trusted library allocation
|
page read and write
|
||
2B31C602000
|
heap
|
page read and write
|
||
23E9A590000
|
heap
|
page read and write
|
||
1C6AB251000
|
heap
|
page read and write
|
||
1FA208B000
|
stack
|
page read and write
|
||
3480000
|
trusted library allocation
|
page read and write
|
||
45CB000
|
trusted library allocation
|
page read and write
|
||
23E9A87D000
|
heap
|
page read and write
|
||
29D000
|
stack
|
page read and write
|
||
274D5DA0000
|
trusted library allocation
|
page read and write
|
||
1FA2BFE000
|
stack
|
page read and write
|
||
1784000
|
heap
|
page read and write
|
||
23E9A856000
|
heap
|
page read and write
|
||
18F000
|
stack
|
page read and write
|
||
162B000
|
unkown
|
page execute and write copy
|
||
1C6AB213000
|
heap
|
page read and write
|
||
44EE000
|
trusted library allocation
|
page read and write
|
||
453A000
|
trusted library allocation
|
page read and write
|
||
23C179C0000
|
trusted library allocation
|
page read and write
|
||
EB4EFE000
|
stack
|
page read and write
|
||
23E9A841000
|
heap
|
page read and write
|
||
23E9A875000
|
heap
|
page read and write
|
||
1842BE02000
|
trusted library allocation
|
page read and write
|
||
492C000
|
stack
|
page read and write
|
||
1D67FA00000
|
heap
|
page read and write
|
||
21C8000
|
direct allocation
|
page read and write
|
||
7F8B47F000
|
stack
|
page read and write
|
||
7F8ADFE000
|
stack
|
page read and write
|
||
23E9A600000
|
heap
|
page read and write
|
||
2248000
|
direct allocation
|
page read and write
|
||
44EE000
|
trusted library allocation
|
page read and write
|
||
1D680002000
|
trusted library allocation
|
page read and write
|
||
23E9A862000
|
heap
|
page read and write
|
||
1C6AB860000
|
remote allocation
|
page read and write
|
||
2B31C700000
|
heap
|
page read and write
|
||
23C17B13000
|
heap
|
page read and write
|
||
CD723FB000
|
stack
|
page read and write
|
||
11EB9800000
|
heap
|
page read and write
|
||
274D443D000
|
heap
|
page read and write
|
||
11EB998C000
|
heap
|
page read and write
|
||
EB467B000
|
stack
|
page read and write
|
||
178E000
|
heap
|
page read and write
|
||
1783000
|
heap
|
page read and write
|
||
23C17ABD000
|
heap
|
page read and write
|
||
7C8000
|
heap
|
page read and write
|
||
4340000
|
trusted library allocation
|
page read and write
|
||
11EBA202000
|
heap
|
page read and write
|
||
790000
|
heap
|
page read and write
|
||
23E9A863000
|
heap
|
page read and write
|
||
178E000
|
heap
|
page read and write
|
||
171A000
|
heap
|
page read and write
|
||
23E9A855000
|
heap
|
page read and write
|
||
1FA25FC000
|
stack
|
page read and write
|
||
BA0000
|
heap
|
page read and write
|
||
23E9A902000
|
heap
|
page read and write
|
||
23C18300000
|
heap
|
page read and write
|
||
460000
|
heap
|
page read and write
|
||
1749000
|
heap
|
page read and write
|
||
11EB9892000
|
heap
|
page read and write
|
||
11EBA200000
|
heap
|
page read and write
|
||
11EB9888000
|
heap
|
page read and write
|
||
30000
|
heap
|
page read and write
|
||
4241000
|
heap
|
page read and write
|
||
7D9000
|
heap
|
page read and write
|
||
1D67F880000
|
heap
|
page read and write
|
||
841000
|
heap
|
page read and write
|
||
7C8000
|
heap
|
page read and write
|
||
7F8A9EB000
|
stack
|
page read and write
|
||
2B31C713000
|
heap
|
page read and write
|
||
23F0000
|
direct allocation
|
page read and write
|
||
1842B702000
|
heap
|
page read and write
|
||
3CEE000
|
stack
|
page read and write
|
||
1C6AB0D0000
|
heap
|
page read and write
|
||
1842B5C0000
|
trusted library allocation
|
page read and write
|
||
23E9A829000
|
heap
|
page read and write
|
||
19C000
|
stack
|
page read and write
|
||
3480000
|
heap
|
page read and write
|
||
453A000
|
trusted library allocation
|
page read and write
|
||
177B000
|
heap
|
page read and write
|
||
23E9A846000
|
heap
|
page read and write
|
||
1700000
|
trusted library allocation
|
page read and write
|
||
1670000
|
heap
|
page read and write
|
||
11EB9876000
|
heap
|
page read and write
