Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
BiiRGnhWx8.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
initial sample
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 62919 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
modified
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\BiiRGnhWx8.dll"
|
||
C:\Windows\System32\regsvr32.exe
|
regsvr32.exe /s C:\Users\user\Desktop\BiiRGnhWx8.dll
|
||
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\BiiRGnhWx8.dll",#1
|
||
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\BiiRGnhWx8.dll,DllRegisterServer
|
||
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\YqXIJg\DVtVhKE.dll"
|
||
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\TgFfmbMXYVib\UjQs.dll"
|
||
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\OHxoym\IFbwNJIPHCLRsyw.dll"
|
||
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\NXFhDxP\qQByLosQZRktrA.dll"
|
||
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe" "C:\Windows\system32\YqXIJg\DVtVhKE.dll
|
||
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Users\user\AppData\Local\TJwwRjRVRG\fmtWLlvSoR.dll"
|
||
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\JEHCjtepagfsrQz\jHBB.dll"
|
||
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\HdSKRzl\HIWJamnkzbbhMRYe.dll"
|
||
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\IDqnZePrFBC\qFcZEWbJbr.dll"
|
||
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\FTRWInMVKbBAM\OqXi.dll"
|
||
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe" "C:\Windows\system32\JEHCjtepagfsrQz\jHBB.dll
|
||
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Users\user\AppData\Local\CFQcAaf\alGqQjfnqeipsC.dll"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\BiiRGnhWx8.dll",#1
|
There are 8 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://172.105.115.71:8080/
|
unknown
|
||
https://172.105.115.71:8080/exxsavonh/eocojilqywj/zliicjm/hatbre/b
|
unknown
|
||
http://ctl2.105.115.71:8080/
|
unknown
|
||
https://172.105.115.71:8080/exxsavonh/eocojilqywj/zliicjm/hatbre/
|
unknown
|
||
https://112.105.115.71:8080/
|
unknown
|
||
https://172.105.115.71:8080/s.dll
|
unknown
|
||
https://172.105.115.71:8080/fhbapco/qwoqdrltpngtcons/xmltlyltysiyxdbk/rxucyoknpgrotxw/
|
unknown
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
windowsupdatebg.s.llnwi.net
|
178.79.242.0
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
172.105.115.71
|
unknown
|
United States
|
||
188.165.79.151
|
unknown
|
France
|
||
196.44.98.190
|
unknown
|
Ghana
|
||
174.138.33.49
|
unknown
|
United States
|
||
36.67.23.59
|
unknown
|
Indonesia
|
||
103.41.204.169
|
unknown
|
Indonesia
|
||
85.214.67.203
|
unknown
|
Germany
|
||
83.229.80.93
|
unknown
|
United Kingdom
|
||
198.199.70.22
|
unknown
|
United States
|
||
93.104.209.107
|
unknown
|
Germany
|
||
186.250.48.5
|
unknown
|
Brazil
|
||
209.239.112.82
|
unknown
|
United States
|
||
175.126.176.79
|
unknown
|
Korea Republic of
|
||
128.199.242.164
|
unknown
|
United Kingdom
|
||
178.238.225.252
|
unknown
|
Germany
|
||
46.101.98.60
|
unknown
|
Netherlands
|
||
190.145.8.4
|
unknown
|
Colombia
|
||
82.98.180.154
|
unknown
|
Spain
|
||
103.71.99.57
|
unknown
|
India
|
||
87.106.97.83
|
unknown
|
Germany
|
||
103.254.12.236
|
unknown
|
Viet Nam
|
||
103.85.95.4
|
unknown
|
Indonesia
|
||
202.134.4.210
|
unknown
|
Indonesia
|
||
165.22.254.236
|
unknown
|
United States
|
||
78.47.204.80
|
unknown
|
Germany
|
||
118.98.72.86
|
unknown
|
Indonesia
|
||
139.59.80.108
|
unknown
|
Singapore
|
||
104.244.79.94
|
unknown
|
United States
|
||
37.44.244.177
|
unknown
|
Germany
|
||
51.75.33.122
|
unknown
|
France
|
||
160.16.143.191
|
unknown
|
Japan
|
||
103.56.149.105
|
unknown
|
Indonesia
|
||
85.25.120.45
|
unknown
|
Germany
|
||
139.196.72.155
|
unknown
|
China
|
||
115.178.55.22
|
unknown
|
Indonesia
|
||
103.126.216.86
|
unknown
|
Bangladesh
|
||
128.199.217.206
|
unknown
|
United Kingdom
|
||
114.79.130.68
|
unknown
|
India
|
||
103.224.241.74
|
unknown
|
India
|
||
210.57.209.142
|
unknown
|
Indonesia
|
||
202.28.34.99
|
unknown
|
Thailand
|
||
80.211.107.116
|
unknown
|
Italy
|
||
54.37.228.122
|
unknown
|
France
|
||
218.38.121.17
|
unknown
|
Korea Republic of
|
||
185.148.169.10
|
unknown
|
Germany
|
||
195.77.239.39
|
unknown
|
Spain
|
||
178.62.112.199
|
unknown
|
European Union
|
||
62.171.178.147
|
unknown
|
United Kingdom
|
||
64.227.55.231
|
unknown
|
United States
|
There are 39 hidden IPs, click here to show them.
