Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Po#70831.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\45408433256266381758956.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie
0xb, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-console-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-datetime-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-debug-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-errorhandling-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-file-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-file-l1-2-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-file-l2-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-handle-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-heap-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-interlocked-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-libraryloader-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-localization-l1-2-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-memory-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-namedpipe-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-processenvironment-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-processthreads-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-processthreads-l1-1-1.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-profile-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-rtlsupport-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-string-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-synch-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-synch-l1-2-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-sysinfo-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-timezone-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-core-util-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-conio-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-convert-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-environment-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-filesystem-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-heap-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-locale-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-math-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-multibyte-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-private-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-process-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-runtime-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-stdio-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-string-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-time-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\api-ms-win-crt-utility-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\freebl3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\mozglue.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\msvcp140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\nss3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\nssdbm3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\softokn3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\ucrtbase.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\B025A83F\vcruntime140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Lymnaeidae
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Okeghem
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\aut2BB3.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\aut2BE3.tmp
|
data
|
dropped
|
There are 44 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Po#70831.exe
|
"C:\Users\user\Desktop\Po#70831.exe"
|
|
|
|
C:\Windows\SysWOW64\svchost.exe
|
"C:\Users\user\Desktop\Po#70831.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "svchost.exe"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\timeout.exe
|
C:\Windows\system32\timeout.exe 3
