Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Eclipse IO Library 9.27.43\Eclipse IO Library 9.27.43.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Gerda Play3 SE\is-56VFF.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gerda Play3 SE\is-UM35I.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gerda Play3 SE\is-VU6L0.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gerda Play3 SE\libeay32.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gerda Play3 SE\libssl-1_1.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gerda Play3 SE\ssleay32.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gerda Play3 SE\uninstall\is-UKL5U.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gerda Play3 SE\uninstall\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-42905.tmp\SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-ET52T.tmp\_isetup\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\ec927it43.dat
|
data
|
dropped
|
||
|
C:\ProgramData\ec927rc43.dat
|
data
|
dropped
|
||
|
C:\ProgramData\ec927resa.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\ec927resb.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Gerda Play3 SE\Qt5OpenGL.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Gerda Play3 SE\is-398M1.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Gerda Play3 SE\is-9T8RA.tmp
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Gerda Play3 SE\is-I2BMO.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Gerda Play3 SE\is-VF024.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Gerda Play3 SE\msvcp71.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Gerda Play3 SE\msvcr71.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Gerda Play3 SE\uninstall\unins000.dat
|
InnoSetup Log Gerda Play3 SE, version 0x30, 4467 bytes, 258555\user, "C:\Users\user\AppData\Local\Gerda Play3 SE"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-ET52T.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-ET52T.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
There are 17 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe
|
"C:\Users\user\AppData\Local\Gerda Play3 SE\gerdaplay3se32_64.exe" -i
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.exe"
|
||
|
C:\Users\user\AppData\Local\Temp\is-42905.tmp\SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.tmp
|
"C:\Users\user\AppData\Local\Temp\is-42905.tmp\SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.tmp" /SL5="$10434,2865995,56832,C:\Users\user\Desktop\SecuriteInfo.com.Gen.Heur.Munp.1.11072.7602.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://heketoh.net/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c440db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf815c7ed939f3c
|
45.155.250.128
|
|
|
|
http://heketoh.net/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8908e4a865a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed929e3ccf699311
|
45.155.250.128
|
|
|
|
heketoh.net
|
|
||
|
http://bngrkdw.com/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c440db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf815c7ed939f3c
|
185.196.8.214
|
|
|
|
http://www.innosetup.com/
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
http://repository.certum.pl/ctnca.cer09
|
unknown
|
||
|
http://repository.certum.pl/cscasha2.cer0
|
unknown
|
||
|
http://45.155.250.128/
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
http://crl.certum.pl/ctnca.crl0k
|
unknown
|
||
|
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
|
unknown
|
||
|
http://ocsp.thawte.com0
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
|
unknown
|
||
|
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
|
unknown
|
||
|
http://45.155.250.128/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8908e
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
|
unknown
|
||
|
https://www.certum.pl/CPS0
|
unknown
|
||
|
http://crl.certum.pl/cscasha2.crl0q
|
unknown
|
||
|
http://cscasha2.ocsp-certum.com04
|
unknown
|
||
|
http://www.openssl.org/support/faq.html
|
unknown
|
||
|
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
|
unknown
|
||
|
http://www.remobjects.com/psU
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
|
unknown
|
||
|
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
|
http://acritum.com/ocb/
|
unknown
|
||
|
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
|
unknown
|
||
|
http://subca.ocsp-certum.com01
|
unknown
|
||
|
https://www.openssl.org/H
|
unknown
|
||
|
http://45.155.250.128/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df
|
unknown
|
||
|
http://www.remobjects.com/ps
|
unknown
|
||
|
http://185.196.8.214/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df1
|
unknown
|
||
|
http://www.openssl.org/f
|
unknown
|
||
|
http://www.certum.pl/CPS0
|
unknown
|
There are 25 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
heketoh.net
|
45.155.250.128
|
|
|
|
bngrkdw.com
|
185.196.8.214
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.155.250.128
|
heketoh.net
|
Germany
|
|
|
|
185.196.8.214
|
bngrkdw.com
|
Switzerland
|
|
|
|
195.154.173.35
|
unknown
|
France
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFiles0000
