Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
AyiNxJ98mL.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Escape Division LIB 10.6.45\Escape Division LIB 10.6.45.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\is-1EDIU.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\is-1OTIR.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\is-4575S.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\is-5J0K7.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\is-6E6KU.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\is-6G4V1.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\is-9FMQR.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\is-9QCH4.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\is-A0F2H.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\is-AKS9J.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\is-CLVH5.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\is-DH98H.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\is-GGBLB.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\is-HM1KV.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\is-LIA5U.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\is-MC96J.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\is-MLNUS.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\is-OLFPM.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\is-PCJSB.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\is-QMR89.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\libgcc_s_dw2-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\libgdk-win32-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\libgdk_pixbuf-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\libgdkmm-2.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\libglibmm-2.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\libgmodule-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\libgobject-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\libgomp-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\libintl-8.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\libjpeg-8.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\liblcms2-2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\libpango-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\libpangocairo-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\libpangoft2-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\libpangomm-1.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\libpangowin32-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\libpixman-1-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\librsvg-2-2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\libsigc-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\libtiff-5.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\screencameralite32_64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\uninstall\is-3VPQL.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\uninstall\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-A9OKS.tmp\AyiNxJ98mL.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-Q11OR.tmp\_isetup\_RegDLL.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-Q11OR.tmp\_isetup\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-Q11OR.tmp\_isetup\_isdecmp.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-Q11OR.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\es106it45.dat
|
data
|
dropped
|
||
|
C:\ProgramData\es106rc45.dat
|
data
|
dropped
|
||
|
C:\ProgramData\es106resa.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\es106resb.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Screen Camera Lite\is-1VK0U.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Screen Camera Lite\is-2B9OT.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Screen Camera Lite\is-2HDD5.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Screen Camera Lite\is-3OVHD.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Screen Camera Lite\is-6D3F1.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Screen Camera Lite\is-LI4GH.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Screen Camera Lite\is-OOQC3.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Screen Camera Lite\is-QPT40.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Screen Camera Lite\libgraphite2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Screen Camera Lite\libharfbuzz-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Screen Camera Lite\liblzma-5.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Screen Camera Lite\libpcre-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Screen Camera Lite\libpng16-16.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Screen Camera Lite\libwinpthread-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Screen Camera Lite\uninstall\unins000.dat
|
InnoSetup Log Screen Camera Lite, version 0x30, 5814 bytes, 642294\user, "C:\Users\user\AppData\Local\Screen Camera Lite"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Screen Camera Lite\zlib1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-Q11OR.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
There are 61 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\AyiNxJ98mL.exe
|
"C:\Users\user\Desktop\AyiNxJ98mL.exe"
|
|
|
|
C:\Users\user\AppData\Local\Screen Camera Lite\screencameralite32_64.exe
|
"C:\Users\user\AppData\Local\Screen Camera Lite\screencameralite32_64.exe" -i
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-A9OKS.tmp\AyiNxJ98mL.tmp
|
"C:\Users\user\AppData\Local\Temp\is-A9OKS.tmp\AyiNxJ98mL.tmp" /SL5="$20424,4742621,54272,C:\Users\user\Desktop\AyiNxJ98mL.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
aiwimwi.ru
|
|
||
|