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://ln6b9.shop/LN341/index.php
|
172.67.128.117
|
|
|
|
http://www.mozilla.com/en-US/blocklist/
|
unknown
|
||
|
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
|
http://ln6b9.shop/LN341/index.phpA
|
unknown
|
||
|
http://ocsp.thawte.com0
|
unknown
|
||
|
http://ip-api.com/json
|
unknown
|
||
|
http://www.mozilla.com0
|
unknown
|
||
|
https://dotbit.me/a/
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ln6b9.shop
|
172.67.128.117
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.67.128.117
|
ln6b9.shop
|
United States
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4DA0000
|
direct allocation
|
page read and write
|
|
|
|
4DC0000
|
direct allocation
|
page read and write
|
|
|
|
400000
|
system
|
page execute and read and write
|
|
|
|
67AC000
|
direct allocation
|
page read and write
|
|
|
|
36E0000
|
direct allocation
|
page read and write
|
|
|
|
3D7D000
|
direct allocation
|
page read and write
|
||
|
12E8000
|
heap
|
page read and write
|
||
|
3289000
|
heap
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
123C000
|
heap
|
page read and write
|
||
|
4DB0000
|
direct allocation
|
page read and write
|
||
|
3760000
|
heap
|
page read and write
|
||
|
27E3000
|
heap
|
page read and write
|
||
|
5690000
|
direct allocation
|
page read and write
|
||
|
4DA4000
|
direct allocation
|
page read and write
|
||
|
326E000
|
heap
|
page read and write
|
||
|
2ABF000
|
stack
|
page read and write
|
||
|
5700000
|
direct allocation
|
page read and write
|
||
|
5BC0000
|
direct allocation
|
page read and write
|
||
|
1473000
|
heap
|
page read and write
|
||
|
11F8000
|
heap
|
page read and write
|
||
|
27C0000
|
heap
|
page read and write
|
||
|
11AC000
|
heap
|
page read and write
|
||
|
5890000
|
direct allocation
|
page read and write
|
||
|
4DA4000
|
direct allocation
|
page read and write
|
||
|
3231000
|
heap
|
page read and write
|
||
|
12D6000
|
heap
|
page read and write
|
||
|
3DEE000
|
direct allocation
|
page read and write
|
||
|
4DB0000
|
direct allocation
|
page read and write
|
||
|
3DEE000
|
direct allocation
|
page read and write
|
||
|
4DC8000
|
direct allocation
|
page read and write
|
||
|
1473000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
59A0000
|
direct allocation
|
page read and write
|
||
|
3289000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
132B000
|
heap
|
page read and write
|
||
|
4DA4000
|
direct allocation
|
page read and write
|
||
|
4E24000
|
direct allocation
|
page read and write
|
||
|
1217000
|
heap
|
page read and write
|
||
|
5A50000
|
direct allocation
|
page read and write
|
||
|
1170000
|
heap
|
page read and write
|
||
|
9FD000
|
stack
|
page read and write
|
||
|
137A000
|
heap
|
page read and write
|
||
|
55C000
|
unkown
|
page read and write
|
||
|
3301000
|
heap
|
page read and write
|
||
|
4DF8000
|
direct allocation
|
page read and write
|
||
|
566B000
|
stack
|
page read and write
|
||
|
3289000
|
heap
|
page read and write
|
||
|
5740000
|
direct allocation
|
page read and write
|
||
|
3270000
|
heap
|
page read and write
|
||
|
59F0000
|
direct allocation
|
page read and write
|
||
|
59C0000
|
direct allocation
|
page read and write
|
||
|
3AB0000
|
direct allocation
|
page read and write
|
||
|
1271000
|
heap
|
page read and write
|
||
|
326C000
|
heap
|
page read and write
|
||
|
4E68000
|
direct allocation
|
page read and write
|
||
|
ACB000
|
stack
|
page read and write
|
||
|
1178000
|
heap
|
page read and write
|
||
|
345E000
|
stack
|
page read and write
|
||
|
3AB0000
|
direct allocation
|
page read and write
|
||
|
235E000
|
unkown
|
page read and write
|
||
|
58C000
|
unkown
|
page readonly
|
||
|
5890000
|
direct allocation
|
page read and write
|
||
|
3212000
|
heap
|
page read and write
|
||
|
4DA8000
|
direct allocation
|
page read and write
|
||
|
326C000
|
heap
|
page read and write
|
||
|
3D79000
|