|
||
1FA27FF000
|
stack
|
page read and write
|
||
11EBA230000
|
heap
|
page read and write
|
||
30000
|
heap
|
page read and write
|
||
411000
|
unkown
|
page readonly
|
||
1B05000
|
heap
|
page read and write
|
||
EB4DFF000
|
stack
|
page read and write
|
||
7CF000
|
stack
|
page read and write
|
||
450C000
|
trusted library allocation
|
page read and write
|
||
7CE000
|
heap
|
page read and write
|
||
23E9A845000
|
heap
|
page read and write
|
||
465E2FC000
|
stack
|
page read and write
|
||
23E9A7D0000
|
trusted library allocation
|
page read and write
|
||
470000
|
unkown
|
page readonly
|
||
23E9A84B000
|
heap
|
page read and write
|
||
450C000
|
trusted library allocation
|
page read and write
|
||
465E1FA000
|
stack
|
page read and write
|
||
2B31C66B000
|
heap
|
page read and write
|
||
23E9A848000
|
heap
|
page read and write
|
||
66532BC000
|
stack
|
page read and write
|
||
23C17850000
|
heap
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
11EB9720000
|
heap
|
page read and write
|
||
23E9A868000
|
heap
|
page read and write
|
||
2245000
|
direct allocation
|
page read and write
|
||
7F8000
|
heap
|
page read and write
|
||
28A0000
|
trusted library allocation
|
page read and write
|
||
1710000
|
heap
|
page read and write
|
||
BEFAE7F000
|
stack
|
page read and write
|
||
11EB9854000
|
heap
|
page read and write
|
||
409E000
|
stack
|
page read and write
|
||
9C000
|
stack
|
page read and write
|
||
23E9A84F000
|
heap
|
page read and write
|
||
508000
|
heap
|
page read and write
|
||
178E000
|
heap
|
page read and write
|
||
23C17A13000
|
heap
|
page read and write
|
||
11EBA1CB000
|
heap
|
page read and write
|
||
EB4CFA000
|
stack
|
page read and write
|
||
41EA000
|
stack
|
page read and write
|
||
7D1000
|
heap
|
page read and write
|
||
23C17AC4000
|
heap
|
page read and write
|
||
274D4350000
|
trusted library allocation
|
page read and write
|
||
1675000
|
heap
|
page read and write
|
||
A10000
|
unkown
|
page readonly
|
||
11EB96B0000
|
heap
|
page read and write
|
||
45CB000
|
trusted library allocation
|
page read and write
|
||
23E9A86B000
|
heap
|
page read and write
|
||
227C000
|
direct allocation
|
page read and write
|
||
2B31C613000
|
heap
|
page read and write
|
||
2278000
|
direct allocation
|
page read and write
|
||
2369000
|
heap
|
page read and write
|
||
BEFB07B000
|
stack
|
page read and write
|
||
1809000
|
heap
|
page read and write
|
||
450C000
|
trusted library allocation
|
page read and write
|
||
62015FF000
|
stack
|
page read and write
|
||
45CB000
|
trusted library allocation
|
page read and write
|
||
EB4A7B000
|
stack
|
page read and write
|
||
66533BE000
|
stack
|
page read and write
|
||
1C6AB200000
|
heap
|
page read and write
|
||
10001000
|
unkown
|
page execute read
|
||
411000
|
unkown
|
page readonly
|
||
8CF000
|
stack
|
page read and write
|
||
A1C000
|
unkown
|
page readonly
|
||
44EE000
|
trusted library allocation
|
page read and write
|
||
453A000
|
trusted library allocation
|
page read and write
|
||
1FA28FD000
|
stack
|
page read and write
|
||
2B31C580000
|
trusted library allocation
|
page read and write
|
||
1842B63D000
|
heap
|
page read and write
|
||
23A0000
|
trusted library allocation
|
page read and write
|
||
7F8000
|
heap
|
page read and write
|
||
274D4465000
|
heap
|
page read and write
|
||
3890000
|
direct allocation
|
page read and write
|
||
6201B7E000
|
stack
|
page read and write
|
||
23E9A813000
|
heap
|
page read and write
|
||
32DF000
|
stack
|
page read and write
|
||
44EE000
|
trusted library allocation
|
page read and write
|
||
274D4513000
|
heap
|
page read and write
|
||
44EE000
|
trusted library allocation
|
page read and write
|
||
11EBA227000
|
heap
|
page read and write
|
||
EB4BFE000
|
stack
|
page read and write
|
||
45CB000
|
trusted library allocation
|
page read and write
|
||
23E9A87E000
|
heap
|
page read and write
|
||
450C000
|
trusted library allocation
|
page read and write
|
||
465DCFC000
|
stack
|
page read and write
|
||
