Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Edrax Smart Maker 9.28.43\Edrax Smart Maker 9.28.43.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Play Glock\is-F9BNG.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Play Glock\is-GF0FM.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Play Glock\is-RLF2N.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Play Glock\libeay32.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Play Glock\libssl-1_1.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Play Glock\playglock.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Play Glock\ssleay32.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Play Glock\uninstall\is-AD0QP.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Play Glock\uninstall\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-NOUJM.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-OIG3T.tmp\_isetup\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\ed928it43.dat
|
Non-ISO extended-ASCII text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\ed928rc43.dat
|
data
|
dropped
|
||
|
C:\ProgramData\ed928resa.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\ed928resb.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Play Glock\Qt5OpenGL.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Play Glock\is-4JU3B.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Play Glock\is-BEBPU.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Play Glock\is-E31ID.tmp
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Play Glock\is-HQ21L.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Play Glock\msvcp71.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Play Glock\msvcr71.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Play Glock\uninstall\unins000.dat
|
InnoSetup Log Play Glock, version 0x30, 4401 bytes, 549163\user, "C:\Users\user\AppData\Local\Play Glock"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-OIG3T.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-OIG3T.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
There are 17 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.exe"
|
|
|
|
C:\Users\user\AppData\Local\Play Glock\playglock.exe
|
"C:\Users\user\AppData\Local\Play Glock\playglock.exe" -i
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-NOUJM.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.tmp
|
"C:\Users\user\AppData\Local\Temp\is-NOUJM.tmp\SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.tmp" /SL5="$2046A,2942017,56832,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.31282.17969.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://ddbnoae.info/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c440db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf814c0e7969c3a
|
185.208.158.248
|
|
|
|
ddbnoae.info
|
|
||
|
http://ddbnoae.info/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8908e4a865a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed929f3bc56c9017
|
185.208.158.248
|
|
|
|
http://www.innosetup.com/
|
unknown
|
||
|
http://185.208.158.248/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
http://repository.certum.pl/ctnca.cer09
|
unknown
|
||
|
http://185.208.158.248/search/?q=67e28ddr
|
unknown
|
||
|
http://repository.certum.pl/cscasha2.cer0
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
http://185.208.158.248/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82d
|
unknown
|
||
|
http://crl.certum.pl/ctnca.crl0k
|
unknown
|
||
|
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
|
unknown
|
||
|
http://ocsp.thawte.com0
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
|
unknown
|
||
|
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
|
unknown
|
||
|
https://www.certum.pl/CPS0
|
unknown
|
||
|
http://crl.certum.pl/cscasha2.crl0q
|
unknown
|
||
|
http://185.208.158.248/search/?q
|
unknown
|
||
|
http://185.208.158.248/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd8
|
unknown
|
||
|
http://cscasha2.ocsp-certum.com04
|
unknown
|
||
|
http://www.openssl.org/support/faq.html
|
unknown
|
||
|
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
|
unknown
|
||
|
http://185.208.158.248/s
|
unknown
|
||
|
http://www.remobjects.com/psU
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
|
unknown
|
||
|
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
|
http://185.208.158.248/search/?q=67e28dd86d55f128470aac1p
|
unknown
|
||
|
http://acritum.com/ocb/
|
unknown
|
||
|
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
|
unknown
|
||
|
http://subca.ocsp-certum.com01
|
unknown
|
||
|
https://www.openssl.org/H
|
unknown
|
||
|
http://185.208.158.248/search/?q=67e28dd86d55f128470aac1a7c27d78Q
|
unknown
|
||
|
http://185.208.158.248/search/?q=67e28dd86d55f12
|
unknown
|
||
|
http://www.remobjects.com/ps
|
unknown
|
||
|
http://185.208.158.248/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8908
|
unknown
|
||
|
http://185.208.158.248/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e=
|
unknown
|
||
|
http://www.openssl.org/f
|
unknown
|
||
|
http://www.certum.pl/CPS0
|
unknown
|
||
|
http://185.208.1
|
unknown
|
There are 32 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ddbnoae.info
|