direct allocation
|
page read and write
|
||
|
2FEE000
|
stack
|
page read and write
|
||
|
13D000
|
stack
|
page read and write
|
||
|
3BD3000
|
direct allocation
|
page read and write
|
||
|
4DA4000
|
direct allocation
|
page read and write
|
||
|
5A3F000
|
stack
|
page read and write
|
||
|
29BE000
|
unkown
|
page read and write
|
||
|
14BD000
|
heap
|
page read and write
|
||
|
5690000
|
direct allocation
|
page read and write
|
||
|
57B8000
|
direct allocation
|
page read and write
|
||
|
5790000
|
direct allocation
|
page read and write
|
||
|
FBE000
|
stack
|
page read and write
|
||
|
13E9000
|
heap
|
page read and write
|
||
|
5A40000
|
trusted library allocation
|
page read and write
|
||
|
67A8000
|
direct allocation
|
page read and write
|
||
|
B0B000
|
stack
|
page read and write
|
||
|
3289000
|
heap
|
page read and write
|
||
|
578000
|
unkown
|
page readonly
|
||
|
5690000
|
direct allocation
|
page read and write
|
||
|
4DA4000
|
direct allocation
|
page read and write
|
||
|
4DA4000
|
direct allocation
|
page read and write
|
||
|
552000
|
unkown
|
page readonly
|
||
|
326A000
|
heap
|
page read and write
|
||
|
5690000
|
direct allocation
|
page read and write
|
||
|
3299000
|
heap
|
page read and write
|
||
|
564000
|
unkown
|
page readonly
|
||
|
326A000
|
heap
|
page read and write
|
||
|
E4D000
|
stack
|
page read and write
|
||
|
4DA8000
|
direct allocation
|
page read and write
|
||
|
4E74000
|
direct allocation
|
page read and write
|
||
|
326C000
|
heap
|
page read and write
|
||
|
3285000
|
heap
|
page read and write
|
||
|
3BD3000
|
direct allocation
|
page read and write
|
||
|
27E4000
|
heap
|
page read and write
|
||
|
5A50000
|
direct allocation
|
page read and write
|
||
|
5968000
|
direct allocation
|
page read and write
|
||
|
4DA4000
|
direct allocation
|
page read and write
|
||
|
329B000
|
heap
|
page read and write
|
||
|
326A000
|
heap
|
page read and write
|
||
|
326C000
|
heap
|
page read and write
|
||
|
3DEE000
|
direct allocation
|
page read and write
|
||
|
56A0000
|
direct allocation
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
326C000
|
heap
|
page read and write
|
||
|
1305000
|
heap
|
page read and write
|
||
|
3C50000
|
direct allocation
|
page read and write
|
||
|
3BD3000
|
direct allocation
|
page read and write
|
||
|
326D000
|
heap
|
page read and write
|
||
|
3AB0000
|
direct allocation
|
page read and write
|
||
|
149D000
|
heap
|
page read and write
|
||
|
593E000
|
stack
|
page read and write
|
||
|
3C50000
|
direct allocation
|
page read and write
|
||
|
57C0000
|
direct allocation
|
page read and write
|
||
|
4DB0000
|
direct allocation
|
page read and write
|
||
|
239E000
|
stack
|
page read and write
|
||
|
196E000
|
stack
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
5AD0000
|
direct allocation
|
page read and write
|
||
|
560000
|
unkown
|
page write copy
|
||
|
3241000
|
heap
|
page read and write
|
||
|
4DDC000
|
direct allocation
|
page read and write
|
||
|
541C000
|
stack
|
page read and write
|
||
|
556C000
|
stack
|
page read and write
|
||
|
58A4000
|
direct allocation
|
page read and write
|
||
|
4E08000
|
direct allocation
|
page read and write
|
||
|
3D79000
|
direct allocation
|
page read and write
|
||
|
4DA4000
|
direct allocation
|
page read and write
|
||
|
4DA8000
|
direct allocation
|
page read and write
|
||
|
1483000
|
heap
|
page read and write
|
||
|
BA0000
|
heap
|
page readonly
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
12B7000
|
heap
|
page read and write
|
||
|
326C000
|
heap
|
page read and write
|
||
|
6460000
|
direct allocation
|
page read and write
|
||
|
491000
|
unkown
|
page execute read
|
||
|
5690000
|
direct allocation
|
page read and write
|
||
|
13B2000
|
heap
|
page read and write
|
||
|
3002000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
FCE000
|
stack
|
page read and write
|
||
|
1217000
|
heap
|