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFilesHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gerda Play3 SE_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gerda Play3 SE_is1
|
Inno Setup: App Path
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gerda Play3 SE_is1
|
InstallLocation
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gerda Play3 SE_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gerda Play3 SE_is1
|
Inno Setup: User
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gerda Play3 SE_is1
|
Inno Setup: Language
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gerda Play3 SE_is1
|
DisplayName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gerda Play3 SE_is1
|
UninstallString
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gerda Play3 SE_is1
|
QuietUninstallString
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gerda Play3 SE_is1
|
NoModify
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gerda Play3 SE_is1
|
NoRepair
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gerda Play3 SE_is1
|
InstallDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gerda Play3 SE_is1
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\LargeTour
|
eclipse_io_library_i43_3
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2B69000
|
heap
|
page read and write
|
|
|
|
2C11000
|
direct allocation
|
page execute and read and write
|
|
|
|
58F0000
|
heap
|
page read and write
|
||
|
5BA5000
|
direct allocation
|
page read and write
|
||
|
24B0000
|
heap
|
page read and write
|
||
|
A48000
|
heap
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
5B85000
|
direct allocation
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
59F0000
|
direct allocation
|
page read and write
|
||
|
24A0000
|
direct allocation
|
page read and write
|
||
|
2EFE000
|
stack
|
page read and write
|
||
|
8E8000
|
heap
|
page read and write
|
||
|
2328000
|
direct allocation
|
page read and write
|
||
|
5BA9000
|
direct allocation
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
7AE000
|
stack
|
page read and write
|
||
|
34C8000
|
heap
|
page read and write
|
||
|
3407000
|
heap
|
page read and write
|
||
|
2710000
|
heap
|
page read and write
|
||
|
888000
|
heap
|
page read and write
|
||
|
685000
|
heap
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
24A0000
|
direct allocation
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
353E000
|
stack
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
49A000
|
unkown
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
268D000
|
heap
|
page read and write
|
||
|
33BE000
|
stack
|
page read and write
|
||
|
935000
|
heap
|
page read and write
|
||
|
5B97000
|
direct allocation
|
page read and write
|
||
|
581000
|
unkown
|
page execute and write copy
|
||
|
685000
|
heap
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
20F4000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2388000
|
direct allocation
|
page read and write
|
||
|
5B91000
|
direct allocation
|
page read and write
|
||
|
2330000
|
direct allocation
|
page read and write
|
||
|
8DB000
|
heap
|
page read and write
|
||
|
2350000
|
direct allocation
|
page read and write
|
||
|
2338000
|
direct allocation
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
24B9000
|
heap
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
34CF000
|
stack
|
page read and write
|
||
|
33CE000
|
stack
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
28F0000
|
trusted library allocation
|
page read and write
|
||
|
317E000
|
stack
|
page read and write
|
||
|
21B8000
|
direct allocation
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
630000
|
unkown
|
page write copy
|
||
|
9C000
|
stack
|
page read and write
|
||
|
5B83000
|
direct allocation
|
page read and write
|
||
|
597000
|
unkown
|
page execute and write copy
|
||
|
367E000
|
stack
|
page read and write
|
||
|
7C0000
|
direct allocation
|
page execute and read and write
|
||
|
5A9000
|
unkown
|
page execute and write copy
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
59B000
|
unkown
|
page execute and write copy
|
||
|
411000
|
unkown
|
page readonly
|
||
|
684000
|
heap
|
page read and write
|
||
|
3400000
|
heap
|
page read and write
|
||
|
95D000
|
stack
|
page read and write
|
||
|
B35000
|
heap
|
page read and write
|
||
|
593000
|
unkown
|
page execute and write copy
|
||
|
57F0000
|
trusted library allocation
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
4AC000
|
unkown
|
page readonly
|
||
|
26BF000
|
heap
|
page read and write
|
||
|
5B87000
|
direct allocation
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
2FFF000
|
stack
|
page read and write
|
||
|
5A3000
|
unkown
|
page execute and write copy
|
||
|
D60000
|
heap
|
page read and write
|
||
|
338F000
|
stack
|
page read and write
|
||
|
313F000
|
stack
|
page read and write
|
||
|
2DBB000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
CFE000
|
stack
|
page read and write
|
||
|
24B5000
|
heap
|
page read and write
|
||
|
26BC000
|
stack
|
page read and write
|
||
|
3230000
|
direct allocation
|
page read and write
|
||
|
2521000
|
heap
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
632000
|
unkown
|
page write copy
|
||
|
49A000
|
unkown
