Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
eCh9R4T214.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Epic Project Studio 10.4.46\Epic Project Studio 10.4.46.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\gepardfixmp3_32.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\is-1P9P2.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\is-265R7.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\is-5TE1U.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\is-6TDVA.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\is-7GMIE.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\is-80S4I.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\is-9D3SM.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\is-BCCM6.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\is-BPSO6.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\is-EVRO2.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\is-JJBLM.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\is-LB9DM.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\is-LEQ3C.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\is-MC0JN.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\is-N1QBV.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\is-O973I.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\is-QGCVQ.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\is-R0PI7.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\is-S7VJT.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\is-UKG3R.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\libgcc_s_dw2-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\libgdk-win32-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\libgdk_pixbuf-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\libgdkmm-2.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\libglibmm-2.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\libgmodule-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\libgobject-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\libgomp-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\libintl-8.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\libjpeg-8.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\liblcms2-2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\libpango-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\libpangocairo-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\libpangoft2-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\libpangomm-1.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\libpangowin32-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\libpixman-1-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\librsvg-2-2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\libsigc-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\libtiff-5.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\uninstall\is-R93BU.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\uninstall\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-49QMT.tmp\_isetup\_RegDLL.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-49QMT.tmp\_isetup\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-49QMT.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-OJ2JU.tmp\eCh9R4T214.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\ep104it46.dat
|
data
|
dropped
|
||
|
C:\ProgramData\ep104rc46.dat
|
data
|
dropped
|
||
|
C:\ProgramData\ep104resa.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\ep104resb.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Gepard Fix MP3\is-2DTNR.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Gepard Fix MP3\is-7DR0L.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Gepard Fix MP3\is-F27BV.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Gepard Fix MP3\is-GI8GD.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Gepard Fix MP3\is-JUGCD.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Gepard Fix MP3\is-K0336.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Gepard Fix MP3\is-K35BI.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Gepard Fix MP3\is-M3CH8.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Gepard Fix MP3\libgraphite2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Gepard Fix MP3\libharfbuzz-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Gepard Fix MP3\liblzma-5.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Gepard Fix MP3\libpcre-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Gepard Fix MP3\libpng16-16.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Gepard Fix MP3\libwinpthread-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Gepard Fix MP3\uninstall\unins000.dat
|
InnoSetup Log Gepard Fix MP3, version 0x30, 5746 bytes, 138727\user, "C:\Users\user\AppData\Local\Gepard Fix MP3"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Gepard Fix MP3\zlib1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-49QMT.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
There are 60 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\eCh9R4T214.exe
|
"C:\Users\user\Desktop\eCh9R4T214.exe"
|
|
|
|
C:\Users\user\AppData\Local\Gepard Fix MP3\gepardfixmp3_32.exe
|
"C:\Users\user\AppData\Local\Gepard Fix MP3\gepardfixmp3_32.exe" -i
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-OJ2JU.tmp\eCh9R4T214.tmp
|
"C:\Users\user\AppData\Local\Temp\is-OJ2JU.tmp\eCh9R4T214.tmp" /SL5="$103F8,4124077,54272,C:\Users\user\Desktop\eCh9R4T214.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://bmvdljb.com/search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978fe71ea771795af8e05c445db22f31df92d8838ed12a666d307eca743ec4c2b07b5296692396f8ffc13c3e99c