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
DVtVhKE.dll
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
jHBB.dll
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
180001000
|
direct allocation
|
page execute read
|
||
1A76F930000
|
direct allocation
|
page execute and read and write
|
||
180001000
|
direct allocation
|
page execute read
|
||
1270000
|
direct allocation
|
page execute and read and write
|
||
180001000
|
direct allocation
|
page execute read
|
||
180001000
|
direct allocation
|
page execute read
|
||
180001000
|
direct allocation
|
page execute read
|
||
180001000
|
direct allocation
|
page execute read
|
||
1A790D80000
|
direct allocation
|
page execute and read and write
|
||
21EE5EB0000
|
direct allocation
|
page execute and read and write
|
||
F10000
|
direct allocation
|
page execute and read and write
|
||
1030000
|
direct allocation
|
page execute and read and write
|
||
36F51FE000
|
stack
|
page read and write
|
||
1A76F737000
|
heap
|
page read and write
|
||
1A76F74E000
|
heap
|
page read and write
|
||
1A76F9B0000
|
trusted library allocation
|
page read and write
|
||
1426000
|
heap
|
page read and write
|
||
7F5000
|
heap
|
page read and write
|
||
7ED000
|
heap
|
page read and write
|
||
1107000
|
heap
|
page read and write
|
||
133F000
|
stack
|
page read and write
|
||
CDE000
|
heap
|
page read and write
|
||
13B8000
|
heap
|
page read and write
|
||
80F000
|
heap
|
page read and write
|
||
CD7000
|
heap
|
page read and write
|
||
954F67E000
|
stack
|
page read and write
|
||
18002C000
|
direct allocation
|
page read and write
|
||
111E000
|
heap
|
page read and write
|
||
D56000
|
heap
|
page read and write
|
||
7FFA0AEE8000
|
unkown
|
page readonly
|
||
839B8FE000
|
stack
|
page read and write
|
||
310000
|
heap
|
page read and write
|
||
1A7711FC000
|
heap
|
page read and write
|
||
D37000
|
heap
|
page read and write
|
||
21EE5EE0000
|
direct allocation
|
page execute and read and write
|
||
7FFA0AF35000
|
unkown
|
page readonly
|
||
1A76F760000
|
heap
|
page read and write
|
||
1A790DDB000
|
heap
|
page read and write
|
||
21EE4490000
|
heap
|
page read and write
|
||
21EE4705000
|
heap
|
page read and write
|
||
596E000
|
stack
|
page read and write
|
||
2681000
|
heap
|
page read and write
|
||
C88000
|
heap
|
page read and write
|
||
26CC000
|
heap
|
page read and write
|
||
1A76F79A000
|
heap
|
page read and write
|
||
839B6FE000
|
stack
|
page read and write
|
||
CBB000
|
heap
|
page read and write
|
||
1200000
|
heap
|
page read and write
|
||
12C6000
|
heap
|
page read and write
|
||
CC9000
|
heap
|
page read and write
|
||
20DE000
|
stack
|
page read and write
|
||
CCE000
|
heap
|
page read and write
|
||
18002B000
|
direct allocation
|
page readonly
|
||
21EE4539000
|
heap
|
page read and write
|
||
12CE000
|
heap
|
page read and write
|
||
CF4000
|
heap
|
page read and write
|
||
21EE44FF000
|
heap
|
page read and write
|
||
310000
|
remote allocation
|
page read and write
|
||
310000
|
remote allocation
|
page read and write
|
||
5FA0000
|
trusted library allocation
|
page read and write
|
||
7ED000
|
heap
|
page read and write
|
||
CD7000
|
heap
|
page read and write
|
||
142F000
|
heap
|
page read and write
|
||
D0E000
|
heap
|
page read and write
|
||
1437000
|
heap
|
page read and write
|
||
310F000
|
heap
|
page read and write
|
||
262E000
|
stack
|
page read and write
|
||
1126000
|
heap
|
page read and write
|
||