http://aiwimwi.ru/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d983dc86c9412
|
185.208.158.248
|
|
|
|
http://aiwimwi.ru/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf713c6ea96983f
|
185.208.158.248
|
|
|
|
http://www.innosetup.com/
|
unknown
|
||
|
http://tukaani.org/
|
unknown
|
||
|
http://www.remobjects.com/psU
|
unknown
|
||
|
http://tukaani.org/xz/
|
unknown
|
||
|
http://185.208.158.248/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82d
|
unknown
|
||
|
http://mingw-w64.sourceforge.net/X
|
unknown
|
||
|
http://185.208.158.248/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee948
|
unknown
|
||
|
http://www.remobjects.com/ps
|
unknown
|
||
|
http://fsf.org/
|
unknown
|
||
|
http://www.gnu.org/licenses/
|
unknown
|
There are 3 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
aiwimwi.ru
|
185.208.158.248
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.208.158.248
|
aiwimwi.ru
|
Switzerland
|
|
|
|
89.105.201.183
|
unknown
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFiles0000
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFilesHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Screen Camera Lite_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Screen Camera Lite_is1
|
Inno Setup: App Path
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Screen Camera Lite_is1
|
InstallLocation
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Screen Camera Lite_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Screen Camera Lite_is1
|
Inno Setup: User
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Screen Camera Lite_is1
|
Inno Setup: Language
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Screen Camera Lite_is1
|
DisplayName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Screen Camera Lite_is1
|
UninstallString
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Screen Camera Lite_is1
|
QuietUninstallString
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Screen Camera Lite_is1
|
NoModify
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Screen Camera Lite_is1
|
NoRepair
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Screen Camera Lite_is1
|
InstallDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Screen Camera Lite_is1
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BetaTour
|
esc_div_lib_i45_2
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2C71000
|
direct allocation
|
page execute and read and write
|
|
|
|
2BC8000
|
heap
|
page read and write
|
|
|
|
49B000
|
unkown
|
page read and write
|
||
|
638000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
34DF000
|
stack
|
page read and write
|
||
|
5A3000
|
unkown
|
page execute and write copy
|
||
|
440000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
30E0000
|
direct allocation
|
page read and write
|
||
|
2300000
|
heap
|
page read and write
|
||
|
2260000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
36E0000
|
heap
|
page read and write
|
||
|
2304000
|
heap
|
page read and write
|
||
|
A70000
|
direct allocation
|
page read and write
|
||
|
411000
|
unkown
|
page readonly
|
||
|
59B000
|
unkown
|
page execute and write copy
|
||
|
21B0000
|
direct allocation
|
page read and write
|
||
|
26A0000
|
heap
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
401000
|
unkown
|
page execute read
|
||
|
5C3000
|
heap
|
page read and write
|
||
|
5EB000
|
heap
|
page read and write
|
||
|
3654000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
583000
|
unkown
|
page execute and write copy
|
||
|
313E000
|
stack
|
page read and write
|
||
|
2740000
|
trusted library allocation
|
page read and write
|
||
|
5C3000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
B68000
|
heap
|
page read and write
|
||
|
277F000
|
heap
|
page read and write
|
||
|
62D000
|
unkown
|
page readonly
|
||
|
213C000
|
direct allocation
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
59D000
|
unkown
|
page execute and write copy
|
||
|
694000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
5A1000
|
unkown
|
page execute and write copy
|
||
|
5C3000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
30E1000
|
unkown
|
page execute read
|
||
|
B40000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
695000
|
heap
|
page read and write
|
||
|
37E8000
|
heap
|
page read and write
|
||
|
2E1B000
|
stack
|
page read and write
|
||
|
30E0000
|
direct allocation
|
page read and write
|
||
|
2110000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
30E0000
|
unkown
|
page readonly
|
||
|
362C000
|
heap
|
page read and write
|
||
|
33DE000
|
stack
|
page read and write
|
||
|
2480000
|
direct allocation
|
page read and write
|
||
|
695000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
C5E000
|
heap
|
page read and write
|
||
|
2130000
|
direct allocation
|
page read and write
|
||
|
323E000
|
stack
|
page read and write
|
||
|
21C1000
|
direct allocation
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
211C000
|
direct allocation
|
page read and write
|
||
|
49A000
|
unkown
|
page write copy
|
||
|
694000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
922000
|
direct allocation
|
page read and write
|
||
|
2330000
|
heap
|
page read and write
|
||
|
5DC1000
|
heap
|
page read and write
|
||
|
5A9000
|
unkown
|
page execute and write copy
|
||
|
910000
|
direct allocation
|
page read and write
|
||
|
5C3000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
19D000
|
stack
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
56C0000
|
direct allocation
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
694000
|
heap
|
page read and write
|
||
|
C39000
|
heap
|
page read and write
|
||
|
30E5000
|
unkown