|
185.208.158.248
|
|
|
|
bmvdljb.com
|
|
||
|
http://www.innosetup.com/
|
unknown
|
||
|
http://tukaani.org/
|
unknown
|
||
|
http://www.remobjects.com/psU
|
unknown
|
||
|
http://tukaani.org/xz/
|
unknown
|
||
|
http://185.208.158.248/search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12e
|
unknown
|
||
|
http://mingw-w64.sourceforge.net/X
|
unknown
|
||
|
http://185.208.158.248/
|
unknown
|
||
|
http://185.208.158.248/search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12ebb517aa5c96bd86ed82d
|
unknown
|
||
|
http://www.remobjects.com/ps
|
unknown
|
||
|
http://fsf.org/
|
unknown
|
||
|
http://www.gnu.org/licenses/
|
unknown
|
There are 3 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bmvdljb.com
|
185.208.158.248
|
|
|
|
18.31.95.13.in-addr.arpa
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.208.158.248
|
bmvdljb.com
|
Switzerland
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFiles0000
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFilesHash
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gepard Fix MP3_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gepard Fix MP3_is1
|
Inno Setup: App Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gepard Fix MP3_is1
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gepard Fix MP3_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gepard Fix MP3_is1
|
Inno Setup: User
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gepard Fix MP3_is1
|
Inno Setup: Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gepard Fix MP3_is1
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gepard Fix MP3_is1
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gepard Fix MP3_is1
|
QuietUninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gepard Fix MP3_is1
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gepard Fix MP3_is1
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gepard Fix MP3_is1
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gepard Fix MP3_is1
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SmallTour
|
epic_project_studio_i46_5
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2C21000
|
direct allocation
|
page execute and read and write
|
|
|
|
2B7E000
|
heap
|
page read and write
|
|
|
|
9BA000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page write copy
|
||
|
20B1000
|
direct allocation
|
page read and write
|
||
|
62F000
|
unkown
|
page readonly
|
||
|
2320000
|
direct allocation
|
page read and write
|
||
|
631000
|
unkown
|
page write copy
|
||
|
3310000
|
heap
|
page read and write
|
||
|
35AE000
|
stack
|
page read and write
|
||
|
596000
|
heap
|
page read and write
|
||
|
5790000
|
heap
|
page read and write
|
||
|
64E000
|
heap
|
page read and write
|
||
|
2178000
|
direct allocation
|
page read and write
|
||
|
2250000
|
direct allocation
|
page read and write
|
||
|
56D0000
|
trusted library allocation
|
page read and write
|
||
|
314B000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
665000
|
heap
|
page read and write
|
||
|
659000
|
heap
|
page read and write
|
||
|
27C0000
|
heap
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
2410000
|
direct allocation
|
page read and write
|
||
|
21AF000
|
direct allocation
|
page read and write
|
||
|
26B0000
|
direct allocation
|
page read and write
|
||
|
2170000
|
direct allocation
|
page read and write
|
||
|
2188000
|
direct allocation
|
page read and write
|
||
|
2360000
|
heap
|
page read and write
|
||
|
69B000
|
heap
|
page read and write
|
||
|
2180000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2440000
|
heap
|
page read and write
|
||
|
2C5A000
|
direct allocation
|
page execute and read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
665000
|
heap
|
page read and write
|
||
|
2320000
|
direct allocation
|
page read and write
|
||
|
21AF000
|
direct allocation
|
page read and write
|
||
|
5E84000
|
direct allocation
|
page read and write
|
||
|
2410000
|
direct allocation
|
page read and write
|
||
|
62C000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
346E000
|
stack
|
page read and write
|
||
|
692000
|
heap
|
page read and write
|
||
|
597000
|
heap
|
page read and write
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
662000
|
heap
|
page read and write
|
||
|
217C000
|
direct allocation
|
page read and write
|
||
|
3587000
|
heap
|
page read and write
|
||
|
5F60000
|
direct allocation
|
page read and write
|
||
|
22F0000
|
heap
|
page read and write
|
||
|
330E000
|
stack
|
page read and write
|
||
|
18E000
|
stack
|
page read and write
|
||
|
20B8000
|
direct allocation
|
page read and write
|
||
|
692000
|
heap
|
page read and write
|
||
|
665000
|
heap
|
page read and write
|
||
|
5790000
|
heap
|
page read and write
|
||
|
358B000
|
heap
|
page read and write
|
||
|
693000
|
heap
|
page read and write
|
||
|
A72000
|
heap
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
243F000
|
stack
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
22D0000
|
direct allocation
|
page read and write
|
||
|
5F02000
|
direct allocation
|
page read and write
|
||
|
2190000
|
direct allocation
|
page read and write
|
||
|
308E000
|
stack
|
page read and write
|
||
|
68C000
|
heap
|
page read and write
|
||
|
356F000
|
stack
|
page read and write
|
||
|
24D1000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute and write copy
|
||
|
60A000
|
heap
|
page read and write
|
||
|
692000
|
heap
|
page read and write
|
||
|
60E000
|
heap
|
page read and write
|
||
|
5E6C000
|
direct allocation
|
page read and write
|
||
|
9A0000
|
direct allocation
|
page read and write
|
||