36F537E000
|
stack
|
page read and write
|
||
A7B000
|
stack
|
page read and write
|
||
1470000
|
heap
|
page read and write
|
||
7E4000
|
heap
|
page read and write
|
||
B90000
|
heap
|
page read and write
|
||
12B5000
|
heap
|
page read and write
|
||
839BAFD000
|
stack
|
page read and write
|
||
1126000
|
heap
|
page read and write
|
||
1A76FA25000
|
heap
|
page read and write
|
||
2E9000
|
stack
|
page read and write
|
||
279D000
|
stack
|
page read and write
|
||
D21000
|
heap
|
page read and write
|
||
1418000
|
heap
|
page read and write
|
||
21EE4350000
|
heap
|
page read and write
|
||
7FFA0AEE8000
|
unkown
|
page readonly
|
||
180000000
|
direct allocation
|
page read and write
|
||
1A790DEB000
|
heap
|
page read and write
|
||
1A790CE0000
|
heap
|
page read and write
|
||
18002B000
|
direct allocation
|
page readonly
|
||
1107000
|
heap
|
page read and write
|
||
6D0000
|
heap
|
page read and write
|
||
2C6E000
|
stack
|
page read and write
|
||
1418000
|
heap
|
page read and write
|
||
7FFA0AEE8000
|
unkown
|
page readonly
|
||
25E0000
|
trusted library allocation
|
page read and write
|
||
1418000
|
heap
|
page read and write
|
||
1A76F788000
|
heap
|
page read and write
|
||
18002C000
|
direct allocation
|
page read and write
|
||
1A76F75F000
|
heap
|
page read and write
|
||
CE7000
|
heap
|
page read and write
|
||
BB0000
|
heap
|
page read and write
|
||
2F50000
|
heap
|
page read and write
|
||
3F0000
|
remote allocation
|
page read and write
|
||
EEB000
|
stack
|
page read and write
|
||
21EE4510000
|
heap
|
page read and write
|
||
21D0000
|
heap
|
page read and write
|
||
D51000
|
heap
|
page read and write
|
||
1A76F74E000
|
heap
|
page read and write
|
||
7FFA0AF32000
|
unkown
|
page readonly
|
||
954F6FF000
|
stack
|
page read and write
|
||
1115000
|
heap
|
page read and write
|
||
21EE44E9000
|
heap
|
page read and write
|
||
140E000
|
stack
|
page read and write
|
||
21EE4512000
|
heap
|
page read and write
|
||
1A792830000
|
heap
|
page read and write
|
||
7FFA0AF35000
|
unkown
|
page readonly
|
||
7FFA0AEB0000
|
unkown
|
page readonly
|
||
2AC0000
|
heap
|
page read and write
|
||
7FFA0AF2E000
|
unkown
|
page read and write
|
||
2CD0000
|
heap
|
page read and write
|
||
1A76F970000
|
heap
|
page readonly
|
||
7FFA0AEB0000
|
unkown
|
page readonly
|
||
12BE000
|
heap
|
page read and write
|
||
12C6000
|
heap
|
page read and write
|
||
18002C000
|
direct allocation
|
page read and write
|
||
26D4000
|
heap
|
page read and write
|
||
72C000
|
heap
|
page read and write
|
||
AD0000
|
remote allocation
|
page read and write
|
||
1138000
|
heap
|
page read and write
|
||
2610000
|
heap
|
page read and write
|
||
7FD000
|
heap
|
page read and write
|
||
E00000
|
heap
|
page read and write
|
||
1440000
|
heap
|
page read and write
|
||
1A76F9B0000
|
trusted library allocation
|
page read and write
|
||
2620000
|
heap
|
page read and write
|
||
180000000
|
direct allocation
|
page read and write
|
||
7C8000
|
heap
|
page read and write
|
||
281B000
|
stack
|
page read and write
|
||
26C8000
|
heap
|
page read and write
|
||
3030000
|
heap
|
page read and write
|
||
D66000
|
heap
|
page read and write
|
||
1A792720000
|
heap
|
page read and write
|
||
12C7000
|
heap
|
page read and write
|
||
CED000
|
heap
|
page read and write
|
||
D56000
|
heap
|
page read and write
|
||
7FFA0AF37000
|
unkown
|
page readonly
|
||
1060000
|
direct allocation
|
page execute and read and write