30000
|
heap
|
page read and write
|
||
BEFB17C000
|
stack
|
page read and write
|
||
274D43E0000
|
remote allocation
|
page read and write
|
||
274D43A0000
|
trusted library allocation
|
page read and write
|
||
1C6AB1D0000
|
trusted library allocation
|
page read and write
|
||
620187D000
|
stack
|
page read and write
|
||
7F8AF7E000
|
stack
|
page read and write
|
||
620117B000
|
stack
|
page read and write
|
||
1D67FA3B000
|
heap
|
page read and write
|
||
7F8B07F000
|
stack
|
page read and write
|
||
45CB000
|
trusted library allocation
|
page read and write
|
||
443D000
|
trusted library allocation
|
page read and write
|
||
45CB000
|
trusted library allocation
|
page read and write
|
||
45CB000
|
trusted library allocation
|
page read and write
|
||
815000
|
heap
|
page read and write
|
||
7C2000
|
heap
|
page read and write
|
||
274D4529000
|
heap
|
page read and write
|
||
23E9A86A000
|
heap
|
page read and write
|
||
1D67FA55000
|
heap
|
page read and write
|
||
23A0000
|
heap
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
70F000
|
stack
|
page read and write
|
||
274D4449000
|
heap
|
page read and write
|
||
274D445F000
|
heap
|
page read and write
|
||
1D67F830000
|
heap
|
page read and write
|
||
11EBA122000
|
heap
|
page read and write
|
||
A22000
|
unkown
|
page write copy
|
||
665377E000
|
stack
|
page read and write
|
||
23C17860000
|
heap
|
page read and write
|
||
CD722FB000
|
stack
|
page read and write
|
||
BEFA77B000
|
stack
|
page read and write
|
||
680000
|
heap
|
page read and write
|
||
274D4459000
|
heap
|
page read and write
|
||
11EB9865000
|
heap
|
page read and write
|
||
6201AFD000
|
stack
|
page read and write
|
||
665333E000
|
stack
|
page read and write
|
||
23E9A842000
|
heap
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
23E9A847000
|
heap
|
page read and write
|
||
453A000
|
trusted library allocation
|
page read and write
|
||
23C17A8A000
|
heap
|
page read and write
|
||
3CAF000
|
stack
|
page read and write
|
||
7F8B57D000
|
stack
|
page read and write
|
||
44E1000
|
trusted library allocation
|
page read and write
|
||
83F000
|
heap
|
page read and write
|
||
11EB9843000
|
heap
|
page read and write
|
||
BEFAB7F000
|
stack
|
page read and write
|
||
2790000
|
heap
|
page read and write
|
||
CD724FB000
|
stack
|
page read and write
|
||
342F000
|
stack
|
page read and write
|
||
2290000
|
direct allocation
|
page read and write
|
||
7F8B17F000
|
stack
|
page read and write
|
||
274D4400000
|
heap
|
page read and write
|
||
1779000
|
heap
|
page read and write
|
||
453A000
|
trusted library allocation
|
page read and write
|
||
23E9A884000
|
heap
|
page read and write
|
||
1FA2CFF000
|
stack
|
page read and write
|
||
23C17A45000
|
heap
|
page read and write
|
||
1D67FA51000
|
heap
|
page read and write
|
||
11EBA1B1000
|
heap
|
page read and write
|
||
665397E000
|
stack
|
page read and write
|
||
2B31C410000
|
heap
|
page read and write
|
||
1640000
|
trusted library allocation
|
page read and write
|
||
A24000
|
unkown
|
page readonly
|
||
4241000
|
heap
|
page read and write
|
||
11EBA173000
|
heap
|
page read and write
|
||
74E000
|
stack
|
page read and write
|
||
10017000
|
direct allocation
|
page read and write
|
||
4340000
|
trusted library allocation
|
page read and write
|
||
7F8000
|
heap
|
page read and write
|
||
10010000
|
direct allocation
|
page readonly
|
||
2390000
|
trusted library allocation
|
page read and write
|
||
11EBA154000
|
heap
|
page read and write
|
||
3190000
|
direct allocation
|
page read and write
|
||
7D9000
|
heap
|
page read and write
|
||
3880000
|
direct allocation
|
page read and write
|
||
62018FF000
|
stack
|
page read and write
|
||
1C6AB237000
|
heap
|
page read and write
|
||
274D442A000
|
heap
|
page read and write
|
||
79A000
|
heap
|
page read and write
|
||
600000
|
trusted library allocation
|
page read and write
|
||
199000
|
stack
|
page read and write
|
||
48F0000
|
heap
|
page read and write
|
||
453A000
|
trusted library allocation