page read and write
|
||
|
5690000
|
direct allocation
|
page read and write
|
||
|
123C000
|
heap
|
page read and write
|
||
|
58F0000
|
direct allocation
|
page read and write
|
||
|
58C000
|
unkown
|
page readonly
|
||
|
123B000
|
heap
|
page read and write
|
||
|
1E10000
|
heap
|
page read and write
|
||
|
5AD4000
|
direct allocation
|
page read and write
|
||
|
32C4000
|
heap
|
page read and write
|
||
|
3D79000
|
direct allocation
|
page read and write
|
||
|
12A8000
|
heap
|
page read and write
|
||
|
11A2000
|
heap
|
page read and write
|
||
|
4DB4000
|
direct allocation
|
page read and write
|
||
|
580E000
|
direct allocation
|
page read and write
|
||
|
4DAC000
|
direct allocation
|
page read and write
|
||
|
3320000
|
heap
|
page read and write
|
||
|
27E6000
|
heap
|
page read and write
|
||
|
331F000
|
stack
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
2F3C000
|
stack
|
page read and write
|
||
|
4DB4000
|
direct allocation
|
page read and write
|
||
|
4DBC000
|
direct allocation
|
page read and write
|
||
|
3C50000
|
direct allocation
|
page read and write
|
||
|
1E20000
|
heap
|
page read and write
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
4DC0000
|
direct allocation
|
page read and write
|
||
|
6010000
|
direct allocation
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
490000
|
unkown
|
page readonly
|
||
|
59F0000
|
direct allocation
|
page read and write
|
||
|
34FE000
|
stack
|
page read and write
|
||
|
4DA4000
|
direct allocation
|
page read and write
|
||
|
4DC0000
|
direct allocation
|
page read and write
|
||
|
4DA4000
|
direct allocation
|
page read and write
|
||
|
3D7D000
|
direct allocation
|
page read and write
|
||
|
58E0000
|
direct allocation
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
4DD0000
|
direct allocation
|
page read and write
|
||
|
5800000
|
direct allocation
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
3AB0000
|
direct allocation
|
page read and write
|
||
|
329B000
|
heap
|
page read and write
|
||
|
3277000
|
heap
|
page read and write
|
||
|
4DE0000
|
direct allocation
|
page read and write
|
||
|
326E000
|
heap
|
page read and write
|
||
|
4DA4000
|
direct allocation
|
page read and write
|
||
|
52C000
|
unkown
|
page readonly
|
||
|
11B1000
|
heap
|
page read and write
|
||
|
57F8000
|
direct allocation
|
page read and write
|
||
|
3328000
|
heap
|
page read and write
|
||
|
325F000
|
heap
|
page read and write
|
||
|
BEE000
|
stack
|
page read and write
|
||
|
349F000
|
stack
|
page read and write
|
||
|
27C7000
|
heap
|
page read and write
|
||
|
6CFC000
|
stack
|
page read and write
|
||
|
55C000
|
unkown
|
page write copy
|
||
|
4DD0000
|
direct allocation
|
page read and write
|
||
|
326A000
|
heap
|
page read and write
|
||
|
326C000
|
heap
|
page read and write
|
||
|
326A000
|
heap
|
page read and write
|
||
|
2790000
|
heap
|
page read and write
|
||
|
23B0000
|
heap
|
page read and write
|
||
|
69DB000
|
stack
|
page read and write
|
||
|
490000
|
unkown
|
page readonly
|
||
|
231D000
|
stack
|
page read and write
|
||
|
141A000
|
heap
|
page read and write
|
||
|
3D79000
|
direct allocation
|
page read and write
|
||
|
56C000
|
unkown
|
page readonly
|
||
|
3DEE000
|
direct allocation
|
page read and write
|
||
|
5690000
|
direct allocation
|
page read and write
|
||
|
11F8000
|
heap
|
page read and write
|
||
|
52DF000
|
stack
|
page read and write
|
||
|
53DD000
|
stack
|
page read and write
|
||
|
110E000
|
stack
|
page read and write
|
||
|
552000
|
unkown
|
page readonly
|
||
|
4DC4000
|
direct allocation
|
page read and write
|
||
|
123D000
|
heap
|
page read and write
|
||
|
58A4000
|
direct allocation
|
page read and write
|
||
|
134A000
|
heap
|
page read and write
|
||
|
3000000
|
heap
|
page read and write
|
||
|
3D7D000
|
direct allocation
|
page read and write
|
||
|
4D9E000
|
stack
|
page read and write
|
||
|
4E08000
|