|
||
1295000
|
heap
|
page read and write
|
||
CFE000
|
heap
|
page read and write
|
||
BD0000
|
heap
|
page read and write
|
||
F40000
|
heap
|
page read and write
|
||
115B000
|
heap
|
page read and write
|
||
1437000
|
heap
|
page read and write
|
||
1298000
|
heap
|
page read and write
|
||
7F5000
|
heap
|
page read and write
|
||
D37000
|
heap
|
page read and write
|
||
2CCF000
|
stack
|
page read and write
|
||
FE0000
|
heap
|
page read and write
|
||
D56000
|
heap
|
page read and write
|
||
CD5000
|
heap
|
page read and write
|
||
1350000
|
trusted library allocation
|
page read and write
|
||
1A790E12000
|
heap
|
page read and write
|
||
13E8000
|
heap
|
page read and write
|
||
CF4000
|
heap
|
page read and write
|
||
CED000
|
heap
|
page read and write
|
||
36F547B000
|
stack
|
page read and write
|
||
12E1000
|
heap
|
page read and write
|
||
CE7000
|
heap
|
page read and write
|
||
21EE462C000
|
heap
|
page read and write
|
||
6F0000
|
heap
|
page read and write
|
||
954F3DC000
|
stack
|
page read and write
|
||
A90000
|
remote allocation
|
page read and write
|
||
1418000
|
heap
|
page read and write
|
||
D37000
|
heap
|
page read and write
|
||
21EE6000000
|
trusted library allocation
|
page read and write
|
||
5180000
|
trusted library allocation
|
page read and write
|
||
D56000
|
heap
|
page read and write
|
||
620000
|
heap
|
page read and write
|
||
1200000
|
heap
|
page read and write
|
||
21EE44FF000
|
heap
|
page read and write
|
||
36F517F000
|
stack
|
page read and write
|
||
18002C000
|
direct allocation
|
page read and write
|
||
2EBE000
|
stack
|
page read and write
|
||
F45000
|
heap
|
page read and write
|
||
7FFA0AF32000
|
unkown
|
page readonly
|
||
1A76F730000
|
heap
|
page read and write
|
||
1A790DC3000
|
heap
|
page read and write
|
||
CAF000
|
heap
|
page read and write
|
||
1A76F768000
|
heap
|
page read and write
|
||
1A76F680000
|
heap
|
page read and write
|
||
2120000
|
heap
|
page read and write
|
||
12AF000
|
heap
|
page read and write
|
||
36F52FC000
|
stack
|
page read and write
|
||
CC7000
|
heap
|
page read and write
|
||
26D4000
|
heap
|
page read and write
|
||
26CC000
|
heap
|
page read and write
|
||
D00000
|
heap
|
page read and write
|
||
7F0000
|
heap
|
page read and write
|
||
53CE000
|
stack
|
page read and write
|
||
7FFA0AEB1000
|
unkown
|
page execute read
|
||
D56000
|
heap
|
page read and write
|
||
1220000
|
heap
|
page read and write
|
||
1A792850000
|
trusted library allocation
|
page read and write
|
||
18002B000
|
direct allocation
|
page readonly
|
||
CF9000
|
heap
|
page read and write
|
||
D6D000
|
heap
|
page read and write
|
||
1220000
|
heap
|
page read and write
|
||
1473000
|
heap
|
page read and write
|
||
D05000
|
heap
|
page read and write
|
||
18002C000
|
direct allocation
|
page read and write
|
||
FC0000
|
heap
|
page read and write
|
||
D06000
|
heap
|
page read and write
|
||
1A76F75D000
|
heap
|
page read and write
|
||
1A792850000
|
trusted library allocation
|
page read and write
|
||
2BE0000
|
heap
|
page read and write
|
||
CD7000
|
heap
|
page read and write
|
||
10A0000
|
heap
|
page read and write
|
||
D37000
|
heap
|
page read and write
|
||
1A790DDE000
|
heap
|
page read and write
|
||
7D0000
|
heap
|
page read and write
|
||
CC6000
|
heap
|
page read and write
|
||
1A790DD7000
|
heap
|
page read and write
|
||
339B000
|
stack
|
page read and write
|
||
26D4000
|
heap
|
page read and write
|
||