185.208.158.248
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.208.158.248
|
ddbnoae.info
|
Switzerland
|
|
|
|
195.154.173.35
|
unknown
|
France
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFiles0000
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFilesHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Play Glock_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Play Glock_is1
|
Inno Setup: App Path
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Play Glock_is1
|
InstallLocation
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Play Glock_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Play Glock_is1
|
Inno Setup: User
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Play Glock_is1
|
Inno Setup: Language
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Play Glock_is1
|
DisplayName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Play Glock_is1
|
UninstallString
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Play Glock_is1
|
QuietUninstallString
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Play Glock_is1
|
NoModify
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Play Glock_is1
|
NoRepair
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Play Glock_is1
|
InstallDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Play Glock_is1
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\LargeTour
|
edrax_smart_maker_i43_4
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2C51000
|
direct allocation
|
page execute and read and write
|
|
|
|
2841000
|
heap
|
page read and write
|
|
|
|
504000
|
heap
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
2773000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
33C1000
|
heap
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
59B000
|
unkown
|
page execute and write copy
|
||
|
504000
|
heap
|
page read and write
|
||
|
B19000
|
heap
|
page read and write
|
||
|
32C0000
|
heap
|
page read and write
|
||
|
AD3000
|
heap
|
page read and write
|
||
|
47B000
|
unkown
|
page execute and write copy
|
||
|
2741000
|
heap
|
page read and write
|
||
|
58F000
|
unkown
|
page execute and write copy
|
||
|
22A8000
|
direct allocation
|
page read and write
|
||
|
756000
|
heap
|
page read and write
|
||
|
32BE000
|
stack
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
2900000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
5E7B000
|
direct allocation
|
page read and write
|
||
|
5AB000
|
unkown
|
page execute and write copy
|
||
|
504000
|
heap
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
2298000
|
direct allocation
|
page read and write
|
||
|
748000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
355F000
|
stack
|
page read and write
|
||
|
5E79000
|
direct allocation
|
page read and write
|
||
|
62E000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute and write copy
|
||
|
24A0000
|
direct allocation
|
page read and write
|
||
|
2290000
|
direct allocation
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
229C000
|
direct allocation
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
AFC000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
70C000
|
heap
|
page read and write
|
||
|
22DE000
|
direct allocation
|
page read and write
|
||
|
49A000
|
unkown
|
page write copy
|
||
|
3327000
|
heap
|
page read and write
|
||
|
36E2000
|
heap
|
page read and write
|
||
|
632000
|
unkown
|
page write copy
|
||
|
401000
|
unkown
|
page execute read
|
||
|
591000
|
unkown
|
page execute and write copy
|
||
|
585000
|
unkown
|
page execute and write copy
|
||
|
33FC000
|
heap
|
page read and write
|
||
|
411000
|
unkown
|
page readonly
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
283F000
|
stack
|
page read and write
|
||
|
2455000
|
heap
|
page read and write
|
||
|
33FA000
|
heap
|
page read and write
|
||
|
3338000
|
heap
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
345E000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2DFB000
|
stack
|
page read and write
|
||
|
32B0000
|
direct allocation
|
page read and write
|
||
|
595000
|
unkown
|
page execute and write copy
|
||
|
82E000
|
stack
|
page read and write
|
||
|
22C2000
|
direct allocation
|
page read and write
|
||
|
2278000
|
direct allocation
|
page read and write
|
||
|
5E6B000
|
direct allocation
|
page read and write
|
||
|
33C0000
|
heap
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
24A0000
|
direct allocation
|
page read and write
|
||
|
22FC000
|
direct allocation
|
page read and write
|
||
|
599000
|
unkown
|
page execute and write copy
|
||
|
332C000
|
heap
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
49A000
|
unkown
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
5E6F000
|
direct allocation
|
page read and write
|
||
|
3341000
|
heap
|
page read and write
|
||
|
2534000
|
heap
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
73C000
|
heap
|
page read and write
|
||
|
D1E000
|
stack
|
page read and write
|
||
|
25AC000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
19D000
|
stack
|
page read and write
|
||
|
359E000
|
stack
|
page read and write
|
||
|
40B000
|
unkown
|
page read and write
|
||
|
5E6D000
|
direct allocation
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