direct allocation
|
page read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
3DEE000
|
direct allocation
|
page read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
3BD3000
|
direct allocation
|
page read and write
|
||
|
5690000
|
heap
|
page read and write
|
||
|
3C50000
|
direct allocation
|
page read and write
|
||
|
3248000
|
heap
|
page read and write
|
||
|
3AB0000
|
direct allocation
|
page read and write
|
||
|
4DD0000
|
direct allocation
|
page read and write
|
||
|
3DEE000
|
direct allocation
|
page read and write
|
||
|
323D000
|
heap
|
page read and write
|
||
|
52C000
|
unkown
|
page readonly
|
||
|
4DA4000
|
direct allocation
|
page read and write
|
||
|
3764000
|
heap
|
page read and write
|
||
|
491000
|
unkown
|
page execute read
|
||
|
3BD3000
|
direct allocation
|
page read and write
|
||
|
5904000
|
direct allocation
|
page read and write
|
||
|
133E000
|
heap
|
page read and write
|
||
|
AFA000
|
stack
|
page read and write
|
||
|
4DA4000
|
direct allocation
|
page read and write
|
||
|
3D7D000
|
direct allocation
|
page read and write
|
||
|
3D79000
|
direct allocation
|
page read and write
|
||
|
3C50000
|
direct allocation
|
page read and write
|
||
|
564000
|
unkown
|
page readonly
|
||
|
57E0000
|
direct allocation
|
page read and write
|
||
|
3293000
|
heap
|
page read and write
|
||
|
13C6000
|
heap
|
page read and write
|
||
|
3289000
|
heap
|
page read and write
|
||
|
551C000
|
stack
|
page read and write
|
||
|
1454000
|
heap
|
page read and write
|
||
|
4DA4000
|
direct allocation
|
page read and write
|
||
|
1252000
|
heap
|
page read and write
|
||
|
5960000
|
direct allocation
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
4CD0000
|
heap
|
page read and write
|
||
|
5798000
|
direct allocation
|
page read and write
|
||
|
326A000
|
heap
|
page read and write
|
||
|
3D79000
|
direct allocation
|
page read and write
|
||
|
58F4000
|
direct allocation
|
page read and write
|
||
|
11DB000
|
heap
|
page read and write
|
||
|
14AC000
|
heap
|
page read and write
|
||
|
3312000
|
heap
|
page read and write
|
||
|
4E88000
|
direct allocation
|
page read and write
|
||
|
3BD3000
|
direct allocation
|
page read and write
|
||
|
326C000
|
heap
|
page read and write
|
||
|
3279000
|
heap
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
2F9E000
|
stack
|
page read and write
|
||
|
4DE0000
|
direct allocation
|
page read and write
|
||
|
2FDE000
|
stack
|
page read and write
|
||
|
2EFC000
|
stack
|
page read and write
|
||
|
36D0000
|
direct allocation
|
page execute and read and write
|
||
|
1110000
|
heap
|
page read and write
|
||
|
326A000
|
heap
|
page read and write
|
||
|
326E000
|
heap
|
page read and write
|
||
|
4DB0000
|
direct allocation
|
page read and write
|
||
|
6A01000
|
heap
|
page read and write
|
||
|
5812000
|
direct allocation
|
page read and write
|
||
|
1D6E000
|
stack
|
page read and write
|
||
|
3AB0000
|
direct allocation
|
page read and write
|
||
|
FFF000
|
stack
|
page read and write
|
||
|
56C000
|
unkown
|
page readonly
|
||
|
FDB000
|
stack
|
page read and write
|
||
|
3D7D000
|
direct allocation
|
page read and write
|
||
|
4DBC000
|
direct allocation
|
page read and write
|
||
|
3D7D000
|
direct allocation
|
page read and write
|
||
|
57E8000
|
direct allocation
|
page read and write
|
||
|
326F000
|
heap
|
page read and write
|
||
|
94A000
|
stack
|
page read and write
|
||
|
11B1000
|
heap
|
page read and write
|
||
|
578000
|
unkown
|
page readonly
|
||
|
11C0000
|
heap
|
page read and write
|
||
|
FEF000
|
stack
|
page read and write
|
||
|
4DC4000
|
direct allocation
|
page read and write
|
||
|
3C50000
|
direct allocation
|
page read and write
|
||
|
5778000
|
direct allocation
|
page read and write
|
||
|
4DB0000
|
direct allocation
|
page read and write
|
||
|
149F000
|
heap
|
page read and write
|
There are 299 hidden memdumps, click here to show them.