811000
|
heap
|
page read and write
|
||
1080000
|
trusted library allocation
|
page read and write
|
||
FF5000
|
heap
|
page read and write
|
||
180000000
|
direct allocation
|
page read and write
|
||
1A790E23000
|
heap
|
page read and write
|
||
2B60000
|
trusted library allocation
|
page read and write
|
||
2F99000
|
heap
|
page read and write
|
||
954F77F000
|
stack
|
page read and write
|
||
CAD000
|
heap
|
page read and write
|
||
D0A000
|
heap
|
page read and write
|
||
14D0000
|
heap
|
page read and write
|
||
1A790DE4000
|
heap
|
page read and write
|
||
CEF000
|
heap
|
page read and write
|
||
2D7F000
|
stack
|
page read and write
|
||
7B0000
|
heap
|
page read and write
|
||
21EE44B0000
|
heap
|
page read and write
|
||
D56000
|
heap
|
page read and write
|
||
112F000
|
heap
|
page read and write
|
||
D05000
|
heap
|
page read and write
|
||
811000
|
heap
|
page read and write
|
||
12B0000
|
heap
|
page read and write
|
||
121F000
|
stack
|
page read and write
|
||
25E0000
|
trusted library allocation
|
page read and write
|
||
1A790E12000
|
heap
|
page read and write
|
||
12E9000
|
heap
|
page read and write
|
||
7F5000
|
heap
|
page read and write
|
||
12C6000
|
heap
|
page read and write
|
||
7F6000
|
heap
|
page read and write
|
||
954F8FE000
|
stack
|
page read and write
|
||
D56000
|
heap
|
page read and write
|
||
26D4000
|
heap
|
page read and write
|
||
26DA000
|
heap
|
page read and write
|
||
53D0000
|
trusted library allocation
|
page read and write
|
||
145B000
|
heap
|
page read and write
|
||
21EE4539000
|
heap
|
page read and write
|
||
7FFA0AF2E000
|
unkown
|
page read and write
|
||
18002D000
|
direct allocation
|
page readonly
|
||
2718000
|
heap
|
page read and write
|
||
CC9000
|
heap
|
page read and write
|
||
1A76F710000
|
heap
|
page read and write
|
||
CC9000
|
heap
|
page read and write
|
||
1A7711D0000
|
heap
|
page read and write
|
||
CBF000
|
heap
|
page read and write
|
||
1107000
|
heap
|
page read and write
|
||
7FFA0AF2E000
|
unkown
|
page read and write
|
||
7FFA0AEB1000
|
unkown
|
page execute read
|
||
12B0000
|
heap
|
page read and write
|
||
5980000
|
heap
|
page read and write
|
||
1A790DBD000
|
heap
|
page read and write
|
||
2F00000
|
heap
|
page read and write
|
||
12B5000
|
heap
|
page read and write
|
||
7FFA0AF32000
|
unkown
|
page readonly
|
||
2F47000
|
stack
|
page read and write
|
||
1A790DF7000
|
heap
|
page read and write
|
||
F80000
|
heap
|
page read and write
|
||
7FFA0AEB1000
|
unkown
|
page execute read
|
||
7FFA0AF2E000
|
unkown
|
page read and write
|
||
18002B000
|
direct allocation
|
page readonly
|
||
CD0000
|
heap
|
page read and write
|
||
13E3000
|
heap
|
page read and write
|
||
CFD000
|
heap
|
page read and write
|
||
2ABF000
|
stack
|
page read and write
|
||
21EE5EF0000
|
heap
|
page readonly
|
||
1124000
|
heap
|
page read and write
|
||
7ED000
|
heap
|
page read and write
|
||
ABA000
|
stack
|
page read and write
|
||
21EE4700000
|
heap
|
page read and write
|
||
D56000
|
heap
|
page read and write
|
||
CC6000
|
heap
|
page read and write
|
||
CD0000
|
heap
|
page read and write
|
||
21EE454B000
|
heap
|
page read and write
|
||
7FFA0AEB1000
|
unkown
|
page execute read
|
||
2C60000
|
remote allocation
|
page read and write
|
||
26F8000
|
heap
|
page read and write
|
||
954F879000
|
stack
|
page read and write
|
||
18002D000
|
direct allocation
|
page readonly
|
||
FF0000
|
heap
|
page read and write
|
||