|
page write copy
|
||
|
5B99000
|
direct allocation
|
page read and write
|
||
|
5C32000
|
direct allocation
|
page read and write
|
||
|
34C0000
|
heap
|
page read and write
|
||
|
3780000
|
heap
|
page read and write
|
||
|
960000
|
direct allocation
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
3403000
|
heap
|
page read and write
|
||
|
B1B000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
591000
|
unkown
|
page execute and write copy
|
||
|
3438000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page read and write
|
||
|
32BE000
|
stack
|
page read and write
|
||
|
58F1000
|
heap
|
page read and write
|
||
|
347C000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
2108000
|
direct allocation
|
page read and write
|
||
|
685000
|
heap
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
A40000
|
heap
|
page read and write
|
||
|
599000
|
unkown
|
page execute and write copy
|
||
|
400000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
401000
|
unkown
|
page execute read
|
||
|
5870000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
5870000
|
heap
|
page read and write
|
||
|
89C000
|
heap
|
page read and write
|
||
|
238C000
|
direct allocation
|
page read and write
|
||
|
5870000
|
heap
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
5B9F000
|
direct allocation
|
page read and write
|
||
|
2352000
|
direct allocation
|
page read and write
|
||
|
935000
|
heap
|
page read and write
|
||
|
8DB000
|
heap
|
page read and write
|
||
|
37C2000
|
heap
|
page read and write
|
||
|
49E000
|
unkown
|
page write copy
|
||
|
8E3000
|
heap
|
page read and write
|
||
|
583000
|
unkown
|
page execute and write copy
|
||
|
684000
|
heap
|
page read and write
|
||
|
59F000
|
unkown
|
page execute and write copy
|
||
|
830000
|
direct allocation
|
page read and write
|
||
|
8E3000
|
heap
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
20F0000
|
direct allocation
|
page read and write
|
||
|
18E000
|
stack
|
page read and write
|
||
|
2101000
|
direct allocation
|
page read and write
|
||
|
2320000
|
direct allocation
|
page read and write
|
||
|
62C000
|
unkown
|
page readonly
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
498000
|
heap
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
10002000
|
unkown
|
page readonly
|
||
|
2C4A000
|
direct allocation
|
page execute and read and write
|
||
|
2330000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
20E0000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page execute and read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
8C9000
|
heap
|
page read and write
|
||
|
AEF000
|
heap
|
page read and write
|
||
|
92F000
|
heap
|
page read and write
|
||
|
57F0000
|
heap
|
page read and write
|
||
|
5B9B000
|
direct allocation
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
8CB000
|
heap
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
8DB000
|
heap
|
page read and write
|
||
|
5BA3000
|
direct allocation
|
page read and write
|
||
|
842000
|
direct allocation
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
3230000
|
direct allocation
|
page read and write
|
||
|
5870000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute and write copy
|
||
|
684000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page write copy
|
||
|
5B93000
|
direct allocation
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
5A5000
|
unkown
|
page execute and write copy
|
||
|
400000
|
unkown
|
page readonly
|
||
|
232C000
|
direct allocation
|
page read and write
|
||
|
5AB000
|
unkown
|
page execute and write copy
|
||
|
587000
|
unkown
|
page execute and write copy
|
||
|
585000
|
unkown
|
page execute and write copy
|
||
|
8E8000
|
heap
|
page read and write
|
||
|
2327000
|
direct allocation
|
page read and write
|
||
|
5BAB000
|
direct allocation
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
303E000
|
stack
|
page read and write
|
||
|
5B81000
|
direct allocation
|
page read and write
|
||
|
328E000
|
stack
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
327F000
|
stack
|
page read and write
|
||
|
49C000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
5870000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
19D000
|
stack
|
page read and write
|
||
|
2338000
|
direct allocation
|
page read and write
|
||
|
AF5000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
684000
|
heap
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
5A00000
|
direct allocation
|
page read and write
|
||
|
89A000
|
heap
|
page read and write
|
||
|
2720000
|
heap
|
page read and write
|
||
|
4A5000
|
heap
|
page read and write
|
||
|
2B5F000
|
stack
|
page read and write
|
||
|
7D4000
|
heap
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
377F000
|
stack
|
page read and write
|
||
|
411000
|
unkown
|
page readonly
|
||
|
A10000
|
heap
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
636000
|
unkown
|
page readonly
|
||
|
363F000
|
stack
|
page read and write
|
||
|
4AC000
|
unkown
|
page readonly
|
||
|
684000
|
heap
|
page read and write
|
||
|
2101000
|
direct allocation
|
page read and write
|
||
|
49B000
|
unkown
|
page write copy
|
There are 212 hidden memdumps, click here to show them.