4AC000
|
unkown
|
page readonly
|
||
|
3341000
|
heap
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
5A9000
|
unkown
|
page execute and write copy
|
||
|
3320000
|
heap
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
33E6000
|
heap
|
page read and write
|
||
|
2651000
|
heap
|
page read and write
|
||
|
58B000
|
unkown
|
page execute and write copy
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
317F000
|
stack
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
882000
|
direct allocation
|
page read and write
|
||
|
34C0000
|
direct allocation
|
page read and write
|
||
|
5E8B000
|
direct allocation
|
page read and write
|
||
|
6F8000
|
heap
|
page read and write
|
||
|
32B0000
|
direct allocation
|
page read and write
|
||
|
5E63000
|
direct allocation
|
page read and write
|
||
|
6C0000
|
direct allocation
|
page execute and read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
2450000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
21A0000
|
heap
|
page read and write
|
||
|
2C8A000
|
direct allocation
|
page execute and read and write
|
||
|
3341000
|
heap
|
page read and write
|
||
|
375F000
|
stack
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
365E000
|
stack
|
page read and write
|
||
|
18E000
|
stack
|
page read and write
|
||
|
23F0000
|
direct allocation
|
page read and write
|
||
|
23F0000
|
direct allocation
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
2459000
|
heap
|
page read and write
|
||
|
5E89000
|
direct allocation
|
page read and write
|
||
|
2F3E000
|
stack
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
756000
|
heap
|
page read and write
|
||
|
3358000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page execute and read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page write copy
|
||
|
400000
|
unkown
|
page readonly
|
||
|
895000
|
heap
|
page read and write
|
||
|
3341000
|
heap
|
page read and write
|
||
|
49C000
|
unkown
|
page read and write
|
||
|
870000
|
direct allocation
|
page read and write
|
||
|
634000
|
unkown
|
page write copy
|
||
|
21B4000
|
direct allocation
|
page read and write
|
||
|
A28000
|
heap
|
page read and write
|
||
|
505000
|
heap
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
36A0000
|
heap
|
page read and write
|
||
|
58D000
|
unkown
|
page execute and write copy
|
||
|
742000
|
heap
|
page read and write
|
||
|
5E73000
|
direct allocation
|
page read and write
|
||
|
21C8000
|
direct allocation
|
page read and write
|
||
|
303F000
|
stack
|
page read and write
|
||
|
2530000
|
heap
|
page read and write
|
||
|
21C1000
|
direct allocation
|
page read and write
|
||
|
3767000
|
heap
|
page read and write
|
||
|
2170000
|
heap
|
page read and write
|
||
|
5E75000
|
direct allocation
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
32C0000
|
trusted library allocation
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
5CE0000
|
direct allocation
|
page read and write
|
||
|
3341000
|
heap
|
page read and write
|
||
|
74E000
|
heap
|
page read and write
|
||
|
597000
|
unkown
|
page execute and write copy
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
411000
|
unkown
|
page readonly
|
||
|
5E77000
|
direct allocation
|
page read and write
|
||
|
22C0000
|
direct allocation
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
5E7D000
|
direct allocation
|
page read and write
|
||
|
59D000
|
unkown
|
page execute and write copy
|
||
|
AD9000
|
heap
|
page read and write
|
||
|
3382000
|
heap
|
page read and write
|
||
|
369F000
|
stack
|
page read and write
|
||
|
33F1000
|
heap
|
page read and write
|
||
|
2390000
|
heap
|
page read and write
|
||
|
23A0000
|
heap
|
page read and write
|
||
|
5E71000
|
direct allocation
|
page read and write
|
||
|
2630000
|
heap
|
page read and write
|
||
|
25B0000
|
heap
|
page read and write
|
||
|
583000
|
unkown
|
page execute and write copy
|
||
|
2970000
|
trusted library allocation
|
page read and write
|
||
|
638000
|
unkown
|
page readonly
|
||
|
5E65000
|
direct allocation
|
page read and write
|
||
|
361F000
|
stack
|
page read and write
|
||
|
2297000
|
direct allocation
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
593000
|
unkown
|
page execute and write copy
|
||
|
505000
|
heap
|
page read and write
|
||
|
307E000
|
stack
|
page read and write
|
||
|
21B0000
|
direct allocation
|
page read and write
|
||
|
351E000
|
stack
|
page read and write
|
||
|
2550000
|
heap
|
page read and write
|
||
|
505000
|
heap
|
page read and write
|
||
|
21C1000
|
direct allocation
|
page read and write
|
||
|
339C000
|
heap
|
page read and write
|
||
|
658000
|
heap
|
page read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
9A0000
|
direct allocation
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
4AC000
|
unkown
|
page readonly
|
||
|
49E000
|
unkown
|
page write copy
|
||
|
C1D000
|
stack
|
page read and write
|
||
|
49B000
|
unkown
|
page write copy
|
||
|
5F14000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
10002000
|
unkown
|
page readonly
|
||
|
22A8000
|
direct allocation
|
page read and write
|
||
|
31BE000
|
stack
|
page read and write
|
There are 212 hidden memdumps, click here to show them.