271C000
|
heap
|
page read and write
|
||
1A792E10000
|
heap
|
page read and write
|
||
2C5C000
|
stack
|
page read and write
|
||
12E1000
|
heap
|
page read and write
|
||
820000
|
heap
|
page read and write
|
||
18002C000
|
direct allocation
|
page read and write
|
||
7FFA0AEB0000
|
unkown
|
page readonly
|
||
D6D000
|
heap
|
page read and write
|
||
21EE5FE0000
|
heap
|
page read and write
|
||
CCE000
|
heap
|
page read and write
|
||
1418000
|
heap
|
page read and write
|
||
7FFA0AF35000
|
unkown
|
page readonly
|
||
1A76F6F0000
|
heap
|
page read and write
|
||
7FFA0AF32000
|
unkown
|
page readonly
|
||
1A76F74E000
|
heap
|
page read and write
|
||
2D6E000
|
stack
|
page read and write
|
||
A90000
|
remote allocation
|
page read and write
|
||
7FFA0AF37000
|
unkown
|
page readonly
|
||
D04000
|
heap
|
page read and write
|
||
D56000
|
heap
|
page read and write
|
||
805000
|
heap
|
page read and write
|
||
2680000
|
heap
|
page read and write
|
||
14D5000
|
heap
|
page read and write
|
||
2E4E000
|
stack
|
page read and write
|
||
1149000
|
heap
|
page read and write
|
||
21EE4527000
|
heap
|
page read and write
|
||
AD0000
|
remote allocation
|
page read and write
|
||
1A79274C000
|
heap
|
page read and write
|
||
7FFA0AEB0000
|
unkown
|
page readonly
|
||
821000
|
heap
|
page read and write
|
||
1A771420000
|
heap
|
page read and write
|
||
E40000
|
heap
|
page read and write
|
||
18002B000
|
direct allocation
|
page readonly
|
||
805000
|
heap
|
page read and write
|
||
1A790DE4000
|
heap
|
page read and write
|
||
725000
|
heap
|
page read and write
|
||
3C9000
|
stack
|
page read and write
|
||
7FFA0AF37000
|
unkown
|
page readonly
|
||
21EE4538000
|
heap
|
page read and write
|
||
EF9000
|
stack
|
page read and write
|
||
1A790D50000
|
heap
|
page read and write
|
||
D0C000
|
heap
|
page read and write
|
||
1A790DDE000
|
heap
|
page read and write
|
||
7FFA0AF32000
|
unkown
|
page readonly
|
||
D56000
|
heap
|
page read and write
|
||
20EE000
|
stack
|
page read and write
|
||
1A792995000
|
heap
|
page read and write
|
||
D37000
|
heap
|
page read and write
|
||
1118000
|
heap
|
page read and write
|
||
36F507C000
|
stack
|
page read and write
|
||
670000
|
heap
|
page read and write
|
||
21EE44E0000
|
heap
|
page read and write
|
||
D0A000
|
heap
|
page read and write
|
||
D21000
|
heap
|
page read and write
|
||
1A79274C000
|
heap
|
page read and write
|
||
2703000
|
heap
|
page read and write
|
||
7FD000
|
heap
|
page read and write
|
||
26A1000
|
heap
|
page read and write
|
||
2710000
|
heap
|
page read and write
|
||
180000000
|
direct allocation
|
page read and write
|
||
7FFA0AF35000
|
unkown
|
page readonly
|
||
CED000
|
heap
|
page read and write
|
||
839B7FE000
|
stack
|
page read and write
|
||
D04000
|
heap
|
page read and write
|
||
264C000
|
heap
|
page read and write
|
||
D6D000
|
heap
|
page read and write
|
||
EBB000
|
stack
|
page read and write
|
||
1A790DD7000
|
heap
|
page read and write
|
||
CBB000
|
heap
|
page read and write
|
||
18002D000
|
direct allocation
|
page readonly
|
||
2659000
|
heap
|
page read and write
|
||
7F5000
|
heap
|
page read and write
|
||
D04000
|
heap
|
page read and write
|
||
2F01000
|
heap
|
page read and write
|
||
2BDC000
|
stack
|
page read and write
|
||
18002D000
|
direct allocation
|
page readonly
|
||
1A790DEC000
|
heap
|
page read and write
|
||
1A76F757000
|
heap
|
page read and write
|
||
CBF000
|
heap
|
page read and write