|
page read and write
|
||
7F8B27C000
|
stack
|
page read and write
|
||
23E9A864000
|
heap
|
page read and write
|
||
274D4459000
|
heap
|
page read and write
|
||
23E9A874000
|
heap
|
page read and write
|
||
39DF000
|
stack
|
page read and write
|
||
815000
|
heap
|
page read and write
|
||
23E9AE02000
|
trusted library allocation
|
page read and write
|
||
21B4000
|
direct allocation
|
page read and write
|
||
23E9A830000
|
heap
|
page read and write
|
||
11EBA223000
|
heap
|
page read and write
|
||
1001A000
|
direct allocation
|
page read and write
|
||
10019000
|
direct allocation
|
page readonly
|
||
11EB9891000
|
heap
|
page read and write
|
||
2410000
|
heap
|
page read and write
|
||
1276000
|
unkown
|
page readonly
|
||
2B31C65A000
|
heap
|
page read and write
|
||
2B31C640000
|
heap
|
page read and write
|
||
44EE000
|
trusted library allocation
|
page read and write
|
||
590000
|
trusted library allocation
|
page read and write
|
||
6653A7F000
|
stack
|
page read and write
|
||
2B31C420000
|
heap
|
page read and write
|
||
16BE000
|
stack
|
page read and write
|
||
4820000
|
heap
|
page read and write
|
||
A24000
|
unkown
|
page readonly
|
||
49F000
|
unkown
|
page readonly
|
||
1C6AB060000
|
heap
|
page read and write
|
||
A1C000
|
unkown
|
page readonly
|
||
400000
|
unkown
|
page readonly
|
||
45CB000
|
trusted library allocation
|
page read and write
|
||
2414000
|
heap
|
page read and write
|
||
38DD000
|
stack
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
1D67FA46000
|
heap
|
page read and write
|
||
23E9A5A0000
|
heap
|
page read and write
|
||
700000
|
heap
|
page read and write
|
||
1D67FA2A000
|
heap
|
page read and write
|
||
3440000
|
direct allocation
|
page read and write
|
||
11EB9EA0000
|
trusted library allocation
|
page read and write
|
||
1FA26FD000
|
stack
|
page read and write
|
||
274D4370000
|
trusted library allocation
|
page read and write
|
||
11EBA230000
|
heap
|
page read and write
|
||
11EB9873000
|
heap
|
page read and write
|
||
450C000
|
trusted library allocation
|
page read and write
|
||
A22000
|
unkown
|
page read and write
|
||
31C8000
|
direct allocation
|
page read and write
|
||
23C17AE8000
|
heap
|
page read and write
|
||
44EE000
|
trusted library allocation
|
page read and write
|
||
1630000
|
unkown
|
page execute and write copy
|
||
400000
|
unkown
|
page readonly
|
||
274D4500000
|
heap
|
page read and write
|
||
1FA29FF000
|
stack
|
page read and write
|
||
21B0000
|
direct allocation
|
page read and write
|
||
3F9E000
|
stack
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
450C000
|
trusted library allocation
|
page read and write
|
||
23E9A860000
|
heap
|
page read and write
|
||
465E0FE000
|
stack
|
page read and write
|
||
450C000
|
trusted library allocation
|
page read and write
|
||
453A000
|
trusted library allocation
|
page read and write
|
||
31AA000
|
direct allocation
|
page read and write
|
||
1C6AB860000
|
remote allocation
|
page read and write
|
||
23C178C0000
|
heap
|
page read and write
|
||
21D4000
|
direct allocation
|
page read and write
|
||
1C6ABA02000
|
trusted library allocation
|
page read and write
|
||
1842B677000
|
heap
|
page read and write
|
||
11EBA1C7000
|
heap
|
page read and write
|
||
843000
|
heap
|
page read and write
|
||
7D9000
|
heap
|
page read and write
|
||
2360000
|
heap
|
page read and write
|
||
35CE000
|
stack
|
page read and write
|
||
11EBA213000
|
heap
|
page read and write
|
||
1842B602000
|
heap
|
page read and write
|
||
1D67F820000
|
heap
|
page read and write
|
||
39C000
|
stack
|
page read and write
|
||
23E9A800000
|
heap
|
page read and write
|
||
1C6AB240000
|
heap
|
page read and write
|
||
40B000
|
unkown
|
page read and write
|
||
2240000
|
direct allocation
|
page read and write
|
||
EB497F000
|
stack
|
page read and write
|
||
44EE000
|
trusted library allocation
|
page read and write
|
||
45CB000
|
trusted library allocation
|
page read and write
|
There are 529 hidden memdumps, click here to show them.