|
page readonly
|
||
|
30EE000
|
stack
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
323F000
|
stack
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
21B4000
|
direct allocation
|
page read and write
|
||
|
5C3000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
49D000
|
unkown
|
page write copy
|
||
|
499000
|
unkown
|
page read and write
|
||
|
900000
|
direct allocation
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
21C0000
|
direct allocation
|
page read and write
|
||
|
337F000
|
stack
|
page read and write
|
||
|
2270000
|
heap
|
page read and write
|
||
|
2870000
|
heap
|
page read and write
|
||
|
2229000
|
heap
|
page read and write
|
||
|
31EF000
|
stack
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
5F7000
|
heap
|
page read and write
|
||
|
5B3000
|
unkown
|
page execute and write copy
|
||
|
327E000
|
stack
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
309F000
|
stack
|
page read and write
|
||
|
710000
|
unkown
|
page readonly
|
||
|
2118000
|
direct allocation
|
page read and write
|
||
|
930000
|
direct allocation
|
page read and write
|
||
|
56E000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page execute and read and write
|
||
|
30E6000
|
unkown
|
page write copy
|
||
|
694000
|
heap
|
page read and write
|
||
|
2511000
|
heap
|
page read and write
|
||
|
30E7000
|
unkown
|
page readonly
|
||
|
694000
|
heap
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
56A000
|
heap
|
page read and write
|
||
|
920000
|
direct allocation
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
632000
|
unkown
|
page write copy
|
||
|
B2E000
|
stack
|
page read and write
|
||
|
211C000
|
direct allocation
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
2738000
|
heap
|
page read and write
|
||
|
2CAA000
|
direct allocation
|
page execute and read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
499000
|
unkown
|
page write copy
|
||
|
694000
|
heap
|
page read and write
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
690000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
59F000
|
unkown
|
page execute and write copy
|
||
|
58A000
|
heap
|
page read and write
|
||
|
30FE000
|
direct allocation
|
page read and write
|
||
|
4DE000
|
heap
|
page read and write
|
||
|
369A000
|
heap
|
page read and write
|
||
|
2230000
|
direct allocation
|
page execute and read and write
|
||
|
60B000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
30F0000
|
direct allocation
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
5CFB000
|
heap
|
page read and write
|
||
|
5A7000
|
unkown
|
page execute and write copy
|
||
|
B60000
|
heap
|
page read and write
|
||
|
649000
|
heap
|
page read and write
|
||
|
2800000
|
heap
|
page read and write
|
||
|
74D000
|
unkown
|
page readonly
|
||
|
695000
|
heap
|
page read and write
|
||
|
C17000
|
heap
|
page read and write
|
||
|
C56000
|
heap
|
page read and write
|
||
|
5EF000
|
heap
|
page read and write
|
||
|
5CC0000
|
heap
|
page read and write
|
||
|
A6D000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2600000
|
direct allocation
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
2220000
|
heap
|
page read and write
|
||
|
5EB000
|
heap
|
page read and write
|
||
|
56CD000
|
direct allocation
|
page read and write
|
||
|
3634000
|
heap
|
page read and write
|
||
|
214F000
|
direct allocation
|
page read and write
|
||
|
2284000
|
direct allocation
|
page read and write
|
||
|
4D9000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
88E000
|
stack
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
5EB000
|
heap
|
page read and write
|
||
|
5AD000
|
heap
|
page read and write
|
||
|
C11000
|
heap
|
page read and write
|
||
|
3624000
|
heap
|
page read and write
|
||
|
21D4000
|
direct allocation
|
page read and write
|
||
|
30F0000
|
direct allocation
|
page read and write
|
||
|
695000
|
unkown
|
page readonly
|
||
|
411000
|
unkown
|
page readonly
|
||
|
5B1000
|
heap
|
page read and write
|
||
|
5EB000
|
heap
|
page read and write
|
||
|
37A4000
|
heap
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
2128000
|
direct allocation
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute and write copy
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
3720000
|
heap
|
page read and write
|
||
|
2F9E000
|
stack
|
page read and write
|
||
|
5C1000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
5C1000
|
heap
|
page read and write
|
||
|
10002000
|
unkown
|
page readonly
|
||
|
351E000
|
stack
|
page read and write
|
||
|
2117000
|
direct allocation
|
page read and write
|
||
|
B30000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
26B0000
|
direct allocation
|
page read and write
|
||
|
21C8000
|
direct allocation
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
361F000
|
stack
|
page read and write
|
||
|
286C000
|
stack
|
page read and write
|
||
|
40B000
|
unkown
|
page write copy
|
||
|
282E000
|
stack
|
page read and write
|
||
|
5EB000
|
heap
|
page read and write
|
||
|
5DC0000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
2480000
|
direct allocation
|
page read and write
|
||
|
2742000
|
heap
|
page read and write
|
||
|
56C0000
|
trusted library allocation
|
page read and write
|
||
|
18E000
|
stack
|
page read and write
|
||
|
214C000
|
direct allocation
|
page read and write
|
||
|
333E000
|
stack
|
page read and write
|
||
|
5BA000
|
heap
|
page read and write
|
||
|
630000
|
unkown
|
page write copy
|
||
|
216C000
|
direct allocation
|
page read and write
|
||
|
26BB000
|
direct allocation
|
page read and write
|
||
|
2225000
|
heap
|
page read and write
|
There are 232 hidden memdumps, click here to show them.