|
||
D04000
|
heap
|
page read and write
|
||
1290000
|
heap
|
page read and write
|
||
7FFA0AF2E000
|
unkown
|
page read and write
|
||
1290000
|
heap
|
page read and write
|
||
D50000
|
heap
|
page read and write
|
||
7FFA0AEB0000
|
unkown
|
page readonly
|
||
36F5277000
|
stack
|
page read and write
|
||
18002D000
|
direct allocation
|
page readonly
|
||
675000
|
heap
|
page read and write
|
||
18002D000
|
direct allocation
|
page readonly
|
||
D37000
|
heap
|
page read and write
|
||
7FFA0AF37000
|
unkown
|
page readonly
|
||
7DF000
|
heap
|
page read and write
|
||
CD5000
|
heap
|
page read and write
|
||
CCE000
|
heap
|
page read and write
|
||
21EE4600000
|
heap
|
page read and write
|
||
CBE000
|
heap
|
page read and write
|
||
1449000
|
heap
|
page read and write
|
||
1A76F755000
|
heap
|
page read and write
|
||
CD7000
|
heap
|
page read and write
|
||
CCE000
|
heap
|
page read and write
|
||
CF0000
|
heap
|
page read and write
|
||
7FFA0AF35000
|
unkown
|
page readonly
|
||
C60000
|
direct allocation
|
page execute and read and write
|
||
7FFA0AEB0000
|
unkown
|
page readonly
|
||
2F28000
|
heap
|
page read and write
|
||
CFD000
|
heap
|
page read and write
|
||
12BE000
|
heap
|
page read and write
|
||
7FFA0AEE8000
|
unkown
|
page readonly
|
||
13B0000
|
heap
|
page read and write
|
||
1107000
|
heap
|
page read and write
|
||
1070000
|
heap
|
page readonly
|
||
CAD000
|
heap
|
page read and write
|
||
7FFA0AF32000
|
unkown
|
page readonly
|
||
839B3AC000
|
stack
|
page read and write
|
||
14DC000
|
heap
|
page read and write
|
||
36F50FE000
|
stack
|
page read and write
|
||
CED000
|
heap
|
page read and write
|
||
2CEC000
|
stack
|
page read and write
|
||
2123000
|
heap
|
page read and write
|
||
26D4000
|
heap
|
page read and write
|
||
720000
|
heap
|
page read and write
|
||
140A000
|
heap
|
page read and write
|
||
CFD000
|
heap
|
page read and write
|
||
1340000
|
heap
|
page readonly
|
||
D21000
|
heap
|
page read and write
|
||
CAD000
|
heap
|
page read and write
|
||
5AE0000
|
trusted library allocation
|
page read and write
|
||
1A76F75F000
|
heap
|
page read and write
|
||
1220000
|
trusted library allocation
|
page read and write
|
||
1A790DE5000
|
heap
|
page read and write
|
||
13FD000
|
heap
|
page read and write
|
||
26D4000
|
heap
|
page read and write
|
||
18002B000
|
direct allocation
|
page readonly
|
||
67C000
|
heap
|
page read and write
|
||
1107000
|
heap
|
page read and write
|
||
D05000
|
heap
|
page read and write
|
||
1A790DB0000
|
heap
|
page read and write
|
||
CED000
|
heap
|
page read and write
|
||
7F5000
|
heap
|
page read and write
|
||
CD7000
|
heap
|
page read and write
|
||
954F7FE000
|
stack
|
page read and write
|
||
2E3E000
|
stack
|
page read and write
|
||
1A76F788000
|
heap
|
page read and write
|
||
2E7D000
|
stack
|
page read and write
|
||
1436000
|
heap
|
page read and write
|
||
26C8000
|
heap
|
page read and write
|
||
10AB000
|
heap
|
page read and write
|
||
23A0000
|
heap
|
page read and write
|
||
CD8000
|
heap
|
page read and write
|
||
7FFA0AEB1000
|
unkown
|
page execute read
|
||
12A0000
|
direct allocation
|
page execute and read and write
|
||
D04000
|
heap
|
page read and write
|
||
C70000
|
heap
|
page readonly
|
||
2700000
|
heap
|
page read and write
|
||
230000
|
heap
|
page read and write
|
||
12C6000
|
heap
|
page read and write
|
||
10D0000
|
heap
|
page read and write
|
||
2ECD000
|
stack
|
page read and write