|
35B3000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
2630000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
A9B000
|
heap
|
page read and write
|
||
|
36B0000
|
heap
|
page read and write
|
||
|
5E66000
|
direct allocation
|
page read and write
|
||
|
2A7B000
|
heap
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
5790000
|
heap
|
page read and write
|
||
|
5E76000
|
direct allocation
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
2790000
|
trusted library allocation
|
page read and write
|
||
|
665000
|
heap
|
page read and write
|
||
|
20A4000
|
direct allocation
|
page read and write
|
||
|
25FC000
|
stack
|
page read and write
|
||
|
665000
|
heap
|
page read and write
|
||
|
344E000
|
stack
|
page read and write
|
||
|
35FA000
|
heap
|
page read and write
|
||
|
864000
|
heap
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
51E000
|
heap
|
page read and write
|
||
|
263B000
|
direct allocation
|
page read and write
|
||
|
2177000
|
direct allocation
|
page read and write
|
||
|
31CE000
|
stack
|
page read and write
|
||
|
49D000
|
unkown
|
page write copy
|
||
|
692000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
49B000
|
unkown
|
page read and write
|
||
|
20B0000
|
direct allocation
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
2A8B000
|
heap
|
page read and write
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
560000
|
direct allocation
|
page execute and read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
20C4000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
24B0000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
5E64000
|
direct allocation
|
page read and write
|
||
|
363E000
|
heap
|
page read and write
|
||
|
340F000
|
stack
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
68C000
|
heap
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
585000
|
heap
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
5E74000
|
direct allocation
|
page read and write
|
||
|
2300000
|
heap
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
651000
|
heap
|
page read and write
|
||
|
357D000
|
heap
|
page read and write
|
||
|
2174000
|
direct allocation
|
page read and write
|
||
|
9BE000
|
heap
|
page read and write
|
||
|
68C000
|
heap
|
page read and write
|
||
|
625000
|
heap
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
68C000
|
heap
|
page read and write
|
||
|
2444000
|
heap
|
page read and write
|
||
|
3642000
|
heap
|
page read and write
|
||
|
20A0000
|
direct allocation
|
page read and write
|
||
|
358F000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
499000
|
unkown
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
885000
|
heap
|
page read and write
|
||
|
58CF000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
401000
|
unkown
|
page execute read
|
||
|
400000
|
unkown
|
page readonly
|
||
|
3578000
|
heap
|
page read and write
|
||
|
51A000
|
heap
|
page read and write
|
||
|
219C000
|
direct allocation
|
page read and write
|
||
|
633000
|
unkown
|
page write copy
|
||
|
21C8000
|
direct allocation
|
page read and write
|
||
|
68C000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
3110000
|
direct allocation
|
page read and write
|
||
|
9A2000
|
direct allocation
|
page read and write
|
||
|
5E80000
|
direct allocation
|
page read and write
|
||
|
2DCB000
|
stack
|
page read and write
|
||
|
5790000
|
heap
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
3110000
|
heap
|
page read and write
|
||
|
3311000
|
heap
|
page read and write
|
||
|
311E000
|
direct allocation
|
page read and write
|
||
|
318F000
|
stack
|
page read and write
|
||
|
247E000
|
stack
|
page read and write
|
||
|
68C000
|
heap
|
page read and write
|
||
|
2188000
|
direct allocation
|
page read and write
|
||
|
2B6F000
|
stack
|
page read and write
|
||
|
3776000
|
heap
|
page read and write
|
||
|
5CD0000
|
direct allocation
|
page read and write
|
||
|
411000
|
unkown
|
page readonly
|
||
|
3410000
|
direct allocation
|
page read and write
|
||
|
354E000
|
stack
|
page read and write
|
||
|
2620000
|
heap
|
page read and write
|
||
|
692000
|
heap
|
page read and write
|
||
|
3110000
|
direct allocation
|
page read and write
|
||
|
32CF000
|
stack
|
page read and write
|
||
|
2F4E000
|
stack
|
page read and write
|
||
|
304D000
|
stack
|
page read and write
|
||
|
3572000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page execute and read and write
|
||
|
499000
|
unkown
|
page write copy
|
||
|
880000
|
heap
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
A83000
|
heap
|
page read and write
|
||
|
3582000
|
heap
|
page read and write
|
||
|
697000
|
unkown
|
page readonly
|
||
|
40B000
|
unkown
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
411000
|
unkown
|
page readonly
|
||
|
49A000
|
unkown
|
page write copy
|
||
|
65A000
|
heap
|
page read and write
|
||
|
85E000
|
stack
|
page read and write
|
||
|
2330000
|
heap
|
page read and write
|
||
|
665000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
56D0000
|
heap
|
page read and write
|
||
|
21AC000
|
direct allocation
|
page read and write
|
||
|
639000
|
unkown
|
page readonly
|
||
|
510000
|
heap
|
page read and write
|
||
|
990000
|
direct allocation
|
page read and write
|
||
|
5790000
|
heap
|
page read and write
|
||
|
870000
|
direct allocation
|
page read and write
|
||
|
2090000
|
heap
|
page read and write
|
||
|
10002000
|
unkown
|
page readonly
|
||
|
589000
|
heap
|
page read and write
|
||
|
2410000
|
heap
|
page read and write
|
||
|
692000
|
heap
|
page read and write
|
There are 199 hidden memdumps, click here to show them.