|
||
7FD000
|
heap
|
page read and write
|
||
7FFA0AF37000
|
unkown
|
page readonly
|
||
811000
|
heap
|
page read and write
|
||
CF4000
|
heap
|
page read and write
|
||
CF4000
|
heap
|
page read and write
|
||
80B000
|
heap
|
page read and write
|
||
CC6000
|
heap
|
page read and write
|
||
7F9000
|
heap
|
page read and write
|
||
1A76F960000
|
direct allocation
|
page execute and read and write
|
||
CF4000
|
heap
|
page read and write
|
||
790000
|
heap
|
page read and write
|
||
7FD000
|
heap
|
page read and write
|
||
331E000
|
stack
|
page read and write
|
||
F8C000
|
heap
|
page read and write
|
||
1429000
|
heap
|
page read and write
|
||
F20000
|
remote allocation
|
page read and write
|
||
1418000
|
heap
|
page read and write
|
||
21EE6000000
|
trusted library allocation
|
page read and write
|
||
26E0000
|
heap
|
page read and write
|
||
839B9F9000
|
stack
|
page read and write
|
||
7FFA0AEE8000
|
unkown
|
page readonly
|
||
1A792820000
|
direct allocation
|
page execute and read and write
|
||
D21000
|
heap
|
page read and write
|
||
180000000
|
direct allocation
|
page read and write
|
||
1A76F75D000
|
heap
|
page read and write
|
||
E30000
|
heap
|
page read and write
|
||
1430000
|
heap
|
page read and write
|
||
1A76FA20000
|
heap
|
page read and write
|
||
811000
|
heap
|
page read and write
|
||
1A790DD7000
|
heap
|
page read and write
|
||
CC9000
|
heap
|
page read and write
|
||
7FFA0AF35000
|
unkown
|
page readonly
|
||
12BE000
|
heap
|
page read and write
|
||
180000000
|
direct allocation
|
page read and write
|
||
CDF000
|
heap
|
page read and write
|
||
600000
|
heap
|
page read and write
|
||
7D8000
|
heap
|
page read and write
|
||
12BA000
|
heap
|
page read and write
|
||
3F0000
|
remote allocation
|
page read and write
|
||
D6D000
|
heap
|
page read and write
|
||
1138000
|
heap
|
page read and write
|
||
2EFF000
|
stack
|
page read and write
|
||
21EE44FF000
|
heap
|
page read and write
|
||
26CD000
|
heap
|
page read and write
|
||
2CE9000
|
stack
|
page read and write
|
||
2220000
|
heap
|
page read and write
|
||
36F53FE000
|
stack
|
page read and write
|
||
7FFA0AF2E000
|
unkown
|
page read and write
|
||
2C60000
|
remote allocation
|
page read and write
|
||
B70000
|
heap
|
page read and write
|
||
7C0000
|
heap
|
page read and write
|
||
CAE000
|
stack
|
page read and write
|
||
1350000
|
trusted library allocation
|
page read and write
|
||
7FFA0AEB1000
|
unkown
|
page execute read
|
||
1A792990000
|
heap
|
page read and write
|
||
F20000
|
remote allocation
|
page read and write
|
||
D07000
|
heap
|
page read and write
|
||
25F0000
|
trusted library allocation
|
page read and write
|
||
2F4F000
|
heap
|
page read and write
|
||
146C000
|
heap
|
page read and write
|
||
A00000
|
heap
|
page read and write
|
||
7FFA0AF37000
|
unkown
|
page readonly
|
||
D04000
|
heap
|
page read and write
|
||
2C60000
|
remote allocation
|
page read and write
|
||
7FFA0AEE8000
|
unkown
|
page readonly
|
||
12BE000
|
heap
|
page read and write
|
||
D37000
|
heap
|
page read and write
|
||
CC3000
|
heap
|
page read and write
|
||
1449000
|
heap
|
page read and write
|
||
2223000
|
heap
|
page read and write
|
||
D37000
|
heap
|
page read and write
|
||
CCC000
|
heap
|
page read and write
|
||
C80000
|
heap
|
page read and write
|
||
F85000
|
heap
|
page read and write
|
||
1107000
|
heap
|
page read and write
|
There are 522 hidden memdumps, click here to show them.